isabelle: doc-src/IsarRef/Thy/Framework.thy@0090fab725e3 (annotated)

29716 b6266c4c68fe basic setup for chapter "The Isabelle/Isar Framework"; wenzelm parents: diff changeset	1	theory Framework
42651 e3fdb7c96be5 formal Base theory; wenzelm parents: 42626 diff changeset	2	imports Base Main
29716 b6266c4c68fe basic setup for chapter "The Isabelle/Isar Framework"; wenzelm parents: diff changeset	3	begin
b6266c4c68fe basic setup for chapter "The Isabelle/Isar Framework"; wenzelm parents: diff changeset	4
b6266c4c68fe basic setup for chapter "The Isabelle/Isar Framework"; wenzelm parents: diff changeset	5	chapter {* The Isabelle/Isar Framework \label{ch:isar-framework} *}
b6266c4c68fe basic setup for chapter "The Isabelle/Isar Framework"; wenzelm parents: diff changeset	6
b6266c4c68fe basic setup for chapter "The Isabelle/Isar Framework"; wenzelm parents: diff changeset	7	text {*
b6266c4c68fe basic setup for chapter "The Isabelle/Isar Framework"; wenzelm parents: diff changeset	8	Isabelle/Isar
b6266c4c68fe basic setup for chapter "The Isabelle/Isar Framework"; wenzelm parents: diff changeset	9	\cite{Wenzel:1999:TPHOL,Wenzel-PhD,Nipkow-TYPES02,Wenzel-Paulson:2006,Wenzel:2006:Festschrift}
b6266c4c68fe basic setup for chapter "The Isabelle/Isar Framework"; wenzelm parents: diff changeset	10	is intended as a generic framework for developing formal
b6266c4c68fe basic setup for chapter "The Isabelle/Isar Framework"; wenzelm parents: diff changeset	11	mathematical documents with full proof checking. Definitions and
29735 1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	12	proofs are organized as theories. An assembly of theory sources may
29716 b6266c4c68fe basic setup for chapter "The Isabelle/Isar Framework"; wenzelm parents: diff changeset	13	be presented as a printed document; see also
b6266c4c68fe basic setup for chapter "The Isabelle/Isar Framework"; wenzelm parents: diff changeset	14	\chref{ch:document-prep}.
b6266c4c68fe basic setup for chapter "The Isabelle/Isar Framework"; wenzelm parents: diff changeset	15
b6266c4c68fe basic setup for chapter "The Isabelle/Isar Framework"; wenzelm parents: diff changeset	16	The main objective of Isar is the design of a human-readable
b6266c4c68fe basic setup for chapter "The Isabelle/Isar Framework"; wenzelm parents: diff changeset	17	structured proof language, which is called the ``primary proof
b6266c4c68fe basic setup for chapter "The Isabelle/Isar Framework"; wenzelm parents: diff changeset	18	format'' in Isar terminology. Such a primary proof language is
b6266c4c68fe basic setup for chapter "The Isabelle/Isar Framework"; wenzelm parents: diff changeset	19	somewhere in the middle between the extremes of primitive proof
b6266c4c68fe basic setup for chapter "The Isabelle/Isar Framework"; wenzelm parents: diff changeset	20	objects and actual natural language. In this respect, Isar is a bit
b6266c4c68fe basic setup for chapter "The Isabelle/Isar Framework"; wenzelm parents: diff changeset	21	more formalistic than Mizar
b6266c4c68fe basic setup for chapter "The Isabelle/Isar Framework"; wenzelm parents: diff changeset	22	\cite{Trybulec:1993:MizarFeatures,Rudnicki:1992:MizarOverview,Wiedijk:1999:Mizar},
b6266c4c68fe basic setup for chapter "The Isabelle/Isar Framework"; wenzelm parents: diff changeset	23	using logical symbols for certain reasoning schemes where Mizar
b6266c4c68fe basic setup for chapter "The Isabelle/Isar Framework"; wenzelm parents: diff changeset	24	would prefer English words; see \cite{Wenzel-Wiedijk:2002} for
b6266c4c68fe basic setup for chapter "The Isabelle/Isar Framework"; wenzelm parents: diff changeset	25	further comparisons of these systems.
b6266c4c68fe basic setup for chapter "The Isabelle/Isar Framework"; wenzelm parents: diff changeset	26
b6266c4c68fe basic setup for chapter "The Isabelle/Isar Framework"; wenzelm parents: diff changeset	27	So Isar challenges the traditional way of recording informal proofs
b6266c4c68fe basic setup for chapter "The Isabelle/Isar Framework"; wenzelm parents: diff changeset	28	in mathematical prose, as well as the common tendency to see fully
b6266c4c68fe basic setup for chapter "The Isabelle/Isar Framework"; wenzelm parents: diff changeset	29	formal proofs directly as objects of some logical calculus (e.g.\
b6266c4c68fe basic setup for chapter "The Isabelle/Isar Framework"; wenzelm parents: diff changeset	30	@{text "\<lambda>"}-terms in a version of type theory). In fact, Isar is
b6266c4c68fe basic setup for chapter "The Isabelle/Isar Framework"; wenzelm parents: diff changeset	31	better understood as an interpreter of a simple block-structured
29735 1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	32	language for describing the data flow of local facts and goals,
29716 b6266c4c68fe basic setup for chapter "The Isabelle/Isar Framework"; wenzelm parents: diff changeset	33	interspersed with occasional invocations of proof methods.
b6266c4c68fe basic setup for chapter "The Isabelle/Isar Framework"; wenzelm parents: diff changeset	34	Everything is reduced to logical inferences internally, but these
b6266c4c68fe basic setup for chapter "The Isabelle/Isar Framework"; wenzelm parents: diff changeset	35	steps are somewhat marginal compared to the overall bookkeeping of
b6266c4c68fe basic setup for chapter "The Isabelle/Isar Framework"; wenzelm parents: diff changeset	36	the interpretation process. Thanks to careful design of the syntax
b6266c4c68fe basic setup for chapter "The Isabelle/Isar Framework"; wenzelm parents: diff changeset	37	and semantics of Isar language elements, a formal record of Isar
b6266c4c68fe basic setup for chapter "The Isabelle/Isar Framework"; wenzelm parents: diff changeset	38	instructions may later appear as an intelligible text to the
b6266c4c68fe basic setup for chapter "The Isabelle/Isar Framework"; wenzelm parents: diff changeset	39	attentive reader.
b6266c4c68fe basic setup for chapter "The Isabelle/Isar Framework"; wenzelm parents: diff changeset	40
b6266c4c68fe basic setup for chapter "The Isabelle/Isar Framework"; wenzelm parents: diff changeset	41	The Isar proof language has emerged from careful analysis of some
b6266c4c68fe basic setup for chapter "The Isabelle/Isar Framework"; wenzelm parents: diff changeset	42	inherent virtues of the existing logical framework of Isabelle/Pure
b6266c4c68fe basic setup for chapter "The Isabelle/Isar Framework"; wenzelm parents: diff changeset	43	\cite{paulson-found,paulson700}, notably composition of higher-order
b6266c4c68fe basic setup for chapter "The Isabelle/Isar Framework"; wenzelm parents: diff changeset	44	natural deduction rules, which is a generalization of Gentzen's
b6266c4c68fe basic setup for chapter "The Isabelle/Isar Framework"; wenzelm parents: diff changeset	45	original calculus \cite{Gentzen:1935}. The approach of generic
b6266c4c68fe basic setup for chapter "The Isabelle/Isar Framework"; wenzelm parents: diff changeset	46	inference systems in Pure is continued by Isar towards actual proof
b6266c4c68fe basic setup for chapter "The Isabelle/Isar Framework"; wenzelm parents: diff changeset	47	texts.
b6266c4c68fe basic setup for chapter "The Isabelle/Isar Framework"; wenzelm parents: diff changeset	48
b6266c4c68fe basic setup for chapter "The Isabelle/Isar Framework"; wenzelm parents: diff changeset	49	Concrete applications require another intermediate layer: an
b6266c4c68fe basic setup for chapter "The Isabelle/Isar Framework"; wenzelm parents: diff changeset	50	object-logic. Isabelle/HOL \cite{isa-tutorial} (simply-typed
b6266c4c68fe basic setup for chapter "The Isabelle/Isar Framework"; wenzelm parents: diff changeset	51	set-theory) is being used most of the time; Isabelle/ZF
b6266c4c68fe basic setup for chapter "The Isabelle/Isar Framework"; wenzelm parents: diff changeset	52	\cite{isabelle-ZF} is less extensively developed, although it would
b6266c4c68fe basic setup for chapter "The Isabelle/Isar Framework"; wenzelm parents: diff changeset	53	probably fit better for classical mathematics.
29721 df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	54
29735 1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	55	\medskip In order to illustrate natural deduction in Isar, we shall
1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	56	refer to the background theory and library of Isabelle/HOL. This
1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	57	includes common notions of predicate logic, naive set-theory etc.\
1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	58	using fairly standard mathematical notation. From the perspective
1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	59	of generic natural deduction there is nothing special about the
1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	60	logical connectives of HOL (@{text "\<and>"}, @{text "\<or>"}, @{text "\<forall>"},
1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	61	@{text "\<exists>"}, etc.), only the resulting reasoning principles are
1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	62	relevant to the user. There are similar rules available for
1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	63	set-theory operators (@{text "\<inter>"}, @{text "\<union>"}, @{text "\<Inter>"}, @{text
1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	64	"\<Union>"}, etc.), or any other theory developed in the library (lattice
1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	65	theory, topology etc.).
29721 df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	66
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	67	Subsequently we briefly review fragments of Isar proof texts
29735 1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	68	corresponding directly to such general deduction schemes. The
1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	69	examples shall refer to set-theory, to minimize the danger of
29721 df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	70	understanding connectives of predicate logic as something special.
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	71
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	72	\medskip The following deduction performs @{text "\<inter>"}-introduction,
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	73	working forwards from assumptions towards the conclusion. We give
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	74	both the Isar text, and depict the primitive rule involved, as
29735 1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	75	determined by unification of the problem against rules that are
1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	76	declared in the library context.
29721 df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	77	*}
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	78
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	79	text_raw {\medskip\begin{minipage}{0.6\textwidth}}
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	80
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	81	(<)
40964 482a8334ee9e prefer 'notepad' over 'example_proof'; wenzelm parents: 40476 diff changeset	82	notepad
482a8334ee9e prefer 'notepad' over 'example_proof'; wenzelm parents: 40476 diff changeset	83	begin
29721 df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	84	(>)
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	85	assume "x \<in> A" and "x \<in> B"
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	86	then have "x \<in> A \<inter> B" ..
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	87	(<)
40964 482a8334ee9e prefer 'notepad' over 'example_proof'; wenzelm parents: 40476 diff changeset	88	end
29721 df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	89	(>)
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	90
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	91	text_raw {\end{minipage}\begin{minipage}{0.4\textwidth}}
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	92
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	93	text {*
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	94	\infer{@{prop "x \<in> A \<inter> B"}}{@{prop "x \<in> A"} & @{prop "x \<in> B"}}
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	95	*}
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	96
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	97	text_raw {\end{minipage}}
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	98
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	99	text {*
29737 866841668584 replaced 'assm' by 'assume' -- regular 'assume' is default, if inference is omitted; wenzelm parents: 29735 diff changeset	100	\medskip\noindent Note that @{command assume} augments the proof
866841668584 replaced 'assm' by 'assume' -- regular 'assume' is default, if inference is omitted; wenzelm parents: 29735 diff changeset	101	context, @{command then} indicates that the current fact shall be
866841668584 replaced 'assm' by 'assume' -- regular 'assume' is default, if inference is omitted; wenzelm parents: 29735 diff changeset	102	used in the next step, and @{command have} states an intermediate
29735 1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	103	goal. The two dots ``@{command ".."}'' refer to a complete proof of
1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	104	this claim, using the indicated facts and a canonical rule from the
29721 df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	105	context. We could have been more explicit here by spelling out the
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	106	final proof step via the @{command "by"} command:
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	107	*}
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	108
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	109	(<)
40964 482a8334ee9e prefer 'notepad' over 'example_proof'; wenzelm parents: 40476 diff changeset	110	notepad
482a8334ee9e prefer 'notepad' over 'example_proof'; wenzelm parents: 40476 diff changeset	111	begin
29721 df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	112	(>)
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	113	assume "x \<in> A" and "x \<in> B"
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	114	then have "x \<in> A \<inter> B" by (rule IntI)
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	115	(<)
40964 482a8334ee9e prefer 'notepad' over 'example_proof'; wenzelm parents: 40476 diff changeset	116	end
29721 df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	117	(>)
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	118
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	119	text {*
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	120	\noindent The format of the @{text "\<inter>"}-introduction rule represents
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	121	the most basic inference, which proceeds from given premises to a
29735 1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	122	conclusion, without any nested proof context involved.
29721 df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	123
29735 1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	124	The next example performs backwards introduction on @{term "\<Inter>\<A>"},
1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	125	the intersection of all sets within a given set. This requires a
1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	126	nested proof of set membership within a local context, where @{term
1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	127	A} is an arbitrary-but-fixed member of the collection:
29721 df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	128	*}
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	129
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	130	text_raw {\medskip\begin{minipage}{0.6\textwidth}}
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	131
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	132	(<)
40964 482a8334ee9e prefer 'notepad' over 'example_proof'; wenzelm parents: 40476 diff changeset	133	notepad
482a8334ee9e prefer 'notepad' over 'example_proof'; wenzelm parents: 40476 diff changeset	134	begin
29721 df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	135	(>)
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	136	have "x \<in> \<Inter>\<A>"
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	137	proof
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	138	fix A
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	139	assume "A \<in> \<A>"
29733 f38ccabb2edc improved sorry/noproof markup; wenzelm parents: 29732 diff changeset	140	show "x \<in> A" sorry %noproof
29721 df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	141	qed
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	142	(<)
40964 482a8334ee9e prefer 'notepad' over 'example_proof'; wenzelm parents: 40476 diff changeset	143	end
29721 df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	144	(>)
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	145
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	146	text_raw {\end{minipage}\begin{minipage}{0.4\textwidth}}
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	147
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	148	text {*
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	149	\infer{@{prop "x \<in> \<Inter>\<A>"}}{\infer*{@{prop "x \<in> A"}}{@{text "[A][A \<in> \<A>]"}}}
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	150	*}
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	151
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	152	text_raw {\end{minipage}}
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	153
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	154	text {*
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	155	\medskip\noindent This Isar reasoning pattern again refers to the
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	156	primitive rule depicted above. The system determines it in the
29737 866841668584 replaced 'assm' by 'assume' -- regular 'assume' is default, if inference is omitted; wenzelm parents: 29735 diff changeset	157	``@{command proof}'' step, which could have been spelt out more
866841668584 replaced 'assm' by 'assume' -- regular 'assume' is default, if inference is omitted; wenzelm parents: 29735 diff changeset	158	explicitly as ``@{command proof}~@{text "(rule InterI)"}''. Note
29735 1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	159	that the rule involves both a local parameter @{term "A"} and an
29729 c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	160	assumption @{prop "A \<in> \<A>"} in the nested reasoning. This kind of
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	161	compound rule typically demands a genuine sub-proof in Isar, working
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	162	backwards rather than forwards as seen before. In the proof body we
29737 866841668584 replaced 'assm' by 'assume' -- regular 'assume' is default, if inference is omitted; wenzelm parents: 29735 diff changeset	163	encounter the @{command fix}-@{command assume}-@{command show}
866841668584 replaced 'assm' by 'assume' -- regular 'assume' is default, if inference is omitted; wenzelm parents: 29735 diff changeset	164	outline of nested sub-proofs that is typical for Isar. The final
866841668584 replaced 'assm' by 'assume' -- regular 'assume' is default, if inference is omitted; wenzelm parents: 29735 diff changeset	165	@{command show} is like @{command have} followed by an additional
866841668584 replaced 'assm' by 'assume' -- regular 'assume' is default, if inference is omitted; wenzelm parents: 29735 diff changeset	166	refinement of the enclosing claim, using the rule derived from the
866841668584 replaced 'assm' by 'assume' -- regular 'assume' is default, if inference is omitted; wenzelm parents: 29735 diff changeset	167	proof body.
29721 df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	168
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	169	\medskip The next example involves @{term "\<Union>\<A>"}, which can be
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	170	characterized as the set of all @{term "x"} such that @{prop "\<exists>A. x
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	171	\<in> A \<and> A \<in> \<A>"}. The elimination rule for @{prop "x \<in> \<Union>\<A>"} does
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	172	not mention @{text "\<exists>"} and @{text "\<and>"} at all, but admits to obtain
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	173	directly a local @{term "A"} such that @{prop "x \<in> A"} and @{prop "A
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	174	\<in> \<A>"} hold. This corresponds to the following Isar proof and
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	175	inference rule, respectively:
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	176	*}
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	177
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	178	text_raw {\medskip\begin{minipage}{0.6\textwidth}}
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	179
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	180	(<)
40964 482a8334ee9e prefer 'notepad' over 'example_proof'; wenzelm parents: 40476 diff changeset	181	notepad
482a8334ee9e prefer 'notepad' over 'example_proof'; wenzelm parents: 40476 diff changeset	182	begin
29721 df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	183	(>)
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	184	assume "x \<in> \<Union>\<A>"
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	185	then have C
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	186	proof
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	187	fix A
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	188	assume "x \<in> A" and "A \<in> \<A>"
29733 f38ccabb2edc improved sorry/noproof markup; wenzelm parents: 29732 diff changeset	189	show C sorry %noproof
29721 df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	190	qed
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	191	(<)
40964 482a8334ee9e prefer 'notepad' over 'example_proof'; wenzelm parents: 40476 diff changeset	192	end
29721 df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	193	(>)
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	194
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	195	text_raw {\end{minipage}\begin{minipage}{0.4\textwidth}}
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	196
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	197	text {*
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	198	\infer{@{prop "C"}}{@{prop "x \<in> \<Union>\<A>"} & \infer*{@{prop "C"}~}{@{text "[A][x \<in> A, A \<in> \<A>]"}}}
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	199	*}
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	200
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	201	text_raw {\end{minipage}}
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	202
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	203	text {*
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	204	\medskip\noindent Although the Isar proof follows the natural
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	205	deduction rule closely, the text reads not as natural as
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	206	anticipated. There is a double occurrence of an arbitrary
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	207	conclusion @{prop "C"}, which represents the final result, but is
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	208	irrelevant for now. This issue arises for any elimination rule
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	209	involving local parameters. Isar provides the derived language
29737 866841668584 replaced 'assm' by 'assume' -- regular 'assume' is default, if inference is omitted; wenzelm parents: 29735 diff changeset	210	element @{command obtain}, which is able to perform the same
29721 df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	211	elimination proof more conveniently:
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	212	*}
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	213
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	214	(<)
40964 482a8334ee9e prefer 'notepad' over 'example_proof'; wenzelm parents: 40476 diff changeset	215	notepad
482a8334ee9e prefer 'notepad' over 'example_proof'; wenzelm parents: 40476 diff changeset	216	begin
29721 df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	217	(>)
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	218	assume "x \<in> \<Union>\<A>"
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	219	then obtain A where "x \<in> A" and "A \<in> \<A>" ..
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	220	(<)
40964 482a8334ee9e prefer 'notepad' over 'example_proof'; wenzelm parents: 40476 diff changeset	221	end
29721 df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	222	(>)
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	223
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	224	text {*
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	225	\noindent Here we avoid to mention the final conclusion @{prop "C"}
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	226	and return to plain forward reasoning. The rule involved in the
df4e53d18ebc added introductory examples; wenzelm parents: 29716 diff changeset	227	``@{command ".."}'' proof is the same as before.
29716 b6266c4c68fe basic setup for chapter "The Isabelle/Isar Framework"; wenzelm parents: diff changeset	228	*}
b6266c4c68fe basic setup for chapter "The Isabelle/Isar Framework"; wenzelm parents: diff changeset	229
29729 c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	230
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	231	section {* The Pure framework \label{sec:framework-pure} *}
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	232
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	233	text {*
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	234	The Pure logic \cite{paulson-found,paulson700} is an intuitionistic
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	235	fragment of higher-order logic \cite{church40}. In type-theoretic
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	236	parlance, there are three levels of @{text "\<lambda>"}-calculus with
29735 1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	237	corresponding arrows @{text "\<Rightarrow>"}/@{text "\<And>"}/@{text "\<Longrightarrow>"}:
1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	238
1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	239	\medskip
1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	240	\begin{tabular}{ll}
1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	241	@{text "\<alpha> \<Rightarrow> \<beta>"} & syntactic function space (terms depending on terms) \\
1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	242	@{text "\<And>x. B(x)"} & universal quantification (proofs depending on terms) \\
1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	243	@{text "A \<Longrightarrow> B"} & implication (proofs depending on proofs) \\
1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	244	\end{tabular}
1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	245	\medskip
29729 c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	246
29735 1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	247	\noindent Here only the types of syntactic terms, and the
1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	248	propositions of proof terms have been shown. The @{text
1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	249	"\<lambda>"}-structure of proofs can be recorded as an optional feature of
1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	250	the Pure inference kernel \cite{Berghofer-Nipkow:2000:TPHOL}, but
1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	251	the formal system can never depend on them due to \emph{proof
1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	252	irrelevance}.
1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	253
1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	254	On top of this most primitive layer of proofs, Pure implements a
1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	255	generic calculus for nested natural deduction rules, similar to
1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	256	\cite{Schroeder-Heister:1984}. Here object-logic inferences are
1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	257	internalized as formulae over @{text "\<And>"} and @{text "\<Longrightarrow>"}.
1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	258	Combining such rule statements may involve higher-order unification
1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	259	\cite{paulson-natural}.
29729 c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	260	*}
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	261
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	262
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	263	subsection {* Primitive inferences *}
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	264
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	265	text {*
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	266	Term syntax provides explicit notation for abstraction @{text "\<lambda>x ::
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	267	\<alpha>. b(x)"} and application @{text "b a"}, while types are usually
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	268	implicit thanks to type-inference; terms of type @{text "prop"} are
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	269	called propositions. Logical statements are composed via @{text "\<And>x
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	270	:: \<alpha>. B(x)"} and @{text "A \<Longrightarrow> B"}. Primitive reasoning operates on
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	271	judgments of the form @{text "\<Gamma> \<turnstile> \<phi>"}, with standard introduction
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	272	and elimination rules for @{text "\<And>"} and @{text "\<Longrightarrow>"} that refer to
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	273	fixed parameters @{text "x\<^isub>1, \<dots>, x\<^isub>m"} and hypotheses
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	274	@{text "A\<^isub>1, \<dots>, A\<^isub>n"} from the context @{text "\<Gamma>"};
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	275	the corresponding proof terms are left implicit. The subsequent
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	276	inference rules define @{text "\<Gamma> \<turnstile> \<phi>"} inductively, relative to a
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	277	collection of axioms:
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	278
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	279	\[
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	280	\infer{@{text "\<turnstile> A"}}{(@{text "A"} \text{~axiom})}
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	281	\qquad
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	282	\infer{@{text "A \<turnstile> A"}}{}
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	283	\]
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	284
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	285	\[
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	286	\infer{@{text "\<Gamma> \<turnstile> \<And>x. B(x)"}}{@{text "\<Gamma> \<turnstile> B(x)"} & @{text "x \<notin> \<Gamma>"}}
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	287	\qquad
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	288	\infer{@{text "\<Gamma> \<turnstile> B(a)"}}{@{text "\<Gamma> \<turnstile> \<And>x. B(x)"}}
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	289	\]
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	290
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	291	\[
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	292	\infer{@{text "\<Gamma> - A \<turnstile> A \<Longrightarrow> B"}}{@{text "\<Gamma> \<turnstile> B"}}
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	293	\qquad
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	294	\infer{@{text "\<Gamma>\<^sub>1 \<union> \<Gamma>\<^sub>2 \<turnstile> B"}}{@{text "\<Gamma>\<^sub>1 \<turnstile> A \<Longrightarrow> B"} & @{text "\<Gamma>\<^sub>2 \<turnstile> A"}}
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	295	\]
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	296
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	297	Furthermore, Pure provides a built-in equality @{text "\<equiv> :: \<alpha> \<Rightarrow> \<alpha> \<Rightarrow>
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	298	prop"} with axioms for reflexivity, substitution, extensionality,
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	299	and @{text "\<alpha>\<beta>\<eta>"}-conversion on @{text "\<lambda>"}-terms.
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	300
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	301	\medskip An object-logic introduces another layer on top of Pure,
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	302	e.g.\ with types @{text "i"} for individuals and @{text "o"} for
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	303	propositions, term constants @{text "Trueprop :: o \<Rightarrow> prop"} as
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	304	(implicit) derivability judgment and connectives like @{text "\<and> :: o
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	305	\<Rightarrow> o \<Rightarrow> o"} or @{text "\<forall> :: (i \<Rightarrow> o) \<Rightarrow> o"}, and axioms for object-level
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	306	rules such as @{text "conjI: A \<Longrightarrow> B \<Longrightarrow> A \<and> B"} or @{text "allI: (\<And>x. B
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	307	x) \<Longrightarrow> \<forall>x. B x"}. Derived object rules are represented as theorems of
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	308	Pure. After the initial object-logic setup, further axiomatizations
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	309	are usually avoided; plain definitions and derived principles are
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	310	used exclusively.
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	311	*}
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	312
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	313
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	314	subsection {* Reasoning with rules \label{sec:framework-resolution} *}
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	315
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	316	text {*
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	317	Primitive inferences mostly serve foundational purposes. The main
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	318	reasoning mechanisms of Pure operate on nested natural deduction
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	319	rules expressed as formulae, using @{text "\<And>"} to bind local
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	320	parameters and @{text "\<Longrightarrow>"} to express entailment. Multiple
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	321	parameters and premises are represented by repeating these
29735 1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	322	connectives in a right-associative manner.
29729 c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	323
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	324	Since @{text "\<And>"} and @{text "\<Longrightarrow>"} commute thanks to the theorem
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	325	@{prop "(A \<Longrightarrow> (\<And>x. B x)) \<equiv> (\<And>x. A \<Longrightarrow> B x)"}, we may assume w.l.o.g.\
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	326	that rule statements always observe the normal form where
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	327	quantifiers are pulled in front of implications at each level of
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	328	nesting. This means that any Pure proposition may be presented as a
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	329	\emph{Hereditary Harrop Formula} \cite{Miller:1991} which is of the
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	330	form @{text "\<And>x\<^isub>1 \<dots> x\<^isub>m. H\<^isub>1 \<Longrightarrow> \<dots> H\<^isub>n \<Longrightarrow>
29735 1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	331	A"} for @{text "m, n \<ge> 0"}, and @{text "A"} atomic, and @{text
1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	332	"H\<^isub>1, \<dots>, H\<^isub>n"} being recursively of the same format.
29729 c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	333	Following the convention that outermost quantifiers are implicit,
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	334	Horn clauses @{text "A\<^isub>1 \<Longrightarrow> \<dots> A\<^isub>n \<Longrightarrow> A"} are a special
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	335	case of this.
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	336
29735 1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	337	For example, @{text "\<inter>"}-introduction rule encountered before is
1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	338	represented as a Pure theorem as follows:
1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	339	\[
1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	340	@{text "IntI:"}~@{prop "x \<in> A \<Longrightarrow> x \<in> B \<Longrightarrow> x \<in> A \<inter> B"}
1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	341	\]
1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	342
1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	343	\noindent This is a plain Horn clause, since no further nesting on
1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	344	the left is involved. The general @{text "\<Inter>"}-introduction
1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	345	corresponds to a Hereditary Harrop Formula with one additional level
1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	346	of nesting:
1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	347	\[
1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	348	@{text "InterI:"}~@{prop "(\<And>A. A \<in> \<A> \<Longrightarrow> x \<in> A) \<Longrightarrow> x \<in> \<Inter>\<A>"}
1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	349	\]
1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	350
29729 c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	351	\medskip Goals are also represented as rules: @{text "A\<^isub>1 \<Longrightarrow>
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	352	\<dots> A\<^isub>n \<Longrightarrow> C"} states that the sub-goals @{text "A\<^isub>1, \<dots>,
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	353	A\<^isub>n"} entail the result @{text "C"}; for @{text "n = 0"} the
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	354	goal is finished. To allow @{text "C"} being a rule statement
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	355	itself, we introduce the protective marker @{text "# :: prop \<Rightarrow>
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	356	prop"}, which is defined as identity and hidden from the user. We
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	357	initialize and finish goal states as follows:
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	358
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	359	\[
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	360	\begin{array}{c@ {\qquad}c}
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	361	\infer[(@{inference_def init})]{@{text "C \<Longrightarrow> #C"}}{} &
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	362	\infer[(@{inference_def finish})]{@{text C}}{@{text "#C"}}
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	363	\end{array}
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	364	\]
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	365
29735 1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	366	\noindent Goal states are refined in intermediate proof steps until
1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	367	a finished form is achieved. Here the two main reasoning principles
1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	368	are @{inference resolution}, for back-chaining a rule against a
1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	369	sub-goal (replacing it by zero or more sub-goals), and @{inference
29729 c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	370	assumption}, for solving a sub-goal (finding a short-circuit with
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	371	local assumptions). Below @{text "\<^vec>x"} stands for @{text
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	372	"x\<^isub>1, \<dots>, x\<^isub>n"} (@{text "n \<ge> 0"}).
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	373
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	374	\[
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	375	\infer[(@{inference_def resolution})]
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	376	{@{text "(\<And>\<^vec>x. \<^vec>H \<^vec>x \<Longrightarrow> \<^vec>A (\<^vec>a \<^vec>x))\<vartheta> \<Longrightarrow> C\<vartheta>"}}
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	377	{\begin{tabular}{rl}
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	378	@{text "rule:"} &
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	379	@{text "\<^vec>A \<^vec>a \<Longrightarrow> B \<^vec>a"} \\
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	380	@{text "goal:"} &
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	381	@{text "(\<And>\<^vec>x. \<^vec>H \<^vec>x \<Longrightarrow> B' \<^vec>x) \<Longrightarrow> C"} \\
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	382	@{text "goal unifier:"} &
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	383	@{text "(\<lambda>\<^vec>x. B (\<^vec>a \<^vec>x))\<vartheta> = B'\<vartheta>"} \\
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	384	\end{tabular}}
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	385	\]
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	386
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	387	\medskip
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	388
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	389	\[
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	390	\infer[(@{inference_def assumption})]{@{text "C\<vartheta>"}}
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	391	{\begin{tabular}{rl}
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	392	@{text "goal:"} &
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	393	@{text "(\<And>\<^vec>x. \<^vec>H \<^vec>x \<Longrightarrow> A \<^vec>x) \<Longrightarrow> C"} \\
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	394	@{text "assm unifier:"} & @{text "A\<vartheta> = H\<^sub>i\<vartheta>"}~~\text{(for some~@{text "H\<^sub>i"})} \\
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	395	\end{tabular}}
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	396	\]
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	397
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	398	The following trace illustrates goal-oriented reasoning in
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	399	Isabelle/Pure:
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	400
29735 1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	401	{\footnotesize
29729 c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	402	\medskip
29735 1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	403	\begin{tabular}{r@ {\quad}l}
29729 c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	404	@{text "(A \<and> B \<Longrightarrow> B \<and> A) \<Longrightarrow> #(A \<and> B \<Longrightarrow> B \<and> A)"} & @{text "(init)"} \\
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	405	@{text "(A \<and> B \<Longrightarrow> B) \<Longrightarrow> (A \<and> B \<Longrightarrow> A) \<Longrightarrow> #\<dots>"} & @{text "(resolution B \<Longrightarrow> A \<Longrightarrow> B \<and> A)"} \\
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	406	@{text "(A \<and> B \<Longrightarrow> A \<and> B) \<Longrightarrow> (A \<and> B \<Longrightarrow> A) \<Longrightarrow> #\<dots>"} & @{text "(resolution A \<and> B \<Longrightarrow> B)"} \\
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	407	@{text "(A \<and> B \<Longrightarrow> A) \<Longrightarrow> #\<dots>"} & @{text "(assumption)"} \\
48279 ddf866029eb2 more accurate imitation of formal text; wenzelm parents: 42666 diff changeset	408	@{text "(A \<and> B \<Longrightarrow> A \<and> B) \<Longrightarrow> #\<dots>"} & @{text "(resolution A \<and> B \<Longrightarrow> A)"} \\
29729 c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	409	@{text "#\<dots>"} & @{text "(assumption)"} \\
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	410	@{text "A \<and> B \<Longrightarrow> B \<and> A"} & @{text "(finish)"} \\
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	411	\end{tabular}
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	412	\medskip
29735 1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	413	}
29729 c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	414
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	415	Compositions of @{inference assumption} after @{inference
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	416	resolution} occurs quite often, typically in elimination steps.
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	417	Traditional Isabelle tactics accommodate this by a combined
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	418	@{inference_def elim_resolution} principle. In contrast, Isar uses
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	419	a slightly more refined combination, where the assumptions to be
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	420	closed are marked explicitly, using again the protective marker
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	421	@{text "#"}:
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	422
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	423	\[
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	424	\infer[(@{inference refinement})]
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	425	{@{text "(\<And>\<^vec>x. \<^vec>H \<^vec>x \<Longrightarrow> \<^vec>G' (\<^vec>a \<^vec>x))\<vartheta> \<Longrightarrow> C\<vartheta>"}}
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	426	{\begin{tabular}{rl}
42666 fee67c099d03 use existing \<hyphen>; wenzelm parents: 42651 diff changeset	427	@{text "sub\<hyphen>proof:"} &
29729 c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	428	@{text "\<^vec>G \<^vec>a \<Longrightarrow> B \<^vec>a"} \\
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	429	@{text "goal:"} &
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	430	@{text "(\<And>\<^vec>x. \<^vec>H \<^vec>x \<Longrightarrow> B' \<^vec>x) \<Longrightarrow> C"} \\
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	431	@{text "goal unifier:"} &
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	432	@{text "(\<lambda>\<^vec>x. B (\<^vec>a \<^vec>x))\<vartheta> = B'\<vartheta>"} \\
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	433	@{text "assm unifiers:"} &
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	434	@{text "(\<lambda>\<^vec>x. G\<^sub>j (\<^vec>a \<^vec>x))\<vartheta> = #H\<^sub>i\<vartheta>"} \\
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	435	& \quad (for each marked @{text "G\<^sub>j"} some @{text "#H\<^sub>i"}) \\
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	436	\end{tabular}}
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	437	\]
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	438
42666 fee67c099d03 use existing \<hyphen>; wenzelm parents: 42651 diff changeset	439	\noindent Here the @{text "sub\<hyphen>proof"} rule stems from the
29737 866841668584 replaced 'assm' by 'assume' -- regular 'assume' is default, if inference is omitted; wenzelm parents: 29735 diff changeset	440	main @{command fix}-@{command assume}-@{command show} outline of
866841668584 replaced 'assm' by 'assume' -- regular 'assume' is default, if inference is omitted; wenzelm parents: 29735 diff changeset	441	Isar (cf.\ \secref{sec:framework-subproof}): each assumption
29729 c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	442	indicated in the text results in a marked premise @{text "G"} above.
29735 1da96affdefe misc tuning; wenzelm parents: 29733 diff changeset	443	The marking enforces resolution against one of the sub-goal's
29737 866841668584 replaced 'assm' by 'assume' -- regular 'assume' is default, if inference is omitted; wenzelm parents: 29735 diff changeset	444	premises. Consequently, @{command fix}-@{command assume}-@{command
866841668584 replaced 'assm' by 'assume' -- regular 'assume' is default, if inference is omitted; wenzelm parents: 29735 diff changeset	445	show} enables to fit the result of a sub-proof quite robustly into a
866841668584 replaced 'assm' by 'assume' -- regular 'assume' is default, if inference is omitted; wenzelm parents: 29735 diff changeset	446	pending sub-goal, while maintaining a good measure of flexibility.
29729 c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	447	*}
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	448
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	449
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	450	section {* The Isar proof language \label{sec:framework-isar} *}
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	451
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	452	text {*
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	453	Structured proofs are presented as high-level expressions for
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	454	composing entities of Pure (propositions, facts, and goals). The
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	455	Isar proof language allows to organize reasoning within the
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	456	underlying rule calculus of Pure, but Isar is not another logical
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	457	calculus!
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	458
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	459	Isar is an exercise in sound minimalism. Approximately half of the
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	460	language is introduced as primitive, the rest defined as derived
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	461	concepts. The following grammar describes the core language
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	462	(category @{text "proof"}), which is embedded into theory
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	463	specification elements such as @{command theorem}; see also
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	464	\secref{sec:framework-stmt} for the separate category @{text
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	465	"statement"}.
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	466
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	467	\medskip
c2e926455fcc more on Isar framework -- mostly from Trybulec Festschrift; wenzelm parents: 29721 diff changeset	468	\begin{tabular}{rcl}
42666 fee67c099d03 use existing \<hyphen>; wenzelm parents: 42651 diff changeset

author	wenzelm
	Mon, 30 Jul 2012 17:03:24 +0200
changeset 48609	0090fab725e3
parent 48279	ddf866029eb2
permissions	-rw-r--r--