isabelle: doc-src/TutorialI/Recdef/document/Nested2.tex@50f22b1b136a (annotated)

9690 50f22b1b136a * empty log message * nipkow parents: diff changeset	1	\begin{isabelle}%
50f22b1b136a * empty log message * nipkow parents: diff changeset	2	%
50f22b1b136a * empty log message * nipkow parents: diff changeset	3	\begin{isamarkuptext}%
50f22b1b136a * empty log message * nipkow parents: diff changeset	4	\noindent
50f22b1b136a * empty log message * nipkow parents: diff changeset	5	The termintion condition is easily proved by induction:%
50f22b1b136a * empty log message * nipkow parents: diff changeset	6	\end{isamarkuptext}%
50f22b1b136a * empty log message * nipkow parents: diff changeset	7	\isacommand{lemma}\ [simp]:\ {"}t\ {\isasymin}\ set\ ts\ {\isasymlongrightarrow}\ size\ t\ <\ Suc(term\_size\ ts){"}\isanewline
50f22b1b136a * empty log message * nipkow parents: diff changeset	8	\isacommand{by}(induct\_tac\ ts,\ auto)%
50f22b1b136a * empty log message * nipkow parents: diff changeset	9	\begin{isamarkuptext}%
50f22b1b136a * empty log message * nipkow parents: diff changeset	10	\noindent
50f22b1b136a * empty log message * nipkow parents: diff changeset	11	By making this theorem a simplification rule, \isacommand{recdef}
50f22b1b136a * empty log message * nipkow parents: diff changeset	12	applies it automatically and the above definition of \isa{trev}
50f22b1b136a * empty log message * nipkow parents: diff changeset	13	succeeds now. As a reward for our effort, we can now prove the desired
50f22b1b136a * empty log message * nipkow parents: diff changeset	14	lemma directly. The key is the fact that we no longer need the verbose
50f22b1b136a * empty log message * nipkow parents: diff changeset	15	induction schema for type \isa{term} but the simpler one arising from
50f22b1b136a * empty log message * nipkow parents: diff changeset	16	\isa{trev}:%
50f22b1b136a * empty log message * nipkow parents: diff changeset	17	\end{isamarkuptext}%
50f22b1b136a * empty log message * nipkow parents: diff changeset	18	\isacommand{lemmas}\ [cong]\ =\ map\_cong\isanewline
50f22b1b136a * empty log message * nipkow parents: diff changeset	19	\isacommand{lemma}\ {"}trev(trev\ t)\ =\ t{"}\isanewline
50f22b1b136a * empty log message * nipkow parents: diff changeset	20	\isacommand{apply}(induct\_tac\ t\ rule:trev.induct)%
50f22b1b136a * empty log message * nipkow parents: diff changeset	21	\begin{isamarkuptxt}%
50f22b1b136a * empty log message * nipkow parents: diff changeset	22	\noindent
50f22b1b136a * empty log message * nipkow parents: diff changeset	23	This leaves us with a trivial base case \isa{trev\ (trev\ (Var\ \mbox{x}))\ =\ Var\ \mbox{x}} and the step case
50f22b1b136a * empty log message * nipkow parents: diff changeset	24	\begin{quote}
50f22b1b136a * empty log message * nipkow parents: diff changeset	25
50f22b1b136a * empty log message * nipkow parents: diff changeset	26	\begin{isabelle}%
50f22b1b136a * empty log message * nipkow parents: diff changeset	27	{\isasymforall}\mbox{t}.\ \mbox{t}\ {\isasymin}\ set\ \mbox{ts}\ {\isasymlongrightarrow}\ trev\ (trev\ \mbox{t})\ =\ \mbox{t}\ {\isasymLongrightarrow}\isanewline
50f22b1b136a * empty log message * nipkow parents: diff changeset	28	trev\ (trev\ (App\ \mbox{f}\ \mbox{ts}))\ =\ App\ \mbox{f}\ \mbox{ts}
50f22b1b136a * empty log message * nipkow parents: diff changeset	29	\end{isabelle}%
50f22b1b136a * empty log message * nipkow parents: diff changeset	30
50f22b1b136a * empty log message * nipkow parents: diff changeset	31	\end{quote}
50f22b1b136a * empty log message * nipkow parents: diff changeset	32	both of which are solved by simplification:%
50f22b1b136a * empty log message * nipkow parents: diff changeset	33	\end{isamarkuptxt}%
50f22b1b136a * empty log message * nipkow parents: diff changeset	34	\isacommand{by}(simp\_all\ del:map\_compose\ add:sym[OF\ map\_compose]\ rev\_map)%
50f22b1b136a * empty log message * nipkow parents: diff changeset	35	\begin{isamarkuptext}%
50f22b1b136a * empty log message * nipkow parents: diff changeset	36	\noindent
50f22b1b136a * empty log message * nipkow parents: diff changeset	37	If this surprises you, see Datatype/Nested2......
50f22b1b136a * empty log message * nipkow parents: diff changeset	38
50f22b1b136a * empty log message * nipkow parents: diff changeset	39	The above definition of \isa{trev} is superior to the one in \S\ref{sec:nested-datatype}
50f22b1b136a * empty log message * nipkow parents: diff changeset	40	because it brings \isa{rev} into play, about which already know a lot, in particular
50f22b1b136a * empty log message * nipkow parents: diff changeset	41	\isa{rev\ (rev\ \mbox{xs})\ =\ \mbox{xs}}.
50f22b1b136a * empty log message * nipkow parents: diff changeset	42	Thus this proof is a good example of an important principle:
50f22b1b136a * empty log message * nipkow parents: diff changeset	43	\begin{quote}
50f22b1b136a * empty log message * nipkow parents: diff changeset	44	\emph{Chose your definitions carefully\\
50f22b1b136a * empty log message * nipkow parents: diff changeset	45	because they determine the complexity of your proofs.}
50f22b1b136a * empty log message * nipkow parents: diff changeset	46	\end{quote}
50f22b1b136a * empty log message * nipkow parents: diff changeset	47
50f22b1b136a * empty log message * nipkow parents: diff changeset	48	Let us now return to the question of how \isacommand{recdef} can come up with sensible termination
50f22b1b136a * empty log message * nipkow parents: diff changeset	49	conditions in the presence of higher-order functions like \isa{map}. For a start, if nothing
50f22b1b136a * empty log message * nipkow parents: diff changeset	50	were known about \isa{map}, \isa{map\ trev\ \mbox{ts}} might apply \isa{trev} to arbitrary terms,
50f22b1b136a * empty log message * nipkow parents: diff changeset	51	and thus \isacommand{recdef} would try to prove the unprovable
50f22b1b136a * empty log message * nipkow parents: diff changeset	52	\isa{size\ \mbox{t}\ <\ Suc\ (term\_size\ \mbox{ts})}, without any assumption about \isa{t}.
50f22b1b136a * empty log message * nipkow parents: diff changeset	53	Therefore \isacommand{recdef} has been supplied with the congruence theorem \isa{map\_cong}:
50f22b1b136a * empty log message * nipkow parents: diff changeset	54	\begin{quote}
50f22b1b136a * empty log message * nipkow parents: diff changeset	55
50f22b1b136a * empty log message * nipkow parents: diff changeset	56	\begin{isabelle}%
50f22b1b136a * empty log message * nipkow parents: diff changeset	57	{\isasymlbrakk}\mbox{xs}\ =\ \mbox{ys};\ {\isasymAnd}\mbox{x}.\ \mbox{x}\ {\isasymin}\ set\ \mbox{ys}\ {\isasymLongrightarrow}\ \mbox{f}\ \mbox{x}\ =\ \mbox{g}\ \mbox{x}{\isasymrbrakk}\isanewline
50f22b1b136a * empty log message * nipkow parents: diff changeset	58	{\isasymLongrightarrow}\ map\ \mbox{f}\ \mbox{xs}\ =\ map\ \mbox{g}\ \mbox{ys}
50f22b1b136a * empty log message * nipkow parents: diff changeset	59	\end{isabelle}%
50f22b1b136a * empty log message * nipkow parents: diff changeset	60
50f22b1b136a * empty log message * nipkow parents: diff changeset	61	\end{quote}
50f22b1b136a * empty log message * nipkow parents: diff changeset	62	Its second premise expresses (indirectly) that the second argument of \isa{map} is only applied
50f22b1b136a * empty log message * nipkow parents: diff changeset	63	to elements of its third argument. Congruence rules for other higher-order functions on lists would
50f22b1b136a * empty log message * nipkow parents: diff changeset	64	look very similar but have not been proved yet because they were never needed.
50f22b1b136a * empty log message * nipkow parents: diff changeset	65	If you get into a situation where you need to supply \isacommand{recdef} with new congruence
50f22b1b136a * empty log message * nipkow parents: diff changeset	66	rules, you can either append the line
50f22b1b136a * empty log message * nipkow parents: diff changeset	67	\begin{ttbox}
50f22b1b136a * empty log message * nipkow parents: diff changeset	68	congs <congruence rules>
50f22b1b136a * empty log message * nipkow parents: diff changeset	69	\end{ttbox}
50f22b1b136a * empty log message * nipkow parents: diff changeset	70	to the specific occurrence of \isacommand{recdef} or declare them globally:
50f22b1b136a * empty log message * nipkow parents: diff changeset	71	\begin{ttbox}
50f22b1b136a * empty log message * nipkow parents: diff changeset	72	lemmas [????????] = <congruence rules>
50f22b1b136a * empty log message * nipkow parents: diff changeset	73	\end{ttbox}
50f22b1b136a * empty log message * nipkow parents: diff changeset	74
50f22b1b136a * empty log message * nipkow parents: diff changeset	75	Note that \isacommand{recdef} feeds on exactly the same \emph{kind} of
50f22b1b136a * empty log message * nipkow parents: diff changeset	76	congruence rules as the simplifier (\S\ref{sec:simp-cong}) but that
50f22b1b136a * empty log message * nipkow parents: diff changeset	77	declaring a congruence rule for the simplifier does not make it
50f22b1b136a * empty log message * nipkow parents: diff changeset	78	available to \isacommand{recdef}, and vice versa. This is intentional.%
50f22b1b136a * empty log message * nipkow parents: diff changeset	79	\end{isamarkuptext}%
50f22b1b136a * empty log message * nipkow parents: diff changeset	80	\end{isabelle}%
50f22b1b136a * empty log message * nipkow parents: diff changeset	81	%%% Local Variables:
50f22b1b136a * empty log message * nipkow parents: diff changeset	82	%%% mode: latex
50f22b1b136a * empty log message * nipkow parents: diff changeset	83	%%% TeX-master: "root"
50f22b1b136a * empty log message * nipkow parents: diff changeset	84	%%% End:

author	nipkow
	Mon, 28 Aug 2000 10:16:58 +0200
changeset 9690	50f22b1b136a
child 9698	f0740137a65d
permissions	-rw-r--r--