isabelle-cookbook: comparison CookBook/Package/Ind

equal deleted inserted replaced

-:4d0e2edd476d
+:8bb4eaa2ec92
 theory Ind_Code
 imports "../Base" "../FirstSteps" Simple_Inductive_Package Ind_Prelims
 begin
 section {* Code *}
-subsection {* Definitions *}
 text {*
 @{text [display] "rule ::= \<And>xs. As \<Longrightarrow> (\<And>ys. Bs \<Longrightarrow> pred ss)\<^isup>* \<Longrightarrow> pred ts"}
 @{text [display] "orule ::= \<forall>xs. As \<longrightarrow> (\<forall>ys. Bs \<longrightarrow> pred ss)\<^isup>* \<longrightarrow> pred ts"}
 text {*
 First we have to produce for each predicate its definitions of the form
 @{text [display] "pred \<equiv> \<lambda>zs. \<forall>preds. orules \<longrightarrow> pred zs"}
-We use the following wrapper function to make the definition via
+In order to make definitions, we use the following wrapper for
-@{ML LocalTheory.define}. The function takes a predicate name, a syntax
+@{ML LocalTheory.define}. The wrapper takes a predicate name, a syntax
 annotation and a term representing the right-hand side of the definition.
 *}
 ML %linenosgray{*fun make_defs ((predname, syn), trm) lthy =
 let
 in
 (thm, lthy')
 end*}
 text {*
-It returns the definition (as theorem) and the local theory in which this definition has
+It returns the definition (as a theorem) and the local theory in which this definition has
 been made. In Line 4 @{ML internalK in Thm} is just a flag attached to the
-theorem (others possibilities are @{ML definitionK in Thm} or @{ML axiomK in Thm}).
+theorem (others possibilities are @{ML definitionK in Thm} and @{ML axiomK in Thm}).
 These flags just classify theorems and have no significant meaning, except
-for tools such as finding theorems in the theorem database. We also
+for tools that, for example, find theorems in the theorem database. We also
 use @{ML empty_binding in Attrib} in Line 3, since the definition does
-not need any theorem attributes. Note the definition has not yet been
+not need to have any theorem attributes. A testcase for this function is
-stored in the theorem database. So at the moment we can only refer to it
-via the return value. A testcase for this functions is
 *}
 local_setup %gray {* fn lthy =>
 let
 val arg =  ((Binding.name "MyTrue", NoSyn), @{term True})
 in
 warning (str_of_thm lthy' def); lthy'
 end *}
 text {*
-which prints out the theorem @{prop "MyTrue \<equiv> True"}. Since we are
+which makes the difinition @{prop "MyTrue \<equiv> True"} and then prints it out.
-testing the function inside \isacommand{local\_setup} we have also
+Since we are testing the function inside \isacommand{local\_setup}, i.e.~make
-access to theorem associated with this definition.
+changes to the ambient theory, we can query the definition using the usual
+command \isacommand{thm}:
 \begin{isabelle}
 \isacommand{thm}~@{text "MyTrue_def"}\\
 @{text "> MyTrue \<equiv> True"}
 \end{isabelle}
-The next function constructs the term for the definition, namely
+The next two functions construct the terms we need for the definitions, namely
+terms of the form
 @{text [display] "\<lambda>\<^raw:$zs$>. \<forall>preds. orules \<longrightarrow> pred \<^raw:$zs$>"}
-The variables @{text "\<^raw:$zs$>"} need to be chosen so to not occur
+The variables @{text "\<^raw:$zs$>"} need to be chosen so that they do not occur
-in the @{text orules} and also be distinct from @{text "pred"}. The function
+in the @{text orules} and also be distinct from @{text "preds"}.
-constructs the term for one particular predicate @{text "pred"}; the number
-of @{text "\<^raw:$zs$>"} is determined by the nunber of types.
+The first function constructs the term for one particular predicate @{text
+"pred"}; the number of arguments @{text "\<^raw:$zs$>"} of this predicate is
+determined by the number of argument types of @{text "arg_tys"}.
 *}
 ML %linenosgray{*fun defs_aux lthy orules preds (pred, arg_tys) =
 let
 fun mk_all x P = HOLogic.all_const (fastype_of x) $ lambda x P
 |> fold_rev mk_all preds
 |> fold_rev lambda fresh_args
 end*}
 text {*
-The code in Lines 5 to 9 produce the fresh @{text "\<^raw:$zs$>"} with which the
+The code in Lines 5 to 9 produce the fresh @{text "\<^raw:$zs$>"}. For this
-predicate is applied. For this it pairs every type with a string @{text [quotes] "z"}
+it pairs every argument type with the string @{text [quotes] "z"} (Line 7);
-(Line 7); then generates variants for all these strings (names) so that they are
+then generates variants for all these strings so that they are unique
-unique w.r.t.~to the orules and predicates; in Line 9 it generates the corresponding
+w.r.t.~to the @{text "orules"} and the predicates; in Line 9 it generates the
-variable terms for the unique names.
+corresponding variable terms for the unique strings.
-The unique free variables are applied to the predicate (Line 11); then
+The unique free variables are applied to the predicate (Line 11) using the
-the @{text orules} are prefixed (Line 12); in Line 13 we
+function @{ML list_comb}; then the @{text orules} are prefixed (Line 12); in
-quantify over all predicates; and in line 14 we just abstract over all
+Line 13 we quantify over all predicates; and in line 14 we just abstract
-the (fresh)  @{text "\<^raw:$zs$>"}, i.e.~the arguments of the predicate.
+over all the @{text "\<^raw:$zs$>"}, i.e.~the fresh arguments of the
+predicate.
 A testcase for this function is
 *}
 local_setup %gray{* fn lthy =>
 in
 warning (Syntax.string_of_term lthy def); lthy
 end *}
 text {*
-It constructs the term for the predicate @{term "even"}. So we obtain as printout
+It constructs the left-hand side for the definition of @{term "even"}. So we obtain
-the term
+as printout the term
 @{text [display]
 "\<lambda>z. \<forall>even odd. (even 0) \<longrightarrow> (\<forall>n. odd n \<longrightarrow> even (Suc n))
 \<longrightarrow> (\<forall>n. even n \<longrightarrow> odd (Suc n)) \<longrightarrow> even z"}
 The main function for the definitions now has to just iterate
-the function @{ML defs_aux} over all predicates. THis is what the
+the function @{ML defs_aux} over all predicates.
-next function does.
 *}
 ML %linenosgray{*fun definitions rules preds prednames syns arg_typss lthy =
 let
 val thy = ProofContext.theory_of lthy
 in
 fold_map make_defs (prednames ~~ syns ~~ defs) lthy
 end*}
 text {*
-The argument @{text "preds"} is the list of predicates as @{ML_type term}s;
+The argument @{text "preds"} is again the the list of predicates as
+@{ML_type term}s;
 the argument @{text "prednames"} is the list of names of the predicates;
-@{text "arg_tyss"} is the list of argument-type-lists.
+@{text "arg_tyss"} is the list of argument-type-lists for each predicate.
-In line 4 we generate the intro rules in the object logic; for this we have to
+The user give the introduction rules using meta-implications and meta-quantifications.
-obtain the theory behind the local theory (Line 3); with this we can
+In line 4 we transform the introduction rules into the object logic (definitions
-call @{ML defs_aux} to generate the terms for the left-hand sides.
+cannot use them). To do the transformation we have to
-The actual definitions are made in Line 7.
+obtain the theory behind the local theory (Line 3); with this theory
+we can use the function @{ML ObjectLogic.atomize_term} to make the
+transformation (Line 4). The call to @{ML defs_aux} in Line 5 produces all
+left-hand sides of the definitions. The actual definitions are then made in Line 7.
+As the result we obtain a list of theorems and a local theory.
 A testcase for this function is
 *}
 local_setup %gray {* fn lthy =>
 val prednames = [Binding.name "even", Binding.name "odd"]
 val syns = [NoSyn, NoSyn]
 val arg_tyss = [[@{typ "nat"}], [@{typ "nat"}]]
 val (defs, lthy') = definitions rules preds prednames syns arg_tyss lthy
 in
-warning (str_of_thms lthy' defs); lthy
+warning (str_of_thms lthy' defs); lthy'
 end *}
 text {*
-It prints out the two definitions
+\begin{isabelle}
+\isacommand{thm}~@{text "even_def odd_def"}\\
-@{text [display]
+@{text [break]
-"even \<equiv> \<lambda>z. \<forall>even odd. (even 0) \<longrightarrow> (\<forall>n. odd n \<longrightarrow> even (Suc n))
+"> even \<equiv> \<lambda>z. \<forall>even odd. (even 0) \<longrightarrow> (\<forall>n. odd n \<longrightarrow> even (Suc n))
-\<longrightarrow> (\<forall>n. even n \<longrightarrow> odd (Suc n)) \<longrightarrow> even z,
+>                                 \<longrightarrow> (\<forall>n. even n \<longrightarrow> odd (Suc n)) \<longrightarrow> even z,
-odd \<equiv> \<lambda>z. \<forall>even odd. (even 0) \<longrightarrow> (\<forall>n. odd n \<longrightarrow> even (Suc n))
+> odd \<equiv> \<lambda>z. \<forall>even odd. (even 0) \<longrightarrow> (\<forall>n. odd n \<longrightarrow> even (Suc n))
-\<longrightarrow> (\<forall>n. even n \<longrightarrow> odd (Suc n)) \<longrightarrow> odd z"}
+>                                 \<longrightarrow> (\<forall>n. even n \<longrightarrow> odd (Suc n)) \<longrightarrow> odd z"}
+\end{isabelle}
 This completes the code concerning the definitions. Next comes the code for
 the induction principles.
-Recall the proof for the induction principle for @{term "even"}:
+Let us now turn to the induction principles. Recall that the proof of the
+induction principle for @{term "even"} was:
 *}
 lemma
 assumes prems: "even n"
-shows "P 0 \<Longrightarrow>
+shows "P 0 \<Longrightarrow> (\<And>m. Q m \<Longrightarrow> P (Suc m)) \<Longrightarrow> (\<And>m. P m \<Longrightarrow> Q (Suc m)) \<Longrightarrow> P n"
-(\<And>m. Q m \<Longrightarrow> P (Suc m)) \<Longrightarrow> (\<And>m. P m \<Longrightarrow> Q (Suc m)) \<Longrightarrow> P n"
 apply(atomize (full))
 apply(cut_tac prems)
 apply(unfold even_def)
 apply(drule spec[where x=P])
 apply(drule spec[where x=Q])
 apply(assumption)
 done
 text {*
-To automate this proof we need to be able to instantiate universal
+We have to implement code that constructs the induction principle and then
-quantifiers. For this we use the following helper function. It
+a tactic that automatically proves it.
-instantiates the @{text "?x"} in @{thm spec} with a @{ML_type cterm}.
+The tactic will use the following helper function for instantiating universal
+quantifiers. This function instantiates the @{text "?x"} in the theorem
+@{thm spec} with a given @{ML_type cterm}.
 *}
 ML{*fun inst_spec ctrm =
 Drule.instantiate' [SOME (ctyp_of_term ctrm)] [NONE, SOME ctrm] @{thm spec}*}
 text {*
-For example we can use it to instantiate an assumption:
+For example we can use it in the following proof to instantiate the
-*}
+three quantifiers in the assumption. We use the tactic
+*}
+ML{*fun inst_spec_tac ctrms =
+EVERY' (map (dtac o inst_spec) ctrms)*}
+text {*
+and then apply use it with the @{ML_type cterm}s @{text "y1\<dots>y3"}.
+*}
 lemma "\<forall>(x1::nat) (x2::nat) (x3::nat). P x1 x2 x3 \<Longrightarrow> True"
 apply (tactic {*
-let
+inst_spec_tac  [@{cterm "y1::nat"},@{cterm "y2::nat"},@{cterm "y3::nat"}] 1 *})
-val ctrms = [@{cterm "y1::nat"},@{cterm "y2::nat"},@{cterm "y3::nat"}]
-in
-EVERY1 (map (dtac o inst_spec) ctrms)
-end *})
 txt {*
-where it produces the goal state
+We obtain the goal state
 \begin{minipage}{\textwidth}
 @{subgoals}
 \end{minipage}*}
 (*<*)oops(*>*)
 text {*
-Now the tactic for proving the induction rules can be implemented
+Now the complete tactic for proving the induction principles can
-as follows
+be implemented as follows:
 *}
 ML %linenosgray{*fun induction_tac defs prems insts =
 EVERY1 [ObjectLogic.full_atomize_tac,
 cut_facts_tac prems,
 K (rewrite_goals_tac defs),
-EVERY' (map (dtac o inst_spec) insts),
+inst_spec_tac insts,
 assume_tac]*}
 text {*
 We only have to give it as arguments the premises and the instantiations.
 A testcase for the tactic is
 *}
+ML{*fun test_tac prems =
+let
+val defs = [@{thm even_def}, @{thm odd_def}]
+val insts = [@{cterm "P::nat\<Rightarrow>bool"}, @{cterm "Q::nat\<Rightarrow>bool"}]
+in
+induction_tac defs prems insts
+end*}
+text {*
+which indeed proves the induction principle.
+*}
 lemma
 assumes prems: "even n"
-shows "P 0 \<Longrightarrow>
+shows "P 0 \<Longrightarrow> (\<And>m. Q m \<Longrightarrow> P (Suc m)) \<Longrightarrow> (\<And>m. P m \<Longrightarrow> Q (Suc m)) \<Longrightarrow> P n"
-(\<And>m. Q m \<Longrightarrow> P (Suc m)) \<Longrightarrow> (\<And>m. P m \<Longrightarrow> Q (Suc m)) \<Longrightarrow> P n"
+apply(tactic {* test_tac @{thms prems} *})
-apply(tactic {*
-let
-val defs = [@{thm even_def}, @{thm odd_def}]
-val insts = [@{cterm "P::nat\<Rightarrow>bool"}, @{cterm "Q::nat\<Rightarrow>bool"}]
-in
-induction_tac defs @{thms prems} insts
-end *})
 done
+text {*
-text {*
-which indeed proves the lemma.
 While the generic proof for the induction principle is relatively simple,
-it is a bit harder to set up the goals just from the given introduction
+it is a bit harder to construct the goals from just the introduction
-rules. For this we have to construct for each predicate @{text "pred"}
+rules the user states. In general we have to construct for each predicate
+@{text "pred"} a goal of the form
 @{text [display]
 "\<And>\<^raw:$zs$>. pred \<^raw:$zs$> \<Longrightarrow> rules[preds := \<^raw:$Ps$>] \<Longrightarrow> \<^raw:$P$>\<^raw:$zs$>"}
-where the given predicates @{text preds} are replaced by new distinct
+where the given predicates @{text preds} are replaced in the introduction
-ones written as @{text "\<^raw:$Ps$>"}, and also need to be applied to
+rule @{text "rules"} by new distinct variables written as @{text "\<^raw:$Ps$>"}.
-new variables @{text "\<^raw:$zs$>"}.
+We also need to generate fresh arguments for the predicate @{text "pred"} and
+the @{text "\<^raw:$P$>"} in the conclusion of the induction principle.
 The function below expects that the rules are already appropriately
-replaced. The argument @{text "mrules"} stands for these modified
+substitued. The argument @{text "srules"} stands for these substituted
 introduction rules; @{text cnewpreds} are the certified terms coresponding
 to the variables @{text "\<^raw:$Ps$>"}; @{text "pred"} is the predicate for
 which we prove the introduction principle; @{text "newpred"} is its
-replacement and @{text "tys"} are the types of its argument.
+replacement and @{text "tys"} are the argument types of this predicate.
 *}
-ML %linenosgray{* fun prove_induction lthy defs mrules cnewpreds ((pred, newpred), tys)  =
+ML %linenosgray{*fun prove_induction lthy defs srules cnewpreds ((pred, newpred), tys)  =
 let
 val zs = replicate (length tys) "z"
 val (newargnames, lthy') = Variable.variant_fixes zs lthy;
 val newargs = map Free (newargnames ~~ tys)
 val prem = HOLogic.mk_Trueprop (list_comb (pred, newargs))
 val goal = Logic.list_implies
-(mrules, HOLogic.mk_Trueprop (list_comb (newpred, newargs)))
+(srules, HOLogic.mk_Trueprop (list_comb (newpred, newargs)))
 in
 Goal.prove lthy' [] [prem] goal
 (fn {prems, ...} => induction_tac defs prems cnewpreds)
 |> singleton (ProofContext.export lthy' lthy)
 end *}
 text {*
-In Line 3 we produce a list of names @{text "\<^raw:$zs$>"} according to the type
+In Line 3 we produce a name @{text "\<^raw:$zs$>"} for each type in the
-list. Line 4 makes these names unique and declare them as \emph{free} (but fixed)
+argument type list. Line 4 makes these names unique and declares them as
-variables. These variables are free in the new theory @{text "lthy'"}. In Line 5
+\emph{free} (but fixed) variables in the local theory @{text "lthy'"}. In
-we just construct the terms corresponding to the variables. The term variables are
+Line 5 we just construct the terms corresponding to these variables.
-applied to the predicate in Line 7 (this is the first premise
+The term variables are applied to the predicate in Line 7 (this corresponds
-@{text "pred \<^raw:$zs$>"} of the induction principle). In Line 8 and 9
+to the first premise @{text "pred \<^raw:$zs$>"} of the induction principle).
-we first the term  @{text "\<^raw:$P$>\<^raw:$zs$>"} and then add
+In Line 8 and 9, we first construct the term  @{text "\<^raw:$P$>\<^raw:$zs$>"}
-the (modified) introduction rules as premises.
+and then add the (modified) introduction rules as premises. In case that
+no introduction rules are given, the conclusion of this implications needs
-In Line 11 we set up the goal to be proved; call the induction tactic in
+to be wrapped inside a @{term Trueprop}, otherwise the Isabelle's goal
-Line 13. This returns a theorem. However, it is a theorem proved inside
+mechanism will fail.
-the local theory @{text "lthy'"} where the variables @{text "\<^raw:$zs$>"} are
-fixed, but free. By exporting this theorem from @{text "lthy'"} (which does contain
+In Line 11 we set up the goal to be proved; then call the tactic for proving the
-the  @{text "\<^raw:$zs$>"} as free) to @{text "lthy"} (which does not), we
+induction principle. This tactic expects the (certified) predicates with which
-obtain the desired quantifications @{text "\<And>\<^raw:$zs$>"}.
+the introduction rules have been substituted. This will return a theorem.
+However, it is a theorem proved inside the local theory @{text "lthy'"} where
-So it is left to produce the modified rules and
+the variables @{text "\<^raw:$zs$>"} are fixed, but free. By exporting this
-*}
+theorem from @{text "lthy'"} (which contains the  @{text "\<^raw:$zs$>"}
+as free) to @{text "lthy"} (which does not), we obtain the desired quantifications
-ML %linenosgray{*fun inductions rules defs preds tyss lthy1  =
+@{text "\<And>\<^raw:$zs$>"}.
+Now it is left to produce the new predicated with which the introduction
+rules are substituted.
+*}
+ML %linenosgray{*fun inductions rules defs preds tyss lthy  =
 let
 val Ps = replicate (length preds) "P"
-val (newprednames, lthy2) = Variable.variant_fixes Ps lthy1
+val (newprednames, lthy') = Variable.variant_fixes Ps lthy
-val thy = ProofContext.theory_of lthy2
+val thy = ProofContext.theory_of lthy'
 val tyss' = map (fn tys => tys ---> HOLogic.boolT) tyss
 val newpreds = map Free (newprednames ~~ tyss')
 val cnewpreds = map (cterm_of thy) newpreds
 val rules' = map (subst_free (preds ~~ newpreds)) rules
 in
-map (prove_induction lthy2 defs rules' cnewpreds)
+map (prove_induction lthy' defs rules' cnewpreds)
 (preds ~~ newpreds ~~ tyss)
-|> ProofContext.export lthy2 lthy1
+|> ProofContext.export lthy' lthy
 end*}
 ML {*
 let
 val rules = [@{prop "even (0::nat)"},
 Attrib.internal (K (Induct.induct_pred ""))]), [([th], [])]))
 (pred_specs ~~ ind_rules)) #>> maps snd)
 |> snd
 end*}
-ML{*fun read_specification' vars specs lthy =
-let
-val specs' = map (fn (a, s) => (a, [s])) specs
-val ((varst, specst), _) =
-Specification.read_specification vars specs' lthy
-val specst' = map (apsnd the_single) specst
-in
-(varst, specst')
-end*}
 ML{*fun add_inductive pred_specs rule_specs lthy =
 let
-val (pred_specs', rule_specs') =
+val ((pred_specs', rule_specs'), _) =
-read_specification' pred_specs rule_specs lthy
+Specification.read_spec pred_specs rule_specs lthy
 in
 add_inductive_i pred_specs' rule_specs' lthy
 end*}
 ML{*val spec_parser =

changeset 183	8bb4eaa2ec92
parent 180	9c25418db6f0
child 184	c7f04a008c9c