# HG changeset patch # User wenzelm # Date 1446665758 -3600 # Node ID 1ec8af91e169f72ef1f2e7802a29ed7b2247da85 # Parent f18f6e51e901858bfa2af91c64b83d633e19ae4f tuned whitespace; diff -r f18f6e51e901 -r 1ec8af91e169 src/Doc/Eisbach/Manual.thy --- a/src/Doc/Eisbach/Manual.thy Wed Nov 04 20:18:46 2015 +0100 +++ b/src/Doc/Eisbach/Manual.thy Wed Nov 04 20:35:58 2015 +0100 @@ -14,8 +14,8 @@ terms, facts, or other methods. \<^medskip> - The syntax diagram below refers to some syntactic categories that - are further defined in @{cite "isabelle-isar-ref"}. + The syntax diagram below refers to some syntactic categories that are + further defined in @{cite "isabelle-isar-ref"}. @{rail \ @@{command method} name args @'=' method @@ -56,11 +56,10 @@ by prop_solver\<^sub>1 text \ - In this example, the facts \impI\ and \conjE\ are static. They - are evaluated once when the method is defined and cannot be changed later. - This makes the method stable in the sense of \<^emph>\static scoping\: naming - another fact \impI\ in a later context won't affect the behaviour of - \prop_solver\<^sub>1\. + In this example, the facts \impI\ and \conjE\ are static. They are evaluated + once when the method is defined and cannot be changed later. This makes the + method stable in the sense of \<^emph>\static scoping\: naming another fact \impI\ + in a later context won't affect the behaviour of \prop_solver\<^sub>1\. \ @@ -100,11 +99,11 @@ subsection \Named theorems\ text \ - A \named theorem\ is a fact whose contents are produced dynamically - within the current proof context. The Isar command @{command_ref - "named_theorems"} provides simple access to this concept: it declares a - dynamic fact with corresponding \<^emph>\attribute\ for managing - this particular data slot in the context. + A \<^emph>\named theorem\ is a fact whose contents are produced dynamically within + the current proof context. The Isar command @{command_ref "named_theorems"} + provides simple access to this concept: it declares a dynamic fact with + corresponding \<^emph>\attribute\ for managing this particular data slot in the + context. \ named_theorems intros @@ -112,7 +111,8 @@ text \ So far \intros\ refers to the empty fact. Using the Isar command @{command_ref "declare"} we may apply declaration attributes to the context. - Below we declare both \conjI\ and \impI\ as \intros\, adding them to the named theorem slot. + Below we declare both \conjI\ and \impI\ as \intros\, adding them to the + named theorem slot. \ declare conjI [intros] and impI [intros] @@ -136,8 +136,8 @@ text \ Often these named theorems need to be augmented on the spot, when a method is invoked. The @{keyword_def "declares"} keyword in the signature of - @{command method} adds the common method syntax \method decl: facts\ - for each named theorem \decl\. + @{command method} adds the common method syntax \method decl: facts\ for + each named theorem \decl\. \ method prop_solver\<^sub>4 declares intros elims = @@ -170,11 +170,12 @@ section \Higher-order methods\ text \ - The \<^emph>\structured concatenation\ combinator ``\method\<^sub>1 ; - method\<^sub>2\'' was introduced in Isabelle2015, motivated by development of - Eisbach. It is similar to ``\method\<^sub>1, method\<^sub>2\'', but \method\<^sub>2\ is invoked on on \<^emph>\all\ subgoals that have newly emerged from - \method\<^sub>1\. This is useful to handle cases where the number of - subgoals produced by a method is determined dynamically at run-time. + The \<^emph>\structured concatenation\ combinator ``\method\<^sub>1 ; method\<^sub>2\'' was + introduced in Isabelle2015, motivated by development of Eisbach. It is + similar to ``\method\<^sub>1, method\<^sub>2\'', but \method\<^sub>2\ is invoked on on \<^emph>\all\ + subgoals that have newly emerged from \method\<^sub>1\. This is useful to handle + cases where the number of subgoals produced by a method is determined + dynamically at run-time. \ method conj_with uses rule = @@ -190,18 +191,17 @@ method combinators with prefix syntax. For example, to more usefully exploit Isabelle's backtracking, the explicit requirement that a method solve all produced subgoals is frequently useful. This can easily be written as a - \<^emph>\higher-order method\ using ``\;\''. The @{keyword "methods"} - keyword denotes method parameters that are other proof methods to be invoked - by the method being defined. + \<^emph>\higher-order method\ using ``\;\''. The @{keyword "methods"} keyword + denotes method parameters that are other proof methods to be invoked by the + method being defined. \ method solve methods m = (m ; fail) text \ - Given some method-argument \m\, \solve \m\\ applies the - method \m\ and then fails whenever \m\ produces any new unsolved - subgoals --- i.e. when \m\ fails to completely discharge the goal it - was applied to. + Given some method-argument \m\, \solve \m\\ applies the method \m\ and then + fails whenever \m\ produces any new unsolved subgoals --- i.e. when \m\ + fails to completely discharge the goal it was applied to. \ @@ -222,29 +222,31 @@ (erule notE ; solve \prop_solver\))+ text \ - The only non-trivial part above is the final alternative \(erule notE - ; solve \prop_solver\)\. Here, in the case that all other alternatives - fail, the method takes one of the assumptions @{term "\ P"} of the current - goal and eliminates it with the rule \notE\, causing the goal to be - proved to become @{term P}. The method then recursively invokes itself on - the remaining goals. The job of the recursive call is to demonstrate that - there is a contradiction in the original assumptions (i.e.\ that @{term P} - can be derived from them). Note this recursive invocation is applied with - the @{method solve} method combinator to ensure that a contradiction will - indeed be shown. In the case where a contradiction cannot be found, - backtracking will occur and a different assumption @{term "\ Q"} will be - chosen for elimination. + The only non-trivial part above is the final alternative \(erule notE ; + solve \prop_solver\)\. Here, in the case that all other alternatives fail, + the method takes one of the assumptions @{term "\ P"} of the current goal + and eliminates it with the rule \notE\, causing the goal to be proved to + become @{term P}. The method then recursively invokes itself on the + remaining goals. The job of the recursive call is to demonstrate that there + is a contradiction in the original assumptions (i.e.\ that @{term P} can be + derived from them). Note this recursive invocation is applied with the + @{method solve} method combinator to ensure that a contradiction will indeed + be shown. In the case where a contradiction cannot be found, backtracking + will occur and a different assumption @{term "\ Q"} will be chosen for + elimination. Note that the recursive call to @{method prop_solver} does not have any - parameters passed to it. Recall that fact parameters, e.g.\ \intros\, \elims\, and \subst\, are managed by declarations - in the current proof context. They will therefore be passed to any recursive - call to @{method prop_solver} and, more generally, any invocation of a - method which declares these named theorems. + parameters passed to it. Recall that fact parameters, e.g.\ \intros\, + \elims\, and \subst\, are managed by declarations in the current proof + context. They will therefore be passed to any recursive call to @{method + prop_solver} and, more generally, any invocation of a method which declares + these named theorems. \<^medskip> After declaring some standard rules to the context, the @{method prop_solver} becomes capable of solving non-trivial propositional - tautologies.\ + tautologies. +\ lemmas [intros] = conjI -- \@{thm conjI}\ @@ -271,15 +273,15 @@ result of backtracking. When designing more sophisticated proof methods this proves too restrictive and difficult to manage conceptually. - To address this, we introduce the @{method_def "match"} method, which - provides more direct access to the higher-order matching facility at the - core of Isabelle. It is implemented as a separate proof method (in - Isabelle/ML), and thus can be directly applied to proofs, however it is most - useful when applied in the context of writing Eisbach method definitions. + To address this, we introduce the @{method_def match} method, which provides + more direct access to the higher-order matching facility at the core of + Isabelle. It is implemented as a separate proof method (in Isabelle/ML), and + thus can be directly applied to proofs, however it is most useful when + applied in the context of writing Eisbach method definitions. \<^medskip> - The syntax diagram below refers to some syntactic categories that - are further defined in @{cite "isabelle-isar-ref"}. + The syntax diagram below refers to some syntactic categories that are + further defined in @{cite "isabelle-isar-ref"}. @{rail \ @@{method match} kind @'in' (pattern '\' cartouche + '\') @@ -296,10 +298,10 @@ \} Matching allows methods to introspect the goal state, and to implement more - explicit control flow. In the basic case, a term or fact \ts\ is given - to match against as a \<^emph>\match target\, along with a collection of - pattern-method pairs \(p, m)\: roughly speaking, when the pattern - \p\ matches any member of \ts\, the \<^emph>\inner\ method \m\ will be executed. + explicit control flow. In the basic case, a term or fact \ts\ is given to + match against as a \<^emph>\match target\, along with a collection of + pattern-method pairs \(p, m)\: roughly speaking, when the pattern \p\ + matches any member of \ts\, the \<^emph>\inner\ method \m\ will be executed. \ lemma @@ -310,11 +312,11 @@ by (match X in I: "Q \ P" and I': "Q" \ \insert mp [OF I I']\) text \ - In this example we have a structured Isar proof, with the named - assumption \X\ and a conclusion @{term "P"}. With the match method - we can find the local facts @{term "Q \ P"} and @{term "Q"}, binding them to - separately as \I\ and \I'\. We then specialize the - modus-ponens rule @{thm mp [of Q P]} to these facts to solve the goal. + In this example we have a structured Isar proof, with the named assumption + \X\ and a conclusion @{term "P"}. With the match method we can find the + local facts @{term "Q \ P"} and @{term "Q"}, binding them to separately as + \I\ and \I'\. We then specialize the modus-ponens rule @{thm mp [of Q P]} to + these facts to solve the goal. \ @@ -324,15 +326,14 @@ In the previous example we were able to match against an assumption out of the Isar proof state. In general, however, proof subgoals can be \<^emph>\unstructured\, with goal parameters and premises arising from rule - application. To address this, @{method match} uses \<^emph>\subgoal focusing\ - to produce structured goals out of - unstructured ones. In place of fact or term, we may give the - keyword @{keyword_def "premises"} as the match target. This causes a subgoal - focus on the first subgoal, lifting local goal parameters to fixed term - variables and premises into hypothetical theorems. The match is performed - against these theorems, naming them and binding them as appropriate. - Similarly giving the keyword @{keyword_def "conclusion"} matches against the - conclusion of the first subgoal. + application. To address this, @{method match} uses \<^emph>\subgoal focusing\ to + produce structured goals out of unstructured ones. In place of fact or term, + we may give the keyword @{keyword_def "premises"} as the match target. This + causes a subgoal focus on the first subgoal, lifting local goal parameters + to fixed term variables and premises into hypothetical theorems. The match + is performed against these theorems, naming them and binding them as + appropriate. Similarly giving the keyword @{keyword_def "conclusion"} + matches against the conclusion of the first subgoal. An unstructured version of the previous example can then be similarly solved through focusing. @@ -358,16 +359,16 @@ now-bound @{term A} (bound to @{term P}) against the conclusion (also @{term P}), finally applying the specialized rule to solve the goal. - Schematic terms like \?P\ may also be used to specify match - variables, but the result of the match is not bound, and thus cannot be used - in the inner method body. + Schematic terms like \?P\ may also be used to specify match variables, but + the result of the match is not bound, and thus cannot be used in the inner + method body. \<^medskip> - In the following example we extract the predicate of an - existentially quantified conclusion in the current subgoal and search the - current premises for a matching fact. If both matches are successful, we - then instantiate the existential introduction rule with both the witness and - predicate, solving with the matched premise. + In the following example we extract the predicate of an existentially + quantified conclusion in the current subgoal and search the current premises + for a matching fact. If both matches are successful, we then instantiate the + existential introduction rule with both the witness and predicate, solving + with the matched premise. \ method solve_ex = @@ -378,15 +379,14 @@ text \ The first @{method match} matches the pattern @{term "\x. Q x"} against the current conclusion, binding the term @{term "Q"} in the inner match. Next - the pattern \Q y\ is matched against all premises of the current - subgoal. In this case @{term "Q"} is fixed and @{term "y"} may be - instantiated. Once a match is found, the local fact \U\ is bound to - the matching premise and the variable @{term "y"} is bound to the matching - witness. The existential introduction rule \exI:\~@{thm exI} is then - instantiated with @{term "y"} as the witness and @{term "Q"} as the - predicate, with its proof obligation solved by the local fact U (using the - Isar attribute @{attribute OF}). The following example is a trivial use of - this method. + the pattern \Q y\ is matched against all premises of the current subgoal. In + this case @{term "Q"} is fixed and @{term "y"} may be instantiated. Once a + match is found, the local fact \U\ is bound to the matching premise and the + variable @{term "y"} is bound to the matching witness. The existential + introduction rule \exI:\~@{thm exI} is then instantiated with @{term "y"} as + the witness and @{term "Q"} as the predicate, with its proof obligation + solved by the local fact U (using the Isar attribute @{attribute OF}). The + following example is a trivial use of this method. \ lemma "halts p \ \x. halts x" @@ -419,13 +419,12 @@ with a universal quantifier in the premises that matches the type of @{term y}. Since @{keyword "premises"} causes a focus, however, there are no subgoal premises to be found and thus @{method my_allE_bad} will always - fail. If focusing instead left the premises in place, using methods - like @{method erule} would lead to unintended behaviour, specifically during + fail. If focusing instead left the premises in place, using methods like + @{method erule} would lead to unintended behaviour, specifically during backtracking. In our example, @{method erule} could choose an alternate - premise while backtracking, while leaving \I\ bound to the original - match. In the case of more complex inner methods, where either \I\ or - bound terms are used, this would almost certainly not be the intended - behaviour. + premise while backtracking, while leaving \I\ bound to the original match. + In the case of more complex inner methods, where either \I\ or bound terms + are used, this would almost certainly not be the intended behaviour. An alternative implementation would be to specialize the elimination rule to the bound term and apply it directly. @@ -444,13 +443,13 @@ premise, it is not likely the intended behaviour. Repeated application of this method will produce an infinite stream of duplicate specialized premises, due to the original premise never being removed. To address this, - matched premises may be declared with the @{attribute "thin"} attribute. - This will hide the premise from subsequent inner matches, and remove it from - the list of premises when the inner method has finished and the subgoal is + matched premises may be declared with the @{attribute thin} attribute. This + will hide the premise from subsequent inner matches, and remove it from the + list of premises when the inner method has finished and the subgoal is unfocused. It can be considered analogous to the existing \thin_tac\. - To complete our example, the correct implementation of the method - will @{attribute "thin"} the premise from the match and then apply it to the + To complete our example, the correct implementation of the method will + @{attribute thin} the premise from the match and then apply it to the specialized elimination rule.\ method my_allE for y :: 'a = @@ -460,13 +459,14 @@ lemma "\x. P x \ \x. Q x \ P y \ Q y" by (my_allE y)+ (rule conjI) + subsubsection \Inner focusing\ text \ - Premises are \<^emph>\accumulated\ for the purposes of subgoal focusing. - In contrast to using standard methods like @{method frule} within - focused match, another @{method match} will have access to all the premises - of the outer focus. + Premises are \<^emph>\accumulated\ for the purposes of subgoal focusing. In + contrast to using standard methods like @{method frule} within focused + match, another @{method match} will have access to all the premises of the + outer focus. \ lemma "A \ B \ A \ B" @@ -475,25 +475,23 @@ text \ In this example, the inner @{method match} can find the focused premise - @{term B}. In contrast, the @{method assumption} method would fail here - due to @{term B} not being logically accessible. + @{term B}. In contrast, the @{method assumption} method would fail here due + to @{term B} not being logically accessible. \ - lemma - "A \ A \ (B \ B)" + lemma "A \ A \ (B \ B)" by (match premises in H: A \ \intro conjI, rule H, rule impI, match premises (local) in A \ \fail\ \ H': B \ \rule H'\\) text \ - In this example, the only premise that exists in the first focus is - @{term "A"}. Prior to the inner match, the rule \impI\ changes - the goal @{term "B \ B"} into @{term "B \ B"}. A standard premise - match would also include @{term A} as an original premise of the outer - match. The \local\ argument limits the match to - newly focused premises. + In this example, the only premise that exists in the first focus is @{term + "A"}. Prior to the inner match, the rule \impI\ changes the goal @{term "B \ + B"} into @{term "B \ B"}. A standard premise match would also include @{term + A} as an original premise of the outer match. The \local\ argument limits + the match to newly focused premises. +\ -\ section \Attributes\ @@ -547,8 +545,7 @@ text \ The @{attribute of} attribute behaves similarly. It is worth noting, however, that the positional instantiation of @{attribute of} occurs against - the position of the variables as they are declared \<^emph>\in the match - pattern\. + the position of the variables as they are declared \<^emph>\in the match pattern\. \ lemma @@ -559,15 +556,16 @@ \rule I [of x y]\) text \ - In this example, the order of schematics in \asm\ is actually \?y ?x\, but we instantiate our matched rule in the opposite order. This is - because the effective rule @{term I} was bound from the match, which - declared the @{typ 'a} slot first and the @{typ 'b} slot second. + In this example, the order of schematics in \asm\ is actually \?y ?x\, but + we instantiate our matched rule in the opposite order. This is because the + effective rule @{term I} was bound from the match, which declared the @{typ + 'a} slot first and the @{typ 'b} slot second. To get the dynamic behaviour of @{attribute of} we can choose to invoke it - \<^emph>\unchecked\. This avoids trying to do any type inference for the - provided parameters, instead storing them as their most general type and - doing type matching at run-time. This, like @{attribute OF}, will throw - errors if the expected slots don't exist or there is a type mismatch. + \<^emph>\unchecked\. This avoids trying to do any type inference for the provided + parameters, instead storing them as their most general type and doing type + matching at run-time. This, like @{attribute OF}, will throw errors if the + expected slots don't exist or there is a type mismatch. \ lemma @@ -587,11 +585,11 @@ \prop_solver\) text \ - In this example, the pattern \\x :: 'a. ?P x \ ?Q x\ matches against - the only premise, giving an appropriately typed slot for @{term y}. After - the match, the resulting rule is instantiated to @{term y} and then declared - as an @{attribute intros} rule. This is then picked up by @{method - prop_solver} to solve the goal. + In this example, the pattern \\x :: 'a. ?P x \ ?Q x\ matches against the + only premise, giving an appropriately typed slot for @{term y}. After the + match, the resulting rule is instantiated to @{term y} and then declared as + an @{attribute intros} rule. This is then picked up by @{method prop_solver} + to solve the goal. \ @@ -600,8 +598,9 @@ text \ In all previous examples, @{method match} was only ever searching for a single rule or premise. Each local fact would therefore always have a length - of exactly one. We may, however, wish to find \<^emph>\all\ matching results. - To achieve this, we can simply mark a given pattern with the \(multi)\ argument. + of exactly one. We may, however, wish to find \<^emph>\all\ matching results. To + achieve this, we can simply mark a given pattern with the \(multi)\ + argument. \ lemma @@ -612,21 +611,21 @@ done text \ - In the first @{method match}, without the \(multi)\ argument, @{term - I} is only ever be bound to one of the members of \asms\. This - backtracks over both possibilities (see next section), however neither - assumption in isolation is sufficient to solve to goal. The use of the - @{method solves} combinator ensures that @{method prop_solver} has no effect - on the goal when it doesn't solve it, and so the first match leaves the goal - unchanged. In the second @{method match}, \I\ is bound to all of - \asms\, declaring both results as \intros\. With these rules - @{method prop_solver} is capable of solving the goal. + In the first @{method match}, without the \(multi)\ argument, @{term I} is + only ever be bound to one of the members of \asms\. This backtracks over + both possibilities (see next section), however neither assumption in + isolation is sufficient to solve to goal. The use of the @{method solves} + combinator ensures that @{method prop_solver} has no effect on the goal when + it doesn't solve it, and so the first match leaves the goal unchanged. In + the second @{method match}, \I\ is bound to all of \asms\, declaring both + results as \intros\. With these rules @{method prop_solver} is capable of + solving the goal. Using for-fixed variables in patterns imposes additional constraints on the - results. In all previous examples, the choice of using \?P\ or a - for-fixed @{term P} only depended on whether or not @{term P} was mentioned - in another pattern or the inner method. When using a multi-match, however, - all for-fixed terms must agree in the results. + results. In all previous examples, the choice of using \?P\ or a for-fixed + @{term P} only depended on whether or not @{term P} was mentioned in another + pattern or the inner method. When using a multi-match, however, all + for-fixed terms must agree in the results. \ lemma @@ -641,11 +640,11 @@ text \ Here we have two seemingly-equivalent applications of @{method match}, however only the second one is capable of solving the goal. The first - @{method match} selects the first and third members of \asms\ (those - that agree on their conclusion), which is not sufficient. The second - @{method match} selects the first and second members of \asms\ (those - that agree on their assumption), which is enough for @{method prop_solver} - to solve the goal. + @{method match} selects the first and third members of \asms\ (those that + agree on their conclusion), which is not sufficient. The second @{method + match} selects the first and second members of \asms\ (those that agree on + their assumption), which is enough for @{method prop_solver} to solve the + goal. \ @@ -655,10 +654,10 @@ Dummy patterns may be given as placeholders for unique schematics in patterns. They implicitly receive all currently bound variables as arguments, and are coerced into the @{typ prop} type whenever possible. For - example, the trivial dummy pattern \_\ will match any proposition. - In contrast, by default the pattern \?P\ is considered to have type - @{typ bool}. It will not bind anything with meta-logical connectives (e.g. - \_ \ _\ or \_ &&& _\). + example, the trivial dummy pattern \_\ will match any proposition. In + contrast, by default the pattern \?P\ is considered to have type @{typ + bool}. It will not bind anything with meta-logical connectives (e.g. \_ \ _\ + or \_ &&& _\). \