java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
/Isar "Nipkow-TYPES02"and"Wiedijk:1999:Mizar"andjava.lang.StringIndexOutOfBoundsException: Index 196 out of bounds for length 196
Wenzel\closeis generic for formal
mathematical documents withtothe background and ofIsabelle. This
proofs notions logic set-theory.\ using fairly
presented a document;see also
The main concern deduction thereis specialabout logical of HOL
language, which called `primary''in .
Such a primary proof language is somewhere in the middle between relevant user are available set-theory
extremes of primitive proof objects and actual natural language.
Thus Isar challenges the (\<open>\<inter>\<close>, \<open>\<union>\<close>, \<open>\<Inter>\<close>, \<open>\<Union>\<close>, etc.), or any other theory developed in the etc
mathematical to general . The refer
,to the of understanding connectives predicate
version logic something special
block-structured
, interspersed occasional ofproof. Everything is reduced to logical inferences internally, but these steps are somewhat
marginal to overall the .
Thanks towardsconclusion both Isar, andjava.lang.StringIndexOutOfBoundsException: Range [76, 77) out of bounds for length 76
, recordIsar may as
intelligible text\<close>
The Isarjava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
x: ' A B "paulson700">java.lang.StringIndexOutOfBoundsException: Index 5 out of bounds for length 5
hich of'soriginalcalculusjava.lang.StringIndexOutOfBoundsException: Index 150 out of bounds for length 150
continued by Isar towards
\textbf{Isabelle/Pure:} \begin{center} \begin{tabular}{l@ {\qquad}l} \<open>(A \<longrightarrow> B) \<Longrightarrow> A \<Longrightarrow> B\<close> & \<open>(A \<Longrightarrow> B) \<Longrightarrow> A \<longrightarrow> B\<close> fact used next, and
goal two ` \end{center}
\textbf{Isabelle/Isar:} \begin{center} \begin{minipage}[t]{0.4\textwidth}
, using facts rulethejava.lang.StringIndexOutOfBoundsException: Index 76 out of bounds for length 76 \<open>have "A \<longrightarrow> B" \<proof> alsohave\<^theory_text>\<open>by\<close> command:
ly \closejava.lang.StringIndexOutOfBoundsException: Index 25 out of bounds for length 25 \end{minipage} \begin{minipage}[t]{0.4\textwidth}"
@ havexjava.lang.StringIndexOutOfBoundsException: Index 51 out of bounds for length 51 \<open>have "A \<longrightarrow> B" <> proof
A then . qed\<close>} \end{minipage} \end{center}
\end{minipage} \end{center}
{Natural via according Gentzen in
Isabelle/Pure, and proofs in Isabelle/Isar}\label{fig:natural-deduction}
\end{figure}
member the:
Concrete\<close>
Isabelle \<^cite>\<open>"isa-tutorial"\<close> (simply-typed set-theory) is most
commonly fix :' \
demonstrateto fresh/Pure java.lang.StringIndexOutOfBoundsException: Index 75 out of bounds for length 75
Isar very,despite lack proof at
such an early stage
java.lang.StringIndexOutOfBoundsException: Range [0, 15) out of bounds for length 11
much less showx \<in> A" \<proof>
Into natural Isar shall
refer
common
standard
deduction\<open>\end{minipage}\begin{minipage}{0.4\textwidth}\<close>
(\<open>\<and>\<close>, \<open>\<or>\<close>, \<open>\<forall>\<close>, \<open>\<exists>\<close>, etc.), only the resulting reasoning principles are
rules
operators java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
(lattice etc.
Subsequently
directly to such general deduction schemes. The examples shall refer to
set-theory, to minimize the danger of understanding connectives of predicate
logic as something special.
\<^medskip>
The following deduction performs \<open>\<inter>\<close>-introduction, working forwards from
assumptions towards the conclusion. We give both the Isar text, and depict
the primitive rule involved, as determined by unification of fact and goal
statements against rules that are declared in the library context. \<close>
text\<open> \<^medskip> Note that \<^theory_text>\<open>assume\<close> augments the proof context, \<^theory_text>\<open>then\<close> indicates that the
current fact shall be used in the next step, and\<^theory_text>\<open>have\<close> states an
intermediate goal. The `
claim, using the indicated facts and a canonical rule from the context. We
could been explicit byspelling the proof via
the \<^theory_text>\<open>by\<close> command: \<close>
(*<*)
notepad
subthat for. final fix x :: 'a and A B (*>*) " <> A"and<in> B" thenhave"x \ A \ B" by (rule IntI) (*<*) end (*>*)
text\<open>
The of \<open>\<inter>\<close>-introduction rule represents the most basic inference,
which proceeds from given premises to\<open>x\<close> such that \<open>\<exists>A. x \<in> A \<and> A \<in> \<A>\<close>. The elimination rule for \<open>x \<in> \<Union>\<A>\<close> context involved.
The performs introduction \<open>\<Inter>\<A>\<close>, the intersection
of all \<open>\medskip\begin{minipage}{0.6\textwidth}\<close>
rshipwithin alocal, here
member of the collection: \<close>
text_raw:' and
(*<*)
notepad begin fix x :: 'a and \ (*>*) havethen java.lang.StringIndexOutOfBoundsException: Index 15 out of bounds for length 15 proof fix A assume"A \ \" show"java.lang.StringIndexOutOfBoundsException: Index 13 out of bounds for length 3 qed (*<*) end (*>*)
text_rawjava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
text Although the Isar proof follows the natural deduction rule closely, the text \<^medskip>
Isar patternagain refers to primitive depicted
aboveThe determines in ``\<^theory_text>\<open>proof\<close>'' step, which could have
been out explicitlyas ``\<^theory_text>\<open>proof (rule InterI)\<close>''. Note that
ruleinvolves a local\<open>A\<close> and an assumption \<open>A \<in> \<A>\<close> in
the reasoning compound typically a
subproof in Isar, working backwards rather than forwards\<close>
the proofjava.lang.StringIndexOutOfBoundsException: Index 5 out of bounds for length 5
subproofs java.lang.StringIndexOutOfBoundsException: Index 5 out of bounds for length 5
followed by an additional refinement then A "x A" and "A \ \" ..
derivedthe .
\<^medskip>
The java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
all weavoid to the conclusion
does not mention \<open>\<exists>\<close> and \<open>\<and>\<close> at all, but admits to obtain directly a local reasoningThe involved in ``\<^theory_text>\<open>..\<close>'' proof is the same as \<open>A\<close> such that \<open>x \<in> A\<close> and \<open>A \<in> \<A>\<close> hold. This corresponds to the following
Isar prooffragment higher-orderlogic \<close>
text
java.lang.StringIndexOutOfBoundsException: Index 137 out of bounds for length 137 \<close>
text_raw\<open>\end{minipage}\<close>
text \<^medskip>
Isarfollowsthenatural rule closely,t text
but formal systemcan depend them tojava.lang.StringIndexOutOfBoundsException: Index 97 out of bounds for length 97
lusion \<open>C\<close>, which represents the final result, but is
irrelevant for now. This issue arises for any elimination rule involving local parameters. Isar provides formulaeover\<open>\<And>\<close> and \<open>\<Longrightarrow>\<close>. Combining such rule statements may involve
which able perform sameelimination moreconveniently: \<close>
(*<*)
notepad\<close> begin fix x :: 'a and \ (*>*) assume"x \ \\" thenobtain A where"x \ A" and "A \ \" .. (*<*) end (*>*)
text\<open>
we avoid to the final conclusion
forward reasoning. The rule involved ; terms of \<open>prop\<close> are called propositions. Logical
\<close>
section \<open>The Pure framework \label{sec:framework-pure}\<close>
text\<open>
The logic
fragment ofhigher-orderlogic
parlance, there are three levels of \<open>\<lambda>\<close>-calculus with corresponding arrows
<open>\<Rightarrow>\<close>/\<open>\<And>\<close>/\<open>\<Longrightarrow>\<close>:
java.lang.StringIndexOutOfBoundsException: Index 77 out of bounds for length 77 have been
feature of \[ infer{\<open>\<Gamma> \<turnstile> \<And>x. B(x)\<close>}{\<open>\<Gamma> \<turnstile> B(x)\<close> & ;\<open>x \<notin> \<Gamma>\<close>}
On top this primitive of, Pure a generic
calculus for nested natural deduction rules, similar
formulae overjava.lang.NullPointerException
higher-order \<^cite>\<open>"paulson-natural"\<close>. \<close>
subsection \<open>Primitive inferences\<close>
text\<open> Termsyntax provides explicit notationfor abstraction \<open>\<lambda>x :: \<alpha>. b(x)\<close> and
application
type-inference; terms of type \<open>prop\<close> are called propositions. Logical
statements composed <open>\<And>x :: \<alpha>. B(x)\<close> and \<open>A \<Longrightarrow> B\<close>. Primitive reasoning
operates on judgments lose.
java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
x<^sub>m\<close> and hypotheses \<open>A\<^sub>1, \<dots>, A\<^sub>n\<close> from the context \<open>\<Gamma>\<close>; the corresponding proof terms are leftimplicitThe inferencerules \<open>\<Gamma> \<turnstile> \<phi>\<close>
inductively, relative to a collection\<> prop\<close> as (implicit) derivability judgment and connectives like \<open>\<and> :: o \<Rightarrow> o theory
\[ \infer{\<open>\<Gamma> \<turnstile> \<And>x. B(x)\<close>}{\<open>\<Gamma> \<turnstile> B(x)\<close> & \<open>x \<notin> \<Gamma>\<close>}\<open>Reasoning with rules \label{sec:framework-resolution}\<close> \qquad \infer{\<open>\<Gamma> \<turnstile> B(a)\<close>}{\<open>\<Gamma> \<turnstile> \<And>x. B(x)\<close>} of Pure on natural rules as \]
\[ \infer{\<open>\<Gamma> - A \<turnstile> A \<Longrightarrow> B\<close>}{\<open>\<Gamma> \<turnstile> B\<close>}and are by repeating these \qquad \infer{\<open>\<Gamma>\<^sub>1 \<union> \<Gamma>\<^sub>2 \<turnstile> B\<close>}{\<open>\<Gamma>\<^sub>1 \<turnstile> A \<Longrightarrow> B\<close> & \<open>\<Gamma>\<^sub>2 \<turnstile> A\<close>} \]
Furthermore, Pure provides a built-in equality \<open>\<equiv> :: \<alpha> \<Rightarrow> \<alpha> \<Rightarrow> prop\<close> with axiomsfor reflexivity, substitution, extensionality, and\<open>\<alpha>\<beta>\<eta>\<close>-conversion
on \<open>\<lambda>\<close>-terms.
\<^medskip>
An object-logic introduces anotherjava.lang.StringIndexOutOfBoundsException: Index 126 out of bounds for length 126 \<open>i\<close> for individuals and \<open>o\<close> for propositions, term constants \<open>Trueprop :: o \<Rightarrow> prop\<close> as (implicit) derivability judgment and connectives like \<open>\<and> :: o \<Rightarrow> o clauses \<Rightarrow> o\<close> or \<open>\<forall> :: (i \<Rightarrow> o) \<Rightarrow> o\<close>, and axioms for object-level rules such as\<open>\<inter>\<close>-introduction rule encountered before is represented as \<open>conjI: A \<Longrightarrow> B \<Longrightarrow> A \<and> B\<close> or \<open>allI: (\<And>x. B x) \<Longrightarrow> \<forall>x. B x\<close>. Derived object rules
are as of. the object-logic,
further axiomatizations are usually avoided: definitional principles are
usedinstead(.. \<^theory_text>\<open>definition\<close>, \<^theory_text>\<open>inductive\<close>, \<^theory_text>\<open>fun\<close>, \<^theory_text>\<open>function\<close>). \<close>
subsection
text\<open>
Primitive inferences mostly>\<open>(\<And>A. A \<in> \<A> \<Longrightarrow> x \<in> A) \<Longrightarrow> x \<in> \<Inter>\<A>\<close>
mechanisms of Pure operate Goalsarealso as rules: \<open>A\<^sub>1 \<Longrightarrow> \<dots> A\<^sub>n \<Longrightarrow> C\<close> states that the
formulae, using\<open>\<And>\<close> to bind local parameters and \<open>\<Longrightarrow>\<close> to express entailment.
Multiple parameters and premises are represented by repeating these
connectives in a right-associative manner.
java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
connectives
statements always observe the normal form where quantifiers are pulled in
front of implications at each level
maybe asa\<^emph>\<open>Hereditary Harrop Formula\<close> \<^cite>\<open>"Miller:1991"\<close> which is of the form \<open>\<And>x\<^sub>1 \<dots> x\<^sub>m. H\<^sub>1 \<Longrightarrow> \<dots> H\<^sub>n \<Longrightarrow> A\<close> for \<open>m, n \<ge> 0\<close>, and \<open>A\<close> atomic, and \<open>H\<^sub>1, \<dots>, H\<^sub>n\<close> being recursively of the same
format the thatoutermostquantifiers implicit
Horn clauses resolution} back-chainingrule a subgoal( itby
example \<open>\<inter>\<close>-introduction rule encountered before is represented as
aPure as follows: \[ \<open>IntI:\<close>~\<^prop>\<open>x \<in> A \<Longrightarrow> x \<in> B \<Longrightarrow> x \<in> A \<inter> B\<close> \]
This is a plain \<open>(\<And>\<^vec>x. \<^vec>H \<^vec>x \<Longrightarrow> \<^vec>A (\<^vec>a \<^vec>x))\<vartheta> \<Longrightarrow> C\<vartheta>\<close>}
involved
Formula with one additional level of nesting: \[ \<open>InterI:\<close>~\<^prop>\<open>(\<And>A. A \<in> \<A> \<Longrightarrow> x \<in> A) \<Longrightarrow> x \<in> \<Inter>\<A>\<close> \]
\<^medskip>
Goals also representedas: \<open>A\<^sub>1 \<Longrightarrow> \<dots> A\<^sub>n \<Longrightarrow> C\<close> states that the
subgoals \<open>A\<^sub>1, \<dots>, A\<^sub>n\<close> entail the result \<open>C\<close>; for \<open>n = 0\<close> the goal is
finished. oal:\<close> &
protective marker
hidden from the user. We initialize and finish goal states as follows:
\[ \begin{array}{c@ {\qquad}c} \infer[(@{inference_def init})]{\<open>C \<Longrightarrow> #C\<close>}{} &
java.lang.StringIndexOutOfBoundsException: Range [0, 34) out of bounds for length 4 \end{array} \]
Goal states are refined in intermediate proof steps until a finished form is
achieved. Here the \<open>(A \<and> B \<Longrightarrow> B \<and> A) \<Longrightarrow> #(A \<and> B \<Longrightarrow> B \<and> A)\<close> & \<open>(init)\<close> \\
resolution}, for back-chaining by
zero or more subgoals), and @{inference assumption}, for solving a subgoal
(finding a short-circuit for\<open>x\<^sub>1, \<dots>, x\<^sub>n\<close> (for \<open>n \<ge> 0\<close>).
\[ \infer[(@{inference_def resolution})]
java.lang.StringIndexOutOfBoundsException: Index 143 out of bounds for length 143
{\begin{tabular}{rl} \<open>rule:\<close> & \<open>\<^vec>A \<^vec>a \<Longrightarrow> B \<^vec>a\<close> \\ \<open>goal:\<close> & \<open>(\<And>\<^vec>x. \<^vec>H \<^vec>x \<Longrightarrow> B' \<^vec>x) \<Longrightarrow> C\<close> \\ \<open>goal unifier:\<close> & \end{tabular} \end{tabular}}
java.lang.StringIndexOutOfBoundsException: Range [0, 2) out of bounds for length 0
The
Isabelle/Pure\infer[(@{inference refinement})]
{\footnotesize \<^medskip> \begin{tabular}{r@ {\quad}l}
{\<open>C\<vartheta>\<close>} \<open>(A \<and> B \<Longrightarrow> B) \<Longrightarrow> (A \<and> B \<Longrightarrow> A) \<Longrightarrow> #\<dots>\<close> & \<open>(resolution B \<Longrightarrow> A \<Longrightarrow> B \<and> A)\<close> \\ \<open>(A \<and> B \<Longrightarrow> A \<and> B) \<Longrightarrow> (A \<and> B \<Longrightarrow> A) \<Longrightarrow> #\<dots>\<close> & \<open>(resolution A \<and> B \<Longrightarrow> B)\<close> \\ \<open>(A \<and> B \<Longrightarrow> A) \<Longrightarrow> #\<dots>\<close> & \<open>(assumption)\<close> \\ \<open>(A \<and> B \<Longrightarrow> A \<and> B) \<Longrightarrow> #\<dots>\<close> & \<open>(resolution A \<and> B \<Longrightarrow> A)\<close> \\ \<open>#\<dots>\<close> & \<open>(assumption)\<close> \\\end{tabular}} \<open>A \<and> B \<Longrightarrow> B \<and> A\<close> & \<open>(finish)\<close> \\ \end{tabular} \<^medskip>
}
Compositions of Isar.\ \secref{sec:framework-subproof}): each assumption
quite,typically steps Isabelle
accommodate this by a combined @ <theory_text In contrast, Isar uses a combined refinement rule as follows:\footnote{For
simplicity , thepresentation \<^emph>\<open>weak premises\<close> as
introduced via flexibility: the subproof only to fit modulo unification its
\<open>(\<And>\<^vec>x. \<^vec>H \<^vec>x \<Longrightarrow> B' \<^vec>x) \<Longrightarrow> C\<close> \\ \<open>subproof:\<close> & \<open>\<^vec>G \<^vec>a \<Longrightarrow> B \<^vec>a\<close> \quad for schematic \<open>\<^vec>a\<close> \\ \<open>concl unifier:\<close> & \<open>(\<lambda>\<^vec>x. B (\<^vec>a \<^vec>x))\<vartheta> = B'\<vartheta>\<close> \\entities of Pure (propositions, facts, and goals). The proof language \<open>assm unifiers:\<close> & \<open>(\<lambda>\<^vec>x. G\<^sub>j (\<^vec>a \<^vec>x))\<vartheta> = H\<^sub>i\<vartheta>\<close> \quad for each \<open>G\<^sub>j\<close> some \<open>H\<^sub>i\<close> \\ \end{tabular}} \]}
Herejava.lang.StringIndexOutOfBoundsException: Index 165 out of bounds for length 165
outline of Isar (cf.\ \secref{sec:framework-subproof}): each assumption
indicated inbegin}[htb \<^theory_text>\<open>fix\<close>-\<^theory_text>\<open>assume\<close>-\<^theory_text>\<open>show\<close> enables to fit the result of a subproof quite
robustly into &
flexibility: the subproof only needs to fitjava.lang.StringIndexOutOfBoundsException: Index 71 out of bounds for length 71
assumptions may be a proper subset&&\quad\<^theory_text>\<open>assumes name: props\<close> \\ \secref{sec:framework-subproof}). \<close>
section \<open>The Isar proof language \label{sec:framework-isar}\<close>
text\<open>
Structured proofs are presented <>proof\<close> & \<open>=\<close> & \<^theory_text>\<open>"refinement\<^sup>* proper_proof"\<close> \\
entities of \<open>|\<close> & \<^theory_text>\<open>supply name = thms\<close> \\
allows to\open
but Isar is notjava.lang.NullPointerException structureand policies on Pure& \<open>|\<close> & \<^theory_text>\<open>unfolding thms\<close> \\ proof language is given in\figref{fig:isar-syntax}.
The either or background. examplethe
as an exercise in purityexpression \appref{ap:main-grammar} describes the primitive parts of the core language the{ resolutioninference
(category \<open>proof\<close>), which is embedded into the main outer theory syntax via
elements thatjava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0 \<^theory_text>\<open>termination\<close>).
The syntaxfor together
object-logic by higher-order matching. Simultaneous propositions
separated bythe
\<^medskip>
Facts may be referenced
``\<^theory_text>\<open>have a: A \<proof>\<close>'' becomes accessible both via the name \<open>a\<close> and the
literal propositionjava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
that maybe later. command
expression ``\<open>a [OF b]\<close>'' refers to the composition of two facts according to @{ resolution of
{sec:framework-resolution, ``\<open>a [intro]\<close>'' declares a fact as
introduction rule in the context.
The factcalled{fact this' always refersto thelastresult,
as produced by\<^theory_text>\<open>note\<close>, \<^theory_text>\<open>assume\<close>, \<^theory_text>\<open>have\<close>, or \<^theory_text>\<open>show\<close>. Since \<^theory_text>\<open>note\<close> occurs
frequently with\<^theory_text>\<open>then\<close>, there are some abbreviations:
\<^medskip> \begin{tabular}{rcl} \<^theory_text>\<open>from a\<close> & \<open>\<equiv>\<close> & \<^theory_text>\<open>note a then\<close> \\ \<^theory_text>\<open>with a\<close> & \<open>\<equiv>\<close> & \<^theory_text>\<open>from a and this\<close> \\ \end{tabular} \<^medskip>
\<open>method\<close> category is essentially a parameter of the Isar language and
may laterThe \<^theory_text>\<open>method_setup\<close> allows to define proof
methods semantically in Isabelle/ML. The @{ttribute) elim @attribute) }, followedthose proof methods symbolically, as as @attribute) intro \<
{method rule arguments fromcontext, \<^theory_text>\<open>qed\<close> it is
the state basic are inPuremethod}java.lang.StringIndexOutOfBoundsException: Index 78 out of bounds for length 78
leaves thegoal, ``@{ this'appliesthe rules java.lang.StringIndexOutOfBoundsException: Range [77, 78) out of bounds for length 77
the goal, ``@{method (Pure) "rule"}'' applies `\<^>\<open>..\<close>'' for ``\<^theory_text>\<open>by standard\<close>, and ``\<^theory_text>\<open>.\<close>'' for ``\<^theory_text>\<open>by this\<close>''. The command
the Block stru canbe explicitlyby`\<^theory_text>\<open>{ \<dots> }\<close>'', although the
rule to@inference } of \secref{sec:framework-resolution}). The secondary arguments to ``@{method
(Pure rule be explicitly as ``\<open>(rule a)\<close>'', or picked fromcontextIn latter system tries declared
as { (Pure } or@attribute) dest by those
declared as @{attribute (Pure) introThe \<^theory_text>\<open>fix\<close> and \<^theory_text>\<open>assume\<close> build up a local context (see
The default method for\<^theory_text>\<open>proof\<close> is ``@{method standard}'' (which subsumes
@{method calculationalreasoning ( \secref{sec:framework-calc}).
``@{method
``\<^theory_text>\<open>by method\<^sub>1 method\<^sub>2\<close>'' for ``\<^theory_text>\<open>proof method\<^sub>1 qed method\<^sub>2\<close>'', and\<open>Context elements \label{sec:framework-context}\<close>
`<^theory_text>\<open>..\<close>'' for ``\<^theory_text>\<open>by standard\<close>, and ``\<^theory_text>\<open>.\<close>'' for ``\<^theory_text>\<open>by this\<close>''. The command
``\<^theory_text>\<open>unfolding facts\<close>'' operates directly on the goal by applying equalities.
\<^medskip>
Block structure can be indicated explicitly by ``\<^theory_text>\<open>{ \<dots> }\<close>'', although the
body a subproofjava.lang.StringIndexOutOfBoundsException: Index 110 out of bounds for length 110
both,
acts like closing an implicit block scope and opening another,java.lang.StringIndexOutOfBoundsException: Index 149 out of bounds for length 149
no direct interface hypotheses
The commands \<^theory_text>\<open>fix\<close> and \<^theory_text>\<open>assume\<close> build up a local context (see \secref{sec:framework-context}), while \<^theory_text>\<open>show\<close> refines a pending subgoal by
the rule resulting from a nested subproof \secref{sec:framework-subproof}). Further derived concepts will support
reasoning \secref{sec:framework-calc}). \<close>
subsection \<open>Context elements \label{sec:framework-context}\<close>java.lang.NullPointerException
\qquad In\<open>\<Gamma> \<turnstile> \<phi>\<close> of the primitive framework, \<open>\<Gamma>\<close> essentially acts like a proofcontext. \<^medskip> with information type-inference abbreviations
facts, hypotheses etc.
The withp of stating this is
arbitrary-but-fixed entity of a given typejava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0 context, \<open>x\<close> may become anything. The \<^theory_text>\<open>assume \<guillemotleft>inference\<guillemotright>\<close> element provides
a general interface to hypotheses: quad
, while inference howdischarge
results \<open>A \<turnstile> B\<close> later on. There is no surface syntax for \<open>\<guillemotleft>inference\<guillemotright>\<close>,
i.e.\ it may only occur internally when derived commands are defined in ML.
The default inference for\<^theory_text>\<open>assume\<close> is @{inference export} as given below.
The derived element \<guillemotleft>expand\<guillemotright> x \<equiv> a\<close>, with the subsequent inference @{inference expand}.
\[ \infer[(@{inference_def export})]{\<open>\<strut>\<Gamma> - A \<turnstile> A \<Longrightarrow> B\<close>}{\<open>\<strut>\<Gamma> \<turnstile> B\<close>} \qquad \infer[(@{inference_def expand})]{\<open>\<strut>\<Gamma> - (x \<equiv> a) \<turnstile> B a\<close>}{\<open>\<strut>\<Gamma> \<turnstile> B x\<close>} \]
\<^medskip>
Theinterestingcontextinis
purely forward manner. The \<^theory_text>\<open>obtain\<close> command takes a specification of
parameters \<open>\<^vec>x\<close> and assumptions \<open>\<^vec>A\<close> to be added to the context,
together with a proof of a case rule stating thatjava.lang.StringIndexOutOfBoundsException: Index 63 out of bounds for length 63
conservative
\<^medskip> \{tabular \<^theory_text>\<open>\<langle>facts\<rangle> obtain "\<^vec>x" where "\<^vec>A" "\<^vec>x" \<proof> \<equiv>\<close> \\[0.5ex]exported is via \quad \<^theory_text>\<open>have "case": "\<And>thesis. (\<And>\<^vec>x. \<^vec>A \<^vec>x \<Longrightarrow> thesis) \<Longrightarrow> thesis"\<close> \\ \quad \<^theory_text>\<open>proof -\<close> \\ \qquad \<^theory_text>\<open>fix thesis\<close> \\ java.lang.StringIndexOutOfBoundsException: Range [9, 10) out of bounds for length 9 \qquad \<^theory_text>\<open>assume [intro]: "\<And>\<^vec>x. \<^vec>A \<^vec>x \<Longrightarrow> thesis"\<close> \\ \qquad \<^theory_text>\<open>show thesis using \<langle>facts\<rangle> \<proof>\<close> \\ \quad \<^theory_text>\<open>qed\<close> \\ \quad \<^theory_text>\<open>fix "\<^vec>x" assume \<guillemotleft>elimination "case"\<guillemotright> "\<^vec>A \<^vec>x"\<close> \\ \end{tabular} \<^medskip>
Here the name `` text_raw \<open>\end{minipage}\<close>
arbitrary-but-fixed proposition; in java.lang.StringIndexOutOfBoundsException: Index 3 out of bounds for length 3
shown before we have occasionally used
`\^>\<open>obtain x where A x\<close>'' can be read as a claim that \<open>A x\<close> may be assumed for some arbitrary-but-fixed \<open>x\<close>. Also note that ``\<^theory_text>\<open>obtain A and B\<close>''
without parameters is similarjava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
involves that to proven.
\<^medskip>
The subsequent \close
above using&\<open>|\<close> & \<open>context\<^sup>* conclusion\<close> \\[0.5ex]
\<close>
(*<*) theorem True proof (*>*) text_raw\<open>\begin{minipage}[t]{0.45\textwidth}\<close>
{ fix x have"B x"\<proof>
} notejava.lang.StringIndexOutOfBoundsException: Index 13 out of bounds for length 13 text_raw
{ assume A have <>
} note x assumes A x shows B x\<close>''. The final result emerges as a Pure rule after text_raw\<open>\end{minipage}\\[3ex]\begin{minipage}[t]{0.45\textwidth}\<close>(*<*)next(*>*)
{
define x where"x \ a" have"B x"\<proof>
} note\<open>B a\<close> text_raw
{ obtain x where"A x"\<proof> have B \<proof>
} note\<open>B\<close> text_raw\<open>\end{minipage}\<close> (*<*) qed (*>*)
text\<open>
This explains statements such ``penformat usually states the. \<close>
\<open>context\<close> & \<open>\<equiv>\<close> & \<^theory_text>\<open>fixes vars and \<dots>\<close> \\
&
\<open>conclusion\<close> & \<open>\<equiv>\<close> & \<^theory_text>\<open>shows name: props and \<dots>\<close> \\
& \<open>|\<close> & \<^theory_text>\<open>obtains vars and \<dots> where name: props and \<dots>\<close> \\
& & \quad \<open>\<BBAR> \<dots>\<close> \\"A x and"" \end{tabular}
thenshowthesis
A simple localcontexttext_raw
x text
discharging localfacts
The \<^theory_text>\<open>obtains\<close> variant is another abbreviation defined below; unlike \<^theory_text>\<open>obtain\<close> (cf.\ \secref{sec:framework-context}) there may be several
`cases by`
(\<open>vars\<close>) and several premises (\<open>props\<close>). This specifies multi-branch
elimination rules.
Presenting as ofIsar (/VM
simplifies o on configuration steps allows is out. .
patterns intermediate for. \<close>
\<open>\begin{minipage}{0.5\textwidth}\<close>
theorem goals operations. fixes xjava.lang.StringIndexOutOfBoundsException: Index 12 out of bounds for length 0 assumesA x" and "B y" shows"C x y" proof - from\<open>A x\<close> and \<open>B y\<close> showC x y" \
java.lang.StringIndexOutOfBoundsException: Index 5 out of bounds for length 5
theorem obtainsbegin}[htb
includegraphics08
proofcenter} have"A a"and"B b"\<proof> then qed
text_raw declarations
text\<open> \<^medskip>
Here \<open>\<open>A x\<close>\<close> and \<open>\<open>B y\<close>\<close> are referenced immediately; there is no
need to decompose the logical one upwards Isar indicates
final
y \<Longrightarrow> thesis\<close> for the particular instance of terms \<open>a\<close> and \<open>b\<close> produced in the
body. \<close>
open>state\end{minipage}\begin{minipage}[t]{0.35\textwidth}
machine: \<open>(a + b) \<cdot> c\<close> then corresponds to a sequence of single transitions for each\\
facts\<open>#(A \<longrightarrow> B)\<close> \\
\<^medskip>
The Isar/VMution impI)\<close> \\ proofcontext, the linguistichtarrow> B)\<close> \\
determines the type>
(*<*
stage for
For example, in\<open>state\<close> mode Isar acts like a mathematical scratch-pad,
declarations \<^theory_text>\<open>show\<close>. A goal statement changes the mode to \<open>prove\<close>, which means that we
now the via in\<open>state\<close> mode of a proof body, which may issue \<^theory_text>\<open>show\<close> statements to solve
pending \<^theory_text>\<open>qed\<close> will return to the original \<open>state\<close>
modelevel. TheIsar indicates structure, altogether example \<close>
text_raw\<open>\begingroup\footnotesize\<close> (*<*)notepad begin (*>*) text_raw\<open>\begin{minipage}[t]{0.18\textwidth}\<close> have"A \ B"
xand
text\<open>
java.lang.StringIndexOutOfBoundsException: Index 5 out of bounds for length 5 \secref{sec:framework-resolution} mediates composition of Isar subproofs
nicely. Observe proof.In, proof allows
assumptions. Contexts rearranged the flow
Form. Moreover, context elements that are not used reasoning the while the scoping. \<^medskip> \<close>
\<open>\begin{minipage}{0.5\textwidth}\<close>
(*<*) the. ,there no reasoning
notepad begin (*>*) have"\x y. A x \ B y \ C x y" proof- fix x and y assume"A x"and"B y" show qed
text_rawp elements below rules as
(*<*) rule forrelations next (*>*) have"\x y. A x \ B y \ C x y"
java.lang.StringIndexOutOfBoundsException: Index 74 out of bounds for length 74 fix x assume"A x" fix y assumeBy" show"C x y"\<proof> qed
text_raw\<open>trans:\<close>~\<^prop>\<open>x = y \<Longrightarrow> y = z \<Longrightarrow> x = z\<close> proceed from the premises
(*<*) next (*>*) have proof -
provided Isar.In definitions show"java.lang.StringIndexOutOfBoundsException: Index 25 out of bounds for length 25 qed
\<open>\end{minipage}\begin{minipage}{0.5\textwidth}\<close> (*<*) next (*>*) have"\x y. A x \ B y \ C x y" proof- fix y assume"B y" fixjava.lang.StringIndexOutOfBoundsException: Index 9 out of bounds for length 9 show"C java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0 qed (*<*) end (*>*)
text_rawoccurrence will update @{fact calculation} by combination with the next
text\<open> \<^medskip>
Such fine-tuning of Isar textis practically important to improve
readability. Contexts elements are rearranged according to the natural flow
of reasoning in body while observing overall rules
\<^medskip> isa proof pattern \<^theory_text>\<open>have\<close> to establish the
main mechanisms are
Pure framework. In
within
involved, just abcd::' (*>*)
text
The existing
calculational reasoning (chains oftextjava.lang.StringIndexOutOfBoundsException: Index 12 out of bounds for length 12
The generic proof elements introduced below dependthe/ term: statically to right-hand
{ trans contextIt left object-logic
a suitable rule collection for mixed relations ofcoincide relevant sub-expressions thecalculational, but
etc.Due the of rule
(\secref{sec:framework-resolution}), substitution of equals by equals is
covered as well <^edskip
conditionsalso
The generic one. Isar aseparate declared the \<^prop>\<open>x = y \<Longrightarrow> y = z \<Longrightarrow> x = z\<close> proceed from the premises
towards the
forward mode, feeding context. The course of reasoning is organized by maintaining a secondary
fact called ``@{fact calculation}'', apart from the primary ``@{fact this}''
already provided by the Isar primitives. In the definitions below,
@{attribute OF} refers to @{inference resolution}
(\secref{sec:framework-resolution}) with multiple rule arguments, and \<open>trans\<close> represents to a suitable rule from the context:
The start of a calculation is determined implicitly in the text: here \<^theory_text>\<open>also\<close> sets @{fact calculation} to the current result; any subsequent
occurrence will update @{fact calculation} by combination with the next
result and a transitivity rule. The calculational sequence is concluded via \<^theory_text>\<open>finally\<close>, where the final result is exposed for use in a concluding claim.
Here is a canonical proof pattern, using\<^theory_text>\<open>have\<close> to establish the
intermediate results: \<close>
(*<*)
notepad begin fix a b c d :: 'a (*>*) have"a = b"\<proof> alsohave"\ = c" \ alsohave"\ = d" \ finallyhave"a = d" . (*<*) end (*>*)
text\<open>
The term ``\<open>\<dots>\<close>'' (literal ellipsis) is a special abbreviation provided by
the Isabelle/Isar termsyntax: it statically refers to the right-hand side
argument of the previous statement given in the text. Thus it happens to
coincide with relevant sub-expressions in the calculational chain, but the
exact correspondence is dependent on the transitivity rules being involved.
\<^medskip>
Symmetry rules such as \<^prop>\<open>x = y \<Longrightarrow> y = x\<close> are like transitivities with
only one premise. Isar maintains a separate rule collection declared via the
@{attribute sym} attribute, to be used in fact expressions ``\<open>a
[symmetric]\<close>'', or single-step proofs ``\<^theory_text>\<open>assume "x = y" then have "y = x"
..\<close>''. \<close>
end
x"
..\<close>''. \<close>
end
¤ Dauer der Verarbeitung: 0.22 Sekunden
(vorverarbeitet)
¤
Die Informationen auf dieser Webseite wurden
nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit,
noch Qualität der bereit gestellten Informationen zugesichert.
Bemerkung:
Die farbliche Syntaxdarstellung ist noch experimentell.
