882 subsection {* Automated methods *} |
882 subsection {* Automated methods *} |
883 |
883 |
884 text {* |
884 text {* |
885 \begin{matharray}{rcl} |
885 \begin{matharray}{rcl} |
886 @{method_def blast} & : & @{text method} \\ |
886 @{method_def blast} & : & @{text method} \\ |
|
887 @{method_def auto} & : & @{text method} \\ |
|
888 @{method_def force} & : & @{text method} \\ |
887 @{method_def fast} & : & @{text method} \\ |
889 @{method_def fast} & : & @{text method} \\ |
888 @{method_def slow} & : & @{text method} \\ |
890 @{method_def slow} & : & @{text method} \\ |
889 @{method_def best} & : & @{text method} \\ |
891 @{method_def best} & : & @{text method} \\ |
890 @{method_def safe} & : & @{text method} \\ |
|
891 @{method_def clarify} & : & @{text method} \\ |
|
892 \end{matharray} |
|
893 |
|
894 @{rail " |
|
895 @@{method blast} @{syntax nat}? (@{syntax clamod} * ) |
|
896 ; |
|
897 (@@{method fast} | @@{method slow} | @@{method best} | @@{method safe} | @@{method clarify}) |
|
898 (@{syntax clamod} * ) |
|
899 ; |
|
900 |
|
901 @{syntax_def clamod}: |
|
902 (('intro' | 'elim' | 'dest') ('!' | () | '?') | 'del') ':' @{syntax thmrefs} |
|
903 "} |
|
904 |
|
905 \begin{description} |
|
906 |
|
907 \item @{method blast} refers to the classical tableau prover (see |
|
908 @{ML blast_tac} in \cite{isabelle-ref}). The optional argument |
|
909 specifies a user-supplied search bound (default 20). |
|
910 |
|
911 \item @{method fast}, @{method slow}, @{method best}, @{method |
|
912 safe}, and @{method clarify} refer to the generic classical |
|
913 reasoner. See @{ML fast_tac}, @{ML slow_tac}, @{ML best_tac}, @{ML |
|
914 safe_tac}, and @{ML clarify_tac} in \cite{isabelle-ref} for more |
|
915 information. |
|
916 |
|
917 \end{description} |
|
918 |
|
919 Any of the above methods support additional modifiers of the context |
|
920 of classical rules. Their semantics is analogous to the attributes |
|
921 given before. Facts provided by forward chaining are inserted into |
|
922 the goal before commencing proof search. |
|
923 *} |
|
924 |
|
925 |
|
926 subsection {* Combined automated methods \label{sec:clasimp} *} |
|
927 |
|
928 text {* |
|
929 \begin{matharray}{rcl} |
|
930 @{method_def auto} & : & @{text method} \\ |
|
931 @{method_def force} & : & @{text method} \\ |
|
932 @{method_def clarsimp} & : & @{text method} \\ |
|
933 @{method_def fastsimp} & : & @{text method} \\ |
892 @{method_def fastsimp} & : & @{text method} \\ |
934 @{method_def slowsimp} & : & @{text method} \\ |
893 @{method_def slowsimp} & : & @{text method} \\ |
935 @{method_def bestsimp} & : & @{text method} \\ |
894 @{method_def bestsimp} & : & @{text method} \\ |
936 \end{matharray} |
895 \end{matharray} |
937 |
896 |
938 @{rail " |
897 @{rail " |
|
898 @@{method blast} @{syntax nat}? (@{syntax clamod} * ) |
|
899 ; |
939 @@{method auto} (@{syntax nat} @{syntax nat})? (@{syntax clasimpmod} * ) |
900 @@{method auto} (@{syntax nat} @{syntax nat})? (@{syntax clasimpmod} * ) |
940 ; |
901 ; |
941 (@@{method force} | @@{method clarsimp} | @@{method fastsimp} | @@{method slowsimp} | |
902 @@{method force} (@{syntax clasimpmod} * ) |
942 @@{method bestsimp}) (@{syntax clasimpmod} * ) |
903 ; |
943 ; |
904 (@@{method fast} | @@{method slow} | @@{method best}) (@{syntax clamod} * ) |
944 |
905 ; |
|
906 (@@{method fastsimp} | @@{method slowsimp} | @@{method bestsimp}) |
|
907 (@{syntax clasimpmod} * ) |
|
908 ; |
|
909 @{syntax_def clamod}: |
|
910 (('intro' | 'elim' | 'dest') ('!' | () | '?') | 'del') ':' @{syntax thmrefs} |
|
911 ; |
945 @{syntax_def clasimpmod}: ('simp' (() | 'add' | 'del' | 'only') | |
912 @{syntax_def clasimpmod}: ('simp' (() | 'add' | 'del' | 'only') | |
946 ('cong' | 'split') (() | 'add' | 'del') | |
913 ('cong' | 'split') (() | 'add' | 'del') | |
947 'iff' (((() | 'add') '?'?) | 'del') | |
914 'iff' (((() | 'add') '?'?) | 'del') | |
948 (('intro' | 'elim' | 'dest') ('!' | () | '?') | 'del')) ':' @{syntax thmrefs} |
915 (('intro' | 'elim' | 'dest') ('!' | () | '?') | 'del')) ':' @{syntax thmrefs} |
949 "} |
916 "} |
950 |
917 |
951 \begin{description} |
918 \begin{description} |
952 |
919 |
953 \item @{method auto}, @{method force}, @{method clarsimp}, @{method |
920 \item @{method blast} is a separate classical tableau prover that |
954 fastsimp}, @{method slowsimp}, and @{method bestsimp} provide access |
921 uses the same classical rule declarations as explained before. |
955 to Isabelle's combined simplification and classical reasoning |
922 |
956 tactics. These correspond to @{ML auto_tac}, @{ML force_tac}, @{ML |
923 Proof search is coded directly in ML using special data structures. |
957 clarsimp_tac}, and Classical Reasoner tactics with the Simplifier |
924 A successful proof is then reconstructed using regular Isabelle |
958 added as wrapper, see \cite{isabelle-ref} for more information. The |
925 inferences. It is faster and more powerful than the other classical |
959 modifier arguments correspond to those given in |
926 reasoning tools, but has major limitations too. |
960 \secref{sec:simplifier} and \secref{sec:classical}. Just note that |
927 |
961 the ones related to the Simplifier are prefixed by @{text simp} |
928 \begin{itemize} |
962 here. |
929 |
963 |
930 \item It does not use the classical wrapper tacticals, such as the |
964 Facts provided by forward chaining are inserted into the goal before |
931 integration with the Simplifier of @{method fastsimp}. |
965 doing the search. |
932 |
|
933 \item It does not perform higher-order unification, as needed by the |
|
934 rule @{thm [source=false] rangeI} in HOL. There are often |
|
935 alternatives to such rules, for example @{thm [source=false] |
|
936 range_eqI}. |
|
937 |
|
938 \item Function variables may only be applied to parameters of the |
|
939 subgoal. (This restriction arises because the prover does not use |
|
940 higher-order unification.) If other function variables are present |
|
941 then the prover will fail with the message \texttt{Function Var's |
|
942 argument not a bound variable}. |
|
943 |
|
944 \item Its proof strategy is more general than @{method fast} but can |
|
945 be slower. If @{method blast} fails or seems to be running forever, |
|
946 try @{method fast} and the other proof tools described below. |
|
947 |
|
948 \end{itemize} |
|
949 |
|
950 The optional integer argument specifies a bound for the number of |
|
951 unsafe steps used in a proof. By default, @{method blast} starts |
|
952 with a bound of 0 and increases it successively to 20. In contrast, |
|
953 @{text "(blast lim)"} tries to prove the goal using a search bound |
|
954 of @{text "lim"}. Sometimes a slow proof using @{method blast} can |
|
955 be made much faster by supplying the successful search bound to this |
|
956 proof method instead. |
|
957 |
|
958 \item @{method auto} combines classical reasoning with |
|
959 simplification. It is intended for situations where there are a lot |
|
960 of mostly trivial subgoals; it proves all the easy ones, leaving the |
|
961 ones it cannot prove. Occasionally, attempting to prove the hard |
|
962 ones may take a long time. |
|
963 |
|
964 %FIXME auto nat arguments |
|
965 |
|
966 \item @{method force} is intended to prove the first subgoal |
|
967 completely, using many fancy proof tools and performing a rather |
|
968 exhaustive search. As a result, proof attempts may take rather long |
|
969 or diverge easily. |
|
970 |
|
971 \item @{method fast}, @{method best}, @{method slow} attempt to |
|
972 prove the first subgoal using sequent-style reasoning as explained |
|
973 before. Unlike @{method blast}, they construct proofs directly in |
|
974 Isabelle. |
|
975 |
|
976 There is a difference in search strategy and back-tracking: @{method |
|
977 fast} uses depth-first search and @{method best} uses best-first |
|
978 search (guided by a heuristic function: normally the total size of |
|
979 the proof state). |
|
980 |
|
981 Method @{method slow} is like @{method fast}, but conducts a broader |
|
982 search: it may, when backtracking from a failed proof attempt, undo |
|
983 even the step of proving a subgoal by assumption. |
|
984 |
|
985 \item @{method fastsimp}, @{method slowsimp}, @{method bestsimp} are |
|
986 like @{method fast}, @{method slow}, @{method best}, respectively, |
|
987 but use the Simplifier as additional wrapper. |
|
988 |
|
989 \end{description} |
|
990 |
|
991 Any of the above methods support additional modifiers of the context |
|
992 of classical (and simplifier) rules, but the ones related to the |
|
993 Simplifier are explicitly prefixed by @{text simp} here. The |
|
994 semantics of these ad-hoc rule declarations is analogous to the |
|
995 attributes given before. Facts provided by forward chaining are |
|
996 inserted into the goal before commencing proof search. |
|
997 *} |
|
998 |
|
999 |
|
1000 subsection {* Semi-automated methods *} |
|
1001 |
|
1002 text {* These proof methods may help in situations when the |
|
1003 fully-automated tools fail. The result is a simpler subgoal that |
|
1004 can be tackled by other means, such as by manual instantiation of |
|
1005 quantifiers. |
|
1006 |
|
1007 \begin{matharray}{rcl} |
|
1008 @{method_def safe} & : & @{text method} \\ |
|
1009 @{method_def clarify} & : & @{text method} \\ |
|
1010 @{method_def clarsimp} & : & @{text method} \\ |
|
1011 \end{matharray} |
|
1012 |
|
1013 @{rail " |
|
1014 (@@{method safe} | @@{method clarify}) (@{syntax clamod} * ) |
|
1015 ; |
|
1016 @@{method clarsimp} (@{syntax clasimpmod} * ) |
|
1017 "} |
|
1018 |
|
1019 \begin{description} |
|
1020 |
|
1021 \item @{method safe} repeatedly performs safe steps on all subgoals. |
|
1022 It is deterministic, with at most one outcome. |
|
1023 |
|
1024 \item @{method clarify} performs a series of safe steps as follows. |
|
1025 |
|
1026 No splitting step is applied; for example, the subgoal @{text "A \<and> |
|
1027 B"} is left as a conjunction. Proof by assumption, Modus Ponens, |
|
1028 etc., may be performed provided they do not instantiate unknowns. |
|
1029 Assumptions of the form @{text "x = t"} may be eliminated. The safe |
|
1030 wrapper tactical is applied. |
|
1031 |
|
1032 \item @{method clarsimp} acts like @{method clarify}, but also does |
|
1033 simplification. Note that if the Simplifier context includes a |
|
1034 splitter for the premises, the subgoal may still be split. |
966 |
1035 |
967 \end{description} |
1036 \end{description} |
968 *} |
1037 *} |
969 |
1038 |
970 |
1039 |