isabelle: src/HOL/Examples/Ackermann.thy@375e8e1a2139 (annotated)

72029 83456d9f0ed5 clarified examples; wenzelm parents: 71930 diff changeset	1	(* Title: HOL/Examples/Ackermann.thy
83456d9f0ed5 clarified examples; wenzelm parents: 71930 diff changeset	2	Author: Larry Paulson
83456d9f0ed5 clarified examples; wenzelm parents: 71930 diff changeset	3	*)
83456d9f0ed5 clarified examples; wenzelm parents: 71930 diff changeset	4
71930 35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	5	section \<open>A Tail-Recursive, Stack-Based Ackermann's Function\<close>
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	6
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	7	theory Ackermann imports Main
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	8
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	9	begin
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	10
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	11	text\<open>This theory investigates a stack-based implementation of Ackermann's function.
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	12	Let's recall the traditional definition,
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	13	as modified by R{\'o}zsa P\'eter and Raphael Robinson.\<close>
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	14
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	15	fun ack :: "[nat,nat] \<Rightarrow> nat" where
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	16	"ack 0 n = Suc n"
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	17	\| "ack (Suc m) 0 = ack m 1"
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	18	\| "ack (Suc m) (Suc n) = ack m (ack (Suc m) n)"
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	19
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	20	text\<open>Here is the stack-based version, which uses lists.\<close>
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	21
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	22	function (domintros) ackloop :: "nat list \<Rightarrow> nat" where
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	23	"ackloop (n # 0 # l) = ackloop (Suc n # l)"
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	24	\| "ackloop (0 # Suc m # l) = ackloop (1 # m # l)"
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	25	\| "ackloop (Suc n # Suc m # l) = ackloop (n # Suc m # m # l)"
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	26	\| "ackloop [m] = m"
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	27	\| "ackloop [] = 0"
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	28	by pat_completeness auto
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	29
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	30	text\<open>
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	31	The key task is to prove termination. In the first recursive call, the head of the list gets bigger
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	32	while the list gets shorter, suggesting that the length of the list should be the primary
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	33	termination criterion. But in the third recursive call, the list gets longer. The idea of trying
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	34	a multiset-based termination argument is frustrated by the second recursive call when m = 0:
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	35	the list elements are simply permuted.
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	36
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	37	Fortunately, the function definition package allows us to define a function and only later identify its domain of termination.
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	38	Instead, it makes all the recursion equations conditional on satisfying
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	39	the function's domain predicate. Here we shall eventually be able
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	40	to show that the predicate is always satisfied.\<close>
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	41
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	42	text\<open>@{thm [display] ackloop.domintros[no_vars]}\<close>
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	43	declare ackloop.domintros [simp]
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	44
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	45	text \<open>Termination is trivial if the length of the list is less then two.
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	46	The following lemma is the key to proving termination for longer lists.\<close>
73531 c89922715bf5 Cosmetic: no !! in the lemma statement paulson <lp15@cam.ac.uk> parents: 72029 diff changeset	47	lemma "ackloop_dom (ack m n # l) \<Longrightarrow> ackloop_dom (n # m # l)"
c89922715bf5 Cosmetic: no !! in the lemma statement paulson <lp15@cam.ac.uk> parents: 72029 diff changeset	48	proof (induction m arbitrary: n l)
71930 35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	49	case 0
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	50	then show ?case
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	51	by auto
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	52	next
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	53	case (Suc m)
73531 c89922715bf5 Cosmetic: no !! in the lemma statement paulson <lp15@cam.ac.uk> parents: 72029 diff changeset	54	show ?case
c89922715bf5 Cosmetic: no !! in the lemma statement paulson <lp15@cam.ac.uk> parents: 72029 diff changeset	55	using Suc.prems
c89922715bf5 Cosmetic: no !! in the lemma statement paulson <lp15@cam.ac.uk> parents: 72029 diff changeset	56	by (induction n arbitrary: l) (simp_all add: Suc)
71930 35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	57	qed
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	58
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	59	text \<open>The proof above (which actually is unused) can be expressed concisely as follows.\<close>
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	60	lemma ackloop_dom_longer:
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	61	"ackloop_dom (ack m n # l) \<Longrightarrow> ackloop_dom (n # m # l)"
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	62	by (induction m n arbitrary: l rule: ack.induct) auto
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	63
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	64	lemma "ackloop_dom (ack m n # l) \<Longrightarrow> ackloop_dom (n # m # l)"
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	65	by (induction m n arbitrary: l rule: ack.induct) auto
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	66
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	67	text\<open>This function codifies what @{term ackloop} is designed to do.
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	68	Proving the two functions equivalent also shows that @{term ackloop} can be used
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	69	to compute Ackermann's function.\<close>
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	70	fun acklist :: "nat list \<Rightarrow> nat" where
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	71	"acklist (n#m#l) = acklist (ack m n # l)"
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	72	\| "acklist [m] = m"
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	73	\| "acklist [] = 0"
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	74
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	75	text\<open>The induction rule for @{term acklist} is @{thm [display] acklist.induct[no_vars]}.\<close>
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	76
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	77	lemma ackloop_dom: "ackloop_dom l"
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	78	by (induction l rule: acklist.induct) (auto simp: ackloop_dom_longer)
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	79
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	80	termination ackloop
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	81	by (simp add: ackloop_dom)
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	82
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	83	text\<open>This result is trivial even by inspection of the function definitions
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	84	(which faithfully follow the definition of Ackermann's function).
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	85	All that we needed was termination.\<close>
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	86	lemma ackloop_acklist: "ackloop l = acklist l"
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	87	by (induction l rule: ackloop.induct) auto
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	88
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	89	theorem ack: "ack m n = ackloop [n,m]"
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	90	by (simp add: ackloop_acklist)
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	91
35a2ac83a262 New Ackermann development paulson <lp15@cam.ac.uk> parents: diff changeset	92	end

author	wenzelm
	Tue, 19 Oct 2021 18:24:33 +0200
changeset 74551	375e8e1a2139
parent 73531	c89922715bf5
child 75013	ccf203c9b2db
permissions	-rw-r--r--