isabelle: doc-src/TutorialI/Inductive/document/AB.tex@5ab08609e6c8 (annotated)

10217 e61e7e1eacaf * empty log message * nipkow parents: diff changeset	1	%
e61e7e1eacaf * empty log message * nipkow parents: diff changeset	2	\begin{isabellebody}%
e61e7e1eacaf * empty log message * nipkow parents: diff changeset	3	\def\isabellecontext{AB}%
10225 b9fd52525b69 * empty log message * nipkow parents: 10217 diff changeset	4	%
10395 7ef380745743 updated; wenzelm parents: 10299 diff changeset	5	\isamarkupsection{Case study: A context free grammar%
7ef380745743 updated; wenzelm parents: 10299 diff changeset	6	}
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	7	%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	8	\begin{isamarkuptext}%
10242 028f54cd2cc9 * empty log message * nipkow parents: 10237 diff changeset	9	\label{sec:CFG}
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	10	Grammars are nothing but shorthands for inductive definitions of nonterminals
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	11	which represent sets of strings. For example, the production
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	12	$A \to B c$ is short for
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	13	\[ w \in B \Longrightarrow wc \in A \]
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	14	This section demonstrates this idea with a standard example
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	15	\cite[p.\ 81]{HopcroftUllman}, a grammar for generating all words with an
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	16	equal number of $a$'s and $b$'s:
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	17	\begin{eqnarray}
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	18	S &\to& \epsilon \mid b A \mid a B \nonumber\\
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	19	A &\to& a S \mid b A A \nonumber\\
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	20	B &\to& b S \mid a B B \nonumber
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	21	\end{eqnarray}
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	22	At the end we say a few words about the relationship of the formalization
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	23	and the text in the book~\cite[p.\ 81]{HopcroftUllman}.
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	24
10299 8627da9246da auto gen paulson parents: 10283 diff changeset	25	We start by fixing the alphabet, which consists only of \isa{a}'s
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	26	and \isa{b}'s:%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	27	\end{isamarkuptext}%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	28	\isacommand{datatype}\ alfa\ {\isacharequal}\ a\ {\isacharbar}\ b%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	29	\begin{isamarkuptext}%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	30	\noindent
10299 8627da9246da auto gen paulson parents: 10283 diff changeset	31	For convenience we include the following easy lemmas as simplification rules:%
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	32	\end{isamarkuptext}%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	33	\isacommand{lemma}\ {\isacharbrackleft}simp{\isacharbrackright}{\isacharcolon}\ {\isachardoublequote}{\isacharparenleft}x\ {\isasymnoteq}\ a{\isacharparenright}\ {\isacharequal}\ {\isacharparenleft}x\ {\isacharequal}\ b{\isacharparenright}\ {\isasymand}\ {\isacharparenleft}x\ {\isasymnoteq}\ b{\isacharparenright}\ {\isacharequal}\ {\isacharparenleft}x\ {\isacharequal}\ a{\isacharparenright}{\isachardoublequote}\isanewline
10217 e61e7e1eacaf * empty log message * nipkow parents: diff changeset	34	\isacommand{apply}{\isacharparenleft}case{\isacharunderscore}tac\ x{\isacharparenright}\isanewline
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	35	\isacommand{by}{\isacharparenleft}auto{\isacharparenright}%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	36	\begin{isamarkuptext}%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	37	\noindent
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	38	Words over this alphabet are of type \isa{alfa\ list}, and
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	39	the three nonterminals are declare as sets of such words:%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	40	\end{isamarkuptext}%
10217 e61e7e1eacaf * empty log message * nipkow parents: diff changeset	41	\isacommand{consts}\ S\ {\isacharcolon}{\isacharcolon}\ {\isachardoublequote}alfa\ list\ set{\isachardoublequote}\isanewline
e61e7e1eacaf * empty log message * nipkow parents: diff changeset	42	\ \ \ \ \ \ \ A\ {\isacharcolon}{\isacharcolon}\ {\isachardoublequote}alfa\ list\ set{\isachardoublequote}\isanewline
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	43	\ \ \ \ \ \ \ B\ {\isacharcolon}{\isacharcolon}\ {\isachardoublequote}alfa\ list\ set{\isachardoublequote}%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	44	\begin{isamarkuptext}%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	45	\noindent
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	46	The above productions are recast as a \emph{simultaneous} inductive
10242 028f54cd2cc9 * empty log message * nipkow parents: 10237 diff changeset	47	definition\index{inductive definition!simultaneous}
028f54cd2cc9 * empty log message * nipkow parents: 10237 diff changeset	48	of \isa{S}, \isa{A} and \isa{B}:%
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	49	\end{isamarkuptext}%
10217 e61e7e1eacaf * empty log message * nipkow parents: diff changeset	50	\isacommand{inductive}\ S\ A\ B\isanewline
e61e7e1eacaf * empty log message * nipkow parents: diff changeset	51	\isakeyword{intros}\isanewline
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	52	\ \ {\isachardoublequote}{\isacharbrackleft}{\isacharbrackright}\ {\isasymin}\ S{\isachardoublequote}\isanewline
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	53	\ \ {\isachardoublequote}w\ {\isasymin}\ A\ {\isasymLongrightarrow}\ b{\isacharhash}w\ {\isasymin}\ S{\isachardoublequote}\isanewline
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	54	\ \ {\isachardoublequote}w\ {\isasymin}\ B\ {\isasymLongrightarrow}\ a{\isacharhash}w\ {\isasymin}\ S{\isachardoublequote}\isanewline
10217 e61e7e1eacaf * empty log message * nipkow parents: diff changeset	55	\isanewline
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	56	\ \ {\isachardoublequote}w\ {\isasymin}\ S\ \ \ \ \ \ \ \ {\isasymLongrightarrow}\ a{\isacharhash}w\ \ \ {\isasymin}\ A{\isachardoublequote}\isanewline
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	57	\ \ {\isachardoublequote}{\isasymlbrakk}\ v{\isasymin}A{\isacharsemicolon}\ w{\isasymin}A\ {\isasymrbrakk}\ {\isasymLongrightarrow}\ b{\isacharhash}v{\isacharat}w\ {\isasymin}\ A{\isachardoublequote}\isanewline
10217 e61e7e1eacaf * empty log message * nipkow parents: diff changeset	58	\isanewline
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	59	\ \ {\isachardoublequote}w\ {\isasymin}\ S\ \ \ \ \ \ \ \ \ \ \ \ {\isasymLongrightarrow}\ b{\isacharhash}w\ \ \ {\isasymin}\ B{\isachardoublequote}\isanewline
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	60	\ \ {\isachardoublequote}{\isasymlbrakk}\ v\ {\isasymin}\ B{\isacharsemicolon}\ w\ {\isasymin}\ B\ {\isasymrbrakk}\ {\isasymLongrightarrow}\ a{\isacharhash}v{\isacharat}w\ {\isasymin}\ B{\isachardoublequote}%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	61	\begin{isamarkuptext}%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	62	\noindent
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	63	First we show that all words in \isa{S} contain the same number of \isa{a}'s and \isa{b}'s. Since the definition of \isa{S} is by simultaneous
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	64	induction, so is this proof: we show at the same time that all words in
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	65	\isa{A} contain one more \isa{a} than \isa{b} and all words in \isa{B} contains one more \isa{b} than \isa{a}.%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	66	\end{isamarkuptext}%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	67	\isacommand{lemma}\ correctness{\isacharcolon}\isanewline
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	68	\ \ {\isachardoublequote}{\isacharparenleft}w\ {\isasymin}\ S\ {\isasymlongrightarrow}\ size{\isacharbrackleft}x{\isasymin}w{\isachardot}\ x{\isacharequal}a{\isacharbrackright}\ {\isacharequal}\ size{\isacharbrackleft}x{\isasymin}w{\isachardot}\ x{\isacharequal}b{\isacharbrackright}{\isacharparenright}\ \ \ \ \ {\isasymand}\isanewline
10237 875bf54b5d74 * empty log message * nipkow parents: 10236 diff changeset	69	\ \ \ {\isacharparenleft}w\ {\isasymin}\ A\ {\isasymlongrightarrow}\ size{\isacharbrackleft}x{\isasymin}w{\isachardot}\ x{\isacharequal}a{\isacharbrackright}\ {\isacharequal}\ size{\isacharbrackleft}x{\isasymin}w{\isachardot}\ x{\isacharequal}b{\isacharbrackright}\ {\isacharplus}\ {\isadigit{1}}{\isacharparenright}\ {\isasymand}\isanewline
875bf54b5d74 * empty log message * nipkow parents: 10236 diff changeset	70	\ \ \ {\isacharparenleft}w\ {\isasymin}\ B\ {\isasymlongrightarrow}\ size{\isacharbrackleft}x{\isasymin}w{\isachardot}\ x{\isacharequal}b{\isacharbrackright}\ {\isacharequal}\ size{\isacharbrackleft}x{\isasymin}w{\isachardot}\ x{\isacharequal}a{\isacharbrackright}\ {\isacharplus}\ {\isadigit{1}}{\isacharparenright}{\isachardoublequote}%
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	71	\begin{isamarkuptxt}%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	72	\noindent
10283 ff003e2b790c * empty log message * nipkow parents: 10242 diff changeset	73	These propositions are expressed with the help of the predefined \isa{filter} function on lists, which has the convenient syntax \isa{{\isacharbrackleft}x{\isasymin}xs{\isachardot}\ P\ x{\isacharbrackright}}, the list of all elements \isa{x} in \isa{xs} such that \isa{P\ x}
10237 875bf54b5d74 * empty log message * nipkow parents: 10236 diff changeset	74	holds. Remember that on lists \isa{size} and \isa{size} are synonymous.
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	75
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	76	The proof itself is by rule induction and afterwards automatic:%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	77	\end{isamarkuptxt}%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	78	\isacommand{apply}{\isacharparenleft}rule\ S{\isacharunderscore}A{\isacharunderscore}B{\isachardot}induct{\isacharparenright}\isanewline
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	79	\isacommand{by}{\isacharparenleft}auto{\isacharparenright}%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	80	\begin{isamarkuptext}%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	81	\noindent
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	82	This may seem surprising at first, and is indeed an indication of the power
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	83	of inductive definitions. But it is also quite straightforward. For example,
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	84	consider the production $A \to b A A$: if $v,w \in A$ and the elements of $A$
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	85	contain one more $a$ than $b$'s, then $bvw$ must again contain one more $a$
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	86	than $b$'s.
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	87
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	88	As usual, the correctness of syntactic descriptions is easy, but completeness
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	89	is hard: does \isa{S} contain \emph{all} words with an equal number of
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	90	\isa{a}'s and \isa{b}'s? It turns out that this proof requires the
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	91	following little lemma: every string with two more \isa{a}'s than \isa{b}'s can be cut somehwere such that each half has one more \isa{a} than
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	92	\isa{b}. This is best seen by imagining counting the difference between the
10283 ff003e2b790c * empty log message * nipkow parents: 10242 diff changeset	93	number of \isa{a}'s and \isa{b}'s starting at the left end of the
ff003e2b790c * empty log message * nipkow parents: 10242 diff changeset	94	word. We start with 0 and end (at the right end) with 2. Since each move to the
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	95	right increases or decreases the difference by 1, we must have passed through
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	96	1 on our way from 0 to 2. Formally, we appeal to the following discrete
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	97	intermediate value theorem \isa{nat{\isadigit{0}}{\isacharunderscore}intermed{\isacharunderscore}int{\isacharunderscore}val}
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	98	\begin{isabelle}%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	99	\ \ \ \ \ {\isasymlbrakk}{\isasymforall}i{\isachardot}\ i\ {\isacharless}\ n\ {\isasymlongrightarrow}\ abs\ {\isacharparenleft}f\ {\isacharparenleft}i\ {\isacharplus}\ {\isadigit{1}}{\isacharparenright}\ {\isacharminus}\ f\ i{\isacharparenright}\ {\isasymle}\ {\isacharhash}{\isadigit{1}}{\isacharsemicolon}\ f\ {\isadigit{0}}\ {\isasymle}\ k{\isacharsemicolon}\ k\ {\isasymle}\ f\ n{\isasymrbrakk}\isanewline
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	100	\ \ \ \ \ {\isasymLongrightarrow}\ {\isasymexists}i{\isachardot}\ i\ {\isasymle}\ n\ {\isasymand}\ f\ i\ {\isacharequal}\ k%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	101	\end{isabelle}
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	102	where \isa{f} is of type \isa{nat\ {\isasymRightarrow}\ int}, \isa{int} are the integers,
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	103	\isa{abs} is the absolute value function, and \isa{{\isacharhash}{\isadigit{1}}} is the
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	104	integer 1 (see \S\ref{sec:int}).
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	105
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	106	First we show that the our specific function, the difference between the
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	107	numbers of \isa{a}'s and \isa{b}'s, does indeed only change by 1 in every
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	108	move to the right. At this point we also start generalizing from \isa{a}'s
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	109	and \isa{b}'s to an arbitrary property \isa{P}. Otherwise we would have
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	110	to prove the desired lemma twice, once as stated above and once with the
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	111	roles of \isa{a}'s and \isa{b}'s interchanged.%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	112	\end{isamarkuptext}%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	113	\isacommand{lemma}\ step{\isadigit{1}}{\isacharcolon}\ {\isachardoublequote}{\isasymforall}i\ {\isacharless}\ size\ w{\isachardot}\isanewline
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	114	\ \ abs{\isacharparenleft}{\isacharparenleft}int{\isacharparenleft}size{\isacharbrackleft}x{\isasymin}take\ {\isacharparenleft}i{\isacharplus}{\isadigit{1}}{\isacharparenright}\ w{\isachardot}\ \ P\ x{\isacharbrackright}{\isacharparenright}\ {\isacharminus}\isanewline
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	115	\ \ \ \ \ \ \ int{\isacharparenleft}size{\isacharbrackleft}x{\isasymin}take\ {\isacharparenleft}i{\isacharplus}{\isadigit{1}}{\isacharparenright}\ w{\isachardot}\ {\isasymnot}P\ x{\isacharbrackright}{\isacharparenright}{\isacharparenright}\isanewline
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	116	\ \ \ \ \ \ {\isacharminus}\isanewline
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	117	\ \ \ \ \ \ {\isacharparenleft}int{\isacharparenleft}size{\isacharbrackleft}x{\isasymin}take\ i\ w{\isachardot}\ \ P\ x{\isacharbrackright}{\isacharparenright}\ {\isacharminus}\isanewline
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	118	\ \ \ \ \ \ \ int{\isacharparenleft}size{\isacharbrackleft}x{\isasymin}take\ i\ w{\isachardot}\ {\isasymnot}P\ x{\isacharbrackright}{\isacharparenright}{\isacharparenright}{\isacharparenright}\ {\isacharless}{\isacharequal}\ {\isacharhash}{\isadigit{1}}{\isachardoublequote}%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	119	\begin{isamarkuptxt}%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	120	\noindent
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	121	The lemma is a bit hard to read because of the coercion function
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	122	\isa{{\isachardoublequote}int{\isacharcolon}{\isacharcolon}nat\ {\isasymRightarrow}\ int{\isachardoublequote}}. It is required because \isa{size} returns
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	123	a natural number, but \isa{{\isacharminus}} on \isa{nat} will do the wrong thing.
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	124	Function \isa{take} is predefined and \isa{take\ i\ xs} is the prefix of
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	125	length \isa{i} of \isa{xs}; below we als need \isa{drop\ i\ xs}, which
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	126	is what remains after that prefix has been dropped from \isa{xs}.
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	127
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	128	The proof is by induction on \isa{w}, with a trivial base case, and a not
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	129	so trivial induction step. Since it is essentially just arithmetic, we do not
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	130	discuss it.%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	131	\end{isamarkuptxt}%
10217 e61e7e1eacaf * empty log message * nipkow parents: diff changeset	132	\isacommand{apply}{\isacharparenleft}induct\ w{\isacharparenright}\isanewline
e61e7e1eacaf * empty log message * nipkow parents: diff changeset	133	\ \isacommand{apply}{\isacharparenleft}simp{\isacharparenright}\isanewline
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	134	\isacommand{by}{\isacharparenleft}force\ simp\ add{\isacharcolon}zabs{\isacharunderscore}def\ take{\isacharunderscore}Cons\ split{\isacharcolon}nat{\isachardot}split\ if{\isacharunderscore}splits{\isacharparenright}%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	135	\begin{isamarkuptext}%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	136	Finally we come to the above mentioned lemma about cutting a word with two
10283 ff003e2b790c * empty log message * nipkow parents: 10242 diff changeset	137	more elements of one sort than of the other sort into two halves:%
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	138	\end{isamarkuptext}%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	139	\isacommand{lemma}\ part{\isadigit{1}}{\isacharcolon}\isanewline
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	140	\ {\isachardoublequote}size{\isacharbrackleft}x{\isasymin}w{\isachardot}\ P\ x{\isacharbrackright}\ {\isacharequal}\ size{\isacharbrackleft}x{\isasymin}w{\isachardot}\ {\isasymnot}P\ x{\isacharbrackright}{\isacharplus}{\isadigit{2}}\ {\isasymLongrightarrow}\isanewline
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	141	\ \ {\isasymexists}i{\isasymle}size\ w{\isachardot}\ size{\isacharbrackleft}x{\isasymin}take\ i\ w{\isachardot}\ P\ x{\isacharbrackright}\ {\isacharequal}\ size{\isacharbrackleft}x{\isasymin}take\ i\ w{\isachardot}\ {\isasymnot}P\ x{\isacharbrackright}{\isacharplus}{\isadigit{1}}{\isachardoublequote}%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	142	\begin{isamarkuptxt}%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	143	\noindent
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	144	This is proved with the help of the intermediate value theorem, instantiated
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	145	appropriately and with its first premise disposed of by lemma
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	146	\isa{step{\isadigit{1}}}.%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	147	\end{isamarkuptxt}%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	148	\isacommand{apply}{\isacharparenleft}insert\ nat{\isadigit{0}}{\isacharunderscore}intermed{\isacharunderscore}int{\isacharunderscore}val{\isacharbrackleft}OF\ step{\isadigit{1}}{\isacharcomma}\ of\ {\isachardoublequote}P{\isachardoublequote}\ {\isachardoublequote}w{\isachardoublequote}\ {\isachardoublequote}{\isacharhash}{\isadigit{1}}{\isachardoublequote}{\isacharbrackright}{\isacharparenright}\isanewline
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	149	\isacommand{apply}\ simp\isanewline
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	150	\isacommand{by}{\isacharparenleft}simp\ del{\isacharcolon}int{\isacharunderscore}Suc\ add{\isacharcolon}zdiff{\isacharunderscore}eq{\isacharunderscore}eq\ sym{\isacharbrackleft}OF\ int{\isacharunderscore}Suc{\isacharbrackright}{\isacharparenright}%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	151	\begin{isamarkuptext}%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	152	\noindent
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	153	The additional lemmas are needed to mediate between \isa{nat} and \isa{int}.
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	154
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	155	Lemma \isa{part{\isadigit{1}}} tells us only about the prefix \isa{take\ i\ w}.
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	156	The suffix \isa{drop\ i\ w} is dealt with in the following easy lemma:%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	157	\end{isamarkuptext}%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	158	\isacommand{lemma}\ part{\isadigit{2}}{\isacharcolon}\isanewline
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	159	\ \ {\isachardoublequote}{\isasymlbrakk}size{\isacharbrackleft}x{\isasymin}take\ i\ w\ {\isacharat}\ drop\ i\ w{\isachardot}\ P\ x{\isacharbrackright}\ {\isacharequal}\isanewline
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	160	\ \ \ \ size{\isacharbrackleft}x{\isasymin}take\ i\ w\ {\isacharat}\ drop\ i\ w{\isachardot}\ {\isasymnot}P\ x{\isacharbrackright}{\isacharplus}{\isadigit{2}}{\isacharsemicolon}\isanewline
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	161	\ \ \ \ size{\isacharbrackleft}x{\isasymin}take\ i\ w{\isachardot}\ P\ x{\isacharbrackright}\ {\isacharequal}\ size{\isacharbrackleft}x{\isasymin}take\ i\ w{\isachardot}\ {\isasymnot}P\ x{\isacharbrackright}{\isacharplus}{\isadigit{1}}{\isasymrbrakk}\isanewline
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	162	\ \ \ {\isasymLongrightarrow}\ size{\isacharbrackleft}x{\isasymin}drop\ i\ w{\isachardot}\ P\ x{\isacharbrackright}\ {\isacharequal}\ size{\isacharbrackleft}x{\isasymin}drop\ i\ w{\isachardot}\ {\isasymnot}P\ x{\isacharbrackright}{\isacharplus}{\isadigit{1}}{\isachardoublequote}\isanewline
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	163	\isacommand{by}{\isacharparenleft}simp\ del{\isacharcolon}append{\isacharunderscore}take{\isacharunderscore}drop{\isacharunderscore}id{\isacharparenright}%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	164	\begin{isamarkuptext}%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	165	\noindent
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	166	Lemma \isa{append{\isacharunderscore}take{\isacharunderscore}drop{\isacharunderscore}id}, \isa{take\ n\ xs\ {\isacharat}\ drop\ n\ xs\ {\isacharequal}\ xs},
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	167	which is generally useful, needs to be disabled for once.
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	168
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	169	To dispose of trivial cases automatically, the rules of the inductive
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	170	definition are declared simplification rules:%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	171	\end{isamarkuptext}%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	172	\isacommand{declare}\ S{\isacharunderscore}A{\isacharunderscore}B{\isachardot}intros{\isacharbrackleft}simp{\isacharbrackright}%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	173	\begin{isamarkuptext}%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	174	\noindent
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	175	This could have been done earlier but was not necessary so far.
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	176
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	177	The completeness theorem tells us that if a word has the same number of
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	178	\isa{a}'s and \isa{b}'s, then it is in \isa{S}, and similarly and
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	179	simultaneously for \isa{A} and \isa{B}:%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	180	\end{isamarkuptext}%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	181	\isacommand{theorem}\ completeness{\isacharcolon}\isanewline
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	182	\ \ {\isachardoublequote}{\isacharparenleft}size{\isacharbrackleft}x{\isasymin}w{\isachardot}\ x{\isacharequal}a{\isacharbrackright}\ {\isacharequal}\ size{\isacharbrackleft}x{\isasymin}w{\isachardot}\ x{\isacharequal}b{\isacharbrackright}\ \ \ \ \ {\isasymlongrightarrow}\ w\ {\isasymin}\ S{\isacharparenright}\ {\isasymand}\isanewline
10237 875bf54b5d74 * empty log message * nipkow parents: 10236 diff changeset	183	\ \ \ {\isacharparenleft}size{\isacharbrackleft}x{\isasymin}w{\isachardot}\ x{\isacharequal}a{\isacharbrackright}\ {\isacharequal}\ size{\isacharbrackleft}x{\isasymin}w{\isachardot}\ x{\isacharequal}b{\isacharbrackright}\ {\isacharplus}\ {\isadigit{1}}\ {\isasymlongrightarrow}\ w\ {\isasymin}\ A{\isacharparenright}\ {\isasymand}\isanewline
875bf54b5d74 * empty log message * nipkow parents: 10236 diff changeset	184	\ \ \ {\isacharparenleft}size{\isacharbrackleft}x{\isasymin}w{\isachardot}\ x{\isacharequal}b{\isacharbrackright}\ {\isacharequal}\ size{\isacharbrackleft}x{\isasymin}w{\isachardot}\ x{\isacharequal}a{\isacharbrackright}\ {\isacharplus}\ {\isadigit{1}}\ {\isasymlongrightarrow}\ w\ {\isasymin}\ B{\isacharparenright}{\isachardoublequote}%
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	185	\begin{isamarkuptxt}%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	186	\noindent
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	187	The proof is by induction on \isa{w}. Structural induction would fail here
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	188	because, as we can see from the grammar, we need to make bigger steps than
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	189	merely appending a single letter at the front. Hence we induct on the length
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	190	of \isa{w}, using the induction rule \isa{length{\isacharunderscore}induct}:%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	191	\end{isamarkuptxt}%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	192	\isacommand{apply}{\isacharparenleft}induct{\isacharunderscore}tac\ w\ rule{\isacharcolon}\ length{\isacharunderscore}induct{\isacharparenright}%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	193	\begin{isamarkuptxt}%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	194	\noindent
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	195	The \isa{rule} parameter tells \isa{induct{\isacharunderscore}tac} explicitly which induction
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	196	rule to use. For details see \S\ref{sec:complete-ind} below.
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	197	In this case the result is that we may assume the lemma already
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	198	holds for all words shorter than \isa{w}.
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	199
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	200	The proof continues with a case distinction on \isa{w},
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	201	i.e.\ if \isa{w} is empty or not.%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	202	\end{isamarkuptxt}%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	203	\isacommand{apply}{\isacharparenleft}case{\isacharunderscore}tac\ w{\isacharparenright}\isanewline
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	204	\ \isacommand{apply}{\isacharparenleft}simp{\isacharunderscore}all{\isacharparenright}%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	205	\begin{isamarkuptxt}%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	206	\noindent
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	207	Simplification disposes of the base case and leaves only two step
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	208	cases to be proved:
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	209	if \isa{w\ {\isacharequal}\ a\ {\isacharhash}\ v} and \isa{length\ {\isacharbrackleft}x{\isasymin}v\ {\isachardot}\ x\ {\isacharequal}\ a{\isacharbrackright}\ {\isacharequal}\ length\ {\isacharbrackleft}x{\isasymin}v\ {\isachardot}\ x\ {\isacharequal}\ b{\isacharbrackright}\ {\isacharplus}\ {\isadigit{2}}} then
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	210	\isa{b\ {\isacharhash}\ v\ {\isasymin}\ A}, and similarly for \isa{w\ {\isacharequal}\ b\ {\isacharhash}\ v}.
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	211	We only consider the first case in detail.
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	212
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	213	After breaking the conjuction up into two cases, we can apply
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	214	\isa{part{\isadigit{1}}} to the assumption that \isa{w} contains two more \isa{a}'s than \isa{b}'s.%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	215	\end{isamarkuptxt}%
10217 e61e7e1eacaf * empty log message * nipkow parents: diff changeset	216	\isacommand{apply}{\isacharparenleft}rule\ conjI{\isacharparenright}\isanewline
e61e7e1eacaf * empty log message * nipkow parents: diff changeset	217	\ \isacommand{apply}{\isacharparenleft}clarify{\isacharparenright}\isanewline
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	218	\ \isacommand{apply}{\isacharparenleft}frule\ part{\isadigit{1}}{\isacharbrackleft}of\ {\isachardoublequote}{\isasymlambda}x{\isachardot}\ x{\isacharequal}a{\isachardoublequote}{\isacharcomma}\ simplified{\isacharbrackright}{\isacharparenright}\isanewline
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	219	\ \isacommand{apply}{\isacharparenleft}erule\ exE{\isacharparenright}\isanewline
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	220	\ \isacommand{apply}{\isacharparenleft}erule\ conjE{\isacharparenright}%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	221	\begin{isamarkuptxt}%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	222	\noindent
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	223	This yields an index \isa{i\ {\isasymle}\ length\ v} such that
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	224	\isa{length\ {\isacharbrackleft}x{\isasymin}take\ i\ v\ {\isachardot}\ x\ {\isacharequal}\ a{\isacharbrackright}\ {\isacharequal}\ length\ {\isacharbrackleft}x{\isasymin}take\ i\ v\ {\isachardot}\ x\ {\isacharequal}\ b{\isacharbrackright}\ {\isacharplus}\ {\isadigit{1}}}.
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	225	With the help of \isa{part{\isadigit{1}}} it follows that
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	226	\isa{length\ {\isacharbrackleft}x{\isasymin}drop\ i\ v\ {\isachardot}\ x\ {\isacharequal}\ a{\isacharbrackright}\ {\isacharequal}\ length\ {\isacharbrackleft}x{\isasymin}drop\ i\ v\ {\isachardot}\ x\ {\isacharequal}\ b{\isacharbrackright}\ {\isacharplus}\ {\isadigit{1}}}.%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	227	\end{isamarkuptxt}%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	228	\ \isacommand{apply}{\isacharparenleft}drule\ part{\isadigit{2}}{\isacharbrackleft}of\ {\isachardoublequote}{\isasymlambda}x{\isachardot}\ x{\isacharequal}a{\isachardoublequote}{\isacharcomma}\ simplified{\isacharbrackright}{\isacharparenright}\isanewline
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	229	\ \ \isacommand{apply}{\isacharparenleft}assumption{\isacharparenright}%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	230	\begin{isamarkuptxt}%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	231	\noindent
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	232	Now it is time to decompose \isa{v} in the conclusion \isa{b\ {\isacharhash}\ v\ {\isasymin}\ A}
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	233	into \isa{take\ i\ v\ {\isacharat}\ drop\ i\ v},
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	234	after which the appropriate rule of the grammar reduces the goal
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	235	to the two subgoals \isa{take\ i\ v\ {\isasymin}\ A} and \isa{drop\ i\ v\ {\isasymin}\ A}:%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	236	\end{isamarkuptxt}%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	237	\ \isacommand{apply}{\isacharparenleft}rule{\isacharunderscore}tac\ n{\isadigit{1}}{\isacharequal}i\ \isakeyword{and}\ t{\isacharequal}v\ \isakeyword{in}\ subst{\isacharbrackleft}OF\ append{\isacharunderscore}take{\isacharunderscore}drop{\isacharunderscore}id{\isacharbrackright}{\isacharparenright}\isanewline
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	238	\ \isacommand{apply}{\isacharparenleft}rule\ S{\isacharunderscore}A{\isacharunderscore}B{\isachardot}intros{\isacharparenright}%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	239	\begin{isamarkuptxt}%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	240	\noindent
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	241	Both subgoals follow from the induction hypothesis because both \isa{take\ i\ v} and \isa{drop\ i\ v} are shorter than \isa{w}:%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	242	\end{isamarkuptxt}%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	243	\ \ \isacommand{apply}{\isacharparenleft}force\ simp\ add{\isacharcolon}\ min{\isacharunderscore}less{\isacharunderscore}iff{\isacharunderscore}disj{\isacharparenright}\isanewline
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	244	\ \isacommand{apply}{\isacharparenleft}force\ split\ add{\isacharcolon}\ nat{\isacharunderscore}diff{\isacharunderscore}split{\isacharparenright}%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	245	\begin{isamarkuptxt}%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	246	\noindent
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	247	Note that the variables \isa{n{\isadigit{1}}} and \isa{t} referred to in the
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	248	substitution step above come from the derived theorem \isa{subst{\isacharbrackleft}OF\ append{\isacharunderscore}take{\isacharunderscore}drop{\isacharunderscore}id{\isacharbrackright}}.
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	249
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	250	The case \isa{w\ {\isacharequal}\ b\ {\isacharhash}\ v} is proved completely analogously:%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	251	\end{isamarkuptxt}%
10217 e61e7e1eacaf * empty log message * nipkow parents: diff changeset	252	\isacommand{apply}{\isacharparenleft}clarify{\isacharparenright}\isanewline
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	253	\isacommand{apply}{\isacharparenleft}frule\ part{\isadigit{1}}{\isacharbrackleft}of\ {\isachardoublequote}{\isasymlambda}x{\isachardot}\ x{\isacharequal}b{\isachardoublequote}{\isacharcomma}\ simplified{\isacharbrackright}{\isacharparenright}\isanewline
10217 e61e7e1eacaf * empty log message * nipkow parents: diff changeset	254	\isacommand{apply}{\isacharparenleft}erule\ exE{\isacharparenright}\isanewline
e61e7e1eacaf * empty log message * nipkow parents: diff changeset	255	\isacommand{apply}{\isacharparenleft}erule\ conjE{\isacharparenright}\isanewline
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	256	\isacommand{apply}{\isacharparenleft}drule\ part{\isadigit{2}}{\isacharbrackleft}of\ {\isachardoublequote}{\isasymlambda}x{\isachardot}\ x{\isacharequal}b{\isachardoublequote}{\isacharcomma}\ simplified{\isacharbrackright}{\isacharparenright}\isanewline
10217 e61e7e1eacaf * empty log message * nipkow parents: diff changeset	257	\ \isacommand{apply}{\isacharparenleft}assumption{\isacharparenright}\isanewline
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	258	\isacommand{apply}{\isacharparenleft}rule{\isacharunderscore}tac\ n{\isadigit{1}}{\isacharequal}i\ \isakeyword{and}\ t{\isacharequal}v\ \isakeyword{in}\ subst{\isacharbrackleft}OF\ append{\isacharunderscore}take{\isacharunderscore}drop{\isacharunderscore}id{\isacharbrackright}{\isacharparenright}\isanewline
10217 e61e7e1eacaf * empty log message * nipkow parents: diff changeset	259	\isacommand{apply}{\isacharparenleft}rule\ S{\isacharunderscore}A{\isacharunderscore}B{\isachardot}intros{\isacharparenright}\isanewline
e61e7e1eacaf * empty log message * nipkow parents: diff changeset	260	\ \isacommand{apply}{\isacharparenleft}force\ simp\ add{\isacharcolon}min{\isacharunderscore}less{\isacharunderscore}iff{\isacharunderscore}disj{\isacharparenright}\isanewline
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	261	\isacommand{by}{\isacharparenleft}force\ simp\ add{\isacharcolon}min{\isacharunderscore}less{\isacharunderscore}iff{\isacharunderscore}disj\ split\ add{\isacharcolon}\ nat{\isacharunderscore}diff{\isacharunderscore}split{\isacharparenright}%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	262	\begin{isamarkuptext}%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	263	We conclude this section with a comparison of the above proof and the one
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	264	in the textbook \cite[p.\ 81]{HopcroftUllman}. For a start, the texbook
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	265	grammar, for no good reason, excludes the empty word, which complicates
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	266	matters just a little bit because we now have 8 instead of our 7 productions.
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	267
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	268	More importantly, the proof itself is different: rather than separating the
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	269	two directions, they perform one induction on the length of a word. This
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	270	deprives them of the beauty of rule induction and in the easy direction
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	271	(correctness) their reasoning is more detailed than our \isa{auto}. For the
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	272	hard part (completeness), they consider just one of the cases that our \isa{simp{\isacharunderscore}all} disposes of automatically. Then they conclude the proof by saying
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	273	about the remaining cases: ``We do this in a manner similar to our method of
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	274	proof for part (1); this part is left to the reader''. But this is precisely
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	275	the part that requires the intermediate value theorem and thus is not at all
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	276	similar to the other cases (which are automatic in Isabelle). We conclude
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	277	that the authors are at least cavalier about this point and may even have
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	278	overlooked the slight difficulty lurking in the omitted cases. This is not
10396 5ab08609e6c8 * empty log message * nipkow parents: 10395 diff changeset	279	atypical for pencil-and-paper proofs, once analysed in detail.%
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	280	\end{isamarkuptext}%
10217 e61e7e1eacaf * empty log message * nipkow parents: diff changeset	281	\end{isabellebody}%
e61e7e1eacaf * empty log message * nipkow parents: diff changeset	282	%%% Local Variables:
e61e7e1eacaf * empty log message * nipkow parents: diff changeset	283	%%% mode: latex
e61e7e1eacaf * empty log message * nipkow parents: diff changeset	284	%%% TeX-master: "root"
e61e7e1eacaf * empty log message * nipkow parents: diff changeset	285	%%% End:

author	nipkow
	Mon, 06 Nov 2000 11:32:23 +0100
changeset 10396	5ab08609e6c8
parent 10395	7ef380745743
child 10420	ef006735bee8
permissions	-rw-r--r--