doc-src/IsarRef/generic.tex
author wenzelm
Sun May 21 14:44:01 2000 +0200 (2000-05-21)
changeset 8901 e591fc327675
parent 8811 6ec0c8f9d68d
child 8904 0bb77c5b86cc
permissions -rw-r--r--
cite isabelle-axclass;
     1 
     2 \chapter{Generic Tools and Packages}\label{ch:gen-tools}
     3 
     4 \section{Axiomatic Type Classes}\label{sec:axclass}
     5 
     6 \indexisarcmd{axclass}\indexisarcmd{instance}\indexisarmeth{intro-classes}
     7 \begin{matharray}{rcl}
     8   \isarcmd{axclass} & : & \isartrans{theory}{theory} \\
     9   \isarcmd{instance} & : & \isartrans{theory}{proof(prove)} \\
    10   intro_classes & : & \isarmeth \\
    11 \end{matharray}
    12 
    13 Axiomatic type classes are provided by Isabelle/Pure as a \emph{definitional}
    14 interface to type classes (cf.~\S\ref{sec:classes}).  Thus any object logic
    15 may make use of this light-weight mechanism of abstract theories
    16 \cite{Wenzel:1997:TPHOL}.  There is also a tutorial on using axiomatic type
    17 classes in isabelle \cite{isabelle-axclass} that is part of the standard
    18 Isabelle documentation.
    19 
    20 \begin{rail}
    21   'axclass' classdecl (axmdecl prop comment? +)
    22   ;
    23   'instance' (nameref '<' nameref | nameref '::' simplearity) comment?
    24   ;
    25 \end{rail}
    26 
    27 \begin{descr}
    28 \item [$\isarkeyword{axclass}~c < \vec c~axms$] defines an axiomatic type
    29   class as the intersection of existing classes, with additional axioms
    30   holding.  Class axioms may not contain more than one type variable.  The
    31   class axioms (with implicit sort constraints added) are bound to the given
    32   names.  Furthermore a class introduction rule is generated, which is
    33   employed by method $intro_classes$ to support instantiation proofs of this
    34   class.
    35   
    36 \item [$\isarkeyword{instance}~c@1 < c@2$ and $\isarkeyword{instance}~t ::
    37   (\vec s)c$] setup a goal stating a class relation or type arity.  The proof
    38   would usually proceed by $intro_classes$, and then establish the
    39   characteristic theorems of the type classes involved.  After finishing the
    40   proof, the theory will be augmented by a type signature declaration
    41   corresponding to the resulting theorem.
    42 \item [$intro_classes$] repeatedly expands all class introduction rules of
    43   this theory.
    44 \end{descr}
    45 
    46 
    47 \section{Calculational proof}\label{sec:calculation}
    48 
    49 \indexisarcmd{also}\indexisarcmd{finally}
    50 \indexisarcmd{moreover}\indexisarcmd{ultimately}
    51 \indexisaratt{trans}
    52 \begin{matharray}{rcl}
    53   \isarcmd{also} & : & \isartrans{proof(state)}{proof(state)} \\
    54   \isarcmd{finally} & : & \isartrans{proof(state)}{proof(chain)} \\
    55   \isarcmd{moreover} & : & \isartrans{proof(state)}{proof(state)} \\
    56   \isarcmd{ultimately} & : & \isartrans{proof(state)}{proof(chain)} \\
    57   trans & : & \isaratt \\
    58 \end{matharray}
    59 
    60 Calculational proof is forward reasoning with implicit application of
    61 transitivity rules (such those of $=$, $\le$, $<$).  Isabelle/Isar maintains
    62 an auxiliary register $calculation$\indexisarthm{calculation} for accumulating
    63 results obtained by transitivity composed with the current result.  Command
    64 $\ALSO$ updates $calculation$ involving $this$, while $\FINALLY$ exhibits the
    65 final $calculation$ by forward chaining towards the next goal statement.  Both
    66 commands require valid current facts, i.e.\ may occur only after commands that
    67 produce theorems such as $\ASSUMENAME$, $\NOTENAME$, or some finished proof of
    68 $\HAVENAME$, $\SHOWNAME$ etc.  The $\MOREOVER$ and $\ULTIMATELY$ commands are
    69 similar to $\ALSO$ and $\FINALLY$, but only collect further results in
    70 $calculation$ without applying any rules yet.
    71 
    72 Also note that the automatic term abbreviation ``$\dots$'' has its canonical
    73 application with calculational proofs.  It refers to the argument\footnote{The
    74   argument of a curried infix expression is its right-hand side.} of the
    75 preceding statement.
    76 
    77 Isabelle/Isar calculations are implicitly subject to block structure in the
    78 sense that new threads of calculational reasoning are commenced for any new
    79 block (as opened by a local goal, for example).  This means that, apart from
    80 being able to nest calculations, there is no separate \emph{begin-calculation}
    81 command required.
    82 
    83 \medskip
    84 
    85 The Isar calculation proof commands may be defined as
    86 follows:\footnote{Internal bookkeeping such as proper handling of
    87   block-structure has been suppressed.}
    88 \begin{matharray}{rcl}
    89   \ALSO@0 & \equiv & \NOTE{calculation}{this} \\
    90   \ALSO@{n+1} & \equiv & \NOTE{calculation}{trans~[OF~calculation~this]} \\
    91   \FINALLY & \equiv & \ALSO~\FROM{calculation} \\
    92   \MOREOVER & \equiv & \NOTE{calculation}{calculation~this} \\
    93   \ULTIMATELY & \equiv & \MOREOVER~\FROM{calculation} \\
    94 \end{matharray}
    95 
    96 \begin{rail}
    97   ('also' | 'finally') transrules? comment?
    98   ;
    99   ('moreover' | 'ultimately') comment?
   100   ;
   101   'trans' (() | 'add' | 'del')
   102   ;
   103 
   104   transrules: '(' thmrefs ')' interest?
   105   ;
   106 \end{rail}
   107 
   108 \begin{descr}
   109 \item [$\ALSO~(\vec a)$] maintains the auxiliary $calculation$ register as
   110   follows.  The first occurrence of $\ALSO$ in some calculational thread
   111   initializes $calculation$ by $this$. Any subsequent $\ALSO$ on the same
   112   level of block-structure updates $calculation$ by some transitivity rule
   113   applied to $calculation$ and $this$ (in that order).  Transitivity rules are
   114   picked from the current context plus those given as explicit arguments (the
   115   latter have precedence).
   116   
   117 \item [$\FINALLY~(\vec a)$] maintaining $calculation$ in the same way as
   118   $\ALSO$, and concludes the current calculational thread.  The final result
   119   is exhibited as fact for forward chaining towards the next goal. Basically,
   120   $\FINALLY$ just abbreviates $\ALSO~\FROM{calculation}$.  Note that
   121   ``$\FINALLY~\SHOW{}{\Var{thesis}}~\DOT$'' and
   122   ``$\FINALLY~\HAVE{}{\phi}~\DOT$'' are typical idioms for concluding
   123   calculational proofs.
   124   
   125 \item [$\MOREOVER$ and $\ULTIMATELY$] are analogous to $\ALSO$ and $\FINALLY$,
   126   but collect results only, without applying rules.
   127   
   128 \item [$trans$] declares theorems as transitivity rules.
   129 \end{descr}
   130 
   131 
   132 \section{Named local contexts (cases)}\label{sec:cases}
   133 
   134 \indexisarcmd{case}\indexisarcmd{print-cases}
   135 \indexisaratt{case-names}\indexisaratt{params}
   136 \begin{matharray}{rcl}
   137   \isarcmd{case} & : & \isartrans{proof(state)}{proof(state)} \\
   138   \isarcmd{print_cases}^* & : & \isarkeep{proof} \\
   139   case_names & : & \isaratt \\
   140   params & : & \isaratt \\
   141 \end{matharray}
   142 
   143 Basically, Isar proof contexts are built up explicitly using commands like
   144 $\FIXNAME$, $\ASSUMENAME$ etc.\ (see \S\ref{sec:proof-context}).  In typical
   145 verification tasks this can become hard to manage, though.  In particular, a
   146 large number of local contexts may emerge from case analysis or induction over
   147 inductive sets and types.
   148 
   149 \medskip
   150 
   151 The $\CASENAME$ command provides a shorthand to refer to certain parts of
   152 logical context symbolically.  Proof methods may provide an environment of
   153 named ``cases'' of the form $c\colon \vec x, \vec \phi$.  Then the effect of
   154 $\CASE{c}$ is exactly the same as $\FIX{\vec x}~\ASSUME{c}{\vec\phi}$.
   155 
   156 It is important to note that $\CASENAME$ does \emph{not} provide any means to
   157 peek at the current goal state, which is treated as strictly non-observable in
   158 Isar!  Instead, the cases considered here usually emerge in a canonical way
   159 from certain pieces of specification that appear in the theory somewhere else
   160 (e.g.\ in an inductive definition, or recursive function).  See also
   161 \S\ref{sec:induct-method} for more details of how this works in HOL.
   162 
   163 \medskip
   164 
   165 Named cases may be exhibited in the current proof context only if both the
   166 proof method and the rules involved support this.  Case names and parameters
   167 of basic rules may be declared by hand as well, by using appropriate
   168 attributes.  Thus variant versions of rules that have been derived manually
   169 may be used in advanced case analysis later.
   170 
   171 \railalias{casenames}{case\_names}
   172 \railterm{casenames}
   173 
   174 \begin{rail}
   175   'case' nameref attributes?
   176   ;
   177   casenames (name + )
   178   ;
   179   'params' ((name * ) + 'and')
   180   ;
   181 \end{rail}
   182 %FIXME bug in rail
   183 
   184 \begin{descr}
   185 \item [$\CASE{c}$] invokes a named local context $c\colon \vec x, \vec \phi$,
   186   as provided by an appropriate proof method (such as $cases$ and $induct$ in
   187   Isabelle/HOL, see \S\ref{sec:induct-method}).  The command $\CASE{c}$
   188   abbreviates $\FIX{\vec x}~\ASSUME{c}{\vec\phi}$.
   189 \item [$\isarkeyword{print_cases}$] prints all local contexts of the current
   190   state, using Isar proof language notation.  This is a diagnostic command;
   191   $undo$ does not apply.
   192 \item [$case_names~\vec c$] declares names for the local contexts of premises
   193   of some theorem; $\vec c$ refers to the \emph{suffix} of the list premises.
   194 \item [$params~\vec p@1 \dots \vec p@n$] renames the innermost parameters of
   195   premises $1, \dots, n$ of some theorem.  An empty list of names may be given
   196   to skip positions, leaving the present parameters unchanged.
   197 \end{descr}
   198 
   199 
   200 \section{Generalized existence}
   201 
   202 \indexisarcmd{obtain}
   203 \begin{matharray}{rcl}
   204   \isarcmd{obtain} & : & \isartrans{proof(prove)}{proof(state)} \\
   205 \end{matharray}
   206 
   207 Generalized existence reasoning means that additional elements with certain
   208 properties are introduced, together with a soundness proof of that context
   209 change (the rest of the main goal is left unchanged).
   210 
   211 Syntactically, the $\OBTAINNAME$ language element is like an initial proof
   212 method to the present goal, followed by a proof of its additional claim,
   213 followed by the actual context commands (using the syntax of $\FIXNAME$ and
   214 $\ASSUMENAME$, see \S\ref{sec:proof-context}).
   215 
   216 \begin{rail}
   217   'obtain' (vars + 'and') comment? \\ 'where' (assm comment? + 'and')
   218   ;
   219 \end{rail}
   220 
   221 $\OBTAINNAME$ is defined as a derived Isar command as follows; here the
   222 preceding goal shall be $\psi$, with (optional) facts $\vec b$ indicated for
   223 forward chaining.
   224 \begin{matharray}{l}
   225   \OBTAIN{\vec x}{a}{\vec \phi}~~\langle proof\rangle \equiv {} \\[0.5ex]
   226   \quad \PROOF{succeed} \\
   227   \qquad \DEF{}{thesis \equiv \psi} \\
   228   \qquad \PRESUME{that}{\All{\vec x} \vec\phi \Imp thesis} \\
   229   \qquad \FROM{\vec b}~\SHOW{}{thesis}~~\langle proof\rangle \\
   230   \quad \NEXT \\
   231   \qquad \FIX{\vec x}~\ASSUME{a}{\vec\phi} \\
   232 \end{matharray}
   233 
   234 Typically, the soundness proof is relatively straight-forward, often just by
   235 canonical automated tools such as $\BY{simp}$ (see \S\ref{sec:simp}) or
   236 $\BY{blast}$ (see \S\ref{sec:classical-auto}).  Note that the ``$that$''
   237 presumption above is usually declared as simplification and (unsafe)
   238 introduction rule, depending on the object-logic's policy,
   239 though.\footnote{HOL and HOLCF do this already.}
   240 
   241 The original goal statement is wrapped into a local definition in order to
   242 avoid any automated tools descending into it.  Usually, any statement would
   243 admit the intended reduction anyway; only in very rare cases $thesis_def$ has
   244 to be expanded to complete the soundness proof.
   245 
   246 \medskip
   247 
   248 In a sense, $\OBTAINNAME$ represents at the level of Isar proofs what would be
   249 meta-logical existential quantifiers and conjunctions.  This concept has a
   250 broad range of useful applications, ranging from plain elimination (or even
   251 introduction) of object-level existentials and conjunctions, to elimination
   252 over results of symbolic evaluation of recursive definitions, for example.
   253 
   254 
   255 \section{Miscellaneous methods and attributes}
   256 
   257 \indexisarmeth{unfold}\indexisarmeth{fold}
   258 \indexisarmeth{erule}\indexisarmeth{drule}\indexisarmeth{frule}
   259 \indexisarmeth{fail}\indexisarmeth{succeed}
   260 \begin{matharray}{rcl}
   261   unfold & : & \isarmeth \\
   262   fold & : & \isarmeth \\[0.5ex]
   263   erule^* & : & \isarmeth \\
   264   drule^* & : & \isarmeth \\
   265   frule^* & : & \isarmeth \\[0.5ex]
   266   succeed & : & \isarmeth \\
   267   fail & : & \isarmeth \\
   268 \end{matharray}
   269 
   270 \begin{rail}
   271   ('fold' | 'unfold' | 'erule' | 'drule' | 'frule') thmrefs
   272   ;
   273 \end{rail}
   274 
   275 \begin{descr}
   276 \item [$unfold~\vec a$ and $fold~\vec a$] expand and fold back again the given
   277   meta-level definitions throughout all goals; any facts provided are inserted
   278   into the goal and subject to rewriting as well.
   279 \item [$erule~\vec a$, $drule~\vec a$, and $frule~\vec a$] are similar to the
   280   basic $rule$ method (see \S\ref{sec:pure-meth-att}), but apply rules by
   281   elim-resolution, destruct-resolution, and forward-resolution, respectively
   282   \cite{isabelle-ref}.  These are improper method, mainly for experimentation
   283   and emulating tactic scripts.
   284   
   285   Different modes of basic rule application are usually expressed in Isar at
   286   the proof language level, rather than via implicit proof state
   287   manipulations.  For example, a proper single-step elimination would be done
   288   using the basic $rule$ method, with forward chaining of current facts.
   289 \item [$succeed$] yields a single (unchanged) result; it is the identity of
   290   the ``\texttt{,}'' method combinator (cf.\ \S\ref{sec:syn-meth}).
   291 \item [$fail$] yields an empty result sequence; it is the identity of the
   292   ``\texttt{|}'' method combinator (cf.\ \S\ref{sec:syn-meth}).
   293 \end{descr}
   294 
   295 
   296 \indexisaratt{standard}
   297 \indexisaratt{elimify}
   298 
   299 \indexisaratt{RS}\indexisaratt{COMP}
   300 \indexisaratt{where}
   301 \indexisaratt{tag}\indexisaratt{untag}
   302 \indexisaratt{transfer}
   303 \indexisaratt{export}
   304 \indexisaratt{unfold}\indexisaratt{fold}
   305 \begin{matharray}{rcl}
   306   tag & : & \isaratt \\
   307   untag & : & \isaratt \\[0.5ex]
   308   RS & : & \isaratt \\
   309   COMP & : & \isaratt \\[0.5ex]
   310   where & : & \isaratt \\[0.5ex]
   311   unfold & : & \isaratt \\
   312   fold & : & \isaratt \\[0.5ex]
   313   standard & : & \isaratt \\
   314   elimify & : & \isaratt \\
   315   export^* & : & \isaratt \\
   316   transfer & : & \isaratt \\[0.5ex]
   317 \end{matharray}
   318 
   319 \begin{rail}
   320   'tag' (nameref+)
   321   ;
   322   'untag' name
   323   ;
   324   ('RS' | 'COMP') nat? thmref
   325   ;
   326   'where' (name '=' term * 'and')
   327   ;
   328   ('unfold' | 'fold') thmrefs
   329   ;
   330 \end{rail}
   331 
   332 \begin{descr}
   333 \item [$tag~name~args$ and $untag~name$] add and remove $tags$ of some
   334   theorem.  Tags may be any list of strings that serve as comment for some
   335   tools (e.g.\ $\LEMMANAME$ causes the tag ``$lemma$'' to be added to the
   336   result).  The first string is considered the tag name, the rest its
   337   arguments.  Note that untag removes any tags of the same name.
   338 \item [$RS~n~a$ and $COMP~n~a$] compose rules.  $RS$ resolves with the $n$-th
   339   premise of $a$; $COMP$ is a version of $RS$ that skips the automatic lifting
   340   process that is normally intended (cf.\ \texttt{RS} and \texttt{COMP} in
   341   \cite[\S5]{isabelle-ref}).
   342 \item [$where~\vec x = \vec t$] perform named instantiation of schematic
   343   variables occurring in a theorem.  Unlike instantiation tactics (such as
   344   \texttt{res_inst_tac}, see \cite{isabelle-ref}), actual schematic variables
   345   have to be specified (e.g.\ $\Var{x@3}$).
   346   
   347 \item [$unfold~\vec a$ and $fold~\vec a$] expand and fold back again the given
   348   meta-level definitions throughout a rule.
   349  
   350 \item [$standard$] puts a theorem into the standard form of object-rules, just
   351   as the ML function \texttt{standard} (see \cite[\S5]{isabelle-ref}).
   352   
   353 \item [$elimify$] turns an destruction rule into an elimination, just as the
   354   ML function \texttt{make\_elim} (see \cite{isabelle-ref}).
   355   
   356 \item [$export$] lifts a local result out of the current proof context,
   357   generalizing all fixed variables and discharging all assumptions.  Note that
   358   proper incremental export is already done as part of the basic Isar
   359   machinery.  This attribute is mainly for experimentation.
   360   
   361 \item [$transfer$] promotes a theorem to the current theory context, which has
   362   to enclose the former one.  This is done automatically whenever rules are
   363   joined by inference.
   364 
   365 \end{descr}
   366 
   367 
   368 \section{The Simplifier}
   369 
   370 \subsection{Simplification methods}\label{sec:simp}
   371 
   372 \indexisarmeth{simp}\indexisarmeth{simp-all}
   373 \begin{matharray}{rcl}
   374   simp & : & \isarmeth \\
   375   simp_all & : & \isarmeth \\
   376 \end{matharray}
   377 
   378 \railalias{simpall}{simp\_all}
   379 \railterm{simpall}
   380 
   381 \railalias{noasm}{no\_asm}
   382 \railterm{noasm}
   383 
   384 \railalias{noasmsimp}{no\_asm\_simp}
   385 \railterm{noasmsimp}
   386 
   387 \railalias{noasmuse}{no\_asm\_use}
   388 \railterm{noasmuse}
   389 
   390 \begin{rail}
   391   ('simp' | simpall) ('!' ?) opt? (simpmod * )
   392   ;
   393 
   394   opt: '(' (noasm | noasmsimp | noasmuse) ')'
   395   ;
   396   simpmod: ('add' | 'del' | 'only' | 'split' (() | 'add' | 'del') | 'other') ':' thmrefs
   397   ;
   398 \end{rail}
   399 
   400 \begin{descr}
   401 \item [$simp$] invokes Isabelle's simplifier, after declaring additional rules
   402   according to the arguments given.  Note that the \railtterm{only} modifier
   403   first removes all other rewrite rules, congruences, and looper tactics
   404   (including splits), and then behaves like \railtterm{add}.
   405   
   406   The \railtterm{split} modifiers add or delete rules for the Splitter (see
   407   also \cite{isabelle-ref}), the default is to add.  This works only if the
   408   Simplifier method has been properly setup to include the Splitter (all major
   409   object logics such HOL, HOLCF, FOL, ZF do this already).
   410   
   411   The \railtterm{other} modifier ignores its arguments.  Nevertheless,
   412   additional kinds of rules may be declared by including appropriate
   413   attributes in the specification.
   414 \item [$simp_all$] is similar to $simp$, but acts on all goals.
   415 \end{descr}
   416 
   417 By default, the Simplifier methods are based on \texttt{asm_full_simp_tac}
   418 internally \cite[\S10]{isabelle-ref}, which means that assumptions are both
   419 simplified as well as used in simplifying the conclusion.  In structured
   420 proofs this is usually quite well behaved in practice: just the local premises
   421 of the actual goal are involved, additional facts may inserted via explicit
   422 forward-chaining (using $\THEN$, $\FROMNAME$ etc.).  The full context of
   423 assumptions is only included if the ``$!$'' (bang) argument is given, which
   424 should be used with some care, though.
   425 
   426 Additional Simplifier options may be specified to tune the behavior even
   427 further: $(no_asm)$ means assumptions are ignored completely (cf.\ 
   428 \texttt{simp_tac}), $(no_asm_simp)$ means assumptions are used in the
   429 simplification of the conclusion but are not themselves simplified (cf.\ 
   430 \texttt{asm_simp_tac}), and $(no_asm_use)$ means assumptions are simplified
   431 but are not used in the simplification of each other or the conclusion (cf.
   432 \texttt{full_simp_tac}).
   433 
   434 \medskip
   435 
   436 The Splitter package is usually configured to work as part of the Simplifier.
   437 There is no separate $split$ method available.  The effect of repeatedly
   438 applying \texttt{split_tac} can be simulated by
   439 $(simp~only\colon~split\colon~\vec a)$.
   440 
   441 
   442 \subsection{Declaring rules}
   443 
   444 \indexisarcmd{print-simpset}
   445 \indexisaratt{simp}\indexisaratt{split}\indexisaratt{cong}
   446 \begin{matharray}{rcl}
   447   print_simpset & : & \isarkeep{theory~|~proof} \\
   448   simp & : & \isaratt \\
   449   split & : & \isaratt \\
   450   cong & : & \isaratt \\
   451 \end{matharray}
   452 
   453 \begin{rail}
   454   ('simp' | 'split' | 'cong') (() | 'add' | 'del')
   455   ;
   456 \end{rail}
   457 
   458 \begin{descr}
   459 \item [$print_simpset$] prints the collection of rules declared to the
   460   Simplifier, which is also known as ``simpset'' internally
   461   \cite{isabelle-ref}.  This is a diagnostic command; $undo$ does not apply.
   462 \item [$simp$] declares simplification rules.
   463 \item [$split$] declares split rules.
   464 \item [$cong$] declares congruence rules.
   465 \end{descr}
   466 
   467 
   468 \subsection{Forward simplification}
   469 
   470 \indexisaratt{simplify}\indexisaratt{asm-simplify}
   471 \indexisaratt{full-simplify}\indexisaratt{asm-full-simplify}
   472 \begin{matharray}{rcl}
   473   simplify & : & \isaratt \\
   474   asm_simplify & : & \isaratt \\
   475   full_simplify & : & \isaratt \\
   476   asm_full_simplify & : & \isaratt \\
   477 \end{matharray}
   478 
   479 These attributes provide forward rules for simplification, which should be
   480 used only very rarely.  There are no separate options for declaring
   481 simplification rules locally.
   482 
   483 See the ML functions of the same name in \cite[\S10]{isabelle-ref} for more
   484 information.
   485 
   486 
   487 \section{The Classical Reasoner}
   488 
   489 \subsection{Basic methods}\label{sec:classical-basic}
   490 
   491 \indexisarmeth{rule}\indexisarmeth{intro}
   492 \indexisarmeth{elim}\indexisarmeth{default}\indexisarmeth{contradiction}
   493 \begin{matharray}{rcl}
   494   rule & : & \isarmeth \\
   495   intro & : & \isarmeth \\
   496   elim & : & \isarmeth \\
   497   contradiction & : & \isarmeth \\
   498 \end{matharray}
   499 
   500 \begin{rail}
   501   ('rule' | 'intro' | 'elim') thmrefs?
   502   ;
   503 \end{rail}
   504 
   505 \begin{descr}
   506 \item [$rule$] as offered by the classical reasoner is a refinement over the
   507   primitive one (see \S\ref{sec:pure-meth-att}).  In case that no rules are
   508   provided as arguments, it automatically determines elimination and
   509   introduction rules from the context (see also \S\ref{sec:classical-mod}).
   510   This is made the default method for basic proof steps, such as $\PROOFNAME$
   511   and ``$\DDOT$'' (two dots), see also \S\ref{sec:proof-steps} and
   512   \S\ref{sec:pure-meth-att}.
   513   
   514 \item [$intro$ and $elim$] repeatedly refine some goal by intro- or
   515   elim-resolution, after having inserted any facts.  Omitting the arguments
   516   refers to any suitable rules declared in the context, otherwise only the
   517   explicitly given ones may be applied.  The latter form admits better control
   518   of what actually happens, thus it is very appropriate as an initial method
   519   for $\PROOFNAME$ that splits up certain connectives of the goal, before
   520   entering the actual sub-proof.
   521   
   522 \item [$contradiction$] solves some goal by contradiction, deriving any result
   523   from both $\neg A$ and $A$.  Facts, which are guaranteed to participate, may
   524   appear in either order.
   525 \end{descr}
   526 
   527 
   528 \subsection{Automated methods}\label{sec:classical-auto}
   529 
   530 \indexisarmeth{blast}
   531 \indexisarmeth{fast}\indexisarmeth{best}\indexisarmeth{slow}\indexisarmeth{slow-best}
   532 \begin{matharray}{rcl}
   533  blast & : & \isarmeth \\
   534  fast & : & \isarmeth \\
   535  best & : & \isarmeth \\
   536  slow & : & \isarmeth \\
   537  slow_best & : & \isarmeth \\
   538 \end{matharray}
   539 
   540 \railalias{slowbest}{slow\_best}
   541 \railterm{slowbest}
   542 
   543 \begin{rail}
   544   'blast' ('!' ?) nat? (clamod * )
   545   ;
   546   ('fast' | 'best' | 'slow' | slowbest) ('!' ?) (clamod * )
   547   ;
   548 
   549   clamod: (('intro' | 'elim' | 'dest') (() | '?' | '??') | 'del') ':' thmrefs
   550   ;
   551 \end{rail}
   552 
   553 \begin{descr}
   554 \item [$blast$] refers to the classical tableau prover (see \texttt{blast_tac}
   555   in \cite[\S11]{isabelle-ref}).  The optional argument specifies a
   556   user-supplied search bound (default 20).
   557 \item [$fast$, $best$, $slow$, $slow_best$] refer to the generic classical
   558   reasoner (see \cite[\S11]{isabelle-ref}, tactic \texttt{fast_tac} etc).
   559 \end{descr}
   560 
   561 Any of above methods support additional modifiers of the context of classical
   562 rules.  Their semantics is analogous to the attributes given in
   563 \S\ref{sec:classical-mod}.  Facts provided by forward chaining are
   564 inserted\footnote{These methods usually cannot make proper use of actual rules
   565   inserted that way, though.} into the goal before doing the search.  The
   566 ``!''~argument causes the full context of assumptions to be included as well.
   567 This is slightly less hazardous than for the Simplifier (see
   568 \S\ref{sec:simp}).
   569 
   570 
   571 \subsection{Combined automated methods}
   572 
   573 \indexisarmeth{auto}\indexisarmeth{force}
   574 \begin{matharray}{rcl}
   575   force & : & \isarmeth \\
   576   auto & : & \isarmeth \\
   577 \end{matharray}
   578 
   579 \begin{rail}
   580   ('force' | 'auto') ('!' ?) (clasimpmod * )
   581   ;
   582 
   583   clasimpmod: ('simp' (() | 'add' | 'del' | 'only') | 'other' |
   584     ('split' (() | 'add' | 'del')) |
   585     (('intro' | 'elim' | 'dest') (() | '?' | '??') | 'del')) ':' thmrefs
   586 \end{rail}
   587 
   588 \begin{descr}
   589 \item [$force$ and $auto$] provide access to Isabelle's combined
   590   simplification and classical reasoning tactics.  See \texttt{force_tac} and
   591   \texttt{auto_tac} in \cite[\S11]{isabelle-ref} for more information.  The
   592   modifier arguments correspond to those given in \S\ref{sec:simp} and
   593   \S\ref{sec:classical-auto}.  Just note that the ones related to the
   594   Simplifier are prefixed by \railtterm{simp} here.
   595   
   596   Facts provided by forward chaining are inserted into the goal before doing
   597   the search.  The ``!''~argument causes the full context of assumptions to be
   598   included as well.
   599 \end{descr}
   600 
   601 
   602 \subsection{Declaring rules}\label{sec:classical-mod}
   603 
   604 \indexisarcmd{print-claset}
   605 \indexisaratt{intro}\indexisaratt{elim}\indexisaratt{dest}
   606 \indexisaratt{iff}\indexisaratt{delrule}
   607 \begin{matharray}{rcl}
   608   print_claset & : & \isarkeep{theory~|~proof} \\
   609   intro & : & \isaratt \\
   610   elim & : & \isaratt \\
   611   dest & : & \isaratt \\
   612   iff & : & \isaratt \\
   613   delrule & : & \isaratt \\
   614 \end{matharray}
   615 
   616 \begin{rail}
   617   ('intro' | 'elim' | 'dest') (() | '?' | '??')
   618   ;
   619   'iff' (() | 'add' | 'del')
   620 \end{rail}
   621 
   622 \begin{descr}
   623 \item [$print_claset$] prints the collection of rules declared to the
   624   Classical Reasoner, which is also known as ``simpset'' internally
   625   \cite{isabelle-ref}.  This is a diagnostic command; $undo$ does not apply.
   626 \item [$intro$, $elim$, and $dest$] declare introduction, elimination, and
   627   destruct rules, respectively.  By default, rules are considered as
   628   \emph{safe}, while a single ``?'' classifies as \emph{unsafe}, and ``??'' as
   629   \emph{extra} (i.e.\ not applied in the search-oriented automated methods,
   630   but only in single-step methods such as $rule$).
   631   
   632 \item [$iff$] declares equations both as rules for the Simplifier and
   633   Classical Reasoner.
   634 
   635 \item [$delrule$] deletes introduction or elimination rules from the context.
   636   Note that destruction rules would have to be turned into elimination rules
   637   first, e.g.\ by using the $elimify$ attribute.
   638 \end{descr}
   639 
   640 
   641 %%% Local Variables: 
   642 %%% mode: latex
   643 %%% TeX-master: "isar-ref"
   644 %%% End: