88 which is sustained until the final @{text "end"} operation. A draft |
90 which is sustained until the final @{text "end"} operation. A draft |
89 mode theory acts like a linear type, where updates invalidate |
91 mode theory acts like a linear type, where updates invalidate |
90 earlier drafts, but theory reference values will be propagated |
92 earlier drafts, but theory reference values will be propagated |
91 automatically. Thus derived entities that ``belong'' to a draft |
93 automatically. Thus derived entities that ``belong'' to a draft |
92 might be transferred spontaneously to a larger context. An |
94 might be transferred spontaneously to a larger context. An |
93 invalidated draft is called ``stale''. The @{text "copy"} operation |
95 invalidated draft is called ``stale''. |
94 produces an auxiliary version with the same data content, but is |
96 |
95 unrelated to the original: updates of the copy do not affect the |
97 The @{text "checkpoint"} operation produces an intermediate stepping |
96 original, neither does the sub-theory relation hold. |
98 stone that will survive the next update unscathed: both the original |
97 |
99 and the changed theory remain valid and are related by the |
98 The example below shows a theory graph derived from @{text "Pure"}. |
100 sub-theory relation. Checkpointing essentially recovers purely |
99 Theory @{text "Length"} imports @{text "Nat"} and @{text "List"}. |
101 functional theory values, at the expense of some extra internal |
100 The linear draft mode is enabled during the ``@{text "\<dots>"}'' stage of |
102 bookeeping. |
101 the theory body. |
103 |
102 |
104 The @{text "copy"} operation produces an auxiliary version that has |
103 \bigskip |
105 the same data content, but is unrelated to the original: updates of |
|
106 the copy do not affect the original, neither does the sub-theory |
|
107 relation hold. |
|
108 |
|
109 \medskip The example in \figref{fig:ex-theory} below shows a theory |
|
110 graph derived from @{text "Pure"}. Theory @{text "Length"} imports |
|
111 @{text "Nat"} and @{text "List"}. The theory body consists of a |
|
112 sequence of updates, working mostly on drafts. Intermediate |
|
113 checkpoints may occur as well, due to the history mechanism provided |
|
114 by the Isar toplevel, cf.\ \secref{sec:isar-toplevel}. |
|
115 |
|
116 \begin{figure}[htb] |
|
117 \begin{center} |
104 \begin{tabular}{rcccl} |
118 \begin{tabular}{rcccl} |
105 & & $Pure$ \\ |
119 & & @{text "Pure"} \\ |
106 & & $\downarrow$ \\ |
120 & & @{text "\<down>"} \\ |
107 & & $FOL$ \\ |
121 & & @{text "FOL"} \\ |
108 & $\swarrow$ & & $\searrow$ & \\ |
122 & $\swarrow$ & & $\searrow$ & \\ |
109 $Nat$ & & & & $List$ \\ |
123 $Nat$ & & & & @{text "List"} \\ |
110 & $\searrow$ & & $\swarrow$ \\ |
124 & $\searrow$ & & $\swarrow$ \\ |
111 & & $Length$ \\ |
125 & & @{text "Length"} \\ |
112 & & \multicolumn{3}{l}{~~$\isarkeyword{imports}$} \\ |
126 & & \multicolumn{3}{l}{~~$\isarkeyword{imports}$} \\ |
113 & & \multicolumn{3}{l}{~~$\isarkeyword{begin}$} \\ |
127 & & \multicolumn{3}{l}{~~$\isarkeyword{begin}$} \\ |
114 & & $\vdots$~~ \\ |
128 & & $\vdots$~~ \\ |
|
129 & & @{text "\<bullet>"}~~ \\ |
|
130 & & $\vdots$~~ \\ |
|
131 & & @{text "\<bullet>"}~~ \\ |
|
132 & & $\vdots$~~ \\ |
115 & & \multicolumn{3}{l}{~~$\isarkeyword{end}$} \\ |
133 & & \multicolumn{3}{l}{~~$\isarkeyword{end}$} \\ |
116 \end{tabular} |
134 \end{tabular} |
117 |
135 \caption{Theory definition depending on ancestors}\label{fig:ex-theory} |
118 \medskip In practice, derived theory operations mostly operate |
136 \end{center} |
119 drafts, namely the body of the current portion of theory that the |
137 \end{figure} |
120 user happens to be composing. |
|
121 |
|
122 \medskip There is also a builtin theory history mechanism that amends for |
|
123 the destructive behaviour of theory drafts. The @{text |
|
124 "checkpoint"} operation produces an intermediate stepping stone that |
|
125 survives the next update unscathed: both the original and the |
|
126 changed theory remain valid and are related by the sub-theory |
|
127 relation. This recovering of pure theory values comes at the cost |
|
128 of extra internal bookeeping. The cumulative effect of |
|
129 checkpointing is purged by the @{text "finish"} operation. |
|
130 |
|
131 History operations are usually managed by the system, e.g.\ notably |
|
132 in the Isar transaction loop. |
|
133 |
|
134 \medskip |
|
135 FIXME theory data |
|
136 *} |
138 *} |
137 |
139 |
138 text %mlref {* |
140 text %mlref {* |
|
141 \begin{mldecls} |
|
142 @{index_ML_type theory} \\ |
|
143 @{index_ML Theory.subthy: "theory * theory -> bool"} \\ |
|
144 @{index_ML Theory.merge: "theory * theory -> theory"} \\ |
|
145 @{index_ML Theory.checkpoint: "theory -> theory"} \\ |
|
146 @{index_ML Theory.copy: "theory -> theory"} \\[1ex] |
|
147 @{index_ML_type theory_ref} \\ |
|
148 @{index_ML Theory.self_ref: "theory -> theory_ref"} \\ |
|
149 @{index_ML Theory.deref: "theory_ref -> theory"} \\ |
|
150 \end{mldecls} |
|
151 |
|
152 \begin{description} |
|
153 |
|
154 \item @{ML_type theory} represents theory contexts. This is a |
|
155 linear type! Most operations destroy the old version, which then |
|
156 becomes ``stale''. |
|
157 |
|
158 \item @{ML "Theory.subthy"}~@{text "(thy\<^sub>1, thy\<^sub>2)"} |
|
159 compares theories according to the inherent graph structure of the |
|
160 construction. This sub-theory relation is a nominal approximation |
|
161 of inclusion (@{text "\<subseteq>"}) of the corresponding content. |
|
162 |
|
163 \item @{ML "Theory.merge"}~@{text "(thy\<^sub>1, thy\<^sub>2)"} |
|
164 absorbs one theory into the other. This fails for unrelated |
|
165 theories! |
|
166 |
|
167 \item @{ML "Theory.checkpoint"}~@{text "thy"} produces a safe |
|
168 stepping stone in the linear development of @{text "thy"}. The next |
|
169 update will result in two related, valid theories. |
|
170 |
|
171 \item @{ML "Theory.copy"}~@{text "thy"} produces a variant of @{text |
|
172 "thy"} that holds a copy of the same data. The copy is not related |
|
173 to the original, which is not touched at all. |
|
174 |
|
175 \item @{ML_type theory_ref} represents a sliding reference to a |
|
176 valid theory --- updates on the original are propagated |
|
177 automatically. |
|
178 |
|
179 \item @{ML "Theory.self_ref"} and @{ML "Theory.deref"} convert |
|
180 between @{ML_type "theory"} and @{ML_type "theory_ref"}. As the |
|
181 referenced theory evolves monotonically over time, later invocations |
|
182 of @{ML "Theory.deref"} may refer to larger contexts. |
|
183 |
|
184 \end{description} |
139 *} |
185 *} |
140 |
186 |
141 |
187 |
142 subsection {* Proof context \label{sec:context-proof} *} |
188 subsection {* Proof context \label{sec:context-proof} *} |
143 |
189 |
144 text {* |
190 text {* |
145 A proof context is an arbitrary container that is initialized from a |
191 \glossary{Proof context}{The static context of a structured proof, |
146 given theory. The result contains a back-reference to the theory it |
192 acts like a local ``theory'' of the current portion of Isar proof |
147 belongs to, together with pure data. No further bookkeeping is |
193 text, generalizes the idea of local hypotheses @{text "\<Gamma>"} in |
148 required here, thanks to the lack of destructive features. |
194 judgments @{text "\<Gamma> \<turnstile> \<phi>"} of natural deduction calculi. There is a |
149 |
195 generic notion of introducing and discharging hypotheses. |
150 There is no restriction on producing proof contexts, although the |
196 Arbritrary auxiliary context data may be adjoined.} |
151 usual discipline is to follow block structure as a mental model: a |
197 |
152 given context is extended consecutively, results are exported back |
198 A proof context is a container for pure data with a back-reference |
153 into the original context. In particular, the concept of Isar proof |
199 to the theory it belongs to. Modifications to draft theories are |
154 state models block-structured reasoning explicitly, using a stack of |
200 propagated automatically as usual, but there is also an explicit |
155 proof contexts. |
201 @{text "transfer"} operation to resynchronize with more substantial |
156 |
202 updates to the underlying theory. The actual context data does not |
157 Due to the lack of identification and back-referencing, entities |
203 require any special bookkeeping, thanks to the lack of destructive |
158 derived in a proof context need to record inherent logical |
204 features. |
159 requirements explicitly. For example, hypotheses used in a |
205 |
160 derivation will be recorded separately within the sequent @{text "\<Gamma> |
206 Entities derived in a proof context need to record inherent logical |
161 \<turnstile> \<phi>"}, just to make double sure. Results could leak into an alien |
207 requirements explicitly, since there is no separate context |
162 proof context do to programming errors, but Isabelle/Isar |
208 identification as for theories. For example, hypotheses used in |
163 occasionally includes extra validity checks at the end of a |
209 primitive derivations (cf.\ \secref{sec:thm}) are recorded |
164 sub-proof. |
210 separately within the sequent @{text "\<Gamma> \<turnstile> \<phi>"}, just to make double |
165 |
211 sure. Results could still leak into an alien proof context do to |
166 \medskip |
212 programming errors, but Isabelle/Isar includes some extra validity |
167 FIXME proof data |
213 checks in critical positions, notably at the end of sub-proof. |
168 |
214 |
169 \glossary{Proof context}{The static context of a structured proof, |
215 Proof contexts may be produced in arbitrary ways, although the |
170 acts like a local ``theory'' of the current portion of Isar proof |
216 common discipline is to follow block structure as a mental model: a |
171 text, generalizes the idea of local hypotheses @{text "\<Gamma>"} in |
217 given context is extended consecutively, and results are exported |
172 judgments @{text "\<Gamma> \<turnstile> \<phi>"} of natural deduction calculi. There is a |
218 back into the original context. Note that the Isar proof states |
173 generic notion of introducing and discharging hypotheses. Arbritrary |
219 model block-structured reasoning explicitly, using a stack of proof |
174 auxiliary context data may be adjoined.} |
220 contexts, cf.\ \secref{isar-proof-state}. |
175 |
|
176 *} |
221 *} |
177 |
222 |
178 text %mlref {* FIXME *} |
223 text %mlref {* FIXME *} |
179 |
224 |
180 |
225 |
181 subsection {* Generic contexts *} |
226 subsection {* Generic contexts *} |
182 |
227 |
183 text FIXME |
228 text FIXME |
184 |
229 |
185 text %mlref {* FIXME *} |
230 text %mlref {* FIXME *} |
|
231 |
|
232 |
|
233 subsection {* Context data *} |
|
234 |
|
235 text {* |
|
236 *} |
186 |
237 |
187 |
238 |
188 section {* Named entities *} |
239 section {* Named entities *} |
189 |
240 |
190 text {* Named entities of different kinds (logical constant, type, |
241 text {* Named entities of different kinds (logical constant, type, |