isabelle: doc-src/Ref/thm.tex@1547174673e1 (annotated)

104 d8205bb279a7 Initial revision lcp parents: diff changeset	1	%% $Id$
d8205bb279a7 Initial revision lcp parents: diff changeset	2	\chapter{Theorems and Forward Proof}
d8205bb279a7 Initial revision lcp parents: diff changeset	3	\index{theorems\|(}
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	4
104 d8205bb279a7 Initial revision lcp parents: diff changeset	5	Theorems, which represent the axioms, theorems and rules of object-logics,
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	6	have type \mltydx{thm}. This chapter begins by describing operations that
bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	7	print theorems and that join them in forward proof. Most theorem
bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	8	operations are intended for advanced applications, such as programming new
bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	9	proof procedures. Many of these operations refer to signatures, certified
bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	10	terms and certified types, which have the \ML{} types {\tt Sign.sg}, {\tt
bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	11	Sign.cterm} and {\tt Sign.ctyp} and are discussed in
104 d8205bb279a7 Initial revision lcp parents: diff changeset	12	Chapter~\ref{theories}. Beginning users should ignore such complexities
d8205bb279a7 Initial revision lcp parents: diff changeset	13	--- and skip all but the first section of this chapter.
d8205bb279a7 Initial revision lcp parents: diff changeset	14
d8205bb279a7 Initial revision lcp parents: diff changeset	15	The theorem operations do not print error messages. Instead, they raise
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	16	exception~\xdx{THM}\@. Use \ttindex{print_exn} to display
104 d8205bb279a7 Initial revision lcp parents: diff changeset	17	exceptions nicely:
d8205bb279a7 Initial revision lcp parents: diff changeset	18	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	19	allI RS mp handle e => print_exn e;
d8205bb279a7 Initial revision lcp parents: diff changeset	20	{\out Exception THM raised:}
d8205bb279a7 Initial revision lcp parents: diff changeset	21	{\out RSN: no unifiers -- premise 1}
d8205bb279a7 Initial revision lcp parents: diff changeset	22	{\out (!!x. ?P(x)) ==> ALL x. ?P(x)}
d8205bb279a7 Initial revision lcp parents: diff changeset	23	{\out [\| ?P --> ?Q; ?P \|] ==> ?Q}
d8205bb279a7 Initial revision lcp parents: diff changeset	24	{\out}
d8205bb279a7 Initial revision lcp parents: diff changeset	25	{\out uncaught exception THM}
d8205bb279a7 Initial revision lcp parents: diff changeset	26	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	27
d8205bb279a7 Initial revision lcp parents: diff changeset	28
d8205bb279a7 Initial revision lcp parents: diff changeset	29	\section{Basic operations on theorems}
d8205bb279a7 Initial revision lcp parents: diff changeset	30	\subsection{Pretty-printing a theorem}
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	31	\index{theorems!printing of}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	32	\begin{ttbox}
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	33	prth : thm -> thm
bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	34	prths : thm list -> thm list
bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	35	prthq : thm Sequence.seq -> thm Sequence.seq
bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	36	print_thm : thm -> unit
bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	37	print_goals : int -> thm -> unit
bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	38	string_of_thm : thm -> string
104 d8205bb279a7 Initial revision lcp parents: diff changeset	39	\end{ttbox}
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	40	The first three commands are for interactive use. They are identity
bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	41	functions that display, then return, their argument. The \ML{} identifier
bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	42	{\tt it} will refer to the value just displayed.
bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	43
bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	44	The others are for use in programs. Functions with result type {\tt unit}
bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	45	are convenient for imperative programming.
bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	46
bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	47	\begin{ttdescription}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	48	\item[\ttindexbold{prth} {\it thm}]
d8205bb279a7 Initial revision lcp parents: diff changeset	49	prints {\it thm\/} at the terminal.
d8205bb279a7 Initial revision lcp parents: diff changeset	50
d8205bb279a7 Initial revision lcp parents: diff changeset	51	\item[\ttindexbold{prths} {\it thms}]
d8205bb279a7 Initial revision lcp parents: diff changeset	52	prints {\it thms}, a list of theorems.
d8205bb279a7 Initial revision lcp parents: diff changeset	53
d8205bb279a7 Initial revision lcp parents: diff changeset	54	\item[\ttindexbold{prthq} {\it thmq}]
d8205bb279a7 Initial revision lcp parents: diff changeset	55	prints {\it thmq}, a sequence of theorems. It is useful for inspecting
d8205bb279a7 Initial revision lcp parents: diff changeset	56	the output of a tactic.
d8205bb279a7 Initial revision lcp parents: diff changeset	57
d8205bb279a7 Initial revision lcp parents: diff changeset	58	\item[\ttindexbold{print_thm} {\it thm}]
d8205bb279a7 Initial revision lcp parents: diff changeset	59	prints {\it thm\/} at the terminal.
d8205bb279a7 Initial revision lcp parents: diff changeset	60
d8205bb279a7 Initial revision lcp parents: diff changeset	61	\item[\ttindexbold{print_goals} {\it limit\/} {\it thm}]
d8205bb279a7 Initial revision lcp parents: diff changeset	62	prints {\it thm\/} in goal style, with the premises as subgoals. It prints
d8205bb279a7 Initial revision lcp parents: diff changeset	63	at most {\it limit\/} subgoals. The subgoal module calls {\tt print_goals}
d8205bb279a7 Initial revision lcp parents: diff changeset	64	to display proof states.
d8205bb279a7 Initial revision lcp parents: diff changeset	65
d8205bb279a7 Initial revision lcp parents: diff changeset	66	\item[\ttindexbold{string_of_thm} {\it thm}]
d8205bb279a7 Initial revision lcp parents: diff changeset	67	converts {\it thm\/} to a string.
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	68	\end{ttdescription}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	69
d8205bb279a7 Initial revision lcp parents: diff changeset	70
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	71	\subsection{Forward proof: joining rules by resolution}
bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	72	\index{theorems!joining by resolution}
bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	73	\index{resolution}\index{forward proof}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	74	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	75	RSN : thm * (int * thm) -> thm \hfill{\bf infix}
d8205bb279a7 Initial revision lcp parents: diff changeset	76	RS : thm * thm -> thm \hfill{\bf infix}
d8205bb279a7 Initial revision lcp parents: diff changeset	77	MRS : thm list * thm -> thm \hfill{\bf infix}
d8205bb279a7 Initial revision lcp parents: diff changeset	78	RLN : thm list * (int * thm list) -> thm list \hfill{\bf infix}
d8205bb279a7 Initial revision lcp parents: diff changeset	79	RL : thm list * thm list -> thm list \hfill{\bf infix}
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	80	MRL : thm list list * thm list -> thm list \hfill{\bf infix}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	81	\end{ttbox}
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	82	Joining rules together is a simple way of deriving new rules. These
876 5c18634db55d Under RS added cross reference to bind_thm lcp parents: 866 diff changeset	83	functions are especially useful with destruction rules. To store
5c18634db55d Under RS added cross reference to bind_thm lcp parents: 866 diff changeset	84	the result in the theorem database, use \ttindex{bind_thm}
5c18634db55d Under RS added cross reference to bind_thm lcp parents: 866 diff changeset	85	(\S\ref{ExtractingAndStoringTheProvedTheorem}).
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	86	\begin{ttdescription}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	87	\item[\tt$thm@1$ RSN $(i,thm@2)$] \indexbold{*RSN}
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	88	resolves the conclusion of $thm@1$ with the $i$th premise of~$thm@2$.
bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	89	Unless there is precisely one resolvent it raises exception
bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	90	\xdx{THM}; in that case, use {\tt RLN}.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	91
d8205bb279a7 Initial revision lcp parents: diff changeset	92	\item[\tt$thm@1$ RS $thm@2$] \indexbold{*RS}
d8205bb279a7 Initial revision lcp parents: diff changeset	93	abbreviates \hbox{\tt$thm@1$ RSN $(1,thm@2)$}. Thus, it resolves the
d8205bb279a7 Initial revision lcp parents: diff changeset	94	conclusion of $thm@1$ with the first premise of~$thm@2$.
d8205bb279a7 Initial revision lcp parents: diff changeset	95
d8205bb279a7 Initial revision lcp parents: diff changeset	96	\item[\tt {$[thm@1,\ldots,thm@n]$} MRS $thm$] \indexbold{*MRS}
332 01b87a921967 final Springer copy lcp parents: 326 diff changeset	97	uses {\tt RSN} to resolve $thm@i$ against premise~$i$ of $thm$, for
104 d8205bb279a7 Initial revision lcp parents: diff changeset	98	$i=n$, \ldots,~1. This applies $thm@n$, \ldots, $thm@1$ to the first $n$
d8205bb279a7 Initial revision lcp parents: diff changeset	99	premises of $thm$. Because the theorems are used from right to left, it
d8205bb279a7 Initial revision lcp parents: diff changeset	100	does not matter if the $thm@i$ create new premises. {\tt MRS} is useful
d8205bb279a7 Initial revision lcp parents: diff changeset	101	for expressing proof trees.
d8205bb279a7 Initial revision lcp parents: diff changeset	102
151 c5e636ca6576 corrected some obvious errors; wenzelm parents: 104 diff changeset	103	\item[\tt$thms@1$ RLN $(i,thms@2)$] \indexbold{*RLN}
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	104	joins lists of theorems. For every $thm@1$ in $thms@1$ and $thm@2$ in
bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	105	$thms@2$, it resolves the conclusion of $thm@1$ with the $i$th premise
bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	106	of~$thm@2$, accumulating the results.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	107
151 c5e636ca6576 corrected some obvious errors; wenzelm parents: 104 diff changeset	108	\item[\tt$thms@1$ RL $thms@2$] \indexbold{*RL}
c5e636ca6576 corrected some obvious errors; wenzelm parents: 104 diff changeset	109	abbreviates \hbox{\tt$thms@1$ RLN $(1,thms@2)$}.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	110
d8205bb279a7 Initial revision lcp parents: diff changeset	111	\item[\tt {$[thms@1,\ldots,thms@n]$} MRL $thms$] \indexbold{*MRL}
d8205bb279a7 Initial revision lcp parents: diff changeset	112	is analogous to {\tt MRS}, but combines theorem lists rather than theorems.
d8205bb279a7 Initial revision lcp parents: diff changeset	113	It too is useful for expressing proof trees.
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	114	\end{ttdescription}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	115
d8205bb279a7 Initial revision lcp parents: diff changeset	116
d8205bb279a7 Initial revision lcp parents: diff changeset	117	\subsection{Expanding definitions in theorems}
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	118	\index{meta-rewriting!in theorems}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	119	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	120	rewrite_rule : thm list -> thm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	121	rewrite_goals_rule : thm list -> thm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	122	\end{ttbox}
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	123	\begin{ttdescription}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	124	\item[\ttindexbold{rewrite_rule} {\it defs} {\it thm}]
d8205bb279a7 Initial revision lcp parents: diff changeset	125	unfolds the {\it defs} throughout the theorem~{\it thm}.
d8205bb279a7 Initial revision lcp parents: diff changeset	126
d8205bb279a7 Initial revision lcp parents: diff changeset	127	\item[\ttindexbold{rewrite_goals_rule} {\it defs} {\it thm}]
d8205bb279a7 Initial revision lcp parents: diff changeset	128	unfolds the {\it defs} in the premises of~{\it thm}, but leaves the
d8205bb279a7 Initial revision lcp parents: diff changeset	129	conclusion unchanged. This rule underlies \ttindex{rewrite_goals_tac}, but
d8205bb279a7 Initial revision lcp parents: diff changeset	130	serves little purpose in forward proof.
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	131	\end{ttdescription}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	132
d8205bb279a7 Initial revision lcp parents: diff changeset	133
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	134	\subsection{Instantiating a theorem}
bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	135	\index{instantiation}
286 e7efbf03562b first draft of Springer book lcp parents: 151 diff changeset	136	\begin{ttbox}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	137	read_instantiate : (string*string)list -> thm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	138	read_instantiate_sg : Sign.sg -> (string*string)list -> thm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	139	cterm_instantiate : (Sign.cterm*Sign.cterm)list -> thm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	140	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	141	These meta-rules instantiate type and term unknowns in a theorem. They are
d8205bb279a7 Initial revision lcp parents: diff changeset	142	occasionally useful. They can prevent difficulties with higher-order
d8205bb279a7 Initial revision lcp parents: diff changeset	143	unification, and define specialized versions of rules.
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	144	\begin{ttdescription}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	145	\item[\ttindexbold{read_instantiate} {\it insts} {\it thm}]
d8205bb279a7 Initial revision lcp parents: diff changeset	146	processes the instantiations {\it insts} and instantiates the rule~{\it
d8205bb279a7 Initial revision lcp parents: diff changeset	147	thm}. The processing of instantiations is described
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	148	in \S\ref{res_inst_tac}, under {\tt res_inst_tac}.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	149
d8205bb279a7 Initial revision lcp parents: diff changeset	150	Use {\tt res_inst_tac}, not {\tt read_instantiate}, to instantiate a rule
d8205bb279a7 Initial revision lcp parents: diff changeset	151	and refine a particular subgoal. The tactic allows instantiation by the
d8205bb279a7 Initial revision lcp parents: diff changeset	152	subgoal's parameters, and reads the instantiations using the signature
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	153	associated with the proof state.
bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	154
bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	155	Use {\tt read_instantiate_sg} below if {\it insts\/} appears to be treated
bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	156	incorrectly.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	157
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	158	\item[\ttindexbold{read_instantiate_sg} {\it sg} {\it insts} {\it thm}]
bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	159	resembles \hbox{\tt read_instantiate {\it insts} {\it thm}}, but reads
bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	160	the instantiations under signature~{\it sg}. This is necessary to
bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	161	instantiate a rule from a general theory, such as first-order logic,
bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	162	using the notation of some specialized theory. Use the function {\tt
bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	163	sign_of} to get a theory's signature.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	164
d8205bb279a7 Initial revision lcp parents: diff changeset	165	\item[\ttindexbold{cterm_instantiate} {\it ctpairs} {\it thm}]
d8205bb279a7 Initial revision lcp parents: diff changeset	166	is similar to {\tt read_instantiate}, but the instantiations are provided
d8205bb279a7 Initial revision lcp parents: diff changeset	167	as pairs of certified terms, not as strings to be read.
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	168	\end{ttdescription}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	169
d8205bb279a7 Initial revision lcp parents: diff changeset	170
866 2d3d020eef11 added documentation of bind_thm, qed, qed_goal, get_thm, thms_of clasohm parents: 332 diff changeset	171	\subsection{Miscellaneous forward rules}\label{MiscellaneousForwardRules}
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	172	\index{theorems!standardizing}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	173	\begin{ttbox}
332 01b87a921967 final Springer copy lcp parents: 326 diff changeset	174	standard : thm -> thm
01b87a921967 final Springer copy lcp parents: 326 diff changeset	175	zero_var_indexes : thm -> thm
01b87a921967 final Springer copy lcp parents: 326 diff changeset	176	make_elim : thm -> thm
104 d8205bb279a7 Initial revision lcp parents: diff changeset	177	rule_by_tactic : tactic -> thm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	178	\end{ttbox}
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	179	\begin{ttdescription}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	180	\item[\ttindexbold{standard} $thm$]
d8205bb279a7 Initial revision lcp parents: diff changeset	181	puts $thm$ into the standard form of object-rules. It discharges all
332 01b87a921967 final Springer copy lcp parents: 326 diff changeset	182	meta-assumptions, replaces free variables by schematic variables, and
104 d8205bb279a7 Initial revision lcp parents: diff changeset	183	renames schematic variables to have subscript zero.
d8205bb279a7 Initial revision lcp parents: diff changeset	184
d8205bb279a7 Initial revision lcp parents: diff changeset	185	\item[\ttindexbold{zero_var_indexes} $thm$]
d8205bb279a7 Initial revision lcp parents: diff changeset	186	makes all schematic variables have subscript zero, renaming them to avoid
d8205bb279a7 Initial revision lcp parents: diff changeset	187	clashes.
d8205bb279a7 Initial revision lcp parents: diff changeset	188
d8205bb279a7 Initial revision lcp parents: diff changeset	189	\item[\ttindexbold{make_elim} $thm$]
d8205bb279a7 Initial revision lcp parents: diff changeset	190	\index{rules!converting destruction to elimination}
d8205bb279a7 Initial revision lcp parents: diff changeset	191	converts $thm$, a destruction rule of the form $\List{P@1;\ldots;P@m}\Imp
d8205bb279a7 Initial revision lcp parents: diff changeset	192	Q$, to the elimination rule $\List{P@1; \ldots; P@m; Q\Imp R}\Imp R$. This
d8205bb279a7 Initial revision lcp parents: diff changeset	193	is the basis for destruct-resolution: {\tt dresolve_tac}, etc.
d8205bb279a7 Initial revision lcp parents: diff changeset	194
d8205bb279a7 Initial revision lcp parents: diff changeset	195	\item[\ttindexbold{rule_by_tactic} {\it tac} {\it thm}]
d8205bb279a7 Initial revision lcp parents: diff changeset	196	applies {\it tac\/} to the {\it thm}, freezing its variables first, then
d8205bb279a7 Initial revision lcp parents: diff changeset	197	yields the proof state returned by the tactic. In typical usage, the
d8205bb279a7 Initial revision lcp parents: diff changeset	198	{\it thm\/} represents an instance of a rule with several premises, some
d8205bb279a7 Initial revision lcp parents: diff changeset	199	with contradictory assumptions (because of the instantiation). The
d8205bb279a7 Initial revision lcp parents: diff changeset	200	tactic proves those subgoals and does whatever else it can, and returns
d8205bb279a7 Initial revision lcp parents: diff changeset	201	whatever is left.
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	202	\end{ttdescription}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	203
d8205bb279a7 Initial revision lcp parents: diff changeset	204
d8205bb279a7 Initial revision lcp parents: diff changeset	205	\subsection{Taking a theorem apart}
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	206	\index{theorems!taking apart}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	207	\index{flex-flex constraints}
d8205bb279a7 Initial revision lcp parents: diff changeset	208	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	209	concl_of : thm -> term
d8205bb279a7 Initial revision lcp parents: diff changeset	210	prems_of : thm -> term list
d8205bb279a7 Initial revision lcp parents: diff changeset	211	nprems_of : thm -> int
d8205bb279a7 Initial revision lcp parents: diff changeset	212	tpairs_of : thm -> (term*term)list
d8205bb279a7 Initial revision lcp parents: diff changeset	213	stamps_of_thy : thm -> string ref list
866 2d3d020eef11 added documentation of bind_thm, qed, qed_goal, get_thm, thms_of clasohm parents: 332 diff changeset	214	theory_of_thm : thm -> theory
286 e7efbf03562b first draft of Springer book lcp parents: 151 diff changeset	215	dest_state : thmint -> (termterm)listterm listterm*term
1590 1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	216	rep_thm : thm -> \{prop: term, hyps: term list,
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	217	maxidx: int, der: deriv, sign: Sign.sg\}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	218	\end{ttbox}
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	219	\begin{ttdescription}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	220	\item[\ttindexbold{concl_of} $thm$]
d8205bb279a7 Initial revision lcp parents: diff changeset	221	returns the conclusion of $thm$ as a term.
d8205bb279a7 Initial revision lcp parents: diff changeset	222
d8205bb279a7 Initial revision lcp parents: diff changeset	223	\item[\ttindexbold{prems_of} $thm$]
d8205bb279a7 Initial revision lcp parents: diff changeset	224	returns the premises of $thm$ as a list of terms.
d8205bb279a7 Initial revision lcp parents: diff changeset	225
d8205bb279a7 Initial revision lcp parents: diff changeset	226	\item[\ttindexbold{nprems_of} $thm$]
286 e7efbf03562b first draft of Springer book lcp parents: 151 diff changeset	227	returns the number of premises in $thm$, and is equivalent to {\tt
e7efbf03562b first draft of Springer book lcp parents: 151 diff changeset	228	length(prems_of~$thm$)}.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	229
d8205bb279a7 Initial revision lcp parents: diff changeset	230	\item[\ttindexbold{tpairs_of} $thm$]
d8205bb279a7 Initial revision lcp parents: diff changeset	231	returns the flex-flex constraints of $thm$.
d8205bb279a7 Initial revision lcp parents: diff changeset	232
d8205bb279a7 Initial revision lcp parents: diff changeset	233	\item[\ttindexbold{stamps_of_thm} $thm$]
332 01b87a921967 final Springer copy lcp parents: 326 diff changeset	234	returns the \rmindex{stamps} of the signature associated with~$thm$.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	235
866 2d3d020eef11 added documentation of bind_thm, qed, qed_goal, get_thm, thms_of clasohm parents: 332 diff changeset	236	\item[\ttindexbold{theory_of_thm} $thm$]
2d3d020eef11 added documentation of bind_thm, qed, qed_goal, get_thm, thms_of clasohm parents: 332 diff changeset	237	returns the theory associated with $thm$.
2d3d020eef11 added documentation of bind_thm, qed, qed_goal, get_thm, thms_of clasohm parents: 332 diff changeset	238
104 d8205bb279a7 Initial revision lcp parents: diff changeset	239	\item[\ttindexbold{dest_state} $(thm,i)$]
d8205bb279a7 Initial revision lcp parents: diff changeset	240	decomposes $thm$ as a tuple containing a list of flex-flex constraints, a
d8205bb279a7 Initial revision lcp parents: diff changeset	241	list of the subgoals~1 to~$i-1$, subgoal~$i$, and the rest of the theorem
d8205bb279a7 Initial revision lcp parents: diff changeset	242	(this will be an implication if there are more than $i$ subgoals).
d8205bb279a7 Initial revision lcp parents: diff changeset	243
d8205bb279a7 Initial revision lcp parents: diff changeset	244	\item[\ttindexbold{rep_thm} $thm$]
d8205bb279a7 Initial revision lcp parents: diff changeset	245	decomposes $thm$ as a record containing the statement of~$thm$, its list of
332 01b87a921967 final Springer copy lcp parents: 326 diff changeset	246	meta-assumptions, the maximum subscript of its unknowns, and its signature.
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	247	\end{ttdescription}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	248
d8205bb279a7 Initial revision lcp parents: diff changeset	249
d8205bb279a7 Initial revision lcp parents: diff changeset	250	\subsection{Tracing flags for unification}
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	251	\index{tracing!of unification}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	252	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	253	Unify.trace_simp : bool ref \hfill{\bf initially false}
d8205bb279a7 Initial revision lcp parents: diff changeset	254	Unify.trace_types : bool ref \hfill{\bf initially false}
d8205bb279a7 Initial revision lcp parents: diff changeset	255	Unify.trace_bound : int ref \hfill{\bf initially 10}
d8205bb279a7 Initial revision lcp parents: diff changeset	256	Unify.search_bound : int ref \hfill{\bf initially 20}
d8205bb279a7 Initial revision lcp parents: diff changeset	257	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	258	Tracing the search may be useful when higher-order unification behaves
d8205bb279a7 Initial revision lcp parents: diff changeset	259	unexpectedly. Letting {\tt res_inst_tac} circumvent the problem is easier,
d8205bb279a7 Initial revision lcp parents: diff changeset	260	though.
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	261	\begin{ttdescription}
bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	262	\item[Unify.trace_simp := true;]
104 d8205bb279a7 Initial revision lcp parents: diff changeset	263	causes tracing of the simplification phase.
d8205bb279a7 Initial revision lcp parents: diff changeset	264
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	265	\item[Unify.trace_types := true;]
104 d8205bb279a7 Initial revision lcp parents: diff changeset	266	generates warnings of incompleteness, when unification is not considering
d8205bb279a7 Initial revision lcp parents: diff changeset	267	all possible instantiations of type unknowns.
d8205bb279a7 Initial revision lcp parents: diff changeset	268
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	269	\item[Unify.trace_bound := $n$;]
104 d8205bb279a7 Initial revision lcp parents: diff changeset	270	causes unification to print tracing information once it reaches depth~$n$.
d8205bb279a7 Initial revision lcp parents: diff changeset	271	Use $n=0$ for full tracing. At the default value of~10, tracing
d8205bb279a7 Initial revision lcp parents: diff changeset	272	information is almost never printed.
d8205bb279a7 Initial revision lcp parents: diff changeset	273
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	274	\item[Unify.search_bound := $n$;]
104 d8205bb279a7 Initial revision lcp parents: diff changeset	275	causes unification to limit its search to depth~$n$. Because of this
d8205bb279a7 Initial revision lcp parents: diff changeset	276	bound, higher-order unification cannot return an infinite sequence, though
d8205bb279a7 Initial revision lcp parents: diff changeset	277	it can return a very long one. The search rarely approaches the default
d8205bb279a7 Initial revision lcp parents: diff changeset	278	value of~20. If the search is cut off, unification prints {\tt
d8205bb279a7 Initial revision lcp parents: diff changeset	279	***Unification bound exceeded}.
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	280	\end{ttdescription}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	281
d8205bb279a7 Initial revision lcp parents: diff changeset	282
d8205bb279a7 Initial revision lcp parents: diff changeset	283	\section{Primitive meta-level inference rules}
d8205bb279a7 Initial revision lcp parents: diff changeset	284	\index{meta-rules\|(}
d8205bb279a7 Initial revision lcp parents: diff changeset	285	These implement the meta-logic in {\sc lcf} style, as functions from theorems
d8205bb279a7 Initial revision lcp parents: diff changeset	286	to theorems. They are, rarely, useful for deriving results in the pure
d8205bb279a7 Initial revision lcp parents: diff changeset	287	theory. Mainly, they are included for completeness, and most users should
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	288	not bother with them. The meta-rules raise exception \xdx{THM} to signal
104 d8205bb279a7 Initial revision lcp parents: diff changeset	289	malformed premises, incompatible signatures and similar errors.
d8205bb279a7 Initial revision lcp parents: diff changeset	290
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	291	\index{meta-assumptions}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	292	The meta-logic uses natural deduction. Each theorem may depend on
332 01b87a921967 final Springer copy lcp parents: 326 diff changeset	293	meta-level assumptions. Certain rules, such as $({\Imp}I)$,
104 d8205bb279a7 Initial revision lcp parents: diff changeset	294	discharge assumptions; in most other rules, the conclusion depends on all
d8205bb279a7 Initial revision lcp parents: diff changeset	295	of the assumptions of the premises. Formally, the system works with
d8205bb279a7 Initial revision lcp parents: diff changeset	296	assertions of the form
d8205bb279a7 Initial revision lcp parents: diff changeset	297	\[ \phi \quad [\phi@1,\ldots,\phi@n], \]
332 01b87a921967 final Springer copy lcp parents: 326 diff changeset	298	where $\phi@1$,~\ldots,~$\phi@n$ are the assumptions. Do not confuse
104 d8205bb279a7 Initial revision lcp parents: diff changeset	299	meta-level assumptions with the object-level assumptions in a subgoal,
d8205bb279a7 Initial revision lcp parents: diff changeset	300	which are represented in the meta-logic using~$\Imp$.
d8205bb279a7 Initial revision lcp parents: diff changeset	301
d8205bb279a7 Initial revision lcp parents: diff changeset	302	Each theorem has a signature. Certified terms have a signature. When a
d8205bb279a7 Initial revision lcp parents: diff changeset	303	rule takes several premises and certified terms, it merges the signatures
d8205bb279a7 Initial revision lcp parents: diff changeset	304	to make a signature for the conclusion. This fails if the signatures are
d8205bb279a7 Initial revision lcp parents: diff changeset	305	incompatible.
d8205bb279a7 Initial revision lcp parents: diff changeset	306
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	307	\index{meta-implication}
332 01b87a921967 final Springer copy lcp parents: 326 diff changeset	308	The {\bf implication} rules are $({\Imp}I)$
104 d8205bb279a7 Initial revision lcp parents: diff changeset	309	and $({\Imp}E)$:
d8205bb279a7 Initial revision lcp parents: diff changeset	310	\[ \infer[({\Imp}I)]{\phi\Imp \psi}{\infer*{\psi}{[\phi]}} \qquad
d8205bb279a7 Initial revision lcp parents: diff changeset	311	\infer[({\Imp}E)]{\psi}{\phi\Imp \psi & \phi} \]
d8205bb279a7 Initial revision lcp parents: diff changeset	312
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	313	\index{meta-equality}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	314	Equality of truth values means logical equivalence:
d8205bb279a7 Initial revision lcp parents: diff changeset	315	\[ \infer[({\equiv}I)]{\phi\equiv\psi}{\infer*{\psi}{[\phi]} &
286 e7efbf03562b first draft of Springer book lcp parents: 151 diff changeset	316	\infer*{\phi}{[\psi]}}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	317	\qquad
d8205bb279a7 Initial revision lcp parents: diff changeset	318	\infer[({\equiv}E)]{\psi}{\phi\equiv \psi & \phi} \]
d8205bb279a7 Initial revision lcp parents: diff changeset	319
332 01b87a921967 final Springer copy lcp parents: 326 diff changeset	320	The {\bf equality} rules are reflexivity, symmetry, and transitivity:
104 d8205bb279a7 Initial revision lcp parents: diff changeset	321	\[ {a\equiv a}\,(refl) \qquad
d8205bb279a7 Initial revision lcp parents: diff changeset	322	\infer[(sym)]{b\equiv a}{a\equiv b} \qquad
d8205bb279a7 Initial revision lcp parents: diff changeset	323	\infer[(trans)]{a\equiv c}{a\equiv b & b\equiv c} \]
d8205bb279a7 Initial revision lcp parents: diff changeset	324
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	325	\index{lambda calc@$\lambda$-calculus}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	326	The $\lambda$-conversions are $\alpha$-conversion, $\beta$-conversion, and
d8205bb279a7 Initial revision lcp parents: diff changeset	327	extensionality:\footnote{$\alpha$-conversion holds if $y$ is not free
d8205bb279a7 Initial revision lcp parents: diff changeset	328	in~$a$; $(ext)$ holds if $x$ is not free in the assumptions, $f$, or~$g$.}
d8205bb279a7 Initial revision lcp parents: diff changeset	329	\[ {(\lambda x.a) \equiv (\lambda y.a[y/x])} \qquad
d8205bb279a7 Initial revision lcp parents: diff changeset	330	{((\lambda x.a)(b)) \equiv a[b/x]} \qquad
d8205bb279a7 Initial revision lcp parents: diff changeset	331	\infer[(ext)]{f\equiv g}{f(x) \equiv g(x)} \]
d8205bb279a7 Initial revision lcp parents: diff changeset	332
332 01b87a921967 final Springer copy lcp parents: 326 diff changeset	333	The {\bf abstraction} and {\bf combination} rules let conversions be
01b87a921967 final Springer copy lcp parents: 326 diff changeset	334	applied to subterms:\footnote{Abstraction holds if $x$ is not free in the
104 d8205bb279a7 Initial revision lcp parents: diff changeset	335	assumptions.}
d8205bb279a7 Initial revision lcp parents: diff changeset	336	\[ \infer[(abs)]{(\lambda x.a) \equiv (\lambda x.b)}{a\equiv b} \qquad
d8205bb279a7 Initial revision lcp parents: diff changeset	337	\infer[(comb)]{f(a)\equiv g(b)}{f\equiv g & a\equiv b} \]
d8205bb279a7 Initial revision lcp parents: diff changeset	338
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	339	\index{meta-quantifiers}
332 01b87a921967 final Springer copy lcp parents: 326 diff changeset	340	The {\bf universal quantification} rules are $(\Forall I)$ and $(\Forall
104 d8205bb279a7 Initial revision lcp parents: diff changeset	341	E)$:\footnote{$(\Forall I)$ holds if $x$ is not free in the assumptions.}
d8205bb279a7 Initial revision lcp parents: diff changeset	342	\[ \infer[(\Forall I)]{\Forall x.\phi}{\phi} \qquad
286 e7efbf03562b first draft of Springer book lcp parents: 151 diff changeset	343	\infer[(\Forall E)]{\phi[b/x]}{\Forall x.\phi} \]
104 d8205bb279a7 Initial revision lcp parents: diff changeset	344
d8205bb279a7 Initial revision lcp parents: diff changeset	345
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	346	\subsection{Assumption rule}
bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	347	\index{meta-assumptions}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	348	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	349	assume: Sign.cterm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	350	\end{ttbox}
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	351	\begin{ttdescription}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	352	\item[\ttindexbold{assume} $ct$]
332 01b87a921967 final Springer copy lcp parents: 326 diff changeset	353	makes the theorem $\phi \;[\phi]$, where $\phi$ is the value of~$ct$.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	354	The rule checks that $ct$ has type $prop$ and contains no unknowns, which
332 01b87a921967 final Springer copy lcp parents: 326 diff changeset	355	are not allowed in assumptions.
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	356	\end{ttdescription}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	357
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	358	\subsection{Implication rules}
bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	359	\index{meta-implication}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	360	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	361	implies_intr : Sign.cterm -> thm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	362	implies_intr_list : Sign.cterm list -> thm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	363	implies_intr_hyps : thm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	364	implies_elim : thm -> thm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	365	implies_elim_list : thm -> thm list -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	366	\end{ttbox}
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	367	\begin{ttdescription}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	368	\item[\ttindexbold{implies_intr} $ct$ $thm$]
d8205bb279a7 Initial revision lcp parents: diff changeset	369	is $({\Imp}I)$, where $ct$ is the assumption to discharge, say~$\phi$. It
332 01b87a921967 final Springer copy lcp parents: 326 diff changeset	370	maps the premise~$\psi$ to the conclusion $\phi\Imp\psi$, removing all
01b87a921967 final Springer copy lcp parents: 326 diff changeset	371	occurrences of~$\phi$ from the assumptions. The rule checks that $ct$ has
01b87a921967 final Springer copy lcp parents: 326 diff changeset	372	type $prop$.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	373
d8205bb279a7 Initial revision lcp parents: diff changeset	374	\item[\ttindexbold{implies_intr_list} $cts$ $thm$]
d8205bb279a7 Initial revision lcp parents: diff changeset	375	applies $({\Imp}I)$ repeatedly, on every element of the list~$cts$.
d8205bb279a7 Initial revision lcp parents: diff changeset	376
d8205bb279a7 Initial revision lcp parents: diff changeset	377	\item[\ttindexbold{implies_intr_hyps} $thm$]
332 01b87a921967 final Springer copy lcp parents: 326 diff changeset	378	applies $({\Imp}I)$ to discharge all the hypotheses (assumptions) of~$thm$.
01b87a921967 final Springer copy lcp parents: 326 diff changeset	379	It maps the premise $\phi \; [\phi@1,\ldots,\phi@n]$ to the conclusion
104 d8205bb279a7 Initial revision lcp parents: diff changeset	380	$\List{\phi@1,\ldots,\phi@n}\Imp\phi$.
d8205bb279a7 Initial revision lcp parents: diff changeset	381
d8205bb279a7 Initial revision lcp parents: diff changeset	382	\item[\ttindexbold{implies_elim} $thm@1$ $thm@2$]
d8205bb279a7 Initial revision lcp parents: diff changeset	383	applies $({\Imp}E)$ to $thm@1$ and~$thm@2$. It maps the premises $\phi\Imp
d8205bb279a7 Initial revision lcp parents: diff changeset	384	\psi$ and $\phi$ to the conclusion~$\psi$.
d8205bb279a7 Initial revision lcp parents: diff changeset	385
d8205bb279a7 Initial revision lcp parents: diff changeset	386	\item[\ttindexbold{implies_elim_list} $thm$ $thms$]
d8205bb279a7 Initial revision lcp parents: diff changeset	387	applies $({\Imp}E)$ repeatedly to $thm$, using each element of~$thms$ in
151 c5e636ca6576 corrected some obvious errors; wenzelm parents: 104 diff changeset	388	turn. It maps the premises $\List{\phi@1,\ldots,\phi@n}\Imp\psi$ and
104 d8205bb279a7 Initial revision lcp parents: diff changeset	389	$\phi@1$,\ldots,$\phi@n$ to the conclusion~$\psi$.
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	390	\end{ttdescription}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	391
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	392	\subsection{Logical equivalence rules}
bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	393	\index{meta-equality}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	394	\begin{ttbox}
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	395	equal_intr : thm -> thm -> thm
bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	396	equal_elim : thm -> thm -> thm
104 d8205bb279a7 Initial revision lcp parents: diff changeset	397	\end{ttbox}
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	398	\begin{ttdescription}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	399	\item[\ttindexbold{equal_intr} $thm@1$ $thm@2$]
332 01b87a921967 final Springer copy lcp parents: 326 diff changeset	400	applies $({\equiv}I)$ to $thm@1$ and~$thm@2$. It maps the premises~$\psi$
01b87a921967 final Springer copy lcp parents: 326 diff changeset	401	and~$\phi$ to the conclusion~$\phi\equiv\psi$; the assumptions are those of
01b87a921967 final Springer copy lcp parents: 326 diff changeset	402	the first premise with~$\phi$ removed, plus those of
01b87a921967 final Springer copy lcp parents: 326 diff changeset	403	the second premise with~$\psi$ removed.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	404
d8205bb279a7 Initial revision lcp parents: diff changeset	405	\item[\ttindexbold{equal_elim} $thm@1$ $thm@2$]
d8205bb279a7 Initial revision lcp parents: diff changeset	406	applies $({\equiv}E)$ to $thm@1$ and~$thm@2$. It maps the premises
d8205bb279a7 Initial revision lcp parents: diff changeset	407	$\phi\equiv\psi$ and $\phi$ to the conclusion~$\psi$.
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	408	\end{ttdescription}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	409
d8205bb279a7 Initial revision lcp parents: diff changeset	410
d8205bb279a7 Initial revision lcp parents: diff changeset	411	\subsection{Equality rules}
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	412	\index{meta-equality}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	413	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	414	reflexive : Sign.cterm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	415	symmetric : thm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	416	transitive : thm -> thm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	417	\end{ttbox}
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	418	\begin{ttdescription}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	419	\item[\ttindexbold{reflexive} $ct$]
151 c5e636ca6576 corrected some obvious errors; wenzelm parents: 104 diff changeset	420	makes the theorem $ct\equiv ct$.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	421
d8205bb279a7 Initial revision lcp parents: diff changeset	422	\item[\ttindexbold{symmetric} $thm$]
d8205bb279a7 Initial revision lcp parents: diff changeset	423	maps the premise $a\equiv b$ to the conclusion $b\equiv a$.
d8205bb279a7 Initial revision lcp parents: diff changeset	424
d8205bb279a7 Initial revision lcp parents: diff changeset	425	\item[\ttindexbold{transitive} $thm@1$ $thm@2$]
d8205bb279a7 Initial revision lcp parents: diff changeset	426	maps the premises $a\equiv b$ and $b\equiv c$ to the conclusion~${a\equiv c}$.
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	427	\end{ttdescription}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	428
d8205bb279a7 Initial revision lcp parents: diff changeset	429
d8205bb279a7 Initial revision lcp parents: diff changeset	430	\subsection{The $\lambda$-conversion rules}
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	431	\index{lambda calc@$\lambda$-calculus}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	432	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	433	beta_conversion : Sign.cterm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	434	extensional : thm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	435	abstract_rule : string -> Sign.cterm -> thm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	436	combination : thm -> thm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	437	\end{ttbox}
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	438	There is no rule for $\alpha$-conversion because Isabelle regards
bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	439	$\alpha$-convertible theorems as equal.
bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	440	\begin{ttdescription}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	441	\item[\ttindexbold{beta_conversion} $ct$]
d8205bb279a7 Initial revision lcp parents: diff changeset	442	makes the theorem $((\lambda x.a)(b)) \equiv a[b/x]$, where $ct$ is the
d8205bb279a7 Initial revision lcp parents: diff changeset	443	term $(\lambda x.a)(b)$.
d8205bb279a7 Initial revision lcp parents: diff changeset	444
d8205bb279a7 Initial revision lcp parents: diff changeset	445	\item[\ttindexbold{extensional} $thm$]
d8205bb279a7 Initial revision lcp parents: diff changeset	446	maps the premise $f(x) \equiv g(x)$ to the conclusion $f\equiv g$.
d8205bb279a7 Initial revision lcp parents: diff changeset	447	Parameter~$x$ is taken from the premise. It may be an unknown or a free
332 01b87a921967 final Springer copy lcp parents: 326 diff changeset	448	variable (provided it does not occur in the assumptions); it must not occur
104 d8205bb279a7 Initial revision lcp parents: diff changeset	449	in $f$ or~$g$.
d8205bb279a7 Initial revision lcp parents: diff changeset	450
d8205bb279a7 Initial revision lcp parents: diff changeset	451	\item[\ttindexbold{abstract_rule} $v$ $x$ $thm$]
d8205bb279a7 Initial revision lcp parents: diff changeset	452	maps the premise $a\equiv b$ to the conclusion $(\lambda x.a) \equiv
d8205bb279a7 Initial revision lcp parents: diff changeset	453	(\lambda x.b)$, abstracting over all occurrences (if any!) of~$x$.
d8205bb279a7 Initial revision lcp parents: diff changeset	454	Parameter~$x$ is supplied as a cterm. It may be an unknown or a free
332 01b87a921967 final Springer copy lcp parents: 326 diff changeset	455	variable (provided it does not occur in the assumptions). In the
104 d8205bb279a7 Initial revision lcp parents: diff changeset	456	conclusion, the bound variable is named~$v$.
d8205bb279a7 Initial revision lcp parents: diff changeset	457
d8205bb279a7 Initial revision lcp parents: diff changeset	458	\item[\ttindexbold{combination} $thm@1$ $thm@2$]
d8205bb279a7 Initial revision lcp parents: diff changeset	459	maps the premises $f\equiv g$ and $a\equiv b$ to the conclusion~$f(a)\equiv
d8205bb279a7 Initial revision lcp parents: diff changeset	460	g(b)$.
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	461	\end{ttdescription}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	462
d8205bb279a7 Initial revision lcp parents: diff changeset	463
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	464	\subsection{Forall introduction rules}
bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	465	\index{meta-quantifiers}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	466	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	467	forall_intr : Sign.cterm -> thm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	468	forall_intr_list : Sign.cterm list -> thm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	469	forall_intr_frees : thm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	470	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	471
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	472	\begin{ttdescription}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	473	\item[\ttindexbold{forall_intr} $x$ $thm$]
d8205bb279a7 Initial revision lcp parents: diff changeset	474	applies $({\Forall}I)$, abstracting over all occurrences (if any!) of~$x$.
d8205bb279a7 Initial revision lcp parents: diff changeset	475	The rule maps the premise $\phi$ to the conclusion $\Forall x.\phi$.
d8205bb279a7 Initial revision lcp parents: diff changeset	476	Parameter~$x$ is supplied as a cterm. It may be an unknown or a free
332 01b87a921967 final Springer copy lcp parents: 326 diff changeset	477	variable (provided it does not occur in the assumptions).
104 d8205bb279a7 Initial revision lcp parents: diff changeset	478
d8205bb279a7 Initial revision lcp parents: diff changeset	479	\item[\ttindexbold{forall_intr_list} $xs$ $thm$]
d8205bb279a7 Initial revision lcp parents: diff changeset	480	applies $({\Forall}I)$ repeatedly, on every element of the list~$xs$.
d8205bb279a7 Initial revision lcp parents: diff changeset	481
d8205bb279a7 Initial revision lcp parents: diff changeset	482	\item[\ttindexbold{forall_intr_frees} $thm$]
d8205bb279a7 Initial revision lcp parents: diff changeset	483	applies $({\Forall}I)$ repeatedly, generalizing over all the free variables
d8205bb279a7 Initial revision lcp parents: diff changeset	484	of the premise.
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	485	\end{ttdescription}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	486
d8205bb279a7 Initial revision lcp parents: diff changeset	487
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	488	\subsection{Forall elimination rules}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	489	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	490	forall_elim : Sign.cterm -> thm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	491	forall_elim_list : Sign.cterm list -> thm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	492	forall_elim_var : int -> thm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	493	forall_elim_vars : int -> thm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	494	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	495
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	496	\begin{ttdescription}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	497	\item[\ttindexbold{forall_elim} $ct$ $thm$]
d8205bb279a7 Initial revision lcp parents: diff changeset	498	applies $({\Forall}E)$, mapping the premise $\Forall x.\phi$ to the conclusion
d8205bb279a7 Initial revision lcp parents: diff changeset	499	$\phi[ct/x]$. The rule checks that $ct$ and $x$ have the same type.
d8205bb279a7 Initial revision lcp parents: diff changeset	500
d8205bb279a7 Initial revision lcp parents: diff changeset	501	\item[\ttindexbold{forall_elim_list} $cts$ $thm$]
d8205bb279a7 Initial revision lcp parents: diff changeset	502	applies $({\Forall}E)$ repeatedly, on every element of the list~$cts$.
d8205bb279a7 Initial revision lcp parents: diff changeset	503
d8205bb279a7 Initial revision lcp parents: diff changeset	504	\item[\ttindexbold{forall_elim_var} $k$ $thm$]
d8205bb279a7 Initial revision lcp parents: diff changeset	505	applies $({\Forall}E)$, mapping the premise $\Forall x.\phi$ to the conclusion
d8205bb279a7 Initial revision lcp parents: diff changeset	506	$\phi[\Var{x@k}/x]$. Thus, it replaces the outermost $\Forall$-bound
d8205bb279a7 Initial revision lcp parents: diff changeset	507	variable by an unknown having subscript~$k$.
d8205bb279a7 Initial revision lcp parents: diff changeset	508
d8205bb279a7 Initial revision lcp parents: diff changeset	509	\item[\ttindexbold{forall_elim_vars} $ks$ $thm$]
d8205bb279a7 Initial revision lcp parents: diff changeset	510	applies {\tt forall_elim_var} repeatedly, for every element of the list~$ks$.
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	511	\end{ttdescription}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	512
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	513	\subsection{Instantiation of unknowns}
bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	514	\index{instantiation}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	515	\begin{ttbox}
286 e7efbf03562b first draft of Springer book lcp parents: 151 diff changeset	516	instantiate: (indexnameSign.ctyp)list
e7efbf03562b first draft of Springer book lcp parents: 151 diff changeset	517	(Sign.cterm*Sign.cterm)list -> thm -> thm
104 d8205bb279a7 Initial revision lcp parents: diff changeset	518	\end{ttbox}
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	519	\begin{ttdescription}
bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	520	\item[\ttindexbold{instantiate} ($tyinsts$, $insts$) $thm$]
bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	521	simultaneously substitutes types for type unknowns (the
104 d8205bb279a7 Initial revision lcp parents: diff changeset	522	$tyinsts$) and terms for term unknowns (the $insts$). Instantiations are
d8205bb279a7 Initial revision lcp parents: diff changeset	523	given as $(v,t)$ pairs, where $v$ is an unknown and $t$ is a term (of the
d8205bb279a7 Initial revision lcp parents: diff changeset	524	same type as $v$) or a type (of the same sort as~$v$). All the unknowns
d8205bb279a7 Initial revision lcp parents: diff changeset	525	must be distinct. The rule normalizes its conclusion.
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	526	\end{ttdescription}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	527
d8205bb279a7 Initial revision lcp parents: diff changeset	528
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	529	\subsection{Freezing/thawing type unknowns}
bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	530	\index{type unknowns!freezing/thawing of}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	531	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	532	freezeT: thm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	533	varifyT: thm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	534	\end{ttbox}
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	535	\begin{ttdescription}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	536	\item[\ttindexbold{freezeT} $thm$]
d8205bb279a7 Initial revision lcp parents: diff changeset	537	converts all the type unknowns in $thm$ to free type variables.
d8205bb279a7 Initial revision lcp parents: diff changeset	538
d8205bb279a7 Initial revision lcp parents: diff changeset	539	\item[\ttindexbold{varifyT} $thm$]
d8205bb279a7 Initial revision lcp parents: diff changeset	540	converts all the free type variables in $thm$ to type unknowns.
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	541	\end{ttdescription}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	542
d8205bb279a7 Initial revision lcp parents: diff changeset	543
d8205bb279a7 Initial revision lcp parents: diff changeset	544	\section{Derived rules for goal-directed proof}
d8205bb279a7 Initial revision lcp parents: diff changeset	545	Most of these rules have the sole purpose of implementing particular
d8205bb279a7 Initial revision lcp parents: diff changeset	546	tactics. There are few occasions for applying them directly to a theorem.
d8205bb279a7 Initial revision lcp parents: diff changeset	547
d8205bb279a7 Initial revision lcp parents: diff changeset	548	\subsection{Proof by assumption}
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	549	\index{meta-assumptions}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	550	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	551	assumption : int -> thm -> thm Sequence.seq
d8205bb279a7 Initial revision lcp parents: diff changeset	552	eq_assumption : int -> thm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	553	\end{ttbox}
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	554	\begin{ttdescription}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	555	\item[\ttindexbold{assumption} {\it i} $thm$]
d8205bb279a7 Initial revision lcp parents: diff changeset	556	attempts to solve premise~$i$ of~$thm$ by assumption.
d8205bb279a7 Initial revision lcp parents: diff changeset	557
d8205bb279a7 Initial revision lcp parents: diff changeset	558	\item[\ttindexbold{eq_assumption}]
d8205bb279a7 Initial revision lcp parents: diff changeset	559	is like {\tt assumption} but does not use unification.
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	560	\end{ttdescription}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	561
d8205bb279a7 Initial revision lcp parents: diff changeset	562
d8205bb279a7 Initial revision lcp parents: diff changeset	563	\subsection{Resolution}
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	564	\index{resolution}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	565	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	566	biresolution : bool -> (bool*thm)list -> int -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	567	-> thm Sequence.seq
d8205bb279a7 Initial revision lcp parents: diff changeset	568	\end{ttbox}
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	569	\begin{ttdescription}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	570	\item[\ttindexbold{biresolution} $match$ $rules$ $i$ $state$]
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	571	performs bi-resolution on subgoal~$i$ of $state$, using the list of $\it
104 d8205bb279a7 Initial revision lcp parents: diff changeset	572	(flag,rule)$ pairs. For each pair, it applies resolution if the flag
d8205bb279a7 Initial revision lcp parents: diff changeset	573	is~{\tt false} and elim-resolution if the flag is~{\tt true}. If $match$
d8205bb279a7 Initial revision lcp parents: diff changeset	574	is~{\tt true}, the $state$ is not instantiated.
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	575	\end{ttdescription}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	576
d8205bb279a7 Initial revision lcp parents: diff changeset	577
d8205bb279a7 Initial revision lcp parents: diff changeset	578	\subsection{Composition: resolution without lifting}
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	579	\index{resolution!without lifting}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	580	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	581	compose : thm * int * thm -> thm list
d8205bb279a7 Initial revision lcp parents: diff changeset	582	COMP : thm * thm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	583	bicompose : bool -> bool * thm * int -> int -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	584	-> thm Sequence.seq
d8205bb279a7 Initial revision lcp parents: diff changeset	585	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	586	In forward proof, a typical use of composition is to regard an assertion of
d8205bb279a7 Initial revision lcp parents: diff changeset	587	the form $\phi\Imp\psi$ as atomic. Schematic variables are not renamed, so
d8205bb279a7 Initial revision lcp parents: diff changeset	588	beware of clashes!
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	589	\begin{ttdescription}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	590	\item[\ttindexbold{compose} ($thm@1$, $i$, $thm@2$)]
d8205bb279a7 Initial revision lcp parents: diff changeset	591	uses $thm@1$, regarded as an atomic formula, to solve premise~$i$
d8205bb279a7 Initial revision lcp parents: diff changeset	592	of~$thm@2$. Let $thm@1$ and $thm@2$ be $\psi$ and $\List{\phi@1; \ldots;
d8205bb279a7 Initial revision lcp parents: diff changeset	593	\phi@n} \Imp \phi$. For each $s$ that unifies~$\psi$ and $\phi@i$, the
d8205bb279a7 Initial revision lcp parents: diff changeset	594	result list contains the theorem
d8205bb279a7 Initial revision lcp parents: diff changeset	595	\[ (\List{\phi@1; \ldots; \phi@{i-1}; \phi@{i+1}; \ldots; \phi@n} \Imp \phi)s.
d8205bb279a7 Initial revision lcp parents: diff changeset	596	\]
d8205bb279a7 Initial revision lcp parents: diff changeset	597
1119 49ed9a415637 Indexing of COMP lcp parents: 876 diff changeset	598	\item[$thm@1$ \ttindexbold{COMP} $thm@2$]
104 d8205bb279a7 Initial revision lcp parents: diff changeset	599	calls \hbox{\tt compose ($thm@1$, 1, $thm@2$)} and returns the result, if
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	600	unique; otherwise, it raises exception~\xdx{THM}\@. It is
104 d8205bb279a7 Initial revision lcp parents: diff changeset	601	analogous to {\tt RS}\@.
d8205bb279a7 Initial revision lcp parents: diff changeset	602
d8205bb279a7 Initial revision lcp parents: diff changeset	603	For example, suppose that $thm@1$ is $a=b\Imp b=a$, a symmetry rule, and
332 01b87a921967 final Springer copy lcp parents: 326 diff changeset	604	that $thm@2$ is $\List{P\Imp Q; \neg Q} \Imp\neg P$, which is the
104 d8205bb279a7 Initial revision lcp parents: diff changeset	605	principle of contrapositives. Then the result would be the
d8205bb279a7 Initial revision lcp parents: diff changeset	606	derived rule $\neg(b=a)\Imp\neg(a=b)$.
d8205bb279a7 Initial revision lcp parents: diff changeset	607
d8205bb279a7 Initial revision lcp parents: diff changeset	608	\item[\ttindexbold{bicompose} $match$ ($flag$, $rule$, $m$) $i$ $state$]
d8205bb279a7 Initial revision lcp parents: diff changeset	609	refines subgoal~$i$ of $state$ using $rule$, without lifting. The $rule$
d8205bb279a7 Initial revision lcp parents: diff changeset	610	is taken to have the form $\List{\psi@1; \ldots; \psi@m} \Imp \psi$, where
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	611	$\psi$ need not be atomic; thus $m$ determines the number of new
104 d8205bb279a7 Initial revision lcp parents: diff changeset	612	subgoals. If $flag$ is {\tt true} then it performs elim-resolution --- it
d8205bb279a7 Initial revision lcp parents: diff changeset	613	solves the first premise of~$rule$ by assumption and deletes that
d8205bb279a7 Initial revision lcp parents: diff changeset	614	assumption. If $match$ is~{\tt true}, the $state$ is not instantiated.
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	615	\end{ttdescription}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	616
d8205bb279a7 Initial revision lcp parents: diff changeset	617
d8205bb279a7 Initial revision lcp parents: diff changeset	618	\subsection{Other meta-rules}
d8205bb279a7 Initial revision lcp parents: diff changeset	619	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	620	trivial : Sign.cterm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	621	lift_rule : (thm * int) -> thm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	622	rename_params_rule : string list * int -> thm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	623	rewrite_cterm : thm list -> Sign.cterm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	624	flexflex_rule : thm -> thm Sequence.seq
d8205bb279a7 Initial revision lcp parents: diff changeset	625	\end{ttbox}
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	626	\begin{ttdescription}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	627	\item[\ttindexbold{trivial} $ct$]
d8205bb279a7 Initial revision lcp parents: diff changeset	628	makes the theorem $\phi\Imp\phi$, where $\phi$ is the value of~$ct$.
d8205bb279a7 Initial revision lcp parents: diff changeset	629	This is the initial state for a goal-directed proof of~$\phi$. The rule
d8205bb279a7 Initial revision lcp parents: diff changeset	630	checks that $ct$ has type~$prop$.
d8205bb279a7 Initial revision lcp parents: diff changeset	631
d8205bb279a7 Initial revision lcp parents: diff changeset	632	\item[\ttindexbold{lift_rule} ($state$, $i$) $rule$] \index{lifting}
d8205bb279a7 Initial revision lcp parents: diff changeset	633	prepares $rule$ for resolution by lifting it over the parameters and
d8205bb279a7 Initial revision lcp parents: diff changeset	634	assumptions of subgoal~$i$ of~$state$.
d8205bb279a7 Initial revision lcp parents: diff changeset	635
d8205bb279a7 Initial revision lcp parents: diff changeset	636	\item[\ttindexbold{rename_params_rule} ({\it names}, {\it i}) $thm$]
d8205bb279a7 Initial revision lcp parents: diff changeset	637	uses the $names$ to rename the parameters of premise~$i$ of $thm$. The
d8205bb279a7 Initial revision lcp parents: diff changeset	638	names must be distinct. If there are fewer names than parameters, then the
d8205bb279a7 Initial revision lcp parents: diff changeset	639	rule renames the innermost parameters and may modify the remaining ones to
d8205bb279a7 Initial revision lcp parents: diff changeset	640	ensure that all the parameters are distinct.
d8205bb279a7 Initial revision lcp parents: diff changeset	641	\index{parameters!renaming}
d8205bb279a7 Initial revision lcp parents: diff changeset	642
d8205bb279a7 Initial revision lcp parents: diff changeset	643	\item[\ttindexbold{rewrite_cterm} $defs$ $ct$]
d8205bb279a7 Initial revision lcp parents: diff changeset	644	transforms $ct$ to $ct'$ by repeatedly applying $defs$ as rewrite rules; it
d8205bb279a7 Initial revision lcp parents: diff changeset	645	returns the conclusion~$ct\equiv ct'$. This underlies the meta-rewriting
d8205bb279a7 Initial revision lcp parents: diff changeset	646	tactics and rules.
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	647	\index{meta-rewriting!in terms}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	648
d8205bb279a7 Initial revision lcp parents: diff changeset	649	\item[\ttindexbold{flexflex_rule} $thm$] \index{flex-flex constraints}
d8205bb279a7 Initial revision lcp parents: diff changeset	650	removes all flex-flex pairs from $thm$ using the trivial unifier.
326 bef614030e24 penultimate Springer draft lcp parents: 286 diff changeset	651	\end{ttdescription}
1590 1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	652	\index{meta-rules\|)}
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	653
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	654
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	655	\section{Proof objects}
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	656	\index{proof objects\|(} Isabelle can record the full meta-level proof of each
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	657	theorem. The proof object contains all logical inferences in detail, while
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	658	omitting bookkeeping steps that have no logical meaning to an outside
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	659	observer. Rewriting steps are recorded in similar detail as the output of
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	660	simplifier tracing. The proof object can be inspected by a separate
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	661	proof-checker, or used to generate human-readable proof digests.
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	662
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	663	Full proof objects are large. They multiply storage requirements by about
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	664	seven; attempts to build large logics (such as {\sc zf} and {\sc hol}) may
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	665	fail. Isabelle normally builds minimal proof objects, which include only uses
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	666	of oracles. You can also request an intermediate level of detail, containing
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	667	uses of oracles, axioms and theorems. These smaller proof objects indicate a
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	668	theorem's dependencies.
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	669
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	670	Isabelle provides proof objects for the sake of transparency. Their aim is to
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	671	increase your confidence in Isabelle. They let you inspect proofs constructed
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	672	by the classical reasoner or simplifier, and inform you of all uses of
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	673	oracles. Seldom will proof objects be given whole to an automatic
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	674	proof-checker: none has been written. It is up to you to examine and
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	675	interpret them sensibly. For example, when scrutinizing a theorem's
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	676	derivation for dependence upon some oracle or axiom, remember to scrutinize
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	677	all of its lemmas. Their proofs are included in the main derivation, through
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	678	the {\tt Theorem} constructor.
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	679
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	680	Proof objects are expressed using a polymorphic type of variable-branching
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	681	trees. Proof objects (formally known as {\em derivations\/}) are trees
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	682	labelled by rules, where {\tt rule} is a complicated datatype declared in the
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	683	file {\tt Pure/thm.ML}.
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	684	\begin{ttbox}
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	685	datatype 'a mtree = Join of 'a * 'a mtree list;
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	686	datatype rule = $\ldots$;
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	687	type deriv = rule mtree;
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	688	\end{ttbox}
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	689	%
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	690	Each theorem's derivation is stored as the {\tt der} field of its internal
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	691	record:
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	692	\begin{ttbox}
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	693	#der (rep_thm conjI);
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	694	{\out Join (Theorem ({ProtoPure, CPure, HOL},"conjI"),}
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	695	{\out [Join (MinProof,[])]) : deriv}
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	696	\end{ttbox}
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	697	This proof object identifies a labelled theorem, {\tt conjI}, whose underlying
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	698	proof has not been recorded; all we have is {\tt MinProof}.
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	699
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	700	Nontrivial proof objects are unreadably large and complex. Isabelle provides
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	701	several functions to help you inspect them informally. These functions omit
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	702	the more obscure inferences and attempt to restructure the others into natural
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	703	formats, linear or tree-structured.
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	704
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	705	\begin{ttbox}
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	706	keep_derivs : deriv_kind ref
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	707	Deriv.size : deriv -> int
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	708	Deriv.drop : 'a mtree * int -> 'a mtree
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	709	Deriv.linear : deriv -> deriv list
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	710	Deriv.linear : deriv -> Deriv.orule mtree
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	711	\end{ttbox}
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	712
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	713	\begin{ttdescription}
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	714	\item[\ttindexbold{keep_derivs} := MinDeriv $\|$ ThmDeriv $\|$ FullDeriv;]
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	715	specifies one of the three options for keeping derivations. They can be
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	716	minimal (oracles only), include theorems and axioms, or be full.
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	717
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	718	\item[\ttindexbold{Deriv.size} $der$] yields the size of a derivation,
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	719	excluding lemmas.
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	720
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	721	\item[\ttindexbold{Deriv.drop} ($tree$,$n$)] returns the subtree $n$ levels
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	722	down, always following the first child. It is good for stripping off
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	723	outer level inferences that are used to put a theorem into standard form.
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	724
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	725	\item[\ttindexbold{Deriv.linear} $der$] converts a derivation into a linear
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	726	format, replacing the deep nesting by a list of rules. Intuitively, this
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	727	reveals the single-step Isabelle proof that is constructed internally by
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	728	tactics.
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	729
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	730	\item[\ttindexbold{Deriv.tree} $der$] converts a derivation into an
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	731	object-level proof tree. A resolution by an object-rule is converted to a
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	732	tree node labelled by that rule. Complications arise if the object-rule is
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	733	itself derived in some way. Nested resolutions are unravelled, but other
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	734	operations on rules (such as rewriting) are left as-is.
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	735	\end{ttdescription}
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	736
1547174673e1 Describes proof objects and Deriv module paulson parents: 1119 diff changeset	737	\index{proof objects\|)}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	738	\index{theorems\|)}

author	paulson
	Wed, 20 Mar 1996 18:36:59 +0100
changeset 1590	1547174673e1
parent 1119	49ed9a415637
child 1846	763f08fb194f
permissions	-rw-r--r--