isabelle: doc-src/TutorialI/Misc/Itrev.thy@48fc0db9b896 (annotated)

8745 13b32661dde4 I wonder which files i forgot. nipkow parents: diff changeset	1	(<)
13b32661dde4 I wonder which files i forgot. nipkow parents: diff changeset	2	theory Itrev = Main:;
13b32661dde4 I wonder which files i forgot. nipkow parents: diff changeset	3	(>)
13b32661dde4 I wonder which files i forgot. nipkow parents: diff changeset	4
10885 90695f46440b lcp's pass over the book, chapters 1-8 paulson parents: 10795 diff changeset	5	section{Induction Heuristics}
9844 8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	6
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	7	text{*\label{sec:InductionHeuristics}
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	8	The purpose of this section is to illustrate some simple heuristics for
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	9	inductive proofs. The first one we have already mentioned in our initial
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	10	example:
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	11	\begin{quote}
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	12	\emph{Theorems about recursive functions are proved by induction.}
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	13	\end{quote}
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	14	In case the function has more than one argument
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	15	\begin{quote}
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	16	\emph{Do induction on argument number $i$ if the function is defined by
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	17	recursion in argument number $i$.}
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	18	\end{quote}
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	19	When we look at the proof of @{term[source]"(xs @ ys) @ zs = xs @ (ys @ zs)"}
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	20	in \S\ref{sec:intro-proof} we find (a) @{text"@"} is recursive in
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	21	the first argument, (b) @{term xs} occurs only as the first argument of
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	22	@{text"@"}, and (c) both @{term ys} and @{term zs} occur at least once as
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	23	the second argument of @{text"@"}. Hence it is natural to perform induction
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	24	on @{term xs}.
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	25
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	26	The key heuristic, and the main point of this section, is to
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	27	generalize the goal before induction. The reason is simple: if the goal is
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	28	too specific, the induction hypothesis is too weak to allow the induction
10971 6852682eaf16 * empty log message * nipkow parents: 10885 diff changeset	29	step to go through. Let us illustrate the idea with an example.
9844 8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	30
9754 a123a64cadeb * empty log message * nipkow parents: 9723 diff changeset	31	Function @{term"rev"} has quadratic worst-case running time
9792 bbefb6ce5cb2 * empty log message * nipkow parents: 9754 diff changeset	32	because it calls function @{text"@"} for each element of the list and
bbefb6ce5cb2 * empty log message * nipkow parents: 9754 diff changeset	33	@{text"@"} is linear in its first argument. A linear time version of
9754 a123a64cadeb * empty log message * nipkow parents: 9723 diff changeset	34	@{term"rev"} reqires an extra argument where the result is accumulated
9792 bbefb6ce5cb2 * empty log message * nipkow parents: 9754 diff changeset	35	gradually, using only @{text"#"}:
9754 a123a64cadeb * empty log message * nipkow parents: 9723 diff changeset	36	*}
8745 13b32661dde4 I wonder which files i forgot. nipkow parents: diff changeset	37
10362 c6b197ccf1f1 * empty log message * nipkow parents: 9844 diff changeset	38	consts itrev :: "'a list \<Rightarrow> 'a list \<Rightarrow> 'a list";
8745 13b32661dde4 I wonder which files i forgot. nipkow parents: diff changeset	39	primrec
13b32661dde4 I wonder which files i forgot. nipkow parents: diff changeset	40	"itrev [] ys = ys"
13b32661dde4 I wonder which files i forgot. nipkow parents: diff changeset	41	"itrev (x#xs) ys = itrev xs (x#ys)";
13b32661dde4 I wonder which files i forgot. nipkow parents: diff changeset	42
9754 a123a64cadeb * empty log message * nipkow parents: 9723 diff changeset	43	text{*\noindent
a123a64cadeb * empty log message * nipkow parents: 9723 diff changeset	44	The behaviour of @{term"itrev"} is simple: it reverses
9493 494f8cd34df7 * empty log message * nipkow parents: 9458 diff changeset	45	its first argument by stacking its elements onto the second argument,
494f8cd34df7 * empty log message * nipkow parents: 9458 diff changeset	46	and returning that second argument when the first one becomes
9754 a123a64cadeb * empty log message * nipkow parents: 9723 diff changeset	47	empty. Note that @{term"itrev"} is tail-recursive, i.e.\ it can be
9493 494f8cd34df7 * empty log message * nipkow parents: 9458 diff changeset	48	compiled into a loop.
494f8cd34df7 * empty log message * nipkow parents: 9458 diff changeset	49
9754 a123a64cadeb * empty log message * nipkow parents: 9723 diff changeset	50	Naturally, we would like to show that @{term"itrev"} does indeed reverse
a123a64cadeb * empty log message * nipkow parents: 9723 diff changeset	51	its first argument provided the second one is empty:
a123a64cadeb * empty log message * nipkow parents: 9723 diff changeset	52	*};
8745 13b32661dde4 I wonder which files i forgot. nipkow parents: diff changeset	53
13b32661dde4 I wonder which files i forgot. nipkow parents: diff changeset	54	lemma "itrev xs [] = rev xs";
13b32661dde4 I wonder which files i forgot. nipkow parents: diff changeset	55
13b32661dde4 I wonder which files i forgot. nipkow parents: diff changeset	56	txt{*\noindent
13b32661dde4 I wonder which files i forgot. nipkow parents: diff changeset	57	There is no choice as to the induction variable, and we immediately simplify:
9458 c613cd06d5cf apply. -> by nipkow parents: 8745 diff changeset	58	*};
8745 13b32661dde4 I wonder which files i forgot. nipkow parents: diff changeset	59
9689 751fde5307e4 * empty log message * nipkow parents: 9644 diff changeset	60	apply(induct_tac xs, simp_all);
8745 13b32661dde4 I wonder which files i forgot. nipkow parents: diff changeset	61
13b32661dde4 I wonder which files i forgot. nipkow parents: diff changeset	62	txt{*\noindent
13b32661dde4 I wonder which files i forgot. nipkow parents: diff changeset	63	Unfortunately, this is not a complete success:
10971 6852682eaf16 * empty log message * nipkow parents: 10885 diff changeset	64	@{subgoals[display,indent=0,margin=70]}
8745 13b32661dde4 I wonder which files i forgot. nipkow parents: diff changeset	65	Just as predicted above, the overall goal, and hence the induction
13b32661dde4 I wonder which files i forgot. nipkow parents: diff changeset	66	hypothesis, is too weak to solve the induction step because of the fixed
10795 9e888d60d3e5 minor edits to Chapters 1-3 paulson parents: 10420 diff changeset	67	argument, @{term"[]"}. This suggests a heuristic:
8745 13b32661dde4 I wonder which files i forgot. nipkow parents: diff changeset	68	\begin{quote}
9754 a123a64cadeb * empty log message * nipkow parents: 9723 diff changeset	69	\emph{Generalize goals for induction by replacing constants by variables.}
8745 13b32661dde4 I wonder which files i forgot. nipkow parents: diff changeset	70	\end{quote}
9754 a123a64cadeb * empty log message * nipkow parents: 9723 diff changeset	71	Of course one cannot do this na\"{\i}vely: @{term"itrev xs ys = rev xs"} is
10971 6852682eaf16 * empty log message * nipkow parents: 10885 diff changeset	72	just not true --- the correct generalization is
9458 c613cd06d5cf apply. -> by nipkow parents: 8745 diff changeset	73	*};
8745 13b32661dde4 I wonder which files i forgot. nipkow parents: diff changeset	74	(<)oops;(>)
13b32661dde4 I wonder which files i forgot. nipkow parents: diff changeset	75	lemma "itrev xs ys = rev xs @ ys";
10362 c6b197ccf1f1 * empty log message * nipkow parents: 9844 diff changeset	76	(<)apply(induct_tac xs, simp_all)(>)
8745 13b32661dde4 I wonder which files i forgot. nipkow parents: diff changeset	77	txt{*\noindent
9754 a123a64cadeb * empty log message * nipkow parents: 9723 diff changeset	78	If @{term"ys"} is replaced by @{term"[]"}, the right-hand side simplifies to
9541 d17c0b34d5c8 * empty log message * nipkow parents: 9493 diff changeset	79	@{term"rev xs"}, just as required.
8745 13b32661dde4 I wonder which files i forgot. nipkow parents: diff changeset	80
13b32661dde4 I wonder which files i forgot. nipkow parents: diff changeset	81	In this particular instance it was easy to guess the right generalization,
13b32661dde4 I wonder which files i forgot. nipkow parents: diff changeset	82	but in more complex situations a good deal of creativity is needed. This is
13b32661dde4 I wonder which files i forgot. nipkow parents: diff changeset	83	the main source of complications in inductive proofs.
13b32661dde4 I wonder which files i forgot. nipkow parents: diff changeset	84
9754 a123a64cadeb * empty log message * nipkow parents: 9723 diff changeset	85	Although we now have two variables, only @{term"xs"} is suitable for
8745 13b32661dde4 I wonder which files i forgot. nipkow parents: diff changeset	86	induction, and we repeat our above proof attempt. Unfortunately, we are still
13b32661dde4 I wonder which files i forgot. nipkow parents: diff changeset	87	not there:
10362 c6b197ccf1f1 * empty log message * nipkow parents: 9844 diff changeset	88	@{subgoals[display,indent=0,goals_limit=1]}
8745 13b32661dde4 I wonder which files i forgot. nipkow parents: diff changeset	89	The induction hypothesis is still too weak, but this time it takes no
9754 a123a64cadeb * empty log message * nipkow parents: 9723 diff changeset	90	intuition to generalize: the problem is that @{term"ys"} is fixed throughout
8745 13b32661dde4 I wonder which files i forgot. nipkow parents: diff changeset	91	the subgoal, but the induction hypothesis needs to be applied with
9754 a123a64cadeb * empty log message * nipkow parents: 9723 diff changeset	92	@{term"a # ys"} instead of @{term"ys"}. Hence we prove the theorem
a123a64cadeb * empty log message * nipkow parents: 9723 diff changeset	93	for all @{term"ys"} instead of a fixed one:
9458 c613cd06d5cf apply. -> by nipkow parents: 8745 diff changeset	94	*};
8745 13b32661dde4 I wonder which files i forgot. nipkow parents: diff changeset	95	(<)oops;(>)
10362 c6b197ccf1f1 * empty log message * nipkow parents: 9844 diff changeset	96	lemma "\<forall>ys. itrev xs ys = rev xs @ ys";
9844 8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	97	(<)
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	98	by(induct_tac xs, simp_all);
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	99	(>)
8745 13b32661dde4 I wonder which files i forgot. nipkow parents: diff changeset	100
9844 8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	101	text{*\noindent
9754 a123a64cadeb * empty log message * nipkow parents: 9723 diff changeset	102	This time induction on @{term"xs"} followed by simplification succeeds. This
8745 13b32661dde4 I wonder which files i forgot. nipkow parents: diff changeset	103	leads to another heuristic for generalization:
13b32661dde4 I wonder which files i forgot. nipkow parents: diff changeset	104	\begin{quote}
9754 a123a64cadeb * empty log message * nipkow parents: 9723 diff changeset	105	\emph{Generalize goals for induction by universally quantifying all free
8745 13b32661dde4 I wonder which files i forgot. nipkow parents: diff changeset	106	variables {\em(except the induction variable itself!)}.}
13b32661dde4 I wonder which files i forgot. nipkow parents: diff changeset	107	\end{quote}
13b32661dde4 I wonder which files i forgot. nipkow parents: diff changeset	108	This prevents trivial failures like the above and does not change the
13b32661dde4 I wonder which files i forgot. nipkow parents: diff changeset	109	provability of the goal. Because it is not always required, and may even
13b32661dde4 I wonder which files i forgot. nipkow parents: diff changeset	110	complicate matters in some cases, this heuristic is often not
13b32661dde4 I wonder which files i forgot. nipkow parents: diff changeset	111	applied blindly.
10795 9e888d60d3e5 minor edits to Chapters 1-3 paulson parents: 10420 diff changeset	112	The variables that require generalization are typically those that
9e888d60d3e5 minor edits to Chapters 1-3 paulson parents: 10420 diff changeset	113	change in recursive calls.
9644 6b0b6b471855 * empty log message * nipkow parents: 9541 diff changeset	114
9844 8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	115	A final point worth mentioning is the orientation of the equation we just
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	116	proved: the more complex notion (@{term itrev}) is on the left-hand
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	117	side, the simpler one (@{term rev}) on the right-hand side. This constitutes
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	118	another, albeit weak heuristic that is not restricted to induction:
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	119	\begin{quote}
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	120	\emph{The right-hand side of an equation should (in some sense) be simpler
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	121	than the left-hand side.}
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	122	\end{quote}
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	123	This heuristic is tricky to apply because it is not obvious that
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	124	@{term"rev xs @ ys"} is simpler than @{term"itrev xs ys"}. But see what
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	125	happens if you try to prove @{prop"rev xs @ ys = itrev xs ys"}!
10971 6852682eaf16 * empty log message * nipkow parents: 10885 diff changeset	126
6852682eaf16 * empty log message * nipkow parents: 10885 diff changeset	127	In general, if you have tried the above heuristics and still find your
6852682eaf16 * empty log message * nipkow parents: 10885 diff changeset	128	induction does not go through, and no obvious lemma suggests itself, you may
6852682eaf16 * empty log message * nipkow parents: 10885 diff changeset	129	need to generalize your proposition even further. This requires insight into
6852682eaf16 * empty log message * nipkow parents: 10885 diff changeset	130	the problem at hand and is beyond simple rules of thumb. You
6852682eaf16 * empty log message * nipkow parents: 10885 diff changeset	131	will need to be creative. Additionally, you can read \S\ref{sec:advanced-ind}
6852682eaf16 * empty log message * nipkow parents: 10885 diff changeset	132	to learn about some advanced techniques for inductive proofs.
9844 8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	133	*}
8745 13b32661dde4 I wonder which files i forgot. nipkow parents: diff changeset	134	(<)
13b32661dde4 I wonder which files i forgot. nipkow parents: diff changeset	135	end
13b32661dde4 I wonder which files i forgot. nipkow parents: diff changeset	136	(>)

author	paulson
	Tue, 03 Jul 2001 15:29:29 +0200
changeset 11396	48fc0db9b896
parent 10971	6852682eaf16
child 11458	09a6c44a48ea
permissions	-rw-r--r--