isabelle: src/Doc/Logics/document/LK.tex@68c5104d2204 (annotated)

291 a615050a7494 first draft of Springer volume lcp parents: 264 diff changeset	1	\chapter{First-Order Sequent Calculus}
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	2	\index{sequent calculus\|(}
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	3
7116 8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	4	The theory~\thydx{LK} implements classical first-order logic through Gentzen's
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	5	sequent calculus (see Gallier~\cite{gallier86} or Takeuti~\cite{takeuti87}).
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	6	Resembling the method of semantic tableaux, the calculus is well suited for
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	7	backwards proof. Assertions have the form $\Gamma\turn \Delta$, where
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	8	$\Gamma$ and $\Delta$ are lists of formulae. Associative unification,
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	9	simulated by higher-order unification, handles lists
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	10	(\S\ref{sec:assoc-unification} presents details, if you are interested).
104 d8205bb279a7 Initial revision lcp parents: diff changeset	11
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	12	The logic is many-sorted, using Isabelle's type classes. The class of
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	13	first-order terms is called \cldx{term}. No types of individuals are
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	14	provided, but extensions can define types such as {\tt nat::term} and type
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	15	constructors such as {\tt list::(term)term}. Below, the type variable
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	16	$\alpha$ ranges over class {\tt term}; the equality symbol and quantifiers
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	17	are polymorphic (many-sorted). The type of formulae is~\tydx{o}, which
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	18	belongs to class {\tt logic}.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	19
9695 ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty; wenzelm parents: 7116 diff changeset	20	LK implements a classical logic theorem prover that is nearly as powerful as
ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty; wenzelm parents: 7116 diff changeset	21	the generic classical reasoner. The simplifier is now available too.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	22
5151 1e944fe5ce96 Got rid of obsolete "goal" commands. paulson parents: 3148 diff changeset	23	To work in LK, start up Isabelle specifying \texttt{Sequents} as the
1e944fe5ce96 Got rid of obsolete "goal" commands. paulson parents: 3148 diff changeset	24	object-logic. Once in Isabelle, change the context to theory \texttt{LK.thy}:
1e944fe5ce96 Got rid of obsolete "goal" commands. paulson parents: 3148 diff changeset	25	\begin{ttbox}
1e944fe5ce96 Got rid of obsolete "goal" commands. paulson parents: 3148 diff changeset	26	isabelle Sequents
1e944fe5ce96 Got rid of obsolete "goal" commands. paulson parents: 3148 diff changeset	27	context LK.thy;
1e944fe5ce96 Got rid of obsolete "goal" commands. paulson parents: 3148 diff changeset	28	\end{ttbox}
19152 d81fae81f385 typos paulson parents: 9695 diff changeset	29	Modal logic and linear logic are also available, but unfortunately they are
5151 1e944fe5ce96 Got rid of obsolete "goal" commands. paulson parents: 3148 diff changeset	30	not documented.
1e944fe5ce96 Got rid of obsolete "goal" commands. paulson parents: 3148 diff changeset	31
104 d8205bb279a7 Initial revision lcp parents: diff changeset	32
d8205bb279a7 Initial revision lcp parents: diff changeset	33	\begin{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	34	\begin{center}
d8205bb279a7 Initial revision lcp parents: diff changeset	35	\begin{tabular}{rrr}
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	36	\it name &\it meta-type & \it description \\
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	37	\cdx{Trueprop}& $[sobj\To sobj, sobj\To sobj]\To prop$ & coercion to $prop$\\
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	38	\cdx{Seqof} & $[o,sobj]\To sobj$ & singleton sequence \\
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	39	\cdx{Not} & $o\To o$ & negation ($\neg$) \\
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	40	\cdx{True} & $o$ & tautology ($\top$) \\
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	41	\cdx{False} & $o$ & absurdity ($\bot$)
104 d8205bb279a7 Initial revision lcp parents: diff changeset	42	\end{tabular}
d8205bb279a7 Initial revision lcp parents: diff changeset	43	\end{center}
d8205bb279a7 Initial revision lcp parents: diff changeset	44	\subcaption{Constants}
d8205bb279a7 Initial revision lcp parents: diff changeset	45
d8205bb279a7 Initial revision lcp parents: diff changeset	46	\begin{center}
d8205bb279a7 Initial revision lcp parents: diff changeset	47	\begin{tabular}{llrrr}
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	48	\it symbol &\it name &\it meta-type & \it priority & \it description \\
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	49	\sdx{ALL} & \cdx{All} & $(\alpha\To o)\To o$ & 10 &
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	50	universal quantifier ($\forall$) \\
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	51	\sdx{EX} & \cdx{Ex} & $(\alpha\To o)\To o$ & 10 &
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	52	existential quantifier ($\exists$) \\
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	53	\sdx{THE} & \cdx{The} & $(\alpha\To o)\To \alpha$ & 10 &
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	54	definite description ($\iota$)
104 d8205bb279a7 Initial revision lcp parents: diff changeset	55	\end{tabular}
d8205bb279a7 Initial revision lcp parents: diff changeset	56	\end{center}
d8205bb279a7 Initial revision lcp parents: diff changeset	57	\subcaption{Binders}
d8205bb279a7 Initial revision lcp parents: diff changeset	58
d8205bb279a7 Initial revision lcp parents: diff changeset	59	\begin{center}
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	60	\index{*"= symbol}
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	61	\index{&@{\tt\&} symbol}
43049 99985426c0bb Workaround for hyperref bug affecting index entries involving the \| symbol paulson parents: 42637 diff changeset	62	\index{"!@{\tt\char124} symbol} %\char124 is vertical bar. We use ! because \| stopped working
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	63	\index{*"-"-"> symbol}
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	64	\index{*"<"-"> symbol}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	65	\begin{tabular}{rrrr}
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	66	\it symbol & \it meta-type & \it priority & \it description \\
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	67	\tt = & $[\alpha,\alpha]\To o$ & Left 50 & equality ($=$) \\
104 d8205bb279a7 Initial revision lcp parents: diff changeset	68	\tt \& & $[o,o]\To o$ & Right 35 & conjunction ($\conj$) \\
d8205bb279a7 Initial revision lcp parents: diff changeset	69	\tt \| & $[o,o]\To o$ & Right 30 & disjunction ($\disj$) \\
d8205bb279a7 Initial revision lcp parents: diff changeset	70	\tt --> & $[o,o]\To o$ & Right 25 & implication ($\imp$) \\
d8205bb279a7 Initial revision lcp parents: diff changeset	71	\tt <-> & $[o,o]\To o$ & Right 25 & biconditional ($\bimp$)
d8205bb279a7 Initial revision lcp parents: diff changeset	72	\end{tabular}
d8205bb279a7 Initial revision lcp parents: diff changeset	73	\end{center}
d8205bb279a7 Initial revision lcp parents: diff changeset	74	\subcaption{Infixes}
d8205bb279a7 Initial revision lcp parents: diff changeset	75
d8205bb279a7 Initial revision lcp parents: diff changeset	76	\begin{center}
d8205bb279a7 Initial revision lcp parents: diff changeset	77	\begin{tabular}{rrr}
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	78	\it external & \it internal & \it description \\
104 d8205bb279a7 Initial revision lcp parents: diff changeset	79	\tt $\Gamma$ \|- $\Delta$ & \tt Trueprop($\Gamma$, $\Delta$) &
d8205bb279a7 Initial revision lcp parents: diff changeset	80	sequent $\Gamma\turn \Delta$
d8205bb279a7 Initial revision lcp parents: diff changeset	81	\end{tabular}
d8205bb279a7 Initial revision lcp parents: diff changeset	82	\end{center}
d8205bb279a7 Initial revision lcp parents: diff changeset	83	\subcaption{Translations}
d8205bb279a7 Initial revision lcp parents: diff changeset	84	\caption{Syntax of {\tt LK}} \label{lk-syntax}
d8205bb279a7 Initial revision lcp parents: diff changeset	85	\end{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	86
d8205bb279a7 Initial revision lcp parents: diff changeset	87
d8205bb279a7 Initial revision lcp parents: diff changeset	88	\begin{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	89	\dquotes
d8205bb279a7 Initial revision lcp parents: diff changeset	90	\[\begin{array}{rcl}
d8205bb279a7 Initial revision lcp parents: diff changeset	91	prop & = & sequence " \|- " sequence
d8205bb279a7 Initial revision lcp parents: diff changeset	92	\\[2ex]
d8205bb279a7 Initial revision lcp parents: diff changeset	93	sequence & = & elem \quad (", " elem)^* \\
d8205bb279a7 Initial revision lcp parents: diff changeset	94	& \| & empty
d8205bb279a7 Initial revision lcp parents: diff changeset	95	\\[2ex]
7116 8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	96	elem & = & "\$ " term \\
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	97	& \| & formula \\
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	98	& \| & "<<" sequence ">>"
104 d8205bb279a7 Initial revision lcp parents: diff changeset	99	\\[2ex]
d8205bb279a7 Initial revision lcp parents: diff changeset	100	formula & = & \hbox{expression of type~$o$} \\
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	101	& \| & term " = " term \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	102	& \| & "\ttilde\ " formula \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	103	& \| & formula " \& " formula \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	104	& \| & formula " \| " formula \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	105	& \| & formula " --> " formula \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	106	& \| & formula " <-> " formula \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	107	& \| & "ALL~" id~id^* " . " formula \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	108	& \| & "EX~~" id~id^* " . " formula \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	109	& \| & "THE~" id~ " . " formula
104 d8205bb279a7 Initial revision lcp parents: diff changeset	110	\end{array}
d8205bb279a7 Initial revision lcp parents: diff changeset	111	\]
d8205bb279a7 Initial revision lcp parents: diff changeset	112	\caption{Grammar of {\tt LK}} \label{lk-grammar}
d8205bb279a7 Initial revision lcp parents: diff changeset	113	\end{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	114
d8205bb279a7 Initial revision lcp parents: diff changeset	115
d8205bb279a7 Initial revision lcp parents: diff changeset	116
d8205bb279a7 Initial revision lcp parents: diff changeset	117
d8205bb279a7 Initial revision lcp parents: diff changeset	118	\begin{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	119	\begin{ttbox}
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	120	\tdx{basic} $H, P, $G \|- $E, P, $F
7116 8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	121
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	122	\tdx{contRS} $H \|- $E, $S, $S, $F ==> $H \|- $E, $S, $F
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	123	\tdx{contLS} $H, $S, $S, $G \|- $E ==> $H, $S, $G \|- $E
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	124
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	125	\tdx{thinRS} $H \|- $E, $F ==> $H \|- $E, $S, $F
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	126	\tdx{thinLS} $H, $G \|- $E ==> $H, $S, $G \|- $E
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	127
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	128	\tdx{cut} [\| $H \|- $E, P; $H, P \|- $E \|] ==> $H \|- $E
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	129	\subcaption{Structural rules}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	130
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	131	\tdx{refl} $H \|- $E, a=a, $F
7116 8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	132	\tdx{subst} $H(a), $G(a) \|- $E(a) ==> $H(b), a=b, $G(b) \|- $E(b)
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	133	\subcaption{Equality rules}
7116 8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	134	\end{ttbox}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	135
7116 8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	136	\caption{Basic Rules of {\tt LK}} \label{lk-basic-rules}
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	137	\end{figure}
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	138
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	139	\begin{figure}
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	140	\begin{ttbox}
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	141	\tdx{True_def} True == False-->False
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	142	\tdx{iff_def} P<->Q == (P-->Q) & (Q-->P)
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	143
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	144	\tdx{conjR} [\| $H\|- $E, P, $F; $H\|- $E, Q, $F \|] ==> $H\|- $E, P&Q, $F
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	145	\tdx{conjL} $H, P, Q, $G \|- $E ==> $H, P & Q, $G \|- $E
104 d8205bb279a7 Initial revision lcp parents: diff changeset	146
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	147	\tdx{disjR} $H \|- $E, P, Q, $F ==> $H \|- $E, P\|Q, $F
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	148	\tdx{disjL} [\| $H, P, $G \|- $E; $H, Q, $G \|- $E \|] ==> $H, P\|Q, $G \|- $E
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	149
841 14b96e3bd4ab fixed minor typos; wenzelm parents: 333 diff changeset	150	\tdx{impR} $H, P \|- $E, Q, $F ==> $H \|- $E, P-->Q, $F
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	151	\tdx{impL} [\| $H,$G \|- $E,P; $H, Q, $G \|- $E \|] ==> $H, P-->Q, $G \|- $E
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	152
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	153	\tdx{notR} $H, P \|- $E, $F ==> $H \|- $E, ~P, $F
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	154	\tdx{notL} $H, $G \|- $E, P ==> $H, ~P, $G \|- $E
104 d8205bb279a7 Initial revision lcp parents: diff changeset	155
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	156	\tdx{FalseL} $H, False, $G \|- $E
104 d8205bb279a7 Initial revision lcp parents: diff changeset	157
5151 1e944fe5ce96 Got rid of obsolete "goal" commands. paulson parents: 3148 diff changeset	158	\tdx{allR} (!!x. $H\|- $E, P(x), $F) ==> $H\|- $E, ALL x. P(x), $F
1e944fe5ce96 Got rid of obsolete "goal" commands. paulson parents: 3148 diff changeset	159	\tdx{allL} $H, P(x), $G, ALL x. P(x) \|- $E ==> $H, ALL x. P(x), $G\|- $E
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	160
5151 1e944fe5ce96 Got rid of obsolete "goal" commands. paulson parents: 3148 diff changeset	161	\tdx{exR} $H\|- $E, P(x), $F, EX x. P(x) ==> $H\|- $E, EX x. P(x), $F
1e944fe5ce96 Got rid of obsolete "goal" commands. paulson parents: 3148 diff changeset	162	\tdx{exL} (!!x. $H, P(x), $G\|- $E) ==> $H, EX x. P(x), $G\|- $E
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	163
5151 1e944fe5ce96 Got rid of obsolete "goal" commands. paulson parents: 3148 diff changeset	164	\tdx{The} [\| $H \|- $E, P(a), $F; !!x. $H, P(x) \|- $E, x=a, $F \|] ==>
1e944fe5ce96 Got rid of obsolete "goal" commands. paulson parents: 3148 diff changeset	165	$H \|- $E, P(THE x. P(x)), $F
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	166	\subcaption{Logical rules}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	167	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	168
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	169	\caption{Rules of {\tt LK}} \label{lk-rules}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	170	\end{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	171
d8205bb279a7 Initial revision lcp parents: diff changeset	172
d8205bb279a7 Initial revision lcp parents: diff changeset	173	\section{Syntax and rules of inference}
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	174	\index{*sobj type}
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	175
104 d8205bb279a7 Initial revision lcp parents: diff changeset	176	Figure~\ref{lk-syntax} gives the syntax for {\tt LK}, which is complicated
d8205bb279a7 Initial revision lcp parents: diff changeset	177	by the representation of sequents. Type $sobj\To sobj$ represents a list
d8205bb279a7 Initial revision lcp parents: diff changeset	178	of formulae.
d8205bb279a7 Initial revision lcp parents: diff changeset	179
7116 8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	180	The \textbf{definite description} operator~$\iota x. P[x]$ stands for some~$a$
9695 ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty; wenzelm parents: 7116 diff changeset	181	satisfying~$P[a]$, if one exists and is unique. Since all terms in LK denote
ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty; wenzelm parents: 7116 diff changeset	182	something, a description is always meaningful, but we do not know its value
ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty; wenzelm parents: 7116 diff changeset	183	unless $P[x]$ defines it uniquely. The Isabelle notation is \hbox{\tt THE
ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty; wenzelm parents: 7116 diff changeset	184	$x$.\ $P[x]$}. The corresponding rule (Fig.\ts\ref{lk-rules}) does not
ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty; wenzelm parents: 7116 diff changeset	185	entail the Axiom of Choice because it requires uniqueness.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	186
7116 8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	187	Conditional expressions are available with the notation
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	188	\[ \dquotes
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	189	"if"~formula~"then"~term~"else"~term. \]
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	190
9695 ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty; wenzelm parents: 7116 diff changeset	191	Figure~\ref{lk-grammar} presents the grammar of LK. Traditionally,
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	192	$\Gamma$ and $\Delta$ are meta-variables for sequences. In Isabelle's
7116 8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	193	notation, the prefix~\verb\|$\| on a term makes it range over sequences.
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	194	In a sequent, anything not prefixed by \verb\|$\| is taken as a formula.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	195
7116 8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	196	The notation \texttt{<<$sequence$>>} stands for a sequence of formul\ae{}.
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	197	For example, you can declare the constant \texttt{imps} to consist of two
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	198	implications:
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	199	\begin{ttbox}
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	200	consts P,Q,R :: o
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	201	constdefs imps :: seq'=>seq'
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	202	"imps == <<P --> Q, Q --> R>>"
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	203	\end{ttbox}
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	204	Then you can use it in axioms and goals, for example
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	205	\begin{ttbox}
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	206	Goalw [imps_def] "P, $imps \|- R";
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	207	{\out Level 0}
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	208	{\out P, $imps \|- R}
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	209	{\out 1. P, P --> Q, Q --> R \|- R}
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	210	by (Fast_tac 1);
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	211	{\out Level 1}
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	212	{\out P, $imps \|- R}
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	213	{\out No subgoals!}
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	214	\end{ttbox}
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	215
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	216	Figures~\ref{lk-basic-rules} and~\ref{lk-rules} present the rules of theory
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	217	\thydx{LK}. The connective $\bimp$ is defined using $\conj$ and $\imp$. The
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	218	axiom for basic sequents is expressed in a form that provides automatic
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	219	thinning: redundant formulae are simply ignored. The other rules are
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	220	expressed in the form most suitable for backward proof; exchange and
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	221	contraction rules are not normally required, although they are provided
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	222	anyway.
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	223
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	224
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	225	\begin{figure}
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	226	\begin{ttbox}
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	227	\tdx{thinR} $H \|- $E, $F ==> $H \|- $E, P, $F
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	228	\tdx{thinL} $H, $G \|- $E ==> $H, P, $G \|- $E
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	229
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	230	\tdx{contR} $H \|- $E, P, P, $F ==> $H \|- $E, P, $F
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	231	\tdx{contL} $H, P, P, $G \|- $E ==> $H, P, $G \|- $E
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	232
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	233	\tdx{symR} $H \|- $E, $F, a=b ==> $H \|- $E, b=a, $F
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	234	\tdx{symL} $H, $G, b=a \|- $E ==> $H, a=b, $G \|- $E
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	235
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	236	\tdx{transR} [\| $H\|- $E, $F, a=b; $H\|- $E, $F, b=c \|]
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	237	==> $H\|- $E, a=c, $F
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	238
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	239	\tdx{TrueR} $H \|- $E, True, $F
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	240
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	241	\tdx{iffR} [\| $H, P \|- $E, Q, $F; $H, Q \|- $E, P, $F \|]
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	242	==> $H \|- $E, P<->Q, $F
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	243
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	244	\tdx{iffL} [\| $H, $G \|- $E, P, Q; $H, Q, P, $G \|- $E \|]
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	245	==> $H, P<->Q, $G \|- $E
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	246
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	247	\tdx{allL_thin} $H, P(x), $G \|- $E ==> $H, ALL x. P(x), $G \|- $E
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	248	\tdx{exR_thin} $H \|- $E, P(x), $F ==> $H \|- $E, EX x. P(x), $F
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	249
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	250	\tdx{the_equality} [\| $H \|- $E, P(a), $F;
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	251	!!x. $H, P(x) \|- $E, x=a, $F \|]
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	252	==> $H \|- $E, (THE x. P(x)) = a, $F
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	253	\end{ttbox}
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	254
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	255	\caption{Derived rules for {\tt LK}} \label{lk-derived}
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	256	\end{figure}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	257
d8205bb279a7 Initial revision lcp parents: diff changeset	258	Figure~\ref{lk-derived} presents derived rules, including rules for
d8205bb279a7 Initial revision lcp parents: diff changeset	259	$\bimp$. The weakened quantifier rules discard each quantification after a
d8205bb279a7 Initial revision lcp parents: diff changeset	260	single use; in an automatic proof procedure, they guarantee termination,
d8205bb279a7 Initial revision lcp parents: diff changeset	261	but are incomplete. Multiple use of a quantifier can be obtained by a
d8205bb279a7 Initial revision lcp parents: diff changeset	262	contraction rule, which in backward proof duplicates a formula. The tactic
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	263	{\tt res_inst_tac} can instantiate the variable~{\tt?P} in these rules,
104 d8205bb279a7 Initial revision lcp parents: diff changeset	264	specifying the formula to duplicate.
7116 8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	265	See theory {\tt Sequents/LK0} in the sources for complete listings of
3148 f081757ce757 tuned ref to src; wenzelm parents: 3137 diff changeset	266	the rules and derived rules.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	267
7116 8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	268	To support the simplifier, hundreds of equivalences are proved for
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	269	the logical connectives and for if-then-else expressions. See the file
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	270	\texttt{Sequents/simpdata.ML}.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	271
7116 8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	272	\section{Automatic Proof}
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	273
9695 ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty; wenzelm parents: 7116 diff changeset	274	LK instantiates Isabelle's simplifier. Both equality ($=$) and the
7116 8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	275	biconditional ($\bimp$) may be used for rewriting. The tactic
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	276	\texttt{Simp_tac} refers to the default simpset (\texttt{simpset()}). With
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	277	sequents, the \texttt{full_} and \texttt{asm_} forms of the simplifier are not
9695 ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty; wenzelm parents: 7116 diff changeset	278	required; all the formulae{} in the sequent will be simplified. The left-hand
ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty; wenzelm parents: 7116 diff changeset	279	formulae{} are taken as rewrite rules. (Thus, the behaviour is what you would
ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty; wenzelm parents: 7116 diff changeset	280	normally expect from calling \texttt{Asm_full_simp_tac}.)
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	281
7116 8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	282	For classical reasoning, several tactics are available:
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	283	\begin{ttbox}
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	284	Safe_tac : int -> tactic
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	285	Step_tac : int -> tactic
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	286	Fast_tac : int -> tactic
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	287	Best_tac : int -> tactic
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	288	Pc_tac : int -> tactic
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	289	\end{ttbox}
7116 8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	290	These refer not to the standard classical reasoner but to a separate one
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	291	provided for the sequent calculus. Two commands are available for adding new
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	292	sequent calculus rules, safe or unsafe, to the default ``theorem pack'':
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	293	\begin{ttbox}
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	294	Add_safes : thm list -> unit
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	295	Add_unsafes : thm list -> unit
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	296	\end{ttbox}
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	297	To control the set of rules for individual invocations, lower-case versions of
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	298	all these primitives are available. Sections~\ref{sec:thm-pack}
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	299	and~\ref{sec:sequent-provers} give full details.
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	300
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	301
104 d8205bb279a7 Initial revision lcp parents: diff changeset	302	\section{Tactics for the cut rule}
7116 8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	303
104 d8205bb279a7 Initial revision lcp parents: diff changeset	304	According to the cut-elimination theorem, the cut rule can be eliminated
d8205bb279a7 Initial revision lcp parents: diff changeset	305	from proofs of sequents. But the rule is still essential. It can be used
d8205bb279a7 Initial revision lcp parents: diff changeset	306	to structure a proof into lemmas, avoiding repeated proofs of the same
19152 d81fae81f385 typos paulson parents: 9695 diff changeset	307	formula. More importantly, the cut rule cannot be eliminated from
104 d8205bb279a7 Initial revision lcp parents: diff changeset	308	derivations of rules. For example, there is a trivial cut-free proof of
d8205bb279a7 Initial revision lcp parents: diff changeset	309	the sequent $P\conj Q\turn Q\conj P$.
d8205bb279a7 Initial revision lcp parents: diff changeset	310	Noting this, we might want to derive a rule for swapping the conjuncts
d8205bb279a7 Initial revision lcp parents: diff changeset	311	in a right-hand formula:
d8205bb279a7 Initial revision lcp parents: diff changeset	312	\[ \Gamma\turn \Delta, P\conj Q\over \Gamma\turn \Delta, Q\conj P \]
d8205bb279a7 Initial revision lcp parents: diff changeset	313	The cut rule must be used, for $P\conj Q$ is not a subformula of $Q\conj
d8205bb279a7 Initial revision lcp parents: diff changeset	314	P$. Most cuts directly involve a premise of the rule being derived (a
d8205bb279a7 Initial revision lcp parents: diff changeset	315	meta-assumption). In a few cases, the cut formula is not part of any
d8205bb279a7 Initial revision lcp parents: diff changeset	316	premise, but serves as a bridge between the premises and the conclusion.
d8205bb279a7 Initial revision lcp parents: diff changeset	317	In such proofs, the cut formula is specified by calling an appropriate
d8205bb279a7 Initial revision lcp parents: diff changeset	318	tactic.
d8205bb279a7 Initial revision lcp parents: diff changeset	319
d8205bb279a7 Initial revision lcp parents: diff changeset	320	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	321	cutR_tac : string -> int -> tactic
d8205bb279a7 Initial revision lcp parents: diff changeset	322	cutL_tac : string -> int -> tactic
d8205bb279a7 Initial revision lcp parents: diff changeset	323	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	324	These tactics refine a subgoal into two by applying the cut rule. The cut
d8205bb279a7 Initial revision lcp parents: diff changeset	325	formula is given as a string, and replaces some other formula in the sequent.
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	326	\begin{ttdescription}
9695 ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty; wenzelm parents: 7116 diff changeset	327	\item[\ttindexbold{cutR_tac} {\it P\/} {\it i}] reads an LK formula~$P$, and
ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty; wenzelm parents: 7116 diff changeset	328	applies the cut rule to subgoal~$i$. It then deletes some formula from the
ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty; wenzelm parents: 7116 diff changeset	329	right side of subgoal~$i$, replacing that formula by~$P$.
ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty; wenzelm parents: 7116 diff changeset	330
ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty; wenzelm parents: 7116 diff changeset	331	\item[\ttindexbold{cutL_tac} {\it P\/} {\it i}] reads an LK formula~$P$, and
ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty; wenzelm parents: 7116 diff changeset	332	applies the cut rule to subgoal~$i$. It then deletes some formula from the
ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty; wenzelm parents: 7116 diff changeset	333	left side of the new subgoal $i+1$, replacing that formula by~$P$.
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	334	\end{ttdescription}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	335	All the structural rules --- cut, contraction, and thinning --- can be
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	336	applied to particular formulae using {\tt res_inst_tac}.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	337
d8205bb279a7 Initial revision lcp parents: diff changeset	338
d8205bb279a7 Initial revision lcp parents: diff changeset	339	\section{Tactics for sequents}
d8205bb279a7 Initial revision lcp parents: diff changeset	340	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	341	forms_of_seq : term -> term list
d8205bb279a7 Initial revision lcp parents: diff changeset	342	could_res : term * term -> bool
d8205bb279a7 Initial revision lcp parents: diff changeset	343	could_resolve_seq : term * term -> bool
d8205bb279a7 Initial revision lcp parents: diff changeset	344	filseq_resolve_tac : thm list -> int -> int -> tactic
d8205bb279a7 Initial revision lcp parents: diff changeset	345	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	346	Associative unification is not as efficient as it might be, in part because
d8205bb279a7 Initial revision lcp parents: diff changeset	347	the representation of lists defeats some of Isabelle's internal
333 2ca08f62df33 final Springer copy lcp parents: 316 diff changeset	348	optimisations. The following operations implement faster rule application,
104 d8205bb279a7 Initial revision lcp parents: diff changeset	349	and may have other uses.
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	350	\begin{ttdescription}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	351	\item[\ttindexbold{forms_of_seq} {\it t}]
d8205bb279a7 Initial revision lcp parents: diff changeset	352	returns the list of all formulae in the sequent~$t$, removing sequence
d8205bb279a7 Initial revision lcp parents: diff changeset	353	variables.
d8205bb279a7 Initial revision lcp parents: diff changeset	354
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	355	\item[\ttindexbold{could_res} ($t$,$u$)]
104 d8205bb279a7 Initial revision lcp parents: diff changeset	356	tests whether two formula lists could be resolved. List $t$ is from a
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	357	premise or subgoal, while $u$ is from the conclusion of an object-rule.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	358	Assuming that each formula in $u$ is surrounded by sequence variables, it
d8205bb279a7 Initial revision lcp parents: diff changeset	359	checks that each conclusion formula is unifiable (using {\tt could_unify})
d8205bb279a7 Initial revision lcp parents: diff changeset	360	with some subgoal formula.
d8205bb279a7 Initial revision lcp parents: diff changeset	361
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	362	\item[\ttindexbold{could_resolve_seq} ($t$,$u$)]
291 a615050a7494 first draft of Springer volume lcp parents: 264 diff changeset	363	tests whether two sequents could be resolved. Sequent $t$ is a premise
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	364	or subgoal, while $u$ is the conclusion of an object-rule. It simply
291 a615050a7494 first draft of Springer volume lcp parents: 264 diff changeset	365	calls {\tt could_res} twice to check that both the left and the right
a615050a7494 first draft of Springer volume lcp parents: 264 diff changeset	366	sides of the sequents are compatible.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	367
d8205bb279a7 Initial revision lcp parents: diff changeset	368	\item[\ttindexbold{filseq_resolve_tac} {\it thms} {\it maxr} {\it i}]
d8205bb279a7 Initial revision lcp parents: diff changeset	369	uses {\tt filter_thms could_resolve} to extract the {\it thms} that are
d8205bb279a7 Initial revision lcp parents: diff changeset	370	applicable to subgoal~$i$. If more than {\it maxr\/} theorems are
d8205bb279a7 Initial revision lcp parents: diff changeset	371	applicable then the tactic fails. Otherwise it calls {\tt resolve_tac}.
d8205bb279a7 Initial revision lcp parents: diff changeset	372	Thus, it is the sequent calculus analogue of \ttindex{filt_resolve_tac}.
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	373	\end{ttdescription}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	374
d8205bb279a7 Initial revision lcp parents: diff changeset	375
d8205bb279a7 Initial revision lcp parents: diff changeset	376	\section{A simple example of classical reasoning}
d8205bb279a7 Initial revision lcp parents: diff changeset	377	The theorem $\turn\ex{y}\all{x}P(y)\imp P(x)$ is a standard example of the
9695 ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty; wenzelm parents: 7116 diff changeset	378	classical treatment of the existential quantifier. Classical reasoning is
ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty; wenzelm parents: 7116 diff changeset	379	easy using~LK, as you can see by comparing this proof with the one given in
ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty; wenzelm parents: 7116 diff changeset	380	the FOL manual~\cite{isabelle-ZF}. From a logical point of view, the proofs
ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty; wenzelm parents: 7116 diff changeset	381	are essentially the same; the key step here is to use \tdx{exR} rather than
ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty; wenzelm parents: 7116 diff changeset	382	the weaker~\tdx{exR_thin}.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	383	\begin{ttbox}
5151 1e944fe5ce96 Got rid of obsolete "goal" commands. paulson parents: 3148 diff changeset	384	Goal "\|- EX y. ALL x. P(y)-->P(x)";
104 d8205bb279a7 Initial revision lcp parents: diff changeset	385	{\out Level 0}
d8205bb279a7 Initial revision lcp parents: diff changeset	386	{\out \|- EX y. ALL x. P(y) --> P(x)}
d8205bb279a7 Initial revision lcp parents: diff changeset	387	{\out 1. \|- EX y. ALL x. P(y) --> P(x)}
d8205bb279a7 Initial revision lcp parents: diff changeset	388	by (resolve_tac [exR] 1);
d8205bb279a7 Initial revision lcp parents: diff changeset	389	{\out Level 1}
d8205bb279a7 Initial revision lcp parents: diff changeset	390	{\out \|- EX y. ALL x. P(y) --> P(x)}
d8205bb279a7 Initial revision lcp parents: diff changeset	391	{\out 1. \|- ALL x. P(?x) --> P(x), EX x. ALL xa. P(x) --> P(xa)}
d8205bb279a7 Initial revision lcp parents: diff changeset	392	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	393	There are now two formulae on the right side. Keeping the existential one
d8205bb279a7 Initial revision lcp parents: diff changeset	394	in reserve, we break down the universal one.
d8205bb279a7 Initial revision lcp parents: diff changeset	395	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	396	by (resolve_tac [allR] 1);
d8205bb279a7 Initial revision lcp parents: diff changeset	397	{\out Level 2}
d8205bb279a7 Initial revision lcp parents: diff changeset	398	{\out \|- EX y. ALL x. P(y) --> P(x)}
d8205bb279a7 Initial revision lcp parents: diff changeset	399	{\out 1. !!x. \|- P(?x) --> P(x), EX x. ALL xa. P(x) --> P(xa)}
d8205bb279a7 Initial revision lcp parents: diff changeset	400	by (resolve_tac [impR] 1);
d8205bb279a7 Initial revision lcp parents: diff changeset	401	{\out Level 3}
d8205bb279a7 Initial revision lcp parents: diff changeset	402	{\out \|- EX y. ALL x. P(y) --> P(x)}
d8205bb279a7 Initial revision lcp parents: diff changeset	403	{\out 1. !!x. P(?x) \|- P(x), EX x. ALL xa. P(x) --> P(xa)}
d8205bb279a7 Initial revision lcp parents: diff changeset	404	\end{ttbox}
9695 ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty; wenzelm parents: 7116 diff changeset	405	Because LK is a sequent calculus, the formula~$P(\Var{x})$ does not become an
ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty; wenzelm parents: 7116 diff changeset	406	assumption; instead, it moves to the left side. The resulting subgoal cannot
ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty; wenzelm parents: 7116 diff changeset	407	be instantiated to a basic sequent: the bound variable~$x$ is not unifiable
ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty; wenzelm parents: 7116 diff changeset	408	with the unknown~$\Var{x}$.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	409	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	410	by (resolve_tac [basic] 1);
d8205bb279a7 Initial revision lcp parents: diff changeset	411	{\out by: tactic failed}
d8205bb279a7 Initial revision lcp parents: diff changeset	412	\end{ttbox}
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	413	We reuse the existential formula using~\tdx{exR_thin}, which discards
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	414	it; we shall not need it a third time. We again break down the resulting
104 d8205bb279a7 Initial revision lcp parents: diff changeset	415	formula.
d8205bb279a7 Initial revision lcp parents: diff changeset	416	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	417	by (resolve_tac [exR_thin] 1);
d8205bb279a7 Initial revision lcp parents: diff changeset	418	{\out Level 4}
d8205bb279a7 Initial revision lcp parents: diff changeset	419	{\out \|- EX y. ALL x. P(y) --> P(x)}
d8205bb279a7 Initial revision lcp parents: diff changeset	420	{\out 1. !!x. P(?x) \|- P(x), ALL xa. P(?x7(x)) --> P(xa)}
d8205bb279a7 Initial revision lcp parents: diff changeset	421	by (resolve_tac [allR] 1);
d8205bb279a7 Initial revision lcp parents: diff changeset	422	{\out Level 5}
d8205bb279a7 Initial revision lcp parents: diff changeset	423	{\out \|- EX y. ALL x. P(y) --> P(x)}
d8205bb279a7 Initial revision lcp parents: diff changeset	424	{\out 1. !!x xa. P(?x) \|- P(x), P(?x7(x)) --> P(xa)}
d8205bb279a7 Initial revision lcp parents: diff changeset	425	by (resolve_tac [impR] 1);
d8205bb279a7 Initial revision lcp parents: diff changeset	426	{\out Level 6}
d8205bb279a7 Initial revision lcp parents: diff changeset	427	{\out \|- EX y. ALL x. P(y) --> P(x)}
d8205bb279a7 Initial revision lcp parents: diff changeset	428	{\out 1. !!x xa. P(?x), P(?x7(x)) \|- P(x), P(xa)}
d8205bb279a7 Initial revision lcp parents: diff changeset	429	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	430	Subgoal~1 seems to offer lots of possibilities. Actually the only useful
5151 1e944fe5ce96 Got rid of obsolete "goal" commands. paulson parents: 3148 diff changeset	431	step is instantiating~$\Var{x@7}$ to $\lambda x. x$,
104 d8205bb279a7 Initial revision lcp parents: diff changeset	432	transforming~$\Var{x@7}(x)$ into~$x$.
d8205bb279a7 Initial revision lcp parents: diff changeset	433	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	434	by (resolve_tac [basic] 1);
d8205bb279a7 Initial revision lcp parents: diff changeset	435	{\out Level 7}
d8205bb279a7 Initial revision lcp parents: diff changeset	436	{\out \|- EX y. ALL x. P(y) --> P(x)}
d8205bb279a7 Initial revision lcp parents: diff changeset	437	{\out No subgoals!}
d8205bb279a7 Initial revision lcp parents: diff changeset	438	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	439	This theorem can be proved automatically. Because it involves quantifier
d8205bb279a7 Initial revision lcp parents: diff changeset	440	duplication, we employ best-first search:
d8205bb279a7 Initial revision lcp parents: diff changeset	441	\begin{ttbox}
5151 1e944fe5ce96 Got rid of obsolete "goal" commands. paulson parents: 3148 diff changeset	442	Goal "\|- EX y. ALL x. P(y)-->P(x)";
104 d8205bb279a7 Initial revision lcp parents: diff changeset	443	{\out Level 0}
d8205bb279a7 Initial revision lcp parents: diff changeset	444	{\out \|- EX y. ALL x. P(y) --> P(x)}
d8205bb279a7 Initial revision lcp parents: diff changeset	445	{\out 1. \|- EX y. ALL x. P(y) --> P(x)}
d8205bb279a7 Initial revision lcp parents: diff changeset	446	by (best_tac LK_dup_pack 1);
d8205bb279a7 Initial revision lcp parents: diff changeset	447	{\out Level 1}
d8205bb279a7 Initial revision lcp parents: diff changeset	448	{\out \|- EX y. ALL x. P(y) --> P(x)}
d8205bb279a7 Initial revision lcp parents: diff changeset	449	{\out No subgoals!}
d8205bb279a7 Initial revision lcp parents: diff changeset	450	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	451
d8205bb279a7 Initial revision lcp parents: diff changeset	452
d8205bb279a7 Initial revision lcp parents: diff changeset	453
d8205bb279a7 Initial revision lcp parents: diff changeset	454	\section{A more complex proof}
d8205bb279a7 Initial revision lcp parents: diff changeset	455	Many of Pelletier's test problems for theorem provers \cite{pelletier86}
d8205bb279a7 Initial revision lcp parents: diff changeset	456	can be solved automatically. Problem~39 concerns set theory, asserting
d8205bb279a7 Initial revision lcp parents: diff changeset	457	that there is no Russell set --- a set consisting of those sets that are
d8205bb279a7 Initial revision lcp parents: diff changeset	458	not members of themselves:
d8205bb279a7 Initial revision lcp parents: diff changeset	459	\[ \turn \neg (\exists x. \forall y. y\in x \bimp y\not\in y) \]
7116 8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	460	This does not require special properties of membership; we may generalize
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	461	$x\in y$ to an arbitrary predicate~$F(x,y)$. The theorem, which is trivial
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	462	for \texttt{Fast_tac}, has a short manual proof. See the directory {\tt
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	463	Sequents/LK} for many more examples.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	464
d8205bb279a7 Initial revision lcp parents: diff changeset	465	We set the main goal and move the negated formula to the left.
d8205bb279a7 Initial revision lcp parents: diff changeset	466	\begin{ttbox}
5151 1e944fe5ce96 Got rid of obsolete "goal" commands. paulson parents: 3148 diff changeset	467	Goal "\|- ~ (EX x. ALL y. F(y,x) <-> ~F(y,y))";
104 d8205bb279a7 Initial revision lcp parents: diff changeset	468	{\out Level 0}
d8205bb279a7 Initial revision lcp parents: diff changeset	469	{\out \|- ~ (EX x. ALL y. F(y,x) <-> ~ F(y,y))}
d8205bb279a7 Initial revision lcp parents: diff changeset	470	{\out 1. \|- ~ (EX x. ALL y. F(y,x) <-> ~ F(y,y))}
d8205bb279a7 Initial revision lcp parents: diff changeset	471	by (resolve_tac [notR] 1);
d8205bb279a7 Initial revision lcp parents: diff changeset	472	{\out Level 1}
d8205bb279a7 Initial revision lcp parents: diff changeset	473	{\out \|- ~ (EX x. ALL y. F(y,x) <-> ~ F(y,y))}
d8205bb279a7 Initial revision lcp parents: diff changeset	474	{\out 1. EX x. ALL y. F(y,x) <-> ~ F(y,y) \|-}
d8205bb279a7 Initial revision lcp parents: diff changeset	475	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	476	The right side is empty; we strip both quantifiers from the formula on the
d8205bb279a7 Initial revision lcp parents: diff changeset	477	left.
d8205bb279a7 Initial revision lcp parents: diff changeset	478	\begin{ttbox}
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	479	by (resolve_tac [exL] 1);
104 d8205bb279a7 Initial revision lcp parents: diff changeset	480	{\out Level 2}
d8205bb279a7 Initial revision lcp parents: diff changeset	481	{\out \|- ~ (EX x. ALL y. F(y,x) <-> ~ F(y,y))}
d8205bb279a7 Initial revision lcp parents: diff changeset	482	{\out 1. !!x. ALL y. F(y,x) <-> ~ F(y,y) \|-}
d8205bb279a7 Initial revision lcp parents: diff changeset	483	by (resolve_tac [allL_thin] 1);
d8205bb279a7 Initial revision lcp parents: diff changeset	484	{\out Level 3}
d8205bb279a7 Initial revision lcp parents: diff changeset	485	{\out \|- ~ (EX x. ALL y. F(y,x) <-> ~ F(y,y))}
d8205bb279a7 Initial revision lcp parents: diff changeset	486	{\out 1. !!x. F(?x2(x),x) <-> ~ F(?x2(x),?x2(x)) \|-}
d8205bb279a7 Initial revision lcp parents: diff changeset	487	\end{ttbox}
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	488	The rule \tdx{iffL} says, if $P\bimp Q$ then $P$ and~$Q$ are either
104 d8205bb279a7 Initial revision lcp parents: diff changeset	489	both true or both false. It yields two subgoals.
d8205bb279a7 Initial revision lcp parents: diff changeset	490	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	491	by (resolve_tac [iffL] 1);
d8205bb279a7 Initial revision lcp parents: diff changeset	492	{\out Level 4}
d8205bb279a7 Initial revision lcp parents: diff changeset	493	{\out \|- ~ (EX x. ALL y. F(y,x) <-> ~ F(y,y))}
d8205bb279a7 Initial revision lcp parents: diff changeset	494	{\out 1. !!x. \|- F(?x2(x),x), ~ F(?x2(x),?x2(x))}
d8205bb279a7 Initial revision lcp parents: diff changeset	495	{\out 2. !!x. ~ F(?x2(x),?x2(x)), F(?x2(x),x) \|-}
d8205bb279a7 Initial revision lcp parents: diff changeset	496	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	497	We must instantiate~$\Var{x@2}$, the shared unknown, to satisfy both
d8205bb279a7 Initial revision lcp parents: diff changeset	498	subgoals. Beginning with subgoal~2, we move a negated formula to the left
d8205bb279a7 Initial revision lcp parents: diff changeset	499	and create a basic sequent.
d8205bb279a7 Initial revision lcp parents: diff changeset	500	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	501	by (resolve_tac [notL] 2);
d8205bb279a7 Initial revision lcp parents: diff changeset	502	{\out Level 5}
d8205bb279a7 Initial revision lcp parents: diff changeset	503	{\out \|- ~ (EX x. ALL y. F(y,x) <-> ~ F(y,y))}
d8205bb279a7 Initial revision lcp parents: diff changeset	504	{\out 1. !!x. \|- F(?x2(x),x), ~ F(?x2(x),?x2(x))}
d8205bb279a7 Initial revision lcp parents: diff changeset	505	{\out 2. !!x. F(?x2(x),x) \|- F(?x2(x),?x2(x))}
d8205bb279a7 Initial revision lcp parents: diff changeset	506	by (resolve_tac [basic] 2);
d8205bb279a7 Initial revision lcp parents: diff changeset	507	{\out Level 6}
d8205bb279a7 Initial revision lcp parents: diff changeset	508	{\out \|- ~ (EX x. ALL y. F(y,x) <-> ~ F(y,y))}
d8205bb279a7 Initial revision lcp parents: diff changeset	509	{\out 1. !!x. \|- F(x,x), ~ F(x,x)}
d8205bb279a7 Initial revision lcp parents: diff changeset	510	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	511	Thanks to the instantiation of~$\Var{x@2}$, subgoal~1 is obviously true.
d8205bb279a7 Initial revision lcp parents: diff changeset	512	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	513	by (resolve_tac [notR] 1);
d8205bb279a7 Initial revision lcp parents: diff changeset	514	{\out Level 7}
d8205bb279a7 Initial revision lcp parents: diff changeset	515	{\out \|- ~ (EX x. ALL y. F(y,x) <-> ~ F(y,y))}
d8205bb279a7 Initial revision lcp parents: diff changeset	516	{\out 1. !!x. F(x,x) \|- F(x,x)}
d8205bb279a7 Initial revision lcp parents: diff changeset	517	by (resolve_tac [basic] 1);
d8205bb279a7 Initial revision lcp parents: diff changeset	518	{\out Level 8}
d8205bb279a7 Initial revision lcp parents: diff changeset	519	{\out \|- ~ (EX x. ALL y. F(y,x) <-> ~ F(y,y))}
d8205bb279a7 Initial revision lcp parents: diff changeset	520	{\out No subgoals!}
d8205bb279a7 Initial revision lcp parents: diff changeset	521	\end{ttbox}
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	522
7116 8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	523	\section{*Unification for lists}\label{sec:assoc-unification}
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	524
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	525	Higher-order unification includes associative unification as a special
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	526	case, by an encoding that involves function composition
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	527	\cite[page~37]{huet78}. To represent lists, let $C$ be a new constant.
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	528	The empty list is $\lambda x. x$, while $[t@1,t@2,\ldots,t@n]$ is
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	529	represented by
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	530	\[ \lambda x. C(t@1,C(t@2,\ldots,C(t@n,x))). \]
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	531	The unifiers of this with $\lambda x.\Var{f}(\Var{g}(x))$ give all the ways
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	532	of expressing $[t@1,t@2,\ldots,t@n]$ as the concatenation of two lists.
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	533
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	534	Unlike orthodox associative unification, this technique can represent certain
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	535	infinite sets of unifiers by flex-flex equations. But note that the term
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	536	$\lambda x. C(t,\Var{a})$ does not represent any list. Flex-flex constraints
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	537	containing such garbage terms may accumulate during a proof.
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	538	\index{flex-flex constraints}
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	539
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	540	This technique lets Isabelle formalize sequent calculus rules,
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	541	where the comma is the associative operator:
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	542	\[ \infer[(\conj\hbox{-left})]
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	543	{\Gamma,P\conj Q,\Delta \turn \Theta}
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	544	{\Gamma,P,Q,\Delta \turn \Theta} \]
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	545	Multiple unifiers occur whenever this is resolved against a goal containing
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	546	more than one conjunction on the left.
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	547
9695 ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty; wenzelm parents: 7116 diff changeset	548	LK exploits this representation of lists. As an alternative, the sequent
ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty; wenzelm parents: 7116 diff changeset	549	calculus can be formalized using an ordinary representation of lists, with a
ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty; wenzelm parents: 7116 diff changeset	550	logic program for removing a formula from a list. Amy Felty has applied this
ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty; wenzelm parents: 7116 diff changeset	551	technique using the language $\lambda$Prolog~\cite{felty91a}.
7116 8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	552
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	553	Explicit formalization of sequents can be tiresome. But it gives precise
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	554	control over contraction and weakening, and is essential to handle relevant
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	555	and linear logics.
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	556
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	557
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	558	\section{*Packaging sequent rules}\label{sec:thm-pack}
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	559
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	560	The sequent calculi come with simple proof procedures. These are incomplete
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	561	but are reasonably powerful for interactive use. They expect rules to be
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	562	classified as \textbf{safe} or \textbf{unsafe}. A rule is safe if applying it to a
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	563	provable goal always yields provable subgoals. If a rule is safe then it can
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	564	be applied automatically to a goal without destroying our chances of finding a
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	565	proof. For instance, all the standard rules of the classical sequent calculus
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	566	{\sc lk} are safe. An unsafe rule may render the goal unprovable; typical
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	567	examples are the weakened quantifier rules {\tt allL_thin} and {\tt exR_thin}.
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	568
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	569	Proof procedures use safe rules whenever possible, using an unsafe rule as a
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	570	last resort. Those safe rules are preferred that generate the fewest
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	571	subgoals. Safe rules are (by definition) deterministic, while the unsafe
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	572	rules require a search strategy, such as backtracking.
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	573
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	574	A \textbf{pack} is a pair whose first component is a list of safe rules and
9695 ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty; wenzelm parents: 7116 diff changeset	575	whose second is a list of unsafe rules. Packs can be extended in an obvious
ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty; wenzelm parents: 7116 diff changeset	576	way to allow reasoning with various collections of rules. For clarity, LK
ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty; wenzelm parents: 7116 diff changeset	577	declares \mltydx{pack} as an \ML{} datatype, although is essentially a type
ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty; wenzelm parents: 7116 diff changeset	578	synonym:
7116 8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	579	\begin{ttbox}
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	580	datatype pack = Pack of thm list * thm list;
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	581	\end{ttbox}
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	582	Pattern-matching using constructor {\tt Pack} can inspect a pack's
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	583	contents. Packs support the following operations:
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	584	\begin{ttbox}
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	585	pack : unit -> pack
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	586	pack_of : theory -> pack
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	587	empty_pack : pack
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	588	prop_pack : pack
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	589	LK_pack : pack
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	590	LK_dup_pack : pack
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	591	add_safes : pack * thm list -> pack \hfill\textbf{infix 4}
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	592	add_unsafes : pack * thm list -> pack \hfill\textbf{infix 4}
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	593	\end{ttbox}
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	594	\begin{ttdescription}
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	595	\item[\ttindexbold{pack}] returns the pack attached to the current theory.
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	596
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	597	\item[\ttindexbold{pack_of $thy$}] returns the pack attached to theory $thy$.
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	598
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	599	\item[\ttindexbold{empty_pack}] is the empty pack.
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	600
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	601	\item[\ttindexbold{prop_pack}] contains the propositional rules, namely
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	602	those for $\conj$, $\disj$, $\neg$, $\imp$ and~$\bimp$, along with the
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	603	rules {\tt basic} and {\tt refl}. These are all safe.
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	604
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	605	\item[\ttindexbold{LK_pack}]
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	606	extends {\tt prop_pack} with the safe rules {\tt allR}
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	607	and~{\tt exL} and the unsafe rules {\tt allL_thin} and
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	608	{\tt exR_thin}. Search using this is incomplete since quantified
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	609	formulae are used at most once.
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	610
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	611	\item[\ttindexbold{LK_dup_pack}]
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	612	extends {\tt prop_pack} with the safe rules {\tt allR}
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	613	and~{\tt exL} and the unsafe rules \tdx{allL} and~\tdx{exR}.
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	614	Search using this is complete, since quantified formulae may be reused, but
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	615	frequently fails to terminate. It is generally unsuitable for depth-first
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	616	search.
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	617
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	618	\item[$pack$ \ttindexbold{add_safes} $rules$]
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	619	adds some safe~$rules$ to the pack~$pack$.
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	620
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	621	\item[$pack$ \ttindexbold{add_unsafes} $rules$]
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	622	adds some unsafe~$rules$ to the pack~$pack$.
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	623	\end{ttdescription}
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	624
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	625
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	626	\section{*Proof procedures}\label{sec:sequent-provers}
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	627
9695 ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty; wenzelm parents: 7116 diff changeset	628	The LK proof procedure is similar to the classical reasoner described in
7116 8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	629	\iflabelundefined{chap:classical}{the {\em Reference Manual\/}}%
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	630	{Chap.\ts\ref{chap:classical}}.
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	631	%
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	632	In fact it is simpler, since it works directly with sequents rather than
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	633	simulating them. There is no need to distinguish introduction rules from
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	634	elimination rules, and of course there is no swap rule. As always,
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	635	Isabelle's classical proof procedures are less powerful than resolution
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	636	theorem provers. But they are more natural and flexible, working with an
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	637	open-ended set of rules.
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	638
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	639	Backtracking over the choice of a safe rule accomplishes nothing: applying
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	640	them in any order leads to essentially the same result. Backtracking may
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	641	be necessary over basic sequents when they perform unification. Suppose
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	642	that~0, 1, 2,~3 are constants in the subgoals
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	643	\[ \begin{array}{c}
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	644	P(0), P(1), P(2) \turn P(\Var{a}) \\
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	645	P(0), P(2), P(3) \turn P(\Var{a}) \\
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	646	P(1), P(3), P(2) \turn P(\Var{a})
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	647	\end{array}
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	648	\]
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	649	The only assignment that satisfies all three subgoals is $\Var{a}\mapsto 2$,
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	650	and this can only be discovered by search. The tactics given below permit
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	651	backtracking only over axioms, such as {\tt basic} and {\tt refl};
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	652	otherwise they are deterministic.
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	653
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	654
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	655	\subsection{Method A}
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	656	\begin{ttbox}
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	657	reresolve_tac : thm list -> int -> tactic
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	658	repeat_goal_tac : pack -> int -> tactic
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	659	pc_tac : pack -> int -> tactic
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	660	\end{ttbox}
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	661	These tactics use a method developed by Philippe de Groote. A subgoal is
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	662	refined and the resulting subgoals are attempted in reverse order. For
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	663	some reason, this is much faster than attempting the subgoals in order.
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	664	The method is inherently depth-first.
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	665
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	666	At present, these tactics only work for rules that have no more than two
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	667	premises. They fail --- return no next state --- if they can do nothing.
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	668	\begin{ttdescription}
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	669	\item[\ttindexbold{reresolve_tac} $thms$ $i$]
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	670	repeatedly applies the $thms$ to subgoal $i$ and the resulting subgoals.
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	671
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	672	\item[\ttindexbold{repeat_goal_tac} $pack$ $i$]
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	673	applies the safe rules in the pack to a goal and the resulting subgoals.
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	674	If no safe rule is applicable then it applies an unsafe rule and continues.
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	675
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	676	\item[\ttindexbold{pc_tac} $pack$ $i$]
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	677	applies {\tt repeat_goal_tac} using depth-first search to solve subgoal~$i$.
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	678	\end{ttdescription}
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	679
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	680
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	681	\subsection{Method B}
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	682	\begin{ttbox}
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	683	safe_tac : pack -> int -> tactic
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	684	step_tac : pack -> int -> tactic
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	685	fast_tac : pack -> int -> tactic
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	686	best_tac : pack -> int -> tactic
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	687	\end{ttbox}
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	688	These tactics are analogous to those of the generic classical
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	689	reasoner. They use `Method~A' only on safe rules. They fail if they
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	690	can do nothing.
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	691	\begin{ttdescription}
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	692	\item[\ttindexbold{safe_goal_tac} $pack$ $i$]
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	693	applies the safe rules in the pack to a goal and the resulting subgoals.
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	694	It ignores the unsafe rules.
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	695
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	696	\item[\ttindexbold{step_tac} $pack$ $i$]
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	697	either applies safe rules (using {\tt safe_goal_tac}) or applies one unsafe
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	698	rule.
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	699
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	700	\item[\ttindexbold{fast_tac} $pack$ $i$]
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	701	applies {\tt step_tac} using depth-first search to solve subgoal~$i$.
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	702	Despite its name, it is frequently slower than {\tt pc_tac}.
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	703
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	704	\item[\ttindexbold{best_tac} $pack$ $i$]
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	705	applies {\tt step_tac} using best-first search to solve subgoal~$i$. It is
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	706	particularly useful for quantifier duplication (using \ttindex{LK_dup_pack}).
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	707	\end{ttdescription}
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	708
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	709
8c1caac3e54e simplifier and improved classical reasoner paulson parents: 6072 diff changeset	710
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	711	\index{sequent calculus\|)}

author	blanchet
	Thu, 06 Mar 2014 13:36:48 +0100
changeset 55932	68c5104d2204
parent 48985	5386df44a037
permissions	-rw-r--r--