|
1 theory Integration |
|
2 imports Base |
|
3 begin |
|
4 |
|
5 chapter {* System integration *} |
|
6 |
|
7 section {* Isar toplevel \label{sec:isar-toplevel} *} |
|
8 |
|
9 text {* The Isar toplevel may be considered the centeral hub of the |
|
10 Isabelle/Isar system, where all key components and sub-systems are |
|
11 integrated into a single read-eval-print loop of Isar commands. We |
|
12 shall even incorporate the existing {\ML} toplevel of the compiler |
|
13 and run-time system (cf.\ \secref{sec:ML-toplevel}). |
|
14 |
|
15 Isabelle/Isar departs from the original ``LCF system architecture'' |
|
16 where {\ML} was really The Meta Language for defining theories and |
|
17 conducting proofs. Instead, {\ML} now only serves as the |
|
18 implementation language for the system (and user extensions), while |
|
19 the specific Isar toplevel supports the concepts of theory and proof |
|
20 development natively. This includes the graph structure of theories |
|
21 and the block structure of proofs, support for unlimited undo, |
|
22 facilities for tracing, debugging, timing, profiling etc. |
|
23 |
|
24 \medskip The toplevel maintains an implicit state, which is |
|
25 transformed by a sequence of transitions -- either interactively or |
|
26 in batch-mode. In interactive mode, Isar state transitions are |
|
27 encapsulated as safe transactions, such that both failure and undo |
|
28 are handled conveniently without destroying the underlying draft |
|
29 theory (cf.~\secref{sec:context-theory}). In batch mode, |
|
30 transitions operate in a linear (destructive) fashion, such that |
|
31 error conditions abort the present attempt to construct a theory or |
|
32 proof altogether. |
|
33 |
|
34 The toplevel state is a disjoint sum of empty @{text toplevel}, or |
|
35 @{text theory}, or @{text proof}. On entering the main Isar loop we |
|
36 start with an empty toplevel. A theory is commenced by giving a |
|
37 @{text \<THEORY>} header; within a theory we may issue theory |
|
38 commands such as @{text \<DEFINITION>}, or state a @{text |
|
39 \<THEOREM>} to be proven. Now we are within a proof state, with a |
|
40 rich collection of Isar proof commands for structured proof |
|
41 composition, or unstructured proof scripts. When the proof is |
|
42 concluded we get back to the theory, which is then updated by |
|
43 storing the resulting fact. Further theory declarations or theorem |
|
44 statements with proofs may follow, until we eventually conclude the |
|
45 theory development by issuing @{text \<END>}. The resulting theory |
|
46 is then stored within the theory database and we are back to the |
|
47 empty toplevel. |
|
48 |
|
49 In addition to these proper state transformations, there are also |
|
50 some diagnostic commands for peeking at the toplevel state without |
|
51 modifying it (e.g.\ \isakeyword{thm}, \isakeyword{term}, |
|
52 \isakeyword{print-cases}). |
|
53 *} |
|
54 |
|
55 text %mlref {* |
|
56 \begin{mldecls} |
|
57 @{index_ML_type Toplevel.state} \\ |
|
58 @{index_ML Toplevel.UNDEF: "exn"} \\ |
|
59 @{index_ML Toplevel.is_toplevel: "Toplevel.state -> bool"} \\ |
|
60 @{index_ML Toplevel.theory_of: "Toplevel.state -> theory"} \\ |
|
61 @{index_ML Toplevel.proof_of: "Toplevel.state -> Proof.state"} \\ |
|
62 @{index_ML Toplevel.debug: "bool ref"} \\ |
|
63 @{index_ML Toplevel.timing: "bool ref"} \\ |
|
64 @{index_ML Toplevel.profiling: "int ref"} \\ |
|
65 \end{mldecls} |
|
66 |
|
67 \begin{description} |
|
68 |
|
69 \item @{ML_type Toplevel.state} represents Isar toplevel states, |
|
70 which are normally manipulated through the concept of toplevel |
|
71 transitions only (\secref{sec:toplevel-transition}). Also note that |
|
72 a raw toplevel state is subject to the same linearity restrictions |
|
73 as a theory context (cf.~\secref{sec:context-theory}). |
|
74 |
|
75 \item @{ML Toplevel.UNDEF} is raised for undefined toplevel |
|
76 operations. Many operations work only partially for certain cases, |
|
77 since @{ML_type Toplevel.state} is a sum type. |
|
78 |
|
79 \item @{ML Toplevel.is_toplevel}~@{text "state"} checks for an empty |
|
80 toplevel state. |
|
81 |
|
82 \item @{ML Toplevel.theory_of}~@{text "state"} selects the theory of |
|
83 a theory or proof (!), otherwise raises @{ML Toplevel.UNDEF}. |
|
84 |
|
85 \item @{ML Toplevel.proof_of}~@{text "state"} selects the Isar proof |
|
86 state if available, otherwise raises @{ML Toplevel.UNDEF}. |
|
87 |
|
88 \item @{ML "set Toplevel.debug"} makes the toplevel print further |
|
89 details about internal error conditions, exceptions being raised |
|
90 etc. |
|
91 |
|
92 \item @{ML "set Toplevel.timing"} makes the toplevel print timing |
|
93 information for each Isar command being executed. |
|
94 |
|
95 \item @{ML Toplevel.profiling}~@{verbatim ":="}~@{text "n"} controls |
|
96 low-level profiling of the underlying {\ML} runtime system. For |
|
97 Poly/ML, @{text "n = 1"} means time and @{text "n = 2"} space |
|
98 profiling. |
|
99 |
|
100 \end{description} |
|
101 *} |
|
102 |
|
103 |
|
104 subsection {* Toplevel transitions \label{sec:toplevel-transition} *} |
|
105 |
|
106 text {* |
|
107 An Isar toplevel transition consists of a partial function on the |
|
108 toplevel state, with additional information for diagnostics and |
|
109 error reporting: there are fields for command name, source position, |
|
110 optional source text, as well as flags for interactive-only commands |
|
111 (which issue a warning in batch-mode), printing of result state, |
|
112 etc. |
|
113 |
|
114 The operational part is represented as the sequential union of a |
|
115 list of partial functions, which are tried in turn until the first |
|
116 one succeeds. This acts like an outer case-expression for various |
|
117 alternative state transitions. For example, \isakeyword{qed} acts |
|
118 differently for a local proofs vs.\ the global ending of the main |
|
119 proof. |
|
120 |
|
121 Toplevel transitions are composed via transition transformers. |
|
122 Internally, Isar commands are put together from an empty transition |
|
123 extended by name and source position (and optional source text). It |
|
124 is then left to the individual command parser to turn the given |
|
125 concrete syntax into a suitable transition transformer that adjoins |
|
126 actual operations on a theory or proof state etc. |
|
127 *} |
|
128 |
|
129 text %mlref {* |
|
130 \begin{mldecls} |
|
131 @{index_ML Toplevel.print: "Toplevel.transition -> Toplevel.transition"} \\ |
|
132 @{index_ML Toplevel.no_timing: "Toplevel.transition -> Toplevel.transition"} \\ |
|
133 @{index_ML Toplevel.keep: "(Toplevel.state -> unit) -> |
|
134 Toplevel.transition -> Toplevel.transition"} \\ |
|
135 @{index_ML Toplevel.theory: "(theory -> theory) -> |
|
136 Toplevel.transition -> Toplevel.transition"} \\ |
|
137 @{index_ML Toplevel.theory_to_proof: "(theory -> Proof.state) -> |
|
138 Toplevel.transition -> Toplevel.transition"} \\ |
|
139 @{index_ML Toplevel.proof: "(Proof.state -> Proof.state) -> |
|
140 Toplevel.transition -> Toplevel.transition"} \\ |
|
141 @{index_ML Toplevel.proofs: "(Proof.state -> Proof.state Seq.seq) -> |
|
142 Toplevel.transition -> Toplevel.transition"} \\ |
|
143 @{index_ML Toplevel.end_proof: "(bool -> Proof.state -> Proof.context) -> |
|
144 Toplevel.transition -> Toplevel.transition"} \\ |
|
145 \end{mldecls} |
|
146 |
|
147 \begin{description} |
|
148 |
|
149 \item @{ML Toplevel.print}~@{text "tr"} sets the print flag, which |
|
150 causes the toplevel loop to echo the result state (in interactive |
|
151 mode). |
|
152 |
|
153 \item @{ML Toplevel.no_timing}~@{text "tr"} indicates that the |
|
154 transition should never show timing information, e.g.\ because it is |
|
155 a diagnostic command. |
|
156 |
|
157 \item @{ML Toplevel.keep}~@{text "tr"} adjoins a diagnostic |
|
158 function. |
|
159 |
|
160 \item @{ML Toplevel.theory}~@{text "tr"} adjoins a theory |
|
161 transformer. |
|
162 |
|
163 \item @{ML Toplevel.theory_to_proof}~@{text "tr"} adjoins a global |
|
164 goal function, which turns a theory into a proof state. The theory |
|
165 may be changed before entering the proof; the generic Isar goal |
|
166 setup includes an argument that specifies how to apply the proven |
|
167 result to the theory, when the proof is finished. |
|
168 |
|
169 \item @{ML Toplevel.proof}~@{text "tr"} adjoins a deterministic |
|
170 proof command, with a singleton result. |
|
171 |
|
172 \item @{ML Toplevel.proofs}~@{text "tr"} adjoins a general proof |
|
173 command, with zero or more result states (represented as a lazy |
|
174 list). |
|
175 |
|
176 \item @{ML Toplevel.end_proof}~@{text "tr"} adjoins a concluding |
|
177 proof command, that returns the resulting theory, after storing the |
|
178 resulting facts in the context etc. |
|
179 |
|
180 \end{description} |
|
181 *} |
|
182 |
|
183 |
|
184 subsection {* Toplevel control *} |
|
185 |
|
186 text {* |
|
187 There are a few special control commands that modify the behavior |
|
188 the toplevel itself, and only make sense in interactive mode. Under |
|
189 normal circumstances, the user encounters these only implicitly as |
|
190 part of the protocol between the Isabelle/Isar system and a |
|
191 user-interface such as ProofGeneral. |
|
192 |
|
193 \begin{description} |
|
194 |
|
195 \item \isacommand{undo} follows the three-level hierarchy of empty |
|
196 toplevel vs.\ theory vs.\ proof: undo within a proof reverts to the |
|
197 previous proof context, undo after a proof reverts to the theory |
|
198 before the initial goal statement, undo of a theory command reverts |
|
199 to the previous theory value, undo of a theory header discontinues |
|
200 the current theory development and removes it from the theory |
|
201 database (\secref{sec:theory-database}). |
|
202 |
|
203 \item \isacommand{kill} aborts the current level of development: |
|
204 kill in a proof context reverts to the theory before the initial |
|
205 goal statement, kill in a theory context aborts the current theory |
|
206 development, removing it from the database. |
|
207 |
|
208 \item \isacommand{exit} drops out of the Isar toplevel into the |
|
209 underlying {\ML} toplevel (\secref{sec:ML-toplevel}). The Isar |
|
210 toplevel state is preserved and may be continued later. |
|
211 |
|
212 \item \isacommand{quit} terminates the Isabelle/Isar process without |
|
213 saving. |
|
214 |
|
215 \end{description} |
|
216 *} |
|
217 |
|
218 |
|
219 section {* ML toplevel \label{sec:ML-toplevel} *} |
|
220 |
|
221 text {* |
|
222 The {\ML} toplevel provides a read-compile-eval-print loop for {\ML} |
|
223 values, types, structures, and functors. {\ML} declarations operate |
|
224 on the global system state, which consists of the compiler |
|
225 environment plus the values of {\ML} reference variables. There is |
|
226 no clean way to undo {\ML} declarations, except for reverting to a |
|
227 previously saved state of the whole Isabelle process. {\ML} input |
|
228 is either read interactively from a TTY, or from a string (usually |
|
229 within a theory text), or from a source file (usually loaded from a |
|
230 theory). |
|
231 |
|
232 Whenever the {\ML} toplevel is active, the current Isabelle theory |
|
233 context is passed as an internal reference variable. Thus {\ML} |
|
234 code may access the theory context during compilation, it may even |
|
235 change the value of a theory being under construction --- while |
|
236 observing the usual linearity restrictions |
|
237 (cf.~\secref{sec:context-theory}). |
|
238 *} |
|
239 |
|
240 text %mlref {* |
|
241 \begin{mldecls} |
|
242 @{index_ML the_context: "unit -> theory"} \\ |
|
243 @{index_ML "Context.>> ": "(Context.generic -> Context.generic) -> unit"} \\ |
|
244 \end{mldecls} |
|
245 |
|
246 \begin{description} |
|
247 |
|
248 \item @{ML "the_context ()"} refers to the theory context of the |
|
249 {\ML} toplevel --- at compile time! {\ML} code needs to take care |
|
250 to refer to @{ML "the_context ()"} correctly. Recall that |
|
251 evaluation of a function body is delayed until actual runtime. |
|
252 Moreover, persistent {\ML} toplevel bindings to an unfinished theory |
|
253 should be avoided: code should either project out the desired |
|
254 information immediately, or produce an explicit @{ML_type |
|
255 theory_ref} (cf.\ \secref{sec:context-theory}). |
|
256 |
|
257 \item @{ML "Context.>>"}~@{text f} applies context transformation |
|
258 @{text f} to the implicit context of the {\ML} toplevel. |
|
259 |
|
260 \end{description} |
|
261 |
|
262 It is very important to note that the above functions are really |
|
263 restricted to the compile time, even though the {\ML} compiler is |
|
264 invoked at runtime! The majority of {\ML} code uses explicit |
|
265 functional arguments of a theory or proof context instead. Thus it |
|
266 may be invoked for an arbitrary context later on, without having to |
|
267 worry about any operational details. |
|
268 |
|
269 \bigskip |
|
270 |
|
271 \begin{mldecls} |
|
272 @{index_ML Isar.main: "unit -> unit"} \\ |
|
273 @{index_ML Isar.loop: "unit -> unit"} \\ |
|
274 @{index_ML Isar.state: "unit -> Toplevel.state"} \\ |
|
275 @{index_ML Isar.exn: "unit -> (exn * string) option"} \\ |
|
276 @{index_ML Isar.context: "unit -> Proof.context"} \\ |
|
277 @{index_ML Isar.goal: "unit -> thm"} \\ |
|
278 \end{mldecls} |
|
279 |
|
280 \begin{description} |
|
281 |
|
282 \item @{ML "Isar.main ()"} invokes the Isar toplevel from {\ML}, |
|
283 initializing an empty toplevel state. |
|
284 |
|
285 \item @{ML "Isar.loop ()"} continues the Isar toplevel with the |
|
286 current state, after having dropped out of the Isar toplevel loop. |
|
287 |
|
288 \item @{ML "Isar.state ()"} and @{ML "Isar.exn ()"} get current |
|
289 toplevel state and error condition, respectively. This only works |
|
290 after having dropped out of the Isar toplevel loop. |
|
291 |
|
292 \item @{ML "Isar.context ()"} produces the proof context from @{ML |
|
293 "Isar.state ()"}, analogous to @{ML Context.proof_of} |
|
294 (\secref{sec:generic-context}). |
|
295 |
|
296 \item @{ML "Isar.goal ()"} picks the tactical goal from @{ML |
|
297 "Isar.state ()"}, represented as a theorem according to |
|
298 \secref{sec:tactical-goals}. |
|
299 |
|
300 \end{description} |
|
301 *} |
|
302 |
|
303 |
|
304 section {* Theory database \label{sec:theory-database} *} |
|
305 |
|
306 text {* |
|
307 The theory database maintains a collection of theories, together |
|
308 with some administrative information about their original sources, |
|
309 which are held in an external store (i.e.\ some directory within the |
|
310 regular file system). |
|
311 |
|
312 The theory database is organized as a directed acyclic graph; |
|
313 entries are referenced by theory name. Although some additional |
|
314 interfaces allow to include a directory specification as well, this |
|
315 is only a hint to the underlying theory loader. The internal theory |
|
316 name space is flat! |
|
317 |
|
318 Theory @{text A} is associated with the main theory file @{text |
|
319 A}\verb,.thy,, which needs to be accessible through the theory |
|
320 loader path. Any number of additional {\ML} source files may be |
|
321 associated with each theory, by declaring these dependencies in the |
|
322 theory header as @{text \<USES>}, and loading them consecutively |
|
323 within the theory context. The system keeps track of incoming {\ML} |
|
324 sources and associates them with the current theory. The file |
|
325 @{text A}\verb,.ML, is loaded after a theory has been concluded, in |
|
326 order to support legacy proof {\ML} proof scripts. |
|
327 |
|
328 The basic internal actions of the theory database are @{text |
|
329 "update"}, @{text "outdate"}, and @{text "remove"}: |
|
330 |
|
331 \begin{itemize} |
|
332 |
|
333 \item @{text "update A"} introduces a link of @{text "A"} with a |
|
334 @{text "theory"} value of the same name; it asserts that the theory |
|
335 sources are now consistent with that value; |
|
336 |
|
337 \item @{text "outdate A"} invalidates the link of a theory database |
|
338 entry to its sources, but retains the present theory value; |
|
339 |
|
340 \item @{text "remove A"} deletes entry @{text "A"} from the theory |
|
341 database. |
|
342 |
|
343 \end{itemize} |
|
344 |
|
345 These actions are propagated to sub- or super-graphs of a theory |
|
346 entry as expected, in order to preserve global consistency of the |
|
347 state of all loaded theories with the sources of the external store. |
|
348 This implies certain causalities between actions: @{text "update"} |
|
349 or @{text "outdate"} of an entry will @{text "outdate"} all |
|
350 descendants; @{text "remove"} will @{text "remove"} all descendants. |
|
351 |
|
352 \medskip There are separate user-level interfaces to operate on the |
|
353 theory database directly or indirectly. The primitive actions then |
|
354 just happen automatically while working with the system. In |
|
355 particular, processing a theory header @{text "\<THEORY> A |
|
356 \<IMPORTS> B\<^sub>1 \<dots> B\<^sub>n \<BEGIN>"} ensures that the |
|
357 sub-graph of the collective imports @{text "B\<^sub>1 \<dots> B\<^sub>n"} |
|
358 is up-to-date, too. Earlier theories are reloaded as required, with |
|
359 @{text update} actions proceeding in topological order according to |
|
360 theory dependencies. There may be also a wave of implied @{text |
|
361 outdate} actions for derived theory nodes until a stable situation |
|
362 is achieved eventually. |
|
363 *} |
|
364 |
|
365 text %mlref {* |
|
366 \begin{mldecls} |
|
367 @{index_ML theory: "string -> theory"} \\ |
|
368 @{index_ML use_thy: "string -> unit"} \\ |
|
369 @{index_ML use_thys: "string list -> unit"} \\ |
|
370 @{index_ML ThyInfo.touch_thy: "string -> unit"} \\ |
|
371 @{index_ML ThyInfo.remove_thy: "string -> unit"} \\[1ex] |
|
372 @{index_ML ThyInfo.begin_theory}@{verbatim ": ... -> bool -> theory"} \\ |
|
373 @{index_ML ThyInfo.end_theory: "theory -> unit"} \\ |
|
374 @{index_ML ThyInfo.register_theory: "theory -> unit"} \\[1ex] |
|
375 @{verbatim "datatype action = Update | Outdate | Remove"} \\ |
|
376 @{index_ML ThyInfo.add_hook: "(ThyInfo.action -> string -> unit) -> unit"} \\ |
|
377 \end{mldecls} |
|
378 |
|
379 \begin{description} |
|
380 |
|
381 \item @{ML theory}~@{text A} retrieves the theory value presently |
|
382 associated with name @{text A}. Note that the result might be |
|
383 outdated. |
|
384 |
|
385 \item @{ML use_thy}~@{text A} ensures that theory @{text A} is fully |
|
386 up-to-date wrt.\ the external file store, reloading outdated |
|
387 ancestors as required. |
|
388 |
|
389 \item @{ML use_thys} is similar to @{ML use_thy}, but handles |
|
390 several theories simultaneously. Thus it acts like processing the |
|
391 import header of a theory, without performing the merge of the |
|
392 result, though. |
|
393 |
|
394 \item @{ML ThyInfo.touch_thy}~@{text A} performs and @{text outdate} action |
|
395 on theory @{text A} and all descendants. |
|
396 |
|
397 \item @{ML ThyInfo.remove_thy}~@{text A} deletes theory @{text A} and all |
|
398 descendants from the theory database. |
|
399 |
|
400 \item @{ML ThyInfo.begin_theory} is the basic operation behind a |
|
401 @{text \<THEORY>} header declaration. This is {\ML} functions is |
|
402 normally not invoked directly. |
|
403 |
|
404 \item @{ML ThyInfo.end_theory} concludes the loading of a theory |
|
405 proper and stores the result in the theory database. |
|
406 |
|
407 \item @{ML ThyInfo.register_theory}~@{text "text thy"} registers an |
|
408 existing theory value with the theory loader database. There is no |
|
409 management of associated sources. |
|
410 |
|
411 \item @{ML "ThyInfo.add_hook"}~@{text f} registers function @{text |
|
412 f} as a hook for theory database actions. The function will be |
|
413 invoked with the action and theory name being involved; thus derived |
|
414 actions may be performed in associated system components, e.g.\ |
|
415 maintaining the state of an editor for the theory sources. |
|
416 |
|
417 The kind and order of actions occurring in practice depends both on |
|
418 user interactions and the internal process of resolving theory |
|
419 imports. Hooks should not rely on a particular policy here! Any |
|
420 exceptions raised by the hook are ignored. |
|
421 |
|
422 \end{description} |
|
423 *} |
|
424 |
|
425 end |