isabelle: doc-src/ProgProve/Thys/document/Logic.tex@56d72c923281 (annotated)

47269 29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	1	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	2	\begin{isabellebody}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	3	\def\isabellecontext{Logic}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	4	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	5	\isadelimtheory
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	6	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	7	\endisadelimtheory
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	8	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	9	\isatagtheory
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	10	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	11	\endisatagtheory
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	12	{\isafoldtheory}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	13	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	14	\isadelimtheory
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	15	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	16	\endisadelimtheory
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	17	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	18	\begin{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	19	\vspace{-5ex}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	20	\section{Logic and Proof Beyond Equality}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	21	\label{sec:Logic}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	22
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	23	\subsection{Formulas}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	24
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	25	The basic syntax of formulas (\textit{form} below)
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	26	provides the standard logical constructs, in decreasing precedence:
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	27	\[
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	28	\begin{array}{rcl}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	29
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	30	\mathit{form} & ::= &
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	31	\isa{{\isaliteral{28}{\isacharparenleft}}form{\isaliteral{29}{\isacharparenright}}} ~\mid~
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	32	\isa{True} ~\mid~
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	33	\isa{False} ~\mid~
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	34	\isa{term\ {\isaliteral{3D}{\isacharequal}}\ term}\\
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	35	&\mid& \isa{{\isaliteral{5C3C6E6F743E}{\isasymnot}}\ form} ~\mid~
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	36	\isa{form\ {\isaliteral{5C3C616E643E}{\isasymand}}\ form} ~\mid~
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	37	\isa{form\ {\isaliteral{5C3C6F723E}{\isasymor}}\ form} ~\mid~
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	38	\isa{form\ {\isaliteral{5C3C6C6F6E6772696768746172726F773E}{\isasymlongrightarrow}}\ form}\\
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	39	&\mid& \isa{{\isaliteral{5C3C666F72616C6C3E}{\isasymforall}}x{\isaliteral{2E}{\isachardot}}\ form} ~\mid~ \isa{{\isaliteral{5C3C6578697374733E}{\isasymexists}}x{\isaliteral{2E}{\isachardot}}\ form}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	40	\end{array}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	41	\]
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	42	Terms are the ones we have seen all along, built from constant, variables,
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	43	function application and \isa{{\isaliteral{5C3C6C616D6264613E}{\isasymlambda}}}-abstraction, including all the syntactic
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	44	sugar like infix symbols, \isa{if}, \isa{case} etc.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	45	\begin{warn}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	46	Remember that formulas are simply terms of type \isa{bool}. Hence
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	47	\isa{{\isaliteral{3D}{\isacharequal}}} also works for formulas. Beware that \isa{{\isaliteral{3D}{\isacharequal}}} has a higher
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	48	precedence than the other logical operators. Hence \isa{s\ {\isaliteral{3D}{\isacharequal}}\ t\ {\isaliteral{5C3C616E643E}{\isasymand}}\ A} means
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	49	\isa{{\isaliteral{28}{\isacharparenleft}}s\ {\isaliteral{3D}{\isacharequal}}\ t{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C616E643E}{\isasymand}}\ A}, and \isa{A\ {\isaliteral{5C3C616E643E}{\isasymand}}\ B\ {\isaliteral{3D}{\isacharequal}}\ B\ {\isaliteral{5C3C616E643E}{\isasymand}}\ A} means \isa{A\ {\isaliteral{5C3C616E643E}{\isasymand}}\ {\isaliteral{28}{\isacharparenleft}}B\ {\isaliteral{3D}{\isacharequal}}\ A{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C616E643E}{\isasymand}}\ B}.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	50	Logical equivalence can also be written with
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	51	\isa{{\isaliteral{5C3C6C6F6E676C65667472696768746172726F773E}{\isasymlongleftrightarrow}}} instead of \isa{{\isaliteral{3D}{\isacharequal}}}, where \isa{{\isaliteral{5C3C6C6F6E676C65667472696768746172726F773E}{\isasymlongleftrightarrow}}} has the same low
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	52	precedence as \isa{{\isaliteral{5C3C6C6F6E6772696768746172726F773E}{\isasymlongrightarrow}}}. Hence \isa{A\ {\isaliteral{5C3C616E643E}{\isasymand}}\ B\ {\isaliteral{5C3C6C6F6E676C65667472696768746172726F773E}{\isasymlongleftrightarrow}}\ B\ {\isaliteral{5C3C616E643E}{\isasymand}}\ A} really means
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	53	\isa{{\isaliteral{28}{\isacharparenleft}}A\ {\isaliteral{5C3C616E643E}{\isasymand}}\ B{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C6C6F6E676C65667472696768746172726F773E}{\isasymlongleftrightarrow}}\ {\isaliteral{28}{\isacharparenleft}}B\ {\isaliteral{5C3C616E643E}{\isasymand}}\ A{\isaliteral{29}{\isacharparenright}}}.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	54	\end{warn}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	55	\begin{warn}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	56	Quantifiers need to be enclosed in parentheses if they are nested within
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	57	other constructs (just like \isa{if}, \isa{case} and \isa{let}).
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	58	\end{warn}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	59	The most frequent logical symbols have the following ASCII representations:
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	60	\begin{center}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	61	\begin{tabular}{l@ {\qquad}l@ {\qquad}l}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	62	\isa{{\isaliteral{5C3C666F72616C6C3E}{\isasymforall}}} & \xsymbol{forall} & \texttt{ALL}\\
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	63	\isa{{\isaliteral{5C3C6578697374733E}{\isasymexists}}} & \xsymbol{exists} & \texttt{EX}\\
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	64	\isa{{\isaliteral{5C3C6C616D6264613E}{\isasymlambda}}} & \xsymbol{lambda} & \texttt{\%}\\
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	65	\isa{{\isaliteral{5C3C6C6F6E6772696768746172726F773E}{\isasymlongrightarrow}}} & \texttt{-{}->}\\
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	66	\isa{{\isaliteral{5C3C6C6F6E676C65667472696768746172726F773E}{\isasymlongleftrightarrow}}} & \texttt{<-{}->}\\
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	67	\isa{{\isaliteral{5C3C616E643E}{\isasymand}}} & \texttt{/\char`\\} & \texttt{\&}\\
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	68	\isa{{\isaliteral{5C3C6F723E}{\isasymor}}} & \texttt{\char`\\/} & \texttt{\|}\\
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	69	\isa{{\isaliteral{5C3C6E6F743E}{\isasymnot}}} & \xsymbol{not} & \texttt{\char`~}\\
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	70	\isa{{\isaliteral{5C3C6E6F7465713E}{\isasymnoteq}}} & \xsymbol{noteq} & \texttt{\char`~=}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	71	\end{tabular}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	72	\end{center}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	73	The first column shows the symbols, the second column ASCII representations
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	74	that Isabelle interfaces convert into the corresponding symbol,
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	75	and the third column shows ASCII representations that stay fixed.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	76	\begin{warn}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	77	The implication \isa{{\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}} is part of the Isabelle framework. It structures
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	78	theorems and proof states, separating assumptions from conclusion.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	79	The implication \isa{{\isaliteral{5C3C6C6F6E6772696768746172726F773E}{\isasymlongrightarrow}}} is part of the logic HOL and can occur inside the
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	80	formulas that make up the assumptions and conclusion.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	81	Theorems should be of the form \isa{{\isaliteral{5C3C6C6272616B6B3E}{\isasymlbrakk}}\ A\isaliteral{5C3C5E697375623E}{}\isactrlisub {\isadigit{1}}{\isaliteral{3B}{\isacharsemicolon}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{3B}{\isacharsemicolon}}\ A\isaliteral{5C3C5E697375623E}{}\isactrlisub n\ {\isaliteral{5C3C726272616B6B3E}{\isasymrbrakk}}\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ A},
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	82	not \isa{A\isaliteral{5C3C5E697375623E}{}\isactrlisub {\isadigit{1}}\ {\isaliteral{5C3C616E643E}{\isasymand}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{5C3C616E643E}{\isasymand}}\ A\isaliteral{5C3C5E697375623E}{}\isactrlisub n\ {\isaliteral{5C3C6C6F6E6772696768746172726F773E}{\isasymlongrightarrow}}\ A}. Both are logically equivalent
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	83	but the first one works better when using the theorem in further proofs.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	84	\end{warn}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	85
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	86	\subsection{Sets}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	87
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	88	Sets of elements of type \isa{{\isaliteral{27}{\isacharprime}}a} have type \isa{{\isaliteral{27}{\isacharprime}}a\ set}.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	89	They can be finite or infinite. Sets come with the usual notations:
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	90	\begin{itemize}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	91	\item \isa{{\isaliteral{7B}{\isacharbraceleft}}{\isaliteral{7D}{\isacharbraceright}}},\quad \isa{{\isaliteral{7B}{\isacharbraceleft}}e\isaliteral{5C3C5E697375623E}{}\isactrlisub {\isadigit{1}}{\isaliteral{2C}{\isacharcomma}}{\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{2C}{\isacharcomma}}e\isaliteral{5C3C5E697375623E}{}\isactrlisub n{\isaliteral{7D}{\isacharbraceright}}}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	92	\item \isa{e\ {\isaliteral{5C3C696E3E}{\isasymin}}\ A},\quad \isa{A\ {\isaliteral{5C3C73756273657465713E}{\isasymsubseteq}}\ B}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	93	\item \isa{A\ {\isaliteral{5C3C756E696F6E3E}{\isasymunion}}\ B},\quad \isa{A\ {\isaliteral{5C3C696E7465723E}{\isasyminter}}\ B},\quad \isa{A\ {\isaliteral{2D}{\isacharminus}}\ B},\quad \isa{{\isaliteral{2D}{\isacharminus}}\ A}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	94	\end{itemize}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	95	and much more. \isa{UNIV} is the set of all elements of some type.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	96	Set comprehension is written \isa{{\isaliteral{7B}{\isacharbraceleft}}x{\isaliteral{2E}{\isachardot}}\ P{\isaliteral{7D}{\isacharbraceright}}}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	97	rather than \isa{{\isaliteral{7B}{\isacharbraceleft}}x\ {\isaliteral{7C}{\isacharbar}}\ P{\isaliteral{7D}{\isacharbraceright}}}, to emphasize the variable binding nature
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	98	of the construct.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	99	\begin{warn}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	100	In \isa{{\isaliteral{7B}{\isacharbraceleft}}x{\isaliteral{2E}{\isachardot}}\ P{\isaliteral{7D}{\isacharbraceright}}} the \isa{x} must be a variable. Set comprehension
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	101	involving a proper term \isa{t} must be written
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	102	\isa{{\isaliteral{22}{\isachardoublequote}}{\isaliteral{7B}{\isacharbraceleft}}t\ {\isaliteral{7C}{\isacharbar}}x\ y\ z{\isaliteral{2E}{\isachardot}}\ P{\isaliteral{7D}{\isacharbraceright}}{\isaliteral{22}{\isachardoublequote}}},
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	103	where \isa{x\ y\ z} are the free variables in \isa{t}.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	104	This is just a shorthand for \isa{{\isaliteral{7B}{\isacharbraceleft}}v{\isaliteral{2E}{\isachardot}}\ {\isaliteral{5C3C6578697374733E}{\isasymexists}}x\ y\ z{\isaliteral{2E}{\isachardot}}\ v\ {\isaliteral{3D}{\isacharequal}}\ t\ {\isaliteral{5C3C616E643E}{\isasymand}}\ P{\isaliteral{7D}{\isacharbraceright}}}, where
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	105	\isa{v} is a new variable.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	106	\end{warn}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	107
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	108	Here are the ASCII representations of the mathematical symbols:
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	109	\begin{center}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	110	\begin{tabular}{l@ {\quad}l@ {\quad}l}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	111	\isa{{\isaliteral{5C3C696E3E}{\isasymin}}} & \texttt{\char`\\\char`\<in>} & \texttt{:}\\
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	112	\isa{{\isaliteral{5C3C73756273657465713E}{\isasymsubseteq}}} & \texttt{\char`\\\char`\<subseteq>} & \texttt{<=}\\
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	113	\isa{{\isaliteral{5C3C756E696F6E3E}{\isasymunion}}} & \texttt{\char`\\\char`\<union>} & \texttt{Un}\\
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	114	\isa{{\isaliteral{5C3C696E7465723E}{\isasyminter}}} & \texttt{\char`\\\char`\<inter>} & \texttt{Int}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	115	\end{tabular}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	116	\end{center}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	117	Sets also allow bounded quantifications \isa{{\isaliteral{5C3C666F72616C6C3E}{\isasymforall}}x{\isaliteral{5C3C696E3E}{\isasymin}}A{\isaliteral{2E}{\isachardot}}\ P} and
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	118	\isa{{\isaliteral{5C3C6578697374733E}{\isasymexists}}x{\isaliteral{5C3C696E3E}{\isasymin}}A{\isaliteral{2E}{\isachardot}}\ P}.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	119
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	120	\subsection{Proof automation}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	121
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	122	So far we have only seen \isa{simp} and \isa{auto}: Both perform
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	123	rewriting, both can also prove linear arithmetic facts (no multiplication),
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	124	and \isa{auto} is also able to prove simple logical or set-theoretic goals:%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	125	\end{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	126	\isamarkuptrue%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	127	\isacommand{lemma}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	128	\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{5C3C666F72616C6C3E}{\isasymforall}}x{\isaliteral{2E}{\isachardot}}\ {\isaliteral{5C3C6578697374733E}{\isasymexists}}y{\isaliteral{2E}{\isachardot}}\ x\ {\isaliteral{3D}{\isacharequal}}\ y{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	129	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	130	\isadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	131	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	132	\endisadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	133	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	134	\isatagproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	135	\isacommand{by}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	136	\ auto%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	137	\endisatagproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	138	{\isafoldproof}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	139	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	140	\isadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	141	\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	142	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	143	\endisadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	144	\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	145	\isacommand{lemma}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	146	\ {\isaliteral{22}{\isachardoublequoteopen}}A\ {\isaliteral{5C3C73756273657465713E}{\isasymsubseteq}}\ B\ {\isaliteral{5C3C696E7465723E}{\isasyminter}}\ C\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ A\ {\isaliteral{5C3C73756273657465713E}{\isasymsubseteq}}\ B\ {\isaliteral{5C3C756E696F6E3E}{\isasymunion}}\ C{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	147	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	148	\isadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	149	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	150	\endisadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	151	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	152	\isatagproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	153	\isacommand{by}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	154	\ auto%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	155	\endisatagproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	156	{\isafoldproof}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	157	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	158	\isadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	159	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	160	\endisadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	161	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	162	\begin{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	163	where
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	164	\begin{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	165	\isacom{by} \textit{proof-method}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	166	\end{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	167	is short for
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	168	\begin{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	169	\isacom{apply} \textit{proof-method}\\
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	170	\isacom{done}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	171	\end{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	172	The key characteristics of both \isa{simp} and \isa{auto} are
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	173	\begin{itemize}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	174	\item They show you were they got stuck, giving you an idea how to continue.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	175	\item They perform the obvious steps but are highly incomplete.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	176	\end{itemize}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	177	A proof method is \concept{complete} if it can prove all true formulas.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	178	There is no complete proof method for HOL, not even in theory.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	179	Hence all our proof methods only differ in how incomplete they are.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	180
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	181	A proof method that is still incomplete but tries harder than \isa{auto} is
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	182	\isa{fastforce}. It either succeeds or fails, it acts on the first
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	183	subgoal only, and it can be modified just like \isa{auto}, e.g.\
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	184	with \isa{simp\ add}. Here is a typical example of what \isa{fastforce}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	185	can do:%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	186	\end{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	187	\isamarkuptrue%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	188	\isacommand{lemma}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	189	\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{5C3C6C6272616B6B3E}{\isasymlbrakk}}\ {\isaliteral{5C3C666F72616C6C3E}{\isasymforall}}xs\ {\isaliteral{5C3C696E3E}{\isasymin}}\ A{\isaliteral{2E}{\isachardot}}\ {\isaliteral{5C3C6578697374733E}{\isasymexists}}ys{\isaliteral{2E}{\isachardot}}\ xs\ {\isaliteral{3D}{\isacharequal}}\ ys\ {\isaliteral{40}{\isacharat}}\ ys{\isaliteral{3B}{\isacharsemicolon}}\ \ us\ {\isaliteral{5C3C696E3E}{\isasymin}}\ A\ {\isaliteral{5C3C726272616B6B3E}{\isasymrbrakk}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	190	\ \ \ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ {\isaliteral{5C3C6578697374733E}{\isasymexists}}n{\isaliteral{2E}{\isachardot}}\ length\ us\ {\isaliteral{3D}{\isacharequal}}\ n{\isaliteral{2B}{\isacharplus}}n{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	191	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	192	\isadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	193	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	194	\endisadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	195	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	196	\isatagproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	197	\isacommand{by}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	198	\ fastforce%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	199	\endisatagproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	200	{\isafoldproof}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	201	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	202	\isadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	203	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	204	\endisadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	205	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	206	\begin{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	207	This lemma is out of reach for \isa{auto} because of the
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	208	quantifiers. Even \isa{fastforce} fails when the quantifier structure
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	209	becomes more complicated. In a few cases, its slow version \isa{force}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	210	succeeds where \isa{fastforce} fails.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	211
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	212	The method of choice for complex logical goals is \isa{blast}. In the
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	213	following example, \isa{T} and \isa{A} are two binary predicates, and it
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	214	is shown that \isa{T} is total, \isa{A} is antisymmetric and \isa{T} is
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	215	a subset of \isa{A}, then \isa{A} is a subset of \isa{T}:%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	216	\end{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	217	\isamarkuptrue%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	218	\isacommand{lemma}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	219	\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	220	\ \ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{5C3C6C6272616B6B3E}{\isasymlbrakk}}\ {\isaliteral{5C3C666F72616C6C3E}{\isasymforall}}x\ y{\isaliteral{2E}{\isachardot}}\ T\ x\ y\ {\isaliteral{5C3C6F723E}{\isasymor}}\ T\ y\ x{\isaliteral{3B}{\isacharsemicolon}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	221	\ \ \ \ \ {\isaliteral{5C3C666F72616C6C3E}{\isasymforall}}x\ y{\isaliteral{2E}{\isachardot}}\ A\ x\ y\ {\isaliteral{5C3C616E643E}{\isasymand}}\ A\ y\ x\ {\isaliteral{5C3C6C6F6E6772696768746172726F773E}{\isasymlongrightarrow}}\ x\ {\isaliteral{3D}{\isacharequal}}\ y{\isaliteral{3B}{\isacharsemicolon}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	222	\ \ \ \ \ {\isaliteral{5C3C666F72616C6C3E}{\isasymforall}}x\ y{\isaliteral{2E}{\isachardot}}\ T\ x\ y\ {\isaliteral{5C3C6C6F6E6772696768746172726F773E}{\isasymlongrightarrow}}\ A\ x\ y\ {\isaliteral{5C3C726272616B6B3E}{\isasymrbrakk}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	223	\ \ \ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ {\isaliteral{5C3C666F72616C6C3E}{\isasymforall}}x\ y{\isaliteral{2E}{\isachardot}}\ A\ x\ y\ {\isaliteral{5C3C6C6F6E6772696768746172726F773E}{\isasymlongrightarrow}}\ T\ x\ y{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	224	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	225	\isadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	226	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	227	\endisadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	228	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	229	\isatagproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	230	\isacommand{by}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	231	\ blast%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	232	\endisatagproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	233	{\isafoldproof}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	234	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	235	\isadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	236	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	237	\endisadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	238	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	239	\begin{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	240	We leave it to the reader to figure out why this lemma is true.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	241	Method \isa{blast}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	242	\begin{itemize}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	243	\item is (in principle) a complete proof procedure for first-order formulas,
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	244	a fragment of HOL. In practice there is a search bound.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	245	\item does no rewriting and knows very little about equality.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	246	\item covers logic, sets and relations.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	247	\item either succeeds or fails.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	248	\end{itemize}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	249	Because of its strength in logic and sets and its weakness in equality reasoning, it complements the earlier proof methods.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	250
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	251
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	252	\subsubsection{Sledgehammer}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	253
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	254	Command \isacom{sledgehammer} calls a number of external automatic
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	255	theorem provers (ATPs) that run for up to 30 seconds searching for a
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	256	proof. Some of these ATPs are part of the Isabelle installation, others are
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	257	queried over the internet. If successful, a proof command is generated and can
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	258	be inserted into your proof. The biggest win of \isacom{sledgehammer} is
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	259	that it will take into account the whole lemma library and you do not need to
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	260	feed in any lemma explicitly. For example,%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	261	\end{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	262	\isamarkuptrue%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	263	\isacommand{lemma}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	264	\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{5C3C6C6272616B6B3E}{\isasymlbrakk}}\ xs\ {\isaliteral{40}{\isacharat}}\ ys\ {\isaliteral{3D}{\isacharequal}}\ ys\ {\isaliteral{40}{\isacharat}}\ xs{\isaliteral{3B}{\isacharsemicolon}}\ \ length\ xs\ {\isaliteral{3D}{\isacharequal}}\ length\ ys\ {\isaliteral{5C3C726272616B6B3E}{\isasymrbrakk}}\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ xs\ {\isaliteral{3D}{\isacharequal}}\ ys{\isaliteral{22}{\isachardoublequoteclose}}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	265	\isadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	266	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	267	\endisadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	268	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	269	\isatagproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	270	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	271	\begin{isamarkuptxt}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	272	cannot be solved by any of the standard proof methods, but
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	273	\isacom{sledgehammer} finds the following proof:%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	274	\end{isamarkuptxt}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	275	\isamarkuptrue%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	276	\isacommand{by}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	277	\ {\isaliteral{28}{\isacharparenleft}}metis\ append{\isaliteral{5F}{\isacharunderscore}}eq{\isaliteral{5F}{\isacharunderscore}}conv{\isaliteral{5F}{\isacharunderscore}}conj{\isaliteral{29}{\isacharparenright}}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	278	\endisatagproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	279	{\isafoldproof}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	280	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	281	\isadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	282	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	283	\endisadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	284	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	285	\begin{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	286	We do not explain how the proof was found but what this command
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	287	means. For a start, Isabelle does not trust external tools (and in particular
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	288	not the translations from Isabelle's logic to those tools!)
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	289	and insists on a proof that it can check. This is what \isa{metis} does.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	290	It is given a list of lemmas and tries to find a proof just using those lemmas
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	291	(and pure logic). In contrast to \isa{simp} and friends that know a lot of
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	292	lemmas already, using \isa{metis} manually is tedious because one has
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	293	to find all the relevant lemmas first. But that is precisely what
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	294	\isacom{sledgehammer} does for us.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	295	In this case lemma \isa{append{\isaliteral{5F}{\isacharunderscore}}eq{\isaliteral{5F}{\isacharunderscore}}conv{\isaliteral{5F}{\isacharunderscore}}conj} alone suffices:
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	296	\begin{isabelle}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	297	{\isaliteral{28}{\isacharparenleft}}xs\ {\isaliteral{40}{\isacharat}}\ ys\ {\isaliteral{3D}{\isacharequal}}\ zs{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ {\isaliteral{28}{\isacharparenleft}}xs\ {\isaliteral{3D}{\isacharequal}}\ take\ {\isaliteral{28}{\isacharparenleft}}length\ xs{\isaliteral{29}{\isacharparenright}}\ zs\ {\isaliteral{5C3C616E643E}{\isasymand}}\ ys\ {\isaliteral{3D}{\isacharequal}}\ drop\ {\isaliteral{28}{\isacharparenleft}}length\ xs{\isaliteral{29}{\isacharparenright}}\ zs{\isaliteral{29}{\isacharparenright}}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	298	\end{isabelle}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	299	We leave it to the reader to figure out why this lemma suffices to prove
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	300	the above lemma, even without any knowledge of what the functions \isa{take}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	301	and \isa{drop} do. Keep in mind that the variables in the two lemmas
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	302	are independent of each other, despite the same names, and that you can
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	303	substitute arbitrary values for the free variables in a lemma.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	304
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	305	Just as for the other proof methods we have seen, there is no guarantee that
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	306	\isacom{sledgehammer} will find a proof if it exists. Nor is
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	307	\isacom{sledgehammer} superior to the other proof methods. They are
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	308	incomparable. Therefore it is recommended to apply \isa{simp} or \isa{auto} before invoking \isacom{sledgehammer} on what is left.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	309
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	310	\subsubsection{Arithmetic}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	311
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	312	By arithmetic formulas we mean formulas involving variables, numbers, \isa{{\isaliteral{2B}{\isacharplus}}}, \isa{{\isaliteral{2D}{\isacharminus}}}, \isa{{\isaliteral{3D}{\isacharequal}}}, \isa{{\isaliteral{3C}{\isacharless}}}, \isa{{\isaliteral{5C3C6C653E}{\isasymle}}} and the usual logical
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	313	connectives \isa{{\isaliteral{5C3C6E6F743E}{\isasymnot}}}, \isa{{\isaliteral{5C3C616E643E}{\isasymand}}}, \isa{{\isaliteral{5C3C6F723E}{\isasymor}}}, \isa{{\isaliteral{5C3C6C6F6E6772696768746172726F773E}{\isasymlongrightarrow}}},
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	314	\isa{{\isaliteral{5C3C6C6F6E676C65667472696768746172726F773E}{\isasymlongleftrightarrow}}}. Strictly speaking, this is known as \concept{linear arithmetic}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	315	because it does not involve multiplication, although multiplication with
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	316	numbers, e.g.\ \isa{{\isadigit{2}}{\isaliteral{2A}{\isacharasterisk}}n} is allowed. Such formulas can be proved by
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	317	\isa{arith}:%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	318	\end{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	319	\isamarkuptrue%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	320	\isacommand{lemma}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	321	\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{5C3C6C6272616B6B3E}{\isasymlbrakk}}\ {\isaliteral{28}{\isacharparenleft}}a{\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}nat{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C6C653E}{\isasymle}}\ x\ {\isaliteral{2B}{\isacharplus}}\ b{\isaliteral{3B}{\isacharsemicolon}}\ {\isadigit{2}}{\isaliteral{2A}{\isacharasterisk}}x\ {\isaliteral{3C}{\isacharless}}\ c\ {\isaliteral{5C3C726272616B6B3E}{\isasymrbrakk}}\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ {\isadigit{2}}{\isaliteral{2A}{\isacharasterisk}}a\ {\isaliteral{2B}{\isacharplus}}\ {\isadigit{1}}\ {\isaliteral{5C3C6C653E}{\isasymle}}\ {\isadigit{2}}{\isaliteral{2A}{\isacharasterisk}}b\ {\isaliteral{2B}{\isacharplus}}\ c{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	322	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	323	\isadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	324	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	325	\endisadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	326	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	327	\isatagproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	328	\isacommand{by}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	329	\ arith%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	330	\endisatagproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	331	{\isafoldproof}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	332	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	333	\isadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	334	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	335	\endisadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	336	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	337	\begin{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	338	In fact, \isa{auto} and \isa{simp} can prove many linear
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	339	arithmetic formulas already, like the one above, by calling a weak but fast
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	340	version of \isa{arith}. Hence it is usually not necessary to invoke
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	341	\isa{arith} explicitly.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	342
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	343	The above example involves natural numbers, but integers (type \isa{int})
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	344	and real numbers (type \isa{real}) are supported as well. As are a number
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	345	of further operators like \isa{min} and \isa{max}. On \isa{nat} and
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	346	\isa{int}, \isa{arith} can even prove theorems with quantifiers in them,
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	347	but we will not enlarge on that here.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	348
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	349
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	350	\subsection{Single step proofs}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	351
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	352	Although automation is nice, it often fails, at least initially, and you need
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	353	to find out why. When \isa{fastforce} or \isa{blast} simply fail, you have
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	354	no clue why. At this point, the stepwise
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	355	application of proof rules may be necessary. For example, if \isa{blast}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	356	fails on \isa{A\ {\isaliteral{5C3C616E643E}{\isasymand}}\ B}, you want to attack the two
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	357	conjuncts \isa{A} and \isa{B} separately. This can
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	358	be achieved by applying \emph{conjunction introduction}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	359	\[ \isa{\mbox{}\inferrule{\mbox{{\isaliteral{3F}{\isacharquery}}P}\\\ \mbox{{\isaliteral{3F}{\isacharquery}}Q}}{\mbox{{\isaliteral{3F}{\isacharquery}}P\ {\isaliteral{5C3C616E643E}{\isasymand}}\ {\isaliteral{3F}{\isacharquery}}Q}}}\ \isa{conjI}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	360	\]
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	361	to the proof state. We will now examine the details of this process.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	362
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	363	\subsubsection{Instantiating unknowns}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	364
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	365	We had briefly mentioned earlier that after proving some theorem,
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	366	Isabelle replaces all free variables \isa{x} by so called \concept{unknowns}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	367	\isa{{\isaliteral{3F}{\isacharquery}}x}. We can see this clearly in rule \isa{conjI}.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	368	These unknowns can later be instantiated explicitly or implicitly:
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	369	\begin{itemize}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	370	\item By hand, using \isa{of}.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	371	The expression \isa{conjI{\isaliteral{5B}{\isacharbrackleft}}of\ {\isaliteral{22}{\isachardoublequote}}a{\isaliteral{3D}{\isacharequal}}b{\isaliteral{22}{\isachardoublequote}}\ {\isaliteral{22}{\isachardoublequote}}False{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5D}{\isacharbrackright}}}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	372	instantiates the unknowns in \isa{conjI} from left to right with the
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	373	two formulas \isa{a{\isaliteral{3D}{\isacharequal}}b} and \isa{False}, yielding the rule
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	374	\begin{isabelle}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	375	\mbox{}\inferrule{\mbox{a\ {\isaliteral{3D}{\isacharequal}}\ b}\\\ \mbox{False}}{\mbox{a\ {\isaliteral{3D}{\isacharequal}}\ b\ {\isaliteral{5C3C616E643E}{\isasymand}}\ False}}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	376	\end{isabelle}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	377
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	378	In general, \isa{th{\isaliteral{5B}{\isacharbrackleft}}of\ string\isaliteral{5C3C5E697375623E}{}\isactrlisub {\isadigit{1}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ string\isaliteral{5C3C5E697375623E}{}\isactrlisub n{\isaliteral{5D}{\isacharbrackright}}} instantiates
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	379	the unknowns in the theorem \isa{th} from left to right with the terms
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	380	\isa{string\isaliteral{5C3C5E697375623E}{}\isactrlisub {\isadigit{1}}} to \isa{string\isaliteral{5C3C5E697375623E}{}\isactrlisub n}.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	381
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	382	\item By unification. \concept{Unification} is the process of making two
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	383	terms syntactically equal by suitable instantiations of unknowns. For example,
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	384	unifying \isa{{\isaliteral{3F}{\isacharquery}}P\ {\isaliteral{5C3C616E643E}{\isasymand}}\ {\isaliteral{3F}{\isacharquery}}Q} with \mbox{\isa{a\ {\isaliteral{3D}{\isacharequal}}\ b\ {\isaliteral{5C3C616E643E}{\isasymand}}\ False}} instantiates
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	385	\isa{{\isaliteral{3F}{\isacharquery}}P} with \isa{a\ {\isaliteral{3D}{\isacharequal}}\ b} and \isa{{\isaliteral{3F}{\isacharquery}}Q} with \isa{False}.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	386	\end{itemize}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	387	We need not instantiate all unknowns. If we want to skip a particular one we
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	388	can just write \isa{{\isaliteral{5F}{\isacharunderscore}}} instead, for example \isa{conjI{\isaliteral{5B}{\isacharbrackleft}}of\ {\isaliteral{5F}{\isacharunderscore}}\ {\isaliteral{22}{\isachardoublequote}}False{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5D}{\isacharbrackright}}}.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	389	Unknowns can also be instantiated by name, for example
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	390	\isa{conjI{\isaliteral{5B}{\isacharbrackleft}}where\ {\isaliteral{3F}{\isacharquery}}P\ {\isaliteral{3D}{\isacharequal}}\ {\isaliteral{22}{\isachardoublequote}}a{\isaliteral{3D}{\isacharequal}}b{\isaliteral{22}{\isachardoublequote}}\ and\ {\isaliteral{3F}{\isacharquery}}Q\ {\isaliteral{3D}{\isacharequal}}\ {\isaliteral{22}{\isachardoublequote}}False{\isaliteral{22}{\isachardoublequote}}{\isaliteral{5D}{\isacharbrackright}}}.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	391
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	392
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	393	\subsubsection{Rule application}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	394
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	395	\concept{Rule application} means applying a rule backwards to a proof state.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	396	For example, applying rule \isa{conjI} to a proof state
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	397	\begin{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	398	\isa{{\isadigit{1}}{\isaliteral{2E}{\isachardot}}\ \ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ \ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ A\ {\isaliteral{5C3C616E643E}{\isasymand}}\ B}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	399	\end{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	400	results in two subgoals, one for each premise of \isa{conjI}:
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	401	\begin{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	402	\isa{{\isadigit{1}}{\isaliteral{2E}{\isachardot}}\ \ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ \ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ A}\\
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	403	\isa{{\isadigit{2}}{\isaliteral{2E}{\isachardot}}\ \ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ \ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ B}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	404	\end{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	405	In general, the application of a rule \isa{{\isaliteral{5C3C6C6272616B6B3E}{\isasymlbrakk}}\ A\isaliteral{5C3C5E697375623E}{}\isactrlisub {\isadigit{1}}{\isaliteral{3B}{\isacharsemicolon}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{3B}{\isacharsemicolon}}\ A\isaliteral{5C3C5E697375623E}{}\isactrlisub n\ {\isaliteral{5C3C726272616B6B3E}{\isasymrbrakk}}\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ A}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	406	to a subgoal \mbox{\isa{{\isaliteral{5C3C646F74733E}{\isasymdots}}\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ C}} proceeds in two steps:
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	407	\begin{enumerate}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	408	\item
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	409	Unify \isa{A} and \isa{C}, thus instantiating the unknowns in the rule.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	410	\item
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	411	Replace the subgoal \isa{C} with \isa{n} new subgoals \isa{A\isaliteral{5C3C5E697375623E}{}\isactrlisub {\isadigit{1}}} to \isa{A\isaliteral{5C3C5E697375623E}{}\isactrlisub n}.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	412	\end{enumerate}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	413	This is the command to apply rule \isa{xyz}:
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	414	\begin{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	415	\isacom{apply}\isa{{\isaliteral{28}{\isacharparenleft}}rule\ xyz{\isaliteral{29}{\isacharparenright}}}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	416	\end{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	417	This is also called \concept{backchaining} with rule \isa{xyz}.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	418
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	419	\subsubsection{Introduction rules}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	420
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	421	Conjunction introduction (\isa{conjI}) is one example of a whole
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	422	class of rules known as \concept{introduction rules}. They explain under which
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	423	premises some logical construct can be introduced. Here are some further
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	424	useful introduction rules:
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	425	\[
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	426	\inferrule*[right=\mbox{\isa{impI}}]{\mbox{\isa{{\isaliteral{3F}{\isacharquery}}P\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ {\isaliteral{3F}{\isacharquery}}Q}}}{\mbox{\isa{{\isaliteral{3F}{\isacharquery}}P\ {\isaliteral{5C3C6C6F6E6772696768746172726F773E}{\isasymlongrightarrow}}\ {\isaliteral{3F}{\isacharquery}}Q}}}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	427	\qquad
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	428	\inferrule*[right=\mbox{\isa{allI}}]{\mbox{\isa{{\isaliteral{5C3C416E643E}{\isasymAnd}}x{\isaliteral{2E}{\isachardot}}\ {\isaliteral{3F}{\isacharquery}}P\ x}}}{\mbox{\isa{{\isaliteral{5C3C666F72616C6C3E}{\isasymforall}}x{\isaliteral{2E}{\isachardot}}\ {\isaliteral{3F}{\isacharquery}}P\ x}}}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	429	\]
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	430	\[
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	431	\inferrule*[right=\mbox{\isa{iffI}}]{\mbox{\isa{{\isaliteral{3F}{\isacharquery}}P\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ {\isaliteral{3F}{\isacharquery}}Q}} \\ \mbox{\isa{{\isaliteral{3F}{\isacharquery}}Q\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ {\isaliteral{3F}{\isacharquery}}P}}}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	432	{\mbox{\isa{{\isaliteral{3F}{\isacharquery}}P\ {\isaliteral{3D}{\isacharequal}}\ {\isaliteral{3F}{\isacharquery}}Q}}}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	433	\]
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	434	These rules are part of the logical system of \concept{natural deduction}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	435	(e.g.\ \cite{HuthRyan}). Although we intentionally de-emphasize the basic rules
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	436	of logic in favour of automatic proof methods that allow you to take bigger
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	437	steps, these rules are helpful in locating where and why automation fails.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	438	When applied backwards, these rules decompose the goal:
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	439	\begin{itemize}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	440	\item \isa{conjI} and \isa{iffI} split the goal into two subgoals,
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	441	\item \isa{impI} moves the left-hand side of a HOL implication into the list of assumptions,
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	442	\item and \isa{allI} removes a \isa{{\isaliteral{5C3C666F72616C6C3E}{\isasymforall}}} by turning the quantified variable into a fixed local variable of the subgoal.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	443	\end{itemize}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	444	Isabelle knows about these and a number of other introduction rules.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	445	The command
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	446	\begin{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	447	\isacom{apply} \isa{rule}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	448	\end{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	449	automatically selects the appropriate rule for the current subgoal.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	450
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	451	You can also turn your own theorems into introduction rules by giving them
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	452	them \isa{intro} attribute, analogous to the \isa{simp} attribute. In
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	453	that case \isa{blast}, \isa{fastforce} and (to a limited extent) \isa{auto} will automatically backchain with those theorems. The \isa{intro}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	454	attribute should be used with care because it increases the search space and
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	455	can lead to nontermination. Sometimes it is better to use it only in a
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	456	particular calls of \isa{blast} and friends. For example,
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	457	\isa{le{\isaliteral{5F}{\isacharunderscore}}trans}, transitivity of \isa{{\isaliteral{5C3C6C653E}{\isasymle}}} on type \isa{nat},
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	458	is not an introduction rule by default because of the disastrous effect
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	459	on the search space, but can be useful in specific situations:%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	460	\end{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	461	\isamarkuptrue%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	462	\isacommand{lemma}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	463	\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{5C3C6C6272616B6B3E}{\isasymlbrakk}}\ {\isaliteral{28}{\isacharparenleft}}a{\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}nat{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C6C653E}{\isasymle}}\ b{\isaliteral{3B}{\isacharsemicolon}}\ b\ {\isaliteral{5C3C6C653E}{\isasymle}}\ c{\isaliteral{3B}{\isacharsemicolon}}\ c\ {\isaliteral{5C3C6C653E}{\isasymle}}\ d{\isaliteral{3B}{\isacharsemicolon}}\ d\ {\isaliteral{5C3C6C653E}{\isasymle}}\ e\ {\isaliteral{5C3C726272616B6B3E}{\isasymrbrakk}}\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ a\ {\isaliteral{5C3C6C653E}{\isasymle}}\ e{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	464	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	465	\isadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	466	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	467	\endisadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	468	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	469	\isatagproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	470	\isacommand{by}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	471	{\isaliteral{28}{\isacharparenleft}}blast\ intro{\isaliteral{3A}{\isacharcolon}}\ le{\isaliteral{5F}{\isacharunderscore}}trans{\isaliteral{29}{\isacharparenright}}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	472	\endisatagproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	473	{\isafoldproof}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	474	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	475	\isadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	476	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	477	\endisadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	478	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	479	\begin{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	480	Of course this is just an example and could be proved by \isa{arith}, too.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	481
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	482	\subsubsection{Forward proof}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	483	\label{sec:forward-proof}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	484
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	485	Forward proof means deriving new theorems from old theorems. We have already
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	486	seen a very simple form of forward proof: the \isa{of} operator for
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	487	instantiating unknowns in a theorem. The big brother of \isa{of} is \isa{OF} for applying one theorem to others. Given a theorem \isa{A\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ B} called
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	488	\isa{r} and a theorem \isa{A{\isaliteral{27}{\isacharprime}}} called \isa{r{\isaliteral{27}{\isacharprime}}}, the theorem \isa{r{\isaliteral{5B}{\isacharbrackleft}}OF\ r{\isaliteral{27}{\isacharprime}}{\isaliteral{5D}{\isacharbrackright}}} is the result of applying \isa{r} to \isa{r{\isaliteral{27}{\isacharprime}}}, where \isa{r} should be viewed as a function taking a theorem \isa{A} and returning
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	489	\isa{B}. More precisely, \isa{A} and \isa{A{\isaliteral{27}{\isacharprime}}} are unified, thus
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	490	instantiating the unknowns in \isa{B}, and the result is the instantiated
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	491	\isa{B}. Of course, unification may also fail.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	492	\begin{warn}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	493	Application of rules to other rules operates in the forward direction: from
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	494	the premises to the conclusion of the rule; application of rules to proof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	495	states operates in the backward direction, from the conclusion to the
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	496	premises.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	497	\end{warn}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	498
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	499	In general \isa{r} can be of the form \isa{{\isaliteral{5C3C6C6272616B6B3E}{\isasymlbrakk}}\ A\isaliteral{5C3C5E697375623E}{}\isactrlisub {\isadigit{1}}{\isaliteral{3B}{\isacharsemicolon}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{3B}{\isacharsemicolon}}\ A\isaliteral{5C3C5E697375623E}{}\isactrlisub n\ {\isaliteral{5C3C726272616B6B3E}{\isasymrbrakk}}\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ A}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	500	and there can be multiple argument theorems \isa{r\isaliteral{5C3C5E697375623E}{}\isactrlisub {\isadigit{1}}} to \isa{r\isaliteral{5C3C5E697375623E}{}\isactrlisub m}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	501	(with \isa{m\ {\isaliteral{5C3C6C653E}{\isasymle}}\ n}), in which case \isa{r{\isaliteral{5B}{\isacharbrackleft}}OF\ r\isaliteral{5C3C5E697375623E}{}\isactrlisub {\isadigit{1}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}\ r\isaliteral{5C3C5E697375623E}{}\isactrlisub m{\isaliteral{5D}{\isacharbrackright}}} is obtained
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	502	by unifying and thus proving \isa{A\isaliteral{5C3C5E697375623E}{}\isactrlisub i} with \isa{r\isaliteral{5C3C5E697375623E}{}\isactrlisub i}, \isa{i\ {\isaliteral{3D}{\isacharequal}}\ {\isadigit{1}}{\isaliteral{5C3C646F74733E}{\isasymdots}}m}.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	503	Here is an example, where \isa{refl} is the theorem
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	504	\isa{{\isaliteral{3F}{\isacharquery}}t\ {\isaliteral{3D}{\isacharequal}}\ {\isaliteral{3F}{\isacharquery}}t}:%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	505	\end{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	506	\isamarkuptrue%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	507	\isacommand{thm}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	508	\ conjI{\isaliteral{5B}{\isacharbrackleft}}OF\ refl{\isaliteral{5B}{\isacharbrackleft}}of\ {\isaliteral{22}{\isachardoublequoteopen}}a{\isaliteral{22}{\isachardoublequoteclose}}{\isaliteral{5D}{\isacharbrackright}}\ refl{\isaliteral{5B}{\isacharbrackleft}}of\ {\isaliteral{22}{\isachardoublequoteopen}}b{\isaliteral{22}{\isachardoublequoteclose}}{\isaliteral{5D}{\isacharbrackright}}{\isaliteral{5D}{\isacharbrackright}}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	509	\begin{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	510	yields the theorem \isa{a\ {\isaliteral{3D}{\isacharequal}}\ a\ {\isaliteral{5C3C616E643E}{\isasymand}}\ b\ {\isaliteral{3D}{\isacharequal}}\ b}.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	511	The command \isacom{thm} merely displays the result.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	512
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	513	Forward reasoning also makes sense in connection with proof states.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	514	Therefore \isa{blast}, \isa{fastforce} and \isa{auto} support a modifier
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	515	\isa{dest} which instructs the proof method to use certain rules in a
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	516	forward fashion. If \isa{r} is of the form \mbox{\isa{A\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ B}}, the modifier
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	517	\mbox{\isa{dest{\isaliteral{3A}{\isacharcolon}}\ r}}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	518	allows proof search to reason forward with \isa{r}, i.e.\
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	519	to replace an assumption \isa{A{\isaliteral{27}{\isacharprime}}}, where \isa{A{\isaliteral{27}{\isacharprime}}} unifies with \isa{A},
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	520	with the correspondingly instantiated \isa{B}. For example, \isa{Suc{\isaliteral{5F}{\isacharunderscore}}leD} is the theorem \mbox{\isa{Suc\ m\ {\isaliteral{5C3C6C653E}{\isasymle}}\ n\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ m\ {\isaliteral{5C3C6C653E}{\isasymle}}\ n}}, which works well for forward reasoning:%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	521	\end{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	522	\isamarkuptrue%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	523	\isacommand{lemma}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	524	\ {\isaliteral{22}{\isachardoublequoteopen}}Suc{\isaliteral{28}{\isacharparenleft}}Suc{\isaliteral{28}{\isacharparenleft}}Suc\ a{\isaliteral{29}{\isacharparenright}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C6C653E}{\isasymle}}\ b\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ a\ {\isaliteral{5C3C6C653E}{\isasymle}}\ b{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	525	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	526	\isadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	527	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	528	\endisadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	529	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	530	\isatagproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	531	\isacommand{by}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	532	{\isaliteral{28}{\isacharparenleft}}blast\ dest{\isaliteral{3A}{\isacharcolon}}\ Suc{\isaliteral{5F}{\isacharunderscore}}leD{\isaliteral{29}{\isacharparenright}}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	533	\endisatagproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	534	{\isafoldproof}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	535	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	536	\isadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	537	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	538	\endisadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	539	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	540	\begin{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	541	In this particular example we could have backchained with
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	542	\isa{Suc{\isaliteral{5F}{\isacharunderscore}}leD}, too, but because the premise is more complicated than the conclusion this can easily lead to nontermination.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	543
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	544	\begin{warn}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	545	To ease readability we will drop the question marks
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	546	in front of unknowns from now on.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	547	\end{warn}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	548
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	549	\section{Inductive definitions}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	550	\label{sec:inductive-defs}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	551
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	552	Inductive definitions are the third important definition facility, after
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	553	datatypes and recursive function. In fact, they are the key construct in the
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	554	definition of operational semantics in the second part of the book.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	555
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	556	\subsection{An example: even numbers}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	557	\label{sec:Logic:even}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	558
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	559	Here is a simple example of an inductively defined predicate:
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	560	\begin{itemize}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	561	\item 0 is even
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	562	\item If $n$ is even, so is $n+2$.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	563	\end{itemize}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	564	The operative word ``inductive'' means that these are the only even numbers.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	565	In Isabelle we give the two rules the names \isa{ev{\isadigit{0}}} and \isa{evSS}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	566	and write%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	567	\end{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	568	\isamarkuptrue%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	569	\isacommand{inductive}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	570	\ ev\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequoteopen}}nat\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ bool{\isaliteral{22}{\isachardoublequoteclose}}\ \isakeyword{where}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	571	ev{\isadigit{0}}{\isaliteral{3A}{\isacharcolon}}\ \ \ \ {\isaliteral{22}{\isachardoublequoteopen}}ev\ {\isadigit{0}}{\isaliteral{22}{\isachardoublequoteclose}}\ {\isaliteral{7C}{\isacharbar}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	572	evSS{\isaliteral{3A}{\isacharcolon}}\ \ %
47306 56d72c923281 made sure that " is shown in tutorial text nipkow parents: 47269 diff changeset	573	\isa{{\isaliteral{22}{\isachardoublequote}}ev\ n\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ ev\ {\isaliteral{28}{\isacharparenleft}}n\ {\isaliteral{2B}{\isacharplus}}\ {\isadigit{2}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequote}}}
47269 29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	574	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	575	\begin{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	576	To get used to inductive definitions, we will first prove a few
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	577	properties of \isa{ev} informally before we descend to the Isabelle level.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	578
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	579	How do we prove that some number is even, e.g.\ \isa{ev\ {\isadigit{4}}}? Simply by combining the defining rules for \isa{ev}:
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	580	\begin{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	581	\isa{ev\ {\isadigit{0}}\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ ev\ {\isaliteral{28}{\isacharparenleft}}{\isadigit{0}}\ {\isaliteral{2B}{\isacharplus}}\ {\isadigit{2}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ ev{\isaliteral{28}{\isacharparenleft}}{\isaliteral{28}{\isacharparenleft}}{\isadigit{0}}\ {\isaliteral{2B}{\isacharplus}}\ {\isadigit{2}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{2B}{\isacharplus}}\ {\isadigit{2}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ ev\ {\isadigit{4}}}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	582	\end{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	583
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	584	\subsubsection{Rule induction}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	585
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	586	Showing that all even numbers have some property is more complicated. For
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	587	example, let us prove that the inductive definition of even numbers agrees
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	588	with the following recursive one:%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	589	\end{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	590	\isamarkuptrue%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	591	\isacommand{fun}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	592	\ even\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequoteopen}}nat\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ bool{\isaliteral{22}{\isachardoublequoteclose}}\ \isakeyword{where}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	593	{\isaliteral{22}{\isachardoublequoteopen}}even\ {\isadigit{0}}\ {\isaliteral{3D}{\isacharequal}}\ True{\isaliteral{22}{\isachardoublequoteclose}}\ {\isaliteral{7C}{\isacharbar}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	594	{\isaliteral{22}{\isachardoublequoteopen}}even\ {\isaliteral{28}{\isacharparenleft}}Suc\ {\isadigit{0}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ False{\isaliteral{22}{\isachardoublequoteclose}}\ {\isaliteral{7C}{\isacharbar}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	595	{\isaliteral{22}{\isachardoublequoteopen}}even\ {\isaliteral{28}{\isacharparenleft}}Suc{\isaliteral{28}{\isacharparenleft}}Suc\ n{\isaliteral{29}{\isacharparenright}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ even\ n{\isaliteral{22}{\isachardoublequoteclose}}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	596	\begin{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	597	We prove \isa{ev\ m\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ even\ m}. That is, we
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	598	assume \isa{ev\ m} and by induction on the form of its derivation
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	599	prove \isa{even\ m}. There are two cases corresponding to the two rules
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	600	for \isa{ev}:
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	601	\begin{description}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	602	\item[Case \isa{ev{\isadigit{0}}}:]
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	603	\isa{ev\ m} was derived by rule \isa{ev\ {\isadigit{0}}}: \\
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	604	\isa{{\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}} \isa{m\ {\isaliteral{3D}{\isacharequal}}\ {\isadigit{0}}} \isa{{\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}} \isa{even\ m\ {\isaliteral{3D}{\isacharequal}}\ even\ {\isadigit{0}}\ {\isaliteral{3D}{\isacharequal}}\ True}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	605	\item[Case \isa{evSS}:]
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	606	\isa{ev\ m} was derived by rule \isa{ev\ n\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ ev\ {\isaliteral{28}{\isacharparenleft}}n\ {\isaliteral{2B}{\isacharplus}}\ {\isadigit{2}}{\isaliteral{29}{\isacharparenright}}}: \\
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	607	\isa{{\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}} \isa{m\ {\isaliteral{3D}{\isacharequal}}\ n\ {\isaliteral{2B}{\isacharplus}}\ {\isadigit{2}}} and by induction hypothesis \isa{even\ n}\\
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	608	\isa{{\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}} \isa{even\ m\ {\isaliteral{3D}{\isacharequal}}\ even{\isaliteral{28}{\isacharparenleft}}n\ {\isaliteral{2B}{\isacharplus}}\ {\isadigit{2}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{3D}{\isacharequal}}\ even\ n\ {\isaliteral{3D}{\isacharequal}}\ True}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	609	\end{description}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	610
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	611	What we have just seen is a special case of \concept{rule induction}.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	612	Rule induction applies to propositions of this form
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	613	\begin{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	614	\isa{ev\ n\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ P\ n}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	615	\end{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	616	That is, we want to prove a property \isa{P\ n}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	617	for all even \isa{n}. But if we assume \isa{ev\ n}, then there must be
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	618	some derivation of this assumption using the two defining rules for
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	619	\isa{ev}. That is, we must prove
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	620	\begin{description}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	621	\item[Case \isa{ev{\isadigit{0}}}:] \isa{P\ {\isadigit{0}}}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	622	\item[Case \isa{evSS}:] \isa{{\isaliteral{5C3C6C6272616B6B3E}{\isasymlbrakk}}ev\ n{\isaliteral{3B}{\isacharsemicolon}}\ P\ n{\isaliteral{5C3C726272616B6B3E}{\isasymrbrakk}}\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ P\ {\isaliteral{28}{\isacharparenleft}}n\ {\isaliteral{2B}{\isacharplus}}\ {\isadigit{2}}{\isaliteral{29}{\isacharparenright}}}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	623	\end{description}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	624	The corresponding rule is called \isa{ev{\isaliteral{2E}{\isachardot}}induct} and looks like this:
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	625	\[
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	626	\inferrule{
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	627	\mbox{\isa{ev\ n}}\\
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	628	\mbox{\isa{P\ {\isadigit{0}}}}\\
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	629	\mbox{\isa{{\isaliteral{5C3C416E643E}{\isasymAnd}}n{\isaliteral{2E}{\isachardot}}\ {\isaliteral{5C3C6C6272616B6B3E}{\isasymlbrakk}}ev\ n{\isaliteral{3B}{\isacharsemicolon}}\ P\ n{\isaliteral{5C3C726272616B6B3E}{\isasymrbrakk}}\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ P\ {\isaliteral{28}{\isacharparenleft}}n\ {\isaliteral{2B}{\isacharplus}}\ {\isadigit{2}}{\isaliteral{29}{\isacharparenright}}}}}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	630	{\mbox{\isa{P\ n}}}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	631	\]
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	632	The first premise \isa{ev\ n} enforces that this rule can only be applied
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	633	in situations where we know that \isa{n} is even.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	634
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	635	Note that in the induction step we may not just assume \isa{P\ n} but also
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	636	\mbox{\isa{ev\ n}}, which is simply the premise of rule \isa{evSS}. Here is an example where the local assumption \isa{ev\ n} comes in
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	637	handy: we prove \isa{ev\ m\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ ev\ {\isaliteral{28}{\isacharparenleft}}m\ {\isaliteral{2D}{\isacharminus}}\ {\isadigit{2}}{\isaliteral{29}{\isacharparenright}}} by induction on \isa{ev\ m}.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	638	Case \isa{ev{\isadigit{0}}} requires us to prove \isa{ev\ {\isaliteral{28}{\isacharparenleft}}{\isadigit{0}}\ {\isaliteral{2D}{\isacharminus}}\ {\isadigit{2}}{\isaliteral{29}{\isacharparenright}}}, which follows
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	639	from \isa{ev\ {\isadigit{0}}} because \isa{{\isadigit{0}}\ {\isaliteral{2D}{\isacharminus}}\ {\isadigit{2}}\ {\isaliteral{3D}{\isacharequal}}\ {\isadigit{0}}} on type \isa{nat}. In
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	640	case \isa{evSS} we have \mbox{\isa{m\ {\isaliteral{3D}{\isacharequal}}\ n\ {\isaliteral{2B}{\isacharplus}}\ {\isadigit{2}}}} and may assume
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	641	\isa{ev\ n}, which implies \isa{ev\ {\isaliteral{28}{\isacharparenleft}}m\ {\isaliteral{2D}{\isacharminus}}\ {\isadigit{2}}{\isaliteral{29}{\isacharparenright}}} because \isa{m\ {\isaliteral{2D}{\isacharminus}}\ {\isadigit{2}}\ {\isaliteral{3D}{\isacharequal}}\ {\isaliteral{28}{\isacharparenleft}}n\ {\isaliteral{2B}{\isacharplus}}\ {\isadigit{2}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{2D}{\isacharminus}}\ {\isadigit{2}}\ {\isaliteral{3D}{\isacharequal}}\ n}. We did not need the induction hypothesis at all for this proof,
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	642	it is just a case distinction on which rule was used, but having \isa{ev\ n} at our disposal in case \isa{evSS} was essential.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	643	This case distinction over rules is also called ``rule inversion''
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	644	and is discussed in more detail in \autoref{ch:Isar}.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	645
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	646	\subsubsection{In Isabelle}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	647
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	648	Let us now recast the above informal proofs in Isabelle. For a start,
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	649	we use \isa{Suc} terms instead of numerals in rule \isa{evSS}:
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	650	\begin{isabelle}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	651	ev\ n\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ ev\ {\isaliteral{28}{\isacharparenleft}}Suc\ {\isaliteral{28}{\isacharparenleft}}Suc\ n{\isaliteral{29}{\isacharparenright}}{\isaliteral{29}{\isacharparenright}}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	652	\end{isabelle}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	653	This avoids the difficulty of unifying \isa{n{\isaliteral{2B}{\isacharplus}}{\isadigit{2}}} with some numeral,
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	654	which is not automatic.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	655
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	656	The simplest way to prove \isa{ev\ {\isaliteral{28}{\isacharparenleft}}Suc\ {\isaliteral{28}{\isacharparenleft}}Suc\ {\isaliteral{28}{\isacharparenleft}}Suc\ {\isaliteral{28}{\isacharparenleft}}Suc\ {\isadigit{0}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{29}{\isacharparenright}}} is in a forward
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	657	direction: \isa{evSS{\isaliteral{5B}{\isacharbrackleft}}OF\ evSS{\isaliteral{5B}{\isacharbrackleft}}OF\ ev{\isadigit{0}}{\isaliteral{5D}{\isacharbrackright}}{\isaliteral{5D}{\isacharbrackright}}} yields the theorem \isa{ev\ {\isaliteral{28}{\isacharparenleft}}Suc\ {\isaliteral{28}{\isacharparenleft}}Suc\ {\isaliteral{28}{\isacharparenleft}}Suc\ {\isaliteral{28}{\isacharparenleft}}Suc\ {\isadigit{0}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{29}{\isacharparenright}}}. Alternatively, you can also prove it as a lemma in backwards
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	658	fashion. Although this is more verbose, it allows us to demonstrate how each
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	659	rule application changes the proof state:%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	660	\end{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	661	\isamarkuptrue%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	662	\isacommand{lemma}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	663	\ {\isaliteral{22}{\isachardoublequoteopen}}ev{\isaliteral{28}{\isacharparenleft}}Suc{\isaliteral{28}{\isacharparenleft}}Suc{\isaliteral{28}{\isacharparenleft}}Suc{\isaliteral{28}{\isacharparenleft}}Suc\ {\isadigit{0}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{22}{\isachardoublequoteclose}}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	664	\isadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	665	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	666	\endisadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	667	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	668	\isatagproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	669	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	670	\begin{isamarkuptxt}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	671	\begin{isabelle}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	672	\ {\isadigit{1}}{\isaliteral{2E}{\isachardot}}\ ev\ {\isaliteral{28}{\isacharparenleft}}Suc\ {\isaliteral{28}{\isacharparenleft}}Suc\ {\isaliteral{28}{\isacharparenleft}}Suc\ {\isaliteral{28}{\isacharparenleft}}Suc\ {\isadigit{0}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{29}{\isacharparenright}}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	673	\end{isabelle}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	674	\end{isamarkuptxt}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	675	\isamarkuptrue%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	676	\isacommand{apply}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	677	{\isaliteral{28}{\isacharparenleft}}rule\ evSS{\isaliteral{29}{\isacharparenright}}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	678	\begin{isamarkuptxt}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	679	\begin{isabelle}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	680	\ {\isadigit{1}}{\isaliteral{2E}{\isachardot}}\ ev\ {\isaliteral{28}{\isacharparenleft}}Suc\ {\isaliteral{28}{\isacharparenleft}}Suc\ {\isadigit{0}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{29}{\isacharparenright}}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	681	\end{isabelle}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	682	\end{isamarkuptxt}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	683	\isamarkuptrue%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	684	\isacommand{apply}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	685	{\isaliteral{28}{\isacharparenleft}}rule\ evSS{\isaliteral{29}{\isacharparenright}}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	686	\begin{isamarkuptxt}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	687	\begin{isabelle}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	688	\ {\isadigit{1}}{\isaliteral{2E}{\isachardot}}\ ev\ {\isadigit{0}}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	689	\end{isabelle}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	690	\end{isamarkuptxt}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	691	\isamarkuptrue%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	692	\isacommand{apply}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	693	{\isaliteral{28}{\isacharparenleft}}rule\ ev{\isadigit{0}}{\isaliteral{29}{\isacharparenright}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	694	\isacommand{done}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	695	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	696	\endisatagproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	697	{\isafoldproof}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	698	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	699	\isadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	700	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	701	\endisadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	702	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	703	\begin{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	704	\indent
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	705	Rule induction is applied by giving the induction rule explicitly via the
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	706	\isa{rule{\isaliteral{3A}{\isacharcolon}}} modifier:%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	707	\end{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	708	\isamarkuptrue%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	709	\isacommand{lemma}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	710	\ {\isaliteral{22}{\isachardoublequoteopen}}ev\ m\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ even\ m{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	711	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	712	\isadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	713	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	714	\endisadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	715	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	716	\isatagproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	717	\isacommand{apply}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	718	{\isaliteral{28}{\isacharparenleft}}induction\ rule{\isaliteral{3A}{\isacharcolon}}\ ev{\isaliteral{2E}{\isachardot}}induct{\isaliteral{29}{\isacharparenright}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	719	\isacommand{by}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	720	{\isaliteral{28}{\isacharparenleft}}simp{\isaliteral{5F}{\isacharunderscore}}all{\isaliteral{29}{\isacharparenright}}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	721	\endisatagproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	722	{\isafoldproof}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	723	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	724	\isadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	725	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	726	\endisadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	727	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	728	\begin{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	729	Both cases are automatic. Note that if there are multiple assumptions
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	730	of the form \isa{ev\ t}, method \isa{induction} will induct on the leftmost
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	731	one.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	732
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	733	As a bonus, we also prove the remaining direction of the equivalence of
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	734	\isa{ev} and \isa{even}:%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	735	\end{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	736	\isamarkuptrue%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	737	\isacommand{lemma}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	738	\ {\isaliteral{22}{\isachardoublequoteopen}}even\ n\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ ev\ n{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	739	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	740	\isadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	741	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	742	\endisadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	743	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	744	\isatagproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	745	\isacommand{apply}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	746	{\isaliteral{28}{\isacharparenleft}}induction\ n\ rule{\isaliteral{3A}{\isacharcolon}}\ even{\isaliteral{2E}{\isachardot}}induct{\isaliteral{29}{\isacharparenright}}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	747	\begin{isamarkuptxt}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	748	This is a proof by computation induction on \isa{n} (see
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	749	\autoref{sec:recursive-funs}) that sets up three subgoals corresponding to
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	750	the three equations for \isa{even}:
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	751	\begin{isabelle}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	752	\ {\isadigit{1}}{\isaliteral{2E}{\isachardot}}\ even\ {\isadigit{0}}\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ ev\ {\isadigit{0}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	753	\ {\isadigit{2}}{\isaliteral{2E}{\isachardot}}\ even\ {\isaliteral{28}{\isacharparenleft}}Suc\ {\isadigit{0}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ ev\ {\isaliteral{28}{\isacharparenleft}}Suc\ {\isadigit{0}}{\isaliteral{29}{\isacharparenright}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	754	\ {\isadigit{3}}{\isaliteral{2E}{\isachardot}}\ {\isaliteral{5C3C416E643E}{\isasymAnd}}n{\isaliteral{2E}{\isachardot}}\ {\isaliteral{5C3C6C6272616B6B3E}{\isasymlbrakk}}even\ n\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ ev\ n{\isaliteral{3B}{\isacharsemicolon}}\ even\ {\isaliteral{28}{\isacharparenleft}}Suc\ {\isaliteral{28}{\isacharparenleft}}Suc\ n{\isaliteral{29}{\isacharparenright}}{\isaliteral{29}{\isacharparenright}}{\isaliteral{5C3C726272616B6B3E}{\isasymrbrakk}}\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ ev\ {\isaliteral{28}{\isacharparenleft}}Suc\ {\isaliteral{28}{\isacharparenleft}}Suc\ n{\isaliteral{29}{\isacharparenright}}{\isaliteral{29}{\isacharparenright}}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	755	\end{isabelle}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	756	The first and third subgoals follow with \isa{ev{\isadigit{0}}} and \isa{evSS}, and the second subgoal is trivially true because \isa{even\ {\isaliteral{28}{\isacharparenleft}}Suc\ {\isadigit{0}}{\isaliteral{29}{\isacharparenright}}} is \isa{False}:%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	757	\end{isamarkuptxt}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	758	\isamarkuptrue%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	759	\isacommand{by}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	760	\ {\isaliteral{28}{\isacharparenleft}}simp{\isaliteral{5F}{\isacharunderscore}}all\ add{\isaliteral{3A}{\isacharcolon}}\ ev{\isadigit{0}}\ evSS{\isaliteral{29}{\isacharparenright}}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	761	\endisatagproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	762	{\isafoldproof}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	763	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	764	\isadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	765	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	766	\endisadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	767	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	768	\begin{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	769	The rules for \isa{ev} make perfect simplification and introduction
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	770	rules because their premises are always smaller than the conclusion. It
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	771	makes sense to turn them into simplification and introduction rules
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	772	permanently, to enhance proof automation:%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	773	\end{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	774	\isamarkuptrue%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	775	\isacommand{declare}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	776	\ ev{\isaliteral{2E}{\isachardot}}intros{\isaliteral{5B}{\isacharbrackleft}}simp{\isaliteral{2C}{\isacharcomma}}intro{\isaliteral{5D}{\isacharbrackright}}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	777	\begin{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	778	The rules of an inductive definition are not simplification rules by
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	779	default because, in contrast to recursive functions, there is no termination
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	780	requirement for inductive definitions.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	781
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	782	\subsubsection{Inductive versus recursive}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	783
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	784	We have seen two definitions of the notion of evenness, an inductive and a
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	785	recursive one. Which one is better? Much of the time, the recursive one is
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	786	more convenient: it allows us to do rewriting in the middle of terms, and it
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	787	expresses both the positive information (which numbers are even) and the
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	788	negative information (which numbers are not even) directly. An inductive
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	789	definition only expresses the positive information directly. The negative
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	790	information, for example, that \isa{{\isadigit{1}}} is not even, has to be proved from
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	791	it (by induction or rule inversion). On the other hand, rule induction is
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	792	Taylor made for proving \mbox{\isa{ev\ n\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ P\ n}} because it only asks you
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	793	to prove the positive cases. In the proof of \isa{even\ n\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ P\ n} by
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	794	computation induction via \isa{even{\isaliteral{2E}{\isachardot}}induct}, we are also presented
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	795	with the trivial negative cases. If you want the convenience of both
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	796	rewriting and rule induction, you can make two definitions and show their
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	797	equivalence (as above) or make one definition and prove additional properties
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	798	from it, for example rule induction from computation induction.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	799
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	800	But many concepts do not admit a recursive definition at all because there is
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	801	no datatype for the recursion (for example, the transitive closure of a
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	802	relation), or the recursion would not terminate (for example, the operational
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	803	semantics in the second part of this book). Even if there is a recursive
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	804	definition, if we are only interested in the positive information, the
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	805	inductive definition may be much simpler.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	806
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	807	\subsection{The reflexive transitive closure}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	808	\label{sec:star}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	809
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	810	Evenness is really more conveniently expressed recursively than inductively.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	811	As a second and very typical example of an inductive definition we define the
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	812	reflexive transitive closure. It will also be an important building block for
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	813	some of the semantics considered in the second part of the book.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	814
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	815	The reflexive transitive closure, called \isa{star} below, is a function
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	816	that maps a binary predicate to another binary predicate: if \isa{r} is of
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	817	type \isa{{\isaliteral{5C3C7461753E}{\isasymtau}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C7461753E}{\isasymtau}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ bool} then \isa{star\ r} is again of type \isa{{\isaliteral{5C3C7461753E}{\isasymtau}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{5C3C7461753E}{\isasymtau}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ bool}, and \isa{star\ r\ x\ y} means that \isa{x} and \isa{y} are in
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	818	the relation \isa{star\ r}. Think \isa{r\isaliteral{5C3C5E7375703E}{}\isactrlsup {\isaliteral{2A}{\isacharasterisk}}} when you see \isa{star\ r}, because \isa{star\ r} is meant to be the reflexive transitive closure.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	819	That is, \isa{star\ r\ x\ y} is meant to be true if from \isa{x} we can
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	820	reach \isa{y} in finitely many \isa{r} steps. This concept is naturally
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	821	defined inductively:%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	822	\end{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	823	\isamarkuptrue%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	824	\isacommand{inductive}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	825	\ star\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{27}{\isacharprime}}a\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{27}{\isacharprime}}a\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ bool{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{27}{\isacharprime}}a\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{27}{\isacharprime}}a\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ bool{\isaliteral{22}{\isachardoublequoteclose}}\ \ \isakeyword{for}\ r\ \isakeyword{where}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	826	refl{\isaliteral{3A}{\isacharcolon}}\ \ {\isaliteral{22}{\isachardoublequoteopen}}star\ r\ x\ x{\isaliteral{22}{\isachardoublequoteclose}}\ {\isaliteral{7C}{\isacharbar}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	827	step{\isaliteral{3A}{\isacharcolon}}\ \ {\isaliteral{22}{\isachardoublequoteopen}}r\ x\ y\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ star\ r\ y\ z\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ star\ r\ x\ z{\isaliteral{22}{\isachardoublequoteclose}}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	828	\begin{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	829	The base case \isa{refl} is reflexivity: \isa{x\ {\isaliteral{3D}{\isacharequal}}\ y}. The
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	830	step case \isa{step} combines an \isa{r} step (from \isa{x} to
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	831	\isa{y}) and a \isa{star} step (from \isa{y} to \isa{z}) into a
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	832	\isa{star} step (from \isa{x} to \isa{z}).
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	833	The ``\isacom{for}~\isa{r}'' in the header is merely a hint to Isabelle
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	834	that \isa{r} is a fixed parameter of \isa{star}, in contrast to the
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	835	further parameters of \isa{star}, which change. As a result, Isabelle
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	836	generates a simpler induction rule.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	837
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	838	By definition \isa{star\ r} is reflexive. It is also transitive, but we
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	839	need rule induction to prove that:%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	840	\end{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	841	\isamarkuptrue%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	842	\isacommand{lemma}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	843	\ star{\isaliteral{5F}{\isacharunderscore}}trans{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequoteopen}}star\ r\ x\ y\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ star\ r\ y\ z\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ star\ r\ x\ z{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	844	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	845	\isadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	846	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	847	\endisadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	848	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	849	\isatagproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	850	\isacommand{apply}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	851	{\isaliteral{28}{\isacharparenleft}}induction\ rule{\isaliteral{3A}{\isacharcolon}}\ star{\isaliteral{2E}{\isachardot}}induct{\isaliteral{29}{\isacharparenright}}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	852	\begin{isamarkuptxt}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	853	The induction is over \isa{star\ r\ x\ y} and we try to prove
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	854	\mbox{\isa{star\ r\ y\ z\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ star\ r\ x\ z}},
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	855	which we abbreviate by \isa{P\ x\ y}. These are our two subgoals:
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	856	\begin{isabelle}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	857	\ {\isadigit{1}}{\isaliteral{2E}{\isachardot}}\ {\isaliteral{5C3C416E643E}{\isasymAnd}}x{\isaliteral{2E}{\isachardot}}\ star\ r\ x\ z\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ star\ r\ x\ z\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	858	\ {\isadigit{2}}{\isaliteral{2E}{\isachardot}}\ {\isaliteral{5C3C416E643E}{\isasymAnd}}u\ x\ y{\isaliteral{2E}{\isachardot}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	859	\isaindent{\ {\isadigit{2}}{\isaliteral{2E}{\isachardot}}\ \ \ \ }{\isaliteral{5C3C6C6272616B6B3E}{\isasymlbrakk}}r\ u\ x{\isaliteral{3B}{\isacharsemicolon}}\ star\ r\ x\ y{\isaliteral{3B}{\isacharsemicolon}}\ star\ r\ y\ z\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ star\ r\ x\ z{\isaliteral{3B}{\isacharsemicolon}}\ star\ r\ y\ z{\isaliteral{5C3C726272616B6B3E}{\isasymrbrakk}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	860	\isaindent{\ {\isadigit{2}}{\isaliteral{2E}{\isachardot}}\ \ \ \ }{\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ star\ r\ u\ z%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	861	\end{isabelle}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	862	The first one is \isa{P\ x\ x}, the result of case \isa{refl},
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	863	and it is trivial.%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	864	\end{isamarkuptxt}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	865	\isamarkuptrue%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	866	\isacommand{apply}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	867	{\isaliteral{28}{\isacharparenleft}}assumption{\isaliteral{29}{\isacharparenright}}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	868	\begin{isamarkuptxt}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	869	Let us examine subgoal \isa{{\isadigit{2}}}, case \isa{step}.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	870	Assumptions \isa{r\ u\ x} and \mbox{\isa{star\ r\ x\ y}}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	871	are the premises of rule \isa{step}.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	872	Assumption \isa{star\ r\ y\ z\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ star\ r\ x\ z} is \mbox{\isa{P\ x\ y}},
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	873	the IH coming from \isa{star\ r\ x\ y}. We have to prove \isa{P\ u\ y},
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	874	which we do by assuming \isa{star\ r\ y\ z} and proving \isa{star\ r\ u\ z}.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	875	The proof itself is straightforward: from \mbox{\isa{star\ r\ y\ z}} the IH
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	876	leads to \isa{star\ r\ x\ z} which, together with \isa{r\ u\ x},
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	877	leads to \mbox{\isa{star\ r\ u\ z}} via rule \isa{step}:%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	878	\end{isamarkuptxt}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	879	\isamarkuptrue%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	880	\isacommand{apply}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	881	{\isaliteral{28}{\isacharparenleft}}metis\ step{\isaliteral{29}{\isacharparenright}}\isanewline
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	882	\isacommand{done}\isamarkupfalse%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	883	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	884	\endisatagproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	885	{\isafoldproof}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	886	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	887	\isadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	888	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	889	\endisadelimproof
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	890	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	891	\begin{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	892	\subsection{The general case}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	893
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	894	Inductive definitions have approximately the following general form:
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	895	\begin{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	896	\isacom{inductive} \isa{I\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequote}}{\isaliteral{5C3C7461753E}{\isasymtau}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ bool{\isaliteral{22}{\isachardoublequote}}} \isacom{where}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	897	\end{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	898	followed by a sequence of (possibly named) rules of the form
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	899	\begin{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	900	\isa{{\isaliteral{5C3C6C6272616B6B3E}{\isasymlbrakk}}\ I\ a\isaliteral{5C3C5E697375623E}{}\isactrlisub {\isadigit{1}}{\isaliteral{3B}{\isacharsemicolon}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{3B}{\isacharsemicolon}}\ I\ a\isaliteral{5C3C5E697375623E}{}\isactrlisub n\ {\isaliteral{5C3C726272616B6B3E}{\isasymrbrakk}}\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ I\ a}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	901	\end{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	902	separated by \isa{{\isaliteral{7C}{\isacharbar}}}. As usual, \isa{n} can be 0.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	903	The corresponding rule induction principle
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	904	\isa{I{\isaliteral{2E}{\isachardot}}induct} applies to propositions of the form
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	905	\begin{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	906	\isa{I\ x\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ P\ x}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	907	\end{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	908	where \isa{P} may itself be a chain of implications.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	909	\begin{warn}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	910	Rule induction is always on the leftmost premise of the goal.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	911	Hence \isa{I\ x} must be the first premise.
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	912	\end{warn}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	913	Proving \isa{I\ x\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ P\ x} by rule induction means proving
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	914	for every rule of \isa{I} that \isa{P} is invariant:
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	915	\begin{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	916	\isa{{\isaliteral{5C3C6C6272616B6B3E}{\isasymlbrakk}}\ I\ a\isaliteral{5C3C5E697375623E}{}\isactrlisub {\isadigit{1}}{\isaliteral{3B}{\isacharsemicolon}}\ P\ a\isaliteral{5C3C5E697375623E}{}\isactrlisub {\isadigit{1}}{\isaliteral{3B}{\isacharsemicolon}}\ {\isaliteral{5C3C646F74733E}{\isasymdots}}{\isaliteral{3B}{\isacharsemicolon}}\ I\ a\isaliteral{5C3C5E697375623E}{}\isactrlisub n{\isaliteral{3B}{\isacharsemicolon}}\ P\ a\isaliteral{5C3C5E697375623E}{}\isactrlisub n\ {\isaliteral{5C3C726272616B6B3E}{\isasymrbrakk}}\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ P\ a}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	917	\end{quote}
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	918
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	919	The above format for inductive definitions is simplified in a number of
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	920	respects. \isa{I} can have any number of arguments and each rule can have
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	921	additional premises not involving \isa{I}, so-called \concept{side
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	922	conditions}. In rule inductions, these side-conditions appear as additional
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	923	assumptions. The \isacom{for} clause seen in the definition of the reflexive
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	924	transitive closure merely simplifies the form of the induction rule.%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	925	\end{isamarkuptext}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	926	\isamarkuptrue%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	927	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	928	\isadelimtheory
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	929	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	930	\endisadelimtheory
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	931	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	932	\isatagtheory
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	933	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	934	\endisatagtheory
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	935	{\isafoldtheory}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	936	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	937	\isadelimtheory
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	938	%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	939	\endisadelimtheory
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	940	\end{isabellebody}%
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	941	%%% Local Variables:
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	942	%%% mode: latex
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	943	%%% TeX-master: "root"
29aa0c071875 New manual Programming and Proving in Isabelle/HOL nipkow parents: diff changeset	944	%%% End:

author	nipkow
	Tue, 03 Apr 2012 08:55:06 +0200
changeset 47306	56d72c923281
parent 47269	29aa0c071875
child 47711	c1cca2a052e4
permissions	-rw-r--r--