isabelle: doc-src/Ref/classical.tex@a0b71a4bbe5e (annotated)

104 d8205bb279a7 Initial revision lcp parents: diff changeset	1	%% $Id$
319 f143f7686cd6 penultimate Springer draft lcp parents: 308 diff changeset	2	\chapter{The Classical Reasoner}\label{chap:classical}
286 e7efbf03562b first draft of Springer book lcp parents: 104 diff changeset	3	\index{classical reasoner\|(}
308 f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	4	\newcommand\ainfer[2]{\begin{array}{r@{\,}l}#2\\ \hline#1\end{array}}
f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	5
104 d8205bb279a7 Initial revision lcp parents: diff changeset	6	Although Isabelle is generic, many users will be working in some extension
308 f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	7	of classical first-order logic. Isabelle's set theory~{\tt ZF} is built
f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	8	upon theory~{\tt FOL}, while higher-order logic contains first-order logic
f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	9	as a fragment. Theorem-proving in predicate logic is undecidable, but many
f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	10	researchers have developed strategies to assist in this task.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	11
286 e7efbf03562b first draft of Springer book lcp parents: 104 diff changeset	12	Isabelle's classical reasoner is an \ML{} functor that accepts certain
104 d8205bb279a7 Initial revision lcp parents: diff changeset	13	information about a logic and delivers a suite of automatic tactics. Each
d8205bb279a7 Initial revision lcp parents: diff changeset	14	tactic takes a collection of rules and executes a simple, non-clausal proof
d8205bb279a7 Initial revision lcp parents: diff changeset	15	procedure. They are slow and simplistic compared with resolution theorem
d8205bb279a7 Initial revision lcp parents: diff changeset	16	provers, but they can save considerable time and effort. They can prove
d8205bb279a7 Initial revision lcp parents: diff changeset	17	theorems such as Pelletier's~\cite{pelletier86} problems~40 and~41 in
d8205bb279a7 Initial revision lcp parents: diff changeset	18	seconds:
d8205bb279a7 Initial revision lcp parents: diff changeset	19	\[ (\exists y. \forall x. J(y,x) \bimp \neg J(x,x))
d8205bb279a7 Initial revision lcp parents: diff changeset	20	\imp \neg (\forall x. \exists y. \forall z. J(z,y) \bimp \neg J(z,x)) \]
d8205bb279a7 Initial revision lcp parents: diff changeset	21	\[ (\forall z. \exists y. \forall x. F(x,y) \bimp F(x,z) \conj \neg F(x,x))
d8205bb279a7 Initial revision lcp parents: diff changeset	22	\imp \neg (\exists z. \forall x. F(x,z))
d8205bb279a7 Initial revision lcp parents: diff changeset	23	\]
308 f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	24	%
f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	25	The tactics are generic. They are not restricted to first-order logic, and
f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	26	have been heavily used in the development of Isabelle's set theory. Few
f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	27	interactive proof assistants provide this much automation. The tactics can
f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	28	be traced, and their components can be called directly; in this manner,
f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	29	any proof can be viewed interactively.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	30
332 01b87a921967 final Springer copy lcp parents: 319 diff changeset	31	We shall first discuss the underlying principles, then consider how to use
01b87a921967 final Springer copy lcp parents: 319 diff changeset	32	the classical reasoner. Finally, we shall see how to instantiate it for
01b87a921967 final Springer copy lcp parents: 319 diff changeset	33	new logics. The logics {\tt FOL}, {\tt HOL} and {\tt ZF} have it already
01b87a921967 final Springer copy lcp parents: 319 diff changeset	34	installed.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	35
d8205bb279a7 Initial revision lcp parents: diff changeset	36
d8205bb279a7 Initial revision lcp parents: diff changeset	37	\section{The sequent calculus}
d8205bb279a7 Initial revision lcp parents: diff changeset	38	\index{sequent calculus}
d8205bb279a7 Initial revision lcp parents: diff changeset	39	Isabelle supports natural deduction, which is easy to use for interactive
d8205bb279a7 Initial revision lcp parents: diff changeset	40	proof. But natural deduction does not easily lend itself to automation,
d8205bb279a7 Initial revision lcp parents: diff changeset	41	and has a bias towards intuitionism. For certain proofs in classical
d8205bb279a7 Initial revision lcp parents: diff changeset	42	logic, it can not be called natural. The {\bf sequent calculus}, a
d8205bb279a7 Initial revision lcp parents: diff changeset	43	generalization of natural deduction, is easier to automate.
d8205bb279a7 Initial revision lcp parents: diff changeset	44
d8205bb279a7 Initial revision lcp parents: diff changeset	45	A {\bf sequent} has the form $\Gamma\turn\Delta$, where $\Gamma$
308 f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	46	and~$\Delta$ are sets of formulae.%
f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	47	\footnote{For first-order logic, sequents can equivalently be made from
f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	48	lists or multisets of formulae.} The sequent
104 d8205bb279a7 Initial revision lcp parents: diff changeset	49	\[ P@1,\ldots,P@m\turn Q@1,\ldots,Q@n \]
d8205bb279a7 Initial revision lcp parents: diff changeset	50	is {\bf valid} if $P@1\conj\ldots\conj P@m$ implies $Q@1\disj\ldots\disj
d8205bb279a7 Initial revision lcp parents: diff changeset	51	Q@n$. Thus $P@1,\ldots,P@m$ represent assumptions, each of which is true,
d8205bb279a7 Initial revision lcp parents: diff changeset	52	while $Q@1,\ldots,Q@n$ represent alternative goals. A sequent is {\bf
d8205bb279a7 Initial revision lcp parents: diff changeset	53	basic} if its left and right sides have a common formula, as in $P,Q\turn
d8205bb279a7 Initial revision lcp parents: diff changeset	54	Q,R$; basic sequents are trivially valid.
d8205bb279a7 Initial revision lcp parents: diff changeset	55
d8205bb279a7 Initial revision lcp parents: diff changeset	56	Sequent rules are classified as {\bf right} or {\bf left}, indicating which
d8205bb279a7 Initial revision lcp parents: diff changeset	57	side of the $\turn$~symbol they operate on. Rules that operate on the
d8205bb279a7 Initial revision lcp parents: diff changeset	58	right side are analogous to natural deduction's introduction rules, and
308 f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	59	left rules are analogous to elimination rules.
f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	60	Recall the natural deduction rules for
f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	61	first-order logic,
f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	62	\iflabelundefined{fol-fig}{from {\it Introduction to Isabelle}}%
f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	63	{Fig.\ts\ref{fol-fig}}.
f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	64	The sequent calculus analogue of~$({\imp}I)$ is the rule
104 d8205bb279a7 Initial revision lcp parents: diff changeset	65	$$ \ainfer{\Gamma &\turn \Delta, P\imp Q}{P,\Gamma &\turn \Delta,Q}
d8205bb279a7 Initial revision lcp parents: diff changeset	66	\eqno({\imp}R) $$
d8205bb279a7 Initial revision lcp parents: diff changeset	67	This breaks down some implication on the right side of a sequent; $\Gamma$
d8205bb279a7 Initial revision lcp parents: diff changeset	68	and $\Delta$ stand for the sets of formulae that are unaffected by the
d8205bb279a7 Initial revision lcp parents: diff changeset	69	inference. The analogue of the pair~$({\disj}I1)$ and~$({\disj}I2)$ is the
d8205bb279a7 Initial revision lcp parents: diff changeset	70	single rule
d8205bb279a7 Initial revision lcp parents: diff changeset	71	$$ \ainfer{\Gamma &\turn \Delta, P\disj Q}{\Gamma &\turn \Delta,P,Q}
d8205bb279a7 Initial revision lcp parents: diff changeset	72	\eqno({\disj}R) $$
d8205bb279a7 Initial revision lcp parents: diff changeset	73	This breaks down some disjunction on the right side, replacing it by both
d8205bb279a7 Initial revision lcp parents: diff changeset	74	disjuncts. Thus, the sequent calculus is a kind of multiple-conclusion logic.
d8205bb279a7 Initial revision lcp parents: diff changeset	75
d8205bb279a7 Initial revision lcp parents: diff changeset	76	To illustrate the use of multiple formulae on the right, let us prove
d8205bb279a7 Initial revision lcp parents: diff changeset	77	the classical theorem $(P\imp Q)\disj(Q\imp P)$. Working backwards, we
d8205bb279a7 Initial revision lcp parents: diff changeset	78	reduce this formula to a basic sequent:
d8205bb279a7 Initial revision lcp parents: diff changeset	79	\[ \infer[(\disj)R]{\turn(P\imp Q)\disj(Q\imp P)}
d8205bb279a7 Initial revision lcp parents: diff changeset	80	{\infer[(\imp)R]{\turn(P\imp Q), (Q\imp P)\;}
d8205bb279a7 Initial revision lcp parents: diff changeset	81	{\infer[(\imp)R]{P \turn Q, (Q\imp P)\qquad}
d8205bb279a7 Initial revision lcp parents: diff changeset	82	{P, Q \turn Q, P\qquad\qquad}}}
d8205bb279a7 Initial revision lcp parents: diff changeset	83	\]
d8205bb279a7 Initial revision lcp parents: diff changeset	84	This example is typical of the sequent calculus: start with the desired
d8205bb279a7 Initial revision lcp parents: diff changeset	85	theorem and apply rules backwards in a fairly arbitrary manner. This yields a
d8205bb279a7 Initial revision lcp parents: diff changeset	86	surprisingly effective proof procedure. Quantifiers add few complications,
d8205bb279a7 Initial revision lcp parents: diff changeset	87	since Isabelle handles parameters and schematic variables. See Chapter~10
d8205bb279a7 Initial revision lcp parents: diff changeset	88	of {\em ML for the Working Programmer}~\cite{paulson91} for further
d8205bb279a7 Initial revision lcp parents: diff changeset	89	discussion.
d8205bb279a7 Initial revision lcp parents: diff changeset	90
d8205bb279a7 Initial revision lcp parents: diff changeset	91
d8205bb279a7 Initial revision lcp parents: diff changeset	92	\section{Simulating sequents by natural deduction}
308 f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	93	Isabelle can represent sequents directly, as in the object-logic~{\tt LK}\@.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	94	But natural deduction is easier to work with, and most object-logics employ
d8205bb279a7 Initial revision lcp parents: diff changeset	95	it. Fortunately, we can simulate the sequent $P@1,\ldots,P@m\turn
d8205bb279a7 Initial revision lcp parents: diff changeset	96	Q@1,\ldots,Q@n$ by the Isabelle formula
d8205bb279a7 Initial revision lcp parents: diff changeset	97	\[ \List{P@1;\ldots;P@m; \neg Q@2;\ldots; \neg Q@n}\Imp Q@1, \]
d8205bb279a7 Initial revision lcp parents: diff changeset	98	where the order of the assumptions and the choice of~$Q@1$ are arbitrary.
d8205bb279a7 Initial revision lcp parents: diff changeset	99	Elim-resolution plays a key role in simulating sequent proofs.
d8205bb279a7 Initial revision lcp parents: diff changeset	100
d8205bb279a7 Initial revision lcp parents: diff changeset	101	We can easily handle reasoning on the left.
308 f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	102	As discussed in
f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	103	\iflabelundefined{destruct}{{\it Introduction to Isabelle}}{\S\ref{destruct}},
104 d8205bb279a7 Initial revision lcp parents: diff changeset	104	elim-resolution with the rules $(\disj E)$, $(\bot E)$ and $(\exists E)$
d8205bb279a7 Initial revision lcp parents: diff changeset	105	achieves a similar effect as the corresponding sequent rules. For the
d8205bb279a7 Initial revision lcp parents: diff changeset	106	other connectives, we use sequent-style elimination rules instead of
308 f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	107	destruction rules such as $({\conj}E1,2)$ and $(\forall E)$. But note that
f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	108	the rule $(\neg L)$ has no effect under our representation of sequents!
104 d8205bb279a7 Initial revision lcp parents: diff changeset	109	$$ \ainfer{\neg P,\Gamma &\turn \Delta}{\Gamma &\turn \Delta,P}
d8205bb279a7 Initial revision lcp parents: diff changeset	110	\eqno({\neg}L) $$
d8205bb279a7 Initial revision lcp parents: diff changeset	111	What about reasoning on the right? Introduction rules can only affect the
308 f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	112	formula in the conclusion, namely~$Q@1$. The other right-side formulae are
319 f143f7686cd6 penultimate Springer draft lcp parents: 308 diff changeset	113	represented as negated assumptions, $\neg Q@2$, \ldots,~$\neg Q@n$.
f143f7686cd6 penultimate Springer draft lcp parents: 308 diff changeset	114	\index{assumptions!negated}
f143f7686cd6 penultimate Springer draft lcp parents: 308 diff changeset	115	In order to operate on one of these, it must first be exchanged with~$Q@1$.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	116	Elim-resolution with the {\bf swap} rule has this effect:
d8205bb279a7 Initial revision lcp parents: diff changeset	117	$$ \List{\neg P; \; \neg R\Imp P} \Imp R \eqno(swap)$$
d8205bb279a7 Initial revision lcp parents: diff changeset	118	To ensure that swaps occur only when necessary, each introduction rule is
d8205bb279a7 Initial revision lcp parents: diff changeset	119	converted into a swapped form: it is resolved with the second premise
d8205bb279a7 Initial revision lcp parents: diff changeset	120	of~$(swap)$. The swapped form of~$({\conj}I)$, which might be
d8205bb279a7 Initial revision lcp parents: diff changeset	121	called~$({\neg\conj}E)$, is
d8205bb279a7 Initial revision lcp parents: diff changeset	122	\[ \List{\neg(P\conj Q); \; \neg R\Imp P; \; \neg R\Imp Q} \Imp R. \]
d8205bb279a7 Initial revision lcp parents: diff changeset	123	Similarly, the swapped form of~$({\imp}I)$ is
d8205bb279a7 Initial revision lcp parents: diff changeset	124	\[ \List{\neg(P\imp Q); \; \List{\neg R;P}\Imp Q} \Imp R \]
d8205bb279a7 Initial revision lcp parents: diff changeset	125	Swapped introduction rules are applied using elim-resolution, which deletes
d8205bb279a7 Initial revision lcp parents: diff changeset	126	the negated formula. Our representation of sequents also requires the use
d8205bb279a7 Initial revision lcp parents: diff changeset	127	of ordinary introduction rules. If we had no regard for readability, we
d8205bb279a7 Initial revision lcp parents: diff changeset	128	could treat the right side more uniformly by representing sequents as
d8205bb279a7 Initial revision lcp parents: diff changeset	129	\[ \List{P@1;\ldots;P@m; \neg Q@1;\ldots; \neg Q@n}\Imp \bot. \]
d8205bb279a7 Initial revision lcp parents: diff changeset	130
d8205bb279a7 Initial revision lcp parents: diff changeset	131
d8205bb279a7 Initial revision lcp parents: diff changeset	132	\section{Extra rules for the sequent calculus}
d8205bb279a7 Initial revision lcp parents: diff changeset	133	As mentioned, destruction rules such as $({\conj}E1,2)$ and $(\forall E)$
d8205bb279a7 Initial revision lcp parents: diff changeset	134	must be replaced by sequent-style elimination rules. In addition, we need
d8205bb279a7 Initial revision lcp parents: diff changeset	135	rules to embody the classical equivalence between $P\imp Q$ and $\neg P\disj
d8205bb279a7 Initial revision lcp parents: diff changeset	136	Q$. The introduction rules~$({\disj}I1,2)$ are replaced by a rule that
d8205bb279a7 Initial revision lcp parents: diff changeset	137	simulates $({\disj}R)$:
d8205bb279a7 Initial revision lcp parents: diff changeset	138	\[ (\neg Q\Imp P) \Imp P\disj Q \]
d8205bb279a7 Initial revision lcp parents: diff changeset	139	The destruction rule $({\imp}E)$ is replaced by
332 01b87a921967 final Springer copy lcp parents: 319 diff changeset	140	\[ \List{P\imp Q;\; \neg P\Imp R;\; Q\Imp R} \Imp R. \]
104 d8205bb279a7 Initial revision lcp parents: diff changeset	141	Quantifier replication also requires special rules. In classical logic,
308 f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	142	$\exists x{.}P$ is equivalent to $\neg\forall x{.}\neg P$; the rules
f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	143	$(\exists R)$ and $(\forall L)$ are dual:
104 d8205bb279a7 Initial revision lcp parents: diff changeset	144	\[ \ainfer{\Gamma &\turn \Delta, \exists x{.}P}
d8205bb279a7 Initial revision lcp parents: diff changeset	145	{\Gamma &\turn \Delta, \exists x{.}P, P[t/x]} \; (\exists R)
d8205bb279a7 Initial revision lcp parents: diff changeset	146	\qquad
d8205bb279a7 Initial revision lcp parents: diff changeset	147	\ainfer{\forall x{.}P, \Gamma &\turn \Delta}
d8205bb279a7 Initial revision lcp parents: diff changeset	148	{P[t/x], \forall x{.}P, \Gamma &\turn \Delta} \; (\forall L)
d8205bb279a7 Initial revision lcp parents: diff changeset	149	\]
d8205bb279a7 Initial revision lcp parents: diff changeset	150	Thus both kinds of quantifier may be replicated. Theorems requiring
d8205bb279a7 Initial revision lcp parents: diff changeset	151	multiple uses of a universal formula are easy to invent; consider
308 f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	152	\[ (\forall x.P(x)\imp P(f(x))) \conj P(a) \imp P(f^n(a)), \]
f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	153	for any~$n>1$. Natural examples of the multiple use of an existential
f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	154	formula are rare; a standard one is $\exists x.\forall y. P(x)\imp P(y)$.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	155
d8205bb279a7 Initial revision lcp parents: diff changeset	156	Forgoing quantifier replication loses completeness, but gains decidability,
d8205bb279a7 Initial revision lcp parents: diff changeset	157	since the search space becomes finite. Many useful theorems can be proved
d8205bb279a7 Initial revision lcp parents: diff changeset	158	without replication, and the search generally delivers its verdict in a
d8205bb279a7 Initial revision lcp parents: diff changeset	159	reasonable time. To adopt this approach, represent the sequent rules
d8205bb279a7 Initial revision lcp parents: diff changeset	160	$(\exists R)$, $(\exists L)$ and $(\forall R)$ by $(\exists I)$, $(\exists
d8205bb279a7 Initial revision lcp parents: diff changeset	161	E)$ and $(\forall I)$, respectively, and put $(\forall E)$ into elimination
d8205bb279a7 Initial revision lcp parents: diff changeset	162	form:
d8205bb279a7 Initial revision lcp parents: diff changeset	163	$$ \List{\forall x{.}P(x); P(t)\Imp Q} \Imp Q \eqno(\forall E@2) $$
d8205bb279a7 Initial revision lcp parents: diff changeset	164	Elim-resolution with this rule will delete the universal formula after a
d8205bb279a7 Initial revision lcp parents: diff changeset	165	single use. To replicate universal quantifiers, replace the rule by
d8205bb279a7 Initial revision lcp parents: diff changeset	166	$$ \List{\forall x{.}P(x);\; \List{P(t); \forall x{.}P(x)}\Imp Q} \Imp Q.
d8205bb279a7 Initial revision lcp parents: diff changeset	167	\eqno(\forall E@3) $$
d8205bb279a7 Initial revision lcp parents: diff changeset	168	To replicate existential quantifiers, replace $(\exists I)$ by
332 01b87a921967 final Springer copy lcp parents: 319 diff changeset	169	\[ \List{\neg(\exists x{.}P(x)) \Imp P(t)} \Imp \exists x{.}P(x). \]
104 d8205bb279a7 Initial revision lcp parents: diff changeset	170	All introduction rules mentioned above are also useful in swapped form.
d8205bb279a7 Initial revision lcp parents: diff changeset	171
d8205bb279a7 Initial revision lcp parents: diff changeset	172	Replication makes the search space infinite; we must apply the rules with
286 e7efbf03562b first draft of Springer book lcp parents: 104 diff changeset	173	care. The classical reasoner distinguishes between safe and unsafe
104 d8205bb279a7 Initial revision lcp parents: diff changeset	174	rules, applying the latter only when there is no alternative. Depth-first
d8205bb279a7 Initial revision lcp parents: diff changeset	175	search may well go down a blind alley; best-first search is better behaved
d8205bb279a7 Initial revision lcp parents: diff changeset	176	in an infinite search space. However, quantifier replication is too
d8205bb279a7 Initial revision lcp parents: diff changeset	177	expensive to prove any but the simplest theorems.
d8205bb279a7 Initial revision lcp parents: diff changeset	178
d8205bb279a7 Initial revision lcp parents: diff changeset	179
d8205bb279a7 Initial revision lcp parents: diff changeset	180	\section{Classical rule sets}
319 f143f7686cd6 penultimate Springer draft lcp parents: 308 diff changeset	181	\index{classical sets}
f143f7686cd6 penultimate Springer draft lcp parents: 308 diff changeset	182	Each automatic tactic takes a {\bf classical set} --- a collection of
104 d8205bb279a7 Initial revision lcp parents: diff changeset	183	rules, classified as introduction or elimination and as {\bf safe} or {\bf
d8205bb279a7 Initial revision lcp parents: diff changeset	184	unsafe}. In general, safe rules can be attempted blindly, while unsafe
d8205bb279a7 Initial revision lcp parents: diff changeset	185	rules must be used with care. A safe rule must never reduce a provable
308 f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	186	goal to an unprovable set of subgoals.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	187
308 f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	188	The rule~$({\disj}I1)$ is unsafe because it reduces $P\disj Q$ to~$P$. Any
f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	189	rule is unsafe whose premises contain new unknowns. The elimination
f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	190	rule~$(\forall E@2)$ is unsafe, since it is applied via elim-resolution,
f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	191	which discards the assumption $\forall x{.}P(x)$ and replaces it by the
f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	192	weaker assumption~$P(\Var{t})$. The rule $({\exists}I)$ is unsafe for
f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	193	similar reasons. The rule~$(\forall E@3)$ is unsafe in a different sense:
f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	194	since it keeps the assumption $\forall x{.}P(x)$, it is prone to looping.
f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	195	In classical first-order logic, all rules are safe except those mentioned
f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	196	above.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	197
d8205bb279a7 Initial revision lcp parents: diff changeset	198	The safe/unsafe distinction is vague, and may be regarded merely as a way
d8205bb279a7 Initial revision lcp parents: diff changeset	199	of giving some rules priority over others. One could argue that
d8205bb279a7 Initial revision lcp parents: diff changeset	200	$({\disj}E)$ is unsafe, because repeated application of it could generate
d8205bb279a7 Initial revision lcp parents: diff changeset	201	exponentially many subgoals. Induction rules are unsafe because inductive
d8205bb279a7 Initial revision lcp parents: diff changeset	202	proofs are difficult to set up automatically. Any inference is unsafe that
d8205bb279a7 Initial revision lcp parents: diff changeset	203	instantiates an unknown in the proof state --- thus \ttindex{match_tac}
d8205bb279a7 Initial revision lcp parents: diff changeset	204	must be used, rather than \ttindex{resolve_tac}. Even proof by assumption
d8205bb279a7 Initial revision lcp parents: diff changeset	205	is unsafe if it instantiates unknowns shared with other subgoals --- thus
d8205bb279a7 Initial revision lcp parents: diff changeset	206	\ttindex{eq_assume_tac} must be used, rather than \ttindex{assume_tac}.
d8205bb279a7 Initial revision lcp parents: diff changeset	207
319 f143f7686cd6 penultimate Springer draft lcp parents: 308 diff changeset	208	Classical rule sets belong to the abstract type \mltydx{claset}, which
286 e7efbf03562b first draft of Springer book lcp parents: 104 diff changeset	209	supports the following operations (provided the classical reasoner is
104 d8205bb279a7 Initial revision lcp parents: diff changeset	210	installed!):
d8205bb279a7 Initial revision lcp parents: diff changeset	211	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	212	empty_cs : claset
d8205bb279a7 Initial revision lcp parents: diff changeset	213	addSIs : claset * thm list -> claset \hfill{\bf infix 4}
d8205bb279a7 Initial revision lcp parents: diff changeset	214	addSEs : claset * thm list -> claset \hfill{\bf infix 4}
d8205bb279a7 Initial revision lcp parents: diff changeset	215	addSDs : claset * thm list -> claset \hfill{\bf infix 4}
d8205bb279a7 Initial revision lcp parents: diff changeset	216	addIs : claset * thm list -> claset \hfill{\bf infix 4}
d8205bb279a7 Initial revision lcp parents: diff changeset	217	addEs : claset * thm list -> claset \hfill{\bf infix 4}
d8205bb279a7 Initial revision lcp parents: diff changeset	218	addDs : claset * thm list -> claset \hfill{\bf infix 4}
d8205bb279a7 Initial revision lcp parents: diff changeset	219	print_cs : claset -> unit
d8205bb279a7 Initial revision lcp parents: diff changeset	220	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	221	There are no operations for deletion from a classical set. The add
d8205bb279a7 Initial revision lcp parents: diff changeset	222	operations do not check for repetitions.
308 f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	223	\begin{ttdescription}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	224	\item[\ttindexbold{empty_cs}] is the empty classical set.
d8205bb279a7 Initial revision lcp parents: diff changeset	225
308 f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	226	\item[$cs$ addSIs $rules$] \indexbold{*addSIs}
f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	227	adds safe introduction~$rules$ to~$cs$.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	228
308 f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	229	\item[$cs$ addSEs $rules$] \indexbold{*addSEs}
f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	230	adds safe elimination~$rules$ to~$cs$.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	231
308 f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	232	\item[$cs$ addSDs $rules$] \indexbold{*addSDs}
f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	233	adds safe destruction~$rules$ to~$cs$.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	234
308 f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	235	\item[$cs$ addIs $rules$] \indexbold{*addIs}
f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	236	adds unsafe introduction~$rules$ to~$cs$.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	237
308 f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	238	\item[$cs$ addEs $rules$] \indexbold{*addEs}
f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	239	adds unsafe elimination~$rules$ to~$cs$.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	240
308 f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	241	\item[$cs$ addDs $rules$] \indexbold{*addDs}
f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	242	adds unsafe destruction~$rules$ to~$cs$.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	243
308 f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	244	\item[\ttindexbold{print_cs} $cs$] prints the rules of~$cs$.
f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	245	\end{ttdescription}
f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	246
104 d8205bb279a7 Initial revision lcp parents: diff changeset	247	Introduction rules are those that can be applied using ordinary resolution.
d8205bb279a7 Initial revision lcp parents: diff changeset	248	The classical set automatically generates their swapped forms, which will
d8205bb279a7 Initial revision lcp parents: diff changeset	249	be applied using elim-resolution. Elimination rules are applied using
286 e7efbf03562b first draft of Springer book lcp parents: 104 diff changeset	250	elim-resolution. In a classical set, rules are sorted by the number of new
e7efbf03562b first draft of Springer book lcp parents: 104 diff changeset	251	subgoals they will yield; rules that generate the fewest subgoals will be
e7efbf03562b first draft of Springer book lcp parents: 104 diff changeset	252	tried first (see \S\ref{biresolve_tac}).
104 d8205bb279a7 Initial revision lcp parents: diff changeset	253
d8205bb279a7 Initial revision lcp parents: diff changeset	254	For a given classical set, the proof strategy is simple. Perform as many
d8205bb279a7 Initial revision lcp parents: diff changeset	255	safe inferences as possible; or else, apply certain safe rules, allowing
d8205bb279a7 Initial revision lcp parents: diff changeset	256	instantiation of unknowns; or else, apply an unsafe rule. The tactics may
319 f143f7686cd6 penultimate Springer draft lcp parents: 308 diff changeset	257	also apply {\tt hyp_subst_tac}, if they have been set up to do so (see
104 d8205bb279a7 Initial revision lcp parents: diff changeset	258	below). They may perform a form of Modus Ponens: if there are assumptions
d8205bb279a7 Initial revision lcp parents: diff changeset	259	$P\imp Q$ and~$P$, then replace $P\imp Q$ by~$Q$.
d8205bb279a7 Initial revision lcp parents: diff changeset	260
d8205bb279a7 Initial revision lcp parents: diff changeset	261
d8205bb279a7 Initial revision lcp parents: diff changeset	262	\section{The classical tactics}
319 f143f7686cd6 penultimate Springer draft lcp parents: 308 diff changeset	263	\index{classical reasoner!tactics}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	264	If installed, the classical module provides several tactics (and other
d8205bb279a7 Initial revision lcp parents: diff changeset	265	operations) for simulating the classical sequent calculus.
d8205bb279a7 Initial revision lcp parents: diff changeset	266
332 01b87a921967 final Springer copy lcp parents: 319 diff changeset	267	\subsection{The automatic tactics}
01b87a921967 final Springer copy lcp parents: 319 diff changeset	268	\begin{ttbox}
875 a0b71a4bbe5e documented slow_tac, slow_best_tac, depth_tac, deepen_tac lcp parents: 332 diff changeset	269	fast_tac : claset -> int -> tactic
a0b71a4bbe5e documented slow_tac, slow_best_tac, depth_tac, deepen_tac lcp parents: 332 diff changeset	270	best_tac : claset -> int -> tactic
a0b71a4bbe5e documented slow_tac, slow_best_tac, depth_tac, deepen_tac lcp parents: 332 diff changeset	271	slow_tac : claset -> int -> tactic
a0b71a4bbe5e documented slow_tac, slow_best_tac, depth_tac, deepen_tac lcp parents: 332 diff changeset	272	slow_best_tac : claset -> int -> tactic
332 01b87a921967 final Springer copy lcp parents: 319 diff changeset	273	\end{ttbox}
875 a0b71a4bbe5e documented slow_tac, slow_best_tac, depth_tac, deepen_tac lcp parents: 332 diff changeset	274	These tactics work by applying {\tt step_tac} or {\tt slow_step_tac}
a0b71a4bbe5e documented slow_tac, slow_best_tac, depth_tac, deepen_tac lcp parents: 332 diff changeset	275	repeatedly. Their effect is restricted (by {\tt SELECT_GOAL}) to one subgoal;
a0b71a4bbe5e documented slow_tac, slow_best_tac, depth_tac, deepen_tac lcp parents: 332 diff changeset	276	they either solve this subgoal or fail. The {\tt slow_} versions are more
a0b71a4bbe5e documented slow_tac, slow_best_tac, depth_tac, deepen_tac lcp parents: 332 diff changeset	277	powerful but can be much slower.
a0b71a4bbe5e documented slow_tac, slow_best_tac, depth_tac, deepen_tac lcp parents: 332 diff changeset	278
a0b71a4bbe5e documented slow_tac, slow_best_tac, depth_tac, deepen_tac lcp parents: 332 diff changeset	279	The best-first tactics are guided by a heuristic function: typically, the
a0b71a4bbe5e documented slow_tac, slow_best_tac, depth_tac, deepen_tac lcp parents: 332 diff changeset	280	total size of the proof state. This function is supplied in the functor call
a0b71a4bbe5e documented slow_tac, slow_best_tac, depth_tac, deepen_tac lcp parents: 332 diff changeset	281	that sets up the classical reasoner.
332 01b87a921967 final Springer copy lcp parents: 319 diff changeset	282	\begin{ttdescription}
01b87a921967 final Springer copy lcp parents: 319 diff changeset	283	\item[\ttindexbold{fast_tac} $cs$ $i$] applies {\tt step_tac} using
01b87a921967 final Springer copy lcp parents: 319 diff changeset	284	depth-first search, to solve subgoal~$i$.
01b87a921967 final Springer copy lcp parents: 319 diff changeset	285
01b87a921967 final Springer copy lcp parents: 319 diff changeset	286	\item[\ttindexbold{best_tac} $cs$ $i$] applies {\tt step_tac} using
875 a0b71a4bbe5e documented slow_tac, slow_best_tac, depth_tac, deepen_tac lcp parents: 332 diff changeset	287	best-first search, to solve subgoal~$i$.
a0b71a4bbe5e documented slow_tac, slow_best_tac, depth_tac, deepen_tac lcp parents: 332 diff changeset	288
a0b71a4bbe5e documented slow_tac, slow_best_tac, depth_tac, deepen_tac lcp parents: 332 diff changeset	289	\item[\ttindexbold{slow_tac} $cs$ $i$] applies {\tt slow_step_tac} using
a0b71a4bbe5e documented slow_tac, slow_best_tac, depth_tac, deepen_tac lcp parents: 332 diff changeset	290	depth-first search, to solve subgoal~$i$.
a0b71a4bbe5e documented slow_tac, slow_best_tac, depth_tac, deepen_tac lcp parents: 332 diff changeset	291
a0b71a4bbe5e documented slow_tac, slow_best_tac, depth_tac, deepen_tac lcp parents: 332 diff changeset	292	\item[\ttindexbold{slow_best_tac} $cs$ $i$] applies {\tt slow_step_tac} using
a0b71a4bbe5e documented slow_tac, slow_best_tac, depth_tac, deepen_tac lcp parents: 332 diff changeset	293	best-first search, to solve subgoal~$i$.
a0b71a4bbe5e documented slow_tac, slow_best_tac, depth_tac, deepen_tac lcp parents: 332 diff changeset	294	\end{ttdescription}
a0b71a4bbe5e documented slow_tac, slow_best_tac, depth_tac, deepen_tac lcp parents: 332 diff changeset	295
a0b71a4bbe5e documented slow_tac, slow_best_tac, depth_tac, deepen_tac lcp parents: 332 diff changeset	296
a0b71a4bbe5e documented slow_tac, slow_best_tac, depth_tac, deepen_tac lcp parents: 332 diff changeset	297	\subsection{Depth-limited tactics}
a0b71a4bbe5e documented slow_tac, slow_best_tac, depth_tac, deepen_tac lcp parents: 332 diff changeset	298	\begin{ttbox}
a0b71a4bbe5e documented slow_tac, slow_best_tac, depth_tac, deepen_tac lcp parents: 332 diff changeset	299	depth_tac : claset -> int -> int -> tactic
a0b71a4bbe5e documented slow_tac, slow_best_tac, depth_tac, deepen_tac lcp parents: 332 diff changeset	300	deepen_tac : claset -> int -> int -> tactic
a0b71a4bbe5e documented slow_tac, slow_best_tac, depth_tac, deepen_tac lcp parents: 332 diff changeset	301	\end{ttbox}
a0b71a4bbe5e documented slow_tac, slow_best_tac, depth_tac, deepen_tac lcp parents: 332 diff changeset	302	These work by exhaustive search up to a specified depth. Unsafe rules are
a0b71a4bbe5e documented slow_tac, slow_best_tac, depth_tac, deepen_tac lcp parents: 332 diff changeset	303	modified to preserve the formula they act on, so that it be used repeatedly.
a0b71a4bbe5e documented slow_tac, slow_best_tac, depth_tac, deepen_tac lcp parents: 332 diff changeset	304	They can prove more goals than {\tt fast_tac}, etc., can. They are much
a0b71a4bbe5e documented slow_tac, slow_best_tac, depth_tac, deepen_tac lcp parents: 332 diff changeset	305	slower, for example if the assumptions have many universal quantifiers.
a0b71a4bbe5e documented slow_tac, slow_best_tac, depth_tac, deepen_tac lcp parents: 332 diff changeset	306
a0b71a4bbe5e documented slow_tac, slow_best_tac, depth_tac, deepen_tac lcp parents: 332 diff changeset	307	The depth limits the number of unsafe steps. If you can estimate the minimum
a0b71a4bbe5e documented slow_tac, slow_best_tac, depth_tac, deepen_tac lcp parents: 332 diff changeset	308	number of unsafe steps needed, supply this value as~$m$ to save time.
a0b71a4bbe5e documented slow_tac, slow_best_tac, depth_tac, deepen_tac lcp parents: 332 diff changeset	309	\begin{ttdescription}
a0b71a4bbe5e documented slow_tac, slow_best_tac, depth_tac, deepen_tac lcp parents: 332 diff changeset	310	\item[\ttindexbold{depth_tac} $cs$ $m$ $i$]
a0b71a4bbe5e documented slow_tac, slow_best_tac, depth_tac, deepen_tac lcp parents: 332 diff changeset	311	tries to solve subgoal~$i$ by exhaustive search up to depth~$m$.
a0b71a4bbe5e documented slow_tac, slow_best_tac, depth_tac, deepen_tac lcp parents: 332 diff changeset	312
a0b71a4bbe5e documented slow_tac, slow_best_tac, depth_tac, deepen_tac lcp parents: 332 diff changeset	313	\item[\ttindexbold{deepen_tac} $cs$ $m$ $i$]
a0b71a4bbe5e documented slow_tac, slow_best_tac, depth_tac, deepen_tac lcp parents: 332 diff changeset	314	tries to solve subgoal~$i$ by iterative deepening. It calls {\tt depth_tac}
a0b71a4bbe5e documented slow_tac, slow_best_tac, depth_tac, deepen_tac lcp parents: 332 diff changeset	315	repeatedly with increasing depths, starting with~$m$.
332 01b87a921967 final Springer copy lcp parents: 319 diff changeset	316	\end{ttdescription}
01b87a921967 final Springer copy lcp parents: 319 diff changeset	317
01b87a921967 final Springer copy lcp parents: 319 diff changeset	318
104 d8205bb279a7 Initial revision lcp parents: diff changeset	319	\subsection{Single-step tactics}
d8205bb279a7 Initial revision lcp parents: diff changeset	320	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	321	safe_step_tac : claset -> int -> tactic
d8205bb279a7 Initial revision lcp parents: diff changeset	322	safe_tac : claset -> tactic
d8205bb279a7 Initial revision lcp parents: diff changeset	323	inst_step_tac : claset -> int -> tactic
d8205bb279a7 Initial revision lcp parents: diff changeset	324	step_tac : claset -> int -> tactic
d8205bb279a7 Initial revision lcp parents: diff changeset	325	slow_step_tac : claset -> int -> tactic
d8205bb279a7 Initial revision lcp parents: diff changeset	326	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	327	The automatic proof procedures call these tactics. By calling them
d8205bb279a7 Initial revision lcp parents: diff changeset	328	yourself, you can execute these procedures one step at a time.
308 f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	329	\begin{ttdescription}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	330	\item[\ttindexbold{safe_step_tac} $cs$ $i$] performs a safe step on
319 f143f7686cd6 penultimate Springer draft lcp parents: 308 diff changeset	331	subgoal~$i$. This may include proof by assumption or Modus Ponens (taking
f143f7686cd6 penultimate Springer draft lcp parents: 308 diff changeset	332	care not to instantiate unknowns), or {\tt hyp_subst_tac}.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	333
d8205bb279a7 Initial revision lcp parents: diff changeset	334	\item[\ttindexbold{safe_tac} $cs$] repeatedly performs safe steps on all
d8205bb279a7 Initial revision lcp parents: diff changeset	335	subgoals. It is deterministic, with at most one outcome. If the automatic
d8205bb279a7 Initial revision lcp parents: diff changeset	336	tactics fail, try using {\tt safe_tac} to open up your formula; then you
d8205bb279a7 Initial revision lcp parents: diff changeset	337	can replicate certain quantifiers explicitly by applying appropriate rules.
d8205bb279a7 Initial revision lcp parents: diff changeset	338
d8205bb279a7 Initial revision lcp parents: diff changeset	339	\item[\ttindexbold{inst_step_tac} $cs$ $i$] is like {\tt safe_step_tac},
d8205bb279a7 Initial revision lcp parents: diff changeset	340	but allows unknowns to be instantiated.
d8205bb279a7 Initial revision lcp parents: diff changeset	341
332 01b87a921967 final Springer copy lcp parents: 319 diff changeset	342	\item[\ttindexbold{step_tac} $cs$ $i$] tries {\tt safe_tac}. If this
104 d8205bb279a7 Initial revision lcp parents: diff changeset	343	fails, it tries {\tt inst_step_tac}, or applies an unsafe rule from~$cs$.
d8205bb279a7 Initial revision lcp parents: diff changeset	344	This is the basic step of the proof procedure.
d8205bb279a7 Initial revision lcp parents: diff changeset	345
d8205bb279a7 Initial revision lcp parents: diff changeset	346	\item[\ttindexbold{slow_step_tac}]
d8205bb279a7 Initial revision lcp parents: diff changeset	347	resembles {\tt step_tac}, but allows backtracking between using safe
d8205bb279a7 Initial revision lcp parents: diff changeset	348	rules with instantiation ({\tt inst_step_tac}) and using unsafe rules.
875 a0b71a4bbe5e documented slow_tac, slow_best_tac, depth_tac, deepen_tac lcp parents: 332 diff changeset	349	The resulting search space is larger.
308 f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	350	\end{ttdescription}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	351
d8205bb279a7 Initial revision lcp parents: diff changeset	352
d8205bb279a7 Initial revision lcp parents: diff changeset	353	\subsection{Other useful tactics}
319 f143f7686cd6 penultimate Springer draft lcp parents: 308 diff changeset	354	\index{tactics!for contradiction}
f143f7686cd6 penultimate Springer draft lcp parents: 308 diff changeset	355	\index{tactics!for Modus Ponens}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	356	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	357	contr_tac : int -> tactic
d8205bb279a7 Initial revision lcp parents: diff changeset	358	mp_tac : int -> tactic
d8205bb279a7 Initial revision lcp parents: diff changeset	359	eq_mp_tac : int -> tactic
d8205bb279a7 Initial revision lcp parents: diff changeset	360	swap_res_tac : thm list -> int -> tactic
d8205bb279a7 Initial revision lcp parents: diff changeset	361	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	362	These can be used in the body of a specialized search.
308 f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	363	\begin{ttdescription}
319 f143f7686cd6 penultimate Springer draft lcp parents: 308 diff changeset	364	\item[\ttindexbold{contr_tac} {\it i}]\index{assumptions!contradictory}
f143f7686cd6 penultimate Springer draft lcp parents: 308 diff changeset	365	solves subgoal~$i$ by detecting a contradiction among two assumptions of
f143f7686cd6 penultimate Springer draft lcp parents: 308 diff changeset	366	the form $P$ and~$\neg P$, or fail. It may instantiate unknowns. The
f143f7686cd6 penultimate Springer draft lcp parents: 308 diff changeset	367	tactic can produce multiple outcomes, enumerating all possible
f143f7686cd6 penultimate Springer draft lcp parents: 308 diff changeset	368	contradictions.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	369
d8205bb279a7 Initial revision lcp parents: diff changeset	370	\item[\ttindexbold{mp_tac} {\it i}]
d8205bb279a7 Initial revision lcp parents: diff changeset	371	is like {\tt contr_tac}, but also attempts to perform Modus Ponens in
d8205bb279a7 Initial revision lcp parents: diff changeset	372	subgoal~$i$. If there are assumptions $P\imp Q$ and~$P$, then it replaces
d8205bb279a7 Initial revision lcp parents: diff changeset	373	$P\imp Q$ by~$Q$. It may instantiate unknowns. It fails if it can do
d8205bb279a7 Initial revision lcp parents: diff changeset	374	nothing.
d8205bb279a7 Initial revision lcp parents: diff changeset	375
d8205bb279a7 Initial revision lcp parents: diff changeset	376	\item[\ttindexbold{eq_mp_tac} {\it i}]
d8205bb279a7 Initial revision lcp parents: diff changeset	377	is like {\tt mp_tac} {\it i}, but may not instantiate unknowns --- thus, it
d8205bb279a7 Initial revision lcp parents: diff changeset	378	is safe.
d8205bb279a7 Initial revision lcp parents: diff changeset	379
d8205bb279a7 Initial revision lcp parents: diff changeset	380	\item[\ttindexbold{swap_res_tac} {\it thms} {\it i}] refines subgoal~$i$ of
d8205bb279a7 Initial revision lcp parents: diff changeset	381	the proof state using {\it thms}, which should be a list of introduction
319 f143f7686cd6 penultimate Springer draft lcp parents: 308 diff changeset	382	rules. First, it attempts to solve the goal using {\tt assume_tac} or
104 d8205bb279a7 Initial revision lcp parents: diff changeset	383	{\tt contr_tac}. It then attempts to apply each rule in turn, attempting
d8205bb279a7 Initial revision lcp parents: diff changeset	384	resolution and also elim-resolution with the swapped form.
308 f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	385	\end{ttdescription}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	386
d8205bb279a7 Initial revision lcp parents: diff changeset	387	\subsection{Creating swapped rules}
d8205bb279a7 Initial revision lcp parents: diff changeset	388	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	389	swapify : thm list -> thm list
d8205bb279a7 Initial revision lcp parents: diff changeset	390	joinrules : thm list * thm list -> (bool * thm) list
d8205bb279a7 Initial revision lcp parents: diff changeset	391	\end{ttbox}
308 f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	392	\begin{ttdescription}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	393	\item[\ttindexbold{swapify} {\it thms}] returns a list consisting of the
d8205bb279a7 Initial revision lcp parents: diff changeset	394	swapped versions of~{\it thms}, regarded as introduction rules.
d8205bb279a7 Initial revision lcp parents: diff changeset	395
308 f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	396	\item[\ttindexbold{joinrules} ({\it intrs}, {\it elims})]
104 d8205bb279a7 Initial revision lcp parents: diff changeset	397	joins introduction rules, their swapped versions, and elimination rules for
d8205bb279a7 Initial revision lcp parents: diff changeset	398	use with \ttindex{biresolve_tac}. Each rule is paired with~{\tt false}
d8205bb279a7 Initial revision lcp parents: diff changeset	399	(indicating ordinary resolution) or~{\tt true} (indicating
d8205bb279a7 Initial revision lcp parents: diff changeset	400	elim-resolution).
308 f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	401	\end{ttdescription}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	402
d8205bb279a7 Initial revision lcp parents: diff changeset	403
286 e7efbf03562b first draft of Springer book lcp parents: 104 diff changeset	404	\section{Setting up the classical reasoner}
319 f143f7686cd6 penultimate Springer draft lcp parents: 308 diff changeset	405	\index{classical reasoner!setting up}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	406	Isabelle's classical object-logics, including {\tt FOL} and {\tt HOL}, have
286 e7efbf03562b first draft of Springer book lcp parents: 104 diff changeset	407	the classical reasoner already set up. When defining a new classical logic,
e7efbf03562b first draft of Springer book lcp parents: 104 diff changeset	408	you should set up the reasoner yourself. It consists of the \ML{} functor
104 d8205bb279a7 Initial revision lcp parents: diff changeset	409	\ttindex{ClassicalFun}, which takes the argument
319 f143f7686cd6 penultimate Springer draft lcp parents: 308 diff changeset	410	signature {\tt CLASSICAL_DATA}:
104 d8205bb279a7 Initial revision lcp parents: diff changeset	411	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	412	signature CLASSICAL_DATA =
d8205bb279a7 Initial revision lcp parents: diff changeset	413	sig
d8205bb279a7 Initial revision lcp parents: diff changeset	414	val mp : thm
d8205bb279a7 Initial revision lcp parents: diff changeset	415	val not_elim : thm
d8205bb279a7 Initial revision lcp parents: diff changeset	416	val swap : thm
d8205bb279a7 Initial revision lcp parents: diff changeset	417	val sizef : thm -> int
d8205bb279a7 Initial revision lcp parents: diff changeset	418	val hyp_subst_tacs : (int -> tactic) list
d8205bb279a7 Initial revision lcp parents: diff changeset	419	end;
d8205bb279a7 Initial revision lcp parents: diff changeset	420	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	421	Thus, the functor requires the following items:
308 f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	422	\begin{ttdescription}
319 f143f7686cd6 penultimate Springer draft lcp parents: 308 diff changeset	423	\item[\tdxbold{mp}] should be the Modus Ponens rule
104 d8205bb279a7 Initial revision lcp parents: diff changeset	424	$\List{\Var{P}\imp\Var{Q};\; \Var{P}} \Imp \Var{Q}$.
d8205bb279a7 Initial revision lcp parents: diff changeset	425
319 f143f7686cd6 penultimate Springer draft lcp parents: 308 diff changeset	426	\item[\tdxbold{not_elim}] should be the contradiction rule
104 d8205bb279a7 Initial revision lcp parents: diff changeset	427	$\List{\neg\Var{P};\; \Var{P}} \Imp \Var{R}$.
d8205bb279a7 Initial revision lcp parents: diff changeset	428
319 f143f7686cd6 penultimate Springer draft lcp parents: 308 diff changeset	429	\item[\tdxbold{swap}] should be the swap rule
104 d8205bb279a7 Initial revision lcp parents: diff changeset	430	$\List{\neg \Var{P}; \; \neg \Var{R}\Imp \Var{P}} \Imp \Var{R}$.
d8205bb279a7 Initial revision lcp parents: diff changeset	431
d8205bb279a7 Initial revision lcp parents: diff changeset	432	\item[\ttindexbold{sizef}] is the heuristic function used for best-first
d8205bb279a7 Initial revision lcp parents: diff changeset	433	search. It should estimate the size of the remaining subgoals. A good
d8205bb279a7 Initial revision lcp parents: diff changeset	434	heuristic function is \ttindex{size_of_thm}, which measures the size of the
d8205bb279a7 Initial revision lcp parents: diff changeset	435	proof state. Another size function might ignore certain subgoals (say,
d8205bb279a7 Initial revision lcp parents: diff changeset	436	those concerned with type checking). A heuristic function might simply
d8205bb279a7 Initial revision lcp parents: diff changeset	437	count the subgoals.
d8205bb279a7 Initial revision lcp parents: diff changeset	438
319 f143f7686cd6 penultimate Springer draft lcp parents: 308 diff changeset	439	\item[\ttindexbold{hyp_subst_tacs}] is a list of tactics for substitution in
104 d8205bb279a7 Initial revision lcp parents: diff changeset	440	the hypotheses, typically created by \ttindex{HypsubstFun} (see
d8205bb279a7 Initial revision lcp parents: diff changeset	441	Chapter~\ref{substitution}). This list can, of course, be empty. The
d8205bb279a7 Initial revision lcp parents: diff changeset	442	tactics are assumed to be safe!
308 f4cecad9b6a0 modifications towards final draft lcp parents: 286 diff changeset	443	\end{ttdescription}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	444	The functor is not at all sensitive to the formalization of the
d8205bb279a7 Initial revision lcp parents: diff changeset	445	object-logic. It does not even examine the rules, but merely applies them
d8205bb279a7 Initial revision lcp parents: diff changeset	446	according to its fixed strategy. The functor resides in {\tt
319 f143f7686cd6 penultimate Springer draft lcp parents: 308 diff changeset	447	Provers/classical.ML} in the Isabelle distribution directory.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	448
319 f143f7686cd6 penultimate Springer draft lcp parents: 308 diff changeset	449	\index{classical reasoner\|)}

author	lcp
	Tue, 24 Jan 1995 03:03:19 +0100
changeset 875	a0b71a4bbe5e
parent 332	01b87a921967
child 1099	f4335b56f772
permissions	-rw-r--r--