· index a goal a thm a thm a goal a thm a thm a goal a thm a thm a l al a l al iso abs abs abs...
TRANSCRIPT
-
Formal Speci�cation and Analysis of
Cryptographic Protocols�
Appendix G
Einar Snekkenes
NDRE
P�O�Box ��
N����� Kjeller Norway
�January ��� ����
-
Preface
This document contains the formal de�nitions and proofs on which the document Speci�cation and
Analysis of Cryptographic Protocols� is based�
This document is intended to be for reference only�
�
-
�
-
Index
A goal ���
A THM ��
A thm ���
A� goal ���
A� THM ��
A� thm ���
A� goal ���
A� THM ��
A� thm ���
a l al ���
a l al ISO ���
abs ���
abs� ���
abs� ���
ADD ANT FUNC TAC � ���
ADD CONJ TAC ��
ADD PRE ���
add theory ���
ae tac ���
AF ck S� ��� ���
AF EQ DEF ���
AF EQ EQ PC V EQ PC V ��
AF EQ REFL ���
AF EQ SYM EQ ���
AF EQ TRANS ���
AF ID OWNERS Term ID OWNERS arg�
list ID OWNERS DEF ���
AF IDS Term IDS arg list IDS DEF ��
AF IMP DEF ���
AF IMP MP ���
AF IMP REFL ���
AF IMP TRANS ���
AF INDUCT THEN TAC ���
AF IS WF CONV ��
AF IS WF Term IS WF arg list IS WF�
DEF ���
AF IS WF true �
AF REPLACE AF Term REPLACE AF�
arg list REPLACE AF DEF ���
AF REPLACE Term Term REPLACE�
Term arg list REPLACE Term�
DEF ���
AF SUB AF DEF ���
AF SUB arg list DEF ���
AF SUB Term DEF ���
AF Term arg list V thm �� ��� ��
AF Term induct thm ��
AF Term rec thm ��
AF Term rules �� ���
AF Term uniqueness thm ��
AF V AF EQ ��
AF V AF EQ� �
AF V AF IMP ���
AF V ck RHO ���
AF V IMP AF EQ ��
al a l ��
al a l ISO ���
all constructors ��
ALL REMOVE CHOICE TAC �
ANDMAP �� ��
ANDMAP APPEND ��
ANDMAP conj ��
ANDMAP FORALL �� ��
ANDMAP HD set minus �� ���
ANDMAP IS WF value ���
ANDMAP set minus ��
ANDMAP set minus single ��
ANDMAP split ��
ANDMAP split� ��
ant � �� ���
ANT CONV ��� ���
ANT MATCH MP TAC ��� ��� ��� ���
APPEND EQ NIL � ��
APPEND EQ SING ��
APPEND MAP ���
APPEND NIL ��
arg list ANDMAP Axiom ��
arg list INDUCT TAC ��
arg list ISO list ��
arg list to list Axiom ���
arg list V MAP ���
arity ��
AS ��
AS THM ���
ascii EQ CONV ���
ASM CONV ���
ass ��
ass� assums ���
�
-
� Index
ass� assums� ���
ass� assums ���
ass ���
ass a ��
ass b ��
ass c ���
ASS DEF ���
ass DEF ��
Ass EQ DEF ���
Ass EQ REFL ���
Ass EQ SYM EQ ���
Ass EQ TRANS ���
Ass IMP DEF ���
Ass IMP MP ���
Ass IMP REFL ��
Ass IMP TRANS ��
ass INDUCT TAC ���
Ass IS WF DEF ��
ASS IS WF REPLACE ���
ass lemma ���
Ass REPLACE AF DEF ���
Ass REPLACE Term DEF ���
ass res ��
Ass V DEF ��
ASS V EQ ASS V IMP ASS EQ ���
Ass V IMP Ass EQ ���
Ass V REPLACE AF V ���
Ass V REPLACE AF V EQ ��
ass value ���
assoc aux xor ��
assums ��� ���
asym rules ��
aux xor Axiom �
aux xor cancel ��
aux xor NIL ��
base case ��
BDIFF DEF ���
BDIFF EQ ���
BDIFF T ��
BETA REWRITE ��� ��
BITER DEF ��
BITER NIL � ���
BITERate ���
bn ��
bool DELTA ���
BPAR DEF ��
BPAR SUC � ���
browse ���
btree DEF ���
C ��
C THM �
C� ��
C� THM ��
C� � ���
C� � lemma �
C� � lemma� ���
C� � THM ��
C� lemma ��
C� lemma� ��
ca� �� ���
ca delta Ax� ���
ca delta Ax� Q nh ���
ca delta Ax� Q state ���
ca delta Bx� ���
ca delta Bx� U state ���
ca delta hd tp ���
ca delta i o ���
ca delta tp ��� ���
cancel priv pub ��
cancel pub priv ��
CARD EQ � ��
CARD EQ ��
CARD REST �
cast ��
CFN DEF ��
chk rev fh ���
chk rev fh DEF ���
CK ���
CK THM ��
CK� ���
CK� THM ��
CK� ���
CK� THM ��
CK� ���
CK� THM ��
CK� ���
CK�� TAC ���
CK� THM ��
CK� ���
CK� THM ��
ck eq ���
clm ���
clm� ���
clm ���
clm� ���
clm� ��
clm� ��
clm� ���
clm� ���
clm� ���
clm� ���
clm� ���
clm ���
commute insert ��
commute insert rule ��
commute sort ��
-
Index �
COMPLETE ���
COND FL ���
COND OUT ���
COND OUT CONV ���
COND TO IMP RULE �� ��
conf invar DEF ���
conf lemma ��
conf lemma ��
conf lemma� ��
conf lemma� ��
conj ���
conj ���
CONJ CONV ��� ���
conj� ���
CONJ� CONV ��� ���
CONS ���
CONS APPEND CONS ���
CONS MK FH� ���
CONS set minus ��
conseq �
CONV FILTER ONCE ASM REWRITE�
TAC ���
count APPEND ��
count Axiom ��
count commute ��
count insert ��
count set minus �
count set minus single �
count sort ��
cp ENC ��
cp id term ��
cp L� ��
cp MK ��
CPR DEF ��
CPR MONOTONE ���
ctm ���
ctm� ���
ctm ���
ctm� ���
ctm� ���
ctm� ��
ctm� ��
ctm� ���
ctm� ���
ctm� ���
ctm� ���
ctm ���
curr su�x �
CV ADD ���
CV BOUND ���
CV DEF ��
CV EMPTY ���
CV FIX ��
CV fun ��
CV net funcs ���
D cont �
D D cont �
D rules ��
DC V cont ���
DC V DEF ��
DC V IMP DC V ��
DC V IMP DC V� ���
DC V IMP DC V� EQ ���
DC V IMP DC V EQ ���
DC V make list ���
DC V make list DC V REV make list ���
DC V RA �� ���
DC V REV CONS ��
DC V REV mk list ��
DC V strengthen ���
DC V true ��
DC V true lemma ���
dec ��
dec ��
DEC ENC ���
dec enc �
dec not enc ��
dec value ���
DECLARED IDS DEF ��
DECLARED IDS EMPTY ��
dedup ���
def ��
DELETE EQ EMPTY ��
DF CONJ goal ���
DF CONJ THM ��
DF CONJ thm ���
DFT goal ���
DFT THM ��
DFT thm ���
disc suf ��
disc term ��
disc thm �� �
disj ���
DISJ CONV ��� ��
disj� ���
DISJ� CONV ��� ��
dismantle ��
e ���
EL � ���
EL � ���
EL APPEND CONS HD TL ��
EL LENGTH APPEND ���
EL LENGTH APPEND CONS ���
EL rules �� ���
elem not in NIL ��
ELSE CONV ���
-
� Index
empty ass ���
empty ass reduce ���
enc ��
enc �� ��
enc dec �
enc dec rules ��
enc dec tac ��
ENC EQ failure ���
enc EQ P dec ��
enc EQ P enc ���
enc EQ P lt SUB VALUE OF ��
enc not dec ��
enc SUB VALUE OF enc ��
enc SUB VALUE OF m� ���
enc SUB VALUE OF P dec ��� ��
enc SUB VALUE OF P enc ��� ��
enc SUB VALUE OF P g ��� ���
enc SUB VALUE OF P g� ��� ���
enc SUB VALUE OF P l ���
enc SUB VALUE OF P l� ��
enc SUB VALUE OF value list ��
enc value ���
env �
env rules �� ���
env selector defs �
eq ���
EQ NEG TO EQ RULE ��
EQ RULE � �� �� �
EQ SET CONV ��
EQ TAUT PROVE ���
EqSub goal ���
EqSub THM ��
EqSub thm ���
EqSym goal ���
EqSym THM ��
EqSym thm ���
eval rules �� ��� ���
EVERY� CONS ���
EVERY� DEF ��
EVERY� EVERY ���
EVERY� IMP EVERY� ���
EVERY� MAP MAP ���
EVERY� swap EVERY� ���
EVERY ANDMAP �
EVERY APPEND �
EVERY IMP �� ���
EVERY INTERLEAVE ��
EVERY IS WF value ���
EVERY IS WF value � ���
EVERY IS WF value � ���
EVERY IS WF value � ���
EVERY IS WF value � ���
EVERY LAMBDA EXISTS ���
EVERY LENGTH FLST EQ FLST ���
EVERY MAP ��
EVERY NOT SOME �
EVERY PRESERVES INV FLST ���
EVERY PRESERVES INV o FLST F ���
EVERY PRESERVES INV Usage V FLST�
Usage V ���
EVERY PRESERVES INVAR IMP�
EVERY PRESERVES INVAR
���
EVERY RA ���
EVERY RE V ���
EVERY REV ���
EVERY sort ���
EVERY T ��
EVERY Usage V ���
EVERY weaken ��
exec �� ��
EXISTS CONJ EQ CONV ��� ���
EXISTS CONV ��� ���
EXISTS DEF �
exists DEF �� ���
EXISTS EQ TAC ���
EXISTS INTRO �
EXISTS ROTATE RIGHT CONV ���
expand name ��
EXPAND PAIR TAC ��
EXPAND TUPLE TAC ��
f �� ��
f tp ���
failure ���
failure in list ��
failure is failure value ��
failure IS WF value ���
failure SUB VALUE OF �
failure SUB VALUE OF IS WF value �
fd Axiom ��
fd rules ��
fh ��� �� ��� ��� �� ��� ��� �������
��
fh ��� �� ��� ��� ��� ��
fh� �� �� ��� ��� ��� ��
fh� �� ��� ��� ��
FINAL ��
FINAL DEF ��
FINAL MAP ���
�nd rand term ��
�nd top term ��
FINITE DECLARED IDS ���
FINITE GSPEC CONV
FINITE ID OWNERS ��
FINITE list to set �
FINITE num �
FINITE num CONV �
-
Index �
FINITE REST ��
FINITE rules � ���
FINITE TYPES ���
FINITE XX ID OWNERS ��
FIRST NO FAIL ���
�xity ��
� ���
� ���
�� ���
FL COMM ���
FL DEF ���
FL EQ NIL ��
FL FL ���
FL IDEMPOT ��
FL UNIV ���
FLAT NIL EVERY ��
FLST DEF ��
FLST ETA ��
FLST F DEF ��
FLST F EQ FLST F ���
FLST F ETA ���
FLST F IDEMPOT ��
FLST IDEMPOT ��
FORALL CONV ���
FORALL CONV� ���
FORALL DEF �
FORALL EQ TAC ���
FORALL EXISTS ���
FORALL FORALL
FORALL imp �
FORALL IMP EXISTS lm ��
FORALL in list
FORALL LPAIR CONV ���
FORALL LPAIR TAC ���
forall pair ��
FORALL PAIR CONV ���
FORALL pair CONV ���
FORALL ROTATE RIGHT CONV ���
FORALL ROTATE RIGHT CONV� ���
FORALL true �
fs ���
FULL BETA� TAC ��
FULL BETA TAC �� ��� ���
FUN EQ TAC �� ��� ���
func lemma �� �� ���
funcdef �
g � �� �
G� L� tac ���
G L� ���
G� L� ���
g DEF ��
gen ant �� ��
GEN ANT TAC �� �� ��
GEN BETA TAC �� ��� ��� �� ���
GEN EXISTS TAC ��
get ��
get beta redex ��
get bvars ��
get string equal ���
get tag arity ��
get unique ��
GF V DEF ��
global �
global error Axiom ��
global error IS WF value ���
GlobalFunc ��
GlobalFunc rules ���
GlobalFunc ty ��
GlobalFunc V DEF ��
GlobalFunc V IS WF value ���
globalfuncs ���
globalfuncs reduce ���
gname �� �� �� ��� ���
goal ��� �� �� ��� ��� ���
goals ��
GSPEC FINITE �
GSPEC GSPEC �
GSPEC GSPEC CONV �
GSPEC IN �
GSPEC OR CONV �
h ���
h� ���
H �
h DEF ��
H rules �� ���
H selector defs �
has same members Axiom ��
HAS SUB AF thm ��� ��
HAS SUB Term thm ��� ��
hd extension lemma ��
HD MAP PAIR ���
hyp� ���
i o �� ���
id owner ��
ID OWNERS CONS UNION ���
ID OWNERS DEF ���
ID OWNERS EMPTY ��
ID OWNERS EMPTY NOT in list ���
ID OWNERS idempot ���
ID OWNERS rules ���
ID OWNERS SING ID OWNERS�
EMPTY ���
id term ���
id term DEF ���
Ident ��
-
� Index
ident ��
IDENT ��
ident Axiom ��
IDENT REPLACE ���
ident state simpli�cation ��
Ident ty ��
ident ty ��
IdentDecl ��
IF �
IF CONV ���
if simplify ���
IF THM ���
IH �� ��� �� ��� �� � ��� ���
� ���
IH ���
IH � ��
IH APPEND ���
IH BITER ��
IH BPAR ��
IH INTERLEAVE ���
IH RE ��
ilm ���
ilm� ���
ilm ��
ilm� ��
ilm� ���
ilm� ��
ilm� ��
ilm� ���
ilm� ���
ilm� ���
ilm ���
ilm� ���
ilm�� ���
ilm� ���
ilm�� ���
ilm�� ���
ilm�� ���
ilm�� ���
ilm�� ���
ilm�� ��
ilm�� ��
ilm� ��
ilm� ���
ilm�� ��
ilm� ��
ilm�� �
ilm�� ��
ilm�� ��
ilm�� ��
ilm�� ��
ilm�� ��
ilm�� ��
ilm� ��
ilm� ���
ilm�� ��
ilm� ��
ilm�� ��
ilm� ���
ilm� ���
ilm� ���
ilm� ���
ilm ���
imp ���
IMP ANT OR CONV ��
IMP BDIFF ��
IMP CONJ TAC ��
IMP CONSEQ AND CONV ��
IMP EQ TAC ���
IMP IMP CONV ��
IN GSPEC CONV �
IN GSPEC CONV� �
IN in list �
in list APPEND ��
in list aux xor �
in list DEF ��
in list eq not count ��
in list FLAT SOME ��
in list IN �
in list IN CONV
in list IN ID OWNERS ���
in list insert ��
in list rules �
in list set minus ��
in list set minus single �� ��
in list set to list ��
in list set to list� SING �
in list set to list� UNION �
in list set to list� UNION� ��
in list sort ��
IN list to set ��
in list value to list �
IN SAME CONV aux ��
IN SAME CONV aux lemma� ��
IN SAME CONV aux prc l ��
IN SAME CONV aux prc l� ��
IN SAME CONV aux prc l� ��
IN SAME CONV aux prc l� a ��
IN SAME CONV aux prc l� �
IN SAME CONV aux prc l� a �
IN SAME CONV DEF ��
IN SAME CONV imp prc ��
IN SAME CONV imp prc� ��
IN SELECT ��
IN SELECT CONV ��
IN UNION ABSORPTION ��
ind step� assums ��
induct conseq lemma �
-
Index ��
insert Axiom ��
INSERT EQ SING ��
insert in ordered ��
integrity invar DEF ���
INTER lm ��
INTERLEAVE ��� ���
INTERLEAVE NIL ���
INTERLEAVE � NIL ���
INTERLEAVE � NIL ���
INTERLEAVE assoc ��
INTERLEAVE assoc lemma ���
INTERLEAVE commute ���
INTERLEAVE CONS ���
INTERLEAVE DEF �
INTERLEAVE EVERY ���
INTERLEAVE MAP ���
INTERLEAVE MAP MAP ���
INTERLEAVE NIL ���
inv enc ��
INVAR ���
INVAR CONS ���
INVAR DEF ���
invar DEF ���
INVAR ETA �
INVAR HYP ���
INVAR INSERT ��� ���
INVAR INSERT� ���
INVAR MK FH� ���
INVAR MK FH� lemma ���
INVAR NEW STATE ���
INVAR NEW STATE� ���
INVAR NEW STATE INSERT ���
INVAR NEW STATE INSERT� ���
invar su�ces ���
invar true �� ��
invert P m� B ���
is dec value dec �
is enc value enc �
is failure value failure ��
is failure value list to value ��
is lap value lap value �
is LEAF btree DEF ���
is name value name ���
is NODE btree DEF ���
IS ORDERED Axiom ��
IS ORDERED set to list �
IS ORDERED sort ��
is partial cond ���
is priv not is pub ��
is pub not is priv ��
is rules �� � ���
is seq value P lx ���
is seq value seq �
is sorted Axiom ��
is string const ���
IS TOTAL Axiom ��
IS V cont ���
IS V DEF ��
IS V IMP IS V ��
IS V strengthen ���
IS V true ���
IS V ty ��
is value tag defs ��
IS WF eq rules ���
IS WF funcdef DEF ���
IS WF funcdef fd ��
IS WF funcdef INVAR CV ��
IS WF funcdef IS WF Protspec LIST�
PRESERVES INV INVAR Prot�
V ��
IS WF imp rules ���
IS WF list to value ���
is wf NO DUP ��
IS WF PR CAST DEF ��
IS WF PR CAST init ���
IS WF PR CAST lambda ���
IS WF PR CAST prc init ��
IS WF PR CAST prevents replay ���
IS WF Protspec CONS Prot ���
IS WF Protspec DEF ��
IS WF Protspec EVERY PRESERVES�
INV Prot V fd �
IS WF Protspec LP ���
IS WF Protspec MAP REPLACE ���
IS WF Protspec rules ���
IS WF rules ���
IS WF simple rules ���
IS WF state DEF ��
IS WF state failure ���
IS WF state NEW STATE ���
IS WF state TP V ���
IS WF TAC ��
is wf tac ��
IS WF Term V arg list ���
IS WF trans DEF ��
IS WF trans list DEF ���
IS WF trans list IS WF trans ���
IS WF trans list Prot V ��
IS WF trans list set DEF ���
IS WF value ��
IS WF value arg list V ���
IS WF value global funcs ���
IS WF value local funcs ���
IS WF value P enc P dec tac ���
IS WF value set DEF ��
IS WF value set INSERT ��� ���
IS WF value set nh� ��
IS WF value set UNION ��
-
� Index
IS WF value Term V ���
IS WF value Term V� ��
IS WF value Term V arg list V ���
it � ��� ��� ��� ���
ITERATE ���
itm ���
itm� ���
itm ���
itm� ��
itm� ���
itm� ���
itm� ��
itm� ��
itm� ���
itm� ���
itm ���
itm� ���
itm�� ���
itm� ���
itm�� ���
itm�� ���
itm�� ���
itm�� ���
itm�� ���
itm�� ���
itm�� ��
itm� ��
itm� ���
itm�� ��
itm� ��
itm�� ��
itm�� �
itm�� ��
itm�� ��
itm�� ��
itm�� ��
itm�� ��
itm� ��
itm� ���
itm�� ��
itm� ��
itm�� ��
itm� ���
itm� ���
itm� ���
itm� ���
itm ���
itm ass ���
l ��� ��� ���
l ��� ���
l rules �
l� ��� ���
L� EQ failure ���
l� ��� ��� ��
LAP DEF ���
lap value �
lap value ��
last run ��
LEFT IMP EXISTS TAC ���
LEFT IMP SL CONS ��
lemma �� ��
lemma� ��
lemma ��
lemma� ��
lemma� ��
lemma rules �
lemma� �� ��
lemma rules ��
lemma rules� �
lemma rules� �
LENGTH � �
LENGTH ��
LENGTH arg list V ���
LENGTH CONS HD TL ��
LENGTH EQ HD ���
LENGTH FL UNION ��
LENGTH LR ���
LENGTH ordered ��
LENGTH Prot V REPLACE Term ���
LENGTH RA ���
LENGTH REV ���
LENGTH sort �
LESS ��
LESS ADD ���
LESS EQ LESS ��
LESS LESS EQ ��
less to not eq ��
let AND CONV ��
let AND TAC ��
let RULE ��� ���
let TAC � ��� �� ���
LHS CONV ��� ���
LIST COMPLETE ���
LIST EXISTS TAC ��� �� ���
list extension ��
LIST GEN ANT TAC �� �� ��
list ISO arg list ��
LIST MATCH ACCEPT TAC ��
LIST MATCH MP TAC ���
LIST PRESERVES INV DEF ��
LIST PRESERVES INV FINAL MAP�
FINAL ��
LIST PRESERVES INV in list ��
LIST PRESERVES INV MAP� ���
LIST PRESERVES INV Usage V FLST�
FINAL Usage V FINAL ���
-
Index ��
list rules �� ��� ��� ��� ��� ��� ��
��� �� � ��� ��� ��� ���
���
list set list
LIST SPEC TAC ���
list to arg list Axiom ���
list to bag Axiom ��
list to set APPEND ���
list to set Axiom ��
list to value Axiom �
list value list ��
list value list aux xor ��
lm �� �� ��� ��� �� ��� ��� ���
lm� ���
lm � �� �� ��� ��� ��� ��� ��
��� �� ��� ��� ���
lm ���
lm� ���
lm� �� ��� �� ��� �� ��� ��� ���
�� ��� ��� ��� �� ��� ���
lm� � tac ��
lm� �� ��� �� ��� ��� ��� ��� ���
��� ��� ���
lm� �� �� ��� ���
lm� ���
lm� � ���
lm� �� ���
lm� ���
lm ���
lmx ���
local �
local error Axiom ��
local error IS WF value ���
LocalFunc ��
LocalFunc ty ��
log on �
LONG DISJ CASES TAC �
LOOP� ��
LP ���
LP thm ���
LR �
LR DEF �
LR RA ��
LR REV ��
LR REV CONS ���
ls ��� ��� ���
LT DEF ���
LTP DEF ���
LTP lambda ���
LTP REFL ���
m ��� �� ��� ���
m structure �
m SUB VALUE OF m� ���
m� ��� �
���
m� � ��
m� � ���
make list ��
make list DEF ��
make list LENGTH EL MAP� �
map ��
MAP APPEND make list LENGTH ��
MAP EL APPEND make list LENGTH
��
MAP EL make list LENGTH ��
MAP EQ MAP ���
MAP EQ NIL ���
MAP FST MAP ���
MAP INTERLEAVE ���
MAP make list ���
MAP make list LENGTH ��
MAP MAP ��
MAP NIL ���
MAP RA ���
MAP REV ���
MAP TL ���
MAPI DEF ��
masterkey �
masterkey �� �
masterkey SUB VALUE OF m ���
masterkey SUB VALUE OF out dec
masterkey SUB VALUE OF out enc
masterkey SUB VALUE OF P dec ���
masterkey SUB VALUE OF P enc
masterkey SUB VALUE OF P g ���
masterkey SUB VALUE OF P g� ��
masterkey SUB VALUE OF P l� ���
masterkey SUB VALUE OF P m� B ��
masterkey SUB VALUE OF P masterkey�
table ���
MATCH MP� TAC �� �� � ��� ���
���
member Axiom ��
min Axiom ��
MK ���
MK ARITH REWRITE ��
MK commute ���
MK CONS RULE ���
mk curr ty ��
mk discriminator ��
MK FH� �� ��
MK FH� APPEND ��
MK FH� DEF ��
MK FH� FL SUBSET ���
MK FH� FL UNION ���
MK FH� INTERLEAVE ���
MK FH� LENGTH ��
MK FH� PRE ���
-
�� Index
MK FH� project ���
MK FH� project� ���
MK FH DEF �� ���
mk goal rhs ��
mk is mut rec tag def �
mk is mut rec tag def aux ��
mk is tag def lines ��
mk joint name ��
mk list DEF ��
mk MP rule ���
mk rewrite �� ��� � ��� ��� ��� ���
mk set fun thm ��
mk TM thm �
mk TM thm� �
mk triv ��� ���
mk unique arg list ��
move n out tac ��
MP goal ���
MP thm ���
msg ���
mut rec ty spec �� ��
mut rec ty spec to distinctness goals ��
MUTREC INDUCT THEN TAC �� ��
���
mx� v ���
my genvar �� �� �� ��� ���
MY REWRITE TAC ���
my save thm ��� ��� ���
my use ���
N TIMES ��
name ��
name �� �� ���
name IS WF value ���
name list var prod ��
names ���
natmap� ��
natural set induct lemma ��
NEG ADD FUNC TAC �� ��
net funcs ��
net funcs invar ��
net has ��
net has goal ��
net has set ���
NEW I O DEF ��
new prc ��
new recursive de�nition �
new set induct �
NEW SET INDUCT TAC �
NEW STATE DEF �
NEW STATE rules ��
New Ty Distinct Thms �
newline ��
nh �� ���
nh� ��� ��� �� ���
NIL IN MK FH� ���
nil in MK FH� tac ��
NIL ORDERED ��
NIL set minus �� �
NO DUP APPEND set minus �
NO DUP aux xor ��
NO DUP Axiom ��
NO DUP insert ��
NO DUP set minus ��
NO DUP set to list �
NO DUP sort ��
NO DUP to count ��
no sub lemma ���
no sub lemma goal ���
non empty ass ���
NOT AND ���
not dec ��
not enc ��
not enc dec ��
NOT enc EQ P lap ���
not enc EQ P null ���
NOT enc EQ P rr ���
not enc P masterkey table ��
not enc SUB VALUE OF P null ���
NOT F BDIFF ��
not failure in list aux xor ��
not failure list to value ��
not failure P dec ���
not failure P enc �� ���
not failure P enc P dec tac ��
not failure P l� ��
not failure P masterkey ��
NOT IMP TO CONJ CONV ���
not IN SAME CONV NET ��
not is failure out key dec �
not is failure out key enc ��
not is failure out msg dec ��
not is failure out msg enc ��
not is failure out msg enc P g�
not is failure out tac ��
not is failure value P xor ��
NOT LESS � ���
not m� SUB VALUE OF m ��
NOT masterkey EQ P lap ���
not masterkey SUB VALUE OF failure �
not masterkey SUB VALUE OF P null ���
not mk rewrite ��
not nil list to lap value ���
NOT NULL INSERT �
NOT OR ���
NOT OR CONV ��� ��� ��� ���
NOT ORD IMP REV ORD �
not P g is failure to seq lap value ���
-
Index ��
not P g P g� is failure to seq lap value
���
not P l� EQ enc ���
not P l� EQ P enc P l� ���
NOT P l� EQ P null ��
not P l� EQ P null ���
not P masterkey table in nh ���
NOT RA NIL ���
not REFLEXIVE PROTECTED ���
not REFLEXIVE PROTECTED BY ���
NOT SUC ���
NOT SUC ADD LESS ���
NOT SUC LESS EQ � ���
NOT symbol EQ P null ���
not symbol in nh ���
not value TOTAL ORDER antisym ���
Null DEF ���
NULL NIL �� ��
num� �
num REDUCE TAC ���
num SUC �� �� �� �� ���
numpair �
occurs ���
ok ���
OK ��
OK THM �
OK � ���
OK � THM �
OK� ���
OK� rules ��
OK� THM �
OK� ���
OK� rules ���
OK� THM �
OK� ���
OK� THM �
OK� ���
OK� THM �
OK� ���
OK� THM �
OK� ���
OK� THM ���
OK ��
OK THM ���
OK tac ��� ��
OK tac� ��
OK tac� ��
OK tac� ��
OKx rules ���
ONCE UNDISCH FILTER TAC ���
ONE ORDERED �
OR � ��
OR GSPEC �
order insert �
orig dir ��
os DEF ��
out hd lap value out list seq rev sub value
���
out hd lap value rev sub value ���
out ident name DEF ���
out left NODE DEF ���
out list seq rev sub value ���
out masterkey SUB VALUE OF out tac
�
out msg enc P g� rev sub value ���
out msg enc SUB VALUE OF ��
out right NODE DEF ���
out rules �� � ���
out rules� �
out value �
P ��� ��� ��
P ass ���
P ass Axiom ��
P ass IS WF value ���
P ass key ���
P dec IS WF value ��
P dec P g� EQ symbol ��
P dec P g� symbol ���
P enc Axiom ��
P enc IS WF value ��
P enc P l� ���
P enc P l� EQ enc ��
P enc unique key ��
P g� P l� tac ���
P g Axiom ��
P g IS WF value �
P g P l� ��� ���
P g rev sub value ���
P g� Axiom ��
P g� IS WF value �
P g� P l� ��� ���
P g� rev sub value ���
P g� Axiom �
P g� IS WF value ���
P g� Axiom �
P g� IS WF value ���
P g� Axiom �
P g� IS WF value ���
P gx IS WF tac ���
P gx rules ���
P l Axiom ��
P l IS WF value �
P l� ���
P l� Axiom ��
P l� EQ P dec ���
P l� EQ P enc ���
-
�� Index
P l� EQ P lap ���
P l� IS WF value �
P l� simplify ���
P l� Axiom ��
P l� IS WF value ���
P l� Axiom ��
P l� IS WF value ���
P l� Axiom ��
P l� IS WF value ���
P lap Axiom ��
P lap IS WF value �
P lap IS WF value� ���
P lt �
P lt Axiom ��
P lt IS WF value �
P lt P rr IS WF value tac �
P lx rules ���
P m �� ���
P m A SUB VALUE OF P m� B ���
P m IS WF value ��
P m� ���
P m� IS WF value ���
P m�a SUB VALUE OF P m�b ��
P masterkey table ��
P masterkey table Axiom ��
P masterkey table commute ���
P masterkey table IS WF value �� ���
���
P masterkey table P g rev sub value ���
P null Axiom �
P null IS WF value ��
P priv key table ��
P privkey table Axiom ��
P privkey table IS WF value ���
P privkey table run independant ��
P pubkey table �
P pubkey table Axiom ��
P pubkey table IS WF value ��
P pw key Axiom �
P pw key di� �
P pw key IS WF value ��
P pw table Axiom �
P pw table IS WF value ���
P rr �
P rr Axiom ��
P rr is seq ��
P rr IS WF value �
P rules �
P sessionkey ��
P sessionkey Axiom ��
P sessionkey IS WF value ���
P xor assoc ��
P xor Axiom �
P xor cancel �
P xor commutative ��
P xor IS WF value ��
P xor to aux xor ��
PAIR lemma ���
PAIRED BETA� TAC ��
PAIRED BETA TAC ��
paired let RULE ���
paired let TAC ��� ���
PC EQ DEF ���
PC EQ REFL ���
PC EQ SYM EQ ���
PC EQ TRANS ���
PC IMP DEF ���
PC IMP MP ���
PC IMP REFL ���
PC IMP TRANS ���
PC V DEF ��
PC V EQ PC V ���
PC V IMP PC V ���
PC V IMP PC V� ��� ���
PC V IMP PC V lm ���
PC V INVAR ��� ���
PC V ty ��
PCT ��
PCT DEF ��
PhiA �� ���
PhiB �� ���
PM � � ��
position �� ��
pr ���
pr ���
pr� ���
pr cast ��
prc �� ��� ��� �� ��
prc� ��
prc� ��
prc init ��
PRE ADD ���
pre�x ���
PRESERVES INV DEF ���
PRESERVES INV EQ ���
PRESERVES INV FINAL CONS FLST F
���
PRESERVES INV FLST F ���
PRESERVES INV IMP FLST F ��
Principal ��
PRINCIPAL ���
principal Axiom ��
principal DISTINCT ��� ���
principal INDUCT TAC ��� ���
principal ty ��
PRINT TAC �� ��
print term types �
print thm types �
-
Index ��
priv ���
priv �� ���
PRIV KEY DEF ���
priv lemma ���
progress table ���
project �� �� ���
prot ���
prot� ���
Prot ��
Prot EQ DEF ���
Prot EQ REFL ��
Prot EQ SYM EQ ��
Prot EQ TRANS ��
Prot IMP DEF ���
Prot IMP MP ��
Prot IMP REFL ���
Prot IMP TRANS ���
Prot list ��
Prot list ass �
Prot REPLACE AF DEF ���
Prot REPLACE Term DEF ���
Prot V APPEND ��
Prot V CONS ��
Prot V DEF �
Prot V EQ Prot V IMP Prot EQ ���
Prot V IMP PC V ���
Prot V IMP PC V EQ ���
Prot V IMP Prot EQ ���
Prot V Prot EQ ���
PROTECTED BY DEF ��
PROTECTED BY failure symbol P�
masterkey table ���
PROTECTED BY m symbol P�
masterkey table ��
PROTECTED BY name symbol P�
masterkey table ���
PROTECTED BY not equal �
PROTECTED BY P lap symbol P�
masterkey table ���
PROTECTED BY P null ���
PROTECTED DEF ��
PROTECTED failure P masterkey table
���
PROTECTED m P masterkey table ���
PROTECTED name P masterkey table
���
PROTECTED not equal ��
PROTECTED not in P g masterkey ���
PROTECTED not in P g� masterkey ���
PROTECTED P dec ��
PROTECTED P enc ��
PROTECTED P g ��
PROTECTED P g� ��
PROTECTED P l� ��
PROTECTED P lap P masterkey table
���
PROTECTED P lt ��
PROTECTED P lt masterkey ���
PROTECTED P lt P masterkey table ���
PROTECTED P lt P rr tac ��
PROTECTED P m� B ���
PROTECTED P null ���
PROTECTED P rr ��
PROTECTED P rr masterkey ���
PROTECTED P rr P masterkey table ���
Protspec ��
PROTSPEC PROP TAC ���
Protspec REPLACE AF DEF ���
Protspec REPLACE Ass DEF ��
Protspec REPLACE Prot DEF ���
Protspec REPLACE RE ���
Protspec REPLACE Term DEF ���
Protspec REPLACE Usage DEF ���
prove all goals distinct ��
prove distinct thm ��
PROVE RE ��
pt ��� �� ��� ��
PT ��
PT THM ���
PT� ��
PT� THM ���
pt MK FH� �
pub ���
pub ���
PUB KEY DEF ���
pub lemma ���
pure AF Term rules ���
PURE DEF ��
PURE MATCH REWRITE TAC ���
PURE ONCE MATCH REWRITE TAC
���
PW DEF ���
PW REFL ���
RA �
���
RA DEF ���
RA LR RT ��
RA LR RT CONS ��
RE ��
RE THM ���
RE� ���
RE� THM ���
RE� ���
RE� THM ���
RE� ���
RE� THM ���
RE� ��
RE�� TAC ��
-
�� Index
RE� THM ���
RE� ��
RE� THM ���
RE� ��
RE� THM ���
RE DEF ��
RE EQ DEF ���
RE IMP DEF ���
RE IMP MP ���
RE IMP REFL ��
RE IMP TRANS ���
RE INDUCT TAC ���
RE REPLACE RE DEF ���
RE V ���
RE V ��
RE V � NIL ���
RE V DEF ��
RE V EQ RE V IMP RE EQ ��
RE V EQ RE V IMP RE REPLACE RE
���
RE V EQ RE V IMP Usage V MAP EQ�
Usage V MAP ��
RE V EVERY ���
RE V IMP RE EQ ��
RE V MAP ���
RE V MAP EQ MAP RE V ��
RE V MK FH� ��
RE V NIL � ���
rec axiom ��
REFLEXIVE IN SAME CONV ��
REFLEXIVE SUB VALUE OF ���
rem tac ��
remove Axiom ��
REMOVE CHOICE TAC �
remove conj tac �
remove pair ��
remove pair� ���
REMOVE SELECT TAC ��
remove syntax tac ���
REPEAT UNTIL STABLE �� �� ���
REPLACE DEF ��
REPLACE Term RULES ��� ���
REPLACE Term thm ��� ��
residue ��� ���
rest induct lemma ��
REV �
���
REV CONS ��
REV CONS CONS ��
REV DEF ���
REV NIL ���
REV RA ��
REV REV ��
rev sub value DEF ��
rev sub value out key dec ���
rev sub value out key enc ���
rev sub value out msg dec ��� ���
rev sub value out msg enc ��� ���
rev sub value out msg tac ��� ���
rev sub value REFL ��� ��
REVERSE ETA CONV ��
REVERSE NEG TOTAL ��
REVERSE REWRITE �� ��� ���
reverse rewrite ���
REVERSE TOTAL �
reverse value TOTAL ORDER ���
RHO DEF ���
RHO PW EQUIV ���
RHO PW REFL ���
RHS CONV ��� ���
rl� ��
rls ��
rm choice �
RM FUNC� TAC �
RM FUNC TAC �� �
rn ���
rn �� ���
rn� �� ���
rn� ���
Role ��
role ��
role V DEF ��
rotate right ���
RR DEF ���
RS V cont ��
RS V DEF �
RS V IMP RS V ��
RS V IMP RS V� ���
RS V IMP RS V EQ ���
RS V IMP RS V EQ� ���
RS V strengthen ���
RS V true ���
RS V ty �
RT �
RT DEF �
RT RA ���
RT REV ���
RT REV CONS ���
rule ���
rule ���
rule� ���
rules � � ��� ���
run ��
run ty ��
s �� �� ���
S ���
s �� ��
S� ��� ���
-
Index ��
s� �� ��
s IDENT DEF ��
S cont � ��
s rules ��
S S cont � ��
second P m A SUB VALUE OF P m B
��
seq � ��
SEQ ��
SEQ THM ���
SEQ� ��
SEQ� THM ���
SEQ� ��
SEQ� THM ���
seq ��
seq map ���
seq rules �
sessionkey ���
SET INDUCT REST TAC �
set minus APPEND ��
set minus Axiom ��
set minus cancel ��
set minus set minus x �
set minus single Axiom ��
set minus x Axiom �
SET SPEC AND ��
SET SPEC EQ ���
SET SPEC OR ��
SET SPEC TAC ��� ���
set to list ��
set to list� aux �
set to list� DEF �
set to list aux ��
set to list aux DEF ��
set to list Axiom �� �� ��
set to list DEF �� ��
set to list list to set sing ��
sg ��� ��� ��� ��
simpler goal ��
simplify goal ��
SING ��
sing APPEND �
SING GSPEC �
sing set minus �
SINGLE REWRITE TAC ��
singleton set ��
SL DEF ��
SL LENGTH ��
SL min ��
SL REFLEXIVE ��
SL TL ��
slm ���
slm� ��
slm �
slm� �
slm� ���
slm� ���
slm� ���
slm� ��
slm� ��
slm� ��
slm� ��
slm ��
smallest �rst �
smin aux DEF ��
smin Axiom ��
smin DEF ��
sml DEST ���
snh ���
SOME DEF ��
SOME EL � ���
SOME EL � ���
SOME EVERY failure ���
SOME is failure value ���
SOME is failure value � ���
SOME is failure value � ���
SOME is failure value � ���
SOME is failure value � ���
SOME NOT EVERY ���
sort Axiom ��
sort insert commute ��
sort lemma ��
sort single ��
sprint ��
SR ���
SR prove ��
st ���
ST � �� ��� ��� ���
ST DEF ��
ST expose ��
ST lambda right ��
ST LENGTH ��
ST min ��
st old ���
ST REFL ��
ST right lambda ��
state ��
state assume ��
state invar DEF ���
Step ��
step ���
step� ���
step� ���
step� ��
steps ��
steps ���
steps� ���
steps DEF ���
-
Index
stm ���
stm� ��
stm ��
stm� �
stm� ���
stm� ���
stm� ���
stm� ���
stm� ��
stm� ��
stm� ��
stm ��
STRENGTHEN TAC �� ���
strengthen tac ��� ���
string CONV ���
string EQ CONV ���
string EQ TAC ��� ��
string list to string ��
string REDUCE TAC ���
strong set induct lemma � �
STRONG SET INDUCT TAC �
strong set induct thm �
stronger P m ���
stronger P m� ���
stronger P m� � ��
stronger P m� � ���
stronger PC V INVAR ��
stronger Usage V MK FH� ���
sub goal ���
sub lemma ���
SUB LESS ��
SUB RULES ��� ���
SUB VALUE OF DEF �
SUB VALUE OF failure ���
SUB VALUE OF name ���
SUB VALUE OF out msg dec ���
SUB VALUE OF out msg enc ���
SUB VALUE OF P g ���
SUB VALUE OF P g� ���
SUB VALUE OF P lap �
SUB VALUE OF P lt ���
SUB VALUE OF P masterkey table ��
SUB VALUE OF P rr ���
SUB VALUE OF symbol ��
SUB VALUE OF value list ��
SUB VALUE OF value list tac ���
sub value TRANSITIVE lemma ���
SUBSET FL ��
subterm ���
SUC num ��
SUC OR � �
SUC SUB ��
surface rules ��
surface rules� ���
SYM IMP ��
sym rule ��
symbol �
symbol �
symbol dec enc ���
symbol IS WF value ��� ���
symbol P masterkey table PROTECTED�
BY P m� B � ���
symbol PROTECTED BY P dec ���
symbol PROTECTED BY P enc ��
symbol PROTECTED BY P enc P dec tac
��
symbol PROTECTED BY P g ���
symbol PROTECTED BY P g� ��
symbol PROTECTED BY P l� ���
symbol PROTECTED BY P lt ���
symbol PROTECTED BY P lt P rr tac
���
symbol PROTECTED BY P rr ���
symbol SUB VALUE OF P dec ��
symbol SUB VALUE OF P enc ��
symbol SUB VALUE OF P enc P dec tac
��
symbol SUB VALUE OF P g ��
symbol SUB VALUE OF P g� ��
symbol SUB VALUE OF P l� �
symbol SUB VALUE OF P lt ��
symbol SUB VALUE OF P masterkey�
table ��
symbol SUB VALUE OF P rr �
SYMMETRIC eq IN SAME CONV ��
SYMMETRIC IN SAME CONV �
syntax rules ���
t � �� � �� ��� ��� ��� ��
t ��� ���
t� ���
T �
T BDIFF ��
T IN CPR ���
tab ��� ��� �� ��� ��� ��� ��� ���
��� ���
tab� �� ��
tabx ���
tac �� � �� ��� ��� ��� ��� ���
��� ���
tac ��� ���
tac� ��� ��� ��� ��� ���
tac� ��� ��
tac� ���
Term EQ DEF ���
Term EQ REFL ���
Term EQ SYM EQ ���
Term EQ TRANS ���
-
Index �
Term IMP DEF ���
Term IMP REFL ���
Term IMP TRANS ���
Term IS WF CONV ��
Term SUB AF DEF ���
Term SUB Term DEF ���
Term V AF V AF REPLACE Term ���
Term V arg list V Terms REPLACE Term
���
Term V Ass V Ass REPLACE Term ���
Term V IMP Term EQ ��
Term V Term EQ� ��
Term V Term REPLACE Term lm ���
Term V Term V Term REPLACE Term
���
THEN CONV ���
thm ��
thm term �� � �� �� �� ��
tm � �� ��� �� �� � ��� ����
�� �� ��� ��� ��� ��� ���
�� �� �� � ���
tm� ���
TM ���
tm ��� ��� ��� ��� �� �� ��� ���
��� ���
TM� �
TM� THM ���
TM ���
TM THM ���
TM� ���
TM� THM ���
TM� ���
TM� THM ���
TM� ���
TM� THM ���
TM� ���
TM� THM ���
TM� ���
TM� THM ���
TM� ���
TM� THM ���
TM THM ���
TM� ���
tm� ��� �� ��� ��� �� ��� ��� ��
�� ��� ���
TM� THM ���
TM� ���
tm� �� ��� ���
TM� THM ���
TM� ���
TM� THM ���
TM� ��
TM� THM ���
TM� ��
TM� THM ���
TM� ��
TM� THM ��
TM� ��
TM� THM ��
TM ��
TM THM ���
TM rules ���
TM rules ��� ���
TM rules� �
TM tac ��
TM tac� �
TM tac� �
tmp goals ��
TOTAL ANTISYM ��
TOTAL REFLEXIVE ��
TOTAL TRANSITIVE ��
tp �� ��� ��
TP V DEF ��
TP V IMP TP V �
TP V strengthen ���
TP V true ���
TP V ty ��
TP V Unpred simplify ���
TRANSITIVE IN SAME CONV �
TRANSITIVE SUB VALUE OF ���
tree to list DEF ���
triv equal ��
TrivSP ��
True ���
TUPLE IN GPSEC CONV �
Type ��
Type INDUCT TAC �� ���
type list ��
type name list ��
type synonym ��
TYPES DECLARED IDS ���
TYPES DEF ���
TYPES ID OWNERS ���
uc fn su�x ��
uc su�x ��
UNDISCH BOTTOM TAC �� ��� ���
UNDISCH KEEP TAC ��
UNDISCH SPLIT ��
UNDISCH TOP TAC �� �� �� �� ��
UNION DELETE ��
UNION DIFF ��
UNION EQ EMPTY �
UNION EQ SING ��
UNION INSERT �
UNION lm ��
unique num ��
us ��� ��� ��� ���
-
Index
us� ��
us� ��� ���
Usage ��
usage ���
Usage EQ DEF ���
Usage EQ REFL ��
Usage EQ SYM EQ ��
Usage EQ TRANS ��
Usage IMP DEF ���
Usage IMP MP ��
Usage IMP REFL ���
Usage IMP TRANS ��
Usage V DEF �
Usage V EQ Usage V IMP Usage EQ ���
Usage V EVERY ���
Usage V FLST ��
Usage V FLST EVERY PRESERVES INV
��
Usage V MAP ���
Usage V MAP EQ MAP Usage V ��
Usage V MK FH� ��
Usage V ty �
Usage V Usage V MAP ��
usx ���
v l vl ��
v l vl ISO ��
value �
value IN set CONV ��
value INDUCT TAC �� ��
value induct thm ��
value list� INDUCT TAC ��
value list extension ��
value list INDUCT TAC �� ��
value list value �
value rec thm ��
value rules �
value to list Axiom �
value TOTAL ORDER antisym ���
value TOTAL ORDER Axiom �
value TOTAL ORDER Def �
value uniqueness thm �
vl v l ��
vl v l ISO ��
wait �
WEAKEN ANT THEN TAC �� ���
wf APPEND ��
wf aux xor ��
wf list Axiom ��
wf set minus �
wf sort ��
wf value Axiom ��
wf value to list ��
x ��
xor ���
XOR DEF ���
XX ID OWNER CONS EQ SING ��
XX ID OWNER idempot ���
XX ID OWNERS CONS UNION ���
XX ID OWNERS EQ EMPTY ���
XX ID OWNERS SING XX ID OWNERS�
EMPTY ���
XX REPLACE Term ���
z ��
ZERO LESS ��
ZERO LESS EQ ���
ZERO LESS SUC ���
-
hol�library�tactics�sml �
hol�library�tactics�sml
�� �������������������������������������� ��
�� aux� functions ��
�� Convert a theorem to the corresponding term ��
fun thm�term thm � �snd �dest�thm thm���
exception Position of string�
fun position e � raise Position �Error� Element is not in list�
position e �a��ls� � if e�a then � else � � �position e ls��
val gname � Lib�fresh�name �gv��
fun my�genvar ty � mk�var �Name � gname��� Ty � ty��
fun project p �
project p �e��ls� � if �p e�
then e���project p ls�
else project p ls�
exception Get of string�
fun get i � raise Get �Error� Index is out of range�
get i �e��ls� � if i � � then e
else �get �i � �� ls��
�� ������������������ lemmas �����������������������������
�� func�lemma f x y � � x � y ��� f x � f y ��
fun func�lemma f x y �
let val zzzzz � my�genvar �type�of x�
in �prove ����� �x � �y � ��� � �f �x � �f �y �����
�ACCEPT�TAC
�DISCH ���� �x � �y ����
�SUBST
�thm�ASSUME ���� �x � �y ����� var � ���� �zzzzz �����
���� �f �x � �f �zzzzz ����
�prove ���� �f �x � �f �x ���� REWRITE�TAC�������
end�
�� Various tactics ��
�� PRINT�TAC
print the current goal ��
-
� hol�library�tactics�sml
fun PRINT�TAC �p�c� �
��print ��n GOAL� premises��n��
map �fn pi �� �print�term pi�print ��n��� p�
print ��n GOAL� conclusion��n��
print�term c�
print ��n��� ALL�TAC �p�c���
��
establish
� �Pv ��� Q� ��� ���x�Px� ��� Q�
��
fun gen�ant xpx v q �
let val �Body�Bvar�� dest�forall xpx�
val pv � subst �redex � Bvar� residue�v� Body in
�DISCH �mk�imp �ant�pv�conseq�q��
�DISCH xpx
�MP �ASSUME�mk�imp�ant�pv�conseq�q���
�SPEC v �ASSUME xpx�����
end�
��
��x�Px� �� Q
����������������� GEN�ANT�TAC �v�
Pv �� Q
��
fun GEN�ANT�TAC v g �
let val ��a��term�list�� conc� � g�
val �ant�conseq� � dest�imp conc�
val �Bvar�Body� � dest�forall ant in
��a� mk�imp�ant��subst �residue�v�redex�Bvar� Body��
conseq�conseq���
fn ts �� MP �gen�ant ant v conseq� �hd ts��
end�
��
testing
gen�ant �����x��a�Px���� ����v��a���� ����q�bool�����
g ���x��a�P x� ��� Q��
e �GEN�ANT�TAC ����v��a������
g ��P Q v� ��x��a�Px ��� Q� ��� Pv ���Q��
g ��Q��a��bool���P��a��bool�� x� P x� ��� Q y��
e �GEN�ANT�TAC ����Q��a��bool������
e �GEN�ANT�TAC ����y��a������
��
��
LIST�GEN�ANT�TAC
like GEN�ANT�TAC� but accepts lists of specializations�
-
hol�library�tactics�sml �
��
fun LIST�GEN�ANT�TAC � ALL�TAC
LIST�GEN�ANT�TAC �e��ls� �
��GEN�ANT�TAC e� THEN �LIST�GEN�ANT�TAC ls���
��
P
��������������� ADD�CONJ�TAC � Q
P �� Q
��
fun ADD�CONJ�TAC q g �
let val �gas� gconc� � g in
��gas� mk�conj�conj��gconc�conj��q���
fn ts �� CONJUNCT� �hd ts��
end�
�� test
g �T��
e �ADD�CONJ�TAC ����F �� T������
e Taut�PTAUT�TAC�
��
��
REVERSE�REWRITE
��
fun REVERSE�REWRITE thm �
GEN�ALL �SYM �SPEC�ALL thm���
��
IMP�CONJ�TAC
P ��� �Q ��� R�
���������������
�P �� Q� ��� R
��
fun IMP�CONJ�TAC g �
let val �a�c� � g�
val �ant�p�conseq�qr� � �dest�imp c��
val �ant�q� conseq�r� � �dest�imp qr� in
��a�term list� mk�imp�ant�list�mk�conjp� q� conseq�r���
fn ts �� �MP �SPEC r �SPEC q �SPEC p
�GEN ����P�bool���� �GEN ����Q�bool���� �GEN ����R�bool����
�Compat�PROVE �������P �� Q� ��� R� ��� �P ��� �Q ��� R�������
Taut�TAUT�TAC�������� �hd ts���
end�
��
-
� hol�library�tactics�sml
test
g �P ��� �Q ��� �R ��� T����
e �REPEAT IMP�CONJ�TAC���
��
��
STRENGTHEN�TAC Q t
P
� provided can prove � Q ��� P as a tautology using tactic t
Q
��
fun STRENGTHEN�TAC q t g �
let val �a� term list�p� � g in
��a�q��
fn th ��
MP �Compat�PROVE�mk�imp�ant�q�conseq�p�� t THEN Taut�TAUT�TAC��
�hd th��
end�
��
test
g �P ��� Q��
e �STRENGTHEN�TAC ����Q�bool���� Taut�TAUT�TAC��
��
��
UNDISCH�TOP�TAC
reverse of ���� elimination�
��
fun UNDISCH�TOP�TAC g �
let val �a�p� � g in
UNDISCH�TAC �hd a� g
end�
�� test
set�goal � ���a��bool��� � ���a��bool��� � ���a��bool��� � ���g�bool�����
e UNDISCH�TOP�TAC�
��
��
UNDISCH�BOTTOM�TAC
reverse of ���� elimination�
��
fun UNDISCH�BOTTOM�TAC g �
let val �a�p� � g in
UNDISCH�TAC �hd �rev a�� g
end�
�� test
-
hol�library�tactics�sml �
set�goal � ���a��bool��� � ���a��bool��� � ���a��bool��� � ���g�bool�����
e UNDISCH�BOTTOM�TAC�
��
fun MK�ARITH�REWRITE f �
let val ft � SPEC f �Compat�PROVE ��mk�forall
�Bvar� ���P�bool��� �
Body��mk�imp�ant� ���P�T��� � conseq� ���P�bool��� �����
Taut�TAUT�TAC�� in
MP ft �ARITH�CONV f�
end�
�� test
MK�ARITH�REWRITE � ��� ����� � �� �����
��
�� �REPEAT�UNTIL�STABLE t� applies tactic t until the resulting goal
is identical to the previous goal� or t fails ��
fun REPEAT�UNTIL�STABLE tac asc �
let val �gs�v� � �tac ORELSE ALL�TAC� asc
in �if gs � asc
then �gs�v�
else ��tac THEN �REPEAT�UNTIL�STABLE tac�� asc��
end�
��
set�goal ������A �� B �� C �� D������
e �REPEAT�UNTIL�STABLE BETA�TAC��
��
��
PURE�DEF �x���xn� f x� ��� xn � e
is converted to
f � �x����xn�e
��
fun PURE�DEF t �
let
val th� � SPEC�ALL t�
fun move�right t � let val �lhs�rhs� � �dest�eq t�
in
if �is�comb lhs�
then move�right
�mk�eq�lhs���Rator �dest�comb lhs���
rhs�mk�abs�Bvar���Rand �dest�comb lhs���
Body�rhs���
else t
end�
val goal � move�right �thm�term th���
in
if �thm�term t� � goal
then t
-
� hol�library�tactics�sml
else prove�
goal�
��REPEAT �fn �p�c� �� ���REWRITE�TAC �t � FUN�EQ�CONV c��
THEN BETA�TAC THEN �REWRITE�TAC� THEN GEN�TAC��p�c���� THEN PRINT�TAC��
end�
�� testing
PURE�DEF �hd construct�defs��
FUN�EQ�CONV �����f��a���b� � �h��a���b������
FUN�EQ�CONV ����true � AF�abs JOINT�true�����
map PURE�DEF construct�defs�
��
��
MUTREC�INDUCT�THEN�TAC thm tac
A � �x��P�x� �� ��� �� �xn�Pnxn
������������������������������������ thm
A � A��� ���� A � Am�
where �thm� is on the form
� A� �� ��� �� Am ��� �x��P�x� �� ��� �� �xn�Pnxn
Ai� is Aixi where xi may be replaced by some other variable
to avoid clashes with A
��
fun MUTREC�INDUCT�THEN�TAC thm tac �
�fn �gass�gconc� ��
�let fun inst�list tr � if is�conj tr
then �mk�abs �dest�forall ��conj� �dest�conj tr���
�� �inst�list ��conj� �dest�conj tr����
else mk�abs �dest�forall tr��
val thm� � BETA�RULE �SPECL �inst�list gconc� thm��
val �ant�conseq� � �dest�imp �thm�term thm���
in
��gass�ant��
fn ths �� �MP thm� �hd ths���
end�� THEN �REPEAT CONJ�TAC� THEN tac�
�� old�version
RM�FUNC�TAC
f t� � f t�
����������� RM�FUNC
t� � t�
fun RM�FUNC�TAC �a�c� �
let val �lhs�rhs� � dest�eq c�
val f � �Rator �dest�comb lhs��
val t� � �Rand�dest�comb lhs��
val t� � �Rand�dest�comb rhs��
val l � func�lemma f t� t��
in
-
hol�library�tactics�sml �
��a�mk�eq�lhs�t��rhs�t�����fn ths �� �MP l �hd ths����
end�
��
��
RM�FUNC�TAC
f t� ��� tn � f t�� ��� tn�
�������������������������� RM�FUNC�TAC
t� � t���� ��� �� tn�tn�
��
fun RM�FUNC�TAC �a�c� �
let fun get�conc�list l r � if �is�comb l�
then ��mk�eq�
lhs � �Rand �dest�comb l��
rhs � �Rand �dest�comb r�����
�get�conc�list
��Rator �dest�comb l��
��Rator �dest�comb r����
else �
val �lhs�rhs� � dest�eq c�
val gc � list�mk�conj �get�conc�list lhs rhs��
val l � prove��mk�imp�ant�gc�
conseq� c���
��REPEAT STRIP�TAC� THEN
�ASM�REWRITE�TAC���
in
��a�gc���fn ths �� �MP l �hd ths����
end�
��
testing
set�goal ��������f��a���b ���c� t� t�� � �f t�� t���������
e RM�FUNC�TAC�
set�goal ��������f��a���c� t�� � �f t���������
e RM�FUNC�TAC�
��
��
RM�FUNC��TAC
f t� � g t�
�������������� RM�FUNC��TAC
f � g� t� � t�
NOTE� Also checks if f � g� t� � t��
thus may result in �� or � remaining goals
��
val RM�FUNC��TAC �
-
� hol�library�tactics�sml
�fn �a�c� ��
let val �lhs�rhs� � dest�eq c�
val f � �Rator �dest�comb lhs��
val g � �Rator �dest�comb rhs��
val t� � �Rand�dest�comb lhs��
val t� � �Rand�dest�comb rhs��
val l � ISPECL ����f��������g��������t���������t����
�prove������f��a���b� g t� t��
��f � g� �� �t� � t��� ��� ��f t�� � �g t�������
�REPEAT STRIP�TAC�
THEN ASM�REWRITE�TAC���
in
��a�mk�conj�conj� � mk�eq�lhs�f�rhs � g��
conj� � mk�eq�lhs�t��rhs�t������fn ths �� �MP l �hd ths����
end�
THEN STRIP�TAC
THEN ��REWRITE�TAC THEN NO�TAC� ORELSE ALL�TAC��
��
set�goal��
�����f��a���b���c� t� u�� � ��h��a���b���c� t� u�������
e �REPEAT RM�FUNC��TAC��
��
��
P� ��� Q
��������������� WEAKEN�ANT�THEN�TAC P� tac
P� ��� Q
provided P� ��� P� can be proven using tactic tac
��
fun WEAKEN�ANT�THEN�TAC P� tac �a�g� �
let
val �ant�P��conseq�Q� � dest�imp g�
val trans�imp � prove�
����a b c� �a ��� b� ��� �b ��� c� ��� �a ��� c�����
Taut�TAUT�TAC�
in
�STRENGTHEN�TAC �����P� ��� �Q����
�ACCEPT�TAC
�MP
�SPECL����P���������P���������Q���
trans�imp�
�prove�����P� ��� �P�����tac������a�g�
end�
�� testing
set�goal �����P� ��� Q�����
e �WEAKEN�ANT�THEN�TAC ����P� �� P����� Taut�TAUT�TAC��
��
��
x � y ��� Q
-
hol�library�tactics�sml ��
��������������� ADD�ANT�FUNC�TAC f
f x � f y ��� Q
��
fun ADD�ANT�FUNC�TAC f �a�g� �
let val �lhs�x�rhs�y� � dest�eq ��ant �dest�imp g���
val Q � �conseq �dest�imp g��
val l � �func�lemma f x y�
in
�WEAKEN�ANT�THEN�TAC ������f �x� � ��f �y�����
�ACCEPT�TAC �func�lemma f x y����a�g�
end�
�� testing
set�goal�� �����x��a� � y� ��� Q�����
e �ADD�ANT�FUNC�TAC ������z��a�� ��f z���a�������
��
��
A !� R
�������������������������� LONG�DISJ�CASES�TAC A � P� �� ��� �� Pn
A�P� !� R ��� A�Pn !� R
��
fun LONG�DISJ�CASES�TAC thm �
�ASSUME�TAC thm
THEN �UNDISCH�TAC �thm�term thm��
THEN STRIP�TAC��
�� test
val t� �
�set�goal����x �� y �� z �� t��������x �� y �� z �� t������
e UNDISCH�TOP�TAC�
e Taut�TAUT�TAC�
top�thm����
set�goal����x �� y �� z �� t��������R�bool������
e �LONG�DISJ�CASES�TAC t���
��
val EQ�RULE �
prove������t� �t��bool���t��t�� � ��t����t�� �� �t����t��������
�STRIP�TAC THEN STRIP�TAC THEN EQ�TAC THEN �REPEAT STRIP�TAC� THEN
��EQ�TAC THEN �REPEAT UNDISCH�TOP�TAC� THEN Taut�TAUT�TAC THEN NO�TAC�
ORELSE
�ASM�REWRITE�TAC THEN NO�TAC�
ORELSE
��REPEAT UNDISCH�TOP�TAC�
-
� hol�library�tactics�sml
THEN �PURE�ONCE�REWRITE�TAC SYM�CONV ����t��bool�t������
THEN �REPEAT STRIP�TAC�
THEN �ASM�REWRITE�TAC� �����
val EQ�NEG�TO�EQ�RULE �
prove������p q� �"p � "q� � �p � q������
�REPEAT STRIP�TAC�
THEN �REWRITE�TACEQ�RULE�
THEN Taut�TAUT�TAC��
val COND�TO�IMP�RULE �
prove� ����p q��p �� q T� � �p ��� q�����
� �REWRITE�TACEQ�RULE�
THEN STRIP�TAC
THEN STRIP�TAC
THEN COND�CASES�TAC
THEN �REPEAT UNDISCH�TOP�TAC�
THEN Taut�TAUT�TAC���
��
SINGLE�REWRITE�TAC
ONCE�REWRITE�TACrs seems to apply the rules in rs once�
possibly giving rise to substitutions in several sub terms�
SINGLE�EQ�REWRITE�TAC � lhs � rhs
performs a single substitution of lhs by rhs�
��
fun SINGLE�REWRITE�TAC thm �a�g� �
let val �lhs�rhs� � dest�eq �thm�term thm��
val l � genvar �type�of lhs��
val r � genvar �type�of rhs��
val g� � subst�occs �
�redex � lhs� residue � l� g�
val g� � subst�occs �
�redex � lhs� residue � r� g�
val lemma � prove������l �r� ��l � �r� ��� ��g� � �g������
�REPEAT STRIP�TAC� THEN ASM�REWRITE�TAC��
in
PURE�ONCE�REWRITE�TACMP �SPECLlhs�rhs lemma� thm �a�g�
end�
�� test
set�goal��
���P �� Q �� R �� Q � Q�����
e �SINGLE�REWRITE�TAC �prove�����Q�bool� � �""�Q �� Q������ Taut�TAUT�TAC����
compare with
set�goal��
���P �� Q �� R �� Q � Q�����
e �PURE�ONCE�REWRITE�TAC prove�����Q�bool� � �""�Q �� Q������ Taut�TAUT�TAC���
-
hol�library�tactics�sml ��
��
�� ������������������������������������������������������������������� ��
��
Q �x�P x
������������������ REMOVE�SELECT�TAC �x�P x
!x�P� �x�P ��� Q
��
fun REMOVE�SELECT�TAC t �a�g� �
let
val �Body � P� Bvar � x� � dest�select t�
val Q � subst �redex � t� residue � x� g�
val rule � SELECT�CONV �subst �redex � x� residue � t� P��
val lemma � prove� �����P��a��bool� �Q��a��bool��
�!x� P x� �� ��x��P x� ��� �Q x�� ��� �Q ��x� �P x�������
PURE�REWRITE�TAC
prove�����p q r� �p �� q ��� r�
� �p ��� q ��� r�����
Taut�TAUT�TAC�
THEN STRIP�TAC
THEN STRIP�TAC
THEN �PURE�ONCE�REWRITE�TAC
REVERSE�REWRITE�SELECT�CONV ����P ��x��a� P x�������
THEN DISCH�TAC
THEN �GEN�ANT�TAC �����x��a� P x�����
THEN ASM�REWRITE�TAC��
val lemma� � BETA�RULE
�ISPECL �����x��P���� �����x��Q��� lemma��
in
��MATCH�MP�TAC lemma��
THEN CONJ�TAC� �a�g�
end�
�� test
set�goal������Q��a �� bool� ��x���P��a��bool� x�������
e �REMOVE�SELECT�TAC ������x��a��P x��������
��
�� ������������������������������������������������������������ ��
�� A � B
������������ UNDISCH�KEEP�TAC A
A � A ��� B
��
fun UNDISCH�KEEP�TAC t �a�g� �
��UNDISCH�TAC t� THEN
PURE�ONCE�REWRITE�TAC
SPECL t�g
-
�� hol�library�tactics�sml
�prove�����a b� �a ���b� � �a ��� a ��� b�����
Taut�TAUT�TAC��
THEN STRIP�TAC��a�g��
��
set�goal����P�bool�������Q�bool���� ���R�bool���� ���W�bool�����
e �UNDISCH�KEEP�TAC ����Q�bool������
��
��
NEG�ADD�FUNC�TAC
"�t� � t��
������������������ NEG�ADD�FUNC�TAC f
"��f t�� � �f t���
��
fun NEG�ADD�FUNC�TAC f �p�c� �
let
val �lhs�rhs��dest�eq�dest�neg c��
val res � mk�neg �mk�eq�lhs�mk�comb�Rator�f�Rand�lhs��
rhs�mk�comb�Rator�f�Rand�rhs����
val justify � prove�
�������res� ��� ��c�������
�ASSUME�TAC �func�lemma f lhs rhs��
THEN UNDISCH�TOP�TAC
THEN Taut�TAUT�TAC�
in
��p�res���fn ths �� �MP justify �hd ths����
end�
��testing
set�goal����#�#�������"�t���a � t�������
e �NEG�ADD�FUNC�TAC ����h��a���b�����
��
�� �������������������������������������������������������������������� ��
�� Extract paired beta redexes from term ��
exception unknown�hol�term�type of term�
fun get�beta�redex t �
�if �is�abs t� then
�let val �Body�Bvar� � dest�abs t
in �append �get�beta�redex Body� �get�beta�redex Bvar��
end�
else if �is�comb t� then
�let val �Rand�Rator� � dest�comb t
in �if �is�pabs Rator�
then �append t
�append �get�beta�redex Rand� �get�beta�redex Rator���
else �append �get�beta�redex Rand� �get�beta�redex Rator���
end�
else if �is�cond t� then
-
hol�library�tactics�sml ��
�let val �cond� larm� rarm� � dest�cond t
in �flatten
�get�beta�redex cond��
�get�beta�redex larm��
�get�beta�redex rarm��
end�
else if �is�conj t� then
�let val �conj�� conj�� � dest�conj t
in �append �get�beta�redex conj�� �get�beta�redex conj���
end�
else if �is�const t� then
else if �is�disj t� then
�let val �disj�� disj�� � dest�disj t
in �append �get�beta�redex disj�� �get�beta�redex disj���
end�
else if �is�eq t� then
�let val �lhs�rhs� � dest�eq t
in �append �get�beta�redex lhs� �get�beta�redex rhs��
end�
else if �is�exists t� then
�let val �Body�Bvar� � dest�exists t
in �append �get�beta�redex Body� �get�beta�redex Bvar��
end�
else if �is�forall t� then
�let val �Body�Bvar� � dest�exists t
in �append �get�beta�redex Body� �get�beta�redex Bvar��
end�
else if �is�imp t� then
�let val �ant� conseq� � dest�imp t
in �append �get�beta�redex ant� �get�beta�redex conseq��
end�
else if �is�let t� then
�let val �arg�func� � dest�let t
in �append �get�beta�redex arg� �get�beta�redex func��
end�
else if �is�list t� then
�let val �els�ty� � dest�list t
in �flatten �map get�beta�redex els��
end�
else if �is�neg t� then
�get�beta�redex �dest�neg t��
else if �is�pabs t� then
�let val �body�varstruct� � dest�pabs t
in �append �get�beta�redex body� �get�beta�redex varstruct��
end�
else if �is�pair t� then
�let val �fst�snd� � dest�pair t
in �append �get�beta�redex fst� �get�beta�redex snd��
end�
else if �is�select t� then
�let val �Body�Bvar� � dest�select t
in �append �get�beta�redex Body� �get�beta�redex Bvar��
end�
else if �is�var t� then
else �raise �unknown�hol�term�type t���
handle unknown�hol�term�type v �� �print ��nUnknown type of object� �� print�term t� v��
-
�� hol�library�sml�sml
��
get�beta�redex �������a�b�c�� a � b � c� ������������
get�beta�redex
����is�failure�value
����local�global�arity��
�global
���local�global�arity�� global � �local�error���x� value list� P�null�� ���
�local�error���ls� P�lt �EL ls�����������
��
�� remove one paired beta redex ��
fun PAIRED�BETA�TAC �a�g� �
let val redex�list � get�beta�redex g
in
�PURE�REWRITE�TAC PAIRED�BETA�CONV �hd �rev redex�list����a�g�
end�
�� remove all beta redexes including the paired ones ��
val FULL�BETA�TAC �
�REPEAT�UNTIL�STABLE
��PAIRED�BETA�TAC ORELSE ALL�TAC�
THEN BETA�TAC���
fun PAIRED�BETA��TAC �a�g� �
let val redex�list � get�beta�redex g�
fun brv �
brv �e��ls� � ��PAIRED�BETA�CONV e���
�brv ls��
handle any�error �� �brv ls��
in
PURE�REWRITE�TAC �brv redex�list��a�g�
end�
�� remove all beta redexes including the paired ones ��
val FULL�BETA��TAC �
�REPEAT�UNTIL�STABLE
�PAIRED�BETA��TAC
THEN BETA�TAC���
hol�library�sml�sml
�� �������������������������������������� ��
-
hol�library�sml�sml ��
fun type�synonym s � ty�antiq�type�parser QUOTE s ��
fun sprint s � IO�output�IO�std�out�s��
fun newline �� � IO�output�IO�std�out���n���
�� �name�list�var�prod tp ls� where �tp� is a cartesian product with n factors�
and �ls� is a list of n identifiers� generates a pair ��prod�id�types���
where �prod� is a tuple of identifiers from �ls� typed according to �tp��
�id�types� is a list of identifier� typed identifier pairs� ��
fun name�list�var�prod tp a �
�prod � mk�var�Name�a���v��Ty�tp��
id�types� �a�mk�var�Name�a���v��Ty�tp���
name�list�var�prod tp �a �� �b �� c�� �
let val �Tyop�Args� � dest�type tp
val �prod�id�types� � name�list�var�prod �hd �tl Args�� �b �� c��
val tp � mk�pair�fst � mk�var�Name�a���v��Ty� hd Args�� snd � prod�
in
�prod � tp� id�types � �a�mk�var�Name�a���v��Ty� hd Args����id�types�
end�
�� given a list of tags �tl�� the type of �tl�� �tp� ��tl� viewed as a product��
and an identifier �string� standing for the name of the type �tl�� �tp�name�
generate the selector functions for �tp�� one for each tag�
The selectors are named s��tagi���tp�name�� and they are stored in the theory file
under the name s��tagi���tp�name��DEF� ��
fun mk�selector�tl�tp� tp�name� �
let val �prod�id�types� � �name�list�var�prod �type�of ����x��tp����� tl�
in map
�fn �id�tpd�id� ��
�let val s �
mk�var�Name��s���id�����tp�name�
Ty�mk�type�Tyop � �fun��
Args�type�of �����prod����� type�of�����tpd�id������
in
�new�definition�
�s���id�����tp�name���DEF��
�����s �prod � �tpd�id���� � �
end��
id�types
end�
�� test� example
mk�selector ��local�res�� �net�funcs�� �funcdef�� �id�owner��
�all�roles�� �all�principals�� �last�run�� �all�casts�� env�s� �env���
val bn � ty�antiq ������bool�num������
mk�selector��b���n�� bn��bn���
-
�� hol�library�sml�sml
��
��generating unique numbers��
val unique�num � ref �
fun get�unique �� �
�unique�num �� �unique�num ��� Makestring�intToStr ��unique�num���
�� ������ construct is�t��t� x ������������������� ��
�� �is�t��t� x� is true iff x is constructed using the
constructor associated with the type t��
It is assumed that t� is a disjoint sum containing the summand t�� ��
fun mk�unique�arg�list n �
if n$�
then � �
else �� unique���get�unique�����mk�unique�arg�list �n������
�� first constructs the defining equation for a single t� ��
fun mk�is�tag�def�lines �� tag��tp��outer�tp� � � �
mk�is�tag�def�lines��tp�tag�arg�no��tag��tp��outer�tp��
��is�� � tp� � ��� � outer�tp �
� �� � tag � �mk�unique�arg�list arg�no� � �� � � �
�if tag��tag then � T� � else � F� ��
mk�is�tag�def�lines���tp�tag�arg�no���ls��tag��tp��outer�tp��
��is�� � tp� � ����outer�tp � � �� � tag �
�mk�unique�arg�list arg�no� � �� � � �
�if tag��tag then � T� � else � F� �� � � ��� �n � �
�mk�is�tag�def�lines�ls�tag��tp��outer�tp���
�� �mk�is�tag�def ttas outer�tp ra� defines the �is�x�t� functions
for each of the cases of the sum�type �outer�tp�� �ra� is the defining
axiom for �outer�tp�� �t� stands for �outer�tp� �we need uniqueness�
and we want to allow same summand names in different sum types��
�ttas� is a list of �type� constructor� number of fields� for each of
the summands of �outer�tp�� ��
fun mk�is�mut�rec�tag�def�aux ttas outer�tp ra �
map
�fn �tp�tag�arg�no� �� �sprint tp� newline���