isabelle: doc-src/TutorialI/Inductive/document/Even.tex@72fcf0832cfe (annotated)

10365 a17cf465d29a auto generated paulson parents: diff changeset	1	%
a17cf465d29a auto generated paulson parents: diff changeset	2	\begin{isabellebody}%
a17cf465d29a auto generated paulson parents: diff changeset	3	\def\isabellecontext{Even}%
17056 05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	4	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	5	\isadelimtheory
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	6	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	7	\endisadelimtheory
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	8	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	9	\isatagtheory
23848 ca73e86c22bb updated berghofe parents: 23733 diff changeset	10	%
17056 05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	11	\endisatagtheory
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	12	{\isafoldtheory}%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	13	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	14	\isadelimtheory
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	15	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	16	\endisadelimtheory
23848 ca73e86c22bb updated berghofe parents: 23733 diff changeset	17	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	18	\isamarkupsection{The Set of Even Numbers%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	19	}
ca73e86c22bb updated berghofe parents: 23733 diff changeset	20	\isamarkuptrue%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	21	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	22	\begin{isamarkuptext}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	23	\index{even numbers!defining inductively\|(}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	24	The set of even numbers can be inductively defined as the least set
ca73e86c22bb updated berghofe parents: 23733 diff changeset	25	containing 0 and closed under the operation $+2$. Obviously,
ca73e86c22bb updated berghofe parents: 23733 diff changeset	26	\emph{even} can also be expressed using the divides relation (\isa{dvd}).
ca73e86c22bb updated berghofe parents: 23733 diff changeset	27	We shall prove below that the two formulations coincide. On the way we
ca73e86c22bb updated berghofe parents: 23733 diff changeset	28	shall examine the primary means of reasoning about inductively defined
ca73e86c22bb updated berghofe parents: 23733 diff changeset	29	sets: rule induction.%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	30	\end{isamarkuptext}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	31	\isamarkuptrue%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	32	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	33	\isamarkupsubsection{Making an Inductive Definition%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	34	}
ca73e86c22bb updated berghofe parents: 23733 diff changeset	35	\isamarkuptrue%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	36	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	37	\begin{isamarkuptext}%
23928 efee34ff4764 Protected underscore in inductive_set. berghofe parents: 23848 diff changeset	38	Using \commdx{inductive\protect\_set}, we declare the constant \isa{even} to be
23848 ca73e86c22bb updated berghofe parents: 23733 diff changeset	39	a set of natural numbers with the desired properties.%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	40	\end{isamarkuptext}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	41	\isamarkuptrue%
23733 3f8ad7418e55 Adapted to new inductive definition package. berghofe parents: 21261 diff changeset	42	\isacommand{inductive{\isacharunderscore}set}\isamarkupfalse%
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	43	\ even\ {\isacharcolon}{\isacharcolon}\ {\isachardoublequoteopen}nat\ set{\isachardoublequoteclose}\isanewline
23733 3f8ad7418e55 Adapted to new inductive definition package. berghofe parents: 21261 diff changeset	44	\isakeyword{where}\isanewline
3f8ad7418e55 Adapted to new inductive definition package. berghofe parents: 21261 diff changeset	45	\ \ zero{\isacharbrackleft}intro{\isacharbang}{\isacharbrackright}{\isacharcolon}\ {\isachardoublequoteopen}{\isadigit{0}}\ {\isasymin}\ even{\isachardoublequoteclose}\isanewline
3f8ad7418e55 Adapted to new inductive definition package. berghofe parents: 21261 diff changeset	46	{\isacharbar}\ step{\isacharbrackleft}intro{\isacharbang}{\isacharbrackright}{\isacharcolon}\ {\isachardoublequoteopen}n\ {\isasymin}\ even\ {\isasymLongrightarrow}\ {\isacharparenleft}Suc\ {\isacharparenleft}Suc\ n{\isacharparenright}{\isacharparenright}\ {\isasymin}\ even{\isachardoublequoteclose}%
10365 a17cf465d29a auto generated paulson parents: diff changeset	47	\begin{isamarkuptext}%
23848 ca73e86c22bb updated berghofe parents: 23733 diff changeset	48	An inductive definition consists of introduction rules. The first one
ca73e86c22bb updated berghofe parents: 23733 diff changeset	49	above states that 0 is even; the second states that if $n$ is even, then so
ca73e86c22bb updated berghofe parents: 23733 diff changeset	50	is~$n+2$. Given this declaration, Isabelle generates a fixed point
ca73e86c22bb updated berghofe parents: 23733 diff changeset	51	definition for \isa{even} and proves theorems about it,
ca73e86c22bb updated berghofe parents: 23733 diff changeset	52	thus following the definitional approach (see {\S}\ref{sec:definitional}).
ca73e86c22bb updated berghofe parents: 23733 diff changeset	53	These theorems
ca73e86c22bb updated berghofe parents: 23733 diff changeset	54	include the introduction rules specified in the declaration, an elimination
ca73e86c22bb updated berghofe parents: 23733 diff changeset	55	rule for case analysis and an induction rule. We can refer to these
ca73e86c22bb updated berghofe parents: 23733 diff changeset	56	theorems by automatically-generated names. Here are two examples:
10365 a17cf465d29a auto generated paulson parents: diff changeset	57	\begin{isabelle}%
23848 ca73e86c22bb updated berghofe parents: 23733 diff changeset	58	{\isadigit{0}}\ {\isasymin}\ even\rulename{even{\isachardot}zero}\par\smallskip%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	59	n\ {\isasymin}\ even\ {\isasymLongrightarrow}\ Suc\ {\isacharparenleft}Suc\ n{\isacharparenright}\ {\isasymin}\ even\rulename{even{\isachardot}step}%
10365 a17cf465d29a auto generated paulson parents: diff changeset	60	\end{isabelle}
a17cf465d29a auto generated paulson parents: diff changeset	61
23848 ca73e86c22bb updated berghofe parents: 23733 diff changeset	62	The introduction rules can be given attributes. Here
ca73e86c22bb updated berghofe parents: 23733 diff changeset	63	both rules are specified as \isa{intro!},%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	64	\index{intro"!@\isa {intro"!} (attribute)}
ca73e86c22bb updated berghofe parents: 23733 diff changeset	65	directing the classical reasoner to
ca73e86c22bb updated berghofe parents: 23733 diff changeset	66	apply them aggressively. Obviously, regarding 0 as even is safe. The
ca73e86c22bb updated berghofe parents: 23733 diff changeset	67	\isa{step} rule is also safe because $n+2$ is even if and only if $n$ is
ca73e86c22bb updated berghofe parents: 23733 diff changeset	68	even. We prove this equivalence later.%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	69	\end{isamarkuptext}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	70	\isamarkuptrue%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	71	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	72	\isamarkupsubsection{Using Introduction Rules%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	73	}
ca73e86c22bb updated berghofe parents: 23733 diff changeset	74	\isamarkuptrue%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	75	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	76	\begin{isamarkuptext}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	77	Our first lemma states that numbers of the form $2\times k$ are even.
ca73e86c22bb updated berghofe parents: 23733 diff changeset	78	Introduction rules are used to show that specific values belong to the
ca73e86c22bb updated berghofe parents: 23733 diff changeset	79	inductive set. Such proofs typically involve
ca73e86c22bb updated berghofe parents: 23733 diff changeset	80	induction, perhaps over some other inductive set.%
10365 a17cf465d29a auto generated paulson parents: diff changeset	81	\end{isamarkuptext}%
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	82	\isamarkuptrue%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	83	\isacommand{lemma}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	84	\ two{\isacharunderscore}times{\isacharunderscore}even{\isacharbrackleft}intro{\isacharbang}{\isacharbrackright}{\isacharcolon}\ {\isachardoublequoteopen}{\isadigit{2}}{\isacharasterisk}k\ {\isasymin}\ even{\isachardoublequoteclose}\isanewline
17056 05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	85	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	86	\isadelimproof
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	87	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	88	\endisadelimproof
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	89	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	90	\isatagproof
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	91	\isacommand{apply}\isamarkupfalse%
23848 ca73e86c22bb updated berghofe parents: 23733 diff changeset	92	\ {\isacharparenleft}induct{\isacharunderscore}tac\ k{\isacharparenright}\isanewline
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	93	\ \isacommand{apply}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	94	\ auto\isanewline
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	95	\isacommand{done}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	96	%
17056 05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	97	\endisatagproof
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	98	{\isafoldproof}%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	99	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	100	\isadelimproof
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	101	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	102	\endisadelimproof
11866 fbd097aec213 updated; wenzelm parents: 11708 diff changeset	103	%
23848 ca73e86c22bb updated berghofe parents: 23733 diff changeset	104	\isadelimproof
ca73e86c22bb updated berghofe parents: 23733 diff changeset	105	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	106	\endisadelimproof
ca73e86c22bb updated berghofe parents: 23733 diff changeset	107	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	108	\isatagproof
ca73e86c22bb updated berghofe parents: 23733 diff changeset	109	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	110	\begin{isamarkuptxt}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	111	\noindent
ca73e86c22bb updated berghofe parents: 23733 diff changeset	112	The first step is induction on the natural number \isa{k}, which leaves
ca73e86c22bb updated berghofe parents: 23733 diff changeset	113	two subgoals:
ca73e86c22bb updated berghofe parents: 23733 diff changeset	114	\begin{isabelle}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	115	\ {\isadigit{1}}{\isachardot}\ {\isadigit{2}}\ {\isacharasterisk}\ {\isadigit{0}}\ {\isasymin}\ even\isanewline
ca73e86c22bb updated berghofe parents: 23733 diff changeset	116	\ {\isadigit{2}}{\isachardot}\ {\isasymAnd}n{\isachardot}\ {\isadigit{2}}\ {\isacharasterisk}\ n\ {\isasymin}\ even\ {\isasymLongrightarrow}\ {\isadigit{2}}\ {\isacharasterisk}\ Suc\ n\ {\isasymin}\ even%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	117	\end{isabelle}
ca73e86c22bb updated berghofe parents: 23733 diff changeset	118	Here \isa{auto} simplifies both subgoals so that they match the introduction
ca73e86c22bb updated berghofe parents: 23733 diff changeset	119	rules, which are then applied automatically.
ca73e86c22bb updated berghofe parents: 23733 diff changeset	120
ca73e86c22bb updated berghofe parents: 23733 diff changeset	121	Our ultimate goal is to prove the equivalence between the traditional
ca73e86c22bb updated berghofe parents: 23733 diff changeset	122	definition of \isa{even} (using the divides relation) and our inductive
ca73e86c22bb updated berghofe parents: 23733 diff changeset	123	definition. One direction of this equivalence is immediate by the lemma
ca73e86c22bb updated berghofe parents: 23733 diff changeset	124	just proved, whose \isa{intro{\isacharbang}} attribute ensures it is applied automatically.%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	125	\end{isamarkuptxt}%
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	126	\isamarkuptrue%
23848 ca73e86c22bb updated berghofe parents: 23733 diff changeset	127	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	128	\endisatagproof
ca73e86c22bb updated berghofe parents: 23733 diff changeset	129	{\isafoldproof}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	130	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	131	\isadelimproof
ca73e86c22bb updated berghofe parents: 23733 diff changeset	132	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	133	\endisadelimproof
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	134	\isacommand{lemma}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	135	\ dvd{\isacharunderscore}imp{\isacharunderscore}even{\isacharcolon}\ {\isachardoublequoteopen}{\isadigit{2}}\ dvd\ n\ {\isasymLongrightarrow}\ n\ {\isasymin}\ even{\isachardoublequoteclose}\isanewline
17056 05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	136	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	137	\isadelimproof
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	138	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	139	\endisadelimproof
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	140	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	141	\isatagproof
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	142	\isacommand{by}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	143	\ {\isacharparenleft}auto\ simp\ add{\isacharcolon}\ dvd{\isacharunderscore}def{\isacharparenright}%
17056 05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	144	\endisatagproof
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	145	{\isafoldproof}%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	146	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	147	\isadelimproof
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	148	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	149	\endisadelimproof
11866 fbd097aec213 updated; wenzelm parents: 11708 diff changeset	150	%
23848 ca73e86c22bb updated berghofe parents: 23733 diff changeset	151	\isamarkupsubsection{Rule Induction \label{sec:rule-induction}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	152	}
ca73e86c22bb updated berghofe parents: 23733 diff changeset	153	\isamarkuptrue%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	154	%
10365 a17cf465d29a auto generated paulson parents: diff changeset	155	\begin{isamarkuptext}%
23848 ca73e86c22bb updated berghofe parents: 23733 diff changeset	156	\index{rule induction\|(}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	157	From the definition of the set
ca73e86c22bb updated berghofe parents: 23733 diff changeset	158	\isa{even}, Isabelle has
ca73e86c22bb updated berghofe parents: 23733 diff changeset	159	generated an induction rule:
ca73e86c22bb updated berghofe parents: 23733 diff changeset	160	\begin{isabelle}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	161	{\isasymlbrakk}x\ {\isasymin}\ even{\isacharsemicolon}\ P\ {\isadigit{0}}{\isacharsemicolon}\isanewline
ca73e86c22bb updated berghofe parents: 23733 diff changeset	162	\isaindent{\ }{\isasymAnd}n{\isachardot}\ {\isasymlbrakk}n\ {\isasymin}\ even{\isacharsemicolon}\ P\ n{\isasymrbrakk}\ {\isasymLongrightarrow}\ P\ {\isacharparenleft}Suc\ {\isacharparenleft}Suc\ n{\isacharparenright}{\isacharparenright}{\isasymrbrakk}\isanewline
ca73e86c22bb updated berghofe parents: 23733 diff changeset	163	{\isasymLongrightarrow}\ P\ x\rulename{even{\isachardot}induct}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	164	\end{isabelle}
ca73e86c22bb updated berghofe parents: 23733 diff changeset	165	A property \isa{P} holds for every even number provided it
ca73e86c22bb updated berghofe parents: 23733 diff changeset	166	holds for~\isa{{\isadigit{0}}} and is closed under the operation
ca73e86c22bb updated berghofe parents: 23733 diff changeset	167	\isa{Suc(Suc $\cdot$)}. Then \isa{P} is closed under the introduction
ca73e86c22bb updated berghofe parents: 23733 diff changeset	168	rules for \isa{even}, which is the least set closed under those rules.
ca73e86c22bb updated berghofe parents: 23733 diff changeset	169	This type of inductive argument is called \textbf{rule induction}.
ca73e86c22bb updated berghofe parents: 23733 diff changeset	170
ca73e86c22bb updated berghofe parents: 23733 diff changeset	171	Apart from the double application of \isa{Suc}, the induction rule above
ca73e86c22bb updated berghofe parents: 23733 diff changeset	172	resembles the familiar mathematical induction, which indeed is an instance
ca73e86c22bb updated berghofe parents: 23733 diff changeset	173	of rule induction; the natural numbers can be defined inductively to be
ca73e86c22bb updated berghofe parents: 23733 diff changeset	174	the least set containing \isa{{\isadigit{0}}} and closed under~\isa{Suc}.
ca73e86c22bb updated berghofe parents: 23733 diff changeset	175
ca73e86c22bb updated berghofe parents: 23733 diff changeset	176	Induction is the usual way of proving a property of the elements of an
ca73e86c22bb updated berghofe parents: 23733 diff changeset	177	inductively defined set. Let us prove that all members of the set
ca73e86c22bb updated berghofe parents: 23733 diff changeset	178	\isa{even} are multiples of two.%
10365 a17cf465d29a auto generated paulson parents: diff changeset	179	\end{isamarkuptext}%
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	180	\isamarkuptrue%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	181	\isacommand{lemma}\isamarkupfalse%
23848 ca73e86c22bb updated berghofe parents: 23733 diff changeset	182	\ even{\isacharunderscore}imp{\isacharunderscore}dvd{\isacharcolon}\ {\isachardoublequoteopen}n\ {\isasymin}\ even\ {\isasymLongrightarrow}\ {\isadigit{2}}\ dvd\ n{\isachardoublequoteclose}%
17056 05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	183	\isadelimproof
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	184	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	185	\endisadelimproof
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	186	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	187	\isatagproof
23848 ca73e86c22bb updated berghofe parents: 23733 diff changeset	188	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	189	\begin{isamarkuptxt}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	190	We begin by applying induction. Note that \isa{even{\isachardot}induct} has the form
ca73e86c22bb updated berghofe parents: 23733 diff changeset	191	of an elimination rule, so we use the method \isa{erule}. We get two
ca73e86c22bb updated berghofe parents: 23733 diff changeset	192	subgoals:%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	193	\end{isamarkuptxt}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	194	\isamarkuptrue%
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	195	\isacommand{apply}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	196	\ {\isacharparenleft}erule\ even{\isachardot}induct{\isacharparenright}%
16069 3f2a9f400168 * empty log message * nipkow parents: 15614 diff changeset	197	\begin{isamarkuptxt}%
3f2a9f400168 * empty log message * nipkow parents: 15614 diff changeset	198	\begin{isabelle}%
3f2a9f400168 * empty log message * nipkow parents: 15614 diff changeset	199	\ {\isadigit{1}}{\isachardot}\ {\isadigit{2}}\ dvd\ {\isadigit{0}}\isanewline
21261 58223c67fd8b updated; wenzelm parents: 17187 diff changeset	200	\ {\isadigit{2}}{\isachardot}\ {\isasymAnd}n{\isachardot}\ {\isasymlbrakk}n\ {\isasymin}\ even{\isacharsemicolon}\ {\isadigit{2}}\ dvd\ n{\isasymrbrakk}\ {\isasymLongrightarrow}\ {\isadigit{2}}\ dvd\ Suc\ {\isacharparenleft}Suc\ n{\isacharparenright}%
23848 ca73e86c22bb updated berghofe parents: 23733 diff changeset	201	\end{isabelle}
ca73e86c22bb updated berghofe parents: 23733 diff changeset	202	We unfold the definition of \isa{dvd} in both subgoals, proving the first
ca73e86c22bb updated berghofe parents: 23733 diff changeset	203	one and simplifying the second:%
16069 3f2a9f400168 * empty log message * nipkow parents: 15614 diff changeset	204	\end{isamarkuptxt}%
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	205	\isamarkuptrue%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	206	\isacommand{apply}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	207	\ {\isacharparenleft}simp{\isacharunderscore}all\ add{\isacharcolon}\ dvd{\isacharunderscore}def{\isacharparenright}%
16069 3f2a9f400168 * empty log message * nipkow parents: 15614 diff changeset	208	\begin{isamarkuptxt}%
3f2a9f400168 * empty log message * nipkow parents: 15614 diff changeset	209	\begin{isabelle}%
21261 58223c67fd8b updated; wenzelm parents: 17187 diff changeset	210	\ {\isadigit{1}}{\isachardot}\ {\isasymAnd}n{\isachardot}\ {\isasymlbrakk}n\ {\isasymin}\ even{\isacharsemicolon}\ {\isasymexists}k{\isachardot}\ n\ {\isacharequal}\ {\isadigit{2}}\ {\isacharasterisk}\ k{\isasymrbrakk}\ {\isasymLongrightarrow}\ {\isasymexists}k{\isachardot}\ Suc\ {\isacharparenleft}Suc\ n{\isacharparenright}\ {\isacharequal}\ {\isadigit{2}}\ {\isacharasterisk}\ k%
23848 ca73e86c22bb updated berghofe parents: 23733 diff changeset	211	\end{isabelle}
ca73e86c22bb updated berghofe parents: 23733 diff changeset	212	The next command eliminates the existential quantifier from the assumption
ca73e86c22bb updated berghofe parents: 23733 diff changeset	213	and replaces \isa{n} by \isa{{\isadigit{2}}\ {\isacharasterisk}\ k}.%
16069 3f2a9f400168 * empty log message * nipkow parents: 15614 diff changeset	214	\end{isamarkuptxt}%
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	215	\isamarkuptrue%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	216	\isacommand{apply}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	217	\ clarify%
16069 3f2a9f400168 * empty log message * nipkow parents: 15614 diff changeset	218	\begin{isamarkuptxt}%
3f2a9f400168 * empty log message * nipkow parents: 15614 diff changeset	219	\begin{isabelle}%
21261 58223c67fd8b updated; wenzelm parents: 17187 diff changeset	220	\ {\isadigit{1}}{\isachardot}\ {\isasymAnd}n\ k{\isachardot}\ {\isadigit{2}}\ {\isacharasterisk}\ k\ {\isasymin}\ even\ {\isasymLongrightarrow}\ {\isasymexists}ka{\isachardot}\ Suc\ {\isacharparenleft}Suc\ {\isacharparenleft}{\isadigit{2}}\ {\isacharasterisk}\ k{\isacharparenright}{\isacharparenright}\ {\isacharequal}\ {\isadigit{2}}\ {\isacharasterisk}\ ka%
23848 ca73e86c22bb updated berghofe parents: 23733 diff changeset	221	\end{isabelle}
ca73e86c22bb updated berghofe parents: 23733 diff changeset	222	To conclude, we tell Isabelle that the desired value is
ca73e86c22bb updated berghofe parents: 23733 diff changeset	223	\isa{Suc\ k}. With this hint, the subgoal falls to \isa{simp}.%
16069 3f2a9f400168 * empty log message * nipkow parents: 15614 diff changeset	224	\end{isamarkuptxt}%
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	225	\isamarkuptrue%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	226	\isacommand{apply}\isamarkupfalse%
23848 ca73e86c22bb updated berghofe parents: 23733 diff changeset	227	\ {\isacharparenleft}rule{\isacharunderscore}tac\ x\ {\isacharequal}\ {\isachardoublequoteopen}Suc\ k{\isachardoublequoteclose}\ \isakeyword{in}\ exI{\isacharcomma}\ simp{\isacharparenright}%
17056 05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	228	\endisatagproof
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	229	{\isafoldproof}%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	230	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	231	\isadelimproof
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	232	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	233	\endisadelimproof
11866 fbd097aec213 updated; wenzelm parents: 11708 diff changeset	234	%
10365 a17cf465d29a auto generated paulson parents: diff changeset	235	\begin{isamarkuptext}%
23848 ca73e86c22bb updated berghofe parents: 23733 diff changeset	236	Combining the previous two results yields our objective, the
ca73e86c22bb updated berghofe parents: 23733 diff changeset	237	equivalence relating \isa{even} and \isa{dvd}.
ca73e86c22bb updated berghofe parents: 23733 diff changeset	238	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	239	%we don't want [iff]: discuss?%
10365 a17cf465d29a auto generated paulson parents: diff changeset	240	\end{isamarkuptext}%
17056 05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	241	\isamarkuptrue%
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	242	\isacommand{theorem}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	243	\ even{\isacharunderscore}iff{\isacharunderscore}dvd{\isacharcolon}\ {\isachardoublequoteopen}{\isacharparenleft}n\ {\isasymin}\ even{\isacharparenright}\ {\isacharequal}\ {\isacharparenleft}{\isadigit{2}}\ dvd\ n{\isacharparenright}{\isachardoublequoteclose}\isanewline
17056 05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	244	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	245	\isadelimproof
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	246	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	247	\endisadelimproof
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	248	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	249	\isatagproof
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	250	\isacommand{by}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	251	\ {\isacharparenleft}blast\ intro{\isacharcolon}\ dvd{\isacharunderscore}imp{\isacharunderscore}even\ even{\isacharunderscore}imp{\isacharunderscore}dvd{\isacharparenright}%
17056 05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	252	\endisatagproof
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	253	{\isafoldproof}%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	254	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	255	\isadelimproof
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	256	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	257	\endisadelimproof
11866 fbd097aec213 updated; wenzelm parents: 11708 diff changeset	258	%
23848 ca73e86c22bb updated berghofe parents: 23733 diff changeset	259	\isamarkupsubsection{Generalization and Rule Induction \label{sec:gen-rule-induction}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	260	}
ca73e86c22bb updated berghofe parents: 23733 diff changeset	261	\isamarkuptrue%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	262	%
10365 a17cf465d29a auto generated paulson parents: diff changeset	263	\begin{isamarkuptext}%
23848 ca73e86c22bb updated berghofe parents: 23733 diff changeset	264	\index{generalizing for induction}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	265	Before applying induction, we typically must generalize
ca73e86c22bb updated berghofe parents: 23733 diff changeset	266	the induction formula. With rule induction, the required generalization
ca73e86c22bb updated berghofe parents: 23733 diff changeset	267	can be hard to find and sometimes requires a complete reformulation of the
ca73e86c22bb updated berghofe parents: 23733 diff changeset	268	problem. In this example, our first attempt uses the obvious statement of
ca73e86c22bb updated berghofe parents: 23733 diff changeset	269	the result. It fails:%
10365 a17cf465d29a auto generated paulson parents: diff changeset	270	\end{isamarkuptext}%
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	271	\isamarkuptrue%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	272	\isacommand{lemma}\isamarkupfalse%
23848 ca73e86c22bb updated berghofe parents: 23733 diff changeset	273	\ {\isachardoublequoteopen}Suc\ {\isacharparenleft}Suc\ n{\isacharparenright}\ {\isasymin}\ even\ {\isasymLongrightarrow}\ n\ {\isasymin}\ even{\isachardoublequoteclose}\isanewline
17056 05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	274	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	275	\isadelimproof
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	276	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	277	\endisadelimproof
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	278	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	279	\isatagproof
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	280	\isacommand{apply}\isamarkupfalse%
23848 ca73e86c22bb updated berghofe parents: 23733 diff changeset	281	\ {\isacharparenleft}erule\ even{\isachardot}induct{\isacharparenright}\isanewline
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	282	\isacommand{oops}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	283	%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	284	\endisatagproof
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	285	{\isafoldproof}%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	286	%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	287	\isadelimproof
16069 3f2a9f400168 * empty log message * nipkow parents: 15614 diff changeset	288	%
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	289	\endisadelimproof
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	290	%
23848 ca73e86c22bb updated berghofe parents: 23733 diff changeset	291	\isadelimproof
ca73e86c22bb updated berghofe parents: 23733 diff changeset	292	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	293	\endisadelimproof
ca73e86c22bb updated berghofe parents: 23733 diff changeset	294	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	295	\isatagproof
ca73e86c22bb updated berghofe parents: 23733 diff changeset	296	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	297	\begin{isamarkuptxt}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	298	Rule induction finds no occurrences of \isa{Suc\ {\isacharparenleft}Suc\ n{\isacharparenright}} in the
ca73e86c22bb updated berghofe parents: 23733 diff changeset	299	conclusion, which it therefore leaves unchanged. (Look at
ca73e86c22bb updated berghofe parents: 23733 diff changeset	300	\isa{even{\isachardot}induct} to see why this happens.) We have these subgoals:
ca73e86c22bb updated berghofe parents: 23733 diff changeset	301	\begin{isabelle}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	302	\ {\isadigit{1}}{\isachardot}\ n\ {\isasymin}\ even\isanewline
ca73e86c22bb updated berghofe parents: 23733 diff changeset	303	\ {\isadigit{2}}{\isachardot}\ {\isasymAnd}na{\isachardot}\ {\isasymlbrakk}na\ {\isasymin}\ even{\isacharsemicolon}\ n\ {\isasymin}\ even{\isasymrbrakk}\ {\isasymLongrightarrow}\ n\ {\isasymin}\ even%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	304	\end{isabelle}
ca73e86c22bb updated berghofe parents: 23733 diff changeset	305	The first one is hopeless. Rule induction on
ca73e86c22bb updated berghofe parents: 23733 diff changeset	306	a non-variable term discards information, and usually fails.
ca73e86c22bb updated berghofe parents: 23733 diff changeset	307	How to deal with such situations
ca73e86c22bb updated berghofe parents: 23733 diff changeset	308	in general is described in {\S}\ref{sec:ind-var-in-prems} below.
ca73e86c22bb updated berghofe parents: 23733 diff changeset	309	In the current case the solution is easy because
ca73e86c22bb updated berghofe parents: 23733 diff changeset	310	we have the necessary inverse, subtraction:%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	311	\end{isamarkuptxt}%
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	312	\isamarkuptrue%
23848 ca73e86c22bb updated berghofe parents: 23733 diff changeset	313	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	314	\endisatagproof
ca73e86c22bb updated berghofe parents: 23733 diff changeset	315	{\isafoldproof}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	316	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	317	\isadelimproof
ca73e86c22bb updated berghofe parents: 23733 diff changeset	318	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	319	\endisadelimproof
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	320	\isacommand{lemma}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	321	\ even{\isacharunderscore}imp{\isacharunderscore}even{\isacharunderscore}minus{\isacharunderscore}{\isadigit{2}}{\isacharcolon}\ {\isachardoublequoteopen}n\ {\isasymin}\ even\ {\isasymLongrightarrow}\ n\ {\isacharminus}\ {\isadigit{2}}\ {\isasymin}\ even{\isachardoublequoteclose}\isanewline
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	322	%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	323	\isadelimproof
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	324	%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	325	\endisadelimproof
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	326	%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	327	\isatagproof
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	328	\isacommand{apply}\isamarkupfalse%
23848 ca73e86c22bb updated berghofe parents: 23733 diff changeset	329	\ {\isacharparenleft}erule\ even{\isachardot}induct{\isacharparenright}\isanewline
ca73e86c22bb updated berghofe parents: 23733 diff changeset	330	\ \isacommand{apply}\isamarkupfalse%
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	331	\ auto\isanewline
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	332	\isacommand{done}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	333	%
17056 05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	334	\endisatagproof
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	335	{\isafoldproof}%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	336	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	337	\isadelimproof
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	338	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	339	\endisadelimproof
11866 fbd097aec213 updated; wenzelm parents: 11708 diff changeset	340	%
23848 ca73e86c22bb updated berghofe parents: 23733 diff changeset	341	\isadelimproof
ca73e86c22bb updated berghofe parents: 23733 diff changeset	342	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	343	\endisadelimproof
ca73e86c22bb updated berghofe parents: 23733 diff changeset	344	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	345	\isatagproof
ca73e86c22bb updated berghofe parents: 23733 diff changeset	346	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	347	\begin{isamarkuptxt}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	348	This lemma is trivially inductive. Here are the subgoals:
ca73e86c22bb updated berghofe parents: 23733 diff changeset	349	\begin{isabelle}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	350	\ {\isadigit{1}}{\isachardot}\ {\isadigit{0}}\ {\isacharminus}\ {\isadigit{2}}\ {\isasymin}\ even\isanewline
ca73e86c22bb updated berghofe parents: 23733 diff changeset	351	\ {\isadigit{2}}{\isachardot}\ {\isasymAnd}n{\isachardot}\ {\isasymlbrakk}n\ {\isasymin}\ even{\isacharsemicolon}\ n\ {\isacharminus}\ {\isadigit{2}}\ {\isasymin}\ even{\isasymrbrakk}\ {\isasymLongrightarrow}\ Suc\ {\isacharparenleft}Suc\ n{\isacharparenright}\ {\isacharminus}\ {\isadigit{2}}\ {\isasymin}\ even%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	352	\end{isabelle}
ca73e86c22bb updated berghofe parents: 23733 diff changeset	353	The first is trivial because \isa{{\isadigit{0}}\ {\isacharminus}\ {\isadigit{2}}} simplifies to \isa{{\isadigit{0}}}, which is
ca73e86c22bb updated berghofe parents: 23733 diff changeset	354	even. The second is trivial too: \isa{Suc\ {\isacharparenleft}Suc\ n{\isacharparenright}\ {\isacharminus}\ {\isadigit{2}}} simplifies to
ca73e86c22bb updated berghofe parents: 23733 diff changeset	355	\isa{n}, matching the assumption.%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	356	\index{rule induction\|)} %the sequel isn't really about induction
ca73e86c22bb updated berghofe parents: 23733 diff changeset	357
ca73e86c22bb updated berghofe parents: 23733 diff changeset	358	\medskip
ca73e86c22bb updated berghofe parents: 23733 diff changeset	359	Using our lemma, we can easily prove the result we originally wanted:%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	360	\end{isamarkuptxt}%
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	361	\isamarkuptrue%
23848 ca73e86c22bb updated berghofe parents: 23733 diff changeset	362	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	363	\endisatagproof
ca73e86c22bb updated berghofe parents: 23733 diff changeset	364	{\isafoldproof}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	365	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	366	\isadelimproof
ca73e86c22bb updated berghofe parents: 23733 diff changeset	367	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	368	\endisadelimproof
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	369	\isacommand{lemma}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	370	\ Suc{\isacharunderscore}Suc{\isacharunderscore}even{\isacharunderscore}imp{\isacharunderscore}even{\isacharcolon}\ {\isachardoublequoteopen}Suc\ {\isacharparenleft}Suc\ n{\isacharparenright}\ {\isasymin}\ even\ {\isasymLongrightarrow}\ n\ {\isasymin}\ even{\isachardoublequoteclose}\isanewline
17056 05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	371	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	372	\isadelimproof
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	373	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	374	\endisadelimproof
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	375	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	376	\isatagproof
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	377	\isacommand{by}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	378	\ {\isacharparenleft}drule\ even{\isacharunderscore}imp{\isacharunderscore}even{\isacharunderscore}minus{\isacharunderscore}{\isadigit{2}}{\isacharcomma}\ simp{\isacharparenright}%
17056 05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	379	\endisatagproof
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	380	{\isafoldproof}%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	381	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	382	\isadelimproof
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	383	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	384	\endisadelimproof
23848 ca73e86c22bb updated berghofe parents: 23733 diff changeset	385	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	386	\begin{isamarkuptext}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	387	We have just proved the converse of the introduction rule \isa{even{\isachardot}step}.
ca73e86c22bb updated berghofe parents: 23733 diff changeset	388	This suggests proving the following equivalence. We give it the
ca73e86c22bb updated berghofe parents: 23733 diff changeset	389	\attrdx{iff} attribute because of its obvious value for simplification.%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	390	\end{isamarkuptext}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	391	\isamarkuptrue%
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	392	\isacommand{lemma}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	393	\ {\isacharbrackleft}iff{\isacharbrackright}{\isacharcolon}\ {\isachardoublequoteopen}{\isacharparenleft}{\isacharparenleft}Suc\ {\isacharparenleft}Suc\ n{\isacharparenright}{\isacharparenright}\ {\isasymin}\ even{\isacharparenright}\ {\isacharequal}\ {\isacharparenleft}n\ {\isasymin}\ even{\isacharparenright}{\isachardoublequoteclose}\isanewline
17056 05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	394	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	395	\isadelimproof
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	396	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	397	\endisadelimproof
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	398	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	399	\isatagproof
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	400	\isacommand{by}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	401	\ {\isacharparenleft}blast\ dest{\isacharcolon}\ Suc{\isacharunderscore}Suc{\isacharunderscore}even{\isacharunderscore}imp{\isacharunderscore}even{\isacharparenright}%
17056 05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	402	\endisatagproof
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	403	{\isafoldproof}%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	404	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	405	\isadelimproof
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	406	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	407	\endisadelimproof
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	408	%
23848 ca73e86c22bb updated berghofe parents: 23733 diff changeset	409	\isamarkupsubsection{Rule Inversion \label{sec:rule-inversion}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	410	}
ca73e86c22bb updated berghofe parents: 23733 diff changeset	411	\isamarkuptrue%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	412	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	413	\begin{isamarkuptext}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	414	\index{rule inversion\|(}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	415	Case analysis on an inductive definition is called \textbf{rule
ca73e86c22bb updated berghofe parents: 23733 diff changeset	416	inversion}. It is frequently used in proofs about operational
ca73e86c22bb updated berghofe parents: 23733 diff changeset	417	semantics. It can be highly effective when it is applied
ca73e86c22bb updated berghofe parents: 23733 diff changeset	418	automatically. Let us look at how rule inversion is done in
ca73e86c22bb updated berghofe parents: 23733 diff changeset	419	Isabelle/HOL\@.
ca73e86c22bb updated berghofe parents: 23733 diff changeset	420
ca73e86c22bb updated berghofe parents: 23733 diff changeset	421	Recall that \isa{even} is the minimal set closed under these two rules:
ca73e86c22bb updated berghofe parents: 23733 diff changeset	422	\begin{isabelle}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	423	{\isadigit{0}}\ {\isasymin}\ even\isasep\isanewline%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	424	n\ {\isasymin}\ even\ {\isasymLongrightarrow}\ Suc\ {\isacharparenleft}Suc\ n{\isacharparenright}\ {\isasymin}\ even%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	425	\end{isabelle}
ca73e86c22bb updated berghofe parents: 23733 diff changeset	426	Minimality means that \isa{even} contains only the elements that these
ca73e86c22bb updated berghofe parents: 23733 diff changeset	427	rules force it to contain. If we are told that \isa{a}
ca73e86c22bb updated berghofe parents: 23733 diff changeset	428	belongs to
ca73e86c22bb updated berghofe parents: 23733 diff changeset	429	\isa{even} then there are only two possibilities. Either \isa{a} is \isa{{\isadigit{0}}}
ca73e86c22bb updated berghofe parents: 23733 diff changeset	430	or else \isa{a} has the form \isa{Suc\ {\isacharparenleft}Suc\ n{\isacharparenright}}, for some suitable \isa{n}
ca73e86c22bb updated berghofe parents: 23733 diff changeset	431	that belongs to
ca73e86c22bb updated berghofe parents: 23733 diff changeset	432	\isa{even}. That is the gist of the \isa{cases} rule, which Isabelle proves
ca73e86c22bb updated berghofe parents: 23733 diff changeset	433	for us when it accepts an inductive definition:
ca73e86c22bb updated berghofe parents: 23733 diff changeset	434	\begin{isabelle}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	435	{\isasymlbrakk}a\ {\isasymin}\ even{\isacharsemicolon}\ a\ {\isacharequal}\ {\isadigit{0}}\ {\isasymLongrightarrow}\ P{\isacharsemicolon}\isanewline
ca73e86c22bb updated berghofe parents: 23733 diff changeset	436	\isaindent{\ }{\isasymAnd}n{\isachardot}\ {\isasymlbrakk}a\ {\isacharequal}\ Suc\ {\isacharparenleft}Suc\ n{\isacharparenright}{\isacharsemicolon}\ n\ {\isasymin}\ even{\isasymrbrakk}\ {\isasymLongrightarrow}\ P{\isasymrbrakk}\isanewline
ca73e86c22bb updated berghofe parents: 23733 diff changeset	437	{\isasymLongrightarrow}\ P\rulename{even{\isachardot}cases}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	438	\end{isabelle}
ca73e86c22bb updated berghofe parents: 23733 diff changeset	439	This general rule is less useful than instances of it for
ca73e86c22bb updated berghofe parents: 23733 diff changeset	440	specific patterns. For example, if \isa{a} has the form
ca73e86c22bb updated berghofe parents: 23733 diff changeset	441	\isa{Suc\ {\isacharparenleft}Suc\ n{\isacharparenright}} then the first case becomes irrelevant, while the second
ca73e86c22bb updated berghofe parents: 23733 diff changeset	442	case tells us that \isa{n} belongs to \isa{even}. Isabelle will generate
ca73e86c22bb updated berghofe parents: 23733 diff changeset	443	this instance for us:%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	444	\end{isamarkuptext}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	445	\isamarkuptrue%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	446	\isacommand{inductive{\isacharunderscore}cases}\isamarkupfalse%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	447	\ Suc{\isacharunderscore}Suc{\isacharunderscore}cases\ {\isacharbrackleft}elim{\isacharbang}{\isacharbrackright}{\isacharcolon}\ {\isachardoublequoteopen}Suc{\isacharparenleft}Suc\ n{\isacharparenright}\ {\isasymin}\ even{\isachardoublequoteclose}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	448	\begin{isamarkuptext}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	449	The \commdx{inductive\protect\_cases} command generates an instance of
ca73e86c22bb updated berghofe parents: 23733 diff changeset	450	the \isa{cases} rule for the supplied pattern and gives it the supplied name:
ca73e86c22bb updated berghofe parents: 23733 diff changeset	451	\begin{isabelle}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	452	{\isasymlbrakk}Suc\ {\isacharparenleft}Suc\ n{\isacharparenright}\ {\isasymin}\ even{\isacharsemicolon}\ n\ {\isasymin}\ even\ {\isasymLongrightarrow}\ P{\isasymrbrakk}\ {\isasymLongrightarrow}\ P\rulename{Suc{\isacharunderscore}Suc{\isacharunderscore}cases}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	453	\end{isabelle}
ca73e86c22bb updated berghofe parents: 23733 diff changeset	454	Applying this as an elimination rule yields one case where \isa{even{\isachardot}cases}
ca73e86c22bb updated berghofe parents: 23733 diff changeset	455	would yield two. Rule inversion works well when the conclusions of the
ca73e86c22bb updated berghofe parents: 23733 diff changeset	456	introduction rules involve datatype constructors like \isa{Suc} and \isa{{\isacharhash}}
ca73e86c22bb updated berghofe parents: 23733 diff changeset	457	(list ``cons''); freeness reasoning discards all but one or two cases.
ca73e86c22bb updated berghofe parents: 23733 diff changeset	458
ca73e86c22bb updated berghofe parents: 23733 diff changeset	459	In the \isacommand{inductive\_cases} command we supplied an
ca73e86c22bb updated berghofe parents: 23733 diff changeset	460	attribute, \isa{elim{\isacharbang}},
ca73e86c22bb updated berghofe parents: 23733 diff changeset	461	\index{elim"!@\isa {elim"!} (attribute)}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	462	indicating that this elimination rule can be
ca73e86c22bb updated berghofe parents: 23733 diff changeset	463	applied aggressively. The original
ca73e86c22bb updated berghofe parents: 23733 diff changeset	464	\isa{cases} rule would loop if used in that manner because the
ca73e86c22bb updated berghofe parents: 23733 diff changeset	465	pattern~\isa{a} matches everything.
ca73e86c22bb updated berghofe parents: 23733 diff changeset	466
ca73e86c22bb updated berghofe parents: 23733 diff changeset	467	The rule \isa{Suc{\isacharunderscore}Suc{\isacharunderscore}cases} is equivalent to the following implication:
ca73e86c22bb updated berghofe parents: 23733 diff changeset	468	\begin{isabelle}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	469	Suc\ {\isacharparenleft}Suc\ n{\isacharparenright}\ {\isasymin}\ even\ {\isasymLongrightarrow}\ n\ {\isasymin}\ even%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	470	\end{isabelle}
ca73e86c22bb updated berghofe parents: 23733 diff changeset	471	Just above we devoted some effort to reaching precisely
ca73e86c22bb updated berghofe parents: 23733 diff changeset	472	this result. Yet we could have obtained it by a one-line declaration,
ca73e86c22bb updated berghofe parents: 23733 diff changeset	473	dispensing with the lemma \isa{even{\isacharunderscore}imp{\isacharunderscore}even{\isacharunderscore}minus{\isacharunderscore}{\isadigit{2}}}.
ca73e86c22bb updated berghofe parents: 23733 diff changeset	474	This example also justifies the terminology
ca73e86c22bb updated berghofe parents: 23733 diff changeset	475	\textbf{rule inversion}: the new rule inverts the introduction rule
ca73e86c22bb updated berghofe parents: 23733 diff changeset	476	\isa{even{\isachardot}step}. In general, a rule can be inverted when the set of elements
ca73e86c22bb updated berghofe parents: 23733 diff changeset	477	it introduces is disjoint from those of the other introduction rules.
ca73e86c22bb updated berghofe parents: 23733 diff changeset	478
ca73e86c22bb updated berghofe parents: 23733 diff changeset	479	For one-off applications of rule inversion, use the \methdx{ind_cases} method.
ca73e86c22bb updated berghofe parents: 23733 diff changeset	480	Here is an example:%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	481	\end{isamarkuptext}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	482	\isamarkuptrue%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	483	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	484	\isadelimproof
ca73e86c22bb updated berghofe parents: 23733 diff changeset	485	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	486	\endisadelimproof
ca73e86c22bb updated berghofe parents: 23733 diff changeset	487	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	488	\isatagproof
ca73e86c22bb updated berghofe parents: 23733 diff changeset	489	\isacommand{apply}\isamarkupfalse%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	490	\ {\isacharparenleft}ind{\isacharunderscore}cases\ {\isachardoublequoteopen}Suc{\isacharparenleft}Suc\ n{\isacharparenright}\ {\isasymin}\ even{\isachardoublequoteclose}{\isacharparenright}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	491	\endisatagproof
ca73e86c22bb updated berghofe parents: 23733 diff changeset	492	{\isafoldproof}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	493	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	494	\isadelimproof
ca73e86c22bb updated berghofe parents: 23733 diff changeset	495	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	496	\endisadelimproof
ca73e86c22bb updated berghofe parents: 23733 diff changeset	497	%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	498	\begin{isamarkuptext}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	499	The specified instance of the \isa{cases} rule is generated, then applied
ca73e86c22bb updated berghofe parents: 23733 diff changeset	500	as an elimination rule.
ca73e86c22bb updated berghofe parents: 23733 diff changeset	501
ca73e86c22bb updated berghofe parents: 23733 diff changeset	502	To summarize, every inductive definition produces a \isa{cases} rule. The
ca73e86c22bb updated berghofe parents: 23733 diff changeset	503	\commdx{inductive\protect\_cases} command stores an instance of the
ca73e86c22bb updated berghofe parents: 23733 diff changeset	504	\isa{cases} rule for a given pattern. Within a proof, the
ca73e86c22bb updated berghofe parents: 23733 diff changeset	505	\isa{ind{\isacharunderscore}cases} method applies an instance of the \isa{cases}
ca73e86c22bb updated berghofe parents: 23733 diff changeset	506	rule.
ca73e86c22bb updated berghofe parents: 23733 diff changeset	507
ca73e86c22bb updated berghofe parents: 23733 diff changeset	508	The even numbers example has shown how inductive definitions can be
ca73e86c22bb updated berghofe parents: 23733 diff changeset	509	used. Later examples will show that they are actually worth using.%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	510	\index{rule inversion\|)}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	511	\index{even numbers!defining inductively\|)}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	512	\end{isamarkuptext}%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	513	\isamarkuptrue%
ca73e86c22bb updated berghofe parents: 23733 diff changeset	514	%
17056 05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	515	\isadelimtheory
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	516	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	517	\endisadelimtheory
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	518	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	519	\isatagtheory
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	520	%
17056 05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	521	\endisatagtheory
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	522	{\isafoldtheory}%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	523	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	524	\isadelimtheory
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	525	%
05fc32a23b8b updated; wenzelm parents: 16523 diff changeset	526	\endisadelimtheory
10365 a17cf465d29a auto generated paulson parents: diff changeset	527	\end{isabellebody}%
a17cf465d29a auto generated paulson parents: diff changeset	528	%%% Local Variables:
a17cf465d29a auto generated paulson parents: diff changeset	529	%%% mode: latex
a17cf465d29a auto generated paulson parents: diff changeset	530	%%% TeX-master: "root"
a17cf465d29a auto generated paulson parents: diff changeset	531	%%% End:

author	wenzelm
	Tue, 23 Oct 2007 14:00:06 +0200
changeset 25160	72fcf0832cfe
parent 23928	efee34ff4764
child 25330	15bf0f47a87d
permissions	-rw-r--r--