38 \railterm{ruleformat} |
38 \railterm{ruleformat} |
39 |
39 |
40 \begin{rail} |
40 \begin{rail} |
41 'judgment' constdecl |
41 'judgment' constdecl |
42 ; |
42 ; |
43 ruleformat ('(' noasm ')')? |
43 atomize ('(' 'full' ')')? |
|
44 ; |
|
45 ruleformat ('(' 'noasm' ')')? |
44 ; |
46 ; |
45 \end{rail} |
47 \end{rail} |
46 |
48 |
47 \begin{descr} |
49 \begin{descr} |
48 |
50 |
49 \item [$\isarkeyword{judgment}~c::\sigma~~syn$] declares constant $c$ as the |
51 \item [$\isarkeyword{judgment}~c::\sigma~~syn$] declares constant $c$ as the |
50 truth judgment of the current object-logic. Its type $\sigma$ should |
52 truth judgment of the current object-logic. Its type $\sigma$ should |
51 specify a coercion of the category of object-level propositions to $prop$ of |
53 specify a coercion of the category of object-level propositions to $prop$ of |
52 the Pure meta-logic; the mixfix annotation $syn$ would typically just link |
54 the Pure meta-logic; the mixfix annotation $syn$ would typically just link |
53 the object language (internally of syntactic category $logic$) with that of |
55 the object language (internally of syntactic category $logic$) with that of |
54 $prop$. Only one $\isarkeyword{judgment}$ declaration may be given in any |
56 $prop$. Only one $\isarkeyword{judgment}$ declaration may be given in any |
55 theory development. |
57 theory development. |
56 |
58 |
57 \item [$atomize$] (as a method) rewrites any non-atomic premises of a |
59 \item [$atomize$] (as a method) rewrites any non-atomic premises of a |
58 sub-goal, using the meta-level equations declared via $atomize$ (as an |
60 sub-goal, using the meta-level equations declared via $atomize$ (as an |
59 attribute) beforehand. As a result, heavily nested goals become amenable to |
61 attribute) beforehand. As a result, heavily nested goals become amenable to |
60 fundamental operations such as resolution (cf.\ the $rule$ method) and |
62 fundamental operations such as resolution (cf.\ the $rule$ method) and |
61 proof-by-assumption (cf.\ $assumption$). |
63 proof-by-assumption (cf.\ $assumption$). Giving the ``$(full)$'' option |
62 |
64 here means to turn the subgoal into an object-statement (if possible), |
|
65 including the outermost parameters and assumptions as well. |
|
66 |
63 A typical collection of $atomize$ rules for a particular object-logic would |
67 A typical collection of $atomize$ rules for a particular object-logic would |
64 provide an internalization for each of the connectives of $\Forall$, $\Imp$, |
68 provide an internalization for each of the connectives of $\Forall$, $\Imp$, |
65 and $\equiv$. Meta-level conjunction expressed in the manner of minimal |
69 and $\equiv$. Meta-level conjunction expressed in the manner of minimal |
66 higher-order logic as $\All{\PROP\,C} (A \Imp B \Imp \PROP\,C) \Imp PROP\,C$ |
70 higher-order logic as $\All{\PROP\,C} (A \Imp B \Imp \PROP\,C) \Imp PROP\,C$ |
67 should be covered as well (this is particularly important for locales, see |
71 should be covered as well (this is particularly important for locales, see |
68 \S\ref{sec:locale}). |
72 \S\ref{sec:locale}). |
69 |
73 |
70 \item [$rule_format$] rewrites a theorem by the equalities declared as |
74 \item [$rule_format$] rewrites a theorem by the equalities declared as |
71 $rulify$ rules in the current object-logic. By default, the result is fully |
75 $rulify$ rules in the current object-logic. By default, the result is fully |
72 normalized, including assumptions and conclusions at any depth. The |
76 normalized, including assumptions and conclusions at any depth. The |
73 $no_asm$ option restricts the transformation to the conclusion of a rule. |
77 $no_asm$ option restricts the transformation to the conclusion of a rule. |
74 |
78 |
75 In common object-logics (HOL, FOL, ZF), the effect of $rule_format$ is to |
79 In common object-logics (HOL, FOL, ZF), the effect of $rule_format$ is to |
76 replace (bounded) universal quantification ($\forall$) and implication |
80 replace (bounded) universal quantification ($\forall$) and implication |
77 ($\imp$) by the corresponding rule statements over $\Forall$ and $\Imp$. |
81 ($\imp$) by the corresponding rule statements over $\Forall$ and $\Imp$. |
78 |
82 |
79 \end{descr} |
83 \end{descr} |
95 'typedef' parname? typespec infix? '=' term |
99 'typedef' parname? typespec infix? '=' term |
96 ; |
100 ; |
97 \end{rail} |
101 \end{rail} |
98 |
102 |
99 \begin{descr} |
103 \begin{descr} |
|
104 |
100 \item [$\isarkeyword{typedecl}~(\vec\alpha)t$] is similar to the original |
105 \item [$\isarkeyword{typedecl}~(\vec\alpha)t$] is similar to the original |
101 $\isarkeyword{typedecl}$ of Isabelle/Pure (see \S\ref{sec:types-pure}), but |
106 $\isarkeyword{typedecl}$ of Isabelle/Pure (see \S\ref{sec:types-pure}), but |
102 also declares type arity $t :: (term, \dots, term) term$, making $t$ an |
107 also declares type arity $t :: (term, \dots, term) term$, making $t$ an |
103 actual HOL type constructor. |
108 actual HOL type constructor. |
|
109 |
104 \item [$\isarkeyword{typedef}~(\vec\alpha)t = A$] sets up a goal stating |
110 \item [$\isarkeyword{typedef}~(\vec\alpha)t = A$] sets up a goal stating |
105 non-emptiness of the set $A$. After finishing the proof, the theory will be |
111 non-emptiness of the set $A$. After finishing the proof, the theory will be |
106 augmented by a Gordon/HOL-style type definition. See \cite{isabelle-HOL} |
112 augmented by a Gordon/HOL-style type definition, which establishes a |
107 for more information. Note that user-level theories usually do not directly |
113 bijection between the representing set $A$ and the new type $t$. |
108 refer to the HOL $\isarkeyword{typedef}$ primitive, but use more advanced |
114 |
109 packages such as $\isarkeyword{record}$ (see \S\ref{sec:hol-record}) and |
115 Technically, $\isarkeyword{typedef}$ defines both a type $t$ and a set (term |
110 $\isarkeyword{datatype}$ (see \S\ref{sec:hol-datatype}). |
116 constant) of the same name. The injection from type to set is called |
|
117 $Rep_t$, its inverse $Abs_t$. Theorems $Rep_t$, $Rep_inverse$, and |
|
118 $Abs_inverse$ provide the most basic characterization as a corresponding |
|
119 injection/surjection pair (in both directions). Rules $Rep_t_inject$ and |
|
120 $Abs_t_inject$ provide a slightly more comfortable view on the injectivity |
|
121 part; likewise do $Rep_t_cases$, $Rep_t_induct$, and $Abs_t_cases$, |
|
122 $Abs_t_induct$ for surjectivity. The latter rules are already declare as |
|
123 type or set rules for the generic $cases$ and $induct$ methods. |
111 \end{descr} |
124 \end{descr} |
112 |
125 |
113 |
126 Raw type declarations are rarely useful in practice. The main application is |
114 \subsection{Low-level tuples} |
127 with experimental (or even axiomatic!) theory fragments. Instead of primitive |
|
128 HOL type definitions, user-level theories usually refer to higher-level |
|
129 packages such as $\isarkeyword{record}$ (see \S\ref{sec:hol-record}) or |
|
130 $\isarkeyword{datatype}$ (see \S\ref{sec:hol-datatype}). |
|
131 |
|
132 |
|
133 \subsection{Adhoc tuples} |
115 |
134 |
116 \indexisarattof{HOL}{split-format} |
135 \indexisarattof{HOL}{split-format} |
117 \begin{matharray}{rcl} |
136 \begin{matharray}{rcl} |
118 split_format^* & : & \isaratt \\ |
137 split_format^* & : & \isaratt \\ |
119 \end{matharray} |
138 \end{matharray} |
126 splitformat (((name * ) + 'and') | ('(' complete ')')) |
145 splitformat (((name * ) + 'and') | ('(' complete ')')) |
127 ; |
146 ; |
128 \end{rail} |
147 \end{rail} |
129 |
148 |
130 \begin{descr} |
149 \begin{descr} |
131 |
150 |
132 \item [$split_format~\vec p@1 \dots \vec p@n$] puts expressions of low-level |
151 \item [$split_format~\vec p@1 \dots \vec p@n$] puts expressions of low-level |
133 tuple types into canonical form as specified by the arguments given; $\vec |
152 tuple types into canonical form as specified by the arguments given; $\vec |
134 p@i$ refers to occurrences in premise $i$ of the rule. The |
153 p@i$ refers to occurrences in premise $i$ of the rule. The |
135 $split_format~(complete)$ form causes \emph{all} arguments in function |
154 $split_format~(complete)$ form causes \emph{all} arguments in function |
136 applications to be represented canonically according to their tuple type |
155 applications to be represented canonically according to their tuple type |
137 structure. |
156 structure. |
138 |
157 |
139 Note that these operations tend to invent funny names for new local |
158 Note that these operations tend to invent funny names for new local |
140 parameters to be introduced. |
159 parameters to be introduced. |
141 |
160 |
142 \end{descr} |
161 \end{descr} |
143 |
162 |
144 |
163 |
145 \subsection{Records}\label{sec:hol-record} |
164 \section{Records}\label{sec:hol-record} |
146 |
165 |
147 FIXME proof tools (simp, cases/induct; no split!?); |
166 In principle, records merely generalize the concept of tuples where components |
148 |
167 may be addressed by labels instead of just position. The logical |
149 FIXME mixfix syntax; |
168 infrastructure of records in Isabelle/HOL is slightly more advanced, though, |
|
169 supporting truly extensible record schemes. This admits operations that are |
|
170 polymorphic with respect to record extension, yielding ``object-oriented'' |
|
171 effects like (single) inheritance. See also \cite{NaraschewskiW-TPHOLs98} for |
|
172 more details on object-oriented verification and record subtyping in HOL. |
|
173 |
|
174 |
|
175 \subsection{Basic concepts} |
|
176 |
|
177 Isabelle/HOL supports both \emph{fixed} and \emph{schematic} records at the |
|
178 level of terms and types. The notation is as follows: |
|
179 |
|
180 \begin{center} |
|
181 \begin{tabular}{l|l|l} |
|
182 & record terms & record types \\ \hline |
|
183 fixed & $\record{x = a\fs y = b}$ & $\record{x \ty A\fs y \ty B}$ \\ |
|
184 schematic & $\record{x = a\fs y = b\fs \more = m}$ & |
|
185 $\record{x \ty A\fs y \ty B\fs \more \ty M}$ \\ |
|
186 \end{tabular} |
|
187 \end{center} |
|
188 |
|
189 \noindent The ASCII representation of $\record{x = a}$ is \texttt{(| x = a |)}. |
|
190 |
|
191 A fixed record $\record{x = a\fs y = b}$ has field $x$ of value $a$ and field |
|
192 $y$ of value $b$. The corresponding type is $\record{x \ty A\fs y \ty B}$, |
|
193 assuming that $a \ty A$ and $b \ty B$. |
|
194 |
|
195 A record scheme like $\record{x = a\fs y = b\fs \more = m}$ contains fields |
|
196 $x$ and $y$ as before, but also possibly further fields as indicated by the |
|
197 ``$\more$'' notation (which is actually part of the syntax). The improper |
|
198 field ``$\more$'' of a record scheme is called the \emph{more part}. |
|
199 Logically it is just a free variable, which is occasionally referred to as |
|
200 \emph{row variable} in the literature. The more part of a record scheme may |
|
201 be instantiated by zero or more further components. For example, the above |
|
202 scheme may get instantiated to $\record{x = a\fs y = b\fs z = c\fs \more = |
|
203 m'}$, where $m'$ refers to a different more part. Fixed records are special |
|
204 instances of record schemes, where ``$\more$'' is properly terminated by the |
|
205 $() :: unit$ element. Actually, $\record{x = a\fs y = b}$ is just an |
|
206 abbreviation for $\record{x = a\fs y = b\fs \more = ()}$. |
|
207 |
|
208 \medskip |
|
209 |
|
210 Two key observations make extensible records in a simply typed language like |
|
211 HOL feasible: |
|
212 \begin{enumerate} |
|
213 \item the more part is internalized, as a free term or type variable, |
|
214 \item field names are externalized, they cannot be accessed within the logic |
|
215 as first-class values. |
|
216 \end{enumerate} |
|
217 |
|
218 \medskip |
|
219 |
|
220 In Isabelle/HOL record types have to be defined explicitly, fixing their field |
|
221 names and types, and their (optional) parent record (see |
|
222 {\S}\ref{sec:hol-record-def}). Afterwards, records may be formed using above |
|
223 syntax, while obeying the canonical order of fields as given by their |
|
224 declaration. The record package provides several standard operations like |
|
225 selectors and updates (see {\S}\ref{sec:hol-record-ops}). The common setup |
|
226 for various generic proof tools enable succinct reasoning patterns (see |
|
227 {\S}\ref{sec:hol-record-thms}). See also the Isabelle/HOL tutorial |
|
228 \cite{isabelle-hol-book} for further instructions on using records in |
|
229 practice. |
|
230 |
|
231 |
|
232 \subsection{Record specifications}\label{sec:hol-record-def} |
150 |
233 |
151 \indexisarcmdof{HOL}{record} |
234 \indexisarcmdof{HOL}{record} |
152 \begin{matharray}{rcl} |
235 \begin{matharray}{rcl} |
153 \isarcmd{record} & : & \isartrans{theory}{theory} \\ |
236 \isarcmd{record} & : & \isartrans{theory}{theory} \\ |
154 \end{matharray} |
237 \end{matharray} |
160 |
243 |
161 \begin{descr} |
244 \begin{descr} |
162 \item [$\isarkeyword{record}~(\vec\alpha)t = \tau + \vec c :: \vec\sigma$] |
245 \item [$\isarkeyword{record}~(\vec\alpha)t = \tau + \vec c :: \vec\sigma$] |
163 defines extensible record type $(\vec\alpha)t$, derived from the optional |
246 defines extensible record type $(\vec\alpha)t$, derived from the optional |
164 parent record $\tau$ by adding new field components $\vec c :: \vec\sigma$. |
247 parent record $\tau$ by adding new field components $\vec c :: \vec\sigma$. |
165 See \cite{isabelle-HOL,NaraschewskiW-TPHOLs98} for more information on |
248 |
166 simply-typed extensible records. |
249 The type variables of $\tau$ and $\vec\sigma$ need to be covered by the |
|
250 (distinct) parameters $\vec\alpha$. Type constructor $t$ has to be new, |
|
251 while $\tau$ needs to specify an instance of an existing record type. At |
|
252 least one new field $\vec c$ has to be specified. Basically, field names |
|
253 need to belong to a unique record. This is not a real restriction in |
|
254 practice, since fields are qualified by the record name internally. |
|
255 |
|
256 The parent record specification $\tau$ is optional; if omitted $t$ becomes a |
|
257 root record. The hierarchy of all records declared within a theory context |
|
258 forms a forest structure, i.e.\ a set of trees starting with a root record |
|
259 each. There is no way to merge multiple parent records! |
|
260 |
|
261 For convenience, $(\vec\alpha) \, t$ is made a type abbreviation for the |
|
262 fixed record type $\record{\vec c \ty \vec\sigma}$, likewise is |
|
263 $(\vec\alpha, \zeta) \, t_scheme$ made an abbreviation for $\record{\vec c |
|
264 \ty \vec\sigma\fs \more \ty \zeta}$. |
|
265 |
167 \end{descr} |
266 \end{descr} |
|
267 |
|
268 \subsection{Record operations}\label{sec:hol-record-ops} |
|
269 |
|
270 Any record definition of the form presented above produces certain standard |
|
271 operations. Selectors and updates are provided for any field, including the |
|
272 improper one ``$more$''. There are also cumulative record constructor |
|
273 functions. To simplify the presentation below, we assume for now that |
|
274 $(\vec\alpha) \, t$ is a root record with fields $\vec c \ty \vec\sigma$. |
|
275 |
|
276 \medskip \textbf{Selectors} and \textbf{updates} are available for any field |
|
277 (including ``$more$''): |
|
278 \begin{matharray}{lll} |
|
279 c@i & \ty & \record{\vec c \ty \vec \sigma, \more \ty \zeta} \To \sigma@i \\ |
|
280 c@i_update & \ty & \sigma@i \To \record{\vec c \ty \vec\sigma, \more \ty \zeta} \To |
|
281 \record{\vec c \ty \vec\sigma, \more \ty \zeta} |
|
282 \end{matharray} |
|
283 |
|
284 There is special syntax for application of updates: $r \, \record{x \asn a}$ |
|
285 abbreviates term $x_update \, a \, r$. Further notation for repeated updates |
|
286 is also available: $r \, \record{x \asn a} \, \record{y \asn b} \, \record{z |
|
287 \asn c}$ may be written $r \, \record{x \asn a\fs y \asn b\fs z \asn c}$. |
|
288 Note that because of postfix notation the order of fields shown here is |
|
289 reverse than in the actual term. Since repeated updates are just function |
|
290 applications, fields may be freely permuted in $\record{x \asn a\fs y \asn |
|
291 b\fs z \asn c}$, as far as logical equality is concerned. Thus |
|
292 commutativity of updates can be proven within the logic for any two fields, |
|
293 but not as a general theorem: fields are not first-class values. |
|
294 |
|
295 \medskip The \textbf{make} operation provides a cumulative record constructor |
|
296 functions: |
|
297 \begin{matharray}{lll} |
|
298 t{\dtt}make & \ty & \vec\sigma \To \record{\vec c \ty \vec \sigma} \\ |
|
299 \end{matharray} |
|
300 |
|
301 \medskip We now reconsider the case of non-root records, which are derived of |
|
302 some parent. In general, the latter may depend on another parent as well, |
|
303 resulting in a list of \emph{ancestor records}. Appending the lists of fields |
|
304 of all ancestors results in a certain field prefix. The record package |
|
305 automatically takes care of this by lifting operations over this context of |
|
306 ancestor fields. Assuming that $(\vec\alpha) \, t$ has ancestor fields $\vec |
|
307 b \ty \vec\rho$, the above record operations will get the following types: |
|
308 \begin{matharray}{lll} |
|
309 c@i & \ty & \record{\vec b \ty \vec\rho, \vec c \ty \vec\sigma, \more \ty |
|
310 \zeta} \To \sigma@i \\ |
|
311 c@i_update & \ty & \sigma@i \To |
|
312 \record{\vec b \ty \vec\rho, \vec c \ty \vec\sigma, \more \ty \zeta} \To |
|
313 \record{\vec b \ty \vec\rho, \vec c \ty \vec\sigma, \more \ty \zeta} \\ |
|
314 t{\dtt}make & \ty & \vec\rho \To \vec\sigma \To |
|
315 \record{\vec b \ty \vec\rho, \vec c \ty \vec \sigma} \\ |
|
316 \end{matharray} |
|
317 \noindent |
|
318 |
|
319 \medskip Some further operations address the extension aspect of a derived |
|
320 record scheme specifically: $fields$ produces a record fragment consisting of |
|
321 exactly the new fields introduced here (the result may serve as a more part |
|
322 elsewhere); $extend$ takes a fixed record and adds a given more part; |
|
323 $truncate$ restricts a record scheme to a fixed record. |
|
324 |
|
325 \begin{matharray}{lll} |
|
326 t{\dtt}fields & \ty & \vec\sigma \To \record{\vec c \ty \vec \sigma} \\ |
|
327 t{\dtt}extend & \ty & \record{\vec d \ty \vec \rho, \vec c \ty \vec\sigma} \To |
|
328 \zeta \To \record{\vec d \ty \vec \rho, \vec c \ty \vec\sigma, \more \ty \zeta} \\ |
|
329 t{\dtt}truncate & \ty & \record{\vec d \ty \vec \rho, \vec c \ty \vec\sigma, \more \ty \zeta} \To |
|
330 \record{\vec d \ty \vec \rho, \vec c \ty \vec\sigma} \\ |
|
331 \end{matharray} |
|
332 |
|
333 \noindent Note that $t{\dtt}make$ and $t{\dtt}fields$ are actually coincide for root records. |
|
334 |
|
335 |
|
336 \subsection{Derived rules and proof tools}\label{sec:hol-record-thms} |
|
337 |
|
338 The record package proves several results internally, declaring these facts to |
|
339 appropriate proof tools. This enables users to reason about record structures |
|
340 quite comfortably. Assume that $t$ is a record type as specified above. |
|
341 |
|
342 \begin{enumerate} |
|
343 |
|
344 \item Standard conversions for selectors or updates applied to record |
|
345 constructor terms are made part of the default Simplifier context; thus |
|
346 proofs by reduction of basic operations merely require the $simp$ method |
|
347 without further arguments. These rules are available as $t{\dtt}simps$. |
|
348 |
|
349 \item Selectors applied to updated records are automatically reduced by an |
|
350 internal simplification procedure, which is also part of the default |
|
351 Simplifier context. |
|
352 |
|
353 \item Inject equations of a form analogous to $((x, y) = (x', y')) \equiv x=x' |
|
354 \conj y=y'$ are declared to the Simplifier and Classical Reasoner as $iff$ |
|
355 rules. These rules are available as $t{\dtt}iffs$. |
|
356 |
|
357 \item The introduction rule for record equality analogous to $x~r = x~r' \Imp |
|
358 y~r = y~r' \Imp \dots \Imp r = r'$ is declared to the Simplifier, and as the |
|
359 basic rule context as ``$intro?$''. The rule is called $t{\dtt}equality$. |
|
360 |
|
361 \item Representations of arbitrary record expressions as canonical constructor |
|
362 terms are provided both in $cases$ and $induct$ format (cf.\ the generic |
|
363 proof methods of the same name, \S\ref{sec:cases-induct}). Several |
|
364 variations are available, for fixed records, record schemes, more parts etc. |
|
365 |
|
366 The generic proof methods are sufficiently smart to pick the most sensible |
|
367 rule according to the type of the indicated record expression: users just |
|
368 need to apply something like ``$(cases r)$'' to a certain proof problem. |
|
369 |
|
370 \item The derived record operations $t{\dtt}make$, $t{\dtt}fields$, |
|
371 $t{\dtt}extend$, $t{\dtt}truncate$ are \emph{not} treated automatically, but |
|
372 usually need to be expanded by hand, using the collective fact |
|
373 $t{\dtt}defs$. |
|
374 |
|
375 \end{enumerate} |
168 |
376 |
169 |
377 |
170 \subsection{Datatypes}\label{sec:hol-datatype} |
378 \subsection{Datatypes}\label{sec:hol-datatype} |
171 |
379 |
172 \indexisarcmdof{HOL}{datatype}\indexisarcmdof{HOL}{rep-datatype} |
380 \indexisarcmdof{HOL}{datatype}\indexisarcmdof{HOL}{rep-datatype} |
251 ; |
459 ; |
252 \end{rail} |
460 \end{rail} |
253 |
461 |
254 \begin{descr} |
462 \begin{descr} |
255 \item [$\isarkeyword{primrec}$] defines primitive recursive functions over |
463 \item [$\isarkeyword{primrec}$] defines primitive recursive functions over |
256 datatypes, see also \cite{isabelle-HOL}. |
464 datatypes, see also \cite{isabelle-HOL} FIXME. |
257 \item [$\isarkeyword{recdef}$] defines general well-founded recursive |
465 \item [$\isarkeyword{recdef}$] defines general well-founded recursive |
258 functions (using the TFL package), see also \cite{isabelle-HOL}. The |
466 functions (using the TFL package), see also \cite{isabelle-HOL} FIXME. The |
259 $(permissive)$ option tells TFL to recover from failed proof attempts, |
467 $(permissive)$ option tells TFL to recover from failed proof attempts, |
260 returning unfinished results. The $recdef_simp$, $recdef_cong$, and |
468 returning unfinished results. The $recdef_simp$, $recdef_cong$, and |
261 $recdef_wf$ hints refer to auxiliary rules to be used in the internal |
469 $recdef_wf$ hints refer to auxiliary rules to be used in the internal |
262 automated proof process of TFL. Additional $clasimpmod$ declarations (cf.\ |
470 automated proof process of TFL. Additional $clasimpmod$ declarations (cf.\ |
263 \S\ref{sec:clasimp}) may be given to tune the context of the Simplifier |
471 \S\ref{sec:clasimp}) may be given to tune the context of the Simplifier |
264 (cf.\ \S\ref{sec:simplifier}) and Classical reasoner (cf.\ |
472 (cf.\ \S\ref{sec:simplifier}) and Classical reasoner (cf.\ |
265 \S\ref{sec:classical}). |
473 \S\ref{sec:classical}). |
266 \item [$\isarkeyword{recdef_tc}~c~(i)$] recommences the proof for leftover |
474 \item [$\isarkeyword{recdef_tc}~c~(i)$] recommences the proof for leftover |
267 termination condition number $i$ (default $1$) as generated by a |
475 termination condition number $i$ (default $1$) as generated by a |
268 $\isarkeyword{recdef}$ definition of constant $c$. |
476 $\isarkeyword{recdef}$ definition of constant $c$. |
269 |
477 |
270 Note that in most cases, $\isarkeyword{recdef}$ is able to finish its |
478 Note that in most cases, $\isarkeyword{recdef}$ is able to finish its |
271 internal proofs without manual intervention. |
479 internal proofs without manual intervention. |
272 \end{descr} |
480 \end{descr} |
273 |
481 |
274 Both kinds of recursive definitions accommodate reasoning by induction (cf.\ |
482 Both kinds of recursive definitions accommodate reasoning by induction (cf.\ |
275 \S\ref{sec:cases-induct}): rule $c\mathord{.}induct$ (where $c$ is the name of |
483 \S\ref{sec:cases-induct}): rule $c\mathord{.}induct$ (where $c$ is the name of |
276 the function definition) refers to a specific induction rule, with parameters |
484 the function definition) refers to a specific induction rule, with parameters |
277 named according to the user-specified equations. Case names of |
485 named according to the user-specified equations. Case names of |
278 $\isarkeyword{primrec}$ are that of the datatypes involved, while those of |
486 $\isarkeyword{primrec}$ are that of the datatypes involved, while those of |
279 $\isarkeyword{recdef}$ are numbered (starting from $1$). |
487 $\isarkeyword{recdef}$ are numbered (starting from $1$). |