\begin{isabellebody}%


\def\isabellecontext{HOL{\isacharunderscore}Specific}%


%


\isadelimtheory


\isanewline


\isanewline


%


\endisadelimtheory


%


\isatagtheory


\isacommand{theory}\isamarkupfalse%


\ HOL{\isacharunderscore}Specific\isanewline

\isakeyword{imports}\ Main\isanewline


\isakeyword{begin}%


\endisatagtheory


{\isafoldtheory}%


%


\isadelimtheory


%


\endisadelimtheory


%

\isamarkupchapter{Isabelle/HOL \label{ch:hol}%

}


\isamarkuptrue%


%


\isamarkupsection{Primitive types \label{sec:holtypedef}%


}


\isamarkuptrue%


%


\begin{isamarkuptext}%


\begin{matharray}{rcl}

\indexdef{HOL}{command}{typedecl}\hypertarget{command.HOL.typedecl}{\hyperlink{command.HOL.typedecl}{\mbox{\isa{\isacommand{typedecl}}}}} & : & \isartrans{theory}{theory} \\


\indexdef{HOL}{command}{typedef}\hypertarget{command.HOL.typedef}{\hyperlink{command.HOL.typedef}{\mbox{\isa{\isacommand{typedef}}}}} & : & \isartrans{theory}{proof(prove)} \\

\end{matharray}


36 


\begin{rail}


'typedecl' typespec infix?


;


'typedef' altname? abstype '=' repset


;


altname: '(' (name  'open'  'open' name) ')'


;


abstype: typespec infix?


;


repset: term ('morphisms' name name)?


;


\end{rail}


\begin{descr}


\item [\hyperlink{command.HOL.typedecl}{\mbox{\isa{\isacommand{typedecl}}}}~\isa{{\isachardoublequote}{\isacharparenleft}{\isasymalpha}\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymalpha}\isactrlsub n{\isacharparenright}\ t{\isachardoublequote}}] is similar to the original \hyperlink{command.typedecl}{\mbox{\isa{\isacommand{typedecl}}}} of

Isabelle/Pure (see \secref{sec:typespure}), but also declares type


arity \isa{{\isachardoublequote}t\ {\isacharcolon}{\isacharcolon}\ {\isacharparenleft}type{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ type{\isacharparenright}\ type{\isachardoublequote}}, making \isa{t} an


actual HOL type constructor. %FIXME check, update


\item [\hyperlink{command.HOL.typedef}{\mbox{\isa{\isacommand{typedef}}}}~\isa{{\isachardoublequote}{\isacharparenleft}{\isasymalpha}\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymalpha}\isactrlsub n{\isacharparenright}\ t\ {\isacharequal}\ A{\isachardoublequote}}] sets up a goal stating nonemptiness of the set \isa{A}.

After finishing the proof, the theory will be augmented by a


Gordon/HOLstyle type definition, which establishes a bijection


between the representing set \isa{A} and the new type \isa{t}.


Technically, \hyperlink{command.HOL.typedef}{\mbox{\isa{\isacommand{typedef}}}} defines both a type \isa{t} and a set (term constant) of the same name (an alternative base

name may be given in parentheses). The injection from type to set


is called \isa{Rep{\isacharunderscore}t}, its inverse \isa{Abs{\isacharunderscore}t} (this may be

changed via an explicit \hyperlink{keyword.HOL.morphisms}{\mbox{\isa{\isakeyword{morphisms}}}} declaration).

68 
69 
70 
71 
proof tools (e.g.\ in \hyperlink{attribute.simp}{\mbox{\isa{simp}}} or \hyperlink{attribute.iff}{\mbox{\isa{iff}}}

declarations). Rules \isa{Rep{\isacharunderscore}t{\isacharunderscore}cases}/\isa{Rep{\isacharunderscore}t{\isacharunderscore}induct}, and


\isa{Abs{\isacharunderscore}t{\isacharunderscore}cases}/\isa{Abs{\isacharunderscore}t{\isacharunderscore}induct} provide alternative views


on surjectivity; these are already declared as set or type rules for

the generic \hyperlink{method.cases}{\mbox{\isa{cases}}} and \hyperlink{method.induct}{\mbox{\isa{induct}}} methods.

78 
79 
80 
81 
82 


\end{descr}


85 
86 
87 
theories usually refer to higherlevel packages such as \hyperlink{command.HOL.record}{\mbox{\isa{\isacommand{record}}}} (see \secref{sec:holrecord}) or \hyperlink{command.HOL.datatype}{\mbox{\isa{\isacommand{datatype}}}} (see \secref{sec:holdatatype}).%

\end{isamarkuptext}%


\isamarkuptrue%


%


\isamarkupsection{Adhoc tuples%


}


\isamarkuptrue%


%


\begin{isamarkuptext}%


\begin{matharray}{rcl}

\hyperlink{attribute.HOL.splitformat}{\mbox{\isa{split{\isacharunderscore}format}}}\isa{{\isachardoublequote}\isactrlsup {\isacharasterisk}{\isachardoublequote}} & : & \isaratt \\

\end{matharray}


\begin{rail}


'split\_format' (((name *) + 'and')  ('(' 'complete' ')'))


;


\end{rail}


\begin{descr}


\item [\hyperlink{attribute.HOL.splitformat}{\mbox{\isa{split{\isacharunderscore}format}}}~\isa{{\isachardoublequote}p\isactrlsub {\isadigit{1}}\ {\isasymdots}\ p\isactrlsub m\ {\isasymAND}\ {\isasymdots}\ {\isasymAND}\ q\isactrlsub {\isadigit{1}}\ {\isasymdots}\ q\isactrlsub n{\isachardoublequote}}] puts expressions of

lowlevel tuple types into canonical form as specified by the


arguments given; the \isa{i}th collection of arguments refers to


occurrences in premise \isa{i} of the rule. The ``\isa{{\isachardoublequote}{\isacharparenleft}complete{\isacharparenright}{\isachardoublequote}}'' option causes \emph{all} arguments in function


applications to be represented canonically according to their tuple


type structure.


Note that these operations tend to invent funny names for new local


parameters to be introduced.


\end{descr}%


\end{isamarkuptext}%


\isamarkuptrue%


%


\isamarkupsection{Records \label{sec:holrecord}%


}


\isamarkuptrue%


%


\begin{isamarkuptext}%


In principle, records merely generalize the concept of tuples, where


components may be addressed by labels instead of just position. The


logical infrastructure of records in Isabelle/HOL is slightly more


advanced, though, supporting truly extensible record schemes. This


admits operations that are polymorphic with respect to record


extension, yielding ``objectoriented'' effects like (single)


inheritance. See also \cite{NaraschewskiWTPHOLs98} for more


details on objectoriented verification and record subtyping in HOL.%


\end{isamarkuptext}%


\isamarkuptrue%


%


\isamarkupsubsection{Basic concepts%


}


\isamarkuptrue%


%


\begin{isamarkuptext}%


Isabelle/HOL supports both \emph{fixed} and \emph{schematic} records


at the level of terms and types. The notation is as follows:


146 
147 
148 
149 
150 
151 
152 
153 
154 


\noindent The ASCII representation of \isa{{\isachardoublequote}{\isasymlparr}x\ {\isacharequal}\ a{\isasymrparr}{\isachardoublequote}} is \isa{{\isachardoublequote}{\isacharparenleft}{\isacharbar}\ x\ {\isacharequal}\ a\ {\isacharbar}{\isacharparenright}{\isachardoublequote}}.


157 
158 
159 
160 
161 


A record scheme like \isa{{\isachardoublequote}{\isasymlparr}x\ {\isacharequal}\ a{\isacharcomma}\ y\ {\isacharequal}\ b{\isacharcomma}\ {\isasymdots}\ {\isacharequal}\ m{\isasymrparr}{\isachardoublequote}} contains fields


\isa{x} and \isa{y} as before, but also possibly further fields


as indicated by the ``\isa{{\isachardoublequote}{\isasymdots}{\isachardoublequote}}'' notation (which is actually part


of the syntax). The improper field ``\isa{{\isachardoublequote}{\isasymdots}{\isachardoublequote}}'' of a record


scheme is called the \emph{more part}. Logically it is just a free


variable, which is occasionally referred to as ``row variable'' in


the literature. The more part of a record scheme may be


instantiated by zero or more further components. For example, the

previous scheme may get instantiated to \isa{{\isachardoublequote}{\isasymlparr}x\ {\isacharequal}\ a{\isacharcomma}\ y\ {\isacharequal}\ b{\isacharcomma}\ z\ {\isacharequal}\ c{\isacharcomma}\ {\isasymdots}\ {\isacharequal}\ m{\isacharprime}{\isasymrparr}{\isachardoublequote}}, where \isa{m{\isacharprime}} refers to a different more part.

Fixed records are special instances of record schemes, where


``\isa{{\isachardoublequote}{\isasymdots}{\isachardoublequote}}'' is properly terminated by the \isa{{\isachardoublequote}{\isacharparenleft}{\isacharparenright}\ {\isacharcolon}{\isacharcolon}\ unit{\isachardoublequote}}


element. In fact, \isa{{\isachardoublequote}{\isasymlparr}x\ {\isacharequal}\ a{\isacharcomma}\ y\ {\isacharequal}\ b{\isasymrparr}{\isachardoublequote}} is just an abbreviation


for \isa{{\isachardoublequote}{\isasymlparr}x\ {\isacharequal}\ a{\isacharcomma}\ y\ {\isacharequal}\ b{\isacharcomma}\ {\isasymdots}\ {\isacharequal}\ {\isacharparenleft}{\isacharparenright}{\isasymrparr}{\isachardoublequote}}.


176 
177 
178 


\begin{enumerate}


181 
182 
183 

\item field names are externalized, they cannot be accessed within


185 
the logic as firstclass values.

187 
188 


\medskip In Isabelle/HOL record types have to be defined explicitly,


fixing their field names and types, and their (optional) parent


record. Afterwards, records may be formed using above syntax, while


obeying the canonical order of fields as given by their declaration.


The record package provides several standard operations like


selectors and updates. The common setup for various generic proof


tools enable succinct reasoning patterns. See also the Isabelle/HOL


tutorial \cite{isabelleholbook} for further instructions on using


records in practice.%


\end{isamarkuptext}%


\isamarkuptrue%


%


\isamarkupsubsection{Record specifications%


}


\isamarkuptrue%


%


\begin{isamarkuptext}%


\begin{matharray}{rcl}

207 
26849

\end{matharray}


210 
211 
212 
213 
214 


\begin{descr}


217 
218 
219 
220 
221 


The type variables of \isa{{\isachardoublequote}{\isasymtau}{\isachardoublequote}} and \isa{{\isachardoublequote}{\isasymsigma}\isactrlsub i{\isachardoublequote}} need to be


covered by the (distinct) parameters \isa{{\isachardoublequote}{\isasymalpha}\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymalpha}\isactrlsub m{\isachardoublequote}}. Type constructor \isa{t} has to be new, while \isa{{\isasymtau}} needs to specify an instance of an existing record type. At


least one new field \isa{{\isachardoublequote}c\isactrlsub i{\isachardoublequote}} has to be specified.


Basically, field names need to belong to a unique record. This is


not a real restriction in practice, since fields are qualified by


the record name internally.


229 
230 
231 
232 
233 
234 


For convenience, \isa{{\isachardoublequote}{\isacharparenleft}{\isasymalpha}\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymalpha}\isactrlsub m{\isacharparenright}\ t{\isachardoublequote}} is made a


type abbreviation for the fixed record type \isa{{\isachardoublequote}{\isasymlparr}c\isactrlsub {\isadigit{1}}\ {\isacharcolon}{\isacharcolon}\ {\isasymsigma}\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ c\isactrlsub n\ {\isacharcolon}{\isacharcolon}\ {\isasymsigma}\isactrlsub n{\isasymrparr}{\isachardoublequote}}, likewise is \isa{{\isachardoublequote}{\isacharparenleft}{\isasymalpha}\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymalpha}\isactrlsub m{\isacharcomma}\ {\isasymzeta}{\isacharparenright}\ t{\isacharunderscore}scheme{\isachardoublequote}} made an abbreviation for


\isa{{\isachardoublequote}{\isasymlparr}c\isactrlsub {\isadigit{1}}\ {\isacharcolon}{\isacharcolon}\ {\isasymsigma}\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ c\isactrlsub n\ {\isacharcolon}{\isacharcolon}\ {\isasymsigma}\isactrlsub n{\isacharcomma}\ {\isasymdots}\ {\isacharcolon}{\isacharcolon}\ {\isasymzeta}{\isasymrparr}{\isachardoublequote}}.


239 
240 
241 
242 
243 
244 
245 
246 
247 
248 
249 
250 
251 
252 
253 


\medskip \textbf{Selectors} and \textbf{updates} are available for


any field (including ``\isa{more}''):


257 
\isa{{\isachardoublequote}c\isactrlsub i{\isachardoublequote}} & \isa{{\isachardoublequote}{\isacharcolon}{\isacharcolon}{\isachardoublequote}} & \isa{{\isachardoublequote}{\isasymlparr}\isactrlvec c\ {\isacharcolon}{\isacharcolon}\ \isactrlvec {\isasymsigma}{\isacharcomma}\ {\isasymdots}\ {\isacharcolon}{\isacharcolon}\ {\isasymzeta}{\isasymrparr}\ {\isasymRightarrow}\ {\isasymsigma}\isactrlsub i{\isachardoublequote}} \\


\isa{{\isachardoublequote}c\isactrlsub i{\isacharunderscore}update{\isachardoublequote}} & \isa{{\isachardoublequote}{\isacharcolon}{\isacharcolon}{\isachardoublequote}} & \isa{{\isachardoublequote}{\isasymsigma}\isactrlsub i\ {\isasymRightarrow}\ {\isasymlparr}\isactrlvec c\ {\isacharcolon}{\isacharcolon}\ \isactrlvec {\isasymsigma}{\isacharcomma}\ {\isasymdots}\ {\isacharcolon}{\isacharcolon}\ {\isasymzeta}{\isasymrparr}\ {\isasymRightarrow}\ {\isasymlparr}\isactrlvec c\ {\isacharcolon}{\isacharcolon}\ \isactrlvec {\isasymsigma}{\isacharcomma}\ {\isasymdots}\ {\isacharcolon}{\isacharcolon}\ {\isasymzeta}{\isasymrparr}{\isachardoublequote}} \\

\end{matharray}


262 
263 
264 
265 
266 
267 
268 
269 


\medskip The \textbf{make} operation provides a cumulative record


constructor function:


273 
\isa{{\isachardoublequote}t{\isachardot}make{\isachardoublequote}} & \isa{{\isachardoublequote}{\isacharcolon}{\isacharcolon}{\isachardoublequote}} & \isa{{\isachardoublequote}{\isasymsigma}\isactrlsub {\isadigit{1}}\ {\isasymRightarrow}\ {\isasymdots}\ {\isasymsigma}\isactrlsub n\ {\isasymRightarrow}\ {\isasymlparr}\isactrlvec c\ {\isacharcolon}{\isacharcolon}\ \isactrlvec {\isasymsigma}{\isasymrparr}{\isachardoublequote}} \\

\end{matharray}


277 
278 
279 
280 
281 
282 
283 
284 
285 
286 

\medskip


\begin{tabular}{lll}


\isa{{\isachardoublequote}c\isactrlsub i{\isachardoublequote}} & \isa{{\isachardoublequote}{\isacharcolon}{\isacharcolon}{\isachardoublequote}} & \isa{{\isachardoublequote}{\isasymlparr}\isactrlvec b\ {\isacharcolon}{\isacharcolon}\ \isactrlvec {\isasymrho}{\isacharcomma}\ \isactrlvec c\ {\isacharcolon}{\isacharcolon}\ \isactrlvec {\isasymsigma}{\isacharcomma}\ {\isasymdots}\ {\isacharcolon}{\isacharcolon}\ {\isasymzeta}{\isasymrparr}\ {\isasymRightarrow}\ {\isasymsigma}\isactrlsub i{\isachardoublequote}} \\


\isa{{\isachardoublequote}c\isactrlsub i{\isacharunderscore}update{\isachardoublequote}} & \isa{{\isachardoublequote}{\isacharcolon}{\isacharcolon}{\isachardoublequote}} & \isa{{\isachardoublequote}{\isasymsigma}\isactrlsub i\ {\isasymRightarrow}\ {\isasymlparr}\isactrlvec b\ {\isacharcolon}{\isacharcolon}\ \isactrlvec {\isasymrho}{\isacharcomma}\ \isactrlvec c\ {\isacharcolon}{\isacharcolon}\ \isactrlvec {\isasymsigma}{\isacharcomma}\ {\isasymdots}\ {\isacharcolon}{\isacharcolon}\ {\isasymzeta}{\isasymrparr}\ {\isasymRightarrow}\ {\isasymlparr}\isactrlvec b\ {\isacharcolon}{\isacharcolon}\ \isactrlvec {\isasymrho}{\isacharcomma}\ \isactrlvec c\ {\isacharcolon}{\isacharcolon}\ \isactrlvec {\isasymsigma}{\isacharcomma}\ {\isasymdots}\ {\isacharcolon}{\isacharcolon}\ {\isasymzeta}{\isasymrparr}{\isachardoublequote}} \\


\isa{{\isachardoublequote}t{\isachardot}make{\isachardoublequote}} & \isa{{\isachardoublequote}{\isacharcolon}{\isacharcolon}{\isachardoublequote}} & \isa{{\isachardoublequote}{\isasymrho}\isactrlsub {\isadigit{1}}\ {\isasymRightarrow}\ {\isasymdots}\ {\isasymrho}\isactrlsub k\ {\isasymRightarrow}\ {\isasymsigma}\isactrlsub {\isadigit{1}}\ {\isasymRightarrow}\ {\isasymdots}\ {\isasymsigma}\isactrlsub n\ {\isasymRightarrow}\ {\isasymlparr}\isactrlvec b\ {\isacharcolon}{\isacharcolon}\ \isactrlvec {\isasymrho}{\isacharcomma}\ \isactrlvec c\ {\isacharcolon}{\isacharcolon}\ \isactrlvec {\isasymsigma}{\isasymrparr}{\isachardoublequote}} \\


\end{tabular}


\medskip

26852

\noindent Some further operations address the extension aspect of a

derived record scheme specifically: \isa{{\isachardoublequote}t{\isachardot}fields{\isachardoublequote}} produces a


record fragment consisting of exactly the new fields introduced here


(the result may serve as a more part elsewhere); \isa{{\isachardoublequote}t{\isachardot}extend{\isachardoublequote}}


takes a fixed record and adds a given more part; \isa{{\isachardoublequote}t{\isachardot}truncate{\isachardoublequote}} restricts a record scheme to a fixed record.


\medskip


\begin{tabular}{lll}


\isa{{\isachardoublequote}t{\isachardot}fields{\isachardoublequote}} & \isa{{\isachardoublequote}{\isacharcolon}{\isacharcolon}{\isachardoublequote}} & \isa{{\isachardoublequote}{\isasymsigma}\isactrlsub {\isadigit{1}}\ {\isasymRightarrow}\ {\isasymdots}\ {\isasymsigma}\isactrlsub n\ {\isasymRightarrow}\ {\isasymlparr}\isactrlvec c\ {\isacharcolon}{\isacharcolon}\ \isactrlvec {\isasymsigma}{\isasymrparr}{\isachardoublequote}} \\


\isa{{\isachardoublequote}t{\isachardot}extend{\isachardoublequote}} & \isa{{\isachardoublequote}{\isacharcolon}{\isacharcolon}{\isachardoublequote}} & \isa{{\isachardoublequote}{\isasymlparr}\isactrlvec b\ {\isacharcolon}{\isacharcolon}\ \isactrlvec {\isasymrho}{\isacharcomma}\ \isactrlvec c\ {\isacharcolon}{\isacharcolon}\ \isactrlvec {\isasymsigma}{\isasymrparr}\ {\isasymRightarrow}\ {\isasymzeta}\ {\isasymRightarrow}\ {\isasymlparr}\isactrlvec b\ {\isacharcolon}{\isacharcolon}\ \isactrlvec {\isasymrho}{\isacharcomma}\ \isactrlvec c\ {\isacharcolon}{\isacharcolon}\ \isactrlvec {\isasymsigma}{\isacharcomma}\ {\isasymdots}\ {\isacharcolon}{\isacharcolon}\ {\isasymzeta}{\isasymrparr}{\isachardoublequote}} \\


\isa{{\isachardoublequote}t{\isachardot}truncate{\isachardoublequote}} & \isa{{\isachardoublequote}{\isacharcolon}{\isacharcolon}{\isachardoublequote}} & \isa{{\isachardoublequote}{\isasymlparr}\isactrlvec b\ {\isacharcolon}{\isacharcolon}\ \isactrlvec {\isasymrho}{\isacharcomma}\ \isactrlvec c\ {\isacharcolon}{\isacharcolon}\ \isactrlvec {\isasymsigma}{\isacharcomma}\ {\isasymdots}\ {\isacharcolon}{\isacharcolon}\ {\isasymzeta}{\isasymrparr}\ {\isasymRightarrow}\ {\isasymlparr}\isactrlvec b\ {\isacharcolon}{\isacharcolon}\ \isactrlvec {\isasymrho}{\isacharcomma}\ \isactrlvec c\ {\isacharcolon}{\isacharcolon}\ \isactrlvec {\isasymsigma}{\isasymrparr}{\isachardoublequote}} \\


\end{tabular}


\medskip

309 
310 
311 
312 
313 
314 
315 
316 
317 
318 
319 
320 
321 
322 
323 


\begin{enumerate}


326 
327 
328 
the \hyperlink{method.simp}{\mbox{\isa{simp}}} method without further arguments. These rules

are available as \isa{{\isachardoublequote}t{\isachardot}simps{\isachardoublequote}}, too.


332 
333 
334 
335 


Reasoner as \hyperlink{attribute.iff}{\mbox{\isa{iff}}} rules. These rules are available as

\isa{{\isachardoublequote}t{\isachardot}iffs{\isachardoublequote}}.


340 
and as the basic rule context as ``\hyperlink{attribute.intro}{\mbox{\isa{intro}}}\isa{{\isachardoublequote}{\isacharquery}{\isachardoublequote}}''.

The rule is called \isa{{\isachardoublequote}t{\isachardot}equality{\isachardoublequote}}.


344 
constructor terms are provided both in \hyperlink{method.cases}{\mbox{\isa{cases}}} and \hyperlink{method.induct}{\mbox{\isa{induct}}} format (cf.\ the generic proof methods of the same name,

\secref{sec:casesinduct}). Several variations are available, for


fixed records, record schemes, more parts etc.


349 
350 
351 
352 


\item The derived record operations \isa{{\isachardoublequote}t{\isachardot}make{\isachardoublequote}}, \isa{{\isachardoublequote}t{\isachardot}fields{\isachardoublequote}}, \isa{{\isachardoublequote}t{\isachardot}extend{\isachardoublequote}}, \isa{{\isachardoublequote}t{\isachardot}truncate{\isachardoublequote}} are \emph{not}


treated automatically, but usually need to be expanded by hand,


using the collective fact \isa{{\isachardoublequote}t{\isachardot}defs{\isachardoublequote}}.


357 
358 
359 
360 
361 
362 
363 
364 
365 
366 
\indexdef{HOL}{command}{datatype}\hypertarget{command.HOL.datatype}{\hyperlink{command.HOL.datatype}{\mbox{\isa{\isacommand{datatype}}}}} & : & \isartrans{theory}{theory} \\

\indexdef{HOL}{command}{rep\_datatype}\hypertarget{command.HOL.repdatatype}{\hyperlink{command.HOL.repdatatype}{\mbox{\isa{\isacommand{rep{\isacharunderscore}datatype}}}}} & : & \isartrans{theory}{proof} \\

\end{matharray}


371 
372 
373 
'rep\_datatype' ('(' (name +) ')')? (term +)

;


377 
378 
379 
380 
381 


\begin{descr}


384 
26849

HOL.


26907

\item [\hyperlink{command.HOL.repdatatype}{\mbox{\isa{\isacommand{rep{\isacharunderscore}datatype}}}}] represents existing types as

388 
389 
390 


\end{descr}


393 
394 
395 
396 


See \cite{isabelleHOL} for more details on datatypes, but beware of


the oldstyle theory syntax being used there! Apart from proper


proof methods for caseanalysis and induction, there are also

400 
26849

to refer directly to the internal structure of subgoals (including


internally bound parameters).%


\end{isamarkuptext}%


\isamarkuptrue%


%


\isamarkupsection{Recursive functions \label{sec:recursion}%


}


\isamarkuptrue%


%


\begin{isamarkuptext}%


\begin{matharray}{rcl}

\indexdef{HOL}{command}{primrec}\hypertarget{command.HOL.primrec}{\hyperlink{command.HOL.primrec}{\mbox{\isa{\isacommand{primrec}}}}} & : & \isarkeep{local{\dsh}theory} \\


\indexdef{HOL}{command}{fun}\hypertarget{command.HOL.fun}{\hyperlink{command.HOL.fun}{\mbox{\isa{\isacommand{fun}}}}} & : & \isarkeep{local{\dsh}theory} \\


\indexdef{HOL}{command}{function}\hypertarget{command.HOL.function}{\hyperlink{command.HOL.function}{\mbox{\isa{\isacommand{function}}}}} & : & \isartrans{local{\dsh}theory}{proof(prove)} \\


\indexdef{HOL}{command}{termination}\hypertarget{command.HOL.termination}{\hyperlink{command.HOL.termination}{\mbox{\isa{\isacommand{termination}}}}} & : & \isartrans{local{\dsh}theory}{proof(prove)} \\

\end{matharray}


418 
419 
420 
421 
422 
('fun'  'function') target? functionopts? fixes 'where' clauses

;


clauses: (thmdecl? prop ('(' 'otherwise' ')')? + '')


;

functionopts: '(' (('sequential'  'domintros'  'tailrec'  'default' term) + ',') ')'

;


'termination' ( term )?


\end{rail}


432 
433 

434 
26849

functions over datatypes, see also \cite{isabelleHOL}.


26902

\item [\hyperlink{command.HOL.function}{\mbox{\isa{\isacommand{function}}}}] defines functions by general

438 
439 
440 
441 
442 
443 


The defined function is considered partial, and the resulting


simplification rules (named \isa{{\isachardoublequote}f{\isachardot}psimps{\isachardoublequote}}) and induction rule


(named \isa{{\isachardoublequote}f{\isachardot}pinduct{\isachardoublequote}}) are guarded by a generated domain

447 
26849

command can then be used to establish that the function is total.


26902

\item [\hyperlink{command.HOL.fun}{\mbox{\isa{\isacommand{fun}}}}] is a shorthand notation for


``\hyperlink{command.HOL.function}{\mbox{\isa{\isacommand{function}}}}~\isa{{\isachardoublequote}{\isacharparenleft}sequential{\isacharparenright}{\isachardoublequote}}, followed by

452 
453 
454 

455 
26849

termination proof for the previously defined function \isa{f}. If


this is omitted, the command refers to the most recent function


definition. After the proof is closed, the recursive equations and


the induction principle is established.


461 
462 


%FIXME check


27452

Recursive definitions introduced by the \hyperlink{command.HOL.function}{\mbox{\isa{\isacommand{function}}}}


command accommodate

467 
468 
27452

to the userspecified equations.


For the \hyperlink{command.HOL.primrec}{\mbox{\isa{\isacommand{primrec}}}} the induction principle coincides


with structural recursion on the datatype the recursion is carried


out.


Case names of \hyperlink{command.HOL.primrec}{\mbox{\isa{\isacommand{primrec}}}} are that of the datatypes involved, while those of

474 
26849

476 
477 
478 
479 
480 

481 
26849

options.


484 
485 


\item [\isa{sequential}] enables a preprocessor which


disambiguates overlapping patterns by making them mutually disjoint.


Earlier equations take precedence over later ones. This allows to


give the specification in a format very similar to functional


programming. Note that the resulting simplification and induction


rules correspond to the transformed specification, not the one given


originally. This usually means that each equation given by the user


may result in several theroems. Also note that this automatic


transformation only works for MLstyle datatype patterns.


496 
497 
498 
499 


\item [\isa{tailrec}] generates the unconstrained recursive


equations even without a termination proof, provided that the


function is tailrecursive. This currently only works


504 
505 
506 
507 


\end{descr}%


\end{isamarkuptext}%


\isamarkuptrue%


%


\isamarkupsubsection{Proof methods related to recursive definitions%


}


\isamarkuptrue%


%


\begin{isamarkuptext}%


\begin{matharray}{rcl}

\indexdef{HOL}{method}{pat\_completeness}\hypertarget{method.HOL.patcompleteness}{\hyperlink{method.HOL.patcompleteness}{\mbox{\isa{pat{\isacharunderscore}completeness}}}} & : & \isarmeth \\

\indexdef{HOL}{method}{relation}\hypertarget{method.HOL.relation}{\hyperlink{method.HOL.relation}{\mbox{\isa{relation}}}} & : & \isarmeth \\

520 
\end{matharray}


523 
524 
525 
526 
527 
528 
529 


\begin{descr}


532 
26849

solve goals regarding the completeness of pattern matching, as

534 
26849

\cite{isabellefunction}).


26902

\item [\hyperlink{method.HOL.relation}{\mbox{\isa{relation}}}~\isa{R}] introduces a termination

538 
539 
540 
541 
542 
543 

544 
26849

automated termination proof by searching for a lexicographic


combination of size measures on the arguments of the function. The

547 
26849

which it uses internally to prove local descents. The same context

549 
26849

\secref{sec:clasimp}.


552 
553 
554 


\end{descr}%


\end{isamarkuptext}%


\isamarkuptrue%


%


\isamarkupsubsection{Oldstyle recursive function definitions (TFL)%


}


\isamarkuptrue%


%


\begin{isamarkuptext}%

The old TFL commands \hyperlink{command.HOL.recdef}{\mbox{\isa{\isacommand{recdef}}}} and \hyperlink{command.HOL.recdeftc}{\mbox{\isa{\isacommand{recdef{\isacharunderscore}tc}}}} for defining recursive are mostly obsolete; \hyperlink{command.HOL.function}{\mbox{\isa{\isacommand{function}}}} or \hyperlink{command.HOL.fun}{\mbox{\isa{\isacommand{fun}}}} should be used instead.

566 
26902

\indexdef{HOL}{command}{recdef}\hypertarget{command.HOL.recdef}{\hyperlink{command.HOL.recdef}{\mbox{\isa{\isacommand{recdef}}}}} & : & \isartrans{theory}{theory} \\

568 
26849

\end{matharray}


571 
572 
573 
;


574 
recdeftc thmdecl? tc


575 
;


576 
hints: '(' 'hints' (recdefmod *) ')'


577 
;


578 
recdefmod: (('recdef\_simp'  'recdef\_cong'  'recdef\_wf') (()  'add'  'del') ':' thmrefs)  clasimpmod


579 
;


580 
tc: nameref ('(' nat ')')?


581 
;


582 
\end{rail}


583 


584 
\begin{descr}


585 

26902

586 
\item [\hyperlink{command.HOL.recdef}{\mbox{\isa{\isacommand{recdef}}}}] defines general wellfounded

26849

587 
recursive functions (using the TFL package), see also


588 
\cite{isabelleHOL}. The ``\isa{{\isachardoublequote}{\isacharparenleft}permissive{\isacharparenright}{\isachardoublequote}}'' option tells


589 
TFL to recover from failed proof attempts, returning unfinished


590 
results. The \isa{recdef{\isacharunderscore}simp}, \isa{recdef{\isacharunderscore}cong}, and \isa{recdef{\isacharunderscore}wf} hints refer to auxiliary rules to be used in the internal

26902

591 
automated proof process of TFL. Additional \hyperlink{syntax.clasimpmod}{\mbox{\isa{clasimpmod}}}

26849

592 
declarations (cf.\ \secref{sec:clasimp}) may be given to tune the


593 
context of the Simplifier (cf.\ \secref{sec:simplifier}) and


594 
Classical reasoner (cf.\ \secref{sec:classical}).


595 

26907

596 
\item [\hyperlink{command.HOL.recdeftc}{\mbox{\isa{\isacommand{recdef{\isacharunderscore}tc}}}}~\isa{{\isachardoublequote}c\ {\isacharparenleft}i{\isacharparenright}{\isachardoublequote}}] recommences the

26849

597 
proof for leftover termination condition number \isa{i} (default

26902

598 
1) as generated by a \hyperlink{command.HOL.recdef}{\mbox{\isa{\isacommand{recdef}}}} definition of

26849

599 
constant \isa{c}.


600 

26902

601 
Note that in most cases, \hyperlink{command.HOL.recdef}{\mbox{\isa{\isacommand{recdef}}}} is able to finish

26849

602 
its internal proofs without manual intervention.


603 


604 
\end{descr}


605 

26902

606 
\medskip Hints for \hyperlink{command.HOL.recdef}{\mbox{\isa{\isacommand{recdef}}}} may be also declared

26849

607 
globally, using the following attributes.


608 


609 
\begin{matharray}{rcl}

26907

610 
\indexdef{HOL}{attribute}{recdef\_simp}\hypertarget{attribute.HOL.recdefsimp}{\hyperlink{attribute.HOL.recdefsimp}{\mbox{\isa{recdef{\isacharunderscore}simp}}}} & : & \isaratt \\


611 
\indexdef{HOL}{attribute}{recdef\_cong}\hypertarget{attribute.HOL.recdefcong}{\hyperlink{attribute.HOL.recdefcong}{\mbox{\isa{recdef{\isacharunderscore}cong}}}} & : & \isaratt \\


612 
\indexdef{HOL}{attribute}{recdef\_wf}\hypertarget{attribute.HOL.recdefwf}{\hyperlink{attribute.HOL.recdefwf}{\mbox{\isa{recdef{\isacharunderscore}wf}}}} & : & \isaratt \\

26849

613 
\end{matharray}


614 


615 
\begin{rail}


616 
('recdef\_simp'  'recdef\_cong'  'recdef\_wf') (()  'add'  'del')


617 
;


618 
\end{rail}%


619 
\end{isamarkuptext}%


620 
\isamarkuptrue%


621 
%


622 
\isamarkupsection{Inductive and coinductive definitions \label{sec:holinductive}%


623 
}


624 
\isamarkuptrue%


625 
%


626 
\begin{isamarkuptext}%


627 
An \textbf{inductive definition} specifies the least predicate (or


628 
set) \isa{R} closed under given rules: applying a rule to elements


629 
of \isa{R} yields a result within \isa{R}. For example, a


630 
structural operational semantics is an inductive definition of an


631 
evaluation relation.


632 


633 
Dually, a \textbf{coinductive definition} specifies the greatest


634 
predicate~/ set \isa{R} that is consistent with given rules: every


635 
element of \isa{R} can be seen as arising by applying a rule to


636 
elements of \isa{R}. An important example is using bisimulation


637 
relations to formalise equivalence of processes and infinite data


638 
structures.


639 


640 
\medskip The HOL package is related to the ZF one, which is


641 
described in a separate paper,\footnote{It appeared in CADE


642 
\cite{paulsonCADE}; a longer version is distributed with Isabelle.}


643 
which you should refer to in case of difficulties. The package is


644 
simpler than that of ZF thanks to implicit typechecking in HOL.


645 
The types of the (co)inductive predicates (or sets) determine the


646 
domain of the fixedpoint definition, and the package does not have


647 
to use inference rules for typechecking.


648 


649 
\begin{matharray}{rcl}

26902

650 
\indexdef{HOL}{command}{inductive}\hypertarget{command.HOL.inductive}{\hyperlink{command.HOL.inductive}{\mbox{\isa{\isacommand{inductive}}}}} & : & \isarkeep{local{\dsh}theory} \\

26907

651 
\indexdef{HOL}{command}{inductive\_set}\hypertarget{command.HOL.inductiveset}{\hyperlink{command.HOL.inductiveset}{\mbox{\isa{\isacommand{inductive{\isacharunderscore}set}}}}} & : & \isarkeep{local{\dsh}theory} \\

26902

652 
\indexdef{HOL}{command}{coinductive}\hypertarget{command.HOL.coinductive}{\hyperlink{command.HOL.coinductive}{\mbox{\isa{\isacommand{coinductive}}}}} & : & \isarkeep{local{\dsh}theory} \\

26907

653 
\indexdef{HOL}{command}{coinductive\_set}\hypertarget{command.HOL.coinductiveset}{\hyperlink{command.HOL.coinductiveset}{\mbox{\isa{\isacommand{coinductive{\isacharunderscore}set}}}}} & : & \isarkeep{local{\dsh}theory} \\

26902

654 
\indexdef{HOL}{attribute}{mono}\hypertarget{attribute.HOL.mono}{\hyperlink{attribute.HOL.mono}{\mbox{\isa{mono}}}} & : & \isaratt \\

26849

655 
\end{matharray}


656 


657 
\begin{rail}


658 
('inductive'  'inductive\_set'  'coinductive'  'coinductive\_set') target? fixes ('for' fixes)? \\


659 
('where' clauses)? ('monos' thmrefs)?


660 
;


661 
clauses: (thmdecl? prop + '')


662 
;


663 
'mono' (()  'add'  'del')


664 
;


665 
\end{rail}


666 


667 
\begin{descr}


668 

26902

669 
\item [\hyperlink{command.HOL.inductive}{\mbox{\isa{\isacommand{inductive}}}} and \hyperlink{command.HOL.coinductive}{\mbox{\isa{\isacommand{coinductive}}}}] define (co)inductive predicates from the


670 
introduction rules given in the \hyperlink{keyword.where}{\mbox{\isa{\isakeyword{where}}}} part. The


671 
optional \hyperlink{keyword.for}{\mbox{\isa{\isakeyword{for}}}} part contains a list of parameters of the

26849

672 
(co)inductive predicates that remain fixed throughout the

26902

673 
definition. The optional \hyperlink{keyword.monos}{\mbox{\isa{\isakeyword{monos}}}} section contains

26849

674 
\emph{monotonicity theorems}, which are required for each operator


675 
applied to a recursive set in the introduction rules. There


676 
\emph{must} be a theorem of the form \isa{{\isachardoublequote}A\ {\isasymle}\ B\ {\isasymLongrightarrow}\ M\ A\ {\isasymle}\ M\ B{\isachardoublequote}},


677 
for each premise \isa{{\isachardoublequote}M\ R\isactrlsub i\ t{\isachardoublequote}} in an introduction rule!


678 

26907

679 
\item [\hyperlink{command.HOL.inductiveset}{\mbox{\isa{\isacommand{inductive{\isacharunderscore}set}}}} and \hyperlink{command.HOL.coinductiveset}{\mbox{\isa{\isacommand{coinductive{\isacharunderscore}set}}}}] are wrappers for to the previous commands,

26849

680 
allowing the definition of (co)inductive sets.


681 

26902

682 
\item [\hyperlink{attribute.HOL.mono}{\mbox{\isa{mono}}}] declares monotonicity rules. These


683 
rule are involved in the automated monotonicity proof of \hyperlink{command.HOL.inductive}{\mbox{\isa{\isacommand{inductive}}}}.

26849

684 


685 
\end{descr}%


686 
\end{isamarkuptext}%


687 
\isamarkuptrue%


688 
%


689 
\isamarkupsubsection{Derived rules%


690 
}


691 
\isamarkuptrue%


692 
%


693 
\begin{isamarkuptext}%


694 
Each (co)inductive definition \isa{R} adds definitions to the


695 
theory and also proves some theorems:


696 


697 
\begin{description}


698 


699 
\item [\isa{R{\isachardot}intros}] is the list of introduction rules as proven


700 
theorems, for the recursive predicates (or sets). The rules are


701 
also available individually, using the names given them in the


702 
theory file;


703 


704 
\item [\isa{R{\isachardot}cases}] is the case analysis (or elimination) rule;


705 


706 
\item [\isa{R{\isachardot}induct} or \isa{R{\isachardot}coinduct}] is the (co)induction


707 
rule.


708 


709 
\end{description}


710 


711 
When several predicates \isa{{\isachardoublequote}R\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ R\isactrlsub n{\isachardoublequote}} are


712 
defined simultaneously, the list of introduction rules is called


713 
\isa{{\isachardoublequote}R\isactrlsub {\isadigit{1}}{\isacharunderscore}{\isasymdots}{\isacharunderscore}R\isactrlsub n{\isachardot}intros{\isachardoublequote}}, the case analysis rules are


714 
called \isa{{\isachardoublequote}R\isactrlsub {\isadigit{1}}{\isachardot}cases{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ R\isactrlsub n{\isachardot}cases{\isachardoublequote}}, and the list


715 
of mutual induction rules is called \isa{{\isachardoublequote}R\isactrlsub {\isadigit{1}}{\isacharunderscore}{\isasymdots}{\isacharunderscore}R\isactrlsub n{\isachardot}inducts{\isachardoublequote}}.%


716 
\end{isamarkuptext}%


717 
\isamarkuptrue%


718 
%


719 
\isamarkupsubsection{Monotonicity theorems%


720 
}


721 
\isamarkuptrue%


722 
%


723 
\begin{isamarkuptext}%


724 
Each theory contains a default set of theorems that are used in


725 
monotonicity proofs. New rules can be added to this set via the

26902

726 
\hyperlink{attribute.HOL.mono}{\mbox{\isa{mono}}} attribute. The HOL theory \isa{Inductive}

26849

727 
shows how this is done. In general, the following monotonicity


728 
theorems may be added:


729 


730 
\begin{itemize}


731 


732 
\item Theorems of the form \isa{{\isachardoublequote}A\ {\isasymle}\ B\ {\isasymLongrightarrow}\ M\ A\ {\isasymle}\ M\ B{\isachardoublequote}}, for proving


733 
monotonicity of inductive definitions whose introduction rules have


734 
premises involving terms such as \isa{{\isachardoublequote}M\ R\isactrlsub i\ t{\isachardoublequote}}.


735 


736 
\item Monotonicity theorems for logical operators, which are of the


737 
general form \isa{{\isachardoublequote}{\isacharparenleft}{\isasymdots}\ {\isasymlongrightarrow}\ {\isasymdots}{\isacharparenright}\ {\isasymLongrightarrow}\ {\isasymdots}\ {\isacharparenleft}{\isasymdots}\ {\isasymlongrightarrow}\ {\isasymdots}{\isacharparenright}\ {\isasymLongrightarrow}\ {\isasymdots}\ {\isasymlongrightarrow}\ {\isasymdots}{\isachardoublequote}}. For example, in


738 
the case of the operator \isa{{\isachardoublequote}{\isasymor}{\isachardoublequote}}, the corresponding theorem is


739 
\[


740 
\infer{\isa{{\isachardoublequote}P\isactrlsub {\isadigit{1}}\ {\isasymor}\ P\isactrlsub {\isadigit{2}}\ {\isasymlongrightarrow}\ Q\isactrlsub {\isadigit{1}}\ {\isasymor}\ Q\isactrlsub {\isadigit{2}}{\isachardoublequote}}}{\isa{{\isachardoublequote}P\isactrlsub {\isadigit{1}}\ {\isasymlongrightarrow}\ Q\isactrlsub {\isadigit{1}}{\isachardoublequote}} & \isa{{\isachardoublequote}P\isactrlsub {\isadigit{2}}\ {\isasymlongrightarrow}\ Q\isactrlsub {\isadigit{2}}{\isachardoublequote}}}


741 
\]


742 


743 
\item De Morgan style equations for reasoning about the ``polarity''


744 
of expressions, e.g.


745 
\[


746 
\isa{{\isachardoublequote}{\isasymnot}\ {\isasymnot}\ P\ {\isasymlongleftrightarrow}\ P{\isachardoublequote}} \qquad\qquad


747 
\isa{{\isachardoublequote}{\isasymnot}\ {\isacharparenleft}P\ {\isasymand}\ Q{\isacharparenright}\ {\isasymlongleftrightarrow}\ {\isasymnot}\ P\ {\isasymor}\ {\isasymnot}\ Q{\isachardoublequote}}


748 
\]


749 


750 
\item Equations for reducing complex operators to more primitive


751 
ones whose monotonicity can easily be proved, e.g.


752 
\[


753 
\isa{{\isachardoublequote}{\isacharparenleft}P\ {\isasymlongrightarrow}\ Q{\isacharparenright}\ {\isasymlongleftrightarrow}\ {\isasymnot}\ P\ {\isasymor}\ Q{\isachardoublequote}} \qquad\qquad


754 
\isa{{\isachardoublequote}Ball\ A\ P\ {\isasymequiv}\ {\isasymforall}x{\isachardot}\ x\ {\isasymin}\ A\ {\isasymlongrightarrow}\ P\ x{\isachardoublequote}}


755 
\]


756 


757 
\end{itemize}


758 


759 
%FIXME: Example of an inductive definition%


760 
\end{isamarkuptext}%


761 
\isamarkuptrue%


762 
%


763 
\isamarkupsection{Arithmetic proof support%


764 
}


765 
\isamarkuptrue%


766 
%


767 
\begin{isamarkuptext}%


768 
\begin{matharray}{rcl}

26902

769 
\indexdef{HOL}{method}{arith}\hypertarget{method.HOL.arith}{\hyperlink{method.HOL.arith}{\mbox{\isa{arith}}}} & : & \isarmeth \\

26907

770 
\indexdef{HOL}{attribute}{arith\_split}\hypertarget{attribute.HOL.arithsplit}{\hyperlink{attribute.HOL.arithsplit}{\mbox{\isa{arith{\isacharunderscore}split}}}} & : & \isaratt \\

26849

771 
\end{matharray}


772 

26902

773 
The \hyperlink{method.HOL.arith}{\mbox{\isa{arith}}} method decides linear arithmetic problems

26849

774 
(on types \isa{nat}, \isa{int}, \isa{real}). Any current


775 
facts are inserted into the goal before running the procedure.


776 

26907

777 
The \hyperlink{attribute.HOL.arithsplit}{\mbox{\isa{arith{\isacharunderscore}split}}} attribute declares case split

26895

778 
rules to be expanded before the arithmetic procedure is invoked.

26849

779 


780 
Note that a simpler (but faster) version of arithmetic reasoning is


781 
already performed by the Simplifier.%


782 
\end{isamarkuptext}%


783 
\isamarkuptrue%


784 
%

28603

785 
\isamarkupsection{Invoking automated reasoning tools  The Sledgehammer%


786 
}


787 
\isamarkuptrue%


788 
%


789 
\begin{isamarkuptext}%


790 
Isabelle/HOL includes a generic \emph{ATP manager} that allows


791 
external automated reasoning tools to crunch a pending goal.


792 
Supported provers include E\footnote{\url{http://www.eprover.org}},


793 
SPASS\footnote{\url{http://www.spassprover.org/}}, and Vampire.


794 
There is also a wrapper to invoke provers remotely via the


795 
SystemOnTPTP\footnote{\url{http://www.cs.miami.edu/~tptp/cgibin/SystemOnTPTP}}


796 
web service.


797 


798 
The problem passed to external provers consists of the goal together


799 
with a smart selection of lemmas from the current theory context.


800 
The result of a successful proof search is some source text that


801 
usually reconstructs the proof within Isabelle, without requiring


802 
external provers again. The Metis


803 
prover\footnote{\url{http://www.gilith.com/software/metis/}} that is


804 
integrated into Isabelle/HOL is being used here.


805 


806 
In this mode of operation, heavy means of automated reasoning are


807 
used as a strong relevance filter, while the main proof checking


808 
works via explicit inferences going through the Isabelle kernel.


809 
Moreover, rechecking Isabelle proof texts with already specified


810 
auxiliary facts is much faster than performing fully automated


811 
search over and over again.


812 


813 
\begin{matharray}{rcl}


814 
\indexdef{HOL}{command}{sledgehammer}\hypertarget{command.HOL.sledgehammer}{\hyperlink{command.HOL.sledgehammer}{\mbox{\isa{\isacommand{sledgehammer}}}}}\isa{{\isachardoublequote}\isactrlsup {\isacharasterisk}{\isachardoublequote}} & : & \isarkeep{proof} \\


815 
\indexdef{HOL}{command}{print\_atps}\hypertarget{command.HOL.printatps}{\hyperlink{command.HOL.printatps}{\mbox{\isa{\isacommand{print{\isacharunderscore}atps}}}}}\isa{{\isachardoublequote}\isactrlsup {\isacharasterisk}{\isachardoublequote}} & : & \isarkeep{theory~~proof} \\


816 
\indexdef{HOL}{command}{atp\_info}\hypertarget{command.HOL.atpinfo}{\hyperlink{command.HOL.atpinfo}{\mbox{\isa{\isacommand{atp{\isacharunderscore}info}}}}}\isa{{\isachardoublequote}\isactrlsup {\isacharasterisk}{\isachardoublequote}} & : & \isarkeep{\cdot} \\


817 
\indexdef{HOL}{command}{atp\_kill}\hypertarget{command.HOL.atpkill}{\hyperlink{command.HOL.atpkill}{\mbox{\isa{\isacommand{atp{\isacharunderscore}kill}}}}}\isa{{\isachardoublequote}\isactrlsup {\isacharasterisk}{\isachardoublequote}} & : & \isarkeep{\cdot} \\


818 
\indexdef{HOL}{method}{metis}\hypertarget{method.HOL.metis}{\hyperlink{method.HOL.metis}{\mbox{\isa{metis}}}} & : & \isarmeth \\


819 
\end{matharray}


820 


821 
\begin{rail}


822 
'sledgehammer' (nameref *)


823 
;


824 


825 
'metis' thmrefs


826 
;


827 
\end{rail}


828 


829 
\begin{descr}


830 


831 
\item [\hyperlink{command.HOL.sledgehammer}{\mbox{\isa{\isacommand{sledgehammer}}}}~\isa{{\isachardoublequote}prover\isactrlsub {\isadigit{1}}\ {\isasymdots}\ prover\isactrlsub n{\isachardoublequote}}] invokes the specified automated theorem provers on


832 
the first subgoal. Provers are run in parallel, the first


833 
successful result is displayed, and the other attempts are


834 
terminated.


835 


836 
Provers are defined in the theory context, see also \hyperlink{command.HOL.printatps}{\mbox{\isa{\isacommand{print{\isacharunderscore}atps}}}}. If no provers are given as arguments to \hyperlink{command.HOL.sledgehammer}{\mbox{\isa{\isacommand{sledgehammer}}}}, the system refers to the default defined as


837 
``ATP provers'' preference by the user interface.


838 


839 
There are additional preferences for timeout (default: 60 seconds),


840 
and the maximum number of independent prover processes (default: 5);


841 
excessive provers are automatically terminated.


842 


843 
\item [\hyperlink{command.HOL.printatps}{\mbox{\isa{\isacommand{print{\isacharunderscore}atps}}}}] prints the list of automated


844 
theorem provers available to the \hyperlink{command.HOL.sledgehammer}{\mbox{\isa{\isacommand{sledgehammer}}}}


845 
command.


846 


847 
\item [\hyperlink{command.HOL.atpinfo}{\mbox{\isa{\isacommand{atp{\isacharunderscore}info}}}}] prints information about presently


848 
running provers, including elapsed runtime, and the remaining time


849 
until timeout.


850 


851 
\item [\hyperlink{command.HOL.atpkill}{\mbox{\isa{\isacommand{atp{\isacharunderscore}kill}}}}] terminates all presently running


852 
provers.


853 


854 
\item [\hyperlink{method.HOL.metis}{\mbox{\isa{metis}}}~\isa{{\isachardoublequote}facts{\isachardoublequote}}] invokes the Metis


855 
prover with the given facts. Metis is an automated proof tool of


856 
medium strength, but is fully integrated into Isabelle/HOL, with


857 
explicit inferences going through the kernel. Thus its results are


858 
guaranteed to be ``correct by construction''.


859 


860 
Note that all facts used with Metis need to be specified as explicit


861 
arguments. There are no rule declarations as for other Isabelle


862 
provers, like \hyperlink{method.blast}{\mbox{\isa{blast}}} or \hyperlink{method.fast}{\mbox{\isa{fast}}}.


863 


864 
\end{descr}%


865 
\end{isamarkuptext}%


866 
\isamarkuptrue%


867 
%

27124

868 
\isamarkupsection{Unstructured cases analysis and induction \label{sec:holinducttac}%

26849

869 
}


870 
\isamarkuptrue%


871 
%


872 
\begin{isamarkuptext}%

27124

873 
The following tools of Isabelle/HOL support cases analysis and


874 
induction in unstructured tactic scripts; see also


875 
\secref{sec:casesinduct} for proper Isar versions of similar ideas.

26849

876 


877 
\begin{matharray}{rcl}

26907

878 
\indexdef{HOL}{method}{case\_tac}\hypertarget{method.HOL.casetac}{\hyperlink{method.HOL.casetac}{\mbox{\isa{case{\isacharunderscore}tac}}}}\isa{{\isachardoublequote}\isactrlsup {\isacharasterisk}{\isachardoublequote}} & : & \isarmeth \\


879 
\indexdef{HOL}{method}{induct\_tac}\hypertarget{method.HOL.inducttac}{\hyperlink{method.HOL.inducttac}{\mbox{\isa{induct{\isacharunderscore}tac}}}}\isa{{\isachardoublequote}\isactrlsup {\isacharasterisk}{\isachardoublequote}} & : & \isarmeth \\


880 
\indexdef{HOL}{method}{ind\_cases}\hypertarget{method.HOL.indcases}{\hyperlink{method.HOL.indcases}{\mbox{\isa{ind{\isacharunderscore}cases}}}}\isa{{\isachardoublequote}\isactrlsup {\isacharasterisk}{\isachardoublequote}} & : & \isarmeth \\

27124

881 
\indexdef{HOL}{command}{inductive\_cases}\hypertarget{command.HOL.inductivecases}{\hyperlink{command.HOL.inductivecases}{\mbox{\isa{\isacommand{inductive{\isacharunderscore}cases}}}}}\isa{{\isachardoublequote}\isactrlsup {\isacharasterisk}{\isachardoublequote}} & : & \isartrans{theory}{theory} \\

26849

882 
\end{matharray}


883 


884 
\begin{rail}


885 
'case\_tac' goalspec? term rule?


886 
;


887 
'induct\_tac' goalspec? (insts * 'and') rule?


888 
;


889 
'ind\_cases' (prop +) ('for' (name +)) ?


890 
;


891 
'inductive\_cases' (thmdecl? (prop +) + 'and')


892 
;


893 


894 
rule: ('rule' ':' thmref)


895 
;


896 
\end{rail}


897 


898 
\begin{descr}


899 

26907

900 
\item [\hyperlink{method.HOL.casetac}{\mbox{\isa{case{\isacharunderscore}tac}}} and \hyperlink{method.HOL.inducttac}{\mbox{\isa{induct{\isacharunderscore}tac}}}]

27124

901 
admit to reason about inductive types. Rules are selected according


902 
to the declarations by the \hyperlink{attribute.cases}{\mbox{\isa{cases}}} and \hyperlink{attribute.induct}{\mbox{\isa{induct}}} attributes, cf.\ \secref{sec:casesinduct}. The \hyperlink{command.HOL.datatype}{\mbox{\isa{\isacommand{datatype}}}} package already takes care of this.


903 


904 
These unstructured tactics feature both goal addressing and dynamic

26849

905 
instantiation. Note that named rule cases are \emph{not} provided

27124

906 
as would be by the proper \hyperlink{method.cases}{\mbox{\isa{cases}}} and \hyperlink{method.induct}{\mbox{\isa{induct}}} proof


907 
methods (see \secref{sec:casesinduct}). Unlike the \hyperlink{method.induct}{\mbox{\isa{induct}}} method, \hyperlink{method.inducttac}{\mbox{\isa{induct{\isacharunderscore}tac}}} does not handle structured rule


908 
statements, only the compact objectlogic conclusion of the subgoal


909 
being addressed.

26849

910 

26907

911 
\item [\hyperlink{method.HOL.indcases}{\mbox{\isa{ind{\isacharunderscore}cases}}} and \hyperlink{command.HOL.inductivecases}{\mbox{\isa{\isacommand{inductive{\isacharunderscore}cases}}}}] provide an interface to the internal \verbmk_cases operation. Rules are simplified in an unrestricted

26861

912 
forward manner.

26849

913 

26907

914 
While \hyperlink{method.HOL.indcases}{\mbox{\isa{ind{\isacharunderscore}cases}}} is a proof method to apply the


915 
result immediately as elimination rules, \hyperlink{command.HOL.inductivecases}{\mbox{\isa{\isacommand{inductive{\isacharunderscore}cases}}}} provides case split theorems at the theory level


916 
for later use. The \hyperlink{keyword.for}{\mbox{\isa{\isakeyword{for}}}} argument of the \hyperlink{method.HOL.indcases}{\mbox{\isa{ind{\isacharunderscore}cases}}} method allows to specify a list of variables that should

26849

917 
be generalized before applying the resulting rule.


918 


919 
\end{descr}%


920 
\end{isamarkuptext}%


921 
\isamarkuptrue%


922 
%


923 
\isamarkupsection{Executable code%


924 
}


925 
\isamarkuptrue%


926 
%


927 
\begin{isamarkuptext}%


928 
Isabelle/Pure provides two generic frameworks to support code


929 
generation from executable specifications. Isabelle/HOL


930 
instantiates these mechanisms in a way that is amenable to enduser


931 
applications.


932 


933 
One framework generates code from both functional and relational


934 
programs to SML. See \cite{isabelleHOL} for further information


935 
(this actually covers the newstyle theory format as well).


936 


937 
\begin{matharray}{rcl}

26902

938 
\indexdef{HOL}{command}{value}\hypertarget{command.HOL.value}{\hyperlink{command.HOL.value}{\mbox{\isa{\isacommand{value}}}}}\isa{{\isachardoublequote}\isactrlsup {\isacharasterisk}{\isachardoublequote}} & : & \isarkeep{theory~~proof} \\

26907

939 
\indexdef{HOL}{command}{code\_module}\hypertarget{command.HOL.codemodule}{\hyperlink{command.HOL.codemodule}{\mbox{\isa{\isacommand{code{\isacharunderscore}module}}}}} & : & \isartrans{theory}{theory} \\


940 
\indexdef{HOL}{command}{code\_library}\hypertarget{command.HOL.codelibrary}{\hyperlink{command.HOL.codelibrary}{\mbox{\isa{\isacommand{code{\isacharunderscore}library}}}}} & : & \isartrans{theory}{theory} \\


941 
\indexdef{HOL}{command}{consts\_code}\hypertarget{command.HOL.constscode}{\hyperlink{command.HOL.constscode}{\mbox{\isa{\isacommand{consts{\isacharunderscore}code}}}}} & : & \isartrans{theory}{theory} \\


942 
\indexdef{HOL}{command}{types\_code}\hypertarget{command.HOL.typescode}{\hyperlink{command.HOL.typescode}{\mbox{\isa{\isacommand{types{\isacharunderscore}code}}}}} & : & \isartrans{theory}{theory} \\

26902

943 
\indexdef{HOL}{attribute}{code}\hypertarget{attribute.HOL.code}{\hyperlink{attribute.HOL.code}{\mbox{\isa{code}}}} & : & \isaratt \\

26849

944 
\end{matharray}


945 


946 
\begin{rail}


947 
'value' term


948 
;


949 


950 
( 'code\_module'  'code\_library' ) modespec ? name ? \\


951 
( 'file' name ) ? ( 'imports' ( name + ) ) ? \\


952 
'contains' ( ( name '=' term ) +  term + )


953 
;


954 


955 
modespec: '(' ( name * ) ')'


956 
;


957 


958 
'consts\_code' (codespec +)


959 
;


960 


961 
codespec: const template attachment ?


962 
;


963 


964 
'types\_code' (tycodespec +)


965 
;


966 


967 
tycodespec: name template attachment ?


968 
;


969 


970 
const: term


971 
;


972 


973 
template: '(' string ')'


974 
;


975 


976 
attachment: 'attach' modespec ? verblbrace text verbrbrace


977 
;


978 


979 
'code' (name)?


980 
;


981 
\end{rail}


982 


983 
\begin{descr}


984 

26902

985 
\item [\hyperlink{command.HOL.value}{\mbox{\isa{\isacommand{value}}}}~\isa{t}] evaluates and prints a

26849

986 
term using the code generator.


987 


988 
\end{descr}


989 


990 
\medskip The other framework generates code from functional programs


991 
(including overloading using type classes) to SML \cite{SML}, OCaml


992 
\cite{OCaml} and Haskell \cite{haskellrevisedreport}.


993 
Conceptually, code generation is split up in three steps:


994 
\emph{selection} of code theorems, \emph{translation} into an


995 
abstract executable view and \emph{serialization} to a specific


996 
\emph{target language}. See \cite{isabellecodegen} for an


997 
introduction on how to use it.


998 


999 
\begin{matharray}{rcl}

26907

1000 
\indexdef{HOL}{command}{export\_code}\hypertarget{command.HOL.exportcode}{\hyperlink{command.HOL.exportcode}{\mbox{\isa{\isacommand{export{\isacharunderscore}code}}}}}\isa{{\isachardoublequote}\isactrlsup {\isacharasterisk}{\isachardoublequote}} & : & \isarkeep{theory~~proof} \\


1001 
\indexdef{HOL}{command}{code\_thms}\hypertarget{command.HOL.codethms}{\hyperlink{command.HOL.codethms}{\mbox{\isa{\isacommand{code{\isacharunderscore}thms}}}}}\isa{{\isachardoublequote}\isactrlsup {\isacharasterisk}{\isachardoublequote}} & : & \isarkeep{theory~~proof} \\


1002 
\indexdef{HOL}{command}{code\_deps}\hypertarget{command.HOL.codedeps}{\hyperlink{command.HOL.codedeps}{\mbox{\isa{\isacommand{code{\isacharunderscore}deps}}}}}\isa{{\isachardoublequote}\isactrlsup {\isacharasterisk}{\isachardoublequote}} & : & \isarkeep{theory~~proof} \\


1003 
\indexdef{HOL}{command}{code\_datatype}\hypertarget{command.HOL.codedatatype}{\hyperlink{command.HOL.codedatatype}{\mbox{\isa{\isacommand{code{\isacharunderscore}datatype}}}}} & : & \isartrans{theory}{theory} \\


1004 
\indexdef{HOL}{command}{code\_const}\hypertarget{command.HOL.codeconst}{\hyperlink{command.HOL.codeconst}{\mbox{\isa{\isacommand{code{\isacharunderscore}const}}}}} & : & \isartrans{theory}{theory} \\


1005 
\indexdef{HOL}{command}{code\_type}\hypertarget{command.HOL.codetype}{\hyperlink{command.HOL.codetype}{\mbox{\isa{\isacommand{code{\isacharunderscore}type}}}}} & : & \isartrans{theory}{theory} \\


1006 
\indexdef{HOL}{command}{code\_class}\hypertarget{command.HOL.codeclass}{\hyperlink{command.HOL.codeclass}{\mbox{\isa{\isacommand{code{\isacharunderscore}class}}}}} & : & \isartrans{theory}{theory} \\


1007 
\indexdef{HOL}{command}{code\_instance}\hypertarget{command.HOL.codeinstance}{\hyperlink{command.HOL.codeinstance}{\mbox{\isa{\isacommand{code{\isacharunderscore}instance}}}}} & : & \isartrans{theory}{theory} \\


1008 
\indexdef{HOL}{command}{code\_monad}\hypertarget{command.HOL.codemonad}{\hyperlink{command.HOL.codemonad}{\mbox{\isa{\isacommand{code{\isacharunderscore}monad}}}}} & : & \isartrans{theory}{theory} \\


1009 
\indexdef{HOL}{command}{code\_reserved}\hypertarget{command.HOL.codereserved}{\hyperlink{command.HOL.codereserved}{\mbox{\isa{\isacommand{code{\isacharunderscore}reserved}}}}} & : & \isartrans{theory}{theory} \\


1010 
\indexdef{HOL}{command}{code\_include}\hypertarget{command.HOL.codeinclude}{\hyperlink{command.HOL.codeinclude}{\mbox{\isa{\isacommand{code{\isacharunderscore}include}}}}} & : & \isartrans{theory}{theory} \\


1011 
\indexdef{HOL}{command}{code\_modulename}\hypertarget{command.HOL.codemodulename}{\hyperlink{command.HOL.codemodulename}{\mbox{\isa{\isacommand{code{\isacharunderscore}modulename}}}}} & : & \isartrans{theory}{theory} \\

27103

1012 
\indexdef{HOL}{command}{code\_abort}\hypertarget{command.HOL.codeabort}{\hyperlink{command.HOL.codeabort}{\mbox{\isa{\isacommand{code{\isacharunderscore}abort}}}}} & : & \isartrans{theory}{theory} \\

26907

1013 
\indexdef{HOL}{command}{print\_codesetup}\hypertarget{command.HOL.printcodesetup}{\hyperlink{command.HOL.printcodesetup}{\mbox{\isa{\isacommand{print{\isacharunderscore}codesetup}}}}}\isa{{\isachardoublequote}\isactrlsup {\isacharasterisk}{\isachardoublequote}} & : & \isarkeep{theory~~proof} \\

26902

1014 
\indexdef{HOL}{attribute}{code}\hypertarget{attribute.HOL.code}{\hyperlink{attribute.HOL.code}{\mbox{\isa{code}}}} & : & \isaratt \\

26849

1015 
\end{matharray}


1016 


1017 
\begin{rail}


1018 
'export\_code' ( constexpr + ) ? \\


1019 
( ( 'in' target ( 'module\_name' string ) ? \\


1020 
( 'file' ( string  '' ) ) ? ( '(' args ')' ) ?) + ) ?


1021 
;


1022 


1023 
'code\_thms' ( constexpr + ) ?


1024 
;


1025 


1026 
'code\_deps' ( constexpr + ) ?


1027 
;


1028 


1029 
const: term


1030 
;


1031 


1032 
constexpr: ( const  'name.*'  '*' )


1033 
;


1034 


1035 
typeconstructor: nameref


1036 
;


1037 


1038 
class: nameref


1039 
;


1040 


1041 
target: 'OCaml'  'SML'  'Haskell'


1042 
;


1043 


1044 
'code\_datatype' const +


1045 
;


1046 


1047 
'code\_const' (const + 'and') \\


1048 
( ( '(' target ( syntax ? + 'and' ) ')' ) + )


1049 
;


1050 


1051 
'code\_type' (typeconstructor + 'and') \\


1052 
( ( '(' target ( syntax ? + 'and' ) ')' ) + )


1053 
;


1054 


1055 
'code\_class' (class + 'and') \\


1056 
( ( '(' target \\


1057 
( ( string ('where' \\


1058 
( const ( '=='  equiv ) string ) + ) ? ) ? + 'and' ) ')' ) + )


1059 
;


1060 


1061 
'code\_instance' (( typeconstructor '::' class ) + 'and') \\


1062 
( ( '(' target ( '' ? + 'and' ) ')' ) + )


1063 
;


1064 


1065 
'code\_monad' const const target


1066 
;


1067 


1068 
'code\_reserved' target ( string + )


1069 
;


1070 


1071 
'code\_include' target ( string ( string  '') )


1072 
;


1073 


1074 
'code\_modulename' target ( ( string string ) + )


1075 
;


1076 

27452

1077 
'code\_abort' ( const + )

26849

1078 
;


1079 


1080 
syntax: string  ( 'infix'  'infixl'  'infixr' ) nat string


1081 
;


1082 

28562

1083 
'code' ( 'inline' ) ? ( 'del' ) ?

26849

1084 
;


1085 
\end{rail}


1086 


1087 
\begin{descr}


1088 

26907

1089 
\item [\hyperlink{command.HOL.exportcode}{\mbox{\isa{\isacommand{export{\isacharunderscore}code}}}}] is the canonical interface

26849

1090 
for generating and serializing code: for a given list of constants,


1091 
code is generated for the specified target languages. Abstract code


1092 
is cached incrementally. If no constant is given, the currently


1093 
cached code is serialized. If no serialization instruction is


1094 
given, only abstract code is cached.


1095 


1096 
Constants may be specified by giving them literally, referring to


1097 
all executable contants within a certain theory by giving \isa{{\isachardoublequote}name{\isachardot}{\isacharasterisk}{\isachardoublequote}}, or referring to \emph{all} executable constants currently


1098 
available by giving \isa{{\isachardoublequote}{\isacharasterisk}{\isachardoublequote}}.


1099 


1100 
By default, for each involved theory one corresponding name space


1101 
module is generated. Alternativly, a module name may be specified

26907

1102 
after the \hyperlink{keyword.modulename}{\mbox{\isa{\isakeyword{module{\isacharunderscore}name}}}} keyword; then \emph{all} code is

26849

1103 
placed in this module.


1104 


1105 
For \emph{SML} and \emph{OCaml}, the file specification refers to a


1106 
single file; for \emph{Haskell}, it refers to a whole directory,


1107 
where code is generated in multiple files reflecting the module


1108 
hierarchy. The file specification ``\isa{{\isachardoublequote}{\isacharminus}{\isachardoublequote}}'' denotes standard


1109 
output. For \emph{SML}, omitting the file specification compiles


1110 
code internally in the context of the current ML session.


1111 


1112 
Serializers take an optional list of arguments in parentheses. For


1113 
\emph{Haskell} a module name prefix may be given using the ``\isa{{\isachardoublequote}root{\isacharcolon}{\isachardoublequote}}'' argument; ``\isa{string{\isacharunderscore}classes}'' adds a ``\verbderiving (Read, Show)'' clause to each appropriate datatype


1114 
declaration.


1115 

26907

1116 
\item [\hyperlink{command.HOL.codethms}{\mbox{\isa{\isacommand{code{\isacharunderscore}thms}}}}] prints a list of theorems

26849

1117 
representing the corresponding program containing all given


1118 
constants; if no constants are given, the currently cached code


1119 
theorems are printed.


1120 

26907

1121 
\item [\hyperlink{command.HOL.codedeps}{\mbox{\isa{\isacommand{code{\isacharunderscore}deps}}}}] visualizes dependencies of

26849

1122 
theorems representing the corresponding program containing all given


1123 
constants; if no constants are given, the currently cached code


1124 
theorems are visualized.


1125 

26907

1126 
\item [\hyperlink{command.HOL.codedatatype}{\mbox{\isa{\isacommand{code{\isacharunderscore}datatype}}}}] specifies a constructor set

26849

1127 
for a logical type.


1128 

26907

1129 
\item [\hyperlink{command.HOL.codeconst}{\mbox{\isa{\isacommand{code{\isacharunderscore}const}}}}] associates a list of constants

26849

1130 
with targetspecific serializations; omitting a serialization


1131 
deletes an existing serialization.


1132 

26907

1133 
\item [\hyperlink{command.HOL.codetype}{\mbox{\isa{\isacommand{code{\isacharunderscore}type}}}}] associates a list of type

26849

1134 
constructors with targetspecific serializations; omitting a


1135 
serialization deletes an existing serialization.


1136 

26907

1137 
\item [\hyperlink{command.HOL.codeclass}{\mbox{\isa{\isacommand{code{\isacharunderscore}class}}}}] associates a list of classes

26849

1138 
with targetspecific class names; in addition, constants associated


1139 
with this class may be given targetspecific names used for instance


1140 
declarations; omitting a serialization deletes an existing


1141 
serialization. This applies only to \emph{Haskell}.


1142 

26907

1143 
\item [\hyperlink{command.HOL.codeinstance}{\mbox{\isa{\isacommand{code{\isacharunderscore}instance}}}}] declares a list of type

26849

1144 
constructor / class instance relations as ``already present'' for a


1145 
given target. Omitting a ``\isa{{\isachardoublequote}{\isacharminus}{\isachardoublequote}}'' deletes an existing


1146 
``already present'' declaration. This applies only to


1147 
\emph{Haskell}.


1148 

26907

1149 
\item [\hyperlink{command.HOL.codemonad}{\mbox{\isa{\isacommand{code{\isacharunderscore}monad}}}}] provides an auxiliary

27834

1150 
mechanism to generate monadic code for Haskell.

26849

1151 

26907

1152 
\item [\hyperlink{command.HOL.codereserved}{\mbox{\isa{\isacommand{code{\isacharunderscore}reserved}}}}] declares a list of names as

26849

1153 
reserved for a given target, preventing it to be shadowed by any


1154 
generated code.


1155 

26907

1156 
\item [\hyperlink{command.HOL.codeinclude}{\mbox{\isa{\isacommand{code{\isacharunderscore}include}}}}] adds arbitrary named content

27834

1157 
(``include'') to generated code. A ``\isa{{\isachardoublequote}{\isacharminus}{\isachardoublequote}}'' as last argument

26849

1158 
will remove an already added ``include''.


1159 

26907

1160 
\item [\hyperlink{command.HOL.codemodulename}{\mbox{\isa{\isacommand{code{\isacharunderscore}modulename}}}}] declares aliasings from

26849

1161 
one module name onto another.


1162 

27103

1163 
\item [\hyperlink{command.HOL.codeabort}{\mbox{\isa{\isacommand{code{\isacharunderscore}abort}}}}] declares constants which

27452

1164 
are not required to have a definition by means of defining equations;

27103

1165 
if needed these are implemented by program abort instead.

26849

1166 

28562

1167 
\item [\hyperlink{attribute.HOL.code}{\mbox{\isa{code}}}] explicitly selects (or


1168 
with option ``\isa{{\isachardoublequote}del{\isachardoublequote}}'' deselects) a defining equation for

26849

1169 
code generation. Usually packages introducing defining equations

27452

1170 
provide a reasonable default setup for selection.

26849

1171 

26902

1172 
\item [\hyperlink{attribute.HOL.code}{\mbox{\isa{code}}}\isa{inline}] declares (or with

28562

1173 
option ``\isa{{\isachardoublequote}del{\isachardoublequote}}'' removes) inlining theorems which are

26849

1174 
applied as rewrite rules to any defining equation during


1175 
preprocessing.


1176 

26907

1177 
\item [\hyperlink{command.HOL.printcodesetup}{\mbox{\isa{\isacommand{print{\isacharunderscore}codesetup}}}}] gives an overview on

26849

1178 
selected defining equations, code generator datatypes and


1179 
preprocessor setup.


1180 


1181 
\end{descr}%


1182 
\end{isamarkuptext}%


1183 
\isamarkuptrue%


1184 
%

27047

1185 
\isamarkupsection{Definition by specification \label{sec:holspecification}%


1186 
}


1187 
\isamarkuptrue%


1188 
%


1189 
\begin{isamarkuptext}%


1190 
\begin{matharray}{rcl}


1191 
\indexdef{HOL}{command}{specification}\hypertarget{command.HOL.specification}{\hyperlink{command.HOL.specification}{\mbox{\isa{\isacommand{specification}}}}} & : & \isartrans{theory}{proof(prove)} \\


1192 
\indexdef{HOL}{command}{ax\_specification}\hypertarget{command.HOL.axspecification}{\hyperlink{command.HOL.axspecification}{\mbox{\isa{\isacommand{ax{\isacharunderscore}specification}}}}} & : & \isartrans{theory}{proof(prove)} \\


1193 
\end{matharray}


