\chapter{Basic Isar elements}\label{ch:puresyntax}

Subsequently, we introduce the main part of the basic Isar theory and proof


commands as provided by Isabelle/Pure. Chapter~\ref{ch:gentools} describes


further Isar elements as provided by generic tools and packages that are


either part of Pure Isabelle, or preloaded by most object logics (such as the


Simplifier). See chapter~\ref{ch:holtools} for actual objectlogic specific


elements (for Isabelle/HOL).

\medskip


Isar commands may be either \emph{proper} document constructors, or

\emph{improper commands} (indicated by $^*$). Some proof methods and


attributes introduced later may be classified as improper as well. Improper


Isar language elements might be helpful when developing proof documents, while


their use is strongly discouraged for the final version. Typical examples are


diagnostic commands that print terms or theorems according to the current


context; other commands even emulate oldstyle tactical theorem proving, which


facilitates porting of legacy proof scripts.

\section{Theory commands}


\subsection{Defining theories}\label{sec:beginthy}

\indexisarcmd{theory}\indexisarcmd{end}\indexisarcmd{context}


\begin{matharray}{rcl}


\isarcmd{theory} & : & \isartrans{\cdot}{theory} \\


\isarcmd{context}^* & : & \isartrans{\cdot}{theory} \\


\isarcmd{end} & : & \isartrans{theory}{\cdot} \\


\end{matharray}


Isabelle/Isar ``newstyle'' theories are either defined via theory files or

interactively. Both actual theory specifications and proofs are handled

uniformly  occasionally definitional mechanisms even require some manual


proof. In contrast, ``oldstyle'' Isabelle theories support batch processing


only, with the proof scripts collected in separate ML files.

The first command of any theory has to be $\THEORY$, starting a new theory

based on the merge of existing ones. The theory context may be also changed


by $\CONTEXT$ without creating a new theory. In both cases, $\END$ concludes


the theory development; it has to be the very last command of any proper


theory file.

\begin{rail}


'theory' name '=' (name + '+') filespecs? ':'


;


'context' name


;


'end'


;;


filespecs: 'files' ((name  parname) +);

\end{rail}


7167

\begin{descr}

\item [$\THEORY~A = B@1 + \cdots + B@n$] commences a new theory $A$ based on

existing ones $B@1 + \cdots + B@n$. Isabelle's theory loader system ensures


that any of the base theories are properly loaded (and fully uptodate when


$\THEORY$ is executed interactively). The optional $\isarkeyword{files}$


specification declares additional dependencies on ML files. Unless put in


parentheses, any file will be loaded immediately via $\isarcmd{use}$ (see


also \S\ref{sec:ML}).

\item [$\CONTEXT~B$] enters an existing theory context $B$, basically in

readonly mode, so only a limited set of commands may be performed. Just as


for $\THEORY$, the theory loader ensures that $B$ is loaded and uptodate.

\item [$\END$] concludes the current theory definition or context switch.

Note that this command cannot be undone, instead the theory definition


itself has to be retracted.

\end{descr}

76 
\subsection{Formal comments}\label{sec:formalcmtthy}

\indexisarcmd{title}\indexisarcmd{chapter}\indexisarcmd{section}\indexisarcmd{subsection}


79 
\indexisarcmd{subsubsection}\indexisarcmd{text}

\begin{matharray}{rcl}


81 
\isarcmd{title} & : & \isartrans{theory}{theory} \\


82 
\isarcmd{chapter} & : & \isartrans{theory}{theory} \\

\isarcmd{section} & : & \isartrans{theory}{theory} \\

\isarcmd{subsection} & : & \isartrans{theory}{theory} \\


\isarcmd{subsubsection} & : & \isartrans{theory}{theory} \\


\isarcmd{text} & : & \isartrans{theory}{theory} \\


\end{matharray}


There are several commands to include \emph{formal comments} in theory


specification (a few more are available for proofs, see


\S\ref{sec:formalcmtprf}). In contrast to sourcelevel comments

\verb(*\dots\verb*), which are stripped at the lexical level, any text


93 
given as formal comment is meant to be part of the actual document.


94 
Consequently, it would be included in the final printed version.


Apart from plain prose, formal comments may also refer to logical entities of

7175

97 
the theory context (types, terms, theorems etc.). Proper processing of the


98 
text would then include some further consistency checks with the items


99 
declared in the current theory, e.g.\ typechecking of included


100 
terms.\footnote{The current version of Isabelle/Isar does not process formal

comments in any such way. This will be available as part of the automatic

102 
theory and proof document preparation system (using (PDF){\LaTeX}) that is

planned for the near future.}


\begin{rail}


'title' text text? text?


;

('chapter'  'section'  'subsection'  'subsubsection'  'text') text

;


\end{rail}


112 
113 
\item [$\isarkeyword{title}~title~author~date$] specifies the document title

7175

just as in typical {\LaTeX} documents.

\item [$\isarkeyword{chapter}~text$, $\isarkeyword{section}~text$,

$\isarkeyword{subsection}~text$, and $\isarkeyword{subsubsection}~text$]

117 
mark chapter and section headings.

\item [$\TEXT~text$] specifies an actual body of prose text, including

references to formal entities.\footnote{The latter feature is not yet


exploited. Nevertheless, any text of the form \texttt{\at\{\dots\}}


should be considered as reserved for future use.}

\end{descr}

\subsection{Type classes and sorts}\label{sec:classes}

7134

\indexisarcmd{classes}\indexisarcmd{classrel}\indexisarcmd{defaultsort}


\begin{matharray}{rcl}


\isarcmd{classes} & : & \isartrans{theory}{theory} \\


\isarcmd{classrel} & : & \isartrans{theory}{theory} \\


\isarcmd{defaultsort} & : & \isartrans{theory}{theory} \\


\end{matharray}


\begin{rail}

'classes' (classdecl comment? +)

;


'classrel' nameref '<' nameref comment?


;


'defaultsort' sort comment?


;


\end{rail}


\begin{descr}

\item [$\isarkeyword{classes}~c<\vec c ~\dots$] declares class $c$ to be a


subclass of existing classes $\vec c$. Cyclic class structures are ruled


out.

\item [$\isarkeyword{classrel}~c@1<c@2$] states a subclass relation between


existing classes $c@1$ and $c@2$. This is done axiomatically! The

$\isarkeyword{instance}$ command (see \S\ref{sec:axclass}) provides a way


introduce proven class relations.

\item [$\isarkeyword{defaultsort}~s$] makes sort $s$ the new default sort for

152 
7134

sort would be only changed when defining new logics.

\end{descr}

\subsection{Primitive types and type abbreviations}\label{sec:typespure}

\indexisarcmd{typedecl}\indexisarcmd{types}\indexisarcmd{nonterminals}\indexisarcmd{arities}


\begin{matharray}{rcl}


\isarcmd{types} & : & \isartrans{theory}{theory} \\


\isarcmd{typedecl} & : & \isartrans{theory}{theory} \\


\isarcmd{nonterminals} & : & \isartrans{theory}{theory} \\


\isarcmd{arities} & : & \isartrans{theory}{theory} \\


\end{matharray}


\begin{rail}


'types' (typespec '=' type infix? comment? +)


;


'typedecl' typespec infix? comment?


;


'nonterminals' (name +) comment?


;


'arities' (nameref '::' arity comment? +)


;


\end{rail}


\begin{descr}

\item [$\TYPES~(\vec\alpha)t = \tau~\dots$] introduces \emph{type synonym}


$(\vec\alpha)t$ for existing type $\tau$. Unlike actual type definitions,


as are available in Isabelle/HOL for example, type synonyms are just purely


syntactic abbreviations, without any logical significance. Internally, type


synonyms are fully expanded, as may be observed when printing terms or


theorems.


\item [$\isarkeyword{typedecl}~(\vec\alpha)t$] declares a new type constructor


$t$, intended as an actual logical type. Note that some logics such as


Isabelle/HOL provide their own version of $\isarkeyword{typedecl}$.

\item [$\isarkeyword{nonterminals}~\vec c$] declares $0$ary type constructors


$\vec c$ to act as purely syntactic types, i.e.\ nonterminal symbols of


Isabelle's inner syntax of terms or types.

\item [$\isarkeyword{arities}~t::(\vec s)s~\dots$] augments Isabelle's


ordersorted signature of types by new type constructor arities. This is

done axiomatically! The $\isarkeyword{instance}$ command (see


\S\ref{sec:axclass}) provides a way introduce proven type arities.

\end{descr}

\subsection{Constants and simple definitions}


\indexisarcmd{consts}\indexisarcmd{defs}\indexisarcmd{constdefs}\indexoutertoken{constdecl}

\begin{matharray}{rcl}


\isarcmd{consts} & : & \isartrans{theory}{theory} \\


\isarcmd{defs} & : & \isartrans{theory}{theory} \\


\isarcmd{constdefs} & : & \isartrans{theory}{theory} \\


\end{matharray}


\begin{rail}


'consts' (constdecl +)


;


'defs' (thmdecl? prop comment? +)


;


'constdefs' (constdecl prop comment? +)


;


constdecl: name '::' type mixfix? comment?


;


\end{rail}


\begin{descr}

\item [$\CONSTS~c::\sigma~\dots$] declares constant $c$ to have any instance


221 
of type scheme $\sigma$. The optional mixfix annotations may attach


222 
concrete syntax constants.

\item [$\DEFS~name: eqn~\dots$] introduces $eqn$ as a definitional axiom for


some existing constant. See \cite[\S6]{isabelleref} for more details on


the form of equations admitted as constant definitions.

\item [$\isarkeyword{constdefs}~c::\sigma~eqn~\dots$] combines constant

declarations and definitions, using canonical name $c_def$ for the


definitional axiom.

\end{descr}

\subsection{Syntax and translations}

234 
235 
236 
237 
238 
240 
\begin{rail}


241 
'syntax' ('(' name 'output'? ')')? (constdecl +)


242 
;


243 
'translations' (transpat ('=='  '=>'  '<=') transpat comment? +)


244 
;


245 
transpat: ('(' nameref ')')? string


246 
;


247 
\end{rail}


\begin{descr}

7175

250 
\item [$\isarkeyword{syntax}~(mode)~decls$] is similar to $\CONSTS~decls$,


251 
except that the actual logical signature extension is omitted. Thus the


252 
context free grammar of Isabelle's inner syntax may be augmented in


253 
arbitrary ways. The $mode$ argument refers to the print mode that the


254 
grammar rules belong; unless there is the \texttt{output} flag given, all


255 
productions are added both to the input and output grammar.


256 
\item [$\isarkeyword{translations}~rules$] specifies syntactic translation


257 
rules (also known as \emph{macros}): parse/print rules (\texttt{==}), parse


258 
rules (\texttt{=>}), print rules (\texttt{<=}). Translation patterns may be

prefixed by the syntactic category to be used for parsing; the default is


\texttt{logic}.

\end{descr}

264 
\subsection{Axioms and theorems}


\indexisarcmd{axioms}\indexisarcmd{theorems}\indexisarcmd{lemmas}


\begin{matharray}{rcl}


\isarcmd{axioms} & : & \isartrans{theory}{theory} \\


\isarcmd{theorems} & : & \isartrans{theory}{theory} \\


\isarcmd{lemmas} & : & \isartrans{theory}{theory} \\


\end{matharray}


\begin{rail}

'axioms' (axmdecl prop comment? +)

;


('theorems'  'lemmas') thmdef? thmrefs


;


\end{rail}


\begin{descr}

\item [$\isarkeyword{axioms}~name: \phi~\dots$] introduces arbitrary


statements as logical axioms. In fact, axioms are ``axiomatic theorems'',

283 
and may be referred just as any other theorem later.

285 
7175

Everyday work is typically done the hard way, with proper definitions and

287 
\item [$\isarkeyword{theorems}~name = thms$] stores lists of existing theorems

7175

289 
as $name$. Typical applications would also involve attributes (to augment


290 
the default simpset, for example).

\item [$\isarkeyword{lemmas}$] is similar to $\isarkeyword{theorems}$, but


tags the results as ``lemma''.

293 
7134

\subsection{Name spaces}

\indexisarcmd{global}\indexisarcmd{local}

\begin{matharray}{rcl}


\isarcmd{global} & : & \isartrans{theory}{theory} \\


\isarcmd{local} & : & \isartrans{theory}{theory} \\


\end{matharray}


Isabelle organises any kind of names (of types, constants, theorems etc.) by

hierarchically structured name spaces. Normally the user never has to control

306 
the behaviour of name space entry by hand, yet the following commands provide

307 
some way to do so.


\begin{descr}


310 
\item [$\isarkeyword{global}$ and $\isarkeyword{local}$] change the current


311 
name declaration mode. Initially, theories start in $\isarkeyword{local}$


312 
mode, causing all names to be automatically qualified by the theory name.


313 
Changing this to $\isarkeyword{global}$ causes all names to be declared as

7175

314 
base names only, until $\isarkeyword{local}$ is declared again.

7167

315 
\end{descr}

317 

7134

\indexisarcmd{use}\indexisarcmd{ML}\indexisarcmd{setup}


321 
\begin{matharray}{rcl}


322 
\isarcmd{use} & : & \isartrans{\cdot}{\cdot} \\


323 
\isarcmd{ML} & : & \isartrans{\cdot}{\cdot} \\

\isarcmd{setup} & : & \isartrans{theory}{theory} \\

\end{matharray}


\begin{rail}


'use' name


;


'ML' text


;


'setup' text


;


\end{rail}


\begin{descr}

\item [$\isarkeyword{use}~file$] reads and executes ML commands from $file$.


The current theory context (if present) is passed down to the ML session.


Furthermore, the file name is checked with the $\isarkeyword{files}$


dependency declaration given in the theory header (see also


\S\ref{sec:beginthy}).


\item [$\isarkeyword{ML}~text$] reads and executes ML commands from $text$.


The theory context is passed just as for $\isarkeyword{use}$.

\item [$\isarkeyword{setup}~text$] changes the current theory context by

applying setup functions $text$, which has to be an ML expression of type


$(theory \to theory)~list$. The $\isarkeyword{setup}$ command is the usual

347 
way to initialise objectlogic specific tools and packages written in ML.

\end{descr}

\subsection{Syntax translation functions}

\indexisarcmd{parseasttranslation}\indexisarcmd{parsetranslation}


\indexisarcmd{printtranslation}\indexisarcmd{typedprinttranslation}


\indexisarcmd{printasttranslation}\indexisarcmd{tokentranslation}

\begin{matharray}{rcl}


\isarcmd{parse_ast_translation} & : & \isartrans{theory}{theory} \\


\isarcmd{parse_translation} & : & \isartrans{theory}{theory} \\


\isarcmd{print_translation} & : & \isartrans{theory}{theory} \\


\isarcmd{typed_print_translation} & : & \isartrans{theory}{theory} \\


\isarcmd{print_ast_translation} & : & \isartrans{theory}{theory} \\


\isarcmd{token_translation} & : & \isartrans{theory}{theory} \\


\end{matharray}


365 
Syntax translation functions written in ML admit almost arbitrary


366 
manipulations of Isabelle's inner syntax. Any of the above commands have a


367 
368 
369 
370 


372 
374 
375 
376 
377 
378 

Oracles provide an interface to external reasoning systems, without giving up


380 
control completely  each theorem carries a derivation object recording any


381 
oracle invocation. See \cite[\S6]{isabelleref} for more information.


382 

\begin{rail}


384 
;


386 
\end{rail}


387 

388 
7175

\item [$\isarkeyword{oracle}~name=text$] declares oracle $name$ to be ML

391 
7167

\end{descr}

393 


395 
396 

Proof commands provide transitions of Isar/VM machine configurations, which


are blockstructured, consisting of a stack of nodes with three main


components: logical \emph{proof context}, local \emph{facts}, and open


400 
\emph{goals}. Isar/VM transitions are \emph{typed} according to the following


401 
three three different modes of operation:

7167

402 
\begin{descr}


403 
\item [$proof(prove)$] means that a new goal has just been stated that is now


404 
to be \emph{proven}; the next command may refine it by some proof method

7175

405 
($\approx$ tactic), and enter a subproof to establish the final result.

7167

406 
\item [$proof(state)$] is like an internal theory mode: the context may be

7175

407 
augmented by \emph{stating} additional assumptions, intermediate result etc.


408 
\item [$proof(chain)$] is an intermediate mode between $proof(state)$ and

7315

409 
$proof(prove)$: existing facts have been just picked up in order to use them


410 
when refining the goal to be claimed next.

7167

411 
\end{descr}

7134

414 
\subsection{Formal comments}\label{sec:formalcmtprf}


416 
\indexisarcmd{sect}\indexisarcmd{subsect}\indexisarcmd{subsect}\indexisarcmd{txt}

\begin{matharray}{rcl}

\isarcmd{sect} & : & \isartrans{proof(state)}{proof(state)} \\


\isarcmd{subsect} & : & \isartrans{proof(state)}{proof(state)} \\


\isarcmd{subsubsect} & : & \isartrans{proof(state)}{proof(state)} \\


\isarcmd{txt} & : & \isartrans{proof(state)}{proof(state)} \\

\end{matharray}


These formal comments in proof mode closely correspond to the ones of theory


mode (see \S\ref{sec:formalcmtthy}).


\begin{rail}

('sect'  'subsect'  'subsubsect'  'txt') text

;


\end{rail}


\subsection{Proof context}\label{sec:proofcontext}

\indexisarcmd{fix}\indexisarcmd{assume}\indexisarcmd{presume}\indexisarcmd{def}

\begin{matharray}{rcl}


\isarcmd{fix} & : & \isartrans{proof(state)}{proof(state)} \\


\isarcmd{assume} & : & \isartrans{proof(state)}{proof(state)} \\


\isarcmd{presume} & : & \isartrans{proof(state)}{proof(state)} \\


\isarcmd{def} & : & \isartrans{proof(state)}{proof(state)} \\


\end{matharray}


The logical proof context consists of fixed variables and assumptions. The


former closely correspond to Skolem constants, or metalevel universal


quantification as provided by the Isabelle/Pure logical framework.


Introducing some \emph{arbitrary, but fixed} variable via $\FIX x$ results in


a local entity that may be used in the subsequent proof as any other variable


or constant. Furthermore, any result $\phi[x]$ exported from the current


context will be universally closed wrt.\ $x$ at the outermost level (this is


expressed using Isabelle's metavariables).


Similarly, introducing some assumption $\chi$ has two effects. On the one


hand, a local theorem is created that may be used as a fact in subsequent


proof steps. On the other hand, any result $\phi$ exported from the context


becomes conditional wrt.\ the assumption. Thus, solving an enclosing goal


using this result would basically introduce a new subgoal stemming from the


assumption. How this situation is handled depends on the actual version of


assumption command used: while $\ASSUMENAME$ solves the subgoal by unifying


with some premise of the goal, $\PRESUMENAME$ leaves the subgoal unchanged to


be proved later by the user.


Local definitions, introduced by $\DEF{a}{x \equiv t}$, are achieved by


combining $\FIX x$ with another version of assumption that causes any


hypothetical equation $x = t$ to be eliminated by reflexivity. Thus,


exporting some result $\phi[x]$ simply yields $\phi[t]$.

\begin{rail}


'fix' (var +) comment?


;

('assume'  'presume') (assm comment? + 'and')

;

'def' thmdecl? \\ var '==' term termpat? comment?

;


var: name ('::' type)?


;

assm: thmdecl? (prop proppat? +)


478 
\end{rail}


\begin{descr}

\item [$\FIX{x}$] introduces a local \emph{arbitrary, but fixed} variable $x$.


\item [$\ASSUME{a}{\Phi}$ and $\PRESUME{a}{\Phi}$] introduce local theorems


$\Phi$. Subsequent results used to solve some enclosing goal (e.g.\ via


$\SHOWNAME$) are handled as follows: $\ASSUMENAME$ expects to be able to


unify with existing premises in the goal, while $\PRESUMENAME$ leaves $\Phi$


as new subgoals. Note that several lists of assumptions may be given


(separated by \railterm{and}); the resulting list of current facts consists


of all of these.


\item [$\DEF{a}{x \equiv t}$] introduces a local (nonpolymorphic) definition.


In results exported from the context, $x$ is replaced by $t$. Basically,


$\DEF{}{x \equiv t}$ abbreviates $\FIX{x}~\PRESUME{}{x \equiv t}$ (the


resulting hypothetical equation is solved by reflexivity, though).

\end{descr}


The internal register $prems$\indexisarreg{prems} refers to all current


assumptions as a list of theorems.


500 
501 


\indexisarcmd{note}\indexisarcmd{then}\indexisarcmd{from}\indexisarcmd{with}


\begin{matharray}{rcl}


\isarcmd{note} & : & \isartrans{proof(state)}{proof(state)} \\


\isarcmd{then} & : & \isartrans{proof(state)}{proof(chain)} \\


\isarcmd{from} & : & \isartrans{proof(state)}{proof(chain)} \\


\isarcmd{with} & : & \isartrans{proof(state)}{proof(chain)} \\


\end{matharray}


New facts are established either by assumption or proof of local statements


(via $\HAVENAME$ or $\SHOWNAME$). Any facts will usually be involved in


proofs of further results: either as explicit arguments of proof methods or


when forward chaining towards the next goal via $\THEN$ (and variants).

\begin{rail}


'note' thmdef? thmrefs comment?


;


'then' comment?


;


('from'  'with') thmrefs comment?


;


\end{rail}


\begin{descr}

\item [$\NOTE{a}{\vec b}$] recalls existing facts $\vec b$, binding the result


as $a$. Note that attributes may be involved as well, both on the left and


right hand sides.

\item [$\THEN$] indicates forward chaining by the current facts in order to

establish the goal to be claimed next. The initial proof method invoked to


solve that will be offered these facts to do ``anything appropriate'' (see


also \S\ref{sec:proofsteps}). For example, method $rule$ (see

\S\ref{sec:puremeth}) would do an elimination rather than an introduction.

\item [$\FROM{\vec b}$] abbreviates $\NOTE{}{\vec b}~\THEN$; also note that

$\THEN$ is equivalent to $\FROM{facts}$.

535 
\item [$\WITH{\vec b}$] abbreviates $\FROM{\vec b~facts}$; thus the forward


536 
chaining is from earlier facts together with the current ones.

7167

537 
\end{descr}


538 

7315

539 
Note that the internal register of \emph{current facts} may be referred as


540 
theorem list $facts$.\indexisarreg{facts}


541 

7167

542 


543 
\subsection{Goal statements}


544 


545 
\indexisarcmd{theorem}\indexisarcmd{lemma}


546 
\indexisarcmd{have}\indexisarcmd{show}\indexisarcmd{hence}\indexisarcmd{thus}


547 
\begin{matharray}{rcl}


548 
\isarcmd{theorem} & : & \isartrans{theory}{proof(prove)} \\


549 
\isarcmd{lemma} & : & \isartrans{theory}{proof(prove)} \\


550 
\isarcmd{have} & : & \isartrans{proof(state)}{proof(prove)} \\


551 
\isarcmd{show} & : & \isartrans{proof(state)}{proof(prove)} \\


552 
\isarcmd{hence} & : & \isartrans{proof(state)}{proof(prove)} \\


553 
\isarcmd{thus} & : & \isartrans{proof(state)}{proof(prove)} \\


554 
\end{matharray}


555 

7175

556 
Proof mode is entered from theory mode by initial goal commands $\THEOREMNAME$


557 
and $\LEMMANAME$. New local goals may be claimed within proof mode: four


558 
variants are available, indicating whether the result is meant to solve some


559 
pending goal and whether forward chaining is employed.


560 

7167

561 
\begin{rail}


562 
('theorem'  'lemma') goal


563 
;


564 
('have'  'show'  'hence'  'thus') goal


565 
;


566 


567 
goal: thmdecl? proppat comment?


568 
;


569 
\end{rail}


570 


571 
\begin{descr}


572 
\item [$\THEOREM{name}{\phi}$] enters proof mode with $\phi$ as main goal,

7175

573 
eventually resulting in some theorem $\turn \phi$, which will be stored in


574 
the theory.

7167

575 
\item [$\LEMMANAME$] is similar to $\THEOREMNAME$, but tags the result as


576 
``lemma''.


577 
\item [$\HAVE{name}{\phi}$] claims a local goal, eventually resulting in a


578 
theorem with the current assumption context as hypotheses.

7175

579 
\item [$\SHOW{name}{\phi}$] is similar to $\HAVE{name}{\phi}$, but solves some


580 
pending goal with the result \emph{exported} into the corresponding context.

7167

581 
\item [$\HENCE{name}{\phi}$] abbreviates $\THEN~\HAVE{name}{\phi}$, i.e.\


582 
claims a local goal to be proven by forward chaining the current facts.


583 
\item [$\THUS{name}{\phi}$] abbreviates $\THEN~\SHOW{name}{\phi}$.


584 
\end{descr}


585 


586 


587 
\subsection{Initial and terminal proof steps}\label{sec:proofsteps}


588 

7175

589 
\indexisarcmd{proof}\indexisarcmd{qed}\indexisarcmd{by}


590 
\indexisarcmd{.}\indexisarcmd{..}\indexisarcmd{sorry}


591 
\begin{matharray}{rcl}


592 
\isarcmd{proof} & : & \isartrans{proof(prove)}{proof(state)} \\


593 
\isarcmd{qed} & : & \isartrans{proof(state)}{proof(state) ~~ theory} \\


594 
\isarcmd{by} & : & \isartrans{proof(prove)}{proof(state) ~~ theory} \\


595 
\isarcmd{.\,.} & : & \isartrans{proof(prove)}{proof(state) ~~ theory} \\


596 
\isarcmd{.} & : & \isartrans{proof(prove)}{proof(state) ~~ theory} \\


597 
\isarcmd{sorry} & : & \isartrans{proof(prove)}{proof(state) ~~ theory} \\


598 
\end{matharray}


599 

7167

600 
Arbitrary goal refinements via tactics is considered harmful. Consequently


601 
the Isar framework admits proof methods to be invoked in two places only.


602 
\begin{enumerate}

7175

603 
\item An \emph{initial} refinement step $\PROOF{m@1}$ reduces a newly stated


604 
intermediate goal to a number of subgoals that are to be solved later.


605 
Facts are passed to $m@1$ for forward chaining if so indicated by


606 
$proof(chain)$ mode.

7167

607 

7175

608 
\item A \emph{terminal} conclusion step $\QED{m@2}$ solves any remaining

7167

609 
pending goals completely. No facts are passed to $m@2$.


610 
\end{enumerate}


611 


612 
The only other proper way to affect pending goals is by $\SHOWNAME$, which


613 
involves an explicit statement of what is solved.


614 

7175

615 
\medskip


616 

7167

617 
Also note that initial proof methods should either solve the goal completely,


618 
or constitute some wellunderstood deterministic reduction to new subgoals.


619 
Arbitrary automatic proof tools that are prone leave a large number of badly


620 
structured subgoals are no help in continuing the proof document in any

7175

621 
intelligible way. A much better technique would be to $\SHOWNAME$ some


622 
nontrivial reduction as an explicit rule, which is solved completely by some


623 
automated method, and then applied to some pending goal.

7167

624 

7175

625 
\medskip


626 


627 
Unless given explicitly by the user, the default initial method is


628 
``$default$'', which is usually set up to apply a single standard elimination


629 
or introduction rule according to the topmost symbol involved. The default


630 
terminal method is ``$finish$''; it solves all goals by assumption.

7167

631 


632 
\begin{rail}


633 
'proof' interest? meth? comment?


634 
;


635 
'qed' meth? comment?


636 
;


637 
'by' meth meth? comment?


638 
;


639 
('.'  '..'  'sorry') comment?


640 
;


641 


642 
meth: method interest?


643 
;


644 
\end{rail}


645 


646 
\begin{descr}

7175

647 
\item [$\PROOF{m@1}$] refines the pending goal by proof method $m@1$; facts


648 
for forward chaining are passed if so indicated by $proof(chain)$.


649 
\item [$\QED{m@2}$] refines any remaining goals by proof method $m@1$ and

7167

650 
concludes the subproof. If the goal had been $\SHOWNAME$, some pending


651 
subgoal is solved as well by the rule resulting from the result exported to

7175

652 
the enclosing goal context. Thus $\QEDNAME$ may fail for two reasons:


653 
either $m@2$ fails to solve all remaining goals completely, or the resulting


654 
rule does not resolve with any enclosing goal. Debugging such a situation


655 
might involve temporarily changing $\SHOWNAME$ into $\HAVENAME$, or


656 
weakening the local context by replacing $\ASSUMENAME$ by $\PRESUMENAME$.


657 
\item [$\BYY{m@1}{m@2}$] is a \emph{terminal proof}; it abbreviates


658 
$\PROOF{m@1}~\QED{m@2}$, with automatic backtracking across both methods.


659 
Debugging an unsuccessful $\BYY{m@1}{m@2}$ commands might be done by simply


660 
expanding the abbreviation by hand; note that $\PROOF{m@1}$ is usually


661 
sufficient to see what is going wrong.


662 
\item [$\DDOT$] is a \emph{default proof}; it abbreviates $\BY{default}$.


663 
\item [$\DOT$] is a \emph{trivial proof}, it abbreviates $\BY{}$, where


664 
method ``$$'' does nothing except inserting any facts into the proof state.

7167

665 
\item [$\isarkeyword{sorry}$] is a \emph{fake proof}; provided that


666 
\texttt{quick_and_dirty} is enabled, $\isarkeyword{sorry}$ pretends to solve


667 
the goal without much ado. Of course, the result is a fake theorem only,

7175

668 
involving some oracle in its internal derivation object (this is indicated


669 
as $[!]$ in the printed result. The main application of

7167

670 
$\isarkeyword{sorry}$ is to support topdown proof development.


671 
\end{descr}

7134

672 


673 

7315

674 
\subsection{Improper proof steps}


675 


676 
The following commands emulate unstructured tactic scripts to some extent.


677 
While these are anathema for writing proper Isar proof documents, they might


678 
come in handy for exploring and debugging.


679 


680 
\indexisarcmd{apply}\indexisarcmd{thenapply}\indexisarcmd{back}


681 
\begin{matharray}{rcl}


682 
\isarcmd{apply}^* & : & \isartrans{proof}{proof} \\


683 
\isarcmd{then_apply}^* & : & \isartrans{proof}{proof} \\


684 
\isarcmd{back}^* & : & \isartrans{proof}{proof} \\


685 
\end{matharray}


686 


687 
\railalias{thenapply}{then\_apply}


688 
\railterm{thenapply}


689 


690 
\begin{rail}


691 
'apply' method


692 
;


693 
thenapply method


694 
;


695 
'back'


696 
;


697 
\end{rail}


698 


699 
\begin{descr}


700 
\item [$\isarkeyword{apply}~m$] applies proof method $m$ in the


701 
plainoldtactic sense. Facts for forward chaining are ignored.


702 
\item [$\isarkeyword{then_apply}~m$] is similar to $\isarkeyword{apply}$, but


703 
observes the goal's facts.


704 
\item [$\isarkeyword{back}$] does backtracking over the result sequence of


705 
the last proof command. Basically, any proof command may return multiple


706 
results.


707 
\end{descr}


708 


709 


710 
\subsection{Term abbreviations}\label{sec:termabbrev}


711 


712 
\indexisarcmd{let}


713 
\begin{matharray}{rcl}


714 
\isarcmd{let} & : & \isartrans{proof(state)}{proof(state)} \\


715 
\isarkeyword{is} & : & syntax \\


716 
\end{matharray}


717 


718 
Abbreviations may be either bound by explicit $\LET{p \equiv t}$ statements,


719 
or by annotating assumptions or goal statements ($\ASSUMENAME$, $\SHOWNAME$


720 
etc.) with a list of patterns $\IS{p@1 \dots p@n}$. In both cases,


721 
higherorder matching is applied to bind extralogical text


722 
variables\index{text variables}, which may be either of the form $\VVar{x}$


723 
(token class \railtoken{textvar}, see \S\ref{sec:lexsyntax}) or nameless


724 
dummies ``\verb,_,'' (underscore).\index{dummy variables} Note that in the


725 
$\LETNAME$ form the patterns occur on the lefthand side, while the $\ISNAME$


726 
patterns are in postfix position.


727 


728 
Note that term abbreviations are quite different from actual local definitions


729 
as introduced via $\DEFNAME$ (see \S\ref{sec:proofcontext}). The latter are


730 
visible within the logic as actual equations, while abbreviations disappear


731 
during the input process just after type checking.


732 


733 
\begin{rail}


734 
'let' ((term + 'as') '=' term comment? + 'and')


735 
;


736 
\end{rail}


737 


738 
The syntax of $\ISNAME$ patterns follows \railnonterm{termpat} or


739 
\railnonterm{proppat} (see \S\ref{sec:termpats}).


740 


741 
\begin{descr}


742 
\item [$\LET{\vec p = \vec t}$] binds any text variables in patters $\vec p$


743 
by simultaneous higherorder matching against terms $\vec t$.


744 
\item [$\IS{\vec p}$] resembles $\LETNAME$, but matches $\vec p$ against the


745 
preceding statement. Also note that $\ISNAME$ is not a separate command,


746 
but part of others (such as $\ASSUMENAME$, $\HAVENAME$ etc.).


747 
\end{descr}


748 


749 
Furthermore, a few automatic term abbreviations\index{automatic abbreviation}


750 
for goals and facts are available. For any open goal, $\VVar{thesis}$ refers


751 
to its objectlogic statement, $\VVar{thesis_prop}$ to the full proposition


752 
(which may be a rule), and $\VVar{thesis_concl}$ to its (atomic) conclusion.


753 


754 
Facts (i.e.\ assumptions and finished goals) that have an application $f(x)$


755 
as objectlogic statement get $x$ bound to the special text variable


756 
``$\dots$'' (three dots). The canonical application of this feature are


757 
calculational proofs, see \S\ref{sec:calculation}.


758 


759 

7134

760 
\subsection{Block structure}


761 

7167

762 
While Isar is inherently blockstructured, opening and closing blocks is


763 
mostly handled rather casually, with little explicit userintervention. Any


764 
local goal statement automatically opens \emph{two} blocks, which are closed


765 
again when concluding the subproof (by $\QEDNAME$ etc.). Sections of


766 
different context within a subproof are typically switched via


767 
$\isarkeyword{next}$, which is just a single blockclose followed by


768 
blockopen again. Thus the effect of $\isarkeyword{next}$ is to reset the


769 
proof context to that of the head of the subproof. Note that there is no

7175

770 
goal focus involved here!

7167

771 

7175

772 
For slightly more advanced applications, there are explicit block parentheses


773 
as well. These typically achieve a strong forward style of reasoning.

7167

774 

7134

775 
\indexisarcmd{next}\indexisarcmd{\{\{}\indexisarcmd{\}\}}


776 
\begin{matharray}{rcl}


777 
\isarcmd{next} & : & \isartrans{proof(state)}{proof(state)} \\


778 
\isarcmd{\{\{} & : & \isartrans{proof(state)}{proof(state)} \\


779 
\isarcmd{\}\}} & : & \isartrans{proof(state)}{proof(state)} \\


780 
\end{matharray}


781 

7167

782 
\begin{descr}


783 
\item [$\isarkeyword{next}$] switches to a fresh block within a subproof,


784 
resetting the context to the initial one.


785 
\item [$\isarkeyword{\{\{}$ and $\isarkeyword{\}\}}$] explicitly open and


786 
close blocks. Any current facts pass through $\isarkeyword{\{\{}$


787 
unchanged, while $\isarkeyword{\}\}}$ causes them to be \emph{exported} into

7315

788 
the enclosing context. Thus fixed variables are generalised, assumptions

7167

789 
discharged, and local definitions eliminated.


790 
\end{descr}

7134

791 


792 


793 
\section{Other commands}


794 

7315

795 
The following commands are not part of the actual proper or improper


796 
Isabelle/Isar syntax, but assist interactive development, for example. Also


797 
note that $undo$ does not apply here, since the theory or proof configuration


798 
is not changed.


799 

7134

800 
\subsection{Diagnostics}


801 


802 
\indexisarcmd{typ}\indexisarcmd{term}\indexisarcmd{prop}\indexisarcmd{thm}


803 
\begin{matharray}{rcl}


804 
\isarcmd{typ} & : & \isarkeep{theory~~proof} \\


805 
\isarcmd{term} & : & \isarkeep{theory~~proof} \\


806 
\isarcmd{prop} & : & \isarkeep{theory~~proof} \\


807 
\isarcmd{thm} & : & \isarkeep{theory~~proof} \\


808 
\end{matharray}


809 


810 
\begin{rail}


811 
'typ' type


812 
;


813 
'term' term


814 
;


815 
'prop' prop


816 
;


817 
'thm' thmrefs


818 
;


819 
\end{rail}


820 

7167

821 
\begin{descr}

7134

822 
\item [$\isarkeyword{typ}~\tau$, $\isarkeyword{term}~t$,


823 
$\isarkeyword{prop}~\phi$] read and print types / terms / propositions


824 
according to the current theory or proof context.


825 
\item [$\isarkeyword{thm}~thms$] retrieves lists of theorems from the current


826 
theory or proof context. Note that any attributes included in the theorem

7175

827 
specifications are applied to a temporary context derived from the current


828 
theory or proof; the result is discarded.

7167

829 
\end{descr}

7134

830 


831 


832 
\subsection{System operations}


833 

7167

834 
\indexisarcmd{cd}\indexisarcmd{pwd}\indexisarcmd{usethy}\indexisarcmd{usethyonly}


835 
\indexisarcmd{updatethy}\indexisarcmd{updatethyonly}

7134

836 
\begin{matharray}{rcl}


837 
\isarcmd{cd} & : & \isarkeep{\cdot} \\


838 
\isarcmd{pwd} & : & \isarkeep{\cdot} \\


839 
\isarcmd{use_thy} & : & \isarkeep{\cdot} \\


840 
\isarcmd{use_thy_only} & : & \isarkeep{\cdot} \\


841 
\isarcmd{update_thy} & : & \isarkeep{\cdot} \\


842 
\isarcmd{update_thy_only} & : & \isarkeep{\cdot} \\


843 
\end{matharray}


844 

7167

845 
\begin{descr}

7134

846 
\item [$\isarkeyword{cd}~name$] changes the current directory of the Isabelle


847 
process.


848 
\item [$\isarkeyword{pwd}~$] prints the current working directory.

7175

849 
\item [$\isarkeyword{use_thy}$, $\isarkeyword{use_thy_only}$,


850 
$\isarkeyword{update_thy}$, and $\isarkeyword{update_thy_only}$] load some


851 
theory given as $name$ argument. These commands are exactly the same as the


852 
corresponding ML functions (see also \cite[\S1 and \S6]{isabelleref}).


853 
Note that both the ML and Isar versions of these commands may load new and


854 
oldstyle theories alike.

7167

855 
\end{descr}

7134

856 


857 

7046

858 
%%% Local Variables:


859 
%%% mode: latex


860 
%%% TeXmaster: "isarref"


861 
%%% End:
