7046

1 

7335

2 
\chapter{Basic Isar Elements}\label{ch:puresyntax}

7167

3 

7315

4 
Subsequently, we introduce the main part of the basic Isar theory and proof


5 
commands as provided by Isabelle/Pure. Chapter~\ref{ch:gentools} describes

7335

6 
further Isar elements as provided by generic tools and packages (such as the


7 
Simplifier) that are either part of Pure Isabelle, or preloaded by most


8 
object logics. See chapter~\ref{ch:holtools} for actual objectlogic


9 
specific elements (for Isabelle/HOL).

7046

10 

7167

11 
\medskip


12 


13 
Isar commands may be either \emph{proper} document constructors, or

7175

14 
\emph{improper commands} (indicated by $^*$). Some proof methods and

7335

15 
attributes introduced later are classified as improper as well. Improper Isar


16 
language elements might be helpful when developing proof documents, while

7175

17 
their use is strongly discouraged for the final version. Typical examples are


18 
diagnostic commands that print terms or theorems according to the current


19 
context; other commands even emulate oldstyle tactical theorem proving, which


20 
facilitates porting of legacy proof scripts.

7167

21 

7134

22 


23 
\section{Theory commands}


24 

7167

25 
\subsection{Defining theories}\label{sec:beginthy}

7134

26 


27 
\indexisarcmd{theory}\indexisarcmd{end}\indexisarcmd{context}


28 
\begin{matharray}{rcl}


29 
\isarcmd{theory} & : & \isartrans{\cdot}{theory} \\


30 
\isarcmd{context}^* & : & \isartrans{\cdot}{theory} \\


31 
\isarcmd{end} & : & \isartrans{theory}{\cdot} \\


32 
\end{matharray}


33 


34 
Isabelle/Isar ``newstyle'' theories are either defined via theory files or

7167

35 
interactively. Both actual theory specifications and proofs are handled

7335

36 
uniformly  occasionally definitional mechanisms even require some explicit


37 
proof as well. In contrast, ``oldstyle'' Isabelle theories support batch


38 
processing only, with the proof scripts collected in separate ML files.

7134

39 


40 
The first command of any theory has to be $\THEORY$, starting a new theory

7175

41 
based on the merge of existing ones. The theory context may be also changed


42 
by $\CONTEXT$ without creating a new theory. In both cases, $\END$ concludes


43 
the theory development; it has to be the very last command of any proper


44 
theory file.

7134

45 


46 
\begin{rail}


47 
'theory' name '=' (name + '+') filespecs? ':'


48 
;


49 
'context' name


50 
;


51 
'end'


52 
;;


53 

7167

54 
filespecs: 'files' ((name  parname) +);

7134

55 
\end{rail}


56 

7167

57 
\begin{descr}

7134

58 
\item [$\THEORY~A = B@1 + \cdots + B@n$] commences a new theory $A$ based on

7175

59 
existing ones $B@1 + \cdots + B@n$. Isabelle's theory loader system ensures


60 
that any of the base theories are properly loaded (and fully uptodate when


61 
$\THEORY$ is executed interactively). The optional $\isarkeyword{files}$


62 
specification declares additional dependencies on ML files. Unless put in


63 
parentheses, any file will be loaded immediately via $\isarcmd{use}$ (see

7335

64 
also \S\ref{sec:ML}). The optional ML file \texttt{$A$.ML} that may be


65 
associated with any theory should \emph{not} be included in


66 
$\isarkeyword{files}$.

7134

67 

7167

68 
\item [$\CONTEXT~B$] enters an existing theory context $B$, basically in

7134

69 
readonly mode, so only a limited set of commands may be performed. Just as


70 
for $\THEORY$, the theory loader ensures that $B$ is loaded and uptodate.

7175

71 

7167

72 
\item [$\END$] concludes the current theory definition or context switch.

7175

73 
Note that this command cannot be undone, instead the theory definition


74 
itself has to be retracted.

7167

75 
\end{descr}

7134

76 


77 

7167

78 
\subsection{Formal comments}\label{sec:formalcmtthy}

7134

79 

7167

80 
\indexisarcmd{title}\indexisarcmd{chapter}\indexisarcmd{section}\indexisarcmd{subsection}


81 
\indexisarcmd{subsubsection}\indexisarcmd{text}

7134

82 
\begin{matharray}{rcl}


83 
\isarcmd{title} & : & \isartrans{theory}{theory} \\


84 
\isarcmd{chapter} & : & \isartrans{theory}{theory} \\

7167

85 
\isarcmd{section} & : & \isartrans{theory}{theory} \\

7134

86 
\isarcmd{subsection} & : & \isartrans{theory}{theory} \\


87 
\isarcmd{subsubsection} & : & \isartrans{theory}{theory} \\


88 
\isarcmd{text} & : & \isartrans{theory}{theory} \\


89 
\end{matharray}


90 

7167

91 
There are several commands to include \emph{formal comments} in theory


92 
specification (a few more are available for proofs, see


93 
\S\ref{sec:formalcmtprf}). In contrast to sourcelevel comments

7134

94 
\verb(*\dots\verb*), which are stripped at the lexical level, any text


95 
given as formal comment is meant to be part of the actual document.


96 
Consequently, it would be included in the final printed version.


97 


98 
Apart from plain prose, formal comments may also refer to logical entities of

7175

99 
the theory context (types, terms, theorems etc.). Proper processing of the


100 
text would then include some further consistency checks with the items


101 
declared in the current theory, e.g.\ typechecking of included


102 
terms.\footnote{The current version of Isabelle/Isar does not process formal

7134

103 
comments in any such way. This will be available as part of the automatic

7175

104 
theory and proof document preparation system (using (PDF){\LaTeX}) that is

7134

105 
planned for the near future.}


106 


107 
\begin{rail}


108 
'title' text text? text?


109 
;

7167

110 
('chapter'  'section'  'subsection'  'subsubsection'  'text') text

7134

111 
;


112 
\end{rail}


113 

7167

114 
\begin{descr}

7134

115 
\item [$\isarkeyword{title}~title~author~date$] specifies the document title

7175

116 
just as in typical {\LaTeX} documents.

7335

117 
\item [$\isarkeyword{chapter}$, $\isarkeyword{section}$,


118 
$\isarkeyword{subsection}$, and $\isarkeyword{subsubsection}$] mark chapter


119 
and section headings.


120 
\item [$\TEXT$] specifies an actual body of prose text, including references


121 
to formal entities.\footnote{The latter feature is not yet exploited.


122 
Nevertheless, any text of the form \texttt{\at\ttlbrace\dots\ttrbrace}


123 
should be considered as reserved for future use.}

7167

124 
\end{descr}

7134

125 


126 

7135

127 
\subsection{Type classes and sorts}\label{sec:classes}

7134

128 


129 
\indexisarcmd{classes}\indexisarcmd{classrel}\indexisarcmd{defaultsort}


130 
\begin{matharray}{rcl}


131 
\isarcmd{classes} & : & \isartrans{theory}{theory} \\


132 
\isarcmd{classrel} & : & \isartrans{theory}{theory} \\


133 
\isarcmd{defaultsort} & : & \isartrans{theory}{theory} \\


134 
\end{matharray}


135 


136 
\begin{rail}

7167

137 
'classes' (classdecl comment? +)

7134

138 
;


139 
'classrel' nameref '<' nameref comment?


140 
;


141 
'defaultsort' sort comment?


142 
;


143 
\end{rail}


144 

7167

145 
\begin{descr}

7335

146 
\item [$\isarkeyword{classes}~c<\vec c$] declares class $c$ to be a subclass


147 
of existing classes $\vec c$. Cyclic class structures are ruled out.

7134

148 
\item [$\isarkeyword{classrel}~c@1<c@2$] states a subclass relation between


149 
existing classes $c@1$ and $c@2$. This is done axiomatically! The

7175

150 
$\isarkeyword{instance}$ command (see \S\ref{sec:axclass}) provides a way


151 
introduce proven class relations.

7134

152 
\item [$\isarkeyword{defaultsort}~s$] makes sort $s$ the new default sort for

7175

153 
any type variables input without sort constraints. Usually, the default

7134

154 
sort would be only changed when defining new logics.

7167

155 
\end{descr}

7134

156 


157 

7315

158 
\subsection{Primitive types and type abbreviations}\label{sec:typespure}

7134

159 


160 
\indexisarcmd{typedecl}\indexisarcmd{types}\indexisarcmd{nonterminals}\indexisarcmd{arities}


161 
\begin{matharray}{rcl}


162 
\isarcmd{types} & : & \isartrans{theory}{theory} \\


163 
\isarcmd{typedecl} & : & \isartrans{theory}{theory} \\


164 
\isarcmd{nonterminals} & : & \isartrans{theory}{theory} \\


165 
\isarcmd{arities} & : & \isartrans{theory}{theory} \\


166 
\end{matharray}


167 


168 
\begin{rail}


169 
'types' (typespec '=' type infix? comment? +)


170 
;


171 
'typedecl' typespec infix? comment?


172 
;


173 
'nonterminals' (name +) comment?


174 
;


175 
'arities' (nameref '::' arity comment? +)


176 
;


177 
\end{rail}


178 

7167

179 
\begin{descr}

7335

180 
\item [$\TYPES~(\vec\alpha)t = \tau$] introduces \emph{type synonym}

7134

181 
$(\vec\alpha)t$ for existing type $\tau$. Unlike actual type definitions,


182 
as are available in Isabelle/HOL for example, type synonyms are just purely


183 
syntactic abbreviations, without any logical significance. Internally, type


184 
synonyms are fully expanded, as may be observed when printing terms or


185 
theorems.


186 
\item [$\isarkeyword{typedecl}~(\vec\alpha)t$] declares a new type constructor


187 
$t$, intended as an actual logical type. Note that some logics such as


188 
Isabelle/HOL provide their own version of $\isarkeyword{typedecl}$.

7175

189 
\item [$\isarkeyword{nonterminals}~\vec c$] declares $0$ary type constructors


190 
$\vec c$ to act as purely syntactic types, i.e.\ nonterminal symbols of


191 
Isabelle's inner syntax of terms or types.

7335

192 
\item [$\isarkeyword{arities}~t::(\vec s)s$] augments Isabelle's ordersorted


193 
signature of types by new type constructor arities. This is done


194 
axiomatically! The $\isarkeyword{instance}$ command (see

7175

195 
\S\ref{sec:axclass}) provides a way introduce proven type arities.

7167

196 
\end{descr}

7134

197 


198 


199 
\subsection{Constants and simple definitions}


200 

7175

201 
\indexisarcmd{consts}\indexisarcmd{defs}\indexisarcmd{constdefs}\indexoutertoken{constdecl}

7134

202 
\begin{matharray}{rcl}


203 
\isarcmd{consts} & : & \isartrans{theory}{theory} \\


204 
\isarcmd{defs} & : & \isartrans{theory}{theory} \\


205 
\isarcmd{constdefs} & : & \isartrans{theory}{theory} \\


206 
\end{matharray}


207 


208 
\begin{rail}


209 
'consts' (constdecl +)


210 
;


211 
'defs' (thmdecl? prop comment? +)


212 
;


213 
'constdefs' (constdecl prop comment? +)


214 
;


215 


216 
constdecl: name '::' type mixfix? comment?


217 
;


218 
\end{rail}


219 

7167

220 
\begin{descr}

7335

221 
\item [$\CONSTS~c::\sigma$] declares constant $c$ to have any instance of type


222 
scheme $\sigma$. The optional mixfix annotations may attach concrete syntax


223 
constants.


224 
\item [$\DEFS~name: eqn$] introduces $eqn$ as a definitional axiom for some


225 
existing constant. See \cite[\S6]{isabelleref} for more details on the


226 
form of equations admitted as constant definitions.


227 
\item [$\isarkeyword{constdefs}~c::\sigma~eqn$] combines declarations and


228 
definitions of constants, using canonical name $c_def$ for the definitional


229 
axiom.

7167

230 
\end{descr}

7134

231 


232 

7167

233 
\subsection{Syntax and translations}

7134

234 


235 
\indexisarcmd{syntax}\indexisarcmd{translations}


236 
\begin{matharray}{rcl}


237 
\isarcmd{syntax} & : & \isartrans{theory}{theory} \\


238 
\isarcmd{translations} & : & \isartrans{theory}{theory} \\


239 
\end{matharray}


240 


241 
\begin{rail}


242 
'syntax' ('(' name 'output'? ')')? (constdecl +)


243 
;


244 
'translations' (transpat ('=='  '=>'  '<=') transpat comment? +)


245 
;


246 
transpat: ('(' nameref ')')? string


247 
;


248 
\end{rail}


249 

7167

250 
\begin{descr}

7175

251 
\item [$\isarkeyword{syntax}~(mode)~decls$] is similar to $\CONSTS~decls$,


252 
except that the actual logical signature extension is omitted. Thus the


253 
context free grammar of Isabelle's inner syntax may be augmented in

7335

254 
arbitrary ways, independently of the logic. The $mode$ argument refers to


255 
the print mode that the grammar rules belong; unless there is the


256 
\texttt{output} flag given, all productions are added both to the input and


257 
output grammar.

7175

258 
\item [$\isarkeyword{translations}~rules$] specifies syntactic translation


259 
rules (also known as \emph{macros}): parse/print rules (\texttt{==}), parse

7335

260 
rules (\texttt{=>}), or print rules (\texttt{<=}). Translation patterns may


261 
be prefixed by the syntactic category to be used for parsing; the default is

7134

262 
\texttt{logic}.

7167

263 
\end{descr}

7134

264 


265 


266 
\subsection{Axioms and theorems}


267 


268 
\indexisarcmd{axioms}\indexisarcmd{theorems}\indexisarcmd{lemmas}


269 
\begin{matharray}{rcl}


270 
\isarcmd{axioms} & : & \isartrans{theory}{theory} \\


271 
\isarcmd{theorems} & : & \isartrans{theory}{theory} \\


272 
\isarcmd{lemmas} & : & \isartrans{theory}{theory} \\


273 
\end{matharray}


274 


275 
\begin{rail}

7135

276 
'axioms' (axmdecl prop comment? +)

7134

277 
;


278 
('theorems'  'lemmas') thmdef? thmrefs


279 
;


280 
\end{rail}


281 

7167

282 
\begin{descr}

7335

283 
\item [$\isarkeyword{axioms}~a: \phi$] introduces arbitrary statements as


284 
logical axioms. In fact, axioms are ``axiomatic theorems'', and may be


285 
referred later just as any other theorem.

7134

286 


287 
Axioms are usually only introduced when declaring new logical systems.

7175

288 
Everyday work is typically done the hard way, with proper definitions and

7134

289 
actual theorems.

7335

290 
\item [$\isarkeyword{theorems}~a = \vec b$] stores lists of existing theorems.


291 
Typical applications would also involve attributes, to augment the default


292 
Simplifier context, for example.

7134

293 
\item [$\isarkeyword{lemmas}$] is similar to $\isarkeyword{theorems}$, but


294 
tags the results as ``lemma''.

7167

295 
\end{descr}

7134

296 


297 

7167

298 
\subsection{Name spaces}

7134

299 

7167

300 
\indexisarcmd{global}\indexisarcmd{local}

7134

301 
\begin{matharray}{rcl}


302 
\isarcmd{global} & : & \isartrans{theory}{theory} \\


303 
\isarcmd{local} & : & \isartrans{theory}{theory} \\


304 
\end{matharray}


305 

7335

306 
Isabelle organizes any kind of names (of types, constants, theorems etc.) by

7175

307 
hierarchically structured name spaces. Normally the user never has to control

7335

308 
the behavior of name space entry by hand, yet the following commands provide

7175

309 
some way to do so.


310 

7167

311 
\begin{descr}


312 
\item [$\isarkeyword{global}$ and $\isarkeyword{local}$] change the current


313 
name declaration mode. Initially, theories start in $\isarkeyword{local}$


314 
mode, causing all names to be automatically qualified by the theory name.


315 
Changing this to $\isarkeyword{global}$ causes all names to be declared as

7175

316 
base names only, until $\isarkeyword{local}$ is declared again.

7167

317 
\end{descr}

7134

318 


319 

7167

320 
\subsection{Incorporating ML code}\label{sec:ML}

7134

321 


322 
\indexisarcmd{use}\indexisarcmd{ML}\indexisarcmd{setup}


323 
\begin{matharray}{rcl}


324 
\isarcmd{use} & : & \isartrans{\cdot}{\cdot} \\


325 
\isarcmd{ML} & : & \isartrans{\cdot}{\cdot} \\

7175

326 
\isarcmd{setup} & : & \isartrans{theory}{theory} \\

7134

327 
\end{matharray}


328 


329 
\begin{rail}


330 
'use' name


331 
;


332 
'ML' text


333 
;


334 
'setup' text


335 
;


336 
\end{rail}


337 

7167

338 
\begin{descr}

7175

339 
\item [$\isarkeyword{use}~file$] reads and executes ML commands from $file$.


340 
The current theory context (if present) is passed down to the ML session.


341 
Furthermore, the file name is checked with the $\isarkeyword{files}$


342 
dependency declaration given in the theory header (see also


343 
\S\ref{sec:beginthy}).

7431

344 

7175

345 
\item [$\isarkeyword{ML}~text$] reads and executes ML commands from $text$.


346 
The theory context is passed just as for $\isarkeyword{use}$.

7431

347 

7167

348 
\item [$\isarkeyword{setup}~text$] changes the current theory context by

7175

349 
applying setup functions $text$, which has to be an ML expression of type


350 
$(theory \to theory)~list$. The $\isarkeyword{setup}$ command is the usual

7335

351 
way to initialize objectlogic specific tools and packages written in ML.

7167

352 
\end{descr}

7134

353 


354 

7167

355 
\subsection{Syntax translation functions}

7134

356 

7167

357 
\indexisarcmd{parseasttranslation}\indexisarcmd{parsetranslation}


358 
\indexisarcmd{printtranslation}\indexisarcmd{typedprinttranslation}


359 
\indexisarcmd{printasttranslation}\indexisarcmd{tokentranslation}

7134

360 
\begin{matharray}{rcl}


361 
\isarcmd{parse_ast_translation} & : & \isartrans{theory}{theory} \\


362 
\isarcmd{parse_translation} & : & \isartrans{theory}{theory} \\


363 
\isarcmd{print_translation} & : & \isartrans{theory}{theory} \\


364 
\isarcmd{typed_print_translation} & : & \isartrans{theory}{theory} \\


365 
\isarcmd{print_ast_translation} & : & \isartrans{theory}{theory} \\


366 
\isarcmd{token_translation} & : & \isartrans{theory}{theory} \\


367 
\end{matharray}


368 


369 
Syntax translation functions written in ML admit almost arbitrary


370 
manipulations of Isabelle's inner syntax. Any of the above commands have a


371 
single \railqtoken{text} argument that refers to an ML expression of


372 
appropriate type. See \cite[\S8]{isabelleref} for more information on syntax


373 
transformations.


374 


375 


376 
\subsection{Oracles}


377 


378 
\indexisarcmd{oracle}


379 
\begin{matharray}{rcl}


380 
\isarcmd{oracle} & : & \isartrans{theory}{theory} \\


381 
\end{matharray}


382 

7175

383 
Oracles provide an interface to external reasoning systems, without giving up


384 
control completely  each theorem carries a derivation object recording any


385 
oracle invocation. See \cite[\S6]{isabelleref} for more information.


386 

7134

387 
\begin{rail}


388 
'oracle' name '=' text comment?


389 
;


390 
\end{rail}


391 

7167

392 
\begin{descr}

7175

393 
\item [$\isarkeyword{oracle}~name=text$] declares oracle $name$ to be ML

7315

394 
function $text$, which has to be of type $Sign\mathord.sg \times

7335

395 
Object\mathord.T \to term$.

7167

396 
\end{descr}

7134

397 


398 


399 
\section{Proof commands}


400 

7315

401 
Proof commands provide transitions of Isar/VM machine configurations, which


402 
are blockstructured, consisting of a stack of nodes with three main

7335

403 
components: logical proof context, current facts, and open goals. Isar/VM


404 
transitions are \emph{typed} according to the following three three different


405 
modes of operation:

7167

406 
\begin{descr}


407 
\item [$proof(prove)$] means that a new goal has just been stated that is now


408 
to be \emph{proven}; the next command may refine it by some proof method

7175

409 
($\approx$ tactic), and enter a subproof to establish the final result.

7167

410 
\item [$proof(state)$] is like an internal theory mode: the context may be

7175

411 
augmented by \emph{stating} additional assumptions, intermediate result etc.


412 
\item [$proof(chain)$] is an intermediate mode between $proof(state)$ and

7315

413 
$proof(prove)$: existing facts have been just picked up in order to use them

7335

414 
when refining the goal claimed next.

7167

415 
\end{descr}

7134

416 

7167

417 


418 
\subsection{Formal comments}\label{sec:formalcmtprf}


419 


420 
\indexisarcmd{sect}\indexisarcmd{subsect}\indexisarcmd{subsect}\indexisarcmd{txt}

7134

421 
\begin{matharray}{rcl}

7167

422 
\isarcmd{sect} & : & \isartrans{proof(state)}{proof(state)} \\


423 
\isarcmd{subsect} & : & \isartrans{proof(state)}{proof(state)} \\


424 
\isarcmd{subsubsect} & : & \isartrans{proof(state)}{proof(state)} \\


425 
\isarcmd{txt} & : & \isartrans{proof(state)}{proof(state)} \\

7134

426 
\end{matharray}


427 

7175

428 
These formal comments in proof mode closely correspond to the ones of theory


429 
mode (see \S\ref{sec:formalcmtthy}).


430 

7134

431 
\begin{rail}

7167

432 
('sect'  'subsect'  'subsubsect'  'txt') text

7134

433 
;


434 
\end{rail}


435 


436 

7315

437 
\subsection{Proof context}\label{sec:proofcontext}

7134

438 

7315

439 
\indexisarcmd{fix}\indexisarcmd{assume}\indexisarcmd{presume}\indexisarcmd{def}

7134

440 
\begin{matharray}{rcl}


441 
\isarcmd{fix} & : & \isartrans{proof(state)}{proof(state)} \\


442 
\isarcmd{assume} & : & \isartrans{proof(state)}{proof(state)} \\


443 
\isarcmd{presume} & : & \isartrans{proof(state)}{proof(state)} \\


444 
\isarcmd{def} & : & \isartrans{proof(state)}{proof(state)} \\


445 
\end{matharray}


446 

7315

447 
The logical proof context consists of fixed variables and assumptions. The


448 
former closely correspond to Skolem constants, or metalevel universal


449 
quantification as provided by the Isabelle/Pure logical framework.


450 
Introducing some \emph{arbitrary, but fixed} variable via $\FIX x$ results in

7319

451 
a local object that may be used in the subsequent proof as any other variable

7315

452 
or constant. Furthermore, any result $\phi[x]$ exported from the current


453 
context will be universally closed wrt.\ $x$ at the outermost level (this is


454 
expressed using Isabelle's metavariables).


455 


456 
Similarly, introducing some assumption $\chi$ has two effects. On the one


457 
hand, a local theorem is created that may be used as a fact in subsequent


458 
proof steps. On the other hand, any result $\phi$ exported from the context


459 
becomes conditional wrt.\ the assumption. Thus, solving an enclosing goal

7335

460 
using such a result would basically introduce a new subgoal stemming from the

7315

461 
assumption. How this situation is handled depends on the actual version of


462 
assumption command used: while $\ASSUMENAME$ solves the subgoal by unifying


463 
with some premise of the goal, $\PRESUMENAME$ leaves the subgoal unchanged to


464 
be proved later by the user.


465 

7319

466 
Local definitions, introduced by $\DEF{}{x \equiv t}$, are achieved by


467 
combining $\FIX x$ with another kind of assumption that causes any

7315

468 
hypothetical equation $x = t$ to be eliminated by reflexivity. Thus,


469 
exporting some result $\phi[x]$ simply yields $\phi[t]$.

7175

470 

7134

471 
\begin{rail}

7431

472 
'fix' (vars + 'and') comment?

7134

473 
;

7315

474 
('assume'  'presume') (assm comment? + 'and')

7134

475 
;

7175

476 
'def' thmdecl? \\ var '==' term termpat? comment?

7134

477 
;


478 


479 
var: name ('::' type)?


480 
;

7431

481 
vars: name+ ('::' type)?


482 
;

7315

483 
assm: thmdecl? (prop proppat? +)


484 
;

7134

485 
\end{rail}


486 

7167

487 
\begin{descr}

7315

488 
\item [$\FIX{x}$] introduces a local \emph{arbitrary, but fixed} variable $x$.


489 
\item [$\ASSUME{a}{\Phi}$ and $\PRESUME{a}{\Phi}$] introduce local theorems

7335

490 
$\Phi$ by assumption. Subsequent results applied to an enclosing goal


491 
(e.g.\ via $\SHOWNAME$) are handled as follows: $\ASSUMENAME$ expects to be


492 
able to unify with existing premises in the goal, while $\PRESUMENAME$


493 
leaves $\Phi$ as new subgoals.


494 


495 
Several lists of assumptions may be given (separated by


496 
$\isarkeyword{and}$); the resulting list of facts consists of all of these


497 
concatenated.

7315

498 
\item [$\DEF{a}{x \equiv t}$] introduces a local (nonpolymorphic) definition.


499 
In results exported from the context, $x$ is replaced by $t$. Basically,

7335

500 
$\DEF{}{x \equiv t}$ abbreviates $\FIX{x}~\PRESUME{}{x \equiv t}$, with the


501 
resulting hypothetical equation solved by reflexivity.

7431

502 


503 
The default name for the definitional equation is $x_def$.

7167

504 
\end{descr}


505 

7389

506 
The special theorem name $prems$\indexisarthm{prems} refers to all current

7335

507 
assumptions.

7315

508 

7167

509 


510 
\subsection{Facts and forward chaining}


511 


512 
\indexisarcmd{note}\indexisarcmd{then}\indexisarcmd{from}\indexisarcmd{with}


513 
\begin{matharray}{rcl}


514 
\isarcmd{note} & : & \isartrans{proof(state)}{proof(state)} \\


515 
\isarcmd{then} & : & \isartrans{proof(state)}{proof(chain)} \\


516 
\isarcmd{from} & : & \isartrans{proof(state)}{proof(chain)} \\


517 
\isarcmd{with} & : & \isartrans{proof(state)}{proof(chain)} \\


518 
\end{matharray}


519 

7319

520 
New facts are established either by assumption or proof of local statements.

7335

521 
Any fact will usually be involved in further proofs, either as explicit


522 
arguments of proof methods or when forward chaining towards the next goal via


523 
$\THEN$ (and variants). Note that the special theorem name

7389

524 
$facts$.\indexisarthm{facts} refers to the most recently established facts.

7167

525 
\begin{rail}


526 
'note' thmdef? thmrefs comment?


527 
;


528 
'then' comment?


529 
;


530 
('from'  'with') thmrefs comment?


531 
;


532 
\end{rail}


533 


534 
\begin{descr}

7175

535 
\item [$\NOTE{a}{\vec b}$] recalls existing facts $\vec b$, binding the result


536 
as $a$. Note that attributes may be involved as well, both on the left and


537 
right hand sides.

7167

538 
\item [$\THEN$] indicates forward chaining by the current facts in order to

7335

539 
establish the goal claimed next. The initial proof method invoked to refine


540 
that will be offered these facts to do ``anything appropriate'' (see also


541 
\S\ref{sec:proofsteps}). For example, method $rule$ (see

7167

542 
\S\ref{sec:puremeth}) would do an elimination rather than an introduction.

7335

543 
\item [$\FROM{\vec b}$] abbreviates $\NOTE{}{\vec b}~\THEN$; thus $\THEN$ is


544 
equivalent to $\FROM{facts}$.

7175

545 
\item [$\WITH{\vec b}$] abbreviates $\FROM{\vec b~facts}$; thus the forward


546 
chaining is from earlier facts together with the current ones.

7167

547 
\end{descr}


548 

7389

549 
Basic proof methods (such as $rule$, see \S\ref{sec:puremeth}) expect


550 
multiple facts to be given in proper order, corresponding to a prefix of the


551 
premises of the rule involved. Note that positions may be easily skipped


552 
using a form like $\FROM{_~a~b}$, for example. This involves the rule


553 
$PROP~\psi \Imp PROP~\psi$, which is bound in Isabelle/Pure as ``_''


554 
(underscore).\indexisarthm{_@\texttt{_}}


555 

7167

556 


557 
\subsection{Goal statements}


558 


559 
\indexisarcmd{theorem}\indexisarcmd{lemma}


560 
\indexisarcmd{have}\indexisarcmd{show}\indexisarcmd{hence}\indexisarcmd{thus}


561 
\begin{matharray}{rcl}


562 
\isarcmd{theorem} & : & \isartrans{theory}{proof(prove)} \\


563 
\isarcmd{lemma} & : & \isartrans{theory}{proof(prove)} \\


564 
\isarcmd{have} & : & \isartrans{proof(state)}{proof(prove)} \\


565 
\isarcmd{show} & : & \isartrans{proof(state)}{proof(prove)} \\


566 
\isarcmd{hence} & : & \isartrans{proof(state)}{proof(prove)} \\


567 
\isarcmd{thus} & : & \isartrans{proof(state)}{proof(prove)} \\


568 
\end{matharray}


569 

7175

570 
Proof mode is entered from theory mode by initial goal commands $\THEOREMNAME$


571 
and $\LEMMANAME$. New local goals may be claimed within proof mode: four


572 
variants are available, indicating whether the result is meant to solve some


573 
pending goal and whether forward chaining is employed.


574 

7167

575 
\begin{rail}


576 
('theorem'  'lemma') goal


577 
;


578 
('have'  'show'  'hence'  'thus') goal


579 
;


580 


581 
goal: thmdecl? proppat comment?


582 
;


583 
\end{rail}


584 


585 
\begin{descr}

7335

586 
\item [$\THEOREM{a}{\phi}$] enters proof mode with $\phi$ as main goal,

7175

587 
eventually resulting in some theorem $\turn \phi$, which will be stored in


588 
the theory.

7167

589 
\item [$\LEMMANAME$] is similar to $\THEOREMNAME$, but tags the result as


590 
``lemma''.

7335

591 
\item [$\HAVE{a}{\phi}$] claims a local goal, eventually resulting in a

7167

592 
theorem with the current assumption context as hypotheses.

7335

593 
\item [$\SHOW{a}{\phi}$] is similar to $\HAVE{a}{\phi}$, but solves some

7175

594 
pending goal with the result \emph{exported} into the corresponding context.

7335

595 
\item [$\HENCE{a}{\phi}$] abbreviates $\THEN~\HAVE{a}{\phi}$, i.e.\ claims a


596 
local goal to be proven by forward chaining the current facts.


597 
\item [$\THUS{a}{\phi}$] abbreviates $\THEN~\SHOW{a}{\phi}$.

7167

598 
\end{descr}


599 


600 


601 
\subsection{Initial and terminal proof steps}\label{sec:proofsteps}


602 

7175

603 
\indexisarcmd{proof}\indexisarcmd{qed}\indexisarcmd{by}


604 
\indexisarcmd{.}\indexisarcmd{..}\indexisarcmd{sorry}


605 
\begin{matharray}{rcl}


606 
\isarcmd{proof} & : & \isartrans{proof(prove)}{proof(state)} \\


607 
\isarcmd{qed} & : & \isartrans{proof(state)}{proof(state) ~~ theory} \\


608 
\isarcmd{by} & : & \isartrans{proof(prove)}{proof(state) ~~ theory} \\


609 
\isarcmd{.\,.} & : & \isartrans{proof(prove)}{proof(state) ~~ theory} \\


610 
\isarcmd{.} & : & \isartrans{proof(prove)}{proof(state) ~~ theory} \\


611 
\isarcmd{sorry} & : & \isartrans{proof(prove)}{proof(state) ~~ theory} \\


612 
\end{matharray}


613 

7335

614 
Arbitrary goal refinement via tactics is considered harmful. Consequently the


615 
Isar framework admits proof methods to be invoked in two places only.

7167

616 
\begin{enumerate}

7175

617 
\item An \emph{initial} refinement step $\PROOF{m@1}$ reduces a newly stated

7335

618 
goal to a number of subgoals that are to be solved later. Facts are passed


619 
to $m@1$ for forward chaining if so indicated by $proof(chain)$ mode.

7167

620 

7335

621 
\item A \emph{terminal} conclusion step $\QED{m@2}$ solves any remaining goals


622 
completely. No facts are passed to $m@2$.

7167

623 
\end{enumerate}


624 

7335

625 
The only other proper way to affect pending goals is by $\SHOWNAME$ (or


626 
$\THUSNAME$), which involves an explicit statement of what is to be solved.

7167

627 

7175

628 
\medskip


629 

7167

630 
Also note that initial proof methods should either solve the goal completely,


631 
or constitute some wellunderstood deterministic reduction to new subgoals.


632 
Arbitrary automatic proof tools that are prone leave a large number of badly


633 
structured subgoals are no help in continuing the proof document in any

7175

634 
intelligible way. A much better technique would be to $\SHOWNAME$ some


635 
nontrivial reduction as an explicit rule, which is solved completely by some


636 
automated method, and then applied to some pending goal.

7167

637 

7175

638 
\medskip


639 


640 
Unless given explicitly by the user, the default initial method is


641 
``$default$'', which is usually set up to apply a single standard elimination


642 
or introduction rule according to the topmost symbol involved. The default


643 
terminal method is ``$finish$''; it solves all goals by assumption.

7167

644 


645 
\begin{rail}


646 
'proof' interest? meth? comment?


647 
;


648 
'qed' meth? comment?


649 
;


650 
'by' meth meth? comment?


651 
;


652 
('.'  '..'  'sorry') comment?


653 
;


654 


655 
meth: method interest?


656 
;


657 
\end{rail}


658 


659 
\begin{descr}

7335

660 
\item [$\PROOF{m@1}$] refines the goal by proof method $m@1$; facts for


661 
forward chaining are passed if so indicated by $proof(chain)$ mode.


662 
\item [$\QED{m@2}$] refines any remaining goals by proof method $m@2$ and


663 
concludes the subproof. If the goal had been $\SHOWNAME$ (or $\THUSNAME$),


664 
some pending subgoal is solved as well by the rule resulting from the


665 
result exported to the enclosing goal context. Thus $\QEDNAME$ may fail for


666 
two reasons: either $m@2$ fails to solve all remaining goals completely, or


667 
the resulting rule does not resolve with any enclosing goal. Debugging such


668 
a situation might involve temporarily changing $\SHOWNAME$ into $\HAVENAME$,


669 
or softening the local context by replacing $\ASSUMENAME$ by $\PRESUMENAME$.

7175

670 
\item [$\BYY{m@1}{m@2}$] is a \emph{terminal proof}; it abbreviates


671 
$\PROOF{m@1}~\QED{m@2}$, with automatic backtracking across both methods.


672 
Debugging an unsuccessful $\BYY{m@1}{m@2}$ commands might be done by simply


673 
expanding the abbreviation by hand; note that $\PROOF{m@1}$ is usually


674 
sufficient to see what is going wrong.

7321

675 
\item [``$\DDOT$''] is a \emph{default proof}; it abbreviates $\BY{default}$.

7335

676 
\item [``$\DOT$''] is a \emph{trivial proof}; it abbreviates $\BY{}$.

7167

677 
\item [$\isarkeyword{sorry}$] is a \emph{fake proof}; provided that


678 
\texttt{quick_and_dirty} is enabled, $\isarkeyword{sorry}$ pretends to solve

7335

679 
the goal without further ado. Of course, the result is a fake theorem only,

7175

680 
involving some oracle in its internal derivation object (this is indicated

7319

681 
as $[!]$ in the printed result). The main application of

7167

682 
$\isarkeyword{sorry}$ is to support topdown proof development.


683 
\end{descr}

7134

684 


685 

7315

686 
\subsection{Improper proof steps}


687 


688 
The following commands emulate unstructured tactic scripts to some extent.


689 
While these are anathema for writing proper Isar proof documents, they might


690 
come in handy for exploring and debugging.


691 


692 
\indexisarcmd{apply}\indexisarcmd{thenapply}\indexisarcmd{back}


693 
\begin{matharray}{rcl}


694 
\isarcmd{apply}^* & : & \isartrans{proof}{proof} \\


695 
\isarcmd{then_apply}^* & : & \isartrans{proof}{proof} \\


696 
\isarcmd{back}^* & : & \isartrans{proof}{proof} \\


697 
\end{matharray}


698 


699 
\railalias{thenapply}{then\_apply}


700 
\railterm{thenapply}


701 


702 
\begin{rail}


703 
'apply' method


704 
;


705 
thenapply method


706 
;


707 
'back'


708 
;


709 
\end{rail}


710 


711 
\begin{descr}

7335

712 
\item [$\isarkeyword{apply}~(m)$] applies proof method $m$ in the

7315

713 
plainoldtactic sense. Facts for forward chaining are ignored.

7335

714 
\item [$\isarkeyword{then_apply}~(m)$] is similar to $\isarkeyword{apply}$,


715 
but observes the goal's facts.

7315

716 
\item [$\isarkeyword{back}$] does backtracking over the result sequence of

7389

717 
the latest proof command.\footnote{Unlike the ML function \texttt{back}


718 
\cite{isabelleref}, the Isar command does not search upwards for further


719 
branch points.} Basically, any proof command may return multiple results.

7315

720 
\end{descr}


721 


722 


723 
\subsection{Term abbreviations}\label{sec:termabbrev}


724 


725 
\indexisarcmd{let}


726 
\begin{matharray}{rcl}


727 
\isarcmd{let} & : & \isartrans{proof(state)}{proof(state)} \\


728 
\isarkeyword{is} & : & syntax \\


729 
\end{matharray}


730 


731 
Abbreviations may be either bound by explicit $\LET{p \equiv t}$ statements,


732 
or by annotating assumptions or goal statements ($\ASSUMENAME$, $\SHOWNAME$


733 
etc.) with a list of patterns $\IS{p@1 \dots p@n}$. In both cases,


734 
higherorder matching is applied to bind extralogical text


735 
variables\index{text variables}, which may be either of the form $\VVar{x}$


736 
(token class \railtoken{textvar}, see \S\ref{sec:lexsyntax}) or nameless


737 
dummies ``\verb,_,'' (underscore).\index{dummy variables} Note that in the


738 
$\LETNAME$ form the patterns occur on the lefthand side, while the $\ISNAME$


739 
patterns are in postfix position.


740 

7319

741 
Term abbreviations are quite different from actual local definitions as


742 
introduced via $\DEFNAME$ (see \S\ref{sec:proofcontext}). The latter are

7315

743 
visible within the logic as actual equations, while abbreviations disappear


744 
during the input process just after type checking.


745 


746 
\begin{rail}


747 
'let' ((term + 'as') '=' term comment? + 'and')


748 
;


749 
\end{rail}


750 


751 
The syntax of $\ISNAME$ patterns follows \railnonterm{termpat} or


752 
\railnonterm{proppat} (see \S\ref{sec:termpats}).


753 


754 
\begin{descr}


755 
\item [$\LET{\vec p = \vec t}$] binds any text variables in patters $\vec p$


756 
by simultaneous higherorder matching against terms $\vec t$.


757 
\item [$\IS{\vec p}$] resembles $\LETNAME$, but matches $\vec p$ against the


758 
preceding statement. Also note that $\ISNAME$ is not a separate command,


759 
but part of others (such as $\ASSUMENAME$, $\HAVENAME$ etc.).


760 
\end{descr}


761 

7319

762 
A few \emph{automatic} term abbreviations\index{automatic abbreviation} for

7335

763 
goals and facts are available as well. For any open goal,


764 
$\VVar{thesis_prop}$ refers to the full proposition (which may be a rule),


765 
$\VVar{thesis_concl}$ to its (atomic) conclusion, and $\VVar{thesis}$ to its


766 
objectlogical statement. The latter two abstract over any metalevel


767 
parameters.

7315

768 


769 
Facts (i.e.\ assumptions and finished goals) that have an application $f(x)$


770 
as objectlogic statement get $x$ bound to the special text variable


771 
``$\dots$'' (three dots). The canonical application of this feature are

7335

772 
calculational proofs (see \S\ref{sec:calculation}).

7315

773 


774 

7134

775 
\subsection{Block structure}


776 

7397

777 
\indexisarcmd{next}\indexisarcmd{\{\{}\indexisarcmd{\}\}}


778 
\begin{matharray}{rcl}


779 
\isarcmd{next} & : & \isartrans{proof(state)}{proof(state)} \\


780 
\isarcmd{\{\{} & : & \isartrans{proof(state)}{proof(state)} \\


781 
\isarcmd{\}\}} & : & \isartrans{proof(state)}{proof(state)} \\


782 
\end{matharray}


783 

7167

784 
While Isar is inherently blockstructured, opening and closing blocks is


785 
mostly handled rather casually, with little explicit userintervention. Any


786 
local goal statement automatically opens \emph{two} blocks, which are closed


787 
again when concluding the subproof (by $\QEDNAME$ etc.). Sections of


788 
different context within a subproof are typically switched via


789 
$\isarkeyword{next}$, which is just a single blockclose followed by


790 
blockopen again. Thus the effect of $\isarkeyword{next}$ is to reset the


791 
proof context to that of the head of the subproof. Note that there is no

7175

792 
goal focus involved here!

7167

793 

7175

794 
For slightly more advanced applications, there are explicit block parentheses


795 
as well. These typically achieve a strong forward style of reasoning.

7167

796 


797 
\begin{descr}


798 
\item [$\isarkeyword{next}$] switches to a fresh block within a subproof,


799 
resetting the context to the initial one.


800 
\item [$\isarkeyword{\{\{}$ and $\isarkeyword{\}\}}$] explicitly open and


801 
close blocks. Any current facts pass through $\isarkeyword{\{\{}$


802 
unchanged, while $\isarkeyword{\}\}}$ causes them to be \emph{exported} into

7335

803 
the enclosing context. Thus fixed variables are generalized, assumptions


804 
discharged, and local definitions eliminated. There is no difference of


805 
$\ASSUMENAME$ and $\PRESUMENAME$ here.

7167

806 
\end{descr}

7134

807 


808 


809 
\section{Other commands}


810 


811 
\subsection{Diagnostics}


812 


813 
\indexisarcmd{typ}\indexisarcmd{term}\indexisarcmd{prop}\indexisarcmd{thm}


814 
\begin{matharray}{rcl}


815 
\isarcmd{typ} & : & \isarkeep{theory~~proof} \\


816 
\isarcmd{term} & : & \isarkeep{theory~~proof} \\


817 
\isarcmd{prop} & : & \isarkeep{theory~~proof} \\


818 
\isarcmd{thm} & : & \isarkeep{theory~~proof} \\


819 
\end{matharray}


820 

7335

821 
These commands are not part of the actual Isabelle/Isar syntax, but assist


822 
interactive development. Also note that $undo$ does not apply here, since the


823 
theory or proof configuration is not changed.


824 

7134

825 
\begin{rail}


826 
'typ' type


827 
;


828 
'term' term


829 
;


830 
'prop' prop


831 
;


832 
'thm' thmrefs


833 
;


834 
\end{rail}


835 

7167

836 
\begin{descr}

7134

837 
\item [$\isarkeyword{typ}~\tau$, $\isarkeyword{term}~t$,


838 
$\isarkeyword{prop}~\phi$] read and print types / terms / propositions


839 
according to the current theory or proof context.


840 
\item [$\isarkeyword{thm}~thms$] retrieves lists of theorems from the current


841 
theory or proof context. Note that any attributes included in the theorem

7175

842 
specifications are applied to a temporary context derived from the current

7335

843 
theory or proof; the result is discarded, i.e.\ attributes involved in


844 
$thms$ only have a temporary effect.

7167

845 
\end{descr}

7134

846 


847 


848 
\subsection{System operations}


849 

7167

850 
\indexisarcmd{cd}\indexisarcmd{pwd}\indexisarcmd{usethy}\indexisarcmd{usethyonly}


851 
\indexisarcmd{updatethy}\indexisarcmd{updatethyonly}

7134

852 
\begin{matharray}{rcl}


853 
\isarcmd{cd} & : & \isarkeep{\cdot} \\


854 
\isarcmd{pwd} & : & \isarkeep{\cdot} \\


855 
\isarcmd{use_thy} & : & \isarkeep{\cdot} \\


856 
\isarcmd{use_thy_only} & : & \isarkeep{\cdot} \\


857 
\isarcmd{update_thy} & : & \isarkeep{\cdot} \\


858 
\isarcmd{update_thy_only} & : & \isarkeep{\cdot} \\


859 
\end{matharray}


860 

7167

861 
\begin{descr}

7134

862 
\item [$\isarkeyword{cd}~name$] changes the current directory of the Isabelle


863 
process.


864 
\item [$\isarkeyword{pwd}~$] prints the current working directory.

7175

865 
\item [$\isarkeyword{use_thy}$, $\isarkeyword{use_thy_only}$,


866 
$\isarkeyword{update_thy}$, and $\isarkeyword{update_thy_only}$] load some


867 
theory given as $name$ argument. These commands are exactly the same as the

7335

868 
corresponding ML functions (see also \cite[\S1,\S6]{isabelleref}). Note

7397

869 
that both the ML and Isar versions may load new and oldstyle theories


870 
alike.

7167

871 
\end{descr}

7134

872 

7335

873 
Note that these system commands are scarcely used when working with


874 
Proof~General, since loading of theories is done fully automatic.


875 

7134

876 

7046

877 
%%% Local Variables:


878 
%%% mode: latex


879 
%%% TeXmaster: "isarref"


880 
%%% End:
