Chapter 5. Universal Quantification (Forall)
==================

Universal quantification is another core concept in **Prove-It**.  A `Forall` operation, formatted with the $\forall$ symbol, is used to represent universal quantification.  For example, $\forall_x P(x)$ means that $P(x)$ is true for any instance of $x$.  $P(x)$ holds true universally over instances of $x$.  Like `Implies`, `Forall` is a core concept but is defined outside of the core in the `proveit.logic` package. It is known in the core for use in the *instantiation* and *generalization* derivation steps discussed below.

First, let us import some necessary information then consider an example of a `Forall` object like $\forall_{x \,\in\, S \,|\, Q(x), R(x)} P(x)$:

In [None]:
from proveit import Function, ExprTuple, Lambda
from proveit.logic import Forall
from proveit.numbers import Less, Add
from proveit._common_ import a, b, x, y, z, P, Px, Pxy, Q, Qx, R, Rx, Ry, S, T
%begin universal_quantification

In [None]:
basic_forall_expr = Forall(x, Px, conditions=[Qx, Rx], domain=S)

The meaning of this `Forall` **Expression** is that $P(x)$ is a true statement for all instances of $x$ for which $x \in S$ and both $Q(x)$ and $R(x)$ are true.

We can use the `expr_info()` method to examine the internal structure of the expression:

In [None]:
basic_forall_expr.expr_info()

`Forall` derives from `OperationOverInstances` (`proveit._core_.expression.operation.operation_over_instances.OperationOverInstances` aliased as `proveit.OperationOverInstances`) which generally defines an operation that acts on a **lambda** map with optional conditions.  The idea is like a "functional" (a function of a function).  It operates over the range of instances for the **lambda** parameters for which the condition is satisfied.  Other examples of **expression** types that derive from `OperationOverInstances` are $\exists$, $\sum$, and $\prod$.  

In our example above, we see that the domain $S$ is internally represented via the first condition of the conditional **lambda** (see Line 2 of the `expr_info()` output).  In the external representation, it is displayed more compactly along with the introduction of $x$ before the vertical line that precedes the other conditions.  This is a matter of presentation style that is independent of how **Prove-It** treats this expression.  As far as **Prove-It** is concerned, $x \in S$ is simply a condition no different from $Q(x)$ and $R(x)$.

We can view a formatted version of the original object like this:

In [None]:
basic_forall_expr

We can use Python's `dir()` function to get a list of our `Forall` object's attributes and methods:

In [None]:
dir(basic_forall_expr)

and the general Python-provided object attribute `__dict__` (using two underscores on each end) to view all the attribute names and values for our specific `Forall` object:

In [None]:
basic_forall_expr.__dict__

Some of the various parts of the `Forall` **expression** may be accessed as follows:

In [None]:
basic_forall_expr.instance_var        # Variable whose value defines the instance.
                                   # This attribute returns just the first instance variable
                                   # if there is more than one.

In [None]:
basic_forall_expr.all_instance_vars()  # The list of all variables whose values define the instance
                                   # (may be one or more variables).

In [None]:
basic_forall_expr.instance_expr       # The expression being quantified over.

In [None]:
basic_forall_expr.conditions         # The list of conditions of the universal quantification.

In [None]:
basic_forall_expr.domain             # Domain of the instance variable.
                                   # If there are multiple instance variables each with its own domain,
                                   # this attribute returns just the domain for the 1st variable.

In [None]:
basic_forall_expr.all_domains()       # The set of all domains for all instance variables
                                   # (might be 0, 1, or more in the list)

In [None]:
basic_forall_expr.explicit_conditions()  # Returns the list of conditions that appear after the
                                      # vertical line in the notation (i.e., exluding the domain condition(s)).

### A More Complex Forall Example

We can construct more complex `Forall` **expression**s involving multiple instance-defining variables, each from the same domain, like this:

In [None]:
second_forall_expr = Forall([x, y], Pxy, conditions=[Qx, Ry], domain = S)

or specify individual domains for the instance variables:

In [None]:
third_forall_expr = Forall([x, y], Pxy, conditions=[Qx, Ry], domains = [S, T])

The various parts of such `Forall` **expression**s may be accessed as before, with a few special circumstances:

In [None]:
third_forall_expr.instance_var              # Obtain the first of the instance-defining variables

In [None]:
third_forall_expr.all_instance_vars()        # Obtain a list of ALL instance-defining variables

In [None]:
third_forall_expr.all_instance_vars()[-1]    # Obtain the LAST of all instance-defining variables

In [None]:
third_forall_expr.instance_expr             # Obtain the first nested expression being quantified over

In [None]:
third_forall_expr.instance_expr   # Obtain the explicit final expression being quantified over

In [None]:
third_forall_expr.domain                   # Obtain the domain if just a single domain, or the domain of
                                         # the 1st instance-defining variable if multiple domains

In [None]:
third_forall_expr.all_domains()             # Obtain a list of all domains

In [None]:
third_forall_expr.conditions               # Obtain conditions for first instance-defining variable

In [None]:
third_forall_expr.all_conditions()          # Obtain conditions for all instance-defining variables

In [None]:
third_forall_expr.instance_expr.conditions  # Obtain conditions for 2nd (or 1st-nested) instance-defining variable

Specialization (or Universal Instantiation)
======

The *instantiation* derivation (or universal instantiation) step uses *expression substitution* internally.  The difference is that *instantiation* has proof implications and enforces the extra restrictions to justify these proof implications.  It also eliminates one or more of the outer $\forall$ operations.


### Basic Specialization

Let us take our basic/generic example of the `Forall` expression above and instantiate it with a particular "instance" expression.  To do so, we will make assumptions to trivially allow this derivation step to be taken (just to show how this works).

In [None]:
from proveit import Function, ExprTuple
from proveit._common_ import fy
from proveit.logic import InSet
assumptions = ExprTuple(basic_forall_expr, InSet(fy, S), Function(Q, fy), Function(R, fy))

`InSet()` is another core concept that is defined outside of the core in `proveit.logic`.  It represents the set membership operation using the $\in$ symbol.  It is needed as a core concept specifically for the purpose of ensuring that universal quantification requirements are met (the "instance" expression must be "in" the domain set).

To implement the instantiation or universal instantiation where the instance variable $x$ is replaced with the specific instance or value $f(y)$, we have:

In [None]:
basic_forall_spec = basic_forall_expr.instantiate({x:fy}, assumptions=assumptions)

We have proven, somewhat trivially, that $P(f(y))$ is true assuming that $\forall_{x \in S~|~Q(x)} P(x)$, $f(y) \in S$, $Q(f(y))$ are all true statements.

Let us take a look at the proof for this statement:

In [None]:
basic_forall_spec.proof()

This indicates that the proof requires a *instantiation* step (step 0) and explicitly indicates, in the row under step 0, the mapping being performed (mapping $x$ to $f(y)$).  The subsequent proof steps that are required are simply proofs by assumption.  Specifically, the original `Forall` expression must be true and the conditions must be satisfied for the instance $x \mapsto f(y)$: $f(y) \in S$, $Q(f(x))$, and $R(f(y))$.  If any of these are not known to be true under the provided assumptions, this step will fail.  In this example, they are trivially true because our assumptions were chosen to be precisely what needed to be true for the *instantiation* step to succeed.

If we leave out our first assumption (*i.e.*, the original `Forall` object itself), **Prove-It** is unable to prove the original `Forall` expression even after attempting to perform automation and the *instantiation* step will fail.

In [None]:
from proveit import ProofFailure
try:
    basic_forall_expr.instantiate({x:fy}, assumptions=assumptions[1:])
    assert False, "Expecting an ProofFailure error; should not make it to this point"
except ProofFailure as e:
    print("EXPECTED ERROR:", e)

The automation checks to see if the $S$ **Expression** has a `fold_as_forall` method that would automate a proof for universal quantification over $S$.  Since $S$ is a simple **Variable** object, no such automation exists.

Next we'll see what happens when the instantiated "instance" $f(y)$ is not known to be in the domain $S$ (*i.e.*, we omit the assumption that $f(y) \in S$):

In [None]:
from proveit import InstantiationFailure
try:
    basic_forall_expr.instantiate({x:fy}, assumptions=assumptions[:1]+assumptions[2:])
    assert False, "Expecting an InstantiationFailure error; should not make it to this point"
except InstantiationFailure as e:
    print("EXPECTED ERROR:", e)

Finally, we demonstrate the case when one of the "explicit" conditions is not met -- first omitting the assumption that $Q(f(y))$ is TRUE:

In [None]:
try:
    basic_forall_expr.instantiate({x:fy}, assumptions=assumptions[:2]+assumptions[3:])
    assert False, "Expecting an InstantiationFailure error; should not make it to this point"
except InstantiationFailure as e:
    print("EXPECTED ERROR:", e)

then omitting the assumption that $R(f(y))$ is TRUE:

In [None]:
try:
    basic_forall_expr.instantiate({x:fy}, assumptions=assumptions[:3])
    assert False, "Expecting a InstantiationFailure error; should not make it to this point"
except InstantiationFailure as e:
    print("EXPECTED ERROR:", e)

Also note that you cannot *instantiate* a variable that is not one of the `Forall` instance variables. For example, we cannot instantiate the propositional function variable $Q$. Recall our basic expression first:

In [None]:
basic_forall_expr

Then try to *instantiate* our `Forall` object by instantiating $Q$ with $R$:

In [None]:
try:
    basic_forall_expr.instantiate({x:fy, Q:R}, assumptions=assumptions)
    assert False, "Expecting a InstantiationFailure error; should not make it to this point"
except InstantiationFailure as e:
    print("EXPECTED ERROR:", e)

You can, of course, *relabel* **Variable**s that are not `Forall` instance variables.  Later in this tutorial we will show that you can *relabel* and *instantiate* simultaneously (see the sub-section on ***Specializing and Relabeling Simultaneously***).  You can also *instantiate* multiple levels of `Forall` operations simultaneously which is why the previous error message mentions "nested Forall operations". 

### Universal quantification without a domain

It is not necessary to specify a domain in a `Forall` **Expression**.  For example, the condition(s) may provide sufficient restrictions for the universal quantification.  Also, any number of conditions may be specified (including no conditions).

In [None]:
no_domain_forall_expr = Forall(x, Px, conditions=[Qx])

We can verify the absence of an explicit domain in a variety of ways:

In [None]:
no_domain_forall_expr.has_domain()

In [None]:
assert no_domain_forall_expr.domain is None  # The Forall object's domain is None

We can use the `expr_info()` method to examine the internal structure of the expression:

In [None]:
no_domain_forall_expr.expr_info()

As before, we can implement a instantiation or univeral instantiation, where the variable $x$ is replaced with the specific instance $f(y)$. To do so, we include the original `Forall` expression as an assumption, along with the assumption that $Q(f(y))$ is TRUE:

In [None]:
no_domain_forall_expr.instantiate({x:fy}, assumptions=[no_domain_forall_expr, Function(Q, fy)])

### Lambda scope restrictions

In `tutorial01_core_expr`, we noted scoping restrictions that apply to **Lambda** expressions in the theory of *expression substitution*.  That restriction carries over to *instantiation* and is very important.  Consider the following example.

In [None]:
from proveit.logic import NotEquals, Exists
from proveit._common_ import Pxy, y, fy
forall_exists_expr = Forall(x, Exists(y, NotEquals(x, y)))

Note that, while `Forall` ($\forall$) has a special meaning in the **Prove-It** core, `Exists` ($\exists$) and `Equals` ($\neq$) do not (they are defined via **axioms** within the `proveit.logic` package, which we will explain in a later chapter).  We are using them here to make our point more clear.  Just note that `Exists` is another kind of `OperationOverInstances` that operates on a **lambda** function:

In [None]:
Exists(y, Pxy).expr_info()

If we try to instantiate $x$ as $y$ in `nested_forall`, this will fail:

In [None]:
from proveit import ScopingViolation
try:
    forall_exists_expr.instantiate({x:y}, assumptions={forall_exists_expr})
    assert False, "Expecting an ScopingViolation error; should not make it to this point"
except ScopingViolation as e:
    print("EXPECTED ERROR:", e)

And of course this *should* fail.  We cannot derive $\exists_y y \neq y$ by assuming $\forall_{ x } \left[\exists_y x \neq y \right]$.  The former is a stronger statement.  We chose this example, in fact, because the latter can be argued as typically true but the former is never true using reasonable definitions.  Where this goes wrong is in violating the scope of $\exists_y$.  It is introducing $y$ as a new **variable** within the sub-expression $\exists_y x \neq y$.  This **label** is off limits to $x$ which is quantified outside of this sub-expression.  We can *instantiate* $x$ to whatever we want as long as we respect these scoping restrictions.

In fact, it is not simply $y$ that is off limits; all **expressions** involving $y$ are off limits. Assuming $\forall_{ x } \left[\exists_y x \neq y \right]$ should not allow us to derive $\exists_y f(y) \neq y$, and the attempted instantiation does indeed fail:

In [None]:
from proveit import ScopingViolation
try:
    forall_exists_expr.instantiate({x:fy}, assumptions={forall_exists_expr})
    assert False, "Expecting an ScopingViolation error; should not make it to this point"
except ScopingViolation as e:
    print("EXPECTED ERROR:", e)

It should also be noted that within a scope, a **variable** may be reused with a different meaning.  This should generally be avoided as it makes **expressions** unclear, but the functionality should be well-defined in case it ever happens.  If this happens, we treat it as a distinct **variable** from anything outside of the scope (that just happens to have the same name).  It can be confusing and should be avoided, but it is well-defined.  For example, consider the following nested `Forall` expression:

In [None]:
from proveit.logic import And
redundant_instance_var_expr = Forall(x, And(Px, Forall(x, Qx)))

Specializing the outer $x$ does not and should not change the inner $x$, which is treated as a distinct **variable**:

In [None]:
redundant_instance_var_expr.instantiate({x:fy}, assumptions={redundant_instance_var_expr})

In [None]:
redundant_instance_var_expr.instantiate({x:y}, assumptions={redundant_instance_var_expr})

At this time, there is no straightforward way to instantiate the inner $x$ itself (another reason to avoid such potentially confusing constructions).

### Operand, operator, or operation instantiation

*Specializing* different parts of an **operation** works essentially the same way as it does with *expression substition*.

We will use the `substitution` axiom of `proveit.logic.equality` for demonstrations in this section out of convenience.  **Axioms** and the `proveit.logic` package will be discussed in more detail later.  For now, we note that **axioms** (and **theorems**) are taken to be true statements without proof, as you can see below.

In [None]:
from proveit.logic.equality._axioms_ import substitution
substitution

In [None]:
substitution.proof()


Let's grab the $x=y$ condition for use below.

In [None]:
x_eq_y = substitution.all_conditions()[0]

Operator and operand *instantiation* are straightforward:

In [None]:
from proveit._common_ import f, g
operator_substitution = substitution.instantiate({f:g})

In [None]:
operator_substitution.proof()

Note that $x$ and $y$ mapped to themselves by default.  When a mapping is not specified, the default is to map the **variable** to itself.

Next we explicitly instantiate the operands $x$ and $y$ to $a$ and $b$, respectively, in the original `substitution` axiom (and notice that we must explicitly include the assumption that $a = b$, else the `substitution` axiom will not apply):

In [None]:
from proveit._common_ import a, b
from proveit.logic import Equals
a_eq_b = Equals(a, b)
operand_substitution = substitution.instantiate({x:a, y:b}, assumptions=[a_eq_b])

In [None]:
operand_substitution.proof()

Operation substitution can be done explicitly via a **lambda** expression just as we saw with *expression substitution*.  The **lambda** expression is not literally substituted in; rather, the function that it represents is applied as the operation.

In [None]:
operation_substitution = substitution.instantiate({f:Lambda(x, Add(x, a))})

In [None]:
operation_substitution.proof()

An alternative way to specify an operation substitution is to map the operation applied to a **variable** (*e.g.*, the operation $f$ applied to $x$ as $f(x)$) onto an **expression** that uses this same **variable** (*e.g.*, `Add(x, a)`).  In the example below, we map $f(x)$ to $x + a$.  This will be internally translated to the same **lambda** expression as before: $x \mapsto x + a$.

In [None]:
from proveit._common_ import fx
operation_substitution2 = substitution.instantiate({fx:Add(x, a)})

The proof is exactly the same as before.

In [None]:
operation_substitution2.proof()

### Specializing multiple levels simultaneously

When `Forall` operations are nested, the universal quantifications may be instantiated separately.

Consider, for example, the nested quantification expression $\forall_x [\forall_y [\forall_{z|z<(x+y)} P(x, y, z)]]$, defined below:

In [None]:
from proveit._common_ import z, Pxyz
from proveit.numbers import Less, Add
nested_forall = Forall(x, Forall(y, Forall(z, Pxyz, conditions=[Less(z, Add(x, y))])))

We can successively instantiate to reach the inner-most instance-defining variable $z$:

In [None]:
nested_forall_spec1 = nested_forall.instantiate(assumptions=[nested_forall])

In [None]:
nested_forall_spec2 = nested_forall_spec1.instantiate()

In [None]:
nested_forall_spec3 = nested_forall_spec2.instantiate(assumptions=[nested_forall_spec2.conditions[0]])

In [None]:
nested_forall_spec3.proof()

But for the sake of convenience and efficiency, **Prove-It** also allows nested `Forall` operations to be instantiated simultaneously:

In [None]:
assumptions = ExprTuple(nested_forall, nested_forall_spec2.conditions[0])
nested_forall_simultaneous_spec = nested_forall.instantiate({z:z}, assumptions=assumptions)

We just need to include an explicit mapping for an inner quantified **variable**.  So we indicated above that we want to map $z$ to $z$, even though this is typically the default, in order to force it to instantiate all three `Forall` operations simultaneously.  The proof is shorter, doing a single all-in-one *instantiation*:

In [None]:
nested_forall_simultaneous_spec.proof()

Such simultaneous *instantiation* can be done for any number of nested levels.

As a quick aside, it worth noting that the original nested `Forall` involving the instance variables $x$, $y$, and $z$ could have instead been expressed as $\forall_{x, y, z | z < x + y} P(x, y, z)$, constructed in the following way (also see the section further below on “Universal quantification over multiple variables”):

In [None]:
alt_nested_forall = Forall([x, y, z], Pxyz, conditions=[Less(z, Add(x, y))])

Note that the *meaning* of the original **nested_forall** object $\forall_x [\forall_y [\forall_{z|z<x+y} P(x, y, z)]]$ and the meaning of our alternative **alt_nested_forall** object $\forall_{x, y, z | z < x + y} P(x, y, z)$ are the same:

In [None]:
alt_nested_forall == nested_forall

We can now accomplish the same instantiation as follows:

In [None]:
alt_nested_forall_spec = alt_nested_forall.instantiate(assumptions=[alt_nested_forall, Less(z, Add(x, y))])

with similar proof details:

In [None]:
alt_nested_forall_spec.proof()

### Specializing and relabeling simultaneously

It is also possible to achieve *relabeling* and *instantiation* (over any number of nested levels) in a single step.

For example, recall our nested `Forall` object $\forall_x [\forall_y [\forall_{z|z<x+y} P(x, y, z)]]$ from above (explicitly redefined here in case changes were made above): 

In [None]:
nested_forall = Forall(x, Forall(y, Forall(z, Pxyz, conditions=[Less(z, Add(x, y))])))

We can instantiate the outermost instance variable $x$ while simultaneously relabeling the instance variable $z$ to $a$:

In [None]:
nested_forall.instantiate({x:x, z:a}, assumptions=[nested_forall])

Or we can instantiate all the way down to the innermost instance variable ($z$) while simultaneously relabeling the instance variable $z$ to $a$:

In [None]:
nested_forall_spec_and_relab = nested_forall.instantiate({y:y, z:a}, assumptions=[nested_forall])

In that `instantiate()` command, we used the explicit `instantiate_map` and `relabel_map` designations to distinguish the two types of mappings, but we could have relied simply on the order of the input arguments instead, with the instantiation mapping(s) expected first and the relabel mapping(s) expected second:

In [None]:
nested_forall.instantiate({y:y, z:a}, assumptions=[nested_forall, Less(a, Add(x, y))])

We can take a quick look at the related proof to see how the instantiation and relabeling mappings are indicated:

In [None]:
nested_forall_spec_and_relab.proof()

The *relabeling* map is always shown after the last comma in the mapping under the *instantiation* step.  When any *instantiation* occurs, the "step type" is labeled "instantiation".  If there is only *relabeling*, the "step type" will indicate "relabeling". 

You are not allowed to specify that the same **variable** is to be *instantiated* and *relabeled*. For example, recall once again our nested `Forall` object:

In [None]:
nested_forall

We can instantiate the inner instance variable $y$ to $b$:

In [None]:
nested_forall.instantiate({y:b}, assumptions=[nested_forall])

But we cannot simultaneously instantiate $y$ to $b$ *and also* relabel $y$ with $a$:

In [None]:
try:
    nested_forall.instantiate({y:b, y:a}, assumptions=[nested_forall])
    assert False, "Expecting a InstantiationFailure error; should not make it to this point"
except InstantiationFailure as e:
    print("EXPECTED ERROR:", e)

As noted in the previous tutorial chapter (tutorial04_relabeling), relabeling has another important limitation.  You cannot relabel something using assumptions that involve any of the relabeling variables.  For example, we cannot relabel $P$ to $R$ in `nested_forall` while assuming `nested_forall`. (Would be nice to elaborate on this briefly.)

In [None]:
from proveit import RelabelingFailure
try:
    nested_forall.instantiate({y:y}, {P:R}, assumptions=[nested_forall])
    assert False, "Expecting an RelabelingFailure error; should not make it to this point"
except RelabelingFailure as e:
    print("EXPECTED ERROR:", e)

### Universal quantification over multiple variables

Rather than nesting `Forall` operations, you can quantify over multiple instance variables for a more succinct expression. For example, instead of writing $\forall_{x\,\in\ S} [\forall_{y\,\in\, S} P(x, y)]$, you could write $\forall_{x, y\,\in\, S} P(x, y)$, constructed like this:

In [None]:
multi_var_forall = Forall((x, y), Pxy, domain=S)

Specialization is still achieved in the same way. Here, for example, we assume the `Forall` expression along with specific $x$ and $y$ values in set $S$:

In [None]:
assumptions = [multi_var_forall, InSet(x, S), InSet(y, S)]
multi_var_forall_spec = multi_var_forall.instantiate(assumptions=assumptions)

We can see how **ProveIt** conceptualizes that instantiation by calling its `proof()` method:

In [None]:
multi_var_forall_spec.proof()

Note that when constructing a `Forall` object, if you attempt to use the same **variable** multiple times in the list of instance variables, you will get an error:

In [None]:
try:
    Forall((x, x), Px)
    assert False, "Expecting an ValueError error; should not make it to this point"
except ValueError as e:
    print('EXPECTED ERROR:', e)

You can also specify different domains for each a set of instance **variables**, providing a list (or `ExprTuple`) for `domains` rather than `domain`.  The display notation will indicate a cartesian product set.

In [None]:
multi_domain_forall = Forall((x, y), Pxy, domains=[S, R])

Internally, however, **ProveIt** simply splits off a condition for each *instance variable*. Notice lines 6 and 12 in the following `expr_info()` details:

In [None]:
multi_domain_forall.expr_info()

We can perform a instantiation of $\forall_{(x, y)\,\in\, S \,\times\, R} P(x, y)$ analogous to the previous instantiation of $\forall_{x, y\,\in\, S} P(x, y)$, but now specifying distinct set-inclusion assumptions for the variables $x$ and $y$:

In [None]:
assumptions = [multi_domain_forall, InSet(x, S), InSet(y, R)]
multi_domain_forall_spec = multi_domain_forall.instantiate(assumptions=assumptions)

In [None]:
multi_domain_forall_spec.proof()

Universal quantification over an unspecified number of **variables** via **iterations** will be discussed in the chapter on <a href="tutorial11_advanced_proofs.ipynb">proofs using advanced expressions</a>.

Generalization
========

*Generalization* is the "inverse" of *instantiation* just as *hypothetical reasoning* was the "inverse" of *modus ponens*.  We can write these derivation rules in a manner that makes this relationship clear (just as we did for *hypothetical reasoning* and *modus ponens*):

Specialization: 
$\begin{array}{c}
\boldsymbol{\vdash} \forall_{x \in S~|~Q(x)} P(x) \\
\hline
\left \{\clubsuit \in S,~Q(\clubsuit) \right \} \boldsymbol{\vdash} P(\clubsuit)
\end{array}$

Generalization: 
$\begin{array}{c}
\left \{ x \in S,~Q(x) \right \} \boldsymbol{\vdash} P(x) \\
\hline
\boldsymbol{\vdash} \forall_{x \in S~|~Q(x)} P(x)
\end{array}$

$P(x)$ and $Q(x)$ are intended to represent any function of $x$.
There is some asymmetry between *instantiation* and *generalization*.  $\clubsuit$ here is meant to represent *any* **expression**, not necessarily a **variable**, as long is it does not violate scoping restrictions (*e.g.*, having a free **variable** that is the same as a **lambda** *parameter* within the $P$ or $Q$ functions).  However, *generalization* only applies to an unbound **variable**.  In Prove-It, an unbound **variable** is regarded as an "arbitrary" variable.  Essentially, it is implicitly universally quantified.  Recall that *modus ponens* converts an explicit antecedent to an implicit assumption and *hypothetical reasoning* does the opposite.  Similarly, *instantiation* converts an explicit universal quantification to implicit arbitrary variables and *generalization* does the opposite.  The reason for having the explicit and implicit forms is much the same as it was for the antecedent versus assumption.  The explicit form allows nesting but the implicit form provides direct access to the instance expression.  Furthermore, explicit universal quantification offers the power of being able to *instantiate* an instance variable to an arbitrary **expression**.

The above derivation rules are expressed for a single **variable**.  Such rules apply more generally to any number of **variables** (including an unspecified number of **variables** via **iterations** discussed in in the chapter on <a href="tutorial11_advanced_proofs.ipynb">proofs using advanced expressions</a>).

The following examples will start from a *instantiation* instance of the `substitution` **judgment** visited earlier:

In [None]:
substitution

In [None]:
operation_substitution = substitution.instantiate({f:Lambda(x, Add(x, a)), x:x, y:y}, assumptions=[Equals(x, y)])

First, we try to *generalize* this **judgment** for all instances of $a$, $x$, and $y$ without any conditions or domain restrictions:

In [None]:
from proveit import GeneralizationFailure
try:
    operation_substitution.generalize((a, x, y))
    assert False, "Expecting a GeneralizationFailure error; should not make it to this point"
except GeneralizationFailure as e:
    print('EXPECTED ERROR:', e)

That `generalize()` attempt fails because the assumptions of the original **judgment** involve the same **variables** that we are trying to *generalize* over.  That is not allowed because universal quantification introduces a new scope for $x$ and $y$ (as well as $a$) and the $x=y$ assumption would be external to this scope.  If, however, this assumption is introduced as a condition of the new universal quantification, then we no longer need to retain it as an assumption.  That assumption will be absorbed into the universal quantification conditions.

In [None]:
operation_substitution.generalize((a, x, y), conditions=[x_eq_y])

Adding additional restrictions, such as a domain and/or other conditions, only makes the statement weaker and is therefore allowed:

In [None]:
operation_substitution.generalize((a, x, y), conditions=[x_eq_y], domain=S)

In [None]:
operation_substitution.generalize((a, x, y), conditions=[x_eq_y, Qx], domain=S)

It is also possible to create multiple levels of nested `Forall` operations in one step with possibly different domains.  Simply provide a list of lists of **Variable**s as the first argument to `generalize` and a corresponding list of `domains`.  The conditions are applied at the outermost level possible (as soon as all of the relevant variables have been introduced) but otherwise retaining the order that the `conditions` were supplied.

In [None]:
Qa = Function(Q, a)
nested_gen_example = operation_substitution.generalize([[a], [x, y]], domain_lists=[[P], [R, S]], conditions=[x_eq_y, Qx, Qa])

Note that the $Q(a)$ condition was moved to the front even though it was the last supplied condition because it can be applied before the others.  The *generalization* with multiple leves of nested `Forall` operations takes one step in the proof:

In [None]:
nested_gen_example.proof()

For any level in which multiple instance variables are introduced, a domain can be supplied for each new variable (as above) or one may be specified as the same domain for each of them:

In [None]:
operation_substitution.generalize([[a], [x, y]], domain_lists=[[P], [R]], conditions=[x_eq_y, Qx, Qa])

When *generalizing* over a single **variable**, the first argument may be just that **variable** rather than a list or tuple:

In [None]:
operation_substitution.generalize(a, conditions=[Qa])

We may only *generalize* over **variables** (or **iterations** of **variables**) however:

In [None]:
try:
    operation_substitution.generalize(Qx, conditions=[Qa])
    assert False, "Expecting an ValueError error; should not make it to this point"    
except ValueError as e:
    print('EXPECTED ERROR:', e)

In [None]:
try:
    operation_substitution.generalize([[a], [Qx]], conditions=[Qa])
    assert False, "Expecting an ValueError error; should not make it to this point"
except ValueError as e:
    print('EXPECTED ERROR:', e)

In [None]:
%end universal_quantification

*Generalizing* an unspecified number of **variables** via an **iteration** will be discussed in the chapter on <a href="tutorial11_advanced_proofs.ipynb">proofs using advanced expressions</a>.

# Next chapter: <a href="tutorial06_theorem_proving.ipynb">Theorem Proving</a>

## <a href="tutorial00_introduction.ipynb#contents">Table of Contents</a>