\chapter{ML Functions in the {\tt res\_quan} Library}\label{entries}\input{entries-intro}\DOC{COND\_REWR\_CANON} \TYPE {\small\verb%COND_REWR_CANON : thm -> thm%}\egroup \SYNOPSIS Transform a theorem into a form accepted by {\small\verb%COND_REWR_TAC%}. \DESCRIBE {\small\verb%COND_REWR_CANON%} transforms a theorem into a form accepted by {\small\verb%COND_REWR_TAC%}. The input theorem should be an implication of the following form {\par\samepage\setseps\small \begin{verbatim} !x1 ... xn. P1[xi] ==> ... ==> !y1 ... ym. Pr[xi,yi] ==> (!z1 ... zk. u[xi,yi,zi] = v[xi,yi,zi]) \end{verbatim} } \noindent where each antecedent {\small\verb%Pi%} itself may be a conjunction or disjunction. The output theorem will have all universal quantifications moved to the outer most level with possible renaming to prevent variable capture, and have all antecedents which are a conjunction transformed to implications. The output theorem will be in the following form {\par\samepage\setseps\small \begin{verbatim} !x1 ... xn y1 ... ym z1 ... zk. P11[xi] ==> ... ==> P1p[xi] ==> ... ==> Pr1[xi,yi] ==> ... ==> Prq[x1,yi] ==> (u[xi,yi,zi] = v[xi,yi,zi]) \end{verbatim} } \FAILURE This function fails if the input theorem is not in the correct form. \EXAMPLE {\small\verb%COND_REWR_CANON%} transforms the built-in theorem {\small\verb%CANCL_SUB%} into the form for conditional rewriting: {\par\samepage\setseps\small \begin{verbatim} #COND_REWR_CANON CANCEL_SUB;; Theorem CANCEL_SUB autoloading from theory arithmetic ... CANCEL_SUB = |- !p n m. p <= n /\ p <= m ==> ((n - p = m - p) = (n = m)) |- !p n m. p <= n ==> p <= m ==> ((n - p = m - p) = (n = m)) \end{verbatim} } \SEEALSO COND_REWRITE1_TAC, COND_REWR_TAC, COND_REWRITE1_CONV, COND_REWR_CONV, search_top_down. \ENDDOC \DOC{COND\_REWR\_CONV} {\small \begin{verbatim} COND_REWR_CONV : ((term -> term -> ((term # term) list # (type # type) list) list) -> thm -> conv) \end{verbatim} }\egroup \SYNOPSIS A lower level conversion implementing simple conditional rewriting. \DESCRIBE {\small\verb%COND_REWR_CONV%} is one of the basic building blocks for the implementation of the simple conditional rewriting conversions in the HOL system. In particular, the conditional term replacement or rewriting done by all the conditional rewriting conversions in this library is ultimately done by applications of {\small\verb%COND_REWR_CONV%}. The description given here for {\small\verb%COND_REWR_CONV%} may therefore be taken as a specification of the atomic action of replacing equals by equals in a term under certain conditions that are used in all these higher level conditional rewriting conversions. The first argument to {\small\verb%COND_REWR_CONV%} is expected to be a function which returns a list of matches. Each of these matches is in the form of the value returned by the built-in function {\small\verb%match%}. It is used to search the input term for instances which may be rewritten. The second argument to {\small\verb%COND_REWR_CONV%} is expected to be an implicative theorem in the following form: {\par\samepage\setseps\small \begin{verbatim} A |- !x1 ... xn. P1 ==> ... Pm ==> (Q[x1,...,xn] = R[x1,...,xn]) \end{verbatim} } \noindent where {\small\verb%x1%}, ..., {\small\verb%xn%} are all the variables that occur free in the left hand side of the conclusion of the theorem but do not occur free in the assumptions. The last argument to {\small\verb%COND_REWR_CONV%} is the term to be rewritten. If {\small\verb%fn%} is a function and {\small\verb%th%} is an implicative theorem of the kind shown above, then {\small\verb%COND_REWR_CONV fn th%} will be a conversion. When applying to a term {\small\verb%tm%}, it will return a theorem {\par\samepage\setseps\small \begin{verbatim} P1', ..., Pm' |- tm = tm[R'/Q'] \end{verbatim} } \noindent if evaluating {\small\verb%fn Q[x1,...,xn] tm%} returns a non-empty list of matches. The assumptions of the resulting theorem are instances of the antecedents of the input theorem {\small\verb%th%}. The right hand side of the equation is obtained by rewriting the input term {\small\verb%tm%} with instances of the conclusion of the input theorem. \FAILURE {\small\verb%COND_REWR_CONV fn th%} fails if {\small\verb%th%} is not an implication of the form described above. If {\small\verb%th%} is such an equation, but the function {\small\verb%fn%} returns a null list of matches, or the function {\small\verb%fn%} returns a non-empty list of matches, but the term or type instantiation fails. \EXAMPLE The following example illustrates a straightforward use of {\small\verb%COND_REWR_CONV%}. We use the built-in theorem {\small\verb%LESS_MOD%} as the input theorem, and the function {\small\verb%search_top_down%} as the search function. {\par\samepage\setseps\small \begin{verbatim} #LESS_MOD;; Theorem LESS_MOD autoloading from theory arithmetic ... LESS_MOD = |- !n k. k < n ==> (k MOD n = k) |- !n k. k < n ==> (k MOD n = k) #search_top_down;; - : (term -> term -> ((term # term) list # (type # type) list) list) #COND_REWR_CONV search_top_down LESS_MOD "2 MOD 3";; 2 < 3 |- 2 MOD 3 = 2 \end{verbatim} } \SEEALSO COND_REWR_TAC, COND_REWRITE1_TAC, COND_REWRITE1_CONV, COND_REWR_CANON, search_top_down. \ENDDOC \DOC{COND\_REWRITE1\_CONV} \TYPE {\small\verb%COND_REWRITE1_CONV : (thm list -> thm -> conv)%}\egroup \SYNOPSIS A simple conditional rewriting conversion. \DESCRIBE {\small\verb%COND_REWRITE1_CONV%} is a front end of the conditional rewriting conversion {\small\verb%COND_REWR_CONV%}. The input theorem should be in the following form {\par\samepage\setseps\small \begin{verbatim} A |- !x11 ... . P1 ==> ... !xm1 ... . Pm ==> (!x ... . Q = R) \end{verbatim} } \noindent where each antecedent {\small\verb%Pi%} itself may be a conjunction or disjunction. This theorem is transformed to a standard form expected by {\small\verb%COND_REWR_CONV%} which carries out the actual rewriting. The transformation is performed by {\small\verb%COND_REWR_CANON%}. The search function passed to {\small\verb%COND_REWR_CONV%} is {\small\verb%search_top_down%}. The effect of applying the conversion {\small\verb%COND_REWRITE1_CONV ths th%} to a term {\small\verb%tm%} is to derive a theorem {\par\samepage\setseps\small \begin{verbatim} A' |- tm = tm[R'/Q'] \end{verbatim} } \noindent where the right hand side of the equation is obtained by rewriting the input term {\small\verb%tm%} with an instance of the conclusion of the input theorem. The theorems in the list {\small\verb%ths%} are used to discharge the assumptions generated from the antecedents of the input theorem. \FAILURE {\small\verb%COND_REWRITE1_CONV ths th%} fails if {\small\verb%th%} cannot be transformed into the required form by {\small\verb%COND_REWR_CANON%}. Otherwise, it fails if no match is found or the theorem cannot be instantiated. \EXAMPLE The following example illustrates a straightforward use of {\small\verb%COND_REWRITE1_CONV%}. We use the built-in theorem {\small\verb%LESS_MOD%} as the input theorem. {\par\samepage\setseps\small \begin{verbatim} #LESS_MOD;; Theorem LESS_MOD autoloading from theory arithmetic ... LESS_MOD = |- !n k. k < n ==> (k MOD n = k) |- !n k. k < n ==> (k MOD n = k) #COND_REWRITE1_CONV [] LESS_MOD "2 MOD 3";; 2 < 3 |- 2 MOD 3 = 2 #let less_2_3 = REWRITE_RULE[LESS_MONO_EQ;LESS_0] #(REDEPTH_CONV num_CONV "2 < 3");; less_2_3 = |- 2 < 3 #COND_REWRITE1_CONV [less_2_3] LESS_MOD "2 MOD 3";; |- 2 MOD 3 = 2 \end{verbatim} } \noindent In the first example, an empty theorem list is supplied to {\small\verb%COND_REWRITE1_CONV%} so the resulting theorem has an assumption {\small\verb%2 < 3%}. In the second example, a list containing a theorem {\small\verb%|- 2 < 3%} is supplied, the resulting theorem has no assumptions. \SEEALSO COND_REWR_TAC, COND_REWRITE1_TAC, COND_REWR_CONV, COND_REWR_CANON, search_top_down. \ENDDOC \DOC{COND\_REWRITE1\_TAC} \TYPE {\small\verb%COND_REWRITE1_TAC : thm_tactic%}\egroup \SYNOPSIS A simple conditional rewriting tactic. \DESCRIBE {\small\verb%COND_REWRITE1_TAC%} is a front end of the conditional rewriting tactic {\small\verb%COND_REWR_TAC%}. The input theorem should be in the following form {\par\samepage\setseps\small \begin{verbatim} A |- !x11 ... . P1 ==> ... !xm1 ... . Pm ==> (!x ... . Q = R) \end{verbatim} } \noindent where each antecedent {\small\verb%Pi%} itself may be a conjunction or disjunction. This theorem is transformed to a standard form expected by {\small\verb%COND_REWR_TAC%} which carries out the actual rewriting. The transformation is performed by {\small\verb%COND_REWR_CANON%}. The search function passed to {\small\verb%COND_REWR_TAC%} is {\small\verb%search_top_down%}. The effect of applying this tactic is to substitute into the goal instances of the right hand side of the conclusion of the input theorem {\small\verb%Ri'%} for the corresponding instances of the left hand side. The search is top-down left-to-right. All matches found by the search function are substituted. New subgoals corresponding to the instances of the antecedents which do not appear in the assumption of the original goal are created. See manual page of {\small\verb%COND_REWR_TAC%} for details of how the instantiation and substitution are done. \FAILURE {\small\verb%COND_REWRITE1_TAC th%} fails if {\small\verb%th%} cannot be transformed into the required form by the function {\small\verb%COND_REWR_CANON%}. Otherwise, it fails if no match is found or the theorem cannot be instantiated. \EXAMPLE The following example illustrates a straightforward use of {\small\verb%COND_REWRITE1_TAC%}. We use the built-in theorem {\small\verb%LESS_MOD%} as the input theorem. {\par\samepage\setseps\small \begin{verbatim} #LESS_MOD;; Theorem LESS_MOD autoloading from theory arithmetic ... LESS_MOD = |- !n k. k < n ==> (k MOD n = k) |- !n k. k < n ==> (k MOD n = k) \end{verbatim} } \noindent We set up a goal {\par\samepage\setseps\small \begin{verbatim} #g"2 MOD 3 = 2";; "2 MOD 3 = 2" () : void \end{verbatim} } \noindent and then apply the tactic {\par\samepage\setseps\small \begin{verbatim} #e(COND_REWRITE1_TAC LESS_MOD);; OK.. 2 subgoals "2 = 2" [ "2 < 3" ] "2 < 3" () : void \end{verbatim} } \SEEALSO COND_REWR_TAC, COND_REWRITE1_CONV, COND_REWR_CONV, COND_REWR_CANON, search_top_down. \ENDDOC \DOC{COND\_REWR\_TAC} {\small \begin{verbatim} COND_REWR_TAC : ((term -> term -> ((term # term) list # (type # type) list) list) -> thm_tactic) \end{verbatim} }\egroup \SYNOPSIS A lower level tactic used to implement simple conditional rewriting tactic. \DESCRIBE {\small\verb%COND_REWR_TAC%} is one of the basic building blocks for the implementation of conditional rewriting in the HOL system. In particular, the conditional term replacement or rewriting done by all the built-in conditional rewriting tactics is ultimately done by applications of {\small\verb%COND_REWR_TAC%}. The description given here for {\small\verb%COND_REWR_TAC%} may therefore be taken as a specification of the atomic action of replacing equals by equals in the goal under certain conditions that aare used in all these higher level conditional rewriting tactics. The first argument to {\small\verb%COND_REWR_TAC%} is expected to be a function which returns a list of matches. Each of these matches is in the form of the value returned by the built-in function {\small\verb%match%}. It is used to search the goal for instances which may be rewritten. The second argument to {\small\verb%COND_REWR_TAC%} is expected to be an implicative theorem in the following form: {\par\samepage\setseps\small \begin{verbatim} A |- !x1 ... xn. P1 ==> ... Pm ==> (Q[x1,...,xn] = R[x1,...,xn]) \end{verbatim} } \noindent where {\small\verb%x1%}, ..., {\small\verb%xn%} are all the variables that occur free in the left-hand side of the conclusion of the theorem but do not occur free in the assumptions. If {\small\verb%fn%} is a function and {\small\verb%th%} is an implicative theorem of the kind shown above, then {\small\verb%COND_REWR_TAC fn th%} will be a tactic which returns a list of subgoals if evaluating {\par\samepage\setseps\small \begin{verbatim} fn Q[x1,...,xn] gl \end{verbatim} } \noindent returns a non-empty list of matches when applied to a goal {\small\verb%(asm,gl)%}. Let {\small\verb%ml%} be the match list returned by evaluating {\small\verb%fn Q[x1,...,xn] gl%}. Each element in this list is in the form of {\par\samepage\setseps\small \begin{verbatim} ([(e1,x1);...;(ep,xp)], [(ty1,vty1);...;(tyq,vtyq)]) \end{verbatim} } \noindent which specifies the term and type instantiations of the input theorem {\small\verb%th%}. Either the term pair list or the type pair list may be empty. In the case that both lists are empty, an exact match is found, i.e., no instantiation is required. If {\small\verb%ml%} is an empty list, no match has been found and the tactic will fail. For each match in {\small\verb%ml%}, {\small\verb%COND_REWR_TAC%} will perform the following: 1) instantiate the input theorem {\small\verb%th%} to get {\par\samepage\setseps\small \begin{verbatim} th' = A |- P1' ==> ... ==> Pm' ==> (Q' = R') \end{verbatim} } \noindent where the primed subterms are instances of the corresponding unprimed subterms obtained by applying {\small\verb%INST_TYPE%} with {\small\verb%[(ty1,vty1);...;(tyq,vtyq)]%} and then {\small\verb%INST%} with {\small\verb%[(e1,x1);...;(ep,xp)]%}; 2) search the assumption list {\small\verb%asm%} for occurrences of any antecedents {\small\verb%P1'%}, ..., {\small\verb%Pm'%}; 3) if all antecedents appear in {\small\verb%asm%}, the goal {\small\verb%gl%} is reduced to {\small\verb%gl'%} by substituting {\small\verb%R'%} for each free occurrence of {\small\verb%Q'%}, otherwise, in addition to the substitution, all antecedents which do not appear in {\small\verb%asm%} are added to it and new subgoals corresponding to these antecedents are created. For example, if {\small\verb%Pk'%}, ..., {\small\verb%Pm'%} do not appear in {\small\verb%asm%}, the following subgoals are returned: {\par\samepage\setseps\small \begin{verbatim} asm ?- Pk' ... asm ?- Pm' {asm,Pk',...,Pm'} ?- gl' \end{verbatim} } If {\small\verb%COND_REWR_TAC%} is given a theorem {\small\verb%th%}: {\par\samepage\setseps\small \begin{verbatim} A |- !x1 ... xn y1 ... yk. P1 ==> ... ==> Pm ==> (Q = R) \end{verbatim} } \noindent where the variables {\small\verb%y1%}, ..., {\small\verb%ym%} do not occur free in the left-hand side of the conclusion {\small\verb%Q%} but they do occur free in the antecedents, then, when carrying out Step 2 described above, {\small\verb%COND_REWR_TAC%} will attempt to find instantiations for these variables from the assumption {\small\verb%asm%}. For example, if {\small\verb%x1%} and {\small\verb%y1%} occur free in {\small\verb%P1%}, and a match is found in which {\small\verb%e1%} is an instantiation of {\small\verb%x1%}, then {\small\verb%P1'%} will become {\small\verb%P1[e1/x1, y1]%}. If a term {\small\verb%P1'' = P1[e1,e1'/x1,y1]%} appears in {\small\verb%asm%}, {\small\verb%th'%} is instantiated with {\small\verb%(e1', y1)%} to get {\par\samepage\setseps\small \begin{verbatim} th'' = A |- P1'' ==> ... ==> Pm'' ==> (Q' = R'') \end{verbatim} } \noindent then {\small\verb%R''%} is substituted into {\small\verb%gl%} for all free occurrences of {\small\verb%Q'%}. If no consistent instantiation is found, then {\small\verb%P1'%} which contains the uninstantiated variable {\small\verb%y1%} will become one of the new subgoals. In such a case, the user has no control over the choice of the variable {\small\verb%yi%}. \FAILURE {\small\verb%COND_REWR_TAC fn th%} fails if {\small\verb%th%} is not an implication of the form described above. If {\small\verb%th%} is such an equation, but the function {\small\verb%fn%} returns a null list of matches, or the function {\small\verb%fn%} returns a non-empty list of matches, but the term or type instantiation fails. \EXAMPLE The following example illustrates a straightforward use of {\small\verb%COND_REWR_TAC%}. We use the built-in theorem {\small\verb%LESS_MOD%} as the input theorem, and the function {\small\verb%search_top_down%} as the search function. {\par\samepage\setseps\small \begin{verbatim} #LESS_MOD;; Theorem LESS_MOD autoloading from theory arithmetic ... LESS_MOD = |- !n k. k < n ==> (k MOD n = k) |- !n k. k < n ==> (k MOD n = k) #search_top_down;; - : (term -> term -> ((term # term) list # (type # type) list) list) \end{verbatim} } \noindent We set up a goal {\par\samepage\setseps\small \begin{verbatim} #g"2 MOD 3 = 2";; "2 MOD 3 = 2" () : void \end{verbatim} } \noindent and then apply the tactic {\par\samepage\setseps\small \begin{verbatim} #e(COND_REWR_TAC search_top_down LESS_MOD);; OK.. 2 subgoals "2 = 2" [ "2 < 3" ] "2 < 3" () : void \end{verbatim} } \SEEALSO COND_REWRITE1_TAC, COND_REWRITE1_CONV, COND_REWR_CONV, COND_REWR_CANON, search_top_down. \ENDDOC \DOC{dest\_resq\_abstract} \TYPE {\small\verb%dest_resq_abstract : (term -> (term # term # term))%}\egroup \SYNOPSIS Breaks apart a restricted abstract term into the quantified variable, predicate and body. \DESCRIBE {\small\verb%dest_resq_abstract%} is a term destructor for restricted abstraction: {\par\samepage\setseps\small \begin{verbatim} dest_resq_abstract "\var::P. t" \end{verbatim} } \noindent returns {\small\verb%("var","P","t")%}. \FAILURE Fails with {\small\verb%dest_resq_abstract%} if the term is not a restricted abstraction. \SEEALSO mk_resq_abstract, is_resq_abstract, strip_resq_abstract. \ENDDOC \DOC{dest\_resq\_exists} \TYPE {\small\verb%dest_resq_exists : (term -> (term # term # term))%}\egroup \SYNOPSIS Breaks apart a restricted existentially quantified term into the quantified variable, predicate and body. \DESCRIBE {\small\verb%dest_resq_exists%} is a term destructor for restricted existential quantification: {\par\samepage\setseps\small \begin{verbatim} dest_resq_exists "?var::P. t" \end{verbatim} } \noindent returns {\small\verb%("var","P","t")%}. \FAILURE Fails with {\small\verb%dest_resq_exists%} if the term is not a restricted existential quantification. \SEEALSO mk_resq_exists, is_resq_exists, strip_resq_exists. \ENDDOC \DOC{dest\_resq\_forall} \TYPE {\small\verb%dest_resq_forall : (term -> (term # term # term))%}\egroup \SYNOPSIS Breaks apart a restricted universally quantified term into the quantified variable, predicate and body. \DESCRIBE {\small\verb%dest_resq_forall%} is a term destructor for restricted universal quantification: {\par\samepage\setseps\small \begin{verbatim} dest_resq_forall "!var::P. t" \end{verbatim} } \noindent returns {\small\verb%("var","P","t")%}. \FAILURE Fails with {\small\verb%dest_resq_forall%} if the term is not a restricted universal quantification. \SEEALSO mk_resq_forall, is_resq_forall, strip_resq_forall. \ENDDOC \DOC{dest\_resq\_select} \TYPE {\small\verb%dest_resq_select : (term -> (term # term # term))%}\egroup \SYNOPSIS Breaks apart a restricted choice quantified term into the quantified variable, predicate and body. \DESCRIBE {\small\verb%dest_resq_select%} is a term destructor for restricted choice quantification: {\par\samepage\setseps\small \begin{verbatim} dest_resq_select "@var::P. t" \end{verbatim} } \noindent returns {\small\verb%("var","P","t")%}. \FAILURE Fails with {\small\verb%dest_resq_select%} if the term is not a restricted choice quantification. \SEEALSO mk_resq_select, is_resq_select, strip_resq_select. \ENDDOC \DOC{GQSPEC\_ALL} \TYPE {\small\verb%GQSPEC_ALL : (thm -> thm)%}\egroup \SYNOPSIS Specializes the conclusion of a theorem with its own quantified variables. \DESCRIBE When applied to a theorem whose conclusion has zero or more ordinary or restricted universal quantifications, the inference rule {\small\verb%GQSPEC_ALL%} returns a theorem which is the result of specializing the quantified variables with its own variables. If this will cause name clashes, a variant of the variable is used instead. Normally {\small\verb%xi'%} is just {\small\verb%xi%}, in which case {\small\verb%GQSPEC_ALL%} simply removes all universal quantifiers. {\par\samepage\setseps\small \begin{verbatim} A |- !x1::P1. ...!xk. ... !xn::Pn. t ------------------------------------------------------ GQSPEC_ALL A,P1 x1,...,Pn xn |- t[x1'/x1]...[xk'/xk]...[xn'/xn] \end{verbatim} } \FAILURE Never fails. \SEEALSO GQSPEC, GQSPECL, SPEC, SPECL, SPEC_ALL, RESQ_GEN, RESQ_GENL, RESQ_GEN_ALL, RESQ_GEN_TAC, RESQ_SPEC, RESQ_SPECL, RESQ_SPEC_ALL. \ENDDOC \DOC{GQSPECL} \TYPE {\small\verb%GQSPECL : (term list -> thm -> thm)%}\egroup \SYNOPSIS Specializes zero or more variables in the conclusion of a universally quantified theorem. \DESCRIBE When applied to a term list {\small\verb%[u1;...;un]%} and a theorem whose conclusion has zero or more ordinary or restricted universal quantifications, the inference rule {\small\verb%GQSPECL%} returns a theorem which is the result of specializing the quantified variables. The substitutions are made sequentially left-to-right in the same way as for {\small\verb%GQSPEC%}, with the same sort of alpha-conversions applied to the body of the conclusion. The two kinds of universal quantification can be mixed. {\par\samepage\setseps\small \begin{verbatim} A |- !x1::P1. ... !xk. ... !xn::Pn. t -------------------------------------------------- GQSPECL "[u1;...;un]" A,P1 u1,...,Pn un |- t[u1/x1]...[uk/xk]...[un/xn] \end{verbatim} } \noindent It is permissible for the term-list to be empty, in which case the application of {\small\verb%GQSPECL%} has no effect. \FAILURE Fails if one of the specialization of the quantified variable in the original theorem fails. \SEEALSO GQSPEC, GQSPEC_ALL, SPECL, GENL, RESQ_GEN, RESQ_GENL, RESQ_GEN_ALL, RESQ_GEN_TAC, RESQ_SPEC, RESQ_SPECL, RESQ_SPEC_ALL. \ENDDOC \DOC{IMP\_RESQ\_FORALL\_CONV} \TYPE {\small\verb%IMP_RESQ_FORALL_CONV : conv%}\egroup \SYNOPSIS Converts an implication to a restricted universal quantification. \DESCRIBE When applied to a term of the form {\small\verb%!x.P x ==> Q%}, the conversion {\small\verb%IMP_RESQ_FORALL_CONV%} returns the theorem: {\par\samepage\setseps\small \begin{verbatim} |- (!x. P x ==> Q) = !x::P. Q \end{verbatim} } \FAILURE Fails if applied to a term not of the form {\small\verb%!x.P x ==> Q%}. \SEEALSO RESQ_FORALL_CONV, LIST_RESQ_FORALL_CONV. \ENDDOC \DOC{is\_resq\_abstract} \TYPE {\small\verb%is_resq_abstract : (term -> bool)%}\egroup \SYNOPSIS Tests a term to see if it is a restricted abstraction. \DESCRIBE {\small\verb%is_resq_abstract "\var::P. t"%} returns {\small\verb%true%}. If the term is not a restricted abstraction the result is {\small\verb%false%}. \FAILURE Never fails. \SEEALSO mk_resq_abstract, dest_resq_abstract. \ENDDOC \DOC{is\_resq\_exists} \TYPE {\small\verb%is_resq_exists : (term -> bool)%}\egroup \SYNOPSIS Tests a term to see if it is a restricted existential quantification. \DESCRIBE {\small\verb%is_resq_exists "?var::P. t"%} returns {\small\verb%true%}. If the term is not a restricted existential quantification the result is {\small\verb%false%}. \FAILURE Never fails. \SEEALSO mk_resq_exists, dest_resq_exists. \ENDDOC \DOC{is\_resq\_forall} \TYPE {\small\verb%is_resq_forall : (term -> bool)%}\egroup \SYNOPSIS Tests a term to see if it is a restricted universal quantification. \DESCRIBE {\small\verb%is_resq_forall "!var::P. t"%} returns {\small\verb%true%}. If the term is not a restricted universal quantification the result is {\small\verb%false%}. \FAILURE Never fails. \SEEALSO mk_resq_forall, dest_resq_forall. \ENDDOC \DOC{is\_resq\_select} \TYPE {\small\verb%is_resq_select : (term -> bool)%}\egroup \SYNOPSIS Tests a term to see if it is a restricted choice quantification. \DESCRIBE {\small\verb%is_resq_select "@var::P. t"%} returns {\small\verb%true%}. If the term is not a restricted choice quantification the result is {\small\verb%false%}. \FAILURE Never fails. \SEEALSO mk_resq_select, dest_resq_select. \ENDDOC \DOC{list\_mk\_resq\_exists} \TYPE {\small\verb%list_mk_resq_exists : ((term # term) list # term) -> term)%}\egroup \SYNOPSIS Iteratively constructs a restricted existential quantification. \DESCRIBE {\par\samepage\setseps\small \begin{verbatim} list_mk_resq_exists([("x1","P1");...;("xn","Pn")],"t") \end{verbatim} } \noindent returns {\small\verb%"?x1::P1. ... ?xn::Pn. t"%}. \FAILURE Fails with {\small\verb%list_mk_resq_exists%} if the first terms {\small\verb%xi%} in the pairs are not a variable or if the second terms {\small\verb%Pi%} in the pairs and {\small\verb%t%} are not of type {\small\verb%":bool"%} if the list is non-empty. If the list is empty the type of {\small\verb%t%} can be anything. \SEEALSO strip_resq_exists, mk_resq_exists. \ENDDOC \DOC{list\_mk\_resq\_forall} \TYPE {\small\verb%list_mk_resq_forall : ((term # term) list # term) -> term)%}\egroup \SYNOPSIS Iteratively constructs a restricted universal quantification. \DESCRIBE {\par\samepage\setseps\small \begin{verbatim} list_mk_resq_forall([("x1","P1");...;("xn","Pn")],"t") \end{verbatim} } \noindent returns {\small\verb%"!x1::P1. ... !xn::Pn. t"%}. \FAILURE Fails with {\small\verb%list_mk_resq_forall%} if the first terms {\small\verb%xi%} in the pairs are not a variable or if the second terms {\small\verb%Pi%} in the pairs and {\small\verb%t%} are not of type {\small\verb%":bool"%} if the list is non-empty. If the list is empty the type of {\small\verb%t%} can be anything. \SEEALSO strip_resq_forall, mk_resq_forall. \ENDDOC \DOC{LIST\_RESQ\_FORALL\_CONV} \TYPE {\small\verb%LIST_RESQ_FORALL_CONV : conv%}\egroup \SYNOPSIS Converts restricted universal quantifications iteratively to implications. \DESCRIBE When applied to a term whose outer level is a series of restricted universal quantifications, the conversion {\small\verb%LIST_RESQ_FORALL_CONV%} returns the theorem: {\par\samepage\setseps\small \begin{verbatim} |- !x1::P1. ... !xn::Pn. Q = (!x1...xn. P1 x1 ==> ... ==> Pn xn ==> Q) \end{verbatim} } \FAILURE Never fails. \SEEALSO IMP_RESQ_FORALL_CONV, RESQ_FORALL_CONV. \ENDDOC \DOC{mk\_resq\_abstract} \TYPE {\small\verb%mk_resq_abstract : ((term # term # term) -> term)%}\egroup \SYNOPSIS Term constructor for restricted abstraction. \DESCRIBE {\small\verb%mk_resq_abstract("var","P","t")%} returns {\small\verb%"\var :: P . t"%}. \FAILURE Fails with {\small\verb%mk_resq_abstract%} if the first term is not a variable or if {\small\verb%P%} and {\small\verb%t%} are not of type {\small\verb%":bool"%}. \SEEALSO dest_resq_abstract, is_resq_abstract, list_mk_resq_abstract. \ENDDOC \DOC{mk\_resq\_exists} \TYPE {\small\verb%mk_resq_exists : ((term # term # term) -> term)%}\egroup \SYNOPSIS Term constructor for restricted existential quantification. \DESCRIBE {\small\verb%mk_resq_exists("var","P","t")%} returns {\small\verb%"?var :: P . t"%}. \FAILURE Fails with {\small\verb%mk_resq_exists%} if the first term is not a variable or if {\small\verb%P%} and {\small\verb%t%} are not of type {\small\verb%":bool"%}. \SEEALSO dest_resq_exists, is_resq_exists, list_mk_resq_exists. \ENDDOC \DOC{mk\_resq\_forall} \TYPE {\small\verb%mk_resq_forall : ((term # term # term) -> term)%}\egroup \SYNOPSIS Term constructor for restricted universal quantification. \DESCRIBE {\small\verb%mk_resq_forall("var","P","t")%} returns {\small\verb%"!var :: P . t"%}. \FAILURE Fails with {\small\verb%mk_resq_forall%} if the first term is not a variable or if {\small\verb%P%} and {\small\verb%t%} are not of type {\small\verb%":bool"%}. \SEEALSO dest_resq_forall, is_resq_forall, list_mk_resq_forall. \ENDDOC \DOC{mk\_resq\_select} \TYPE {\small\verb%mk_resq_select : ((term # term # term) -> term)%}\egroup \SYNOPSIS Term constructor for restricted choice quantification. \DESCRIBE {\small\verb%mk_resq_select("var","P","t")%} returns {\small\verb%"@var :: P . t"%}. \FAILURE Fails with {\small\verb%mk_resq_select%} if the first term is not a variable or if {\small\verb%P%} and {\small\verb%t%} are not of type {\small\verb%":bool"%}. \SEEALSO dest_resq_select, is_resq_select, list_mk_resq_select. \ENDDOC \DOC{new\_binder\_resq\_definition} \TYPE {\small\verb%new_binder_resq_definition : ((string # term) -> thm)%}\egroup \SYNOPSIS Declare a new binder and install a definitional axiom in the current theory. \DESCRIBE The function {\small\verb%new_binder_resq_definition%} provides a facility for definitional extensions to the current theory. The new constant defined using this function may take arguments which are restricted quantified. The function {\small\verb%new_binder_resq_definition%} takes a pair argument consisting of the name under which the resulting definition will be saved in the current theory segment, and a term giving the desired definition. The value returned by {\small\verb%new_binder_resq_definition%} is a theorem which states the definition requested by the user. Let {\small\verb%x_1,...,x_n%} be distinct variables. Evaluating {\par\samepage\setseps\small \begin{verbatim} new_binder_resq_definition (name, "!x_i::P_i. ... !x_j::P_j. B x_1 ... x_n = t") \end{verbatim} } where {\small\verb%B%} is not already a constant, {\small\verb%i%} is greater or equal to 1 and {\small\verb%i <= j <= n%}, declares {\small\verb%B%} to be a new constant in the current theory with this definition as its specification. This constant specification is returned as a theorem with the form {\par\samepage\setseps\small \begin{verbatim} |- !x_i::P_i. ... !x_j::P_j. !x_k .... B x_1 ... x_n = t \end{verbatim} } \noindent where the variables {\small\verb%x_k%} are the free variables occurring on the left hand side of the definition and are not restricted quantified. This theorem is saved in the current theory under (the name) {\small\verb%name%}. The constant {\small\verb%B%} defined by this function will have the binder status only after the definition has been processed. It is therefore necessary to use the constant in normal prefix position when making the definition. If the restricting predicates {\small\verb%P_l%} contains free occurrence of variable(s) of the left hand side, the constant {\small\verb%B%} will stand for a family of functions. \FAILURE {\small\verb%new_binder_resq_definition%} fails if called when HOL is not in draft mode. It also fails if there is already an axiom, definition or specification of the given name in the current theory segment; if {\small\verb%B%} is already a constant in the current theory or is not an allowed name for a constant; if {\small\verb%t%} contains free variables that do not occur in the left hand side, or if any variable occurs more than once in {\small\verb%x_1, ..., x_n%}. Finally, failure occurs if there is a type variable in {\small\verb%x_1%}, ..., {\small\verb%x_n%} or {\small\verb%t%} that does not occur in the type of {\small\verb%B%}. \SEEALSO new_infix_resq_definition, new_resq_definition, new_definition, new_specification. \ENDDOC \DOC{new\_infix\_resq\_definition} \TYPE {\small\verb%new_infix_resq_definition : ((string # term) -> thm)%}\egroup \SYNOPSIS Declare a new infix constant and install a definitional axiom in the current theory. \DESCRIBE The function {\small\verb%new_infix_resq_definition%} provides a facility for definitional extensions to the current theory. The new constant defined using this function may take arguments which are restricted quantified. The function {\small\verb%new_infix_resq_definition%} takes a pair argument consisting of the name under which the resulting definition will be saved in the current theory segment, and a term giving the desired definition. The value returned by {\small\verb%new_infix_resq_definition%} is a theorem which states the definition requested by the user. Let {\small\verb%x_1,...,x_n%} be distinct variables. Evaluating {\par\samepage\setseps\small \begin{verbatim} new_infix_resq_definition (name, "!x_i::P_i. ... !x_j::P_j. IX x_1 ... x_n = t") \end{verbatim} } where {\small\verb%IX%} is not already a constant, {\small\verb%i%} is greater or equal to 1 and {\small\verb%i <= j <= n%}, declares {\small\verb%IX%} to be a new constant in the current theory with this definition as its specification. This constant specification is returned as a theorem with the form {\par\samepage\setseps\small \begin{verbatim} |- !x_i::P_i. ... !x_j::P_j. !x_k .... IX x_1 ... x_n = t \end{verbatim} } \noindent where the variables {\small\verb%x_k%} are the free variables occurring on the left hand side of the definition and are not restricted quantified. This theorem is saved in the current theory under (the name) {\small\verb%name%}. The constant {\small\verb%IX%} defined by this function will have the infix status only after the definition has been processed. It is therefore necessary to use the constant in normal prefix position when making the definition. If the restricting predicates {\small\verb%P_l%} contains free occurrence of variable(s) of the left hand side, the constant {\small\verb%IX%} will stand for a family of functions. \FAILURE {\small\verb%new_infix_resq_definition%} fails if called when HOL is not in draft mode. It also fails if there is already an axiom, definition or specification of the given name in the current theory segment; if {\small\verb%IX%} is already a constant in the current theory or is not an allowed name for a constant; if {\small\verb%t%} contains free variables that do not occur in the left hand side, or if any variable occurs more than once in {\small\verb%x_1, ..., x_n%}. Finally, failure occurs if there is a type variable in {\small\verb%x_1%}, ..., {\small\verb%x_n%} or {\small\verb%t%} that does not occur in the type of {\small\verb%IX%}. \EXAMPLE A function for indexing list element starting from 1 can be defined as follows: {\par\samepage\setseps\small \begin{verbatim} #let IXEL1_DEF = new_infix_resq_definition (IXEL1_DEF, # "!n:: (\k. 0 < k). IXEL1 n (l:* list) = EL (n -1) l");; IXEL1_DEF = |- !n :: \k. 0 < k. !l. IXEL1 n l = EL(n - 1)l \end{verbatim} } One can then use {\small\verb%IXEL1%} as an infix and do the following proof: {\par\samepage\setseps\small \begin{verbatim} #g"2 IXEL1 [1;2;3] = 2";; "2 IXEL1 [1;2;3] = 2" #e(RESQ_REWRITE1_TAC IXEL1_DEF THENL[ # CONV_TAC(ONCE_DEPTH_CONV num_CONV) THEN MATCH_ACCEPT_TAC LESS_0; # CONV_TAC((LHS_CONV o LHS_CONV)(REDEPTH_CONV num_CONV)) # THEN REWRITE_TAC[SUB_MONO_EQ;SUB_0;EL;HD;TL]]);; OK.. goal proved |- 2 IXEL1 [1;2;3] = 2 Previous subproof: goal proved () : void \end{verbatim} } \SEEALSO new_binder_resq_definition, new_resq_definition, new_definition, new_specification. \ENDDOC \DOC{new\_resq\_definition} \TYPE {\small\verb%new_resq_definition : ((string # term) -> thm)%}\egroup \SYNOPSIS Declare a new constant and install a definitional axiom in the current theory. \DESCRIBE The function {\small\verb%new_resq_definition%} provides a facility for definitional extensions to the current theory. The new constant defined using this function may take arguments which are restricted quantified. The function {\small\verb%new_resq_definition%} takes a pair argument consisting of the name under which the resulting definition will be saved in the current theory segment, and a term giving the desired definition. The value returned by {\small\verb%new_resq_definition%} is a theorem which states the definition requested by the user. Let {\small\verb%x_1,...,x_n%} be distinct variables. Evaluating {\par\samepage\setseps\small \begin{verbatim} new_resq_definition (name, "!x_i::P_i. ... !x_j::P_j. C x_1 ... x_n = t") \end{verbatim} } \noindent where {\small\verb%C%} is not already a constant, {\small\verb%i%} is greater or equal to 1 and {\small\verb%i <= j <= n%}, declares {\small\verb%C%} to be a new constant in the current theory with this definition as its specification. This constant specification is returned as a theorem with the form {\par\samepage\setseps\small \begin{verbatim} |- !x_i::P_i. ... !x_j::P_j. !x_k .... C x_1 ... x_n = t \end{verbatim} } \noindent where the variables {\small\verb%x_k%} are the free variables occurring on the left hand side of the definition and are not restricted quantified. This theorem is saved in the current theory under (the name) {\small\verb%name%}. If the restricting predicates {\small\verb%P_l%} contains free occurrence of variable(s) of the left hand side, the constant {\small\verb%C%} will stand for a family of functions. \FAILURE {\small\verb%new_resq_definition%} fails if called when HOL is not in draft mode. It also fails if there is already an axiom, definition or specification of the given name in the current theory segment; if {\small\verb%C%} is already a constant in the current theory or is not an allowed name for a constant; if {\small\verb%t%} contains free variables that do not occur in the left hand side, or if any variable occurs more than once in {\small\verb%x_1, ..., x_n%}. Finally, failure occurs if there is a type variable in {\small\verb%x_1%}, ..., {\small\verb%x_n%} or {\small\verb%t%} that does not occur in the type of {\small\verb%C%}. \EXAMPLE A function for indexing list elements starting from 1 can be defined as follows: {\par\samepage\setseps\small \begin{verbatim} #new_resq_definition (EL1_DEF, # "!n:: (\k. 0 < k). EL1 n (l:* list) = EL (n - 1) l");; |- !n :: \k. 0 < k. !l. EL1 n l = EL(n - 1)l \end{verbatim} } The following example shows how a family of constants may be defined if the restricting predicate involves free variable on the left hand side of the definition. {\par\samepage\setseps\small \begin{verbatim} #new_resq_definition (ELL_DEF, # "!n:: (\k. k < (LENGTH l)). ELL n (l:* list) = EL n l");; |- !l. !n :: \k. k < (LENGTH l). !l'. ELL l n l' = EL n l' \end{verbatim} } \SEEALSO new_resq_binder_definition, new_resq_infix_definition, new_definition, new_specification. \ENDDOC \DOC{RESQ\_EXISTS\_CONV} \TYPE {\small\verb%RESQ_EXISTS_CONV : conv%}\egroup \SYNOPSIS Converts a restricted existential quantification to a conjunction. \DESCRIBE When applied to a term of the form {\small\verb%?x::P. Q[x]%}, the conversion {\small\verb%RESQ_EXISTS_CONV%} returns the theorem: {\par\samepage\setseps\small \begin{verbatim} |- ?x::P. Q[x] = (?x. P x /\ Q[x]) \end{verbatim} } \noindent which is the underlying semantic representation of the restricted existential quantification. \FAILURE Fails if applied to a term not of the form {\small\verb%?x::P. Q%}. \SEEALSO RESQ_FORALL_CONV, RESQ_EXISTS_TAC. \ENDDOC \DOC{RESQ\_EXISTS\_TAC} \TYPE {\small\verb%RESQ_EXISTS_TAC : term -> tactic%}\egroup \SYNOPSIS Strips the outermost restricted existential quantifier from the conclusion of a goal. \DESCRIBE When applied to a goal {\small\verb%A ?- ?x::P. t%}, the tactic {\small\verb%RESQ_EXISTS_TAC%} reduces it to a new subgoal {\small\verb%A ?- P x' /\ t[x'/x]%} where {\small\verb%x'%} is a variant of {\small\verb%x%} chosen to avoid clashing with any variables free in the goal's assumption list. Normally {\small\verb%x'%} is just {\small\verb%x%}. {\par\samepage\setseps\small \begin{verbatim} A ?- ?x::P. t ====================== RESQ_EXISTS_TAC A ?- P x' /\ t[x'/x] \end{verbatim} } \FAILURE Fails unless the goal's conclusion is a restricted extistential quantification. \SEEALSO RESQ_HALF_EXISTS. \ENDDOC \DOC{RESQ\_FORALL\_AND\_CONV} \TYPE {\small\verb%RESQ_FORALL_AND_CONV : conv%}\egroup \SYNOPSIS Splits a restricted universal quantification across a conjunction. \DESCRIBE When applied to a term of the form {\small\verb%!x::P. Q /\ R%}, the conversion {\small\verb%RESQ_FORALL_AND_CONV%} returns the theorem: {\par\samepage\setseps\small \begin{verbatim} |- (!x::P. Q /\ R) = ((!x::P. Q) /\ (!x::P. R)) \end{verbatim} } \FAILURE Fails if applied to a term not of the form {\small\verb%!x::P. Q /\ R%}. \SEEALSO AND_RESQ_FORALL_CONV. \ENDDOC \DOC{RESQ\_FORALL\_CONV} \TYPE {\small\verb%RESQ_FORALL_CONV : conv%}\egroup \SYNOPSIS Converts a restricted universal quantification to an implication. \DESCRIBE When applied to a term of the form {\small\verb%!x::P. Q%}, the conversion {\small\verb%RESQ_FORALL_CONV%} returns the theorem: {\par\samepage\setseps\small \begin{verbatim} |- !x::P. Q = (!x. P x ==> Q) \end{verbatim} } \noindent which is the underlying semantic representation of the restricted universal quantification. \FAILURE Fails if applied to a term not of the form {\small\verb%!x::P. Q%}. \SEEALSO IMP_RESQ_FORALL_CONV, LIST_RESQ_FORALL_CONV. \ENDDOC \DOC{RESQ\_FORALL\_SWAP\_CONV} \TYPE {\small\verb%RESQ_FORALL_SWAP_CONV : conv%}\egroup \SYNOPSIS Changes the order of two restricted universal quantifications. \DESCRIBE When applied to a term of the form {\small\verb%!x::P. !y::Q. R%}, the conversion {\small\verb%RESQ_FORALL_SWAP_CONV%} returns the theorem: {\par\samepage\setseps\small \begin{verbatim} |- (!x::P. !y::Q. R) = !y::Q. !x::P. R \end{verbatim} } \noindent providing that {\small\verb%x%} does not occur free in {\small\verb%Q%} and {\small\verb%y%} does not occur free in {\small\verb%P%}. \FAILURE Fails if applied to a term not of the correct form. \SEEALSO RESQ_FORALL_CONV. \ENDDOC \DOC{RESQ\_GEN\_ALL} \TYPE {\small\verb%RESQ_GEN_ALL : (thm -> thm)%}\egroup \SYNOPSIS Generalizes the conclusion of a theorem over its own assumptions. \DESCRIBE When applied to a theorem {\small\verb%A |- t%}, the inference rule {\small\verb%RESQ_GEN_ALL%} returns the theorem {\small\verb%A' |- !x1::P1. ...!xn::Pn. t%}, where the {\small\verb%Pi xi%} are in the assumptions. {\par\samepage\setseps\small \begin{verbatim} A |- t ------------------------------------------------ RESQ_GEN_ALL A - (P1 x1,...,Pn xn) |- !x1::P1. ... !xn::Pn. t \end{verbatim} } \FAILURE Never fails. \SEEALSO RESQ_GEN, RESQ_GENL, GEN_ALL, RESQ_SPEC, RESQ_SPECL, RESQ_SPEC_ALL. \ENDDOC \DOC{RESQ\_GEN} \TYPE {\small\verb%RESQ_GEN : ((term # term) -> thm -> thm)%}\egroup \SYNOPSIS Generalizes the conclusion of a theorem to a restricted universal quantification. \DESCRIBE When applied to a pair of terms {\small\verb%x%}, {\small\verb%P%} and a theorem {\small\verb%A |- t%}, the inference rule {\small\verb%RESQ_GEN%} returns the theorem {\small\verb%A |- !x::P. t%}, provided that {\small\verb%P%} is a predicate taking an argument of the same type as {\small\verb%x%} and that {\small\verb%x%} is a variable not free in any of the assumptions except {\small\verb%P x%} if it occurs. There is no compulsion that {\small\verb%x%} should be free in {\small\verb%t%} or {\small\verb%P x%} should be in the assumptions. {\par\samepage\setseps\small \begin{verbatim} A |- t --------------- RESQ_GEN ("x","P") [where x is not free in A except P x] A |- !x::P. t \end{verbatim} } \FAILURE Fails if {\small\verb%x%} is not a variable, or if it is free in any of the assumptions other than {\small\verb%P x%}. \SEEALSO RESQ_GENL, RESQ_GEN_ALL, RESQ_GEN_TAC, RESQ_SPEC, RESQ_SPECL, RESQ_SPEC_ALL. \ENDDOC \DOC{RESQ\_GENL} \TYPE {\small\verb%RESQ_GENL : ((term # term) list -> thm -> thm)%}\egroup \SYNOPSIS Generalizes zero or more variables to restricted universal quantification in the conclusion of a theorem. \DESCRIBE When applied to a term-pair list {\small\verb%[(x1,P1);...;(xn,Pn)]%} and a theorem {\small\verb%A |- t%}, the inference rule {\small\verb%RESQ_GENL%} returns the theorem {\small\verb%A |- !x1::P1. ... !xn::Pn. t%}, provided none of the variables {\small\verb%xi%} are free in any of the assumptions except in the corresponding {\small\verb%Pi%}. It is not necessary that any or all of the {\small\verb%xi%} should be free in {\small\verb%t%}. {\par\samepage\setseps\small \begin{verbatim} A |- t ------------------------------ RESQ_GENL "[(x1,P1);...;(xn,Pn)]" A |- !x1::P1. ... !xn::Pn. t [where no xi is free in A except in Pi] \end{verbatim} } \FAILURE Fails unless all the terms {\small\verb%xi%} in the list are variables, none of which are free in the assumption list except in {\small\verb%Pi%}. \SEEALSO RESQ_GEN, RESQ_GEN_ALL, RESQ_GEN_TAC, RESQ_SPEC, RESQ_SPECL, RESQ_SPEC_ALL. \ENDDOC \DOC{RESQ\_GEN\_TAC} \TYPE {\small\verb%RESQ_GEN_TAC : tactic%}\egroup \SYNOPSIS Strips the outermost restricted universal quantifier from the conclusion of a goal. \DESCRIBE When applied to a goal {\small\verb%A ?- !x::P. t%}, the tactic {\small\verb%RESQ_GEN_TAC%} reduces it to a new goal {\small\verb%A,P x' ?- t[x'/x]%} where {\small\verb%x'%} is a variant of {\small\verb%x%} chosen to avoid clashing with any variables free in the goal's assumption list. Normally {\small\verb%x'%} is just {\small\verb%x%}. {\par\samepage\setseps\small \begin{verbatim} A ?- !x::P. t =================== RESQ_GEN_TAC A,P x' ?- t[x'/x] \end{verbatim} } \FAILURE Fails unless the goal's conclusion is a restricted universal quantification. \USES The tactic {\small\verb%REPEAT RESQ_GEN_TAC%} strips away a series of restricted universal quantifiers, and is commonly used before tactics relying on the underlying term structure. \SEEALSO RESQ_HALF_GEN_TAC, RESQ_GEN, RESQ_GENL, RESQ_GEN_ALL, RESQ_SPEC, RESQ_SPECL, RESQ_SPEC_ALL, GGEN_TAC, STRIP_TAC, GEN_TAC, X_GEN_TAC. \ENDDOC \DOC{RESQ\_HALF\_EXISTS} \TYPE {\small\verb%RESQ_HALF_EXISTS : (thm -> thm)%}\egroup \SYNOPSIS Strip a restricted existential quantification from the conclusion of a theorem. \DESCRIBE When applied to a theorem {\small\verb%A |- ?x::P. t%}, {\small\verb%RESQ_HALF_EXISTS%} returns the theorem {\par\samepage\setseps\small \begin{verbatim} A |- ?x. P x /\ t \end{verbatim} } \noindent i.e., it transforms the restricted existential quantification to its underlying semantic representation. {\par\samepage\setseps\small \begin{verbatim} A |- ?x::P. t -------------------- RESQ_HALF_EXISTS A |- ?x. P x ==> t \end{verbatim} } \FAILURE Fails if the theorem's conclusion is not a restricted existential quantification. \SEEALSO RESQ_EXISTS_TAC, EXISTS. \ENDDOC \DOC{RESQ\_HALF\_GEN\_TAC} \TYPE {\small\verb%RESQ_HALF_GEN_TAC : tactic%}\egroup \SYNOPSIS Strips the outermost restricted universal quantifier from the conclusion of a goal. \DESCRIBE When applied to a goal {\small\verb%A ?- !x::P. t%}, {\small\verb%RESQ_GEN_TAC%} reduces it to {\small\verb%A ?- !x. P x ==> t%} which is the underlying semantic representation of the restricted universal quantification. {\par\samepage\setseps\small \begin{verbatim} A ?- !x::P. t ==================== RESQ_HALF_GEN_TAC A ?- !x. P x ==> t \end{verbatim} } \FAILURE Fails unless the goal's conclusion is a restricted universal quantification. \USES The tactic {\small\verb%REPEAT RESQ_GEN_TAC%} strips away a series of restricted universal quantifiers, and is commonly used before tactics relying on the underlying term structure. \SEEALSO RESQ_GEN_TAC, RESQ_GEN, RESQ_GENL, RESQ_GEN_ALL, RESQ_SPEC, RESQ_SPECL, RESQ_SPEC_ALL, GGEN_TAC, STRIP_TAC, GEN_TAC, X_GEN_TAC. \ENDDOC \DOC{RESQ\_HALF\_SPEC} \TYPE {\small\verb%RESQ_HALF_SPEC : (thm -> thm)%}\egroup \SYNOPSIS Strip a restricted universal quantification in the conclusion of a theorem. \DESCRIBE When applied to a theorem {\small\verb%A |- !x::P. t%}, the derived inference rule {\small\verb%RESQ_HALF_SPEC%} returns the theorem {\small\verb%A |- !x. P x ==> t%}, i.e., it transforms the restricted universal quantification to its underlying semantic representation. {\par\samepage\setseps\small \begin{verbatim} A |- !x::P. t -------------------- RESQ_HALF_SPEC A |- !x. P x ==> t \end{verbatim} } \FAILURE Fails if the theorem's conclusion is not a restricted universal quantification. \SEEALSO RESQ_SPEC, RESQ_SPECL, RESQ_SPEC_ALL, RESQ_GEN, RESQ_GENL, RESQ_GEN_ALL. \ENDDOC \DOC{RESQ\_IMP\_RES\_TAC} \TYPE {\small\verb%RESQ_IMP_RES_TAC : thm_tactic%}\egroup \SYNOPSIS Repeatedly resolves a restricted universally quantified theorem with the assumptions of a goal. \DESCRIBE The function {\small\verb%RESQ_IMP_RES_TAC%} performs repeatedly resolution using a restricted quantified theorem. It takes a restricted quantified theorem and transforms it into an implication. This resulting theorem is used in the resolution. Given a theorem {\small\verb%th%}, the theorem-tactic {\small\verb%RESQ_IMP_RES_TAC%} applies {\small\verb%RESQ_IMP_RES_THEN%} repeatedly to resolve the theorem with the assumptions. \FAILURE Never fails \SEEALSO RESQ_IMP_RES_THEN, RESQ_RES_THEN, RESQ_RES_TAC, IMP_RES_THEN, IMP_RES_TAC, MATCH_MP, RES_CANON, RES_TAC, RES_THEN. \ENDDOC \DOC{RESQ\_IMP\_RES\_THEN} \TYPE {\small\verb%RESQ_IMP_RES_THEN : thm_tactical%}\egroup \SYNOPSIS Resolves a restricted universally quantified theorem with the assumptions of a goal. \DESCRIBE The function {\small\verb%RESQ_IMP_RES_THEN%} is the basic building block for resolution using a restricted quantified theorem. It takes a restricted quantified theorem and transforms it into an implication. This resulting theorem is used in the resolution. Given a theorem-tactic {\small\verb%ttac%} and a theorem {\small\verb%th%}, the theorem-tactical {\small\verb%RESQ_IMP_RES_THEN%} transforms the theorem into an implication {\small\verb%th'%}. It then passes {\small\verb%th'%} together with {\small\verb%ttac%} to {\small\verb%IMP_RES_THEN%} to carry out the resolution. \FAILURE Evaluating {\small\verb%RESQ_IMP_RES_THEN ttac th%} fails if the supplied theorem {\small\verb%th%} is not restricted universally quantified, or if the call to {\small\verb%IMP_RES_THEN%} fails. \SEEALSO RESQ_IMP_RES_TAC, RESQ_RES_THEN, RESQ_RES_TAC, IMP_RES_THEN, IMP_RES_TAC, MATCH_MP, RES_CANON, RES_TAC, RES_THEN. \ENDDOC \DOC{RESQ\_MATCH\_MP} \TYPE {\small\verb%RESQ_MATCH_MP : (thm -> thm -> thm)%}\egroup \SYNOPSIS Eliminating a restricted universal quantification with automatic matching. \DESCRIBE When applied to theorems {\small\verb%A1 |- !x::P. Q[x]%} and {\small\verb%A2 |- P x'%}, the derived inference rule {\small\verb%RESQ_MATCH_MP%} matches {\small\verb%x'%} to {\small\verb%x%} by instantiating free or universally quantified variables in the first theorem (only), and returns a theorem {\small\verb%A1 u A2 |- Q[x'/x]%}. Polymorphic types are also instantiated if necessary. {\par\samepage\setseps\small \begin{verbatim} A1 |- !x::P.Q[x] A2 |- P x' -------------------------------------- RESQ_MATCH_MP A1 u A2 |- Q[x'/x] \end{verbatim} } \FAILURE Fails unless the first theorem is a (possibly repeatedly) restricted universal quantification whose quantified variable can be instantiated to match the conclusion of the second theorem, without instantiating any variables which are free in {\small\verb%A1%}, the first theorem's assumption list. \SEEALSO MATCH_MP, RESQ_HALF_SPEC. \ENDDOC \DOC{RESQ\_RES\_TAC} \TYPE {\small\verb%RESQ_RES_TAC : tactic%}\egroup \SYNOPSIS Enriches assumptions by repeatedly resolving restricted universal quantifications in them against the others. \DESCRIBE {\small\verb%RESQ_RES_TAC%} uses those assumptions which are restricted universal quantifications in resolution in a way similar to {\small\verb%RES_TAC%}. It calls {\small\verb%RESQ_RES_THEN%} repeatedly until there is no more resolution can be done. The conclusions of all the new results are returned as additional assumptions of the subgoal(s). The effect of {\small\verb%RESQ_RES_TAC%} on a goal is to enrich the assumption set with some of its collective consequences. \FAILURE {\small\verb%RESQ_RES_TAC%} cannot fail and so should not be unconditionally {\small\verb%REPEAT%}ed. \SEEALSO RESQ_IMP_RES_TAC, RESQ_IMP_RES_THEN, RESQ_RES_THEN, IMP_RES_TAC, IMP_RES_THEN, RES_CANON, RES_THEN, RES_TAC. \ENDDOC \DOC{RESQ\_RES\_THEN} \TYPE {\small\verb%RESQ_RES_THEN : thm_tactic -> tactic%}\egroup \SYNOPSIS Resolves all restricted universally quantified assumptions against other assumptions of a goal. \DESCRIBE Like the function {\small\verb%RESQ_IMP_RES_THEN%}, the function {\small\verb%RESQ_RES_THEN%} performs a single step resolution. The difference is that the restricted universal quantification used in the resolution is taken from the assumptions. Given a theorem-tactic {\small\verb%ttac%}, applying the tactic {\small\verb%RESQ_RES_THEN ttac%} to a goal {\small\verb%(asml,gl)%} has the effect of: {\par\samepage\setseps\small \begin{verbatim} MAP_EVERY (mapfilter ttac [... ; (ai,aj |- vi) ; ...]) (amsl ?- g) \end{verbatim} } where the theorems {\small\verb%ai,aj |- vi%} are all the consequences that can be drawn by a (single) matching modus-ponens inference from the assumptions {\small\verb%amsl%} and the implications derived from the restricted universal quantifications in the assumptions. \FAILURE Evaluating {\small\verb%RESQ_RES_TAC ttac th%} fails if there are no restricted universal quantifications in the assumptions, or if the theorem-tactic {\small\verb%ttac%} applied to all the consequences fails. \SEEALSO RESQ_IMP_RES_TAC, RESQ_IMP_RES_THEN, RESQ_RES_TAC, IMP_RES_THEN, IMP_RES_TAC, MATCH_MP, RES_CANON, RES_TAC, RES_THEN. \ENDDOC \DOC{RESQ\_REWR\_CANON} \TYPE {\small\verb%RESQ_REWR_CANON : thm -> thm%}\egroup \SYNOPSIS Transform a theorem into a form accepted for rewriting. \DESCRIBE {\small\verb%RESQ_REWR_CANON%} transforms a theorem into a form accepted by {\small\verb%COND_REWR_TAC%}. The input theorem should be headed by a series of restricted universal quantifications in the following form {\par\samepage\setseps\small \begin{verbatim} !x1::P1. ... !xn::Pn. u[xi] = v[xi]) \end{verbatim} } \noindent Other variables occurring in {\small\verb%u%} and {\small\verb%v%} may be universally quantified. The output theorem will have all ordinary universal quantifications moved to the outer most level with possible renaming to prevent variable capture, and have all restricted universal quantifications converted to implications. The output theorem will be in the form accepted by {\small\verb%COND_REWR_TAC%}. \FAILURE This function fails is the input theorem is not in the correct form. \SEEALSO RESQ_REWRITE1_TAC, RESQ_REWRITE1_CONV, COND_REWR_CANON, COND_REWR_TAC, COND_REWR_CONV,. \ENDDOC \DOC{RESQ\_REWRITE1\_CONV} \TYPE {\small\verb%RESQ_REWRITE1_CONV : thm list -> thm -> conv%}\egroup \SYNOPSIS Rewriting conversion using a restricted universally quantified theorem. \DESCRIBE {\small\verb%RESQ_REWRITE1_CONV%} is a rewriting conversion similar to {\small\verb%COND_REWRITE1_CONV%}. The only difference is the rewriting theorem it takes. This should be an equation with restricted universal quantification at the outer level. It is converted to a theorem in the form accepted by the conditional rewriting conversion. Suppose that {\small\verb%th%} is the following theorem {\par\samepage\setseps\small \begin{verbatim} A |- !x::P. Q[x] = R[x]) \end{verbatim} } \noindent evaluating {\small\verb%RESQ_REWRITE1_CONV thms th "t[x']"%} will return a theorem {\par\samepage\setseps\small \begin{verbatim} A, P x' |- t[x'] = t'[x'] \end{verbatim} } \noindent where {\small\verb%t'%} is the result of substituting instances of {\small\verb%R[x'/x]%} for corresponding instances of {\small\verb%Q[x'/x]%} in the original term {\small\verb%t[x]%}. All instances of {\small\verb%P x'%} which do not appear in the original assumption {\small\verb%asml%} are added to the assumption. The theorems in the list {\small\verb%thms%} are used to eliminate the instances {\small\verb%P x'%} if it is possible. \FAILURE {\small\verb%RESQ_REWRITE1_CONV%} fails if {\small\verb%th%} cannot be transformed into the required form by the function {\small\verb%RESQ_REWR_CANON%}. Otherwise, it fails if no match is found or the theorem cannot be instantiated. \SEEALSO RESQ_REWRITE1_TAC, RESQ_REWR_CANON, COND_REWR_TAC, COND_REWRITE1_CONV, COND_REWR_CONV, COND_REWR_CANON, search_top_down. \ENDDOC \DOC{RESQ\_REWRITE1\_TAC} \TYPE {\small\verb%RESQ_REWRITE1_TAC : thm_tactic%}\egroup \SYNOPSIS Rewriting with a restricted universally quantified theorem. \DESCRIBE {\small\verb%RESQ_REWRITE1_TAC%} takes an equational theorem which is restricted universally quantified at the outer level. It calls {\small\verb%RESQ_REWR_CANON%} to convert the theorem to the form accepted by {\small\verb%COND_REWR_TAC%} and passes the resulting theorem to this tactic which carries out conditional rewriting. Suppose that {\small\verb%th%} is the following theorem {\par\samepage\setseps\small \begin{verbatim} A |- !x::P. Q[x] = R[x]) \end{verbatim} } \noindent Applying the tactic {\small\verb%RESQ_REWRITE1_TAC th%} to a goal {\small\verb%(asml,gl)%} will return a main subgoal {\small\verb%(asml',gl')%} where {\small\verb%gl'%} is obtained by substituting instances of {\small\verb%R[x'/x]%} for corresponding instances of {\small\verb%Q[x'/x]%} in the original goal {\small\verb%gl%}. All instances of {\small\verb%P x'%} which do not appear in the original assumption {\small\verb%asml%} are added to it to form {\small\verb%asml'%}, and they also become new subgoals {\small\verb%(asml,P x')%}. \FAILURE {\small\verb%RESQ_REWRITE1_TAC th%} fails if {\small\verb%th%} cannot be transformed into the required form by the function {\small\verb%RESQ_REWR_CANON%}. Otherwise, it fails if no match is found or the theorem cannot be instantiated. \SEEALSO RESQ_REWRITE1_CONV, RESQ_REWR_CANON, COND_REWR_TAC, COND_REWRITE1_CONV, COND_REWR_CONV, COND_REWR_CANON, search_top_down. \ENDDOC \DOC{RESQ\_SPEC\_ALL} \TYPE {\small\verb%RESQ_SPEC_ALL : (thm -> thm)%}\egroup \SYNOPSIS Specializes the conclusion of a theorem with its own restricted quantified variables. \DESCRIBE When applied to a theorem {\small\verb%A |- !x1::P1. ...!xn::Pn. t%}, the inference rule {\small\verb%RESQ_SPEC_ALL%} returns the theorem {\small\verb%A,P1 x1',...,Pn xn' |- t[x1'/x1]...[xn'/xn]%} where the {\small\verb%xi'%} are distinct variants of the corresponding {\small\verb%xi%}, chosen to avoid clashes with any variables free in the assumption list and with the names of constants. Normally {\small\verb%xi'%} is just {\small\verb%xi%}, in which case {\small\verb%RESQ_SPEC_ALL%} simply removes all restricted universal quantifiers. {\par\samepage\setseps\small \begin{verbatim} A |- !x1::P1. ... !xn::Pn. t ------------------------------------------- RESQ_SPEC_ALL A,P1 x1,...,Pn xn |- t[x1'/x1]...[xn'/xn] \end{verbatim} } \FAILURE Never fails. \SEEALSO RESQ_GEN, RESQ_GENL, RESQ_GEN_ALL, RESQ_GEN_TAC, RESQ_SPEC, RESQ_SPECL. \ENDDOC \DOC{RESQ\_SPEC} \TYPE {\small\verb%RESQ_SPEC : (term -> thm -> thm)%}\egroup \SYNOPSIS Specializes the conclusion of a restricted universally quantified theorem. \DESCRIBE When applied to a term {\small\verb%u%} and a theorem {\small\verb%A |- !x::P. t%}, {\small\verb%RESQ_SPEC%} returns the theorem {\small\verb%A, P u |- t[u/x]%}. If necessary, variables will be renamed prior to the specialization to ensure that {\small\verb%u%} is free for {\small\verb%x%} in {\small\verb%t%}, that is, no variables free in {\small\verb%u%} become bound after substitution. {\par\samepage\setseps\small \begin{verbatim} A |- !x::P. t ------------------ RESQ_SPEC "u" A, P u |- t[u/x] \end{verbatim} } \FAILURE Fails if the theorem's conclusion is not restricted universally quantified, or if type instantiation fails. \EXAMPLE The following example shows how {\small\verb%RESQ_SPEC%} renames bound variables if necessary, prior to substitution: a straightforward substitution would result in the clearly invalid theorem {\small\verb%(\y. 0 < y)y |- y = y%}. {\par\samepage\setseps\small \begin{verbatim} #let th = RESQ_GEN "x:num" "\y.0 thm -> thm)%}\egroup \SYNOPSIS Specializes zero or more variables in the conclusion of a restricted universally quantified theorem. \DESCRIBE When applied to a term list {\small\verb%[u1;...;un]%} and a theorem {\small\verb%A |- !x1::P1. ... !xn::Pn. t%}, the inference rule {\small\verb%RESQ_SPECL%} returns the theorem {\par\samepage\setseps\small \begin{verbatim} A,P1 u1,...,Pn un |- t[u1/x1]...[un/xn] \end{verbatim} } \noindent where the substitutions are made sequentially left-to-right in the same way as for {\small\verb%RESQ_SPEC%}, with the same sort of alpha-conversions applied to {\small\verb%t%} if necessary to ensure that no variables which are free in {\small\verb%ui%} become bound after substitution. {\par\samepage\setseps\small \begin{verbatim} A |- !x1::P1. ... !xn::Pn. t -------------------------------------------- RESQ_SPECL "[u1;...;un]" A,P1 u1, ..., Pn un |- t[u1/x1]...[un/xn] \end{verbatim} } \noindent It is permissible for the term-list to be empty, in which case the application of {\small\verb%RESQ_SPECL%} has no effect. \FAILURE Fails if one of the specialization of the restricted universally quantified variable in the original theorem fails. \SEEALSO RESQ_GEN, RESQ_GENL, RESQ_GEN_ALL, RESQ_GEN_TAC, RESQ_SPEC, RESQ_SPEC_ALL. \ENDDOC \DOC{search\_top\_down} {\small \begin{verbatim} search_top_down : (term -> term -> ((term # term) list # (type # type) list) list) \end{verbatim} }\egroup \SYNOPSIS Search a term in a top-down fashion to find matches to another term. \DESCRIBE {\small\verb%search_top_down tm1 tm2%} returns a list of instantiations which make the whole or part of {\small\verb%tm2%} match {\small\verb%tm1%}. The first term should not have a quantifier at the outer most level. {\small\verb%search_top_down%} first attempts to match the whole second term to {\small\verb%tm1%}. If this fails, it recursively descend into the subterms of {\small\verb%tm2%} to find all matches. The length of the returned list indicates the number of matches found. An empty list means no match can be found between {\small\verb%tm1%} and {\small\verb%tm2%} or any subterms of {\small\verb%tm2%}. The instantiations returned in the list are in the same format as for the function {\small\verb%match%}. Each instantiation is a pair of lists: the first is a list of term pairs and the second is a list of type pairs. Either of these lists may be empty. The situation in which both lists are empty indicates that there is an exact match between the two terms, i.e., no instantiation is required to make the entire {\small\verb%tm2%} or a part of {\small\verb%tm2%} the same as {\small\verb%tm1%}. \FAILURE Never fails. \EXAMPLE {\par\samepage\setseps\small \begin{verbatim} #search_top_down "x = y:*" "3 = 5";; [([("5", "y"); ("3", "x")], [(":num", ":*")])] : ((term # term) list # (type # type) list) list #search_top_down "x = y:*" "x =y:*";; [([], [])] : ((term # term) list # (type # type) list) list #search_top_down "x = y:*" "0 < p ==> (x <= p = y <= p)";; [([("y <= p", "y"); ("x <= p", "x")], [(":bool", ":*")])] : ((term # term) list # (type # type) list) list \end{verbatim} } \noindent The first example above shows the entire {\small\verb%tm2%} matching {\small\verb%tm1%}. The second example shows the two terms match exactly. No instantiation is required. The last example shows that a subterm of {\small\verb%tm2%} can be instantiated to match {\small\verb%tm1%}. \SEEALSO match, COND_REWR_TAC, CONV_REWRITE_TAC, COND_REWR_CONV, CONV_REWRITE_CONV. \ENDDOC \DOC{strip\_resq\_exists} \TYPE {\small\verb%strip_resq_exists : (term -> ((term # term) list # term))%}\egroup \SYNOPSIS Iteratively breaks apart a restricted existentially quantified term. \DESCRIBE {\small\verb%strip_resq_exists%} is an iterative term destructor for restricted existential quantifications. It iteratively breaks apart a restricted existentially quantified term into a list of pairs which are the restricted quantified variables and predicates and the body. {\par\samepage\setseps\small \begin{verbatim} strip_resq_exists "?x1::P1. ... ?xn::Pn. t" \end{verbatim} } \noindent returns {\small\verb%([("x1","P1");...;("xn","Pn")],"t")%}. \FAILURE Never fails. \SEEALSO list_mk_resq_exists, is_resq_exists, dest_resq_exists. \ENDDOC \DOC{strip\_resq\_forall} \TYPE {\small\verb%strip_resq_forall : (term -> ((term # term) list # term))%}\egroup \SYNOPSIS Iteratively breaks apart a restricted universally quantified term. \DESCRIBE {\small\verb%strip_resq_forall%} is an iterative term destructor for restricted universal quantifications. It iteratively breaks apart a restricted universally quantified term into a list of pairs which are the restricted quantified variables and predicates and the body. {\par\samepage\setseps\small \begin{verbatim} strip_resq_forall "!x1::P1. ... !xn::Pn. t" \end{verbatim} } \noindent returns {\small\verb%([("x1","P1");...;("xn","Pn")],"t")%}. \FAILURE Never fails. \SEEALSO list_mk_resq_forall, is_resq_forall, dest_resq_forall. \ENDDOC