907 \end{figure} |
907 \end{figure} |
908 |
908 |
909 |
909 |
910 \begin{figure} |
910 \begin{figure} |
911 \begin{ttbox} |
911 \begin{ttbox} |
912 \tdx{lamI} a:A ==> <a,b(a)> : (lam x:A. b(x)) |
912 \tdx{lamI} a:A ==> <a,b(a)> : (lam x:A. b(x)) |
913 \tdx{lamE} [| p: (lam x:A. b(x)); !!x.[| x:A; p=<x,b(x)> |] ==> P |
913 \tdx{lamE} [| p: (lam x:A. b(x)); !!x.[| x:A; p=<x,b(x)> |] ==> P |
914 |] ==> P |
914 |] ==> P |
915 |
915 |
916 \tdx{lam_type} [| !!x. x:A ==> b(x): B(x) |] ==> (lam x:A. b(x)) : Pi(A,B) |
916 \tdx{lam_type} [| !!x. x:A ==> b(x): B(x) |] ==> (lam x:A. b(x)) : Pi(A,B) |
917 |
917 |
918 \tdx{beta} a : A ==> (lam x:A. b(x)) ` a = b(a) |
918 \tdx{beta} a : A ==> (lam x:A. b(x)) ` a = b(a) |
919 \tdx{eta} f : Pi(A,B) ==> (lam x:A. f`x) = f |
919 \tdx{eta} f : Pi(A,B) ==> (lam x:A. f`x) = f |
920 \end{ttbox} |
920 \end{ttbox} |
921 \caption{$\lambda$-abstraction} \label{zf-lam} |
921 \caption{$\lambda$-abstraction} \label{zf-lam} |
922 \end{figure} |
922 \end{figure} |
923 |
923 |
924 |
924 |
1261 |
1261 |
1262 \begin{ttbox} |
1262 \begin{ttbox} |
1263 \tdx{nat_def} nat == lfp(lam r: Pow(Inf). {\ttlbrace}0{\ttrbrace} Un {\ttlbrace}succ(x). x:r{\ttrbrace} |
1263 \tdx{nat_def} nat == lfp(lam r: Pow(Inf). {\ttlbrace}0{\ttrbrace} Un {\ttlbrace}succ(x). x:r{\ttrbrace} |
1264 |
1264 |
1265 \tdx{mod_def} m mod n == transrec(m, \%j f. if j:n then j else f`(j#-n)) |
1265 \tdx{mod_def} m mod n == transrec(m, \%j f. if j:n then j else f`(j#-n)) |
1266 \tdx{div_def} m div n == transrec(m, \%j f. if j:n then 0 else succ(f`(j#-n))) |
1266 \tdx{div_def} m div n == transrec(m, \%j f. if j:n then 0 |
|
1267 else succ(f`(j#-n))) |
1267 |
1268 |
1268 \tdx{nat_case_def} nat_case(a,b,k) == |
1269 \tdx{nat_case_def} nat_case(a,b,k) == |
1269 THE y. k=0 & y=a | (EX x. k=succ(x) & y=b(x)) |
1270 THE y. k=0 & y=a | (EX x. k=succ(x) & y=b(x)) |
1270 |
1271 |
1271 \tdx{nat_0I} 0 : nat |
1272 \tdx{nat_0I} 0 : nat |
1283 |
1284 |
1284 \tdx{mult_type} [| m:nat; n:nat |] ==> m #* n : nat |
1285 \tdx{mult_type} [| m:nat; n:nat |] ==> m #* n : nat |
1285 \tdx{mult_0} 0 #* n = 0 |
1286 \tdx{mult_0} 0 #* n = 0 |
1286 \tdx{mult_succ} succ(m) #* n = n #+ (m #* n) |
1287 \tdx{mult_succ} succ(m) #* n = n #+ (m #* n) |
1287 \tdx{mult_commute} [| m:nat; n:nat |] ==> m #* n = n #* m |
1288 \tdx{mult_commute} [| m:nat; n:nat |] ==> m #* n = n #* m |
1288 \tdx{add_mult_dist} [| m:nat; k:nat |] ==> (m #+ n) #* k = (m #* k){\thinspace}#+{\thinspace}(n #* k) |
1289 \tdx{add_mult_dist} [| m:nat; k:nat |] ==> |
|
1290 (m #+ n) #* k = (m #* k) #+ (n #* k) |
1289 \tdx{mult_assoc} |
1291 \tdx{mult_assoc} |
1290 [| m:nat; n:nat; k:nat |] ==> (m #* n) #* k = m #* (n #* k) |
1292 [| m:nat; n:nat; k:nat |] ==> (m #* n) #* k = m #* (n #* k) |
1291 \tdx{mod_quo_equality} |
1293 \tdx{mod_quo_equality} |
1292 [| 0:n; m:nat; n:nat |] ==> (m div n)#*n #+ m mod n = m |
1294 [| 0:n; m:nat; n:nat |] ==> (m div n)#*n #+ m mod n = m |
1293 \end{ttbox} |
1295 \end{ttbox} |
1450 |
1452 |
1451 Isabelle/{\ZF} provides simple tactics to help automate those proofs that are |
1453 Isabelle/{\ZF} provides simple tactics to help automate those proofs that are |
1452 essentially type-checking. Such proofs are built by applying rules such as |
1454 essentially type-checking. Such proofs are built by applying rules such as |
1453 these: |
1455 these: |
1454 \begin{ttbox} |
1456 \begin{ttbox} |
1455 [| ?P ==> ?a : ?A; ~ ?P ==> ?b : ?A |] ==> (if ?P then ?a else ?b) : ?A |
1457 [| ?P ==> ?a: ?A; ~?P ==> ?b: ?A |] ==> (if ?P then ?a else ?b): ?A |
1456 |
1458 |
1457 [| ?m : nat; ?n : nat |] ==> ?m #+ ?n : nat |
1459 [| ?m : nat; ?n : nat |] ==> ?m #+ ?n : nat |
1458 |
1460 |
1459 ?a : ?A ==> Inl(?a) : ?A + ?B |
1461 ?a : ?A ==> Inl(?a) : ?A + ?B |
1460 \end{ttbox} |
1462 \end{ttbox} |
1623 \texttt{TF}. The rule \texttt{tree_forest.induct} performs induction over a |
1625 \texttt{TF}. The rule \texttt{tree_forest.induct} performs induction over a |
1624 single predicate~\texttt{P}, which is presumed to be defined for both trees |
1626 single predicate~\texttt{P}, which is presumed to be defined for both trees |
1625 and forests: |
1627 and forests: |
1626 \begin{ttbox} |
1628 \begin{ttbox} |
1627 [| x : tree_forest(A); |
1629 [| x : tree_forest(A); |
1628 !!a f. [| a : A; f : forest(A); P(f) |] ==> P(Tcons(a, f)); P(Fnil); |
1630 !!a f. [| a : A; f : forest(A); P(f) |] ==> P(Tcons(a, f)); |
|
1631 P(Fnil); |
1629 !!f t. [| t : tree(A); P(t); f : forest(A); P(f) |] |
1632 !!f t. [| t : tree(A); P(t); f : forest(A); P(f) |] |
1630 ==> P(Fcons(t, f)) |
1633 ==> P(Fcons(t, f)) |
1631 |] ==> P(x) |
1634 |] ==> P(x) |
1632 \end{ttbox} |
1635 \end{ttbox} |
1633 The rule \texttt{tree_forest.mutual_induct} performs induction over two |
1636 The rule \texttt{tree_forest.mutual_induct} performs induction over two |
1645 For datatypes with nested recursion, such as the \texttt{term} example from |
1648 For datatypes with nested recursion, such as the \texttt{term} example from |
1646 above, things are a bit more complicated. The rule \texttt{term.induct} |
1649 above, things are a bit more complicated. The rule \texttt{term.induct} |
1647 refers to the monotonic operator, \texttt{list}: |
1650 refers to the monotonic operator, \texttt{list}: |
1648 \begin{ttbox} |
1651 \begin{ttbox} |
1649 [| x : term(A); |
1652 [| x : term(A); |
1650 !!a l. [| a : A; l : list(Collect(term(A), P)) |] ==> P(Apply(a, l)) |
1653 !!a l. [| a: A; l: list(Collect(term(A), P)) |] ==> P(Apply(a, l)) |
1651 |] ==> P(x) |
1654 |] ==> P(x) |
1652 \end{ttbox} |
1655 \end{ttbox} |
1653 The file \texttt{ex/Term.ML} derives two higher-level induction rules, one of |
1656 The file \texttt{ex/Term.ML} derives two higher-level induction rules, one of |
1654 which is particularly useful for proving equations: |
1657 which is particularly useful for proving equations: |
1655 \begin{ttbox} |
1658 \begin{ttbox} |
1795 by (induct_tac "l" 1); |
1798 by (induct_tac "l" 1); |
1796 {\out Level 1} |
1799 {\out Level 1} |
1797 {\out l : bt(A) ==> ALL x r. Br(x, l, r) ~= l} |
1800 {\out l : bt(A) ==> ALL x r. Br(x, l, r) ~= l} |
1798 {\out 1. ALL x r. Br(x, Lf, r) ~= Lf} |
1801 {\out 1. ALL x r. Br(x, Lf, r) ~= Lf} |
1799 {\out 2. !!a t1 t2.} |
1802 {\out 2. !!a t1 t2.} |
1800 {\out [| a : A; t1 : bt(A); ALL x r. Br(x, t1, r) ~= t1; t2 : bt(A);} |
1803 {\out [| a : A; t1 : bt(A);} |
|
1804 {\out ALL x r. Br(x, t1, r) ~= t1; t2 : bt(A);} |
1801 {\out ALL x r. Br(x, t2, r) ~= t2 |]} |
1805 {\out ALL x r. Br(x, t2, r) ~= t2 |]} |
1802 {\out ==> ALL x r. Br(x, Br(a, t1, t2), r) ~= Br(a, t1, t2)} |
1806 {\out ==> ALL x r. Br(x, Br(a, t1, t2), r) ~= Br(a, t1, t2)} |
1803 \end{ttbox} |
1807 \end{ttbox} |
1804 Both subgoals are proved using \texttt{Auto_tac}, which performs the necessary |
1808 Both subgoals are proved using \texttt{Auto_tac}, which performs the necessary |
1805 freeness reasoning. |
1809 freeness reasoning. |
1818 |
1822 |
1819 When there are only a few constructors, we might prefer to prove the freenness |
1823 When there are only a few constructors, we might prefer to prove the freenness |
1820 theorems for each constructor. This is trivial, using the function given us |
1824 theorems for each constructor. This is trivial, using the function given us |
1821 for that purpose: |
1825 for that purpose: |
1822 \begin{ttbox} |
1826 \begin{ttbox} |
1823 val Br_iff = bt.mk_free "Br(a,l,r)=Br(a',l',r') <-> a=a' & l=l' & r=r'"; |
1827 val Br_iff = |
|
1828 bt.mk_free "Br(a,l,r)=Br(a',l',r') <-> a=a' & l=l' & r=r'"; |
1824 {\out val Br_iff =} |
1829 {\out val Br_iff =} |
1825 {\out "Br(?a, ?l, ?r) = Br(?a', ?l', ?r') <->} |
1830 {\out "Br(?a, ?l, ?r) = Br(?a', ?l', ?r') <->} |
1826 {\out ?a = ?a' & ?l = ?l' & ?r = ?r'" : thm} |
1831 {\out ?a = ?a' & ?l = ?l' & ?r = ?r'" : thm} |
1827 \end{ttbox} |
1832 \end{ttbox} |
1828 |
1833 |
1832 information from the premise $\texttt{Br}(a,l,r)\in\texttt{bt}(A)$: |
1837 information from the premise $\texttt{Br}(a,l,r)\in\texttt{bt}(A)$: |
1833 \begin{ttbox} |
1838 \begin{ttbox} |
1834 val BrE = bt.mk_cases "Br(a,l,r) : bt(A)"; |
1839 val BrE = bt.mk_cases "Br(a,l,r) : bt(A)"; |
1835 {\out val BrE =} |
1840 {\out val BrE =} |
1836 {\out "[| Br(?a, ?l, ?r) : bt(?A);} |
1841 {\out "[| Br(?a, ?l, ?r) : bt(?A);} |
1837 {\out [| ?a : ?A; ?l : bt(?A); ?r : bt(?A) |] ==> ?Q |] ==> ?Q" : thm} |
1842 {\out [| ?a : ?A; ?l : bt(?A); ?r : bt(?A) |] ==> ?Q |]} |
|
1843 {\out ==> ?Q" : thm} |
1838 \end{ttbox} |
1844 \end{ttbox} |
1839 |
1845 |
1840 |
1846 |
1841 \subsubsection{Mixfix syntax in datatypes} |
1847 \subsubsection{Mixfix syntax in datatypes} |
1842 |
1848 |
2019 con_defs {\it constructor definitions} |
2025 con_defs {\it constructor definitions} |
2020 type_intrs {\it introduction rules for type-checking} |
2026 type_intrs {\it introduction rules for type-checking} |
2021 type_elims {\it elimination rules for type-checking} |
2027 type_elims {\it elimination rules for type-checking} |
2022 \end{ttbox} |
2028 \end{ttbox} |
2023 A coinductive definition is identical, but starts with the keyword |
2029 A coinductive definition is identical, but starts with the keyword |
2024 {\tt coinductive}. |
2030 {\tt co\-inductive}. |
2025 |
2031 |
2026 The {\tt monos}, {\tt con\_defs}, {\tt type\_intrs} and {\tt type\_elims} |
2032 The {\tt monos}, {\tt con\_defs}, {\tt type\_intrs} and {\tt type\_elims} |
2027 sections are optional. If present, each is specified either as a list of |
2033 sections are optional. If present, each is specified either as a list of |
2028 identifiers or as a string. If the latter, then the string must be a valid |
2034 identifiers or as a string. If the latter, then the string must be a valid |
2029 \textsc{ml} expression of type {\tt thm list}. The string is simply inserted |
2035 \textsc{ml} expression of type {\tt thm list}. The string is simply inserted |
2030 into the {\tt _thy.ML} file; if it is ill-formed, it will trigger \textsc{ml} |
2036 into the {\tt _thy.ML} file; if it is ill-formed, it will trigger \textsc{ml} |
2031 error messages. You can then inspect the file on the temporary directory. |
2037 error messages. You can then inspect the file on the temporary directory. |
2032 |
2038 |
2033 \begin{description} |
2039 \begin{description} |
2034 \item[\it domain declarations] consist of one or more items of the form |
2040 \item[\it domain declarations] are items of the form |
2035 {\it string\/}~{\tt <=}~{\it string}, associating each recursive set with |
2041 {\it string\/}~{\tt <=}~{\it string}, associating each recursive set with |
2036 its domain. (The domain is some existing set that is large enough to |
2042 its domain. (The domain is some existing set that is large enough to |
2037 hold the new set being defined.) |
2043 hold the new set being defined.) |
2038 |
2044 |
2039 \item[\it introduction rules] specify one or more introduction rules in |
2045 \item[\it introduction rules] specify one or more introduction rules in |