isabelle: doc-src/TutorialI/Recdef/document/termination.tex@9454a8bd1114 (annotated)

9722 a5f86aed785b * empty log message * nipkow parents: 9721 diff changeset	1	%
a5f86aed785b * empty log message * nipkow parents: 9721 diff changeset	2	\begin{isabellebody}%
9924 3370f6aa3200 updated; wenzelm parents: 9792 diff changeset	3	\def\isabellecontext{termination}%
17056 05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	4	%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	5	\isadelimtheory
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	6	%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	7	\endisadelimtheory
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	8	%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	9	\isatagtheory
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	10	%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	11	\endisatagtheory
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	12	{\isafoldtheory}%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	13	%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	14	\isadelimtheory
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	15	%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	16	\endisadelimtheory
8749 2665170f104a Adding generated files nipkow parents: diff changeset	17	%
2665170f104a Adding generated files nipkow parents: diff changeset	18	\begin{isamarkuptext}%
11309 d666f11ca2d4 minor suggestions by Tanja Vos paulson parents: 10971 diff changeset	19	When a function~$f$ is defined via \isacommand{recdef}, Isabelle tries to prove
d666f11ca2d4 minor suggestions by Tanja Vos paulson parents: 10971 diff changeset	20	its termination with the help of the user-supplied measure. Each of the examples
d666f11ca2d4 minor suggestions by Tanja Vos paulson parents: 10971 diff changeset	21	above is simple enough that Isabelle can automatically prove that the
d666f11ca2d4 minor suggestions by Tanja Vos paulson parents: 10971 diff changeset	22	argument's measure decreases in each recursive call. As a result,
9792 bbefb6ce5cb2 * empty log message * nipkow parents: 9722 diff changeset	23	$f$\isa{{\isachardot}simps} will contain the defining equations (or variants derived
bbefb6ce5cb2 * empty log message * nipkow parents: 9722 diff changeset	24	from them) as theorems. For example, look (via \isacommand{thm}) at
10187 0376cccd9118 * empty log message * nipkow parents: 10186 diff changeset	25	\isa{sep{\isachardot}simps} and \isa{sep{\isadigit{1}}{\isachardot}simps} to see that they define
9792 bbefb6ce5cb2 * empty log message * nipkow parents: 9722 diff changeset	26	the same function. What is more, those equations are automatically declared as
8749 2665170f104a Adding generated files nipkow parents: diff changeset	27	simplification rules.
2665170f104a Adding generated files nipkow parents: diff changeset	28
11458 09a6c44a48ea numerous stylistic changes and indexing paulson parents: 11429 diff changeset	29	Isabelle may fail to prove the termination condition for some
12489 c92e38c3cbaa * empty log message * nipkow parents: 12473 diff changeset	30	recursive call. Let us try to define Quicksort:%
11636 0bec857c9871 oops; wenzelm parents: 11627 diff changeset	31	\end{isamarkuptext}%
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	32	\isamarkuptrue%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	33	\isacommand{consts}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	34	\ qs\ {\isacharcolon}{\isacharcolon}\ {\isachardoublequoteopen}nat\ list\ {\isasymRightarrow}\ nat\ list{\isachardoublequoteclose}\isanewline
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	35	\isacommand{recdef}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	36	\ qs\ {\isachardoublequoteopen}measure\ length{\isachardoublequoteclose}\isanewline
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	37	\ {\isachardoublequoteopen}qs\ {\isacharbrackleft}{\isacharbrackright}\ {\isacharequal}\ {\isacharbrackleft}{\isacharbrackright}{\isachardoublequoteclose}\isanewline
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	38	\ {\isachardoublequoteopen}qs{\isacharparenleft}x{\isacharhash}xs{\isacharparenright}\ {\isacharequal}\ qs{\isacharparenleft}filter\ {\isacharparenleft}{\isasymlambda}y{\isachardot}\ y{\isasymle}x{\isacharparenright}\ xs{\isacharparenright}\ {\isacharat}\ {\isacharbrackleft}x{\isacharbrackright}\ {\isacharat}\ qs{\isacharparenleft}filter\ {\isacharparenleft}{\isasymlambda}y{\isachardot}\ x{\isacharless}y{\isacharparenright}\ xs{\isacharparenright}{\isachardoublequoteclose}%
11636 0bec857c9871 oops; wenzelm parents: 11627 diff changeset	39	\begin{isamarkuptext}%
12489 c92e38c3cbaa * empty log message * nipkow parents: 12473 diff changeset	40	\noindent where \isa{filter} is predefined and \isa{filter\ P\ xs}
c92e38c3cbaa * empty log message * nipkow parents: 12473 diff changeset	41	is the list of elements of \isa{xs} satisfying \isa{P}.
c92e38c3cbaa * empty log message * nipkow parents: 12473 diff changeset	42	This definition of \isa{qs} fails, and Isabelle prints an error message
c92e38c3cbaa * empty log message * nipkow parents: 12473 diff changeset	43	showing you what it was unable to prove:
c92e38c3cbaa * empty log message * nipkow parents: 12473 diff changeset	44	\begin{isabelle}%
c92e38c3cbaa * empty log message * nipkow parents: 12473 diff changeset	45	\ \ \ \ \ length\ {\isacharparenleft}filter\ {\isachardot}{\isachardot}{\isachardot}\ xs{\isacharparenright}\ {\isacharless}\ Suc\ {\isacharparenleft}length\ xs{\isacharparenright}%
c92e38c3cbaa * empty log message * nipkow parents: 12473 diff changeset	46	\end{isabelle}
c92e38c3cbaa * empty log message * nipkow parents: 12473 diff changeset	47	We can either prove this as a separate lemma, or try to figure out which
c92e38c3cbaa * empty log message * nipkow parents: 12473 diff changeset	48	existing lemmas may help. We opt for the second alternative. The theory of
c92e38c3cbaa * empty log message * nipkow parents: 12473 diff changeset	49	lists contains the simplification rule \isa{length\ {\isacharparenleft}filter\ P\ xs{\isacharparenright}\ {\isasymle}\ length\ xs},
15270 8b3f707a78a7 fixed reference to renamed theorem paulson parents: 13791 diff changeset	50	which is what we need, provided we turn \mbox{\isa{{\isacharless}\ Suc}}
12489 c92e38c3cbaa * empty log message * nipkow parents: 12473 diff changeset	51	into
15270 8b3f707a78a7 fixed reference to renamed theorem paulson parents: 13791 diff changeset	52	\isa{{\isasymle}} so that the rule applies. Lemma
12489 c92e38c3cbaa * empty log message * nipkow parents: 12473 diff changeset	53	\isa{less{\isacharunderscore}Suc{\isacharunderscore}eq{\isacharunderscore}le} does just that: \isa{{\isacharparenleft}m\ {\isacharless}\ Suc\ n{\isacharparenright}\ {\isacharequal}\ {\isacharparenleft}m\ {\isasymle}\ n{\isacharparenright}}.
c92e38c3cbaa * empty log message * nipkow parents: 12473 diff changeset	54
c92e38c3cbaa * empty log message * nipkow parents: 12473 diff changeset	55	Now we retry the above definition but supply the lemma(s) just found (or
c92e38c3cbaa * empty log message * nipkow parents: 12473 diff changeset	56	proved). Because \isacommand{recdef}'s termination prover involves
c92e38c3cbaa * empty log message * nipkow parents: 12473 diff changeset	57	simplification, we include in our second attempt a hint: the
c92e38c3cbaa * empty log message * nipkow parents: 12473 diff changeset	58	\attrdx{recdef_simp} attribute says to use \isa{less{\isacharunderscore}Suc{\isacharunderscore}eq{\isacharunderscore}le} as a
13111 2d6782e71702 * empty log message * nipkow parents: 12489 diff changeset	59	simplification rule.\cmmdx{hints}%
11636 0bec857c9871 oops; wenzelm parents: 11627 diff changeset	60	\end{isamarkuptext}%
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	61	\isamarkuptrue%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	62	\isacommand{recdef}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	63	\ qs\ {\isachardoublequoteopen}measure\ length{\isachardoublequoteclose}\isanewline
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	64	\ {\isachardoublequoteopen}qs\ {\isacharbrackleft}{\isacharbrackright}\ {\isacharequal}\ {\isacharbrackleft}{\isacharbrackright}{\isachardoublequoteclose}\isanewline
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	65	\ {\isachardoublequoteopen}qs{\isacharparenleft}x{\isacharhash}xs{\isacharparenright}\ {\isacharequal}\ qs{\isacharparenleft}filter\ {\isacharparenleft}{\isasymlambda}y{\isachardot}\ y{\isasymle}x{\isacharparenright}\ xs{\isacharparenright}\ {\isacharat}\ {\isacharbrackleft}x{\isacharbrackright}\ {\isacharat}\ qs{\isacharparenleft}filter\ {\isacharparenleft}{\isasymlambda}y{\isachardot}\ x{\isacharless}y{\isacharparenright}\ xs{\isacharparenright}{\isachardoublequoteclose}\isanewline
17181 5f42dd5e6570 updated; wenzelm parents: 17175 diff changeset	66	{\isacharparenleft}\isakeyword{hints}\ recdef{\isacharunderscore}simp{\isacharcolon}\ less{\isacharunderscore}Suc{\isacharunderscore}eq{\isacharunderscore}le{\isacharparenright}%
11636 0bec857c9871 oops; wenzelm parents: 11627 diff changeset	67	\begin{isamarkuptext}%
0bec857c9871 oops; wenzelm parents: 11627 diff changeset	68	\noindent
12489 c92e38c3cbaa * empty log message * nipkow parents: 12473 diff changeset	69	This time everything works fine. Now \isa{qs{\isachardot}simps} contains precisely
c92e38c3cbaa * empty log message * nipkow parents: 12473 diff changeset	70	the stated recursion equations for \isa{qs} and they have become
c92e38c3cbaa * empty log message * nipkow parents: 12473 diff changeset	71	simplification rules.
c92e38c3cbaa * empty log message * nipkow parents: 12473 diff changeset	72	Thus we can automatically prove results such as this one:%
11636 0bec857c9871 oops; wenzelm parents: 11627 diff changeset	73	\end{isamarkuptext}%
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	74	\isamarkuptrue%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	75	\isacommand{theorem}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	76	\ {\isachardoublequoteopen}qs{\isacharbrackleft}{\isadigit{2}}{\isacharcomma}{\isadigit{3}}{\isacharcomma}{\isadigit{0}}{\isacharbrackright}\ {\isacharequal}\ qs{\isacharbrackleft}{\isadigit{3}}{\isacharcomma}{\isadigit{0}}{\isacharcomma}{\isadigit{2}}{\isacharbrackright}{\isachardoublequoteclose}\isanewline
17056 05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	77	%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	78	\isadelimproof
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	79	%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	80	\endisadelimproof
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	81	%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	82	\isatagproof
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	83	\isacommand{apply}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	84	{\isacharparenleft}simp{\isacharparenright}\isanewline
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	85	\isacommand{done}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	86	%
17056 05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	87	\endisatagproof
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	88	{\isafoldproof}%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	89	%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	90	\isadelimproof
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	91	%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	92	\endisadelimproof
11866 fbd097aec213 updated; wenzelm parents: 11636 diff changeset	93	%
11636 0bec857c9871 oops; wenzelm parents: 11627 diff changeset	94	\begin{isamarkuptext}%
0bec857c9871 oops; wenzelm parents: 11627 diff changeset	95	\noindent
0bec857c9871 oops; wenzelm parents: 11627 diff changeset	96	More exciting theorems require induction, which is discussed below.
0bec857c9871 oops; wenzelm parents: 11627 diff changeset	97
12489 c92e38c3cbaa * empty log message * nipkow parents: 12473 diff changeset	98	If the termination proof requires a lemma that is of general use, you can
11636 0bec857c9871 oops; wenzelm parents: 11627 diff changeset	99	turn it permanently into a simplification rule, in which case the above
12489 c92e38c3cbaa * empty log message * nipkow parents: 12473 diff changeset	100	\isacommand{hint} is not necessary. But in the case of
c92e38c3cbaa * empty log message * nipkow parents: 12473 diff changeset	101	\isa{less{\isacharunderscore}Suc{\isacharunderscore}eq{\isacharunderscore}le} this would be of dubious value.%
11636 0bec857c9871 oops; wenzelm parents: 11627 diff changeset	102	\end{isamarkuptext}%
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	103	\isamarkuptrue%
17056 05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	104	%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	105	\isadelimtheory
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	106	%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	107	\endisadelimtheory
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	108	%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	109	\isatagtheory
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	110	%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	111	\endisatagtheory
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	112	{\isafoldtheory}%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	113	%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	114	\isadelimtheory
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	115	%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	116	\endisadelimtheory
11636 0bec857c9871 oops; wenzelm parents: 11627 diff changeset	117	\end{isabellebody}%
9145 9f7b8de5bfaf updated; wenzelm parents: 8771 diff changeset	118	%%% Local Variables:
9f7b8de5bfaf updated; wenzelm parents: 8771 diff changeset	119	%%% mode: latex
9f7b8de5bfaf updated; wenzelm parents: 8771 diff changeset	120	%%% TeX-master: "root"
9f7b8de5bfaf updated; wenzelm parents: 8771 diff changeset	121	%%% End:

author	wenzelm
	Wed, 14 May 2008 20:30:29 +0200
changeset 26892	9454a8bd1114
parent 17187	45bee2f6e61f
permissions	-rw-r--r--