\chapter{Theories, Terms and Types} \label{theories}


\index{theories(}\index{signaturesbold}


\index{reading!axiomssee{{\tt extend_theory} and {\tt assume_ax}}}


Theories organize the syntax, declarations and axioms of a mathematical


development. They are built, starting from the Pure theory, by extending


and merging existing theories. They have the \ML{} type \ttindex{theory}.


Theory operations signal errors by raising exception \ttindex{THEORY},


returning a message and a list of theories.


Signatures, which contain information about sorts, types, constants and


syntax, have the \ML{} type~\ttindexbold{Sign.sg}. For identification,


each signature carries a unique list of {\bf stamps}, which are~\ML{}


references (to strings). The strings serve as humanreadable names; the


references serve as unique identifiers. Each primitive signature has a


single stamp. When two signatures are merged, their lists of stamps are


also merged. Every theory carries a unique signature.


Terms and types are the underlying representation of logical syntax. Their


\ML{} definitions are irrelevant to naive Isabelle users. Programmers who wish


to extend Isabelle may need to know such details, say to code a tactic that


looks for subgoals of a particular form. Terms and types may be


`certified' to be wellformed with respect to a given signature.


\section{Defining Theories}


\label{DefiningTheories}


Theories can be defined either using concrete syntax or by calling certain


\MLfunctions (see \S\ref{BuildingATheory}). Figure~\ref{TheorySyntax}


presents the concrete syntax for theories. This grammar employs the


following conventions:


\begin{itemize}


\item Identifiers such as $theoryDef$ denote nonterminal symbols.


\item Text in {\tt typewriter font} denotes terminal symbols.


\item \ldots{} indicates repetition of a phrase.


\item A vertical bar~($$) separates alternative phrases.


\item Square [brackets] enclose optional phrases.


\item $id$ stands for an Isabelle identifier.


\item $string$ stands for an ML string, with its quotation marks.


\item $k$ stands for a natural number.


\item $text$ stands for arbitrary ML text.


\end{itemize}


\begin{figure}[hp]


\begin{center}


\begin{tabular}{rclc}


$theoryDef$ &=& $id$ {\tt=} $id@1$ {\tt+} \dots {\tt+} $id@n$


[{\tt+} $extension$]\\\\


$extension$ &=& [$classes$] [$default$] [$types$] [$arities$] [$consts$]


[$rules$] {\tt end} [$ml$]\\\\


$classes$ &=& \ttindex{classes} $class$ \dots $class$ \\\\


$class$ &=& $id$ [{\tt<} $id@1${\tt,} \dots{\tt,} $id@n$] \\\\


$default$ &=& \ttindex{default} $sort$ \\\\


$sort$ &=& $id$ ~~$$~~ {\tt\{} $id@1${\tt,} \dots{\tt,} $id@n$ {\tt\}} \\\\


$name$ &=& $id$ ~~$$~~ $string$ \\\\


$types$ &=& \ttindex{types} $typeDecl$ \dots $typeDecl$ \\\\


$typeDecl$ &=& $name${\tt,} \dots{\tt,} $name$ $k$


[{\tt(} $infix$ {\tt)}] \\\\


$infix$ &=& \ttindex{infixl} $k$ ~~$$~~ \ttindex{infixr} $k$ \\\\


$arities$ &=& \ttindex{arities} $arityDecl$ \dots $arityDecl$ \\\\


$arityDecl$ &=& $name${\tt,} \dots{\tt,} $name$ {\tt::} $arity$ \\\\


$arity$ &=& [{\tt(} $sort${\tt,} \dots{\tt,} $sort$ {\tt)}] $id$ \\\\


$consts$ &=& \ttindex{consts} $constDecl$ \dots $constDecl$ \\\\


$constDecl$ &=& $name@1${\tt,} \dots{\tt,} $name@n$ {\tt::} $string$


[{\tt(} $mixfix$ {\tt)}] \\\\


$mixfix$ &=& $string$


[ [\quad{\tt[} $k@1${\tt,} \dots{\tt,} $k@n$ {\tt]}\quad] $k$]\\


&$$& $infix$ \\


&$$& \ttindex{binder} $string$ $k$\\\\


$rules$ &=& \ttindex{rules} $rule$ \dots $rule$ \\\\


$rule$ &=& $id$ $string$ \\\\


$ml$ &=& \ttindex{ML} $text$


\end{tabular}


\end{center}


\caption{Theory Syntax}


\label{TheorySyntax}


\end{figure}


The different parts of a theory definition are interpreted as follows:


\begin{description}


\item[$theoryDef$] A theory has a name $id$ and is an extension of the union


of existing theories $id@1$ \dots $id@n$ with new classes, types,


constants, syntax and axioms. The basic theory, which contains only the


metalogic, is called {\tt Pure}.


\item[$class$] The new class $id$ is declared as a subclass of existing


classes $id@1$ \dots $id@n$. This rules out cyclic class structures.


Isabelle automatically computes the transitive closure of subclass


hierarchies. Hence it is not necessary to declare $c@1 < c@3$ in addition


to $c@1 < c@2$ and $c@2 < c@3$.


\item[$default$] introduces $sort$ as the new default sort for type


variables. Unconstrained type variables in an input string are


automatically constrained by $sort$; this does not apply to type variables


created internally during type inference. If omitted,


the default sort is the same as in the parent theory.


\item[$sort$] is a finite set $id@1$ \dots $id@n$ of classes; a single class


$id$ abbreviates the singleton set {\tt\{}$id${\tt\}}.


\item[$name$] is either an alphanumeric identifier or an arbitrary string.


\item[$typeDecl$] Each $name$ is declared as a new type constructor with


$k$ arguments. Only binary type constructors can have infix status and


symbolic names ($string$).


\item[$infix$] declares a type or constant to be an infix operator of


precedence $k$ associating to the left ({\tt infixl}) or right ({\tt


infixr}).


\item[$arityDecl$] Each existing type constructor $name@1$ \dots $name@n$


is given the additional arity $arity$.


\item[$constDecl$] The new constants $name@1$ \dots $name@n$ are declared to


be of type $string$. For display purposes they can be annotated with


$mixfix$ declarations.


\item[$mixfix$] $string$ is a mixfix template of the form {\tt"}\dots{\tt\_}


\dots{\tt\_} \dots{\tt"} where the $i$th underscore indicates the position


where the $i$th argument should go, $k@i$ is the minimum precedence of


the $i$th argument, and $k$ the precedence of the construct. The list


\hbox{\tt[$k@1$, \dots, $k@n$]} is optional.


115 
116 


A constant $f$ {\tt::} $(\tau@1\To\tau@2)\To\tau@3$ can be given {\em


binder} status: {\tt binder} $Q$ $p$ causes $Q\,x.F(x)$ to be treated


like $f(F)$; $p$ is the precedence of the construct.


\item[$rule$] A rule consists of a name $id$ and a formula $string$. Rule


names must be distinct.


\item[$ml$] This final part of a theory consists of ML code,


typically for parse and print translations.


\end{description}


The $mixfix$ and $ml$ sections are explained in more detail in the {\it


Defining Logics} chapter of the {\it Logics} manual.


128 
129 
130 
131 
132 
133 
134 
135 
136 
137 
138 
139 
140 
141 


143 
144 
145 
146 
147 
148 
149 
150 
151 
152 
153 
154 
155 


\item[\ttindexbold{assume_ax} $thy$ $formula$]


reads the {\it formula} using the syntax of $thy$, following the same


conventions as axioms in a theory definition. You can thus pretend that


{\it formula} is an axiom; in fact, {\tt assume_ax} returns an assumption.


You can use the resulting theorem like an axiom. Note that


\ttindex{result} complains about additional assumptions, but


\ttindex{uresult} does not.


164 
165 
166 
167 
168 


\subsection{Building a theory}


\label{BuildingATheory}


\index{theories!constructingbold}


\begin{ttbox}


pure_thy: theory


merge_theories: theory * theory > theory


extend_theory: theory > string


> (class * class list) list


* sort


* (string list * int)list


* (string list * (sort list * class))list


* (string list * string)list * sext option


> (string*string)list > theory


\end{ttbox}


Type \ttindex{class} is a synonym for {\tt string}; type \ttindex{sort} is


a synonym for \hbox{\tt class list}.


\begin{description}


\item[\ttindexbold{pure_thy}] contains just the types, constants, and syntax


of the metalogic. There are no axioms: metalevel inferences are carried


out by \ML\ functions.


\item[\ttindexbold{merge_theories} ($thy@1$, $thy@2$)] merges the two


theories $thy@1$ and $thy@2$. The resulting theory contains all types,


constants and axioms of the constituent theories; its default sort is the


union of the default sorts of the constituent theories.


\item [\ttindexbold{extend_theory} $thy$ {\tt"}$T${\tt"}


($classes$, $default$, $types$, $arities$, $consts$, $sextopt$) $rules$]


\hfill\break %%% include if line is just too short


is the \MLequivalent of the following theory definition:


\begin{ttbox}


\(T\) = \(thy\) +


classes \(c\) < \(c@1\),\(\dots\),\(c@m\)


\dots


default {\(d@1,\dots,d@r\)}


types \(tycon@1\),\dots,\(tycon@i\) \(n\)


\dots


arities \(tycon@1'\),\dots,\(tycon@j'\) :: (\(s@1\),\dots,\(s@n\))\(c\)


\dots


consts \(b@1\),\dots,\(b@k\) :: \(\tau\)


\dots


rules \(name\) \(rule\)


\dots


end


\end{ttbox}


where


\begin{tabular}[t]{l@{~=~}l}


$classes$ & \tt[("$c$",["$c@1$",\dots,"$c@m$"]),\dots] \\


$default$ & \tt["$d@1$",\dots,"$d@r$"]\\


$types$ & \tt[([$tycon@1$,\dots,$tycon@i$], $n$),\dots] \\


$arities$ & \tt[([$tycon'@1$,\dots,$tycon'@j$], ([$s@1$,\dots,$s@n$],$c$)),\dots]


\\


$consts$ & \tt[([$b@1$,\dots,$b@k$],$\tau$),\dots] \\


$rules$ & \tt[("$name$",$rule$),\dots]


\end{tabular}


223 
224 
225 
226 
227 


$T$ identifies the theory internally. When a theory is redeclared, say to


change an incorrect axiom, bindings to the old axiom may persist. Isabelle


ensures that the old and new theories are not involved in the same proof.


Attempting to combine different theories having the same name $T$ yields the


232 
fatal error


233 
\begin{center} \tt


234 
Attempt to merge different versions of theory: $T$


235 
\end{center}


236 
\end{description}


237 


238 


239 
\subsection{Inspecting a theory}


240 
\index{theories!inspectingbold}


241 
\begin{ttbox}


242 
print_theory : theory > unit


243 
axioms_of : theory > (string*thm)list


244 
parents_of : theory > theory list


245 
sign_of : theory > Sign.sg


246 
stamps_of_thy : theory > string ref list


247 
\end{ttbox}


248 
These provide a simple means of viewing a theory's components.


249 
Unfortunately, there is no direct connection between a theorem and its


250 
theory.


251 
\begin{description}


252 
\item[\ttindexbold{print_theory} {\it thy}]


253 
prints the theory {\it thy\/} at the terminal as a set of identifiers.


254 


255 
\item[\ttindexbold{axioms_of} $thy$]


256 
returns the axioms of~$thy$ and its ancestors.


257 


258 
\item[\ttindexbold{parents_of} $thy$]


259 
returns the parents of~$thy$. This list contains zero, one or two


260 
elements, depending upon whether $thy$ is {\tt pure_thy},


261 
\hbox{\tt extend_theory $thy$} or \hbox{\tt merge_theories ($thy@1$, $thy@2$)}.


262 


263 
\item[\ttindexbold{stamps_of_thy} $thy$]\index{signatures}


264 
returns the stamps of the signature associated with~$thy$.


265 


266 
\item[\ttindexbold{sign_of} $thy$]


267 
returns the signature associated with~$thy$. It is useful with functions


268 
like {\tt read_instantiate_sg}, which take a signature as an argument.


269 
\end{description}


270 


271 


272 
\section{Terms}


273 
\index{termsbold}


274 
Terms belong to the \ML{} type \ttindexbold{term}, which is a concrete datatype


275 
with six constructors: there are six kinds of term.


276 
\begin{ttbox}


277 
type indexname = string * int;


278 
infix 9 $;


279 
datatype term = Const of string * typ


280 
 Free of string * typ


281 
 Var of indexname * typ


282 
 Bound of int


283 
 Abs of string * typ * term


284 
 op $ of term * term;


285 
\end{ttbox}


286 
\begin{description}


287 
\item[\ttindexbold{Const}($a$, $T$)]


288 
is the {\bf constant} with name~$a$ and type~$T$. Constants include


289 
connectives like $\land$ and $\forall$ (logical constants), as well as


290 
constants like~0 and~$Suc$. Other constants may be required to define the


291 
concrete syntax of a logic.


292 


293 
\item[\ttindexbold{Free}($a$, $T$)]


294 
is the {\bf free variable} with name~$a$ and type~$T$.


295 


296 
\item[\ttindexbold{Var}($v$, $T$)]


297 
is the {\bf scheme variable} with indexname~$v$ and type~$T$. An


298 
\ttindexbold{indexname} is a string paired with a nonnegative index, or


299 
subscript; a term's scheme variables can be systematically renamed by


300 
incrementing their subscripts. Scheme variables are essentially free


301 
variables, but may be instantiated during unification.


302 


303 
\item[\ttindexbold{Bound} $i$]


304 
is the {\bf bound variable} with de Bruijn index~$i$, which counts the


305 
number of lambdas, starting from zero, between a variable's occurrence and


306 
its binding. The representation prevents capture of variables. For more


307 
information see de Bruijn \cite{debruijn72} or


308 
Paulson~\cite[page~336]{paulson91}.


309 


310 
\item[\ttindexbold{Abs}($a$, $T$, $u$)]


311 
is the {\bf abstraction} with body~$u$, and whose bound variable has


312 
name~$a$ and type~$T$. The name is used only for parsing and printing; it


313 
has no logical significance.


314 


315 
\item[\tt $t$ \$ $u$] \index{$@{\tt\$}bold}


316 
is the {\bf application} of~$t$ to~$u$.


317 
\end{description}


318 
Application is written as an infix operator in order to aid readability.


319 
For example, here is an \ML{} pattern to recognize firstorder formula of


320 
the form~$A\imp B$, binding the subformulae to~$A$ and~$B$:


321 
\begin{ttbox}


322 
Const("Trueprop",_) $ (Const("op >",_) $ A $ B)


323 
\end{ttbox}


324 


325 


326 
\section{Certified terms}


327 
\index{terms!certifiedbold}\index{signatures}


328 
A term $t$ can be {\bf certified} under a signature to ensure that every


329 
type in~$t$ is declared in the signature and every constant in~$t$ is


330 
declared as a constant of the same type in the signature. It must be


331 
welltyped and must not have any `loose' bound variable


332 
references.\footnote{This concerns the internal representation of variable


333 
binding using de Bruijn indexes.} Metarules such as {\tt forall_elim} take


334 
certified terms as arguments.


335 


336 
Certified terms belong to the abstract type \ttindexbold{Sign.cterm}.


337 
Elements of the type can only be created through the certification process.


338 
In case of error, Isabelle raises exception~\ttindex{TERM}\@.


339 


340 
\subsection{Printing terms}


341 
\index{printing!termsbold}


342 
\begin{ttbox}


343 
Sign.string_of_cterm : Sign.cterm > string


344 
Sign.string_of_term : Sign.sg > term > string


345 
\end{ttbox}


346 
\begin{description}


347 
\item[\ttindexbold{Sign.string_of_cterm} $ct$]


348 
displays $ct$ as a string.


349 


350 
\item[\ttindexbold{Sign.string_of_term} $sign$ $t$]


351 
displays $t$ as a string, using the syntax of~$sign$.


352 
\end{description}


353 


354 
\subsection{Making and inspecting certified terms}


355 
\begin{ttbox}


356 
Sign.cterm_of : Sign.sg > term > Sign.cterm


357 
Sign.read_cterm : Sign.sg > string * typ > Sign.cterm


358 
Sign.rep_cterm : Sign.cterm > \{T:typ, t:term,


359 
sign: Sign.sg, maxidx:int\}


360 
\end{ttbox}


361 
\begin{description}


362 
\item[\ttindexbold{Sign.cterm_of} $sign$ $t$] \index{signatures}


363 
certifies $t$ with respect to signature~$sign$.


364 


365 
\item[\ttindexbold{Sign.read_cterm} $sign$ ($s$, $T$)]


366 
reads the string~$s$ using the syntax of~$sign$, creating a certified term.


367 
The term is checked to have type~$T$; this type also tells the parser what


368 
kind of phrase to parse.


369 


370 
\item[\ttindexbold{Sign.rep_cterm} $ct$]


371 
decomposes $ct$ as a record containing its type, the term itself, its


372 
signature, and the maximum subscript of its unknowns. The type and maximum


373 
subscript are computed during certification.


374 
\end{description}


375 


376 


377 
\section{Types}


378 
\index{typesbold}


379 
Types belong to the \ML{} type \ttindexbold{typ}, which is a concrete


380 
datatype with three constructors. Types are classified by sorts, which are


381 
lists of classes. A class is represented by a string.


382 
\begin{ttbox}


383 
type class = string;


384 
type sort = class list;


385 


386 
datatype typ = Type of string * typ list


387 
 TFree of string * sort


388 
 TVar of indexname * sort;


389 


390 
infixr 5 >;


391 
fun S > T = Type("fun",[S,T]);


392 
\end{ttbox}


393 
\begin{description}


394 
\item[\ttindexbold{Type}($a$, $Ts$)]


395 
applies the {\bf type constructor} named~$a$ to the type operands~$Ts$.


396 
Type constructors include~\ttindexbold{fun}, the binary function space


397 
constructor, as well as nullary type constructors such


398 
as~\ttindexbold{prop}. Other type constructors may be introduced. In


399 
expressions, but not in patterns, \hbox{\tt$S$>$T$} is a convenient


400 
shorthand for function types.


401 


402 
\item[\ttindexbold{TFree}($a$, $s$)]


403 
is the {\bf free type variable} with name~$a$ and sort~$s$.


404 


405 
\item[\ttindexbold{TVar}($v$, $s$)]


406 
is the {\bf scheme type variable} with indexname~$v$ and sort~$s$. Scheme


407 
type variables are essentially free type variables, but may be instantiated


408 
during unification.


409 
\end{description}


410 


411 


412 
\section{Certified types}


413 
\index{types!certifiedbold}


414 
Certified types, which are analogous to certified terms, have type


415 
\ttindexbold{Sign.ctyp}.


416 


417 
\subsection{Printing types}


418 
\index{printing!typesbold}


419 
\begin{ttbox}


420 
Sign.string_of_ctyp : Sign.ctyp > string


421 
Sign.string_of_typ : Sign.sg > typ > string


422 
\end{ttbox}


423 
\begin{description}


424 
\item[\ttindexbold{Sign.string_of_ctyp} $cT$]


425 
displays $cT$ as a string.


426 


427 
\item[\ttindexbold{Sign.string_of_typ} $sign$ $T$]


428 
displays $T$ as a string, using the syntax of~$sign$.


429 
\end{description}


430 


431 


432 
\subsection{Making and inspecting certified types}


433 
\begin{ttbox}


434 
Sign.ctyp_of : Sign.sg > typ > Sign.ctyp


435 
Sign.rep_ctyp : Sign.ctyp > \{T: typ, sign: Sign.sg\}


436 
\end{ttbox}


437 
\begin{description}


438 
\item[\ttindexbold{Sign.ctyp_of} $sign$ $T$] \index{signatures}


439 
certifies $T$ with respect to signature~$sign$.


440 


441 
\item[\ttindexbold{Sign.rep_ctyp} $cT$]


442 
decomposes $cT$ as a record containing the type itself and its signature.


443 
\end{description}


444 


445 
\index{theories)}
