isabelle-cookbook: comparison CookBook/Recipes/ExternalSolver.thy

equal deleted inserted replaced

-:62fb91f86908
+:531e453c9d67
 theory ExternalSolver
 imports "../Base"
+uses ("external_solver.ML")
 begin
-section {* Using an External Solver\label{rec:external} *}
+section {* Executing an External Application *}
 text {*
 {\bf Problem:}
-You want to use an external solver, because the solver might be more efficient
+You want to use an external application.
-for deciding a certain class of formulae than Isabelle tactics.
+\smallskip
-\smallskip
+{\bf Solution:} The function @{ML system_out} might be the right thing for
-{\bf Solution:} The easiest way to do this is by implementing an oracle.
+you.
-We will also construct proofs inside Isabelle by using the results produced
+\smallskip
-by the oracle.
+This function executes an external command as if printed in a shell. It
+returns the output of the program and its return value.
+For example, consider running an ordinary shell commands:
+@{ML_response [display,gray]
+"system_out \"echo Hello world!\"" "(\"Hello world!\\n\", 0)"}
+Note that it works also fine with timeouts (see Recipe~\ref{rec:timeout}
+on Page~\pageref{rec:timeout}), i.e. external applications are killed
+properly. For example, the following expression takes only approximately
+one second:
+@{ML_response [display,gray]
+"TimeLimit.timeLimit (Time.fromSeconds 1) system_out \"sleep 30\"
+handle TimeLimit.TimeOut => (\"timeout\", ~1)" "(\"timeout\", ~1)"}
+*}
+text {*
+The function @{ML system_out} can also be used for more reasonable
+applications, e.g. coupling external solvers with Isabelle. In that case,
+one has to make sure that Isabelle can find the particular executable.
+One way to ensure this is by adding a Bash-like variable binding into
+one of Isabelle's settings file (prefer the user settings file usually to
+be found at @{text "$HOME/.isabelle/etc/settings"}).
+For example, assume you want to use the application @{text foo} which
+is here supposed to be located at @{text "/usr/local/bin/"}.
+The following line has to be added to one of Isabelle's settings file:
+@{text "FOO=/usr/local/bin/foo"}
+In Isabelle, this application may now be executed by
+@{ML_response_fake [display,gray] "system_out \"$FOO\"" "\<dots>"}
+*}
+section {* Writing an Oracle\label{rec:external} *}
+text {*
+{\bf Problem:}
+You want to use a fast, new decision procedure not based one Isabelle's
+tactics, and you do not care whether it is sound.
+\smallskip
+{\bf Solution:} Isabelle provides the oracle mechanisms to bypass the
+inference kernel. Note that theorems proven by an oracle carry a special
+mark to inform the user of their potential incorrectness.
 \smallskip
 \begin{readmore}
 A short introduction to oracles can be found in [isar-ref: no suitable label
-for section 3.11]. A simple example is given in
+for section 3.11]. A simple example, which we will slightly extend here,
-@{ML_file "FOL/ex/IffOracle"}.
+is given in @{ML_file "FOL/ex/IffOracle"}. The raw interface for adding
-(TODO: add more references to the code)
+oracles is @{ML add_oracle in Thm} in @{ML_file "Pure/thm"}.
 \end{readmore}
-For our explanation here, we will use the @{text metis} prover for proving
+For our explanation here, we restrict ourselves to decide propositional
-propositional formulae. The general method will be roughly as follows:
+formulae which consist only of equivalences between propositional variables,
-Given a goal @{text G}, we transform it into the syntactical respresentation
+i.e. we want to decide whether @{term "P = (Q = P) = Q"} is a tautology.
-of @{text "metis"}, build the CNF of the negated formula and then let metis search
-for a refutation. @{text Metis} will either return the proved goal or raise
+Assume, that we have a decision procedure for such formulae, implemented
-an exception meaning
+in ML. Since we do not care how it works, we will use it here as an
-that it was unable to prove the goal (FIXME: is this so?).
+``external solver'':
+*}
-The translation function from Isabelle propositions into formulae of
-@{text metis} is as follows:
+use "external_solver.ML"
+text {*
+We do, however, know that the solver provides a function
+@{ML IffSolver.decide}.
+It takes a string representation of a formula and returns either
+@{ML true} if the formula is a tautology or
+@{ML false} otherwise. The input syntax is specified as follows:
+formula $::=$ atom $\mid$ \verb|(| formula \verb|<=>| formula \verb|)|
+and all token are separated by at least one space.
+(FIXME: is there a better way for describing the syntax?)
+We will proceed in the following way. We start by translating a HOL formula
+into the string representation expected by the solver. The solver's result
+is then used to build an oracle, which we will subsequently use as a core
+for an Isar method to be able to apply the oracle in proving theorems.
+Let us start with the translation function from Isabelle propositions into
+the solver's string representation. To increase efficiency while building
+the string, we use functions from the @{text Buffer} module.
 *}
-ML{*fun trans t =
+ML {*fun translate t =
-(case t of
+let
-@{term Trueprop} $ t => trans t
+fun trans t =
-| @{term True} => Metis.Formula.True
+(case t of
-| @{term False} => Metis.Formula.False
+@{term "op = :: bool \<Rightarrow> bool \<Rightarrow> bool"} $ t $ u =>
-| @{term Not} $ t => Metis.Formula.Not (trans t)
+Buffer.add " (" #>
-| @{term "op &"} $ t1 $ t2 => Metis.Formula.And (trans t1, trans t2)
+trans t #>
-| @{term "op |"} $ t1 $ t2 => Metis.Formula.Or (trans t1, trans t2)
+Buffer.add "<=>" #>
-| @{term "op -->"} $ t1 $ t2 => Metis.Formula.Imp (trans t1, trans t2)
+trans u #>
-| @{term "op = :: bool => bool => bool"} $ t1 $ t2 =>
+Buffer.add ") "
-Metis.Formula.Iff (trans t1, trans t2)
+| Free (n, @{typ bool}) =>
-| Free (n, @{typ bool}) => Metis.Formula.Atom (n, [])
+Buffer.add " " #>
-| _ => error "inacceptable term")*}
+Buffer.add n #>
+Buffer.add " "
+| _ => error "inacceptable term")
+in Buffer.content (trans t Buffer.empty) end
+*}
+text {*
+Here is the string representation of the term @{term "p = (q = p)"}:
+@{ML_response
+"translate @{term \"p = (q = p)\"}"
+"\" ( p <=> ( q <=> p ) ) \""}
+Let us check, what the solver returns when given a tautology:
+@{ML_response
+"IffSolver.decide (translate @{term \"p = (q = p) = q\"})"
+"true"}
+And here is what it returns for a formula which is not valid:
+@{ML_response
+"IffSolver.decide (translate @{term \"p = (q = p)\"})"
+"false"}
+*}
 text {*
-An example is as follows:
+Now, we combine these functions into an oracle. In general, an oracle may
+be given any input, but it has to return a certified proposition (a
-@{ML_response [display,gray] "trans @{prop \"A \<and> B\"}"
+special term which is type-checked), out of which Isabelle's inference
-"Metis.Formula.And
+kernel ``magically'' makes a theorem.
-(Metis.Formula.Atom (\"A\", []), Metis.Formula.Atom (\"B\", []))"}
+Here, we take the proposition to be show as input. Note that we have
+to first extract the term which is then passed to the translation and
-The next function computes the conjunctive-normal-form.
+decision procedure. If the solver finds this term to be valid, we return
-*}
+the given proposition unchanged to be turned then into a theorem:
+*}
-ML %linenumbers{*fun make_cnfs fm =
+oracle iff_oracle = {* fn ct =>
-fm |> Metis.Formula.Not
+if IffSolver.decide (translate (HOLogic.dest_Trueprop (Thm.term_of ct)))
-|> Metis.Normalize.cnf
+then ct
-|> map Metis.Formula.stripConj
+else error "Proof failed."*}
-|> map (map Metis.Formula.stripDisj)
-|> map (map (map Metis.Literal.fromFormula))
+text {*
-|> map (map Metis.LiteralSet.fromList)
+Here is what we get when applying the oracle:
-|> map (map Metis.Thm.axiom)*}
+@{ML_response_fake "iff_oracle @{cprop \"p = (p::bool)\"}" "p = p"}
-text {*
-(FIXME: Is there a deep reason why Metis.Normalize.cnf returns a list?)
+(FIXME: is there a better way to present the theorem?)
-(FIXME: What does Line 8 do?)
+To be able to use our oracle for Isar proofs, we wrap it into a tactic:
+*}
-(FIXME: Can this code be improved?)
+ML{*val iff_oracle_tac =
+CSUBGOAL (fn (goal, i) =>
-Setting up the resolution.
+(case try iff_oracle goal of
-*}
+NONE => no_tac
+| SOME thm => rtac thm i))*}
-ML{*fun refute cls =
-let val result =
+text {*
-Metis.Resolution.loop
+and create a new method solely based on this tactic:
-(Metis.Resolution.new Metis.Resolution.default cls)
+*}
-in
-(case result of
+method_setup iff_oracle = {*
-Metis.Resolution.Contradiction _ => true
+Method.no_args (Method.SIMPLE_METHOD' iff_oracle_tac)
-| Metis.Resolution.Satisfiable _ => false)
+*} "Oracle-based decision procedure for chains of equivalences"
-end*}
+text {*
-text {*
+(FIXME: what does @{ML "Method.SIMPLE_METHOD'"} do? ... what do you mean?)
-Stringing the functions together.
-*}
+Finally, we can test our oracle to prove some theorems:
+*}
-ML{*fun solve f = List.all refute (make_cnfs f)*}
+lemma "p = (p::bool)"
-text {* Setting up the oracle*}
+by iff_oracle
-ML{*fun prop_dp (thy, t) =
+lemma "p = (q = p) = q"
-if solve (trans t) then (Thm.cterm_of thy t)
+by iff_oracle
-else error "Proof failed."*}
-oracle prop_oracle = prop_dp
+text {*
+(FIXME: say something about what the proof of the oracle is ... what do you mean?)
-text {* (FIXME: What does oracle do?) *}
-ML{*fun prop_oracle_tac ctxt =
-SUBGOAL (fn (goal, i) =>
-(case (try prop_oracle (ProofContext.theory_of ctxt, goal)) of
-SOME thm => rtac thm i
-| NONE => no_tac))*}
-text {*
-(FIXME: The oracle returns a @{text cterm}. How is it possible
-that I can apply this cterm with @{ML rtac}?)
-*}
-method_setup prop_oracle = {*
-Method.ctxt_args (fn ctxt => Method.SIMPLE_METHOD' (prop_oracle_tac ctxt))
-*} "Oracle-based decision procedure for propositional logic"
-text {* (FIXME What does @{ML Method.SIMPLE_METHOD'} do?) *}
-lemma test: "p \<or> \<not>p"
-by prop_oracle
-text {* (FIXME: say something about what the proof of the oracle is)
-@{ML_response_fake [display,gray] "Thm.proof_of @{thm test}" "???"}
 *}
-lemma "((p \<longrightarrow> q) \<longrightarrow> p) \<longrightarrow> p"
-by prop_oracle
-lemma "\<forall>x::nat. x \<ge> 0"
-sorry
-text {*
-(FIXME: proof reconstruction)
-*}
-text {*
-For communication with external programs, there are the primitives
-@{ML_text system} and @{ML_text system_out}, the latter of which captures
-the invoked program's output. For simplicity, here, we will use metis, an
-external solver included in the Isabelle destribution. Since it is written
-in ML, we can call it directly without the detour of invoking an external
-program.
-*}
 end

changeset 94	531e453c9d67
parent 83	0fb5f91d5109
child 102	5e309df58557