doc-src/IsarRef/generic.tex

'.' == by this;

\chapter{Generic Tools and Packages}\label{ch:gen-tools}

\section{Basic proof methods}\label{sec:pure-meth}

\indexisarmeth{fail}\indexisarmeth{succeed}\indexisarmeth{$-$}
\indexisarmeth{assumption}\indexisarmeth{this}
\indexisarmeth{fold}\indexisarmeth{unfold}
\indexisarmeth{rule}\indexisarmeth{erule}
\begin{matharray}{rcl}
  - & : & \isarmeth \\
  assumption & : & \isarmeth \\
  this & : & \isarmeth \\
  rule & : & \isarmeth \\
  erule^* & : & \isarmeth \\[0.5ex]
  fold & : & \isarmeth \\
  unfold & : & \isarmeth \\[0.5ex]
  succeed & : & \isarmeth \\
  fail & : & \isarmeth \\
\end{matharray}

\begin{rail}
  ('fold' | 'unfold' | 'rule' | 'erule') thmrefs
  ;
\end{rail}

\begin{descr}
\item [``$-$''] does nothing but insert the forward chaining facts as premises
  into the goal.  Note that command $\PROOFNAME$ without any method actually
  performs a single reduction step using the $rule$ method (see below); thus a
  plain \emph{do-nothing} proof step would be $\PROOF{-}$ rather than
  $\PROOFNAME$ alone.
\item [$assumption$] solves some goal by assumption.  Any facts given are
  guaranteed to participate in the refinement.
\item [$this$] applies the current facts directly as rules.  Note that
  ``$\DOT$'' (dot) abbreviates $\BY{this}$.
\item [$rule~thms$] applies some rule given as argument in backward manner;
  facts are used to reduce the rule before applying it to the goal.  Thus
  $rule$ without facts is plain \emph{introduction}, while with facts it
  becomes a (generalized) \emph{elimination}.
  
  Note that the classical reasoner introduces another version of $rule$ that
  is able to pick appropriate rules automatically, whenever $thms$ are omitted
  (see \S\ref{sec:classical-basic}); that method is the default for
  $\PROOFNAME$ steps.  Note that ``$\DDOT$'' (double-dot) abbreviates
  $\BY{default}$.
\item [$erule~thms$] is similar to $rule$, but applies rules by
  elim-resolution.  This is an improper method, mainly for experimentation and
  porting of old scripts.  Actual elimination proofs are usually done with
  $rule$ (single step, involving facts) or $elim$ (repeated steps, see
  \S\ref{sec:classical-basic}).
\item [$unfold~thms$ and $fold~thms$] expand and fold back again the given
  meta-level definitions throughout all goals; any facts provided are inserted
  into the goal and subject to rewriting as well.
\item [$succeed$] yields a single (unchanged) result; it is the identity of
  the ``\texttt{,}'' method combinator (cf.\ \S\ref{sec:syn-meth}).
\item [$fail$] yields an empty result sequence; it is the identity of the
  ``\texttt{|}'' method combinator (cf.\ \S\ref{sec:syn-meth}).
\end{descr}


\section{Miscellaneous attributes}

\indexisaratt{tag}\indexisaratt{untag}\indexisaratt{COMP}\indexisaratt{RS}
\indexisaratt{OF}\indexisaratt{where}\indexisaratt{of}\indexisaratt{standard}
\indexisaratt{elimify}\indexisaratt{transfer}\indexisaratt{export}
\indexisaratt{unfold}\indexisaratt{fold}
\begin{matharray}{rcl}
  tag & : & \isaratt \\
  untag & : & \isaratt \\[0.5ex]
  OF & : & \isaratt \\
  RS & : & \isaratt \\
  COMP & : & \isaratt \\[0.5ex]
  of & : & \isaratt \\
  where & : & \isaratt \\[0.5ex]
  unfold & : & \isaratt \\
  fold & : & \isaratt \\[0.5ex]
  standard & : & \isaratt \\
  elimify & : & \isaratt \\
  export^* & : & \isaratt \\
  transfer & : & \isaratt \\[0.5ex]
\end{matharray}

\begin{rail}
  ('tag' | 'untag') (nameref+)
  ;
  'OF' thmrefs
  ;
  ('RS' | 'COMP') nat? thmref
  ;
  'of' (inst * ) ('concl' ':' (inst * ))?
  ;
  'where' (name '=' term * 'and')
  ;
  ('unfold' | 'fold') thmrefs
  ;

  inst: underscore | term
  ;
\end{rail}

\begin{descr}
\item [$tag~tags$ and $untag~tags$] add and remove $tags$ of the theorem,
  respectively.  Tags may be any list of strings that serve as comment for
  some tools (e.g.\ $\LEMMANAME$ causes the tag ``$lemma$'' to be added to the
  result).
\item [$OF~thms$, $RS~n~thm$, and $COMP~n~thm$] compose rules.  $OF$ applies
  $thms$ in parallel (cf.\ \texttt{MRS} in \cite[\S5]{isabelle-ref}, but note
  the reversed order).  Note that premises may be skipped by including
  ``$\_$'' (underscore) as argument.
  
  $RS$ resolves with the $n$-th premise of $thm$; $COMP$ is a version of $RS$
  that skips the automatic lifting process that is normally intended (cf.\ 
  \texttt{RS} and \texttt{COMP} in \cite[\S5]{isabelle-ref}).
  
\item [$of~\vec t$ and $where~\vec x = \vec t$] perform positional and named
  instantiation, respectively.  The terms given in $of$ are substituted for
  any schematic variables occurring in a theorem from left to right;
  ``\texttt{_}'' (underscore) indicates to skip a position.  Arguments
  following a ``$concl\colon$'' specification refer to positions of the
  conclusion of a rule.
  
\item [$unfold~thms$ and $fold~thms$] expand and fold back again the given
  meta-level definitions throughout a rule.
 
\item [$standard$] puts a theorem into the standard form of object-rules, just
  as the ML function \texttt{standard} (see \cite[\S5]{isabelle-ref}).
  
\item [$elimify$] turns an destruction rule into an elimination, just as the
  ML function \texttt{make\_elim} (see \cite{isabelle-ref}).
  
\item [$export$] lifts a local result out of the current proof context,
  generalizing all fixed variables and discharging all assumptions.  Note that
  (partial) export is usually done automatically behind the scenes.  This
  attribute is mainly for experimentation.
  
\item [$transfer$] promotes a theorem to the current theory context, which has
  to enclose the former one.  Normally, this is done automatically when rules
  are joined by inference.

\end{descr}


\section{Calculational proof}\label{sec:calculation}

\indexisarcmd{also}\indexisarcmd{finally}\indexisaratt{trans}
\begin{matharray}{rcl}
  \isarcmd{also} & : & \isartrans{proof(state)}{proof(state)} \\
  \isarcmd{finally} & : & \isartrans{proof(state)}{proof(chain)} \\
  trans & : & \isaratt \\
\end{matharray}

Calculational proof is forward reasoning with implicit application of
transitivity rules (such those of $=$, $\le$, $<$).  Isabelle/Isar maintains
an auxiliary register $calculation$\indexisarthm{calculation} for accumulating
results obtained by transitivity composed with the current result.  Command
$\ALSO$ updates $calculation$ involving $this$, while $\FINALLY$ exhibits the
final $calculation$ by forward chaining towards the next goal statement.  Both
commands require valid current facts, i.e.\ may occur only after commands that
produce theorems such as $\ASSUMENAME$, $\NOTENAME$, or some finished proof of
$\HAVENAME$, $\SHOWNAME$ etc.

Also note that the automatic term abbreviation ``$\dots$'' has its canonical
application with calculational proofs.  It automatically refers to the
argument\footnote{The argument of a curried infix expression is its right-hand
  side.} of the preceding statement.

Isabelle/Isar calculations are implicitly subject to block structure in the
sense that new threads of calculational reasoning are commenced for any new
block (as opened by a local goal, for example).  This means that, apart from
being able to nest calculations, there is no separate \emph{begin-calculation}
command required.

\begin{rail}
  ('also' | 'finally') transrules? comment?
  ;
  'trans' (() | 'add' ':' | 'del' ':') thmrefs
  ;

  transrules: '(' thmrefs ')' interest?
  ;
\end{rail}

\begin{descr}
\item [$\ALSO~(thms)$] maintains the auxiliary $calculation$ register as
  follows.  The first occurrence of $\ALSO$ in some calculational thread
  initializes $calculation$ by $this$. Any subsequent $\ALSO$ on the same
  level of block-structure updates $calculation$ by some transitivity rule
  applied to $calculation$ and $this$ (in that order).  Transitivity rules are
  picked from the current context plus those given as $thms$ (the latter have
  precedence).
  
\item [$\FINALLY~(thms)$] maintaining $calculation$ in the same way as
  $\ALSO$, and concludes the current calculational thread.  The final result
  is exhibited as fact for forward chaining towards the next goal. Basically,
  $\FINALLY$ just abbreviates $\ALSO~\FROM{calculation}$.  Note that
  ``$\FINALLY~\SHOW{}{\Var{thesis}}~\DOT$'' and
  ``$\FINALLY~\HAVE{}{\phi}~\DOT$'' are typical idioms for concluding
  calculational proofs.
  
\item [$trans$] maintains the set of transitivity rules of the theory or proof
  context, by adding or deleting theorems (the default is to add).
\end{descr}

%FIXME
%See theory \texttt{HOL/Isar_examples/Group} for a simple application of
%calculations for basic equational reasoning.
%\texttt{HOL/Isar_examples/KnasterTarski} involves a few more advanced
%calculational steps in combination with natural deduction.


\section{Axiomatic Type Classes}\label{sec:axclass}

\indexisarcmd{axclass}\indexisarcmd{instance}\indexisarmeth{intro-classes}
\begin{matharray}{rcl}
  \isarcmd{axclass} & : & \isartrans{theory}{theory} \\
  \isarcmd{instance} & : & \isartrans{theory}{proof(prove)} \\
  intro_classes & : & \isarmeth \\
\end{matharray}

Axiomatic type classes are provided by Isabelle/Pure as a \emph{definitional}
interface to type classes (cf.~\S\ref{sec:classes}).  Thus any object logic
may make use of this light-weight mechanism of abstract theories.  See
\cite{Wenzel:1997:TPHOL} for more information.  There is also a tutorial on
\emph{Using Axiomatic Type Classes in Isabelle} that is part of the standard
Isabelle documentation.
%FIXME cite

\begin{rail}
  'axclass' classdecl (axmdecl prop comment? +)
  ;
  'instance' (nameref '<' nameref | nameref '::' simplearity) comment?
  ;
\end{rail}

\begin{descr}
\item [$\isarkeyword{axclass}~c < \vec c~axms$] defines an axiomatic type
  class as the intersection of existing classes, with additional axioms
  holding.  Class axioms may not contain more than one type variable.  The
  class axioms (with implicit sort constraints added) are bound to the given
  names.  Furthermore a class introduction rule is generated, which is
  employed by method $intro_classes$ to support instantiation proofs of this
  class.
  
\item [$\isarkeyword{instance}~c@1 < c@2$ and $\isarkeyword{instance}~t ::
  (\vec s)c$] setup up a goal stating the class relation or type arity.  The
  proof would usually proceed by $intro_classes$, and then establish the
  characteristic theorems of the type classes involved.  After finishing the
  proof, the theory will be augmented by a type signature declaration
  corresponding to the resulting theorem.
\item [$intro_classes$] repeatedly expands all class introduction rules of
  this theory.
\end{descr}

%FIXME
%See theory \texttt{HOL/Isar_examples/Group} for a simple example of using
%axiomatic type classes, including instantiation proofs.


\section{The Simplifier}

\subsection{Simplification methods}\label{sec:simp}

\indexisarmeth{simp}
\begin{matharray}{rcl}
  simp & : & \isarmeth \\
\end{matharray}

\begin{rail}
  'simp' ('!' ?) (simpmod * )
  ;

  simpmod: ('add' | 'del' | 'only' | 'other') ':' thmrefs
  ;
\end{rail}

\begin{descr}
\item [$simp$] invokes Isabelle's simplifier, after modifying the context by
  adding or deleting rules as specified.  The \railtoken{only} modifier first
  removes all other rewrite rules and congruences, and then is like
  \railtoken{add}.  In contrast, \railtoken{other} ignores its arguments;
  nevertheless there may be side-effects on the context via
  attributes.\footnote{This provides a back door for arbitrary context
    manipulation.}
  
  The $simp$ method is based on \texttt{asm_full_simp_tac}
  \cite[\S10]{isabelle-ref}, but is much better behaved in practice.  Just the
  local premises of the actual goal are involved by default.  Additional facts
  may be inserted via forward-chaining (using $\THEN$, $\FROMNAME$ etc.).  The
  full context of assumptions is only included in the $simp!$ version, which
  should be used with care.
\end{descr}

\subsection{Modifying the context}

\indexisaratt{simp}
\begin{matharray}{rcl}
  simp & : & \isaratt \\
\end{matharray}

\begin{rail}
  'simp' (() | 'add' | 'del')
  ;
\end{rail}

\begin{descr}
\item [$simp$] adds or deletes rules from the theory or proof context (the
  default is to add).
\end{descr}


\subsection{Forward simplification}

\indexisaratt{simplify}\indexisaratt{asm-simplify}
\indexisaratt{full-simplify}\indexisaratt{asm-full-simplify}
\begin{matharray}{rcl}
  simplify & : & \isaratt \\
  asm_simplify & : & \isaratt \\
  full_simplify & : & \isaratt \\
  asm_full_simplify & : & \isaratt \\
\end{matharray}

These attributes provide forward rules for simplification, which should be
used only very rarely.  There are no separate options for adding or deleting
simplification rules locally.

See the ML functions of the same name in \cite[\S10]{isabelle-ref} for more
information.


\section{The Classical Reasoner}

\subsection{Basic methods}\label{sec:classical-basic}

\indexisarmeth{rule}\indexisarmeth{intro}
\indexisarmeth{elim}\indexisarmeth{default}\indexisarmeth{contradiction}
\begin{matharray}{rcl}
  rule & : & \isarmeth \\
  intro & : & \isarmeth \\
  elim & : & \isarmeth \\
  contradiction & : & \isarmeth \\
\end{matharray}

\begin{rail}
  ('rule' | 'intro' | 'elim') thmrefs
  ;
\end{rail}

\begin{descr}
\item [$rule$] as offered by the classical reasoner is a refinement over the
  primitive one (see \S\ref{sec:pure-meth}).  In case that no rules are
  provided as arguments, it automatically determines elimination and
  introduction rules from the context (see also \S\ref{sec:classical-mod}).
  In that form it is the default method for basic proof steps, such as
  $\PROOFNAME$ and ``$\DDOT$'' (two dots).
  
\item [$intro$ and $elim$] repeatedly refine some goal by intro- or
  elim-resolution, after having inserted any facts.  Omitting the arguments
  refers to any suitable rules from the context, otherwise only the explicitly
  given ones may be applied.  The latter form admits better control of what
  actually happens, thus it is very appropriate as an initial method for
  $\PROOFNAME$ that splits up certain connectives of the goal, before entering
  the actual sub-proof.
  
\item [$contradiction$] solves some goal by contradiction, deriving any result
  from both $\neg A$ and $A$.  Facts, which are guaranteed to participate, may
  appear in either order.
\end{descr}


\subsection{Automated methods}\label{sec:classical-auto}

\indexisarmeth{blast}
\indexisarmeth{fast}\indexisarmeth{best}\indexisarmeth{slow}\indexisarmeth{slow-best}
\begin{matharray}{rcl}
 blast & : & \isarmeth \\
 fast & : & \isarmeth \\
 best & : & \isarmeth \\
 slow & : & \isarmeth \\
 slow_best & : & \isarmeth \\
\end{matharray}

\railalias{slowbest}{slow\_best}
\railterm{slowbest}

\begin{rail}
  'blast' ('!' ?) nat? (clamod * )
  ;
  ('fast' | 'best' | 'slow' | slowbest) ('!' ?) (clamod * )
  ;

  clamod: (('intro' | 'elim' | 'dest') (() | '!' | '!!') | 'del') ':' thmrefs
  ;
\end{rail}

\begin{descr}
\item [$blast$] refers to the classical tableau prover (see \texttt{blast_tac}
  in \cite[\S11]{isabelle-ref}).  The optional argument specifies a
  user-supplied search bound (default 20).
\item [$fast$, $best$, $slow$, $slow_best$] refer to the generic classical
  reasoner (see \cite[\S11]{isabelle-ref}, tactic \texttt{fast_tac} etc).
\end{descr}

Any of above methods support additional modifiers of the context of classical
rules.  There semantics is analogous to the attributes given in
\S\ref{sec:classical-mod}.  Facts provided by forward chaining are inserted
into the goal before doing the search.  The ``!''~argument causes the full
context of assumptions to be included as well.\footnote{This is slightly less
  hazardous than for the Simplifier (see \S\ref{sec:simp}).}


\subsection{Combined automated methods}

\indexisarmeth{auto}\indexisarmeth{force}
\begin{matharray}{rcl}
  force & : & \isarmeth \\
  auto & : & \isarmeth \\
\end{matharray}

\begin{rail}
  ('force' | 'auto') ('!' ?) (clasimpmod * )
  ;

  clasimpmod: ('simp' ('add' | 'del' | 'only') | 'other' |
    (('intro' | 'elim' | 'dest') (() | '!' | '!!') | 'del')) ':' thmrefs
\end{rail}

\begin{descr}
\item [$force$ and $auto$] provide access to Isabelle's combined
  simplification and classical reasoning tactics.  See \texttt{force_tac} and
  \texttt{auto_tac} in \cite[\S11]{isabelle-ref} for more information.  The
  modifier arguments correspond to those given in \S\ref{sec:simp} and
  \S\ref{sec:classical-auto}.  Just note that the ones related to the
  Simplifier are prefixed by \railtoken{simp} here.
  
  Facts provided by forward chaining are inserted into the goal before doing
  the search.  The ``!''~argument causes the full context of assumptions to be
  included as well.
\end{descr}


\subsection{Modifying the context}\label{sec:classical-mod}

\indexisaratt{intro}\indexisaratt{elim}\indexisaratt{dest}
\indexisaratt{iff}\indexisaratt{delrule}
\begin{matharray}{rcl}
  intro & : & \isaratt \\
  elim & : & \isaratt \\
  dest & : & \isaratt \\
  iff & : & \isaratt \\
  delrule & : & \isaratt \\
\end{matharray}

\begin{rail}
  ('intro' | 'elim' | 'dest') (() | '!' | '!!')
  ;
\end{rail}

\begin{descr}
\item [$intro$, $elim$, $dest$] add introduction, elimination, destruct rules,
  respectively.  By default, rules are considered as \emph{safe}, while a
  single ``!'' classifies as \emph{unsafe}, and ``!!'' as \emph{extra} (i.e.\ 
  not applied in the search-oriented automated methods, but only in
  single-step methods such as $rule$).
  
\item [$iff$] declares equations both as rewrite rules for the simplifier and
  classical reasoning rules.

\item [$delrule$] deletes introduction or elimination rules from the context.
  Note that destruction rules would have to be turned into elimination rules
  first, e.g.\ by using the $elimify$ attribute.
\end{descr}

%%% Local Variables: 
%%% mode: latex
%%% TeX-master: "isar-ref"
%%% End: