isabelle: doc-src/Ref/thm.tex@d8205bb279a7 (annotated)

104 d8205bb279a7 Initial revision lcp parents: diff changeset	1	%% $Id$
d8205bb279a7 Initial revision lcp parents: diff changeset	2	\chapter{Theorems and Forward Proof}
d8205bb279a7 Initial revision lcp parents: diff changeset	3	\index{theorems\|(}
d8205bb279a7 Initial revision lcp parents: diff changeset	4	Theorems, which represent the axioms, theorems and rules of object-logics,
d8205bb279a7 Initial revision lcp parents: diff changeset	5	have type {\tt thm}\indexbold{*thm}. This chapter begins by describing
d8205bb279a7 Initial revision lcp parents: diff changeset	6	operations that print theorems and that join them in forward proof. Most
d8205bb279a7 Initial revision lcp parents: diff changeset	7	theorem operations are intended for advanced applications, such as
d8205bb279a7 Initial revision lcp parents: diff changeset	8	programming new proof procedures. Many of these operations refer to
d8205bb279a7 Initial revision lcp parents: diff changeset	9	signatures, certified terms and certified types, which have the \ML{} types
d8205bb279a7 Initial revision lcp parents: diff changeset	10	{\tt Sign.sg}, {\tt Sign.cterm} and {\tt Sign.ctyp} and are discussed in
d8205bb279a7 Initial revision lcp parents: diff changeset	11	Chapter~\ref{theories}. Beginning users should ignore such complexities
d8205bb279a7 Initial revision lcp parents: diff changeset	12	--- and skip all but the first section of this chapter.
d8205bb279a7 Initial revision lcp parents: diff changeset	13
d8205bb279a7 Initial revision lcp parents: diff changeset	14	The theorem operations do not print error messages. Instead, they raise
d8205bb279a7 Initial revision lcp parents: diff changeset	15	exception~\ttindex{THM}\@. Use \ttindex{print_exn} to display
d8205bb279a7 Initial revision lcp parents: diff changeset	16	exceptions nicely:
d8205bb279a7 Initial revision lcp parents: diff changeset	17	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	18	allI RS mp handle e => print_exn e;
d8205bb279a7 Initial revision lcp parents: diff changeset	19	{\out Exception THM raised:}
d8205bb279a7 Initial revision lcp parents: diff changeset	20	{\out RSN: no unifiers -- premise 1}
d8205bb279a7 Initial revision lcp parents: diff changeset	21	{\out (!!x. ?P(x)) ==> ALL x. ?P(x)}
d8205bb279a7 Initial revision lcp parents: diff changeset	22	{\out [\| ?P --> ?Q; ?P \|] ==> ?Q}
d8205bb279a7 Initial revision lcp parents: diff changeset	23	{\out}
d8205bb279a7 Initial revision lcp parents: diff changeset	24	{\out uncaught exception THM}
d8205bb279a7 Initial revision lcp parents: diff changeset	25	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	26
d8205bb279a7 Initial revision lcp parents: diff changeset	27
d8205bb279a7 Initial revision lcp parents: diff changeset	28	\section{Basic operations on theorems}
d8205bb279a7 Initial revision lcp parents: diff changeset	29	\subsection{Pretty-printing a theorem}
d8205bb279a7 Initial revision lcp parents: diff changeset	30	\index{theorems!printing\|bold}\index{printing!theorems\|bold}
d8205bb279a7 Initial revision lcp parents: diff changeset	31	\subsubsection{Top-level commands}
d8205bb279a7 Initial revision lcp parents: diff changeset	32	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	33	prth: thm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	34	prths: thm list -> thm list
d8205bb279a7 Initial revision lcp parents: diff changeset	35	prthq: thm Sequence.seq -> thm Sequence.seq
d8205bb279a7 Initial revision lcp parents: diff changeset	36	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	37	These are for interactive use. They are identity functions that display,
d8205bb279a7 Initial revision lcp parents: diff changeset	38	then return, their argument. The \ML{} identifier {\tt it} will refer to
d8205bb279a7 Initial revision lcp parents: diff changeset	39	the value just displayed.
d8205bb279a7 Initial revision lcp parents: diff changeset	40	\begin{description}
d8205bb279a7 Initial revision lcp parents: diff changeset	41	\item[\ttindexbold{prth} {\it thm}]
d8205bb279a7 Initial revision lcp parents: diff changeset	42	prints {\it thm\/} at the terminal.
d8205bb279a7 Initial revision lcp parents: diff changeset	43
d8205bb279a7 Initial revision lcp parents: diff changeset	44	\item[\ttindexbold{prths} {\it thms}]
d8205bb279a7 Initial revision lcp parents: diff changeset	45	prints {\it thms}, a list of theorems.
d8205bb279a7 Initial revision lcp parents: diff changeset	46
d8205bb279a7 Initial revision lcp parents: diff changeset	47	\item[\ttindexbold{prthq} {\it thmq}]
d8205bb279a7 Initial revision lcp parents: diff changeset	48	prints {\it thmq}, a sequence of theorems. It is useful for inspecting
d8205bb279a7 Initial revision lcp parents: diff changeset	49	the output of a tactic.
d8205bb279a7 Initial revision lcp parents: diff changeset	50	\end{description}
d8205bb279a7 Initial revision lcp parents: diff changeset	51
d8205bb279a7 Initial revision lcp parents: diff changeset	52	\subsubsection{Operations for programming}
d8205bb279a7 Initial revision lcp parents: diff changeset	53	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	54	print_thm : thm -> unit
d8205bb279a7 Initial revision lcp parents: diff changeset	55	print_goals : int -> thm -> unit
d8205bb279a7 Initial revision lcp parents: diff changeset	56	string_of_thm : thm -> string
d8205bb279a7 Initial revision lcp parents: diff changeset	57	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	58	Functions with result type {\tt unit} are convenient for imperative
d8205bb279a7 Initial revision lcp parents: diff changeset	59	programming.
d8205bb279a7 Initial revision lcp parents: diff changeset	60	\begin{description}
d8205bb279a7 Initial revision lcp parents: diff changeset	61	\item[\ttindexbold{print_thm} {\it thm}]
d8205bb279a7 Initial revision lcp parents: diff changeset	62	prints {\it thm\/} at the terminal.
d8205bb279a7 Initial revision lcp parents: diff changeset	63
d8205bb279a7 Initial revision lcp parents: diff changeset	64	\item[\ttindexbold{print_goals} {\it limit\/} {\it thm}]
d8205bb279a7 Initial revision lcp parents: diff changeset	65	prints {\it thm\/} in goal style, with the premises as subgoals. It prints
d8205bb279a7 Initial revision lcp parents: diff changeset	66	at most {\it limit\/} subgoals. The subgoal module calls {\tt print_goals}
d8205bb279a7 Initial revision lcp parents: diff changeset	67	to display proof states.
d8205bb279a7 Initial revision lcp parents: diff changeset	68
d8205bb279a7 Initial revision lcp parents: diff changeset	69	\item[\ttindexbold{string_of_thm} {\it thm}]
d8205bb279a7 Initial revision lcp parents: diff changeset	70	converts {\it thm\/} to a string.
d8205bb279a7 Initial revision lcp parents: diff changeset	71	\end{description}
d8205bb279a7 Initial revision lcp parents: diff changeset	72
d8205bb279a7 Initial revision lcp parents: diff changeset	73
d8205bb279a7 Initial revision lcp parents: diff changeset	74	\subsection{Forwards proof: joining rules by resolution}
d8205bb279a7 Initial revision lcp parents: diff changeset	75	\index{theorems!joining by resolution\|bold}
d8205bb279a7 Initial revision lcp parents: diff changeset	76	\index{meta-rules!resolution\|bold}
d8205bb279a7 Initial revision lcp parents: diff changeset	77	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	78	RSN : thm * (int * thm) -> thm \hfill{\bf infix}
d8205bb279a7 Initial revision lcp parents: diff changeset	79	RS : thm * thm -> thm \hfill{\bf infix}
d8205bb279a7 Initial revision lcp parents: diff changeset	80	MRS : thm list * thm -> thm \hfill{\bf infix}
d8205bb279a7 Initial revision lcp parents: diff changeset	81	RLN : thm list * (int * thm list) -> thm list \hfill{\bf infix}
d8205bb279a7 Initial revision lcp parents: diff changeset	82	RL : thm list * thm list -> thm list \hfill{\bf infix}
d8205bb279a7 Initial revision lcp parents: diff changeset	83	MRL: thm list list * thm list -> thm list \hfill{\bf infix}
d8205bb279a7 Initial revision lcp parents: diff changeset	84	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	85	Putting rules together is a simple way of deriving new rules. These
d8205bb279a7 Initial revision lcp parents: diff changeset	86	functions are especially useful with destruction rules.
d8205bb279a7 Initial revision lcp parents: diff changeset	87	\begin{description}
d8205bb279a7 Initial revision lcp parents: diff changeset	88	\item[\tt$thm@1$ RSN $(i,thm@2)$] \indexbold{*RSN}
d8205bb279a7 Initial revision lcp parents: diff changeset	89	resolves the conclusion of $thm@1$ with the $i$th premise of~$thm@2$. It
d8205bb279a7 Initial revision lcp parents: diff changeset	90	raises exception \ttindex{THM} unless there is precisely one resolvent.
d8205bb279a7 Initial revision lcp parents: diff changeset	91
d8205bb279a7 Initial revision lcp parents: diff changeset	92	\item[\tt$thm@1$ RS $thm@2$] \indexbold{*RS}
d8205bb279a7 Initial revision lcp parents: diff changeset	93	abbreviates \hbox{\tt$thm@1$ RSN $(1,thm@2)$}. Thus, it resolves the
d8205bb279a7 Initial revision lcp parents: diff changeset	94	conclusion of $thm@1$ with the first premise of~$thm@2$.
d8205bb279a7 Initial revision lcp parents: diff changeset	95
d8205bb279a7 Initial revision lcp parents: diff changeset	96	\item[\tt {$[thm@1,\ldots,thm@n]$} MRS $thm$] \indexbold{*MRS}
d8205bb279a7 Initial revision lcp parents: diff changeset	97	uses {\tt RLN} to resolve $thm@i$ against premise~$i$ of $thm$, for
d8205bb279a7 Initial revision lcp parents: diff changeset	98	$i=n$, \ldots,~1. This applies $thm@n$, \ldots, $thm@1$ to the first $n$
d8205bb279a7 Initial revision lcp parents: diff changeset	99	premises of $thm$. Because the theorems are used from right to left, it
d8205bb279a7 Initial revision lcp parents: diff changeset	100	does not matter if the $thm@i$ create new premises. {\tt MRS} is useful
d8205bb279a7 Initial revision lcp parents: diff changeset	101	for expressing proof trees.
d8205bb279a7 Initial revision lcp parents: diff changeset	102
d8205bb279a7 Initial revision lcp parents: diff changeset	103	\item[\tt$thms1$ RLN $(i,thms2)$] \indexbold{*RLN}
d8205bb279a7 Initial revision lcp parents: diff changeset	104	for every $thm@1$ in $thms1$ and $thm@2$ in $thms2$, it resolves the
d8205bb279a7 Initial revision lcp parents: diff changeset	105	conclusion of $thm@1$ with the $i$th premise of~$thm@2$, accumulating the
d8205bb279a7 Initial revision lcp parents: diff changeset	106	results. It is useful for combining lists of theorems.
d8205bb279a7 Initial revision lcp parents: diff changeset	107
d8205bb279a7 Initial revision lcp parents: diff changeset	108	\item[\tt$thms1$ RL $thms2$] \indexbold{*RL}
d8205bb279a7 Initial revision lcp parents: diff changeset	109	abbreviates \hbox{\tt$thms1$ RLN $(1,thms2)$}.
d8205bb279a7 Initial revision lcp parents: diff changeset	110
d8205bb279a7 Initial revision lcp parents: diff changeset	111	\item[\tt {$[thms@1,\ldots,thms@n]$} MRL $thms$] \indexbold{*MRL}
d8205bb279a7 Initial revision lcp parents: diff changeset	112	is analogous to {\tt MRS}, but combines theorem lists rather than theorems.
d8205bb279a7 Initial revision lcp parents: diff changeset	113	It too is useful for expressing proof trees.
d8205bb279a7 Initial revision lcp parents: diff changeset	114	\end{description}
d8205bb279a7 Initial revision lcp parents: diff changeset	115
d8205bb279a7 Initial revision lcp parents: diff changeset	116
d8205bb279a7 Initial revision lcp parents: diff changeset	117	\subsection{Expanding definitions in theorems}
d8205bb279a7 Initial revision lcp parents: diff changeset	118	\index{theorems!meta-level rewriting in\|bold}\index{rewriting!meta-level}
d8205bb279a7 Initial revision lcp parents: diff changeset	119	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	120	rewrite_rule : thm list -> thm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	121	rewrite_goals_rule : thm list -> thm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	122	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	123	\begin{description}
d8205bb279a7 Initial revision lcp parents: diff changeset	124	\item[\ttindexbold{rewrite_rule} {\it defs} {\it thm}]
d8205bb279a7 Initial revision lcp parents: diff changeset	125	unfolds the {\it defs} throughout the theorem~{\it thm}.
d8205bb279a7 Initial revision lcp parents: diff changeset	126
d8205bb279a7 Initial revision lcp parents: diff changeset	127	\item[\ttindexbold{rewrite_goals_rule} {\it defs} {\it thm}]
d8205bb279a7 Initial revision lcp parents: diff changeset	128	unfolds the {\it defs} in the premises of~{\it thm}, but leaves the
d8205bb279a7 Initial revision lcp parents: diff changeset	129	conclusion unchanged. This rule underlies \ttindex{rewrite_goals_tac}, but
d8205bb279a7 Initial revision lcp parents: diff changeset	130	serves little purpose in forward proof.
d8205bb279a7 Initial revision lcp parents: diff changeset	131	\end{description}
d8205bb279a7 Initial revision lcp parents: diff changeset	132
d8205bb279a7 Initial revision lcp parents: diff changeset	133
d8205bb279a7 Initial revision lcp parents: diff changeset	134	\subsection{Instantiating a theorem} \index{theorems!instantiating\|bold}
d8205bb279a7 Initial revision lcp parents: diff changeset	135	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	136	read_instantiate : (string*string)list -> thm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	137	read_instantiate_sg : Sign.sg -> (string*string)list -> thm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	138	cterm_instantiate : (Sign.cterm*Sign.cterm)list -> thm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	139	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	140	These meta-rules instantiate type and term unknowns in a theorem. They are
d8205bb279a7 Initial revision lcp parents: diff changeset	141	occasionally useful. They can prevent difficulties with higher-order
d8205bb279a7 Initial revision lcp parents: diff changeset	142	unification, and define specialized versions of rules.
d8205bb279a7 Initial revision lcp parents: diff changeset	143	\begin{description}
d8205bb279a7 Initial revision lcp parents: diff changeset	144	\item[\ttindexbold{read_instantiate} {\it insts} {\it thm}]
d8205bb279a7 Initial revision lcp parents: diff changeset	145	processes the instantiations {\it insts} and instantiates the rule~{\it
d8205bb279a7 Initial revision lcp parents: diff changeset	146	thm}. The processing of instantiations is described
d8205bb279a7 Initial revision lcp parents: diff changeset	147	in~\S\ref{res_inst_tac}, under {\tt res_inst_tac}.
d8205bb279a7 Initial revision lcp parents: diff changeset	148
d8205bb279a7 Initial revision lcp parents: diff changeset	149	Use {\tt res_inst_tac}, not {\tt read_instantiate}, to instantiate a rule
d8205bb279a7 Initial revision lcp parents: diff changeset	150	and refine a particular subgoal. The tactic allows instantiation by the
d8205bb279a7 Initial revision lcp parents: diff changeset	151	subgoal's parameters, and reads the instantiations using the signature
d8205bb279a7 Initial revision lcp parents: diff changeset	152	associated with the proof state. The remaining two instantiation functions
d8205bb279a7 Initial revision lcp parents: diff changeset	153	are highly specialized; most users should ignore them.
d8205bb279a7 Initial revision lcp parents: diff changeset	154
d8205bb279a7 Initial revision lcp parents: diff changeset	155	\item[\ttindexbold{read_instantiate_sg} {\it sg} {\it insts} {\it thm}]
d8205bb279a7 Initial revision lcp parents: diff changeset	156	resembles \hbox{\tt read_instantiate {\it insts} {\it thm}}, but reads the
d8205bb279a7 Initial revision lcp parents: diff changeset	157	instantiates under signature~{\it sg}. This is necessary when you want to
d8205bb279a7 Initial revision lcp parents: diff changeset	158	instantiate a rule from a general theory, such as first-order logic, using
d8205bb279a7 Initial revision lcp parents: diff changeset	159	the notation of some specialized theory. Use the function {\tt
d8205bb279a7 Initial revision lcp parents: diff changeset	160	sign_of} to get the signature of a theory.
d8205bb279a7 Initial revision lcp parents: diff changeset	161
d8205bb279a7 Initial revision lcp parents: diff changeset	162	\item[\ttindexbold{cterm_instantiate} {\it ctpairs} {\it thm}]
d8205bb279a7 Initial revision lcp parents: diff changeset	163	is similar to {\tt read_instantiate}, but the instantiations are provided
d8205bb279a7 Initial revision lcp parents: diff changeset	164	as pairs of certified terms, not as strings to be read.
d8205bb279a7 Initial revision lcp parents: diff changeset	165	\end{description}
d8205bb279a7 Initial revision lcp parents: diff changeset	166
d8205bb279a7 Initial revision lcp parents: diff changeset	167
d8205bb279a7 Initial revision lcp parents: diff changeset	168	\subsection{Miscellaneous forward rules}
d8205bb279a7 Initial revision lcp parents: diff changeset	169	\index{theorems!standardizing\|bold}
d8205bb279a7 Initial revision lcp parents: diff changeset	170	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	171	standard : thm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	172	zero_var_indexes : thm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	173	make_elim : thm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	174	rule_by_tactic : tactic -> thm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	175	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	176	\begin{description}
d8205bb279a7 Initial revision lcp parents: diff changeset	177	\item[\ttindexbold{standard} $thm$]
d8205bb279a7 Initial revision lcp parents: diff changeset	178	puts $thm$ into the standard form of object-rules. It discharges all
d8205bb279a7 Initial revision lcp parents: diff changeset	179	meta-hypotheses, replaces free variables by schematic variables, and
d8205bb279a7 Initial revision lcp parents: diff changeset	180	renames schematic variables to have subscript zero.
d8205bb279a7 Initial revision lcp parents: diff changeset	181
d8205bb279a7 Initial revision lcp parents: diff changeset	182	\item[\ttindexbold{zero_var_indexes} $thm$]
d8205bb279a7 Initial revision lcp parents: diff changeset	183	makes all schematic variables have subscript zero, renaming them to avoid
d8205bb279a7 Initial revision lcp parents: diff changeset	184	clashes.
d8205bb279a7 Initial revision lcp parents: diff changeset	185
d8205bb279a7 Initial revision lcp parents: diff changeset	186	\item[\ttindexbold{make_elim} $thm$]
d8205bb279a7 Initial revision lcp parents: diff changeset	187	\index{rules!converting destruction to elimination}
d8205bb279a7 Initial revision lcp parents: diff changeset	188	converts $thm$, a destruction rule of the form $\List{P@1;\ldots;P@m}\Imp
d8205bb279a7 Initial revision lcp parents: diff changeset	189	Q$, to the elimination rule $\List{P@1; \ldots; P@m; Q\Imp R}\Imp R$. This
d8205bb279a7 Initial revision lcp parents: diff changeset	190	is the basis for destruct-resolution: {\tt dresolve_tac}, etc.
d8205bb279a7 Initial revision lcp parents: diff changeset	191
d8205bb279a7 Initial revision lcp parents: diff changeset	192	\item[\ttindexbold{rule_by_tactic} {\it tac} {\it thm}]
d8205bb279a7 Initial revision lcp parents: diff changeset	193	applies {\it tac\/} to the {\it thm}, freezing its variables first, then
d8205bb279a7 Initial revision lcp parents: diff changeset	194	yields the proof state returned by the tactic. In typical usage, the
d8205bb279a7 Initial revision lcp parents: diff changeset	195	{\it thm\/} represents an instance of a rule with several premises, some
d8205bb279a7 Initial revision lcp parents: diff changeset	196	with contradictory assumptions (because of the instantiation). The
d8205bb279a7 Initial revision lcp parents: diff changeset	197	tactic proves those subgoals and does whatever else it can, and returns
d8205bb279a7 Initial revision lcp parents: diff changeset	198	whatever is left.
d8205bb279a7 Initial revision lcp parents: diff changeset	199	\end{description}
d8205bb279a7 Initial revision lcp parents: diff changeset	200
d8205bb279a7 Initial revision lcp parents: diff changeset	201
d8205bb279a7 Initial revision lcp parents: diff changeset	202	\subsection{Taking a theorem apart}
d8205bb279a7 Initial revision lcp parents: diff changeset	203	\index{theorems!taking apart\|bold}
d8205bb279a7 Initial revision lcp parents: diff changeset	204	\index{flex-flex constraints}
d8205bb279a7 Initial revision lcp parents: diff changeset	205	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	206	concl_of : thm -> term
d8205bb279a7 Initial revision lcp parents: diff changeset	207	prems_of : thm -> term list
d8205bb279a7 Initial revision lcp parents: diff changeset	208	nprems_of : thm -> int
d8205bb279a7 Initial revision lcp parents: diff changeset	209	tpairs_of : thm -> (term*term)list
d8205bb279a7 Initial revision lcp parents: diff changeset	210	stamps_of_thy : thm -> string ref list
d8205bb279a7 Initial revision lcp parents: diff changeset	211	dest_state : thmint -> (termterm)list * term list * term * term
d8205bb279a7 Initial revision lcp parents: diff changeset	212	rep_thm : thm -> \{prop:term, hyps:term list,
d8205bb279a7 Initial revision lcp parents: diff changeset	213	maxidx:int, sign:Sign.sg\}
d8205bb279a7 Initial revision lcp parents: diff changeset	214	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	215	\begin{description}
d8205bb279a7 Initial revision lcp parents: diff changeset	216	\item[\ttindexbold{concl_of} $thm$]
d8205bb279a7 Initial revision lcp parents: diff changeset	217	returns the conclusion of $thm$ as a term.
d8205bb279a7 Initial revision lcp parents: diff changeset	218
d8205bb279a7 Initial revision lcp parents: diff changeset	219	\item[\ttindexbold{prems_of} $thm$]
d8205bb279a7 Initial revision lcp parents: diff changeset	220	returns the premises of $thm$ as a list of terms.
d8205bb279a7 Initial revision lcp parents: diff changeset	221
d8205bb279a7 Initial revision lcp parents: diff changeset	222	\item[\ttindexbold{nprems_of} $thm$]
d8205bb279a7 Initial revision lcp parents: diff changeset	223	returns the number of premises in $thm$: {\tt length(prems_of~$thm$)}.
d8205bb279a7 Initial revision lcp parents: diff changeset	224
d8205bb279a7 Initial revision lcp parents: diff changeset	225	\item[\ttindexbold{tpairs_of} $thm$]
d8205bb279a7 Initial revision lcp parents: diff changeset	226	returns the flex-flex constraints of $thm$.
d8205bb279a7 Initial revision lcp parents: diff changeset	227
d8205bb279a7 Initial revision lcp parents: diff changeset	228	\item[\ttindexbold{stamps_of_thm} $thm$]
d8205bb279a7 Initial revision lcp parents: diff changeset	229	returns the stamps of the signature associated with~$thm$.
d8205bb279a7 Initial revision lcp parents: diff changeset	230
d8205bb279a7 Initial revision lcp parents: diff changeset	231	\item[\ttindexbold{dest_state} $(thm,i)$]
d8205bb279a7 Initial revision lcp parents: diff changeset	232	decomposes $thm$ as a tuple containing a list of flex-flex constraints, a
d8205bb279a7 Initial revision lcp parents: diff changeset	233	list of the subgoals~1 to~$i-1$, subgoal~$i$, and the rest of the theorem
d8205bb279a7 Initial revision lcp parents: diff changeset	234	(this will be an implication if there are more than $i$ subgoals).
d8205bb279a7 Initial revision lcp parents: diff changeset	235
d8205bb279a7 Initial revision lcp parents: diff changeset	236	\item[\ttindexbold{rep_thm} $thm$]
d8205bb279a7 Initial revision lcp parents: diff changeset	237	decomposes $thm$ as a record containing the statement of~$thm$, its list of
d8205bb279a7 Initial revision lcp parents: diff changeset	238	meta-hypotheses, the maximum subscript of its unknowns, and its signature.
d8205bb279a7 Initial revision lcp parents: diff changeset	239	\end{description}
d8205bb279a7 Initial revision lcp parents: diff changeset	240
d8205bb279a7 Initial revision lcp parents: diff changeset	241
d8205bb279a7 Initial revision lcp parents: diff changeset	242	\subsection{Tracing flags for unification}
d8205bb279a7 Initial revision lcp parents: diff changeset	243	\index{tracing!of unification}
d8205bb279a7 Initial revision lcp parents: diff changeset	244	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	245	Unify.trace_simp : bool ref \hfill{\bf initially false}
d8205bb279a7 Initial revision lcp parents: diff changeset	246	Unify.trace_types : bool ref \hfill{\bf initially false}
d8205bb279a7 Initial revision lcp parents: diff changeset	247	Unify.trace_bound : int ref \hfill{\bf initially 10}
d8205bb279a7 Initial revision lcp parents: diff changeset	248	Unify.search_bound : int ref \hfill{\bf initially 20}
d8205bb279a7 Initial revision lcp parents: diff changeset	249	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	250	Tracing the search may be useful when higher-order unification behaves
d8205bb279a7 Initial revision lcp parents: diff changeset	251	unexpectedly. Letting {\tt res_inst_tac} circumvent the problem is easier,
d8205bb279a7 Initial revision lcp parents: diff changeset	252	though.
d8205bb279a7 Initial revision lcp parents: diff changeset	253	\begin{description}
d8205bb279a7 Initial revision lcp parents: diff changeset	254	\item[\ttindexbold{Unify.trace_simp} \tt:= true;]
d8205bb279a7 Initial revision lcp parents: diff changeset	255	causes tracing of the simplification phase.
d8205bb279a7 Initial revision lcp parents: diff changeset	256
d8205bb279a7 Initial revision lcp parents: diff changeset	257	\item[\ttindexbold{Unify.trace_types} \tt:= true;]
d8205bb279a7 Initial revision lcp parents: diff changeset	258	generates warnings of incompleteness, when unification is not considering
d8205bb279a7 Initial revision lcp parents: diff changeset	259	all possible instantiations of type unknowns.
d8205bb279a7 Initial revision lcp parents: diff changeset	260
d8205bb279a7 Initial revision lcp parents: diff changeset	261	\item[\ttindexbold{Unify.trace_bound} \tt:= $n$]
d8205bb279a7 Initial revision lcp parents: diff changeset	262	causes unification to print tracing information once it reaches depth~$n$.
d8205bb279a7 Initial revision lcp parents: diff changeset	263	Use $n=0$ for full tracing. At the default value of~10, tracing
d8205bb279a7 Initial revision lcp parents: diff changeset	264	information is almost never printed.
d8205bb279a7 Initial revision lcp parents: diff changeset	265
d8205bb279a7 Initial revision lcp parents: diff changeset	266	\item[\ttindexbold{Unify.search_bound} \tt:= $n$]
d8205bb279a7 Initial revision lcp parents: diff changeset	267	causes unification to limit its search to depth~$n$. Because of this
d8205bb279a7 Initial revision lcp parents: diff changeset	268	bound, higher-order unification cannot return an infinite sequence, though
d8205bb279a7 Initial revision lcp parents: diff changeset	269	it can return a very long one. The search rarely approaches the default
d8205bb279a7 Initial revision lcp parents: diff changeset	270	value of~20. If the search is cut off, unification prints {\tt
d8205bb279a7 Initial revision lcp parents: diff changeset	271	***Unification bound exceeded}.
d8205bb279a7 Initial revision lcp parents: diff changeset	272	\end{description}
d8205bb279a7 Initial revision lcp parents: diff changeset	273
d8205bb279a7 Initial revision lcp parents: diff changeset	274
d8205bb279a7 Initial revision lcp parents: diff changeset	275	\section{Primitive meta-level inference rules}
d8205bb279a7 Initial revision lcp parents: diff changeset	276	\index{meta-rules\|(}
d8205bb279a7 Initial revision lcp parents: diff changeset	277	These implement the meta-logic in {\sc lcf} style, as functions from theorems
d8205bb279a7 Initial revision lcp parents: diff changeset	278	to theorems. They are, rarely, useful for deriving results in the pure
d8205bb279a7 Initial revision lcp parents: diff changeset	279	theory. Mainly, they are included for completeness, and most users should
d8205bb279a7 Initial revision lcp parents: diff changeset	280	not bother with them. The meta-rules raise exception \ttindex{THM} to signal
d8205bb279a7 Initial revision lcp parents: diff changeset	281	malformed premises, incompatible signatures and similar errors.
d8205bb279a7 Initial revision lcp parents: diff changeset	282
d8205bb279a7 Initial revision lcp parents: diff changeset	283	The meta-logic uses natural deduction. Each theorem may depend on
d8205bb279a7 Initial revision lcp parents: diff changeset	284	meta-hypotheses, or assumptions. Certain rules, such as $({\Imp}I)$,
d8205bb279a7 Initial revision lcp parents: diff changeset	285	discharge assumptions; in most other rules, the conclusion depends on all
d8205bb279a7 Initial revision lcp parents: diff changeset	286	of the assumptions of the premises. Formally, the system works with
d8205bb279a7 Initial revision lcp parents: diff changeset	287	assertions of the form
d8205bb279a7 Initial revision lcp parents: diff changeset	288	\[ \phi \quad [\phi@1,\ldots,\phi@n], \]
d8205bb279a7 Initial revision lcp parents: diff changeset	289	where $\phi@1$,~\ldots,~$\phi@n$ are the hypotheses. Do not confuse
d8205bb279a7 Initial revision lcp parents: diff changeset	290	meta-level assumptions with the object-level assumptions in a subgoal,
d8205bb279a7 Initial revision lcp parents: diff changeset	291	which are represented in the meta-logic using~$\Imp$.
d8205bb279a7 Initial revision lcp parents: diff changeset	292
d8205bb279a7 Initial revision lcp parents: diff changeset	293	Each theorem has a signature. Certified terms have a signature. When a
d8205bb279a7 Initial revision lcp parents: diff changeset	294	rule takes several premises and certified terms, it merges the signatures
d8205bb279a7 Initial revision lcp parents: diff changeset	295	to make a signature for the conclusion. This fails if the signatures are
d8205bb279a7 Initial revision lcp parents: diff changeset	296	incompatible.
d8205bb279a7 Initial revision lcp parents: diff changeset	297
d8205bb279a7 Initial revision lcp parents: diff changeset	298	The {\em implication\/} rules are $({\Imp}I)$
d8205bb279a7 Initial revision lcp parents: diff changeset	299	and $({\Imp}E)$:
d8205bb279a7 Initial revision lcp parents: diff changeset	300	\[ \infer[({\Imp}I)]{\phi\Imp \psi}{\infer*{\psi}{[\phi]}} \qquad
d8205bb279a7 Initial revision lcp parents: diff changeset	301	\infer[({\Imp}E)]{\psi}{\phi\Imp \psi & \phi} \]
d8205bb279a7 Initial revision lcp parents: diff changeset	302
d8205bb279a7 Initial revision lcp parents: diff changeset	303	Equality of truth values means logical equivalence:
d8205bb279a7 Initial revision lcp parents: diff changeset	304	\[ \infer[({\equiv}I)]{\phi\equiv\psi}{\infer*{\psi}{[\phi]} &
d8205bb279a7 Initial revision lcp parents: diff changeset	305	\infer*{\phi}{[\psi]}}
d8205bb279a7 Initial revision lcp parents: diff changeset	306	\qquad
d8205bb279a7 Initial revision lcp parents: diff changeset	307	\infer[({\equiv}E)]{\psi}{\phi\equiv \psi & \phi} \]
d8205bb279a7 Initial revision lcp parents: diff changeset	308
d8205bb279a7 Initial revision lcp parents: diff changeset	309	The {\em equality\/} rules are reflexivity, symmetry, and transitivity:
d8205bb279a7 Initial revision lcp parents: diff changeset	310	\[ {a\equiv a}\,(refl) \qquad
d8205bb279a7 Initial revision lcp parents: diff changeset	311	\infer[(sym)]{b\equiv a}{a\equiv b} \qquad
d8205bb279a7 Initial revision lcp parents: diff changeset	312	\infer[(trans)]{a\equiv c}{a\equiv b & b\equiv c} \]
d8205bb279a7 Initial revision lcp parents: diff changeset	313
d8205bb279a7 Initial revision lcp parents: diff changeset	314	The $\lambda$-conversions are $\alpha$-conversion, $\beta$-conversion, and
d8205bb279a7 Initial revision lcp parents: diff changeset	315	extensionality:\footnote{$\alpha$-conversion holds if $y$ is not free
d8205bb279a7 Initial revision lcp parents: diff changeset	316	in~$a$; $(ext)$ holds if $x$ is not free in the assumptions, $f$, or~$g$.}
d8205bb279a7 Initial revision lcp parents: diff changeset	317	\[ {(\lambda x.a) \equiv (\lambda y.a[y/x])} \qquad
d8205bb279a7 Initial revision lcp parents: diff changeset	318	{((\lambda x.a)(b)) \equiv a[b/x]} \qquad
d8205bb279a7 Initial revision lcp parents: diff changeset	319	\infer[(ext)]{f\equiv g}{f(x) \equiv g(x)} \]
d8205bb279a7 Initial revision lcp parents: diff changeset	320
d8205bb279a7 Initial revision lcp parents: diff changeset	321	The {\it abstraction\/} and {\it combination\/} rules permit the conversion
d8205bb279a7 Initial revision lcp parents: diff changeset	322	of subterms:\footnote{Abstraction holds if $x$ is not free in the
d8205bb279a7 Initial revision lcp parents: diff changeset	323	assumptions.}
d8205bb279a7 Initial revision lcp parents: diff changeset	324	\[ \infer[(abs)]{(\lambda x.a) \equiv (\lambda x.b)}{a\equiv b} \qquad
d8205bb279a7 Initial revision lcp parents: diff changeset	325	\infer[(comb)]{f(a)\equiv g(b)}{f\equiv g & a\equiv b} \]
d8205bb279a7 Initial revision lcp parents: diff changeset	326
d8205bb279a7 Initial revision lcp parents: diff changeset	327	The {\em universal quantification\/} rules are $(\Forall I)$ and $(\Forall
d8205bb279a7 Initial revision lcp parents: diff changeset	328	E)$:\footnote{$(\Forall I)$ holds if $x$ is not free in the assumptions.}
d8205bb279a7 Initial revision lcp parents: diff changeset	329	\[ \infer[(\Forall I)]{\Forall x.\phi}{\phi} \qquad
d8205bb279a7 Initial revision lcp parents: diff changeset	330	\infer[(\Forall I)]{\phi[b/x]}{\Forall x.\phi} \]
d8205bb279a7 Initial revision lcp parents: diff changeset	331
d8205bb279a7 Initial revision lcp parents: diff changeset	332
d8205bb279a7 Initial revision lcp parents: diff changeset	333	\subsection{Propositional rules}
d8205bb279a7 Initial revision lcp parents: diff changeset	334	\index{meta-rules!assumption\|bold}
d8205bb279a7 Initial revision lcp parents: diff changeset	335	\subsubsection{Assumption}
d8205bb279a7 Initial revision lcp parents: diff changeset	336	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	337	assume: Sign.cterm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	338	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	339	\begin{description}
d8205bb279a7 Initial revision lcp parents: diff changeset	340	\item[\ttindexbold{assume} $ct$]
d8205bb279a7 Initial revision lcp parents: diff changeset	341	makes the theorem $\phi \quad[\phi]$, where $\phi$ is the value of~$ct$.
d8205bb279a7 Initial revision lcp parents: diff changeset	342	The rule checks that $ct$ has type $prop$ and contains no unknowns, which
d8205bb279a7 Initial revision lcp parents: diff changeset	343	are not allowed in hypotheses.
d8205bb279a7 Initial revision lcp parents: diff changeset	344	\end{description}
d8205bb279a7 Initial revision lcp parents: diff changeset	345
d8205bb279a7 Initial revision lcp parents: diff changeset	346	\subsubsection{Implication}
d8205bb279a7 Initial revision lcp parents: diff changeset	347	\index{meta-rules!implication\|bold}
d8205bb279a7 Initial revision lcp parents: diff changeset	348	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	349	implies_intr : Sign.cterm -> thm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	350	implies_intr_list : Sign.cterm list -> thm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	351	implies_intr_hyps : thm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	352	implies_elim : thm -> thm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	353	implies_elim_list : thm -> thm list -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	354	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	355	\begin{description}
d8205bb279a7 Initial revision lcp parents: diff changeset	356	\item[\ttindexbold{implies_intr} $ct$ $thm$]
d8205bb279a7 Initial revision lcp parents: diff changeset	357	is $({\Imp}I)$, where $ct$ is the assumption to discharge, say~$\phi$. It
d8205bb279a7 Initial revision lcp parents: diff changeset	358	maps the premise $\psi\quad[\phi]$ to the conclusion $\phi\Imp\psi$. The
d8205bb279a7 Initial revision lcp parents: diff changeset	359	rule checks that $ct$ has type $prop$.
d8205bb279a7 Initial revision lcp parents: diff changeset	360
d8205bb279a7 Initial revision lcp parents: diff changeset	361	\item[\ttindexbold{implies_intr_list} $cts$ $thm$]
d8205bb279a7 Initial revision lcp parents: diff changeset	362	applies $({\Imp}I)$ repeatedly, on every element of the list~$cts$.
d8205bb279a7 Initial revision lcp parents: diff changeset	363
d8205bb279a7 Initial revision lcp parents: diff changeset	364	\item[\ttindexbold{implies_intr_hyps} $thm$]
d8205bb279a7 Initial revision lcp parents: diff changeset	365	applies $({\Imp}I)$ to discharge all the hypotheses of~$thm$. It maps the
d8205bb279a7 Initial revision lcp parents: diff changeset	366	premise $\phi \quad [\phi@1,\ldots,\phi@n]$ to the conclusion
d8205bb279a7 Initial revision lcp parents: diff changeset	367	$\List{\phi@1,\ldots,\phi@n}\Imp\phi$.
d8205bb279a7 Initial revision lcp parents: diff changeset	368
d8205bb279a7 Initial revision lcp parents: diff changeset	369	\item[\ttindexbold{implies_elim} $thm@1$ $thm@2$]
d8205bb279a7 Initial revision lcp parents: diff changeset	370	applies $({\Imp}E)$ to $thm@1$ and~$thm@2$. It maps the premises $\phi\Imp
d8205bb279a7 Initial revision lcp parents: diff changeset	371	\psi$ and $\phi$ to the conclusion~$\psi$.
d8205bb279a7 Initial revision lcp parents: diff changeset	372
d8205bb279a7 Initial revision lcp parents: diff changeset	373	\item[\ttindexbold{implies_elim_list} $thm$ $thms$]
d8205bb279a7 Initial revision lcp parents: diff changeset	374	applies $({\Imp}E)$ repeatedly to $thm$, using each element of~$thms$ in
d8205bb279a7 Initial revision lcp parents: diff changeset	375	turn. It maps the premises $[\phi@1,\ldots,\phi@n]\Imp\psi$ and
d8205bb279a7 Initial revision lcp parents: diff changeset	376	$\phi@1$,\ldots,$\phi@n$ to the conclusion~$\psi$.
d8205bb279a7 Initial revision lcp parents: diff changeset	377	\end{description}
d8205bb279a7 Initial revision lcp parents: diff changeset	378
d8205bb279a7 Initial revision lcp parents: diff changeset	379	\subsubsection{Logical equivalence (equality)}
d8205bb279a7 Initial revision lcp parents: diff changeset	380	\index{meta-rules!logical equivalence\|bold}
d8205bb279a7 Initial revision lcp parents: diff changeset	381	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	382	equal_intr : thm -> thm -> thm equal_elim : thm -> thm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	383	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	384	\begin{description}
d8205bb279a7 Initial revision lcp parents: diff changeset	385	\item[\ttindexbold{equal_intr} $thm@1$ $thm@2$]
d8205bb279a7 Initial revision lcp parents: diff changeset	386	applies $({\equiv}I)$ to $thm@1$ and~$thm@2$. It maps the premises
d8205bb279a7 Initial revision lcp parents: diff changeset	387	$\psi\quad[\phi]$ and $\phi\quad[\psi]$ to the conclusion~$\phi\equiv\psi$.
d8205bb279a7 Initial revision lcp parents: diff changeset	388
d8205bb279a7 Initial revision lcp parents: diff changeset	389	\item[\ttindexbold{equal_elim} $thm@1$ $thm@2$]
d8205bb279a7 Initial revision lcp parents: diff changeset	390	applies $({\equiv}E)$ to $thm@1$ and~$thm@2$. It maps the premises
d8205bb279a7 Initial revision lcp parents: diff changeset	391	$\phi\equiv\psi$ and $\phi$ to the conclusion~$\psi$.
d8205bb279a7 Initial revision lcp parents: diff changeset	392	\end{description}
d8205bb279a7 Initial revision lcp parents: diff changeset	393
d8205bb279a7 Initial revision lcp parents: diff changeset	394
d8205bb279a7 Initial revision lcp parents: diff changeset	395	\subsection{Equality rules}
d8205bb279a7 Initial revision lcp parents: diff changeset	396	\index{meta-rules!equality\|bold}
d8205bb279a7 Initial revision lcp parents: diff changeset	397	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	398	reflexive : Sign.cterm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	399	symmetric : thm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	400	transitive : thm -> thm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	401	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	402	\begin{description}
d8205bb279a7 Initial revision lcp parents: diff changeset	403	\item[\ttindexbold{reflexive} $ct$]
d8205bb279a7 Initial revision lcp parents: diff changeset	404	makes the theorem $ct=ct$.
d8205bb279a7 Initial revision lcp parents: diff changeset	405
d8205bb279a7 Initial revision lcp parents: diff changeset	406	\item[\ttindexbold{symmetric} $thm$]
d8205bb279a7 Initial revision lcp parents: diff changeset	407	maps the premise $a\equiv b$ to the conclusion $b\equiv a$.
d8205bb279a7 Initial revision lcp parents: diff changeset	408
d8205bb279a7 Initial revision lcp parents: diff changeset	409	\item[\ttindexbold{transitive} $thm@1$ $thm@2$]
d8205bb279a7 Initial revision lcp parents: diff changeset	410	maps the premises $a\equiv b$ and $b\equiv c$ to the conclusion~${a\equiv c}$.
d8205bb279a7 Initial revision lcp parents: diff changeset	411	\end{description}
d8205bb279a7 Initial revision lcp parents: diff changeset	412
d8205bb279a7 Initial revision lcp parents: diff changeset	413
d8205bb279a7 Initial revision lcp parents: diff changeset	414	\subsection{The $\lambda$-conversion rules}
d8205bb279a7 Initial revision lcp parents: diff changeset	415	\index{meta-rules!$\lambda$-conversion\|bold}
d8205bb279a7 Initial revision lcp parents: diff changeset	416	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	417	beta_conversion : Sign.cterm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	418	extensional : thm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	419	abstract_rule : string -> Sign.cterm -> thm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	420	combination : thm -> thm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	421	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	422	There is no rule for $\alpha$-conversion because Isabelle's internal
d8205bb279a7 Initial revision lcp parents: diff changeset	423	representation ignores bound variable names, except when communicating with
d8205bb279a7 Initial revision lcp parents: diff changeset	424	the user.
d8205bb279a7 Initial revision lcp parents: diff changeset	425	\begin{description}
d8205bb279a7 Initial revision lcp parents: diff changeset	426	\item[\ttindexbold{beta_conversion} $ct$]
d8205bb279a7 Initial revision lcp parents: diff changeset	427	makes the theorem $((\lambda x.a)(b)) \equiv a[b/x]$, where $ct$ is the
d8205bb279a7 Initial revision lcp parents: diff changeset	428	term $(\lambda x.a)(b)$.
d8205bb279a7 Initial revision lcp parents: diff changeset	429
d8205bb279a7 Initial revision lcp parents: diff changeset	430	\item[\ttindexbold{extensional} $thm$]
d8205bb279a7 Initial revision lcp parents: diff changeset	431	maps the premise $f(x) \equiv g(x)$ to the conclusion $f\equiv g$.
d8205bb279a7 Initial revision lcp parents: diff changeset	432	Parameter~$x$ is taken from the premise. It may be an unknown or a free
d8205bb279a7 Initial revision lcp parents: diff changeset	433	variable (provided it does not occur in the hypotheses); it must not occur
d8205bb279a7 Initial revision lcp parents: diff changeset	434	in $f$ or~$g$.
d8205bb279a7 Initial revision lcp parents: diff changeset	435
d8205bb279a7 Initial revision lcp parents: diff changeset	436	\item[\ttindexbold{abstract_rule} $v$ $x$ $thm$]
d8205bb279a7 Initial revision lcp parents: diff changeset	437	maps the premise $a\equiv b$ to the conclusion $(\lambda x.a) \equiv
d8205bb279a7 Initial revision lcp parents: diff changeset	438	(\lambda x.b)$, abstracting over all occurrences (if any!) of~$x$.
d8205bb279a7 Initial revision lcp parents: diff changeset	439	Parameter~$x$ is supplied as a cterm. It may be an unknown or a free
d8205bb279a7 Initial revision lcp parents: diff changeset	440	variable (provided it does not occur in the hypotheses). In the
d8205bb279a7 Initial revision lcp parents: diff changeset	441	conclusion, the bound variable is named~$v$.
d8205bb279a7 Initial revision lcp parents: diff changeset	442
d8205bb279a7 Initial revision lcp parents: diff changeset	443	\item[\ttindexbold{combination} $thm@1$ $thm@2$]
d8205bb279a7 Initial revision lcp parents: diff changeset	444	maps the premises $f\equiv g$ and $a\equiv b$ to the conclusion~$f(a)\equiv
d8205bb279a7 Initial revision lcp parents: diff changeset	445	g(b)$.
d8205bb279a7 Initial revision lcp parents: diff changeset	446	\end{description}
d8205bb279a7 Initial revision lcp parents: diff changeset	447
d8205bb279a7 Initial revision lcp parents: diff changeset	448
d8205bb279a7 Initial revision lcp parents: diff changeset	449	\subsection{Universal quantifier rules}
d8205bb279a7 Initial revision lcp parents: diff changeset	450	\index{meta-rules!quantifier\|bold}
d8205bb279a7 Initial revision lcp parents: diff changeset	451	\subsubsection{Forall introduction}
d8205bb279a7 Initial revision lcp parents: diff changeset	452	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	453	forall_intr : Sign.cterm -> thm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	454	forall_intr_list : Sign.cterm list -> thm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	455	forall_intr_frees : thm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	456	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	457
d8205bb279a7 Initial revision lcp parents: diff changeset	458	\begin{description}
d8205bb279a7 Initial revision lcp parents: diff changeset	459	\item[\ttindexbold{forall_intr} $x$ $thm$]
d8205bb279a7 Initial revision lcp parents: diff changeset	460	applies $({\Forall}I)$, abstracting over all occurrences (if any!) of~$x$.
d8205bb279a7 Initial revision lcp parents: diff changeset	461	The rule maps the premise $\phi$ to the conclusion $\Forall x.\phi$.
d8205bb279a7 Initial revision lcp parents: diff changeset	462	Parameter~$x$ is supplied as a cterm. It may be an unknown or a free
d8205bb279a7 Initial revision lcp parents: diff changeset	463	variable (provided it does not occur in the hypotheses).
d8205bb279a7 Initial revision lcp parents: diff changeset	464
d8205bb279a7 Initial revision lcp parents: diff changeset	465	\item[\ttindexbold{forall_intr_list} $xs$ $thm$]
d8205bb279a7 Initial revision lcp parents: diff changeset	466	applies $({\Forall}I)$ repeatedly, on every element of the list~$xs$.
d8205bb279a7 Initial revision lcp parents: diff changeset	467
d8205bb279a7 Initial revision lcp parents: diff changeset	468	\item[\ttindexbold{forall_intr_frees} $thm$]
d8205bb279a7 Initial revision lcp parents: diff changeset	469	applies $({\Forall}I)$ repeatedly, generalizing over all the free variables
d8205bb279a7 Initial revision lcp parents: diff changeset	470	of the premise.
d8205bb279a7 Initial revision lcp parents: diff changeset	471	\end{description}
d8205bb279a7 Initial revision lcp parents: diff changeset	472
d8205bb279a7 Initial revision lcp parents: diff changeset	473
d8205bb279a7 Initial revision lcp parents: diff changeset	474	\subsubsection{Forall elimination}
d8205bb279a7 Initial revision lcp parents: diff changeset	475	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	476	forall_elim : Sign.cterm -> thm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	477	forall_elim_list : Sign.cterm list -> thm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	478	forall_elim_var : int -> thm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	479	forall_elim_vars : int -> thm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	480	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	481
d8205bb279a7 Initial revision lcp parents: diff changeset	482	\begin{description}
d8205bb279a7 Initial revision lcp parents: diff changeset	483	\item[\ttindexbold{forall_elim} $ct$ $thm$]
d8205bb279a7 Initial revision lcp parents: diff changeset	484	applies $({\Forall}E)$, mapping the premise $\Forall x.\phi$ to the conclusion
d8205bb279a7 Initial revision lcp parents: diff changeset	485	$\phi[ct/x]$. The rule checks that $ct$ and $x$ have the same type.
d8205bb279a7 Initial revision lcp parents: diff changeset	486
d8205bb279a7 Initial revision lcp parents: diff changeset	487	\item[\ttindexbold{forall_elim_list} $cts$ $thm$]
d8205bb279a7 Initial revision lcp parents: diff changeset	488	applies $({\Forall}E)$ repeatedly, on every element of the list~$cts$.
d8205bb279a7 Initial revision lcp parents: diff changeset	489
d8205bb279a7 Initial revision lcp parents: diff changeset	490	\item[\ttindexbold{forall_elim_var} $k$ $thm$]
d8205bb279a7 Initial revision lcp parents: diff changeset	491	applies $({\Forall}E)$, mapping the premise $\Forall x.\phi$ to the conclusion
d8205bb279a7 Initial revision lcp parents: diff changeset	492	$\phi[\Var{x@k}/x]$. Thus, it replaces the outermost $\Forall$-bound
d8205bb279a7 Initial revision lcp parents: diff changeset	493	variable by an unknown having subscript~$k$.
d8205bb279a7 Initial revision lcp parents: diff changeset	494
d8205bb279a7 Initial revision lcp parents: diff changeset	495	\item[\ttindexbold{forall_elim_vars} $ks$ $thm$]
d8205bb279a7 Initial revision lcp parents: diff changeset	496	applies {\tt forall_elim_var} repeatedly, for every element of the list~$ks$.
d8205bb279a7 Initial revision lcp parents: diff changeset	497	\end{description}
d8205bb279a7 Initial revision lcp parents: diff changeset	498
d8205bb279a7 Initial revision lcp parents: diff changeset	499	\subsubsection{Instantiation of unknowns}
d8205bb279a7 Initial revision lcp parents: diff changeset	500	\index{meta-rules!instantiation\|bold}
d8205bb279a7 Initial revision lcp parents: diff changeset	501	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	502	instantiate: (indexnameSign.ctyp)list (Sign.cterm*Sign.cterm)list
d8205bb279a7 Initial revision lcp parents: diff changeset	503	-> thm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	504	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	505	\begin{description}
d8205bb279a7 Initial revision lcp parents: diff changeset	506	\item[\ttindexbold{instantiate} $tyinsts$ $insts$ $thm$]
d8205bb279a7 Initial revision lcp parents: diff changeset	507	performs simultaneous substitution of types for type unknowns (the
d8205bb279a7 Initial revision lcp parents: diff changeset	508	$tyinsts$) and terms for term unknowns (the $insts$). Instantiations are
d8205bb279a7 Initial revision lcp parents: diff changeset	509	given as $(v,t)$ pairs, where $v$ is an unknown and $t$ is a term (of the
d8205bb279a7 Initial revision lcp parents: diff changeset	510	same type as $v$) or a type (of the same sort as~$v$). All the unknowns
d8205bb279a7 Initial revision lcp parents: diff changeset	511	must be distinct. The rule normalizes its conclusion.
d8205bb279a7 Initial revision lcp parents: diff changeset	512	\end{description}
d8205bb279a7 Initial revision lcp parents: diff changeset	513
d8205bb279a7 Initial revision lcp parents: diff changeset	514
d8205bb279a7 Initial revision lcp parents: diff changeset	515	\subsection{Freezing/thawing type variables}
d8205bb279a7 Initial revision lcp parents: diff changeset	516	\index{meta-rules!for type variables\|bold}
d8205bb279a7 Initial revision lcp parents: diff changeset	517	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	518	freezeT: thm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	519	varifyT: thm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	520	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	521	\begin{description}
d8205bb279a7 Initial revision lcp parents: diff changeset	522	\item[\ttindexbold{freezeT} $thm$]
d8205bb279a7 Initial revision lcp parents: diff changeset	523	converts all the type unknowns in $thm$ to free type variables.
d8205bb279a7 Initial revision lcp parents: diff changeset	524
d8205bb279a7 Initial revision lcp parents: diff changeset	525	\item[\ttindexbold{varifyT} $thm$]
d8205bb279a7 Initial revision lcp parents: diff changeset	526	converts all the free type variables in $thm$ to type unknowns.
d8205bb279a7 Initial revision lcp parents: diff changeset	527	\end{description}
d8205bb279a7 Initial revision lcp parents: diff changeset	528
d8205bb279a7 Initial revision lcp parents: diff changeset	529
d8205bb279a7 Initial revision lcp parents: diff changeset	530	\section{Derived rules for goal-directed proof}
d8205bb279a7 Initial revision lcp parents: diff changeset	531	Most of these rules have the sole purpose of implementing particular
d8205bb279a7 Initial revision lcp parents: diff changeset	532	tactics. There are few occasions for applying them directly to a theorem.
d8205bb279a7 Initial revision lcp parents: diff changeset	533
d8205bb279a7 Initial revision lcp parents: diff changeset	534	\subsection{Proof by assumption}
d8205bb279a7 Initial revision lcp parents: diff changeset	535	\index{meta-rules!assumption\|bold}
d8205bb279a7 Initial revision lcp parents: diff changeset	536	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	537	assumption : int -> thm -> thm Sequence.seq
d8205bb279a7 Initial revision lcp parents: diff changeset	538	eq_assumption : int -> thm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	539	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	540	\begin{description}
d8205bb279a7 Initial revision lcp parents: diff changeset	541	\item[\ttindexbold{assumption} {\it i} $thm$]
d8205bb279a7 Initial revision lcp parents: diff changeset	542	attempts to solve premise~$i$ of~$thm$ by assumption.
d8205bb279a7 Initial revision lcp parents: diff changeset	543
d8205bb279a7 Initial revision lcp parents: diff changeset	544	\item[\ttindexbold{eq_assumption}]
d8205bb279a7 Initial revision lcp parents: diff changeset	545	is like {\tt assumption} but does not use unification.
d8205bb279a7 Initial revision lcp parents: diff changeset	546	\end{description}
d8205bb279a7 Initial revision lcp parents: diff changeset	547
d8205bb279a7 Initial revision lcp parents: diff changeset	548
d8205bb279a7 Initial revision lcp parents: diff changeset	549	\subsection{Resolution}
d8205bb279a7 Initial revision lcp parents: diff changeset	550	\index{meta-rules!resolution\|bold}
d8205bb279a7 Initial revision lcp parents: diff changeset	551	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	552	biresolution : bool -> (bool*thm)list -> int -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	553	-> thm Sequence.seq
d8205bb279a7 Initial revision lcp parents: diff changeset	554	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	555	\begin{description}
d8205bb279a7 Initial revision lcp parents: diff changeset	556	\item[\ttindexbold{biresolution} $match$ $rules$ $i$ $state$]
d8205bb279a7 Initial revision lcp parents: diff changeset	557	performs bi-resolution on subgoal~$i$ of~$state$, using the list of $\it
d8205bb279a7 Initial revision lcp parents: diff changeset	558	(flag,rule)$ pairs. For each pair, it applies resolution if the flag
d8205bb279a7 Initial revision lcp parents: diff changeset	559	is~{\tt false} and elim-resolution if the flag is~{\tt true}. If $match$
d8205bb279a7 Initial revision lcp parents: diff changeset	560	is~{\tt true}, the $state$ is not instantiated.
d8205bb279a7 Initial revision lcp parents: diff changeset	561	\end{description}
d8205bb279a7 Initial revision lcp parents: diff changeset	562
d8205bb279a7 Initial revision lcp parents: diff changeset	563
d8205bb279a7 Initial revision lcp parents: diff changeset	564	\subsection{Composition: resolution without lifting}
d8205bb279a7 Initial revision lcp parents: diff changeset	565	\index{meta-rules!for composition\|bold}
d8205bb279a7 Initial revision lcp parents: diff changeset	566	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	567	compose : thm * int * thm -> thm list
d8205bb279a7 Initial revision lcp parents: diff changeset	568	COMP : thm * thm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	569	bicompose : bool -> bool * thm * int -> int -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	570	-> thm Sequence.seq
d8205bb279a7 Initial revision lcp parents: diff changeset	571	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	572	In forward proof, a typical use of composition is to regard an assertion of
d8205bb279a7 Initial revision lcp parents: diff changeset	573	the form $\phi\Imp\psi$ as atomic. Schematic variables are not renamed, so
d8205bb279a7 Initial revision lcp parents: diff changeset	574	beware of clashes!
d8205bb279a7 Initial revision lcp parents: diff changeset	575	\begin{description}
d8205bb279a7 Initial revision lcp parents: diff changeset	576	\item[\ttindexbold{compose} ($thm@1$, $i$, $thm@2$)]
d8205bb279a7 Initial revision lcp parents: diff changeset	577	uses $thm@1$, regarded as an atomic formula, to solve premise~$i$
d8205bb279a7 Initial revision lcp parents: diff changeset	578	of~$thm@2$. Let $thm@1$ and $thm@2$ be $\psi$ and $\List{\phi@1; \ldots;
d8205bb279a7 Initial revision lcp parents: diff changeset	579	\phi@n} \Imp \phi$. For each $s$ that unifies~$\psi$ and $\phi@i$, the
d8205bb279a7 Initial revision lcp parents: diff changeset	580	result list contains the theorem
d8205bb279a7 Initial revision lcp parents: diff changeset	581	\[ (\List{\phi@1; \ldots; \phi@{i-1}; \phi@{i+1}; \ldots; \phi@n} \Imp \phi)s.
d8205bb279a7 Initial revision lcp parents: diff changeset	582	\]
d8205bb279a7 Initial revision lcp parents: diff changeset	583
d8205bb279a7 Initial revision lcp parents: diff changeset	584	\item[\tt $thm@1$ COMP $thm@2$]
d8205bb279a7 Initial revision lcp parents: diff changeset	585	calls \hbox{\tt compose ($thm@1$, 1, $thm@2$)} and returns the result, if
d8205bb279a7 Initial revision lcp parents: diff changeset	586	unique; otherwise, it raises exception~\ttindex{THM}\@. It is
d8205bb279a7 Initial revision lcp parents: diff changeset	587	analogous to {\tt RS}\@.
d8205bb279a7 Initial revision lcp parents: diff changeset	588
d8205bb279a7 Initial revision lcp parents: diff changeset	589	For example, suppose that $thm@1$ is $a=b\Imp b=a$, a symmetry rule, and
d8205bb279a7 Initial revision lcp parents: diff changeset	590	that $thm@2$ is $\List{P\Imp Q; \neg Q} \Imp\neg A)$, which is the
d8205bb279a7 Initial revision lcp parents: diff changeset	591	principle of contrapositives. Then the result would be the
d8205bb279a7 Initial revision lcp parents: diff changeset	592	derived rule $\neg(b=a)\Imp\neg(a=b)$.
d8205bb279a7 Initial revision lcp parents: diff changeset	593
d8205bb279a7 Initial revision lcp parents: diff changeset	594	\item[\ttindexbold{bicompose} $match$ ($flag$, $rule$, $m$) $i$ $state$]
d8205bb279a7 Initial revision lcp parents: diff changeset	595	refines subgoal~$i$ of $state$ using $rule$, without lifting. The $rule$
d8205bb279a7 Initial revision lcp parents: diff changeset	596	is taken to have the form $\List{\psi@1; \ldots; \psi@m} \Imp \psi$, where
d8205bb279a7 Initial revision lcp parents: diff changeset	597	$\psi$ need {\bf not} be atomic; thus $m$ determines the number of new
d8205bb279a7 Initial revision lcp parents: diff changeset	598	subgoals. If $flag$ is {\tt true} then it performs elim-resolution --- it
d8205bb279a7 Initial revision lcp parents: diff changeset	599	solves the first premise of~$rule$ by assumption and deletes that
d8205bb279a7 Initial revision lcp parents: diff changeset	600	assumption. If $match$ is~{\tt true}, the $state$ is not instantiated.
d8205bb279a7 Initial revision lcp parents: diff changeset	601	\end{description}
d8205bb279a7 Initial revision lcp parents: diff changeset	602
d8205bb279a7 Initial revision lcp parents: diff changeset	603
d8205bb279a7 Initial revision lcp parents: diff changeset	604	\subsection{Other meta-rules}
d8205bb279a7 Initial revision lcp parents: diff changeset	605	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	606	trivial : Sign.cterm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	607	lift_rule : (thm * int) -> thm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	608	rename_params_rule : string list * int -> thm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	609	rewrite_cterm : thm list -> Sign.cterm -> thm
d8205bb279a7 Initial revision lcp parents: diff changeset	610	flexflex_rule : thm -> thm Sequence.seq
d8205bb279a7 Initial revision lcp parents: diff changeset	611	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	612	\begin{description}
d8205bb279a7 Initial revision lcp parents: diff changeset	613	\item[\ttindexbold{trivial} $ct$]
d8205bb279a7 Initial revision lcp parents: diff changeset	614	makes the theorem $\phi\Imp\phi$, where $\phi$ is the value of~$ct$.
d8205bb279a7 Initial revision lcp parents: diff changeset	615	This is the initial state for a goal-directed proof of~$\phi$. The rule
d8205bb279a7 Initial revision lcp parents: diff changeset	616	checks that $ct$ has type~$prop$.
d8205bb279a7 Initial revision lcp parents: diff changeset	617
d8205bb279a7 Initial revision lcp parents: diff changeset	618	\item[\ttindexbold{lift_rule} ($state$, $i$) $rule$] \index{lifting}
d8205bb279a7 Initial revision lcp parents: diff changeset	619	prepares $rule$ for resolution by lifting it over the parameters and
d8205bb279a7 Initial revision lcp parents: diff changeset	620	assumptions of subgoal~$i$ of~$state$.
d8205bb279a7 Initial revision lcp parents: diff changeset	621
d8205bb279a7 Initial revision lcp parents: diff changeset	622	\item[\ttindexbold{rename_params_rule} ({\it names}, {\it i}) $thm$]
d8205bb279a7 Initial revision lcp parents: diff changeset	623	uses the $names$ to rename the parameters of premise~$i$ of $thm$. The
d8205bb279a7 Initial revision lcp parents: diff changeset	624	names must be distinct. If there are fewer names than parameters, then the
d8205bb279a7 Initial revision lcp parents: diff changeset	625	rule renames the innermost parameters and may modify the remaining ones to
d8205bb279a7 Initial revision lcp parents: diff changeset	626	ensure that all the parameters are distinct.
d8205bb279a7 Initial revision lcp parents: diff changeset	627	\index{parameters!renaming}
d8205bb279a7 Initial revision lcp parents: diff changeset	628
d8205bb279a7 Initial revision lcp parents: diff changeset	629	\item[\ttindexbold{rewrite_cterm} $defs$ $ct$]
d8205bb279a7 Initial revision lcp parents: diff changeset	630	transforms $ct$ to $ct'$ by repeatedly applying $defs$ as rewrite rules; it
d8205bb279a7 Initial revision lcp parents: diff changeset	631	returns the conclusion~$ct\equiv ct'$. This underlies the meta-rewriting
d8205bb279a7 Initial revision lcp parents: diff changeset	632	tactics and rules.
d8205bb279a7 Initial revision lcp parents: diff changeset	633	\index{terms!meta-level rewriting in\|bold}\index{rewriting!meta-level}
d8205bb279a7 Initial revision lcp parents: diff changeset	634
d8205bb279a7 Initial revision lcp parents: diff changeset	635	\item[\ttindexbold{flexflex_rule} $thm$] \index{flex-flex constraints}
d8205bb279a7 Initial revision lcp parents: diff changeset	636	\index{meta-rules!for flex-flex constraints\|bold}
d8205bb279a7 Initial revision lcp parents: diff changeset	637	removes all flex-flex pairs from $thm$ using the trivial unifier.
d8205bb279a7 Initial revision lcp parents: diff changeset	638	\end{description}
d8205bb279a7 Initial revision lcp parents: diff changeset	639	\index{theorems\|)}
d8205bb279a7 Initial revision lcp parents: diff changeset	640	\index{meta-rules\|)}

author	lcp
	Wed, 10 Nov 1993 05:00:57 +0100
changeset 104	d8205bb279a7
child 151	c5e636ca6576
permissions	-rw-r--r--