isabelle: doc-src/ProgProve/Thys/document/Logic.tex@027c7f8cef22 (annotated)

47269 29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	1	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	2	\begin{isabellebody}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	3	\def\isabellecontext{Logic}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	4	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	5	\isadelimtheory
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	6	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	7	\endisadelimtheory
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	8	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	9	\isatagtheory
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	10	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	11	\endisatagtheory
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	12	{\isafoldtheory}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	13	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	14	\isadelimtheory
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	15	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	16	\endisadelimtheory
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	17	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	18	\begin{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	19	\vspace{-5ex}
47711 c1cca2a052e4 doc update nipkow parents: 47306 diff changeset	20	\section{Logic and proof beyond equality}
47269 29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	21	\label{sec:Logic}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	22
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	23	\subsection{Formulas}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	24
47711 c1cca2a052e4 doc update nipkow parents: 47306 diff changeset	25	The core syntax of formulas (\textit{form} below)
47720 b11dac707c78 typo nipkow parents: 47711 diff changeset	26	provides the standard logical constructs, in decreasing order of precedence:
47269 29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	27	\[
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	28	\begin{array}{rcl}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	29
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	30	\mathit{form} & ::= &
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	31	\isa{{\isaliteral{28}{\isacharparenleft}}form{\isaliteral{29}{\isacharparenright}}} ~\mid~
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	32	\isa{True} ~\mid~
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	33	\isa{False} ~\mid~
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	34	\isa{term\ {\isaliteral{3D}{\isacharequal}}\ term}\\
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	35	&\mid& \isa{{\isaliteral{5C3C6E6F743E}{\isasymnot}}\ form} ~\mid~
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	36	\isa{form\ {\isaliteral{5C3C616E643E}{\isasymand}}\ form} ~\mid~
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	37	\isa{form\ {\isaliteral{5C3C6F723E}{\isasymor}}\ form} ~\mid~
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	38	\isa{form\ {\isaliteral{5C3C6C6F6E6772696768746172726F773E}{\isasymlongrightarrow}}\ form}\\
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	39	&\mid& \isa{{\isaliteral{5C3C666F72616C6C3E}{\isasymforall}}x{\isaliteral{2E}{\isachardot}}\ form} ~\mid~ \isa{{\isaliteral{5C3C6578697374733E}{\isasymexists}}x{\isaliteral{2E}{\isachardot}}\ form}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	40	\end{array}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	41	\]
47711 c1cca2a052e4 doc update nipkow parents: 47306 diff changeset	42	Terms are the ones we have seen all along, built from constants, variables,
47269 29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	43	function application and \isa{{\isaliteral{5C3C6C616D6264613E}{\isasymlambda}}}-abstraction, including all the syntactic
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	44	sugar like infix symbols, \isa{if}, \isa{case} etc.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	45	\begin{warn}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	46	Remember that formulas are simply terms of type \isa{bool}. Hence
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	47	\isa{{\isaliteral{3D}{\isacharequal}}} also works for formulas. Beware that \isa{{\isaliteral{3D}{\isacharequal}}} has a higher
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	48	precedence than the other logical operators. Hence \isa{s\ {\isaliteral{3D}{\isacharequal}}\ t\ {\isaliteral{5C3C616E643E}{\isasymand}}\ A} means
47711 c1cca2a052e4 doc update nipkow parents: 47306 diff changeset	49	\isa{{\isaliteral{28}{\isacharparenleft}}s\ {\isaliteral{3D}{\isacharequal}}\ t{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C616E643E}{\isasymand}}\ A}, and \isa{A\ {\isaliteral{5C3C616E643E}{\isasymand}}\ B\ {\isaliteral{3D}{\isacharequal}}\ B\ {\isaliteral{5C3C616E643E}{\isasymand}}\ A} means \isa{A\ {\isaliteral{5C3C616E643E}{\isasymand}}\ {\isaliteral{28}{\isacharparenleft}}B\ {\isaliteral{3D}{\isacharequal}}\ B{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C616E643E}{\isasymand}}\ A}.
47269 29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	50	Logical equivalence can also be written with
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	51	\isa{{\isaliteral{5C3C6C6F6E676C65667472696768746172726F773E}{\isasymlongleftrightarrow}}} instead of \isa{{\isaliteral{3D}{\isacharequal}}}, where \isa{{\isaliteral{5C3C6C6F6E676C65667472696768746172726F773E}{\isasymlongleftrightarrow}}} has the same low
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	52	precedence as \isa{{\isaliteral{5C3C6C6F6E6772696768746172726F773E}{\isasymlongrightarrow}}}. Hence \isa{A\ {\isaliteral{5C3C616E643E}{\isasymand}}\ B\ {\isaliteral{5C3C6C6F6E676C65667472696768746172726F773E}{\isasymlongleftrightarrow}}\ B\ {\isaliteral{5C3C616E643E}{\isasymand}}\ A} really means
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	53	\isa{{\isaliteral{28}{\isacharparenleft}}A\ {\isaliteral{5C3C616E643E}{\isasymand}}\ B{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C6C6F6E676C65667472696768746172726F773E}{\isasymlongleftrightarrow}}\ {\isaliteral{28}{\isacharparenleft}}B\ {\isaliteral{5C3C616E643E}{\isasymand}}\ A{\isaliteral{29}{\isacharparenright}}}.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	54	\end{warn}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	55	\begin{warn}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	56	Quantifiers need to be enclosed in parentheses if they are nested within
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	57	other constructs (just like \isa{if}, \isa{case} and \isa{let}).
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	58	\end{warn}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	59	The most frequent logical symbols have the following ASCII representations:
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	60	\begin{center}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	61	\begin{tabular}{l@ {\qquad}l@ {\qquad}l}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	62	\isa{{\isaliteral{5C3C666F72616C6C3E}{\isasymforall}}} & \xsymbol{forall} & \texttt{ALL}\\
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	63	\isa{{\isaliteral{5C3C6578697374733E}{\isasymexists}}} & \xsymbol{exists} & \texttt{EX}\\
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	64	\isa{{\isaliteral{5C3C6C616D6264613E}{\isasymlambda}}} & \xsymbol{lambda} & \texttt{\%}\\
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	65	\isa{{\isaliteral{5C3C6C6F6E6772696768746172726F773E}{\isasymlongrightarrow}}} & \texttt{-{}->}\\
47711 c1cca2a052e4 doc update nipkow parents: 47306 diff changeset	66	\isa{{\isaliteral{5C3C6C6F6E676C65667472696768746172726F773E}{\isasymlongleftrightarrow}}} & \texttt{<->}\\
47269 29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	67	\isa{{\isaliteral{5C3C616E643E}{\isasymand}}} & \texttt{/\char`\\} & \texttt{\&}\\
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	68	\isa{{\isaliteral{5C3C6F723E}{\isasymor}}} & \texttt{\char`\\/} & \texttt{\|}\\
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	69	\isa{{\isaliteral{5C3C6E6F743E}{\isasymnot}}} & \xsymbol{not} & \texttt{\char`~}\\
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	70	\isa{{\isaliteral{5C3C6E6F7465713E}{\isasymnoteq}}} & \xsymbol{noteq} & \texttt{\char`~=}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	71	\end{tabular}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	72	\end{center}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	73	The first column shows the symbols, the second column ASCII representations
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	74	that Isabelle interfaces convert into the corresponding symbol,
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	75	and the third column shows ASCII representations that stay fixed.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	76	\begin{warn}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	77	The implication \isa{{\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}} is part of the Isabelle framework. It structures
47711 c1cca2a052e4 doc update nipkow parents: 47306 diff changeset	78	theorems and proof states, separating assumptions from conclusions.
47269 29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	79	The implication \isa{{\isaliteral{5C3C6C6F6E6772696768746172726F773E}{\isasymlongrightarrow}}} is part of the logic HOL and can occur inside the
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	80	formulas that make up the assumptions and conclusion.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	81	Theorems should be of the form \isa{{\isaliteral{5C3C6C6272616B6B3E}{\isasymlbrakk}}\ A\isaliteral{5C3C5E697375623E}{}\isactrlisub {\isadigit{1}}{\isaliteral{3B}{\isacharsemicolon}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{3B}{\isacharsemicolon}}\ A\isaliteral{5C3C5E697375623E}{}\isactrlisub n\ {\isaliteral{5C3C726272616B6B3E}{\isasymrbrakk}}\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ A},
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	82	not \isa{A\isaliteral{5C3C5E697375623E}{}\isactrlisub {\isadigit{1}}\ {\isaliteral{5C3C616E643E}{\isasymand}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{5C3C616E643E}{\isasymand}}\ A\isaliteral{5C3C5E697375623E}{}\isactrlisub n\ {\isaliteral{5C3C6C6F6E6772696768746172726F773E}{\isasymlongrightarrow}}\ A}. Both are logically equivalent
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	83	but the first one works better when using the theorem in further proofs.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	84	\end{warn}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	85
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	86	\subsection{Sets}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	87
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	88	Sets of elements of type \isa{{\isaliteral{27}{\isacharprime}}a} have type \isa{{\isaliteral{27}{\isacharprime}}a\ set}.
47711 c1cca2a052e4 doc update nipkow parents: 47306 diff changeset	89	They can be finite or infinite. Sets come with the usual notation:
47269 29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	90	\begin{itemize}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	91	\item \isa{{\isaliteral{7B}{\isacharbraceleft}}{\isaliteral{7D}{\isacharbraceright}}},\quad \isa{{\isaliteral{7B}{\isacharbraceleft}}e\isaliteral{5C3C5E697375623E}{}\isactrlisub {\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}{\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}e\isaliteral{5C3C5E697375623E}{}\isactrlisub n{\isaliteral{7D}{\isacharbraceright}}}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	92	\item \isa{e\ {\isaliteral{5C3C696E3E}{\isasymin}}\ A},\quad \isa{A\ {\isaliteral{5C3C73756273657465713E}{\isasymsubseteq}}\ B}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	93	\item \isa{A\ {\isaliteral{5C3C756E696F6E3E}{\isasymunion}}\ B},\quad \isa{A\ {\isaliteral{5C3C696E7465723E}{\isasyminter}}\ B},\quad \isa{A\ {\isaliteral{2D}{\isacharminus}}\ B},\quad \isa{{\isaliteral{2D}{\isacharminus}}\ A}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	94	\end{itemize}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	95	and much more. \isa{UNIV} is the set of all elements of some type.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	96	Set comprehension is written \isa{{\isaliteral{7B}{\isacharbraceleft}}x{\isaliteral{2E}{\isachardot}}\ P{\isaliteral{7D}{\isacharbraceright}}}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	97	rather than \isa{{\isaliteral{7B}{\isacharbraceleft}}x\ {\isaliteral{7C}{\isacharbar}}\ P{\isaliteral{7D}{\isacharbraceright}}}, to emphasize the variable binding nature
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	98	of the construct.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	99	\begin{warn}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	100	In \isa{{\isaliteral{7B}{\isacharbraceleft}}x{\isaliteral{2E}{\isachardot}}\ P{\isaliteral{7D}{\isacharbraceright}}} the \isa{x} must be a variable. Set comprehension
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	101	involving a proper term \isa{t} must be written
47711 c1cca2a052e4 doc update nipkow parents: 47306 diff changeset	102	\isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{7B}{\isacharbraceleft}}t\ {\isaliteral{7C}{\isacharbar}}\ x\ y\ z{\isaliteral{2E}{\isachardot}}\ P{\isaliteral{7D}{\isacharbraceright}}{\isaliteral{22}{\isachardoublequote}}},
47269 29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	103	where \isa{x\ y\ z} are the free variables in \isa{t}.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	104	This is just a shorthand for \isa{{\isaliteral{7B}{\isacharbraceleft}}v{\isaliteral{2E}{\isachardot}}\ {\isaliteral{5C3C6578697374733E}{\isasymexists}}x\ y\ z{\isaliteral{2E}{\isachardot}}\ v\ {\isaliteral{3D}{\isacharequal}}\ t\ {\isaliteral{5C3C616E643E}{\isasymand}}\ P{\isaliteral{7D}{\isacharbraceright}}}, where
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	105	\isa{v} is a new variable.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	106	\end{warn}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	107
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	108	Here are the ASCII representations of the mathematical symbols:
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	109	\begin{center}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	110	\begin{tabular}{l@ {\quad}l@ {\quad}l}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	111	\isa{{\isaliteral{5C3C696E3E}{\isasymin}}} & \texttt{\char`\\\char`\<in>} & \texttt{:}\\
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	112	\isa{{\isaliteral{5C3C73756273657465713E}{\isasymsubseteq}}} & \texttt{\char`\\\char`\<subseteq>} & \texttt{<=}\\
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	113	\isa{{\isaliteral{5C3C756E696F6E3E}{\isasymunion}}} & \texttt{\char`\\\char`\<union>} & \texttt{Un}\\
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	114	\isa{{\isaliteral{5C3C696E7465723E}{\isasyminter}}} & \texttt{\char`\\\char`\<inter>} & \texttt{Int}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	115	\end{tabular}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	116	\end{center}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	117	Sets also allow bounded quantifications \isa{{\isaliteral{5C3C666F72616C6C3E}{\isasymforall}}x{\isaliteral{5C3C696E3E}{\isasymin}}A{\isaliteral{2E}{\isachardot}}\ P} and
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	118	\isa{{\isaliteral{5C3C6578697374733E}{\isasymexists}}x{\isaliteral{5C3C696E3E}{\isasymin}}A{\isaliteral{2E}{\isachardot}}\ P}.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	119
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	120	\subsection{Proof automation}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	121
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	122	So far we have only seen \isa{simp} and \isa{auto}: Both perform
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	123	rewriting, both can also prove linear arithmetic facts (no multiplication),
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	124	and \isa{auto} is also able to prove simple logical or set-theoretic goals:%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	125	\end{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	126	\isamarkuptrue%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	127	\isacommand{lemma}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	128	\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{5C3C666F72616C6C3E}{\isasymforall}}x{\isaliteral{2E}{\isachardot}}\ {\isaliteral{5C3C6578697374733E}{\isasymexists}}y{\isaliteral{2E}{\isachardot}}\ x\ {\isaliteral{3D}{\isacharequal}}\ y{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	129	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	130	\isadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	131	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	132	\endisadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	133	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	134	\isatagproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	135	\isacommand{by}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	136	\ auto%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	137	\endisatagproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	138	{\isafoldproof}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	139	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	140	\isadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	141	\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	142	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	143	\endisadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	144	\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	145	\isacommand{lemma}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	146	\ {\isaliteral{22}{\isachardoublequoteopen}}A\ {\isaliteral{5C3C73756273657465713E}{\isasymsubseteq}}\ B\ {\isaliteral{5C3C696E7465723E}{\isasyminter}}\ C\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ A\ {\isaliteral{5C3C73756273657465713E}{\isasymsubseteq}}\ B\ {\isaliteral{5C3C756E696F6E3E}{\isasymunion}}\ C{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	147	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	148	\isadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	149	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	150	\endisadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	151	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	152	\isatagproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	153	\isacommand{by}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	154	\ auto%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	155	\endisatagproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	156	{\isafoldproof}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	157	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	158	\isadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	159	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	160	\endisadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	161	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	162	\begin{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	163	where
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	164	\begin{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	165	\isacom{by} \textit{proof-method}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	166	\end{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	167	is short for
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	168	\begin{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	169	\isacom{apply} \textit{proof-method}\\
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	170	\isacom{done}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	171	\end{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	172	The key characteristics of both \isa{simp} and \isa{auto} are
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	173	\begin{itemize}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	174	\item They show you were they got stuck, giving you an idea how to continue.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	175	\item They perform the obvious steps but are highly incomplete.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	176	\end{itemize}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	177	A proof method is \concept{complete} if it can prove all true formulas.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	178	There is no complete proof method for HOL, not even in theory.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	179	Hence all our proof methods only differ in how incomplete they are.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	180
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	181	A proof method that is still incomplete but tries harder than \isa{auto} is
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	182	\isa{fastforce}. It either succeeds or fails, it acts on the first
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	183	subgoal only, and it can be modified just like \isa{auto}, e.g.\
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	184	with \isa{simp\ add}. Here is a typical example of what \isa{fastforce}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	185	can do:%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	186	\end{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	187	\isamarkuptrue%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	188	\isacommand{lemma}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	189	\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{5C3C6C6272616B6B3E}{\isasymlbrakk}}\ {\isaliteral{5C3C666F72616C6C3E}{\isasymforall}}xs\ {\isaliteral{5C3C696E3E}{\isasymin}}\ A{\isaliteral{2E}{\isachardot}}\ {\isaliteral{5C3C6578697374733E}{\isasymexists}}ys{\isaliteral{2E}{\isachardot}}\ xs\ {\isaliteral{3D}{\isacharequal}}\ ys\ {\isaliteral{40}{\isacharat}}\ ys{\isaliteral{3B}{\isacharsemicolon}}\ \ us\ {\isaliteral{5C3C696E3E}{\isasymin}}\ A\ {\isaliteral{5C3C726272616B6B3E}{\isasymrbrakk}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	190	\ \ \ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ {\isaliteral{5C3C6578697374733E}{\isasymexists}}n{\isaliteral{2E}{\isachardot}}\ length\ us\ {\isaliteral{3D}{\isacharequal}}\ n{\isaliteral{2B}{\isacharplus}}n{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	191	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	192	\isadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	193	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	194	\endisadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	195	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	196	\isatagproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	197	\isacommand{by}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	198	\ fastforce%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	199	\endisatagproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	200	{\isafoldproof}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	201	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	202	\isadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	203	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	204	\endisadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	205	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	206	\begin{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	207	This lemma is out of reach for \isa{auto} because of the
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	208	quantifiers. Even \isa{fastforce} fails when the quantifier structure
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	209	becomes more complicated. In a few cases, its slow version \isa{force}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	210	succeeds where \isa{fastforce} fails.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	211
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	212	The method of choice for complex logical goals is \isa{blast}. In the
47711 c1cca2a052e4 doc update nipkow parents: 47306 diff changeset	213	following example, \isa{T} and \isa{A} are two binary predicates. It
c1cca2a052e4 doc update nipkow parents: 47306 diff changeset	214	is shown that if \isa{T} is total, \isa{A} is antisymmetric and \isa{T} is
47269 29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	215	a subset of \isa{A}, then \isa{A} is a subset of \isa{T}:%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	216	\end{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	217	\isamarkuptrue%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	218	\isacommand{lemma}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	219	\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	220	\ \ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{5C3C6C6272616B6B3E}{\isasymlbrakk}}\ {\isaliteral{5C3C666F72616C6C3E}{\isasymforall}}x\ y{\isaliteral{2E}{\isachardot}}\ T\ x\ y\ {\isaliteral{5C3C6F723E}{\isasymor}}\ T\ y\ x{\isaliteral{3B}{\isacharsemicolon}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	221	\ \ \ \ \ {\isaliteral{5C3C666F72616C6C3E}{\isasymforall}}x\ y{\isaliteral{2E}{\isachardot}}\ A\ x\ y\ {\isaliteral{5C3C616E643E}{\isasymand}}\ A\ y\ x\ {\isaliteral{5C3C6C6F6E6772696768746172726F773E}{\isasymlongrightarrow}}\ x\ {\isaliteral{3D}{\isacharequal}}\ y{\isaliteral{3B}{\isacharsemicolon}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	222	\ \ \ \ \ {\isaliteral{5C3C666F72616C6C3E}{\isasymforall}}x\ y{\isaliteral{2E}{\isachardot}}\ T\ x\ y\ {\isaliteral{5C3C6C6F6E6772696768746172726F773E}{\isasymlongrightarrow}}\ A\ x\ y\ {\isaliteral{5C3C726272616B6B3E}{\isasymrbrakk}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	223	\ \ \ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ {\isaliteral{5C3C666F72616C6C3E}{\isasymforall}}x\ y{\isaliteral{2E}{\isachardot}}\ A\ x\ y\ {\isaliteral{5C3C6C6F6E6772696768746172726F773E}{\isasymlongrightarrow}}\ T\ x\ y{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	224	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	225	\isadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	226	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	227	\endisadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	228	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	229	\isatagproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	230	\isacommand{by}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	231	\ blast%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	232	\endisatagproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	233	{\isafoldproof}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	234	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	235	\isadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	236	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	237	\endisadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	238	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	239	\begin{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	240	We leave it to the reader to figure out why this lemma is true.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	241	Method \isa{blast}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	242	\begin{itemize}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	243	\item is (in principle) a complete proof procedure for first-order formulas,
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	244	a fragment of HOL. In practice there is a search bound.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	245	\item does no rewriting and knows very little about equality.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	246	\item covers logic, sets and relations.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	247	\item either succeeds or fails.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	248	\end{itemize}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	249	Because of its strength in logic and sets and its weakness in equality reasoning, it complements the earlier proof methods.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	250
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	251
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	252	\subsubsection{Sledgehammer}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	253
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	254	Command \isacom{sledgehammer} calls a number of external automatic
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	255	theorem provers (ATPs) that run for up to 30 seconds searching for a
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	256	proof. Some of these ATPs are part of the Isabelle installation, others are
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	257	queried over the internet. If successful, a proof command is generated and can
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	258	be inserted into your proof. The biggest win of \isacom{sledgehammer} is
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	259	that it will take into account the whole lemma library and you do not need to
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	260	feed in any lemma explicitly. For example,%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	261	\end{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	262	\isamarkuptrue%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	263	\isacommand{lemma}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	264	\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{5C3C6C6272616B6B3E}{\isasymlbrakk}}\ xs\ {\isaliteral{40}{\isacharat}}\ ys\ {\isaliteral{3D}{\isacharequal}}\ ys\ {\isaliteral{40}{\isacharat}}\ xs{\isaliteral{3B}{\isacharsemicolon}}\ \ length\ xs\ {\isaliteral{3D}{\isacharequal}}\ length\ ys\ {\isaliteral{5C3C726272616B6B3E}{\isasymrbrakk}}\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ xs\ {\isaliteral{3D}{\isacharequal}}\ ys{\isaliteral{22}{\isachardoublequoteclose}}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	265	\isadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	266	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	267	\endisadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	268	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	269	\isatagproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	270	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	271	\begin{isamarkuptxt}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	272	cannot be solved by any of the standard proof methods, but
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	273	\isacom{sledgehammer} finds the following proof:%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	274	\end{isamarkuptxt}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	275	\isamarkuptrue%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	276	\isacommand{by}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	277	\ {\isaliteral{28}{\isacharparenleft}}metis\ append{\isaliteral{5F}{\isacharunderscore}}eq{\isaliteral{5F}{\isacharunderscore}}conv{\isaliteral{5F}{\isacharunderscore}}conj{\isaliteral{29}{\isacharparenright}}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	278	\endisatagproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	279	{\isafoldproof}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	280	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	281	\isadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	282	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	283	\endisadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	284	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	285	\begin{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	286	We do not explain how the proof was found but what this command
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	287	means. For a start, Isabelle does not trust external tools (and in particular
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	288	not the translations from Isabelle's logic to those tools!)
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	289	and insists on a proof that it can check. This is what \isa{metis} does.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	290	It is given a list of lemmas and tries to find a proof just using those lemmas
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	291	(and pure logic). In contrast to \isa{simp} and friends that know a lot of
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	292	lemmas already, using \isa{metis} manually is tedious because one has
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	293	to find all the relevant lemmas first. But that is precisely what
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	294	\isacom{sledgehammer} does for us.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	295	In this case lemma \isa{append{\isaliteral{5F}{\isacharunderscore}}eq{\isaliteral{5F}{\isacharunderscore}}conv{\isaliteral{5F}{\isacharunderscore}}conj} alone suffices:
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	296	\begin{isabelle}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	297	{\isaliteral{28}{\isacharparenleft}}xs\ {\isaliteral{40}{\isacharat}}\ ys\ {\isaliteral{3D}{\isacharequal}}\ zs{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ {\isaliteral{28}{\isacharparenleft}}xs\ {\isaliteral{3D}{\isacharequal}}\ take\ {\isaliteral{28}{\isacharparenleft}}length\ xs{\isaliteral{29}{\isacharparenright}}\ zs\ {\isaliteral{5C3C616E643E}{\isasymand}}\ ys\ {\isaliteral{3D}{\isacharequal}}\ drop\ {\isaliteral{28}{\isacharparenleft}}length\ xs{\isaliteral{29}{\isacharparenright}}\ zs{\isaliteral{29}{\isacharparenright}}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	298	\end{isabelle}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	299	We leave it to the reader to figure out why this lemma suffices to prove
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	300	the above lemma, even without any knowledge of what the functions \isa{take}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	301	and \isa{drop} do. Keep in mind that the variables in the two lemmas
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	302	are independent of each other, despite the same names, and that you can
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	303	substitute arbitrary values for the free variables in a lemma.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	304
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	305	Just as for the other proof methods we have seen, there is no guarantee that
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	306	\isacom{sledgehammer} will find a proof if it exists. Nor is
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	307	\isacom{sledgehammer} superior to the other proof methods. They are
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	308	incomparable. Therefore it is recommended to apply \isa{simp} or \isa{auto} before invoking \isacom{sledgehammer} on what is left.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	309
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	310	\subsubsection{Arithmetic}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	311
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	312	By arithmetic formulas we mean formulas involving variables, numbers, \isa{{\isaliteral{2B}{\isacharplus}}}, \isa{{\isaliteral{2D}{\isacharminus}}}, \isa{{\isaliteral{3D}{\isacharequal}}}, \isa{{\isaliteral{3C}{\isacharless}}}, \isa{{\isaliteral{5C3C6C653E}{\isasymle}}} and the usual logical
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	313	connectives \isa{{\isaliteral{5C3C6E6F743E}{\isasymnot}}}, \isa{{\isaliteral{5C3C616E643E}{\isasymand}}}, \isa{{\isaliteral{5C3C6F723E}{\isasymor}}}, \isa{{\isaliteral{5C3C6C6F6E6772696768746172726F773E}{\isasymlongrightarrow}}},
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	314	\isa{{\isaliteral{5C3C6C6F6E676C65667472696768746172726F773E}{\isasymlongleftrightarrow}}}. Strictly speaking, this is known as \concept{linear arithmetic}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	315	because it does not involve multiplication, although multiplication with
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	316	numbers, e.g.\ \isa{{\isadigit{2}}{\isaliteral{2A}{\isacharasterisk}}n} is allowed. Such formulas can be proved by
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	317	\isa{arith}:%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	318	\end{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	319	\isamarkuptrue%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	320	\isacommand{lemma}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	321	\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{5C3C6C6272616B6B3E}{\isasymlbrakk}}\ {\isaliteral{28}{\isacharparenleft}}a{\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}nat{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C6C653E}{\isasymle}}\ x\ {\isaliteral{2B}{\isacharplus}}\ b{\isaliteral{3B}{\isacharsemicolon}}\ {\isadigit{2}}{\isaliteral{2A}{\isacharasterisk}}x\ {\isaliteral{3C}{\isacharless}}\ c\ {\isaliteral{5C3C726272616B6B3E}{\isasymrbrakk}}\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ {\isadigit{2}}{\isaliteral{2A}{\isacharasterisk}}a\ {\isaliteral{2B}{\isacharplus}}\ {\isadigit{1}}\ {\isaliteral{5C3C6C653E}{\isasymle}}\ {\isadigit{2}}{\isaliteral{2A}{\isacharasterisk}}b\ {\isaliteral{2B}{\isacharplus}}\ c{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	322	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	323	\isadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	324	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	325	\endisadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	326	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	327	\isatagproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	328	\isacommand{by}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	329	\ arith%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	330	\endisatagproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	331	{\isafoldproof}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	332	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	333	\isadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	334	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	335	\endisadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	336	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	337	\begin{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	338	In fact, \isa{auto} and \isa{simp} can prove many linear
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	339	arithmetic formulas already, like the one above, by calling a weak but fast
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	340	version of \isa{arith}. Hence it is usually not necessary to invoke
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	341	\isa{arith} explicitly.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	342
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	343	The above example involves natural numbers, but integers (type \isa{int})
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	344	and real numbers (type \isa{real}) are supported as well. As are a number
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	345	of further operators like \isa{min} and \isa{max}. On \isa{nat} and
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	346	\isa{int}, \isa{arith} can even prove theorems with quantifiers in them,
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	347	but we will not enlarge on that here.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	348
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	349
47727 027c7f8cef22 doc update nipkow parents: 47720 diff changeset	350	\subsubsection{Trying them all}
027c7f8cef22 doc update nipkow parents: 47720 diff changeset	351
027c7f8cef22 doc update nipkow parents: 47720 diff changeset	352	If you want to try all of the above automatic proof methods you simply type
027c7f8cef22 doc update nipkow parents: 47720 diff changeset	353	\begin{isabelle}
027c7f8cef22 doc update nipkow parents: 47720 diff changeset	354	\isacom{try}
027c7f8cef22 doc update nipkow parents: 47720 diff changeset	355	\end{isabelle}
027c7f8cef22 doc update nipkow parents: 47720 diff changeset	356	You can also add specific simplification and introduction rules:
027c7f8cef22 doc update nipkow parents: 47720 diff changeset	357	\begin{isabelle}
027c7f8cef22 doc update nipkow parents: 47720 diff changeset	358	\isacom{try} \isa{simp{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ intro{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}}
027c7f8cef22 doc update nipkow parents: 47720 diff changeset	359	\end{isabelle}
027c7f8cef22 doc update nipkow parents: 47720 diff changeset	360	There is also a lightweight variant \isacom{try0} that does not call
027c7f8cef22 doc update nipkow parents: 47720 diff changeset	361	sledgehammer.
027c7f8cef22 doc update nipkow parents: 47720 diff changeset	362
47269 29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	363	\subsection{Single step proofs}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	364
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	365	Although automation is nice, it often fails, at least initially, and you need
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	366	to find out why. When \isa{fastforce} or \isa{blast} simply fail, you have
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	367	no clue why. At this point, the stepwise
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	368	application of proof rules may be necessary. For example, if \isa{blast}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	369	fails on \isa{A\ {\isaliteral{5C3C616E643E}{\isasymand}}\ B}, you want to attack the two
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	370	conjuncts \isa{A} and \isa{B} separately. This can
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	371	be achieved by applying \emph{conjunction introduction}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	372	\[ \isa{\mbox{}\inferrule{\mbox{{\isaliteral{3F}{\isacharquery}}P}\\\ \mbox{{\isaliteral{3F}{\isacharquery}}Q}}{\mbox{{\isaliteral{3F}{\isacharquery}}P\ {\isaliteral{5C3C616E643E}{\isasymand}}\ {\isaliteral{3F}{\isacharquery}}Q}}}\ \isa{conjI}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	373	\]
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	374	to the proof state. We will now examine the details of this process.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	375
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	376	\subsubsection{Instantiating unknowns}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	377
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	378	We had briefly mentioned earlier that after proving some theorem,
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	379	Isabelle replaces all free variables \isa{x} by so called \concept{unknowns}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	380	\isa{{\isaliteral{3F}{\isacharquery}}x}. We can see this clearly in rule \isa{conjI}.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	381	These unknowns can later be instantiated explicitly or implicitly:
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	382	\begin{itemize}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	383	\item By hand, using \isa{of}.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	384	The expression \isa{conjI{\isaliteral{5B}{\isacharbrackleft}}of\ {\isaliteral{22}{\isachardoublequote}}a{\isaliteral{3D}{\isacharequal}}b{\isaliteral{22}{\isachardoublequote}}\ {\isaliteral{22}{\isachardoublequote}}False{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5D}{\isacharbrackright}}}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	385	instantiates the unknowns in \isa{conjI} from left to right with the
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	386	two formulas \isa{a{\isaliteral{3D}{\isacharequal}}b} and \isa{False}, yielding the rule
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	387	\begin{isabelle}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	388	\mbox{}\inferrule{\mbox{a\ {\isaliteral{3D}{\isacharequal}}\ b}\\\ \mbox{False}}{\mbox{a\ {\isaliteral{3D}{\isacharequal}}\ b\ {\isaliteral{5C3C616E643E}{\isasymand}}\ False}}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	389	\end{isabelle}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	390
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	391	In general, \isa{th{\isaliteral{5B}{\isacharbrackleft}}of\ string\isaliteral{5C3C5E697375623E}{}\isactrlisub {\isadigit{1}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ string\isaliteral{5C3C5E697375623E}{}\isactrlisub n{\isaliteral{5D}{\isacharbrackright}}} instantiates
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	392	the unknowns in the theorem \isa{th} from left to right with the terms
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	393	\isa{string\isaliteral{5C3C5E697375623E}{}\isactrlisub {\isadigit{1}}} to \isa{string\isaliteral{5C3C5E697375623E}{}\isactrlisub n}.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	394
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	395	\item By unification. \concept{Unification} is the process of making two
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	396	terms syntactically equal by suitable instantiations of unknowns. For example,
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	397	unifying \isa{{\isaliteral{3F}{\isacharquery}}P\ {\isaliteral{5C3C616E643E}{\isasymand}}\ {\isaliteral{3F}{\isacharquery}}Q} with \mbox{\isa{a\ {\isaliteral{3D}{\isacharequal}}\ b\ {\isaliteral{5C3C616E643E}{\isasymand}}\ False}} instantiates
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	398	\isa{{\isaliteral{3F}{\isacharquery}}P} with \isa{a\ {\isaliteral{3D}{\isacharequal}}\ b} and \isa{{\isaliteral{3F}{\isacharquery}}Q} with \isa{False}.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	399	\end{itemize}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	400	We need not instantiate all unknowns. If we want to skip a particular one we
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	401	can just write \isa{{\isaliteral{5F}{\isacharunderscore}}} instead, for example \isa{conjI{\isaliteral{5B}{\isacharbrackleft}}of\ {\isaliteral{5F}{\isacharunderscore}}\ {\isaliteral{22}{\isachardoublequote}}False{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5D}{\isacharbrackright}}}.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	402	Unknowns can also be instantiated by name, for example
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	403	\isa{conjI{\isaliteral{5B}{\isacharbrackleft}}where\ {\isaliteral{3F}{\isacharquery}}P\ {\isaliteral{3D}{\isacharequal}}\ {\isaliteral{22}{\isachardoublequote}}a{\isaliteral{3D}{\isacharequal}}b{\isaliteral{22}{\isachardoublequote}}\ and\ {\isaliteral{3F}{\isacharquery}}Q\ {\isaliteral{3D}{\isacharequal}}\ {\isaliteral{22}{\isachardoublequote}}False{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5D}{\isacharbrackright}}}.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	404
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	405
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	406	\subsubsection{Rule application}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	407
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	408	\concept{Rule application} means applying a rule backwards to a proof state.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	409	For example, applying rule \isa{conjI} to a proof state
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	410	\begin{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	411	\isa{{\isadigit{1}}{\isaliteral{2E}{\isachardot}}\ \ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ \ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ A\ {\isaliteral{5C3C616E643E}{\isasymand}}\ B}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	412	\end{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	413	results in two subgoals, one for each premise of \isa{conjI}:
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	414	\begin{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	415	\isa{{\isadigit{1}}{\isaliteral{2E}{\isachardot}}\ \ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ \ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ A}\\
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	416	\isa{{\isadigit{2}}{\isaliteral{2E}{\isachardot}}\ \ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ \ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ B}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	417	\end{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	418	In general, the application of a rule \isa{{\isaliteral{5C3C6C6272616B6B3E}{\isasymlbrakk}}\ A\isaliteral{5C3C5E697375623E}{}\isactrlisub {\isadigit{1}}{\isaliteral{3B}{\isacharsemicolon}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{3B}{\isacharsemicolon}}\ A\isaliteral{5C3C5E697375623E}{}\isactrlisub n\ {\isaliteral{5C3C726272616B6B3E}{\isasymrbrakk}}\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ A}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	419	to a subgoal \mbox{\isa{{\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ C}} proceeds in two steps:
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	420	\begin{enumerate}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	421	\item
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	422	Unify \isa{A} and \isa{C}, thus instantiating the unknowns in the rule.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	423	\item
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	424	Replace the subgoal \isa{C} with \isa{n} new subgoals \isa{A\isaliteral{5C3C5E697375623E}{}\isactrlisub {\isadigit{1}}} to \isa{A\isaliteral{5C3C5E697375623E}{}\isactrlisub n}.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	425	\end{enumerate}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	426	This is the command to apply rule \isa{xyz}:
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	427	\begin{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	428	\isacom{apply}\isa{{\isaliteral{28}{\isacharparenleft}}rule\ xyz{\isaliteral{29}{\isacharparenright}}}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	429	\end{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	430	This is also called \concept{backchaining} with rule \isa{xyz}.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	431
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	432	\subsubsection{Introduction rules}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	433
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	434	Conjunction introduction (\isa{conjI}) is one example of a whole
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	435	class of rules known as \concept{introduction rules}. They explain under which
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	436	premises some logical construct can be introduced. Here are some further
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	437	useful introduction rules:
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	438	\[
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	439	\inferrule*[right=\mbox{\isa{impI}}]{\mbox{\isa{{\isaliteral{3F}{\isacharquery}}P\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ {\isaliteral{3F}{\isacharquery}}Q}}}{\mbox{\isa{{\isaliteral{3F}{\isacharquery}}P\ {\isaliteral{5C3C6C6F6E6772696768746172726F773E}{\isasymlongrightarrow}}\ {\isaliteral{3F}{\isacharquery}}Q}}}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	440	\qquad
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	441	\inferrule*[right=\mbox{\isa{allI}}]{\mbox{\isa{{\isaliteral{5C3C416E643E}{\isasymAnd}}x{\isaliteral{2E}{\isachardot}}\ {\isaliteral{3F}{\isacharquery}}P\ x}}}{\mbox{\isa{{\isaliteral{5C3C666F72616C6C3E}{\isasymforall}}x{\isaliteral{2E}{\isachardot}}\ {\isaliteral{3F}{\isacharquery}}P\ x}}}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	442	\]
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	443	\[
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	444	\inferrule*[right=\mbox{\isa{iffI}}]{\mbox{\isa{{\isaliteral{3F}{\isacharquery}}P\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ {\isaliteral{3F}{\isacharquery}}Q}} \\ \mbox{\isa{{\isaliteral{3F}{\isacharquery}}Q\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ {\isaliteral{3F}{\isacharquery}}P}}}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	445	{\mbox{\isa{{\isaliteral{3F}{\isacharquery}}P\ {\isaliteral{3D}{\isacharequal}}\ {\isaliteral{3F}{\isacharquery}}Q}}}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	446	\]
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	447	These rules are part of the logical system of \concept{natural deduction}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	448	(e.g.\ \cite{HuthRyan}). Although we intentionally de-emphasize the basic rules
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	449	of logic in favour of automatic proof methods that allow you to take bigger
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	450	steps, these rules are helpful in locating where and why automation fails.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	451	When applied backwards, these rules decompose the goal:
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	452	\begin{itemize}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	453	\item \isa{conjI} and \isa{iffI} split the goal into two subgoals,
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	454	\item \isa{impI} moves the left-hand side of a HOL implication into the list of assumptions,
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	455	\item and \isa{allI} removes a \isa{{\isaliteral{5C3C666F72616C6C3E}{\isasymforall}}} by turning the quantified variable into a fixed local variable of the subgoal.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	456	\end{itemize}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	457	Isabelle knows about these and a number of other introduction rules.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	458	The command
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	459	\begin{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	460	\isacom{apply} \isa{rule}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	461	\end{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	462	automatically selects the appropriate rule for the current subgoal.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	463
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	464	You can also turn your own theorems into introduction rules by giving them
47711 c1cca2a052e4 doc update nipkow parents: 47306 diff changeset	465	the \isa{intro} attribute, analogous to the \isa{simp} attribute. In
47269 29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	466	that case \isa{blast}, \isa{fastforce} and (to a limited extent) \isa{auto} will automatically backchain with those theorems. The \isa{intro}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	467	attribute should be used with care because it increases the search space and
47711 c1cca2a052e4 doc update nipkow parents: 47306 diff changeset	468	can lead to nontermination. Sometimes it is better to use it only in
c1cca2a052e4 doc update nipkow parents: 47306 diff changeset	469	specific calls of \isa{blast} and friends. For example,
47269 29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	470	\isa{le{\isaliteral{5F}{\isacharunderscore}}trans}, transitivity of \isa{{\isaliteral{5C3C6C653E}{\isasymle}}} on type \isa{nat},
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	471	is not an introduction rule by default because of the disastrous effect
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	472	on the search space, but can be useful in specific situations:%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	473	\end{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	474	\isamarkuptrue%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	475	\isacommand{lemma}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	476	\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{5C3C6C6272616B6B3E}{\isasymlbrakk}}\ {\isaliteral{28}{\isacharparenleft}}a{\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}nat{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C6C653E}{\isasymle}}\ b{\isaliteral{3B}{\isacharsemicolon}}\ b\ {\isaliteral{5C3C6C653E}{\isasymle}}\ c{\isaliteral{3B}{\isacharsemicolon}}\ c\ {\isaliteral{5C3C6C653E}{\isasymle}}\ d{\isaliteral{3B}{\isacharsemicolon}}\ d\ {\isaliteral{5C3C6C653E}{\isasymle}}\ e\ {\isaliteral{5C3C726272616B6B3E}{\isasymrbrakk}}\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ a\ {\isaliteral{5C3C6C653E}{\isasymle}}\ e{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	477	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	478	\isadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	479	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	480	\endisadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	481	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	482	\isatagproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	483	\isacommand{by}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	484	{\isaliteral{28}{\isacharparenleft}}blast\ intro{\isaliteral{3A}{\isacharcolon}}\ le{\isaliteral{5F}{\isacharunderscore}}trans{\isaliteral{29}{\isacharparenright}}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	485	\endisatagproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	486	{\isafoldproof}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	487	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	488	\isadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	489	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	490	\endisadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	491	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	492	\begin{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	493	Of course this is just an example and could be proved by \isa{arith}, too.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	494
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	495	\subsubsection{Forward proof}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	496	\label{sec:forward-proof}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	497
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	498	Forward proof means deriving new theorems from old theorems. We have already
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	499	seen a very simple form of forward proof: the \isa{of} operator for
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	500	instantiating unknowns in a theorem. The big brother of \isa{of} is \isa{OF} for applying one theorem to others. Given a theorem \isa{A\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ B} called
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	501	\isa{r} and a theorem \isa{A{\isaliteral{27}{\isacharprime}}} called \isa{r{\isaliteral{27}{\isacharprime}}}, the theorem \isa{r{\isaliteral{5B}{\isacharbrackleft}}OF\ r{\isaliteral{27}{\isacharprime}}{\isaliteral{5D}{\isacharbrackright}}} is the result of applying \isa{r} to \isa{r{\isaliteral{27}{\isacharprime}}}, where \isa{r} should be viewed as a function taking a theorem \isa{A} and returning
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	502	\isa{B}. More precisely, \isa{A} and \isa{A{\isaliteral{27}{\isacharprime}}} are unified, thus
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	503	instantiating the unknowns in \isa{B}, and the result is the instantiated
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	504	\isa{B}. Of course, unification may also fail.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	505	\begin{warn}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	506	Application of rules to other rules operates in the forward direction: from
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	507	the premises to the conclusion of the rule; application of rules to proof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	508	states operates in the backward direction, from the conclusion to the
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	509	premises.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	510	\end{warn}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	511
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	512	In general \isa{r} can be of the form \isa{{\isaliteral{5C3C6C6272616B6B3E}{\isasymlbrakk}}\ A\isaliteral{5C3C5E697375623E}{}\isactrlisub {\isadigit{1}}{\isaliteral{3B}{\isacharsemicolon}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{3B}{\isacharsemicolon}}\ A\isaliteral{5C3C5E697375623E}{}\isactrlisub n\ {\isaliteral{5C3C726272616B6B3E}{\isasymrbrakk}}\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ A}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	513	and there can be multiple argument theorems \isa{r\isaliteral{5C3C5E697375623E}{}\isactrlisub {\isadigit{1}}} to \isa{r\isaliteral{5C3C5E697375623E}{}\isactrlisub m}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	514	(with \isa{m\ {\isaliteral{5C3C6C653E}{\isasymle}}\ n}), in which case \isa{r{\isaliteral{5B}{\isacharbrackleft}}OF\ r\isaliteral{5C3C5E697375623E}{}\isactrlisub {\isadigit{1}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ r\isaliteral{5C3C5E697375623E}{}\isactrlisub m{\isaliteral{5D}{\isacharbrackright}}} is obtained
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	515	by unifying and thus proving \isa{A\isaliteral{5C3C5E697375623E}{}\isactrlisub i} with \isa{r\isaliteral{5C3C5E697375623E}{}\isactrlisub i}, \isa{i\ {\isaliteral{3D}{\isacharequal}}\ {\isadigit{1}}{\isaliteral{5C3C646F74733E}{\isasymdots}}m}.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	516	Here is an example, where \isa{refl} is the theorem
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	517	\isa{{\isaliteral{3F}{\isacharquery}}t\ {\isaliteral{3D}{\isacharequal}}\ {\isaliteral{3F}{\isacharquery}}t}:%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	518	\end{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	519	\isamarkuptrue%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	520	\isacommand{thm}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	521	\ conjI{\isaliteral{5B}{\isacharbrackleft}}OF\ refl{\isaliteral{5B}{\isacharbrackleft}}of\ {\isaliteral{22}{\isachardoublequoteopen}}a{\isaliteral{22}{\isachardoublequoteclose}}{\isaliteral{5D}{\isacharbrackright}}\ refl{\isaliteral{5B}{\isacharbrackleft}}of\ {\isaliteral{22}{\isachardoublequoteopen}}b{\isaliteral{22}{\isachardoublequoteclose}}{\isaliteral{5D}{\isacharbrackright}}{\isaliteral{5D}{\isacharbrackright}}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	522	\begin{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	523	yields the theorem \isa{a\ {\isaliteral{3D}{\isacharequal}}\ a\ {\isaliteral{5C3C616E643E}{\isasymand}}\ b\ {\isaliteral{3D}{\isacharequal}}\ b}.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	524	The command \isacom{thm} merely displays the result.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	525
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	526	Forward reasoning also makes sense in connection with proof states.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	527	Therefore \isa{blast}, \isa{fastforce} and \isa{auto} support a modifier
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	528	\isa{dest} which instructs the proof method to use certain rules in a
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	529	forward fashion. If \isa{r} is of the form \mbox{\isa{A\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ B}}, the modifier
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	530	\mbox{\isa{dest{\isaliteral{3A}{\isacharcolon}}\ r}}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	531	allows proof search to reason forward with \isa{r}, i.e.\
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	532	to replace an assumption \isa{A{\isaliteral{27}{\isacharprime}}}, where \isa{A{\isaliteral{27}{\isacharprime}}} unifies with \isa{A},
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	533	with the correspondingly instantiated \isa{B}. For example, \isa{Suc{\isaliteral{5F}{\isacharunderscore}}leD} is the theorem \mbox{\isa{Suc\ m\ {\isaliteral{5C3C6C653E}{\isasymle}}\ n\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ m\ {\isaliteral{5C3C6C653E}{\isasymle}}\ n}}, which works well for forward reasoning:%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	534	\end{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	535	\isamarkuptrue%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	536	\isacommand{lemma}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	537	\ {\isaliteral{22}{\isachardoublequoteopen}}Suc{\isaliteral{28}{\isacharparenleft}}Suc{\isaliteral{28}{\isacharparenleft}}Suc\ a{\isaliteral{29}{\isacharparenright}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C6C653E}{\isasymle}}\ b\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ a\ {\isaliteral{5C3C6C653E}{\isasymle}}\ b{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	538	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	539	\isadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	540	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	541	\endisadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	542	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	543	\isatagproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	544	\isacommand{by}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	545	{\isaliteral{28}{\isacharparenleft}}blast\ dest{\isaliteral{3A}{\isacharcolon}}\ Suc{\isaliteral{5F}{\isacharunderscore}}leD{\isaliteral{29}{\isacharparenright}}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	546	\endisatagproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	547	{\isafoldproof}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	548	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	549	\isadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	550	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	551	\endisadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	552	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	553	\begin{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	554	In this particular example we could have backchained with
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	555	\isa{Suc{\isaliteral{5F}{\isacharunderscore}}leD}, too, but because the premise is more complicated than the conclusion this can easily lead to nontermination.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	556
47727 027c7f8cef22 doc update nipkow parents: 47720 diff changeset	557	\subsubsection{Finding theorems}
027c7f8cef22 doc update nipkow parents: 47720 diff changeset	558
027c7f8cef22 doc update nipkow parents: 47720 diff changeset	559	Command \isacom{find\_theorems} searches for specific theorems in the current
027c7f8cef22 doc update nipkow parents: 47720 diff changeset	560	theory. Search criteria include pattern matching on terms and on names.
027c7f8cef22 doc update nipkow parents: 47720 diff changeset	561	For details see the Isabelle/Isar Reference Manual~\cite{IsarRef}.
027c7f8cef22 doc update nipkow parents: 47720 diff changeset	562	\bigskip
027c7f8cef22 doc update nipkow parents: 47720 diff changeset	563
47269 29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	564	\begin{warn}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	565	To ease readability we will drop the question marks
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	566	in front of unknowns from now on.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	567	\end{warn}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	568
47727 027c7f8cef22 doc update nipkow parents: 47720 diff changeset	569
47269 29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	570	\section{Inductive definitions}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	571	\label{sec:inductive-defs}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	572
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	573	Inductive definitions are the third important definition facility, after
47711 c1cca2a052e4 doc update nipkow parents: 47306 diff changeset	574	datatypes and recursive function.
c1cca2a052e4 doc update nipkow parents: 47306 diff changeset	575	\sem
c1cca2a052e4 doc update nipkow parents: 47306 diff changeset	576	In fact, they are the key construct in the
47269 29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	577	definition of operational semantics in the second part of the book.
47711 c1cca2a052e4 doc update nipkow parents: 47306 diff changeset	578	\endsem
47269 29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	579
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	580	\subsection{An example: even numbers}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	581	\label{sec:Logic:even}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	582
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	583	Here is a simple example of an inductively defined predicate:
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	584	\begin{itemize}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	585	\item 0 is even
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	586	\item If $n$ is even, so is $n+2$.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	587	\end{itemize}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	588	The operative word ``inductive'' means that these are the only even numbers.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	589	In Isabelle we give the two rules the names \isa{ev{\isadigit{0}}} and \isa{evSS}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	590	and write%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	591	\end{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	592	\isamarkuptrue%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	593	\isacommand{inductive}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	594	\ ev\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequoteopen}}nat\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ bool{\isaliteral{22}{\isachardoublequoteclose}}\ \isakeyword{where}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	595	ev{\isadigit{0}}{\isaliteral{3A}{\isacharcolon}}\ \ \ \ {\isaliteral{22}{\isachardoublequoteopen}}ev\ {\isadigit{0}}{\isaliteral{22}{\isachardoublequoteclose}}\ {\isaliteral{7C}{\isacharbar}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	596	evSS{\isaliteral{3A}{\isacharcolon}}\ \ %
47306 56d72c923281 made sure that " is shown in tutorial text nipkow parents: 47269 diff changeset	597	\isa{{\isaliteral{22}{\isachardoublequote}}ev\ n\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ ev\ {\isaliteral{28}{\isacharparenleft}}n\ {\isaliteral{2B}{\isacharplus}}\ {\isadigit{2}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}}
47269 29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	598	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	599	\begin{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	600	To get used to inductive definitions, we will first prove a few
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	601	properties of \isa{ev} informally before we descend to the Isabelle level.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	602
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	603	How do we prove that some number is even, e.g.\ \isa{ev\ {\isadigit{4}}}? Simply by combining the defining rules for \isa{ev}:
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	604	\begin{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	605	\isa{ev\ {\isadigit{0}}\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ ev\ {\isaliteral{28}{\isacharparenleft}}{\isadigit{0}}\ {\isaliteral{2B}{\isacharplus}}\ {\isadigit{2}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ ev{\isaliteral{28}{\isacharparenleft}}{\isaliteral{28}{\isacharparenleft}}{\isadigit{0}}\ {\isaliteral{2B}{\isacharplus}}\ {\isadigit{2}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{2B}{\isacharplus}}\ {\isadigit{2}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ ev\ {\isadigit{4}}}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	606	\end{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	607
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	608	\subsubsection{Rule induction}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	609
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	610	Showing that all even numbers have some property is more complicated. For
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	611	example, let us prove that the inductive definition of even numbers agrees
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	612	with the following recursive one:%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	613	\end{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	614	\isamarkuptrue%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	615	\isacommand{fun}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	616	\ even\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequoteopen}}nat\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ bool{\isaliteral{22}{\isachardoublequoteclose}}\ \isakeyword{where}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	617	{\isaliteral{22}{\isachardoublequoteopen}}even\ {\isadigit{0}}\ {\isaliteral{3D}{\isacharequal}}\ True{\isaliteral{22}{\isachardoublequoteclose}}\ {\isaliteral{7C}{\isacharbar}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	618	{\isaliteral{22}{\isachardoublequoteopen}}even\ {\isaliteral{28}{\isacharparenleft}}Suc\ {\isadigit{0}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ False{\isaliteral{22}{\isachardoublequoteclose}}\ {\isaliteral{7C}{\isacharbar}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	619	{\isaliteral{22}{\isachardoublequoteopen}}even\ {\isaliteral{28}{\isacharparenleft}}Suc{\isaliteral{28}{\isacharparenleft}}Suc\ n{\isaliteral{29}{\isacharparenright}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ even\ n{\isaliteral{22}{\isachardoublequoteclose}}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	620	\begin{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	621	We prove \isa{ev\ m\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ even\ m}. That is, we
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	622	assume \isa{ev\ m} and by induction on the form of its derivation
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	623	prove \isa{even\ m}. There are two cases corresponding to the two rules
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	624	for \isa{ev}:
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	625	\begin{description}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	626	\item[Case \isa{ev{\isadigit{0}}}:]
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	627	\isa{ev\ m} was derived by rule \isa{ev\ {\isadigit{0}}}: \\
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	628	\isa{{\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}} \isa{m\ {\isaliteral{3D}{\isacharequal}}\ {\isadigit{0}}} \isa{{\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}} \isa{even\ m\ {\isaliteral{3D}{\isacharequal}}\ even\ {\isadigit{0}}\ {\isaliteral{3D}{\isacharequal}}\ True}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	629	\item[Case \isa{evSS}:]
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	630	\isa{ev\ m} was derived by rule \isa{ev\ n\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ ev\ {\isaliteral{28}{\isacharparenleft}}n\ {\isaliteral{2B}{\isacharplus}}\ {\isadigit{2}}{\isaliteral{29}{\isacharparenright}}}: \\
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	631	\isa{{\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}} \isa{m\ {\isaliteral{3D}{\isacharequal}}\ n\ {\isaliteral{2B}{\isacharplus}}\ {\isadigit{2}}} and by induction hypothesis \isa{even\ n}\\
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	632	\isa{{\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}} \isa{even\ m\ {\isaliteral{3D}{\isacharequal}}\ even{\isaliteral{28}{\isacharparenleft}}n\ {\isaliteral{2B}{\isacharplus}}\ {\isadigit{2}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ even\ n\ {\isaliteral{3D}{\isacharequal}}\ True}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	633	\end{description}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	634
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	635	What we have just seen is a special case of \concept{rule induction}.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	636	Rule induction applies to propositions of this form
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	637	\begin{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	638	\isa{ev\ n\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ P\ n}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	639	\end{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	640	That is, we want to prove a property \isa{P\ n}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	641	for all even \isa{n}. But if we assume \isa{ev\ n}, then there must be
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	642	some derivation of this assumption using the two defining rules for
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	643	\isa{ev}. That is, we must prove
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	644	\begin{description}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	645	\item[Case \isa{ev{\isadigit{0}}}:] \isa{P\ {\isadigit{0}}}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	646	\item[Case \isa{evSS}:] \isa{{\isaliteral{5C3C6C6272616B6B3E}{\isasymlbrakk}}ev\ n{\isaliteral{3B}{\isacharsemicolon}}\ P\ n{\isaliteral{5C3C726272616B6B3E}{\isasymrbrakk}}\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ P\ {\isaliteral{28}{\isacharparenleft}}n\ {\isaliteral{2B}{\isacharplus}}\ {\isadigit{2}}{\isaliteral{29}{\isacharparenright}}}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	647	\end{description}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	648	The corresponding rule is called \isa{ev{\isaliteral{2E}{\isachardot}}induct} and looks like this:
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	649	\[
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	650	\inferrule{
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	651	\mbox{\isa{ev\ n}}\\
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	652	\mbox{\isa{P\ {\isadigit{0}}}}\\
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	653	\mbox{\isa{{\isaliteral{5C3C416E643E}{\isasymAnd}}n{\isaliteral{2E}{\isachardot}}\ {\isaliteral{5C3C6C6272616B6B3E}{\isasymlbrakk}}ev\ n{\isaliteral{3B}{\isacharsemicolon}}\ P\ n{\isaliteral{5C3C726272616B6B3E}{\isasymrbrakk}}\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ P\ {\isaliteral{28}{\isacharparenleft}}n\ {\isaliteral{2B}{\isacharplus}}\ {\isadigit{2}}{\isaliteral{29}{\isacharparenright}}}}}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	654	{\mbox{\isa{P\ n}}}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	655	\]
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	656	The first premise \isa{ev\ n} enforces that this rule can only be applied
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	657	in situations where we know that \isa{n} is even.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	658
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	659	Note that in the induction step we may not just assume \isa{P\ n} but also
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	660	\mbox{\isa{ev\ n}}, which is simply the premise of rule \isa{evSS}. Here is an example where the local assumption \isa{ev\ n} comes in
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	661	handy: we prove \isa{ev\ m\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ ev\ {\isaliteral{28}{\isacharparenleft}}m\ {\isaliteral{2D}{\isacharminus}}\ {\isadigit{2}}{\isaliteral{29}{\isacharparenright}}} by induction on \isa{ev\ m}.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	662	Case \isa{ev{\isadigit{0}}} requires us to prove \isa{ev\ {\isaliteral{28}{\isacharparenleft}}{\isadigit{0}}\ {\isaliteral{2D}{\isacharminus}}\ {\isadigit{2}}{\isaliteral{29}{\isacharparenright}}}, which follows
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	663	from \isa{ev\ {\isadigit{0}}} because \isa{{\isadigit{0}}\ {\isaliteral{2D}{\isacharminus}}\ {\isadigit{2}}\ {\isaliteral{3D}{\isacharequal}}\ {\isadigit{0}}} on type \isa{nat}. In
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	664	case \isa{evSS} we have \mbox{\isa{m\ {\isaliteral{3D}{\isacharequal}}\ n\ {\isaliteral{2B}{\isacharplus}}\ {\isadigit{2}}}} and may assume
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	665	\isa{ev\ n}, which implies \isa{ev\ {\isaliteral{28}{\isacharparenleft}}m\ {\isaliteral{2D}{\isacharminus}}\ {\isadigit{2}}{\isaliteral{29}{\isacharparenright}}} because \isa{m\ {\isaliteral{2D}{\isacharminus}}\ {\isadigit{2}}\ {\isaliteral{3D}{\isacharequal}}\ {\isaliteral{28}{\isacharparenleft}}n\ {\isaliteral{2B}{\isacharplus}}\ {\isadigit{2}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{2D}{\isacharminus}}\ {\isadigit{2}}\ {\isaliteral{3D}{\isacharequal}}\ n}. We did not need the induction hypothesis at all for this proof,
47711 c1cca2a052e4 doc update nipkow parents: 47306 diff changeset	666	it is just a case analysis of which rule was used, but having \isa{ev\ n} at our disposal in case \isa{evSS} was essential.
c1cca2a052e4 doc update nipkow parents: 47306 diff changeset	667	This case analysis of rules is also called ``rule inversion''
47269 29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	668	and is discussed in more detail in \autoref{ch:Isar}.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	669
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	670	\subsubsection{In Isabelle}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	671
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	672	Let us now recast the above informal proofs in Isabelle. For a start,
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	673	we use \isa{Suc} terms instead of numerals in rule \isa{evSS}:
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	674	\begin{isabelle}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	675	ev\ n\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ ev\ {\isaliteral{28}{\isacharparenleft}}Suc\ {\isaliteral{28}{\isacharparenleft}}Suc\ n{\isaliteral{29}{\isacharparenright}}{\isaliteral{29}{\isacharparenright}}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	676	\end{isabelle}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	677	This avoids the difficulty of unifying \isa{n{\isaliteral{2B}{\isacharplus}}{\isadigit{2}}} with some numeral,
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	678	which is not automatic.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	679
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	680	The simplest way to prove \isa{ev\ {\isaliteral{28}{\isacharparenleft}}Suc\ {\isaliteral{28}{\isacharparenleft}}Suc\ {\isaliteral{28}{\isacharparenleft}}Suc\ {\isaliteral{28}{\isacharparenleft}}Suc\ {\isadigit{0}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{29}{\isacharparenright}}} is in a forward
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	681	direction: \isa{evSS{\isaliteral{5B}{\isacharbrackleft}}OF\ evSS{\isaliteral{5B}{\isacharbrackleft}}OF\ ev{\isadigit{0}}{\isaliteral{5D}{\isacharbrackright}}{\isaliteral{5D}{\isacharbrackright}}} yields the theorem \isa{ev\ {\isaliteral{28}{\isacharparenleft}}Suc\ {\isaliteral{28}{\isacharparenleft}}Suc\ {\isaliteral{28}{\isacharparenleft}}Suc\ {\isaliteral{28}{\isacharparenleft}}Suc\ {\isadigit{0}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{29}{\isacharparenright}}}. Alternatively, you can also prove it as a lemma in backwards
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	682	fashion. Although this is more verbose, it allows us to demonstrate how each
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	683	rule application changes the proof state:%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	684	\end{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	685	\isamarkuptrue%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	686	\isacommand{lemma}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	687	\ {\isaliteral{22}{\isachardoublequoteopen}}ev{\isaliteral{28}{\isacharparenleft}}Suc{\isaliteral{28}{\isacharparenleft}}Suc{\isaliteral{28}{\isacharparenleft}}Suc{\isaliteral{28}{\isacharparenleft}}Suc\ {\isadigit{0}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequoteclose}}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	688	\isadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	689	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	690	\endisadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	691	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	692	\isatagproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	693	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	694	\begin{isamarkuptxt}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	695	\begin{isabelle}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	696	\ {\isadigit{1}}{\isaliteral{2E}{\isachardot}}\ ev\ {\isaliteral{28}{\isacharparenleft}}Suc\ {\isaliteral{28}{\isacharparenleft}}Suc\ {\isaliteral{28}{\isacharparenleft}}Suc\ {\isaliteral{28}{\isacharparenleft}}Suc\ {\isadigit{0}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{29}{\isacharparenright}}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	697	\end{isabelle}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	698	\end{isamarkuptxt}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	699	\isamarkuptrue%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	700	\isacommand{apply}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	701	{\isaliteral{28}{\isacharparenleft}}rule\ evSS{\isaliteral{29}{\isacharparenright}}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	702	\begin{isamarkuptxt}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	703	\begin{isabelle}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	704	\ {\isadigit{1}}{\isaliteral{2E}{\isachardot}}\ ev\ {\isaliteral{28}{\isacharparenleft}}Suc\ {\isaliteral{28}{\isacharparenleft}}Suc\ {\isadigit{0}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{29}{\isacharparenright}}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	705	\end{isabelle}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	706	\end{isamarkuptxt}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	707	\isamarkuptrue%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	708	\isacommand{apply}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	709	{\isaliteral{28}{\isacharparenleft}}rule\ evSS{\isaliteral{29}{\isacharparenright}}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	710	\begin{isamarkuptxt}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	711	\begin{isabelle}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	712	\ {\isadigit{1}}{\isaliteral{2E}{\isachardot}}\ ev\ {\isadigit{0}}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	713	\end{isabelle}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	714	\end{isamarkuptxt}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	715	\isamarkuptrue%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	716	\isacommand{apply}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	717	{\isaliteral{28}{\isacharparenleft}}rule\ ev{\isadigit{0}}{\isaliteral{29}{\isacharparenright}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	718	\isacommand{done}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	719	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	720	\endisatagproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	721	{\isafoldproof}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	722	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	723	\isadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	724	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	725	\endisadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	726	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	727	\begin{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	728	\indent
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	729	Rule induction is applied by giving the induction rule explicitly via the
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	730	\isa{rule{\isaliteral{3A}{\isacharcolon}}} modifier:%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	731	\end{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	732	\isamarkuptrue%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	733	\isacommand{lemma}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	734	\ {\isaliteral{22}{\isachardoublequoteopen}}ev\ m\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ even\ m{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	735	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	736	\isadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	737	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	738	\endisadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	739	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	740	\isatagproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	741	\isacommand{apply}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	742	{\isaliteral{28}{\isacharparenleft}}induction\ rule{\isaliteral{3A}{\isacharcolon}}\ ev{\isaliteral{2E}{\isachardot}}induct{\isaliteral{29}{\isacharparenright}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	743	\isacommand{by}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	744	{\isaliteral{28}{\isacharparenleft}}simp{\isaliteral{5F}{\isacharunderscore}}all{\isaliteral{29}{\isacharparenright}}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	745	\endisatagproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	746	{\isafoldproof}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	747	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	748	\isadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	749	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	750	\endisadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	751	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	752	\begin{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	753	Both cases are automatic. Note that if there are multiple assumptions
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	754	of the form \isa{ev\ t}, method \isa{induction} will induct on the leftmost
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	755	one.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	756
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	757	As a bonus, we also prove the remaining direction of the equivalence of
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	758	\isa{ev} and \isa{even}:%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	759	\end{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	760	\isamarkuptrue%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	761	\isacommand{lemma}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	762	\ {\isaliteral{22}{\isachardoublequoteopen}}even\ n\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ ev\ n{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	763	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	764	\isadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	765	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	766	\endisadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	767	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	768	\isatagproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	769	\isacommand{apply}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	770	{\isaliteral{28}{\isacharparenleft}}induction\ n\ rule{\isaliteral{3A}{\isacharcolon}}\ even{\isaliteral{2E}{\isachardot}}induct{\isaliteral{29}{\isacharparenright}}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	771	\begin{isamarkuptxt}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	772	This is a proof by computation induction on \isa{n} (see
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	773	\autoref{sec:recursive-funs}) that sets up three subgoals corresponding to
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	774	the three equations for \isa{even}:
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	775	\begin{isabelle}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	776	\ {\isadigit{1}}{\isaliteral{2E}{\isachardot}}\ even\ {\isadigit{0}}\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ ev\ {\isadigit{0}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	777	\ {\isadigit{2}}{\isaliteral{2E}{\isachardot}}\ even\ {\isaliteral{28}{\isacharparenleft}}Suc\ {\isadigit{0}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ ev\ {\isaliteral{28}{\isacharparenleft}}Suc\ {\isadigit{0}}{\isaliteral{29}{\isacharparenright}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	778	\ {\isadigit{3}}{\isaliteral{2E}{\isachardot}}\ {\isaliteral{5C3C416E643E}{\isasymAnd}}n{\isaliteral{2E}{\isachardot}}\ {\isaliteral{5C3C6C6272616B6B3E}{\isasymlbrakk}}even\ n\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ ev\ n{\isaliteral{3B}{\isacharsemicolon}}\ even\ {\isaliteral{28}{\isacharparenleft}}Suc\ {\isaliteral{28}{\isacharparenleft}}Suc\ n{\isaliteral{29}{\isacharparenright}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{5C3C726272616B6B3E}{\isasymrbrakk}}\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ ev\ {\isaliteral{28}{\isacharparenleft}}Suc\ {\isaliteral{28}{\isacharparenleft}}Suc\ n{\isaliteral{29}{\isacharparenright}}{\isaliteral{29}{\isacharparenright}}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	779	\end{isabelle}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	780	The first and third subgoals follow with \isa{ev{\isadigit{0}}} and \isa{evSS}, and the second subgoal is trivially true because \isa{even\ {\isaliteral{28}{\isacharparenleft}}Suc\ {\isadigit{0}}{\isaliteral{29}{\isacharparenright}}} is \isa{False}:%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	781	\end{isamarkuptxt}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	782	\isamarkuptrue%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	783	\isacommand{by}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	784	\ {\isaliteral{28}{\isacharparenleft}}simp{\isaliteral{5F}{\isacharunderscore}}all\ add{\isaliteral{3A}{\isacharcolon}}\ ev{\isadigit{0}}\ evSS{\isaliteral{29}{\isacharparenright}}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	785	\endisatagproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	786	{\isafoldproof}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	787	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	788	\isadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	789	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	790	\endisadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	791	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	792	\begin{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	793	The rules for \isa{ev} make perfect simplification and introduction
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	794	rules because their premises are always smaller than the conclusion. It
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	795	makes sense to turn them into simplification and introduction rules
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	796	permanently, to enhance proof automation:%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	797	\end{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	798	\isamarkuptrue%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	799	\isacommand{declare}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	800	\ ev{\isaliteral{2E}{\isachardot}}intros{\isaliteral{5B}{\isacharbrackleft}}simp{\isaliteral{2C}{\isacharcomma}}intro{\isaliteral{5D}{\isacharbrackright}}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	801	\begin{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	802	The rules of an inductive definition are not simplification rules by
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	803	default because, in contrast to recursive functions, there is no termination
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	804	requirement for inductive definitions.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	805
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	806	\subsubsection{Inductive versus recursive}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	807
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	808	We have seen two definitions of the notion of evenness, an inductive and a
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	809	recursive one. Which one is better? Much of the time, the recursive one is
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	810	more convenient: it allows us to do rewriting in the middle of terms, and it
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	811	expresses both the positive information (which numbers are even) and the
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	812	negative information (which numbers are not even) directly. An inductive
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	813	definition only expresses the positive information directly. The negative
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	814	information, for example, that \isa{{\isadigit{1}}} is not even, has to be proved from
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	815	it (by induction or rule inversion). On the other hand, rule induction is
47711 c1cca2a052e4 doc update nipkow parents: 47306 diff changeset	816	tailor-made for proving \mbox{\isa{ev\ n\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ P\ n}} because it only asks you
47269 29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	817	to prove the positive cases. In the proof of \isa{even\ n\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ P\ n} by
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	818	computation induction via \isa{even{\isaliteral{2E}{\isachardot}}induct}, we are also presented
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	819	with the trivial negative cases. If you want the convenience of both
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	820	rewriting and rule induction, you can make two definitions and show their
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	821	equivalence (as above) or make one definition and prove additional properties
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	822	from it, for example rule induction from computation induction.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	823
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	824	But many concepts do not admit a recursive definition at all because there is
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	825	no datatype for the recursion (for example, the transitive closure of a
47711 c1cca2a052e4 doc update nipkow parents: 47306 diff changeset	826	relation), or the recursion would not terminate (for example,
c1cca2a052e4 doc update nipkow parents: 47306 diff changeset	827	an interpreter for a programming language). Even if there is a recursive
47269 29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	828	definition, if we are only interested in the positive information, the
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	829	inductive definition may be much simpler.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	830
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	831	\subsection{The reflexive transitive closure}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	832	\label{sec:star}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	833
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	834	Evenness is really more conveniently expressed recursively than inductively.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	835	As a second and very typical example of an inductive definition we define the
47711 c1cca2a052e4 doc update nipkow parents: 47306 diff changeset	836	reflexive transitive closure.
c1cca2a052e4 doc update nipkow parents: 47306 diff changeset	837	\sem
c1cca2a052e4 doc update nipkow parents: 47306 diff changeset	838	It will also be an important building block for
47269 29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	839	some of the semantics considered in the second part of the book.
47711 c1cca2a052e4 doc update nipkow parents: 47306 diff changeset	840	\endsem
47269 29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	841
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	842	The reflexive transitive closure, called \isa{star} below, is a function
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	843	that maps a binary predicate to another binary predicate: if \isa{r} is of
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	844	type \isa{{\isaliteral{5C3C7461753E}{\isasymtau}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C7461753E}{\isasymtau}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ bool} then \isa{star\ r} is again of type \isa{{\isaliteral{5C3C7461753E}{\isasymtau}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C7461753E}{\isasymtau}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ bool}, and \isa{star\ r\ x\ y} means that \isa{x} and \isa{y} are in
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	845	the relation \isa{star\ r}. Think \isa{r\isaliteral{5C3C5E7375703E}{}\isactrlsup {\isaliteral{2A}{\isacharasterisk}}} when you see \isa{star\ r}, because \isa{star\ r} is meant to be the reflexive transitive closure.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	846	That is, \isa{star\ r\ x\ y} is meant to be true if from \isa{x} we can
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	847	reach \isa{y} in finitely many \isa{r} steps. This concept is naturally
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	848	defined inductively:%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	849	\end{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	850	\isamarkuptrue%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	851	\isacommand{inductive}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	852	\ star\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{27}{\isacharprime}}a\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{27}{\isacharprime}}a\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ bool{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{27}{\isacharprime}}a\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{27}{\isacharprime}}a\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ bool{\isaliteral{22}{\isachardoublequoteclose}}\ \ \isakeyword{for}\ r\ \isakeyword{where}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	853	refl{\isaliteral{3A}{\isacharcolon}}\ \ {\isaliteral{22}{\isachardoublequoteopen}}star\ r\ x\ x{\isaliteral{22}{\isachardoublequoteclose}}\ {\isaliteral{7C}{\isacharbar}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	854	step{\isaliteral{3A}{\isacharcolon}}\ \ {\isaliteral{22}{\isachardoublequoteopen}}r\ x\ y\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ star\ r\ y\ z\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ star\ r\ x\ z{\isaliteral{22}{\isachardoublequoteclose}}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	855	\begin{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	856	The base case \isa{refl} is reflexivity: \isa{x\ {\isaliteral{3D}{\isacharequal}}\ y}. The
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	857	step case \isa{step} combines an \isa{r} step (from \isa{x} to
47711 c1cca2a052e4 doc update nipkow parents: 47306 diff changeset	858	\isa{y}) and a \isa{star\ r} step (from \isa{y} to \isa{z}) into a
c1cca2a052e4 doc update nipkow parents: 47306 diff changeset	859	\isa{star\ r} step (from \isa{x} to \isa{z}).
47269 29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	860	The ``\isacom{for}~\isa{r}'' in the header is merely a hint to Isabelle
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	861	that \isa{r} is a fixed parameter of \isa{star}, in contrast to the
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	862	further parameters of \isa{star}, which change. As a result, Isabelle
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	863	generates a simpler induction rule.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	864
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	865	By definition \isa{star\ r} is reflexive. It is also transitive, but we
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	866	need rule induction to prove that:%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	867	\end{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	868	\isamarkuptrue%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	869	\isacommand{lemma}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	870	\ star{\isaliteral{5F}{\isacharunderscore}}trans{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequoteopen}}star\ r\ x\ y\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ star\ r\ y\ z\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ star\ r\ x\ z{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	871	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	872	\isadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	873	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	874	\endisadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	875	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	876	\isatagproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	877	\isacommand{apply}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	878	{\isaliteral{28}{\isacharparenleft}}induction\ rule{\isaliteral{3A}{\isacharcolon}}\ star{\isaliteral{2E}{\isachardot}}induct{\isaliteral{29}{\isacharparenright}}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	879	\begin{isamarkuptxt}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	880	The induction is over \isa{star\ r\ x\ y} and we try to prove
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	881	\mbox{\isa{star\ r\ y\ z\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ star\ r\ x\ z}},
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	882	which we abbreviate by \isa{P\ x\ y}. These are our two subgoals:
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	883	\begin{isabelle}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	884	\ {\isadigit{1}}{\isaliteral{2E}{\isachardot}}\ {\isaliteral{5C3C416E643E}{\isasymAnd}}x{\isaliteral{2E}{\isachardot}}\ star\ r\ x\ z\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ star\ r\ x\ z\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	885	\ {\isadigit{2}}{\isaliteral{2E}{\isachardot}}\ {\isaliteral{5C3C416E643E}{\isasymAnd}}u\ x\ y{\isaliteral{2E}{\isachardot}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	886	\isaindent{\ {\isadigit{2}}{\isaliteral{2E}{\isachardot}}\ \ \ \ }{\isaliteral{5C3C6C6272616B6B3E}{\isasymlbrakk}}r\ u\ x{\isaliteral{3B}{\isacharsemicolon}}\ star\ r\ x\ y{\isaliteral{3B}{\isacharsemicolon}}\ star\ r\ y\ z\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ star\ r\ x\ z{\isaliteral{3B}{\isacharsemicolon}}\ star\ r\ y\ z{\isaliteral{5C3C726272616B6B3E}{\isasymrbrakk}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	887	\isaindent{\ {\isadigit{2}}{\isaliteral{2E}{\isachardot}}\ \ \ \ }{\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ star\ r\ u\ z%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	888	\end{isabelle}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	889	The first one is \isa{P\ x\ x}, the result of case \isa{refl},
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	890	and it is trivial.%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	891	\end{isamarkuptxt}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	892	\isamarkuptrue%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	893	\isacommand{apply}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	894	{\isaliteral{28}{\isacharparenleft}}assumption{\isaliteral{29}{\isacharparenright}}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	895	\begin{isamarkuptxt}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	896	Let us examine subgoal \isa{{\isadigit{2}}}, case \isa{step}.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	897	Assumptions \isa{r\ u\ x} and \mbox{\isa{star\ r\ x\ y}}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	898	are the premises of rule \isa{step}.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	899	Assumption \isa{star\ r\ y\ z\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ star\ r\ x\ z} is \mbox{\isa{P\ x\ y}},
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	900	the IH coming from \isa{star\ r\ x\ y}. We have to prove \isa{P\ u\ y},
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	901	which we do by assuming \isa{star\ r\ y\ z} and proving \isa{star\ r\ u\ z}.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	902	The proof itself is straightforward: from \mbox{\isa{star\ r\ y\ z}} the IH
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	903	leads to \isa{star\ r\ x\ z} which, together with \isa{r\ u\ x},
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	904	leads to \mbox{\isa{star\ r\ u\ z}} via rule \isa{step}:%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	905	\end{isamarkuptxt}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	906	\isamarkuptrue%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	907	\isacommand{apply}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	908	{\isaliteral{28}{\isacharparenleft}}metis\ step{\isaliteral{29}{\isacharparenright}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	909	\isacommand{done}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	910	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	911	\endisatagproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	912	{\isafoldproof}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	913	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	914	\isadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	915	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	916	\endisadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	917	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	918	\begin{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	919	\subsection{The general case}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	920
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	921	Inductive definitions have approximately the following general form:
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	922	\begin{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	923	\isacom{inductive} \isa{I\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C7461753E}{\isasymtau}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ bool{\isaliteral{22}{\isachardoublequote}}} \isacom{where}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	924	\end{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	925	followed by a sequence of (possibly named) rules of the form
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	926	\begin{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	927	\isa{{\isaliteral{5C3C6C6272616B6B3E}{\isasymlbrakk}}\ I\ a\isaliteral{5C3C5E697375623E}{}\isactrlisub {\isadigit{1}}{\isaliteral{3B}{\isacharsemicolon}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{3B}{\isacharsemicolon}}\ I\ a\isaliteral{5C3C5E697375623E}{}\isactrlisub n\ {\isaliteral{5C3C726272616B6B3E}{\isasymrbrakk}}\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ I\ a}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	928	\end{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	929	separated by \isa{{\isaliteral{7C}{\isacharbar}}}. As usual, \isa{n} can be 0.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	930	The corresponding rule induction principle
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	931	\isa{I{\isaliteral{2E}{\isachardot}}induct} applies to propositions of the form
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	932	\begin{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	933	\isa{I\ x\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ P\ x}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	934	\end{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	935	where \isa{P} may itself be a chain of implications.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	936	\begin{warn}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	937	Rule induction is always on the leftmost premise of the goal.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	938	Hence \isa{I\ x} must be the first premise.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	939	\end{warn}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	940	Proving \isa{I\ x\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ P\ x} by rule induction means proving
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	941	for every rule of \isa{I} that \isa{P} is invariant:
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	942	\begin{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	943	\isa{{\isaliteral{5C3C6C6272616B6B3E}{\isasymlbrakk}}\ I\ a\isaliteral{5C3C5E697375623E}{}\isactrlisub {\isadigit{1}}{\isaliteral{3B}{\isacharsemicolon}}\ P\ a\isaliteral{5C3C5E697375623E}{}\isactrlisub {\isadigit{1}}{\isaliteral{3B}{\isacharsemicolon}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{3B}{\isacharsemicolon}}\ I\ a\isaliteral{5C3C5E697375623E}{}\isactrlisub n{\isaliteral{3B}{\isacharsemicolon}}\ P\ a\isaliteral{5C3C5E697375623E}{}\isactrlisub n\ {\isaliteral{5C3C726272616B6B3E}{\isasymrbrakk}}\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ P\ a}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	944	\end{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	945
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	946	The above format for inductive definitions is simplified in a number of
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	947	respects. \isa{I} can have any number of arguments and each rule can have
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	948	additional premises not involving \isa{I}, so-called \concept{side
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	949	conditions}. In rule inductions, these side-conditions appear as additional
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	950	assumptions. The \isacom{for} clause seen in the definition of the reflexive
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	951	transitive closure merely simplifies the form of the induction rule.%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	952	\end{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	953	\isamarkuptrue%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	954	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	955	\isadelimtheory
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	956	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	957	\endisadelimtheory
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	958	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	959	\isatagtheory
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	960	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	961	\endisatagtheory
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	962	{\isafoldtheory}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	963	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	964	\isadelimtheory
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	965	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	966	\endisadelimtheory
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	967	\end{isabellebody}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	968	%%% Local Variables:
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	969	%%% mode: latex
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	970	%%% TeX-master: "root"
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	971	%%% End:

author	nipkow
	Tue, 24 Apr 2012 12:36:27 +0200
changeset 47727	027c7f8cef22
parent 47720	b11dac707c78
permissions	-rw-r--r--