1.1 --- a/doc-src/IsarRef/Thy/HOL_Specific.thy Wed May 25 22:12:46 2011 +0200
1.2 +++ b/doc-src/IsarRef/Thy/HOL_Specific.thy Wed May 25 22:21:38 2011 +0200
1.3 @@ -4,6 +4,754 @@
1.4
1.5 chapter {* Isabelle/HOL \label{ch:hol} *}
1.6
1.7 +section {* Inductive and coinductive definitions \label{sec:hol-inductive} *}
1.8 +
1.9 +text {*
1.10 + An \textbf{inductive definition} specifies the least predicate (or
1.11 + set) @{text R} closed under given rules: applying a rule to elements
1.12 + of @{text R} yields a result within @{text R}. For example, a
1.13 + structural operational semantics is an inductive definition of an
1.14 + evaluation relation.
1.15 +
1.16 + Dually, a \textbf{coinductive definition} specifies the greatest
1.17 + predicate~/ set @{text R} that is consistent with given rules: every
1.18 + element of @{text R} can be seen as arising by applying a rule to
1.19 + elements of @{text R}. An important example is using bisimulation
1.20 + relations to formalise equivalence of processes and infinite data
1.21 + structures.
1.22 +
1.23 + \medskip The HOL package is related to the ZF one, which is
1.24 + described in a separate paper,\footnote{It appeared in CADE
1.25 + \cite{paulson-CADE}; a longer version is distributed with Isabelle.}
1.26 + which you should refer to in case of difficulties. The package is
1.27 + simpler than that of ZF thanks to implicit type-checking in HOL.
1.28 + The types of the (co)inductive predicates (or sets) determine the
1.29 + domain of the fixedpoint definition, and the package does not have
1.30 + to use inference rules for type-checking.
1.31 +
1.32 + \begin{matharray}{rcl}
1.33 + @{command_def (HOL) "inductive"} & : & @{text "local_theory \<rightarrow> local_theory"} \\
1.34 + @{command_def (HOL) "inductive_set"} & : & @{text "local_theory \<rightarrow> local_theory"} \\
1.35 + @{command_def (HOL) "coinductive"} & : & @{text "local_theory \<rightarrow> local_theory"} \\
1.36 + @{command_def (HOL) "coinductive_set"} & : & @{text "local_theory \<rightarrow> local_theory"} \\
1.37 + @{attribute_def (HOL) mono} & : & @{text attribute} \\
1.38 + \end{matharray}
1.39 +
1.40 + @{rail "
1.41 + (@@{command (HOL) inductive} | @@{command (HOL) inductive_set} |
1.42 + @@{command (HOL) coinductive} | @@{command (HOL) coinductive_set})
1.43 + @{syntax target}? @{syntax \"fixes\"} (@'for' @{syntax \"fixes\"})? \\
1.44 + (@'where' clauses)? (@'monos' @{syntax thmrefs})?
1.45 + ;
1.46 + clauses: (@{syntax thmdecl}? @{syntax prop} + '|')
1.47 + ;
1.48 + @@{attribute (HOL) mono} (() | 'add' | 'del')
1.49 + "}
1.50 +
1.51 + \begin{description}
1.52 +
1.53 + \item @{command (HOL) "inductive"} and @{command (HOL)
1.54 + "coinductive"} define (co)inductive predicates from the
1.55 + introduction rules given in the @{keyword "where"} part. The
1.56 + optional @{keyword "for"} part contains a list of parameters of the
1.57 + (co)inductive predicates that remain fixed throughout the
1.58 + definition. The optional @{keyword "monos"} section contains
1.59 + \emph{monotonicity theorems}, which are required for each operator
1.60 + applied to a recursive set in the introduction rules. There
1.61 + \emph{must} be a theorem of the form @{text "A \<le> B \<Longrightarrow> M A \<le> M B"},
1.62 + for each premise @{text "M R\<^sub>i t"} in an introduction rule!
1.63 +
1.64 + \item @{command (HOL) "inductive_set"} and @{command (HOL)
1.65 + "coinductive_set"} are wrappers for to the previous commands,
1.66 + allowing the definition of (co)inductive sets.
1.67 +
1.68 + \item @{attribute (HOL) mono} declares monotonicity rules. These
1.69 + rule are involved in the automated monotonicity proof of @{command
1.70 + (HOL) "inductive"}.
1.71 +
1.72 + \end{description}
1.73 +*}
1.74 +
1.75 +
1.76 +subsection {* Derived rules *}
1.77 +
1.78 +text {*
1.79 + Each (co)inductive definition @{text R} adds definitions to the
1.80 + theory and also proves some theorems:
1.81 +
1.82 + \begin{description}
1.83 +
1.84 + \item @{text R.intros} is the list of introduction rules as proven
1.85 + theorems, for the recursive predicates (or sets). The rules are
1.86 + also available individually, using the names given them in the
1.87 + theory file;
1.88 +
1.89 + \item @{text R.cases} is the case analysis (or elimination) rule;
1.90 +
1.91 + \item @{text R.induct} or @{text R.coinduct} is the (co)induction
1.92 + rule.
1.93 +
1.94 + \end{description}
1.95 +
1.96 + When several predicates @{text "R\<^sub>1, \<dots>, R\<^sub>n"} are
1.97 + defined simultaneously, the list of introduction rules is called
1.98 + @{text "R\<^sub>1_\<dots>_R\<^sub>n.intros"}, the case analysis rules are
1.99 + called @{text "R\<^sub>1.cases, \<dots>, R\<^sub>n.cases"}, and the list
1.100 + of mutual induction rules is called @{text
1.101 + "R\<^sub>1_\<dots>_R\<^sub>n.inducts"}.
1.102 +*}
1.103 +
1.104 +
1.105 +subsection {* Monotonicity theorems *}
1.106 +
1.107 +text {*
1.108 + Each theory contains a default set of theorems that are used in
1.109 + monotonicity proofs. New rules can be added to this set via the
1.110 + @{attribute (HOL) mono} attribute. The HOL theory @{text Inductive}
1.111 + shows how this is done. In general, the following monotonicity
1.112 + theorems may be added:
1.113 +
1.114 + \begin{itemize}
1.115 +
1.116 + \item Theorems of the form @{text "A \<le> B \<Longrightarrow> M A \<le> M B"}, for proving
1.117 + monotonicity of inductive definitions whose introduction rules have
1.118 + premises involving terms such as @{text "M R\<^sub>i t"}.
1.119 +
1.120 + \item Monotonicity theorems for logical operators, which are of the
1.121 + general form @{text "(\<dots> \<longrightarrow> \<dots>) \<Longrightarrow> \<dots> (\<dots> \<longrightarrow> \<dots>) \<Longrightarrow> \<dots> \<longrightarrow> \<dots>"}. For example, in
1.122 + the case of the operator @{text "\<or>"}, the corresponding theorem is
1.123 + \[
1.124 + \infer{@{text "P\<^sub>1 \<or> P\<^sub>2 \<longrightarrow> Q\<^sub>1 \<or> Q\<^sub>2"}}{@{text "P\<^sub>1 \<longrightarrow> Q\<^sub>1"} & @{text "P\<^sub>2 \<longrightarrow> Q\<^sub>2"}}
1.125 + \]
1.126 +
1.127 + \item De Morgan style equations for reasoning about the ``polarity''
1.128 + of expressions, e.g.
1.129 + \[
1.130 + @{prop "\<not> \<not> P \<longleftrightarrow> P"} \qquad\qquad
1.131 + @{prop "\<not> (P \<and> Q) \<longleftrightarrow> \<not> P \<or> \<not> Q"}
1.132 + \]
1.133 +
1.134 + \item Equations for reducing complex operators to more primitive
1.135 + ones whose monotonicity can easily be proved, e.g.
1.136 + \[
1.137 + @{prop "(P \<longrightarrow> Q) \<longleftrightarrow> \<not> P \<or> Q"} \qquad\qquad
1.138 + @{prop "Ball A P \<equiv> \<forall>x. x \<in> A \<longrightarrow> P x"}
1.139 + \]
1.140 +
1.141 + \end{itemize}
1.142 +
1.143 + %FIXME: Example of an inductive definition
1.144 +*}
1.145 +
1.146 +
1.147 +section {* Recursive functions \label{sec:recursion} *}
1.148 +
1.149 +text {*
1.150 + \begin{matharray}{rcl}
1.151 + @{command_def (HOL) "primrec"} & : & @{text "local_theory \<rightarrow> local_theory"} \\
1.152 + @{command_def (HOL) "fun"} & : & @{text "local_theory \<rightarrow> local_theory"} \\
1.153 + @{command_def (HOL) "function"} & : & @{text "local_theory \<rightarrow> proof(prove)"} \\
1.154 + @{command_def (HOL) "termination"} & : & @{text "local_theory \<rightarrow> proof(prove)"} \\
1.155 + \end{matharray}
1.156 +
1.157 + @{rail "
1.158 + @@{command (HOL) primrec} @{syntax target}? @{syntax \"fixes\"} @'where' equations
1.159 + ;
1.160 + (@@{command (HOL) fun} | @@{command (HOL) function}) @{syntax target}? functionopts?
1.161 + @{syntax \"fixes\"} \\ @'where' equations
1.162 + ;
1.163 +
1.164 + equations: (@{syntax thmdecl}? @{syntax prop} + '|')
1.165 + ;
1.166 + functionopts: '(' (('sequential' | 'domintros') + ',') ')'
1.167 + ;
1.168 + @@{command (HOL) termination} @{syntax term}?
1.169 + "}
1.170 +
1.171 + \begin{description}
1.172 +
1.173 + \item @{command (HOL) "primrec"} defines primitive recursive
1.174 + functions over datatypes, see also \cite{isabelle-HOL}.
1.175 +
1.176 + \item @{command (HOL) "function"} defines functions by general
1.177 + wellfounded recursion. A detailed description with examples can be
1.178 + found in \cite{isabelle-function}. The function is specified by a
1.179 + set of (possibly conditional) recursive equations with arbitrary
1.180 + pattern matching. The command generates proof obligations for the
1.181 + completeness and the compatibility of patterns.
1.182 +
1.183 + The defined function is considered partial, and the resulting
1.184 + simplification rules (named @{text "f.psimps"}) and induction rule
1.185 + (named @{text "f.pinduct"}) are guarded by a generated domain
1.186 + predicate @{text "f_dom"}. The @{command (HOL) "termination"}
1.187 + command can then be used to establish that the function is total.
1.188 +
1.189 + \item @{command (HOL) "fun"} is a shorthand notation for ``@{command
1.190 + (HOL) "function"}~@{text "(sequential)"}, followed by automated
1.191 + proof attempts regarding pattern matching and termination. See
1.192 + \cite{isabelle-function} for further details.
1.193 +
1.194 + \item @{command (HOL) "termination"}~@{text f} commences a
1.195 + termination proof for the previously defined function @{text f}. If
1.196 + this is omitted, the command refers to the most recent function
1.197 + definition. After the proof is closed, the recursive equations and
1.198 + the induction principle is established.
1.199 +
1.200 + \end{description}
1.201 +
1.202 + Recursive definitions introduced by the @{command (HOL) "function"}
1.203 + command accommodate
1.204 + reasoning by induction (cf.\ \secref{sec:cases-induct}): rule @{text
1.205 + "c.induct"} (where @{text c} is the name of the function definition)
1.206 + refers to a specific induction rule, with parameters named according
1.207 + to the user-specified equations. Cases are numbered (starting from 1).
1.208 +
1.209 + For @{command (HOL) "primrec"}, the induction principle coincides
1.210 + with structural recursion on the datatype the recursion is carried
1.211 + out.
1.212 +
1.213 + The equations provided by these packages may be referred later as
1.214 + theorem list @{text "f.simps"}, where @{text f} is the (collective)
1.215 + name of the functions defined. Individual equations may be named
1.216 + explicitly as well.
1.217 +
1.218 + The @{command (HOL) "function"} command accepts the following
1.219 + options.
1.220 +
1.221 + \begin{description}
1.222 +
1.223 + \item @{text sequential} enables a preprocessor which disambiguates
1.224 + overlapping patterns by making them mutually disjoint. Earlier
1.225 + equations take precedence over later ones. This allows to give the
1.226 + specification in a format very similar to functional programming.
1.227 + Note that the resulting simplification and induction rules
1.228 + correspond to the transformed specification, not the one given
1.229 + originally. This usually means that each equation given by the user
1.230 + may result in several theorems. Also note that this automatic
1.231 + transformation only works for ML-style datatype patterns.
1.232 +
1.233 + \item @{text domintros} enables the automated generation of
1.234 + introduction rules for the domain predicate. While mostly not
1.235 + needed, they can be helpful in some proofs about partial functions.
1.236 +
1.237 + \end{description}
1.238 +*}
1.239 +
1.240 +
1.241 +subsection {* Proof methods related to recursive definitions *}
1.242 +
1.243 +text {*
1.244 + \begin{matharray}{rcl}
1.245 + @{method_def (HOL) pat_completeness} & : & @{text method} \\
1.246 + @{method_def (HOL) relation} & : & @{text method} \\
1.247 + @{method_def (HOL) lexicographic_order} & : & @{text method} \\
1.248 + @{method_def (HOL) size_change} & : & @{text method} \\
1.249 + \end{matharray}
1.250 +
1.251 + @{rail "
1.252 + @@{method (HOL) relation} @{syntax term}
1.253 + ;
1.254 + @@{method (HOL) lexicographic_order} (@{syntax clasimpmod} * )
1.255 + ;
1.256 + @@{method (HOL) size_change} ( orders (@{syntax clasimpmod} * ) )
1.257 + ;
1.258 + orders: ( 'max' | 'min' | 'ms' ) *
1.259 + "}
1.260 +
1.261 + \begin{description}
1.262 +
1.263 + \item @{method (HOL) pat_completeness} is a specialized method to
1.264 + solve goals regarding the completeness of pattern matching, as
1.265 + required by the @{command (HOL) "function"} package (cf.\
1.266 + \cite{isabelle-function}).
1.267 +
1.268 + \item @{method (HOL) relation}~@{text R} introduces a termination
1.269 + proof using the relation @{text R}. The resulting proof state will
1.270 + contain goals expressing that @{text R} is wellfounded, and that the
1.271 + arguments of recursive calls decrease with respect to @{text R}.
1.272 + Usually, this method is used as the initial proof step of manual
1.273 + termination proofs.
1.274 +
1.275 + \item @{method (HOL) "lexicographic_order"} attempts a fully
1.276 + automated termination proof by searching for a lexicographic
1.277 + combination of size measures on the arguments of the function. The
1.278 + method accepts the same arguments as the @{method auto} method,
1.279 + which it uses internally to prove local descents. The same context
1.280 + modifiers as for @{method auto} are accepted, see
1.281 + \secref{sec:clasimp}.
1.282 +
1.283 + In case of failure, extensive information is printed, which can help
1.284 + to analyse the situation (cf.\ \cite{isabelle-function}).
1.285 +
1.286 + \item @{method (HOL) "size_change"} also works on termination goals,
1.287 + using a variation of the size-change principle, together with a
1.288 + graph decomposition technique (see \cite{krauss_phd} for details).
1.289 + Three kinds of orders are used internally: @{text max}, @{text min},
1.290 + and @{text ms} (multiset), which is only available when the theory
1.291 + @{text Multiset} is loaded. When no order kinds are given, they are
1.292 + tried in order. The search for a termination proof uses SAT solving
1.293 + internally.
1.294 +
1.295 + For local descent proofs, the same context modifiers as for @{method
1.296 + auto} are accepted, see \secref{sec:clasimp}.
1.297 +
1.298 + \end{description}
1.299 +*}
1.300 +
1.301 +
1.302 +subsection {* Functions with explicit partiality *}
1.303 +
1.304 +text {*
1.305 + \begin{matharray}{rcl}
1.306 + @{command_def (HOL) "partial_function"} & : & @{text "local_theory \<rightarrow> local_theory"} \\
1.307 + @{attribute_def (HOL) "partial_function_mono"} & : & @{text attribute} \\
1.308 + \end{matharray}
1.309 +
1.310 + @{rail "
1.311 + @@{command (HOL) partial_function} @{syntax target}?
1.312 + '(' @{syntax nameref} ')' @{syntax \"fixes\"} \\
1.313 + @'where' @{syntax thmdecl}? @{syntax prop}
1.314 + "}
1.315 +
1.316 + \begin{description}
1.317 +
1.318 + \item @{command (HOL) "partial_function"}~@{text "(mode)"} defines
1.319 + recursive functions based on fixpoints in complete partial
1.320 + orders. No termination proof is required from the user or
1.321 + constructed internally. Instead, the possibility of non-termination
1.322 + is modelled explicitly in the result type, which contains an
1.323 + explicit bottom element.
1.324 +
1.325 + Pattern matching and mutual recursion are currently not supported.
1.326 + Thus, the specification consists of a single function described by a
1.327 + single recursive equation.
1.328 +
1.329 + There are no fixed syntactic restrictions on the body of the
1.330 + function, but the induced functional must be provably monotonic
1.331 + wrt.\ the underlying order. The monotonicitity proof is performed
1.332 + internally, and the definition is rejected when it fails. The proof
1.333 + can be influenced by declaring hints using the
1.334 + @{attribute (HOL) partial_function_mono} attribute.
1.335 +
1.336 + The mandatory @{text mode} argument specifies the mode of operation
1.337 + of the command, which directly corresponds to a complete partial
1.338 + order on the result type. By default, the following modes are
1.339 + defined:
1.340 +
1.341 + \begin{description}
1.342 + \item @{text option} defines functions that map into the @{type
1.343 + option} type. Here, the value @{term None} is used to model a
1.344 + non-terminating computation. Monotonicity requires that if @{term
1.345 + None} is returned by a recursive call, then the overall result
1.346 + must also be @{term None}. This is best achieved through the use of
1.347 + the monadic operator @{const "Option.bind"}.
1.348 +
1.349 + \item @{text tailrec} defines functions with an arbitrary result
1.350 + type and uses the slightly degenerated partial order where @{term
1.351 + "undefined"} is the bottom element. Now, monotonicity requires that
1.352 + if @{term undefined} is returned by a recursive call, then the
1.353 + overall result must also be @{term undefined}. In practice, this is
1.354 + only satisfied when each recursive call is a tail call, whose result
1.355 + is directly returned. Thus, this mode of operation allows the
1.356 + definition of arbitrary tail-recursive functions.
1.357 + \end{description}
1.358 +
1.359 + Experienced users may define new modes by instantiating the locale
1.360 + @{const "partial_function_definitions"} appropriately.
1.361 +
1.362 + \item @{attribute (HOL) partial_function_mono} declares rules for
1.363 + use in the internal monononicity proofs of partial function
1.364 + definitions.
1.365 +
1.366 + \end{description}
1.367 +
1.368 +*}
1.369 +
1.370 +
1.371 +subsection {* Old-style recursive function definitions (TFL) *}
1.372 +
1.373 +text {*
1.374 + The old TFL commands @{command (HOL) "recdef"} and @{command (HOL)
1.375 + "recdef_tc"} for defining recursive are mostly obsolete; @{command
1.376 + (HOL) "function"} or @{command (HOL) "fun"} should be used instead.
1.377 +
1.378 + \begin{matharray}{rcl}
1.379 + @{command_def (HOL) "recdef"} & : & @{text "theory \<rightarrow> theory)"} \\
1.380 + @{command_def (HOL) "recdef_tc"}@{text "\<^sup>*"} & : & @{text "theory \<rightarrow> proof(prove)"} \\
1.381 + \end{matharray}
1.382 +
1.383 + @{rail "
1.384 + @@{command (HOL) recdef} ('(' @'permissive' ')')? \\
1.385 + @{syntax name} @{syntax term} (@{syntax prop} +) hints?
1.386 + ;
1.387 + recdeftc @{syntax thmdecl}? tc
1.388 + ;
1.389 + hints: '(' @'hints' ( recdefmod * ) ')'
1.390 + ;
1.391 + recdefmod: (('recdef_simp' | 'recdef_cong' | 'recdef_wf')
1.392 + (() | 'add' | 'del') ':' @{syntax thmrefs}) | @{syntax clasimpmod}
1.393 + ;
1.394 + tc: @{syntax nameref} ('(' @{syntax nat} ')')?
1.395 + "}
1.396 +
1.397 + \begin{description}
1.398 +
1.399 + \item @{command (HOL) "recdef"} defines general well-founded
1.400 + recursive functions (using the TFL package), see also
1.401 + \cite{isabelle-HOL}. The ``@{text "(permissive)"}'' option tells
1.402 + TFL to recover from failed proof attempts, returning unfinished
1.403 + results. The @{text recdef_simp}, @{text recdef_cong}, and @{text
1.404 + recdef_wf} hints refer to auxiliary rules to be used in the internal
1.405 + automated proof process of TFL. Additional @{syntax clasimpmod}
1.406 + declarations (cf.\ \secref{sec:clasimp}) may be given to tune the
1.407 + context of the Simplifier (cf.\ \secref{sec:simplifier}) and
1.408 + Classical reasoner (cf.\ \secref{sec:classical}).
1.409 +
1.410 + \item @{command (HOL) "recdef_tc"}~@{text "c (i)"} recommences the
1.411 + proof for leftover termination condition number @{text i} (default
1.412 + 1) as generated by a @{command (HOL) "recdef"} definition of
1.413 + constant @{text c}.
1.414 +
1.415 + Note that in most cases, @{command (HOL) "recdef"} is able to finish
1.416 + its internal proofs without manual intervention.
1.417 +
1.418 + \end{description}
1.419 +
1.420 + \medskip Hints for @{command (HOL) "recdef"} may be also declared
1.421 + globally, using the following attributes.
1.422 +
1.423 + \begin{matharray}{rcl}
1.424 + @{attribute_def (HOL) recdef_simp} & : & @{text attribute} \\
1.425 + @{attribute_def (HOL) recdef_cong} & : & @{text attribute} \\
1.426 + @{attribute_def (HOL) recdef_wf} & : & @{text attribute} \\
1.427 + \end{matharray}
1.428 +
1.429 + @{rail "
1.430 + (@@{attribute (HOL) recdef_simp} | @@{attribute (HOL) recdef_cong} |
1.431 + @@{attribute (HOL) recdef_wf}) (() | 'add' | 'del')
1.432 + "}
1.433 +*}
1.434 +
1.435 +
1.436 +section {* Datatypes \label{sec:hol-datatype} *}
1.437 +
1.438 +text {*
1.439 + \begin{matharray}{rcl}
1.440 + @{command_def (HOL) "datatype"} & : & @{text "theory \<rightarrow> theory"} \\
1.441 + @{command_def (HOL) "rep_datatype"} & : & @{text "theory \<rightarrow> proof(prove)"} \\
1.442 + \end{matharray}
1.443 +
1.444 + @{rail "
1.445 + @@{command (HOL) datatype} (spec + @'and')
1.446 + ;
1.447 + @@{command (HOL) rep_datatype} ('(' (@{syntax name} +) ')')? (@{syntax term} +)
1.448 + ;
1.449 +
1.450 + spec: @{syntax parname}? @{syntax typespec} @{syntax mixfix}? '=' (cons + '|')
1.451 + ;
1.452 + cons: @{syntax name} (@{syntax type} * ) @{syntax mixfix}?
1.453 + "}
1.454 +
1.455 + \begin{description}
1.456 +
1.457 + \item @{command (HOL) "datatype"} defines inductive datatypes in
1.458 + HOL.
1.459 +
1.460 + \item @{command (HOL) "rep_datatype"} represents existing types as
1.461 + inductive ones, generating the standard infrastructure of derived
1.462 + concepts (primitive recursion etc.).
1.463 +
1.464 + \end{description}
1.465 +
1.466 + The induction and exhaustion theorems generated provide case names
1.467 + according to the constructors involved, while parameters are named
1.468 + after the types (see also \secref{sec:cases-induct}).
1.469 +
1.470 + See \cite{isabelle-HOL} for more details on datatypes, but beware of
1.471 + the old-style theory syntax being used there! Apart from proper
1.472 + proof methods for case-analysis and induction, there are also
1.473 + emulations of ML tactics @{method (HOL) case_tac} and @{method (HOL)
1.474 + induct_tac} available, see \secref{sec:hol-induct-tac}; these admit
1.475 + to refer directly to the internal structure of subgoals (including
1.476 + internally bound parameters).
1.477 +*}
1.478 +
1.479 +
1.480 +section {* Records \label{sec:hol-record} *}
1.481 +
1.482 +text {*
1.483 + In principle, records merely generalize the concept of tuples, where
1.484 + components may be addressed by labels instead of just position. The
1.485 + logical infrastructure of records in Isabelle/HOL is slightly more
1.486 + advanced, though, supporting truly extensible record schemes. This
1.487 + admits operations that are polymorphic with respect to record
1.488 + extension, yielding ``object-oriented'' effects like (single)
1.489 + inheritance. See also \cite{NaraschewskiW-TPHOLs98} for more
1.490 + details on object-oriented verification and record subtyping in HOL.
1.491 +*}
1.492 +
1.493 +
1.494 +subsection {* Basic concepts *}
1.495 +
1.496 +text {*
1.497 + Isabelle/HOL supports both \emph{fixed} and \emph{schematic} records
1.498 + at the level of terms and types. The notation is as follows:
1.499 +
1.500 + \begin{center}
1.501 + \begin{tabular}{l|l|l}
1.502 + & record terms & record types \\ \hline
1.503 + fixed & @{text "\<lparr>x = a, y = b\<rparr>"} & @{text "\<lparr>x :: A, y :: B\<rparr>"} \\
1.504 + schematic & @{text "\<lparr>x = a, y = b, \<dots> = m\<rparr>"} &
1.505 + @{text "\<lparr>x :: A, y :: B, \<dots> :: M\<rparr>"} \\
1.506 + \end{tabular}
1.507 + \end{center}
1.508 +
1.509 + \noindent The ASCII representation of @{text "\<lparr>x = a\<rparr>"} is @{text
1.510 + "(| x = a |)"}.
1.511 +
1.512 + A fixed record @{text "\<lparr>x = a, y = b\<rparr>"} has field @{text x} of value
1.513 + @{text a} and field @{text y} of value @{text b}. The corresponding
1.514 + type is @{text "\<lparr>x :: A, y :: B\<rparr>"}, assuming that @{text "a :: A"}
1.515 + and @{text "b :: B"}.
1.516 +
1.517 + A record scheme like @{text "\<lparr>x = a, y = b, \<dots> = m\<rparr>"} contains fields
1.518 + @{text x} and @{text y} as before, but also possibly further fields
1.519 + as indicated by the ``@{text "\<dots>"}'' notation (which is actually part
1.520 + of the syntax). The improper field ``@{text "\<dots>"}'' of a record
1.521 + scheme is called the \emph{more part}. Logically it is just a free
1.522 + variable, which is occasionally referred to as ``row variable'' in
1.523 + the literature. The more part of a record scheme may be
1.524 + instantiated by zero or more further components. For example, the
1.525 + previous scheme may get instantiated to @{text "\<lparr>x = a, y = b, z =
1.526 + c, \<dots> = m'\<rparr>"}, where @{text m'} refers to a different more part.
1.527 + Fixed records are special instances of record schemes, where
1.528 + ``@{text "\<dots>"}'' is properly terminated by the @{text "() :: unit"}
1.529 + element. In fact, @{text "\<lparr>x = a, y = b\<rparr>"} is just an abbreviation
1.530 + for @{text "\<lparr>x = a, y = b, \<dots> = ()\<rparr>"}.
1.531 +
1.532 + \medskip Two key observations make extensible records in a simply
1.533 + typed language like HOL work out:
1.534 +
1.535 + \begin{enumerate}
1.536 +
1.537 + \item the more part is internalized, as a free term or type
1.538 + variable,
1.539 +
1.540 + \item field names are externalized, they cannot be accessed within
1.541 + the logic as first-class values.
1.542 +
1.543 + \end{enumerate}
1.544 +
1.545 + \medskip In Isabelle/HOL record types have to be defined explicitly,
1.546 + fixing their field names and types, and their (optional) parent
1.547 + record. Afterwards, records may be formed using above syntax, while
1.548 + obeying the canonical order of fields as given by their declaration.
1.549 + The record package provides several standard operations like
1.550 + selectors and updates. The common setup for various generic proof
1.551 + tools enable succinct reasoning patterns. See also the Isabelle/HOL
1.552 + tutorial \cite{isabelle-hol-book} for further instructions on using
1.553 + records in practice.
1.554 +*}
1.555 +
1.556 +
1.557 +subsection {* Record specifications *}
1.558 +
1.559 +text {*
1.560 + \begin{matharray}{rcl}
1.561 + @{command_def (HOL) "record"} & : & @{text "theory \<rightarrow> theory"} \\
1.562 + \end{matharray}
1.563 +
1.564 + @{rail "
1.565 + @@{command (HOL) record} @{syntax typespec_sorts} '=' \\
1.566 + (@{syntax type} '+')? (@{syntax constdecl} +)
1.567 + "}
1.568 +
1.569 + \begin{description}
1.570 +
1.571 + \item @{command (HOL) "record"}~@{text "(\<alpha>\<^sub>1, \<dots>, \<alpha>\<^sub>m) t = \<tau> + c\<^sub>1 :: \<sigma>\<^sub>1
1.572 + \<dots> c\<^sub>n :: \<sigma>\<^sub>n"} defines extensible record type @{text "(\<alpha>\<^sub>1, \<dots>, \<alpha>\<^sub>m) t"},
1.573 + derived from the optional parent record @{text "\<tau>"} by adding new
1.574 + field components @{text "c\<^sub>i :: \<sigma>\<^sub>i"} etc.
1.575 +
1.576 + The type variables of @{text "\<tau>"} and @{text "\<sigma>\<^sub>i"} need to be
1.577 + covered by the (distinct) parameters @{text "\<alpha>\<^sub>1, \<dots>,
1.578 + \<alpha>\<^sub>m"}. Type constructor @{text t} has to be new, while @{text
1.579 + \<tau>} needs to specify an instance of an existing record type. At
1.580 + least one new field @{text "c\<^sub>i"} has to be specified.
1.581 + Basically, field names need to belong to a unique record. This is
1.582 + not a real restriction in practice, since fields are qualified by
1.583 + the record name internally.
1.584 +
1.585 + The parent record specification @{text \<tau>} is optional; if omitted
1.586 + @{text t} becomes a root record. The hierarchy of all records
1.587 + declared within a theory context forms a forest structure, i.e.\ a
1.588 + set of trees starting with a root record each. There is no way to
1.589 + merge multiple parent records!
1.590 +
1.591 + For convenience, @{text "(\<alpha>\<^sub>1, \<dots>, \<alpha>\<^sub>m) t"} is made a
1.592 + type abbreviation for the fixed record type @{text "\<lparr>c\<^sub>1 ::
1.593 + \<sigma>\<^sub>1, \<dots>, c\<^sub>n :: \<sigma>\<^sub>n\<rparr>"}, likewise is @{text
1.594 + "(\<alpha>\<^sub>1, \<dots>, \<alpha>\<^sub>m, \<zeta>) t_scheme"} made an abbreviation for
1.595 + @{text "\<lparr>c\<^sub>1 :: \<sigma>\<^sub>1, \<dots>, c\<^sub>n :: \<sigma>\<^sub>n, \<dots> ::
1.596 + \<zeta>\<rparr>"}.
1.597 +
1.598 + \end{description}
1.599 +*}
1.600 +
1.601 +
1.602 +subsection {* Record operations *}
1.603 +
1.604 +text {*
1.605 + Any record definition of the form presented above produces certain
1.606 + standard operations. Selectors and updates are provided for any
1.607 + field, including the improper one ``@{text more}''. There are also
1.608 + cumulative record constructor functions. To simplify the
1.609 + presentation below, we assume for now that @{text "(\<alpha>\<^sub>1, \<dots>,
1.610 + \<alpha>\<^sub>m) t"} is a root record with fields @{text "c\<^sub>1 ::
1.611 + \<sigma>\<^sub>1, \<dots>, c\<^sub>n :: \<sigma>\<^sub>n"}.
1.612 +
1.613 + \medskip \textbf{Selectors} and \textbf{updates} are available for
1.614 + any field (including ``@{text more}''):
1.615 +
1.616 + \begin{matharray}{lll}
1.617 + @{text "c\<^sub>i"} & @{text "::"} & @{text "\<lparr>\<^vec>c :: \<^vec>\<sigma>, \<dots> :: \<zeta>\<rparr> \<Rightarrow> \<sigma>\<^sub>i"} \\
1.618 + @{text "c\<^sub>i_update"} & @{text "::"} & @{text "\<sigma>\<^sub>i \<Rightarrow> \<lparr>\<^vec>c :: \<^vec>\<sigma>, \<dots> :: \<zeta>\<rparr> \<Rightarrow> \<lparr>\<^vec>c :: \<^vec>\<sigma>, \<dots> :: \<zeta>\<rparr>"} \\
1.619 + \end{matharray}
1.620 +
1.621 + There is special syntax for application of updates: @{text "r\<lparr>x :=
1.622 + a\<rparr>"} abbreviates term @{text "x_update a r"}. Further notation for
1.623 + repeated updates is also available: @{text "r\<lparr>x := a\<rparr>\<lparr>y := b\<rparr>\<lparr>z :=
1.624 + c\<rparr>"} may be written @{text "r\<lparr>x := a, y := b, z := c\<rparr>"}. Note that
1.625 + because of postfix notation the order of fields shown here is
1.626 + reverse than in the actual term. Since repeated updates are just
1.627 + function applications, fields may be freely permuted in @{text "\<lparr>x
1.628 + := a, y := b, z := c\<rparr>"}, as far as logical equality is concerned.
1.629 + Thus commutativity of independent updates can be proven within the
1.630 + logic for any two fields, but not as a general theorem.
1.631 +
1.632 + \medskip The \textbf{make} operation provides a cumulative record
1.633 + constructor function:
1.634 +
1.635 + \begin{matharray}{lll}
1.636 + @{text "t.make"} & @{text "::"} & @{text "\<sigma>\<^sub>1 \<Rightarrow> \<dots> \<sigma>\<^sub>n \<Rightarrow> \<lparr>\<^vec>c :: \<^vec>\<sigma>\<rparr>"} \\
1.637 + \end{matharray}
1.638 +
1.639 + \medskip We now reconsider the case of non-root records, which are
1.640 + derived of some parent. In general, the latter may depend on
1.641 + another parent as well, resulting in a list of \emph{ancestor
1.642 + records}. Appending the lists of fields of all ancestors results in
1.643 + a certain field prefix. The record package automatically takes care
1.644 + of this by lifting operations over this context of ancestor fields.
1.645 + Assuming that @{text "(\<alpha>\<^sub>1, \<dots>, \<alpha>\<^sub>m) t"} has ancestor
1.646 + fields @{text "b\<^sub>1 :: \<rho>\<^sub>1, \<dots>, b\<^sub>k :: \<rho>\<^sub>k"},
1.647 + the above record operations will get the following types:
1.648 +
1.649 + \medskip
1.650 + \begin{tabular}{lll}
1.651 + @{text "c\<^sub>i"} & @{text "::"} & @{text "\<lparr>\<^vec>b :: \<^vec>\<rho>, \<^vec>c :: \<^vec>\<sigma>, \<dots> :: \<zeta>\<rparr> \<Rightarrow> \<sigma>\<^sub>i"} \\
1.652 + @{text "c\<^sub>i_update"} & @{text "::"} & @{text "\<sigma>\<^sub>i \<Rightarrow>
1.653 + \<lparr>\<^vec>b :: \<^vec>\<rho>, \<^vec>c :: \<^vec>\<sigma>, \<dots> :: \<zeta>\<rparr> \<Rightarrow>
1.654 + \<lparr>\<^vec>b :: \<^vec>\<rho>, \<^vec>c :: \<^vec>\<sigma>, \<dots> :: \<zeta>\<rparr>"} \\
1.655 + @{text "t.make"} & @{text "::"} & @{text "\<rho>\<^sub>1 \<Rightarrow> \<dots> \<rho>\<^sub>k \<Rightarrow> \<sigma>\<^sub>1 \<Rightarrow> \<dots> \<sigma>\<^sub>n \<Rightarrow>
1.656 + \<lparr>\<^vec>b :: \<^vec>\<rho>, \<^vec>c :: \<^vec>\<sigma>\<rparr>"} \\
1.657 + \end{tabular}
1.658 + \medskip
1.659 +
1.660 + \noindent Some further operations address the extension aspect of a
1.661 + derived record scheme specifically: @{text "t.fields"} produces a
1.662 + record fragment consisting of exactly the new fields introduced here
1.663 + (the result may serve as a more part elsewhere); @{text "t.extend"}
1.664 + takes a fixed record and adds a given more part; @{text
1.665 + "t.truncate"} restricts a record scheme to a fixed record.
1.666 +
1.667 + \medskip
1.668 + \begin{tabular}{lll}
1.669 + @{text "t.fields"} & @{text "::"} & @{text "\<sigma>\<^sub>1 \<Rightarrow> \<dots> \<sigma>\<^sub>n \<Rightarrow> \<lparr>\<^vec>c :: \<^vec>\<sigma>\<rparr>"} \\
1.670 + @{text "t.extend"} & @{text "::"} & @{text "\<lparr>\<^vec>b :: \<^vec>\<rho>, \<^vec>c :: \<^vec>\<sigma>\<rparr> \<Rightarrow>
1.671 + \<zeta> \<Rightarrow> \<lparr>\<^vec>b :: \<^vec>\<rho>, \<^vec>c :: \<^vec>\<sigma>, \<dots> :: \<zeta>\<rparr>"} \\
1.672 + @{text "t.truncate"} & @{text "::"} & @{text "\<lparr>\<^vec>b :: \<^vec>\<rho>, \<^vec>c :: \<^vec>\<sigma>, \<dots> :: \<zeta>\<rparr> \<Rightarrow> \<lparr>\<^vec>b :: \<^vec>\<rho>, \<^vec>c :: \<^vec>\<sigma>\<rparr>"} \\
1.673 + \end{tabular}
1.674 + \medskip
1.675 +
1.676 + \noindent Note that @{text "t.make"} and @{text "t.fields"} coincide
1.677 + for root records.
1.678 +*}
1.679 +
1.680 +
1.681 +subsection {* Derived rules and proof tools *}
1.682 +
1.683 +text {*
1.684 + The record package proves several results internally, declaring
1.685 + these facts to appropriate proof tools. This enables users to
1.686 + reason about record structures quite conveniently. Assume that
1.687 + @{text t} is a record type as specified above.
1.688 +
1.689 + \begin{enumerate}
1.690 +
1.691 + \item Standard conversions for selectors or updates applied to
1.692 + record constructor terms are made part of the default Simplifier
1.693 + context; thus proofs by reduction of basic operations merely require
1.694 + the @{method simp} method without further arguments. These rules
1.695 + are available as @{text "t.simps"}, too.
1.696 +
1.697 + \item Selectors applied to updated records are automatically reduced
1.698 + by an internal simplification procedure, which is also part of the
1.699 + standard Simplifier setup.
1.700 +
1.701 + \item Inject equations of a form analogous to @{prop "(x, y) = (x',
1.702 + y') \<equiv> x = x' \<and> y = y'"} are declared to the Simplifier and Classical
1.703 + Reasoner as @{attribute iff} rules. These rules are available as
1.704 + @{text "t.iffs"}.
1.705 +
1.706 + \item The introduction rule for record equality analogous to @{text
1.707 + "x r = x r' \<Longrightarrow> y r = y r' \<dots> \<Longrightarrow> r = r'"} is declared to the Simplifier,
1.708 + and as the basic rule context as ``@{attribute intro}@{text "?"}''.
1.709 + The rule is called @{text "t.equality"}.
1.710 +
1.711 + \item Representations of arbitrary record expressions as canonical
1.712 + constructor terms are provided both in @{method cases} and @{method
1.713 + induct} format (cf.\ the generic proof methods of the same name,
1.714 + \secref{sec:cases-induct}). Several variations are available, for
1.715 + fixed records, record schemes, more parts etc.
1.716 +
1.717 + The generic proof methods are sufficiently smart to pick the most
1.718 + sensible rule according to the type of the indicated record
1.719 + expression: users just need to apply something like ``@{text "(cases
1.720 + r)"}'' to a certain proof problem.
1.721 +
1.722 + \item The derived record operations @{text "t.make"}, @{text
1.723 + "t.fields"}, @{text "t.extend"}, @{text "t.truncate"} are \emph{not}
1.724 + treated automatically, but usually need to be expanded by hand,
1.725 + using the collective fact @{text "t.defs"}.
1.726 +
1.727 + \end{enumerate}
1.728 +*}
1.729 +
1.730 +
1.731 +section {* Adhoc tuples *}
1.732 +
1.733 +text {*
1.734 + \begin{matharray}{rcl}
1.735 + @{attribute_def (HOL) split_format}@{text "\<^sup>*"} & : & @{text attribute} \\
1.736 + \end{matharray}
1.737 +
1.738 + @{rail "
1.739 + @@{attribute (HOL) split_format} ('(' 'complete' ')')?
1.740 + "}
1.741 +
1.742 + \begin{description}
1.743 +
1.744 + \item @{attribute (HOL) split_format}\ @{text "(complete)"} causes
1.745 + arguments in function applications to be represented canonically
1.746 + according to their tuple type structure.
1.747 +
1.748 + Note that this operation tends to invent funny names for new local
1.749 + parameters introduced.
1.750 +
1.751 + \end{description}
1.752 +*}
1.753 +
1.754 +
1.755 section {* Typedef axiomatization \label{sec:hol-typedef} *}
1.756
1.757 text {* A Gordon/HOL-style type definition is a certain axiom scheme
1.758 @@ -155,325 +903,6 @@
1.759 primitive @{command typedef} above. *}
1.760
1.761
1.762 -section {* Adhoc tuples *}
1.763 -
1.764 -text {*
1.765 - \begin{matharray}{rcl}
1.766 - @{attribute_def (HOL) split_format}@{text "\<^sup>*"} & : & @{text attribute} \\
1.767 - \end{matharray}
1.768 -
1.769 - @{rail "
1.770 - @@{attribute (HOL) split_format} ('(' 'complete' ')')?
1.771 - "}
1.772 -
1.773 - \begin{description}
1.774 -
1.775 - \item @{attribute (HOL) split_format}\ @{text "(complete)"} causes
1.776 - arguments in function applications to be represented canonically
1.777 - according to their tuple type structure.
1.778 -
1.779 - Note that this operation tends to invent funny names for new local
1.780 - parameters introduced.
1.781 -
1.782 - \end{description}
1.783 -*}
1.784 -
1.785 -
1.786 -section {* Records \label{sec:hol-record} *}
1.787 -
1.788 -text {*
1.789 - In principle, records merely generalize the concept of tuples, where
1.790 - components may be addressed by labels instead of just position. The
1.791 - logical infrastructure of records in Isabelle/HOL is slightly more
1.792 - advanced, though, supporting truly extensible record schemes. This
1.793 - admits operations that are polymorphic with respect to record
1.794 - extension, yielding ``object-oriented'' effects like (single)
1.795 - inheritance. See also \cite{NaraschewskiW-TPHOLs98} for more
1.796 - details on object-oriented verification and record subtyping in HOL.
1.797 -*}
1.798 -
1.799 -
1.800 -subsection {* Basic concepts *}
1.801 -
1.802 -text {*
1.803 - Isabelle/HOL supports both \emph{fixed} and \emph{schematic} records
1.804 - at the level of terms and types. The notation is as follows:
1.805 -
1.806 - \begin{center}
1.807 - \begin{tabular}{l|l|l}
1.808 - & record terms & record types \\ \hline
1.809 - fixed & @{text "\<lparr>x = a, y = b\<rparr>"} & @{text "\<lparr>x :: A, y :: B\<rparr>"} \\
1.810 - schematic & @{text "\<lparr>x = a, y = b, \<dots> = m\<rparr>"} &
1.811 - @{text "\<lparr>x :: A, y :: B, \<dots> :: M\<rparr>"} \\
1.812 - \end{tabular}
1.813 - \end{center}
1.814 -
1.815 - \noindent The ASCII representation of @{text "\<lparr>x = a\<rparr>"} is @{text
1.816 - "(| x = a |)"}.
1.817 -
1.818 - A fixed record @{text "\<lparr>x = a, y = b\<rparr>"} has field @{text x} of value
1.819 - @{text a} and field @{text y} of value @{text b}. The corresponding
1.820 - type is @{text "\<lparr>x :: A, y :: B\<rparr>"}, assuming that @{text "a :: A"}
1.821 - and @{text "b :: B"}.
1.822 -
1.823 - A record scheme like @{text "\<lparr>x = a, y = b, \<dots> = m\<rparr>"} contains fields
1.824 - @{text x} and @{text y} as before, but also possibly further fields
1.825 - as indicated by the ``@{text "\<dots>"}'' notation (which is actually part
1.826 - of the syntax). The improper field ``@{text "\<dots>"}'' of a record
1.827 - scheme is called the \emph{more part}. Logically it is just a free
1.828 - variable, which is occasionally referred to as ``row variable'' in
1.829 - the literature. The more part of a record scheme may be
1.830 - instantiated by zero or more further components. For example, the
1.831 - previous scheme may get instantiated to @{text "\<lparr>x = a, y = b, z =
1.832 - c, \<dots> = m'\<rparr>"}, where @{text m'} refers to a different more part.
1.833 - Fixed records are special instances of record schemes, where
1.834 - ``@{text "\<dots>"}'' is properly terminated by the @{text "() :: unit"}
1.835 - element. In fact, @{text "\<lparr>x = a, y = b\<rparr>"} is just an abbreviation
1.836 - for @{text "\<lparr>x = a, y = b, \<dots> = ()\<rparr>"}.
1.837 -
1.838 - \medskip Two key observations make extensible records in a simply
1.839 - typed language like HOL work out:
1.840 -
1.841 - \begin{enumerate}
1.842 -
1.843 - \item the more part is internalized, as a free term or type
1.844 - variable,
1.845 -
1.846 - \item field names are externalized, they cannot be accessed within
1.847 - the logic as first-class values.
1.848 -
1.849 - \end{enumerate}
1.850 -
1.851 - \medskip In Isabelle/HOL record types have to be defined explicitly,
1.852 - fixing their field names and types, and their (optional) parent
1.853 - record. Afterwards, records may be formed using above syntax, while
1.854 - obeying the canonical order of fields as given by their declaration.
1.855 - The record package provides several standard operations like
1.856 - selectors and updates. The common setup for various generic proof
1.857 - tools enable succinct reasoning patterns. See also the Isabelle/HOL
1.858 - tutorial \cite{isabelle-hol-book} for further instructions on using
1.859 - records in practice.
1.860 -*}
1.861 -
1.862 -
1.863 -subsection {* Record specifications *}
1.864 -
1.865 -text {*
1.866 - \begin{matharray}{rcl}
1.867 - @{command_def (HOL) "record"} & : & @{text "theory \<rightarrow> theory"} \\
1.868 - \end{matharray}
1.869 -
1.870 - @{rail "
1.871 - @@{command (HOL) record} @{syntax typespec_sorts} '=' \\
1.872 - (@{syntax type} '+')? (@{syntax constdecl} +)
1.873 - "}
1.874 -
1.875 - \begin{description}
1.876 -
1.877 - \item @{command (HOL) "record"}~@{text "(\<alpha>\<^sub>1, \<dots>, \<alpha>\<^sub>m) t = \<tau> + c\<^sub>1 :: \<sigma>\<^sub>1
1.878 - \<dots> c\<^sub>n :: \<sigma>\<^sub>n"} defines extensible record type @{text "(\<alpha>\<^sub>1, \<dots>, \<alpha>\<^sub>m) t"},
1.879 - derived from the optional parent record @{text "\<tau>"} by adding new
1.880 - field components @{text "c\<^sub>i :: \<sigma>\<^sub>i"} etc.
1.881 -
1.882 - The type variables of @{text "\<tau>"} and @{text "\<sigma>\<^sub>i"} need to be
1.883 - covered by the (distinct) parameters @{text "\<alpha>\<^sub>1, \<dots>,
1.884 - \<alpha>\<^sub>m"}. Type constructor @{text t} has to be new, while @{text
1.885 - \<tau>} needs to specify an instance of an existing record type. At
1.886 - least one new field @{text "c\<^sub>i"} has to be specified.
1.887 - Basically, field names need to belong to a unique record. This is
1.888 - not a real restriction in practice, since fields are qualified by
1.889 - the record name internally.
1.890 -
1.891 - The parent record specification @{text \<tau>} is optional; if omitted
1.892 - @{text t} becomes a root record. The hierarchy of all records
1.893 - declared within a theory context forms a forest structure, i.e.\ a
1.894 - set of trees starting with a root record each. There is no way to
1.895 - merge multiple parent records!
1.896 -
1.897 - For convenience, @{text "(\<alpha>\<^sub>1, \<dots>, \<alpha>\<^sub>m) t"} is made a
1.898 - type abbreviation for the fixed record type @{text "\<lparr>c\<^sub>1 ::
1.899 - \<sigma>\<^sub>1, \<dots>, c\<^sub>n :: \<sigma>\<^sub>n\<rparr>"}, likewise is @{text
1.900 - "(\<alpha>\<^sub>1, \<dots>, \<alpha>\<^sub>m, \<zeta>) t_scheme"} made an abbreviation for
1.901 - @{text "\<lparr>c\<^sub>1 :: \<sigma>\<^sub>1, \<dots>, c\<^sub>n :: \<sigma>\<^sub>n, \<dots> ::
1.902 - \<zeta>\<rparr>"}.
1.903 -
1.904 - \end{description}
1.905 -*}
1.906 -
1.907 -
1.908 -subsection {* Record operations *}
1.909 -
1.910 -text {*
1.911 - Any record definition of the form presented above produces certain
1.912 - standard operations. Selectors and updates are provided for any
1.913 - field, including the improper one ``@{text more}''. There are also
1.914 - cumulative record constructor functions. To simplify the
1.915 - presentation below, we assume for now that @{text "(\<alpha>\<^sub>1, \<dots>,
1.916 - \<alpha>\<^sub>m) t"} is a root record with fields @{text "c\<^sub>1 ::
1.917 - \<sigma>\<^sub>1, \<dots>, c\<^sub>n :: \<sigma>\<^sub>n"}.
1.918 -
1.919 - \medskip \textbf{Selectors} and \textbf{updates} are available for
1.920 - any field (including ``@{text more}''):
1.921 -
1.922 - \begin{matharray}{lll}
1.923 - @{text "c\<^sub>i"} & @{text "::"} & @{text "\<lparr>\<^vec>c :: \<^vec>\<sigma>, \<dots> :: \<zeta>\<rparr> \<Rightarrow> \<sigma>\<^sub>i"} \\
1.924 - @{text "c\<^sub>i_update"} & @{text "::"} & @{text "\<sigma>\<^sub>i \<Rightarrow> \<lparr>\<^vec>c :: \<^vec>\<sigma>, \<dots> :: \<zeta>\<rparr> \<Rightarrow> \<lparr>\<^vec>c :: \<^vec>\<sigma>, \<dots> :: \<zeta>\<rparr>"} \\
1.925 - \end{matharray}
1.926 -
1.927 - There is special syntax for application of updates: @{text "r\<lparr>x :=
1.928 - a\<rparr>"} abbreviates term @{text "x_update a r"}. Further notation for
1.929 - repeated updates is also available: @{text "r\<lparr>x := a\<rparr>\<lparr>y := b\<rparr>\<lparr>z :=
1.930 - c\<rparr>"} may be written @{text "r\<lparr>x := a, y := b, z := c\<rparr>"}. Note that
1.931 - because of postfix notation the order of fields shown here is
1.932 - reverse than in the actual term. Since repeated updates are just
1.933 - function applications, fields may be freely permuted in @{text "\<lparr>x
1.934 - := a, y := b, z := c\<rparr>"}, as far as logical equality is concerned.
1.935 - Thus commutativity of independent updates can be proven within the
1.936 - logic for any two fields, but not as a general theorem.
1.937 -
1.938 - \medskip The \textbf{make} operation provides a cumulative record
1.939 - constructor function:
1.940 -
1.941 - \begin{matharray}{lll}
1.942 - @{text "t.make"} & @{text "::"} & @{text "\<sigma>\<^sub>1 \<Rightarrow> \<dots> \<sigma>\<^sub>n \<Rightarrow> \<lparr>\<^vec>c :: \<^vec>\<sigma>\<rparr>"} \\
1.943 - \end{matharray}
1.944 -
1.945 - \medskip We now reconsider the case of non-root records, which are
1.946 - derived of some parent. In general, the latter may depend on
1.947 - another parent as well, resulting in a list of \emph{ancestor
1.948 - records}. Appending the lists of fields of all ancestors results in
1.949 - a certain field prefix. The record package automatically takes care
1.950 - of this by lifting operations over this context of ancestor fields.
1.951 - Assuming that @{text "(\<alpha>\<^sub>1, \<dots>, \<alpha>\<^sub>m) t"} has ancestor
1.952 - fields @{text "b\<^sub>1 :: \<rho>\<^sub>1, \<dots>, b\<^sub>k :: \<rho>\<^sub>k"},
1.953 - the above record operations will get the following types:
1.954 -
1.955 - \medskip
1.956 - \begin{tabular}{lll}
1.957 - @{text "c\<^sub>i"} & @{text "::"} & @{text "\<lparr>\<^vec>b :: \<^vec>\<rho>, \<^vec>c :: \<^vec>\<sigma>, \<dots> :: \<zeta>\<rparr> \<Rightarrow> \<sigma>\<^sub>i"} \\
1.958 - @{text "c\<^sub>i_update"} & @{text "::"} & @{text "\<sigma>\<^sub>i \<Rightarrow>
1.959 - \<lparr>\<^vec>b :: \<^vec>\<rho>, \<^vec>c :: \<^vec>\<sigma>, \<dots> :: \<zeta>\<rparr> \<Rightarrow>
1.960 - \<lparr>\<^vec>b :: \<^vec>\<rho>, \<^vec>c :: \<^vec>\<sigma>, \<dots> :: \<zeta>\<rparr>"} \\
1.961 - @{text "t.make"} & @{text "::"} & @{text "\<rho>\<^sub>1 \<Rightarrow> \<dots> \<rho>\<^sub>k \<Rightarrow> \<sigma>\<^sub>1 \<Rightarrow> \<dots> \<sigma>\<^sub>n \<Rightarrow>
1.962 - \<lparr>\<^vec>b :: \<^vec>\<rho>, \<^vec>c :: \<^vec>\<sigma>\<rparr>"} \\
1.963 - \end{tabular}
1.964 - \medskip
1.965 -
1.966 - \noindent Some further operations address the extension aspect of a
1.967 - derived record scheme specifically: @{text "t.fields"} produces a
1.968 - record fragment consisting of exactly the new fields introduced here
1.969 - (the result may serve as a more part elsewhere); @{text "t.extend"}
1.970 - takes a fixed record and adds a given more part; @{text
1.971 - "t.truncate"} restricts a record scheme to a fixed record.
1.972 -
1.973 - \medskip
1.974 - \begin{tabular}{lll}
1.975 - @{text "t.fields"} & @{text "::"} & @{text "\<sigma>\<^sub>1 \<Rightarrow> \<dots> \<sigma>\<^sub>n \<Rightarrow> \<lparr>\<^vec>c :: \<^vec>\<sigma>\<rparr>"} \\
1.976 - @{text "t.extend"} & @{text "::"} & @{text "\<lparr>\<^vec>b :: \<^vec>\<rho>, \<^vec>c :: \<^vec>\<sigma>\<rparr> \<Rightarrow>
1.977 - \<zeta> \<Rightarrow> \<lparr>\<^vec>b :: \<^vec>\<rho>, \<^vec>c :: \<^vec>\<sigma>, \<dots> :: \<zeta>\<rparr>"} \\
1.978 - @{text "t.truncate"} & @{text "::"} & @{text "\<lparr>\<^vec>b :: \<^vec>\<rho>, \<^vec>c :: \<^vec>\<sigma>, \<dots> :: \<zeta>\<rparr> \<Rightarrow> \<lparr>\<^vec>b :: \<^vec>\<rho>, \<^vec>c :: \<^vec>\<sigma>\<rparr>"} \\
1.979 - \end{tabular}
1.980 - \medskip
1.981 -
1.982 - \noindent Note that @{text "t.make"} and @{text "t.fields"} coincide
1.983 - for root records.
1.984 -*}
1.985 -
1.986 -
1.987 -subsection {* Derived rules and proof tools *}
1.988 -
1.989 -text {*
1.990 - The record package proves several results internally, declaring
1.991 - these facts to appropriate proof tools. This enables users to
1.992 - reason about record structures quite conveniently. Assume that
1.993 - @{text t} is a record type as specified above.
1.994 -
1.995 - \begin{enumerate}
1.996 -
1.997 - \item Standard conversions for selectors or updates applied to
1.998 - record constructor terms are made part of the default Simplifier
1.999 - context; thus proofs by reduction of basic operations merely require
1.1000 - the @{method simp} method without further arguments. These rules
1.1001 - are available as @{text "t.simps"}, too.
1.1002 -
1.1003 - \item Selectors applied to updated records are automatically reduced
1.1004 - by an internal simplification procedure, which is also part of the
1.1005 - standard Simplifier setup.
1.1006 -
1.1007 - \item Inject equations of a form analogous to @{prop "(x, y) = (x',
1.1008 - y') \<equiv> x = x' \<and> y = y'"} are declared to the Simplifier and Classical
1.1009 - Reasoner as @{attribute iff} rules. These rules are available as
1.1010 - @{text "t.iffs"}.
1.1011 -
1.1012 - \item The introduction rule for record equality analogous to @{text
1.1013 - "x r = x r' \<Longrightarrow> y r = y r' \<dots> \<Longrightarrow> r = r'"} is declared to the Simplifier,
1.1014 - and as the basic rule context as ``@{attribute intro}@{text "?"}''.
1.1015 - The rule is called @{text "t.equality"}.
1.1016 -
1.1017 - \item Representations of arbitrary record expressions as canonical
1.1018 - constructor terms are provided both in @{method cases} and @{method
1.1019 - induct} format (cf.\ the generic proof methods of the same name,
1.1020 - \secref{sec:cases-induct}). Several variations are available, for
1.1021 - fixed records, record schemes, more parts etc.
1.1022 -
1.1023 - The generic proof methods are sufficiently smart to pick the most
1.1024 - sensible rule according to the type of the indicated record
1.1025 - expression: users just need to apply something like ``@{text "(cases
1.1026 - r)"}'' to a certain proof problem.
1.1027 -
1.1028 - \item The derived record operations @{text "t.make"}, @{text
1.1029 - "t.fields"}, @{text "t.extend"}, @{text "t.truncate"} are \emph{not}
1.1030 - treated automatically, but usually need to be expanded by hand,
1.1031 - using the collective fact @{text "t.defs"}.
1.1032 -
1.1033 - \end{enumerate}
1.1034 -*}
1.1035 -
1.1036 -
1.1037 -section {* Datatypes \label{sec:hol-datatype} *}
1.1038 -
1.1039 -text {*
1.1040 - \begin{matharray}{rcl}
1.1041 - @{command_def (HOL) "datatype"} & : & @{text "theory \<rightarrow> theory"} \\
1.1042 - @{command_def (HOL) "rep_datatype"} & : & @{text "theory \<rightarrow> proof(prove)"} \\
1.1043 - \end{matharray}
1.1044 -
1.1045 - @{rail "
1.1046 - @@{command (HOL) datatype} (spec + @'and')
1.1047 - ;
1.1048 - @@{command (HOL) rep_datatype} ('(' (@{syntax name} +) ')')? (@{syntax term} +)
1.1049 - ;
1.1050 -
1.1051 - spec: @{syntax parname}? @{syntax typespec} @{syntax mixfix}? '=' (cons + '|')
1.1052 - ;
1.1053 - cons: @{syntax name} (@{syntax type} * ) @{syntax mixfix}?
1.1054 - "}
1.1055 -
1.1056 - \begin{description}
1.1057 -
1.1058 - \item @{command (HOL) "datatype"} defines inductive datatypes in
1.1059 - HOL.
1.1060 -
1.1061 - \item @{command (HOL) "rep_datatype"} represents existing types as
1.1062 - inductive ones, generating the standard infrastructure of derived
1.1063 - concepts (primitive recursion etc.).
1.1064 -
1.1065 - \end{description}
1.1066 -
1.1067 - The induction and exhaustion theorems generated provide case names
1.1068 - according to the constructors involved, while parameters are named
1.1069 - after the types (see also \secref{sec:cases-induct}).
1.1070 -
1.1071 - See \cite{isabelle-HOL} for more details on datatypes, but beware of
1.1072 - the old-style theory syntax being used there! Apart from proper
1.1073 - proof methods for case-analysis and induction, there are also
1.1074 - emulations of ML tactics @{method (HOL) case_tac} and @{method (HOL)
1.1075 - induct_tac} available, see \secref{sec:hol-induct-tac}; these admit
1.1076 - to refer directly to the internal structure of subgoals (including
1.1077 - internally bound parameters).
1.1078 -*}
1.1079 -
1.1080 -
1.1081 section {* Functorial structure of types *}
1.1082
1.1083 text {*
1.1084 @@ -517,433 +946,6 @@
1.1085 *}
1.1086
1.1087
1.1088 -section {* Recursive functions \label{sec:recursion} *}
1.1089 -
1.1090 -text {*
1.1091 - \begin{matharray}{rcl}
1.1092 - @{command_def (HOL) "primrec"} & : & @{text "local_theory \<rightarrow> local_theory"} \\
1.1093 - @{command_def (HOL) "fun"} & : & @{text "local_theory \<rightarrow> local_theory"} \\
1.1094 - @{command_def (HOL) "function"} & : & @{text "local_theory \<rightarrow> proof(prove)"} \\
1.1095 - @{command_def (HOL) "termination"} & : & @{text "local_theory \<rightarrow> proof(prove)"} \\
1.1096 - \end{matharray}
1.1097 -
1.1098 - @{rail "
1.1099 - @@{command (HOL) primrec} @{syntax target}? @{syntax \"fixes\"} @'where' equations
1.1100 - ;
1.1101 - (@@{command (HOL) fun} | @@{command (HOL) function}) @{syntax target}? functionopts?
1.1102 - @{syntax \"fixes\"} \\ @'where' equations
1.1103 - ;
1.1104 -
1.1105 - equations: (@{syntax thmdecl}? @{syntax prop} + '|')
1.1106 - ;
1.1107 - functionopts: '(' (('sequential' | 'domintros') + ',') ')'
1.1108 - ;
1.1109 - @@{command (HOL) termination} @{syntax term}?
1.1110 - "}
1.1111 -
1.1112 - \begin{description}
1.1113 -
1.1114 - \item @{command (HOL) "primrec"} defines primitive recursive
1.1115 - functions over datatypes, see also \cite{isabelle-HOL}.
1.1116 -
1.1117 - \item @{command (HOL) "function"} defines functions by general
1.1118 - wellfounded recursion. A detailed description with examples can be
1.1119 - found in \cite{isabelle-function}. The function is specified by a
1.1120 - set of (possibly conditional) recursive equations with arbitrary
1.1121 - pattern matching. The command generates proof obligations for the
1.1122 - completeness and the compatibility of patterns.
1.1123 -
1.1124 - The defined function is considered partial, and the resulting
1.1125 - simplification rules (named @{text "f.psimps"}) and induction rule
1.1126 - (named @{text "f.pinduct"}) are guarded by a generated domain
1.1127 - predicate @{text "f_dom"}. The @{command (HOL) "termination"}
1.1128 - command can then be used to establish that the function is total.
1.1129 -
1.1130 - \item @{command (HOL) "fun"} is a shorthand notation for ``@{command
1.1131 - (HOL) "function"}~@{text "(sequential)"}, followed by automated
1.1132 - proof attempts regarding pattern matching and termination. See
1.1133 - \cite{isabelle-function} for further details.
1.1134 -
1.1135 - \item @{command (HOL) "termination"}~@{text f} commences a
1.1136 - termination proof for the previously defined function @{text f}. If
1.1137 - this is omitted, the command refers to the most recent function
1.1138 - definition. After the proof is closed, the recursive equations and
1.1139 - the induction principle is established.
1.1140 -
1.1141 - \end{description}
1.1142 -
1.1143 - Recursive definitions introduced by the @{command (HOL) "function"}
1.1144 - command accommodate
1.1145 - reasoning by induction (cf.\ \secref{sec:cases-induct}): rule @{text
1.1146 - "c.induct"} (where @{text c} is the name of the function definition)
1.1147 - refers to a specific induction rule, with parameters named according
1.1148 - to the user-specified equations. Cases are numbered (starting from 1).
1.1149 -
1.1150 - For @{command (HOL) "primrec"}, the induction principle coincides
1.1151 - with structural recursion on the datatype the recursion is carried
1.1152 - out.
1.1153 -
1.1154 - The equations provided by these packages may be referred later as
1.1155 - theorem list @{text "f.simps"}, where @{text f} is the (collective)
1.1156 - name of the functions defined. Individual equations may be named
1.1157 - explicitly as well.
1.1158 -
1.1159 - The @{command (HOL) "function"} command accepts the following
1.1160 - options.
1.1161 -
1.1162 - \begin{description}
1.1163 -
1.1164 - \item @{text sequential} enables a preprocessor which disambiguates
1.1165 - overlapping patterns by making them mutually disjoint. Earlier
1.1166 - equations take precedence over later ones. This allows to give the
1.1167 - specification in a format very similar to functional programming.
1.1168 - Note that the resulting simplification and induction rules
1.1169 - correspond to the transformed specification, not the one given
1.1170 - originally. This usually means that each equation given by the user
1.1171 - may result in several theorems. Also note that this automatic
1.1172 - transformation only works for ML-style datatype patterns.
1.1173 -
1.1174 - \item @{text domintros} enables the automated generation of
1.1175 - introduction rules for the domain predicate. While mostly not
1.1176 - needed, they can be helpful in some proofs about partial functions.
1.1177 -
1.1178 - \end{description}
1.1179 -*}
1.1180 -
1.1181 -
1.1182 -subsection {* Proof methods related to recursive definitions *}
1.1183 -
1.1184 -text {*
1.1185 - \begin{matharray}{rcl}
1.1186 - @{method_def (HOL) pat_completeness} & : & @{text method} \\
1.1187 - @{method_def (HOL) relation} & : & @{text method} \\
1.1188 - @{method_def (HOL) lexicographic_order} & : & @{text method} \\
1.1189 - @{method_def (HOL) size_change} & : & @{text method} \\
1.1190 - \end{matharray}
1.1191 -
1.1192 - @{rail "
1.1193 - @@{method (HOL) relation} @{syntax term}
1.1194 - ;
1.1195 - @@{method (HOL) lexicographic_order} (@{syntax clasimpmod} * )
1.1196 - ;
1.1197 - @@{method (HOL) size_change} ( orders (@{syntax clasimpmod} * ) )
1.1198 - ;
1.1199 - orders: ( 'max' | 'min' | 'ms' ) *
1.1200 - "}
1.1201 -
1.1202 - \begin{description}
1.1203 -
1.1204 - \item @{method (HOL) pat_completeness} is a specialized method to
1.1205 - solve goals regarding the completeness of pattern matching, as
1.1206 - required by the @{command (HOL) "function"} package (cf.\
1.1207 - \cite{isabelle-function}).
1.1208 -
1.1209 - \item @{method (HOL) relation}~@{text R} introduces a termination
1.1210 - proof using the relation @{text R}. The resulting proof state will
1.1211 - contain goals expressing that @{text R} is wellfounded, and that the
1.1212 - arguments of recursive calls decrease with respect to @{text R}.
1.1213 - Usually, this method is used as the initial proof step of manual
1.1214 - termination proofs.
1.1215 -
1.1216 - \item @{method (HOL) "lexicographic_order"} attempts a fully
1.1217 - automated termination proof by searching for a lexicographic
1.1218 - combination of size measures on the arguments of the function. The
1.1219 - method accepts the same arguments as the @{method auto} method,
1.1220 - which it uses internally to prove local descents. The same context
1.1221 - modifiers as for @{method auto} are accepted, see
1.1222 - \secref{sec:clasimp}.
1.1223 -
1.1224 - In case of failure, extensive information is printed, which can help
1.1225 - to analyse the situation (cf.\ \cite{isabelle-function}).
1.1226 -
1.1227 - \item @{method (HOL) "size_change"} also works on termination goals,
1.1228 - using a variation of the size-change principle, together with a
1.1229 - graph decomposition technique (see \cite{krauss_phd} for details).
1.1230 - Three kinds of orders are used internally: @{text max}, @{text min},
1.1231 - and @{text ms} (multiset), which is only available when the theory
1.1232 - @{text Multiset} is loaded. When no order kinds are given, they are
1.1233 - tried in order. The search for a termination proof uses SAT solving
1.1234 - internally.
1.1235 -
1.1236 - For local descent proofs, the same context modifiers as for @{method
1.1237 - auto} are accepted, see \secref{sec:clasimp}.
1.1238 -
1.1239 - \end{description}
1.1240 -*}
1.1241 -
1.1242 -subsection {* Functions with explicit partiality *}
1.1243 -
1.1244 -text {*
1.1245 - \begin{matharray}{rcl}
1.1246 - @{command_def (HOL) "partial_function"} & : & @{text "local_theory \<rightarrow> local_theory"} \\
1.1247 - @{attribute_def (HOL) "partial_function_mono"} & : & @{text attribute} \\
1.1248 - \end{matharray}
1.1249 -
1.1250 - @{rail "
1.1251 - @@{command (HOL) partial_function} @{syntax target}?
1.1252 - '(' @{syntax nameref} ')' @{syntax \"fixes\"} \\
1.1253 - @'where' @{syntax thmdecl}? @{syntax prop}
1.1254 - "}
1.1255 -
1.1256 - \begin{description}
1.1257 -
1.1258 - \item @{command (HOL) "partial_function"}~@{text "(mode)"} defines
1.1259 - recursive functions based on fixpoints in complete partial
1.1260 - orders. No termination proof is required from the user or
1.1261 - constructed internally. Instead, the possibility of non-termination
1.1262 - is modelled explicitly in the result type, which contains an
1.1263 - explicit bottom element.
1.1264 -
1.1265 - Pattern matching and mutual recursion are currently not supported.
1.1266 - Thus, the specification consists of a single function described by a
1.1267 - single recursive equation.
1.1268 -
1.1269 - There are no fixed syntactic restrictions on the body of the
1.1270 - function, but the induced functional must be provably monotonic
1.1271 - wrt.\ the underlying order. The monotonicitity proof is performed
1.1272 - internally, and the definition is rejected when it fails. The proof
1.1273 - can be influenced by declaring hints using the
1.1274 - @{attribute (HOL) partial_function_mono} attribute.
1.1275 -
1.1276 - The mandatory @{text mode} argument specifies the mode of operation
1.1277 - of the command, which directly corresponds to a complete partial
1.1278 - order on the result type. By default, the following modes are
1.1279 - defined:
1.1280 -
1.1281 - \begin{description}
1.1282 - \item @{text option} defines functions that map into the @{type
1.1283 - option} type. Here, the value @{term None} is used to model a
1.1284 - non-terminating computation. Monotonicity requires that if @{term
1.1285 - None} is returned by a recursive call, then the overall result
1.1286 - must also be @{term None}. This is best achieved through the use of
1.1287 - the monadic operator @{const "Option.bind"}.
1.1288 -
1.1289 - \item @{text tailrec} defines functions with an arbitrary result
1.1290 - type and uses the slightly degenerated partial order where @{term
1.1291 - "undefined"} is the bottom element. Now, monotonicity requires that
1.1292 - if @{term undefined} is returned by a recursive call, then the
1.1293 - overall result must also be @{term undefined}. In practice, this is
1.1294 - only satisfied when each recursive call is a tail call, whose result
1.1295 - is directly returned. Thus, this mode of operation allows the
1.1296 - definition of arbitrary tail-recursive functions.
1.1297 - \end{description}
1.1298 -
1.1299 - Experienced users may define new modes by instantiating the locale
1.1300 - @{const "partial_function_definitions"} appropriately.
1.1301 -
1.1302 - \item @{attribute (HOL) partial_function_mono} declares rules for
1.1303 - use in the internal monononicity proofs of partial function
1.1304 - definitions.
1.1305 -
1.1306 - \end{description}
1.1307 -
1.1308 -*}
1.1309 -
1.1310 -subsection {* Old-style recursive function definitions (TFL) *}
1.1311 -
1.1312 -text {*
1.1313 - The old TFL commands @{command (HOL) "recdef"} and @{command (HOL)
1.1314 - "recdef_tc"} for defining recursive are mostly obsolete; @{command
1.1315 - (HOL) "function"} or @{command (HOL) "fun"} should be used instead.
1.1316 -
1.1317 - \begin{matharray}{rcl}
1.1318 - @{command_def (HOL) "recdef"} & : & @{text "theory \<rightarrow> theory)"} \\
1.1319 - @{command_def (HOL) "recdef_tc"}@{text "\<^sup>*"} & : & @{text "theory \<rightarrow> proof(prove)"} \\
1.1320 - \end{matharray}
1.1321 -
1.1322 - @{rail "
1.1323 - @@{command (HOL) recdef} ('(' @'permissive' ')')? \\
1.1324 - @{syntax name} @{syntax term} (@{syntax prop} +) hints?
1.1325 - ;
1.1326 - recdeftc @{syntax thmdecl}? tc
1.1327 - ;
1.1328 - hints: '(' @'hints' ( recdefmod * ) ')'
1.1329 - ;
1.1330 - recdefmod: (('recdef_simp' | 'recdef_cong' | 'recdef_wf')
1.1331 - (() | 'add' | 'del') ':' @{syntax thmrefs}) | @{syntax clasimpmod}
1.1332 - ;
1.1333 - tc: @{syntax nameref} ('(' @{syntax nat} ')')?
1.1334 - "}
1.1335 -
1.1336 - \begin{description}
1.1337 -
1.1338 - \item @{command (HOL) "recdef"} defines general well-founded
1.1339 - recursive functions (using the TFL package), see also
1.1340 - \cite{isabelle-HOL}. The ``@{text "(permissive)"}'' option tells
1.1341 - TFL to recover from failed proof attempts, returning unfinished
1.1342 - results. The @{text recdef_simp}, @{text recdef_cong}, and @{text
1.1343 - recdef_wf} hints refer to auxiliary rules to be used in the internal
1.1344 - automated proof process of TFL. Additional @{syntax clasimpmod}
1.1345 - declarations (cf.\ \secref{sec:clasimp}) may be given to tune the
1.1346 - context of the Simplifier (cf.\ \secref{sec:simplifier}) and
1.1347 - Classical reasoner (cf.\ \secref{sec:classical}).
1.1348 -
1.1349 - \item @{command (HOL) "recdef_tc"}~@{text "c (i)"} recommences the
1.1350 - proof for leftover termination condition number @{text i} (default
1.1351 - 1) as generated by a @{command (HOL) "recdef"} definition of
1.1352 - constant @{text c}.
1.1353 -
1.1354 - Note that in most cases, @{command (HOL) "recdef"} is able to finish
1.1355 - its internal proofs without manual intervention.
1.1356 -
1.1357 - \end{description}
1.1358 -
1.1359 - \medskip Hints for @{command (HOL) "recdef"} may be also declared
1.1360 - globally, using the following attributes.
1.1361 -
1.1362 - \begin{matharray}{rcl}
1.1363 - @{attribute_def (HOL) recdef_simp} & : & @{text attribute} \\
1.1364 - @{attribute_def (HOL) recdef_cong} & : & @{text attribute} \\
1.1365 - @{attribute_def (HOL) recdef_wf} & : & @{text attribute} \\
1.1366 - \end{matharray}
1.1367 -
1.1368 - @{rail "
1.1369 - (@@{attribute (HOL) recdef_simp} | @@{attribute (HOL) recdef_cong} |
1.1370 - @@{attribute (HOL) recdef_wf}) (() | 'add' | 'del')
1.1371 - "}
1.1372 -*}
1.1373 -
1.1374 -
1.1375 -section {* Inductive and coinductive definitions \label{sec:hol-inductive} *}
1.1376 -
1.1377 -text {*
1.1378 - An \textbf{inductive definition} specifies the least predicate (or
1.1379 - set) @{text R} closed under given rules: applying a rule to elements
1.1380 - of @{text R} yields a result within @{text R}. For example, a
1.1381 - structural operational semantics is an inductive definition of an
1.1382 - evaluation relation.
1.1383 -
1.1384 - Dually, a \textbf{coinductive definition} specifies the greatest
1.1385 - predicate~/ set @{text R} that is consistent with given rules: every
1.1386 - element of @{text R} can be seen as arising by applying a rule to
1.1387 - elements of @{text R}. An important example is using bisimulation
1.1388 - relations to formalise equivalence of processes and infinite data
1.1389 - structures.
1.1390 -
1.1391 - \medskip The HOL package is related to the ZF one, which is
1.1392 - described in a separate paper,\footnote{It appeared in CADE
1.1393 - \cite{paulson-CADE}; a longer version is distributed with Isabelle.}
1.1394 - which you should refer to in case of difficulties. The package is
1.1395 - simpler than that of ZF thanks to implicit type-checking in HOL.
1.1396 - The types of the (co)inductive predicates (or sets) determine the
1.1397 - domain of the fixedpoint definition, and the package does not have
1.1398 - to use inference rules for type-checking.
1.1399 -
1.1400 - \begin{matharray}{rcl}
1.1401 - @{command_def (HOL) "inductive"} & : & @{text "local_theory \<rightarrow> local_theory"} \\
1.1402 - @{command_def (HOL) "inductive_set"} & : & @{text "local_theory \<rightarrow> local_theory"} \\
1.1403 - @{command_def (HOL) "coinductive"} & : & @{text "local_theory \<rightarrow> local_theory"} \\
1.1404 - @{command_def (HOL) "coinductive_set"} & : & @{text "local_theory \<rightarrow> local_theory"} \\
1.1405 - @{attribute_def (HOL) mono} & : & @{text attribute} \\
1.1406 - \end{matharray}
1.1407 -
1.1408 - @{rail "
1.1409 - (@@{command (HOL) inductive} | @@{command (HOL) inductive_set} |
1.1410 - @@{command (HOL) coinductive} | @@{command (HOL) coinductive_set})
1.1411 - @{syntax target}? @{syntax \"fixes\"} (@'for' @{syntax \"fixes\"})? \\
1.1412 - (@'where' clauses)? (@'monos' @{syntax thmrefs})?
1.1413 - ;
1.1414 - clauses: (@{syntax thmdecl}? @{syntax prop} + '|')
1.1415 - ;
1.1416 - @@{attribute (HOL) mono} (() | 'add' | 'del')
1.1417 - "}
1.1418 -
1.1419 - \begin{description}
1.1420 -
1.1421 - \item @{command (HOL) "inductive"} and @{command (HOL)
1.1422 - "coinductive"} define (co)inductive predicates from the
1.1423 - introduction rules given in the @{keyword "where"} part. The
1.1424 - optional @{keyword "for"} part contains a list of parameters of the
1.1425 - (co)inductive predicates that remain fixed throughout the
1.1426 - definition. The optional @{keyword "monos"} section contains
1.1427 - \emph{monotonicity theorems}, which are required for each operator
1.1428 - applied to a recursive set in the introduction rules. There
1.1429 - \emph{must} be a theorem of the form @{text "A \<le> B \<Longrightarrow> M A \<le> M B"},
1.1430 - for each premise @{text "M R\<^sub>i t"} in an introduction rule!
1.1431 -
1.1432 - \item @{command (HOL) "inductive_set"} and @{command (HOL)
1.1433 - "coinductive_set"} are wrappers for to the previous commands,
1.1434 - allowing the definition of (co)inductive sets.
1.1435 -
1.1436 - \item @{attribute (HOL) mono} declares monotonicity rules. These
1.1437 - rule are involved in the automated monotonicity proof of @{command
1.1438 - (HOL) "inductive"}.
1.1439 -
1.1440 - \end{description}
1.1441 -*}
1.1442 -
1.1443 -
1.1444 -subsection {* Derived rules *}
1.1445 -
1.1446 -text {*
1.1447 - Each (co)inductive definition @{text R} adds definitions to the
1.1448 - theory and also proves some theorems:
1.1449 -
1.1450 - \begin{description}
1.1451 -
1.1452 - \item @{text R.intros} is the list of introduction rules as proven
1.1453 - theorems, for the recursive predicates (or sets). The rules are
1.1454 - also available individually, using the names given them in the
1.1455 - theory file;
1.1456 -
1.1457 - \item @{text R.cases} is the case analysis (or elimination) rule;
1.1458 -
1.1459 - \item @{text R.induct} or @{text R.coinduct} is the (co)induction
1.1460 - rule.
1.1461 -
1.1462 - \end{description}
1.1463 -
1.1464 - When several predicates @{text "R\<^sub>1, \<dots>, R\<^sub>n"} are
1.1465 - defined simultaneously, the list of introduction rules is called
1.1466 - @{text "R\<^sub>1_\<dots>_R\<^sub>n.intros"}, the case analysis rules are
1.1467 - called @{text "R\<^sub>1.cases, \<dots>, R\<^sub>n.cases"}, and the list
1.1468 - of mutual induction rules is called @{text
1.1469 - "R\<^sub>1_\<dots>_R\<^sub>n.inducts"}.
1.1470 -*}
1.1471 -
1.1472 -
1.1473 -subsection {* Monotonicity theorems *}
1.1474 -
1.1475 -text {*
1.1476 - Each theory contains a default set of theorems that are used in
1.1477 - monotonicity proofs. New rules can be added to this set via the
1.1478 - @{attribute (HOL) mono} attribute. The HOL theory @{text Inductive}
1.1479 - shows how this is done. In general, the following monotonicity
1.1480 - theorems may be added:
1.1481 -
1.1482 - \begin{itemize}
1.1483 -
1.1484 - \item Theorems of the form @{text "A \<le> B \<Longrightarrow> M A \<le> M B"}, for proving
1.1485 - monotonicity of inductive definitions whose introduction rules have
1.1486 - premises involving terms such as @{text "M R\<^sub>i t"}.
1.1487 -
1.1488 - \item Monotonicity theorems for logical operators, which are of the
1.1489 - general form @{text "(\<dots> \<longrightarrow> \<dots>) \<Longrightarrow> \<dots> (\<dots> \<longrightarrow> \<dots>) \<Longrightarrow> \<dots> \<longrightarrow> \<dots>"}. For example, in
1.1490 - the case of the operator @{text "\<or>"}, the corresponding theorem is
1.1491 - \[
1.1492 - \infer{@{text "P\<^sub>1 \<or> P\<^sub>2 \<longrightarrow> Q\<^sub>1 \<or> Q\<^sub>2"}}{@{text "P\<^sub>1 \<longrightarrow> Q\<^sub>1"} & @{text "P\<^sub>2 \<longrightarrow> Q\<^sub>2"}}
1.1493 - \]
1.1494 -
1.1495 - \item De Morgan style equations for reasoning about the ``polarity''
1.1496 - of expressions, e.g.
1.1497 - \[
1.1498 - @{prop "\<not> \<not> P \<longleftrightarrow> P"} \qquad\qquad
1.1499 - @{prop "\<not> (P \<and> Q) \<longleftrightarrow> \<not> P \<or> \<not> Q"}
1.1500 - \]
1.1501 -
1.1502 - \item Equations for reducing complex operators to more primitive
1.1503 - ones whose monotonicity can easily be proved, e.g.
1.1504 - \[
1.1505 - @{prop "(P \<longrightarrow> Q) \<longleftrightarrow> \<not> P \<or> Q"} \qquad\qquad
1.1506 - @{prop "Ball A P \<equiv> \<forall>x. x \<in> A \<longrightarrow> P x"}
1.1507 - \]
1.1508 -
1.1509 - \end{itemize}
1.1510 -
1.1511 - %FIXME: Example of an inductive definition
1.1512 -*}
1.1513 -
1.1514 -
1.1515 section {* Arithmetic proof support *}
1.1516
1.1517 text {*
2.1 --- a/doc-src/IsarRef/Thy/document/HOL_Specific.tex Wed May 25 22:12:46 2011 +0200
2.2 +++ b/doc-src/IsarRef/Thy/document/HOL_Specific.tex Wed May 25 22:21:38 2011 +0200
2.3 @@ -22,6 +22,1018 @@
2.4 }
2.5 \isamarkuptrue%
2.6 %
2.7 +\isamarkupsection{Inductive and coinductive definitions \label{sec:hol-inductive}%
2.8 +}
2.9 +\isamarkuptrue%
2.10 +%
2.11 +\begin{isamarkuptext}%
2.12 +An \textbf{inductive definition} specifies the least predicate (or
2.13 + set) \isa{R} closed under given rules: applying a rule to elements
2.14 + of \isa{R} yields a result within \isa{R}. For example, a
2.15 + structural operational semantics is an inductive definition of an
2.16 + evaluation relation.
2.17 +
2.18 + Dually, a \textbf{coinductive definition} specifies the greatest
2.19 + predicate~/ set \isa{R} that is consistent with given rules: every
2.20 + element of \isa{R} can be seen as arising by applying a rule to
2.21 + elements of \isa{R}. An important example is using bisimulation
2.22 + relations to formalise equivalence of processes and infinite data
2.23 + structures.
2.24 +
2.25 + \medskip The HOL package is related to the ZF one, which is
2.26 + described in a separate paper,\footnote{It appeared in CADE
2.27 + \cite{paulson-CADE}; a longer version is distributed with Isabelle.}
2.28 + which you should refer to in case of difficulties. The package is
2.29 + simpler than that of ZF thanks to implicit type-checking in HOL.
2.30 + The types of the (co)inductive predicates (or sets) determine the
2.31 + domain of the fixedpoint definition, and the package does not have
2.32 + to use inference rules for type-checking.
2.33 +
2.34 + \begin{matharray}{rcl}
2.35 + \indexdef{HOL}{command}{inductive}\hypertarget{command.HOL.inductive}{\hyperlink{command.HOL.inductive}{\mbox{\isa{\isacommand{inductive}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}local{\isaliteral{5F}{\isacharunderscore}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ local{\isaliteral{5F}{\isacharunderscore}}theory{\isaliteral{22}{\isachardoublequote}}} \\
2.36 + \indexdef{HOL}{command}{inductive\_set}\hypertarget{command.HOL.inductive-set}{\hyperlink{command.HOL.inductive-set}{\mbox{\isa{\isacommand{inductive{\isaliteral{5F}{\isacharunderscore}}set}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}local{\isaliteral{5F}{\isacharunderscore}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ local{\isaliteral{5F}{\isacharunderscore}}theory{\isaliteral{22}{\isachardoublequote}}} \\
2.37 + \indexdef{HOL}{command}{coinductive}\hypertarget{command.HOL.coinductive}{\hyperlink{command.HOL.coinductive}{\mbox{\isa{\isacommand{coinductive}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}local{\isaliteral{5F}{\isacharunderscore}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ local{\isaliteral{5F}{\isacharunderscore}}theory{\isaliteral{22}{\isachardoublequote}}} \\
2.38 + \indexdef{HOL}{command}{coinductive\_set}\hypertarget{command.HOL.coinductive-set}{\hyperlink{command.HOL.coinductive-set}{\mbox{\isa{\isacommand{coinductive{\isaliteral{5F}{\isacharunderscore}}set}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}local{\isaliteral{5F}{\isacharunderscore}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ local{\isaliteral{5F}{\isacharunderscore}}theory{\isaliteral{22}{\isachardoublequote}}} \\
2.39 + \indexdef{HOL}{attribute}{mono}\hypertarget{attribute.HOL.mono}{\hyperlink{attribute.HOL.mono}{\mbox{\isa{mono}}}} & : & \isa{attribute} \\
2.40 + \end{matharray}
2.41 +
2.42 + \begin{railoutput}
2.43 +\rail@begin{7}{}
2.44 +\rail@bar
2.45 +\rail@term{\hyperlink{command.HOL.inductive}{\mbox{\isa{\isacommand{inductive}}}}}[]
2.46 +\rail@nextbar{1}
2.47 +\rail@term{\hyperlink{command.HOL.inductive-set}{\mbox{\isa{\isacommand{inductive{\isaliteral{5F}{\isacharunderscore}}set}}}}}[]
2.48 +\rail@nextbar{2}
2.49 +\rail@term{\hyperlink{command.HOL.coinductive}{\mbox{\isa{\isacommand{coinductive}}}}}[]
2.50 +\rail@nextbar{3}
2.51 +\rail@term{\hyperlink{command.HOL.coinductive-set}{\mbox{\isa{\isacommand{coinductive{\isaliteral{5F}{\isacharunderscore}}set}}}}}[]
2.52 +\rail@endbar
2.53 +\rail@bar
2.54 +\rail@nextbar{1}
2.55 +\rail@nont{\hyperlink{syntax.target}{\mbox{\isa{target}}}}[]
2.56 +\rail@endbar
2.57 +\rail@nont{\hyperlink{syntax.fixes}{\mbox{\isa{fixes}}}}[]
2.58 +\rail@bar
2.59 +\rail@nextbar{1}
2.60 +\rail@term{\isa{\isakeyword{for}}}[]
2.61 +\rail@nont{\hyperlink{syntax.fixes}{\mbox{\isa{fixes}}}}[]
2.62 +\rail@endbar
2.63 +\rail@cr{5}
2.64 +\rail@bar
2.65 +\rail@nextbar{6}
2.66 +\rail@term{\isa{\isakeyword{where}}}[]
2.67 +\rail@nont{\isa{clauses}}[]
2.68 +\rail@endbar
2.69 +\rail@bar
2.70 +\rail@nextbar{6}
2.71 +\rail@term{\isa{\isakeyword{monos}}}[]
2.72 +\rail@nont{\hyperlink{syntax.thmrefs}{\mbox{\isa{thmrefs}}}}[]
2.73 +\rail@endbar
2.74 +\rail@end
2.75 +\rail@begin{3}{\isa{clauses}}
2.76 +\rail@plus
2.77 +\rail@bar
2.78 +\rail@nextbar{1}
2.79 +\rail@nont{\hyperlink{syntax.thmdecl}{\mbox{\isa{thmdecl}}}}[]
2.80 +\rail@endbar
2.81 +\rail@nont{\hyperlink{syntax.prop}{\mbox{\isa{prop}}}}[]
2.82 +\rail@nextplus{2}
2.83 +\rail@cterm{\isa{{\isaliteral{7C}{\isacharbar}}}}[]
2.84 +\rail@endplus
2.85 +\rail@end
2.86 +\rail@begin{3}{}
2.87 +\rail@term{\hyperlink{attribute.HOL.mono}{\mbox{\isa{mono}}}}[]
2.88 +\rail@bar
2.89 +\rail@nextbar{1}
2.90 +\rail@term{\isa{add}}[]
2.91 +\rail@nextbar{2}
2.92 +\rail@term{\isa{del}}[]
2.93 +\rail@endbar
2.94 +\rail@end
2.95 +\end{railoutput}
2.96 +
2.97 +
2.98 + \begin{description}
2.99 +
2.100 + \item \hyperlink{command.HOL.inductive}{\mbox{\isa{\isacommand{inductive}}}} and \hyperlink{command.HOL.coinductive}{\mbox{\isa{\isacommand{coinductive}}}} define (co)inductive predicates from the
2.101 + introduction rules given in the \hyperlink{keyword.where}{\mbox{\isa{\isakeyword{where}}}} part. The
2.102 + optional \hyperlink{keyword.for}{\mbox{\isa{\isakeyword{for}}}} part contains a list of parameters of the
2.103 + (co)inductive predicates that remain fixed throughout the
2.104 + definition. The optional \hyperlink{keyword.monos}{\mbox{\isa{\isakeyword{monos}}}} section contains
2.105 + \emph{monotonicity theorems}, which are required for each operator
2.106 + applied to a recursive set in the introduction rules. There
2.107 + \emph{must} be a theorem of the form \isa{{\isaliteral{22}{\isachardoublequote}}A\ {\isaliteral{5C3C6C653E}{\isasymle}}\ B\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ M\ A\ {\isaliteral{5C3C6C653E}{\isasymle}}\ M\ B{\isaliteral{22}{\isachardoublequote}}},
2.108 + for each premise \isa{{\isaliteral{22}{\isachardoublequote}}M\ R\isaliteral{5C3C5E7375623E}{}\isactrlsub i\ t{\isaliteral{22}{\isachardoublequote}}} in an introduction rule!
2.109 +
2.110 + \item \hyperlink{command.HOL.inductive-set}{\mbox{\isa{\isacommand{inductive{\isaliteral{5F}{\isacharunderscore}}set}}}} and \hyperlink{command.HOL.coinductive-set}{\mbox{\isa{\isacommand{coinductive{\isaliteral{5F}{\isacharunderscore}}set}}}} are wrappers for to the previous commands,
2.111 + allowing the definition of (co)inductive sets.
2.112 +
2.113 + \item \hyperlink{attribute.HOL.mono}{\mbox{\isa{mono}}} declares monotonicity rules. These
2.114 + rule are involved in the automated monotonicity proof of \hyperlink{command.HOL.inductive}{\mbox{\isa{\isacommand{inductive}}}}.
2.115 +
2.116 + \end{description}%
2.117 +\end{isamarkuptext}%
2.118 +\isamarkuptrue%
2.119 +%
2.120 +\isamarkupsubsection{Derived rules%
2.121 +}
2.122 +\isamarkuptrue%
2.123 +%
2.124 +\begin{isamarkuptext}%
2.125 +Each (co)inductive definition \isa{R} adds definitions to the
2.126 + theory and also proves some theorems:
2.127 +
2.128 + \begin{description}
2.129 +
2.130 + \item \isa{R{\isaliteral{2E}{\isachardot}}intros} is the list of introduction rules as proven
2.131 + theorems, for the recursive predicates (or sets). The rules are
2.132 + also available individually, using the names given them in the
2.133 + theory file;
2.134 +
2.135 + \item \isa{R{\isaliteral{2E}{\isachardot}}cases} is the case analysis (or elimination) rule;
2.136 +
2.137 + \item \isa{R{\isaliteral{2E}{\isachardot}}induct} or \isa{R{\isaliteral{2E}{\isachardot}}coinduct} is the (co)induction
2.138 + rule.
2.139 +
2.140 + \end{description}
2.141 +
2.142 + When several predicates \isa{{\isaliteral{22}{\isachardoublequote}}R\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}\ R\isaliteral{5C3C5E7375623E}{}\isactrlsub n{\isaliteral{22}{\isachardoublequote}}} are
2.143 + defined simultaneously, the list of introduction rules is called
2.144 + \isa{{\isaliteral{22}{\isachardoublequote}}R\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{5F}{\isacharunderscore}}{\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{5F}{\isacharunderscore}}R\isaliteral{5C3C5E7375623E}{}\isactrlsub n{\isaliteral{2E}{\isachardot}}intros{\isaliteral{22}{\isachardoublequote}}}, the case analysis rules are
2.145 + called \isa{{\isaliteral{22}{\isachardoublequote}}R\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{2E}{\isachardot}}cases{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}\ R\isaliteral{5C3C5E7375623E}{}\isactrlsub n{\isaliteral{2E}{\isachardot}}cases{\isaliteral{22}{\isachardoublequote}}}, and the list
2.146 + of mutual induction rules is called \isa{{\isaliteral{22}{\isachardoublequote}}R\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{5F}{\isacharunderscore}}{\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{5F}{\isacharunderscore}}R\isaliteral{5C3C5E7375623E}{}\isactrlsub n{\isaliteral{2E}{\isachardot}}inducts{\isaliteral{22}{\isachardoublequote}}}.%
2.147 +\end{isamarkuptext}%
2.148 +\isamarkuptrue%
2.149 +%
2.150 +\isamarkupsubsection{Monotonicity theorems%
2.151 +}
2.152 +\isamarkuptrue%
2.153 +%
2.154 +\begin{isamarkuptext}%
2.155 +Each theory contains a default set of theorems that are used in
2.156 + monotonicity proofs. New rules can be added to this set via the
2.157 + \hyperlink{attribute.HOL.mono}{\mbox{\isa{mono}}} attribute. The HOL theory \isa{Inductive}
2.158 + shows how this is done. In general, the following monotonicity
2.159 + theorems may be added:
2.160 +
2.161 + \begin{itemize}
2.162 +
2.163 + \item Theorems of the form \isa{{\isaliteral{22}{\isachardoublequote}}A\ {\isaliteral{5C3C6C653E}{\isasymle}}\ B\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ M\ A\ {\isaliteral{5C3C6C653E}{\isasymle}}\ M\ B{\isaliteral{22}{\isachardoublequote}}}, for proving
2.164 + monotonicity of inductive definitions whose introduction rules have
2.165 + premises involving terms such as \isa{{\isaliteral{22}{\isachardoublequote}}M\ R\isaliteral{5C3C5E7375623E}{}\isactrlsub i\ t{\isaliteral{22}{\isachardoublequote}}}.
2.166 +
2.167 + \item Monotonicity theorems for logical operators, which are of the
2.168 + general form \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{5C3C6C6F6E6772696768746172726F773E}{\isasymlongrightarrow}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{28}{\isacharparenleft}}{\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{5C3C6C6F6E6772696768746172726F773E}{\isasymlongrightarrow}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{5C3C6C6F6E6772696768746172726F773E}{\isasymlongrightarrow}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{22}{\isachardoublequote}}}. For example, in
2.169 + the case of the operator \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6F723E}{\isasymor}}{\isaliteral{22}{\isachardoublequote}}}, the corresponding theorem is
2.170 + \[
2.171 + \infer{\isa{{\isaliteral{22}{\isachardoublequote}}P\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}\ {\isaliteral{5C3C6F723E}{\isasymor}}\ P\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{2}}\ {\isaliteral{5C3C6C6F6E6772696768746172726F773E}{\isasymlongrightarrow}}\ Q\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}\ {\isaliteral{5C3C6F723E}{\isasymor}}\ Q\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{2}}{\isaliteral{22}{\isachardoublequote}}}}{\isa{{\isaliteral{22}{\isachardoublequote}}P\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}\ {\isaliteral{5C3C6C6F6E6772696768746172726F773E}{\isasymlongrightarrow}}\ Q\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}P\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{2}}\ {\isaliteral{5C3C6C6F6E6772696768746172726F773E}{\isasymlongrightarrow}}\ Q\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{2}}{\isaliteral{22}{\isachardoublequote}}}}
2.172 + \]
2.173 +
2.174 + \item De Morgan style equations for reasoning about the ``polarity''
2.175 + of expressions, e.g.
2.176 + \[
2.177 + \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6E6F743E}{\isasymnot}}\ {\isaliteral{5C3C6E6F743E}{\isasymnot}}\ P\ {\isaliteral{5C3C6C6F6E676C65667472696768746172726F773E}{\isasymlongleftrightarrow}}\ P{\isaliteral{22}{\isachardoublequote}}} \qquad\qquad
2.178 + \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6E6F743E}{\isasymnot}}\ {\isaliteral{28}{\isacharparenleft}}P\ {\isaliteral{5C3C616E643E}{\isasymand}}\ Q{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C6C6F6E676C65667472696768746172726F773E}{\isasymlongleftrightarrow}}\ {\isaliteral{5C3C6E6F743E}{\isasymnot}}\ P\ {\isaliteral{5C3C6F723E}{\isasymor}}\ {\isaliteral{5C3C6E6F743E}{\isasymnot}}\ Q{\isaliteral{22}{\isachardoublequote}}}
2.179 + \]
2.180 +
2.181 + \item Equations for reducing complex operators to more primitive
2.182 + ones whose monotonicity can easily be proved, e.g.
2.183 + \[
2.184 + \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}P\ {\isaliteral{5C3C6C6F6E6772696768746172726F773E}{\isasymlongrightarrow}}\ Q{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C6C6F6E676C65667472696768746172726F773E}{\isasymlongleftrightarrow}}\ {\isaliteral{5C3C6E6F743E}{\isasymnot}}\ P\ {\isaliteral{5C3C6F723E}{\isasymor}}\ Q{\isaliteral{22}{\isachardoublequote}}} \qquad\qquad
2.185 + \isa{{\isaliteral{22}{\isachardoublequote}}Ball\ A\ P\ {\isaliteral{5C3C65717569763E}{\isasymequiv}}\ {\isaliteral{5C3C666F72616C6C3E}{\isasymforall}}x{\isaliteral{2E}{\isachardot}}\ x\ {\isaliteral{5C3C696E3E}{\isasymin}}\ A\ {\isaliteral{5C3C6C6F6E6772696768746172726F773E}{\isasymlongrightarrow}}\ P\ x{\isaliteral{22}{\isachardoublequote}}}
2.186 + \]
2.187 +
2.188 + \end{itemize}
2.189 +
2.190 + %FIXME: Example of an inductive definition%
2.191 +\end{isamarkuptext}%
2.192 +\isamarkuptrue%
2.193 +%
2.194 +\isamarkupsection{Recursive functions \label{sec:recursion}%
2.195 +}
2.196 +\isamarkuptrue%
2.197 +%
2.198 +\begin{isamarkuptext}%
2.199 +\begin{matharray}{rcl}
2.200 + \indexdef{HOL}{command}{primrec}\hypertarget{command.HOL.primrec}{\hyperlink{command.HOL.primrec}{\mbox{\isa{\isacommand{primrec}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}local{\isaliteral{5F}{\isacharunderscore}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ local{\isaliteral{5F}{\isacharunderscore}}theory{\isaliteral{22}{\isachardoublequote}}} \\
2.201 + \indexdef{HOL}{command}{fun}\hypertarget{command.HOL.fun}{\hyperlink{command.HOL.fun}{\mbox{\isa{\isacommand{fun}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}local{\isaliteral{5F}{\isacharunderscore}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ local{\isaliteral{5F}{\isacharunderscore}}theory{\isaliteral{22}{\isachardoublequote}}} \\
2.202 + \indexdef{HOL}{command}{function}\hypertarget{command.HOL.function}{\hyperlink{command.HOL.function}{\mbox{\isa{\isacommand{function}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}local{\isaliteral{5F}{\isacharunderscore}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ proof{\isaliteral{28}{\isacharparenleft}}prove{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}} \\
2.203 + \indexdef{HOL}{command}{termination}\hypertarget{command.HOL.termination}{\hyperlink{command.HOL.termination}{\mbox{\isa{\isacommand{termination}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}local{\isaliteral{5F}{\isacharunderscore}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ proof{\isaliteral{28}{\isacharparenleft}}prove{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}} \\
2.204 + \end{matharray}
2.205 +
2.206 + \begin{railoutput}
2.207 +\rail@begin{2}{}
2.208 +\rail@term{\hyperlink{command.HOL.primrec}{\mbox{\isa{\isacommand{primrec}}}}}[]
2.209 +\rail@bar
2.210 +\rail@nextbar{1}
2.211 +\rail@nont{\hyperlink{syntax.target}{\mbox{\isa{target}}}}[]
2.212 +\rail@endbar
2.213 +\rail@nont{\hyperlink{syntax.fixes}{\mbox{\isa{fixes}}}}[]
2.214 +\rail@term{\isa{\isakeyword{where}}}[]
2.215 +\rail@nont{\isa{equations}}[]
2.216 +\rail@end
2.217 +\rail@begin{4}{}
2.218 +\rail@bar
2.219 +\rail@term{\hyperlink{command.HOL.fun}{\mbox{\isa{\isacommand{fun}}}}}[]
2.220 +\rail@nextbar{1}
2.221 +\rail@term{\hyperlink{command.HOL.function}{\mbox{\isa{\isacommand{function}}}}}[]
2.222 +\rail@endbar
2.223 +\rail@bar
2.224 +\rail@nextbar{1}
2.225 +\rail@nont{\hyperlink{syntax.target}{\mbox{\isa{target}}}}[]
2.226 +\rail@endbar
2.227 +\rail@bar
2.228 +\rail@nextbar{1}
2.229 +\rail@nont{\isa{functionopts}}[]
2.230 +\rail@endbar
2.231 +\rail@nont{\hyperlink{syntax.fixes}{\mbox{\isa{fixes}}}}[]
2.232 +\rail@cr{3}
2.233 +\rail@term{\isa{\isakeyword{where}}}[]
2.234 +\rail@nont{\isa{equations}}[]
2.235 +\rail@end
2.236 +\rail@begin{3}{\isa{equations}}
2.237 +\rail@plus
2.238 +\rail@bar
2.239 +\rail@nextbar{1}
2.240 +\rail@nont{\hyperlink{syntax.thmdecl}{\mbox{\isa{thmdecl}}}}[]
2.241 +\rail@endbar
2.242 +\rail@nont{\hyperlink{syntax.prop}{\mbox{\isa{prop}}}}[]
2.243 +\rail@nextplus{2}
2.244 +\rail@cterm{\isa{{\isaliteral{7C}{\isacharbar}}}}[]
2.245 +\rail@endplus
2.246 +\rail@end
2.247 +\rail@begin{3}{\isa{functionopts}}
2.248 +\rail@term{\isa{{\isaliteral{28}{\isacharparenleft}}}}[]
2.249 +\rail@plus
2.250 +\rail@bar
2.251 +\rail@term{\isa{sequential}}[]
2.252 +\rail@nextbar{1}
2.253 +\rail@term{\isa{domintros}}[]
2.254 +\rail@endbar
2.255 +\rail@nextplus{2}
2.256 +\rail@cterm{\isa{{\isaliteral{2C}{\isacharcomma}}}}[]
2.257 +\rail@endplus
2.258 +\rail@term{\isa{{\isaliteral{29}{\isacharparenright}}}}[]
2.259 +\rail@end
2.260 +\rail@begin{2}{}
2.261 +\rail@term{\hyperlink{command.HOL.termination}{\mbox{\isa{\isacommand{termination}}}}}[]
2.262 +\rail@bar
2.263 +\rail@nextbar{1}
2.264 +\rail@nont{\hyperlink{syntax.term}{\mbox{\isa{term}}}}[]
2.265 +\rail@endbar
2.266 +\rail@end
2.267 +\end{railoutput}
2.268 +
2.269 +
2.270 + \begin{description}
2.271 +
2.272 + \item \hyperlink{command.HOL.primrec}{\mbox{\isa{\isacommand{primrec}}}} defines primitive recursive
2.273 + functions over datatypes, see also \cite{isabelle-HOL}.
2.274 +
2.275 + \item \hyperlink{command.HOL.function}{\mbox{\isa{\isacommand{function}}}} defines functions by general
2.276 + wellfounded recursion. A detailed description with examples can be
2.277 + found in \cite{isabelle-function}. The function is specified by a
2.278 + set of (possibly conditional) recursive equations with arbitrary
2.279 + pattern matching. The command generates proof obligations for the
2.280 + completeness and the compatibility of patterns.
2.281 +
2.282 + The defined function is considered partial, and the resulting
2.283 + simplification rules (named \isa{{\isaliteral{22}{\isachardoublequote}}f{\isaliteral{2E}{\isachardot}}psimps{\isaliteral{22}{\isachardoublequote}}}) and induction rule
2.284 + (named \isa{{\isaliteral{22}{\isachardoublequote}}f{\isaliteral{2E}{\isachardot}}pinduct{\isaliteral{22}{\isachardoublequote}}}) are guarded by a generated domain
2.285 + predicate \isa{{\isaliteral{22}{\isachardoublequote}}f{\isaliteral{5F}{\isacharunderscore}}dom{\isaliteral{22}{\isachardoublequote}}}. The \hyperlink{command.HOL.termination}{\mbox{\isa{\isacommand{termination}}}}
2.286 + command can then be used to establish that the function is total.
2.287 +
2.288 + \item \hyperlink{command.HOL.fun}{\mbox{\isa{\isacommand{fun}}}} is a shorthand notation for ``\hyperlink{command.HOL.function}{\mbox{\isa{\isacommand{function}}}}~\isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}sequential{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}}, followed by automated
2.289 + proof attempts regarding pattern matching and termination. See
2.290 + \cite{isabelle-function} for further details.
2.291 +
2.292 + \item \hyperlink{command.HOL.termination}{\mbox{\isa{\isacommand{termination}}}}~\isa{f} commences a
2.293 + termination proof for the previously defined function \isa{f}. If
2.294 + this is omitted, the command refers to the most recent function
2.295 + definition. After the proof is closed, the recursive equations and
2.296 + the induction principle is established.
2.297 +
2.298 + \end{description}
2.299 +
2.300 + Recursive definitions introduced by the \hyperlink{command.HOL.function}{\mbox{\isa{\isacommand{function}}}}
2.301 + command accommodate
2.302 + reasoning by induction (cf.\ \secref{sec:cases-induct}): rule \isa{{\isaliteral{22}{\isachardoublequote}}c{\isaliteral{2E}{\isachardot}}induct{\isaliteral{22}{\isachardoublequote}}} (where \isa{c} is the name of the function definition)
2.303 + refers to a specific induction rule, with parameters named according
2.304 + to the user-specified equations. Cases are numbered (starting from 1).
2.305 +
2.306 + For \hyperlink{command.HOL.primrec}{\mbox{\isa{\isacommand{primrec}}}}, the induction principle coincides
2.307 + with structural recursion on the datatype the recursion is carried
2.308 + out.
2.309 +
2.310 + The equations provided by these packages may be referred later as
2.311 + theorem list \isa{{\isaliteral{22}{\isachardoublequote}}f{\isaliteral{2E}{\isachardot}}simps{\isaliteral{22}{\isachardoublequote}}}, where \isa{f} is the (collective)
2.312 + name of the functions defined. Individual equations may be named
2.313 + explicitly as well.
2.314 +
2.315 + The \hyperlink{command.HOL.function}{\mbox{\isa{\isacommand{function}}}} command accepts the following
2.316 + options.
2.317 +
2.318 + \begin{description}
2.319 +
2.320 + \item \isa{sequential} enables a preprocessor which disambiguates
2.321 + overlapping patterns by making them mutually disjoint. Earlier
2.322 + equations take precedence over later ones. This allows to give the
2.323 + specification in a format very similar to functional programming.
2.324 + Note that the resulting simplification and induction rules
2.325 + correspond to the transformed specification, not the one given
2.326 + originally. This usually means that each equation given by the user
2.327 + may result in several theorems. Also note that this automatic
2.328 + transformation only works for ML-style datatype patterns.
2.329 +
2.330 + \item \isa{domintros} enables the automated generation of
2.331 + introduction rules for the domain predicate. While mostly not
2.332 + needed, they can be helpful in some proofs about partial functions.
2.333 +
2.334 + \end{description}%
2.335 +\end{isamarkuptext}%
2.336 +\isamarkuptrue%
2.337 +%
2.338 +\isamarkupsubsection{Proof methods related to recursive definitions%
2.339 +}
2.340 +\isamarkuptrue%
2.341 +%
2.342 +\begin{isamarkuptext}%
2.343 +\begin{matharray}{rcl}
2.344 + \indexdef{HOL}{method}{pat\_completeness}\hypertarget{method.HOL.pat-completeness}{\hyperlink{method.HOL.pat-completeness}{\mbox{\isa{pat{\isaliteral{5F}{\isacharunderscore}}completeness}}}} & : & \isa{method} \\
2.345 + \indexdef{HOL}{method}{relation}\hypertarget{method.HOL.relation}{\hyperlink{method.HOL.relation}{\mbox{\isa{relation}}}} & : & \isa{method} \\
2.346 + \indexdef{HOL}{method}{lexicographic\_order}\hypertarget{method.HOL.lexicographic-order}{\hyperlink{method.HOL.lexicographic-order}{\mbox{\isa{lexicographic{\isaliteral{5F}{\isacharunderscore}}order}}}} & : & \isa{method} \\
2.347 + \indexdef{HOL}{method}{size\_change}\hypertarget{method.HOL.size-change}{\hyperlink{method.HOL.size-change}{\mbox{\isa{size{\isaliteral{5F}{\isacharunderscore}}change}}}} & : & \isa{method} \\
2.348 + \end{matharray}
2.349 +
2.350 + \begin{railoutput}
2.351 +\rail@begin{1}{}
2.352 +\rail@term{\hyperlink{method.HOL.relation}{\mbox{\isa{relation}}}}[]
2.353 +\rail@nont{\hyperlink{syntax.term}{\mbox{\isa{term}}}}[]
2.354 +\rail@end
2.355 +\rail@begin{2}{}
2.356 +\rail@term{\hyperlink{method.HOL.lexicographic-order}{\mbox{\isa{lexicographic{\isaliteral{5F}{\isacharunderscore}}order}}}}[]
2.357 +\rail@plus
2.358 +\rail@nextplus{1}
2.359 +\rail@cnont{\hyperlink{syntax.clasimpmod}{\mbox{\isa{clasimpmod}}}}[]
2.360 +\rail@endplus
2.361 +\rail@end
2.362 +\rail@begin{2}{}
2.363 +\rail@term{\hyperlink{method.HOL.size-change}{\mbox{\isa{size{\isaliteral{5F}{\isacharunderscore}}change}}}}[]
2.364 +\rail@nont{\isa{orders}}[]
2.365 +\rail@plus
2.366 +\rail@nextplus{1}
2.367 +\rail@cnont{\hyperlink{syntax.clasimpmod}{\mbox{\isa{clasimpmod}}}}[]
2.368 +\rail@endplus
2.369 +\rail@end
2.370 +\rail@begin{4}{\isa{orders}}
2.371 +\rail@plus
2.372 +\rail@nextplus{1}
2.373 +\rail@bar
2.374 +\rail@term{\isa{max}}[]
2.375 +\rail@nextbar{2}
2.376 +\rail@term{\isa{min}}[]
2.377 +\rail@nextbar{3}
2.378 +\rail@term{\isa{ms}}[]
2.379 +\rail@endbar
2.380 +\rail@endplus
2.381 +\rail@end
2.382 +\end{railoutput}
2.383 +
2.384 +
2.385 + \begin{description}
2.386 +
2.387 + \item \hyperlink{method.HOL.pat-completeness}{\mbox{\isa{pat{\isaliteral{5F}{\isacharunderscore}}completeness}}} is a specialized method to
2.388 + solve goals regarding the completeness of pattern matching, as
2.389 + required by the \hyperlink{command.HOL.function}{\mbox{\isa{\isacommand{function}}}} package (cf.\
2.390 + \cite{isabelle-function}).
2.391 +
2.392 + \item \hyperlink{method.HOL.relation}{\mbox{\isa{relation}}}~\isa{R} introduces a termination
2.393 + proof using the relation \isa{R}. The resulting proof state will
2.394 + contain goals expressing that \isa{R} is wellfounded, and that the
2.395 + arguments of recursive calls decrease with respect to \isa{R}.
2.396 + Usually, this method is used as the initial proof step of manual
2.397 + termination proofs.
2.398 +
2.399 + \item \hyperlink{method.HOL.lexicographic-order}{\mbox{\isa{lexicographic{\isaliteral{5F}{\isacharunderscore}}order}}} attempts a fully
2.400 + automated termination proof by searching for a lexicographic
2.401 + combination of size measures on the arguments of the function. The
2.402 + method accepts the same arguments as the \hyperlink{method.auto}{\mbox{\isa{auto}}} method,
2.403 + which it uses internally to prove local descents. The same context
2.404 + modifiers as for \hyperlink{method.auto}{\mbox{\isa{auto}}} are accepted, see
2.405 + \secref{sec:clasimp}.
2.406 +
2.407 + In case of failure, extensive information is printed, which can help
2.408 + to analyse the situation (cf.\ \cite{isabelle-function}).
2.409 +
2.410 + \item \hyperlink{method.HOL.size-change}{\mbox{\isa{size{\isaliteral{5F}{\isacharunderscore}}change}}} also works on termination goals,
2.411 + using a variation of the size-change principle, together with a
2.412 + graph decomposition technique (see \cite{krauss_phd} for details).
2.413 + Three kinds of orders are used internally: \isa{max}, \isa{min},
2.414 + and \isa{ms} (multiset), which is only available when the theory
2.415 + \isa{Multiset} is loaded. When no order kinds are given, they are
2.416 + tried in order. The search for a termination proof uses SAT solving
2.417 + internally.
2.418 +
2.419 + For local descent proofs, the same context modifiers as for \hyperlink{method.auto}{\mbox{\isa{auto}}} are accepted, see \secref{sec:clasimp}.
2.420 +
2.421 + \end{description}%
2.422 +\end{isamarkuptext}%
2.423 +\isamarkuptrue%
2.424 +%
2.425 +\isamarkupsubsection{Functions with explicit partiality%
2.426 +}
2.427 +\isamarkuptrue%
2.428 +%
2.429 +\begin{isamarkuptext}%
2.430 +\begin{matharray}{rcl}
2.431 + \indexdef{HOL}{command}{partial\_function}\hypertarget{command.HOL.partial-function}{\hyperlink{command.HOL.partial-function}{\mbox{\isa{\isacommand{partial{\isaliteral{5F}{\isacharunderscore}}function}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}local{\isaliteral{5F}{\isacharunderscore}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ local{\isaliteral{5F}{\isacharunderscore}}theory{\isaliteral{22}{\isachardoublequote}}} \\
2.432 + \indexdef{HOL}{attribute}{partial\_function\_mono}\hypertarget{attribute.HOL.partial-function-mono}{\hyperlink{attribute.HOL.partial-function-mono}{\mbox{\isa{partial{\isaliteral{5F}{\isacharunderscore}}function{\isaliteral{5F}{\isacharunderscore}}mono}}}} & : & \isa{attribute} \\
2.433 + \end{matharray}
2.434 +
2.435 + \begin{railoutput}
2.436 +\rail@begin{5}{}
2.437 +\rail@term{\hyperlink{command.HOL.partial-function}{\mbox{\isa{\isacommand{partial{\isaliteral{5F}{\isacharunderscore}}function}}}}}[]
2.438 +\rail@bar
2.439 +\rail@nextbar{1}
2.440 +\rail@nont{\hyperlink{syntax.target}{\mbox{\isa{target}}}}[]
2.441 +\rail@endbar
2.442 +\rail@term{\isa{{\isaliteral{28}{\isacharparenleft}}}}[]
2.443 +\rail@nont{\hyperlink{syntax.nameref}{\mbox{\isa{nameref}}}}[]
2.444 +\rail@term{\isa{{\isaliteral{29}{\isacharparenright}}}}[]
2.445 +\rail@nont{\hyperlink{syntax.fixes}{\mbox{\isa{fixes}}}}[]
2.446 +\rail@cr{3}
2.447 +\rail@term{\isa{\isakeyword{where}}}[]
2.448 +\rail@bar
2.449 +\rail@nextbar{4}
2.450 +\rail@nont{\hyperlink{syntax.thmdecl}{\mbox{\isa{thmdecl}}}}[]
2.451 +\rail@endbar
2.452 +\rail@nont{\hyperlink{syntax.prop}{\mbox{\isa{prop}}}}[]
2.453 +\rail@end
2.454 +\end{railoutput}
2.455 +
2.456 +
2.457 + \begin{description}
2.458 +
2.459 + \item \hyperlink{command.HOL.partial-function}{\mbox{\isa{\isacommand{partial{\isaliteral{5F}{\isacharunderscore}}function}}}}~\isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}mode{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}} defines
2.460 + recursive functions based on fixpoints in complete partial
2.461 + orders. No termination proof is required from the user or
2.462 + constructed internally. Instead, the possibility of non-termination
2.463 + is modelled explicitly in the result type, which contains an
2.464 + explicit bottom element.
2.465 +
2.466 + Pattern matching and mutual recursion are currently not supported.
2.467 + Thus, the specification consists of a single function described by a
2.468 + single recursive equation.
2.469 +
2.470 + There are no fixed syntactic restrictions on the body of the
2.471 + function, but the induced functional must be provably monotonic
2.472 + wrt.\ the underlying order. The monotonicitity proof is performed
2.473 + internally, and the definition is rejected when it fails. The proof
2.474 + can be influenced by declaring hints using the
2.475 + \hyperlink{attribute.HOL.partial-function-mono}{\mbox{\isa{partial{\isaliteral{5F}{\isacharunderscore}}function{\isaliteral{5F}{\isacharunderscore}}mono}}} attribute.
2.476 +
2.477 + The mandatory \isa{mode} argument specifies the mode of operation
2.478 + of the command, which directly corresponds to a complete partial
2.479 + order on the result type. By default, the following modes are
2.480 + defined:
2.481 +
2.482 + \begin{description}
2.483 + \item \isa{option} defines functions that map into the \isa{option} type. Here, the value \isa{None} is used to model a
2.484 + non-terminating computation. Monotonicity requires that if \isa{None} is returned by a recursive call, then the overall result
2.485 + must also be \isa{None}. This is best achieved through the use of
2.486 + the monadic operator \isa{{\isaliteral{22}{\isachardoublequote}}Option{\isaliteral{2E}{\isachardot}}bind{\isaliteral{22}{\isachardoublequote}}}.
2.487 +
2.488 + \item \isa{tailrec} defines functions with an arbitrary result
2.489 + type and uses the slightly degenerated partial order where \isa{{\isaliteral{22}{\isachardoublequote}}undefined{\isaliteral{22}{\isachardoublequote}}} is the bottom element. Now, monotonicity requires that
2.490 + if \isa{undefined} is returned by a recursive call, then the
2.491 + overall result must also be \isa{undefined}. In practice, this is
2.492 + only satisfied when each recursive call is a tail call, whose result
2.493 + is directly returned. Thus, this mode of operation allows the
2.494 + definition of arbitrary tail-recursive functions.
2.495 + \end{description}
2.496 +
2.497 + Experienced users may define new modes by instantiating the locale
2.498 + \isa{{\isaliteral{22}{\isachardoublequote}}partial{\isaliteral{5F}{\isacharunderscore}}function{\isaliteral{5F}{\isacharunderscore}}definitions{\isaliteral{22}{\isachardoublequote}}} appropriately.
2.499 +
2.500 + \item \hyperlink{attribute.HOL.partial-function-mono}{\mbox{\isa{partial{\isaliteral{5F}{\isacharunderscore}}function{\isaliteral{5F}{\isacharunderscore}}mono}}} declares rules for
2.501 + use in the internal monononicity proofs of partial function
2.502 + definitions.
2.503 +
2.504 + \end{description}%
2.505 +\end{isamarkuptext}%
2.506 +\isamarkuptrue%
2.507 +%
2.508 +\isamarkupsubsection{Old-style recursive function definitions (TFL)%
2.509 +}
2.510 +\isamarkuptrue%
2.511 +%
2.512 +\begin{isamarkuptext}%
2.513 +The old TFL commands \hyperlink{command.HOL.recdef}{\mbox{\isa{\isacommand{recdef}}}} and \hyperlink{command.HOL.recdef-tc}{\mbox{\isa{\isacommand{recdef{\isaliteral{5F}{\isacharunderscore}}tc}}}} for defining recursive are mostly obsolete; \hyperlink{command.HOL.function}{\mbox{\isa{\isacommand{function}}}} or \hyperlink{command.HOL.fun}{\mbox{\isa{\isacommand{fun}}}} should be used instead.
2.514 +
2.515 + \begin{matharray}{rcl}
2.516 + \indexdef{HOL}{command}{recdef}\hypertarget{command.HOL.recdef}{\hyperlink{command.HOL.recdef}{\mbox{\isa{\isacommand{recdef}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ theory{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}} \\
2.517 + \indexdef{HOL}{command}{recdef\_tc}\hypertarget{command.HOL.recdef-tc}{\hyperlink{command.HOL.recdef-tc}{\mbox{\isa{\isacommand{recdef{\isaliteral{5F}{\isacharunderscore}}tc}}}}}\isa{{\isaliteral{22}{\isachardoublequote}}\isaliteral{5C3C5E7375703E}{}\isactrlsup {\isaliteral{2A}{\isacharasterisk}}{\isaliteral{22}{\isachardoublequote}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ proof{\isaliteral{28}{\isacharparenleft}}prove{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}} \\
2.518 + \end{matharray}
2.519 +
2.520 + \begin{railoutput}
2.521 +\rail@begin{5}{}
2.522 +\rail@term{\hyperlink{command.HOL.recdef}{\mbox{\isa{\isacommand{recdef}}}}}[]
2.523 +\rail@bar
2.524 +\rail@nextbar{1}
2.525 +\rail@term{\isa{{\isaliteral{28}{\isacharparenleft}}}}[]
2.526 +\rail@term{\isa{\isakeyword{permissive}}}[]
2.527 +\rail@term{\isa{{\isaliteral{29}{\isacharparenright}}}}[]
2.528 +\rail@endbar
2.529 +\rail@cr{3}
2.530 +\rail@nont{\hyperlink{syntax.name}{\mbox{\isa{name}}}}[]
2.531 +\rail@nont{\hyperlink{syntax.term}{\mbox{\isa{term}}}}[]
2.532 +\rail@plus
2.533 +\rail@nont{\hyperlink{syntax.prop}{\mbox{\isa{prop}}}}[]
2.534 +\rail@nextplus{4}
2.535 +\rail@endplus
2.536 +\rail@bar
2.537 +\rail@nextbar{4}
2.538 +\rail@nont{\isa{hints}}[]
2.539 +\rail@endbar
2.540 +\rail@end
2.541 +\rail@begin{2}{}
2.542 +\rail@nont{\isa{recdeftc}}[]
2.543 +\rail@bar
2.544 +\rail@nextbar{1}
2.545 +\rail@nont{\hyperlink{syntax.thmdecl}{\mbox{\isa{thmdecl}}}}[]
2.546 +\rail@endbar
2.547 +\rail@nont{\isa{tc}}[]
2.548 +\rail@end
2.549 +\rail@begin{2}{\isa{hints}}
2.550 +\rail@term{\isa{{\isaliteral{28}{\isacharparenleft}}}}[]
2.551 +\rail@term{\isa{\isakeyword{hints}}}[]
2.552 +\rail@plus
2.553 +\rail@nextplus{1}
2.554 +\rail@cnont{\isa{recdefmod}}[]
2.555 +\rail@endplus
2.556 +\rail@term{\isa{{\isaliteral{29}{\isacharparenright}}}}[]
2.557 +\rail@end
2.558 +\rail@begin{4}{\isa{recdefmod}}
2.559 +\rail@bar
2.560 +\rail@bar
2.561 +\rail@term{\isa{recdef{\isaliteral{5F}{\isacharunderscore}}simp}}[]
2.562 +\rail@nextbar{1}
2.563 +\rail@term{\isa{recdef{\isaliteral{5F}{\isacharunderscore}}cong}}[]
2.564 +\rail@nextbar{2}
2.565 +\rail@term{\isa{recdef{\isaliteral{5F}{\isacharunderscore}}wf}}[]
2.566 +\rail@endbar
2.567 +\rail@bar
2.568 +\rail@nextbar{1}
2.569 +\rail@term{\isa{add}}[]
2.570 +\rail@nextbar{2}
2.571 +\rail@term{\isa{del}}[]
2.572 +\rail@endbar
2.573 +\rail@term{\isa{{\isaliteral{3A}{\isacharcolon}}}}[]
2.574 +\rail@nont{\hyperlink{syntax.thmrefs}{\mbox{\isa{thmrefs}}}}[]
2.575 +\rail@nextbar{3}
2.576 +\rail@nont{\hyperlink{syntax.clasimpmod}{\mbox{\isa{clasimpmod}}}}[]
2.577 +\rail@endbar
2.578 +\rail@end
2.579 +\rail@begin{2}{\isa{tc}}
2.580 +\rail@nont{\hyperlink{syntax.nameref}{\mbox{\isa{nameref}}}}[]
2.581 +\rail@bar
2.582 +\rail@nextbar{1}
2.583 +\rail@term{\isa{{\isaliteral{28}{\isacharparenleft}}}}[]
2.584 +\rail@nont{\hyperlink{syntax.nat}{\mbox{\isa{nat}}}}[]
2.585 +\rail@term{\isa{{\isaliteral{29}{\isacharparenright}}}}[]
2.586 +\rail@endbar
2.587 +\rail@end
2.588 +\end{railoutput}
2.589 +
2.590 +
2.591 + \begin{description}
2.592 +
2.593 + \item \hyperlink{command.HOL.recdef}{\mbox{\isa{\isacommand{recdef}}}} defines general well-founded
2.594 + recursive functions (using the TFL package), see also
2.595 + \cite{isabelle-HOL}. The ``\isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}permissive{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}}'' option tells
2.596 + TFL to recover from failed proof attempts, returning unfinished
2.597 + results. The \isa{recdef{\isaliteral{5F}{\isacharunderscore}}simp}, \isa{recdef{\isaliteral{5F}{\isacharunderscore}}cong}, and \isa{recdef{\isaliteral{5F}{\isacharunderscore}}wf} hints refer to auxiliary rules to be used in the internal
2.598 + automated proof process of TFL. Additional \hyperlink{syntax.clasimpmod}{\mbox{\isa{clasimpmod}}}
2.599 + declarations (cf.\ \secref{sec:clasimp}) may be given to tune the
2.600 + context of the Simplifier (cf.\ \secref{sec:simplifier}) and
2.601 + Classical reasoner (cf.\ \secref{sec:classical}).
2.602 +
2.603 + \item \hyperlink{command.HOL.recdef-tc}{\mbox{\isa{\isacommand{recdef{\isaliteral{5F}{\isacharunderscore}}tc}}}}~\isa{{\isaliteral{22}{\isachardoublequote}}c\ {\isaliteral{28}{\isacharparenleft}}i{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}} recommences the
2.604 + proof for leftover termination condition number \isa{i} (default
2.605 + 1) as generated by a \hyperlink{command.HOL.recdef}{\mbox{\isa{\isacommand{recdef}}}} definition of
2.606 + constant \isa{c}.
2.607 +
2.608 + Note that in most cases, \hyperlink{command.HOL.recdef}{\mbox{\isa{\isacommand{recdef}}}} is able to finish
2.609 + its internal proofs without manual intervention.
2.610 +
2.611 + \end{description}
2.612 +
2.613 + \medskip Hints for \hyperlink{command.HOL.recdef}{\mbox{\isa{\isacommand{recdef}}}} may be also declared
2.614 + globally, using the following attributes.
2.615 +
2.616 + \begin{matharray}{rcl}
2.617 + \indexdef{HOL}{attribute}{recdef\_simp}\hypertarget{attribute.HOL.recdef-simp}{\hyperlink{attribute.HOL.recdef-simp}{\mbox{\isa{recdef{\isaliteral{5F}{\isacharunderscore}}simp}}}} & : & \isa{attribute} \\
2.618 + \indexdef{HOL}{attribute}{recdef\_cong}\hypertarget{attribute.HOL.recdef-cong}{\hyperlink{attribute.HOL.recdef-cong}{\mbox{\isa{recdef{\isaliteral{5F}{\isacharunderscore}}cong}}}} & : & \isa{attribute} \\
2.619 + \indexdef{HOL}{attribute}{recdef\_wf}\hypertarget{attribute.HOL.recdef-wf}{\hyperlink{attribute.HOL.recdef-wf}{\mbox{\isa{recdef{\isaliteral{5F}{\isacharunderscore}}wf}}}} & : & \isa{attribute} \\
2.620 + \end{matharray}
2.621 +
2.622 + \begin{railoutput}
2.623 +\rail@begin{3}{}
2.624 +\rail@bar
2.625 +\rail@term{\hyperlink{attribute.HOL.recdef-simp}{\mbox{\isa{recdef{\isaliteral{5F}{\isacharunderscore}}simp}}}}[]
2.626 +\rail@nextbar{1}
2.627 +\rail@term{\hyperlink{attribute.HOL.recdef-cong}{\mbox{\isa{recdef{\isaliteral{5F}{\isacharunderscore}}cong}}}}[]
2.628 +\rail@nextbar{2}
2.629 +\rail@term{\hyperlink{attribute.HOL.recdef-wf}{\mbox{\isa{recdef{\isaliteral{5F}{\isacharunderscore}}wf}}}}[]
2.630 +\rail@endbar
2.631 +\rail@bar
2.632 +\rail@nextbar{1}
2.633 +\rail@term{\isa{add}}[]
2.634 +\rail@nextbar{2}
2.635 +\rail@term{\isa{del}}[]
2.636 +\rail@endbar
2.637 +\rail@end
2.638 +\end{railoutput}%
2.639 +\end{isamarkuptext}%
2.640 +\isamarkuptrue%
2.641 +%
2.642 +\isamarkupsection{Datatypes \label{sec:hol-datatype}%
2.643 +}
2.644 +\isamarkuptrue%
2.645 +%
2.646 +\begin{isamarkuptext}%
2.647 +\begin{matharray}{rcl}
2.648 + \indexdef{HOL}{command}{datatype}\hypertarget{command.HOL.datatype}{\hyperlink{command.HOL.datatype}{\mbox{\isa{\isacommand{datatype}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ theory{\isaliteral{22}{\isachardoublequote}}} \\
2.649 + \indexdef{HOL}{command}{rep\_datatype}\hypertarget{command.HOL.rep-datatype}{\hyperlink{command.HOL.rep-datatype}{\mbox{\isa{\isacommand{rep{\isaliteral{5F}{\isacharunderscore}}datatype}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ proof{\isaliteral{28}{\isacharparenleft}}prove{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}} \\
2.650 + \end{matharray}
2.651 +
2.652 + \begin{railoutput}
2.653 +\rail@begin{2}{}
2.654 +\rail@term{\hyperlink{command.HOL.datatype}{\mbox{\isa{\isacommand{datatype}}}}}[]
2.655 +\rail@plus
2.656 +\rail@nont{\isa{spec}}[]
2.657 +\rail@nextplus{1}
2.658 +\rail@cterm{\isa{\isakeyword{and}}}[]
2.659 +\rail@endplus
2.660 +\rail@end
2.661 +\rail@begin{3}{}
2.662 +\rail@term{\hyperlink{command.HOL.rep-datatype}{\mbox{\isa{\isacommand{rep{\isaliteral{5F}{\isacharunderscore}}datatype}}}}}[]
2.663 +\rail@bar
2.664 +\rail@nextbar{1}
2.665 +\rail@term{\isa{{\isaliteral{28}{\isacharparenleft}}}}[]
2.666 +\rail@plus
2.667 +\rail@nont{\hyperlink{syntax.name}{\mbox{\isa{name}}}}[]
2.668 +\rail@nextplus{2}
2.669 +\rail@endplus
2.670 +\rail@term{\isa{{\isaliteral{29}{\isacharparenright}}}}[]
2.671 +\rail@endbar
2.672 +\rail@plus
2.673 +\rail@nont{\hyperlink{syntax.term}{\mbox{\isa{term}}}}[]
2.674 +\rail@nextplus{1}
2.675 +\rail@endplus
2.676 +\rail@end
2.677 +\rail@begin{2}{\isa{spec}}
2.678 +\rail@bar
2.679 +\rail@nextbar{1}
2.680 +\rail@nont{\hyperlink{syntax.parname}{\mbox{\isa{parname}}}}[]
2.681 +\rail@endbar
2.682 +\rail@nont{\hyperlink{syntax.typespec}{\mbox{\isa{typespec}}}}[]
2.683 +\rail@bar
2.684 +\rail@nextbar{1}
2.685 +\rail@nont{\hyperlink{syntax.mixfix}{\mbox{\isa{mixfix}}}}[]
2.686 +\rail@endbar
2.687 +\rail@term{\isa{{\isaliteral{3D}{\isacharequal}}}}[]
2.688 +\rail@plus
2.689 +\rail@nont{\isa{cons}}[]
2.690 +\rail@nextplus{1}
2.691 +\rail@cterm{\isa{{\isaliteral{7C}{\isacharbar}}}}[]
2.692 +\rail@endplus
2.693 +\rail@end
2.694 +\rail@begin{2}{\isa{cons}}
2.695 +\rail@nont{\hyperlink{syntax.name}{\mbox{\isa{name}}}}[]
2.696 +\rail@plus
2.697 +\rail@nextplus{1}
2.698 +\rail@cnont{\hyperlink{syntax.type}{\mbox{\isa{type}}}}[]
2.699 +\rail@endplus
2.700 +\rail@bar
2.701 +\rail@nextbar{1}
2.702 +\rail@nont{\hyperlink{syntax.mixfix}{\mbox{\isa{mixfix}}}}[]
2.703 +\rail@endbar
2.704 +\rail@end
2.705 +\end{railoutput}
2.706 +
2.707 +
2.708 + \begin{description}
2.709 +
2.710 + \item \hyperlink{command.HOL.datatype}{\mbox{\isa{\isacommand{datatype}}}} defines inductive datatypes in
2.711 + HOL.
2.712 +
2.713 + \item \hyperlink{command.HOL.rep-datatype}{\mbox{\isa{\isacommand{rep{\isaliteral{5F}{\isacharunderscore}}datatype}}}} represents existing types as
2.714 + inductive ones, generating the standard infrastructure of derived
2.715 + concepts (primitive recursion etc.).
2.716 +
2.717 + \end{description}
2.718 +
2.719 + The induction and exhaustion theorems generated provide case names
2.720 + according to the constructors involved, while parameters are named
2.721 + after the types (see also \secref{sec:cases-induct}).
2.722 +
2.723 + See \cite{isabelle-HOL} for more details on datatypes, but beware of
2.724 + the old-style theory syntax being used there! Apart from proper
2.725 + proof methods for case-analysis and induction, there are also
2.726 + emulations of ML tactics \hyperlink{method.HOL.case-tac}{\mbox{\isa{case{\isaliteral{5F}{\isacharunderscore}}tac}}} and \hyperlink{method.HOL.induct-tac}{\mbox{\isa{induct{\isaliteral{5F}{\isacharunderscore}}tac}}} available, see \secref{sec:hol-induct-tac}; these admit
2.727 + to refer directly to the internal structure of subgoals (including
2.728 + internally bound parameters).%
2.729 +\end{isamarkuptext}%
2.730 +\isamarkuptrue%
2.731 +%
2.732 +\isamarkupsection{Records \label{sec:hol-record}%
2.733 +}
2.734 +\isamarkuptrue%
2.735 +%
2.736 +\begin{isamarkuptext}%
2.737 +In principle, records merely generalize the concept of tuples, where
2.738 + components may be addressed by labels instead of just position. The
2.739 + logical infrastructure of records in Isabelle/HOL is slightly more
2.740 + advanced, though, supporting truly extensible record schemes. This
2.741 + admits operations that are polymorphic with respect to record
2.742 + extension, yielding ``object-oriented'' effects like (single)
2.743 + inheritance. See also \cite{NaraschewskiW-TPHOLs98} for more
2.744 + details on object-oriented verification and record subtyping in HOL.%
2.745 +\end{isamarkuptext}%
2.746 +\isamarkuptrue%
2.747 +%
2.748 +\isamarkupsubsection{Basic concepts%
2.749 +}
2.750 +\isamarkuptrue%
2.751 +%
2.752 +\begin{isamarkuptext}%
2.753 +Isabelle/HOL supports both \emph{fixed} and \emph{schematic} records
2.754 + at the level of terms and types. The notation is as follows:
2.755 +
2.756 + \begin{center}
2.757 + \begin{tabular}{l|l|l}
2.758 + & record terms & record types \\ \hline
2.759 + fixed & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}x\ {\isaliteral{3D}{\isacharequal}}\ a{\isaliteral{2C}{\isacharcomma}}\ y\ {\isaliteral{3D}{\isacharequal}}\ b{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}x\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ A{\isaliteral{2C}{\isacharcomma}}\ y\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ B{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} \\
2.760 + schematic & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}x\ {\isaliteral{3D}{\isacharequal}}\ a{\isaliteral{2C}{\isacharcomma}}\ y\ {\isaliteral{3D}{\isacharequal}}\ b{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{3D}{\isacharequal}}\ m{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} &
2.761 + \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}x\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ A{\isaliteral{2C}{\isacharcomma}}\ y\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ B{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ M{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} \\
2.762 + \end{tabular}
2.763 + \end{center}
2.764 +
2.765 + \noindent The ASCII representation of \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}x\ {\isaliteral{3D}{\isacharequal}}\ a{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} is \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{7C}{\isacharbar}}\ x\ {\isaliteral{3D}{\isacharequal}}\ a\ {\isaliteral{7C}{\isacharbar}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}}.
2.766 +
2.767 + A fixed record \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}x\ {\isaliteral{3D}{\isacharequal}}\ a{\isaliteral{2C}{\isacharcomma}}\ y\ {\isaliteral{3D}{\isacharequal}}\ b{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} has field \isa{x} of value
2.768 + \isa{a} and field \isa{y} of value \isa{b}. The corresponding
2.769 + type is \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}x\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ A{\isaliteral{2C}{\isacharcomma}}\ y\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ B{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}}, assuming that \isa{{\isaliteral{22}{\isachardoublequote}}a\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ A{\isaliteral{22}{\isachardoublequote}}}
2.770 + and \isa{{\isaliteral{22}{\isachardoublequote}}b\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ B{\isaliteral{22}{\isachardoublequote}}}.
2.771 +
2.772 + A record scheme like \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}x\ {\isaliteral{3D}{\isacharequal}}\ a{\isaliteral{2C}{\isacharcomma}}\ y\ {\isaliteral{3D}{\isacharequal}}\ b{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{3D}{\isacharequal}}\ m{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} contains fields
2.773 + \isa{x} and \isa{y} as before, but also possibly further fields
2.774 + as indicated by the ``\isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{22}{\isachardoublequote}}}'' notation (which is actually part
2.775 + of the syntax). The improper field ``\isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{22}{\isachardoublequote}}}'' of a record
2.776 + scheme is called the \emph{more part}. Logically it is just a free
2.777 + variable, which is occasionally referred to as ``row variable'' in
2.778 + the literature. The more part of a record scheme may be
2.779 + instantiated by zero or more further components. For example, the
2.780 + previous scheme may get instantiated to \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}x\ {\isaliteral{3D}{\isacharequal}}\ a{\isaliteral{2C}{\isacharcomma}}\ y\ {\isaliteral{3D}{\isacharequal}}\ b{\isaliteral{2C}{\isacharcomma}}\ z\ {\isaliteral{3D}{\isacharequal}}\ c{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{3D}{\isacharequal}}\ m{\isaliteral{27}{\isacharprime}}{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}}, where \isa{m{\isaliteral{27}{\isacharprime}}} refers to a different more part.
2.781 + Fixed records are special instances of record schemes, where
2.782 + ``\isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{22}{\isachardoublequote}}}'' is properly terminated by the \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ unit{\isaliteral{22}{\isachardoublequote}}}
2.783 + element. In fact, \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}x\ {\isaliteral{3D}{\isacharequal}}\ a{\isaliteral{2C}{\isacharcomma}}\ y\ {\isaliteral{3D}{\isacharequal}}\ b{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} is just an abbreviation
2.784 + for \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}x\ {\isaliteral{3D}{\isacharequal}}\ a{\isaliteral{2C}{\isacharcomma}}\ y\ {\isaliteral{3D}{\isacharequal}}\ b{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{3D}{\isacharequal}}\ {\isaliteral{28}{\isacharparenleft}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}}.
2.785 +
2.786 + \medskip Two key observations make extensible records in a simply
2.787 + typed language like HOL work out:
2.788 +
2.789 + \begin{enumerate}
2.790 +
2.791 + \item the more part is internalized, as a free term or type
2.792 + variable,
2.793 +
2.794 + \item field names are externalized, they cannot be accessed within
2.795 + the logic as first-class values.
2.796 +
2.797 + \end{enumerate}
2.798 +
2.799 + \medskip In Isabelle/HOL record types have to be defined explicitly,
2.800 + fixing their field names and types, and their (optional) parent
2.801 + record. Afterwards, records may be formed using above syntax, while
2.802 + obeying the canonical order of fields as given by their declaration.
2.803 + The record package provides several standard operations like
2.804 + selectors and updates. The common setup for various generic proof
2.805 + tools enable succinct reasoning patterns. See also the Isabelle/HOL
2.806 + tutorial \cite{isabelle-hol-book} for further instructions on using
2.807 + records in practice.%
2.808 +\end{isamarkuptext}%
2.809 +\isamarkuptrue%
2.810 +%
2.811 +\isamarkupsubsection{Record specifications%
2.812 +}
2.813 +\isamarkuptrue%
2.814 +%
2.815 +\begin{isamarkuptext}%
2.816 +\begin{matharray}{rcl}
2.817 + \indexdef{HOL}{command}{record}\hypertarget{command.HOL.record}{\hyperlink{command.HOL.record}{\mbox{\isa{\isacommand{record}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ theory{\isaliteral{22}{\isachardoublequote}}} \\
2.818 + \end{matharray}
2.819 +
2.820 + \begin{railoutput}
2.821 +\rail@begin{4}{}
2.822 +\rail@term{\hyperlink{command.HOL.record}{\mbox{\isa{\isacommand{record}}}}}[]
2.823 +\rail@nont{\hyperlink{syntax.typespec-sorts}{\mbox{\isa{typespec{\isaliteral{5F}{\isacharunderscore}}sorts}}}}[]
2.824 +\rail@term{\isa{{\isaliteral{3D}{\isacharequal}}}}[]
2.825 +\rail@cr{2}
2.826 +\rail@bar
2.827 +\rail@nextbar{3}
2.828 +\rail@nont{\hyperlink{syntax.type}{\mbox{\isa{type}}}}[]
2.829 +\rail@term{\isa{{\isaliteral{2B}{\isacharplus}}}}[]
2.830 +\rail@endbar
2.831 +\rail@plus
2.832 +\rail@nont{\hyperlink{syntax.constdecl}{\mbox{\isa{constdecl}}}}[]
2.833 +\rail@nextplus{3}
2.834 +\rail@endplus
2.835 +\rail@end
2.836 +\end{railoutput}
2.837 +
2.838 +
2.839 + \begin{description}
2.840 +
2.841 + \item \hyperlink{command.HOL.record}{\mbox{\isa{\isacommand{record}}}}~\isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub m{\isaliteral{29}{\isacharparenright}}\ t\ {\isaliteral{3D}{\isacharequal}}\ {\isaliteral{5C3C7461753E}{\isasymtau}}\ {\isaliteral{2B}{\isacharplus}}\ c\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ c\isaliteral{5C3C5E7375623E}{}\isactrlsub n\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub n{\isaliteral{22}{\isachardoublequote}}} defines extensible record type \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub m{\isaliteral{29}{\isacharparenright}}\ t{\isaliteral{22}{\isachardoublequote}}},
2.842 + derived from the optional parent record \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C7461753E}{\isasymtau}}{\isaliteral{22}{\isachardoublequote}}} by adding new
2.843 + field components \isa{{\isaliteral{22}{\isachardoublequote}}c\isaliteral{5C3C5E7375623E}{}\isactrlsub i\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub i{\isaliteral{22}{\isachardoublequote}}} etc.
2.844 +
2.845 + The type variables of \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C7461753E}{\isasymtau}}{\isaliteral{22}{\isachardoublequote}}} and \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub i{\isaliteral{22}{\isachardoublequote}}} need to be
2.846 + covered by the (distinct) parameters \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub m{\isaliteral{22}{\isachardoublequote}}}. Type constructor \isa{t} has to be new, while \isa{{\isaliteral{5C3C7461753E}{\isasymtau}}} needs to specify an instance of an existing record type. At
2.847 + least one new field \isa{{\isaliteral{22}{\isachardoublequote}}c\isaliteral{5C3C5E7375623E}{}\isactrlsub i{\isaliteral{22}{\isachardoublequote}}} has to be specified.
2.848 + Basically, field names need to belong to a unique record. This is
2.849 + not a real restriction in practice, since fields are qualified by
2.850 + the record name internally.
2.851 +
2.852 + The parent record specification \isa{{\isaliteral{5C3C7461753E}{\isasymtau}}} is optional; if omitted
2.853 + \isa{t} becomes a root record. The hierarchy of all records
2.854 + declared within a theory context forms a forest structure, i.e.\ a
2.855 + set of trees starting with a root record each. There is no way to
2.856 + merge multiple parent records!
2.857 +
2.858 + For convenience, \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub m{\isaliteral{29}{\isacharparenright}}\ t{\isaliteral{22}{\isachardoublequote}}} is made a
2.859 + type abbreviation for the fixed record type \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}c\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}\ c\isaliteral{5C3C5E7375623E}{}\isactrlsub n\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub n{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}}, likewise is \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub m{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C7A6574613E}{\isasymzeta}}{\isaliteral{29}{\isacharparenright}}\ t{\isaliteral{5F}{\isacharunderscore}}scheme{\isaliteral{22}{\isachardoublequote}}} made an abbreviation for
2.860 + \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}c\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}\ c\isaliteral{5C3C5E7375623E}{}\isactrlsub n\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub n{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7A6574613E}{\isasymzeta}}{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}}.
2.861 +
2.862 + \end{description}%
2.863 +\end{isamarkuptext}%
2.864 +\isamarkuptrue%
2.865 +%
2.866 +\isamarkupsubsection{Record operations%
2.867 +}
2.868 +\isamarkuptrue%
2.869 +%
2.870 +\begin{isamarkuptext}%
2.871 +Any record definition of the form presented above produces certain
2.872 + standard operations. Selectors and updates are provided for any
2.873 + field, including the improper one ``\isa{more}''. There are also
2.874 + cumulative record constructor functions. To simplify the
2.875 + presentation below, we assume for now that \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub m{\isaliteral{29}{\isacharparenright}}\ t{\isaliteral{22}{\isachardoublequote}}} is a root record with fields \isa{{\isaliteral{22}{\isachardoublequote}}c\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}\ c\isaliteral{5C3C5E7375623E}{}\isactrlsub n\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub n{\isaliteral{22}{\isachardoublequote}}}.
2.876 +
2.877 + \medskip \textbf{Selectors} and \textbf{updates} are available for
2.878 + any field (including ``\isa{more}''):
2.879 +
2.880 + \begin{matharray}{lll}
2.881 + \isa{{\isaliteral{22}{\isachardoublequote}}c\isaliteral{5C3C5E7375623E}{}\isactrlsub i{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}\isaliteral{5C3C5E7665633E}{}\isactrlvec c\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C7369676D613E}{\isasymsigma}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7A6574613E}{\isasymzeta}}{\isaliteral{5C3C72706172723E}{\isasymrparr}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub i{\isaliteral{22}{\isachardoublequote}}} \\
2.882 + \isa{{\isaliteral{22}{\isachardoublequote}}c\isaliteral{5C3C5E7375623E}{}\isactrlsub i{\isaliteral{5F}{\isacharunderscore}}update{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub i\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C6C706172723E}{\isasymlparr}}\isaliteral{5C3C5E7665633E}{}\isactrlvec c\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C7369676D613E}{\isasymsigma}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7A6574613E}{\isasymzeta}}{\isaliteral{5C3C72706172723E}{\isasymrparr}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C6C706172723E}{\isasymlparr}}\isaliteral{5C3C5E7665633E}{}\isactrlvec c\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C7369676D613E}{\isasymsigma}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7A6574613E}{\isasymzeta}}{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} \\
2.883 + \end{matharray}
2.884 +
2.885 + There is special syntax for application of updates: \isa{{\isaliteral{22}{\isachardoublequote}}r{\isaliteral{5C3C6C706172723E}{\isasymlparr}}x\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3D}{\isacharequal}}\ a{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} abbreviates term \isa{{\isaliteral{22}{\isachardoublequote}}x{\isaliteral{5F}{\isacharunderscore}}update\ a\ r{\isaliteral{22}{\isachardoublequote}}}. Further notation for
2.886 + repeated updates is also available: \isa{{\isaliteral{22}{\isachardoublequote}}r{\isaliteral{5C3C6C706172723E}{\isasymlparr}}x\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3D}{\isacharequal}}\ a{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}y\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3D}{\isacharequal}}\ b{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}z\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3D}{\isacharequal}}\ c{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} may be written \isa{{\isaliteral{22}{\isachardoublequote}}r{\isaliteral{5C3C6C706172723E}{\isasymlparr}}x\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3D}{\isacharequal}}\ a{\isaliteral{2C}{\isacharcomma}}\ y\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3D}{\isacharequal}}\ b{\isaliteral{2C}{\isacharcomma}}\ z\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3D}{\isacharequal}}\ c{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}}. Note that
2.887 + because of postfix notation the order of fields shown here is
2.888 + reverse than in the actual term. Since repeated updates are just
2.889 + function applications, fields may be freely permuted in \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}x\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3D}{\isacharequal}}\ a{\isaliteral{2C}{\isacharcomma}}\ y\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3D}{\isacharequal}}\ b{\isaliteral{2C}{\isacharcomma}}\ z\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3D}{\isacharequal}}\ c{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}}, as far as logical equality is concerned.
2.890 + Thus commutativity of independent updates can be proven within the
2.891 + logic for any two fields, but not as a general theorem.
2.892 +
2.893 + \medskip The \textbf{make} operation provides a cumulative record
2.894 + constructor function:
2.895 +
2.896 + \begin{matharray}{lll}
2.897 + \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}make{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub n\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C6C706172723E}{\isasymlparr}}\isaliteral{5C3C5E7665633E}{}\isactrlvec c\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C7369676D613E}{\isasymsigma}}{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} \\
2.898 + \end{matharray}
2.899 +
2.900 + \medskip We now reconsider the case of non-root records, which are
2.901 + derived of some parent. In general, the latter may depend on
2.902 + another parent as well, resulting in a list of \emph{ancestor
2.903 + records}. Appending the lists of fields of all ancestors results in
2.904 + a certain field prefix. The record package automatically takes care
2.905 + of this by lifting operations over this context of ancestor fields.
2.906 + Assuming that \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub m{\isaliteral{29}{\isacharparenright}}\ t{\isaliteral{22}{\isachardoublequote}}} has ancestor
2.907 + fields \isa{{\isaliteral{22}{\isachardoublequote}}b\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C72686F3E}{\isasymrho}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}\ b\isaliteral{5C3C5E7375623E}{}\isactrlsub k\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C72686F3E}{\isasymrho}}\isaliteral{5C3C5E7375623E}{}\isactrlsub k{\isaliteral{22}{\isachardoublequote}}},
2.908 + the above record operations will get the following types:
2.909 +
2.910 + \medskip
2.911 + \begin{tabular}{lll}
2.912 + \isa{{\isaliteral{22}{\isachardoublequote}}c\isaliteral{5C3C5E7375623E}{}\isactrlsub i{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}\isaliteral{5C3C5E7665633E}{}\isactrlvec b\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C72686F3E}{\isasymrho}}{\isaliteral{2C}{\isacharcomma}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec c\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C7369676D613E}{\isasymsigma}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7A6574613E}{\isasymzeta}}{\isaliteral{5C3C72706172723E}{\isasymrparr}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub i{\isaliteral{22}{\isachardoublequote}}} \\
2.913 + \isa{{\isaliteral{22}{\isachardoublequote}}c\isaliteral{5C3C5E7375623E}{}\isactrlsub i{\isaliteral{5F}{\isacharunderscore}}update{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub i\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C6C706172723E}{\isasymlparr}}\isaliteral{5C3C5E7665633E}{}\isactrlvec b\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C72686F3E}{\isasymrho}}{\isaliteral{2C}{\isacharcomma}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec c\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C7369676D613E}{\isasymsigma}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7A6574613E}{\isasymzeta}}{\isaliteral{5C3C72706172723E}{\isasymrparr}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C6C706172723E}{\isasymlparr}}\isaliteral{5C3C5E7665633E}{}\isactrlvec b\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C72686F3E}{\isasymrho}}{\isaliteral{2C}{\isacharcomma}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec c\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C7369676D613E}{\isasymsigma}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7A6574613E}{\isasymzeta}}{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} \\
2.914 + \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}make{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C72686F3E}{\isasymrho}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{5C3C72686F3E}{\isasymrho}}\isaliteral{5C3C5E7375623E}{}\isactrlsub k\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub n\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C6C706172723E}{\isasymlparr}}\isaliteral{5C3C5E7665633E}{}\isactrlvec b\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C72686F3E}{\isasymrho}}{\isaliteral{2C}{\isacharcomma}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec c\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C7369676D613E}{\isasymsigma}}{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} \\
2.915 + \end{tabular}
2.916 + \medskip
2.917 +
2.918 + \noindent Some further operations address the extension aspect of a
2.919 + derived record scheme specifically: \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}fields{\isaliteral{22}{\isachardoublequote}}} produces a
2.920 + record fragment consisting of exactly the new fields introduced here
2.921 + (the result may serve as a more part elsewhere); \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}extend{\isaliteral{22}{\isachardoublequote}}}
2.922 + takes a fixed record and adds a given more part; \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}truncate{\isaliteral{22}{\isachardoublequote}}} restricts a record scheme to a fixed record.
2.923 +
2.924 + \medskip
2.925 + \begin{tabular}{lll}
2.926 + \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}fields{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub n\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C6C706172723E}{\isasymlparr}}\isaliteral{5C3C5E7665633E}{}\isactrlvec c\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C7369676D613E}{\isasymsigma}}{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} \\
2.927 + \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}extend{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}\isaliteral{5C3C5E7665633E}{}\isactrlvec b\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C72686F3E}{\isasymrho}}{\isaliteral{2C}{\isacharcomma}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec c\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C7369676D613E}{\isasymsigma}}{\isaliteral{5C3C72706172723E}{\isasymrparr}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C7A6574613E}{\isasymzeta}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C6C706172723E}{\isasymlparr}}\isaliteral{5C3C5E7665633E}{}\isactrlvec b\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C72686F3E}{\isasymrho}}{\isaliteral{2C}{\isacharcomma}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec c\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C7369676D613E}{\isasymsigma}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7A6574613E}{\isasymzeta}}{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} \\
2.928 + \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}truncate{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}\isaliteral{5C3C5E7665633E}{}\isactrlvec b\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C72686F3E}{\isasymrho}}{\isaliteral{2C}{\isacharcomma}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec c\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C7369676D613E}{\isasymsigma}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7A6574613E}{\isasymzeta}}{\isaliteral{5C3C72706172723E}{\isasymrparr}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C6C706172723E}{\isasymlparr}}\isaliteral{5C3C5E7665633E}{}\isactrlvec b\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C72686F3E}{\isasymrho}}{\isaliteral{2C}{\isacharcomma}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec c\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C7369676D613E}{\isasymsigma}}{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} \\
2.929 + \end{tabular}
2.930 + \medskip
2.931 +
2.932 + \noindent Note that \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}make{\isaliteral{22}{\isachardoublequote}}} and \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}fields{\isaliteral{22}{\isachardoublequote}}} coincide
2.933 + for root records.%
2.934 +\end{isamarkuptext}%
2.935 +\isamarkuptrue%
2.936 +%
2.937 +\isamarkupsubsection{Derived rules and proof tools%
2.938 +}
2.939 +\isamarkuptrue%
2.940 +%
2.941 +\begin{isamarkuptext}%
2.942 +The record package proves several results internally, declaring
2.943 + these facts to appropriate proof tools. This enables users to
2.944 + reason about record structures quite conveniently. Assume that
2.945 + \isa{t} is a record type as specified above.
2.946 +
2.947 + \begin{enumerate}
2.948 +
2.949 + \item Standard conversions for selectors or updates applied to
2.950 + record constructor terms are made part of the default Simplifier
2.951 + context; thus proofs by reduction of basic operations merely require
2.952 + the \hyperlink{method.simp}{\mbox{\isa{simp}}} method without further arguments. These rules
2.953 + are available as \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}simps{\isaliteral{22}{\isachardoublequote}}}, too.
2.954 +
2.955 + \item Selectors applied to updated records are automatically reduced
2.956 + by an internal simplification procedure, which is also part of the
2.957 + standard Simplifier setup.
2.958 +
2.959 + \item Inject equations of a form analogous to \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}x{\isaliteral{2C}{\isacharcomma}}\ y{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ {\isaliteral{28}{\isacharparenleft}}x{\isaliteral{27}{\isacharprime}}{\isaliteral{2C}{\isacharcomma}}\ y{\isaliteral{27}{\isacharprime}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C65717569763E}{\isasymequiv}}\ x\ {\isaliteral{3D}{\isacharequal}}\ x{\isaliteral{27}{\isacharprime}}\ {\isaliteral{5C3C616E643E}{\isasymand}}\ y\ {\isaliteral{3D}{\isacharequal}}\ y{\isaliteral{27}{\isacharprime}}{\isaliteral{22}{\isachardoublequote}}} are declared to the Simplifier and Classical
2.960 + Reasoner as \hyperlink{attribute.iff}{\mbox{\isa{iff}}} rules. These rules are available as
2.961 + \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}iffs{\isaliteral{22}{\isachardoublequote}}}.
2.962 +
2.963 + \item The introduction rule for record equality analogous to \isa{{\isaliteral{22}{\isachardoublequote}}x\ r\ {\isaliteral{3D}{\isacharequal}}\ x\ r{\isaliteral{27}{\isacharprime}}\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ y\ r\ {\isaliteral{3D}{\isacharequal}}\ y\ r{\isaliteral{27}{\isacharprime}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ r\ {\isaliteral{3D}{\isacharequal}}\ r{\isaliteral{27}{\isacharprime}}{\isaliteral{22}{\isachardoublequote}}} is declared to the Simplifier,
2.964 + and as the basic rule context as ``\hyperlink{attribute.intro}{\mbox{\isa{intro}}}\isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{3F}{\isacharquery}}{\isaliteral{22}{\isachardoublequote}}}''.
2.965 + The rule is called \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}equality{\isaliteral{22}{\isachardoublequote}}}.
2.966 +
2.967 + \item Representations of arbitrary record expressions as canonical
2.968 + constructor terms are provided both in \hyperlink{method.cases}{\mbox{\isa{cases}}} and \hyperlink{method.induct}{\mbox{\isa{induct}}} format (cf.\ the generic proof methods of the same name,
2.969 + \secref{sec:cases-induct}). Several variations are available, for
2.970 + fixed records, record schemes, more parts etc.
2.971 +
2.972 + The generic proof methods are sufficiently smart to pick the most
2.973 + sensible rule according to the type of the indicated record
2.974 + expression: users just need to apply something like ``\isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}cases\ r{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}}'' to a certain proof problem.
2.975 +
2.976 + \item The derived record operations \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}make{\isaliteral{22}{\isachardoublequote}}}, \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}fields{\isaliteral{22}{\isachardoublequote}}}, \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}extend{\isaliteral{22}{\isachardoublequote}}}, \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}truncate{\isaliteral{22}{\isachardoublequote}}} are \emph{not}
2.977 + treated automatically, but usually need to be expanded by hand,
2.978 + using the collective fact \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}defs{\isaliteral{22}{\isachardoublequote}}}.
2.979 +
2.980 + \end{enumerate}%
2.981 +\end{isamarkuptext}%
2.982 +\isamarkuptrue%
2.983 +%
2.984 +\isamarkupsection{Adhoc tuples%
2.985 +}
2.986 +\isamarkuptrue%
2.987 +%
2.988 +\begin{isamarkuptext}%
2.989 +\begin{matharray}{rcl}
2.990 + \indexdef{HOL}{attribute}{split\_format}\hypertarget{attribute.HOL.split-format}{\hyperlink{attribute.HOL.split-format}{\mbox{\isa{split{\isaliteral{5F}{\isacharunderscore}}format}}}}\isa{{\isaliteral{22}{\isachardoublequote}}\isaliteral{5C3C5E7375703E}{}\isactrlsup {\isaliteral{2A}{\isacharasterisk}}{\isaliteral{22}{\isachardoublequote}}} & : & \isa{attribute} \\
2.991 + \end{matharray}
2.992 +
2.993 + \begin{railoutput}
2.994 +\rail@begin{2}{}
2.995 +\rail@term{\hyperlink{attribute.HOL.split-format}{\mbox{\isa{split{\isaliteral{5F}{\isacharunderscore}}format}}}}[]
2.996 +\rail@bar
2.997 +\rail@nextbar{1}
2.998 +\rail@term{\isa{{\isaliteral{28}{\isacharparenleft}}}}[]
2.999 +\rail@term{\isa{complete}}[]
2.1000 +\rail@term{\isa{{\isaliteral{29}{\isacharparenright}}}}[]
2.1001 +\rail@endbar
2.1002 +\rail@end
2.1003 +\end{railoutput}
2.1004 +
2.1005 +
2.1006 + \begin{description}
2.1007 +
2.1008 + \item \hyperlink{attribute.HOL.split-format}{\mbox{\isa{split{\isaliteral{5F}{\isacharunderscore}}format}}}\ \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}complete{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}} causes
2.1009 + arguments in function applications to be represented canonically
2.1010 + according to their tuple type structure.
2.1011 +
2.1012 + Note that this operation tends to invent funny names for new local
2.1013 + parameters introduced.
2.1014 +
2.1015 + \end{description}%
2.1016 +\end{isamarkuptext}%
2.1017 +\isamarkuptrue%
2.1018 +%
2.1019 \isamarkupsection{Typedef axiomatization \label{sec:hol-typedef}%
2.1020 }
2.1021 \isamarkuptrue%
2.1022 @@ -253,383 +1265,6 @@
2.1023 \end{isamarkuptext}%
2.1024 \isamarkuptrue%
2.1025 %
2.1026 -\isamarkupsection{Adhoc tuples%
2.1027 -}
2.1028 -\isamarkuptrue%
2.1029 -%
2.1030 -\begin{isamarkuptext}%
2.1031 -\begin{matharray}{rcl}
2.1032 - \indexdef{HOL}{attribute}{split\_format}\hypertarget{attribute.HOL.split-format}{\hyperlink{attribute.HOL.split-format}{\mbox{\isa{split{\isaliteral{5F}{\isacharunderscore}}format}}}}\isa{{\isaliteral{22}{\isachardoublequote}}\isaliteral{5C3C5E7375703E}{}\isactrlsup {\isaliteral{2A}{\isacharasterisk}}{\isaliteral{22}{\isachardoublequote}}} & : & \isa{attribute} \\
2.1033 - \end{matharray}
2.1034 -
2.1035 - \begin{railoutput}
2.1036 -\rail@begin{2}{}
2.1037 -\rail@term{\hyperlink{attribute.HOL.split-format}{\mbox{\isa{split{\isaliteral{5F}{\isacharunderscore}}format}}}}[]
2.1038 -\rail@bar
2.1039 -\rail@nextbar{1}
2.1040 -\rail@term{\isa{{\isaliteral{28}{\isacharparenleft}}}}[]
2.1041 -\rail@term{\isa{complete}}[]
2.1042 -\rail@term{\isa{{\isaliteral{29}{\isacharparenright}}}}[]
2.1043 -\rail@endbar
2.1044 -\rail@end
2.1045 -\end{railoutput}
2.1046 -
2.1047 -
2.1048 - \begin{description}
2.1049 -
2.1050 - \item \hyperlink{attribute.HOL.split-format}{\mbox{\isa{split{\isaliteral{5F}{\isacharunderscore}}format}}}\ \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}complete{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}} causes
2.1051 - arguments in function applications to be represented canonically
2.1052 - according to their tuple type structure.
2.1053 -
2.1054 - Note that this operation tends to invent funny names for new local
2.1055 - parameters introduced.
2.1056 -
2.1057 - \end{description}%
2.1058 -\end{isamarkuptext}%
2.1059 -\isamarkuptrue%
2.1060 -%
2.1061 -\isamarkupsection{Records \label{sec:hol-record}%
2.1062 -}
2.1063 -\isamarkuptrue%
2.1064 -%
2.1065 -\begin{isamarkuptext}%
2.1066 -In principle, records merely generalize the concept of tuples, where
2.1067 - components may be addressed by labels instead of just position. The
2.1068 - logical infrastructure of records in Isabelle/HOL is slightly more
2.1069 - advanced, though, supporting truly extensible record schemes. This
2.1070 - admits operations that are polymorphic with respect to record
2.1071 - extension, yielding ``object-oriented'' effects like (single)
2.1072 - inheritance. See also \cite{NaraschewskiW-TPHOLs98} for more
2.1073 - details on object-oriented verification and record subtyping in HOL.%
2.1074 -\end{isamarkuptext}%
2.1075 -\isamarkuptrue%
2.1076 -%
2.1077 -\isamarkupsubsection{Basic concepts%
2.1078 -}
2.1079 -\isamarkuptrue%
2.1080 -%
2.1081 -\begin{isamarkuptext}%
2.1082 -Isabelle/HOL supports both \emph{fixed} and \emph{schematic} records
2.1083 - at the level of terms and types. The notation is as follows:
2.1084 -
2.1085 - \begin{center}
2.1086 - \begin{tabular}{l|l|l}
2.1087 - & record terms & record types \\ \hline
2.1088 - fixed & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}x\ {\isaliteral{3D}{\isacharequal}}\ a{\isaliteral{2C}{\isacharcomma}}\ y\ {\isaliteral{3D}{\isacharequal}}\ b{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}x\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ A{\isaliteral{2C}{\isacharcomma}}\ y\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ B{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} \\
2.1089 - schematic & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}x\ {\isaliteral{3D}{\isacharequal}}\ a{\isaliteral{2C}{\isacharcomma}}\ y\ {\isaliteral{3D}{\isacharequal}}\ b{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{3D}{\isacharequal}}\ m{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} &
2.1090 - \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}x\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ A{\isaliteral{2C}{\isacharcomma}}\ y\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ B{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ M{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} \\
2.1091 - \end{tabular}
2.1092 - \end{center}
2.1093 -
2.1094 - \noindent The ASCII representation of \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}x\ {\isaliteral{3D}{\isacharequal}}\ a{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} is \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{7C}{\isacharbar}}\ x\ {\isaliteral{3D}{\isacharequal}}\ a\ {\isaliteral{7C}{\isacharbar}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}}.
2.1095 -
2.1096 - A fixed record \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}x\ {\isaliteral{3D}{\isacharequal}}\ a{\isaliteral{2C}{\isacharcomma}}\ y\ {\isaliteral{3D}{\isacharequal}}\ b{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} has field \isa{x} of value
2.1097 - \isa{a} and field \isa{y} of value \isa{b}. The corresponding
2.1098 - type is \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}x\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ A{\isaliteral{2C}{\isacharcomma}}\ y\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ B{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}}, assuming that \isa{{\isaliteral{22}{\isachardoublequote}}a\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ A{\isaliteral{22}{\isachardoublequote}}}
2.1099 - and \isa{{\isaliteral{22}{\isachardoublequote}}b\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ B{\isaliteral{22}{\isachardoublequote}}}.
2.1100 -
2.1101 - A record scheme like \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}x\ {\isaliteral{3D}{\isacharequal}}\ a{\isaliteral{2C}{\isacharcomma}}\ y\ {\isaliteral{3D}{\isacharequal}}\ b{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{3D}{\isacharequal}}\ m{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} contains fields
2.1102 - \isa{x} and \isa{y} as before, but also possibly further fields
2.1103 - as indicated by the ``\isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{22}{\isachardoublequote}}}'' notation (which is actually part
2.1104 - of the syntax). The improper field ``\isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{22}{\isachardoublequote}}}'' of a record
2.1105 - scheme is called the \emph{more part}. Logically it is just a free
2.1106 - variable, which is occasionally referred to as ``row variable'' in
2.1107 - the literature. The more part of a record scheme may be
2.1108 - instantiated by zero or more further components. For example, the
2.1109 - previous scheme may get instantiated to \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}x\ {\isaliteral{3D}{\isacharequal}}\ a{\isaliteral{2C}{\isacharcomma}}\ y\ {\isaliteral{3D}{\isacharequal}}\ b{\isaliteral{2C}{\isacharcomma}}\ z\ {\isaliteral{3D}{\isacharequal}}\ c{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{3D}{\isacharequal}}\ m{\isaliteral{27}{\isacharprime}}{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}}, where \isa{m{\isaliteral{27}{\isacharprime}}} refers to a different more part.
2.1110 - Fixed records are special instances of record schemes, where
2.1111 - ``\isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{22}{\isachardoublequote}}}'' is properly terminated by the \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ unit{\isaliteral{22}{\isachardoublequote}}}
2.1112 - element. In fact, \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}x\ {\isaliteral{3D}{\isacharequal}}\ a{\isaliteral{2C}{\isacharcomma}}\ y\ {\isaliteral{3D}{\isacharequal}}\ b{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} is just an abbreviation
2.1113 - for \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}x\ {\isaliteral{3D}{\isacharequal}}\ a{\isaliteral{2C}{\isacharcomma}}\ y\ {\isaliteral{3D}{\isacharequal}}\ b{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{3D}{\isacharequal}}\ {\isaliteral{28}{\isacharparenleft}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}}.
2.1114 -
2.1115 - \medskip Two key observations make extensible records in a simply
2.1116 - typed language like HOL work out:
2.1117 -
2.1118 - \begin{enumerate}
2.1119 -
2.1120 - \item the more part is internalized, as a free term or type
2.1121 - variable,
2.1122 -
2.1123 - \item field names are externalized, they cannot be accessed within
2.1124 - the logic as first-class values.
2.1125 -
2.1126 - \end{enumerate}
2.1127 -
2.1128 - \medskip In Isabelle/HOL record types have to be defined explicitly,
2.1129 - fixing their field names and types, and their (optional) parent
2.1130 - record. Afterwards, records may be formed using above syntax, while
2.1131 - obeying the canonical order of fields as given by their declaration.
2.1132 - The record package provides several standard operations like
2.1133 - selectors and updates. The common setup for various generic proof
2.1134 - tools enable succinct reasoning patterns. See also the Isabelle/HOL
2.1135 - tutorial \cite{isabelle-hol-book} for further instructions on using
2.1136 - records in practice.%
2.1137 -\end{isamarkuptext}%
2.1138 -\isamarkuptrue%
2.1139 -%
2.1140 -\isamarkupsubsection{Record specifications%
2.1141 -}
2.1142 -\isamarkuptrue%
2.1143 -%
2.1144 -\begin{isamarkuptext}%
2.1145 -\begin{matharray}{rcl}
2.1146 - \indexdef{HOL}{command}{record}\hypertarget{command.HOL.record}{\hyperlink{command.HOL.record}{\mbox{\isa{\isacommand{record}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ theory{\isaliteral{22}{\isachardoublequote}}} \\
2.1147 - \end{matharray}
2.1148 -
2.1149 - \begin{railoutput}
2.1150 -\rail@begin{4}{}
2.1151 -\rail@term{\hyperlink{command.HOL.record}{\mbox{\isa{\isacommand{record}}}}}[]
2.1152 -\rail@nont{\hyperlink{syntax.typespec-sorts}{\mbox{\isa{typespec{\isaliteral{5F}{\isacharunderscore}}sorts}}}}[]
2.1153 -\rail@term{\isa{{\isaliteral{3D}{\isacharequal}}}}[]
2.1154 -\rail@cr{2}
2.1155 -\rail@bar
2.1156 -\rail@nextbar{3}
2.1157 -\rail@nont{\hyperlink{syntax.type}{\mbox{\isa{type}}}}[]
2.1158 -\rail@term{\isa{{\isaliteral{2B}{\isacharplus}}}}[]
2.1159 -\rail@endbar
2.1160 -\rail@plus
2.1161 -\rail@nont{\hyperlink{syntax.constdecl}{\mbox{\isa{constdecl}}}}[]
2.1162 -\rail@nextplus{3}
2.1163 -\rail@endplus
2.1164 -\rail@end
2.1165 -\end{railoutput}
2.1166 -
2.1167 -
2.1168 - \begin{description}
2.1169 -
2.1170 - \item \hyperlink{command.HOL.record}{\mbox{\isa{\isacommand{record}}}}~\isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub m{\isaliteral{29}{\isacharparenright}}\ t\ {\isaliteral{3D}{\isacharequal}}\ {\isaliteral{5C3C7461753E}{\isasymtau}}\ {\isaliteral{2B}{\isacharplus}}\ c\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ c\isaliteral{5C3C5E7375623E}{}\isactrlsub n\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub n{\isaliteral{22}{\isachardoublequote}}} defines extensible record type \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub m{\isaliteral{29}{\isacharparenright}}\ t{\isaliteral{22}{\isachardoublequote}}},
2.1171 - derived from the optional parent record \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C7461753E}{\isasymtau}}{\isaliteral{22}{\isachardoublequote}}} by adding new
2.1172 - field components \isa{{\isaliteral{22}{\isachardoublequote}}c\isaliteral{5C3C5E7375623E}{}\isactrlsub i\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub i{\isaliteral{22}{\isachardoublequote}}} etc.
2.1173 -
2.1174 - The type variables of \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C7461753E}{\isasymtau}}{\isaliteral{22}{\isachardoublequote}}} and \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub i{\isaliteral{22}{\isachardoublequote}}} need to be
2.1175 - covered by the (distinct) parameters \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub m{\isaliteral{22}{\isachardoublequote}}}. Type constructor \isa{t} has to be new, while \isa{{\isaliteral{5C3C7461753E}{\isasymtau}}} needs to specify an instance of an existing record type. At
2.1176 - least one new field \isa{{\isaliteral{22}{\isachardoublequote}}c\isaliteral{5C3C5E7375623E}{}\isactrlsub i{\isaliteral{22}{\isachardoublequote}}} has to be specified.
2.1177 - Basically, field names need to belong to a unique record. This is
2.1178 - not a real restriction in practice, since fields are qualified by
2.1179 - the record name internally.
2.1180 -
2.1181 - The parent record specification \isa{{\isaliteral{5C3C7461753E}{\isasymtau}}} is optional; if omitted
2.1182 - \isa{t} becomes a root record. The hierarchy of all records
2.1183 - declared within a theory context forms a forest structure, i.e.\ a
2.1184 - set of trees starting with a root record each. There is no way to
2.1185 - merge multiple parent records!
2.1186 -
2.1187 - For convenience, \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub m{\isaliteral{29}{\isacharparenright}}\ t{\isaliteral{22}{\isachardoublequote}}} is made a
2.1188 - type abbreviation for the fixed record type \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}c\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}\ c\isaliteral{5C3C5E7375623E}{}\isactrlsub n\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub n{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}}, likewise is \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub m{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C7A6574613E}{\isasymzeta}}{\isaliteral{29}{\isacharparenright}}\ t{\isaliteral{5F}{\isacharunderscore}}scheme{\isaliteral{22}{\isachardoublequote}}} made an abbreviation for
2.1189 - \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}c\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}\ c\isaliteral{5C3C5E7375623E}{}\isactrlsub n\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub n{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7A6574613E}{\isasymzeta}}{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}}.
2.1190 -
2.1191 - \end{description}%
2.1192 -\end{isamarkuptext}%
2.1193 -\isamarkuptrue%
2.1194 -%
2.1195 -\isamarkupsubsection{Record operations%
2.1196 -}
2.1197 -\isamarkuptrue%
2.1198 -%
2.1199 -\begin{isamarkuptext}%
2.1200 -Any record definition of the form presented above produces certain
2.1201 - standard operations. Selectors and updates are provided for any
2.1202 - field, including the improper one ``\isa{more}''. There are also
2.1203 - cumulative record constructor functions. To simplify the
2.1204 - presentation below, we assume for now that \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub m{\isaliteral{29}{\isacharparenright}}\ t{\isaliteral{22}{\isachardoublequote}}} is a root record with fields \isa{{\isaliteral{22}{\isachardoublequote}}c\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}\ c\isaliteral{5C3C5E7375623E}{}\isactrlsub n\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub n{\isaliteral{22}{\isachardoublequote}}}.
2.1205 -
2.1206 - \medskip \textbf{Selectors} and \textbf{updates} are available for
2.1207 - any field (including ``\isa{more}''):
2.1208 -
2.1209 - \begin{matharray}{lll}
2.1210 - \isa{{\isaliteral{22}{\isachardoublequote}}c\isaliteral{5C3C5E7375623E}{}\isactrlsub i{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}\isaliteral{5C3C5E7665633E}{}\isactrlvec c\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C7369676D613E}{\isasymsigma}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7A6574613E}{\isasymzeta}}{\isaliteral{5C3C72706172723E}{\isasymrparr}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub i{\isaliteral{22}{\isachardoublequote}}} \\
2.1211 - \isa{{\isaliteral{22}{\isachardoublequote}}c\isaliteral{5C3C5E7375623E}{}\isactrlsub i{\isaliteral{5F}{\isacharunderscore}}update{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub i\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C6C706172723E}{\isasymlparr}}\isaliteral{5C3C5E7665633E}{}\isactrlvec c\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C7369676D613E}{\isasymsigma}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7A6574613E}{\isasymzeta}}{\isaliteral{5C3C72706172723E}{\isasymrparr}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C6C706172723E}{\isasymlparr}}\isaliteral{5C3C5E7665633E}{}\isactrlvec c\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C7369676D613E}{\isasymsigma}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7A6574613E}{\isasymzeta}}{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} \\
2.1212 - \end{matharray}
2.1213 -
2.1214 - There is special syntax for application of updates: \isa{{\isaliteral{22}{\isachardoublequote}}r{\isaliteral{5C3C6C706172723E}{\isasymlparr}}x\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3D}{\isacharequal}}\ a{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} abbreviates term \isa{{\isaliteral{22}{\isachardoublequote}}x{\isaliteral{5F}{\isacharunderscore}}update\ a\ r{\isaliteral{22}{\isachardoublequote}}}. Further notation for
2.1215 - repeated updates is also available: \isa{{\isaliteral{22}{\isachardoublequote}}r{\isaliteral{5C3C6C706172723E}{\isasymlparr}}x\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3D}{\isacharequal}}\ a{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}y\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3D}{\isacharequal}}\ b{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}z\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3D}{\isacharequal}}\ c{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} may be written \isa{{\isaliteral{22}{\isachardoublequote}}r{\isaliteral{5C3C6C706172723E}{\isasymlparr}}x\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3D}{\isacharequal}}\ a{\isaliteral{2C}{\isacharcomma}}\ y\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3D}{\isacharequal}}\ b{\isaliteral{2C}{\isacharcomma}}\ z\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3D}{\isacharequal}}\ c{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}}. Note that
2.1216 - because of postfix notation the order of fields shown here is
2.1217 - reverse than in the actual term. Since repeated updates are just
2.1218 - function applications, fields may be freely permuted in \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}x\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3D}{\isacharequal}}\ a{\isaliteral{2C}{\isacharcomma}}\ y\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3D}{\isacharequal}}\ b{\isaliteral{2C}{\isacharcomma}}\ z\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3D}{\isacharequal}}\ c{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}}, as far as logical equality is concerned.
2.1219 - Thus commutativity of independent updates can be proven within the
2.1220 - logic for any two fields, but not as a general theorem.
2.1221 -
2.1222 - \medskip The \textbf{make} operation provides a cumulative record
2.1223 - constructor function:
2.1224 -
2.1225 - \begin{matharray}{lll}
2.1226 - \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}make{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub n\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C6C706172723E}{\isasymlparr}}\isaliteral{5C3C5E7665633E}{}\isactrlvec c\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C7369676D613E}{\isasymsigma}}{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} \\
2.1227 - \end{matharray}
2.1228 -
2.1229 - \medskip We now reconsider the case of non-root records, which are
2.1230 - derived of some parent. In general, the latter may depend on
2.1231 - another parent as well, resulting in a list of \emph{ancestor
2.1232 - records}. Appending the lists of fields of all ancestors results in
2.1233 - a certain field prefix. The record package automatically takes care
2.1234 - of this by lifting operations over this context of ancestor fields.
2.1235 - Assuming that \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub m{\isaliteral{29}{\isacharparenright}}\ t{\isaliteral{22}{\isachardoublequote}}} has ancestor
2.1236 - fields \isa{{\isaliteral{22}{\isachardoublequote}}b\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C72686F3E}{\isasymrho}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}\ b\isaliteral{5C3C5E7375623E}{}\isactrlsub k\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C72686F3E}{\isasymrho}}\isaliteral{5C3C5E7375623E}{}\isactrlsub k{\isaliteral{22}{\isachardoublequote}}},
2.1237 - the above record operations will get the following types:
2.1238 -
2.1239 - \medskip
2.1240 - \begin{tabular}{lll}
2.1241 - \isa{{\isaliteral{22}{\isachardoublequote}}c\isaliteral{5C3C5E7375623E}{}\isactrlsub i{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}\isaliteral{5C3C5E7665633E}{}\isactrlvec b\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C72686F3E}{\isasymrho}}{\isaliteral{2C}{\isacharcomma}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec c\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C7369676D613E}{\isasymsigma}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7A6574613E}{\isasymzeta}}{\isaliteral{5C3C72706172723E}{\isasymrparr}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub i{\isaliteral{22}{\isachardoublequote}}} \\
2.1242 - \isa{{\isaliteral{22}{\isachardoublequote}}c\isaliteral{5C3C5E7375623E}{}\isactrlsub i{\isaliteral{5F}{\isacharunderscore}}update{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub i\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C6C706172723E}{\isasymlparr}}\isaliteral{5C3C5E7665633E}{}\isactrlvec b\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C72686F3E}{\isasymrho}}{\isaliteral{2C}{\isacharcomma}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec c\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C7369676D613E}{\isasymsigma}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7A6574613E}{\isasymzeta}}{\isaliteral{5C3C72706172723E}{\isasymrparr}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C6C706172723E}{\isasymlparr}}\isaliteral{5C3C5E7665633E}{}\isactrlvec b\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C72686F3E}{\isasymrho}}{\isaliteral{2C}{\isacharcomma}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec c\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C7369676D613E}{\isasymsigma}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7A6574613E}{\isasymzeta}}{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} \\
2.1243 - \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}make{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C72686F3E}{\isasymrho}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{5C3C72686F3E}{\isasymrho}}\isaliteral{5C3C5E7375623E}{}\isactrlsub k\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub n\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C6C706172723E}{\isasymlparr}}\isaliteral{5C3C5E7665633E}{}\isactrlvec b\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C72686F3E}{\isasymrho}}{\isaliteral{2C}{\isacharcomma}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec c\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C7369676D613E}{\isasymsigma}}{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} \\
2.1244 - \end{tabular}
2.1245 - \medskip
2.1246 -
2.1247 - \noindent Some further operations address the extension aspect of a
2.1248 - derived record scheme specifically: \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}fields{\isaliteral{22}{\isachardoublequote}}} produces a
2.1249 - record fragment consisting of exactly the new fields introduced here
2.1250 - (the result may serve as a more part elsewhere); \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}extend{\isaliteral{22}{\isachardoublequote}}}
2.1251 - takes a fixed record and adds a given more part; \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}truncate{\isaliteral{22}{\isachardoublequote}}} restricts a record scheme to a fixed record.
2.1252 -
2.1253 - \medskip
2.1254 - \begin{tabular}{lll}
2.1255 - \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}fields{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub n\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C6C706172723E}{\isasymlparr}}\isaliteral{5C3C5E7665633E}{}\isactrlvec c\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C7369676D613E}{\isasymsigma}}{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} \\
2.1256 - \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}extend{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}\isaliteral{5C3C5E7665633E}{}\isactrlvec b\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C72686F3E}{\isasymrho}}{\isaliteral{2C}{\isacharcomma}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec c\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C7369676D613E}{\isasymsigma}}{\isaliteral{5C3C72706172723E}{\isasymrparr}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C7A6574613E}{\isasymzeta}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C6C706172723E}{\isasymlparr}}\isaliteral{5C3C5E7665633E}{}\isactrlvec b\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C72686F3E}{\isasymrho}}{\isaliteral{2C}{\isacharcomma}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec c\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C7369676D613E}{\isasymsigma}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7A6574613E}{\isasymzeta}}{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} \\
2.1257 - \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}truncate{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}\isaliteral{5C3C5E7665633E}{}\isactrlvec b\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C72686F3E}{\isasymrho}}{\isaliteral{2C}{\isacharcomma}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec c\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C7369676D613E}{\isasymsigma}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7A6574613E}{\isasymzeta}}{\isaliteral{5C3C72706172723E}{\isasymrparr}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C6C706172723E}{\isasymlparr}}\isaliteral{5C3C5E7665633E}{}\isactrlvec b\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C72686F3E}{\isasymrho}}{\isaliteral{2C}{\isacharcomma}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec c\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C7369676D613E}{\isasymsigma}}{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} \\
2.1258 - \end{tabular}
2.1259 - \medskip
2.1260 -
2.1261 - \noindent Note that \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}make{\isaliteral{22}{\isachardoublequote}}} and \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}fields{\isaliteral{22}{\isachardoublequote}}} coincide
2.1262 - for root records.%
2.1263 -\end{isamarkuptext}%
2.1264 -\isamarkuptrue%
2.1265 -%
2.1266 -\isamarkupsubsection{Derived rules and proof tools%
2.1267 -}
2.1268 -\isamarkuptrue%
2.1269 -%
2.1270 -\begin{isamarkuptext}%
2.1271 -The record package proves several results internally, declaring
2.1272 - these facts to appropriate proof tools. This enables users to
2.1273 - reason about record structures quite conveniently. Assume that
2.1274 - \isa{t} is a record type as specified above.
2.1275 -
2.1276 - \begin{enumerate}
2.1277 -
2.1278 - \item Standard conversions for selectors or updates applied to
2.1279 - record constructor terms are made part of the default Simplifier
2.1280 - context; thus proofs by reduction of basic operations merely require
2.1281 - the \hyperlink{method.simp}{\mbox{\isa{simp}}} method without further arguments. These rules
2.1282 - are available as \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}simps{\isaliteral{22}{\isachardoublequote}}}, too.
2.1283 -
2.1284 - \item Selectors applied to updated records are automatically reduced
2.1285 - by an internal simplification procedure, which is also part of the
2.1286 - standard Simplifier setup.
2.1287 -
2.1288 - \item Inject equations of a form analogous to \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}x{\isaliteral{2C}{\isacharcomma}}\ y{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ {\isaliteral{28}{\isacharparenleft}}x{\isaliteral{27}{\isacharprime}}{\isaliteral{2C}{\isacharcomma}}\ y{\isaliteral{27}{\isacharprime}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C65717569763E}{\isasymequiv}}\ x\ {\isaliteral{3D}{\isacharequal}}\ x{\isaliteral{27}{\isacharprime}}\ {\isaliteral{5C3C616E643E}{\isasymand}}\ y\ {\isaliteral{3D}{\isacharequal}}\ y{\isaliteral{27}{\isacharprime}}{\isaliteral{22}{\isachardoublequote}}} are declared to the Simplifier and Classical
2.1289 - Reasoner as \hyperlink{attribute.iff}{\mbox{\isa{iff}}} rules. These rules are available as
2.1290 - \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}iffs{\isaliteral{22}{\isachardoublequote}}}.
2.1291 -
2.1292 - \item The introduction rule for record equality analogous to \isa{{\isaliteral{22}{\isachardoublequote}}x\ r\ {\isaliteral{3D}{\isacharequal}}\ x\ r{\isaliteral{27}{\isacharprime}}\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ y\ r\ {\isaliteral{3D}{\isacharequal}}\ y\ r{\isaliteral{27}{\isacharprime}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ r\ {\isaliteral{3D}{\isacharequal}}\ r{\isaliteral{27}{\isacharprime}}{\isaliteral{22}{\isachardoublequote}}} is declared to the Simplifier,
2.1293 - and as the basic rule context as ``\hyperlink{attribute.intro}{\mbox{\isa{intro}}}\isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{3F}{\isacharquery}}{\isaliteral{22}{\isachardoublequote}}}''.
2.1294 - The rule is called \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}equality{\isaliteral{22}{\isachardoublequote}}}.
2.1295 -
2.1296 - \item Representations of arbitrary record expressions as canonical
2.1297 - constructor terms are provided both in \hyperlink{method.cases}{\mbox{\isa{cases}}} and \hyperlink{method.induct}{\mbox{\isa{induct}}} format (cf.\ the generic proof methods of the same name,
2.1298 - \secref{sec:cases-induct}). Several variations are available, for
2.1299 - fixed records, record schemes, more parts etc.
2.1300 -
2.1301 - The generic proof methods are sufficiently smart to pick the most
2.1302 - sensible rule according to the type of the indicated record
2.1303 - expression: users just need to apply something like ``\isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}cases\ r{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}}'' to a certain proof problem.
2.1304 -
2.1305 - \item The derived record operations \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}make{\isaliteral{22}{\isachardoublequote}}}, \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}fields{\isaliteral{22}{\isachardoublequote}}}, \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}extend{\isaliteral{22}{\isachardoublequote}}}, \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}truncate{\isaliteral{22}{\isachardoublequote}}} are \emph{not}
2.1306 - treated automatically, but usually need to be expanded by hand,
2.1307 - using the collective fact \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}defs{\isaliteral{22}{\isachardoublequote}}}.
2.1308 -
2.1309 - \end{enumerate}%
2.1310 -\end{isamarkuptext}%
2.1311 -\isamarkuptrue%
2.1312 -%
2.1313 -\isamarkupsection{Datatypes \label{sec:hol-datatype}%
2.1314 -}
2.1315 -\isamarkuptrue%
2.1316 -%
2.1317 -\begin{isamarkuptext}%
2.1318 -\begin{matharray}{rcl}
2.1319 - \indexdef{HOL}{command}{datatype}\hypertarget{command.HOL.datatype}{\hyperlink{command.HOL.datatype}{\mbox{\isa{\isacommand{datatype}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ theory{\isaliteral{22}{\isachardoublequote}}} \\
2.1320 - \indexdef{HOL}{command}{rep\_datatype}\hypertarget{command.HOL.rep-datatype}{\hyperlink{command.HOL.rep-datatype}{\mbox{\isa{\isacommand{rep{\isaliteral{5F}{\isacharunderscore}}datatype}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ proof{\isaliteral{28}{\isacharparenleft}}prove{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}} \\
2.1321 - \end{matharray}
2.1322 -
2.1323 - \begin{railoutput}
2.1324 -\rail@begin{2}{}
2.1325 -\rail@term{\hyperlink{command.HOL.datatype}{\mbox{\isa{\isacommand{datatype}}}}}[]
2.1326 -\rail@plus
2.1327 -\rail@nont{\isa{spec}}[]
2.1328 -\rail@nextplus{1}
2.1329 -\rail@cterm{\isa{\isakeyword{and}}}[]
2.1330 -\rail@endplus
2.1331 -\rail@end
2.1332 -\rail@begin{3}{}
2.1333 -\rail@term{\hyperlink{command.HOL.rep-datatype}{\mbox{\isa{\isacommand{rep{\isaliteral{5F}{\isacharunderscore}}datatype}}}}}[]
2.1334 -\rail@bar
2.1335 -\rail@nextbar{1}
2.1336 -\rail@term{\isa{{\isaliteral{28}{\isacharparenleft}}}}[]
2.1337 -\rail@plus
2.1338 -\rail@nont{\hyperlink{syntax.name}{\mbox{\isa{name}}}}[]
2.1339 -\rail@nextplus{2}
2.1340 -\rail@endplus
2.1341 -\rail@term{\isa{{\isaliteral{29}{\isacharparenright}}}}[]
2.1342 -\rail@endbar
2.1343 -\rail@plus
2.1344 -\rail@nont{\hyperlink{syntax.term}{\mbox{\isa{term}}}}[]
2.1345 -\rail@nextplus{1}
2.1346 -\rail@endplus
2.1347 -\rail@end
2.1348 -\rail@begin{2}{\isa{spec}}
2.1349 -\rail@bar
2.1350 -\rail@nextbar{1}
2.1351 -\rail@nont{\hyperlink{syntax.parname}{\mbox{\isa{parname}}}}[]
2.1352 -\rail@endbar
2.1353 -\rail@nont{\hyperlink{syntax.typespec}{\mbox{\isa{typespec}}}}[]
2.1354 -\rail@bar
2.1355 -\rail@nextbar{1}
2.1356 -\rail@nont{\hyperlink{syntax.mixfix}{\mbox{\isa{mixfix}}}}[]
2.1357 -\rail@endbar
2.1358 -\rail@term{\isa{{\isaliteral{3D}{\isacharequal}}}}[]
2.1359 -\rail@plus
2.1360 -\rail@nont{\isa{cons}}[]
2.1361 -\rail@nextplus{1}
2.1362 -\rail@cterm{\isa{{\isaliteral{7C}{\isacharbar}}}}[]
2.1363 -\rail@endplus
2.1364 -\rail@end
2.1365 -\rail@begin{2}{\isa{cons}}
2.1366 -\rail@nont{\hyperlink{syntax.name}{\mbox{\isa{name}}}}[]
2.1367 -\rail@plus
2.1368 -\rail@nextplus{1}
2.1369 -\rail@cnont{\hyperlink{syntax.type}{\mbox{\isa{type}}}}[]
2.1370 -\rail@endplus
2.1371 -\rail@bar
2.1372 -\rail@nextbar{1}
2.1373 -\rail@nont{\hyperlink{syntax.mixfix}{\mbox{\isa{mixfix}}}}[]
2.1374 -\rail@endbar
2.1375 -\rail@end
2.1376 -\end{railoutput}
2.1377 -
2.1378 -
2.1379 - \begin{description}
2.1380 -
2.1381 - \item \hyperlink{command.HOL.datatype}{\mbox{\isa{\isacommand{datatype}}}} defines inductive datatypes in
2.1382 - HOL.
2.1383 -
2.1384 - \item \hyperlink{command.HOL.rep-datatype}{\mbox{\isa{\isacommand{rep{\isaliteral{5F}{\isacharunderscore}}datatype}}}} represents existing types as
2.1385 - inductive ones, generating the standard infrastructure of derived
2.1386 - concepts (primitive recursion etc.).
2.1387 -
2.1388 - \end{description}
2.1389 -
2.1390 - The induction and exhaustion theorems generated provide case names
2.1391 - according to the constructors involved, while parameters are named
2.1392 - after the types (see also \secref{sec:cases-induct}).
2.1393 -
2.1394 - See \cite{isabelle-HOL} for more details on datatypes, but beware of
2.1395 - the old-style theory syntax being used there! Apart from proper
2.1396 - proof methods for case-analysis and induction, there are also
2.1397 - emulations of ML tactics \hyperlink{method.HOL.case-tac}{\mbox{\isa{case{\isaliteral{5F}{\isacharunderscore}}tac}}} and \hyperlink{method.HOL.induct-tac}{\mbox{\isa{induct{\isaliteral{5F}{\isacharunderscore}}tac}}} available, see \secref{sec:hol-induct-tac}; these admit
2.1398 - to refer directly to the internal structure of subgoals (including
2.1399 - internally bound parameters).%
2.1400 -\end{isamarkuptext}%
2.1401 -\isamarkuptrue%
2.1402 -%
2.1403 \isamarkupsection{Functorial structure of types%
2.1404 }
2.1405 \isamarkuptrue%
2.1406 @@ -680,641 +1315,6 @@
2.1407 \end{isamarkuptext}%
2.1408 \isamarkuptrue%
2.1409 %
2.1410 -\isamarkupsection{Recursive functions \label{sec:recursion}%
2.1411 -}
2.1412 -\isamarkuptrue%
2.1413 -%
2.1414 -\begin{isamarkuptext}%
2.1415 -\begin{matharray}{rcl}
2.1416 - \indexdef{HOL}{command}{primrec}\hypertarget{command.HOL.primrec}{\hyperlink{command.HOL.primrec}{\mbox{\isa{\isacommand{primrec}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}local{\isaliteral{5F}{\isacharunderscore}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ local{\isaliteral{5F}{\isacharunderscore}}theory{\isaliteral{22}{\isachardoublequote}}} \\
2.1417 - \indexdef{HOL}{command}{fun}\hypertarget{command.HOL.fun}{\hyperlink{command.HOL.fun}{\mbox{\isa{\isacommand{fun}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}local{\isaliteral{5F}{\isacharunderscore}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ local{\isaliteral{5F}{\isacharunderscore}}theory{\isaliteral{22}{\isachardoublequote}}} \\
2.1418 - \indexdef{HOL}{command}{function}\hypertarget{command.HOL.function}{\hyperlink{command.HOL.function}{\mbox{\isa{\isacommand{function}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}local{\isaliteral{5F}{\isacharunderscore}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ proof{\isaliteral{28}{\isacharparenleft}}prove{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}} \\
2.1419 - \indexdef{HOL}{command}{termination}\hypertarget{command.HOL.termination}{\hyperlink{command.HOL.termination}{\mbox{\isa{\isacommand{termination}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}local{\isaliteral{5F}{\isacharunderscore}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ proof{\isaliteral{28}{\isacharparenleft}}prove{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}} \\
2.1420 - \end{matharray}
2.1421 -
2.1422 - \begin{railoutput}
2.1423 -\rail@begin{2}{}
2.1424 -\rail@term{\hyperlink{command.HOL.primrec}{\mbox{\isa{\isacommand{primrec}}}}}[]
2.1425 -\rail@bar
2.1426 -\rail@nextbar{1}
2.1427 -\rail@nont{\hyperlink{syntax.target}{\mbox{\isa{target}}}}[]
2.1428 -\rail@endbar
2.1429 -\rail@nont{\hyperlink{syntax.fixes}{\mbox{\isa{fixes}}}}[]
2.1430 -\rail@term{\isa{\isakeyword{where}}}[]
2.1431 -\rail@nont{\isa{equations}}[]
2.1432 -\rail@end
2.1433 -\rail@begin{4}{}
2.1434 -\rail@bar
2.1435 -\rail@term{\hyperlink{command.HOL.fun}{\mbox{\isa{\isacommand{fun}}}}}[]
2.1436 -\rail@nextbar{1}
2.1437 -\rail@term{\hyperlink{command.HOL.function}{\mbox{\isa{\isacommand{function}}}}}[]
2.1438 -\rail@endbar
2.1439 -\rail@bar
2.1440 -\rail@nextbar{1}
2.1441 -\rail@nont{\hyperlink{syntax.target}{\mbox{\isa{target}}}}[]
2.1442 -\rail@endbar
2.1443 -\rail@bar
2.1444 -\rail@nextbar{1}
2.1445 -\rail@nont{\isa{functionopts}}[]
2.1446 -\rail@endbar
2.1447 -\rail@nont{\hyperlink{syntax.fixes}{\mbox{\isa{fixes}}}}[]
2.1448 -\rail@cr{3}
2.1449 -\rail@term{\isa{\isakeyword{where}}}[]
2.1450 -\rail@nont{\isa{equations}}[]
2.1451 -\rail@end
2.1452 -\rail@begin{3}{\isa{equations}}
2.1453 -\rail@plus
2.1454 -\rail@bar
2.1455 -\rail@nextbar{1}
2.1456 -\rail@nont{\hyperlink{syntax.thmdecl}{\mbox{\isa{thmdecl}}}}[]
2.1457 -\rail@endbar
2.1458 -\rail@nont{\hyperlink{syntax.prop}{\mbox{\isa{prop}}}}[]
2.1459 -\rail@nextplus{2}
2.1460 -\rail@cterm{\isa{{\isaliteral{7C}{\isacharbar}}}}[]
2.1461 -\rail@endplus
2.1462 -\rail@end
2.1463 -\rail@begin{3}{\isa{functionopts}}
2.1464 -\rail@term{\isa{{\isaliteral{28}{\isacharparenleft}}}}[]
2.1465 -\rail@plus
2.1466 -\rail@bar
2.1467 -\rail@term{\isa{sequential}}[]
2.1468 -\rail@nextbar{1}
2.1469 -\rail@term{\isa{domintros}}[]
2.1470 -\rail@endbar
2.1471 -\rail@nextplus{2}
2.1472 -\rail@cterm{\isa{{\isaliteral{2C}{\isacharcomma}}}}[]
2.1473 -\rail@endplus
2.1474 -\rail@term{\isa{{\isaliteral{29}{\isacharparenright}}}}[]
2.1475 -\rail@end
2.1476 -\rail@begin{2}{}
2.1477 -\rail@term{\hyperlink{command.HOL.termination}{\mbox{\isa{\isacommand{termination}}}}}[]
2.1478 -\rail@bar
2.1479 -\rail@nextbar{1}
2.1480 -\rail@nont{\hyperlink{syntax.term}{\mbox{\isa{term}}}}[]
2.1481 -\rail@endbar
2.1482 -\rail@end
2.1483 -\end{railoutput}
2.1484 -
2.1485 -
2.1486 - \begin{description}
2.1487 -
2.1488 - \item \hyperlink{command.HOL.primrec}{\mbox{\isa{\isacommand{primrec}}}} defines primitive recursive
2.1489 - functions over datatypes, see also \cite{isabelle-HOL}.
2.1490 -
2.1491 - \item \hyperlink{command.HOL.function}{\mbox{\isa{\isacommand{function}}}} defines functions by general
2.1492 - wellfounded recursion. A detailed description with examples can be
2.1493 - found in \cite{isabelle-function}. The function is specified by a
2.1494 - set of (possibly conditional) recursive equations with arbitrary
2.1495 - pattern matching. The command generates proof obligations for the
2.1496 - completeness and the compatibility of patterns.
2.1497 -
2.1498 - The defined function is considered partial, and the resulting
2.1499 - simplification rules (named \isa{{\isaliteral{22}{\isachardoublequote}}f{\isaliteral{2E}{\isachardot}}psimps{\isaliteral{22}{\isachardoublequote}}}) and induction rule
2.1500 - (named \isa{{\isaliteral{22}{\isachardoublequote}}f{\isaliteral{2E}{\isachardot}}pinduct{\isaliteral{22}{\isachardoublequote}}}) are guarded by a generated domain
2.1501 - predicate \isa{{\isaliteral{22}{\isachardoublequote}}f{\isaliteral{5F}{\isacharunderscore}}dom{\isaliteral{22}{\isachardoublequote}}}. The \hyperlink{command.HOL.termination}{\mbox{\isa{\isacommand{termination}}}}
2.1502 - command can then be used to establish that the function is total.
2.1503 -
2.1504 - \item \hyperlink{command.HOL.fun}{\mbox{\isa{\isacommand{fun}}}} is a shorthand notation for ``\hyperlink{command.HOL.function}{\mbox{\isa{\isacommand{function}}}}~\isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}sequential{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}}, followed by automated
2.1505 - proof attempts regarding pattern matching and termination. See
2.1506 - \cite{isabelle-function} for further details.
2.1507 -
2.1508 - \item \hyperlink{command.HOL.termination}{\mbox{\isa{\isacommand{termination}}}}~\isa{f} commences a
2.1509 - termination proof for the previously defined function \isa{f}. If
2.1510 - this is omitted, the command refers to the most recent function
2.1511 - definition. After the proof is closed, the recursive equations and
2.1512 - the induction principle is established.
2.1513 -
2.1514 - \end{description}
2.1515 -
2.1516 - Recursive definitions introduced by the \hyperlink{command.HOL.function}{\mbox{\isa{\isacommand{function}}}}
2.1517 - command accommodate
2.1518 - reasoning by induction (cf.\ \secref{sec:cases-induct}): rule \isa{{\isaliteral{22}{\isachardoublequote}}c{\isaliteral{2E}{\isachardot}}induct{\isaliteral{22}{\isachardoublequote}}} (where \isa{c} is the name of the function definition)
2.1519 - refers to a specific induction rule, with parameters named according
2.1520 - to the user-specified equations. Cases are numbered (starting from 1).
2.1521 -
2.1522 - For \hyperlink{command.HOL.primrec}{\mbox{\isa{\isacommand{primrec}}}}, the induction principle coincides
2.1523 - with structural recursion on the datatype the recursion is carried
2.1524 - out.
2.1525 -
2.1526 - The equations provided by these packages may be referred later as
2.1527 - theorem list \isa{{\isaliteral{22}{\isachardoublequote}}f{\isaliteral{2E}{\isachardot}}simps{\isaliteral{22}{\isachardoublequote}}}, where \isa{f} is the (collective)
2.1528 - name of the functions defined. Individual equations may be named
2.1529 - explicitly as well.
2.1530 -
2.1531 - The \hyperlink{command.HOL.function}{\mbox{\isa{\isacommand{function}}}} command accepts the following
2.1532 - options.
2.1533 -
2.1534 - \begin{description}
2.1535 -
2.1536 - \item \isa{sequential} enables a preprocessor which disambiguates
2.1537 - overlapping patterns by making them mutually disjoint. Earlier
2.1538 - equations take precedence over later ones. This allows to give the
2.1539 - specification in a format very similar to functional programming.
2.1540 - Note that the resulting simplification and induction rules
2.1541 - correspond to the transformed specification, not the one given
2.1542 - originally. This usually means that each equation given by the user
2.1543 - may result in several theorems. Also note that this automatic
2.1544 - transformation only works for ML-style datatype patterns.
2.1545 -
2.1546 - \item \isa{domintros} enables the automated generation of
2.1547 - introduction rules for the domain predicate. While mostly not
2.1548 - needed, they can be helpful in some proofs about partial functions.
2.1549 -
2.1550 - \end{description}%
2.1551 -\end{isamarkuptext}%
2.1552 -\isamarkuptrue%
2.1553 -%
2.1554 -\isamarkupsubsection{Proof methods related to recursive definitions%
2.1555 -}
2.1556 -\isamarkuptrue%
2.1557 -%
2.1558 -\begin{isamarkuptext}%
2.1559 -\begin{matharray}{rcl}
2.1560 - \indexdef{HOL}{method}{pat\_completeness}\hypertarget{method.HOL.pat-completeness}{\hyperlink{method.HOL.pat-completeness}{\mbox{\isa{pat{\isaliteral{5F}{\isacharunderscore}}completeness}}}} & : & \isa{method} \\
2.1561 - \indexdef{HOL}{method}{relation}\hypertarget{method.HOL.relation}{\hyperlink{method.HOL.relation}{\mbox{\isa{relation}}}} & : & \isa{method} \\
2.1562 - \indexdef{HOL}{method}{lexicographic\_order}\hypertarget{method.HOL.lexicographic-order}{\hyperlink{method.HOL.lexicographic-order}{\mbox{\isa{lexicographic{\isaliteral{5F}{\isacharunderscore}}order}}}} & : & \isa{method} \\
2.1563 - \indexdef{HOL}{method}{size\_change}\hypertarget{method.HOL.size-change}{\hyperlink{method.HOL.size-change}{\mbox{\isa{size{\isaliteral{5F}{\isacharunderscore}}change}}}} & : & \isa{method} \\
2.1564 - \end{matharray}
2.1565 -
2.1566 - \begin{railoutput}
2.1567 -\rail@begin{1}{}
2.1568 -\rail@term{\hyperlink{method.HOL.relation}{\mbox{\isa{relation}}}}[]
2.1569 -\rail@nont{\hyperlink{syntax.term}{\mbox{\isa{term}}}}[]
2.1570 -\rail@end
2.1571 -\rail@begin{2}{}
2.1572 -\rail@term{\hyperlink{method.HOL.lexicographic-order}{\mbox{\isa{lexicographic{\isaliteral{5F}{\isacharunderscore}}order}}}}[]
2.1573 -\rail@plus
2.1574 -\rail@nextplus{1}
2.1575 -\rail@cnont{\hyperlink{syntax.clasimpmod}{\mbox{\isa{clasimpmod}}}}[]
2.1576 -\rail@endplus
2.1577 -\rail@end
2.1578 -\rail@begin{2}{}
2.1579 -\rail@term{\hyperlink{method.HOL.size-change}{\mbox{\isa{size{\isaliteral{5F}{\isacharunderscore}}change}}}}[]
2.1580 -\rail@nont{\isa{orders}}[]
2.1581 -\rail@plus
2.1582 -\rail@nextplus{1}
2.1583 -\rail@cnont{\hyperlink{syntax.clasimpmod}{\mbox{\isa{clasimpmod}}}}[]
2.1584 -\rail@endplus
2.1585 -\rail@end
2.1586 -\rail@begin{4}{\isa{orders}}
2.1587 -\rail@plus
2.1588 -\rail@nextplus{1}
2.1589 -\rail@bar
2.1590 -\rail@term{\isa{max}}[]
2.1591 -\rail@nextbar{2}
2.1592 -\rail@term{\isa{min}}[]
2.1593 -\rail@nextbar{3}
2.1594 -\rail@term{\isa{ms}}[]
2.1595 -\rail@endbar
2.1596 -\rail@endplus
2.1597 -\rail@end
2.1598 -\end{railoutput}
2.1599 -
2.1600 -
2.1601 - \begin{description}
2.1602 -
2.1603 - \item \hyperlink{method.HOL.pat-completeness}{\mbox{\isa{pat{\isaliteral{5F}{\isacharunderscore}}completeness}}} is a specialized method to
2.1604 - solve goals regarding the completeness of pattern matching, as
2.1605 - required by the \hyperlink{command.HOL.function}{\mbox{\isa{\isacommand{function}}}} package (cf.\
2.1606 - \cite{isabelle-function}).
2.1607 -
2.1608 - \item \hyperlink{method.HOL.relation}{\mbox{\isa{relation}}}~\isa{R} introduces a termination
2.1609 - proof using the relation \isa{R}. The resulting proof state will
2.1610 - contain goals expressing that \isa{R} is wellfounded, and that the
2.1611 - arguments of recursive calls decrease with respect to \isa{R}.
2.1612 - Usually, this method is used as the initial proof step of manual
2.1613 - termination proofs.
2.1614 -
2.1615 - \item \hyperlink{method.HOL.lexicographic-order}{\mbox{\isa{lexicographic{\isaliteral{5F}{\isacharunderscore}}order}}} attempts a fully
2.1616 - automated termination proof by searching for a lexicographic
2.1617 - combination of size measures on the arguments of the function. The
2.1618 - method accepts the same arguments as the \hyperlink{method.auto}{\mbox{\isa{auto}}} method,
2.1619 - which it uses internally to prove local descents. The same context
2.1620 - modifiers as for \hyperlink{method.auto}{\mbox{\isa{auto}}} are accepted, see
2.1621 - \secref{sec:clasimp}.
2.1622 -
2.1623 - In case of failure, extensive information is printed, which can help
2.1624 - to analyse the situation (cf.\ \cite{isabelle-function}).
2.1625 -
2.1626 - \item \hyperlink{method.HOL.size-change}{\mbox{\isa{size{\isaliteral{5F}{\isacharunderscore}}change}}} also works on termination goals,
2.1627 - using a variation of the size-change principle, together with a
2.1628 - graph decomposition technique (see \cite{krauss_phd} for details).
2.1629 - Three kinds of orders are used internally: \isa{max}, \isa{min},
2.1630 - and \isa{ms} (multiset), which is only available when the theory
2.1631 - \isa{Multiset} is loaded. When no order kinds are given, they are
2.1632 - tried in order. The search for a termination proof uses SAT solving
2.1633 - internally.
2.1634 -
2.1635 - For local descent proofs, the same context modifiers as for \hyperlink{method.auto}{\mbox{\isa{auto}}} are accepted, see \secref{sec:clasimp}.
2.1636 -
2.1637 - \end{description}%
2.1638 -\end{isamarkuptext}%
2.1639 -\isamarkuptrue%
2.1640 -%
2.1641 -\isamarkupsubsection{Functions with explicit partiality%
2.1642 -}
2.1643 -\isamarkuptrue%
2.1644 -%
2.1645 -\begin{isamarkuptext}%
2.1646 -\begin{matharray}{rcl}
2.1647 - \indexdef{HOL}{command}{partial\_function}\hypertarget{command.HOL.partial-function}{\hyperlink{command.HOL.partial-function}{\mbox{\isa{\isacommand{partial{\isaliteral{5F}{\isacharunderscore}}function}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}local{\isaliteral{5F}{\isacharunderscore}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ local{\isaliteral{5F}{\isacharunderscore}}theory{\isaliteral{22}{\isachardoublequote}}} \\
2.1648 - \indexdef{HOL}{attribute}{partial\_function\_mono}\hypertarget{attribute.HOL.partial-function-mono}{\hyperlink{attribute.HOL.partial-function-mono}{\mbox{\isa{partial{\isaliteral{5F}{\isacharunderscore}}function{\isaliteral{5F}{\isacharunderscore}}mono}}}} & : & \isa{attribute} \\
2.1649 - \end{matharray}
2.1650 -
2.1651 - \begin{railoutput}
2.1652 -\rail@begin{5}{}
2.1653 -\rail@term{\hyperlink{command.HOL.partial-function}{\mbox{\isa{\isacommand{partial{\isaliteral{5F}{\isacharunderscore}}function}}}}}[]
2.1654 -\rail@bar
2.1655 -\rail@nextbar{1}
2.1656 -\rail@nont{\hyperlink{syntax.target}{\mbox{\isa{target}}}}[]
2.1657 -\rail@endbar
2.1658 -\rail@term{\isa{{\isaliteral{28}{\isacharparenleft}}}}[]
2.1659 -\rail@nont{\hyperlink{syntax.nameref}{\mbox{\isa{nameref}}}}[]
2.1660 -\rail@term{\isa{{\isaliteral{29}{\isacharparenright}}}}[]
2.1661 -\rail@nont{\hyperlink{syntax.fixes}{\mbox{\isa{fixes}}}}[]
2.1662 -\rail@cr{3}
2.1663 -\rail@term{\isa{\isakeyword{where}}}[]
2.1664 -\rail@bar
2.1665 -\rail@nextbar{4}
2.1666 -\rail@nont{\hyperlink{syntax.thmdecl}{\mbox{\isa{thmdecl}}}}[]
2.1667 -\rail@endbar
2.1668 -\rail@nont{\hyperlink{syntax.prop}{\mbox{\isa{prop}}}}[]
2.1669 -\rail@end
2.1670 -\end{railoutput}
2.1671 -
2.1672 -
2.1673 - \begin{description}
2.1674 -
2.1675 - \item \hyperlink{command.HOL.partial-function}{\mbox{\isa{\isacommand{partial{\isaliteral{5F}{\isacharunderscore}}function}}}}~\isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}mode{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}} defines
2.1676 - recursive functions based on fixpoints in complete partial
2.1677 - orders. No termination proof is required from the user or
2.1678 - constructed internally. Instead, the possibility of non-termination
2.1679 - is modelled explicitly in the result type, which contains an
2.1680 - explicit bottom element.
2.1681 -
2.1682 - Pattern matching and mutual recursion are currently not supported.
2.1683 - Thus, the specification consists of a single function described by a
2.1684 - single recursive equation.
2.1685 -
2.1686 - There are no fixed syntactic restrictions on the body of the
2.1687 - function, but the induced functional must be provably monotonic
2.1688 - wrt.\ the underlying order. The monotonicitity proof is performed
2.1689 - internally, and the definition is rejected when it fails. The proof
2.1690 - can be influenced by declaring hints using the
2.1691 - \hyperlink{attribute.HOL.partial-function-mono}{\mbox{\isa{partial{\isaliteral{5F}{\isacharunderscore}}function{\isaliteral{5F}{\isacharunderscore}}mono}}} attribute.
2.1692 -
2.1693 - The mandatory \isa{mode} argument specifies the mode of operation
2.1694 - of the command, which directly corresponds to a complete partial
2.1695 - order on the result type. By default, the following modes are
2.1696 - defined:
2.1697 -
2.1698 - \begin{description}
2.1699 - \item \isa{option} defines functions that map into the \isa{option} type. Here, the value \isa{None} is used to model a
2.1700 - non-terminating computation. Monotonicity requires that if \isa{None} is returned by a recursive call, then the overall result
2.1701 - must also be \isa{None}. This is best achieved through the use of
2.1702 - the monadic operator \isa{{\isaliteral{22}{\isachardoublequote}}Option{\isaliteral{2E}{\isachardot}}bind{\isaliteral{22}{\isachardoublequote}}}.
2.1703 -
2.1704 - \item \isa{tailrec} defines functions with an arbitrary result
2.1705 - type and uses the slightly degenerated partial order where \isa{{\isaliteral{22}{\isachardoublequote}}undefined{\isaliteral{22}{\isachardoublequote}}} is the bottom element. Now, monotonicity requires that
2.1706 - if \isa{undefined} is returned by a recursive call, then the
2.1707 - overall result must also be \isa{undefined}. In practice, this is
2.1708 - only satisfied when each recursive call is a tail call, whose result
2.1709 - is directly returned. Thus, this mode of operation allows the
2.1710 - definition of arbitrary tail-recursive functions.
2.1711 - \end{description}
2.1712 -
2.1713 - Experienced users may define new modes by instantiating the locale
2.1714 - \isa{{\isaliteral{22}{\isachardoublequote}}partial{\isaliteral{5F}{\isacharunderscore}}function{\isaliteral{5F}{\isacharunderscore}}definitions{\isaliteral{22}{\isachardoublequote}}} appropriately.
2.1715 -
2.1716 - \item \hyperlink{attribute.HOL.partial-function-mono}{\mbox{\isa{partial{\isaliteral{5F}{\isacharunderscore}}function{\isaliteral{5F}{\isacharunderscore}}mono}}} declares rules for
2.1717 - use in the internal monononicity proofs of partial function
2.1718 - definitions.
2.1719 -
2.1720 - \end{description}%
2.1721 -\end{isamarkuptext}%
2.1722 -\isamarkuptrue%
2.1723 -%
2.1724 -\isamarkupsubsection{Old-style recursive function definitions (TFL)%
2.1725 -}
2.1726 -\isamarkuptrue%
2.1727 -%
2.1728 -\begin{isamarkuptext}%
2.1729 -The old TFL commands \hyperlink{command.HOL.recdef}{\mbox{\isa{\isacommand{recdef}}}} and \hyperlink{command.HOL.recdef-tc}{\mbox{\isa{\isacommand{recdef{\isaliteral{5F}{\isacharunderscore}}tc}}}} for defining recursive are mostly obsolete; \hyperlink{command.HOL.function}{\mbox{\isa{\isacommand{function}}}} or \hyperlink{command.HOL.fun}{\mbox{\isa{\isacommand{fun}}}} should be used instead.
2.1730 -
2.1731 - \begin{matharray}{rcl}
2.1732 - \indexdef{HOL}{command}{recdef}\hypertarget{command.HOL.recdef}{\hyperlink{command.HOL.recdef}{\mbox{\isa{\isacommand{recdef}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ theory{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}} \\
2.1733 - \indexdef{HOL}{command}{recdef\_tc}\hypertarget{command.HOL.recdef-tc}{\hyperlink{command.HOL.recdef-tc}{\mbox{\isa{\isacommand{recdef{\isaliteral{5F}{\isacharunderscore}}tc}}}}}\isa{{\isaliteral{22}{\isachardoublequote}}\isaliteral{5C3C5E7375703E}{}\isactrlsup {\isaliteral{2A}{\isacharasterisk}}{\isaliteral{22}{\isachardoublequote}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ proof{\isaliteral{28}{\isacharparenleft}}prove{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}} \\
2.1734 - \end{matharray}
2.1735 -
2.1736 - \begin{railoutput}
2.1737 -\rail@begin{5}{}
2.1738 -\rail@term{\hyperlink{command.HOL.recdef}{\mbox{\isa{\isacommand{recdef}}}}}[]
2.1739 -\rail@bar
2.1740 -\rail@nextbar{1}
2.1741 -\rail@term{\isa{{\isaliteral{28}{\isacharparenleft}}}}[]
2.1742 -\rail@term{\isa{\isakeyword{permissive}}}[]
2.1743 -\rail@term{\isa{{\isaliteral{29}{\isacharparenright}}}}[]
2.1744 -\rail@endbar
2.1745 -\rail@cr{3}
2.1746 -\rail@nont{\hyperlink{syntax.name}{\mbox{\isa{name}}}}[]
2.1747 -\rail@nont{\hyperlink{syntax.term}{\mbox{\isa{term}}}}[]
2.1748 -\rail@plus
2.1749 -\rail@nont{\hyperlink{syntax.prop}{\mbox{\isa{prop}}}}[]
2.1750 -\rail@nextplus{4}
2.1751 -\rail@endplus
2.1752 -\rail@bar
2.1753 -\rail@nextbar{4}
2.1754 -\rail@nont{\isa{hints}}[]
2.1755 -\rail@endbar
2.1756 -\rail@end
2.1757 -\rail@begin{2}{}
2.1758 -\rail@nont{\isa{recdeftc}}[]
2.1759 -\rail@bar
2.1760 -\rail@nextbar{1}
2.1761 -\rail@nont{\hyperlink{syntax.thmdecl}{\mbox{\isa{thmdecl}}}}[]
2.1762 -\rail@endbar
2.1763 -\rail@nont{\isa{tc}}[]
2.1764 -\rail@end
2.1765 -\rail@begin{2}{\isa{hints}}
2.1766 -\rail@term{\isa{{\isaliteral{28}{\isacharparenleft}}}}[]
2.1767 -\rail@term{\isa{\isakeyword{hints}}}[]
2.1768 -\rail@plus
2.1769 -\rail@nextplus{1}
2.1770 -\rail@cnont{\isa{recdefmod}}[]
2.1771 -\rail@endplus
2.1772 -\rail@term{\isa{{\isaliteral{29}{\isacharparenright}}}}[]
2.1773 -\rail@end
2.1774 -\rail@begin{4}{\isa{recdefmod}}
2.1775 -\rail@bar
2.1776 -\rail@bar
2.1777 -\rail@term{\isa{recdef{\isaliteral{5F}{\isacharunderscore}}simp}}[]
2.1778 -\rail@nextbar{1}
2.1779 -\rail@term{\isa{recdef{\isaliteral{5F}{\isacharunderscore}}cong}}[]
2.1780 -\rail@nextbar{2}
2.1781 -\rail@term{\isa{recdef{\isaliteral{5F}{\isacharunderscore}}wf}}[]
2.1782 -\rail@endbar
2.1783 -\rail@bar
2.1784 -\rail@nextbar{1}
2.1785 -\rail@term{\isa{add}}[]
2.1786 -\rail@nextbar{2}
2.1787 -\rail@term{\isa{del}}[]
2.1788 -\rail@endbar
2.1789 -\rail@term{\isa{{\isaliteral{3A}{\isacharcolon}}}}[]
2.1790 -\rail@nont{\hyperlink{syntax.thmrefs}{\mbox{\isa{thmrefs}}}}[]
2.1791 -\rail@nextbar{3}
2.1792 -\rail@nont{\hyperlink{syntax.clasimpmod}{\mbox{\isa{clasimpmod}}}}[]
2.1793 -\rail@endbar
2.1794 -\rail@end
2.1795 -\rail@begin{2}{\isa{tc}}
2.1796 -\rail@nont{\hyperlink{syntax.nameref}{\mbox{\isa{nameref}}}}[]
2.1797 -\rail@bar
2.1798 -\rail@nextbar{1}
2.1799 -\rail@term{\isa{{\isaliteral{28}{\isacharparenleft}}}}[]
2.1800 -\rail@nont{\hyperlink{syntax.nat}{\mbox{\isa{nat}}}}[]
2.1801 -\rail@term{\isa{{\isaliteral{29}{\isacharparenright}}}}[]
2.1802 -\rail@endbar
2.1803 -\rail@end
2.1804 -\end{railoutput}
2.1805 -
2.1806 -
2.1807 - \begin{description}
2.1808 -
2.1809 - \item \hyperlink{command.HOL.recdef}{\mbox{\isa{\isacommand{recdef}}}} defines general well-founded
2.1810 - recursive functions (using the TFL package), see also
2.1811 - \cite{isabelle-HOL}. The ``\isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}permissive{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}}'' option tells
2.1812 - TFL to recover from failed proof attempts, returning unfinished
2.1813 - results. The \isa{recdef{\isaliteral{5F}{\isacharunderscore}}simp}, \isa{recdef{\isaliteral{5F}{\isacharunderscore}}cong}, and \isa{recdef{\isaliteral{5F}{\isacharunderscore}}wf} hints refer to auxiliary rules to be used in the internal
2.1814 - automated proof process of TFL. Additional \hyperlink{syntax.clasimpmod}{\mbox{\isa{clasimpmod}}}
2.1815 - declarations (cf.\ \secref{sec:clasimp}) may be given to tune the
2.1816 - context of the Simplifier (cf.\ \secref{sec:simplifier}) and
2.1817 - Classical reasoner (cf.\ \secref{sec:classical}).
2.1818 -
2.1819 - \item \hyperlink{command.HOL.recdef-tc}{\mbox{\isa{\isacommand{recdef{\isaliteral{5F}{\isacharunderscore}}tc}}}}~\isa{{\isaliteral{22}{\isachardoublequote}}c\ {\isaliteral{28}{\isacharparenleft}}i{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}} recommences the
2.1820 - proof for leftover termination condition number \isa{i} (default
2.1821 - 1) as generated by a \hyperlink{command.HOL.recdef}{\mbox{\isa{\isacommand{recdef}}}} definition of
2.1822 - constant \isa{c}.
2.1823 -
2.1824 - Note that in most cases, \hyperlink{command.HOL.recdef}{\mbox{\isa{\isacommand{recdef}}}} is able to finish
2.1825 - its internal proofs without manual intervention.
2.1826 -
2.1827 - \end{description}
2.1828 -
2.1829 - \medskip Hints for \hyperlink{command.HOL.recdef}{\mbox{\isa{\isacommand{recdef}}}} may be also declared
2.1830 - globally, using the following attributes.
2.1831 -
2.1832 - \begin{matharray}{rcl}
2.1833 - \indexdef{HOL}{attribute}{recdef\_simp}\hypertarget{attribute.HOL.recdef-simp}{\hyperlink{attribute.HOL.recdef-simp}{\mbox{\isa{recdef{\isaliteral{5F}{\isacharunderscore}}simp}}}} & : & \isa{attribute} \\
2.1834 - \indexdef{HOL}{attribute}{recdef\_cong}\hypertarget{attribute.HOL.recdef-cong}{\hyperlink{attribute.HOL.recdef-cong}{\mbox{\isa{recdef{\isaliteral{5F}{\isacharunderscore}}cong}}}} & : & \isa{attribute} \\
2.1835 - \indexdef{HOL}{attribute}{recdef\_wf}\hypertarget{attribute.HOL.recdef-wf}{\hyperlink{attribute.HOL.recdef-wf}{\mbox{\isa{recdef{\isaliteral{5F}{\isacharunderscore}}wf}}}} & : & \isa{attribute} \\
2.1836 - \end{matharray}
2.1837 -
2.1838 - \begin{railoutput}
2.1839 -\rail@begin{3}{}
2.1840 -\rail@bar
2.1841 -\rail@term{\hyperlink{attribute.HOL.recdef-simp}{\mbox{\isa{recdef{\isaliteral{5F}{\isacharunderscore}}simp}}}}[]
2.1842 -\rail@nextbar{1}
2.1843 -\rail@term{\hyperlink{attribute.HOL.recdef-cong}{\mbox{\isa{recdef{\isaliteral{5F}{\isacharunderscore}}cong}}}}[]
2.1844 -\rail@nextbar{2}
2.1845 -\rail@term{\hyperlink{attribute.HOL.recdef-wf}{\mbox{\isa{recdef{\isaliteral{5F}{\isacharunderscore}}wf}}}}[]
2.1846 -\rail@endbar
2.1847 -\rail@bar
2.1848 -\rail@nextbar{1}
2.1849 -\rail@term{\isa{add}}[]
2.1850 -\rail@nextbar{2}
2.1851 -\rail@term{\isa{del}}[]
2.1852 -\rail@endbar
2.1853 -\rail@end
2.1854 -\end{railoutput}%
2.1855 -\end{isamarkuptext}%
2.1856 -\isamarkuptrue%
2.1857 -%
2.1858 -\isamarkupsection{Inductive and coinductive definitions \label{sec:hol-inductive}%
2.1859 -}
2.1860 -\isamarkuptrue%
2.1861 -%
2.1862 -\begin{isamarkuptext}%
2.1863 -An \textbf{inductive definition} specifies the least predicate (or
2.1864 - set) \isa{R} closed under given rules: applying a rule to elements
2.1865 - of \isa{R} yields a result within \isa{R}. For example, a
2.1866 - structural operational semantics is an inductive definition of an
2.1867 - evaluation relation.
2.1868 -
2.1869 - Dually, a \textbf{coinductive definition} specifies the greatest
2.1870 - predicate~/ set \isa{R} that is consistent with given rules: every
2.1871 - element of \isa{R} can be seen as arising by applying a rule to
2.1872 - elements of \isa{R}. An important example is using bisimulation
2.1873 - relations to formalise equivalence of processes and infinite data
2.1874 - structures.
2.1875 -
2.1876 - \medskip The HOL package is related to the ZF one, which is
2.1877 - described in a separate paper,\footnote{It appeared in CADE
2.1878 - \cite{paulson-CADE}; a longer version is distributed with Isabelle.}
2.1879 - which you should refer to in case of difficulties. The package is
2.1880 - simpler than that of ZF thanks to implicit type-checking in HOL.
2.1881 - The types of the (co)inductive predicates (or sets) determine the
2.1882 - domain of the fixedpoint definition, and the package does not have
2.1883 - to use inference rules for type-checking.
2.1884 -
2.1885 - \begin{matharray}{rcl}
2.1886 - \indexdef{HOL}{command}{inductive}\hypertarget{command.HOL.inductive}{\hyperlink{command.HOL.inductive}{\mbox{\isa{\isacommand{inductive}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}local{\isaliteral{5F}{\isacharunderscore}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ local{\isaliteral{5F}{\isacharunderscore}}theory{\isaliteral{22}{\isachardoublequote}}} \\
2.1887 - \indexdef{HOL}{command}{inductive\_set}\hypertarget{command.HOL.inductive-set}{\hyperlink{command.HOL.inductive-set}{\mbox{\isa{\isacommand{inductive{\isaliteral{5F}{\isacharunderscore}}set}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}local{\isaliteral{5F}{\isacharunderscore}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ local{\isaliteral{5F}{\isacharunderscore}}theory{\isaliteral{22}{\isachardoublequote}}} \\
2.1888 - \indexdef{HOL}{command}{coinductive}\hypertarget{command.HOL.coinductive}{\hyperlink{command.HOL.coinductive}{\mbox{\isa{\isacommand{coinductive}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}local{\isaliteral{5F}{\isacharunderscore}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ local{\isaliteral{5F}{\isacharunderscore}}theory{\isaliteral{22}{\isachardoublequote}}} \\
2.1889 - \indexdef{HOL}{command}{coinductive\_set}\hypertarget{command.HOL.coinductive-set}{\hyperlink{command.HOL.coinductive-set}{\mbox{\isa{\isacommand{coinductive{\isaliteral{5F}{\isacharunderscore}}set}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}local{\isaliteral{5F}{\isacharunderscore}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ local{\isaliteral{5F}{\isacharunderscore}}theory{\isaliteral{22}{\isachardoublequote}}} \\
2.1890 - \indexdef{HOL}{attribute}{mono}\hypertarget{attribute.HOL.mono}{\hyperlink{attribute.HOL.mono}{\mbox{\isa{mono}}}} & : & \isa{attribute} \\
2.1891 - \end{matharray}
2.1892 -
2.1893 - \begin{railoutput}
2.1894 -\rail@begin{7}{}
2.1895 -\rail@bar
2.1896 -\rail@term{\hyperlink{command.HOL.inductive}{\mbox{\isa{\isacommand{inductive}}}}}[]
2.1897 -\rail@nextbar{1}
2.1898 -\rail@term{\hyperlink{command.HOL.inductive-set}{\mbox{\isa{\isacommand{inductive{\isaliteral{5F}{\isacharunderscore}}set}}}}}[]
2.1899 -\rail@nextbar{2}
2.1900 -\rail@term{\hyperlink{command.HOL.coinductive}{\mbox{\isa{\isacommand{coinductive}}}}}[]
2.1901 -\rail@nextbar{3}
2.1902 -\rail@term{\hyperlink{command.HOL.coinductive-set}{\mbox{\isa{\isacommand{coinductive{\isaliteral{5F}{\isacharunderscore}}set}}}}}[]
2.1903 -\rail@endbar
2.1904 -\rail@bar
2.1905 -\rail@nextbar{1}
2.1906 -\rail@nont{\hyperlink{syntax.target}{\mbox{\isa{target}}}}[]
2.1907 -\rail@endbar
2.1908 -\rail@nont{\hyperlink{syntax.fixes}{\mbox{\isa{fixes}}}}[]
2.1909 -\rail@bar
2.1910 -\rail@nextbar{1}
2.1911 -\rail@term{\isa{\isakeyword{for}}}[]
2.1912 -\rail@nont{\hyperlink{syntax.fixes}{\mbox{\isa{fixes}}}}[]
2.1913 -\rail@endbar
2.1914 -\rail@cr{5}
2.1915 -\rail@bar
2.1916 -\rail@nextbar{6}
2.1917 -\rail@term{\isa{\isakeyword{where}}}[]
2.1918 -\rail@nont{\isa{clauses}}[]
2.1919 -\rail@endbar
2.1920 -\rail@bar
2.1921 -\rail@nextbar{6}
2.1922 -\rail@term{\isa{\isakeyword{monos}}}[]
2.1923 -\rail@nont{\hyperlink{syntax.thmrefs}{\mbox{\isa{thmrefs}}}}[]
2.1924 -\rail@endbar
2.1925 -\rail@end
2.1926 -\rail@begin{3}{\isa{clauses}}
2.1927 -\rail@plus
2.1928 -\rail@bar
2.1929 -\rail@nextbar{1}
2.1930 -\rail@nont{\hyperlink{syntax.thmdecl}{\mbox{\isa{thmdecl}}}}[]
2.1931 -\rail@endbar
2.1932 -\rail@nont{\hyperlink{syntax.prop}{\mbox{\isa{prop}}}}[]
2.1933 -\rail@nextplus{2}
2.1934 -\rail@cterm{\isa{{\isaliteral{7C}{\isacharbar}}}}[]
2.1935 -\rail@endplus
2.1936 -\rail@end
2.1937 -\rail@begin{3}{}
2.1938 -\rail@term{\hyperlink{attribute.HOL.mono}{\mbox{\isa{mono}}}}[]
2.1939 -\rail@bar
2.1940 -\rail@nextbar{1}
2.1941 -\rail@term{\isa{add}}[]
2.1942 -\rail@nextbar{2}
2.1943 -\rail@term{\isa{del}}[]
2.1944 -\rail@endbar
2.1945 -\rail@end
2.1946 -\end{railoutput}
2.1947 -
2.1948 -
2.1949 - \begin{description}
2.1950 -
2.1951 - \item \hyperlink{command.HOL.inductive}{\mbox{\isa{\isacommand{inductive}}}} and \hyperlink{command.HOL.coinductive}{\mbox{\isa{\isacommand{coinductive}}}} define (co)inductive predicates from the
2.1952 - introduction rules given in the \hyperlink{keyword.where}{\mbox{\isa{\isakeyword{where}}}} part. The
2.1953 - optional \hyperlink{keyword.for}{\mbox{\isa{\isakeyword{for}}}} part contains a list of parameters of the
2.1954 - (co)inductive predicates that remain fixed throughout the
2.1955 - definition. The optional \hyperlink{keyword.monos}{\mbox{\isa{\isakeyword{monos}}}} section contains
2.1956 - \emph{monotonicity theorems}, which are required for each operator
2.1957 - applied to a recursive set in the introduction rules. There
2.1958 - \emph{must} be a theorem of the form \isa{{\isaliteral{22}{\isachardoublequote}}A\ {\isaliteral{5C3C6C653E}{\isasymle}}\ B\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ M\ A\ {\isaliteral{5C3C6C653E}{\isasymle}}\ M\ B{\isaliteral{22}{\isachardoublequote}}},
2.1959 - for each premise \isa{{\isaliteral{22}{\isachardoublequote}}M\ R\isaliteral{5C3C5E7375623E}{}\isactrlsub i\ t{\isaliteral{22}{\isachardoublequote}}} in an introduction rule!
2.1960 -
2.1961 - \item \hyperlink{command.HOL.inductive-set}{\mbox{\isa{\isacommand{inductive{\isaliteral{5F}{\isacharunderscore}}set}}}} and \hyperlink{command.HOL.coinductive-set}{\mbox{\isa{\isacommand{coinductive{\isaliteral{5F}{\isacharunderscore}}set}}}} are wrappers for to the previous commands,
2.1962 - allowing the definition of (co)inductive sets.
2.1963 -
2.1964 - \item \hyperlink{attribute.HOL.mono}{\mbox{\isa{mono}}} declares monotonicity rules. These
2.1965 - rule are involved in the automated monotonicity proof of \hyperlink{command.HOL.inductive}{\mbox{\isa{\isacommand{inductive}}}}.
2.1966 -
2.1967 - \end{description}%
2.1968 -\end{isamarkuptext}%
2.1969 -\isamarkuptrue%
2.1970 -%
2.1971 -\isamarkupsubsection{Derived rules%
2.1972 -}
2.1973 -\isamarkuptrue%
2.1974 -%
2.1975 -\begin{isamarkuptext}%
2.1976 -Each (co)inductive definition \isa{R} adds definitions to the
2.1977 - theory and also proves some theorems:
2.1978 -
2.1979 - \begin{description}
2.1980 -
2.1981 - \item \isa{R{\isaliteral{2E}{\isachardot}}intros} is the list of introduction rules as proven
2.1982 - theorems, for the recursive predicates (or sets). The rules are
2.1983 - also available individually, using the names given them in the
2.1984 - theory file;
2.1985 -
2.1986 - \item \isa{R{\isaliteral{2E}{\isachardot}}cases} is the case analysis (or elimination) rule;
2.1987 -
2.1988 - \item \isa{R{\isaliteral{2E}{\isachardot}}induct} or \isa{R{\isaliteral{2E}{\isachardot}}coinduct} is the (co)induction
2.1989 - rule.
2.1990 -
2.1991 - \end{description}
2.1992 -
2.1993 - When several predicates \isa{{\isaliteral{22}{\isachardoublequote}}R\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}\ R\isaliteral{5C3C5E7375623E}{}\isactrlsub n{\isaliteral{22}{\isachardoublequote}}} are
2.1994 - defined simultaneously, the list of introduction rules is called
2.1995 - \isa{{\isaliteral{22}{\isachardoublequote}}R\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{5F}{\isacharunderscore}}{\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{5F}{\isacharunderscore}}R\isaliteral{5C3C5E7375623E}{}\isactrlsub n{\isaliteral{2E}{\isachardot}}intros{\isaliteral{22}{\isachardoublequote}}}, the case analysis rules are
2.1996 - called \isa{{\isaliteral{22}{\isachardoublequote}}R\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{2E}{\isachardot}}cases{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}\ R\isaliteral{5C3C5E7375623E}{}\isactrlsub n{\isaliteral{2E}{\isachardot}}cases{\isaliteral{22}{\isachardoublequote}}}, and the list
2.1997 - of mutual induction rules is called \isa{{\isaliteral{22}{\isachardoublequote}}R\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{5F}{\isacharunderscore}}{\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{5F}{\isacharunderscore}}R\isaliteral{5C3C5E7375623E}{}\isactrlsub n{\isaliteral{2E}{\isachardot}}inducts{\isaliteral{22}{\isachardoublequote}}}.%
2.1998 -\end{isamarkuptext}%
2.1999 -\isamarkuptrue%
2.2000 -%
2.2001 -\isamarkupsubsection{Monotonicity theorems%
2.2002 -}
2.2003 -\isamarkuptrue%
2.2004 -%
2.2005 -\begin{isamarkuptext}%
2.2006 -Each theory contains a default set of theorems that are used in
2.2007 - monotonicity proofs. New rules can be added to this set via the
2.2008 - \hyperlink{attribute.HOL.mono}{\mbox{\isa{mono}}} attribute. The HOL theory \isa{Inductive}
2.2009 - shows how this is done. In general, the following monotonicity
2.2010 - theorems may be added:
2.2011 -
2.2012 - \begin{itemize}
2.2013 -
2.2014 - \item Theorems of the form \isa{{\isaliteral{22}{\isachardoublequote}}A\ {\isaliteral{5C3C6C653E}{\isasymle}}\ B\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ M\ A\ {\isaliteral{5C3C6C653E}{\isasymle}}\ M\ B{\isaliteral{22}{\isachardoublequote}}}, for proving
2.2015 - monotonicity of inductive definitions whose introduction rules have
2.2016 - premises involving terms such as \isa{{\isaliteral{22}{\isachardoublequote}}M\ R\isaliteral{5C3C5E7375623E}{}\isactrlsub i\ t{\isaliteral{22}{\isachardoublequote}}}.
2.2017 -
2.2018 - \item Monotonicity theorems for logical operators, which are of the
2.2019 - general form \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{5C3C6C6F6E6772696768746172726F773E}{\isasymlongrightarrow}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{28}{\isacharparenleft}}{\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{5C3C6C6F6E6772696768746172726F773E}{\isasymlongrightarrow}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{5C3C6C6F6E6772696768746172726F773E}{\isasymlongrightarrow}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{22}{\isachardoublequote}}}. For example, in
2.2020 - the case of the operator \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6F723E}{\isasymor}}{\isaliteral{22}{\isachardoublequote}}}, the corresponding theorem is
2.2021 - \[
2.2022 - \infer{\isa{{\isaliteral{22}{\isachardoublequote}}P\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}\ {\isaliteral{5C3C6F723E}{\isasymor}}\ P\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{2}}\ {\isaliteral{5C3C6C6F6E6772696768746172726F773E}{\isasymlongrightarrow}}\ Q\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}\ {\isaliteral{5C3C6F723E}{\isasymor}}\ Q\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{2}}{\isaliteral{22}{\isachardoublequote}}}}{\isa{{\isaliteral{22}{\isachardoublequote}}P\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}\ {\isaliteral{5C3C6C6F6E6772696768746172726F773E}{\isasymlongrightarrow}}\ Q\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}P\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{2}}\ {\isaliteral{5C3C6C6F6E6772696768746172726F773E}{\isasymlongrightarrow}}\ Q\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{2}}{\isaliteral{22}{\isachardoublequote}}}}
2.2023 - \]
2.2024 -
2.2025 - \item De Morgan style equations for reasoning about the ``polarity''
2.2026 - of expressions, e.g.
2.2027 - \[
2.2028 - \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6E6F743E}{\isasymnot}}\ {\isaliteral{5C3C6E6F743E}{\isasymnot}}\ P\ {\isaliteral{5C3C6C6F6E676C65667472696768746172726F773E}{\isasymlongleftrightarrow}}\ P{\isaliteral{22}{\isachardoublequote}}} \qquad\qquad
2.2029 - \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6E6F743E}{\isasymnot}}\ {\isaliteral{28}{\isacharparenleft}}P\ {\isaliteral{5C3C616E643E}{\isasymand}}\ Q{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C6C6F6E676C65667472696768746172726F773E}{\isasymlongleftrightarrow}}\ {\isaliteral{5C3C6E6F743E}{\isasymnot}}\ P\ {\isaliteral{5C3C6F723E}{\isasymor}}\ {\isaliteral{5C3C6E6F743E}{\isasymnot}}\ Q{\isaliteral{22}{\isachardoublequote}}}
2.2030 - \]
2.2031 -
2.2032 - \item Equations for reducing complex operators to more primitive
2.2033 - ones whose monotonicity can easily be proved, e.g.
2.2034 - \[
2.2035 - \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}P\ {\isaliteral{5C3C6C6F6E6772696768746172726F773E}{\isasymlongrightarrow}}\ Q{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C6C6F6E676C65667472696768746172726F773E}{\isasymlongleftrightarrow}}\ {\isaliteral{5C3C6E6F743E}{\isasymnot}}\ P\ {\isaliteral{5C3C6F723E}{\isasymor}}\ Q{\isaliteral{22}{\isachardoublequote}}} \qquad\qquad
2.2036 - \isa{{\isaliteral{22}{\isachardoublequote}}Ball\ A\ P\ {\isaliteral{5C3C65717569763E}{\isasymequiv}}\ {\isaliteral{5C3C666F72616C6C3E}{\isasymforall}}x{\isaliteral{2E}{\isachardot}}\ x\ {\isaliteral{5C3C696E3E}{\isasymin}}\ A\ {\isaliteral{5C3C6C6F6E6772696768746172726F773E}{\isasymlongrightarrow}}\ P\ x{\isaliteral{22}{\isachardoublequote}}}
2.2037 - \]
2.2038 -
2.2039 - \end{itemize}
2.2040 -
2.2041 - %FIXME: Example of an inductive definition%
2.2042 -\end{isamarkuptext}%
2.2043 -\isamarkuptrue%
2.2044 -%
2.2045 \isamarkupsection{Arithmetic proof support%
2.2046 }
2.2047 \isamarkuptrue%