changeset 30152 0ddd8028f98c
parent 30151 629f3a92863e
parent 30148 5d04b67a866e
child 30153 051d3825a15d
equal deleted inserted replaced
30151:629f3a92863e 30152:0ddd8028f98c
     1 %
     2 \begin{isabellebody}%
     3 \def\isabellecontext{logic}%
     4 %
     5 \isadelimtheory
     6 %
     7 \endisadelimtheory
     8 %
     9 \isatagtheory
    10 \isacommand{theory}\isamarkupfalse%
    11 \ logic\ \isakeyword{imports}\ base\ \isakeyword{begin}%
    12 \endisatagtheory
    13 {\isafoldtheory}%
    14 %
    15 \isadelimtheory
    16 %
    17 \endisadelimtheory
    18 %
    19 \isamarkupchapter{Primitive logic \label{ch:logic}%
    20 }
    21 \isamarkuptrue%
    22 %
    23 \begin{isamarkuptext}%
    24 The logical foundations of Isabelle/Isar are that of the Pure logic,
    25   which has been introduced as a natural-deduction framework in
    26   \cite{paulson700}.  This is essentially the same logic as ``\isa{{\isasymlambda}HOL}'' in the more abstract setting of Pure Type Systems (PTS)
    27   \cite{Barendregt-Geuvers:2001}, although there are some key
    28   differences in the specific treatment of simple types in
    29   Isabelle/Pure.
    31   Following type-theoretic parlance, the Pure logic consists of three
    32   levels of \isa{{\isasymlambda}}-calculus with corresponding arrows, \isa{{\isasymRightarrow}} for syntactic function space (terms depending on terms), \isa{{\isasymAnd}} for universal quantification (proofs depending on terms), and
    33   \isa{{\isasymLongrightarrow}} for implication (proofs depending on proofs).
    35   Derivations are relative to a logical theory, which declares type
    36   constructors, constants, and axioms.  Theory declarations support
    37   schematic polymorphism, which is strictly speaking outside the
    38   logic.\footnote{This is the deeper logical reason, why the theory
    39   context \isa{{\isasymTheta}} is separate from the proof context \isa{{\isasymGamma}}
    40   of the core calculus.}%
    41 \end{isamarkuptext}%
    42 \isamarkuptrue%
    43 %
    44 \isamarkupsection{Types \label{sec:types}%
    45 }
    46 \isamarkuptrue%
    47 %
    48 \begin{isamarkuptext}%
    49 The language of types is an uninterpreted order-sorted first-order
    50   algebra; types are qualified by ordered type classes.
    52   \medskip A \emph{type class} is an abstract syntactic entity
    53   declared in the theory context.  The \emph{subclass relation} \isa{c\isactrlisub {\isadigit{1}}\ {\isasymsubseteq}\ c\isactrlisub {\isadigit{2}}} is specified by stating an acyclic
    54   generating relation; the transitive closure is maintained
    55   internally.  The resulting relation is an ordering: reflexive,
    56   transitive, and antisymmetric.
    58   A \emph{sort} is a list of type classes written as \isa{s\ {\isacharequal}\ {\isacharbraceleft}c\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ c\isactrlisub m{\isacharbraceright}}, which represents symbolic
    59   intersection.  Notationally, the curly braces are omitted for
    60   singleton intersections, i.e.\ any class \isa{c} may be read as
    61   a sort \isa{{\isacharbraceleft}c{\isacharbraceright}}.  The ordering on type classes is extended to
    62   sorts according to the meaning of intersections: \isa{{\isacharbraceleft}c\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}\ c\isactrlisub m{\isacharbraceright}\ {\isasymsubseteq}\ {\isacharbraceleft}d\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ d\isactrlisub n{\isacharbraceright}} iff
    63   \isa{{\isasymforall}j{\isachardot}\ {\isasymexists}i{\isachardot}\ c\isactrlisub i\ {\isasymsubseteq}\ d\isactrlisub j}.  The empty intersection
    64   \isa{{\isacharbraceleft}{\isacharbraceright}} refers to the universal sort, which is the largest
    65   element wrt.\ the sort order.  The intersections of all (finitely
    66   many) classes declared in the current theory are the minimal
    67   elements wrt.\ the sort order.
    69   \medskip A \emph{fixed type variable} is a pair of a basic name
    70   (starting with a \isa{{\isacharprime}} character) and a sort constraint, e.g.\
    71   \isa{{\isacharparenleft}{\isacharprime}a{\isacharcomma}\ s{\isacharparenright}} which is usually printed as \isa{{\isasymalpha}\isactrlisub s}.
    72   A \emph{schematic type variable} is a pair of an indexname and a
    73   sort constraint, e.g.\ \isa{{\isacharparenleft}{\isacharparenleft}{\isacharprime}a{\isacharcomma}\ {\isadigit{0}}{\isacharparenright}{\isacharcomma}\ s{\isacharparenright}} which is usually
    74   printed as \isa{{\isacharquery}{\isasymalpha}\isactrlisub s}.
    76   Note that \emph{all} syntactic components contribute to the identity
    77   of type variables, including the sort constraint.  The core logic
    78   handles type variables with the same name but different sorts as
    79   different, although some outer layers of the system make it hard to
    80   produce anything like this.
    82   A \emph{type constructor} \isa{{\isasymkappa}} is a \isa{k}-ary operator
    83   on types declared in the theory.  Type constructor application is
    84   written postfix as \isa{{\isacharparenleft}{\isasymalpha}\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymalpha}\isactrlisub k{\isacharparenright}{\isasymkappa}}.  For
    85   \isa{k\ {\isacharequal}\ {\isadigit{0}}} the argument tuple is omitted, e.g.\ \isa{prop}
    86   instead of \isa{{\isacharparenleft}{\isacharparenright}prop}.  For \isa{k\ {\isacharequal}\ {\isadigit{1}}} the parentheses
    87   are omitted, e.g.\ \isa{{\isasymalpha}\ list} instead of \isa{{\isacharparenleft}{\isasymalpha}{\isacharparenright}list}.
    88   Further notation is provided for specific constructors, notably the
    89   right-associative infix \isa{{\isasymalpha}\ {\isasymRightarrow}\ {\isasymbeta}} instead of \isa{{\isacharparenleft}{\isasymalpha}{\isacharcomma}\ {\isasymbeta}{\isacharparenright}fun}.
    91   A \emph{type} is defined inductively over type variables and type
    92   constructors as follows: \isa{{\isasymtau}\ {\isacharequal}\ {\isasymalpha}\isactrlisub s\ {\isacharbar}\ {\isacharquery}{\isasymalpha}\isactrlisub s\ {\isacharbar}\ {\isacharparenleft}{\isasymtau}\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymtau}\isactrlsub k{\isacharparenright}{\isasymkappa}}.
    94   A \emph{type abbreviation} is a syntactic definition \isa{{\isacharparenleft}\isactrlvec {\isasymalpha}{\isacharparenright}{\isasymkappa}\ {\isacharequal}\ {\isasymtau}} of an arbitrary type expression \isa{{\isasymtau}} over
    95   variables \isa{\isactrlvec {\isasymalpha}}.  Type abbreviations appear as type
    96   constructors in the syntax, but are expanded before entering the
    97   logical core.
    99   A \emph{type arity} declares the image behavior of a type
   100   constructor wrt.\ the algebra of sorts: \isa{{\isasymkappa}\ {\isacharcolon}{\isacharcolon}\ {\isacharparenleft}s\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ s\isactrlisub k{\isacharparenright}s} means that \isa{{\isacharparenleft}{\isasymtau}\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymtau}\isactrlisub k{\isacharparenright}{\isasymkappa}} is
   101   of sort \isa{s} if every argument type \isa{{\isasymtau}\isactrlisub i} is
   102   of sort \isa{s\isactrlisub i}.  Arity declarations are implicitly
   103   completed, i.e.\ \isa{{\isasymkappa}\ {\isacharcolon}{\isacharcolon}\ {\isacharparenleft}\isactrlvec s{\isacharparenright}c} entails \isa{{\isasymkappa}\ {\isacharcolon}{\isacharcolon}\ {\isacharparenleft}\isactrlvec s{\isacharparenright}c{\isacharprime}} for any \isa{c{\isacharprime}\ {\isasymsupseteq}\ c}.
   105   \medskip The sort algebra is always maintained as \emph{coregular},
   106   which means that type arities are consistent with the subclass
   107   relation: for any type constructor \isa{{\isasymkappa}}, and classes \isa{c\isactrlisub {\isadigit{1}}\ {\isasymsubseteq}\ c\isactrlisub {\isadigit{2}}}, and arities \isa{{\isasymkappa}\ {\isacharcolon}{\isacharcolon}\ {\isacharparenleft}\isactrlvec s\isactrlisub {\isadigit{1}}{\isacharparenright}c\isactrlisub {\isadigit{1}}} and \isa{{\isasymkappa}\ {\isacharcolon}{\isacharcolon}\ {\isacharparenleft}\isactrlvec s\isactrlisub {\isadigit{2}}{\isacharparenright}c\isactrlisub {\isadigit{2}}} holds \isa{\isactrlvec s\isactrlisub {\isadigit{1}}\ {\isasymsubseteq}\ \isactrlvec s\isactrlisub {\isadigit{2}}} component-wise.
   109   The key property of a coregular order-sorted algebra is that sort
   110   constraints can be solved in a most general fashion: for each type
   111   constructor \isa{{\isasymkappa}} and sort \isa{s} there is a most general
   112   vector of argument sorts \isa{{\isacharparenleft}s\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ s\isactrlisub k{\isacharparenright}} such
   113   that a type scheme \isa{{\isacharparenleft}{\isasymalpha}\isactrlbsub s\isactrlisub {\isadigit{1}}\isactrlesub {\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymalpha}\isactrlbsub s\isactrlisub k\isactrlesub {\isacharparenright}{\isasymkappa}} is of sort \isa{s}.
   114   Consequently, type unification has most general solutions (modulo
   115   equivalence of sorts), so type-inference produces primary types as
   116   expected \cite{nipkow-prehofer}.%
   117 \end{isamarkuptext}%
   118 \isamarkuptrue%
   119 %
   120 \isadelimmlref
   121 %
   122 \endisadelimmlref
   123 %
   124 \isatagmlref
   125 %
   126 \begin{isamarkuptext}%
   127 \begin{mldecls}
   128   \indexmltype{class}\verb|type class| \\
   129   \indexmltype{sort}\verb|type sort| \\
   130   \indexmltype{arity}\verb|type arity| \\
   131   \indexmltype{typ}\verb|type typ| \\
   132   \indexml{map\_atyps}\verb|map_atyps: (typ -> typ) -> typ -> typ| \\
   133   \indexml{fold\_atyps}\verb|fold_atyps: (typ -> 'a -> 'a) -> typ -> 'a -> 'a| \\
   134   \end{mldecls}
   135   \begin{mldecls}
   136   \indexml{Sign.subsort}\verb|Sign.subsort: theory -> sort * sort -> bool| \\
   137   \indexml{Sign.of\_sort}\verb|Sign.of_sort: theory -> typ * sort -> bool| \\
   138   \indexml{Sign.add\_types}\verb|Sign.add_types: (string * int * mixfix) list -> theory -> theory| \\
   139   \indexml{Sign.add\_tyabbrs\_i}\verb|Sign.add_tyabbrs_i: |\isasep\isanewline%
   140 \verb|  (string * string list * typ * mixfix) list -> theory -> theory| \\
   141   \indexml{Sign.primitive\_class}\verb|Sign.primitive_class: string * class list -> theory -> theory| \\
   142   \indexml{Sign.primitive\_classrel}\verb|Sign.primitive_classrel: class * class -> theory -> theory| \\
   143   \indexml{Sign.primitive\_arity}\verb|Sign.primitive_arity: arity -> theory -> theory| \\
   144   \end{mldecls}
   146   \begin{description}
   148   \item \verb|class| represents type classes; this is an alias for
   149   \verb|string|.
   151   \item \verb|sort| represents sorts; this is an alias for
   152   \verb|class list|.
   154   \item \verb|arity| represents type arities; this is an alias for
   155   triples of the form \isa{{\isacharparenleft}{\isasymkappa}{\isacharcomma}\ \isactrlvec s{\isacharcomma}\ s{\isacharparenright}} for \isa{{\isasymkappa}\ {\isacharcolon}{\isacharcolon}\ {\isacharparenleft}\isactrlvec s{\isacharparenright}s} described above.
   157   \item \verb|typ| represents types; this is a datatype with
   158   constructors \verb|TFree|, \verb|TVar|, \verb|Type|.
   160   \item \verb|map_atyps|~\isa{f\ {\isasymtau}} applies the mapping \isa{f}
   161   to all atomic types (\verb|TFree|, \verb|TVar|) occurring in \isa{{\isasymtau}}.
   163   \item \verb|fold_atyps|~\isa{f\ {\isasymtau}} iterates the operation \isa{f} over all occurrences of atomic types (\verb|TFree|, \verb|TVar|)
   164   in \isa{{\isasymtau}}; the type structure is traversed from left to right.
   166   \item \verb|Sign.subsort|~\isa{thy\ {\isacharparenleft}s\isactrlisub {\isadigit{1}}{\isacharcomma}\ s\isactrlisub {\isadigit{2}}{\isacharparenright}}
   167   tests the subsort relation \isa{s\isactrlisub {\isadigit{1}}\ {\isasymsubseteq}\ s\isactrlisub {\isadigit{2}}}.
   169   \item \verb|Sign.of_sort|~\isa{thy\ {\isacharparenleft}{\isasymtau}{\isacharcomma}\ s{\isacharparenright}} tests whether type
   170   \isa{{\isasymtau}} is of sort \isa{s}.
   172   \item \verb|Sign.add_types|~\isa{{\isacharbrackleft}{\isacharparenleft}{\isasymkappa}{\isacharcomma}\ k{\isacharcomma}\ mx{\isacharparenright}{\isacharcomma}\ {\isasymdots}{\isacharbrackright}} declares a new
   173   type constructors \isa{{\isasymkappa}} with \isa{k} arguments and
   174   optional mixfix syntax.
   176   \item \verb|Sign.add_tyabbrs_i|~\isa{{\isacharbrackleft}{\isacharparenleft}{\isasymkappa}{\isacharcomma}\ \isactrlvec {\isasymalpha}{\isacharcomma}\ {\isasymtau}{\isacharcomma}\ mx{\isacharparenright}{\isacharcomma}\ {\isasymdots}{\isacharbrackright}}
   177   defines a new type abbreviation \isa{{\isacharparenleft}\isactrlvec {\isasymalpha}{\isacharparenright}{\isasymkappa}\ {\isacharequal}\ {\isasymtau}} with
   178   optional mixfix syntax.
   180   \item \verb|Sign.primitive_class|~\isa{{\isacharparenleft}c{\isacharcomma}\ {\isacharbrackleft}c\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ c\isactrlisub n{\isacharbrackright}{\isacharparenright}} declares a new class \isa{c}, together with class
   181   relations \isa{c\ {\isasymsubseteq}\ c\isactrlisub i}, for \isa{i\ {\isacharequal}\ {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ n}.
   183   \item \verb|Sign.primitive_classrel|~\isa{{\isacharparenleft}c\isactrlisub {\isadigit{1}}{\isacharcomma}\ c\isactrlisub {\isadigit{2}}{\isacharparenright}} declares the class relation \isa{c\isactrlisub {\isadigit{1}}\ {\isasymsubseteq}\ c\isactrlisub {\isadigit{2}}}.
   185   \item \verb|Sign.primitive_arity|~\isa{{\isacharparenleft}{\isasymkappa}{\isacharcomma}\ \isactrlvec s{\isacharcomma}\ s{\isacharparenright}} declares
   186   the arity \isa{{\isasymkappa}\ {\isacharcolon}{\isacharcolon}\ {\isacharparenleft}\isactrlvec s{\isacharparenright}s}.
   188   \end{description}%
   189 \end{isamarkuptext}%
   190 \isamarkuptrue%
   191 %
   192 \endisatagmlref
   193 {\isafoldmlref}%
   194 %
   195 \isadelimmlref
   196 %
   197 \endisadelimmlref
   198 %
   199 \isamarkupsection{Terms \label{sec:terms}%
   200 }
   201 \isamarkuptrue%
   202 %
   203 \begin{isamarkuptext}%
   204 \glossary{Term}{FIXME}
   206   The language of terms is that of simply-typed \isa{{\isasymlambda}}-calculus
   207   with de-Bruijn indices for bound variables (cf.\ \cite{debruijn72}
   208   or \cite{paulson-ml2}), with the types being determined determined
   209   by the corresponding binders.  In contrast, free variables and
   210   constants are have an explicit name and type in each occurrence.
   212   \medskip A \emph{bound variable} is a natural number \isa{b},
   213   which accounts for the number of intermediate binders between the
   214   variable occurrence in the body and its binding position.  For
   215   example, the de-Bruijn term \isa{{\isasymlambda}\isactrlbsub nat\isactrlesub {\isachardot}\ {\isasymlambda}\isactrlbsub nat\isactrlesub {\isachardot}\ {\isadigit{1}}\ {\isacharplus}\ {\isadigit{0}}} would
   216   correspond to \isa{{\isasymlambda}x\isactrlbsub nat\isactrlesub {\isachardot}\ {\isasymlambda}y\isactrlbsub nat\isactrlesub {\isachardot}\ x\ {\isacharplus}\ y} in a named
   217   representation.  Note that a bound variable may be represented by
   218   different de-Bruijn indices at different occurrences, depending on
   219   the nesting of abstractions.
   221   A \emph{loose variable} is a bound variable that is outside the
   222   scope of local binders.  The types (and names) for loose variables
   223   can be managed as a separate context, that is maintained as a stack
   224   of hypothetical binders.  The core logic operates on closed terms,
   225   without any loose variables.
   227   A \emph{fixed variable} is a pair of a basic name and a type, e.g.\
   228   \isa{{\isacharparenleft}x{\isacharcomma}\ {\isasymtau}{\isacharparenright}} which is usually printed \isa{x\isactrlisub {\isasymtau}}.  A
   229   \emph{schematic variable} is a pair of an indexname and a type,
   230   e.g.\ \isa{{\isacharparenleft}{\isacharparenleft}x{\isacharcomma}\ {\isadigit{0}}{\isacharparenright}{\isacharcomma}\ {\isasymtau}{\isacharparenright}} which is usually printed as \isa{{\isacharquery}x\isactrlisub {\isasymtau}}.
   232   \medskip A \emph{constant} is a pair of a basic name and a type,
   233   e.g.\ \isa{{\isacharparenleft}c{\isacharcomma}\ {\isasymtau}{\isacharparenright}} which is usually printed as \isa{c\isactrlisub {\isasymtau}}.  Constants are declared in the context as polymorphic
   234   families \isa{c\ {\isacharcolon}{\isacharcolon}\ {\isasymsigma}}, meaning that all substitution instances
   235   \isa{c\isactrlisub {\isasymtau}} for \isa{{\isasymtau}\ {\isacharequal}\ {\isasymsigma}{\isasymvartheta}} are valid.
   237   The vector of \emph{type arguments} of constant \isa{c\isactrlisub {\isasymtau}}
   238   wrt.\ the declaration \isa{c\ {\isacharcolon}{\isacharcolon}\ {\isasymsigma}} is defined as the codomain of
   239   the matcher \isa{{\isasymvartheta}\ {\isacharequal}\ {\isacharbraceleft}{\isacharquery}{\isasymalpha}\isactrlisub {\isadigit{1}}\ {\isasymmapsto}\ {\isasymtau}\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isacharquery}{\isasymalpha}\isactrlisub n\ {\isasymmapsto}\ {\isasymtau}\isactrlisub n{\isacharbraceright}} presented in canonical order \isa{{\isacharparenleft}{\isasymtau}\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymtau}\isactrlisub n{\isacharparenright}}.  Within a given theory context,
   240   there is a one-to-one correspondence between any constant \isa{c\isactrlisub {\isasymtau}} and the application \isa{c{\isacharparenleft}{\isasymtau}\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymtau}\isactrlisub n{\isacharparenright}} of its type arguments.  For example, with \isa{plus\ {\isacharcolon}{\isacharcolon}\ {\isasymalpha}\ {\isasymRightarrow}\ {\isasymalpha}\ {\isasymRightarrow}\ {\isasymalpha}}, the instance \isa{plus\isactrlbsub nat\ {\isasymRightarrow}\ nat\ {\isasymRightarrow}\ nat\isactrlesub } corresponds to \isa{plus{\isacharparenleft}nat{\isacharparenright}}.
   242   Constant declarations \isa{c\ {\isacharcolon}{\isacharcolon}\ {\isasymsigma}} may contain sort constraints
   243   for type variables in \isa{{\isasymsigma}}.  These are observed by
   244   type-inference as expected, but \emph{ignored} by the core logic.
   245   This means the primitive logic is able to reason with instances of
   246   polymorphic constants that the user-level type-checker would reject
   247   due to violation of type class restrictions.
   249   \medskip An \emph{atomic} term is either a variable or constant.  A
   250   \emph{term} is defined inductively over atomic terms, with
   251   abstraction and application as follows: \isa{t\ {\isacharequal}\ b\ {\isacharbar}\ x\isactrlisub {\isasymtau}\ {\isacharbar}\ {\isacharquery}x\isactrlisub {\isasymtau}\ {\isacharbar}\ c\isactrlisub {\isasymtau}\ {\isacharbar}\ {\isasymlambda}\isactrlisub {\isasymtau}{\isachardot}\ t\ {\isacharbar}\ t\isactrlisub {\isadigit{1}}\ t\isactrlisub {\isadigit{2}}}.
   252   Parsing and printing takes care of converting between an external
   253   representation with named bound variables.  Subsequently, we shall
   254   use the latter notation instead of internal de-Bruijn
   255   representation.
   257   The inductive relation \isa{t\ {\isacharcolon}{\isacharcolon}\ {\isasymtau}} assigns a (unique) type to a
   258   term according to the structure of atomic terms, abstractions, and
   259   applicatins:
   260   \[
   261   \infer{\isa{a\isactrlisub {\isasymtau}\ {\isacharcolon}{\isacharcolon}\ {\isasymtau}}}{}
   262   \qquad
   263   \infer{\isa{{\isacharparenleft}{\isasymlambda}x\isactrlsub {\isasymtau}{\isachardot}\ t{\isacharparenright}\ {\isacharcolon}{\isacharcolon}\ {\isasymtau}\ {\isasymRightarrow}\ {\isasymsigma}}}{\isa{t\ {\isacharcolon}{\isacharcolon}\ {\isasymsigma}}}
   264   \qquad
   265   \infer{\isa{t\ u\ {\isacharcolon}{\isacharcolon}\ {\isasymsigma}}}{\isa{t\ {\isacharcolon}{\isacharcolon}\ {\isasymtau}\ {\isasymRightarrow}\ {\isasymsigma}} & \isa{u\ {\isacharcolon}{\isacharcolon}\ {\isasymtau}}}
   266   \]
   267   A \emph{well-typed term} is a term that can be typed according to these rules.
   269   Typing information can be omitted: type-inference is able to
   270   reconstruct the most general type of a raw term, while assigning
   271   most general types to all of its variables and constants.
   272   Type-inference depends on a context of type constraints for fixed
   273   variables, and declarations for polymorphic constants.
   275   The identity of atomic terms consists both of the name and the type
   276   component.  This means that different variables \isa{x\isactrlbsub {\isasymtau}\isactrlisub {\isadigit{1}}\isactrlesub } and \isa{x\isactrlbsub {\isasymtau}\isactrlisub {\isadigit{2}}\isactrlesub } may become the same after type
   277   instantiation.  Some outer layers of the system make it hard to
   278   produce variables of the same name, but different types.  In
   279   contrast, mixed instances of polymorphic constants occur frequently.
   281   \medskip The \emph{hidden polymorphism} of a term \isa{t\ {\isacharcolon}{\isacharcolon}\ {\isasymsigma}}
   282   is the set of type variables occurring in \isa{t}, but not in
   283   \isa{{\isasymsigma}}.  This means that the term implicitly depends on type
   284   arguments that are not accounted in the result type, i.e.\ there are
   285   different type instances \isa{t{\isasymvartheta}\ {\isacharcolon}{\isacharcolon}\ {\isasymsigma}} and \isa{t{\isasymvartheta}{\isacharprime}\ {\isacharcolon}{\isacharcolon}\ {\isasymsigma}} with the same type.  This slightly
   286   pathological situation notoriously demands additional care.
   288   \medskip A \emph{term abbreviation} is a syntactic definition \isa{c\isactrlisub {\isasymsigma}\ {\isasymequiv}\ t} of a closed term \isa{t} of type \isa{{\isasymsigma}},
   289   without any hidden polymorphism.  A term abbreviation looks like a
   290   constant in the syntax, but is expanded before entering the logical
   291   core.  Abbreviations are usually reverted when printing terms, using
   292   \isa{t\ {\isasymrightarrow}\ c\isactrlisub {\isasymsigma}} as rules for higher-order rewriting.
   294   \medskip Canonical operations on \isa{{\isasymlambda}}-terms include \isa{{\isasymalpha}{\isasymbeta}{\isasymeta}}-conversion: \isa{{\isasymalpha}}-conversion refers to capture-free
   295   renaming of bound variables; \isa{{\isasymbeta}}-conversion contracts an
   296   abstraction applied to an argument term, substituting the argument
   297   in the body: \isa{{\isacharparenleft}{\isasymlambda}x{\isachardot}\ b{\isacharparenright}a} becomes \isa{b{\isacharbrackleft}a{\isacharslash}x{\isacharbrackright}}; \isa{{\isasymeta}}-conversion contracts vacuous application-abstraction: \isa{{\isasymlambda}x{\isachardot}\ f\ x} becomes \isa{f}, provided that the bound variable
   298   does not occur in \isa{f}.
   300   Terms are normally treated modulo \isa{{\isasymalpha}}-conversion, which is
   301   implicit in the de-Bruijn representation.  Names for bound variables
   302   in abstractions are maintained separately as (meaningless) comments,
   303   mostly for parsing and printing.  Full \isa{{\isasymalpha}{\isasymbeta}{\isasymeta}}-conversion is
   304   commonplace in various standard operations (\secref{sec:obj-rules})
   305   that are based on higher-order unification and matching.%
   306 \end{isamarkuptext}%
   307 \isamarkuptrue%
   308 %
   309 \isadelimmlref
   310 %
   311 \endisadelimmlref
   312 %
   313 \isatagmlref
   314 %
   315 \begin{isamarkuptext}%
   316 \begin{mldecls}
   317   \indexmltype{term}\verb|type term| \\
   318   \indexml{op aconv}\verb|op aconv: term * term -> bool| \\
   319   \indexml{map\_types}\verb|map_types: (typ -> typ) -> term -> term| \\
   320   \indexml{fold\_types}\verb|fold_types: (typ -> 'a -> 'a) -> term -> 'a -> 'a| \\
   321   \indexml{map\_aterms}\verb|map_aterms: (term -> term) -> term -> term| \\
   322   \indexml{fold\_aterms}\verb|fold_aterms: (term -> 'a -> 'a) -> term -> 'a -> 'a| \\
   323   \end{mldecls}
   324   \begin{mldecls}
   325   \indexml{fastype\_of}\verb|fastype_of: term -> typ| \\
   326   \indexml{lambda}\verb|lambda: term -> term -> term| \\
   327   \indexml{betapply}\verb|betapply: term * term -> term| \\
   328   \indexml{Sign.declare\_const}\verb|Sign.declare_const: Properties.T -> (binding * typ) * mixfix ->|\isasep\isanewline%
   329 \verb|  theory -> term * theory| \\
   330   \indexml{Sign.add\_abbrev}\verb|Sign.add_abbrev: string -> Properties.T -> binding * term ->|\isasep\isanewline%
   331 \verb|  theory -> (term * term) * theory| \\
   332   \indexml{Sign.const\_typargs}\verb|Sign.const_typargs: theory -> string * typ -> typ list| \\
   333   \indexml{Sign.const\_instance}\verb|Sign.const_instance: theory -> string * typ list -> typ| \\
   334   \end{mldecls}
   336   \begin{description}
   338   \item \verb|term| represents de-Bruijn terms, with comments in
   339   abstractions, and explicitly named free variables and constants;
   340   this is a datatype with constructors \verb|Bound|, \verb|Free|, \verb|Var|, \verb|Const|, \verb|Abs|, \verb|op $|.
   342   \item \isa{t}~\verb|aconv|~\isa{u} checks \isa{{\isasymalpha}}-equivalence of two terms.  This is the basic equality relation
   343   on type \verb|term|; raw datatype equality should only be used
   344   for operations related to parsing or printing!
   346   \item \verb|map_types|~\isa{f\ t} applies the mapping \isa{f} to all types occurring in \isa{t}.
   348   \item \verb|fold_types|~\isa{f\ t} iterates the operation \isa{f} over all occurrences of types in \isa{t}; the term
   349   structure is traversed from left to right.
   351   \item \verb|map_aterms|~\isa{f\ t} applies the mapping \isa{f}
   352   to all atomic terms (\verb|Bound|, \verb|Free|, \verb|Var|, \verb|Const|) occurring in \isa{t}.
   354   \item \verb|fold_aterms|~\isa{f\ t} iterates the operation \isa{f} over all occurrences of atomic terms (\verb|Bound|, \verb|Free|,
   355   \verb|Var|, \verb|Const|) in \isa{t}; the term structure is
   356   traversed from left to right.
   358   \item \verb|fastype_of|~\isa{t} determines the type of a
   359   well-typed term.  This operation is relatively slow, despite the
   360   omission of any sanity checks.
   362   \item \verb|lambda|~\isa{a\ b} produces an abstraction \isa{{\isasymlambda}a{\isachardot}\ b}, where occurrences of the atomic term \isa{a} in the
   363   body \isa{b} are replaced by bound variables.
   365   \item \verb|betapply|~\isa{{\isacharparenleft}t{\isacharcomma}\ u{\isacharparenright}} produces an application \isa{t\ u}, with topmost \isa{{\isasymbeta}}-conversion if \isa{t} is an
   366   abstraction.
   368   \item \verb|Sign.declare_const|~\isa{properties\ {\isacharparenleft}{\isacharparenleft}c{\isacharcomma}\ {\isasymsigma}{\isacharparenright}{\isacharcomma}\ mx{\isacharparenright}}
   369   declares a new constant \isa{c\ {\isacharcolon}{\isacharcolon}\ {\isasymsigma}} with optional mixfix
   370   syntax.
   372   \item \verb|Sign.add_abbrev|~\isa{print{\isacharunderscore}mode\ properties\ {\isacharparenleft}c{\isacharcomma}\ t{\isacharparenright}}
   373   introduces a new term abbreviation \isa{c\ {\isasymequiv}\ t}.
   375   \item \verb|Sign.const_typargs|~\isa{thy\ {\isacharparenleft}c{\isacharcomma}\ {\isasymtau}{\isacharparenright}} and \verb|Sign.const_instance|~\isa{thy\ {\isacharparenleft}c{\isacharcomma}\ {\isacharbrackleft}{\isasymtau}\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymtau}\isactrlisub n{\isacharbrackright}{\isacharparenright}}
   376   convert between two representations of polymorphic constants: full
   377   type instance vs.\ compact type arguments form.
   379   \end{description}%
   380 \end{isamarkuptext}%
   381 \isamarkuptrue%
   382 %
   383 \endisatagmlref
   384 {\isafoldmlref}%
   385 %
   386 \isadelimmlref
   387 %
   388 \endisadelimmlref
   389 %
   390 \isamarkupsection{Theorems \label{sec:thms}%
   391 }
   392 \isamarkuptrue%
   393 %
   394 \begin{isamarkuptext}%
   395 \glossary{Proposition}{FIXME A \seeglossary{term} of
   396   \seeglossary{type} \isa{prop}.  Internally, there is nothing
   397   special about propositions apart from their type, but the concrete
   398   syntax enforces a clear distinction.  Propositions are structured
   399   via implication \isa{A\ {\isasymLongrightarrow}\ B} or universal quantification \isa{{\isasymAnd}x{\isachardot}\ B\ x} --- anything else is considered atomic.  The canonical
   400   form for propositions is that of a \seeglossary{Hereditary Harrop
   401   Formula}. FIXME}
   403   \glossary{Theorem}{A proven proposition within a certain theory and
   404   proof context, formally \isa{{\isasymGamma}\ {\isasymturnstile}\isactrlsub {\isasymTheta}\ {\isasymphi}}; both contexts are
   405   rarely spelled out explicitly.  Theorems are usually normalized
   406   according to the \seeglossary{HHF} format. FIXME}
   408   \glossary{Fact}{Sometimes used interchangeably for
   409   \seeglossary{theorem}.  Strictly speaking, a list of theorems,
   410   essentially an extra-logical conjunction.  Facts emerge either as
   411   local assumptions, or as results of local goal statements --- both
   412   may be simultaneous, hence the list representation. FIXME}
   414   \glossary{Schematic variable}{FIXME}
   416   \glossary{Fixed variable}{A variable that is bound within a certain
   417   proof context; an arbitrary-but-fixed entity within a portion of
   418   proof text. FIXME}
   420   \glossary{Free variable}{Synonymous for \seeglossary{fixed
   421   variable}. FIXME}
   423   \glossary{Bound variable}{FIXME}
   425   \glossary{Variable}{See \seeglossary{schematic variable},
   426   \seeglossary{fixed variable}, \seeglossary{bound variable}, or
   427   \seeglossary{type variable}.  The distinguishing feature of
   428   different variables is their binding scope. FIXME}
   430   A \emph{proposition} is a well-typed term of type \isa{prop}, a
   431   \emph{theorem} is a proven proposition (depending on a context of
   432   hypotheses and the background theory).  Primitive inferences include
   433   plain natural deduction rules for the primary connectives \isa{{\isasymAnd}} and \isa{{\isasymLongrightarrow}} of the framework.  There is also a builtin
   434   notion of equality/equivalence \isa{{\isasymequiv}}.%
   435 \end{isamarkuptext}%
   436 \isamarkuptrue%
   437 %
   438 \isamarkupsubsection{Primitive connectives and rules \label{sec:prim-rules}%
   439 }
   440 \isamarkuptrue%
   441 %
   442 \begin{isamarkuptext}%
   443 The theory \isa{Pure} contains constant declarations for the
   444   primitive connectives \isa{{\isasymAnd}}, \isa{{\isasymLongrightarrow}}, and \isa{{\isasymequiv}} of
   445   the logical framework, see \figref{fig:pure-connectives}.  The
   446   derivability judgment \isa{A\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ A\isactrlisub n\ {\isasymturnstile}\ B} is
   447   defined inductively by the primitive inferences given in
   448   \figref{fig:prim-rules}, with the global restriction that the
   449   hypotheses must \emph{not} contain any schematic variables.  The
   450   builtin equality is conceptually axiomatized as shown in
   451   \figref{fig:pure-equality}, although the implementation works
   452   directly with derived inferences.
   454   \begin{figure}[htb]
   455   \begin{center}
   456   \begin{tabular}{ll}
   457   \isa{all\ {\isacharcolon}{\isacharcolon}\ {\isacharparenleft}{\isasymalpha}\ {\isasymRightarrow}\ prop{\isacharparenright}\ {\isasymRightarrow}\ prop} & universal quantification (binder \isa{{\isasymAnd}}) \\
   458   \isa{{\isasymLongrightarrow}\ {\isacharcolon}{\isacharcolon}\ prop\ {\isasymRightarrow}\ prop\ {\isasymRightarrow}\ prop} & implication (right associative infix) \\
   459   \isa{{\isasymequiv}\ {\isacharcolon}{\isacharcolon}\ {\isasymalpha}\ {\isasymRightarrow}\ {\isasymalpha}\ {\isasymRightarrow}\ prop} & equality relation (infix) \\
   460   \end{tabular}
   461   \caption{Primitive connectives of Pure}\label{fig:pure-connectives}
   462   \end{center}
   463   \end{figure}
   465   \begin{figure}[htb]
   466   \begin{center}
   467   \[
   468   \infer[\isa{{\isacharparenleft}axiom{\isacharparenright}}]{\isa{{\isasymturnstile}\ A}}{\isa{A\ {\isasymin}\ {\isasymTheta}}}
   469   \qquad
   470   \infer[\isa{{\isacharparenleft}assume{\isacharparenright}}]{\isa{A\ {\isasymturnstile}\ A}}{}
   471   \]
   472   \[
   473   \infer[\isa{{\isacharparenleft}{\isasymAnd}{\isacharunderscore}intro{\isacharparenright}}]{\isa{{\isasymGamma}\ {\isasymturnstile}\ {\isasymAnd}x{\isachardot}\ b{\isacharbrackleft}x{\isacharbrackright}}}{\isa{{\isasymGamma}\ {\isasymturnstile}\ b{\isacharbrackleft}x{\isacharbrackright}} & \isa{x\ {\isasymnotin}\ {\isasymGamma}}}
   474   \qquad
   475   \infer[\isa{{\isacharparenleft}{\isasymAnd}{\isacharunderscore}elim{\isacharparenright}}]{\isa{{\isasymGamma}\ {\isasymturnstile}\ b{\isacharbrackleft}a{\isacharbrackright}}}{\isa{{\isasymGamma}\ {\isasymturnstile}\ {\isasymAnd}x{\isachardot}\ b{\isacharbrackleft}x{\isacharbrackright}}}
   476   \]
   477   \[
   478   \infer[\isa{{\isacharparenleft}{\isasymLongrightarrow}{\isacharunderscore}intro{\isacharparenright}}]{\isa{{\isasymGamma}\ {\isacharminus}\ A\ {\isasymturnstile}\ A\ {\isasymLongrightarrow}\ B}}{\isa{{\isasymGamma}\ {\isasymturnstile}\ B}}
   479   \qquad
   480   \infer[\isa{{\isacharparenleft}{\isasymLongrightarrow}{\isacharunderscore}elim{\isacharparenright}}]{\isa{{\isasymGamma}\isactrlsub {\isadigit{1}}\ {\isasymunion}\ {\isasymGamma}\isactrlsub {\isadigit{2}}\ {\isasymturnstile}\ B}}{\isa{{\isasymGamma}\isactrlsub {\isadigit{1}}\ {\isasymturnstile}\ A\ {\isasymLongrightarrow}\ B} & \isa{{\isasymGamma}\isactrlsub {\isadigit{2}}\ {\isasymturnstile}\ A}}
   481   \]
   482   \caption{Primitive inferences of Pure}\label{fig:prim-rules}
   483   \end{center}
   484   \end{figure}
   486   \begin{figure}[htb]
   487   \begin{center}
   488   \begin{tabular}{ll}
   489   \isa{{\isasymturnstile}\ {\isacharparenleft}{\isasymlambda}x{\isachardot}\ b{\isacharbrackleft}x{\isacharbrackright}{\isacharparenright}\ a\ {\isasymequiv}\ b{\isacharbrackleft}a{\isacharbrackright}} & \isa{{\isasymbeta}}-conversion \\
   490   \isa{{\isasymturnstile}\ x\ {\isasymequiv}\ x} & reflexivity \\
   491   \isa{{\isasymturnstile}\ x\ {\isasymequiv}\ y\ {\isasymLongrightarrow}\ P\ x\ {\isasymLongrightarrow}\ P\ y} & substitution \\
   492   \isa{{\isasymturnstile}\ {\isacharparenleft}{\isasymAnd}x{\isachardot}\ f\ x\ {\isasymequiv}\ g\ x{\isacharparenright}\ {\isasymLongrightarrow}\ f\ {\isasymequiv}\ g} & extensionality \\
   493   \isa{{\isasymturnstile}\ {\isacharparenleft}A\ {\isasymLongrightarrow}\ B{\isacharparenright}\ {\isasymLongrightarrow}\ {\isacharparenleft}B\ {\isasymLongrightarrow}\ A{\isacharparenright}\ {\isasymLongrightarrow}\ A\ {\isasymequiv}\ B} & logical equivalence \\
   494   \end{tabular}
   495   \caption{Conceptual axiomatization of Pure equality}\label{fig:pure-equality}
   496   \end{center}
   497   \end{figure}
   499   The introduction and elimination rules for \isa{{\isasymAnd}} and \isa{{\isasymLongrightarrow}} are analogous to formation of dependently typed \isa{{\isasymlambda}}-terms representing the underlying proof objects.  Proof terms
   500   are irrelevant in the Pure logic, though; they cannot occur within
   501   propositions.  The system provides a runtime option to record
   502   explicit proof terms for primitive inferences.  Thus all three
   503   levels of \isa{{\isasymlambda}}-calculus become explicit: \isa{{\isasymRightarrow}} for
   504   terms, and \isa{{\isasymAnd}{\isacharslash}{\isasymLongrightarrow}} for proofs (cf.\
   505   \cite{Berghofer-Nipkow:2000:TPHOL}).
   507   Observe that locally fixed parameters (as in \isa{{\isasymAnd}{\isacharunderscore}intro}) need
   508   not be recorded in the hypotheses, because the simple syntactic
   509   types of Pure are always inhabitable.  ``Assumptions'' \isa{x\ {\isacharcolon}{\isacharcolon}\ {\isasymtau}} for type-membership are only present as long as some \isa{x\isactrlisub {\isasymtau}} occurs in the statement body.\footnote{This is the key
   510   difference to ``\isa{{\isasymlambda}HOL}'' in the PTS framework
   511   \cite{Barendregt-Geuvers:2001}, where hypotheses \isa{x\ {\isacharcolon}\ A} are
   512   treated uniformly for propositions and types.}
   514   \medskip The axiomatization of a theory is implicitly closed by
   515   forming all instances of type and term variables: \isa{{\isasymturnstile}\ A{\isasymvartheta}} holds for any substitution instance of an axiom
   516   \isa{{\isasymturnstile}\ A}.  By pushing substitutions through derivations
   517   inductively, we also get admissible \isa{generalize} and \isa{instance} rules as shown in \figref{fig:subst-rules}.
   519   \begin{figure}[htb]
   520   \begin{center}
   521   \[
   522   \infer{\isa{{\isasymGamma}\ {\isasymturnstile}\ B{\isacharbrackleft}{\isacharquery}{\isasymalpha}{\isacharbrackright}}}{\isa{{\isasymGamma}\ {\isasymturnstile}\ B{\isacharbrackleft}{\isasymalpha}{\isacharbrackright}} & \isa{{\isasymalpha}\ {\isasymnotin}\ {\isasymGamma}}}
   523   \quad
   524   \infer[\quad\isa{{\isacharparenleft}generalize{\isacharparenright}}]{\isa{{\isasymGamma}\ {\isasymturnstile}\ B{\isacharbrackleft}{\isacharquery}x{\isacharbrackright}}}{\isa{{\isasymGamma}\ {\isasymturnstile}\ B{\isacharbrackleft}x{\isacharbrackright}} & \isa{x\ {\isasymnotin}\ {\isasymGamma}}}
   525   \]
   526   \[
   527   \infer{\isa{{\isasymGamma}\ {\isasymturnstile}\ B{\isacharbrackleft}{\isasymtau}{\isacharbrackright}}}{\isa{{\isasymGamma}\ {\isasymturnstile}\ B{\isacharbrackleft}{\isacharquery}{\isasymalpha}{\isacharbrackright}}}
   528   \quad
   529   \infer[\quad\isa{{\isacharparenleft}instantiate{\isacharparenright}}]{\isa{{\isasymGamma}\ {\isasymturnstile}\ B{\isacharbrackleft}t{\isacharbrackright}}}{\isa{{\isasymGamma}\ {\isasymturnstile}\ B{\isacharbrackleft}{\isacharquery}x{\isacharbrackright}}}
   530   \]
   531   \caption{Admissible substitution rules}\label{fig:subst-rules}
   532   \end{center}
   533   \end{figure}
   535   Note that \isa{instantiate} does not require an explicit
   536   side-condition, because \isa{{\isasymGamma}} may never contain schematic
   537   variables.
   539   In principle, variables could be substituted in hypotheses as well,
   540   but this would disrupt the monotonicity of reasoning: deriving
   541   \isa{{\isasymGamma}{\isasymvartheta}\ {\isasymturnstile}\ B{\isasymvartheta}} from \isa{{\isasymGamma}\ {\isasymturnstile}\ B} is
   542   correct, but \isa{{\isasymGamma}{\isasymvartheta}\ {\isasymsupseteq}\ {\isasymGamma}} does not necessarily hold:
   543   the result belongs to a different proof context.
   545   \medskip An \emph{oracle} is a function that produces axioms on the
   546   fly.  Logically, this is an instance of the \isa{axiom} rule
   547   (\figref{fig:prim-rules}), but there is an operational difference.
   548   The system always records oracle invocations within derivations of
   549   theorems.  Tracing plain axioms (and named theorems) is optional.
   551   Axiomatizations should be limited to the bare minimum, typically as
   552   part of the initial logical basis of an object-logic formalization.
   553   Later on, theories are usually developed in a strictly definitional
   554   fashion, by stating only certain equalities over new constants.
   556   A \emph{simple definition} consists of a constant declaration \isa{c\ {\isacharcolon}{\isacharcolon}\ {\isasymsigma}} together with an axiom \isa{{\isasymturnstile}\ c\ {\isasymequiv}\ t}, where \isa{t\ {\isacharcolon}{\isacharcolon}\ {\isasymsigma}} is a closed term without any hidden polymorphism.  The RHS
   557   may depend on further defined constants, but not \isa{c} itself.
   558   Definitions of functions may be presented as \isa{c\ \isactrlvec x\ {\isasymequiv}\ t} instead of the puristic \isa{c\ {\isasymequiv}\ {\isasymlambda}\isactrlvec x{\isachardot}\ t}.
   560   An \emph{overloaded definition} consists of a collection of axioms
   561   for the same constant, with zero or one equations \isa{c{\isacharparenleft}{\isacharparenleft}\isactrlvec {\isasymalpha}{\isacharparenright}{\isasymkappa}{\isacharparenright}\ {\isasymequiv}\ t} for each type constructor \isa{{\isasymkappa}} (for
   562   distinct variables \isa{\isactrlvec {\isasymalpha}}).  The RHS may mention
   563   previously defined constants as above, or arbitrary constants \isa{d{\isacharparenleft}{\isasymalpha}\isactrlisub i{\isacharparenright}} for some \isa{{\isasymalpha}\isactrlisub i} projected from \isa{\isactrlvec {\isasymalpha}}.  Thus overloaded definitions essentially work by
   564   primitive recursion over the syntactic structure of a single type
   565   argument.%
   566 \end{isamarkuptext}%
   567 \isamarkuptrue%
   568 %
   569 \isadelimmlref
   570 %
   571 \endisadelimmlref
   572 %
   573 \isatagmlref
   574 %
   575 \begin{isamarkuptext}%
   576 \begin{mldecls}
   577   \indexmltype{ctyp}\verb|type ctyp| \\
   578   \indexmltype{cterm}\verb|type cterm| \\
   579   \indexml{Thm.ctyp\_of}\verb|Thm.ctyp_of: theory -> typ -> ctyp| \\
   580   \indexml{Thm.cterm\_of}\verb|Thm.cterm_of: theory -> term -> cterm| \\
   581   \end{mldecls}
   582   \begin{mldecls}
   583   \indexmltype{thm}\verb|type thm| \\
   584   \indexml{proofs}\verb|proofs: int ref| \\
   585   \indexml{Thm.assume}\verb|Thm.assume: cterm -> thm| \\
   586   \indexml{Thm.forall\_intr}\verb|Thm.forall_intr: cterm -> thm -> thm| \\
   587   \indexml{Thm.forall\_elim}\verb|Thm.forall_elim: cterm -> thm -> thm| \\
   588   \indexml{Thm.implies\_intr}\verb|Thm.implies_intr: cterm -> thm -> thm| \\
   589   \indexml{Thm.implies\_elim}\verb|Thm.implies_elim: thm -> thm -> thm| \\
   590   \indexml{Thm.generalize}\verb|Thm.generalize: string list * string list -> int -> thm -> thm| \\
   591   \indexml{Thm.instantiate}\verb|Thm.instantiate: (ctyp * ctyp) list * (cterm * cterm) list -> thm -> thm| \\
   592   \indexml{Thm.axiom}\verb|Thm.axiom: theory -> string -> thm| \\
   593   \indexml{Thm.add\_oracle}\verb|Thm.add_oracle: bstring * ('a -> cterm) -> theory|\isasep\isanewline%
   594 \verb|  -> (string * ('a -> thm)) * theory| \\
   595   \end{mldecls}
   596   \begin{mldecls}
   597   \indexml{Theory.add\_axioms\_i}\verb|Theory.add_axioms_i: (binding * term) list -> theory -> theory| \\
   598   \indexml{Theory.add\_deps}\verb|Theory.add_deps: string -> string * typ -> (string * typ) list -> theory -> theory| \\
   599   \indexml{Theory.add\_defs\_i}\verb|Theory.add_defs_i: bool -> bool -> (binding * term) list -> theory -> theory| \\
   600   \end{mldecls}
   602   \begin{description}
   604   \item \verb|ctyp| and \verb|cterm| represent certified types
   605   and terms, respectively.  These are abstract datatypes that
   606   guarantee that its values have passed the full well-formedness (and
   607   well-typedness) checks, relative to the declarations of type
   608   constructors, constants etc. in the theory.
   610   \item \verb|ctyp_of|~\isa{thy\ {\isasymtau}} and \verb|cterm_of|~\isa{thy\ t} explicitly checks types and terms, respectively.  This also
   611   involves some basic normalizations, such expansion of type and term
   612   abbreviations from the theory context.
   614   Re-certification is relatively slow and should be avoided in tight
   615   reasoning loops.  There are separate operations to decompose
   616   certified entities (including actual theorems).
   618   \item \verb|thm| represents proven propositions.  This is an
   619   abstract datatype that guarantees that its values have been
   620   constructed by basic principles of the \verb|Thm| module.
   621   Every \verb|thm| value contains a sliding back-reference to the
   622   enclosing theory, cf.\ \secref{sec:context-theory}.
   624   \item \verb|proofs| determines the detail of proof recording within
   625   \verb|thm| values: \verb|0| records only oracles, \verb|1| records
   626   oracles, axioms and named theorems, \verb|2| records full proof
   627   terms.
   629   \item \verb|Thm.assume|, \verb|Thm.forall_intr|, \verb|Thm.forall_elim|, \verb|Thm.implies_intr|, and \verb|Thm.implies_elim|
   630   correspond to the primitive inferences of \figref{fig:prim-rules}.
   632   \item \verb|Thm.generalize|~\isa{{\isacharparenleft}\isactrlvec {\isasymalpha}{\isacharcomma}\ \isactrlvec x{\isacharparenright}}
   633   corresponds to the \isa{generalize} rules of
   634   \figref{fig:subst-rules}.  Here collections of type and term
   635   variables are generalized simultaneously, specified by the given
   636   basic names.
   638   \item \verb|Thm.instantiate|~\isa{{\isacharparenleft}\isactrlvec {\isasymalpha}\isactrlisub s{\isacharcomma}\ \isactrlvec x\isactrlisub {\isasymtau}{\isacharparenright}} corresponds to the \isa{instantiate} rules
   639   of \figref{fig:subst-rules}.  Type variables are substituted before
   640   term variables.  Note that the types in \isa{\isactrlvec x\isactrlisub {\isasymtau}}
   641   refer to the instantiated versions.
   643   \item \verb|Thm.axiom|~\isa{thy\ name} retrieves a named
   644   axiom, cf.\ \isa{axiom} in \figref{fig:prim-rules}.
   646   \item \verb|Thm.add_oracle|~\isa{{\isacharparenleft}name{\isacharcomma}\ oracle{\isacharparenright}} produces a named
   647   oracle rule, essentially generating arbitrary axioms on the fly,
   648   cf.\ \isa{axiom} in \figref{fig:prim-rules}.
   650   \item \verb|Theory.add_axioms_i|~\isa{{\isacharbrackleft}{\isacharparenleft}name{\isacharcomma}\ A{\isacharparenright}{\isacharcomma}\ {\isasymdots}{\isacharbrackright}} declares
   651   arbitrary propositions as axioms.
   653   \item \verb|Theory.add_deps|~\isa{name\ c\isactrlisub {\isasymtau}\ \isactrlvec d\isactrlisub {\isasymsigma}} declares dependencies of a named specification
   654   for constant \isa{c\isactrlisub {\isasymtau}}, relative to existing
   655   specifications for constants \isa{\isactrlvec d\isactrlisub {\isasymsigma}}.
   657   \item \verb|Theory.add_defs_i|~\isa{unchecked\ overloaded\ {\isacharbrackleft}{\isacharparenleft}name{\isacharcomma}\ c\ \isactrlvec x\ {\isasymequiv}\ t{\isacharparenright}{\isacharcomma}\ {\isasymdots}{\isacharbrackright}} states a definitional axiom for an existing
   658   constant \isa{c}.  Dependencies are recorded (cf.\ \verb|Theory.add_deps|), unless the \isa{unchecked} option is set.
   660   \end{description}%
   661 \end{isamarkuptext}%
   662 \isamarkuptrue%
   663 %
   664 \endisatagmlref
   665 {\isafoldmlref}%
   666 %
   667 \isadelimmlref
   668 %
   669 \endisadelimmlref
   670 %
   671 \isamarkupsubsection{Auxiliary definitions%
   672 }
   673 \isamarkuptrue%
   674 %
   675 \begin{isamarkuptext}%
   676 Theory \isa{Pure} provides a few auxiliary definitions, see
   677   \figref{fig:pure-aux}.  These special constants are normally not
   678   exposed to the user, but appear in internal encodings.
   680   \begin{figure}[htb]
   681   \begin{center}
   682   \begin{tabular}{ll}
   683   \isa{conjunction\ {\isacharcolon}{\isacharcolon}\ prop\ {\isasymRightarrow}\ prop\ {\isasymRightarrow}\ prop} & (infix \isa{{\isacharampersand}}) \\
   684   \isa{{\isasymturnstile}\ A\ {\isacharampersand}\ B\ {\isasymequiv}\ {\isacharparenleft}{\isasymAnd}C{\isachardot}\ {\isacharparenleft}A\ {\isasymLongrightarrow}\ B\ {\isasymLongrightarrow}\ C{\isacharparenright}\ {\isasymLongrightarrow}\ C{\isacharparenright}} \\[1ex]
   685   \isa{prop\ {\isacharcolon}{\isacharcolon}\ prop\ {\isasymRightarrow}\ prop} & (prefix \isa{{\isacharhash}}, suppressed) \\
   686   \isa{{\isacharhash}A\ {\isasymequiv}\ A} \\[1ex]
   687   \isa{term\ {\isacharcolon}{\isacharcolon}\ {\isasymalpha}\ {\isasymRightarrow}\ prop} & (prefix \isa{TERM}) \\
   688   \isa{term\ x\ {\isasymequiv}\ {\isacharparenleft}{\isasymAnd}A{\isachardot}\ A\ {\isasymLongrightarrow}\ A{\isacharparenright}} \\[1ex]
   689   \isa{TYPE\ {\isacharcolon}{\isacharcolon}\ {\isasymalpha}\ itself} & (prefix \isa{TYPE}) \\
   690   \isa{{\isacharparenleft}unspecified{\isacharparenright}} \\
   691   \end{tabular}
   692   \caption{Definitions of auxiliary connectives}\label{fig:pure-aux}
   693   \end{center}
   694   \end{figure}
   696   Derived conjunction rules include introduction \isa{A\ {\isasymLongrightarrow}\ B\ {\isasymLongrightarrow}\ A\ {\isacharampersand}\ B}, and destructions \isa{A\ {\isacharampersand}\ B\ {\isasymLongrightarrow}\ A} and \isa{A\ {\isacharampersand}\ B\ {\isasymLongrightarrow}\ B}.
   697   Conjunction allows to treat simultaneous assumptions and conclusions
   698   uniformly.  For example, multiple claims are intermediately
   699   represented as explicit conjunction, but this is refined into
   700   separate sub-goals before the user continues the proof; the final
   701   result is projected into a list of theorems (cf.\
   702   \secref{sec:tactical-goals}).
   704   The \isa{prop} marker (\isa{{\isacharhash}}) makes arbitrarily complex
   705   propositions appear as atomic, without changing the meaning: \isa{{\isasymGamma}\ {\isasymturnstile}\ A} and \isa{{\isasymGamma}\ {\isasymturnstile}\ {\isacharhash}A} are interchangeable.  See
   706   \secref{sec:tactical-goals} for specific operations.
   708   The \isa{term} marker turns any well-typed term into a derivable
   709   proposition: \isa{{\isasymturnstile}\ TERM\ t} holds unconditionally.  Although
   710   this is logically vacuous, it allows to treat terms and proofs
   711   uniformly, similar to a type-theoretic framework.
   713   The \isa{TYPE} constructor is the canonical representative of
   714   the unspecified type \isa{{\isasymalpha}\ itself}; it essentially injects the
   715   language of types into that of terms.  There is specific notation
   716   \isa{TYPE{\isacharparenleft}{\isasymtau}{\isacharparenright}} for \isa{TYPE\isactrlbsub {\isasymtau}\ itself\isactrlesub }.
   717   Although being devoid of any particular meaning, the \isa{TYPE{\isacharparenleft}{\isasymtau}{\isacharparenright}} accounts for the type \isa{{\isasymtau}} within the term
   718   language.  In particular, \isa{TYPE{\isacharparenleft}{\isasymalpha}{\isacharparenright}} may be used as formal
   719   argument in primitive definitions, in order to circumvent hidden
   720   polymorphism (cf.\ \secref{sec:terms}).  For example, \isa{c\ TYPE{\isacharparenleft}{\isasymalpha}{\isacharparenright}\ {\isasymequiv}\ A{\isacharbrackleft}{\isasymalpha}{\isacharbrackright}} defines \isa{c\ {\isacharcolon}{\isacharcolon}\ {\isasymalpha}\ itself\ {\isasymRightarrow}\ prop} in terms of
   721   a proposition \isa{A} that depends on an additional type
   722   argument, which is essentially a predicate on types.%
   723 \end{isamarkuptext}%
   724 \isamarkuptrue%
   725 %
   726 \isadelimmlref
   727 %
   728 \endisadelimmlref
   729 %
   730 \isatagmlref
   731 %
   732 \begin{isamarkuptext}%
   733 \begin{mldecls}
   734   \indexml{Conjunction.intr}\verb|Conjunction.intr: thm -> thm -> thm| \\
   735   \indexml{Conjunction.elim}\verb|Conjunction.elim: thm -> thm * thm| \\
   736   \indexml{\_term}\verb|Drule.mk_term: cterm -> thm| \\
   737   \indexml{Drule.dest\_term}\verb|Drule.dest_term: thm -> cterm| \\
   738   \indexml{\_type}\verb|Logic.mk_type: typ -> term| \\
   739   \indexml{Logic.dest\_type}\verb|Logic.dest_type: term -> typ| \\
   740   \end{mldecls}
   742   \begin{description}
   744   \item \verb|Conjunction.intr| derives \isa{A\ {\isacharampersand}\ B} from \isa{A} and \isa{B}.
   746   \item \verb|Conjunction.elim| derives \isa{A} and \isa{B}
   747   from \isa{A\ {\isacharampersand}\ B}.
   749   \item \verb|Drule.mk_term| derives \isa{TERM\ t}.
   751   \item \verb|Drule.dest_term| recovers term \isa{t} from \isa{TERM\ t}.
   753   \item \verb|Logic.mk_type|~\isa{{\isasymtau}} produces the term \isa{TYPE{\isacharparenleft}{\isasymtau}{\isacharparenright}}.
   755   \item \verb|Logic.dest_type|~\isa{TYPE{\isacharparenleft}{\isasymtau}{\isacharparenright}} recovers the type
   756   \isa{{\isasymtau}}.
   758   \end{description}%
   759 \end{isamarkuptext}%
   760 \isamarkuptrue%
   761 %
   762 \endisatagmlref
   763 {\isafoldmlref}%
   764 %
   765 \isadelimmlref
   766 %
   767 \endisadelimmlref
   768 %
   769 \isamarkupsection{Object-level rules \label{sec:obj-rules}%
   770 }
   771 \isamarkuptrue%
   772 %
   773 \isadelimFIXME
   774 %
   775 \endisadelimFIXME
   776 %
   777 \isatagFIXME
   778 %
   779 \begin{isamarkuptext}%
   780 FIXME
   782   A \emph{rule} is any Pure theorem in HHF normal form; there is a
   783   separate calculus for rule composition, which is modeled after
   784   Gentzen's Natural Deduction \cite{Gentzen:1935}, but allows
   785   rules to be nested arbitrarily, similar to \cite{extensions91}.
   787   Normally, all theorems accessible to the user are proper rules.
   788   Low-level inferences are occasional required internally, but the
   789   result should be always presented in canonical form.  The higher
   790   interfaces of Isabelle/Isar will always produce proper rules.  It is
   791   important to maintain this invariant in add-on applications!
   793   There are two main principles of rule composition: \isa{resolution} (i.e.\ backchaining of rules) and \isa{by{\isacharminus}assumption} (i.e.\ closing a branch); both principles are
   794   combined in the variants of \isa{elim{\isacharminus}resolution} and \isa{dest{\isacharminus}resolution}.  Raw \isa{composition} is occasionally
   795   useful as well, also it is strictly speaking outside of the proper
   796   rule calculus.
   798   Rules are treated modulo general higher-order unification, which is
   799   unification modulo the equational theory of \isa{{\isasymalpha}{\isasymbeta}{\isasymeta}}-conversion
   800   on \isa{{\isasymlambda}}-terms.  Moreover, propositions are understood modulo
   801   the (derived) equivalence \isa{{\isacharparenleft}A\ {\isasymLongrightarrow}\ {\isacharparenleft}{\isasymAnd}x{\isachardot}\ B\ x{\isacharparenright}{\isacharparenright}\ {\isasymequiv}\ {\isacharparenleft}{\isasymAnd}x{\isachardot}\ A\ {\isasymLongrightarrow}\ B\ x{\isacharparenright}}.
   803   This means that any operations within the rule calculus may be
   804   subject to spontaneous \isa{{\isasymalpha}{\isasymbeta}{\isasymeta}}-HHF conversions.  It is common
   805   practice not to contract or expand unnecessarily.  Some mechanisms
   806   prefer an one form, others the opposite, so there is a potential
   807   danger to produce some oscillation!
   809   Only few operations really work \emph{modulo} HHF conversion, but
   810   expect a normal form: quantifiers \isa{{\isasymAnd}} before implications
   811   \isa{{\isasymLongrightarrow}} at each level of nesting.
   813 \glossary{Hereditary Harrop Formula}{The set of propositions in HHF
   814 format is defined inductively as \isa{H\ {\isacharequal}\ {\isacharparenleft}{\isasymAnd}x\isactrlsup {\isacharasterisk}{\isachardot}\ H\isactrlsup {\isacharasterisk}\ {\isasymLongrightarrow}\ A{\isacharparenright}}, for variables \isa{x} and atomic propositions \isa{A}.
   815 Any proposition may be put into HHF form by normalizing with the rule
   816 \isa{{\isacharparenleft}A\ {\isasymLongrightarrow}\ {\isacharparenleft}{\isasymAnd}x{\isachardot}\ B\ x{\isacharparenright}{\isacharparenright}\ {\isasymequiv}\ {\isacharparenleft}{\isasymAnd}x{\isachardot}\ A\ {\isasymLongrightarrow}\ B\ x{\isacharparenright}}.  In Isabelle, the outermost
   817 quantifier prefix is represented via \seeglossary{schematic
   818 variables}, such that the top-level structure is merely that of a
   819 \seeglossary{Horn Clause}}.
   821 \glossary{HHF}{See \seeglossary{Hereditary Harrop Formula}.}
   824   \[
   825   \infer[\isa{{\isacharparenleft}assumption{\isacharparenright}}]{\isa{C{\isasymvartheta}}}
   826   {\isa{{\isacharparenleft}{\isasymAnd}\isactrlvec x{\isachardot}\ \isactrlvec H\ \isactrlvec x\ {\isasymLongrightarrow}\ A\ \isactrlvec x{\isacharparenright}\ {\isasymLongrightarrow}\ C} & \isa{A{\isasymvartheta}\ {\isacharequal}\ H\isactrlsub i{\isasymvartheta}}~~\text{(for some~\isa{i})}}
   827   \]
   830   \[
   831   \infer[\isa{{\isacharparenleft}compose{\isacharparenright}}]{\isa{\isactrlvec A{\isasymvartheta}\ {\isasymLongrightarrow}\ C{\isasymvartheta}}}
   832   {\isa{\isactrlvec A\ {\isasymLongrightarrow}\ B} & \isa{B{\isacharprime}\ {\isasymLongrightarrow}\ C} & \isa{B{\isasymvartheta}\ {\isacharequal}\ B{\isacharprime}{\isasymvartheta}}}
   833   \]
   836   \[
   837   \infer[\isa{{\isacharparenleft}{\isasymAnd}{\isacharunderscore}lift{\isacharparenright}}]{\isa{{\isacharparenleft}{\isasymAnd}\isactrlvec x{\isachardot}\ \isactrlvec A\ {\isacharparenleft}{\isacharquery}\isactrlvec a\ \isactrlvec x{\isacharparenright}{\isacharparenright}\ {\isasymLongrightarrow}\ {\isacharparenleft}{\isasymAnd}\isactrlvec x{\isachardot}\ B\ {\isacharparenleft}{\isacharquery}\isactrlvec a\ \isactrlvec x{\isacharparenright}{\isacharparenright}}}{\isa{\isactrlvec A\ {\isacharquery}\isactrlvec a\ {\isasymLongrightarrow}\ B\ {\isacharquery}\isactrlvec a}}
   838   \]
   839   \[
   840   \infer[\isa{{\isacharparenleft}{\isasymLongrightarrow}{\isacharunderscore}lift{\isacharparenright}}]{\isa{{\isacharparenleft}\isactrlvec H\ {\isasymLongrightarrow}\ \isactrlvec A{\isacharparenright}\ {\isasymLongrightarrow}\ {\isacharparenleft}\isactrlvec H\ {\isasymLongrightarrow}\ B{\isacharparenright}}}{\isa{\isactrlvec A\ {\isasymLongrightarrow}\ B}}
   841   \]
   843   The \isa{resolve} scheme is now acquired from \isa{{\isasymAnd}{\isacharunderscore}lift},
   844   \isa{{\isasymLongrightarrow}{\isacharunderscore}lift}, and \isa{compose}.
   846   \[
   847   \infer[\isa{{\isacharparenleft}resolution{\isacharparenright}}]
   848   {\isa{{\isacharparenleft}{\isasymAnd}\isactrlvec x{\isachardot}\ \isactrlvec H\ \isactrlvec x\ {\isasymLongrightarrow}\ \isactrlvec A\ {\isacharparenleft}{\isacharquery}\isactrlvec a\ \isactrlvec x{\isacharparenright}{\isacharparenright}{\isasymvartheta}\ {\isasymLongrightarrow}\ C{\isasymvartheta}}}
   849   {\begin{tabular}{l}
   850     \isa{\isactrlvec A\ {\isacharquery}\isactrlvec a\ {\isasymLongrightarrow}\ B\ {\isacharquery}\isactrlvec a} \\
   851     \isa{{\isacharparenleft}{\isasymAnd}\isactrlvec x{\isachardot}\ \isactrlvec H\ \isactrlvec x\ {\isasymLongrightarrow}\ B{\isacharprime}\ \isactrlvec x{\isacharparenright}\ {\isasymLongrightarrow}\ C} \\
   852     \isa{{\isacharparenleft}{\isasymlambda}\isactrlvec x{\isachardot}\ B\ {\isacharparenleft}{\isacharquery}\isactrlvec a\ \isactrlvec x{\isacharparenright}{\isacharparenright}{\isasymvartheta}\ {\isacharequal}\ B{\isacharprime}{\isasymvartheta}} \\
   853    \end{tabular}}
   854   \]
   857   FIXME \isa{elim{\isacharunderscore}resolution}, \isa{dest{\isacharunderscore}resolution}%
   858 \end{isamarkuptext}%
   859 \isamarkuptrue%
   860 %
   861 \endisatagFIXME
   862 {\isafoldFIXME}%
   863 %
   864 \isadelimFIXME
   865 %
   866 \endisadelimFIXME
   867 %
   868 \isadelimtheory
   869 %
   870 \endisadelimtheory
   871 %
   872 \isatagtheory
   873 \isacommand{end}\isamarkupfalse%
   874 %
   875 \endisatagtheory
   876 {\isafoldtheory}%
   877 %
   878 \isadelimtheory
   879 %
   880 \endisadelimtheory
   881 \isanewline
   882 \end{isabellebody}%
   883 %%% Local Variables:
   884 %%% mode: latex
   885 %%% TeX-master: "root"
   886 %%% End: