isabelle: doc-src/TutorialI/ToyList/document/ToyList.tex@9f7b8de5bfaf (annotated)

8749 2665170f104a Adding generated files nipkow parents: diff changeset	1	\begin{isabelle}%
2665170f104a Adding generated files nipkow parents: diff changeset	2	\isacommand{theory}~ToyList~=~PreList:%
2665170f104a Adding generated files nipkow parents: diff changeset	3	\begin{isamarkuptext}%
2665170f104a Adding generated files nipkow parents: diff changeset	4	\noindent
8771 026f37a86ea7 * empty log message * nipkow parents: 8749 diff changeset	5	HOL already has a predefined theory of lists called \isa{List} ---
026f37a86ea7 * empty log message * nipkow parents: 8749 diff changeset	6	\isa{ToyList} is merely a small fragment of it chosen as an example. In
8749 2665170f104a Adding generated files nipkow parents: diff changeset	7	contrast to what is recommended in \S\ref{sec:Basic:Theories},
8771 026f37a86ea7 * empty log message * nipkow parents: 8749 diff changeset	8	\isa{ToyList} is not based on \isa{Main} but on \isa{PreList}, a
8749 2665170f104a Adding generated files nipkow parents: diff changeset	9	theory that contains pretty much everything but lists, thus avoiding
2665170f104a Adding generated files nipkow parents: diff changeset	10	ambiguities caused by defining lists twice.%
2665170f104a Adding generated files nipkow parents: diff changeset	11	\end{isamarkuptext}%
2665170f104a Adding generated files nipkow parents: diff changeset	12	\isacommand{datatype}~'a~list~=~Nil~~~~~~~~~~~~~~~~~~~~~~~~~~({"}[]{"})\isanewline
2665170f104a Adding generated files nipkow parents: diff changeset	13	~~~~~~~~~~~~~~~~~\|~Cons~'a~{"}'a~list{"}~~~~~~~~~~~~(\isakeyword{infixr}~{"}\#{"}~65)%
2665170f104a Adding generated files nipkow parents: diff changeset	14	\begin{isamarkuptext}%
2665170f104a Adding generated files nipkow parents: diff changeset	15	\noindent
2665170f104a Adding generated files nipkow parents: diff changeset	16	The datatype\index{*datatype} \isaindexbold{list} introduces two
2665170f104a Adding generated files nipkow parents: diff changeset	17	constructors \isaindexbold{Nil} and \isaindexbold{Cons}, the
2665170f104a Adding generated files nipkow parents: diff changeset	18	empty list and the operator that adds an element to the front of a list. For
2665170f104a Adding generated files nipkow parents: diff changeset	19	example, the term \isa{Cons True (Cons False Nil)} is a value of type
2665170f104a Adding generated files nipkow parents: diff changeset	20	\isa{bool~list}, namely the list with the elements \isa{True} and
2665170f104a Adding generated files nipkow parents: diff changeset	21	\isa{False}. Because this notation becomes unwieldy very quickly, the
2665170f104a Adding generated files nipkow parents: diff changeset	22	datatype declaration is annotated with an alternative syntax: instead of
2665170f104a Adding generated files nipkow parents: diff changeset	23	\isa{Nil} and \isa{Cons~$x$~$xs$} we can write
2665170f104a Adding generated files nipkow parents: diff changeset	24	\isa{[]}\index{$HOL2list@\texttt{[]}\|bold} and
2665170f104a Adding generated files nipkow parents: diff changeset	25	\isa{$x$~\#~$xs$}\index{$HOL2list@\texttt{\#}\|bold}. In fact, this
2665170f104a Adding generated files nipkow parents: diff changeset	26	alternative syntax is the standard syntax. Thus the list \isa{Cons True
2665170f104a Adding generated files nipkow parents: diff changeset	27	(Cons False Nil)} becomes \isa{True \# False \# []}. The annotation
2665170f104a Adding generated files nipkow parents: diff changeset	28	\isacommand{infixr}\indexbold{*infixr} means that \isa{\#} associates to
2665170f104a Adding generated files nipkow parents: diff changeset	29	the right, i.e.\ the term \isa{$x$ \# $y$ \# $z$} is read as \isa{$x$
2665170f104a Adding generated files nipkow parents: diff changeset	30	\# ($y$ \# $z$)} and not as \isa{($x$ \# $y$) \# $z$}.
2665170f104a Adding generated files nipkow parents: diff changeset	31
2665170f104a Adding generated files nipkow parents: diff changeset	32	\begin{warn}
2665170f104a Adding generated files nipkow parents: diff changeset	33	Syntax annotations are a powerful but completely optional feature. You
8771 026f37a86ea7 * empty log message * nipkow parents: 8749 diff changeset	34	could drop them from theory \isa{ToyList} and go back to the identifiers
8749 2665170f104a Adding generated files nipkow parents: diff changeset	35	\isa{Nil} and \isa{Cons}. However, lists are such a central datatype
2665170f104a Adding generated files nipkow parents: diff changeset	36	that their syntax is highly customized. We recommend that novices should
2665170f104a Adding generated files nipkow parents: diff changeset	37	not use syntax annotations in their own theories.
2665170f104a Adding generated files nipkow parents: diff changeset	38	\end{warn}
2665170f104a Adding generated files nipkow parents: diff changeset	39	Next, two functions \isa{app} and \isaindexbold{rev} are declared:%
2665170f104a Adding generated files nipkow parents: diff changeset	40	\end{isamarkuptext}%
2665170f104a Adding generated files nipkow parents: diff changeset	41	\isacommand{consts}~app~::~{"}'a~list~{\isasymRightarrow}~'a~list~{\isasymRightarrow}~'a~list{"}~~~(\isakeyword{infixr}~{"}@{"}~65)\isanewline
2665170f104a Adding generated files nipkow parents: diff changeset	42	~~~~~~~rev~::~{"}'a~list~{\isasymRightarrow}~'a~list{"}%
2665170f104a Adding generated files nipkow parents: diff changeset	43	\begin{isamarkuptext}%
2665170f104a Adding generated files nipkow parents: diff changeset	44	\noindent
2665170f104a Adding generated files nipkow parents: diff changeset	45	In contrast to ML, Isabelle insists on explicit declarations of all functions
2665170f104a Adding generated files nipkow parents: diff changeset	46	(keyword \isacommand{consts}). (Apart from the declaration-before-use
2665170f104a Adding generated files nipkow parents: diff changeset	47	restriction, the order of items in a theory file is unconstrained.) Function
2665170f104a Adding generated files nipkow parents: diff changeset	48	\isa{app} is annotated with concrete syntax too. Instead of the prefix
2665170f104a Adding generated files nipkow parents: diff changeset	49	syntax \isa{app~$xs$~$ys$} the infix
2665170f104a Adding generated files nipkow parents: diff changeset	50	\isa{$xs$~\at~$ys$}\index{$HOL2list@\texttt{\at}\|bold} becomes the preferred
2665170f104a Adding generated files nipkow parents: diff changeset	51	form. Both functions are defined recursively:%
2665170f104a Adding generated files nipkow parents: diff changeset	52	\end{isamarkuptext}%
2665170f104a Adding generated files nipkow parents: diff changeset	53	\isacommand{primrec}\isanewline
2665170f104a Adding generated files nipkow parents: diff changeset	54	{"}[]~@~ys~~~~~~~=~ys{"}\isanewline
2665170f104a Adding generated files nipkow parents: diff changeset	55	{"}(x~\#~xs)~@~ys~=~x~\#~(xs~@~ys){"}\isanewline
2665170f104a Adding generated files nipkow parents: diff changeset	56	\isanewline
2665170f104a Adding generated files nipkow parents: diff changeset	57	\isacommand{primrec}\isanewline
2665170f104a Adding generated files nipkow parents: diff changeset	58	{"}rev~[]~~~~~~~~=~[]{"}\isanewline
2665170f104a Adding generated files nipkow parents: diff changeset	59	{"}rev~(x~\#~xs)~~=~(rev~xs)~@~(x~\#~[]){"}%
2665170f104a Adding generated files nipkow parents: diff changeset	60	\begin{isamarkuptext}%
2665170f104a Adding generated files nipkow parents: diff changeset	61	\noindent
2665170f104a Adding generated files nipkow parents: diff changeset	62	The equations for \isa{app} and \isa{rev} hardly need comments:
2665170f104a Adding generated files nipkow parents: diff changeset	63	\isa{app} appends two lists and \isa{rev} reverses a list. The keyword
2665170f104a Adding generated files nipkow parents: diff changeset	64	\isacommand{primrec}\index{*primrec} indicates that the recursion is of a
2665170f104a Adding generated files nipkow parents: diff changeset	65	particularly primitive kind where each recursive call peels off a datatype
8771 026f37a86ea7 * empty log message * nipkow parents: 8749 diff changeset	66	constructor from one of the arguments. Thus the
8749 2665170f104a Adding generated files nipkow parents: diff changeset	67	recursion always terminates, i.e.\ the function is \bfindex{total}.
2665170f104a Adding generated files nipkow parents: diff changeset	68
2665170f104a Adding generated files nipkow parents: diff changeset	69	The termination requirement is absolutely essential in HOL, a logic of total
2665170f104a Adding generated files nipkow parents: diff changeset	70	functions. If we were to drop it, inconsistencies would quickly arise: the
2665170f104a Adding generated files nipkow parents: diff changeset	71	``definition'' $f(n) = f(n)+1$ immediately leads to $0 = 1$ by subtracting
2665170f104a Adding generated files nipkow parents: diff changeset	72	$f(n)$ on both sides.
2665170f104a Adding generated files nipkow parents: diff changeset	73	% However, this is a subtle issue that we cannot discuss here further.
2665170f104a Adding generated files nipkow parents: diff changeset	74
2665170f104a Adding generated files nipkow parents: diff changeset	75	\begin{warn}
2665170f104a Adding generated files nipkow parents: diff changeset	76	As we have indicated, the desire for total functions is not a gratuitously
2665170f104a Adding generated files nipkow parents: diff changeset	77	imposed restriction but an essential characteristic of HOL. It is only
2665170f104a Adding generated files nipkow parents: diff changeset	78	because of totality that reasoning in HOL is comparatively easy. More
2665170f104a Adding generated files nipkow parents: diff changeset	79	generally, the philosophy in HOL is not to allow arbitrary axioms (such as
2665170f104a Adding generated files nipkow parents: diff changeset	80	function definitions whose totality has not been proved) because they
2665170f104a Adding generated files nipkow parents: diff changeset	81	quickly lead to inconsistencies. Instead, fixed constructs for introducing
2665170f104a Adding generated files nipkow parents: diff changeset	82	types and functions are offered (such as \isacommand{datatype} and
2665170f104a Adding generated files nipkow parents: diff changeset	83	\isacommand{primrec}) which are guaranteed to preserve consistency.
2665170f104a Adding generated files nipkow parents: diff changeset	84	\end{warn}
2665170f104a Adding generated files nipkow parents: diff changeset	85
2665170f104a Adding generated files nipkow parents: diff changeset	86	A remark about syntax. The textual definition of a theory follows a fixed
2665170f104a Adding generated files nipkow parents: diff changeset	87	syntax with keywords like \isacommand{datatype} and \isacommand{end} (see
2665170f104a Adding generated files nipkow parents: diff changeset	88	Fig.~\ref{fig:keywords} in Appendix~\ref{sec:Appendix} for a full list).
2665170f104a Adding generated files nipkow parents: diff changeset	89	Embedded in this syntax are the types and formulae of HOL, whose syntax is
2665170f104a Adding generated files nipkow parents: diff changeset	90	extensible, e.g.\ by new user-defined infix operators
2665170f104a Adding generated files nipkow parents: diff changeset	91	(see~\ref{sec:infix-syntax}). To distinguish the two levels, everything
2665170f104a Adding generated files nipkow parents: diff changeset	92	HOL-specific (terms and types) should be enclosed in
2665170f104a Adding generated files nipkow parents: diff changeset	93	\texttt{"}\dots\texttt{"}.
2665170f104a Adding generated files nipkow parents: diff changeset	94	To lessen this burden, quotation marks around a single identifier can be
2665170f104a Adding generated files nipkow parents: diff changeset	95	dropped, unless the identifier happens to be a keyword, as in%
2665170f104a Adding generated files nipkow parents: diff changeset	96	\end{isamarkuptext}%
2665170f104a Adding generated files nipkow parents: diff changeset	97	\isacommand{consts}~{"}end{"}~::~{"}'a~list~{\isasymRightarrow}~'a{"}%
2665170f104a Adding generated files nipkow parents: diff changeset	98	\begin{isamarkuptext}%
2665170f104a Adding generated files nipkow parents: diff changeset	99	\noindent
2665170f104a Adding generated files nipkow parents: diff changeset	100	When Isabelle prints a syntax error message, it refers to the HOL syntax as
8771 026f37a86ea7 * empty log message * nipkow parents: 8749 diff changeset	101	the \bfindex{inner syntax} and the enclosing theory language as the \bfindex{outer syntax}.
8749 2665170f104a Adding generated files nipkow parents: diff changeset	102
2665170f104a Adding generated files nipkow parents: diff changeset	103
2665170f104a Adding generated files nipkow parents: diff changeset	104	\section{An introductory proof}
2665170f104a Adding generated files nipkow parents: diff changeset	105	\label{sec:intro-proof}
2665170f104a Adding generated files nipkow parents: diff changeset	106
2665170f104a Adding generated files nipkow parents: diff changeset	107	Assuming you have input the declarations and definitions of \texttt{ToyList}
2665170f104a Adding generated files nipkow parents: diff changeset	108	presented so far, we are ready to prove a few simple theorems. This will
2665170f104a Adding generated files nipkow parents: diff changeset	109	illustrate not just the basic proof commands but also the typical proof
2665170f104a Adding generated files nipkow parents: diff changeset	110	process.
2665170f104a Adding generated files nipkow parents: diff changeset	111
2665170f104a Adding generated files nipkow parents: diff changeset	112	\subsubsection*{Main goal: \texttt{rev(rev xs) = xs}}
2665170f104a Adding generated files nipkow parents: diff changeset	113
2665170f104a Adding generated files nipkow parents: diff changeset	114	Our goal is to show that reversing a list twice produces the original
2665170f104a Adding generated files nipkow parents: diff changeset	115	list. The input line%
2665170f104a Adding generated files nipkow parents: diff changeset	116	\end{isamarkuptext}%
2665170f104a Adding generated files nipkow parents: diff changeset	117	\isacommand{theorem}~rev\_rev~[simp]:~{"}rev(rev~xs)~=~xs{"}%
2665170f104a Adding generated files nipkow parents: diff changeset	118	\begin{isamarkuptxt}%
8771 026f37a86ea7 * empty log message * nipkow parents: 8749 diff changeset	119	\index{theorem\|bold}\index{simp (attribute)\|bold}
8749 2665170f104a Adding generated files nipkow parents: diff changeset	120	\begin{itemize}
2665170f104a Adding generated files nipkow parents: diff changeset	121	\item
2665170f104a Adding generated files nipkow parents: diff changeset	122	establishes a new theorem to be proved, namely \isa{rev(rev xs) = xs},
2665170f104a Adding generated files nipkow parents: diff changeset	123	\item
2665170f104a Adding generated files nipkow parents: diff changeset	124	gives that theorem the name \isa{rev_rev} by which it can be referred to,
2665170f104a Adding generated files nipkow parents: diff changeset	125	\item
2665170f104a Adding generated files nipkow parents: diff changeset	126	and tells Isabelle (via \isa{[simp]}) to use the theorem (once it has been
2665170f104a Adding generated files nipkow parents: diff changeset	127	proved) as a simplification rule, i.e.\ all future proofs involving
2665170f104a Adding generated files nipkow parents: diff changeset	128	simplification will replace occurrences of \isa{rev(rev xs)} by
2665170f104a Adding generated files nipkow parents: diff changeset	129	\isa{xs}.
2665170f104a Adding generated files nipkow parents: diff changeset	130
2665170f104a Adding generated files nipkow parents: diff changeset	131	The name and the simplification attribute are optional.
2665170f104a Adding generated files nipkow parents: diff changeset	132	\end{itemize}
2665170f104a Adding generated files nipkow parents: diff changeset	133	Isabelle's response is to print
2665170f104a Adding generated files nipkow parents: diff changeset	134	\begin{isabellepar}%
2665170f104a Adding generated files nipkow parents: diff changeset	135	proof(prove):~step~0\isanewline
2665170f104a Adding generated files nipkow parents: diff changeset	136	\isanewline
2665170f104a Adding generated files nipkow parents: diff changeset	137	goal~(theorem~rev\_rev):\isanewline
2665170f104a Adding generated files nipkow parents: diff changeset	138	rev~(rev~xs)~=~xs\isanewline
2665170f104a Adding generated files nipkow parents: diff changeset	139	~1.~rev~(rev~xs)~=~xs
2665170f104a Adding generated files nipkow parents: diff changeset	140	\end{isabellepar}%
2665170f104a Adding generated files nipkow parents: diff changeset	141	The first three lines tell us that we are 0 steps into the proof of
2665170f104a Adding generated files nipkow parents: diff changeset	142	theorem \isa{rev_rev}; for compactness reasons we rarely show these
2665170f104a Adding generated files nipkow parents: diff changeset	143	initial lines in this tutorial. The remaining lines display the current
2665170f104a Adding generated files nipkow parents: diff changeset	144	proof state.
2665170f104a Adding generated files nipkow parents: diff changeset	145	Until we have finished a proof, the proof state always looks like this:
2665170f104a Adding generated files nipkow parents: diff changeset	146	\begin{isabellepar}%
2665170f104a Adding generated files nipkow parents: diff changeset	147	$G$\isanewline
2665170f104a Adding generated files nipkow parents: diff changeset	148	~1.~$G\sb{1}$\isanewline
2665170f104a Adding generated files nipkow parents: diff changeset	149	~~\vdots~~\isanewline
2665170f104a Adding generated files nipkow parents: diff changeset	150	~$n$.~$G\sb{n}$
2665170f104a Adding generated files nipkow parents: diff changeset	151	\end{isabellepar}%
2665170f104a Adding generated files nipkow parents: diff changeset	152	where $G$
2665170f104a Adding generated files nipkow parents: diff changeset	153	is the overall goal that we are trying to prove, and the numbered lines
2665170f104a Adding generated files nipkow parents: diff changeset	154	contain the subgoals $G\sb{1}$, \dots, $G\sb{n}$ that we need to prove to
2665170f104a Adding generated files nipkow parents: diff changeset	155	establish $G$. At \isa{step 0} there is only one subgoal, which is
2665170f104a Adding generated files nipkow parents: diff changeset	156	identical with the overall goal. Normally $G$ is constant and only serves as
2665170f104a Adding generated files nipkow parents: diff changeset	157	a reminder. Hence we rarely show it in this tutorial.
2665170f104a Adding generated files nipkow parents: diff changeset	158
2665170f104a Adding generated files nipkow parents: diff changeset	159	Let us now get back to \isa{rev(rev xs) = xs}. Properties of recursively
2665170f104a Adding generated files nipkow parents: diff changeset	160	defined functions are best established by induction. In this case there is
2665170f104a Adding generated files nipkow parents: diff changeset	161	not much choice except to induct on \isa{xs}:%
2665170f104a Adding generated files nipkow parents: diff changeset	162	\end{isamarkuptxt}%
2665170f104a Adding generated files nipkow parents: diff changeset	163	\isacommand{apply}(induct\_tac~xs)%
2665170f104a Adding generated files nipkow parents: diff changeset	164	\begin{isamarkuptxt}%
2665170f104a Adding generated files nipkow parents: diff changeset	165	\noindent\index{*induct_tac}%
2665170f104a Adding generated files nipkow parents: diff changeset	166	This tells Isabelle to perform induction on variable \isa{xs}. The suffix
2665170f104a Adding generated files nipkow parents: diff changeset	167	\isa{tac} stands for ``tactic'', a synonym for ``theorem proving function''.
2665170f104a Adding generated files nipkow parents: diff changeset	168	By default, induction acts on the first subgoal. The new proof state contains
2665170f104a Adding generated files nipkow parents: diff changeset	169	two subgoals, namely the base case (\isa{Nil}) and the induction step
2665170f104a Adding generated files nipkow parents: diff changeset	170	(\isa{Cons}):
2665170f104a Adding generated files nipkow parents: diff changeset	171	\begin{isabellepar}%
2665170f104a Adding generated files nipkow parents: diff changeset	172	~1.~rev~(rev~[])~=~[]\isanewline
2665170f104a Adding generated files nipkow parents: diff changeset	173	~2.~{\isasymAnd}a~list.~rev(rev~list)~=~list~{\isasymLongrightarrow}~rev(rev(a~\#~list))~=~a~\#~list%
2665170f104a Adding generated files nipkow parents: diff changeset	174	\end{isabellepar}%
2665170f104a Adding generated files nipkow parents: diff changeset	175
2665170f104a Adding generated files nipkow parents: diff changeset	176	The induction step is an example of the general format of a subgoal:
2665170f104a Adding generated files nipkow parents: diff changeset	177	\begin{isabellepar}%
2665170f104a Adding generated files nipkow parents: diff changeset	178	~$i$.~{\indexboldpos{\isasymAnd}{$IsaAnd}}$x\sb{1}$~\dots~$x\sb{n}$.~{\it assumptions}~{\isasymLongrightarrow}~{\it conclusion}
2665170f104a Adding generated files nipkow parents: diff changeset	179	\end{isabellepar}%
2665170f104a Adding generated files nipkow parents: diff changeset	180	The prefix of bound variables \isasymAnd$x\sb{1}$~\dots~$x\sb{n}$ can be
2665170f104a Adding generated files nipkow parents: diff changeset	181	ignored most of the time, or simply treated as a list of variables local to
2665170f104a Adding generated files nipkow parents: diff changeset	182	this subgoal. Their deeper significance is explained in \S\ref{sec:PCproofs}.
2665170f104a Adding generated files nipkow parents: diff changeset	183	The {\it assumptions} are the local assumptions for this subgoal and {\it
2665170f104a Adding generated files nipkow parents: diff changeset	184	conclusion} is the actual proposition to be proved. Typical proof steps
2665170f104a Adding generated files nipkow parents: diff changeset	185	that add new assumptions are induction or case distinction. In our example
2665170f104a Adding generated files nipkow parents: diff changeset	186	the only assumption is the induction hypothesis \isa{rev (rev list) =
2665170f104a Adding generated files nipkow parents: diff changeset	187	list}, where \isa{list} is a variable name chosen by Isabelle. If there
2665170f104a Adding generated files nipkow parents: diff changeset	188	are multiple assumptions, they are enclosed in the bracket pair
2665170f104a Adding generated files nipkow parents: diff changeset	189	\indexboldpos{\isasymlbrakk}{$Isabrl} and
2665170f104a Adding generated files nipkow parents: diff changeset	190	\indexboldpos{\isasymrbrakk}{$Isabrr} and separated by semicolons.
2665170f104a Adding generated files nipkow parents: diff changeset	191
2665170f104a Adding generated files nipkow parents: diff changeset	192	%FIXME indent!
2665170f104a Adding generated files nipkow parents: diff changeset	193	Let us try to solve both goals automatically:%
2665170f104a Adding generated files nipkow parents: diff changeset	194	\end{isamarkuptxt}%
2665170f104a Adding generated files nipkow parents: diff changeset	195	\isacommand{apply}(auto)%
2665170f104a Adding generated files nipkow parents: diff changeset	196	\begin{isamarkuptxt}%
2665170f104a Adding generated files nipkow parents: diff changeset	197	\noindent
2665170f104a Adding generated files nipkow parents: diff changeset	198	This command tells Isabelle to apply a proof strategy called
2665170f104a Adding generated files nipkow parents: diff changeset	199	\isa{auto} to all subgoals. Essentially, \isa{auto} tries to
2665170f104a Adding generated files nipkow parents: diff changeset	200	``simplify'' the subgoals. In our case, subgoal~1 is solved completely (thanks
2665170f104a Adding generated files nipkow parents: diff changeset	201	to the equation \isa{rev [] = []}) and disappears; the simplified version
2665170f104a Adding generated files nipkow parents: diff changeset	202	of subgoal~2 becomes the new subgoal~1:
2665170f104a Adding generated files nipkow parents: diff changeset	203	\begin{isabellepar}%
2665170f104a Adding generated files nipkow parents: diff changeset	204	~1.~\dots~rev(rev~list)~=~list~{\isasymLongrightarrow}~rev(rev~list~@~a~\#~[])~=~a~\#~list
2665170f104a Adding generated files nipkow parents: diff changeset	205	\end{isabellepar}%
2665170f104a Adding generated files nipkow parents: diff changeset	206	In order to simplify this subgoal further, a lemma suggests itself.%
2665170f104a Adding generated files nipkow parents: diff changeset	207	\end{isamarkuptxt}%
2665170f104a Adding generated files nipkow parents: diff changeset	208	%
2665170f104a Adding generated files nipkow parents: diff changeset	209	\begin{isamarkuptext}%
2665170f104a Adding generated files nipkow parents: diff changeset	210	\subsubsection*{First lemma: \texttt{rev(xs \at~ys) = (rev ys) \at~(rev xs)}}
2665170f104a Adding generated files nipkow parents: diff changeset	211
8771 026f37a86ea7 * empty log message * nipkow parents: 8749 diff changeset	212	After abandoning the above proof attempt\indexbold{abandon proof} (at the shell level type
026f37a86ea7 * empty log message * nipkow parents: 8749 diff changeset	213	\isacommand{oops}) we start a new proof:%
8749 2665170f104a Adding generated files nipkow parents: diff changeset	214	\end{isamarkuptext}%
2665170f104a Adding generated files nipkow parents: diff changeset	215	\isacommand{lemma}~rev\_app~[simp]:~{"}rev(xs~@~ys)~=~(rev~ys)~@~(rev~xs){"}%
2665170f104a Adding generated files nipkow parents: diff changeset	216	\begin{isamarkuptxt}%
2665170f104a Adding generated files nipkow parents: diff changeset	217	\noindent The keywords \isacommand{theorem}\index{*theorem} and
2665170f104a Adding generated files nipkow parents: diff changeset	218	\isacommand{lemma}\indexbold{*lemma} are interchangable and merely indicate
2665170f104a Adding generated files nipkow parents: diff changeset	219	the importance we attach to a proposition. In general, we use the words
2665170f104a Adding generated files nipkow parents: diff changeset	220	\emph{theorem}\index{theorem} and \emph{lemma}\index{lemma} pretty much
2665170f104a Adding generated files nipkow parents: diff changeset	221	interchangeably.
2665170f104a Adding generated files nipkow parents: diff changeset	222
2665170f104a Adding generated files nipkow parents: diff changeset	223	There are two variables that we could induct on: \isa{xs} and
2665170f104a Adding generated files nipkow parents: diff changeset	224	\isa{ys}. Because \isa{\at} is defined by recursion on
2665170f104a Adding generated files nipkow parents: diff changeset	225	the first argument, \isa{xs} is the correct one:%
2665170f104a Adding generated files nipkow parents: diff changeset	226	\end{isamarkuptxt}%
2665170f104a Adding generated files nipkow parents: diff changeset	227	\isacommand{apply}(induct\_tac~xs)%
2665170f104a Adding generated files nipkow parents: diff changeset	228	\begin{isamarkuptxt}%
2665170f104a Adding generated files nipkow parents: diff changeset	229	\noindent
2665170f104a Adding generated files nipkow parents: diff changeset	230	This time not even the base case is solved automatically:%
2665170f104a Adding generated files nipkow parents: diff changeset	231	\end{isamarkuptxt}%
2665170f104a Adding generated files nipkow parents: diff changeset	232	\isacommand{apply}(auto)%
2665170f104a Adding generated files nipkow parents: diff changeset	233	\begin{isamarkuptxt}%
2665170f104a Adding generated files nipkow parents: diff changeset	234	\begin{isabellepar}%
2665170f104a Adding generated files nipkow parents: diff changeset	235	~1.~rev~ys~=~rev~ys~@~[]\isanewline
2665170f104a Adding generated files nipkow parents: diff changeset	236	~2. \dots
2665170f104a Adding generated files nipkow parents: diff changeset	237	\end{isabellepar}%
8771 026f37a86ea7 * empty log message * nipkow parents: 8749 diff changeset	238	Again, we need to abandon this proof attempt and prove another simple lemma first.
026f37a86ea7 * empty log message * nipkow parents: 8749 diff changeset	239	In the future the step of abandoning an incomplete proof before embarking on
026f37a86ea7 * empty log message * nipkow parents: 8749 diff changeset	240	the proof of a lemma usually remains implicit.%
8749 2665170f104a Adding generated files nipkow parents: diff changeset	241	\end{isamarkuptxt}%
2665170f104a Adding generated files nipkow parents: diff changeset	242	%
2665170f104a Adding generated files nipkow parents: diff changeset	243	\begin{isamarkuptext}%
2665170f104a Adding generated files nipkow parents: diff changeset	244	\subsubsection*{Second lemma: \texttt{xs \at~[] = xs}}
2665170f104a Adding generated files nipkow parents: diff changeset	245
2665170f104a Adding generated files nipkow parents: diff changeset	246	This time the canonical proof procedure%
2665170f104a Adding generated files nipkow parents: diff changeset	247	\end{isamarkuptext}%
2665170f104a Adding generated files nipkow parents: diff changeset	248	\isacommand{lemma}~app\_Nil2~[simp]:~{"}xs~@~[]~=~xs{"}\isanewline
2665170f104a Adding generated files nipkow parents: diff changeset	249	\isacommand{apply}(induct\_tac~xs)\isanewline
2665170f104a Adding generated files nipkow parents: diff changeset	250	\isacommand{apply}(auto)%
2665170f104a Adding generated files nipkow parents: diff changeset	251	\begin{isamarkuptxt}%
2665170f104a Adding generated files nipkow parents: diff changeset	252	\noindent
2665170f104a Adding generated files nipkow parents: diff changeset	253	leads to the desired message \isa{No subgoals!}:
2665170f104a Adding generated files nipkow parents: diff changeset	254	\begin{isabellepar}%
2665170f104a Adding generated files nipkow parents: diff changeset	255	xs~@~[]~=~xs\isanewline
2665170f104a Adding generated files nipkow parents: diff changeset	256	No~subgoals!
2665170f104a Adding generated files nipkow parents: diff changeset	257	\end{isabellepar}%
2665170f104a Adding generated files nipkow parents: diff changeset	258
2665170f104a Adding generated files nipkow parents: diff changeset	259	We still need to confirm that the proof is now finished:%
2665170f104a Adding generated files nipkow parents: diff changeset	260	\end{isamarkuptxt}%
2665170f104a Adding generated files nipkow parents: diff changeset	261	\isacommand{.}%
2665170f104a Adding generated files nipkow parents: diff changeset	262	\begin{isamarkuptext}%
2665170f104a Adding generated files nipkow parents: diff changeset	263	\noindent\indexbold{$Isar@\texttt{.}}%
2665170f104a Adding generated files nipkow parents: diff changeset	264	As a result of that final dot, Isabelle associates the lemma
2665170f104a Adding generated files nipkow parents: diff changeset	265	just proved with its name. Notice that in the lemma \isa{app_Nil2} (as
2665170f104a Adding generated files nipkow parents: diff changeset	266	printed out after the final dot) the free variable \isa{xs} has been
2665170f104a Adding generated files nipkow parents: diff changeset	267	replaced by the unknown \isa{?xs}, just as explained in
2665170f104a Adding generated files nipkow parents: diff changeset	268	\S\ref{sec:variables}.
2665170f104a Adding generated files nipkow parents: diff changeset	269
2665170f104a Adding generated files nipkow parents: diff changeset	270	Going back to the proof of the first lemma%
2665170f104a Adding generated files nipkow parents: diff changeset	271	\end{isamarkuptext}%
2665170f104a Adding generated files nipkow parents: diff changeset	272	\isacommand{lemma}~rev\_app~[simp]:~{"}rev(xs~@~ys)~=~(rev~ys)~@~(rev~xs){"}\isanewline
2665170f104a Adding generated files nipkow parents: diff changeset	273	\isacommand{apply}(induct\_tac~xs)\isanewline
2665170f104a Adding generated files nipkow parents: diff changeset	274	\isacommand{apply}(auto)%
2665170f104a Adding generated files nipkow parents: diff changeset	275	\begin{isamarkuptxt}%
2665170f104a Adding generated files nipkow parents: diff changeset	276	\noindent
2665170f104a Adding generated files nipkow parents: diff changeset	277	we find that this time \isa{auto} solves the base case, but the
2665170f104a Adding generated files nipkow parents: diff changeset	278	induction step merely simplifies to
2665170f104a Adding generated files nipkow parents: diff changeset	279	\begin{isabellepar}
2665170f104a Adding generated files nipkow parents: diff changeset	280	~1.~{\isasymAnd}a~list.\isanewline
2665170f104a Adding generated files nipkow parents: diff changeset	281	~~~~~~~rev~(list~@~ys)~=~rev~ys~@~rev~list~{\isasymLongrightarrow}\isanewline
2665170f104a Adding generated files nipkow parents: diff changeset	282	~~~~~~~(rev~ys~@~rev~list)~@~a~\#~[]~=~rev~ys~@~rev~list~@~a~\#~[]
2665170f104a Adding generated files nipkow parents: diff changeset	283	\end{isabellepar}%
2665170f104a Adding generated files nipkow parents: diff changeset	284	Now we need to remember that \isa{\at} associates to the right, and that
2665170f104a Adding generated files nipkow parents: diff changeset	285	\isa{\#} and \isa{\at} have the same priority (namely the \isa{65}
2665170f104a Adding generated files nipkow parents: diff changeset	286	in their \isacommand{infixr} annotation). Thus the conclusion really is
2665170f104a Adding generated files nipkow parents: diff changeset	287	\begin{isabellepar}%
2665170f104a Adding generated files nipkow parents: diff changeset	288	~~~~~(rev~ys~@~rev~list)~@~(a~\#~[])~=~rev~ys~@~(rev~list~@~(a~\#~[]))%
2665170f104a Adding generated files nipkow parents: diff changeset	289	\end{isabellepar}%
2665170f104a Adding generated files nipkow parents: diff changeset	290	and the missing lemma is associativity of \isa{\at}.
2665170f104a Adding generated files nipkow parents: diff changeset	291
2665170f104a Adding generated files nipkow parents: diff changeset	292	\subsubsection*{Third lemma: \texttt{(xs \at~ys) \at~zs = xs \at~(ys \at~zs)}}
2665170f104a Adding generated files nipkow parents: diff changeset	293
2665170f104a Adding generated files nipkow parents: diff changeset	294	Abandoning the previous proof, the canonical proof procedure%
2665170f104a Adding generated files nipkow parents: diff changeset	295	\end{isamarkuptxt}%
2665170f104a Adding generated files nipkow parents: diff changeset	296	%
2665170f104a Adding generated files nipkow parents: diff changeset	297	\begin{comment}
2665170f104a Adding generated files nipkow parents: diff changeset	298	\isacommand{oops}%
2665170f104a Adding generated files nipkow parents: diff changeset	299	\end{comment}
2665170f104a Adding generated files nipkow parents: diff changeset	300	\isacommand{lemma}~app\_assoc~[simp]:~{"}(xs~@~ys)~@~zs~=~xs~@~(ys~@~zs){"}\isanewline
2665170f104a Adding generated files nipkow parents: diff changeset	301	\isacommand{apply}(induct\_tac~xs)\isanewline
2665170f104a Adding generated files nipkow parents: diff changeset	302	\isacommand{apply}(auto)\isacommand{.}%
2665170f104a Adding generated files nipkow parents: diff changeset	303	\begin{isamarkuptext}%
2665170f104a Adding generated files nipkow parents: diff changeset	304	\noindent
2665170f104a Adding generated files nipkow parents: diff changeset	305	succeeds without further ado.
2665170f104a Adding generated files nipkow parents: diff changeset	306
2665170f104a Adding generated files nipkow parents: diff changeset	307	Now we can go back and prove the first lemma%
2665170f104a Adding generated files nipkow parents: diff changeset	308	\end{isamarkuptext}%
2665170f104a Adding generated files nipkow parents: diff changeset	309	\isacommand{lemma}~rev\_app~[simp]:~{"}rev(xs~@~ys)~=~(rev~ys)~@~(rev~xs){"}\isanewline
2665170f104a Adding generated files nipkow parents: diff changeset	310	\isacommand{apply}(induct\_tac~xs)\isanewline
2665170f104a Adding generated files nipkow parents: diff changeset	311	\isacommand{apply}(auto)\isacommand{.}%
2665170f104a Adding generated files nipkow parents: diff changeset	312	\begin{isamarkuptext}%
2665170f104a Adding generated files nipkow parents: diff changeset	313	\noindent
2665170f104a Adding generated files nipkow parents: diff changeset	314	and then solve our main theorem:%
2665170f104a Adding generated files nipkow parents: diff changeset	315	\end{isamarkuptext}%
2665170f104a Adding generated files nipkow parents: diff changeset	316	\isacommand{theorem}~rev\_rev~[simp]:~{"}rev(rev~xs)~=~xs{"}\isanewline
2665170f104a Adding generated files nipkow parents: diff changeset	317	\isacommand{apply}(induct\_tac~xs)\isanewline
2665170f104a Adding generated files nipkow parents: diff changeset	318	\isacommand{apply}(auto)\isacommand{.}%
2665170f104a Adding generated files nipkow parents: diff changeset	319	\begin{isamarkuptext}%
2665170f104a Adding generated files nipkow parents: diff changeset	320	\noindent
2665170f104a Adding generated files nipkow parents: diff changeset	321	The final \isa{end} tells Isabelle to close the current theory because
2665170f104a Adding generated files nipkow parents: diff changeset	322	we are finished with its development:%
2665170f104a Adding generated files nipkow parents: diff changeset	323	\end{isamarkuptext}%
2665170f104a Adding generated files nipkow parents: diff changeset	324	\isacommand{end}\isanewline
2665170f104a Adding generated files nipkow parents: diff changeset	325	\end{isabelle}%
9145 9f7b8de5bfaf updated; wenzelm parents: 8771 diff changeset	326	%%% Local Variables:
9f7b8de5bfaf updated; wenzelm parents: 8771 diff changeset	327	%%% mode: latex
9f7b8de5bfaf updated; wenzelm parents: 8771 diff changeset	328	%%% TeX-master: "root"
9f7b8de5bfaf updated; wenzelm parents: 8771 diff changeset	329	%%% End:

author	wenzelm
	Mon, 26 Jun 2000 11:21:49 +0200
changeset 9145	9f7b8de5bfaf
parent 8771	026f37a86ea7
child 9458	c613cd06d5cf
permissions	-rw-r--r--