reconstruction framework for LEO-II's TPTP proofs;
authorsultana
Wed Feb 19 15:57:02 2014 +0000 (2014-02-19)
changeset 55596928b9f677165
parent 55595 2e2e9bc7c4c6
child 55597 25d7b485df81
reconstruction framework for LEO-II's TPTP proofs;
src/HOL/ROOT
src/HOL/TPTP/TPTP_Parser/tptp_reconstruct.ML
src/HOL/TPTP/TPTP_Parser/tptp_reconstruct_library.ML
src/HOL/TPTP/TPTP_Proof_Reconstruction.thy
src/HOL/TPTP/TPTP_Proof_Reconstruction_Test.thy
src/HOL/TPTP/TPTP_Proof_Reconstruction_Test_Units.thy
     1.1 --- a/src/HOL/ROOT	Wed Feb 19 15:57:02 2014 +0000
     1.2 +++ b/src/HOL/ROOT	Wed Feb 19 15:57:02 2014 +0000
     1.3 @@ -668,6 +668,7 @@
     1.4      MaSh_Export
     1.5      TPTP_Interpret
     1.6      THF_Arith
     1.7 +    TPTP_Proof_Reconstruction
     1.8    theories
     1.9      ATP_Problem_Import
    1.10  
     2.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     2.2 +++ b/src/HOL/TPTP/TPTP_Parser/tptp_reconstruct.ML	Wed Feb 19 15:57:02 2014 +0000
     2.3 @@ -0,0 +1,1925 @@
     2.4 +(*  Title:      HOL/TPTP/TPTP_Parser/tptp_reconstruct.ML
     2.5 +    Author:     Nik Sultana, Cambridge University Computer Laboratory
     2.6 +
     2.7 +Reconstructs TPTP proofs in Isabelle/HOL.
     2.8 +Specialised to work with proofs produced by LEO-II.
     2.9 +
    2.10 +TODO
    2.11 + - Proof transformation to remove "copy" steps, and perhaps other dud inferences.
    2.12 +*)
    2.13 +
    2.14 +signature TPTP_RECONSTRUCT =
    2.15 +sig
    2.16 +  (* Interface used by TPTP_Reconstruct.thy, to define LEO-II proof reconstruction. *)
    2.17 +
    2.18 +  datatype formula_kind =
    2.19 +      Conjunctive of bool option
    2.20 +    | Disjunctive of bool option
    2.21 +    | Biimplicational of bool option
    2.22 +    | Negative of bool option
    2.23 +    | Existential of bool option * typ
    2.24 +    | Universal of bool option * typ
    2.25 +    | Equational of bool option * typ
    2.26 +    | Atomic of bool option
    2.27 +    | Implicational of bool option
    2.28 +  type formula_meaning =
    2.29 +    (string *
    2.30 +     {role : TPTP_Syntax.role,
    2.31 +      fmla : term,
    2.32 +      source_inf_opt : TPTP_Proof.source_info option})
    2.33 +  type proof_annotation =
    2.34 +    {problem_name : TPTP_Problem_Name.problem_name,
    2.35 +     skolem_defs : ((*skolem const name*)string * Binding.binding) list,
    2.36 +     defs : ((*node name*)string * Binding.binding) list,
    2.37 +     axs : ((*node name*)string * Binding.binding) list,
    2.38 +     (*info for each node (for all lines in the TPTP proof)*)
    2.39 +     meta : formula_meaning list}
    2.40 +  type rule_info =
    2.41 +    {inference_name : string, (*name of calculus rule*)
    2.42 +     inference_fmla : term, (*the inference as a term*)
    2.43 +     parents : string list}
    2.44 +
    2.45 +  exception UNPOLARISED of term
    2.46 +
    2.47 +  val remove_polarity : bool -> term -> term * bool
    2.48 +  val interpret_bindings :
    2.49 +     TPTP_Problem_Name.problem_name -> theory -> TPTP_Proof.parent_detail list -> (string * term) list -> (string * term) list
    2.50 +  val diff_and_instantiate : Proof.context -> thm -> term -> term -> thm (*FIXME from library*)
    2.51 +  val strip_top_all_vars : (string * typ) list -> term -> (string * typ) list * term
    2.52 +  val strip_top_All_vars : term -> (string * typ) list * term
    2.53 +  val strip_top_All_var : term -> (string * typ) * term
    2.54 +  val new_consts_between : term -> term -> term list
    2.55 +  val get_pannot_of_prob : theory -> TPTP_Problem_Name.problem_name -> proof_annotation
    2.56 +  val inference_at_node : 'a -> TPTP_Problem_Name.problem_name -> formula_meaning list -> string -> rule_info option
    2.57 +  val node_info : (string * 'a) list -> ('a -> 'b) -> string -> 'b
    2.58 +
    2.59 +  type step_id = string
    2.60 +  datatype rolling_stock =
    2.61 +      Step of step_id
    2.62 +    | Assumed
    2.63 +    | Unconjoin
    2.64 +    | Split of step_id (*where split occurs*) *
    2.65 +               step_id (*where split ends*) *
    2.66 +               step_id list (*children of the split*)
    2.67 +    | Synth_step of step_id (*A step which doesn't necessarily appear in
    2.68 +      the original proof, or which has been modified slightly for better
    2.69 +      handling by Isabelle*)
    2.70 +    | Annotated_step of step_id * string (*Same interpretation as
    2.71 +      "Step", except that additional information is attached. This is
    2.72 +      currently used for debugging: Steps are mapped to Annotated_steps
    2.73 +      and their rule names are included as strings*)
    2.74 +    | Definition of step_id (*Mirrors TPTP role*)
    2.75 +    | Axiom of step_id (*Mirrors TPTP role*)
    2.76 +    | Caboose
    2.77 +
    2.78 +
    2.79 +  (* Interface for using the proof reconstruction. *)
    2.80 +
    2.81 +  val import_thm : bool -> Path.T list -> Path.T -> (proof_annotation -> theory -> proof_annotation * theory) -> theory -> theory
    2.82 +  val get_fmlas_of_prob : theory -> TPTP_Problem_Name.problem_name -> TPTP_Interpret.tptp_formula_meaning list
    2.83 +  val structure_fmla_meaning : 'a * 'b * 'c * 'd -> 'a * {fmla: 'c, role: 'b, source_inf_opt: 'd}
    2.84 +  val make_skeleton : Proof.context -> proof_annotation -> rolling_stock list
    2.85 +  val naive_reconstruct_tacs :
    2.86 +     (Proof.context -> TPTP_Problem_Name.problem_name -> step_id -> thm) ->
    2.87 +     TPTP_Problem_Name.problem_name -> Proof.context -> (rolling_stock * term option * (thm * tactic) option) list
    2.88 +  val naive_reconstruct_tac :
    2.89 +     Proof.context -> (Proof.context -> TPTP_Problem_Name.problem_name -> step_id -> thm) -> TPTP_Problem_Name.problem_name -> tactic
    2.90 +  val reconstruct : Proof.context -> (TPTP_Problem_Name.problem_name -> tactic) -> TPTP_Problem_Name.problem_name -> thm
    2.91 +end
    2.92 +
    2.93 +structure TPTP_Reconstruct : TPTP_RECONSTRUCT =
    2.94 +struct
    2.95 +
    2.96 +open TPTP_Reconstruct_Library
    2.97 +open TPTP_Syntax
    2.98 +
    2.99 +(*FIXME move to more general struct*)
   2.100 +(*Extract the formulas of an imported TPTP problem -- these formulas
   2.101 +  may make up a proof*)
   2.102 +fun get_fmlas_of_prob thy prob_name : TPTP_Interpret.tptp_formula_meaning list =
   2.103 +  AList.lookup (op =) (TPTP_Interpret.get_manifests thy) prob_name
   2.104 +  |> the |> #3 (*get formulas*);
   2.105 +
   2.106 +
   2.107 +(** General **)
   2.108 +
   2.109 +(* Proof annotations *)
   2.110 +
   2.111 +(*FIXME modify TPTP_Interpret.tptp_formula_meaning into this type*)
   2.112 +type formula_meaning =
   2.113 +  (string *
   2.114 +   {role : TPTP_Syntax.role,
   2.115 +    fmla : term,
   2.116 +    source_inf_opt : TPTP_Proof.source_info option})
   2.117 +
   2.118 +fun apply_to_parent_info f
   2.119 +   (n, {role, fmla, source_inf_opt}) =
   2.120 +  let
   2.121 +    val source_inf_opt' =
   2.122 +      case source_inf_opt of
   2.123 +          NONE => NONE
   2.124 +        | SOME (TPTP_Proof.Inference (inf_name, sinfos, pinfos)) =>
   2.125 +            SOME (TPTP_Proof.Inference (inf_name, sinfos, f pinfos))
   2.126 +  in
   2.127 +   (n, {role = role, fmla = fmla, source_inf_opt = source_inf_opt'})
   2.128 +  end
   2.129 +
   2.130 +fun structure_fmla_meaning (s, r, t, info) =
   2.131 +  (s, {role = r, fmla = t, source_inf_opt = info})
   2.132 +
   2.133 +type proof_annotation =
   2.134 +  {problem_name : TPTP_Problem_Name.problem_name,
   2.135 +   skolem_defs : ((*skolem const name*)string * Binding.binding) list,
   2.136 +   defs : ((*node name*)string * Binding.binding) list,
   2.137 +   axs : ((*node name*)string * Binding.binding) list,
   2.138 +   (*info for each node (for all lines in the TPTP proof)*)
   2.139 +   meta : formula_meaning list}
   2.140 +
   2.141 +fun empty_pannot prob_name =
   2.142 +  {problem_name = prob_name,
   2.143 +   skolem_defs = [],
   2.144 +   defs = [],
   2.145 +   axs = [],
   2.146 +   meta = []}
   2.147 +
   2.148 +
   2.149 +(* Storage of proof data *)
   2.150 +
   2.151 +exception MANIFEST of TPTP_Problem_Name.problem_name * string (*FIXME move to TPTP_Interpret?*)
   2.152 +
   2.153 +type manifest = TPTP_Problem_Name.problem_name * proof_annotation
   2.154 +
   2.155 +(*manifest equality simply depends on problem name*)
   2.156 +fun manifest_eq ((prob_name1, _), (prob_name2, _)) = prob_name1 = prob_name2
   2.157 +
   2.158 +structure TPTP_Reconstruction_Data = Theory_Data
   2.159 +(
   2.160 +  type T = manifest list
   2.161 +  val empty = []
   2.162 +  val extend = I
   2.163 +  fun merge data : T = Library.merge manifest_eq data
   2.164 +)
   2.165 +val get_manifests : theory -> manifest list = TPTP_Reconstruction_Data.get
   2.166 +
   2.167 +fun update_manifest prob_name pannot thy =
   2.168 +  let
   2.169 +    val idx =
   2.170 +      find_index
   2.171 +        (fn (n, _) => n = prob_name)
   2.172 +        (get_manifests thy)
   2.173 +    val transf = (fn _ =>
   2.174 +      (prob_name, pannot))
   2.175 +  in
   2.176 +    TPTP_Reconstruction_Data.map
   2.177 +      (nth_map idx transf)
   2.178 +      thy
   2.179 +  end
   2.180 +
   2.181 +(*similar to get_fmlas_of_prob but for proofs*)
   2.182 +fun get_pannot_of_prob thy prob_name : proof_annotation =
   2.183 +  case AList.lookup (op =) (get_manifests thy) prob_name of
   2.184 +      SOME pa => pa
   2.185 +    | NONE => raise (MANIFEST (prob_name, "Could not find proof annotation"))
   2.186 +
   2.187 +
   2.188 +(* Constants *)
   2.189 +
   2.190 +(*Prefix used for naming inferences which were added during proof
   2.191 +transformation. (e.g., this is used to name "bind"-inference nodes
   2.192 +described below)*)
   2.193 +val inode_prefixK = "inode"
   2.194 +
   2.195 +(*New inference rule name, which is added to indicate that some
   2.196 +variable has been instantiated. Additional proof metadata will
   2.197 +indicate which variable, and how it was instantiated*)
   2.198 +val bindK = "bind"
   2.199 +
   2.200 +(*New inference rule name, which is added to indicate that some
   2.201 +(validity-preserving) preprocessing has been done to a (singleton)
   2.202 +clause prior to it being split.*)
   2.203 +val split_preprocessingK = "split_preprocessing"
   2.204 +
   2.205 +
   2.206 +(* Storage of internal values *)
   2.207 +
   2.208 +type tptp_reconstruction_state = {next_int : int}
   2.209 +structure TPTP_Reconstruction_Internal_Data = Theory_Data
   2.210 +(
   2.211 +  type T = tptp_reconstruction_state
   2.212 +  val empty = {next_int = 0}
   2.213 +  val extend = I
   2.214 +  fun merge data : T = snd data
   2.215 +)
   2.216 +
   2.217 +(*increment internal counter, and obtain the current next value*)
   2.218 +fun get_next_int thy : int * theory =
   2.219 +  let
   2.220 +    val state = TPTP_Reconstruction_Internal_Data.get thy
   2.221 +    val state' = {next_int = 1 + #next_int state}
   2.222 +  in
   2.223 +    (#next_int state,
   2.224 +     TPTP_Reconstruction_Internal_Data.put state' thy)
   2.225 +  end
   2.226 +
   2.227 +(*FIXME in some applications (e.g. where the name is used for an
   2.228 +   inference node) need to check that the name is fresh, to avoid
   2.229 +   collisions with other bits of the proof*)
   2.230 +val get_next_name =
   2.231 +  get_next_int
   2.232 +  #> apfst (fn i => inode_prefixK ^ Int.toString i)
   2.233 +
   2.234 +
   2.235 +(* Building the index *)
   2.236 +
   2.237 +(*thrown when we're expecting a TPTP_Proof.Bind annotation but find something else*)
   2.238 +exception NON_BINDING
   2.239 +(*given a list of pairs consisting of a variable name and
   2.240 +  TPTP formula, returns the list consisting of the original
   2.241 +  variable name and the interpreted HOL formula. Needs the
   2.242 +  problem name to ensure use of correct interpretations for
   2.243 +  constants and types.*)
   2.244 +fun interpret_bindings (prob_name : TPTP_Problem_Name.problem_name) thy bindings acc =
   2.245 +  if null bindings then acc
   2.246 +  else
   2.247 +    case hd bindings of
   2.248 +        TPTP_Proof.Bind (v, fmla) =>
   2.249 +          let
   2.250 +            val (type_map, const_map) =
   2.251 +                case AList.lookup (op =) (TPTP_Interpret.get_manifests thy) prob_name of
   2.252 +                    NONE => raise (MANIFEST (prob_name, "Problem details not found in interpretation manifest"))
   2.253 +                  | SOME (type_map, const_map, _) => (type_map, const_map)
   2.254 +
   2.255 +            (*FIXME get config from the envir or make it parameter*)
   2.256 +            val config =
   2.257 +              {cautious = true,
   2.258 +               problem_name = SOME prob_name}
   2.259 +            val result =
   2.260 +              (v,
   2.261 +               TPTP_Interpret.interpret_formula
   2.262 +                config TPTP_Syntax.THF
   2.263 +                const_map [] type_map fmla thy
   2.264 +               |> fst)
   2.265 +          in
   2.266 +            interpret_bindings prob_name thy (tl bindings) (result :: acc)
   2.267 +          end
   2.268 +      | _ => raise NON_BINDING
   2.269 +
   2.270 +type rule_info =
   2.271 +  {inference_name : string, (*name of calculus rule*)
   2.272 +   inference_fmla : term, (*the inference as a term*)
   2.273 +   parents : string list}
   2.274 +
   2.275 +(*Instantiates a binding in orig_parent_fmla. Used in a proof
   2.276 +  transformation to factor out instantiations from inferences.*)
   2.277 +fun apply_binding thy prob_name orig_parent_fmla target_fmla bindings =
   2.278 +  let
   2.279 +    val bindings' = interpret_bindings prob_name thy bindings []
   2.280 +
   2.281 +    (*capture selected free variables. these variables, and their
   2.282 +      intended de Bruijn index, are included in "var_ctxt"*)
   2.283 +    fun bind_free_vars var_ctxt t =
   2.284 +      case t of
   2.285 +          Const _ => t
   2.286 +        | Var _ => t
   2.287 +        | Bound _ => t
   2.288 +        | Abs (x, ty, t') => Abs (x, ty, bind_free_vars (x :: var_ctxt) t')
   2.289 +        | Free (x, ty) =>
   2.290 +            let
   2.291 +              val idx = find_index (fn y => y = x) var_ctxt
   2.292 +            in
   2.293 +              if idx > ~1 andalso
   2.294 +                 ty = dummyT (*this check not really needed*) then
   2.295 +                  Bound idx
   2.296 +              else t
   2.297 +            end
   2.298 +        | t1 $ t2 => bind_free_vars var_ctxt t1 $ bind_free_vars var_ctxt t2
   2.299 +
   2.300 +    (*Instantiate specific quantified variables:
   2.301 +      Look for subterms of form (! (% x. M)) where "x" appears as a "bound_var",
   2.302 +      then replace "x" for "body" in "M".
   2.303 +      Should only be applied at formula top level -- i.e., once past the quantifier
   2.304 +      prefix we needn't bother with looking for bound_vars.
   2.305 +      "var"_ctxt is used to keep track of lambda-bindings we encounter, to capture
   2.306 +      free variables in "body" correctly (i.e., replace Free with Bound having the
   2.307 +      right index)*)
   2.308 +    fun instantiate_bound (binding as (bound_var, body)) (initial as (var_ctxt, t))  =
   2.309 +      case t of
   2.310 +          Const _ => initial
   2.311 +        | Free _ => initial
   2.312 +        | Var _ => initial
   2.313 +        | Bound _ => initial
   2.314 +        | Abs _ => initial
   2.315 +        | t1 $ (t2 as Abs (x, ty, t')) =>
   2.316 +            if is_Const t1 then
   2.317 +              (*Could be fooled by shadowing, but if order matters
   2.318 +                then should still be able to handle formulas like
   2.319 +                (! X, X. F).*)
   2.320 +              if x = bound_var andalso
   2.321 +                 fst (dest_Const t1) = @{const_name All} then
   2.322 +                  (*Body might contain free variables, so bind them using "var_ctxt".
   2.323 +                    this involves replacing instances of Free with instances of Bound
   2.324 +                    at the right index.*)
   2.325 +                  let val body' = bind_free_vars var_ctxt body
   2.326 +                  in
   2.327 +                    (var_ctxt,
   2.328 +                     betapply (t2, body'))
   2.329 +                  end
   2.330 +              else
   2.331 +                  let
   2.332 +                    val (var_ctxt', rest) = instantiate_bound binding (x :: var_ctxt, t')
   2.333 +                  in
   2.334 +                    (var_ctxt',
   2.335 +                     t1 $ Abs (x, ty, rest))
   2.336 +                  end
   2.337 +            else initial
   2.338 +        | t1 $ t2 =>
   2.339 +            let
   2.340 +              val (var_ctxt', rest) = instantiate_bound binding (var_ctxt, t2)
   2.341 +            in
   2.342 +              (var_ctxt', t1 $ rest)
   2.343 +            end
   2.344 +
   2.345 +    (*Here we preempt the following problem:
   2.346 +     if have (! X1, X2, X3. body), and X1 is instantiated to
   2.347 +     "c X2 X3", then the current code will yield
   2.348 +     (! X2, X3, X2a, X3a. body').
   2.349 +     To avoid this, we must first push X1 in, before calling
   2.350 +     instantiate_bound, to make sure that bound variables don't
   2.351 +     get free.*)
   2.352 +    fun safe_instantiate_bound (binding as (bound_var, body)) (var_ctxt, t) =
   2.353 +       instantiate_bound binding
   2.354 +         (var_ctxt, push_allvar_in bound_var t)
   2.355 +
   2.356 +    (*return true if one of the types is polymorphic*)
   2.357 +    fun is_polymorphic tys =
   2.358 +      if null tys then false
   2.359 +      else
   2.360 +        case hd tys of
   2.361 +            Type (_, tys') => is_polymorphic (tl tys @ tys')
   2.362 +          | TFree _ => true
   2.363 +          | TVar _ => true
   2.364 +
   2.365 +    (*find the type of a quantified variable, at the "topmost" binding
   2.366 +      occurrence*)
   2.367 +    local
   2.368 +      fun type_of_quantified_var' s ts =
   2.369 +        if null ts then NONE
   2.370 +        else
   2.371 +          case hd ts of
   2.372 +              Const _ => type_of_quantified_var' s (tl ts)
   2.373 +            | Free _ => type_of_quantified_var' s (tl ts)
   2.374 +            | Var _ => type_of_quantified_var' s (tl ts)
   2.375 +            | Bound _ => type_of_quantified_var' s (tl ts)
   2.376 +            | Abs (s', ty, t') =>
   2.377 +                if s = s' then SOME ty
   2.378 +                else type_of_quantified_var' s (t' :: tl ts)
   2.379 +            | t1 $ t2 => type_of_quantified_var' s (t1 :: t2 :: tl ts)
   2.380 +    in
   2.381 +      fun type_of_quantified_var s =
   2.382 +        single #> type_of_quantified_var' s
   2.383 +    end
   2.384 +
   2.385 +    (*Form the universal closure of "t".
   2.386 +      NOTE remark above "val frees" about ordering of quantified variables*)
   2.387 +    fun close_formula t =
   2.388 +      let
   2.389 +          (*The ordering of Frees in this list affects the order in which variables appear
   2.390 +            in the quantification prefix. Currently this is assumed not to matter.
   2.391 +            This consists of a list of pairs: the first element consists of the "original"
   2.392 +            free variable, and the latter consists of the monomorphised equivalent. The
   2.393 +            two elements are identical if the original is already monomorphic.
   2.394 +            This monomorphisation is needed since, owing to TPTP's lack of type annotations,
   2.395 +            variables might not be constrained by type info. This results in them being
   2.396 +            interpreted as polymorphic. E.g., this issue comes up in CSR148^1*)
   2.397 +          val frees_monomorphised =
   2.398 +            fold_aterms
   2.399 +              (fn t => fn rest =>
   2.400 +                 if is_Free t then
   2.401 +                   let
   2.402 +                     val (s, ty) = dest_Free t
   2.403 +                     val ty' =
   2.404 +                       if ty = dummyT orelse is_polymorphic [ty] then
   2.405 +                         the (type_of_quantified_var s target_fmla)
   2.406 +                       else ty
   2.407 +                   in insert (op =) (t, Free (s, ty')) rest
   2.408 +                   end
   2.409 +                 else rest)
   2.410 +              t []
   2.411 +      in
   2.412 +        Term.subst_free frees_monomorphised t
   2.413 +        |> fold (fn (s, ty) => fn t =>
   2.414 +                    HOLogic.mk_all (s, ty, t))
   2.415 +              (map (snd #> dest_Free) frees_monomorphised)
   2.416 +      end
   2.417 +
   2.418 +    (*FIXME currently assuming that we're only ever given a single binding each time this is called*)
   2.419 +    val _ = @{assert} (length bindings' = 1)
   2.420 +
   2.421 +  in
   2.422 +    fold safe_instantiate_bound bindings' ([], HOLogic.dest_Trueprop orig_parent_fmla)
   2.423 +    |> snd (*discard var typing context*)
   2.424 +    |> close_formula
   2.425 +    |> single
   2.426 +    |> Type_Infer_Context.infer_types (Context.proof_of (Context.Theory thy))
   2.427 +    |> the_single
   2.428 +    |> HOLogic.mk_Trueprop
   2.429 +    |> rpair bindings'
   2.430 +  end
   2.431 +
   2.432 +exception RECONSTRUCT of string
   2.433 +
   2.434 +(*Some of these may be redundant wrt the original aims of this
   2.435 +  datatype, but it's useful to have a datatype to classify formulas
   2.436 +  for use by other functions as well.*)
   2.437 +datatype formula_kind =
   2.438 +    Conjunctive of bool option
   2.439 +  | Disjunctive of bool option
   2.440 +  | Biimplicational of bool option
   2.441 +  | Negative of bool option
   2.442 +  | Existential of bool option * typ
   2.443 +  | Universal of bool option * typ
   2.444 +  | Equational of bool option * typ
   2.445 +  | Atomic of bool option
   2.446 +  | Implicational of bool option
   2.447 +
   2.448 +exception UNPOLARISED of term
   2.449 +(*Remove "= $true" or "= $false$ from the edge
   2.450 +  of a formula. Use "try" in case formula is not
   2.451 +  polarised.*)
   2.452 +fun remove_polarity strict formula =
   2.453 +  case try HOLogic.dest_eq formula of
   2.454 +      NONE => if strict then raise (UNPOLARISED formula)
   2.455 +              else (formula, true)
   2.456 +    | SOME (x, p as @{term True}) => (x, true)
   2.457 +    | SOME (x, p as @{term False}) => (x, false)
   2.458 +    | SOME (x, _) =>
   2.459 +        if strict then raise (UNPOLARISED formula)
   2.460 +        else (formula, true)
   2.461 +
   2.462 +(*flattens a formula wrt associative operators*)
   2.463 +fun flatten formula_kind formula =
   2.464 +  let
   2.465 +    fun is_conj (Const (@{const_name HOL.conj}, _) $ _ $ _) = true
   2.466 +      | is_conj _ = false
   2.467 +    fun is_disj (Const (@{const_name HOL.disj}, _) $ _ $ _) = true
   2.468 +      | is_disj _ = false
   2.469 +    fun is_iff (Const (@{const_name HOL.eq}, ty) $ _ $ _) =
   2.470 +          ty = ([HOLogic.boolT, HOLogic.boolT] ---> HOLogic.boolT)
   2.471 +      | is_iff _ = false
   2.472 +
   2.473 +    fun flatten' formula acc =
   2.474 +      case formula of
   2.475 +          Const (@{const_name HOL.conj}, _) $ t1 $ t2 =>
   2.476 +            (case formula_kind of
   2.477 +                 Conjunctive _ =>
   2.478 +                   let
   2.479 +                     val left =
   2.480 +                       if is_conj t1 then flatten' t1 acc else (t1 :: acc)
   2.481 +                   in
   2.482 +                       if is_conj t2 then flatten' t2 left else (t2 :: left)
   2.483 +                   end
   2.484 +               | _ => formula :: acc)
   2.485 +        | Const (@{const_name HOL.disj}, _) $ t1 $ t2 =>
   2.486 +            (case formula_kind of
   2.487 +                 Disjunctive _ =>
   2.488 +                   let
   2.489 +                     val left =
   2.490 +                       if is_disj t1 then flatten' t1 acc else (t1 :: acc)
   2.491 +                   in
   2.492 +                       if is_disj t2 then flatten' t2 left else (t2 :: left)
   2.493 +                   end
   2.494 +               | _ => formula :: acc)
   2.495 +        | Const (@{const_name HOL.eq}, ty) $ t1 $ t2 =>
   2.496 +            if ty = ([HOLogic.boolT, HOLogic.boolT] ---> HOLogic.boolT) then
   2.497 +              case formula_kind of
   2.498 +                   Biimplicational _ =>
   2.499 +                     let
   2.500 +                       val left =
   2.501 +                         if is_iff t1 then flatten' t1 acc else (t1 :: acc)
   2.502 +                     in
   2.503 +                         if is_iff t2 then flatten' t2 left else (t2 :: left)
   2.504 +                     end
   2.505 +                 | _ => formula :: acc
   2.506 +            else formula :: acc
   2.507 +        | _ => [formula]
   2.508 +
   2.509 +    val formula' = try_dest_Trueprop formula
   2.510 +  in
   2.511 +    case formula_kind of
   2.512 +        Conjunctive (SOME _) =>
   2.513 +          remove_polarity false formula'
   2.514 +          |> fst
   2.515 +          |> (fn t => flatten' t [])
   2.516 +      | Disjunctive (SOME _) =>
   2.517 +          remove_polarity false formula'
   2.518 +          |> fst
   2.519 +          |> (fn t => flatten' t [])
   2.520 +      | Biimplicational (SOME _) =>
   2.521 +          remove_polarity false formula'
   2.522 +          |> fst
   2.523 +          |> (fn t => flatten' t [])
   2.524 +      | _ => flatten' formula' []
   2.525 +  end
   2.526 +
   2.527 +fun node_info fms projector node_name =
   2.528 +  case AList.lookup (op =) fms node_name of
   2.529 +      NONE =>
   2.530 +        raise (RECONSTRUCT ("node " ^ node_name ^
   2.531 +                            " doesn't exist"))
   2.532 +    | SOME info => projector info
   2.533 +
   2.534 +(*Given a list of parent infos, extract the parent node names
   2.535 +  and the additional info (e.g., if there was an instantiation
   2.536 +  in addition to the inference).
   2.537 +  if "filtered"=true then exclude axiom and definition parents*)
   2.538 +fun dest_parent_infos filtered fms parent_infos : {name : string, details : TPTP_Proof.parent_detail list} list =
   2.539 +  let
   2.540 +    (*Removes "definition" dependencies since these play no
   2.541 +      logical role -- i.e. they just give the expansions of
   2.542 +      constants.
   2.543 +      Removes "axiom" dependencies since these do not need to
   2.544 +      be derived; the reconstruction handler in "leo2_tac" can
   2.545 +      pick up the relevant axioms (using the info in the proof
   2.546 +      annotation) and use them in its reconstruction.
   2.547 +    *)
   2.548 +    val filter_deps =
   2.549 +      List.filter (fn {name, ...} =>
   2.550 +        let
   2.551 +          val role = node_info fms #role name
   2.552 +        in role <> TPTP_Syntax.Role_Definition andalso
   2.553 +            role <> TPTP_Syntax.Role_Axiom
   2.554 +        end)
   2.555 +    val parent_nodelist =
   2.556 +      parent_infos
   2.557 +      |> map (fn n =>
   2.558 +                 case n of
   2.559 +                     TPTP_Proof.Parent parent => {name = parent, details = []}
   2.560 +                   | TPTP_Proof.ParentWithDetails (parent, details) =>
   2.561 +                     {name = parent, details = details})
   2.562 +  in
   2.563 +    parent_nodelist
   2.564 +    |> filtered ? filter_deps
   2.565 +  end
   2.566 +
   2.567 +fun parents_of_node fms n =
   2.568 +  case node_info fms #source_inf_opt n of
   2.569 +      NONE => []
   2.570 +    | SOME (TPTP_Proof.File _) => []
   2.571 +    | SOME (TPTP_Proof.Inference (_, _ : TPTP_Proof.useful_info_as list, parent_infos)) =>
   2.572 +        dest_parent_infos false fms parent_infos
   2.573 +        |> map #name
   2.574 +
   2.575 +exception FIND_ANCESTOR_USING_RULE of string
   2.576 +(*BFS for an ancestor inference involving a specific rule*)
   2.577 +fun find_ancestor_using_rule pannot inference_rule (fringe : string list) : string =
   2.578 +  if null fringe then
   2.579 +    raise (FIND_ANCESTOR_USING_RULE inference_rule)
   2.580 +  else
   2.581 +    case node_info (#meta pannot) #source_inf_opt (hd fringe) of
   2.582 +        NONE => find_ancestor_using_rule pannot inference_rule (tl fringe)
   2.583 +      | SOME (TPTP_Proof.File _) => find_ancestor_using_rule pannot inference_rule (tl fringe)
   2.584 +      | SOME (TPTP_Proof.Inference (rule_name, _ : TPTP_Proof.useful_info_as list, parent_infos)) =>
   2.585 +          if rule_name = inference_rule then hd fringe
   2.586 +          else
   2.587 +            find_ancestor_using_rule pannot inference_rule
   2.588 +             (tl fringe @
   2.589 +              map #name (dest_parent_infos true (#meta pannot) parent_infos))
   2.590 +
   2.591 +(*Given a node in the proof, produce the term representing the inference
   2.592 +  that took place in that step, the inference rule used, and which
   2.593 +  other (non-axiom and non-definition) nodes participated in the
   2.594 +  inference*)
   2.595 +fun inference_at_node thy (prob_name : TPTP_Problem_Name.problem_name)
   2.596 +     (fms : formula_meaning list) from : rule_info option =
   2.597 +    let
   2.598 +      exception INFERENCE_AT_NODE of string
   2.599 +
   2.600 +      (*lookup formula associated with a node*)
   2.601 +      val fmla_of_node =
   2.602 +          node_info fms #fmla
   2.603 +          #> try_dest_Trueprop
   2.604 +
   2.605 +      fun build_inference_info rule_name parent_infos =
   2.606 +        let
   2.607 +          val _ = @{assert} (not (null parent_infos))
   2.608 +
   2.609 +          (*hypothesis formulas (with bindings already
   2.610 +            instantiated during the proof-transformation
   2.611 +            applied when loading the proof),
   2.612 +            including any axioms or definitions*)
   2.613 +          val parent_nodes =
   2.614 +            dest_parent_infos false fms parent_infos
   2.615 +            |> map #name
   2.616 +
   2.617 +          val parent_fmlas = map fmla_of_node (rev(*FIXME can do away with this? it matters because of order of conjunction. is there a matching rev elsewhere?*) parent_nodes)
   2.618 +
   2.619 +          val inference_term =
   2.620 +            if null parent_fmlas then
   2.621 +                fmla_of_node from
   2.622 +                |> HOLogic.mk_Trueprop
   2.623 +            else
   2.624 +                Logic.mk_implies
   2.625 +                 (fold
   2.626 +                    (curry HOLogic.mk_conj)
   2.627 +                    (tl parent_fmlas)
   2.628 +                    (hd parent_fmlas)
   2.629 +                  |> HOLogic.mk_Trueprop,
   2.630 +                  fmla_of_node from |> HOLogic.mk_Trueprop)
   2.631 +        in
   2.632 +          SOME {inference_name = rule_name,
   2.633 +                inference_fmla = inference_term,
   2.634 +                parents = parent_nodes}
   2.635 +        end
   2.636 +    in
   2.637 +      (*examine node's "source" annotation: we're only interested
   2.638 +        if it's an inference*)
   2.639 +      case node_info fms #source_inf_opt from of
   2.640 +                NONE => NONE
   2.641 +              | SOME (TPTP_Proof.File _) => NONE
   2.642 +              | SOME (TPTP_Proof.Inference (rule_name, _ : TPTP_Proof.useful_info_as list, parent_infos)) =>
   2.643 +                  if List.null parent_infos then
   2.644 +                    raise (INFERENCE_AT_NODE
   2.645 +                            ("empty parent list for node " ^
   2.646 +                             from ^ ": check proof format"))
   2.647 +                  else
   2.648 +                    build_inference_info rule_name parent_infos
   2.649 +    end
   2.650 +
   2.651 +
   2.652 +(** Proof skeleton **)
   2.653 +
   2.654 +(* Emulating skeleton steps *)
   2.655 +
   2.656 +(*
   2.657 +Builds a rule (thm) of the following form:
   2.658 +
   2.659 +
   2.660 +                  prem1                   premn
   2.661 +                   ...         ...         ...
   2.662 +   major_prem     conc1                   concn
   2.663 +  -----------------------------------------------
   2.664 +                    conclusion
   2.665 +
   2.666 +where major_prem is a disjunction of prem1,...,premn.
   2.667 +*)
   2.668 +fun make_elimination_rule_t ctxt major_prem prems_and_concs conclusion =
   2.669 +  let
   2.670 +    val thy = Proof_Context.theory_of ctxt
   2.671 +    val minor_prems =
   2.672 +      map (fn (v, conc) =>
   2.673 +        Logic.mk_implies (v, HOLogic.mk_Trueprop conc))
   2.674 +        prems_and_concs
   2.675 +  in
   2.676 +    (Logic.list_implies
   2.677 +     (major_prem :: minor_prems,
   2.678 +     conclusion))
   2.679 +  end
   2.680 +
   2.681 +(*In summary, we emulate an n-way splitting rule via an n-way
   2.682 +  disjunction elimination.
   2.683 +
   2.684 +  Given a split formula and conclusion, we prove a rule which
   2.685 +  simulates the split. The conclusion is assumed to be a conjunction
   2.686 +  of conclusions for each branch of the split. The
   2.687 +  "minor_prem_assumptions" are the assumptions discharged in each
   2.688 +  branch; they're passed to the function to make sure that the
   2.689 +  generated rule is compatible with the skeleton (since the skeleton
   2.690 +  fixes the "order" of the reconstruction, based on the proof's
   2.691 +  structure).
   2.692 +
   2.693 +  Concretely, if P is "(_ & _) = $false" or "(_ | _) = $true" then
   2.694 +  splitting behaves as follows:
   2.695 +
   2.696 +                     P
   2.697 +      -------------------------------
   2.698 +       _ = $false         _ = $false
   2.699 +          ...       ...       ...
   2.700 +           R1                  Rn
   2.701 +      -------------------------------
   2.702 +               R1 & ... & Rn
   2.703 +
   2.704 +  Splitting (binary) iffs works as follows:
   2.705 +
   2.706 +                  (A <=> B) = $false
   2.707 +      ------------------------------------------
   2.708 +       (A => B) = $false      (B => A) = $false
   2.709 +             ...                     ...
   2.710 +              R1                      R2
   2.711 +      ------------------------------------------
   2.712 +                        R1 & R2
   2.713 +*)
   2.714 +fun simulate_split ctxt split_fmla minor_prem_assumptions conclusion =
   2.715 +  let
   2.716 +    val prems_and_concs =
   2.717 +      ListPair.zip (minor_prem_assumptions, flatten (Conjunctive NONE) conclusion)
   2.718 +
   2.719 +    val rule_t = make_elimination_rule_t ctxt split_fmla prems_and_concs conclusion
   2.720 +
   2.721 +    (*these are replaced by fresh variables in the abstract term*)
   2.722 +    val abstraction_subterms =
   2.723 +      (map (try_dest_Trueprop #> remove_polarity true #> fst)
   2.724 +              minor_prem_assumptions)
   2.725 +
   2.726 +    (*generate an abstract rule as a term...*)
   2.727 +    val abs_rule_t =
   2.728 +      abstract
   2.729 +        abstraction_subterms
   2.730 +        rule_t
   2.731 +      |> snd (*ignore mapping info. this is a bit wasteful*)
   2.732 +             (*FIXME optimisation: instead on relying on diff
   2.733 +                to regenerate this info, could use it directly*)
   2.734 +
   2.735 +    (*...and validate the abstract rule*)
   2.736 +    val abs_rule_thm =
   2.737 +      Goal.prove ctxt [] [] abs_rule_t
   2.738 +       (fn pdata => HEADGOAL (blast_tac (#context pdata)))
   2.739 +      |> Drule.export_without_context
   2.740 +  in
   2.741 +    (*Instantiate the abstract rule based on the contents of the
   2.742 +      required instance*)
   2.743 +    diff_and_instantiate ctxt abs_rule_thm (prop_of abs_rule_thm) rule_t
   2.744 +  end
   2.745 +
   2.746 +
   2.747 +(* Building the skeleton *)
   2.748 +
   2.749 +type step_id = string
   2.750 +datatype rolling_stock =
   2.751 +    Step of step_id
   2.752 +  | Assumed
   2.753 +  | Unconjoin
   2.754 +  | Split of step_id (*where split occurs*) *
   2.755 +             step_id (*where split ends*) *
   2.756 +             step_id list (*children of the split*)
   2.757 +  | Synth_step of step_id (*A step which doesn't necessarily appear in
   2.758 +    the original proof, or which has been modified slightly for better
   2.759 +    handling by Isabelle*) (*FIXME "inodes" should be made into Synth_steps*)
   2.760 +  | Annotated_step of step_id * string (*Same interpretation as
   2.761 +    "Step", except that additional information is attached. This is
   2.762 +    currently used for debugging: Steps are mapped to Annotated_steps
   2.763 +    and their rule names are included as strings*)
   2.764 +  | Definition of step_id (*Mirrors TPTP role*)
   2.765 +  | Axiom of step_id (*Mirrors TPTP role*)
   2.766 +(*  | Derived of step_id -- to be used by memoization*)
   2.767 +  | Caboose
   2.768 +
   2.769 +fun stock_to_string (Step n) = n
   2.770 +  | stock_to_string (Annotated_step (n, anno)) = n ^ "(" ^ anno ^ ")"
   2.771 +  | stock_to_string _ = error "Stock is not a step" (*FIXME more meaningful message*)
   2.772 +
   2.773 +fun filter_by_role tptp_role =
   2.774 +  filter
   2.775 +   (fn (_, info) =>
   2.776 +       #role info = tptp_role)
   2.777 +
   2.778 +fun filter_by_name node_name =
   2.779 +  filter
   2.780 +   (fn (n, _) =>
   2.781 +       n = node_name)
   2.782 +
   2.783 +exception NO_MARKER_NODE
   2.784 +(*We fall back on node "1" in case the proof is not that of a theorem*)
   2.785 +fun proof_beginning_node fms =
   2.786 +  let
   2.787 +    val result =
   2.788 +      cascaded_filter_single true
   2.789 +       [filter_by_role TPTP_Syntax.Role_Conjecture,
   2.790 +        filter_by_name "1"] (*FIXME const*)
   2.791 +       fms
   2.792 +  in
   2.793 +    case result of
   2.794 +        SOME x => fst x (*get the node name*)
   2.795 +      | NONE => raise NO_MARKER_NODE
   2.796 +  end
   2.797 +
   2.798 +(*Get the name of the node where the proof ends*)
   2.799 +fun proof_end_node fms =
   2.800 +  (*FIXME this isn't very nice: we assume that the last line in the
   2.801 +    proof file is the closing line of the proof. It would be nicer if
   2.802 +    such a line is specially marked (with a role), since there is no
   2.803 +    obvious ordering on names, since they can be strings.
   2.804 +    Another way would be to run an analysis on the graph to find
   2.805 +    this node, since it has properties which should make it unique
   2.806 +    in a graph*)
   2.807 +  fms
   2.808 +  |> hd (*since proof has been reversed prior*)
   2.809 +  |> fst (*get node name*)
   2.810 +
   2.811 +(*Generate list of (possibly reconstructed) inferences which can be
   2.812 +  composed together to reconstruct the whole proof.*)
   2.813 +fun make_skeleton ctxt (pannot : proof_annotation) : rolling_stock list =
   2.814 +  let
   2.815 +    val thy = Proof_Context.theory_of ctxt
   2.816 +
   2.817 +    fun stock_is_ax_or_def (Axiom _) = true
   2.818 +      | stock_is_ax_or_def (Definition _) = true
   2.819 +      | stock_is_ax_or_def _ = false
   2.820 +
   2.821 +    fun stock_of n =
   2.822 +      case node_info (#meta pannot) #role n of
   2.823 +          TPTP_Syntax.Role_Definition => (true, Definition n)
   2.824 +        | TPTP_Syntax.Role_Axiom => (true, Axiom n)
   2.825 +        | _ => (false, Step n)
   2.826 +
   2.827 +    fun n_is_split_conjecture (inference_info : rule_info option) =
   2.828 +      case inference_info of
   2.829 +          NONE => false
   2.830 +        | SOME inference_info => #inference_name inference_info = "split_conjecture"
   2.831 +
   2.832 +    (*Different kinds of inference sequences:
   2.833 +        - Linear: (just add a step to the skeleton)
   2.834 +           ---...---
   2.835 +
   2.836 +        - Fan-in: (treat each in-path as conjoined with the others. Linearise all the paths, and concatenate them.)
   2.837 +                  /---...
   2.838 +           ------<
   2.839 +                  \---...
   2.840 +
   2.841 +        - Real split: Instead of treating as a conjunction, as in
   2.842 +           normal fan-ins, we need to treat specially by looking
   2.843 +           at the location where the split occurs, and turn the
   2.844 +           split inference into a validity-preserving subproof.
   2.845 +           As with fan-ins, we handle each fan-in path, and
   2.846 +           concatenate.
   2.847 +                  /---...---\
   2.848 +           ------<           >------
   2.849 +                  \---...---/
   2.850 +
   2.851 +        - Fake split: (treat like linear, since there isn't a split-node)
   2.852 +           ------<---...----------
   2.853 +
   2.854 +      Different kinds of sequences endings:
   2.855 +        - "Stop before": Non-decreasing list of nodes where should terminate.
   2.856 +                         This starts off with the end node, and the split_nodes
   2.857 +                         will be added dynamically as the skeleton is built.
   2.858 +        - Axiom/Definition
   2.859 +     *)
   2.860 +
   2.861 +    (*The following functions build the skeleton for the reconstruction starting
   2.862 +      from the node labelled "n" and stopping just before an element in stop_just_befores*)
   2.863 +    (*FIXME could throw exception if none of stop_just_befores is ever encountered*)
   2.864 +
   2.865 +    (*This approach below is naive because it linearises the proof DAG, and this would
   2.866 +      duplicate some effort if the DAG isn't already linear.*)
   2.867 +    exception SKELETON
   2.868 +
   2.869 +    fun check_parents stop_just_befores n =
   2.870 +      let
   2.871 +        val parents = parents_of_node (#meta pannot) n
   2.872 +      in
   2.873 +        if length parents = 1 then
   2.874 +          AList.lookup (op =) stop_just_befores (the_single parents)
   2.875 +        else
   2.876 +          NONE
   2.877 +      end
   2.878 +
   2.879 +    fun naive_skeleton' stop_just_befores n =
   2.880 +      case check_parents stop_just_befores n of
   2.881 +          SOME skel => skel
   2.882 +        | NONE =>
   2.883 +            let
   2.884 +              val inference_info = inference_at_node thy (#problem_name pannot) (#meta pannot) n
   2.885 +            in
   2.886 +                if is_none inference_info then
   2.887 +                  (*this is the case for the conjecture, definitions and axioms*)
   2.888 +                    if node_info (#meta pannot) #role n = TPTP_Syntax.Role_Definition then
   2.889 +                      [(Definition n), Assumed]
   2.890 +                    else if node_info (#meta pannot) #role n = TPTP_Syntax.Role_Axiom then
   2.891 +                      [Axiom n]
   2.892 +                    else raise SKELETON
   2.893 +                else
   2.894 +                  let
   2.895 +                    val inference_info = the inference_info
   2.896 +                    val parents = #parents inference_info
   2.897 +                  in
   2.898 +                    (*FIXME memoize antecedent_steps?*)
   2.899 +                    if #inference_name inference_info = "solved_all_splits" andalso length parents > 1 then
   2.900 +                      (*splitting involves fanning out then in; this is to be
   2.901 +                        treated different than other fan-out-ins.*)
   2.902 +                      let
   2.903 +                        (*find where the proofs fanned-out: pick some antecedent,
   2.904 +                          then find ancestor to use a "split_conjecture" inference.*)
   2.905 +                        (*NOTE we assume that splits can't be nested*)
   2.906 +                        val split_node =
   2.907 +                          find_ancestor_using_rule pannot "split_conjecture" [hd parents]
   2.908 +                          |> parents_of_node (#meta pannot)
   2.909 +                          |> the_single
   2.910 +
   2.911 +                        (*compute the skeletons starting at parents to either the split_node
   2.912 +                          if the antecedent is descended from the split_node, or the
   2.913 +                          stop_just_before otherwise*)
   2.914 +                        val skeletons_up =
   2.915 +                          map (naive_skeleton' ((split_node, [Assumed]) :: stop_just_befores)) parents
   2.916 +                      in
   2.917 +                        (*point to the split node, so that custom rule can be built later on*)
   2.918 +                        Step n :: (Split (split_node, n, parents)) :: (*this will create the elimination rule*)
   2.919 +                         naive_skeleton' stop_just_befores split_node @ (*this will discharge the major premise*)
   2.920 +                         List.concat skeletons_up @ [Assumed] (*this will discharge the minor premises*)
   2.921 +                      end
   2.922 +                    else if length parents > 1 then
   2.923 +                      (*Handle fan-in nodes which aren't split-sinks by
   2.924 +                        enclosing each branch but one in conjI-assumption invocations*)
   2.925 +                        let
   2.926 +                          val skeletons_up =
   2.927 +                            map (naive_skeleton' stop_just_befores) parents
   2.928 +                        in
   2.929 +                          Step n :: concat_between skeletons_up (SOME Unconjoin, NONE) @ [Assumed]
   2.930 +                        end
   2.931 +                    else
   2.932 +                      Step n :: naive_skeleton' stop_just_befores (the_single parents)
   2.933 +                  end
   2.934 +            end
   2.935 +  in
   2.936 +    if List.null (#meta pannot) then [] (*in case "proof" file is empty*)
   2.937 +    else
   2.938 +      naive_skeleton'
   2.939 +       [(proof_beginning_node (#meta pannot), [Assumed])]
   2.940 +       (proof_end_node (#meta pannot))
   2.941 +      (*make last step the Caboose*)
   2.942 +      |> rev |> tl |> cons Caboose |> rev (*FIXME hacky*)
   2.943 +  end
   2.944 +
   2.945 +
   2.946 +(* Using the skeleton *)
   2.947 +
   2.948 +exception SKELETON
   2.949 +local
   2.950 +    (*Change the negated assumption (which is output by the contradiction rule) into
   2.951 +      a form familiar to Leo2*)
   2.952 +    val neg_eq_false =
   2.953 +      @{lemma "!! P. (~ P) ==> (P = False)" by auto}
   2.954 +
   2.955 +    (*FIXME this is just a dummy thm to annotate the assumption tac "atac"*)
   2.956 +    val solved_all_splits =
   2.957 +      @{lemma "False = True ==> False" by auto}
   2.958 +
   2.959 +    fun skel_to_naive_tactic ctxt prover_tac prob_name skel memo = fn st =>
   2.960 +      let
   2.961 +        val thy = Proof_Context.theory_of ctxt
   2.962 +        val pannot = get_pannot_of_prob thy prob_name
   2.963 +        fun tac_and_memo node memo =
   2.964 +          case AList.lookup (op =) memo node of
   2.965 +              NONE =>
   2.966 +                let
   2.967 +                  val tac =
   2.968 +                    (*FIXME formula_sizelimit not being
   2.969 +                            checked here*)
   2.970 +                    prover_tac ctxt prob_name node
   2.971 +                in (tac, (node, tac) :: memo) end
   2.972 +            | SOME tac => (tac, memo)
   2.973 +        fun rest skel' memo =
   2.974 +          skel_to_naive_tactic ctxt prover_tac prob_name skel' memo
   2.975 +
   2.976 +        val tactic =
   2.977 +          if null skel then
   2.978 +            raise SKELETON (*FIXME or classify it as a Caboose: TRY (HEADGOAL atac) *)
   2.979 +          else
   2.980 +            case hd skel of
   2.981 +                Assumed => TRY (HEADGOAL atac) THEN rest (tl skel) memo
   2.982 +              | Caboose => TRY (HEADGOAL atac)
   2.983 +              | Unconjoin => rtac @{thm conjI} 1 THEN rest (tl skel) memo
   2.984 +              | Split (split_node, solved_node, antes) =>
   2.985 +                  let
   2.986 +                    val split_fmla = node_info (#meta pannot) #fmla split_node
   2.987 +                    val conclusion =
   2.988 +                      (inference_at_node thy prob_name (#meta pannot) solved_node
   2.989 +                       |> the
   2.990 +                       |> #inference_fmla)
   2.991 +                      |> Logic.dest_implies (*FIXME there might be !!-variables?*)
   2.992 +                      |> #1
   2.993 +                    val minor_prems_assumps =
   2.994 +                      map (fn ante => find_ancestor_using_rule pannot "split_conjecture" [ante]) antes
   2.995 +                      |> map (node_info (#meta pannot) #fmla)
   2.996 +                    val split_thm =
   2.997 +                      simulate_split ctxt split_fmla minor_prems_assumps conclusion
   2.998 +                  in
   2.999 +                    rtac split_thm 1 THEN rest (tl skel) memo
  2.1000 +                  end
  2.1001 +              | Step s =>
  2.1002 +                  let
  2.1003 +                    val (tac, memo') = tac_and_memo s memo
  2.1004 +                  in
  2.1005 +                    rtac tac 1 THEN rest (tl skel) memo'
  2.1006 +                  end
  2.1007 +              | Definition n =>
  2.1008 +                  let
  2.1009 +                    val def_thm =
  2.1010 +                      case AList.lookup (op =) (#defs pannot) n of
  2.1011 +                          NONE => error ("Did not find definition: " ^ n)
  2.1012 +                        | SOME binding =>
  2.1013 +                            Binding.dest binding
  2.1014 +                            |> #3
  2.1015 +                            |> Global_Theory.get_thm thy
  2.1016 +                  in
  2.1017 +                    rtac def_thm 1 THEN rest (tl skel) memo
  2.1018 +                  end
  2.1019 +              | Axiom n =>
  2.1020 +                  let
  2.1021 +                    val ax_thm =
  2.1022 +                      case AList.lookup (op =) (#axs pannot) n of
  2.1023 +                          NONE => error ("Did not find axiom: " ^ n)
  2.1024 +                        | SOME binding =>
  2.1025 +                            Binding.dest binding
  2.1026 +                            |> #3
  2.1027 +                            |> Global_Theory.get_thm thy
  2.1028 +                  in
  2.1029 +                    rtac ax_thm 1 THEN rest (tl skel) memo
  2.1030 +                  end
  2.1031 +              | _ => raise SKELETON
  2.1032 +      in tactic st end
  2.1033 +(*FIXME fuse these*)
  2.1034 +    (*As above, but creates debug-friendly tactic.
  2.1035 +      This is also used for "partial proof reconstruction"*)
  2.1036 +    fun skel_to_naive_tactic_dbg prover_tac ctxt prob_name skel (memo : (string * (thm * tactic) option) list) =
  2.1037 +      let
  2.1038 +        val thy = Proof_Context.theory_of ctxt
  2.1039 +        val pannot = get_pannot_of_prob thy prob_name
  2.1040 +
  2.1041 +        fun rtac_wrap thm_f i = fn st =>
  2.1042 +          let
  2.1043 +            val thy = Thm.theory_of_thm st
  2.1044 +          in
  2.1045 +            rtac (thm_f thy) i st
  2.1046 +          end
  2.1047 +
  2.1048 +        (*Some nodes don't have an inference name, such as the conjecture,
  2.1049 +          definitions and axioms. Such nodes shouldn't appear in the
  2.1050 +          skeleton.*)
  2.1051 +        fun inference_name_of_node node =
  2.1052 +           case AList.lookup (op =) (#meta pannot) node of
  2.1053 +               NONE => (warning "Inference step lacks an inference name"; "(Shouldn't be here)")
  2.1054 +             | SOME info =>
  2.1055 +                 case #source_inf_opt info of
  2.1056 +                     SOME (TPTP_Proof.Inference (infname, _, _)) =>
  2.1057 +                       infname
  2.1058 +                   | _ => (warning "Inference step lacks an inference name"; "(Shouldn't be here)")
  2.1059 +
  2.1060 +        fun inference_fmla node =
  2.1061 +          case inference_at_node thy prob_name (#meta pannot) node of
  2.1062 +              NONE => NONE
  2.1063 +            | SOME {inference_fmla, ...} => SOME inference_fmla
  2.1064 +
  2.1065 +        fun rest memo' ctxt' = skel_to_naive_tactic_dbg prover_tac ctxt' prob_name (tl skel) memo'
  2.1066 +        (*reconstruct the inference. also set timeout in case
  2.1067 +          tactic takes too long*)
  2.1068 +        val try_make_step =
  2.1069 +          (*FIXME const timeout*)
  2.1070 +          (* TimeLimit.timeLimit (Time.fromSeconds 5) *)
  2.1071 +          (fn ctxt' =>
  2.1072 +             let
  2.1073 +               fun thm ctxt'' = prover_tac ctxt'' prob_name (hd skel |> stock_to_string)
  2.1074 +               val reconstructed_inference = thm ctxt'
  2.1075 +               val rec_inf_tac = fn st =>
  2.1076 +                 let
  2.1077 +                   val ctxt =
  2.1078 +                     Thm.theory_of_thm st
  2.1079 +                     |> Proof_Context.init_global
  2.1080 +                 in
  2.1081 +                   HEADGOAL (rtac (thm ctxt)) st
  2.1082 +                 end
  2.1083 +             in (reconstructed_inference,
  2.1084 +                 rec_inf_tac)
  2.1085 +             end)
  2.1086 +        fun ignore_interpretation_exn f x = SOME (f x)
  2.1087 +          handle
  2.1088 +              INTERPRET_INFERENCE => NONE
  2.1089 +            | exn => reraise exn
  2.1090 +      in
  2.1091 +        if List.null skel then
  2.1092 +          raise SKELETON
  2.1093 +        (*FIXME or classify it as follows:
  2.1094 +          [(Caboose,
  2.1095 +            prop_of @{thm asm_rl}
  2.1096 +            |> SOME,
  2.1097 +            SOME (@{thm asm_rl}, TRY (HEADGOAL atac)))]
  2.1098 +         *)
  2.1099 +        else
  2.1100 +          case hd skel of
  2.1101 +              Assumed =>
  2.1102 +                (hd skel,
  2.1103 +                 prop_of @{thm asm_rl}
  2.1104 +                 |> SOME,
  2.1105 +                 SOME (@{thm asm_rl}, TRY (HEADGOAL atac))) :: rest memo ctxt
  2.1106 +            | Caboose =>
  2.1107 +                [(Caboose,
  2.1108 +                  prop_of @{thm asm_rl}
  2.1109 +                  |> SOME,
  2.1110 +                  SOME (@{thm asm_rl}, TRY (HEADGOAL atac)))]
  2.1111 +            | Unconjoin =>
  2.1112 +                (hd skel,
  2.1113 +                 prop_of @{thm conjI}
  2.1114 +                 |> SOME,
  2.1115 +                 SOME (@{thm conjI}, rtac @{thm conjI} 1)) :: rest memo ctxt
  2.1116 +            | Split (split_node, solved_node, antes) =>
  2.1117 +                let
  2.1118 +                  val split_fmla = node_info (#meta pannot) #fmla split_node
  2.1119 +                  val conclusion =
  2.1120 +                        (inference_at_node thy prob_name (#meta pannot) solved_node
  2.1121 +                         |> the
  2.1122 +                         |> #inference_fmla)
  2.1123 +                        |> Logic.dest_implies (*FIXME there might be !!-variables?*)
  2.1124 +                        |> #1
  2.1125 +                  val minor_prems_assumps =
  2.1126 +                      map (fn ante => find_ancestor_using_rule pannot "split_conjecture" [ante]) antes
  2.1127 +                      |> map (node_info (#meta pannot) #fmla)
  2.1128 +                  val split_thm =
  2.1129 +                      simulate_split ctxt split_fmla minor_prems_assumps conclusion
  2.1130 +                in
  2.1131 +                  (hd skel,
  2.1132 +                   prop_of split_thm
  2.1133 +                   |> SOME,
  2.1134 +                   SOME (split_thm, rtac split_thm 1)) :: rest memo ctxt
  2.1135 +                end
  2.1136 +            | Step node =>
  2.1137 +                let
  2.1138 +                  val inference_name = inference_name_of_node node
  2.1139 +                  val inference_fmla = inference_fmla node
  2.1140 +
  2.1141 +                  (*FIXME debugging code
  2.1142 +                  val _ =
  2.1143 +                    if Config.get ctxt tptp_trace_reconstruction then
  2.1144 +                       (tracing ("handling node " ^ node);
  2.1145 +                        tracing ("inference " ^ inference_name);
  2.1146 +                        if is_some inference_fmla then
  2.1147 +                          tracing ("formula size " ^ Int.toString (Term.size_of_term (the inference_fmla)))
  2.1148 +                        else ()(*;
  2.1149 +                        tracing ("formula " ^ @{make_string inference_fmla}) *))
  2.1150 +                    else ()*)
  2.1151 +
  2.1152 +                  val (inference_instance_thm, memo', ctxt') =
  2.1153 +                    case AList.lookup (op =) memo node of
  2.1154 +                        NONE =>
  2.1155 +                          let
  2.1156 +                            val (thm, ctxt') =
  2.1157 +                              (*Instead of NONE could have another value indicating that the formula was too big*)
  2.1158 +                                if is_some inference_fmla andalso
  2.1159 +                                   (*FIXME could have different inference rules have different sizelimits*)
  2.1160 +                                   exceeds_tptp_max_term_size ctxt (Term.size_of_term (the inference_fmla)) then
  2.1161 +                                    (
  2.1162 +                                     warning ("Gave up on node " ^ node ^ " because of fmla size " ^
  2.1163 +                                              Int.toString (Term.size_of_term (the inference_fmla)));
  2.1164 +                                     (NONE, ctxt)
  2.1165 +                                    )
  2.1166 +                                else
  2.1167 +                                  let
  2.1168 +                                    val maybe_thm = ignore_interpretation_exn try_make_step ctxt
  2.1169 +                                    val ctxt' =
  2.1170 +                                      if is_some maybe_thm then
  2.1171 +                                        the maybe_thm
  2.1172 +                                        |> #1
  2.1173 +                                        |> Thm.theory_of_thm |> Proof_Context.init_global
  2.1174 +                                      else ctxt
  2.1175 +                                  in
  2.1176 +                                    (maybe_thm, ctxt')
  2.1177 +                                  end
  2.1178 +                          in (thm, (node, thm) :: memo, ctxt') end
  2.1179 +                      | SOME maybe_thm => (maybe_thm, memo, ctxt)
  2.1180 +                in
  2.1181 +                  (Annotated_step (node, inference_name),
  2.1182 +                   inference_fmla,
  2.1183 +                   inference_instance_thm) :: rest memo' ctxt'
  2.1184 +                end
  2.1185 +            | Definition n =>
  2.1186 +                let
  2.1187 +                  fun def_thm thy =
  2.1188 +                    case AList.lookup (op =) (#defs pannot) n of
  2.1189 +                        NONE => error ("Did not find definition: " ^ n)
  2.1190 +                      | SOME binding =>
  2.1191 +                          Binding.dest binding
  2.1192 +                          |> #3
  2.1193 +                          |> Global_Theory.get_thm thy
  2.1194 +                in
  2.1195 +                  (hd skel,
  2.1196 +                   prop_of (def_thm thy)
  2.1197 +                   |> SOME,
  2.1198 +                   SOME (def_thm thy,
  2.1199 +                         HEADGOAL (rtac_wrap def_thm))) :: rest memo ctxt
  2.1200 +                end
  2.1201 +            | Axiom n =>
  2.1202 +                let
  2.1203 +                  val ax_thm =
  2.1204 +                    case AList.lookup (op =) (#axs pannot) n of
  2.1205 +                        NONE => error ("Did not find axiom: " ^ n)
  2.1206 +                      | SOME binding =>
  2.1207 +                          Binding.dest binding
  2.1208 +                          |> #3
  2.1209 +                          |> Global_Theory.get_thm thy
  2.1210 +                in
  2.1211 +                  (hd skel,
  2.1212 +                   prop_of ax_thm
  2.1213 +                   |> SOME,
  2.1214 +                   SOME (ax_thm, rtac ax_thm 1)) :: rest memo ctxt
  2.1215 +                end
  2.1216 +      end
  2.1217 +
  2.1218 +    (*The next function handles cases where Leo2 doesn't include the solved_all_splits
  2.1219 +      step at the end (e.g. because there wouldn't be a split -- the proof
  2.1220 +      would be linear*)
  2.1221 +    fun sas_if_needed_tac ctxt prob_name =
  2.1222 +      let
  2.1223 +        val thy = Proof_Context.theory_of ctxt
  2.1224 +        val pannot = get_pannot_of_prob thy prob_name
  2.1225 +        val last_inference_info_opt =
  2.1226 +          find_first
  2.1227 +           (fn (_, info) => #role info = TPTP_Syntax.Role_Plain)
  2.1228 +           (#meta pannot)
  2.1229 +        val last_inference_info =
  2.1230 +          case last_inference_info_opt of
  2.1231 +              NONE => NONE
  2.1232 +            | SOME (_, info) => #source_inf_opt info
  2.1233 +      in
  2.1234 +        if is_some last_inference_info andalso
  2.1235 +         TPTP_Proof.is_inference_called "solved_all_splits"
  2.1236 +          (the last_inference_info)
  2.1237 +        then (@{thm asm_rl}, all_tac)
  2.1238 +        else (solved_all_splits, TRY (rtac solved_all_splits 1))
  2.1239 +      end
  2.1240 +in
  2.1241 +  (*Build a tactic from a skeleton. This is naive because it uses the naive skeleton.
  2.1242 +    The inference interpretation ("prover_tac") is a parameter -- it would usually be
  2.1243 +    different for different provers.*)
  2.1244 +  fun naive_reconstruct_tac ctxt prover_tac prob_name =
  2.1245 +    let
  2.1246 +      val thy = Proof_Context.theory_of ctxt
  2.1247 +    in
  2.1248 +      rtac @{thm ccontr} 1
  2.1249 +      THEN dtac neg_eq_false 1
  2.1250 +      THEN (sas_if_needed_tac ctxt prob_name |> #2)
  2.1251 +      THEN skel_to_naive_tactic ctxt prover_tac prob_name
  2.1252 +       (make_skeleton ctxt
  2.1253 +        (get_pannot_of_prob thy prob_name)) []
  2.1254 +    end
  2.1255 +
  2.1256 +  (*As above, but generates a list of tactics. This is useful for debugging, to apply
  2.1257 +    the tactics one by one manually.*)
  2.1258 +  fun naive_reconstruct_tacs prover_tac prob_name ctxt =
  2.1259 +    let
  2.1260 +      val thy = Proof_Context.theory_of ctxt
  2.1261 +    in
  2.1262 +      (Synth_step "ccontr", prop_of @{thm ccontr} |> SOME,
  2.1263 +       SOME (@{thm ccontr}, rtac @{thm ccontr} 1)) ::
  2.1264 +      (Synth_step "neg_eq_false", prop_of neg_eq_false |> SOME,
  2.1265 +       SOME (neg_eq_false, dtac neg_eq_false 1)) ::
  2.1266 +      (Synth_step "sas_if_needed_tac", prop_of @{thm asm_rl}(*FIXME *) |> SOME,
  2.1267 +       SOME (sas_if_needed_tac ctxt prob_name)) ::
  2.1268 +      skel_to_naive_tactic_dbg prover_tac ctxt prob_name
  2.1269 +       (make_skeleton ctxt
  2.1270 +        (get_pannot_of_prob thy prob_name)) []
  2.1271 +    end
  2.1272 +end
  2.1273 +
  2.1274 +(*Produces a theorem given a tactic and a parsed proof. This function is handy
  2.1275 +to test reconstruction, since it automates the interpretation and proving of the
  2.1276 +parsed proof's goal.*)
  2.1277 +fun reconstruct ctxt tactic prob_name =
  2.1278 +  let
  2.1279 +    val thy = Proof_Context.theory_of ctxt
  2.1280 +    val pannot = get_pannot_of_prob thy prob_name
  2.1281 +    val goal =
  2.1282 +      #meta pannot
  2.1283 +      |> List.filter (fn (_, info) =>
  2.1284 +          #role info = TPTP_Syntax.Role_Conjecture)
  2.1285 +  in
  2.1286 +    if null (#meta pannot) then
  2.1287 +      (*since the proof is empty, return a trivial result.*)
  2.1288 +      @{thm TrueI}
  2.1289 +    else if null goal then
  2.1290 +      raise (RECONSTRUCT "Proof lacks conjecture")
  2.1291 +    else
  2.1292 +      the_single goal
  2.1293 +      |> snd |> #fmla
  2.1294 +      |> (fn fmla => Goal.prove ctxt [] [] fmla (fn _ => tactic prob_name))
  2.1295 +  end
  2.1296 +
  2.1297 +
  2.1298 +(** Skolemisation setup **)
  2.1299 +
  2.1300 +(*Ignore these constants if they appear in the conclusion but not the hypothesis*)
  2.1301 +(*FIXME possibly incomplete*)
  2.1302 +val ignore_consts =
  2.1303 +  [HOLogic.conj, HOLogic.disj, HOLogic.imp, HOLogic.Not]
  2.1304 +
  2.1305 +(*Difference between the constants appearing between two terms, minus "ignore_consts"*)
  2.1306 +fun new_consts_between t1 t2 =
  2.1307 +  List.filter
  2.1308 +   (fn n => not (List.exists (fn n' => n' = n) ignore_consts))
  2.1309 +   (list_diff (consts_in t2) (consts_in t1))
  2.1310 +
  2.1311 +(*Generate definition binding for an equation*)
  2.1312 +fun mk_bind_eq prob_name params ((n, ty), t) =
  2.1313 +  let
  2.1314 +    val bnd =
  2.1315 +      Binding.name (List.last (space_explode "." n) ^ "_def")
  2.1316 +      |> Binding.qualify false (TPTP_Problem_Name.mangle_problem_name prob_name)
  2.1317 +    val t' =
  2.1318 +      Term.list_comb (Const (n, ty), params)
  2.1319 +      |> rpair t
  2.1320 +      |> HOLogic.mk_eq
  2.1321 +      |> HOLogic.mk_Trueprop
  2.1322 +      |> fold Logic.all params
  2.1323 +  in
  2.1324 +    (bnd, t')
  2.1325 +  end
  2.1326 +
  2.1327 +(*Generate binding for an axiom. Similar to "mk_bind_eq"*)
  2.1328 +fun mk_bind_ax prob_name node t =
  2.1329 +  let
  2.1330 +    val bnd =
  2.1331 +      Binding.name node
  2.1332 +      (*FIXME add suffix? e.g. ^ "_ax"*)
  2.1333 +      |> Binding.qualify false (TPTP_Problem_Name.mangle_problem_name prob_name)
  2.1334 +  in
  2.1335 +    (bnd, t)
  2.1336 +  end
  2.1337 +
  2.1338 +(*Extract the constant name, type, and its definition*)
  2.1339 +fun get_defn_components
  2.1340 +  (Const (@{const_name HOL.Trueprop}, _) $
  2.1341 +    (Const (@{const_name HOL.eq}, _) $
  2.1342 +      Const (name, ty) $ t)) = ((name, ty), t)
  2.1343 +
  2.1344 +
  2.1345 +(*** Proof transformations ***)
  2.1346 +
  2.1347 +(*Transforms a proof_annotation value.
  2.1348 +  Argument "f" is the proof transformer*)
  2.1349 +fun transf_pannot f (pannot : proof_annotation) : (theory * proof_annotation) =
  2.1350 +  let
  2.1351 +    val (thy', fms') = f (#meta pannot)
  2.1352 +  in
  2.1353 +    (thy',
  2.1354 +     {problem_name = #problem_name pannot,
  2.1355 +      skolem_defs = #skolem_defs pannot,
  2.1356 +      defs = #defs pannot,
  2.1357 +      axs = #axs pannot,
  2.1358 +      meta = fms'})
  2.1359 +  end
  2.1360 +
  2.1361 +
  2.1362 +(** Proof transformer to add virtual inference steps
  2.1363 +    encoding "bind" annotations in Leo-II proofs **)
  2.1364 +
  2.1365 +(*
  2.1366 +Involves finding an inference of this form:
  2.1367 +
  2.1368 +       (!x1 ... xn. F)   ...   Cn
  2.1369 +  ------------------------------------ (Rule name)
  2.1370 +          G[t1/x1, ..., tn/xn]
  2.1371 +
  2.1372 +and turn it into this:
  2.1373 +
  2.1374 +
  2.1375 +     (!x1 ... xn. F)
  2.1376 +  ---------------------- bind
  2.1377 +   F[t1/x1, ..., tn/xn]           ...   Cn
  2.1378 +  -------------------------------------------- (Rule name)
  2.1379 +                    G
  2.1380 +
  2.1381 +where "bind" is an inference rule (distinct from any rule name used
  2.1382 +by Leo2) to indicate such inferences.  This transformation is used
  2.1383 +to factor out instantiations, thus allowing the reconstruction to
  2.1384 +focus on (Rule name) rather than "(Rule name) + instantiations".
  2.1385 +*)
  2.1386 +fun interpolate_binds prob_name thy fms : theory * formula_meaning list =
  2.1387 +  let
  2.1388 +    fun factor_out_bind target_node pinfo intermediate_thy =
  2.1389 +      case pinfo of
  2.1390 +         TPTP_Proof.ParentWithDetails (n, pdetails) =>
  2.1391 +           (*create new node which contains the "bind" inference,
  2.1392 +             to be added to graph*)
  2.1393 +           let
  2.1394 +             val (new_node_name, thy') = get_next_name intermediate_thy
  2.1395 +             val orig_fmla = node_info fms #fmla n
  2.1396 +             val target_fmla = node_info fms #fmla target_node
  2.1397 +             val new_node =
  2.1398 +              (new_node_name,
  2.1399 +               {role = TPTP_Syntax.Role_Plain,
  2.1400 +                fmla = apply_binding thy' prob_name orig_fmla target_fmla pdetails |> fst,
  2.1401 +                source_inf_opt =
  2.1402 +                  SOME (TPTP_Proof.Inference (bindK, [], [pinfo]))})
  2.1403 +           in
  2.1404 +             ((TPTP_Proof.Parent new_node_name, SOME new_node), thy')
  2.1405 +           end
  2.1406 +       | _ => ((pinfo, NONE), intermediate_thy)
  2.1407 +    fun process_nodes (step as (n, data)) (intermediate_thy, rest) =
  2.1408 +      case #source_inf_opt data of
  2.1409 +          SOME (TPTP_Proof.Inference (inf_name, sinfos, pinfos)) =>
  2.1410 +            let
  2.1411 +              val ((pinfos', parent_nodes), thy') =
  2.1412 +                fold_map (factor_out_bind n) pinfos intermediate_thy
  2.1413 +                |> apfst ListPair.unzip
  2.1414 +              val step' =
  2.1415 +                (n, {role = #role data, fmla = #fmla data,
  2.1416 +                 source_inf_opt = SOME (TPTP_Proof.Inference (inf_name, sinfos, pinfos'))})
  2.1417 +            in (thy', fold_options parent_nodes @ step' :: rest) end
  2.1418 +        | _ => (intermediate_thy, step :: rest)
  2.1419 +  in
  2.1420 +    fold process_nodes fms (thy, [])
  2.1421 +    (*new_nodes must come at the beginning, since we assume that the last line in a proof is the closing line*)
  2.1422 +    |> apsnd rev
  2.1423 +  end
  2.1424 +
  2.1425 +
  2.1426 +(** Proof transformer to add virtual inference steps
  2.1427 +    encoding any transformation done immediately prior
  2.1428 +    to a splitting step **)
  2.1429 +
  2.1430 +(*
  2.1431 +Involves finding an inference of this form:
  2.1432 +
  2.1433 +                   F = $false
  2.1434 +  ----------------------------------- split_conjecture
  2.1435 +    (F1 = $false) ... (Fn = $false)
  2.1436 +
  2.1437 +where F doesn't have an "and" or "iff" at the top level,
  2.1438 +and turn it into this:
  2.1439 +
  2.1440 +                   F = $false
  2.1441 +  ----------------------------------- split_preprocessing
  2.1442 +            (F1 % ... % Fn) = $false
  2.1443 +  ----------------------------------- split_conjecture
  2.1444 +    (F1 = $false) ... (Fn = $false)
  2.1445 +
  2.1446 +where "%" is either an "and" or an "iff" connective.
  2.1447 +This transformation is used to clarify the clause structure, to
  2.1448 +make it immediately "obvious" how splitting is taking place
  2.1449 +(by factoring out the other syntactic transformations -- e.g.
  2.1450 +related to quantifiers -- performed by Leo2). Having the clause
  2.1451 +in this "clearer" form makes the inference amenable to handling
  2.1452 +using the "abstraction" technique, which allows us to validate
  2.1453 +large inferences.
  2.1454 +*)
  2.1455 +exception PREPROCESS_SPLITS
  2.1456 +fun preprocess_splits prob_name thy fms : theory * formula_meaning list =
  2.1457 +  let
  2.1458 +    (*Simulate the transformation done by Leo2's preprocessing
  2.1459 +      step during splitting.
  2.1460 +      NOTE: we assume that the clause is a singleton
  2.1461 +
  2.1462 +      This transformation does the following:
  2.1463 +       - miniscopes !-quantifiers (and recurs)
  2.1464 +       - removes redundant ?-quantifiers (and recurs)
  2.1465 +       - eliminates double negation (and recurs)
  2.1466 +       - breaks up conjunction (and recurs)
  2.1467 +       - expands iff (and doesn't recur)*)
  2.1468 +    fun transform_fmla i fmla_t =
  2.1469 +      case fmla_t of
  2.1470 +          Const (@{const_name "HOL.All"}, ty) $ Abs (s, ty', t') =>
  2.1471 +            let
  2.1472 +              val (i', fmla_ts) = transform_fmla i t'
  2.1473 +            in
  2.1474 +              if i' > i then
  2.1475 +                (i' + 1,
  2.1476 +                 map (fn t =>
  2.1477 +                  Const (@{const_name "HOL.All"}, ty) $ Abs (s, ty', t))
  2.1478 +                fmla_ts)
  2.1479 +              else (i, [fmla_t])
  2.1480 +            end
  2.1481 +        | Const (@{const_name "HOL.Ex"}, ty) $ Abs (s, ty', t') =>
  2.1482 +            if loose_bvar (t', 0) then
  2.1483 +              (i, [fmla_t])
  2.1484 +            else transform_fmla (i + 1) t'
  2.1485 +        | @{term HOL.Not} $ (@{term HOL.Not} $ t') =>
  2.1486 +            transform_fmla (i + 1) t'
  2.1487 +        | @{term HOL.conj} $ t1 $ t2 =>
  2.1488 +            let
  2.1489 +              val (i1, fmla_t1s) = transform_fmla (i + 1) t1
  2.1490 +              val (i2, fmla_t2s) = transform_fmla (i + 1) t2
  2.1491 +            in
  2.1492 +              (i1 + i2 - i, fmla_t1s @ fmla_t2s)
  2.1493 +            end
  2.1494 +        | Const (@{const_name HOL.eq}, ty) $ t1 $ t2 =>
  2.1495 +            let
  2.1496 +              val (T1, (T2, res)) =
  2.1497 +                dest_funT ty
  2.1498 +                |> apsnd dest_funT
  2.1499 +            in
  2.1500 +              if T1 = HOLogic.boolT andalso T2 = HOLogic.boolT andalso
  2.1501 +                 res = HOLogic.boolT then
  2.1502 +                (i + 1,
  2.1503 +                  [HOLogic.mk_imp (t1, t2),
  2.1504 +                   HOLogic.mk_imp (t2, t1)])
  2.1505 +              else (i, [fmla_t])
  2.1506 +            end
  2.1507 +        | _ => (i, [fmla_t])
  2.1508 +
  2.1509 +    fun preprocess_split thy split_node_name fmla_t =
  2.1510 +      (*create new node which contains the new inference,
  2.1511 +        to be added to graph*)
  2.1512 +      let
  2.1513 +        val (node_name, thy') = get_next_name thy
  2.1514 +        val (changes, fmla_conjs) =
  2.1515 +          transform_fmla 0 fmla_t
  2.1516 +          |> apsnd rev (*otherwise we run into problems because
  2.1517 +                         of commutativity of conjunction*)
  2.1518 +        val target_fmla =
  2.1519 +          fold (curry HOLogic.mk_conj) (tl fmla_conjs) (hd fmla_conjs)
  2.1520 +        val new_node =
  2.1521 +         (node_name,
  2.1522 +          {role = TPTP_Syntax.Role_Plain,
  2.1523 +           fmla =
  2.1524 +             HOLogic.mk_eq (target_fmla, @{term False}) (*polarise*)
  2.1525 +             |> HOLogic.mk_Trueprop,
  2.1526 +           source_inf_opt =
  2.1527 +             SOME (TPTP_Proof.Inference (split_preprocessingK, [], [TPTP_Proof.Parent split_node_name]))})
  2.1528 +      in
  2.1529 +        if changes = 0 then NONE
  2.1530 +        else SOME (TPTP_Proof.Parent node_name, new_node, thy')
  2.1531 +      end
  2.1532 +  in
  2.1533 +    fold
  2.1534 +     (fn step as (n, data) => fn (intermediate_thy, redirections, rest) =>
  2.1535 +       case #source_inf_opt data of
  2.1536 +            SOME (TPTP_Proof.Inference
  2.1537 +                   (inf_name, sinfos, pinfos)) =>
  2.1538 +              if inf_name <> "split_conjecture" then
  2.1539 +                (intermediate_thy, redirections, step :: rest)
  2.1540 +              else
  2.1541 +                let
  2.1542 +                  (*
  2.1543 +                   NOTE: here we assume that the node only has one
  2.1544 +                         parent, and that there is no additional
  2.1545 +                         parent info.
  2.1546 +                   *)
  2.1547 +                  val split_node_name =
  2.1548 +                    case pinfos of
  2.1549 +                        [TPTP_Proof.Parent n] => n
  2.1550 +                      | _ => raise PREPROCESS_SPLITS
  2.1551 +                (*check if we've already handled that already node*)
  2.1552 +                in
  2.1553 +                  case AList.lookup (op =) redirections split_node_name of
  2.1554 +                      SOME preprocessed_split_node_name =>
  2.1555 +                        let
  2.1556 +                          val step' =
  2.1557 +                            apply_to_parent_info (fn _ => [TPTP_Proof.Parent preprocessed_split_node_name]) step
  2.1558 +                        in (intermediate_thy, redirections, step' :: rest) end
  2.1559 +                    | NONE =>
  2.1560 +                        let
  2.1561 +                          (*we know the polarity to be $false, from knowing Leo2*)
  2.1562 +                          val split_fmla =
  2.1563 +                            try_dest_Trueprop (node_info fms #fmla split_node_name)
  2.1564 +                            |> remove_polarity true
  2.1565 +                            |> fst
  2.1566 +
  2.1567 +                          val preprocess_result =
  2.1568 +                            preprocess_split intermediate_thy
  2.1569 +                              split_node_name
  2.1570 +                              split_fmla
  2.1571 +                        in
  2.1572 +                          if is_none preprocess_result then
  2.1573 +                            (*no preprocessing done by Leo2, so no need to introduce
  2.1574 +                              a virtual inference. cache this result by
  2.1575 +                              redirecting the split_node to itself*)
  2.1576 +                            (intermediate_thy,
  2.1577 +                             (split_node_name, split_node_name) :: redirections,
  2.1578 +                             step :: rest)
  2.1579 +                          else
  2.1580 +                            let
  2.1581 +                              val (new_parent_info, new_parent_node, thy') = the preprocess_result
  2.1582 +                              val step' =
  2.1583 +                                (n, {role = #role data, fmla = #fmla data,
  2.1584 +                                 source_inf_opt = SOME (TPTP_Proof.Inference (inf_name, sinfos, [new_parent_info]))})
  2.1585 +                            in
  2.1586 +                              (thy',
  2.1587 +                               (split_node_name, fst new_parent_node) :: redirections,
  2.1588 +                               step' :: new_parent_node :: rest)
  2.1589 +                            end
  2.1590 +                        end
  2.1591 +                end
  2.1592 +          | _ => (intermediate_thy, redirections, step :: rest))
  2.1593 +     (rev fms) (*this allows us to put new inferences before other inferences which use them*)
  2.1594 +     (thy, [], [])
  2.1595 +    |> (fn (x, _, z) => (x, z)) (*discard redirection info*)
  2.1596 +  end
  2.1597 +
  2.1598 +
  2.1599 +(** Proof transformer to remove repeated quantification **)
  2.1600 +
  2.1601 +exception DROP_REPEATED_QUANTIFICATION
  2.1602 +fun drop_repeated_quantification thy (fms : formula_meaning list) : theory * formula_meaning list =
  2.1603 +  let
  2.1604 +    (*In case of repeated quantification, removes outer quantification.
  2.1605 +      Only need to look at top-level, since the repeated quantification
  2.1606 +      generally occurs at clause level*)
  2.1607 +    fun remove_repeated_quantification seen t =
  2.1608 +      case t of
  2.1609 +          (*NOTE we're assuming that variables having the same name, have the same type throughout*)
  2.1610 +          Const (@{const_name "HOL.All"}, ty) $ Abs (s, ty', t') =>
  2.1611 +            let
  2.1612 +              val (seen_so_far, seen') =
  2.1613 +                case AList.lookup (op =) seen s of
  2.1614 +                    NONE => (0, (s, 0) :: seen)
  2.1615 +                  | SOME n => (n + 1, AList.update (op =) (s, n + 1) seen)
  2.1616 +              val (pre_final_t, final_seen) = remove_repeated_quantification seen' t'
  2.1617 +              val final_t =
  2.1618 +                case AList.lookup (op =) final_seen s of
  2.1619 +                    NONE => raise DROP_REPEATED_QUANTIFICATION
  2.1620 +                  | SOME n =>
  2.1621 +                      if n > seen_so_far then pre_final_t
  2.1622 +                      else Const (@{const_name "HOL.All"}, ty) $ Abs (s, ty', pre_final_t)
  2.1623 +            in (final_t, final_seen) end
  2.1624 +        | _ => (t, seen)
  2.1625 +
  2.1626 +    fun remove_repeated_quantification' (n, {role, fmla, source_inf_opt}) =
  2.1627 +      (n,
  2.1628 +       {role = role,
  2.1629 +        fmla =
  2.1630 +          try_dest_Trueprop fmla
  2.1631 +          |> remove_repeated_quantification []
  2.1632 +          |> fst
  2.1633 +          |> HOLogic.mk_Trueprop,
  2.1634 +        source_inf_opt = source_inf_opt})
  2.1635 +  in
  2.1636 +    (thy, map remove_repeated_quantification' fms)
  2.1637 +  end
  2.1638 +
  2.1639 +
  2.1640 +(** Proof transformer to detect a redundant splitting and remove
  2.1641 +    the redundant branch. **)
  2.1642 +
  2.1643 +fun node_is_inference fms rule_name node_name =
  2.1644 +  case node_info fms #source_inf_opt node_name of
  2.1645 +      NONE => false
  2.1646 +    | SOME (TPTP_Proof.File _) => false
  2.1647 +    | SOME (TPTP_Proof.Inference (rule_name', _, _)) => rule_name' = rule_name
  2.1648 +
  2.1649 +(*In this analysis we're interested if there exists a split-free
  2.1650 +  path between the end of the proof and the negated conjecture.
  2.1651 +  If so, then this path (or the shortest such path) could be
  2.1652 +  retained, and the rest of the proof erased.*)
  2.1653 +datatype branch_info =
  2.1654 +    Split_free (*Path is not part of a split. This is only used when path reaches the negated conjecture.*)
  2.1655 +  | Split_present (*Path is one of a number of splits. Such paths are excluded.*)
  2.1656 +  | Coinconsistent of int (*Path leads to a clause which is inconsistent with nodes concluded by other paths.
  2.1657 +                            Therefore this path should be kept if the others are kept
  2.1658 +                            (i.e., unless one of them results from a split)*)
  2.1659 +  | No_info (*Analysis hasn't come across anything definite yet, though it still hasn't completed.*)
  2.1660 +(*A "paths" value consist of every way of reaching the destination,
  2.1661 +  including information come across it so far. Taking the head of
  2.1662 +  each way gives the fringe. All paths should share the same source
  2.1663 +  and sink.*)
  2.1664 +type path = (branch_info * string list)
  2.1665 +exception PRUNE_REDUNDANT_SPLITS
  2.1666 +fun prune_redundant_splits prob_name thy fms : theory * formula_meaning list =
  2.1667 +  let
  2.1668 +    (*All paths start at the contradiction*)
  2.1669 +    val initial_path = (No_info, [proof_end_node fms])
  2.1670 +    (*All paths should end at the proof's beginning*)
  2.1671 +    val end_node = proof_beginning_node fms
  2.1672 +
  2.1673 +    fun compute_path (path as ((info,
  2.1674 +                       (n :: ns)) : path))(*i.e. node list can't be empty*)
  2.1675 +        intermediate_thy =
  2.1676 +      case info of
  2.1677 +          Split_free => (([path], []), intermediate_thy)
  2.1678 +        | Coinconsistent branch_id =>
  2.1679 +            (*If this branch has a split_conjecture parent then all "sibling" branches get erased.*)
  2.1680 +            (*This branch can't lead to yet another coinconsistent branch (in the case of Leo2).*)
  2.1681 +            let
  2.1682 +              val parent_nodes = parents_of_node fms n
  2.1683 +            in
  2.1684 +              if List.exists (node_is_inference fms "split_conjecture") parent_nodes then
  2.1685 +                (([], [branch_id]), intermediate_thy) (*all related branches are to be deleted*)
  2.1686 +              else
  2.1687 +                list_prod [] parent_nodes (n :: ns)
  2.1688 +                |> map (fn ns' => (Coinconsistent branch_id, ns'))
  2.1689 +                |> (fn x => ((x, []), intermediate_thy))
  2.1690 +            end
  2.1691 +
  2.1692 +        | No_info =>
  2.1693 +            let
  2.1694 +              val parent_nodes = parents_of_node fms n
  2.1695 +
  2.1696 +              (*if this node is a consistency checking node then parent nodes will be marked as coinconsistent*)
  2.1697 +              val (thy', new_branch_info) =
  2.1698 +                if node_is_inference fms "fo_atp_e" n orelse
  2.1699 +                   node_is_inference fms "res" n then
  2.1700 +                  let
  2.1701 +                    val (i', intermediate_thy') = get_next_int intermediate_thy
  2.1702 +                  in
  2.1703 +                    (intermediate_thy', SOME (Coinconsistent i'))
  2.1704 +                  end
  2.1705 +                else (intermediate_thy, NONE)
  2.1706 +            in
  2.1707 +              if List.exists (node_is_inference fms "split_conjecture") parent_nodes then
  2.1708 +                (([], []), thy')
  2.1709 +              else
  2.1710 +                list_prod [] parent_nodes (n :: ns)
  2.1711 +                |> map (fn ns' =>
  2.1712 +                          let
  2.1713 +                            val info =
  2.1714 +                              if is_some new_branch_info then the new_branch_info
  2.1715 +                              else
  2.1716 +                                if hd ns' = end_node then Split_free else No_info
  2.1717 +                          in (info, ns') end)
  2.1718 +                |> (fn x => ((x, []), thy'))
  2.1719 +            end
  2.1720 +        | _ => raise PRUNE_REDUNDANT_SPLITS
  2.1721 +
  2.1722 +    fun compute_paths intermediate_thy (paths : path list) =
  2.1723 +      if filter (fn (_, ns) => ns <> [] andalso hd ns = end_node) paths = paths then
  2.1724 +        (*fixpoint reached when all paths are at the head position*)
  2.1725 +        (intermediate_thy, paths)
  2.1726 +      else
  2.1727 +        let
  2.1728 +          val filtered_paths = filter (fn (info, _) : path => info <> Split_present) paths (*not interested in paths containing a split*)
  2.1729 +          val (paths', thy') =
  2.1730 +            fold_map compute_path filtered_paths intermediate_thy
  2.1731 +        in
  2.1732 +          paths'
  2.1733 +          |> ListPair.unzip (*we get a list of pairs of lists. we want a pair of lists*)
  2.1734 +          |> (fn (paths, branch_ids) =>
  2.1735 +               (List.concat paths,
  2.1736 +                (*remove duplicate branch_ids*)
  2.1737 +                fold (Library.insert (op =)) (List.concat branch_ids) []))
  2.1738 +          (*filter paths having branch_ids appearing in the second list*)
  2.1739 +          |> (fn (paths, branch_ids) =>
  2.1740 +              filter (fn (info, _) =>
  2.1741 +                        case info of
  2.1742 +                            Coinconsistent branch_id => List.exists (fn x => x = branch_id) branch_ids
  2.1743 +                          | _ => true) paths)
  2.1744 +          |> compute_paths thy'
  2.1745 +        end
  2.1746 +
  2.1747 +    val (thy', paths) =
  2.1748 +      compute_paths thy [initial_path]
  2.1749 +      |> apsnd
  2.1750 +          (filter (fn (branch_info, _) =>
  2.1751 +                  case branch_info of
  2.1752 +                      Split_free => true
  2.1753 +                    | Coinconsistent _ => true
  2.1754 +                    | _ => false))
  2.1755 +    (*Extract subset of fms which is used in a path.
  2.1756 +      Also, remove references (in parent info annotations) to erased nodes.*)
  2.1757 +    fun path_to_fms ((_, nodes) : path) =
  2.1758 +      fold
  2.1759 +       (fn n => fn fms' =>
  2.1760 +          case AList.lookup (op =) fms' n of
  2.1761 +              SOME _ => fms'
  2.1762 +            | NONE =>
  2.1763 +               let
  2.1764 +                 val node_info = the (AList.lookup (op =) fms n)
  2.1765 +
  2.1766 +                 val source_info' =
  2.1767 +                   case #source_inf_opt node_info of
  2.1768 +                       NONE => error "Only the conjecture is an orphan"
  2.1769 +                     | SOME (source_info as TPTP_Proof.File _) => source_info
  2.1770 +                     | SOME (source_info as
  2.1771 +                             TPTP_Proof.Inference (inference_name,
  2.1772 +                                                   useful_infos : TPTP_Proof.useful_info_as list,
  2.1773 +                                                   parent_infos)) =>
  2.1774 +                         let
  2.1775 +                           fun is_node_in_fms' parent_info =
  2.1776 +                             let
  2.1777 +                               val parent_nodename =
  2.1778 +                                 case parent_info of
  2.1779 +                                     TPTP_Proof.Parent n => n
  2.1780 +                                   | TPTP_Proof.ParentWithDetails (n, _) => n
  2.1781 +                             in
  2.1782 +                               case AList.lookup (op =) fms' parent_nodename of
  2.1783 +                                   NONE => false
  2.1784 +                                 | SOME _ => true
  2.1785 +                             end
  2.1786 +                         in
  2.1787 +                           TPTP_Proof.Inference (inference_name,
  2.1788 +                                                 useful_infos,
  2.1789 +                                                 filter is_node_in_fms' parent_infos)
  2.1790 +                         end
  2.1791 +               in
  2.1792 +                   (n,
  2.1793 +                    {role = #role node_info,
  2.1794 +                     fmla = #fmla node_info,
  2.1795 +                     source_inf_opt = SOME source_info'}) :: fms'
  2.1796 +               end)
  2.1797 +       nodes
  2.1798 +       []
  2.1799 +  in
  2.1800 +    if null paths then (thy', fms) else
  2.1801 +      (thy',
  2.1802 +       hd(*FIXME could pick path based on length, or some notion of "difficulty"*) paths
  2.1803 +       |> path_to_fms)
  2.1804 +  end
  2.1805 +
  2.1806 +
  2.1807 +(*** Main functions ***)
  2.1808 +
  2.1809 +(*interpret proof*)
  2.1810 +fun import_thm cautious path_prefixes file_name
  2.1811 + (on_load : proof_annotation -> theory -> (proof_annotation * theory)) thy =
  2.1812 +  let
  2.1813 +    val prob_name =
  2.1814 +      Path.base file_name
  2.1815 +      |> Path.implode
  2.1816 +      |> TPTP_Problem_Name.parse_problem_name
  2.1817 +    val thy1 = TPTP_Interpret.import_file cautious path_prefixes file_name [] [] thy
  2.1818 +    val fms = get_fmlas_of_prob thy1 prob_name
  2.1819 +  in
  2.1820 +    if List.null fms then
  2.1821 +      (warning ("File " ^ Path.implode file_name ^ " appears empty!");
  2.1822 +       TPTP_Reconstruction_Data.map (cons ((prob_name, empty_pannot prob_name))) thy1)
  2.1823 +    else
  2.1824 +      let
  2.1825 +        val defn_equations =
  2.1826 +          List.filter (fn (_, role, _, _) => role = TPTP_Syntax.Role_Definition) fms
  2.1827 +          |> map (fn (node, _, t, _) =>
  2.1828 +               (node,
  2.1829 +                get_defn_components t
  2.1830 +                |> mk_bind_eq prob_name []))
  2.1831 +        val axioms =
  2.1832 +          List.filter (fn (_, role, _, _) => role = TPTP_Syntax.Role_Axiom) fms
  2.1833 +          |> map (fn (node, _, t, _) =>
  2.1834 +               (node,
  2.1835 +                mk_bind_ax prob_name node t))
  2.1836 +
  2.1837 +        (*add definitions and axioms to the theory*)
  2.1838 +        val thy2 =
  2.1839 +          fold
  2.1840 +           (fn bnd => fn thy =>
  2.1841 +              let
  2.1842 +                val ((name, thm), thy') = Thm.add_axiom_global bnd thy
  2.1843 +              in Global_Theory.add_thm ((#1 bnd, thm), []) thy' |> #2 end)
  2.1844 +           (map snd defn_equations @ map snd axioms)
  2.1845 +          thy1
  2.1846 +
  2.1847 +        (*apply global proof transformations*)
  2.1848 +        val (thy3, pre_pannot) : theory * proof_annotation =
  2.1849 +          transf_pannot
  2.1850 +           (prune_redundant_splits prob_name thy2
  2.1851 +            #-> interpolate_binds prob_name
  2.1852 +            #-> preprocess_splits prob_name
  2.1853 +            #-> drop_repeated_quantification)
  2.1854 +           {problem_name = prob_name,
  2.1855 +            skolem_defs = [],
  2.1856 +            defs = map (apsnd fst) defn_equations,
  2.1857 +            axs = map (apsnd fst) axioms,
  2.1858 +            meta = map (fn (n, r, t, info) => (n, {role=r, fmla=t, source_inf_opt=info})) fms}
  2.1859 +
  2.1860 +        (*store pannot*)
  2.1861 +        val thy4 = TPTP_Reconstruction_Data.map (cons ((prob_name, pre_pannot))) thy3
  2.1862 +
  2.1863 +        (*run hook, which might result in changed pannot and theory*)
  2.1864 +        val (pannot, thy5) = on_load pre_pannot thy4
  2.1865 +
  2.1866 +      (*store the most recent pannot*)
  2.1867 +      in TPTP_Reconstruction_Data.map (cons ((prob_name, pannot))) thy5 end
  2.1868 +  end
  2.1869 +
  2.1870 +(*This has been disabled since it requires a hook to be specified to use "import_thm"
  2.1871 +val _ =
  2.1872 +  Outer_Syntax.improper_command @{command_spec "import_leo2_proof"} "import TPTP proof"
  2.1873 +    (Parse.path >> (fn name =>
  2.1874 +      Toplevel.theory (fn thy =>
  2.1875 +       let val path = Path.explode name
  2.1876 +       in import_thm true [Path.dir path, Path.explode "$TPTP"] path (*FIXME hook needs to be given here*)
  2.1877 +thy end)))
  2.1878 +*)
  2.1879 +
  2.1880 +
  2.1881 +(** Archive **)
  2.1882 +(*FIXME move elsewhere*)
  2.1883 +(*This contains currently unused, but possibly useful, functions written
  2.1884 +  during experimentation, in case they are useful later on*)
  2.1885 +
  2.1886 +(*given a list of rules and a node, return
  2.1887 +  SOME (rule name) if that node's rule name
  2.1888 +  belongs to the list of rules*)
  2.1889 +fun match_rules_of_current (pannot : proof_annotation) rules n =
  2.1890 +  case node_info (#meta pannot) #source_inf_opt n of
  2.1891 +      NONE => NONE
  2.1892 +    | SOME (TPTP_Proof.File _) => NONE
  2.1893 +    | SOME (TPTP_Proof.Inference (rule_name, _ : TPTP_Proof.useful_info_as list, _)) =>
  2.1894 +        if member (op =) rules rule_name then SOME rule_name else NONE
  2.1895 +
  2.1896 +(*given a node and a list of rules, determine
  2.1897 +  whether all the rules can be matched to
  2.1898 +  parent nodes. If nonstrict then there may be
  2.1899 +  more parents than given rules.*)
  2.1900 +fun match_rules_of_immediate_previous (pannot : proof_annotation) strict rules n =
  2.1901 +  case node_info (#meta pannot) #source_inf_opt n of
  2.1902 +      NONE => null rules
  2.1903 +    | SOME (TPTP_Proof.File _) => null rules
  2.1904 +    | SOME (TPTP_Proof.Inference (rule_name, _ : TPTP_Proof.useful_info_as list, parent_infos)) =>
  2.1905 +        let
  2.1906 +          val matched_rules : string option list =
  2.1907 +            map (match_rules_of_current pannot rules)
  2.1908 +                (dest_parent_infos true (#meta pannot) parent_infos |> map #name)
  2.1909 +        in
  2.1910 +          if strict andalso member (op =) matched_rules NONE then false
  2.1911 +          else
  2.1912 +            (*check that all the rules were matched*)
  2.1913 +            fold
  2.1914 +              (fn (rule : string) => fn (st, matches : string option list) =>
  2.1915 +                 if not st then (st, matches)
  2.1916 +                 else
  2.1917 +                   let
  2.1918 +                     val idx = find_index (fn match => SOME rule = match) matches
  2.1919 +                   in
  2.1920 +                     if idx < 0 then (false, matches)
  2.1921 +                     else
  2.1922 +                       (st, nth_drop idx matches)
  2.1923 +                   end)
  2.1924 +             rules
  2.1925 +             (true, matched_rules)
  2.1926 +            |> #1 (*discard the other info*)
  2.1927 +        end
  2.1928 +end
     3.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     3.2 +++ b/src/HOL/TPTP/TPTP_Parser/tptp_reconstruct_library.ML	Wed Feb 19 15:57:02 2014 +0000
     3.3 @@ -0,0 +1,795 @@
     3.4 +(*  Title:      HOL/TPTP/TPTP_Parser/tptp_reconstruct_library.ML
     3.5 +    Author:     Nik Sultana, Cambridge University Computer Laboratory
     3.6 +Collection of general functions used in the reconstruction module.
     3.7 +*)
     3.8 +
     3.9 +signature TPTP_RECONSTRUCT_LIBRARY =
    3.10 +sig
    3.11 +  exception BREAK_LIST
    3.12 +  val break_list : 'a list -> 'a * 'a list
    3.13 +  val break_seq : 'a Seq.seq -> 'a * 'a Seq.seq
    3.14 +  exception MULTI_ELEMENT_LIST
    3.15 +  val cascaded_filter_single : bool -> ('a list -> 'a list) list -> 'a list -> 'a option
    3.16 +  val concat_between : 'a list list -> ('a option * 'a option) -> 'a list
    3.17 +  exception DIFF_TYPE of typ * typ
    3.18 +  exception DIFF of term * term
    3.19 +  val diff :
    3.20 +     theory ->
    3.21 +     term * term -> (term * term) list * (typ * typ) list
    3.22 +  exception DISPLACE_KV
    3.23 +  val displace_kv : ''a -> (''a * 'b) list -> (''a * 'b) list
    3.24 +  val enumerate : int -> 'a list -> (int * 'a) list
    3.25 +  val fold_options : 'a option list -> 'a list
    3.26 +  val find_and_remove : ('a -> bool) -> 'a list -> 'a * 'a list
    3.27 +  val lift_option : ('a -> 'b) -> 'a option -> 'b option
    3.28 +  val list_diff : ''a list -> ''a list -> ''a list
    3.29 +  val list_prod : 'a list list -> 'a list -> 'a list -> 'a list list
    3.30 +  val permute : ''a list -> ''a list list
    3.31 +  val prefix_intersection_list :
    3.32 +     ''a list -> ''a list -> ''a list
    3.33 +  val repeat_until_fixpoint : (''a -> ''a) -> ''a -> ''a
    3.34 +  val switch : ('a -> 'b -> 'c) -> 'b -> 'a -> 'c
    3.35 +  val zip_amap :
    3.36 +       'a list ->
    3.37 +       'b list ->
    3.38 +       ('a * 'b) list -> ('a * 'b) list * ('a list * 'b list)
    3.39 +
    3.40 +  val consts_in : term -> term list
    3.41 +  val head_quantified_variable :
    3.42 +     int -> thm -> (string * typ) option
    3.43 +  val push_allvar_in : string -> term -> term
    3.44 +  val strip_top_All_var : term -> (string * typ) * term
    3.45 +  val strip_top_All_vars : term -> (string * typ) list * term
    3.46 +  val strip_top_all_vars :
    3.47 +     (string * typ) list -> term -> (string * typ) list * term
    3.48 +  val trace_tac' :
    3.49 +     string ->
    3.50 +     ('a -> thm -> 'b Seq.seq) -> 'a -> thm -> 'b Seq.seq
    3.51 +  val try_dest_Trueprop : term -> term
    3.52 +
    3.53 +  val type_devar : ((indexname * sort) * typ) list -> term -> term
    3.54 +  val diff_and_instantiate : Proof.context -> thm -> term -> term -> thm
    3.55 +
    3.56 +  val batter : int -> tactic
    3.57 +  val break_hypotheses : int -> tactic
    3.58 +  val clause_breaker : int -> tactic
    3.59 +  (* val dist_all_and_tac : Proof.context -> int -> tactic *)(*FIXME unused*)
    3.60 +  val reassociate_conjs_tac : Proof.context -> int -> tactic
    3.61 +
    3.62 +  val ASAP : (int -> tactic) -> (int -> tactic) -> int -> tactic
    3.63 +  val COND' :
    3.64 +     ('a -> thm -> bool) ->
    3.65 +     ('a -> tactic) -> ('a -> tactic) -> 'a -> tactic
    3.66 +
    3.67 +  val TERMFUN :
    3.68 +     (term list * term -> 'a) -> int option -> thm -> 'a list
    3.69 +  val TERMPRED :
    3.70 +     (term -> bool) ->
    3.71 +     (term -> bool) -> int option -> thm -> bool
    3.72 +
    3.73 +  val guided_abstract :
    3.74 +     bool -> term -> term -> ((string * typ) * term) * term list
    3.75 +  val abstract :
    3.76 +     term list -> term -> ((string * typ) * term) list * term
    3.77 +end
    3.78 +
    3.79 +structure TPTP_Reconstruct_Library : TPTP_RECONSTRUCT_LIBRARY =
    3.80 +struct
    3.81 +
    3.82 +(*zip as much as possible*)
    3.83 +fun zip_amap [] ys acc = (acc, ([], ys))
    3.84 +  | zip_amap xs [] acc = (acc, (xs, []))
    3.85 +  | zip_amap (x :: xs) (y :: ys) acc =
    3.86 +      zip_amap xs ys ((x, y) :: acc);
    3.87 +
    3.88 +(*Pair a list up with the position number of each element,
    3.89 +  starting from n*)
    3.90 +fun enumerate n ls =
    3.91 +  let
    3.92 +    fun enumerate' [] _ acc = acc
    3.93 +      | enumerate' (x :: xs) n acc = enumerate' xs (n + 1) ((n, x) :: acc)
    3.94 +  in
    3.95 +    enumerate' ls n []
    3.96 +    |> rev
    3.97 +  end
    3.98 +
    3.99 +(*
   3.100 +enumerate 0 [];
   3.101 +enumerate 0 ["a", "b", "c"];
   3.102 +*)
   3.103 +
   3.104 +(*List subtraction*)
   3.105 +fun list_diff l1 l2 =
   3.106 +  List.filter (fn x => List.all (fn y => x <> y) l2) l1
   3.107 +
   3.108 +val _ = @{assert}
   3.109 +  (list_diff [1,2,3] [2,4] = [1, 3])
   3.110 +
   3.111 +(* [a,b] times_list [c,d] gives [[a,c,d], [b,c,d]] *)
   3.112 +fun list_prod acc [] _ = rev acc
   3.113 +  | list_prod acc (x :: xs) ys = list_prod ((x :: ys) :: acc) xs ys
   3.114 +
   3.115 +fun repeat_until_fixpoint f x =
   3.116 +  let
   3.117 +    val x' = f x
   3.118 +  in
   3.119 +    if x = x' then x else repeat_until_fixpoint f x'
   3.120 +  end
   3.121 +
   3.122 +(*compute all permutations of a list*)
   3.123 +fun permute l =
   3.124 +  let
   3.125 +    fun permute' (l, []) = [(l, [])]
   3.126 +      | permute' (l, xs) =
   3.127 +          map (fn x => (x :: l, filter (fn y => y <> x) xs)) xs
   3.128 +          |> map permute'
   3.129 +          |> List.concat
   3.130 +  in
   3.131 +    permute' ([], l)
   3.132 +    |> map fst
   3.133 +  end
   3.134 +(*
   3.135 +permute [1,2,3];
   3.136 +permute ["A", "B"]
   3.137 +*)
   3.138 +
   3.139 +(*this exception is raised when the pair we wish to displace
   3.140 +  isn't found in the association list*)
   3.141 +exception DISPLACE_KV;
   3.142 +(*move a key-value pair, determined by the k, to the beginning of
   3.143 +  an association list. it moves the first occurrence of a pair
   3.144 +  keyed by "k"*)
   3.145 +local
   3.146 +  fun fold_fun k (kv as (k', v)) (l, buff) =
   3.147 +    if is_some buff then (kv :: l, buff)
   3.148 +    else
   3.149 +      if k = k' then
   3.150 +        (l, SOME kv)
   3.151 +      else
   3.152 +        (kv :: l, buff)
   3.153 +in
   3.154 +  (*"k" is the key value of the pair we wish to displace*)
   3.155 +  fun displace_kv k alist =
   3.156 +    let
   3.157 +      val (pre_alist, kv) = fold (fold_fun k) alist ([], NONE)
   3.158 +    in
   3.159 +      if is_some kv then
   3.160 +        the kv :: rev pre_alist
   3.161 +      else raise DISPLACE_KV
   3.162 +    end
   3.163 +end
   3.164 +
   3.165 +(*Given two lists, it generates a new list where
   3.166 +  the intersection of the lists forms the prefix
   3.167 +  of the new list.*)
   3.168 +local
   3.169 +  fun prefix_intersection_list' (acc_pre, acc_pro) l1 l2 =
   3.170 +    if null l1 then
   3.171 +      List.rev acc_pre @ List.rev acc_pro
   3.172 +    else if null l2 then
   3.173 +      List.rev acc_pre @ l1 @ List.rev acc_pro
   3.174 +    else
   3.175 +      let val l1_hd = hd l1
   3.176 +      in
   3.177 +        prefix_intersection_list'
   3.178 +         (if member (op =) l2 l1_hd then
   3.179 +            (l1_hd :: acc_pre, acc_pro)
   3.180 +          else
   3.181 +           (acc_pre, l1_hd :: acc_pro))
   3.182 +         (tl l1) l2
   3.183 +      end
   3.184 +in
   3.185 +  fun prefix_intersection_list l1 l2 = prefix_intersection_list' ([], []) l1 l2
   3.186 +end;
   3.187 +
   3.188 +val _ = @{assert}
   3.189 +  (prefix_intersection_list [1,2,3,4,5] [1,3,5] = [1, 3, 5, 2, 4]);
   3.190 +
   3.191 +val _ = @{assert}
   3.192 +  (prefix_intersection_list [1,2,3,4,5] [] = [1,2,3,4,5]);
   3.193 +
   3.194 +val _ = @{assert}
   3.195 +  (prefix_intersection_list [] [1,3,5] = [])
   3.196 +
   3.197 +fun switch f y x = f x y
   3.198 +
   3.199 +(*Given a value of type "'a option list", produce
   3.200 +  a value of type "'a list" by dropping the NONE elements
   3.201 +  and projecting the SOME elements.*)
   3.202 +fun fold_options opt_list =
   3.203 +  fold
   3.204 +   (fn x => fn l => if is_some x then the x :: l else l)
   3.205 +   opt_list
   3.206 +   [];
   3.207 +
   3.208 +val _ = @{assert}
   3.209 +  ([2,0,1] =
   3.210 +   fold_options [NONE, SOME 1, NONE, SOME 0, NONE, NONE, SOME 2]);
   3.211 +
   3.212 +fun lift_option (f : 'a -> 'b) (x_opt : 'a option) : 'b option =
   3.213 +  case x_opt of
   3.214 +      NONE => NONE
   3.215 +    | SOME x => SOME (f x)
   3.216 +
   3.217 +fun break_seq x = (Seq.hd x, Seq.tl x)
   3.218 +
   3.219 +exception BREAK_LIST
   3.220 +fun break_list (x :: xs) = (x, xs)
   3.221 +  | break_list _ = raise BREAK_LIST
   3.222 +
   3.223 +exception MULTI_ELEMENT_LIST
   3.224 +(*Try a number of predicates, in order, to find a single element.
   3.225 +  Predicates are expected to either return an empty list or a
   3.226 +  singleton list. If strict=true and list has more than one element,
   3.227 +  then raise an exception. Otherwise try a new predicate.*)
   3.228 +fun cascaded_filter_single strict preds l =
   3.229 +  case preds of
   3.230 +      [] => NONE
   3.231 +    | (p :: ps) =>
   3.232 +      case p l of
   3.233 +          [] => cascaded_filter_single strict ps l
   3.234 +        | [x] => SOME x
   3.235 +        | l =>
   3.236 +            if strict then raise MULTI_ELEMENT_LIST
   3.237 +            else cascaded_filter_single strict ps l
   3.238 +
   3.239 +(*concat but with optional before-and-after delimiters*)
   3.240 +fun concat_between [] _ = []
   3.241 +  | concat_between [l] _ = l
   3.242 +  | concat_between (l :: ls) (seps as (bef, aft)) =
   3.243 +    let
   3.244 +      val pre = if is_some bef then the bef :: l else l
   3.245 +      val mid = if is_some aft then [the aft] else []
   3.246 +      val post = concat_between ls seps
   3.247 +    in
   3.248 +      pre @ mid @ post
   3.249 +    end
   3.250 +
   3.251 +(*Given a list, find an element satisfying pred, and return
   3.252 +  a pair consisting of that element and the list minus the element.*)
   3.253 +fun find_and_remove pred l =
   3.254 +  find_index pred l
   3.255 +  |> switch chop l
   3.256 +  |> apsnd break_list
   3.257 +  |> (fn (xs, (y, ys)) => (y, xs @ ys))
   3.258 +
   3.259 +val _ = @{assert} (find_and_remove (curry (op =) 3) [0,1,2,3,4,5] = (3, [0,1,2,4,5]))
   3.260 +
   3.261 +
   3.262 +(** Functions on terms **)
   3.263 +
   3.264 +(*Extract the forall-prefix of a term, and return a pair consisting of the prefix
   3.265 +  and the body*)
   3.266 +local
   3.267 +  (*Strip off HOL's All combinator if it's at the toplevel*)
   3.268 +  fun try_dest_All (Const (@{const_name HOL.All}, _) $ t) = t
   3.269 +    | try_dest_All (Const (@{const_name HOL.Trueprop}, _) $ t) = try_dest_All t
   3.270 +    | try_dest_All t = t
   3.271 +
   3.272 +  val _ = @{assert}
   3.273 +    ((@{term "! x. (! y. P) = True"}
   3.274 +      |> try_dest_All
   3.275 +      |> Term.strip_abs_vars)
   3.276 +     = [("x", @{typ "'a"})])
   3.277 +
   3.278 +  val _ = @{assert}
   3.279 +    ((@{prop "! x. (! y. P) = True"}
   3.280 +      |> try_dest_All
   3.281 +      |> Term.strip_abs_vars)
   3.282 +     = [("x", @{typ "'a"})])
   3.283 +
   3.284 +  fun strip_top_All_vars' once acc t =
   3.285 +    let
   3.286 +      val t' = try_dest_All t
   3.287 +      val var =
   3.288 +        try (Term.strip_abs_vars #> hd) t'
   3.289 +
   3.290 +      fun strip v t =
   3.291 +        (v, subst_bounds ([Free v], Term.strip_abs_body t))
   3.292 +    in
   3.293 +      if t' = t orelse is_none var then (acc, t)
   3.294 +      else
   3.295 +        let
   3.296 +          val (v, t) = strip (the var) t'
   3.297 +          val acc' = v :: acc
   3.298 +        in
   3.299 +          if once then (acc', t)
   3.300 +          else strip_top_All_vars' once acc' t
   3.301 +        end
   3.302 +    end
   3.303 +in
   3.304 +  fun strip_top_All_vars t = strip_top_All_vars' false [] t
   3.305 +
   3.306 +val _ =
   3.307 +  let
   3.308 +    val answer =
   3.309 +      ([("x", @{typ "'a"})],
   3.310 +       HOLogic.all_const @{typ "'a"} $
   3.311 +        (HOLogic.eq_const @{typ "'a"} $
   3.312 +         Free ("x", @{typ "'a"})))
   3.313 +  in
   3.314 +    @{assert}
   3.315 +      ((@{term "! x. All (op = x)"}
   3.316 +        |> strip_top_All_vars)
   3.317 +       = answer)
   3.318 +  end
   3.319 +
   3.320 +  (*like strip_top_All_vars, but peels a single variable off, instead of all of them*)
   3.321 +  fun strip_top_All_var t =
   3.322 +    strip_top_All_vars' true [] t
   3.323 +    |> apfst the_single
   3.324 +end
   3.325 +
   3.326 +(*like strip_top_All_vars but for "all" instead of "All"*)
   3.327 +fun strip_top_all_vars acc t =
   3.328 +  if Logic.is_all t then
   3.329 +    let
   3.330 +      val (v, t') = Logic.dest_all t
   3.331 +      (*bound instances in t' are replaced with free vars*)
   3.332 +    in
   3.333 +      strip_top_all_vars (v :: acc) t'
   3.334 +    end
   3.335 +  else (acc, (*variables are returned in FILO order*)
   3.336 +        t)
   3.337 +
   3.338 +(*given a term "t"
   3.339 +    ! X Y Z. t'
   3.340 +  then then "push_allvar_in "X" t" will give
   3.341 +    ! Y Z X. t'
   3.342 +*)
   3.343 +fun push_allvar_in v t =
   3.344 +  let
   3.345 +    val (vs, t') = strip_top_All_vars t
   3.346 +    val vs' = displace_kv v vs
   3.347 +  in
   3.348 +    fold (fn (v, ty) => fn t =>
   3.349 +      HOLogic.mk_all (v, ty, t)) vs' t'
   3.350 +  end
   3.351 +
   3.352 +(*Lists all consts in a term, uniquely*)
   3.353 +fun consts_in (Const c) = [Const c]
   3.354 +  | consts_in (Free _) = []
   3.355 +  | consts_in (Var _) = []
   3.356 +  | consts_in (Bound _) = []
   3.357 +  | consts_in (Abs (_, _, t)) = consts_in t
   3.358 +  | consts_in (t1 $ t2) = union (op =) (consts_in t1) (consts_in t2);
   3.359 +
   3.360 +exception DIFF of term * term
   3.361 +exception DIFF_TYPE of typ * typ
   3.362 +(*This carries out naive form of matching.  It "diffs" two formulas,
   3.363 +  to create a function which maps (schematic or non-schematic)
   3.364 +  variables to terms.  The first argument is the more "general" term.
   3.365 +  The second argument is used to find the "image" for the variables in
   3.366 +  the first argument which don't appear in the second argument.
   3.367 +
   3.368 +  Note that the list that is returned might have duplicate entries.
   3.369 +  It's not checked to see if the same variable maps to different
   3.370 +  values -- that should be regarded as an error.*)
   3.371 +fun diff thy (initial as (t_gen, t)) =
   3.372 +  let
   3.373 +    fun diff_ty acc [] = acc
   3.374 +      | diff_ty acc ((pair as (ty_gen, ty)) :: ts) =
   3.375 +          case pair of
   3.376 +              (Type (s1, ty_gens1), Type (s2, ty_gens2)) =>
   3.377 +                if s1 <> s2 orelse
   3.378 +                 length ty_gens1 <> length ty_gens2 then
   3.379 +                  raise (DIFF (t_gen, t))
   3.380 +                else
   3.381 +                  diff_ty acc
   3.382 +                   (ts @ ListPair.zip (ty_gens1, ty_gens2))
   3.383 +            | (TFree (s1, so1), TFree (s2, so2)) =>
   3.384 +                if s1 <> s2 orelse
   3.385 +                 not (Sign.subsort thy (so2, so1)) then
   3.386 +                  raise (DIFF (t_gen, t))
   3.387 +                else
   3.388 +                  diff_ty acc ts
   3.389 +            | (TVar (idx1, so1), TVar (idx2, so2)) =>
   3.390 +                if idx1 <> idx2 orelse
   3.391 +                 not (Sign.subsort thy (so2, so1)) then
   3.392 +                  raise (DIFF (t_gen, t))
   3.393 +                else
   3.394 +                  diff_ty acc ts
   3.395 +            | (TFree _, _) => diff_ty (pair :: acc) ts
   3.396 +            | (TVar _, _) => diff_ty (pair :: acc) ts
   3.397 +            | _ => raise (DIFF_TYPE pair)
   3.398 +
   3.399 +    fun diff' (acc as (acc_t, acc_ty)) (pair as (t_gen, t)) ts =
   3.400 +      case pair of
   3.401 +          (Const (s1, ty1), Const (s2, ty2)) =>
   3.402 +            if s1 <> s2 orelse
   3.403 +             not (Sign.typ_instance thy (ty2, ty1)) then
   3.404 +              raise (DIFF (t_gen, t))
   3.405 +            else
   3.406 +              diff_probs acc ts
   3.407 +        | (Free (s1, ty1), Free (s2, ty2)) =>
   3.408 +            if s1 <> s2 orelse
   3.409 +             not (Sign.typ_instance thy (ty2, ty1)) then
   3.410 +              raise (DIFF (t_gen, t))
   3.411 +            else
   3.412 +              diff_probs acc ts
   3.413 +        | (Var (idx1, ty1), Var (idx2, ty2)) =>
   3.414 +            if idx1 <> idx2 orelse
   3.415 +             not (Sign.typ_instance thy (ty2, ty1)) then
   3.416 +              raise (DIFF (t_gen, t))
   3.417 +            else
   3.418 +              diff_probs acc ts
   3.419 +        | (Bound i1, Bound i2) =>
   3.420 +            if i1 <> i2 then
   3.421 +              raise (DIFF (t_gen, t))
   3.422 +            else
   3.423 +              diff_probs acc ts
   3.424 +        | (Abs (s1, ty1, t1), Abs (s2, ty2, t2)) =>
   3.425 +            if s1 <> s2 orelse
   3.426 +             not (Sign.typ_instance thy (ty2, ty1)) then
   3.427 +              raise (DIFF (t_gen, t))
   3.428 +            else
   3.429 +              diff' acc (t1, t2) ts
   3.430 +        | (ta1 $ ta2, tb1 $ tb2) =>
   3.431 +            diff_probs acc ((ta1, tb1) :: (ta2, tb2) :: ts)
   3.432 +
   3.433 +        (*the particularly important bit*)
   3.434 +        | (Free (_, ty), _) =>
   3.435 +            diff_probs
   3.436 +             (pair :: acc_t,
   3.437 +              diff_ty acc_ty [(ty, Term.fastype_of t)])
   3.438 +             ts
   3.439 +        | (Var (_, ty), _) =>
   3.440 +            diff_probs
   3.441 +             (pair :: acc_t,
   3.442 +              diff_ty acc_ty [(ty, Term.fastype_of t)])
   3.443 +             ts
   3.444 +
   3.445 +        (*everything else is problematic*)
   3.446 +        | _ => raise (DIFF (t_gen, t))
   3.447 +
   3.448 +    and diff_probs acc ts =
   3.449 +      case ts of
   3.450 +          [] => acc
   3.451 +        | (pair :: ts') => diff' acc pair ts'
   3.452 +  in
   3.453 +    diff_probs ([], []) [initial]
   3.454 +  end
   3.455 +
   3.456 +(*Abstracts occurrences of "t_sub" in "t", returning a list of
   3.457 +  abstractions of "t" with a Var at each occurrence of "t_sub".
   3.458 +  If "strong=true" then it uses strong abstraction (i.e., replaces
   3.459 +   all occurrnces of "t_sub"), otherwise it uses weak abstraction
   3.460 +   (i.e., replaces the occurrences one at a time).
   3.461 +  NOTE there are many more possibilities between strong and week.
   3.462 +    These can be enumerated by abstracting based on the powerset
   3.463 +    of occurrences (minus the null element, which would correspond
   3.464 +    to "t").
   3.465 +*)
   3.466 +fun guided_abstract strong t_sub t =
   3.467 +  let
   3.468 +    val varnames = Term.add_frees t [] |> map #1
   3.469 +    val prefixK = "v"
   3.470 +    val freshvar =
   3.471 +      let
   3.472 +        fun find_fresh i =
   3.473 +          let
   3.474 +            val varname = prefixK ^ Int.toString i
   3.475 +          in
   3.476 +            if member (op =) varnames varname then
   3.477 +              find_fresh (i + 1)
   3.478 +            else
   3.479 +              (varname, fastype_of t_sub)
   3.480 +          end
   3.481 +      in
   3.482 +        find_fresh 0
   3.483 +      end
   3.484 +
   3.485 +    fun guided_abstract' t =
   3.486 +      case t of
   3.487 +          Abs (s, ty, t') =>
   3.488 +            if t = t_sub then [Free freshvar]
   3.489 +            else
   3.490 +              (map (fn t' => Abs (s, ty, t'))
   3.491 +               (guided_abstract' t'))
   3.492 +        | t1 $ t2 =>
   3.493 +            if t = t_sub then [Free freshvar]
   3.494 +            else
   3.495 +                (map (fn t' => t' $ t2)
   3.496 +                  (guided_abstract' t1)) @
   3.497 +                (map (fn t' => t1 $ t')
   3.498 +                  (guided_abstract' t2))
   3.499 +        | _ =>
   3.500 +            if t = t_sub then [Free freshvar]
   3.501 +            else [t]
   3.502 +
   3.503 +    fun guided_abstract_strong' t =
   3.504 +      let
   3.505 +        fun continue t = guided_abstract_strong' t
   3.506 +          |> (fn x => if null x then t
   3.507 +                else the_single x)
   3.508 +      in
   3.509 +        case t of
   3.510 +            Abs (s, ty, t') =>
   3.511 +              if t = t_sub then [Free freshvar]
   3.512 +              else
   3.513 +                [Abs (s, ty, continue t')]
   3.514 +          | t1 $ t2 =>
   3.515 +              if t = t_sub then [Free freshvar]
   3.516 +              else
   3.517 +                [continue t1 $ continue t2]
   3.518 +          | _ =>
   3.519 +              if t = t_sub then [Free freshvar]
   3.520 +              else [t]
   3.521 +      end
   3.522 +
   3.523 +  in
   3.524 +    ((freshvar, t_sub),
   3.525 +     if strong then guided_abstract_strong' t
   3.526 +     else guided_abstract' t)
   3.527 +  end
   3.528 +
   3.529 +(*Carries out strong abstraction of a term guided by a list of
   3.530 +  other terms.
   3.531 +  In case some of the latter terms happen to be the same, it
   3.532 +  only abstracts them once.
   3.533 +  It returns the abstracted term, together with a map from
   3.534 +   the fresh names to the terms.*)
   3.535 +fun abstract ts t =
   3.536 +  fold_map (apsnd the_single oo (guided_abstract true)) ts t
   3.537 +  |> (fn (v_and_ts, t') =>
   3.538 +       let
   3.539 +         val (vs, ts) = ListPair.unzip v_and_ts
   3.540 +         val vs' =
   3.541 +           (* list_diff vs (list_diff (Term.add_frees t' []) vs) *)
   3.542 +           Term.add_frees t' []
   3.543 +           |> list_diff vs
   3.544 +           |> list_diff vs
   3.545 +         val v'_and_ts =
   3.546 +           map (fn v =>
   3.547 +             (v, AList.lookup (op =) v_and_ts v |> the))
   3.548 +            vs'
   3.549 +       in
   3.550 +         (v'_and_ts, t')
   3.551 +       end)
   3.552 +
   3.553 +(*Instantiate type variables in a term, based on a type environment*)
   3.554 +fun type_devar (tyenv : ((indexname * sort) * typ) list) (t : term) : term =
   3.555 +  case t of
   3.556 +      Const (s, ty) => Const (s, Term_Subst.instantiateT tyenv ty)
   3.557 +    | Free (s, ty) => Free (s, Term_Subst.instantiateT tyenv ty)
   3.558 +    | Var (idx, ty) => Var (idx, Term_Subst.instantiateT tyenv ty)
   3.559 +    | Bound _ => t
   3.560 +    | Abs (s, ty, t') =>
   3.561 +        Abs (s, Term_Subst.instantiateT tyenv ty, type_devar tyenv t')
   3.562 +    | t1 $ t2 => type_devar tyenv t1 $ type_devar tyenv t2
   3.563 +
   3.564 +(*Take a "diff" between an (abstract) thm's term, and another term
   3.565 +  (the latter is an instance of the form), then instantiate the
   3.566 +  abstract theorem. This is a way of turning the latter term into
   3.567 +  a theorem, but without exposing the proof-search functions to
   3.568 +  complex terms.
   3.569 +  In addition to the abstract thm ("scheme_thm"), this function is
   3.570 +  also supplied with the (sub)term of the abstract thm ("scheme_t")
   3.571 +  we want to use in the diff, in case only part of "scheme_t"
   3.572 +  might be needed (not the whole "prop_of scheme_thm")*)
   3.573 +fun diff_and_instantiate ctxt scheme_thm scheme_t instance_t =
   3.574 +  let
   3.575 +    val thy = Proof_Context.theory_of ctxt
   3.576 +
   3.577 +    val (term_pairing, type_pairing) =
   3.578 +      diff thy (scheme_t, instance_t)
   3.579 +
   3.580 +    (*valuation of type variables*)
   3.581 +    val typeval = map (pairself (ctyp_of thy)) type_pairing
   3.582 +
   3.583 +    val typeval_env =
   3.584 +      map (apfst dest_TVar) type_pairing
   3.585 +    (*valuation of term variables*)
   3.586 +    val termval =
   3.587 +      map (apfst (type_devar typeval_env)) term_pairing
   3.588 +      |> map (pairself (cterm_of thy))
   3.589 +  in
   3.590 +    Thm.instantiate (typeval, termval) scheme_thm
   3.591 +  end
   3.592 +
   3.593 +(*FIXME this is bad form?*)
   3.594 +val try_dest_Trueprop = perhaps (try HOLogic.dest_Trueprop)
   3.595 +
   3.596 +
   3.597 +(** Some tacticals **)
   3.598 +
   3.599 +(*Lift COND to be parametrised by subgoal number*)
   3.600 +fun COND' sat' tac'1 tac'2 i =
   3.601 +  COND (sat' i) (tac'1 i) (tac'2 i)
   3.602 +
   3.603 +(*Apply simplification ("wittler") as few times as possible
   3.604 +  before being able to apply a tactic ("tac").
   3.605 +  This is like a lazy version of REPEAT, since it attempts
   3.606 +  to REPEAT a tactic the smallest number times as possible,
   3.607 +  to make some other tactic succeed subsequently.*)
   3.608 +fun ASAP wittler (tac : int -> tactic) (i : int) = fn st =>
   3.609 +  let
   3.610 +    val tac_result = tac i st
   3.611 +    val pulled_tac_result = Seq.pull tac_result
   3.612 +    val tac_failed =
   3.613 +      is_none pulled_tac_result orelse
   3.614 +       not (has_fewer_prems 1 (fst (the pulled_tac_result)))
   3.615 +  in
   3.616 +    if tac_failed then (wittler THEN' ASAP wittler tac) i st
   3.617 +    else tac_result
   3.618 +  end
   3.619 +
   3.620 +
   3.621 +(** Some tactics **)
   3.622 +
   3.623 +val break_hypotheses =
   3.624 + ((REPEAT_DETERM o etac @{thm conjE})
   3.625 +  THEN' (REPEAT_DETERM o etac @{thm disjE})
   3.626 + ) #> CHANGED
   3.627 +
   3.628 +(*Prove subgoals of form A ==> B1 | ... | A | ... | Bn*)
   3.629 +val clause_breaker =
   3.630 +  (REPEAT o (resolve_tac [@{thm "disjI1"}, @{thm "disjI2"}, @{thm "conjI"}]))
   3.631 +  THEN'  atac
   3.632 +
   3.633 +(*
   3.634 +  Refines a subgoal have the form:
   3.635 +    A1 ... An ==> B1 | ... | Aj | ... | Bi | ... | Ak | ...
   3.636 +  into multiple subgoals of the form:
   3.637 +    A'1 ==> B1 | ... | Aj | ... | Bi | ... | Ak | ...
   3.638 +     :
   3.639 +    A'm ==> B1 | ... | Aj | ... | Bi | ... | Ak | ...
   3.640 +  where {A'1 .. A'm} is disjoint from {B1, ..., Aj, ..., Bi, ..., Ak, ...}
   3.641 +  (and solves the subgoal completely if the first set is empty)
   3.642 +*)
   3.643 +val batter =
   3.644 +  break_hypotheses
   3.645 +  THEN' K (ALLGOALS (TRY o clause_breaker))
   3.646 +
   3.647 +(*Same idiom as ex_expander_tac*)
   3.648 +fun dist_all_and_tac ctxt i =
   3.649 +   let
   3.650 +     val simpset =
   3.651 +       empty_simpset ctxt
   3.652 +       |> Simplifier.add_simp
   3.653 +           @{lemma "! x. P x & Q x \<equiv> (! x. P x) & (! x. Q x)"
   3.654 +              by (rule eq_reflection, auto)}
   3.655 +   in
   3.656 +     CHANGED (asm_full_simp_tac simpset i)
   3.657 +   end
   3.658 +
   3.659 +fun reassociate_conjs_tac ctxt =
   3.660 +  asm_full_simp_tac
   3.661 +   (Simplifier.add_simp
   3.662 +    @{lemma "(A & B) & C == A & B & C" by auto} (*FIXME duplicates @{thm simp_meta(3)}*)
   3.663 +    (Raw_Simplifier.empty_simpset ctxt))
   3.664 +  #> CHANGED
   3.665 +  #> REPEAT_DETERM
   3.666 +
   3.667 +
   3.668 +(** Subgoal analysis **)
   3.669 +
   3.670 +(*Given an inference
   3.671 +        C
   3.672 +      -----
   3.673 +        D
   3.674 +  This function returns "SOME X" if C = "! X. C'".
   3.675 +  If C has no quantification prefix, then returns NONE.*)
   3.676 +fun head_quantified_variable i = fn st =>
   3.677 +  let
   3.678 +    val thy = Thm.theory_of_thm st
   3.679 +    val ctxt = Proof_Context.init_global thy
   3.680 +
   3.681 +    val gls =
   3.682 +      prop_of st
   3.683 +      |> Logic.strip_horn
   3.684 +      |> fst
   3.685 +
   3.686 +    val hypos =
   3.687 +      if null gls then []
   3.688 +      else
   3.689 +        rpair (i - 1) gls
   3.690 +        |> uncurry nth
   3.691 +        |> strip_top_all_vars []
   3.692 +        |> snd
   3.693 +        |> Logic.strip_horn
   3.694 +        |> fst
   3.695 +
   3.696 +    fun foralls_of_hd_hypos () =
   3.697 +      hd hypos
   3.698 +      |> try_dest_Trueprop
   3.699 +      |> strip_top_All_vars
   3.700 +      |> #1
   3.701 +      |> rev
   3.702 +
   3.703 +    val quantified_variables = foralls_of_hd_hypos ()
   3.704 +  in
   3.705 +    if null hypos orelse null quantified_variables then NONE
   3.706 +    else SOME (hd quantified_variables)
   3.707 +  end
   3.708 +
   3.709 +
   3.710 +(** Builders for goal analysers or transformers **)
   3.711 +
   3.712 +(*Lifts function over terms to apply it to subgoals.
   3.713 +  "fun_over_terms" has type (term list * term -> 'a), where
   3.714 +  (term list * term) will be the term representations of the
   3.715 +  hypotheses and conclusion.
   3.716 +  if i_opt=SOME i then applies fun_over_terms to that
   3.717 +   subgoal and returns singleton result.
   3.718 +  otherwise applies fun_over_terms to all subgoals and return
   3.719 +   list of results.*)
   3.720 +fun TERMFUN
   3.721 + (fun_over_terms : term list * term -> 'a)
   3.722 + (i_opt : int option) : thm -> 'a list = fn st =>
   3.723 +  let
   3.724 +    val t_raws =
   3.725 +        Thm.rep_thm st
   3.726 +        |> #prop
   3.727 +        |> strip_top_all_vars []
   3.728 +        |> snd
   3.729 +        |> Logic.strip_horn
   3.730 +        |> fst
   3.731 +  in
   3.732 +    if null t_raws then []
   3.733 +    else
   3.734 +      let
   3.735 +        val ts =
   3.736 +          let
   3.737 +            val stripper =
   3.738 +              strip_top_all_vars []
   3.739 +              #> snd
   3.740 +              #> Logic.strip_horn
   3.741 +              #> apsnd try_dest_Trueprop
   3.742 +              #> apfst (map try_dest_Trueprop)
   3.743 +          in
   3.744 +            map stripper t_raws
   3.745 +          end
   3.746 +      in
   3.747 +        case i_opt of
   3.748 +            NONE =>
   3.749 +              map fun_over_terms ts
   3.750 +          | SOME i =>
   3.751 +              nth ts (i - 1)
   3.752 +              |> fun_over_terms
   3.753 +              |> single
   3.754 +      end
   3.755 +  end
   3.756 +
   3.757 +(*Applies a predicate to subgoal(s) conclusion(s)*)
   3.758 +fun TERMPRED
   3.759 + (hyp_pred_over_terms : term -> bool)
   3.760 + (conc_pred_over_terms : term -> bool)
   3.761 + (i_opt : int option) : thm -> bool = fn st =>
   3.762 +    let
   3.763 +      val hyp_results =
   3.764 +        TERMFUN (fst (*discard hypotheses*)
   3.765 +                 #> map hyp_pred_over_terms) i_opt st
   3.766 +      val conc_results =
   3.767 +        TERMFUN (snd (*discard hypotheses*)
   3.768 +                 #> conc_pred_over_terms) i_opt st
   3.769 +      val _ = @{assert} (length hyp_results = length conc_results)
   3.770 +    in
   3.771 +      if null hyp_results then true
   3.772 +      else
   3.773 +        let
   3.774 +          val hyps_conjoined =
   3.775 +            fold (fn a => fn b =>
   3.776 +              b andalso (List.all (fn x => x) a)) hyp_results true
   3.777 +          val concs_conjoined =
   3.778 +            fold (fn a => fn b =>
   3.779 +              b andalso a) conc_results true
   3.780 +        in hyps_conjoined andalso concs_conjoined end
   3.781 +    end
   3.782 +
   3.783 +
   3.784 +(** Tracing **)
   3.785 +(*If "tac i st" succeeds then msg is printed to "trace" channel*)
   3.786 +fun trace_tac' msg tac i st =
   3.787 +  let
   3.788 +    val thy = Thm.theory_of_thm st
   3.789 +    val ctxt = Proof_Context.init_global thy
   3.790 +    val result = tac i st
   3.791 +  in
   3.792 +    if Config.get ctxt tptp_trace_reconstruction andalso
   3.793 +     not (is_none (Seq.pull result)) then
   3.794 +      (tracing msg; result)
   3.795 +    else result
   3.796 +  end
   3.797 +
   3.798 +end
     4.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     4.2 +++ b/src/HOL/TPTP/TPTP_Proof_Reconstruction.thy	Wed Feb 19 15:57:02 2014 +0000
     4.3 @@ -0,0 +1,2223 @@
     4.4 +(*  Title:      HOL/TPTP/TPTP_Proof_Reconstruction.thy
     4.5 +    Author:     Nik Sultana, Cambridge University Computer Laboratory
     4.6 +
     4.7 +Proof reconstruction for Leo-II.
     4.8 +
     4.9 +TODO:
    4.10 +  use RemoveRedundantQuantifications instead of the ad hoc use of
    4.11 +   remove_redundant_quantification_in_lit and remove_redundant_quantification
    4.12 +*)
    4.13 +
    4.14 +theory TPTP_Proof_Reconstruction
    4.15 +imports TPTP_Parser TPTP_Interpret
    4.16 +(* keywords "import_leo2_proof" :: thy_decl *) (*FIXME currently unused*)
    4.17 +begin
    4.18 +
    4.19 +
    4.20 +section "Setup"
    4.21 +
    4.22 +ML {*
    4.23 +  val tptp_unexceptional_reconstruction = Attrib.setup_config_bool @{binding tptp_unexceptional_reconstruction} (K false)
    4.24 +  fun unexceptional_reconstruction ctxt = Config.get ctxt tptp_unexceptional_reconstruction
    4.25 +  val tptp_informative_failure = Attrib.setup_config_bool @{binding tptp_informative_failure} (K false)
    4.26 +  fun informative_failure ctxt = Config.get ctxt tptp_informative_failure
    4.27 +  val tptp_trace_reconstruction = Attrib.setup_config_bool @{binding tptp_trace_reconstruction} (K false)
    4.28 +  val tptp_max_term_size = Attrib.setup_config_int @{binding tptp_max_term_size} (K 0) (*0=infinity*)
    4.29 +
    4.30 +  fun exceeds_tptp_max_term_size ctxt size =
    4.31 +    let
    4.32 +      val max = Config.get ctxt tptp_max_term_size
    4.33 +    in
    4.34 +      if max = 0 then false
    4.35 +      else size > max
    4.36 +    end
    4.37 +*}
    4.38 +
    4.39 +(*FIXME move to TPTP_Proof_Reconstruction_Test_Units*)
    4.40 +declare [[
    4.41 +  tptp_unexceptional_reconstruction = false, (*NOTE should be "false" while testing*)
    4.42 +  tptp_informative_failure = true
    4.43 +]]
    4.44 +
    4.45 +ML_file "TPTP_Parser/tptp_reconstruct_library.ML"
    4.46 +ML "open TPTP_Reconstruct_Library"
    4.47 +ML_file "TPTP_Parser/tptp_reconstruct.ML"
    4.48 +
    4.49 +(*FIXME fudge*)
    4.50 +declare [[
    4.51 +  blast_depth_limit = 10,
    4.52 +  unify_search_bound = 5
    4.53 +]]
    4.54 +
    4.55 +
    4.56 +section "Proof reconstruction"
    4.57 +text {*There are two parts to proof reconstruction:
    4.58 +\begin{itemize}
    4.59 +  \item interpreting the inferences
    4.60 +  \item building the skeleton, which indicates how to compose
    4.61 +    individual inferences into subproofs, and then compose the
    4.62 +    subproofs to give the proof).
    4.63 +\end{itemize}
    4.64 +
    4.65 +One step detects unsound inferences, and the other step detects
    4.66 +unsound composition of inferences.  The two parts can be weakly
    4.67 +coupled. They rely on a "proof index" which maps nodes to the
    4.68 +inference information. This information consists of the (usually
    4.69 +prover-specific) name of the inference step, and the Isabelle
    4.70 +formalisation of the inference as a term. The inference interpretation
    4.71 +then maps these terms into meta-theorems, and the skeleton is used to
    4.72 +compose the inference-level steps into a proof.
    4.73 +
    4.74 +Leo2 operates on conjunctions of clauses. Each Leo2 inference has the
    4.75 +following form, where Cx are clauses:
    4.76 +
    4.77 +           C1 && ... && Cn
    4.78 +          -----------------
    4.79 +          C'1 && ... && C'n
    4.80 +
    4.81 +Clauses consist of disjunctions of literals (shown as Px below), and might
    4.82 +have a prefix of !-bound variables, as shown below.
    4.83 +
    4.84 +  ! X... { P1 || ... || Pn}
    4.85 +
    4.86 +Literals are usually assigned a polarity, but this isn't always the
    4.87 +case; you can come across inferences looking like this (where A is an
    4.88 +object-level formula):
    4.89 +
    4.90 +             F
    4.91 +          --------
    4.92 +          F = true
    4.93 +
    4.94 +The symbol "||" represents literal-level disjunction and "&&" is
    4.95 +clause-level conjunction. Rules will typically lift formula-level
    4.96 +conjunctions; for instance the following rule lifts object-level
    4.97 +disjunction:
    4.98 +
    4.99 +          {    (A | B) = true    || ... } && ...
   4.100 +          --------------------------------------
   4.101 +          { A = true || B = true || ... } && ...
   4.102 +
   4.103 +
   4.104 +Using this setup, efficiency might be gained by only interpreting
   4.105 +inferences once, merging identical inference steps, and merging
   4.106 +identical subproofs into single inferences thus avoiding some effort.
   4.107 +We can also attempt to minimising proof search when interpreting
   4.108 +inferences.
   4.109 +
   4.110 +It is hoped that this setup can target other provers by modifying the
   4.111 +clause representation to fit them, and adapting the inference
   4.112 +interpretation to handle the rules used by the prover. It should also
   4.113 +facilitate composing together proofs found by different provers.
   4.114 +*}
   4.115 +
   4.116 +
   4.117 +subsection "Instantiation"
   4.118 +
   4.119 +lemma polar_allE [rule_format]:
   4.120 +  "\<lbrakk>(\<forall>x. P x) = True; (P x) = True \<Longrightarrow> R\<rbrakk> \<Longrightarrow> R"
   4.121 +  "\<lbrakk>(\<exists>x. P x) = False; (P x) = False \<Longrightarrow> R\<rbrakk> \<Longrightarrow> R"
   4.122 +by auto
   4.123 +
   4.124 +lemma polar_exE [rule_format]:
   4.125 +  "\<lbrakk>(\<exists>x. P x) = True; \<And>x. (P x) = True \<Longrightarrow> R\<rbrakk> \<Longrightarrow> R"
   4.126 +  "\<lbrakk>(\<forall>x. P x) = False; \<And>x. (P x) = False \<Longrightarrow> R\<rbrakk> \<Longrightarrow> R"
   4.127 +by auto
   4.128 +
   4.129 +ML {*
   4.130 +(*This carries out an allE-like rule but on (polarised) literals.
   4.131 + Instead of yielding a free variable (which is a hell for the
   4.132 + matcher) it seeks to use one of the subgoals' parameters.
   4.133 + This ought to be sufficient for emulating extcnf_combined,
   4.134 + but note that the complexity of the problem can be enormous.*)
   4.135 +fun inst_parametermatch_tac ctxt thms i = fn st =>
   4.136 +  let
   4.137 +    val gls =
   4.138 +      prop_of st
   4.139 +      |> Logic.strip_horn
   4.140 +      |> fst
   4.141 +
   4.142 +    val parameters =
   4.143 +      if null gls then []
   4.144 +      else
   4.145 +        rpair (i - 1) gls
   4.146 +        |> uncurry nth
   4.147 +        |> strip_top_all_vars []
   4.148 +        |> fst
   4.149 +        |> map fst (*just get the parameter names*)
   4.150 +  in
   4.151 +    if null parameters then no_tac st
   4.152 +    else
   4.153 +      let
   4.154 +        fun instantiate param =
   4.155 +           (map (eres_inst_tac ctxt [(("x", 0), param)]) thms
   4.156 +                   |> FIRST')
   4.157 +        val attempts = map instantiate parameters
   4.158 +      in
   4.159 +        (fold (curry (op APPEND')) attempts (K no_tac)) i st
   4.160 +      end
   4.161 +  end
   4.162 +
   4.163 +(*Attempts to use the polar_allE theorems on a specific subgoal.*)
   4.164 +fun forall_pos_tac ctxt = inst_parametermatch_tac ctxt @{thms polar_allE}
   4.165 +*}
   4.166 +
   4.167 +ML {*
   4.168 +(*This is similar to inst_parametermatch_tac, but prefers to
   4.169 +  match variables having identical names. Logically, this is
   4.170 +  a hack. But it reduces the complexity of the problem.*)
   4.171 +fun nominal_inst_parametermatch_tac ctxt thm i = fn st =>
   4.172 +  let
   4.173 +    val gls =
   4.174 +      prop_of st
   4.175 +      |> Logic.strip_horn
   4.176 +      |> fst
   4.177 +
   4.178 +    val parameters =
   4.179 +      if null gls then []
   4.180 +      else
   4.181 +        rpair (i - 1) gls
   4.182 +        |> uncurry nth
   4.183 +        |> strip_top_all_vars []
   4.184 +        |> fst
   4.185 +        |> map fst (*just get the parameter names*)
   4.186 +  in
   4.187 +    if null parameters then no_tac st
   4.188 +    else
   4.189 +      let
   4.190 +        fun instantiates param =
   4.191 +           eres_inst_tac ctxt [(("x", 0), param)] thm
   4.192 +
   4.193 +        val quantified_var = head_quantified_variable i st
   4.194 +      in
   4.195 +        if is_none quantified_var then no_tac st
   4.196 +        else
   4.197 +          if member (op =) parameters (the quantified_var |> fst) then
   4.198 +            instantiates (the quantified_var |> fst) i st
   4.199 +          else
   4.200 +            K no_tac i st
   4.201 +      end
   4.202 +  end
   4.203 +*}
   4.204 +
   4.205 +
   4.206 +subsection "Prefix massaging"
   4.207 +
   4.208 +ML {*
   4.209 +exception NO_GOALS
   4.210 +
   4.211 +(*Get quantifier prefix of the hypothesis and conclusion, reorder
   4.212 +  the hypothesis' quantifiers to have the ones appearing in the
   4.213 +  conclusion first.*)
   4.214 +fun canonicalise_qtfr_order ctxt i = fn st =>
   4.215 +  let
   4.216 +    val gls =
   4.217 +      prop_of st
   4.218 +      |> Logic.strip_horn
   4.219 +      |> fst
   4.220 +  in
   4.221 +    if null gls then raise NO_GOALS
   4.222 +    else
   4.223 +      let
   4.224 +        val (params, (hyp_clause, conc_clause)) =
   4.225 +          rpair (i - 1) gls
   4.226 +          |> uncurry nth
   4.227 +          |> strip_top_all_vars []
   4.228 +          |> apsnd Logic.dest_implies
   4.229 +
   4.230 +        val (hyp_quants, hyp_body) =
   4.231 +          HOLogic.dest_Trueprop hyp_clause
   4.232 +          |> strip_top_All_vars
   4.233 +          |> apfst rev
   4.234 +
   4.235 +        val conc_quants =
   4.236 +          HOLogic.dest_Trueprop conc_clause
   4.237 +          |> strip_top_All_vars
   4.238 +          |> fst
   4.239 +
   4.240 +        val new_hyp =
   4.241 +          (* fold absfree new_hyp_prefix hyp_body *)
   4.242 +          (*HOLogic.list_all*)
   4.243 +          fold_rev (fn (v, ty) => fn t => HOLogic.mk_all (v, ty, t))
   4.244 +           (prefix_intersection_list
   4.245 +             hyp_quants conc_quants)
   4.246 +           hyp_body
   4.247 +          |> HOLogic.mk_Trueprop
   4.248 +
   4.249 +         val thm = Goal.prove ctxt [] []
   4.250 +           (Logic.mk_implies (hyp_clause, new_hyp))
   4.251 +           (fn _ =>
   4.252 +              (REPEAT_DETERM (HEADGOAL (rtac @{thm allI})))
   4.253 +              THEN (REPEAT_DETERM
   4.254 +                    (HEADGOAL
   4.255 +                     (nominal_inst_parametermatch_tac ctxt @{thm allE})))
   4.256 +              THEN HEADGOAL atac)
   4.257 +      in
   4.258 +        dtac thm i st
   4.259 +      end
   4.260 +    end
   4.261 +*}
   4.262 +
   4.263 +
   4.264 +subsection "Some general rules and congruences"
   4.265 +
   4.266 +(*this isn't an actual rule used in Leo2, but it seems to be
   4.267 +  applied implicitly during some Leo2 inferences.*)
   4.268 +lemma polarise: "P ==> P = True" by auto
   4.269 +
   4.270 +ML {*
   4.271 +fun is_polarised t =
   4.272 +  (TPTP_Reconstruct.remove_polarity true t; true)
   4.273 +  handle TPTP_Reconstruct.UNPOLARISED _ => false
   4.274 +
   4.275 +val polarise_subgoal_hyps =
   4.276 +  COND' (SOME #> TERMPRED is_polarised (fn _ => true)) (K no_tac) (dtac @{thm polarise})
   4.277 +*}
   4.278 +
   4.279 +lemma simp_meta [rule_format]:
   4.280 +  "(A --> B) == (~A | B)"
   4.281 +  "(A | B) | C == A | B | C"
   4.282 +  "(A & B) & C == A & B & C"
   4.283 +  "(~ (~ A)) == A"
   4.284 +  (* "(A & B) == (~ (~A | ~B))" *)
   4.285 +  "~ (A & B) == (~A | ~B)"
   4.286 +  "~(A | B) == (~A) & (~B)"
   4.287 +by auto
   4.288 +
   4.289 +
   4.290 +subsection "Emulation of Leo2's inference rules"
   4.291 +
   4.292 +(*this is not included in simp_meta since it would make a mess of the polarities*)
   4.293 +lemma expand_iff [rule_format]:
   4.294 + "((A :: bool) = B) \<equiv> (~ A | B) & (~ B | A)"
   4.295 +by (rule eq_reflection, auto)
   4.296 +
   4.297 +lemma polarity_switch [rule_format]:
   4.298 +  "(\<not> P) = True \<Longrightarrow> P = False"
   4.299 +  "(\<not> P) = False \<Longrightarrow> P = True"
   4.300 +  "P = False \<Longrightarrow> (\<not> P) = True"
   4.301 +  "P = True \<Longrightarrow> (\<not> P) = False"
   4.302 +by auto
   4.303 +
   4.304 +lemma solved_all_splits: "False = True \<Longrightarrow> False" by simp
   4.305 +ML {*
   4.306 +val solved_all_splits_tac =
   4.307 +  TRY (etac @{thm conjE} 1)
   4.308 +  THEN rtac @{thm solved_all_splits} 1
   4.309 +  THEN atac 1
   4.310 +*}
   4.311 +
   4.312 +lemma lots_of_logic_expansions_meta [rule_format]:
   4.313 +  "(((A :: bool) = B) = True) == (((A \<longrightarrow> B) = True) & ((B \<longrightarrow> A) = True))"
   4.314 +  "((A :: bool) = B) = False == (((~A) | B) = False) | (((~B) | A) = False)"
   4.315 +
   4.316 +  "((F = G) = True) == (! x. (F x = G x)) = True"
   4.317 +  "((F = G) = False) == (! x. (F x = G x)) = False"
   4.318 +
   4.319 +  "(A | B) = True == (A = True) | (B = True)"
   4.320 +  "(A & B) = False == (A = False) | (B = False)"
   4.321 +  "(A | B) = False == (A = False) & (B = False)"
   4.322 +  "(A & B) = True == (A = True) & (B = True)"
   4.323 +  "(~ A) = True == A = False"
   4.324 +  "(~ A) = False == A = True"
   4.325 +  "~ (A = True) == A = False"
   4.326 +  "~ (A = False) == A = True"
   4.327 +by (rule eq_reflection, auto)+
   4.328 +
   4.329 +(*this is used in extcnf_combined handler*)
   4.330 +lemma eq_neg_bool: "((A :: bool) = B) = False ==> ((~ (A | B)) | ~ ((~ A) | (~ B))) = False"
   4.331 +by auto
   4.332 +
   4.333 +lemma eq_pos_bool:
   4.334 +  "((A :: bool) = B) = True ==> ((~ (A | B)) | ~ (~ A | ~ B)) = True"
   4.335 +  "(A = B) = True \<Longrightarrow> A = True \<or> B = False"
   4.336 +  "(A = B) = True \<Longrightarrow> A = False \<or> B = True"
   4.337 +by auto
   4.338 +
   4.339 +(*next formula is more versatile than
   4.340 +    "(F = G) = True \<Longrightarrow> \<forall>x. ((F x = G x) = True)"
   4.341 +  since it doesn't assume that clause is singleton. After splitqtfr,
   4.342 +  and after applying allI exhaustively to the conclusion, we can
   4.343 +  use the existing functions to find the "(F x = G x) = True"
   4.344 +  disjunct in the conclusion*)
   4.345 +lemma eq_pos_func: "\<And> x. (F = G) = True \<Longrightarrow> (F x = G x) = True"
   4.346 +by auto
   4.347 +
   4.348 +(*make sure the conclusion consists of just "False"*)
   4.349 +lemma flip:
   4.350 +  "((A = True) ==> False) ==> A = False"
   4.351 +  "((A = False) ==> False) ==> A = True"
   4.352 +by auto
   4.353 +
   4.354 +(*FIXME try to use Drule.equal_elim_rule1 directly for this*)
   4.355 +lemma equal_elim_rule1: "(A \<equiv> B) \<Longrightarrow> A \<Longrightarrow> B" by auto
   4.356 +lemmas leo2_rules =
   4.357 + lots_of_logic_expansions_meta[THEN equal_elim_rule1]
   4.358 +
   4.359 +(*FIXME is there any overlap with lots_of_logic_expansions_meta or leo2_rules?*)
   4.360 +lemma extuni_bool2 [rule_format]: "(A = B) = False \<Longrightarrow> (A = True) | (B = True)" by auto
   4.361 +lemma extuni_bool1 [rule_format]: "(A = B) = False \<Longrightarrow> (A = False) | (B = False)" by auto
   4.362 +lemma extuni_triv [rule_format]: "(A = A) = False \<Longrightarrow> R" by auto
   4.363 +
   4.364 +(*Order (of A, B, C, D) matters*)
   4.365 +lemma dec_commut_eq [rule_format]:
   4.366 +  "((A = B) = (C = D)) = False \<Longrightarrow> (B = C) = False | (A = D) = False"
   4.367 +  "((A = B) = (C = D)) = False \<Longrightarrow> (B = D) = False | (A = C) = False"
   4.368 +by auto
   4.369 +lemma dec_commut_disj [rule_format]:
   4.370 +  "((A \<or> B) = (C \<or> D)) = False \<Longrightarrow> (B = C) = False \<or> (A = D) = False"
   4.371 +by auto
   4.372 +
   4.373 +lemma extuni_func [rule_format]: "(F = G) = False \<Longrightarrow> (! X. (F X = G X)) = False" by auto
   4.374 +
   4.375 +
   4.376 +subsection "Emulation: tactics"
   4.377 +
   4.378 +ML {*
   4.379 +(*Instantiate a variable according to the info given in the
   4.380 +  proof annotation. Through this we avoid having to come up
   4.381 +  with instantiations during reconstruction.*)
   4.382 +fun bind_tac ctxt prob_name ordered_binds =
   4.383 +  let
   4.384 +    val thy = Proof_Context.theory_of ctxt
   4.385 +    fun term_to_string t =
   4.386 +        Print_Mode.with_modes [""]
   4.387 +          (fn () => Output.output (Syntax.string_of_term ctxt t)) ()
   4.388 +    val ordered_instances =
   4.389 +      TPTP_Reconstruct.interpret_bindings prob_name thy ordered_binds []
   4.390 +      |> map (snd #> term_to_string)
   4.391 +      |> permute
   4.392 +
   4.393 +    (*instantiate a list of variables, order matters*)
   4.394 +    fun instantiate_vars ctxt vars : tactic =
   4.395 +      map (fn var =>
   4.396 +            Rule_Insts.eres_inst_tac ctxt
   4.397 +             [(("x", 0), var)] @{thm allE} 1)
   4.398 +          vars
   4.399 +      |> EVERY
   4.400 +
   4.401 +    fun instantiate_tac vars =
   4.402 +      instantiate_vars ctxt vars
   4.403 +      THEN (HEADGOAL atac)
   4.404 +  in
   4.405 +    HEADGOAL (canonicalise_qtfr_order ctxt)
   4.406 +    THEN (REPEAT_DETERM (HEADGOAL (rtac @{thm allI})))
   4.407 +    THEN REPEAT_DETERM (HEADGOAL (nominal_inst_parametermatch_tac ctxt @{thm allE}))
   4.408 +    (*now only the variable to instantiate should be left*)
   4.409 +    THEN FIRST (map instantiate_tac ordered_instances)
   4.410 +  end
   4.411 +*}
   4.412 +
   4.413 +ML {*
   4.414 +(*Simplification tactics*)
   4.415 +local
   4.416 +  fun rew_goal_tac thms ctxt i =
   4.417 +    rewrite_goal_tac ctxt thms i
   4.418 +    |> CHANGED
   4.419 +in
   4.420 +  val expander_animal =
   4.421 +    rew_goal_tac (@{thms simp_meta} @ @{thms lots_of_logic_expansions_meta})
   4.422 +
   4.423 +  val simper_animal =
   4.424 +    rew_goal_tac @{thms simp_meta}
   4.425 +end
   4.426 +*}
   4.427 +
   4.428 +lemma prop_normalise [rule_format]:
   4.429 +  "(A | B) | C == A | B | C"
   4.430 +  "(A & B) & C == A & B & C"
   4.431 +  "A | B == ~(~A & ~B)"
   4.432 +  "~~ A == A"
   4.433 +by auto
   4.434 +ML {*
   4.435 +(*i.e., break_conclusion*)
   4.436 +fun flip_conclusion_tac ctxt =
   4.437 +  let
   4.438 +    val default_tac =
   4.439 +      (TRY o CHANGED o (rewrite_goal_tac ctxt @{thms prop_normalise}))
   4.440 +      THEN' rtac @{thm notI}
   4.441 +      THEN' (REPEAT_DETERM o etac @{thm conjE})
   4.442 +      THEN' (TRY o (expander_animal ctxt))
   4.443 +  in
   4.444 +    default_tac ORELSE' resolve_tac @{thms flip}
   4.445 +  end
   4.446 +*}
   4.447 +
   4.448 +
   4.449 +subsection "Skolemisation"
   4.450 +
   4.451 +lemma skolemise [rule_format]:
   4.452 +  "\<forall> P. (~ (! x. P x)) \<longrightarrow> ~ (P (SOME x. ~ P x))"
   4.453 +proof -
   4.454 +  have "\<And> P. (~ (! x. P x)) \<Longrightarrow> ~ (P (SOME x. ~ P x))"
   4.455 +  proof -
   4.456 +    fix P
   4.457 +    assume ption: "~ (! x. P x)"
   4.458 +    hence a: "? x. ~ P x" by force
   4.459 +
   4.460 +    have hilbert : "\<And> P. (? x. P x) \<Longrightarrow> (P (SOME x. P x))"
   4.461 +    proof -
   4.462 +      fix P
   4.463 +      assume "(? x. P x)"
   4.464 +      thus "(P (SOME x. P x))"
   4.465 +        apply auto
   4.466 +        apply (rule someI)
   4.467 +        apply auto
   4.468 +        done
   4.469 +    qed
   4.470 +
   4.471 +    from a show "~ P (SOME x. ~ P x)"
   4.472 +    proof -
   4.473 +      assume "? x. ~ P x"
   4.474 +      hence "\<not> P (SOME x. \<not> P x)" by (rule hilbert)
   4.475 +      thus ?thesis .
   4.476 +    qed
   4.477 +  qed
   4.478 +  thus ?thesis by blast
   4.479 +qed
   4.480 +
   4.481 +lemma polar_skolemise [rule_format]:
   4.482 +  "\<forall> P. (! x. P x) = False \<longrightarrow> (P (SOME x. ~ P x)) = False"
   4.483 +proof -
   4.484 +  have "\<And> P. (! x. P x) = False \<Longrightarrow> (P (SOME x. ~ P x)) = False"
   4.485 +  proof -
   4.486 +    fix P
   4.487 +    assume ption: "(! x. P x) = False"
   4.488 +    hence "\<not> (\<forall> x. P x)" by force
   4.489 +    hence "\<not> All P" by force
   4.490 +    hence "\<not> (P (SOME x. \<not> P x))" by (rule skolemise)
   4.491 +    thus "(P (SOME x. \<not> P x)) = False" by force
   4.492 +  qed
   4.493 +  thus ?thesis by blast
   4.494 +qed
   4.495 +
   4.496 +lemma leo2_skolemise [rule_format]:
   4.497 +  "\<forall> P sk. (! x. P x) = False \<longrightarrow> (sk = (SOME x. ~ P x)) \<longrightarrow> (P sk) = False"
   4.498 +by (clarify, rule polar_skolemise)
   4.499 +
   4.500 +lemma lift_forall [rule_format]:
   4.501 +  "!! x. (! x. A x) = True ==> (A x) = True"
   4.502 +  "!! x. (? x. A x) = False ==> (A x) = False"
   4.503 +by auto
   4.504 +lemma lift_exists [rule_format]:
   4.505 +  "\<lbrakk>(All P) = False; sk = (SOME x. \<not> P x)\<rbrakk> \<Longrightarrow> P sk = False"
   4.506 +  "\<lbrakk>(Ex P) = True; sk = (SOME x. P x)\<rbrakk> \<Longrightarrow> P sk = True"
   4.507 +apply (drule polar_skolemise, simp)
   4.508 +apply (simp, drule someI_ex, simp)
   4.509 +done
   4.510 +
   4.511 +ML {*
   4.512 +(*FIXME LHS should be constant. Currently allow variables for testing. Probably should still allow Vars (but not Frees) since they'll act as intermediate values*)
   4.513 +fun conc_is_skolem_def t =
   4.514 +  case t of
   4.515 +      Const (@{const_name HOL.eq}, _) $ t' $ (Const (@{const_name Hilbert_Choice.Eps}, _) $ _) =>
   4.516 +      let
   4.517 +        val (h, args) =
   4.518 +          strip_comb t'
   4.519 +          |> apfst (strip_abs #> snd #> strip_comb #> fst)
   4.520 +        val get_const_name = dest_Const #> fst
   4.521 +        val h_property =
   4.522 +          is_Free h orelse
   4.523 +          is_Var h orelse
   4.524 +          (is_Const h
   4.525 +           andalso (get_const_name h <> get_const_name @{term HOL.Ex})
   4.526 +           andalso (get_const_name h <> get_const_name @{term HOL.All})
   4.527 +           andalso (h <> @{term Hilbert_Choice.Eps})
   4.528 +           andalso (h <> @{term HOL.conj})
   4.529 +           andalso (h <> @{term HOL.disj})
   4.530 +           andalso (h <> @{term HOL.eq})
   4.531 +           andalso (h <> @{term HOL.implies})
   4.532 +           andalso (h <> @{term HOL.The})
   4.533 +           andalso (h <> @{term HOL.Ex1})
   4.534 +           andalso (h <> @{term HOL.Not})
   4.535 +           andalso (h <> @{term HOL.iff})
   4.536 +           andalso (h <> @{term HOL.not_equal}))
   4.537 +        val args_property =
   4.538 +          fold (fn t => fn b =>
   4.539 +           b andalso is_Free t) args true
   4.540 +      in
   4.541 +        h_property andalso args_property
   4.542 +      end
   4.543 +    | _ => false
   4.544 +*}
   4.545 +
   4.546 +ML {*
   4.547 +(*Hack used to detect if a Skolem definition, with an LHS Var, has had the LHS instantiated into an unacceptable term.*)
   4.548 +fun conc_is_bad_skolem_def t =
   4.549 +  case t of
   4.550 +      Const (@{const_name HOL.eq}, _) $ t' $ (Const (@{const_name Hilbert_Choice.Eps}, _) $ _) =>
   4.551 +      let
   4.552 +        val (h, args) = strip_comb t'
   4.553 +        val get_const_name = dest_Const #> fst
   4.554 +        val const_h_test =
   4.555 +          if is_Const h then
   4.556 +            (get_const_name h = get_const_name @{term HOL.Ex})
   4.557 +             orelse (get_const_name h = get_const_name @{term HOL.All})
   4.558 +             orelse (h = @{term Hilbert_Choice.Eps})
   4.559 +             orelse (h = @{term HOL.conj})
   4.560 +             orelse (h = @{term HOL.disj})
   4.561 +             orelse (h = @{term HOL.eq})
   4.562 +             orelse (h = @{term HOL.implies})
   4.563 +             orelse (h = @{term HOL.The})
   4.564 +             orelse (h = @{term HOL.Ex1})
   4.565 +             orelse (h = @{term HOL.Not})
   4.566 +             orelse (h = @{term HOL.iff})
   4.567 +             orelse (h = @{term HOL.not_equal})
   4.568 +          else true
   4.569 +        val h_property =
   4.570 +          not (is_Free h) andalso
   4.571 +          not (is_Var h) andalso
   4.572 +          const_h_test
   4.573 +        val args_property =
   4.574 +          fold (fn t => fn b =>
   4.575 +           b andalso is_Free t) args true
   4.576 +      in
   4.577 +        h_property andalso args_property
   4.578 +      end
   4.579 +    | _ => false
   4.580 +*}
   4.581 +
   4.582 +ML {*
   4.583 +fun get_skolem_conc t =
   4.584 +  let
   4.585 +    val t' =
   4.586 +      strip_top_all_vars [] t
   4.587 +      |> snd
   4.588 +      |> try_dest_Trueprop
   4.589 +  in
   4.590 +    case t' of
   4.591 +        Const (@{const_name HOL.eq}, _) $ t' $ (Const (@{const_name Hilbert_Choice.Eps}, _) $ _) => SOME t'
   4.592 +      | _ => NONE
   4.593 +  end
   4.594 +
   4.595 +fun get_skolem_conc_const t =
   4.596 +  lift_option
   4.597 +   (fn t' =>
   4.598 +     head_of t'
   4.599 +     |> strip_abs_body
   4.600 +     |> head_of
   4.601 +     |> dest_Const)
   4.602 +   (get_skolem_conc t)
   4.603 +*}
   4.604 +
   4.605 +(*
   4.606 +Technique for handling quantifiers:
   4.607 +  Principles:
   4.608 +  * allE should always match with a !!
   4.609 +  * exE should match with a constant,
   4.610 +     or bind a fresh !! -- currently not doing the latter since it never seems to arised in normal Leo2 proofs.
   4.611 +*)
   4.612 +
   4.613 +ML {*
   4.614 +fun forall_neg_tac candidate_consts ctxt i = fn st =>
   4.615 +  let
   4.616 +    val thy = Proof_Context.theory_of ctxt
   4.617 +
   4.618 +    val gls =
   4.619 +      prop_of st
   4.620 +      |> Logic.strip_horn
   4.621 +      |> fst
   4.622 +
   4.623 +    val parameters =
   4.624 +      if null gls then ""
   4.625 +      else
   4.626 +        rpair (i - 1) gls
   4.627 +        |> uncurry nth
   4.628 +        |> strip_top_all_vars []
   4.629 +        |> fst
   4.630 +        |> map fst (*just get the parameter names*)
   4.631 +        |> (fn l =>
   4.632 +              if null l then ""
   4.633 +              else
   4.634 +                space_implode " " l
   4.635 +                |> pair " "
   4.636 +                |> op ^)
   4.637 +
   4.638 +  in
   4.639 +    if null gls orelse null candidate_consts then no_tac st
   4.640 +    else
   4.641 +      let
   4.642 +        fun instantiate const_name =
   4.643 +          dres_inst_tac ctxt [(("sk", 0), const_name ^ parameters)] @{thm leo2_skolemise}
   4.644 +        val attempts = map instantiate candidate_consts
   4.645 +      in
   4.646 +        (fold (curry (op APPEND')) attempts (K no_tac)) i st
   4.647 +      end
   4.648 +  end
   4.649 +*}
   4.650 +
   4.651 +ML {*
   4.652 +exception SKOLEM_DEF of term (*The tactic wasn't pointed at a skolem definition*)
   4.653 +exception NO_SKOLEM_DEF of (*skolem const name*)string * Binding.binding * term (*The tactic could not find a skolem definition in the theory*)
   4.654 +fun absorb_skolem_def ctxt prob_name_opt i = fn st =>
   4.655 +  let
   4.656 +    val thy = Proof_Context.theory_of ctxt
   4.657 +
   4.658 +    val gls =
   4.659 +      prop_of st
   4.660 +      |> Logic.strip_horn
   4.661 +      |> fst
   4.662 +
   4.663 +    val conclusion =
   4.664 +      if null gls then
   4.665 +        (*this should never be thrown*)
   4.666 +        raise NO_GOALS
   4.667 +      else
   4.668 +        rpair (i - 1) gls
   4.669 +        |> uncurry nth
   4.670 +        |> strip_top_all_vars []
   4.671 +        |> snd
   4.672 +        |> Logic.strip_horn
   4.673 +        |> snd
   4.674 +
   4.675 +    fun skolem_const_info_of t =
   4.676 +      case t of
   4.677 +          Const (@{const_name HOL.Trueprop}, _) $ (Const (@{const_name HOL.eq}, _) $ t' $ (Const (@{const_name Hilbert_Choice.Eps}, _) $ _)) =>
   4.678 +          head_of t'
   4.679 +          |> strip_abs_body (*since in general might have a skolem term, so we want to rip out the prefixing lambdas to get to the constant (which should be at head position)*)
   4.680 +          |> head_of
   4.681 +          |> dest_Const
   4.682 +        | _ => raise SKOLEM_DEF t
   4.683 +
   4.684 +    val const_name =
   4.685 +      skolem_const_info_of conclusion
   4.686 +      |> fst
   4.687 +
   4.688 +    val def_name = const_name ^ "_def"
   4.689 +
   4.690 +    val bnd_def = (*FIXME consts*)
   4.691 +      const_name
   4.692 +      |> space_implode "." o tl o space_explode "." (*FIXME hack to drop theory-name prefix*)
   4.693 +      |> Binding.qualified_name
   4.694 +      |> Binding.suffix_name "_def"
   4.695 +
   4.696 +    val bnd_name =
   4.697 +      case prob_name_opt of
   4.698 +          NONE => bnd_def
   4.699 +        | SOME prob_name =>
   4.700 +(*            Binding.qualify false
   4.701 +             (TPTP_Problem_Name.mangle_problem_name prob_name)
   4.702 +*)
   4.703 +             bnd_def
   4.704 +
   4.705 +    val thm =
   4.706 +      if Name_Space.defined_entry (Theory.axiom_space thy) def_name then
   4.707 +        Thm.axiom thy def_name
   4.708 +      else
   4.709 +        if is_none prob_name_opt then
   4.710 +          (*This mode is for testing, so we can be a bit
   4.711 +            looser with theories*)
   4.712 +          Thm.add_axiom_global (bnd_name, conclusion) thy
   4.713 +          |> fst |> snd
   4.714 +        else
   4.715 +          raise (NO_SKOLEM_DEF (def_name, bnd_name, conclusion))
   4.716 +  in
   4.717 +    rtac (Drule.export_without_context thm) i st
   4.718 +  end
   4.719 +  handle SKOLEM_DEF _ => no_tac st
   4.720 +*}
   4.721 +
   4.722 +ML {*
   4.723 +(*
   4.724 +In current system, there should only be 2 subgoals: the one where
   4.725 +the skolem definition is being built (with a Var in the LHS), and the other subgoal using Var.
   4.726 +*)
   4.727 +(*arity must be greater than 0. if arity=0 then
   4.728 +  there's no need to use this expensive matching.*)
   4.729 +fun find_skolem_term ctxt consts_candidate arity = fn st =>
   4.730 +  let
   4.731 +    val _ = @{assert} (arity > 0)
   4.732 +
   4.733 +    val gls =
   4.734 +      prop_of st
   4.735 +      |> Logic.strip_horn
   4.736 +      |> fst
   4.737 +
   4.738 +    (*extract the conclusion of each subgoal*)
   4.739 +    val conclusions =
   4.740 +      if null gls then
   4.741 +        raise NO_GOALS
   4.742 +      else
   4.743 +        map (strip_top_all_vars [] #> snd #> Logic.strip_horn #> snd) gls
   4.744 +        (*Remove skolem-definition conclusion, to avoid wasting time analysing it*)
   4.745 +        |> List.filter (try_dest_Trueprop #> conc_is_skolem_def #> not)
   4.746 +        (*There should only be a single goal*) (*FIXME this might not always be the case, in practice*)
   4.747 +        (* |> tap (fn x => @{assert} (is_some (try the_single x))) *)
   4.748 +
   4.749 +    (*look for subterms headed by a skolem constant, and whose
   4.750 +      arguments are all parameter Vars*)
   4.751 +    fun get_skolem_terms args (acc : term list) t =
   4.752 +      case t of
   4.753 +          (c as Const _) $ (v as Free _) =>
   4.754 +            if c = consts_candidate andalso
   4.755 +             arity = length args + 1 then
   4.756 +              (list_comb (c, v :: args)) :: acc
   4.757 +            else acc
   4.758 +        | t1 $ (v as Free _) =>
   4.759 +            get_skolem_terms (v :: args) acc t1 @
   4.760 +             get_skolem_terms [] acc t1
   4.761 +        | t1 $ t2 =>
   4.762 +            get_skolem_terms [] acc t1 @
   4.763 +             get_skolem_terms [] acc t2
   4.764 +        | Abs (_, _, t') => get_skolem_terms [] acc t'
   4.765 +        | _ => acc
   4.766 +  in
   4.767 +    map (strip_top_All_vars #> snd) conclusions
   4.768 +    |> map (get_skolem_terms [] [])
   4.769 +    |> List.concat
   4.770 +    |> distinct (op =)
   4.771 +  end
   4.772 +*}
   4.773 +
   4.774 +ML {*
   4.775 +fun instantiate_skols ctxt consts_candidates i = fn st =>
   4.776 +  let
   4.777 +    val thy = Proof_Context.theory_of ctxt
   4.778 +
   4.779 +    val gls =
   4.780 +      prop_of st
   4.781 +      |> Logic.strip_horn
   4.782 +      |> fst
   4.783 +
   4.784 +    val (params, conclusion) =
   4.785 +      if null gls then
   4.786 +        raise NO_GOALS
   4.787 +      else
   4.788 +        rpair (i - 1) gls
   4.789 +        |> uncurry nth
   4.790 +        |> strip_top_all_vars []
   4.791 +        |> apsnd (Logic.strip_horn #> snd)
   4.792 +
   4.793 +    fun skolem_const_info_of t =
   4.794 +      case t of
   4.795 +          Const (@{const_name HOL.Trueprop}, _) $ (Const (@{const_name HOL.eq}, _) $ lhs $ (Const (@{const_name Hilbert_Choice.Eps}, _) $ rhs)) =>
   4.796 +          let
   4.797 +            (*the parameters we will concern ourselves with*)
   4.798 +            val params' =
   4.799 +              Term.add_frees lhs []
   4.800 +              |> distinct (op =)
   4.801 +            (*check to make sure that params' <= params*)
   4.802 +            val _ = @{assert} (List.all (member (op =) params) params')
   4.803 +            val skolem_const_ty =
   4.804 +              let
   4.805 +                val (skolem_const_prety, no_params) =
   4.806 +                  Term.strip_comb lhs
   4.807 +                  |> apfst (dest_Var #> snd) (*head of lhs consists of a logical variable. we just want its type.*)
   4.808 +                  |> apsnd length
   4.809 +
   4.810 +                val _ = @{assert} (length params = no_params)
   4.811 +
   4.812 +                (*get value type of a function type after n arguments have been supplied*)
   4.813 +                fun get_val_ty n ty =
   4.814 +                  if n = 0 then ty
   4.815 +                  else get_val_ty (n - 1) (dest_funT ty |> snd)
   4.816 +              in
   4.817 +                get_val_ty no_params skolem_const_prety
   4.818 +              end
   4.819 +
   4.820 +          in
   4.821 +            (skolem_const_ty, params')
   4.822 +          end
   4.823 +        | _ => raise (SKOLEM_DEF t)
   4.824 +
   4.825 +(*
   4.826 +find skolem const candidates which, after applying distinct members of params' we end up with, give us something of type skolem_const_ty.
   4.827 +
   4.828 +given a candidate's type, skolem_const_ty, and params', we get some pemutations of params' (i.e. the order in which they can be given to the candidate in order to get skolem_const_ty). If the list of permutations is empty, then we cannot use that candidate.
   4.829 +*)
   4.830 +(*
   4.831 +only returns a single matching -- since terms are linear, and variable arguments are Vars, order shouldn't matter, so we can ignore permutations.
   4.832 +doesn't work with polymorphism (for which we'd need to use type unification) -- this is OK since no terms should be polymorphic, since Leo2 proofs aren't.
   4.833 +*)
   4.834 +    fun use_candidate target_ty params acc cur_ty =
   4.835 +      if null params then
   4.836 +        if Type.eq_type Vartab.empty (cur_ty, target_ty) then
   4.837 +          SOME (rev acc)
   4.838 +        else NONE
   4.839 +      else
   4.840 +        let
   4.841 +          val (arg_ty, val_ty) = Term.dest_funT cur_ty
   4.842 +          (*now find a param of type arg_ty*)
   4.843 +          val (candidate_param, params') =
   4.844 +            find_and_remove
   4.845 +             (snd #> pair arg_ty #> Type.eq_type Vartab.empty)
   4.846 +             params
   4.847 +        in
   4.848 +          use_candidate target_ty params' (candidate_param :: acc) val_ty
   4.849 +        end
   4.850 +        handle TYPE ("dest_funT", _, _) => NONE
   4.851 +             | DEST_LIST => NONE
   4.852 +
   4.853 +    val (skolem_const_ty, params') = skolem_const_info_of conclusion
   4.854 +
   4.855 +(*
   4.856 +For each candidate, build a term and pass it to Thm.instantiate, whic in turn is chained with PRIMITIVE to give us this_tactic.
   4.857 +
   4.858 +Big picture:
   4.859 +  we run the following:
   4.860 +    drule leo2_skolemise THEN' this_tactic
   4.861 +
   4.862 +NOTE: remember to APPEND' instead of ORELSE' the two tactics relating to skolemisation
   4.863 +*)
   4.864 +
   4.865 +    val filtered_candidates =
   4.866 +      map (dest_Const
   4.867 +           #> snd
   4.868 +           #> use_candidate skolem_const_ty params' [])
   4.869 +       consts_candidates (* prefiltered_candidates *)
   4.870 +      |> pair consts_candidates (* prefiltered_candidates *)
   4.871 +      |> ListPair.zip
   4.872 +      |> filter (snd #> is_none #> not)
   4.873 +      |> map (apsnd the)
   4.874 +
   4.875 +    val skolem_terms =
   4.876 +      let
   4.877 +        fun make_result_t (t, args) =
   4.878 +          (* list_comb (t, map Free args) *)
   4.879 +          if length args > 0 then
   4.880 +            hd (find_skolem_term ctxt t (length args) st)
   4.881 +          else t
   4.882 +      in
   4.883 +        map make_result_t filtered_candidates
   4.884 +      end
   4.885 +
   4.886 +    (*prefix a skolem term with bindings for the parameters*)
   4.887 +    (* val contextualise = fold absdummy (map snd params) *)
   4.888 +    val contextualise = fold absfree params
   4.889 +
   4.890 +    val skolem_cts = map (contextualise #> cterm_of thy) skolem_terms
   4.891 +
   4.892 +
   4.893 +(*now the instantiation code*)
   4.894 +
   4.895 +    (*there should only be one Var -- that is from the previous application of drule leo2_skolemise. We look for it at the head position in some equation at a conclusion of a subgoal.*)
   4.896 +    val var_opt =
   4.897 +      let
   4.898 +        val pre_var =
   4.899 +          gls
   4.900 +          |> map
   4.901 +              (strip_top_all_vars [] #> snd #>
   4.902 +               Logic.strip_horn #> snd #>
   4.903 +               get_skolem_conc)
   4.904 +          |> switch (fold (fn x => fn l => if is_some x then the x :: l else l)) []
   4.905 +          |> map (switch Term.add_vars [])
   4.906 +          |> List.concat
   4.907 +
   4.908 +        fun make_var pre_var =
   4.909 +          the_single pre_var
   4.910 +          |> Var
   4.911 +          |> cterm_of thy
   4.912 +          |> SOME
   4.913 +      in
   4.914 +        if null pre_var then NONE
   4.915 +        else make_var pre_var
   4.916 +     end
   4.917 +
   4.918 +    fun instantiate_tac from to =
   4.919 +      Thm.instantiate ([], [(from, to)])
   4.920 +      |> PRIMITIVE
   4.921 +
   4.922 +    val tectic =
   4.923 +      if is_none var_opt then no_tac
   4.924 +      else
   4.925 +        fold (curry (op APPEND)) (map (instantiate_tac (the var_opt)) skolem_cts) no_tac
   4.926 +
   4.927 +  in
   4.928 +    tectic st
   4.929 +  end
   4.930 +*}
   4.931 +
   4.932 +ML {*
   4.933 +fun new_skolem_tac ctxt consts_candidates =
   4.934 +  let
   4.935 +    fun tec thm =
   4.936 +      dtac thm
   4.937 +      THEN' instantiate_skols ctxt consts_candidates
   4.938 +  in
   4.939 +    if null consts_candidates then K no_tac
   4.940 +    else FIRST' (map tec @{thms lift_exists})
   4.941 +  end
   4.942 +*}
   4.943 +
   4.944 +(*
   4.945 +need a tactic to expand "? x . P" to "~ ! x. ~ P"
   4.946 +*)
   4.947 +ML {*
   4.948 +fun ex_expander_tac ctxt i =
   4.949 +   let
   4.950 +     val simpset =
   4.951 +       empty_simpset ctxt (*NOTE for some reason, Bind exception gets raised if ctxt's simpset isn't emptied*)
   4.952 +       |> Simplifier.add_simp @{lemma "Ex P == (~ (! x. ~ P x))" by auto}
   4.953 +   in
   4.954 +     CHANGED (asm_full_simp_tac simpset i)
   4.955 +   end
   4.956 +*}
   4.957 +
   4.958 +
   4.959 +subsubsection "extuni_dec"
   4.960 +
   4.961 +ML {*
   4.962 +(*n-ary decomposition. Code is based on the n-ary arg_cong generator*)
   4.963 +fun extuni_dec_n ctxt arity =
   4.964 +  let
   4.965 +    val _ = @{assert} (arity > 0)
   4.966 +    val is =
   4.967 +      upto (1, arity)
   4.968 +      |> map Int.toString
   4.969 +    val arg_tys = map (fn i => TFree ("arg" ^ i ^ "_ty", HOLogic.typeS)) is
   4.970 +    val res_ty = TFree ("res" ^ "_ty", HOLogic.typeS)
   4.971 +    val f_ty = arg_tys ---> res_ty
   4.972 +    val f = Free ("f", f_ty)
   4.973 +    val xs = map (fn i =>
   4.974 +      Free ("x" ^ i, TFree ("arg" ^ i ^ "_ty", HOLogic.typeS))) is
   4.975 +    (*FIXME DRY principle*)
   4.976 +    val ys = map (fn i =>
   4.977 +      Free ("y" ^ i, TFree ("arg" ^ i ^ "_ty", HOLogic.typeS))) is
   4.978 +
   4.979 +    val hyp_lhs = list_comb (f, xs)
   4.980 +    val hyp_rhs = list_comb (f, ys)
   4.981 +    val hyp_eq =
   4.982 +      HOLogic.eq_const res_ty $ hyp_lhs $ hyp_rhs
   4.983 +    val hyp =
   4.984 +      HOLogic.eq_const HOLogic.boolT $ hyp_eq $ @{term False}
   4.985 +      |> HOLogic.mk_Trueprop
   4.986 +    fun conc_eq i =
   4.987 +      let
   4.988 +        val ty = TFree ("arg" ^ i ^ "_ty", HOLogic.typeS)
   4.989 +        val x = Free ("x" ^ i, ty)
   4.990 +        val y = Free ("y" ^ i, ty)
   4.991 +        val eq = HOLogic.eq_const ty $ x $ y
   4.992 +      in
   4.993 +        HOLogic.eq_const HOLogic.boolT $ eq $ @{term False}
   4.994 +      end
   4.995 +
   4.996 +    val conc_disjs = map conc_eq is
   4.997 +
   4.998 +    val conc =
   4.999 +      if length conc_disjs = 1 then
  4.1000 +        the_single conc_disjs
  4.1001 +      else
  4.1002 +        fold
  4.1003 +         (fn t => fn t_conc => HOLogic.mk_disj (t_conc, t))
  4.1004 +         (tl conc_disjs) (hd conc_disjs)
  4.1005 +
  4.1006 +    val t =
  4.1007 +      Logic.mk_implies (hyp, HOLogic.mk_Trueprop conc)
  4.1008 +  in
  4.1009 +    Goal.prove ctxt [] [] t (fn _ => auto_tac ctxt)
  4.1010 +    |> Drule.export_without_context
  4.1011 +  end
  4.1012 +*}
  4.1013 +
  4.1014 +ML {*
  4.1015 +(*Determine the arity of a function which the "dec"
  4.1016 +  unification rule is about to be applied.
  4.1017 +  NOTE:
  4.1018 +    * Assumes that there is a single hypothesis
  4.1019 +*)
  4.1020 +fun find_dec_arity i = fn st =>
  4.1021 +  let
  4.1022 +    val gls =
  4.1023 +      prop_of st
  4.1024 +      |> Logic.strip_horn
  4.1025 +      |> fst
  4.1026 +  in
  4.1027 +    if null gls then raise NO_GOALS
  4.1028 +    else
  4.1029 +      let
  4.1030 +        val (params, (literal, conc_clause)) =
  4.1031 +          rpair (i - 1) gls
  4.1032 +          |> uncurry nth
  4.1033 +          |> strip_top_all_vars []
  4.1034 +          |> apsnd Logic.strip_horn
  4.1035 +          |> apsnd (apfst the_single)
  4.1036 +
  4.1037 +        val get_ty =
  4.1038 +          HOLogic.dest_Trueprop
  4.1039 +          #> strip_top_All_vars
  4.1040 +          #> snd
  4.1041 +          #> HOLogic.dest_eq (*polarity's "="*)
  4.1042 +          #> fst
  4.1043 +          #> HOLogic.dest_eq (*the unification constraint's "="*)
  4.1044 +          #> fst
  4.1045 +          #> head_of
  4.1046 +          #> dest_Const
  4.1047 +          #> snd
  4.1048 +
  4.1049 +       fun arity_of ty =
  4.1050 +         let
  4.1051 +           val (_, res_ty) = dest_funT ty
  4.1052 +
  4.1053 +         in
  4.1054 +           1 + arity_of res_ty
  4.1055 +         end
  4.1056 +         handle (TYPE ("dest_funT", _, _)) => 0
  4.1057 +
  4.1058 +      in
  4.1059 +        arity_of (get_ty literal)
  4.1060 +      end
  4.1061 +  end
  4.1062 +
  4.1063 +(*given an inference, it returns the parameters (i.e., we've already matched the leading & shared quantification in the hypothesis & conclusion clauses), and the "raw" inference*)
  4.1064 +fun breakdown_inference i = fn st =>
  4.1065 +  let
  4.1066 +    val gls =
  4.1067 +      prop_of st
  4.1068 +      |> Logic.strip_horn
  4.1069 +      |> fst
  4.1070 +  in
  4.1071 +    if null gls then raise NO_GOALS
  4.1072 +    else
  4.1073 +      rpair (i - 1) gls
  4.1074 +      |> uncurry nth
  4.1075 +      |> strip_top_all_vars []
  4.1076 +  end
  4.1077 +
  4.1078 +(*build a custom elimination rule for extuni_dec, and instantiate it to match a specific subgoal*)
  4.1079 +fun extuni_dec_elim_rule ctxt arity i = fn st =>
  4.1080 +  let
  4.1081 +    val rule = extuni_dec_n ctxt arity
  4.1082 +
  4.1083 +    val rule_hyp =
  4.1084 +      prop_of rule
  4.1085 +      |> Logic.dest_implies
  4.1086 +      |> fst (*assuming that rule has single hypothesis*)
  4.1087 +
  4.1088 +    (*having run break_hypothesis earlier, we know that the hypothesis
  4.1089 +      now consists of a single literal. We can (and should)
  4.1090 +      disregard the conclusion, since it hasn't been "broken",
  4.1091 +      and it might include some unwanted literals -- the latter
  4.1092 +      could cause "diff" to fail (since they won't agree with the
  4.1093 +      rule we have generated.*)
  4.1094 +
  4.1095 +    val inference_hyp =
  4.1096 +      snd (breakdown_inference i st)
  4.1097 +      |> Logic.dest_implies
  4.1098 +      |> fst (*assuming that inference has single hypothesis,
  4.1099 +               as explained above.*)
  4.1100 +  in
  4.1101 +    TPTP_Reconstruct_Library.diff_and_instantiate ctxt rule rule_hyp inference_hyp
  4.1102 +  end
  4.1103 +
  4.1104 +fun extuni_dec_tac ctxt i = fn st =>
  4.1105 +  let
  4.1106 +    val arity = find_dec_arity i st
  4.1107 +
  4.1108 +    fun elim_tac i st =
  4.1109 +      let
  4.1110 +        val rule =
  4.1111 +          extuni_dec_elim_rule ctxt arity i st
  4.1112 +          (*in case we itroduced free variables during
  4.1113 +            instantiation, we generalise the rule to make
  4.1114 +            those free variables into logical variables.*)
  4.1115 +          |> Thm.forall_intr_frees
  4.1116 +          |> Drule.export_without_context
  4.1117 +      in dtac rule i st end
  4.1118 +      handle NO_GOALS => no_tac st
  4.1119 +
  4.1120 +    fun closure tac =
  4.1121 +     (*batter fails if there's no toplevel disjunction in the
  4.1122 +       hypothesis, so we also try atac*)
  4.1123 +      SOLVE o (tac THEN' (batter ORELSE' atac))
  4.1124 +    val search_tac =
  4.1125 +      ASAP
  4.1126 +        (rtac @{thm disjI1} APPEND' rtac @{thm disjI2})
  4.1127 +        (FIRST' (map closure
  4.1128 +                  [dresolve_tac @{thms dec_commut_eq},
  4.1129 +                   dtac @{thm dec_commut_disj},
  4.1130 +                   elim_tac]))
  4.1131 +  in
  4.1132 +    (CHANGED o search_tac) i st
  4.1133 +  end
  4.1134 +*}
  4.1135 +
  4.1136 +
  4.1137 +subsubsection "standard_cnf"
  4.1138 +(*Given a standard_cnf inference, normalise it
  4.1139 +     e.g. ((A & B) & C \<longrightarrow> D & E \<longrightarrow> F \<longrightarrow> G) = False
  4.1140 +     is changed to
  4.1141 +          (A & B & C & D & E & F \<longrightarrow> G) = False
  4.1142 + then custom-build a metatheorem which validates this:
  4.1143 +          (A & B & C & D & E & F \<longrightarrow> G) = False
  4.1144 +       -------------------------------------------
  4.1145 +          (A = True) & (B = True) & (C = True) &
  4.1146 +          (D = True) & (E = True) & (F = True) & (G = False)
  4.1147 + and apply this metatheorem.
  4.1148 +
  4.1149 +There aren't any "positive" standard_cnfs in Leo2's calculus:
  4.1150 +  e.g.,  "(A \<longrightarrow> B) = True \<Longrightarrow> A = False | (A = True & B = True)"
  4.1151 +since "standard_cnf" seems to be applied at the preprocessing
  4.1152 +stage, together with splitting.
  4.1153 +*)
  4.1154 +
  4.1155 +ML {*
  4.1156 +(*Conjunctive counterparts to Term.disjuncts_aux and Term.disjuncts*)
  4.1157 +fun conjuncts_aux (Const (@{const_name HOL.conj}, _) $ t $ t') conjs =
  4.1158 +     conjuncts_aux t (conjuncts_aux t' conjs)
  4.1159 +  | conjuncts_aux t conjs = t :: conjs
  4.1160 +
  4.1161 +fun conjuncts t = conjuncts_aux t []
  4.1162 +
  4.1163 +(*HOL equivalent of Logic.strip_horn*)
  4.1164 +local
  4.1165 +  fun imp_strip_horn' acc (Const (@{const_name HOL.implies}, _) $ A $ B) =
  4.1166 +        imp_strip_horn' (A :: acc) B
  4.1167 +    | imp_strip_horn' acc t = (acc, t)
  4.1168 +in
  4.1169 +  fun imp_strip_horn t =
  4.1170 +    imp_strip_horn' [] t
  4.1171 +    |> apfst rev
  4.1172 +end
  4.1173 +*}
  4.1174 +
  4.1175 +ML {*
  4.1176 +(*Returns whether the antecedents are separated by conjunctions
  4.1177 +  or implications; the number of antecedents; and the polarity
  4.1178 +  of the original clause -- I think this will always be "false".*)
  4.1179 +fun standard_cnf_type ctxt i : thm -> (TPTP_Reconstruct.formula_kind * int * bool) option = fn st =>
  4.1180 +  let
  4.1181 +    val gls =
  4.1182 +      prop_of st
  4.1183 +      |> Logic.strip_horn
  4.1184 +      |> fst
  4.1185 +
  4.1186 +    val hypos =
  4.1187 +      if null gls then raise NO_GOALS
  4.1188 +      else
  4.1189 +        rpair (i - 1) gls
  4.1190 +        |> uncurry nth
  4.1191 +        |> TPTP_Reconstruct.strip_top_all_vars []
  4.1192 +        |> snd
  4.1193 +        |> Logic.strip_horn
  4.1194 +        |> fst
  4.1195 +
  4.1196 +    (*hypothesis clause should be singleton*)
  4.1197 +    val _ = @{assert} (length hypos = 1)
  4.1198 +
  4.1199 +    val (t, pol) = the_single hypos
  4.1200 +      |> try_dest_Trueprop
  4.1201 +      |> TPTP_Reconstruct.strip_top_All_vars
  4.1202 +      |> snd
  4.1203 +      |> TPTP_Reconstruct.remove_polarity true
  4.1204 +
  4.1205 +    (*literal is negative*)
  4.1206 +    val _ = @{assert} (not pol)
  4.1207 +
  4.1208 +    val (antes, conc) = imp_strip_horn t
  4.1209 +
  4.1210 +    val (ante_type, antes') =
  4.1211 +      if length antes = 1 then
  4.1212 +        let
  4.1213 +          val conjunctive_antes =
  4.1214 +            the_single antes
  4.1215 +            |> conjuncts
  4.1216 +        in
  4.1217 +          if length conjunctive_antes > 1 then
  4.1218 +            (TPTP_Reconstruct.Conjunctive NONE,
  4.1219 +             conjunctive_antes)
  4.1220 +          else
  4.1221 +            (TPTP_Reconstruct.Implicational NONE,
  4.1222 +             antes)
  4.1223 +        end
  4.1224 +      else
  4.1225 +        (TPTP_Reconstruct.Implicational NONE,
  4.1226 +         antes)
  4.1227 +  in
  4.1228 +    if null antes then NONE
  4.1229 +    else SOME (ante_type, length antes', pol)
  4.1230 +  end
  4.1231 +*}
  4.1232 +
  4.1233 +ML {*
  4.1234 +(*Given a certain standard_cnf type, build a metatheorem that would
  4.1235 +  validate it*)
  4.1236 +fun mk_standard_cnf ctxt kind arity =
  4.1237 +  let
  4.1238 +    val _ = @{assert} (arity > 0)
  4.1239 +    val vars =
  4.1240 +      upto (1, arity + 1)
  4.1241 +      |> map (fn i => Free ("x" ^ Int.toString i, HOLogic.boolT))
  4.1242 +
  4.1243 +    val consequent = hd vars
  4.1244 +    val antecedents = tl vars
  4.1245 +
  4.1246 +    val conc =
  4.1247 +      fold
  4.1248 +       (curry HOLogic.mk_conj)
  4.1249 +       (map (fn var => HOLogic.mk_eq (var, @{term True})) antecedents)
  4.1250 +       (HOLogic.mk_eq (consequent, @{term False}))
  4.1251 +
  4.1252 +    val pre_hyp =
  4.1253 +      case kind of
  4.1254 +          TPTP_Reconstruct.Conjunctive NONE =>
  4.1255 +            curry HOLogic.mk_imp
  4.1256 +             (if length antecedents = 1 then the_single antecedents
  4.1257 +              else
  4.1258 +                fold (curry HOLogic.mk_conj) (tl antecedents) (hd antecedents))
  4.1259 +             (hd vars)
  4.1260 +        | TPTP_Reconstruct.Implicational NONE =>
  4.1261 +            fold (curry HOLogic.mk_imp) antecedents consequent
  4.1262 +
  4.1263 +    val hyp = HOLogic.mk_eq (pre_hyp, @{term False})
  4.1264 +
  4.1265 +    val t =
  4.1266 +      Logic.mk_implies (HOLogic.mk_Trueprop  hyp, HOLogic.mk_Trueprop conc)
  4.1267 +  in
  4.1268 +    Goal.prove ctxt [] [] t (fn _ => HEADGOAL (blast_tac ctxt))
  4.1269 +    |> Drule.export_without_context
  4.1270 +  end
  4.1271 +*}
  4.1272 +
  4.1273 +ML {*
  4.1274 +(*Applies a d-tactic, then breaks it up conjunctively.
  4.1275 +  This can be used to transform subgoals as follows:
  4.1276 +     (A \<longrightarrow> B) = False  \<Longrightarrow> R
  4.1277 +              |
  4.1278 +              v
  4.1279 +  \<lbrakk>A = True; B = False\<rbrakk> \<Longrightarrow> R
  4.1280 +*)
  4.1281 +fun weak_conj_tac drule =
  4.1282 +  dtac drule THEN' (REPEAT_DETERM o etac @{thm conjE})
  4.1283 +*}
  4.1284 +
  4.1285 +ML {*
  4.1286 +val uncurry_lit_neg_tac =
  4.1287 +  dtac @{lemma "(A \<longrightarrow> B \<longrightarrow> C) = False \<Longrightarrow> (A & B \<longrightarrow> C) = False" by auto}
  4.1288 +  #> REPEAT_DETERM
  4.1289 +*}
  4.1290 +
  4.1291 +ML {*
  4.1292 +fun standard_cnf_tac ctxt i = fn st =>
  4.1293 +  let
  4.1294 +    fun core_tactic i = fn st =>
  4.1295 +      case standard_cnf_type ctxt i st of
  4.1296 +          NONE => no_tac st
  4.1297 +        | SOME (kind, arity, _) =>
  4.1298 +            let
  4.1299 +              val rule = mk_standard_cnf ctxt kind arity;
  4.1300 +            in
  4.1301 +              (weak_conj_tac rule THEN' atac) i st
  4.1302 +            end
  4.1303 +  in
  4.1304 +    (uncurry_lit_neg_tac
  4.1305 +     THEN' TPTP_Reconstruct_Library.reassociate_conjs_tac ctxt
  4.1306 +     THEN' core_tactic) i st
  4.1307 +  end
  4.1308 +*}
  4.1309 +
  4.1310 +
  4.1311 +subsubsection "Emulator prep"
  4.1312 +
  4.1313 +ML {*
  4.1314 +datatype cleanup_feature =
  4.1315 +    RemoveHypothesesFromSkolemDefs
  4.1316 +  | RemoveDuplicates
  4.1317 +
  4.1318 +datatype loop_feature =
  4.1319 +    Close_Branch
  4.1320 +  | ConjI
  4.1321 +  | King_Cong
  4.1322 +  | Break_Hypotheses
  4.1323 +  | Donkey_Cong (*simper_animal + ex_expander_tac*)
  4.1324 +  | RemoveRedundantQuantifications
  4.1325 +  | Assumption
  4.1326 +
  4.1327 +  (*Closely based on Leo2 calculus*)
  4.1328 +  | Existential_Free
  4.1329 +  | Existential_Var
  4.1330 +  | Universal
  4.1331 +  | Not_pos
  4.1332 +  | Not_neg
  4.1333 +  | Or_pos
  4.1334 +  | Or_neg
  4.1335 +  | Equal_pos
  4.1336 +  | Equal_neg
  4.1337 +  | Extuni_Bool2
  4.1338 +  | Extuni_Bool1
  4.1339 +  | Extuni_Dec
  4.1340 +  | Extuni_Bind
  4.1341 +  | Extuni_Triv
  4.1342 +  | Extuni_FlexRigid
  4.1343 +  | Extuni_Func
  4.1344 +  | Polarity_switch
  4.1345 +  | Forall_special_pos
  4.1346 +
  4.1347 +datatype feature =
  4.1348 +    ConstsDiff
  4.1349 +  | StripQuantifiers
  4.1350 +  | Flip_Conclusion
  4.1351 +  | Loop of loop_feature list
  4.1352 +  | LoopOnce of loop_feature list
  4.1353 +  | InnerLoopOnce of loop_feature list
  4.1354 +  | CleanUp of cleanup_feature list
  4.1355 +  | AbsorbSkolemDefs
  4.1356 +*}
  4.1357 +
  4.1358 +ML {*
  4.1359 +fun can_feature x l =
  4.1360 +  let
  4.1361 +    fun sublist_of_clean_up el =
  4.1362 +      case el of
  4.1363 +          CleanUp l'' => SOME l''
  4.1364 +        | _ => NONE
  4.1365 +    fun sublist_of_loop el =
  4.1366 +      case el of
  4.1367 +          Loop l'' => SOME l''
  4.1368 +        | _ => NONE
  4.1369 +    fun sublist_of_loop_once el =
  4.1370 +      case el of
  4.1371 +          LoopOnce l'' => SOME l''
  4.1372 +        | _ => NONE
  4.1373 +    fun sublist_of_inner_loop_once el =
  4.1374 +      case el of
  4.1375 +          InnerLoopOnce l'' => SOME l''
  4.1376 +        | _ => NONE
  4.1377 +
  4.1378 +    fun check_sublist sought_sublist opt_list =
  4.1379 +      if List.all is_none opt_list then false
  4.1380 +      else
  4.1381 +        fold_options opt_list
  4.1382 +        |> List.concat
  4.1383 +        |> pair sought_sublist
  4.1384 +        |> subset (op =)
  4.1385 +  in
  4.1386 +    case x of
  4.1387 +        CleanUp l' =>
  4.1388 +          map sublist_of_clean_up l
  4.1389 +          |> check_sublist l'
  4.1390 +      | Loop l' =>
  4.1391 +          map sublist_of_loop l
  4.1392 +          |> check_sublist l'
  4.1393 +      | LoopOnce l' =>
  4.1394 +          map sublist_of_loop_once l
  4.1395 +          |> check_sublist l'
  4.1396 +      | InnerLoopOnce l' =>
  4.1397 +          map sublist_of_inner_loop_once l
  4.1398 +          |> check_sublist l'
  4.1399 +      | _ => List.exists (curry (op =) x) l
  4.1400 +  end;
  4.1401 +
  4.1402 +fun loop_can_feature loop_feats l =
  4.1403 +  can_feature (Loop loop_feats) l orelse
  4.1404 +  can_feature (LoopOnce loop_feats) l orelse
  4.1405 +  can_feature (InnerLoopOnce loop_feats) l;
  4.1406 +
  4.1407 +@{assert} (can_feature ConstsDiff [StripQuantifiers, ConstsDiff]);
  4.1408 +
  4.1409 +@{assert}
  4.1410 +  (can_feature (CleanUp [RemoveHypothesesFromSkolemDefs])
  4.1411 +    [CleanUp [RemoveHypothesesFromSkolemDefs, RemoveDuplicates]]);
  4.1412 +
  4.1413 +@{assert}
  4.1414 +  (can_feature (Loop []) [Loop [Existential_Var]]);
  4.1415 +
  4.1416 +@{assert}
  4.1417 +  (not (can_feature (Loop []) [InnerLoopOnce [Existential_Var]]));
  4.1418 +*}
  4.1419 +
  4.1420 +ML {*
  4.1421 +exception NO_LOOP_FEATS
  4.1422 +fun get_loop_feats (feats : feature list) =
  4.1423 +  let
  4.1424 +    val loop_find =
  4.1425 +      fold (fn x => fn loop_feats_acc =>
  4.1426 +        if is_some loop_feats_acc then loop_feats_acc
  4.1427 +        else
  4.1428 +          case x of
  4.1429 +              Loop loop_feats => SOME loop_feats
  4.1430 +            | LoopOnce loop_feats => SOME loop_feats
  4.1431 +            | InnerLoopOnce loop_feats => SOME loop_feats
  4.1432 +            | _ => NONE)
  4.1433 +       feats
  4.1434 +       NONE
  4.1435 +  in
  4.1436 +    if is_some loop_find then the loop_find
  4.1437 +    else raise NO_LOOP_FEATS
  4.1438 +  end;
  4.1439 +
  4.1440 +@{assert}
  4.1441 +  (get_loop_feats [Loop [King_Cong, Break_Hypotheses, Existential_Free, Existential_Var, Universal]] =
  4.1442 +   [King_Cong, Break_Hypotheses, Existential_Free, Existential_Var, Universal])
  4.1443 +*}
  4.1444 +
  4.1445 +(*use as elim rule to remove premises*)
  4.1446 +lemma insa_prems: "\<lbrakk>Q; P\<rbrakk> \<Longrightarrow> P" by auto
  4.1447 +ML {*
  4.1448 +fun cleanup_skolem_defs feats =
  4.1449 +  let
  4.1450 +    (*remove hypotheses from skolem defs,
  4.1451 +     after testing that they look like skolem defs*)
  4.1452 +    val dehypothesise_skolem_defs =
  4.1453 +      COND' (SOME #> TERMPRED (fn _ => true) conc_is_skolem_def)
  4.1454 +        (REPEAT_DETERM o etac @{thm insa_prems})
  4.1455 +        (K no_tac)
  4.1456 +  in
  4.1457 +    if can_feature (CleanUp [RemoveHypothesesFromSkolemDefs]) feats then
  4.1458 +      ALLGOALS (TRY o dehypothesise_skolem_defs)
  4.1459 +    else all_tac
  4.1460 +  end
  4.1461 +*}
  4.1462 +
  4.1463 +ML {*
  4.1464 +fun remove_duplicates_tac feats =
  4.1465 +  (if can_feature (CleanUp [RemoveDuplicates]) feats then
  4.1466 +     ALLGOALS distinct_subgoal_tac
  4.1467 +   else all_tac)
  4.1468 +*}
  4.1469 +
  4.1470 +ML {*
  4.1471 +(*given a goal state, indicates the skolem constants committed-to in it (i.e. appearing in LHS of a skolem definition)*)
  4.1472 +val which_skolem_concs_used = fn st =>
  4.1473 +  let
  4.1474 +    val feats = [CleanUp [RemoveHypothesesFromSkolemDefs, RemoveDuplicates]]
  4.1475 +    val scrubup_tac =
  4.1476 +      cleanup_skolem_defs feats
  4.1477 +      THEN remove_duplicates_tac feats
  4.1478 +  in
  4.1479 +    scrubup_tac st
  4.1480 +    |> break_seq
  4.1481 +    |> tap (fn (_, rest) => @{assert} (null (Seq.list_of rest)))
  4.1482 +    |> fst
  4.1483 +    |> TERMFUN (snd (*discard hypotheses*)
  4.1484 +                 #> get_skolem_conc_const) NONE
  4.1485 +    |> switch (fold (fn x => fn l => if is_some x then the x :: l else l)) []
  4.1486 +    |> map Const
  4.1487 +  end
  4.1488 +*}
  4.1489 +
  4.1490 +ML {*
  4.1491 +fun exists_tac ctxt feats consts_diff =
  4.1492 +  let
  4.1493 +    val ex_var =
  4.1494 +      if loop_can_feature [Existential_Var] feats andalso consts_diff <> [] then
  4.1495 +        new_skolem_tac ctxt consts_diff
  4.1496 +        (*We're making sure that each skolem constant is used once in instantiations.*)
  4.1497 +      else K no_tac
  4.1498 +
  4.1499 +    val ex_free =
  4.1500 +      if loop_can_feature [Existential_Free] feats andalso consts_diff = [] then
  4.1501 +        eresolve_tac @{thms polar_exE}
  4.1502 +      else K no_tac
  4.1503 +  in
  4.1504 +    ex_var APPEND' ex_free
  4.1505 +  end
  4.1506 +
  4.1507 +fun forall_tac ctxt feats =
  4.1508 +  if loop_can_feature [Universal] feats then
  4.1509 +    forall_pos_tac ctxt
  4.1510 +  else K no_tac
  4.1511 +*}
  4.1512 +
  4.1513 +
  4.1514 +subsubsection "Finite types"
  4.1515 +(*lift quantification from a singleton literal to a singleton clause*)
  4.1516 +lemma forall_pos_lift:
  4.1517 +"\<lbrakk>(! X. P X) = True; ! X. (P X = True) \<Longrightarrow> R\<rbrakk> \<Longrightarrow> R" by auto
  4.1518 +
  4.1519 +(*predicate over the type of the leading quantified variable*)
  4.1520 +
  4.1521 +ML {*
  4.1522 +val extcnf_forall_special_pos_tac =
  4.1523 +  let
  4.1524 +    val bool =
  4.1525 +      ["True", "False"]
  4.1526 +
  4.1527 +    val bool_to_bool =
  4.1528 +      ["% _ . True", "% _ . False", "% x . x", "Not"]
  4.1529 +
  4.1530 +    val tecs =
  4.1531 +      map (fn t_s =>
  4.1532 +       eres_inst_tac @{context} [(("x", 0), t_s)] @{thm allE}
  4.1533 +       THEN' atac)
  4.1534 +  in
  4.1535 +    (TRY o etac @{thm forall_pos_lift})
  4.1536 +    THEN' (atac
  4.1537 +           ORELSE' FIRST'
  4.1538 +            (*FIXME could check the type of the leading quantified variable, instead of trying everything*)
  4.1539 +            (tecs (bool @ bool_to_bool)))
  4.1540 +  end
  4.1541 +*}
  4.1542 +
  4.1543 +
  4.1544 +subsubsection "Emulator"
  4.1545 +
  4.1546 +lemma efq: "[|A = True; A = False|] ==> R" by auto
  4.1547 +ML {*
  4.1548 +val efq_tac =
  4.1549 +  (etac @{thm efq} THEN' atac)
  4.1550 +  ORELSE' atac
  4.1551 +*}
  4.1552 +
  4.1553 +ML {*
  4.1554 +(*This is applied to all subgoals, repeatedly*)
  4.1555 +fun extcnf_combined_main ctxt feats consts_diff =
  4.1556 +  let
  4.1557 +    (*This is applied to subgoals which don't have a conclusion
  4.1558 +      consisting of a Skolem definition*)
  4.1559 +    fun extcnf_combined_tac' ctxt i = fn st =>
  4.1560 +      let
  4.1561 +        val skolem_consts_used_so_far = which_skolem_concs_used st
  4.1562 +        val consts_diff' = subtract (op =) skolem_consts_used_so_far consts_diff
  4.1563 +
  4.1564 +        fun feat_to_tac feat =
  4.1565 +          case feat of
  4.1566 +              Close_Branch => trace_tac' "mark: closer" efq_tac
  4.1567 +            | ConjI => trace_tac' "mark: conjI" (rtac @{thm conjI})
  4.1568 +            | King_Cong => trace_tac' "mark: expander_animal" (expander_animal ctxt)
  4.1569 +            | Break_Hypotheses => trace_tac' "mark: break_hypotheses" break_hypotheses
  4.1570 +            | RemoveRedundantQuantifications => K all_tac
  4.1571 +(*
  4.1572 +FIXME Building this into the loop instead.. maybe not the ideal choice
  4.1573 +            | RemoveRedundantQuantifications =>
  4.1574 +                trace_tac' "mark: strip_unused_variable_hyp"
  4.1575 +                 (REPEAT_DETERM o remove_redundant_quantification_in_lit)
  4.1576 +*)
  4.1577 +
  4.1578 +            | Assumption => atac
  4.1579 +(*FIXME both Existential_Free and Existential_Var run same code*)
  4.1580 +            | Existential_Free => trace_tac' "mark: forall_neg" (exists_tac ctxt feats consts_diff')
  4.1581 +            | Existential_Var => trace_tac' "mark: forall_neg" (exists_tac ctxt feats consts_diff')
  4.1582 +            | Universal => trace_tac' "mark: forall_pos" (forall_tac ctxt feats)
  4.1583 +            | Not_pos => trace_tac' "mark: not_pos" (dtac @{thm leo2_rules(9)})
  4.1584 +            | Not_neg => trace_tac' "mark: not_neg" (dtac @{thm leo2_rules(10)})
  4.1585 +            | Or_pos => trace_tac' "mark: or_pos" (dtac @{thm leo2_rules(5)}) (*could add (6) for negated conjunction*)
  4.1586 +            | Or_neg => trace_tac' "mark: or_neg" (dtac @{thm leo2_rules(7)})
  4.1587 +            | Equal_pos => trace_tac' "mark: equal_pos" (dresolve_tac (@{thms eq_pos_bool} @ [@{thm leo2_rules(3)}, @{thm eq_pos_func}]))
  4.1588 +            | Equal_neg => trace_tac' "mark: equal_neg" (dresolve_tac [@{thm eq_neg_bool}, @{thm leo2_rules(4)}])
  4.1589 +            | Donkey_Cong => trace_tac' "mark: donkey_cong" (simper_animal ctxt THEN' ex_expander_tac ctxt)
  4.1590 +
  4.1591 +            | Extuni_Bool2 => trace_tac' "mark: extuni_bool2" (dtac @{thm extuni_bool2})
  4.1592 +            | Extuni_Bool1 => trace_tac' "mark: extuni_bool1" (dtac @{thm extuni_bool1})
  4.1593 +            | Extuni_Bind => trace_tac' "mark: extuni_triv" (etac @{thm extuni_triv})
  4.1594 +            | Extuni_Triv => trace_tac' "mark: extuni_triv" (etac @{thm extuni_triv})
  4.1595 +            | Extuni_Dec => trace_tac' "mark: extuni_dec_tac" (extuni_dec_tac ctxt)
  4.1596 +            | Extuni_FlexRigid => trace_tac' "mark: extuni_flex_rigid" (atac ORELSE' asm_full_simp_tac ctxt)
  4.1597 +            | Extuni_Func => trace_tac' "mark: extuni_func" (dtac @{thm extuni_func})
  4.1598 +            | Polarity_switch => trace_tac' "mark: polarity_switch" (eresolve_tac @{thms polarity_switch})
  4.1599 +            | Forall_special_pos => trace_tac' "mark: dorall_special_pos" extcnf_forall_special_pos_tac
  4.1600 +
  4.1601 +        val core_tac =
  4.1602 +          get_loop_feats feats
  4.1603 +          |> map feat_to_tac
  4.1604 +          |> FIRST'
  4.1605 +      in
  4.1606 +        core_tac i st
  4.1607 +      end
  4.1608 +
  4.1609 +    (*This is applied to all subgoals, repeatedly*)
  4.1610 +    fun extcnf_combined_tac ctxt i =
  4.1611 +      COND (TERMPRED (fn _ => true) conc_is_skolem_def (SOME i))
  4.1612 +        no_tac
  4.1613 +        (extcnf_combined_tac' ctxt i)
  4.1614 +
  4.1615 +    val core_tac = CHANGED (ALLGOALS (IF_UNSOLVED o TRY o extcnf_combined_tac ctxt))
  4.1616 +
  4.1617 +    val full_tac = REPEAT core_tac
  4.1618 +
  4.1619 +  in
  4.1620 +    CHANGED
  4.1621 +      (if can_feature (InnerLoopOnce []) feats then
  4.1622 +         core_tac
  4.1623 +       else full_tac)
  4.1624 +  end
  4.1625 +
  4.1626 +val interpreted_consts =
  4.1627 +  [@{const_name HOL.All}, @{const_name HOL.Ex},
  4.1628 +   @{const_name Hilbert_Choice.Eps},
  4.1629 +   @{const_name HOL.conj},
  4.1630 +   @{const_name HOL.disj},
  4.1631 +   @{const_name HOL.eq},
  4.1632 +   @{const_name HOL.implies},
  4.1633 +   @{const_name HOL.The},
  4.1634 +   @{const_name HOL.Ex1},
  4.1635 +   @{const_name HOL.Not},
  4.1636 +   (* @{const_name HOL.iff}, *) (*FIXME do these exist?*)
  4.1637 +   (* @{const_name HOL.not_equal}, *)
  4.1638 +   @{const_name HOL.False},
  4.1639 +   @{const_name HOL.True},
  4.1640 +   @{const_name "==>"}]
  4.1641 +
  4.1642 +fun strip_qtfrs_tac ctxt =
  4.1643 +  REPEAT_DETERM (HEADGOAL (rtac @{thm allI}))
  4.1644 +  THEN REPEAT_DETERM (HEADGOAL (etac @{thm exE}))
  4.1645 +  THEN HEADGOAL (canonicalise_qtfr_order ctxt)
  4.1646 +  THEN
  4.1647 +    ((REPEAT (HEADGOAL (nominal_inst_parametermatch_tac ctxt @{thm allE})))
  4.1648 +     APPEND (REPEAT (HEADGOAL (inst_parametermatch_tac ctxt [@{thm allE}]))))
  4.1649 +  (*FIXME need to handle "@{thm exI}"?*)
  4.1650 +
  4.1651 +(*difference in constants between the hypothesis clause and the conclusion clause*)
  4.1652 +fun clause_consts_diff thm =
  4.1653 +  let
  4.1654 +    val t =
  4.1655 +      prop_of thm
  4.1656 +      |> Logic.dest_implies
  4.1657 +      |> fst
  4.1658 +
  4.1659 +      (*This bit should not be needed, since Leo2 inferences don't have parameters*)
  4.1660 +      |> TPTP_Reconstruct.strip_top_all_vars []
  4.1661 +      |> snd
  4.1662 +
  4.1663 +    val do_diff =
  4.1664 +      Logic.dest_implies
  4.1665 +      #> uncurry TPTP_Reconstruct.new_consts_between
  4.1666 +      #> filter
  4.1667 +           (fn Const (n, _) =>
  4.1668 +             not (member (op =) interpreted_consts n))
  4.1669 +  in
  4.1670 +    if head_of t = Logic.implies then do_diff t
  4.1671 +    else []
  4.1672 +  end
  4.1673 +*}
  4.1674 +
  4.1675 +ML {*
  4.1676 +(*remove quantification in hypothesis clause (! X. t), if
  4.1677 +  X not free in t*)
  4.1678 +fun remove_redundant_quantification ctxt i = fn st =>
  4.1679 +  let
  4.1680 +    val gls =
  4.1681 +      prop_of st
  4.1682 +      |> Logic.strip_horn
  4.1683 +      |> fst
  4.1684 +  in
  4.1685 +    if null gls then raise NO_GOALS
  4.1686 +    else
  4.1687 +      let
  4.1688 +        val (params, (hyp_clauses, conc_clause)) =
  4.1689 +          rpair (i - 1) gls
  4.1690 +          |> uncurry nth
  4.1691 +          |> TPTP_Reconstruct.strip_top_all_vars []
  4.1692 +          |> apsnd Logic.strip_horn
  4.1693 +      in
  4.1694 +        (*this is to fail gracefully in case this tactic is applied to a goal which doesn't have a single hypothesis*)
  4.1695 +        if length hyp_clauses > 1 then no_tac st
  4.1696 +        else
  4.1697 +          let
  4.1698 +            val hyp_clause = the_single hyp_clauses
  4.1699 +            val sep_prefix =
  4.1700 +              HOLogic.dest_Trueprop
  4.1701 +              #> TPTP_Reconstruct.strip_top_All_vars
  4.1702 +              #> apfst rev
  4.1703 +            val (hyp_prefix, hyp_body) = sep_prefix hyp_clause
  4.1704 +            val (conc_prefix, conc_body) = sep_prefix conc_clause
  4.1705 +          in
  4.1706 +            if null hyp_prefix orelse
  4.1707 +              member (op =) conc_prefix (hd hyp_prefix) orelse
  4.1708 +              member (op =)  (Term.add_frees hyp_body []) (hd hyp_prefix) then
  4.1709 +              no_tac st
  4.1710 +            else
  4.1711 +              eres_inst_tac ctxt [(("x", 0), "(@X. False)")] @{thm allE} i st
  4.1712 +          end
  4.1713 +     end
  4.1714 +  end
  4.1715 +*}
  4.1716 +
  4.1717 +ML {*
  4.1718 +fun remove_redundant_quantification_ignore_skolems ctxt i =
  4.1719 +  COND (TERMPRED (fn _ => true) conc_is_skolem_def (SOME i))
  4.1720 +    no_tac
  4.1721 +    (remove_redundant_quantification ctxt i)
  4.1722 +*}
  4.1723 +
  4.1724 +lemma drop_redundant_literal_qtfr:
  4.1725 +  "(! X. P) = True \<Longrightarrow> P = True"
  4.1726 +  "(? X. P) = True \<Longrightarrow> P = True"
  4.1727 +  "(! X. P) = False \<Longrightarrow> P = False"
  4.1728 +  "(? X. P) = False \<Longrightarrow> P = False"
  4.1729 +by auto
  4.1730 +
  4.1731 +ML {*
  4.1732 +(*remove quantification in the literal "(! X. t) = True/False"
  4.1733 +  in the singleton hypothesis clause, if X not free in t*)
  4.1734 +fun remove_redundant_quantification_in_lit ctxt i = fn st =>
  4.1735 +  let
  4.1736 +    val gls =
  4.1737 +      prop_of st
  4.1738 +      |> Logic.strip_horn
  4.1739 +      |> fst
  4.1740 +  in
  4.1741 +    if null gls then raise NO_GOALS
  4.1742 +    else
  4.1743 +      let
  4.1744 +        val (params, (hyp_clauses, conc_clause)) =
  4.1745 +          rpair (i - 1) gls
  4.1746 +          |> uncurry nth
  4.1747 +          |> TPTP_Reconstruct.strip_top_all_vars []
  4.1748 +          |> apsnd Logic.strip_horn
  4.1749 +      in
  4.1750 +        (*this is to fail gracefully in case this tactic is applied to a goal which doesn't have a single hypothesis*)
  4.1751 +        if length hyp_clauses > 1 then no_tac st
  4.1752 +        else
  4.1753 +          let
  4.1754 +            fun literal_content (Const (@{const_name HOL.eq}, _) $ lhs $ (rhs as @{term True})) = SOME (lhs, rhs)
  4.1755 +              | literal_content (Const (@{const_name HOL.eq}, _) $ lhs $ (rhs as @{term False})) = SOME (lhs, rhs)
  4.1756 +              | literal_content t = NONE
  4.1757 +
  4.1758 +            val hyp_clause =
  4.1759 +              the_single hyp_clauses
  4.1760 +              |> HOLogic.dest_Trueprop
  4.1761 +              |> literal_content
  4.1762 +
  4.1763 +          in
  4.1764 +            if is_none hyp_clause then
  4.1765 +              no_tac st
  4.1766 +            else
  4.1767 +              let
  4.1768 +                val (hyp_lit_prefix, hyp_lit_body) =
  4.1769 +                  the hyp_clause
  4.1770 +                  |> (fn (t, polarity) =>
  4.1771 +                       TPTP_Reconstruct.strip_top_All_vars t
  4.1772 +                       |> apfst rev)
  4.1773 +              in
  4.1774 +                if null hyp_lit_prefix orelse
  4.1775 +                  member (op =)  (Term.add_frees hyp_lit_body []) (hd hyp_lit_prefix) then
  4.1776 +                  no_tac st
  4.1777 +                else
  4.1778 +                  dresolve_tac @{thms drop_redundant_literal_qtfr} i st
  4.1779 +              end
  4.1780 +          end
  4.1781 +     end
  4.1782 +  end
  4.1783 +*}
  4.1784 +
  4.1785 +ML {*
  4.1786 +fun remove_redundant_quantification_in_lit_ignore_skolems ctxt i =
  4.1787 +  COND (TERMPRED (fn _ => true) conc_is_skolem_def (SOME i))
  4.1788 +    no_tac
  4.1789 +    (remove_redundant_quantification_in_lit ctxt i)
  4.1790 +*}
  4.1791 +
  4.1792 +ML {*
  4.1793 +fun extcnf_combined_tac ctxt prob_name_opt feats skolem_consts = fn st =>
  4.1794 +  let
  4.1795 +    val thy = Proof_Context.theory_of ctxt
  4.1796 +
  4.1797 +    (*Initially, st consists of a single goal, showing the
  4.1798 +      hypothesis clause implying the conclusion clause.
  4.1799 +      There are no parameters.*)
  4.1800 +    val consts_diff =
  4.1801 +      union (op =) skolem_consts
  4.1802 +       (if can_feature ConstsDiff feats then
  4.1803 +          clause_consts_diff st
  4.1804 +        else [])
  4.1805 +
  4.1806 +    val main_tac =
  4.1807 +      if can_feature (LoopOnce []) feats orelse can_feature (InnerLoopOnce []) feats then
  4.1808 +        extcnf_combined_main ctxt feats consts_diff
  4.1809 +      else if can_feature (Loop []) feats then
  4.1810 +        BEST_FIRST (TERMPRED (fn _ => true) conc_is_skolem_def NONE, size_of_thm)
  4.1811 +(*FIXME maybe need to weaken predicate to include "solved form"?*)
  4.1812 +         (extcnf_combined_main ctxt feats consts_diff)
  4.1813 +      else all_tac (*to allow us to use the cleaning features*)
  4.1814 +
  4.1815 +    (*Remove hypotheses from Skolem definitions,
  4.1816 +      then remove duplicate subgoals,
  4.1817 +      then we should be left with skolem definitions:
  4.1818 +        absorb them as axioms into the theory.*)
  4.1819 +    val cleanup =
  4.1820 +      cleanup_skolem_defs feats
  4.1821 +      THEN remove_duplicates_tac feats
  4.1822 +      THEN (if can_feature AbsorbSkolemDefs feats then
  4.1823 +              ALLGOALS (absorb_skolem_def ctxt prob_name_opt)
  4.1824 +            else all_tac)
  4.1825 +
  4.1826 +    val have_loop_feats =
  4.1827 +      (get_loop_feats feats; true)
  4.1828 +      handle NO_LOOP_FEATS => false
  4.1829 +
  4.1830 +    val tec =
  4.1831 +      (if can_feature StripQuantifiers feats then
  4.1832 +         (REPEAT (CHANGED (strip_qtfrs_tac ctxt)))
  4.1833 +       else all_tac)
  4.1834 +      THEN (if can_feature Flip_Conclusion feats then
  4.1835 +             HEADGOAL (flip_conclusion_tac ctxt)
  4.1836 +           else all_tac)
  4.1837 +
  4.1838 +      (*after stripping the quantifiers any remaining quantifiers
  4.1839 +        can be simply eliminated -- they're redundant*)
  4.1840 +      (*FIXME instead of just using allE, instantiate to a silly
  4.1841 +         term, to remove opportunities for unification.*)
  4.1842 +      THEN (REPEAT_DETERM (etac @{thm allE} 1))
  4.1843 +
  4.1844 +      THEN (REPEAT_DETERM (rtac @{thm allI} 1))
  4.1845 +
  4.1846 +      THEN (if have_loop_feats then
  4.1847 +              REPEAT (CHANGED
  4.1848 +              ((ALLGOALS (TRY o clause_breaker)) (*brush away literals which don't change*)
  4.1849 +               THEN
  4.1850 +                (*FIXME move this to a different level?*)
  4.1851 +                (if loop_can_feature [Polarity_switch] feats then
  4.1852 +                   all_tac
  4.1853 +                 else
  4.1854 +                   (TRY (IF_UNSOLVED (HEADGOAL (remove_redundant_quantification_ignore_skolems ctxt))))
  4.1855 +                   THEN (TRY (IF_UNSOLVED (HEADGOAL (remove_redundant_quantification_in_lit_ignore_skolems ctxt)))))
  4.1856 +               THEN (TRY main_tac)))
  4.1857 +            else
  4.1858 +              all_tac)
  4.1859 +      THEN IF_UNSOLVED cleanup
  4.1860 +
  4.1861 +  in
  4.1862 +    DEPTH_SOLVE (CHANGED tec) st
  4.1863 +  end
  4.1864 +*}
  4.1865 +
  4.1866 +
  4.1867 +subsubsection "unfold_def"
  4.1868 +
  4.1869 +(*this is used when handling unfold_tac, because the skeleton includes the definitions conjoined with the goal. it turns out that, for my tactic, the definitions are harmful. instead of modifying the skeleton (which may be nontrivial) i'm just dropping the information using this lemma. obviously, and from the name, order matters here.*)
  4.1870 +lemma drop_first_hypothesis [rule_format]: "\<lbrakk>A; B\<rbrakk> \<Longrightarrow> B" by auto
  4.1871 +
  4.1872 +(*Unfold_def works by reducing the goal to a meta equation,
  4.1873 +  then working on it until it can be discharged by atac,
  4.1874 +  or reflexive, or else turned back into an object equation
  4.1875 +  and broken down further.*)
  4.1876 +lemma un_meta_polarise: "(X \<equiv> True) \<Longrightarrow> X" by auto
  4.1877 +lemma meta_polarise: "X \<Longrightarrow> X \<equiv> True" by auto
  4.1878 +
  4.1879 +ML {*
  4.1880 +fun unfold_def_tac ctxt depends_on_defs = fn st =>
  4.1881 +  let
  4.1882 +    (*This is used when we end up with something like
  4.1883 +        (A & B) \<equiv> True \<Longrightarrow> (B & A) \<equiv> True.
  4.1884 +      It breaks down this subgoal until it can be trivially
  4.1885 +      discharged.
  4.1886 +     *)
  4.1887 +    val kill_meta_eqs_tac =
  4.1888 +      dtac @{thm un_meta_polarise}
  4.1889 +      THEN' rtac @{thm meta_polarise}
  4.1890 +      THEN' (REPEAT_DETERM o (etac @{thm conjE}))
  4.1891 +      THEN' (REPEAT_DETERM o (rtac @{thm conjI} ORELSE' atac))
  4.1892 +
  4.1893 +    val continue_reducing_tac =
  4.1894 +      rtac @{thm meta_eq_to_obj_eq} 1
  4.1895 +      THEN (REPEAT_DETERM (ex_expander_tac ctxt 1))
  4.1896 +      THEN TRY (polarise_subgoal_hyps 1) (*no need to REPEAT_DETERM here, since there should only be one hypothesis*)
  4.1897 +      THEN TRY (dtac @{thm eq_reflection} 1)
  4.1898 +      THEN (TRY ((CHANGED o rewrite_goal_tac ctxt
  4.1899 +              (@{thm expand_iff} :: @{thms simp_meta})) 1))
  4.1900 +      THEN HEADGOAL (rtac @{thm reflexive}
  4.1901 +                     ORELSE' atac
  4.1902 +                     ORELSE' kill_meta_eqs_tac)
  4.1903 +
  4.1904 +    val tectic =
  4.1905 +      (rtac @{thm polarise} 1 THEN atac 1)
  4.1906 +      ORELSE
  4.1907 +        (REPEAT_DETERM (etac @{thm conjE} 1 THEN etac @{thm drop_first_hypothesis} 1)
  4.1908 +         THEN PRIMITIVE (Conv.fconv_rule Drule.eta_long_conversion)
  4.1909 +         THEN (REPEAT_DETERM (ex_expander_tac ctxt 1))
  4.1910 +         THEN (TRY ((CHANGED o rewrite_goal_tac ctxt @{thms simp_meta}) 1))
  4.1911 +         THEN PRIMITIVE (Conv.fconv_rule Drule.eta_long_conversion)
  4.1912 +         THEN
  4.1913 +           (HEADGOAL atac
  4.1914 +           ORELSE
  4.1915 +            (unfold_tac ctxt depends_on_defs
  4.1916 +             THEN IF_UNSOLVED continue_reducing_tac)))
  4.1917 +  in
  4.1918 +    tectic st
  4.1919 +  end
  4.1920 +*}
  4.1921 +
  4.1922 +
  4.1923 +subsection "Handling split 'preprocessing'"
  4.1924 +
  4.1925 +lemma split_tranfs:
  4.1926 +  "! x. P x & Q x \<equiv> (! x. P x) & (! x. Q x)"
  4.1927 +  "~ (~ A) \<equiv> A"
  4.1928 +  "? x. A \<equiv> A"
  4.1929 +  "(A & B) & C \<equiv> A & B & C"
  4.1930 +  "A = B \<equiv> (A --> B) & (B --> A)"
  4.1931 +by (rule eq_reflection, auto)+
  4.1932 +
  4.1933 +(*Same idiom as ex_expander_tac*)
  4.1934 +ML {*
  4.1935 +fun split_simp_tac (ctxt : Proof.context) i =
  4.1936 +   let
  4.1937 +     val simpset =
  4.1938 +       fold Simplifier.add_simp @{thms split_tranfs} (empty_simpset ctxt)
  4.1939 +   in
  4.1940 +     CHANGED (asm_full_simp_tac simpset i)
  4.1941 +   end
  4.1942 +*}
  4.1943 +
  4.1944 +
  4.1945 +subsection "Alternative reconstruction tactics"
  4.1946 +ML {*
  4.1947 +(*An "auto"-based proof reconstruction, where we attempt to reconstruct each inference
  4.1948 +  using auto_tac. A realistic tactic would inspect the inference name and act
  4.1949 +  accordingly.*)
  4.1950 +fun auto_based_reconstruction_tac ctxt prob_name n =
  4.1951 +  let
  4.1952 +    val thy = Proof_Context.theory_of ctxt
  4.1953 +    val pannot = TPTP_Reconstruct.get_pannot_of_prob thy prob_name
  4.1954 +  in
  4.1955 +    TPTP_Reconstruct.inference_at_node
  4.1956 +     thy
  4.1957 +     prob_name (#meta pannot) n
  4.1958 +      |> the
  4.1959 +      |> (fn {inference_fmla, ...} =>
  4.1960 +          Goal.prove ctxt [] [] inference_fmla
  4.1961 +           (fn pdata => auto_tac (#context pdata)))
  4.1962 +  end
  4.1963 +*}
  4.1964 +
  4.1965 +(*An oracle-based reconstruction, which is only used to test the shunting part of the system*)
  4.1966 +oracle oracle_iinterp = "fn t => t"
  4.1967 +ML {*
  4.1968 +fun oracle_based_reconstruction_tac ctxt prob_name n =
  4.1969 +  let
  4.1970 +    val thy = Proof_Context.theory_of ctxt
  4.1971 +    val pannot = TPTP_Reconstruct.get_pannot_of_prob thy prob_name
  4.1972 +  in
  4.1973 +    TPTP_Reconstruct.inference_at_node
  4.1974 +     thy
  4.1975 +     prob_name (#meta pannot) n
  4.1976 +      |> the
  4.1977 +      |> (fn {inference_fmla, ...} => cterm_of thy inference_fmla)
  4.1978 +      |> oracle_iinterp
  4.1979 +  end
  4.1980 +*}
  4.1981 +
  4.1982 +
  4.1983 +subsection "Leo2 reconstruction tactic"
  4.1984 +
  4.1985 +ML {*
  4.1986 +exception UNSUPPORTED_ROLE
  4.1987 +exception INTERPRET_INFERENCE
  4.1988 +
  4.1989 +(*Failure reports can be adjusted to avoid interrupting
  4.1990 +  an overall reconstruction process*)
  4.1991 +fun fail ctxt x =
  4.1992 +  if unexceptional_reconstruction ctxt then
  4.1993 +    (warning x; raise INTERPRET_INFERENCE)
  4.1994 +  else error x
  4.1995 +
  4.1996 +fun interpret_leo2_inference_tac ctxt prob_name node =
  4.1997 +  let
  4.1998 +    val thy = Proof_Context.theory_of ctxt
  4.1999 +
  4.2000 +    val _ =
  4.2001 +      if Config.get ctxt tptp_trace_reconstruction then
  4.2002 +        tracing ("interpret_inference reconstructing node" ^ node ^ " of " ^ TPTP_Problem_Name.mangle_problem_name prob_name)
  4.2003 +      else ()
  4.2004 +
  4.2005 +    val pannot = TPTP_Reconstruct.get_pannot_of_prob thy prob_name
  4.2006 +
  4.2007 +    fun nonfull_extcnf_combined_tac feats =
  4.2008 +      extcnf_combined_tac ctxt (SOME prob_name)
  4.2009 +       [ConstsDiff,
  4.2010 +        StripQuantifiers,
  4.2011 +        InnerLoopOnce (Break_Hypotheses :: (*FIXME RemoveRedundantQuantifications :: *) feats),
  4.2012 +        AbsorbSkolemDefs]
  4.2013 +       []
  4.2014 +
  4.2015 +    val source_inf_opt =
  4.2016 +      AList.lookup (op =) (#meta pannot)
  4.2017 +      #> the
  4.2018 +      #> #source_inf_opt
  4.2019 +
  4.2020 +    (*FIXME integrate this with other lookup code, or in the early analysis*)
  4.2021 +    local
  4.2022 +      fun node_is_of_role role node =
  4.2023 +        AList.lookup (op =) (#meta pannot) node |> the
  4.2024 +        |> #role
  4.2025 +        |> (fn role' => role = role')
  4.2026 +
  4.2027 +      fun roled_dependencies_names role =
  4.2028 +        let
  4.2029 +          fun values () =
  4.2030 +            case role of
  4.2031 +                TPTP_Syntax.Role_Definition =>
  4.2032 +                  map (apsnd Binding.dest) (#defs pannot)
  4.2033 +              | TPTP_Syntax.Role_Axiom =>
  4.2034 +                  map (apsnd Binding.dest) (#axs pannot)
  4.2035 +              | _ => raise UNSUPPORTED_ROLE
  4.2036 +          in
  4.2037 +            if is_none (source_inf_opt node) then []
  4.2038 +            else
  4.2039 +              case the (source_inf_opt node) of
  4.2040 +                  TPTP_Proof.Inference (_, _, parent_inf) =>
  4.2041 +                    List.map TPTP_Proof.parent_name parent_inf
  4.2042 +                    |> List.filter (node_is_of_role role)
  4.2043 +                    |> (*FIXME currently definitions are not
  4.2044 +                         included in the proof annotations, so
  4.2045 +                         i'm using all the definitions available
  4.2046 +                         in the proof. ideally i should only
  4.2047 +                         use the ones in the proof annotation.*)
  4.2048 +                       (fn x =>
  4.2049 +                         if role = TPTP_Syntax.Role_Definition then
  4.2050 +                           let fun values () = map (apsnd Binding.dest) (#defs pannot)
  4.2051 +                           in
  4.2052 +                             map snd (values ())
  4.2053 +                           end
  4.2054 +                         else
  4.2055 +                         map (fn node => AList.lookup (op =) (values ()) node |> the) x)
  4.2056 +                | _ => []
  4.2057 +         end
  4.2058 +
  4.2059 +      val roled_dependencies =
  4.2060 +        roled_dependencies_names
  4.2061 +        #> map (#3 #> Global_Theory.get_thm thy)
  4.2062 +    in
  4.2063 +      val depends_on_defs = roled_dependencies TPTP_Syntax.Role_Definition
  4.2064 +      val depends_on_axs = roled_dependencies TPTP_Syntax.Role_Axiom
  4.2065 +      val depends_on_defs_names = roled_dependencies_names TPTP_Syntax.Role_Definition
  4.2066 +    end
  4.2067 +
  4.2068 +    fun get_binds source_inf_opt =
  4.2069 +      case the source_inf_opt of
  4.2070 +          TPTP_Proof.Inference (_, _, parent_inf) =>
  4.2071 +            List.map
  4.2072 +              (fn TPTP_Proof.Parent _ => []
  4.2073 +                | TPTP_Proof.ParentWithDetails (_, parent_details) => parent_details)
  4.2074 +              parent_inf
  4.2075 +            |> List.concat
  4.2076 +        | _ => []
  4.2077 +
  4.2078 +    val inference_name =
  4.2079 +      case TPTP_Reconstruct.inference_at_node thy prob_name (#meta pannot) node of
  4.2080 +          NONE => fail ctxt "Cannot reconstruct rule: no information"
  4.2081 +        | SOME {inference_name, ...} => inference_name
  4.2082 +    val default_tac = HEADGOAL (blast_tac ctxt)
  4.2083 +  in
  4.2084 +    case inference_name of
  4.2085 +      "fo_atp_e" =>
  4.2086 +        HEADGOAL (etac (oracle_based_reconstruction_tac ctxt prob_name node))
  4.2087 +    | "copy" =>
  4.2088 +         HEADGOAL
  4.2089 +          (atac
  4.2090 +           ORELSE'
  4.2091 +              (rtac @{thm polarise}
  4.2092 +               THEN' atac))
  4.2093 +    | "polarity_switch" => nonfull_extcnf_combined_tac [Polarity_switch]
  4.2094 +    | "solved_all_splits" => solved_all_splits_tac
  4.2095 +    | "extcnf_not_pos" => nonfull_extcnf_combined_tac [Not_pos]
  4.2096 +    | "extcnf_forall_pos" => nonfull_extcnf_combined_tac [Universal]
  4.2097 +    | "negate_conjecture" => fail ctxt "Should not handle negate_conjecture here"
  4.2098 +    | "unfold_def" => unfold_def_tac ctxt depends_on_defs
  4.2099 +    | "extcnf_not_neg" => nonfull_extcnf_combined_tac [Not_neg]
  4.2100 +    | "extcnf_or_neg" => nonfull_extcnf_combined_tac [Or_neg]
  4.2101 +    | "extcnf_equal_pos" => nonfull_extcnf_combined_tac [Equal_pos]
  4.2102 +    | "extcnf_equal_neg" => nonfull_extcnf_combined_tac [Equal_neg]
  4.2103 +    | "extcnf_forall_special_pos" =>
  4.2104 +         nonfull_extcnf_combined_tac [Forall_special_pos]
  4.2105 +         ORELSE HEADGOAL (blast_tac ctxt)
  4.2106 +    | "extcnf_or_pos" => nonfull_extcnf_combined_tac [Or_pos]
  4.2107 +    | "extuni_bool2" => nonfull_extcnf_combined_tac [Extuni_Bool2]
  4.2108 +    | "extuni_bool1" => nonfull_extcnf_combined_tac [Extuni_Bool1]
  4.2109 +    | "extuni_dec" =>
  4.2110 +        HEADGOAL atac
  4.2111 +        ORELSE nonfull_extcnf_combined_tac [Extuni_Dec]
  4.2112 +    | "extuni_bind" => nonfull_extcnf_combined_tac [Extuni_Bind]
  4.2113 +    | "extuni_triv" => nonfull_extcnf_combined_tac [Extuni_Triv]
  4.2114 +    | "extuni_flex_rigid" => nonfull_extcnf_combined_tac [Extuni_FlexRigid]
  4.2115 +    | "prim_subst" => nonfull_extcnf_combined_tac [Assumption]
  4.2116 +    | "bind" =>
  4.2117 +        let
  4.2118 +          val ordered_binds = get_binds (source_inf_opt node)
  4.2119 +        in
  4.2120 +          bind_tac ctxt prob_name ordered_binds
  4.2121 +        end
  4.2122 +    | "standard_cnf" => HEADGOAL (standard_cnf_tac ctxt)
  4.2123 +    | "extcnf_forall_neg" =>
  4.2124 +        nonfull_extcnf_combined_tac
  4.2125 +         [Existential_Var(* , RemoveRedundantQuantifications *)] (*FIXME RemoveRedundantQuantifications*)
  4.2126 +    | "extuni_func" =>
  4.2127 +        nonfull_extcnf_combined_tac [Extuni_Func, Existential_Var]
  4.2128 +    | "replace_leibnizEQ" => nonfull_extcnf_combined_tac [Assumption]
  4.2129 +    | "replace_andrewsEQ" => nonfull_extcnf_combined_tac [Assumption]
  4.2130 +    | "split_preprocessing" =>
  4.2131 +         (REPEAT (HEADGOAL (split_simp_tac ctxt)))
  4.2132 +         THEN TRY (PRIMITIVE (Conv.fconv_rule Drule.eta_long_conversion))
  4.2133 +         THEN HEADGOAL atac
  4.2134 +
  4.2135 +    (*FIXME some of these could eventually be handled specially*)
  4.2136 +    | "fac_restr" => default_tac
  4.2137 +    | "sim" => default_tac
  4.2138 +    | "res" => default_tac
  4.2139 +    | "rename" => default_tac
  4.2140 +    | "flexflex" => default_tac
  4.2141 +    | other => fail ctxt ("Unknown inference rule: " ^ other)
  4.2142 +  end
  4.2143 +*}
  4.2144 +
  4.2145 +ML {*
  4.2146 +fun interpret_leo2_inference ctxt prob_name node =
  4.2147 +  let
  4.2148 +    val thy = Proof_Context.theory_of ctxt
  4.2149 +    val pannot = TPTP_Reconstruct.get_pannot_of_prob thy prob_name
  4.2150 +
  4.2151 +    val (inference_name, inference_fmla) =
  4.2152 +      case TPTP_Reconstruct.inference_at_node thy prob_name (#meta pannot) node of
  4.2153 +          NONE => fail ctxt "Cannot reconstruct rule: no information"
  4.2154 +        | SOME {inference_name, inference_fmla, ...} =>
  4.2155 +            (inference_name, inference_fmla)
  4.2156 +
  4.2157 +    val proof_outcome =
  4.2158 +      let
  4.2159 +        fun prove () =
  4.2160 +          Goal.prove ctxt [] [] inference_fmla
  4.2161 +           (fn pdata => interpret_leo2_inference_tac
  4.2162 +            (#context pdata) prob_name node)
  4.2163 +      in
  4.2164 +        if informative_failure ctxt then SOME (prove ())
  4.2165 +        else try prove ()
  4.2166 +      end
  4.2167 +
  4.2168 +  in case proof_outcome of
  4.2169 +      NONE => fail ctxt (Pretty.string_of
  4.2170 +        (Pretty.block
  4.2171 +          [Pretty.str ("Failed inference reconstruction for '" ^
  4.2172 +            inference_name ^ "' at node " ^ node ^ ":\n"),
  4.2173 +           Syntax.pretty_term ctxt inference_fmla]))
  4.2174 +    | SOME thm => thm
  4.2175 +  end
  4.2176 +*}
  4.2177 +
  4.2178 +ML {*
  4.2179 +(*filter a set of nodes based on which inference rule was used to
  4.2180 +  derive a node*)
  4.2181 +fun nodes_by_inference (fms : TPTP_Reconstruct.formula_meaning list) inference_rule =
  4.2182 +  let
  4.2183 +    fun fold_fun n l =
  4.2184 +      case TPTP_Reconstruct.node_info fms #source_inf_opt n of
  4.2185 +          NONE => l
  4.2186 +        | SOME (TPTP_Proof.File _) => l
  4.2187 +        | SOME (TPTP_Proof.Inference (rule_name, _, _)) =>
  4.2188 +            if rule_name = inference_rule then n :: l
  4.2189 +            else l
  4.2190 +  in
  4.2191 +    fold fold_fun (map fst fms) []
  4.2192 +  end
  4.2193 +*}
  4.2194 +
  4.2195 +ML {*
  4.2196 +fun leo2_on_load (pannot : TPTP_Reconstruct.proof_annotation) thy =
  4.2197 +  let
  4.2198 +    val ctxt = Proof_Context.init_global thy
  4.2199 +    val dud = ("", Binding.empty, @{term False})
  4.2200 +    val pre_skolem_defs =
  4.2201 +      nodes_by_inference (#meta pannot) "extcnf_forall_neg" @
  4.2202 +       nodes_by_inference (#meta pannot) "extuni_func"
  4.2203 +      |> map (fn x =>
  4.2204 +              (interpret_leo2_inference ctxt (#problem_name pannot) x; dud)
  4.2205 +               handle NO_SKOLEM_DEF (s, bnd, t) => (s, bnd, t))
  4.2206 +      |> filter (fn (x, _, _) => x <> "") (*In case no skolem constants were introduced in that inference*)
  4.2207 +    val skolem_defs = map (fn (x, y, _) => (x, y)) pre_skolem_defs
  4.2208 +    val thy' =
  4.2209 +      fold (fn skolem_def => fn thy =>
  4.2210 +             let
  4.2211 +               val ((s, thm), thy') = Thm.add_axiom_global skolem_def thy
  4.2212 +               (* val _ = warning ("Added skolem definition " ^ s ^ ": " ^  @{make_string thm}) *) (*FIXME use of make_string*)
  4.2213 +             in thy' end)
  4.2214 +       (map (fn (_, y, z) => (y, z)) pre_skolem_defs)
  4.2215 +       thy
  4.2216 +  in
  4.2217 +    ({problem_name = #problem_name pannot,
  4.2218 +      skolem_defs = skolem_defs,
  4.2219 +      defs = #defs pannot,
  4.2220 +      axs = #axs pannot,
  4.2221 +      meta = #meta pannot},
  4.2222 +     thy')
  4.2223 +  end
  4.2224 +*}
  4.2225 +
  4.2226 +end
  4.2227 \ No newline at end of file
     5.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     5.2 +++ b/src/HOL/TPTP/TPTP_Proof_Reconstruction_Test.thy	Wed Feb 19 15:57:02 2014 +0000
     5.3 @@ -0,0 +1,822 @@
     5.4 +(*  Title:      HOL/TPTP/TPTP_Proof_Reconstruction.thy
     5.5 +    Author:     Nik Sultana, Cambridge University Computer Laboratory
     5.6 +
     5.7 +Various tests for the proof reconstruction module.
     5.8 +
     5.9 +NOTE
    5.10 +  - Makes use of the PolyML structure.
    5.11 +  - looks for THF proofs in the path indicated by $THF_PROOFS
    5.12 +*)
    5.13 +
    5.14 +theory TPTP_Proof_Reconstruction_Test
    5.15 +imports TPTP_Test TPTP_Proof_Reconstruction
    5.16 +begin
    5.17 +
    5.18 +declare [[
    5.19 +  tptp_trace_reconstruction = false,
    5.20 +  tptp_test_all = false,
    5.21 +  (* tptp_test_all = true, *)
    5.22 +  tptp_test_timeout = 30,
    5.23 +  (* tptp_max_term_size = 200 *)
    5.24 +  tptp_max_term_size = 0
    5.25 +]]
    5.26 +
    5.27 +ML {*
    5.28 +  if test_all @{context} then ()
    5.29 +  else
    5.30 +    (Toplevel.debug := true;
    5.31 +     PolyML.print_depth 200;
    5.32 +     PolyML.Compiler.maxInlineSize := 0)
    5.33 +*}
    5.34 +
    5.35 +
    5.36 +section "Importing proofs"
    5.37 +
    5.38 +ML {*
    5.39 +val probs =
    5.40 +  (* "$THF_PROOFS/SYN991^1.p.out" *) (*lacks conjecture*)
    5.41 +  (* "$THF_PROOFS/SYO040^2.p.out" *)
    5.42 +  (* "$THF_PROOFS/NUM640^1.p.out" *)
    5.43 +  (* "$THF_PROOFS/SEU553^2.p.out" *)
    5.44 +  (* "$THF_PROOFS/NUM665^1.p.out" *)
    5.45 +  (* "$THF_PROOFS/SEV161^5.p.out" *)
    5.46 +  (* "$THF_PROOFS/SET014^4.p.out" *)
    5.47 +  "$THF_PROOFS/NUM667^1.p.out"
    5.48 +  |> Path.explode
    5.49 +  |> single
    5.50 +
    5.51 +val prob_names =
    5.52 +  probs
    5.53 +  |> map (Path.base #> Path.implode #> TPTP_Problem_Name.Nonstandard)
    5.54 +*}
    5.55 +
    5.56 +setup {*
    5.57 +  if test_all @{context} then I
    5.58 +  else
    5.59 +    fold
    5.60 +     (fn path =>
    5.61 +       TPTP_Reconstruct.import_thm true [Path.dir path, Path.explode "$THF_PROOFS"] path leo2_on_load)
    5.62 +     probs
    5.63 +*}
    5.64 +
    5.65 +text "Display nicely."
    5.66 +ML {*
    5.67 +fun display_nicely ctxt (fms : TPTP_Reconstruct.formula_meaning list) =
    5.68 +  List.app (fn ((n, data) : TPTP_Reconstruct.formula_meaning) =>
    5.69 +    Pretty.writeln
    5.70 +      (Pretty.block
    5.71 +        [Pretty.str (n ^ " "),
    5.72 +         Syntax.pretty_term ctxt (#fmla data),
    5.73 +         Pretty.str (
    5.74 +          if is_none (#source_inf_opt data) then ""
    5.75 +          else ("\n\tannotation: " ^
    5.76 +           PolyML.makestring (the (#source_inf_opt data : TPTP_Proof.source_info option))))])
    5.77 +    ) (rev fms);
    5.78 +
    5.79 +(*FIXME hack for testing*)
    5.80 +fun test_fmla thy =
    5.81 +  TPTP_Reconstruct.get_fmlas_of_prob thy (hd prob_names);
    5.82 +
    5.83 +fun test_pannot thy =
    5.84 +  TPTP_Reconstruct.get_pannot_of_prob thy (hd prob_names);
    5.85 +
    5.86 +if test_all @{context} orelse prob_names = [] then ()
    5.87 +else
    5.88 +  display_nicely @{context}
    5.89 +  (#meta (test_pannot @{theory}))
    5.90 +(* To look at the original proof (i.e., before the proof transformations applied
    5.91 +   when the proof is loaded) replace previous line with:
    5.92 +   (test_fmla @{theory}
    5.93 +    |> map TPTP_Reconstruct.structure_fmla_meaning)
    5.94 +*)
    5.95 +*}
    5.96 +
    5.97 +ML {*
    5.98 +fun step_range_tester f_x f_exn ctxt prob_name from until =
    5.99 +  let
   5.100 +    val max =
   5.101 +      case until of
   5.102 +          SOME x => x
   5.103 +        | NONE =>
   5.104 +            if is_some Int.maxInt then the Int.maxInt else 999999
   5.105 +    fun test_step x =
   5.106 +      if x > max then ()
   5.107 +      else
   5.108 +        (f_x x;
   5.109 +         (interpret_leo2_inference ctxt prob_name (Int.toString x); ())
   5.110 +         handle e => f_exn e; (*FIXME naive. should let Interrupt through*)
   5.111 +         (*assumes that inferences are numbered consecutively*)
   5.112 +         test_step (x + 1))
   5.113 +  in
   5.114 +    test_step from
   5.115 +  end
   5.116 +
   5.117 +val step_range_tester_tracing =
   5.118 +  step_range_tester
   5.119 +   (fn x => tracing ("@step " ^ Int.toString x))
   5.120 +   (fn e => tracing ("!!" ^ PolyML.makestring e))
   5.121 +*}
   5.122 +
   5.123 +ML {*
   5.124 +(*try to reconstruct each inference step*)
   5.125 +if test_all @{context} orelse prob_names = []
   5.126 +orelse true (*NOTE currently disabled*)
   5.127 +then ()
   5.128 +else
   5.129 +  let
   5.130 +    (*FIXME not guaranteed to be the right nodes*)
   5.131 +    val heur_start = 3
   5.132 +    val heur_end =
   5.133 +      hd (#meta (test_pannot @{theory}))
   5.134 +      |> #1
   5.135 +      |> Int.fromString
   5.136 +  in
   5.137 +    step_range_tester_tracing @{context} (hd prob_names) heur_start heur_end
   5.138 +  end
   5.139 +*}
   5.140 +
   5.141 +
   5.142 +section "Building metadata and tactics"
   5.143 +
   5.144 +subsection "Building the skeleton"
   5.145 +ML {*
   5.146 +if test_all @{context} orelse prob_names = [] then []
   5.147 +else TPTP_Reconstruct.make_skeleton @{context} (test_pannot @{theory});
   5.148 +
   5.149 +length it
   5.150 +*}
   5.151 +
   5.152 +
   5.153 +subsection "The 'one shot' tactic approach"
   5.154 +ML {*
   5.155 +val the_tactic =
   5.156 +  if test_all @{context} then []
   5.157 +  else
   5.158 +    map (fn prob_name =>
   5.159 +      (TPTP_Reconstruct.naive_reconstruct_tac @{context} interpret_leo2_inference (* auto_based_reconstruction_tac *) (* oracle_based_reconstruction_tac *) prob_name))
   5.160 +     prob_names;
   5.161 +*}
   5.162 +
   5.163 +
   5.164 +subsection "The 'piecemeal' approach"
   5.165 +ML {*
   5.166 +val the_tactics =
   5.167 +  if test_all @{context} then []
   5.168 +  else
   5.169 +    map (fn prob_name =>
   5.170 +      TPTP_Reconstruct.naive_reconstruct_tacs interpret_leo2_inference (* auto_based_reconstruction_tac *) (* oracle_based_reconstruction_tac *) prob_name @{context})
   5.171 +     prob_names;
   5.172 +*}
   5.173 +
   5.174 +ML {*
   5.175 +print_depth 2000;
   5.176 +the_tactics
   5.177 +|> map (filter (fn (_, _, x) => is_none x)
   5.178 +        #> map (fn (x, SOME y, _) => (x, cterm_of @{theory} y)))
   5.179 +*}
   5.180 +
   5.181 +
   5.182 +section "Using metadata and tactics"
   5.183 +text "There are various ways of testing the two ways (whole tactics or lists of tactics) of representing 'reconstructors'."
   5.184 +
   5.185 +
   5.186 +subsection "The 'one shot' tactic approach"
   5.187 +text "First we test whole tactics."
   5.188 +ML {*
   5.189 +(*produce thm*)
   5.190 +if test_all @{context} then []
   5.191 +else
   5.192 +  map (
   5.193 +    (* try *) (TPTP_Reconstruct.reconstruct @{context}
   5.194 +     (fn prob_name =>
   5.195 +       TPTP_Reconstruct.naive_reconstruct_tac @{context} interpret_leo2_inference prob_name
   5.196 +     (* oracle_based_reconstruction_tac *))))
   5.197 +   prob_names
   5.198 +*}
   5.199 +
   5.200 +
   5.201 +subsection "The 'piecemeal' approach"
   5.202 +ML {*
   5.203 +fun attac n = List.nth (List.nth (the_tactics, 0), n) |> #3 |> the |> snd
   5.204 +fun attac_to n 0 = attac n
   5.205 +  | attac_to n m = attac n THEN attac_to (n + 1) (m - 1)
   5.206 +fun shotac n = List.nth (List.nth (the_tactics, 0), n) |> #3 |> the |> fst
   5.207 +*}
   5.208 +
   5.209 +ML {*
   5.210 +(*Given a list of reconstructed inferences (as in "the_tactics" above,
   5.211 +  count the number of failures and successes, and list the failed inference
   5.212 +  reconstructions.*)
   5.213 +fun evaluate_the_tactics [] acc = acc
   5.214 +  | evaluate_the_tactics ((node_no, (inf_name, inf_fmla, NONE)) :: xs) ((fai, suc), inf_list) =
   5.215 +      let
   5.216 +        val score = (fai + 1, suc)
   5.217 +        val index_info = get_index (fn (x, _) => if x = node_no then SOME true else NONE) inf_list
   5.218 +        val inf_list' =
   5.219 +          case index_info of
   5.220 +              NONE => (node_no, (inf_name, inf_fmla, 1)) :: inf_list
   5.221 +            | SOME (idx, _) =>
   5.222 +                nth_map idx (fn (node_no, (inf_name, inf_fmla, count)) => (node_no, (inf_name, inf_fmla, count + 1))) inf_list
   5.223 +      in
   5.224 +        evaluate_the_tactics xs (score, inf_list')
   5.225 +      end
   5.226 +  | evaluate_the_tactics ((_, (_, _, SOME _)) :: xs) ((fai, suc), inf_list) =
   5.227 +      evaluate_the_tactics xs ((fai, suc + 1), inf_list)
   5.228 +*}
   5.229 +
   5.230 +
   5.231 +text "Now we build a tactic by combining lists of tactics"
   5.232 +ML {*
   5.233 +(*given a list of tactics to be applied in sequence (i.e., they
   5.234 +  follow a skeleton), we build a single tactic, interleaving
   5.235 +  some tracing info to help with debugging.*)
   5.236 +fun step_by_step_tacs verbose (thm_tacs : (thm * tactic) list) : tactic =
   5.237 +    let
   5.238 +      fun interleave_tacs [] [] = all_tac
   5.239 +        | interleave_tacs (tac1 :: tacs1) (tac2 :: tacs2) =
   5.240 +            EVERY [tac1, tac2]
   5.241 +            THEN interleave_tacs tacs1 tacs2
   5.242 +      val thms_to_traceprint =
   5.243 +        map (fn thm => fn st =>
   5.244 +              (*FIXME uses makestring*)
   5.245 +              print_tac (PolyML.makestring thm) st)
   5.246 +
   5.247 +    in
   5.248 +      if verbose then
   5.249 +        ListPair.unzip thm_tacs
   5.250 +        |> apfst (fn thms => enumerate 1 thms)
   5.251 +        |> apfst thms_to_traceprint
   5.252 +        |> uncurry interleave_tacs
   5.253 +      else EVERY (map #2 thm_tacs)
   5.254 +    end
   5.255 +*}
   5.256 +
   5.257 +ML {*
   5.258 +(*apply step_by_step_tacs to all problems under test*)
   5.259 +val narrated_tactics =
   5.260 + map (map (#3 #> the)
   5.261 +      #> step_by_step_tacs false)
   5.262 +   the_tactics;
   5.263 +
   5.264 +(*produce thm*)
   5.265 +(*use narrated_tactics to reconstruct all problems under test*)
   5.266 +if test_all @{context} then []
   5.267 +else
   5.268 +  map (fn (prob_name, tac) =>
   5.269 +         TPTP_Reconstruct.reconstruct @{context}
   5.270 +           (fn _ => tac) prob_name)
   5.271 +    (ListPair.zip (prob_names, narrated_tactics))
   5.272 +*}
   5.273 +
   5.274 +
   5.275 +subsection "Manually using 'piecemeal' approach"
   5.276 +text "Another testing possibility involves manually creating a lemma
   5.277 +and running through the list of tactics generating to prove that lemma. The following code shows the goal of each problem under test, and then for each problem returns the list of tactics which can be invoked individually as shown below."
   5.278 +ML {*
   5.279 +fun show_goal ctxt prob_name =
   5.280 +  let
   5.281 +    val thy = Proof_Context.theory_of ctxt
   5.282 +    val pannot = TPTP_Reconstruct.get_pannot_of_prob thy prob_name
   5.283 +  in
   5.284 +    #meta pannot
   5.285 +    |> List.filter (fn (_, info) =>
   5.286 +        #role info = TPTP_Syntax.Role_Conjecture)
   5.287 +    |> hd
   5.288 +    |> snd |> #fmla
   5.289 +    |> cterm_of thy
   5.290 +  end;
   5.291 +
   5.292 +if test_all @{context} then []
   5.293 +else
   5.294 +  map (show_goal @{context}) prob_names;
   5.295 +*}
   5.296 +
   5.297 +ML {*
   5.298 +(*project out the list of tactics from "the_tactics"*)
   5.299 +val just_the_tacs  =
   5.300 + map (map (#3 #> the #> #2))
   5.301 +   the_tactics;
   5.302 +
   5.303 +map length just_the_tacs
   5.304 +*}
   5.305 +
   5.306 +ML {*
   5.307 +(*like just_the_tacs, but extract the thms, to inspect their thys*)
   5.308 +val just_the_thms  =
   5.309 + map (map (#3 #> the #> #1))
   5.310 +   the_tactics;
   5.311 +
   5.312 +map length just_the_thms;
   5.313 +*}
   5.314 +
   5.315 +ML {*
   5.316 +(*given a thm, show us the axioms in its thy*)
   5.317 +val axms_of_thy_of_thm =
   5.318 +  Thm.theory_of_thm
   5.319 +  #> ` Theory.axioms_of
   5.320 +  #> apsnd cterm_of
   5.321 +  #> swap
   5.322 +  #> apsnd (map snd)
   5.323 +  #> uncurry map
   5.324 +*}
   5.325 +
   5.326 +ML {*
   5.327 +(*Show the skeleton-level inference which is done by each element of just_the_tacs. This is useful when debugging using the technique shown next*)
   5.328 +if test_all @{context} orelse prob_names = [] then ()
   5.329 +else
   5.330 +  the_tactics
   5.331 +  |> hd
   5.332 +  |> map #1
   5.333 +  |> TPTP_Reconstruct_Library.enumerate 0
   5.334 +  |> List.app (PolyML.makestring #> writeln)
   5.335 +  *}
   5.336 +
   5.337 +ML {*
   5.338 +fun leo2_tac_wrap prob_name step i = fn st =>
   5.339 +  let
   5.340 +    val ctxt =
   5.341 +      Thm.theory_of_thm st
   5.342 +      |> Proof_Context.init_global
   5.343 +  in
   5.344 +    rtac (interpret_leo2_inference ctxt prob_name step) i st
   5.345 +  end
   5.346 +*}
   5.347 +
   5.348 +(*FIXME move these examples elsewhere*)
   5.349 +(*
   5.350 +lemma "\<forall>(Xj\<Colon>TPTP_Interpret.ind) Xk\<Colon>TPTP_Interpret.ind.
   5.351 +        bnd_cCKB6_BLACK Xj Xk \<longrightarrow>
   5.352 +        bnd_cCKB6_BLACK (bnd_s (bnd_s (bnd_s Xj))) (bnd_s Xk)"
   5.353 +apply (tactic {*nth (nth just_the_tacs 0) 0*})
   5.354 +apply (tactic {*nth (nth just_the_tacs 0) 1*})
   5.355 +apply (tactic {*nth (nth just_the_tacs 0) 2*})
   5.356 +apply (tactic {*nth (nth just_the_tacs 0) 3*})
   5.357 +apply (tactic {*nth (nth just_the_tacs 0) 4*})
   5.358 +apply (tactic {*nth (nth just_the_tacs 0) 5*})
   5.359 +ML_prf "nth (hd the_tactics) 6"
   5.360 +apply (tactic {*nth (nth just_the_tacs 0) 6*})
   5.361 +apply (tactic {*nth (nth just_the_tacs 0) 7*})
   5.362 +apply (tactic {*nth (nth just_the_tacs 0) 8*})
   5.363 +apply (tactic {*nth (nth just_the_tacs 0) 9*})
   5.364 +apply (tactic {*nth (nth just_the_tacs 0) 10*})
   5.365 +apply (tactic {*nth (nth just_the_tacs 0) 11*})
   5.366 +apply (tactic {*nth (nth just_the_tacs 0) 12*})
   5.367 +apply (tactic {*nth (nth just_the_tacs 0) 13*})
   5.368 +apply (tactic {*nth (nth just_the_tacs 0) 14*})
   5.369 +apply (tactic {*nth (nth just_the_tacs 0) 15*})
   5.370 +
   5.371 +apply (tactic {*nth (nth just_the_tacs 0) 16*})
   5.372 +
   5.373 +(*
   5.374 +apply (tactic {*
   5.375 +rtac (interpret_leo2_inference @{context} (hd prob_names) "8") 1
   5.376 +*})
   5.377 +apply (tactic {*
   5.378 +rtac (interpret_leo2_inference @{context} (hd prob_names) "7") 1
   5.379 +*})
   5.380 +apply (tactic {*
   5.381 +rtac (interpret_leo2_inference @{context} (hd prob_names) "6") 1
   5.382 +*})
   5.383 +(*
   5.384 +apply (tactic {*
   5.385 +rtac (interpret_leo2_inference @{context} (hd prob_names) "4") 1
   5.386 +*})
   5.387 +*)
   5.388 +*)
   5.389 +
   5.390 +apply (tactic {*nth (nth just_the_tacs 0) 17*})
   5.391 +apply (tactic {*nth (nth just_the_tacs 0) 18*})
   5.392 +apply (tactic {*nth (nth just_the_tacs 0) 19*})
   5.393 +apply (tactic {*nth (nth just_the_tacs 0) 20*})
   5.394 +apply (tactic {*nth (nth just_the_tacs 0) 21*})
   5.395 +
   5.396 +ML_prf "nth (hd the_tactics) 21"
   5.397 +ML_prf "nth (hd the_tactics) 22"
   5.398 +
   5.399 +apply (tactic {*nth (nth just_the_tacs 0) 22*})
   5.400 +apply (tactic {*nth (nth just_the_tacs 0) 23*})
   5.401 +apply (tactic {*nth (nth just_the_tacs 0) 24*})
   5.402 +apply (tactic {*nth (nth just_the_tacs 0) 25*})
   5.403 +
   5.404 +
   5.405 +ML_prf "nth (hd the_tactics) 19"
   5.406 +
   5.407 +apply (tactic {*
   5.408 +interpret_leo2_inference_wrap (hd prob_names) "8" 1
   5.409 +*})
   5.410 +apply (tactic {*
   5.411 +interpret_leo2_inference_wrap (hd prob_names) "7" 1
   5.412 +*})
   5.413 +apply (tactic {*
   5.414 +interpret_leo2_inference_wrap (hd prob_names) "6" 1
   5.415 +*})
   5.416 +apply (tactic {*
   5.417 +interpret_leo2_inference_wrap (hd prob_names) "4" 1
   5.418 +*})
   5.419 +
   5.420 +ML_prf "nth (hd the_tactics) 20"
   5.421 +ML_prf "nth (hd the_tactics) 21"
   5.422 +ML_prf "nth (hd the_tactics) 22"
   5.423 +*)
   5.424 +
   5.425 +(*
   5.426 +lemma "bnd_powersetE1 \<longrightarrow>
   5.427 +     bnd_sepInPowerset \<longrightarrow>
   5.428 +     (\<forall>A Xphi. bnd_subset (bnd_dsetconstr A Xphi) A)"
   5.429 +apply (tactic {*nth (nth just_the_tacs 0) 0*})
   5.430 +apply (tactic {*nth (nth just_the_tacs 0) 1*})
   5.431 +apply (tactic {*nth (nth just_the_tacs 0) 2*})
   5.432 +apply (tactic {*nth (nth just_the_tacs 0) 3*})
   5.433 +apply (tactic {*nth (nth just_the_tacs 0) 4*})
   5.434 +apply (tactic {*nth (nth just_the_tacs 0) 5*})
   5.435 +ML_prf "nth (hd the_tactics) 6"
   5.436 +apply (tactic {*nth (nth just_the_tacs 0) 6*})
   5.437 +apply (tactic {*nth (nth just_the_tacs 0) 7*})
   5.438 +apply (tactic {*nth (nth just_the_tacs 0) 8*})
   5.439 +apply (tactic {*nth (nth just_the_tacs 0) 9*})
   5.440 +apply (tactic {*nth (nth just_the_tacs 0) 10*})
   5.441 +apply (tactic {*nth (nth just_the_tacs 0) 11*})
   5.442 +apply (tactic {*nth (nth just_the_tacs 0) 12*})
   5.443 +apply (tactic {*nth (nth just_the_tacs 0) 13*})
   5.444 +apply (tactic {*nth (nth just_the_tacs 0) 14*})
   5.445 +apply (tactic {*nth (nth just_the_tacs 0) 15*})
   5.446 +apply (tactic {*nth (nth just_the_tacs 0) 16*})
   5.447 +apply (tactic {*nth (nth just_the_tacs 0) 17*})
   5.448 +apply (tactic {*nth (nth just_the_tacs 0) 18*})
   5.449 +apply (tactic {*nth (nth just_the_tacs 0) 19*})
   5.450 +apply (tactic {*nth (nth just_the_tacs 0) 20*})
   5.451 +apply (tactic {*nth (nth just_the_tacs 0) 21*})
   5.452 +apply (tactic {*nth (nth just_the_tacs 0) 22*})
   5.453 +apply (tactic {*nth (nth just_the_tacs 0) 23*})
   5.454 +apply (tactic {*nth (nth just_the_tacs 0) 24*})
   5.455 +apply (tactic {*nth (nth just_the_tacs 0) 25*})
   5.456 +(* apply (tactic {*nth (nth just_the_tacs 0) 26*}) *)
   5.457 +ML_prf "nth (hd the_tactics) 26"
   5.458 +apply (subgoal_tac "(\<not> (\<forall>A Xphi. bnd_subset (bnd_dsetconstr A Xphi) A)) =
   5.459 +       True \<Longrightarrow>
   5.460 +       (\<not> bnd_subset (bnd_dsetconstr bnd_sK1 bnd_sK2) bnd_sK1) =
   5.461 +       True")
   5.462 +prefer 2
   5.463 +apply (thin_tac "(bnd_powersetE1 \<longrightarrow>
   5.464 +      bnd_sepInPowerset \<longrightarrow>
   5.465 +      (\<forall>A Xphi. bnd_subset (bnd_dsetconstr A Xphi) A)) =
   5.466 +     False")
   5.467 +apply (tactic {*extcnf_combined_simulator_tac (hd prob_names) 1*})
   5.468 +apply (tactic {*extcnf_combined_simulator_tac (hd prob_names) 1*})
   5.469 +apply (tactic {*extcnf_combined_simulator_tac (hd prob_names) 1*})
   5.470 +apply (tactic {*extcnf_combined_simulator_tac (hd prob_names) 1*})
   5.471 +
   5.472 +apply simp
   5.473 +
   5.474 +(* apply (tactic {*nth (nth just_the_tacs 0) 26*}) *)
   5.475 +apply (tactic {*nth (nth just_the_tacs 0) 27*})
   5.476 +apply (tactic {*nth (nth just_the_tacs 0) 28*})
   5.477 +apply (tactic {*nth (nth just_the_tacs 0) 29*})
   5.478 +apply (tactic {*nth (nth just_the_tacs 0) 30*})
   5.479 +apply (tactic {*nth (nth just_the_tacs 0) 31*})
   5.480 +apply (tactic {*nth (nth just_the_tacs 0) 32*})
   5.481 +apply (tactic {*nth (nth just_the_tacs 0) 33*})
   5.482 +apply (tactic {*nth (nth just_the_tacs 0) 34*})
   5.483 +apply (tactic {*nth (nth just_the_tacs 0) 35*})
   5.484 +apply (tactic {*nth (nth just_the_tacs 0) 36*})
   5.485 +apply (tactic {*nth (nth just_the_tacs 0) 37*})
   5.486 +apply (tactic {*nth (nth just_the_tacs 0) 38*})
   5.487 +apply (tactic {*nth (nth just_the_tacs 0) 39*})
   5.488 +apply (tactic {*nth (nth just_the_tacs 0) 40*})
   5.489 +apply (tactic {*nth (nth just_the_tacs 0) 41*})
   5.490 +apply (tactic {*nth (nth just_the_tacs 0) 42*})
   5.491 +apply (tactic {*nth (nth just_the_tacs 0) 43*})
   5.492 +apply (tactic {*nth (nth just_the_tacs 0) 44*})
   5.493 +apply (tactic {*nth (nth just_the_tacs 0) 45*})
   5.494 +apply (tactic {*nth (nth just_the_tacs 0) 46*})
   5.495 +apply (tactic {*nth (nth just_the_tacs 0) 47*})
   5.496 +apply (tactic {*nth (nth just_the_tacs 0) 48*})
   5.497 +apply (tactic {*nth (nth just_the_tacs 0) 49*})
   5.498 +apply (tactic {*nth (nth just_the_tacs 0) 50*})
   5.499 +apply (tactic {*nth (nth just_the_tacs 0) 51*})
   5.500 +done
   5.501 +*)
   5.502 +
   5.503 +(*
   5.504 +We can use just_the_tacs as follows:
   5.505 +
   5.506 +(this is from SEV012^5.p.out)
   5.507 +lemma "((\<forall>(Xx :: bool) (Xy :: bool). True \<longrightarrow> True) \<and>
   5.508 +      (\<forall>(Xx :: bool) (Xy :: bool) (Xz :: bool). True \<and> True \<longrightarrow> True)) \<and>
   5.509 +     (\<lambda>(Xx :: bool) (Xy :: bool). True) = (\<lambda>Xx Xy. True)"
   5.510 +apply (tactic {*nth (nth just_the_tacs 0) 0*})
   5.511 +apply (tactic {*nth (nth just_the_tacs 0) 1*})
   5.512 +apply (tactic {*nth (nth just_the_tacs 0) 2*})
   5.513 +apply (tactic {*nth (nth just_the_tacs 0) 3*})
   5.514 +apply (tactic {*nth (nth just_the_tacs 0) 4*})
   5.515 +apply (tactic {*nth (nth just_the_tacs 0) 5*})
   5.516 +ML_prf "nth (hd the_tactics) 6"
   5.517 +apply (tactic {*nth (nth just_the_tacs 0) 6*})
   5.518 +apply (tactic {*nth (nth just_the_tacs 0) 7*})
   5.519 +apply (tactic {*nth (nth just_the_tacs 0) 8*})
   5.520 +apply (tactic {*nth (nth just_the_tacs 0) 9*})
   5.521 +apply (tactic {*nth (nth just_the_tacs 0) 10*})
   5.522 +apply (tactic {*nth (nth just_the_tacs 0) 11*})
   5.523 +apply (tactic {*nth (nth just_the_tacs 0) 12*})
   5.524 +apply (tactic {*nth (nth just_the_tacs 0) 13*})
   5.525 +apply (tactic {*nth (nth just_the_tacs 0) 14*})
   5.526 +apply (tactic {*nth (nth just_the_tacs 0) 15*})
   5.527 +apply (tactic {*nth (nth just_the_tacs 0) 16*})
   5.528 +apply (tactic {*nth (nth just_the_tacs 0) 17*})
   5.529 +apply (tactic {*nth (nth just_the_tacs 0) 18*})
   5.530 +apply (tactic {*nth (nth just_the_tacs 0) 19*})
   5.531 +apply (tactic {*nth (nth just_the_tacs 0) 20*})
   5.532 +apply (tactic {*nth (nth just_the_tacs 0) 21*})
   5.533 +apply (tactic {*nth (nth just_the_tacs 0) 22*})
   5.534 +done
   5.535 +
   5.536 +(*
   5.537 +We could also use previous definitions directly,
   5.538 +e.g. the following should prove the goal at a go:
   5.539 +- apply (tactic {*narrated_tactics |> hd |> hd*})
   5.540 +- apply (tactic {*
   5.541 +    TPTP_Reconstruct.naive_reconstruct_tac
   5.542 +     interpret_leo2_inference
   5.543 +     (hd prob_names)
   5.544 +     @{context}*})
   5.545 +(Note that the previous two methods don't work in this
   5.546 + "lemma" testing mode, not sure why. The previous methods
   5.547 + (producing the thm values directly) should work though.)
   5.548 +*)
   5.549 +*)
   5.550 +
   5.551 +
   5.552 +section "Testing against benchmark"
   5.553 +
   5.554 +ML {*
   5.555 +(*if reconstruction_info value is NONE then a big error must have occurred*)
   5.556 +type reconstruction_info =
   5.557 +  ((int(*no of failures*) * int(*no of successes*)) *
   5.558 +  (TPTP_Reconstruct.rolling_stock * term option(*inference formula*) * int (*number of times the inference occurs in the skeleton*)) list) option
   5.559 +
   5.560 +datatype proof_contents =
   5.561 +    No_info
   5.562 +  | Empty
   5.563 +  | Nonempty of reconstruction_info
   5.564 +
   5.565 +(*To make output less cluttered in whole-run tests*)
   5.566 +fun erase_inference_fmlas (Nonempty (SOME (outline, inf_info))) =
   5.567 +      Nonempty (SOME (outline, map (fn (inf_name, _, count) => (inf_name, NONE, count)) inf_info))
   5.568 +  | erase_inference_fmlas x = x
   5.569 +*}
   5.570 +
   5.571 +ML {*
   5.572 +(*Report on how many inferences in a proof are reconstructed, and give some
   5.573 +  info about the inferences for which reconstruction failed.*)
   5.574 +fun test_partial_reconstruction thy prob_file =
   5.575 +  let
   5.576 +    val prob_name =
   5.577 +      (Path.base #> Path.implode #> TPTP_Problem_Name.Nonstandard) prob_file
   5.578 +
   5.579 +    val thy' =
   5.580 +      try
   5.581 +       (TPTP_Reconstruct.import_thm
   5.582 +        true
   5.583 +        [Path.dir prob_file, Path.explode "$TPTP"]
   5.584 +        prob_file leo2_on_load)
   5.585 +       thy
   5.586 +
   5.587 +    val ctxt' =
   5.588 +      if is_some thy' then SOME (Proof_Context.init_global (the thy')) else NONE
   5.589 +
   5.590 +    (*to test if proof is empty*)
   5.591 +    val fms =
   5.592 +      if is_some thy'
   5.593 +      then SOME (TPTP_Reconstruct.get_fmlas_of_prob (the thy') prob_name)
   5.594 +      else NONE
   5.595 +
   5.596 +    val the_tactics =
   5.597 +      if is_some thy' then
   5.598 +        SOME (TPTP_Reconstruct.naive_reconstruct_tacs (* metis_based_reconstruction_tac *)
   5.599 +interpret_leo2_inference (* auto_based_reconstruction_tac *) (* oracle_based_reconstruction_tac *) prob_name (the ctxt'))
   5.600 +      else NONE
   5.601 +
   5.602 +(* val _ = tracing ("tt=" ^ PolyML.makestring the_tactics) *)
   5.603 +
   5.604 +    val skeleton =
   5.605 +      if is_some thy' then
   5.606 +        SOME (TPTP_Reconstruct.make_skeleton (the ctxt')
   5.607 +              (TPTP_Reconstruct.get_pannot_of_prob (the thy') prob_name))
   5.608 +      else NONE
   5.609 +
   5.610 +    val skeleton_and_tactics =
   5.611 +      if is_some thy' then
   5.612 +        SOME (ListPair.zip (the skeleton, the the_tactics))
   5.613 +      else NONE
   5.614 +
   5.615 +    val result =
   5.616 +      if is_some thy' then
   5.617 +        SOME (evaluate_the_tactics (the skeleton_and_tactics)
   5.618 +              ((0, 0), []))
   5.619 +      else NONE
   5.620 +
   5.621 +    (*strip node names*)
   5.622 +    val result' =
   5.623 +      if is_some result then SOME (apsnd (map #2) (the result)) else NONE
   5.624 +  in
   5.625 +    if is_some fms andalso List.null (the fms) then Empty
   5.626 +    else Nonempty result'
   5.627 +  end
   5.628 +*}
   5.629 +
   5.630 +ML {*
   5.631 +  (*default timeout is 1 min*)
   5.632 +  fun reconstruct timeout light_output file thy =
   5.633 +    let
   5.634 +      val timer = Timer.startRealTimer ()
   5.635 +    in
   5.636 +      TimeLimit.timeLimit (Time.fromSeconds (if timeout = 0 then 60 else timeout))
   5.637 +       (test_partial_reconstruction thy
   5.638 +        #> light_output ? erase_inference_fmlas
   5.639 +        #> PolyML.makestring (* FIXME *)
   5.640 +        #> (fn s => report (Proof_Context.init_global thy) (PolyML.makestring file ^ " === " ^ s ^
   5.641 +             " t=" ^ (Timer.checkRealTimer timer |> Time.toMilliseconds |> PolyML.makestring))))
   5.642 +       file
   5.643 +    end
   5.644 +*}
   5.645 +
   5.646 +ML {*
   5.647 +  (*this version of "reconstruct" builds theorems, instead of lists of reconstructed inferences*)
   5.648 +  (*default timeout is 1 min*)
   5.649 +  fun reconstruct timeout file thy =
   5.650 +    let
   5.651 +      val timer = Timer.startRealTimer ()
   5.652 +      val thy' =
   5.653 +        TPTP_Reconstruct.import_thm true
   5.654 +         [Path.dir file, Path.explode "$TPTP"]
   5.655 +         file leo2_on_load thy
   5.656 +
   5.657 +      val ctxt = Proof_Context.init_global thy' (*FIXME pass ctxt instead of thy*)
   5.658 +      val prob_name =
   5.659 +        file
   5.660 +        |> Path.base
   5.661 +        |> Path.implode
   5.662 +        |> TPTP_Problem_Name.Nonstandard
   5.663 +    in
   5.664 +      TimeLimit.timeLimit (Time.fromSeconds (if timeout = 0 then 60 else timeout))
   5.665 +       (fn prob_name =>
   5.666 +        (can
   5.667 +          (TPTP_Reconstruct.reconstruct ctxt (fn prob_name =>
   5.668 +            TPTP_Reconstruct.naive_reconstruct_tac ctxt interpret_leo2_inference prob_name (* oracle_based_reconstruction_tac *))) prob_name )
   5.669 +       |> (fn s => report ctxt (Path.print file ^ " === " ^ Bool.toString s ^
   5.670 +             " t=" ^ (Timer.checkRealTimer timer |> Time.toMilliseconds |> PolyML.makestring))))
   5.671 +       prob_name
   5.672 +    end
   5.673 +*}
   5.674 +
   5.675 +ML {*
   5.676 +  fun reconstruction_test timeout ctxt =
   5.677 +    test_fn ctxt
   5.678 +     (fn file => reconstruct timeout file (Proof_Context.theory_of ctxt))
   5.679 +     "reconstructor"
   5.680 +     ()
   5.681 +*}
   5.682 +
   5.683 +ML {*
   5.684 +datatype examination_results =
   5.685 +    Whole_proof of string(*filename*) * proof_contents
   5.686 +  | Specific_rule of string(*filename*) * string(*inference rule*) * term option list
   5.687 +
   5.688 +(*Look out for failures reconstructing a particular inference rule*)
   5.689 +fun filter_failures inference_name (Whole_proof (filename, results)) =
   5.690 +  let
   5.691 +    val filtered_results =
   5.692 +      case results of
   5.693 +          Nonempty (SOME results') =>
   5.694 +            #2 results'
   5.695 +            |> map (fn (stock as TPTP_Reconstruct.Annotated_step (_, inf_name), inf_fmla, _) =>
   5.696 +                 if inf_name = inference_name then [inf_fmla] else [])
   5.697 +            |> List.concat
   5.698 +        | _ => []
   5.699 +  in Specific_rule (filename, inference_name, filtered_results) end
   5.700 +
   5.701 +(*Returns detailed info about a proof-reconstruction attempt.
   5.702 +  If rule_name is specified then the related failed inferences
   5.703 +  are returned, otherwise all failed inferences are returned.*)
   5.704 +fun examine_failed_inferences ctxt filename rule_name =
   5.705 +  let
   5.706 +    val thy = Proof_Context.theory_of ctxt
   5.707 +    val prob_file = Path.explode filename
   5.708 +    val results =
   5.709 +      if test_all ctxt then No_info
   5.710 +      else test_partial_reconstruction thy prob_file
   5.711 +  in
   5.712 +    Whole_proof (filename, results)
   5.713 +    |> is_some rule_name ? (fn x =>
   5.714 +                             filter_failures (the rule_name) x)
   5.715 +  end
   5.716 +*}
   5.717 +
   5.718 +ML {*
   5.719 +exception NONSENSE
   5.720 +
   5.721 +fun annotation_or_id (TPTP_Reconstruct.Step n) = n
   5.722 +  | annotation_or_id (TPTP_Reconstruct.Annotated_step (n, anno)) = anno
   5.723 +  | annotation_or_id TPTP_Reconstruct.Assumed = "assumption"
   5.724 +  | annotation_or_id TPTP_Reconstruct.Unconjoin = "conjI"
   5.725 +  | annotation_or_id TPTP_Reconstruct.Caboose = "(end)"
   5.726 +  | annotation_or_id (TPTP_Reconstruct.Synth_step s) = s
   5.727 +  | annotation_or_id (TPTP_Reconstruct.Split (split_node, soln_node, _)) = "split_at " ^ split_node ^ " " ^ soln_node;
   5.728 +
   5.729 +fun count_failures (Whole_proof (_, No_info)) = raise NONSENSE
   5.730 +  | count_failures (Whole_proof (_, Empty)) = raise NONSENSE
   5.731 +  | count_failures (Whole_proof (_, Nonempty NONE)) = raise NONSENSE
   5.732 +  | count_failures (Whole_proof (_, Nonempty (SOME (((n, _), _))))) = n
   5.733 +  | count_failures (Specific_rule (_, _, t)) = length t
   5.734 +
   5.735 +fun pre_classify_failures [] alist = alist
   5.736 +  | pre_classify_failures ((stock, _, _) :: xs) alist =
   5.737 +      let
   5.738 +        val inf = annotation_or_id stock
   5.739 +        val count = AList.lookup (op =) alist inf
   5.740 +      in
   5.741 +        if is_none count
   5.742 +        then pre_classify_failures xs ((inf, 1) :: alist)
   5.743 +        else
   5.744 +          pre_classify_failures xs
   5.745 +           (AList.update (op =) (inf, the count + 1) alist)
   5.746 +      end
   5.747 +
   5.748 +fun classify_failures (Whole_proof (_, Nonempty (SOME (((_, _), inferences))))) = pre_classify_failures inferences []
   5.749 +  | classify_failures (Specific_rule (_, rule, t)) = [(rule, length t)]
   5.750 +  | classify_failures _ = raise NONSENSE
   5.751 +*}
   5.752 +
   5.753 +ML {*
   5.754 +val regressions = map (fn s => "$THF_PROOFS/" ^ s)
   5.755 +  ["SEV405^5.p.out",
   5.756 +   (*"SYO377^5.p.out", Always seems to raise Interrupt on my laptop -- probably because node 475 has lots of premises*)
   5.757 +   "PUZ031^5.p.out",
   5.758 +   "ALG001^5.p.out",
   5.759 +   "SYO238^5.p.out",
   5.760 +   (*"SEV158^5.p.out", This is big*)
   5.761 +   "SYO285^5.p.out",
   5.762 +   "../SYO285^5.p.out_reduced",
   5.763 +   (* "SYO225^5.p.out", This is big*)
   5.764 +   "SYO291^5.p.out",
   5.765 +   "SET669^3.p.out",
   5.766 +   "SEV233^5.p.out",
   5.767 +   (*"SEU511^1.p.out", This is big*)
   5.768 +   "SEV161^5.p.out",
   5.769 +   "SEV012^5.p.out",
   5.770 +   "SYO035^1.p.out",
   5.771 +   "SYO291^5.p.out",
   5.772 +   "SET741^4.p.out", (*involves both definitions and contorted splitting. has nice graph.*)
   5.773 +   "SEU548^2.p.out",
   5.774 +   "SEU513^2.p.out",
   5.775 +   "SYO006^1.p.out",
   5.776 +   "SYO371^5.p.out" (*has contorted splitting, like SYO006^1.p.out, but doesn't involve definitions*)
   5.777 +  ]
   5.778 +*}
   5.779 +
   5.780 +ML {*
   5.781 +val experiment = examine_failed_inferences @{context}
   5.782 +  (List.last regressions) NONE;
   5.783 +
   5.784 +(*
   5.785 +val experiment_focus =
   5.786 +  filter_failures "extcnf_combined" experiment;
   5.787 +*)
   5.788 +
   5.789 +(*
   5.790 +count_failures experiment_focus
   5.791 +classify_failures experiment
   5.792 +*)
   5.793 +*}
   5.794 +
   5.795 +text "Run reconstruction on all problems in a benchmark (provided via a script)
   5.796 +and report on partial success."
   5.797 +
   5.798 +declare [[
   5.799 +  tptp_test_all = true,
   5.800 +  tptp_test_timeout = 10
   5.801 +]]
   5.802 +
   5.803 +ML {*
   5.804 +  (*problem source*)
   5.805 +  val tptp_probs_dir =
   5.806 +    Path.explode "$THF_PROOFS"
   5.807 +    |> Path.expand;
   5.808 +*}
   5.809 +
   5.810 +ML {*
   5.811 +  if test_all @{context} then
   5.812 +    (report @{context} "Reconstructing proofs";
   5.813 +    S timed_test (reconstruction_test (get_timeout @{context})) @{context} (TPTP_Syntax.get_file_list tptp_probs_dir))
   5.814 +  else ()
   5.815 +*}
   5.816 +
   5.817 +(*
   5.818 +Debugging strategy:
   5.819 +  1) get list of all proofs
   5.820 +  2) order by size
   5.821 +  3) try to construct each in turn, given some timeout
   5.822 +
   5.823 +Use this to find the smallest failure, then debug that.
   5.824 +*)
   5.825 +end
   5.826 \ No newline at end of file
     6.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     6.2 +++ b/src/HOL/TPTP/TPTP_Proof_Reconstruction_Test_Units.thy	Wed Feb 19 15:57:02 2014 +0000
     6.3 @@ -0,0 +1,2314 @@
     6.4 +(*  Title:      HOL/TPTP/TPTP_Proof_Reconstruction.thy
     6.5 +    Author:     Nik Sultana, Cambridge University Computer Laboratory
     6.6 +
     6.7 +Unit tests for proof reconstruction module.
     6.8 +
     6.9 +NOTE
    6.10 +  - Makes use of the PolyML structure.
    6.11 +*)
    6.12 +
    6.13 +theory TPTP_Proof_Reconstruction_Test
    6.14 +imports TPTP_Test TPTP_Proof_Reconstruction
    6.15 +begin
    6.16 +
    6.17 +ML {*
    6.18 +print_depth 200;
    6.19 +Toplevel.debug := true;
    6.20 +PolyML.Compiler.maxInlineSize := 0;
    6.21 +(* FIXME doesn't work with Isabelle?
    6.22 +   PolyML.Compiler.debug := true *)
    6.23 +*}
    6.24 +
    6.25 +declare [[
    6.26 +  tptp_trace_reconstruction = true
    6.27 +]]
    6.28 +
    6.29 +lemma "! (X1 :: bool) (X2 :: bool) (X3 :: bool) (X4 :: bool) (X5 :: bool). P \<Longrightarrow> ! (X1 :: bool) (X3 :: bool) (X5 :: bool). P"
    6.30 +apply (tactic {*canonicalise_qtfr_order @{context} 1*})
    6.31 +oops
    6.32 +
    6.33 +lemma "! (X1 :: bool) (X2 :: bool) (X3 :: bool) (X4 :: bool) (X5 :: bool). P \<Longrightarrow> ! (X1 :: bool) (X3 :: bool) (X5 :: bool). P"
    6.34 +apply (tactic {*canonicalise_qtfr_order @{context} 1*})
    6.35 +apply (rule allI)+
    6.36 +apply (tactic {*nominal_inst_parametermatch_tac @{context} @{thm allE} 1*})+
    6.37 +oops
    6.38 +
    6.39 +(*Could test bind_tac further with NUM667^1 inode43*)
    6.40 +
    6.41 +(*
    6.42 +  (* SEU581^2.p_nux *)
    6.43 +     (* (Annotated_step ("inode1", "bind"), *)
    6.44 +lemma "\<forall>(SV5\<Colon>TPTP_Interpret.ind \<Rightarrow> bool)
    6.45 +            SV6\<Colon>TPTP_Interpret.ind.
    6.46 +            (bnd_in (bnd_dsetconstr bnd_sK1_A bnd_sK2_SY15)
    6.47 +              (bnd_powerset bnd_sK1_A) =
    6.48 +             bnd_in (bnd_dsetconstr SV6 SV5)
    6.49 +              (bnd_powerset SV6)) =
    6.50 +            False \<Longrightarrow>
    6.51 +         (bnd_in (bnd_dsetconstr bnd_sK1_A bnd_sK2_SY15)
    6.52 +           (bnd_powerset bnd_sK1_A) =
    6.53 +          bnd_in (bnd_dsetconstr bnd_sK1_A bnd_sK2_SY15)
    6.54 +           (bnd_powerset bnd_sK1_A)) =
    6.55 +         False"
    6.56 +ML_prf {*
    6.57 +open TPTP_Syntax;
    6.58 +open TPTP_Proof;
    6.59 +
    6.60 +
    6.61 +val binds =
    6.62 +[Bind ("SV6", Atom (THF_Atom_term (Term_Func (Uninterpreted "sK1_A", [])))), Bind ("SV5", Quant (Lambda, [("SX0", SOME (Fmla_type (Atom (THF_Atom_term (Term_Func (TypeSymbol Type_Ind, []))))))], Fmla (Interpreted_ExtraLogic Apply, [Atom (THF_Atom_term (Term_Func (Uninterpreted "sK2_SY15", []))), Atom (THF_Atom_term (Term_Var "SX0"))])))]
    6.63 +(* |> TPTP_Reconstruct.permute *)
    6.64 +
    6.65 +(*
    6.66 +val binds =
    6.67 +[Bind ("SV5", Quant (Lambda, [("SX0", SOME (Fmla_type (Atom (THF_Atom_term (Term_Func (TypeSymbol Type_Ind, []))))))], Fmla (Interpreted_ExtraLogic Apply, [Atom (THF_Atom_term (Term_Func (Uninterpreted "sK2_SY15", []))), Atom (THF_Atom_term (Term_Var "SX0"))]))),
    6.68 +Bind ("SV6", Atom (THF_Atom_term (Term_Func (Uninterpreted "sK1_A", []))))
    6.69 +]
    6.70 +*)
    6.71 +
    6.72 +val tec =
    6.73 +(*
    6.74 +  map (bind_tac @{context} (hd prob_names)) binds
    6.75 +  |> FIRST
    6.76 +*)
    6.77 +  bind_tac @{context} (hd prob_names) binds
    6.78 +*}
    6.79 +apply (tactic {*tec*})
    6.80 +done
    6.81 +
    6.82 +     (* (Annotated_step ("inode2", "bind"), *)
    6.83 +lemma "\<forall>(SV7\<Colon>TPTP_Interpret.ind) SV8\<Colon>TPTP_Interpret.ind.
    6.84 +            (bnd_subset SV8 SV7 =
    6.85 +             bnd_subset (bnd_dsetconstr bnd_sK1_A bnd_sK2_SY15)
    6.86 +              bnd_sK1_A) =
    6.87 +            False \<or>
    6.88 +            bnd_in SV8 (bnd_powerset SV7) = False \<Longrightarrow>
    6.89 +         (bnd_subset (bnd_dsetconstr bnd_sK1_A bnd_sK2_SY15)
    6.90 +           bnd_sK1_A =
    6.91 +          bnd_subset (bnd_dsetconstr bnd_sK1_A bnd_sK2_SY15)
    6.92 +           bnd_sK1_A) =
    6.93 +         False \<or>
    6.94 +         bnd_in (bnd_dsetconstr bnd_sK1_A bnd_sK2_SY15)
    6.95 +          (bnd_powerset bnd_sK1_A) =
    6.96 +         False"
    6.97 +ML_prf {*
    6.98 +open TPTP_Syntax;
    6.99 +open TPTP_Proof;
   6.100 +
   6.101 +
   6.102 +val binds =
   6.103 +[Bind ("SV8", Fmla (Interpreted_ExtraLogic Apply, [Fmla (Interpreted_ExtraLogic Apply, [Atom (THF_Atom_term (Term_Func (Uninterpreted "dsetconstr", []))), Atom (THF_Atom_term (Term_Func (Uninterpreted "sK1_A", [])))]), Quant (Lambda, [("SX0", SOME (Fmla_type (Atom (THF_Atom_term (Term_Func (TypeSymbol Type_Ind, []))))))], Fmla (Interpreted_ExtraLogic Apply, [Atom (THF_Atom_term (Term_Func (Uninterpreted "sK2_SY15", []))), Atom (THF_Atom_term (Term_Var "SX0"))]))])), Bind ("SV7", Atom (THF_Atom_term (Term_Func (Uninterpreted "sK1_A", []))))]
   6.104 +(* |> TPTP_Reconstruct.permute *)
   6.105 +
   6.106 +val tec =
   6.107 +(*
   6.108 +  map (bind_tac @{context} (hd prob_names)) binds
   6.109 +  |> FIRST
   6.110 +*)
   6.111 +  bind_tac @{context} (hd prob_names) binds
   6.112 +*}
   6.113 +apply (tactic {*tec*})
   6.114 +done
   6.115 +*)
   6.116 +
   6.117 +(*
   6.118 +from SEU897^5
   6.119 +lemma "
   6.120 +\<forall>SV9 SV10 SV11 SV12 SV13 SV14.
   6.121 +   (((((bnd_sK5_SY14 SV14 SV13 SV12 = SV11) = False \<or>
   6.122 +       (bnd_sK4_SX0 = SV10 (bnd_sK5_SY14 SV9 SV10 SV11)) =
   6.123 +       False) \<or>
   6.124 +      bnd_cR SV14 = False) \<or>
   6.125 +     (SV12 = SV13 SV14) = False) \<or>
   6.126 +    bnd_cR SV9 = False) \<or>
   6.127 +   (SV11 = SV10 SV9) = False \<Longrightarrow>
   6.128 +\<forall>SV14 SV13 SV12 SV10 SV9.
   6.129 +   (((((bnd_sK5_SY14 SV14 SV13 SV12 =
   6.130 +        bnd_sK5_SY14 SV14 SV13 SV12) =
   6.131 +       False \<or>
   6.132 +       (bnd_sK4_SX0 =
   6.133 +        SV10
   6.134 +         (bnd_sK5_SY14 SV9 SV10
   6.135 +           (bnd_sK5_SY14 SV14 SV13 SV12))) =
   6.136 +       False) \<or>
   6.137 +      bnd_cR SV14 = False) \<or>
   6.138 +     (SV12 = SV13 SV14) = False) \<or>
   6.139 +    bnd_cR SV9 = False) \<or>
   6.140 +   (bnd_sK5_SY14 SV14 SV13 SV12 = SV10 SV9) = False"
   6.141 +ML_prf {*
   6.142 +open TPTP_Syntax;
   6.143 +open TPTP_Proof;
   6.144 +
   6.145 +val binds =
   6.146 +[Bind ("SV11", Fmla (Interpreted_ExtraLogic Apply, [Fmla (Interpreted_ExtraLogic Apply, [Fmla (Interpreted_ExtraLogic Apply, [Atom (THF_Atom_term (Term_Func (Uninterpreted "sK5_SY14", []))), Atom (THF_Atom_term (Term_Var "SV14"))]), Atom (THF_Atom_term (Term_Var "SV13"))]), Atom (THF_Atom_term (Term_Var "SV12"))]))]
   6.147 +
   6.148 +val tec = bind_tac @{context} (hd prob_names) binds
   6.149 +*}
   6.150 +apply (tactic {*tec*})
   6.151 +done
   6.152 +*)
   6.153 +
   6.154 +
   6.155 +subsection "Interpreting the inferences"
   6.156 +
   6.157 +(*from SET598^5
   6.158 +lemma "(bnd_sK1_X = (\<lambda>SY17. bnd_sK2_Y SY17 \<and> bnd_sK3_Z SY17) \<longrightarrow>
   6.159 +   ((\<forall>SY25. bnd_sK1_X SY25 \<longrightarrow> bnd_sK2_Y SY25) \<and>
   6.160 +    (\<forall>SY26. bnd_sK1_X SY26 \<longrightarrow> bnd_sK3_Z SY26)) \<and>
   6.161 +   (\<forall>SY27.
   6.162 +       (\<forall>SY21. SY27 SY21 \<longrightarrow> bnd_sK2_Y SY21) \<and>
   6.163 +       (\<forall>SY15. SY27 SY15 \<longrightarrow> bnd_sK3_Z SY15) \<longrightarrow>
   6.164 +       (\<forall>SY30. SY27 SY30 \<longrightarrow> bnd_sK1_X SY30))) =
   6.165 +  False \<Longrightarrow>
   6.166 +  (\<not> (bnd_sK1_X = (\<lambda>SY17. bnd_sK2_Y SY17 \<and> bnd_sK3_Z SY17) \<longrightarrow>
   6.167 +      ((\<forall>SY25. bnd_sK1_X SY25 \<longrightarrow> bnd_sK2_Y SY25) \<and>
   6.168 +       (\<forall>SY26. bnd_sK1_X SY26 \<longrightarrow> bnd_sK3_Z SY26)) \<and>
   6.169 +      (\<forall>SY27.
   6.170 +          (\<forall>SY21. SY27 SY21 \<longrightarrow> bnd_sK2_Y SY21) \<and>
   6.171 +          (\<forall>SY15. SY27 SY15 \<longrightarrow> bnd_sK3_Z SY15) \<longrightarrow>
   6.172 +          (\<forall>SY30. SY27 SY30 \<longrightarrow> bnd_sK1_X SY30)))) =
   6.173 +  True"
   6.174 +apply (tactic {*polarity_switch_tac @{context}*})
   6.175 +done
   6.176 +lemma "
   6.177 +  (((\<forall>SY25. bnd_sK1_X SY25 \<longrightarrow> bnd_sK2_Y SY25) \<and>
   6.178 +    (\<forall>SY26. bnd_sK1_X SY26 \<longrightarrow> bnd_sK3_Z SY26)) \<and>
   6.179 +   (\<forall>SY27.
   6.180 +       (\<forall>SY21. SY27 SY21 \<longrightarrow> bnd_sK2_Y SY21) \<and>
   6.181 +       (\<forall>SY15. SY27 SY15 \<longrightarrow> bnd_sK3_Z SY15) \<longrightarrow>
   6.182 +       (\<forall>SY30. SY27 SY30 \<longrightarrow> bnd_sK1_X SY30)) \<longrightarrow>
   6.183 +   bnd_sK1_X = (\<lambda>SY17. bnd_sK2_Y SY17 \<and> bnd_sK3_Z SY17)) =
   6.184 +  False \<Longrightarrow>
   6.185 +  (\<not> (((\<forall>SY25. bnd_sK1_X SY25 \<longrightarrow> bnd_sK2_Y SY25) \<and>
   6.186 +       (\<forall>SY26. bnd_sK1_X SY26 \<longrightarrow> bnd_sK3_Z SY26)) \<and>
   6.187 +      (\<forall>SY27.
   6.188 +          (\<forall>SY21. SY27 SY21 \<longrightarrow> bnd_sK2_Y SY21) \<and>
   6.189 +          (\<forall>SY15. SY27 SY15 \<longrightarrow> bnd_sK3_Z SY15) \<longrightarrow>
   6.190 +          (\<forall>SY30. SY27 SY30 \<longrightarrow> bnd_sK1_X SY30)) \<longrightarrow>
   6.191 +      bnd_sK1_X = (\<lambda>SY17. bnd_sK2_Y SY17 \<and> bnd_sK3_Z SY17))) =
   6.192 +  True"
   6.193 +apply (tactic {*polarity_switch_tac @{context}*})
   6.194 +done
   6.195 +*)
   6.196 +
   6.197 +(* beware lack of type annotations
   6.198 +(* lemma "!!x. (A x = B x) = False ==> (B x = A x) = False" *)
   6.199 +(* lemma "!!x. (A x = B x) = True ==> (B x = A x) = True" *)
   6.200 +(* lemma "((A x) = (B x)) = True ==> ((B x) = (A x)) = True" *)
   6.201 +lemma "(A = B) = True ==> (B = A) = True"
   6.202 +*)
   6.203 +lemma "!!x. ((A x :: bool) = B x) = False ==> (B x = A x) = False"
   6.204 +apply (tactic {*expander_animal @{context} 1*})
   6.205 +oops
   6.206 +
   6.207 +lemma "(A & B) ==> ~(~A | ~B)"
   6.208 +by (tactic {*expander_animal @{context} 1*})
   6.209 +
   6.210 +lemma "(A | B) ==> ~(~A & ~B)"
   6.211 +by (tactic {*expander_animal @{context} 1*})
   6.212 +
   6.213 +lemma "(A | B) | C ==> A | (B | C)"
   6.214 +by (tactic {*expander_animal @{context} 1*})
   6.215 +
   6.216 +lemma "(~~A) = B ==> A = B"
   6.217 +by (tactic {*expander_animal @{context} 1*})
   6.218 +
   6.219 +lemma "~ ~ (A = True) ==> A = True"
   6.220 +by (tactic {*expander_animal @{context} 1*})
   6.221 +
   6.222 +(*This might not be a goal which might realistically arise:
   6.223 +lemma "((~~A) = B) & (B = (~~A)) ==> ~(~(A = B) | ~(B = A))" *)
   6.224 +lemma "((~~A) = True) ==> ~(~(A = True) | ~(True = A))"
   6.225 +apply (tactic {*expander_animal @{context} 1*})+
   6.226 +apply (rule conjI)
   6.227 +apply assumption
   6.228 +apply (rule sym, assumption)
   6.229 +done
   6.230 +
   6.231 +lemma "A = B ==> ((~~A) = B) & (B = (~~A)) ==> ~(~(A = B) | ~(B = A))"
   6.232 +by (tactic {*expander_animal @{context} 1*})+
   6.233 +
   6.234 +(*some lemmas assume constants in the signature of PUZ114^5*)
   6.235 +consts
   6.236 +  PUZ114_5_bnd_sK1 :: "TPTP_Interpret.ind"
   6.237 +  PUZ114_5_bnd_sK2 :: "TPTP_Interpret.ind"
   6.238 +  PUZ114_5_bnd_sK3 :: "TPTP_Interpret.ind \<Rightarrow> TPTP_Interpret.ind \<Rightarrow> bool"
   6.239 +  PUZ114_5_bnd_sK4 :: "(TPTP_Interpret.ind \<Rightarrow> TPTP_Interpret.ind \<Rightarrow> bool) \<Rightarrow> TPTP_Interpret.ind"
   6.240 +  PUZ114_5_bnd_sK5 :: "(TPTP_Interpret.ind \<Rightarrow> TPTP_Interpret.ind \<Rightarrow> bool) \<Rightarrow> TPTP_Interpret.ind"
   6.241 +  PUZ114_5_bnd_s :: "TPTP_Interpret.ind \<Rightarrow> TPTP_Interpret.ind"
   6.242 +  PUZ114_5_bnd_c1 :: TPTP_Interpret.ind
   6.243 +
   6.244 +(*testing logical expansion*)
   6.245 +lemma "!! SY30. (SY30 PUZ114_5_bnd_c1 PUZ114_5_bnd_c1 \<and>
   6.246 +       (\<forall>Xj Xk.
   6.247 +           SY30 Xj Xk \<longrightarrow>
   6.248 +           SY30 (PUZ114_5_bnd_s (PUZ114_5_bnd_s Xj)) Xk \<and>
   6.249 +           SY30 (PUZ114_5_bnd_s Xj) (PUZ114_5_bnd_s Xk)) \<longrightarrow>
   6.250 +       SY30 PUZ114_5_bnd_sK1 PUZ114_5_bnd_sK2)
   6.251 +==> (
   6.252 +       (~ SY30 PUZ114_5_bnd_c1 PUZ114_5_bnd_c1)
   6.253 +     | (~ (\<forall>Xj Xk.
   6.254 +           SY30 Xj Xk \<longrightarrow>
   6.255 +           SY30 (PUZ114_5_bnd_s (PUZ114_5_bnd_s Xj)) Xk \<and>
   6.256 +           SY30 (PUZ114_5_bnd_s Xj) (PUZ114_5_bnd_s Xk)))
   6.257 +     | SY30 PUZ114_5_bnd_sK1 PUZ114_5_bnd_sK2
   6.258 +)"
   6.259 +by (tactic {*expander_animal @{context} 1*})+
   6.260 +
   6.261 +(*
   6.262 +extcnf_forall_pos:
   6.263 +
   6.264 +     (! X. L1) | ... | Ln
   6.265 + ----------------------------   X' fresh
   6.266 +  ! X'. (L1[X'/X] | ... | Ln)
   6.267 +
   6.268 +After elimination rule has been applied we'll have a subgoal which looks like this:
   6.269 +            (! X. L1)
   6.270 + ----------------------------   X' fresh
   6.271 +  ! X'. (L1[X'/X] | ... | Ln)
   6.272 +and we need to transform it so that, in Isabelle, we go from
   6.273 + (! X. L1) ==> ! X'. (L1[X'/X] | ... | Ln)
   6.274 +to
   6.275 + \<And> X'. L1[X'/X] ==> (L1[X'/X] | ... | Ln)
   6.276 +(where X' is fresh, or renamings are done suitably).*)
   6.277 +
   6.278 +lemma "A | B \<Longrightarrow> A | B | C"
   6.279 +apply (tactic {*flip_conclusion_tac @{context} 1*})+
   6.280 +apply (tactic {*break_hypotheses 1*})+
   6.281 +oops
   6.282 +
   6.283 +consts
   6.284 +  CSR122_1_bnd_lBill_THFTYPE_i :: TPTP_Interpret.ind
   6.285 +  CSR122_1_bnd_lMary_THFTYPE_i :: TPTP_Interpret.ind
   6.286 +  CSR122_1_bnd_lSue_THFTYPE_i :: TPTP_Interpret.ind
   6.287 +  CSR122_1_bnd_n2009_THFTYPE_i :: TPTP_Interpret.ind
   6.288 +  CSR122_1_bnd_lYearFn_THFTYPE_IiiI :: "TPTP_Interpret.ind \<Rightarrow> TPTP_Interpret.ind"
   6.289 +  CSR122_1_bnd_holdsDuring_THFTYPE_IiooI ::
   6.290 +    "TPTP_Interpret.ind \<Rightarrow> bool \<Rightarrow> bool"
   6.291 +  CSR122_1_bnd_likes_THFTYPE_IiioI ::
   6.292 +    "TPTP_Interpret.ind \<Rightarrow> TPTP_Interpret.ind \<Rightarrow> bool"
   6.293 +
   6.294 +lemma "\<forall>SV2. (CSR122_1_bnd_holdsDuring_THFTYPE_IiooI
   6.295 +                 (CSR122_1_bnd_lYearFn_THFTYPE_IiiI CSR122_1_bnd_n2009_THFTYPE_i)
   6.296 +                 (\<not> (\<not> CSR122_1_bnd_likes_THFTYPE_IiioI
   6.297 +                        CSR122_1_bnd_lMary_THFTYPE_i
   6.298 +                        CSR122_1_bnd_lBill_THFTYPE_i \<or>
   6.299 +                     \<not> CSR122_1_bnd_likes_THFTYPE_IiioI
   6.300 +                        CSR122_1_bnd_lSue_THFTYPE_i
   6.301 +                        CSR122_1_bnd_lBill_THFTYPE_i)) =
   6.302 +                CSR122_1_bnd_holdsDuring_THFTYPE_IiooI SV2 True) =
   6.303 +               False \<Longrightarrow>
   6.304 +         \<forall>SV2. (CSR122_1_bnd_lYearFn_THFTYPE_IiiI CSR122_1_bnd_n2009_THFTYPE_i =
   6.305 +                SV2) =
   6.306 +               False \<or>
   6.307 +               ((\<not> (\<not> CSR122_1_bnd_likes_THFTYPE_IiioI
   6.308 +                       CSR122_1_bnd_lMary_THFTYPE_i CSR122_1_bnd_lBill_THFTYPE_i \<or>
   6.309 +                    \<not> CSR122_1_bnd_likes_THFTYPE_IiioI CSR122_1_bnd_lSue_THFTYPE_i
   6.310 +                       CSR122_1_bnd_lBill_THFTYPE_i)) =
   6.311 +                True) =
   6.312 +               False"
   6.313 +apply (rule allI, erule_tac x = "SV2" in allE)
   6.314 +apply (tactic {*extuni_dec_tac @{context} 1*})
   6.315 +done
   6.316 +
   6.317 +(*SEU882^5*)
   6.318 +(*
   6.319 +lemma
   6.320 + "\<forall>(SV2\<Colon>TPTP_Interpret.ind)
   6.321 +        SV1\<Colon>TPTP_Interpret.ind \<Rightarrow> TPTP_Interpret.ind.
   6.322 +        (SV1 SV2 = bnd_sK1_Xy) =
   6.323 +        False
   6.324 +   \<Longrightarrow>
   6.325 +   \<forall>SV2\<Colon>TPTP_Interpret.ind.
   6.326 +            (bnd_sK1_Xy = bnd_sK1_Xy) =
   6.327 +            False"
   6.328 +ML_prf {*
   6.329 +open TPTP_Syntax;
   6.330 +open TPTP_Proof;
   6.331 +
   6.332 +val binds =
   6.333 +[Bind ("SV1", Quant (Lambda, [("SX0", SOME (Fmla_type (Atom (THF_Atom_term (Term_Func (TypeSymbol Type_Ind, []))))))], Atom (THF_Atom_term (Term_Func (Uninterpreted "sK1_Xy", [])))))]
   6.334 +
   6.335 +val tec = bind_tac @{context} (hd prob_names) binds
   6.336 +*}
   6.337 +(*
   6.338 +apply (tactic {*strip_qtfrs
   6.339 +                (* THEN tec *)*})
   6.340 +*)
   6.341 +apply (tactic {*tec*})
   6.342 +done
   6.343 +*)
   6.344 +
   6.345 +lemma "A | B \<Longrightarrow> C1 | A | C2 | B | C3"
   6.346 +apply (erule disjE)
   6.347 +apply (tactic {*clause_breaker 1*})
   6.348 +apply (tactic {*clause_breaker 1*})
   6.349 +done
   6.350 +
   6.351 +lemma "A \<Longrightarrow> A"
   6.352 +apply (tactic {*clause_breaker 1*})
   6.353 +done
   6.354 +
   6.355 +typedecl NUM667_1_bnd_nat
   6.356 +consts
   6.357 +  NUM667_1_bnd_less :: "NUM667_1_bnd_nat \<Rightarrow> NUM667_1_bnd_nat \<Rightarrow> bool"
   6.358 +  NUM667_1_bnd_x :: NUM667_1_bnd_nat
   6.359 +  NUM667_1_bnd_y :: NUM667_1_bnd_nat
   6.360 +
   6.361 +(*NUM667^1 node 302 -- dec*)
   6.362 +lemma "\<forall>SV12 SV13 SV14 SV9 SV10 SV11.
   6.363 +       ((((NUM667_1_bnd_less SV12 SV13 = NUM667_1_bnd_less SV11 SV10) = False \<or>
   6.364 +          (SV14 = SV13) = False) \<or>
   6.365 +         NUM667_1_bnd_less SV12 SV14 = False) \<or>
   6.366 +        NUM667_1_bnd_less SV9 SV10 = True) \<or>
   6.367 +       (SV9 = SV11) =
   6.368 +       False \<Longrightarrow>
   6.369 +       \<forall>SV9 SV14 SV10 SV13 SV11 SV12.
   6.370 +       (((((SV12 = SV11) = False \<or> (SV13 = SV10) = False) \<or>
   6.371 +          (SV14 = SV13) = False) \<or>
   6.372 +         NUM667_1_bnd_less SV12 SV14 = False) \<or>
   6.373 +        NUM667_1_bnd_less SV9 SV10 = True) \<or>
   6.374 +       (SV9 = SV11) =
   6.375 +       False"
   6.376 +apply (tactic {*strip_qtfrs_tac @{context}*})
   6.377 +apply (tactic {*break_hypotheses 1*})
   6.378 +apply (tactic {*ALLGOALS (TRY o clause_breaker)*})
   6.379 +apply (tactic {*extuni_dec_tac @{context} 1*})
   6.380 +done
   6.381 +
   6.382 +ML {*
   6.383 +extuni_dec_n @{context} 2;
   6.384 +*}
   6.385 +
   6.386 +(*NUM667^1, node 202*)
   6.387 +lemma "\<forall>SV9 SV10 SV11.
   6.388 +       ((((SV9 = SV11) = (NUM667_1_bnd_x = NUM667_1_bnd_y)) = False \<or>
   6.389 +         NUM667_1_bnd_less SV11 SV10 = False) \<or>
   6.390 +        NUM667_1_bnd_less SV9 SV10 = True) \<or>
   6.391 +       NUM667_1_bnd_less NUM667_1_bnd_x NUM667_1_bnd_y =
   6.392 +       True \<Longrightarrow>
   6.393 +       \<forall>SV10 SV9 SV11.
   6.394 +       ((((SV11 = NUM667_1_bnd_x) = False \<or> (SV9 = NUM667_1_bnd_y) = False) \<or>
   6.395 +         NUM667_1_bnd_less SV11 SV10 = False) \<or>
   6.396 +        NUM667_1_bnd_less SV9 SV10 = True) \<or>
   6.397 +       NUM667_1_bnd_less NUM667_1_bnd_x NUM667_1_bnd_y =
   6.398 +       True"
   6.399 +apply (tactic {*strip_qtfrs_tac @{context}*})
   6.400 +apply (tactic {*break_hypotheses 1*})
   6.401 +apply (tactic {*ALLGOALS (TRY o clause_breaker)*})
   6.402 +apply (tactic {*extuni_dec_tac @{context} 1*})
   6.403 +done
   6.404 +
   6.405 +(*NUM667^1 node 141*)
   6.406 +(*
   6.407 +lemma "((bnd_x = bnd_x) = False \<or> (bnd_y = bnd_z) = False) \<or>
   6.408 +         bnd_less bnd_x bnd_y = True \<Longrightarrow>
   6.409 +         (bnd_y = bnd_z) = False \<or> bnd_less bnd_x bnd_y = True"
   6.410 +apply (tactic {*strip_qtfrs*})
   6.411 +apply (tactic {*break_hypotheses 1*})
   6.412 +apply (tactic {*ALLGOALS (TRY o clause_breaker)*})
   6.413 +apply (erule extuni_triv)
   6.414 +done
   6.415 +*)
   6.416 +
   6.417 +ML {*
   6.418 +fun full_extcnf_combined_tac ctxt =
   6.419 +  extcnf_combined_tac ctxt NONE
   6.420 +   [ConstsDiff,
   6.421 +    StripQuantifiers,
   6.422 +    Flip_Conclusion,
   6.423 +    Loop [
   6.424 +     Close_Branch,
   6.425 +     ConjI,
   6.426 +     King_Cong,
   6.427 +     Break_Hypotheses,
   6.428 +     Existential_Free,
   6.429 +     Existential_Var,
   6.430 +     Universal,
   6.431 +     RemoveRedundantQuantifications],
   6.432 +    CleanUp [RemoveHypothesesFromSkolemDefs, RemoveDuplicates],
   6.433 +    AbsorbSkolemDefs]
   6.434 +   []
   6.435 +*}
   6.436 +
   6.437 +ML {*
   6.438 +fun nonfull_extcnf_combined_tac ctxt feats =
   6.439 +  extcnf_combined_tac ctxt NONE
   6.440 +   [ConstsDiff,
   6.441 +    StripQuantifiers,
   6.442 +    InnerLoopOnce (Break_Hypotheses :: feats),
   6.443 +    AbsorbSkolemDefs]
   6.444 +   []
   6.445 +*}
   6.446 +
   6.447 +consts SEU882_5_bnd_sK1_Xy :: TPTP_Interpret.ind
   6.448 +lemma
   6.449 +  "\<forall>SV2. (SEU882_5_bnd_sK1_Xy = SEU882_5_bnd_sK1_Xy) = False \<Longrightarrow>
   6.450 +   (SEU882_5_bnd_sK1_Xy = SEU882_5_bnd_sK1_Xy) = False"
   6.451 +(* apply (erule_tac x = "(@X. False)" in allE) *)
   6.452 +(* apply (tactic {*remove_redundant_quantification 1*}) *)
   6.453 +(* apply assumption *)
   6.454 +by (tactic {*nonfull_extcnf_combined_tac @{context} [RemoveRedundantQuantifications, Extuni_FlexRigid]*})
   6.455 +
   6.456 +(*NUM667^1*)
   6.457 +(*
   6.458 +     (* (Annotated_step ("153", "extuni_triv"), *)
   6.459 +lemma "((bnd_y = bnd_x) = False \<or> (bnd_z = bnd_z) = False) \<or>
   6.460 +         (bnd_y = bnd_z) = True \<Longrightarrow>
   6.461 +         (bnd_y = bnd_x) = False \<or> (bnd_y = bnd_z) = True"
   6.462 +apply (tactic {*nonfull_extcnf_combined_tac [Extuni_Triv]*})
   6.463 +done
   6.464 +     (* (Annotated_step ("162", "extuni_triv"), *)
   6.465 +lemma "((bnd_y = bnd_x) = False \<or> (bnd_z = bnd_z) = False) \<or>
   6.466 +         bnd_less bnd_y bnd_z = True \<Longrightarrow>
   6.467 +         (bnd_y = bnd_x) = False \<or> bnd_less bnd_y bnd_z = True"
   6.468 +apply (tactic {*nonfull_extcnf_combined_tac [Extuni_Triv]*})
   6.469 +done
   6.470 +*)
   6.471 +
   6.472 +(* SEU602^2 *)
   6.473 +consts
   6.474 +  SEU602_2_bnd_sK7_E :: "(TPTP_Interpret.ind \<Rightarrow> bool) \<Rightarrow> TPTP_Interpret.ind"
   6.475 +  SEU602_2_bnd_sK2_SY17 :: TPTP_Interpret.ind
   6.476 +  SEU602_2_bnd_in :: "TPTP_Interpret.ind \<Rightarrow> TPTP_Interpret.ind \<Rightarrow> bool"
   6.477 +
   6.478 +     (* (Annotated_step ("113", "extuni_func"), *)
   6.479 +lemma "\<forall>SV49\<Colon>TPTP_Interpret.ind \<Rightarrow> bool.
   6.480 +            (SV49 =
   6.481 +             (\<lambda>SY23\<Colon>TPTP_Interpret.ind.
   6.482 +                 \<not> SEU602_2_bnd_in SY23 SEU602_2_bnd_sK2_SY17)) =
   6.483 +            False \<Longrightarrow>
   6.484 +         \<forall>SV49\<Colon>TPTP_Interpret.ind \<Rightarrow> bool.
   6.485 +            (SV49 (SEU602_2_bnd_sK7_E SV49) =
   6.486 +             (\<not> SEU602_2_bnd_in (SEU602_2_bnd_sK7_E SV49) SEU602_2_bnd_sK2_SY17)) =
   6.487 +            False"
   6.488 +(*FIXME this (and similar) tests are getting the "Bad background theory of goal state" error since upgrading to Isabelle2013-2.*)
   6.489 +by (tactic {*fn thm =>
   6.490 +  let
   6.491 +    val ctxt =
   6.492 +      theory_of_thm thm
   6.493 +      |> Context.Theory
   6.494 +      |> Context.proof_of
   6.495 +  in nonfull_extcnf_combined_tac ctxt [Extuni_Func, Existential_Var] thm
   6.496 +  end*})
   6.497 +(*by (tactic {*nonfull_extcnf_combined_tac @{context} [Extuni_Func, Existential_Var]*})*)
   6.498 +oops
   6.499 +
   6.500 +consts
   6.501 +  SEV405_5_bnd_sK1_SY2 :: "(TPTP_Interpret.ind \<Rightarrow> bool) \<Rightarrow> TPTP_Interpret.ind"
   6.502 +  SEV405_5_bnd_cA :: bool
   6.503 +
   6.504 +lemma "\<forall>SV1\<Colon>TPTP_Interpret.ind \<Rightarrow> bool.
   6.505 +            (\<forall>SY2\<Colon>TPTP_Interpret.ind.
   6.506 +                \<not> (\<not> (\<not> SV1 SY2 \<or> SEV405_5_bnd_cA) \<or>
   6.507 +                   \<not> (\<not> SEV405_5_bnd_cA \<or> SV1 SY2))) =
   6.508 +            False \<Longrightarrow>
   6.509 +         \<forall>SV1\<Colon>TPTP_Interpret.ind \<Rightarrow> bool.
   6.510 +            (\<not> (\<not> (\<not> SV1 (SEV405_5_bnd_sK1_SY2 SV1) \<or> SEV405_5_bnd_cA) \<or>
   6.511 +                \<not> (\<not> SEV405_5_bnd_cA \<or> SV1 (SEV405_5_bnd_sK1_SY2 SV1)))) =
   6.512 +            False"
   6.513 +by (tactic {*nonfull_extcnf_combined_tac @{context} [Existential_Var]*})
   6.514 +(*
   6.515 +strip quantifiers -- creating a space of permutations; from shallowest to deepest (iterative deepening)
   6.516 +flip the conclusion -- giving us branch
   6.517 +apply some collection of rules, in some order, until the space has been explored completely. advantage of not having extcnf_combined: search space is shallow -- particularly if the collection of rules is small.
   6.518 +*)
   6.519 +
   6.520 +consts
   6.521 +  SEU581_2_bnd_sK1 :: "TPTP_Interpret.ind"
   6.522 +  SEU581_2_bnd_sK2 :: "TPTP_Interpret.ind \<Rightarrow> bool"
   6.523 +  SEU581_2_bnd_subset :: "TPTP_Interpret.ind \<Rightarrow> TPTP_Interpret.ind \<Rightarrow> HOL.bool"
   6.524 +  SEU581_2_bnd_dsetconstr ::  "TPTP_Interpret.ind \<Rightarrow> (TPTP_Interpret.ind \<Rightarrow> HOL.bool) \<Rightarrow> TPTP_Interpret.ind"
   6.525 +
   6.526 +(*testing parameters*)
   6.527 +lemma "! X :: TPTP_Interpret.ind . (\<forall>A B. SEU581_2_bnd_in B (SEU581_2_bnd_powerset A) \<longrightarrow> SEU581_2_bnd_subset B A) = True
   6.528 +\<Longrightarrow> ! X :: TPTP_Interpret.ind . (\<forall>A B. \<not> SEU581_2_bnd_in B (SEU581_2_bnd_powerset A) \<or> SEU581_2_bnd_subset B A) = True"
   6.529 +by (tactic {*full_extcnf_combined_tac @{context}*})
   6.530 +
   6.531 +lemma "(A & B) = True ==> (A | B) = True"
   6.532 +by (tactic {*full_extcnf_combined_tac @{context}*})
   6.533 +
   6.534 +lemma "(\<not> bnd_subset (bnd_dsetconstr bnd_sK1 bnd_sK2) bnd_sK1) = True \<Longrightarrow> (bnd_subset (bnd_dsetconstr bnd_sK1 bnd_sK2) bnd_sK1) = False"
   6.535 +by (tactic {*full_extcnf_combined_tac @{context}*})
   6.536 +
   6.537 +(*testing goals with parameters*)
   6.538 +lemma "(\<not> bnd_subset (bnd_dsetconstr bnd_sK1 bnd_sK2) bnd_sK1) = True \<Longrightarrow> ! X. (bnd_subset (bnd_dsetconstr bnd_sK1 bnd_sK2) bnd_sK1) = False"
   6.539 +by (tactic {*full_extcnf_combined_tac @{context}*})
   6.540 +
   6.541 +lemma "(A & B) = True ==> (B & A) = True"
   6.542 +by (tactic {*full_extcnf_combined_tac @{context}*})
   6.543 +
   6.544 +(*appreciating differences between THEN, REPEAT, and APPEND*)
   6.545 +lemma "A & B ==> B & A"
   6.546 +apply (tactic {*
   6.547 +  TRY (etac @{thm conjE} 1)
   6.548 +  THEN TRY (rtac @{thm conjI} 1)*})
   6.549 +by assumption+
   6.550 +
   6.551 +lemma "A & B ==> B & A"
   6.552 +by (tactic {*
   6.553 +  etac @{thm conjE} 1
   6.554 +  THEN rtac @{thm conjI} 1
   6.555 +  THEN REPEAT (atac 1)*})
   6.556 +
   6.557 +lemma "A & B ==> B & A"
   6.558 +apply (tactic {*
   6.559 +  rtac @{thm conjI} 1
   6.560 +  APPEND etac @{thm conjE} 1*})+
   6.561 +back
   6.562 +by assumption+
   6.563 +
   6.564 +consts
   6.565 +  SEU581_2_bnd_sK3 :: "TPTP_Interpret.ind"
   6.566 +  SEU581_2_bnd_sK4 :: "TPTP_Interpret.ind"
   6.567 +  SEU581_2_bnd_sK5 :: "(TPTP_Interpret.ind \<Rightarrow> bool) \<Rightarrow> TPTP_Interpret.ind"
   6.568 +  SEU581_2_bnd_powerset :: "TPTP_Interpret.ind \<Rightarrow> TPTP_Interpret.ind"
   6.569 +  SEU581_2_bnd_in :: "TPTP_Interpret.ind \<Rightarrow> TPTP_Interpret.ind \<Rightarrow> bool"
   6.570 +
   6.571 +consts
   6.572 +  bnd_c1 :: TPTP_Interpret.ind
   6.573 +  bnd_s :: "TPTP_Interpret.ind \<Rightarrow> TPTP_Interpret.ind"
   6.574 +
   6.575 +lemma "(\<forall>SX0. (\<not> (\<not> SX0 (PUZ114_5_bnd_sK4 SX0) (PUZ114_5_bnd_sK5 SX0) \<or>
   6.576 +              \<not> (\<not> SX0 (bnd_s (bnd_s (PUZ114_5_bnd_sK4 SX0)))
   6.577 +                    (PUZ114_5_bnd_sK5 SX0) \<or>
   6.578 +                 \<not> SX0 (bnd_s (PUZ114_5_bnd_sK4 SX0))
   6.579 +                    (bnd_s (PUZ114_5_bnd_sK5 SX0)))) \<or>
   6.580 +           \<not> SX0 bnd_c1 bnd_c1) \<or>
   6.581 +          SX0 PUZ114_5_bnd_sK1 PUZ114_5_bnd_sK2) =
   6.582 +   True ==> \<forall>SV1. ((\<not> (\<not> SV1 (PUZ114_5_bnd_sK4 SV1) (PUZ114_5_bnd_sK5 SV1) \<or>
   6.583 +              \<not> (\<not> SV1 (bnd_s (bnd_s (PUZ114_5_bnd_sK4 SV1)))
   6.584 +                    (PUZ114_5_bnd_sK5 SV1) \<or>
   6.585 +                 \<not> SV1 (bnd_s (PUZ114_5_bnd_sK4 SV1))
   6.586 +                    (bnd_s (PUZ114_5_bnd_sK5 SV1)))) \<or>
   6.587 +           \<not> SV1 bnd_c1 bnd_c1) \<or>
   6.588 +          SV1 PUZ114_5_bnd_sK1 PUZ114_5_bnd_sK2) =
   6.589 +         True"
   6.590 +by (tactic {*full_extcnf_combined_tac @{context}*})
   6.591 +
   6.592 +lemma "(\<not> SEU581_2_bnd_subset (SEU581_2_bnd_dsetconstr SEU581_2_bnd_sK1 SEU581_2_bnd_sK2) SEU581_2_bnd_sK1) = True \<Longrightarrow> (SEU581_2_bnd_subset (SEU581_2_bnd_dsetconstr SEU581_2_bnd_sK1 SEU581_2_bnd_sK2) SEU581_2_bnd_sK1) = False"
   6.593 +by (tactic {*full_extcnf_combined_tac @{context}*})
   6.594 +
   6.595 +(*testing repeated application of simulator*)
   6.596 +lemma "(\<not> \<not> False) = True \<Longrightarrow>
   6.597 +    SEU581_2_bnd_subset (SEU581_2_bnd_dsetconstr SEU581_2_bnd_sK1 SEU581_2_bnd_sK2) SEU581_2_bnd_sK1 = True \<or>
   6.598 +    False = True \<or> False = True \<or> False = True"
   6.599 +by (tactic {*full_extcnf_combined_tac @{context}*})
   6.600 +
   6.601 +(*Testing non-normal conclusion. Ideally we should be able to apply
   6.602 +  the tactic to arbitrary chains of extcnf steps -- where it's not
   6.603 +  generally the case that the conclusions are normal.*)
   6.604 +lemma "(\<not> \<not> False) = True \<Longrightarrow>
   6.605 +    SEU581_2_bnd_subset (SEU581_2_bnd_dsetconstr SEU581_2_bnd_sK1 SEU581_2_bnd_sK2) SEU581_2_bnd_sK1 = True \<or>
   6.606 +    (\<not> False) = False"
   6.607 +by (tactic {*full_extcnf_combined_tac @{context}*})
   6.608 +
   6.609 +(*testing repeated application of simulator, involving different extcnf rules*)
   6.610 +lemma "(\<not> \<not> (False | False)) = True \<Longrightarrow>
   6.611 +    SEU581_2_bnd_subset (SEU581_2_bnd_dsetconstr SEU581_2_bnd_sK1 SEU581_2_bnd_sK2) SEU581_2_bnd_sK1 = True \<or>
   6.612 +    False = True \<or> False = True \<or> False = True"
   6.613 +by (tactic {*full_extcnf_combined_tac @{context}*})
   6.614 +
   6.615 +(*testing logical expansion*)
   6.616 +lemma "(\<forall>A B. SEU581_2_bnd_in B (SEU581_2_bnd_powerset A) \<longrightarrow> SEU581_2_bnd_subset B A) = True
   6.617 +\<Longrightarrow> (\<forall>A B. \<not> SEU581_2_bnd_in B (SEU581_2_bnd_powerset A) \<or> SEU581_2_bnd_subset B A) = True"
   6.618 +by (tactic {*full_extcnf_combined_tac @{context}*})
   6.619 +
   6.620 +(*testing extcnf_forall_pos*)
   6.621 +lemma "(\<forall>A Xphi. SEU581_2_bnd_in (SEU581_2_bnd_dsetconstr A Xphi) (SEU581_2_bnd_powerset A)) = True \<Longrightarrow> \<forall>SV1. (\<forall>SY14.
   6.622 +             SEU581_2_bnd_in (SEU581_2_bnd_dsetconstr SV1 SY14)
   6.623 +              (SEU581_2_bnd_powerset SV1)) = True"
   6.624 +by (tactic {*full_extcnf_combined_tac @{context}*})
   6.625 +
   6.626 +lemma "((\<forall>A Xphi. SEU581_2_bnd_in (SEU581_2_bnd_dsetconstr A Xphi) (SEU581_2_bnd_powerset A)) = True) | ((~ False) = False) \<Longrightarrow>
   6.627 +\<forall>SV1. ((\<forall>SY14. SEU581_2_bnd_in (SEU581_2_bnd_dsetconstr SV1 SY14) (SEU581_2_bnd_powerset SV1)) = True) | ((~ False) = False)"
   6.628 +by (tactic {*full_extcnf_combined_tac @{context}*})
   6.629 +
   6.630 +(*testing parameters*)
   6.631 +lemma "(\<forall>A B. SEU581_2_bnd_in B (SEU581_2_bnd_powerset A) \<longrightarrow> SEU581_2_bnd_subset B A) = True
   6.632 +\<Longrightarrow> ! X. (\<forall>A B. \<not> SEU581_2_bnd_in B (SEU581_2_bnd_powerset A) \<or> SEU581_2_bnd_subset B A) = True"
   6.633 +by (tactic {*full_extcnf_combined_tac @{context}*})
   6.634 +
   6.635 +lemma "((? A .P1 A) = False) | P2 = True \<Longrightarrow> !X. ((P1 X) = False | P2 = True)"
   6.636 +by (tactic {*full_extcnf_combined_tac @{context}*})
   6.637 +
   6.638 +lemma "((!A . (P1a A | P1b A)) = True) | (P2 = True) \<Longrightarrow> !X. (P1a X = True | P1b X = True | P2 = True)"
   6.639 +by (tactic {*full_extcnf_combined_tac @{context}*})
   6.640 +
   6.641 +lemma "! Y. (((!A .(P1a A | P1b A)) = True) | P2 = True) \<Longrightarrow> ! Y. (!X. (P1a X = True | P1b X = True | P2 = True))"
   6.642 +by (tactic {*full_extcnf_combined_tac @{context}*})
   6.643 +
   6.644 +lemma "! Y. (((!A .(P1a A | P1b A)) = True) | P2 = True) \<Longrightarrow> ! Y. (!X. (P1a X = True | P1b X = True | P2 = True))"
   6.645 +by (tactic {*full_extcnf_combined_tac @{context}*})
   6.646 +
   6.647 +lemma "! Y. (((!A .(P1a A | P1b A)) = True) | P2 = True) \<Longrightarrow> ! Y. (!X. (P1a X = True | P1b X = True | P2 = True))"
   6.648 +by (tactic {*full_extcnf_combined_tac @{context}*})
   6.649 +
   6.650 +consts dud_bnd_s :: "TPTP_Interpret.ind \<Rightarrow> TPTP_Interpret.ind"
   6.651 +
   6.652 +(*this lemma kills blast*)
   6.653 +lemma "(\<not> (\<forall>SX0 SX1.
   6.654 +          \<not> PUZ114_5_bnd_sK3 SX0 SX1 \<or> PUZ114_5_bnd_sK3 (dud_bnd_s (dud_bnd_s SX0)) SX1) \<or>
   6.655 +    \<not> (\<forall>SX0 SX1.
   6.656 +          \<not> PUZ114_5_bnd_sK3 SX0 SX1 \<or>
   6.657 +          PUZ114_5_bnd_sK3 (dud_bnd_s SX0) (dud_bnd_s SX1))) =
   6.658 +   False \<Longrightarrow> (\<not> (\<forall>SX0 SX1.
   6.659 +          \<not> PUZ114_5_bnd_sK3 SX0 SX1 \<or>
   6.660 +          PUZ114_5_bnd_sK3 (dud_bnd_s SX0) (dud_bnd_s SX1))) =
   6.661 +   False"
   6.662 +by (tactic {*full_extcnf_combined_tac @{context}*})
   6.663 +
   6.664 +(*testing logical expansion -- this should be done by blast*)
   6.665 +lemma "(\<forall>A B. bnd_in B (bnd_powerset A) \<longrightarrow> SEU581_2_bnd_subset B A) = True
   6.666 +\<Longrightarrow> (\<forall>A B. \<not> bnd_in B (bnd_powerset A) \<or> SEU581_2_bnd_subset B A) = True"
   6.667 +by (tactic {*full_extcnf_combined_tac @{context}*})
   6.668 +
   6.669 +(*testing related to PUZ114^5.p.out*)
   6.670 +lemma "\<forall>SV1. ((\<not> (\<not> SV1 (PUZ114_5_bnd_sK4 SV1) (PUZ114_5_bnd_sK5 SV1) \<or>
   6.671 +                    \<not> (\<not> SV1 (bnd_s (bnd_s (PUZ114_5_bnd_sK4 SV1)))
   6.672 +                          (PUZ114_5_bnd_sK5 SV1) \<or>
   6.673 +                       \<not> SV1 (bnd_s (PUZ114_5_bnd_sK4 SV1))
   6.674 +                          (bnd_s (PUZ114_5_bnd_sK5 SV1))))) =
   6.675 +                True \<or>
   6.676 +                (\<not> SV1 bnd_c1 bnd_c1) = True) \<or>
   6.677 +               SV1 PUZ114_5_bnd_sK1 PUZ114_5_bnd_sK2 = True \<Longrightarrow>
   6.678 +         \<forall>SV1. (SV1 bnd_c1 bnd_c1 = False \<or>
   6.679 +                (\<not> (\<not> SV1 (PUZ114_5_bnd_sK4 SV1) (PUZ114_5_bnd_sK5 SV1) \<or>
   6.680 +                    \<not> (\<not> SV1 (bnd_s (bnd_s (PUZ114_5_bnd_sK4 SV1)))
   6.681 +                          (PUZ114_5_bnd_sK5 SV1) \<or>
   6.682 +                       \<not> SV1 (bnd_s (PUZ114_5_bnd_sK4 SV1))
   6.683 +                          (bnd_s (PUZ114_5_bnd_sK5 SV1))))) =
   6.684 +                True) \<or>
   6.685 +               SV1 PUZ114_5_bnd_sK1 PUZ114_5_bnd_sK2 = True"
   6.686 +by (tactic {*full_extcnf_combined_tac @{context}*})
   6.687 +
   6.688 +lemma "\<forall>SV2. (\<forall>SY41.
   6.689 +                   \<not> PUZ114_5_bnd_sK3 SV2 SY41 \<or>
   6.690 +                   PUZ114_5_bnd_sK3 (dud_bnd_s (dud_bnd_s SV2)) SY41) =
   6.691 +               True \<Longrightarrow>
   6.692 +         \<forall>SV4 SV2.
   6.693 +            (\<not> PUZ114_5_bnd_sK3 SV2 SV4 \<or>
   6.694 +             PUZ114_5_bnd_sK3 (dud_bnd_s (dud_bnd_s SV2)) SV4) =
   6.695 +            True"
   6.696 +by (tactic {*full_extcnf_combined_tac @{context}*})
   6.697 +
   6.698 +lemma "\<forall>SV3. (\<forall>SY42.
   6.699 +                   \<not> PUZ114_5_bnd_sK3 SV3 SY42 \<or>
   6.700 +                   PUZ114_5_bnd_sK3 (dud_bnd_s SV3) (dud_bnd_s SY42)) =
   6.701 +               True \<Longrightarrow>
   6.702 +         \<forall>SV5 SV3.
   6.703 +            (\<not> PUZ114_5_bnd_sK3 SV3 SV5 \<or>
   6.704 +             PUZ114_5_bnd_sK3 (dud_bnd_s SV3) (dud_bnd_s SV5)) =
   6.705 +            True"
   6.706 +by (tactic {*full_extcnf_combined_tac @{context}*})
   6.707 +
   6.708 +
   6.709 +subsection "unfold_def"
   6.710 +     (* (Annotated_step ("9", "unfold_def"), *)
   6.711 +lemma "bnd_kpairiskpair =
   6.712 +             (ALL Xx Xy.
   6.713 +                 bnd_iskpair
   6.714 +                  (bnd_setadjoin (bnd_setadjoin Xx bnd_emptyset)
   6.715 +                    (bnd_setadjoin (bnd_setadjoin Xx (bnd_setadjoin Xy bnd_emptyset))
   6.716 +                      bnd_emptyset))) &
   6.717 +             bnd_kpair =
   6.718 +             (%Xx Xy.
   6.719 +                 bnd_setadjoin (bnd_setadjoin Xx bnd_emptyset)
   6.720 +                  (bnd_setadjoin (bnd_setadjoin Xx (bnd_setadjoin Xy bnd_emptyset))
   6.721 +                    bnd_emptyset)) &
   6.722 +             bnd_iskpair =
   6.723 +             (%A. EX Xx. bnd_in Xx (bnd_setunion A) &
   6.724 +                         (EX Xy. bnd_in Xy (bnd_setunion A) &
   6.725 +                                 A = bnd_setadjoin (bnd_setadjoin Xx bnd_emptyset)
   6.726 +                                      (bnd_setadjoin
   6.727 +                                        (bnd_setadjoin Xx
   6.728 +(bnd_setadjoin Xy bnd_emptyset))
   6.729 +                                        bnd_emptyset))) &
   6.730 +             (~ (ALL SY0 SY1.
   6.731 +                    EX SY3.
   6.732 +                       bnd_in SY3
   6.733 +                        (bnd_setunion
   6.734 +                          (bnd_setadjoin (bnd_setadjoin SY0 bnd_emptyset)
   6.735 +                            (bnd_setadjoin
   6.736 +                              (bnd_setadjoin SY0 (bnd_setadjoin SY1 bnd_emptyset))
   6.737 +                              bnd_emptyset))) &
   6.738 +                       (EX SY4.
   6.739 +                           bnd_in SY4
   6.740 +                            (bnd_setunion
   6.741 +                              (bnd_setadjoin (bnd_setadjoin SY0 bnd_emptyset)
   6.742 +                                (bnd_setadjoin
   6.743 +                                  (bnd_setadjoin SY0
   6.744 +                                    (bnd_setadjoin SY1 bnd_emptyset))
   6.745 +                                  bnd_emptyset))) &
   6.746 +                           bnd_setadjoin (bnd_setadjoin SY0 bnd_emptyset)
   6.747 +                            (bnd_setadjoin
   6.748 +                              (bnd_setadjoin SY0 (bnd_setadjoin SY1 bnd_emptyset))
   6.749 +                              bnd_emptyset) =
   6.750 +                           bnd_setadjoin (bnd_setadjoin SY3 bnd_emptyset)
   6.751 +                            (bnd_setadjoin
   6.752 +                              (bnd_setadjoin SY3 (bnd_setadjoin SY4 bnd_emptyset))
   6.753 +                              bnd_emptyset)))) =
   6.754 +             True
   6.755 +             ==> (~ (ALL SX0 SX1.
   6.756 +                        ~ (ALL SX2.
   6.757 +                              ~ ~ (~ bnd_in SX2
   6.758 +                                      (bnd_setunion
   6.759 +                                        (bnd_setadjoin
   6.760 +(bnd_setadjoin SX0 bnd_emptyset)
   6.761 +(bnd_setadjoin (bnd_setadjoin SX0 (bnd_setadjoin SX1 bnd_emptyset)) bnd_emptyset))) |
   6.762 +                                   ~ ~ (ALL SX3.
   6.763 + ~ ~ (~ bnd_in SX3
   6.764 +         (bnd_setunion
   6.765 +           (bnd_setadjoin (bnd_setadjoin SX0 bnd_emptyset)
   6.766 +             (bnd_setadjoin (bnd_setadjoin SX0 (bnd_setadjoin SX1 bnd_emptyset))
   6.767 +               bnd_emptyset))) |
   6.768 +      bnd_setadjoin (bnd_setadjoin SX0 bnd_emptyset)
   6.769 +       (bnd_setadjoin (bnd_setadjoin SX0 (bnd_setadjoin SX1 bnd_emptyset))
   6.770 +         bnd_emptyset) ~=
   6.771 +      bnd_setadjoin (bnd_setadjoin SX2 bnd_emptyset)
   6.772 +       (bnd_setadjoin (bnd_setadjoin SX2 (bnd_setadjoin SX3 bnd_emptyset))
   6.773 +         bnd_emptyset))))))) =
   6.774 +                 True"
   6.775 +by (tactic {*unfold_def_tac @{context} []*})
   6.776 +
   6.777 +     (* (Annotated_step ("10", "unfold_def"), *)
   6.778 +lemma "bnd_kpairiskpair =
   6.779 +             (ALL Xx Xy.
   6.780 +                 bnd_iskpair
   6.781 +                  (bnd_setadjoin (bnd_setadjoin Xx bnd_emptyset)
   6.782 +                    (bnd_setadjoin (bnd_setadjoin Xx (bnd_setadjoin Xy bnd_emptyset))
   6.783 +                      bnd_emptyset))) &
   6.784 +             bnd_kpair =
   6.785 +             (%Xx Xy.
   6.786 +                 bnd_setadjoin (bnd_setadjoin Xx bnd_emptyset)
   6.787 +                  (bnd_setadjoin (bnd_setadjoin Xx (bnd_setadjoin Xy bnd_emptyset))
   6.788 +                    bnd_emptyset)) &
   6.789 +             bnd_iskpair =
   6.790 +             (%A. EX Xx. bnd_in Xx (bnd_setunion A) &
   6.791 +                         (EX Xy. bnd_in Xy (bnd_setunion A) &
   6.792 +                                 A = bnd_setadjoin (bnd_setadjoin Xx bnd_emptyset)
   6.793 +                                      (bnd_setadjoin
   6.794 +                                        (bnd_setadjoin Xx
   6.795 +(bnd_setadjoin Xy bnd_emptyset))
   6.796 +                                        bnd_emptyset))) &
   6.797 +             (ALL SY5 SY6.
   6.798 +                 EX SY7.
   6.799 +                    bnd_in SY7
   6.800 +                     (bnd_setunion
   6.801 +                       (bnd_setadjoin (bnd_setadjoin SY5 bnd_emptyset)
   6.802 +                         (bnd_setadjoin
   6.803 +                           (bnd_setadjoin SY5 (bnd_setadjoin SY6 bnd_emptyset))
   6.804 +                           bnd_emptyset))) &
   6.805 +                    (EX SY8.
   6.806 +                        bnd_in SY8
   6.807 +                         (bnd_setunion
   6.808 +                           (bnd_setadjoin (bnd_setadjoin SY5 bnd_emptyset)
   6.809 +                             (bnd_setadjoin
   6.810 +                               (bnd_setadjoin SY5 (bnd_setadjoin SY6 bnd_emptyset))
   6.811 +                               bnd_emptyset))) &
   6.812 +                        bnd_setadjoin (bnd_setadjoin SY5 bnd_emptyset)
   6.813 +                         (bnd_setadjoin
   6.814 +                           (bnd_setadjoin SY5 (bnd_setadjoin SY6 bnd_emptyset))
   6.815 +                           bnd_emptyset) =
   6.816 +                        bnd_setadjoin (bnd_setadjoin SY7 bnd_emptyset)
   6.817 +                         (bnd_setadjoin
   6.818 +                           (bnd_setadjoin SY7 (bnd_setadjoin SY8 bnd_emptyset))
   6.819 +                           bnd_emptyset))) =
   6.820 +             True
   6.821 +             ==> (ALL SX0 SX1.
   6.822 +                     ~ (ALL SX2.
   6.823 +                           ~ ~ (~ bnd_in SX2
   6.824 +                                   (bnd_setunion
   6.825 +                                     (bnd_setadjoin (bnd_setadjoin SX0 bnd_emptyset)
   6.826 +                                       (bnd_setadjoin
   6.827 +                                         (bnd_setadjoin SX0
   6.828 + (bnd_setadjoin SX1 bnd_emptyset))
   6.829 +                                         bnd_emptyset))) |
   6.830 +                                ~ ~ (ALL SX3.
   6.831 +                                        ~ ~ (~ bnd_in SX3
   6.832 +      (bnd_setunion
   6.833 +        (bnd_setadjoin (bnd_setadjoin SX0 bnd_emptyset)
   6.834 +          (bnd_setadjoin (bnd_setadjoin SX0 (bnd_setadjoin SX1 bnd_emptyset))
   6.835 +            bnd_emptyset))) |
   6.836 +   bnd_setadjoin (bnd_setadjoin SX0 bnd_emptyset)
   6.837 +    (bnd_setadjoin (bnd_setadjoin SX0 (bnd_setadjoin SX1 bnd_emptyset))
   6.838 +      bnd_emptyset) ~=
   6.839 +   bnd_setadjoin (bnd_setadjoin SX2 bnd_emptyset)
   6.840 +    (bnd_setadjoin (bnd_setadjoin SX2 (bnd_setadjoin SX3 bnd_emptyset))
   6.841 +      bnd_emptyset)))))) =
   6.842 +                 True"
   6.843 +by (tactic {*unfold_def_tac @{context} []*})
   6.844 +
   6.845 +     (* (Annotated_step ("12", "unfold_def"), *)
   6.846 +lemma "bnd_cCKB6_BLACK =
   6.847 +         (\<lambda>Xu Xv.
   6.848 +             \<forall>Xw. Xw bnd_c1 bnd_c1 \<and>
   6.849 +                  (\<forall>Xj Xk.
   6.850 +                      Xw Xj Xk \<longrightarrow>
   6.851 +                      Xw (bnd_s (bnd_s Xj)) Xk \<and>
   6.852 +                      Xw (bnd_s Xj) (bnd_s Xk)) \<longrightarrow>
   6.853 +                  Xw Xu Xv) \<and>
   6.854 +         ((((\<forall>SY36 SY37.
   6.855 +                \<not> PUZ114_5_bnd_sK3 SY36 SY37 \<or>
   6.856 +                PUZ114_5_bnd_sK3 (bnd_s (bnd_s SY36)) SY37) \<and>
   6.857 +            (\<forall>SY38 SY39.
   6.858 +                \<not> PUZ114_5_bnd_sK3 SY38 SY39 \<or>
   6.859 +                PUZ114_5_bnd_sK3 (bnd_s SY38) (bnd_s SY39))) \<and>
   6.860 +           PUZ114_5_bnd_sK3 bnd_c1 bnd_c1) \<and>
   6.861 +          \<not> PUZ114_5_bnd_sK3 (bnd_s (bnd_s (bnd_s PUZ114_5_bnd_sK1)))
   6.862 +             (bnd_s PUZ114_5_bnd_sK2)) =
   6.863 +         True \<Longrightarrow>
   6.864 +         (\<not> (\<not> \<not> (\<not> \<not> (\<not> (\<forall>SX0 SX1.
   6.865 +                             \<not> PUZ114_5_bnd_sK3 SX0 SX1 \<or>
   6.866 +                             PUZ114_5_bnd_sK3 (bnd_s (bnd_s SX0)) SX1) \<or>
   6.867 +                       \<not> (\<forall>SX0 SX1.
   6.868 +                             \<not> PUZ114_5_bnd_sK3 SX0 SX1 \<or>
   6.869 +                             PUZ114_5_bnd_sK3 (bnd_s SX0) (bnd_s SX1))) \<or>
   6.870 +                  \<not> PUZ114_5_bnd_sK3 bnd_c1 bnd_c1) \<or>
   6.871 +             \<not> \<not> PUZ114_5_bnd_sK3 (bnd_s (bnd_s (bnd_s PUZ114_5_bnd_sK1)))
   6.872 +                  (bnd_s PUZ114_5_bnd_sK2))) =
   6.873 +         True"
   6.874 +(*
   6.875 +apply (erule conjE)+
   6.876 +apply (erule subst)+
   6.877 +apply (tactic {*log_expander 1*})+
   6.878 +apply (rule refl)
   6.879 +*)
   6.880 +by (tactic {*unfold_def_tac @{context} []*})
   6.881 +
   6.882 +     (* (Annotated_step ("13", "unfold_def"), *)
   6.883 +lemma "bnd_cCKB6_BLACK =
   6.884 +         (\<lambda>Xu Xv.
   6.885 +             \<forall>Xw. Xw bnd_c1 bnd_c1 \<and>
   6.886 +                  (\<forall>Xj Xk.
   6.887 +                      Xw Xj Xk \<longrightarrow>
   6.888 +                      Xw (bnd_s (bnd_s Xj)) Xk \<and>
   6.889 +                      Xw (bnd_s Xj) (bnd_s Xk)) \<longrightarrow>
   6.890 +                  Xw Xu Xv) \<and>
   6.891 +         (\<forall>SY30.
   6.892 +             (SY30 (PUZ114_5_bnd_sK4 SY30) (PUZ114_5_bnd_sK5 SY30) \<and>
   6.893 +              (\<not> SY30 (bnd_s (bnd_s (PUZ114_5_bnd_sK4 SY30)))
   6.894 +                  (PUZ114_5_bnd_sK5 SY30) \<or>
   6.895 +               \<not> SY30 (bnd_s (PUZ114_5_bnd_sK4 SY30))
   6.896 +                  (bnd_s (PUZ114_5_bnd_sK5 SY30))) \<or>
   6.897 +              \<not> SY30 bnd_c1 bnd_c1) \<or>
   6.898 +             SY30 PUZ114_5_bnd_sK1 PUZ114_5_bnd_sK2) =
   6.899 +         True \<Longrightarrow>
   6.900 +         (\<forall>SX0. (\<not> (\<not> SX0 (PUZ114_5_bnd_sK4 SX0) (PUZ114_5_bnd_sK5 SX0) \<or>
   6.901 +                    \<not> (\<not> SX0 (bnd_s (bnd_s (PUZ114_5_bnd_sK4 SX0)))
   6.902 +                          (PUZ114_5_bnd_sK5 SX0) \<or>
   6.903 +                       \<not> SX0 (bnd_s (PUZ114_5_bnd_sK4 SX0))
   6.904 +                          (bnd_s (PUZ114_5_bnd_sK5 SX0)))) \<or>
   6.905 +                 \<not> SX0 bnd_c1 bnd_c1) \<or>
   6.906 +                SX0 PUZ114_5_bnd_sK1 PUZ114_5_bnd_sK2) =
   6.907 +         True"
   6.908 +(*
   6.909 +apply (erule conjE)+
   6.910 +apply (tactic {*expander_animal 1*})+
   6.911 +apply assumption
   6.912 +*)
   6.913 +by (tactic {*unfold_def_tac @{context} []*})
   6.914 +
   6.915 +(*FIXME move this heuristic elsewhere*)
   6.916 +ML {*
   6.917 +(*Other than the list (which must not be empty) this function
   6.918 +  expects a parameter indicating the smallest integer.
   6.919 +  (Using Int.minInt isn't always viable).*)
   6.920 +fun max_int_floored min l =
   6.921 +  if null l then raise List.Empty
   6.922 +  else fold (curry Int.max) l min;
   6.923 +
   6.924 +val _ = @{assert} (max_int_floored ~101002 [1]  = 1)
   6.925 +val _ = @{assert} (max_int_floored 0 [1, 3, 5] = 5)
   6.926 +
   6.927 +fun max_index_floored min l =
   6.928 +  let
   6.929 +    val max = max_int_floored min l
   6.930 +  in find_index (pair max #> op =) l end
   6.931 +*}
   6.932 +
   6.933 +ML {*
   6.934 +max_index_floored 0 [1, 3, 5]
   6.935 +*}
   6.936 +
   6.937 +ML {*
   6.938 +(*
   6.939 +Given argument ([h_1, ..., h_n], conc),
   6.940 +obtained from term of form
   6.941 +  h_1 ==> ... ==> h_n ==> conclusion,
   6.942 +this function indicates which h_i is biggest,
   6.943 +or NONE if h_n = 0.
   6.944 +*)
   6.945 +fun biggest_hypothesis (hypos, _) =
   6.946 +  if null hypos then NONE
   6.947 +  else
   6.948 +    map size_of_term hypos
   6.949 +    |> max_index_floored 0
   6.950 +    |> SOME
   6.951 +*}
   6.952 +
   6.953 +ML {*
   6.954 +fun biggest_hyp_first_tac i = fn st =>
   6.955 +  let
   6.956 +    val results = TERMFUN biggest_hypothesis (SOME i) st
   6.957 +val _ = tracing ("result=" ^ PolyML.makestring results)
   6.958 +  in
   6.959 +    if null results then no_tac st
   6.960 +    else
   6.961 +      let
   6.962 +        val result = the_single results
   6.963 +      in
   6.964 +        case result of
   6.965 +            NONE => no_tac st
   6.966 +          | SOME n =>
   6.967 +              if n > 0 then rotate_tac n i st else no_tac st
   6.968 +      end
   6.969 +  end
   6.970 +*}
   6.971 +
   6.972 +     (* (Annotated_step ("6", "unfold_def"), *)
   6.973 +lemma  "(\<not> (\<exists>U :: TPTP_Interpret.ind \<Rightarrow> bool. \<forall>V. U V = SEV405_5_bnd_cA)) = True \<Longrightarrow>
   6.974 +         (\<not> \<not> (\<forall>SX0 :: TPTP_Interpret.ind \<Rightarrow> bool. \<not> (\<forall>SX1. \<not> (\<not> (\<not> SX0 SX1 \<or> SEV405_5_bnd_cA) \<or>
   6.975 + \<not> (\<not> SEV405_5_bnd_cA \<or> SX0 SX1))))) =
   6.976 +         True"
   6.977 +(* by (tactic {*unfold_def_tac []*}) *)
   6.978 +oops
   6.979 +
   6.980 +subsection "Using leo2_tac"
   6.981 +(*these require PUZ114^5's proof to be loaded
   6.982 +
   6.983 +ML {*leo2_tac @{context} (hd prob_names) "50"*}
   6.984 +
   6.985 +ML {*leo2_tac @{context} (hd prob_names) "4"*}
   6.986 +
   6.987 +ML {*leo2_tac @{context} (hd prob_names) "9"*}
   6.988 +
   6.989 +     (* (Annotated_step ("9", "extcnf_combined"), *)
   6.990 +lemma "(\<forall>SY30.
   6.991 +             SY30 bnd_c1 bnd_c1 \<and>
   6.992 +             (\<forall>Xj Xk.
   6.993 +                 SY30 Xj Xk \<longrightarrow>
   6.994 +                 SY30 (bnd_s (bnd_s Xj)) Xk \<and>
   6.995 +                 SY30 (bnd_s Xj) (bnd_s Xk)) \<longrightarrow>
   6.996 +             SY30 bnd_sK1 bnd_sK2) =
   6.997 +         True \<Longrightarrow>
   6.998 +         (\<forall>SY30.
   6.999 +             (SY30 (bnd_sK4 SY30) (bnd_sK5 SY30) \<and>
  6.1000 +              (\<not> SY30 (bnd_s (bnd_s (bnd_sK4 SY30)))
  6.1001 +                  (bnd_sK5 SY30) \<or>
  6.1002 +               \<not> SY30 (bnd_s (bnd_sK4 SY30))
  6.1003 +                  (bnd_s (bnd_sK5 SY30))) \<or>
  6.1004 +              \<not> SY30 bnd_c1 bnd_c1) \<or>
  6.1005 +             SY30 bnd_sK1 bnd_sK2) =
  6.1006 +         True"
  6.1007 +by (tactic {*rtac (leo2_tac @{context} (hd prob_names) "9") 1*})
  6.1008 +*)
  6.1009 +
  6.1010 +
  6.1011 +
  6.1012 +typedecl GEG007_1_bnd_reg
  6.1013 +consts
  6.1014 +  GEG007_1_bnd_sK7_SX2 :: "TPTP_Interpret.ind \<Rightarrow> TPTP_Interpret.ind \<Rightarrow> GEG007_1_bnd_reg"
  6.1015 +  GEG007_1_bnd_sK6_SX2 :: "TPTP_Interpret.ind \<Rightarrow> TPTP_Interpret.ind \<Rightarrow> GEG007_1_bnd_reg"
  6.1016 +  GEG007_1_bnd_a :: "TPTP_Interpret.ind \<Rightarrow> TPTP_Interpret.ind \<Rightarrow> bool"
  6.1017 +  GEG007_1_bnd_catalunya  :: "GEG007_1_bnd_reg"
  6.1018 +  GEG007_1_bnd_spain :: "GEG007_1_bnd_reg"
  6.1019 +  GEG007_1_bnd_c :: "GEG007_1_bnd_reg \<Rightarrow> GEG007_1_bnd_reg \<Rightarrow> bool"
  6.1020 +
  6.1021 +     (* (Annotated_step ("147", "extcnf_forall_neg"), *)
  6.1022 +lemma "\<forall>SV13 SV6.
  6.1023 +            (\<forall>SX2. \<not> GEG007_1_bnd_c SX2 GEG007_1_bnd_spain \<or>
  6.1024 +                   GEG007_1_bnd_c SX2 GEG007_1_bnd_catalunya) =
  6.1025 +            False \<or>
  6.1026 +            GEG007_1_bnd_a SV6 SV13 = False \<Longrightarrow>
  6.1027 +         \<forall>SV6 SV13.
  6.1028 +            (\<not> GEG007_1_bnd_c (GEG007_1_bnd_sK7_SX2 SV13 SV6) GEG007_1_bnd_spain \<or>
  6.1029 +             GEG007_1_bnd_c (GEG007_1_bnd_sK7_SX2 SV13 SV6) GEG007_1_bnd_catalunya) =
  6.1030 +            False \<or>
  6.1031 +            GEG007_1_bnd_a SV6 SV13 = False"
  6.1032 +by (tactic {*nonfull_extcnf_combined_tac @{context} [Existential_Var]*})
  6.1033 +
  6.1034 +     (* (Annotated_step ("116", "extcnf_forall_neg"), *)
  6.1035 +lemma "\<forall>SV13 SV6.
  6.1036 +            (\<forall>SX2. \<not> \<not> (\<not> \<not> (\<not> GEG007_1_bnd_c SX2 GEG007_1_bnd_catalunya \<or>
  6.1037 +                             \<not> \<not> \<not> (\<forall>SX3.
  6.1038 +       \<not> \<not> (\<not> (\<forall>SX4. \<not> GEG007_1_bnd_c SX4 SX3 \<or> GEG007_1_bnd_c SX4 SX2) \<or>
  6.1039 +            \<not> (\<forall>SX4. \<not> GEG007_1_bnd_c SX4 SX3 \<or>
  6.1040 +                     GEG007_1_bnd_c SX4 GEG007_1_bnd_catalunya)))) \<or>
  6.1041 +                        \<not> \<not> (\<not> GEG007_1_bnd_c SX2 GEG007_1_bnd_spain \<or>
  6.1042 +                             \<not> \<not> \<not> (\<forall>SX3.
  6.1043 +       \<not> \<not> (\<not> (\<forall>SX4. \<not> GEG007_1_bnd_c SX4 SX3 \<or> GEG007_1_bnd_c SX4 SX2) \<or>
  6.1044 +            \<not> (\<forall>SX4. \<not> GEG007_1_bnd_c SX4 SX3 \<or>
  6.1045 +                     GEG007_1_bnd_c SX4 GEG007_1_bnd_spain)))))) =
  6.1046 +            False \<or>
  6.1047 +            GEG007_1_bnd_a SV6 SV13 = False \<Longrightarrow>
  6.1048 +         \<forall>SV6 SV13.
  6.1049 +            (\<not> \<not> (\<not> \<not> (\<not> GEG007_1_bnd_c (GEG007_1_bnd_sK6_SX2 SV13 SV6)
  6.1050 +                          GEG007_1_bnd_catalunya \<or>
  6.1051 +                       \<not> \<not> \<not> (\<forall>SY68.
  6.1052 + \<not> \<not> (\<not> (\<forall>SY69.
  6.1053 +            \<not> GEG007_1_bnd_c SY69 SY68 \<or>
  6.1054 +            GEG007_1_bnd_c SY69 (GEG007_1_bnd_sK6_SX2 SV13 SV6)) \<or>
  6.1055 +      \<not> (\<forall>SX4. \<not> GEG007_1_bnd_c SX4 SY68 \<or> GEG007_1_bnd_c SX4 GEG007_1_bnd_catalunya)))) \<or>
  6.1056 +                  \<not> \<not> (\<not> GEG007_1_bnd_c (GEG007_1_bnd_sK6_SX2 SV13 SV6)
  6.1057 +                          GEG007_1_bnd_spain \<or>
  6.1058 +                       \<not> \<not> \<not> (\<forall>SY71.
  6.1059 + \<not> \<not> (\<not> (\<forall>SY72.
  6.1060 +            \<not> GEG007_1_bnd_c SY72 SY71 \<or>
  6.1061 +            GEG007_1_bnd_c SY72 (GEG007_1_bnd_sK6_SX2 SV13 SV6)) \<or>
  6.1062 +      \<not> (\<forall>SX4. \<not> GEG007_1_bnd_c SX4 SY71 \<or> GEG007_1_bnd_c SX4 GEG007_1_bnd_spain)))))) =
  6.1063 +            False \<or>
  6.1064 +            GEG007_1_bnd_a SV6 SV13 = False"
  6.1065 +by (tactic {*nonfull_extcnf_combined_tac @{context} [Existential_Var]*})
  6.1066 +
  6.1067 +consts PUZ107_5_bnd_sK1_SX0 ::
  6.1068 +  "TPTP_Interpret.ind
  6.1069 +      \<Rightarrow> TPTP_Interpret.ind
  6.1070 +        \<Rightarrow> TPTP_Interpret.ind \<Rightarrow> TPTP_Interpret.ind \<Rightarrow> bool"
  6.1071 +
  6.1072 +lemma "\<forall>(SV4\<Colon>TPTP_Interpret.ind) (SV8\<Colon>TPTP_Interpret.ind)
  6.1073 +   (SV6\<Colon>TPTP_Interpret.ind) (SV2\<Colon>TPTP_Interpret.ind)
  6.1074 +   (SV3\<Colon>TPTP_Interpret.ind) SV1\<Colon>TPTP_Interpret.ind.
  6.1075 +   ((SV1 \<noteq> SV3) = False \<or> PUZ107_5_bnd_sK1_SX0 SV1 SV2 SV6 SV8 = False) \<or>
  6.1076 +   PUZ107_5_bnd_sK1_SX0 SV3 SV4 SV6 SV8 = False \<Longrightarrow>
  6.1077 +\<forall>(SV4\<Colon>TPTP_Interpret.ind) (SV8\<Colon>TPTP_Interpret.ind)
  6.1078 +   (SV6\<Colon>TPTP_Interpret.ind) (SV2\<Colon>TPTP_Interpret.ind)
  6.1079 +   (SV3\<Colon>TPTP_Interpret.ind) SV1\<Colon>TPTP_Interpret.ind.
  6.1080 +   ((SV1 = SV3) = True \<or> PUZ107_5_bnd_sK1_SX0 SV1 SV2 SV6 SV8 = False) \<or>
  6.1081 +   PUZ107_5_bnd_sK1_SX0 SV3 SV4 SV6 SV8 = False"
  6.1082 +by (tactic {*nonfull_extcnf_combined_tac @{context} [Not_neg]*})
  6.1083 +
  6.1084 +lemma "
  6.1085 +\<forall>(SV8\<Colon>TPTP_Interpret.ind) (SV6\<Colon>TPTP_Interpret.ind)
  6.1086 +   (SV4\<Colon>TPTP_Interpret.ind) (SV2\<Colon>TPTP_Interpret.ind)
  6.1087 +   (SV3\<Colon>TPTP_Interpret.ind) SV1\<Colon>TPTP_Interpret.ind.
  6.1088 +   ((SV1 \<noteq> SV3 \<or> SV2 \<noteq> SV4) = False \<or>
  6.1089 +    PUZ107_5_bnd_sK1_SX0 SV1 SV2 SV6 SV8 = False) \<or>
  6.1090 +   PUZ107_5_bnd_sK1_SX0 SV3 SV4 SV6 SV8 = False \<Longrightarrow>
  6.1091 +\<forall>(SV4\<Colon>TPTP_Interpret.ind) (SV8\<Colon>TPTP_Interpret.ind)
  6.1092 +   (SV6\<Colon>TPTP_Interpret.ind) (SV2\<Colon>TPTP_Interpret.ind)
  6.1093 +   (SV3\<Colon>TPTP_Interpret.ind) SV1\<Colon>TPTP_Interpret.ind.
  6.1094 +   ((SV1 \<noteq> SV3) = False \<or> PUZ107_5_bnd_sK1_SX0 SV1 SV2 SV6 SV8 = False) \<or>
  6.1095 +   PUZ107_5_bnd_sK1_SX0 SV3 SV4 SV6 SV8 = False"
  6.1096 +by (tactic {*nonfull_extcnf_combined_tac @{context} [Or_neg]*})
  6.1097 +
  6.1098 +consts
  6.1099 +  NUM016_5_bnd_a :: TPTP_Interpret.ind
  6.1100 +  NUM016_5_bnd_prime :: "TPTP_Interpret.ind \<Rightarrow> bool"
  6.1101 +  NUM016_5_bnd_factorial_plus_one :: "TPTP_Interpret.ind \<Rightarrow> TPTP_Interpret.ind"
  6.1102 +  NUM016_5_bnd_prime_divisor :: "TPTP_Interpret.ind \<Rightarrow> TPTP_Interpret.ind"
  6.1103 +  NUM016_5_bnd_divides :: "TPTP_Interpret.ind \<Rightarrow> TPTP_Interpret.ind \<Rightarrow> bool"
  6.1104 +  NUM016_5_bnd_less :: "TPTP_Interpret.ind \<Rightarrow> TPTP_Interpret.ind \<Rightarrow> bool"
  6.1105 +
  6.1106 +     (* (Annotated_step ("6", "unfold_def"), *)
  6.1107 +lemma "((((((((((((\<forall>X\<Colon>TPTP_Interpret.ind. \<not> NUM016_5_bnd_less X X) \<and>
  6.1108 +                    (\<forall>(X\<Colon>TPTP_Interpret.ind)
  6.1109 +                        Y\<Colon>TPTP_Interpret.ind.
  6.1110 +                        \<not> NUM016_5_bnd_less X Y \<or> \<not> NUM016_5_bnd_less Y X)) \<and>
  6.1111 +                   (\<forall>X\<Colon>TPTP_Interpret.ind. NUM016_5_bnd_divides X X)) \<and>
  6.1112 +                  (\<forall>(X\<Colon>TPTP_Interpret.ind)
  6.1113 +                      (Y\<Colon>TPTP_Interpret.ind)
  6.1114 +                      Z\<Colon>TPTP_Interpret.ind.
  6.1115 +                      (\<not> NUM016_5_bnd_divides X Y \<or> \<not> NUM016_5_bnd_divides Y Z) \<or>
  6.1116 +                      NUM016_5_bnd_divides X Z)) \<and>
  6.1117 +                 (\<forall>(X\<Colon>TPTP_Interpret.ind) Y\<Colon>TPTP_Interpret.ind.
  6.1118 +                     \<not> NUM016_5_bnd_divides X Y \<or> \<not> NUM016_5_bnd_less Y X)) \<and>
  6.1119 +                (\<forall>X\<Colon>TPTP_Interpret.ind.
  6.1120 +                    NUM016_5_bnd_less X (NUM016_5_bnd_factorial_plus_one X))) \<and>
  6.1121 +               (\<forall>(X\<Colon>TPTP_Interpret.ind) Y\<Colon>TPTP_Interpret.ind.
  6.1122 +                   \<not> NUM016_5_bnd_divides X (NUM016_5_bnd_factorial_plus_one Y) \<or>
  6.1123 +                   NUM016_5_bnd_less Y X)) \<and>
  6.1124 +              (\<forall>X\<Colon>TPTP_Interpret.ind.
  6.1125 +                  NUM016_5_bnd_prime X \<or>
  6.1126 +                  NUM016_5_bnd_divides (NUM016_5_bnd_prime_divisor X) X)) \<and>
  6.1127 +             (\<forall>X\<Colon>TPTP_Interpret.ind.
  6.1128 +                 NUM016_5_bnd_prime X \<or>
  6.1129 +                 NUM016_5_bnd_prime (NUM016_5_bnd_prime_divisor X))) \<and>
  6.1130 +            (\<forall>X\<Colon>TPTP_Interpret.ind.
  6.1131 +                NUM016_5_bnd_prime X \<or>
  6.1132 +                NUM016_5_bnd_less (NUM016_5_bnd_prime_divisor X) X)) \<and>
  6.1133 +           NUM016_5_bnd_prime NUM016_5_bnd_a) \<and>
  6.1134 +          (\<forall>X\<Colon>TPTP_Interpret.ind.
  6.1135 +              (\<not> NUM016_5_bnd_prime X \<or> \<not> NUM016_5_bnd_less NUM016_5_bnd_a X) \<or>
  6.1136 +              NUM016_5_bnd_less (NUM016_5_bnd_factorial_plus_one NUM016_5_bnd_a) X)) =
  6.1137 +         True \<Longrightarrow>
  6.1138 +         (\<not> (\<not> \<not> (\<not> \<not> (\<not> \<not> (\<not> \<not> (\<not> \<not> (\<not> \<not> (\<not> \<not> (\<not> \<not> (\<not> \<not> (\<not> \<not> (\<not> (\<forall>SX0\<Colon>TPTP_Interpret.ind.
  6.1139 +     \<not> NUM016_5_bnd_less SX0 SX0) \<or>
  6.1140 +                               \<not> (\<forall>(SX0\<Colon>TPTP_Interpret.ind)
  6.1141 +     SX1\<Colon>TPTP_Interpret.ind.
  6.1142 +     \<not> NUM016_5_bnd_less SX0 SX1 \<or> \<not> NUM016_5_bnd_less SX1 SX0)) \<or>
  6.1143 +                          \<not> (\<forall>SX0\<Colon>TPTP_Interpret.ind.
  6.1144 +NUM016_5_bnd_divides SX0 SX0)) \<or>
  6.1145 +                     \<not> (\<forall>(SX0\<Colon>TPTP_Interpret.ind)
  6.1146 +                           (SX1\<Colon>TPTP_Interpret.ind)
  6.1147 +                           SX2\<Colon>TPTP_Interpret.ind.
  6.1148 +                           (\<not> NUM016_5_bnd_divides SX0 SX1 \<or>
  6.1149 +                            \<not> NUM016_5_bnd_divides SX1 SX2) \<or>
  6.1150 +                           NUM016_5_bnd_divides SX0 SX2)) \<or>
  6.1151 +                \<not> (\<forall>(SX0\<Colon>TPTP_Interpret.ind)
  6.1152 +                      SX1\<Colon>TPTP_Interpret.ind.
  6.1153 +                      \<not> NUM016_5_bnd_divides SX0 SX1 \<or>
  6.1154 +                      \<not> NUM016_5_bnd_less SX1 SX0)) \<or>
  6.1155 +           \<not> (\<forall>SX0\<Colon>TPTP_Interpret.ind.
  6.1156 +                 NUM016_5_bnd_less SX0 (NUM016_5_bnd_factorial_plus_one SX0))) \<or>
  6.1157 +      \<not> (\<forall>(SX0\<Colon>TPTP_Interpret.ind) SX1\<Colon>TPTP_Interpret.ind.
  6.1158 +            \<not> NUM016_5_bnd_divides SX0 (NUM016_5_bnd_factorial_plus_one SX1) \<or>
  6.1159 +            NUM016_5_bnd_less SX1 SX0)) \<or>
  6.1160 + \<not> (\<forall>SX0\<Colon>TPTP_Interpret.ind.
  6.1161 +       NUM016_5_bnd_prime SX0 \<or>
  6.1162 +       NUM016_5_bnd_divides (NUM016_5_bnd_prime_divisor SX0) SX0)) \<or>
  6.1163 +                            \<not> (\<forall>SX0\<Colon>TPTP_Interpret.ind.
  6.1164 +  NUM016_5_bnd_prime SX0 \<or> NUM016_5_bnd_prime (NUM016_5_bnd_prime_divisor SX0))) \<or>
  6.1165 +                       \<not> (\<forall>SX0\<Colon>TPTP_Interpret.ind.
  6.1166 +                             NUM016_5_bnd_prime SX0 \<or>
  6.1167 +                             NUM016_5_bnd_less (NUM016_5_bnd_prime_divisor SX0)
  6.1168 +                              SX0)) \<or>
  6.1169 +                  \<not> NUM016_5_bnd_prime NUM016_5_bnd_a) \<or>
  6.1170 +             \<not> (\<forall>SX0\<Colon>TPTP_Interpret.ind.
  6.1171 +                   (\<not> NUM016_5_bnd_prime SX0 \<or> \<not> NUM016_5_bnd_less NUM016_5_bnd_a SX0) \<or>
  6.1172 +                   NUM016_5_bnd_less (NUM016_5_bnd_factorial_plus_one NUM016_5_bnd_a)
  6.1173 +                    SX0))) =
  6.1174 +         True"
  6.1175 +by (tactic {*unfold_def_tac @{context} []*})
  6.1176 +
  6.1177 +     (* (Annotated_step ("3", "unfold_def"), *)
  6.1178 +lemma "(~ ((((((((((((ALL X. ~ bnd_less X X) &
  6.1179 +                           (ALL X Y. ~ bnd_less X Y | ~ bnd_less Y X)) &
  6.1180 +                          (ALL X. bnd_divides X X)) &
  6.1181 +                         (ALL X Y Z.
  6.1182 +                             (~ bnd_divides X Y | ~ bnd_divides Y Z) |
  6.1183 +                             bnd_divides X Z)) &
  6.1184 +                        (ALL X Y. ~ bnd_divides X Y | ~ bnd_less Y X)) &
  6.1185 +                       (ALL X. bnd_less X (bnd_factorial_plus_one X))) &
  6.1186 +                      (ALL X Y.
  6.1187 +                          ~ bnd_divides X (bnd_factorial_plus_one Y) |
  6.1188 +                          bnd_less Y X)) &
  6.1189 +                     (ALL X. bnd_prime X | bnd_divides (bnd_prime_divisor X) X)) &
  6.1190 +                    (ALL X. bnd_prime X | bnd_prime (bnd_prime_divisor X))) &
  6.1191 +                   (ALL X. bnd_prime X | bnd_less (bnd_prime_divisor X) X)) &
  6.1192 +                  bnd_prime bnd_a) &
  6.1193 +                 (ALL X. (~ bnd_prime X | ~ bnd_less bnd_a X) |
  6.1194 +                         bnd_less (bnd_factorial_plus_one bnd_a) X))) =
  6.1195 +             False
  6.1196 +             ==> (~ ((((((((((((ALL X. ~ bnd_less X X) &
  6.1197 +                               (ALL X Y. ~ bnd_less X Y | ~ bnd_less Y X)) &
  6.1198 +                              (ALL X. bnd_divides X X)) &
  6.1199 +                             (ALL X Y Z.
  6.1200 +                                 (~ bnd_divides X Y | ~ bnd_divides Y Z) |
  6.1201 +                                 bnd_divides X Z)) &
  6.1202 +                            (ALL X Y. ~ bnd_divides X Y | ~ bnd_less Y X)) &
  6.1203 +                           (ALL X. bnd_less X (bnd_factorial_plus_one X))) &
  6.1204 +                          (ALL X Y.
  6.1205 +                              ~ bnd_divides X (bnd_factorial_plus_one Y) |
  6.1206 +                              bnd_less Y X)) &
  6.1207 +                         (ALL X. bnd_prime X |
  6.1208 +                                 bnd_divides (bnd_prime_divisor X) X)) &
  6.1209 +                        (ALL X. bnd_prime X | bnd_prime (bnd_prime_divisor X))) &
  6.1210 +                       (ALL X. bnd_prime X | bnd_less (bnd_prime_divisor X) X)) &
  6.1211 +                      bnd_prime bnd_a) &
  6.1212 +                     (ALL X. (~ bnd_prime X | ~ bnd_less bnd_a X) |
  6.1213 +                             bnd_less (bnd_factorial_plus_one bnd_a) X))) =
  6.1214 +                 False"
  6.1215 +by (tactic {*unfold_def_tac @{context} []*})
  6.1216 +
  6.1217 +(* SET062^6.p.out
  6.1218 +      [[(Annotated_step ("3", "unfold_def"), *)
  6.1219 +lemma "(\<forall>Z3. False \<longrightarrow> bnd_cA Z3) = False \<Longrightarrow>
  6.1220 +         (\<forall>Z3. False \<longrightarrow> bnd_cA Z3) = False"
  6.1221 +by (tactic {*unfold_def_tac @{context} []*})
  6.1222 +
  6.1223 +(*
  6.1224 +(* SEU559^2.p.out *)
  6.1225 +   (* [[(Annotated_step ("3", "unfold_def"), *)
  6.1226 +lemma "bnd_subset = (\<lambda>A B. \<forall>Xx. bnd_in Xx A \<longrightarrow> bnd_in Xx B) \<and>
  6.1227 +         (\<forall>A B. (\<forall>Xx. bnd_in Xx A \<longrightarrow> bnd_in Xx B) \<longrightarrow>
  6.1228 +                bnd_subset A B) =
  6.1229 +         False \<Longrightarrow>
  6.1230 +         (\<forall>SY0 SY1.
  6.1231 +             (\<forall>Xx. bnd_in Xx SY0 \<longrightarrow> bnd_in Xx SY1) \<longrightarrow>
  6.1232 +             (\<forall>SY5. bnd_in SY5 SY0 \<longrightarrow> bnd_in SY5 SY1)) =
  6.1233 +         False"
  6.1234 +by (tactic {*unfold_def_tac [@{thm bnd_subset_def}]*})
  6.1235 +
  6.1236 +(* SEU559^2.p.out
  6.1237 +    [[(Annotated_step ("6", "unfold_def"), *)
  6.1238 +lemma "(\<not> (\<exists>Xx. \<forall>Xy. Xx \<longrightarrow> Xy)) = True \<Longrightarrow>
  6.1239 +         (\<not> \<not> (\<forall>SX0. \<not> (\<forall>SX1. \<not> SX0 \<or> SX1))) = True"
  6.1240 +by (tactic {*unfold_def_tac []*})
  6.1241 +
  6.1242 +(* SEU502^2.p.out
  6.1243 +    [[(Annotated_step ("3", "unfold_def"), *)
  6.1244 +lemma "bnd_emptysetE =
  6.1245 +         (\<forall>Xx. bnd_in Xx bnd_emptyset \<longrightarrow> (\<forall>Xphi. Xphi)) \<and>
  6.1246 +         (bnd_emptysetE \<longrightarrow>
  6.1247 +          (\<forall>Xx. bnd_in Xx bnd_emptyset \<longrightarrow> False)) =
  6.1248 +         False \<Longrightarrow>
  6.1249 +         ((\<forall>Xx. bnd_in Xx bnd_emptyset \<longrightarrow> (\<forall>Xphi. Xphi)) \<longrightarrow>
  6.1250 +          (\<forall>Xx. bnd_in Xx bnd_emptyset \<longrightarrow> False)) =
  6.1251 +         False"
  6.1252 +by (tactic {*unfold_def_tac [@{thm bnd_emptysetE_def}]*})
  6.1253 +*)
  6.1254 +
  6.1255 +typedecl AGT037_2_bnd_mu
  6.1256 +consts
  6.1257 +  AGT037_2_bnd_sK1_SX0 :: TPTP_Interpret.ind
  6.1258 +  AGT037_2_bnd_cola :: AGT037_2_bnd_mu
  6.1259 +  AGT037_2_bnd_jan :: AGT037_2_bnd_mu
  6.1260 +  AGT037_2_bnd_possibly_likes :: "AGT037_2_bnd_mu \<Rightarrow> AGT037_2_bnd_mu \<Rightarrow> TPTP_Interpret.ind \<Rightarrow> bool"
  6.1261 +  AGT037_2_bnd_sK5_SY68 ::
  6.1262 +    "TPTP_Interpret.ind
  6.1263 +     \<Rightarrow> AGT037_2_bnd_mu
  6.1264 +       \<Rightarrow> AGT037_2_bnd_mu
  6.1265 +         \<Rightarrow> TPTP_Interpret.ind \<Rightarrow> TPTP_Interpret.ind"
  6.1266 +  AGT037_2_bnd_likes :: "AGT037_2_bnd_mu \<Rightarrow> AGT037_2_bnd_mu \<Rightarrow> TPTP_Interpret.ind \<Rightarrow> bool"
  6.1267 +  AGT037_2_bnd_very_much_likes :: "AGT037_2_bnd_mu \<Rightarrow> AGT037_2_bnd_mu \<Rightarrow> TPTP_Interpret.ind \<Rightarrow> bool"
  6.1268 +  AGT037_2_bnd_a1 :: "TPTP_Interpret.ind \<Rightarrow> TPTP_Interpret.ind \<Rightarrow> bool"
  6.1269 +  AGT037_2_bnd_a2 :: "TPTP_Interpret.ind \<Rightarrow> TPTP_Interpret.ind \<Rightarrow> bool"
  6.1270 +  AGT037_2_bnd_a3 :: "TPTP_Interpret.ind \<Rightarrow> TPTP_Interpret.ind \<Rightarrow> bool"
  6.1271 +
  6.1272 +(*test that nullary skolem terms are OK*)
  6.1273 +     (* (Annotated_step ("79", "extcnf_forall_neg"), *)
  6.1274 +lemma "(\<forall>SX0\<Colon>TPTP_Interpret.ind.
  6.1275 +             AGT037_2_bnd_possibly_likes AGT037_2_bnd_jan AGT037_2_bnd_cola SX0) =
  6.1276 +         False \<Longrightarrow>
  6.1277 +         AGT037_2_bnd_possibly_likes AGT037_2_bnd_jan AGT037_2_bnd_cola AGT037_2_bnd_sK1_SX0 =
  6.1278 +         False"
  6.1279 +by (tactic {*nonfull_extcnf_combined_tac @{context} [Existential_Var]*})
  6.1280 +
  6.1281 +     (* (Annotated_step ("202", "extcnf_forall_neg"), *)
  6.1282 +lemma "\<forall>(SV13\<Colon>TPTP_Interpret.ind) (SV39\<Colon>AGT037_2_bnd_mu) (SV29\<Colon>AGT037_2_bnd_mu)
  6.1283 +            SV45\<Colon>TPTP_Interpret.ind.
  6.1284 +            ((((\<forall>SY68\<Colon>TPTP_Interpret.ind.
  6.1285 +                   \<not> AGT037_2_bnd_a1 SV45 SY68 \<or>
  6.1286 +                   AGT037_2_bnd_likes SV29 SV39 SY68) =
  6.1287 +               False \<or>
  6.1288 +               (\<not> (\<forall>SY69\<Colon>TPTP_Interpret.ind.
  6.1289 +                      \<not> AGT037_2_bnd_a2 SV45 SY69 \<or>
  6.1290 +                      AGT037_2_bnd_likes SV29 SV39 SY69)) =
  6.1291 +               True) \<or>
  6.1292 +              AGT037_2_bnd_likes SV29 SV39 SV45 = False) \<or>
  6.1293 +             AGT037_2_bnd_very_much_likes SV29 SV39 SV45 = True) \<or>
  6.1294 +            AGT037_2_bnd_a3 SV13 SV45 = False \<Longrightarrow>
  6.1295 +         \<forall>(SV29\<Colon>AGT037_2_bnd_mu) (SV39\<Colon>AGT037_2_bnd_mu) (SV13\<Colon>TPTP_Interpret.ind)
  6.1296 +            SV45\<Colon>TPTP_Interpret.ind.
  6.1297 +            ((((\<not> AGT037_2_bnd_a1 SV45
  6.1298 +                   (AGT037_2_bnd_sK5_SY68 SV13 SV39 SV29 SV45) \<or>
  6.1299 +                AGT037_2_bnd_likes SV29 SV39
  6.1300 +                 (AGT037_2_bnd_sK5_SY68 SV13 SV39 SV29 SV45)) =
  6.1301 +               False \<or>
  6.1302 +               (\<not> (\<forall>SY69\<Colon>TPTP_Interpret.ind.
  6.1303 +                      \<not> AGT037_2_bnd_a2 SV45 SY69 \<or>
  6.1304 +                      AGT037_2_bnd_likes SV29 SV39 SY69)) =
  6.1305 +               True) \<or>
  6.1306 +              AGT037_2_bnd_likes SV29 SV39 SV45 = False) \<or>
  6.1307 +             AGT037_2_bnd_very_much_likes SV29 SV39 SV45 = True) \<or>
  6.1308 +            AGT037_2_bnd_a3 SV13 SV45 = False"
  6.1309 +(*
  6.1310 +apply (rule allI)+
  6.1311 +apply (erule_tac x = "SV13" in allE)
  6.1312 +apply (erule_tac x = "SV39" in allE)
  6.1313 +apply (erule_tac x = "SV29" in allE)
  6.1314 +apply (erule_tac x = "SV45" in allE)
  6.1315 +apply (erule disjE)+
  6.1316 +defer
  6.1317 +apply (tactic {*clause_breaker 1*})+
  6.1318 +apply (drule_tac sk = "bnd_sK5_SY68 SV13 SV39 SV29 SV45" in leo2_skolemise)
  6.1319 +defer
  6.1320 +apply (tactic {*clause_breaker 1*})
  6.1321 +apply (tactic {*nonfull_extcnf_combined_tac []*})
  6.1322 +*)
  6.1323 +by (tactic {*nonfull_extcnf_combined_tac @{context} [Existential_Var]*})
  6.1324 +
  6.1325 +(*(*NUM667^1*)
  6.1326 +lemma "\<forall>SV12 SV13 SV14 SV9 SV10 SV11.
  6.1327 +   ((((bnd_less SV12 SV13 = bnd_less SV11 SV10) = False \<or>
  6.1328 +      (SV14 = SV13) = False) \<or>
  6.1329 +     bnd_less SV12 SV14 = False) \<or>
  6.1330 +    bnd_less SV9 SV10 = True) \<or>
  6.1331 +   (SV9 = SV11) = False \<Longrightarrow>
  6.1332 +\<forall>SV9 SV14 SV10 SV11 SV13 SV12.
  6.1333 +   ((((bnd_less SV12 SV13 = False \<or>
  6.1334 +       bnd_less SV11 SV10 = False) \<or>
  6.1335 +      (SV14 = SV13) = False) \<or>
  6.1336 +     bnd_less SV12 SV14 = False) \<or>
  6.1337 +    bnd_less SV9 SV10 = True) \<or>
  6.1338 +   (SV9 = SV11) = False"
  6.1339 +(*
  6.1340 +apply (tactic {*
  6.1341 +  extcnf_combined_tac NONE
  6.1342 +   [ConstsDiff,
  6.1343 +    StripQuantifiers]
  6.1344 +   []*})
  6.1345 +*)
  6.1346 +(*
  6.1347 +apply (rule allI)+
  6.1348 +apply (erule_tac x = "SV12" in allE)
  6.1349 +apply (erule_tac x = "SV13" in allE)
  6.1350 +apply (erule_tac x = "SV14" in allE)
  6.1351 +apply (erule_tac x = "SV9" in allE)
  6.1352 +apply (erule_tac x = "SV10" in allE)
  6.1353 +apply (erule_tac x = "SV11" in allE)
  6.1354 +*)
  6.1355 +by (tactic {*rtac (leo2_tac @{context} (hd prob_names) "300") 1*})
  6.1356 +
  6.1357 +
  6.1358 +(*NUM667^1 node 302 -- dec*)
  6.1359 +lemma "\<forall>SV12 SV13 SV14 SV9 SV10 SV11.
  6.1360 +       ((((bnd_less SV12 SV13 = bnd_less SV11 SV10) = False \<or>
  6.1361 +          (SV14 = SV13) = False) \<or>
  6.1362 +         bnd_less SV12 SV14 = False) \<or>
  6.1363 +        bnd_less SV9 SV10 = True) \<or>
  6.1364 +       (SV9 = SV11) =
  6.1365 +       False \<Longrightarrow>
  6.1366 +       \<forall>SV9 SV14 SV10 SV13 SV11 SV12.
  6.1367 +       (((((SV12 = SV11) = False \<or> (SV13 = SV10) = False) \<or>
  6.1368 +          (SV14 = SV13) = False) \<or>
  6.1369 +         bnd_less SV12 SV14 = False) \<or>
  6.1370 +        bnd_less SV9 SV10 = True) \<or>
  6.1371 +       (SV9 = SV11) =
  6.1372 +       False"
  6.1373 +by (tactic {*rtac (leo2_tac @{context} (hd prob_names) "302") 1*})
  6.1374 +*)
  6.1375 +
  6.1376 +
  6.1377 +(*
  6.1378 +(*CSR122^2*)
  6.1379 +     (* (Annotated_step ("23", "extuni_bool2"), *)
  6.1380 +lemma "(bnd_holdsDuring_THFTYPE_IiooI
  6.1381 +           (bnd_lYearFn_THFTYPE_IiiI bnd_n2009_THFTYPE_i)
  6.1382 +           (\<not> (\<not> bnd_likes_THFTYPE_IiioI bnd_lMary_THFTYPE_i
  6.1383 +                  bnd_lBill_THFTYPE_i \<or>
  6.1384 +               \<not> bnd_likes_THFTYPE_IiioI bnd_lSue_THFTYPE_i
  6.1385 +                  bnd_lBill_THFTYPE_i)) =
  6.1386 +          bnd_likes_THFTYPE_IiioI bnd_lSue_THFTYPE_i
  6.1387 +           bnd_lBill_THFTYPE_i) =
  6.1388 +         False \<Longrightarrow>
  6.1389 +         bnd_holdsDuring_THFTYPE_IiooI
  6.1390 +          (bnd_lYearFn_THFTYPE_IiiI bnd_n2009_THFTYPE_i)
  6.1391 +          (\<not> (\<not> bnd_likes_THFTYPE_IiioI bnd_lMary_THFTYPE_i
  6.1392 +                 bnd_lBill_THFTYPE_i \<or>
  6.1393 +              \<not> bnd_likes_THFTYPE_IiioI bnd_lSue_THFTYPE_i
  6.1394 +                 bnd_lBill_THFTYPE_i)) =
  6.1395 +         True \<or>
  6.1396 +         bnd_likes_THFTYPE_IiioI bnd_lSue_THFTYPE_i
  6.1397 +          bnd_lBill_THFTYPE_i =
  6.1398 +         True"
  6.1399 +(* apply (erule extuni_bool2) *)
  6.1400 +(* done *)
  6.1401 +by (tactic {*rtac (leo2_tac @{context} (hd prob_names) "23") 1*})
  6.1402 +
  6.1403 +     (* (Annotated_step ("24", "extuni_bool1"), *)
  6.1404 +lemma "(bnd_holdsDuring_THFTYPE_IiooI
  6.1405 +           (bnd_lYearFn_THFTYPE_IiiI bnd_n2009_THFTYPE_i)
  6.1406 +           (\<not> (\<not> bnd_likes_THFTYPE_IiioI bnd_lMary_THFTYPE_i
  6.1407 +                  bnd_lBill_THFTYPE_i \<or>
  6.1408 +               \<not> bnd_likes_THFTYPE_IiioI bnd_lSue_THFTYPE_i
  6.1409 +                  bnd_lBill_THFTYPE_i)) =
  6.1410 +          bnd_likes_THFTYPE_IiioI bnd_lMary_THFTYPE_i
  6.1411 +           bnd_lBill_THFTYPE_i) =
  6.1412 +         False \<Longrightarrow>
  6.1413 +         bnd_holdsDuring_THFTYPE_IiooI
  6.1414 +          (bnd_lYearFn_THFTYPE_IiiI bnd_n2009_THFTYPE_i)
  6.1415 +          (\<not> (\<not> bnd_likes_THFTYPE_IiioI bnd_lMary_THFTYPE_i
  6.1416 +                 bnd_lBill_THFTYPE_i \<or>
  6.1417 +              \<not> bnd_likes_THFTYPE_IiioI bnd_lSue_THFTYPE_i
  6.1418 +                 bnd_lBill_THFTYPE_i)) =
  6.1419 +         False \<or>
  6.1420 +         bnd_likes_THFTYPE_IiioI bnd_lMary_THFTYPE_i
  6.1421 +          bnd_lBill_THFTYPE_i =
  6.1422 +         False"
  6.1423 +(* apply (erule extuni_bool1) *)
  6.1424 +(* done *)
  6.1425 +by (tactic {*rtac (leo2_tac @{context} (hd prob_names) "24") 1*})
  6.1426 +
  6.1427 +     (* (Annotated_step ("25", "extuni_bool2"), *)
  6.1428 +lemma "(bnd_holdsDuring_THFTYPE_IiooI
  6.1429 +           (bnd_lYearFn_THFTYPE_IiiI bnd_n2009_THFTYPE_i)
  6.1430 +           (\<not> (\<not> bnd_likes_THFTYPE_IiioI bnd_lMary_THFTYPE_i
  6.1431 +                  bnd_lBill_THFTYPE_i \<or>
  6.1432 +               \<not> bnd_likes_THFTYPE_IiioI bnd_lSue_THFTYPE_i
  6.1433 +                  bnd_lBill_THFTYPE_i)) =
  6.1434 +          bnd_likes_THFTYPE_IiioI bnd_lMary_THFTYPE_i
  6.1435 +           bnd_lBill_THFTYPE_i) =
  6.1436 +         False \<Longrightarrow>
  6.1437 +         bnd_holdsDuring_THFTYPE_IiooI
  6.1438 +          (bnd_lYearFn_THFTYPE_IiiI bnd_n2009_THFTYPE_i)
  6.1439 +          (\<not> (\<not> bnd_likes_THFTYPE_IiioI bnd_lMary_THFTYPE_i
  6.1440 +                 bnd_lBill_THFTYPE_i \<or>
  6.1441 +              \<not> bnd_likes_THFTYPE_IiioI bnd_lSue_THFTYPE_i
  6.1442 +                 bnd_lBill_THFTYPE_i)) =
  6.1443 +         True \<or>
  6.1444 +         bnd_likes_THFTYPE_IiioI bnd_lMary_THFTYPE_i
  6.1445 +          bnd_lBill_THFTYPE_i =
  6.1446 +         True"
  6.1447 +(* apply (erule extuni_bool2) *)
  6.1448 +(* done *)
  6.1449 +by (tactic {*rtac (leo2_tac @{context} (hd prob_names) "25") 1*})
  6.1450 +
  6.1451 +     (* (Annotated_step ("26", "extuni_bool1"), *)
  6.1452 +lemma "\<forall>SV2. (bnd_holdsDuring_THFTYPE_IiooI
  6.1453 +                 (bnd_lYearFn_THFTYPE_IiiI bnd_n2009_THFTYPE_i)
  6.1454 +                 (\<not> (\<not> bnd_likes_THFTYPE_IiioI
  6.1455 +                        bnd_lMary_THFTYPE_i
  6.1456 +                        bnd_lBill_THFTYPE_i \<or>
  6.1457 +                     \<not> bnd_likes_THFTYPE_IiioI
  6.1458 +                        bnd_lSue_THFTYPE_i
  6.1459 +                        bnd_lBill_THFTYPE_i)) =
  6.1460 +                bnd_holdsDuring_THFTYPE_IiooI SV2 True) =
  6.1461 +               False \<Longrightarrow>
  6.1462 +         \<forall>SV2. bnd_holdsDuring_THFTYPE_IiooI
  6.1463 +                (bnd_lYearFn_THFTYPE_IiiI bnd_n2009_THFTYPE_i)
  6.1464 +                (\<not> (\<not> bnd_likes_THFTYPE_IiioI
  6.1465 +                       bnd_lMary_THFTYPE_i bnd_lBill_THFTYPE_i \<or>
  6.1466 +                    \<not> bnd_likes_THFTYPE_IiioI bnd_lSue_THFTYPE_i
  6.1467 +                       bnd_lBill_THFTYPE_i)) =
  6.1468 +               False \<or>
  6.1469 +               bnd_holdsDuring_THFTYPE_IiooI SV2 True = False"
  6.1470 +(* apply (rule allI, erule allE) *)
  6.1471 +(* apply (erule extuni_bool1) *)
  6.1472 +(* done *)
  6.1473 +by (tactic {*rtac (leo2_tac @{context} (hd prob_names) "26") 1*})
  6.1474 +
  6.1475 +     (* (Annotated_step ("27", "extuni_bool2"), *)
  6.1476 +lemma "\<forall>SV2. (bnd_holdsDuring_THFTYPE_IiooI
  6.1477 +                 (bnd_lYearFn_THFTYPE_IiiI bnd_n2009_THFTYPE_i)
  6.1478 +                 (\<not> (\<not> bnd_likes_THFTYPE_IiioI
  6.1479 +                        bnd_lMary_THFTYPE_i
  6.1480 +                        bnd_lBill_THFTYPE_i \<or>
  6.1481 +                     \<not> bnd_likes_THFTYPE_IiioI
  6.1482 +                        bnd_lSue_THFTYPE_i
  6.1483 +                        bnd_lBill_THFTYPE_i)) =
  6.1484 +                bnd_holdsDuring_THFTYPE_IiooI SV2 True) =
  6.1485 +               False \<Longrightarrow>
  6.1486 +         \<forall>SV2. bnd_holdsDuring_THFTYPE_IiooI
  6.1487 +                (bnd_lYearFn_THFTYPE_IiiI bnd_n2009_THFTYPE_i)
  6.1488 +                (\<not> (\<not> bnd_likes_THFTYPE_IiioI
  6.1489 +                       bnd_lMary_THFTYPE_i bnd_lBill_THFTYPE_i \<or>
  6.1490 +                    \<not> bnd_likes_THFTYPE_IiioI bnd_lSue_THFTYPE_i
  6.1491 +                       bnd_lBill_THFTYPE_i)) =
  6.1492 +               True \<or>
  6.1493 +               bnd_holdsDuring_THFTYPE_IiooI SV2 True = True"
  6.1494 +(* apply (rule allI, erule allE) *)
  6.1495 +(* apply (erule extuni_bool2) *)
  6.1496 +(* done *)
  6.1497 +by (tactic {*rtac (leo2_tac @{context} (hd prob_names) "27") 1*})
  6.1498 +
  6.1499 +     (* (Annotated_step ("30", "extuni_bool1"), *)
  6.1500 +lemma "((\<not> (\<not> bnd_likes_THFTYPE_IiioI bnd_lMary_THFTYPE_i
  6.1501 +                 bnd_lBill_THFTYPE_i \<or>
  6.1502 +              \<not> bnd_likes_THFTYPE_IiioI bnd_lSue_THFTYPE_i
  6.1503 +                 bnd_lBill_THFTYPE_i)) =
  6.1504 +          True) =
  6.1505 +         False \<Longrightarrow>
  6.1506 +         (\<not> (\<not> bnd_likes_THFTYPE_IiioI bnd_lMary_THFTYPE_i
  6.1507 +                bnd_lBill_THFTYPE_i \<or>
  6.1508 +             \<not> bnd_likes_THFTYPE_IiioI bnd_lSue_THFTYPE_i
  6.1509 +                bnd_lBill_THFTYPE_i)) =
  6.1510 +         False \<or>
  6.1511 +         True = False"
  6.1512 +(* apply (erule extuni_bool1) *)
  6.1513 +(* done *)
  6.1514 +by (tactic {*rtac (leo2_tac @{context} (hd prob_names) "30") 1*})
  6.1515 +
  6.1516 +     (* (Annotated_step ("29", "extuni_bind"), *)
  6.1517 +lemma "(bnd_lYearFn_THFTYPE_IiiI bnd_n2009_THFTYPE_i =
  6.1518 +          bnd_lYearFn_THFTYPE_IiiI bnd_n2009_THFTYPE_i) =
  6.1519 +         False \<or>
  6.1520 +         ((\<not> (\<not> bnd_likes_THFTYPE_IiioI bnd_lMary_THFTYPE_i
  6.1521 +                 bnd_lBill_THFTYPE_i \<or>
  6.1522 +              \<not> bnd_likes_THFTYPE_IiioI bnd_lSue_THFTYPE_i
  6.1523 +                 bnd_lBill_THFTYPE_i)) =
  6.1524 +          True) =
  6.1525 +         False \<Longrightarrow>
  6.1526 +         ((\<not> (\<not> bnd_likes_THFTYPE_IiioI bnd_lMary_THFTYPE_i
  6.1527 +                 bnd_lBill_THFTYPE_i \<or>
  6.1528 +              \<not> bnd_likes_THFTYPE_IiioI bnd_lSue_THFTYPE_i
  6.1529 +                 bnd_lBill_THFTYPE_i)) =
  6.1530 +          True) =
  6.1531 +         False"
  6.1532 +(* apply (tactic {*break_hypotheses 1*}) *)
  6.1533 +(* apply (erule extuni_bind) *)
  6.1534 +(* apply (tactic {*clause_breaker 1*}) *)
  6.1535 +(* done *)
  6.1536 +by (tactic {*rtac (leo2_tac @{context} (hd prob_names) "29") 1*})
  6.1537 +
  6.1538 +     (* (Annotated_step ("28", "extuni_dec"), *)
  6.1539 +lemma "\<forall>SV2. (bnd_holdsDuring_THFTYPE_IiooI
  6.1540 +                 (bnd_lYearFn_THFTYPE_IiiI bnd_n2009_THFTYPE_i)
  6.1541 +                 (\<not> (\<not> bnd_likes_THFTYPE_IiioI
  6.1542 +                        bnd_lMary_THFTYPE_i
  6.1543 +                        bnd_lBill_THFTYPE_i \<or>
  6.1544 +                     \<not> bnd_likes_THFTYPE_IiioI
  6.1545 +                        bnd_lSue_THFTYPE_i
  6.1546 +                        bnd_lBill_THFTYPE_i)) =
  6.1547 +                bnd_holdsDuring_THFTYPE_IiooI SV2 True) =
  6.1548 +               False \<Longrightarrow>
  6.1549 +         \<forall>SV2. (bnd_lYearFn_THFTYPE_IiiI bnd_n2009_THFTYPE_i =
  6.1550 +                SV2) =
  6.1551 +               False \<or>
  6.1552 +               ((\<not> (\<not> bnd_likes_THFTYPE_IiioI
  6.1553 +                       bnd_lMary_THFTYPE_i bnd_lBill_THFTYPE_i \<or>
  6.1554 +                    \<not> bnd_likes_THFTYPE_IiioI bnd_lSue_THFTYPE_i
  6.1555 +                       bnd_lBill_THFTYPE_i)) =
  6.1556 +                True) =
  6.1557 +               False"
  6.1558 +(* apply (rule allI) *)
  6.1559 +(* apply (erule_tac x = "SV2" in allE) *)
  6.1560 +(* apply (erule extuni_dec_2) *)
  6.1561 +(* done *)
  6.1562 +by (tactic {*rtac (leo2_tac @{context} (hd prob_names) "28") 1*})
  6.1563 +*)
  6.1564 +
  6.1565 +(* QUA002^1
  6.1566 +   (* [[(Annotated_step ("49", "extuni_dec"), *)
  6.1567 +lemma "((bnd_sK3_E = bnd_sK1_X1 \<or> bnd_sK3_E = bnd_sK2_X2) =
  6.1568 +          (bnd_sK3_E = bnd_sK2_X2 \<or> bnd_sK3_E = bnd_sK1_X1)) =
  6.1569 +         False \<Longrightarrow>
  6.1570 +         ((bnd_sK3_E = bnd_sK2_X2) = (bnd_sK3_E = bnd_sK2_X2)) =
  6.1571 +         False \<or>
  6.1572 +         ((bnd_sK3_E = bnd_sK1_X1) = (bnd_sK3_E = bnd_sK1_X1)) =
  6.1573 +         False"
  6.1574 +by (tactic {*rtac (leo2_tac @{context} (hd prob_names) "49") 1*})
  6.1575 +
  6.1576 +     (* (Annotated_step ("20", "unfold_def"), *)
  6.1577 +lemma "(bnd_addition bnd_sK1_X1 bnd_sK2_X2 \<noteq>
  6.1578 +          bnd_addition bnd_sK2_X2 bnd_sK1_X1) =
  6.1579 +         True \<Longrightarrow>
  6.1580 +         (bnd_sup
  6.1581 +           (\<lambda>SX0\<Colon>TPTP_Interpret.ind.
  6.1582 +               SX0 = bnd_sK1_X1 \<or> SX0 = bnd_sK2_X2) \<noteq>
  6.1583 +          bnd_sup
  6.1584 +           (\<lambda>SX0\<Colon>TPTP_Interpret.ind.
  6.1585 +               SX0 = bnd_sK2_X2 \<or> SX0 = bnd_sK1_X1)) =
  6.1586 +         True"
  6.1587 +by (tactic {*rtac (leo2_tac @{context} (hd prob_names) "20") 1*})
  6.1588 +*)
  6.1589 +
  6.1590 +(*
  6.1591 +(*SEU620^2*)
  6.1592 +     (* (Annotated_step ("11", "unfold_def"), *)
  6.1593 +lemma "bnd_kpairiskpair =
  6.1594 +         (\<forall>Xx Xy.
  6.1595 +             bnd_iskpair
  6.1596 +              (bnd_setadjoin (bnd_setadjoin Xx bnd_emptyset)
  6.1597 +                (bnd_setadjoin
  6.1598 +                  (bnd_setadjoin Xx
  6.1599 +                    (bnd_setadjoin Xy bnd_emptyset))
  6.1600 +                  bnd_emptyset))) \<and>
  6.1601 +         bnd_kpair =
  6.1602 +         (\<lambda>Xx Xy.
  6.1603 +             bnd_setadjoin (bnd_setadjoin Xx bnd_emptyset)
  6.1604 +              (bnd_setadjoin
  6.1605 +                (bnd_setadjoin Xx
  6.1606 +                  (bnd_setadjoin Xy bnd_emptyset))
  6.1607 +                bnd_emptyset)) \<and>
  6.1608 +         bnd_iskpair =
  6.1609 +         (\<lambda>A. \<exists>Xx. bnd_in Xx (bnd_setunion A) \<and>
  6.1610 +                   (\<exists>Xy. bnd_in Xy (bnd_setunion A) \<and>
  6.1611 +                         A =
  6.1612 +                         bnd_setadjoin
  6.1613 +                          (bnd_setadjoin Xx bnd_emptyset)
  6.1614 +                          (bnd_setadjoin
  6.1615 +                            (bnd_setadjoin Xx
  6.1616 +                              (bnd_setadjoin Xy bnd_emptyset))
  6.1617 +                            bnd_emptyset))) \<and>
  6.1618 +         (\<forall>SY5 SY6.
  6.1619 +             (bnd_setadjoin (bnd_setadjoin SY5 bnd_emptyset)
  6.1620 +               (bnd_setadjoin
  6.1621 +                 (bnd_setadjoin SY5
  6.1622 +                   (bnd_setadjoin SY6 bnd_emptyset))
  6.1623 +                 bnd_emptyset) =
  6.1624 +              bnd_setadjoin
  6.1625 +               (bnd_setadjoin (bnd_sK3 SY6 SY5) bnd_emptyset)
  6.1626 +               (bnd_setadjoin
  6.1627 +                 (bnd_setadjoin (bnd_sK3 SY6 SY5)
  6.1628 +                   (bnd_setadjoin (bnd_sK4 SY6 SY5)
  6.1629 +                     bnd_emptyset))
  6.1630 +                 bnd_emptyset) \<and>
  6.1631 +              bnd_in (bnd_sK4 SY6 SY5)
  6.1632 +               (bnd_setunion
  6.1633 +                 (bnd_setadjoin (bnd_setadjoin SY5 bnd_emptyset)
  6.1634 +                   (bnd_setadjoin
  6.1635 +                     (bnd_setadjoin SY5
  6.1636 +                       (bnd_setadjoin SY6 bnd_emptyset))
  6.1637 +                     bnd_emptyset)))) \<and>
  6.1638 +             bnd_in (bnd_sK3 SY6 SY5)
  6.1639 +              (bnd_setunion
  6.1640 +                (bnd_setadjoin (bnd_setadjoin SY5 bnd_emptyset)
  6.1641 +                  (bnd_setadjoin
  6.1642 +                    (bnd_setadjoin SY5
  6.1643 +                      (bnd_setadjoin SY6 bnd_emptyset))
  6.1644 +                    bnd_emptyset)))) =
  6.1645 +         True \<Longrightarrow>
  6.1646 +         (\<forall>SX0 SX1.
  6.1647 +             \<not> (\<not> \<not> (bnd_setadjoin
  6.1648 +                      (bnd_setadjoin SX0 bnd_emptyset)
  6.1649 +                      (bnd_setadjoin
  6.1650 +                        (bnd_setadjoin SX0
  6.1651 +                          (bnd_setadjoin SX1 bnd_emptyset))
  6.1652 +                        bnd_emptyset) \<noteq>
  6.1653 +                     bnd_setadjoin
  6.1654 +                      (bnd_setadjoin (bnd_sK3 SX1 SX0)
  6.1655 +                        bnd_emptyset)
  6.1656 +                      (bnd_setadjoin
  6.1657 +                        (bnd_setadjoin (bnd_sK3 SX1 SX0)
  6.1658 +                          (bnd_setadjoin (bnd_sK4 SX1 SX0)
  6.1659 +                            bnd_emptyset))
  6.1660 +                        bnd_emptyset) \<or>
  6.1661 +                     \<not> bnd_in (bnd_sK4 SX1 SX0)
  6.1662 +                        (bnd_setunion
  6.1663 +                          (bnd_setadjoin
  6.1664 +                            (bnd_setadjoin SX0 bnd_emptyset)
  6.1665 +                            (bnd_setadjoin
  6.1666 +                              (bnd_setadjoin SX0
  6.1667 +(bnd_setadjoin SX1 bnd_emptyset))
  6.1668 +                              bnd_emptyset)))) \<or>
  6.1669 +                \<not> bnd_in (bnd_sK3 SX1 SX0)
  6.1670 +                   (bnd_setunion
  6.1671 +                     (bnd_setadjoin
  6.1672 +                       (bnd_setadjoin SX0 bnd_emptyset)
  6.1673 +                       (bnd_setadjoin
  6.1674 +                         (bnd_setadjoin SX0
  6.1675 +                           (bnd_setadjoin SX1 bnd_emptyset))
  6.1676 +                         bnd_emptyset))))) =
  6.1677 +         True"
  6.1678 +by (tactic {*rtac (leo2_tac @{context} (hd prob_names) "11") 1*})
  6.1679 +
  6.1680 +     (* (Annotated_step ("3", "unfold_def"), *)
  6.1681 +lemma "bnd_kpairiskpair =
  6.1682 +         (\<forall>Xx Xy.
  6.1683 +             bnd_iskpair
  6.1684 +              (bnd_setadjoin (bnd_setadjoin Xx bnd_emptyset)
  6.1685 +                (bnd_setadjoin
  6.1686 +                  (bnd_setadjoin Xx
  6.1687 +                    (bnd_setadjoin Xy bnd_emptyset))
  6.1688 +                  bnd_emptyset))) \<and>
  6.1689 +         bnd_kpair =
  6.1690 +         (\<lambda>Xx Xy.
  6.1691 +             bnd_setadjoin (bnd_setadjoin Xx bnd_emptyset)
  6.1692 +              (bnd_setadjoin
  6.1693 +                (bnd_setadjoin Xx
  6.1694 +                  (bnd_setadjoin Xy bnd_emptyset))
  6.1695 +                bnd_emptyset)) \<and>
  6.1696 +         bnd_iskpair =
  6.1697 +         (\<lambda>A. \<exists>Xx. bnd_in Xx (bnd_setunion A) \<and>
  6.1698 +                   (\<exists>Xy. bnd_in Xy (bnd_setunion A) \<and>
  6.1699 +                         A =
  6.1700 +                         bnd_setadjoin
  6.1701 +                          (bnd_setadjoin Xx bnd_emptyset)
  6.1702 +                          (bnd_setadjoin
  6.1703 +                            (bnd_setadjoin Xx
  6.1704 +                              (bnd_setadjoin Xy bnd_emptyset))
  6.1705 +                            bnd_emptyset))) \<and>
  6.1706 +         (bnd_kpairiskpair \<longrightarrow>
  6.1707 +          (\<forall>Xx Xy. bnd_iskpair (bnd_kpair Xx Xy))) =
  6.1708 +         False \<Longrightarrow>
  6.1709 +         ((\<forall>SY5 SY6.
  6.1710 +              \<exists>SY7. bnd_in SY7
  6.1711 +                     (bnd_setunion
  6.1712 +                       (bnd_setadjoin
  6.1713 +                         (bnd_setadjoin SY5 bnd_emptyset)
  6.1714 +                         (bnd_setadjoin
  6.1715 +                           (bnd_setadjoin SY5
  6.1716 +                             (bnd_setadjoin SY6 bnd_emptyset))
  6.1717 +                           bnd_emptyset))) \<and>
  6.1718 +                    (\<exists>SY8. bnd_in SY8
  6.1719 +                            (bnd_setunion
  6.1720 +                              (bnd_setadjoin
  6.1721 +(bnd_setadjoin SY5 bnd_emptyset)
  6.1722 +(bnd_setadjoin
  6.1723 +  (bnd_setadjoin SY5 (bnd_setadjoin SY6 bnd_emptyset))
  6.1724 +  bnd_emptyset))) \<and>
  6.1725 +                           bnd_setadjoin
  6.1726 +                            (bnd_setadjoin SY5 bnd_emptyset)
  6.1727 +                            (bnd_setadjoin
  6.1728 +                              (bnd_setadjoin SY5
  6.1729 +(bnd_setadjoin SY6 bnd_emptyset))
  6.1730 +                              bnd_emptyset) =
  6.1731 +                           bnd_setadjoin
  6.1732 +                            (bnd_setadjoin SY7 bnd_emptyset)
  6.1733 +                            (bnd_setadjoin
  6.1734 +                              (bnd_setadjoin SY7
  6.1735 +(bnd_setadjoin SY8 bnd_emptyset))
  6.1736 +                              bnd_emptyset))) \<longrightarrow>
  6.1737 +          (\<forall>SY0 SY1.
  6.1738 +              \<exists>SY3. bnd_in SY3
  6.1739 +                     (bnd_setunion
  6.1740 +                       (bnd_setadjoin
  6.1741 +                         (bnd_setadjoin SY0 bnd_emptyset)
  6.1742 +                         (bnd_setadjoin
  6.1743 +                           (bnd_setadjoin SY0
  6.1744 +                             (bnd_setadjoin SY1 bnd_emptyset))
  6.1745 +                           bnd_emptyset))) \<and>
  6.1746 +                    (\<exists>SY4. bnd_in SY4
  6.1747 +                            (bnd_setunion
  6.1748 +                              (bnd_setadjoin
  6.1749 +(bnd_setadjoin SY0 bnd_emptyset)
  6.1750 +(bnd_setadjoin
  6.1751 +  (bnd_setadjoin SY0 (bnd_setadjoin SY1 bnd_emptyset))
  6.1752 +  bnd_emptyset))) \<and>
  6.1753 +                           bnd_setadjoin
  6.1754 +                            (bnd_setadjoin SY0 bnd_emptyset)
  6.1755 +                            (bnd_setadjoin
  6.1756 +                              (bnd_setadjoin SY0
  6.1757 +(bnd_setadjoin SY1 bnd_emptyset))
  6.1758 +                              bnd_emptyset) =
  6.1759 +                           bnd_setadjoin
  6.1760 +                            (bnd_setadjoin SY3 bnd_emptyset)
  6.1761 +                            (bnd_setadjoin
  6.1762 +                              (bnd_setadjoin SY3
  6.1763 +(bnd_setadjoin SY4 bnd_emptyset))
  6.1764 +                              bnd_emptyset)))) =
  6.1765 +         False"
  6.1766 +by (tactic {*rtac (leo2_tac @{context} (hd prob_names) "3") 1*})
  6.1767 +
  6.1768 +     (* (Annotated_step ("8", "extcnf_combined"), *)
  6.1769 +lemma "(\<forall>SY5 SY6.
  6.1770 +             \<exists>SY7. bnd_in SY7
  6.1771 +                    (bnd_setunion
  6.1772 +                      (bnd_setadjoin
  6.1773 +                        (bnd_setadjoin SY5 bnd_emptyset)
  6.1774 +                        (bnd_setadjoin
  6.1775 +                          (bnd_setadjoin SY5
  6.1776 +                            (bnd_setadjoin SY6 bnd_emptyset))
  6.1777 +                          bnd_emptyset))) \<and>
  6.1778 +                   (\<exists>SY8. bnd_in SY8
  6.1779 +                           (bnd_setunion
  6.1780 +                             (bnd_setadjoin
  6.1781 +                               (bnd_setadjoin SY5 bnd_emptyset)
  6.1782 +                               (bnd_setadjoin
  6.1783 + (bnd_setadjoin SY5 (bnd_setadjoin SY6 bnd_emptyset))
  6.1784 + bnd_emptyset))) \<and>
  6.1785 +                          bnd_setadjoin
  6.1786 +                           (bnd_setadjoin SY5 bnd_emptyset)
  6.1787 +                           (bnd_setadjoin
  6.1788 +                             (bnd_setadjoin SY5
  6.1789 +                               (bnd_setadjoin SY6 bnd_emptyset))
  6.1790 +                             bnd_emptyset) =
  6.1791 +                          bnd_setadjoin
  6.1792 +                           (bnd_setadjoin SY7 bnd_emptyset)
  6.1793 +                           (bnd_setadjoin
  6.1794 +                             (bnd_setadjoin SY7
  6.1795 +                               (bnd_setadjoin SY8 bnd_emptyset))
  6.1796 +                             bnd_emptyset))) =
  6.1797 +         True \<Longrightarrow>
  6.1798 +         (\<forall>SY5 SY6.
  6.1799 +             (bnd_setadjoin (bnd_setadjoin SY5 bnd_emptyset)
  6.1800 +               (bnd_setadjoin
  6.1801 +                 (bnd_setadjoin SY5
  6.1802 +                   (bnd_setadjoin SY6 bnd_emptyset))
  6.1803 +                 bnd_emptyset) =
  6.1804 +              bnd_setadjoin
  6.1805 +               (bnd_setadjoin (bnd_sK3 SY6 SY5) bnd_emptyset)
  6.1806 +               (bnd_setadjoin
  6.1807 +                 (bnd_setadjoin (bnd_sK3 SY6 SY5)
  6.1808 +                   (bnd_setadjoin (bnd_sK4 SY6 SY5)
  6.1809 +                     bnd_emptyset))
  6.1810 +                 bnd_emptyset) \<and>
  6.1811 +              bnd_in (bnd_sK4 SY6 SY5)
  6.1812 +               (bnd_setunion
  6.1813 +                 (bnd_setadjoin (bnd_setadjoin SY5 bnd_emptyset)
  6.1814 +                   (bnd_setadjoin
  6.1815 +                     (bnd_setadjoin SY5
  6.1816 +                       (bnd_setadjoin SY6 bnd_emptyset))
  6.1817 +                     bnd_emptyset)))) \<and>
  6.1818 +             bnd_in (bnd_sK3 SY6 SY5)
  6.1819 +              (bnd_setunion
  6.1820 +                (bnd_setadjoin (bnd_setadjoin SY5 bnd_emptyset)
  6.1821 +                  (bnd_setadjoin
  6.1822 +                    (bnd_setadjoin SY5
  6.1823 +                      (bnd_setadjoin SY6 bnd_emptyset))
  6.1824 +                    bnd_emptyset)))) =
  6.1825 +         True"
  6.1826 +by (tactic {*
  6.1827 +HEADGOAL (extcnf_combined_tac Full false (hd prob_names))
  6.1828 +*})
  6.1829 +
  6.1830 +     (* (Annotated_step ("7", "extcnf_combined"), *)
  6.1831 +lemma "(\<not> (\<forall>SY0 SY1.
  6.1832 +                \<exists>SY3. bnd_in SY3
  6.1833 +                       (bnd_setunion
  6.1834 +                         (bnd_setadjoin
  6.1835 +                           (bnd_setadjoin SY0 bnd_emptyset)
  6.1836 +                           (bnd_setadjoin
  6.1837 +                             (bnd_setadjoin SY0
  6.1838 +                               (bnd_setadjoin SY1 bnd_emptyset))
  6.1839 +                             bnd_emptyset))) \<and>
  6.1840 +                      (\<exists>SY4. bnd_in SY4
  6.1841 +                              (bnd_setunion
  6.1842 +(bnd_setadjoin (bnd_setadjoin SY0 bnd_emptyset)
  6.1843 +  (bnd_setadjoin
  6.1844 +    (bnd_setadjoin SY0 (bnd_setadjoin SY1 bnd_emptyset))
  6.1845 +    bnd_emptyset))) \<and>
  6.1846 +                             bnd_setadjoin
  6.1847 +                              (bnd_setadjoin SY0 bnd_emptyset)
  6.1848 +                              (bnd_setadjoin
  6.1849 +(bnd_setadjoin SY0 (bnd_setadjoin SY1 bnd_emptyset))
  6.1850 +bnd_emptyset) =
  6.1851 +                             bnd_setadjoin
  6.1852 +                              (bnd_setadjoin SY3 bnd_emptyset)
  6.1853 +                              (bnd_setadjoin
  6.1854 +(bnd_setadjoin SY3 (bnd_setadjoin SY4 bnd_emptyset))
  6.1855 +bnd_emptyset)))) =
  6.1856 +         True \<Longrightarrow>
  6.1857 +         (\<forall>SY24.
  6.1858 +             (\<forall>SY25.
  6.1859 +                 bnd_setadjoin
  6.1860 +                  (bnd_setadjoin bnd_sK1 bnd_emptyset)
  6.1861 +                  (bnd_setadjoin
  6.1862 +                    (bnd_setadjoin bnd_sK1
  6.1863 +                      (bnd_setadjoin bnd_sK2 bnd_emptyset))
  6.1864 +                    bnd_emptyset) \<noteq>
  6.1865 +                 bnd_setadjoin (bnd_setadjoin SY24 bnd_emptyset)
  6.1866 +                  (bnd_setadjoin
  6.1867 +                    (bnd_setadjoin SY24
  6.1868 +                      (bnd_setadjoin SY25 bnd_emptyset))
  6.1869 +                    bnd_emptyset) \<or>
  6.1870 +                 \<not> bnd_in SY25
  6.1871 +                    (bnd_setunion
  6.1872 +                      (bnd_setadjoin
  6.1873 +                        (bnd_setadjoin bnd_sK1 bnd_emptyset)
  6.1874 +                        (bnd_setadjoin
  6.1875 +                          (bnd_setadjoin bnd_sK1
  6.1876 +                            (bnd_setadjoin bnd_sK2
  6.1877 +                              bnd_emptyset))
  6.1878 +                          bnd_emptyset)))) \<or>
  6.1879 +             \<not> bnd_in SY24
  6.1880 +                (bnd_setunion
  6.1881 +                  (bnd_setadjoin
  6.1882 +                    (bnd_setadjoin bnd_sK1 bnd_emptyset)
  6.1883 +                    (bnd_setadjoin
  6.1884 +                      (bnd_setadjoin bnd_sK1
  6.1885 +                        (bnd_setadjoin bnd_sK2 bnd_emptyset))
  6.1886 +                      bnd_emptyset)))) =
  6.1887 +         True"
  6.1888 +by (tactic {*HEADGOAL (extcnf_combined_tac Full false (hd prob_names))*})
  6.1889 +*)
  6.1890 +
  6.1891 +(*PUZ081^2*)
  6.1892 +(*
  6.1893 +     (* (Annotated_step ("9", "unfold_def"), *)
  6.1894 +lemma "bnd_says bnd_mel
  6.1895 +          (\<not> bnd_knave bnd_zoey \<and> \<not> bnd_knave bnd_mel) \<Longrightarrow>
  6.1896 +         bnd_says bnd_mel
  6.1897 +          (\<not> bnd_knave bnd_zoey \<and> \<not> bnd_knave bnd_mel) =
  6.1898 +         True"
  6.1899 +by (tactic {*rtac (leo2_tac @{context} (hd prob_names) "9") 1*})
  6.1900 +
  6.1901 +     (* (Annotated_step ("10", "unfold_def"), *)
  6.1902 +lemma "bnd_says bnd_zoey (bnd_knave bnd_mel) \<Longrightarrow>
  6.1903 +         bnd_says bnd_zoey (bnd_knave bnd_mel) = True"
  6.1904 +by (tactic {*rtac (leo2_tac @{context} (hd prob_names) "10") 1*})
  6.1905 +
  6.1906 +     (* (Annotated_step ("11", "unfold_def"), *)
  6.1907 +lemma "\<forall>P S. bnd_knave P \<and> bnd_says P S \<longrightarrow> \<not> S \<Longrightarrow>
  6.1908 +         (\<forall>P S. bnd_knave P \<and> bnd_says P S \<longrightarrow> \<not> S) = True"
  6.1909 +by (tactic {*rtac (leo2_tac @{context} (hd prob_names) "11") 1*})
  6.1910 +
  6.1911 +     (* (Annotated_step ("12", "unfold_def"), *)
  6.1912 +lemma "\<forall>P S. bnd_knight P \<and> bnd_says P S \<longrightarrow> S \<Longrightarrow>
  6.1913 +         (\<forall>P S. bnd_knight P \<and> bnd_says P S \<longrightarrow> S) = True"
  6.1914 +by (tactic {*rtac (leo2_tac @{context} (hd prob_names) "12") 1*})
  6.1915 +
  6.1916 +     (* (Annotated_step ("13", "unfold_def"), *)
  6.1917 +lemma "\<forall>P. bnd_knight P \<noteq> bnd_knave P \<Longrightarrow>
  6.1918 +         (\<forall>P. bnd_knight P \<noteq> bnd_knave P) = True"
  6.1919 +by (tactic {*rtac (leo2_tac @{context} (hd prob_names) "13") 1*})
  6.1920 +
  6.1921 +     (* (Annotated_step ("15", "extcnf_combined"), *)
  6.1922 +lemma "(\<not> (\<exists>TZ TM. TZ bnd_zoey \<and> TM bnd_mel)) = True \<Longrightarrow>
  6.1923 +         ((\<forall>TM. \<not> TM bnd_mel) \<or> (\<forall>TZ. \<not> TZ bnd_zoey)) = True"
  6.1924 +by (tactic {*extcnf_combined_tac Full false (hd prob_names) 1*})
  6.1925 +
  6.1926 +     (* (Annotated_step ("18", "extcnf_combined"), *)
  6.1927 +lemma "(\<forall>P. bnd_knight P \<noteq> bnd_knave P) = True \<Longrightarrow>