|
1 theory Spec |
|
2 imports Base Main |
|
3 begin |
|
4 |
|
5 chapter {* Specifications *} |
|
6 |
|
7 text {* |
|
8 The Isabelle/Isar theory format integrates specifications and |
|
9 proofs, supporting interactive development with unlimited undo |
|
10 operation. There is an integrated document preparation system (see |
|
11 \chref{ch:document-prep}), for typesetting formal developments |
|
12 together with informal text. The resulting hyper-linked PDF |
|
13 documents can be used both for WWW presentation and printed copies. |
|
14 |
|
15 The Isar proof language (see \chref{ch:proofs}) is embedded into the |
|
16 theory language as a proper sub-language. Proof mode is entered by |
|
17 stating some @{command theorem} or @{command lemma} at the theory |
|
18 level, and left again with the final conclusion (e.g.\ via @{command |
|
19 qed}). Some theory specification mechanisms also require a proof, |
|
20 such as @{command typedef} in HOL, which demands non-emptiness of |
|
21 the representing sets. |
|
22 *} |
|
23 |
|
24 |
|
25 section {* Defining theories \label{sec:begin-thy} *} |
|
26 |
|
27 text {* |
|
28 \begin{matharray}{rcl} |
|
29 @{command_def "theory"} & : & @{text "toplevel \<rightarrow> theory"} \\ |
|
30 @{command_def (global) "end"} & : & @{text "theory \<rightarrow> toplevel"} \\ |
|
31 \end{matharray} |
|
32 |
|
33 Isabelle/Isar theories are defined via theory files, which may |
|
34 contain both specifications and proofs; occasionally definitional |
|
35 mechanisms also require some explicit proof. The theory body may be |
|
36 sub-structured by means of \emph{local theory targets}, such as |
|
37 @{command "locale"} and @{command "class"}. |
|
38 |
|
39 The first proper command of a theory is @{command "theory"}, which |
|
40 indicates imports of previous theories and optional dependencies on |
|
41 other source files (usually in ML). Just preceding the initial |
|
42 @{command "theory"} command there may be an optional @{command |
|
43 "header"} declaration, which is only relevant to document |
|
44 preparation: see also the other section markup commands in |
|
45 \secref{sec:markup}. |
|
46 |
|
47 A theory is concluded by a final @{command (global) "end"} command, |
|
48 one that does not belong to a local theory target. No further |
|
49 commands may follow such a global @{command (global) "end"}, |
|
50 although some user-interfaces might pretend that trailing input is |
|
51 admissible. |
|
52 |
|
53 @{rail " |
|
54 @@{command theory} @{syntax name} imports \\ keywords? uses? @'begin' |
|
55 ; |
|
56 imports: @'imports' (@{syntax name} +) |
|
57 ; |
|
58 keywords: @'keywords' ((@{syntax string} +) ('::' @{syntax name} @{syntax tags})? + @'and') |
|
59 ; |
|
60 uses: @'uses' ((@{syntax name} | @{syntax parname}) +) |
|
61 "} |
|
62 |
|
63 \begin{description} |
|
64 |
|
65 \item @{command "theory"}~@{text "A \<IMPORTS> B\<^sub>1 \<dots> B\<^sub>n \<BEGIN>"} |
|
66 starts a new theory @{text A} based on the merge of existing |
|
67 theories @{text "B\<^sub>1 \<dots> B\<^sub>n"}. Due to the possibility to import more |
|
68 than one ancestor, the resulting theory structure of an Isabelle |
|
69 session forms a directed acyclic graph (DAG). Isabelle takes care |
|
70 that sources contributing to the development graph are always |
|
71 up-to-date: changed files are automatically rechecked whenever a |
|
72 theory header specification is processed. |
|
73 |
|
74 The optional @{keyword_def "keywords"} specification declares outer |
|
75 syntax (\chref{ch:outer-syntax}) that is introduced in this theory |
|
76 later on (rare in end-user applications). Both minor keywords and |
|
77 major keywords of the Isar command language need to be specified, in |
|
78 order to make parsing of proof documents work properly. Command |
|
79 keywords need to be classified according to their structural role in |
|
80 the formal text. Examples may be seen in Isabelle/HOL sources |
|
81 itself, such as @{keyword "keywords"}~@{verbatim "\"typedef\""} |
|
82 @{text ":: thy_goal"} or @{keyword "keywords"}~@{verbatim |
|
83 "\"datatype\""} @{text ":: thy_decl"} for theory-level declarations |
|
84 with and without proof, respectively. Additional @{syntax tags} |
|
85 provide defaults for document preparation (\secref{sec:tags}). |
|
86 |
|
87 The optional @{keyword_def "uses"} specification declares additional |
|
88 dependencies on external files (notably ML sources). Files will be |
|
89 loaded immediately (as ML), unless the name is parenthesized. The |
|
90 latter case records a dependency that needs to be resolved later in |
|
91 the text, usually via explicit @{command_ref "use"} for ML files; |
|
92 other file formats require specific load commands defined by the |
|
93 corresponding tools or packages. |
|
94 |
|
95 \item @{command (global) "end"} concludes the current theory |
|
96 definition. Note that some other commands, e.g.\ local theory |
|
97 targets @{command locale} or @{command class} may involve a |
|
98 @{keyword "begin"} that needs to be matched by @{command (local) |
|
99 "end"}, according to the usual rules for nested blocks. |
|
100 |
|
101 \end{description} |
|
102 *} |
|
103 |
|
104 |
|
105 section {* Local theory targets \label{sec:target} *} |
|
106 |
|
107 text {* |
|
108 \begin{matharray}{rcll} |
|
109 @{command_def "context"} & : & @{text "theory \<rightarrow> local_theory"} \\ |
|
110 @{command_def (local) "end"} & : & @{text "local_theory \<rightarrow> theory"} \\ |
|
111 \end{matharray} |
|
112 |
|
113 A local theory target is a context managed separately within the |
|
114 enclosing theory. Contexts may introduce parameters (fixed |
|
115 variables) and assumptions (hypotheses). Definitions and theorems |
|
116 depending on the context may be added incrementally later on. |
|
117 |
|
118 \emph{Named contexts} refer to locales (cf.\ \secref{sec:locale}) or |
|
119 type classes (cf.\ \secref{sec:class}); the name ``@{text "-"}'' |
|
120 signifies the global theory context. |
|
121 |
|
122 \emph{Unnamed contexts} may introduce additional parameters and |
|
123 assumptions, and results produced in the context are generalized |
|
124 accordingly. Such auxiliary contexts may be nested within other |
|
125 targets, like @{command "locale"}, @{command "class"}, @{command |
|
126 "instantiation"}, @{command "overloading"}. |
|
127 |
|
128 @{rail " |
|
129 @@{command context} @{syntax nameref} @'begin' |
|
130 ; |
|
131 @@{command context} @{syntax_ref \"includes\"}? (@{syntax context_elem} * ) @'begin' |
|
132 ; |
|
133 @{syntax_def target}: '(' @'in' @{syntax nameref} ')' |
|
134 "} |
|
135 |
|
136 \begin{description} |
|
137 |
|
138 \item @{command "context"}~@{text "c \<BEGIN>"} opens a named |
|
139 context, by recommencing an existing locale or class @{text c}. |
|
140 Note that locale and class definitions allow to include the |
|
141 @{keyword "begin"} keyword as well, in order to continue the local |
|
142 theory immediately after the initial specification. |
|
143 |
|
144 \item @{command "context"}~@{text "bundles elements \<BEGIN>"} opens |
|
145 an unnamed context, by extending the enclosing global or local |
|
146 theory target by the given declaration bundles (\secref{sec:bundle}) |
|
147 and context elements (@{text "\<FIXES>"}, @{text "\<ASSUMES>"} |
|
148 etc.). This means any results stemming from definitions and proofs |
|
149 in the extended context will be exported into the enclosing target |
|
150 by lifting over extra parameters and premises. |
|
151 |
|
152 \item @{command (local) "end"} concludes the current local theory, |
|
153 according to the nesting of contexts. Note that a global @{command |
|
154 (global) "end"} has a different meaning: it concludes the theory |
|
155 itself (\secref{sec:begin-thy}). |
|
156 |
|
157 \item @{text "("}@{keyword_def "in"}~@{text "c)"} given after any |
|
158 local theory command specifies an immediate target, e.g.\ |
|
159 ``@{command "definition"}~@{text "(\<IN> c) \<dots>"}'' or ``@{command |
|
160 "theorem"}~@{text "(\<IN> c) \<dots>"}''. This works both in a local or |
|
161 global theory context; the current target context will be suspended |
|
162 for this command only. Note that ``@{text "(\<IN> -)"}'' will |
|
163 always produce a global result independently of the current target |
|
164 context. |
|
165 |
|
166 \end{description} |
|
167 |
|
168 The exact meaning of results produced within a local theory context |
|
169 depends on the underlying target infrastructure (locale, type class |
|
170 etc.). The general idea is as follows, considering a context named |
|
171 @{text c} with parameter @{text x} and assumption @{text "A[x]"}. |
|
172 |
|
173 Definitions are exported by introducing a global version with |
|
174 additional arguments; a syntactic abbreviation links the long form |
|
175 with the abstract version of the target context. For example, |
|
176 @{text "a \<equiv> t[x]"} becomes @{text "c.a ?x \<equiv> t[?x]"} at the theory |
|
177 level (for arbitrary @{text "?x"}), together with a local |
|
178 abbreviation @{text "c \<equiv> c.a x"} in the target context (for the |
|
179 fixed parameter @{text x}). |
|
180 |
|
181 Theorems are exported by discharging the assumptions and |
|
182 generalizing the parameters of the context. For example, @{text "a: |
|
183 B[x]"} becomes @{text "c.a: A[?x] \<Longrightarrow> B[?x]"}, again for arbitrary |
|
184 @{text "?x"}. |
|
185 |
|
186 \medskip The Isabelle/HOL library contains numerous applications of |
|
187 locales and classes, e.g.\ see @{file "~~/src/HOL/Algebra"}. An |
|
188 example for an unnamed auxiliary contexts is given in @{file |
|
189 "~~/src/HOL/Isar_Examples/Group_Context.thy"}. *} |
|
190 |
|
191 |
|
192 section {* Bundled declarations \label{sec:bundle} *} |
|
193 |
|
194 text {* |
|
195 \begin{matharray}{rcl} |
|
196 @{command_def "bundle"} & : & @{text "local_theory \<rightarrow> local_theory"} \\ |
|
197 @{command_def "print_bundles"}@{text "\<^sup>*"} & : & @{text "context \<rightarrow> "} \\ |
|
198 @{command_def "include"} & : & @{text "proof(state) \<rightarrow> proof(state)"} \\ |
|
199 @{command_def "including"} & : & @{text "proof(prove) \<rightarrow> proof(prove)"} \\ |
|
200 @{keyword_def "includes"} & : & syntax \\ |
|
201 \end{matharray} |
|
202 |
|
203 The outer syntax of fact expressions (\secref{sec:syn-att}) involves |
|
204 theorems and attributes, which are evaluated in the context and |
|
205 applied to it. Attributes may declare theorems to the context, as |
|
206 in @{text "this_rule [intro] that_rule [elim]"} for example. |
|
207 Configuration options (\secref{sec:config}) are special declaration |
|
208 attributes that operate on the context without a theorem, as in |
|
209 @{text "[[show_types = false]]"} for example. |
|
210 |
|
211 Expressions of this form may be defined as \emph{bundled |
|
212 declarations} in the context, and included in other situations later |
|
213 on. Including declaration bundles augments a local context casually |
|
214 without logical dependencies, which is in contrast to locales and |
|
215 locale interpretation (\secref{sec:locale}). |
|
216 |
|
217 @{rail " |
|
218 @@{command bundle} @{syntax target}? \\ |
|
219 @{syntax name} '=' @{syntax thmrefs} (@'for' (@{syntax vars} + @'and'))? |
|
220 ; |
|
221 (@@{command include} | @@{command including}) (@{syntax nameref}+) |
|
222 ; |
|
223 @{syntax_def \"includes\"}: @'includes' (@{syntax nameref}+) |
|
224 "} |
|
225 |
|
226 \begin{description} |
|
227 |
|
228 \item @{command bundle}~@{text "b = decls"} defines a bundle of |
|
229 declarations in the current context. The RHS is similar to the one |
|
230 of the @{command declare} command. Bundles defined in local theory |
|
231 targets are subject to transformations via morphisms, when moved |
|
232 into different application contexts; this works analogously to any |
|
233 other local theory specification. |
|
234 |
|
235 \item @{command print_bundles} prints the named bundles that are |
|
236 available in the current context. |
|
237 |
|
238 \item @{command include}~@{text "b\<^sub>1 \<dots> b\<^sub>n"} includes the declarations |
|
239 from the given bundles into the current proof body context. This is |
|
240 analogous to @{command "note"} (\secref{sec:proof-facts}) with the |
|
241 expanded bundles. |
|
242 |
|
243 \item @{command including} is similar to @{command include}, but |
|
244 works in proof refinement (backward mode). This is analogous to |
|
245 @{command "using"} (\secref{sec:proof-facts}) with the expanded |
|
246 bundles. |
|
247 |
|
248 \item @{keyword "includes"}~@{text "b\<^sub>1 \<dots> b\<^sub>n"} is similar to |
|
249 @{command include}, but works in situations where a specification |
|
250 context is constructed, notably for @{command context} and long |
|
251 statements of @{command theorem} etc. |
|
252 |
|
253 \end{description} |
|
254 |
|
255 Here is an artificial example of bundling various configuration |
|
256 options: *} |
|
257 |
|
258 bundle trace = [[simp_trace, blast_trace, linarith_trace, metis_trace, smt_trace]] |
|
259 |
|
260 lemma "x = x" |
|
261 including trace by metis |
|
262 |
|
263 |
|
264 section {* Basic specification elements *} |
|
265 |
|
266 text {* |
|
267 \begin{matharray}{rcll} |
|
268 @{command_def "axiomatization"} & : & @{text "theory \<rightarrow> theory"} & (axiomatic!) \\ |
|
269 @{command_def "definition"} & : & @{text "local_theory \<rightarrow> local_theory"} \\ |
|
270 @{attribute_def "defn"} & : & @{text attribute} \\ |
|
271 @{command_def "abbreviation"} & : & @{text "local_theory \<rightarrow> local_theory"} \\ |
|
272 @{command_def "print_abbrevs"}@{text "\<^sup>*"} & : & @{text "context \<rightarrow> "} \\ |
|
273 \end{matharray} |
|
274 |
|
275 These specification mechanisms provide a slightly more abstract view |
|
276 than the underlying primitives of @{command "consts"}, @{command |
|
277 "defs"} (see \secref{sec:consts}), and @{command "axioms"} (see |
|
278 \secref{sec:axms-thms}). In particular, type-inference is commonly |
|
279 available, and result names need not be given. |
|
280 |
|
281 @{rail " |
|
282 @@{command axiomatization} @{syntax \"fixes\"}? (@'where' specs)? |
|
283 ; |
|
284 @@{command definition} @{syntax target}? \\ |
|
285 (decl @'where')? @{syntax thmdecl}? @{syntax prop} |
|
286 ; |
|
287 @@{command abbreviation} @{syntax target}? @{syntax mode}? \\ |
|
288 (decl @'where')? @{syntax prop} |
|
289 ; |
|
290 |
|
291 @{syntax_def \"fixes\"}: ((@{syntax name} ('::' @{syntax type})? |
|
292 @{syntax mixfix}? | @{syntax vars}) + @'and') |
|
293 ; |
|
294 specs: (@{syntax thmdecl}? @{syntax props} + @'and') |
|
295 ; |
|
296 decl: @{syntax name} ('::' @{syntax type})? @{syntax mixfix}? |
|
297 "} |
|
298 |
|
299 \begin{description} |
|
300 |
|
301 \item @{command "axiomatization"}~@{text "c\<^sub>1 \<dots> c\<^sub>m \<WHERE> \<phi>\<^sub>1 \<dots> \<phi>\<^sub>n"} |
|
302 introduces several constants simultaneously and states axiomatic |
|
303 properties for these. The constants are marked as being specified |
|
304 once and for all, which prevents additional specifications being |
|
305 issued later on. |
|
306 |
|
307 Note that axiomatic specifications are only appropriate when |
|
308 declaring a new logical system; axiomatic specifications are |
|
309 restricted to global theory contexts. Normal applications should |
|
310 only use definitional mechanisms! |
|
311 |
|
312 \item @{command "definition"}~@{text "c \<WHERE> eq"} produces an |
|
313 internal definition @{text "c \<equiv> t"} according to the specification |
|
314 given as @{text eq}, which is then turned into a proven fact. The |
|
315 given proposition may deviate from internal meta-level equality |
|
316 according to the rewrite rules declared as @{attribute defn} by the |
|
317 object-logic. This usually covers object-level equality @{text "x = |
|
318 y"} and equivalence @{text "A \<leftrightarrow> B"}. End-users normally need not |
|
319 change the @{attribute defn} setup. |
|
320 |
|
321 Definitions may be presented with explicit arguments on the LHS, as |
|
322 well as additional conditions, e.g.\ @{text "f x y = t"} instead of |
|
323 @{text "f \<equiv> \<lambda>x y. t"} and @{text "y \<noteq> 0 \<Longrightarrow> g x y = u"} instead of an |
|
324 unrestricted @{text "g \<equiv> \<lambda>x y. u"}. |
|
325 |
|
326 \item @{command "abbreviation"}~@{text "c \<WHERE> eq"} introduces a |
|
327 syntactic constant which is associated with a certain term according |
|
328 to the meta-level equality @{text eq}. |
|
329 |
|
330 Abbreviations participate in the usual type-inference process, but |
|
331 are expanded before the logic ever sees them. Pretty printing of |
|
332 terms involves higher-order rewriting with rules stemming from |
|
333 reverted abbreviations. This needs some care to avoid overlapping |
|
334 or looping syntactic replacements! |
|
335 |
|
336 The optional @{text mode} specification restricts output to a |
|
337 particular print mode; using ``@{text input}'' here achieves the |
|
338 effect of one-way abbreviations. The mode may also include an |
|
339 ``@{keyword "output"}'' qualifier that affects the concrete syntax |
|
340 declared for abbreviations, cf.\ @{command "syntax"} in |
|
341 \secref{sec:syn-trans}. |
|
342 |
|
343 \item @{command "print_abbrevs"} prints all constant abbreviations |
|
344 of the current context. |
|
345 |
|
346 \end{description} |
|
347 *} |
|
348 |
|
349 |
|
350 section {* Generic declarations *} |
|
351 |
|
352 text {* |
|
353 \begin{matharray}{rcl} |
|
354 @{command_def "declaration"} & : & @{text "local_theory \<rightarrow> local_theory"} \\ |
|
355 @{command_def "syntax_declaration"} & : & @{text "local_theory \<rightarrow> local_theory"} \\ |
|
356 @{command_def "declare"} & : & @{text "local_theory \<rightarrow> local_theory"} \\ |
|
357 \end{matharray} |
|
358 |
|
359 Arbitrary operations on the background context may be wrapped-up as |
|
360 generic declaration elements. Since the underlying concept of local |
|
361 theories may be subject to later re-interpretation, there is an |
|
362 additional dependency on a morphism that tells the difference of the |
|
363 original declaration context wrt.\ the application context |
|
364 encountered later on. A fact declaration is an important special |
|
365 case: it consists of a theorem which is applied to the context by |
|
366 means of an attribute. |
|
367 |
|
368 @{rail " |
|
369 (@@{command declaration} | @@{command syntax_declaration}) |
|
370 ('(' @'pervasive' ')')? \\ @{syntax target}? @{syntax text} |
|
371 ; |
|
372 @@{command declare} @{syntax target}? (@{syntax thmrefs} + @'and') |
|
373 "} |
|
374 |
|
375 \begin{description} |
|
376 |
|
377 \item @{command "declaration"}~@{text d} adds the declaration |
|
378 function @{text d} of ML type @{ML_type declaration}, to the current |
|
379 local theory under construction. In later application contexts, the |
|
380 function is transformed according to the morphisms being involved in |
|
381 the interpretation hierarchy. |
|
382 |
|
383 If the @{text "(pervasive)"} option is given, the corresponding |
|
384 declaration is applied to all possible contexts involved, including |
|
385 the global background theory. |
|
386 |
|
387 \item @{command "syntax_declaration"} is similar to @{command |
|
388 "declaration"}, but is meant to affect only ``syntactic'' tools by |
|
389 convention (such as notation and type-checking information). |
|
390 |
|
391 \item @{command "declare"}~@{text thms} declares theorems to the |
|
392 current local theory context. No theorem binding is involved here, |
|
393 unlike @{command "theorems"} or @{command "lemmas"} (cf.\ |
|
394 \secref{sec:axms-thms}), so @{command "declare"} only has the effect |
|
395 of applying attributes as included in the theorem specification. |
|
396 |
|
397 \end{description} |
|
398 *} |
|
399 |
|
400 |
|
401 section {* Locales \label{sec:locale} *} |
|
402 |
|
403 text {* |
|
404 Locales are parametric named local contexts, consisting of a list of |
|
405 declaration elements that are modeled after the Isar proof context |
|
406 commands (cf.\ \secref{sec:proof-context}). |
|
407 *} |
|
408 |
|
409 |
|
410 subsection {* Locale expressions \label{sec:locale-expr} *} |
|
411 |
|
412 text {* |
|
413 A \emph{locale expression} denotes a structured context composed of |
|
414 instances of existing locales. The context consists of a list of |
|
415 instances of declaration elements from the locales. Two locale |
|
416 instances are equal if they are of the same locale and the |
|
417 parameters are instantiated with equivalent terms. Declaration |
|
418 elements from equal instances are never repeated, thus avoiding |
|
419 duplicate declarations. More precisely, declarations from instances |
|
420 that are subsumed by earlier instances are omitted. |
|
421 |
|
422 @{rail " |
|
423 @{syntax_def locale_expr}: (instance + '+') (@'for' (@{syntax \"fixes\"} + @'and'))? |
|
424 ; |
|
425 instance: (qualifier ':')? @{syntax nameref} (pos_insts | named_insts) |
|
426 ; |
|
427 qualifier: @{syntax name} ('?' | '!')? |
|
428 ; |
|
429 pos_insts: ('_' | @{syntax term})* |
|
430 ; |
|
431 named_insts: @'where' (@{syntax name} '=' @{syntax term} + @'and') |
|
432 "} |
|
433 |
|
434 A locale instance consists of a reference to a locale and either |
|
435 positional or named parameter instantiations. Identical |
|
436 instantiations (that is, those that instante a parameter by itself) |
|
437 may be omitted. The notation `@{text "_"}' enables to omit the |
|
438 instantiation for a parameter inside a positional instantiation. |
|
439 |
|
440 Terms in instantiations are from the context the locale expressions |
|
441 is declared in. Local names may be added to this context with the |
|
442 optional @{keyword "for"} clause. This is useful for shadowing names |
|
443 bound in outer contexts, and for declaring syntax. In addition, |
|
444 syntax declarations from one instance are effective when parsing |
|
445 subsequent instances of the same expression. |
|
446 |
|
447 Instances have an optional qualifier which applies to names in |
|
448 declarations. Names include local definitions and theorem names. |
|
449 If present, the qualifier itself is either optional |
|
450 (``\texttt{?}''), which means that it may be omitted on input of the |
|
451 qualified name, or mandatory (``\texttt{!}''). If neither |
|
452 ``\texttt{?}'' nor ``\texttt{!}'' are present, the command's default |
|
453 is used. For @{command "interpretation"} and @{command "interpret"} |
|
454 the default is ``mandatory'', for @{command "locale"} and @{command |
|
455 "sublocale"} the default is ``optional''. |
|
456 *} |
|
457 |
|
458 |
|
459 subsection {* Locale declarations *} |
|
460 |
|
461 text {* |
|
462 \begin{matharray}{rcl} |
|
463 @{command_def "locale"} & : & @{text "theory \<rightarrow> local_theory"} \\ |
|
464 @{command_def "print_locale"}@{text "\<^sup>*"} & : & @{text "context \<rightarrow>"} \\ |
|
465 @{command_def "print_locales"}@{text "\<^sup>*"} & : & @{text "context \<rightarrow>"} \\ |
|
466 @{method_def intro_locales} & : & @{text method} \\ |
|
467 @{method_def unfold_locales} & : & @{text method} \\ |
|
468 \end{matharray} |
|
469 |
|
470 \indexisarelem{fixes}\indexisarelem{constrains}\indexisarelem{assumes} |
|
471 \indexisarelem{defines}\indexisarelem{notes} |
|
472 @{rail " |
|
473 @@{command locale} @{syntax name} ('=' @{syntax locale})? @'begin'? |
|
474 ; |
|
475 @@{command print_locale} '!'? @{syntax nameref} |
|
476 ; |
|
477 @{syntax_def locale}: @{syntax context_elem}+ | |
|
478 @{syntax locale_expr} ('+' (@{syntax context_elem}+))? |
|
479 ; |
|
480 @{syntax_def context_elem}: |
|
481 @'fixes' (@{syntax \"fixes\"} + @'and') | |
|
482 @'constrains' (@{syntax name} '::' @{syntax type} + @'and') | |
|
483 @'assumes' (@{syntax props} + @'and') | |
|
484 @'defines' (@{syntax thmdecl}? @{syntax prop} @{syntax prop_pat}? + @'and') | |
|
485 @'notes' (@{syntax thmdef}? @{syntax thmrefs} + @'and') |
|
486 "} |
|
487 |
|
488 \begin{description} |
|
489 |
|
490 \item @{command "locale"}~@{text "loc = import + body"} defines a |
|
491 new locale @{text loc} as a context consisting of a certain view of |
|
492 existing locales (@{text import}) plus some additional elements |
|
493 (@{text body}). Both @{text import} and @{text body} are optional; |
|
494 the degenerate form @{command "locale"}~@{text loc} defines an empty |
|
495 locale, which may still be useful to collect declarations of facts |
|
496 later on. Type-inference on locale expressions automatically takes |
|
497 care of the most general typing that the combined context elements |
|
498 may acquire. |
|
499 |
|
500 The @{text import} consists of a structured locale expression; see |
|
501 \secref{sec:proof-context} above. Its for clause defines the local |
|
502 parameters of the @{text import}. In addition, locale parameters |
|
503 whose instantance is omitted automatically extend the (possibly |
|
504 empty) for clause: they are inserted at its beginning. This means |
|
505 that these parameters may be referred to from within the expression |
|
506 and also in the subsequent context elements and provides a |
|
507 notational convenience for the inheritance of parameters in locale |
|
508 declarations. |
|
509 |
|
510 The @{text body} consists of context elements. |
|
511 |
|
512 \begin{description} |
|
513 |
|
514 \item @{element "fixes"}~@{text "x :: \<tau> (mx)"} declares a local |
|
515 parameter of type @{text \<tau>} and mixfix annotation @{text mx} (both |
|
516 are optional). The special syntax declaration ``@{text |
|
517 "(\<STRUCTURE>)"}'' means that @{text x} may be referenced |
|
518 implicitly in this context. |
|
519 |
|
520 \item @{element "constrains"}~@{text "x :: \<tau>"} introduces a type |
|
521 constraint @{text \<tau>} on the local parameter @{text x}. This |
|
522 element is deprecated. The type constraint should be introduced in |
|
523 the for clause or the relevant @{element "fixes"} element. |
|
524 |
|
525 \item @{element "assumes"}~@{text "a: \<phi>\<^sub>1 \<dots> \<phi>\<^sub>n"} |
|
526 introduces local premises, similar to @{command "assume"} within a |
|
527 proof (cf.\ \secref{sec:proof-context}). |
|
528 |
|
529 \item @{element "defines"}~@{text "a: x \<equiv> t"} defines a previously |
|
530 declared parameter. This is similar to @{command "def"} within a |
|
531 proof (cf.\ \secref{sec:proof-context}), but @{element "defines"} |
|
532 takes an equational proposition instead of variable-term pair. The |
|
533 left-hand side of the equation may have additional arguments, e.g.\ |
|
534 ``@{element "defines"}~@{text "f x\<^sub>1 \<dots> x\<^sub>n \<equiv> t"}''. |
|
535 |
|
536 \item @{element "notes"}~@{text "a = b\<^sub>1 \<dots> b\<^sub>n"} |
|
537 reconsiders facts within a local context. Most notably, this may |
|
538 include arbitrary declarations in any attribute specifications |
|
539 included here, e.g.\ a local @{attribute simp} rule. |
|
540 |
|
541 The initial @{text import} specification of a locale expression |
|
542 maintains a dynamic relation to the locales being referenced |
|
543 (benefiting from any later fact declarations in the obvious manner). |
|
544 |
|
545 \end{description} |
|
546 |
|
547 Note that ``@{text "(\<IS> p\<^sub>1 \<dots> p\<^sub>n)"}'' patterns given |
|
548 in the syntax of @{element "assumes"} and @{element "defines"} above |
|
549 are illegal in locale definitions. In the long goal format of |
|
550 \secref{sec:goals}, term bindings may be included as expected, |
|
551 though. |
|
552 |
|
553 \medskip Locale specifications are ``closed up'' by |
|
554 turning the given text into a predicate definition @{text |
|
555 loc_axioms} and deriving the original assumptions as local lemmas |
|
556 (modulo local definitions). The predicate statement covers only the |
|
557 newly specified assumptions, omitting the content of included locale |
|
558 expressions. The full cumulative view is only provided on export, |
|
559 involving another predicate @{text loc} that refers to the complete |
|
560 specification text. |
|
561 |
|
562 In any case, the predicate arguments are those locale parameters |
|
563 that actually occur in the respective piece of text. Also note that |
|
564 these predicates operate at the meta-level in theory, but the locale |
|
565 packages attempts to internalize statements according to the |
|
566 object-logic setup (e.g.\ replacing @{text \<And>} by @{text \<forall>}, and |
|
567 @{text "\<Longrightarrow>"} by @{text "\<longrightarrow>"} in HOL; see also |
|
568 \secref{sec:object-logic}). Separate introduction rules @{text |
|
569 loc_axioms.intro} and @{text loc.intro} are provided as well. |
|
570 |
|
571 \item @{command "print_locale"}~@{text "locale"} prints the |
|
572 contents of the named locale. The command omits @{element "notes"} |
|
573 elements by default. Use @{command "print_locale"}@{text "!"} to |
|
574 have them included. |
|
575 |
|
576 \item @{command "print_locales"} prints the names of all locales |
|
577 of the current theory. |
|
578 |
|
579 \item @{method intro_locales} and @{method unfold_locales} |
|
580 repeatedly expand all introduction rules of locale predicates of the |
|
581 theory. While @{method intro_locales} only applies the @{text |
|
582 loc.intro} introduction rules and therefore does not decend to |
|
583 assumptions, @{method unfold_locales} is more aggressive and applies |
|
584 @{text loc_axioms.intro} as well. Both methods are aware of locale |
|
585 specifications entailed by the context, both from target statements, |
|
586 and from interpretations (see below). New goals that are entailed |
|
587 by the current context are discharged automatically. |
|
588 |
|
589 \end{description} |
|
590 *} |
|
591 |
|
592 |
|
593 subsection {* Locale interpretation *} |
|
594 |
|
595 text {* |
|
596 \begin{matharray}{rcl} |
|
597 @{command_def "interpretation"} & : & @{text "theory \<rightarrow> proof(prove)"} \\ |
|
598 @{command_def "interpret"} & : & @{text "proof(state) | proof(chain) \<rightarrow> proof(prove)"} \\ |
|
599 @{command_def "sublocale"} & : & @{text "theory \<rightarrow> proof(prove)"} \\ |
|
600 @{command_def "print_dependencies"}@{text "\<^sup>*"} & : & @{text "context \<rightarrow>"} \\ |
|
601 @{command_def "print_interps"}@{text "\<^sup>*"} & : & @{text "context \<rightarrow>"} \\ |
|
602 \end{matharray} |
|
603 |
|
604 Locale expressions may be instantiated, and the instantiated facts |
|
605 added to the current context. This requires a proof of the |
|
606 instantiated specification and is called \emph{locale |
|
607 interpretation}. Interpretation is possible in locales (command |
|
608 @{command "sublocale"}), theories (command @{command |
|
609 "interpretation"}) and also within proof bodies (command @{command |
|
610 "interpret"}). |
|
611 |
|
612 @{rail " |
|
613 @@{command interpretation} @{syntax locale_expr} equations? |
|
614 ; |
|
615 @@{command interpret} @{syntax locale_expr} equations? |
|
616 ; |
|
617 @@{command sublocale} @{syntax nameref} ('<' | '\<subseteq>') @{syntax locale_expr} \\ |
|
618 equations? |
|
619 ; |
|
620 @@{command print_dependencies} '!'? @{syntax locale_expr} |
|
621 ; |
|
622 @@{command print_interps} @{syntax nameref} |
|
623 ; |
|
624 |
|
625 equations: @'where' (@{syntax thmdecl}? @{syntax prop} + @'and') |
|
626 "} |
|
627 |
|
628 \begin{description} |
|
629 |
|
630 \item @{command "interpretation"}~@{text "expr \<WHERE> eqns"} |
|
631 interprets @{text expr} in the theory. The command generates proof |
|
632 obligations for the instantiated specifications (assumes and defines |
|
633 elements). Once these are discharged by the user, instantiated |
|
634 facts are added to the theory in a post-processing phase. |
|
635 |
|
636 Free variables in the interpreted expression are allowed. They are |
|
637 turned into schematic variables in the generated declarations. In |
|
638 order to use a free variable whose name is already bound in the |
|
639 context --- for example, because a constant of that name exists --- |
|
640 it may be added to the @{keyword "for"} clause. |
|
641 |
|
642 Additional equations, which are unfolded during |
|
643 post-processing, may be given after the keyword @{keyword "where"}. |
|
644 This is useful for interpreting concepts introduced through |
|
645 definitions. The equations must be proved. |
|
646 |
|
647 The command is aware of interpretations already active in the |
|
648 theory, but does not simplify the goal automatically. In order to |
|
649 simplify the proof obligations use methods @{method intro_locales} |
|
650 or @{method unfold_locales}. Post-processing is not applied to |
|
651 facts of interpretations that are already active. This avoids |
|
652 duplication of interpreted facts, in particular. Note that, in the |
|
653 case of a locale with import, parts of the interpretation may |
|
654 already be active. The command will only process facts for new |
|
655 parts. |
|
656 |
|
657 Adding facts to locales has the effect of adding interpreted facts |
|
658 to the theory for all interpretations as well. That is, |
|
659 interpretations dynamically participate in any facts added to |
|
660 locales. Note that if a theory inherits additional facts for a |
|
661 locale through one parent and an interpretation of that locale |
|
662 through another parent, the additional facts will not be |
|
663 interpreted. |
|
664 |
|
665 \item @{command "interpret"}~@{text "expr \<WHERE> eqns"} interprets |
|
666 @{text expr} in the proof context and is otherwise similar to |
|
667 interpretation in theories. Note that rewrite rules given to |
|
668 @{command "interpret"} after the @{keyword "where"} keyword should be |
|
669 explicitly universally quantified. |
|
670 |
|
671 \item @{command "sublocale"}~@{text "name \<subseteq> expr \<WHERE> |
|
672 eqns"} |
|
673 interprets @{text expr} in the locale @{text name}. A proof that |
|
674 the specification of @{text name} implies the specification of |
|
675 @{text expr} is required. As in the localized version of the |
|
676 theorem command, the proof is in the context of @{text name}. After |
|
677 the proof obligation has been discharged, the facts of @{text expr} |
|
678 become part of locale @{text name} as \emph{derived} context |
|
679 elements and are available when the context @{text name} is |
|
680 subsequently entered. Note that, like import, this is dynamic: |
|
681 facts added to a locale part of @{text expr} after interpretation |
|
682 become also available in @{text name}. |
|
683 |
|
684 Only specification fragments of @{text expr} that are not already |
|
685 part of @{text name} (be it imported, derived or a derived fragment |
|
686 of the import) are considered in this process. This enables |
|
687 circular interpretations provided that no infinite chains are |
|
688 generated in the locale hierarchy. |
|
689 |
|
690 If interpretations of @{text name} exist in the current theory, the |
|
691 command adds interpretations for @{text expr} as well, with the same |
|
692 qualifier, although only for fragments of @{text expr} that are not |
|
693 interpreted in the theory already. |
|
694 |
|
695 Equations given after @{keyword "where"} amend the morphism through |
|
696 which @{text expr} is interpreted. This enables to map definitions |
|
697 from the interpreted locales to entities of @{text name}. This |
|
698 feature is experimental. |
|
699 |
|
700 \item @{command "print_dependencies"}~@{text "expr"} is useful for |
|
701 understanding the effect of an interpretation of @{text "expr"}. It |
|
702 lists all locale instances for which interpretations would be added |
|
703 to the current context. Variant @{command |
|
704 "print_dependencies"}@{text "!"} prints all locale instances that |
|
705 would be considered for interpretation, and would be interpreted in |
|
706 an empty context (that is, without interpretations). |
|
707 |
|
708 \item @{command "print_interps"}~@{text "locale"} lists all |
|
709 interpretations of @{text "locale"} in the current theory or proof |
|
710 context, including those due to a combination of a @{command |
|
711 "interpretation"} or @{command "interpret"} and one or several |
|
712 @{command "sublocale"} declarations. |
|
713 |
|
714 \end{description} |
|
715 |
|
716 \begin{warn} |
|
717 Since attributes are applied to interpreted theorems, |
|
718 interpretation may modify the context of common proof tools, e.g.\ |
|
719 the Simplifier or Classical Reasoner. As the behavior of such |
|
720 tools is \emph{not} stable under interpretation morphisms, manual |
|
721 declarations might have to be added to the target context of the |
|
722 interpretation to revert such declarations. |
|
723 \end{warn} |
|
724 |
|
725 \begin{warn} |
|
726 An interpretation in a theory or proof context may subsume previous |
|
727 interpretations. This happens if the same specification fragment |
|
728 is interpreted twice and the instantiation of the second |
|
729 interpretation is more general than the interpretation of the |
|
730 first. The locale package does not attempt to remove subsumed |
|
731 interpretations. |
|
732 \end{warn} |
|
733 *} |
|
734 |
|
735 |
|
736 section {* Classes \label{sec:class} *} |
|
737 |
|
738 text {* |
|
739 \begin{matharray}{rcl} |
|
740 @{command_def "class"} & : & @{text "theory \<rightarrow> local_theory"} \\ |
|
741 @{command_def "instantiation"} & : & @{text "theory \<rightarrow> local_theory"} \\ |
|
742 @{command_def "instance"} & : & @{text "local_theory \<rightarrow> local_theory"} \\ |
|
743 @{command "instance"} & : & @{text "theory \<rightarrow> proof(prove)"} \\ |
|
744 @{command_def "subclass"} & : & @{text "local_theory \<rightarrow> local_theory"} \\ |
|
745 @{command_def "print_classes"}@{text "\<^sup>*"} & : & @{text "context \<rightarrow>"} \\ |
|
746 @{command_def "class_deps"}@{text "\<^sup>*"} & : & @{text "context \<rightarrow>"} \\ |
|
747 @{method_def intro_classes} & : & @{text method} \\ |
|
748 \end{matharray} |
|
749 |
|
750 A class is a particular locale with \emph{exactly one} type variable |
|
751 @{text \<alpha>}. Beyond the underlying locale, a corresponding type class |
|
752 is established which is interpreted logically as axiomatic type |
|
753 class \cite{Wenzel:1997:TPHOL} whose logical content are the |
|
754 assumptions of the locale. Thus, classes provide the full |
|
755 generality of locales combined with the commodity of type classes |
|
756 (notably type-inference). See \cite{isabelle-classes} for a short |
|
757 tutorial. |
|
758 |
|
759 @{rail " |
|
760 @@{command class} class_spec @'begin'? |
|
761 ; |
|
762 class_spec: @{syntax name} '=' |
|
763 ((@{syntax nameref} '+' (@{syntax context_elem}+)) | |
|
764 @{syntax nameref} | (@{syntax context_elem}+)) |
|
765 ; |
|
766 @@{command instantiation} (@{syntax nameref} + @'and') '::' @{syntax arity} @'begin' |
|
767 ; |
|
768 @@{command instance} (() | (@{syntax nameref} + @'and') '::' @{syntax arity} | |
|
769 @{syntax nameref} ('<' | '\<subseteq>') @{syntax nameref} ) |
|
770 ; |
|
771 @@{command subclass} @{syntax target}? @{syntax nameref} |
|
772 "} |
|
773 |
|
774 \begin{description} |
|
775 |
|
776 \item @{command "class"}~@{text "c = superclasses + body"} defines |
|
777 a new class @{text c}, inheriting from @{text superclasses}. This |
|
778 introduces a locale @{text c} with import of all locales @{text |
|
779 superclasses}. |
|
780 |
|
781 Any @{element "fixes"} in @{text body} are lifted to the global |
|
782 theory level (\emph{class operations} @{text "f\<^sub>1, \<dots>, |
|
783 f\<^sub>n"} of class @{text c}), mapping the local type parameter |
|
784 @{text \<alpha>} to a schematic type variable @{text "?\<alpha> :: c"}. |
|
785 |
|
786 Likewise, @{element "assumes"} in @{text body} are also lifted, |
|
787 mapping each local parameter @{text "f :: \<tau>[\<alpha>]"} to its |
|
788 corresponding global constant @{text "f :: \<tau>[?\<alpha> :: c]"}. The |
|
789 corresponding introduction rule is provided as @{text |
|
790 c_class_axioms.intro}. This rule should be rarely needed directly |
|
791 --- the @{method intro_classes} method takes care of the details of |
|
792 class membership proofs. |
|
793 |
|
794 \item @{command "instantiation"}~@{text "t :: (s\<^sub>1, \<dots>, s\<^sub>n)s |
|
795 \<BEGIN>"} opens a theory target (cf.\ \secref{sec:target}) which |
|
796 allows to specify class operations @{text "f\<^sub>1, \<dots>, f\<^sub>n"} corresponding |
|
797 to sort @{text s} at the particular type instance @{text "(\<alpha>\<^sub>1 :: s\<^sub>1, |
|
798 \<dots>, \<alpha>\<^sub>n :: s\<^sub>n) t"}. A plain @{command "instance"} command in the |
|
799 target body poses a goal stating these type arities. The target is |
|
800 concluded by an @{command_ref (local) "end"} command. |
|
801 |
|
802 Note that a list of simultaneous type constructors may be given; |
|
803 this corresponds nicely to mutually recursive type definitions, e.g.\ |
|
804 in Isabelle/HOL. |
|
805 |
|
806 \item @{command "instance"} in an instantiation target body sets |
|
807 up a goal stating the type arities claimed at the opening @{command |
|
808 "instantiation"}. The proof would usually proceed by @{method |
|
809 intro_classes}, and then establish the characteristic theorems of |
|
810 the type classes involved. After finishing the proof, the |
|
811 background theory will be augmented by the proven type arities. |
|
812 |
|
813 On the theory level, @{command "instance"}~@{text "t :: (s\<^sub>1, \<dots>, |
|
814 s\<^sub>n)s"} provides a convenient way to instantiate a type class with no |
|
815 need to specify operations: one can continue with the |
|
816 instantiation proof immediately. |
|
817 |
|
818 \item @{command "subclass"}~@{text c} in a class context for class |
|
819 @{text d} sets up a goal stating that class @{text c} is logically |
|
820 contained in class @{text d}. After finishing the proof, class |
|
821 @{text d} is proven to be subclass @{text c} and the locale @{text |
|
822 c} is interpreted into @{text d} simultaneously. |
|
823 |
|
824 A weakend form of this is available through a further variant of |
|
825 @{command instance}: @{command instance}~@{text "c\<^sub>1 \<subseteq> c\<^sub>2"} opens |
|
826 a proof that class @{text "c\<^isub>2"} implies @{text "c\<^isub>1"} without reference |
|
827 to the underlying locales; this is useful if the properties to prove |
|
828 the logical connection are not sufficent on the locale level but on |
|
829 the theory level. |
|
830 |
|
831 \item @{command "print_classes"} prints all classes in the current |
|
832 theory. |
|
833 |
|
834 \item @{command "class_deps"} visualizes all classes and their |
|
835 subclass relations as a Hasse diagram. |
|
836 |
|
837 \item @{method intro_classes} repeatedly expands all class |
|
838 introduction rules of this theory. Note that this method usually |
|
839 needs not be named explicitly, as it is already included in the |
|
840 default proof step (e.g.\ of @{command "proof"}). In particular, |
|
841 instantiation of trivial (syntactic) classes may be performed by a |
|
842 single ``@{command ".."}'' proof step. |
|
843 |
|
844 \end{description} |
|
845 *} |
|
846 |
|
847 |
|
848 subsection {* The class target *} |
|
849 |
|
850 text {* |
|
851 %FIXME check |
|
852 |
|
853 A named context may refer to a locale (cf.\ \secref{sec:target}). |
|
854 If this locale is also a class @{text c}, apart from the common |
|
855 locale target behaviour the following happens. |
|
856 |
|
857 \begin{itemize} |
|
858 |
|
859 \item Local constant declarations @{text "g[\<alpha>]"} referring to the |
|
860 local type parameter @{text \<alpha>} and local parameters @{text "f[\<alpha>]"} |
|
861 are accompanied by theory-level constants @{text "g[?\<alpha> :: c]"} |
|
862 referring to theory-level class operations @{text "f[?\<alpha> :: c]"}. |
|
863 |
|
864 \item Local theorem bindings are lifted as are assumptions. |
|
865 |
|
866 \item Local syntax refers to local operations @{text "g[\<alpha>]"} and |
|
867 global operations @{text "g[?\<alpha> :: c]"} uniformly. Type inference |
|
868 resolves ambiguities. In rare cases, manual type annotations are |
|
869 needed. |
|
870 |
|
871 \end{itemize} |
|
872 *} |
|
873 |
|
874 |
|
875 subsection {* Co-regularity of type classes and arities *} |
|
876 |
|
877 text {* The class relation together with the collection of |
|
878 type-constructor arities must obey the principle of |
|
879 \emph{co-regularity} as defined below. |
|
880 |
|
881 \medskip For the subsequent formulation of co-regularity we assume |
|
882 that the class relation is closed by transitivity and reflexivity. |
|
883 Moreover the collection of arities @{text "t :: (\<^vec>s)c"} is |
|
884 completed such that @{text "t :: (\<^vec>s)c"} and @{text "c \<subseteq> c'"} |
|
885 implies @{text "t :: (\<^vec>s)c'"} for all such declarations. |
|
886 |
|
887 Treating sorts as finite sets of classes (meaning the intersection), |
|
888 the class relation @{text "c\<^sub>1 \<subseteq> c\<^sub>2"} is extended to sorts as |
|
889 follows: |
|
890 \[ |
|
891 @{text "s\<^sub>1 \<subseteq> s\<^sub>2 \<equiv> \<forall>c\<^sub>2 \<in> s\<^sub>2. \<exists>c\<^sub>1 \<in> s\<^sub>1. c\<^sub>1 \<subseteq> c\<^sub>2"} |
|
892 \] |
|
893 |
|
894 This relation on sorts is further extended to tuples of sorts (of |
|
895 the same length) in the component-wise way. |
|
896 |
|
897 \smallskip Co-regularity of the class relation together with the |
|
898 arities relation means: |
|
899 \[ |
|
900 @{text "t :: (\<^vec>s\<^sub>1)c\<^sub>1 \<Longrightarrow> t :: (\<^vec>s\<^sub>2)c\<^sub>2 \<Longrightarrow> c\<^sub>1 \<subseteq> c\<^sub>2 \<Longrightarrow> \<^vec>s\<^sub>1 \<subseteq> \<^vec>s\<^sub>2"} |
|
901 \] |
|
902 \noindent for all such arities. In other words, whenever the result |
|
903 classes of some type-constructor arities are related, then the |
|
904 argument sorts need to be related in the same way. |
|
905 |
|
906 \medskip Co-regularity is a very fundamental property of the |
|
907 order-sorted algebra of types. For example, it entails principle |
|
908 types and most general unifiers, e.g.\ see \cite{nipkow-prehofer}. |
|
909 *} |
|
910 |
|
911 |
|
912 section {* Unrestricted overloading *} |
|
913 |
|
914 text {* |
|
915 \begin{matharray}{rcl} |
|
916 @{command_def "overloading"} & : & @{text "theory \<rightarrow> local_theory"} \\ |
|
917 \end{matharray} |
|
918 |
|
919 Isabelle/Pure's definitional schemes support certain forms of |
|
920 overloading (see \secref{sec:consts}). Overloading means that a |
|
921 constant being declared as @{text "c :: \<alpha> decl"} may be |
|
922 defined separately on type instances |
|
923 @{text "c :: (\<beta>\<^sub>1, \<dots>, \<beta>\<^sub>n) t decl"} |
|
924 for each type constructor @{text t}. At most occassions |
|
925 overloading will be used in a Haskell-like fashion together with |
|
926 type classes by means of @{command "instantiation"} (see |
|
927 \secref{sec:class}). Sometimes low-level overloading is desirable. |
|
928 The @{command "overloading"} target provides a convenient view for |
|
929 end-users. |
|
930 |
|
931 @{rail " |
|
932 @@{command overloading} ( spec + ) @'begin' |
|
933 ; |
|
934 spec: @{syntax name} ( '==' | '\<equiv>' ) @{syntax term} ( '(' @'unchecked' ')' )? |
|
935 "} |
|
936 |
|
937 \begin{description} |
|
938 |
|
939 \item @{command "overloading"}~@{text "x\<^sub>1 \<equiv> c\<^sub>1 :: \<tau>\<^sub>1 \<AND> \<dots> x\<^sub>n \<equiv> c\<^sub>n :: \<tau>\<^sub>n \<BEGIN>"} |
|
940 opens a theory target (cf.\ \secref{sec:target}) which allows to |
|
941 specify constants with overloaded definitions. These are identified |
|
942 by an explicitly given mapping from variable names @{text "x\<^sub>i"} to |
|
943 constants @{text "c\<^sub>i"} at particular type instances. The |
|
944 definitions themselves are established using common specification |
|
945 tools, using the names @{text "x\<^sub>i"} as reference to the |
|
946 corresponding constants. The target is concluded by @{command |
|
947 (local) "end"}. |
|
948 |
|
949 A @{text "(unchecked)"} option disables global dependency checks for |
|
950 the corresponding definition, which is occasionally useful for |
|
951 exotic overloading (see \secref{sec:consts} for a precise description). |
|
952 It is at the discretion of the user to avoid |
|
953 malformed theory specifications! |
|
954 |
|
955 \end{description} |
|
956 *} |
|
957 |
|
958 |
|
959 section {* Incorporating ML code \label{sec:ML} *} |
|
960 |
|
961 text {* |
|
962 \begin{matharray}{rcl} |
|
963 @{command_def "ML_file"} & : & @{text "local_theory \<rightarrow> local_theory"} \\ |
|
964 @{command_def "ML"} & : & @{text "local_theory \<rightarrow> local_theory"} \\ |
|
965 @{command_def "ML_prf"} & : & @{text "proof \<rightarrow> proof"} \\ |
|
966 @{command_def "ML_val"} & : & @{text "any \<rightarrow>"} \\ |
|
967 @{command_def "ML_command"} & : & @{text "any \<rightarrow>"} \\ |
|
968 @{command_def "setup"} & : & @{text "theory \<rightarrow> theory"} \\ |
|
969 @{command_def "local_setup"} & : & @{text "local_theory \<rightarrow> local_theory"} \\ |
|
970 @{command_def "attribute_setup"} & : & @{text "theory \<rightarrow> theory"} \\ |
|
971 \end{matharray} |
|
972 |
|
973 @{rail " |
|
974 @@{command ML_file} @{syntax name} |
|
975 ; |
|
976 (@@{command ML} | @@{command ML_prf} | @@{command ML_val} | |
|
977 @@{command ML_command} | @@{command setup} | @@{command local_setup}) @{syntax text} |
|
978 ; |
|
979 @@{command attribute_setup} @{syntax name} '=' @{syntax text} @{syntax text}? |
|
980 "} |
|
981 |
|
982 \begin{description} |
|
983 |
|
984 \item @{command "ML_file"}~@{text "name"} reads and evaluates the |
|
985 given ML file. The current theory context is passed down to the ML |
|
986 toplevel and may be modified, using @{ML "Context.>>"} or derived ML |
|
987 commands. Top-level ML bindings are stored within the (global or |
|
988 local) theory context. |
|
989 |
|
990 \item @{command "ML"}~@{text "text"} is similar to @{command |
|
991 "ML_file"}, but evaluates directly the given @{text "text"}. |
|
992 Top-level ML bindings are stored within the (global or local) theory |
|
993 context. |
|
994 |
|
995 \item @{command "ML_prf"} is analogous to @{command "ML"} but works |
|
996 within a proof context. Top-level ML bindings are stored within the |
|
997 proof context in a purely sequential fashion, disregarding the |
|
998 nested proof structure. ML bindings introduced by @{command |
|
999 "ML_prf"} are discarded at the end of the proof. |
|
1000 |
|
1001 \item @{command "ML_val"} and @{command "ML_command"} are diagnostic |
|
1002 versions of @{command "ML"}, which means that the context may not be |
|
1003 updated. @{command "ML_val"} echos the bindings produced at the ML |
|
1004 toplevel, but @{command "ML_command"} is silent. |
|
1005 |
|
1006 \item @{command "setup"}~@{text "text"} changes the current theory |
|
1007 context by applying @{text "text"}, which refers to an ML expression |
|
1008 of type @{ML_type "theory -> theory"}. This enables to initialize |
|
1009 any object-logic specific tools and packages written in ML, for |
|
1010 example. |
|
1011 |
|
1012 \item @{command "local_setup"} is similar to @{command "setup"} for |
|
1013 a local theory context, and an ML expression of type @{ML_type |
|
1014 "local_theory -> local_theory"}. This allows to |
|
1015 invoke local theory specification packages without going through |
|
1016 concrete outer syntax, for example. |
|
1017 |
|
1018 \item @{command "attribute_setup"}~@{text "name = text description"} |
|
1019 defines an attribute in the current theory. The given @{text |
|
1020 "text"} has to be an ML expression of type |
|
1021 @{ML_type "attribute context_parser"}, cf.\ basic parsers defined in |
|
1022 structure @{ML_struct Args} and @{ML_struct Attrib}. |
|
1023 |
|
1024 In principle, attributes can operate both on a given theorem and the |
|
1025 implicit context, although in practice only one is modified and the |
|
1026 other serves as parameter. Here are examples for these two cases: |
|
1027 |
|
1028 \end{description} |
|
1029 *} |
|
1030 |
|
1031 attribute_setup my_rule = {* |
|
1032 Attrib.thms >> (fn ths => |
|
1033 Thm.rule_attribute |
|
1034 (fn context: Context.generic => fn th: thm => |
|
1035 let val th' = th OF ths |
|
1036 in th' end)) *} |
|
1037 |
|
1038 attribute_setup my_declaration = {* |
|
1039 Attrib.thms >> (fn ths => |
|
1040 Thm.declaration_attribute |
|
1041 (fn th: thm => fn context: Context.generic => |
|
1042 let val context' = context |
|
1043 in context' end)) *} |
|
1044 |
|
1045 |
|
1046 section {* Primitive specification elements *} |
|
1047 |
|
1048 subsection {* Type classes and sorts \label{sec:classes} *} |
|
1049 |
|
1050 text {* |
|
1051 \begin{matharray}{rcll} |
|
1052 @{command_def "classes"} & : & @{text "theory \<rightarrow> theory"} \\ |
|
1053 @{command_def "classrel"} & : & @{text "theory \<rightarrow> theory"} & (axiomatic!) \\ |
|
1054 @{command_def "default_sort"} & : & @{text "local_theory \<rightarrow> local_theory"} |
|
1055 \end{matharray} |
|
1056 |
|
1057 @{rail " |
|
1058 @@{command classes} (@{syntax classdecl} +) |
|
1059 ; |
|
1060 @@{command classrel} (@{syntax nameref} ('<' | '\<subseteq>') @{syntax nameref} + @'and') |
|
1061 ; |
|
1062 @@{command default_sort} @{syntax sort} |
|
1063 "} |
|
1064 |
|
1065 \begin{description} |
|
1066 |
|
1067 \item @{command "classes"}~@{text "c \<subseteq> c\<^sub>1, \<dots>, c\<^sub>n"} declares class |
|
1068 @{text c} to be a subclass of existing classes @{text "c\<^sub>1, \<dots>, c\<^sub>n"}. |
|
1069 Isabelle implicitly maintains the transitive closure of the class |
|
1070 hierarchy. Cyclic class structures are not permitted. |
|
1071 |
|
1072 \item @{command "classrel"}~@{text "c\<^sub>1 \<subseteq> c\<^sub>2"} states subclass |
|
1073 relations between existing classes @{text "c\<^sub>1"} and @{text "c\<^sub>2"}. |
|
1074 This is done axiomatically! The @{command_ref "subclass"} and |
|
1075 @{command_ref "instance"} commands (see \secref{sec:class}) provide |
|
1076 a way to introduce proven class relations. |
|
1077 |
|
1078 \item @{command "default_sort"}~@{text s} makes sort @{text s} the |
|
1079 new default sort for any type variable that is given explicitly in |
|
1080 the text, but lacks a sort constraint (wrt.\ the current context). |
|
1081 Type variables generated by type inference are not affected. |
|
1082 |
|
1083 Usually the default sort is only changed when defining a new |
|
1084 object-logic. For example, the default sort in Isabelle/HOL is |
|
1085 @{class type}, the class of all HOL types. |
|
1086 |
|
1087 When merging theories, the default sorts of the parents are |
|
1088 logically intersected, i.e.\ the representations as lists of classes |
|
1089 are joined. |
|
1090 |
|
1091 \end{description} |
|
1092 *} |
|
1093 |
|
1094 |
|
1095 subsection {* Types and type abbreviations \label{sec:types-pure} *} |
|
1096 |
|
1097 text {* |
|
1098 \begin{matharray}{rcll} |
|
1099 @{command_def "type_synonym"} & : & @{text "local_theory \<rightarrow> local_theory"} \\ |
|
1100 @{command_def "typedecl"} & : & @{text "local_theory \<rightarrow> local_theory"} \\ |
|
1101 @{command_def "arities"} & : & @{text "theory \<rightarrow> theory"} & (axiomatic!) \\ |
|
1102 \end{matharray} |
|
1103 |
|
1104 @{rail " |
|
1105 @@{command type_synonym} (@{syntax typespec} '=' @{syntax type} @{syntax mixfix}?) |
|
1106 ; |
|
1107 @@{command typedecl} @{syntax typespec} @{syntax mixfix}? |
|
1108 ; |
|
1109 @@{command arities} (@{syntax nameref} '::' @{syntax arity} +) |
|
1110 "} |
|
1111 |
|
1112 \begin{description} |
|
1113 |
|
1114 \item @{command "type_synonym"}~@{text "(\<alpha>\<^sub>1, \<dots>, \<alpha>\<^sub>n) t = \<tau>"} |
|
1115 introduces a \emph{type synonym} @{text "(\<alpha>\<^sub>1, \<dots>, \<alpha>\<^sub>n) t"} for the |
|
1116 existing type @{text "\<tau>"}. Unlike actual type definitions, as are |
|
1117 available in Isabelle/HOL for example, type synonyms are merely |
|
1118 syntactic abbreviations without any logical significance. |
|
1119 Internally, type synonyms are fully expanded. |
|
1120 |
|
1121 \item @{command "typedecl"}~@{text "(\<alpha>\<^sub>1, \<dots>, \<alpha>\<^sub>n) t"} declares a new |
|
1122 type constructor @{text t}. If the object-logic defines a base sort |
|
1123 @{text s}, then the constructor is declared to operate on that, via |
|
1124 the axiomatic specification @{command arities}~@{text "t :: (s, \<dots>, |
|
1125 s)s"}. |
|
1126 |
|
1127 \item @{command "arities"}~@{text "t :: (s\<^sub>1, \<dots>, s\<^sub>n)s"} augments |
|
1128 Isabelle's order-sorted signature of types by new type constructor |
|
1129 arities. This is done axiomatically! The @{command_ref "instantiation"} |
|
1130 target (see \secref{sec:class}) provides a way to introduce |
|
1131 proven type arities. |
|
1132 |
|
1133 \end{description} |
|
1134 *} |
|
1135 |
|
1136 |
|
1137 subsection {* Constants and definitions \label{sec:consts} *} |
|
1138 |
|
1139 text {* |
|
1140 \begin{matharray}{rcl} |
|
1141 @{command_def "consts"} & : & @{text "theory \<rightarrow> theory"} \\ |
|
1142 @{command_def "defs"} & : & @{text "theory \<rightarrow> theory"} \\ |
|
1143 \end{matharray} |
|
1144 |
|
1145 Definitions essentially express abbreviations within the logic. The |
|
1146 simplest form of a definition is @{text "c :: \<sigma> \<equiv> t"}, where @{text |
|
1147 c} is a newly declared constant. Isabelle also allows derived forms |
|
1148 where the arguments of @{text c} appear on the left, abbreviating a |
|
1149 prefix of @{text \<lambda>}-abstractions, e.g.\ @{text "c \<equiv> \<lambda>x y. t"} may be |
|
1150 written more conveniently as @{text "c x y \<equiv> t"}. Moreover, |
|
1151 definitions may be weakened by adding arbitrary pre-conditions: |
|
1152 @{text "A \<Longrightarrow> c x y \<equiv> t"}. |
|
1153 |
|
1154 \medskip The built-in well-formedness conditions for definitional |
|
1155 specifications are: |
|
1156 |
|
1157 \begin{itemize} |
|
1158 |
|
1159 \item Arguments (on the left-hand side) must be distinct variables. |
|
1160 |
|
1161 \item All variables on the right-hand side must also appear on the |
|
1162 left-hand side. |
|
1163 |
|
1164 \item All type variables on the right-hand side must also appear on |
|
1165 the left-hand side; this prohibits @{text "0 :: nat \<equiv> length ([] :: |
|
1166 \<alpha> list)"} for example. |
|
1167 |
|
1168 \item The definition must not be recursive. Most object-logics |
|
1169 provide definitional principles that can be used to express |
|
1170 recursion safely. |
|
1171 |
|
1172 \end{itemize} |
|
1173 |
|
1174 The right-hand side of overloaded definitions may mention overloaded constants |
|
1175 recursively at type instances corresponding to the immediate |
|
1176 argument types @{text "\<beta>\<^sub>1, \<dots>, \<beta>\<^sub>n"}. Incomplete |
|
1177 specification patterns impose global constraints on all occurrences, |
|
1178 e.g.\ @{text "d :: \<alpha> \<times> \<alpha>"} on the left-hand side means that all |
|
1179 corresponding occurrences on some right-hand side need to be an |
|
1180 instance of this, general @{text "d :: \<alpha> \<times> \<beta>"} will be disallowed. |
|
1181 |
|
1182 @{rail " |
|
1183 @@{command consts} ((@{syntax name} '::' @{syntax type} @{syntax mixfix}?) +) |
|
1184 ; |
|
1185 @@{command defs} opt? (@{syntax axmdecl} @{syntax prop} +) |
|
1186 ; |
|
1187 opt: '(' @'unchecked'? @'overloaded'? ')' |
|
1188 "} |
|
1189 |
|
1190 \begin{description} |
|
1191 |
|
1192 \item @{command "consts"}~@{text "c :: \<sigma>"} declares constant @{text |
|
1193 c} to have any instance of type scheme @{text \<sigma>}. The optional |
|
1194 mixfix annotations may attach concrete syntax to the constants |
|
1195 declared. |
|
1196 |
|
1197 \item @{command "defs"}~@{text "name: eqn"} introduces @{text eqn} |
|
1198 as a definitional axiom for some existing constant. |
|
1199 |
|
1200 The @{text "(unchecked)"} option disables global dependency checks |
|
1201 for this definition, which is occasionally useful for exotic |
|
1202 overloading. It is at the discretion of the user to avoid malformed |
|
1203 theory specifications! |
|
1204 |
|
1205 The @{text "(overloaded)"} option declares definitions to be |
|
1206 potentially overloaded. Unless this option is given, a warning |
|
1207 message would be issued for any definitional equation with a more |
|
1208 special type than that of the corresponding constant declaration. |
|
1209 |
|
1210 \end{description} |
|
1211 *} |
|
1212 |
|
1213 |
|
1214 section {* Axioms and theorems \label{sec:axms-thms} *} |
|
1215 |
|
1216 text {* |
|
1217 \begin{matharray}{rcll} |
|
1218 @{command_def "axioms"} & : & @{text "theory \<rightarrow> theory"} & (axiomatic!) \\ |
|
1219 @{command_def "lemmas"} & : & @{text "local_theory \<rightarrow> local_theory"} \\ |
|
1220 @{command_def "theorems"} & : & @{text "local_theory \<rightarrow> local_theory"} \\ |
|
1221 \end{matharray} |
|
1222 |
|
1223 @{rail " |
|
1224 @@{command axioms} (@{syntax axmdecl} @{syntax prop} +) |
|
1225 ; |
|
1226 (@@{command lemmas} | @@{command theorems}) @{syntax target}? \\ |
|
1227 (@{syntax thmdef}? @{syntax thmrefs} + @'and') |
|
1228 (@'for' (@{syntax vars} + @'and'))? |
|
1229 "} |
|
1230 |
|
1231 \begin{description} |
|
1232 |
|
1233 \item @{command "axioms"}~@{text "a: \<phi>"} introduces arbitrary |
|
1234 statements as axioms of the meta-logic. In fact, axioms are |
|
1235 ``axiomatic theorems'', and may be referred later just as any other |
|
1236 theorem. |
|
1237 |
|
1238 Axioms are usually only introduced when declaring new logical |
|
1239 systems. Everyday work is typically done the hard way, with proper |
|
1240 definitions and proven theorems. |
|
1241 |
|
1242 \item @{command "lemmas"}~@{text "a = b\<^sub>1 \<dots> b\<^sub>n"}~@{keyword_def |
|
1243 "for"}~@{text "x\<^sub>1 \<dots> x\<^sub>m"} evaluates given facts (with attributes) in |
|
1244 the current context, which may be augmented by local variables. |
|
1245 Results are standardized before being stored, i.e.\ schematic |
|
1246 variables are renamed to enforce index @{text "0"} uniformly. |
|
1247 |
|
1248 \item @{command "theorems"} is the same as @{command "lemmas"}, but |
|
1249 marks the result as a different kind of facts. |
|
1250 |
|
1251 \end{description} |
|
1252 *} |
|
1253 |
|
1254 |
|
1255 section {* Oracles *} |
|
1256 |
|
1257 text {* |
|
1258 \begin{matharray}{rcll} |
|
1259 @{command_def "oracle"} & : & @{text "theory \<rightarrow> theory"} & (axiomatic!) \\ |
|
1260 \end{matharray} |
|
1261 |
|
1262 Oracles allow Isabelle to take advantage of external reasoners such |
|
1263 as arithmetic decision procedures, model checkers, fast tautology |
|
1264 checkers or computer algebra systems. Invoked as an oracle, an |
|
1265 external reasoner can create arbitrary Isabelle theorems. |
|
1266 |
|
1267 It is the responsibility of the user to ensure that the external |
|
1268 reasoner is as trustworthy as the application requires. Another |
|
1269 typical source of errors is the linkup between Isabelle and the |
|
1270 external tool, not just its concrete implementation, but also the |
|
1271 required translation between two different logical environments. |
|
1272 |
|
1273 Isabelle merely guarantees well-formedness of the propositions being |
|
1274 asserted, and records within the internal derivation object how |
|
1275 presumed theorems depend on unproven suppositions. |
|
1276 |
|
1277 @{rail " |
|
1278 @@{command oracle} @{syntax name} '=' @{syntax text} |
|
1279 "} |
|
1280 |
|
1281 \begin{description} |
|
1282 |
|
1283 \item @{command "oracle"}~@{text "name = text"} turns the given ML |
|
1284 expression @{text "text"} of type @{ML_text "'a -> cterm"} into an |
|
1285 ML function of type @{ML_text "'a -> thm"}, which is bound to the |
|
1286 global identifier @{ML_text name}. This acts like an infinitary |
|
1287 specification of axioms! Invoking the oracle only works within the |
|
1288 scope of the resulting theory. |
|
1289 |
|
1290 \end{description} |
|
1291 |
|
1292 See @{file "~~/src/HOL/ex/Iff_Oracle.thy"} for a worked example of |
|
1293 defining a new primitive rule as oracle, and turning it into a proof |
|
1294 method. |
|
1295 *} |
|
1296 |
|
1297 |
|
1298 section {* Name spaces *} |
|
1299 |
|
1300 text {* |
|
1301 \begin{matharray}{rcl} |
|
1302 @{command_def "hide_class"} & : & @{text "theory \<rightarrow> theory"} \\ |
|
1303 @{command_def "hide_type"} & : & @{text "theory \<rightarrow> theory"} \\ |
|
1304 @{command_def "hide_const"} & : & @{text "theory \<rightarrow> theory"} \\ |
|
1305 @{command_def "hide_fact"} & : & @{text "theory \<rightarrow> theory"} \\ |
|
1306 \end{matharray} |
|
1307 |
|
1308 @{rail " |
|
1309 ( @{command hide_class} | @{command hide_type} | |
|
1310 @{command hide_const} | @{command hide_fact} ) ('(' @'open' ')')? (@{syntax nameref} + ) |
|
1311 "} |
|
1312 |
|
1313 Isabelle organizes any kind of name declarations (of types, |
|
1314 constants, theorems etc.) by separate hierarchically structured name |
|
1315 spaces. Normally the user does not have to control the behavior of |
|
1316 name spaces by hand, yet the following commands provide some way to |
|
1317 do so. |
|
1318 |
|
1319 \begin{description} |
|
1320 |
|
1321 \item @{command "hide_class"}~@{text names} fully removes class |
|
1322 declarations from a given name space; with the @{text "(open)"} |
|
1323 option, only the base name is hidden. |
|
1324 |
|
1325 Note that hiding name space accesses has no impact on logical |
|
1326 declarations --- they remain valid internally. Entities that are no |
|
1327 longer accessible to the user are printed with the special qualifier |
|
1328 ``@{text "??"}'' prefixed to the full internal name. |
|
1329 |
|
1330 \item @{command "hide_type"}, @{command "hide_const"}, and @{command |
|
1331 "hide_fact"} are similar to @{command "hide_class"}, but hide types, |
|
1332 constants, and facts, respectively. |
|
1333 |
|
1334 \end{description} |
|
1335 *} |
|
1336 |
|
1337 end |