7 chapter \<open>Structured proofs\<close> |
7 chapter \<open>Structured proofs\<close> |
8 |
8 |
9 section \<open>Variables \label{sec:variables}\<close> |
9 section \<open>Variables \label{sec:variables}\<close> |
10 |
10 |
11 text \<open> |
11 text \<open> |
12 Any variable that is not explicitly bound by \<open>\<lambda>\<close>-abstraction |
12 Any variable that is not explicitly bound by \<open>\<lambda>\<close>-abstraction is considered |
13 is considered as ``free''. Logically, free variables act like |
13 as ``free''. Logically, free variables act like outermost universal |
14 outermost universal quantification at the sequent level: \<open>A\<^sub>1(x), \<dots>, A\<^sub>n(x) \<turnstile> B(x)\<close> means that the result |
14 quantification at the sequent level: \<open>A\<^sub>1(x), \<dots>, A\<^sub>n(x) \<turnstile> B(x)\<close> means that |
15 holds \<^emph>\<open>for all\<close> values of \<open>x\<close>. Free variables for |
15 the result holds \<^emph>\<open>for all\<close> values of \<open>x\<close>. Free variables for terms (not |
16 terms (not types) can be fully internalized into the logic: \<open>\<turnstile> B(x)\<close> and \<open>\<turnstile> \<And>x. B(x)\<close> are interchangeable, provided |
16 types) can be fully internalized into the logic: \<open>\<turnstile> B(x)\<close> and \<open>\<turnstile> \<And>x. B(x)\<close> |
17 that \<open>x\<close> does not occur elsewhere in the context. |
17 are interchangeable, provided that \<open>x\<close> does not occur elsewhere in the |
18 Inspecting \<open>\<turnstile> \<And>x. B(x)\<close> more closely, we see that inside the |
18 context. Inspecting \<open>\<turnstile> \<And>x. B(x)\<close> more closely, we see that inside the |
19 quantifier, \<open>x\<close> is essentially ``arbitrary, but fixed'', |
19 quantifier, \<open>x\<close> is essentially ``arbitrary, but fixed'', while from outside |
20 while from outside it appears as a place-holder for instantiation |
20 it appears as a place-holder for instantiation (thanks to \<open>\<And>\<close> elimination). |
21 (thanks to \<open>\<And>\<close> elimination). |
21 |
22 |
22 The Pure logic represents the idea of variables being either inside or |
23 The Pure logic represents the idea of variables being either inside |
23 outside the current scope by providing separate syntactic categories for |
24 or outside the current scope by providing separate syntactic |
24 \<^emph>\<open>fixed variables\<close> (e.g.\ \<open>x\<close>) vs.\ \<^emph>\<open>schematic variables\<close> (e.g.\ \<open>?x\<close>). |
25 categories for \<^emph>\<open>fixed variables\<close> (e.g.\ \<open>x\<close>) vs.\ |
25 Incidently, a universal result \<open>\<turnstile> \<And>x. B(x)\<close> has the HHF normal form \<open>\<turnstile> |
26 \<^emph>\<open>schematic variables\<close> (e.g.\ \<open>?x\<close>). Incidently, a |
26 B(?x)\<close>, which represents its generality without requiring an explicit |
27 universal result \<open>\<turnstile> \<And>x. B(x)\<close> has the HHF normal form \<open>\<turnstile> B(?x)\<close>, which represents its generality without requiring an |
27 quantifier. The same principle works for type variables: \<open>\<turnstile> B(?\<alpha>)\<close> |
28 explicit quantifier. The same principle works for type variables: |
28 represents the idea of ``\<open>\<turnstile> \<forall>\<alpha>. B(\<alpha>)\<close>'' without demanding a truly |
29 \<open>\<turnstile> B(?\<alpha>)\<close> represents the idea of ``\<open>\<turnstile> \<forall>\<alpha>. B(\<alpha>)\<close>'' |
29 polymorphic framework. |
30 without demanding a truly polymorphic framework. |
30 |
31 |
31 \<^medskip> |
32 \<^medskip> |
32 Additional care is required to treat type variables in a way that |
33 Additional care is required to treat type variables in a |
33 facilitates type-inference. In principle, term variables depend on type |
34 way that facilitates type-inference. In principle, term variables |
34 variables, which means that type variables would have to be declared first. |
35 depend on type variables, which means that type variables would have |
35 For example, a raw type-theoretic framework would demand the context to be |
36 to be declared first. For example, a raw type-theoretic framework |
36 constructed in stages as follows: \<open>\<Gamma> = \<alpha>: type, x: \<alpha>, a: A(x\<^sub>\<alpha>)\<close>. |
37 would demand the context to be constructed in stages as follows: |
37 |
38 \<open>\<Gamma> = \<alpha>: type, x: \<alpha>, a: A(x\<^sub>\<alpha>)\<close>. |
38 We allow a slightly less formalistic mode of operation: term variables \<open>x\<close> |
39 |
39 are fixed without specifying a type yet (essentially \<^emph>\<open>all\<close> potential |
40 We allow a slightly less formalistic mode of operation: term |
40 occurrences of some instance \<open>x\<^sub>\<tau>\<close> are fixed); the first occurrence of \<open>x\<close> |
41 variables \<open>x\<close> are fixed without specifying a type yet |
|
42 (essentially \<^emph>\<open>all\<close> potential occurrences of some instance |
|
43 \<open>x\<^sub>\<tau>\<close> are fixed); the first occurrence of \<open>x\<close> |
|
44 within a specific term assigns its most general type, which is then |
41 within a specific term assigns its most general type, which is then |
45 maintained consistently in the context. The above example becomes |
42 maintained consistently in the context. The above example becomes \<open>\<Gamma> = x: |
46 \<open>\<Gamma> = x: term, \<alpha>: type, A(x\<^sub>\<alpha>)\<close>, where type \<open>\<alpha>\<close> is fixed \<^emph>\<open>after\<close> term \<open>x\<close>, and the constraint |
43 term, \<alpha>: type, A(x\<^sub>\<alpha>)\<close>, where type \<open>\<alpha>\<close> is fixed \<^emph>\<open>after\<close> term \<open>x\<close>, and the |
47 \<open>x :: \<alpha>\<close> is an implicit consequence of the occurrence of |
44 constraint \<open>x :: \<alpha>\<close> is an implicit consequence of the occurrence of \<open>x\<^sub>\<alpha>\<close> in |
48 \<open>x\<^sub>\<alpha>\<close> in the subsequent proposition. |
45 the subsequent proposition. |
49 |
46 |
50 This twist of dependencies is also accommodated by the reverse |
47 This twist of dependencies is also accommodated by the reverse operation of |
51 operation of exporting results from a context: a type variable |
48 exporting results from a context: a type variable \<open>\<alpha>\<close> is considered fixed as |
52 \<open>\<alpha>\<close> is considered fixed as long as it occurs in some fixed |
49 long as it occurs in some fixed term variable of the context. For example, |
53 term variable of the context. For example, exporting \<open>x: |
50 exporting \<open>x: term, \<alpha>: type \<turnstile> x\<^sub>\<alpha> \<equiv> x\<^sub>\<alpha>\<close> produces in the first step \<open>x: term |
54 term, \<alpha>: type \<turnstile> x\<^sub>\<alpha> \<equiv> x\<^sub>\<alpha>\<close> produces in the first step \<open>x: term |
51 \<turnstile> x\<^sub>\<alpha> \<equiv> x\<^sub>\<alpha>\<close> for fixed \<open>\<alpha>\<close>, and only in the second step \<open>\<turnstile> ?x\<^sub>?\<^sub>\<alpha> \<equiv> ?x\<^sub>?\<^sub>\<alpha>\<close> |
55 \<turnstile> x\<^sub>\<alpha> \<equiv> x\<^sub>\<alpha>\<close> for fixed \<open>\<alpha>\<close>, and only in the second step |
52 for schematic \<open>?x\<close> and \<open>?\<alpha>\<close>. The following Isar source text illustrates this |
56 \<open>\<turnstile> ?x\<^sub>?\<^sub>\<alpha> \<equiv> ?x\<^sub>?\<^sub>\<alpha>\<close> for schematic \<open>?x\<close> and \<open>?\<alpha>\<close>. |
53 scenario. |
57 The following Isar source text illustrates this scenario. |
|
58 \<close> |
54 \<close> |
59 |
55 |
60 notepad |
56 notepad |
61 begin |
57 begin |
62 { |
58 { |
68 thm this \<comment> \<open>result still with fixed type \<open>'a\<close>\<close> |
64 thm this \<comment> \<open>result still with fixed type \<open>'a\<close>\<close> |
69 } |
65 } |
70 thm this \<comment> \<open>fully general result for arbitrary \<open>?x::?'a\<close>\<close> |
66 thm this \<comment> \<open>fully general result for arbitrary \<open>?x::?'a\<close>\<close> |
71 end |
67 end |
72 |
68 |
73 text \<open>The Isabelle/Isar proof context manages the details of term |
69 text \<open> |
74 vs.\ type variables, with high-level principles for moving the |
70 The Isabelle/Isar proof context manages the details of term vs.\ type |
75 frontier between fixed and schematic variables. |
71 variables, with high-level principles for moving the frontier between fixed |
76 |
72 and schematic variables. |
77 The \<open>add_fixes\<close> operation explicitly declares fixed |
73 |
78 variables; the \<open>declare_term\<close> operation absorbs a term into |
74 The \<open>add_fixes\<close> operation explicitly declares fixed variables; the |
79 a context by fixing new type variables and adding syntactic |
75 \<open>declare_term\<close> operation absorbs a term into a context by fixing new type |
80 constraints. |
76 variables and adding syntactic constraints. |
81 |
77 |
82 The \<open>export\<close> operation is able to perform the main work of |
78 The \<open>export\<close> operation is able to perform the main work of generalizing term |
83 generalizing term and type variables as sketched above, assuming |
79 and type variables as sketched above, assuming that fixing variables and |
84 that fixing variables and terms have been declared properly. |
80 terms have been declared properly. |
85 |
81 |
86 There \<open>import\<close> operation makes a generalized fact a genuine |
82 There \<open>import\<close> operation makes a generalized fact a genuine part of the |
87 part of the context, by inventing fixed variables for the schematic |
83 context, by inventing fixed variables for the schematic ones. The effect can |
88 ones. The effect can be reversed by using \<open>export\<close> later, |
84 be reversed by using \<open>export\<close> later, potentially with an extended context; |
89 potentially with an extended context; the result is equivalent to |
85 the result is equivalent to the original modulo renaming of schematic |
90 the original modulo renaming of schematic variables. |
86 variables. |
91 |
87 |
92 The \<open>focus\<close> operation provides a variant of \<open>import\<close> |
88 The \<open>focus\<close> operation provides a variant of \<open>import\<close> for nested propositions |
93 for nested propositions (with explicit quantification): \<open>\<And>x\<^sub>1 \<dots> x\<^sub>n. B(x\<^sub>1, \<dots>, x\<^sub>n)\<close> is |
89 (with explicit quantification): \<open>\<And>x\<^sub>1 \<dots> x\<^sub>n. B(x\<^sub>1, \<dots>, x\<^sub>n)\<close> is decomposed |
94 decomposed by inventing fixed variables \<open>x\<^sub>1, \<dots>, |
90 by inventing fixed variables \<open>x\<^sub>1, \<dots>, x\<^sub>n\<close> for the body. |
95 x\<^sub>n\<close> for the body. |
|
96 \<close> |
91 \<close> |
97 |
92 |
98 text %mlref \<open> |
93 text %mlref \<open> |
99 \begin{mldecls} |
94 \begin{mldecls} |
100 @{index_ML Variable.add_fixes: " |
95 @{index_ML Variable.add_fixes: " |
109 ((((indexname * sort) * ctyp) list * ((indexname * typ) * cterm) list) * thm list) * Proof.context"} \\ |
104 ((((indexname * sort) * ctyp) list * ((indexname * typ) * cterm) list) * thm list) * Proof.context"} \\ |
110 @{index_ML Variable.focus: "binding list option -> term -> Proof.context -> |
105 @{index_ML Variable.focus: "binding list option -> term -> Proof.context -> |
111 ((string * (string * typ)) list * term) * Proof.context"} \\ |
106 ((string * (string * typ)) list * term) * Proof.context"} \\ |
112 \end{mldecls} |
107 \end{mldecls} |
113 |
108 |
114 \<^descr> @{ML Variable.add_fixes}~\<open>xs ctxt\<close> fixes term |
109 \<^descr> @{ML Variable.add_fixes}~\<open>xs ctxt\<close> fixes term variables \<open>xs\<close>, returning |
115 variables \<open>xs\<close>, returning the resulting internal names. By |
110 the resulting internal names. By default, the internal representation |
116 default, the internal representation coincides with the external |
111 coincides with the external one, which also means that the given variables |
117 one, which also means that the given variables must not be fixed |
112 must not be fixed already. There is a different policy within a local proof |
118 already. There is a different policy within a local proof body: the |
113 body: the given names are just hints for newly invented Skolem variables. |
119 given names are just hints for newly invented Skolem variables. |
114 |
120 |
115 \<^descr> @{ML Variable.variant_fixes} is similar to @{ML Variable.add_fixes}, but |
121 \<^descr> @{ML Variable.variant_fixes} is similar to @{ML |
116 always produces fresh variants of the given names. |
122 Variable.add_fixes}, but always produces fresh variants of the given |
117 |
123 names. |
118 \<^descr> @{ML Variable.declare_term}~\<open>t ctxt\<close> declares term \<open>t\<close> to belong to the |
124 |
119 context. This automatically fixes new type variables, but not term |
125 \<^descr> @{ML Variable.declare_term}~\<open>t ctxt\<close> declares term |
120 variables. Syntactic constraints for type and term variables are declared |
126 \<open>t\<close> to belong to the context. This automatically fixes new |
121 uniformly, though. |
127 type variables, but not term variables. Syntactic constraints for |
122 |
128 type and term variables are declared uniformly, though. |
123 \<^descr> @{ML Variable.declare_constraints}~\<open>t ctxt\<close> declares syntactic constraints |
129 |
124 from term \<open>t\<close>, without making it part of the context yet. |
130 \<^descr> @{ML Variable.declare_constraints}~\<open>t ctxt\<close> declares |
125 |
131 syntactic constraints from term \<open>t\<close>, without making it part |
126 \<^descr> @{ML Variable.export}~\<open>inner outer thms\<close> generalizes fixed type and term |
132 of the context yet. |
127 variables in \<open>thms\<close> according to the difference of the \<open>inner\<close> and \<open>outer\<close> |
133 |
128 context, following the principles sketched above. |
134 \<^descr> @{ML Variable.export}~\<open>inner outer thms\<close> generalizes |
129 |
135 fixed type and term variables in \<open>thms\<close> according to the |
130 \<^descr> @{ML Variable.polymorphic}~\<open>ctxt ts\<close> generalizes type variables in \<open>ts\<close> as |
136 difference of the \<open>inner\<close> and \<open>outer\<close> context, |
131 far as possible, even those occurring in fixed term variables. The default |
137 following the principles sketched above. |
132 policy of type-inference is to fix newly introduced type variables, which is |
138 |
133 essentially reversed with @{ML Variable.polymorphic}: here the given terms |
139 \<^descr> @{ML Variable.polymorphic}~\<open>ctxt ts\<close> generalizes type |
134 are detached from the context as far as possible. |
140 variables in \<open>ts\<close> as far as possible, even those occurring |
135 |
141 in fixed term variables. The default policy of type-inference is to |
136 \<^descr> @{ML Variable.import}~\<open>open thms ctxt\<close> invents fixed type and term |
142 fix newly introduced type variables, which is essentially reversed |
137 variables for the schematic ones occurring in \<open>thms\<close>. The \<open>open\<close> flag |
143 with @{ML Variable.polymorphic}: here the given terms are detached |
138 indicates whether the fixed names should be accessible to the user, |
144 from the context as far as possible. |
139 otherwise newly introduced names are marked as ``internal'' |
145 |
140 (\secref{sec:names}). |
146 \<^descr> @{ML Variable.import}~\<open>open thms ctxt\<close> invents fixed |
141 |
147 type and term variables for the schematic ones occurring in \<open>thms\<close>. The \<open>open\<close> flag indicates whether the fixed names |
142 \<^descr> @{ML Variable.focus}~\<open>bindings B\<close> decomposes the outermost \<open>\<And>\<close> prefix of |
148 should be accessible to the user, otherwise newly introduced names |
143 proposition \<open>B\<close>, using the given name bindings. |
149 are marked as ``internal'' (\secref{sec:names}). |
144 \<close> |
150 |
145 |
151 \<^descr> @{ML Variable.focus}~\<open>bindings B\<close> decomposes the outermost \<open>\<And>\<close> prefix of proposition \<open>B\<close>, using the given name bindings. |
146 text %mlex \<open> |
152 \<close> |
147 The following example shows how to work with fixed term and type parameters |
153 |
148 and with type-inference. |
154 text %mlex \<open>The following example shows how to work with fixed term |
149 \<close> |
155 and type parameters and with type-inference.\<close> |
|
156 |
150 |
157 ML_val \<open> |
151 ML_val \<open> |
158 (*static compile-time context -- for testing only*) |
152 (*static compile-time context -- for testing only*) |
159 val ctxt0 = @{context}; |
153 val ctxt0 = @{context}; |
160 |
154 |
171 (*official declaration of u -- propagates constraints etc.*) |
165 (*official declaration of u -- propagates constraints etc.*) |
172 val ctxt2 = ctxt1 |> Variable.declare_term u; |
166 val ctxt2 = ctxt1 |> Variable.declare_term u; |
173 val t2 = Syntax.read_term ctxt2 "x"; (*x::nat is enforced*) |
167 val t2 = Syntax.read_term ctxt2 "x"; (*x::nat is enforced*) |
174 \<close> |
168 \<close> |
175 |
169 |
176 text \<open>In the above example, the starting context is derived from the |
170 text \<open> |
177 toplevel theory, which means that fixed variables are internalized |
171 In the above example, the starting context is derived from the toplevel |
178 literally: \<open>x\<close> is mapped again to \<open>x\<close>, and |
172 theory, which means that fixed variables are internalized literally: \<open>x\<close> is |
179 attempting to fix it again in the subsequent context is an error. |
173 mapped again to \<open>x\<close>, and attempting to fix it again in the subsequent |
180 Alternatively, fixed parameters can be renamed explicitly as |
174 context is an error. Alternatively, fixed parameters can be renamed |
181 follows:\<close> |
175 explicitly as follows: |
|
176 \<close> |
182 |
177 |
183 ML_val \<open> |
178 ML_val \<open> |
184 val ctxt0 = @{context}; |
179 val ctxt0 = @{context}; |
185 val ([x1, x2, x3], ctxt1) = |
180 val ([x1, x2, x3], ctxt1) = |
186 ctxt0 |> Variable.variant_fixes ["x", "x", "x"]; |
181 ctxt0 |> Variable.variant_fixes ["x", "x", "x"]; |
187 \<close> |
182 \<close> |
188 |
183 |
189 text \<open>The following ML code can now work with the invented names of |
184 text \<open> |
190 \<open>x1\<close>, \<open>x2\<close>, \<open>x3\<close>, without depending on |
185 The following ML code can now work with the invented names of \<open>x1\<close>, \<open>x2\<close>, |
191 the details on the system policy for introducing these variants. |
186 \<open>x3\<close>, without depending on the details on the system policy for introducing |
192 Recall that within a proof body the system always invents fresh |
187 these variants. Recall that within a proof body the system always invents |
193 ``Skolem constants'', e.g.\ as follows:\<close> |
188 fresh ``Skolem constants'', e.g.\ as follows: |
|
189 \<close> |
194 |
190 |
195 notepad |
191 notepad |
196 begin |
192 begin |
197 ML_prf %"ML" |
193 ML_prf %"ML" |
198 \<open>val ctxt0 = @{context}; |
194 \<open>val ctxt0 = @{context}; |
203 |
199 |
204 val ([y1, y2], ctxt4) = |
200 val ([y1, y2], ctxt4) = |
205 ctxt3 |> Variable.variant_fixes ["y", "y"];\<close> |
201 ctxt3 |> Variable.variant_fixes ["y", "y"];\<close> |
206 end |
202 end |
207 |
203 |
208 text \<open>In this situation @{ML Variable.add_fixes} and @{ML |
204 text \<open> |
209 Variable.variant_fixes} are very similar, but identical name |
205 In this situation @{ML Variable.add_fixes} and @{ML Variable.variant_fixes} |
210 proposals given in a row are only accepted by the second version. |
206 are very similar, but identical name proposals given in a row are only |
|
207 accepted by the second version. |
211 \<close> |
208 \<close> |
212 |
209 |
213 |
210 |
214 section \<open>Assumptions \label{sec:assumptions}\<close> |
211 section \<open>Assumptions \label{sec:assumptions}\<close> |
215 |
212 |
216 text \<open> |
213 text \<open> |
217 An \<^emph>\<open>assumption\<close> is a proposition that it is postulated in the |
214 An \<^emph>\<open>assumption\<close> is a proposition that it is postulated in the current |
218 current context. Local conclusions may use assumptions as |
215 context. Local conclusions may use assumptions as additional facts, but this |
219 additional facts, but this imposes implicit hypotheses that weaken |
216 imposes implicit hypotheses that weaken the overall statement. |
220 the overall statement. |
217 |
221 |
218 Assumptions are restricted to fixed non-schematic statements, i.e.\ all |
222 Assumptions are restricted to fixed non-schematic statements, i.e.\ |
219 generality needs to be expressed by explicit quantifiers. Nevertheless, the |
223 all generality needs to be expressed by explicit quantifiers. |
220 result will be in HHF normal form with outermost quantifiers stripped. For |
224 Nevertheless, the result will be in HHF normal form with outermost |
221 example, by assuming \<open>\<And>x :: \<alpha>. P x\<close> we get \<open>\<And>x :: \<alpha>. P x \<turnstile> P ?x\<close> for |
225 quantifiers stripped. For example, by assuming \<open>\<And>x :: \<alpha>. P |
222 schematic \<open>?x\<close> of fixed type \<open>\<alpha>\<close>. Local derivations accumulate more and more |
226 x\<close> we get \<open>\<And>x :: \<alpha>. P x \<turnstile> P ?x\<close> for schematic \<open>?x\<close> |
223 explicit references to hypotheses: \<open>A\<^sub>1, \<dots>, A\<^sub>n \<turnstile> B\<close> where \<open>A\<^sub>1, \<dots>, A\<^sub>n\<close> |
227 of fixed type \<open>\<alpha>\<close>. Local derivations accumulate more and |
224 needs to be covered by the assumptions of the current context. |
228 more explicit references to hypotheses: \<open>A\<^sub>1, \<dots>, |
225 |
229 A\<^sub>n \<turnstile> B\<close> where \<open>A\<^sub>1, \<dots>, A\<^sub>n\<close> needs to |
226 \<^medskip> |
230 be covered by the assumptions of the current context. |
227 The \<open>add_assms\<close> operation augments the context by local assumptions, which |
231 |
228 are parameterized by an arbitrary \<open>export\<close> rule (see below). |
232 \<^medskip> |
229 |
233 The \<open>add_assms\<close> operation augments the context by |
230 The \<open>export\<close> operation moves facts from a (larger) inner context into a |
234 local assumptions, which are parameterized by an arbitrary \<open>export\<close> rule (see below). |
231 (smaller) outer context, by discharging the difference of the assumptions as |
235 |
232 specified by the associated export rules. Note that the discharged portion |
236 The \<open>export\<close> operation moves facts from a (larger) inner |
233 is determined by the difference of contexts, not the facts being exported! |
237 context into a (smaller) outer context, by discharging the |
234 There is a separate flag to indicate a goal context, where the result is |
238 difference of the assumptions as specified by the associated export |
235 meant to refine an enclosing sub-goal of a structured proof state. |
239 rules. Note that the discharged portion is determined by the |
236 |
240 difference of contexts, not the facts being exported! There is a |
237 \<^medskip> |
241 separate flag to indicate a goal context, where the result is meant |
238 The most basic export rule discharges assumptions directly by means of the |
242 to refine an enclosing sub-goal of a structured proof state. |
239 \<open>\<Longrightarrow>\<close> introduction rule: |
243 |
|
244 \<^medskip> |
|
245 The most basic export rule discharges assumptions directly |
|
246 by means of the \<open>\<Longrightarrow>\<close> introduction rule: |
|
247 \[ |
240 \[ |
248 \infer[(\<open>\<Longrightarrow>\<hyphen>intro\<close>)]{\<open>\<Gamma> - A \<turnstile> A \<Longrightarrow> B\<close>}{\<open>\<Gamma> \<turnstile> B\<close>} |
241 \infer[(\<open>\<Longrightarrow>\<hyphen>intro\<close>)]{\<open>\<Gamma> - A \<turnstile> A \<Longrightarrow> B\<close>}{\<open>\<Gamma> \<turnstile> B\<close>} |
249 \] |
242 \] |
250 |
243 |
251 The variant for goal refinements marks the newly introduced |
244 The variant for goal refinements marks the newly introduced premises, which |
252 premises, which causes the canonical Isar goal refinement scheme to |
245 causes the canonical Isar goal refinement scheme to enforce unification with |
253 enforce unification with local premises within the goal: |
246 local premises within the goal: |
254 \[ |
247 \[ |
255 \infer[(\<open>#\<Longrightarrow>\<hyphen>intro\<close>)]{\<open>\<Gamma> - A \<turnstile> #A \<Longrightarrow> B\<close>}{\<open>\<Gamma> \<turnstile> B\<close>} |
248 \infer[(\<open>#\<Longrightarrow>\<hyphen>intro\<close>)]{\<open>\<Gamma> - A \<turnstile> #A \<Longrightarrow> B\<close>}{\<open>\<Gamma> \<turnstile> B\<close>} |
256 \] |
249 \] |
257 |
250 |
258 \<^medskip> |
251 \<^medskip> |
259 Alternative versions of assumptions may perform arbitrary |
252 Alternative versions of assumptions may perform arbitrary transformations on |
260 transformations on export, as long as the corresponding portion of |
253 export, as long as the corresponding portion of hypotheses is removed from |
261 hypotheses is removed from the given facts. For example, a local |
254 the given facts. For example, a local definition works by fixing \<open>x\<close> and |
262 definition works by fixing \<open>x\<close> and assuming \<open>x \<equiv> t\<close>, |
255 assuming \<open>x \<equiv> t\<close>, with the following export rule to reverse the effect: |
263 with the following export rule to reverse the effect: |
|
264 \[ |
256 \[ |
265 \infer[(\<open>\<equiv>\<hyphen>expand\<close>)]{\<open>\<Gamma> - (x \<equiv> t) \<turnstile> B t\<close>}{\<open>\<Gamma> \<turnstile> B x\<close>} |
257 \infer[(\<open>\<equiv>\<hyphen>expand\<close>)]{\<open>\<Gamma> - (x \<equiv> t) \<turnstile> B t\<close>}{\<open>\<Gamma> \<turnstile> B x\<close>} |
266 \] |
258 \] |
267 This works, because the assumption \<open>x \<equiv> t\<close> was introduced in |
259 This works, because the assumption \<open>x \<equiv> t\<close> was introduced in a context with |
268 a context with \<open>x\<close> being fresh, so \<open>x\<close> does not |
260 \<open>x\<close> being fresh, so \<open>x\<close> does not occur in \<open>\<Gamma>\<close> here. |
269 occur in \<open>\<Gamma>\<close> here. |
|
270 \<close> |
261 \<close> |
271 |
262 |
272 text %mlref \<open> |
263 text %mlref \<open> |
273 \begin{mldecls} |
264 \begin{mldecls} |
274 @{index_ML_type Assumption.export} \\ |
265 @{index_ML_type Assumption.export} \\ |
279 @{index_ML Assumption.add_assumes: " |
270 @{index_ML Assumption.add_assumes: " |
280 cterm list -> Proof.context -> thm list * Proof.context"} \\ |
271 cterm list -> Proof.context -> thm list * Proof.context"} \\ |
281 @{index_ML Assumption.export: "bool -> Proof.context -> Proof.context -> thm -> thm"} \\ |
272 @{index_ML Assumption.export: "bool -> Proof.context -> Proof.context -> thm -> thm"} \\ |
282 \end{mldecls} |
273 \end{mldecls} |
283 |
274 |
284 \<^descr> Type @{ML_type Assumption.export} represents arbitrary export |
275 \<^descr> Type @{ML_type Assumption.export} represents arbitrary export rules, which |
285 rules, which is any function of type @{ML_type "bool -> cterm list |
276 is any function of type @{ML_type "bool -> cterm list -> thm -> thm"}, where |
286 -> thm -> thm"}, where the @{ML_type "bool"} indicates goal mode, |
277 the @{ML_type "bool"} indicates goal mode, and the @{ML_type "cterm list"} |
287 and the @{ML_type "cterm list"} the collection of assumptions to be |
278 the collection of assumptions to be discharged simultaneously. |
288 discharged simultaneously. |
279 |
289 |
280 \<^descr> @{ML Assumption.assume}~\<open>ctxt A\<close> turns proposition \<open>A\<close> into a primitive |
290 \<^descr> @{ML Assumption.assume}~\<open>ctxt A\<close> turns proposition \<open>A\<close> into a primitive assumption \<open>A \<turnstile> A'\<close>, where the |
281 assumption \<open>A \<turnstile> A'\<close>, where the conclusion \<open>A'\<close> is in HHF normal form. |
291 conclusion \<open>A'\<close> is in HHF normal form. |
282 |
292 |
283 \<^descr> @{ML Assumption.add_assms}~\<open>r As\<close> augments the context by assumptions \<open>As\<close> |
293 \<^descr> @{ML Assumption.add_assms}~\<open>r As\<close> augments the context |
284 with export rule \<open>r\<close>. The resulting facts are hypothetical theorems as |
294 by assumptions \<open>As\<close> with export rule \<open>r\<close>. The |
285 produced by the raw @{ML Assumption.assume}. |
295 resulting facts are hypothetical theorems as produced by the raw |
286 |
296 @{ML Assumption.assume}. |
287 \<^descr> @{ML Assumption.add_assumes}~\<open>As\<close> is a special case of @{ML |
297 |
288 Assumption.add_assms} where the export rule performs \<open>\<Longrightarrow>\<hyphen>intro\<close> or |
298 \<^descr> @{ML Assumption.add_assumes}~\<open>As\<close> is a special case of |
289 \<open>#\<Longrightarrow>\<hyphen>intro\<close>, depending on goal mode. |
299 @{ML Assumption.add_assms} where the export rule performs \<open>\<Longrightarrow>\<hyphen>intro\<close> or \<open>#\<Longrightarrow>\<hyphen>intro\<close>, depending on goal |
290 |
300 mode. |
291 \<^descr> @{ML Assumption.export}~\<open>is_goal inner outer thm\<close> exports result \<open>thm\<close> |
301 |
292 from the the \<open>inner\<close> context back into the \<open>outer\<close> one; \<open>is_goal = true\<close> |
302 \<^descr> @{ML Assumption.export}~\<open>is_goal inner outer thm\<close> |
293 means this is a goal context. The result is in HHF normal form. Note that |
303 exports result \<open>thm\<close> from the the \<open>inner\<close> context |
294 @{ML "Proof_Context.export"} combines @{ML "Variable.export"} and @{ML |
304 back into the \<open>outer\<close> one; \<open>is_goal = true\<close> means |
295 "Assumption.export"} in the canonical way. |
305 this is a goal context. The result is in HHF normal form. Note |
296 \<close> |
306 that @{ML "Proof_Context.export"} combines @{ML "Variable.export"} |
297 |
307 and @{ML "Assumption.export"} in the canonical way. |
298 text %mlex \<open> |
308 \<close> |
299 The following example demonstrates how rules can be derived by building up a |
309 |
300 context of assumptions first, and exporting some local fact afterwards. We |
310 text %mlex \<open>The following example demonstrates how rules can be |
301 refer to @{theory Pure} equality here for testing purposes. |
311 derived by building up a context of assumptions first, and exporting |
|
312 some local fact afterwards. We refer to @{theory Pure} equality |
|
313 here for testing purposes. |
|
314 \<close> |
302 \<close> |
315 |
303 |
316 ML_val \<open> |
304 ML_val \<open> |
317 (*static compile-time context -- for testing only*) |
305 (*static compile-time context -- for testing only*) |
318 val ctxt0 = @{context}; |
306 val ctxt0 = @{context}; |
323 |
311 |
324 (*back to original context -- discharges assumption*) |
312 (*back to original context -- discharges assumption*) |
325 val r = Assumption.export false ctxt1 ctxt0 eq'; |
313 val r = Assumption.export false ctxt1 ctxt0 eq'; |
326 \<close> |
314 \<close> |
327 |
315 |
328 text \<open>Note that the variables of the resulting rule are not |
316 text \<open> |
329 generalized. This would have required to fix them properly in the |
317 Note that the variables of the resulting rule are not generalized. This |
330 context beforehand, and export wrt.\ variables afterwards (cf.\ @{ML |
318 would have required to fix them properly in the context beforehand, and |
331 Variable.export} or the combined @{ML "Proof_Context.export"}).\<close> |
319 export wrt.\ variables afterwards (cf.\ @{ML Variable.export} or the |
|
320 combined @{ML "Proof_Context.export"}). |
|
321 \<close> |
332 |
322 |
333 |
323 |
334 section \<open>Structured goals and results \label{sec:struct-goals}\<close> |
324 section \<open>Structured goals and results \label{sec:struct-goals}\<close> |
335 |
325 |
336 text \<open> |
326 text \<open> |
337 Local results are established by monotonic reasoning from facts |
327 Local results are established by monotonic reasoning from facts within a |
338 within a context. This allows common combinations of theorems, |
328 context. This allows common combinations of theorems, e.g.\ via \<open>\<And>/\<Longrightarrow>\<close> |
339 e.g.\ via \<open>\<And>/\<Longrightarrow>\<close> elimination, resolution rules, or equational |
329 elimination, resolution rules, or equational reasoning, see |
340 reasoning, see \secref{sec:thms}. Unaccounted context manipulations |
330 \secref{sec:thms}. Unaccounted context manipulations should be avoided, |
341 should be avoided, notably raw \<open>\<And>/\<Longrightarrow>\<close> introduction or ad-hoc |
331 notably raw \<open>\<And>/\<Longrightarrow>\<close> introduction or ad-hoc references to free variables or |
342 references to free variables or assumptions not present in the proof |
332 assumptions not present in the proof context. |
343 context. |
333 |
344 |
334 \<^medskip> |
345 \<^medskip> |
335 The \<open>SUBPROOF\<close> combinator allows to structure a tactical proof recursively |
346 The \<open>SUBPROOF\<close> combinator allows to structure a |
336 by decomposing a selected sub-goal: \<open>(\<And>x. A(x) \<Longrightarrow> B(x)) \<Longrightarrow> \<dots>\<close> is turned into |
347 tactical proof recursively by decomposing a selected sub-goal: |
337 \<open>B(x) \<Longrightarrow> \<dots>\<close> after fixing \<open>x\<close> and assuming \<open>A(x)\<close>. This means the tactic needs |
348 \<open>(\<And>x. A(x) \<Longrightarrow> B(x)) \<Longrightarrow> \<dots>\<close> is turned into \<open>B(x) \<Longrightarrow> \<dots>\<close> |
338 to solve the conclusion, but may use the premise as a local fact, for |
349 after fixing \<open>x\<close> and assuming \<open>A(x)\<close>. This means |
339 locally fixed variables. |
350 the tactic needs to solve the conclusion, but may use the premise as |
340 |
351 a local fact, for locally fixed variables. |
341 The family of \<open>FOCUS\<close> combinators is similar to \<open>SUBPROOF\<close>, but allows to |
352 |
342 retain schematic variables and pending subgoals in the resulting goal state. |
353 The family of \<open>FOCUS\<close> combinators is similar to \<open>SUBPROOF\<close>, but allows to retain schematic variables and pending |
343 |
354 subgoals in the resulting goal state. |
344 The \<open>prove\<close> operation provides an interface for structured backwards |
355 |
345 reasoning under program control, with some explicit sanity checks of the |
356 The \<open>prove\<close> operation provides an interface for structured |
346 result. The goal context can be augmented by additional fixed variables |
357 backwards reasoning under program control, with some explicit sanity |
347 (cf.\ \secref{sec:variables}) and assumptions (cf.\ |
358 checks of the result. The goal context can be augmented by |
348 \secref{sec:assumptions}), which will be available as local facts during the |
359 additional fixed variables (cf.\ \secref{sec:variables}) and |
349 proof and discharged into implications in the result. Type and term |
360 assumptions (cf.\ \secref{sec:assumptions}), which will be available |
350 variables are generalized as usual, according to the context. |
361 as local facts during the proof and discharged into implications in |
351 |
362 the result. Type and term variables are generalized as usual, |
352 The \<open>obtain\<close> operation produces results by eliminating existing facts by |
363 according to the context. |
353 means of a given tactic. This acts like a dual conclusion: the proof |
364 |
354 demonstrates that the context may be augmented by parameters and |
365 The \<open>obtain\<close> operation produces results by eliminating |
355 assumptions, without affecting any conclusions that do not mention these |
366 existing facts by means of a given tactic. This acts like a dual |
356 parameters. See also @{cite "isabelle-isar-ref"} for the user-level |
367 conclusion: the proof demonstrates that the context may be augmented |
357 @{command obtain} and @{command guess} elements. Final results, which may |
368 by parameters and assumptions, without affecting any conclusions |
358 not refer to the parameters in the conclusion, need to exported explicitly |
369 that do not mention these parameters. See also |
359 into the original context.\<close> |
370 @{cite "isabelle-isar-ref"} for the user-level @{command obtain} and |
|
371 @{command guess} elements. Final results, which may not refer to |
|
372 the parameters in the conclusion, need to exported explicitly into |
|
373 the original context.\<close> |
|
374 |
360 |
375 text %mlref \<open> |
361 text %mlref \<open> |
376 \begin{mldecls} |
362 \begin{mldecls} |
377 @{index_ML SUBPROOF: "(Subgoal.focus -> tactic) -> |
363 @{index_ML SUBPROOF: "(Subgoal.focus -> tactic) -> |
378 Proof.context -> int -> tactic"} \\ |
364 Proof.context -> int -> tactic"} \\ |
400 \begin{mldecls} |
386 \begin{mldecls} |
401 @{index_ML Obtain.result: "(Proof.context -> tactic) -> thm list -> |
387 @{index_ML Obtain.result: "(Proof.context -> tactic) -> thm list -> |
402 Proof.context -> ((string * cterm) list * thm list) * Proof.context"} \\ |
388 Proof.context -> ((string * cterm) list * thm list) * Proof.context"} \\ |
403 \end{mldecls} |
389 \end{mldecls} |
404 |
390 |
405 \<^descr> @{ML SUBPROOF}~\<open>tac ctxt i\<close> decomposes the structure |
391 \<^descr> @{ML SUBPROOF}~\<open>tac ctxt i\<close> decomposes the structure of the specified |
406 of the specified sub-goal, producing an extended context and a |
392 sub-goal, producing an extended context and a reduced goal, which needs to |
407 reduced goal, which needs to be solved by the given tactic. All |
393 be solved by the given tactic. All schematic parameters of the goal are |
408 schematic parameters of the goal are imported into the context as |
394 imported into the context as fixed ones, which may not be instantiated in |
409 fixed ones, which may not be instantiated in the sub-proof. |
395 the sub-proof. |
410 |
396 |
411 \<^descr> @{ML Subgoal.FOCUS}, @{ML Subgoal.FOCUS_PREMS}, and @{ML |
397 \<^descr> @{ML Subgoal.FOCUS}, @{ML Subgoal.FOCUS_PREMS}, and @{ML |
412 Subgoal.FOCUS_PARAMS} are similar to @{ML SUBPROOF}, but are |
398 Subgoal.FOCUS_PARAMS} are similar to @{ML SUBPROOF}, but are slightly more |
413 slightly more flexible: only the specified parts of the subgoal are |
399 flexible: only the specified parts of the subgoal are imported into the |
414 imported into the context, and the body tactic may introduce new |
400 context, and the body tactic may introduce new subgoals and schematic |
415 subgoals and schematic variables. |
401 variables. |
416 |
402 |
417 \<^descr> @{ML Subgoal.focus}, @{ML Subgoal.focus_prems}, @{ML |
403 \<^descr> @{ML Subgoal.focus}, @{ML Subgoal.focus_prems}, @{ML Subgoal.focus_params} |
418 Subgoal.focus_params} extract the focus information from a goal |
404 extract the focus information from a goal state in the same way as the |
419 state in the same way as the corresponding tacticals above. This is |
405 corresponding tacticals above. This is occasionally useful to experiment |
420 occasionally useful to experiment without writing actual tactics |
406 without writing actual tactics yet. |
421 yet. |
407 |
422 |
408 \<^descr> @{ML Goal.prove}~\<open>ctxt xs As C tac\<close> states goal \<open>C\<close> in the context |
423 \<^descr> @{ML Goal.prove}~\<open>ctxt xs As C tac\<close> states goal \<open>C\<close> in the context augmented by fixed variables \<open>xs\<close> and |
409 augmented by fixed variables \<open>xs\<close> and assumptions \<open>As\<close>, and applies tactic |
424 assumptions \<open>As\<close>, and applies tactic \<open>tac\<close> to solve |
410 \<open>tac\<close> to solve it. The latter may depend on the local assumptions being |
425 it. The latter may depend on the local assumptions being presented |
411 presented as facts. The result is in HHF normal form. |
426 as facts. The result is in HHF normal form. |
412 |
427 |
413 \<^descr> @{ML Goal.prove_common}~\<open>ctxt fork_pri\<close> is the common form to state and |
428 \<^descr> @{ML Goal.prove_common}~\<open>ctxt fork_pri\<close> is the common form |
414 prove a simultaneous goal statement, where @{ML Goal.prove} is a convenient |
429 to state and prove a simultaneous goal statement, where @{ML Goal.prove} |
415 shorthand that is most frequently used in applications. |
430 is a convenient shorthand that is most frequently used in applications. |
|
431 |
416 |
432 The given list of simultaneous conclusions is encoded in the goal state by |
417 The given list of simultaneous conclusions is encoded in the goal state by |
433 means of Pure conjunction: @{ML Goal.conjunction_tac} will turn this into |
418 means of Pure conjunction: @{ML Goal.conjunction_tac} will turn this into a |
434 a collection of individual subgoals, but note that the original multi-goal |
419 collection of individual subgoals, but note that the original multi-goal |
435 state is usually required for advanced induction. |
420 state is usually required for advanced induction. |
436 |
421 |
437 It is possible to provide an optional priority for a forked proof, |
422 It is possible to provide an optional priority for a forked proof, typically |
438 typically @{ML "SOME ~1"}, while @{ML NONE} means the proof is immediate |
423 @{ML "SOME ~1"}, while @{ML NONE} means the proof is immediate (sequential) |
439 (sequential) as for @{ML Goal.prove}. Note that a forked proof does not |
424 as for @{ML Goal.prove}. Note that a forked proof does not exhibit any |
440 exhibit any failures in the usual way via exceptions in ML, but |
425 failures in the usual way via exceptions in ML, but accumulates error |
441 accumulates error situations under the execution id of the running |
426 situations under the execution id of the running transaction. Thus the |
442 transaction. Thus the system is able to expose error messages ultimately |
427 system is able to expose error messages ultimately to the end-user, even |
443 to the end-user, even though the subsequent ML code misses them. |
428 though the subsequent ML code misses them. |
444 |
429 |
445 \<^descr> @{ML Obtain.result}~\<open>tac thms ctxt\<close> eliminates the |
430 \<^descr> @{ML Obtain.result}~\<open>tac thms ctxt\<close> eliminates the given facts using a |
446 given facts using a tactic, which results in additional fixed |
431 tactic, which results in additional fixed variables and assumptions in the |
447 variables and assumptions in the context. Final results need to be |
432 context. Final results need to be exported explicitly. |
448 exported explicitly. |
433 \<close> |
449 \<close> |
434 |
450 |
435 text %mlex \<open> |
451 text %mlex \<open>The following minimal example illustrates how to access |
436 The following minimal example illustrates how to access the focus |
452 the focus information of a structured goal state.\<close> |
437 information of a structured goal state. |
|
438 \<close> |
453 |
439 |
454 notepad |
440 notepad |
455 begin |
441 begin |
456 fix A B C :: "'a \<Rightarrow> bool" |
442 fix A B C :: "'a \<Rightarrow> bool" |
457 |
443 |