isabelle: src/HOL/Examples/Ackermann.thy@2b657a70116c (annotated)

72029 83456d9f0ed5 clarified examples; wenzelm parents: 71930 diff changeset	1	(* Title: HOL/Examples/Ackermann.thy
83456d9f0ed5 clarified examples; wenzelm parents: 71930 diff changeset	2	Author: Larry Paulson
83456d9f0ed5 clarified examples; wenzelm parents: 71930 diff changeset	3	*)
83456d9f0ed5 clarified examples; wenzelm parents: 71930 diff changeset	4
71930 35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	5	section \<open>A Tail-Recursive, Stack-Based Ackermann's Function\<close>
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	6
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	7	theory Ackermann imports Main
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	8
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	9	begin
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	10
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	11	text\<open>This theory investigates a stack-based implementation of Ackermann's function.
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	12	Let's recall the traditional definition,
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	13	as modified by R{\'o}zsa P\'eter and Raphael Robinson.\<close>
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	14
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	15	fun ack :: "[nat,nat] \<Rightarrow> nat" where
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	16	"ack 0 n = Suc n"
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	17	\| "ack (Suc m) 0 = ack m 1"
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	18	\| "ack (Suc m) (Suc n) = ack m (ack (Suc m) n)"
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	19
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	20	text\<open>Here is the stack-based version, which uses lists.\<close>
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	21
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	22	function (domintros) ackloop :: "nat list \<Rightarrow> nat" where
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	23	"ackloop (n # 0 # l) = ackloop (Suc n # l)"
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	24	\| "ackloop (0 # Suc m # l) = ackloop (1 # m # l)"
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	25	\| "ackloop (Suc n # Suc m # l) = ackloop (n # Suc m # m # l)"
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	26	\| "ackloop [m] = m"
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	27	\| "ackloop [] = 0"
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	28	by pat_completeness auto
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	29
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	30	text\<open>
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	31	The key task is to prove termination. In the first recursive call, the head of the list gets bigger
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	32	while the list gets shorter, suggesting that the length of the list should be the primary
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	33	termination criterion. But in the third recursive call, the list gets longer. The idea of trying
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	34	a multiset-based termination argument is frustrated by the second recursive call when m = 0:
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	35	the list elements are simply permuted.
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	36
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	37	Fortunately, the function definition package allows us to define a function and only later identify its domain of termination.
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	38	Instead, it makes all the recursion equations conditional on satisfying
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	39	the function's domain predicate. Here we shall eventually be able
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	40	to show that the predicate is always satisfied.\<close>
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	41
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	42	text\<open>@{thm [display] ackloop.domintros[no_vars]}\<close>
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	43	declare ackloop.domintros [simp]
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	44
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	45	text \<open>Termination is trivial if the length of the list is less then two.
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	46	The following lemma is the key to proving termination for longer lists.\<close>
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	47	lemma "\<And>n l. ackloop_dom (ack m n # l) \<Longrightarrow> ackloop_dom (n # m # l)"
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	48	proof (induction m)
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	49	case 0
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	50	then show ?case
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	51	by auto
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	52	next
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	53	case (Suc m)
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	54	note IH = Suc
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	55	have "\<And>l. ackloop_dom (ack (Suc m) n # l) \<Longrightarrow> ackloop_dom (n # Suc m # l)"
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	56	proof (induction n)
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	57	case 0
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	58	then show ?case
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	59	by (simp add: IH)
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	60	next
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	61	case (Suc n)
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	62	then show ?case
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	63	by (auto simp: IH)
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	64	qed
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	65	then show ?case
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	66	using Suc.prems by blast
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	67	qed
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	68
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	69	text \<open>The proof above (which actually is unused) can be expressed concisely as follows.\<close>
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	70	lemma ackloop_dom_longer:
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	71	"ackloop_dom (ack m n # l) \<Longrightarrow> ackloop_dom (n # m # l)"
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	72	by (induction m n arbitrary: l rule: ack.induct) auto
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	73
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	74	lemma "ackloop_dom (ack m n # l) \<Longrightarrow> ackloop_dom (n # m # l)"
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	75	by (induction m n arbitrary: l rule: ack.induct) auto
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	76
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	77	text\<open>This function codifies what @{term ackloop} is designed to do.
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	78	Proving the two functions equivalent also shows that @{term ackloop} can be used
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	79	to compute Ackermann's function.\<close>
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	80	fun acklist :: "nat list \<Rightarrow> nat" where
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	81	"acklist (n#m#l) = acklist (ack m n # l)"
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	82	\| "acklist [m] = m"
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	83	\| "acklist [] = 0"
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	84
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	85	text\<open>The induction rule for @{term acklist} is @{thm [display] acklist.induct[no_vars]}.\<close>
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	86
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	87	lemma ackloop_dom: "ackloop_dom l"
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	88	by (induction l rule: acklist.induct) (auto simp: ackloop_dom_longer)
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	89
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	90	termination ackloop
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	91	by (simp add: ackloop_dom)
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	92
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	93	text\<open>This result is trivial even by inspection of the function definitions
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	94	(which faithfully follow the definition of Ackermann's function).
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	95	All that we needed was termination.\<close>
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	96	lemma ackloop_acklist: "ackloop l = acklist l"
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	97	by (induction l rule: ackloop.induct) auto
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	98
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	99	theorem ack: "ack m n = ackloop [n,m]"
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	100	by (simp add: ackloop_acklist)
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	101
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	102	end

author	wenzelm
	Sat, 13 Mar 2021 14:27:34 +0100
changeset 73424	2b657a70116c
parent 72029	83456d9f0ed5
child 73531	c89922715bf5
permissions	-rw-r--r--