# HG changeset patch # User wenzelm # Date 1451496339 -3600 # Node ID 2461779da2b8d0ac75d92994a6ccff1e08360563 # Parent a63a11b0933591f5867ffe3ec3fba8ac5f22a8e0 isabelle update_cartouches -c -t; diff -r a63a11b09335 -r 2461779da2b8 src/HOL/Lattice/Bounds.thy --- a/src/HOL/Lattice/Bounds.thy Wed Dec 30 18:24:36 2015 +0100 +++ b/src/HOL/Lattice/Bounds.thy Wed Dec 30 18:25:39 2015 +0100 @@ -2,19 +2,19 @@ Author: Markus Wenzel, TU Muenchen *) -section {* Bounds *} +section \Bounds\ theory Bounds imports Orders begin hide_const (open) inf sup -subsection {* Infimum and supremum *} +subsection \Infimum and supremum\ -text {* +text \ Given a partial order, we define infimum (greatest lower bound) and - supremum (least upper bound) wrt.\ @{text \} for two and for any + supremum (least upper bound) wrt.\ \\\ for two and for any number of elements. -*} +\ definition is_inf :: "'a::partial_order \ 'a \ 'a \ bool" where @@ -32,10 +32,10 @@ is_Sup :: "'a::partial_order set \ 'a \ bool" where "is_Sup A sup = ((\x \ A. x \ sup) \ (\z. (\x \ A. x \ z) \ sup \ z))" -text {* +text \ These definitions entail the following basic properties of boundary elements. -*} +\ lemma is_infI [intro?]: "inf \ x \ inf \ y \ (\z. z \ x \ z \ y \ z \ inf) \ is_inf x y inf" @@ -89,11 +89,11 @@ by (unfold is_Sup_def) blast -subsection {* Duality *} +subsection \Duality\ -text {* +text \ Infimum and supremum are dual to each other. -*} +\ theorem dual_inf [iff?]: "is_inf (dual x) (dual y) (dual sup) = is_sup x y sup" @@ -112,12 +112,12 @@ by (simp add: is_Inf_def is_Sup_def dual_all [symmetric] dual_leq) -subsection {* Uniqueness *} +subsection \Uniqueness\ -text {* +text \ Infima and suprema on partial orders are unique; this is mainly due to anti-symmetry of the underlying relation. -*} +\ theorem is_inf_uniq: "is_inf x y inf \ is_inf x y inf' \ inf = inf'" proof - @@ -180,11 +180,11 @@ qed -subsection {* Related elements *} +subsection \Related elements\ -text {* +text \ The binary bound of related elements is either one of the argument. -*} +\ theorem is_inf_related [elim?]: "x \ y \ is_inf x y x" proof - @@ -210,11 +210,11 @@ qed -subsection {* General versus binary bounds \label{sec:gen-bin-bounds} *} +subsection \General versus binary bounds \label{sec:gen-bin-bounds}\ -text {* +text \ General bounds of two-element sets coincide with binary bounds. -*} +\ theorem is_Inf_binary: "is_Inf {x, y} inf = is_inf x y inf" proof - @@ -284,14 +284,14 @@ qed -subsection {* Connecting general bounds \label{sec:connect-bounds} *} +subsection \Connecting general bounds \label{sec:connect-bounds}\ -text {* +text \ Either kind of general bounds is sufficient to express the other. The least upper bound (supremum) is the same as the the greatest lower bound of the set of all upper bounds; the dual statements holds as well; the dual statement holds as well. -*} +\ theorem Inf_Sup: "is_Inf {b. \a \ A. a \ b} sup \ is_Sup A sup" proof - diff -r a63a11b09335 -r 2461779da2b8 src/HOL/Lattice/CompleteLattice.thy --- a/src/HOL/Lattice/CompleteLattice.thy Wed Dec 30 18:24:36 2015 +0100 +++ b/src/HOL/Lattice/CompleteLattice.thy Wed Dec 30 18:25:39 2015 +0100 @@ -2,18 +2,18 @@ Author: Markus Wenzel, TU Muenchen *) -section {* Complete lattices *} +section \Complete lattices\ theory CompleteLattice imports Lattice begin -subsection {* Complete lattice operations *} +subsection \Complete lattice operations\ -text {* +text \ A \emph{complete lattice} is a partial order with general (infinitary) infimum of any set of elements. General supremum exists as well, as a consequence of the connection of infinitary bounds (see \S\ref{sec:connect-bounds}). -*} +\ class complete_lattice = assumes ex_Inf: "\inf. is_Inf A inf" @@ -25,10 +25,10 @@ then show ?thesis .. qed -text {* - The general @{text \} (meet) and @{text \} (join) operations select +text \ + The general \\\ (meet) and \\\ (join) operations select such infimum and supremum elements. -*} +\ definition Meet :: "'a::complete_lattice set \ 'a" ("\_" [90] 90) where @@ -37,16 +37,16 @@ Join :: "'a::complete_lattice set \ 'a" ("\_" [90] 90) where "\A = (THE sup. is_Sup A sup)" -text {* +text \ Due to unique existence of bounds, the complete lattice operations may be exhibited as follows. -*} +\ lemma Meet_equality [elim?]: "is_Inf A inf \ \A = inf" proof (unfold Meet_def) assume "is_Inf A inf" then show "(THE inf. is_Inf A inf) = inf" - by (rule the_equality) (rule is_Inf_uniq [OF _ `is_Inf A inf`]) + by (rule the_equality) (rule is_Inf_uniq [OF _ \is_Inf A inf\]) qed lemma MeetI [intro?]: @@ -59,7 +59,7 @@ proof (unfold Join_def) assume "is_Sup A sup" then show "(THE sup. is_Sup A sup) = sup" - by (rule the_equality) (rule is_Sup_uniq [OF _ `is_Sup A sup`]) + by (rule the_equality) (rule is_Sup_uniq [OF _ \is_Sup A sup\]) qed lemma JoinI [intro?]: @@ -69,16 +69,16 @@ by (rule Join_equality, rule is_SupI) blast+ -text {* - \medskip The @{text \} and @{text \} operations indeed determine +text \ + \medskip The \\\ and \\\ operations indeed determine bounds on a complete lattice structure. -*} +\ lemma is_Inf_Meet [intro?]: "is_Inf A (\A)" proof (unfold Meet_def) from ex_Inf obtain inf where "is_Inf A inf" .. then show "is_Inf A (THE inf. is_Inf A inf)" - by (rule theI) (rule is_Inf_uniq [OF _ `is_Inf A inf`]) + by (rule theI) (rule is_Inf_uniq [OF _ \is_Inf A inf\]) qed lemma Meet_greatest [intro?]: "(\a. a \ A \ x \ a) \ x \ \A" @@ -92,7 +92,7 @@ proof (unfold Join_def) from ex_Sup obtain sup where "is_Sup A sup" .. then show "is_Sup A (THE sup. is_Sup A sup)" - by (rule theI) (rule is_Sup_uniq [OF _ `is_Sup A sup`]) + by (rule theI) (rule is_Sup_uniq [OF _ \is_Sup A sup\]) qed lemma Join_least [intro?]: "(\a. a \ A \ a \ x) \ \A \ x" @@ -101,15 +101,15 @@ by (rule is_Sup_upper) (rule is_Sup_Join) -subsection {* The Knaster-Tarski Theorem *} +subsection \The Knaster-Tarski Theorem\ -text {* +text \ The Knaster-Tarski Theorem (in its simplest formulation) states that any monotone function on a complete lattice has a least fixed-point (see @{cite \pages 93--94\ "Davey-Priestley:1990"} for example). This is a consequence of the basic boundary properties of the complete lattice operations. -*} +\ theorem Knaster_Tarski: assumes mono: "\x y. x \ y \ f x \ f y" @@ -176,12 +176,12 @@ qed -subsection {* Bottom and top elements *} +subsection \Bottom and top elements\ -text {* +text \ With general bounds available, complete lattices also have least and greatest elements. -*} +\ definition bottom :: "'a::complete_lattice" ("\") where @@ -232,12 +232,12 @@ qed -subsection {* Duality *} +subsection \Duality\ -text {* +text \ The class of complete lattices is closed under formation of dual structures. -*} +\ instance dual :: (complete_lattice) complete_lattice proof @@ -250,10 +250,10 @@ qed qed -text {* - Apparently, the @{text \} and @{text \} operations are dual to each +text \ + Apparently, the \\\ and \\\ operations are dual to each other. -*} +\ theorem dual_Meet [intro?]: "dual (\A) = \(dual ` A)" proof - @@ -269,9 +269,9 @@ then show ?thesis .. qed -text {* - Likewise are @{text \} and @{text \} duals of each other. -*} +text \ + Likewise are \\\ and \\\ duals of each other. +\ theorem dual_bottom [intro?]: "dual \ = \" proof - @@ -296,14 +296,14 @@ qed -subsection {* Complete lattices are lattices *} +subsection \Complete lattices are lattices\ -text {* +text \ Complete lattices (with general bounds available) are indeed plain lattices as well. This holds due to the connection of general versus binary bounds that has been formally established in \S\ref{sec:gen-bin-bounds}. -*} +\ lemma is_inf_binary: "is_inf x y (\{x, y})" proof - @@ -331,12 +331,12 @@ by (rule join_equality) (rule is_sup_binary) -subsection {* Complete lattices and set-theory operations *} +subsection \Complete lattices and set-theory operations\ -text {* +text \ The complete lattice operations are (anti) monotone wrt.\ set inclusion. -*} +\ theorem Meet_subset_antimono: "A \ B \ \B \ \A" proof (rule Meet_greatest) @@ -355,9 +355,9 @@ then show ?thesis by (simp only: dual_leq) qed -text {* +text \ Bounds over unions of sets may be obtained separately. -*} +\ theorem Meet_Un: "\(A \ B) = \A \ \B" proof @@ -404,9 +404,9 @@ finally show ?thesis .. qed -text {* +text \ Bounds over singleton sets are trivial. -*} +\ theorem Meet_singleton: "\{x} = x" proof @@ -425,9 +425,9 @@ finally show ?thesis .. qed -text {* +text \ Bounds over the empty and universal set correspond to each other. -*} +\ theorem Meet_empty: "\{} = \UNIV" proof diff -r a63a11b09335 -r 2461779da2b8 src/HOL/Lattice/Lattice.thy --- a/src/HOL/Lattice/Lattice.thy Wed Dec 30 18:24:36 2015 +0100 +++ b/src/HOL/Lattice/Lattice.thy Wed Dec 30 18:25:39 2015 +0100 @@ -2,26 +2,26 @@ Author: Markus Wenzel, TU Muenchen *) -section {* Lattices *} +section \Lattices\ theory Lattice imports Bounds begin -subsection {* Lattice operations *} +subsection \Lattice operations\ -text {* +text \ A \emph{lattice} is a partial order with infimum and supremum of any two elements (thus any \emph{finite} number of elements have bounds as well). -*} +\ class lattice = assumes ex_inf: "\inf. is_inf x y inf" assumes ex_sup: "\sup. is_sup x y sup" -text {* - The @{text \} (meet) and @{text \} (join) operations select such +text \ + The \\\ (meet) and \\\ (join) operations select such infimum and supremum elements. -*} +\ definition meet :: "'a::lattice \ 'a \ 'a" (infixl "\" 70) where @@ -30,16 +30,16 @@ join :: "'a::lattice \ 'a \ 'a" (infixl "\" 65) where "x \ y = (THE sup. is_sup x y sup)" -text {* +text \ Due to unique existence of bounds, the lattice operations may be exhibited as follows. -*} +\ lemma meet_equality [elim?]: "is_inf x y inf \ x \ y = inf" proof (unfold meet_def) assume "is_inf x y inf" then show "(THE inf. is_inf x y inf) = inf" - by (rule the_equality) (rule is_inf_uniq [OF _ `is_inf x y inf`]) + by (rule the_equality) (rule is_inf_uniq [OF _ \is_inf x y inf\]) qed lemma meetI [intro?]: @@ -50,7 +50,7 @@ proof (unfold join_def) assume "is_sup x y sup" then show "(THE sup. is_sup x y sup) = sup" - by (rule the_equality) (rule is_sup_uniq [OF _ `is_sup x y sup`]) + by (rule the_equality) (rule is_sup_uniq [OF _ \is_sup x y sup\]) qed lemma joinI [intro?]: "x \ sup \ y \ sup \ @@ -58,16 +58,16 @@ by (rule join_equality, rule is_supI) blast+ -text {* - \medskip The @{text \} and @{text \} operations indeed determine +text \ + \medskip The \\\ and \\\ operations indeed determine bounds on a lattice structure. -*} +\ lemma is_inf_meet [intro?]: "is_inf x y (x \ y)" proof (unfold meet_def) from ex_inf obtain inf where "is_inf x y inf" .. then show "is_inf x y (THE inf. is_inf x y inf)" - by (rule theI) (rule is_inf_uniq [OF _ `is_inf x y inf`]) + by (rule theI) (rule is_inf_uniq [OF _ \is_inf x y inf\]) qed lemma meet_greatest [intro?]: "z \ x \ z \ y \ z \ x \ y" @@ -84,7 +84,7 @@ proof (unfold join_def) from ex_sup obtain sup where "is_sup x y sup" .. then show "is_sup x y (THE sup. is_sup x y sup)" - by (rule theI) (rule is_sup_uniq [OF _ `is_sup x y sup`]) + by (rule theI) (rule is_sup_uniq [OF _ \is_sup x y sup\]) qed lemma join_least [intro?]: "x \ z \ y \ z \ x \ y \ z" @@ -97,14 +97,14 @@ by (rule is_sup_upper) (rule is_sup_join) -subsection {* Duality *} +subsection \Duality\ -text {* +text \ The class of lattices is closed under formation of dual structures. This means that for any theorem of lattice theory, the dualized statement holds as well; this important fact simplifies many proofs of lattice theory. -*} +\ instance dual :: (lattice) lattice proof @@ -125,10 +125,10 @@ qed qed -text {* - Apparently, the @{text \} and @{text \} operations are dual to each +text \ + Apparently, the \\\ and \\\ operations are dual to each other. -*} +\ theorem dual_meet [intro?]: "dual (x \ y) = dual x \ dual y" proof - @@ -145,13 +145,13 @@ qed -subsection {* Algebraic properties \label{sec:lattice-algebra} *} +subsection \Algebraic properties \label{sec:lattice-algebra}\ -text {* - The @{text \} and @{text \} operations have the following +text \ + The \\\ and \\\ operations have the following characteristic algebraic properties: associative (A), commutative (C), and absorptive (AB). -*} +\ theorem meet_assoc: "(x \ y) \ z = x \ (y \ z)" proof @@ -239,10 +239,10 @@ then show ?thesis .. qed -text {* +text \ \medskip Some further algebraic properties hold as well. The property idempotent (I) is a basic algebraic consequence of (AB). -*} +\ theorem meet_idem: "x \ x = x" proof - @@ -260,9 +260,9 @@ then show ?thesis .. qed -text {* +text \ Meet and join are trivial for related elements. -*} +\ theorem meet_related [elim?]: "x \ y \ x \ y = x" proof @@ -283,12 +283,12 @@ qed -subsection {* Order versus algebraic structure *} +subsection \Order versus algebraic structure\ -text {* - The @{text \} and @{text \} operations are connected with the - underlying @{text \} relation in a canonical manner. -*} +text \ + The \\\ and \\\ operations are connected with the + underlying \\\ relation in a canonical manner. +\ theorem meet_connection: "(x \ y) = (x \ y = x)" proof @@ -312,28 +312,28 @@ finally show "x \ y" . qed -text {* +text \ \medskip The most fundamental result of the meta-theory of lattices is as follows (we do not prove it here). - Given a structure with binary operations @{text \} and @{text \} + Given a structure with binary operations \\\ and \\\ such that (A), (C), and (AB) hold (cf.\ \S\ref{sec:lattice-algebra}). This structure represents a lattice, if the relation @{term "x \ y"} is defined as @{term "x \ y = x"} (alternatively as @{term "x \ y = y"}). Furthermore, infimum and supremum with respect to this ordering coincide with the original - @{text \} and @{text \} operations. -*} + \\\ and \\\ operations. +\ -subsection {* Example instances *} +subsection \Example instances\ -subsubsection {* Linear orders *} +subsubsection \Linear orders\ -text {* +text \ Linear orders with @{term minimum} and @{term maximum} operations are a (degenerate) example of lattice structures. -*} +\ definition minimum :: "'a::linear_order \ 'a \ 'a" where @@ -367,10 +367,10 @@ from is_sup_maximum show "\sup. is_sup x y sup" .. qed -text {* +text \ The lattice operations on linear orders indeed coincide with @{term minimum} and @{term maximum}. -*} +\ theorem meet_mimimum: "x \ y = minimum x y" by (rule meet_equality) (rule is_inf_minimum) @@ -380,12 +380,12 @@ -subsubsection {* Binary products *} +subsubsection \Binary products\ -text {* +text \ The class of lattices is closed under direct binary products (cf.\ \S\ref{sec:prod-order}). -*} +\ lemma is_inf_prod: "is_inf p q (fst p \ fst q, snd p \ snd q)" proof @@ -456,10 +456,10 @@ from is_sup_prod show "\sup. is_sup p q sup" .. qed -text {* +text \ The lattice operations on a binary product structure indeed coincide with the products of the original ones. -*} +\ theorem meet_prod: "p \ q = (fst p \ fst q, snd p \ snd q)" by (rule meet_equality) (rule is_inf_prod) @@ -468,12 +468,12 @@ by (rule join_equality) (rule is_sup_prod) -subsubsection {* General products *} +subsubsection \General products\ -text {* +text \ The class of lattices is closed under general products (function spaces) as well (cf.\ \S\ref{sec:fun-order}). -*} +\ lemma is_inf_fun: "is_inf f g (\x. f x \ g x)" proof @@ -526,10 +526,10 @@ show "\sup. is_sup f g sup" by rule (rule is_sup_fun) qed -text {* +text \ The lattice operations on a general product structure (function space) indeed emerge by point-wise lifting of the original ones. -*} +\ theorem meet_fun: "f \ g = (\x. f x \ g x)" by (rule meet_equality) (rule is_inf_fun) @@ -538,13 +538,13 @@ by (rule join_equality) (rule is_sup_fun) -subsection {* Monotonicity and semi-morphisms *} +subsection \Monotonicity and semi-morphisms\ -text {* +text \ The lattice operations are monotone in both argument positions. In fact, monotonicity of the second position is trivial due to commutativity. -*} +\ theorem meet_mono: "x \ z \ y \ w \ x \ y \ z \ w" proof - @@ -576,12 +576,12 @@ then show ?thesis .. qed -text {* - \medskip A semi-morphisms is a function @{text f} that preserves the +text \ + \medskip A semi-morphisms is a function \f\ that preserves the lattice operations in the following manner: @{term "f (x \ y) \ f x \ f y"} and @{term "f x \ f y \ f (x \ y)"}, respectively. Any of these properties is equivalent with monotonicity. -*} +\ theorem meet_semimorph: "(\x y. f (x \ y) \ f x \ f y) \ (\x y. x \ y \ f x \ f y)" @@ -615,7 +615,7 @@ assume "x \ y" then have "x \ y = y" .. have "f x \ f x \ f y" .. also have "\ \ f (x \ y)" by (rule morph) - also from `x \ y` have "x \ y = y" .. + also from \x \ y\ have "x \ y = y" .. finally show "f x \ f y" . next assume mono: "\x y. x \ y \ f x \ f y" diff -r a63a11b09335 -r 2461779da2b8 src/HOL/Lattice/Orders.thy --- a/src/HOL/Lattice/Orders.thy Wed Dec 30 18:24:36 2015 +0100 +++ b/src/HOL/Lattice/Orders.thy Wed Dec 30 18:25:39 2015 +0100 @@ -2,20 +2,20 @@ Author: Markus Wenzel, TU Muenchen *) -section {* Orders *} +section \Orders\ theory Orders imports Main begin -subsection {* Ordered structures *} +subsection \Ordered structures\ -text {* +text \ We define several classes of ordered structures over some type @{typ - 'a} with relation @{text "\ :: 'a \ 'a \ bool"}. For a + 'a} with relation \\ :: 'a \ 'a \ bool\. For a \emph{quasi-order} that relation is required to be reflexive and transitive, for a \emph{partial order} it also has to be anti-symmetric, while for a \emph{linear order} all elements are required to be related (in either direction). -*} +\ class leq = fixes leq :: "'a \ 'a \ bool" (infixl "\" 50) @@ -35,13 +35,13 @@ by (insert leq_linear) blast -subsection {* Duality *} +subsection \Duality\ -text {* +text \ The \emph{dual} of an ordered structure is an isomorphic copy of the - underlying type, with the @{text \} relation defined as the inverse + underlying type, with the \\\ relation defined as the inverse of the original one. -*} +\ datatype 'a dual = dual 'a @@ -64,10 +64,10 @@ lemma dual_leq [iff?]: "(dual x \ dual y) = (y \ x)" by (simp add: leq_dual_def) -text {* +text \ \medskip Functions @{term dual} and @{term undual} are inverse to each other; this entails the following fundamental properties. -*} +\ lemma dual_undual [simp]: "dual (undual x') = x'" by (cases x') simp @@ -78,11 +78,11 @@ lemma dual_undual_id [simp]: "dual o undual = id" by (rule ext) simp -text {* +text \ \medskip Since @{term dual} (and @{term undual}) are both injective and surjective, the basic logical connectives (equality, quantification etc.) are transferred as follows. -*} +\ lemma undual_equality [iff?]: "(undual x' = undual y') = (x' = y')" by (cases x', cases y') simp @@ -143,14 +143,14 @@ qed -subsection {* Transforming orders *} +subsection \Transforming orders\ -subsubsection {* Duals *} +subsubsection \Duals\ -text {* +text \ The classes of quasi, partial, and linear orders are all closed under formation of dual structures. -*} +\ instance dual :: (quasi_order) quasi_order proof @@ -183,13 +183,13 @@ qed -subsubsection {* Binary products \label{sec:prod-order} *} +subsubsection \Binary products \label{sec:prod-order}\ -text {* +text \ The classes of quasi and partial orders are closed under binary products. Note that the direct product of linear orders need \emph{not} be linear in general. -*} +\ instantiation prod :: (leq, leq) leq begin @@ -245,13 +245,13 @@ qed -subsubsection {* General products \label{sec:fun-order} *} +subsubsection \General products \label{sec:fun-order}\ -text {* +text \ The classes of quasi and partial orders are closed under general products (function spaces). Note that the direct product of linear orders need \emph{not} be linear in general. -*} +\ instantiation "fun" :: (type, leq) leq begin diff -r a63a11b09335 -r 2461779da2b8 src/HOL/Proofs/Extraction/Euclid.thy --- a/src/HOL/Proofs/Extraction/Euclid.thy Wed Dec 30 18:24:36 2015 +0100 +++ b/src/HOL/Proofs/Extraction/Euclid.thy Wed Dec 30 18:25:39 2015 +0100 @@ -4,7 +4,7 @@ Author: Stefan Berghofer, TU Muenchen *) -section {* Euclid's theorem *} +section \Euclid's theorem\ theory Euclid imports @@ -13,10 +13,10 @@ "~~/src/HOL/Library/Code_Target_Numeral" begin -text {* +text \ A constructive version of the proof of Euclid's theorem by Markus Wenzel and Freek Wiedijk @{cite "Wenzel-Wiedijk-JAR2002"}. -*} +\ lemma factor_greater_one1: "n = m * k \ m < n \ k < n \ Suc 0 < m" by (induct m) auto @@ -109,10 +109,10 @@ then show ?case by simp next case (Suc n) - from `m \ Suc n` show ?case + from \m \ Suc n\ show ?case proof (rule le_SucE) assume "m \ n" - with `0 < m` have "m dvd fact n" by (rule Suc) + with \0 < m\ have "m dvd fact n" by (rule Suc) then have "m dvd (fact n * Suc n)" by (rule dvd_mult2) then show ?thesis by (simp add: mult.commute) next @@ -155,13 +155,13 @@ lemma all_prime_nempty_g_one: assumes "all_prime ps" and "ps \ []" shows "Suc 0 < (\m::nat \# mset ps. m)" - using `ps \ []` `all_prime ps` unfolding One_nat_def [symmetric] by (induct ps rule: list_nonempty_induct) + using \ps \ []\ \all_prime ps\ unfolding One_nat_def [symmetric] by (induct ps rule: list_nonempty_induct) (simp_all add: all_prime_simps msetprod_singleton msetprod_Un prime_gt_1_nat less_1_mult del: One_nat_def) lemma factor_exists: "Suc 0 < n \ (\ps. all_prime ps \ (\m::nat \# mset ps. m) = n)" proof (induct n rule: nat_wf_ind) case (1 n) - from `Suc 0 < n` + from \Suc 0 < n\ have "(\m k. Suc 0 < m \ Suc 0 < k \ m < n \ k < n \ n = m * k) \ prime n" by (rule not_prime_ex_mk) then show ?case @@ -175,7 +175,7 @@ from kn and k have "\ps. all_prime ps \ (\m::nat \# mset ps. m) = k" by (rule 1) then obtain ps2 where "all_prime ps2" and prod_ps2_k: "(\m::nat \# mset ps2. m) = k" by iprover - from `all_prime ps1` `all_prime ps2` + from \all_prime ps1\ \all_prime ps2\ have "\ps. all_prime ps \ (\m::nat \# mset ps. m) = (\m::nat \# mset ps1. m) * (\m::nat \# mset ps2. m)" by (rule split_all_prime) @@ -198,15 +198,15 @@ with N have "ps \ []" by (auto simp add: all_prime_nempty_g_one msetprod_empty) then obtain p qs where ps: "ps = p # qs" by (cases ps) simp - with `all_prime ps` have "prime p" by (simp add: all_prime_simps) - moreover from `all_prime ps` ps prod_ps + with \all_prime ps\ have "prime p" by (simp add: all_prime_simps) + moreover from \all_prime ps\ ps prod_ps have "p dvd n" by (simp only: dvd_prod) ultimately show ?thesis by iprover qed -text {* +text \ Euclid's theorem: there are infinitely many primes. -*} +\ lemma Euclid: "\p::nat. prime p \ n < p" proof - @@ -218,7 +218,7 @@ have "\ p \ n" proof assume pn: "p \ n" - from `prime p` have "0 < p" by (rule prime_gt_0_nat) + from \prime p\ have "0 < p" by (rule prime_gt_0_nat) then have "p dvd fact n" using pn by (rule dvd_factorial) with dvd have "p dvd ?k - fact n" by (rule dvd_diff_nat) then have "p dvd 1" by simp @@ -231,12 +231,12 @@ extract Euclid -text {* +text \ The program extracted from the proof of Euclid's theorem looks as follows. @{thm [display] Euclid_def} The program corresponding to the proof of the factorization theorem is @{thm [display] factor_exists_def} -*} +\ instantiation nat :: default begin diff -r a63a11b09335 -r 2461779da2b8 src/HOL/Proofs/Extraction/Greatest_Common_Divisor.thy --- a/src/HOL/Proofs/Extraction/Greatest_Common_Divisor.thy Wed Dec 30 18:24:36 2015 +0100 +++ b/src/HOL/Proofs/Extraction/Greatest_Common_Divisor.thy Wed Dec 30 18:25:39 2015 +0100 @@ -3,7 +3,7 @@ Author: Helmut Schwichtenberg, LMU Muenchen *) -section {* Greatest common divisor *} +section \Greatest common divisor\ theory Greatest_Common_Divisor imports QuotRem @@ -55,10 +55,10 @@ extract greatest_common_divisor -text {* +text \ The extracted program for computing the greatest common divisor is @{thm [display] greatest_common_divisor_def} -*} +\ instantiation nat :: default begin diff -r a63a11b09335 -r 2461779da2b8 src/HOL/Proofs/Extraction/Higman.thy --- a/src/HOL/Proofs/Extraction/Higman.thy Wed Dec 30 18:24:36 2015 +0100 +++ b/src/HOL/Proofs/Extraction/Higman.thy Wed Dec 30 18:25:39 2015 +0100 @@ -3,16 +3,16 @@ Author: Monika Seisenberger, LMU Muenchen *) -section {* Higman's lemma *} +section \Higman's lemma\ theory Higman imports Old_Datatype begin -text {* +text \ Formalization by Stefan Berghofer and Monika Seisenberger, based on Coquand and Fridlender @{cite Coquand93}. -*} +\ datatype letter = A | B @@ -279,9 +279,9 @@ thus ?case by (rule bar2) qed -text {* +text \ Strong version: yields indices of words that can be embedded into each other. -*} +\ theorem higman_idx: "\(i::nat) j. emb (f i) (f j) \ i < j" proof (rule bar_idx) @@ -289,10 +289,10 @@ show "is_prefix [] f" by simp qed -text {* +text \ Weak version: only yield sequence containing words that can be embedded into each other. -*} +\ theorem good_prefix_lemma: assumes bar: "bar ws" diff -r a63a11b09335 -r 2461779da2b8 src/HOL/Proofs/Extraction/Higman_Extraction.thy --- a/src/HOL/Proofs/Extraction/Higman_Extraction.thy Wed Dec 30 18:24:36 2015 +0100 +++ b/src/HOL/Proofs/Extraction/Higman_Extraction.thy Wed Dec 30 18:25:39 2015 +0100 @@ -9,7 +9,7 @@ begin (*>*) -subsection {* Extracting the program *} +subsection \Extracting the program\ declare R.induct [ind_realizer] declare T.induct [ind_realizer] @@ -19,23 +19,23 @@ extract higman_idx -text {* - Program extracted from the proof of @{text higman_idx}: +text \ + Program extracted from the proof of \higman_idx\: @{thm [display] higman_idx_def [no_vars]} Corresponding correctness theorem: @{thm [display] higman_idx_correctness [no_vars]} - Program extracted from the proof of @{text higman}: + Program extracted from the proof of \higman\: @{thm [display] higman_def [no_vars]} - Program extracted from the proof of @{text prop1}: + Program extracted from the proof of \prop1\: @{thm [display] prop1_def [no_vars]} - Program extracted from the proof of @{text prop2}: + Program extracted from the proof of \prop2\: @{thm [display] prop2_def [no_vars]} - Program extracted from the proof of @{text prop3}: + Program extracted from the proof of \prop3\: @{thm [display] prop3_def [no_vars]} -*} +\ -subsection {* Some examples *} +subsection \Some examples\ instantiation LT and TT :: default begin @@ -88,7 +88,7 @@ | "f2 (Suc (Suc 0)) = [B, A]" | "f2 _ = []" -ML_val {* +ML_val \ local val higman_idx = @{code higman_idx}; val g1 = @{code g1}; @@ -105,6 +105,6 @@ val (i4, j4) = higman_idx f2; val (v4, w4) = (f2 i4, f2 j4); end; -*} +\ end diff -r a63a11b09335 -r 2461779da2b8 src/HOL/Proofs/Extraction/Pigeonhole.thy --- a/src/HOL/Proofs/Extraction/Pigeonhole.thy Wed Dec 30 18:24:36 2015 +0100 +++ b/src/HOL/Proofs/Extraction/Pigeonhole.thy Wed Dec 30 18:25:39 2015 +0100 @@ -2,20 +2,20 @@ Author: Stefan Berghofer, TU Muenchen *) -section {* The pigeonhole principle *} +section \The pigeonhole principle\ theory Pigeonhole imports Util "~~/src/HOL/Library/Code_Target_Numeral" begin -text {* +text \ We formalize two proofs of the pigeonhole principle, which lead to extracted programs of quite different complexity. The original formalization of these proofs in {\sc Nuprl} is due to Aleksey Nogin @{cite "Nogin-ENTCS-2000"}. This proof yields a polynomial program. -*} +\ theorem pigeonhole: "\f. (\i. i \ Suc n \ f i \ n) \ \i j. i \ Suc n \ j < i \ f i = f j" @@ -131,10 +131,10 @@ show ?case by (rule r) simp_all qed -text {* +text \ The following proof, although quite elegant from a mathematical point of view, leads to an exponential program: -*} +\ theorem pigeonhole_slow: "\f. (\i. i \ Suc n \ f i \ n) \ \i j. i \ Suc n \ j < i \ f i = f j" @@ -205,7 +205,7 @@ extract pigeonhole pigeonhole_slow -text {* +text \ The programs extracted from the above proofs look as follows: @{thm [display] pigeonhole_def} @{thm [display] pigeonhole_slow_def} @@ -216,7 +216,7 @@ In order to analyze the speed of the above programs, we generate ML code from them. -*} +\ instantiation nat :: default begin diff -r a63a11b09335 -r 2461779da2b8 src/HOL/Proofs/Extraction/QuotRem.thy --- a/src/HOL/Proofs/Extraction/QuotRem.thy Wed Dec 30 18:24:36 2015 +0100 +++ b/src/HOL/Proofs/Extraction/QuotRem.thy Wed Dec 30 18:25:39 2015 +0100 @@ -2,13 +2,13 @@ Author: Stefan Berghofer, TU Muenchen *) -section {* Quotient and remainder *} +section \Quotient and remainder\ theory QuotRem imports Util begin -text {* Derivation of quotient and remainder using program extraction. *} +text \Derivation of quotient and remainder using program extraction.\ theorem division: "\r q. a = Suc b * q + r \ r \ b" proof (induct a) @@ -25,7 +25,7 @@ thus ?case by iprover next assume "r \ b" - with `r \ b` have "r < b" by (simp add: order_less_le) + with \r \ b\ have "r < b" by (simp add: order_less_le) with I have "Suc a = Suc b * q + (Suc r) \ (Suc r) \ b" by simp thus ?case by iprover qed @@ -33,12 +33,12 @@ extract division -text {* +text \ The program extracted from the above proof looks as follows @{thm [display] division_def [no_vars]} The corresponding correctness theorem is @{thm [display] division_correctness [no_vars]} -*} +\ lemma "division 9 2 = (0, 3)" by eval diff -r a63a11b09335 -r 2461779da2b8 src/HOL/Proofs/Extraction/Util.thy --- a/src/HOL/Proofs/Extraction/Util.thy Wed Dec 30 18:24:36 2015 +0100 +++ b/src/HOL/Proofs/Extraction/Util.thy Wed Dec 30 18:25:39 2015 +0100 @@ -2,15 +2,15 @@ Author: Stefan Berghofer, TU Muenchen *) -section {* Auxiliary lemmas used in program extraction examples *} +section \Auxiliary lemmas used in program extraction examples\ theory Util imports "~~/src/HOL/Library/Old_Datatype" begin -text {* +text \ Decidability of equality on natural numbers. -*} +\ lemma nat_eq_dec: "\n::nat. m = n \ m \ n" apply (induct m) @@ -19,10 +19,10 @@ apply (simp only: nat.simps, iprover?)+ done -text {* +text \ Well-founded induction on natural numbers, derived using the standard structural induction rule. -*} +\ lemma nat_wf_ind: assumes R: "\x::nat. (\y. y < x \ P y) \ P x" @@ -48,9 +48,9 @@ qed qed -text {* +text \ Bounded search for a natural number satisfying a decidable predicate. -*} +\ lemma search: assumes dec: "\x::nat. P x \ \ P x" diff -r a63a11b09335 -r 2461779da2b8 src/HOL/Proofs/Extraction/Warshall.thy --- a/src/HOL/Proofs/Extraction/Warshall.thy Wed Dec 30 18:24:36 2015 +0100 +++ b/src/HOL/Proofs/Extraction/Warshall.thy Wed Dec 30 18:25:39 2015 +0100 @@ -2,16 +2,16 @@ Author: Stefan Berghofer, TU Muenchen *) -section {* Warshall's algorithm *} +section \Warshall's algorithm\ theory Warshall imports Old_Datatype begin -text {* +text \ Derivation of Warshall's algorithm using program extraction, based on Berger, Schwichtenberg and Seisenberger @{cite "Berger-JAR-2001"}. -*} +\ datatype b = T | F @@ -251,12 +251,12 @@ extract warshall -text {* +text \ The program extracted from the above proof looks as follows @{thm [display, eta_contract=false] warshall_def [no_vars]} The corresponding correctness theorem is @{thm [display] warshall_correctness [no_vars]} -*} +\ ML_val "@{code warshall}" diff -r a63a11b09335 -r 2461779da2b8 src/HOL/Proofs/Lambda/Commutation.thy --- a/src/HOL/Proofs/Lambda/Commutation.thy Wed Dec 30 18:24:36 2015 +0100 +++ b/src/HOL/Proofs/Lambda/Commutation.thy Wed Dec 30 18:25:39 2015 +0100 @@ -3,7 +3,7 @@ Copyright 1995 TU Muenchen *) -section {* Abstract commutation and confluence notions *} +section \Abstract commutation and confluence notions\ theory Commutation imports Main @@ -12,7 +12,7 @@ declare [[syntax_ambiguity_warning = false]] -subsection {* Basic definitions *} +subsection \Basic definitions\ definition square :: "['a => 'a => bool, 'a => 'a => bool, 'a => 'a => bool, 'a => 'a => bool] => bool" where @@ -37,9 +37,9 @@ "confluent R == diamond (R^**)" -subsection {* Basic lemmas *} +subsection \Basic lemmas\ -subsubsection {* @{text "square"} *} +subsubsection \\square\\ lemma square_sym: "square R S T U ==> square S R U T" apply (unfold square_def) @@ -74,7 +74,7 @@ done -subsubsection {* @{text "commute"} *} +subsubsection \\commute\\ lemma commute_sym: "commute R S ==> commute S R" apply (unfold commute_def) @@ -93,7 +93,7 @@ done -subsubsection {* @{text "diamond"}, @{text "confluence"}, and @{text "union"} *} +subsubsection \\diamond\, \confluence\, and \union\\ lemma diamond_Un: "[| diamond R; diamond S; commute R S |] ==> diamond (sup R S)" @@ -125,25 +125,25 @@ done -subsection {* Church-Rosser *} +subsection \Church-Rosser\ lemma Church_Rosser_confluent: "Church_Rosser R = confluent R" apply (unfold square_def commute_def diamond_def Church_Rosser_def) - apply (tactic {* safe_tac (put_claset HOL_cs @{context}) *}) - apply (tactic {* + apply (tactic \safe_tac (put_claset HOL_cs @{context})\) + apply (tactic \ blast_tac (put_claset HOL_cs @{context} addIs [@{thm sup_ge2} RS @{thm rtranclp_mono} RS @{thm predicate2D} RS @{thm rtranclp_trans}, @{thm rtranclp_converseI}, @{thm conversepI}, - @{thm sup_ge1} RS @{thm rtranclp_mono} RS @{thm predicate2D}]) 1 *}) + @{thm sup_ge1} RS @{thm rtranclp_mono} RS @{thm predicate2D}]) 1\) apply (erule rtranclp_induct) apply blast apply (blast del: rtranclp.rtrancl_refl intro: rtranclp_trans) done -subsection {* Newman's lemma *} +subsection \Newman's lemma\ -text {* Proof by Stefan Berghofer *} +text \Proof by Stefan Berghofer\ theorem newman: assumes wf: "wfP (R\\)" @@ -189,12 +189,12 @@ qed qed -text {* +text \ Alternative version. Partly automated by Tobias Nipkow. Takes 2 minutes (2002). - This is the maximal amount of automation possible using @{text blast}. -*} + This is the maximal amount of automation possible using \blast\. +\ theorem newman': assumes wf: "wfP (R\\)" @@ -205,8 +205,8 @@ using wf proof induct case (less x b c) - note IH = `\y b c. \R\\ y x; R\<^sup>*\<^sup>* y b; R\<^sup>*\<^sup>* y c\ - \ \d. R\<^sup>*\<^sup>* b d \ R\<^sup>*\<^sup>* c d` + note IH = \\y b c. \R\\ y x; R\<^sup>*\<^sup>* y b; R\<^sup>*\<^sup>* y c\ + \ \d. R\<^sup>*\<^sup>* b d \ R\<^sup>*\<^sup>* c d\ have xc: "R\<^sup>*\<^sup>* x c" by fact have xb: "R\<^sup>*\<^sup>* x b" by fact thus ?case @@ -237,10 +237,10 @@ qed qed -text {* +text \ Using the coherent logic prover, the proof of the induction step is completely automatic. -*} +\ lemma eq_imp_rtranclp: "x = y \ r\<^sup>*\<^sup>* x y" by simp @@ -254,11 +254,11 @@ using wf proof induct case (less x b c) - note IH = `\y b c. \R\\ y x; R\<^sup>*\<^sup>* y b; R\<^sup>*\<^sup>* y c\ - \ \d. R\<^sup>*\<^sup>* b d \ R\<^sup>*\<^sup>* c d` + note IH = \\y b c. \R\\ y x; R\<^sup>*\<^sup>* y b; R\<^sup>*\<^sup>* y c\ + \ \d. R\<^sup>*\<^sup>* b d \ R\<^sup>*\<^sup>* c d\ show ?case by (coherent - `R\<^sup>*\<^sup>* x c` `R\<^sup>*\<^sup>* x b` + \R\<^sup>*\<^sup>* x c\ \R\<^sup>*\<^sup>* x b\ refl [where 'a='a] sym eq_imp_rtranclp r_into_rtranclp [of R] diff -r a63a11b09335 -r 2461779da2b8 src/HOL/Proofs/Lambda/Eta.thy --- a/src/HOL/Proofs/Lambda/Eta.thy Wed Dec 30 18:24:36 2015 +0100 +++ b/src/HOL/Proofs/Lambda/Eta.thy Wed Dec 30 18:25:39 2015 +0100 @@ -3,12 +3,12 @@ Copyright 1995, 2005 TU Muenchen *) -section {* Eta-reduction *} +section \Eta-reduction\ theory Eta imports ParRed begin -subsection {* Definition of eta-reduction and relatives *} +subsection \Definition of eta-reduction and relatives\ primrec free :: "dB => nat => bool" @@ -39,7 +39,7 @@ "Var i \\<^sub>\ t" -subsection {* Properties of @{text "eta"}, @{text "subst"} and @{text "free"} *} +subsection \Properties of \eta\, \subst\ and \free\\ lemma subst_not_free [simp]: "\ free s i \ s[t/i] = s[u/i]" by (induct s arbitrary: i t u) (simp_all add: subst_Var) @@ -77,7 +77,7 @@ by (induct s arbitrary: i dummy) simp_all -subsection {* Confluence of @{text "eta"} *} +subsection \Confluence of \eta\\ lemma square_eta: "square eta eta (eta^==) (eta^==)" apply (unfold square_def id_def) @@ -95,7 +95,7 @@ done -subsection {* Congruence rules for @{text "eta\<^sup>*"} *} +subsection \Congruence rules for \eta\<^sup>*\\ lemma rtrancl_eta_Abs: "s \\<^sub>\\<^sup>* s' ==> Abs s \\<^sub>\\<^sup>* Abs s'" by (induct set: rtranclp) @@ -113,7 +113,7 @@ by (blast intro!: rtrancl_eta_AppL rtrancl_eta_AppR intro: rtranclp_trans) -subsection {* Commutation of @{text "beta"} and @{text "eta"} *} +subsection \Commutation of \beta\ and \eta\\ lemma free_beta: "s \\<^sub>\ t ==> free t i \ free s i" @@ -167,9 +167,9 @@ done -subsection {* Implicit definition of @{text "eta"} *} +subsection \Implicit definition of \eta\\ -text {* @{term "Abs (lift s 0 \ Var 0) \\<^sub>\ s"} *} +text \@{term "Abs (lift s 0 \ Var 0) \\<^sub>\ s"}\ lemma not_free_iff_lifted: "(\ free s i) = (\t. s = lift t i)" @@ -226,13 +226,13 @@ by (auto simp add: not_free_iff_lifted) -subsection {* Eta-postponement theorem *} +subsection \Eta-postponement theorem\ -text {* +text \ Based on a paper proof due to Andreas Abel. Unlike the proof by Masako Takahashi @{cite "Takahashi-IandC"}, it does not use parallel eta reduction, which only seems to complicate matters unnecessarily. -*} +\ theorem eta_case: fixes s :: dB @@ -260,17 +260,17 @@ next case (abs s' t) note abs' = this - from `s \\<^sub>\ Abs s'` show ?case + from \s \\<^sub>\ Abs s'\ show ?case proof cases case (eta s'' dummy) from abs have "Abs s' => Abs t" by simp with eta have "s''[dummy/0] => Abs t" by simp - with `\ free s'' 0` have "\t'. Abs (s'' \ Var 0) => t' \ t' \\<^sub>\\<^sup>* Abs t" + with \\ free s'' 0\ have "\t'. Abs (s'' \ Var 0) => t' \ t' \\<^sub>\\<^sup>* Abs t" by (rule eta_case) with eta show ?thesis by simp next case (abs r) - from `r \\<^sub>\ s'` + from \r \\<^sub>\ s'\ obtain t' where r: "r => t'" and t': "t' \\<^sub>\\<^sup>* t" by (iprover dest: abs') from r have "Abs r => Abs t'" .. moreover from t' have "Abs t' \\<^sub>\\<^sup>* Abs t" by (rule rtrancl_eta_Abs) @@ -278,24 +278,24 @@ qed next case (app u u' t t') - from `s \\<^sub>\ u \ t` show ?case + from \s \\<^sub>\ u \ t\ show ?case proof cases case (eta s' dummy) from app have "u \ t => u' \ t'" by simp with eta have "s'[dummy/0] => u' \ t'" by simp - with `\ free s' 0` have "\r. Abs (s' \ Var 0) => r \ r \\<^sub>\\<^sup>* u' \ t'" + with \\ free s' 0\ have "\r. Abs (s' \ Var 0) => r \ r \\<^sub>\\<^sup>* u' \ t'" by (rule eta_case) with eta show ?thesis by simp next case (appL s') - from `s' \\<^sub>\ u` + from \s' \\<^sub>\ u\ obtain r where s': "s' => r" and r: "r \\<^sub>\\<^sup>* u'" by (iprover dest: app) from s' and app have "s' \ t => r \ t'" by simp moreover from r have "r \ t' \\<^sub>\\<^sup>* u' \ t'" by (simp add: rtrancl_eta_AppL) ultimately show ?thesis using appL by simp iprover next case (appR s') - from `s' \\<^sub>\ t` + from \s' \\<^sub>\ t\ obtain r where s': "s' => r" and r: "r \\<^sub>\\<^sup>* t'" by (iprover dest: app) from s' and app have "u \ s' => u' \ r" by simp moreover from r have "u' \ r \\<^sub>\\<^sup>* u' \ t'" by (simp add: rtrancl_eta_AppR) @@ -303,17 +303,17 @@ qed next case (beta u u' t t') - from `s \\<^sub>\ Abs u \ t` show ?case + from \s \\<^sub>\ Abs u \ t\ show ?case proof cases case (eta s' dummy) from beta have "Abs u \ t => u'[t'/0]" by simp with eta have "s'[dummy/0] => u'[t'/0]" by simp - with `\ free s' 0` have "\r. Abs (s' \ Var 0) => r \ r \\<^sub>\\<^sup>* u'[t'/0]" + with \\ free s' 0\ have "\r. Abs (s' \ Var 0) => r \ r \\<^sub>\\<^sup>* u'[t'/0]" by (rule eta_case) with eta show ?thesis by simp next case (appL s') - from `s' \\<^sub>\ Abs u` show ?thesis + from \s' \\<^sub>\ Abs u\ show ?thesis proof cases case (eta s'' dummy) have "Abs (lift u 1) = lift (Abs u) 0" by simp @@ -323,12 +323,12 @@ hence "Abs (lift u 1) \ Var 0 => lift u' 1[Var 0/0]" using par_beta.var .. hence "Abs (Abs (lift u 1) \ Var 0) \ t => lift u' 1[Var 0/0][t'/0]" - using `t => t'` .. + using \t => t'\ .. with s have "s => u'[t'/0]" by simp thus ?thesis by iprover next case (abs r) - from `r \\<^sub>\ u` + from \r \\<^sub>\ u\ obtain r'' where r: "r => r''" and r'': "r'' \\<^sub>\\<^sup>* u'" by (iprover dest: beta) from r and beta have "Abs r \ t => r''[t'/0]" by simp moreover from r'' have "r''[t'/0] \\<^sub>\\<^sup>* u'[t'/0]" @@ -337,7 +337,7 @@ qed next case (appR s') - from `s' \\<^sub>\ t` + from \s' \\<^sub>\ t\ obtain r where s': "s' => r" and r: "r \\<^sub>\\<^sup>* t'" by (iprover dest: beta) from s' and beta have "Abs u \ s' => u'[r/0]" by simp moreover from r have "u'[r/0] \\<^sub>\\<^sup>* u'[t'/0]" diff -r a63a11b09335 -r 2461779da2b8 src/HOL/Proofs/Lambda/InductTermi.thy --- a/src/HOL/Proofs/Lambda/InductTermi.thy Wed Dec 30 18:24:36 2015 +0100 +++ b/src/HOL/Proofs/Lambda/InductTermi.thy Wed Dec 30 18:25:39 2015 +0100 @@ -7,11 +7,11 @@ rediscovered by Matthes and Joachimski. *) -section {* Inductive characterization of terminating lambda terms *} +section \Inductive characterization of terminating lambda terms\ theory InductTermi imports ListBeta begin -subsection {* Terminating lambda terms *} +subsection \Terminating lambda terms\ inductive IT :: "dB => bool" where @@ -20,7 +20,7 @@ | Beta [intro]: "IT ((r[s/0]) \\ ss) ==> IT s ==> IT ((Abs r \ s) \\ ss)" -subsection {* Every term in @{text "IT"} terminates *} +subsection \Every term in \IT\ terminates\ lemma double_induction_lemma [rule_format]: "termip beta s ==> \t. termip beta t --> @@ -54,7 +54,7 @@ done -subsection {* Every terminating term is in @{text "IT"} *} +subsection \Every terminating term is in \IT\\ declare Var_apps_neq_Abs_apps [symmetric, simp] diff -r a63a11b09335 -r 2461779da2b8 src/HOL/Proofs/Lambda/Lambda.thy --- a/src/HOL/Proofs/Lambda/Lambda.thy Wed Dec 30 18:24:36 2015 +0100 +++ b/src/HOL/Proofs/Lambda/Lambda.thy Wed Dec 30 18:25:39 2015 +0100 @@ -3,7 +3,7 @@ Copyright 1995 TU Muenchen *) -section {* Basic definitions of Lambda-calculus *} +section \Basic definitions of Lambda-calculus\ theory Lambda imports Main @@ -12,7 +12,7 @@ declare [[syntax_ambiguity_warning = false]] -subsection {* Lambda-terms in de Bruijn notation and substitution *} +subsection \Lambda-terms in de Bruijn notation and substitution\ datatype dB = Var nat @@ -36,7 +36,7 @@ declare subst_Var [simp del] -text {* Optimized versions of @{term subst} and @{term lift}. *} +text \Optimized versions of @{term subst} and @{term lift}.\ primrec liftn :: "[nat, dB, nat] => dB" @@ -54,7 +54,7 @@ | "substn (Abs t) s k = Abs (substn t s (k + 1))" -subsection {* Beta-reduction *} +subsection \Beta-reduction\ inductive beta :: "[dB, dB] => bool" (infixl "\\<^sub>\" 50) where @@ -76,10 +76,10 @@ "s \ t \\<^sub>\ u" declare if_not_P [simp] not_less_eq [simp] - -- {* don't add @{text "r_into_rtrancl[intro!]"} *} + \ \don't add \r_into_rtrancl[intro!]\\ -subsection {* Congruence rules *} +subsection \Congruence rules\ lemma rtrancl_beta_Abs [intro!]: "s \\<^sub>\\<^sup>* s' ==> Abs s \\<^sub>\\<^sup>* Abs s'" @@ -98,7 +98,7 @@ by (blast intro!: rtrancl_beta_AppL rtrancl_beta_AppR intro: rtranclp_trans) -subsection {* Substitution-lemmas *} +subsection \Substitution-lemmas\ lemma subst_eq [simp]: "(Var k)[u/k] = u" by (simp add: subst_Var) @@ -133,7 +133,7 @@ split: nat.split) -subsection {* Equivalence proof for optimized substitution *} +subsection \Equivalence proof for optimized substitution\ lemma liftn_0 [simp]: "liftn 0 t k = t" by (induct t arbitrary: k) (simp_all add: subst_Var) @@ -148,10 +148,10 @@ by simp -subsection {* Preservation theorems *} +subsection \Preservation theorems\ -text {* Not used in Church-Rosser proof, but in Strong - Normalization. \medskip *} +text \Not used in Church-Rosser proof, but in Strong + Normalization. \medskip\ theorem subst_preserves_beta [simp]: "r \\<^sub>\ s ==> r[t/i] \\<^sub>\ s[t/i]" diff -r a63a11b09335 -r 2461779da2b8 src/HOL/Proofs/Lambda/LambdaType.thy --- a/src/HOL/Proofs/Lambda/LambdaType.thy Wed Dec 30 18:24:36 2015 +0100 +++ b/src/HOL/Proofs/Lambda/LambdaType.thy Wed Dec 30 18:25:39 2015 +0100 @@ -3,12 +3,12 @@ Copyright 2000 TU Muenchen *) -section {* Simply-typed lambda terms *} +section \Simply-typed lambda terms\ theory LambdaType imports ListApplication begin -subsection {* Environments *} +subsection \Environments\ definition shift :: "(nat \ 'a) \ nat \ 'a \ nat \ 'a" ("_\_:_\" [90, 0, 0] 91) where @@ -27,7 +27,7 @@ by (rule ext) (simp_all add: shift_def split: nat.split) -subsection {* Types and typing rules *} +subsection \Types and typing rules\ datatype type = Atom nat @@ -69,7 +69,7 @@ funs (infixr "\" 200) -subsection {* Some examples *} +subsection \Some examples\ schematic_goal "e \ Abs (Abs (Abs (Var 1 \ (Var 2 \ Var 1 \ Var 0)))) : ?T" by force @@ -78,7 +78,7 @@ by force -subsection {* Lists of types *} +subsection \Lists of types\ lemma lists_typings: "e \ ts : Ts \ listsp (\t. \T. e \ t : T) ts" @@ -114,8 +114,8 @@ lemma rev_exhaust2 [extraction_expand]: obtains (Nil) "xs = []" | (snoc) ys y where "xs = ys @ [y]" - -- {* Cannot use @{text rev_exhaust} from the @{text List} - theory, since it is not constructive *} + \ \Cannot use \rev_exhaust\ from the \List\ + theory, since it is not constructive\ apply (subgoal_tac "\ys. xs = rev ys \ thesis") apply (erule_tac x="rev xs" in allE) apply simp @@ -135,7 +135,7 @@ done -subsection {* n-ary function types *} +subsection \n-ary function types\ lemma list_app_typeD: "e \ t \\ ts : T \ \Ts. e \ t : Ts \ T \ e \ ts : Ts" @@ -178,12 +178,12 @@ apply blast done -text {* +text \ For the specific case where the head of the term is a variable, the following theorems allow to infer the types of the arguments without analyzing the typing derivation. This is crucial for program extraction. -*} +\ theorem var_app_type_eq: "e \ Var i \\ ts : T \ e \ Var i \\ ts : U \ T = U" @@ -275,7 +275,7 @@ done -subsection {* Lifting preserves well-typedness *} +subsection \Lifting preserves well-typedness\ lemma lift_type [intro!]: "e \ t : T \ e\i:U\ \ lift t i : T" by (induct arbitrary: i U set: typing) auto @@ -289,7 +289,7 @@ done -subsection {* Substitution lemmas *} +subsection \Substitution lemmas\ lemma subst_lemma: "e \ t : T \ e' \ u : U \ e = e'\i:U\ \ e' \ t[u/i] : T" @@ -316,7 +316,7 @@ done -subsection {* Subject reduction *} +subsection \Subject reduction\ lemma subject_reduction: "e \ t : T \ t \\<^sub>\ t' \ e \ t' : T" apply (induct arbitrary: t' set: typing) @@ -338,7 +338,7 @@ by (induct set: rtranclp) (iprover intro: subject_reduction)+ -subsection {* Alternative induction rule for types *} +subsection \Alternative induction rule for types\ lemma type_induct [induct type]: assumes diff -r a63a11b09335 -r 2461779da2b8 src/HOL/Proofs/Lambda/ListApplication.thy --- a/src/HOL/Proofs/Lambda/ListApplication.thy Wed Dec 30 18:24:36 2015 +0100 +++ b/src/HOL/Proofs/Lambda/ListApplication.thy Wed Dec 30 18:25:39 2015 +0100 @@ -3,7 +3,7 @@ Copyright 1998 TU Muenchen *) -section {* Application of a term to a list of terms *} +section \Application of a term to a list of terms\ theory ListApplication imports Lambda begin @@ -93,7 +93,7 @@ by simp -text {* \medskip A customized induction schema for @{text "\\"}. *} +text \\medskip A customized induction schema for \\\\.\ lemma lem: assumes "!!n ts. \t \ set ts. P t ==> P (Var n \\ ts)" diff -r a63a11b09335 -r 2461779da2b8 src/HOL/Proofs/Lambda/ListBeta.thy --- a/src/HOL/Proofs/Lambda/ListBeta.thy Wed Dec 30 18:24:36 2015 +0100 +++ b/src/HOL/Proofs/Lambda/ListBeta.thy Wed Dec 30 18:25:39 2015 +0100 @@ -3,13 +3,13 @@ Copyright 1998 TU Muenchen *) -section {* Lifting beta-reduction to lists *} +section \Lifting beta-reduction to lists\ theory ListBeta imports ListApplication ListOrder begin -text {* +text \ Lifting beta-reduction to lists of terms, reducing exactly one element. -*} +\ abbreviation list_beta :: "dB list => dB list => bool" (infixl "=>" 50) where diff -r a63a11b09335 -r 2461779da2b8 src/HOL/Proofs/Lambda/ListOrder.thy --- a/src/HOL/Proofs/Lambda/ListOrder.thy Wed Dec 30 18:24:36 2015 +0100 +++ b/src/HOL/Proofs/Lambda/ListOrder.thy Wed Dec 30 18:25:39 2015 +0100 @@ -3,7 +3,7 @@ Copyright 1998 TU Muenchen *) -section {* Lifting an order to lists of elements *} +section \Lifting an order to lists of elements\ theory ListOrder imports Main @@ -12,10 +12,10 @@ declare [[syntax_ambiguity_warning = false]] -text {* +text \ Lifting an order to lists of elements, relating exactly one element. -*} +\ definition step1 :: "('a => 'a => bool) => 'a list => 'a list => bool" where diff -r a63a11b09335 -r 2461779da2b8 src/HOL/Proofs/Lambda/NormalForm.thy --- a/src/HOL/Proofs/Lambda/NormalForm.thy Wed Dec 30 18:24:36 2015 +0100 +++ b/src/HOL/Proofs/Lambda/NormalForm.thy Wed Dec 30 18:25:39 2015 +0100 @@ -2,13 +2,13 @@ Author: Stefan Berghofer, TU Muenchen, 2003 *) -section {* Inductive characterization of lambda terms in normal form *} +section \Inductive characterization of lambda terms in normal form\ theory NormalForm imports ListBeta begin -subsection {* Terms in normal form *} +subsection \Terms in normal form\ definition listall :: "('a \ bool) \ 'a list \ bool" where @@ -64,13 +64,13 @@ lemma listall_cong [cong, extraction_expand]: "xs = ys \ listall P xs = listall P ys" - -- {* Currently needed for strange technical reasons *} + \ \Currently needed for strange technical reasons\ by (unfold listall_def) simp -text {* +text \ @{term "listsp"} is equivalent to @{term "listall"}, but cannot be used for program extraction. -*} +\ lemma listall_listsp_eq: "listall P xs = listsp P xs" by (induct xs) (auto intro: listsp.intros) @@ -100,7 +100,7 @@ by cases simp_all -subsection {* Properties of @{text NF} *} +subsection \Properties of \NF\\ lemma Var_NF: "NF (Var n)" apply (subgoal_tac "NF (Var n \\ [])") @@ -146,7 +146,7 @@ lemma app_Var_NF: "NF t \ \t'. t \ Var i \\<^sub>\\<^sup>* t' \ NF t'" apply (induct set: NF) - apply (simplesubst app_last) --{*Using @{text subst} makes extraction fail*} + apply (simplesubst app_last) \\Using \subst\ makes extraction fail\ apply (rule exI) apply (rule conjI) apply (rule rtranclp.rtrancl_refl) @@ -185,9 +185,9 @@ apply simp done -text {* +text \ @{term NF} characterizes exactly the terms that are in normal form. -*} +\ lemma NF_eq: "NF t = (\t'. \ t \\<^sub>\ t')" proof diff -r a63a11b09335 -r 2461779da2b8 src/HOL/Proofs/Lambda/ParRed.thy --- a/src/HOL/Proofs/Lambda/ParRed.thy Wed Dec 30 18:24:36 2015 +0100 +++ b/src/HOL/Proofs/Lambda/ParRed.thy Wed Dec 30 18:25:39 2015 +0100 @@ -6,12 +6,12 @@ confluence of beta. *) -section {* Parallel reduction and a complete developments *} +section \Parallel reduction and a complete developments\ theory ParRed imports Lambda Commutation begin -subsection {* Parallel reduction *} +subsection \Parallel reduction\ inductive par_beta :: "[dB, dB] => bool" (infixl "=>" 50) where @@ -28,9 +28,9 @@ "Abs s => t" -subsection {* Inclusions *} +subsection \Inclusions\ -text {* @{text "beta \ par_beta \ beta^*"} \medskip *} +text \\beta \ par_beta \ beta^*\ \medskip\ lemma par_beta_varL [simp]: "(Var n => t) = (t = Var n)" @@ -50,11 +50,11 @@ apply (erule par_beta.induct) apply blast apply (blast del: rtranclp.rtrancl_refl intro: rtranclp.rtrancl_into_rtrancl)+ - -- {* @{thm[source] rtrancl_refl} complicates the proof by increasing the branching factor *} + \ \@{thm[source] rtrancl_refl} complicates the proof by increasing the branching factor\ done -subsection {* Misc properties of @{text "par_beta"} *} +subsection \Misc properties of \par_beta\\ lemma par_beta_lift [simp]: "t => t' \ lift t n => lift t' n" @@ -72,7 +72,7 @@ done -subsection {* Confluence (directly) *} +subsection \Confluence (directly)\ lemma diamond_par_beta: "diamond par_beta" apply (unfold diamond_def commute_def square_def) @@ -82,7 +82,7 @@ done -subsection {* Complete developments *} +subsection \Complete developments\ fun cd :: "dB => dB" @@ -100,7 +100,7 @@ done -subsection {* Confluence (via complete developments) *} +subsection \Confluence (via complete developments)\ lemma diamond_par_beta2: "diamond par_beta" apply (unfold diamond_def commute_def square_def) diff -r a63a11b09335 -r 2461779da2b8 src/HOL/Proofs/Lambda/Standardization.thy --- a/src/HOL/Proofs/Lambda/Standardization.thy Wed Dec 30 18:24:36 2015 +0100 +++ b/src/HOL/Proofs/Lambda/Standardization.thy Wed Dec 30 18:25:39 2015 +0100 @@ -3,19 +3,19 @@ Copyright 2005 TU Muenchen *) -section {* Standardization *} +section \Standardization\ theory Standardization imports NormalForm begin -text {* +text \ Based on lecture notes by Ralph Matthes @{cite "Matthes-ESSLLI2000"}, original proof idea due to Ralph Loader @{cite Loader1998}. -*} +\ -subsection {* Standard reduction relation *} +subsection \Standard reduction relation\ declare listrel_mono [mono_set] @@ -63,7 +63,7 @@ from Abs(3) have "ss [\\<^sub>s] ss'" by (rule listrelp_conj1) moreover have "[s] [\\<^sub>s] [s']" by (iprover intro: s listrelp.intros) ultimately have "ss @ [s] [\\<^sub>s] ss' @ [s']" by (rule listrelp_app) - with `r \\<^sub>s r'` have "Abs r \\ (ss @ [s]) \\<^sub>s Abs r' \\ (ss' @ [s'])" + with \r \\<^sub>s r'\ have "Abs r \\ (ss @ [s]) \\<^sub>s Abs r' \\ (ss' @ [s'])" by (rule sred.Abs) thus ?case by (simp only: app_last) next @@ -199,7 +199,7 @@ with r'' show ?case by simp next case (Abs r r' ss ss') - from `Abs r' \\ ss' \\<^sub>\ r''` show ?case + from \Abs r' \\ ss' \\<^sub>\ r''\ show ?case proof fix s assume r'': "r'' = s \\ ss'" @@ -213,7 +213,7 @@ fix rs' assume "ss' => rs'" with Abs(3) have "ss [\\<^sub>s] rs'" by (rule lemma4_aux) - with `r \\<^sub>s r'` have "Abs r \\ ss \\<^sub>s Abs r' \\ rs'" by (rule sred.Abs) + with \r \\<^sub>s r'\ have "Abs r \\ ss \\<^sub>s Abs r' \\ rs'" by (rule sred.Abs) moreover assume "r'' = Abs r' \\ rs'" ultimately show "Abs r \\ ss \\<^sub>s r''" by simp next @@ -240,7 +240,7 @@ by induct (iprover intro: refl_sred lemma4)+ -subsection {* Leftmost reduction and weakly normalizing terms *} +subsection \Leftmost reduction and weakly normalizing terms\ inductive lred :: "dB \ dB \ bool" (infixl "\\<^sub>l" 50) @@ -261,13 +261,13 @@ then show ?case by (rule sred.Var) next case (Abs r r') - from `r \\<^sub>s r'` + from \r \\<^sub>s r'\ have "Abs r \\ [] \\<^sub>s Abs r' \\ []" using listrelp.Nil by (rule sred.Abs) then show ?case by simp next case (Beta r s ss t) - from `r[s/0] \\ ss \\<^sub>s t` + from \r[s/0] \\ ss \\<^sub>s t\ show ?case by (rule sred.Beta) qed @@ -310,7 +310,7 @@ shows "NF r' \ r \\<^sub>l r'" using r proof induct case (Var rs rs' x) - from `NF (Var x \\ rs')` have "listall NF rs'" + from \NF (Var x \\ rs')\ have "listall NF rs'" by cases simp_all with Var(1) have "rs [\\<^sub>l] rs'" proof induct @@ -324,7 +324,7 @@ thus ?case by (rule lred.Var) next case (Abs r r' ss ss') - from `NF (Abs r' \\ ss')` + from \NF (Abs r' \\ ss')\ have ss': "ss' = []" by (rule Abs_NF) from Abs(3) have ss: "ss = []" using ss' by cases simp_all diff -r a63a11b09335 -r 2461779da2b8 src/HOL/Proofs/Lambda/StrongNorm.thy --- a/src/HOL/Proofs/Lambda/StrongNorm.thy Wed Dec 30 18:24:36 2015 +0100 +++ b/src/HOL/Proofs/Lambda/StrongNorm.thy Wed Dec 30 18:25:39 2015 +0100 @@ -3,17 +3,17 @@ Copyright 2000 TU Muenchen *) -section {* Strong normalization for simply-typed lambda calculus *} +section \Strong normalization for simply-typed lambda calculus\ theory StrongNorm imports LambdaType InductTermi begin -text {* +text \ Formalization by Stefan Berghofer. Partly based on a paper proof by Felix Joachimski and Ralph Matthes @{cite "Matthes-Joachimski-AML"}. -*} +\ -subsection {* Properties of @{text IT} *} +subsection \Properties of \IT\\ lemma lift_IT [intro!]: "IT t \ IT (lift t i)" apply (induct arbitrary: i set: IT) @@ -36,7 +36,7 @@ lemma subst_Var_IT: "IT r \ IT (r[Var i/j])" apply (induct arbitrary: i j set: IT) - txt {* Case @{term Var}: *} + txt \Case @{term Var}:\ apply (simp (no_asm) add: subst_Var) apply ((rule conjI impI)+, @@ -47,12 +47,12 @@ rule listsp.Cons, fast, assumption)+ - txt {* Case @{term Lambda}: *} + txt \Case @{term Lambda}:\ apply atomize apply simp apply (rule IT.Lambda) apply fast - txt {* Case @{term Beta}: *} + txt \Case @{term Beta}:\ apply atomize apply (simp (no_asm_use) add: subst_subst [symmetric]) apply (rule IT.Beta) @@ -85,7 +85,7 @@ done -subsection {* Well-typed substitution preserves termination *} +subsection \Well-typed substitution preserves termination\ lemma subst_type_IT: "\t e T u i. IT t \ e\i:U\ \ t : T \ @@ -241,7 +241,7 @@ qed -subsection {* Well-typed terms are strongly normalizing *} +subsection \Well-typed terms are strongly normalizing\ lemma type_implies_IT: assumes "e \ t : T" @@ -257,7 +257,7 @@ case (App e s T U t) have "IT ((Var 0 \ lift t 0)[s/0])" proof (rule subst_type_IT) - have "IT (lift t 0)" using `IT t` by (rule lift_IT) + have "IT (lift t 0)" using \IT t\ by (rule lift_IT) hence "listsp IT [lift t 0]" by (rule listsp.Cons) (rule listsp.Nil) hence "IT (Var 0 \\ [lift t 0])" by (rule IT.Var) also have "Var 0 \\ [lift t 0] = Var 0 \ lift t 0" by simp diff -r a63a11b09335 -r 2461779da2b8 src/HOL/Proofs/Lambda/WeakNorm.thy --- a/src/HOL/Proofs/Lambda/WeakNorm.thy Wed Dec 30 18:24:36 2015 +0100 +++ b/src/HOL/Proofs/Lambda/WeakNorm.thy Wed Dec 30 18:25:39 2015 +0100 @@ -3,20 +3,20 @@ Copyright 2003 TU Muenchen *) -section {* Weak normalization for simply-typed lambda calculus *} +section \Weak normalization for simply-typed lambda calculus\ theory WeakNorm imports LambdaType NormalForm "~~/src/HOL/Library/Old_Datatype" "~~/src/HOL/Library/Code_Target_Int" begin -text {* +text \ Formalization by Stefan Berghofer. Partly based on a paper proof by Felix Joachimski and Ralph Matthes @{cite "Matthes-Joachimski-AML"}. -*} +\ -subsection {* Main theorems *} +subsection \Main theorems\ lemma norm_list: assumes f_compat: "\t t'. t \\<^sub>\\<^sup>* t' \ f t \\<^sub>\\<^sup>* f t'" @@ -191,7 +191,7 @@ case (Abs r e1 T'1 u1 i1) assume absT: "e\i:T\ \ Abs r : T'" then obtain R S where "e\0:R\\Suc i:T\ \ r : S" by (rule abs_typeE) simp - moreover have "NF (lift u 0)" using `NF u` by (rule lift_NF) + moreover have "NF (lift u 0)" using \NF u\ by (rule lift_NF) moreover have "e\0:R\ \ lift u 0 : T" using uT by (rule lift_type) ultimately have "\t'. r[lift u 0/Suc i] \\<^sub>\\<^sup>* t' \ NF t'" by (rule Abs) thus "\t'. Abs r[u/i] \\<^sub>\\<^sup>* t' \ NF t'" @@ -201,7 +201,7 @@ qed --- {* A computationally relevant copy of @{term "e \ t : T"} *} +\ \A computationally relevant copy of @{term "e \ t : T"}\ inductive rtyping :: "(nat \ type) \ dB \ type \ bool" ("_ \\<^sub>R _ : _" [50, 50, 50] 50) where Var: "e x = T \ e \\<^sub>R Var x : T" @@ -257,7 +257,7 @@ qed -subsection {* Extracting the program *} +subsection \Extracting the program\ declare NF.induct [ind_realizer] declare rtranclp.induct [ind_realizer irrelevant] @@ -285,12 +285,12 @@ apply (erule NF.intros) done -text_raw {* +text_raw \ \begin{figure} \renewcommand{\isastyle}{\scriptsize\it}% @{thm [display,eta_contract=false,margin=100] subst_type_NF_def} \renewcommand{\isastyle}{\small\it}% -\caption{Program extracted from @{text subst_type_NF}} +\caption{Program extracted from \subst_type_NF\} \label{fig:extr-subst-type-nf} \end{figure} @@ -304,33 +304,33 @@ \caption{Program extracted from lemmas and main theorem} \label{fig:extr-type-nf} \end{figure} -*} +\ -text {* +text \ The program corresponding to the proof of the central lemma, which performs substitution and normalization, is shown in Figure \ref{fig:extr-subst-type-nf}. The correctness -theorem corresponding to the program @{text "subst_type_NF"} is +theorem corresponding to the program \subst_type_NF\ is @{thm [display,margin=100] subst_type_NF_correctness [simplified rtranclR_rtrancl_eq Collect_mem_eq, no_vars]} -where @{text NFR} is the realizability predicate corresponding to -the datatype @{text NFT}, which is inductively defined by the rules +where \NFR\ is the realizability predicate corresponding to +the datatype \NFT\, which is inductively defined by the rules \pagebreak @{thm [display,margin=90] NFR.App [of ts nfs x] NFR.Abs [of nf t]} -The programs corresponding to the main theorem @{text "type_NF"}, as +The programs corresponding to the main theorem \type_NF\, as well as to some lemmas, are shown in Figure \ref{fig:extr-type-nf}. -The correctness statement for the main function @{text "type_NF"} is +The correctness statement for the main function \type_NF\ is @{thm [display,margin=100] type_NF_correctness [simplified rtranclR_rtrancl_eq Collect_mem_eq, no_vars]} -where the realizability predicate @{text "rtypingR"} corresponding to the +where the realizability predicate \rtypingR\ corresponding to the computationally relevant version of the typing judgement is inductively defined by the rules @{thm [display,margin=100] rtypingR.Var [no_vars] rtypingR.Abs [of ty, no_vars] rtypingR.App [of ty e s T U ty' t]} -*} +\ -subsection {* Generating executable code *} +subsection \Generating executable code\ instantiation NFT :: default begin @@ -380,14 +380,14 @@ definition int_of_nat :: "nat \ int" where "int_of_nat = of_nat" -text {* +text \ The following functions convert between Isabelle's built-in {\tt term} datatype and the generated {\tt dB} datatype. This allows to generate example terms using Isabelle's parser and inspect normalized terms using Isabelle's pretty printer. -*} +\ -ML {* +ML \ val nat_of_integer = @{code nat} o @{code int_of_integer}; fun dBtype_of_typ (Type ("fun", [T, U])) = @@ -438,6 +438,6 @@ val ct2 = @{cterm "%f x. (%x. f x x) ((%x. f x x) ((%x. f x x) ((%x. f x x) ((%x. f x x) ((%x. f x x) x)))))"}; val (dB2, _) = @{code type_NF} (typing_of_term [] dummyf (Thm.term_of ct2)); val ct2' = Thm.cterm_of @{context} (term_of_dB [] (Thm.typ_of_cterm ct2) dB2); -*} +\ end diff -r a63a11b09335 -r 2461779da2b8 src/HOL/Proofs/ex/Hilbert_Classical.thy --- a/src/HOL/Proofs/ex/Hilbert_Classical.thy Wed Dec 30 18:24:36 2015 +0100 +++ b/src/HOL/Proofs/ex/Hilbert_Classical.thy Wed Dec 30 18:25:39 2015 +0100 @@ -2,19 +2,19 @@ Author: Stefan Berghofer and Markus Wenzel, TU Muenchen *) -section {* Hilbert's choice and classical logic *} +section \Hilbert's choice and classical logic\ theory Hilbert_Classical imports Main begin -text {* +text \ Derivation of the classical law of tertium-non-datur by means of Hilbert's choice operator (due to M. J. Beeson and J. Harrison). -*} +\ -subsection {* Proof text *} +subsection \Proof text\ theorem tnd: "A \ \ A" proof - @@ -94,12 +94,12 @@ qed -subsection {* Proof term of text *} +subsection \Proof term of text\ prf tnd -subsection {* Proof script *} +subsection \Proof script\ theorem tnd': "A \ \ A" apply (subgoal_tac @@ -153,7 +153,7 @@ done -subsection {* Proof term of script *} +subsection \Proof term of script\ prf tnd' diff -r a63a11b09335 -r 2461779da2b8 src/HOL/Proofs/ex/XML_Data.thy --- a/src/HOL/Proofs/ex/XML_Data.thy Wed Dec 30 18:24:36 2015 +0100 +++ b/src/HOL/Proofs/ex/XML_Data.thy Wed Dec 30 18:25:39 2015 +0100 @@ -9,9 +9,9 @@ imports "~~/src/HOL/Isar_Examples/Drinker" begin -subsection {* Export and re-import of global proof terms *} +subsection \Export and re-import of global proof terms\ -ML {* +ML \ fun export_proof thy thm = let val (_, prop) = @@ -30,36 +30,36 @@ val prf = Proofterm.decode xml; val (prf', _) = Proofterm.freeze_thaw_prf prf; in Drule.export_without_context (Proof_Checker.thm_of_proof thy prf') end; -*} +\ -subsection {* Examples *} +subsection \Examples\ -ML {* val thy1 = @{theory} *} +ML \val thy1 = @{theory}\ lemma ex: "A \ A" .. -ML_val {* +ML_val \ val xml = export_proof @{theory} @{thm ex}; val thm = import_proof thy1 xml; -*} +\ -ML_val {* +ML_val \ val xml = export_proof @{theory} @{thm de_Morgan}; val thm = import_proof thy1 xml; -*} +\ -ML_val {* +ML_val \ val xml = export_proof @{theory} @{thm Drinker's_Principle}; val thm = import_proof thy1 xml; -*} +\ -text {* Some fairly large proof: *} +text \Some fairly large proof:\ -ML_val {* +ML_val \ val xml = export_proof @{theory} @{thm abs_less_iff}; val thm = import_proof thy1 xml; @{assert} (size (YXML.string_of_body xml) > 1000000); -*} +\ end