195 omitted search paths during unification.\index{tracing!of unification} |
195 omitted search paths during unification.\index{tracing!of unification} |
196 \end{warn} |
196 \end{warn} |
197 |
197 |
198 |
198 |
199 \subsection{Binders} |
199 \subsection{Binders} |
200 Hilbert's {\bf description} operator~$\varepsilon x.P\,x$ stands for |
200 |
|
201 Hilbert's {\bf description} operator~$\varepsilon x.P[x]$ stands for |
201 some~$x$ satisfying~$P$, if such exists. Since all terms in \HOL\ |
202 some~$x$ satisfying~$P$, if such exists. Since all terms in \HOL\ |
202 denote something, a description is always meaningful, but we do not |
203 denote something, a description is always meaningful, but we do not |
203 know its value unless $P$ defines it uniquely. We may write |
204 know its value unless $P$ defines it uniquely. We may write |
204 descriptions as \cdx{Eps}($\lambda x.P[x]$) or use the syntax |
205 descriptions as \cdx{Eps}($\lambda x.P[x]$) or use the syntax |
205 \hbox{\tt \at $x$.$P[x]$}. |
206 \hbox{\tt \at $x$.$P[x]$}. |
207 Existential quantification is defined by |
208 Existential quantification is defined by |
208 \[ \exists x.P~x \;\equiv\; P(\varepsilon x.P~x). \] |
209 \[ \exists x.P~x \;\equiv\; P(\varepsilon x.P~x). \] |
209 The unique existence quantifier, $\exists!x.P$, is defined in terms |
210 The unique existence quantifier, $\exists!x.P$, is defined in terms |
210 of~$\exists$ and~$\forall$. An Isabelle binder, it admits nested |
211 of~$\exists$ and~$\forall$. An Isabelle binder, it admits nested |
211 quantifications. For instance, $\exists!x\,y.P\,x\,y$ abbreviates |
212 quantifications. For instance, $\exists!x\,y.P\,x\,y$ abbreviates |
212 $\exists!x. \exists!y.P~x~y$; note that this does not mean that there |
213 $\exists!x. \exists!y.P\,x\,y$; note that this does not mean that there |
213 exists a unique pair $(x,y)$ satisfying~$P~x~y$. |
214 exists a unique pair $(x,y)$ satisfying~$P\,x\,y$. |
214 |
215 |
215 \index{*"! symbol}\index{*"? symbol}\index{HOL system@{\sc hol} system} |
216 \index{*"! symbol}\index{*"? symbol}\index{HOL system@{\sc hol} system} |
216 Quantifiers have two notations. As in Gordon's {\sc hol} system, \HOL\ |
217 Quantifiers have two notations. As in Gordon's {\sc hol} system, \HOL\ |
217 uses~{\tt!}\ and~{\tt?}\ to stand for $\forall$ and $\exists$. The |
218 uses~{\tt!}\ and~{\tt?}\ to stand for $\forall$ and $\exists$. The |
218 existential quantifier must be followed by a space; thus {\tt?x} is an |
219 existential quantifier must be followed by a space; thus {\tt?x} is an |
225 |
226 |
226 If $\tau$ is a type of class \cldx{ord}, $P$ a formula and $x$ a |
227 If $\tau$ is a type of class \cldx{ord}, $P$ a formula and $x$ a |
227 variable of type $\tau$, then the term \cdx{LEAST}~$x.P[x]$ is defined |
228 variable of type $\tau$, then the term \cdx{LEAST}~$x.P[x]$ is defined |
228 to be the least (w.r.t.\ $\le$) $x$ such that $P~x$ holds (see |
229 to be the least (w.r.t.\ $\le$) $x$ such that $P~x$ holds (see |
229 Fig.~\ref{hol-defs}). The definition uses Hilbert's $\varepsilon$ |
230 Fig.~\ref{hol-defs}). The definition uses Hilbert's $\varepsilon$ |
230 choice operator. So this is always meaningful, but may yield nothing |
231 choice operator, so \texttt{Least} is always meaningful, but may yield |
231 useful in case there is not a unique least element satisfying |
232 nothing useful in case there is not a unique least element satisfying |
232 $P$.\footnote{Note that class $ord$ does not require much of its |
233 $P$.\footnote{Class $ord$ does not require much of its instances, so |
233 instances, so $\le$ need not be a well-ordering, not even an order |
234 $\le$ need not be a well-ordering, not even an order at all!} |
234 at all!} |
|
235 |
235 |
236 \medskip All these binders have priority 10. |
236 \medskip All these binders have priority 10. |
237 |
237 |
238 \begin{warn} |
238 \begin{warn} |
239 The low priority of binders means that they need to be enclosed in |
239 The low priority of binders means that they need to be enclosed in |
279 \tdx{True_or_False} (P=True) | (P=False) |
279 \tdx{True_or_False} (P=True) | (P=False) |
280 \end{ttbox} |
280 \end{ttbox} |
281 \caption{The {\tt HOL} rules} \label{hol-rules} |
281 \caption{The {\tt HOL} rules} \label{hol-rules} |
282 \end{figure} |
282 \end{figure} |
283 |
283 |
284 Figure~\ref{hol-rules} shows the inference rules of~\HOL{}, with their~{\ML} |
284 Figure~\ref{hol-rules} shows the primitive inference rules of~\HOL{}, |
285 names. Some of the rules deserve additional comments: |
285 with their~{\ML} names. Some of the rules deserve additional |
|
286 comments: |
286 \begin{ttdescription} |
287 \begin{ttdescription} |
287 \item[\tdx{ext}] expresses extensionality of functions. |
288 \item[\tdx{ext}] expresses extensionality of functions. |
288 \item[\tdx{iff}] asserts that logically equivalent formulae are |
289 \item[\tdx{iff}] asserts that logically equivalent formulae are |
289 equal. |
290 equal. |
290 \item[\tdx{selectI}] gives the defining property of the Hilbert |
291 \item[\tdx{selectI}] gives the defining property of the Hilbert |
447 \verb|{}| & $\alpha\,set$ & the empty set \\ |
448 \verb|{}| & $\alpha\,set$ & the empty set \\ |
448 \cdx{insert} & $[\alpha,\alpha\,set]\To \alpha\,set$ |
449 \cdx{insert} & $[\alpha,\alpha\,set]\To \alpha\,set$ |
449 & insertion of element \\ |
450 & insertion of element \\ |
450 \cdx{Collect} & $(\alpha\To bool)\To\alpha\,set$ |
451 \cdx{Collect} & $(\alpha\To bool)\To\alpha\,set$ |
451 & comprehension \\ |
452 & comprehension \\ |
452 \cdx{Compl} & $(\alpha\,set)\To\alpha\,set$ |
453 \cdx{Compl} & $\alpha\,set\To\alpha\,set$ |
453 & complement \\ |
454 & complement \\ |
454 \cdx{INTER} & $[\alpha\,set,\alpha\To\beta\,set]\To\beta\,set$ |
455 \cdx{INTER} & $[\alpha\,set,\alpha\To\beta\,set]\To\beta\,set$ |
455 & intersection over a set\\ |
456 & intersection over a set\\ |
456 \cdx{UNION} & $[\alpha\,set,\alpha\To\beta\,set]\To\beta\,set$ |
457 \cdx{UNION} & $[\alpha\,set,\alpha\To\beta\,set]\To\beta\,set$ |
457 & union over a set\\ |
458 & union over a set\\ |
1175 \end{figure} |
1176 \end{figure} |
1176 |
1177 |
1177 \subsection{The type of natural numbers, {\tt nat}} |
1178 \subsection{The type of natural numbers, {\tt nat}} |
1178 |
1179 |
1179 The theory \thydx{NatDef} defines the natural numbers in a roundabout |
1180 The theory \thydx{NatDef} defines the natural numbers in a roundabout |
1180 but traditional way. The axiom of infinity postulates an |
1181 but traditional way. The axiom of infinity postulates a |
1181 type~\tydx{ind} of individuals, which is non-empty and closed under an |
1182 type~\tydx{ind} of individuals, which is non-empty and closed under an |
1182 injective operation. The natural numbers are inductively generated by |
1183 injective operation. The natural numbers are inductively generated by |
1183 choosing an arbitrary individual for~0 and using the injective |
1184 choosing an arbitrary individual for~0 and using the injective |
1184 operation to take successors. For details see the file |
1185 operation to take successors. For details see the file |
1185 \texttt{NatDef.thy}. |
1186 \texttt{NatDef.thy}. |
1400 |
1401 |
1401 \begin{warn} |
1402 \begin{warn} |
1402 Types in \HOL\ must be non-empty; otherwise the quantifier rules would be |
1403 Types in \HOL\ must be non-empty; otherwise the quantifier rules would be |
1403 unsound, because $\exists x. x=x$ is a theorem \cite[\S7]{paulson-COLOG}. |
1404 unsound, because $\exists x. x=x$ is a theorem \cite[\S7]{paulson-COLOG}. |
1404 \end{warn} |
1405 \end{warn} |
1405 A \bfindex{type definition} identifies the new type with a subset of an |
1406 A \bfindex{type definition} identifies the new type with a subset of |
1406 existing type. More precisely, the new type is defined by exhibiting an |
1407 an existing type. More precisely, the new type is defined by |
1407 existing type~$\tau$, a set~$A::(\tau)set$, and a theorem of the form $x:A$. |
1408 exhibiting an existing type~$\tau$, a set~$A::\tau\,set$, and a |
1408 Thus~$A$ is a non-empty subset of~$\tau$, and the new type denotes this |
1409 theorem of the form $x:A$. Thus~$A$ is a non-empty subset of~$\tau$, |
1409 subset. New functions are defined that establish an isomorphism between the |
1410 and the new type denotes this subset. New functions are defined that |
1410 new type and the subset. If type~$\tau$ involves type variables $\alpha@1$, |
1411 establish an isomorphism between the new type and the subset. If |
1411 \ldots, $\alpha@n$, then the type definition creates a type constructor |
1412 type~$\tau$ involves type variables $\alpha@1$, \ldots, $\alpha@n$, |
|
1413 then the type definition creates a type constructor |
1412 $(\alpha@1,\ldots,\alpha@n)ty$ rather than a particular type. |
1414 $(\alpha@1,\ldots,\alpha@n)ty$ rather than a particular type. |
1413 |
1415 |
1414 \begin{figure}[htbp] |
1416 \begin{figure}[htbp] |
1415 \begin{rail} |
1417 \begin{rail} |
1416 typedef : 'typedef' ( () | '(' name ')') type '=' set witness; |
1418 typedef : 'typedef' ( () | '(' name ')') type '=' set witness; |
1440 \end{description} |
1442 \end{description} |
1441 If all context conditions are met (no duplicate type variables in |
1443 If all context conditions are met (no duplicate type variables in |
1442 `typevarlist', no extra type variables in `set', and no free term variables |
1444 `typevarlist', no extra type variables in `set', and no free term variables |
1443 in `set'), the following components are added to the theory: |
1445 in `set'), the following components are added to the theory: |
1444 \begin{itemize} |
1446 \begin{itemize} |
1445 \item a type $ty :: (term,\dots)term$; |
1447 \item a type $ty :: (term,\dots,term)term$ |
1446 \item constants |
1448 \item constants |
1447 \begin{eqnarray*} |
1449 \begin{eqnarray*} |
1448 T &::& \tau\;set \\ |
1450 T &::& \tau\;set \\ |
1449 Rep_T &::& (\alpha@1,\dots,\alpha@n)ty \To \tau \\ |
1451 Rep_T &::& (\alpha@1,\dots,\alpha@n)ty \To \tau \\ |
1450 Abs_T &::& \tau \To (\alpha@1,\dots,\alpha@n)ty |
1452 Abs_T &::& \tau \To (\alpha@1,\dots,\alpha@n)ty |
1496 |
1498 |
1497 \section{Datatype declarations} |
1499 \section{Datatype declarations} |
1498 \label{sec:HOL:datatype} |
1500 \label{sec:HOL:datatype} |
1499 \index{*datatype|(} |
1501 \index{*datatype|(} |
1500 |
1502 |
1501 Inductive datatypes similar to those of \ML{} frequently appear in |
1503 Inductive datatypes, similar to those of \ML, frequently appear in |
1502 non-trivial applications of \HOL. In principle, such types could be |
1504 non-trivial applications of \HOL. In principle, such types could be |
1503 defined by hand via \texttt{typedef} (see \S\ref{sec:typedef}), but |
1505 defined by hand via \texttt{typedef} (see \S\ref{sec:typedef}), but |
1504 this would be far too tedious. The \ttindex{datatype} definition |
1506 this would be far too tedious. The \ttindex{datatype} definition |
1505 package of \HOL\ automates such chores. It generates freeness and |
1507 package of \HOL\ automates such chores. It generates freeness theorems |
1506 induction rules from a very simple description provided by the user. |
1508 and induction rules from a very simple description of the new type |
|
1509 provided by the user. |
1507 |
1510 |
1508 |
1511 |
1509 \subsection{Basics} |
1512 \subsection{Basics} |
1510 |
1513 |
1511 The general \HOL\ \texttt{datatype} definition is of the following form: |
1514 The general \HOL\ \texttt{datatype} definition is of the following form: |
1525 \dots, \beta@l\} \subseteq \{\alpha@1, \dots, \alpha@n\}$, |
1528 \dots, \beta@l\} \subseteq \{\alpha@1, \dots, \alpha@n\}$, |
1526 |
1529 |
1527 \item the newly defined type $(\alpha@1, \dots, \alpha@n) \, t$. |
1530 \item the newly defined type $(\alpha@1, \dots, \alpha@n) \, t$. |
1528 \end{itemize} |
1531 \end{itemize} |
1529 Recursive occurences of $(\alpha@1, \dots, \alpha@n) \, t$ are quite |
1532 Recursive occurences of $(\alpha@1, \dots, \alpha@n) \, t$ are quite |
1530 restricted. To ensure that the new type is not empty, at least one |
1533 restricted. To ensure that the new type is non-empty, at least one |
1531 constructor must consist of only non-recursive type components. If |
1534 constructor must consist of only non-recursive type components. If |
1532 you would like one of the $\tau@{ij}$ to be a complex type expression |
1535 you would like one of the $\tau@{ij}$ to be a complex type expression |
1533 $\tau$ you need to declare a new type synonym $syn = \tau$ first and |
1536 $\tau$ you need to declare a new type synonym $syn = \tau$ first and |
1534 use $syn$ in place of $\tau$. Of course this does not work if $\tau$ |
1537 use $syn$ in place of $\tau$. Of course this does not work if $\tau$ |
1535 mentions the recursive type itself, thus ruling out problematic cases |
1538 mentions the recursive type itself, thus ruling out problematic cases |
1536 like $\mathtt{datatype}~ t ~=~ C \, (t \To t)$, but also unproblematic |
1539 like $\mathtt{datatype}~ t ~=~ C \, (t \To t)$, but also unproblematic |
1537 ones like $\mathtt{datatype}~ t ~=~ C \, (t~list)$. |
1540 ones like $\mathtt{datatype}~ t ~=~ C \, (t~list)$. |
1538 |
1541 |
1539 The constructors are automatically defined as functions of their respective |
1542 The constructors are automatically defined as functions of their respective |
1540 type: |
1543 type: |
1541 \[ C@j : [\tau@{j1},\dots,\tau@{jk@j}] \To (\alpha@1,\dots,\alpha@n)t \] |
1544 \[ C@j :: [\tau@{j1},\dots,\tau@{jk@j}] \To (\alpha@1,\dots,\alpha@n)t \] |
1542 These functions have certain {\em freeness} properties: |
1545 These functions have certain {\em freeness} properties --- they are |
1543 \begin{itemize} |
1546 distinct: |
1544 |
1547 \[ |
1545 \item They are distinct: |
1548 C@i~x@1~\dots~x@{k@i} \neq C@j~y@1~\dots~y@{k@j} \qquad |
1546 \[ |
1549 \mbox{for all}~ i \neq j. |
1547 C@i~x@1~\dots~x@{k@i} \neq C@j~y@1~\dots~y@{k@j} \qquad |
1550 \] |
1548 \mbox{for all}~ i \neq j. |
1551 and they are injective: |
1549 \] |
1552 \[ |
1550 |
1553 (C@j~x@1~\dots~x@{k@j} = C@j~y@1~\dots~y@{k@j}) = |
1551 \item They are injective: |
1554 (x@1 = y@1 \land \dots \land x@{k@j} = y@{k@j}) |
1552 \[ |
1555 \] |
1553 (C@j~x@1~\dots~x@{k@j} = C@j~y@1~\dots~y@{k@j}) = |
|
1554 (x@1 = y@1 \land \dots \land x@{k@j} = y@{k@j}) |
|
1555 \] |
|
1556 \end{itemize} |
|
1557 Because the number of inequalities is quadratic in the number of |
1556 Because the number of inequalities is quadratic in the number of |
1558 constructors, a different representation is used if there are $7$ or |
1557 constructors, a different representation is used if there are $7$ or |
1559 more of them. In that case every constructor term is mapped to a |
1558 more of them. In that case every constructor term is mapped to a |
1560 natural number: |
1559 natural number: |
1561 \[ |
1560 \[ |
1562 t_ord \, (C@i \, x@1 \, \dots \, x@{k@1}) = i - 1 |
1561 t_ord \, (C@i \, x@1 \, \dots \, x@{k@i}) = i - 1 |
1563 \] |
1562 \] |
1564 Then distinctness of constructor terms is expressed by: |
1563 Then distinctness of constructor terms is expressed by: |
1565 \[ |
1564 \[ |
1566 t_ord \, x \neq t_ord \, y \Imp x \neq y. |
1565 t_ord \, x \neq t_ord \, y \Imp x \neq y. |
1567 \] |
1566 \] |
1568 |
1567 |
1569 \medskip Furthermore, the following structural induction rule is |
1568 \medskip Generally, the following structural induction rule is |
1570 provided: |
1569 provided: |
1571 \[ |
1570 \[ |
1572 \infer{P \, x} |
1571 \infer{P \, x} |
1573 {\begin{array}{lcl} |
1572 {\begin{array}{lcl} |
1574 \Forall x@1\dots x@{k@1}. |
1573 \Forall x@1\dots x@{k@1}. |
1582 \] |
1581 \] |
1583 where $\{r@{j1},\dots,r@{jl@j}\} = \{i \in \{1,\dots k@j\} ~\mid~ \tau@{ji} |
1582 where $\{r@{j1},\dots,r@{jl@j}\} = \{i \in \{1,\dots k@j\} ~\mid~ \tau@{ji} |
1584 = (\alpha@1,\dots,\alpha@n)t \}$, i.e.\ the property $P$ can be assumed for |
1583 = (\alpha@1,\dots,\alpha@n)t \}$, i.e.\ the property $P$ can be assumed for |
1585 all arguments of the recursive type. |
1584 all arguments of the recursive type. |
1586 |
1585 |
1587 The type also comes with an \ML-like \sdx{case}-construct: |
1586 \medskip The type also comes with an \ML-like \sdx{case}-construct: |
1588 \[ |
1587 \[ |
1589 \begin{array}{rrcl} |
1588 \begin{array}{rrcl} |
1590 \mbox{\tt case}~e~\mbox{\tt of} & C@1~x@{11}~\dots~x@{1k@1} & \To & e@1 \\ |
1589 \mbox{\tt case}~e~\mbox{\tt of} & C@1~x@{11}~\dots~x@{1k@1} & \To & e@1 \\ |
1591 \vdots \\ |
1590 \vdots \\ |
1592 \mid & C@m~x@{m1}~\dots~x@{mk@m} & \To & e@m |
1591 \mid & C@m~x@{m1}~\dots~x@{mk@m} & \To & e@m |
1661 \subsection{Examples} |
1660 \subsection{Examples} |
1662 |
1661 |
1663 \subsubsection{The datatype $\alpha~list$} |
1662 \subsubsection{The datatype $\alpha~list$} |
1664 |
1663 |
1665 We want to define the type $\alpha~list$.\footnote{This is just an |
1664 We want to define the type $\alpha~list$.\footnote{This is just an |
1666 example. There is already a list type in \HOL, of course.} To do |
1665 example, there is already a list type in \HOL, of course.} To do |
1667 this we have to build a new theory that contains the type definition. |
1666 this we have to build a new theory that contains the type definition. |
1668 We start from the basic {\tt HOL} theory. |
1667 We start from the basic {\tt HOL} theory. |
1669 \begin{ttbox} |
1668 \begin{ttbox} |
1670 MyList = HOL + |
1669 MyList = HOL + |
1671 datatype 'a list = Nil | Cons 'a ('a list) |
1670 datatype 'a list = Nil | Cons 'a ('a list) |
1672 end |
1671 end |
1673 \end{ttbox} |
1672 \end{ttbox} |
1674 After loading the theory (\verb$use_thy "MyList"$), we can prove |
1673 After loading the theory (with \verb$use_thy "MyList"$), we can prove |
1675 $Cons~x~xs\neq xs$. |
1674 $Cons~x~xs\neq xs$. To ease the induction applied below, we state the |
|
1675 goal with $x$ quantified at the object-level. This will be stripped |
|
1676 later using \ttindex{qed_spec_mp}. |
1676 \begin{ttbox} |
1677 \begin{ttbox} |
1677 goal MyList.thy "!x. Cons x xs ~= xs"; |
1678 goal MyList.thy "!x. Cons x xs ~= xs"; |
1678 {\out Level 0} |
1679 {\out Level 0} |
1679 {\out ! x. Cons x xs ~= xs} |
1680 {\out ! x. Cons x xs ~= xs} |
1680 {\out 1. ! x. Cons x xs ~= xs} |
1681 {\out 1. ! x. Cons x xs ~= xs} |
1734 \subsubsection{A datatype for weekdays} |
1738 \subsubsection{A datatype for weekdays} |
1735 |
1739 |
1736 This example shows a datatype that consists of 7 constructors: |
1740 This example shows a datatype that consists of 7 constructors: |
1737 \begin{ttbox} |
1741 \begin{ttbox} |
1738 Days = Arith + |
1742 Days = Arith + |
1739 datatype days = Mo | Tu | We | Th | Fr | Sa | So |
1743 datatype days = Mon | Tue | Wed | Thu | Fri | Sat | Sun |
1740 end |
1744 end |
1741 \end{ttbox} |
1745 \end{ttbox} |
1742 Because there are more than 6 constructors, the theory must be based on |
1746 Because there are more than 6 constructors, the theory must be based |
1743 {\tt Arith}. Inequality is defined via a function \verb|days_ord|. The |
1747 on {\tt Arith}. Inequality is expressed via a function |
1744 theorem \verb|Mo ~= Tu| is not directly contained among the distinctness |
1748 \verb|days_ord|. The theorem \verb|Mon ~= Tue| is not directly |
1745 theorems, but the simplifier can prove it thanks to rewrite rules inherited |
1749 contained among the distinctness theorems, but the simplifier can |
1746 from theory {\tt Arith}. |
1750 prove it thanks to rewrite rules inherited from theory {\tt Arith}: |
1747 \begin{ttbox} |
1751 \begin{ttbox} |
1748 goal Days.thy "Mo ~= Tu"; |
1752 goal Days.thy "Mon ~= Tue"; |
1749 by (Simp_tac 1); |
1753 by (Simp_tac 1); |
1750 \end{ttbox} |
1754 \end{ttbox} |
1751 You need not derive such inequalities explicitly: the simplifier will dispose |
1755 You need not derive such inequalities explicitly: the simplifier will dispose |
1752 of them automatically. |
1756 of them automatically. |
1753 |
1757 |