doc-src/IsarRef/Thy/document/HOL_Specific.tex
author Cezary Kaliszyk <cezarykaliszyk@gmail.com>
Fri Feb 10 09:47:59 2012 +0100 (2012-02-10)
changeset 46448 f1201fac7398
parent 46447 f37da60a8cc6
child 46457 915af80f74b3
permissions -rw-r--r--
more specification of the quotient package in IsarRef
     1 %
     2 \begin{isabellebody}%
     3 \def\isabellecontext{HOL{\isaliteral{5F}{\isacharunderscore}}Specific}%
     4 %
     5 \isadelimtheory
     6 %
     7 \endisadelimtheory
     8 %
     9 \isatagtheory
    10 \isacommand{theory}\isamarkupfalse%
    11 \ HOL{\isaliteral{5F}{\isacharunderscore}}Specific\isanewline
    12 \isakeyword{imports}\ Base\ Main\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{7E}{\isachartilde}}{\isaliteral{7E}{\isachartilde}}{\isaliteral{2F}{\isacharslash}}src{\isaliteral{2F}{\isacharslash}}HOL{\isaliteral{2F}{\isacharslash}}Library{\isaliteral{2F}{\isacharslash}}Old{\isaliteral{5F}{\isacharunderscore}}Recdef{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
    13 \isakeyword{begin}%
    14 \endisatagtheory
    15 {\isafoldtheory}%
    16 %
    17 \isadelimtheory
    18 %
    19 \endisadelimtheory
    20 %
    21 \isamarkupchapter{Isabelle/HOL \label{ch:hol}%
    22 }
    23 \isamarkuptrue%
    24 %
    25 \isamarkupsection{Higher-Order Logic%
    26 }
    27 \isamarkuptrue%
    28 %
    29 \begin{isamarkuptext}%
    30 Isabelle/HOL is based on Higher-Order Logic, a polymorphic
    31   version of Church's Simple Theory of Types.  HOL can be best
    32   understood as a simply-typed version of classical set theory.  The
    33   logic was first implemented in Gordon's HOL system
    34   \cite{mgordon-hol}.  It extends Church's original logic
    35   \cite{church40} by explicit type variables (naive polymorphism) and
    36   a sound axiomatization scheme for new types based on subsets of
    37   existing types.
    38 
    39   Andrews's book \cite{andrews86} is a full description of the
    40   original Church-style higher-order logic, with proofs of correctness
    41   and completeness wrt.\ certain set-theoretic interpretations.  The
    42   particular extensions of Gordon-style HOL are explained semantically
    43   in two chapters of the 1993 HOL book \cite{pitts93}.
    44 
    45   Experience with HOL over decades has demonstrated that higher-order
    46   logic is widely applicable in many areas of mathematics and computer
    47   science.  In a sense, Higher-Order Logic is simpler than First-Order
    48   Logic, because there are fewer restrictions and special cases.  Note
    49   that HOL is \emph{weaker} than FOL with axioms for ZF set theory,
    50   which is traditionally considered the standard foundation of regular
    51   mathematics, but for most applications this does not matter.  If you
    52   prefer ML to Lisp, you will probably prefer HOL to ZF.
    53 
    54   \medskip The syntax of HOL follows \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C616D6264613E}{\isasymlambda}}{\isaliteral{22}{\isachardoublequote}}}-calculus and
    55   functional programming.  Function application is curried.  To apply
    56   the function \isa{f} of type \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C7461753E}{\isasymtau}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C7461753E}{\isasymtau}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{2}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C7461753E}{\isasymtau}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{3}}{\isaliteral{22}{\isachardoublequote}}} to the
    57   arguments \isa{a} and \isa{b} in HOL, you simply write \isa{{\isaliteral{22}{\isachardoublequote}}f\ a\ b{\isaliteral{22}{\isachardoublequote}}} (as in ML or Haskell).  There is no ``apply'' operator; the
    58   existing application of the Pure \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C616D6264613E}{\isasymlambda}}{\isaliteral{22}{\isachardoublequote}}}-calculus is re-used.
    59   Note that in HOL \isa{{\isaliteral{22}{\isachardoublequote}}f\ {\isaliteral{28}{\isacharparenleft}}a{\isaliteral{2C}{\isacharcomma}}\ b{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}} means ``\isa{{\isaliteral{22}{\isachardoublequote}}f{\isaliteral{22}{\isachardoublequote}}} applied to
    60   the pair \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}a{\isaliteral{2C}{\isacharcomma}}\ b{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}} (which is notation for \isa{{\isaliteral{22}{\isachardoublequote}}Pair\ a\ b{\isaliteral{22}{\isachardoublequote}}}).  The latter typically introduces extra formal efforts that can
    61   be avoided by currying functions by default.  Explicit tuples are as
    62   infrequent in HOL formalizations as in good ML or Haskell programs.
    63 
    64   \medskip Isabelle/HOL has a distinct feel, compared to other
    65   object-logics like Isabelle/ZF.  It identifies object-level types
    66   with meta-level types, taking advantage of the default
    67   type-inference mechanism of Isabelle/Pure.  HOL fully identifies
    68   object-level functions with meta-level functions, with native
    69   abstraction and application.
    70 
    71   These identifications allow Isabelle to support HOL particularly
    72   nicely, but they also mean that HOL requires some sophistication
    73   from the user.  In particular, an understanding of Hindley-Milner
    74   type-inference with type-classes, which are both used extensively in
    75   the standard libraries and applications.  Beginners can set
    76   \hyperlink{attribute.show-types}{\mbox{\isa{show{\isaliteral{5F}{\isacharunderscore}}types}}} or even \hyperlink{attribute.show-sorts}{\mbox{\isa{show{\isaliteral{5F}{\isacharunderscore}}sorts}}} to get more
    77   explicit information about the result of type-inference.%
    78 \end{isamarkuptext}%
    79 \isamarkuptrue%
    80 %
    81 \isamarkupsection{Inductive and coinductive definitions \label{sec:hol-inductive}%
    82 }
    83 \isamarkuptrue%
    84 %
    85 \begin{isamarkuptext}%
    86 An \emph{inductive definition} specifies the least predicate
    87   or set \isa{R} closed under given rules: applying a rule to
    88   elements of \isa{R} yields a result within \isa{R}.  For
    89   example, a structural operational semantics is an inductive
    90   definition of an evaluation relation.
    91 
    92   Dually, a \emph{coinductive definition} specifies the greatest
    93   predicate or set \isa{R} that is consistent with given rules:
    94   every element of \isa{R} can be seen as arising by applying a rule
    95   to elements of \isa{R}.  An important example is using
    96   bisimulation relations to formalise equivalence of processes and
    97   infinite data structures.
    98   
    99   Both inductive and coinductive definitions are based on the
   100   Knaster-Tarski fixed-point theorem for complete lattices.  The
   101   collection of introduction rules given by the user determines a
   102   functor on subsets of set-theoretic relations.  The required
   103   monotonicity of the recursion scheme is proven as a prerequisite to
   104   the fixed-point definition and the resulting consequences.  This
   105   works by pushing inclusion through logical connectives and any other
   106   operator that might be wrapped around recursive occurrences of the
   107   defined relation: there must be a monotonicity theorem of the form
   108   \isa{{\isaliteral{22}{\isachardoublequote}}A\ {\isaliteral{5C3C6C653E}{\isasymle}}\ B\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ {\isaliteral{5C3C4D3E}{\isasymM}}\ A\ {\isaliteral{5C3C6C653E}{\isasymle}}\ {\isaliteral{5C3C4D3E}{\isasymM}}\ B{\isaliteral{22}{\isachardoublequote}}}, for each premise \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C4D3E}{\isasymM}}\ R\ t{\isaliteral{22}{\isachardoublequote}}} in an
   109   introduction rule.  The default rule declarations of Isabelle/HOL
   110   already take care of most common situations.
   111 
   112   \begin{matharray}{rcl}
   113     \indexdef{HOL}{command}{inductive}\hypertarget{command.HOL.inductive}{\hyperlink{command.HOL.inductive}{\mbox{\isa{\isacommand{inductive}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}local{\isaliteral{5F}{\isacharunderscore}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ local{\isaliteral{5F}{\isacharunderscore}}theory{\isaliteral{22}{\isachardoublequote}}} \\
   114     \indexdef{HOL}{command}{inductive\_set}\hypertarget{command.HOL.inductive-set}{\hyperlink{command.HOL.inductive-set}{\mbox{\isa{\isacommand{inductive{\isaliteral{5F}{\isacharunderscore}}set}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}local{\isaliteral{5F}{\isacharunderscore}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ local{\isaliteral{5F}{\isacharunderscore}}theory{\isaliteral{22}{\isachardoublequote}}} \\
   115     \indexdef{HOL}{command}{coinductive}\hypertarget{command.HOL.coinductive}{\hyperlink{command.HOL.coinductive}{\mbox{\isa{\isacommand{coinductive}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}local{\isaliteral{5F}{\isacharunderscore}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ local{\isaliteral{5F}{\isacharunderscore}}theory{\isaliteral{22}{\isachardoublequote}}} \\
   116     \indexdef{HOL}{command}{coinductive\_set}\hypertarget{command.HOL.coinductive-set}{\hyperlink{command.HOL.coinductive-set}{\mbox{\isa{\isacommand{coinductive{\isaliteral{5F}{\isacharunderscore}}set}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}local{\isaliteral{5F}{\isacharunderscore}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ local{\isaliteral{5F}{\isacharunderscore}}theory{\isaliteral{22}{\isachardoublequote}}} \\
   117     \indexdef{HOL}{attribute}{mono}\hypertarget{attribute.HOL.mono}{\hyperlink{attribute.HOL.mono}{\mbox{\isa{mono}}}} & : & \isa{attribute} \\
   118   \end{matharray}
   119 
   120   \begin{railoutput}
   121 \rail@begin{10}{}
   122 \rail@bar
   123 \rail@term{\hyperlink{command.HOL.inductive}{\mbox{\isa{\isacommand{inductive}}}}}[]
   124 \rail@nextbar{1}
   125 \rail@term{\hyperlink{command.HOL.inductive-set}{\mbox{\isa{\isacommand{inductive{\isaliteral{5F}{\isacharunderscore}}set}}}}}[]
   126 \rail@nextbar{2}
   127 \rail@term{\hyperlink{command.HOL.coinductive}{\mbox{\isa{\isacommand{coinductive}}}}}[]
   128 \rail@nextbar{3}
   129 \rail@term{\hyperlink{command.HOL.coinductive-set}{\mbox{\isa{\isacommand{coinductive{\isaliteral{5F}{\isacharunderscore}}set}}}}}[]
   130 \rail@endbar
   131 \rail@bar
   132 \rail@nextbar{1}
   133 \rail@nont{\hyperlink{syntax.target}{\mbox{\isa{target}}}}[]
   134 \rail@endbar
   135 \rail@cr{5}
   136 \rail@nont{\hyperlink{syntax.fixes}{\mbox{\isa{fixes}}}}[]
   137 \rail@bar
   138 \rail@nextbar{6}
   139 \rail@term{\isa{\isakeyword{for}}}[]
   140 \rail@nont{\hyperlink{syntax.fixes}{\mbox{\isa{fixes}}}}[]
   141 \rail@endbar
   142 \rail@bar
   143 \rail@nextbar{6}
   144 \rail@term{\isa{\isakeyword{where}}}[]
   145 \rail@nont{\isa{clauses}}[]
   146 \rail@endbar
   147 \rail@cr{8}
   148 \rail@bar
   149 \rail@nextbar{9}
   150 \rail@term{\isa{\isakeyword{monos}}}[]
   151 \rail@nont{\hyperlink{syntax.thmrefs}{\mbox{\isa{thmrefs}}}}[]
   152 \rail@endbar
   153 \rail@end
   154 \rail@begin{3}{\isa{clauses}}
   155 \rail@plus
   156 \rail@bar
   157 \rail@nextbar{1}
   158 \rail@nont{\hyperlink{syntax.thmdecl}{\mbox{\isa{thmdecl}}}}[]
   159 \rail@endbar
   160 \rail@nont{\hyperlink{syntax.prop}{\mbox{\isa{prop}}}}[]
   161 \rail@nextplus{2}
   162 \rail@cterm{\isa{{\isaliteral{7C}{\isacharbar}}}}[]
   163 \rail@endplus
   164 \rail@end
   165 \rail@begin{3}{}
   166 \rail@term{\hyperlink{attribute.HOL.mono}{\mbox{\isa{mono}}}}[]
   167 \rail@bar
   168 \rail@nextbar{1}
   169 \rail@term{\isa{add}}[]
   170 \rail@nextbar{2}
   171 \rail@term{\isa{del}}[]
   172 \rail@endbar
   173 \rail@end
   174 \end{railoutput}
   175 
   176 
   177   \begin{description}
   178 
   179   \item \hyperlink{command.HOL.inductive}{\mbox{\isa{\isacommand{inductive}}}} and \hyperlink{command.HOL.coinductive}{\mbox{\isa{\isacommand{coinductive}}}} define (co)inductive predicates from the introduction
   180   rules.
   181 
   182   The propositions given as \isa{{\isaliteral{22}{\isachardoublequote}}clauses{\isaliteral{22}{\isachardoublequote}}} in the \hyperlink{keyword.where}{\mbox{\isa{\isakeyword{where}}}} part are either rules of the usual \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C416E643E}{\isasymAnd}}{\isaliteral{2F}{\isacharslash}}{\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}{\isaliteral{22}{\isachardoublequote}}} format
   183   (with arbitrary nesting), or equalities using \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C65717569763E}{\isasymequiv}}{\isaliteral{22}{\isachardoublequote}}}.  The
   184   latter specifies extra-logical abbreviations in the sense of
   185   \indexref{}{command}{abbreviation}\hyperlink{command.abbreviation}{\mbox{\isa{\isacommand{abbreviation}}}}.  Introducing abstract syntax
   186   simultaneously with the actual introduction rules is occasionally
   187   useful for complex specifications.
   188 
   189   The optional \hyperlink{keyword.for}{\mbox{\isa{\isakeyword{for}}}} part contains a list of parameters of
   190   the (co)inductive predicates that remain fixed throughout the
   191   definition, in contrast to arguments of the relation that may vary
   192   in each occurrence within the given \isa{{\isaliteral{22}{\isachardoublequote}}clauses{\isaliteral{22}{\isachardoublequote}}}.
   193 
   194   The optional \hyperlink{keyword.monos}{\mbox{\isa{\isakeyword{monos}}}} declaration contains additional
   195   \emph{monotonicity theorems}, which are required for each operator
   196   applied to a recursive set in the introduction rules.
   197 
   198   \item \hyperlink{command.HOL.inductive-set}{\mbox{\isa{\isacommand{inductive{\isaliteral{5F}{\isacharunderscore}}set}}}} and \hyperlink{command.HOL.coinductive-set}{\mbox{\isa{\isacommand{coinductive{\isaliteral{5F}{\isacharunderscore}}set}}}} are wrappers for to the previous commands for
   199   native HOL predicates.  This allows to define (co)inductive sets,
   200   where multiple arguments are simulated via tuples.
   201 
   202   \item \hyperlink{attribute.HOL.mono}{\mbox{\isa{mono}}} declares monotonicity rules in the
   203   context.  These rule are involved in the automated monotonicity
   204   proof of the above inductive and coinductive definitions.
   205 
   206   \end{description}%
   207 \end{isamarkuptext}%
   208 \isamarkuptrue%
   209 %
   210 \isamarkupsubsection{Derived rules%
   211 }
   212 \isamarkuptrue%
   213 %
   214 \begin{isamarkuptext}%
   215 A (co)inductive definition of \isa{R} provides the following
   216   main theorems:
   217 
   218   \begin{description}
   219 
   220   \item \isa{R{\isaliteral{2E}{\isachardot}}intros} is the list of introduction rules as proven
   221   theorems, for the recursive predicates (or sets).  The rules are
   222   also available individually, using the names given them in the
   223   theory file;
   224 
   225   \item \isa{R{\isaliteral{2E}{\isachardot}}cases} is the case analysis (or elimination) rule;
   226 
   227   \item \isa{R{\isaliteral{2E}{\isachardot}}induct} or \isa{R{\isaliteral{2E}{\isachardot}}coinduct} is the (co)induction
   228   rule;
   229 
   230   \item \isa{R{\isaliteral{2E}{\isachardot}}simps} is the equation unrolling the fixpoint of the
   231   predicate one step.
   232  
   233   \end{description}
   234 
   235   When several predicates \isa{{\isaliteral{22}{\isachardoublequote}}R\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}\ R\isaliteral{5C3C5E7375623E}{}\isactrlsub n{\isaliteral{22}{\isachardoublequote}}} are
   236   defined simultaneously, the list of introduction rules is called
   237   \isa{{\isaliteral{22}{\isachardoublequote}}R\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{5F}{\isacharunderscore}}{\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{5F}{\isacharunderscore}}R\isaliteral{5C3C5E7375623E}{}\isactrlsub n{\isaliteral{2E}{\isachardot}}intros{\isaliteral{22}{\isachardoublequote}}}, the case analysis rules are
   238   called \isa{{\isaliteral{22}{\isachardoublequote}}R\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{2E}{\isachardot}}cases{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}\ R\isaliteral{5C3C5E7375623E}{}\isactrlsub n{\isaliteral{2E}{\isachardot}}cases{\isaliteral{22}{\isachardoublequote}}}, and the list
   239   of mutual induction rules is called \isa{{\isaliteral{22}{\isachardoublequote}}R\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{5F}{\isacharunderscore}}{\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{5F}{\isacharunderscore}}R\isaliteral{5C3C5E7375623E}{}\isactrlsub n{\isaliteral{2E}{\isachardot}}inducts{\isaliteral{22}{\isachardoublequote}}}.%
   240 \end{isamarkuptext}%
   241 \isamarkuptrue%
   242 %
   243 \isamarkupsubsection{Monotonicity theorems%
   244 }
   245 \isamarkuptrue%
   246 %
   247 \begin{isamarkuptext}%
   248 The context maintains a default set of theorems that are used
   249   in monotonicity proofs.  New rules can be declared via the
   250   \hyperlink{attribute.HOL.mono}{\mbox{\isa{mono}}} attribute.  See the main Isabelle/HOL
   251   sources for some examples.  The general format of such monotonicity
   252   theorems is as follows:
   253 
   254   \begin{itemize}
   255 
   256   \item Theorems of the form \isa{{\isaliteral{22}{\isachardoublequote}}A\ {\isaliteral{5C3C6C653E}{\isasymle}}\ B\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ {\isaliteral{5C3C4D3E}{\isasymM}}\ A\ {\isaliteral{5C3C6C653E}{\isasymle}}\ {\isaliteral{5C3C4D3E}{\isasymM}}\ B{\isaliteral{22}{\isachardoublequote}}}, for proving
   257   monotonicity of inductive definitions whose introduction rules have
   258   premises involving terms such as \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C4D3E}{\isasymM}}\ R\ t{\isaliteral{22}{\isachardoublequote}}}.
   259 
   260   \item Monotonicity theorems for logical operators, which are of the
   261   general form \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{5C3C6C6F6E6772696768746172726F773E}{\isasymlongrightarrow}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{28}{\isacharparenleft}}{\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{5C3C6C6F6E6772696768746172726F773E}{\isasymlongrightarrow}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{5C3C6C6F6E6772696768746172726F773E}{\isasymlongrightarrow}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{22}{\isachardoublequote}}}.  For example, in
   262   the case of the operator \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6F723E}{\isasymor}}{\isaliteral{22}{\isachardoublequote}}}, the corresponding theorem is
   263   \[
   264   \infer{\isa{{\isaliteral{22}{\isachardoublequote}}P\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}\ {\isaliteral{5C3C6F723E}{\isasymor}}\ P\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{2}}\ {\isaliteral{5C3C6C6F6E6772696768746172726F773E}{\isasymlongrightarrow}}\ Q\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}\ {\isaliteral{5C3C6F723E}{\isasymor}}\ Q\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{2}}{\isaliteral{22}{\isachardoublequote}}}}{\isa{{\isaliteral{22}{\isachardoublequote}}P\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}\ {\isaliteral{5C3C6C6F6E6772696768746172726F773E}{\isasymlongrightarrow}}\ Q\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}P\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{2}}\ {\isaliteral{5C3C6C6F6E6772696768746172726F773E}{\isasymlongrightarrow}}\ Q\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{2}}{\isaliteral{22}{\isachardoublequote}}}}
   265   \]
   266 
   267   \item De Morgan style equations for reasoning about the ``polarity''
   268   of expressions, e.g.
   269   \[
   270   \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6E6F743E}{\isasymnot}}\ {\isaliteral{5C3C6E6F743E}{\isasymnot}}\ P\ {\isaliteral{5C3C6C6F6E676C65667472696768746172726F773E}{\isasymlongleftrightarrow}}\ P{\isaliteral{22}{\isachardoublequote}}} \qquad\qquad
   271   \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6E6F743E}{\isasymnot}}\ {\isaliteral{28}{\isacharparenleft}}P\ {\isaliteral{5C3C616E643E}{\isasymand}}\ Q{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C6C6F6E676C65667472696768746172726F773E}{\isasymlongleftrightarrow}}\ {\isaliteral{5C3C6E6F743E}{\isasymnot}}\ P\ {\isaliteral{5C3C6F723E}{\isasymor}}\ {\isaliteral{5C3C6E6F743E}{\isasymnot}}\ Q{\isaliteral{22}{\isachardoublequote}}}
   272   \]
   273 
   274   \item Equations for reducing complex operators to more primitive
   275   ones whose monotonicity can easily be proved, e.g.
   276   \[
   277   \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}P\ {\isaliteral{5C3C6C6F6E6772696768746172726F773E}{\isasymlongrightarrow}}\ Q{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C6C6F6E676C65667472696768746172726F773E}{\isasymlongleftrightarrow}}\ {\isaliteral{5C3C6E6F743E}{\isasymnot}}\ P\ {\isaliteral{5C3C6F723E}{\isasymor}}\ Q{\isaliteral{22}{\isachardoublequote}}} \qquad\qquad
   278   \isa{{\isaliteral{22}{\isachardoublequote}}Ball\ A\ P\ {\isaliteral{5C3C65717569763E}{\isasymequiv}}\ {\isaliteral{5C3C666F72616C6C3E}{\isasymforall}}x{\isaliteral{2E}{\isachardot}}\ x\ {\isaliteral{5C3C696E3E}{\isasymin}}\ A\ {\isaliteral{5C3C6C6F6E6772696768746172726F773E}{\isasymlongrightarrow}}\ P\ x{\isaliteral{22}{\isachardoublequote}}}
   279   \]
   280 
   281   \end{itemize}%
   282 \end{isamarkuptext}%
   283 \isamarkuptrue%
   284 %
   285 \isamarkupsubsubsection{Examples%
   286 }
   287 \isamarkuptrue%
   288 %
   289 \begin{isamarkuptext}%
   290 The finite powerset operator can be defined inductively like this:%
   291 \end{isamarkuptext}%
   292 \isamarkuptrue%
   293 \isacommand{inductive{\isaliteral{5F}{\isacharunderscore}}set}\isamarkupfalse%
   294 \ Fin\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{27}{\isacharprime}}a\ set\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{27}{\isacharprime}}a\ set\ set{\isaliteral{22}{\isachardoublequoteclose}}\ \isakeyword{for}\ A\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{27}{\isacharprime}}a\ set{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   295 \isakeyword{where}\isanewline
   296 \ \ empty{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{7B}{\isacharbraceleft}}{\isaliteral{7D}{\isacharbraceright}}\ {\isaliteral{5C3C696E3E}{\isasymin}}\ Fin\ A{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   297 {\isaliteral{7C}{\isacharbar}}\ insert{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequoteopen}}a\ {\isaliteral{5C3C696E3E}{\isasymin}}\ A\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ B\ {\isaliteral{5C3C696E3E}{\isasymin}}\ Fin\ A\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ insert\ a\ B\ {\isaliteral{5C3C696E3E}{\isasymin}}\ Fin\ A{\isaliteral{22}{\isachardoublequoteclose}}%
   298 \begin{isamarkuptext}%
   299 The accessible part of a relation is defined as follows:%
   300 \end{isamarkuptext}%
   301 \isamarkuptrue%
   302 \isacommand{inductive}\isamarkupfalse%
   303 \ acc\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{27}{\isacharprime}}a\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{27}{\isacharprime}}a\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ bool{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{27}{\isacharprime}}a\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ bool{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   304 \ \ \isakeyword{for}\ r\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{27}{\isacharprime}}a\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{27}{\isacharprime}}a\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ bool{\isaliteral{22}{\isachardoublequoteclose}}\ \ {\isaliteral{28}{\isacharparenleft}}\isakeyword{infix}\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{5C3C707265633E}{\isasymprec}}{\isaliteral{22}{\isachardoublequoteclose}}\ {\isadigit{5}}{\isadigit{0}}{\isaliteral{29}{\isacharparenright}}\isanewline
   305 \isakeyword{where}\ acc{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{5C3C416E643E}{\isasymAnd}}y{\isaliteral{2E}{\isachardot}}\ y\ {\isaliteral{5C3C707265633E}{\isasymprec}}\ x\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ acc\ r\ y{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ acc\ r\ x{\isaliteral{22}{\isachardoublequoteclose}}%
   306 \begin{isamarkuptext}%
   307 Common logical connectives can be easily characterized as
   308 non-recursive inductive definitions with parameters, but without
   309 arguments.%
   310 \end{isamarkuptext}%
   311 \isamarkuptrue%
   312 \isacommand{inductive}\isamarkupfalse%
   313 \ AND\ \isakeyword{for}\ A\ B\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ bool\isanewline
   314 \isakeyword{where}\ {\isaliteral{22}{\isachardoublequoteopen}}A\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ B\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ AND\ A\ B{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   315 \isanewline
   316 \isacommand{inductive}\isamarkupfalse%
   317 \ OR\ \isakeyword{for}\ A\ B\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ bool\isanewline
   318 \isakeyword{where}\ {\isaliteral{22}{\isachardoublequoteopen}}A\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ OR\ A\ B{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   319 \ \ {\isaliteral{7C}{\isacharbar}}\ {\isaliteral{22}{\isachardoublequoteopen}}B\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ OR\ A\ B{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   320 \isanewline
   321 \isacommand{inductive}\isamarkupfalse%
   322 \ EXISTS\ \isakeyword{for}\ B\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{27}{\isacharprime}}a\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ bool{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   323 \isakeyword{where}\ {\isaliteral{22}{\isachardoublequoteopen}}B\ a\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ EXISTS\ B{\isaliteral{22}{\isachardoublequoteclose}}%
   324 \begin{isamarkuptext}%
   325 Here the \isa{{\isaliteral{22}{\isachardoublequote}}cases{\isaliteral{22}{\isachardoublequote}}} or \isa{{\isaliteral{22}{\isachardoublequote}}induct{\isaliteral{22}{\isachardoublequote}}} rules produced by
   326   the \hyperlink{command.inductive}{\mbox{\isa{\isacommand{inductive}}}} package coincide with the expected
   327   elimination rules for Natural Deduction.  Already in the original
   328   article by Gerhard Gentzen \cite{Gentzen:1935} there is a hint that
   329   each connective can be characterized by its introductions, and the
   330   elimination can be constructed systematically.%
   331 \end{isamarkuptext}%
   332 \isamarkuptrue%
   333 %
   334 \isamarkupsection{Recursive functions \label{sec:recursion}%
   335 }
   336 \isamarkuptrue%
   337 %
   338 \begin{isamarkuptext}%
   339 \begin{matharray}{rcl}
   340     \indexdef{HOL}{command}{primrec}\hypertarget{command.HOL.primrec}{\hyperlink{command.HOL.primrec}{\mbox{\isa{\isacommand{primrec}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}local{\isaliteral{5F}{\isacharunderscore}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ local{\isaliteral{5F}{\isacharunderscore}}theory{\isaliteral{22}{\isachardoublequote}}} \\
   341     \indexdef{HOL}{command}{fun}\hypertarget{command.HOL.fun}{\hyperlink{command.HOL.fun}{\mbox{\isa{\isacommand{fun}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}local{\isaliteral{5F}{\isacharunderscore}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ local{\isaliteral{5F}{\isacharunderscore}}theory{\isaliteral{22}{\isachardoublequote}}} \\
   342     \indexdef{HOL}{command}{function}\hypertarget{command.HOL.function}{\hyperlink{command.HOL.function}{\mbox{\isa{\isacommand{function}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}local{\isaliteral{5F}{\isacharunderscore}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ proof{\isaliteral{28}{\isacharparenleft}}prove{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}} \\
   343     \indexdef{HOL}{command}{termination}\hypertarget{command.HOL.termination}{\hyperlink{command.HOL.termination}{\mbox{\isa{\isacommand{termination}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}local{\isaliteral{5F}{\isacharunderscore}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ proof{\isaliteral{28}{\isacharparenleft}}prove{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}} \\
   344   \end{matharray}
   345 
   346   \begin{railoutput}
   347 \rail@begin{2}{}
   348 \rail@term{\hyperlink{command.HOL.primrec}{\mbox{\isa{\isacommand{primrec}}}}}[]
   349 \rail@bar
   350 \rail@nextbar{1}
   351 \rail@nont{\hyperlink{syntax.target}{\mbox{\isa{target}}}}[]
   352 \rail@endbar
   353 \rail@nont{\hyperlink{syntax.fixes}{\mbox{\isa{fixes}}}}[]
   354 \rail@term{\isa{\isakeyword{where}}}[]
   355 \rail@nont{\isa{equations}}[]
   356 \rail@end
   357 \rail@begin{4}{}
   358 \rail@bar
   359 \rail@term{\hyperlink{command.HOL.fun}{\mbox{\isa{\isacommand{fun}}}}}[]
   360 \rail@nextbar{1}
   361 \rail@term{\hyperlink{command.HOL.function}{\mbox{\isa{\isacommand{function}}}}}[]
   362 \rail@endbar
   363 \rail@bar
   364 \rail@nextbar{1}
   365 \rail@nont{\hyperlink{syntax.target}{\mbox{\isa{target}}}}[]
   366 \rail@endbar
   367 \rail@bar
   368 \rail@nextbar{1}
   369 \rail@nont{\isa{functionopts}}[]
   370 \rail@endbar
   371 \rail@nont{\hyperlink{syntax.fixes}{\mbox{\isa{fixes}}}}[]
   372 \rail@cr{3}
   373 \rail@term{\isa{\isakeyword{where}}}[]
   374 \rail@nont{\isa{equations}}[]
   375 \rail@end
   376 \rail@begin{3}{\isa{equations}}
   377 \rail@plus
   378 \rail@bar
   379 \rail@nextbar{1}
   380 \rail@nont{\hyperlink{syntax.thmdecl}{\mbox{\isa{thmdecl}}}}[]
   381 \rail@endbar
   382 \rail@nont{\hyperlink{syntax.prop}{\mbox{\isa{prop}}}}[]
   383 \rail@nextplus{2}
   384 \rail@cterm{\isa{{\isaliteral{7C}{\isacharbar}}}}[]
   385 \rail@endplus
   386 \rail@end
   387 \rail@begin{3}{\isa{functionopts}}
   388 \rail@term{\isa{{\isaliteral{28}{\isacharparenleft}}}}[]
   389 \rail@plus
   390 \rail@bar
   391 \rail@term{\isa{sequential}}[]
   392 \rail@nextbar{1}
   393 \rail@term{\isa{domintros}}[]
   394 \rail@endbar
   395 \rail@nextplus{2}
   396 \rail@cterm{\isa{{\isaliteral{2C}{\isacharcomma}}}}[]
   397 \rail@endplus
   398 \rail@term{\isa{{\isaliteral{29}{\isacharparenright}}}}[]
   399 \rail@end
   400 \rail@begin{2}{}
   401 \rail@term{\hyperlink{command.HOL.termination}{\mbox{\isa{\isacommand{termination}}}}}[]
   402 \rail@bar
   403 \rail@nextbar{1}
   404 \rail@nont{\hyperlink{syntax.term}{\mbox{\isa{term}}}}[]
   405 \rail@endbar
   406 \rail@end
   407 \end{railoutput}
   408 
   409 
   410   \begin{description}
   411 
   412   \item \hyperlink{command.HOL.primrec}{\mbox{\isa{\isacommand{primrec}}}} defines primitive recursive
   413   functions over datatypes (see also \indexref{HOL}{command}{datatype}\hyperlink{command.HOL.datatype}{\mbox{\isa{\isacommand{datatype}}}} and
   414   \indexref{HOL}{command}{rep\_datatype}\hyperlink{command.HOL.rep-datatype}{\mbox{\isa{\isacommand{rep{\isaliteral{5F}{\isacharunderscore}}datatype}}}}).  The given \isa{equations}
   415   specify reduction rules that are produced by instantiating the
   416   generic combinator for primitive recursion that is available for
   417   each datatype.
   418 
   419   Each equation needs to be of the form:
   420 
   421   \begin{isabelle}%
   422 {\isaliteral{22}{\isachardoublequote}}f\ x\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ x\isaliteral{5C3C5E7375623E}{}\isactrlsub m\ {\isaliteral{28}{\isacharparenleft}}C\ y\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ y\isaliteral{5C3C5E7375623E}{}\isactrlsub k{\isaliteral{29}{\isacharparenright}}\ z\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ z\isaliteral{5C3C5E7375623E}{}\isactrlsub n\ {\isaliteral{3D}{\isacharequal}}\ rhs{\isaliteral{22}{\isachardoublequote}}%
   423 \end{isabelle}
   424 
   425   such that \isa{C} is a datatype constructor, \isa{rhs} contains
   426   only the free variables on the left-hand side (or from the context),
   427   and all recursive occurrences of \isa{{\isaliteral{22}{\isachardoublequote}}f{\isaliteral{22}{\isachardoublequote}}} in \isa{{\isaliteral{22}{\isachardoublequote}}rhs{\isaliteral{22}{\isachardoublequote}}} are of
   428   the form \isa{{\isaliteral{22}{\isachardoublequote}}f\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ y\isaliteral{5C3C5E7375623E}{}\isactrlsub i\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{22}{\isachardoublequote}}} for some \isa{i}.  At most one
   429   reduction rule for each constructor can be given.  The order does
   430   not matter.  For missing constructors, the function is defined to
   431   return a default value, but this equation is made difficult to
   432   access for users.
   433 
   434   The reduction rules are declared as \hyperlink{attribute.simp}{\mbox{\isa{simp}}} by default,
   435   which enables standard proof methods like \hyperlink{method.simp}{\mbox{\isa{simp}}} and
   436   \hyperlink{method.auto}{\mbox{\isa{auto}}} to normalize expressions of \isa{{\isaliteral{22}{\isachardoublequote}}f{\isaliteral{22}{\isachardoublequote}}} applied to
   437   datatype constructions, by simulating symbolic computation via
   438   rewriting.
   439 
   440   \item \hyperlink{command.HOL.function}{\mbox{\isa{\isacommand{function}}}} defines functions by general
   441   wellfounded recursion. A detailed description with examples can be
   442   found in \cite{isabelle-function}. The function is specified by a
   443   set of (possibly conditional) recursive equations with arbitrary
   444   pattern matching. The command generates proof obligations for the
   445   completeness and the compatibility of patterns.
   446 
   447   The defined function is considered partial, and the resulting
   448   simplification rules (named \isa{{\isaliteral{22}{\isachardoublequote}}f{\isaliteral{2E}{\isachardot}}psimps{\isaliteral{22}{\isachardoublequote}}}) and induction rule
   449   (named \isa{{\isaliteral{22}{\isachardoublequote}}f{\isaliteral{2E}{\isachardot}}pinduct{\isaliteral{22}{\isachardoublequote}}}) are guarded by a generated domain
   450   predicate \isa{{\isaliteral{22}{\isachardoublequote}}f{\isaliteral{5F}{\isacharunderscore}}dom{\isaliteral{22}{\isachardoublequote}}}. The \hyperlink{command.HOL.termination}{\mbox{\isa{\isacommand{termination}}}}
   451   command can then be used to establish that the function is total.
   452 
   453   \item \hyperlink{command.HOL.fun}{\mbox{\isa{\isacommand{fun}}}} is a shorthand notation for ``\hyperlink{command.HOL.function}{\mbox{\isa{\isacommand{function}}}}~\isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}sequential{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}}, followed by automated
   454   proof attempts regarding pattern matching and termination.  See
   455   \cite{isabelle-function} for further details.
   456 
   457   \item \hyperlink{command.HOL.termination}{\mbox{\isa{\isacommand{termination}}}}~\isa{f} commences a
   458   termination proof for the previously defined function \isa{f}.  If
   459   this is omitted, the command refers to the most recent function
   460   definition.  After the proof is closed, the recursive equations and
   461   the induction principle is established.
   462 
   463   \end{description}
   464 
   465   Recursive definitions introduced by the \hyperlink{command.HOL.function}{\mbox{\isa{\isacommand{function}}}}
   466   command accommodate reasoning by induction (cf.\ \hyperlink{method.induct}{\mbox{\isa{induct}}}):
   467   rule \isa{{\isaliteral{22}{\isachardoublequote}}f{\isaliteral{2E}{\isachardot}}induct{\isaliteral{22}{\isachardoublequote}}} refers to a specific induction rule, with
   468   parameters named according to the user-specified equations. Cases
   469   are numbered starting from 1.  For \hyperlink{command.HOL.primrec}{\mbox{\isa{\isacommand{primrec}}}}, the
   470   induction principle coincides with structural recursion on the
   471   datatype where the recursion is carried out.
   472 
   473   The equations provided by these packages may be referred later as
   474   theorem list \isa{{\isaliteral{22}{\isachardoublequote}}f{\isaliteral{2E}{\isachardot}}simps{\isaliteral{22}{\isachardoublequote}}}, where \isa{f} is the (collective)
   475   name of the functions defined.  Individual equations may be named
   476   explicitly as well.
   477 
   478   The \hyperlink{command.HOL.function}{\mbox{\isa{\isacommand{function}}}} command accepts the following
   479   options.
   480 
   481   \begin{description}
   482 
   483   \item \isa{sequential} enables a preprocessor which disambiguates
   484   overlapping patterns by making them mutually disjoint.  Earlier
   485   equations take precedence over later ones.  This allows to give the
   486   specification in a format very similar to functional programming.
   487   Note that the resulting simplification and induction rules
   488   correspond to the transformed specification, not the one given
   489   originally. This usually means that each equation given by the user
   490   may result in several theorems.  Also note that this automatic
   491   transformation only works for ML-style datatype patterns.
   492 
   493   \item \isa{domintros} enables the automated generation of
   494   introduction rules for the domain predicate. While mostly not
   495   needed, they can be helpful in some proofs about partial functions.
   496 
   497   \end{description}%
   498 \end{isamarkuptext}%
   499 \isamarkuptrue%
   500 %
   501 \isamarkupsubsubsection{Example: evaluation of expressions%
   502 }
   503 \isamarkuptrue%
   504 %
   505 \begin{isamarkuptext}%
   506 Subsequently, we define mutual datatypes for arithmetic and
   507   boolean expressions, and use \hyperlink{command.primrec}{\mbox{\isa{\isacommand{primrec}}}} for evaluation
   508   functions that follow the same recursive structure.%
   509 \end{isamarkuptext}%
   510 \isamarkuptrue%
   511 \isacommand{datatype}\isamarkupfalse%
   512 \ {\isaliteral{27}{\isacharprime}}a\ aexp\ {\isaliteral{3D}{\isacharequal}}\isanewline
   513 \ \ \ \ IF\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{27}{\isacharprime}}a\ bexp{\isaliteral{22}{\isachardoublequoteclose}}\ \ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{27}{\isacharprime}}a\ aexp{\isaliteral{22}{\isachardoublequoteclose}}\ \ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{27}{\isacharprime}}a\ aexp{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   514 \ \ {\isaliteral{7C}{\isacharbar}}\ Sum\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{27}{\isacharprime}}a\ aexp{\isaliteral{22}{\isachardoublequoteclose}}\ \ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{27}{\isacharprime}}a\ aexp{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   515 \ \ {\isaliteral{7C}{\isacharbar}}\ Diff\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{27}{\isacharprime}}a\ aexp{\isaliteral{22}{\isachardoublequoteclose}}\ \ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{27}{\isacharprime}}a\ aexp{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   516 \ \ {\isaliteral{7C}{\isacharbar}}\ Var\ {\isaliteral{27}{\isacharprime}}a\isanewline
   517 \ \ {\isaliteral{7C}{\isacharbar}}\ Num\ nat\isanewline
   518 \isakeyword{and}\ {\isaliteral{27}{\isacharprime}}a\ bexp\ {\isaliteral{3D}{\isacharequal}}\isanewline
   519 \ \ \ \ Less\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{27}{\isacharprime}}a\ aexp{\isaliteral{22}{\isachardoublequoteclose}}\ \ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{27}{\isacharprime}}a\ aexp{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   520 \ \ {\isaliteral{7C}{\isacharbar}}\ And\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{27}{\isacharprime}}a\ bexp{\isaliteral{22}{\isachardoublequoteclose}}\ \ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{27}{\isacharprime}}a\ bexp{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   521 \ \ {\isaliteral{7C}{\isacharbar}}\ Neg\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{27}{\isacharprime}}a\ bexp{\isaliteral{22}{\isachardoublequoteclose}}%
   522 \begin{isamarkuptext}%
   523 \medskip Evaluation of arithmetic and boolean expressions%
   524 \end{isamarkuptext}%
   525 \isamarkuptrue%
   526 \isacommand{primrec}\isamarkupfalse%
   527 \ evala\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{27}{\isacharprime}}a\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ nat{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{27}{\isacharprime}}a\ aexp\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ nat{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   528 \ \ \isakeyword{and}\ evalb\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{27}{\isacharprime}}a\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ nat{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{27}{\isacharprime}}a\ bexp\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ bool{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   529 \isakeyword{where}\isanewline
   530 \ \ {\isaliteral{22}{\isachardoublequoteopen}}evala\ env\ {\isaliteral{28}{\isacharparenleft}}IF\ b\ a{\isadigit{1}}\ a{\isadigit{2}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ {\isaliteral{28}{\isacharparenleft}}if\ evalb\ env\ b\ then\ evala\ env\ a{\isadigit{1}}\ else\ evala\ env\ a{\isadigit{2}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   531 {\isaliteral{7C}{\isacharbar}}\ {\isaliteral{22}{\isachardoublequoteopen}}evala\ env\ {\isaliteral{28}{\isacharparenleft}}Sum\ a{\isadigit{1}}\ a{\isadigit{2}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ evala\ env\ a{\isadigit{1}}\ {\isaliteral{2B}{\isacharplus}}\ evala\ env\ a{\isadigit{2}}{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   532 {\isaliteral{7C}{\isacharbar}}\ {\isaliteral{22}{\isachardoublequoteopen}}evala\ env\ {\isaliteral{28}{\isacharparenleft}}Diff\ a{\isadigit{1}}\ a{\isadigit{2}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ evala\ env\ a{\isadigit{1}}\ {\isaliteral{2D}{\isacharminus}}\ evala\ env\ a{\isadigit{2}}{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   533 {\isaliteral{7C}{\isacharbar}}\ {\isaliteral{22}{\isachardoublequoteopen}}evala\ env\ {\isaliteral{28}{\isacharparenleft}}Var\ v{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ env\ v{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   534 {\isaliteral{7C}{\isacharbar}}\ {\isaliteral{22}{\isachardoublequoteopen}}evala\ env\ {\isaliteral{28}{\isacharparenleft}}Num\ n{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ n{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   535 {\isaliteral{7C}{\isacharbar}}\ {\isaliteral{22}{\isachardoublequoteopen}}evalb\ env\ {\isaliteral{28}{\isacharparenleft}}Less\ a{\isadigit{1}}\ a{\isadigit{2}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ {\isaliteral{28}{\isacharparenleft}}evala\ env\ a{\isadigit{1}}\ {\isaliteral{3C}{\isacharless}}\ evala\ env\ a{\isadigit{2}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   536 {\isaliteral{7C}{\isacharbar}}\ {\isaliteral{22}{\isachardoublequoteopen}}evalb\ env\ {\isaliteral{28}{\isacharparenleft}}And\ b{\isadigit{1}}\ b{\isadigit{2}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ {\isaliteral{28}{\isacharparenleft}}evalb\ env\ b{\isadigit{1}}\ {\isaliteral{5C3C616E643E}{\isasymand}}\ evalb\ env\ b{\isadigit{2}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   537 {\isaliteral{7C}{\isacharbar}}\ {\isaliteral{22}{\isachardoublequoteopen}}evalb\ env\ {\isaliteral{28}{\isacharparenleft}}Neg\ b{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ {\isaliteral{28}{\isacharparenleft}}{\isaliteral{5C3C6E6F743E}{\isasymnot}}\ evalb\ env\ b{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequoteclose}}%
   538 \begin{isamarkuptext}%
   539 Since the value of an expression depends on the value of its
   540   variables, the functions \isa{evala} and \isa{evalb} take an
   541   additional parameter, an \emph{environment} that maps variables to
   542   their values.
   543 
   544   \medskip Substitution on expressions can be defined similarly.  The
   545   mapping \isa{f} of type \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{27}{\isacharprime}}a\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{27}{\isacharprime}}a\ aexp{\isaliteral{22}{\isachardoublequote}}} given as a
   546   parameter is lifted canonically on the types \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{27}{\isacharprime}}a\ aexp{\isaliteral{22}{\isachardoublequote}}} and
   547   \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{27}{\isacharprime}}a\ bexp{\isaliteral{22}{\isachardoublequote}}}, respectively.%
   548 \end{isamarkuptext}%
   549 \isamarkuptrue%
   550 \isacommand{primrec}\isamarkupfalse%
   551 \ substa\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{27}{\isacharprime}}a\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{27}{\isacharprime}}b\ aexp{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{27}{\isacharprime}}a\ aexp\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{27}{\isacharprime}}b\ aexp{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   552 \ \ \isakeyword{and}\ substb\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{27}{\isacharprime}}a\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{27}{\isacharprime}}b\ aexp{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{27}{\isacharprime}}a\ bexp\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{27}{\isacharprime}}b\ bexp{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   553 \isakeyword{where}\isanewline
   554 \ \ {\isaliteral{22}{\isachardoublequoteopen}}substa\ f\ {\isaliteral{28}{\isacharparenleft}}IF\ b\ a{\isadigit{1}}\ a{\isadigit{2}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ IF\ {\isaliteral{28}{\isacharparenleft}}substb\ f\ b{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{28}{\isacharparenleft}}substa\ f\ a{\isadigit{1}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{28}{\isacharparenleft}}substa\ f\ a{\isadigit{2}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   555 {\isaliteral{7C}{\isacharbar}}\ {\isaliteral{22}{\isachardoublequoteopen}}substa\ f\ {\isaliteral{28}{\isacharparenleft}}Sum\ a{\isadigit{1}}\ a{\isadigit{2}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ Sum\ {\isaliteral{28}{\isacharparenleft}}substa\ f\ a{\isadigit{1}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{28}{\isacharparenleft}}substa\ f\ a{\isadigit{2}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   556 {\isaliteral{7C}{\isacharbar}}\ {\isaliteral{22}{\isachardoublequoteopen}}substa\ f\ {\isaliteral{28}{\isacharparenleft}}Diff\ a{\isadigit{1}}\ a{\isadigit{2}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ Diff\ {\isaliteral{28}{\isacharparenleft}}substa\ f\ a{\isadigit{1}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{28}{\isacharparenleft}}substa\ f\ a{\isadigit{2}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   557 {\isaliteral{7C}{\isacharbar}}\ {\isaliteral{22}{\isachardoublequoteopen}}substa\ f\ {\isaliteral{28}{\isacharparenleft}}Var\ v{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ f\ v{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   558 {\isaliteral{7C}{\isacharbar}}\ {\isaliteral{22}{\isachardoublequoteopen}}substa\ f\ {\isaliteral{28}{\isacharparenleft}}Num\ n{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ Num\ n{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   559 {\isaliteral{7C}{\isacharbar}}\ {\isaliteral{22}{\isachardoublequoteopen}}substb\ f\ {\isaliteral{28}{\isacharparenleft}}Less\ a{\isadigit{1}}\ a{\isadigit{2}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ Less\ {\isaliteral{28}{\isacharparenleft}}substa\ f\ a{\isadigit{1}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{28}{\isacharparenleft}}substa\ f\ a{\isadigit{2}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   560 {\isaliteral{7C}{\isacharbar}}\ {\isaliteral{22}{\isachardoublequoteopen}}substb\ f\ {\isaliteral{28}{\isacharparenleft}}And\ b{\isadigit{1}}\ b{\isadigit{2}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ And\ {\isaliteral{28}{\isacharparenleft}}substb\ f\ b{\isadigit{1}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{28}{\isacharparenleft}}substb\ f\ b{\isadigit{2}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   561 {\isaliteral{7C}{\isacharbar}}\ {\isaliteral{22}{\isachardoublequoteopen}}substb\ f\ {\isaliteral{28}{\isacharparenleft}}Neg\ b{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ Neg\ {\isaliteral{28}{\isacharparenleft}}substb\ f\ b{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequoteclose}}%
   562 \begin{isamarkuptext}%
   563 In textbooks about semantics one often finds substitution
   564   theorems, which express the relationship between substitution and
   565   evaluation.  For \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{27}{\isacharprime}}a\ aexp{\isaliteral{22}{\isachardoublequote}}} and \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{27}{\isacharprime}}a\ bexp{\isaliteral{22}{\isachardoublequote}}}, we can prove
   566   such a theorem by mutual induction, followed by simplification.%
   567 \end{isamarkuptext}%
   568 \isamarkuptrue%
   569 \isacommand{lemma}\isamarkupfalse%
   570 \ subst{\isaliteral{5F}{\isacharunderscore}}one{\isaliteral{3A}{\isacharcolon}}\isanewline
   571 \ \ {\isaliteral{22}{\isachardoublequoteopen}}evala\ env\ {\isaliteral{28}{\isacharparenleft}}substa\ {\isaliteral{28}{\isacharparenleft}}Var\ {\isaliteral{28}{\isacharparenleft}}v\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3D}{\isacharequal}}\ a{\isaliteral{27}{\isacharprime}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{29}{\isacharparenright}}\ a{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ evala\ {\isaliteral{28}{\isacharparenleft}}env\ {\isaliteral{28}{\isacharparenleft}}v\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3D}{\isacharequal}}\ evala\ env\ a{\isaliteral{27}{\isacharprime}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{29}{\isacharparenright}}\ a{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   572 \ \ {\isaliteral{22}{\isachardoublequoteopen}}evalb\ env\ {\isaliteral{28}{\isacharparenleft}}substb\ {\isaliteral{28}{\isacharparenleft}}Var\ {\isaliteral{28}{\isacharparenleft}}v\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3D}{\isacharequal}}\ a{\isaliteral{27}{\isacharprime}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{29}{\isacharparenright}}\ b{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ evalb\ {\isaliteral{28}{\isacharparenleft}}env\ {\isaliteral{28}{\isacharparenleft}}v\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3D}{\isacharequal}}\ evala\ env\ a{\isaliteral{27}{\isacharprime}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{29}{\isacharparenright}}\ b{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   573 %
   574 \isadelimproof
   575 \ \ %
   576 \endisadelimproof
   577 %
   578 \isatagproof
   579 \isacommand{by}\isamarkupfalse%
   580 \ {\isaliteral{28}{\isacharparenleft}}induct\ a\ \isakeyword{and}\ b{\isaliteral{29}{\isacharparenright}}\ simp{\isaliteral{5F}{\isacharunderscore}}all%
   581 \endisatagproof
   582 {\isafoldproof}%
   583 %
   584 \isadelimproof
   585 \isanewline
   586 %
   587 \endisadelimproof
   588 \isanewline
   589 \isacommand{lemma}\isamarkupfalse%
   590 \ subst{\isaliteral{5F}{\isacharunderscore}}all{\isaliteral{3A}{\isacharcolon}}\isanewline
   591 \ \ {\isaliteral{22}{\isachardoublequoteopen}}evala\ env\ {\isaliteral{28}{\isacharparenleft}}substa\ s\ a{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ evala\ {\isaliteral{28}{\isacharparenleft}}{\isaliteral{5C3C6C616D6264613E}{\isasymlambda}}x{\isaliteral{2E}{\isachardot}}\ evala\ env\ {\isaliteral{28}{\isacharparenleft}}s\ x{\isaliteral{29}{\isacharparenright}}{\isaliteral{29}{\isacharparenright}}\ a{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   592 \ \ {\isaliteral{22}{\isachardoublequoteopen}}evalb\ env\ {\isaliteral{28}{\isacharparenleft}}substb\ s\ b{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ evalb\ {\isaliteral{28}{\isacharparenleft}}{\isaliteral{5C3C6C616D6264613E}{\isasymlambda}}x{\isaliteral{2E}{\isachardot}}\ evala\ env\ {\isaliteral{28}{\isacharparenleft}}s\ x{\isaliteral{29}{\isacharparenright}}{\isaliteral{29}{\isacharparenright}}\ b{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   593 %
   594 \isadelimproof
   595 \ \ %
   596 \endisadelimproof
   597 %
   598 \isatagproof
   599 \isacommand{by}\isamarkupfalse%
   600 \ {\isaliteral{28}{\isacharparenleft}}induct\ a\ \isakeyword{and}\ b{\isaliteral{29}{\isacharparenright}}\ simp{\isaliteral{5F}{\isacharunderscore}}all%
   601 \endisatagproof
   602 {\isafoldproof}%
   603 %
   604 \isadelimproof
   605 %
   606 \endisadelimproof
   607 %
   608 \isamarkupsubsubsection{Example: a substitution function for terms%
   609 }
   610 \isamarkuptrue%
   611 %
   612 \begin{isamarkuptext}%
   613 Functions on datatypes with nested recursion are also defined
   614   by mutual primitive recursion.%
   615 \end{isamarkuptext}%
   616 \isamarkuptrue%
   617 \isacommand{datatype}\isamarkupfalse%
   618 \ {\isaliteral{28}{\isacharparenleft}}{\isaliteral{27}{\isacharprime}}a{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{27}{\isacharprime}}b{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{22}{\isachardoublequoteopen}}term{\isaliteral{22}{\isachardoublequoteclose}}\ {\isaliteral{3D}{\isacharequal}}\ Var\ {\isaliteral{27}{\isacharprime}}a\ {\isaliteral{7C}{\isacharbar}}\ App\ {\isaliteral{27}{\isacharprime}}b\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{27}{\isacharprime}}a{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{27}{\isacharprime}}b{\isaliteral{29}{\isacharparenright}}\ term\ list{\isaliteral{22}{\isachardoublequoteclose}}%
   619 \begin{isamarkuptext}%
   620 A substitution function on type \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{27}{\isacharprime}}a{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{27}{\isacharprime}}b{\isaliteral{29}{\isacharparenright}}\ term{\isaliteral{22}{\isachardoublequote}}} can be
   621   defined as follows, by working simultaneously on \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{27}{\isacharprime}}a{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{27}{\isacharprime}}b{\isaliteral{29}{\isacharparenright}}\ term\ list{\isaliteral{22}{\isachardoublequote}}}:%
   622 \end{isamarkuptext}%
   623 \isamarkuptrue%
   624 \isacommand{primrec}\isamarkupfalse%
   625 \ subst{\isaliteral{5F}{\isacharunderscore}}term\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{27}{\isacharprime}}a\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{28}{\isacharparenleft}}{\isaliteral{27}{\isacharprime}}a{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{27}{\isacharprime}}b{\isaliteral{29}{\isacharparenright}}\ term{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{28}{\isacharparenleft}}{\isaliteral{27}{\isacharprime}}a{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{27}{\isacharprime}}b{\isaliteral{29}{\isacharparenright}}\ term\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{28}{\isacharparenleft}}{\isaliteral{27}{\isacharprime}}a{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{27}{\isacharprime}}b{\isaliteral{29}{\isacharparenright}}\ term{\isaliteral{22}{\isachardoublequoteclose}}\ \isakeyword{and}\isanewline
   626 \ \ subst{\isaliteral{5F}{\isacharunderscore}}term{\isaliteral{5F}{\isacharunderscore}}list\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{27}{\isacharprime}}a\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{28}{\isacharparenleft}}{\isaliteral{27}{\isacharprime}}a{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{27}{\isacharprime}}b{\isaliteral{29}{\isacharparenright}}\ term{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{28}{\isacharparenleft}}{\isaliteral{27}{\isacharprime}}a{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{27}{\isacharprime}}b{\isaliteral{29}{\isacharparenright}}\ term\ list\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{28}{\isacharparenleft}}{\isaliteral{27}{\isacharprime}}a{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{27}{\isacharprime}}b{\isaliteral{29}{\isacharparenright}}\ term\ list{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   627 \isakeyword{where}\isanewline
   628 \ \ {\isaliteral{22}{\isachardoublequoteopen}}subst{\isaliteral{5F}{\isacharunderscore}}term\ f\ {\isaliteral{28}{\isacharparenleft}}Var\ a{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ f\ a{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   629 {\isaliteral{7C}{\isacharbar}}\ {\isaliteral{22}{\isachardoublequoteopen}}subst{\isaliteral{5F}{\isacharunderscore}}term\ f\ {\isaliteral{28}{\isacharparenleft}}App\ b\ ts{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ App\ b\ {\isaliteral{28}{\isacharparenleft}}subst{\isaliteral{5F}{\isacharunderscore}}term{\isaliteral{5F}{\isacharunderscore}}list\ f\ ts{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   630 {\isaliteral{7C}{\isacharbar}}\ {\isaliteral{22}{\isachardoublequoteopen}}subst{\isaliteral{5F}{\isacharunderscore}}term{\isaliteral{5F}{\isacharunderscore}}list\ f\ {\isaliteral{5B}{\isacharbrackleft}}{\isaliteral{5D}{\isacharbrackright}}\ {\isaliteral{3D}{\isacharequal}}\ {\isaliteral{5B}{\isacharbrackleft}}{\isaliteral{5D}{\isacharbrackright}}{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   631 {\isaliteral{7C}{\isacharbar}}\ {\isaliteral{22}{\isachardoublequoteopen}}subst{\isaliteral{5F}{\isacharunderscore}}term{\isaliteral{5F}{\isacharunderscore}}list\ f\ {\isaliteral{28}{\isacharparenleft}}t\ {\isaliteral{23}{\isacharhash}}\ ts{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ subst{\isaliteral{5F}{\isacharunderscore}}term\ f\ t\ {\isaliteral{23}{\isacharhash}}\ subst{\isaliteral{5F}{\isacharunderscore}}term{\isaliteral{5F}{\isacharunderscore}}list\ f\ ts{\isaliteral{22}{\isachardoublequoteclose}}%
   632 \begin{isamarkuptext}%
   633 The recursion scheme follows the structure of the unfolded
   634   definition of type \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{27}{\isacharprime}}a{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{27}{\isacharprime}}b{\isaliteral{29}{\isacharparenright}}\ term{\isaliteral{22}{\isachardoublequote}}}.  To prove properties of this
   635   substitution function, mutual induction is needed:%
   636 \end{isamarkuptext}%
   637 \isamarkuptrue%
   638 \isacommand{lemma}\isamarkupfalse%
   639 \ {\isaliteral{22}{\isachardoublequoteopen}}subst{\isaliteral{5F}{\isacharunderscore}}term\ {\isaliteral{28}{\isacharparenleft}}subst{\isaliteral{5F}{\isacharunderscore}}term\ f{\isadigit{1}}\ {\isaliteral{5C3C636972633E}{\isasymcirc}}\ f{\isadigit{2}}{\isaliteral{29}{\isacharparenright}}\ t\ {\isaliteral{3D}{\isacharequal}}\ subst{\isaliteral{5F}{\isacharunderscore}}term\ f{\isadigit{1}}\ {\isaliteral{28}{\isacharparenleft}}subst{\isaliteral{5F}{\isacharunderscore}}term\ f{\isadigit{2}}\ t{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequoteclose}}\ \isakeyword{and}\isanewline
   640 \ \ {\isaliteral{22}{\isachardoublequoteopen}}subst{\isaliteral{5F}{\isacharunderscore}}term{\isaliteral{5F}{\isacharunderscore}}list\ {\isaliteral{28}{\isacharparenleft}}subst{\isaliteral{5F}{\isacharunderscore}}term\ f{\isadigit{1}}\ {\isaliteral{5C3C636972633E}{\isasymcirc}}\ f{\isadigit{2}}{\isaliteral{29}{\isacharparenright}}\ ts\ {\isaliteral{3D}{\isacharequal}}\ subst{\isaliteral{5F}{\isacharunderscore}}term{\isaliteral{5F}{\isacharunderscore}}list\ f{\isadigit{1}}\ {\isaliteral{28}{\isacharparenleft}}subst{\isaliteral{5F}{\isacharunderscore}}term{\isaliteral{5F}{\isacharunderscore}}list\ f{\isadigit{2}}\ ts{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   641 %
   642 \isadelimproof
   643 \ \ %
   644 \endisadelimproof
   645 %
   646 \isatagproof
   647 \isacommand{by}\isamarkupfalse%
   648 \ {\isaliteral{28}{\isacharparenleft}}induct\ t\ \isakeyword{and}\ ts{\isaliteral{29}{\isacharparenright}}\ simp{\isaliteral{5F}{\isacharunderscore}}all%
   649 \endisatagproof
   650 {\isafoldproof}%
   651 %
   652 \isadelimproof
   653 %
   654 \endisadelimproof
   655 %
   656 \isamarkupsubsubsection{Example: a map function for infinitely branching trees%
   657 }
   658 \isamarkuptrue%
   659 %
   660 \begin{isamarkuptext}%
   661 Defining functions on infinitely branching datatypes by
   662   primitive recursion is just as easy.%
   663 \end{isamarkuptext}%
   664 \isamarkuptrue%
   665 \isacommand{datatype}\isamarkupfalse%
   666 \ {\isaliteral{27}{\isacharprime}}a\ tree\ {\isaliteral{3D}{\isacharequal}}\ Atom\ {\isaliteral{27}{\isacharprime}}a\ {\isaliteral{7C}{\isacharbar}}\ Branch\ {\isaliteral{22}{\isachardoublequoteopen}}nat\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{27}{\isacharprime}}a\ tree{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   667 \isanewline
   668 \isacommand{primrec}\isamarkupfalse%
   669 \ map{\isaliteral{5F}{\isacharunderscore}}tree\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{27}{\isacharprime}}a\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{27}{\isacharprime}}b{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{27}{\isacharprime}}a\ tree\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{27}{\isacharprime}}b\ tree{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   670 \isakeyword{where}\isanewline
   671 \ \ {\isaliteral{22}{\isachardoublequoteopen}}map{\isaliteral{5F}{\isacharunderscore}}tree\ f\ {\isaliteral{28}{\isacharparenleft}}Atom\ a{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ Atom\ {\isaliteral{28}{\isacharparenleft}}f\ a{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   672 {\isaliteral{7C}{\isacharbar}}\ {\isaliteral{22}{\isachardoublequoteopen}}map{\isaliteral{5F}{\isacharunderscore}}tree\ f\ {\isaliteral{28}{\isacharparenleft}}Branch\ ts{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ Branch\ {\isaliteral{28}{\isacharparenleft}}{\isaliteral{5C3C6C616D6264613E}{\isasymlambda}}x{\isaliteral{2E}{\isachardot}}\ map{\isaliteral{5F}{\isacharunderscore}}tree\ f\ {\isaliteral{28}{\isacharparenleft}}ts\ x{\isaliteral{29}{\isacharparenright}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequoteclose}}%
   673 \begin{isamarkuptext}%
   674 Note that all occurrences of functions such as \isa{ts}
   675   above must be applied to an argument.  In particular, \isa{{\isaliteral{22}{\isachardoublequote}}map{\isaliteral{5F}{\isacharunderscore}}tree\ f\ {\isaliteral{5C3C636972633E}{\isasymcirc}}\ ts{\isaliteral{22}{\isachardoublequote}}} is not allowed here.%
   676 \end{isamarkuptext}%
   677 \isamarkuptrue%
   678 %
   679 \begin{isamarkuptext}%
   680 Here is a simple composition lemma for \isa{map{\isaliteral{5F}{\isacharunderscore}}tree}:%
   681 \end{isamarkuptext}%
   682 \isamarkuptrue%
   683 \isacommand{lemma}\isamarkupfalse%
   684 \ {\isaliteral{22}{\isachardoublequoteopen}}map{\isaliteral{5F}{\isacharunderscore}}tree\ g\ {\isaliteral{28}{\isacharparenleft}}map{\isaliteral{5F}{\isacharunderscore}}tree\ f\ t{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ map{\isaliteral{5F}{\isacharunderscore}}tree\ {\isaliteral{28}{\isacharparenleft}}g\ {\isaliteral{5C3C636972633E}{\isasymcirc}}\ f{\isaliteral{29}{\isacharparenright}}\ t{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
   685 %
   686 \isadelimproof
   687 \ \ %
   688 \endisadelimproof
   689 %
   690 \isatagproof
   691 \isacommand{by}\isamarkupfalse%
   692 \ {\isaliteral{28}{\isacharparenleft}}induct\ t{\isaliteral{29}{\isacharparenright}}\ simp{\isaliteral{5F}{\isacharunderscore}}all%
   693 \endisatagproof
   694 {\isafoldproof}%
   695 %
   696 \isadelimproof
   697 %
   698 \endisadelimproof
   699 %
   700 \isamarkupsubsection{Proof methods related to recursive definitions%
   701 }
   702 \isamarkuptrue%
   703 %
   704 \begin{isamarkuptext}%
   705 \begin{matharray}{rcl}
   706     \indexdef{HOL}{method}{pat\_completeness}\hypertarget{method.HOL.pat-completeness}{\hyperlink{method.HOL.pat-completeness}{\mbox{\isa{pat{\isaliteral{5F}{\isacharunderscore}}completeness}}}} & : & \isa{method} \\
   707     \indexdef{HOL}{method}{relation}\hypertarget{method.HOL.relation}{\hyperlink{method.HOL.relation}{\mbox{\isa{relation}}}} & : & \isa{method} \\
   708     \indexdef{HOL}{method}{lexicographic\_order}\hypertarget{method.HOL.lexicographic-order}{\hyperlink{method.HOL.lexicographic-order}{\mbox{\isa{lexicographic{\isaliteral{5F}{\isacharunderscore}}order}}}} & : & \isa{method} \\
   709     \indexdef{HOL}{method}{size\_change}\hypertarget{method.HOL.size-change}{\hyperlink{method.HOL.size-change}{\mbox{\isa{size{\isaliteral{5F}{\isacharunderscore}}change}}}} & : & \isa{method} \\
   710     \indexdef{HOL}{method}{induction\_schema}\hypertarget{method.HOL.induction-schema}{\hyperlink{method.HOL.induction-schema}{\mbox{\isa{induction{\isaliteral{5F}{\isacharunderscore}}schema}}}} & : & \isa{method} \\
   711   \end{matharray}
   712 
   713   \begin{railoutput}
   714 \rail@begin{1}{}
   715 \rail@term{\hyperlink{method.HOL.relation}{\mbox{\isa{relation}}}}[]
   716 \rail@nont{\hyperlink{syntax.term}{\mbox{\isa{term}}}}[]
   717 \rail@end
   718 \rail@begin{2}{}
   719 \rail@term{\hyperlink{method.HOL.lexicographic-order}{\mbox{\isa{lexicographic{\isaliteral{5F}{\isacharunderscore}}order}}}}[]
   720 \rail@plus
   721 \rail@nextplus{1}
   722 \rail@cnont{\hyperlink{syntax.clasimpmod}{\mbox{\isa{clasimpmod}}}}[]
   723 \rail@endplus
   724 \rail@end
   725 \rail@begin{2}{}
   726 \rail@term{\hyperlink{method.HOL.size-change}{\mbox{\isa{size{\isaliteral{5F}{\isacharunderscore}}change}}}}[]
   727 \rail@nont{\isa{orders}}[]
   728 \rail@plus
   729 \rail@nextplus{1}
   730 \rail@cnont{\hyperlink{syntax.clasimpmod}{\mbox{\isa{clasimpmod}}}}[]
   731 \rail@endplus
   732 \rail@end
   733 \rail@begin{1}{}
   734 \rail@term{\hyperlink{method.HOL.induction-schema}{\mbox{\isa{induction{\isaliteral{5F}{\isacharunderscore}}schema}}}}[]
   735 \rail@end
   736 \rail@begin{4}{\isa{orders}}
   737 \rail@plus
   738 \rail@nextplus{1}
   739 \rail@bar
   740 \rail@term{\isa{max}}[]
   741 \rail@nextbar{2}
   742 \rail@term{\isa{min}}[]
   743 \rail@nextbar{3}
   744 \rail@term{\isa{ms}}[]
   745 \rail@endbar
   746 \rail@endplus
   747 \rail@end
   748 \end{railoutput}
   749 
   750 
   751   \begin{description}
   752 
   753   \item \hyperlink{method.HOL.pat-completeness}{\mbox{\isa{pat{\isaliteral{5F}{\isacharunderscore}}completeness}}} is a specialized method to
   754   solve goals regarding the completeness of pattern matching, as
   755   required by the \hyperlink{command.HOL.function}{\mbox{\isa{\isacommand{function}}}} package (cf.\
   756   \cite{isabelle-function}).
   757 
   758   \item \hyperlink{method.HOL.relation}{\mbox{\isa{relation}}}~\isa{R} introduces a termination
   759   proof using the relation \isa{R}.  The resulting proof state will
   760   contain goals expressing that \isa{R} is wellfounded, and that the
   761   arguments of recursive calls decrease with respect to \isa{R}.
   762   Usually, this method is used as the initial proof step of manual
   763   termination proofs.
   764 
   765   \item \hyperlink{method.HOL.lexicographic-order}{\mbox{\isa{lexicographic{\isaliteral{5F}{\isacharunderscore}}order}}} attempts a fully
   766   automated termination proof by searching for a lexicographic
   767   combination of size measures on the arguments of the function. The
   768   method accepts the same arguments as the \hyperlink{method.auto}{\mbox{\isa{auto}}} method,
   769   which it uses internally to prove local descents.  The \hyperlink{syntax.clasimpmod}{\mbox{\isa{clasimpmod}}} modifiers are accepted (as for \hyperlink{method.auto}{\mbox{\isa{auto}}}).
   770 
   771   In case of failure, extensive information is printed, which can help
   772   to analyse the situation (cf.\ \cite{isabelle-function}).
   773 
   774   \item \hyperlink{method.HOL.size-change}{\mbox{\isa{size{\isaliteral{5F}{\isacharunderscore}}change}}} also works on termination goals,
   775   using a variation of the size-change principle, together with a
   776   graph decomposition technique (see \cite{krauss_phd} for details).
   777   Three kinds of orders are used internally: \isa{max}, \isa{min},
   778   and \isa{ms} (multiset), which is only available when the theory
   779   \isa{Multiset} is loaded. When no order kinds are given, they are
   780   tried in order. The search for a termination proof uses SAT solving
   781   internally.
   782 
   783   For local descent proofs, the \hyperlink{syntax.clasimpmod}{\mbox{\isa{clasimpmod}}} modifiers are
   784   accepted (as for \hyperlink{method.auto}{\mbox{\isa{auto}}}).
   785 
   786   \item \hyperlink{method.HOL.induction-schema}{\mbox{\isa{induction{\isaliteral{5F}{\isacharunderscore}}schema}}} derives user-specified
   787    induction rules from well-founded induction and completeness of
   788    patterns. This factors out some operations that are done internally
   789    by the function package and makes them available separately. See
   790    \verb|~~/src/HOL/ex/Induction_Schema.thy| for examples.
   791 
   792   \end{description}%
   793 \end{isamarkuptext}%
   794 \isamarkuptrue%
   795 %
   796 \isamarkupsubsection{Functions with explicit partiality%
   797 }
   798 \isamarkuptrue%
   799 %
   800 \begin{isamarkuptext}%
   801 \begin{matharray}{rcl}
   802     \indexdef{HOL}{command}{partial\_function}\hypertarget{command.HOL.partial-function}{\hyperlink{command.HOL.partial-function}{\mbox{\isa{\isacommand{partial{\isaliteral{5F}{\isacharunderscore}}function}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}local{\isaliteral{5F}{\isacharunderscore}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ local{\isaliteral{5F}{\isacharunderscore}}theory{\isaliteral{22}{\isachardoublequote}}} \\
   803     \indexdef{HOL}{attribute}{partial\_function\_mono}\hypertarget{attribute.HOL.partial-function-mono}{\hyperlink{attribute.HOL.partial-function-mono}{\mbox{\isa{partial{\isaliteral{5F}{\isacharunderscore}}function{\isaliteral{5F}{\isacharunderscore}}mono}}}} & : & \isa{attribute} \\
   804   \end{matharray}
   805 
   806   \begin{railoutput}
   807 \rail@begin{5}{}
   808 \rail@term{\hyperlink{command.HOL.partial-function}{\mbox{\isa{\isacommand{partial{\isaliteral{5F}{\isacharunderscore}}function}}}}}[]
   809 \rail@bar
   810 \rail@nextbar{1}
   811 \rail@nont{\hyperlink{syntax.target}{\mbox{\isa{target}}}}[]
   812 \rail@endbar
   813 \rail@term{\isa{{\isaliteral{28}{\isacharparenleft}}}}[]
   814 \rail@nont{\hyperlink{syntax.nameref}{\mbox{\isa{nameref}}}}[]
   815 \rail@term{\isa{{\isaliteral{29}{\isacharparenright}}}}[]
   816 \rail@nont{\hyperlink{syntax.fixes}{\mbox{\isa{fixes}}}}[]
   817 \rail@cr{3}
   818 \rail@term{\isa{\isakeyword{where}}}[]
   819 \rail@bar
   820 \rail@nextbar{4}
   821 \rail@nont{\hyperlink{syntax.thmdecl}{\mbox{\isa{thmdecl}}}}[]
   822 \rail@endbar
   823 \rail@nont{\hyperlink{syntax.prop}{\mbox{\isa{prop}}}}[]
   824 \rail@end
   825 \end{railoutput}
   826 
   827 
   828   \begin{description}
   829 
   830   \item \hyperlink{command.HOL.partial-function}{\mbox{\isa{\isacommand{partial{\isaliteral{5F}{\isacharunderscore}}function}}}}~\isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}mode{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}} defines
   831   recursive functions based on fixpoints in complete partial
   832   orders. No termination proof is required from the user or
   833   constructed internally. Instead, the possibility of non-termination
   834   is modelled explicitly in the result type, which contains an
   835   explicit bottom element.
   836 
   837   Pattern matching and mutual recursion are currently not supported.
   838   Thus, the specification consists of a single function described by a
   839   single recursive equation.
   840 
   841   There are no fixed syntactic restrictions on the body of the
   842   function, but the induced functional must be provably monotonic
   843   wrt.\ the underlying order.  The monotonicitity proof is performed
   844   internally, and the definition is rejected when it fails. The proof
   845   can be influenced by declaring hints using the
   846   \hyperlink{attribute.HOL.partial-function-mono}{\mbox{\isa{partial{\isaliteral{5F}{\isacharunderscore}}function{\isaliteral{5F}{\isacharunderscore}}mono}}} attribute.
   847 
   848   The mandatory \isa{mode} argument specifies the mode of operation
   849   of the command, which directly corresponds to a complete partial
   850   order on the result type. By default, the following modes are
   851   defined:
   852 
   853   \begin{description}
   854   \item \isa{option} defines functions that map into the \isa{option} type. Here, the value \isa{None} is used to model a
   855   non-terminating computation. Monotonicity requires that if \isa{None} is returned by a recursive call, then the overall result
   856   must also be \isa{None}. This is best achieved through the use of
   857   the monadic operator \isa{{\isaliteral{22}{\isachardoublequote}}Option{\isaliteral{2E}{\isachardot}}bind{\isaliteral{22}{\isachardoublequote}}}.
   858 
   859   \item \isa{tailrec} defines functions with an arbitrary result
   860   type and uses the slightly degenerated partial order where \isa{{\isaliteral{22}{\isachardoublequote}}undefined{\isaliteral{22}{\isachardoublequote}}} is the bottom element.  Now, monotonicity requires that
   861   if \isa{undefined} is returned by a recursive call, then the
   862   overall result must also be \isa{undefined}. In practice, this is
   863   only satisfied when each recursive call is a tail call, whose result
   864   is directly returned. Thus, this mode of operation allows the
   865   definition of arbitrary tail-recursive functions.
   866   \end{description}
   867 
   868   Experienced users may define new modes by instantiating the locale
   869   \isa{{\isaliteral{22}{\isachardoublequote}}partial{\isaliteral{5F}{\isacharunderscore}}function{\isaliteral{5F}{\isacharunderscore}}definitions{\isaliteral{22}{\isachardoublequote}}} appropriately.
   870 
   871   \item \hyperlink{attribute.HOL.partial-function-mono}{\mbox{\isa{partial{\isaliteral{5F}{\isacharunderscore}}function{\isaliteral{5F}{\isacharunderscore}}mono}}} declares rules for
   872   use in the internal monononicity proofs of partial function
   873   definitions.
   874 
   875   \end{description}%
   876 \end{isamarkuptext}%
   877 \isamarkuptrue%
   878 %
   879 \isamarkupsubsection{Old-style recursive function definitions (TFL)%
   880 }
   881 \isamarkuptrue%
   882 %
   883 \begin{isamarkuptext}%
   884 The old TFL commands \hyperlink{command.HOL.recdef}{\mbox{\isa{\isacommand{recdef}}}} and \hyperlink{command.HOL.recdef-tc}{\mbox{\isa{\isacommand{recdef{\isaliteral{5F}{\isacharunderscore}}tc}}}} for defining recursive are mostly obsolete; \hyperlink{command.HOL.function}{\mbox{\isa{\isacommand{function}}}} or \hyperlink{command.HOL.fun}{\mbox{\isa{\isacommand{fun}}}} should be used instead.
   885 
   886   \begin{matharray}{rcl}
   887     \indexdef{HOL}{command}{recdef}\hypertarget{command.HOL.recdef}{\hyperlink{command.HOL.recdef}{\mbox{\isa{\isacommand{recdef}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ theory{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}} \\
   888     \indexdef{HOL}{command}{recdef\_tc}\hypertarget{command.HOL.recdef-tc}{\hyperlink{command.HOL.recdef-tc}{\mbox{\isa{\isacommand{recdef{\isaliteral{5F}{\isacharunderscore}}tc}}}}}\isa{{\isaliteral{22}{\isachardoublequote}}\isaliteral{5C3C5E7375703E}{}\isactrlsup {\isaliteral{2A}{\isacharasterisk}}{\isaliteral{22}{\isachardoublequote}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ proof{\isaliteral{28}{\isacharparenleft}}prove{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}} \\
   889   \end{matharray}
   890 
   891   \begin{railoutput}
   892 \rail@begin{5}{}
   893 \rail@term{\hyperlink{command.HOL.recdef}{\mbox{\isa{\isacommand{recdef}}}}}[]
   894 \rail@bar
   895 \rail@nextbar{1}
   896 \rail@term{\isa{{\isaliteral{28}{\isacharparenleft}}}}[]
   897 \rail@term{\isa{\isakeyword{permissive}}}[]
   898 \rail@term{\isa{{\isaliteral{29}{\isacharparenright}}}}[]
   899 \rail@endbar
   900 \rail@cr{3}
   901 \rail@nont{\hyperlink{syntax.name}{\mbox{\isa{name}}}}[]
   902 \rail@nont{\hyperlink{syntax.term}{\mbox{\isa{term}}}}[]
   903 \rail@plus
   904 \rail@nont{\hyperlink{syntax.prop}{\mbox{\isa{prop}}}}[]
   905 \rail@nextplus{4}
   906 \rail@endplus
   907 \rail@bar
   908 \rail@nextbar{4}
   909 \rail@nont{\isa{hints}}[]
   910 \rail@endbar
   911 \rail@end
   912 \rail@begin{2}{}
   913 \rail@nont{\isa{recdeftc}}[]
   914 \rail@bar
   915 \rail@nextbar{1}
   916 \rail@nont{\hyperlink{syntax.thmdecl}{\mbox{\isa{thmdecl}}}}[]
   917 \rail@endbar
   918 \rail@nont{\isa{tc}}[]
   919 \rail@end
   920 \rail@begin{2}{\isa{hints}}
   921 \rail@term{\isa{{\isaliteral{28}{\isacharparenleft}}}}[]
   922 \rail@term{\isa{\isakeyword{hints}}}[]
   923 \rail@plus
   924 \rail@nextplus{1}
   925 \rail@cnont{\isa{recdefmod}}[]
   926 \rail@endplus
   927 \rail@term{\isa{{\isaliteral{29}{\isacharparenright}}}}[]
   928 \rail@end
   929 \rail@begin{4}{\isa{recdefmod}}
   930 \rail@bar
   931 \rail@bar
   932 \rail@term{\isa{recdef{\isaliteral{5F}{\isacharunderscore}}simp}}[]
   933 \rail@nextbar{1}
   934 \rail@term{\isa{recdef{\isaliteral{5F}{\isacharunderscore}}cong}}[]
   935 \rail@nextbar{2}
   936 \rail@term{\isa{recdef{\isaliteral{5F}{\isacharunderscore}}wf}}[]
   937 \rail@endbar
   938 \rail@bar
   939 \rail@nextbar{1}
   940 \rail@term{\isa{add}}[]
   941 \rail@nextbar{2}
   942 \rail@term{\isa{del}}[]
   943 \rail@endbar
   944 \rail@term{\isa{{\isaliteral{3A}{\isacharcolon}}}}[]
   945 \rail@nont{\hyperlink{syntax.thmrefs}{\mbox{\isa{thmrefs}}}}[]
   946 \rail@nextbar{3}
   947 \rail@nont{\hyperlink{syntax.clasimpmod}{\mbox{\isa{clasimpmod}}}}[]
   948 \rail@endbar
   949 \rail@end
   950 \rail@begin{2}{\isa{tc}}
   951 \rail@nont{\hyperlink{syntax.nameref}{\mbox{\isa{nameref}}}}[]
   952 \rail@bar
   953 \rail@nextbar{1}
   954 \rail@term{\isa{{\isaliteral{28}{\isacharparenleft}}}}[]
   955 \rail@nont{\hyperlink{syntax.nat}{\mbox{\isa{nat}}}}[]
   956 \rail@term{\isa{{\isaliteral{29}{\isacharparenright}}}}[]
   957 \rail@endbar
   958 \rail@end
   959 \end{railoutput}
   960 
   961 
   962   \begin{description}
   963 
   964   \item \hyperlink{command.HOL.recdef}{\mbox{\isa{\isacommand{recdef}}}} defines general well-founded
   965   recursive functions (using the TFL package), see also
   966   \cite{isabelle-HOL}.  The ``\isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}permissive{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}}'' option tells
   967   TFL to recover from failed proof attempts, returning unfinished
   968   results.  The \isa{recdef{\isaliteral{5F}{\isacharunderscore}}simp}, \isa{recdef{\isaliteral{5F}{\isacharunderscore}}cong}, and \isa{recdef{\isaliteral{5F}{\isacharunderscore}}wf} hints refer to auxiliary rules to be used in the internal
   969   automated proof process of TFL.  Additional \hyperlink{syntax.clasimpmod}{\mbox{\isa{clasimpmod}}}
   970   declarations may be given to tune the context of the Simplifier
   971   (cf.\ \secref{sec:simplifier}) and Classical reasoner (cf.\
   972   \secref{sec:classical}).
   973 
   974   \item \hyperlink{command.HOL.recdef-tc}{\mbox{\isa{\isacommand{recdef{\isaliteral{5F}{\isacharunderscore}}tc}}}}~\isa{{\isaliteral{22}{\isachardoublequote}}c\ {\isaliteral{28}{\isacharparenleft}}i{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}} recommences the
   975   proof for leftover termination condition number \isa{i} (default
   976   1) as generated by a \hyperlink{command.HOL.recdef}{\mbox{\isa{\isacommand{recdef}}}} definition of
   977   constant \isa{c}.
   978 
   979   Note that in most cases, \hyperlink{command.HOL.recdef}{\mbox{\isa{\isacommand{recdef}}}} is able to finish
   980   its internal proofs without manual intervention.
   981 
   982   \end{description}
   983 
   984   \medskip Hints for \hyperlink{command.HOL.recdef}{\mbox{\isa{\isacommand{recdef}}}} may be also declared
   985   globally, using the following attributes.
   986 
   987   \begin{matharray}{rcl}
   988     \indexdef{HOL}{attribute}{recdef\_simp}\hypertarget{attribute.HOL.recdef-simp}{\hyperlink{attribute.HOL.recdef-simp}{\mbox{\isa{recdef{\isaliteral{5F}{\isacharunderscore}}simp}}}} & : & \isa{attribute} \\
   989     \indexdef{HOL}{attribute}{recdef\_cong}\hypertarget{attribute.HOL.recdef-cong}{\hyperlink{attribute.HOL.recdef-cong}{\mbox{\isa{recdef{\isaliteral{5F}{\isacharunderscore}}cong}}}} & : & \isa{attribute} \\
   990     \indexdef{HOL}{attribute}{recdef\_wf}\hypertarget{attribute.HOL.recdef-wf}{\hyperlink{attribute.HOL.recdef-wf}{\mbox{\isa{recdef{\isaliteral{5F}{\isacharunderscore}}wf}}}} & : & \isa{attribute} \\
   991   \end{matharray}
   992 
   993   \begin{railoutput}
   994 \rail@begin{3}{}
   995 \rail@bar
   996 \rail@term{\hyperlink{attribute.HOL.recdef-simp}{\mbox{\isa{recdef{\isaliteral{5F}{\isacharunderscore}}simp}}}}[]
   997 \rail@nextbar{1}
   998 \rail@term{\hyperlink{attribute.HOL.recdef-cong}{\mbox{\isa{recdef{\isaliteral{5F}{\isacharunderscore}}cong}}}}[]
   999 \rail@nextbar{2}
  1000 \rail@term{\hyperlink{attribute.HOL.recdef-wf}{\mbox{\isa{recdef{\isaliteral{5F}{\isacharunderscore}}wf}}}}[]
  1001 \rail@endbar
  1002 \rail@bar
  1003 \rail@nextbar{1}
  1004 \rail@term{\isa{add}}[]
  1005 \rail@nextbar{2}
  1006 \rail@term{\isa{del}}[]
  1007 \rail@endbar
  1008 \rail@end
  1009 \end{railoutput}%
  1010 \end{isamarkuptext}%
  1011 \isamarkuptrue%
  1012 %
  1013 \isamarkupsection{Datatypes \label{sec:hol-datatype}%
  1014 }
  1015 \isamarkuptrue%
  1016 %
  1017 \begin{isamarkuptext}%
  1018 \begin{matharray}{rcl}
  1019     \indexdef{HOL}{command}{datatype}\hypertarget{command.HOL.datatype}{\hyperlink{command.HOL.datatype}{\mbox{\isa{\isacommand{datatype}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ theory{\isaliteral{22}{\isachardoublequote}}} \\
  1020     \indexdef{HOL}{command}{rep\_datatype}\hypertarget{command.HOL.rep-datatype}{\hyperlink{command.HOL.rep-datatype}{\mbox{\isa{\isacommand{rep{\isaliteral{5F}{\isacharunderscore}}datatype}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ proof{\isaliteral{28}{\isacharparenleft}}prove{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}} \\
  1021   \end{matharray}
  1022 
  1023   \begin{railoutput}
  1024 \rail@begin{2}{}
  1025 \rail@term{\hyperlink{command.HOL.datatype}{\mbox{\isa{\isacommand{datatype}}}}}[]
  1026 \rail@plus
  1027 \rail@nont{\isa{spec}}[]
  1028 \rail@nextplus{1}
  1029 \rail@cterm{\isa{\isakeyword{and}}}[]
  1030 \rail@endplus
  1031 \rail@end
  1032 \rail@begin{3}{}
  1033 \rail@term{\hyperlink{command.HOL.rep-datatype}{\mbox{\isa{\isacommand{rep{\isaliteral{5F}{\isacharunderscore}}datatype}}}}}[]
  1034 \rail@bar
  1035 \rail@nextbar{1}
  1036 \rail@term{\isa{{\isaliteral{28}{\isacharparenleft}}}}[]
  1037 \rail@plus
  1038 \rail@nont{\hyperlink{syntax.name}{\mbox{\isa{name}}}}[]
  1039 \rail@nextplus{2}
  1040 \rail@endplus
  1041 \rail@term{\isa{{\isaliteral{29}{\isacharparenright}}}}[]
  1042 \rail@endbar
  1043 \rail@plus
  1044 \rail@nont{\hyperlink{syntax.term}{\mbox{\isa{term}}}}[]
  1045 \rail@nextplus{1}
  1046 \rail@endplus
  1047 \rail@end
  1048 \rail@begin{2}{\isa{spec}}
  1049 \rail@nont{\hyperlink{syntax.typespec-sorts}{\mbox{\isa{typespec{\isaliteral{5F}{\isacharunderscore}}sorts}}}}[]
  1050 \rail@bar
  1051 \rail@nextbar{1}
  1052 \rail@nont{\hyperlink{syntax.mixfix}{\mbox{\isa{mixfix}}}}[]
  1053 \rail@endbar
  1054 \rail@term{\isa{{\isaliteral{3D}{\isacharequal}}}}[]
  1055 \rail@plus
  1056 \rail@nont{\isa{cons}}[]
  1057 \rail@nextplus{1}
  1058 \rail@cterm{\isa{{\isaliteral{7C}{\isacharbar}}}}[]
  1059 \rail@endplus
  1060 \rail@end
  1061 \rail@begin{2}{\isa{cons}}
  1062 \rail@nont{\hyperlink{syntax.name}{\mbox{\isa{name}}}}[]
  1063 \rail@plus
  1064 \rail@nextplus{1}
  1065 \rail@cnont{\hyperlink{syntax.type}{\mbox{\isa{type}}}}[]
  1066 \rail@endplus
  1067 \rail@bar
  1068 \rail@nextbar{1}
  1069 \rail@nont{\hyperlink{syntax.mixfix}{\mbox{\isa{mixfix}}}}[]
  1070 \rail@endbar
  1071 \rail@end
  1072 \end{railoutput}
  1073 
  1074 
  1075   \begin{description}
  1076 
  1077   \item \hyperlink{command.HOL.datatype}{\mbox{\isa{\isacommand{datatype}}}} defines inductive datatypes in
  1078   HOL.
  1079 
  1080   \item \hyperlink{command.HOL.rep-datatype}{\mbox{\isa{\isacommand{rep{\isaliteral{5F}{\isacharunderscore}}datatype}}}} represents existing types as
  1081   datatypes.
  1082 
  1083   For foundational reasons, some basic types such as \isa{nat}, \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{27}{\isacharprime}}a\ {\isaliteral{5C3C74696D65733E}{\isasymtimes}}\ {\isaliteral{27}{\isacharprime}}b{\isaliteral{22}{\isachardoublequote}}}, \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{27}{\isacharprime}}a\ {\isaliteral{2B}{\isacharplus}}\ {\isaliteral{27}{\isacharprime}}b{\isaliteral{22}{\isachardoublequote}}}, \isa{bool} and \isa{unit} are
  1084   introduced by more primitive means using \indexref{}{command}{typedef}\hyperlink{command.typedef}{\mbox{\isa{\isacommand{typedef}}}}.  To
  1085   recover the rich infrastructure of \hyperlink{command.datatype}{\mbox{\isa{\isacommand{datatype}}}} (e.g.\ rules
  1086   for \hyperlink{method.cases}{\mbox{\isa{cases}}} and \hyperlink{method.induct}{\mbox{\isa{induct}}} and the primitive recursion
  1087   combinators), such types may be represented as actual datatypes
  1088   later.  This is done by specifying the constructors of the desired
  1089   type, and giving a proof of the induction rule, distinctness and
  1090   injectivity of constructors.
  1091 
  1092   For example, see \verb|~~/src/HOL/Sum_Type.thy| for the
  1093   representation of the primitive sum type as fully-featured datatype.
  1094 
  1095   \end{description}
  1096 
  1097   The generated rules for \hyperlink{method.induct}{\mbox{\isa{induct}}} and \hyperlink{method.cases}{\mbox{\isa{cases}}} provide
  1098   case names according to the given constructors, while parameters are
  1099   named after the types (see also \secref{sec:cases-induct}).
  1100 
  1101   See \cite{isabelle-HOL} for more details on datatypes, but beware of
  1102   the old-style theory syntax being used there!  Apart from proper
  1103   proof methods for case-analysis and induction, there are also
  1104   emulations of ML tactics \hyperlink{method.HOL.case-tac}{\mbox{\isa{case{\isaliteral{5F}{\isacharunderscore}}tac}}} and \hyperlink{method.HOL.induct-tac}{\mbox{\isa{induct{\isaliteral{5F}{\isacharunderscore}}tac}}} available, see \secref{sec:hol-induct-tac}; these admit
  1105   to refer directly to the internal structure of subgoals (including
  1106   internally bound parameters).%
  1107 \end{isamarkuptext}%
  1108 \isamarkuptrue%
  1109 %
  1110 \isamarkupsubsubsection{Examples%
  1111 }
  1112 \isamarkuptrue%
  1113 %
  1114 \begin{isamarkuptext}%
  1115 We define a type of finite sequences, with slightly different
  1116   names than the existing \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{27}{\isacharprime}}a\ list{\isaliteral{22}{\isachardoublequote}}} that is already in \hyperlink{theory.Main}{\mbox{\isa{Main}}}:%
  1117 \end{isamarkuptext}%
  1118 \isamarkuptrue%
  1119 \isacommand{datatype}\isamarkupfalse%
  1120 \ {\isaliteral{27}{\isacharprime}}a\ seq\ {\isaliteral{3D}{\isacharequal}}\ Empty\ {\isaliteral{7C}{\isacharbar}}\ Seq\ {\isaliteral{27}{\isacharprime}}a\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{27}{\isacharprime}}a\ seq{\isaliteral{22}{\isachardoublequoteclose}}%
  1121 \begin{isamarkuptext}%
  1122 We can now prove some simple lemma by structural induction:%
  1123 \end{isamarkuptext}%
  1124 \isamarkuptrue%
  1125 \isacommand{lemma}\isamarkupfalse%
  1126 \ {\isaliteral{22}{\isachardoublequoteopen}}Seq\ x\ xs\ {\isaliteral{5C3C6E6F7465713E}{\isasymnoteq}}\ xs{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
  1127 %
  1128 \isadelimproof
  1129 %
  1130 \endisadelimproof
  1131 %
  1132 \isatagproof
  1133 \isacommand{proof}\isamarkupfalse%
  1134 \ {\isaliteral{28}{\isacharparenleft}}induct\ xs\ arbitrary{\isaliteral{3A}{\isacharcolon}}\ x{\isaliteral{29}{\isacharparenright}}\isanewline
  1135 \ \ \isacommand{case}\isamarkupfalse%
  1136 \ Empty%
  1137 \begin{isamarkuptxt}%
  1138 This case can be proved using the simplifier: the freeness
  1139     properties of the datatype are already declared as \hyperlink{attribute.simp}{\mbox{\isa{simp}}} rules.%
  1140 \end{isamarkuptxt}%
  1141 \isamarkuptrue%
  1142 \ \ \isacommand{show}\isamarkupfalse%
  1143 \ {\isaliteral{22}{\isachardoublequoteopen}}Seq\ x\ Empty\ {\isaliteral{5C3C6E6F7465713E}{\isasymnoteq}}\ Empty{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
  1144 \ \ \ \ \isacommand{by}\isamarkupfalse%
  1145 \ simp\isanewline
  1146 \isacommand{next}\isamarkupfalse%
  1147 \isanewline
  1148 \ \ \isacommand{case}\isamarkupfalse%
  1149 \ {\isaliteral{28}{\isacharparenleft}}Seq\ y\ ys{\isaliteral{29}{\isacharparenright}}%
  1150 \begin{isamarkuptxt}%
  1151 The step case is proved similarly.%
  1152 \end{isamarkuptxt}%
  1153 \isamarkuptrue%
  1154 \ \ \isacommand{show}\isamarkupfalse%
  1155 \ {\isaliteral{22}{\isachardoublequoteopen}}Seq\ x\ {\isaliteral{28}{\isacharparenleft}}Seq\ y\ ys{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C6E6F7465713E}{\isasymnoteq}}\ Seq\ y\ ys{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
  1156 \ \ \ \ \isacommand{using}\isamarkupfalse%
  1157 \ {\isaliteral{60}{\isacharbackquoteopen}}Seq\ y\ ys\ {\isaliteral{5C3C6E6F7465713E}{\isasymnoteq}}\ ys{\isaliteral{60}{\isacharbackquoteclose}}\ \isacommand{by}\isamarkupfalse%
  1158 \ simp\isanewline
  1159 \isacommand{qed}\isamarkupfalse%
  1160 %
  1161 \endisatagproof
  1162 {\isafoldproof}%
  1163 %
  1164 \isadelimproof
  1165 %
  1166 \endisadelimproof
  1167 %
  1168 \begin{isamarkuptext}%
  1169 Here is a more succinct version of the same proof:%
  1170 \end{isamarkuptext}%
  1171 \isamarkuptrue%
  1172 \isacommand{lemma}\isamarkupfalse%
  1173 \ {\isaliteral{22}{\isachardoublequoteopen}}Seq\ x\ xs\ {\isaliteral{5C3C6E6F7465713E}{\isasymnoteq}}\ xs{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
  1174 %
  1175 \isadelimproof
  1176 \ \ %
  1177 \endisadelimproof
  1178 %
  1179 \isatagproof
  1180 \isacommand{by}\isamarkupfalse%
  1181 \ {\isaliteral{28}{\isacharparenleft}}induct\ xs\ arbitrary{\isaliteral{3A}{\isacharcolon}}\ x{\isaliteral{29}{\isacharparenright}}\ simp{\isaliteral{5F}{\isacharunderscore}}all%
  1182 \endisatagproof
  1183 {\isafoldproof}%
  1184 %
  1185 \isadelimproof
  1186 %
  1187 \endisadelimproof
  1188 %
  1189 \isamarkupsection{Records \label{sec:hol-record}%
  1190 }
  1191 \isamarkuptrue%
  1192 %
  1193 \begin{isamarkuptext}%
  1194 In principle, records merely generalize the concept of tuples, where
  1195   components may be addressed by labels instead of just position.  The
  1196   logical infrastructure of records in Isabelle/HOL is slightly more
  1197   advanced, though, supporting truly extensible record schemes.  This
  1198   admits operations that are polymorphic with respect to record
  1199   extension, yielding ``object-oriented'' effects like (single)
  1200   inheritance.  See also \cite{NaraschewskiW-TPHOLs98} for more
  1201   details on object-oriented verification and record subtyping in HOL.%
  1202 \end{isamarkuptext}%
  1203 \isamarkuptrue%
  1204 %
  1205 \isamarkupsubsection{Basic concepts%
  1206 }
  1207 \isamarkuptrue%
  1208 %
  1209 \begin{isamarkuptext}%
  1210 Isabelle/HOL supports both \emph{fixed} and \emph{schematic} records
  1211   at the level of terms and types.  The notation is as follows:
  1212 
  1213   \begin{center}
  1214   \begin{tabular}{l|l|l}
  1215     & record terms & record types \\ \hline
  1216     fixed & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}x\ {\isaliteral{3D}{\isacharequal}}\ a{\isaliteral{2C}{\isacharcomma}}\ y\ {\isaliteral{3D}{\isacharequal}}\ b{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}x\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ A{\isaliteral{2C}{\isacharcomma}}\ y\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ B{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} \\
  1217     schematic & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}x\ {\isaliteral{3D}{\isacharequal}}\ a{\isaliteral{2C}{\isacharcomma}}\ y\ {\isaliteral{3D}{\isacharequal}}\ b{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{3D}{\isacharequal}}\ m{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} &
  1218       \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}x\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ A{\isaliteral{2C}{\isacharcomma}}\ y\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ B{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ M{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} \\
  1219   \end{tabular}
  1220   \end{center}
  1221 
  1222   \noindent The ASCII representation of \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}x\ {\isaliteral{3D}{\isacharequal}}\ a{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} is \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{7C}{\isacharbar}}\ x\ {\isaliteral{3D}{\isacharequal}}\ a\ {\isaliteral{7C}{\isacharbar}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}}.
  1223 
  1224   A fixed record \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}x\ {\isaliteral{3D}{\isacharequal}}\ a{\isaliteral{2C}{\isacharcomma}}\ y\ {\isaliteral{3D}{\isacharequal}}\ b{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} has field \isa{x} of value
  1225   \isa{a} and field \isa{y} of value \isa{b}.  The corresponding
  1226   type is \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}x\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ A{\isaliteral{2C}{\isacharcomma}}\ y\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ B{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}}, assuming that \isa{{\isaliteral{22}{\isachardoublequote}}a\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ A{\isaliteral{22}{\isachardoublequote}}}
  1227   and \isa{{\isaliteral{22}{\isachardoublequote}}b\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ B{\isaliteral{22}{\isachardoublequote}}}.
  1228 
  1229   A record scheme like \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}x\ {\isaliteral{3D}{\isacharequal}}\ a{\isaliteral{2C}{\isacharcomma}}\ y\ {\isaliteral{3D}{\isacharequal}}\ b{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{3D}{\isacharequal}}\ m{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} contains fields
  1230   \isa{x} and \isa{y} as before, but also possibly further fields
  1231   as indicated by the ``\isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{22}{\isachardoublequote}}}'' notation (which is actually part
  1232   of the syntax).  The improper field ``\isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{22}{\isachardoublequote}}}'' of a record
  1233   scheme is called the \emph{more part}.  Logically it is just a free
  1234   variable, which is occasionally referred to as ``row variable'' in
  1235   the literature.  The more part of a record scheme may be
  1236   instantiated by zero or more further components.  For example, the
  1237   previous scheme may get instantiated to \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}x\ {\isaliteral{3D}{\isacharequal}}\ a{\isaliteral{2C}{\isacharcomma}}\ y\ {\isaliteral{3D}{\isacharequal}}\ b{\isaliteral{2C}{\isacharcomma}}\ z\ {\isaliteral{3D}{\isacharequal}}\ c{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{3D}{\isacharequal}}\ m{\isaliteral{27}{\isacharprime}}{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}}, where \isa{m{\isaliteral{27}{\isacharprime}}} refers to a different more part.
  1238   Fixed records are special instances of record schemes, where
  1239   ``\isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{22}{\isachardoublequote}}}'' is properly terminated by the \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ unit{\isaliteral{22}{\isachardoublequote}}}
  1240   element.  In fact, \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}x\ {\isaliteral{3D}{\isacharequal}}\ a{\isaliteral{2C}{\isacharcomma}}\ y\ {\isaliteral{3D}{\isacharequal}}\ b{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} is just an abbreviation
  1241   for \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}x\ {\isaliteral{3D}{\isacharequal}}\ a{\isaliteral{2C}{\isacharcomma}}\ y\ {\isaliteral{3D}{\isacharequal}}\ b{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{3D}{\isacharequal}}\ {\isaliteral{28}{\isacharparenleft}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}}.
  1242 
  1243   \medskip Two key observations make extensible records in a simply
  1244   typed language like HOL work out:
  1245 
  1246   \begin{enumerate}
  1247 
  1248   \item the more part is internalized, as a free term or type
  1249   variable,
  1250 
  1251   \item field names are externalized, they cannot be accessed within
  1252   the logic as first-class values.
  1253 
  1254   \end{enumerate}
  1255 
  1256   \medskip In Isabelle/HOL record types have to be defined explicitly,
  1257   fixing their field names and types, and their (optional) parent
  1258   record.  Afterwards, records may be formed using above syntax, while
  1259   obeying the canonical order of fields as given by their declaration.
  1260   The record package provides several standard operations like
  1261   selectors and updates.  The common setup for various generic proof
  1262   tools enable succinct reasoning patterns.  See also the Isabelle/HOL
  1263   tutorial \cite{isabelle-hol-book} for further instructions on using
  1264   records in practice.%
  1265 \end{isamarkuptext}%
  1266 \isamarkuptrue%
  1267 %
  1268 \isamarkupsubsection{Record specifications%
  1269 }
  1270 \isamarkuptrue%
  1271 %
  1272 \begin{isamarkuptext}%
  1273 \begin{matharray}{rcl}
  1274     \indexdef{HOL}{command}{record}\hypertarget{command.HOL.record}{\hyperlink{command.HOL.record}{\mbox{\isa{\isacommand{record}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ theory{\isaliteral{22}{\isachardoublequote}}} \\
  1275   \end{matharray}
  1276 
  1277   \begin{railoutput}
  1278 \rail@begin{4}{}
  1279 \rail@term{\hyperlink{command.HOL.record}{\mbox{\isa{\isacommand{record}}}}}[]
  1280 \rail@nont{\hyperlink{syntax.typespec-sorts}{\mbox{\isa{typespec{\isaliteral{5F}{\isacharunderscore}}sorts}}}}[]
  1281 \rail@term{\isa{{\isaliteral{3D}{\isacharequal}}}}[]
  1282 \rail@cr{2}
  1283 \rail@bar
  1284 \rail@nextbar{3}
  1285 \rail@nont{\hyperlink{syntax.type}{\mbox{\isa{type}}}}[]
  1286 \rail@term{\isa{{\isaliteral{2B}{\isacharplus}}}}[]
  1287 \rail@endbar
  1288 \rail@plus
  1289 \rail@nont{\hyperlink{syntax.constdecl}{\mbox{\isa{constdecl}}}}[]
  1290 \rail@nextplus{3}
  1291 \rail@endplus
  1292 \rail@end
  1293 \end{railoutput}
  1294 
  1295 
  1296   \begin{description}
  1297 
  1298   \item \hyperlink{command.HOL.record}{\mbox{\isa{\isacommand{record}}}}~\isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub m{\isaliteral{29}{\isacharparenright}}\ t\ {\isaliteral{3D}{\isacharequal}}\ {\isaliteral{5C3C7461753E}{\isasymtau}}\ {\isaliteral{2B}{\isacharplus}}\ c\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ c\isaliteral{5C3C5E7375623E}{}\isactrlsub n\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub n{\isaliteral{22}{\isachardoublequote}}} defines extensible record type \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub m{\isaliteral{29}{\isacharparenright}}\ t{\isaliteral{22}{\isachardoublequote}}},
  1299   derived from the optional parent record \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C7461753E}{\isasymtau}}{\isaliteral{22}{\isachardoublequote}}} by adding new
  1300   field components \isa{{\isaliteral{22}{\isachardoublequote}}c\isaliteral{5C3C5E7375623E}{}\isactrlsub i\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub i{\isaliteral{22}{\isachardoublequote}}} etc.
  1301 
  1302   The type variables of \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C7461753E}{\isasymtau}}{\isaliteral{22}{\isachardoublequote}}} and \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub i{\isaliteral{22}{\isachardoublequote}}} need to be
  1303   covered by the (distinct) parameters \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub m{\isaliteral{22}{\isachardoublequote}}}.  Type constructor \isa{t} has to be new, while \isa{{\isaliteral{5C3C7461753E}{\isasymtau}}} needs to specify an instance of an existing record type.  At
  1304   least one new field \isa{{\isaliteral{22}{\isachardoublequote}}c\isaliteral{5C3C5E7375623E}{}\isactrlsub i{\isaliteral{22}{\isachardoublequote}}} has to be specified.
  1305   Basically, field names need to belong to a unique record.  This is
  1306   not a real restriction in practice, since fields are qualified by
  1307   the record name internally.
  1308 
  1309   The parent record specification \isa{{\isaliteral{5C3C7461753E}{\isasymtau}}} is optional; if omitted
  1310   \isa{t} becomes a root record.  The hierarchy of all records
  1311   declared within a theory context forms a forest structure, i.e.\ a
  1312   set of trees starting with a root record each.  There is no way to
  1313   merge multiple parent records!
  1314 
  1315   For convenience, \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub m{\isaliteral{29}{\isacharparenright}}\ t{\isaliteral{22}{\isachardoublequote}}} is made a
  1316   type abbreviation for the fixed record type \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}c\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}\ c\isaliteral{5C3C5E7375623E}{}\isactrlsub n\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub n{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}}, likewise is \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub m{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C7A6574613E}{\isasymzeta}}{\isaliteral{29}{\isacharparenright}}\ t{\isaliteral{5F}{\isacharunderscore}}scheme{\isaliteral{22}{\isachardoublequote}}} made an abbreviation for
  1317   \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}c\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}\ c\isaliteral{5C3C5E7375623E}{}\isactrlsub n\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub n{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7A6574613E}{\isasymzeta}}{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}}.
  1318 
  1319   \end{description}%
  1320 \end{isamarkuptext}%
  1321 \isamarkuptrue%
  1322 %
  1323 \isamarkupsubsection{Record operations%
  1324 }
  1325 \isamarkuptrue%
  1326 %
  1327 \begin{isamarkuptext}%
  1328 Any record definition of the form presented above produces certain
  1329   standard operations.  Selectors and updates are provided for any
  1330   field, including the improper one ``\isa{more}''.  There are also
  1331   cumulative record constructor functions.  To simplify the
  1332   presentation below, we assume for now that \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub m{\isaliteral{29}{\isacharparenright}}\ t{\isaliteral{22}{\isachardoublequote}}} is a root record with fields \isa{{\isaliteral{22}{\isachardoublequote}}c\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}\ c\isaliteral{5C3C5E7375623E}{}\isactrlsub n\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub n{\isaliteral{22}{\isachardoublequote}}}.
  1333 
  1334   \medskip \textbf{Selectors} and \textbf{updates} are available for
  1335   any field (including ``\isa{more}''):
  1336 
  1337   \begin{matharray}{lll}
  1338     \isa{{\isaliteral{22}{\isachardoublequote}}c\isaliteral{5C3C5E7375623E}{}\isactrlsub i{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}\isaliteral{5C3C5E7665633E}{}\isactrlvec c\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C7369676D613E}{\isasymsigma}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7A6574613E}{\isasymzeta}}{\isaliteral{5C3C72706172723E}{\isasymrparr}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub i{\isaliteral{22}{\isachardoublequote}}} \\
  1339     \isa{{\isaliteral{22}{\isachardoublequote}}c\isaliteral{5C3C5E7375623E}{}\isactrlsub i{\isaliteral{5F}{\isacharunderscore}}update{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub i\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C6C706172723E}{\isasymlparr}}\isaliteral{5C3C5E7665633E}{}\isactrlvec c\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C7369676D613E}{\isasymsigma}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7A6574613E}{\isasymzeta}}{\isaliteral{5C3C72706172723E}{\isasymrparr}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C6C706172723E}{\isasymlparr}}\isaliteral{5C3C5E7665633E}{}\isactrlvec c\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C7369676D613E}{\isasymsigma}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7A6574613E}{\isasymzeta}}{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} \\
  1340   \end{matharray}
  1341 
  1342   There is special syntax for application of updates: \isa{{\isaliteral{22}{\isachardoublequote}}r{\isaliteral{5C3C6C706172723E}{\isasymlparr}}x\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3D}{\isacharequal}}\ a{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} abbreviates term \isa{{\isaliteral{22}{\isachardoublequote}}x{\isaliteral{5F}{\isacharunderscore}}update\ a\ r{\isaliteral{22}{\isachardoublequote}}}.  Further notation for
  1343   repeated updates is also available: \isa{{\isaliteral{22}{\isachardoublequote}}r{\isaliteral{5C3C6C706172723E}{\isasymlparr}}x\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3D}{\isacharequal}}\ a{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}y\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3D}{\isacharequal}}\ b{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}z\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3D}{\isacharequal}}\ c{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} may be written \isa{{\isaliteral{22}{\isachardoublequote}}r{\isaliteral{5C3C6C706172723E}{\isasymlparr}}x\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3D}{\isacharequal}}\ a{\isaliteral{2C}{\isacharcomma}}\ y\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3D}{\isacharequal}}\ b{\isaliteral{2C}{\isacharcomma}}\ z\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3D}{\isacharequal}}\ c{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}}.  Note that
  1344   because of postfix notation the order of fields shown here is
  1345   reverse than in the actual term.  Since repeated updates are just
  1346   function applications, fields may be freely permuted in \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}x\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3D}{\isacharequal}}\ a{\isaliteral{2C}{\isacharcomma}}\ y\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3D}{\isacharequal}}\ b{\isaliteral{2C}{\isacharcomma}}\ z\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3D}{\isacharequal}}\ c{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}}, as far as logical equality is concerned.
  1347   Thus commutativity of independent updates can be proven within the
  1348   logic for any two fields, but not as a general theorem.
  1349 
  1350   \medskip The \textbf{make} operation provides a cumulative record
  1351   constructor function:
  1352 
  1353   \begin{matharray}{lll}
  1354     \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}make{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub n\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C6C706172723E}{\isasymlparr}}\isaliteral{5C3C5E7665633E}{}\isactrlvec c\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C7369676D613E}{\isasymsigma}}{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} \\
  1355   \end{matharray}
  1356 
  1357   \medskip We now reconsider the case of non-root records, which are
  1358   derived of some parent.  In general, the latter may depend on
  1359   another parent as well, resulting in a list of \emph{ancestor
  1360   records}.  Appending the lists of fields of all ancestors results in
  1361   a certain field prefix.  The record package automatically takes care
  1362   of this by lifting operations over this context of ancestor fields.
  1363   Assuming that \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub m{\isaliteral{29}{\isacharparenright}}\ t{\isaliteral{22}{\isachardoublequote}}} has ancestor
  1364   fields \isa{{\isaliteral{22}{\isachardoublequote}}b\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C72686F3E}{\isasymrho}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}\ b\isaliteral{5C3C5E7375623E}{}\isactrlsub k\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C72686F3E}{\isasymrho}}\isaliteral{5C3C5E7375623E}{}\isactrlsub k{\isaliteral{22}{\isachardoublequote}}},
  1365   the above record operations will get the following types:
  1366 
  1367   \medskip
  1368   \begin{tabular}{lll}
  1369     \isa{{\isaliteral{22}{\isachardoublequote}}c\isaliteral{5C3C5E7375623E}{}\isactrlsub i{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}\isaliteral{5C3C5E7665633E}{}\isactrlvec b\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C72686F3E}{\isasymrho}}{\isaliteral{2C}{\isacharcomma}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec c\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C7369676D613E}{\isasymsigma}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7A6574613E}{\isasymzeta}}{\isaliteral{5C3C72706172723E}{\isasymrparr}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub i{\isaliteral{22}{\isachardoublequote}}} \\
  1370     \isa{{\isaliteral{22}{\isachardoublequote}}c\isaliteral{5C3C5E7375623E}{}\isactrlsub i{\isaliteral{5F}{\isacharunderscore}}update{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub i\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C6C706172723E}{\isasymlparr}}\isaliteral{5C3C5E7665633E}{}\isactrlvec b\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C72686F3E}{\isasymrho}}{\isaliteral{2C}{\isacharcomma}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec c\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C7369676D613E}{\isasymsigma}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7A6574613E}{\isasymzeta}}{\isaliteral{5C3C72706172723E}{\isasymrparr}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C6C706172723E}{\isasymlparr}}\isaliteral{5C3C5E7665633E}{}\isactrlvec b\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C72686F3E}{\isasymrho}}{\isaliteral{2C}{\isacharcomma}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec c\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C7369676D613E}{\isasymsigma}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7A6574613E}{\isasymzeta}}{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} \\
  1371     \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}make{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C72686F3E}{\isasymrho}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{5C3C72686F3E}{\isasymrho}}\isaliteral{5C3C5E7375623E}{}\isactrlsub k\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub n\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C6C706172723E}{\isasymlparr}}\isaliteral{5C3C5E7665633E}{}\isactrlvec b\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C72686F3E}{\isasymrho}}{\isaliteral{2C}{\isacharcomma}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec c\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C7369676D613E}{\isasymsigma}}{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} \\
  1372   \end{tabular}
  1373   \medskip
  1374 
  1375   \noindent Some further operations address the extension aspect of a
  1376   derived record scheme specifically: \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}fields{\isaliteral{22}{\isachardoublequote}}} produces a
  1377   record fragment consisting of exactly the new fields introduced here
  1378   (the result may serve as a more part elsewhere); \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}extend{\isaliteral{22}{\isachardoublequote}}}
  1379   takes a fixed record and adds a given more part; \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}truncate{\isaliteral{22}{\isachardoublequote}}} restricts a record scheme to a fixed record.
  1380 
  1381   \medskip
  1382   \begin{tabular}{lll}
  1383     \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}fields{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E7375623E}{}\isactrlsub n\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C6C706172723E}{\isasymlparr}}\isaliteral{5C3C5E7665633E}{}\isactrlvec c\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C7369676D613E}{\isasymsigma}}{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} \\
  1384     \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}extend{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}\isaliteral{5C3C5E7665633E}{}\isactrlvec b\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C72686F3E}{\isasymrho}}{\isaliteral{2C}{\isacharcomma}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec c\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C7369676D613E}{\isasymsigma}}{\isaliteral{5C3C72706172723E}{\isasymrparr}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C7A6574613E}{\isasymzeta}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C6C706172723E}{\isasymlparr}}\isaliteral{5C3C5E7665633E}{}\isactrlvec b\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C72686F3E}{\isasymrho}}{\isaliteral{2C}{\isacharcomma}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec c\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C7369676D613E}{\isasymsigma}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7A6574613E}{\isasymzeta}}{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} \\
  1385     \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}truncate{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6C706172723E}{\isasymlparr}}\isaliteral{5C3C5E7665633E}{}\isactrlvec b\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C72686F3E}{\isasymrho}}{\isaliteral{2C}{\isacharcomma}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec c\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C7369676D613E}{\isasymsigma}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7A6574613E}{\isasymzeta}}{\isaliteral{5C3C72706172723E}{\isasymrparr}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C6C706172723E}{\isasymlparr}}\isaliteral{5C3C5E7665633E}{}\isactrlvec b\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C72686F3E}{\isasymrho}}{\isaliteral{2C}{\isacharcomma}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec c\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ \isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C7369676D613E}{\isasymsigma}}{\isaliteral{5C3C72706172723E}{\isasymrparr}}{\isaliteral{22}{\isachardoublequote}}} \\
  1386   \end{tabular}
  1387   \medskip
  1388 
  1389   \noindent Note that \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}make{\isaliteral{22}{\isachardoublequote}}} and \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}fields{\isaliteral{22}{\isachardoublequote}}} coincide
  1390   for root records.%
  1391 \end{isamarkuptext}%
  1392 \isamarkuptrue%
  1393 %
  1394 \isamarkupsubsection{Derived rules and proof tools%
  1395 }
  1396 \isamarkuptrue%
  1397 %
  1398 \begin{isamarkuptext}%
  1399 The record package proves several results internally, declaring
  1400   these facts to appropriate proof tools.  This enables users to
  1401   reason about record structures quite conveniently.  Assume that
  1402   \isa{t} is a record type as specified above.
  1403 
  1404   \begin{enumerate}
  1405 
  1406   \item Standard conversions for selectors or updates applied to
  1407   record constructor terms are made part of the default Simplifier
  1408   context; thus proofs by reduction of basic operations merely require
  1409   the \hyperlink{method.simp}{\mbox{\isa{simp}}} method without further arguments.  These rules
  1410   are available as \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}simps{\isaliteral{22}{\isachardoublequote}}}, too.
  1411 
  1412   \item Selectors applied to updated records are automatically reduced
  1413   by an internal simplification procedure, which is also part of the
  1414   standard Simplifier setup.
  1415 
  1416   \item Inject equations of a form analogous to \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}x{\isaliteral{2C}{\isacharcomma}}\ y{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ {\isaliteral{28}{\isacharparenleft}}x{\isaliteral{27}{\isacharprime}}{\isaliteral{2C}{\isacharcomma}}\ y{\isaliteral{27}{\isacharprime}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C65717569763E}{\isasymequiv}}\ x\ {\isaliteral{3D}{\isacharequal}}\ x{\isaliteral{27}{\isacharprime}}\ {\isaliteral{5C3C616E643E}{\isasymand}}\ y\ {\isaliteral{3D}{\isacharequal}}\ y{\isaliteral{27}{\isacharprime}}{\isaliteral{22}{\isachardoublequote}}} are declared to the Simplifier and Classical
  1417   Reasoner as \hyperlink{attribute.iff}{\mbox{\isa{iff}}} rules.  These rules are available as
  1418   \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}iffs{\isaliteral{22}{\isachardoublequote}}}.
  1419 
  1420   \item The introduction rule for record equality analogous to \isa{{\isaliteral{22}{\isachardoublequote}}x\ r\ {\isaliteral{3D}{\isacharequal}}\ x\ r{\isaliteral{27}{\isacharprime}}\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ y\ r\ {\isaliteral{3D}{\isacharequal}}\ y\ r{\isaliteral{27}{\isacharprime}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ r\ {\isaliteral{3D}{\isacharequal}}\ r{\isaliteral{27}{\isacharprime}}{\isaliteral{22}{\isachardoublequote}}} is declared to the Simplifier,
  1421   and as the basic rule context as ``\hyperlink{attribute.intro}{\mbox{\isa{intro}}}\isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{3F}{\isacharquery}}{\isaliteral{22}{\isachardoublequote}}}''.
  1422   The rule is called \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}equality{\isaliteral{22}{\isachardoublequote}}}.
  1423 
  1424   \item Representations of arbitrary record expressions as canonical
  1425   constructor terms are provided both in \hyperlink{method.cases}{\mbox{\isa{cases}}} and \hyperlink{method.induct}{\mbox{\isa{induct}}} format (cf.\ the generic proof methods of the same name,
  1426   \secref{sec:cases-induct}).  Several variations are available, for
  1427   fixed records, record schemes, more parts etc.
  1428 
  1429   The generic proof methods are sufficiently smart to pick the most
  1430   sensible rule according to the type of the indicated record
  1431   expression: users just need to apply something like ``\isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}cases\ r{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}}'' to a certain proof problem.
  1432 
  1433   \item The derived record operations \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}make{\isaliteral{22}{\isachardoublequote}}}, \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}fields{\isaliteral{22}{\isachardoublequote}}}, \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}extend{\isaliteral{22}{\isachardoublequote}}}, \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}truncate{\isaliteral{22}{\isachardoublequote}}} are \emph{not}
  1434   treated automatically, but usually need to be expanded by hand,
  1435   using the collective fact \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{2E}{\isachardot}}defs{\isaliteral{22}{\isachardoublequote}}}.
  1436 
  1437   \end{enumerate}%
  1438 \end{isamarkuptext}%
  1439 \isamarkuptrue%
  1440 %
  1441 \isamarkupsubsubsection{Examples%
  1442 }
  1443 \isamarkuptrue%
  1444 %
  1445 \begin{isamarkuptext}%
  1446 See \verb|~~/src/HOL/ex/Records.thy|, for example.%
  1447 \end{isamarkuptext}%
  1448 \isamarkuptrue%
  1449 %
  1450 \isamarkupsection{Adhoc tuples%
  1451 }
  1452 \isamarkuptrue%
  1453 %
  1454 \begin{isamarkuptext}%
  1455 \begin{matharray}{rcl}
  1456     \indexdef{HOL}{attribute}{split\_format}\hypertarget{attribute.HOL.split-format}{\hyperlink{attribute.HOL.split-format}{\mbox{\isa{split{\isaliteral{5F}{\isacharunderscore}}format}}}}\isa{{\isaliteral{22}{\isachardoublequote}}\isaliteral{5C3C5E7375703E}{}\isactrlsup {\isaliteral{2A}{\isacharasterisk}}{\isaliteral{22}{\isachardoublequote}}} & : & \isa{attribute} \\
  1457   \end{matharray}
  1458 
  1459   \begin{railoutput}
  1460 \rail@begin{2}{}
  1461 \rail@term{\hyperlink{attribute.HOL.split-format}{\mbox{\isa{split{\isaliteral{5F}{\isacharunderscore}}format}}}}[]
  1462 \rail@bar
  1463 \rail@nextbar{1}
  1464 \rail@term{\isa{{\isaliteral{28}{\isacharparenleft}}}}[]
  1465 \rail@term{\isa{complete}}[]
  1466 \rail@term{\isa{{\isaliteral{29}{\isacharparenright}}}}[]
  1467 \rail@endbar
  1468 \rail@end
  1469 \end{railoutput}
  1470 
  1471 
  1472   \begin{description}
  1473 
  1474   \item \hyperlink{attribute.HOL.split-format}{\mbox{\isa{split{\isaliteral{5F}{\isacharunderscore}}format}}}\ \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}complete{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}} causes
  1475   arguments in function applications to be represented canonically
  1476   according to their tuple type structure.
  1477 
  1478   Note that this operation tends to invent funny names for new local
  1479   parameters introduced.
  1480 
  1481   \end{description}%
  1482 \end{isamarkuptext}%
  1483 \isamarkuptrue%
  1484 %
  1485 \isamarkupsection{Typedef axiomatization \label{sec:hol-typedef}%
  1486 }
  1487 \isamarkuptrue%
  1488 %
  1489 \begin{isamarkuptext}%
  1490 A Gordon/HOL-style type definition is a certain axiom scheme
  1491   that identifies a new type with a subset of an existing type.  More
  1492   precisely, the new type is defined by exhibiting an existing type
  1493   \isa{{\isaliteral{5C3C7461753E}{\isasymtau}}}, a set \isa{{\isaliteral{22}{\isachardoublequote}}A\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7461753E}{\isasymtau}}\ set{\isaliteral{22}{\isachardoublequote}}}, and a theorem that proves
  1494   \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C6578697374733E}{\isasymexists}}x{\isaliteral{2E}{\isachardot}}\ x\ {\isaliteral{5C3C696E3E}{\isasymin}}\ A{\isaliteral{22}{\isachardoublequote}}}.  Thus \isa{A} is a non-empty subset of \isa{{\isaliteral{5C3C7461753E}{\isasymtau}}}, and the new type denotes this subset.  New functions are
  1495   postulated that establish an isomorphism between the new type and
  1496   the subset.  In general, the type \isa{{\isaliteral{5C3C7461753E}{\isasymtau}}} may involve type
  1497   variables \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub n{\isaliteral{22}{\isachardoublequote}}} which means that the type definition
  1498   produces a type constructor \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub n{\isaliteral{29}{\isacharparenright}}\ t{\isaliteral{22}{\isachardoublequote}}} depending on
  1499   those type arguments.
  1500 
  1501   The axiomatization can be considered a ``definition'' in the sense
  1502   of the particular set-theoretic interpretation of HOL
  1503   \cite{pitts93}, where the universe of types is required to be
  1504   downwards-closed wrt.\ arbitrary non-empty subsets.  Thus genuinely
  1505   new types introduced by \hyperlink{command.typedef}{\mbox{\isa{\isacommand{typedef}}}} stay within the range
  1506   of HOL models by construction.  Note that \indexref{}{command}{type\_synonym}\hyperlink{command.type-synonym}{\mbox{\isa{\isacommand{type{\isaliteral{5F}{\isacharunderscore}}synonym}}}} from Isabelle/Pure merely introduces syntactic
  1507   abbreviations, without any logical significance.
  1508   
  1509   \begin{matharray}{rcl}
  1510     \indexdef{HOL}{command}{typedef}\hypertarget{command.HOL.typedef}{\hyperlink{command.HOL.typedef}{\mbox{\isa{\isacommand{typedef}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}local{\isaliteral{5F}{\isacharunderscore}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ proof{\isaliteral{28}{\isacharparenleft}}prove{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}} \\
  1511   \end{matharray}
  1512 
  1513   \begin{railoutput}
  1514 \rail@begin{2}{}
  1515 \rail@term{\hyperlink{command.HOL.typedef}{\mbox{\isa{\isacommand{typedef}}}}}[]
  1516 \rail@bar
  1517 \rail@nextbar{1}
  1518 \rail@nont{\isa{alt{\isaliteral{5F}{\isacharunderscore}}name}}[]
  1519 \rail@endbar
  1520 \rail@nont{\isa{abs{\isaliteral{5F}{\isacharunderscore}}type}}[]
  1521 \rail@term{\isa{{\isaliteral{3D}{\isacharequal}}}}[]
  1522 \rail@nont{\isa{rep{\isaliteral{5F}{\isacharunderscore}}set}}[]
  1523 \rail@end
  1524 \rail@begin{3}{\isa{alt{\isaliteral{5F}{\isacharunderscore}}name}}
  1525 \rail@term{\isa{{\isaliteral{28}{\isacharparenleft}}}}[]
  1526 \rail@bar
  1527 \rail@nont{\hyperlink{syntax.name}{\mbox{\isa{name}}}}[]
  1528 \rail@nextbar{1}
  1529 \rail@term{\isa{\isakeyword{open}}}[]
  1530 \rail@nextbar{2}
  1531 \rail@term{\isa{\isakeyword{open}}}[]
  1532 \rail@nont{\hyperlink{syntax.name}{\mbox{\isa{name}}}}[]
  1533 \rail@endbar
  1534 \rail@term{\isa{{\isaliteral{29}{\isacharparenright}}}}[]
  1535 \rail@end
  1536 \rail@begin{2}{\isa{abs{\isaliteral{5F}{\isacharunderscore}}type}}
  1537 \rail@nont{\hyperlink{syntax.typespec-sorts}{\mbox{\isa{typespec{\isaliteral{5F}{\isacharunderscore}}sorts}}}}[]
  1538 \rail@bar
  1539 \rail@nextbar{1}
  1540 \rail@nont{\hyperlink{syntax.mixfix}{\mbox{\isa{mixfix}}}}[]
  1541 \rail@endbar
  1542 \rail@end
  1543 \rail@begin{2}{\isa{rep{\isaliteral{5F}{\isacharunderscore}}set}}
  1544 \rail@nont{\hyperlink{syntax.term}{\mbox{\isa{term}}}}[]
  1545 \rail@bar
  1546 \rail@nextbar{1}
  1547 \rail@term{\isa{\isakeyword{morphisms}}}[]
  1548 \rail@nont{\hyperlink{syntax.name}{\mbox{\isa{name}}}}[]
  1549 \rail@nont{\hyperlink{syntax.name}{\mbox{\isa{name}}}}[]
  1550 \rail@endbar
  1551 \rail@end
  1552 \end{railoutput}
  1553 
  1554 
  1555   \begin{description}
  1556 
  1557   \item \hyperlink{command.HOL.typedef}{\mbox{\isa{\isacommand{typedef}}}}~\isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub n{\isaliteral{29}{\isacharparenright}}\ t\ {\isaliteral{3D}{\isacharequal}}\ A{\isaliteral{22}{\isachardoublequote}}}
  1558   axiomatizes a type definition in the background theory of the
  1559   current context, depending on a non-emptiness result of the set
  1560   \isa{A} that needs to be proven here.  The set \isa{A} may
  1561   contain type variables \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub {\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E7375623E}{}\isactrlsub n{\isaliteral{22}{\isachardoublequote}}} as specified on the LHS,
  1562   but no term variables.
  1563 
  1564   Even though a local theory specification, the newly introduced type
  1565   constructor cannot depend on parameters or assumptions of the
  1566   context: this is structurally impossible in HOL.  In contrast, the
  1567   non-emptiness proof may use local assumptions in unusual situations,
  1568   which could result in different interpretations in target contexts:
  1569   the meaning of the bijection between the representing set \isa{A}
  1570   and the new type \isa{t} may then change in different application
  1571   contexts.
  1572 
  1573   By default, \hyperlink{command.HOL.typedef}{\mbox{\isa{\isacommand{typedef}}}} defines both a type
  1574   constructor \isa{t} for the new type, and a term constant \isa{t} for the representing set within the old type.  Use the ``\isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}open{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}}'' option to suppress a separate constant definition
  1575   altogether.  The injection from type to set is called \isa{Rep{\isaliteral{5F}{\isacharunderscore}}t},
  1576   its inverse \isa{Abs{\isaliteral{5F}{\isacharunderscore}}t}, unless explicit \hyperlink{keyword.HOL.morphisms}{\mbox{\isa{\isakeyword{morphisms}}}} specification provides alternative names.
  1577 
  1578   The core axiomatization uses the locale predicate \isa{type{\isaliteral{5F}{\isacharunderscore}}definition} as defined in Isabelle/HOL.  Various basic
  1579   consequences of that are instantiated accordingly, re-using the
  1580   locale facts with names derived from the new type constructor.  Thus
  1581   the generic \isa{type{\isaliteral{5F}{\isacharunderscore}}definition{\isaliteral{2E}{\isachardot}}Rep} is turned into the specific
  1582   \isa{{\isaliteral{22}{\isachardoublequote}}Rep{\isaliteral{5F}{\isacharunderscore}}t{\isaliteral{22}{\isachardoublequote}}}, for example.
  1583 
  1584   Theorems \isa{type{\isaliteral{5F}{\isacharunderscore}}definition{\isaliteral{2E}{\isachardot}}Rep}, \isa{type{\isaliteral{5F}{\isacharunderscore}}definition{\isaliteral{2E}{\isachardot}}Rep{\isaliteral{5F}{\isacharunderscore}}inverse}, and \isa{type{\isaliteral{5F}{\isacharunderscore}}definition{\isaliteral{2E}{\isachardot}}Abs{\isaliteral{5F}{\isacharunderscore}}inverse}
  1585   provide the most basic characterization as a corresponding
  1586   injection/surjection pair (in both directions).  The derived rules
  1587   \isa{type{\isaliteral{5F}{\isacharunderscore}}definition{\isaliteral{2E}{\isachardot}}Rep{\isaliteral{5F}{\isacharunderscore}}inject} and \isa{type{\isaliteral{5F}{\isacharunderscore}}definition{\isaliteral{2E}{\isachardot}}Abs{\isaliteral{5F}{\isacharunderscore}}inject} provide a more convenient version of
  1588   injectivity, suitable for automated proof tools (e.g.\ in
  1589   declarations involving \hyperlink{attribute.simp}{\mbox{\isa{simp}}} or \hyperlink{attribute.iff}{\mbox{\isa{iff}}}).
  1590   Furthermore, the rules \isa{type{\isaliteral{5F}{\isacharunderscore}}definition{\isaliteral{2E}{\isachardot}}Rep{\isaliteral{5F}{\isacharunderscore}}cases}~/ \isa{type{\isaliteral{5F}{\isacharunderscore}}definition{\isaliteral{2E}{\isachardot}}Rep{\isaliteral{5F}{\isacharunderscore}}induct}, and \isa{type{\isaliteral{5F}{\isacharunderscore}}definition{\isaliteral{2E}{\isachardot}}Abs{\isaliteral{5F}{\isacharunderscore}}cases}~/
  1591   \isa{type{\isaliteral{5F}{\isacharunderscore}}definition{\isaliteral{2E}{\isachardot}}Abs{\isaliteral{5F}{\isacharunderscore}}induct} provide alternative views on
  1592   surjectivity.  These rules are already declared as set or type rules
  1593   for the generic \hyperlink{method.cases}{\mbox{\isa{cases}}} and \hyperlink{method.induct}{\mbox{\isa{induct}}} methods,
  1594   respectively.
  1595 
  1596   An alternative name for the set definition (and other derived
  1597   entities) may be specified in parentheses; the default is to use
  1598   \isa{t} directly.
  1599 
  1600   \end{description}
  1601 
  1602   \begin{warn}
  1603   If you introduce a new type axiomatically, i.e.\ via \indexref{}{command}{typedecl}\hyperlink{command.typedecl}{\mbox{\isa{\isacommand{typedecl}}}} and \indexref{}{command}{axiomatization}\hyperlink{command.axiomatization}{\mbox{\isa{\isacommand{axiomatization}}}}, the minimum requirement
  1604   is that it has a non-empty model, to avoid immediate collapse of the
  1605   HOL logic.  Moreover, one needs to demonstrate that the
  1606   interpretation of such free-form axiomatizations can coexist with
  1607   that of the regular \indexdef{}{command}{typedef}\hypertarget{command.typedef}{\hyperlink{command.typedef}{\mbox{\isa{\isacommand{typedef}}}}} scheme, and any extension
  1608   that other people might have introduced elsewhere (e.g.\ in HOLCF
  1609   \cite{MuellerNvOS99}).
  1610   \end{warn}%
  1611 \end{isamarkuptext}%
  1612 \isamarkuptrue%
  1613 %
  1614 \isamarkupsubsubsection{Examples%
  1615 }
  1616 \isamarkuptrue%
  1617 %
  1618 \begin{isamarkuptext}%
  1619 Type definitions permit the introduction of abstract data
  1620   types in a safe way, namely by providing models based on already
  1621   existing types.  Given some abstract axiomatic description \isa{P}
  1622   of a type, this involves two steps:
  1623 
  1624   \begin{enumerate}
  1625 
  1626   \item Find an appropriate type \isa{{\isaliteral{5C3C7461753E}{\isasymtau}}} and subset \isa{A} which
  1627   has the desired properties \isa{P}, and make a type definition
  1628   based on this representation.
  1629 
  1630   \item Prove that \isa{P} holds for \isa{{\isaliteral{5C3C7461753E}{\isasymtau}}} by lifting \isa{P}
  1631   from the representation.
  1632 
  1633   \end{enumerate}
  1634 
  1635   You can later forget about the representation and work solely in
  1636   terms of the abstract properties \isa{P}.
  1637 
  1638   \medskip The following trivial example pulls a three-element type
  1639   into existence within the formal logical environment of HOL.%
  1640 \end{isamarkuptext}%
  1641 \isamarkuptrue%
  1642 \isacommand{typedef}\isamarkupfalse%
  1643 \ three\ {\isaliteral{3D}{\isacharequal}}\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{7B}{\isacharbraceleft}}{\isaliteral{28}{\isacharparenleft}}True{\isaliteral{2C}{\isacharcomma}}\ True{\isaliteral{29}{\isacharparenright}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{28}{\isacharparenleft}}True{\isaliteral{2C}{\isacharcomma}}\ False{\isaliteral{29}{\isacharparenright}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{28}{\isacharparenleft}}False{\isaliteral{2C}{\isacharcomma}}\ True{\isaliteral{29}{\isacharparenright}}{\isaliteral{7D}{\isacharbraceright}}{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
  1644 %
  1645 \isadelimproof
  1646 \ \ %
  1647 \endisadelimproof
  1648 %
  1649 \isatagproof
  1650 \isacommand{by}\isamarkupfalse%
  1651 \ blast%
  1652 \endisatagproof
  1653 {\isafoldproof}%
  1654 %
  1655 \isadelimproof
  1656 \isanewline
  1657 %
  1658 \endisadelimproof
  1659 \isanewline
  1660 \isacommand{definition}\isamarkupfalse%
  1661 \ {\isaliteral{22}{\isachardoublequoteopen}}One\ {\isaliteral{3D}{\isacharequal}}\ Abs{\isaliteral{5F}{\isacharunderscore}}three\ {\isaliteral{28}{\isacharparenleft}}True{\isaliteral{2C}{\isacharcomma}}\ True{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
  1662 \isacommand{definition}\isamarkupfalse%
  1663 \ {\isaliteral{22}{\isachardoublequoteopen}}Two\ {\isaliteral{3D}{\isacharequal}}\ Abs{\isaliteral{5F}{\isacharunderscore}}three\ {\isaliteral{28}{\isacharparenleft}}True{\isaliteral{2C}{\isacharcomma}}\ False{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
  1664 \isacommand{definition}\isamarkupfalse%
  1665 \ {\isaliteral{22}{\isachardoublequoteopen}}Three\ {\isaliteral{3D}{\isacharequal}}\ Abs{\isaliteral{5F}{\isacharunderscore}}three\ {\isaliteral{28}{\isacharparenleft}}False{\isaliteral{2C}{\isacharcomma}}\ True{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
  1666 \isanewline
  1667 \isacommand{lemma}\isamarkupfalse%
  1668 \ three{\isaliteral{5F}{\isacharunderscore}}distinct{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequoteopen}}One\ {\isaliteral{5C3C6E6F7465713E}{\isasymnoteq}}\ Two{\isaliteral{22}{\isachardoublequoteclose}}\ \ {\isaliteral{22}{\isachardoublequoteopen}}One\ {\isaliteral{5C3C6E6F7465713E}{\isasymnoteq}}\ Three{\isaliteral{22}{\isachardoublequoteclose}}\ \ {\isaliteral{22}{\isachardoublequoteopen}}Two\ {\isaliteral{5C3C6E6F7465713E}{\isasymnoteq}}\ Three{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
  1669 %
  1670 \isadelimproof
  1671 \ \ %
  1672 \endisadelimproof
  1673 %
  1674 \isatagproof
  1675 \isacommand{by}\isamarkupfalse%
  1676 \ {\isaliteral{28}{\isacharparenleft}}simp{\isaliteral{5F}{\isacharunderscore}}all\ add{\isaliteral{3A}{\isacharcolon}}\ One{\isaliteral{5F}{\isacharunderscore}}def\ Two{\isaliteral{5F}{\isacharunderscore}}def\ Three{\isaliteral{5F}{\isacharunderscore}}def\ Abs{\isaliteral{5F}{\isacharunderscore}}three{\isaliteral{5F}{\isacharunderscore}}inject\ three{\isaliteral{5F}{\isacharunderscore}}def{\isaliteral{29}{\isacharparenright}}%
  1677 \endisatagproof
  1678 {\isafoldproof}%
  1679 %
  1680 \isadelimproof
  1681 \isanewline
  1682 %
  1683 \endisadelimproof
  1684 \isanewline
  1685 \isacommand{lemma}\isamarkupfalse%
  1686 \ three{\isaliteral{5F}{\isacharunderscore}}cases{\isaliteral{3A}{\isacharcolon}}\isanewline
  1687 \ \ \isakeyword{fixes}\ x\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ three\ \isakeyword{obtains}\ {\isaliteral{22}{\isachardoublequoteopen}}x\ {\isaliteral{3D}{\isacharequal}}\ One{\isaliteral{22}{\isachardoublequoteclose}}\ {\isaliteral{7C}{\isacharbar}}\ {\isaliteral{22}{\isachardoublequoteopen}}x\ {\isaliteral{3D}{\isacharequal}}\ Two{\isaliteral{22}{\isachardoublequoteclose}}\ {\isaliteral{7C}{\isacharbar}}\ {\isaliteral{22}{\isachardoublequoteopen}}x\ {\isaliteral{3D}{\isacharequal}}\ Three{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
  1688 %
  1689 \isadelimproof
  1690 \ \ %
  1691 \endisadelimproof
  1692 %
  1693 \isatagproof
  1694 \isacommand{by}\isamarkupfalse%
  1695 \ {\isaliteral{28}{\isacharparenleft}}cases\ x{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{28}{\isacharparenleft}}auto\ simp{\isaliteral{3A}{\isacharcolon}}\ One{\isaliteral{5F}{\isacharunderscore}}def\ Two{\isaliteral{5F}{\isacharunderscore}}def\ Three{\isaliteral{5F}{\isacharunderscore}}def\ Abs{\isaliteral{5F}{\isacharunderscore}}three{\isaliteral{5F}{\isacharunderscore}}inject\ three{\isaliteral{5F}{\isacharunderscore}}def{\isaliteral{29}{\isacharparenright}}%
  1696 \endisatagproof
  1697 {\isafoldproof}%
  1698 %
  1699 \isadelimproof
  1700 %
  1701 \endisadelimproof
  1702 %
  1703 \begin{isamarkuptext}%
  1704 Note that such trivial constructions are better done with
  1705   derived specification mechanisms such as \hyperlink{command.datatype}{\mbox{\isa{\isacommand{datatype}}}}:%
  1706 \end{isamarkuptext}%
  1707 \isamarkuptrue%
  1708 \isacommand{datatype}\isamarkupfalse%
  1709 \ three{\isaliteral{27}{\isacharprime}}\ {\isaliteral{3D}{\isacharequal}}\ One{\isaliteral{27}{\isacharprime}}\ {\isaliteral{7C}{\isacharbar}}\ Two{\isaliteral{27}{\isacharprime}}\ {\isaliteral{7C}{\isacharbar}}\ Three{\isaliteral{27}{\isacharprime}}%
  1710 \begin{isamarkuptext}%
  1711 This avoids re-doing basic definitions and proofs from the
  1712   primitive \hyperlink{command.typedef}{\mbox{\isa{\isacommand{typedef}}}} above.%
  1713 \end{isamarkuptext}%
  1714 \isamarkuptrue%
  1715 %
  1716 \isamarkupsection{Functorial structure of types%
  1717 }
  1718 \isamarkuptrue%
  1719 %
  1720 \begin{isamarkuptext}%
  1721 \begin{matharray}{rcl}
  1722     \indexdef{HOL}{command}{enriched\_type}\hypertarget{command.HOL.enriched-type}{\hyperlink{command.HOL.enriched-type}{\mbox{\isa{\isacommand{enriched{\isaliteral{5F}{\isacharunderscore}}type}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}local{\isaliteral{5F}{\isacharunderscore}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ proof{\isaliteral{28}{\isacharparenleft}}prove{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}}
  1723   \end{matharray}
  1724 
  1725   \begin{railoutput}
  1726 \rail@begin{2}{}
  1727 \rail@term{\hyperlink{command.HOL.enriched-type}{\mbox{\isa{\isacommand{enriched{\isaliteral{5F}{\isacharunderscore}}type}}}}}[]
  1728 \rail@bar
  1729 \rail@nextbar{1}
  1730 \rail@nont{\hyperlink{syntax.name}{\mbox{\isa{name}}}}[]
  1731 \rail@term{\isa{{\isaliteral{3A}{\isacharcolon}}}}[]
  1732 \rail@endbar
  1733 \rail@nont{\hyperlink{syntax.term}{\mbox{\isa{term}}}}[]
  1734 \rail@end
  1735 \end{railoutput}
  1736 
  1737 
  1738   \begin{description}
  1739 
  1740   \item \hyperlink{command.HOL.enriched-type}{\mbox{\isa{\isacommand{enriched{\isaliteral{5F}{\isacharunderscore}}type}}}}~\isa{{\isaliteral{22}{\isachardoublequote}}prefix{\isaliteral{3A}{\isacharcolon}}\ m{\isaliteral{22}{\isachardoublequote}}} allows to
  1741   prove and register properties about the functorial structure of type
  1742   constructors.  These properties then can be used by other packages
  1743   to deal with those type constructors in certain type constructions.
  1744   Characteristic theorems are noted in the current local theory.  By
  1745   default, they are prefixed with the base name of the type
  1746   constructor, an explicit prefix can be given alternatively.
  1747 
  1748   The given term \isa{{\isaliteral{22}{\isachardoublequote}}m{\isaliteral{22}{\isachardoublequote}}} is considered as \emph{mapper} for the
  1749   corresponding type constructor and must conform to the following
  1750   type pattern:
  1751 
  1752   \begin{matharray}{lll}
  1753     \isa{{\isaliteral{22}{\isachardoublequote}}m{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{22}{\isachardoublequote}}} &
  1754       \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E697375623E}{}\isactrlisub {\isadigit{1}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E697375623E}{}\isactrlisub k\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{28}{\isacharparenleft}}\isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E697375623E}{}\isactrlisub n{\isaliteral{29}{\isacharparenright}}\ t\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{28}{\isacharparenleft}}\isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C626574613E}{\isasymbeta}}\isaliteral{5C3C5E697375623E}{}\isactrlisub n{\isaliteral{29}{\isacharparenright}}\ t{\isaliteral{22}{\isachardoublequote}}} \\
  1755   \end{matharray}
  1756 
  1757   \noindent where \isa{t} is the type constructor, \isa{{\isaliteral{22}{\isachardoublequote}}\isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E697375623E}{}\isactrlisub n{\isaliteral{22}{\isachardoublequote}}} and \isa{{\isaliteral{22}{\isachardoublequote}}\isaliteral{5C3C5E7665633E}{}\isactrlvec {\isaliteral{5C3C626574613E}{\isasymbeta}}\isaliteral{5C3C5E697375623E}{}\isactrlisub n{\isaliteral{22}{\isachardoublequote}}} are distinct
  1758   type variables free in the local theory and \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E697375623E}{}\isactrlisub {\isadigit{1}}{\isaliteral{22}{\isachardoublequote}}},
  1759   \ldots, \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E697375623E}{}\isactrlisub k{\isaliteral{22}{\isachardoublequote}}} is a subsequence of \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E697375623E}{}\isactrlisub {\isadigit{1}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C626574613E}{\isasymbeta}}\isaliteral{5C3C5E697375623E}{}\isactrlisub {\isadigit{1}}{\isaliteral{22}{\isachardoublequote}}}, \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C626574613E}{\isasymbeta}}\isaliteral{5C3C5E697375623E}{}\isactrlisub {\isadigit{1}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E697375623E}{}\isactrlisub {\isadigit{1}}{\isaliteral{22}{\isachardoublequote}}}, \ldots,
  1760   \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E697375623E}{}\isactrlisub n\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C626574613E}{\isasymbeta}}\isaliteral{5C3C5E697375623E}{}\isactrlisub n{\isaliteral{22}{\isachardoublequote}}}, \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C626574613E}{\isasymbeta}}\isaliteral{5C3C5E697375623E}{}\isactrlisub n\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E697375623E}{}\isactrlisub n{\isaliteral{22}{\isachardoublequote}}}.
  1761 
  1762   \end{description}%
  1763 \end{isamarkuptext}%
  1764 \isamarkuptrue%
  1765 %
  1766 \isamarkupsection{Quotient types%
  1767 }
  1768 \isamarkuptrue%
  1769 %
  1770 \begin{isamarkuptext}%
  1771 The quotient package defines a new quotient type given a raw type
  1772   and a partial equivalence relation.
  1773   It also includes automation for transporting definitions and theorems.
  1774   It can automatically produce definitions and theorems on the quotient type,
  1775   given the corresponding constants and facts on the raw type.
  1776 
  1777   \begin{matharray}{rcl}
  1778     \indexdef{HOL}{command}{quotient\_type}\hypertarget{command.HOL.quotient-type}{\hyperlink{command.HOL.quotient-type}{\mbox{\isa{\isacommand{quotient{\isaliteral{5F}{\isacharunderscore}}type}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}local{\isaliteral{5F}{\isacharunderscore}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ proof{\isaliteral{28}{\isacharparenleft}}prove{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}}\\
  1779     \indexdef{HOL}{command}{quotient\_definition}\hypertarget{command.HOL.quotient-definition}{\hyperlink{command.HOL.quotient-definition}{\mbox{\isa{\isacommand{quotient{\isaliteral{5F}{\isacharunderscore}}definition}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}local{\isaliteral{5F}{\isacharunderscore}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ proof{\isaliteral{28}{\isacharparenleft}}prove{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}}\\
  1780     \indexdef{HOL}{command}{print\_quotmaps}\hypertarget{command.HOL.print-quotmaps}{\hyperlink{command.HOL.print-quotmaps}{\mbox{\isa{\isacommand{print{\isaliteral{5F}{\isacharunderscore}}quotmaps}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}context\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}{\isaliteral{22}{\isachardoublequote}}}\\
  1781     \indexdef{HOL}{command}{print\_quotients}\hypertarget{command.HOL.print-quotients}{\hyperlink{command.HOL.print-quotients}{\mbox{\isa{\isacommand{print{\isaliteral{5F}{\isacharunderscore}}quotients}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}context\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}{\isaliteral{22}{\isachardoublequote}}}\\
  1782     \indexdef{HOL}{command}{print\_quotconsts}\hypertarget{command.HOL.print-quotconsts}{\hyperlink{command.HOL.print-quotconsts}{\mbox{\isa{\isacommand{print{\isaliteral{5F}{\isacharunderscore}}quotconsts}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}context\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}{\isaliteral{22}{\isachardoublequote}}}\\
  1783     \indexdef{HOL}{method}{lifting}\hypertarget{method.HOL.lifting}{\hyperlink{method.HOL.lifting}{\mbox{\isa{lifting}}}} & : & \isa{method} \\
  1784     \indexdef{HOL}{method}{lifting\_setup}\hypertarget{method.HOL.lifting-setup}{\hyperlink{method.HOL.lifting-setup}{\mbox{\isa{lifting{\isaliteral{5F}{\isacharunderscore}}setup}}}} & : & \isa{method} \\
  1785     \indexdef{HOL}{method}{descending}\hypertarget{method.HOL.descending}{\hyperlink{method.HOL.descending}{\mbox{\isa{descending}}}} & : & \isa{method} \\
  1786     \indexdef{HOL}{method}{descending\_setup}\hypertarget{method.HOL.descending-setup}{\hyperlink{method.HOL.descending-setup}{\mbox{\isa{descending{\isaliteral{5F}{\isacharunderscore}}setup}}}} & : & \isa{method} \\
  1787     \indexdef{HOL}{method}{partiality\_descending}\hypertarget{method.HOL.partiality-descending}{\hyperlink{method.HOL.partiality-descending}{\mbox{\isa{partiality{\isaliteral{5F}{\isacharunderscore}}descending}}}} & : & \isa{method} \\
  1788     \indexdef{HOL}{method}{partiality\_descending\_setup}\hypertarget{method.HOL.partiality-descending-setup}{\hyperlink{method.HOL.partiality-descending-setup}{\mbox{\isa{partiality{\isaliteral{5F}{\isacharunderscore}}descending{\isaliteral{5F}{\isacharunderscore}}setup}}}} & : & \isa{method} \\
  1789     \indexdef{HOL}{method}{regularize}\hypertarget{method.HOL.regularize}{\hyperlink{method.HOL.regularize}{\mbox{\isa{regularize}}}} & : & \isa{method} \\
  1790     \indexdef{HOL}{method}{injection}\hypertarget{method.HOL.injection}{\hyperlink{method.HOL.injection}{\mbox{\isa{injection}}}} & : & \isa{method} \\
  1791     \indexdef{HOL}{method}{cleaning}\hypertarget{method.HOL.cleaning}{\hyperlink{method.HOL.cleaning}{\mbox{\isa{cleaning}}}} & : & \isa{method} \\
  1792     \indexdef{HOL}{attribute}{quot\_thm}\hypertarget{attribute.HOL.quot-thm}{\hyperlink{attribute.HOL.quot-thm}{\mbox{\isa{quot{\isaliteral{5F}{\isacharunderscore}}thm}}}} & : & \isa{attribute} \\
  1793     \indexdef{HOL}{attribute}{quot\_lifted}\hypertarget{attribute.HOL.quot-lifted}{\hyperlink{attribute.HOL.quot-lifted}{\mbox{\isa{quot{\isaliteral{5F}{\isacharunderscore}}lifted}}}} & : & \isa{attribute} \\
  1794     \indexdef{HOL}{attribute}{quot\_respect}\hypertarget{attribute.HOL.quot-respect}{\hyperlink{attribute.HOL.quot-respect}{\mbox{\isa{quot{\isaliteral{5F}{\isacharunderscore}}respect}}}} & : & \isa{attribute} \\
  1795     \indexdef{HOL}{attribute}{quot\_preserve}\hypertarget{attribute.HOL.quot-preserve}{\hyperlink{attribute.HOL.quot-preserve}{\mbox{\isa{quot{\isaliteral{5F}{\isacharunderscore}}preserve}}}} & : & \isa{attribute} \\
  1796   \end{matharray}
  1797 
  1798   \begin{railoutput}
  1799 \rail@begin{2}{}
  1800 \rail@term{\hyperlink{command.HOL.quotient-type}{\mbox{\isa{\isacommand{quotient{\isaliteral{5F}{\isacharunderscore}}type}}}}}[]
  1801 \rail@plus
  1802 \rail@nont{\isa{spec}}[]
  1803 \rail@nextplus{1}
  1804 \rail@cterm{\isa{\isakeyword{and}}}[]
  1805 \rail@endplus
  1806 \rail@end
  1807 \rail@begin{8}{\isa{spec}}
  1808 \rail@nont{\hyperlink{syntax.typespec}{\mbox{\isa{typespec}}}}[]
  1809 \rail@bar
  1810 \rail@nextbar{1}
  1811 \rail@nont{\hyperlink{syntax.mixfix}{\mbox{\isa{mixfix}}}}[]
  1812 \rail@endbar
  1813 \rail@term{\isa{{\isaliteral{3D}{\isacharequal}}}}[]
  1814 \rail@cr{3}
  1815 \rail@nont{\hyperlink{syntax.type}{\mbox{\isa{type}}}}[]
  1816 \rail@term{\isa{{\isaliteral{2F}{\isacharslash}}}}[]
  1817 \rail@bar
  1818 \rail@nextbar{4}
  1819 \rail@term{\isa{partial}}[]
  1820 \rail@term{\isa{{\isaliteral{3A}{\isacharcolon}}}}[]
  1821 \rail@endbar
  1822 \rail@nont{\hyperlink{syntax.term}{\mbox{\isa{term}}}}[]
  1823 \rail@cr{6}
  1824 \rail@bar
  1825 \rail@nextbar{7}
  1826 \rail@term{\isa{\isakeyword{morphisms}}}[]
  1827 \rail@nont{\hyperlink{syntax.name}{\mbox{\isa{name}}}}[]
  1828 \rail@nont{\hyperlink{syntax.name}{\mbox{\isa{name}}}}[]
  1829 \rail@endbar
  1830 \rail@end
  1831 \end{railoutput}
  1832 
  1833 
  1834   \begin{railoutput}
  1835 \rail@begin{4}{}
  1836 \rail@term{\hyperlink{command.HOL.quotient-definition}{\mbox{\isa{\isacommand{quotient{\isaliteral{5F}{\isacharunderscore}}definition}}}}}[]
  1837 \rail@bar
  1838 \rail@nextbar{1}
  1839 \rail@nont{\isa{constdecl}}[]
  1840 \rail@endbar
  1841 \rail@bar
  1842 \rail@nextbar{1}
  1843 \rail@nont{\hyperlink{syntax.thmdecl}{\mbox{\isa{thmdecl}}}}[]
  1844 \rail@endbar
  1845 \rail@cr{3}
  1846 \rail@nont{\hyperlink{syntax.term}{\mbox{\isa{term}}}}[]
  1847 \rail@term{\isa{is}}[]
  1848 \rail@nont{\hyperlink{syntax.term}{\mbox{\isa{term}}}}[]
  1849 \rail@end
  1850 \rail@begin{2}{\isa{constdecl}}
  1851 \rail@nont{\hyperlink{syntax.name}{\mbox{\isa{name}}}}[]
  1852 \rail@bar
  1853 \rail@nextbar{1}
  1854 \rail@term{\isa{{\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}}}[]
  1855 \rail@nont{\hyperlink{syntax.type}{\mbox{\isa{type}}}}[]
  1856 \rail@endbar
  1857 \rail@bar
  1858 \rail@nextbar{1}
  1859 \rail@nont{\hyperlink{syntax.mixfix}{\mbox{\isa{mixfix}}}}[]
  1860 \rail@endbar
  1861 \rail@end
  1862 \end{railoutput}
  1863 
  1864 
  1865   \begin{railoutput}
  1866 \rail@begin{2}{}
  1867 \rail@term{\hyperlink{method.HOL.lifting}{\mbox{\isa{lifting}}}}[]
  1868 \rail@bar
  1869 \rail@nextbar{1}
  1870 \rail@nont{\hyperlink{syntax.thmrefs}{\mbox{\isa{thmrefs}}}}[]
  1871 \rail@endbar
  1872 \rail@end
  1873 \rail@begin{2}{}
  1874 \rail@term{\hyperlink{method.HOL.lifting-setup}{\mbox{\isa{lifting{\isaliteral{5F}{\isacharunderscore}}setup}}}}[]
  1875 \rail@bar
  1876 \rail@nextbar{1}
  1877 \rail@nont{\hyperlink{syntax.thmrefs}{\mbox{\isa{thmrefs}}}}[]
  1878 \rail@endbar
  1879 \rail@end
  1880 \end{railoutput}
  1881 
  1882 
  1883   \begin{description}
  1884 
  1885   \item \hyperlink{command.HOL.quotient-type}{\mbox{\isa{\isacommand{quotient{\isaliteral{5F}{\isacharunderscore}}type}}}} defines quotient types. The injection from a quotient type 
  1886   to a raw type is called \isa{rep{\isaliteral{5F}{\isacharunderscore}}t}, its inverse \isa{abs{\isaliteral{5F}{\isacharunderscore}}t} unless explicit \hyperlink{keyword.HOL.morphisms}{\mbox{\isa{\isakeyword{morphisms}}}} specification provides alternative names. \hyperlink{command.HOL.quotient-type}{\mbox{\isa{\isacommand{quotient{\isaliteral{5F}{\isacharunderscore}}type}}}} requires
  1887   the user to prove that the relation is an equivalence relation (predicate \isa{equivp}), unless
  1888   the user specifies explicitely \isa{partial} in which case the obligation is \isa{part{\isaliteral{5F}{\isacharunderscore}}equivp}.
  1889   A quotient defined with \isa{partial} is weaker in the sense that less things can be proved
  1890   automatically.
  1891 
  1892   \item \hyperlink{command.HOL.quotient-definition}{\mbox{\isa{\isacommand{quotient{\isaliteral{5F}{\isacharunderscore}}definition}}}} defines a constant on the quotient type.
  1893 
  1894   \item \hyperlink{command.HOL.print-quotmaps}{\mbox{\isa{\isacommand{print{\isaliteral{5F}{\isacharunderscore}}quotmaps}}}} prints quotient map functions.
  1895 
  1896   \item \hyperlink{command.HOL.print-quotients}{\mbox{\isa{\isacommand{print{\isaliteral{5F}{\isacharunderscore}}quotients}}}} prints quotients.
  1897 
  1898   \item \hyperlink{command.HOL.print-quotconsts}{\mbox{\isa{\isacommand{print{\isaliteral{5F}{\isacharunderscore}}quotconsts}}}} prints quotient constants.
  1899 
  1900   \item \hyperlink{method.HOL.lifting}{\mbox{\isa{lifting}}} and \hyperlink{method.HOL.lifting-setup}{\mbox{\isa{lifting{\isaliteral{5F}{\isacharunderscore}}setup}}}
  1901     methods match the current goal with the given raw theorem to be
  1902     lifted producing three new subgoals: regularization, injection and
  1903     cleaning subgoals. \hyperlink{method.HOL.lifting}{\mbox{\isa{lifting}}} tries to apply the
  1904     heuristics for automatically solving these three subgoals and
  1905     leaves only the subgoals unsolved by the heuristics to the user as
  1906     opposed to \hyperlink{method.HOL.lifting-setup}{\mbox{\isa{lifting{\isaliteral{5F}{\isacharunderscore}}setup}}} which leaves the three
  1907     subgoals unsolved.
  1908 
  1909   \item \hyperlink{method.HOL.descending}{\mbox{\isa{descending}}} and \hyperlink{method.HOL.descending-setup}{\mbox{\isa{descending{\isaliteral{5F}{\isacharunderscore}}setup}}} try to guess a raw statement that would lift
  1910     to the current subgoal. Such statement is assumed as a new subgoal
  1911     and \hyperlink{method.HOL.descending}{\mbox{\isa{descending}}} continues in the same way as
  1912     \hyperlink{method.HOL.lifting}{\mbox{\isa{lifting}}} does. \hyperlink{method.HOL.descending}{\mbox{\isa{descending}}} tries
  1913     to solve the arising regularization, injection and cleaning
  1914     subgoals with the analoguous method \hyperlink{method.HOL.descending-setup}{\mbox{\isa{descending{\isaliteral{5F}{\isacharunderscore}}setup}}} which leaves the four unsolved subgoals.
  1915 
  1916   \item \hyperlink{method.HOL.partiality-descending}{\mbox{\isa{partiality{\isaliteral{5F}{\isacharunderscore}}descending}}} finds the regularized
  1917     theorem that would lift to the current subgoal, lifts it and
  1918     leaves as a subgoal. This method can be used with partial
  1919     equivalence quotients where the non regularized statements would
  1920     not be true. \hyperlink{method.HOL.partiality-descending-setup}{\mbox{\isa{partiality{\isaliteral{5F}{\isacharunderscore}}descending{\isaliteral{5F}{\isacharunderscore}}setup}}} leaves
  1921     the injection and cleaning subgoals unchanged.
  1922 
  1923   \item \hyperlink{method.HOL.regularize}{\mbox{\isa{regularize}}} applies the regularization
  1924     heuristics to the current subgoal.
  1925 
  1926   \item \hyperlink{method.HOL.injection}{\mbox{\isa{injection}}} applies the injection heuristics
  1927     to the current goal using the stored quotient respectfulness
  1928     theorems.
  1929 
  1930   \item \hyperlink{method.HOL.cleaning}{\mbox{\isa{cleaning}}} applies the injection cleaning
  1931     heuristics to the current subgoal using the stored quotient
  1932     preservation theorems.
  1933 
  1934   \item \hyperlink{attribute.HOL.quot-lifted}{\mbox{\isa{quot{\isaliteral{5F}{\isacharunderscore}}lifted}}} attribute tries to
  1935     automatically transport the theorem to the quotient type.
  1936     The attribute uses all the defined quotients types and quotient
  1937     constants often producing undesired results or theorems that
  1938     cannot be lifted.
  1939 
  1940   \item \hyperlink{attribute.HOL.quot-respect}{\mbox{\isa{quot{\isaliteral{5F}{\isacharunderscore}}respect}}} and \hyperlink{attribute.HOL.quot-preserve}{\mbox{\isa{quot{\isaliteral{5F}{\isacharunderscore}}preserve}}} attributes declare a theorem as a respectfulness
  1941     and preservation theorem respectively.  These are stored in the
  1942     local theory store and used by the \hyperlink{method.HOL.injection}{\mbox{\isa{injection}}}
  1943     and \hyperlink{method.HOL.cleaning}{\mbox{\isa{cleaning}}} methods respectively.
  1944 
  1945   \item \hyperlink{attribute.HOL.quot-thm}{\mbox{\isa{quot{\isaliteral{5F}{\isacharunderscore}}thm}}} declares that a certain theorem
  1946     is a quotient extension theorem. Quotient extension theorems
  1947     allow for quotienting inside container types. Given a polymorphic
  1948     type that serves as a container, a map function defined for this
  1949     container  using \hyperlink{command.HOL.enriched-type}{\mbox{\isa{\isacommand{enriched{\isaliteral{5F}{\isacharunderscore}}type}}}} and a relation
  1950     map defined for for the container type, the quotient extension
  1951     theorem should be \isa{{\isaliteral{22}{\isachardoublequote}}Quotient\ R\ Abs\ Rep\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ Quotient\ {\isaliteral{28}{\isacharparenleft}}rel{\isaliteral{5F}{\isacharunderscore}}map\ R{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{28}{\isacharparenleft}}map\ Abs{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{28}{\isacharparenleft}}map\ Rep{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}}. Quotient extension theorems
  1952     are stored in a database and are used all the steps of lifting
  1953     theorems.
  1954 
  1955   \end{description}%
  1956 \end{isamarkuptext}%
  1957 \isamarkuptrue%
  1958 %
  1959 \isamarkupsection{Coercive subtyping%
  1960 }
  1961 \isamarkuptrue%
  1962 %
  1963 \begin{isamarkuptext}%
  1964 \begin{matharray}{rcl}
  1965     \indexdef{HOL}{attribute}{coercion}\hypertarget{attribute.HOL.coercion}{\hyperlink{attribute.HOL.coercion}{\mbox{\isa{coercion}}}} & : & \isa{attribute} \\
  1966     \indexdef{HOL}{attribute}{coercion\_enabled}\hypertarget{attribute.HOL.coercion-enabled}{\hyperlink{attribute.HOL.coercion-enabled}{\mbox{\isa{coercion{\isaliteral{5F}{\isacharunderscore}}enabled}}}} & : & \isa{attribute} \\
  1967     \indexdef{HOL}{attribute}{coercion\_map}\hypertarget{attribute.HOL.coercion-map}{\hyperlink{attribute.HOL.coercion-map}{\mbox{\isa{coercion{\isaliteral{5F}{\isacharunderscore}}map}}}} & : & \isa{attribute} \\
  1968   \end{matharray}
  1969 
  1970   \begin{railoutput}
  1971 \rail@begin{2}{}
  1972 \rail@term{\hyperlink{attribute.HOL.coercion}{\mbox{\isa{coercion}}}}[]
  1973 \rail@bar
  1974 \rail@nextbar{1}
  1975 \rail@nont{\hyperlink{syntax.term}{\mbox{\isa{term}}}}[]
  1976 \rail@endbar
  1977 \rail@end
  1978 \end{railoutput}
  1979 
  1980   \begin{railoutput}
  1981 \rail@begin{2}{}
  1982 \rail@term{\hyperlink{attribute.HOL.coercion-map}{\mbox{\isa{coercion{\isaliteral{5F}{\isacharunderscore}}map}}}}[]
  1983 \rail@bar
  1984 \rail@nextbar{1}
  1985 \rail@nont{\hyperlink{syntax.term}{\mbox{\isa{term}}}}[]
  1986 \rail@endbar
  1987 \rail@end
  1988 \end{railoutput}
  1989 
  1990 
  1991   Coercive subtyping allows the user to omit explicit type conversions,
  1992   also called \emph{coercions}.  Type inference will add them as
  1993   necessary when parsing a term. See
  1994   \cite{traytel-berghofer-nipkow-2011} for details.
  1995 
  1996   \begin{description}
  1997 
  1998   \item \hyperlink{attribute.HOL.coercion}{\mbox{\isa{coercion}}}~\isa{{\isaliteral{22}{\isachardoublequote}}f{\isaliteral{22}{\isachardoublequote}}} registers a new
  1999   coercion function \isa{{\isaliteral{22}{\isachardoublequote}}f\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E697375623E}{}\isactrlisub {\isadigit{1}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E697375623E}{}\isactrlisub {\isadigit{2}}{\isaliteral{22}{\isachardoublequote}}} where \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E697375623E}{}\isactrlisub {\isadigit{1}}{\isaliteral{22}{\isachardoublequote}}} and \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C7369676D613E}{\isasymsigma}}\isaliteral{5C3C5E697375623E}{}\isactrlisub {\isadigit{2}}{\isaliteral{22}{\isachardoublequote}}} are nullary type constructors. Coercions are
  2000   composed by the inference algorithm if needed. Note that the type
  2001   inference algorithm is complete only if the registered coercions form
  2002   a lattice.
  2003 
  2004 
  2005   \item \hyperlink{attribute.HOL.coercion-map}{\mbox{\isa{coercion{\isaliteral{5F}{\isacharunderscore}}map}}}~\isa{{\isaliteral{22}{\isachardoublequote}}map{\isaliteral{22}{\isachardoublequote}}} registers a new
  2006   map function to lift coercions through type constructors. The function
  2007   \isa{{\isaliteral{22}{\isachardoublequote}}map{\isaliteral{22}{\isachardoublequote}}} must conform to the following type pattern
  2008 
  2009   \begin{matharray}{lll}
  2010     \isa{{\isaliteral{22}{\isachardoublequote}}map{\isaliteral{22}{\isachardoublequote}}} & \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}{\isaliteral{22}{\isachardoublequote}}} &
  2011       \isa{{\isaliteral{22}{\isachardoublequote}}f\isaliteral{5C3C5E697375623E}{}\isactrlisub {\isadigit{1}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ f\isaliteral{5C3C5E697375623E}{}\isactrlisub n\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{28}{\isacharparenleft}}{\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E697375623E}{}\isactrlisub {\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E697375623E}{}\isactrlisub n{\isaliteral{29}{\isacharparenright}}\ t\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{28}{\isacharparenleft}}{\isaliteral{5C3C626574613E}{\isasymbeta}}\isaliteral{5C3C5E697375623E}{}\isactrlisub {\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{5C3C626574613E}{\isasymbeta}}\isaliteral{5C3C5E697375623E}{}\isactrlisub n{\isaliteral{29}{\isacharparenright}}\ t{\isaliteral{22}{\isachardoublequote}}} \\
  2012   \end{matharray}
  2013 
  2014   where \isa{{\isaliteral{22}{\isachardoublequote}}t{\isaliteral{22}{\isachardoublequote}}} is a type constructor and \isa{{\isaliteral{22}{\isachardoublequote}}f\isaliteral{5C3C5E697375623E}{}\isactrlisub i{\isaliteral{22}{\isachardoublequote}}} is of
  2015   type \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E697375623E}{}\isactrlisub i\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C626574613E}{\isasymbeta}}\isaliteral{5C3C5E697375623E}{}\isactrlisub i{\isaliteral{22}{\isachardoublequote}}} or
  2016   \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C626574613E}{\isasymbeta}}\isaliteral{5C3C5E697375623E}{}\isactrlisub i\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C616C7068613E}{\isasymalpha}}\isaliteral{5C3C5E697375623E}{}\isactrlisub i{\isaliteral{22}{\isachardoublequote}}}.
  2017   Registering a map function overwrites any existing map function for
  2018   this particular type constructor.
  2019 
  2020 
  2021   \item \hyperlink{attribute.HOL.coercion-enabled}{\mbox{\isa{coercion{\isaliteral{5F}{\isacharunderscore}}enabled}}} enables the coercion
  2022   inference algorithm.
  2023 
  2024   \end{description}%
  2025 \end{isamarkuptext}%
  2026 \isamarkuptrue%
  2027 %
  2028 \isamarkupsection{Arithmetic proof support%
  2029 }
  2030 \isamarkuptrue%
  2031 %
  2032 \begin{isamarkuptext}%
  2033 \begin{matharray}{rcl}
  2034     \indexdef{HOL}{method}{arith}\hypertarget{method.HOL.arith}{\hyperlink{method.HOL.arith}{\mbox{\isa{arith}}}} & : & \isa{method} \\
  2035     \indexdef{HOL}{attribute}{arith}\hypertarget{attribute.HOL.arith}{\hyperlink{attribute.HOL.arith}{\mbox{\isa{arith}}}} & : & \isa{attribute} \\
  2036     \indexdef{HOL}{attribute}{arith\_split}\hypertarget{attribute.HOL.arith-split}{\hyperlink{attribute.HOL.arith-split}{\mbox{\isa{arith{\isaliteral{5F}{\isacharunderscore}}split}}}} & : & \isa{attribute} \\
  2037   \end{matharray}
  2038 
  2039   The \hyperlink{method.HOL.arith}{\mbox{\isa{arith}}} method decides linear arithmetic problems
  2040   (on types \isa{nat}, \isa{int}, \isa{real}).  Any current
  2041   facts are inserted into the goal before running the procedure.
  2042 
  2043   The \hyperlink{attribute.HOL.arith}{\mbox{\isa{arith}}} attribute declares facts that are
  2044   always supplied to the arithmetic provers implicitly.
  2045 
  2046   The \hyperlink{attribute.HOL.arith-split}{\mbox{\isa{arith{\isaliteral{5F}{\isacharunderscore}}split}}} attribute declares case split
  2047   rules to be expanded before \hyperlink{method.HOL.arith}{\mbox{\isa{arith}}} is invoked.
  2048 
  2049   Note that a simpler (but faster) arithmetic prover is
  2050   already invoked by the Simplifier.%
  2051 \end{isamarkuptext}%
  2052 \isamarkuptrue%
  2053 %
  2054 \isamarkupsection{Intuitionistic proof search%
  2055 }
  2056 \isamarkuptrue%
  2057 %
  2058 \begin{isamarkuptext}%
  2059 \begin{matharray}{rcl}
  2060     \indexdef{HOL}{method}{iprover}\hypertarget{method.HOL.iprover}{\hyperlink{method.HOL.iprover}{\mbox{\isa{iprover}}}} & : & \isa{method} \\
  2061   \end{matharray}
  2062 
  2063   \begin{railoutput}
  2064 \rail@begin{2}{}
  2065 \rail@term{\hyperlink{method.HOL.iprover}{\mbox{\isa{iprover}}}}[]
  2066 \rail@plus
  2067 \rail@nextplus{1}
  2068 \rail@cnont{\hyperlink{syntax.rulemod}{\mbox{\isa{rulemod}}}}[]
  2069 \rail@endplus
  2070 \rail@end
  2071 \end{railoutput}
  2072 
  2073 
  2074   The \hyperlink{method.HOL.iprover}{\mbox{\isa{iprover}}} method performs intuitionistic proof
  2075   search, depending on specifically declared rules from the context,
  2076   or given as explicit arguments.  Chained facts are inserted into the
  2077   goal before commencing proof search.
  2078 
  2079   Rules need to be classified as \hyperlink{attribute.Pure.intro}{\mbox{\isa{intro}}},
  2080   \hyperlink{attribute.Pure.elim}{\mbox{\isa{elim}}}, or \hyperlink{attribute.Pure.dest}{\mbox{\isa{dest}}}; here the
  2081   ``\isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{21}{\isacharbang}}{\isaliteral{22}{\isachardoublequote}}}'' indicator refers to ``safe'' rules, which may be
  2082   applied aggressively (without considering back-tracking later).
  2083   Rules declared with ``\isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{3F}{\isacharquery}}{\isaliteral{22}{\isachardoublequote}}}'' are ignored in proof search (the
  2084   single-step \hyperlink{method.Pure.rule}{\mbox{\isa{rule}}} method still observes these).  An
  2085   explicit weight annotation may be given as well; otherwise the
  2086   number of rule premises will be taken into account here.%
  2087 \end{isamarkuptext}%
  2088 \isamarkuptrue%
  2089 %
  2090 \isamarkupsection{Model Elimination and Resolution%
  2091 }
  2092 \isamarkuptrue%
  2093 %
  2094 \begin{isamarkuptext}%
  2095 \begin{matharray}{rcl}
  2096     \indexdef{HOL}{method}{meson}\hypertarget{method.HOL.meson}{\hyperlink{method.HOL.meson}{\mbox{\isa{meson}}}} & : & \isa{method} \\
  2097     \indexdef{HOL}{method}{metis}\hypertarget{method.HOL.metis}{\hyperlink{method.HOL.metis}{\mbox{\isa{metis}}}} & : & \isa{method} \\
  2098   \end{matharray}
  2099 
  2100   \begin{railoutput}
  2101 \rail@begin{2}{}
  2102 \rail@term{\hyperlink{method.HOL.meson}{\mbox{\isa{meson}}}}[]
  2103 \rail@bar
  2104 \rail@nextbar{1}
  2105 \rail@nont{\hyperlink{syntax.thmrefs}{\mbox{\isa{thmrefs}}}}[]
  2106 \rail@endbar
  2107 \rail@end
  2108 \rail@begin{5}{}
  2109 \rail@term{\hyperlink{method.HOL.metis}{\mbox{\isa{metis}}}}[]
  2110 \rail@bar
  2111 \rail@nextbar{1}
  2112 \rail@term{\isa{{\isaliteral{28}{\isacharparenleft}}}}[]
  2113 \rail@bar
  2114 \rail@term{\isa{partial{\isaliteral{5F}{\isacharunderscore}}types}}[]
  2115 \rail@nextbar{2}
  2116 \rail@term{\isa{full{\isaliteral{5F}{\isacharunderscore}}types}}[]
  2117 \rail@nextbar{3}
  2118 \rail@term{\isa{no{\isaliteral{5F}{\isacharunderscore}}types}}[]
  2119 \rail@nextbar{4}
  2120 \rail@nont{\hyperlink{syntax.name}{\mbox{\isa{name}}}}[]
  2121 \rail@endbar
  2122 \rail@term{\isa{{\isaliteral{29}{\isacharparenright}}}}[]
  2123 \rail@endbar
  2124 \rail@bar
  2125 \rail@nextbar{1}
  2126 \rail@nont{\hyperlink{syntax.thmrefs}{\mbox{\isa{thmrefs}}}}[]
  2127 \rail@endbar
  2128 \rail@end
  2129 \end{railoutput}
  2130 
  2131 
  2132   The \hyperlink{method.HOL.meson}{\mbox{\isa{meson}}} method implements Loveland's model elimination
  2133   procedure \cite{loveland-78}. See \verb|~~/src/HOL/ex/Meson_Test.thy| for
  2134   examples.
  2135 
  2136   The \hyperlink{method.HOL.metis}{\mbox{\isa{metis}}} method combines ordered resolution and ordered
  2137   paramodulation to find first-order (or mildly higher-order) proofs. The first
  2138   optional argument specifies a type encoding; see the Sledgehammer manual
  2139   \cite{isabelle-sledgehammer} for details. The \verb|~~/src/HOL/Metis_Examples| directory contains several small theories
  2140   developed to a large extent using Metis.%
  2141 \end{isamarkuptext}%
  2142 \isamarkuptrue%
  2143 %
  2144 \isamarkupsection{Coherent Logic%
  2145 }
  2146 \isamarkuptrue%
  2147 %
  2148 \begin{isamarkuptext}%
  2149 \begin{matharray}{rcl}
  2150     \indexdef{HOL}{method}{coherent}\hypertarget{method.HOL.coherent}{\hyperlink{method.HOL.coherent}{\mbox{\isa{coherent}}}} & : & \isa{method} \\
  2151   \end{matharray}
  2152 
  2153   \begin{railoutput}
  2154 \rail@begin{2}{}
  2155 \rail@term{\hyperlink{method.HOL.coherent}{\mbox{\isa{coherent}}}}[]
  2156 \rail@bar
  2157 \rail@nextbar{1}
  2158 \rail@nont{\hyperlink{syntax.thmrefs}{\mbox{\isa{thmrefs}}}}[]
  2159 \rail@endbar
  2160 \rail@end
  2161 \end{railoutput}
  2162 
  2163 
  2164   The \hyperlink{method.HOL.coherent}{\mbox{\isa{coherent}}} method solves problems of
  2165   \emph{Coherent Logic} \cite{Bezem-Coquand:2005}, which covers
  2166   applications in confluence theory, lattice theory and projective
  2167   geometry.  See \verb|~~/src/HOL/ex/Coherent.thy| for some
  2168   examples.%
  2169 \end{isamarkuptext}%
  2170 \isamarkuptrue%
  2171 %
  2172 \isamarkupsection{Proving propositions%
  2173 }
  2174 \isamarkuptrue%
  2175 %
  2176 \begin{isamarkuptext}%
  2177 In addition to the standard proof methods, a number of diagnosis
  2178   tools search for proofs and provide an Isar proof snippet on success.
  2179   These tools are available via the following commands.
  2180 
  2181   \begin{matharray}{rcl}
  2182     \indexdef{HOL}{command}{solve\_direct}\hypertarget{command.HOL.solve-direct}{\hyperlink{command.HOL.solve-direct}{\mbox{\isa{\isacommand{solve{\isaliteral{5F}{\isacharunderscore}}direct}}}}}\isa{{\isaliteral{22}{\isachardoublequote}}\isaliteral{5C3C5E7375703E}{}\isactrlsup {\isaliteral{2A}{\isacharasterisk}}{\isaliteral{22}{\isachardoublequote}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}proof\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}{\isaliteral{22}{\isachardoublequote}}} \\
  2183     \indexdef{HOL}{command}{try}\hypertarget{command.HOL.try}{\hyperlink{command.HOL.try}{\mbox{\isa{\isacommand{try}}}}}\isa{{\isaliteral{22}{\isachardoublequote}}\isaliteral{5C3C5E7375703E}{}\isactrlsup {\isaliteral{2A}{\isacharasterisk}}{\isaliteral{22}{\isachardoublequote}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}proof\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}{\isaliteral{22}{\isachardoublequote}}} \\
  2184     \indexdef{HOL}{command}{try\_methods}\hypertarget{command.HOL.try-methods}{\hyperlink{command.HOL.try-methods}{\mbox{\isa{\isacommand{try{\isaliteral{5F}{\isacharunderscore}}methods}}}}}\isa{{\isaliteral{22}{\isachardoublequote}}\isaliteral{5C3C5E7375703E}{}\isactrlsup {\isaliteral{2A}{\isacharasterisk}}{\isaliteral{22}{\isachardoublequote}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}proof\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}{\isaliteral{22}{\isachardoublequote}}} \\
  2185     \indexdef{HOL}{command}{sledgehammer}\hypertarget{command.HOL.sledgehammer}{\hyperlink{command.HOL.sledgehammer}{\mbox{\isa{\isacommand{sledgehammer}}}}}\isa{{\isaliteral{22}{\isachardoublequote}}\isaliteral{5C3C5E7375703E}{}\isactrlsup {\isaliteral{2A}{\isacharasterisk}}{\isaliteral{22}{\isachardoublequote}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}proof\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}{\isaliteral{22}{\isachardoublequote}}} \\
  2186     \indexdef{HOL}{command}{sledgehammer\_params}\hypertarget{command.HOL.sledgehammer-params}{\hyperlink{command.HOL.sledgehammer-params}{\mbox{\isa{\isacommand{sledgehammer{\isaliteral{5F}{\isacharunderscore}}params}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ theory{\isaliteral{22}{\isachardoublequote}}}
  2187   \end{matharray}
  2188 
  2189   \begin{railoutput}
  2190 \rail@begin{1}{}
  2191 \rail@term{\hyperlink{command.HOL.try}{\mbox{\isa{\isacommand{try}}}}}[]
  2192 \rail@end
  2193 \rail@begin{6}{}
  2194 \rail@term{\hyperlink{command.HOL.try-methods}{\mbox{\isa{\isacommand{try{\isaliteral{5F}{\isacharunderscore}}methods}}}}}[]
  2195 \rail@bar
  2196 \rail@nextbar{1}
  2197 \rail@plus
  2198 \rail@bar
  2199 \rail@term{\isa{simp}}[]
  2200 \rail@nextbar{2}
  2201 \rail@term{\isa{intro}}[]
  2202 \rail@nextbar{3}
  2203 \rail@term{\isa{elim}}[]
  2204 \rail@nextbar{4}
  2205 \rail@term{\isa{dest}}[]
  2206 \rail@endbar
  2207 \rail@term{\isa{{\isaliteral{3A}{\isacharcolon}}}}[]
  2208 \rail@nont{\hyperlink{syntax.thmrefs}{\mbox{\isa{thmrefs}}}}[]
  2209 \rail@nextplus{5}
  2210 \rail@endplus
  2211 \rail@endbar
  2212 \rail@bar
  2213 \rail@nextbar{1}
  2214 \rail@nont{\hyperlink{syntax.nat}{\mbox{\isa{nat}}}}[]
  2215 \rail@endbar
  2216 \rail@end
  2217 \rail@begin{2}{}
  2218 \rail@term{\hyperlink{command.HOL.sledgehammer}{\mbox{\isa{\isacommand{sledgehammer}}}}}[]
  2219 \rail@bar
  2220 \rail@nextbar{1}
  2221 \rail@term{\isa{{\isaliteral{5B}{\isacharbrackleft}}}}[]
  2222 \rail@nont{\isa{args}}[]
  2223 \rail@term{\isa{{\isaliteral{5D}{\isacharbrackright}}}}[]
  2224 \rail@endbar
  2225 \rail@bar
  2226 \rail@nextbar{1}
  2227 \rail@nont{\isa{facts}}[]
  2228 \rail@endbar
  2229 \rail@bar
  2230 \rail@nextbar{1}
  2231 \rail@nont{\hyperlink{syntax.nat}{\mbox{\isa{nat}}}}[]
  2232 \rail@endbar
  2233 \rail@end
  2234 \rail@begin{2}{}
  2235 \rail@term{\hyperlink{command.HOL.sledgehammer-params}{\mbox{\isa{\isacommand{sledgehammer{\isaliteral{5F}{\isacharunderscore}}params}}}}}[]
  2236 \rail@bar
  2237 \rail@nextbar{1}
  2238 \rail@term{\isa{{\isaliteral{5B}{\isacharbrackleft}}}}[]
  2239 \rail@nont{\isa{args}}[]
  2240 \rail@term{\isa{{\isaliteral{5D}{\isacharbrackright}}}}[]
  2241 \rail@endbar
  2242 \rail@end
  2243 \rail@begin{2}{\isa{args}}
  2244 \rail@plus
  2245 \rail@nont{\hyperlink{syntax.name}{\mbox{\isa{name}}}}[]
  2246 \rail@term{\isa{{\isaliteral{3D}{\isacharequal}}}}[]
  2247 \rail@nont{\isa{value}}[]
  2248 \rail@nextplus{1}
  2249 \rail@cterm{\isa{{\isaliteral{2C}{\isacharcomma}}}}[]
  2250 \rail@endplus
  2251 \rail@end
  2252 \rail@begin{5}{\isa{facts}}
  2253 \rail@term{\isa{{\isaliteral{28}{\isacharparenleft}}}}[]
  2254 \rail@bar
  2255 \rail@nextbar{1}
  2256 \rail@plus
  2257 \rail@bar
  2258 \rail@nextbar{2}
  2259 \rail@bar
  2260 \rail@term{\isa{add}}[]
  2261 \rail@nextbar{3}
  2262 \rail@term{\isa{del}}[]
  2263 \rail@endbar
  2264 \rail@term{\isa{{\isaliteral{3A}{\isacharcolon}}}}[]
  2265 \rail@endbar
  2266 \rail@nont{\hyperlink{syntax.thmrefs}{\mbox{\isa{thmrefs}}}}[]
  2267 \rail@nextplus{4}
  2268 \rail@endplus
  2269 \rail@endbar
  2270 \rail@term{\isa{{\isaliteral{29}{\isacharparenright}}}}[]
  2271 \rail@end
  2272 \end{railoutput}
  2273  % FIXME check args "value"
  2274 
  2275   \begin{description}
  2276 
  2277   \item \hyperlink{command.HOL.solve-direct}{\mbox{\isa{\isacommand{solve{\isaliteral{5F}{\isacharunderscore}}direct}}}} checks whether the current subgoals can
  2278     be solved directly by an existing theorem. Duplicate lemmas can be detected
  2279     in this way.
  2280 
  2281   \item \hyperlink{command.HOL.try-methods}{\mbox{\isa{\isacommand{try{\isaliteral{5F}{\isacharunderscore}}methods}}}} attempts to prove a subgoal using a combination
  2282     of standard proof methods (\isa{auto}, \isa{simp}, \isa{blast}, etc.).
  2283     Additional facts supplied via \isa{{\isaliteral{22}{\isachardoublequote}}simp{\isaliteral{3A}{\isacharcolon}}{\isaliteral{22}{\isachardoublequote}}}, \isa{{\isaliteral{22}{\isachardoublequote}}intro{\isaliteral{3A}{\isacharcolon}}{\isaliteral{22}{\isachardoublequote}}},
  2284     \isa{{\isaliteral{22}{\isachardoublequote}}elim{\isaliteral{3A}{\isacharcolon}}{\isaliteral{22}{\isachardoublequote}}}, and \isa{{\isaliteral{22}{\isachardoublequote}}dest{\isaliteral{3A}{\isacharcolon}}{\isaliteral{22}{\isachardoublequote}}} are passed to the appropriate proof
  2285     methods.
  2286 
  2287   \item \hyperlink{command.HOL.try}{\mbox{\isa{\isacommand{try}}}} attempts to prove or disprove a subgoal
  2288     using a combination of provers and disprovers (\isa{{\isaliteral{22}{\isachardoublequote}}solve{\isaliteral{5F}{\isacharunderscore}}direct{\isaliteral{22}{\isachardoublequote}}},
  2289     \isa{{\isaliteral{22}{\isachardoublequote}}quickcheck{\isaliteral{22}{\isachardoublequote}}}, \isa{{\isaliteral{22}{\isachardoublequote}}try{\isaliteral{5F}{\isacharunderscore}}methods{\isaliteral{22}{\isachardoublequote}}}, \isa{{\isaliteral{22}{\isachardoublequote}}sledgehammer{\isaliteral{22}{\isachardoublequote}}},
  2290     \isa{{\isaliteral{22}{\isachardoublequote}}nitpick{\isaliteral{22}{\isachardoublequote}}}).
  2291 
  2292   \item \hyperlink{command.HOL.sledgehammer}{\mbox{\isa{\isacommand{sledgehammer}}}} attempts to prove a subgoal using external
  2293     automatic provers (resolution provers and SMT solvers). See the Sledgehammer
  2294     manual \cite{isabelle-sledgehammer} for details.
  2295 
  2296   \item \hyperlink{command.HOL.sledgehammer-params}{\mbox{\isa{\isacommand{sledgehammer{\isaliteral{5F}{\isacharunderscore}}params}}}} changes
  2297     \hyperlink{command.HOL.sledgehammer}{\mbox{\isa{\isacommand{sledgehammer}}}} configuration options persistently.
  2298 
  2299   \end{description}%
  2300 \end{isamarkuptext}%
  2301 \isamarkuptrue%
  2302 %
  2303 \isamarkupsection{Checking and refuting propositions%
  2304 }
  2305 \isamarkuptrue%
  2306 %
  2307 \begin{isamarkuptext}%
  2308 Identifying incorrect propositions usually involves evaluation of
  2309   particular assignments and systematic counterexample search.  This
  2310   is supported by the following commands.
  2311 
  2312   \begin{matharray}{rcl}
  2313     \indexdef{HOL}{command}{value}\hypertarget{command.HOL.value}{\hyperlink{command.HOL.value}{\mbox{\isa{\isacommand{value}}}}}\isa{{\isaliteral{22}{\isachardoublequote}}\isaliteral{5C3C5E7375703E}{}\isactrlsup {\isaliteral{2A}{\isacharasterisk}}{\isaliteral{22}{\isachardoublequote}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}context\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}{\isaliteral{22}{\isachardoublequote}}} \\
  2314     \indexdef{HOL}{command}{values}\hypertarget{command.HOL.values}{\hyperlink{command.HOL.values}{\mbox{\isa{\isacommand{values}}}}}\isa{{\isaliteral{22}{\isachardoublequote}}\isaliteral{5C3C5E7375703E}{}\isactrlsup {\isaliteral{2A}{\isacharasterisk}}{\isaliteral{22}{\isachardoublequote}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}context\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}{\isaliteral{22}{\isachardoublequote}}} \\
  2315     \indexdef{HOL}{command}{quickcheck}\hypertarget{command.HOL.quickcheck}{\hyperlink{command.HOL.quickcheck}{\mbox{\isa{\isacommand{quickcheck}}}}}\isa{{\isaliteral{22}{\isachardoublequote}}\isaliteral{5C3C5E7375703E}{}\isactrlsup {\isaliteral{2A}{\isacharasterisk}}{\isaliteral{22}{\isachardoublequote}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}proof\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}{\isaliteral{22}{\isachardoublequote}}} \\
  2316     \indexdef{HOL}{command}{refute}\hypertarget{command.HOL.refute}{\hyperlink{command.HOL.refute}{\mbox{\isa{\isacommand{refute}}}}}\isa{{\isaliteral{22}{\isachardoublequote}}\isaliteral{5C3C5E7375703E}{}\isactrlsup {\isaliteral{2A}{\isacharasterisk}}{\isaliteral{22}{\isachardoublequote}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}proof\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}{\isaliteral{22}{\isachardoublequote}}} \\
  2317     \indexdef{HOL}{command}{nitpick}\hypertarget{command.HOL.nitpick}{\hyperlink{command.HOL.nitpick}{\mbox{\isa{\isacommand{nitpick}}}}}\isa{{\isaliteral{22}{\isachardoublequote}}\isaliteral{5C3C5E7375703E}{}\isactrlsup {\isaliteral{2A}{\isacharasterisk}}{\isaliteral{22}{\isachardoublequote}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}proof\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}{\isaliteral{22}{\isachardoublequote}}} \\
  2318     \indexdef{HOL}{command}{quickcheck\_params}\hypertarget{command.HOL.quickcheck-params}{\hyperlink{command.HOL.quickcheck-params}{\mbox{\isa{\isacommand{quickcheck{\isaliteral{5F}{\isacharunderscore}}params}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ theory{\isaliteral{22}{\isachardoublequote}}} \\
  2319     \indexdef{HOL}{command}{refute\_params}\hypertarget{command.HOL.refute-params}{\hyperlink{command.HOL.refute-params}{\mbox{\isa{\isacommand{refute{\isaliteral{5F}{\isacharunderscore}}params}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ theory{\isaliteral{22}{\isachardoublequote}}} \\
  2320     \indexdef{HOL}{command}{nitpick\_params}\hypertarget{command.HOL.nitpick-params}{\hyperlink{command.HOL.nitpick-params}{\mbox{\isa{\isacommand{nitpick{\isaliteral{5F}{\isacharunderscore}}params}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ theory{\isaliteral{22}{\isachardoublequote}}} \\
  2321     \indexdef{HOL}{command}{quickcheck\_generator}\hypertarget{command.HOL.quickcheck-generator}{\hyperlink{command.HOL.quickcheck-generator}{\mbox{\isa{\isacommand{quickcheck{\isaliteral{5F}{\isacharunderscore}}generator}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ theory{\isaliteral{22}{\isachardoublequote}}}
  2322   \end{matharray}
  2323 
  2324   \begin{railoutput}
  2325 \rail@begin{2}{}
  2326 \rail@term{\hyperlink{command.HOL.value}{\mbox{\isa{\isacommand{value}}}}}[]
  2327 \rail@bar
  2328 \rail@nextbar{1}
  2329 \rail@term{\isa{{\isaliteral{5B}{\isacharbrackleft}}}}[]
  2330 \rail@nont{\isa{name}}[]
  2331 \rail@term{\isa{{\isaliteral{5D}{\isacharbrackright}}}}[]
  2332 \rail@endbar
  2333 \rail@bar
  2334 \rail@nextbar{1}
  2335 \rail@nont{\isa{modes}}[]
  2336 \rail@endbar
  2337 \rail@nont{\hyperlink{syntax.term}{\mbox{\isa{term}}}}[]
  2338 \rail@end
  2339 \rail@begin{2}{}
  2340 \rail@term{\hyperlink{command.HOL.values}{\mbox{\isa{\isacommand{values}}}}}[]
  2341 \rail@bar
  2342 \rail@nextbar{1}
  2343 \rail@nont{\isa{modes}}[]
  2344 \rail@endbar
  2345 \rail@bar
  2346 \rail@nextbar{1}
  2347 \rail@nont{\hyperlink{syntax.nat}{\mbox{\isa{nat}}}}[]
  2348 \rail@endbar
  2349 \rail@nont{\hyperlink{syntax.term}{\mbox{\isa{term}}}}[]
  2350 \rail@end
  2351 \rail@begin{3}{}
  2352 \rail@bar
  2353 \rail@term{\hyperlink{command.HOL.quickcheck}{\mbox{\isa{\isacommand{quickcheck}}}}}[]
  2354 \rail@nextbar{1}
  2355 \rail@term{\hyperlink{command.HOL.refute}{\mbox{\isa{\isacommand{refute}}}}}[]
  2356 \rail@nextbar{2}
  2357 \rail@term{\hyperlink{command.HOL.nitpick}{\mbox{\isa{\isacommand{nitpick}}}}}[]
  2358 \rail@endbar
  2359 \rail@bar
  2360 \rail@nextbar{1}
  2361 \rail@term{\isa{{\isaliteral{5B}{\isacharbrackleft}}}}[]
  2362 \rail@nont{\isa{args}}[]
  2363 \rail@term{\isa{{\isaliteral{5D}{\isacharbrackright}}}}[]
  2364 \rail@endbar
  2365 \rail@bar
  2366 \rail@nextbar{1}
  2367 \rail@nont{\hyperlink{syntax.nat}{\mbox{\isa{nat}}}}[]
  2368 \rail@endbar
  2369 \rail@end
  2370 \rail@begin{3}{}
  2371 \rail@bar
  2372 \rail@term{\hyperlink{command.HOL.quickcheck-params}{\mbox{\isa{\isacommand{quickcheck{\isaliteral{5F}{\isacharunderscore}}params}}}}}[]
  2373 \rail@nextbar{1}
  2374 \rail@term{\hyperlink{command.HOL.refute-params}{\mbox{\isa{\isacommand{refute{\isaliteral{5F}{\isacharunderscore}}params}}}}}[]
  2375 \rail@nextbar{2}
  2376 \rail@term{\hyperlink{command.HOL.nitpick-params}{\mbox{\isa{\isacommand{nitpick{\isaliteral{5F}{\isacharunderscore}}params}}}}}[]
  2377 \rail@endbar
  2378 \rail@bar
  2379 \rail@nextbar{1}
  2380 \rail@term{\isa{{\isaliteral{5B}{\isacharbrackleft}}}}[]
  2381 \rail@nont{\isa{args}}[]
  2382 \rail@term{\isa{{\isaliteral{5D}{\isacharbrackright}}}}[]
  2383 \rail@endbar
  2384 \rail@end
  2385 \rail@begin{4}{}
  2386 \rail@term{\hyperlink{command.HOL.quickcheck-generator}{\mbox{\isa{\isacommand{quickcheck{\isaliteral{5F}{\isacharunderscore}}generator}}}}}[]
  2387 \rail@nont{\isa{typeconstructor}}[]
  2388 \rail@cr{2}
  2389 \rail@term{\isa{operations{\isaliteral{3A}{\isacharcolon}}}}[]
  2390 \rail@plus
  2391 \rail@nont{\hyperlink{syntax.term}{\mbox{\isa{term}}}}[]
  2392 \rail@nextplus{3}
  2393 \rail@endplus
  2394 \rail@end
  2395 \rail@begin{2}{\isa{modes}}
  2396 \rail@term{\isa{{\isaliteral{28}{\isacharparenleft}}}}[]
  2397 \rail@plus
  2398 \rail@nont{\hyperlink{syntax.name}{\mbox{\isa{name}}}}[]
  2399 \rail@nextplus{1}
  2400 \rail@endplus
  2401 \rail@term{\isa{{\isaliteral{29}{\isacharparenright}}}}[]
  2402 \rail@end
  2403 \rail@begin{2}{\isa{args}}
  2404 \rail@plus
  2405 \rail@nont{\hyperlink{syntax.name}{\mbox{\isa{name}}}}[]
  2406 \rail@term{\isa{{\isaliteral{3D}{\isacharequal}}}}[]
  2407 \rail@nont{\isa{value}}[]
  2408 \rail@nextplus{1}
  2409 \rail@cterm{\isa{{\isaliteral{2C}{\isacharcomma}}}}[]
  2410 \rail@endplus
  2411 \rail@end
  2412 \end{railoutput}
  2413  % FIXME check "value"
  2414 
  2415   \begin{description}
  2416 
  2417   \item \hyperlink{command.HOL.value}{\mbox{\isa{\isacommand{value}}}}~\isa{t} evaluates and prints a
  2418     term; optionally \isa{modes} can be specified, which are
  2419     appended to the current print mode; see \secref{sec:print-modes}.
  2420     Internally, the evaluation is performed by registered evaluators,
  2421     which are invoked sequentially until a result is returned.
  2422     Alternatively a specific evaluator can be selected using square
  2423     brackets; typical evaluators use the current set of code equations
  2424     to normalize and include \isa{simp} for fully symbolic
  2425     evaluation using the simplifier, \isa{nbe} for
  2426     \emph{normalization by evaluation} and \emph{code} for code
  2427     generation in SML.
  2428 
  2429   \item \hyperlink{command.HOL.values}{\mbox{\isa{\isacommand{values}}}}~\isa{t} enumerates a set comprehension
  2430     by evaluation and prints its values up to the given number of solutions;  
  2431     optionally \isa{modes} can be specified, which are
  2432     appended to the current print mode; see \secref{sec:print-modes}.
  2433 
  2434   \item \hyperlink{command.HOL.quickcheck}{\mbox{\isa{\isacommand{quickcheck}}}} tests the current goal for
  2435     counterexamples using a series of assignments for its
  2436     free variables; by default the first subgoal is tested, an other
  2437     can be selected explicitly using an optional goal index.
  2438     Assignments can be chosen exhausting the search space upto a given
  2439     size, or using a fixed number of random assignments in the search space,
  2440     or exploring the search space symbolically using narrowing.
  2441     By default, quickcheck uses exhaustive testing.
  2442     A number of configuration options are supported for
  2443     \hyperlink{command.HOL.quickcheck}{\mbox{\isa{\isacommand{quickcheck}}}}, notably:
  2444 
  2445     \begin{description}
  2446 
  2447     \item[\isa{tester}] specifies which testing approach to apply.
  2448       There are three testers, \isa{exhaustive},
  2449       \isa{random}, and \isa{narrowing}.
  2450       An unknown configuration option is treated as an argument to tester,
  2451       making \isa{{\isaliteral{22}{\isachardoublequote}}tester\ {\isaliteral{3D}{\isacharequal}}{\isaliteral{22}{\isachardoublequote}}} optional.
  2452       When multiple testers are given, these are applied in parallel. 
  2453       If no tester is specified, quickcheck uses the testers that are
  2454       set active, i.e., configurations
  2455       \isa{quickcheck{\isaliteral{5F}{\isacharunderscore}}exhaustive{\isaliteral{5F}{\isacharunderscore}}active}, \isa{quickcheck{\isaliteral{5F}{\isacharunderscore}}random{\isaliteral{5F}{\isacharunderscore}}active},
  2456       \isa{quickcheck{\isaliteral{5F}{\isacharunderscore}}narrowing{\isaliteral{5F}{\isacharunderscore}}active} are set to true.
  2457     \item[\isa{size}] specifies the maximum size of the search space
  2458     for assignment values.
  2459 
  2460     \item[\isa{genuine{\isaliteral{5F}{\isacharunderscore}}only}] sets quickcheck only to return genuine
  2461       counterexample, but not potentially spurious counterexamples due
  2462       to underspecified functions.
  2463     
  2464     \item[\isa{eval}] takes a term or a list of terms and evaluates
  2465       these terms under the variable assignment found by quickcheck.
  2466 
  2467     \item[\isa{iterations}] sets how many sets of assignments are
  2468     generated for each particular size.
  2469 
  2470     \item[\isa{no{\isaliteral{5F}{\isacharunderscore}}assms}] specifies whether assumptions in
  2471     structured proofs should be ignored.
  2472 
  2473     \item[\isa{timeout}] sets the time limit in seconds.
  2474 
  2475     \item[\isa{default{\isaliteral{5F}{\isacharunderscore}}type}] sets the type(s) generally used to
  2476     instantiate type variables.
  2477 
  2478     \item[\isa{report}] if set quickcheck reports how many tests
  2479     fulfilled the preconditions.
  2480 
  2481     \item[\isa{quiet}] if set quickcheck does not output anything
  2482     while testing.
  2483     
  2484     \item[\isa{verbose}] if set quickcheck informs about the
  2485     current size and cardinality while testing.
  2486 
  2487     \item[\isa{expect}] can be used to check if the user's
  2488     expectation was met (\isa{no{\isaliteral{5F}{\isacharunderscore}}expectation}, \isa{no{\isaliteral{5F}{\isacharunderscore}}counterexample}, or \isa{counterexample}).
  2489 
  2490     \end{description}
  2491 
  2492     These option can be given within square brackets.
  2493 
  2494   \item \hyperlink{command.HOL.quickcheck-params}{\mbox{\isa{\isacommand{quickcheck{\isaliteral{5F}{\isacharunderscore}}params}}}} changes
  2495     \hyperlink{command.HOL.quickcheck}{\mbox{\isa{\isacommand{quickcheck}}}} configuration options persistently.
  2496 
  2497   \item \hyperlink{command.HOL.quickcheck-generator}{\mbox{\isa{\isacommand{quickcheck{\isaliteral{5F}{\isacharunderscore}}generator}}}} creates random and
  2498     exhaustive value generators for a given type and operations.
  2499     It generates values by using the operations as if they were
  2500     constructors of that type.
  2501 
  2502   \item \hyperlink{command.HOL.refute}{\mbox{\isa{\isacommand{refute}}}} tests the current goal for
  2503     counterexamples using a reduction to SAT. The following configuration
  2504     options are supported:
  2505 
  2506     \begin{description}
  2507 
  2508     \item[\isa{minsize}] specifies the minimum size (cardinality) of the
  2509       models to search for.
  2510 
  2511     \item[\isa{maxsize}] specifies the maximum size (cardinality) of the
  2512       models to search for. Nonpositive values mean $\infty$.
  2513 
  2514     \item[\isa{maxvars}] specifies the maximum number of Boolean variables
  2515     to use when transforming the term into a propositional formula.
  2516     Nonpositive values mean $\infty$.
  2517 
  2518     \item[\isa{satsolver}] specifies the SAT solver to use.
  2519 
  2520     \item[\isa{no{\isaliteral{5F}{\isacharunderscore}}assms}] specifies whether assumptions in
  2521     structured proofs should be ignored.
  2522 
  2523     \item[\isa{maxtime}] sets the time limit in seconds.
  2524 
  2525     \item[\isa{expect}] can be used to check if the user's
  2526     expectation was met (\isa{genuine}, \isa{potential},
  2527     \isa{none}, or \isa{unknown}).
  2528 
  2529     \end{description}
  2530 
  2531     These option can be given within square brackets.
  2532 
  2533   \item \hyperlink{command.HOL.refute-params}{\mbox{\isa{\isacommand{refute{\isaliteral{5F}{\isacharunderscore}}params}}}} changes
  2534     \hyperlink{command.HOL.refute}{\mbox{\isa{\isacommand{refute}}}} configuration options persistently.
  2535 
  2536   \item \hyperlink{command.HOL.nitpick}{\mbox{\isa{\isacommand{nitpick}}}} tests the current goal for counterexamples
  2537     using a reduction to first-order relational logic. See the Nitpick manual
  2538     \cite{isabelle-nitpick} for details.
  2539 
  2540   \item \hyperlink{command.HOL.nitpick-params}{\mbox{\isa{\isacommand{nitpick{\isaliteral{5F}{\isacharunderscore}}params}}}} changes
  2541     \hyperlink{command.HOL.nitpick}{\mbox{\isa{\isacommand{nitpick}}}} configuration options persistently.
  2542 
  2543   \end{description}%
  2544 \end{isamarkuptext}%
  2545 \isamarkuptrue%
  2546 %
  2547 \isamarkupsection{Unstructured case analysis and induction \label{sec:hol-induct-tac}%
  2548 }
  2549 \isamarkuptrue%
  2550 %
  2551 \begin{isamarkuptext}%
  2552 The following tools of Isabelle/HOL support cases analysis and
  2553   induction in unstructured tactic scripts; see also
  2554   \secref{sec:cases-induct} for proper Isar versions of similar ideas.
  2555 
  2556   \begin{matharray}{rcl}
  2557     \indexdef{HOL}{method}{case\_tac}\hypertarget{method.HOL.case-tac}{\hyperlink{method.HOL.case-tac}{\mbox{\isa{case{\isaliteral{5F}{\isacharunderscore}}tac}}}}\isa{{\isaliteral{22}{\isachardoublequote}}\isaliteral{5C3C5E7375703E}{}\isactrlsup {\isaliteral{2A}{\isacharasterisk}}{\isaliteral{22}{\isachardoublequote}}} & : & \isa{method} \\
  2558     \indexdef{HOL}{method}{induct\_tac}\hypertarget{method.HOL.induct-tac}{\hyperlink{method.HOL.induct-tac}{\mbox{\isa{induct{\isaliteral{5F}{\isacharunderscore}}tac}}}}\isa{{\isaliteral{22}{\isachardoublequote}}\isaliteral{5C3C5E7375703E}{}\isactrlsup {\isaliteral{2A}{\isacharasterisk}}{\isaliteral{22}{\isachardoublequote}}} & : & \isa{method} \\
  2559     \indexdef{HOL}{method}{ind\_cases}\hypertarget{method.HOL.ind-cases}{\hyperlink{method.HOL.ind-cases}{\mbox{\isa{ind{\isaliteral{5F}{\isacharunderscore}}cases}}}}\isa{{\isaliteral{22}{\isachardoublequote}}\isaliteral{5C3C5E7375703E}{}\isactrlsup {\isaliteral{2A}{\isacharasterisk}}{\isaliteral{22}{\isachardoublequote}}} & : & \isa{method} \\
  2560     \indexdef{HOL}{command}{inductive\_cases}\hypertarget{command.HOL.inductive-cases}{\hyperlink{command.HOL.inductive-cases}{\mbox{\isa{\isacommand{inductive{\isaliteral{5F}{\isacharunderscore}}cases}}}}}\isa{{\isaliteral{22}{\isachardoublequote}}\isaliteral{5C3C5E7375703E}{}\isactrlsup {\isaliteral{2A}{\isacharasterisk}}{\isaliteral{22}{\isachardoublequote}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}local{\isaliteral{5F}{\isacharunderscore}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ local{\isaliteral{5F}{\isacharunderscore}}theory{\isaliteral{22}{\isachardoublequote}}} \\
  2561   \end{matharray}
  2562 
  2563   \begin{railoutput}
  2564 \rail@begin{2}{}
  2565 \rail@term{\hyperlink{method.HOL.case-tac}{\mbox{\isa{case{\isaliteral{5F}{\isacharunderscore}}tac}}}}[]
  2566 \rail@bar
  2567 \rail@nextbar{1}
  2568 \rail@nont{\hyperlink{syntax.goal-spec}{\mbox{\isa{goal{\isaliteral{5F}{\isacharunderscore}}spec}}}}[]
  2569 \rail@endbar
  2570 \rail@nont{\hyperlink{syntax.term}{\mbox{\isa{term}}}}[]
  2571 \rail@bar
  2572 \rail@nextbar{1}
  2573 \rail@nont{\isa{rule}}[]
  2574 \rail@endbar
  2575 \rail@end
  2576 \rail@begin{3}{}
  2577 \rail@term{\hyperlink{method.HOL.induct-tac}{\mbox{\isa{induct{\isaliteral{5F}{\isacharunderscore}}tac}}}}[]
  2578 \rail@bar
  2579 \rail@nextbar{1}
  2580 \rail@nont{\hyperlink{syntax.goal-spec}{\mbox{\isa{goal{\isaliteral{5F}{\isacharunderscore}}spec}}}}[]
  2581 \rail@endbar
  2582 \rail@bar
  2583 \rail@nextbar{1}
  2584 \rail@plus
  2585 \rail@nont{\hyperlink{syntax.insts}{\mbox{\isa{insts}}}}[]
  2586 \rail@nextplus{2}
  2587 \rail@cterm{\isa{\isakeyword{and}}}[]
  2588 \rail@endplus
  2589 \rail@endbar
  2590 \rail@bar
  2591 \rail@nextbar{1}
  2592 \rail@nont{\isa{rule}}[]
  2593 \rail@endbar
  2594 \rail@end
  2595 \rail@begin{3}{}
  2596 \rail@term{\hyperlink{method.HOL.ind-cases}{\mbox{\isa{ind{\isaliteral{5F}{\isacharunderscore}}cases}}}}[]
  2597 \rail@plus
  2598 \rail@nont{\hyperlink{syntax.prop}{\mbox{\isa{prop}}}}[]
  2599 \rail@nextplus{1}
  2600 \rail@endplus
  2601 \rail@bar
  2602 \rail@nextbar{1}
  2603 \rail@term{\isa{\isakeyword{for}}}[]
  2604 \rail@plus
  2605 \rail@nont{\hyperlink{syntax.name}{\mbox{\isa{name}}}}[]
  2606 \rail@nextplus{2}
  2607 \rail@endplus
  2608 \rail@endbar
  2609 \rail@end
  2610 \rail@begin{3}{}
  2611 \rail@term{\hyperlink{command.HOL.inductive-cases}{\mbox{\isa{\isacommand{inductive{\isaliteral{5F}{\isacharunderscore}}cases}}}}}[]
  2612 \rail@plus
  2613 \rail@bar
  2614 \rail@nextbar{1}
  2615 \rail@nont{\hyperlink{syntax.thmdecl}{\mbox{\isa{thmdecl}}}}[]
  2616 \rail@endbar
  2617 \rail@plus
  2618 \rail@nont{\hyperlink{syntax.prop}{\mbox{\isa{prop}}}}[]
  2619 \rail@nextplus{1}
  2620 \rail@endplus
  2621 \rail@nextplus{2}
  2622 \rail@cterm{\isa{\isakeyword{and}}}[]
  2623 \rail@endplus
  2624 \rail@end
  2625 \rail@begin{1}{\isa{rule}}
  2626 \rail@term{\isa{rule}}[]
  2627 \rail@term{\isa{{\isaliteral{3A}{\isacharcolon}}}}[]
  2628 \rail@nont{\hyperlink{syntax.thmref}{\mbox{\isa{thmref}}}}[]
  2629 \rail@end
  2630 \end{railoutput}
  2631 
  2632 
  2633   \begin{description}
  2634 
  2635   \item \hyperlink{method.HOL.case-tac}{\mbox{\isa{case{\isaliteral{5F}{\isacharunderscore}}tac}}} and \hyperlink{method.HOL.induct-tac}{\mbox{\isa{induct{\isaliteral{5F}{\isacharunderscore}}tac}}} admit
  2636   to reason about inductive types.  Rules are selected according to
  2637   the declarations by the \hyperlink{attribute.cases}{\mbox{\isa{cases}}} and \hyperlink{attribute.induct}{\mbox{\isa{induct}}}
  2638   attributes, cf.\ \secref{sec:cases-induct}.  The \hyperlink{command.HOL.datatype}{\mbox{\isa{\isacommand{datatype}}}} package already takes care of this.
  2639 
  2640   These unstructured tactics feature both goal addressing and dynamic
  2641   instantiation.  Note that named rule cases are \emph{not} provided
  2642   as would be by the proper \hyperlink{method.cases}{\mbox{\isa{cases}}} and \hyperlink{method.induct}{\mbox{\isa{induct}}} proof
  2643   methods (see \secref{sec:cases-induct}).  Unlike the \hyperlink{method.induct}{\mbox{\isa{induct}}} method, \hyperlink{method.induct-tac}{\mbox{\isa{induct{\isaliteral{5F}{\isacharunderscore}}tac}}} does not handle structured rule
  2644   statements, only the compact object-logic conclusion of the subgoal
  2645   being addressed.
  2646 
  2647   \item \hyperlink{method.HOL.ind-cases}{\mbox{\isa{ind{\isaliteral{5F}{\isacharunderscore}}cases}}} and \hyperlink{command.HOL.inductive-cases}{\mbox{\isa{\isacommand{inductive{\isaliteral{5F}{\isacharunderscore}}cases}}}} provide an interface to the internal \verb|mk_cases| operation.  Rules are simplified in an unrestricted
  2648   forward manner.
  2649 
  2650   While \hyperlink{method.HOL.ind-cases}{\mbox{\isa{ind{\isaliteral{5F}{\isacharunderscore}}cases}}} is a proof method to apply the
  2651   result immediately as elimination rules, \hyperlink{command.HOL.inductive-cases}{\mbox{\isa{\isacommand{inductive{\isaliteral{5F}{\isacharunderscore}}cases}}}} provides case split theorems at the theory level
  2652   for later use.  The \hyperlink{keyword.for}{\mbox{\isa{\isakeyword{for}}}} argument of the \hyperlink{method.HOL.ind-cases}{\mbox{\isa{ind{\isaliteral{5F}{\isacharunderscore}}cases}}} method allows to specify a list of variables that should
  2653   be generalized before applying the resulting rule.
  2654 
  2655   \end{description}%
  2656 \end{isamarkuptext}%
  2657 \isamarkuptrue%
  2658 %
  2659 \isamarkupsection{Executable code%
  2660 }
  2661 \isamarkuptrue%
  2662 %
  2663 \begin{isamarkuptext}%
  2664 For validation purposes, it is often useful to \emph{execute}
  2665   specifications.  In principle, execution could be simulated by
  2666   Isabelle's inference kernel, i.e. by a combination of resolution and
  2667   simplification.  Unfortunately, this approach is rather inefficient.
  2668   A more efficient way of executing specifications is to translate
  2669   them into a functional programming language such as ML.
  2670 
  2671   Isabelle provides a generic framework to support code generation
  2672   from executable specifications.  Isabelle/HOL instantiates these
  2673   mechanisms in a way that is amenable to end-user applications.  Code
  2674   can be generated for functional programs (including overloading
  2675   using type classes) targeting SML \cite{SML}, OCaml \cite{OCaml},
  2676   Haskell \cite{haskell-revised-report} and Scala
  2677   \cite{scala-overview-tech-report}.  Conceptually, code generation is
  2678   split up in three steps: \emph{selection} of code theorems,
  2679   \emph{translation} into an abstract executable view and
  2680   \emph{serialization} to a specific \emph{target language}.
  2681   Inductive specifications can be executed using the predicate
  2682   compiler which operates within HOL.  See \cite{isabelle-codegen} for
  2683   an introduction.
  2684 
  2685   \begin{matharray}{rcl}
  2686     \indexdef{HOL}{command}{export\_code}\hypertarget{command.HOL.export-code}{\hyperlink{command.HOL.export-code}{\mbox{\isa{\isacommand{export{\isaliteral{5F}{\isacharunderscore}}code}}}}}\isa{{\isaliteral{22}{\isachardoublequote}}\isaliteral{5C3C5E7375703E}{}\isactrlsup {\isaliteral{2A}{\isacharasterisk}}{\isaliteral{22}{\isachardoublequote}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}context\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}{\isaliteral{22}{\isachardoublequote}}} \\
  2687     \indexdef{HOL}{attribute}{code}\hypertarget{attribute.HOL.code}{\hyperlink{attribute.HOL.code}{\mbox{\isa{code}}}} & : & \isa{attribute} \\
  2688     \indexdef{HOL}{command}{code\_abort}\hypertarget{command.HOL.code-abort}{\hyperlink{command.HOL.code-abort}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}abort}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ theory{\isaliteral{22}{\isachardoublequote}}} \\
  2689     \indexdef{HOL}{command}{code\_datatype}\hypertarget{command.HOL.code-datatype}{\hyperlink{command.HOL.code-datatype}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}datatype}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ theory{\isaliteral{22}{\isachardoublequote}}} \\
  2690     \indexdef{HOL}{command}{print\_codesetup}\hypertarget{command.HOL.print-codesetup}{\hyperlink{command.HOL.print-codesetup}{\mbox{\isa{\isacommand{print{\isaliteral{5F}{\isacharunderscore}}codesetup}}}}}\isa{{\isaliteral{22}{\isachardoublequote}}\isaliteral{5C3C5E7375703E}{}\isactrlsup {\isaliteral{2A}{\isacharasterisk}}{\isaliteral{22}{\isachardoublequote}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}context\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}{\isaliteral{22}{\isachardoublequote}}} \\
  2691     \indexdef{HOL}{attribute}{code\_unfold}\hypertarget{attribute.HOL.code-unfold}{\hyperlink{attribute.HOL.code-unfold}{\mbox{\isa{code{\isaliteral{5F}{\isacharunderscore}}unfold}}}} & : & \isa{attribute} \\
  2692     \indexdef{HOL}{attribute}{code\_post}\hypertarget{attribute.HOL.code-post}{\hyperlink{attribute.HOL.code-post}{\mbox{\isa{code{\isaliteral{5F}{\isacharunderscore}}post}}}} & : & \isa{attribute} \\
  2693     \indexdef{HOL}{attribute}{code\_abbrev}\hypertarget{attribute.HOL.code-abbrev}{\hyperlink{attribute.HOL.code-abbrev}{\mbox{\isa{code{\isaliteral{5F}{\isacharunderscore}}abbrev}}}} & : & \isa{attribute} \\
  2694     \indexdef{HOL}{command}{print\_codeproc}\hypertarget{command.HOL.print-codeproc}{\hyperlink{command.HOL.print-codeproc}{\mbox{\isa{\isacommand{print{\isaliteral{5F}{\isacharunderscore}}codeproc}}}}}\isa{{\isaliteral{22}{\isachardoublequote}}\isaliteral{5C3C5E7375703E}{}\isactrlsup {\isaliteral{2A}{\isacharasterisk}}{\isaliteral{22}{\isachardoublequote}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}context\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}{\isaliteral{22}{\isachardoublequote}}} \\
  2695     \indexdef{HOL}{command}{code\_thms}\hypertarget{command.HOL.code-thms}{\hyperlink{command.HOL.code-thms}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}thms}}}}}\isa{{\isaliteral{22}{\isachardoublequote}}\isaliteral{5C3C5E7375703E}{}\isactrlsup {\isaliteral{2A}{\isacharasterisk}}{\isaliteral{22}{\isachardoublequote}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}context\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}{\isaliteral{22}{\isachardoublequote}}} \\
  2696     \indexdef{HOL}{command}{code\_deps}\hypertarget{command.HOL.code-deps}{\hyperlink{command.HOL.code-deps}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}deps}}}}}\isa{{\isaliteral{22}{\isachardoublequote}}\isaliteral{5C3C5E7375703E}{}\isactrlsup {\isaliteral{2A}{\isacharasterisk}}{\isaliteral{22}{\isachardoublequote}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}context\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}{\isaliteral{22}{\isachardoublequote}}} \\
  2697     \indexdef{HOL}{command}{code\_const}\hypertarget{command.HOL.code-const}{\hyperlink{command.HOL.code-const}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}const}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ theory{\isaliteral{22}{\isachardoublequote}}} \\
  2698     \indexdef{HOL}{command}{code\_type}\hypertarget{command.HOL.code-type}{\hyperlink{command.HOL.code-type}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}type}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ theory{\isaliteral{22}{\isachardoublequote}}} \\
  2699     \indexdef{HOL}{command}{code\_class}\hypertarget{command.HOL.code-class}{\hyperlink{command.HOL.code-class}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}class}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ theory{\isaliteral{22}{\isachardoublequote}}} \\
  2700     \indexdef{HOL}{command}{code\_instance}\hypertarget{command.HOL.code-instance}{\hyperlink{command.HOL.code-instance}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}instance}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ theory{\isaliteral{22}{\isachardoublequote}}} \\
  2701     \indexdef{HOL}{command}{code\_reserved}\hypertarget{command.HOL.code-reserved}{\hyperlink{command.HOL.code-reserved}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}reserved}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ theory{\isaliteral{22}{\isachardoublequote}}} \\
  2702     \indexdef{HOL}{command}{code\_monad}\hypertarget{command.HOL.code-monad}{\hyperlink{command.HOL.code-monad}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}monad}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ theory{\isaliteral{22}{\isachardoublequote}}} \\
  2703     \indexdef{HOL}{command}{code\_include}\hypertarget{command.HOL.code-include}{\hyperlink{command.HOL.code-include}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}include}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ theory{\isaliteral{22}{\isachardoublequote}}} \\
  2704     \indexdef{HOL}{command}{code\_modulename}\hypertarget{command.HOL.code-modulename}{\hyperlink{command.HOL.code-modulename}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}modulename}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ theory{\isaliteral{22}{\isachardoublequote}}} \\
  2705     \indexdef{HOL}{command}{code\_reflect}\hypertarget{command.HOL.code-reflect}{\hyperlink{command.HOL.code-reflect}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}reflect}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ theory{\isaliteral{22}{\isachardoublequote}}} \\
  2706     \indexdef{HOL}{command}{code\_pred}\hypertarget{command.HOL.code-pred}{\hyperlink{command.HOL.code-pred}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}pred}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ proof{\isaliteral{28}{\isacharparenleft}}prove{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}}
  2707   \end{matharray}
  2708 
  2709   \begin{railoutput}
  2710 \rail@begin{11}{}
  2711 \rail@term{\hyperlink{command.HOL.export-code}{\mbox{\isa{\isacommand{export{\isaliteral{5F}{\isacharunderscore}}code}}}}}[]
  2712 \rail@plus
  2713 \rail@nont{\isa{constexpr}}[]
  2714 \rail@nextplus{1}
  2715 \rail@endplus
  2716 \rail@cr{3}
  2717 \rail@bar
  2718 \rail@nextbar{4}
  2719 \rail@plus
  2720 \rail@term{\isa{\isakeyword{in}}}[]
  2721 \rail@nont{\isa{target}}[]
  2722 \rail@bar
  2723 \rail@nextbar{5}
  2724 \rail@term{\isa{\isakeyword{module{\isaliteral{5F}{\isacharunderscore}}name}}}[]
  2725 \rail@nont{\hyperlink{syntax.string}{\mbox{\isa{string}}}}[]
  2726 \rail@endbar
  2727 \rail@cr{7}
  2728 \rail@bar
  2729 \rail@nextbar{8}
  2730 \rail@term{\isa{\isakeyword{file}}}[]
  2731 \rail@bar
  2732 \rail@nont{\hyperlink{syntax.string}{\mbox{\isa{string}}}}[]
  2733 \rail@nextbar{9}
  2734 \rail@term{\isa{{\isaliteral{2D}{\isacharminus}}}}[]
  2735 \rail@endbar
  2736 \rail@endbar
  2737 \rail@bar
  2738 \rail@nextbar{8}
  2739 \rail@term{\isa{{\isaliteral{28}{\isacharparenleft}}}}[]
  2740 \rail@nont{\isa{args}}[]
  2741 \rail@term{\isa{{\isaliteral{29}{\isacharparenright}}}}[]
  2742 \rail@endbar
  2743 \rail@nextplus{10}
  2744 \rail@endplus
  2745 \rail@endbar
  2746 \rail@end
  2747 \rail@begin{1}{\isa{const}}
  2748 \rail@nont{\hyperlink{syntax.term}{\mbox{\isa{term}}}}[]
  2749 \rail@end
  2750 \rail@begin{3}{\isa{constexpr}}
  2751 \rail@bar
  2752 \rail@nont{\isa{const}}[]
  2753 \rail@nextbar{1}
  2754 \rail@term{\isa{name{\isaliteral{2E}{\isachardot}}{\isaliteral{5F}{\isacharunderscore}}}}[]
  2755 \rail@nextbar{2}
  2756 \rail@term{\isa{{\isaliteral{5F}{\isacharunderscore}}}}[]
  2757 \rail@endbar
  2758 \rail@end
  2759 \rail@begin{1}{\isa{typeconstructor}}
  2760 \rail@nont{\hyperlink{syntax.nameref}{\mbox{\isa{nameref}}}}[]
  2761 \rail@end
  2762 \rail@begin{1}{\isa{class}}
  2763 \rail@nont{\hyperlink{syntax.nameref}{\mbox{\isa{nameref}}}}[]
  2764 \rail@end
  2765 \rail@begin{4}{\isa{target}}
  2766 \rail@bar
  2767 \rail@term{\isa{SML}}[]
  2768 \rail@nextbar{1}
  2769 \rail@term{\isa{OCaml}}[]
  2770 \rail@nextbar{2}
  2771 \rail@term{\isa{Haskell}}[]
  2772 \rail@nextbar{3}
  2773 \rail@term{\isa{Scala}}[]
  2774 \rail@endbar
  2775 \rail@end
  2776 \rail@begin{4}{}
  2777 \rail@term{\hyperlink{attribute.HOL.code}{\mbox{\isa{code}}}}[]
  2778 \rail@bar
  2779 \rail@nextbar{1}
  2780 \rail@bar
  2781 \rail@term{\isa{del}}[]
  2782 \rail@nextbar{2}
  2783 \rail@term{\isa{abstype}}[]
  2784 \rail@nextbar{3}
  2785 \rail@term{\isa{abstract}}[]
  2786 \rail@endbar
  2787 \rail@endbar
  2788 \rail@end
  2789 \rail@begin{2}{}
  2790 \rail@term{\hyperlink{command.HOL.code-abort}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}abort}}}}}[]
  2791 \rail@plus
  2792 \rail@nont{\isa{const}}[]
  2793 \rail@nextplus{1}
  2794 \rail@endplus
  2795 \rail@end
  2796 \rail@begin{2}{}
  2797 \rail@term{\hyperlink{command.HOL.code-datatype}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}datatype}}}}}[]
  2798 \rail@plus
  2799 \rail@nont{\isa{const}}[]
  2800 \rail@nextplus{1}
  2801 \rail@endplus
  2802 \rail@end
  2803 \rail@begin{2}{}
  2804 \rail@term{\hyperlink{attribute.HOL.code-unfold}{\mbox{\isa{code{\isaliteral{5F}{\isacharunderscore}}unfold}}}}[]
  2805 \rail@bar
  2806 \rail@nextbar{1}
  2807 \rail@term{\isa{del}}[]
  2808 \rail@endbar
  2809 \rail@end
  2810 \rail@begin{2}{}
  2811 \rail@term{\hyperlink{attribute.HOL.code-post}{\mbox{\isa{code{\isaliteral{5F}{\isacharunderscore}}post}}}}[]
  2812 \rail@bar
  2813 \rail@nextbar{1}
  2814 \rail@term{\isa{del}}[]
  2815 \rail@endbar
  2816 \rail@end
  2817 \rail@begin{1}{}
  2818 \rail@term{\hyperlink{attribute.HOL.code-abbrev}{\mbox{\isa{code{\isaliteral{5F}{\isacharunderscore}}abbrev}}}}[]
  2819 \rail@end
  2820 \rail@begin{3}{}
  2821 \rail@term{\hyperlink{command.HOL.code-thms}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}thms}}}}}[]
  2822 \rail@bar
  2823 \rail@nextbar{1}
  2824 \rail@plus
  2825 \rail@nont{\isa{constexpr}}[]
  2826 \rail@nextplus{2}
  2827 \rail@endplus
  2828 \rail@endbar
  2829 \rail@end
  2830 \rail@begin{3}{}
  2831 \rail@term{\hyperlink{command.HOL.code-deps}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}deps}}}}}[]
  2832 \rail@bar
  2833 \rail@nextbar{1}
  2834 \rail@plus
  2835 \rail@nont{\isa{constexpr}}[]
  2836 \rail@nextplus{2}
  2837 \rail@endplus
  2838 \rail@endbar
  2839 \rail@end
  2840 \rail@begin{7}{}
  2841 \rail@term{\hyperlink{command.HOL.code-const}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}const}}}}}[]
  2842 \rail@plus
  2843 \rail@nont{\isa{const}}[]
  2844 \rail@nextplus{1}
  2845 \rail@cterm{\isa{\isakeyword{and}}}[]
  2846 \rail@endplus
  2847 \rail@cr{3}
  2848 \rail@plus
  2849 \rail@term{\isa{{\isaliteral{28}{\isacharparenleft}}}}[]
  2850 \rail@nont{\isa{target}}[]
  2851 \rail@plus
  2852 \rail@bar
  2853 \rail@nextbar{4}
  2854 \rail@nont{\isa{syntax}}[]
  2855 \rail@endbar
  2856 \rail@nextplus{5}
  2857 \rail@cterm{\isa{\isakeyword{and}}}[]
  2858 \rail@endplus
  2859 \rail@term{\isa{{\isaliteral{29}{\isacharparenright}}}}[]
  2860 \rail@nextplus{6}
  2861 \rail@endplus
  2862 \rail@end
  2863 \rail@begin{7}{}
  2864 \rail@term{\hyperlink{command.HOL.code-type}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}type}}}}}[]
  2865 \rail@plus
  2866 \rail@nont{\isa{typeconstructor}}[]
  2867 \rail@nextplus{1}
  2868 \rail@cterm{\isa{\isakeyword{and}}}[]
  2869 \rail@endplus
  2870 \rail@cr{3}
  2871 \rail@plus
  2872 \rail@term{\isa{{\isaliteral{28}{\isacharparenleft}}}}[]
  2873 \rail@nont{\isa{target}}[]
  2874 \rail@plus
  2875 \rail@bar
  2876 \rail@nextbar{4}
  2877 \rail@nont{\isa{syntax}}[]
  2878 \rail@endbar
  2879 \rail@nextplus{5}
  2880 \rail@cterm{\isa{\isakeyword{and}}}[]
  2881 \rail@endplus
  2882 \rail@term{\isa{{\isaliteral{29}{\isacharparenright}}}}[]
  2883 \rail@nextplus{6}
  2884 \rail@endplus
  2885 \rail@end
  2886 \rail@begin{9}{}
  2887 \rail@term{\hyperlink{command.HOL.code-class}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}class}}}}}[]
  2888 \rail@plus
  2889 \rail@nont{\isa{class}}[]
  2890 \rail@nextplus{1}
  2891 \rail@cterm{\isa{\isakeyword{and}}}[]
  2892 \rail@endplus
  2893 \rail@cr{3}
  2894 \rail@plus
  2895 \rail@term{\isa{{\isaliteral{28}{\isacharparenleft}}}}[]
  2896 \rail@nont{\isa{target}}[]
  2897 \rail@cr{5}
  2898 \rail@plus
  2899 \rail@bar
  2900 \rail@nextbar{6}
  2901 \rail@nont{\hyperlink{syntax.string}{\mbox{\isa{string}}}}[]
  2902 \rail@endbar
  2903 \rail@nextplus{7}
  2904 \rail@cterm{\isa{\isakeyword{and}}}[]
  2905 \rail@endplus
  2906 \rail@term{\isa{{\isaliteral{29}{\isacharparenright}}}}[]
  2907 \rail@nextplus{8}
  2908 \rail@endplus
  2909 \rail@end
  2910 \rail@begin{7}{}
  2911 \rail@term{\hyperlink{command.HOL.code-instance}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}instance}}}}}[]
  2912 \rail@plus
  2913 \rail@nont{\isa{typeconstructor}}[]
  2914 \rail@term{\isa{{\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}}}[]
  2915 \rail@nont{\isa{class}}[]
  2916 \rail@nextplus{1}
  2917 \rail@cterm{\isa{\isakeyword{and}}}[]
  2918 \rail@endplus
  2919 \rail@cr{3}
  2920 \rail@plus
  2921 \rail@term{\isa{{\isaliteral{28}{\isacharparenleft}}}}[]
  2922 \rail@nont{\isa{target}}[]
  2923 \rail@plus
  2924 \rail@bar
  2925 \rail@nextbar{4}
  2926 \rail@term{\isa{{\isaliteral{2D}{\isacharminus}}}}[]
  2927 \rail@endbar
  2928 \rail@nextplus{5}
  2929 \rail@cterm{\isa{\isakeyword{and}}}[]
  2930 \rail@endplus
  2931 \rail@term{\isa{{\isaliteral{29}{\isacharparenright}}}}[]
  2932 \rail@nextplus{6}
  2933 \rail@endplus
  2934 \rail@end
  2935 \rail@begin{2}{}
  2936 \rail@term{\hyperlink{command.HOL.code-reserved}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}reserved}}}}}[]
  2937 \rail@nont{\isa{target}}[]
  2938 \rail@plus
  2939 \rail@nont{\hyperlink{syntax.string}{\mbox{\isa{string}}}}[]
  2940 \rail@nextplus{1}
  2941 \rail@endplus
  2942 \rail@end
  2943 \rail@begin{1}{}
  2944 \rail@term{\hyperlink{command.HOL.code-monad}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}monad}}}}}[]
  2945 \rail@nont{\isa{const}}[]
  2946 \rail@nont{\isa{const}}[]
  2947 \rail@nont{\isa{target}}[]
  2948 \rail@end
  2949 \rail@begin{2}{}
  2950 \rail@term{\hyperlink{command.HOL.code-include}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}include}}}}}[]
  2951 \rail@nont{\isa{target}}[]
  2952 \rail@nont{\hyperlink{syntax.string}{\mbox{\isa{string}}}}[]
  2953 \rail@bar
  2954 \rail@nont{\hyperlink{syntax.string}{\mbox{\isa{string}}}}[]
  2955 \rail@nextbar{1}
  2956 \rail@term{\isa{{\isaliteral{2D}{\isacharminus}}}}[]
  2957 \rail@endbar
  2958 \rail@end
  2959 \rail@begin{2}{}
  2960 \rail@term{\hyperlink{command.HOL.code-modulename}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}modulename}}}}}[]
  2961 \rail@nont{\isa{target}}[]
  2962 \rail@plus
  2963 \rail@nont{\hyperlink{syntax.string}{\mbox{\isa{string}}}}[]
  2964 \rail@nont{\hyperlink{syntax.string}{\mbox{\isa{string}}}}[]
  2965 \rail@nextplus{1}
  2966 \rail@endplus
  2967 \rail@end
  2968 \rail@begin{11}{}
  2969 \rail@term{\hyperlink{command.HOL.code-reflect}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}reflect}}}}}[]
  2970 \rail@nont{\hyperlink{syntax.string}{\mbox{\isa{string}}}}[]
  2971 \rail@cr{2}
  2972 \rail@bar
  2973 \rail@nextbar{3}
  2974 \rail@term{\isa{\isakeyword{datatypes}}}[]
  2975 \rail@nont{\hyperlink{syntax.string}{\mbox{\isa{string}}}}[]
  2976 \rail@term{\isa{{\isaliteral{3D}{\isacharequal}}}}[]
  2977 \rail@bar
  2978 \rail@term{\isa{{\isaliteral{5F}{\isacharunderscore}}}}[]
  2979 \rail@nextbar{4}
  2980 \rail@plus
  2981 \rail@plus
  2982 \rail@nont{\hyperlink{syntax.string}{\mbox{\isa{string}}}}[]
  2983 \rail@nextplus{5}
  2984 \rail@cterm{\isa{{\isaliteral{7C}{\isacharbar}}}}[]
  2985 \rail@endplus
  2986 \rail@nextplus{6}
  2987 \rail@cterm{\isa{\isakeyword{and}}}[]
  2988 \rail@endplus
  2989 \rail@endbar
  2990 \rail@endbar
  2991 \rail@cr{8}
  2992 \rail@bar
  2993 \rail@nextbar{9}
  2994 \rail@term{\isa{\isakeyword{functions}}}[]
  2995 \rail@plus
  2996 \rail@nont{\hyperlink{syntax.string}{\mbox{\isa{string}}}}[]
  2997 \rail@nextplus{10}
  2998 \rail@endplus
  2999 \rail@endbar
  3000 \rail@bar
  3001 \rail@nextbar{9}
  3002 \rail@term{\isa{\isakeyword{file}}}[]
  3003 \rail@nont{\hyperlink{syntax.string}{\mbox{\isa{string}}}}[]
  3004 \rail@endbar
  3005 \rail@end
  3006 \rail@begin{6}{}
  3007 \rail@term{\hyperlink{command.HOL.code-pred}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}pred}}}}}[]
  3008 \rail@cr{2}
  3009 \rail@bar
  3010 \rail@nextbar{3}
  3011 \rail@term{\isa{{\isaliteral{28}{\isacharparenleft}}}}[]
  3012 \rail@term{\isa{\isakeyword{modes}}}[]
  3013 \rail@term{\isa{{\isaliteral{3A}{\isacharcolon}}}}[]
  3014 \rail@nont{\isa{modedecl}}[]
  3015 \rail@term{\isa{{\isaliteral{29}{\isacharparenright}}}}[]
  3016 \rail@endbar
  3017 \rail@cr{5}
  3018 \rail@nont{\isa{const}}[]
  3019 \rail@end
  3020 \rail@begin{4}{\isa{syntax}}
  3021 \rail@bar
  3022 \rail@nont{\hyperlink{syntax.string}{\mbox{\isa{string}}}}[]
  3023 \rail@nextbar{1}
  3024 \rail@bar
  3025 \rail@term{\isa{\isakeyword{infix}}}[]
  3026 \rail@nextbar{2}
  3027 \rail@term{\isa{\isakeyword{infixl}}}[]
  3028 \rail@nextbar{3}
  3029 \rail@term{\isa{\isakeyword{infixr}}}[]
  3030 \rail@endbar
  3031 \rail@nont{\hyperlink{syntax.nat}{\mbox{\isa{nat}}}}[]
  3032 \rail@nont{\hyperlink{syntax.string}{\mbox{\isa{string}}}}[]
  3033 \rail@endbar
  3034 \rail@end
  3035 \rail@begin{6}{\isa{modedecl}}
  3036 \rail@bar
  3037 \rail@nont{\isa{modes}}[]
  3038 \rail@nextbar{1}
  3039 \rail@nont{\isa{const}}[]
  3040 \rail@term{\isa{{\isaliteral{3A}{\isacharcolon}}}}[]
  3041 \rail@nont{\isa{modes}}[]
  3042 \rail@cr{3}
  3043 \rail@bar
  3044 \rail@nextbar{4}
  3045 \rail@term{\isa{\isakeyword{and}}}[]
  3046 \rail@plus
  3047 \rail@nont{\isa{const}}[]
  3048 \rail@term{\isa{{\isaliteral{3A}{\isacharcolon}}}}[]
  3049 \rail@nont{\isa{modes}}[]
  3050 \rail@term{\isa{\isakeyword{and}}}[]
  3051 \rail@nextplus{5}
  3052 \rail@endplus
  3053 \rail@endbar
  3054 \rail@endbar
  3055 \rail@end
  3056 \rail@begin{1}{\isa{modes}}
  3057 \rail@nont{\isa{mode}}[]
  3058 \rail@term{\isa{\isakeyword{as}}}[]
  3059 \rail@nont{\isa{const}}[]
  3060 \rail@end
  3061 \end{railoutput}
  3062 
  3063 
  3064   \begin{description}
  3065 
  3066   \item \hyperlink{command.HOL.export-code}{\mbox{\isa{\isacommand{export{\isaliteral{5F}{\isacharunderscore}}code}}}} generates code for a given list
  3067   of constants in the specified target language(s).  If no
  3068   serialization instruction is given, only abstract code is generated
  3069   internally.
  3070 
  3071   Constants may be specified by giving them literally, referring to
  3072   all executable contants within a certain theory by giving \isa{{\isaliteral{22}{\isachardoublequote}}name{\isaliteral{2E}{\isachardot}}{\isaliteral{2A}{\isacharasterisk}}{\isaliteral{22}{\isachardoublequote}}}, or referring to \emph{all} executable constants currently
  3073   available by giving \isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{2A}{\isacharasterisk}}{\isaliteral{22}{\isachardoublequote}}}.
  3074 
  3075   By default, for each involved theory one corresponding name space
  3076   module is generated.  Alternativly, a module name may be specified
  3077   after the \hyperlink{keyword.module-name}{\mbox{\isa{\isakeyword{module{\isaliteral{5F}{\isacharunderscore}}name}}}} keyword; then \emph{all} code is
  3078   placed in this module.
  3079 
  3080   For \emph{SML}, \emph{OCaml} and \emph{Scala} the file specification
  3081   refers to a single file; for \emph{Haskell}, it refers to a whole
  3082   directory, where code is generated in multiple files reflecting the
  3083   module hierarchy.  Omitting the file specification denotes standard
  3084   output.
  3085 
  3086   Serializers take an optional list of arguments in parentheses.  For
  3087   \emph{SML} and \emph{OCaml}, ``\isa{no{\isaliteral{5F}{\isacharunderscore}}signatures}`` omits
  3088   explicit module signatures.
  3089 
  3090   For \emph{Haskell} a module name prefix may be given using the
  3091   ``\isa{{\isaliteral{22}{\isachardoublequote}}root{\isaliteral{3A}{\isacharcolon}}{\isaliteral{22}{\isachardoublequote}}}'' argument; ``\isa{string{\isaliteral{5F}{\isacharunderscore}}classes}'' adds a
  3092   ``\verb|deriving (Read, Show)|'' clause to each appropriate
  3093   datatype declaration.
  3094 
  3095   \item \hyperlink{attribute.HOL.code}{\mbox{\isa{code}}} explicitly selects (or with option
  3096   ``\isa{{\isaliteral{22}{\isachardoublequote}}del{\isaliteral{22}{\isachardoublequote}}}'' deselects) a code equation for code generation.
  3097   Usually packages introducing code equations provide a reasonable
  3098   default setup for selection.  Variants \isa{{\isaliteral{22}{\isachardoublequote}}code\ abstype{\isaliteral{22}{\isachardoublequote}}} and
  3099   \isa{{\isaliteral{22}{\isachardoublequote}}code\ abstract{\isaliteral{22}{\isachardoublequote}}} declare abstract datatype certificates or
  3100   code equations on abstract datatype representations respectively.
  3101 
  3102   \item \hyperlink{command.HOL.code-abort}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}abort}}}} declares constants which are not
  3103   required to have a definition by means of code equations; if needed
  3104   these are implemented by program abort instead.
  3105 
  3106   \item \hyperlink{command.HOL.code-datatype}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}datatype}}}} specifies a constructor set
  3107   for a logical type.
  3108 
  3109   \item \hyperlink{command.HOL.print-codesetup}{\mbox{\isa{\isacommand{print{\isaliteral{5F}{\isacharunderscore}}codesetup}}}} gives an overview on
  3110   selected code equations and code generator datatypes.
  3111 
  3112   \item \hyperlink{attribute.HOL.code-unfold}{\mbox{\isa{code{\isaliteral{5F}{\isacharunderscore}}unfold}}} declares (or with option
  3113   ``\isa{{\isaliteral{22}{\isachardoublequote}}del{\isaliteral{22}{\isachardoublequote}}}'' removes) theorems which during preprocessing
  3114   are applied as rewrite rules to any code equation or evaluation
  3115   input.
  3116 
  3117   \item \hyperlink{attribute.HOL.code-post}{\mbox{\isa{code{\isaliteral{5F}{\isacharunderscore}}post}}} declares (or with option ``\isa{{\isaliteral{22}{\isachardoublequote}}del{\isaliteral{22}{\isachardoublequote}}}'' removes) theorems which are applied as rewrite rules to any
  3118   result of an evaluation.
  3119 
  3120   \item \hyperlink{attribute.HOL.code-abbrev}{\mbox{\isa{code{\isaliteral{5F}{\isacharunderscore}}abbrev}}} declares equations which are
  3121   applied as rewrite rules to any result of an evaluation and
  3122   symmetrically during preprocessing to any code equation or evaluation
  3123   input.
  3124 
  3125   \item \hyperlink{command.HOL.print-codeproc}{\mbox{\isa{\isacommand{print{\isaliteral{5F}{\isacharunderscore}}codeproc}}}} prints the setup of the code
  3126   generator preprocessor.
  3127 
  3128   \item \hyperlink{command.HOL.code-thms}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}thms}}}} prints a list of theorems
  3129   representing the corresponding program containing all given
  3130   constants after preprocessing.
  3131 
  3132   \item \hyperlink{command.HOL.code-deps}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}deps}}}} visualizes dependencies of
  3133   theorems representing the corresponding program containing all given
  3134   constants after preprocessing.
  3135 
  3136   \item \hyperlink{command.HOL.code-const}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}const}}}} associates a list of constants
  3137   with target-specific serializations; omitting a serialization
  3138   deletes an existing serialization.
  3139 
  3140   \item \hyperlink{command.HOL.code-type}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}type}}}} associates a list of type
  3141   constructors with target-specific serializations; omitting a
  3142   serialization deletes an existing serialization.
  3143 
  3144   \item \hyperlink{command.HOL.code-class}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}class}}}} associates a list of classes
  3145   with target-specific class names; omitting a serialization deletes
  3146   an existing serialization.  This applies only to \emph{Haskell}.
  3147 
  3148   \item \hyperlink{command.HOL.code-instance}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}instance}}}} declares a list of type
  3149   constructor / class instance relations as ``already present'' for a
  3150   given target.  Omitting a ``\isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{2D}{\isacharminus}}{\isaliteral{22}{\isachardoublequote}}}'' deletes an existing
  3151   ``already present'' declaration.  This applies only to
  3152   \emph{Haskell}.
  3153 
  3154   \item \hyperlink{command.HOL.code-reserved}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}reserved}}}} declares a list of names as
  3155   reserved for a given target, preventing it to be shadowed by any
  3156   generated code.
  3157 
  3158   \item \hyperlink{command.HOL.code-monad}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}monad}}}} provides an auxiliary mechanism
  3159   to generate monadic code for Haskell.
  3160 
  3161   \item \hyperlink{command.HOL.code-include}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}include}}}} adds arbitrary named content
  3162   (``include'') to generated code.  A ``\isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{2D}{\isacharminus}}{\isaliteral{22}{\isachardoublequote}}}'' as last argument
  3163   will remove an already added ``include''.
  3164 
  3165   \item \hyperlink{command.HOL.code-modulename}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}modulename}}}} declares aliasings from one
  3166   module name onto another.
  3167 
  3168   \item \hyperlink{command.HOL.code-reflect}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}reflect}}}} without a ``\isa{{\isaliteral{22}{\isachardoublequote}}file{\isaliteral{22}{\isachardoublequote}}}''
  3169   argument compiles code into the system runtime environment and
  3170   modifies the code generator setup that future invocations of system
  3171   runtime code generation referring to one of the ``\isa{{\isaliteral{22}{\isachardoublequote}}datatypes{\isaliteral{22}{\isachardoublequote}}}'' or ``\isa{{\isaliteral{22}{\isachardoublequote}}functions{\isaliteral{22}{\isachardoublequote}}}'' entities use these precompiled
  3172   entities.  With a ``\isa{{\isaliteral{22}{\isachardoublequote}}file{\isaliteral{22}{\isachardoublequote}}}'' argument, the corresponding code
  3173   is generated into that specified file without modifying the code
  3174   generator setup.
  3175 
  3176   \item \hyperlink{command.HOL.code-pred}{\mbox{\isa{\isacommand{code{\isaliteral{5F}{\isacharunderscore}}pred}}}} creates code equations for a predicate
  3177     given a set of introduction rules. Optional mode annotations determine
  3178     which arguments are supposed to be input or output. If alternative 
  3179     introduction rules are declared, one must prove a corresponding elimination
  3180     rule.
  3181 
  3182   \end{description}%
  3183 \end{isamarkuptext}%
  3184 \isamarkuptrue%
  3185 %
  3186 \isamarkupsection{Definition by specification \label{sec:hol-specification}%
  3187 }
  3188 \isamarkuptrue%
  3189 %
  3190 \begin{isamarkuptext}%
  3191 \begin{matharray}{rcl}
  3192     \indexdef{HOL}{command}{specification}\hypertarget{command.HOL.specification}{\hyperlink{command.HOL.specification}{\mbox{\isa{\isacommand{specification}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ proof{\isaliteral{28}{\isacharparenleft}}prove{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}} \\
  3193     \indexdef{HOL}{command}{ax\_specification}\hypertarget{command.HOL.ax-specification}{\hyperlink{command.HOL.ax-specification}{\mbox{\isa{\isacommand{ax{\isaliteral{5F}{\isacharunderscore}}specification}}}}} & : & \isa{{\isaliteral{22}{\isachardoublequote}}theory\ {\isaliteral{5C3C72696768746172726F773E}{\isasymrightarrow}}\ proof{\isaliteral{28}{\isacharparenleft}}prove{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}} \\
  3194   \end{matharray}
  3195 
  3196   \begin{railoutput}
  3197 \rail@begin{6}{}
  3198 \rail@bar
  3199 \rail@term{\hyperlink{command.HOL.specification}{\mbox{\isa{\isacommand{specification}}}}}[]
  3200 \rail@nextbar{1}
  3201 \rail@term{\hyperlink{command.HOL.ax-specification}{\mbox{\isa{\isacommand{ax{\isaliteral{5F}{\isacharunderscore}}specification}}}}}[]
  3202 \rail@endbar
  3203 \rail@term{\isa{{\isaliteral{28}{\isacharparenleft}}}}[]
  3204 \rail@plus
  3205 \rail@nont{\isa{decl}}[]
  3206 \rail@nextplus{1}
  3207 \rail@endplus
  3208 \rail@term{\isa{{\isaliteral{29}{\isacharparenright}}}}[]
  3209 \rail@cr{3}
  3210 \rail@plus
  3211 \rail@bar
  3212 \rail@nextbar{4}
  3213 \rail@nont{\hyperlink{syntax.thmdecl}{\mbox{\isa{thmdecl}}}}[]
  3214 \rail@endbar
  3215 \rail@nont{\hyperlink{syntax.prop}{\mbox{\isa{prop}}}}[]
  3216 \rail@nextplus{5}
  3217 \rail@endplus
  3218 \rail@end
  3219 \rail@begin{2}{\isa{decl}}
  3220 \rail@bar
  3221 \rail@nextbar{1}
  3222 \rail@nont{\hyperlink{syntax.name}{\mbox{\isa{name}}}}[]
  3223 \rail@term{\isa{{\isaliteral{3A}{\isacharcolon}}}}[]
  3224 \rail@endbar
  3225 \rail@nont{\hyperlink{syntax.term}{\mbox{\isa{term}}}}[]
  3226 \rail@term{\isa{{\isaliteral{28}{\isacharparenleft}}}}[]
  3227 \rail@term{\isa{\isakeyword{overloaded}}}[]
  3228 \rail@bar
  3229 \rail@nextbar{1}
  3230 \rail@term{\isa{{\isaliteral{29}{\isacharparenright}}}}[]
  3231 \rail@endbar
  3232 \rail@end
  3233 \end{railoutput}
  3234 
  3235 
  3236   \begin{description}
  3237 
  3238   \item \hyperlink{command.HOL.specification}{\mbox{\isa{\isacommand{specification}}}}~\isa{{\isaliteral{22}{\isachardoublequote}}decls\ {\isaliteral{5C3C7068693E}{\isasymphi}}{\isaliteral{22}{\isachardoublequote}}} sets up a
  3239   goal stating the existence of terms with the properties specified to
  3240   hold for the constants given in \isa{decls}.  After finishing the
  3241   proof, the theory will be augmented with definitions for the given
  3242   constants, as well as with theorems stating the properties for these
  3243   constants.
  3244 
  3245   \item \hyperlink{command.HOL.ax-specification}{\mbox{\isa{\isacommand{ax{\isaliteral{5F}{\isacharunderscore}}specification}}}}~\isa{{\isaliteral{22}{\isachardoublequote}}decls\ {\isaliteral{5C3C7068693E}{\isasymphi}}{\isaliteral{22}{\isachardoublequote}}} sets up
  3246   a goal stating the existence of terms with the properties specified
  3247   to hold for the constants given in \isa{decls}.  After finishing
  3248   the proof, the theory will be augmented with axioms expressing the
  3249   properties given in the first place.
  3250 
  3251   \item \isa{decl} declares a constant to be defined by the
  3252   specification given.  The definition for the constant \isa{c} is
  3253   bound to the name \isa{c{\isaliteral{5F}{\isacharunderscore}}def} unless a theorem name is given in
  3254   the declaration.  Overloaded constants should be declared as such.
  3255 
  3256   \end{description}
  3257 
  3258   Whether to use \hyperlink{command.HOL.specification}{\mbox{\isa{\isacommand{specification}}}} or \hyperlink{command.HOL.ax-specification}{\mbox{\isa{\isacommand{ax{\isaliteral{5F}{\isacharunderscore}}specification}}}} is to some extent a matter of style.  \hyperlink{command.HOL.specification}{\mbox{\isa{\isacommand{specification}}}} introduces no new axioms, and so by
  3259   construction cannot introduce inconsistencies, whereas \hyperlink{command.HOL.ax-specification}{\mbox{\isa{\isacommand{ax{\isaliteral{5F}{\isacharunderscore}}specification}}}} does introduce axioms, but only after the
  3260   user has explicitly proven it to be safe.  A practical issue must be
  3261   considered, though: After introducing two constants with the same
  3262   properties using \hyperlink{command.HOL.specification}{\mbox{\isa{\isacommand{specification}}}}, one can prove
  3263   that the two constants are, in fact, equal.  If this might be a
  3264   problem, one should use \hyperlink{command.HOL.ax-specification}{\mbox{\isa{\isacommand{ax{\isaliteral{5F}{\isacharunderscore}}specification}}}}.%
  3265 \end{isamarkuptext}%
  3266 \isamarkuptrue%
  3267 %
  3268 \isadelimtheory
  3269 %
  3270 \endisadelimtheory
  3271 %
  3272 \isatagtheory
  3273 \isacommand{end}\isamarkupfalse%
  3274 %
  3275 \endisatagtheory
  3276 {\isafoldtheory}%
  3277 %
  3278 \isadelimtheory
  3279 %
  3280 \endisadelimtheory
  3281 \isanewline
  3282 \end{isabellebody}%
  3283 %%% Local Variables:
  3284 %%% mode: latex
  3285 %%% TeX-master: "root"
  3286 %%% End: