isabelle: doc-src/Logics/LK.tex@ac9b58304d62 (annotated)

104 d8205bb279a7 Initial revision lcp parents: diff changeset	1	%% $Id$
291 a615050a7494 first draft of Springer volume lcp parents: 264 diff changeset	2	\chapter{First-Order Sequent Calculus}
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	3	\index{sequent calculus\|(}
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	4
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	5	The theory~\thydx{LK} implements classical first-order logic through
104 d8205bb279a7 Initial revision lcp parents: diff changeset	6	Gentzen's sequent calculus (see Gallier~\cite{gallier86} or
d8205bb279a7 Initial revision lcp parents: diff changeset	7	Takeuti~\cite{takeuti87}). Resembling the method of semantic tableaux, the
d8205bb279a7 Initial revision lcp parents: diff changeset	8	calculus is well suited for backwards proof. Assertions have the form
d8205bb279a7 Initial revision lcp parents: diff changeset	9	$\Gamma\turn \Delta$, where $\Gamma$ and $\Delta$ are lists of
d8205bb279a7 Initial revision lcp parents: diff changeset	10	formulae. Associative unification, simulated by higher-order unification,
d8205bb279a7 Initial revision lcp parents: diff changeset	11	handles lists.
d8205bb279a7 Initial revision lcp parents: diff changeset	12
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	13	The logic is many-sorted, using Isabelle's type classes. The class of
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	14	first-order terms is called \cldx{term}. No types of individuals are
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	15	provided, but extensions can define types such as {\tt nat::term} and type
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	16	constructors such as {\tt list::(term)term}. Below, the type variable
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	17	$\alpha$ ranges over class {\tt term}; the equality symbol and quantifiers
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	18	are polymorphic (many-sorted). The type of formulae is~\tydx{o}, which
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	19	belongs to class {\tt logic}.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	20
d8205bb279a7 Initial revision lcp parents: diff changeset	21	No generic packages are instantiated, since Isabelle does not provide
d8205bb279a7 Initial revision lcp parents: diff changeset	22	packages for sequent calculi at present. \LK{} implements a classical
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	23	logic theorem prover that is as powerful as the generic classical reasoner,
104 d8205bb279a7 Initial revision lcp parents: diff changeset	24	except that it does not perform equality reasoning.
d8205bb279a7 Initial revision lcp parents: diff changeset	25
d8205bb279a7 Initial revision lcp parents: diff changeset	26
d8205bb279a7 Initial revision lcp parents: diff changeset	27	\begin{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	28	\begin{center}
d8205bb279a7 Initial revision lcp parents: diff changeset	29	\begin{tabular}{rrr}
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	30	\it name &\it meta-type & \it description \\
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	31	\cdx{Trueprop}& $[sobj\To sobj, sobj\To sobj]\To prop$ & coercion to $prop$\\
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	32	\cdx{Seqof} & $[o,sobj]\To sobj$ & singleton sequence \\
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	33	\cdx{Not} & $o\To o$ & negation ($\neg$) \\
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	34	\cdx{True} & $o$ & tautology ($\top$) \\
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	35	\cdx{False} & $o$ & absurdity ($\bot$)
104 d8205bb279a7 Initial revision lcp parents: diff changeset	36	\end{tabular}
d8205bb279a7 Initial revision lcp parents: diff changeset	37	\end{center}
d8205bb279a7 Initial revision lcp parents: diff changeset	38	\subcaption{Constants}
d8205bb279a7 Initial revision lcp parents: diff changeset	39
d8205bb279a7 Initial revision lcp parents: diff changeset	40	\begin{center}
d8205bb279a7 Initial revision lcp parents: diff changeset	41	\begin{tabular}{llrrr}
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	42	\it symbol &\it name &\it meta-type & \it priority & \it description \\
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	43	\sdx{ALL} & \cdx{All} & $(\alpha\To o)\To o$ & 10 &
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	44	universal quantifier ($\forall$) \\
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	45	\sdx{EX} & \cdx{Ex} & $(\alpha\To o)\To o$ & 10 &
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	46	existential quantifier ($\exists$) \\
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	47	\sdx{THE} & \cdx{The} & $(\alpha\To o)\To \alpha$ & 10 &
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	48	definite description ($\iota$)
104 d8205bb279a7 Initial revision lcp parents: diff changeset	49	\end{tabular}
d8205bb279a7 Initial revision lcp parents: diff changeset	50	\end{center}
d8205bb279a7 Initial revision lcp parents: diff changeset	51	\subcaption{Binders}
d8205bb279a7 Initial revision lcp parents: diff changeset	52
d8205bb279a7 Initial revision lcp parents: diff changeset	53	\begin{center}
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	54	\index{*"= symbol}
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	55	\index{&@{\tt\&} symbol}
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	56	\index{*"\| symbol}
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	57	\index{*"-"-"> symbol}
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	58	\index{*"<"-"> symbol}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	59	\begin{tabular}{rrrr}
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	60	\it symbol & \it meta-type & \it priority & \it description \\
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	61	\tt = & $[\alpha,\alpha]\To o$ & Left 50 & equality ($=$) \\
104 d8205bb279a7 Initial revision lcp parents: diff changeset	62	\tt \& & $[o,o]\To o$ & Right 35 & conjunction ($\conj$) \\
d8205bb279a7 Initial revision lcp parents: diff changeset	63	\tt \| & $[o,o]\To o$ & Right 30 & disjunction ($\disj$) \\
d8205bb279a7 Initial revision lcp parents: diff changeset	64	\tt --> & $[o,o]\To o$ & Right 25 & implication ($\imp$) \\
d8205bb279a7 Initial revision lcp parents: diff changeset	65	\tt <-> & $[o,o]\To o$ & Right 25 & biconditional ($\bimp$)
d8205bb279a7 Initial revision lcp parents: diff changeset	66	\end{tabular}
d8205bb279a7 Initial revision lcp parents: diff changeset	67	\end{center}
d8205bb279a7 Initial revision lcp parents: diff changeset	68	\subcaption{Infixes}
d8205bb279a7 Initial revision lcp parents: diff changeset	69
d8205bb279a7 Initial revision lcp parents: diff changeset	70	\begin{center}
d8205bb279a7 Initial revision lcp parents: diff changeset	71	\begin{tabular}{rrr}
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	72	\it external & \it internal & \it description \\
104 d8205bb279a7 Initial revision lcp parents: diff changeset	73	\tt $\Gamma$ \|- $\Delta$ & \tt Trueprop($\Gamma$, $\Delta$) &
d8205bb279a7 Initial revision lcp parents: diff changeset	74	sequent $\Gamma\turn \Delta$
d8205bb279a7 Initial revision lcp parents: diff changeset	75	\end{tabular}
d8205bb279a7 Initial revision lcp parents: diff changeset	76	\end{center}
d8205bb279a7 Initial revision lcp parents: diff changeset	77	\subcaption{Translations}
d8205bb279a7 Initial revision lcp parents: diff changeset	78	\caption{Syntax of {\tt LK}} \label{lk-syntax}
d8205bb279a7 Initial revision lcp parents: diff changeset	79	\end{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	80
d8205bb279a7 Initial revision lcp parents: diff changeset	81
d8205bb279a7 Initial revision lcp parents: diff changeset	82	\begin{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	83	\dquotes
d8205bb279a7 Initial revision lcp parents: diff changeset	84	\[\begin{array}{rcl}
d8205bb279a7 Initial revision lcp parents: diff changeset	85	prop & = & sequence " \|- " sequence
d8205bb279a7 Initial revision lcp parents: diff changeset	86	\\[2ex]
d8205bb279a7 Initial revision lcp parents: diff changeset	87	sequence & = & elem \quad (", " elem)^* \\
d8205bb279a7 Initial revision lcp parents: diff changeset	88	& \| & empty
d8205bb279a7 Initial revision lcp parents: diff changeset	89	\\[2ex]
d8205bb279a7 Initial revision lcp parents: diff changeset	90	elem & = & "\$ " id \\
d8205bb279a7 Initial revision lcp parents: diff changeset	91	& \| & "\$ " var \\
d8205bb279a7 Initial revision lcp parents: diff changeset	92	& \| & formula
d8205bb279a7 Initial revision lcp parents: diff changeset	93	\\[2ex]
d8205bb279a7 Initial revision lcp parents: diff changeset	94	formula & = & \hbox{expression of type~$o$} \\
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	95	& \| & term " = " term \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	96	& \| & "\ttilde\ " formula \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	97	& \| & formula " \& " formula \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	98	& \| & formula " \| " formula \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	99	& \| & formula " --> " formula \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	100	& \| & formula " <-> " formula \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	101	& \| & "ALL~" id~id^* " . " formula \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	102	& \| & "EX~~" id~id^* " . " formula \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	103	& \| & "THE~" id~ " . " formula
104 d8205bb279a7 Initial revision lcp parents: diff changeset	104	\end{array}
d8205bb279a7 Initial revision lcp parents: diff changeset	105	\]
d8205bb279a7 Initial revision lcp parents: diff changeset	106	\caption{Grammar of {\tt LK}} \label{lk-grammar}
d8205bb279a7 Initial revision lcp parents: diff changeset	107	\end{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	108
d8205bb279a7 Initial revision lcp parents: diff changeset	109
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	110	\section{Unification for lists}
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	111	Higher-order unification includes associative unification as a special
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	112	case, by an encoding that involves function composition
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	113	\cite[page~37]{huet78}. To represent lists, let $C$ be a new constant.
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	114	The empty list is $\lambda x.x$, while $[t@1,t@2,\ldots,t@n]$ is
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	115	represented by
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	116	\[ \lambda x.C(t@1,C(t@2,\ldots,C(t@n,x))). \]
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	117	The unifiers of this with $\lambda x.\Var{f}(\Var{g}(x))$ give all the ways
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	118	of expressing $[t@1,t@2,\ldots,t@n]$ as the concatenation of two lists.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	119
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	120	Unlike orthodox associative unification, this technique can represent certain
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	121	infinite sets of unifiers by flex-flex equations. But note that the term
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	122	$\lambda x.C(t,\Var{a})$ does not represent any list. Flex-flex constraints
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	123	containing such garbage terms may accumulate during a proof.
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	124	\index{flex-flex constraints}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	125
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	126	This technique lets Isabelle formalize sequent calculus rules,
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	127	where the comma is the associative operator:
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	128	\[ \infer[(\conj\hbox{-left})]
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	129	{\Gamma,P\conj Q,\Delta \turn \Theta}
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	130	{\Gamma,P,Q,\Delta \turn \Theta} \]
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	131	Multiple unifiers occur whenever this is resolved against a goal containing
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	132	more than one conjunction on the left.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	133
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	134	\LK{} exploits this representation of lists. As an alternative, the
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	135	sequent calculus can be formalized using an ordinary representation of
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	136	lists, with a logic program for removing a formula from a list. Amy Felty
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	137	has applied this technique using the language $\lambda$Prolog~\cite{felty91a}.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	138
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	139	Explicit formalization of sequents can be tiresome. But it gives precise
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	140	control over contraction and weakening, and is essential to handle relevant
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	141	and linear logics.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	142
d8205bb279a7 Initial revision lcp parents: diff changeset	143
d8205bb279a7 Initial revision lcp parents: diff changeset	144	\begin{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	145	\begin{ttbox}
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	146	\tdx{basic} $H, P, $G \|- $E, P, $F
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	147	\tdx{thinR} $H \|- $E, $F ==> $H \|- $E, P, $F
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	148	\tdx{thinL} $H, $G \|- $E ==> $H, P, $G \|- $E
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	149	\tdx{cut} [\| $H \|- $E, P; $H, P \|- $E \|] ==> $H \|- $E
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	150	\subcaption{Structural rules}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	151
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	152	\tdx{refl} $H \|- $E, a=a, $F
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	153	\tdx{sym} $H \|- $E, a=b, $F ==> $H \|- $E, b=a, $F
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	154	\tdx{trans} [\| $H\|- $E, a=b, $F; $H\|- $E, b=c, $F \|] ==>
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	155	$H\|- $E, a=c, $F
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	156	\subcaption{Equality rules}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	157
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	158	\tdx{True_def} True == False-->False
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	159	\tdx{iff_def} P<->Q == (P-->Q) & (Q-->P)
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	160
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	161	\tdx{conjR} [\| $H\|- $E, P, $F; $H\|- $E, Q, $F \|] ==> $H\|- $E, P&Q, $F
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	162	\tdx{conjL} $H, P, Q, $G \|- $E ==> $H, P & Q, $G \|- $E
104 d8205bb279a7 Initial revision lcp parents: diff changeset	163
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	164	\tdx{disjR} $H \|- $E, P, Q, $F ==> $H \|- $E, P\|Q, $F
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	165	\tdx{disjL} [\| $H, P, $G \|- $E; $H, Q, $G \|- $E \|] ==> $H, P\|Q, $G \|- $E
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	166
841 14b96e3bd4ab fixed minor typos; wenzelm parents: 333 diff changeset	167	\tdx{impR} $H, P \|- $E, Q, $F ==> $H \|- $E, P-->Q, $F
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	168	\tdx{impL} [\| $H,$G \|- $E,P; $H, Q, $G \|- $E \|] ==> $H, P-->Q, $G \|- $E
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	169
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	170	\tdx{notR} $H, P \|- $E, $F ==> $H \|- $E, ~P, $F
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	171	\tdx{notL} $H, $G \|- $E, P ==> $H, ~P, $G \|- $E
104 d8205bb279a7 Initial revision lcp parents: diff changeset	172
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	173	\tdx{FalseL} $H, False, $G \|- $E
104 d8205bb279a7 Initial revision lcp parents: diff changeset	174
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	175	\tdx{allR} (!!x.$H\|- $E, P(x), $F) ==> $H\|- $E, ALL x.P(x), $F
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	176	\tdx{allL} $H, P(x), $G, ALL x.P(x) \|- $E ==> $H, ALL x.P(x), $G\|- $E
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	177
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	178	\tdx{exR} $H\|- $E, P(x), $F, EX x.P(x) ==> $H\|- $E, EX x.P(x), $F
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	179	\tdx{exL} (!!x.$H, P(x), $G\|- $E) ==> $H, EX x.P(x), $G\|- $E
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	180
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	181	\tdx{The} [\| $H \|- $E, P(a), $F; !!x.$H, P(x) \|- $E, x=a, $F \|] ==>
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	182	$H \|- $E, P(THE x.P(x)), $F
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	183	\subcaption{Logical rules}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	184	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	185
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	186	\caption{Rules of {\tt LK}} \label{lk-rules}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	187	\end{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	188
d8205bb279a7 Initial revision lcp parents: diff changeset	189
d8205bb279a7 Initial revision lcp parents: diff changeset	190	\section{Syntax and rules of inference}
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	191	\index{*sobj type}
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	192
104 d8205bb279a7 Initial revision lcp parents: diff changeset	193	Figure~\ref{lk-syntax} gives the syntax for {\tt LK}, which is complicated
d8205bb279a7 Initial revision lcp parents: diff changeset	194	by the representation of sequents. Type $sobj\To sobj$ represents a list
d8205bb279a7 Initial revision lcp parents: diff changeset	195	of formulae.
d8205bb279a7 Initial revision lcp parents: diff changeset	196
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	197	The {\bf definite description} operator~$\iota x.P[x]$ stands for some~$a$
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	198	satisfying~$P[a]$, if one exists and is unique. Since all terms in \LK{}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	199	denote something, a description is always meaningful, but we do not know
d8205bb279a7 Initial revision lcp parents: diff changeset	200	its value unless $P[x]$ defines it uniquely. The Isabelle notation is
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	201	\hbox{\tt THE $x$.$P[x]$}. The corresponding rule (Fig.\ts\ref{lk-rules})
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	202	does not entail the Axiom of Choice because it requires uniqueness.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	203
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	204	Figure~\ref{lk-grammar} presents the grammar of \LK. Traditionally,
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	205	$\Gamma$ and $\Delta$ are meta-variables for sequences. In Isabelle's
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	206	notation, the prefix~\verb\|$\| on a variable makes it range over sequences.
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	207	In a sequent, anything not prefixed by \verb\|$\| is taken as a formula.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	208
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	209	Figure~\ref{lk-rules} presents the rules of theory \thydx{LK}. The
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	210	connective $\bimp$ is defined using $\conj$ and $\imp$. The axiom for
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	211	basic sequents is expressed in a form that provides automatic thinning:
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	212	redundant formulae are simply ignored. The other rules are expressed in
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	213	the form most suitable for backward proof --- they do not require exchange
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	214	or contraction rules. The contraction rules are actually derivable (via
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	215	cut) in this formulation.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	216
d8205bb279a7 Initial revision lcp parents: diff changeset	217	Figure~\ref{lk-derived} presents derived rules, including rules for
d8205bb279a7 Initial revision lcp parents: diff changeset	218	$\bimp$. The weakened quantifier rules discard each quantification after a
d8205bb279a7 Initial revision lcp parents: diff changeset	219	single use; in an automatic proof procedure, they guarantee termination,
d8205bb279a7 Initial revision lcp parents: diff changeset	220	but are incomplete. Multiple use of a quantifier can be obtained by a
d8205bb279a7 Initial revision lcp parents: diff changeset	221	contraction rule, which in backward proof duplicates a formula. The tactic
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	222	{\tt res_inst_tac} can instantiate the variable~{\tt?P} in these rules,
104 d8205bb279a7 Initial revision lcp parents: diff changeset	223	specifying the formula to duplicate.
d8205bb279a7 Initial revision lcp parents: diff changeset	224
333 2ca08f62df33 final Springer copy lcp parents: 316 diff changeset	225	See the files {\tt LK/LK.thy} and {\tt LK/LK.ML}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	226	for complete listings of the rules and derived rules.
d8205bb279a7 Initial revision lcp parents: diff changeset	227
d8205bb279a7 Initial revision lcp parents: diff changeset	228
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	229	\begin{figure}
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	230	\begin{ttbox}
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	231	\tdx{conR} $H \|- $E, P, $F, P ==> $H \|- $E, P, $F
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	232	\tdx{conL} $H, P, $G, P \|- $E ==> $H, P, $G \|- $E
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	233
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	234	\tdx{symL} $H, $G, B = A \|- $E ==> $H, A = B, $G \|- $E
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	235
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	236	\tdx{TrueR} $H \|- $E, True, $F
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	237
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	238	\tdx{iffR} [\| $H, P \|- $E, Q, $F; $H, Q \|- $E, P, $F \|] ==>
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	239	$H \|- $E, P<->Q, $F
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	240
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	241	\tdx{iffL} [\| $H, $G \|- $E, P, Q; $H, Q, P, $G \|- $E \|] ==>
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	242	$H, P<->Q, $G \|- $E
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	243
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	244	\tdx{allL_thin} $H, P(x), $G \|- $E ==> $H, ALL x.P(x), $G \|- $E
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	245	\tdx{exR_thin} $H \|- $E, P(x), $F ==> $H \|- $E, EX x.P(x), $F
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	246	\end{ttbox}
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	247
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	248	\caption{Derived rules for {\tt LK}} \label{lk-derived}
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	249	\end{figure}
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	250
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	251
104 d8205bb279a7 Initial revision lcp parents: diff changeset	252	\section{Tactics for the cut rule}
d8205bb279a7 Initial revision lcp parents: diff changeset	253	According to the cut-elimination theorem, the cut rule can be eliminated
d8205bb279a7 Initial revision lcp parents: diff changeset	254	from proofs of sequents. But the rule is still essential. It can be used
d8205bb279a7 Initial revision lcp parents: diff changeset	255	to structure a proof into lemmas, avoiding repeated proofs of the same
d8205bb279a7 Initial revision lcp parents: diff changeset	256	formula. More importantly, the cut rule can not be eliminated from
d8205bb279a7 Initial revision lcp parents: diff changeset	257	derivations of rules. For example, there is a trivial cut-free proof of
d8205bb279a7 Initial revision lcp parents: diff changeset	258	the sequent $P\conj Q\turn Q\conj P$.
d8205bb279a7 Initial revision lcp parents: diff changeset	259	Noting this, we might want to derive a rule for swapping the conjuncts
d8205bb279a7 Initial revision lcp parents: diff changeset	260	in a right-hand formula:
d8205bb279a7 Initial revision lcp parents: diff changeset	261	\[ \Gamma\turn \Delta, P\conj Q\over \Gamma\turn \Delta, Q\conj P \]
d8205bb279a7 Initial revision lcp parents: diff changeset	262	The cut rule must be used, for $P\conj Q$ is not a subformula of $Q\conj
d8205bb279a7 Initial revision lcp parents: diff changeset	263	P$. Most cuts directly involve a premise of the rule being derived (a
d8205bb279a7 Initial revision lcp parents: diff changeset	264	meta-assumption). In a few cases, the cut formula is not part of any
d8205bb279a7 Initial revision lcp parents: diff changeset	265	premise, but serves as a bridge between the premises and the conclusion.
d8205bb279a7 Initial revision lcp parents: diff changeset	266	In such proofs, the cut formula is specified by calling an appropriate
d8205bb279a7 Initial revision lcp parents: diff changeset	267	tactic.
d8205bb279a7 Initial revision lcp parents: diff changeset	268
d8205bb279a7 Initial revision lcp parents: diff changeset	269	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	270	cutR_tac : string -> int -> tactic
d8205bb279a7 Initial revision lcp parents: diff changeset	271	cutL_tac : string -> int -> tactic
d8205bb279a7 Initial revision lcp parents: diff changeset	272	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	273	These tactics refine a subgoal into two by applying the cut rule. The cut
d8205bb279a7 Initial revision lcp parents: diff changeset	274	formula is given as a string, and replaces some other formula in the sequent.
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	275	\begin{ttdescription}
264 ca6eb7e6e94f correction to cut tactics lcp parents: 111 diff changeset	276	\item[\ttindexbold{cutR_tac} {\it P\/} {\it i}]
104 d8205bb279a7 Initial revision lcp parents: diff changeset	277	reads an \LK{} formula~$P$, and applies the cut rule to subgoal~$i$. It
d8205bb279a7 Initial revision lcp parents: diff changeset	278	then deletes some formula from the right side of subgoal~$i$, replacing
d8205bb279a7 Initial revision lcp parents: diff changeset	279	that formula by~$P$.
d8205bb279a7 Initial revision lcp parents: diff changeset	280
264 ca6eb7e6e94f correction to cut tactics lcp parents: 111 diff changeset	281	\item[\ttindexbold{cutL_tac} {\it P\/} {\it i}]
104 d8205bb279a7 Initial revision lcp parents: diff changeset	282	reads an \LK{} formula~$P$, and applies the cut rule to subgoal~$i$. It
291 a615050a7494 first draft of Springer volume lcp parents: 264 diff changeset	283	then deletes some formula from the left side of the new subgoal $i+1$,
104 d8205bb279a7 Initial revision lcp parents: diff changeset	284	replacing that formula by~$P$.
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	285	\end{ttdescription}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	286	All the structural rules --- cut, contraction, and thinning --- can be
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	287	applied to particular formulae using {\tt res_inst_tac}.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	288
d8205bb279a7 Initial revision lcp parents: diff changeset	289
d8205bb279a7 Initial revision lcp parents: diff changeset	290	\section{Tactics for sequents}
d8205bb279a7 Initial revision lcp parents: diff changeset	291	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	292	forms_of_seq : term -> term list
d8205bb279a7 Initial revision lcp parents: diff changeset	293	could_res : term * term -> bool
d8205bb279a7 Initial revision lcp parents: diff changeset	294	could_resolve_seq : term * term -> bool
d8205bb279a7 Initial revision lcp parents: diff changeset	295	filseq_resolve_tac : thm list -> int -> int -> tactic
d8205bb279a7 Initial revision lcp parents: diff changeset	296	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	297	Associative unification is not as efficient as it might be, in part because
d8205bb279a7 Initial revision lcp parents: diff changeset	298	the representation of lists defeats some of Isabelle's internal
333 2ca08f62df33 final Springer copy lcp parents: 316 diff changeset	299	optimisations. The following operations implement faster rule application,
104 d8205bb279a7 Initial revision lcp parents: diff changeset	300	and may have other uses.
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	301	\begin{ttdescription}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	302	\item[\ttindexbold{forms_of_seq} {\it t}]
d8205bb279a7 Initial revision lcp parents: diff changeset	303	returns the list of all formulae in the sequent~$t$, removing sequence
d8205bb279a7 Initial revision lcp parents: diff changeset	304	variables.
d8205bb279a7 Initial revision lcp parents: diff changeset	305
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	306	\item[\ttindexbold{could_res} ($t$,$u$)]
104 d8205bb279a7 Initial revision lcp parents: diff changeset	307	tests whether two formula lists could be resolved. List $t$ is from a
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	308	premise or subgoal, while $u$ is from the conclusion of an object-rule.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	309	Assuming that each formula in $u$ is surrounded by sequence variables, it
d8205bb279a7 Initial revision lcp parents: diff changeset	310	checks that each conclusion formula is unifiable (using {\tt could_unify})
d8205bb279a7 Initial revision lcp parents: diff changeset	311	with some subgoal formula.
d8205bb279a7 Initial revision lcp parents: diff changeset	312
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	313	\item[\ttindexbold{could_resolve_seq} ($t$,$u$)]
291 a615050a7494 first draft of Springer volume lcp parents: 264 diff changeset	314	tests whether two sequents could be resolved. Sequent $t$ is a premise
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	315	or subgoal, while $u$ is the conclusion of an object-rule. It simply
291 a615050a7494 first draft of Springer volume lcp parents: 264 diff changeset	316	calls {\tt could_res} twice to check that both the left and the right
a615050a7494 first draft of Springer volume lcp parents: 264 diff changeset	317	sides of the sequents are compatible.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	318
d8205bb279a7 Initial revision lcp parents: diff changeset	319	\item[\ttindexbold{filseq_resolve_tac} {\it thms} {\it maxr} {\it i}]
d8205bb279a7 Initial revision lcp parents: diff changeset	320	uses {\tt filter_thms could_resolve} to extract the {\it thms} that are
d8205bb279a7 Initial revision lcp parents: diff changeset	321	applicable to subgoal~$i$. If more than {\it maxr\/} theorems are
d8205bb279a7 Initial revision lcp parents: diff changeset	322	applicable then the tactic fails. Otherwise it calls {\tt resolve_tac}.
d8205bb279a7 Initial revision lcp parents: diff changeset	323	Thus, it is the sequent calculus analogue of \ttindex{filt_resolve_tac}.
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	324	\end{ttdescription}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	325
d8205bb279a7 Initial revision lcp parents: diff changeset	326
d8205bb279a7 Initial revision lcp parents: diff changeset	327
d8205bb279a7 Initial revision lcp parents: diff changeset	328	\section{Packaging sequent rules}
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	329	Section~\ref{sec:safe} described the distinction between safe and unsafe
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	330	rules. An unsafe rule may reduce a provable goal to an unprovable set of
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	331	subgoals, and should only be used as a last resort. Typical examples are
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	332	the weakened quantifier rules {\tt allL_thin} and {\tt exR_thin}.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	333
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	334	A {\bf pack} is a pair whose first component is a list of safe rules and
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	335	whose second is a list of unsafe rules. Packs can be extended in an
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	336	obvious way to allow reasoning with various collections of rules. For
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	337	clarity, \LK{} declares \mltydx{pack} as an \ML{} datatype, although is
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	338	essentially a type synonym:
104 d8205bb279a7 Initial revision lcp parents: diff changeset	339	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	340	datatype pack = Pack of thm list * thm list;
d8205bb279a7 Initial revision lcp parents: diff changeset	341	\end{ttbox}
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	342	Pattern-matching using constructor {\tt Pack} can inspect a pack's
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	343	contents. Packs support the following operations:
104 d8205bb279a7 Initial revision lcp parents: diff changeset	344	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	345	empty_pack : pack
d8205bb279a7 Initial revision lcp parents: diff changeset	346	prop_pack : pack
d8205bb279a7 Initial revision lcp parents: diff changeset	347	LK_pack : pack
d8205bb279a7 Initial revision lcp parents: diff changeset	348	LK_dup_pack : pack
d8205bb279a7 Initial revision lcp parents: diff changeset	349	add_safes : pack * thm list -> pack \hfill{\bf infix 4}
d8205bb279a7 Initial revision lcp parents: diff changeset	350	add_unsafes : pack * thm list -> pack \hfill{\bf infix 4}
d8205bb279a7 Initial revision lcp parents: diff changeset	351	\end{ttbox}
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	352	\begin{ttdescription}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	353	\item[\ttindexbold{empty_pack}] is the empty pack.
d8205bb279a7 Initial revision lcp parents: diff changeset	354
d8205bb279a7 Initial revision lcp parents: diff changeset	355	\item[\ttindexbold{prop_pack}] contains the propositional rules, namely
d8205bb279a7 Initial revision lcp parents: diff changeset	356	those for $\conj$, $\disj$, $\neg$, $\imp$ and~$\bimp$, along with the
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	357	rules {\tt basic} and {\tt refl}. These are all safe.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	358
d8205bb279a7 Initial revision lcp parents: diff changeset	359	\item[\ttindexbold{LK_pack}]
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	360	extends {\tt prop_pack} with the safe rules {\tt allR}
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	361	and~{\tt exL} and the unsafe rules {\tt allL_thin} and
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	362	{\tt exR_thin}. Search using this is incomplete since quantified
104 d8205bb279a7 Initial revision lcp parents: diff changeset	363	formulae are used at most once.
d8205bb279a7 Initial revision lcp parents: diff changeset	364
d8205bb279a7 Initial revision lcp parents: diff changeset	365	\item[\ttindexbold{LK_dup_pack}]
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	366	extends {\tt prop_pack} with the safe rules {\tt allR}
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	367	and~{\tt exL} and the unsafe rules \tdx{allL} and~\tdx{exR}.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	368	Search using this is complete, since quantified formulae may be reused, but
d8205bb279a7 Initial revision lcp parents: diff changeset	369	frequently fails to terminate. It is generally unsuitable for depth-first
d8205bb279a7 Initial revision lcp parents: diff changeset	370	search.
d8205bb279a7 Initial revision lcp parents: diff changeset	371
d8205bb279a7 Initial revision lcp parents: diff changeset	372	\item[$pack$ \ttindexbold{add_safes} $rules$]
d8205bb279a7 Initial revision lcp parents: diff changeset	373	adds some safe~$rules$ to the pack~$pack$.
d8205bb279a7 Initial revision lcp parents: diff changeset	374
d8205bb279a7 Initial revision lcp parents: diff changeset	375	\item[$pack$ \ttindexbold{add_unsafes} $rules$]
d8205bb279a7 Initial revision lcp parents: diff changeset	376	adds some unsafe~$rules$ to the pack~$pack$.
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	377	\end{ttdescription}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	378
d8205bb279a7 Initial revision lcp parents: diff changeset	379
d8205bb279a7 Initial revision lcp parents: diff changeset	380	\section{Proof procedures}
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	381	The \LK{} proof procedure is similar to the classical reasoner
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	382	described in
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	383	\iflabelundefined{chap:classical}{the {\em Reference Manual\/}}%
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	384	{Chap.\ts\ref{chap:classical}}.
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	385	%
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	386	In fact it is simpler, since it works directly with sequents rather than
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	387	simulating them. There is no need to distinguish introduction rules from
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	388	elimination rules, and of course there is no swap rule. As always,
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	389	Isabelle's classical proof procedures are less powerful than resolution
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	390	theorem provers. But they are more natural and flexible, working with an
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	391	open-ended set of rules.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	392
d8205bb279a7 Initial revision lcp parents: diff changeset	393	Backtracking over the choice of a safe rule accomplishes nothing: applying
d8205bb279a7 Initial revision lcp parents: diff changeset	394	them in any order leads to essentially the same result. Backtracking may
d8205bb279a7 Initial revision lcp parents: diff changeset	395	be necessary over basic sequents when they perform unification. Suppose
d8205bb279a7 Initial revision lcp parents: diff changeset	396	that~0, 1, 2,~3 are constants in the subgoals
d8205bb279a7 Initial revision lcp parents: diff changeset	397	\[ \begin{array}{c}
d8205bb279a7 Initial revision lcp parents: diff changeset	398	P(0), P(1), P(2) \turn P(\Var{a}) \\
d8205bb279a7 Initial revision lcp parents: diff changeset	399	P(0), P(2), P(3) \turn P(\Var{a}) \\
d8205bb279a7 Initial revision lcp parents: diff changeset	400	P(1), P(3), P(2) \turn P(\Var{a})
d8205bb279a7 Initial revision lcp parents: diff changeset	401	\end{array}
d8205bb279a7 Initial revision lcp parents: diff changeset	402	\]
d8205bb279a7 Initial revision lcp parents: diff changeset	403	The only assignment that satisfies all three subgoals is $\Var{a}\mapsto 2$,
d8205bb279a7 Initial revision lcp parents: diff changeset	404	and this can only be discovered by search. The tactics given below permit
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	405	backtracking only over axioms, such as {\tt basic} and {\tt refl};
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	406	otherwise they are deterministic.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	407
d8205bb279a7 Initial revision lcp parents: diff changeset	408
d8205bb279a7 Initial revision lcp parents: diff changeset	409	\subsection{Method A}
d8205bb279a7 Initial revision lcp parents: diff changeset	410	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	411	reresolve_tac : thm list -> int -> tactic
d8205bb279a7 Initial revision lcp parents: diff changeset	412	repeat_goal_tac : pack -> int -> tactic
d8205bb279a7 Initial revision lcp parents: diff changeset	413	pc_tac : pack -> int -> tactic
d8205bb279a7 Initial revision lcp parents: diff changeset	414	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	415	These tactics use a method developed by Philippe de Groote. A subgoal is
d8205bb279a7 Initial revision lcp parents: diff changeset	416	refined and the resulting subgoals are attempted in reverse order. For
d8205bb279a7 Initial revision lcp parents: diff changeset	417	some reason, this is much faster than attempting the subgoals in order.
d8205bb279a7 Initial revision lcp parents: diff changeset	418	The method is inherently depth-first.
d8205bb279a7 Initial revision lcp parents: diff changeset	419
d8205bb279a7 Initial revision lcp parents: diff changeset	420	At present, these tactics only work for rules that have no more than two
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	421	premises. They fail --- return no next state --- if they can do nothing.
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	422	\begin{ttdescription}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	423	\item[\ttindexbold{reresolve_tac} $thms$ $i$]
d8205bb279a7 Initial revision lcp parents: diff changeset	424	repeatedly applies the $thms$ to subgoal $i$ and the resulting subgoals.
d8205bb279a7 Initial revision lcp parents: diff changeset	425
d8205bb279a7 Initial revision lcp parents: diff changeset	426	\item[\ttindexbold{repeat_goal_tac} $pack$ $i$]
d8205bb279a7 Initial revision lcp parents: diff changeset	427	applies the safe rules in the pack to a goal and the resulting subgoals.
d8205bb279a7 Initial revision lcp parents: diff changeset	428	If no safe rule is applicable then it applies an unsafe rule and continues.
d8205bb279a7 Initial revision lcp parents: diff changeset	429
d8205bb279a7 Initial revision lcp parents: diff changeset	430	\item[\ttindexbold{pc_tac} $pack$ $i$]
d8205bb279a7 Initial revision lcp parents: diff changeset	431	applies {\tt repeat_goal_tac} using depth-first search to solve subgoal~$i$.
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	432	\end{ttdescription}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	433
d8205bb279a7 Initial revision lcp parents: diff changeset	434
d8205bb279a7 Initial revision lcp parents: diff changeset	435	\subsection{Method B}
d8205bb279a7 Initial revision lcp parents: diff changeset	436	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	437	safe_goal_tac : pack -> int -> tactic
d8205bb279a7 Initial revision lcp parents: diff changeset	438	step_tac : pack -> int -> tactic
d8205bb279a7 Initial revision lcp parents: diff changeset	439	fast_tac : pack -> int -> tactic
d8205bb279a7 Initial revision lcp parents: diff changeset	440	best_tac : pack -> int -> tactic
d8205bb279a7 Initial revision lcp parents: diff changeset	441	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	442	These tactics are precisely analogous to those of the generic classical
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	443	reasoner. They use `Method~A' only on safe rules. They fail if they
104 d8205bb279a7 Initial revision lcp parents: diff changeset	444	can do nothing.
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	445	\begin{ttdescription}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	446	\item[\ttindexbold{safe_goal_tac} $pack$ $i$]
d8205bb279a7 Initial revision lcp parents: diff changeset	447	applies the safe rules in the pack to a goal and the resulting subgoals.
d8205bb279a7 Initial revision lcp parents: diff changeset	448	It ignores the unsafe rules.
d8205bb279a7 Initial revision lcp parents: diff changeset	449
d8205bb279a7 Initial revision lcp parents: diff changeset	450	\item[\ttindexbold{step_tac} $pack$ $i$]
d8205bb279a7 Initial revision lcp parents: diff changeset	451	either applies safe rules (using {\tt safe_goal_tac}) or applies one unsafe
d8205bb279a7 Initial revision lcp parents: diff changeset	452	rule.
d8205bb279a7 Initial revision lcp parents: diff changeset	453
d8205bb279a7 Initial revision lcp parents: diff changeset	454	\item[\ttindexbold{fast_tac} $pack$ $i$]
d8205bb279a7 Initial revision lcp parents: diff changeset	455	applies {\tt step_tac} using depth-first search to solve subgoal~$i$.
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	456	Despite its name, it is frequently slower than {\tt pc_tac}.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	457
d8205bb279a7 Initial revision lcp parents: diff changeset	458	\item[\ttindexbold{best_tac} $pack$ $i$]
d8205bb279a7 Initial revision lcp parents: diff changeset	459	applies {\tt step_tac} using best-first search to solve subgoal~$i$. It is
d8205bb279a7 Initial revision lcp parents: diff changeset	460	particularly useful for quantifier duplication (using \ttindex{LK_dup_pack}).
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	461	\end{ttdescription}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	462
d8205bb279a7 Initial revision lcp parents: diff changeset	463
d8205bb279a7 Initial revision lcp parents: diff changeset	464
d8205bb279a7 Initial revision lcp parents: diff changeset	465	\section{A simple example of classical reasoning}
d8205bb279a7 Initial revision lcp parents: diff changeset	466	The theorem $\turn\ex{y}\all{x}P(y)\imp P(x)$ is a standard example of the
d8205bb279a7 Initial revision lcp parents: diff changeset	467	classical treatment of the existential quantifier. Classical reasoning
d8205bb279a7 Initial revision lcp parents: diff changeset	468	is easy using~{\LK}, as you can see by comparing this proof with the one
d8205bb279a7 Initial revision lcp parents: diff changeset	469	given in~\S\ref{fol-cla-example}. From a logical point of view, the
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	470	proofs are essentially the same; the key step here is to use \tdx{exR}
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	471	rather than the weaker~\tdx{exR_thin}.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	472	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	473	goal LK.thy "\|- EX y. ALL x. P(y)-->P(x)";
d8205bb279a7 Initial revision lcp parents: diff changeset	474	{\out Level 0}
d8205bb279a7 Initial revision lcp parents: diff changeset	475	{\out \|- EX y. ALL x. P(y) --> P(x)}
d8205bb279a7 Initial revision lcp parents: diff changeset	476	{\out 1. \|- EX y. ALL x. P(y) --> P(x)}
d8205bb279a7 Initial revision lcp parents: diff changeset	477	by (resolve_tac [exR] 1);
d8205bb279a7 Initial revision lcp parents: diff changeset	478	{\out Level 1}
d8205bb279a7 Initial revision lcp parents: diff changeset	479	{\out \|- EX y. ALL x. P(y) --> P(x)}
d8205bb279a7 Initial revision lcp parents: diff changeset	480	{\out 1. \|- ALL x. P(?x) --> P(x), EX x. ALL xa. P(x) --> P(xa)}
d8205bb279a7 Initial revision lcp parents: diff changeset	481	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	482	There are now two formulae on the right side. Keeping the existential one
d8205bb279a7 Initial revision lcp parents: diff changeset	483	in reserve, we break down the universal one.
d8205bb279a7 Initial revision lcp parents: diff changeset	484	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	485	by (resolve_tac [allR] 1);
d8205bb279a7 Initial revision lcp parents: diff changeset	486	{\out Level 2}
d8205bb279a7 Initial revision lcp parents: diff changeset	487	{\out \|- EX y. ALL x. P(y) --> P(x)}
d8205bb279a7 Initial revision lcp parents: diff changeset	488	{\out 1. !!x. \|- P(?x) --> P(x), EX x. ALL xa. P(x) --> P(xa)}
d8205bb279a7 Initial revision lcp parents: diff changeset	489	by (resolve_tac [impR] 1);
d8205bb279a7 Initial revision lcp parents: diff changeset	490	{\out Level 3}
d8205bb279a7 Initial revision lcp parents: diff changeset	491	{\out \|- EX y. ALL x. P(y) --> P(x)}
d8205bb279a7 Initial revision lcp parents: diff changeset	492	{\out 1. !!x. P(?x) \|- P(x), EX x. ALL xa. P(x) --> P(xa)}
d8205bb279a7 Initial revision lcp parents: diff changeset	493	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	494	Because {\LK} is a sequent calculus, the formula~$P(\Var{x})$ does not
d8205bb279a7 Initial revision lcp parents: diff changeset	495	become an assumption; instead, it moves to the left side. The
d8205bb279a7 Initial revision lcp parents: diff changeset	496	resulting subgoal cannot be instantiated to a basic sequent: the bound
d8205bb279a7 Initial revision lcp parents: diff changeset	497	variable~$x$ is not unifiable with the unknown~$\Var{x}$.
d8205bb279a7 Initial revision lcp parents: diff changeset	498	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	499	by (resolve_tac [basic] 1);
d8205bb279a7 Initial revision lcp parents: diff changeset	500	{\out by: tactic failed}
d8205bb279a7 Initial revision lcp parents: diff changeset	501	\end{ttbox}
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	502	We reuse the existential formula using~\tdx{exR_thin}, which discards
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	503	it; we shall not need it a third time. We again break down the resulting
104 d8205bb279a7 Initial revision lcp parents: diff changeset	504	formula.
d8205bb279a7 Initial revision lcp parents: diff changeset	505	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	506	by (resolve_tac [exR_thin] 1);
d8205bb279a7 Initial revision lcp parents: diff changeset	507	{\out Level 4}
d8205bb279a7 Initial revision lcp parents: diff changeset	508	{\out \|- EX y. ALL x. P(y) --> P(x)}
d8205bb279a7 Initial revision lcp parents: diff changeset	509	{\out 1. !!x. P(?x) \|- P(x), ALL xa. P(?x7(x)) --> P(xa)}
d8205bb279a7 Initial revision lcp parents: diff changeset	510	by (resolve_tac [allR] 1);
d8205bb279a7 Initial revision lcp parents: diff changeset	511	{\out Level 5}
d8205bb279a7 Initial revision lcp parents: diff changeset	512	{\out \|- EX y. ALL x. P(y) --> P(x)}
d8205bb279a7 Initial revision lcp parents: diff changeset	513	{\out 1. !!x xa. P(?x) \|- P(x), P(?x7(x)) --> P(xa)}
d8205bb279a7 Initial revision lcp parents: diff changeset	514	by (resolve_tac [impR] 1);
d8205bb279a7 Initial revision lcp parents: diff changeset	515	{\out Level 6}
d8205bb279a7 Initial revision lcp parents: diff changeset	516	{\out \|- EX y. ALL x. P(y) --> P(x)}
d8205bb279a7 Initial revision lcp parents: diff changeset	517	{\out 1. !!x xa. P(?x), P(?x7(x)) \|- P(x), P(xa)}
d8205bb279a7 Initial revision lcp parents: diff changeset	518	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	519	Subgoal~1 seems to offer lots of possibilities. Actually the only useful
d8205bb279a7 Initial revision lcp parents: diff changeset	520	step is instantiating~$\Var{x@7}$ to $\lambda x.x$,
d8205bb279a7 Initial revision lcp parents: diff changeset	521	transforming~$\Var{x@7}(x)$ into~$x$.
d8205bb279a7 Initial revision lcp parents: diff changeset	522	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	523	by (resolve_tac [basic] 1);
d8205bb279a7 Initial revision lcp parents: diff changeset	524	{\out Level 7}
d8205bb279a7 Initial revision lcp parents: diff changeset	525	{\out \|- EX y. ALL x. P(y) --> P(x)}
d8205bb279a7 Initial revision lcp parents: diff changeset	526	{\out No subgoals!}
d8205bb279a7 Initial revision lcp parents: diff changeset	527	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	528	This theorem can be proved automatically. Because it involves quantifier
d8205bb279a7 Initial revision lcp parents: diff changeset	529	duplication, we employ best-first search:
d8205bb279a7 Initial revision lcp parents: diff changeset	530	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	531	goal LK.thy "\|- EX y. ALL x. P(y)-->P(x)";
d8205bb279a7 Initial revision lcp parents: diff changeset	532	{\out Level 0}
d8205bb279a7 Initial revision lcp parents: diff changeset	533	{\out \|- EX y. ALL x. P(y) --> P(x)}
d8205bb279a7 Initial revision lcp parents: diff changeset	534	{\out 1. \|- EX y. ALL x. P(y) --> P(x)}
d8205bb279a7 Initial revision lcp parents: diff changeset	535	by (best_tac LK_dup_pack 1);
d8205bb279a7 Initial revision lcp parents: diff changeset	536	{\out Level 1}
d8205bb279a7 Initial revision lcp parents: diff changeset	537	{\out \|- EX y. ALL x. P(y) --> P(x)}
d8205bb279a7 Initial revision lcp parents: diff changeset	538	{\out No subgoals!}
d8205bb279a7 Initial revision lcp parents: diff changeset	539	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	540
d8205bb279a7 Initial revision lcp parents: diff changeset	541
d8205bb279a7 Initial revision lcp parents: diff changeset	542
d8205bb279a7 Initial revision lcp parents: diff changeset	543	\section{A more complex proof}
d8205bb279a7 Initial revision lcp parents: diff changeset	544	Many of Pelletier's test problems for theorem provers \cite{pelletier86}
d8205bb279a7 Initial revision lcp parents: diff changeset	545	can be solved automatically. Problem~39 concerns set theory, asserting
d8205bb279a7 Initial revision lcp parents: diff changeset	546	that there is no Russell set --- a set consisting of those sets that are
d8205bb279a7 Initial revision lcp parents: diff changeset	547	not members of themselves:
d8205bb279a7 Initial revision lcp parents: diff changeset	548	\[ \turn \neg (\exists x. \forall y. y\in x \bimp y\not\in y) \]
d8205bb279a7 Initial revision lcp parents: diff changeset	549	This does not require special properties of membership; we may
d8205bb279a7 Initial revision lcp parents: diff changeset	550	generalize $x\in y$ to an arbitrary predicate~$F(x,y)$. The theorem has a
291 a615050a7494 first draft of Springer volume lcp parents: 264 diff changeset	551	short manual proof. See the directory {\tt LK/ex} for many more
104 d8205bb279a7 Initial revision lcp parents: diff changeset	552	examples.
d8205bb279a7 Initial revision lcp parents: diff changeset	553
d8205bb279a7 Initial revision lcp parents: diff changeset	554	We set the main goal and move the negated formula to the left.
d8205bb279a7 Initial revision lcp parents: diff changeset	555	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	556	goal LK.thy "\|- ~ (EX x. ALL y. F(y,x) <-> ~F(y,y))";
d8205bb279a7 Initial revision lcp parents: diff changeset	557	{\out Level 0}
d8205bb279a7 Initial revision lcp parents: diff changeset	558	{\out \|- ~ (EX x. ALL y. F(y,x) <-> ~ F(y,y))}
d8205bb279a7 Initial revision lcp parents: diff changeset	559	{\out 1. \|- ~ (EX x. ALL y. F(y,x) <-> ~ F(y,y))}
d8205bb279a7 Initial revision lcp parents: diff changeset	560	by (resolve_tac [notR] 1);
d8205bb279a7 Initial revision lcp parents: diff changeset	561	{\out Level 1}
d8205bb279a7 Initial revision lcp parents: diff changeset	562	{\out \|- ~ (EX x. ALL y. F(y,x) <-> ~ F(y,y))}
d8205bb279a7 Initial revision lcp parents: diff changeset	563	{\out 1. EX x. ALL y. F(y,x) <-> ~ F(y,y) \|-}
d8205bb279a7 Initial revision lcp parents: diff changeset	564	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	565	The right side is empty; we strip both quantifiers from the formula on the
d8205bb279a7 Initial revision lcp parents: diff changeset	566	left.
d8205bb279a7 Initial revision lcp parents: diff changeset	567	\begin{ttbox}
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	568	by (resolve_tac [exL] 1);
104 d8205bb279a7 Initial revision lcp parents: diff changeset	569	{\out Level 2}
d8205bb279a7 Initial revision lcp parents: diff changeset	570	{\out \|- ~ (EX x. ALL y. F(y,x) <-> ~ F(y,y))}
d8205bb279a7 Initial revision lcp parents: diff changeset	571	{\out 1. !!x. ALL y. F(y,x) <-> ~ F(y,y) \|-}
d8205bb279a7 Initial revision lcp parents: diff changeset	572	by (resolve_tac [allL_thin] 1);
d8205bb279a7 Initial revision lcp parents: diff changeset	573	{\out Level 3}
d8205bb279a7 Initial revision lcp parents: diff changeset	574	{\out \|- ~ (EX x. ALL y. F(y,x) <-> ~ F(y,y))}
d8205bb279a7 Initial revision lcp parents: diff changeset	575	{\out 1. !!x. F(?x2(x),x) <-> ~ F(?x2(x),?x2(x)) \|-}
d8205bb279a7 Initial revision lcp parents: diff changeset	576	\end{ttbox}
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	577	The rule \tdx{iffL} says, if $P\bimp Q$ then $P$ and~$Q$ are either
104 d8205bb279a7 Initial revision lcp parents: diff changeset	578	both true or both false. It yields two subgoals.
d8205bb279a7 Initial revision lcp parents: diff changeset	579	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	580	by (resolve_tac [iffL] 1);
d8205bb279a7 Initial revision lcp parents: diff changeset	581	{\out Level 4}
d8205bb279a7 Initial revision lcp parents: diff changeset	582	{\out \|- ~ (EX x. ALL y. F(y,x) <-> ~ F(y,y))}
d8205bb279a7 Initial revision lcp parents: diff changeset	583	{\out 1. !!x. \|- F(?x2(x),x), ~ F(?x2(x),?x2(x))}
d8205bb279a7 Initial revision lcp parents: diff changeset	584	{\out 2. !!x. ~ F(?x2(x),?x2(x)), F(?x2(x),x) \|-}
d8205bb279a7 Initial revision lcp parents: diff changeset	585	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	586	We must instantiate~$\Var{x@2}$, the shared unknown, to satisfy both
d8205bb279a7 Initial revision lcp parents: diff changeset	587	subgoals. Beginning with subgoal~2, we move a negated formula to the left
d8205bb279a7 Initial revision lcp parents: diff changeset	588	and create a basic sequent.
d8205bb279a7 Initial revision lcp parents: diff changeset	589	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	590	by (resolve_tac [notL] 2);
d8205bb279a7 Initial revision lcp parents: diff changeset	591	{\out Level 5}
d8205bb279a7 Initial revision lcp parents: diff changeset	592	{\out \|- ~ (EX x. ALL y. F(y,x) <-> ~ F(y,y))}
d8205bb279a7 Initial revision lcp parents: diff changeset	593	{\out 1. !!x. \|- F(?x2(x),x), ~ F(?x2(x),?x2(x))}
d8205bb279a7 Initial revision lcp parents: diff changeset	594	{\out 2. !!x. F(?x2(x),x) \|- F(?x2(x),?x2(x))}
d8205bb279a7 Initial revision lcp parents: diff changeset	595	by (resolve_tac [basic] 2);
d8205bb279a7 Initial revision lcp parents: diff changeset	596	{\out Level 6}
d8205bb279a7 Initial revision lcp parents: diff changeset	597	{\out \|- ~ (EX x. ALL y. F(y,x) <-> ~ F(y,y))}
d8205bb279a7 Initial revision lcp parents: diff changeset	598	{\out 1. !!x. \|- F(x,x), ~ F(x,x)}
d8205bb279a7 Initial revision lcp parents: diff changeset	599	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	600	Thanks to the instantiation of~$\Var{x@2}$, subgoal~1 is obviously true.
d8205bb279a7 Initial revision lcp parents: diff changeset	601	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	602	by (resolve_tac [notR] 1);
d8205bb279a7 Initial revision lcp parents: diff changeset	603	{\out Level 7}
d8205bb279a7 Initial revision lcp parents: diff changeset	604	{\out \|- ~ (EX x. ALL y. F(y,x) <-> ~ F(y,y))}
d8205bb279a7 Initial revision lcp parents: diff changeset	605	{\out 1. !!x. F(x,x) \|- F(x,x)}
d8205bb279a7 Initial revision lcp parents: diff changeset	606	by (resolve_tac [basic] 1);
d8205bb279a7 Initial revision lcp parents: diff changeset	607	{\out Level 8}
d8205bb279a7 Initial revision lcp parents: diff changeset	608	{\out \|- ~ (EX x. ALL y. F(y,x) <-> ~ F(y,y))}
d8205bb279a7 Initial revision lcp parents: diff changeset	609	{\out No subgoals!}
d8205bb279a7 Initial revision lcp parents: diff changeset	610	\end{ttbox}
316 813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	611
813ee27cd4d5 penultimate Springer draft lcp parents: 291 diff changeset	612	\index{sequent calculus\|)}

author	paulson
	Wed, 06 Mar 1996 10:14:47 +0100
changeset 1549	ac9b58304d62
parent 841	14b96e3bd4ab
child 3137	786faf45f1f3
permissions	-rw-r--r--