30 % |
28 % |
31 \begin{isamarkuptext}% |
29 \begin{isamarkuptext}% |
32 The \emph{Isabelle} system essentially provides a generic |
30 The \emph{Isabelle} system essentially provides a generic |
33 infrastructure for building deductive systems (programmed in |
31 infrastructure for building deductive systems (programmed in |
34 Standard ML), with a special focus on interactive theorem proving in |
32 Standard ML), with a special focus on interactive theorem proving in |
35 higher-order logics. In the olden days even end-users would refer |
33 higher-order logics. Many years ago, even end-users would refer to |
36 to certain ML functions (goal commands, tactics, tacticals etc.) to |
34 certain ML functions (goal commands, tactics, tacticals etc.) to |
37 pursue their everyday theorem proving tasks |
35 pursue their everyday theorem proving tasks. |
38 \cite{isabelle-intro,isabelle-ref}. |
|
39 |
36 |
40 In contrast \emph{Isar} provides an interpreted language environment |
37 In contrast \emph{Isar} provides an interpreted language environment |
41 of its own, which has been specifically tailored for the needs of |
38 of its own, which has been specifically tailored for the needs of |
42 theory and proof development. Compared to raw ML, the Isabelle/Isar |
39 theory and proof development. Compared to raw ML, the Isabelle/Isar |
43 top-level provides a more robust and comfortable development |
40 top-level provides a more robust and comfortable development |
44 platform, with proper support for theory development graphs, |
41 platform, with proper support for theory development graphs, managed |
45 single-step transactions with unlimited undo, etc. The |
42 transactions with unlimited undo etc. The Isabelle/Isar version of |
46 Isabelle/Isar version of the \emph{Proof~General} user interface |
43 the \emph{Proof~General} user interface |
47 \cite{proofgeneral,Aspinall:TACAS:2000} provides an adequate |
44 \cite{proofgeneral,Aspinall:TACAS:2000} provides a decent front-end |
48 front-end for interactive theory and proof development in this |
45 for interactive theory and proof development in this advanced |
49 advanced theorem proving environment. |
46 theorem proving environment, even though it is somewhat biased |
|
47 towards old-style proof scripts. |
50 |
48 |
51 \medskip Apart from the technical advances over bare-bones ML |
49 \medskip Apart from the technical advances over bare-bones ML |
52 programming, the main purpose of the Isar language is to provide a |
50 programming, the main purpose of the Isar language is to provide a |
53 conceptually different view on machine-checked proofs |
51 conceptually different view on machine-checked proofs |
54 \cite{Wenzel:1999:TPHOL,Wenzel-PhD}. ``Isar'' stands for |
52 \cite{Wenzel:1999:TPHOL,Wenzel-PhD}. \emph{Isar} stands for |
55 ``Intelligible semi-automated reasoning''. Drawing from both the |
53 \emph{Intelligible semi-automated reasoning}. Drawing from both the |
56 traditions of informal mathematical proof texts and high-level |
54 traditions of informal mathematical proof texts and high-level |
57 programming languages, Isar offers a versatile environment for |
55 programming languages, Isar offers a versatile environment for |
58 structured formal proof documents. Thus properly written Isar |
56 structured formal proof documents. Thus properly written Isar |
59 proofs become accessible to a broader audience than unstructured |
57 proofs become accessible to a broader audience than unstructured |
60 tactic scripts (which typically only provide operational information |
58 tactic scripts (which typically only provide operational information |
65 right, independently of the mechanic proof-checking process. |
63 right, independently of the mechanic proof-checking process. |
66 |
64 |
67 Despite its grand design of structured proof texts, Isar is able to |
65 Despite its grand design of structured proof texts, Isar is able to |
68 assimilate the old tactical style as an ``improper'' sub-language. |
66 assimilate the old tactical style as an ``improper'' sub-language. |
69 This provides an easy upgrade path for existing tactic scripts, as |
67 This provides an easy upgrade path for existing tactic scripts, as |
70 well as additional means for interactive experimentation and |
68 well as some means for interactive experimentation and debugging of |
71 debugging of structured proofs. Isabelle/Isar supports a broad |
69 structured proofs. Isabelle/Isar supports a broad range of proof |
72 range of proof styles, both readable and unreadable ones. |
70 styles, both readable and unreadable ones. |
73 |
71 |
74 \medskip The Isabelle/Isar framework \cite{Wenzel:2006:Festschrift} |
72 \medskip The generic Isabelle/Isar framework (see |
75 is generic and should work reasonably well for any Isabelle |
73 \chref{ch:isar-framework}) works reasonably well for any Isabelle |
76 object-logic that conforms to the natural deduction view of the |
74 object-logic that conforms to the natural deduction view of the |
77 Isabelle/Pure framework. Specific language elements introduced by |
75 Isabelle/Pure framework. Specific language elements introduced by |
78 the major object-logics are described in \chref{ch:hol} |
76 the major object-logics are described in \chref{ch:hol} |
79 (Isabelle/HOL), \chref{ch:holcf} (Isabelle/HOLCF), and \chref{ch:zf} |
77 (Isabelle/HOL), \chref{ch:holcf} (Isabelle/HOLCF), and \chref{ch:zf} |
80 (Isabelle/ZF). The main language elements are already provided by |
78 (Isabelle/ZF). The main language elements are already provided by |
87 Improper Isar language elements, which are marked by ``\isa{{\isachardoublequote}\isactrlsup {\isacharasterisk}{\isachardoublequote}}'' in the subsequent chapters; they are often helpful |
85 Improper Isar language elements, which are marked by ``\isa{{\isachardoublequote}\isactrlsup {\isacharasterisk}{\isachardoublequote}}'' in the subsequent chapters; they are often helpful |
88 when developing proof documents, but their use is discouraged for |
86 when developing proof documents, but their use is discouraged for |
89 the final human-readable outcome. Typical examples are diagnostic |
87 the final human-readable outcome. Typical examples are diagnostic |
90 commands that print terms or theorems according to the current |
88 commands that print terms or theorems according to the current |
91 context; other commands emulate old-style tactical theorem proving.% |
89 context; other commands emulate old-style tactical theorem proving.% |
92 \end{isamarkuptext}% |
|
93 \isamarkuptrue% |
|
94 % |
|
95 \isamarkupsection{User interfaces% |
|
96 } |
|
97 \isamarkuptrue% |
|
98 % |
|
99 \isamarkupsubsection{Terminal sessions% |
|
100 } |
|
101 \isamarkuptrue% |
|
102 % |
|
103 \begin{isamarkuptext}% |
|
104 The Isabelle \texttt{tty} tool provides a very interface for running |
|
105 the Isar interaction loop, with some support for command line |
|
106 editing. For example: |
|
107 \begin{ttbox} |
|
108 isabelle tty\medskip |
|
109 {\out Welcome to Isabelle/HOL (Isabelle2008)}\medskip |
|
110 theory Foo imports Main begin; |
|
111 definition foo :: nat where "foo == 1"; |
|
112 lemma "0 < foo" by (simp add: foo_def); |
|
113 end; |
|
114 \end{ttbox} |
|
115 |
|
116 Any Isabelle/Isar command may be retracted by \hyperlink{command.undo}{\mbox{\isa{\isacommand{undo}}}}. |
|
117 See the Isabelle/Isar Quick Reference (\appref{ap:refcard}) for a |
|
118 comprehensive overview of available commands and other language |
|
119 elements.% |
|
120 \end{isamarkuptext}% |
|
121 \isamarkuptrue% |
|
122 % |
|
123 \isamarkupsubsection{Emacs Proof General% |
|
124 } |
|
125 \isamarkuptrue% |
|
126 % |
|
127 \begin{isamarkuptext}% |
|
128 Plain TTY-based interaction as above used to be quite feasible with |
|
129 traditional tactic based theorem proving, but developing Isar |
|
130 documents really demands some better user-interface support. The |
|
131 Proof~General environment by David Aspinall |
|
132 \cite{proofgeneral,Aspinall:TACAS:2000} offers a generic Emacs |
|
133 interface for interactive theorem provers that organizes all the |
|
134 cut-and-paste and forward-backward walk through the text in a very |
|
135 neat way. In Isabelle/Isar, the current position within a partial |
|
136 proof document is equally important than the actual proof state. |
|
137 Thus Proof~General provides the canonical working environment for |
|
138 Isabelle/Isar, both for getting acquainted (e.g.\ by replaying |
|
139 existing Isar documents) and for production work.% |
|
140 \end{isamarkuptext}% |
|
141 \isamarkuptrue% |
|
142 % |
|
143 \isamarkupsubsubsection{Proof~General as default Isabelle interface% |
|
144 } |
|
145 \isamarkuptrue% |
|
146 % |
|
147 \begin{isamarkuptext}% |
|
148 The Isabelle interface wrapper script provides an easy way to invoke |
|
149 Proof~General (including XEmacs or GNU Emacs). The default |
|
150 configuration of Isabelle is smart enough to detect the |
|
151 Proof~General distribution in several canonical places (e.g.\ |
|
152 \verb|$ISABELLE_HOME/contrib/ProofGeneral|). Thus the |
|
153 capital \verb|Isabelle| executable would already refer to the |
|
154 \verb|ProofGeneral/isar| interface without further ado. The |
|
155 Isabelle interface script provides several options; pass \verb|-?| to see its usage. |
|
156 |
|
157 With the proper Isabelle interface setup, Isar documents may now be edited by |
|
158 visiting appropriate theory files, e.g.\ |
|
159 \begin{ttbox} |
|
160 Isabelle \({\langle}isabellehome{\rangle}\)/src/HOL/Isar_examples/Summation.thy |
|
161 \end{ttbox} |
|
162 Beginners may note the tool bar for navigating forward and backward |
|
163 through the text (this depends on the local Emacs installation). |
|
164 Consult the Proof~General documentation \cite{proofgeneral} for |
|
165 further basic command sequences, in particular ``\verb|C-c C-return|'' |
|
166 and ``\verb|C-c u|''. |
|
167 |
|
168 \medskip Proof~General may be also configured manually by giving |
|
169 Isabelle settings like this (see also \cite{isabelle-sys}): |
|
170 |
|
171 \begin{ttbox} |
|
172 ISABELLE_INTERFACE=\$ISABELLE_HOME/contrib/ProofGeneral/isar/interface |
|
173 PROOFGENERAL_OPTIONS="" |
|
174 \end{ttbox} |
|
175 You may have to change \verb|$ISABELLE_HOME/contrib/ProofGeneral| to the actual installation |
|
176 directory of Proof~General. |
|
177 |
|
178 \medskip Apart from the Isabelle command line, defaults for |
|
179 interface options may be given by the \verb|PROOFGENERAL_OPTIONS| |
|
180 setting. For example, the Emacs executable to be used may be |
|
181 configured in Isabelle's settings like this: |
|
182 \begin{ttbox} |
|
183 PROOFGENERAL_OPTIONS="-p xemacs-mule" |
|
184 \end{ttbox} |
|
185 |
|
186 Occasionally, a user's \verb|~/.emacs| file contains code |
|
187 that is incompatible with the (X)Emacs version used by |
|
188 Proof~General, causing the interface startup to fail prematurely. |
|
189 Here the \verb|-u false| option helps to get the interface |
|
190 process up and running. Note that additional Lisp customization |
|
191 code may reside in \verb|proofgeneral-settings.el| of |
|
192 \verb|$ISABELLE_HOME/etc| or \verb|$ISABELLE_HOME_USER/etc|.% |
|
193 \end{isamarkuptext}% |
|
194 \isamarkuptrue% |
|
195 % |
|
196 \isamarkupsubsubsection{The X-Symbol package% |
|
197 } |
|
198 \isamarkuptrue% |
|
199 % |
|
200 \begin{isamarkuptext}% |
|
201 Proof~General incorporates a version of the Emacs X-Symbol package |
|
202 \cite{x-symbol}, which handles proper mathematical symbols displayed |
|
203 on screen. Pass option \verb|-x true| to the Isabelle |
|
204 interface script, or check the appropriate Proof~General menu |
|
205 setting by hand. The main challenge of getting X-Symbol to work |
|
206 properly is the underlying (semi-automated) X11 font setup. |
|
207 |
|
208 \medskip Using proper mathematical symbols in Isabelle theories can |
|
209 be very convenient for readability of large formulas. On the other |
|
210 hand, the plain ASCII sources easily become somewhat unintelligible. |
|
211 For example, \isa{{\isachardoublequote}{\isasymLongrightarrow}{\isachardoublequote}} would appear as \verb|\<Longrightarrow>| according |
|
212 the default set of Isabelle symbols. Nevertheless, the Isabelle |
|
213 document preparation system (see \chref{ch:document-prep}) will be |
|
214 happy to print non-ASCII symbols properly. It is even possible to |
|
215 invent additional notation beyond the display capabilities of Emacs |
|
216 and X-Symbol.% |
|
217 \end{isamarkuptext}% |
|
218 \isamarkuptrue% |
|
219 % |
|
220 \isamarkupsection{Isabelle/Isar theories% |
|
221 } |
|
222 \isamarkuptrue% |
|
223 % |
|
224 \begin{isamarkuptext}% |
|
225 Isabelle/Isar offers the following main improvements over classic |
|
226 Isabelle. |
|
227 |
|
228 \begin{enumerate} |
|
229 |
|
230 \item A \emph{theory format} that integrates specifications and |
|
231 proofs, supporting interactive development and unlimited undo |
|
232 operation. |
|
233 |
|
234 \item A \emph{formal proof document language} designed to support |
|
235 intelligible semi-automated reasoning. Instead of putting together |
|
236 unreadable tactic scripts, the author is enabled to express the |
|
237 reasoning in way that is close to usual mathematical practice. The |
|
238 old tactical style has been assimilated as ``improper'' language |
|
239 elements. |
|
240 |
|
241 \item A simple document preparation system, for typesetting formal |
|
242 developments together with informal text. The resulting |
|
243 hyper-linked PDF documents are equally well suited for WWW |
|
244 presentation and as printed copies. |
|
245 |
|
246 \end{enumerate} |
|
247 |
|
248 The Isar proof language is embedded into the new theory format as a |
|
249 proper sub-language. Proof mode is entered by stating some |
|
250 \hyperlink{command.theorem}{\mbox{\isa{\isacommand{theorem}}}} or \hyperlink{command.lemma}{\mbox{\isa{\isacommand{lemma}}}} at the theory level, and |
|
251 left again with the final conclusion (e.g.\ via \hyperlink{command.qed}{\mbox{\isa{\isacommand{qed}}}}). |
|
252 A few theory specification mechanisms also require some proof, such |
|
253 as HOL's \hyperlink{command.typedef}{\mbox{\isa{\isacommand{typedef}}}} which demands non-emptiness of the |
|
254 representing sets.% |
|
255 \end{isamarkuptext}% |
|
256 \isamarkuptrue% |
|
257 % |
|
258 \isamarkupsection{How to write Isar proofs anyway? \label{sec:isar-howto}% |
|
259 } |
|
260 \isamarkuptrue% |
|
261 % |
|
262 \begin{isamarkuptext}% |
|
263 This is one of the key questions, of course. First of all, the |
|
264 tactic script emulation of Isabelle/Isar essentially provides a |
|
265 clarified version of the very same unstructured proof style of |
|
266 classic Isabelle. Old-time users should quickly become acquainted |
|
267 with that (slightly degenerative) view of Isar. |
|
268 |
|
269 Writing \emph{proper} Isar proof texts targeted at human readers is |
|
270 quite different, though. Experienced users of the unstructured |
|
271 style may even have to unlearn some of their habits to master proof |
|
272 composition in Isar. In contrast, new users with less experience in |
|
273 old-style tactical proving, but a good understanding of mathematical |
|
274 proof in general, often get started easier. |
|
275 |
|
276 \medskip The present text really is only a reference manual on |
|
277 Isabelle/Isar, not a tutorial. Nevertheless, we will attempt to |
|
278 give some clues of how the concepts introduced here may be put into |
|
279 practice. Especially note that \appref{ap:refcard} provides a quick |
|
280 reference card of the most common Isabelle/Isar language elements. |
|
281 |
|
282 Further issues concerning the Isar concepts are covered in the |
|
283 literature |
|
284 \cite{Wenzel:1999:TPHOL,Wiedijk:2000:MV,Bauer-Wenzel:2000:HB,Bauer-Wenzel:2001}. |
|
285 The author's PhD thesis \cite{Wenzel-PhD} presently provides the |
|
286 most complete exposition of Isar foundations, techniques, and |
|
287 applications. A number of example applications are distributed with |
|
288 Isabelle, and available via the Isabelle WWW library (e.g.\ |
|
289 \url{http://isabelle.in.tum.de/library/}). The ``Archive of Formal |
|
290 Proofs'' \url{http://afp.sourceforge.net/} also provides plenty of |
|
291 examples, both in proper Isar proof style and unstructured tactic |
|
292 scripts.% |
|
293 \end{isamarkuptext}% |
90 \end{isamarkuptext}% |
294 \isamarkuptrue% |
91 \isamarkuptrue% |
295 % |
92 % |
296 \isadelimtheory |
93 \isadelimtheory |
297 % |
94 % |