isabelle: doc-src/TutorialI/Advanced/WFrec.thy@9e888d60d3e5 (annotated)

10187 0376cccd9118 * empty log message * nipkow parents: diff changeset	1	(<)theory WFrec = Main:(>)
0376cccd9118 * empty log message * nipkow parents: diff changeset	2
0376cccd9118 * empty log message * nipkow parents: diff changeset	3	text{*\noindent
0376cccd9118 * empty log message * nipkow parents: diff changeset	4	So far, all recursive definitions where shown to terminate via measure
0376cccd9118 * empty log message * nipkow parents: diff changeset	5	functions. Sometimes this can be quite inconvenient or even
0376cccd9118 * empty log message * nipkow parents: diff changeset	6	impossible. Fortunately, \isacommand{recdef} supports much more
0376cccd9118 * empty log message * nipkow parents: diff changeset	7	general definitions. For example, termination of Ackermann's function
10654 458068404143 * empty log message * nipkow parents: 10545 diff changeset	8	can be shown by means of the \rmindex{lexicographic product} @{text"<lex>"}:
10187 0376cccd9118 * empty log message * nipkow parents: diff changeset	9	*}
0376cccd9118 * empty log message * nipkow parents: diff changeset	10
0376cccd9118 * empty log message * nipkow parents: diff changeset	11	consts ack :: "nat\<times>nat \<Rightarrow> nat";
0376cccd9118 * empty log message * nipkow parents: diff changeset	12	recdef ack "measure(\<lambda>m. m) <lex> measure(\<lambda>n. n)"
0376cccd9118 * empty log message * nipkow parents: diff changeset	13	"ack(0,n) = Suc n"
0376cccd9118 * empty log message * nipkow parents: diff changeset	14	"ack(Suc m,0) = ack(m, 1)"
0376cccd9118 * empty log message * nipkow parents: diff changeset	15	"ack(Suc m,Suc n) = ack(m,ack(Suc m,n))";
0376cccd9118 * empty log message * nipkow parents: diff changeset	16
0376cccd9118 * empty log message * nipkow parents: diff changeset	17	text{*\noindent
0376cccd9118 * empty log message * nipkow parents: diff changeset	18	The lexicographic product decreases if either its first component
0376cccd9118 * empty log message * nipkow parents: diff changeset	19	decreases (as in the second equation and in the outer call in the
0376cccd9118 * empty log message * nipkow parents: diff changeset	20	third equation) or its first component stays the same and the second
0376cccd9118 * empty log message * nipkow parents: diff changeset	21	component decreases (as in the inner call in the third equation).
0376cccd9118 * empty log message * nipkow parents: diff changeset	22
0376cccd9118 * empty log message * nipkow parents: diff changeset	23	In general, \isacommand{recdef} supports termination proofs based on
10396 5ab08609e6c8 * empty log message * nipkow parents: 10241 diff changeset	24	arbitrary well-founded relations as introduced in \S\ref{sec:Well-founded}.
5ab08609e6c8 * empty log message * nipkow parents: 10241 diff changeset	25	This is called \textbf{well-founded
10545 216388848786 * empty log message * nipkow parents: 10522 diff changeset	26	recursion}\indexbold{recursion!well-founded}. Clearly, a function definition
216388848786 * empty log message * nipkow parents: 10522 diff changeset	27	is total iff the set of all pairs $(r,l)$, where $l$ is the argument on the
10396 5ab08609e6c8 * empty log message * nipkow parents: 10241 diff changeset	28	left-hand side of an equation and $r$ the argument of some recursive call on
5ab08609e6c8 * empty log message * nipkow parents: 10241 diff changeset	29	the corresponding right-hand side, induces a well-founded relation. For a
5ab08609e6c8 * empty log message * nipkow parents: 10241 diff changeset	30	systematic account of termination proofs via well-founded relations see, for
5ab08609e6c8 * empty log message * nipkow parents: 10241 diff changeset	31	example, \cite{Baader-Nipkow}.
10187 0376cccd9118 * empty log message * nipkow parents: diff changeset	32
10396 5ab08609e6c8 * empty log message * nipkow parents: 10241 diff changeset	33	Each \isacommand{recdef} definition should be accompanied (after the name of
5ab08609e6c8 * empty log message * nipkow parents: 10241 diff changeset	34	the function) by a well-founded relation on the argument type of the
5ab08609e6c8 * empty log message * nipkow parents: 10241 diff changeset	35	function. The HOL library formalizes some of the most important
5ab08609e6c8 * empty log message * nipkow parents: 10241 diff changeset	36	constructions of well-founded relations (see \S\ref{sec:Well-founded}). For
5ab08609e6c8 * empty log message * nipkow parents: 10241 diff changeset	37	example, @{term"measure f"} is always well-founded, and the lexicographic
5ab08609e6c8 * empty log message * nipkow parents: 10241 diff changeset	38	product of two well-founded relations is again well-founded, which we relied
5ab08609e6c8 * empty log message * nipkow parents: 10241 diff changeset	39	on when defining Ackermann's function above.
5ab08609e6c8 * empty log message * nipkow parents: 10241 diff changeset	40	Of course the lexicographic product can also be interated:
10189 865918597b63 * empty log message * nipkow parents: 10187 diff changeset	41	*}
10187 0376cccd9118 * empty log message * nipkow parents: diff changeset	42
10189 865918597b63 * empty log message * nipkow parents: 10187 diff changeset	43	consts contrived :: "nat \<times> nat \<times> nat \<Rightarrow> nat"
865918597b63 * empty log message * nipkow parents: 10187 diff changeset	44	recdef contrived
865918597b63 * empty log message * nipkow parents: 10187 diff changeset	45	"measure(\<lambda>i. i) <lex> measure(\<lambda>j. j) <lex> measure(\<lambda>k. k)"
865918597b63 * empty log message * nipkow parents: 10187 diff changeset	46	"contrived(i,j,Suc k) = contrived(i,j,k)"
865918597b63 * empty log message * nipkow parents: 10187 diff changeset	47	"contrived(i,Suc j,0) = contrived(i,j,j)"
865918597b63 * empty log message * nipkow parents: 10187 diff changeset	48	"contrived(Suc i,0,0) = contrived(i,i,i)"
865918597b63 * empty log message * nipkow parents: 10187 diff changeset	49	"contrived(0,0,0) = 0"
865918597b63 * empty log message * nipkow parents: 10187 diff changeset	50
865918597b63 * empty log message * nipkow parents: 10187 diff changeset	51	text{*
10396 5ab08609e6c8 * empty log message * nipkow parents: 10241 diff changeset	52	Lexicographic products of measure functions already go a long
10522 ed3964d1f1a4 * empty log message * nipkow parents: 10396 diff changeset	53	way. Furthermore you may embed some type in an
10396 5ab08609e6c8 * empty log message * nipkow parents: 10241 diff changeset	54	existing well-founded relation via the inverse image construction @{term
5ab08609e6c8 * empty log message * nipkow parents: 10241 diff changeset	55	inv_image}. All these constructions are known to \isacommand{recdef}. Thus you
10241 e0428c2778f1 wellfounded -> well-founded paulson parents: 10190 diff changeset	56	will never have to prove well-foundedness of any relation composed
10189 865918597b63 * empty log message * nipkow parents: 10187 diff changeset	57	solely of these building blocks. But of course the proof of
865918597b63 * empty log message * nipkow parents: 10187 diff changeset	58	termination of your function definition, i.e.\ that the arguments
865918597b63 * empty log message * nipkow parents: 10187 diff changeset	59	decrease with every recursive call, may still require you to provide
865918597b63 * empty log message * nipkow parents: 10187 diff changeset	60	additional lemmas.
865918597b63 * empty log message * nipkow parents: 10187 diff changeset	61
10241 e0428c2778f1 wellfounded -> well-founded paulson parents: 10190 diff changeset	62	It is also possible to use your own well-founded relations with \isacommand{recdef}.
10189 865918597b63 * empty log message * nipkow parents: 10187 diff changeset	63	Here is a simplistic example:
10187 0376cccd9118 * empty log message * nipkow parents: diff changeset	64	*}
10189 865918597b63 * empty log message * nipkow parents: 10187 diff changeset	65
865918597b63 * empty log message * nipkow parents: 10187 diff changeset	66	consts f :: "nat \<Rightarrow> nat"
865918597b63 * empty log message * nipkow parents: 10187 diff changeset	67	recdef f "id(less_than)"
865918597b63 * empty log message * nipkow parents: 10187 diff changeset	68	"f 0 = 0"
865918597b63 * empty log message * nipkow parents: 10187 diff changeset	69	"f (Suc n) = f n"
865918597b63 * empty log message * nipkow parents: 10187 diff changeset	70
10396 5ab08609e6c8 * empty log message * nipkow parents: 10241 diff changeset	71	text{*\noindent
10189 865918597b63 * empty log message * nipkow parents: 10187 diff changeset	72	Since \isacommand{recdef} is not prepared for @{term id}, the identity
865918597b63 * empty log message * nipkow parents: 10187 diff changeset	73	function, this leads to the complaint that it could not prove
10396 5ab08609e6c8 * empty log message * nipkow parents: 10241 diff changeset	74	@{prop"wf (id less_than)"}.
5ab08609e6c8 * empty log message * nipkow parents: 10241 diff changeset	75	We should first have proved that @{term id} preserves well-foundedness
10189 865918597b63 * empty log message * nipkow parents: 10187 diff changeset	76	*}
865918597b63 * empty log message * nipkow parents: 10187 diff changeset	77
865918597b63 * empty log message * nipkow parents: 10187 diff changeset	78	lemma wf_id: "wf r \<Longrightarrow> wf(id r)"
865918597b63 * empty log message * nipkow parents: 10187 diff changeset	79	by simp;
865918597b63 * empty log message * nipkow parents: 10187 diff changeset	80
865918597b63 * empty log message * nipkow parents: 10187 diff changeset	81	text{*\noindent
10795 9e888d60d3e5 minor edits to Chapters 1-3 paulson parents: 10654 diff changeset	82	and should have appended the following hint to our definition above:
10654 458068404143 * empty log message * nipkow parents: 10545 diff changeset	83	\indexbold{*recdef_wf}
10189 865918597b63 * empty log message * nipkow parents: 10187 diff changeset	84	*}
865918597b63 * empty log message * nipkow parents: 10187 diff changeset	85	(<)
865918597b63 * empty log message * nipkow parents: 10187 diff changeset	86	consts g :: "nat \<Rightarrow> nat"
865918597b63 * empty log message * nipkow parents: 10187 diff changeset	87	recdef g "id(less_than)"
865918597b63 * empty log message * nipkow parents: 10187 diff changeset	88	"g 0 = 0"
865918597b63 * empty log message * nipkow parents: 10187 diff changeset	89	"g (Suc n) = g n"
865918597b63 * empty log message * nipkow parents: 10187 diff changeset	90	(>)
10654 458068404143 * empty log message * nipkow parents: 10545 diff changeset	91	(hints recdef_wf: wf_id)
10396 5ab08609e6c8 * empty log message * nipkow parents: 10241 diff changeset	92	(<)end(>)

author	paulson
	Fri, 05 Jan 2001 18:32:57 +0100
changeset 10795	9e888d60d3e5
parent 10654	458068404143
child 10841	2fb8089ab6cd
permissions	-rw-r--r--