diff -r c8a2755bf220 -r ff784d5a5bfb src/Doc/Implementation/Logic.thy --- a/src/Doc/Implementation/Logic.thy Sat Jan 05 17:00:43 2019 +0100 +++ b/src/Doc/Implementation/Logic.thy Sat Jan 05 17:24:33 2019 +0100 @@ -120,43 +120,43 @@ @{index_ML Sign.primitive_arity: "arity -> theory -> theory"} \\ \end{mldecls} - \<^descr> Type @{ML_type class} represents type classes. + \<^descr> Type \<^ML_type>\class\ represents type classes. - \<^descr> Type @{ML_type sort} represents sorts, i.e.\ finite intersections of - classes. The empty list @{ML "[]: sort"} refers to the empty class + \<^descr> Type \<^ML_type>\sort\ represents sorts, i.e.\ finite intersections of + classes. The empty list \<^ML>\[]: sort\ refers to the empty class intersection, i.e.\ the ``full sort''. - \<^descr> Type @{ML_type arity} represents type arities. A triple \(\, \<^vec>s, s) + \<^descr> Type \<^ML_type>\arity\ represents type arities. A triple \(\, \<^vec>s, s) : arity\ represents \\ :: (\<^vec>s)s\ as described above. - \<^descr> Type @{ML_type typ} represents types; this is a datatype with constructors - @{ML TFree}, @{ML TVar}, @{ML Type}. + \<^descr> Type \<^ML_type>\typ\ represents types; this is a datatype with constructors + \<^ML>\TFree\, \<^ML>\TVar\, \<^ML>\Type\. - \<^descr> @{ML Term.map_atyps}~\f \\ applies the mapping \f\ to all atomic types - (@{ML TFree}, @{ML TVar}) occurring in \\\. + \<^descr> \<^ML>\Term.map_atyps\~\f \\ applies the mapping \f\ to all atomic types + (\<^ML>\TFree\, \<^ML>\TVar\) occurring in \\\. - \<^descr> @{ML Term.fold_atyps}~\f \\ iterates the operation \f\ over all - occurrences of atomic types (@{ML TFree}, @{ML TVar}) in \\\; the type + \<^descr> \<^ML>\Term.fold_atyps\~\f \\ iterates the operation \f\ over all + occurrences of atomic types (\<^ML>\TFree\, \<^ML>\TVar\) in \\\; the type structure is traversed from left to right. - \<^descr> @{ML Sign.subsort}~\thy (s\<^sub>1, s\<^sub>2)\ tests the subsort relation \s\<^sub>1 \ + \<^descr> \<^ML>\Sign.subsort\~\thy (s\<^sub>1, s\<^sub>2)\ tests the subsort relation \s\<^sub>1 \ s\<^sub>2\. - \<^descr> @{ML Sign.of_sort}~\thy (\, s)\ tests whether type \\\ is of sort \s\. + \<^descr> \<^ML>\Sign.of_sort\~\thy (\, s)\ tests whether type \\\ is of sort \s\. - \<^descr> @{ML Sign.add_type}~\ctxt (\, k, mx)\ declares a new type constructors \\\ + \<^descr> \<^ML>\Sign.add_type\~\ctxt (\, k, mx)\ declares a new type constructors \\\ with \k\ arguments and optional mixfix syntax. - \<^descr> @{ML Sign.add_type_abbrev}~\ctxt (\, \<^vec>\, \)\ defines a new type + \<^descr> \<^ML>\Sign.add_type_abbrev\~\ctxt (\, \<^vec>\, \)\ defines a new type abbreviation \(\<^vec>\)\ = \\. - \<^descr> @{ML Sign.primitive_class}~\(c, [c\<^sub>1, \, c\<^sub>n])\ declares a new class \c\, + \<^descr> \<^ML>\Sign.primitive_class\~\(c, [c\<^sub>1, \, c\<^sub>n])\ declares a new class \c\, together with class relations \c \ c\<^sub>i\, for \i = 1, \, n\. - \<^descr> @{ML Sign.primitive_classrel}~\(c\<^sub>1, c\<^sub>2)\ declares the class relation + \<^descr> \<^ML>\Sign.primitive_classrel\~\(c\<^sub>1, c\<^sub>2)\ declares the class relation \c\<^sub>1 \ c\<^sub>2\. - \<^descr> @{ML Sign.primitive_arity}~\(\, \<^vec>s, s)\ declares the arity \\ :: + \<^descr> \<^ML>\Sign.primitive_arity\~\(\, \<^vec>s, s)\ declares the arity \\ :: (\<^vec>s)s\. \ @@ -170,7 +170,7 @@ @{ML_antiquotation_def "typ"} & : & \ML_antiquotation\ \\ \end{matharray} - @{rail \ + \<^rail>\ @@{ML_antiquotation class} embedded ; @@{ML_antiquotation sort} sort @@ -180,25 +180,25 @@ @@{ML_antiquotation nonterminal}) embedded ; @@{ML_antiquotation typ} type - \} + \ - \<^descr> \@{class c}\ inlines the internalized class \c\ --- as @{ML_type string} + \<^descr> \@{class c}\ inlines the internalized class \c\ --- as \<^ML_type>\string\ literal. - \<^descr> \@{sort s}\ inlines the internalized sort \s\ --- as @{ML_type "string - list"} literal. + \<^descr> \@{sort s}\ inlines the internalized sort \s\ --- as \<^ML_type>\string + list\ literal. \<^descr> \@{type_name c}\ inlines the internalized type constructor \c\ --- as - @{ML_type string} literal. + \<^ML_type>\string\ literal. \<^descr> \@{type_abbrev c}\ inlines the internalized type abbreviation \c\ --- as - @{ML_type string} literal. + \<^ML_type>\string\ literal. \<^descr> \@{nonterminal c}\ inlines the internalized syntactic type~/ grammar - nonterminal \c\ --- as @{ML_type string} literal. + nonterminal \c\ --- as \<^ML_type>\string\ literal. \<^descr> \@{typ \}\ inlines the internalized type \\\ --- as constructor term for - datatype @{ML_type typ}. + datatype \<^ML_type>\typ\. \ @@ -333,50 +333,49 @@ @{index_ML Sign.const_instance: "theory -> string * typ list -> typ"} \\ \end{mldecls} - \<^descr> Type @{ML_type term} represents de-Bruijn terms, with comments in + \<^descr> Type \<^ML_type>\term\ represents de-Bruijn terms, with comments in abstractions, and explicitly named free variables and constants; this is a datatype with constructors @{index_ML Bound}, @{index_ML Free}, @{index_ML Var}, @{index_ML Const}, @{index_ML Abs}, @{index_ML_op "$"}. - \<^descr> \t\~@{ML_text aconv}~\u\ checks \\\-equivalence of two terms. This is the - basic equality relation on type @{ML_type term}; raw datatype equality + \<^descr> \t\~\<^ML_text>\aconv\~\u\ checks \\\-equivalence of two terms. This is the + basic equality relation on type \<^ML_type>\term\; raw datatype equality should only be used for operations related to parsing or printing! - \<^descr> @{ML Term.map_types}~\f t\ applies the mapping \f\ to all types occurring + \<^descr> \<^ML>\Term.map_types\~\f t\ applies the mapping \f\ to all types occurring in \t\. - \<^descr> @{ML Term.fold_types}~\f t\ iterates the operation \f\ over all + \<^descr> \<^ML>\Term.fold_types\~\f t\ iterates the operation \f\ over all occurrences of types in \t\; the term structure is traversed from left to right. - \<^descr> @{ML Term.map_aterms}~\f t\ applies the mapping \f\ to all atomic terms - (@{ML Bound}, @{ML Free}, @{ML Var}, @{ML Const}) occurring in \t\. + \<^descr> \<^ML>\Term.map_aterms\~\f t\ applies the mapping \f\ to all atomic terms + (\<^ML>\Bound\, \<^ML>\Free\, \<^ML>\Var\, \<^ML>\Const\) occurring in \t\. - \<^descr> @{ML Term.fold_aterms}~\f t\ iterates the operation \f\ over all - occurrences of atomic terms (@{ML Bound}, @{ML Free}, @{ML Var}, @{ML - Const}) in \t\; the term structure is traversed from left to right. + \<^descr> \<^ML>\Term.fold_aterms\~\f t\ iterates the operation \f\ over all + occurrences of atomic terms (\<^ML>\Bound\, \<^ML>\Free\, \<^ML>\Var\, \<^ML>\Const\) in \t\; the term structure is traversed from left to right. - \<^descr> @{ML fastype_of}~\t\ determines the type of a well-typed term. This + \<^descr> \<^ML>\fastype_of\~\t\ determines the type of a well-typed term. This operation is relatively slow, despite the omission of any sanity checks. - \<^descr> @{ML lambda}~\a b\ produces an abstraction \\a. b\, where occurrences of + \<^descr> \<^ML>\lambda\~\a b\ produces an abstraction \\a. b\, where occurrences of the atomic term \a\ in the body \b\ are replaced by bound variables. - \<^descr> @{ML betapply}~\(t, u)\ produces an application \t u\, with topmost + \<^descr> \<^ML>\betapply\~\(t, u)\ produces an application \t u\, with topmost \\\-conversion if \t\ is an abstraction. - \<^descr> @{ML incr_boundvars}~\j\ increments a term's dangling bound variables by + \<^descr> \<^ML>\incr_boundvars\~\j\ increments a term's dangling bound variables by the offset \j\. This is required when moving a subterm into a context where it is enclosed by a different number of abstractions. Bound variables with a matching abstraction are unaffected. - \<^descr> @{ML Sign.declare_const}~\ctxt ((c, \), mx)\ declares a new constant \c :: + \<^descr> \<^ML>\Sign.declare_const\~\ctxt ((c, \), mx)\ declares a new constant \c :: \\ with optional mixfix syntax. - \<^descr> @{ML Sign.add_abbrev}~\print_mode (c, t)\ introduces a new term + \<^descr> \<^ML>\Sign.add_abbrev\~\print_mode (c, t)\ introduces a new term abbreviation \c \ t\. - \<^descr> @{ML Sign.const_typargs}~\thy (c, \)\ and @{ML Sign.const_instance}~\thy + \<^descr> \<^ML>\Sign.const_typargs\~\thy (c, \)\ and \<^ML>\Sign.const_instance\~\thy (c, [\\<^sub>1, \, \\<^sub>n])\ convert between two representations of polymorphic constants: full type instance vs.\ compact type arguments form. \ @@ -390,7 +389,7 @@ @{ML_antiquotation_def "prop"} & : & \ML_antiquotation\ \\ \end{matharray} - @{rail \ + \<^rail>\ (@@{ML_antiquotation const_name} | @@{ML_antiquotation const_abbrev}) embedded ; @@ -399,23 +398,22 @@ @@{ML_antiquotation term} term ; @@{ML_antiquotation prop} prop - \} + \ \<^descr> \@{const_name c}\ inlines the internalized logical constant name \c\ --- - as @{ML_type string} literal. + as \<^ML_type>\string\ literal. \<^descr> \@{const_abbrev c}\ inlines the internalized abbreviated constant name \c\ - --- as @{ML_type string} literal. + --- as \<^ML_type>\string\ literal. \<^descr> \@{const c(\<^vec>\)}\ inlines the internalized constant \c\ with precise - type instantiation in the sense of @{ML Sign.const_instance} --- as @{ML - Const} constructor term for datatype @{ML_type term}. + type instantiation in the sense of \<^ML>\Sign.const_instance\ --- as \<^ML>\Const\ constructor term for datatype \<^ML_type>\term\. \<^descr> \@{term t}\ inlines the internalized term \t\ --- as constructor term for - datatype @{ML_type term}. + datatype \<^ML_type>\term\. \<^descr> \@{prop \}\ inlines the internalized proposition \\\ --- as constructor - term for datatype @{ML_type term}. + term for datatype \<^ML_type>\term\. \ @@ -601,84 +599,82 @@ Defs.entry -> Defs.entry list -> theory -> theory"} \\ \end{mldecls} - \<^descr> @{ML Thm.peek_status}~\thm\ informs about the current status of the + \<^descr> \<^ML>\Thm.peek_status\~\thm\ informs about the current status of the derivation object behind the given theorem. This is a snapshot of a potentially ongoing (parallel) evaluation of proofs. The three Boolean values indicate the following: \<^verbatim>\oracle\ if the finished part contains some oracle invocation; \<^verbatim>\unfinished\ if some future proofs are still pending; \<^verbatim>\failed\ if some future proof has failed, rendering the theorem invalid! - \<^descr> @{ML Logic.all}~\a B\ produces a Pure quantification \\a. B\, where + \<^descr> \<^ML>\Logic.all\~\a B\ produces a Pure quantification \\a. B\, where occurrences of the atomic term \a\ in the body proposition \B\ are replaced - by bound variables. (See also @{ML lambda} on terms.) + by bound variables. (See also \<^ML>\lambda\ on terms.) - \<^descr> @{ML Logic.mk_implies}~\(A, B)\ produces a Pure implication \A \ B\. + \<^descr> \<^ML>\Logic.mk_implies\~\(A, B)\ produces a Pure implication \A \ B\. - \<^descr> Types @{ML_type ctyp} and @{ML_type cterm} represent certified types and + \<^descr> Types \<^ML_type>\ctyp\ and \<^ML_type>\cterm\ represent certified types and terms, respectively. These are abstract datatypes that guarantee that its values have passed the full well-formedness (and well-typedness) checks, relative to the declarations of type constructors, constants etc.\ in the - background theory. The abstract types @{ML_type ctyp} and @{ML_type cterm} + background theory. The abstract types \<^ML_type>\ctyp\ and \<^ML_type>\cterm\ are part of the same inference kernel that is mainly responsible for - @{ML_type thm}. Thus syntactic operations on @{ML_type ctyp} and @{ML_type - cterm} are located in the @{ML_structure Thm} module, even though theorems + \<^ML_type>\thm\. Thus syntactic operations on \<^ML_type>\ctyp\ and \<^ML_type>\cterm\ are located in the \<^ML_structure>\Thm\ module, even though theorems are not yet involved at that stage. - \<^descr> @{ML Thm.ctyp_of}~\ctxt \\ and @{ML Thm.cterm_of}~\ctxt t\ explicitly + \<^descr> \<^ML>\Thm.ctyp_of\~\ctxt \\ and \<^ML>\Thm.cterm_of\~\ctxt t\ explicitly check types and terms, respectively. This also involves some basic normalizations, such expansion of type and term abbreviations from the underlying theory context. Full re-certification is relatively slow and should be avoided in tight reasoning loops. - \<^descr> @{ML Thm.apply}, @{ML Thm.lambda}, @{ML Thm.all}, @{ML Drule.mk_implies} + \<^descr> \<^ML>\Thm.apply\, \<^ML>\Thm.lambda\, \<^ML>\Thm.all\, \<^ML>\Drule.mk_implies\ etc.\ compose certified terms (or propositions) incrementally. This is - equivalent to @{ML Thm.cterm_of} after unchecked @{ML_op "$"}, @{ML lambda}, - @{ML Logic.all}, @{ML Logic.mk_implies} etc., but there can be a big + equivalent to \<^ML>\Thm.cterm_of\ after unchecked \<^ML_op>\$\, \<^ML>\lambda\, + \<^ML>\Logic.all\, \<^ML>\Logic.mk_implies\ etc., but there can be a big difference in performance when large existing entities are composed by a few extra constructions on top. There are separate operations to decompose certified terms and theorems to produce certified terms again. - \<^descr> Type @{ML_type thm} represents proven propositions. This is an abstract + \<^descr> Type \<^ML_type>\thm\ represents proven propositions. This is an abstract datatype that guarantees that its values have been constructed by basic - principles of the @{ML_structure Thm} module. Every @{ML_type thm} value + principles of the \<^ML_structure>\Thm\ module. Every \<^ML_type>\thm\ value refers its background theory, cf.\ \secref{sec:context-theory}. - \<^descr> @{ML Thm.transfer}~\thy thm\ transfers the given theorem to a \<^emph>\larger\ + \<^descr> \<^ML>\Thm.transfer\~\thy thm\ transfers the given theorem to a \<^emph>\larger\ theory, see also \secref{sec:context}. This formal adjustment of the background context has no logical significance, but is occasionally required for formal reasons, e.g.\ when theorems that are imported from more basic theories are used in the current situation. - \<^descr> @{ML Thm.assume}, @{ML Thm.forall_intr}, @{ML Thm.forall_elim}, @{ML - Thm.implies_intr}, and @{ML Thm.implies_elim} correspond to the primitive + \<^descr> \<^ML>\Thm.assume\, \<^ML>\Thm.forall_intr\, \<^ML>\Thm.forall_elim\, \<^ML>\Thm.implies_intr\, and \<^ML>\Thm.implies_elim\ correspond to the primitive inferences of \figref{fig:prim-rules}. - \<^descr> @{ML Thm.generalize}~\(\<^vec>\, \<^vec>x)\ corresponds to the + \<^descr> \<^ML>\Thm.generalize\~\(\<^vec>\, \<^vec>x)\ corresponds to the \generalize\ rules of \figref{fig:subst-rules}. Here collections of type and term variables are generalized simultaneously, specified by the given basic names. - \<^descr> @{ML Thm.instantiate}~\(\<^vec>\\<^sub>s, \<^vec>x\<^sub>\)\ corresponds to the + \<^descr> \<^ML>\Thm.instantiate\~\(\<^vec>\\<^sub>s, \<^vec>x\<^sub>\)\ corresponds to the \instantiate\ rules of \figref{fig:subst-rules}. Type variables are substituted before term variables. Note that the types in \\<^vec>x\<^sub>\\ refer to the instantiated versions. - \<^descr> @{ML Thm.add_axiom}~\ctxt (name, A)\ declares an arbitrary proposition as + \<^descr> \<^ML>\Thm.add_axiom\~\ctxt (name, A)\ declares an arbitrary proposition as axiom, and retrieves it as a theorem from the resulting theory, cf.\ \axiom\ in \figref{fig:prim-rules}. Note that the low-level representation in the axiom table may differ slightly from the returned theorem. - \<^descr> @{ML Thm.add_oracle}~\(binding, oracle)\ produces a named oracle rule, + \<^descr> \<^ML>\Thm.add_oracle\~\(binding, oracle)\ produces a named oracle rule, essentially generating arbitrary axioms on the fly, cf.\ \axiom\ in \figref{fig:prim-rules}. - \<^descr> @{ML Thm.add_def}~\ctxt unchecked overloaded (name, c \<^vec>x \ t)\ + \<^descr> \<^ML>\Thm.add_def\~\ctxt unchecked overloaded (name, c \<^vec>x \ t)\ states a definitional axiom for an existing constant \c\. Dependencies are - recorded via @{ML Theory.add_deps}, unless the \unchecked\ option is set. + recorded via \<^ML>\Theory.add_deps\, unless the \unchecked\ option is set. Note that the low-level representation in the axiom table may differ slightly from the returned theorem. - \<^descr> @{ML Theory.add_deps}~\ctxt name c\<^sub>\ \<^vec>d\<^sub>\\ declares dependencies of + \<^descr> \<^ML>\Theory.add_deps\~\ctxt name c\<^sub>\ \<^vec>d\<^sub>\\ declares dependencies of a named specification for constant \c\<^sub>\\, relative to existing specifications for constants \\<^vec>d\<^sub>\\. This also works for type constructors. @@ -694,7 +690,7 @@ @{ML_antiquotation_def "lemma"} & : & \ML_antiquotation\ \\ \end{matharray} - @{rail \ + \<^rail>\ @@{ML_antiquotation ctyp} typ ; @@{ML_antiquotation cterm} term @@ -707,23 +703,23 @@ ; @@{ML_antiquotation lemma} ('(' @'open' ')')? ((prop +) + @'and') \ @'by' method method? - \} + \ \<^descr> \@{ctyp \}\ produces a certified type wrt.\ the current background theory - --- as abstract value of type @{ML_type ctyp}. + --- as abstract value of type \<^ML_type>\ctyp\. \<^descr> \@{cterm t}\ and \@{cprop \}\ produce a certified term wrt.\ the current - background theory --- as abstract value of type @{ML_type cterm}. + background theory --- as abstract value of type \<^ML_type>\cterm\. \<^descr> \@{thm a}\ produces a singleton fact --- as abstract value of type - @{ML_type thm}. + \<^ML_type>\thm\. \<^descr> \@{thms a}\ produces a general fact --- as abstract value of type - @{ML_type "thm list"}. + \<^ML_type>\thm list\. \<^descr> \@{lemma \ by meth}\ produces a fact that is proven on the spot according to the minimal proof, which imitates a terminal Isar proof. The result is an - abstract value of type @{ML_type thm} or @{ML_type "thm list"}, depending on + abstract value of type \<^ML_type>\thm\ or \<^ML_type>\thm list\, depending on the number of propositions given here. The internal derivation object lacks a proper theorem name, but it is @@ -800,17 +796,17 @@ @{index_ML Logic.dest_type: "term -> typ"} \\ \end{mldecls} - \<^descr> @{ML Conjunction.intr} derives \A &&& B\ from \A\ and \B\. + \<^descr> \<^ML>\Conjunction.intr\ derives \A &&& B\ from \A\ and \B\. - \<^descr> @{ML Conjunction.elim} derives \A\ and \B\ from \A &&& B\. + \<^descr> \<^ML>\Conjunction.elim\ derives \A\ and \B\ from \A &&& B\. - \<^descr> @{ML Drule.mk_term} derives \TERM t\. + \<^descr> \<^ML>\Drule.mk_term\ derives \TERM t\. - \<^descr> @{ML Drule.dest_term} recovers term \t\ from \TERM t\. + \<^descr> \<^ML>\Drule.dest_term\ recovers term \t\ from \TERM t\. - \<^descr> @{ML Logic.mk_type}~\\\ produces the term \TYPE(\)\. + \<^descr> \<^ML>\Logic.mk_type\~\\\ produces the term \TYPE(\)\. - \<^descr> @{ML Logic.dest_type}~\TYPE(\)\ recovers the type \\\. + \<^descr> \<^ML>\Logic.dest_type\~\TYPE(\)\ recovers the type \\\. \ @@ -846,17 +842,16 @@ @{index_ML Thm.strip_shyps: "thm -> thm"} \\ \end{mldecls} - \<^descr> @{ML Thm.extra_shyps}~\thm\ determines the extraneous sort hypotheses of + \<^descr> \<^ML>\Thm.extra_shyps\~\thm\ determines the extraneous sort hypotheses of the given theorem, i.e.\ the sorts that are not present within type variables of the statement. - \<^descr> @{ML Thm.strip_shyps}~\thm\ removes any extraneous sort hypotheses that + \<^descr> \<^ML>\Thm.strip_shyps\~\thm\ removes any extraneous sort hypotheses that can be witnessed from the type signature. \ text %mlex \ - The following artificial example demonstrates the derivation of @{prop - False} with a pending sort hypothesis involving a logically empty sort. + The following artificial example demonstrates the derivation of \<^prop>\False\ with a pending sort hypothesis involving a logically empty sort. \ class empty = @@ -865,7 +860,7 @@ theorem (in empty) false: False using bad by blast -ML_val \@{assert} (Thm.extra_shyps @{thm false} = [@{sort empty}])\ +ML_val \\<^assert> (Thm.extra_shyps @{thm false} = [\<^sort>\empty\])\ text \ Thanks to the inference kernel managing sort hypothesis according to their @@ -951,7 +946,7 @@ @{index_ML Simplifier.norm_hhf: "Proof.context -> thm -> thm"} \\ \end{mldecls} - \<^descr> @{ML Simplifier.norm_hhf}~\ctxt thm\ normalizes the given theorem + \<^descr> \<^ML>\Simplifier.norm_hhf\~\ctxt thm\ normalizes the given theorem according to the canonical form specified above. This is occasionally helpful to repair some low-level tools that do not handle Hereditary Harrop Formulae properly. @@ -1032,7 +1027,7 @@ \<^descr> \rule\<^sub>1 RSN (i, rule\<^sub>2)\ resolves the conclusion of \rule\<^sub>1\ with the \i\-th premise of \rule\<^sub>2\, according to the @{inference resolution} principle explained above. Unless there is precisely one resolvent it raises - exception @{ML THM}. + exception \<^ML>\THM\. This corresponds to the rule attribute @{attribute THEN} in Isar source language. @@ -1044,7 +1039,7 @@ with the \i\-th premise of \rule\<^sub>2\, accumulating multiple results in one big list. Note that such strict enumerations of higher-order unifications can be inefficient compared to the lazy variant seen in elementary tactics - like @{ML resolve_tac}. + like \<^ML>\resolve_tac\. \<^descr> \rules\<^sub>1 RL rules\<^sub>2\ abbreviates \rules\<^sub>1 RLN (1, rules\<^sub>2)\. @@ -1196,32 +1191,32 @@ @{index_ML Proof_Syntax.pretty_proof: "Proof.context -> proof -> Pretty.T"} \\ \end{mldecls} - \<^descr> Type @{ML_type proof} represents proof terms; this is a datatype with + \<^descr> Type \<^ML_type>\proof\ represents proof terms; this is a datatype with constructors @{index_ML Abst}, @{index_ML AbsP}, @{index_ML_op "%"}, @{index_ML_op "%%"}, @{index_ML PBound}, @{index_ML MinProof}, @{index_ML Hyp}, @{index_ML PAxm}, @{index_ML Oracle}, @{index_ML Promise}, @{index_ML PThm} as explained above. %FIXME OfClass (!?) - \<^descr> Type @{ML_type proof_body} represents the nested proof information of a + \<^descr> Type \<^ML_type>\proof_body\ represents the nested proof information of a named theorem, consisting of a digest of oracles and named theorem over some proof term. The digest only covers the directly visible part of the proof: in order to get the full information, the implicit graph of nested theorems - needs to be traversed (e.g.\ using @{ML Proofterm.fold_body_thms}). + needs to be traversed (e.g.\ using \<^ML>\Proofterm.fold_body_thms\). - \<^descr> @{ML Thm.proof_of}~\thm\ and @{ML Thm.proof_body_of}~\thm\ produce the + \<^descr> \<^ML>\Thm.proof_of\~\thm\ and \<^ML>\Thm.proof_body_of\~\thm\ produce the proof term or proof body (with digest of oracles and theorems) from a given theorem. Note that this involves a full join of internal futures that fulfill pending proof promises, and thus disrupts the natural bottom-up construction of proofs by introducing dynamic ad-hoc dependencies. Parallel performance may suffer by inspecting proof terms at run-time. - \<^descr> @{ML Proofterm.proofs} specifies the detail of proof recording within - @{ML_type thm} values produced by the inference kernel: @{ML 0} records only - the names of oracles, @{ML 1} records oracle names and propositions, @{ML 2} + \<^descr> \<^ML>\Proofterm.proofs\ specifies the detail of proof recording within + \<^ML_type>\thm\ values produced by the inference kernel: \<^ML>\0\ records only + the names of oracles, \<^ML>\1\ records oracle names and propositions, \<^ML>\2\ additionally records full proof terms. Officially named theorems that contribute to a result are recorded in any case. - \<^descr> @{ML Reconstruct.reconstruct_proof}~\ctxt prop prf\ turns the implicit + \<^descr> \<^ML>\Reconstruct.reconstruct_proof\~\ctxt prop prf\ turns the implicit proof term \prf\ into a full proof of the given proposition. Reconstruction may fail if \prf\ is not a proof of \prop\, or if it does not @@ -1229,21 +1224,21 @@ for proofs that are constructed manually, but not for those produced automatically by the inference kernel. - \<^descr> @{ML Reconstruct.expand_proof}~\ctxt [thm\<^sub>1, \, thm\<^sub>n] prf\ expands and + \<^descr> \<^ML>\Reconstruct.expand_proof\~\ctxt [thm\<^sub>1, \, thm\<^sub>n] prf\ expands and reconstructs the proofs of all specified theorems, with the given (full) proof. Theorems that are not unique specified via their name may be disambiguated by giving their proposition. - \<^descr> @{ML Proof_Checker.thm_of_proof}~\thy prf\ turns the given (full) proof + \<^descr> \<^ML>\Proof_Checker.thm_of_proof\~\thy prf\ turns the given (full) proof into a theorem, by replaying it using only primitive rules of the inference kernel. - \<^descr> @{ML Proof_Syntax.read_proof}~\thy b\<^sub>1 b\<^sub>2 s\ reads in a proof term. The + \<^descr> \<^ML>\Proof_Syntax.read_proof\~\thy b\<^sub>1 b\<^sub>2 s\ reads in a proof term. The Boolean flags indicate the use of sort and type information. Usually, typing information is left implicit and is inferred during proof reconstruction. %FIXME eliminate flags!? - \<^descr> @{ML Proof_Syntax.pretty_proof}~\ctxt prf\ pretty-prints the given proof + \<^descr> \<^ML>\Proof_Syntax.pretty_proof\~\ctxt prf\ pretty-prints the given proof term. \