isabelle: doc-src/TutorialI/Recdef/document/Induction.tex@98acc234d683 (annotated)

9722 a5f86aed785b * empty log message * nipkow parents: 9721 diff changeset	1	%
a5f86aed785b * empty log message * nipkow parents: 9721 diff changeset	2	\begin{isabellebody}%
9924 3370f6aa3200 updated; wenzelm parents: 9792 diff changeset	3	\def\isabellecontext{Induction}%
17056 05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	4	%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	5	\isadelimtheory
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	6	%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	7	\endisadelimtheory
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	8	%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	9	\isatagtheory
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	10	%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	11	\endisatagtheory
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	12	{\isafoldtheory}%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	13	%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	14	\isadelimtheory
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	15	%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	16	\endisadelimtheory
8749 2665170f104a Adding generated files nipkow parents: diff changeset	17	%
2665170f104a Adding generated files nipkow parents: diff changeset	18	\begin{isamarkuptext}%
2665170f104a Adding generated files nipkow parents: diff changeset	19	Assuming we have defined our function such that Isabelle could prove
2665170f104a Adding generated files nipkow parents: diff changeset	20	termination and that the recursion equations (or some suitable derived
2665170f104a Adding generated files nipkow parents: diff changeset	21	equations) are simplification rules, we might like to prove something about
2665170f104a Adding generated files nipkow parents: diff changeset	22	our function. Since the function is recursive, the natural proof principle is
2665170f104a Adding generated files nipkow parents: diff changeset	23	again induction. But this time the structural form of induction that comes
10971 6852682eaf16 * empty log message * nipkow parents: 10950 diff changeset	24	with datatypes is unlikely to work well --- otherwise we could have defined the
8749 2665170f104a Adding generated files nipkow parents: diff changeset	25	function by \isacommand{primrec}. Therefore \isacommand{recdef} automatically
9792 bbefb6ce5cb2 * empty log message * nipkow parents: 9723 diff changeset	26	proves a suitable induction rule $f$\isa{{\isachardot}induct} that follows the
8749 2665170f104a Adding generated files nipkow parents: diff changeset	27	recursion pattern of the particular function $f$. We call this
2665170f104a Adding generated files nipkow parents: diff changeset	28	\textbf{recursion induction}. Roughly speaking, it
2665170f104a Adding generated files nipkow parents: diff changeset	29	requires you to prove for each \isacommand{recdef} equation that the property
2665170f104a Adding generated files nipkow parents: diff changeset	30	you are trying to establish holds for the left-hand side provided it holds
10795 9e888d60d3e5 minor edits to Chapters 1-3 paulson parents: 10362 diff changeset	31	for all recursive calls on the right-hand side. Here is a simple example
9e888d60d3e5 minor edits to Chapters 1-3 paulson parents: 10362 diff changeset	32	involving the predefined \isa{map} functional on lists:%
8749 2665170f104a Adding generated files nipkow parents: diff changeset	33	\end{isamarkuptext}%
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	34	\isamarkuptrue%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	35	\isacommand{lemma}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	36	\ {\isachardoublequoteopen}map\ f\ {\isacharparenleft}sep{\isacharparenleft}x{\isacharcomma}xs{\isacharparenright}{\isacharparenright}\ {\isacharequal}\ sep{\isacharparenleft}f\ x{\isacharcomma}\ map\ f\ xs{\isacharparenright}{\isachardoublequoteclose}%
17056 05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	37	\isadelimproof
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	38	%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	39	\endisadelimproof
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	40	%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	41	\isatagproof
16069 3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	42	%
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	43	\begin{isamarkuptxt}%
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	44	\noindent
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	45	Note that \isa{map\ f\ xs}
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	46	is the result of applying \isa{f} to all elements of \isa{xs}. We prove
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	47	this lemma by recursion induction over \isa{sep}:%
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	48	\end{isamarkuptxt}%
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	49	\isamarkuptrue%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	50	\isacommand{apply}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	51	{\isacharparenleft}induct{\isacharunderscore}tac\ x\ xs\ rule{\isacharcolon}\ sep{\isachardot}induct{\isacharparenright}%
16069 3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	52	\begin{isamarkuptxt}%
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	53	\noindent
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	54	The resulting proof state has three subgoals corresponding to the three
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	55	clauses for \isa{sep}:
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	56	\begin{isabelle}%
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	57	\ {\isadigit{1}}{\isachardot}\ {\isasymAnd}a{\isachardot}\ map\ f\ {\isacharparenleft}sep\ {\isacharparenleft}a{\isacharcomma}\ {\isacharbrackleft}{\isacharbrackright}{\isacharparenright}{\isacharparenright}\ {\isacharequal}\ sep\ {\isacharparenleft}f\ a{\isacharcomma}\ map\ f\ {\isacharbrackleft}{\isacharbrackright}{\isacharparenright}\isanewline
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	58	\ {\isadigit{2}}{\isachardot}\ {\isasymAnd}a\ x{\isachardot}\ map\ f\ {\isacharparenleft}sep\ {\isacharparenleft}a{\isacharcomma}\ {\isacharbrackleft}x{\isacharbrackright}{\isacharparenright}{\isacharparenright}\ {\isacharequal}\ sep\ {\isacharparenleft}f\ a{\isacharcomma}\ map\ f\ {\isacharbrackleft}x{\isacharbrackright}{\isacharparenright}\isanewline
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	59	\ {\isadigit{3}}{\isachardot}\ {\isasymAnd}a\ x\ y\ zs{\isachardot}\isanewline
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	60	\isaindent{\ {\isadigit{3}}{\isachardot}\ \ \ \ }map\ f\ {\isacharparenleft}sep\ {\isacharparenleft}a{\isacharcomma}\ y\ {\isacharhash}\ zs{\isacharparenright}{\isacharparenright}\ {\isacharequal}\ sep\ {\isacharparenleft}f\ a{\isacharcomma}\ map\ f\ {\isacharparenleft}y\ {\isacharhash}\ zs{\isacharparenright}{\isacharparenright}\ {\isasymLongrightarrow}\isanewline
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	61	\isaindent{\ {\isadigit{3}}{\isachardot}\ \ \ \ }map\ f\ {\isacharparenleft}sep\ {\isacharparenleft}a{\isacharcomma}\ x\ {\isacharhash}\ y\ {\isacharhash}\ zs{\isacharparenright}{\isacharparenright}\ {\isacharequal}\ sep\ {\isacharparenleft}f\ a{\isacharcomma}\ map\ f\ {\isacharparenleft}x\ {\isacharhash}\ y\ {\isacharhash}\ zs{\isacharparenright}{\isacharparenright}%
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	62	\end{isabelle}
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	63	The rest is pure simplification:%
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	64	\end{isamarkuptxt}%
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	65	\isamarkuptrue%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	66	\isacommand{apply}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	67	\ simp{\isacharunderscore}all\isanewline
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	68	\isacommand{done}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	69	%
17056 05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	70	\endisatagproof
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	71	{\isafoldproof}%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	72	%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	73	\isadelimproof
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	74	%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	75	\endisadelimproof
11866 fbd097aec213 updated; wenzelm parents: 11458 diff changeset	76	%
8749 2665170f104a Adding generated files nipkow parents: diff changeset	77	\begin{isamarkuptext}%
2665170f104a Adding generated files nipkow parents: diff changeset	78	Try proving the above lemma by structural induction, and you find that you
2665170f104a Adding generated files nipkow parents: diff changeset	79	need an additional case distinction. What is worse, the names of variables
2665170f104a Adding generated files nipkow parents: diff changeset	80	are invented by Isabelle and have nothing to do with the names in the
2665170f104a Adding generated files nipkow parents: diff changeset	81	definition of \isa{sep}.
2665170f104a Adding generated files nipkow parents: diff changeset	82
2665170f104a Adding generated files nipkow parents: diff changeset	83	In general, the format of invoking recursion induction is
9792 bbefb6ce5cb2 * empty log message * nipkow parents: 9723 diff changeset	84	\begin{quote}
11159 07b13770c4d6 * empty log message * nipkow parents: 11023 diff changeset	85	\isacommand{apply}\isa{{\isacharparenleft}induct{\isacharunderscore}tac} $x@1 \dots x@n$ \isa{rule{\isacharcolon}} $f$\isa{{\isachardot}induct{\isacharparenright}}
11428 332347b9b942 tidying the index paulson parents: 11159 diff changeset	86	\end{quote}\index{*induct_tac (method)}%
8749 2665170f104a Adding generated files nipkow parents: diff changeset	87	where $x@1~\dots~x@n$ is a list of free variables in the subgoal and $f$ the
2665170f104a Adding generated files nipkow parents: diff changeset	88	name of a function that takes an $n$-tuple. Usually the subgoal will
10971 6852682eaf16 * empty log message * nipkow parents: 10950 diff changeset	89	contain the term $f(x@1,\dots,x@n)$ but this need not be the case. The
11458 09a6c44a48ea numerous stylistic changes and indexing paulson parents: 11428 diff changeset	90	induction rules do not mention $f$ at all. Here is \isa{sep{\isachardot}induct}:
9723 a977245dfc8a * empty log message * nipkow parents: 9722 diff changeset	91	\begin{isabelle}
9689 751fde5307e4 * empty log message * nipkow parents: 9674 diff changeset	92	{\isasymlbrakk}~{\isasymAnd}a.~P~a~[];\isanewline
751fde5307e4 * empty log message * nipkow parents: 9674 diff changeset	93	~~{\isasymAnd}a~x.~P~a~[x];\isanewline
751fde5307e4 * empty log message * nipkow parents: 9674 diff changeset	94	~~{\isasymAnd}a~x~y~zs.~P~a~(y~\#~zs)~{\isasymLongrightarrow}~P~a~(x~\#~y~\#~zs){\isasymrbrakk}\isanewline
751fde5307e4 * empty log message * nipkow parents: 9674 diff changeset	95	{\isasymLongrightarrow}~P~u~v%
9723 a977245dfc8a * empty log message * nipkow parents: 9722 diff changeset	96	\end{isabelle}
11458 09a6c44a48ea numerous stylistic changes and indexing paulson parents: 11428 diff changeset	97	It merely says that in order to prove a property \isa{P} of \isa{u} and
9689 751fde5307e4 * empty log message * nipkow parents: 9674 diff changeset	98	\isa{v} you need to prove it for the three cases where \isa{v} is the
11458 09a6c44a48ea numerous stylistic changes and indexing paulson parents: 11428 diff changeset	99	empty list, the singleton list, and the list with at least two elements.
09a6c44a48ea numerous stylistic changes and indexing paulson parents: 11428 diff changeset	100	The final case has an induction hypothesis: you may assume that \isa{P}
09a6c44a48ea numerous stylistic changes and indexing paulson parents: 11428 diff changeset	101	holds for the tail of that list.%
8749 2665170f104a Adding generated files nipkow parents: diff changeset	102	\end{isamarkuptext}%
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	103	\isamarkuptrue%
17056 05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	104	%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	105	\isadelimtheory
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	106	%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	107	\endisadelimtheory
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	108	%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	109	\isatagtheory
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	110	%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	111	\endisatagtheory
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	112	{\isafoldtheory}%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	113	%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	114	\isadelimtheory
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	115	%
05fc32a23b8b updated; wenzelm parents: 16069 diff changeset	116	\endisadelimtheory
9722 a5f86aed785b * empty log message * nipkow parents: 9721 diff changeset	117	\end{isabellebody}%
9145 9f7b8de5bfaf updated; wenzelm parents: 8771 diff changeset	118	%%% Local Variables:
9f7b8de5bfaf updated; wenzelm parents: 8771 diff changeset	119	%%% mode: latex
9f7b8de5bfaf updated; wenzelm parents: 8771 diff changeset	120	%%% TeX-master: "root"
9f7b8de5bfaf updated; wenzelm parents: 8771 diff changeset	121	%%% End:

author	haftmann
	Tue, 14 Jul 2009 16:27:31 +0200
changeset 32068	98acc234d683
parent 17187	45bee2f6e61f
permissions	-rw-r--r--