NICTA Advanced Course. Theorem Proving Principles, Techniques, Applications

Transcription

1 NICTA Advanced Course Theorem Proving Principles, Techniques, Applications λ 1

2 CONTENT Intro & motivation, getting started with Isabelle Foundations & Principles Lambda Calculus Higher Order Logic, natural deduction Term rewriting Proof & Specification Techniques Datatypes, recursion, induction Inductively defined sets, rule induction Calculational reasoning, mathematics style proofs Hoare logic, proofs about programs CONTENT 2

3 λ CALCULUS IS INCONSISTENT From last lecture: Can find term R such that R R = β not(r R) There are more terms that do not make sense: 1 2, true false, etc. λ CALCULUS IS INCONSISTENT 3

4 λ CALCULUS IS INCONSISTENT From last lecture: Can find term R such that R R = β not(r R) There are more terms that do not make sense: 1 2, true false, etc. Solution: rule out ill-formed terms by using types. (Church 1940) λ CALCULUS IS INCONSISTENT 3-A

5 INTRODUCING TYPES Idea: assign a type to each sensible λ term. Examples: INTRODUCING TYPES 4

6 INTRODUCING TYPES Idea: assign a type to each sensible λ term. Examples: for term t has type α write t :: α INTRODUCING TYPES 4-A

7 INTRODUCING TYPES Idea: assign a type to each sensible λ term. Examples: for term t has type α write t :: α if x has type α then λx. x is a function from α to α Write: (λx. x) :: α a INTRODUCING TYPES 4-B

8 INTRODUCING TYPES Idea: assign a type to each sensible λ term. Examples: for term t has type α write t :: α if x has type α then λx. x is a function from α to α Write: (λx. x) :: α a for s t to be sensible: s must be function t must be right type for parameter If s :: α β and t :: α then (s t) :: β INTRODUCING TYPES 4-C

9 THAT S ABOUT IT 5

10 NOW FORMALLY, AGAIN 6

11 SYNTAX FOR λ Terms: t ::= v c (t t) (λx. t) v, x V, c C, V, C sets of names Types: τ ::= b ν τ τ b {bool, int,...} base types ν {α, β,...} type variables α β γ = α (β γ) SYNTAX FOR λ 7

12 SYNTAX FOR λ Terms: t ::= v c (t t) (λx. t) v, x V, c C, V, C sets of names Types: τ ::= b ν τ τ b {bool, int,...} base types ν {α, β,...} type variables α β γ = α (β γ) Contexts Γ: Γ: function from variable and constant names to types. SYNTAX FOR λ 7-A

13 SYNTAX FOR λ Terms: t ::= v c (t t) (λx. t) v, x V, c C, V, C sets of names Types: τ ::= b ν τ τ b {bool, int,...} base types ν {α, β,...} type variables α β γ = α (β γ) Contexts Γ: Γ: function from variable and constant names to types. Term t has type τ in context Γ: Γ t :: τ SYNTAX FOR λ 7-B

14 EXAMPLES Γ (λx. x) :: α α EXAMPLES 8

15 EXAMPLES Γ (λx. x) :: α α [y int] y :: int EXAMPLES 8-A

16 EXAMPLES Γ (λx. x) :: α α [y int] y :: int [z bool] (λy. y) z :: bool EXAMPLES 8-B

17 EXAMPLES Γ (λx. x) :: α α [y int] y :: int [z bool] (λy. y) z :: bool [] λf x. f x :: (α β) α β EXAMPLES 8-C

18 EXAMPLES Γ (λx. x) :: α α [y int] y :: int [z bool] (λy. y) z :: bool [] λf x. f x :: (α β) α β A term t is well typed or type correct if there are Γ and τ such that Γ t :: τ EXAMPLES 8-D

19 TYPE CHECKING RULES Variables: Γ x :: Γ(x) TYPE CHECKING RULES 9

20 TYPE CHECKING RULES Variables: Γ x :: Γ(x) Application: Γ (t 1 t 2 ) :: τ 1 TYPE CHECKING RULES 9-A

21 TYPE CHECKING RULES Variables: Γ x :: Γ(x) Application: Γ t 1 :: τ 2 τ 1 Γ t 2 :: τ 2 Γ (t 1 t 2 ) :: τ 1 TYPE CHECKING RULES 9-B

22 TYPE CHECKING RULES Variables: Γ x :: Γ(x) Application: Γ t 1 :: τ 2 τ 1 Γ t 2 :: τ 2 Γ (t 1 t 2 ) :: τ 1 Abstraction: Γ (λx. t) :: τ 1 τ 2 TYPE CHECKING RULES 9-C

23 TYPE CHECKING RULES Variables: Γ x :: Γ(x) Application: Γ t 1 :: τ 2 τ 1 Γ t 2 :: τ 2 Γ (t 1 t 2 ) :: τ 1 Abstraction: Γ[x τ 1 ] t :: τ 2 Γ (λx. t) :: τ 1 τ 2 TYPE CHECKING RULES 9-D

24 EXAMPLE TYPE DERIVATION: [] λx y. x :: α β α EXAMPLE TYPE DERIVATION: 10

25 EXAMPLE TYPE DERIVATION: [x α] λy. x :: β α [] λx y. x :: α β α EXAMPLE TYPE DERIVATION: 10-A

26 EXAMPLE TYPE DERIVATION: [x α, y β] x :: α [x α] λy. x :: β α [] λx y. x :: α β α EXAMPLE TYPE DERIVATION: 10-B

27 EXAMPLE TYPE DERIVATION: [x α, y β] x :: α [x α] λy. x :: β α [] λx y. x :: α β α EXAMPLE TYPE DERIVATION: 10-C

28 MORE COMPLEX EXAMPLE [] λf x. f x x :: MORE COMPLEX EXAMPLE 11

29 MORE COMPLEX EXAMPLE [] λf x. f x x :: (α α β) α β MORE COMPLEX EXAMPLE 11-A

30 MORE COMPLEX EXAMPLE [f α α β] λx. f x x :: α β [] λf x. f x x :: (α α β) α β MORE COMPLEX EXAMPLE 11-B

31 MORE COMPLEX EXAMPLE Γ f x x :: β [f α α β] λx. f x x :: α β [] λf x. f x x :: (α α β) α β Γ = [f α α β, x α] MORE COMPLEX EXAMPLE 11-C

32 MORE COMPLEX EXAMPLE Γ f x :: α β Γ f x x :: β [f α α β] λx. f x x :: α β [] λf x. f x x :: (α α β) α β Γ = [f α α β, x α] MORE COMPLEX EXAMPLE 11-D

33 MORE COMPLEX EXAMPLE Γ f x :: α β Γ x :: α Γ f x x :: β [f α α β] λx. f x x :: α β [] λf x. f x x :: (α α β) α β Γ = [f α α β, x α] MORE COMPLEX EXAMPLE 11-E

34 MORE COMPLEX EXAMPLE Γ f :: α (α β) Γ f x :: α β Γ x :: α Γ f x x :: β [f α α β] λx. f x x :: α β [] λf x. f x x :: (α α β) α β Γ = [f α α β, x α] MORE COMPLEX EXAMPLE 11-F

35 MORE COMPLEX EXAMPLE Γ f :: α (α β) Γ x :: α Γ f x :: α β Γ x :: α Γ f x x :: β [f α α β] λx. f x x :: α β [] λf x. f x x :: (α α β) α β Γ = [f α α β, x α] MORE COMPLEX EXAMPLE 11-G

36 MORE GENERAL TYPES A term can have more than one type. MORE GENERAL TYPES 12

37 MORE GENERAL TYPES A term can have more than one type. Example: [] λx. x :: bool bool [] λx. x :: α α MORE GENERAL TYPES 12-A

38 MORE GENERAL TYPES A term can have more than one type. Example: [] λx. x :: bool bool [] λx. x :: α α Some types are more general than others: τ σ if there is a substitution S such that τ = S(σ) MORE GENERAL TYPES 12-B

39 MORE GENERAL TYPES A term can have more than one type. Example: [] λx. x :: bool bool [] λx. x :: α α Some types are more general than others: τ σ if there is a substitution S such that τ = S(σ) Examples: int bool α β MORE GENERAL TYPES 12-C

40 MORE GENERAL TYPES A term can have more than one type. Example: [] λx. x :: bool bool [] λx. x :: α α Some types are more general than others: τ σ if there is a substitution S such that τ = S(σ) Examples: int bool α β β α MORE GENERAL TYPES 12-D

41 MORE GENERAL TYPES A term can have more than one type. Example: [] λx. x :: bool bool [] λx. x :: α α Some types are more general than others: τ σ if there is a substitution S such that τ = S(σ) Examples: int bool α β β α α α MORE GENERAL TYPES 12-E

42 MOST GENERAL TYPES Fact: each type correct term has a most general type MOST GENERAL TYPES 13

43 MOST GENERAL TYPES Fact: each type correct term has a most general type Formally: Γ t :: τ = σ. Γ t :: σ ( σ. Γ t :: σ = σ σ) MOST GENERAL TYPES 13-A

44 MOST GENERAL TYPES Fact: each type correct term has a most general type Formally: Γ t :: τ = σ. Γ t :: σ ( σ. Γ t :: σ = σ σ) It can be found by executing the typing rules backwards. MOST GENERAL TYPES 13-B

45 MOST GENERAL TYPES Fact: each type correct term has a most general type Formally: Γ t :: τ = σ. Γ t :: σ ( σ. Γ t :: σ = σ σ) It can be found by executing the typing rules backwards. type checking: checking if Γ t :: τ for given Γ and τ MOST GENERAL TYPES 13-C

46 MOST GENERAL TYPES Fact: each type correct term has a most general type Formally: Γ t :: τ = σ. Γ t :: σ ( σ. Γ t :: σ = σ σ) It can be found by executing the typing rules backwards. type checking: checking if Γ t :: τ for given Γ and τ type inference: computing Γ and τ such that Γ t :: τ MOST GENERAL TYPES 13-D

47 MOST GENERAL TYPES Fact: each type correct term has a most general type Formally: Γ t :: τ = σ. Γ t :: σ ( σ. Γ t :: σ = σ σ) It can be found by executing the typing rules backwards. type checking: checking if Γ t :: τ for given Γ and τ type inference: computing Γ and τ such that Γ t :: τ Type checking and type inference on λ are decidable. MOST GENERAL TYPES 13-E

48 WHAT ABOUT β REDUCTION? WHAT ABOUT β REDUCTION? 14

49 WHAT ABOUT β REDUCTION? Definition of β reduction stays the same. WHAT ABOUT β REDUCTION? 14-A

50 WHAT ABOUT β REDUCTION? Definition of β reduction stays the same. Fact: Well typed terms stay well typed during β reduction Formally: Γ s :: τ s β t = Γ t :: τ WHAT ABOUT β REDUCTION? 14-B

51 WHAT ABOUT β REDUCTION? Definition of β reduction stays the same. Fact: Well typed terms stay well typed during β reduction Formally: Γ s :: τ s β t = Γ t :: τ This property is called subject reduction WHAT ABOUT β REDUCTION? 14-C

52 WHAT ABOUT TERMINATION? WHAT ABOUT TERMINATION? 15

53 WHAT ABOUT TERMINATION? β reduction in λ always terminates. (Alan Turing, 1942) WHAT ABOUT TERMINATION? 15-A

54 WHAT ABOUT TERMINATION? β reduction in λ always terminates. (Alan Turing, 1942) = β is decidable To decide if s = β t, reduce s and t to normal form (always exists, because β terminates), and compare result. WHAT ABOUT TERMINATION? 15-B

55 WHAT ABOUT TERMINATION? β reduction in λ always terminates. (Alan Turing, 1942) = β is decidable To decide if s = β t, reduce s and t to normal form (always exists, because β terminates), and compare result. = αβη is decidable This is why Isabelle can automatically reduce each term to βη normal form. WHAT ABOUT TERMINATION? 15-C

56 WHAT DOES THIS MEAN FOR EXPRESSIVENESS? WHAT DOES THIS MEAN FOR EXPRESSIVENESS? 16

57 WHAT DOES THIS MEAN FOR EXPRESSIVENESS? Not all computable functions can be expressed in λ! WHAT DOES THIS MEAN FOR EXPRESSIVENESS? 16-A

58 WHAT DOES THIS MEAN FOR EXPRESSIVENESS? Not all computable functions can be expressed in λ! How can typed functional languages then be turing complete? WHAT DOES THIS MEAN FOR EXPRESSIVENESS? 16-B

59 WHAT DOES THIS MEAN FOR EXPRESSIVENESS? Not all computable functions can be expressed in λ! How can typed functional languages then be turing complete? Fact: Each computable function can be encoded as closed, type correct λ term using Y :: (τ τ) τ with Y t β t (Y t) as only constant. WHAT DOES THIS MEAN FOR EXPRESSIVENESS? 16-C

60 WHAT DOES THIS MEAN FOR EXPRESSIVENESS? Not all computable functions can be expressed in λ! How can typed functional languages then be turing complete? Fact: Each computable function can be encoded as closed, type correct λ term using Y :: (τ τ) τ with Y t β t (Y t) as only constant. Y is called fix point operator used for recursion WHAT DOES THIS MEAN FOR EXPRESSIVENESS? 16-D

61 TYPES AND TERMS IN ISABELLE Types: τ ::= b ν ν :: C τ τ (τ,..., τ) K b {bool, int,...} base types ν {α, β,...} type variables K {set, list,...} type constructors C {order, linord,...} type classes Terms: t ::= v c?v (t t) (λx. t) v, x V, c C, V, C sets of names TYPES AND TERMS IN ISABELLE 17

62 TYPES AND TERMS IN ISABELLE Types: τ ::= b ν ν :: C τ τ (τ,..., τ) K b {bool, int,...} base types ν {α, β,...} type variables K {set, list,...} type constructors C {order, linord,...} type classes Terms: t ::= v c?v (t t) (λx. t) v, x V, c C, V, C sets of names type constructors: construct a new type out of a parameter type. Example: int list TYPES AND TERMS IN ISABELLE 17-A

63 TYPES AND TERMS IN ISABELLE Types: τ ::= b ν ν :: C τ τ (τ,..., τ) K b {bool, int,...} base types ν {α, β,...} type variables K {set, list,...} type constructors C {order, linord,...} type classes Terms: t ::= v c?v (t t) (λx. t) v, x V, c C, V, C sets of names type constructors: construct a new type out of a parameter type. Example: int list type classes: restrict type variables to a class defined by axioms. Example: α :: order TYPES AND TERMS IN ISABELLE 17-B

64 TYPES AND TERMS IN ISABELLE Types: τ ::= b ν ν :: C τ τ (τ,..., τ) K b {bool, int,...} base types ν {α, β,...} type variables K {set, list,...} type constructors C {order, linord,...} type classes Terms: t ::= v c?v (t t) (λx. t) v, x V, c C, V, C sets of names type constructors: construct a new type out of a parameter type. Example: int list type classes: restrict type variables to a class defined by axioms. Example: α :: order schematic variables: variables that can be instantiated. TYPES AND TERMS IN ISABELLE 17-C

65 TYPE CLASSES similar to Haskell s type classes, but with semantic properties axclass order < ord order refl: x x order trans: [x y; y z ] = x z... TYPE CLASSES 18

66 TYPE CLASSES similar to Haskell s type classes, but with semantic properties axclass order < ord order refl: x x order trans: [x y; y z ] = x z... theorems can be proved in the abstract lemma order less trans: V x :: a :: order. [x < y; y < z ] = x < z TYPE CLASSES 18-A

67 TYPE CLASSES similar to Haskell s type classes, but with semantic properties axclass order < ord order refl: x x order trans: [x y; y z ] = x z... theorems can be proved in the abstract lemma order less trans: V x :: a :: order. [x < y; y < z ] = x < z can be used for subtyping axclass linorder < order linorder linear: x y y x TYPE CLASSES 18-B

68 TYPE CLASSES similar to Haskell s type classes, but with semantic properties axclass order < ord order refl: x x order trans: [x y; y z ] = x z... theorems can be proved in the abstract lemma order less trans: V x :: a :: order. [x < y; y < z ] = x < z can be used for subtyping axclass linorder < order linorder linear: x y y x can be instantiated instance nat :: {order, linorder} by... TYPE CLASSES 18-C

69 SCHEMATIC VARIABLES X Y X Y X and Y must be instantiated to apply the rule SCHEMATIC VARIABLES 19

70 SCHEMATIC VARIABLES X Y X Y X and Y must be instantiated to apply the rule But: lemma x + 0 = 0 + x x is free convention: lemma must be true for all x during the proof, x must not be instantiated SCHEMATIC VARIABLES 19-A

71 SCHEMATIC VARIABLES X Y X Y X and Y must be instantiated to apply the rule But: lemma x + 0 = 0 + x x is free convention: lemma must be true for all x during the proof, x must not be instantiated Solution: Isabelle has free (x), bound (x), and schematic (?X) variables. Only schematic variables can be instantiated. Free converted into schematic after proof is finished. SCHEMATIC VARIABLES 19-B

72 HIGHER ORDER UNIFICATION Unification: Find substitution σ on variables for terms s, t such that σ(s) = σ(t) HIGHER ORDER UNIFICATION 20

73 HIGHER ORDER UNIFICATION Unification: Find substitution σ on variables for terms s, t such that σ(s) = σ(t) In Isabelle: Find substitution σ on schematic variables such that σ(s) = αβη σ(t) HIGHER ORDER UNIFICATION 20-A

74 HIGHER ORDER UNIFICATION Unification: Find substitution σ on variables for terms s, t such that σ(s) = σ(t) In Isabelle: Find substitution σ on schematic variables such that σ(s) = αβη σ(t) Examples:?X?Y = αβη x x?p x = αβη x x P (?f x) = αβη?y x HIGHER ORDER UNIFICATION 20-B

75 HIGHER ORDER UNIFICATION Unification: Find substitution σ on variables for terms s, t such that σ(s) = σ(t) In Isabelle: Find substitution σ on schematic variables such that σ(s) = αβη σ(t) Examples:?X?Y = αβη x x [?X x,?y x]?p x = αβη x x [?P λx. x x] P (?f x) = αβη?y x [?f λx. x,?y P ] Higher Order: schematic variables can be functions. HIGHER ORDER UNIFICATION 20-C

76 HIGHER ORDER UNIFICATION Unification modulo αβ (Higher Order Unification) is semi-decidable HIGHER ORDER UNIFICATION 21

77 HIGHER ORDER UNIFICATION Unification modulo αβ (Higher Order Unification) is semi-decidable Unification modulo αβη is undecidable HIGHER ORDER UNIFICATION 21-A

78 HIGHER ORDER UNIFICATION Unification modulo αβ (Higher Order Unification) is semi-decidable Unification modulo αβη is undecidable Higher Order Unification has possibly infinitely many solutions HIGHER ORDER UNIFICATION 21-B

79 HIGHER ORDER UNIFICATION Unification modulo αβ (Higher Order Unification) is semi-decidable Unification modulo αβη is undecidable Higher Order Unification has possibly infinitely many solutions But: Most cases are well-behaved HIGHER ORDER UNIFICATION 21-C

80 HIGHER ORDER UNIFICATION Unification modulo αβ (Higher Order Unification) is semi-decidable Unification modulo αβη is undecidable Higher Order Unification has possibly infinitely many solutions But: Most cases are well-behaved Important fragments (like Higher Order Patterns) are decidable HIGHER ORDER UNIFICATION 21-D

81 HIGHER ORDER UNIFICATION Unification modulo αβ (Higher Order Unification) is semi-decidable Unification modulo αβη is undecidable Higher Order Unification has possibly infinitely many solutions But: Most cases are well-behaved Important fragments (like Higher Order Patterns) are decidable Higher Order Pattern: is a term in β normal form where each occurrence of a schematic variable is of the from?f t 1... t n and the t 1... t n are η-convertible into n distinct bound variables HIGHER ORDER UNIFICATION 21-E

82 WE HAVE LEARNED SO FAR... Simply typed lambda calculus: λ WE HAVE LEARNED SO FAR... 22

83 WE HAVE LEARNED SO FAR... Simply typed lambda calculus: λ Typing rules for λ, type variables, type contexts WE HAVE LEARNED SO FAR A

84 WE HAVE LEARNED SO FAR... Simply typed lambda calculus: λ Typing rules for λ, type variables, type contexts β-reduction in λ satisfies subject reduction WE HAVE LEARNED SO FAR B

85 WE HAVE LEARNED SO FAR... Simply typed lambda calculus: λ Typing rules for λ, type variables, type contexts β-reduction in λ satisfies subject reduction β-reduction in λ always terminates WE HAVE LEARNED SO FAR C

86 WE HAVE LEARNED SO FAR... Simply typed lambda calculus: λ Typing rules for λ, type variables, type contexts β-reduction in λ satisfies subject reduction β-reduction in λ always terminates Types and terms in Isabelle WE HAVE LEARNED SO FAR D

87 PREVIEW: PROOFS IN ISABELLE 23

88 PROOFS IN ISABELLE General schema: lemma name: <goal> apply <method> apply <method>... done PROOFS IN ISABELLE 24

89 PROOFS IN ISABELLE General schema: lemma name: <goal> apply <method> apply <method>... done Sequential application of methods until all subgoals are solved. PROOFS IN ISABELLE 24-A

90 THE PROOF STATE 1. x 1... x p.[a 1 ;... ; A n ] = B 2. y 1... y q.[c 1 ;... ; C m ] = D THE PROOF STATE 25

91 THE PROOF STATE 1. x 1... x p.[a 1 ;... ; A n ] = B 2. y 1... y q.[c 1 ;... ; C m ] = D x 1... x p A 1... A n B Parameters Local assumptions Actual (sub)goal THE PROOF STATE 25-A

92 ISABELLE THEORIES Syntax: theory MyT h = ImpT h ImpT h n : (declarations, definitions, theorems, proofs,...) end MyT h: name of theory. Must live in file MyT h.thy ImpT h i : name of imported theories. Import transitive. ISABELLE THEORIES 26

93 ISABELLE THEORIES Syntax: theory MyT h = ImpT h ImpT h n : (declarations, definitions, theorems, proofs,...) end MyT h: name of theory. Must live in file MyT h.thy ImpT h i : name of imported theories. Import transitive. Unless you need something special: theory M yt h = Main: ISABELLE THEORIES 26-A

94 NATURAL DEDUCTION RULES A B conji A B C conje A B A B disji1/2 A B C disje A B impi A B C impe For each connective (,, etc): introduction and elemination rules NATURAL DEDUCTION RULES 27

95 NATURAL DEDUCTION RULES A B A B conji A B C conje A B A B disji1/2 A B C disje A B impi A B C impe For each connective (,, etc): introduction and elemination rules NATURAL DEDUCTION RULES 27-A

96 NATURAL DEDUCTION RULES A B A B conji A B [A; B ] = C C conje A B A B disji1/2 A B C disje A B impi A B C impe For each connective (,, etc): introduction and elemination rules NATURAL DEDUCTION RULES 27-B

97 NATURAL DEDUCTION RULES A B A B conji A B [A; B ] = C C conje A A B B A B disji1/2 A B C disje A B impi A B C impe For each connective (,, etc): introduction and elemination rules NATURAL DEDUCTION RULES 27-C

98 NATURAL DEDUCTION RULES A B A B conji A B [A; B ] = C C conje A A B B A B disji1/2 A B A = C B = C C disje A B impi A B C impe For each connective (,, etc): introduction and elemination rules NATURAL DEDUCTION RULES 27-D

99 NATURAL DEDUCTION RULES A B A B conji A B [A; B ] = C C conje A A B B A B disji1/2 A B A = C B = C C disje A = B A B impi A B C impe For each connective (,, etc): introduction and elemination rules NATURAL DEDUCTION RULES 27-E

100 NATURAL DEDUCTION RULES A B A B conji A B [A; B ] = C C conje A A B B A B disji1/2 A B A = C B = C C disje A = B A B impi A B A B = C C impe For each connective (,, etc): introduction and elemination rules NATURAL DEDUCTION RULES 27-F

101 PROOF BY ASSUMPTION apply assumption proves 1. [B 1 ;... ; B m ] = C by unifying C with one of the B i PROOF BY ASSUMPTION 28

102 PROOF BY ASSUMPTION apply assumption proves 1. [B 1 ;... ; B m ] = C by unifying C with one of the B i There may be more than one matching B i and multiple unifiers. Backtracking! Explicit backtracking command: back PROOF BY ASSUMPTION 28-A

103 INTRO RULES Intro rules decompose formulae to the right of =. apply (rule <intro-rule>) INTRO RULES 29

104 INTRO RULES Intro rules decompose formulae to the right of =. apply (rule <intro-rule>) Intro rule [A 1 ;... ; A n ] = A means To prove A it suffices to show A 1... A n INTRO RULES 29-A

105 INTRO RULES Intro rules decompose formulae to the right of =. apply (rule <intro-rule>) Intro rule [A 1 ;... ; A n ] = A means To prove A it suffices to show A 1... A n Applying rule [A 1 ;... ; A n ] = A to subgoal C: unify A and C replace C with n new subgoals A 1... A n INTRO RULES 29-B

106 ELIM RULES Elim rules decompose formulae on the left of =. apply (erule <elim-rule>) ELIM RULES 30

107 ELIM RULES Elim rules decompose formulae on the left of =. apply (erule <elim-rule>) Elim rule [A 1 ;... ; A n ] = A means If I know A 1 and want to prove A it suffices to show A 2... A n ELIM RULES 30-A

108 ELIM RULES Elim rules decompose formulae on the left of =. apply (erule <elim-rule>) Elim rule [A 1 ;... ; A n ] = A means If I know A 1 and want to prove A it suffices to show A 2... A n Applying rule [A 1 ;... ; A n ] = A to subgoal C: Like rule but also unifies first premise of rule with an assumption eliminates that assumption ELIM RULES 30-B

109 DEMO 31

110 EXERCISES what are the types of λx y. y x and λx y z. x y (y z) construct a type derivation tree on paper for λx y z. x y (y z) find a unifier (substitution) such that λx y.?f x = λx y. c (?G y x) prove (A B C) = (A B C) in Isabelle prove (A B) = A B in Isabelle (tricky!) EXERCISES 32