The Isabelle Reference Manual

rule v x thm maps the premise a ≡ b to the conclusion (λx . a) ≡ (λx . b), abstracting over all occurrences (if any!) of x . Parameter x is supplied as a cterm. It may be an unknown or a free variable (provided it does not occur in the assumptions). In the conclusion, the bound variable is named v . combination thm1 thm2 maps the premises f ≡ g and a ≡ b to the conclusion f (a) ≡ g(b). 5.2.6 Forall introduction rules forall_intr : cterm -> thm -> thm forall_intr_list : cterm list -> thm -> thm forall_intr_frees : thm -> thm forall_intr x thm applies ( ∧ I ), abstracting over all occurrences (if any!) of x . The rule maps the premise φ to the conclusion ∧ x . φ. Parameter x is supplied as a cterm. It may be an unknown or a free variable (provided it does not occur in the assumptions). forall_intr_list xs thm applies ( ∧ I ) repeatedly, on every element of the list xs . forall_intr_frees thm applies ( ∧ I ) repeatedly, generalizing over all the free variables of the premise. CHAPTER 5. THEOREMS AND FORWARD PROOF 46 5.2.7 Forall elimination rules forall_elim : cterm -> thm -> thm forall_elim_list : cterm list -> thm -> thm forall_elim_var : int -> thm -> thm forall_elim_vars : int -> thm -> thm forall_elim ct thm applies ( ∧ E ), mapping the premise ∧ x .φ to the conclusion φ[ct/x ]. The rule checks that ct and x have the same type. forall_elim_list cts thm applies ( ∧ E ) repeatedly, on every element of the list cts . forall_elim_var k thm applies ( ∧ E ), mapping the premise ∧ x . φ to the conclusion φ[?xk/x ]. Thus, it replaces the outermost ∧ -bound variable by an unknown having subscript k . forall_elim_vars ks thm applies forall_elim_var repeatedly, for every element of the list ks . 5.2.8 Instantiation of unknowns instantiate: (indexname * ctyp) list * (cterm * cterm)list -> thm -> thm instantiate (tyinsts, insts) thm simultaneously substitutes types for type unknowns (the tyinsts) and terms for term unknowns (the insts). Instantiations are given as (v , t) pairs, where v is an unknown and t is a term (of the same type as v) or a type (of the same sort as v). All the unknowns must be distinct. The rule normalizes its conclusion. Note that instantiate’ (see §5.1.4) provides a more convenient interface to this rule. 5.2.9 Freezing/thawing type unknowns freezeT: thm -> thm varifyT: thm -> thm freezeT thm converts all the type unknowns in thm to free type variables. varifyT thm converts all the free type variables in thm to type unknowns. 5.3 Derived rules for goal-directed proof Most of these rules have the sole purpose of implementing particular tactics. There are few occasions for applying them directly to a theorem. CHAPTER 5. THEOREMS AND FORWARD PROOF 47 5.3.1 Proof by assumption assumption : int -> thm -> thm Seq.seq eq_assumption : int -> thm -> thm assumption i thm attempts to solve premise i of thm by assumption. eq_assumption is like assumption but does not use unification. 5.3.2 Resolution biresolution : bool -> (bool*thm)list -> int -> thm -> thm Seq.seq biresolution match rules i state performs bi-resolution on subgoal i of state, using the list of (flag , rule) pairs. For each pair, it applies resolution if the flag is false and elim-resolution if the flag is true. If match is true, the state is not instantiated. 5.3.3 Composition: resolution without lifting compose : thm * int * thm -> thm list COMP : thm * thm -> thm bicompose : bool -> bool * thm * int -> int -> thm -> thm Seq.seq In forward proof, a typical use of composition is to regard an assertion of the form φ =⇒ ψ as atomic. Schematic variables are not renamed, so beware of clashes! compose (thm1, i, thm2) uses thm1, regarded as an atomic formula, to solve premise i of thm2. Let thm1 and thm2 be ψ and [[φ1; . . . ;φn ]] =⇒ φ. For each s that unifies ψ and φi , the result list contains the theorem ([[φ1; . . . ;φi−1;φi+1; . . . ;φn ]] =⇒ φ)s . thm1 COMP thm2 calls compose (thm1, 1, thm2) and returns the result, if unique; otherwise, it raises exception THM. It is analogous to RS. For example, suppose that thm1 is a = b =⇒ b = a, a symmetry rule, and that thm2 is [[P =⇒ Q ;¬Q ]] =⇒ ¬P , which is the principle of contrapositives. Then the result would be the derived rule ¬(b = a) =⇒ ¬(a = b). bicompose match (flag, rule, m) i state refines subgoal i of state using rule, without lifting. The rule is taken to have the form [[ψ1; . . . ;ψm ]] =⇒ ψ, where ψ need not be atomic; thusm determines the number of new subgoals. If flag is true then it performs elim-resolution — it solves the first premise of rule by assumption and deletes that assumption. If match is true, the state is not instantiated. CHAPTER 5. THEOREMS AND FORWARD PROOF 48 5.3.4 Other meta-rules trivial : cterm -> thm lift_rule : (thm * int) -> thm -> thm rename_params_rule : string list * int -> thm -> thm flexflex_rule : thm -> thm Seq.seq trivial ct makes the theorem φ =⇒ φ, where φ is the value of ct . This is the initial state for a goal-directed proof of φ. The rule checks that ct has type prop. lift_rule (state, i) rule prepares rule for resolution by lifting it over the parameters and assumptions of subgoal i of state. rename_params_rule (names, i) thm uses the names to rename the parameters of premise i of thm. The names must be distinct. If there are fewer names than parameters, then the rule renames the innermost parameters and may modify the remaining ones to ensure that all the parameters are distinct. flexflex_rule thm removes all flex-flex pairs from thm using the trivial unifier.