511 |
511 |
512 \medskip An \emph{oracle} is a function that produces axioms on the |
512 \medskip An \emph{oracle} is a function that produces axioms on the |
513 fly. Logically, this is an instance of the @{text "axiom"} rule |
513 fly. Logically, this is an instance of the @{text "axiom"} rule |
514 (\figref{fig:prim-rules}), but there is an operational difference. |
514 (\figref{fig:prim-rules}), but there is an operational difference. |
515 The system always records oracle invocations within derivations of |
515 The system always records oracle invocations within derivations of |
516 theorems. Tracing plain axioms (and named theorems) is optional. |
516 theorems by a unique tag. |
517 |
517 |
518 Axiomatizations should be limited to the bare minimum, typically as |
518 Axiomatizations should be limited to the bare minimum, typically as |
519 part of the initial logical basis of an object-logic formalization. |
519 part of the initial logical basis of an object-logic formalization. |
520 Later on, theories are usually developed in a strictly definitional |
520 Later on, theories are usually developed in a strictly definitional |
521 fashion, by stating only certain equalities over new constants. |
521 fashion, by stating only certain equalities over new constants. |
571 and terms, respectively. These are abstract datatypes that |
571 and terms, respectively. These are abstract datatypes that |
572 guarantee that its values have passed the full well-formedness (and |
572 guarantee that its values have passed the full well-formedness (and |
573 well-typedness) checks, relative to the declarations of type |
573 well-typedness) checks, relative to the declarations of type |
574 constructors, constants etc. in the theory. |
574 constructors, constants etc. in the theory. |
575 |
575 |
576 \item @{ML ctyp_of}~@{text "thy \<tau>"} and @{ML cterm_of}~@{text "thy |
576 \item @{ML Thm.ctyp_of}~@{text "thy \<tau>"} and @{ML |
577 t"} explicitly checks types and terms, respectively. This also |
577 Thm.cterm_of}~@{text "thy t"} explicitly checks types and terms, |
578 involves some basic normalizations, such expansion of type and term |
578 respectively. This also involves some basic normalizations, such |
579 abbreviations from the theory context. |
579 expansion of type and term abbreviations from the theory context. |
580 |
580 |
581 Re-certification is relatively slow and should be avoided in tight |
581 Re-certification is relatively slow and should be avoided in tight |
582 reasoning loops. There are separate operations to decompose |
582 reasoning loops. There are separate operations to decompose |
583 certified entities (including actual theorems). |
583 certified entities (including actual theorems). |
584 |
584 |
587 constructed by basic principles of the @{ML_struct Thm} module. |
587 constructed by basic principles of the @{ML_struct Thm} module. |
588 Every @{ML thm} value contains a sliding back-reference to the |
588 Every @{ML thm} value contains a sliding back-reference to the |
589 enclosing theory, cf.\ \secref{sec:context-theory}. |
589 enclosing theory, cf.\ \secref{sec:context-theory}. |
590 |
590 |
591 \item @{ML proofs} determines the detail of proof recording within |
591 \item @{ML proofs} determines the detail of proof recording within |
592 @{ML_type thm} values: @{ML 0} records only oracles, @{ML 1} records |
592 @{ML_type thm} values: @{ML 0} records only the names of oracles, |
593 oracles, axioms and named theorems, @{ML 2} records full proof |
593 @{ML 1} records oracle names and propositions, @{ML 2} additionally |
594 terms. |
594 records full proof terms. Officially named theorems that contribute |
|
595 to a result are always recorded. |
595 |
596 |
596 \item @{ML Thm.assume}, @{ML Thm.forall_intr}, @{ML |
597 \item @{ML Thm.assume}, @{ML Thm.forall_intr}, @{ML |
597 Thm.forall_elim}, @{ML Thm.implies_intr}, and @{ML Thm.implies_elim} |
598 Thm.forall_elim}, @{ML Thm.implies_intr}, and @{ML Thm.implies_elim} |
598 correspond to the primitive inferences of \figref{fig:prim-rules}. |
599 correspond to the primitive inferences of \figref{fig:prim-rules}. |
599 |
600 |
723 *} |
724 *} |
724 |
725 |
725 |
726 |
726 section {* Object-level rules \label{sec:obj-rules} *} |
727 section {* Object-level rules \label{sec:obj-rules} *} |
727 |
728 |
728 text %FIXME {* |
729 text {* |
729 |
730 The primitive inferences covered so far mostly serve foundational |
730 FIXME |
731 purposes. User-level reasoning usually works via object-level rules |
731 |
732 that are represented as theorems of Pure. Composition of rules |
732 A \emph{rule} is any Pure theorem in HHF normal form; there is a |
733 works via \emph{higher-order backchaining}, which involves |
733 separate calculus for rule composition, which is modeled after |
734 unification module @{text "\<alpha>\<beta>\<eta>"}-conversion of @{text "\<lambda>"}-terms, |
734 Gentzen's Natural Deduction \cite{Gentzen:1935}, but allows |
735 and so-called \emph{lifting} of rules into a context of @{text "\<And>"} |
735 rules to be nested arbitrarily, similar to \cite{extensions91}. |
736 and @{text "\<Longrightarrow>"} connectives. Thus the full power of higher-order |
736 |
737 natural deduction in Isabelle/Pure becomes readily available. |
737 Normally, all theorems accessible to the user are proper rules. |
738 |
738 Low-level inferences are occasional required internally, but the |
739 The idea of object-level rules is to model Natural Deduction |
739 result should be always presented in canonical form. The higher |
740 inferences in the style of Gentzen \cite{Gentzen:1935}, but we allow |
740 interfaces of Isabelle/Isar will always produce proper rules. It is |
741 arbitrary nesting similar to \cite{extensions91}. The most basic |
741 important to maintain this invariant in add-on applications! |
742 rule format is that of a \emph{Horn Clause}: |
742 |
743 \[ |
743 There are two main principles of rule composition: @{text |
744 \infer{@{text "A"}}{@{text "A\<^sub>1"} & @{text "\<dots>"} & @{text "A\<^sub>n"}} |
744 "resolution"} (i.e.\ backchaining of rules) and @{text |
745 \] |
745 "by-assumption"} (i.e.\ closing a branch); both principles are |
746 where @{text "A, A\<^sub>1, \<dots>, A\<^sub>n"} are atomic propositions |
746 combined in the variants of @{text "elim-resolution"} and @{text |
747 of the framework, usually of the form @{text "Trueprop B"}, where |
747 "dest-resolution"}. Raw @{text "composition"} is occasionally |
748 @{text "B"} is a (compound) object-level statement. This |
|
749 object-level inference corresponds to an iterated implication in |
|
750 Pure like this: |
|
751 \[ |
|
752 @{text "A\<^sub>1 \<Longrightarrow> \<dots> A\<^sub>n \<Longrightarrow> A"} |
|
753 \] |
|
754 Any parameters occurring in rule statement are conceptionally |
|
755 treated as arbitrary: |
|
756 \[ |
|
757 @{text "\<And>x\<^sub>1 \<dots> x\<^sub>m. A\<^sub>1 \<Longrightarrow> \<dots> A\<^sub>n \<Longrightarrow> A"} |
|
758 \] |
|
759 This outermost quantifier prefix via is represented in Isabelle via |
|
760 schematic variables @{text "?x\<^sub>1, \<dots>, ?x\<^sub>m"} occurring in |
|
761 the statement body. Note that this representation lacks information |
|
762 about the order of parameters, and vacuous quantifiers disappear |
|
763 automatically. |
|
764 |
|
765 \medskip Nesting of rules means that the positions of @{text |
|
766 "A\<^sub>i"} may hold recursively rules of the same shape, not just |
|
767 atomic propositions. This format is called \emph{Hereditary Harrop |
|
768 Form} in the literature \cite{Miller:1991} and may be characterized |
|
769 inductively as follows: |
|
770 |
|
771 \medskip |
|
772 \begin{tabular}{ll} |
|
773 @{text "\<^bold>x"} & set of variables \\ |
|
774 @{text "\<^bold>A"} & set of atomic propositions \\ |
|
775 @{text "\<^bold>H = \<And>\<^bold>x\<^sup>*. \<^bold>H\<^sup>* \<Longrightarrow> \<^bold>A"} & set of Hereditary Harrop Formulas \\ |
|
776 \end{tabular} |
|
777 \medskip |
|
778 |
|
779 \noindent Due to @{prop "(PROP A \<Longrightarrow> (\<And>x. PROP B x)) \<equiv> (\<And>x. PROP A \<Longrightarrow> |
|
780 PROP B x)"} any Pure proposition can be seen a rule in HHF format. |
|
781 Some operations in Isabelle already work modulo that equivalence, in |
|
782 other places results are explicitly put into canonical form (e.g.\ |
|
783 when exporting results, notably at the end of a proof). Regular |
|
784 user-level results should always be in canonical HHF format. |
|
785 |
|
786 There are two main principles of rule composition: @{inference |
|
787 resolution} (i.e.\ backchaining of rules) and @{inference |
|
788 assumption} (i.e.\ closing a branch); both principles are combined |
|
789 in the variants of @{inference elim_resolution} and @{inference |
|
790 dest_resolution}. Raw @{inference composition} is occasionally |
748 useful as well, also it is strictly speaking outside of the proper |
791 useful as well, also it is strictly speaking outside of the proper |
749 rule calculus. |
792 rule calculus. |
750 |
793 |
751 Rules are treated modulo general higher-order unification, which is |
|
752 unification modulo the equational theory of @{text "\<alpha>\<beta>\<eta>"}-conversion |
|
753 on @{text "\<lambda>"}-terms. Moreover, propositions are understood modulo |
|
754 the (derived) equivalence @{text "(A \<Longrightarrow> (\<And>x. B x)) \<equiv> (\<And>x. A \<Longrightarrow> B x)"}. |
|
755 |
794 |
756 This means that any operations within the rule calculus may be |
795 This means that any operations within the rule calculus may be |
757 subject to spontaneous @{text "\<alpha>\<beta>\<eta>"}-HHF conversions. It is common |
796 subject to spontaneous @{text "\<alpha>\<beta>\<eta>"}-HHF conversions. It is common |
758 practice not to contract or expand unnecessarily. Some mechanisms |
797 practice not to contract or expand unnecessarily. Some mechanisms |
759 prefer an one form, others the opposite, so there is a potential |
798 prefer an one form, others the opposite, so there is a potential |
760 danger to produce some oscillation! |
799 danger to produce some oscillation! |
761 |
800 |
762 Only few operations really work \emph{modulo} HHF conversion, but |
801 \[ |
763 expect a normal form: quantifiers @{text "\<And>"} before implications |
802 \infer[(@{inference assumption})]{@{text "C\<vartheta>"}} |
764 @{text "\<Longrightarrow>"} at each level of nesting. |
|
765 |
|
766 The set of propositions in HHF format is defined inductively as |
|
767 @{text "H = (\<And>x\<^sup>*. H\<^sup>* \<Longrightarrow> A)"}, for variables @{text "x"} |
|
768 and atomic propositions @{text "A"}. Any proposition may be put |
|
769 into HHF form by normalizing with the rule @{text "(A \<Longrightarrow> (\<And>x. B x)) \<equiv> |
|
770 (\<And>x. A \<Longrightarrow> B x)"}. In Isabelle, the outermost quantifier prefix is |
|
771 represented via schematic variables, such that the top-level |
|
772 structure is merely that of a Horn Clause. |
|
773 |
|
774 |
|
775 \[ |
|
776 \infer[@{text "(assumption)"}]{@{text "C\<vartheta>"}} |
|
777 {@{text "(\<And>\<^vec>x. \<^vec>H \<^vec>x \<Longrightarrow> A \<^vec>x) \<Longrightarrow> C"} & @{text "A\<vartheta> = H\<^sub>i\<vartheta>"}~~\text{(for some~@{text i})}} |
803 {@{text "(\<And>\<^vec>x. \<^vec>H \<^vec>x \<Longrightarrow> A \<^vec>x) \<Longrightarrow> C"} & @{text "A\<vartheta> = H\<^sub>i\<vartheta>"}~~\text{(for some~@{text i})}} |
778 \] |
804 \] |
779 |
805 |
780 |
806 |
781 \[ |
807 \[ |
782 \infer[@{text "(compose)"}]{@{text "\<^vec>A\<vartheta> \<Longrightarrow> C\<vartheta>"}} |
808 \infer[(@{inference composition})]{@{text "\<^vec>A\<vartheta> \<Longrightarrow> C\<vartheta>"}} |
783 {@{text "\<^vec>A \<Longrightarrow> B"} & @{text "B' \<Longrightarrow> C"} & @{text "B\<vartheta> = B'\<vartheta>"}} |
809 {@{text "\<^vec>A \<Longrightarrow> B"} & @{text "B' \<Longrightarrow> C"} & @{text "B\<vartheta> = B'\<vartheta>"}} |
784 \] |
810 \] |
785 |
811 |
786 |
812 |
787 \[ |
813 \[ |
793 |
819 |
794 The @{text resolve} scheme is now acquired from @{text "\<And>_lift"}, |
820 The @{text resolve} scheme is now acquired from @{text "\<And>_lift"}, |
795 @{text "\<Longrightarrow>_lift"}, and @{text compose}. |
821 @{text "\<Longrightarrow>_lift"}, and @{text compose}. |
796 |
822 |
797 \[ |
823 \[ |
798 \infer[@{text "(resolution)"}] |
824 \infer[(@{inference resolution})] |
799 {@{text "(\<And>\<^vec>x. \<^vec>H \<^vec>x \<Longrightarrow> \<^vec>A (?\<^vec>a \<^vec>x))\<vartheta> \<Longrightarrow> C\<vartheta>"}} |
825 {@{text "(\<And>\<^vec>x. \<^vec>H \<^vec>x \<Longrightarrow> \<^vec>A (?\<^vec>a \<^vec>x))\<vartheta> \<Longrightarrow> C\<vartheta>"}} |
800 {\begin{tabular}{l} |
826 {\begin{tabular}{l} |
801 @{text "\<^vec>A ?\<^vec>a \<Longrightarrow> B ?\<^vec>a"} \\ |
827 @{text "\<^vec>A ?\<^vec>a \<Longrightarrow> B ?\<^vec>a"} \\ |
802 @{text "(\<And>\<^vec>x. \<^vec>H \<^vec>x \<Longrightarrow> B' \<^vec>x) \<Longrightarrow> C"} \\ |
828 @{text "(\<And>\<^vec>x. \<^vec>H \<^vec>x \<Longrightarrow> B' \<^vec>x) \<Longrightarrow> C"} \\ |
803 @{text "(\<lambda>\<^vec>x. B (?\<^vec>a \<^vec>x))\<vartheta> = B'\<vartheta>"} \\ |
829 @{text "(\<lambda>\<^vec>x. B (?\<^vec>a \<^vec>x))\<vartheta> = B'\<vartheta>"} \\ |
804 \end{tabular}} |
830 \end{tabular}} |
805 \] |
831 \] |
806 |
832 |
807 |
833 |
808 FIXME @{text "elim_resolution"}, @{text "dest_resolution"} |
834 FIXME @{inference elim_resolution}, @{inference dest_resolution} |
809 *} |
835 *} |
|
836 |
|
837 |
|
838 text %mlref {* |
|
839 \begin{mldecls} |
|
840 @{index_ML "op RS": "thm * thm -> thm"} \\ |
|
841 @{index_ML "op OF": "thm * thm list -> thm"} \\ |
|
842 @{index_ML MetaSimplifier.norm_hhf: "thm -> thm"} \\ |
|
843 \end{mldecls} |
|
844 |
|
845 \begin{description} |
|
846 |
|
847 \item @{text "thm\<^sub>1 RS thm\<^sub>2"} FIXME |
|
848 |
|
849 \item @{text "thm OF thms"} FIXME |
|
850 |
|
851 \item @{ML MetaSimplifier.norm_hhf}~@{text thm} FIXME |
|
852 |
|
853 \end{description} |
|
854 *} |
|
855 |
810 |
856 |
811 end |
857 end |