|
10225
|
1 |
%
|
|
|
2 |
\begin{isabellebody}%
|
|
|
3 |
\def\isabellecontext{Star}%
|
|
17056
|
4 |
%
|
|
|
5 |
\isadelimtheory
|
|
|
6 |
%
|
|
|
7 |
\endisadelimtheory
|
|
|
8 |
%
|
|
|
9 |
\isatagtheory
|
|
|
10 |
%
|
|
|
11 |
\endisatagtheory
|
|
|
12 |
{\isafoldtheory}%
|
|
|
13 |
%
|
|
|
14 |
\isadelimtheory
|
|
|
15 |
%
|
|
|
16 |
\endisadelimtheory
|
|
10225
|
17 |
%
|
|
10878
|
18 |
\isamarkupsection{The Reflexive Transitive Closure%
|
|
10395
|
19 |
}
|
|
11866
|
20 |
\isamarkuptrue%
|
|
10225
|
21 |
%
|
|
|
22 |
\begin{isamarkuptext}%
|
|
10242
|
23 |
\label{sec:rtc}
|
|
11494
|
24 |
\index{reflexive transitive closure!defining inductively|(}%
|
|
10878
|
25 |
An inductive definition may accept parameters, so it can express
|
|
|
26 |
functions that yield sets.
|
|
|
27 |
Relations too can be defined inductively, since they are just sets of pairs.
|
|
|
28 |
A perfect example is the function that maps a relation to its
|
|
|
29 |
reflexive transitive closure. This concept was already
|
|
40406
|
30 |
introduced in \S\ref{sec:Relations}, where the operator \isa{\isaliteral{5C3C5E7375703E}{}\isactrlsup {\isaliteral{2A}{\isacharasterisk}}} was
|
|
10520
|
31 |
defined as a least fixed point because inductive definitions were not yet
|
|
|
32 |
available. But now they are:%
|
|
10225
|
33 |
\end{isamarkuptext}%
|
|
17175
|
34 |
\isamarkuptrue%
|
|
40406
|
35 |
\isacommand{inductive{\isaliteral{5F}{\isacharunderscore}}set}\isamarkupfalse%
|
|
23733
|
36 |
\isanewline
|
|
40406
|
37 |
\ \ rtc\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{27}{\isacharprime}}a\ {\isaliteral{5C3C74696D65733E}{\isasymtimes}}\ {\isaliteral{27}{\isacharprime}}a{\isaliteral{29}{\isacharparenright}}set\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{28}{\isacharparenleft}}{\isaliteral{27}{\isacharprime}}a\ {\isaliteral{5C3C74696D65733E}{\isasymtimes}}\ {\isaliteral{27}{\isacharprime}}a{\isaliteral{29}{\isacharparenright}}set{\isaliteral{22}{\isachardoublequoteclose}}\ \ \ {\isaliteral{28}{\isacharparenleft}}{\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{5F}{\isacharunderscore}}{\isaliteral{2A}{\isacharasterisk}}{\isaliteral{22}{\isachardoublequoteclose}}\ {\isaliteral{5B}{\isacharbrackleft}}{\isadigit{1}}{\isadigit{0}}{\isadigit{0}}{\isadigit{0}}{\isaliteral{5D}{\isacharbrackright}}\ {\isadigit{9}}{\isadigit{9}}{\isadigit{9}}{\isaliteral{29}{\isacharparenright}}\isanewline
|
|
|
38 |
\ \ \isakeyword{for}\ r\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{27}{\isacharprime}}a\ {\isaliteral{5C3C74696D65733E}{\isasymtimes}}\ {\isaliteral{27}{\isacharprime}}a{\isaliteral{29}{\isacharparenright}}set{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
|
|
23733
|
39 |
\isakeyword{where}\isanewline
|
|
40406
|
40 |
\ \ rtc{\isaliteral{5F}{\isacharunderscore}}refl{\isaliteral{5B}{\isacharbrackleft}}iff{\isaliteral{5D}{\isacharbrackright}}{\isaliteral{3A}{\isacharcolon}}\ \ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{28}{\isacharparenleft}}x{\isaliteral{2C}{\isacharcomma}}x{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C696E3E}{\isasymin}}\ r{\isaliteral{2A}{\isacharasterisk}}{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
|
|
|
41 |
{\isaliteral{7C}{\isacharbar}}\ rtc{\isaliteral{5F}{\isacharunderscore}}step{\isaliteral{3A}{\isacharcolon}}\ \ \ \ \ \ \ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{5C3C6C6272616B6B3E}{\isasymlbrakk}}\ {\isaliteral{28}{\isacharparenleft}}x{\isaliteral{2C}{\isacharcomma}}y{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C696E3E}{\isasymin}}\ r{\isaliteral{3B}{\isacharsemicolon}}\ {\isaliteral{28}{\isacharparenleft}}y{\isaliteral{2C}{\isacharcomma}}z{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C696E3E}{\isasymin}}\ r{\isaliteral{2A}{\isacharasterisk}}\ {\isaliteral{5C3C726272616B6B3E}{\isasymrbrakk}}\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ {\isaliteral{28}{\isacharparenleft}}x{\isaliteral{2C}{\isacharcomma}}z{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C696E3E}{\isasymin}}\ r{\isaliteral{2A}{\isacharasterisk}}{\isaliteral{22}{\isachardoublequoteclose}}%
|
|
10242
|
42 |
\begin{isamarkuptext}%
|
|
|
43 |
\noindent
|
|
|
44 |
The function \isa{rtc} is annotated with concrete syntax: instead of
|
|
40406
|
45 |
\isa{rtc\ r} we can write \isa{r{\isaliteral{2A}{\isacharasterisk}}}. The actual definition
|
|
10520
|
46 |
consists of two rules. Reflexivity is obvious and is immediately given the
|
|
|
47 |
\isa{iff} attribute to increase automation. The
|
|
40406
|
48 |
second rule, \isa{rtc{\isaliteral{5F}{\isacharunderscore}}step}, says that we can always add one more
|
|
|
49 |
\isa{r}-step to the left. Although we could make \isa{rtc{\isaliteral{5F}{\isacharunderscore}}step} an
|
|
10520
|
50 |
introduction rule, this is dangerous: the recursion in the second premise
|
|
|
51 |
slows down and may even kill the automatic tactics.
|
|
10242
|
52 |
|
|
|
53 |
The above definition of the concept of reflexive transitive closure may
|
|
|
54 |
be sufficiently intuitive but it is certainly not the only possible one:
|
|
10878
|
55 |
for a start, it does not even mention transitivity.
|
|
10242
|
56 |
The rest of this section is devoted to proving that it is equivalent to
|
|
10878
|
57 |
the standard definition. We start with a simple lemma:%
|
|
10242
|
58 |
\end{isamarkuptext}%
|
|
17175
|
59 |
\isamarkuptrue%
|
|
|
60 |
\isacommand{lemma}\isamarkupfalse%
|
|
40406
|
61 |
\ {\isaliteral{5B}{\isacharbrackleft}}intro{\isaliteral{5D}{\isacharbrackright}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{28}{\isacharparenleft}}x{\isaliteral{2C}{\isacharcomma}}y{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C696E3E}{\isasymin}}\ r\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ {\isaliteral{28}{\isacharparenleft}}x{\isaliteral{2C}{\isacharcomma}}y{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C696E3E}{\isasymin}}\ r{\isaliteral{2A}{\isacharasterisk}}{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
|
|
17056
|
62 |
%
|
|
|
63 |
\isadelimproof
|
|
|
64 |
%
|
|
|
65 |
\endisadelimproof
|
|
|
66 |
%
|
|
|
67 |
\isatagproof
|
|
17175
|
68 |
\isacommand{by}\isamarkupfalse%
|
|
40406
|
69 |
{\isaliteral{28}{\isacharparenleft}}blast\ intro{\isaliteral{3A}{\isacharcolon}}\ rtc{\isaliteral{5F}{\isacharunderscore}}step{\isaliteral{29}{\isacharparenright}}%
|
|
17056
|
70 |
\endisatagproof
|
|
|
71 |
{\isafoldproof}%
|
|
|
72 |
%
|
|
|
73 |
\isadelimproof
|
|
|
74 |
%
|
|
|
75 |
\endisadelimproof
|
|
11866
|
76 |
%
|
|
10242
|
77 |
\begin{isamarkuptext}%
|
|
|
78 |
\noindent
|
|
|
79 |
Although the lemma itself is an unremarkable consequence of the basic rules,
|
|
|
80 |
it has the advantage that it can be declared an introduction rule without the
|
|
40406
|
81 |
danger of killing the automatic tactics because \isa{r{\isaliteral{2A}{\isacharasterisk}}} occurs only in
|
|
10242
|
82 |
the conclusion and not in the premise. Thus some proofs that would otherwise
|
|
40406
|
83 |
need \isa{rtc{\isaliteral{5F}{\isacharunderscore}}step} can now be found automatically. The proof also
|
|
|
84 |
shows that \isa{blast} is able to handle \isa{rtc{\isaliteral{5F}{\isacharunderscore}}step}. But
|
|
10242
|
85 |
some of the other automatic tactics are more sensitive, and even \isa{blast} can be lead astray in the presence of large numbers of rules.
|
|
|
86 |
|
|
10520
|
87 |
To prove transitivity, we need rule induction, i.e.\ theorem
|
|
40406
|
88 |
\isa{rtc{\isaliteral{2E}{\isachardot}}induct}:
|
|
10520
|
89 |
\begin{isabelle}%
|
|
40406
|
90 |
\ \ \ \ \ {\isaliteral{5C3C6C6272616B6B3E}{\isasymlbrakk}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{3F}{\isacharquery}}x{\isadigit{1}}{\isaliteral{2E}{\isachardot}}{\isadigit{0}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{3F}{\isacharquery}}x{\isadigit{2}}{\isaliteral{2E}{\isachardot}}{\isadigit{0}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C696E3E}{\isasymin}}\ {\isaliteral{3F}{\isacharquery}}r{\isaliteral{2A}{\isacharasterisk}}{\isaliteral{3B}{\isacharsemicolon}}\ {\isaliteral{5C3C416E643E}{\isasymAnd}}x{\isaliteral{2E}{\isachardot}}\ {\isaliteral{3F}{\isacharquery}}P\ x\ x{\isaliteral{3B}{\isacharsemicolon}}\isanewline
|
|
|
91 |
\isaindent{\ \ \ \ \ \ }{\isaliteral{5C3C416E643E}{\isasymAnd}}x\ y\ z{\isaliteral{2E}{\isachardot}}\ {\isaliteral{5C3C6C6272616B6B3E}{\isasymlbrakk}}{\isaliteral{28}{\isacharparenleft}}x{\isaliteral{2C}{\isacharcomma}}\ y{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C696E3E}{\isasymin}}\ {\isaliteral{3F}{\isacharquery}}r{\isaliteral{3B}{\isacharsemicolon}}\ {\isaliteral{28}{\isacharparenleft}}y{\isaliteral{2C}{\isacharcomma}}\ z{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C696E3E}{\isasymin}}\ {\isaliteral{3F}{\isacharquery}}r{\isaliteral{2A}{\isacharasterisk}}{\isaliteral{3B}{\isacharsemicolon}}\ {\isaliteral{3F}{\isacharquery}}P\ y\ z{\isaliteral{5C3C726272616B6B3E}{\isasymrbrakk}}\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ {\isaliteral{3F}{\isacharquery}}P\ x\ z{\isaliteral{5C3C726272616B6B3E}{\isasymrbrakk}}\isanewline
|
|
|
92 |
\isaindent{\ \ \ \ \ }{\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ {\isaliteral{3F}{\isacharquery}}P\ {\isaliteral{3F}{\isacharquery}}x{\isadigit{1}}{\isaliteral{2E}{\isachardot}}{\isadigit{0}}\ {\isaliteral{3F}{\isacharquery}}x{\isadigit{2}}{\isaliteral{2E}{\isachardot}}{\isadigit{0}}%
|
|
10520
|
93 |
\end{isabelle}
|
|
40406
|
94 |
It says that \isa{{\isaliteral{3F}{\isacharquery}}P} holds for an arbitrary pair \isa{{\isaliteral{28}{\isacharparenleft}}{\isaliteral{3F}{\isacharquery}}x{\isadigit{1}}{\isaliteral{2E}{\isachardot}}{\isadigit{0}}{\isaliteral{2C}{\isacharcomma}}\ {\isaliteral{3F}{\isacharquery}}x{\isadigit{2}}{\isaliteral{2E}{\isachardot}}{\isadigit{0}}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C696E3E}{\isasymin}}\ {\isaliteral{3F}{\isacharquery}}r{\isaliteral{2A}{\isacharasterisk}}}
|
|
|
95 |
if \isa{{\isaliteral{3F}{\isacharquery}}P} is preserved by all rules of the inductive definition,
|
|
|
96 |
i.e.\ if \isa{{\isaliteral{3F}{\isacharquery}}P} holds for the conclusion provided it holds for the
|
|
10520
|
97 |
premises. In general, rule induction for an $n$-ary inductive relation $R$
|
|
|
98 |
expects a premise of the form $(x@1,\dots,x@n) \in R$.
|
|
|
99 |
|
|
|
100 |
Now we turn to the inductive proof of transitivity:%
|
|
10242
|
101 |
\end{isamarkuptext}%
|
|
17175
|
102 |
\isamarkuptrue%
|
|
|
103 |
\isacommand{lemma}\isamarkupfalse%
|
|
40406
|
104 |
\ rtc{\isaliteral{5F}{\isacharunderscore}}trans{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{5C3C6C6272616B6B3E}{\isasymlbrakk}}\ {\isaliteral{28}{\isacharparenleft}}x{\isaliteral{2C}{\isacharcomma}}y{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C696E3E}{\isasymin}}\ r{\isaliteral{2A}{\isacharasterisk}}{\isaliteral{3B}{\isacharsemicolon}}\ {\isaliteral{28}{\isacharparenleft}}y{\isaliteral{2C}{\isacharcomma}}z{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C696E3E}{\isasymin}}\ r{\isaliteral{2A}{\isacharasterisk}}\ {\isaliteral{5C3C726272616B6B3E}{\isasymrbrakk}}\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ {\isaliteral{28}{\isacharparenleft}}x{\isaliteral{2C}{\isacharcomma}}z{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C696E3E}{\isasymin}}\ r{\isaliteral{2A}{\isacharasterisk}}{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
|
|
17056
|
105 |
%
|
|
|
106 |
\isadelimproof
|
|
|
107 |
%
|
|
|
108 |
\endisadelimproof
|
|
|
109 |
%
|
|
|
110 |
\isatagproof
|
|
17175
|
111 |
\isacommand{apply}\isamarkupfalse%
|
|
40406
|
112 |
{\isaliteral{28}{\isacharparenleft}}erule\ rtc{\isaliteral{2E}{\isachardot}}induct{\isaliteral{29}{\isacharparenright}}%
|
|
16069
|
113 |
\begin{isamarkuptxt}%
|
|
|
114 |
\noindent
|
|
|
115 |
Unfortunately, even the base case is a problem:
|
|
|
116 |
\begin{isabelle}%
|
|
40406
|
117 |
\ {\isadigit{1}}{\isaliteral{2E}{\isachardot}}\ {\isaliteral{5C3C416E643E}{\isasymAnd}}x{\isaliteral{2E}{\isachardot}}\ {\isaliteral{28}{\isacharparenleft}}y{\isaliteral{2C}{\isacharcomma}}\ z{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C696E3E}{\isasymin}}\ r{\isaliteral{2A}{\isacharasterisk}}\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ {\isaliteral{28}{\isacharparenleft}}x{\isaliteral{2C}{\isacharcomma}}\ z{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C696E3E}{\isasymin}}\ r{\isaliteral{2A}{\isacharasterisk}}%
|
|
16069
|
118 |
\end{isabelle}
|
|
|
119 |
We have to abandon this proof attempt.
|
|
40406
|
120 |
To understand what is going on, let us look again at \isa{rtc{\isaliteral{2E}{\isachardot}}induct}.
|
|
16069
|
121 |
In the above application of \isa{erule}, the first premise of
|
|
40406
|
122 |
\isa{rtc{\isaliteral{2E}{\isachardot}}induct} is unified with the first suitable assumption, which
|
|
|
123 |
is \isa{{\isaliteral{28}{\isacharparenleft}}x{\isaliteral{2C}{\isacharcomma}}\ y{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C696E3E}{\isasymin}}\ r{\isaliteral{2A}{\isacharasterisk}}} rather than \isa{{\isaliteral{28}{\isacharparenleft}}y{\isaliteral{2C}{\isacharcomma}}\ z{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C696E3E}{\isasymin}}\ r{\isaliteral{2A}{\isacharasterisk}}}. Although that
|
|
16069
|
124 |
is what we want, it is merely due to the order in which the assumptions occur
|
|
|
125 |
in the subgoal, which it is not good practice to rely on. As a result,
|
|
40406
|
126 |
\isa{{\isaliteral{3F}{\isacharquery}}xb} becomes \isa{x}, \isa{{\isaliteral{3F}{\isacharquery}}xa} becomes
|
|
|
127 |
\isa{y} and \isa{{\isaliteral{3F}{\isacharquery}}P} becomes \isa{{\isaliteral{5C3C6C616D6264613E}{\isasymlambda}}u\ v{\isaliteral{2E}{\isachardot}}\ {\isaliteral{28}{\isacharparenleft}}u{\isaliteral{2C}{\isacharcomma}}\ z{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C696E3E}{\isasymin}}\ r{\isaliteral{2A}{\isacharasterisk}}}, thus
|
|
16069
|
128 |
yielding the above subgoal. So what went wrong?
|
|
|
129 |
|
|
40406
|
130 |
When looking at the instantiation of \isa{{\isaliteral{3F}{\isacharquery}}P} we see that it does not
|
|
16069
|
131 |
depend on its second parameter at all. The reason is that in our original
|
|
40406
|
132 |
goal, of the pair \isa{{\isaliteral{28}{\isacharparenleft}}x{\isaliteral{2C}{\isacharcomma}}\ y{\isaliteral{29}{\isacharparenright}}} only \isa{x} appears also in the
|
|
16069
|
133 |
conclusion, but not \isa{y}. Thus our induction statement is too
|
|
27190
|
134 |
general. Fortunately, it can easily be specialized:
|
|
40406
|
135 |
transfer the additional premise \isa{{\isaliteral{28}{\isacharparenleft}}y{\isaliteral{2C}{\isacharcomma}}\ z{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C696E3E}{\isasymin}}\ r{\isaliteral{2A}{\isacharasterisk}}} into the conclusion:%
|
|
16069
|
136 |
\end{isamarkuptxt}%
|
|
17175
|
137 |
\isamarkuptrue%
|
|
17056
|
138 |
%
|
|
|
139 |
\endisatagproof
|
|
|
140 |
{\isafoldproof}%
|
|
|
141 |
%
|
|
|
142 |
\isadelimproof
|
|
|
143 |
%
|
|
|
144 |
\endisadelimproof
|
|
17175
|
145 |
\isacommand{lemma}\isamarkupfalse%
|
|
40406
|
146 |
\ rtc{\isaliteral{5F}{\isacharunderscore}}trans{\isaliteral{5B}{\isacharbrackleft}}rule{\isaliteral{5F}{\isacharunderscore}}format{\isaliteral{5D}{\isacharbrackright}}{\isaliteral{3A}{\isacharcolon}}\isanewline
|
|
|
147 |
\ \ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{28}{\isacharparenleft}}x{\isaliteral{2C}{\isacharcomma}}y{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C696E3E}{\isasymin}}\ r{\isaliteral{2A}{\isacharasterisk}}\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ {\isaliteral{28}{\isacharparenleft}}y{\isaliteral{2C}{\isacharcomma}}z{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C696E3E}{\isasymin}}\ r{\isaliteral{2A}{\isacharasterisk}}\ {\isaliteral{5C3C6C6F6E6772696768746172726F773E}{\isasymlongrightarrow}}\ {\isaliteral{28}{\isacharparenleft}}x{\isaliteral{2C}{\isacharcomma}}z{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C696E3E}{\isasymin}}\ r{\isaliteral{2A}{\isacharasterisk}}{\isaliteral{22}{\isachardoublequoteclose}}%
|
|
17056
|
148 |
\isadelimproof
|
|
|
149 |
%
|
|
|
150 |
\endisadelimproof
|
|
|
151 |
%
|
|
|
152 |
\isatagproof
|
|
16069
|
153 |
%
|
|
|
154 |
\begin{isamarkuptxt}%
|
|
|
155 |
\noindent
|
|
|
156 |
This is not an obscure trick but a generally applicable heuristic:
|
|
|
157 |
\begin{quote}\em
|
|
|
158 |
When proving a statement by rule induction on $(x@1,\dots,x@n) \in R$,
|
|
|
159 |
pull all other premises containing any of the $x@i$ into the conclusion
|
|
|
160 |
using $\longrightarrow$.
|
|
|
161 |
\end{quote}
|
|
|
162 |
A similar heuristic for other kinds of inductions is formulated in
|
|
40406
|
163 |
\S\ref{sec:ind-var-in-prems}. The \isa{rule{\isaliteral{5F}{\isacharunderscore}}format} directive turns
|
|
|
164 |
\isa{{\isaliteral{5C3C6C6F6E6772696768746172726F773E}{\isasymlongrightarrow}}} back into \isa{{\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}}: in the end we obtain the original
|
|
16069
|
165 |
statement of our lemma.%
|
|
|
166 |
\end{isamarkuptxt}%
|
|
17175
|
167 |
\isamarkuptrue%
|
|
|
168 |
\isacommand{apply}\isamarkupfalse%
|
|
40406
|
169 |
{\isaliteral{28}{\isacharparenleft}}erule\ rtc{\isaliteral{2E}{\isachardot}}induct{\isaliteral{29}{\isacharparenright}}%
|
|
16069
|
170 |
\begin{isamarkuptxt}%
|
|
|
171 |
\noindent
|
|
|
172 |
Now induction produces two subgoals which are both proved automatically:
|
|
|
173 |
\begin{isabelle}%
|
|
40406
|
174 |
\ {\isadigit{1}}{\isaliteral{2E}{\isachardot}}\ {\isaliteral{5C3C416E643E}{\isasymAnd}}x{\isaliteral{2E}{\isachardot}}\ {\isaliteral{28}{\isacharparenleft}}x{\isaliteral{2C}{\isacharcomma}}\ z{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C696E3E}{\isasymin}}\ r{\isaliteral{2A}{\isacharasterisk}}\ {\isaliteral{5C3C6C6F6E6772696768746172726F773E}{\isasymlongrightarrow}}\ {\isaliteral{28}{\isacharparenleft}}x{\isaliteral{2C}{\isacharcomma}}\ z{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C696E3E}{\isasymin}}\ r{\isaliteral{2A}{\isacharasterisk}}\isanewline
|
|
|
175 |
\ {\isadigit{2}}{\isaliteral{2E}{\isachardot}}\ {\isaliteral{5C3C416E643E}{\isasymAnd}}x\ y\ za{\isaliteral{2E}{\isachardot}}\isanewline
|
|
|
176 |
\isaindent{\ {\isadigit{2}}{\isaliteral{2E}{\isachardot}}\ \ \ \ }{\isaliteral{5C3C6C6272616B6B3E}{\isasymlbrakk}}{\isaliteral{28}{\isacharparenleft}}x{\isaliteral{2C}{\isacharcomma}}\ y{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C696E3E}{\isasymin}}\ r{\isaliteral{3B}{\isacharsemicolon}}\ {\isaliteral{28}{\isacharparenleft}}y{\isaliteral{2C}{\isacharcomma}}\ za{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C696E3E}{\isasymin}}\ r{\isaliteral{2A}{\isacharasterisk}}{\isaliteral{3B}{\isacharsemicolon}}\ {\isaliteral{28}{\isacharparenleft}}za{\isaliteral{2C}{\isacharcomma}}\ z{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C696E3E}{\isasymin}}\ r{\isaliteral{2A}{\isacharasterisk}}\ {\isaliteral{5C3C6C6F6E6772696768746172726F773E}{\isasymlongrightarrow}}\ {\isaliteral{28}{\isacharparenleft}}y{\isaliteral{2C}{\isacharcomma}}\ z{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C696E3E}{\isasymin}}\ r{\isaliteral{2A}{\isacharasterisk}}{\isaliteral{5C3C726272616B6B3E}{\isasymrbrakk}}\isanewline
|
|
|
177 |
\isaindent{\ {\isadigit{2}}{\isaliteral{2E}{\isachardot}}\ \ \ \ }{\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ {\isaliteral{28}{\isacharparenleft}}za{\isaliteral{2C}{\isacharcomma}}\ z{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C696E3E}{\isasymin}}\ r{\isaliteral{2A}{\isacharasterisk}}\ {\isaliteral{5C3C6C6F6E6772696768746172726F773E}{\isasymlongrightarrow}}\ {\isaliteral{28}{\isacharparenleft}}x{\isaliteral{2C}{\isacharcomma}}\ z{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C696E3E}{\isasymin}}\ r{\isaliteral{2A}{\isacharasterisk}}%
|
|
16069
|
178 |
\end{isabelle}%
|
|
|
179 |
\end{isamarkuptxt}%
|
|
17175
|
180 |
\isamarkuptrue%
|
|
|
181 |
\ \isacommand{apply}\isamarkupfalse%
|
|
40406
|
182 |
{\isaliteral{28}{\isacharparenleft}}blast{\isaliteral{29}{\isacharparenright}}\isanewline
|
|
17175
|
183 |
\isacommand{apply}\isamarkupfalse%
|
|
40406
|
184 |
{\isaliteral{28}{\isacharparenleft}}blast\ intro{\isaliteral{3A}{\isacharcolon}}\ rtc{\isaliteral{5F}{\isacharunderscore}}step{\isaliteral{29}{\isacharparenright}}\isanewline
|
|
17175
|
185 |
\isacommand{done}\isamarkupfalse%
|
|
|
186 |
%
|
|
17056
|
187 |
\endisatagproof
|
|
|
188 |
{\isafoldproof}%
|
|
|
189 |
%
|
|
|
190 |
\isadelimproof
|
|
|
191 |
%
|
|
|
192 |
\endisadelimproof
|
|
11866
|
193 |
%
|
|
10242
|
194 |
\begin{isamarkuptext}%
|
|
40406
|
195 |
Let us now prove that \isa{r{\isaliteral{2A}{\isacharasterisk}}} is really the reflexive transitive closure
|
|
10242
|
196 |
of \isa{r}, i.e.\ the least reflexive and transitive
|
|
|
197 |
relation containing \isa{r}. The latter is easily formalized%
|
|
|
198 |
\end{isamarkuptext}%
|
|
17175
|
199 |
\isamarkuptrue%
|
|
40406
|
200 |
\isacommand{inductive{\isaliteral{5F}{\isacharunderscore}}set}\isamarkupfalse%
|
|
23733
|
201 |
\isanewline
|
|
40406
|
202 |
\ \ rtc{\isadigit{2}}\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{27}{\isacharprime}}a\ {\isaliteral{5C3C74696D65733E}{\isasymtimes}}\ {\isaliteral{27}{\isacharprime}}a{\isaliteral{29}{\isacharparenright}}set\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ {\isaliteral{28}{\isacharparenleft}}{\isaliteral{27}{\isacharprime}}a\ {\isaliteral{5C3C74696D65733E}{\isasymtimes}}\ {\isaliteral{27}{\isacharprime}}a{\isaliteral{29}{\isacharparenright}}set{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
|
|
|
203 |
\ \ \isakeyword{for}\ r\ {\isaliteral{3A}{\isacharcolon}}{\isaliteral{3A}{\isacharcolon}}\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{28}{\isacharparenleft}}{\isaliteral{27}{\isacharprime}}a\ {\isaliteral{5C3C74696D65733E}{\isasymtimes}}\ {\isaliteral{27}{\isacharprime}}a{\isaliteral{29}{\isacharparenright}}set{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
|
|
23733
|
204 |
\isakeyword{where}\isanewline
|
|
40406
|
205 |
\ \ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{28}{\isacharparenleft}}x{\isaliteral{2C}{\isacharcomma}}y{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C696E3E}{\isasymin}}\ r\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ {\isaliteral{28}{\isacharparenleft}}x{\isaliteral{2C}{\isacharcomma}}y{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C696E3E}{\isasymin}}\ rtc{\isadigit{2}}\ r{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
|
|
|
206 |
{\isaliteral{7C}{\isacharbar}}\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{28}{\isacharparenleft}}x{\isaliteral{2C}{\isacharcomma}}x{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C696E3E}{\isasymin}}\ rtc{\isadigit{2}}\ r{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
|
|
|
207 |
{\isaliteral{7C}{\isacharbar}}\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{5C3C6C6272616B6B3E}{\isasymlbrakk}}\ {\isaliteral{28}{\isacharparenleft}}x{\isaliteral{2C}{\isacharcomma}}y{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C696E3E}{\isasymin}}\ rtc{\isadigit{2}}\ r{\isaliteral{3B}{\isacharsemicolon}}\ {\isaliteral{28}{\isacharparenleft}}y{\isaliteral{2C}{\isacharcomma}}z{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C696E3E}{\isasymin}}\ rtc{\isadigit{2}}\ r\ {\isaliteral{5C3C726272616B6B3E}{\isasymrbrakk}}\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ {\isaliteral{28}{\isacharparenleft}}x{\isaliteral{2C}{\isacharcomma}}z{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C696E3E}{\isasymin}}\ rtc{\isadigit{2}}\ r{\isaliteral{22}{\isachardoublequoteclose}}%
|
|
10237
|
208 |
\begin{isamarkuptext}%
|
|
10242
|
209 |
\noindent
|
|
|
210 |
and the equivalence of the two definitions is easily shown by the obvious rule
|
|
10237
|
211 |
inductions:%
|
|
|
212 |
\end{isamarkuptext}%
|
|
17175
|
213 |
\isamarkuptrue%
|
|
|
214 |
\isacommand{lemma}\isamarkupfalse%
|
|
40406
|
215 |
\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{28}{\isacharparenleft}}x{\isaliteral{2C}{\isacharcomma}}y{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C696E3E}{\isasymin}}\ rtc{\isadigit{2}}\ r\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ {\isaliteral{28}{\isacharparenleft}}x{\isaliteral{2C}{\isacharcomma}}y{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C696E3E}{\isasymin}}\ r{\isaliteral{2A}{\isacharasterisk}}{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
|
|
17056
|
216 |
%
|
|
|
217 |
\isadelimproof
|
|
|
218 |
%
|
|
|
219 |
\endisadelimproof
|
|
|
220 |
%
|
|
|
221 |
\isatagproof
|
|
17175
|
222 |
\isacommand{apply}\isamarkupfalse%
|
|
40406
|
223 |
{\isaliteral{28}{\isacharparenleft}}erule\ rtc{\isadigit{2}}{\isaliteral{2E}{\isachardot}}induct{\isaliteral{29}{\isacharparenright}}\isanewline
|
|
17175
|
224 |
\ \ \isacommand{apply}\isamarkupfalse%
|
|
40406
|
225 |
{\isaliteral{28}{\isacharparenleft}}blast{\isaliteral{29}{\isacharparenright}}\isanewline
|
|
17175
|
226 |
\ \isacommand{apply}\isamarkupfalse%
|
|
40406
|
227 |
{\isaliteral{28}{\isacharparenleft}}blast{\isaliteral{29}{\isacharparenright}}\isanewline
|
|
17175
|
228 |
\isacommand{apply}\isamarkupfalse%
|
|
40406
|
229 |
{\isaliteral{28}{\isacharparenleft}}blast\ intro{\isaliteral{3A}{\isacharcolon}}\ rtc{\isaliteral{5F}{\isacharunderscore}}trans{\isaliteral{29}{\isacharparenright}}\isanewline
|
|
17175
|
230 |
\isacommand{done}\isamarkupfalse%
|
|
|
231 |
%
|
|
17056
|
232 |
\endisatagproof
|
|
|
233 |
{\isafoldproof}%
|
|
|
234 |
%
|
|
|
235 |
\isadelimproof
|
|
|
236 |
\isanewline
|
|
|
237 |
%
|
|
|
238 |
\endisadelimproof
|
|
15481
|
239 |
\isanewline
|
|
17175
|
240 |
\isacommand{lemma}\isamarkupfalse%
|
|
40406
|
241 |
\ {\isaliteral{22}{\isachardoublequoteopen}}{\isaliteral{28}{\isacharparenleft}}x{\isaliteral{2C}{\isacharcomma}}y{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C696E3E}{\isasymin}}\ r{\isaliteral{2A}{\isacharasterisk}}\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ {\isaliteral{28}{\isacharparenleft}}x{\isaliteral{2C}{\isacharcomma}}y{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C696E3E}{\isasymin}}\ rtc{\isadigit{2}}\ r{\isaliteral{22}{\isachardoublequoteclose}}\isanewline
|
|
17056
|
242 |
%
|
|
|
243 |
\isadelimproof
|
|
|
244 |
%
|
|
|
245 |
\endisadelimproof
|
|
|
246 |
%
|
|
|
247 |
\isatagproof
|
|
17175
|
248 |
\isacommand{apply}\isamarkupfalse%
|
|
40406
|
249 |
{\isaliteral{28}{\isacharparenleft}}erule\ rtc{\isaliteral{2E}{\isachardot}}induct{\isaliteral{29}{\isacharparenright}}\isanewline
|
|
17175
|
250 |
\ \isacommand{apply}\isamarkupfalse%
|
|
40406
|
251 |
{\isaliteral{28}{\isacharparenleft}}blast\ intro{\isaliteral{3A}{\isacharcolon}}\ rtc{\isadigit{2}}{\isaliteral{2E}{\isachardot}}intros{\isaliteral{29}{\isacharparenright}}\isanewline
|
|
17175
|
252 |
\isacommand{apply}\isamarkupfalse%
|
|
40406
|
253 |
{\isaliteral{28}{\isacharparenleft}}blast\ intro{\isaliteral{3A}{\isacharcolon}}\ rtc{\isadigit{2}}{\isaliteral{2E}{\isachardot}}intros{\isaliteral{29}{\isacharparenright}}\isanewline
|
|
17175
|
254 |
\isacommand{done}\isamarkupfalse%
|
|
|
255 |
%
|
|
17056
|
256 |
\endisatagproof
|
|
|
257 |
{\isafoldproof}%
|
|
|
258 |
%
|
|
|
259 |
\isadelimproof
|
|
|
260 |
%
|
|
|
261 |
\endisadelimproof
|
|
11866
|
262 |
%
|
|
10242
|
263 |
\begin{isamarkuptext}%
|
|
|
264 |
So why did we start with the first definition? Because it is simpler. It
|
|
|
265 |
contains only two rules, and the single step rule is simpler than
|
|
40406
|
266 |
transitivity. As a consequence, \isa{rtc{\isaliteral{2E}{\isachardot}}induct} is simpler than
|
|
|
267 |
\isa{rtc{\isadigit{2}}{\isaliteral{2E}{\isachardot}}induct}. Since inductive proofs are hard enough
|
|
11147
|
268 |
anyway, we should always pick the simplest induction schema available.
|
|
10242
|
269 |
Hence \isa{rtc} is the definition of choice.
|
|
11494
|
270 |
\index{reflexive transitive closure!defining inductively|)}
|
|
10242
|
271 |
|
|
10520
|
272 |
\begin{exercise}\label{ex:converse-rtc-step}
|
|
40406
|
273 |
Show that the converse of \isa{rtc{\isaliteral{5F}{\isacharunderscore}}step} also holds:
|
|
10242
|
274 |
\begin{isabelle}%
|
|
40406
|
275 |
\ \ \ \ \ {\isaliteral{5C3C6C6272616B6B3E}{\isasymlbrakk}}{\isaliteral{28}{\isacharparenleft}}x{\isaliteral{2C}{\isacharcomma}}\ y{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C696E3E}{\isasymin}}\ r{\isaliteral{2A}{\isacharasterisk}}{\isaliteral{3B}{\isacharsemicolon}}\ {\isaliteral{28}{\isacharparenleft}}y{\isaliteral{2C}{\isacharcomma}}\ z{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C696E3E}{\isasymin}}\ r{\isaliteral{5C3C726272616B6B3E}{\isasymrbrakk}}\ {\isaliteral{5C3C4C6F6E6772696768746172726F773E}{\isasymLongrightarrow}}\ {\isaliteral{28}{\isacharparenleft}}x{\isaliteral{2C}{\isacharcomma}}\ z{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C696E3E}{\isasymin}}\ r{\isaliteral{2A}{\isacharasterisk}}%
|
|
10242
|
276 |
\end{isabelle}
|
|
10520
|
277 |
\end{exercise}
|
|
|
278 |
\begin{exercise}
|
|
|
279 |
Repeat the development of this section, but starting with a definition of
|
|
40406
|
280 |
\isa{rtc} where \isa{rtc{\isaliteral{5F}{\isacharunderscore}}step} is replaced by its converse as shown
|
|
10520
|
281 |
in exercise~\ref{ex:converse-rtc-step}.
|
|
10242
|
282 |
\end{exercise}%
|
|
|
283 |
\end{isamarkuptext}%
|
|
17175
|
284 |
\isamarkuptrue%
|
|
17056
|
285 |
%
|
|
|
286 |
\isadelimproof
|
|
|
287 |
%
|
|
|
288 |
\endisadelimproof
|
|
|
289 |
%
|
|
|
290 |
\isatagproof
|
|
|
291 |
%
|
|
|
292 |
\endisatagproof
|
|
|
293 |
{\isafoldproof}%
|
|
|
294 |
%
|
|
|
295 |
\isadelimproof
|
|
|
296 |
%
|
|
|
297 |
\endisadelimproof
|
|
|
298 |
%
|
|
|
299 |
\isadelimtheory
|
|
|
300 |
%
|
|
|
301 |
\endisadelimtheory
|
|
|
302 |
%
|
|
|
303 |
\isatagtheory
|
|
|
304 |
%
|
|
|
305 |
\endisatagtheory
|
|
|
306 |
{\isafoldtheory}%
|
|
|
307 |
%
|
|
|
308 |
\isadelimtheory
|
|
|
309 |
%
|
|
|
310 |
\endisadelimtheory
|
|
10225
|
311 |
\end{isabellebody}%
|
|
|
312 |
%%% Local Variables:
|
|
|
313 |
%%% mode: latex
|
|
|
314 |
%%% TeX-master: "root"
|
|
|
315 |
%%% End:
|