isabelle: doc-src/ProgProve/Thys/document/Types_and

47269 29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	1	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	2	\begin{isabellebody}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	3	\def\isabellecontext{Types{\isaliteral{5F}{\isacharunderscore}}and{\isaliteral{5F}{\isacharunderscore}}funs}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	4	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	5	\isadelimtheory
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	6	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	7	\endisadelimtheory
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	8	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	9	\isatagtheory
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	10	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	11	\endisatagtheory
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	12	{\isafoldtheory}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	13	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	14	\isadelimtheory
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	15	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	16	\endisadelimtheory
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	17	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	18	\begin{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	19	\vspace{-5ex}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	20	\section{Type and function definitions}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	21
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	22	Type synonyms are abbreviations for existing types, for example%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	23	\end{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	24	\isamarkuptrue%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	25	\isacommand{type{\isaliteral{5F}{\isacharunderscore}}synonym}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	26	\ string\ {\isaliteral{3D}{\isacharequal}}\ {\isaliteral{22}{\isachardoublequoteopen}}char\ list{\isaliteral{22}{\isachardoublequoteclose}}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	27	\begin{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	28	Type synonyms are expanded after parsing and are not present in internal representation and output. They are mere conveniences for the reader.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	29
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	30	\subsection{Datatypes}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	31
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	32	The general form of a datatype definition looks like this:
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	33	\begin{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	34	\begin{tabular}{@ {}rclcll}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	35	\isacom{datatype} \isa{{\isaliteral{28}{\isacharparenleft}}{\isaliteral{27}{\isacharprime}}a\isaliteral{5C3C5E697375623E}{}\isactrlisub {\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}{\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}{\isaliteral{27}{\isacharprime}}a\isaliteral{5C3C5E697375623E}{}\isactrlisub n{\isaliteral{29}{\isacharparenright}}t}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	36	& = & $C_1 \ \isa{{\isaliteral{22}{\isachardoublequote}}}\tau_{1,1}\isa{{\isaliteral{22}{\isachardoublequote}}} \dots \isa{{\isaliteral{22}{\isachardoublequote}}}\tau_{1,n_1}\isa{{\isaliteral{22}{\isachardoublequote}}}$ \\
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	37	& $\|$ & \dots \\
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	38	& $\|$ & $C_k \ \isa{{\isaliteral{22}{\isachardoublequote}}}\tau_{k,1}\isa{{\isaliteral{22}{\isachardoublequote}}} \dots \isa{{\isaliteral{22}{\isachardoublequote}}}\tau_{k,n_k}\isa{{\isaliteral{22}{\isachardoublequote}}}$
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	39	\end{tabular}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	40	\end{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	41	It introduces the constructors \
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	42	$C_i :: \tau_{i,1}\Rightarrow \cdots \Rightarrow \tau_{i,n_i} \Rightarrow$~\isa{{\isaliteral{28}{\isacharparenleft}}{\isaliteral{27}{\isacharprime}}a\isaliteral{5C3C5E697375623E}{}\isactrlisub {\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}{\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}{\isaliteral{27}{\isacharprime}}a\isaliteral{5C3C5E697375623E}{}\isactrlisub n{\isaliteral{29}{\isacharparenright}}t} \ and expresses that any value of this type is built from these constructors in a unique manner. Uniqueness is implied by the following
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	43	properties of the constructors:
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	44	\begin{itemize}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	45	\item \emph{Distinctness:} $C_i\ \ldots \neq C_j\ \dots$ \quad if $i \neq j$
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	46	\item \emph{Injectivity:}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	47	\begin{tabular}[t]{l}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	48	$(C_i \ x_1 \dots x_{n_i} = C_i \ y_1 \dots y_{n_i}) =$\\
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	49	$(x_1 = y_1 \land \dots \land x_{n_i} = y_{n_i})$
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	50	\end{tabular}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	51	\end{itemize}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	52	The fact that any value of the datatype is built from the constructors implies
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	53	the structural induction rule: to show
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	54	$P~x$ for all $x$ of type \isa{{\isaliteral{28}{\isacharparenleft}}{\isaliteral{27}{\isacharprime}}a\isaliteral{5C3C5E697375623E}{}\isactrlisub {\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}{\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}{\isaliteral{27}{\isacharprime}}a\isaliteral{5C3C5E697375623E}{}\isactrlisub n{\isaliteral{29}{\isacharparenright}}t},
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	55	one needs to show $P(C_i\ x_1 \dots x_{n_i})$ (for each $i$) assuming
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	56	$P(x_j)$ for all $j$ where $\tau_{i,j} =$~\isa{{\isaliteral{28}{\isacharparenleft}}{\isaliteral{27}{\isacharprime}}a\isaliteral{5C3C5E697375623E}{}\isactrlisub {\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}{\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}{\isaliteral{27}{\isacharprime}}a\isaliteral{5C3C5E697375623E}{}\isactrlisub n{\isaliteral{29}{\isacharparenright}}t}.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	57	Distinctness and injectivity are applied automatically by \isa{auto}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	58	and other proof methods. Induction must be applied explicitly.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	59
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	60	Datatype values can be taken apart with case-expressions, for example
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	61	\begin{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	62	\noquotes{\isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{28}{\isacharparenleft}}case\ xs\ of\ {\isaliteral{5B}{\isacharbrackleft}}{\isaliteral{5D}{\isacharbrackright}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isadigit{0}}\ {\isaliteral{7C}{\isacharbar}}\ x\ {\isaliteral{23}{\isacharhash}}\ {\isaliteral{5F}{\isacharunderscore}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ Suc\ x{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}}}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	63	\end{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	64	just like in functional programming languages. Case expressions
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	65	must be enclosed in parentheses.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	66
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	67	As an example, consider binary trees:%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	68	\end{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	69	\isamarkuptrue%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	70	\isacommand{datatype}\isamarkupfalse%
47306 56d72c923281 made sure that " is shown in tutorial text nipkow parents: 47269 diff changeset	71	\ {\isaliteral{27}{\isacharprime}}a\ tree\ {\isaliteral{3D}{\isacharequal}}\ Tip\ {\isaliteral{7C}{\isacharbar}}\ Node\ \ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{27}{\isacharprime}}a\ tree{\isaliteral{22}{\isachardoublequoteclose}}\ \ {\isaliteral{27}{\isacharprime}}a\ \ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{27}{\isacharprime}}a\ tree{\isaliteral{22}{\isachardoublequoteclose}}%
47269 29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	72	\begin{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	73	with a mirror function:%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	74	\end{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	75	\isamarkuptrue%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	76	\isacommand{fun}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	77	\ mirror\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{27}{\isacharprime}}a\ tree\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{27}{\isacharprime}}a\ tree{\isaliteral{22}{\isachardoublequoteclose}}\ \isakeyword{where}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	78	{\isaliteral{22}{\isachardoublequoteopen}}mirror\ Tip\ {\isaliteral{3D}{\isacharequal}}\ Tip{\isaliteral{22}{\isachardoublequoteclose}}\ {\isaliteral{7C}{\isacharbar}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	79	{\isaliteral{22}{\isachardoublequoteopen}}mirror\ {\isaliteral{28}{\isacharparenleft}}Node\ l\ a\ r{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ Node\ {\isaliteral{28}{\isacharparenleft}}mirror\ r{\isaliteral{29}{\isacharparenright}}\ a\ {\isaliteral{28}{\isacharparenleft}}mirror\ l{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequoteclose}}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	80	\begin{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	81	The following lemma illustrates induction:%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	82	\end{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	83	\isamarkuptrue%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	84	\isacommand{lemma}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	85	\ {\isaliteral{22}{\isachardoublequoteopen}}mirror{\isaliteral{28}{\isacharparenleft}}mirror\ t{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ t{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	86	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	87	\isadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	88	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	89	\endisadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	90	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	91	\isatagproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	92	\isacommand{apply}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	93	{\isaliteral{28}{\isacharparenleft}}induction\ t{\isaliteral{29}{\isacharparenright}}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	94	\begin{isamarkuptxt}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	95	yields
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	96	\begin{isabelle}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	97	\ {\isadigit{1}}{\isaliteral{2E}{\isachardot}}\ mirror\ {\isaliteral{28}{\isacharparenleft}}mirror\ Tip{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ Tip\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	98	\ {\isadigit{2}}{\isaliteral{2E}{\isachardot}}\ {\isaliteral{5C3C416E643E}{\isasymAnd}}t{\isadigit{1}}\ a\ t{\isadigit{2}}{\isaliteral{2E}{\isachardot}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	99	\isaindent{\ {\isadigit{2}}{\isaliteral{2E}{\isachardot}}\ \ \ \ }{\isaliteral{5C3C6C6272616B6B3E}{\isasymlbrakk}}mirror\ {\isaliteral{28}{\isacharparenleft}}mirror\ t{\isadigit{1}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ t{\isadigit{1}}{\isaliteral{3B}{\isacharsemicolon}}\ mirror\ {\isaliteral{28}{\isacharparenleft}}mirror\ t{\isadigit{2}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ t{\isadigit{2}}{\isaliteral{5C3C726272616B6B3E}{\isasymrbrakk}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	100	\isaindent{\ {\isadigit{2}}{\isaliteral{2E}{\isachardot}}\ \ \ \ }{\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ mirror\ {\isaliteral{28}{\isacharparenleft}}mirror\ {\isaliteral{28}{\isacharparenleft}}Node\ t{\isadigit{1}}\ a\ t{\isadigit{2}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ Node\ t{\isadigit{1}}\ a\ t{\isadigit{2}}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	101	\end{isabelle}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	102	The induction step contains two induction hypotheses, one for each subtree.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	103	An application of \isa{auto} finishes the proof.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	104
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	105	A very simple but also very useful datatype is the predefined
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	106	\begin{isabelle}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	107	\isacommand{datatype}\ {\isaliteral{27}{\isacharprime}}a\ option\ {\isaliteral{3D}{\isacharequal}}\ None\ {\isaliteral{7C}{\isacharbar}}\ Some\ {\isaliteral{27}{\isacharprime}}a%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	108	\end{isabelle}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	109	Its sole purpose is to add a new element \isa{None} to an existing
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	110	type \isa{{\isaliteral{27}{\isacharprime}}a}. To make sure that \isa{None} is distinct from all the
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	111	elements of \isa{{\isaliteral{27}{\isacharprime}}a}, you wrap them up in \isa{Some} and call
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	112	the new type \isa{{\isaliteral{27}{\isacharprime}}a\ option}. A typical application is a lookup function
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	113	on a list of key-value pairs, often called an association list:%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	114	\end{isamarkuptxt}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	115	\isamarkuptrue%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	116	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	117	\endisatagproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	118	{\isafoldproof}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	119	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	120	\isadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	121	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	122	\endisadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	123	\isacommand{fun}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	124	\ lookup\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{27}{\isacharprime}}a\ {\isaliteral{2A}{\isacharasterisk}}\ {\isaliteral{27}{\isacharprime}}b{\isaliteral{29}{\isacharparenright}}\ list\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{27}{\isacharprime}}a\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{27}{\isacharprime}}b\ option{\isaliteral{22}{\isachardoublequoteclose}}\ \isakeyword{where}\isanewline
47306 56d72c923281 made sure that " is shown in tutorial text nipkow parents: 47269 diff changeset	125	{\isaliteral{22}{\isachardoublequoteopen}}lookup\ {\isaliteral{5B}{\isacharbrackleft}}{\isaliteral{5D}{\isacharbrackright}}\ x\ {\isaliteral{3D}{\isacharequal}}\ None{\isaliteral{22}{\isachardoublequoteclose}}\ {\isaliteral{7C}{\isacharbar}}\isanewline
56d72c923281 made sure that " is shown in tutorial text nipkow parents: 47269 diff changeset	126	{\isaliteral{22}{\isachardoublequoteopen}}lookup\ {\isaliteral{28}{\isacharparenleft}}{\isaliteral{28}{\isacharparenleft}}a{\isaliteral{2C}{\isacharcomma}}b{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{23}{\isacharhash}}\ ps{\isaliteral{29}{\isacharparenright}}\ x\ {\isaliteral{3D}{\isacharequal}}\ {\isaliteral{28}{\isacharparenleft}}if\ a\ {\isaliteral{3D}{\isacharequal}}\ x\ then\ Some\ b\ else\ lookup\ ps\ x{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequoteclose}}%
47269 29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	127	\begin{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	128	Note that \isa{{\isaliteral{5C3C7461753E}{\isasymtau}}\isaliteral{5C3C5E697375623E}{}\isactrlisub {\isadigit{1}}\ {\isaliteral{2A}{\isacharasterisk}}\ {\isaliteral{5C3C7461753E}{\isasymtau}}\isaliteral{5C3C5E697375623E}{}\isactrlisub {\isadigit{2}}} is the type of pairs, also written \isa{{\isaliteral{5C3C7461753E}{\isasymtau}}\isaliteral{5C3C5E697375623E}{}\isactrlisub {\isadigit{1}}\ {\isaliteral{5C3C74696D65733E}{\isasymtimes}}\ {\isaliteral{5C3C7461753E}{\isasymtau}}\isaliteral{5C3C5E697375623E}{}\isactrlisub {\isadigit{2}}}.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	129
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	130	\subsection{Definitions}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	131
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	132	Non recursive functions can be defined as in the following example:%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	133	\end{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	134	\isamarkuptrue%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	135	\isacommand{definition}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	136	\ sq\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequoteopen}}nat\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ nat{\isaliteral{22}{\isachardoublequoteclose}}\ \isakeyword{where}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	137	{\isaliteral{22}{\isachardoublequoteopen}}sq\ n\ {\isaliteral{3D}{\isacharequal}}\ n\ {\isaliteral{2A}{\isacharasterisk}}\ n{\isaliteral{22}{\isachardoublequoteclose}}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	138	\begin{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	139	Such definitions do not allow pattern matching but only
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	140	\isa{f\ x\isaliteral{5C3C5E697375623E}{}\isactrlisub {\isadigit{1}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ x\isaliteral{5C3C5E697375623E}{}\isactrlisub n\ {\isaliteral{3D}{\isacharequal}}\ t}, where \isa{f} does not occur in \isa{t}.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	141
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	142	\subsection{Abbreviations}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	143
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	144	Abbreviations are similar to definitions:%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	145	\end{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	146	\isamarkuptrue%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	147	\isacommand{abbreviation}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	148	\ sq{\isaliteral{27}{\isacharprime}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequoteopen}}nat\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ nat{\isaliteral{22}{\isachardoublequoteclose}}\ \isakeyword{where}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	149	{\isaliteral{22}{\isachardoublequoteopen}}sq{\isaliteral{27}{\isacharprime}}\ n\ {\isaliteral{3D}{\isacharequal}}{\isaliteral{3D}{\isacharequal}}\ n\ {\isaliteral{2A}{\isacharasterisk}}\ n{\isaliteral{22}{\isachardoublequoteclose}}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	150	\begin{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	151	The key difference is that \isa{sq{\isaliteral{27}{\isacharprime}}} is only syntactic sugar:
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	152	\isa{sq{\isaliteral{27}{\isacharprime}}\ t} is replaced by \mbox{\isa{t\ {\isaliteral{2A}{\isacharasterisk}}\ t}} after parsing, and every
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	153	occurrence of a term \isa{u\ {\isaliteral{2A}{\isacharasterisk}}\ u} is replaced by \mbox{\isa{sq{\isaliteral{27}{\isacharprime}}\ u}} before
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	154	printing. Internally, \isa{sq{\isaliteral{27}{\isacharprime}}} does not exist. This is also the
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	155	advantage of abbreviations over definitions: definitions need to be expanded
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	156	explicitly (see \autoref{sec:rewr-defs}) whereas abbreviations are already
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	157	expanded upon parsing. However, abbreviations should be introduced sparingly:
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	158	if abused, they can lead to a confusing discrepancy between the internal and
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	159	external view of a term.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	160
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	161	\subsection{Recursive functions}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	162	\label{sec:recursive-funs}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	163
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	164	Recursive functions are defined with \isacom{fun} by pattern matching
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	165	over datatype constructors. The order of equations matters. Just as in
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	166	functional programming languages. However, all HOL functions must be
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	167	total. This simplifies the logic---terms are always defined---but means
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	168	that recursive functions must terminate. Otherwise one could define a
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	169	function \isa{f\ n\ {\isaliteral{3D}{\isacharequal}}\ f\ n\ {\isaliteral{2B}{\isacharplus}}\ {\isadigit{1}}} and conclude \mbox{\isa{{\isadigit{0}}\ {\isaliteral{3D}{\isacharequal}}\ {\isadigit{1}}}} by
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	170	subtracting \isa{f\ n} on both sides.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	171
47711 c1cca2a052e4 doc update nipkow parents: 47306 diff changeset	172	Isabelle's automatic termination checker requires that the arguments of
47269 29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	173	recursive calls on the right-hand side must be strictly smaller than the
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	174	arguments on the left-hand side. In the simplest case, this means that one
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	175	fixed argument position decreases in size with each recursive call. The size
47711 c1cca2a052e4 doc update nipkow parents: 47306 diff changeset	176	is measured as the number of constructors (excluding 0-ary ones, e.g.\ \isa{Nil}). Lexicographic combinations are also recognized. In more complicated
47269 29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	177	situations, the user may have to prove termination by hand. For details
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	178	see~\cite{Krauss}.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	179
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	180	Functions defined with \isacom{fun} come with their own induction schema
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	181	that mirrors the recursion schema and is derived from the termination
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	182	order. For example,%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	183	\end{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	184	\isamarkuptrue%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	185	\isacommand{fun}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	186	\ div{\isadigit{2}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequoteopen}}nat\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ nat{\isaliteral{22}{\isachardoublequoteclose}}\ \isakeyword{where}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	187	{\isaliteral{22}{\isachardoublequoteopen}}div{\isadigit{2}}\ {\isadigit{0}}\ {\isaliteral{3D}{\isacharequal}}\ {\isadigit{0}}{\isaliteral{22}{\isachardoublequoteclose}}\ {\isaliteral{7C}{\isacharbar}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	188	{\isaliteral{22}{\isachardoublequoteopen}}div{\isadigit{2}}\ {\isaliteral{28}{\isacharparenleft}}Suc\ {\isadigit{0}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ Suc\ {\isadigit{0}}{\isaliteral{22}{\isachardoublequoteclose}}\ {\isaliteral{7C}{\isacharbar}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	189	{\isaliteral{22}{\isachardoublequoteopen}}div{\isadigit{2}}\ {\isaliteral{28}{\isacharparenleft}}Suc{\isaliteral{28}{\isacharparenleft}}Suc\ n{\isaliteral{29}{\isacharparenright}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ Suc{\isaliteral{28}{\isacharparenleft}}div{\isadigit{2}}\ n{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequoteclose}}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	190	\begin{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	191	does not just define \isa{div{\isadigit{2}}} but also proves a
47711 c1cca2a052e4 doc update nipkow parents: 47306 diff changeset	192	customized induction rule:
47269 29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	193	\[
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	194	\inferrule{
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	195	\mbox{\isa{P\ {\isadigit{0}}}}\\
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	196	\mbox{\isa{P\ {\isaliteral{28}{\isacharparenleft}}Suc\ {\isadigit{0}}{\isaliteral{29}{\isacharparenright}}}}\\
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	197	\mbox{\isa{{\isaliteral{5C3C416E643E}{\isasymAnd}}n{\isaliteral{2E}{\isachardot}}\ P\ n\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ P\ {\isaliteral{28}{\isacharparenleft}}Suc\ {\isaliteral{28}{\isacharparenleft}}Suc\ n{\isaliteral{29}{\isacharparenright}}{\isaliteral{29}{\isacharparenright}}}}}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	198	{\mbox{\isa{P\ m}}}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	199	\]
47711 c1cca2a052e4 doc update nipkow parents: 47306 diff changeset	200	This customized induction rule can simplify inductive proofs. For example,%
47269 29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	201	\end{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	202	\isamarkuptrue%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	203	\isacommand{lemma}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	204	\ {\isaliteral{22}{\isachardoublequoteopen}}div{\isadigit{2}}{\isaliteral{28}{\isacharparenleft}}n{\isaliteral{2B}{\isacharplus}}n{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ n{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	205	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	206	\isadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	207	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	208	\endisadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	209	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	210	\isatagproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	211	\isacommand{apply}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	212	{\isaliteral{28}{\isacharparenleft}}induction\ n\ rule{\isaliteral{3A}{\isacharcolon}}\ div{\isadigit{2}}{\isaliteral{2E}{\isachardot}}induct{\isaliteral{29}{\isacharparenright}}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	213	\begin{isamarkuptxt}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	214	yields the 3 subgoals
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	215	\begin{isabelle}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	216	\ {\isadigit{1}}{\isaliteral{2E}{\isachardot}}\ div{\isadigit{2}}\ {\isaliteral{28}{\isacharparenleft}}{\isadigit{0}}\ {\isaliteral{2B}{\isacharplus}}\ {\isadigit{0}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ {\isadigit{0}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	217	\ {\isadigit{2}}{\isaliteral{2E}{\isachardot}}\ div{\isadigit{2}}\ {\isaliteral{28}{\isacharparenleft}}Suc\ {\isadigit{0}}\ {\isaliteral{2B}{\isacharplus}}\ Suc\ {\isadigit{0}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ Suc\ {\isadigit{0}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	218	\ {\isadigit{3}}{\isaliteral{2E}{\isachardot}}\ {\isaliteral{5C3C416E643E}{\isasymAnd}}n{\isaliteral{2E}{\isachardot}}\ div{\isadigit{2}}\ {\isaliteral{28}{\isacharparenleft}}n\ {\isaliteral{2B}{\isacharplus}}\ n{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ n\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	219	\isaindent{\ {\isadigit{3}}{\isaliteral{2E}{\isachardot}}\ {\isaliteral{5C3C416E643E}{\isasymAnd}}n{\isaliteral{2E}{\isachardot}}\ }div{\isadigit{2}}\ {\isaliteral{28}{\isacharparenleft}}Suc\ {\isaliteral{28}{\isacharparenleft}}Suc\ n{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{2B}{\isacharplus}}\ Suc\ {\isaliteral{28}{\isacharparenleft}}Suc\ n{\isaliteral{29}{\isacharparenright}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ Suc\ {\isaliteral{28}{\isacharparenleft}}Suc\ n{\isaliteral{29}{\isacharparenright}}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	220	\end{isabelle}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	221	An application of \isa{auto} finishes the proof.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	222	Had we used ordinary structural induction on \isa{n},
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	223	the proof would have needed an additional
47711 c1cca2a052e4 doc update nipkow parents: 47306 diff changeset	224	case analysis in the induction step.
47269 29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	225
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	226	The general case is often called \concept{computation induction},
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	227	because the induction follows the (terminating!) computation.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	228	For every defining equation
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	229	\begin{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	230	\isa{f{\isaliteral{28}{\isacharparenleft}}e{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ f{\isaliteral{28}{\isacharparenleft}}r\isaliteral{5C3C5E697375623E}{}\isactrlisub {\isadigit{1}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ f{\isaliteral{28}{\isacharparenleft}}r\isaliteral{5C3C5E697375623E}{}\isactrlisub k{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	231	\end{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	232	where \isa{f{\isaliteral{28}{\isacharparenleft}}r\isaliteral{5C3C5E697375623E}{}\isactrlisub i{\isaliteral{29}{\isacharparenright}}}, \isa{i{\isaliteral{3D}{\isacharequal}}{\isadigit{1}}{\isaliteral{5C3C646F74733E}{\isasymdots}}k}, are all the recursive calls,
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	233	the induction rule \isa{f{\isaliteral{2E}{\isachardot}}induct} contains one premise of the form
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	234	\begin{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	235	\isa{P{\isaliteral{28}{\isacharparenleft}}r\isaliteral{5C3C5E697375623E}{}\isactrlisub {\isadigit{1}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ P{\isaliteral{28}{\isacharparenleft}}r\isaliteral{5C3C5E697375623E}{}\isactrlisub k{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ P{\isaliteral{28}{\isacharparenleft}}e{\isaliteral{29}{\isacharparenright}}}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	236	\end{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	237	If \isa{f\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C7461753E}{\isasymtau}}\isaliteral{5C3C5E697375623E}{}\isactrlisub {\isadigit{1}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C7461753E}{\isasymtau}}\isaliteral{5C3C5E697375623E}{}\isactrlisub n\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C7461753E}{\isasymtau}}} then \isa{f{\isaliteral{2E}{\isachardot}}induct} is applied like this:
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	238	\begin{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	239	\isacom{apply}\isa{{\isaliteral{28}{\isacharparenleft}}induction\ x\isaliteral{5C3C5E697375623E}{}\isactrlisub {\isadigit{1}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ x\isaliteral{5C3C5E697375623E}{}\isactrlisub n\ rule{\isaliteral{3A}{\isacharcolon}}\ f{\isaliteral{2E}{\isachardot}}induct{\isaliteral{29}{\isacharparenright}}}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	240	\end{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	241	where typically there is a call \isa{f\ x\isaliteral{5C3C5E697375623E}{}\isactrlisub {\isadigit{1}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ x\isaliteral{5C3C5E697375623E}{}\isactrlisub n} in the goal.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	242	But note that the induction rule does not mention \isa{f} at all,
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	243	except in its name, and is applicable independently of \isa{f}.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	244
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	245	\section{Induction heuristics}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	246
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	247	We have already noted that theorems about recursive functions are proved by
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	248	induction. In case the function has more than one argument, we have followed
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	249	the following heuristic in the proofs about the append function:
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	250	\begin{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	251	\emph{Perform induction on argument number $i$\\
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	252	if the function is defined by recursion on argument number $i$.}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	253	\end{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	254	The key heuristic, and the main point of this section, is to
47711 c1cca2a052e4 doc update nipkow parents: 47306 diff changeset	255	\emph{generalize the goal before induction}.
47269 29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	256	The reason is simple: if the goal is
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	257	too specific, the induction hypothesis is too weak to allow the induction
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	258	step to go through. Let us illustrate the idea with an example.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	259
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	260	Function \isa{rev} has quadratic worst-case running time
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	261	because it calls append for each element of the list and
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	262	append is linear in its first argument. A linear time version of
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	263	\isa{rev} requires an extra argument where the result is accumulated
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	264	gradually, using only~\isa{{\isaliteral{23}{\isacharhash}}}:%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	265	\end{isamarkuptxt}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	266	\isamarkuptrue%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	267	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	268	\endisatagproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	269	{\isafoldproof}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	270	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	271	\isadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	272	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	273	\endisadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	274	\isacommand{fun}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	275	\ itrev\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{27}{\isacharprime}}a\ list\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{27}{\isacharprime}}a\ list\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{27}{\isacharprime}}a\ list{\isaliteral{22}{\isachardoublequoteclose}}\ \isakeyword{where}\isanewline
47711 c1cca2a052e4 doc update nipkow parents: 47306 diff changeset	276	{\isaliteral{22}{\isachardoublequoteopen}}itrev\ {\isaliteral{5B}{\isacharbrackleft}}{\isaliteral{5D}{\isacharbrackright}}\ \ \ \ \ \ \ \ ys\ {\isaliteral{3D}{\isacharequal}}\ ys{\isaliteral{22}{\isachardoublequoteclose}}\ {\isaliteral{7C}{\isacharbar}}\isanewline
47269 29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	277	{\isaliteral{22}{\isachardoublequoteopen}}itrev\ {\isaliteral{28}{\isacharparenleft}}x{\isaliteral{23}{\isacharhash}}xs{\isaliteral{29}{\isacharparenright}}\ ys\ {\isaliteral{3D}{\isacharequal}}\ itrev\ xs\ {\isaliteral{28}{\isacharparenleft}}x{\isaliteral{23}{\isacharhash}}ys{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequoteclose}}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	278	\begin{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	279	The behaviour of \isa{itrev} is simple: it reverses
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	280	its first argument by stacking its elements onto the second argument,
47711 c1cca2a052e4 doc update nipkow parents: 47306 diff changeset	281	and it returns that second argument when the first one becomes
47269 29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	282	empty. Note that \isa{itrev} is tail-recursive: it can be
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	283	compiled into a loop, no stack is necessary for executing it.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	284
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	285	Naturally, we would like to show that \isa{itrev} does indeed reverse
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	286	its first argument provided the second one is empty:%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	287	\end{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	288	\isamarkuptrue%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	289	\isacommand{lemma}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	290	\ {\isaliteral{22}{\isachardoublequoteopen}}itrev\ xs\ {\isaliteral{5B}{\isacharbrackleft}}{\isaliteral{5D}{\isacharbrackright}}\ {\isaliteral{3D}{\isacharequal}}\ rev\ xs{\isaliteral{22}{\isachardoublequoteclose}}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	291	\isadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	292	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	293	\endisadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	294	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	295	\isatagproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	296	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	297	\begin{isamarkuptxt}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	298	There is no choice as to the induction variable:%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	299	\end{isamarkuptxt}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	300	\isamarkuptrue%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	301	\isacommand{apply}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	302	{\isaliteral{28}{\isacharparenleft}}induction\ xs{\isaliteral{29}{\isacharparenright}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	303	\isacommand{apply}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	304	{\isaliteral{28}{\isacharparenleft}}auto{\isaliteral{29}{\isacharparenright}}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	305	\begin{isamarkuptxt}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	306	Unfortunately, this attempt does not prove
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	307	the induction step:
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	308	\begin{isabelle}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	309	\ {\isadigit{1}}{\isaliteral{2E}{\isachardot}}\ {\isaliteral{5C3C416E643E}{\isasymAnd}}a\ xs{\isaliteral{2E}{\isachardot}}\ itrev\ xs\ {\isaliteral{5B}{\isacharbrackleft}}{\isaliteral{5D}{\isacharbrackright}}\ {\isaliteral{3D}{\isacharequal}}\ rev\ xs\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ itrev\ xs\ {\isaliteral{5B}{\isacharbrackleft}}a{\isaliteral{5D}{\isacharbrackright}}\ {\isaliteral{3D}{\isacharequal}}\ rev\ xs\ {\isaliteral{40}{\isacharat}}\ {\isaliteral{5B}{\isacharbrackleft}}a{\isaliteral{5D}{\isacharbrackright}}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	310	\end{isabelle}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	311	The induction hypothesis is too weak. The fixed
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	312	argument,~\isa{{\isaliteral{5B}{\isacharbrackleft}}{\isaliteral{5D}{\isacharbrackright}}}, prevents it from rewriting the conclusion.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	313	This example suggests a heuristic:
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	314	\begin{quote}
47711 c1cca2a052e4 doc update nipkow parents: 47306 diff changeset	315	\emph{Generalize goals for induction by replacing constants by variables.}
47269 29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	316	\end{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	317	Of course one cannot do this na\"{\i}vely: \isa{itrev\ xs\ ys\ {\isaliteral{3D}{\isacharequal}}\ rev\ xs} is
47711 c1cca2a052e4 doc update nipkow parents: 47306 diff changeset	318	just not true. The correct generalization is%
47269 29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	319	\end{isamarkuptxt}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	320	\isamarkuptrue%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	321	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	322	\endisatagproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	323	{\isafoldproof}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	324	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	325	\isadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	326	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	327	\endisadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	328	\isacommand{lemma}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	329	\ {\isaliteral{22}{\isachardoublequoteopen}}itrev\ xs\ ys\ {\isaliteral{3D}{\isacharequal}}\ rev\ xs\ {\isaliteral{40}{\isacharat}}\ ys{\isaliteral{22}{\isachardoublequoteclose}}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	330	\isadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	331	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	332	\endisadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	333	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	334	\isatagproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	335	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	336	\begin{isamarkuptxt}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	337	If \isa{ys} is replaced by \isa{{\isaliteral{5B}{\isacharbrackleft}}{\isaliteral{5D}{\isacharbrackright}}}, the right-hand side simplifies to
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	338	\isa{rev\ xs}, as required.
47711 c1cca2a052e4 doc update nipkow parents: 47306 diff changeset	339	In this instance it was easy to guess the right generalization.
47269 29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	340	Other situations can require a good deal of creativity.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	341
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	342	Although we now have two variables, only \isa{xs} is suitable for
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	343	induction, and we repeat our proof attempt. Unfortunately, we are still
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	344	not there:
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	345	\begin{isabelle}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	346	\ {\isadigit{1}}{\isaliteral{2E}{\isachardot}}\ {\isaliteral{5C3C416E643E}{\isasymAnd}}a\ xs{\isaliteral{2E}{\isachardot}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	347	\isaindent{\ {\isadigit{1}}{\isaliteral{2E}{\isachardot}}\ \ \ \ }itrev\ xs\ ys\ {\isaliteral{3D}{\isacharequal}}\ rev\ xs\ {\isaliteral{40}{\isacharat}}\ ys\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	348	\isaindent{\ {\isadigit{1}}{\isaliteral{2E}{\isachardot}}\ \ \ \ }itrev\ xs\ {\isaliteral{28}{\isacharparenleft}}a\ {\isaliteral{23}{\isacharhash}}\ ys{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ rev\ xs\ {\isaliteral{40}{\isacharat}}\ a\ {\isaliteral{23}{\isacharhash}}\ ys%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	349	\end{isabelle}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	350	The induction hypothesis is still too weak, but this time it takes no
47711 c1cca2a052e4 doc update nipkow parents: 47306 diff changeset	351	intuition to generalize: the problem is that the \isa{ys}
47269 29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	352	in the induction hypothesis is fixed,
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	353	but the induction hypothesis needs to be applied with
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	354	\isa{a\ {\isaliteral{23}{\isacharhash}}\ ys} instead of \isa{ys}. Hence we prove the theorem
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	355	for all \isa{ys} instead of a fixed one. We can instruct induction
47711 c1cca2a052e4 doc update nipkow parents: 47306 diff changeset	356	to perform this generalization for us by adding \isa{arbitrary{\isaliteral{3A}{\isacharcolon}}\ ys}.%
47269 29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	357	\end{isamarkuptxt}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	358	\isamarkuptrue%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	359	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	360	\endisatagproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	361	{\isafoldproof}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	362	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	363	\isadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	364	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	365	\endisadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	366	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	367	\isadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	368	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	369	\endisadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	370	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	371	\isatagproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	372	\isacommand{apply}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	373	{\isaliteral{28}{\isacharparenleft}}induction\ xs\ arbitrary{\isaliteral{3A}{\isacharcolon}}\ ys{\isaliteral{29}{\isacharparenright}}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	374	\begin{isamarkuptxt}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	375	The induction hypothesis in the induction step is now universally quantified over \isa{ys}:
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	376	\begin{isabelle}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	377	\ {\isadigit{1}}{\isaliteral{2E}{\isachardot}}\ {\isaliteral{5C3C416E643E}{\isasymAnd}}ys{\isaliteral{2E}{\isachardot}}\ itrev\ {\isaliteral{5B}{\isacharbrackleft}}{\isaliteral{5D}{\isacharbrackright}}\ ys\ {\isaliteral{3D}{\isacharequal}}\ rev\ {\isaliteral{5B}{\isacharbrackleft}}{\isaliteral{5D}{\isacharbrackright}}\ {\isaliteral{40}{\isacharat}}\ ys\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	378	\ {\isadigit{2}}{\isaliteral{2E}{\isachardot}}\ {\isaliteral{5C3C416E643E}{\isasymAnd}}a\ xs\ ys{\isaliteral{2E}{\isachardot}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	379	\isaindent{\ {\isadigit{2}}{\isaliteral{2E}{\isachardot}}\ \ \ \ }{\isaliteral{28}{\isacharparenleft}}{\isaliteral{5C3C416E643E}{\isasymAnd}}ys{\isaliteral{2E}{\isachardot}}\ itrev\ xs\ ys\ {\isaliteral{3D}{\isacharequal}}\ rev\ xs\ {\isaliteral{40}{\isacharat}}\ ys{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	380	\isaindent{\ {\isadigit{2}}{\isaliteral{2E}{\isachardot}}\ \ \ \ }itrev\ {\isaliteral{28}{\isacharparenleft}}a\ {\isaliteral{23}{\isacharhash}}\ xs{\isaliteral{29}{\isacharparenright}}\ ys\ {\isaliteral{3D}{\isacharequal}}\ rev\ {\isaliteral{28}{\isacharparenleft}}a\ {\isaliteral{23}{\isacharhash}}\ xs{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{40}{\isacharat}}\ ys%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	381	\end{isabelle}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	382	Thus the proof succeeds:%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	383	\end{isamarkuptxt}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	384	\isamarkuptrue%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	385	\isacommand{apply}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	386	\ auto\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	387	\isacommand{done}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	388	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	389	\endisatagproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	390	{\isafoldproof}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	391	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	392	\isadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	393	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	394	\endisadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	395	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	396	\begin{isamarkuptext}%
47711 c1cca2a052e4 doc update nipkow parents: 47306 diff changeset	397	This leads to another heuristic for generalization:
47269 29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	398	\begin{quote}
47711 c1cca2a052e4 doc update nipkow parents: 47306 diff changeset	399	\emph{Generalize induction by generalizing all free
47269 29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	400	variables\\ {\em(except the induction variable itself)}.}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	401	\end{quote}
47711 c1cca2a052e4 doc update nipkow parents: 47306 diff changeset	402	Generalization is best performed with \isa{arbitrary{\isaliteral{3A}{\isacharcolon}}\ y\isaliteral{5C3C5E697375623E}{}\isactrlisub {\isadigit{1}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ y\isaliteral{5C3C5E697375623E}{}\isactrlisub k}.
47269 29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	403	This heuristic prevents trivial failures like the one above.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	404	However, it should not be applied blindly.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	405	It is not always required, and the additional quantifiers can complicate
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	406	matters in some cases. The variables that need to be quantified are typically
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	407	those that change in recursive calls.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	408
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	409	\section{Simplification}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	410
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	411	So far we have talked a lot about simplifying terms without explaining the concept. \concept{Simplification} means
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	412	\begin{itemize}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	413	\item using equations $l = r$ from left to right (only),
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	414	\item as long as possible.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	415	\end{itemize}
47711 c1cca2a052e4 doc update nipkow parents: 47306 diff changeset	416	To emphasize the directionality, equations that have been given the
47269 29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	417	\isa{simp} attribute are called \concept{simplification}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	418	rules. Logically, they are still symmetric, but proofs by
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	419	simplification use them only in the left-to-right direction. The proof tool
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	420	that performs simplifications is called the \concept{simplifier}. It is the
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	421	basis of \isa{auto} and other related proof methods.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	422
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	423	The idea of simplification is best explained by an example. Given the
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	424	simplification rules
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	425	\[
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	426	\begin{array}{rcl@ {\quad}l}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	427	\isa{{\isadigit{0}}\ {\isaliteral{2B}{\isacharplus}}\ n} &\isa{{\isaliteral{3D}{\isacharequal}}}& \isa{n} & (1) \\
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	428	\isa{Suc\ m\ {\isaliteral{2B}{\isacharplus}}\ n} &\isa{{\isaliteral{3D}{\isacharequal}}}& \isa{Suc\ {\isaliteral{28}{\isacharparenleft}}m\ {\isaliteral{2B}{\isacharplus}}\ n{\isaliteral{29}{\isacharparenright}}} & (2) \\
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	429	\isa{{\isaliteral{28}{\isacharparenleft}}Suc\ m\ {\isaliteral{5C3C6C653E}{\isasymle}}\ Suc\ n{\isaliteral{29}{\isacharparenright}}} &\isa{{\isaliteral{3D}{\isacharequal}}}& \isa{{\isaliteral{28}{\isacharparenleft}}m\ {\isaliteral{5C3C6C653E}{\isasymle}}\ n{\isaliteral{29}{\isacharparenright}}} & (3)\\
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	430	\isa{{\isaliteral{28}{\isacharparenleft}}{\isadigit{0}}\ {\isaliteral{5C3C6C653E}{\isasymle}}\ m{\isaliteral{29}{\isacharparenright}}} &\isa{{\isaliteral{3D}{\isacharequal}}}& \isa{True} & (4)
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	431	\end{array}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	432	\]
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	433	the formula \isa{{\isadigit{0}}\ {\isaliteral{2B}{\isacharplus}}\ Suc\ {\isadigit{0}}\ {\isaliteral{5C3C6C653E}{\isasymle}}\ Suc\ {\isadigit{0}}\ {\isaliteral{2B}{\isacharplus}}\ x} is simplified to \isa{True}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	434	as follows:
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	435	\[
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	436	\begin{array}{r@ {}c@ {}l@ {\quad}l}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	437	\isa{{\isaliteral{28}{\isacharparenleft}}{\isadigit{0}}\ {\isaliteral{2B}{\isacharplus}}\ Suc\ {\isadigit{0}}} & \leq & \isa{Suc\ {\isadigit{0}}\ {\isaliteral{2B}{\isacharplus}}\ x{\isaliteral{29}{\isacharparenright}}} & \stackrel{(1)}{=} \\
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	438	\isa{{\isaliteral{28}{\isacharparenleft}}Suc\ {\isadigit{0}}} & \leq & \isa{Suc\ {\isadigit{0}}\ {\isaliteral{2B}{\isacharplus}}\ x{\isaliteral{29}{\isacharparenright}}} & \stackrel{(2)}{=} \\
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	439	\isa{{\isaliteral{28}{\isacharparenleft}}Suc\ {\isadigit{0}}} & \leq & \isa{Suc\ {\isaliteral{28}{\isacharparenleft}}{\isadigit{0}}\ {\isaliteral{2B}{\isacharplus}}\ x{\isaliteral{29}{\isacharparenright}}} & \stackrel{(3)}{=} \\
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	440	\isa{{\isaliteral{28}{\isacharparenleft}}{\isadigit{0}}} & \leq & \isa{{\isadigit{0}}\ {\isaliteral{2B}{\isacharplus}}\ x{\isaliteral{29}{\isacharparenright}}} & \stackrel{(4)}{=} \\[1ex]
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	441	& \isa{True}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	442	\end{array}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	443	\]
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	444	Simplification is often also called \concept{rewriting}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	445	and simplification rules \concept{rewrite rules}.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	446
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	447	\subsection{Simplification rules}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	448
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	449	The attribute \isa{simp} declares theorems to be simplification rules,
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	450	which the simplifier will use automatically. In addition,
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	451	\isacom{datatype} and \isacom{fun} commands implicitly declare some
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	452	simplification rules: \isacom{datatype} the distinctness and injectivity
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	453	rules, \isacom{fun} the defining equations. Definitions are not declared
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	454	as simplification rules automatically! Nearly any theorem can become a
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	455	simplification rule. The simplifier will try to transform it into an
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	456	equation. For example, the theorem \isa{{\isaliteral{5C3C6E6F743E}{\isasymnot}}\ P} is turned into \isa{P\ {\isaliteral{3D}{\isacharequal}}\ False}.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	457
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	458	Only equations that really simplify, like \isa{rev\ {\isaliteral{28}{\isacharparenleft}}rev\ xs{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ xs} and
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	459	\isa{xs\ {\isaliteral{40}{\isacharat}}\ {\isaliteral{5B}{\isacharbrackleft}}{\isaliteral{5D}{\isacharbrackright}}\ {\isaliteral{3D}{\isacharequal}}\ xs}, should be declared as simplification
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	460	rules. Equations that may be counterproductive as simplification rules
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	461	should only be used in specific proof steps (see \S\ref{sec:simp} below).
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	462	Distributivity laws, for example, alter the structure of terms
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	463	and can produce an exponential blow-up.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	464
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	465	\subsection{Conditional simplification rules}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	466
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	467	Simplification rules can be conditional. Before applying such a rule, the
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	468	simplifier will first try to prove the preconditions, again by
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	469	simplification. For example, given the simplification rules
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	470	\begin{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	471	\isa{p\ {\isadigit{0}}\ {\isaliteral{3D}{\isacharequal}}\ True}\\
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	472	\isa{p\ x\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ f\ x\ {\isaliteral{3D}{\isacharequal}}\ g\ x},
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	473	\end{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	474	the term \isa{f\ {\isadigit{0}}} simplifies to \isa{g\ {\isadigit{0}}}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	475	but \isa{f\ {\isadigit{1}}} does not simplify because \isa{p\ {\isadigit{1}}}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	476	is not provable.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	477
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	478	\subsection{Termination}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	479
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	480	Simplification can run forever, for example if both \isa{f\ x\ {\isaliteral{3D}{\isacharequal}}\ g\ x} and
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	481	\isa{g\ x\ {\isaliteral{3D}{\isacharequal}}\ f\ x} are simplification rules. It is the user's
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	482	responsibility not to include simplification rules that can lead to
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	483	nontermination, either on their own or in combination with other
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	484	simplification rules. The right-hand side of a simplification rule should
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	485	always be ``simpler'' than the left-hand side---in some sense. But since
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	486	termination is undecidable, such a check cannot be automated completely
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	487	and Isabelle makes little attempt to detect nontermination.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	488
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	489	When conditional simplification rules are applied, their preconditions are
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	490	proved first. Hence all preconditions need to be
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	491	simpler than the left-hand side of the conclusion. For example
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	492	\begin{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	493	\isa{n\ {\isaliteral{3C}{\isacharless}}\ m\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ {\isaliteral{28}{\isacharparenleft}}n\ {\isaliteral{3C}{\isacharless}}\ Suc\ m{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ True}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	494	\end{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	495	is suitable as a simplification rule: both \isa{n\ {\isaliteral{3C}{\isacharless}}\ m} and \isa{True}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	496	are simpler than \mbox{\isa{n\ {\isaliteral{3C}{\isacharless}}\ Suc\ m}}. But
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	497	\begin{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	498	\isa{Suc\ n\ {\isaliteral{3C}{\isacharless}}\ m\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ {\isaliteral{28}{\isacharparenleft}}n\ {\isaliteral{3C}{\isacharless}}\ m{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ True}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	499	\end{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	500	leads to nontermination: when trying to rewrite \isa{n\ {\isaliteral{3C}{\isacharless}}\ m} to \isa{True}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	501	one first has to prove \mbox{\isa{Suc\ n\ {\isaliteral{3C}{\isacharless}}\ m}}, which can be rewritten to \isa{True} provided \isa{Suc\ {\isaliteral{28}{\isacharparenleft}}Suc\ n{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3C}{\isacharless}}\ m}, \emph{ad infinitum}.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	502
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	503	\subsection{The \isa{simp} proof method}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	504	\label{sec:simp}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	505
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	506	So far we have only used the proof method \isa{auto}. Method \isa{simp}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	507	is the key component of \isa{auto}, but \isa{auto} can do much more. In
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	508	some cases, \isa{auto} is overeager and modifies the proof state too much.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	509	In such cases the more predictable \isa{simp} method should be used.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	510	Given a goal
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	511	\begin{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	512	\isa{{\isadigit{1}}{\isaliteral{2E}{\isachardot}}\ {\isaliteral{5C3C6C6272616B6B3E}{\isasymlbrakk}}\ P\isaliteral{5C3C5E697375623E}{}\isactrlisub {\isadigit{1}}{\isaliteral{3B}{\isacharsemicolon}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{3B}{\isacharsemicolon}}\ P\isaliteral{5C3C5E697375623E}{}\isactrlisub m\ {\isaliteral{5C3C726272616B6B3E}{\isasymrbrakk}}\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ C}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	513	\end{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	514	the command
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	515	\begin{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	516	\isacom{apply}\isa{{\isaliteral{28}{\isacharparenleft}}simp\ add{\isaliteral{3A}{\isacharcolon}}\ th\isaliteral{5C3C5E697375623E}{}\isactrlisub {\isadigit{1}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ th\isaliteral{5C3C5E697375623E}{}\isactrlisub n{\isaliteral{29}{\isacharparenright}}}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	517	\end{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	518	simplifies the assumptions \isa{P\isaliteral{5C3C5E697375623E}{}\isactrlisub i} and the conclusion \isa{C} using
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	519	\begin{itemize}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	520	\item all simplification rules, including the ones coming from \isacom{datatype} and \isacom{fun},
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	521	\item the additional lemmas \isa{th\isaliteral{5C3C5E697375623E}{}\isactrlisub {\isadigit{1}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ th\isaliteral{5C3C5E697375623E}{}\isactrlisub n}, and
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	522	\item the assumptions.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	523	\end{itemize}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	524	In addition to or instead of \isa{add} there is also \isa{del} for removing
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	525	simplification rules temporarily. Both are optional. Method \isa{auto}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	526	can be modified similarly:
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	527	\begin{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	528	\isacom{apply}\isa{{\isaliteral{28}{\isacharparenleft}}auto\ simp\ add{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ simp\ del{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{29}{\isacharparenright}}}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	529	\end{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	530	Here the modifiers are \isa{simp\ add} and \isa{simp\ del}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	531	instead of just \isa{add} and \isa{del} because \isa{auto}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	532	does not just perform simplification.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	533
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	534	Note that \isa{simp} acts only on subgoal 1, \isa{auto} acts on all
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	535	subgoals. There is also \isa{simp{\isaliteral{5F}{\isacharunderscore}}all}, which applies \isa{simp} to
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	536	all subgoals.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	537
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	538	\subsection{Rewriting with definitions}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	539	\label{sec:rewr-defs}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	540
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	541	Definitions introduced by the command \isacom{definition}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	542	can also be used as simplification rules,
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	543	but by default they are not: the simplifier does not expand them
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	544	automatically. Definitions are intended for introducing abstract concepts and
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	545	not merely as abbreviations. Of course, we need to expand the definition
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	546	initially, but once we have proved enough abstract properties of the new
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	547	constant, we can forget its original definition. This style makes proofs more
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	548	robust: if the definition has to be changed, only the proofs of the abstract
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	549	properties will be affected.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	550
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	551	The definition of a function \isa{f} is a theorem named \isa{f{\isaliteral{5F}{\isacharunderscore}}def}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	552	and can be added to a call of \isa{simp} just like any other theorem:
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	553	\begin{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	554	\isacom{apply}\isa{{\isaliteral{28}{\isacharparenleft}}simp\ add{\isaliteral{3A}{\isacharcolon}}\ f{\isaliteral{5F}{\isacharunderscore}}def{\isaliteral{29}{\isacharparenright}}}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	555	\end{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	556	In particular, let-expressions can be unfolded by
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	557	making \isa{Let{\isaliteral{5F}{\isacharunderscore}}def} a simplification rule.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	558
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	559	\subsection{Case splitting with \isa{simp}}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	560
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	561	Goals containing if-expressions are automatically split into two cases by
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	562	\isa{simp} using the rule
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	563	\begin{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	564	\isa{P\ {\isaliteral{28}{\isacharparenleft}}if\ A\ then\ s\ else\ t{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ {\isaliteral{28}{\isacharparenleft}}{\isaliteral{28}{\isacharparenleft}}A\ {\isaliteral{5C3C6C6F6E6772696768746172726F773E}{\isasymlongrightarrow}}\ P\ s{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C616E643E}{\isasymand}}\ {\isaliteral{28}{\isacharparenleft}}{\isaliteral{5C3C6E6F743E}{\isasymnot}}\ A\ {\isaliteral{5C3C6C6F6E6772696768746172726F773E}{\isasymlongrightarrow}}\ P\ t{\isaliteral{29}{\isacharparenright}}{\isaliteral{29}{\isacharparenright}}}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	565	\end{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	566	For example, \isa{simp} can prove
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	567	\begin{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	568	\isa{{\isaliteral{28}{\isacharparenleft}}A\ {\isaliteral{5C3C616E643E}{\isasymand}}\ B{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ {\isaliteral{28}{\isacharparenleft}}if\ A\ then\ B\ else\ False{\isaliteral{29}{\isacharparenright}}}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	569	\end{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	570	because both \isa{A\ {\isaliteral{5C3C6C6F6E6772696768746172726F773E}{\isasymlongrightarrow}}\ {\isaliteral{28}{\isacharparenleft}}A\ {\isaliteral{5C3C616E643E}{\isasymand}}\ B{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ B} and \isa{{\isaliteral{5C3C6E6F743E}{\isasymnot}}\ A\ {\isaliteral{5C3C6C6F6E6772696768746172726F773E}{\isasymlongrightarrow}}\ {\isaliteral{28}{\isacharparenleft}}A\ {\isaliteral{5C3C616E643E}{\isasymand}}\ B{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ False}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	571	simplify to \isa{True}.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	572
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	573	We can split case-expressions similarly. For \isa{nat} the rule looks like this:
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	574	\begin{isabelle}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	575	\ \ \ \ P\ {\isaliteral{28}{\isacharparenleft}}case\ e\ of\ {\isadigit{0}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ a\ {\isaliteral{7C}{\isacharbar}}\ Suc\ n\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ b\ n{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	576	\isaindent{\ \ \ \ }{\isaliteral{28}{\isacharparenleft}}{\isaliteral{28}{\isacharparenleft}}e\ {\isaliteral{3D}{\isacharequal}}\ {\isadigit{0}}\ {\isaliteral{5C3C6C6F6E6772696768746172726F773E}{\isasymlongrightarrow}}\ P\ a{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C616E643E}{\isasymand}}\ {\isaliteral{28}{\isacharparenleft}}{\isaliteral{5C3C666F72616C6C3E}{\isasymforall}}n{\isaliteral{2E}{\isachardot}}\ e\ {\isaliteral{3D}{\isacharequal}}\ Suc\ n\ {\isaliteral{5C3C6C6F6E6772696768746172726F773E}{\isasymlongrightarrow}}\ P\ {\isaliteral{28}{\isacharparenleft}}b\ n{\isaliteral{29}{\isacharparenright}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{29}{\isacharparenright}}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	577	\end{isabelle}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	578	Case expressions are not split automatically by \isa{simp}, but \isa{simp}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	579	can be instructed to do so:
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	580	\begin{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	581	\isacom{apply}\isa{{\isaliteral{28}{\isacharparenleft}}simp\ split{\isaliteral{3A}{\isacharcolon}}\ nat{\isaliteral{2E}{\isachardot}}split{\isaliteral{29}{\isacharparenright}}}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	582	\end{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	583	splits all case-expressions over natural numbers. For an arbitrary
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	584	datatype \isa{t} it is \isa{t{\isaliteral{2E}{\isachardot}}split} instead of \isa{nat{\isaliteral{2E}{\isachardot}}split}.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	585	Method \isa{auto} can be modified in exactly the same way.%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	586	\end{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	587	\isamarkuptrue%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	588	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	589	\isadelimtheory
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	590	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	591	\endisadelimtheory
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	592	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	593	\isatagtheory
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	594	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	595	\endisatagtheory
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	596	{\isafoldtheory}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	597	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	598	\isadelimtheory
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	599	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	600	\endisadelimtheory
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	601	\end{isabellebody}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	602	%%% Local Variables:
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	603	%%% mode: latex
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	604	%%% TeX-master: "root"
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	605	%%% End:

author	blanchet
	Wed, 23 May 2012 21:19:48 +0200
changeset 47974	08d2dcc2dab9
parent 47711	c1cca2a052e4
permissions	-rw-r--r--