isabelle-cookbook: comparison ProgTutorial/General.thy

equal deleted inserted replaced

-:c0cae24b9d46
+:5dffcab68680
 chapter {* Isabelle -- The Good, the Bad and the Ugly *}
 text {*
 Isabelle is build around a few central ideas. One is the LCF-approach to
 theorem proving where there is a small trusted core and everything else is
-build on top of this trusted core.
+build on top of this trusted core. The central data structures involved
+in this core are certified terms and types as well as theorems.
 *}
 section {* Terms and Types *}
 text {*
-One way to construct Isabelle terms, is by using the antiquotation
+In Isabelle there are certified terms (respectively types) and uncertified
-\mbox{@{text "@{term \<dots>}"}}. For example
+terms. The latter are called just terms. One way to construct them is by
+using the antiquotation \mbox{@{text "@{term \<dots>}"}}. For example
 @{ML_response [display,gray]
 "@{term \"(a::nat) + b = c\"}"
 "Const (\"op =\", \<dots>) $
 (Const (\"HOL.plus_class.plus\", \<dots>) $ \<dots> $ \<dots>) $ \<dots>"}
 For example
 @{ML_response [display,gray]
 "@{type_name \"list\"}" "\"List.list\""}
-(FIXME: Explain the following better.)
+\footnote{\bf FIXME: Explain the following better; maybe put in a separate
+section and link with the comment in the antiquotation section.}
 Occasionally you have to calculate what the ``base'' name of a given
 constant is. For this you can use the function @{ML_ind  "Sign.extern_const"} or
 @{ML_ind  Long_Name.base_name}. For example:
 Write a function which takes two terms representing natural numbers
 in unary notation (like @{term "Suc (Suc (Suc 0))"}), and produces the
 number representing their sum.
 \end{exercise}
-\begin{exercise}\footnote{Personal communication of
+\begin{exercise}\label{ex:debruijn}
-de Bruijn to Dyckhoff.}\label{ex:debruijn}
+Implement the function, which we below name deBruijn\footnote{According to
-Implement the function, which we below name deBruijn, that depends on a natural
+personal communication of de Bruijn to Dyckhoff.}, that depends on a natural
 number n$>$0 and constructs terms of the form:
 \begin{center}
 \begin{tabular}{r@ {\hspace{2mm}}c@ {\hspace{2mm}}l}
 {\it rhs n} & $\dn$ & {\large$\bigwedge$}{\it i=1\ldots n.  P\,i}\\
 $\longrightarrow$ {\it rhs n}\\
 {\it deBruijn n} & $\dn$ & {\it lhs n} $\longrightarrow$ {\it rhs n}\\
 \end{tabular}
 \end{center}
-For n=3 this function returns the term
+This function returns for n=3 the term
 \begin{center}
 \begin{tabular}{l}
 (P 1 = P 2 $\longrightarrow$ P 1 $\wedge$ P 2 $\wedge$ P 3) $\wedge$\\
 (P 2 = P 3 $\longrightarrow$ P 1 $\wedge$ P 2 $\wedge$ P 3) $\wedge$\\
 checking and pretty-printing of terms are defined. Functions related to
 type-inference are implemented in @{ML_file "Pure/type.ML"} and
 @{ML_file "Pure/type_infer.ML"}.
 \end{readmore}
-(FIXME: say something about sorts)
+\footnote{\bf FIXME: say something about sorts.}
 \begin{exercise}
 Check that the function defined in Exercise~\ref{fun:revsum} returns a
 result that type-checks. See what happens to the  solutions of this
-exercise given in \ref{ch:solutions} when they receive an ill-typed term
+exercise given in Appendix \ref{ch:solutions} when they receive an
-as input.
+ill-typed term as input.
 \end{exercise}
 *}
 section {* Theorems *}
 @{text "> "}~@{thm test[my_sym, MY_THEN eq_reflection]}
 \end{isabelle}
 However, here also a weakness of the concept
 of theorem attributes shows through: since theorem attributes can be
-arbitrary functions, they do not in general commute. If you try
+arbitrary functions, they do not commute in general. If you try
 \begin{isabelle}
 \isacommand{thm}~@{text "test[MY_THEN eq_reflection, my_sym]"}\\
 @{text "> "}~@{text "exception THM 1 raised: RSN: no unifiers"}
 \end{isabelle}
 you get an exception indicating that the theorem @{thm [source] sym}
 does not resolve with meta-equations.
-The purpose of @{ML_ind  rule_attribute in Thm} is to directly manipulate theorems.
+The purpose of @{ML_ind rule_attribute in Thm} is to directly manipulate
-Another usage of theorem attributes is to add and delete theorems from stored data.
+theorems.  Another usage of theorem attributes is to add and delete theorems
-For example the theorem attribute @{text "[simp]"} adds or deletes a theorem from the
+from stored data.  For example the theorem attribute @{text "[simp]"} adds
-current simpset. For these applications, you can use @{ML_ind  declaration_attribute in Thm}.
+or deletes a theorem from the current simpset. For these applications, you
-To illustrate this function, let us introduce a reference containing a list
+can use @{ML_ind declaration_attribute in Thm}. To illustrate this function,
-of theorems.
+let us introduce a theorem list.
 *}
-ML{*val my_thms = Unsynchronized.ref ([] : thm list)*}
+ML{*structure MyThms = Named_Thms
+(val name = "attr_thms"
+val description = "Theorems for an Attribute") *}
 text {*
-The purpose of this reference is to store a list of theorems.
+We are going to modify this list by adding and deleting theorems.
-We are going to modify it by adding and deleting theorems.
+For this we use the two functions @{ML MyThms.add_thm} and
-However, a word of warning: such references must not
+@{ML MyThms.del_thm}. You can turn them into attributes
-be used in any code that is meant to be more than just for testing purposes!
+with the code
-Here it is only used to illustrate matters. We will show later how to store
+*}
-data properly without using references.
+ML{*val my_add = Thm.declaration_attribute MyThms.add_thm
-We need to provide two functions that add and delete theorems from this list.
+val my_del = Thm.declaration_attribute MyThms.del_thm *}
-For this we use the two functions:
-*}
-ML{*fun my_thm_add thm ctxt =
-(my_thms := Thm.add_thm thm (!my_thms); ctxt)
-fun my_thm_del thm ctxt =
-(my_thms := Thm.del_thm thm (!my_thms); ctxt)*}
-text {*
-These functions take a theorem and a context and, for what we are explaining
-here it is sufficient that they just return the context unchanged. They change
-however the reference @{ML my_thms}, whereby the function
-@{ML_ind  add_thm in Thm} adds a theorem if it is not already included in
-the list, and @{ML_ind  del_thm in Thm} deletes one (both functions use the
-predicate @{ML_ind  eq_thm_prop in Thm}, which compares theorems according to
-their proved propositions modulo alpha-equivalence).
-You can turn functions @{ML my_thm_add} and @{ML my_thm_del} into
-attributes with the code
-*}
-ML{*val my_add = Thm.declaration_attribute my_thm_add
-val my_del = Thm.declaration_attribute my_thm_del *}
 text {*
 and set up the attributes as follows
 *}
 attribute_setup %gray my_thms = {* Attrib.add_del my_add my_del *}
-"maintaining a list of my_thms - rough test only!"
+"maintaining a list of my_thms"
 text {*
 The parser @{ML_ind  add_del in Attrib} is a predefined parser for
 adding and deleting lemmas. Now if you prove the next lemma
 and attach to it the attribute @{text "[my_thms]"}
 text {*
 then you can see it is added to the initially empty list.
 @{ML_response_fake [display,gray]
-"!my_thms" "[\"True\"]"}
+"MyThms.get @{context}"
+"[\"True\"]"}
 You can also add theorems using the command \isacommand{declare}.
 *}
 declare test[my_thms] trueI_2[my_thms add]
 text {*
 With this attribute, the @{text "add"} operation is the default and does
 not need to be explicitly given. These three declarations will cause the
 theorem list to be updated as:
 @{ML_response_fake [display,gray]
-"!my_thms"
+"MyThms.get @{context}"
 "[\"True\", \"Suc (Suc 0) = 2\"]"}
 The theorem @{thm [source] trueI_2} only appears once, since the
 function @{ML_ind  add_thm in Thm} tests for duplicates, before extending
 the list. Deletion from the list works as follows:
 declare test[my_thms del]
 text {* After this, the theorem list is again:
 @{ML_response_fake [display,gray]
-"!my_thms"
+"MyThms.get @{context}"
 "[\"True\"]"}
-We used in this example two functions declared as @{ML_ind  declaration_attribute in Thm},
+We used in this example two functions declared as @{ML_ind
-but there can be any number of them. We just have to change the parser for reading
+declaration_attribute in Thm}, but there can be any number of them. We just
-the arguments accordingly.
+have to change the parser for reading the arguments accordingly.
-However, as said at the beginning of this example, using references for storing theorems is
+\footnote{\bf FIXME What are: @{text "theory_attributes"}, @{text "proof_attributes"}?}
-\emph{not} the received way of doing such things. The received way is to
-start a ``data slot'', below called @{text MyThmsData}, generated by the functor
-@{text GenericDataFun}:
-*}
-ML{*structure MyThmsData = GenericDataFun
-(type T = thm list
-val empty = []
-val extend = I
-fun merge _ = Thm.merge_thms) *}
-text {*
-The type @{text "T"} of this data slot is @{ML_type "thm list"}.\footnote{FIXME: give a pointer
-to where data slots are explained properly.}
-To use this data slot, you only have to change @{ML my_thm_add} and
-@{ML my_thm_del} to:
-*}
-ML{*val my_thm_add = MyThmsData.map o Thm.add_thm
-val my_thm_del = MyThmsData.map o Thm.del_thm*}
-text {*
-where @{ML MyThmsData.map} updates the data appropriately. The
-corresponding theorem attributes are
-*}
-ML{*val my_add = Thm.declaration_attribute my_thm_add
-val my_del = Thm.declaration_attribute my_thm_del *}
-text {*
-and the setup is as follows
-*}
-attribute_setup %gray my_thms2 = {* Attrib.add_del my_add my_del *}
-"properly maintaining a list of my_thms"
-text {*
-Initially, the data slot is empty
-@{ML_response_fake [display,gray]
-"MyThmsData.get (Context.Proof @{context})"
-"[]"}
-but if you prove
-*}
-lemma three[my_thms2]: "3 = Suc (Suc (Suc 0))" by simp
-text {*
-then the lemma is recorded.
-@{ML_response_fake [display,gray]
-"MyThmsData.get (Context.Proof @{context})"
-"[\"3 = Suc (Suc (Suc 0))\"]"}
-With theorem attribute @{text my_thms2} you can also nicely see why it
-is important to
-store data in a ``data slot'' and \emph{not} in a reference. Backtrack
-to the point just before the lemma @{thm [source] three} was proved and
-check the the content of @{ML_struct MyThmsData}: it should be empty.
-The addition has been properly retracted. Now consider the proof:
-*}
-lemma four[my_thms]: "4 = Suc (Suc (Suc (Suc 0)))" by simp
-text {*
-Checking the content of @{ML my_thms} gives
-@{ML_response_fake [display,gray]
-"!my_thms"
-"[\"4 = Suc (Suc (Suc (Suc 0)))\", \"True\"]"}
-as expected, but if you backtrack before the lemma @{thm [source] four}, the
-content of @{ML my_thms} is unchanged. The backtracking mechanism
-of Isabelle is completely oblivious about what to do with references, but
-properly treats ``data slots''!
-Since storing theorems in a list is such a common task, there is the special
-functor @{ML_functor Named_Thms}, which does most of the work for you. To obtain
-a named theorem list, you just declare
-*}
-ML{*structure FooRules = Named_Thms
-(val name = "foo"
-val description = "Rules for foo") *}
-text {*
-and set up the @{ML_struct FooRules} with the command
-*}
-setup %gray {* FooRules.setup *}
-text {*
-This code declares a data slot where the theorems are stored,
-an attribute @{text foo} (with the @{text add} and @{text del} options
-for adding and deleting theorems) and an internal ML interface to retrieve and
-modify the theorems.
-Furthermore, the facts are made available on the user-level under the dynamic
-fact name @{text foo}. For example you can declare three lemmas to be of the kind
-@{text foo} by:
-*}
-lemma rule1[foo]: "A" sorry
-lemma rule2[foo]: "B" sorry
-lemma rule3[foo]: "C" sorry
-text {* and undeclare the first one by: *}
-declare rule1[foo del]
-text {* and query the remaining ones with:
-\begin{isabelle}
-\isacommand{thm}~@{text "foo"}\\
-@{text "> ?C"}\\
-@{text "> ?B"}
-\end{isabelle}
-On the ML-level the rules marked with @{text "foo"} can be retrieved
-using the function @{ML FooRules.get}:
-@{ML_response_fake [display,gray] "FooRules.get @{context}" "[\"?C\",\"?B\"]"}
-\begin{readmore}
-For more information see @{ML_file "Pure/Tools/named_thms.ML"}.
-\end{readmore}
-(FIXME What are: @{text "theory_attributes"}, @{text "proof_attributes"}?)
 \begin{readmore}
 FIXME: @{ML_file "Pure/more_thm.ML"}; parsers for attributes is in
 @{ML_file "Pure/Isar/attrib.ML"}...also explained in the chapter about
 parsing.

changeset 329	5dffcab68680
parent 328	c0cae24b9d46
child 335	163ac0662211