Tutorial on Isabelle/HOL

More documents

Recommendations

Info

!!!!2.6 Some Basic Types 23The symbols > and ≥ are merely syntax: x > y stands for y < x and similaryfor ≥ and ≤.Constant 1::nat is defined to equal Suc 0. This definition (see Sect. 2.7.2) isunfolded automatically by some tactics (like auto, simp and arith) but not byothers (especially the single step tactics in Chapter 5). If you need the full set ofnumerals, see Sect. 8.4.1. Novices are advised to stick to 0 and Suc.Both auto and simp (a method introduced below, Sect. 3.1) prove simplearithmetic goals automatically:lemma "[[ ¬ m < n; m < n + (1::nat) ]] =⇒ m = n"For efficiency’s sake, this built-in prover ignores quantified formulae, manylogical connectives, and all arithmetic operations apart from addition. Inconsequence, auto and simp cannot prove this slightly more complex goal:lemma "m ≠ (n::nat) =⇒ m < n ∨ n < m"The method arith is more general. It attempts to prove the first subgoalprovided it is a linear arithmetic formula. Such formulas may involve theusual logical connectives (¬, ∧, ∨, −→, =, ∀ , ∃ ), the relations =, ≤ and
24 2. Functional Programming in HOL– There is also the type unit, which contains exactly one element denotedby (). This type can be viewed as a degenerate product with 0 components.– Products, like type nat, are datatypes, which means in particular thatinduct_tac and case_tac are applicable to terms of product type. Bothsplit the term into a number of variables corresponding to the tuple structure(up to 7 components).– Tuples with more than two or three components become unwieldy; recordsare preferable.For more information on pairs and records see Chapter 8.2.6.3 Datatype optionOur final datatype is very simple but still eminently useful:datatype ’a option = None | Some ’aFrequently one needs to add a distinguished element to some existing type.For example, type t option can model the result of a computation that mayeither terminate with an error (represented by None) or return some valuev (represented by Some v). Similarly, nat extended with ∞ can be modeledby type nat option. In both cases one could define a new datatype withcustomized constructors like Error and Infinity, but it is often simpler touse option. For an application see Sect. 3.4.4.2.7 DefinitionsA definition is simply an abbreviation, i.e. a new name for an existing construction.In particular, definitions cannot be recursive. Isabelle offers definitionson the level of types and terms. Those on the type level are called typesynonyms; those on the term level are simply called definitions.2.7.1 Type SynonymsType synonyms are similar to those found in ML. They are created by atypes command:types number = natgate = "bool ⇒ bool ⇒ bool"(’a,’b)alist = "(’a × ’b)list"Internally all synonyms are fully expanded. As a consequence Isabelle’s outputnever contains synonyms. Their main purpose is to improve the readabilityof theories. Synonyms can be used just like any other type.
Page 1 and 2: Tobias NipkowMarkus WenzelLawrence
Page 3 and 4: viPrefacegives the best performance
Page 5 and 6: viiiContents3.1.3 The simp Method .
Page 7 and 8: xContents6.6 Case Study: Verified M
Page 9 and 10: xiiContents
Page 12 and 13: 1. The Basics1.1 IntroductionThis b
Page 14 and 15: 1.3 Types, Terms and Formulae 5base
Page 16 and 17: 1.4 Variables 71.4 VariablesIsabell
Page 18: 2. Functional Programming in HOLThi
Page 21 and 22: 12 2. Functional Programming in HOL
Page 31: 22 2. Functional Programming in HOL
Page 36 and 37: 3. More Functional ProgrammingThe p
Page 38 and 39: 3.1 Simplification 29could have bee
Page 40 and 41: 3.1 Simplification 31lemma "(let xs
Page 42 and 43: 3.1 Simplification 33lemma "rev [a]
Page 44 and 45: 3.2 Induction Heuristics 35Proof Ge
Page 46 and 47: 3.3 Case Study: Compiling Expressio
Page 48 and 49: 3.4 Advanced Datatypes 39two case-e
Page 50 and 51: apply simp_all3.4 Advanced Datatype
Page 52 and 53: 3.4 Advanced Datatypes 43lemma [sim
Page 54 and 55: 3.4 Advanced Datatypes 45✑◗ ✑
Page 56 and 57: 3.5 Total Recursive Functions: fun
Page 58 and 59: "ack2 n 0 = Suc n" |"ack2 0 (Suc m)
Page 60: 3.5 Total Recursive Functions: fun
Page 63 and 64: 54 4. Presenting Theoriesdefinition
Page 65 and 66: 56 4. Presenting Theories| Yen nat
Page 67 and 68: 58 4. Presenting Theories4.2.1 Isab
Page 69 and 70: 60 4. Presenting Theoriesheader {*
Page 71 and 72: 62 4. Presenting Theoriestext {*Thi
Page 73 and 74: 64 4. Presenting TheoriesTagged com
Page 76 and 77: 5. The Rules of the GameThis chapte
Page 79: 70 5. The Rules of the GameThe assu
Page 83 and 84:
74 5. The Rules of the Game¬(P →
Page 85 and 86:
76 5. The Rules of the GameOther me
Page 87 and 88:
78 5. The Rules of the Gamere-orien
Page 89 and 90:
80 5. The Rules of the Gamelemma "[
Page 91 and 92:
82 5. The Rules of the GameAs befor
Page 93 and 94:
84 5. The Rules of the Gamelemma "[
Page 95 and 96:
86 5. The Rules of the Game5.10.1 D
Page 97 and 98:
88 5. The Rules of the Game5.11 Som
Page 99 and 100:
90 5. The Rules of the GameThe next
Page 101 and 102:
92 5. The Rules of the Gameit can p
Page 103 and 104:
94 5. The Rules of the Game5.15.1 M
Page 105 and 106:
96 5. The Rules of the Game5.15.2 M
Page 107 and 108:
98 5. The Rules of the Game5.16.1 T
Page 109 and 110:
100 5. The Rules of the Game5.17 Ma
Page 111 and 112:
102 5. The Rules of the GameWe deci
Page 113 and 114:
104 5. The Rules of the Gamegcd ?m1
Page 116 and 117:
6. Sets, Functions and RelationsThi
Page 118 and 119:
6.1 Sets 1096.1.1 Finite Set Notati
Page 120 and 121:
6.2 Functions 111The internal form
Page 122 and 123:
6.3 Relations 1131. ∀ x y. f x =
Page 124 and 125:
Induction over the reflexive transi
Page 126 and 127:
inv_image r f ≡ {(x,y). (f x, f y
Page 128 and 129:
6.6 Case Study: Verified Model Chec
Page 130 and 131:
Page 132 and 133:
6.6.2 Computation Tree Logic — CT
Page 134 and 135:
Page 136:
Page 139 and 140:
130 7. Inductively Defined Setsan e
Page 141 and 142:
132 7. Inductively Defined Sets1. n
Page 143 and 144:
134 7. Inductively Defined Setsindu
Page 145 and 146:
136 7. Inductively Defined SetsNow
Page 147 and 148:
138 7. Inductively Defined Sets7.3.
Page 149 and 150:
140 7. Inductively Defined Setswher
Page 151 and 152:
142 7. Inductively Defined Sets7.3.
Page 153 and 154:
144 7. Inductively Defined Sets| "[
Page 155 and 156:
146 7. Inductively Defined Setstheo
Page 158:
Part IIIAdvanced Material
Page 161 and 162:
152 8. More about TypesThe intuitiv
Page 163 and 164:
154 8. More about Typesthe simplifi
Page 165 and 166:
156 8. More about Typesmore is impl
Page 167 and 168:
158 8. More about TypesThe cases me
Page 169 and 170:
160 8. More about Types8.3 Axiomati
Page 171 and 172:
162 8. More about Typesprefix_def:"
Page 173 and 174:
164 8. More about TypesLinear Order
Page 175 and 176:
166 8. More about Types8.4 NumbersU
Page 177 and 178:
168 8. More about Types2 + n = Suc
Page 179 and 180:
170 8. More about Typeswhen the lef
Page 181 and 182:
172 8. More about Types((c::’a::r
Page 183 and 184:
174 8. More about Types8.5.2 Defini
Page 185 and 186:
176 8. More about TypesThe fact tha
Page 187 and 188:
178 9. Advanced Simplification and
Page 189 and 190:
Page 191 and 192:
Page 193 and 194:
Page 195 and 196:
Page 198 and 199:
10. Case Study: Verifying a Securit
Page 200 and 201:
10.2 Agents and Messages 1911. A
Page 202 and 203:
analz (synth H) = analz H ∪ synth
Page 204 and 205:
10.6 Proving Elementary Properties
Page 206 and 207:
10.7 Proving Secrecy Theorems 197No
Page 208 and 209:
10.7 Proving Secrecy Theorems 199ca
Page 210:
201You know my methods. Apply them!
Page 213 and 214:
204 A. AppendixConstant Type Syntax
Page 215 and 216:
206 BIBLIOGRAPHY[13] Florian Haftma
Page 217 and 218:
Index!, 203?, 203∃! , 203?!, 203&
Page 219 and 220:
210 Index- defining inductively, 12
Page 221 and 222:
212 Index- and fun, 48patterns- hig
show all

Tutorial on Isabelle/HOL

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?