isabelle: doc-src/TutorialI/Misc/document/Itrev.tex@09b35593d091 (annotated)

9722 a5f86aed785b * empty log message * nipkow parents: 9721 diff changeset	1	%
a5f86aed785b * empty log message * nipkow parents: 9721 diff changeset	2	\begin{isabellebody}%
9924 3370f6aa3200 updated; wenzelm parents: 9844 diff changeset	3	\def\isabellecontext{Itrev}%
17056 05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	4	%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	5	\isadelimtheory
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	6	%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	7	\endisadelimtheory
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	8	%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	9	\isatagtheory
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	10	%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	11	\endisatagtheory
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	12	{\isafoldtheory}%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	13	%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	14	\isadelimtheory
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	15	%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	16	\endisadelimtheory
8749 2665170f104a Adding generated files nipkow parents: diff changeset	17	%
17327 9008633b237e name conflict with global itrev resolved nipkow parents: 17187 diff changeset	18	\isadelimML
9008633b237e name conflict with global itrev resolved nipkow parents: 17187 diff changeset	19	%
9008633b237e name conflict with global itrev resolved nipkow parents: 17187 diff changeset	20	\endisadelimML
9008633b237e name conflict with global itrev resolved nipkow parents: 17187 diff changeset	21	%
9008633b237e name conflict with global itrev resolved nipkow parents: 17187 diff changeset	22	\isatagML
9008633b237e name conflict with global itrev resolved nipkow parents: 17187 diff changeset	23	%
9008633b237e name conflict with global itrev resolved nipkow parents: 17187 diff changeset	24	\endisatagML
9008633b237e name conflict with global itrev resolved nipkow parents: 17187 diff changeset	25	{\isafoldML}%
9008633b237e name conflict with global itrev resolved nipkow parents: 17187 diff changeset	26	%
9008633b237e name conflict with global itrev resolved nipkow parents: 17187 diff changeset	27	\isadelimML
9008633b237e name conflict with global itrev resolved nipkow parents: 17187 diff changeset	28	%
9008633b237e name conflict with global itrev resolved nipkow parents: 17187 diff changeset	29	\endisadelimML
9008633b237e name conflict with global itrev resolved nipkow parents: 17187 diff changeset	30	%
10878 b254d5ad6dd4 auto update paulson parents: 10795 diff changeset	31	\isamarkupsection{Induction Heuristics%
10397 e2d0dda41f2c auto update paulson parents: 10396 diff changeset	32	}
11866 fbd097aec213 updated; wenzelm parents: 11458 diff changeset	33	\isamarkuptrue%
9844 8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	34	%
8749 2665170f104a Adding generated files nipkow parents: diff changeset	35	\begin{isamarkuptext}%
9844 8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	36	\label{sec:InductionHeuristics}
11458 09a6c44a48ea numerous stylistic changes and indexing paulson parents: 10971 diff changeset	37	\index{induction heuristics\|(}%
9844 8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	38	The purpose of this section is to illustrate some simple heuristics for
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	39	inductive proofs. The first one we have already mentioned in our initial
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	40	example:
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	41	\begin{quote}
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	42	\emph{Theorems about recursive functions are proved by induction.}
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	43	\end{quote}
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	44	In case the function has more than one argument
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	45	\begin{quote}
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	46	\emph{Do induction on argument number $i$ if the function is defined by
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	47	recursion in argument number $i$.}
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	48	\end{quote}
11458 09a6c44a48ea numerous stylistic changes and indexing paulson parents: 10971 diff changeset	49	When we look at the proof of \isa{{\isacharparenleft}xs{\isacharat}ys{\isacharparenright}\ {\isacharat}\ zs\ {\isacharequal}\ xs\ {\isacharat}\ {\isacharparenleft}ys{\isacharat}zs{\isacharparenright}}
09a6c44a48ea numerous stylistic changes and indexing paulson parents: 10971 diff changeset	50	in \S\ref{sec:intro-proof} we find
09a6c44a48ea numerous stylistic changes and indexing paulson parents: 10971 diff changeset	51	\begin{itemize}
09a6c44a48ea numerous stylistic changes and indexing paulson parents: 10971 diff changeset	52	\item \isa{{\isacharat}} is recursive in
09a6c44a48ea numerous stylistic changes and indexing paulson parents: 10971 diff changeset	53	the first argument
09a6c44a48ea numerous stylistic changes and indexing paulson parents: 10971 diff changeset	54	\item \isa{xs} occurs only as the first argument of
09a6c44a48ea numerous stylistic changes and indexing paulson parents: 10971 diff changeset	55	\isa{{\isacharat}}
09a6c44a48ea numerous stylistic changes and indexing paulson parents: 10971 diff changeset	56	\item both \isa{ys} and \isa{zs} occur at least once as
09a6c44a48ea numerous stylistic changes and indexing paulson parents: 10971 diff changeset	57	the second argument of \isa{{\isacharat}}
09a6c44a48ea numerous stylistic changes and indexing paulson parents: 10971 diff changeset	58	\end{itemize}
09a6c44a48ea numerous stylistic changes and indexing paulson parents: 10971 diff changeset	59	Hence it is natural to perform induction on~\isa{xs}.
9844 8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	60
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	61	The key heuristic, and the main point of this section, is to
11458 09a6c44a48ea numerous stylistic changes and indexing paulson parents: 10971 diff changeset	62	\emph{generalize the goal before induction}.
09a6c44a48ea numerous stylistic changes and indexing paulson parents: 10971 diff changeset	63	The reason is simple: if the goal is
9844 8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	64	too specific, the induction hypothesis is too weak to allow the induction
10971 6852682eaf16 * empty log message * nipkow parents: 10950 diff changeset	65	step to go through. Let us illustrate the idea with an example.
9844 8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	66
11458 09a6c44a48ea numerous stylistic changes and indexing paulson parents: 10971 diff changeset	67	Function \cdx{rev} has quadratic worst-case running time
9792 bbefb6ce5cb2 * empty log message * nipkow parents: 9754 diff changeset	68	because it calls function \isa{{\isacharat}} for each element of the list and
bbefb6ce5cb2 * empty log message * nipkow parents: 9754 diff changeset	69	\isa{{\isacharat}} is linear in its first argument. A linear time version of
9493 494f8cd34df7 * empty log message * nipkow parents: 9145 diff changeset	70	\isa{rev} reqires an extra argument where the result is accumulated
11458 09a6c44a48ea numerous stylistic changes and indexing paulson parents: 10971 diff changeset	71	gradually, using only~\isa{{\isacharhash}}:%
8749 2665170f104a Adding generated files nipkow parents: diff changeset	72	\end{isamarkuptext}%
17175 1eced27ee0e1 updated; wenzelm parents: 17100 diff changeset	73	\isamarkuptrue%
1eced27ee0e1 updated; wenzelm parents: 17100 diff changeset	74	\isacommand{consts}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17100 diff changeset	75	\ itrev\ {\isacharcolon}{\isacharcolon}\ {\isachardoublequoteopen}{\isacharprime}a\ list\ {\isasymRightarrow}\ {\isacharprime}a\ list\ {\isasymRightarrow}\ {\isacharprime}a\ list{\isachardoublequoteclose}\isanewline
1eced27ee0e1 updated; wenzelm parents: 17100 diff changeset	76	\isacommand{primrec}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17100 diff changeset	77	\isanewline
1eced27ee0e1 updated; wenzelm parents: 17100 diff changeset	78	{\isachardoublequoteopen}itrev\ {\isacharbrackleft}{\isacharbrackright}\ \ \ \ \ ys\ {\isacharequal}\ ys{\isachardoublequoteclose}\isanewline
1eced27ee0e1 updated; wenzelm parents: 17100 diff changeset	79	{\isachardoublequoteopen}itrev\ {\isacharparenleft}x{\isacharhash}xs{\isacharparenright}\ ys\ {\isacharequal}\ itrev\ xs\ {\isacharparenleft}x{\isacharhash}ys{\isacharparenright}{\isachardoublequoteclose}%
8749 2665170f104a Adding generated files nipkow parents: diff changeset	80	\begin{isamarkuptext}%
9792 bbefb6ce5cb2 * empty log message * nipkow parents: 9754 diff changeset	81	\noindent
11458 09a6c44a48ea numerous stylistic changes and indexing paulson parents: 10971 diff changeset	82	The behaviour of \cdx{itrev} is simple: it reverses
9493 494f8cd34df7 * empty log message * nipkow parents: 9145 diff changeset	83	its first argument by stacking its elements onto the second argument,
494f8cd34df7 * empty log message * nipkow parents: 9145 diff changeset	84	and returning that second argument when the first one becomes
17327 9008633b237e name conflict with global itrev resolved nipkow parents: 17187 diff changeset	85	empty. Note that \isa{itrev} is tail-recursive: it can be
9493 494f8cd34df7 * empty log message * nipkow parents: 9145 diff changeset	86	compiled into a loop.
494f8cd34df7 * empty log message * nipkow parents: 9145 diff changeset	87
17327 9008633b237e name conflict with global itrev resolved nipkow parents: 17187 diff changeset	88	Naturally, we would like to show that \isa{itrev} does indeed reverse
9493 494f8cd34df7 * empty log message * nipkow parents: 9145 diff changeset	89	its first argument provided the second one is empty:%
8749 2665170f104a Adding generated files nipkow parents: diff changeset	90	\end{isamarkuptext}%
17175 1eced27ee0e1 updated; wenzelm parents: 17100 diff changeset	91	\isamarkuptrue%
1eced27ee0e1 updated; wenzelm parents: 17100 diff changeset	92	\isacommand{lemma}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17100 diff changeset	93	\ {\isachardoublequoteopen}itrev\ xs\ {\isacharbrackleft}{\isacharbrackright}\ {\isacharequal}\ rev\ xs{\isachardoublequoteclose}%
17056 05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	94	\isadelimproof
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	95	%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	96	\endisadelimproof
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	97	%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	98	\isatagproof
16069 3f2a9f400168 * empty log message * nipkow parents: 15614 diff changeset	99	%
3f2a9f400168 * empty log message * nipkow parents: 15614 diff changeset	100	\begin{isamarkuptxt}%
3f2a9f400168 * empty log message * nipkow parents: 15614 diff changeset	101	\noindent
3f2a9f400168 * empty log message * nipkow parents: 15614 diff changeset	102	There is no choice as to the induction variable, and we immediately simplify:%
3f2a9f400168 * empty log message * nipkow parents: 15614 diff changeset	103	\end{isamarkuptxt}%
17175 1eced27ee0e1 updated; wenzelm parents: 17100 diff changeset	104	\isamarkuptrue%
1eced27ee0e1 updated; wenzelm parents: 17100 diff changeset	105	\isacommand{apply}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17100 diff changeset	106	{\isacharparenleft}induct{\isacharunderscore}tac\ xs{\isacharcomma}\ simp{\isacharunderscore}all{\isacharparenright}%
16069 3f2a9f400168 * empty log message * nipkow parents: 15614 diff changeset	107	\begin{isamarkuptxt}%
3f2a9f400168 * empty log message * nipkow parents: 15614 diff changeset	108	\noindent
3f2a9f400168 * empty log message * nipkow parents: 15614 diff changeset	109	Unfortunately, this attempt does not prove
3f2a9f400168 * empty log message * nipkow parents: 15614 diff changeset	110	the induction step:
3f2a9f400168 * empty log message * nipkow parents: 15614 diff changeset	111	\begin{isabelle}%
3f2a9f400168 * empty log message * nipkow parents: 15614 diff changeset	112	\ {\isadigit{1}}{\isachardot}\ {\isasymAnd}a\ list{\isachardot}\isanewline
17327 9008633b237e name conflict with global itrev resolved nipkow parents: 17187 diff changeset	113	\isaindent{\ {\isadigit{1}}{\isachardot}\ \ \ \ }itrev\ list\ {\isacharbrackleft}{\isacharbrackright}\ {\isacharequal}\ rev\ list\ {\isasymLongrightarrow}\ itrev\ list\ {\isacharbrackleft}a{\isacharbrackright}\ {\isacharequal}\ rev\ list\ {\isacharat}\ {\isacharbrackleft}a{\isacharbrackright}%
16069 3f2a9f400168 * empty log message * nipkow parents: 15614 diff changeset	114	\end{isabelle}
3f2a9f400168 * empty log message * nipkow parents: 15614 diff changeset	115	The induction hypothesis is too weak. The fixed
3f2a9f400168 * empty log message * nipkow parents: 15614 diff changeset	116	argument,~\isa{{\isacharbrackleft}{\isacharbrackright}}, prevents it from rewriting the conclusion.
3f2a9f400168 * empty log message * nipkow parents: 15614 diff changeset	117	This example suggests a heuristic:
3f2a9f400168 * empty log message * nipkow parents: 15614 diff changeset	118	\begin{quote}\index{generalizing induction formulae}%
3f2a9f400168 * empty log message * nipkow parents: 15614 diff changeset	119	\emph{Generalize goals for induction by replacing constants by variables.}
3f2a9f400168 * empty log message * nipkow parents: 15614 diff changeset	120	\end{quote}
17327 9008633b237e name conflict with global itrev resolved nipkow parents: 17187 diff changeset	121	Of course one cannot do this na\"{\i}vely: \isa{itrev\ xs\ ys\ {\isacharequal}\ rev\ xs} is
16069 3f2a9f400168 * empty log message * nipkow parents: 15614 diff changeset	122	just not true. The correct generalization is%
3f2a9f400168 * empty log message * nipkow parents: 15614 diff changeset	123	\end{isamarkuptxt}%
17175 1eced27ee0e1 updated; wenzelm parents: 17100 diff changeset	124	\isamarkuptrue%
17056 05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	125	%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	126	\endisatagproof
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	127	{\isafoldproof}%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	128	%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	129	\isadelimproof
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	130	%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	131	\endisadelimproof
17175 1eced27ee0e1 updated; wenzelm parents: 17100 diff changeset	132	\isacommand{lemma}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17100 diff changeset	133	\ {\isachardoublequoteopen}itrev\ xs\ ys\ {\isacharequal}\ rev\ xs\ {\isacharat}\ ys{\isachardoublequoteclose}%
17056 05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	134	\isadelimproof
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	135	%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	136	\endisadelimproof
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	137	%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	138	\isatagproof
16069 3f2a9f400168 * empty log message * nipkow parents: 15614 diff changeset	139	%
3f2a9f400168 * empty log message * nipkow parents: 15614 diff changeset	140	\begin{isamarkuptxt}%
3f2a9f400168 * empty log message * nipkow parents: 15614 diff changeset	141	\noindent
3f2a9f400168 * empty log message * nipkow parents: 15614 diff changeset	142	If \isa{ys} is replaced by \isa{{\isacharbrackleft}{\isacharbrackright}}, the right-hand side simplifies to
3f2a9f400168 * empty log message * nipkow parents: 15614 diff changeset	143	\isa{rev\ xs}, as required.
3f2a9f400168 * empty log message * nipkow parents: 15614 diff changeset	144
3f2a9f400168 * empty log message * nipkow parents: 15614 diff changeset	145	In this instance it was easy to guess the right generalization.
3f2a9f400168 * empty log message * nipkow parents: 15614 diff changeset	146	Other situations can require a good deal of creativity.
3f2a9f400168 * empty log message * nipkow parents: 15614 diff changeset	147
3f2a9f400168 * empty log message * nipkow parents: 15614 diff changeset	148	Although we now have two variables, only \isa{xs} is suitable for
3f2a9f400168 * empty log message * nipkow parents: 15614 diff changeset	149	induction, and we repeat our proof attempt. Unfortunately, we are still
3f2a9f400168 * empty log message * nipkow parents: 15614 diff changeset	150	not there:
3f2a9f400168 * empty log message * nipkow parents: 15614 diff changeset	151	\begin{isabelle}%
3f2a9f400168 * empty log message * nipkow parents: 15614 diff changeset	152	\ {\isadigit{1}}{\isachardot}\ {\isasymAnd}a\ list{\isachardot}\isanewline
17327 9008633b237e name conflict with global itrev resolved nipkow parents: 17187 diff changeset	153	\isaindent{\ {\isadigit{1}}{\isachardot}\ \ \ \ }itrev\ list\ ys\ {\isacharequal}\ rev\ list\ {\isacharat}\ ys\ {\isasymLongrightarrow}\isanewline
9008633b237e name conflict with global itrev resolved nipkow parents: 17187 diff changeset	154	\isaindent{\ {\isadigit{1}}{\isachardot}\ \ \ \ }itrev\ list\ {\isacharparenleft}a\ {\isacharhash}\ ys{\isacharparenright}\ {\isacharequal}\ rev\ list\ {\isacharat}\ a\ {\isacharhash}\ ys%
16069 3f2a9f400168 * empty log message * nipkow parents: 15614 diff changeset	155	\end{isabelle}
3f2a9f400168 * empty log message * nipkow parents: 15614 diff changeset	156	The induction hypothesis is still too weak, but this time it takes no
3f2a9f400168 * empty log message * nipkow parents: 15614 diff changeset	157	intuition to generalize: the problem is that \isa{ys} is fixed throughout
3f2a9f400168 * empty log message * nipkow parents: 15614 diff changeset	158	the subgoal, but the induction hypothesis needs to be applied with
3f2a9f400168 * empty log message * nipkow parents: 15614 diff changeset	159	\isa{a\ {\isacharhash}\ ys} instead of \isa{ys}. Hence we prove the theorem
3f2a9f400168 * empty log message * nipkow parents: 15614 diff changeset	160	for all \isa{ys} instead of a fixed one:%
3f2a9f400168 * empty log message * nipkow parents: 15614 diff changeset	161	\end{isamarkuptxt}%
17175 1eced27ee0e1 updated; wenzelm parents: 17100 diff changeset	162	\isamarkuptrue%
17056 05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	163	%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	164	\endisatagproof
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	165	{\isafoldproof}%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	166	%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	167	\isadelimproof
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	168	%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	169	\endisadelimproof
17175 1eced27ee0e1 updated; wenzelm parents: 17100 diff changeset	170	\isacommand{lemma}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17100 diff changeset	171	\ {\isachardoublequoteopen}{\isasymforall}ys{\isachardot}\ itrev\ xs\ ys\ {\isacharequal}\ rev\ xs\ {\isacharat}\ ys{\isachardoublequoteclose}%
17056 05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	172	\isadelimproof
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	173	%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	174	\endisadelimproof
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	175	%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	176	\isatagproof
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	177	%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	178	\endisatagproof
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	179	{\isafoldproof}%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	180	%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	181	\isadelimproof
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	182	%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	183	\endisadelimproof
11866 fbd097aec213 updated; wenzelm parents: 11458 diff changeset	184	%
9844 8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	185	\begin{isamarkuptext}%
8749 2665170f104a Adding generated files nipkow parents: diff changeset	186	\noindent
2665170f104a Adding generated files nipkow parents: diff changeset	187	This time induction on \isa{xs} followed by simplification succeeds. This
2665170f104a Adding generated files nipkow parents: diff changeset	188	leads to another heuristic for generalization:
2665170f104a Adding generated files nipkow parents: diff changeset	189	\begin{quote}
9754 a123a64cadeb * empty log message * nipkow parents: 9723 diff changeset	190	\emph{Generalize goals for induction by universally quantifying all free
8749 2665170f104a Adding generated files nipkow parents: diff changeset	191	variables {\em(except the induction variable itself!)}.}
2665170f104a Adding generated files nipkow parents: diff changeset	192	\end{quote}
11458 09a6c44a48ea numerous stylistic changes and indexing paulson parents: 10971 diff changeset	193	This prevents trivial failures like the one above and does not affect the
09a6c44a48ea numerous stylistic changes and indexing paulson parents: 10971 diff changeset	194	validity of the goal. However, this heuristic should not be applied blindly.
09a6c44a48ea numerous stylistic changes and indexing paulson parents: 10971 diff changeset	195	It is not always required, and the additional quantifiers can complicate
13081 ab4a3aef3591 * empty log message * nipkow parents: 11866 diff changeset	196	matters in some cases. The variables that should be quantified are typically
11458 09a6c44a48ea numerous stylistic changes and indexing paulson parents: 10971 diff changeset	197	those that change in recursive calls.
9644 6b0b6b471855 * empty log message * nipkow parents: 9541 diff changeset	198
9844 8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	199	A final point worth mentioning is the orientation of the equation we just
17327 9008633b237e name conflict with global itrev resolved nipkow parents: 17187 diff changeset	200	proved: the more complex notion (\isa{itrev}) is on the left-hand
9844 8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	201	side, the simpler one (\isa{rev}) on the right-hand side. This constitutes
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	202	another, albeit weak heuristic that is not restricted to induction:
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	203	\begin{quote}
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	204	\emph{The right-hand side of an equation should (in some sense) be simpler
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	205	than the left-hand side.}
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	206	\end{quote}
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	207	This heuristic is tricky to apply because it is not obvious that
17327 9008633b237e name conflict with global itrev resolved nipkow parents: 17187 diff changeset	208	\isa{rev\ xs\ {\isacharat}\ ys} is simpler than \isa{itrev\ xs\ ys}. But see what
9008633b237e name conflict with global itrev resolved nipkow parents: 17187 diff changeset	209	happens if you try to prove \isa{rev\ xs\ {\isacharat}\ ys\ {\isacharequal}\ itrev\ xs\ ys}!
10971 6852682eaf16 * empty log message * nipkow parents: 10950 diff changeset	210
11458 09a6c44a48ea numerous stylistic changes and indexing paulson parents: 10971 diff changeset	211	If you have tried these heuristics and still find your
10971 6852682eaf16 * empty log message * nipkow parents: 10950 diff changeset	212	induction does not go through, and no obvious lemma suggests itself, you may
6852682eaf16 * empty log message * nipkow parents: 10950 diff changeset	213	need to generalize your proposition even further. This requires insight into
11458 09a6c44a48ea numerous stylistic changes and indexing paulson parents: 10971 diff changeset	214	the problem at hand and is beyond simple rules of thumb.
09a6c44a48ea numerous stylistic changes and indexing paulson parents: 10971 diff changeset	215	Additionally, you can read \S\ref{sec:advanced-ind}
10971 6852682eaf16 * empty log message * nipkow parents: 10950 diff changeset	216	to learn about some advanced techniques for inductive proofs.%
11458 09a6c44a48ea numerous stylistic changes and indexing paulson parents: 10971 diff changeset	217	\index{induction heuristics\|)}%
9844 8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	218	\end{isamarkuptext}%
17175 1eced27ee0e1 updated; wenzelm parents: 17100 diff changeset	219	\isamarkuptrue%
17056 05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	220	%
17327 9008633b237e name conflict with global itrev resolved nipkow parents: 17187 diff changeset	221	\isadelimML
9008633b237e name conflict with global itrev resolved nipkow parents: 17187 diff changeset	222	%
9008633b237e name conflict with global itrev resolved nipkow parents: 17187 diff changeset	223	\endisadelimML
9008633b237e name conflict with global itrev resolved nipkow parents: 17187 diff changeset	224	%
9008633b237e name conflict with global itrev resolved nipkow parents: 17187 diff changeset	225	\isatagML
9008633b237e name conflict with global itrev resolved nipkow parents: 17187 diff changeset	226	%
9008633b237e name conflict with global itrev resolved nipkow parents: 17187 diff changeset	227	\endisatagML
9008633b237e name conflict with global itrev resolved nipkow parents: 17187 diff changeset	228	{\isafoldML}%
9008633b237e name conflict with global itrev resolved nipkow parents: 17187 diff changeset	229	%
9008633b237e name conflict with global itrev resolved nipkow parents: 17187 diff changeset	230	\isadelimML
9008633b237e name conflict with global itrev resolved nipkow parents: 17187 diff changeset	231	%
9008633b237e name conflict with global itrev resolved nipkow parents: 17187 diff changeset	232	\endisadelimML
9008633b237e name conflict with global itrev resolved nipkow parents: 17187 diff changeset	233	%
17056 05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	234	\isadelimtheory
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	235	%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	236	\endisadelimtheory
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	237	%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	238	\isatagtheory
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	239	%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	240	\endisatagtheory
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	241	{\isafoldtheory}%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	242	%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	243	\isadelimtheory
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	244	%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	245	\endisadelimtheory
9722 a5f86aed785b * empty log message * nipkow parents: 9721 diff changeset	246	\end{isabellebody}%
9145 9f7b8de5bfaf updated; wenzelm parents: 8749 diff changeset	247	%%% Local Variables:
9f7b8de5bfaf updated; wenzelm parents: 8749 diff changeset	248	%%% mode: latex
9f7b8de5bfaf updated; wenzelm parents: 8749 diff changeset	249	%%% TeX-master: "root"
9f7b8de5bfaf updated; wenzelm parents: 8749 diff changeset	250	%%% End:

author	wenzelm
	Fri, 17 Aug 2007 23:10:49 +0200
changeset 24315	09b35593d091
parent 17327	9008633b237e
child 27015	f8537d69f514
permissions	-rw-r--r--