\part{Forward Proofs}
\frametitle{Kernel too detailed}
\item we already discussed the HOL Logic
\item the kernel itself does not even contain basic logic operators
\item usually one uses a much higher level of abstraction
\item many operations and datatypes are defined
\item high-level derived inference rules are used
\item let's now look at this more common abstraction level
\section{Term Syntax}
\frametitle{Common Terms and Types}
& \emph{Unicode} & \emph{ASCII} \\
type vars & \hol{$\alpha$}, \hol{$\beta$}, \ldots & \hol{'a}, \hol{'b}, \ldots \\
type annotated term & \hol{term:type} & \hol{term:type} \\
true & \hol{T} & \hol{T} \\
false & \hol{F} & \hol{F} \\
negation & \hol{$\neg$b} & \hol{\holNeg{}b} \\
conjunction & \hol{b1\ $\wedge$\ b2} & \hol{b1 \holAnd{} b2} \\
disjunction & \hol{b1\ $\vee$\ b2} & \hol{b1 \holOr{} b2} \\
implication & \hol{b1\ $\Longrightarrow$\ b2} & \hol{b1 \holImp{} b2} \\
equivalence & \hol{b1\ $\Longleftrightarrow$\ b2} & \hol{b1 \holEquiv{} b2} \\
disequation & \hol{v1\ $\neq$\ v2} & \hol{v1 <> v2} \\
all-quantification & \hol{$\forall$x.\ P x} & \hol{!x.\ P x} \\
existential quantification & \hol{$\exists$x.\ P x} & \hol{?x.\ P x} \\
Hilbert's choice operator & \hol{@x.\ P x} & \hol{@x.\ P x}
There are similar restrictions to constant and variable names as in SML.\\
HOL specific: don't start variable names with an underscore
\frametitle{Syntax conventions}
\item common function syntax
\item prefix notation, \eg \hol{SUC x}
\item infix notation, \eg \hol{x + y}
\item quantifier notation, \eg \hol{$\forall$x.\ P x} means \hol{($\forall$)\ ($\lambda$x.\ P x)}
\item infix and quantifier notation can be turned into prefix notation \\
Example: \hol{(+)\ x\ y} and \hol{\$+\ x\ y} are the same as \hol{x + y}
\item quantifiers of the same type don't need to be repeated \\
\hol{$\forall$x\ y.\ P\ x\ y} is short for
\hol{$\forall$x.\ $\forall$y.\ P\ x\ y}
\item there is special syntax for some functions\\
\hol{if c then v1 else v2} is nice syntax for
\hol{COND c v1 v2}
\item associative infix operators are usually right-associative\\
\hol{b1 \holAnd{} b2 \holAnd{} b3} is parsed as
\hol{b1 \holAnd{} (b2 \holAnd{} b3)}
\frametitle{Creating Terms}
\begin{block}{Term Parser}
Use special quotation provided by \texttt{unquote}.
\begin{alertblock}{Operator Precedence}
It is easy to misjudge the binding strength of certain operators. Therefore use plenty of parenthesis.
\begin{block}{Use Syntax Functions}
Terms are just SML values of type \texttt{term}. You can use syntax functions (usually defined in \texttt{*Syntax.sml} files) to create them.
\frametitle{Creating Terms II}
\emph{Parser} & \emph{Syntax Funs} & \\
\hol{``:bool``} & \ml{mk\_type ("bool", [])} or \ml{bool} & type of Booleans \\
\hol{``T``} & \ml{mk\_const ("T", bool)} or \ml{T} & term true \\
\hol{``\holNeg{}b``} & \hol{mk\_neg (} & negation of \\
& \hol{\ \ mk\_var ("b", bool))} & \ \ Boolean var b\\
\hol{``\ldots\ \holAnd{} \ldots``} & \hol{mk\_conj (\ldots, \ldots)} & conjunction \\
\hol{``\ldots\ \holOr{} \ldots``} & \hol{mk\_disj (\ldots, \ldots)} & disjunction \\
\hol{``\ldots\ \holImp{} \ldots``} & \hol{mk\_imp (\ldots, \ldots)} & implication \\
\hol{``\ldots\ = \ldots``} & \hol{mk\_eq (\ldots, \ldots)} & equation \\
\hol{``\ldots\ <=> \ldots``} & \hol{mk\_eq (\ldots, \ldots)} & equivalence \\
\hol{``\ldots\ <> \ldots``} & \hol{mk\_neg (mk\_eq (\ldots, \ldots))} & negated equation
\section{Inference Rules}
\frametitle{Inference Rules for Equality}
$\inferrule*[right=REFL] {\ }{\entails t = t}$\\[1em]
$\inferrule*[right=ABS]{\Gamma \entails s = t\\x\ \textit{not free in}\ \Gamma}{\Gamma \entails \lambda{}x.\ s = \lambda{}x. t}$\\[1em]
$\inferrule*[right=MK\_COMB]{\Gamma \entails s = t\\\Delta \entails u = v \\\\ \textit{types fit}}{\Gamma \cup \Delta \entails s(u) = t(v)}$\\[1em]
$\inferrule* [right={GSYM}] {\Gamma \entails s = t}{\Gamma \entails t = s}$\\[1em]
$\inferrule*[right=TRANS] {\Gamma \entails s = t\\\Delta \entails t = u}{\Gamma \cup \Delta \entails s = u}$\\[1em]
$\inferrule*[right=EQ\_MP]{\Gamma \entails p \Leftrightarrow q\\\Delta \entails p}{\Gamma \cup \Delta \entails q}$\\[1em]
$\inferrule*[right=BETA\_CONV]{\ }{\entails (\lambda{}x.\ t) v = t[v/x]}$\\[1em]
\frametitle{Inference Rules for free Variables}
$\inferrule*[right=INST]{\Gamma[x_1, \ldots, x_n] \entails p[x_1, \ldots, x_n]}
{\Gamma[t_1, \ldots, t_n] \entails p[t_1, \ldots, t_n]}$\\[1em]
$\inferrule*[right=INST\_TYPE]{\Gamma[\alpha_1, \ldots, \alpha_n] \entails p[\alpha_1, \ldots, \alpha_n]}
{\Gamma[\gamma_1, \ldots, \gamma_n] \entails p[\gamma_1, \ldots, \gamma_n]}$\\[1em]
\frametitle{Inference Rules for Implication}
$\inferrule*[right={MP, MATCH\_MP}]{\Gamma \entails p \Longrightarrow q\\\Delta \entails p}{\Gamma \cup \Delta \entails q}$\\[1em]
$\inferrule*[right=EQ\_IMP\_RULE] {\Gamma \entails p = q}{\Gamma \entails p \Longrightarrow q\\\\\Gamma \entails q \Longrightarrow p}$\\[1em]
$\inferrule*[right=IMP\_ANTISYM\_RULE]{\Gamma \entails p \Longrightarrow q\\\\\Delta \entails q \Longrightarrow p}{\Gamma \cup \Delta \entails p = q}$\\[1em]
$\inferrule*[right=IMP\_TRANS] {\Gamma \entails p \Longrightarrow q\\\Delta \entails q \Longrightarrow r}{\Gamma \cup \Delta \entails p \Longrightarrow r}$\\[1em]
$\inferrule*[right=DISCH]{\Gamma \entails p}{\Gamma - \{q\} \entails q \Longrightarrow p}$\\[1em]
$\inferrule*[right=UNDISCH]{\Gamma \entails q \Longrightarrow p}{\Gamma \cup \{q\} \entails p}$\\[1em]
$\inferrule*[right=NOT\_INTRO]{\Gamma \entails p \Longrightarrow \text{F}}{\Gamma \entails \holNeg{}p}$\\[1em]
$\inferrule*[right=NOT\_ELIM]{\Gamma \entails \holNeg{}p}{\Gamma \entails p \Longrightarrow \text{F}}$\\[1em]
\frametitle{Inference Rules for Conjunction / Disjunction}
$\inferrule*[right={CONJ}]{\Gamma \entails p\\\Delta \entails q}{\Gamma \cup \Delta \entails p\ \wedge\ q}$\\[1em]
$\inferrule*[right={CONJUNCT1}]{\Gamma \entails p\ \wedge\ q}{\Gamma \entails p}$\\[1em]
$\inferrule*[right={CONJUNCT2}]{\Gamma \entails p\ \wedge\ q}{\Gamma \entails q}$\\[1em]
$\inferrule*[right={DISJ1}]{\Gamma \entails p}{\Gamma \entails p\ \vee\ q}$\\[1em]
$\inferrule*[right={DISJ2}]{\Gamma \entails q}{\Gamma \entails p\ \vee\ q}$\\[1em]
$\inferrule*[right={DISJ\_CASES}]{\Gamma \entails p \vee q\\\Delta_1 \cup \{p\} \entails r\\\Delta_2 \cup \{q\} \entails r}{\Gamma \cup \Delta_1 \cup \Delta_2 \entails r}$\\[1em]
\frametitle{Inference Rules for Quantifiers}
$\inferrule*[right={GEN}]{\Gamma \entails p\\x \text{\ not free in\ }\Gamma}{\Gamma \entails \forall{}x.\ p}$\\[1em]
$\inferrule*[right={SPEC}]{\Gamma \entails \forall{}x.\ p}{\Gamma \entails p[u/x]}$\\[1em]
$\inferrule*[right={EXISTS}]{\Gamma \entails p[u/x]}{\Gamma \entails \exists{}x.\ p}$\\[1em]
$\inferrule*[right={CHOOSE}]{\Gamma \entails \exists{}x.\ p\\\Delta \cup \{p[u/x]\} \entails r\\
u \text{\ not free in\ } \Gamma, \Delta, p \text{ and } r}
{\Gamma \cup \Delta \entails r}$\\[1em]
\section{Forward Proofs}
\frametitle{Forward Proofs}
\item axioms and inference rules are used to derive theorems
\item this method is called \emph{forward proof}
\item one starts with basic building blocks
\item one moves step by step forward
\item finally the theorem one is interested in is derived
\item one can also implement own proof tools
\frametitle{Forward Proofs --- Example I}
Let's prove $\forall{}p.\ p \Longrightarrow p$.
val IMP_REFL_THM = let
val tm1 = ``p:bool``;
val thm1 = ASSUME tm1;
val thm2 = DISCH tm1 thm1;
GEN tm1 thm2
fun IMP_REFL t =
> val tm1 = ``p``: term
> val thm1 = [p] |- p: thm
> val thm2 = |- p ==> p: thm
> val IMP_REFL_THM =
|- !p. p ==> p: thm
> val IMP_REFL =
fn: term -> thm
\frametitle{Forward Proofs --- Example II}
Let's prove $\forall{}P\,v.\ (\exists{}x.\ (x = v) \wedge P\ x) \Longleftrightarrow P\ v$.
val tm_v = ``v:'a``;
val tm_P = ``P:'a -> bool``;
val tm_lhs = ``?x. (x = v) \holAnd{} P x``
val tm_rhs = mk_comb (tm_P, tm_v);
val thm1 = let
val thm1a = ASSUME tm_rhs;
val thm1b =
CONJ (REFL tm_v) thm1a;
val thm1c =
EXISTS (tm_lhs, tm_v) thm1b
DISCH tm_rhs thm1c
> val thm1a = [P v] |- P v: thm
> val thm1b =
[P v] |- (v = v) \holAnd{} P v: thm
> val thm1c =
[P v] |- ?x. (x = v) \holAnd{} P x
> val thm1 = [] |-
P v ==> ?x. (x = v) \holAnd{} P x: thm
\frametitle{Forward Proofs --- Example II cont.}
val thm2 = let
val thm2a =
ASSUME ``(u:'a = v) \holAnd{} P u``
val thm2b = AP_TERM tm_P
(CONJUNCT1 thm2a);
val thm2c = EQ_MP thm2b
(CONJUNCT2 thm2a);
val thm2d =
CHOOSE (``u:'a``,
ASSUME tm_lhs) thm2c
DISCH tm_lhs thm2d
val thm3 = IMP_ANTISYM_RULE thm2 thm1
val thm4 = GENL [tm_P, tm_v] thm3
> val thm2a = [(u = v) \holAnd{} P u] |-
(u = v) \holAnd{} P u: thm
> val thm2b = [(u = v) \holAnd{} P u] |-
P u <=> P v
> val thm2c = [(u = v) \holAnd{} P u] |-
P v
> val thm2d = [?x. (x = v) \holAnd{} P x] |-
P v
> val thm2 = [] |-
?x. (x = v) \holAnd{} P x ==> P v
> val thm3 = [] |-
?x. (x = v) \holAnd{} P x <=> P v
> val thm4 = [] |- !P v.
?x. (x = v) \holAnd{} P x <=> P v
% \section{Rules and Conversions}
% \begin{frame}
% \frametitle{Derived Tools}
% \begin{itemize}
% \item HOL lives from implementing reasoning tools in SML
% \item \emph{rules} --- use theorems to produce new theorems\\
% \begin{itemize}
% \item SML-type \ml{thm -> thm}
% \item functions with similar type often called rule as well
% \end{itemize}
% \item \emph{conversions} --- convert a term into an equal one\\
% \begin{itemize}
% \item SML-type \ml{term -> thm}
% \item given term \ml{t} produces theorem of form \ml{[] |- t = t'}
% \item may raise exceptions \ml{HOL\_ERR} or \ml{UNCHANGED}
% \end{itemize}
% \item \ldots
% \end{itemize}
% \end{frame}
% \begin{frame}
% \frametitle{Conversions}
% \begin{itemize}
% \item HOL has very good tool support for equality reasoning
% \item \emph{conversions} are important for HOL's automation
% \item there is a lot of infrastructure for conversions
% \begin{itemize}
% \item \ml{RAND\_CONV}, \ml{RATOR\_CONV}, \ml{ABS\_CONV}
% \item \ml{DEPTH\_CONV}
% \item \ml{THENC}, \ml{TRY\_CONV}, \ml{FIRST\_CONV}
% \item \ml{REPEAT\_CONV}
% \item \ml{CHANGED\_CONV}, \ml{QCHANGED\_CONV}
% \item \ml{NO\_CONV}, \ml{ALL\_CONV}
% \item \ldots
% \end{itemize}
% \item important conversions
% \begin{itemize}
% \item \ml{REWR\_CONV}
% \item \ml{REWRITE\_CONV}
% \item \ldots
% \end{itemize}
% \end{itemize}
% \end{frame}
