isabelle: doc-src/TutorialI/Inductive/document/Even.tex@6ec40bc934e1 (annotated)

10365 a17cf465d29a auto generated paulson parents: diff changeset	1	%
a17cf465d29a auto generated paulson parents: diff changeset	2	\begin{isabellebody}%
a17cf465d29a auto generated paulson parents: diff changeset	3	\def\isabellecontext{Even}%
17056 05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	4	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	5	\isadelimtheory
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	6	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	7	\endisadelimtheory
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	8	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	9	\isatagtheory
23848 ca73e86c22bb updated berghofe parents: 23733 diff changeset	10	%
17056 05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	11	\endisatagtheory
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	12	{\isafoldtheory}%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	13	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	14	\isadelimtheory
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	15	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	16	\endisadelimtheory
23848 ca73e86c22bb updated berghofe parents: 23733 diff changeset	17	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	18	\isamarkupsection{The Set of Even Numbers%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	19	}
ca73e86c22bb updated berghofe parents: 23733 diff changeset	20	\isamarkuptrue%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	21	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	22	\begin{isamarkuptext}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	23	\index{even numbers!defining inductively\|(}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	24	The set of even numbers can be inductively defined as the least set
ca73e86c22bb updated berghofe parents: 23733 diff changeset	25	containing 0 and closed under the operation $+2$. Obviously,
ca73e86c22bb updated berghofe parents: 23733 diff changeset	26	\emph{even} can also be expressed using the divides relation (\isa{dvd}).
ca73e86c22bb updated berghofe parents: 23733 diff changeset	27	We shall prove below that the two formulations coincide. On the way we
ca73e86c22bb updated berghofe parents: 23733 diff changeset	28	shall examine the primary means of reasoning about inductively defined
ca73e86c22bb updated berghofe parents: 23733 diff changeset	29	sets: rule induction.%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	30	\end{isamarkuptext}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	31	\isamarkuptrue%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	32	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	33	\isamarkupsubsection{Making an Inductive Definition%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	34	}
ca73e86c22bb updated berghofe parents: 23733 diff changeset	35	\isamarkuptrue%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	36	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	37	\begin{isamarkuptext}%
23928 efee34ff4764 Protected underscore in inductive_set. berghofe parents: 23848 diff changeset	38	Using \commdx{inductive\protect\_set}, we declare the constant \isa{even} to be
23848 ca73e86c22bb updated berghofe parents: 23733 diff changeset	39	a set of natural numbers with the desired properties.%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	40	\end{isamarkuptext}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	41	\isamarkuptrue%
23733 3f8ad7418e55 Adapted to new inductive definition package. berghofe parents: 21261 diff changeset	42	\isacommand{inductive{\isacharunderscore}set}\isamarkupfalse%
25330 15bf0f47a87d added inductive nipkow parents: 23928 diff changeset	43	\ even\ {\isacharcolon}{\isacharcolon}\ {\isachardoublequoteopen}nat\ set{\isachardoublequoteclose}\ \isakeyword{where}\isanewline
15bf0f47a87d added inductive nipkow parents: 23928 diff changeset	44	zero{\isacharbrackleft}intro{\isacharbang}{\isacharbrackright}{\isacharcolon}\ {\isachardoublequoteopen}{\isadigit{0}}\ {\isasymin}\ even{\isachardoublequoteclose}\ {\isacharbar}\isanewline
15bf0f47a87d added inductive nipkow parents: 23928 diff changeset	45	step{\isacharbrackleft}intro{\isacharbang}{\isacharbrackright}{\isacharcolon}\ {\isachardoublequoteopen}n\ {\isasymin}\ even\ {\isasymLongrightarrow}\ {\isacharparenleft}Suc\ {\isacharparenleft}Suc\ n{\isacharparenright}{\isacharparenright}\ {\isasymin}\ even{\isachardoublequoteclose}%
10365 a17cf465d29a auto generated paulson parents: diff changeset	46	\begin{isamarkuptext}%
23848 ca73e86c22bb updated berghofe parents: 23733 diff changeset	47	An inductive definition consists of introduction rules. The first one
ca73e86c22bb updated berghofe parents: 23733 diff changeset	48	above states that 0 is even; the second states that if $n$ is even, then so
ca73e86c22bb updated berghofe parents: 23733 diff changeset	49	is~$n+2$. Given this declaration, Isabelle generates a fixed point
ca73e86c22bb updated berghofe parents: 23733 diff changeset	50	definition for \isa{even} and proves theorems about it,
ca73e86c22bb updated berghofe parents: 23733 diff changeset	51	thus following the definitional approach (see {\S}\ref{sec:definitional}).
ca73e86c22bb updated berghofe parents: 23733 diff changeset	52	These theorems
ca73e86c22bb updated berghofe parents: 23733 diff changeset	53	include the introduction rules specified in the declaration, an elimination
ca73e86c22bb updated berghofe parents: 23733 diff changeset	54	rule for case analysis and an induction rule. We can refer to these
ca73e86c22bb updated berghofe parents: 23733 diff changeset	55	theorems by automatically-generated names. Here are two examples:
10365 a17cf465d29a auto generated paulson parents: diff changeset	56	\begin{isabelle}%
23848 ca73e86c22bb updated berghofe parents: 23733 diff changeset	57	{\isadigit{0}}\ {\isasymin}\ even\rulename{even{\isachardot}zero}\par\smallskip%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	58	n\ {\isasymin}\ even\ {\isasymLongrightarrow}\ Suc\ {\isacharparenleft}Suc\ n{\isacharparenright}\ {\isasymin}\ even\rulename{even{\isachardot}step}%
10365 a17cf465d29a auto generated paulson parents: diff changeset	59	\end{isabelle}
a17cf465d29a auto generated paulson parents: diff changeset	60
23848 ca73e86c22bb updated berghofe parents: 23733 diff changeset	61	The introduction rules can be given attributes. Here
ca73e86c22bb updated berghofe parents: 23733 diff changeset	62	both rules are specified as \isa{intro!},%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	63	\index{intro"!@\isa {intro"!} (attribute)}
ca73e86c22bb updated berghofe parents: 23733 diff changeset	64	directing the classical reasoner to
ca73e86c22bb updated berghofe parents: 23733 diff changeset	65	apply them aggressively. Obviously, regarding 0 as even is safe. The
ca73e86c22bb updated berghofe parents: 23733 diff changeset	66	\isa{step} rule is also safe because $n+2$ is even if and only if $n$ is
ca73e86c22bb updated berghofe parents: 23733 diff changeset	67	even. We prove this equivalence later.%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	68	\end{isamarkuptext}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	69	\isamarkuptrue%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	70	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	71	\isamarkupsubsection{Using Introduction Rules%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	72	}
ca73e86c22bb updated berghofe parents: 23733 diff changeset	73	\isamarkuptrue%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	74	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	75	\begin{isamarkuptext}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	76	Our first lemma states that numbers of the form $2\times k$ are even.
ca73e86c22bb updated berghofe parents: 23733 diff changeset	77	Introduction rules are used to show that specific values belong to the
ca73e86c22bb updated berghofe parents: 23733 diff changeset	78	inductive set. Such proofs typically involve
ca73e86c22bb updated berghofe parents: 23733 diff changeset	79	induction, perhaps over some other inductive set.%
10365 a17cf465d29a auto generated paulson parents: diff changeset	80	\end{isamarkuptext}%
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	81	\isamarkuptrue%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	82	\isacommand{lemma}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	83	\ two{\isacharunderscore}times{\isacharunderscore}even{\isacharbrackleft}intro{\isacharbang}{\isacharbrackright}{\isacharcolon}\ {\isachardoublequoteopen}{\isadigit{2}}{\isacharasterisk}k\ {\isasymin}\ even{\isachardoublequoteclose}\isanewline
17056 05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	84	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	85	\isadelimproof
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	86	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	87	\endisadelimproof
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	88	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	89	\isatagproof
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	90	\isacommand{apply}\isamarkupfalse%
23848 ca73e86c22bb updated berghofe parents: 23733 diff changeset	91	\ {\isacharparenleft}induct{\isacharunderscore}tac\ k{\isacharparenright}\isanewline
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	92	\ \isacommand{apply}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	93	\ auto\isanewline
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	94	\isacommand{done}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	95	%
17056 05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	96	\endisatagproof
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	97	{\isafoldproof}%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	98	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	99	\isadelimproof
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	100	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	101	\endisadelimproof
11866 fbd097aec213 updated; wenzelm parents: 11708 diff changeset	102	%
23848 ca73e86c22bb updated berghofe parents: 23733 diff changeset	103	\isadelimproof
ca73e86c22bb updated berghofe parents: 23733 diff changeset	104	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	105	\endisadelimproof
ca73e86c22bb updated berghofe parents: 23733 diff changeset	106	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	107	\isatagproof
ca73e86c22bb updated berghofe parents: 23733 diff changeset	108	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	109	\begin{isamarkuptxt}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	110	\noindent
ca73e86c22bb updated berghofe parents: 23733 diff changeset	111	The first step is induction on the natural number \isa{k}, which leaves
ca73e86c22bb updated berghofe parents: 23733 diff changeset	112	two subgoals:
ca73e86c22bb updated berghofe parents: 23733 diff changeset	113	\begin{isabelle}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	114	\ {\isadigit{1}}{\isachardot}\ {\isadigit{2}}\ {\isacharasterisk}\ {\isadigit{0}}\ {\isasymin}\ even\isanewline
ca73e86c22bb updated berghofe parents: 23733 diff changeset	115	\ {\isadigit{2}}{\isachardot}\ {\isasymAnd}n{\isachardot}\ {\isadigit{2}}\ {\isacharasterisk}\ n\ {\isasymin}\ even\ {\isasymLongrightarrow}\ {\isadigit{2}}\ {\isacharasterisk}\ Suc\ n\ {\isasymin}\ even%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	116	\end{isabelle}
ca73e86c22bb updated berghofe parents: 23733 diff changeset	117	Here \isa{auto} simplifies both subgoals so that they match the introduction
ca73e86c22bb updated berghofe parents: 23733 diff changeset	118	rules, which are then applied automatically.
ca73e86c22bb updated berghofe parents: 23733 diff changeset	119
ca73e86c22bb updated berghofe parents: 23733 diff changeset	120	Our ultimate goal is to prove the equivalence between the traditional
ca73e86c22bb updated berghofe parents: 23733 diff changeset	121	definition of \isa{even} (using the divides relation) and our inductive
ca73e86c22bb updated berghofe parents: 23733 diff changeset	122	definition. One direction of this equivalence is immediate by the lemma
ca73e86c22bb updated berghofe parents: 23733 diff changeset	123	just proved, whose \isa{intro{\isacharbang}} attribute ensures it is applied automatically.%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	124	\end{isamarkuptxt}%
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	125	\isamarkuptrue%
23848 ca73e86c22bb updated berghofe parents: 23733 diff changeset	126	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	127	\endisatagproof
ca73e86c22bb updated berghofe parents: 23733 diff changeset	128	{\isafoldproof}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	129	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	130	\isadelimproof
ca73e86c22bb updated berghofe parents: 23733 diff changeset	131	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	132	\endisadelimproof
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	133	\isacommand{lemma}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	134	\ dvd{\isacharunderscore}imp{\isacharunderscore}even{\isacharcolon}\ {\isachardoublequoteopen}{\isadigit{2}}\ dvd\ n\ {\isasymLongrightarrow}\ n\ {\isasymin}\ even{\isachardoublequoteclose}\isanewline
17056 05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	135	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	136	\isadelimproof
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	137	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	138	\endisadelimproof
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	139	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	140	\isatagproof
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	141	\isacommand{by}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	142	\ {\isacharparenleft}auto\ simp\ add{\isacharcolon}\ dvd{\isacharunderscore}def{\isacharparenright}%
17056 05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	143	\endisatagproof
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	144	{\isafoldproof}%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	145	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	146	\isadelimproof
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	147	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	148	\endisadelimproof
11866 fbd097aec213 updated; wenzelm parents: 11708 diff changeset	149	%
23848 ca73e86c22bb updated berghofe parents: 23733 diff changeset	150	\isamarkupsubsection{Rule Induction \label{sec:rule-induction}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	151	}
ca73e86c22bb updated berghofe parents: 23733 diff changeset	152	\isamarkuptrue%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	153	%
10365 a17cf465d29a auto generated paulson parents: diff changeset	154	\begin{isamarkuptext}%
23848 ca73e86c22bb updated berghofe parents: 23733 diff changeset	155	\index{rule induction\|(}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	156	From the definition of the set
ca73e86c22bb updated berghofe parents: 23733 diff changeset	157	\isa{even}, Isabelle has
ca73e86c22bb updated berghofe parents: 23733 diff changeset	158	generated an induction rule:
ca73e86c22bb updated berghofe parents: 23733 diff changeset	159	\begin{isabelle}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	160	{\isasymlbrakk}x\ {\isasymin}\ even{\isacharsemicolon}\ P\ {\isadigit{0}}{\isacharsemicolon}\isanewline
ca73e86c22bb updated berghofe parents: 23733 diff changeset	161	\isaindent{\ }{\isasymAnd}n{\isachardot}\ {\isasymlbrakk}n\ {\isasymin}\ even{\isacharsemicolon}\ P\ n{\isasymrbrakk}\ {\isasymLongrightarrow}\ P\ {\isacharparenleft}Suc\ {\isacharparenleft}Suc\ n{\isacharparenright}{\isacharparenright}{\isasymrbrakk}\isanewline
ca73e86c22bb updated berghofe parents: 23733 diff changeset	162	{\isasymLongrightarrow}\ P\ x\rulename{even{\isachardot}induct}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	163	\end{isabelle}
ca73e86c22bb updated berghofe parents: 23733 diff changeset	164	A property \isa{P} holds for every even number provided it
ca73e86c22bb updated berghofe parents: 23733 diff changeset	165	holds for~\isa{{\isadigit{0}}} and is closed under the operation
ca73e86c22bb updated berghofe parents: 23733 diff changeset	166	\isa{Suc(Suc $\cdot$)}. Then \isa{P} is closed under the introduction
ca73e86c22bb updated berghofe parents: 23733 diff changeset	167	rules for \isa{even}, which is the least set closed under those rules.
ca73e86c22bb updated berghofe parents: 23733 diff changeset	168	This type of inductive argument is called \textbf{rule induction}.
ca73e86c22bb updated berghofe parents: 23733 diff changeset	169
ca73e86c22bb updated berghofe parents: 23733 diff changeset	170	Apart from the double application of \isa{Suc}, the induction rule above
ca73e86c22bb updated berghofe parents: 23733 diff changeset	171	resembles the familiar mathematical induction, which indeed is an instance
ca73e86c22bb updated berghofe parents: 23733 diff changeset	172	of rule induction; the natural numbers can be defined inductively to be
ca73e86c22bb updated berghofe parents: 23733 diff changeset	173	the least set containing \isa{{\isadigit{0}}} and closed under~\isa{Suc}.
ca73e86c22bb updated berghofe parents: 23733 diff changeset	174
ca73e86c22bb updated berghofe parents: 23733 diff changeset	175	Induction is the usual way of proving a property of the elements of an
ca73e86c22bb updated berghofe parents: 23733 diff changeset	176	inductively defined set. Let us prove that all members of the set
ca73e86c22bb updated berghofe parents: 23733 diff changeset	177	\isa{even} are multiples of two.%
10365 a17cf465d29a auto generated paulson parents: diff changeset	178	\end{isamarkuptext}%
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	179	\isamarkuptrue%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	180	\isacommand{lemma}\isamarkupfalse%
23848 ca73e86c22bb updated berghofe parents: 23733 diff changeset	181	\ even{\isacharunderscore}imp{\isacharunderscore}dvd{\isacharcolon}\ {\isachardoublequoteopen}n\ {\isasymin}\ even\ {\isasymLongrightarrow}\ {\isadigit{2}}\ dvd\ n{\isachardoublequoteclose}%
17056 05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	182	\isadelimproof
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	183	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	184	\endisadelimproof
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	185	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	186	\isatagproof
23848 ca73e86c22bb updated berghofe parents: 23733 diff changeset	187	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	188	\begin{isamarkuptxt}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	189	We begin by applying induction. Note that \isa{even{\isachardot}induct} has the form
ca73e86c22bb updated berghofe parents: 23733 diff changeset	190	of an elimination rule, so we use the method \isa{erule}. We get two
ca73e86c22bb updated berghofe parents: 23733 diff changeset	191	subgoals:%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	192	\end{isamarkuptxt}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	193	\isamarkuptrue%
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	194	\isacommand{apply}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	195	\ {\isacharparenleft}erule\ even{\isachardot}induct{\isacharparenright}%
16069 3f2a9f400168 * empty log message * nipkow parents: 15614 diff changeset	196	\begin{isamarkuptxt}%
3f2a9f400168 * empty log message * nipkow parents: 15614 diff changeset	197	\begin{isabelle}%
3f2a9f400168 * empty log message * nipkow parents: 15614 diff changeset	198	\ {\isadigit{1}}{\isachardot}\ {\isadigit{2}}\ dvd\ {\isadigit{0}}\isanewline
21261 58223c67fd8b updated; wenzelm parents: 17187 diff changeset	199	\ {\isadigit{2}}{\isachardot}\ {\isasymAnd}n{\isachardot}\ {\isasymlbrakk}n\ {\isasymin}\ even{\isacharsemicolon}\ {\isadigit{2}}\ dvd\ n{\isasymrbrakk}\ {\isasymLongrightarrow}\ {\isadigit{2}}\ dvd\ Suc\ {\isacharparenleft}Suc\ n{\isacharparenright}%
23848 ca73e86c22bb updated berghofe parents: 23733 diff changeset	200	\end{isabelle}
ca73e86c22bb updated berghofe parents: 23733 diff changeset	201	We unfold the definition of \isa{dvd} in both subgoals, proving the first
ca73e86c22bb updated berghofe parents: 23733 diff changeset	202	one and simplifying the second:%
16069 3f2a9f400168 * empty log message * nipkow parents: 15614 diff changeset	203	\end{isamarkuptxt}%
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	204	\isamarkuptrue%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	205	\isacommand{apply}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	206	\ {\isacharparenleft}simp{\isacharunderscore}all\ add{\isacharcolon}\ dvd{\isacharunderscore}def{\isacharparenright}%
16069 3f2a9f400168 * empty log message * nipkow parents: 15614 diff changeset	207	\begin{isamarkuptxt}%
3f2a9f400168 * empty log message * nipkow parents: 15614 diff changeset	208	\begin{isabelle}%
21261 58223c67fd8b updated; wenzelm parents: 17187 diff changeset	209	\ {\isadigit{1}}{\isachardot}\ {\isasymAnd}n{\isachardot}\ {\isasymlbrakk}n\ {\isasymin}\ even{\isacharsemicolon}\ {\isasymexists}k{\isachardot}\ n\ {\isacharequal}\ {\isadigit{2}}\ {\isacharasterisk}\ k{\isasymrbrakk}\ {\isasymLongrightarrow}\ {\isasymexists}k{\isachardot}\ Suc\ {\isacharparenleft}Suc\ n{\isacharparenright}\ {\isacharequal}\ {\isadigit{2}}\ {\isacharasterisk}\ k%
23848 ca73e86c22bb updated berghofe parents: 23733 diff changeset	210	\end{isabelle}
ca73e86c22bb updated berghofe parents: 23733 diff changeset	211	The next command eliminates the existential quantifier from the assumption
ca73e86c22bb updated berghofe parents: 23733 diff changeset	212	and replaces \isa{n} by \isa{{\isadigit{2}}\ {\isacharasterisk}\ k}.%
16069 3f2a9f400168 * empty log message * nipkow parents: 15614 diff changeset	213	\end{isamarkuptxt}%
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	214	\isamarkuptrue%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	215	\isacommand{apply}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	216	\ clarify%
16069 3f2a9f400168 * empty log message * nipkow parents: 15614 diff changeset	217	\begin{isamarkuptxt}%
3f2a9f400168 * empty log message * nipkow parents: 15614 diff changeset	218	\begin{isabelle}%
21261 58223c67fd8b updated; wenzelm parents: 17187 diff changeset	219	\ {\isadigit{1}}{\isachardot}\ {\isasymAnd}n\ k{\isachardot}\ {\isadigit{2}}\ {\isacharasterisk}\ k\ {\isasymin}\ even\ {\isasymLongrightarrow}\ {\isasymexists}ka{\isachardot}\ Suc\ {\isacharparenleft}Suc\ {\isacharparenleft}{\isadigit{2}}\ {\isacharasterisk}\ k{\isacharparenright}{\isacharparenright}\ {\isacharequal}\ {\isadigit{2}}\ {\isacharasterisk}\ ka%
23848 ca73e86c22bb updated berghofe parents: 23733 diff changeset	220	\end{isabelle}
ca73e86c22bb updated berghofe parents: 23733 diff changeset	221	To conclude, we tell Isabelle that the desired value is
ca73e86c22bb updated berghofe parents: 23733 diff changeset	222	\isa{Suc\ k}. With this hint, the subgoal falls to \isa{simp}.%
16069 3f2a9f400168 * empty log message * nipkow parents: 15614 diff changeset	223	\end{isamarkuptxt}%
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	224	\isamarkuptrue%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	225	\isacommand{apply}\isamarkupfalse%
23848 ca73e86c22bb updated berghofe parents: 23733 diff changeset	226	\ {\isacharparenleft}rule{\isacharunderscore}tac\ x\ {\isacharequal}\ {\isachardoublequoteopen}Suc\ k{\isachardoublequoteclose}\ \isakeyword{in}\ exI{\isacharcomma}\ simp{\isacharparenright}%
17056 05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	227	\endisatagproof
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	228	{\isafoldproof}%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	229	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	230	\isadelimproof
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	231	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	232	\endisadelimproof
11866 fbd097aec213 updated; wenzelm parents: 11708 diff changeset	233	%
10365 a17cf465d29a auto generated paulson parents: diff changeset	234	\begin{isamarkuptext}%
23848 ca73e86c22bb updated berghofe parents: 23733 diff changeset	235	Combining the previous two results yields our objective, the
ca73e86c22bb updated berghofe parents: 23733 diff changeset	236	equivalence relating \isa{even} and \isa{dvd}.
ca73e86c22bb updated berghofe parents: 23733 diff changeset	237	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	238	%we don't want [iff]: discuss?%
10365 a17cf465d29a auto generated paulson parents: diff changeset	239	\end{isamarkuptext}%
17056 05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	240	\isamarkuptrue%
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	241	\isacommand{theorem}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	242	\ even{\isacharunderscore}iff{\isacharunderscore}dvd{\isacharcolon}\ {\isachardoublequoteopen}{\isacharparenleft}n\ {\isasymin}\ even{\isacharparenright}\ {\isacharequal}\ {\isacharparenleft}{\isadigit{2}}\ dvd\ n{\isacharparenright}{\isachardoublequoteclose}\isanewline
17056 05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	243	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	244	\isadelimproof
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	245	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	246	\endisadelimproof
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	247	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	248	\isatagproof
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	249	\isacommand{by}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	250	\ {\isacharparenleft}blast\ intro{\isacharcolon}\ dvd{\isacharunderscore}imp{\isacharunderscore}even\ even{\isacharunderscore}imp{\isacharunderscore}dvd{\isacharparenright}%
17056 05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	251	\endisatagproof
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	252	{\isafoldproof}%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	253	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	254	\isadelimproof
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	255	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	256	\endisadelimproof
11866 fbd097aec213 updated; wenzelm parents: 11708 diff changeset	257	%
23848 ca73e86c22bb updated berghofe parents: 23733 diff changeset	258	\isamarkupsubsection{Generalization and Rule Induction \label{sec:gen-rule-induction}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	259	}
ca73e86c22bb updated berghofe parents: 23733 diff changeset	260	\isamarkuptrue%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	261	%
10365 a17cf465d29a auto generated paulson parents: diff changeset	262	\begin{isamarkuptext}%
23848 ca73e86c22bb updated berghofe parents: 23733 diff changeset	263	\index{generalizing for induction}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	264	Before applying induction, we typically must generalize
ca73e86c22bb updated berghofe parents: 23733 diff changeset	265	the induction formula. With rule induction, the required generalization
ca73e86c22bb updated berghofe parents: 23733 diff changeset	266	can be hard to find and sometimes requires a complete reformulation of the
ca73e86c22bb updated berghofe parents: 23733 diff changeset	267	problem. In this example, our first attempt uses the obvious statement of
ca73e86c22bb updated berghofe parents: 23733 diff changeset	268	the result. It fails:%
10365 a17cf465d29a auto generated paulson parents: diff changeset	269	\end{isamarkuptext}%
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	270	\isamarkuptrue%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	271	\isacommand{lemma}\isamarkupfalse%
23848 ca73e86c22bb updated berghofe parents: 23733 diff changeset	272	\ {\isachardoublequoteopen}Suc\ {\isacharparenleft}Suc\ n{\isacharparenright}\ {\isasymin}\ even\ {\isasymLongrightarrow}\ n\ {\isasymin}\ even{\isachardoublequoteclose}\isanewline
17056 05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	273	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	274	\isadelimproof
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	275	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	276	\endisadelimproof
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	277	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	278	\isatagproof
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	279	\isacommand{apply}\isamarkupfalse%
23848 ca73e86c22bb updated berghofe parents: 23733 diff changeset	280	\ {\isacharparenleft}erule\ even{\isachardot}induct{\isacharparenright}\isanewline
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	281	\isacommand{oops}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	282	%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	283	\endisatagproof
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	284	{\isafoldproof}%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	285	%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	286	\isadelimproof
16069 3f2a9f400168 * empty log message * nipkow parents: 15614 diff changeset	287	%
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	288	\endisadelimproof
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	289	%
23848 ca73e86c22bb updated berghofe parents: 23733 diff changeset	290	\isadelimproof
ca73e86c22bb updated berghofe parents: 23733 diff changeset	291	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	292	\endisadelimproof
ca73e86c22bb updated berghofe parents: 23733 diff changeset	293	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	294	\isatagproof
ca73e86c22bb updated berghofe parents: 23733 diff changeset	295	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	296	\begin{isamarkuptxt}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	297	Rule induction finds no occurrences of \isa{Suc\ {\isacharparenleft}Suc\ n{\isacharparenright}} in the
ca73e86c22bb updated berghofe parents: 23733 diff changeset	298	conclusion, which it therefore leaves unchanged. (Look at
ca73e86c22bb updated berghofe parents: 23733 diff changeset	299	\isa{even{\isachardot}induct} to see why this happens.) We have these subgoals:
ca73e86c22bb updated berghofe parents: 23733 diff changeset	300	\begin{isabelle}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	301	\ {\isadigit{1}}{\isachardot}\ n\ {\isasymin}\ even\isanewline
ca73e86c22bb updated berghofe parents: 23733 diff changeset	302	\ {\isadigit{2}}{\isachardot}\ {\isasymAnd}na{\isachardot}\ {\isasymlbrakk}na\ {\isasymin}\ even{\isacharsemicolon}\ n\ {\isasymin}\ even{\isasymrbrakk}\ {\isasymLongrightarrow}\ n\ {\isasymin}\ even%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	303	\end{isabelle}
ca73e86c22bb updated berghofe parents: 23733 diff changeset	304	The first one is hopeless. Rule induction on
ca73e86c22bb updated berghofe parents: 23733 diff changeset	305	a non-variable term discards information, and usually fails.
ca73e86c22bb updated berghofe parents: 23733 diff changeset	306	How to deal with such situations
ca73e86c22bb updated berghofe parents: 23733 diff changeset	307	in general is described in {\S}\ref{sec:ind-var-in-prems} below.
ca73e86c22bb updated berghofe parents: 23733 diff changeset	308	In the current case the solution is easy because
ca73e86c22bb updated berghofe parents: 23733 diff changeset	309	we have the necessary inverse, subtraction:%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	310	\end{isamarkuptxt}%
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	311	\isamarkuptrue%
23848 ca73e86c22bb updated berghofe parents: 23733 diff changeset	312	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	313	\endisatagproof
ca73e86c22bb updated berghofe parents: 23733 diff changeset	314	{\isafoldproof}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	315	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	316	\isadelimproof
ca73e86c22bb updated berghofe parents: 23733 diff changeset	317	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	318	\endisadelimproof
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	319	\isacommand{lemma}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	320	\ even{\isacharunderscore}imp{\isacharunderscore}even{\isacharunderscore}minus{\isacharunderscore}{\isadigit{2}}{\isacharcolon}\ {\isachardoublequoteopen}n\ {\isasymin}\ even\ {\isasymLongrightarrow}\ n\ {\isacharminus}\ {\isadigit{2}}\ {\isasymin}\ even{\isachardoublequoteclose}\isanewline
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	321	%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	322	\isadelimproof
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	323	%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	324	\endisadelimproof
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	325	%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	326	\isatagproof
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	327	\isacommand{apply}\isamarkupfalse%
23848 ca73e86c22bb updated berghofe parents: 23733 diff changeset	328	\ {\isacharparenleft}erule\ even{\isachardot}induct{\isacharparenright}\isanewline
ca73e86c22bb updated berghofe parents: 23733 diff changeset	329	\ \isacommand{apply}\isamarkupfalse%
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	330	\ auto\isanewline
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	331	\isacommand{done}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	332	%
17056 05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	333	\endisatagproof
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	334	{\isafoldproof}%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	335	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	336	\isadelimproof
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	337	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	338	\endisadelimproof
11866 fbd097aec213 updated; wenzelm parents: 11708 diff changeset	339	%
23848 ca73e86c22bb updated berghofe parents: 23733 diff changeset	340	\isadelimproof
ca73e86c22bb updated berghofe parents: 23733 diff changeset	341	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	342	\endisadelimproof
ca73e86c22bb updated berghofe parents: 23733 diff changeset	343	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	344	\isatagproof
ca73e86c22bb updated berghofe parents: 23733 diff changeset	345	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	346	\begin{isamarkuptxt}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	347	This lemma is trivially inductive. Here are the subgoals:
ca73e86c22bb updated berghofe parents: 23733 diff changeset	348	\begin{isabelle}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	349	\ {\isadigit{1}}{\isachardot}\ {\isadigit{0}}\ {\isacharminus}\ {\isadigit{2}}\ {\isasymin}\ even\isanewline
ca73e86c22bb updated berghofe parents: 23733 diff changeset	350	\ {\isadigit{2}}{\isachardot}\ {\isasymAnd}n{\isachardot}\ {\isasymlbrakk}n\ {\isasymin}\ even{\isacharsemicolon}\ n\ {\isacharminus}\ {\isadigit{2}}\ {\isasymin}\ even{\isasymrbrakk}\ {\isasymLongrightarrow}\ Suc\ {\isacharparenleft}Suc\ n{\isacharparenright}\ {\isacharminus}\ {\isadigit{2}}\ {\isasymin}\ even%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	351	\end{isabelle}
ca73e86c22bb updated berghofe parents: 23733 diff changeset	352	The first is trivial because \isa{{\isadigit{0}}\ {\isacharminus}\ {\isadigit{2}}} simplifies to \isa{{\isadigit{0}}}, which is
ca73e86c22bb updated berghofe parents: 23733 diff changeset	353	even. The second is trivial too: \isa{Suc\ {\isacharparenleft}Suc\ n{\isacharparenright}\ {\isacharminus}\ {\isadigit{2}}} simplifies to
ca73e86c22bb updated berghofe parents: 23733 diff changeset	354	\isa{n}, matching the assumption.%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	355	\index{rule induction\|)} %the sequel isn't really about induction
ca73e86c22bb updated berghofe parents: 23733 diff changeset	356
ca73e86c22bb updated berghofe parents: 23733 diff changeset	357	\medskip
ca73e86c22bb updated berghofe parents: 23733 diff changeset	358	Using our lemma, we can easily prove the result we originally wanted:%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	359	\end{isamarkuptxt}%
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	360	\isamarkuptrue%
23848 ca73e86c22bb updated berghofe parents: 23733 diff changeset	361	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	362	\endisatagproof
ca73e86c22bb updated berghofe parents: 23733 diff changeset	363	{\isafoldproof}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	364	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	365	\isadelimproof
ca73e86c22bb updated berghofe parents: 23733 diff changeset	366	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	367	\endisadelimproof
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	368	\isacommand{lemma}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	369	\ Suc{\isacharunderscore}Suc{\isacharunderscore}even{\isacharunderscore}imp{\isacharunderscore}even{\isacharcolon}\ {\isachardoublequoteopen}Suc\ {\isacharparenleft}Suc\ n{\isacharparenright}\ {\isasymin}\ even\ {\isasymLongrightarrow}\ n\ {\isasymin}\ even{\isachardoublequoteclose}\isanewline
17056 05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	370	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	371	\isadelimproof
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	372	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	373	\endisadelimproof
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	374	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	375	\isatagproof
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	376	\isacommand{by}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	377	\ {\isacharparenleft}drule\ even{\isacharunderscore}imp{\isacharunderscore}even{\isacharunderscore}minus{\isacharunderscore}{\isadigit{2}}{\isacharcomma}\ simp{\isacharparenright}%
17056 05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	378	\endisatagproof
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	379	{\isafoldproof}%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	380	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	381	\isadelimproof
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	382	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	383	\endisadelimproof
23848 ca73e86c22bb updated berghofe parents: 23733 diff changeset	384	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	385	\begin{isamarkuptext}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	386	We have just proved the converse of the introduction rule \isa{even{\isachardot}step}.
ca73e86c22bb updated berghofe parents: 23733 diff changeset	387	This suggests proving the following equivalence. We give it the
ca73e86c22bb updated berghofe parents: 23733 diff changeset	388	\attrdx{iff} attribute because of its obvious value for simplification.%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	389	\end{isamarkuptext}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	390	\isamarkuptrue%
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	391	\isacommand{lemma}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	392	\ {\isacharbrackleft}iff{\isacharbrackright}{\isacharcolon}\ {\isachardoublequoteopen}{\isacharparenleft}{\isacharparenleft}Suc\ {\isacharparenleft}Suc\ n{\isacharparenright}{\isacharparenright}\ {\isasymin}\ even{\isacharparenright}\ {\isacharequal}\ {\isacharparenleft}n\ {\isasymin}\ even{\isacharparenright}{\isachardoublequoteclose}\isanewline
17056 05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	393	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	394	\isadelimproof
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	395	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	396	\endisadelimproof
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	397	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	398	\isatagproof
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	399	\isacommand{by}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	400	\ {\isacharparenleft}blast\ dest{\isacharcolon}\ Suc{\isacharunderscore}Suc{\isacharunderscore}even{\isacharunderscore}imp{\isacharunderscore}even{\isacharparenright}%
17056 05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	401	\endisatagproof
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	402	{\isafoldproof}%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	403	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	404	\isadelimproof
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	405	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	406	\endisadelimproof
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	407	%
23848 ca73e86c22bb updated berghofe parents: 23733 diff changeset	408	\isamarkupsubsection{Rule Inversion \label{sec:rule-inversion}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	409	}
ca73e86c22bb updated berghofe parents: 23733 diff changeset	410	\isamarkuptrue%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	411	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	412	\begin{isamarkuptext}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	413	\index{rule inversion\|(}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	414	Case analysis on an inductive definition is called \textbf{rule
ca73e86c22bb updated berghofe parents: 23733 diff changeset	415	inversion}. It is frequently used in proofs about operational
ca73e86c22bb updated berghofe parents: 23733 diff changeset	416	semantics. It can be highly effective when it is applied
ca73e86c22bb updated berghofe parents: 23733 diff changeset	417	automatically. Let us look at how rule inversion is done in
ca73e86c22bb updated berghofe parents: 23733 diff changeset	418	Isabelle/HOL\@.
ca73e86c22bb updated berghofe parents: 23733 diff changeset	419
ca73e86c22bb updated berghofe parents: 23733 diff changeset	420	Recall that \isa{even} is the minimal set closed under these two rules:
ca73e86c22bb updated berghofe parents: 23733 diff changeset	421	\begin{isabelle}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	422	{\isadigit{0}}\ {\isasymin}\ even\isasep\isanewline%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	423	n\ {\isasymin}\ even\ {\isasymLongrightarrow}\ Suc\ {\isacharparenleft}Suc\ n{\isacharparenright}\ {\isasymin}\ even%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	424	\end{isabelle}
ca73e86c22bb updated berghofe parents: 23733 diff changeset	425	Minimality means that \isa{even} contains only the elements that these
ca73e86c22bb updated berghofe parents: 23733 diff changeset	426	rules force it to contain. If we are told that \isa{a}
ca73e86c22bb updated berghofe parents: 23733 diff changeset	427	belongs to
ca73e86c22bb updated berghofe parents: 23733 diff changeset	428	\isa{even} then there are only two possibilities. Either \isa{a} is \isa{{\isadigit{0}}}
ca73e86c22bb updated berghofe parents: 23733 diff changeset	429	or else \isa{a} has the form \isa{Suc\ {\isacharparenleft}Suc\ n{\isacharparenright}}, for some suitable \isa{n}
ca73e86c22bb updated berghofe parents: 23733 diff changeset	430	that belongs to
ca73e86c22bb updated berghofe parents: 23733 diff changeset	431	\isa{even}. That is the gist of the \isa{cases} rule, which Isabelle proves
ca73e86c22bb updated berghofe parents: 23733 diff changeset	432	for us when it accepts an inductive definition:
ca73e86c22bb updated berghofe parents: 23733 diff changeset	433	\begin{isabelle}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	434	{\isasymlbrakk}a\ {\isasymin}\ even{\isacharsemicolon}\ a\ {\isacharequal}\ {\isadigit{0}}\ {\isasymLongrightarrow}\ P{\isacharsemicolon}\isanewline
ca73e86c22bb updated berghofe parents: 23733 diff changeset	435	\isaindent{\ }{\isasymAnd}n{\isachardot}\ {\isasymlbrakk}a\ {\isacharequal}\ Suc\ {\isacharparenleft}Suc\ n{\isacharparenright}{\isacharsemicolon}\ n\ {\isasymin}\ even{\isasymrbrakk}\ {\isasymLongrightarrow}\ P{\isasymrbrakk}\isanewline
ca73e86c22bb updated berghofe parents: 23733 diff changeset	436	{\isasymLongrightarrow}\ P\rulename{even{\isachardot}cases}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	437	\end{isabelle}
ca73e86c22bb updated berghofe parents: 23733 diff changeset	438	This general rule is less useful than instances of it for
ca73e86c22bb updated berghofe parents: 23733 diff changeset	439	specific patterns. For example, if \isa{a} has the form
ca73e86c22bb updated berghofe parents: 23733 diff changeset	440	\isa{Suc\ {\isacharparenleft}Suc\ n{\isacharparenright}} then the first case becomes irrelevant, while the second
ca73e86c22bb updated berghofe parents: 23733 diff changeset	441	case tells us that \isa{n} belongs to \isa{even}. Isabelle will generate
ca73e86c22bb updated berghofe parents: 23733 diff changeset	442	this instance for us:%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	443	\end{isamarkuptext}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	444	\isamarkuptrue%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	445	\isacommand{inductive{\isacharunderscore}cases}\isamarkupfalse%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	446	\ Suc{\isacharunderscore}Suc{\isacharunderscore}cases\ {\isacharbrackleft}elim{\isacharbang}{\isacharbrackright}{\isacharcolon}\ {\isachardoublequoteopen}Suc{\isacharparenleft}Suc\ n{\isacharparenright}\ {\isasymin}\ even{\isachardoublequoteclose}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	447	\begin{isamarkuptext}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	448	The \commdx{inductive\protect\_cases} command generates an instance of
ca73e86c22bb updated berghofe parents: 23733 diff changeset	449	the \isa{cases} rule for the supplied pattern and gives it the supplied name:
ca73e86c22bb updated berghofe parents: 23733 diff changeset	450	\begin{isabelle}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	451	{\isasymlbrakk}Suc\ {\isacharparenleft}Suc\ n{\isacharparenright}\ {\isasymin}\ even{\isacharsemicolon}\ n\ {\isasymin}\ even\ {\isasymLongrightarrow}\ P{\isasymrbrakk}\ {\isasymLongrightarrow}\ P\rulename{Suc{\isacharunderscore}Suc{\isacharunderscore}cases}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	452	\end{isabelle}
ca73e86c22bb updated berghofe parents: 23733 diff changeset	453	Applying this as an elimination rule yields one case where \isa{even{\isachardot}cases}
ca73e86c22bb updated berghofe parents: 23733 diff changeset	454	would yield two. Rule inversion works well when the conclusions of the
ca73e86c22bb updated berghofe parents: 23733 diff changeset	455	introduction rules involve datatype constructors like \isa{Suc} and \isa{{\isacharhash}}
ca73e86c22bb updated berghofe parents: 23733 diff changeset	456	(list ``cons''); freeness reasoning discards all but one or two cases.
ca73e86c22bb updated berghofe parents: 23733 diff changeset	457
ca73e86c22bb updated berghofe parents: 23733 diff changeset	458	In the \isacommand{inductive\_cases} command we supplied an
ca73e86c22bb updated berghofe parents: 23733 diff changeset	459	attribute, \isa{elim{\isacharbang}},
ca73e86c22bb updated berghofe parents: 23733 diff changeset	460	\index{elim"!@\isa {elim"!} (attribute)}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	461	indicating that this elimination rule can be
ca73e86c22bb updated berghofe parents: 23733 diff changeset	462	applied aggressively. The original
ca73e86c22bb updated berghofe parents: 23733 diff changeset	463	\isa{cases} rule would loop if used in that manner because the
ca73e86c22bb updated berghofe parents: 23733 diff changeset	464	pattern~\isa{a} matches everything.
ca73e86c22bb updated berghofe parents: 23733 diff changeset	465
ca73e86c22bb updated berghofe parents: 23733 diff changeset	466	The rule \isa{Suc{\isacharunderscore}Suc{\isacharunderscore}cases} is equivalent to the following implication:
ca73e86c22bb updated berghofe parents: 23733 diff changeset	467	\begin{isabelle}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	468	Suc\ {\isacharparenleft}Suc\ n{\isacharparenright}\ {\isasymin}\ even\ {\isasymLongrightarrow}\ n\ {\isasymin}\ even%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	469	\end{isabelle}
ca73e86c22bb updated berghofe parents: 23733 diff changeset	470	Just above we devoted some effort to reaching precisely
ca73e86c22bb updated berghofe parents: 23733 diff changeset	471	this result. Yet we could have obtained it by a one-line declaration,
ca73e86c22bb updated berghofe parents: 23733 diff changeset	472	dispensing with the lemma \isa{even{\isacharunderscore}imp{\isacharunderscore}even{\isacharunderscore}minus{\isacharunderscore}{\isadigit{2}}}.
ca73e86c22bb updated berghofe parents: 23733 diff changeset	473	This example also justifies the terminology
ca73e86c22bb updated berghofe parents: 23733 diff changeset	474	\textbf{rule inversion}: the new rule inverts the introduction rule
ca73e86c22bb updated berghofe parents: 23733 diff changeset	475	\isa{even{\isachardot}step}. In general, a rule can be inverted when the set of elements
ca73e86c22bb updated berghofe parents: 23733 diff changeset	476	it introduces is disjoint from those of the other introduction rules.
ca73e86c22bb updated berghofe parents: 23733 diff changeset	477
ca73e86c22bb updated berghofe parents: 23733 diff changeset	478	For one-off applications of rule inversion, use the \methdx{ind_cases} method.
ca73e86c22bb updated berghofe parents: 23733 diff changeset	479	Here is an example:%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	480	\end{isamarkuptext}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	481	\isamarkuptrue%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	482	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	483	\isadelimproof
ca73e86c22bb updated berghofe parents: 23733 diff changeset	484	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	485	\endisadelimproof
ca73e86c22bb updated berghofe parents: 23733 diff changeset	486	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	487	\isatagproof
ca73e86c22bb updated berghofe parents: 23733 diff changeset	488	\isacommand{apply}\isamarkupfalse%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	489	\ {\isacharparenleft}ind{\isacharunderscore}cases\ {\isachardoublequoteopen}Suc{\isacharparenleft}Suc\ n{\isacharparenright}\ {\isasymin}\ even{\isachardoublequoteclose}{\isacharparenright}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	490	\endisatagproof
ca73e86c22bb updated berghofe parents: 23733 diff changeset	491	{\isafoldproof}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	492	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	493	\isadelimproof
ca73e86c22bb updated berghofe parents: 23733 diff changeset	494	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	495	\endisadelimproof
ca73e86c22bb updated berghofe parents: 23733 diff changeset	496	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	497	\begin{isamarkuptext}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	498	The specified instance of the \isa{cases} rule is generated, then applied
ca73e86c22bb updated berghofe parents: 23733 diff changeset	499	as an elimination rule.
ca73e86c22bb updated berghofe parents: 23733 diff changeset	500
ca73e86c22bb updated berghofe parents: 23733 diff changeset	501	To summarize, every inductive definition produces a \isa{cases} rule. The
ca73e86c22bb updated berghofe parents: 23733 diff changeset	502	\commdx{inductive\protect\_cases} command stores an instance of the
ca73e86c22bb updated berghofe parents: 23733 diff changeset	503	\isa{cases} rule for a given pattern. Within a proof, the
ca73e86c22bb updated berghofe parents: 23733 diff changeset	504	\isa{ind{\isacharunderscore}cases} method applies an instance of the \isa{cases}
ca73e86c22bb updated berghofe parents: 23733 diff changeset	505	rule.
ca73e86c22bb updated berghofe parents: 23733 diff changeset	506
ca73e86c22bb updated berghofe parents: 23733 diff changeset	507	The even numbers example has shown how inductive definitions can be
ca73e86c22bb updated berghofe parents: 23733 diff changeset	508	used. Later examples will show that they are actually worth using.%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	509	\index{rule inversion\|)}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	510	\index{even numbers!defining inductively\|)}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	511	\end{isamarkuptext}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	512	\isamarkuptrue%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	513	%
17056 05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	514	\isadelimtheory
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	515	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	516	\endisadelimtheory
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	517	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	518	\isatagtheory
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	519	%
17056 05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	520	\endisatagtheory
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	521	{\isafoldtheory}%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	522	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	523	\isadelimtheory
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	524	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	525	\endisadelimtheory
10365 a17cf465d29a auto generated paulson parents: diff changeset	526	\end{isabellebody}%
a17cf465d29a auto generated paulson parents: diff changeset	527	%%% Local Variables:
a17cf465d29a auto generated paulson parents: diff changeset	528	%%% mode: latex
a17cf465d29a auto generated paulson parents: diff changeset	529	%%% TeX-master: "root"
a17cf465d29a auto generated paulson parents: diff changeset	530	%%% End:

author	haftmann
	Fri, 02 Jul 2010 10:47:50 +0200
changeset 37681	6ec40bc934e1
parent 25330	15bf0f47a87d
child 40406	313a24b66a8d
permissions	-rw-r--r--