| author | wenzelm | 
| Tue, 27 Jul 2010 22:23:32 +0200 | |
| changeset 37979 | 0f21ebea4a73 | 
| parent 37820 | ffaca9167c16 | 
| child 38462 | 34d3de1254cd | 
| permissions | -rw-r--r-- | 
| 26840 | 1 | % | 
| 2 | \begin{isabellebody}%
 | |
| 3 | \def\isabellecontext{HOL{\isacharunderscore}Specific}%
 | |
| 4 | % | |
| 5 | \isadelimtheory | |
| 6 | % | |
| 7 | \endisadelimtheory | |
| 8 | % | |
| 9 | \isatagtheory | |
| 10 | \isacommand{theory}\isamarkupfalse%
 | |
| 11 | \ HOL{\isacharunderscore}Specific\isanewline
 | |
| 26849 | 12 | \isakeyword{imports}\ Main\isanewline
 | 
| 13 | \isakeyword{begin}%
 | |
| 14 | \endisatagtheory | |
| 15 | {\isafoldtheory}%
 | |
| 16 | % | |
| 17 | \isadelimtheory | |
| 18 | % | |
| 19 | \endisadelimtheory | |
| 20 | % | |
| 26852 | 21 | \isamarkupchapter{Isabelle/HOL \label{ch:hol}%
 | 
| 26849 | 22 | } | 
| 23 | \isamarkuptrue% | |
| 24 | % | |
| 35744 | 25 | \isamarkupsection{Typedef axiomatization \label{sec:hol-typedef}%
 | 
| 26849 | 26 | } | 
| 27 | \isamarkuptrue% | |
| 28 | % | |
| 29 | \begin{isamarkuptext}%
 | |
| 30 | \begin{matharray}{rcl}
 | |
| 35744 | 31 |     \indexdef{HOL}{command}{typedef}\hypertarget{command.HOL.typedef}{\hyperlink{command.HOL.typedef}{\mbox{\isa{\isacommand{typedef}}}}} & : & \isa{{\isachardoublequote}local{\isacharunderscore}theory\ {\isasymrightarrow}\ proof{\isacharparenleft}prove{\isacharparenright}{\isachardoublequote}} \\
 | 
| 26849 | 32 |   \end{matharray}
 | 
| 33 | ||
| 34 |   \begin{rail}
 | |
| 35 | 'typedef' altname? abstype '=' repset | |
| 36 | ; | |
| 37 | ||
| 38 |     altname: '(' (name | 'open' | 'open' name) ')'
 | |
| 39 | ; | |
| 35841 | 40 | abstype: typespecsorts mixfix? | 
| 26849 | 41 | ; | 
| 42 |     repset: term ('morphisms' name name)?
 | |
| 43 | ; | |
| 44 |   \end{rail}
 | |
| 45 | ||
| 28788 | 46 |   \begin{description}
 | 
| 26849 | 47 | |
| 35744 | 48 |   \item \hyperlink{command.HOL.typedef}{\mbox{\isa{\isacommand{typedef}}}}~\isa{{\isachardoublequote}{\isacharparenleft}{\isasymalpha}\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymalpha}\isactrlsub n{\isacharparenright}\ t\ {\isacharequal}\ A{\isachardoublequote}}
 | 
| 49 | axiomatizes a Gordon/HOL-style type definition in the background | |
| 50 | theory of the current context, depending on a non-emptiness result | |
| 51 |   of the set \isa{A} (which needs to be proven interactively).
 | |
| 52 | ||
| 53 | The raw type may not depend on parameters or assumptions of the | |
| 54 | context --- this is logically impossible in Isabelle/HOL --- but the | |
| 55 | non-emptiness property can be local, potentially resulting in | |
| 56 | multiple interpretations in target contexts. Thus the established | |
| 57 |   bijection between the representing set \isa{A} and the new type
 | |
| 58 |   \isa{t} may semantically depend on local assumptions.
 | |
| 26849 | 59 | |
| 35744 | 60 |   By default, \hyperlink{command.HOL.typedef}{\mbox{\isa{\isacommand{typedef}}}} defines both a type \isa{t}
 | 
| 61 | and a set (term constant) of the same name, unless an alternative | |
| 62 |   base name is given in parentheses, or the ``\isa{{\isachardoublequote}{\isacharparenleft}open{\isacharparenright}{\isachardoublequote}}''
 | |
| 63 | declaration is used to suppress a separate constant definition | |
| 64 |   altogether.  The injection from type to set is called \isa{Rep{\isacharunderscore}t},
 | |
| 65 |   its inverse \isa{Abs{\isacharunderscore}t} --- this may be changed via an explicit
 | |
| 66 |   \hyperlink{keyword.HOL.morphisms}{\mbox{\isa{\isakeyword{morphisms}}}} declaration.
 | |
| 26849 | 67 | |
| 68 |   Theorems \isa{Rep{\isacharunderscore}t}, \isa{Rep{\isacharunderscore}t{\isacharunderscore}inverse}, and \isa{Abs{\isacharunderscore}t{\isacharunderscore}inverse} provide the most basic characterization as a
 | |
| 69 | corresponding injection/surjection pair (in both directions). Rules | |
| 70 |   \isa{Rep{\isacharunderscore}t{\isacharunderscore}inject} and \isa{Abs{\isacharunderscore}t{\isacharunderscore}inject} provide a slightly
 | |
| 71 | more convenient view on the injectivity part, suitable for automated | |
| 26902 | 72 |   proof tools (e.g.\ in \hyperlink{attribute.simp}{\mbox{\isa{simp}}} or \hyperlink{attribute.iff}{\mbox{\isa{iff}}}
 | 
| 26895 | 73 |   declarations).  Rules \isa{Rep{\isacharunderscore}t{\isacharunderscore}cases}/\isa{Rep{\isacharunderscore}t{\isacharunderscore}induct}, and
 | 
| 74 |   \isa{Abs{\isacharunderscore}t{\isacharunderscore}cases}/\isa{Abs{\isacharunderscore}t{\isacharunderscore}induct} provide alternative views
 | |
| 75 | on surjectivity; these are already declared as set or type rules for | |
| 26902 | 76 |   the generic \hyperlink{method.cases}{\mbox{\isa{cases}}} and \hyperlink{method.induct}{\mbox{\isa{induct}}} methods.
 | 
| 26849 | 77 | |
| 35744 | 78 | An alternative name for the set definition (and other derived | 
| 79 | entities) may be specified in parentheses; the default is to use | |
| 80 |   \isa{t} as indicated before.
 | |
| 26849 | 81 | |
| 35744 | 82 |   \end{description}%
 | 
| 26849 | 83 | \end{isamarkuptext}%
 | 
| 84 | \isamarkuptrue% | |
| 85 | % | |
| 86 | \isamarkupsection{Adhoc tuples%
 | |
| 87 | } | |
| 88 | \isamarkuptrue% | |
| 89 | % | |
| 90 | \begin{isamarkuptext}%
 | |
| 91 | \begin{matharray}{rcl}
 | |
| 28788 | 92 |     \hyperlink{attribute.HOL.split-format}{\mbox{\isa{split{\isacharunderscore}format}}}\isa{{\isachardoublequote}\isactrlsup {\isacharasterisk}{\isachardoublequote}} & : & \isa{attribute} \\
 | 
| 26849 | 93 |   \end{matharray}
 | 
| 94 | ||
| 95 |   \begin{rail}
 | |
| 31913 | 96 |     'split\_format' ((( name * ) + 'and') | ('(' 'complete' ')'))
 | 
| 26849 | 97 | ; | 
| 98 |   \end{rail}
 | |
| 99 | ||
| 28788 | 100 |   \begin{description}
 | 
| 26849 | 101 | |
| 28788 | 102 |   \item \hyperlink{attribute.HOL.split-format}{\mbox{\isa{split{\isacharunderscore}format}}}~\isa{{\isachardoublequote}p\isactrlsub {\isadigit{1}}\ {\isasymdots}\ p\isactrlsub m\ {\isasymAND}\ {\isasymdots}\ {\isasymAND}\ q\isactrlsub {\isadigit{1}}\ {\isasymdots}\ q\isactrlsub n{\isachardoublequote}} puts expressions of low-level tuple types into
 | 
| 103 |   canonical form as specified by the arguments given; the \isa{i}-th
 | |
| 104 |   collection of arguments refers to occurrences in premise \isa{i}
 | |
| 105 |   of the rule.  The ``\isa{{\isachardoublequote}{\isacharparenleft}complete{\isacharparenright}{\isachardoublequote}}'' option causes \emph{all}
 | |
| 106 | arguments in function applications to be represented canonically | |
| 107 | according to their tuple type structure. | |
| 26849 | 108 | |
| 109 | Note that these operations tend to invent funny names for new local | |
| 110 | parameters to be introduced. | |
| 111 | ||
| 28788 | 112 |   \end{description}%
 | 
| 26849 | 113 | \end{isamarkuptext}%
 | 
| 114 | \isamarkuptrue% | |
| 115 | % | |
| 116 | \isamarkupsection{Records \label{sec:hol-record}%
 | |
| 117 | } | |
| 118 | \isamarkuptrue% | |
| 119 | % | |
| 120 | \begin{isamarkuptext}%
 | |
| 121 | In principle, records merely generalize the concept of tuples, where | |
| 122 | components may be addressed by labels instead of just position. The | |
| 123 | logical infrastructure of records in Isabelle/HOL is slightly more | |
| 124 | advanced, though, supporting truly extensible record schemes. This | |
| 125 | admits operations that are polymorphic with respect to record | |
| 126 | extension, yielding ``object-oriented'' effects like (single) | |
| 127 |   inheritance.  See also \cite{NaraschewskiW-TPHOLs98} for more
 | |
| 128 | details on object-oriented verification and record subtyping in HOL.% | |
| 129 | \end{isamarkuptext}%
 | |
| 130 | \isamarkuptrue% | |
| 131 | % | |
| 132 | \isamarkupsubsection{Basic concepts%
 | |
| 133 | } | |
| 134 | \isamarkuptrue% | |
| 135 | % | |
| 136 | \begin{isamarkuptext}%
 | |
| 137 | Isabelle/HOL supports both \emph{fixed} and \emph{schematic} records
 | |
| 138 | at the level of terms and types. The notation is as follows: | |
| 139 | ||
| 140 |   \begin{center}
 | |
| 141 |   \begin{tabular}{l|l|l}
 | |
| 142 | & record terms & record types \\ \hline | |
| 143 |     fixed & \isa{{\isachardoublequote}{\isasymlparr}x\ {\isacharequal}\ a{\isacharcomma}\ y\ {\isacharequal}\ b{\isasymrparr}{\isachardoublequote}} & \isa{{\isachardoublequote}{\isasymlparr}x\ {\isacharcolon}{\isacharcolon}\ A{\isacharcomma}\ y\ {\isacharcolon}{\isacharcolon}\ B{\isasymrparr}{\isachardoublequote}} \\
 | |
| 144 |     schematic & \isa{{\isachardoublequote}{\isasymlparr}x\ {\isacharequal}\ a{\isacharcomma}\ y\ {\isacharequal}\ b{\isacharcomma}\ {\isasymdots}\ {\isacharequal}\ m{\isasymrparr}{\isachardoublequote}} &
 | |
| 145 |       \isa{{\isachardoublequote}{\isasymlparr}x\ {\isacharcolon}{\isacharcolon}\ A{\isacharcomma}\ y\ {\isacharcolon}{\isacharcolon}\ B{\isacharcomma}\ {\isasymdots}\ {\isacharcolon}{\isacharcolon}\ M{\isasymrparr}{\isachardoublequote}} \\
 | |
| 146 |   \end{tabular}
 | |
| 147 |   \end{center}
 | |
| 148 | ||
| 149 |   \noindent The ASCII representation of \isa{{\isachardoublequote}{\isasymlparr}x\ {\isacharequal}\ a{\isasymrparr}{\isachardoublequote}} is \isa{{\isachardoublequote}{\isacharparenleft}{\isacharbar}\ x\ {\isacharequal}\ a\ {\isacharbar}{\isacharparenright}{\isachardoublequote}}.
 | |
| 150 | ||
| 151 |   A fixed record \isa{{\isachardoublequote}{\isasymlparr}x\ {\isacharequal}\ a{\isacharcomma}\ y\ {\isacharequal}\ b{\isasymrparr}{\isachardoublequote}} has field \isa{x} of value
 | |
| 152 |   \isa{a} and field \isa{y} of value \isa{b}.  The corresponding
 | |
| 153 |   type is \isa{{\isachardoublequote}{\isasymlparr}x\ {\isacharcolon}{\isacharcolon}\ A{\isacharcomma}\ y\ {\isacharcolon}{\isacharcolon}\ B{\isasymrparr}{\isachardoublequote}}, assuming that \isa{{\isachardoublequote}a\ {\isacharcolon}{\isacharcolon}\ A{\isachardoublequote}}
 | |
| 154 |   and \isa{{\isachardoublequote}b\ {\isacharcolon}{\isacharcolon}\ B{\isachardoublequote}}.
 | |
| 155 | ||
| 156 |   A record scheme like \isa{{\isachardoublequote}{\isasymlparr}x\ {\isacharequal}\ a{\isacharcomma}\ y\ {\isacharequal}\ b{\isacharcomma}\ {\isasymdots}\ {\isacharequal}\ m{\isasymrparr}{\isachardoublequote}} contains fields
 | |
| 157 |   \isa{x} and \isa{y} as before, but also possibly further fields
 | |
| 158 |   as indicated by the ``\isa{{\isachardoublequote}{\isasymdots}{\isachardoublequote}}'' notation (which is actually part
 | |
| 159 |   of the syntax).  The improper field ``\isa{{\isachardoublequote}{\isasymdots}{\isachardoublequote}}'' of a record
 | |
| 160 |   scheme is called the \emph{more part}.  Logically it is just a free
 | |
| 161 | variable, which is occasionally referred to as ``row variable'' in | |
| 162 | the literature. The more part of a record scheme may be | |
| 163 | instantiated by zero or more further components. For example, the | |
| 26852 | 164 |   previous scheme may get instantiated to \isa{{\isachardoublequote}{\isasymlparr}x\ {\isacharequal}\ a{\isacharcomma}\ y\ {\isacharequal}\ b{\isacharcomma}\ z\ {\isacharequal}\ c{\isacharcomma}\ {\isasymdots}\ {\isacharequal}\ m{\isacharprime}{\isasymrparr}{\isachardoublequote}}, where \isa{m{\isacharprime}} refers to a different more part.
 | 
| 26849 | 165 | Fixed records are special instances of record schemes, where | 
| 166 |   ``\isa{{\isachardoublequote}{\isasymdots}{\isachardoublequote}}'' is properly terminated by the \isa{{\isachardoublequote}{\isacharparenleft}{\isacharparenright}\ {\isacharcolon}{\isacharcolon}\ unit{\isachardoublequote}}
 | |
| 167 |   element.  In fact, \isa{{\isachardoublequote}{\isasymlparr}x\ {\isacharequal}\ a{\isacharcomma}\ y\ {\isacharequal}\ b{\isasymrparr}{\isachardoublequote}} is just an abbreviation
 | |
| 168 |   for \isa{{\isachardoublequote}{\isasymlparr}x\ {\isacharequal}\ a{\isacharcomma}\ y\ {\isacharequal}\ b{\isacharcomma}\ {\isasymdots}\ {\isacharequal}\ {\isacharparenleft}{\isacharparenright}{\isasymrparr}{\isachardoublequote}}.
 | |
| 169 | ||
| 170 | \medskip Two key observations make extensible records in a simply | |
| 171 | typed language like HOL work out: | |
| 172 | ||
| 173 |   \begin{enumerate}
 | |
| 174 | ||
| 175 | \item the more part is internalized, as a free term or type | |
| 176 | variable, | |
| 177 | ||
| 26852 | 178 | \item field names are externalized, they cannot be accessed within | 
| 179 | the logic as first-class values. | |
| 26849 | 180 | |
| 181 |   \end{enumerate}
 | |
| 182 | ||
| 183 | \medskip In Isabelle/HOL record types have to be defined explicitly, | |
| 184 | fixing their field names and types, and their (optional) parent | |
| 185 | record. Afterwards, records may be formed using above syntax, while | |
| 186 | obeying the canonical order of fields as given by their declaration. | |
| 187 | The record package provides several standard operations like | |
| 188 | selectors and updates. The common setup for various generic proof | |
| 189 | tools enable succinct reasoning patterns. See also the Isabelle/HOL | |
| 190 |   tutorial \cite{isabelle-hol-book} for further instructions on using
 | |
| 191 | records in practice.% | |
| 192 | \end{isamarkuptext}%
 | |
| 193 | \isamarkuptrue% | |
| 194 | % | |
| 195 | \isamarkupsubsection{Record specifications%
 | |
| 196 | } | |
| 197 | \isamarkuptrue% | |
| 198 | % | |
| 199 | \begin{isamarkuptext}%
 | |
| 200 | \begin{matharray}{rcl}
 | |
| 28788 | 201 |     \indexdef{HOL}{command}{record}\hypertarget{command.HOL.record}{\hyperlink{command.HOL.record}{\mbox{\isa{\isacommand{record}}}}} & : & \isa{{\isachardoublequote}theory\ {\isasymrightarrow}\ theory{\isachardoublequote}} \\
 | 
| 26849 | 202 |   \end{matharray}
 | 
| 203 | ||
| 204 |   \begin{rail}
 | |
| 36158 | 205 | 'record' typespecsorts '=' (type '+')? (constdecl +) | 
| 26849 | 206 | ; | 
| 207 |   \end{rail}
 | |
| 208 | ||
| 28788 | 209 |   \begin{description}
 | 
| 26849 | 210 | |
| 28788 | 211 |   \item \hyperlink{command.HOL.record}{\mbox{\isa{\isacommand{record}}}}~\isa{{\isachardoublequote}{\isacharparenleft}{\isasymalpha}\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymalpha}\isactrlsub m{\isacharparenright}\ t\ {\isacharequal}\ {\isasymtau}\ {\isacharplus}\ c\isactrlsub {\isadigit{1}}\ {\isacharcolon}{\isacharcolon}\ {\isasymsigma}\isactrlsub {\isadigit{1}}\ {\isasymdots}\ c\isactrlsub n\ {\isacharcolon}{\isacharcolon}\ {\isasymsigma}\isactrlsub n{\isachardoublequote}} defines extensible record type \isa{{\isachardoublequote}{\isacharparenleft}{\isasymalpha}\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymalpha}\isactrlsub m{\isacharparenright}\ t{\isachardoublequote}},
 | 
| 26849 | 212 |   derived from the optional parent record \isa{{\isachardoublequote}{\isasymtau}{\isachardoublequote}} by adding new
 | 
| 213 |   field components \isa{{\isachardoublequote}c\isactrlsub i\ {\isacharcolon}{\isacharcolon}\ {\isasymsigma}\isactrlsub i{\isachardoublequote}} etc.
 | |
| 214 | ||
| 215 |   The type variables of \isa{{\isachardoublequote}{\isasymtau}{\isachardoublequote}} and \isa{{\isachardoublequote}{\isasymsigma}\isactrlsub i{\isachardoublequote}} need to be
 | |
| 216 |   covered by the (distinct) parameters \isa{{\isachardoublequote}{\isasymalpha}\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymalpha}\isactrlsub m{\isachardoublequote}}.  Type constructor \isa{t} has to be new, while \isa{{\isasymtau}} needs to specify an instance of an existing record type.  At
 | |
| 217 |   least one new field \isa{{\isachardoublequote}c\isactrlsub i{\isachardoublequote}} has to be specified.
 | |
| 218 | Basically, field names need to belong to a unique record. This is | |
| 219 | not a real restriction in practice, since fields are qualified by | |
| 220 | the record name internally. | |
| 221 | ||
| 222 |   The parent record specification \isa{{\isasymtau}} is optional; if omitted
 | |
| 223 |   \isa{t} becomes a root record.  The hierarchy of all records
 | |
| 224 | declared within a theory context forms a forest structure, i.e.\ a | |
| 225 | set of trees starting with a root record each. There is no way to | |
| 226 | merge multiple parent records! | |
| 227 | ||
| 228 |   For convenience, \isa{{\isachardoublequote}{\isacharparenleft}{\isasymalpha}\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymalpha}\isactrlsub m{\isacharparenright}\ t{\isachardoublequote}} is made a
 | |
| 229 |   type abbreviation for the fixed record type \isa{{\isachardoublequote}{\isasymlparr}c\isactrlsub {\isadigit{1}}\ {\isacharcolon}{\isacharcolon}\ {\isasymsigma}\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ c\isactrlsub n\ {\isacharcolon}{\isacharcolon}\ {\isasymsigma}\isactrlsub n{\isasymrparr}{\isachardoublequote}}, likewise is \isa{{\isachardoublequote}{\isacharparenleft}{\isasymalpha}\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymalpha}\isactrlsub m{\isacharcomma}\ {\isasymzeta}{\isacharparenright}\ t{\isacharunderscore}scheme{\isachardoublequote}} made an abbreviation for
 | |
| 230 |   \isa{{\isachardoublequote}{\isasymlparr}c\isactrlsub {\isadigit{1}}\ {\isacharcolon}{\isacharcolon}\ {\isasymsigma}\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ c\isactrlsub n\ {\isacharcolon}{\isacharcolon}\ {\isasymsigma}\isactrlsub n{\isacharcomma}\ {\isasymdots}\ {\isacharcolon}{\isacharcolon}\ {\isasymzeta}{\isasymrparr}{\isachardoublequote}}.
 | |
| 231 | ||
| 28788 | 232 |   \end{description}%
 | 
| 26849 | 233 | \end{isamarkuptext}%
 | 
| 234 | \isamarkuptrue% | |
| 235 | % | |
| 236 | \isamarkupsubsection{Record operations%
 | |
| 237 | } | |
| 238 | \isamarkuptrue% | |
| 239 | % | |
| 240 | \begin{isamarkuptext}%
 | |
| 241 | Any record definition of the form presented above produces certain | |
| 242 | standard operations. Selectors and updates are provided for any | |
| 243 |   field, including the improper one ``\isa{more}''.  There are also
 | |
| 244 | cumulative record constructor functions. To simplify the | |
| 245 |   presentation below, we assume for now that \isa{{\isachardoublequote}{\isacharparenleft}{\isasymalpha}\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymalpha}\isactrlsub m{\isacharparenright}\ t{\isachardoublequote}} is a root record with fields \isa{{\isachardoublequote}c\isactrlsub {\isadigit{1}}\ {\isacharcolon}{\isacharcolon}\ {\isasymsigma}\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ c\isactrlsub n\ {\isacharcolon}{\isacharcolon}\ {\isasymsigma}\isactrlsub n{\isachardoublequote}}.
 | |
| 246 | ||
| 247 |   \medskip \textbf{Selectors} and \textbf{updates} are available for
 | |
| 248 |   any field (including ``\isa{more}''):
 | |
| 249 | ||
| 250 |   \begin{matharray}{lll}
 | |
| 26852 | 251 |     \isa{{\isachardoublequote}c\isactrlsub i{\isachardoublequote}} & \isa{{\isachardoublequote}{\isacharcolon}{\isacharcolon}{\isachardoublequote}} & \isa{{\isachardoublequote}{\isasymlparr}\isactrlvec c\ {\isacharcolon}{\isacharcolon}\ \isactrlvec {\isasymsigma}{\isacharcomma}\ {\isasymdots}\ {\isacharcolon}{\isacharcolon}\ {\isasymzeta}{\isasymrparr}\ {\isasymRightarrow}\ {\isasymsigma}\isactrlsub i{\isachardoublequote}} \\
 | 
| 252 |     \isa{{\isachardoublequote}c\isactrlsub i{\isacharunderscore}update{\isachardoublequote}} & \isa{{\isachardoublequote}{\isacharcolon}{\isacharcolon}{\isachardoublequote}} & \isa{{\isachardoublequote}{\isasymsigma}\isactrlsub i\ {\isasymRightarrow}\ {\isasymlparr}\isactrlvec c\ {\isacharcolon}{\isacharcolon}\ \isactrlvec {\isasymsigma}{\isacharcomma}\ {\isasymdots}\ {\isacharcolon}{\isacharcolon}\ {\isasymzeta}{\isasymrparr}\ {\isasymRightarrow}\ {\isasymlparr}\isactrlvec c\ {\isacharcolon}{\isacharcolon}\ \isactrlvec {\isasymsigma}{\isacharcomma}\ {\isasymdots}\ {\isacharcolon}{\isacharcolon}\ {\isasymzeta}{\isasymrparr}{\isachardoublequote}} \\
 | |
| 26849 | 253 |   \end{matharray}
 | 
| 254 | ||
| 255 |   There is special syntax for application of updates: \isa{{\isachardoublequote}r{\isasymlparr}x\ {\isacharcolon}{\isacharequal}\ a{\isasymrparr}{\isachardoublequote}} abbreviates term \isa{{\isachardoublequote}x{\isacharunderscore}update\ a\ r{\isachardoublequote}}.  Further notation for
 | |
| 256 |   repeated updates is also available: \isa{{\isachardoublequote}r{\isasymlparr}x\ {\isacharcolon}{\isacharequal}\ a{\isasymrparr}{\isasymlparr}y\ {\isacharcolon}{\isacharequal}\ b{\isasymrparr}{\isasymlparr}z\ {\isacharcolon}{\isacharequal}\ c{\isasymrparr}{\isachardoublequote}} may be written \isa{{\isachardoublequote}r{\isasymlparr}x\ {\isacharcolon}{\isacharequal}\ a{\isacharcomma}\ y\ {\isacharcolon}{\isacharequal}\ b{\isacharcomma}\ z\ {\isacharcolon}{\isacharequal}\ c{\isasymrparr}{\isachardoublequote}}.  Note that
 | |
| 257 | because of postfix notation the order of fields shown here is | |
| 258 | reverse than in the actual term. Since repeated updates are just | |
| 259 |   function applications, fields may be freely permuted in \isa{{\isachardoublequote}{\isasymlparr}x\ {\isacharcolon}{\isacharequal}\ a{\isacharcomma}\ y\ {\isacharcolon}{\isacharequal}\ b{\isacharcomma}\ z\ {\isacharcolon}{\isacharequal}\ c{\isasymrparr}{\isachardoublequote}}, as far as logical equality is concerned.
 | |
| 260 | Thus commutativity of independent updates can be proven within the | |
| 261 | logic for any two fields, but not as a general theorem. | |
| 262 | ||
| 263 |   \medskip The \textbf{make} operation provides a cumulative record
 | |
| 264 | constructor function: | |
| 265 | ||
| 266 |   \begin{matharray}{lll}
 | |
| 26852 | 267 |     \isa{{\isachardoublequote}t{\isachardot}make{\isachardoublequote}} & \isa{{\isachardoublequote}{\isacharcolon}{\isacharcolon}{\isachardoublequote}} & \isa{{\isachardoublequote}{\isasymsigma}\isactrlsub {\isadigit{1}}\ {\isasymRightarrow}\ {\isasymdots}\ {\isasymsigma}\isactrlsub n\ {\isasymRightarrow}\ {\isasymlparr}\isactrlvec c\ {\isacharcolon}{\isacharcolon}\ \isactrlvec {\isasymsigma}{\isasymrparr}{\isachardoublequote}} \\
 | 
| 26849 | 268 |   \end{matharray}
 | 
| 269 | ||
| 270 | \medskip We now reconsider the case of non-root records, which are | |
| 271 | derived of some parent. In general, the latter may depend on | |
| 272 |   another parent as well, resulting in a list of \emph{ancestor
 | |
| 273 | records}. Appending the lists of fields of all ancestors results in | |
| 274 | a certain field prefix. The record package automatically takes care | |
| 275 | of this by lifting operations over this context of ancestor fields. | |
| 276 |   Assuming that \isa{{\isachardoublequote}{\isacharparenleft}{\isasymalpha}\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymalpha}\isactrlsub m{\isacharparenright}\ t{\isachardoublequote}} has ancestor
 | |
| 277 |   fields \isa{{\isachardoublequote}b\isactrlsub {\isadigit{1}}\ {\isacharcolon}{\isacharcolon}\ {\isasymrho}\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ b\isactrlsub k\ {\isacharcolon}{\isacharcolon}\ {\isasymrho}\isactrlsub k{\isachardoublequote}},
 | |
| 278 | the above record operations will get the following types: | |
| 279 | ||
| 26852 | 280 | \medskip | 
| 281 |   \begin{tabular}{lll}
 | |
| 282 |     \isa{{\isachardoublequote}c\isactrlsub i{\isachardoublequote}} & \isa{{\isachardoublequote}{\isacharcolon}{\isacharcolon}{\isachardoublequote}} & \isa{{\isachardoublequote}{\isasymlparr}\isactrlvec b\ {\isacharcolon}{\isacharcolon}\ \isactrlvec {\isasymrho}{\isacharcomma}\ \isactrlvec c\ {\isacharcolon}{\isacharcolon}\ \isactrlvec {\isasymsigma}{\isacharcomma}\ {\isasymdots}\ {\isacharcolon}{\isacharcolon}\ {\isasymzeta}{\isasymrparr}\ {\isasymRightarrow}\ {\isasymsigma}\isactrlsub i{\isachardoublequote}} \\
 | |
| 283 |     \isa{{\isachardoublequote}c\isactrlsub i{\isacharunderscore}update{\isachardoublequote}} & \isa{{\isachardoublequote}{\isacharcolon}{\isacharcolon}{\isachardoublequote}} & \isa{{\isachardoublequote}{\isasymsigma}\isactrlsub i\ {\isasymRightarrow}\ {\isasymlparr}\isactrlvec b\ {\isacharcolon}{\isacharcolon}\ \isactrlvec {\isasymrho}{\isacharcomma}\ \isactrlvec c\ {\isacharcolon}{\isacharcolon}\ \isactrlvec {\isasymsigma}{\isacharcomma}\ {\isasymdots}\ {\isacharcolon}{\isacharcolon}\ {\isasymzeta}{\isasymrparr}\ {\isasymRightarrow}\ {\isasymlparr}\isactrlvec b\ {\isacharcolon}{\isacharcolon}\ \isactrlvec {\isasymrho}{\isacharcomma}\ \isactrlvec c\ {\isacharcolon}{\isacharcolon}\ \isactrlvec {\isasymsigma}{\isacharcomma}\ {\isasymdots}\ {\isacharcolon}{\isacharcolon}\ {\isasymzeta}{\isasymrparr}{\isachardoublequote}} \\
 | |
| 284 |     \isa{{\isachardoublequote}t{\isachardot}make{\isachardoublequote}} & \isa{{\isachardoublequote}{\isacharcolon}{\isacharcolon}{\isachardoublequote}} & \isa{{\isachardoublequote}{\isasymrho}\isactrlsub {\isadigit{1}}\ {\isasymRightarrow}\ {\isasymdots}\ {\isasymrho}\isactrlsub k\ {\isasymRightarrow}\ {\isasymsigma}\isactrlsub {\isadigit{1}}\ {\isasymRightarrow}\ {\isasymdots}\ {\isasymsigma}\isactrlsub n\ {\isasymRightarrow}\ {\isasymlparr}\isactrlvec b\ {\isacharcolon}{\isacharcolon}\ \isactrlvec {\isasymrho}{\isacharcomma}\ \isactrlvec c\ {\isacharcolon}{\isacharcolon}\ \isactrlvec {\isasymsigma}{\isasymrparr}{\isachardoublequote}} \\
 | |
| 285 |   \end{tabular}
 | |
| 286 | \medskip | |
| 26849 | 287 | |
| 26852 | 288 | \noindent Some further operations address the extension aspect of a | 
| 26849 | 289 |   derived record scheme specifically: \isa{{\isachardoublequote}t{\isachardot}fields{\isachardoublequote}} produces a
 | 
| 290 | record fragment consisting of exactly the new fields introduced here | |
| 291 |   (the result may serve as a more part elsewhere); \isa{{\isachardoublequote}t{\isachardot}extend{\isachardoublequote}}
 | |
| 292 |   takes a fixed record and adds a given more part; \isa{{\isachardoublequote}t{\isachardot}truncate{\isachardoublequote}} restricts a record scheme to a fixed record.
 | |
| 293 | ||
| 26852 | 294 | \medskip | 
| 295 |   \begin{tabular}{lll}
 | |
| 296 |     \isa{{\isachardoublequote}t{\isachardot}fields{\isachardoublequote}} & \isa{{\isachardoublequote}{\isacharcolon}{\isacharcolon}{\isachardoublequote}} & \isa{{\isachardoublequote}{\isasymsigma}\isactrlsub {\isadigit{1}}\ {\isasymRightarrow}\ {\isasymdots}\ {\isasymsigma}\isactrlsub n\ {\isasymRightarrow}\ {\isasymlparr}\isactrlvec c\ {\isacharcolon}{\isacharcolon}\ \isactrlvec {\isasymsigma}{\isasymrparr}{\isachardoublequote}} \\
 | |
| 297 |     \isa{{\isachardoublequote}t{\isachardot}extend{\isachardoublequote}} & \isa{{\isachardoublequote}{\isacharcolon}{\isacharcolon}{\isachardoublequote}} & \isa{{\isachardoublequote}{\isasymlparr}\isactrlvec b\ {\isacharcolon}{\isacharcolon}\ \isactrlvec {\isasymrho}{\isacharcomma}\ \isactrlvec c\ {\isacharcolon}{\isacharcolon}\ \isactrlvec {\isasymsigma}{\isasymrparr}\ {\isasymRightarrow}\ {\isasymzeta}\ {\isasymRightarrow}\ {\isasymlparr}\isactrlvec b\ {\isacharcolon}{\isacharcolon}\ \isactrlvec {\isasymrho}{\isacharcomma}\ \isactrlvec c\ {\isacharcolon}{\isacharcolon}\ \isactrlvec {\isasymsigma}{\isacharcomma}\ {\isasymdots}\ {\isacharcolon}{\isacharcolon}\ {\isasymzeta}{\isasymrparr}{\isachardoublequote}} \\
 | |
| 298 |     \isa{{\isachardoublequote}t{\isachardot}truncate{\isachardoublequote}} & \isa{{\isachardoublequote}{\isacharcolon}{\isacharcolon}{\isachardoublequote}} & \isa{{\isachardoublequote}{\isasymlparr}\isactrlvec b\ {\isacharcolon}{\isacharcolon}\ \isactrlvec {\isasymrho}{\isacharcomma}\ \isactrlvec c\ {\isacharcolon}{\isacharcolon}\ \isactrlvec {\isasymsigma}{\isacharcomma}\ {\isasymdots}\ {\isacharcolon}{\isacharcolon}\ {\isasymzeta}{\isasymrparr}\ {\isasymRightarrow}\ {\isasymlparr}\isactrlvec b\ {\isacharcolon}{\isacharcolon}\ \isactrlvec {\isasymrho}{\isacharcomma}\ \isactrlvec c\ {\isacharcolon}{\isacharcolon}\ \isactrlvec {\isasymsigma}{\isasymrparr}{\isachardoublequote}} \\
 | |
| 299 |   \end{tabular}
 | |
| 300 | \medskip | |
| 26849 | 301 | |
| 302 |   \noindent Note that \isa{{\isachardoublequote}t{\isachardot}make{\isachardoublequote}} and \isa{{\isachardoublequote}t{\isachardot}fields{\isachardoublequote}} coincide
 | |
| 303 | for root records.% | |
| 304 | \end{isamarkuptext}%
 | |
| 305 | \isamarkuptrue% | |
| 306 | % | |
| 307 | \isamarkupsubsection{Derived rules and proof tools%
 | |
| 308 | } | |
| 309 | \isamarkuptrue% | |
| 310 | % | |
| 311 | \begin{isamarkuptext}%
 | |
| 312 | The record package proves several results internally, declaring | |
| 313 | these facts to appropriate proof tools. This enables users to | |
| 314 | reason about record structures quite conveniently. Assume that | |
| 315 |   \isa{t} is a record type as specified above.
 | |
| 316 | ||
| 317 |   \begin{enumerate}
 | |
| 318 | ||
| 319 | \item Standard conversions for selectors or updates applied to | |
| 320 | record constructor terms are made part of the default Simplifier | |
| 321 | context; thus proofs by reduction of basic operations merely require | |
| 26902 | 322 |   the \hyperlink{method.simp}{\mbox{\isa{simp}}} method without further arguments.  These rules
 | 
| 26849 | 323 |   are available as \isa{{\isachardoublequote}t{\isachardot}simps{\isachardoublequote}}, too.
 | 
| 324 | ||
| 325 | \item Selectors applied to updated records are automatically reduced | |
| 326 | by an internal simplification procedure, which is also part of the | |
| 327 | standard Simplifier setup. | |
| 328 | ||
| 329 |   \item Inject equations of a form analogous to \isa{{\isachardoublequote}{\isacharparenleft}x{\isacharcomma}\ y{\isacharparenright}\ {\isacharequal}\ {\isacharparenleft}x{\isacharprime}{\isacharcomma}\ y{\isacharprime}{\isacharparenright}\ {\isasymequiv}\ x\ {\isacharequal}\ x{\isacharprime}\ {\isasymand}\ y\ {\isacharequal}\ y{\isacharprime}{\isachardoublequote}} are declared to the Simplifier and Classical
 | |
| 26902 | 330 |   Reasoner as \hyperlink{attribute.iff}{\mbox{\isa{iff}}} rules.  These rules are available as
 | 
| 26849 | 331 |   \isa{{\isachardoublequote}t{\isachardot}iffs{\isachardoublequote}}.
 | 
| 332 | ||
| 333 |   \item The introduction rule for record equality analogous to \isa{{\isachardoublequote}x\ r\ {\isacharequal}\ x\ r{\isacharprime}\ {\isasymLongrightarrow}\ y\ r\ {\isacharequal}\ y\ r{\isacharprime}\ {\isasymdots}\ {\isasymLongrightarrow}\ r\ {\isacharequal}\ r{\isacharprime}{\isachardoublequote}} is declared to the Simplifier,
 | |
| 26902 | 334 |   and as the basic rule context as ``\hyperlink{attribute.intro}{\mbox{\isa{intro}}}\isa{{\isachardoublequote}{\isacharquery}{\isachardoublequote}}''.
 | 
| 26849 | 335 |   The rule is called \isa{{\isachardoublequote}t{\isachardot}equality{\isachardoublequote}}.
 | 
| 336 | ||
| 337 | \item Representations of arbitrary record expressions as canonical | |
| 26902 | 338 |   constructor terms are provided both in \hyperlink{method.cases}{\mbox{\isa{cases}}} and \hyperlink{method.induct}{\mbox{\isa{induct}}} format (cf.\ the generic proof methods of the same name,
 | 
| 26849 | 339 |   \secref{sec:cases-induct}).  Several variations are available, for
 | 
| 340 | fixed records, record schemes, more parts etc. | |
| 341 | ||
| 342 | The generic proof methods are sufficiently smart to pick the most | |
| 343 | sensible rule according to the type of the indicated record | |
| 344 |   expression: users just need to apply something like ``\isa{{\isachardoublequote}{\isacharparenleft}cases\ r{\isacharparenright}{\isachardoublequote}}'' to a certain proof problem.
 | |
| 345 | ||
| 346 |   \item The derived record operations \isa{{\isachardoublequote}t{\isachardot}make{\isachardoublequote}}, \isa{{\isachardoublequote}t{\isachardot}fields{\isachardoublequote}}, \isa{{\isachardoublequote}t{\isachardot}extend{\isachardoublequote}}, \isa{{\isachardoublequote}t{\isachardot}truncate{\isachardoublequote}} are \emph{not}
 | |
| 347 | treated automatically, but usually need to be expanded by hand, | |
| 348 |   using the collective fact \isa{{\isachardoublequote}t{\isachardot}defs{\isachardoublequote}}.
 | |
| 349 | ||
| 350 |   \end{enumerate}%
 | |
| 351 | \end{isamarkuptext}%
 | |
| 352 | \isamarkuptrue% | |
| 353 | % | |
| 354 | \isamarkupsection{Datatypes \label{sec:hol-datatype}%
 | |
| 355 | } | |
| 356 | \isamarkuptrue% | |
| 357 | % | |
| 358 | \begin{isamarkuptext}%
 | |
| 359 | \begin{matharray}{rcl}
 | |
| 28788 | 360 |     \indexdef{HOL}{command}{datatype}\hypertarget{command.HOL.datatype}{\hyperlink{command.HOL.datatype}{\mbox{\isa{\isacommand{datatype}}}}} & : & \isa{{\isachardoublequote}theory\ {\isasymrightarrow}\ theory{\isachardoublequote}} \\
 | 
| 361 |   \indexdef{HOL}{command}{rep\_datatype}\hypertarget{command.HOL.rep-datatype}{\hyperlink{command.HOL.rep-datatype}{\mbox{\isa{\isacommand{rep{\isacharunderscore}datatype}}}}} & : & \isa{{\isachardoublequote}theory\ {\isasymrightarrow}\ proof{\isacharparenleft}prove{\isacharparenright}{\isachardoublequote}} \\
 | |
| 26849 | 362 |   \end{matharray}
 | 
| 363 | ||
| 364 |   \begin{rail}
 | |
| 365 | 'datatype' (dtspec + 'and') | |
| 366 | ; | |
| 27452 | 367 |     'rep\_datatype' ('(' (name +) ')')? (term +)
 | 
| 26849 | 368 | ; | 
| 369 | ||
| 35351 
7425aece4ee3
allow general mixfix syntax for type constructors;
 wenzelm parents: 
34172diff
changeset | 370 | dtspec: parname? typespec mixfix? '=' (cons + '|') | 
| 26849 | 371 | ; | 
| 31913 | 372 | cons: name ( type * ) mixfix? | 
| 26849 | 373 |   \end{rail}
 | 
| 374 | ||
| 28788 | 375 |   \begin{description}
 | 
| 26849 | 376 | |
| 28788 | 377 |   \item \hyperlink{command.HOL.datatype}{\mbox{\isa{\isacommand{datatype}}}} defines inductive datatypes in
 | 
| 26849 | 378 | HOL. | 
| 379 | ||
| 28788 | 380 |   \item \hyperlink{command.HOL.rep-datatype}{\mbox{\isa{\isacommand{rep{\isacharunderscore}datatype}}}} represents existing types as
 | 
| 26849 | 381 | inductive ones, generating the standard infrastructure of derived | 
| 382 | concepts (primitive recursion etc.). | |
| 383 | ||
| 28788 | 384 |   \end{description}
 | 
| 26849 | 385 | |
| 386 | The induction and exhaustion theorems generated provide case names | |
| 387 | according to the constructors involved, while parameters are named | |
| 388 |   after the types (see also \secref{sec:cases-induct}).
 | |
| 389 | ||
| 390 |   See \cite{isabelle-HOL} for more details on datatypes, but beware of
 | |
| 391 | the old-style theory syntax being used there! Apart from proper | |
| 392 | proof methods for case-analysis and induction, there are also | |
| 26907 | 393 |   emulations of ML tactics \hyperlink{method.HOL.case-tac}{\mbox{\isa{case{\isacharunderscore}tac}}} and \hyperlink{method.HOL.induct-tac}{\mbox{\isa{induct{\isacharunderscore}tac}}} available, see \secref{sec:hol-induct-tac}; these admit
 | 
| 26849 | 394 | to refer directly to the internal structure of subgoals (including | 
| 395 | internally bound parameters).% | |
| 396 | \end{isamarkuptext}%
 | |
| 397 | \isamarkuptrue% | |
| 398 | % | |
| 399 | \isamarkupsection{Recursive functions \label{sec:recursion}%
 | |
| 400 | } | |
| 401 | \isamarkuptrue% | |
| 402 | % | |
| 403 | \begin{isamarkuptext}%
 | |
| 404 | \begin{matharray}{rcl}
 | |
| 28788 | 405 |     \indexdef{HOL}{command}{primrec}\hypertarget{command.HOL.primrec}{\hyperlink{command.HOL.primrec}{\mbox{\isa{\isacommand{primrec}}}}} & : & \isa{{\isachardoublequote}local{\isacharunderscore}theory\ {\isasymrightarrow}\ local{\isacharunderscore}theory{\isachardoublequote}} \\
 | 
| 406 |     \indexdef{HOL}{command}{fun}\hypertarget{command.HOL.fun}{\hyperlink{command.HOL.fun}{\mbox{\isa{\isacommand{fun}}}}} & : & \isa{{\isachardoublequote}local{\isacharunderscore}theory\ {\isasymrightarrow}\ local{\isacharunderscore}theory{\isachardoublequote}} \\
 | |
| 407 |     \indexdef{HOL}{command}{function}\hypertarget{command.HOL.function}{\hyperlink{command.HOL.function}{\mbox{\isa{\isacommand{function}}}}} & : & \isa{{\isachardoublequote}local{\isacharunderscore}theory\ {\isasymrightarrow}\ proof{\isacharparenleft}prove{\isacharparenright}{\isachardoublequote}} \\
 | |
| 408 |     \indexdef{HOL}{command}{termination}\hypertarget{command.HOL.termination}{\hyperlink{command.HOL.termination}{\mbox{\isa{\isacommand{termination}}}}} & : & \isa{{\isachardoublequote}local{\isacharunderscore}theory\ {\isasymrightarrow}\ proof{\isacharparenleft}prove{\isacharparenright}{\isachardoublequote}} \\
 | |
| 26849 | 409 |   \end{matharray}
 | 
| 410 | ||
| 411 |   \begin{rail}
 | |
| 412 | 'primrec' target? fixes 'where' equations | |
| 413 | ; | |
| 414 | equations: (thmdecl? prop + '|') | |
| 415 | ; | |
| 26987 | 416 |     ('fun' | 'function') target? functionopts? fixes 'where' clauses
 | 
| 26849 | 417 | ; | 
| 418 |     clauses: (thmdecl? prop ('(' 'otherwise' ')')? + '|')
 | |
| 419 | ; | |
| 26987 | 420 |     functionopts: '(' (('sequential' | 'domintros' | 'tailrec' | 'default' term) + ',') ')'
 | 
| 26849 | 421 | ; | 
| 422 | 'termination' ( term )? | |
| 423 |   \end{rail}
 | |
| 424 | ||
| 28788 | 425 |   \begin{description}
 | 
| 26849 | 426 | |
| 28788 | 427 |   \item \hyperlink{command.HOL.primrec}{\mbox{\isa{\isacommand{primrec}}}} defines primitive recursive
 | 
| 26849 | 428 |   functions over datatypes, see also \cite{isabelle-HOL}.
 | 
| 429 | ||
| 28788 | 430 |   \item \hyperlink{command.HOL.function}{\mbox{\isa{\isacommand{function}}}} defines functions by general
 | 
| 26849 | 431 | wellfounded recursion. A detailed description with examples can be | 
| 432 |   found in \cite{isabelle-function}. The function is specified by a
 | |
| 433 | set of (possibly conditional) recursive equations with arbitrary | |
| 434 | pattern matching. The command generates proof obligations for the | |
| 435 | completeness and the compatibility of patterns. | |
| 436 | ||
| 437 | The defined function is considered partial, and the resulting | |
| 438 |   simplification rules (named \isa{{\isachardoublequote}f{\isachardot}psimps{\isachardoublequote}}) and induction rule
 | |
| 439 |   (named \isa{{\isachardoublequote}f{\isachardot}pinduct{\isachardoublequote}}) are guarded by a generated domain
 | |
| 26902 | 440 |   predicate \isa{{\isachardoublequote}f{\isacharunderscore}dom{\isachardoublequote}}. The \hyperlink{command.HOL.termination}{\mbox{\isa{\isacommand{termination}}}}
 | 
| 26849 | 441 | command can then be used to establish that the function is total. | 
| 442 | ||
| 28788 | 443 |   \item \hyperlink{command.HOL.fun}{\mbox{\isa{\isacommand{fun}}}} is a shorthand notation for ``\hyperlink{command.HOL.function}{\mbox{\isa{\isacommand{function}}}}~\isa{{\isachardoublequote}{\isacharparenleft}sequential{\isacharparenright}{\isachardoublequote}}, followed by automated
 | 
| 444 | proof attempts regarding pattern matching and termination. See | |
| 445 |   \cite{isabelle-function} for further details.
 | |
| 26849 | 446 | |
| 28788 | 447 |   \item \hyperlink{command.HOL.termination}{\mbox{\isa{\isacommand{termination}}}}~\isa{f} commences a
 | 
| 26849 | 448 |   termination proof for the previously defined function \isa{f}.  If
 | 
| 449 | this is omitted, the command refers to the most recent function | |
| 450 | definition. After the proof is closed, the recursive equations and | |
| 451 | the induction principle is established. | |
| 452 | ||
| 28788 | 453 |   \end{description}
 | 
| 26849 | 454 | |
| 27452 | 455 |   Recursive definitions introduced by the \hyperlink{command.HOL.function}{\mbox{\isa{\isacommand{function}}}}
 | 
| 456 | command accommodate | |
| 26849 | 457 |   reasoning by induction (cf.\ \secref{sec:cases-induct}): rule \isa{{\isachardoublequote}c{\isachardot}induct{\isachardoublequote}} (where \isa{c} is the name of the function definition)
 | 
| 458 | refers to a specific induction rule, with parameters named according | |
| 33857 | 459 | to the user-specified equations. Cases are numbered (starting from 1). | 
| 460 | ||
| 461 |   For \hyperlink{command.HOL.primrec}{\mbox{\isa{\isacommand{primrec}}}}, the induction principle coincides
 | |
| 27452 | 462 | with structural recursion on the datatype the recursion is carried | 
| 463 | out. | |
| 26849 | 464 | |
| 465 | The equations provided by these packages may be referred later as | |
| 466 |   theorem list \isa{{\isachardoublequote}f{\isachardot}simps{\isachardoublequote}}, where \isa{f} is the (collective)
 | |
| 467 | name of the functions defined. Individual equations may be named | |
| 468 | explicitly as well. | |
| 469 | ||
| 26902 | 470 |   The \hyperlink{command.HOL.function}{\mbox{\isa{\isacommand{function}}}} command accepts the following
 | 
| 26849 | 471 | options. | 
| 472 | ||
| 28788 | 473 |   \begin{description}
 | 
| 26849 | 474 | |
| 28788 | 475 |   \item \isa{sequential} enables a preprocessor which disambiguates
 | 
| 476 | overlapping patterns by making them mutually disjoint. Earlier | |
| 477 | equations take precedence over later ones. This allows to give the | |
| 478 | specification in a format very similar to functional programming. | |
| 479 | Note that the resulting simplification and induction rules | |
| 480 | correspond to the transformed specification, not the one given | |
| 26849 | 481 | originally. This usually means that each equation given by the user | 
| 36139 | 482 | may result in several theorems. Also note that this automatic | 
| 26849 | 483 | transformation only works for ML-style datatype patterns. | 
| 484 | ||
| 28788 | 485 |   \item \isa{domintros} enables the automated generation of
 | 
| 26849 | 486 | introduction rules for the domain predicate. While mostly not | 
| 487 | needed, they can be helpful in some proofs about partial functions. | |
| 488 | ||
| 28788 | 489 |   \item \isa{tailrec} generates the unconstrained recursive
 | 
| 26849 | 490 | equations even without a termination proof, provided that the | 
| 491 | function is tail-recursive. This currently only works | |
| 492 | ||
| 28788 | 493 |   \item \isa{{\isachardoublequote}default\ d{\isachardoublequote}} allows to specify a default value for a
 | 
| 26849 | 494 |   (partial) function, which will ensure that \isa{{\isachardoublequote}f\ x\ {\isacharequal}\ d\ x{\isachardoublequote}}
 | 
| 495 |   whenever \isa{{\isachardoublequote}x\ {\isasymnotin}\ f{\isacharunderscore}dom{\isachardoublequote}}.
 | |
| 496 | ||
| 28788 | 497 |   \end{description}%
 | 
| 26849 | 498 | \end{isamarkuptext}%
 | 
| 499 | \isamarkuptrue% | |
| 500 | % | |
| 501 | \isamarkupsubsection{Proof methods related to recursive definitions%
 | |
| 502 | } | |
| 503 | \isamarkuptrue% | |
| 504 | % | |
| 505 | \begin{isamarkuptext}%
 | |
| 506 | \begin{matharray}{rcl}
 | |
| 28788 | 507 |     \indexdef{HOL}{method}{pat\_completeness}\hypertarget{method.HOL.pat-completeness}{\hyperlink{method.HOL.pat-completeness}{\mbox{\isa{pat{\isacharunderscore}completeness}}}} & : & \isa{method} \\
 | 
| 508 |     \indexdef{HOL}{method}{relation}\hypertarget{method.HOL.relation}{\hyperlink{method.HOL.relation}{\mbox{\isa{relation}}}} & : & \isa{method} \\
 | |
| 509 |     \indexdef{HOL}{method}{lexicographic\_order}\hypertarget{method.HOL.lexicographic-order}{\hyperlink{method.HOL.lexicographic-order}{\mbox{\isa{lexicographic{\isacharunderscore}order}}}} & : & \isa{method} \\
 | |
| 33858 | 510 |     \indexdef{HOL}{method}{size\_change}\hypertarget{method.HOL.size-change}{\hyperlink{method.HOL.size-change}{\mbox{\isa{size{\isacharunderscore}change}}}} & : & \isa{method} \\
 | 
| 26849 | 511 |   \end{matharray}
 | 
| 512 | ||
| 513 |   \begin{rail}
 | |
| 514 | 'relation' term | |
| 515 | ; | |
| 31913 | 516 | 'lexicographic\_order' ( clasimpmod * ) | 
| 26849 | 517 | ; | 
| 33858 | 518 | 'size\_change' ( orders ( clasimpmod * ) ) | 
| 519 | ; | |
| 520 | orders: ( 'max' | 'min' | 'ms' ) * | |
| 26849 | 521 |   \end{rail}
 | 
| 522 | ||
| 28788 | 523 |   \begin{description}
 | 
| 26849 | 524 | |
| 28788 | 525 |   \item \hyperlink{method.HOL.pat-completeness}{\mbox{\isa{pat{\isacharunderscore}completeness}}} is a specialized method to
 | 
| 26849 | 526 | solve goals regarding the completeness of pattern matching, as | 
| 26902 | 527 |   required by the \hyperlink{command.HOL.function}{\mbox{\isa{\isacommand{function}}}} package (cf.\
 | 
| 26849 | 528 |   \cite{isabelle-function}).
 | 
| 529 | ||
| 28788 | 530 |   \item \hyperlink{method.HOL.relation}{\mbox{\isa{relation}}}~\isa{R} introduces a termination
 | 
| 26849 | 531 |   proof using the relation \isa{R}.  The resulting proof state will
 | 
| 532 |   contain goals expressing that \isa{R} is wellfounded, and that the
 | |
| 533 |   arguments of recursive calls decrease with respect to \isa{R}.
 | |
| 534 | Usually, this method is used as the initial proof step of manual | |
| 535 | termination proofs. | |
| 536 | ||
| 28788 | 537 |   \item \hyperlink{method.HOL.lexicographic-order}{\mbox{\isa{lexicographic{\isacharunderscore}order}}} attempts a fully
 | 
| 26849 | 538 | automated termination proof by searching for a lexicographic | 
| 539 | combination of size measures on the arguments of the function. The | |
| 26902 | 540 |   method accepts the same arguments as the \hyperlink{method.auto}{\mbox{\isa{auto}}} method,
 | 
| 26849 | 541 | which it uses internally to prove local descents. The same context | 
| 26902 | 542 |   modifiers as for \hyperlink{method.auto}{\mbox{\isa{auto}}} are accepted, see
 | 
| 26849 | 543 |   \secref{sec:clasimp}.
 | 
| 544 | ||
| 545 | In case of failure, extensive information is printed, which can help | |
| 546 |   to analyse the situation (cf.\ \cite{isabelle-function}).
 | |
| 547 | ||
| 33858 | 548 |   \item \hyperlink{method.HOL.size-change}{\mbox{\isa{size{\isacharunderscore}change}}} also works on termination goals,
 | 
| 549 | using a variation of the size-change principle, together with a | |
| 550 |   graph decomposition technique (see \cite{krauss_phd} for details).
 | |
| 551 |   Three kinds of orders are used internally: \isa{max}, \isa{min},
 | |
| 552 |   and \isa{ms} (multiset), which is only available when the theory
 | |
| 553 |   \isa{Multiset} is loaded. When no order kinds are given, they are
 | |
| 554 | tried in order. The search for a termination proof uses SAT solving | |
| 555 | internally. | |
| 556 | ||
| 557 |  For local descent proofs, the same context modifiers as for \hyperlink{method.auto}{\mbox{\isa{auto}}} are accepted, see \secref{sec:clasimp}.
 | |
| 558 | ||
| 28788 | 559 |   \end{description}%
 | 
| 26849 | 560 | \end{isamarkuptext}%
 | 
| 561 | \isamarkuptrue% | |
| 562 | % | |
| 563 | \isamarkupsubsection{Old-style recursive function definitions (TFL)%
 | |
| 564 | } | |
| 565 | \isamarkuptrue% | |
| 566 | % | |
| 567 | \begin{isamarkuptext}%
 | |
| 26907 | 568 | The old TFL commands \hyperlink{command.HOL.recdef}{\mbox{\isa{\isacommand{recdef}}}} and \hyperlink{command.HOL.recdef-tc}{\mbox{\isa{\isacommand{recdef{\isacharunderscore}tc}}}} for defining recursive are mostly obsolete; \hyperlink{command.HOL.function}{\mbox{\isa{\isacommand{function}}}} or \hyperlink{command.HOL.fun}{\mbox{\isa{\isacommand{fun}}}} should be used instead.
 | 
| 26849 | 569 | |
| 570 |   \begin{matharray}{rcl}
 | |
| 28788 | 571 |     \indexdef{HOL}{command}{recdef}\hypertarget{command.HOL.recdef}{\hyperlink{command.HOL.recdef}{\mbox{\isa{\isacommand{recdef}}}}} & : & \isa{{\isachardoublequote}theory\ {\isasymrightarrow}\ theory{\isacharparenright}{\isachardoublequote}} \\
 | 
| 572 |     \indexdef{HOL}{command}{recdef\_tc}\hypertarget{command.HOL.recdef-tc}{\hyperlink{command.HOL.recdef-tc}{\mbox{\isa{\isacommand{recdef{\isacharunderscore}tc}}}}}\isa{{\isachardoublequote}\isactrlsup {\isacharasterisk}{\isachardoublequote}} & : & \isa{{\isachardoublequote}theory\ {\isasymrightarrow}\ proof{\isacharparenleft}prove{\isacharparenright}{\isachardoublequote}} \\
 | |
| 26849 | 573 |   \end{matharray}
 | 
| 574 | ||
| 575 |   \begin{rail}
 | |
| 576 |     'recdef' ('(' 'permissive' ')')? \\ name term (prop +) hints?
 | |
| 577 | ; | |
| 578 | recdeftc thmdecl? tc | |
| 579 | ; | |
| 31913 | 580 |     hints: '(' 'hints' ( recdefmod * ) ')'
 | 
| 26849 | 581 | ; | 
| 582 |     recdefmod: (('recdef\_simp' | 'recdef\_cong' | 'recdef\_wf') (() | 'add' | 'del') ':' thmrefs) | clasimpmod
 | |
| 583 | ; | |
| 584 |     tc: nameref ('(' nat ')')?
 | |
| 585 | ; | |
| 586 |   \end{rail}
 | |
| 587 | ||
| 28788 | 588 |   \begin{description}
 | 
| 26849 | 589 | |
| 28788 | 590 |   \item \hyperlink{command.HOL.recdef}{\mbox{\isa{\isacommand{recdef}}}} defines general well-founded
 | 
| 26849 | 591 | recursive functions (using the TFL package), see also | 
| 592 |   \cite{isabelle-HOL}.  The ``\isa{{\isachardoublequote}{\isacharparenleft}permissive{\isacharparenright}{\isachardoublequote}}'' option tells
 | |
| 593 | TFL to recover from failed proof attempts, returning unfinished | |
| 594 |   results.  The \isa{recdef{\isacharunderscore}simp}, \isa{recdef{\isacharunderscore}cong}, and \isa{recdef{\isacharunderscore}wf} hints refer to auxiliary rules to be used in the internal
 | |
| 26902 | 595 |   automated proof process of TFL.  Additional \hyperlink{syntax.clasimpmod}{\mbox{\isa{clasimpmod}}}
 | 
| 26849 | 596 |   declarations (cf.\ \secref{sec:clasimp}) may be given to tune the
 | 
| 597 |   context of the Simplifier (cf.\ \secref{sec:simplifier}) and
 | |
| 598 |   Classical reasoner (cf.\ \secref{sec:classical}).
 | |
| 599 | ||
| 28788 | 600 |   \item \hyperlink{command.HOL.recdef-tc}{\mbox{\isa{\isacommand{recdef{\isacharunderscore}tc}}}}~\isa{{\isachardoublequote}c\ {\isacharparenleft}i{\isacharparenright}{\isachardoublequote}} recommences the
 | 
| 26849 | 601 |   proof for leftover termination condition number \isa{i} (default
 | 
| 26902 | 602 |   1) as generated by a \hyperlink{command.HOL.recdef}{\mbox{\isa{\isacommand{recdef}}}} definition of
 | 
| 26849 | 603 |   constant \isa{c}.
 | 
| 604 | ||
| 26902 | 605 |   Note that in most cases, \hyperlink{command.HOL.recdef}{\mbox{\isa{\isacommand{recdef}}}} is able to finish
 | 
| 26849 | 606 | its internal proofs without manual intervention. | 
| 607 | ||
| 28788 | 608 |   \end{description}
 | 
| 26849 | 609 | |
| 26902 | 610 |   \medskip Hints for \hyperlink{command.HOL.recdef}{\mbox{\isa{\isacommand{recdef}}}} may be also declared
 | 
| 26849 | 611 | globally, using the following attributes. | 
| 612 | ||
| 613 |   \begin{matharray}{rcl}
 | |
| 28788 | 614 |     \indexdef{HOL}{attribute}{recdef\_simp}\hypertarget{attribute.HOL.recdef-simp}{\hyperlink{attribute.HOL.recdef-simp}{\mbox{\isa{recdef{\isacharunderscore}simp}}}} & : & \isa{attribute} \\
 | 
| 615 |     \indexdef{HOL}{attribute}{recdef\_cong}\hypertarget{attribute.HOL.recdef-cong}{\hyperlink{attribute.HOL.recdef-cong}{\mbox{\isa{recdef{\isacharunderscore}cong}}}} & : & \isa{attribute} \\
 | |
| 616 |     \indexdef{HOL}{attribute}{recdef\_wf}\hypertarget{attribute.HOL.recdef-wf}{\hyperlink{attribute.HOL.recdef-wf}{\mbox{\isa{recdef{\isacharunderscore}wf}}}} & : & \isa{attribute} \\
 | |
| 26849 | 617 |   \end{matharray}
 | 
| 618 | ||
| 619 |   \begin{rail}
 | |
| 620 |     ('recdef\_simp' | 'recdef\_cong' | 'recdef\_wf') (() | 'add' | 'del')
 | |
| 621 | ; | |
| 622 |   \end{rail}%
 | |
| 623 | \end{isamarkuptext}%
 | |
| 624 | \isamarkuptrue% | |
| 625 | % | |
| 626 | \isamarkupsection{Inductive and coinductive definitions \label{sec:hol-inductive}%
 | |
| 627 | } | |
| 628 | \isamarkuptrue% | |
| 629 | % | |
| 630 | \begin{isamarkuptext}%
 | |
| 631 | An \textbf{inductive definition} specifies the least predicate (or
 | |
| 632 |   set) \isa{R} closed under given rules: applying a rule to elements
 | |
| 633 |   of \isa{R} yields a result within \isa{R}.  For example, a
 | |
| 634 | structural operational semantics is an inductive definition of an | |
| 635 | evaluation relation. | |
| 636 | ||
| 637 |   Dually, a \textbf{coinductive definition} specifies the greatest
 | |
| 638 |   predicate~/ set \isa{R} that is consistent with given rules: every
 | |
| 639 |   element of \isa{R} can be seen as arising by applying a rule to
 | |
| 640 |   elements of \isa{R}.  An important example is using bisimulation
 | |
| 641 | relations to formalise equivalence of processes and infinite data | |
| 642 | structures. | |
| 643 | ||
| 644 | \medskip The HOL package is related to the ZF one, which is | |
| 645 |   described in a separate paper,\footnote{It appeared in CADE
 | |
| 646 |   \cite{paulson-CADE}; a longer version is distributed with Isabelle.}
 | |
| 647 | which you should refer to in case of difficulties. The package is | |
| 648 | simpler than that of ZF thanks to implicit type-checking in HOL. | |
| 649 | The types of the (co)inductive predicates (or sets) determine the | |
| 650 | domain of the fixedpoint definition, and the package does not have | |
| 651 | to use inference rules for type-checking. | |
| 652 | ||
| 653 |   \begin{matharray}{rcl}
 | |
| 28788 | 654 |     \indexdef{HOL}{command}{inductive}\hypertarget{command.HOL.inductive}{\hyperlink{command.HOL.inductive}{\mbox{\isa{\isacommand{inductive}}}}} & : & \isa{{\isachardoublequote}local{\isacharunderscore}theory\ {\isasymrightarrow}\ local{\isacharunderscore}theory{\isachardoublequote}} \\
 | 
| 655 |     \indexdef{HOL}{command}{inductive\_set}\hypertarget{command.HOL.inductive-set}{\hyperlink{command.HOL.inductive-set}{\mbox{\isa{\isacommand{inductive{\isacharunderscore}set}}}}} & : & \isa{{\isachardoublequote}local{\isacharunderscore}theory\ {\isasymrightarrow}\ local{\isacharunderscore}theory{\isachardoublequote}} \\
 | |
| 656 |     \indexdef{HOL}{command}{coinductive}\hypertarget{command.HOL.coinductive}{\hyperlink{command.HOL.coinductive}{\mbox{\isa{\isacommand{coinductive}}}}} & : & \isa{{\isachardoublequote}local{\isacharunderscore}theory\ {\isasymrightarrow}\ local{\isacharunderscore}theory{\isachardoublequote}} \\
 | |
| 657 |     \indexdef{HOL}{command}{coinductive\_set}\hypertarget{command.HOL.coinductive-set}{\hyperlink{command.HOL.coinductive-set}{\mbox{\isa{\isacommand{coinductive{\isacharunderscore}set}}}}} & : & \isa{{\isachardoublequote}local{\isacharunderscore}theory\ {\isasymrightarrow}\ local{\isacharunderscore}theory{\isachardoublequote}} \\
 | |
| 658 |     \indexdef{HOL}{attribute}{mono}\hypertarget{attribute.HOL.mono}{\hyperlink{attribute.HOL.mono}{\mbox{\isa{mono}}}} & : & \isa{attribute} \\
 | |
| 26849 | 659 |   \end{matharray}
 | 
| 660 | ||
| 661 |   \begin{rail}
 | |
| 662 |     ('inductive' | 'inductive\_set' | 'coinductive' | 'coinductive\_set') target? fixes ('for' fixes)? \\
 | |
| 663 |     ('where' clauses)? ('monos' thmrefs)?
 | |
| 664 | ; | |
| 665 | clauses: (thmdecl? prop + '|') | |
| 666 | ; | |
| 667 | 'mono' (() | 'add' | 'del') | |
| 668 | ; | |
| 669 |   \end{rail}
 | |
| 670 | ||
| 28788 | 671 |   \begin{description}
 | 
| 26849 | 672 | |
| 28788 | 673 |   \item \hyperlink{command.HOL.inductive}{\mbox{\isa{\isacommand{inductive}}}} and \hyperlink{command.HOL.coinductive}{\mbox{\isa{\isacommand{coinductive}}}} define (co)inductive predicates from the
 | 
| 26902 | 674 |   introduction rules given in the \hyperlink{keyword.where}{\mbox{\isa{\isakeyword{where}}}} part.  The
 | 
| 675 |   optional \hyperlink{keyword.for}{\mbox{\isa{\isakeyword{for}}}} part contains a list of parameters of the
 | |
| 26849 | 676 | (co)inductive predicates that remain fixed throughout the | 
| 26902 | 677 |   definition.  The optional \hyperlink{keyword.monos}{\mbox{\isa{\isakeyword{monos}}}} section contains
 | 
| 26849 | 678 |   \emph{monotonicity theorems}, which are required for each operator
 | 
| 679 | applied to a recursive set in the introduction rules. There | |
| 680 |   \emph{must} be a theorem of the form \isa{{\isachardoublequote}A\ {\isasymle}\ B\ {\isasymLongrightarrow}\ M\ A\ {\isasymle}\ M\ B{\isachardoublequote}},
 | |
| 681 |   for each premise \isa{{\isachardoublequote}M\ R\isactrlsub i\ t{\isachardoublequote}} in an introduction rule!
 | |
| 682 | ||
| 28788 | 683 |   \item \hyperlink{command.HOL.inductive-set}{\mbox{\isa{\isacommand{inductive{\isacharunderscore}set}}}} and \hyperlink{command.HOL.coinductive-set}{\mbox{\isa{\isacommand{coinductive{\isacharunderscore}set}}}} are wrappers for to the previous commands,
 | 
| 26849 | 684 | allowing the definition of (co)inductive sets. | 
| 685 | ||
| 28788 | 686 |   \item \hyperlink{attribute.HOL.mono}{\mbox{\isa{mono}}} declares monotonicity rules.  These
 | 
| 26902 | 687 |   rule are involved in the automated monotonicity proof of \hyperlink{command.HOL.inductive}{\mbox{\isa{\isacommand{inductive}}}}.
 | 
| 26849 | 688 | |
| 28788 | 689 |   \end{description}%
 | 
| 26849 | 690 | \end{isamarkuptext}%
 | 
| 691 | \isamarkuptrue% | |
| 692 | % | |
| 693 | \isamarkupsubsection{Derived rules%
 | |
| 694 | } | |
| 695 | \isamarkuptrue% | |
| 696 | % | |
| 697 | \begin{isamarkuptext}%
 | |
| 698 | Each (co)inductive definition \isa{R} adds definitions to the
 | |
| 699 | theory and also proves some theorems: | |
| 700 | ||
| 701 |   \begin{description}
 | |
| 702 | ||
| 28788 | 703 |   \item \isa{R{\isachardot}intros} is the list of introduction rules as proven
 | 
| 26849 | 704 | theorems, for the recursive predicates (or sets). The rules are | 
| 705 | also available individually, using the names given them in the | |
| 706 | theory file; | |
| 707 | ||
| 28788 | 708 |   \item \isa{R{\isachardot}cases} is the case analysis (or elimination) rule;
 | 
| 26849 | 709 | |
| 28788 | 710 |   \item \isa{R{\isachardot}induct} or \isa{R{\isachardot}coinduct} is the (co)induction
 | 
| 26849 | 711 | rule. | 
| 712 | ||
| 713 |   \end{description}
 | |
| 714 | ||
| 715 |   When several predicates \isa{{\isachardoublequote}R\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ R\isactrlsub n{\isachardoublequote}} are
 | |
| 716 | defined simultaneously, the list of introduction rules is called | |
| 717 |   \isa{{\isachardoublequote}R\isactrlsub {\isadigit{1}}{\isacharunderscore}{\isasymdots}{\isacharunderscore}R\isactrlsub n{\isachardot}intros{\isachardoublequote}}, the case analysis rules are
 | |
| 718 |   called \isa{{\isachardoublequote}R\isactrlsub {\isadigit{1}}{\isachardot}cases{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ R\isactrlsub n{\isachardot}cases{\isachardoublequote}}, and the list
 | |
| 719 |   of mutual induction rules is called \isa{{\isachardoublequote}R\isactrlsub {\isadigit{1}}{\isacharunderscore}{\isasymdots}{\isacharunderscore}R\isactrlsub n{\isachardot}inducts{\isachardoublequote}}.%
 | |
| 720 | \end{isamarkuptext}%
 | |
| 721 | \isamarkuptrue% | |
| 722 | % | |
| 723 | \isamarkupsubsection{Monotonicity theorems%
 | |
| 724 | } | |
| 725 | \isamarkuptrue% | |
| 726 | % | |
| 727 | \begin{isamarkuptext}%
 | |
| 728 | Each theory contains a default set of theorems that are used in | |
| 729 | monotonicity proofs. New rules can be added to this set via the | |
| 26902 | 730 |   \hyperlink{attribute.HOL.mono}{\mbox{\isa{mono}}} attribute.  The HOL theory \isa{Inductive}
 | 
| 26849 | 731 | shows how this is done. In general, the following monotonicity | 
| 732 | theorems may be added: | |
| 733 | ||
| 734 |   \begin{itemize}
 | |
| 735 | ||
| 736 |   \item Theorems of the form \isa{{\isachardoublequote}A\ {\isasymle}\ B\ {\isasymLongrightarrow}\ M\ A\ {\isasymle}\ M\ B{\isachardoublequote}}, for proving
 | |
| 737 | monotonicity of inductive definitions whose introduction rules have | |
| 738 |   premises involving terms such as \isa{{\isachardoublequote}M\ R\isactrlsub i\ t{\isachardoublequote}}.
 | |
| 739 | ||
| 740 | \item Monotonicity theorems for logical operators, which are of the | |
| 741 |   general form \isa{{\isachardoublequote}{\isacharparenleft}{\isasymdots}\ {\isasymlongrightarrow}\ {\isasymdots}{\isacharparenright}\ {\isasymLongrightarrow}\ {\isasymdots}\ {\isacharparenleft}{\isasymdots}\ {\isasymlongrightarrow}\ {\isasymdots}{\isacharparenright}\ {\isasymLongrightarrow}\ {\isasymdots}\ {\isasymlongrightarrow}\ {\isasymdots}{\isachardoublequote}}.  For example, in
 | |
| 742 |   the case of the operator \isa{{\isachardoublequote}{\isasymor}{\isachardoublequote}}, the corresponding theorem is
 | |
| 743 | \[ | |
| 744 |   \infer{\isa{{\isachardoublequote}P\isactrlsub {\isadigit{1}}\ {\isasymor}\ P\isactrlsub {\isadigit{2}}\ {\isasymlongrightarrow}\ Q\isactrlsub {\isadigit{1}}\ {\isasymor}\ Q\isactrlsub {\isadigit{2}}{\isachardoublequote}}}{\isa{{\isachardoublequote}P\isactrlsub {\isadigit{1}}\ {\isasymlongrightarrow}\ Q\isactrlsub {\isadigit{1}}{\isachardoublequote}} & \isa{{\isachardoublequote}P\isactrlsub {\isadigit{2}}\ {\isasymlongrightarrow}\ Q\isactrlsub {\isadigit{2}}{\isachardoublequote}}}
 | |
| 745 | \] | |
| 746 | ||
| 747 | \item De Morgan style equations for reasoning about the ``polarity'' | |
| 748 | of expressions, e.g. | |
| 749 | \[ | |
| 750 |   \isa{{\isachardoublequote}{\isasymnot}\ {\isasymnot}\ P\ {\isasymlongleftrightarrow}\ P{\isachardoublequote}} \qquad\qquad
 | |
| 751 |   \isa{{\isachardoublequote}{\isasymnot}\ {\isacharparenleft}P\ {\isasymand}\ Q{\isacharparenright}\ {\isasymlongleftrightarrow}\ {\isasymnot}\ P\ {\isasymor}\ {\isasymnot}\ Q{\isachardoublequote}}
 | |
| 752 | \] | |
| 753 | ||
| 754 | \item Equations for reducing complex operators to more primitive | |
| 755 | ones whose monotonicity can easily be proved, e.g. | |
| 756 | \[ | |
| 757 |   \isa{{\isachardoublequote}{\isacharparenleft}P\ {\isasymlongrightarrow}\ Q{\isacharparenright}\ {\isasymlongleftrightarrow}\ {\isasymnot}\ P\ {\isasymor}\ Q{\isachardoublequote}} \qquad\qquad
 | |
| 758 |   \isa{{\isachardoublequote}Ball\ A\ P\ {\isasymequiv}\ {\isasymforall}x{\isachardot}\ x\ {\isasymin}\ A\ {\isasymlongrightarrow}\ P\ x{\isachardoublequote}}
 | |
| 759 | \] | |
| 760 | ||
| 761 |   \end{itemize}
 | |
| 762 | ||
| 763 | %FIXME: Example of an inductive definition% | |
| 764 | \end{isamarkuptext}%
 | |
| 765 | \isamarkuptrue% | |
| 766 | % | |
| 767 | \isamarkupsection{Arithmetic proof support%
 | |
| 768 | } | |
| 769 | \isamarkuptrue% | |
| 770 | % | |
| 771 | \begin{isamarkuptext}%
 | |
| 772 | \begin{matharray}{rcl}
 | |
| 28788 | 773 |     \indexdef{HOL}{method}{arith}\hypertarget{method.HOL.arith}{\hyperlink{method.HOL.arith}{\mbox{\isa{arith}}}} & : & \isa{method} \\
 | 
| 30863 | 774 |     \indexdef{HOL}{attribute}{arith}\hypertarget{attribute.HOL.arith}{\hyperlink{attribute.HOL.arith}{\mbox{\isa{arith}}}} & : & \isa{attribute} \\
 | 
| 28788 | 775 |     \indexdef{HOL}{attribute}{arith\_split}\hypertarget{attribute.HOL.arith-split}{\hyperlink{attribute.HOL.arith-split}{\mbox{\isa{arith{\isacharunderscore}split}}}} & : & \isa{attribute} \\
 | 
| 26849 | 776 |   \end{matharray}
 | 
| 777 | ||
| 26902 | 778 |   The \hyperlink{method.HOL.arith}{\mbox{\isa{arith}}} method decides linear arithmetic problems
 | 
| 26849 | 779 |   (on types \isa{nat}, \isa{int}, \isa{real}).  Any current
 | 
| 780 | facts are inserted into the goal before running the procedure. | |
| 781 | ||
| 30863 | 782 |   The \hyperlink{attribute.HOL.arith}{\mbox{\isa{arith}}} attribute declares facts that are
 | 
| 783 | always supplied to the arithmetic provers implicitly. | |
| 26849 | 784 | |
| 30863 | 785 |   The \hyperlink{attribute.HOL.arith-split}{\mbox{\isa{arith{\isacharunderscore}split}}} attribute declares case split
 | 
| 30865 | 786 |   rules to be expanded before \hyperlink{method.HOL.arith}{\mbox{\isa{arith}}} is invoked.
 | 
| 30863 | 787 | |
| 788 | Note that a simpler (but faster) arithmetic prover is | |
| 789 | already invoked by the Simplifier.% | |
| 26849 | 790 | \end{isamarkuptext}%
 | 
| 791 | \isamarkuptrue% | |
| 792 | % | |
| 30172 | 793 | \isamarkupsection{Intuitionistic proof search%
 | 
| 794 | } | |
| 795 | \isamarkuptrue% | |
| 796 | % | |
| 797 | \begin{isamarkuptext}%
 | |
| 798 | \begin{matharray}{rcl}
 | |
| 799 |     \indexdef{HOL}{method}{iprover}\hypertarget{method.HOL.iprover}{\hyperlink{method.HOL.iprover}{\mbox{\isa{iprover}}}} & : & \isa{method} \\
 | |
| 800 |   \end{matharray}
 | |
| 801 | ||
| 802 |   \begin{rail}
 | |
| 35613 | 803 | 'iprover' ( rulemod * ) | 
| 30172 | 804 | ; | 
| 805 |   \end{rail}
 | |
| 806 | ||
| 807 |   The \hyperlink{method.HOL.iprover}{\mbox{\isa{iprover}}} method performs intuitionistic proof
 | |
| 808 | search, depending on specifically declared rules from the context, | |
| 809 | or given as explicit arguments. Chained facts are inserted into the | |
| 35613 | 810 | goal before commencing proof search. | 
| 811 | ||
| 30172 | 812 |   Rules need to be classified as \hyperlink{attribute.Pure.intro}{\mbox{\isa{intro}}},
 | 
| 813 |   \hyperlink{attribute.Pure.elim}{\mbox{\isa{elim}}}, or \hyperlink{attribute.Pure.dest}{\mbox{\isa{dest}}}; here the
 | |
| 814 |   ``\isa{{\isachardoublequote}{\isacharbang}{\isachardoublequote}}'' indicator refers to ``safe'' rules, which may be
 | |
| 815 | applied aggressively (without considering back-tracking later). | |
| 816 |   Rules declared with ``\isa{{\isachardoublequote}{\isacharquery}{\isachardoublequote}}'' are ignored in proof search (the
 | |
| 817 |   single-step \hyperlink{method.rule}{\mbox{\isa{rule}}} method still observes these).  An
 | |
| 818 | explicit weight annotation may be given as well; otherwise the | |
| 819 | number of rule premises will be taken into account here.% | |
| 820 | \end{isamarkuptext}%
 | |
| 821 | \isamarkuptrue% | |
| 822 | % | |
| 823 | \isamarkupsection{Coherent Logic%
 | |
| 824 | } | |
| 825 | \isamarkuptrue% | |
| 826 | % | |
| 827 | \begin{isamarkuptext}%
 | |
| 828 | \begin{matharray}{rcl}
 | |
| 829 |     \indexdef{HOL}{method}{coherent}\hypertarget{method.HOL.coherent}{\hyperlink{method.HOL.coherent}{\mbox{\isa{coherent}}}} & : & \isa{method} \\
 | |
| 830 |   \end{matharray}
 | |
| 831 | ||
| 832 |   \begin{rail}
 | |
| 833 | 'coherent' thmrefs? | |
| 834 | ; | |
| 835 |   \end{rail}
 | |
| 836 | ||
| 837 |   The \hyperlink{method.HOL.coherent}{\mbox{\isa{coherent}}} method solves problems of
 | |
| 838 |   \emph{Coherent Logic} \cite{Bezem-Coquand:2005}, which covers
 | |
| 839 | applications in confluence theory, lattice theory and projective | |
| 840 |   geometry.  See \hyperlink{file.~~/src/HOL/ex/Coherent.thy}{\mbox{\isa{\isatt{{\isachartilde}{\isachartilde}{\isacharslash}src{\isacharslash}HOL{\isacharslash}ex{\isacharslash}Coherent{\isachardot}thy}}}} for some
 | |
| 841 | examples.% | |
| 842 | \end{isamarkuptext}%
 | |
| 843 | \isamarkuptrue% | |
| 844 | % | |
| 31913 | 845 | \isamarkupsection{Checking and refuting propositions%
 | 
| 846 | } | |
| 847 | \isamarkuptrue% | |
| 848 | % | |
| 849 | \begin{isamarkuptext}%
 | |
| 850 | Identifying incorrect propositions usually involves evaluation of | |
| 851 | particular assignments and systematic counter example search. This | |
| 852 | is supported by the following commands. | |
| 853 | ||
| 854 |   \begin{matharray}{rcl}
 | |
| 855 |     \indexdef{HOL}{command}{value}\hypertarget{command.HOL.value}{\hyperlink{command.HOL.value}{\mbox{\isa{\isacommand{value}}}}}\isa{{\isachardoublequote}\isactrlsup {\isacharasterisk}{\isachardoublequote}} & : & \isa{{\isachardoublequote}context\ {\isasymrightarrow}{\isachardoublequote}} \\
 | |
| 856 |     \indexdef{HOL}{command}{quickcheck}\hypertarget{command.HOL.quickcheck}{\hyperlink{command.HOL.quickcheck}{\mbox{\isa{\isacommand{quickcheck}}}}}\isa{{\isachardoublequote}\isactrlsup {\isacharasterisk}{\isachardoublequote}} & : & \isa{{\isachardoublequote}proof\ {\isasymrightarrow}{\isachardoublequote}} \\
 | |
| 857 |     \indexdef{HOL}{command}{quickcheck\_params}\hypertarget{command.HOL.quickcheck-params}{\hyperlink{command.HOL.quickcheck-params}{\mbox{\isa{\isacommand{quickcheck{\isacharunderscore}params}}}}} & : & \isa{{\isachardoublequote}theory\ {\isasymrightarrow}\ theory{\isachardoublequote}}
 | |
| 858 |   \end{matharray}
 | |
| 859 | ||
| 860 |   \begin{rail}
 | |
| 861 | 'value' ( ( '[' name ']' ) ? ) modes? term | |
| 862 | ; | |
| 863 | ||
| 864 | 'quickcheck' ( ( '[' args ']' ) ? ) nat? | |
| 865 | ; | |
| 866 | ||
| 867 | 'quickcheck_params' ( ( '[' args ']' ) ? ) | |
| 868 | ; | |
| 869 | ||
| 870 |     modes: '(' (name + ) ')'
 | |
| 871 | ; | |
| 872 | ||
| 873 | args: ( name '=' value + ',' ) | |
| 874 | ; | |
| 875 |   \end{rail}
 | |
| 876 | ||
| 877 |   \begin{description}
 | |
| 878 | ||
| 879 |   \item \hyperlink{command.HOL.value}{\mbox{\isa{\isacommand{value}}}}~\isa{t} evaluates and prints a
 | |
| 880 |     term; optionally \isa{modes} can be specified, which are
 | |
| 881 |     appended to the current print mode (see also \cite{isabelle-ref}).
 | |
| 882 | Internally, the evaluation is performed by registered evaluators, | |
| 883 | which are invoked sequentially until a result is returned. | |
| 884 | Alternatively a specific evaluator can be selected using square | |
| 37444 | 885 | brackets; typical evaluators use the current set of code equations | 
| 886 |     to normalize and include \isa{simp} for fully symbolic evaluation
 | |
| 887 |     using the simplifier, \isa{nbe} for \emph{normalization by evaluation}
 | |
| 888 |     and \emph{code} for code generation in SML.
 | |
| 31913 | 889 | |
| 890 |   \item \hyperlink{command.HOL.quickcheck}{\mbox{\isa{\isacommand{quickcheck}}}} tests the current goal for
 | |
| 891 | counter examples using a series of arbitrary assignments for its | |
| 892 | free variables; by default the first subgoal is tested, an other | |
| 893 | can be selected explicitly using an optional goal index. | |
| 894 | A number of configuration options are supported for | |
| 895 |     \hyperlink{command.HOL.quickcheck}{\mbox{\isa{\isacommand{quickcheck}}}}, notably:
 | |
| 896 | ||
| 897 |     \begin{description}
 | |
| 898 | ||
| 899 | \item[size] specifies the maximum size of the search space for | |
| 900 | assignment values. | |
| 901 | ||
| 902 | \item[iterations] sets how many sets of assignments are | |
| 903 | generated for each particular size. | |
| 904 | ||
| 35351 
7425aece4ee3
allow general mixfix syntax for type constructors;
 wenzelm parents: 
34172diff
changeset | 905 | \item[no\_assms] specifies whether assumptions in | 
| 
7425aece4ee3
allow general mixfix syntax for type constructors;
 wenzelm parents: 
34172diff
changeset | 906 | structured proofs should be ignored. | 
| 
7425aece4ee3
allow general mixfix syntax for type constructors;
 wenzelm parents: 
34172diff
changeset | 907 | |
| 31913 | 908 |     \end{description}
 | 
| 909 | ||
| 910 | These option can be given within square brackets. | |
| 911 | ||
| 912 |   \item \hyperlink{command.HOL.quickcheck-params}{\mbox{\isa{\isacommand{quickcheck{\isacharunderscore}params}}}} changes quickcheck
 | |
| 913 | configuration options persitently. | |
| 914 | ||
| 915 |   \end{description}%
 | |
| 916 | \end{isamarkuptext}%
 | |
| 917 | \isamarkuptrue% | |
| 918 | % | |
| 28788 | 919 | \isamarkupsection{Unstructured case analysis and induction \label{sec:hol-induct-tac}%
 | 
| 26849 | 920 | } | 
| 921 | \isamarkuptrue% | |
| 922 | % | |
| 923 | \begin{isamarkuptext}%
 | |
| 27124 | 924 | The following tools of Isabelle/HOL support cases analysis and | 
| 925 | induction in unstructured tactic scripts; see also | |
| 926 |   \secref{sec:cases-induct} for proper Isar versions of similar ideas.
 | |
| 26849 | 927 | |
| 928 |   \begin{matharray}{rcl}
 | |
| 28788 | 929 |     \indexdef{HOL}{method}{case\_tac}\hypertarget{method.HOL.case-tac}{\hyperlink{method.HOL.case-tac}{\mbox{\isa{case{\isacharunderscore}tac}}}}\isa{{\isachardoublequote}\isactrlsup {\isacharasterisk}{\isachardoublequote}} & : & \isa{method} \\
 | 
| 930 |     \indexdef{HOL}{method}{induct\_tac}\hypertarget{method.HOL.induct-tac}{\hyperlink{method.HOL.induct-tac}{\mbox{\isa{induct{\isacharunderscore}tac}}}}\isa{{\isachardoublequote}\isactrlsup {\isacharasterisk}{\isachardoublequote}} & : & \isa{method} \\
 | |
| 931 |     \indexdef{HOL}{method}{ind\_cases}\hypertarget{method.HOL.ind-cases}{\hyperlink{method.HOL.ind-cases}{\mbox{\isa{ind{\isacharunderscore}cases}}}}\isa{{\isachardoublequote}\isactrlsup {\isacharasterisk}{\isachardoublequote}} & : & \isa{method} \\
 | |
| 932 |     \indexdef{HOL}{command}{inductive\_cases}\hypertarget{command.HOL.inductive-cases}{\hyperlink{command.HOL.inductive-cases}{\mbox{\isa{\isacommand{inductive{\isacharunderscore}cases}}}}}\isa{{\isachardoublequote}\isactrlsup {\isacharasterisk}{\isachardoublequote}} & : & \isa{{\isachardoublequote}local{\isacharunderscore}theory\ {\isasymrightarrow}\ local{\isacharunderscore}theory{\isachardoublequote}} \\
 | |
| 26849 | 933 |   \end{matharray}
 | 
| 934 | ||
| 935 |   \begin{rail}
 | |
| 936 | 'case\_tac' goalspec? term rule? | |
| 937 | ; | |
| 938 | 'induct\_tac' goalspec? (insts * 'and') rule? | |
| 939 | ; | |
| 940 |     'ind\_cases' (prop +) ('for' (name +)) ?
 | |
| 941 | ; | |
| 942 | 'inductive\_cases' (thmdecl? (prop +) + 'and') | |
| 943 | ; | |
| 944 | ||
| 945 |     rule: ('rule' ':' thmref)
 | |
| 946 | ; | |
| 947 |   \end{rail}
 | |
| 948 | ||
| 28788 | 949 |   \begin{description}
 | 
| 26849 | 950 | |
| 28788 | 951 |   \item \hyperlink{method.HOL.case-tac}{\mbox{\isa{case{\isacharunderscore}tac}}} and \hyperlink{method.HOL.induct-tac}{\mbox{\isa{induct{\isacharunderscore}tac}}} admit
 | 
| 952 | to reason about inductive types. Rules are selected according to | |
| 953 |   the declarations by the \hyperlink{attribute.cases}{\mbox{\isa{cases}}} and \hyperlink{attribute.induct}{\mbox{\isa{induct}}}
 | |
| 954 |   attributes, cf.\ \secref{sec:cases-induct}.  The \hyperlink{command.HOL.datatype}{\mbox{\isa{\isacommand{datatype}}}} package already takes care of this.
 | |
| 27124 | 955 | |
| 956 | These unstructured tactics feature both goal addressing and dynamic | |
| 26849 | 957 |   instantiation.  Note that named rule cases are \emph{not} provided
 | 
| 27124 | 958 |   as would be by the proper \hyperlink{method.cases}{\mbox{\isa{cases}}} and \hyperlink{method.induct}{\mbox{\isa{induct}}} proof
 | 
| 959 |   methods (see \secref{sec:cases-induct}).  Unlike the \hyperlink{method.induct}{\mbox{\isa{induct}}} method, \hyperlink{method.induct-tac}{\mbox{\isa{induct{\isacharunderscore}tac}}} does not handle structured rule
 | |
| 960 | statements, only the compact object-logic conclusion of the subgoal | |
| 961 | being addressed. | |
| 26849 | 962 | |
| 28788 | 963 |   \item \hyperlink{method.HOL.ind-cases}{\mbox{\isa{ind{\isacharunderscore}cases}}} and \hyperlink{command.HOL.inductive-cases}{\mbox{\isa{\isacommand{inductive{\isacharunderscore}cases}}}} provide an interface to the internal \verb|mk_cases| operation.  Rules are simplified in an unrestricted
 | 
| 26861 | 964 | forward manner. | 
| 26849 | 965 | |
| 26907 | 966 |   While \hyperlink{method.HOL.ind-cases}{\mbox{\isa{ind{\isacharunderscore}cases}}} is a proof method to apply the
 | 
| 967 |   result immediately as elimination rules, \hyperlink{command.HOL.inductive-cases}{\mbox{\isa{\isacommand{inductive{\isacharunderscore}cases}}}} provides case split theorems at the theory level
 | |
| 968 |   for later use.  The \hyperlink{keyword.for}{\mbox{\isa{\isakeyword{for}}}} argument of the \hyperlink{method.HOL.ind-cases}{\mbox{\isa{ind{\isacharunderscore}cases}}} method allows to specify a list of variables that should
 | |
| 26849 | 969 | be generalized before applying the resulting rule. | 
| 970 | ||
| 28788 | 971 |   \end{description}%
 | 
| 26849 | 972 | \end{isamarkuptext}%
 | 
| 973 | \isamarkuptrue% | |
| 974 | % | |
| 975 | \isamarkupsection{Executable code%
 | |
| 976 | } | |
| 977 | \isamarkuptrue% | |
| 978 | % | |
| 979 | \begin{isamarkuptext}%
 | |
| 980 | Isabelle/Pure provides two generic frameworks to support code | |
| 981 | generation from executable specifications. Isabelle/HOL | |
| 982 | instantiates these mechanisms in a way that is amenable to end-user | |
| 983 | applications. | |
| 984 | ||
| 37422 | 985 | \medskip One framework generates code from functional programs | 
| 986 |   (including overloading using type classes) to SML \cite{SML}, OCaml
 | |
| 987 |   \cite{OCaml} and Haskell \cite{haskell-revised-report}.
 | |
| 988 | Conceptually, code generation is split up in three steps: | |
| 989 |   \emph{selection} of code theorems, \emph{translation} into an
 | |
| 990 |   abstract executable view and \emph{serialization} to a specific
 | |
| 991 |   \emph{target language}.  Inductive specifications can be executed
 | |
| 992 | using the predicate compiler which operates within HOL. | |
| 993 |   See \cite{isabelle-codegen} for an introduction.
 | |
| 994 | ||
| 995 |   \begin{matharray}{rcl}
 | |
| 996 |     \indexdef{HOL}{command}{export\_code}\hypertarget{command.HOL.export-code}{\hyperlink{command.HOL.export-code}{\mbox{\isa{\isacommand{export{\isacharunderscore}code}}}}}\isa{{\isachardoublequote}\isactrlsup {\isacharasterisk}{\isachardoublequote}} & : & \isa{{\isachardoublequote}context\ {\isasymrightarrow}{\isachardoublequote}} \\
 | |
| 997 |     \indexdef{HOL}{attribute}{code}\hypertarget{attribute.HOL.code}{\hyperlink{attribute.HOL.code}{\mbox{\isa{code}}}} & : & \isa{attribute} \\
 | |
| 998 |     \indexdef{HOL}{command}{code\_abort}\hypertarget{command.HOL.code-abort}{\hyperlink{command.HOL.code-abort}{\mbox{\isa{\isacommand{code{\isacharunderscore}abort}}}}} & : & \isa{{\isachardoublequote}theory\ {\isasymrightarrow}\ theory{\isachardoublequote}} \\
 | |
| 999 |     \indexdef{HOL}{command}{code\_datatype}\hypertarget{command.HOL.code-datatype}{\hyperlink{command.HOL.code-datatype}{\mbox{\isa{\isacommand{code{\isacharunderscore}datatype}}}}} & : & \isa{{\isachardoublequote}theory\ {\isasymrightarrow}\ theory{\isachardoublequote}} \\
 | |
| 1000 |     \indexdef{HOL}{command}{print\_codesetup}\hypertarget{command.HOL.print-codesetup}{\hyperlink{command.HOL.print-codesetup}{\mbox{\isa{\isacommand{print{\isacharunderscore}codesetup}}}}}\isa{{\isachardoublequote}\isactrlsup {\isacharasterisk}{\isachardoublequote}} & : & \isa{{\isachardoublequote}context\ {\isasymrightarrow}{\isachardoublequote}} \\
 | |
| 1001 |     \indexdef{HOL}{attribute}{code\_inline}\hypertarget{attribute.HOL.code-inline}{\hyperlink{attribute.HOL.code-inline}{\mbox{\isa{code{\isacharunderscore}inline}}}} & : & \isa{attribute} \\
 | |
| 1002 |     \indexdef{HOL}{attribute}{code\_post}\hypertarget{attribute.HOL.code-post}{\hyperlink{attribute.HOL.code-post}{\mbox{\isa{code{\isacharunderscore}post}}}} & : & \isa{attribute} \\
 | |
| 1003 |     \indexdef{HOL}{command}{print\_codeproc}\hypertarget{command.HOL.print-codeproc}{\hyperlink{command.HOL.print-codeproc}{\mbox{\isa{\isacommand{print{\isacharunderscore}codeproc}}}}}\isa{{\isachardoublequote}\isactrlsup {\isacharasterisk}{\isachardoublequote}} & : & \isa{{\isachardoublequote}context\ {\isasymrightarrow}{\isachardoublequote}} \\
 | |
| 1004 |     \indexdef{HOL}{command}{code\_thms}\hypertarget{command.HOL.code-thms}{\hyperlink{command.HOL.code-thms}{\mbox{\isa{\isacommand{code{\isacharunderscore}thms}}}}}\isa{{\isachardoublequote}\isactrlsup {\isacharasterisk}{\isachardoublequote}} & : & \isa{{\isachardoublequote}context\ {\isasymrightarrow}{\isachardoublequote}} \\
 | |
| 1005 |     \indexdef{HOL}{command}{code\_deps}\hypertarget{command.HOL.code-deps}{\hyperlink{command.HOL.code-deps}{\mbox{\isa{\isacommand{code{\isacharunderscore}deps}}}}}\isa{{\isachardoublequote}\isactrlsup {\isacharasterisk}{\isachardoublequote}} & : & \isa{{\isachardoublequote}context\ {\isasymrightarrow}{\isachardoublequote}} \\
 | |
| 1006 |     \indexdef{HOL}{command}{code\_const}\hypertarget{command.HOL.code-const}{\hyperlink{command.HOL.code-const}{\mbox{\isa{\isacommand{code{\isacharunderscore}const}}}}} & : & \isa{{\isachardoublequote}theory\ {\isasymrightarrow}\ theory{\isachardoublequote}} \\
 | |
| 1007 |     \indexdef{HOL}{command}{code\_type}\hypertarget{command.HOL.code-type}{\hyperlink{command.HOL.code-type}{\mbox{\isa{\isacommand{code{\isacharunderscore}type}}}}} & : & \isa{{\isachardoublequote}theory\ {\isasymrightarrow}\ theory{\isachardoublequote}} \\
 | |
| 1008 |     \indexdef{HOL}{command}{code\_class}\hypertarget{command.HOL.code-class}{\hyperlink{command.HOL.code-class}{\mbox{\isa{\isacommand{code{\isacharunderscore}class}}}}} & : & \isa{{\isachardoublequote}theory\ {\isasymrightarrow}\ theory{\isachardoublequote}} \\
 | |
| 1009 |     \indexdef{HOL}{command}{code\_instance}\hypertarget{command.HOL.code-instance}{\hyperlink{command.HOL.code-instance}{\mbox{\isa{\isacommand{code{\isacharunderscore}instance}}}}} & : & \isa{{\isachardoublequote}theory\ {\isasymrightarrow}\ theory{\isachardoublequote}} \\
 | |
| 1010 |     \indexdef{HOL}{command}{code\_reserved}\hypertarget{command.HOL.code-reserved}{\hyperlink{command.HOL.code-reserved}{\mbox{\isa{\isacommand{code{\isacharunderscore}reserved}}}}} & : & \isa{{\isachardoublequote}theory\ {\isasymrightarrow}\ theory{\isachardoublequote}} \\
 | |
| 1011 |     \indexdef{HOL}{command}{code\_monad}\hypertarget{command.HOL.code-monad}{\hyperlink{command.HOL.code-monad}{\mbox{\isa{\isacommand{code{\isacharunderscore}monad}}}}} & : & \isa{{\isachardoublequote}theory\ {\isasymrightarrow}\ theory{\isachardoublequote}} \\
 | |
| 1012 |     \indexdef{HOL}{command}{code\_include}\hypertarget{command.HOL.code-include}{\hyperlink{command.HOL.code-include}{\mbox{\isa{\isacommand{code{\isacharunderscore}include}}}}} & : & \isa{{\isachardoublequote}theory\ {\isasymrightarrow}\ theory{\isachardoublequote}} \\
 | |
| 1013 |     \indexdef{HOL}{command}{code\_modulename}\hypertarget{command.HOL.code-modulename}{\hyperlink{command.HOL.code-modulename}{\mbox{\isa{\isacommand{code{\isacharunderscore}modulename}}}}} & : & \isa{{\isachardoublequote}theory\ {\isasymrightarrow}\ theory{\isachardoublequote}} \\
 | |
| 1014 |   \end{matharray}
 | |
| 1015 | ||
| 1016 |   \begin{rail}
 | |
| 37820 
ffaca9167c16
export_code without file prints to standard output
 haftmann parents: 
37749diff
changeset | 1017 | 'export\_code' ( constexpr + ) \\ | 
| 
ffaca9167c16
export_code without file prints to standard output
 haftmann parents: 
37749diff
changeset | 1018 | ( ( 'in' target ( 'module\_name' string ) ? \\ | 
| 
ffaca9167c16
export_code without file prints to standard output
 haftmann parents: 
37749diff
changeset | 1019 |         ( 'file' ( string | '-' ) ) ? ( '(' args ')' ) ?) + ) ?
 | 
| 37422 | 1020 | ; | 
| 1021 | ||
| 1022 | const: term | |
| 1023 | ; | |
| 1024 | ||
| 1025 | constexpr: ( const | 'name.*' | '*' ) | |
| 1026 | ; | |
| 1027 | ||
| 1028 | typeconstructor: nameref | |
| 1029 | ; | |
| 1030 | ||
| 1031 | class: nameref | |
| 1032 | ; | |
| 1033 | ||
| 1034 | target: 'OCaml' | 'SML' | 'Haskell' | |
| 1035 | ; | |
| 1036 | ||
| 1037 | 'code' ( 'del' ) ? | |
| 1038 | ; | |
| 1039 | ||
| 1040 | 'code\_abort' ( const + ) | |
| 1041 | ; | |
| 1042 | ||
| 1043 | 'code\_datatype' ( const + ) | |
| 1044 | ; | |
| 1045 | ||
| 1046 | 'code_inline' ( 'del' ) ? | |
| 1047 | ; | |
| 1048 | ||
| 1049 | 'code_post' ( 'del' ) ? | |
| 1050 | ; | |
| 1051 | ||
| 1052 | 'code\_thms' ( constexpr + ) ? | |
| 1053 | ; | |
| 1054 | ||
| 1055 | 'code\_deps' ( constexpr + ) ? | |
| 1056 | ; | |
| 1057 | ||
| 1058 | 'code\_const' (const + 'and') \\ | |
| 1059 |       ( ( '(' target ( syntax ? + 'and' ) ')' ) + )
 | |
| 1060 | ; | |
| 1061 | ||
| 1062 | 'code\_type' (typeconstructor + 'and') \\ | |
| 1063 |       ( ( '(' target ( syntax ? + 'and' ) ')' ) + )
 | |
| 1064 | ; | |
| 1065 | ||
| 1066 | 'code\_class' (class + 'and') \\ | |
| 1067 |       ( ( '(' target \\ ( string ? + 'and' ) ')' ) + )
 | |
| 1068 | ; | |
| 1069 | ||
| 1070 | 'code\_instance' (( typeconstructor '::' class ) + 'and') \\ | |
| 1071 |       ( ( '(' target ( '-' ? + 'and' ) ')' ) + )
 | |
| 1072 | ; | |
| 1073 | ||
| 1074 | 'code\_reserved' target ( string + ) | |
| 1075 | ; | |
| 1076 | ||
| 1077 | 'code\_monad' const const target | |
| 1078 | ; | |
| 1079 | ||
| 1080 | 'code\_include' target ( string ( string | '-') ) | |
| 1081 | ; | |
| 1082 | ||
| 1083 | 'code\_modulename' target ( ( string string ) + ) | |
| 1084 | ; | |
| 1085 | ||
| 1086 | syntax: string | ( 'infix' | 'infixl' | 'infixr' ) nat string | |
| 1087 | ; | |
| 1088 | ||
| 1089 |   \end{rail}
 | |
| 1090 | ||
| 1091 |   \begin{description}
 | |
| 1092 | ||
| 1093 |   \item \hyperlink{command.HOL.export-code}{\mbox{\isa{\isacommand{export{\isacharunderscore}code}}}} generates code for a given list
 | |
| 1094 | of constants in the specified target language(s). If no serialization | |
| 1095 | instruction is given, only abstract code is generated internally. | |
| 1096 | ||
| 1097 | Constants may be specified by giving them literally, referring to | |
| 1098 |   all executable contants within a certain theory by giving \isa{{\isachardoublequote}name{\isachardot}{\isacharasterisk}{\isachardoublequote}}, or referring to \emph{all} executable constants currently
 | |
| 1099 |   available by giving \isa{{\isachardoublequote}{\isacharasterisk}{\isachardoublequote}}.
 | |
| 1100 | ||
| 1101 | By default, for each involved theory one corresponding name space | |
| 1102 | module is generated. Alternativly, a module name may be specified | |
| 1103 |   after the \hyperlink{keyword.module-name}{\mbox{\isa{\isakeyword{module{\isacharunderscore}name}}}} keyword; then \emph{all} code is
 | |
| 1104 | placed in this module. | |
| 1105 | ||
| 1106 |   For \emph{SML} and \emph{OCaml}, the file specification refers to a
 | |
| 1107 |   single file; for \emph{Haskell}, it refers to a whole directory,
 | |
| 1108 | where code is generated in multiple files reflecting the module | |
| 37820 
ffaca9167c16
export_code without file prints to standard output
 haftmann parents: 
37749diff
changeset | 1109 | hierarchy. Omitting the file specification denotes standard | 
| 37749 | 1110 | output. | 
| 37422 | 1111 | |
| 1112 | Serializers take an optional list of arguments in parentheses. For | |
| 1113 |   \emph{SML} and \emph{OCaml}, ``\isa{no{\isacharunderscore}signatures}`` omits
 | |
| 1114 | explicit module signatures. | |
| 1115 | ||
| 1116 |   For \emph{Haskell} a module name prefix may be given using the ``\isa{{\isachardoublequote}root{\isacharcolon}{\isachardoublequote}}'' argument; ``\isa{string{\isacharunderscore}classes}'' adds a ``\verb|deriving (Read, Show)|'' clause to each appropriate datatype
 | |
| 1117 | declaration. | |
| 1118 | ||
| 1119 |   \item \hyperlink{attribute.HOL.code}{\mbox{\isa{code}}} explicitly selects (or with option
 | |
| 1120 |   ``\isa{{\isachardoublequote}del{\isachardoublequote}}'' deselects) a code equation for code
 | |
| 1121 | generation. Usually packages introducing code equations provide | |
| 1122 | a reasonable default setup for selection. | |
| 1123 | ||
| 1124 |   \item \hyperlink{command.HOL.code-abort}{\mbox{\isa{\isacommand{code{\isacharunderscore}abort}}}} declares constants which are not
 | |
| 1125 | required to have a definition by means of code equations; if | |
| 1126 | needed these are implemented by program abort instead. | |
| 1127 | ||
| 1128 |   \item \hyperlink{command.HOL.code-datatype}{\mbox{\isa{\isacommand{code{\isacharunderscore}datatype}}}} specifies a constructor set
 | |
| 1129 | for a logical type. | |
| 1130 | ||
| 1131 |   \item \hyperlink{command.HOL.print-codesetup}{\mbox{\isa{\isacommand{print{\isacharunderscore}codesetup}}}} gives an overview on
 | |
| 1132 | selected code equations and code generator datatypes. | |
| 1133 | ||
| 1134 |   \item \hyperlink{attribute.HOL.code-inline}{\mbox{\isa{code{\isacharunderscore}inline}}} declares (or with
 | |
| 1135 |   option ``\isa{{\isachardoublequote}del{\isachardoublequote}}'' removes) inlining theorems which are
 | |
| 1136 | applied as rewrite rules to any code equation during | |
| 1137 | preprocessing. | |
| 1138 | ||
| 1139 |   \item \hyperlink{attribute.HOL.code-post}{\mbox{\isa{code{\isacharunderscore}post}}} declares (or with
 | |
| 1140 |   option ``\isa{{\isachardoublequote}del{\isachardoublequote}}'' removes) theorems which are
 | |
| 1141 | applied as rewrite rules to any result of an evaluation. | |
| 1142 | ||
| 1143 |   \item \hyperlink{command.HOL.print-codeproc}{\mbox{\isa{\isacommand{print{\isacharunderscore}codeproc}}}} prints the setup
 | |
| 1144 | of the code generator preprocessor. | |
| 1145 | ||
| 1146 |   \item \hyperlink{command.HOL.code-thms}{\mbox{\isa{\isacommand{code{\isacharunderscore}thms}}}} prints a list of theorems
 | |
| 1147 | representing the corresponding program containing all given | |
| 1148 | constants after preprocessing. | |
| 1149 | ||
| 1150 |   \item \hyperlink{command.HOL.code-deps}{\mbox{\isa{\isacommand{code{\isacharunderscore}deps}}}} visualizes dependencies of
 | |
| 1151 | theorems representing the corresponding program containing all given | |
| 1152 | constants after preprocessing. | |
| 1153 | ||
| 1154 |   \item \hyperlink{command.HOL.code-const}{\mbox{\isa{\isacommand{code{\isacharunderscore}const}}}} associates a list of constants
 | |
| 1155 | with target-specific serializations; omitting a serialization | |
| 1156 | deletes an existing serialization. | |
| 1157 | ||
| 1158 |   \item \hyperlink{command.HOL.code-type}{\mbox{\isa{\isacommand{code{\isacharunderscore}type}}}} associates a list of type
 | |
| 1159 | constructors with target-specific serializations; omitting a | |
| 1160 | serialization deletes an existing serialization. | |
| 1161 | ||
| 1162 |   \item \hyperlink{command.HOL.code-class}{\mbox{\isa{\isacommand{code{\isacharunderscore}class}}}} associates a list of classes
 | |
| 1163 | with target-specific class names; omitting a serialization deletes | |
| 1164 |   an existing serialization.  This applies only to \emph{Haskell}.
 | |
| 1165 | ||
| 1166 |   \item \hyperlink{command.HOL.code-instance}{\mbox{\isa{\isacommand{code{\isacharunderscore}instance}}}} declares a list of type
 | |
| 1167 | constructor / class instance relations as ``already present'' for a | |
| 1168 |   given target.  Omitting a ``\isa{{\isachardoublequote}{\isacharminus}{\isachardoublequote}}'' deletes an existing
 | |
| 1169 | ``already present'' declaration. This applies only to | |
| 1170 |   \emph{Haskell}.
 | |
| 1171 | ||
| 1172 |   \item \hyperlink{command.HOL.code-reserved}{\mbox{\isa{\isacommand{code{\isacharunderscore}reserved}}}} declares a list of names as
 | |
| 1173 | reserved for a given target, preventing it to be shadowed by any | |
| 1174 | generated code. | |
| 1175 | ||
| 1176 |   \item \hyperlink{command.HOL.code-monad}{\mbox{\isa{\isacommand{code{\isacharunderscore}monad}}}} provides an auxiliary mechanism
 | |
| 1177 | to generate monadic code for Haskell. | |
| 1178 | ||
| 1179 |   \item \hyperlink{command.HOL.code-include}{\mbox{\isa{\isacommand{code{\isacharunderscore}include}}}} adds arbitrary named content
 | |
| 1180 |   (``include'') to generated code.  A ``\isa{{\isachardoublequote}{\isacharminus}{\isachardoublequote}}'' as last argument
 | |
| 1181 | will remove an already added ``include''. | |
| 1182 | ||
| 1183 |   \item \hyperlink{command.HOL.code-modulename}{\mbox{\isa{\isacommand{code{\isacharunderscore}modulename}}}} declares aliasings from one
 | |
| 1184 | module name onto another. | |
| 1185 | ||
| 1186 |   \end{description}
 | |
| 1187 | ||
| 1188 | The other framework generates code from both functional and relational | |
| 26849 | 1189 |   programs to SML.  See \cite{isabelle-HOL} for further information
 | 
| 1190 | (this actually covers the new-style theory format as well). | |
| 1191 | ||
| 1192 |   \begin{matharray}{rcl}
 | |
| 28788 | 1193 |     \indexdef{HOL}{command}{code\_module}\hypertarget{command.HOL.code-module}{\hyperlink{command.HOL.code-module}{\mbox{\isa{\isacommand{code{\isacharunderscore}module}}}}} & : & \isa{{\isachardoublequote}theory\ {\isasymrightarrow}\ theory{\isachardoublequote}} \\
 | 
| 1194 |     \indexdef{HOL}{command}{code\_library}\hypertarget{command.HOL.code-library}{\hyperlink{command.HOL.code-library}{\mbox{\isa{\isacommand{code{\isacharunderscore}library}}}}} & : & \isa{{\isachardoublequote}theory\ {\isasymrightarrow}\ theory{\isachardoublequote}} \\
 | |
| 1195 |     \indexdef{HOL}{command}{consts\_code}\hypertarget{command.HOL.consts-code}{\hyperlink{command.HOL.consts-code}{\mbox{\isa{\isacommand{consts{\isacharunderscore}code}}}}} & : & \isa{{\isachardoublequote}theory\ {\isasymrightarrow}\ theory{\isachardoublequote}} \\
 | |
| 1196 |     \indexdef{HOL}{command}{types\_code}\hypertarget{command.HOL.types-code}{\hyperlink{command.HOL.types-code}{\mbox{\isa{\isacommand{types{\isacharunderscore}code}}}}} & : & \isa{{\isachardoublequote}theory\ {\isasymrightarrow}\ theory{\isachardoublequote}} \\  
 | |
| 1197 |     \indexdef{HOL}{attribute}{code}\hypertarget{attribute.HOL.code}{\hyperlink{attribute.HOL.code}{\mbox{\isa{code}}}} & : & \isa{attribute} \\
 | |
| 26849 | 1198 |   \end{matharray}
 | 
| 1199 | ||
| 1200 |   \begin{rail}
 | |
| 1201 | ( 'code\_module' | 'code\_library' ) modespec ? name ? \\ | |
| 1202 | ( 'file' name ) ? ( 'imports' ( name + ) ) ? \\ | |
| 1203 | 'contains' ( ( name '=' term ) + | term + ) | |
| 1204 | ; | |
| 1205 | ||
| 1206 |   modespec: '(' ( name * ) ')'
 | |
| 1207 | ; | |
| 1208 | ||
| 1209 | 'consts\_code' (codespec +) | |
| 1210 | ; | |
| 1211 | ||
| 1212 | codespec: const template attachment ? | |
| 1213 | ; | |
| 1214 | ||
| 1215 | 'types\_code' (tycodespec +) | |
| 1216 | ; | |
| 1217 | ||
| 1218 | tycodespec: name template attachment ? | |
| 1219 | ; | |
| 1220 | ||
| 1221 | const: term | |
| 1222 | ; | |
| 1223 | ||
| 1224 |   template: '(' string ')'
 | |
| 1225 | ; | |
| 1226 | ||
| 1227 | attachment: 'attach' modespec ? verblbrace text verbrbrace | |
| 1228 | ; | |
| 1229 | ||
| 1230 | 'code' (name)? | |
| 1231 | ; | |
| 37422 | 1232 |   \end{rail}%
 | 
| 26849 | 1233 | \end{isamarkuptext}%
 | 
| 1234 | \isamarkuptrue% | |
| 1235 | % | |
| 27047 | 1236 | \isamarkupsection{Definition by specification \label{sec:hol-specification}%
 | 
| 1237 | } | |
| 1238 | \isamarkuptrue% | |
| 1239 | % | |
| 1240 | \begin{isamarkuptext}%
 | |
| 1241 | \begin{matharray}{rcl}
 | |
| 28788 | 1242 |     \indexdef{HOL}{command}{specification}\hypertarget{command.HOL.specification}{\hyperlink{command.HOL.specification}{\mbox{\isa{\isacommand{specification}}}}} & : & \isa{{\isachardoublequote}theory\ {\isasymrightarrow}\ proof{\isacharparenleft}prove{\isacharparenright}{\isachardoublequote}} \\
 | 
| 1243 |     \indexdef{HOL}{command}{ax\_specification}\hypertarget{command.HOL.ax-specification}{\hyperlink{command.HOL.ax-specification}{\mbox{\isa{\isacommand{ax{\isacharunderscore}specification}}}}} & : & \isa{{\isachardoublequote}theory\ {\isasymrightarrow}\ proof{\isacharparenleft}prove{\isacharparenright}{\isachardoublequote}} \\
 | |
| 27047 | 1244 |   \end{matharray}
 | 
| 1245 | ||
| 1246 |   \begin{rail}
 | |
| 1247 |   ('specification' | 'ax\_specification') '(' (decl +) ')' \\ (thmdecl? prop +)
 | |
| 1248 | ; | |
| 1249 |   decl: ((name ':')? term '(' 'overloaded' ')'?)
 | |
| 1250 |   \end{rail}
 | |
| 1251 | ||
| 28788 | 1252 |   \begin{description}
 | 
| 27047 | 1253 | |
| 28788 | 1254 |   \item \hyperlink{command.HOL.specification}{\mbox{\isa{\isacommand{specification}}}}~\isa{{\isachardoublequote}decls\ {\isasymphi}{\isachardoublequote}} sets up a
 | 
| 27047 | 1255 | goal stating the existence of terms with the properties specified to | 
| 1256 |   hold for the constants given in \isa{decls}.  After finishing the
 | |
| 1257 | proof, the theory will be augmented with definitions for the given | |
| 1258 | constants, as well as with theorems stating the properties for these | |
| 1259 | constants. | |
| 1260 | ||
| 28788 | 1261 |   \item \hyperlink{command.HOL.ax-specification}{\mbox{\isa{\isacommand{ax{\isacharunderscore}specification}}}}~\isa{{\isachardoublequote}decls\ {\isasymphi}{\isachardoublequote}} sets up
 | 
| 1262 | a goal stating the existence of terms with the properties specified | |
| 1263 |   to hold for the constants given in \isa{decls}.  After finishing
 | |
| 1264 | the proof, the theory will be augmented with axioms expressing the | |
| 1265 | properties given in the first place. | |
| 27047 | 1266 | |
| 28788 | 1267 |   \item \isa{decl} declares a constant to be defined by the
 | 
| 27047 | 1268 |   specification given.  The definition for the constant \isa{c} is
 | 
| 1269 |   bound to the name \isa{c{\isacharunderscore}def} unless a theorem name is given in
 | |
| 1270 | the declaration. Overloaded constants should be declared as such. | |
| 1271 | ||
| 28788 | 1272 |   \end{description}
 | 
| 27047 | 1273 | |
| 1274 |   Whether to use \hyperlink{command.HOL.specification}{\mbox{\isa{\isacommand{specification}}}} or \hyperlink{command.HOL.ax-specification}{\mbox{\isa{\isacommand{ax{\isacharunderscore}specification}}}} is to some extent a matter of style.  \hyperlink{command.HOL.specification}{\mbox{\isa{\isacommand{specification}}}} introduces no new axioms, and so by
 | |
| 1275 |   construction cannot introduce inconsistencies, whereas \hyperlink{command.HOL.ax-specification}{\mbox{\isa{\isacommand{ax{\isacharunderscore}specification}}}} does introduce axioms, but only after the
 | |
| 1276 | user has explicitly proven it to be safe. A practical issue must be | |
| 1277 | considered, though: After introducing two constants with the same | |
| 1278 |   properties using \hyperlink{command.HOL.specification}{\mbox{\isa{\isacommand{specification}}}}, one can prove
 | |
| 1279 | that the two constants are, in fact, equal. If this might be a | |
| 1280 |   problem, one should use \hyperlink{command.HOL.ax-specification}{\mbox{\isa{\isacommand{ax{\isacharunderscore}specification}}}}.%
 | |
| 1281 | \end{isamarkuptext}%
 | |
| 1282 | \isamarkuptrue% | |
| 1283 | % | |
| 26849 | 1284 | \isadelimtheory | 
| 1285 | % | |
| 1286 | \endisadelimtheory | |
| 1287 | % | |
| 1288 | \isatagtheory | |
| 26840 | 1289 | \isacommand{end}\isamarkupfalse%
 | 
| 1290 | % | |
| 1291 | \endisatagtheory | |
| 1292 | {\isafoldtheory}%
 | |
| 1293 | % | |
| 1294 | \isadelimtheory | |
| 1295 | % | |
| 1296 | \endisadelimtheory | |
| 26849 | 1297 | \isanewline | 
| 26840 | 1298 | \end{isabellebody}%
 | 
| 1299 | %%% Local Variables: | |
| 1300 | %%% mode: latex | |
| 1301 | %%% TeX-master: "root" | |
| 1302 | %%% End: |