7046

1 

7315

2 
\chapter{Basic Isar elements}\label{ch:puresyntax}

7167

3 

7315

4 
Subsequently, we introduce the main part of the basic Isar theory and proof


5 
commands as provided by Isabelle/Pure. Chapter~\ref{ch:gentools} describes


6 
further Isar elements as provided by generic tools and packages that are


7 
either part of Pure Isabelle, or preloaded by most object logics (such as the


8 
Simplifier). See chapter~\ref{ch:holtools} for actual objectlogic specific


9 
elements (for Isabelle/HOL).

7046

10 

7167

11 
\medskip


12 


13 
Isar commands may be either \emph{proper} document constructors, or

7175

14 
\emph{improper commands} (indicated by $^*$). Some proof methods and


15 
attributes introduced later may be classified as improper as well. Improper


16 
Isar language elements might be helpful when developing proof documents, while


17 
their use is strongly discouraged for the final version. Typical examples are


18 
diagnostic commands that print terms or theorems according to the current


19 
context; other commands even emulate oldstyle tactical theorem proving, which


20 
facilitates porting of legacy proof scripts.

7167

21 

7134

22 


23 
\section{Theory commands}


24 

7167

25 
\subsection{Defining theories}\label{sec:beginthy}

7134

26 


27 
\indexisarcmd{theory}\indexisarcmd{end}\indexisarcmd{context}


28 
\begin{matharray}{rcl}


29 
\isarcmd{theory} & : & \isartrans{\cdot}{theory} \\


30 
\isarcmd{context}^* & : & \isartrans{\cdot}{theory} \\


31 
\isarcmd{end} & : & \isartrans{theory}{\cdot} \\


32 
\end{matharray}


33 


34 
Isabelle/Isar ``newstyle'' theories are either defined via theory files or

7167

35 
interactively. Both actual theory specifications and proofs are handled

7175

36 
uniformly  occasionally definitional mechanisms even require some manual


37 
proof. In contrast, ``oldstyle'' Isabelle theories support batch processing


38 
only, with the proof scripts collected in separate ML files.

7134

39 


40 
The first command of any theory has to be $\THEORY$, starting a new theory

7175

41 
based on the merge of existing ones. The theory context may be also changed


42 
by $\CONTEXT$ without creating a new theory. In both cases, $\END$ concludes


43 
the theory development; it has to be the very last command of any proper


44 
theory file.

7134

45 


46 
\begin{rail}


47 
'theory' name '=' (name + '+') filespecs? ':'


48 
;


49 
'context' name


50 
;


51 
'end'


52 
;;


53 

7167

54 
filespecs: 'files' ((name  parname) +);

7134

55 
\end{rail}


56 

7167

57 
\begin{descr}

7134

58 
\item [$\THEORY~A = B@1 + \cdots + B@n$] commences a new theory $A$ based on

7175

59 
existing ones $B@1 + \cdots + B@n$. Isabelle's theory loader system ensures


60 
that any of the base theories are properly loaded (and fully uptodate when


61 
$\THEORY$ is executed interactively). The optional $\isarkeyword{files}$


62 
specification declares additional dependencies on ML files. Unless put in


63 
parentheses, any file will be loaded immediately via $\isarcmd{use}$ (see


64 
also \S\ref{sec:ML}).

7134

65 

7167

66 
\item [$\CONTEXT~B$] enters an existing theory context $B$, basically in

7134

67 
readonly mode, so only a limited set of commands may be performed. Just as


68 
for $\THEORY$, the theory loader ensures that $B$ is loaded and uptodate.

7175

69 

7167

70 
\item [$\END$] concludes the current theory definition or context switch.

7175

71 
Note that this command cannot be undone, instead the theory definition


72 
itself has to be retracted.

7167

73 
\end{descr}

7134

74 


75 

7167

76 
\subsection{Formal comments}\label{sec:formalcmtthy}

7134

77 

7167

78 
\indexisarcmd{title}\indexisarcmd{chapter}\indexisarcmd{section}\indexisarcmd{subsection}


79 
\indexisarcmd{subsubsection}\indexisarcmd{text}

7134

80 
\begin{matharray}{rcl}


81 
\isarcmd{title} & : & \isartrans{theory}{theory} \\


82 
\isarcmd{chapter} & : & \isartrans{theory}{theory} \\

7167

83 
\isarcmd{section} & : & \isartrans{theory}{theory} \\

7134

84 
\isarcmd{subsection} & : & \isartrans{theory}{theory} \\


85 
\isarcmd{subsubsection} & : & \isartrans{theory}{theory} \\


86 
\isarcmd{text} & : & \isartrans{theory}{theory} \\


87 
\end{matharray}


88 

7167

89 
There are several commands to include \emph{formal comments} in theory


90 
specification (a few more are available for proofs, see


91 
\S\ref{sec:formalcmtprf}). In contrast to sourcelevel comments

7134

92 
\verb(*\dots\verb*), which are stripped at the lexical level, any text


93 
given as formal comment is meant to be part of the actual document.


94 
Consequently, it would be included in the final printed version.


95 


96 
Apart from plain prose, formal comments may also refer to logical entities of

7175

97 
the theory context (types, terms, theorems etc.). Proper processing of the


98 
text would then include some further consistency checks with the items


99 
declared in the current theory, e.g.\ typechecking of included


100 
terms.\footnote{The current version of Isabelle/Isar does not process formal

7134

101 
comments in any such way. This will be available as part of the automatic

7175

102 
theory and proof document preparation system (using (PDF){\LaTeX}) that is

7134

103 
planned for the near future.}


104 


105 
\begin{rail}


106 
'title' text text? text?


107 
;

7167

108 
('chapter'  'section'  'subsection'  'subsubsection'  'text') text

7134

109 
;


110 
\end{rail}


111 

7167

112 
\begin{descr}

7134

113 
\item [$\isarkeyword{title}~title~author~date$] specifies the document title

7175

114 
just as in typical {\LaTeX} documents.

7167

115 
\item [$\isarkeyword{chapter}~text$, $\isarkeyword{section}~text$,

7175

116 
$\isarkeyword{subsection}~text$, and $\isarkeyword{subsubsection}~text$]

7315

117 
mark chapter and section headings.

7134

118 
\item [$\TEXT~text$] specifies an actual body of prose text, including

7315

119 
references to formal entities.\footnote{The latter feature is not yet

7319

120 
exploited. Nevertheless, any text of the form


121 
\texttt{\at\ttlbrace\dots\ttrbrace} should be considered as reserved for


122 
future use.}

7167

123 
\end{descr}

7134

124 


125 

7135

126 
\subsection{Type classes and sorts}\label{sec:classes}

7134

127 


128 
\indexisarcmd{classes}\indexisarcmd{classrel}\indexisarcmd{defaultsort}


129 
\begin{matharray}{rcl}


130 
\isarcmd{classes} & : & \isartrans{theory}{theory} \\


131 
\isarcmd{classrel} & : & \isartrans{theory}{theory} \\


132 
\isarcmd{defaultsort} & : & \isartrans{theory}{theory} \\


133 
\end{matharray}


134 


135 
\begin{rail}

7167

136 
'classes' (classdecl comment? +)

7134

137 
;


138 
'classrel' nameref '<' nameref comment?


139 
;


140 
'defaultsort' sort comment?


141 
;


142 
\end{rail}


143 

7167

144 
\begin{descr}

7175

145 
\item [$\isarkeyword{classes}~c<\vec c ~\dots$] declares class $c$ to be a


146 
subclass of existing classes $\vec c$. Cyclic class structures are ruled


147 
out.

7134

148 
\item [$\isarkeyword{classrel}~c@1<c@2$] states a subclass relation between


149 
existing classes $c@1$ and $c@2$. This is done axiomatically! The

7175

150 
$\isarkeyword{instance}$ command (see \S\ref{sec:axclass}) provides a way


151 
introduce proven class relations.

7134

152 
\item [$\isarkeyword{defaultsort}~s$] makes sort $s$ the new default sort for

7175

153 
any type variables input without sort constraints. Usually, the default

7134

154 
sort would be only changed when defining new logics.

7167

155 
\end{descr}

7134

156 


157 

7315

158 
\subsection{Primitive types and type abbreviations}\label{sec:typespure}

7134

159 


160 
\indexisarcmd{typedecl}\indexisarcmd{types}\indexisarcmd{nonterminals}\indexisarcmd{arities}


161 
\begin{matharray}{rcl}


162 
\isarcmd{types} & : & \isartrans{theory}{theory} \\


163 
\isarcmd{typedecl} & : & \isartrans{theory}{theory} \\


164 
\isarcmd{nonterminals} & : & \isartrans{theory}{theory} \\


165 
\isarcmd{arities} & : & \isartrans{theory}{theory} \\


166 
\end{matharray}


167 


168 
\begin{rail}


169 
'types' (typespec '=' type infix? comment? +)


170 
;


171 
'typedecl' typespec infix? comment?


172 
;


173 
'nonterminals' (name +) comment?


174 
;


175 
'arities' (nameref '::' arity comment? +)


176 
;


177 
\end{rail}


178 

7167

179 
\begin{descr}

7134

180 
\item [$\TYPES~(\vec\alpha)t = \tau~\dots$] introduces \emph{type synonym}


181 
$(\vec\alpha)t$ for existing type $\tau$. Unlike actual type definitions,


182 
as are available in Isabelle/HOL for example, type synonyms are just purely


183 
syntactic abbreviations, without any logical significance. Internally, type


184 
synonyms are fully expanded, as may be observed when printing terms or


185 
theorems.


186 
\item [$\isarkeyword{typedecl}~(\vec\alpha)t$] declares a new type constructor


187 
$t$, intended as an actual logical type. Note that some logics such as


188 
Isabelle/HOL provide their own version of $\isarkeyword{typedecl}$.

7175

189 
\item [$\isarkeyword{nonterminals}~\vec c$] declares $0$ary type constructors


190 
$\vec c$ to act as purely syntactic types, i.e.\ nonterminal symbols of


191 
Isabelle's inner syntax of terms or types.

7134

192 
\item [$\isarkeyword{arities}~t::(\vec s)s~\dots$] augments Isabelle's


193 
ordersorted signature of types by new type constructor arities. This is

7175

194 
done axiomatically! The $\isarkeyword{instance}$ command (see


195 
\S\ref{sec:axclass}) provides a way introduce proven type arities.

7167

196 
\end{descr}

7134

197 


198 


199 
\subsection{Constants and simple definitions}


200 

7175

201 
\indexisarcmd{consts}\indexisarcmd{defs}\indexisarcmd{constdefs}\indexoutertoken{constdecl}

7134

202 
\begin{matharray}{rcl}


203 
\isarcmd{consts} & : & \isartrans{theory}{theory} \\


204 
\isarcmd{defs} & : & \isartrans{theory}{theory} \\


205 
\isarcmd{constdefs} & : & \isartrans{theory}{theory} \\


206 
\end{matharray}


207 


208 
\begin{rail}


209 
'consts' (constdecl +)


210 
;


211 
'defs' (thmdecl? prop comment? +)


212 
;


213 
'constdefs' (constdecl prop comment? +)


214 
;


215 


216 
constdecl: name '::' type mixfix? comment?


217 
;


218 
\end{rail}


219 

7167

220 
\begin{descr}

7175

221 
\item [$\CONSTS~c::\sigma~\dots$] declares constant $c$ to have any instance


222 
of type scheme $\sigma$. The optional mixfix annotations may attach


223 
concrete syntax constants.

7134

224 
\item [$\DEFS~name: eqn~\dots$] introduces $eqn$ as a definitional axiom for


225 
some existing constant. See \cite[\S6]{isabelleref} for more details on


226 
the form of equations admitted as constant definitions.

7175

227 
\item [$\isarkeyword{constdefs}~c::\sigma~eqn~\dots$] combines constant

7134

228 
declarations and definitions, using canonical name $c_def$ for the


229 
definitional axiom.

7167

230 
\end{descr}

7134

231 


232 

7167

233 
\subsection{Syntax and translations}

7134

234 


235 
\indexisarcmd{syntax}\indexisarcmd{translations}


236 
\begin{matharray}{rcl}


237 
\isarcmd{syntax} & : & \isartrans{theory}{theory} \\


238 
\isarcmd{translations} & : & \isartrans{theory}{theory} \\


239 
\end{matharray}


240 


241 
\begin{rail}


242 
'syntax' ('(' name 'output'? ')')? (constdecl +)


243 
;


244 
'translations' (transpat ('=='  '=>'  '<=') transpat comment? +)


245 
;


246 
transpat: ('(' nameref ')')? string


247 
;


248 
\end{rail}


249 

7167

250 
\begin{descr}

7175

251 
\item [$\isarkeyword{syntax}~(mode)~decls$] is similar to $\CONSTS~decls$,


252 
except that the actual logical signature extension is omitted. Thus the


253 
context free grammar of Isabelle's inner syntax may be augmented in


254 
arbitrary ways. The $mode$ argument refers to the print mode that the


255 
grammar rules belong; unless there is the \texttt{output} flag given, all


256 
productions are added both to the input and output grammar.


257 
\item [$\isarkeyword{translations}~rules$] specifies syntactic translation


258 
rules (also known as \emph{macros}): parse/print rules (\texttt{==}), parse


259 
rules (\texttt{=>}), print rules (\texttt{<=}). Translation patterns may be

7134

260 
prefixed by the syntactic category to be used for parsing; the default is


261 
\texttt{logic}.

7167

262 
\end{descr}

7134

263 


264 


265 
\subsection{Axioms and theorems}


266 


267 
\indexisarcmd{axioms}\indexisarcmd{theorems}\indexisarcmd{lemmas}


268 
\begin{matharray}{rcl}


269 
\isarcmd{axioms} & : & \isartrans{theory}{theory} \\


270 
\isarcmd{theorems} & : & \isartrans{theory}{theory} \\


271 
\isarcmd{lemmas} & : & \isartrans{theory}{theory} \\


272 
\end{matharray}


273 


274 
\begin{rail}

7135

275 
'axioms' (axmdecl prop comment? +)

7134

276 
;


277 
('theorems'  'lemmas') thmdef? thmrefs


278 
;


279 
\end{rail}


280 

7167

281 
\begin{descr}

7134

282 
\item [$\isarkeyword{axioms}~name: \phi~\dots$] introduces arbitrary


283 
statements as logical axioms. In fact, axioms are ``axiomatic theorems'',

7175

284 
and may be referred just as any other theorem later.

7134

285 


286 
Axioms are usually only introduced when declaring new logical systems.

7175

287 
Everyday work is typically done the hard way, with proper definitions and

7134

288 
actual theorems.


289 
\item [$\isarkeyword{theorems}~name = thms$] stores lists of existing theorems

7175

290 
as $name$. Typical applications would also involve attributes (to augment


291 
the default simpset, for example).

7134

292 
\item [$\isarkeyword{lemmas}$] is similar to $\isarkeyword{theorems}$, but


293 
tags the results as ``lemma''.

7167

294 
\end{descr}

7134

295 


296 

7167

297 
\subsection{Name spaces}

7134

298 

7167

299 
\indexisarcmd{global}\indexisarcmd{local}

7134

300 
\begin{matharray}{rcl}


301 
\isarcmd{global} & : & \isartrans{theory}{theory} \\


302 
\isarcmd{local} & : & \isartrans{theory}{theory} \\


303 
\end{matharray}


304 

7315

305 
Isabelle organises any kind of names (of types, constants, theorems etc.) by

7175

306 
hierarchically structured name spaces. Normally the user never has to control

7315

307 
the behaviour of name space entry by hand, yet the following commands provide

7175

308 
some way to do so.


309 

7167

310 
\begin{descr}


311 
\item [$\isarkeyword{global}$ and $\isarkeyword{local}$] change the current


312 
name declaration mode. Initially, theories start in $\isarkeyword{local}$


313 
mode, causing all names to be automatically qualified by the theory name.


314 
Changing this to $\isarkeyword{global}$ causes all names to be declared as

7175

315 
base names only, until $\isarkeyword{local}$ is declared again.

7167

316 
\end{descr}

7134

317 


318 

7167

319 
\subsection{Incorporating ML code}\label{sec:ML}

7134

320 


321 
\indexisarcmd{use}\indexisarcmd{ML}\indexisarcmd{setup}


322 
\begin{matharray}{rcl}


323 
\isarcmd{use} & : & \isartrans{\cdot}{\cdot} \\


324 
\isarcmd{ML} & : & \isartrans{\cdot}{\cdot} \\

7175

325 
\isarcmd{setup} & : & \isartrans{theory}{theory} \\

7134

326 
\end{matharray}


327 


328 
\begin{rail}


329 
'use' name


330 
;


331 
'ML' text


332 
;


333 
'setup' text


334 
;


335 
\end{rail}


336 

7167

337 
\begin{descr}

7175

338 
\item [$\isarkeyword{use}~file$] reads and executes ML commands from $file$.


339 
The current theory context (if present) is passed down to the ML session.


340 
Furthermore, the file name is checked with the $\isarkeyword{files}$


341 
dependency declaration given in the theory header (see also


342 
\S\ref{sec:beginthy}).


343 
\item [$\isarkeyword{ML}~text$] reads and executes ML commands from $text$.


344 
The theory context is passed just as for $\isarkeyword{use}$.

7167

345 
\item [$\isarkeyword{setup}~text$] changes the current theory context by

7175

346 
applying setup functions $text$, which has to be an ML expression of type


347 
$(theory \to theory)~list$. The $\isarkeyword{setup}$ command is the usual

7315

348 
way to initialise objectlogic specific tools and packages written in ML.

7167

349 
\end{descr}

7134

350 


351 

7167

352 
\subsection{Syntax translation functions}

7134

353 

7167

354 
\indexisarcmd{parseasttranslation}\indexisarcmd{parsetranslation}


355 
\indexisarcmd{printtranslation}\indexisarcmd{typedprinttranslation}


356 
\indexisarcmd{printasttranslation}\indexisarcmd{tokentranslation}

7134

357 
\begin{matharray}{rcl}


358 
\isarcmd{parse_ast_translation} & : & \isartrans{theory}{theory} \\


359 
\isarcmd{parse_translation} & : & \isartrans{theory}{theory} \\


360 
\isarcmd{print_translation} & : & \isartrans{theory}{theory} \\


361 
\isarcmd{typed_print_translation} & : & \isartrans{theory}{theory} \\


362 
\isarcmd{print_ast_translation} & : & \isartrans{theory}{theory} \\


363 
\isarcmd{token_translation} & : & \isartrans{theory}{theory} \\


364 
\end{matharray}


365 


366 
Syntax translation functions written in ML admit almost arbitrary


367 
manipulations of Isabelle's inner syntax. Any of the above commands have a


368 
single \railqtoken{text} argument that refers to an ML expression of


369 
appropriate type. See \cite[\S8]{isabelleref} for more information on syntax


370 
transformations.


371 


372 


373 
\subsection{Oracles}


374 


375 
\indexisarcmd{oracle}


376 
\begin{matharray}{rcl}


377 
\isarcmd{oracle} & : & \isartrans{theory}{theory} \\


378 
\end{matharray}


379 

7175

380 
Oracles provide an interface to external reasoning systems, without giving up


381 
control completely  each theorem carries a derivation object recording any


382 
oracle invocation. See \cite[\S6]{isabelleref} for more information.


383 

7134

384 
\begin{rail}


385 
'oracle' name '=' text comment?


386 
;


387 
\end{rail}


388 

7167

389 
\begin{descr}

7175

390 
\item [$\isarkeyword{oracle}~name=text$] declares oracle $name$ to be ML

7315

391 
function $text$, which has to be of type $Sign\mathord.sg \times


392 
Object\mathord.T \to term)$.

7167

393 
\end{descr}

7134

394 


395 


396 
\section{Proof commands}


397 

7315

398 
Proof commands provide transitions of Isar/VM machine configurations, which


399 
are blockstructured, consisting of a stack of nodes with three main


400 
components: logical \emph{proof context}, local \emph{facts}, and open


401 
\emph{goals}. Isar/VM transitions are \emph{typed} according to the following


402 
three three different modes of operation:

7167

403 
\begin{descr}


404 
\item [$proof(prove)$] means that a new goal has just been stated that is now


405 
to be \emph{proven}; the next command may refine it by some proof method

7175

406 
($\approx$ tactic), and enter a subproof to establish the final result.

7167

407 
\item [$proof(state)$] is like an internal theory mode: the context may be

7175

408 
augmented by \emph{stating} additional assumptions, intermediate result etc.


409 
\item [$proof(chain)$] is an intermediate mode between $proof(state)$ and

7315

410 
$proof(prove)$: existing facts have been just picked up in order to use them


411 
when refining the goal to be claimed next.

7167

412 
\end{descr}

7134

413 

7167

414 


415 
\subsection{Formal comments}\label{sec:formalcmtprf}


416 


417 
\indexisarcmd{sect}\indexisarcmd{subsect}\indexisarcmd{subsect}\indexisarcmd{txt}

7134

418 
\begin{matharray}{rcl}

7167

419 
\isarcmd{sect} & : & \isartrans{proof(state)}{proof(state)} \\


420 
\isarcmd{subsect} & : & \isartrans{proof(state)}{proof(state)} \\


421 
\isarcmd{subsubsect} & : & \isartrans{proof(state)}{proof(state)} \\


422 
\isarcmd{txt} & : & \isartrans{proof(state)}{proof(state)} \\

7134

423 
\end{matharray}


424 

7175

425 
These formal comments in proof mode closely correspond to the ones of theory


426 
mode (see \S\ref{sec:formalcmtthy}).


427 

7134

428 
\begin{rail}

7167

429 
('sect'  'subsect'  'subsubsect'  'txt') text

7134

430 
;


431 
\end{rail}


432 


433 

7315

434 
\subsection{Proof context}\label{sec:proofcontext}

7134

435 

7315

436 
\indexisarcmd{fix}\indexisarcmd{assume}\indexisarcmd{presume}\indexisarcmd{def}

7134

437 
\begin{matharray}{rcl}


438 
\isarcmd{fix} & : & \isartrans{proof(state)}{proof(state)} \\


439 
\isarcmd{assume} & : & \isartrans{proof(state)}{proof(state)} \\


440 
\isarcmd{presume} & : & \isartrans{proof(state)}{proof(state)} \\


441 
\isarcmd{def} & : & \isartrans{proof(state)}{proof(state)} \\


442 
\end{matharray}


443 

7315

444 
The logical proof context consists of fixed variables and assumptions. The


445 
former closely correspond to Skolem constants, or metalevel universal


446 
quantification as provided by the Isabelle/Pure logical framework.


447 
Introducing some \emph{arbitrary, but fixed} variable via $\FIX x$ results in

7319

448 
a local object that may be used in the subsequent proof as any other variable

7315

449 
or constant. Furthermore, any result $\phi[x]$ exported from the current


450 
context will be universally closed wrt.\ $x$ at the outermost level (this is


451 
expressed using Isabelle's metavariables).


452 


453 
Similarly, introducing some assumption $\chi$ has two effects. On the one


454 
hand, a local theorem is created that may be used as a fact in subsequent


455 
proof steps. On the other hand, any result $\phi$ exported from the context


456 
becomes conditional wrt.\ the assumption. Thus, solving an enclosing goal


457 
using this result would basically introduce a new subgoal stemming from the


458 
assumption. How this situation is handled depends on the actual version of


459 
assumption command used: while $\ASSUMENAME$ solves the subgoal by unifying


460 
with some premise of the goal, $\PRESUMENAME$ leaves the subgoal unchanged to


461 
be proved later by the user.


462 

7319

463 
Local definitions, introduced by $\DEF{}{x \equiv t}$, are achieved by


464 
combining $\FIX x$ with another kind of assumption that causes any

7315

465 
hypothetical equation $x = t$ to be eliminated by reflexivity. Thus,


466 
exporting some result $\phi[x]$ simply yields $\phi[t]$.

7175

467 

7134

468 
\begin{rail}


469 
'fix' (var +) comment?


470 
;

7315

471 
('assume'  'presume') (assm comment? + 'and')

7134

472 
;

7175

473 
'def' thmdecl? \\ var '==' term termpat? comment?

7134

474 
;


475 


476 
var: name ('::' type)?


477 
;

7315

478 
assm: thmdecl? (prop proppat? +)


479 
;

7134

480 
\end{rail}


481 

7167

482 
\begin{descr}

7315

483 
\item [$\FIX{x}$] introduces a local \emph{arbitrary, but fixed} variable $x$.


484 
\item [$\ASSUME{a}{\Phi}$ and $\PRESUME{a}{\Phi}$] introduce local theorems

7319

485 
$\Phi$. Subsequent results applied to some enclosing goal (e.g.\ via

7315

486 
$\SHOWNAME$) are handled as follows: $\ASSUMENAME$ expects to be able to


487 
unify with existing premises in the goal, while $\PRESUMENAME$ leaves $\Phi$


488 
as new subgoals. Note that several lists of assumptions may be given

7319

489 
(separated by $\isarkeyword{and}$); the resulting list of facts consists of


490 
all of these concatenated.

7315

491 
\item [$\DEF{a}{x \equiv t}$] introduces a local (nonpolymorphic) definition.


492 
In results exported from the context, $x$ is replaced by $t$. Basically,


493 
$\DEF{}{x \equiv t}$ abbreviates $\FIX{x}~\PRESUME{}{x \equiv t}$ (the


494 
resulting hypothetical equation is solved by reflexivity, though).

7167

495 
\end{descr}


496 

7319

497 
The internal register $prems$\indexisarreg{prems} refers to the current list


498 
of assumptions.

7315

499 

7167

500 


501 
\subsection{Facts and forward chaining}


502 


503 
\indexisarcmd{note}\indexisarcmd{then}\indexisarcmd{from}\indexisarcmd{with}


504 
\begin{matharray}{rcl}


505 
\isarcmd{note} & : & \isartrans{proof(state)}{proof(state)} \\


506 
\isarcmd{then} & : & \isartrans{proof(state)}{proof(chain)} \\


507 
\isarcmd{from} & : & \isartrans{proof(state)}{proof(chain)} \\


508 
\isarcmd{with} & : & \isartrans{proof(state)}{proof(chain)} \\


509 
\end{matharray}


510 

7319

511 
New facts are established either by assumption or proof of local statements.


512 
Any facts will usually be involved in proofs of further results: either as


513 
explicit arguments of proof methods or when forward chaining towards the next


514 
goal via $\THEN$ (and variants). Note that the internal register of


515 
\emph{current facts} may be referred as theorem list


516 
$facts$.\indexisarreg{facts}

7175

517 

7167

518 
\begin{rail}


519 
'note' thmdef? thmrefs comment?


520 
;


521 
'then' comment?


522 
;


523 
('from'  'with') thmrefs comment?


524 
;


525 
\end{rail}


526 


527 
\begin{descr}

7175

528 
\item [$\NOTE{a}{\vec b}$] recalls existing facts $\vec b$, binding the result


529 
as $a$. Note that attributes may be involved as well, both on the left and


530 
right hand sides.

7167

531 
\item [$\THEN$] indicates forward chaining by the current facts in order to

7175

532 
establish the goal to be claimed next. The initial proof method invoked to


533 
solve that will be offered these facts to do ``anything appropriate'' (see


534 
also \S\ref{sec:proofsteps}). For example, method $rule$ (see

7167

535 
\S\ref{sec:puremeth}) would do an elimination rather than an introduction.

7175

536 
\item [$\FROM{\vec b}$] abbreviates $\NOTE{}{\vec b}~\THEN$; also note that

7167

537 
$\THEN$ is equivalent to $\FROM{facts}$.

7175

538 
\item [$\WITH{\vec b}$] abbreviates $\FROM{\vec b~facts}$; thus the forward


539 
chaining is from earlier facts together with the current ones.

7167

540 
\end{descr}


541 


542 


543 
\subsection{Goal statements}


544 


545 
\indexisarcmd{theorem}\indexisarcmd{lemma}


546 
\indexisarcmd{have}\indexisarcmd{show}\indexisarcmd{hence}\indexisarcmd{thus}


547 
\begin{matharray}{rcl}


548 
\isarcmd{theorem} & : & \isartrans{theory}{proof(prove)} \\


549 
\isarcmd{lemma} & : & \isartrans{theory}{proof(prove)} \\


550 
\isarcmd{have} & : & \isartrans{proof(state)}{proof(prove)} \\


551 
\isarcmd{show} & : & \isartrans{proof(state)}{proof(prove)} \\


552 
\isarcmd{hence} & : & \isartrans{proof(state)}{proof(prove)} \\


553 
\isarcmd{thus} & : & \isartrans{proof(state)}{proof(prove)} \\


554 
\end{matharray}


555 

7175

556 
Proof mode is entered from theory mode by initial goal commands $\THEOREMNAME$


557 
and $\LEMMANAME$. New local goals may be claimed within proof mode: four


558 
variants are available, indicating whether the result is meant to solve some


559 
pending goal and whether forward chaining is employed.


560 

7167

561 
\begin{rail}


562 
('theorem'  'lemma') goal


563 
;


564 
('have'  'show'  'hence'  'thus') goal


565 
;


566 


567 
goal: thmdecl? proppat comment?


568 
;


569 
\end{rail}


570 


571 
\begin{descr}


572 
\item [$\THEOREM{name}{\phi}$] enters proof mode with $\phi$ as main goal,

7175

573 
eventually resulting in some theorem $\turn \phi$, which will be stored in


574 
the theory.

7167

575 
\item [$\LEMMANAME$] is similar to $\THEOREMNAME$, but tags the result as


576 
``lemma''.


577 
\item [$\HAVE{name}{\phi}$] claims a local goal, eventually resulting in a


578 
theorem with the current assumption context as hypotheses.

7175

579 
\item [$\SHOW{name}{\phi}$] is similar to $\HAVE{name}{\phi}$, but solves some


580 
pending goal with the result \emph{exported} into the corresponding context.

7167

581 
\item [$\HENCE{name}{\phi}$] abbreviates $\THEN~\HAVE{name}{\phi}$, i.e.\


582 
claims a local goal to be proven by forward chaining the current facts.


583 
\item [$\THUS{name}{\phi}$] abbreviates $\THEN~\SHOW{name}{\phi}$.


584 
\end{descr}


585 


586 


587 
\subsection{Initial and terminal proof steps}\label{sec:proofsteps}


588 

7175

589 
\indexisarcmd{proof}\indexisarcmd{qed}\indexisarcmd{by}


590 
\indexisarcmd{.}\indexisarcmd{..}\indexisarcmd{sorry}


591 
\begin{matharray}{rcl}


592 
\isarcmd{proof} & : & \isartrans{proof(prove)}{proof(state)} \\


593 
\isarcmd{qed} & : & \isartrans{proof(state)}{proof(state) ~~ theory} \\


594 
\isarcmd{by} & : & \isartrans{proof(prove)}{proof(state) ~~ theory} \\


595 
\isarcmd{.\,.} & : & \isartrans{proof(prove)}{proof(state) ~~ theory} \\


596 
\isarcmd{.} & : & \isartrans{proof(prove)}{proof(state) ~~ theory} \\


597 
\isarcmd{sorry} & : & \isartrans{proof(prove)}{proof(state) ~~ theory} \\


598 
\end{matharray}


599 

7167

600 
Arbitrary goal refinements via tactics is considered harmful. Consequently


601 
the Isar framework admits proof methods to be invoked in two places only.


602 
\begin{enumerate}

7175

603 
\item An \emph{initial} refinement step $\PROOF{m@1}$ reduces a newly stated


604 
intermediate goal to a number of subgoals that are to be solved later.


605 
Facts are passed to $m@1$ for forward chaining if so indicated by


606 
$proof(chain)$ mode.

7167

607 

7175

608 
\item A \emph{terminal} conclusion step $\QED{m@2}$ solves any remaining

7167

609 
pending goals completely. No facts are passed to $m@2$.


610 
\end{enumerate}


611 


612 
The only other proper way to affect pending goals is by $\SHOWNAME$, which


613 
involves an explicit statement of what is solved.


614 

7175

615 
\medskip


616 

7167

617 
Also note that initial proof methods should either solve the goal completely,


618 
or constitute some wellunderstood deterministic reduction to new subgoals.


619 
Arbitrary automatic proof tools that are prone leave a large number of badly


620 
structured subgoals are no help in continuing the proof document in any

7175

621 
intelligible way. A much better technique would be to $\SHOWNAME$ some


622 
nontrivial reduction as an explicit rule, which is solved completely by some


623 
automated method, and then applied to some pending goal.

7167

624 

7175

625 
\medskip


626 


627 
Unless given explicitly by the user, the default initial method is


628 
``$default$'', which is usually set up to apply a single standard elimination


629 
or introduction rule according to the topmost symbol involved. The default


630 
terminal method is ``$finish$''; it solves all goals by assumption.

7167

631 


632 
\begin{rail}


633 
'proof' interest? meth? comment?


634 
;


635 
'qed' meth? comment?


636 
;


637 
'by' meth meth? comment?


638 
;


639 
('.'  '..'  'sorry') comment?


640 
;


641 


642 
meth: method interest?


643 
;


644 
\end{rail}


645 


646 
\begin{descr}

7175

647 
\item [$\PROOF{m@1}$] refines the pending goal by proof method $m@1$; facts


648 
for forward chaining are passed if so indicated by $proof(chain)$.


649 
\item [$\QED{m@2}$] refines any remaining goals by proof method $m@1$ and

7167

650 
concludes the subproof. If the goal had been $\SHOWNAME$, some pending


651 
subgoal is solved as well by the rule resulting from the result exported to

7175

652 
the enclosing goal context. Thus $\QEDNAME$ may fail for two reasons:


653 
either $m@2$ fails to solve all remaining goals completely, or the resulting


654 
rule does not resolve with any enclosing goal. Debugging such a situation


655 
might involve temporarily changing $\SHOWNAME$ into $\HAVENAME$, or


656 
weakening the local context by replacing $\ASSUMENAME$ by $\PRESUMENAME$.


657 
\item [$\BYY{m@1}{m@2}$] is a \emph{terminal proof}; it abbreviates


658 
$\PROOF{m@1}~\QED{m@2}$, with automatic backtracking across both methods.


659 
Debugging an unsuccessful $\BYY{m@1}{m@2}$ commands might be done by simply


660 
expanding the abbreviation by hand; note that $\PROOF{m@1}$ is usually


661 
sufficient to see what is going wrong.


662 
\item [$\DDOT$] is a \emph{default proof}; it abbreviates $\BY{default}$.


663 
\item [$\DOT$] is a \emph{trivial proof}, it abbreviates $\BY{}$, where


664 
method ``$$'' does nothing except inserting any facts into the proof state.

7167

665 
\item [$\isarkeyword{sorry}$] is a \emph{fake proof}; provided that


666 
\texttt{quick_and_dirty} is enabled, $\isarkeyword{sorry}$ pretends to solve


667 
the goal without much ado. Of course, the result is a fake theorem only,

7175

668 
involving some oracle in its internal derivation object (this is indicated

7319

669 
as $[!]$ in the printed result). The main application of

7167

670 
$\isarkeyword{sorry}$ is to support topdown proof development.


671 
\end{descr}

7134

672 


673 

7315

674 
\subsection{Improper proof steps}


675 


676 
The following commands emulate unstructured tactic scripts to some extent.


677 
While these are anathema for writing proper Isar proof documents, they might


678 
come in handy for exploring and debugging.


679 


680 
\indexisarcmd{apply}\indexisarcmd{thenapply}\indexisarcmd{back}


681 
\begin{matharray}{rcl}


682 
\isarcmd{apply}^* & : & \isartrans{proof}{proof} \\


683 
\isarcmd{then_apply}^* & : & \isartrans{proof}{proof} \\


684 
\isarcmd{back}^* & : & \isartrans{proof}{proof} \\


685 
\end{matharray}


686 


687 
\railalias{thenapply}{then\_apply}


688 
\railterm{thenapply}


689 


690 
\begin{rail}


691 
'apply' method


692 
;


693 
thenapply method


694 
;


695 
'back'


696 
;


697 
\end{rail}


698 


699 
\begin{descr}


700 
\item [$\isarkeyword{apply}~m$] applies proof method $m$ in the


701 
plainoldtactic sense. Facts for forward chaining are ignored.


702 
\item [$\isarkeyword{then_apply}~m$] is similar to $\isarkeyword{apply}$, but


703 
observes the goal's facts.


704 
\item [$\isarkeyword{back}$] does backtracking over the result sequence of


705 
the last proof command. Basically, any proof command may return multiple


706 
results.


707 
\end{descr}


708 


709 


710 
\subsection{Term abbreviations}\label{sec:termabbrev}


711 


712 
\indexisarcmd{let}


713 
\begin{matharray}{rcl}


714 
\isarcmd{let} & : & \isartrans{proof(state)}{proof(state)} \\


715 
\isarkeyword{is} & : & syntax \\


716 
\end{matharray}


717 


718 
Abbreviations may be either bound by explicit $\LET{p \equiv t}$ statements,


719 
or by annotating assumptions or goal statements ($\ASSUMENAME$, $\SHOWNAME$


720 
etc.) with a list of patterns $\IS{p@1 \dots p@n}$. In both cases,


721 
higherorder matching is applied to bind extralogical text


722 
variables\index{text variables}, which may be either of the form $\VVar{x}$


723 
(token class \railtoken{textvar}, see \S\ref{sec:lexsyntax}) or nameless


724 
dummies ``\verb,_,'' (underscore).\index{dummy variables} Note that in the


725 
$\LETNAME$ form the patterns occur on the lefthand side, while the $\ISNAME$


726 
patterns are in postfix position.


727 

7319

728 
Term abbreviations are quite different from actual local definitions as


729 
introduced via $\DEFNAME$ (see \S\ref{sec:proofcontext}). The latter are

7315

730 
visible within the logic as actual equations, while abbreviations disappear


731 
during the input process just after type checking.


732 


733 
\begin{rail}


734 
'let' ((term + 'as') '=' term comment? + 'and')


735 
;


736 
\end{rail}


737 


738 
The syntax of $\ISNAME$ patterns follows \railnonterm{termpat} or


739 
\railnonterm{proppat} (see \S\ref{sec:termpats}).


740 


741 
\begin{descr}


742 
\item [$\LET{\vec p = \vec t}$] binds any text variables in patters $\vec p$


743 
by simultaneous higherorder matching against terms $\vec t$.


744 
\item [$\IS{\vec p}$] resembles $\LETNAME$, but matches $\vec p$ against the


745 
preceding statement. Also note that $\ISNAME$ is not a separate command,


746 
but part of others (such as $\ASSUMENAME$, $\HAVENAME$ etc.).


747 
\end{descr}


748 

7319

749 
A few \emph{automatic} term abbreviations\index{automatic abbreviation} for


750 
goals and facts are available as well. For any open goal, $\VVar{thesis}$


751 
refers to its objectlogical statement, $\VVar{thesis_prop}$ to the full


752 
proposition (which may be a rule), and $\VVar{thesis_concl}$ to its (atomic)


753 
conclusion.

7315

754 


755 
Facts (i.e.\ assumptions and finished goals) that have an application $f(x)$


756 
as objectlogic statement get $x$ bound to the special text variable


757 
``$\dots$'' (three dots). The canonical application of this feature are


758 
calculational proofs, see \S\ref{sec:calculation}.


759 


760 

7134

761 
\subsection{Block structure}


762 

7167

763 
While Isar is inherently blockstructured, opening and closing blocks is


764 
mostly handled rather casually, with little explicit userintervention. Any


765 
local goal statement automatically opens \emph{two} blocks, which are closed


766 
again when concluding the subproof (by $\QEDNAME$ etc.). Sections of


767 
different context within a subproof are typically switched via


768 
$\isarkeyword{next}$, which is just a single blockclose followed by


769 
blockopen again. Thus the effect of $\isarkeyword{next}$ is to reset the


770 
proof context to that of the head of the subproof. Note that there is no

7175

771 
goal focus involved here!

7167

772 

7175

773 
For slightly more advanced applications, there are explicit block parentheses


774 
as well. These typically achieve a strong forward style of reasoning.

7167

775 

7134

776 
\indexisarcmd{next}\indexisarcmd{\{\{}\indexisarcmd{\}\}}


777 
\begin{matharray}{rcl}


778 
\isarcmd{next} & : & \isartrans{proof(state)}{proof(state)} \\


779 
\isarcmd{\{\{} & : & \isartrans{proof(state)}{proof(state)} \\


780 
\isarcmd{\}\}} & : & \isartrans{proof(state)}{proof(state)} \\


781 
\end{matharray}


782 

7167

783 
\begin{descr}


784 
\item [$\isarkeyword{next}$] switches to a fresh block within a subproof,


785 
resetting the context to the initial one.


786 
\item [$\isarkeyword{\{\{}$ and $\isarkeyword{\}\}}$] explicitly open and


787 
close blocks. Any current facts pass through $\isarkeyword{\{\{}$


788 
unchanged, while $\isarkeyword{\}\}}$ causes them to be \emph{exported} into

7315

789 
the enclosing context. Thus fixed variables are generalised, assumptions

7167

790 
discharged, and local definitions eliminated.


791 
\end{descr}

7134

792 


793 


794 
\section{Other commands}


795 

7315

796 
The following commands are not part of the actual proper or improper


797 
Isabelle/Isar syntax, but assist interactive development, for example. Also


798 
note that $undo$ does not apply here, since the theory or proof configuration


799 
is not changed.


800 

7134

801 
\subsection{Diagnostics}


802 


803 
\indexisarcmd{typ}\indexisarcmd{term}\indexisarcmd{prop}\indexisarcmd{thm}


804 
\begin{matharray}{rcl}


805 
\isarcmd{typ} & : & \isarkeep{theory~~proof} \\


806 
\isarcmd{term} & : & \isarkeep{theory~~proof} \\


807 
\isarcmd{prop} & : & \isarkeep{theory~~proof} \\


808 
\isarcmd{thm} & : & \isarkeep{theory~~proof} \\


809 
\end{matharray}


810 


811 
\begin{rail}


812 
'typ' type


813 
;


814 
'term' term


815 
;


816 
'prop' prop


817 
;


818 
'thm' thmrefs


819 
;


820 
\end{rail}


821 

7167

822 
\begin{descr}

7134

823 
\item [$\isarkeyword{typ}~\tau$, $\isarkeyword{term}~t$,


824 
$\isarkeyword{prop}~\phi$] read and print types / terms / propositions


825 
according to the current theory or proof context.


826 
\item [$\isarkeyword{thm}~thms$] retrieves lists of theorems from the current


827 
theory or proof context. Note that any attributes included in the theorem

7175

828 
specifications are applied to a temporary context derived from the current


829 
theory or proof; the result is discarded.

7167

830 
\end{descr}

7134

831 


832 


833 
\subsection{System operations}


834 

7167

835 
\indexisarcmd{cd}\indexisarcmd{pwd}\indexisarcmd{usethy}\indexisarcmd{usethyonly}


836 
\indexisarcmd{updatethy}\indexisarcmd{updatethyonly}

7134

837 
\begin{matharray}{rcl}


838 
\isarcmd{cd} & : & \isarkeep{\cdot} \\


839 
\isarcmd{pwd} & : & \isarkeep{\cdot} \\


840 
\isarcmd{use_thy} & : & \isarkeep{\cdot} \\


841 
\isarcmd{use_thy_only} & : & \isarkeep{\cdot} \\


842 
\isarcmd{update_thy} & : & \isarkeep{\cdot} \\


843 
\isarcmd{update_thy_only} & : & \isarkeep{\cdot} \\


844 
\end{matharray}


845 

7167

846 
\begin{descr}

7134

847 
\item [$\isarkeyword{cd}~name$] changes the current directory of the Isabelle


848 
process.


849 
\item [$\isarkeyword{pwd}~$] prints the current working directory.

7175

850 
\item [$\isarkeyword{use_thy}$, $\isarkeyword{use_thy_only}$,


851 
$\isarkeyword{update_thy}$, and $\isarkeyword{update_thy_only}$] load some


852 
theory given as $name$ argument. These commands are exactly the same as the


853 
corresponding ML functions (see also \cite[\S1 and \S6]{isabelleref}).


854 
Note that both the ML and Isar versions of these commands may load new and


855 
oldstyle theories alike.

7167

856 
\end{descr}

7134

857 


858 

7046

859 
%%% Local Variables:


860 
%%% mode: latex


861 
%%% TeXmaster: "isarref"


862 
%%% End:
