883 on sets in the file {\tt HOL/mono.ML}. |
883 on sets in the file {\tt HOL/mono.ML}. |
884 |
884 |
885 \section{Generic packages} |
885 \section{Generic packages} |
886 \label{sec:HOL:generic-packages} |
886 \label{sec:HOL:generic-packages} |
887 |
887 |
888 \HOL\ instantiates most of Isabelle's generic packages. |
888 \HOL\ instantiates most of Isabelle's generic packages, making available the |
|
889 simplifier and the classical reasoner. |
889 |
890 |
890 \subsection{Substitution and simplification} |
891 \subsection{Substitution and simplification} |
891 |
892 |
892 %Because it includes a general substitution rule, \HOL\ instantiates the |
893 The simplifier is available in \HOL. Tactics such as {\tt Asm_simp_tac} and |
893 %tactic {\tt hyp_subst_tac}, which substitutes for an equality throughout a |
894 {\tt |
894 %subgoal and its hypotheses. |
|
895 |
|
896 It instantiates the simplifier. Tactics such as {\tt Asm_simp_tac} and {\tt |
|
897 Full_simp_tac} use the default simpset ({\tt!simpset}), which works for most |
895 Full_simp_tac} use the default simpset ({\tt!simpset}), which works for most |
898 purposes. A minimal simplification set for higher-order logic |
896 purposes. A minimal simplification set for higher-order logic |
899 is~\ttindexbold{HOL_ss}. Equality~($=$), which also expresses logical |
897 is~\ttindexbold{HOL_ss}. Equality~($=$), which also expresses logical |
900 equivalence, may be used for rewriting. See the file {\tt HOL/simpdata.ML} |
898 equivalence, may be used for rewriting. See the file {\tt HOL/simpdata.ML} |
901 for a complete listing of the basic simplification rules. |
899 for a complete listing of the basic simplification rules. |
902 |
900 |
903 See \iflabelundefined{chap:classical}{the {\em Reference Manual\/}}% |
901 See \iflabelundefined{chap:classical}{the {\em Reference Manual\/}}% |
904 {Chaps.\ts\ref{substitution} and~\ref{simp-chap}} for details of substitution |
902 {Chaps.\ts\ref{substitution} and~\ref{simp-chap}} for details of substitution |
905 and simplification. |
903 and simplification. |
906 |
904 |
907 \begin{warn}\index{simplification!of conjunctions} |
905 \begin{warn}\index{simplification!of conjunctions}% |
908 The simplifier is not set up to reduce, for example, \verb$a = b & ...a...$ |
906 Reducing $a=b\conj P(a)$ to $a=b\conj P(b)$ is sometimes advantageous. The |
909 to \verb$a = b & ...b...$: it does not use the left part of a conjunction |
907 left part of a conjunction helps in simplifying the right part. This effect |
910 while simplifying the right part. This can be changed by including |
908 is not available by default: it can be slow. It can be obtained by |
911 \ttindex{conj_cong} in a simpset: \verb$addcongs [conj_cong]$. It can slow |
909 including \ttindex{conj_cong} in a simpset, \verb$addcongs [conj_cong]$. |
912 down rewriting and is therefore not included by default. |
|
913 \end{warn} |
910 \end{warn} |
914 |
911 |
915 In case a rewrite rule cannot be dealt with by the simplifier (either because |
912 If the simplifier cannot use a certain rewrite rule---either because of |
916 of nontermination or because its left-hand side is too flexible), HOL |
913 nontermination or because its left-hand side is too flexible---then you might |
917 provides {\tt stac}: |
914 try {\tt stac}: |
918 \begin{ttdescription} |
915 \begin{ttdescription} |
919 \item[\ttindexbold{stac} $thm$ $i,$] where $thm$ is of the form $lhs = rhs$, |
916 \item[\ttindexbold{stac} $thm$ $i,$] where $thm$ is of the form $lhs = rhs$, |
920 replaces in subgoal $i$ instances of $lhs$ by corresponding instances of |
917 replaces in subgoal $i$ instances of $lhs$ by corresponding instances of |
921 $rhs$. In case of multiple instances of $lhs$ in subgoal $i$, backtracking |
918 $rhs$. In case of multiple instances of $lhs$ in subgoal $i$, backtracking |
922 may be necessary to select the desired ones. |
919 may be necessary to select the desired ones. |
923 |
920 |
924 If $thm$ is a conditional equality, the instantiated condition becomes an |
921 If $thm$ is a conditional equality, the instantiated condition becomes an |
925 additional (first) subgoal. |
922 additional (first) subgoal. |
926 \end{ttdescription} |
923 \end{ttdescription} |
927 |
924 |
928 Because \HOL\ includes a general substitution rule, the tactic {\tt |
925 \HOL{} provides the tactic \ttindex{hyp_subst_tac}, which substitutes |
929 hyp_subst_tac}, which substitutes for an equality throughout a subgoal and |
926 for an equality throughout a subgoal and its hypotheses. This tactic uses |
930 its hypotheses, is also available. |
927 \HOL's general substitution rule. |
931 |
928 |
932 |
929 |
933 \subsection{Classical reasoning} |
930 \subsection{Classical reasoning} |
934 |
931 |
935 \HOL\ derives classical introduction rules for $\disj$ and~$\exists$, as |
932 \HOL\ derives classical introduction rules for $\disj$ and~$\exists$, as |
936 well as classical elimination rules for~$\imp$ and~$\bimp$, and the swap |
933 well as classical elimination rules for~$\imp$ and~$\bimp$, and the swap |
937 rule; recall Fig.\ts\ref{hol-lemmas2} above. |
934 rule; recall Fig.\ts\ref{hol-lemmas2} above. |
938 |
935 |
939 The classical reasoner is installed. Tactics such as {\tt Fast_tac} and {\tt |
936 The classical reasoner is installed. Tactics such as {\tt Blast_tac} and {\tt |
940 Best_tac} use the default claset ({\tt!claset}), which works for most |
937 Best_tac} use the default claset ({\tt!claset}), which works for most |
941 purposes. Named clasets include \ttindexbold{prop_cs}, which includes the |
938 purposes. Named clasets include \ttindexbold{prop_cs}, which includes the |
942 propositional rules, and \ttindexbold{HOL_cs}, which also includes quantifier |
939 propositional rules, and \ttindexbold{HOL_cs}, which also includes quantifier |
943 rules. See the file {\tt HOL/cladata.ML} for lists of the classical rules, |
940 rules. See the file {\tt HOL/cladata.ML} for lists of the classical rules, |
944 and \iflabelundefined{chap:classical}{the {\em Reference Manual\/}}% |
941 and \iflabelundefined{chap:classical}{the {\em Reference Manual\/}}% |
2025 Needham-Schroeder public-key authentication protocol~\cite{paulson-ns} |
2016 Needham-Schroeder public-key authentication protocol~\cite{paulson-ns} |
2026 and the Otway-Rees protocol. |
2017 and the Otway-Rees protocol. |
2027 |
2018 |
2028 Directory {\tt HOL/IMP} contains a formalization of various denotational, |
2019 Directory {\tt HOL/IMP} contains a formalization of various denotational, |
2029 operational and axiomatic semantics of a simple while-language, the necessary |
2020 operational and axiomatic semantics of a simple while-language, the necessary |
2030 equivalence proofs, soundness and completeness of the Hoare rules w.r.t.\ the |
2021 equivalence proofs, soundness and completeness of the Hoare rules with respect |
|
2022 to the |
2031 denotational semantics, and soundness and completeness of a verification |
2023 denotational semantics, and soundness and completeness of a verification |
2032 condition generator. Much of development is taken from |
2024 condition generator. Much of development is taken from |
2033 Winskel~\cite{winskel93}. For details see~\cite{nipkow-IMP}. |
2025 Winskel~\cite{winskel93}. For details see~\cite{nipkow-IMP}. |
2034 |
2026 |
2035 Directory {\tt HOL/Hoare} contains a user friendly surface syntax for Hoare |
2027 Directory {\tt HOL/Hoare} contains a user friendly surface syntax for Hoare |
2046 Directory {\tt HOL/Subst} contains Martin Coen's mechanisation of a theory of |
2038 Directory {\tt HOL/Subst} contains Martin Coen's mechanisation of a theory of |
2047 substitutions and unifiers. It is based on Paulson's previous |
2039 substitutions and unifiers. It is based on Paulson's previous |
2048 mechanisation in {\LCF}~\cite{paulson85} of Manna and Waldinger's |
2040 mechanisation in {\LCF}~\cite{paulson85} of Manna and Waldinger's |
2049 theory~\cite{mw81}. |
2041 theory~\cite{mw81}. |
2050 |
2042 |
|
2043 Directory {\tt HOL/Induct} presents simple examples of (co)inductive |
|
2044 definitions. |
|
2045 \begin{itemize} |
|
2046 \item Theory {\tt PropLog} proves the soundness and completeness of |
|
2047 classical propositional logic, given a truth table semantics. The only |
|
2048 connective is $\imp$. A Hilbert-style axiom system is specified, and its |
|
2049 set of theorems defined inductively. A similar proof in \ZF{} is |
|
2050 described elsewhere~\cite{paulson-set-II}. |
|
2051 |
|
2052 \item Theory {\tt Term} develops an experimental recursive type definition; |
|
2053 the recursion goes through the type constructor~\tydx{list}. |
|
2054 |
|
2055 \item Theory {\tt Simult} constructs mutually recursive sets of trees and |
|
2056 forests, including induction and recursion rules. |
|
2057 |
|
2058 \item The definition of lazy lists demonstrates methods for handling |
|
2059 infinite data structures and coinduction in higher-order |
|
2060 logic~\cite{paulson-coind}.% |
|
2061 \footnote{To be precise, these lists are \emph{potentially infinite} rather |
|
2062 than lazy. Lazy implies a particular operational semantics.} |
|
2063 Theory \thydx{LList} defines an operator for |
|
2064 corecursion on lazy lists, which is used to define a few simple functions |
|
2065 such as map and append. A coinduction principle is defined |
|
2066 for proving equations on lazy lists. |
|
2067 |
|
2068 \item Theory \thydx{LFilter} defines the filter functional for lazy lists. |
|
2069 This functional is notoriously difficult to define because finding the next |
|
2070 element meeting the predicate requires possibly unlimited search. It is not |
|
2071 computable, but can be expressed using a combination of induction and |
|
2072 corecursion. |
|
2073 |
|
2074 \item Theory \thydx{Exp} illustrates the use of iterated inductive definitions |
|
2075 to express a programming language semantics that appears to require mutual |
|
2076 induction. Iterated induction allows greater modularity. |
|
2077 \end{itemize} |
|
2078 |
2051 Directory {\tt HOL/ex} contains other examples and experimental proofs in |
2079 Directory {\tt HOL/ex} contains other examples and experimental proofs in |
2052 {\HOL}. Here is an overview of the more interesting files. |
2080 {\HOL}. |
2053 \begin{itemize} |
2081 \begin{itemize} |
2054 \item File {\tt cla.ML} demonstrates the classical reasoner on over sixty |
2082 \item File {\tt cla.ML} demonstrates the classical reasoner on over sixty |
2055 predicate calculus theorems, ranging from simple tautologies to |
2083 predicate calculus theorems, ranging from simple tautologies to |
2056 moderately difficult problems involving equality and quantifiers. |
2084 moderately difficult problems involving equality and quantifiers. |
2057 |
2085 |
2064 \item File {\tt mesontest.ML} contains test data for the {\sc meson} proof |
2092 \item File {\tt mesontest.ML} contains test data for the {\sc meson} proof |
2065 procedure. These are mostly taken from Pelletier \cite{pelletier86}. |
2093 procedure. These are mostly taken from Pelletier \cite{pelletier86}. |
2066 |
2094 |
2067 \item File {\tt set.ML} proves Cantor's Theorem, which is presented in |
2095 \item File {\tt set.ML} proves Cantor's Theorem, which is presented in |
2068 \S\ref{sec:hol-cantor} below, and the Schr\"oder-Bernstein Theorem. |
2096 \S\ref{sec:hol-cantor} below, and the Schr\"oder-Bernstein Theorem. |
2069 |
|
2070 \item The definition of lazy lists demonstrates methods for handling |
|
2071 infinite data structures and coinduction in higher-order |
|
2072 logic~\cite{paulson-coind}. Theory \thydx{LList} defines an operator for |
|
2073 corecursion on lazy lists, which is used to define a few simple functions |
|
2074 such as map and append. Corecursion cannot easily define operations such |
|
2075 as filter, which can compute indefinitely before yielding the next |
|
2076 element (if any!) of the lazy list. A coinduction principle is defined |
|
2077 for proving equations on lazy lists. |
|
2078 |
|
2079 \item Theory {\tt PropLog} proves the soundness and completeness of |
|
2080 classical propositional logic, given a truth table semantics. The only |
|
2081 connective is $\imp$. A Hilbert-style axiom system is specified, and its |
|
2082 set of theorems defined inductively. A similar proof in \ZF{} is |
|
2083 described elsewhere~\cite{paulson-set-II}. |
|
2084 |
|
2085 \item Theory {\tt Term} develops an experimental recursive type definition; |
|
2086 the recursion goes through the type constructor~\tydx{list}. |
|
2087 |
|
2088 \item Theory {\tt Simult} constructs mutually recursive sets of trees and |
|
2089 forests, including induction and recursion rules. |
|
2090 |
2097 |
2091 \item Theory {\tt MT} contains Jacob Frost's formalization~\cite{frost93} of |
2098 \item Theory {\tt MT} contains Jacob Frost's formalization~\cite{frost93} of |
2092 Milner and Tofte's coinduction example~\cite{milner-coind}. This |
2099 Milner and Tofte's coinduction example~\cite{milner-coind}. This |
2093 substantial proof concerns the soundness of a type system for a simple |
2100 substantial proof concerns the soundness of a type system for a simple |
2094 functional language. The semantics of recursion is given by a cyclic |
2101 functional language. The semantics of recursion is given by a cyclic |