isabelle-cookbook: comparison CookBook/Tactical.thy

equal deleted inserted replaced

-:123401a5c8e9
+:5e309df58557
 chapter {* Tactical Reasoning\label{chp:tactical} *}
 text {*
-The main reason for descending to the ML-level of Isabelle is to be able to
+The main reason for descending to the ML-level of Isabelle is to be
-implement automatic proof procedures. Such proof procedures usually lessen
+able to implement automatic proof procedures. Such proof procedures usually
-considerably the burden of manual reasoning, for example, when introducing
+lessen considerably the burden of manual reasoning, for example, when
-new definitions. These proof procedures are centred around refining a goal
+introducing new definitions. These proof procedures are centred around
-state using tactics. This is similar to the @{text apply}-style reasoning at
+refining a goal state using tactics. This is similar to the @{text
-the user level, where goals are modified in a sequence of proof steps until
+apply}-style reasoning at the user level, where goals are modified in a
-all of them are solved. However, there are also more structured operations
+sequence of proof steps until all of them are solved. However, there are
-that help with handling of variables and assumptions.
+also more structured operations available on the ML-level that help with
-*}
+the handling of variables and assumptions.
-section {* Tactical Reasoning *}
+*}
-text {*
+section {* Basics of Reasoning with Tactics*}
-To see how tactics work, let us first transcribe a simple @{text apply}-style proof
+text {*
+To see how tactics work, let us first transcribe a simple \isacommand{apply}-style proof
 into ML. Consider the following proof.
 *}
 lemma disj_swap: "P \<or> Q \<Longrightarrow> Q \<or> P"
 apply(erule disjE)
 @{text xs} that will be generalised once the goal is proved (in our case
 @{text P} and @{text Q}). The @{text "tac"} is the tactic that proves the goal;
 it can make use of the local assumptions (there are none in this example).
 The functions @{ML etac}, @{ML rtac} and @{ML atac} correspond to
 @{text erule}, @{text rule} and @{text assumption}, respectively.
-The operator @{ML THEN} strings the tactics together.
+The operator @{ML THEN} strings the tactics together. A difference
+between the \isacommand{apply}-script and the ML-code is that the
+former causes the lemma to be stored under the name @{text "disj_swap"},
+whereas the latter does not include any code for this.
 \begin{readmore}
 To learn more about the function @{ML Goal.prove} see \isccite{sec:results}
 and the file @{ML_file "Pure/goal.ML"}. For more information about the
 internals of goals see \isccite{sec:tactical-goals}.  See @{ML_file
 style. The reason is that the binding for @{ML disjE} can be re-assigned by
 the user and thus one does not have complete control over which theorem is
 actually applied. This problem is nicely prevented by using antiquotations,
 because then the theorems are fixed statically at compile-time.
-During the development of automatic proof procedures, it will often be necessary
+During the development of automatic proof procedures, you will often find it
-to test a tactic on examples. This can be conveniently
+necessary to test a tactic on examples. This can be conveniently
 done with the command \isacommand{apply}@{text "(tactic \<verbopen> \<dots> \<verbclose>)"}.
 Consider the following sequence of tactics
 *}
 ML{*val foo_tac =
 apply(tactic {* foo_tac *})
 done
 text {*
 By using @{text "tactic \<verbopen> \<dots> \<verbclose>"} in the apply-step,
-you can call @{ML foo_tac} or any function that returns a tactic from the
+you can call from the user level of Isabelle the tactic @{ML foo_tac} or
-user level of Isabelle.
+any other function that returns a tactic.
-As can be seen, each tactic in @{ML foo_tac} has a hard-coded number that
+The tactic @{ML foo_tac} is just a sequence of simple tactics stringed
-stands for the subgoal analysed by the tactic. In our case, we only focus on the first
+together by @{ML THEN}. As can be seen, each simple tactic in @{ML foo_tac}
-subgoal. This is sometimes wanted, but usually not. To avoid the explicit numbering in the
+has a hard-coded number that stands for the subgoal analysed by the
-tactic, you can write
+tactic (@{text "1"} stands for the first, or top-most, subgoal). This is
+sometimes wanted, but usually not. To avoid the explicit numbering in
+the tactic, you can write
 *}
 ML{*val foo_tac' =
 (etac @{thm disjE}
 THEN' rtac @{thm disjI2}
 THEN' rtac @{thm disjI1}
 THEN' atac)*}
 text {*
 and then give the number for the subgoal explicitly when the tactic is
-called. For every operator that combines tactics, such a primed version
+called. For every operator that combines tactics (@{ML THEN} is only one
-exists. So in the next proof we can first discharge the second subgoal,
+such operator), a primed version exists. So in the next proof you
-and after that the first.
+can first discharge the second subgoal, and after that the first.
 *}
 lemma "P1 \<or> Q1 \<Longrightarrow> Q1 \<or> P1"
 and "P2 \<or> Q2 \<Longrightarrow> Q2 \<or> P2"
 apply(tactic {* foo_tac' 2 *})
 apply(tactic {* foo_tac' 1 *})
 done
 text {*
-(FIXME: maybe add something about how each goal state is interpreted
+This kind of addressing is more difficult to achieve when the goal is
-as a theorem)
+hard-coded inside the tactic.
-The tactic @{ML foo_tac} (and @{ML foo_tac'}) are very specific for
+The tactics @{ML foo_tac} and @{ML foo_tac'} are very specific for
-analysing goals only of the form @{prop "P \<or> Q \<Longrightarrow> Q \<or> P"}. If the goal is not
+analysing goals being only of the form @{prop "P \<or> Q \<Longrightarrow> Q \<or> P"}. If the goal is not
 of this form, then @{ML foo_tac} throws the error message:
 \begin{isabelle}
 @{text "*** empty result sequence -- proof command failed"}\\
 @{text "*** At command \"apply\"."}
 \end{isabelle}
 Meaning the tactic failed. The reason for this error message is that tactics
 are functions that map a goal state to a (lazy) sequence of successor states,
-hence the type of a tactic is
+hence the type of a tactic is:
 @{text [display, gray] "type tactic = thm -> thm Seq.seq"}
 It is custom that if a tactic fails, it should return the empty sequence:
-tactics should not raise exceptions willy-nilly.
+your own tactics should not raise exceptions willy-nilly.
+The simplest tactics are @{ML no_tac} and @{ML all_tac}. The first returns
+the empty sequence and is defined as
+*}
+ML{*fun no_tac thm = Seq.empty*}
+text {*
+which means @{ML no_tac} always fails. The second returns the given theorem wrapped
+as a single member sequence. It is defined as
+*}
+ML{*fun all_tac thm = Seq.single thm*}
+text {*
+which means @{ML all_tac} always succeeds (but also does not make any progress
+with the proof).
 The lazy list of possible successor states shows through to the user-level
 of Isabelle when using the command \isacommand{back}. For instance in the
 following proof, there are two possibilities for how to apply
 @{ML foo_tac'}.
 lemma "\<lbrakk>P \<or> Q; P \<or> Q\<rbrakk> \<Longrightarrow> Q \<or> P"
 apply(tactic {* foo_tac' 1 *})
 back
 done
 text {*
 By using \isacommand{back}, we construct the proof that uses the
-second assumption to complete the proof. In more interesting
+second assumption. In more interesting situations, different possibilities
-situations, different possibilities can lead to different proofs.
+can lead to different proofs and even often need to be explored when
+a first proof attempt is unsuccessful.
 \begin{readmore}
 See @{ML_file "Pure/General/seq.ML"} for the implementation of lazy
 sequences. However in day-to-day Isabelle programming, one rarely
 constructs sequences explicitly, but uses the predefined functions
 instead.
 \end{readmore}
-*}
+For a beginner it might be surprising that tactics, which transform
+one proof state to the next, are functions from theorems to theorem
-section {* Basic Tactics *}
+(sequences). The surprise resolves by knowing that every
+proof state is indeed a theorem. To shed more light on this,
+let us modify the code of @{ML all_tac} to obtain the following
+tactic
+*}
+ML{*fun my_print_tac ctxt thm =
+let
+val _ = warning (str_of_thm ctxt thm)
+in
+Seq.single thm
+end*}
+text {*
+which prints out the given theorem (using the string-function defined
+in Section~\ref{sec:printing}) and then behaves like @{ML all_tac}. We
+now can inspect every proof state in the follwing proof. On the left-hand
+side we show the goal state as shown by the system; on the right-hand
+side the print out from our @{ML my_print_tac}.
+*}
+lemma shows "\<lbrakk>A; B\<rbrakk> \<Longrightarrow> A \<and> B"
+apply(tactic {* my_print_tac @{context} *})
+txt{* \small
+\begin{tabular}{@ {}l@ {}p{0.7\textwidth}@ {}}
+\begin{minipage}[t]{0.3\textwidth}
+@{subgoals [display]}
+\end{minipage} &
+\hfill@{text "(\<lbrakk>A; B\<rbrakk> \<Longrightarrow> A \<and> B) \<Longrightarrow> (\<lbrakk>A; B\<rbrakk> \<Longrightarrow> A \<and> B)"}
+\end{tabular}
+*}
+apply(rule conjI)
+apply(tactic {* my_print_tac @{context} *})
+txt{* \small
+\begin{tabular}{@ {}l@ {}p{0.76\textwidth}@ {}}
+\begin{minipage}[t]{0.26\textwidth}
+@{subgoals [display]}
+\end{minipage} &
+\hfill@{text "(\<lbrakk>A; B\<rbrakk> \<Longrightarrow> A) \<Longrightarrow> (\<lbrakk>A; B\<rbrakk> \<Longrightarrow> B) \<Longrightarrow> (\<lbrakk>A; B\<rbrakk> \<Longrightarrow> A \<and> B)"}
+\end{tabular}
+*}
+apply(assumption)
+apply(tactic {* my_print_tac @{context} *})
+txt{* \small
+\begin{tabular}{@ {}l@ {}p{0.7\textwidth}@ {}}
+\begin{minipage}[t]{0.3\textwidth}
+@{subgoals [display]}
+\end{minipage} &
+\hfill@{text "(\<lbrakk>A; B\<rbrakk> \<Longrightarrow> B) \<Longrightarrow> (\<lbrakk>A; B\<rbrakk> \<Longrightarrow> A \<and> B)"}
+\end{tabular}
+*}
+apply(assumption)
+apply(tactic {* my_print_tac @{context} *})
+txt{* \small
+\begin{tabular}{@ {}l@ {}p{0.7\textwidth}@ {}}
+\begin{minipage}[t]{0.3\textwidth}
+@{subgoals [display]}
+\end{minipage} &
+\hfill@{text "\<lbrakk>A; B\<rbrakk> \<Longrightarrow> A \<and> B"}
+\end{tabular}
+*}
+done
+text {*
+As can be seen, internally every goal state is an implication of the form
+@{text[display] "A\<^isub>1 \<Longrightarrow> \<dots> \<Longrightarrow> A\<^isub>n \<Longrightarrow> (C)"}
+where @{term C} is the goal to be proved and the @{term "A\<^isub>i"} are the
+subgoals. Since the goal @{term C} can potentially be an implication,
+there is a protector (invisible in the print out above) wrapped around
+it. This prevents that premises are misinterpreted as open subgoals.
+While tactics can operate on the subgoals (the @{text "A\<^isub>i"} above), they
+are expected to leave the conclusion @{term C} intact, with the
+exception of possibly instantiating schematic variables.
+*}
+section {* Simple Tactics *}
 text {*
 As seen above, the function @{ML atac} corresponds to the assumption tactic.
 *}
 apply(tactic {* atac 1 *})
 done
 text {*
 Similarly, @{ML rtac}, @{ML dtac}, @{ML etac} and @{ML ftac} correspond
-to @{ML_text rule}, @{ML_text drule}, @{ML_text erule} and @{ML_text frule},
+to @{text rule}, @{text drule}, @{text erule} and @{text frule},
 respectively. Below are three examples with the resulting goal state. How
 they work should therefore be self-explanatory.
 *}
 lemma shows "P \<and> Q"
 lemma shows "False \<Longrightarrow> True"
 apply(tactic {* print_tac "foo message" *})
 (*<*)oops(*>*)
 text {*
-Also for useful for debugging, but not exclusively, are the tactics @{ML all_tac} and
+Also for useful for debugging purposes are the tactics @{ML all_tac} and
 @{ML no_tac}. The former always succeeds (but does not change the goal state), and
 the latter always fails.
 (FIXME explain RS MRS)
 val str_of_prems = str_of_thms context prems
 val str_of_schms = str_of_cterms context (snd schematics)
 val _ = (warning ("params: " ^ str_of_params);
 warning ("schematics: " ^ str_of_schms);
-warning ("asms: " ^ str_of_asms);
+warning ("assumptions: " ^ str_of_asms);
-warning ("concl: " ^ str_of_concl);
+warning ("conclusion: " ^ str_of_concl);
-warning ("prems: " ^ str_of_prems))
+warning ("premises: " ^ str_of_prems))
 in
 no_tac
 end*}
 text_raw{*
 \end{isabelle}
 txt {*
 which yields the printout:
 \begin{quote}\small
 \begin{tabular}{ll}
-params:     & @{term x}, @{term y}\\
+params:      & @{term x}, @{term y}\\
-schematics: & @{term z}\\
+schematics:  & @{term z}\\
-asms:       & @{term "A x y"}\\
+assumptions: & @{term "A x y"}\\
-concl:      & @{term "B y x \<longrightarrow> C (z y) x"}\\
+conclusion:  & @{term "B y x \<longrightarrow> C (z y) x"}\\
-prems:      & @{term "A x y"}
+premises:    & @{term "A x y"}
 \end{tabular}
 \end{quote}
 Note in the actual output the brown colour of the variables @{term x} and
 @{term y}. Although parameters in the original goal, they are fixed inside
 txt {*
 then @{ML SUBPROOF} prints out
 \begin{quote}\small
 \begin{tabular}{ll}
-params:     & @{term x}, @{term y}\\
+params:      & @{term x}, @{term y}\\
-schematics: & @{term z}\\
+schematics:  & @{term z}\\
-asms:       & @{term "A x y"}, @{term "B y x"}\\
+assumptions: & @{term "A x y"}, @{term "B y x"}\\
-concl:      & @{term "C (z y) x"}\\
+conclusion:  & @{term "C (z y) x"}\\
-prems:      & @{term "A x y"}, @{term "B y x"}
+premises:    & @{term "A x y"}, @{term "B y x"}
 \end{tabular}
 \end{quote}
 *}
 (*<*)oops(*>*)
 @{ML rewrite_goals_tac}
 @{ML cut_facts_tac}
 @{ML ObjectLogic.full_atomize_tac}
 @{ML ObjectLogic.rulify_tac}
 @{ML resolve_tac}
-*}
-text {*
-A goal (or goal state) is a special @{ML_type thm}, which by
-convention is an implication of the form:
-@{text[display] "A\<^isub>1 \<Longrightarrow> \<dots> \<Longrightarrow> A\<^isub>n \<Longrightarrow> #(C)"}
-where @{term C} is the goal to be proved and the @{term "A\<^isub>i"} are the open
-subgoals.
-Since the goal @{term C} can potentially be an implication, there is a
-@{text "#"} wrapped around it, which prevents that premises are
-misinterpreted as open subgoals. The wrapper @{text "# :: prop \<Rightarrow>
-prop"} is just the identity function and used as a syntactic marker.
-While tactics can operate on the subgoals (the @{text "A\<^isub>i"} above), they
-are expected to leave the conclusion @{term C} intact, with the
-exception of possibly instantiating schematic variables.
 *}
 section {* Structured Proofs *}
 lemma True
 val this = Assumption.export false ctxt ctxt0 this
 val this = Variable.export ctxt ctxt0 [this]
 *}
 end

changeset 102	5e309df58557
parent 99	de625e5f6a36
child 104	5dcad9348e4d