(* Title: Provers/classical 
2 
ID: $Id$ 

3 
Author: Lawrence C Paulson, Cambridge University Computer Laboratory 

4 
Copyright 1992 University of Cambridge 

5 

6 
Theorem prover for classical reasoning, including predicate calculus, set 

7 
theory, etc. 

8 

9 
Rules must be classified as intr, elim, safe, hazardous. 

10 

11 
A rule is unsafe unless it can be applied blindly without harmful results. 

12 
For a rule to be safe, its premises and conclusion should be logically 

13 
equivalent. There should be no variables in the premises that are not in 

14 
the conclusion. 

15 
*) 

16 

17 
infix 1 THEN_MAYBE; 
18 

0  19 
signature CLASSICAL_DATA = 
20 
sig 

21 
val mp : thm (* [ P>Q; P ] ==> Q *) 
22 
val not_elim : thm (* [ ~P; P ] ==> R *) 
23 
val classical : thm (* (~P ==> P) ==> P *) 
24 
val sizef : thm > int (* size function for BEST_FIRST *) 
0  25 
val hyp_subst_tacs: (int > tactic) list 
26 
end; 

27 

28 
(*Higher precedence than := facilitates use of references*) 

29 
infix 4 addSIs addSEs addSDs addIs addEs addDs 
30 
setwrapper compwrapper addbefore addafter; 
0  31 

32 

33 
signature CLASSICAL = 

34 
sig 

35 
type claset 

36 
val empty_cs : claset 
37 
val addDs : claset * thm list > claset 
38 
val addEs : claset * thm list > claset 
39 
val addIs : claset * thm list > claset 
40 
val addSDs : claset * thm list > claset 
41 
val addSEs : claset * thm list > claset 
42 
val addSIs : claset * thm list > claset 
43 
val setwrapper : claset * (tactic>tactic) > claset 
44 
val compwrapper : claset * (tactic>tactic) > claset 
45 
val addbefore : claset * tactic > claset 
46 
val addafter : claset * tactic > claset 
47 

48 
val print_cs : claset > unit 
49 
val rep_claset : claset > {safeIs: thm list, safeEs: thm list, 
50 
hazIs: thm list, hazEs: thm list, 
51 
wrapper: tactic > tactic} 
52 
val getwrapper : claset > tactic > tactic 
53 
val THEN_MAYBE : tactic * tactic > tactic 
54 

55 
val best_tac : claset > int > tactic 
56 
val contr_tac : int > tactic 
57 
val depth_tac : claset > int > int > tactic 
58 
val deepen_tac : claset > int > int > tactic 
59 
val dup_elim : thm > thm 
60 
val dup_intr : thm > thm 
61 
val dup_step_tac : claset > int > tactic 
62 
val eq_mp_tac : int > tactic 
63 
val fast_tac : claset > int > tactic 
64 
val haz_step_tac : claset > int > tactic 
65 
val joinrules : thm list * thm list > (bool * thm) list 
66 
val mp_tac : int > tactic 
67 
val safe_tac : claset > tactic 
68 
val safe_step_tac : claset > int > tactic 
69 
val slow_step_tac : claset > int > tactic 
70 
val slow_best_tac : claset > int > tactic 
71 
val slow_tac : claset > int > tactic 
72 
val step_tac : claset > int > tactic 
73 
val swap : thm (* ~P ==> (~Q ==> P) ==> Q *) 
74 
val swapify : thm list > thm list 
75 
val swap_res_tac : thm list > int > tactic 
76 
val inst_step_tac : claset > int > tactic 
77 
val inst0_step_tac : claset > int > tactic 
78 
val instp_step_tac : claset > int > tactic 
0  79 
end; 
80 

81 

82 
functor ClassicalFun(Data: CLASSICAL_DATA): CLASSICAL = 

83 
struct 

84 

85 
local open Data in 

86 

87 
(** Useful tactics for classical reasoning **) 

88 

89 
val imp_elim = make_elim mp; 

90 

91 
(*Solve goal that assumes both P and ~P. *) 

92 
val contr_tac = eresolve_tac [not_elim] THEN' assume_tac; 

93 

94 
(*Finds P>Q and P in the assumptions, replaces implication by Q. 
95 
Could do the same thing for P<>Q and P... *) 
96 
fun mp_tac i = eresolve_tac [not_elim, imp_elim] i THEN assume_tac i; 
0  97 

98 
(*Like mp_tac but instantiates no variables*) 

99 
fun eq_mp_tac i = ematch_tac [not_elim, imp_elim] i THEN eq_assume_tac i; 
100 

101 
val swap = rule_by_tactic (etac thin_rl 1) (not_elim RS classical); 
0  102 

103 
(*Creates rules to eliminate ~A, from rules to introduce A*) 

104 
fun swapify intrs = intrs RLN (2, [swap]); 

105 

106 
(*Uses introduction rules in the normal way, or on negated assumptions, 

107 
trying rules in order. *) 

108 
fun swap_res_tac rls = 

54  109 
let fun addrl (rl,brls) = (false, rl) :: (true, rl RSN (2,swap)) :: brls 
110 
in assume_tac ORELSE' 

111 
contr_tac ORELSE' 

112 
biresolve_tac (foldr addrl (rls,[])) 

0  113 
end; 
114 

115 
(*Duplication of hazardous rules, for complete provers*) 
116 
fun dup_intr th = standard (th RS classical); 
117 

118 
fun dup_elim th = th RSN (2, revcut_rl) > assumption 2 > Sequence.hd > 
119 
rule_by_tactic (TRYALL (etac revcut_rl)); 
0  120 

121 
(*** Classical rule sets ***) 

122 

123 
type netpair = (int*(bool*thm)) Net.net * (int*(bool*thm)) Net.net; 

124 

125 
datatype claset = 

126 
CS of {safeIs : thm list, (*safe introduction rules*) 
127 
safeEs : thm list, (*safe elimination rules*) 
128 
hazIs : thm list, (*unsafe introduction rules*) 
129 
hazEs : thm list, (*unsafe elimination rules*) 
130 
wrapper : tactic>tactic, (*for transforming step_tac*) 
131 
safe0_netpair : netpair, (*nets for trivial cases*) 
132 
safep_netpair : netpair, (*nets for >0 subgoals*) 
133 
haz_netpair : netpair, (*nets for unsafe rules*) 
134 
dup_netpair : netpair}; (*nets for duplication*) 
0  135 

136 
fun rep_claset (CS{safeIs,safeEs,hazIs,hazEs,wrapper,...}) = 
137 
{safeIs=safeIs, safeEs=safeEs, hazIs=hazIs, hazEs=hazEs, wrapper=wrapper}; 
0  138 

139 
fun getwrapper (CS{wrapper,...}) = wrapper; 
140 

141 
(*For use with biresolve_tac. Combines intr rules with swap to handle negated 
142 
assumptions. Pairs elim rules with true. Sorts the list of pairs by 
143 
the number of new subgoals generated. *) 
0  144 
fun joinrules (intrs,elims) = 
145 
sort lessb 

146 
(map (pair true) (elims @ swapify intrs) @ 

147 
map (pair false) intrs); 

148 

149 
val build = build_netpair(Net.empty,Net.empty); 
150 

0  151 
(*Make a claset from the four kinds of rules*) 
152 
fun make_cs {safeIs,safeEs,hazIs,hazEs,wrapper} = 
let val (safe0_brls, safep_brls) = (*0 subgoals vs 1 or more*) 
154 
take_prefix (fn brl => subgoals_of_brl brl=0) 

155 
(joinrules(safeIs, safeEs)) 

156 
in CS{safeIs = safeIs, 

157 
safeEs = safeEs, 

158 
hazIs = hazIs, 

159 
hazEs = hazEs, 

160 
wrapper = wrapper, 
161 
safe0_netpair = build safe0_brls, 
162 
safep_netpair = build safep_brls, 
163 
haz_netpair = build (joinrules(hazIs, hazEs)), 
164 
dup_netpair = build (joinrules(map dup_intr hazIs, 
165 
map dup_elim hazEs))} 
0  166 
end; 
167 

168 
(*** Manipulation of clasets ***) 

169 

170 
val empty_cs = make_cs{safeIs=[], safeEs=[], hazIs=[], hazEs=[], wrapper=I}; 
0  171 

172 
fun print_cs (CS{safeIs,safeEs,hazIs,hazEs,...}) = 

173 
(writeln"Introduction rules"; prths hazIs; 

174 
writeln"Safe introduction rules"; prths safeIs; 

175 
writeln"Elimination rules"; prths hazEs; 

176 
writeln"Safe elimination rules"; prths safeEs; 

177 
()); 

178 

179 
(** Adding new (un)safe introduction or elimination rules **) 
0  180 

181 
fun (CS{safeIs,safeEs,hazIs,hazEs,wrapper,...}) addSIs ths = 
182 
make_cs {safeIs=ths@safeIs, 
183 
safeEs=safeEs, hazIs=hazIs, hazEs=hazEs, wrapper=wrapper}; 
184 

185 
fun (CS{safeIs,safeEs,hazIs,hazEs,wrapper,...}) addSEs ths = 
186 
make_cs {safeEs=ths@safeEs, 
187 
safeIs=safeIs, hazIs=hazIs, hazEs=hazEs, wrapper=wrapper}; 
0  188 

189 
fun cs addSDs ths = cs addSEs (map make_elim ths); 

190 

191 
fun (CS{safeIs,safeEs,hazIs,hazEs,wrapper,...}) addIs ths = 
192 
make_cs {hazIs=ths@hazIs, 
193 
safeIs=safeIs, safeEs=safeEs, hazEs=hazEs, wrapper=wrapper}; 
0  194 

195 
fun (CS{safeIs,safeEs,hazIs,hazEs,wrapper,...}) addEs ths = 
196 
make_cs {hazEs=ths@hazEs, 
197 
safeIs=safeIs, safeEs=safeEs, hazIs=hazIs, wrapper=wrapper}; 
0  198 

199 
fun cs addDs ths = cs addEs (map make_elim ths); 

200 

201 
(** Setting or modifying the wrapper tactical **) 
202 

203 
(*Set a new wrapper*) 
204 
fun (CS{safeIs,safeEs,hazIs,hazEs,...}) setwrapper wrapper = 
205 
make_cs {wrapper=wrapper, 
206 
safeIs=safeIs, safeEs=safeEs, hazIs=hazIs, hazEs=hazEs}; 
207 

208 
(*Compose a tactical with the existing wrapper*) 
209 
fun cs compwrapper wrapper' = cs setwrapper (wrapper' o getwrapper cs); 
210 

211 
(*Execute tac1, but only execute tac2 if there are at least as many subgoals 
212 
as before. This ensures that tac2 is only applied to an outcome of tac1.*) 
213 
fun tac1 THEN_MAYBE tac2 = 
214 
STATE (fn state => 
215 
tac1 THEN 
216 
COND (has_fewer_prems (nprems_of state)) all_tac tac2); 
217 

218 
(*Cause a tactic to be executed before/after the step tactic*) 
219 
fun cs addbefore tac2 = cs compwrapper (fn tac1 => tac2 THEN_MAYBE tac1); 
220 
fun cs addafter tac2 = cs compwrapper (fn tac1 => tac1 THEN_MAYBE tac2); 
221 

222 

0  224 
(*** Simple tactics for theorem proving ***) 
225 

226 
(*Attack subgoals using safe inferences  matching, not resolution*) 

227 
fun safe_step_tac (CS{safe0_netpair,safep_netpair,...}) = 

228 
FIRST' [eq_assume_tac, 

229 
eq_mp_tac, 

230 
bimatch_from_nets_tac safe0_netpair, 

231 
FIRST' hyp_subst_tacs, 

232 
bimatch_from_nets_tac safep_netpair] ; 

233 

234 
(*Repeatedly attack subgoals using safe inferences  it's deterministic!*) 

235 
fun safe_tac cs = REPEAT_DETERM_FIRST (safe_step_tac cs); 
236 

237 
(*But these unsafe steps at least solve a subgoal!*) 
238 
fun inst0_step_tac (CS{safe0_netpair,safep_netpair,...}) = 
239 
assume_tac APPEND' 
240 
contr_tac APPEND' 
241 
biresolve_from_nets_tac safe0_netpair; 
242 

243 
(*These are much worse since they could generate more and more subgoals*) 
244 
fun instp_step_tac (CS{safep_netpair,...}) = 
245 
biresolve_from_nets_tac safep_netpair; 
0  246 

247 
(*These steps could instantiate variables and are therefore unsafe.*) 

747
248 
fun inst_step_tac cs = inst0_step_tac cs APPEND' instp_step_tac cs; 
0  249 

250 
fun haz_step_tac (CS{haz_netpair,...}) = 
9b02474744ca
Provers/classical: now takes theorem "classical" as argument, proves "swap"
lcp
parents:
469
diff
changeset

251 
biresolve_from_nets_tac haz_netpair; 
9b02474744ca
Provers/classical: now takes theorem "classical" as argument, proves "swap"
lcp
parents:
469
diff
changeset

252 

0  253 
(*Single step for the prover. FAILS unless it makes progress. *) 
681
9b02474744ca
Provers/classical: now takes theorem "classical" as argument, proves "swap"
lcp
parents:
469
diff
changeset

254 
fun step_tac cs i = 
982
4fe0b642b7d5
Addition of wrappers for integration with the simplifier.
lcp
parents:
747
diff
changeset

255 
getwrapper cs 
4fe0b642b7d5
Addition of wrappers for integration with the simplifier.
lcp
parents:
747
diff
changeset

256 
(FIRST [safe_tac cs, inst_step_tac cs i, haz_step_tac cs i]); 
0  257 

258 
(*Using a "safe" rule to instantiate variables is unsafe. This tactic 

259 
allows backtracking from "safe" rules to "unsafe" rules here.*) 

681
9b02474744ca
Provers/classical: now takes theorem "classical" as argument, proves "swap"
lcp
parents:
469
diff
changeset

260 
fun slow_step_tac cs i = 
982
4fe0b642b7d5
Addition of wrappers for integration with the simplifier.
lcp
parents:
747
diff
changeset

261 
getwrapper cs 
4fe0b642b7d5
Addition of wrappers for integration with the simplifier.
lcp
parents:
747
diff
changeset

262 
(safe_tac cs ORELSE (inst_step_tac cs i APPEND haz_step_tac cs i)); 
0  263 

264 
(*** The following tactics all fail unless they solve one goal ***) 

265 

266 
(*Dumb but fast*) 

267 
fun fast_tac cs = SELECT_GOAL (DEPTH_SOLVE (step_tac cs 1)); 

268 

269 
(*Slower but smarter than fast_tac*) 

270 
fun best_tac cs = 

271 
SELECT_GOAL (BEST_FIRST (has_fewer_prems 1, sizef) (step_tac cs 1)); 

272 

273 
fun slow_tac cs = SELECT_GOAL (DEPTH_SOLVE (slow_step_tac cs 1)); 

274 

275 
fun slow_best_tac cs = 

276 
SELECT_GOAL (BEST_FIRST (has_fewer_prems 1, sizef) (slow_step_tac cs 1)); 

277 

278 

982
279 
(*** Complete tactic, loosely based upon LeanTaP. This tactic is the outcome 
bdc066781063
deepen_tac: modified due to outcome of experiments. Its
lcp
parents:
681
diff
changeset

280 
of much experimentation! Changing APPEND to ORELSE below would prove 
bdc066781063
deepen_tac: modified due to outcome of experiments. Its
lcp
parents:
681
diff
changeset

281 
easy theorems faster, but loses completeness  and many of the harder 
bdc066781063
deepen_tac: modified due to outcome of experiments. Its
lcp
parents:
681
diff
changeset

282 
theorems such as 43. ***) 
681
283 

747
284 
(*Nondeterministic! Could always expand the first unsafe connective. 
285 
That's hard to implement and did not perform better in experiments, due to 
286 
greater search depth required.*) 
changeset

287 
9b02474744ca
Provers/classical: now takes theorem "classical" as argument, proves "swap"
lcp
parents:
469
diff
changeset

288 
biresolve_from_nets_tac dup_netpair; 
9b02474744ca
Provers/classical: now takes theorem "classical" as argument, proves "swap"
lcp
parents:
469
diff
changeset

289 

747
290 
(*Searching to depth m.*) 
291 
fun depth_tac cs m i = STATE(fn state => 
292 
SELECT_GOAL 
293 
(REPEAT_DETERM1 (safe_step_tac cs 1) THEN_ELSE 
294 
(DEPTH_SOLVE (depth_tac cs m 1), 
295 
inst0_step_tac cs 1 APPEND 
296 
COND (K(m=0)) no_tac 
297 
((instp_step_tac cs 1 APPEND dup_step_tac cs 1) 
298 
THEN DEPTH_SOLVE (depth_tac cs (m1) 1)))) 
299 
i); 
300 

301 
(*Iterative deepening tactical. Allows us to "deepen" any search tactic*) 
302 
fun DEEPEN tacf m i = STATE(fn state => 
303 
if has_fewer_prems i state then no_tac 
304 
else (writeln ("Depth = " ^ string_of_int m); 
305 
tacf m i ORELSE DEEPEN tacf (m+2) i)); 
306 

307 
fun safe_depth_tac cs m = 
681
308 
SUBGOAL 
309 
(fn (prem,i) => 
310 
let val deti = 
311 
(*No Vars in the goal? No need to backtrack between goals.*) 
312 
case term_vars prem of 
313 
[] => DETERM 
314 
 _::_ => I 
315 
in SELECT_GOAL (TRY (safe_tac cs) THEN 
bdc066781063
deepen_tac: modified due to outcome of experiments. Its
lcp
parents:
681
diff
changeset

316 
DEPTH_SOLVE (deti (depth_tac cs m 1))) i 
bdc066781063
deepen_tac: modified due to outcome of experiments. Its
lcp
parents:
681
diff
changeset

317 
end); 
681
318 

747
319 
fun deepen_tac cs = DEEPEN (safe_depth_tac cs); 
681
320 

0  321 
end; 
322 
end; 