143 of five components: rewrite rules, congruence rules, the subgoaler, the |
143 of five components: rewrite rules, congruence rules, the subgoaler, the |
144 solver and the looper. The simplifier should be set up with sensible |
144 solver and the looper. The simplifier should be set up with sensible |
145 defaults so that most simplifier calls specify only rewrite rules. |
145 defaults so that most simplifier calls specify only rewrite rules. |
146 Experienced users can exploit the other components to streamline proofs. |
146 Experienced users can exploit the other components to streamline proofs. |
147 |
147 |
148 Logics like \HOL, which support a current simpset\index{simpset!current}, |
148 Logics like \HOL, which support a current |
149 store its value in an ML reference variable usually called {\tt |
149 simpset\index{simpset!current}, store its value in an ML reference |
150 simpset}\index{simpset@{\tt simpset} ML value}. It can be accessed via |
150 variable called {\tt simpset}\index{simpset@{\tt simpset} ML value}. |
151 {\tt!simpset} and updated via {\tt simpset := \dots}. |
|
152 |
151 |
153 \subsection{Rewrite rules} |
152 \subsection{Rewrite rules} |
154 \index{rewrite rules|(} |
153 \index{rewrite rules|(} |
155 Rewrite rules are theorems expressing some form of equality: |
154 Rewrite rules are theorems expressing some form of equality: |
156 \begin{eqnarray*} |
155 \begin{eqnarray*} |
157 Suc(\Var{m}) + \Var{n} &=& \Var{m} + Suc(\Var{n}) \\ |
156 Suc(\Var{m}) + \Var{n} &=& \Var{m} + Suc(\Var{n}) \\ |
158 \Var{P}\conj\Var{P} &\bimp& \Var{P} \\ |
157 \Var{P}\conj\Var{P} &\bimp& \Var{P} \\ |
159 \Var{A} \un \Var{B} &\equiv& \{x.x\in \Var{A} \disj x\in \Var{B}\} |
158 \Var{A} \un \Var{B} &\equiv& \{x.x\in \Var{A} \disj x\in \Var{B}\} |
160 \end{eqnarray*} |
159 \end{eqnarray*} |
161 Conditional rewrites such as $\Var{m}<\Var{n} \Imp \Var{m}/\Var{n} = |
160 Conditional rewrites such as $\Var{m}<\Var{n} \Imp \Var{m}/\Var{n} = |
162 0$ are permitted; the conditions can be arbitrary terms. |
161 0$ are permitted; the conditions can be arbitrary formulas. |
163 |
162 |
164 Internally, all rewrite rules are translated into meta-equalities, theorems |
163 Internally, all rewrite rules are translated into meta-equalities, theorems |
165 with conclusion $lhs \equiv rhs$. Each simpset contains a function for |
164 with conclusion $lhs \equiv rhs$. Each simpset contains a function for |
166 extracting equalities from arbitrary theorems. For example, |
165 extracting equalities from arbitrary theorems. For example, |
167 $\neg(\Var{x}\in \{\})$ could be turned into $\Var{x}\in \{\} \equiv |
166 $\neg(\Var{x}\in \{\})$ could be turned into $\Var{x}\in \{\} \equiv |
270 The solver is a pair of tactics that attempt to solve a subgoal after |
269 The solver is a pair of tactics that attempt to solve a subgoal after |
271 simplification. Typically it just proves trivial subgoals such as {\tt |
270 simplification. Typically it just proves trivial subgoals such as {\tt |
272 True} and $t=t$. It could use sophisticated means such as {\tt |
271 True} and $t=t$. It could use sophisticated means such as {\tt |
273 fast_tac}, though that could make simplification expensive. |
272 fast_tac}, though that could make simplification expensive. |
274 |
273 |
275 Rewriting does not instantiate unknowns. For example, rewriting cannot |
274 Rewriting does not instantiate unknowns. For example, rewriting |
276 prove $a\in \Var{A}$ since this requires instantiating~$\Var{A}$. The |
275 cannot prove $a\in \Var{A}$ since this requires |
277 solver, however, is an arbitrary tactic and may instantiate unknowns as it |
276 instantiating~$\Var{A}$. The solver, however, is an arbitrary tactic |
278 pleases. This is the only way the simplifier can handle a conditional |
277 and may instantiate unknowns as it pleases. This is the only way the |
279 rewrite rule whose condition contains extra variables. When a simplification |
278 simplifier can handle a conditional rewrite rule whose condition |
280 tactic is to be combined with other provers, especially with the classical |
279 contains extra variables. When a simplification tactic is to be |
281 reasoner, it is important whether it can be considered safe or not. Therefore, |
280 combined with other provers, especially with the classical reasoner, |
282 the solver is split into a safe and anunsafe part. Both parts can be set |
281 it is important whether it can be considered safe or not. Therefore, |
283 independently of each other using |
282 the solver is split into a safe and an unsafe part. Both parts can be |
284 \ttindex{setSSolver} (with a safe tactic as argument) and \ttindex{setSolver} |
283 set independently, using either \ttindex{setSSolver} with a safe |
285 (with an unsafe tactic) . Additional solvers, which are tried after the already |
284 tactic as argument, or \ttindex{setSolver} with an unsafe tactic. |
286 set solvers, may be added using \ttindex{addSSolver} and \ttindex{addSolver}. |
285 Additional solvers, which are tried after the already set solvers, may |
287 |
286 be added using \ttindex{addSSolver} and \ttindex{addSolver}. |
288 The standard simplification procedures uses solely the unsafe solver, which is |
287 |
289 appropriate in most cases. But for special applications, where the simplification |
288 The standard simplification strategy solely uses the unsafe solver, |
290 process is not allowed to instantiate unknowns within the goal, the tactic |
289 which is appropriate in most cases. But for special applications where |
291 \ttindexbold{safe_asm_full_simp_tac} is provided. Like {\tt asm_full_simp_tac}, |
290 the simplification process is not allowed to instantiate unknowns |
292 it uses the unsafe solver for any embedded simplification steps |
291 within the goal, the tactic \ttindexbold{safe_asm_full_simp_tac} is |
293 (i.e. for solving subgoals created by the subgoaler), |
292 provided. It uses the \emph{safe} solver for the current subgoal, but |
294 but for the current subgoal, it applies the safe solver. |
293 applies ordinary unsafe {\tt asm_full_simp_tac} for recursive internal |
|
294 simplifications (for conditional rules or congruences). |
295 |
295 |
296 \index{assumptions!in simplification} |
296 \index{assumptions!in simplification} |
297 The tactic is presented with the full goal, including the asssumptions. |
297 The tactic is presented with the full goal, including the asssumptions. |
298 Hence it can use those assumptions (say by calling {\tt assume_tac}) even |
298 Hence it can use those assumptions (say by calling {\tt assume_tac}) even |
299 inside {\tt simp_tac}, which otherwise does not use assumptions. The |
299 inside {\tt simp_tac}, which otherwise does not use assumptions. The |
306 should call the simplifier at some point. The simplifier will then call the |
306 should call the simplifier at some point. The simplifier will then call the |
307 solver, which must therefore be prepared to solve goals of the form $t = |
307 solver, which must therefore be prepared to solve goals of the form $t = |
308 \Var{x}$, usually by reflexivity. In particular, reflexivity should be |
308 \Var{x}$, usually by reflexivity. In particular, reflexivity should be |
309 tried before any of the fancy tactics like {\tt fast_tac}. |
309 tried before any of the fancy tactics like {\tt fast_tac}. |
310 |
310 |
311 It may even happen that, due to simplification, the subgoal is no longer an |
311 It may even happen that due to simplification the subgoal is no longer |
312 equality. For example $False \bimp \Var{Q}$ could be rewritten to |
312 an equality. For example $False \bimp \Var{Q}$ could be rewritten to |
313 $\neg\Var{Q}$. To cover this case, the solver could try resolving with the |
313 $\neg\Var{Q}$. To cover this case, the solver could try resolving |
314 theorem $\neg False$. |
314 with the theorem $\neg False$. |
315 |
315 |
316 \begin{warn} |
316 \begin{warn} |
317 If the simplifier aborts with the message {\tt Failed congruence proof!}, |
317 If the simplifier aborts with the message {\tt Failed congruence |
318 then the subgoaler or solver has failed to prove a premise of a |
318 proof!}, then the subgoaler or solver has failed to prove a |
319 congruence rule. This should never occur; it indicates that some |
319 premise of a congruence rule. This should never occur under normal |
320 congruence rule, or possibly the subgoaler or solver, is faulty. |
320 circumstances; it indicates that some congruence rule, or possibly |
|
321 the subgoaler or solver, is faulty. |
321 \end{warn} |
322 \end{warn} |
322 |
323 |
323 |
324 |
324 \subsection{*The looper} |
325 \subsection{*The looper} |
325 The looper is a tactic that is applied after simplification, in case the |
326 The looper is a tactic that is applied after simplification, in case the |
661 (x-z)-y$ in arithmetic and $insert(x,insert(y,A)) = insert(y,insert(x,A))$ |
662 (x-z)-y$ in arithmetic and $insert(x,insert(y,A)) = insert(y,insert(x,A))$ |
662 for sets. Such rules are common enough to merit special attention. |
663 for sets. Such rules are common enough to merit special attention. |
663 |
664 |
664 Because ordinary rewriting loops given such rules, the simplifier employs a |
665 Because ordinary rewriting loops given such rules, the simplifier employs a |
665 special strategy, called {\bf ordered rewriting}\index{rewriting!ordered}. |
666 special strategy, called {\bf ordered rewriting}\index{rewriting!ordered}. |
666 There is a built-in lexicographic ordering on terms. A permutative rewrite |
667 There is a standard lexicographic ordering on terms. A permutative rewrite |
667 rule is applied only if it decreases the given term with respect to this |
668 rule is applied only if it decreases the given term with respect to this |
668 ordering. For example, commutativity rewrites~$b+a$ to $a+b$, but then |
669 ordering. For example, commutativity rewrites~$b+a$ to $a+b$, but then |
669 stops because $a+b$ is strictly less than $b+a$. The Boyer-Moore theorem |
670 stops because $a+b$ is strictly less than $b+a$. The Boyer-Moore theorem |
670 prover~\cite{bm88book} also employs ordered rewriting. |
671 prover~\cite{bm88book} also employs ordered rewriting. |
671 |
672 |
690 (b+c)+a \maps{A} b+(c+a) \maps{C} b+(a+c) \maps{LC} a+(b+c) \] |
691 (b+c)+a \maps{A} b+(c+a) \maps{C} b+(a+c) \maps{LC} a+(b+c) \] |
691 Martin and Nipkow~\cite{martin-nipkow} discuss the theory and give many |
692 Martin and Nipkow~\cite{martin-nipkow} discuss the theory and give many |
692 examples; other algebraic structures are amenable to ordered rewriting, |
693 examples; other algebraic structures are amenable to ordered rewriting, |
693 such as boolean rings. |
694 such as boolean rings. |
694 |
695 |
695 \subsection{Example: sums of integers} |
696 \subsection{Example: sums of natural numbers} |
696 This example is set in Isabelle's higher-order logic. Theory |
697 This example is set in \HOL\ (see \texttt{HOL/ex/NatSum}). Theory |
697 \thydx{Arith} contains the theory of arithmetic. The simpset {\tt |
698 \thydx{Arith} contains natural numbers arithmetic. Its associated |
698 arith_ss} contains many arithmetic laws including distributivity |
699 simpset contains many arithmetic laws including distributivity |
699 of~$\times$ over~$+$, while {\tt add_ac} is a list consisting of the A, C |
700 of~$\times$ over~$+$, while {\tt add_ac} is a list consisting of the |
700 and LC laws for~$+$. Let us prove the theorem |
701 A, C and LC laws for~$+$ on type \texttt{nat}. Let us prove the |
|
702 theorem |
701 \[ \sum@{i=1}^n i = n\times(n+1)/2. \] |
703 \[ \sum@{i=1}^n i = n\times(n+1)/2. \] |
702 % |
704 % |
703 A functional~{\tt sum} represents the summation operator under the |
705 A functional~{\tt sum} represents the summation operator under the |
704 interpretation ${\tt sum}(f,n+1) = \sum@{i=0}^n f(i)$. We extend {\tt |
706 interpretation ${\tt sum} \, f \, (n + 1) = \sum@{i=0}^n f\,i$. We |
705 Arith} using a theory file: |
707 extend {\tt Arith} using a theory file: |
706 \begin{ttbox} |
708 \begin{ttbox} |
707 NatSum = Arith + |
709 NatSum = Arith + |
708 consts sum :: [nat=>nat, nat] => nat |
710 consts sum :: [nat=>nat, nat] => nat |
709 rules sum_0 "sum(f,0) = 0" |
711 rules sum_0 "sum f 0 = 0" |
710 sum_Suc "sum(f,Suc(n)) = f(n) + sum(f,n)" |
712 sum_Suc "sum f (Suc n) = f n + sum f n" |
711 end |
713 end |
712 \end{ttbox} |
714 \end{ttbox} |
713 After declaring {\tt open NatSum}, we make the required simpset by adding |
715 We make the required simpset by adding the AC-rules for~$+$ and the |
714 the AC-rules for~$+$ and the axioms for~{\tt sum}: |
716 axioms for~{\tt sum}: |
715 \begin{ttbox} |
717 \begin{ttbox} |
716 val natsum_ss = arith_ss addsimps ([sum_0,sum_Suc] \at add_ac); |
718 val natsum_ss = simpset_of "Arith" addsimps ([sum_0,sum_Suc] \at add_ac); |
717 {\out val natsum_ss = SS \{\ldots\} : simpset} |
719 {\out val natsum_ss = \ldots : simpset} |
718 \end{ttbox} |
720 \end{ttbox} |
719 Our desired theorem now reads ${\tt sum}(\lambda i.i,n+1) = |
721 Our desired theorem now reads ${\tt sum} \, (\lambda i.i) \, (n+1) = |
720 n\times(n+1)/2$. The Isabelle goal has both sides multiplied by~$2$: |
722 n\times(n+1)/2$. The Isabelle goal has both sides multiplied by~$2$: |
721 \begin{ttbox} |
723 \begin{ttbox} |
722 goal NatSum.thy "Suc(Suc(0))*sum(\%i.i,Suc(n)) = n*Suc(n)"; |
724 goal NatSum.thy "2 * sum (\%i.i) (Suc n) = n * Suc n"; |
723 {\out Level 0} |
725 {\out Level 0} |
724 {\out Suc(Suc(0)) * sum(\%i. i, Suc(n)) = n * Suc(n)} |
726 {\out 2 * sum (\%i. i) (Suc n) = n * Suc n} |
725 {\out 1. Suc(Suc(0)) * sum(\%i. i, Suc(n)) = n * Suc(n)} |
727 {\out 1. 2 * sum (\%i. i) (Suc n) = n * Suc n} |
726 \end{ttbox} |
728 \end{ttbox} |
727 Induction should not be applied until the goal is in the simplest form: |
729 Induction should not be applied until the goal is in the simplest |
|
730 form: |
728 \begin{ttbox} |
731 \begin{ttbox} |
729 by (simp_tac natsum_ss 1); |
732 by (simp_tac natsum_ss 1); |
730 {\out Level 1} |
733 {\out Level 1} |
731 {\out Suc(Suc(0)) * sum(\%i. i, Suc(n)) = n * Suc(n)} |
734 {\out 2 * sum (\%i. i) (Suc n) = n * Suc n} |
732 {\out 1. n + (n + (sum(\%i. i, n) + sum(\%i. i, n))) = n + n * n} |
735 {\out 1. n + (sum (\%i. i) n + sum (\%i. i) n) = n * n} |
733 \end{ttbox} |
736 \end{ttbox} |
734 Ordered rewriting has sorted the terms in the left-hand side. |
737 Ordered rewriting has sorted the terms in the left-hand side. The |
735 The subgoal is now ready for induction: |
738 subgoal is now ready for induction: |
736 \begin{ttbox} |
739 \begin{ttbox} |
737 by (nat_ind_tac "n" 1); |
740 by (nat_ind_tac "n" 1); |
738 {\out Level 2} |
741 {\out Level 2} |
739 {\out Suc(Suc(0)) * sum(\%i. i, Suc(n)) = n * Suc(n)} |
742 {\out 2 * sum (\%i. i) (Suc n) = n * Suc n} |
740 {\out 1. 0 + (0 + (sum(\%i. i, 0) + sum(\%i. i, 0))) = 0 + 0 * 0} |
743 {\out 1. 0 + (sum (\%i. i) 0 + sum (\%i. i) 0) = 0 * 0} |
741 \ttbreak |
744 \ttbreak |
742 {\out 2. !!n1. n1 + (n1 + (sum(\%i. i, n1) + sum(\%i. i, n1))) =} |
745 {\out 2. !!n1. n1 + (sum (\%i. i) n1 + sum (\%i. i) n1) = n1 * n1} |
743 {\out n1 + n1 * n1 ==>} |
746 {\out ==> Suc n1 + (sum (\%i. i) (Suc n1) + sum (\%i. i) (Suc n1)) =} |
744 {\out Suc(n1) +} |
747 {\out Suc n1 * Suc n1} |
745 {\out (Suc(n1) + (sum(\%i. i, Suc(n1)) + sum(\%i. i, Suc(n1)))) =} |
|
746 {\out Suc(n1) + Suc(n1) * Suc(n1)} |
|
747 \end{ttbox} |
748 \end{ttbox} |
748 Simplification proves both subgoals immediately:\index{*ALLGOALS} |
749 Simplification proves both subgoals immediately:\index{*ALLGOALS} |
749 \begin{ttbox} |
750 \begin{ttbox} |
750 by (ALLGOALS (asm_simp_tac natsum_ss)); |
751 by (ALLGOALS (asm_simp_tac natsum_ss)); |
751 {\out Level 3} |
752 {\out Level 3} |
752 {\out Suc(Suc(0)) * sum(\%i. i, Suc(n)) = n * Suc(n)} |
753 {\out 2 * sum (\%i. i) (Suc n) = n * Suc n} |
753 {\out No subgoals!} |
754 {\out No subgoals!} |
754 \end{ttbox} |
755 \end{ttbox} |
755 If we had omitted {\tt add_ac} from the simpset, simplification would have |
756 If we had omitted {\tt add_ac} from the simpset, simplification would have |
756 failed to prove the induction step: |
757 failed to prove the induction step: |
757 \begin{ttbox} |
758 \begin{ttbox} |
758 Suc(Suc(0)) * sum(\%i. i, Suc(n)) = n * Suc(n) |
759 2 * sum (\%i. i) (Suc n) = n * Suc n |
759 1. !!n1. n1 + (n1 + (sum(\%i. i, n1) + sum(\%i. i, n1))) = |
760 1. !!n1. n1 + sum (\%i. i) n1 + (n1 + sum (\%i. i) n1) = n1 + n1 * n1 |
760 n1 + n1 * n1 ==> |
761 ==> n1 + (n1 + sum (\%i. i) n1) + (n1 + (n1 + sum (\%i. i) n1)) = |
761 n1 + (n1 + (n1 + sum(\%i. i, n1) + (n1 + sum(\%i. i, n1)))) = |
762 n1 + (n1 + (n1 + n1 * n1)) |
762 n1 + (n1 + (n1 + n1 * n1)) |
|
763 \end{ttbox} |
763 \end{ttbox} |
764 Ordered rewriting proves this by sorting the left-hand side. Proving |
764 Ordered rewriting proves this by sorting the left-hand side. Proving |
765 arithmetic theorems without ordered rewriting requires explicit use of |
765 arithmetic theorems without ordered rewriting requires explicit use of |
766 commutativity. This is tedious; try it and see! |
766 commutativity. This is tedious; try it and see! |
767 |
767 |