From plummer@TIS.COM  Wed Apr 11 14:56:46 1990
Received: by iris.ucdavis.edu (5.57/UCD.EECS.2.0)
        id AA29766; Wed, 11 Apr 90 14:56:46 PDT
Received: from TIS.COM by clover.ucdavis.edu (5.59/UCD.EECS.1.11)
        id AA10815; Wed, 11 Apr 90 15:01:03 PDT
Received: from ELROY.TIS.COM by TIS.COM (5.61/1.34)
        id AA21058; Tue, 10 Apr 90 16:48:56 -0400
Received: by elroy.TIS.COM (3.2/SMI-3.2)
        id AA16981; Tue, 10 Apr 90 16:47:24 EDT
Date: Tue, 10 Apr 90 16:47:24 EDT
From: Dave Barker-Plummer <plummer@TIS.COM>
Message-Id: <9004102047.AA16981@elroy.TIS.COM>
To: info-hol@clover.ucdavis.edu
Cc: crocker@TIS.COM, redmond@TIS.COM, sandy@TIS.COM
Subject: A Question Regarding REWRITE_TAC and its friends.


I am just a HOL novice, so forgive me if this question has a simple
answer.  In the course of experimenting with HOL, we are building ZF
set theory.  Today I was proving the commutativity of the union
function and had some trouble with the rewriting package.  It doesn't
behave in the way that I expected, and don't understand why.

I have three questions, which are motivated by the example below, but
which I will repeat here.

1.  What does the prefix ONCE_ mean in ONCE_REWRITE_TAC
    I observe that ONCE_REWRITE_TAC is implemented in terms of
    ONCE_DEPTH_CONV whose documentation says that it applies only to
    the first term on which it succeeds, but this does not seem to be
    true.

2.  How is an instantiated version of the theorem converted into a
    more general rewrite rule?  That is, how does (PAIR x y) = e
    rewrite (PAIR y x) when x and y are not variables.

3.  Why does the behaviour of ASM_REWRITE_TAC[]
    when the assumption list has a single member t, differ from the
    behaviour of REWRITE_TAC[t] when the assumption list is empty.

Here is the example.  Any clarification would be appreciated.

-- Dave

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

I have the definition (`D30`):
        |- !x y. BINUNION x y = UNION(PAIR x y)
where BINUNION is binary union, and UNION and PAIR are further defined.

I have proved the theorem (`T24.4`):
        |- !x y. PAIR x y = PAIR y x

#set_goal ([], "!x y:*.BINUNION x y = BINUNION y x");;

"!x y. BINUNION x y = BINUNION y x"

() : void

#e (REWRITE_TAC[defn `D30`]);;

OK..
"!x y. UNION(PAIR x y) = UNION(PAIR y x)"

() : void

#e (ONCE_REWRITE_TAC[thrm `T24.2`]);;

OK..
"!x y. UNION(PAIR y x) = UNION(PAIR x y)"

() : void

# % Observe that both PAIR terms have changed.
    With hindsight, I expected this, since the theorem is universally
    quantified over x and y (although I did expect the use of
    ONCE_REWRITE_TAC to get me where I wanted to go).

    Here is question 1.  What does the prefix ONCE_ mean in this context?
    I observe that ONCE_REWRITE_TAC is implemented in terms of
    ONCE_DEPTH_CONV whose documentation says that it applies only to
    the first term on which it succeeds.                             %

set_goal ([], "!x y:*.BINUNION x y = BINUNION y x");;

"!x y. BINUNION x y = BINUNION y x"

() : void

#e (REPEAT GEN_TAC);;

OK..
"BINUNION x y = BINUNION y x"

() : void

#e (REWRITE_TAC[defn `D30`]);;

OK..
"UNION(PAIR x y) = UNION(PAIR y x)"

() : void

#e (ONCE_REWRITE_TAC[SPECL ["x:*";"y:*"] (thrm `T24.2`)]);;

OK..
"UNION(PAIR y x) = UNION(PAIR x y)"

() : void

# % Now I am confused.  I used an instance of the theorem, which has a
    specific "x" and "y" where I used to have variables, and the goal
    has specific "x" and "y".  This shouldn't match the (PAIR y x) term,
    (should it?).

    Here is question 2.  How is an instantiated version of the theorem
    converted into a more general rewrite rule?                       %

set_goal ([], "!x y:*.BINUNION x y = BINUNION y x");;

"!x y. BINUNION x y = BINUNION y x"

() : void

#e (REPEAT GEN_TAC);;

OK..
"BINUNION x y = BINUNION y x"

() : void

#e (REWRITE_TAC[defn `D30`]);;

#OK..
"UNION(PAIR x y) = UNION(PAIR y x)"

() : void

#e (ASSUME_TAC (SPECL ["x:*";"y:*"] (thrm `T24.2`)));;

OK..
"UNION(PAIR x y) = UNION(PAIR y x)"
    [ "PAIR x y = PAIR y x" ]

() : void

#e (ASM_REWRITE_TAC[]);;

OK..
goal proved
. |- UNION(PAIR x y) = UNION(PAIR y x)
|- UNION(PAIR x y) = UNION(PAIR y x)
|- BINUNION x y = BINUNION y x
|- !x y. BINUNION x y = BINUNION y x

Previous subproof:
goal proved
() : void

# % Well, I proved the theorem, but I am now worried that I have a
    fundamental misunderstanding of the rewriting algorithm.

    Here is question 3.  Why does the behaviour of ASM_REWRITE_TAC[]
    when the assumption list has a single member t, differ from the
    behaviour of REWRITE_TAC[t] when the assumption list is empty.    %

-- Dave

