9722
|
1 |
%
|
|
2 |
\begin{isabellebody}%
|
9924
|
3 |
\def\isabellecontext{natsum}%
|
11866
|
4 |
\isamarkupfalse%
|
8749
|
5 |
%
|
|
6 |
\begin{isamarkuptext}%
|
|
7 |
\noindent
|
9541
|
8 |
In particular, there are \isa{case}-expressions, for example
|
|
9 |
\begin{isabelle}%
|
10187
|
10 |
\ \ \ \ \ case\ n\ of\ {\isadigit{0}}\ {\isasymRightarrow}\ {\isadigit{0}}\ {\isacharbar}\ Suc\ m\ {\isasymRightarrow}\ m%
|
9924
|
11 |
\end{isabelle}
|
8749
|
12 |
primitive recursion, for example%
|
|
13 |
\end{isamarkuptext}%
|
11866
|
14 |
\isamarkuptrue%
|
9673
|
15 |
\isacommand{consts}\ sum\ {\isacharcolon}{\isacharcolon}\ {\isachardoublequote}nat\ {\isasymRightarrow}\ nat{\isachardoublequote}\isanewline
|
11866
|
16 |
\isamarkupfalse%
|
10187
|
17 |
\isacommand{primrec}\ {\isachardoublequote}sum\ {\isadigit{0}}\ {\isacharequal}\ {\isadigit{0}}{\isachardoublequote}\isanewline
|
11866
|
18 |
\ \ \ \ \ \ \ \ {\isachardoublequote}sum\ {\isacharparenleft}Suc\ n{\isacharparenright}\ {\isacharequal}\ Suc\ n\ {\isacharplus}\ sum\ n{\isachardoublequote}\isamarkupfalse%
|
|
19 |
%
|
8749
|
20 |
\begin{isamarkuptext}%
|
|
21 |
\noindent
|
|
22 |
and induction, for example%
|
|
23 |
\end{isamarkuptext}%
|
11866
|
24 |
\isamarkuptrue%
|
9673
|
25 |
\isacommand{lemma}\ {\isachardoublequote}sum\ n\ {\isacharplus}\ sum\ n\ {\isacharequal}\ n{\isacharasterisk}{\isacharparenleft}Suc\ n{\isacharparenright}{\isachardoublequote}\isanewline
|
11866
|
26 |
\isamarkupfalse%
|
9673
|
27 |
\isacommand{apply}{\isacharparenleft}induct{\isacharunderscore}tac\ n{\isacharparenright}\isanewline
|
11866
|
28 |
\isamarkupfalse%
|
10171
|
29 |
\isacommand{apply}{\isacharparenleft}auto{\isacharparenright}\isanewline
|
11866
|
30 |
\isamarkupfalse%
|
|
31 |
\isacommand{done}\isamarkupfalse%
|
|
32 |
%
|
10538
|
33 |
\begin{isamarkuptext}%
|
|
34 |
\newcommand{\mystar}{*%
|
|
35 |
}
|
11456
|
36 |
\index{arithmetic operations!for \protect\isa{nat}}%
|
12332
|
37 |
The arithmetic operations \ttindexboldpos{+}{$HOL2arithfun},
|
10538
|
38 |
\ttindexboldpos{-}{$HOL2arithfun}, \ttindexboldpos{\mystar}{$HOL2arithfun},
|
11428
|
39 |
\sdx{div}, \sdx{mod}, \cdx{min} and
|
|
40 |
\cdx{max} are predefined, as are the relations
|
10538
|
41 |
\indexboldpos{\isasymle}{$HOL2arithrel} and
|
12327
|
42 |
\ttindexboldpos{<}{$HOL2arithrel}. As usual, \isa{m\ {\isacharminus}\ n\ {\isacharequal}\ {\isadigit{0}}} if
|
10654
|
43 |
\isa{m\ {\isacharless}\ n}. There is even a least number operation
|
12327
|
44 |
\sdx{LEAST}\@. For example, \isa{{\isacharparenleft}LEAST\ n{\isachardot}\ {\isadigit{0}}\ {\isacharless}\ n{\isacharparenright}\ {\isacharequal}\ Suc\ {\isadigit{0}}}.
|
11456
|
45 |
\begin{warn}\index{overloading}
|
12327
|
46 |
The constants \cdx{0} and \cdx{1} and the operations
|
10538
|
47 |
\ttindexboldpos{+}{$HOL2arithfun}, \ttindexboldpos{-}{$HOL2arithfun},
|
11428
|
48 |
\ttindexboldpos{\mystar}{$HOL2arithfun}, \cdx{min},
|
|
49 |
\cdx{max}, \indexboldpos{\isasymle}{$HOL2arithrel} and
|
12332
|
50 |
\ttindexboldpos{<}{$HOL2arithrel} are overloaded: they are available
|
|
51 |
not just for natural numbers but for other types as well.
|
12327
|
52 |
For example, given the goal \isa{x\ {\isacharplus}\ {\isadigit{0}}\ {\isacharequal}\ x}, there is nothing to indicate
|
|
53 |
that you are talking about natural numbers. Hence Isabelle can only infer
|
|
54 |
that \isa{x} is of some arbitrary type where \isa{{\isadigit{0}}} and \isa{{\isacharplus}} are
|
|
55 |
declared. As a consequence, you will be unable to prove the
|
|
56 |
goal. To alert you to such pitfalls, Isabelle flags numerals without a
|
|
57 |
fixed type in its output: \isa{x\ {\isacharplus}\ {\isacharparenleft}{\isadigit{0}}{\isasymColon}{\isacharprime}a{\isacharparenright}\ {\isacharequal}\ x}. (In the absence of a numeral,
|
|
58 |
it may take you some time to realize what has happened if \isa{show{\isacharunderscore}types} is not set). In this particular example, you need to include
|
|
59 |
an explicit type constraint, for example \isa{x{\isacharplus}{\isadigit{0}}\ {\isacharequal}\ {\isacharparenleft}x{\isacharcolon}{\isacharcolon}nat{\isacharparenright}}. If there
|
|
60 |
is enough contextual information this may not be necessary: \isa{Suc\ x\ {\isacharequal}\ x} automatically implies \isa{x{\isacharcolon}{\isacharcolon}nat} because \isa{Suc} is not
|
|
61 |
overloaded.
|
10978
|
62 |
|
12327
|
63 |
For details on overloading see \S\ref{sec:overloading}.
|
|
64 |
Table~\ref{tab:overloading} in the appendix shows the most important
|
|
65 |
overloaded operations.
|
|
66 |
\end{warn}
|
|
67 |
\begin{warn}
|
12332
|
68 |
Constant \isa{{\isadigit{1}}{\isacharcolon}{\isacharcolon}nat} is defined to equal \isa{Suc\ {\isadigit{0}}}. This definition
|
12327
|
69 |
(see \S\ref{sec:ConstDefinitions}) is unfolded automatically by some
|
|
70 |
tactics (like \isa{auto}, \isa{simp} and \isa{arith}) but not by
|
|
71 |
others (especially the single step tactics in Chapter~\ref{chap:rules}).
|
|
72 |
If you need the full set of numerals, see~\S\ref{sec:numerals}.
|
12328
|
73 |
\emph{Novices are advised to stick to \isa{{\isadigit{0}}} and \isa{Suc}.}
|
10538
|
74 |
\end{warn}
|
|
75 |
|
11456
|
76 |
Both \isa{auto} and \isa{simp}
|
|
77 |
(a method introduced below, \S\ref{sec:Simplification}) prove
|
|
78 |
simple arithmetic goals automatically:%
|
10538
|
79 |
\end{isamarkuptext}%
|
11866
|
80 |
\isamarkuptrue%
|
13791
|
81 |
\isacommand{lemma}\ {\isachardoublequote}{\isasymlbrakk}\ {\isasymnot}\ m\ {\isacharless}\ n{\isacharsemicolon}\ m\ {\isacharless}\ n\ {\isacharplus}\ {\isacharparenleft}{\isadigit{1}}{\isacharcolon}{\isacharcolon}nat{\isacharparenright}\ {\isasymrbrakk}\ {\isasymLongrightarrow}\ m\ {\isacharequal}\ n{\isachardoublequote}\isamarkupfalse%
|
11866
|
82 |
\isamarkupfalse%
|
|
83 |
%
|
10538
|
84 |
\begin{isamarkuptext}%
|
|
85 |
\noindent
|
11458
|
86 |
For efficiency's sake, this built-in prover ignores quantified formulae,
|
|
87 |
logical connectives, and all arithmetic operations apart from addition.
|
13181
|
88 |
In consequence, \isa{auto} and \isa{simp} cannot prove this slightly more complex goal:%
|
11458
|
89 |
\end{isamarkuptext}%
|
11866
|
90 |
\isamarkuptrue%
|
13791
|
91 |
\isacommand{lemma}\ {\isachardoublequote}m\ {\isasymnoteq}\ {\isacharparenleft}n{\isacharcolon}{\isacharcolon}nat{\isacharparenright}\ {\isasymLongrightarrow}\ m\ {\isacharless}\ n\ {\isasymor}\ n\ {\isacharless}\ m{\isachardoublequote}\isamarkupfalse%
|
11866
|
92 |
\isamarkupfalse%
|
|
93 |
%
|
11458
|
94 |
\begin{isamarkuptext}%
|
|
95 |
\noindent
|
11456
|
96 |
The method \methdx{arith} is more general. It attempts to prove
|
11457
|
97 |
the first subgoal provided it is a quantifier-free \textbf{linear arithmetic}
|
|
98 |
formula. Such formulas may involve the
|
10538
|
99 |
usual logical connectives (\isa{{\isasymnot}}, \isa{{\isasymand}}, \isa{{\isasymor}},
|
10971
|
100 |
\isa{{\isasymlongrightarrow}}), the relations \isa{{\isacharequal}}, \isa{{\isasymle}} and \isa{{\isacharless}},
|
|
101 |
and the operations
|
11456
|
102 |
\isa{{\isacharplus}}, \isa{{\isacharminus}}, \isa{min} and \isa{max}.
|
10654
|
103 |
For example,%
|
10538
|
104 |
\end{isamarkuptext}%
|
11866
|
105 |
\isamarkuptrue%
|
10538
|
106 |
\isacommand{lemma}\ {\isachardoublequote}min\ i\ {\isacharparenleft}max\ j\ {\isacharparenleft}k{\isacharasterisk}k{\isacharparenright}{\isacharparenright}\ {\isacharequal}\ max\ {\isacharparenleft}min\ {\isacharparenleft}k{\isacharasterisk}k{\isacharparenright}\ i{\isacharparenright}\ {\isacharparenleft}min\ i\ {\isacharparenleft}j{\isacharcolon}{\isacharcolon}nat{\isacharparenright}{\isacharparenright}{\isachardoublequote}\isanewline
|
11866
|
107 |
\isamarkupfalse%
|
13791
|
108 |
\isacommand{apply}{\isacharparenleft}arith{\isacharparenright}\isamarkupfalse%
|
11866
|
109 |
\isamarkupfalse%
|
|
110 |
%
|
10538
|
111 |
\begin{isamarkuptext}%
|
|
112 |
\noindent
|
|
113 |
succeeds because \isa{k\ {\isacharasterisk}\ k} can be treated as atomic. In contrast,%
|
|
114 |
\end{isamarkuptext}%
|
11866
|
115 |
\isamarkuptrue%
|
13791
|
116 |
\isacommand{lemma}\ {\isachardoublequote}n{\isacharasterisk}n\ {\isacharequal}\ n\ {\isasymLongrightarrow}\ n{\isacharequal}{\isadigit{0}}\ {\isasymor}\ n{\isacharequal}{\isadigit{1}}{\isachardoublequote}\isamarkupfalse%
|
11866
|
117 |
\isamarkupfalse%
|
|
118 |
%
|
10538
|
119 |
\begin{isamarkuptext}%
|
|
120 |
\noindent
|
11456
|
121 |
is not proved even by \isa{arith} because the proof relies
|
10538
|
122 |
on properties of multiplication.
|
|
123 |
|
|
124 |
\begin{warn}
|
|
125 |
The running time of \isa{arith} is exponential in the number of occurrences
|
11428
|
126 |
of \ttindexboldpos{-}{$HOL2arithfun}, \cdx{min} and
|
|
127 |
\cdx{max} because they are first eliminated by case distinctions.
|
10538
|
128 |
|
11456
|
129 |
Even for linear arithmetic formulae, \isa{arith} is incomplete. If divisibility plays a
|
10538
|
130 |
role, it may fail to prove a valid formula, for example
|
12699
|
131 |
\isa{m{\isacharplus}m\ {\isasymnoteq}\ n{\isacharplus}n{\isacharplus}{\isacharparenleft}{\isadigit{1}}{\isacharcolon}{\isacharcolon}nat{\isacharparenright}}. Fortunately, such examples are rare.
|
10538
|
132 |
\end{warn}%
|
|
133 |
\end{isamarkuptext}%
|
11866
|
134 |
\isamarkuptrue%
|
|
135 |
\isamarkupfalse%
|
9722
|
136 |
\end{isabellebody}%
|
9145
|
137 |
%%% Local Variables:
|
|
138 |
%%% mode: latex
|
|
139 |
%%% TeX-master: "root"
|
|
140 |
%%% End:
|