isabelle: doc-src/TutorialI/Inductive/Advanced.tex@a8c647cfa31f (annotated)

10468 87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	1
10475 77fafa07fc8f ground terms section: new intro paulson parents: 10468 diff changeset	2	This section describes advanced features of inductive definitions.
10468 87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	3	The premises of introduction rules may contain universal quantifiers and
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	4	monotonic functions. Theorems may be proved by rule inversion.
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	5
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	6	\subsection{Universal quantifiers in introduction rules}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	7	\label{sec:gterm-datatype}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	8
10475 77fafa07fc8f ground terms section: new intro paulson parents: 10468 diff changeset	9	As a running example, this section develops the theory of \textbf{ground
77fafa07fc8f ground terms section: new intro paulson parents: 10468 diff changeset	10	terms}: terms constructed from constant and function
77fafa07fc8f ground terms section: new intro paulson parents: 10468 diff changeset	11	symbols but not variables. To simplify matters further, we regard a
77fafa07fc8f ground terms section: new intro paulson parents: 10468 diff changeset	12	constant as a function applied to the null argument list. Let us declare a
77fafa07fc8f ground terms section: new intro paulson parents: 10468 diff changeset	13	datatype \isa{gterm} for the type of ground terms. It is a type constructor
77fafa07fc8f ground terms section: new intro paulson parents: 10468 diff changeset	14	whose argument is a type of function symbols.
10468 87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	15	\begin{isabelle}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	16	\isacommand{datatype}\ 'f\ gterm\ =\ Apply\ 'f\ "'f\ gterm\ list"
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	17	\end{isabelle}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	18	To try it out, we declare a datatype of some integer operations:
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	19	integer constants, the unary minus operator and the addition
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	20	operator.
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	21	\begin{isabelle}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	22	\isacommand{datatype}\ integer_op\ =\ Number\ int\ \|\ UnaryMinus\ \|\ Plus
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	23	\end{isabelle}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	24	Now the type \isa{integer\_op gterm} denotes the ground
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	25	terms built over those symbols.
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	26
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	27	The type constructor \texttt{gterm} can be generalized to a function
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	28	over sets. It returns
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	29	the set of ground terms that can be formed over a set \isa{F} of function symbols. For
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	30	example, we could consider the set of ground terms formed from the finite
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	31	set {\isa{\{Number 2, UnaryMinus, Plus\}}}.
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	32
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	33	This concept is inductive. If we have a list \isa{args} of ground terms
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	34	over~\isa{F} and a function symbol \isa{f} in \isa{F}, then we
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	35	can apply \isa{f} to \isa{args} to obtain another ground term.
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	36	The only difficulty is that the argument list may be of any length. Hitherto,
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	37	each rule in an inductive definition referred to the inductively
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	38	defined set a fixed number of times, typically once or twice.
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	39	A universal quantifier in the premise of the introduction rule
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	40	expresses that every element of \isa{args} belongs
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	41	to our inductively defined set: is a ground term
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	42	over~\isa{F}. The function {\isa{set}} denotes the set of elements in a given
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	43	list.
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	44	\begin{isabelle}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	45	\isacommand{consts}\ gterms\ ::\ "'f\ set\ \isasymRightarrow \ 'f\ gterm\ set"\isanewline
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	46	\isacommand{inductive}\ "gterms\ F"\isanewline
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	47	\isakeyword{intros}\isanewline
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	48	step[intro!]:\ "\isasymlbrakk \isasymforall t\ \isasymin \ set\ args.\ t\ \isasymin \ gterms\ F;\ \ f\ \isasymin \ F\isasymrbrakk \isanewline
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	49	\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \isasymLongrightarrow \ (Apply\ f\ args)\ \isasymin \ gterms\
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	50	F"
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	51	\end{isabelle}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	52
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	53	To demonstrate a proof from this definition, let us
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	54	show that the function \isa{gterms}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	55	is \textbf{monotonic}. We shall need this concept shortly.
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	56	\begin{isabelle}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	57	\isacommand{lemma}\ "F\isasymsubseteq G\ \isasymLongrightarrow \ gterms\ F\ \isasymsubseteq \ gterms\ G"\isanewline
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	58	\isacommand{apply}\ clarify\isanewline
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	59	\isacommand{apply}\ (erule\ gterms.induct)\isanewline
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	60	\isacommand{apply}\ blast\isanewline
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	61	\isacommand{done}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	62	\end{isabelle}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	63	Intuitively, this theorem says that
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	64	enlarging the set of function symbols enlarges the set of ground
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	65	terms. The proof is a trivial rule induction.
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	66	First we use the \isa{clarify} method to assume the existence of an element of
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	67	\isa{terms~F}. (We could have used \isa{intro subsetI}.) We then
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	68	apply rule induction. Here is the resulting subgoal:
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	69	\begin{isabelle}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	70	1.\ \isasymAnd x\ f\ args.\isanewline
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	71	\ \ \ \ \ \ \isasymlbrakk F\ \isasymsubseteq \ G;\ \isasymforall t\isasymin set\ args.\ t\ \isasymin \ gterms\ F\ \isasymand \ t\ \isasymin \ gterms\ G;\ f\ \isasymin \ F\isasymrbrakk \isanewline
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	72	\ \ \ \ \ \ \isasymLongrightarrow \ Apply\ f\ args\ \isasymin \ gterms\ G%
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	73	\end{isabelle}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	74	%
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	75	The assumptions state that \isa{f} belongs
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	76	to~\isa{F}, which is included in~\isa{G}, and that every element of the list \isa{args} is
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	77	a ground term over~\isa{G}. The \isa{blast} method finds this chain of reasoning easily.
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	78
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	79	\textit{Remark}: why do we call this function \isa{gterms} instead
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	80	of {\isa{gterm}}? Isabelle maintains separate name spaces for types
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	81	and constants, so there is no danger of confusion. However, name
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	82	clashes could arise in the theorems that Isabelle generates.
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	83	Our choice of names keeps {\isa{gterms.induct}} separate from {\isa{gterm.induct}}.
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	84
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	85	\subsection{Rule inversion}\label{sec:rule-inversion}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	86
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	87	Case analysis on an inductive definition is called \textbf{rule inversion}.
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	88	It is frequently used in proofs about operational semantics. It can be
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	89	highly effective when it is applied automatically. Let us look at how rule
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	90	inversion is done in Isabelle.
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	91
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	92	Recall that \isa{even} is the minimal set closed under these two rules:
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	93	\begin{isabelle}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	94	0\ \isasymin \ even\isanewline
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	95	n\ \isasymin \ even\ \isasymLongrightarrow \ (Suc\ (Suc\ n))\ \isasymin
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	96	\ even
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	97	\end{isabelle}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	98	Minimality means that \isa{even} contains only the elements that these
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	99	rules force it to contain. If we are told that \isa{a}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	100	belongs to
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	101	\isa{even} then there are only two possibilities. Either \isa{a} is \isa{0}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	102	or else \isa{a} has the form \isa{Suc(Suc~n)}, for an arbitrary \isa{n}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	103	that belongs to
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	104	\isa{even}. That is the gist of the \isa{cases} rule, which Isabelle proves
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	105	for us when it accepts an inductive definition:
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	106	\begin{isabelle}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	107	\isasymlbrakk a\ \isasymin \ even;\isanewline
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	108	\ a\ =\ 0\ \isasymLongrightarrow \ P;\isanewline
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	109	\ \isasymAnd n.\ \isasymlbrakk a\ =\ Suc(Suc\ n);\ n\ \isasymin \
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	110	even\isasymrbrakk \ \isasymLongrightarrow \ P\isasymrbrakk \
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	111	\isasymLongrightarrow \ P
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	112	\rulename{even.cases}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	113	\end{isabelle}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	114
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	115	This general rule is less useful than instances of it for
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	116	specific patterns. For example, if \isa{a} has the form
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	117	\isa{Suc(Suc~n)} then the first case becomes irrelevant, while the second
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	118	case tells us that \isa{n} belongs to \isa{even}. Isabelle will generate
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	119	this instance for us:
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	120	\begin{isabelle}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	121	\isacommand{inductive\_cases}\ Suc_Suc_cases\ [elim!]:
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	122	\ "Suc(Suc\ n)\ \isasymin \ even"
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	123	\end{isabelle}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	124	The \isacommand{inductive\_cases} command generates an instance of the
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	125	\isa{cases} rule for the supplied pattern and gives it the supplied name:
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	126	%
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	127	\begin{isabelle}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	128	\isasymlbrakk Suc\ (Suc\ n)\ \isasymin \ even;\ n\ \isasymin \ even\
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	129	\isasymLongrightarrow \ P\isasymrbrakk \ \isasymLongrightarrow \ P%
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	130	\rulename{Suc_Suc_cases}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	131	\end{isabelle}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	132	%
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	133	Applying this as an elimination rule yields one case where \isa{even.cases}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	134	would yield two. Rule inversion works well when the conclusions of the
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	135	introduction rules involve datatype constructors like \isa{Suc} and \isa{\#}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	136	(list `cons'); freeness reasoning discards all but one or two cases.
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	137
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	138	In the \isacommand{inductive\_cases} command we supplied an
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	139	attribute, \isa{elim!}, indicating that this elimination rule can be applied
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	140	aggressively. The original
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	141	\isa{cases} rule would loop if used in that manner because the
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	142	pattern~\isa{a} matches everything.
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	143
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	144	The rule \isa{Suc_Suc_cases} is equivalent to the following implication:
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	145	\begin{isabelle}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	146	Suc (Suc\ n)\ \isasymin \ even\ \isasymLongrightarrow \ n\ \isasymin \
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	147	even
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	148	\end{isabelle}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	149	%
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	150	In \S\ref{sec:gen-rule-induction} we devoted some effort to proving precisely
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	151	this result. Yet we could have obtained it by a one-line declaration.
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	152	This example also justifies the terminology \textbf{rule inversion}: the new
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	153	rule inverts the introduction rule \isa{even.step}.
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	154
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	155	For one-off applications of rule inversion, use the \isa{ind_cases} method.
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	156	Here is an example:
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	157	\begin{isabelle}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	158	\isacommand{apply}\ (ind_cases\ "Suc(Suc\ n)\ \isasymin \ even")
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	159	\end{isabelle}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	160	The specified instance of the \isa{cases} rule is generated, applied, and
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	161	discarded.
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	162
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	163	\medskip
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	164	Let us try rule inversion on our ground terms example:
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	165	\begin{isabelle}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	166	\isacommand{inductive\_cases}\ gterm_Apply_elim\ [elim!]:\ "Apply\ f\ args\
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	167	\isasymin\ gterms\ F"
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	168	\end{isabelle}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	169	%
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	170	Here is the result. No cases are discarded (there was only one to begin
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	171	with) but the rule applies specifically to the pattern \isa{Apply\ f\ args}.
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	172	It can be applied repeatedly as an elimination rule without looping, so we
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	173	have given the
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	174	\isa{elim!}\ attribute.
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	175	\begin{isabelle}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	176	\isasymlbrakk Apply\ f\ args\ \isasymin \ gterms\ F;\isanewline
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	177	\ \isasymlbrakk
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	178	\isasymforall t\isasymin set\ args.\ t\ \isasymin \ gterms\ F;\ f\ \isasymin
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	179	\ F\isasymrbrakk \ \isasymLongrightarrow \ P\isasymrbrakk\isanewline
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	180	\isasymLongrightarrow \ P%
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	181	\rulename{gterm_Apply_elim}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	182	\end{isabelle}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	183
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	184	This rule replaces an assumption about \isa{Apply\ f\ args} by
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	185	assumptions about \isa{f} and~\isa{args}. Here is a proof in which this
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	186	inference is essential. We show that if \isa{t} is a ground term over both
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	187	of the sets
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	188	\isa{F} and~\isa{G} then it is also a ground term over their intersection,
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	189	\isa{F\isasyminter G}.
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	190	\begin{isabelle}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	191	\isacommand{lemma}\ gterms_IntI\ [rule_format]:\isanewline
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	192	\ \ \ \ \ "t\ \isasymin \ gterms\ F\ \isasymLongrightarrow \ t\ \isasymin \ gterms\ G\ \isasymlongrightarrow \ t\ \isasymin \ gterms\ (F\isasyminter G)"\isanewline
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	193	\isacommand{apply}\ (erule\ gterms.induct)\isanewline
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	194	\isacommand{apply}\ blast\isanewline
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	195	\isacommand{done}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	196	\end{isabelle}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	197	%
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	198	The proof begins with rule induction over the definition of
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	199	\isa{gterms}, which leaves a single subgoal:
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	200	\begin{isabelle}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	201	1.\ \isasymAnd args\ f.\isanewline
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	202	\ \ \ \ \ \ \isasymlbrakk \isasymforall t\isasymin set\ args.\ t\ \isasymin \ gterms\ F\ \isasymand\isanewline
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	203	\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ (t\ \isasymin \ gterms\ G\ \isasymlongrightarrow \ t\ \isasymin \ gterms\ (F\ \isasyminter \ G));\isanewline
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	204	\ \ \ \ \ \ \ f\ \isasymin \ F\isasymrbrakk \isanewline
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	205	\ \ \ \ \ \ \isasymLongrightarrow \ Apply\ f\ args\ \isasymin \ gterms\ G\ \isasymlongrightarrow \ Apply\ f\ args\ \isasymin \ gterms\ (F\ \isasyminter \ G)
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	206	\end{isabelle}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	207	%
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	208	The induction hypothesis states that every element of \isa{args} belongs to
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	209	\isa{gterms\ (F\ \isasyminter \ G)} --- provided it already belongs to
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	210	\isa{gterms\ G}. How do we meet that condition?
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	211
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	212	By assuming (as we may) the formula \isa{Apply\ f\ args\ \isasymin \ gterms\
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	213	G}. Rule inversion, in the form of \isa{gterm_Apply_elim}, infers that every
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	214	element of \isa{args} belongs to
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	215	\isa{gterms~G}. It also yields \isa{f\ \isasymin \ G}, which will allow us
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	216	to conclude \isa{f\ \isasymin \ F\ \isasyminter \ G}. All of this reasoning
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	217	is done by \isa{blast}.
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	218
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	219	\medskip
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	220
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	221	To summarize, every inductive definition produces a \isa{cases} rule. The
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	222	\isacommand{inductive\_cases} command stores an instance of the \isa{cases}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	223	rule for a given pattern. Within a proof, the \isa{ind_cases} method
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	224	applies an instance of the \isa{cases}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	225	rule.
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	226
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	227
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	228	\subsection{Continuing the `ground terms' example}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	229
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	230	Call a term \textbf{well-formed} if each symbol occurring in it has
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	231	the correct number of arguments. To formalize this concept, we
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	232	introduce a function mapping each symbol to its arity, a natural
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	233	number.
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	234
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	235	Let us define the set of well-formed ground terms.
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	236	Suppose we are given a function called \isa{arity}, specifying the arities to be used.
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	237	In the inductive step, we have a list \isa{args} of such terms and a function
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	238	symbol~\isa{f}. If the length of the list matches the function's arity
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	239	then applying \isa{f} to \isa{args} yields a well-formed term.
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	240	\begin{isabelle}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	241	\isacommand{consts}\ well_formed_gterm\ ::\ "('f\ \isasymRightarrow \ nat)\ \isasymRightarrow \ 'f\ gterm\ set"\isanewline
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	242	\isacommand{inductive}\ "well_formed_gterm\ arity"\isanewline
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	243	\isakeyword{intros}\isanewline
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	244	step[intro!]:\ "\isasymlbrakk \isasymforall t\ \isasymin \ set\ args.\ t\ \isasymin \ well_formed_gterm\ arity;\ \ \isanewline
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	245	\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ length\ args\ =\ arity\ f\isasymrbrakk \isanewline
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	246	\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \isasymLongrightarrow \ (Apply\ f\ args)\ \isasymin \ well_formed_gterm\
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	247	arity"
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	248	\end{isabelle}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	249	%
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	250	The inductive definition neatly captures the reasoning above.
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	251	It is just an elaboration of the previous one, consisting of a single
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	252	introduction rule. The universal quantification over the
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	253	\isa{set} of arguments expresses that all of them are well-formed.
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	254
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	255	\subsection{Alternative definition using a monotonic function}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	256
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	257	An inductive definition may refer to the inductively defined
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	258	set through an arbitrary monotonic function. To demonstrate this
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	259	powerful feature, let us
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	260	change the inductive definition above, replacing the
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	261	quantifier by a use of the function \isa{lists}. This
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	262	function, from the Isabelle library, is analogous to the
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	263	function \isa{gterms} declared above. If \isa{A} is a set then
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	264	{\isa{lists A}} is the set of lists whose elements belong to
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	265	\isa{A}.
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	266
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	267	In the inductive definition of well-formed terms, examine the one
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	268	introduction rule. The first premise states that \isa{args} belongs to
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	269	the \isa{lists} of well-formed terms. This formulation is more
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	270	direct, if more obscure, than using a universal quantifier.
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	271	\begin{isabelle}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	272	\isacommand{consts}\ well_formed_gterm'\ ::\ "('f\ \isasymRightarrow \ nat)\ \isasymRightarrow \ 'f\ gterm\ set"\isanewline
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	273	\isacommand{inductive}\ "well_formed_gterm'\ arity"\isanewline
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	274	\isakeyword{intros}\isanewline
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	275	step[intro!]:\ "\isasymlbrakk args\ \isasymin \ lists\ (well_formed_gterm'\ arity);\ \ \isanewline
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	276	\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ length\ args\ =\ arity\ f\isasymrbrakk \isanewline
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	277	\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \isasymLongrightarrow \ (Apply\ f\ args)\ \isasymin \ well_formed_gterm'\ arity"\isanewline
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	278	\isakeyword{monos}\ lists_mono
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	279	\end{isabelle}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	280
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	281	We must cite the theorem \isa{lists_mono} in order to justify
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	282	using the function \isa{lists}.
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	283	\begin{isabelle}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	284	A\ \isasymsubseteq\ B\ \isasymLongrightarrow \ lists\ A\ \isasymsubseteq
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	285	\ lists\ B\rulename{lists_mono}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	286	\end{isabelle}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	287	%
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	288	Why must the function be monotonic? An inductive definition describes
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	289	an iterative construction: each element of the set is constructed by a
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	290	finite number of introduction rule applications. For example, the
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	291	elements of \isa{even} are constructed by finitely many applications of
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	292	the rules
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	293	\begin{isabelle}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	294	0\ \isasymin \ even\isanewline
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	295	n\ \isasymin \ even\ \isasymLongrightarrow \ (Suc\ (Suc\ n))\ \isasymin
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	296	\ even
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	297	\end{isabelle}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	298	All references to a set in its
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	299	inductive definition must be positive. Applications of an
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	300	introduction rule cannot invalidate previous applications, allowing the
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	301	construction process to converge.
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	302	The following pair of rules do not constitute an inductive definition:
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	303	\begin{isabelle}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	304	0\ \isasymin \ even\isanewline
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	305	n\ \isasymnotin \ even\ \isasymLongrightarrow \ (Suc\ n)\ \isasymin
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	306	\ even
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	307	\end{isabelle}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	308	%
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	309	Showing that 4 is even using these rules requires showing that 3 is not
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	310	even. It is far from trivial to show that this set of rules
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	311	characterizes the even numbers.
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	312
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	313	Even with its use of the function \isa{lists}, the premise of our
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	314	introduction rule is positive:
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	315	\begin{isabelle}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	316	args\ \isasymin \ lists\ (well_formed_gterm'\ arity)
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	317	\end{isabelle}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	318	To apply the rule we construct a list \isa{args} of previously
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	319	constructed well-formed terms. We obtain a
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	320	new term, \isa{Apply\ f\ args}. Because \isa{lists} is monotonic,
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	321	applications of the rule remain valid as new terms are constructed.
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	322	Further lists of well-formed
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	323	terms become available and none are taken away.
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	324
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	325
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	326	\subsection{A proof of equivalence}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	327
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	328	We naturally hope that these two inductive definitions of `well-formed'
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	329	coincide. The equality can be proved by separate inclusions in
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	330	each direction. Each is a trivial rule induction.
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	331	\begin{isabelle}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	332	\isacommand{lemma}\ "well_formed_gterm\ arity\ \isasymsubseteq \ well_formed_gterm'\ arity"\isanewline
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	333	\isacommand{apply}\ clarify\isanewline
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	334	\isacommand{apply}\ (erule\ well_formed_gterm.induct)\isanewline
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	335	\isacommand{apply}\ auto\isanewline
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	336	\isacommand{done}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	337	\end{isabelle}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	338
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	339	The \isa{clarify} method gives
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	340	us an element of \isa{well_formed_gterm\ arity} on which to perform
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	341	induction. The resulting subgoal can be proved automatically:
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	342	\begin{isabelle}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	343	{\isadigit{1}}{\isachardot}\ {\isasymAnd}x\ args\ f{\isachardot}\isanewline
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	344	\ \ \ \ \ \ {\isasymlbrakk}{\isasymforall}t{\isasymin}set\ args{\isachardot}\isanewline
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	345	\ \ \ \ \ \ \ \ \ \ t\ {\isasymin}\ well{\isacharunderscore}formed{\isacharunderscore}gterm\ arity\ {\isasymand}\ t\ {\isasymin}\ well{\isacharunderscore}formed{\isacharunderscore}gterm{\isacharprime}\ arity{\isacharsemicolon}\isanewline
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	346	\ \ \ \ \ \ \ length\ args\ {\isacharequal}\ arity\ f{\isasymrbrakk}\isanewline
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	347	\ \ \ \ \ \ {\isasymLongrightarrow}\ Apply\ f\ args\ {\isasymin}\ well{\isacharunderscore}formed{\isacharunderscore}gterm{\isacharprime}\ arity%
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	348	\end{isabelle}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	349	%
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	350	This proof resembles the one given in
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	351	\S\ref{sec:gterm-datatype} above, especially in the form of the
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	352	induction hypothesis. Next, we consider the opposite inclusion:
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	353	\begin{isabelle}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	354	\isacommand{lemma}\ "well_formed_gterm'\ arity\ \isasymsubseteq \ well_formed_gterm\ arity"\isanewline
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	355	\isacommand{apply}\ clarify\isanewline
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	356	\isacommand{apply}\ (erule\ well_formed_gterm'.induct)\isanewline
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	357	\isacommand{apply}\ auto\isanewline
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	358	\isacommand{done}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	359	\end{isabelle}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	360	%
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	361	The proof script is identical, but the subgoal after applying induction may
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	362	be surprising:
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	363	\begin{isabelle}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	364	1.\ \isasymAnd x\ args\ f.\isanewline
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	365	\ \ \ \ \ \ \isasymlbrakk args\ \isasymin \ lists\ (well_formed_gterm'\ arity\ \isasyminter\isanewline
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	366	\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \isacharbraceleft u.\ u\ \isasymin \ well_formed_gterm\ arity\isacharbraceright );\isanewline
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	367	\ \ \ \ \ \ \ length\ args\ =\ arity\ f\isasymrbrakk \isanewline
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	368	\ \ \ \ \ \ \isasymLongrightarrow \ Apply\ f\ args\ \isasymin \ well_formed_gterm\ arity%
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	369	\end{isabelle}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	370	The induction hypothesis contains an application of \isa{lists}. Using a
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	371	monotonic function in the inductive definition always has this effect. The
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	372	subgoal may look uninviting, but fortunately a useful rewrite rule concerning
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	373	\isa{lists} is available:
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	374	\begin{isabelle}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	375	lists\ (A\ \isasyminter \ B)\ =\ lists\ A\ \isasyminter \ lists\ B
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	376	\rulename{lists_Int_eq}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	377	\end{isabelle}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	378	%
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	379	Thanks to this default simplification rule, the induction hypothesis
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	380	is quickly replaced by its two parts:
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	381	\begin{isabelle}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	382	\ \ \ \ \ \ \ args\ \isasymin \ lists\ (well_formed_gterm'\ arity)\isanewline
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	383	\ \ \ \ \ \ \ args\ \isasymin \ lists\ (well_formed_gterm\ arity)
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	384	\end{isabelle}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	385	Invoking the rule \isa{well_formed_gterm.step} completes the proof. The
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	386	call to
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	387	\isa{auto} does all this work.
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	388
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	389	This example is typical of how monotonic functions can be used. In
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	390	particular, a rewrite rule analogous to \isa{lists_Int_eq} holds in most
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	391	cases. Monotonicity implies one direction of this set equality; we have
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	392	this theorem:
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	393	\begin{isabelle}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	394	mono\ f\ \isasymLongrightarrow \ f\ (A\ \isasyminter \ B)\ \isasymsubseteq \
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	395	f\ A\ \isasyminter \ f\ B%
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	396	\rulename{mono_Int}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	397	\end{isabelle}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	398
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	399
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	400	To summarize: a universal quantifier in an introduction rule
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	401	lets it refer to any number of instances of
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	402	the inductively defined set. A monotonic function in an introduction
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	403	rule lets it refer to constructions over the inductively defined
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	404	set. Each element of an inductively defined set is created
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	405	through finitely many applications of the introduction rules. So each rule
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	406	must be positive, and never can it refer to \textit{infinitely} many
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	407	previous instances of the inductively defined set.
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	408
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	409
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	410
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	411	\begin{exercise}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	412	Prove this theorem, one direction of which was proved in
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	413	\S\ref{sec:rule-inversion} above.
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	414	\begin{isabelle}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	415	\isacommand{lemma}\ gterms_Int_eq\ [simp]:\ "gterms\ (F\isasyminter G)\ =\
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	416	gterms\ F\ \isasyminter \ gterms\ G"\isanewline
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	417	\end{isabelle}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	418	\end{exercise}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	419
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	420
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	421	\begin{exercise}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	422	A function mapping function symbols to their
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	423	types is called a \textbf{signature}. Given a type
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	424	ranging over type symbols, we can represent a function's type by a
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	425	list of argument types paired with the result type.
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	426	Complete this inductive definition:
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	427	\begin{isabelle}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	428	\isacommand{consts}\ well_typed_gterm::\ "('f\ \isasymRightarrow \ 't\ list\ \ 't)\ \isasymRightarrow \ ('f\ gterm\ \ 't)set"\isanewline
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	429	\isacommand{inductive}\ "well_typed_gterm\ sig"\isanewline
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	430	\end{isabelle}
87dda999deca first version of Advanced Inductive Defs section paulson parents: diff changeset	431	\end{exercise}

author	paulson
	Tue, 12 Dec 2000 12:01:19 +0100
changeset 10648	a8c647cfa31f
parent 10475	77fafa07fc8f
permissions	-rw-r--r--