isabelle: doc-src/TutorialI/Misc/document/Itrev.tex@b098158a3f39 (annotated)

9722 a5f86aed785b * empty log message * nipkow parents: 9721 diff changeset	1	%
a5f86aed785b * empty log message * nipkow parents: 9721 diff changeset	2	\begin{isabellebody}%
9924 3370f6aa3200 updated; wenzelm parents: 9844 diff changeset	3	\def\isabellecontext{Itrev}%
11866 fbd097aec213 updated; wenzelm parents: 11458 diff changeset	4	\isamarkupfalse%
8749 2665170f104a Adding generated files nipkow parents: diff changeset	5	%
10878 b254d5ad6dd4 auto update paulson parents: 10795 diff changeset	6	\isamarkupsection{Induction Heuristics%
10397 e2d0dda41f2c auto update paulson parents: 10396 diff changeset	7	}
11866 fbd097aec213 updated; wenzelm parents: 11458 diff changeset	8	\isamarkuptrue%
9844 8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	9	%
8749 2665170f104a Adding generated files nipkow parents: diff changeset	10	\begin{isamarkuptext}%
9844 8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	11	\label{sec:InductionHeuristics}
11458 09a6c44a48ea numerous stylistic changes and indexing paulson parents: 10971 diff changeset	12	\index{induction heuristics\|(}%
9844 8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	13	The purpose of this section is to illustrate some simple heuristics for
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	14	inductive proofs. The first one we have already mentioned in our initial
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	15	example:
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	16	\begin{quote}
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	17	\emph{Theorems about recursive functions are proved by induction.}
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	18	\end{quote}
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	19	In case the function has more than one argument
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	20	\begin{quote}
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	21	\emph{Do induction on argument number $i$ if the function is defined by
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	22	recursion in argument number $i$.}
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	23	\end{quote}
11458 09a6c44a48ea numerous stylistic changes and indexing paulson parents: 10971 diff changeset	24	When we look at the proof of \isa{{\isacharparenleft}xs{\isacharat}ys{\isacharparenright}\ {\isacharat}\ zs\ {\isacharequal}\ xs\ {\isacharat}\ {\isacharparenleft}ys{\isacharat}zs{\isacharparenright}}
09a6c44a48ea numerous stylistic changes and indexing paulson parents: 10971 diff changeset	25	in \S\ref{sec:intro-proof} we find
09a6c44a48ea numerous stylistic changes and indexing paulson parents: 10971 diff changeset	26	\begin{itemize}
09a6c44a48ea numerous stylistic changes and indexing paulson parents: 10971 diff changeset	27	\item \isa{{\isacharat}} is recursive in
09a6c44a48ea numerous stylistic changes and indexing paulson parents: 10971 diff changeset	28	the first argument
09a6c44a48ea numerous stylistic changes and indexing paulson parents: 10971 diff changeset	29	\item \isa{xs} occurs only as the first argument of
09a6c44a48ea numerous stylistic changes and indexing paulson parents: 10971 diff changeset	30	\isa{{\isacharat}}
09a6c44a48ea numerous stylistic changes and indexing paulson parents: 10971 diff changeset	31	\item both \isa{ys} and \isa{zs} occur at least once as
09a6c44a48ea numerous stylistic changes and indexing paulson parents: 10971 diff changeset	32	the second argument of \isa{{\isacharat}}
09a6c44a48ea numerous stylistic changes and indexing paulson parents: 10971 diff changeset	33	\end{itemize}
09a6c44a48ea numerous stylistic changes and indexing paulson parents: 10971 diff changeset	34	Hence it is natural to perform induction on~\isa{xs}.
9844 8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	35
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	36	The key heuristic, and the main point of this section, is to
11458 09a6c44a48ea numerous stylistic changes and indexing paulson parents: 10971 diff changeset	37	\emph{generalize the goal before induction}.
09a6c44a48ea numerous stylistic changes and indexing paulson parents: 10971 diff changeset	38	The reason is simple: if the goal is
9844 8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	39	too specific, the induction hypothesis is too weak to allow the induction
10971 6852682eaf16 * empty log message * nipkow parents: 10950 diff changeset	40	step to go through. Let us illustrate the idea with an example.
9844 8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	41
11458 09a6c44a48ea numerous stylistic changes and indexing paulson parents: 10971 diff changeset	42	Function \cdx{rev} has quadratic worst-case running time
9792 bbefb6ce5cb2 * empty log message * nipkow parents: 9754 diff changeset	43	because it calls function \isa{{\isacharat}} for each element of the list and
bbefb6ce5cb2 * empty log message * nipkow parents: 9754 diff changeset	44	\isa{{\isacharat}} is linear in its first argument. A linear time version of
9493 494f8cd34df7 * empty log message * nipkow parents: 9145 diff changeset	45	\isa{rev} reqires an extra argument where the result is accumulated
11458 09a6c44a48ea numerous stylistic changes and indexing paulson parents: 10971 diff changeset	46	gradually, using only~\isa{{\isacharhash}}:%
8749 2665170f104a Adding generated files nipkow parents: diff changeset	47	\end{isamarkuptext}%
11866 fbd097aec213 updated; wenzelm parents: 11458 diff changeset	48	\isamarkuptrue%
9673 1b2d4f995b13 updated; wenzelm parents: 9644 diff changeset	49	\isacommand{consts}\ itrev\ {\isacharcolon}{\isacharcolon}\ {\isachardoublequote}{\isacharprime}a\ list\ {\isasymRightarrow}\ {\isacharprime}a\ list\ {\isasymRightarrow}\ {\isacharprime}a\ list{\isachardoublequote}\isanewline
11866 fbd097aec213 updated; wenzelm parents: 11458 diff changeset	50	\isamarkupfalse%
8749 2665170f104a Adding generated files nipkow parents: diff changeset	51	\isacommand{primrec}\isanewline
9673 1b2d4f995b13 updated; wenzelm parents: 9644 diff changeset	52	{\isachardoublequote}itrev\ {\isacharbrackleft}{\isacharbrackright}\ \ \ \ \ ys\ {\isacharequal}\ ys{\isachardoublequote}\isanewline
11866 fbd097aec213 updated; wenzelm parents: 11458 diff changeset	53	{\isachardoublequote}itrev\ {\isacharparenleft}x{\isacharhash}xs{\isacharparenright}\ ys\ {\isacharequal}\ itrev\ xs\ {\isacharparenleft}x{\isacharhash}ys{\isacharparenright}{\isachardoublequote}\isamarkupfalse%
fbd097aec213 updated; wenzelm parents: 11458 diff changeset	54	%
8749 2665170f104a Adding generated files nipkow parents: diff changeset	55	\begin{isamarkuptext}%
9792 bbefb6ce5cb2 * empty log message * nipkow parents: 9754 diff changeset	56	\noindent
11458 09a6c44a48ea numerous stylistic changes and indexing paulson parents: 10971 diff changeset	57	The behaviour of \cdx{itrev} is simple: it reverses
9493 494f8cd34df7 * empty log message * nipkow parents: 9145 diff changeset	58	its first argument by stacking its elements onto the second argument,
494f8cd34df7 * empty log message * nipkow parents: 9145 diff changeset	59	and returning that second argument when the first one becomes
11458 09a6c44a48ea numerous stylistic changes and indexing paulson parents: 10971 diff changeset	60	empty. Note that \isa{itrev} is tail-recursive: it can be
9493 494f8cd34df7 * empty log message * nipkow parents: 9145 diff changeset	61	compiled into a loop.
494f8cd34df7 * empty log message * nipkow parents: 9145 diff changeset	62
494f8cd34df7 * empty log message * nipkow parents: 9145 diff changeset	63	Naturally, we would like to show that \isa{itrev} does indeed reverse
494f8cd34df7 * empty log message * nipkow parents: 9145 diff changeset	64	its first argument provided the second one is empty:%
8749 2665170f104a Adding generated files nipkow parents: diff changeset	65	\end{isamarkuptext}%
11866 fbd097aec213 updated; wenzelm parents: 11458 diff changeset	66	\isamarkuptrue%
fbd097aec213 updated; wenzelm parents: 11458 diff changeset	67	\isacommand{lemma}\ {\isachardoublequote}itrev\ xs\ {\isacharbrackleft}{\isacharbrackright}\ {\isacharequal}\ rev\ xs{\isachardoublequote}\isamarkupfalse%
fbd097aec213 updated; wenzelm parents: 11458 diff changeset	68	\isamarkuptrue%
15481 fc075ae929e4 the new subst tactic, by Lucas Dixon paulson parents: 13791 diff changeset	69	\isamarkupfalse%
11866 fbd097aec213 updated; wenzelm parents: 11458 diff changeset	70	\isamarkuptrue%
fbd097aec213 updated; wenzelm parents: 11458 diff changeset	71	\isamarkupfalse%
13791 3b6ff7ceaf27 * empty log message * nipkow parents: 13778 diff changeset	72	\isacommand{lemma}\ {\isachardoublequote}itrev\ xs\ ys\ {\isacharequal}\ rev\ xs\ {\isacharat}\ ys{\isachardoublequote}\isamarkupfalse%
11866 fbd097aec213 updated; wenzelm parents: 11458 diff changeset	73	\isamarkupfalse%
fbd097aec213 updated; wenzelm parents: 11458 diff changeset	74	\isamarkuptrue%
fbd097aec213 updated; wenzelm parents: 11458 diff changeset	75	\isamarkupfalse%
13791 3b6ff7ceaf27 * empty log message * nipkow parents: 13778 diff changeset	76	\isacommand{lemma}\ {\isachardoublequote}{\isasymforall}ys{\isachardot}\ itrev\ xs\ ys\ {\isacharequal}\ rev\ xs\ {\isacharat}\ ys{\isachardoublequote}\isamarkupfalse%
15614 b098158a3f39 auto update paulson parents: 15481 diff changeset	77	\isanewline
11866 fbd097aec213 updated; wenzelm parents: 11458 diff changeset	78	\isamarkupfalse%
fbd097aec213 updated; wenzelm parents: 11458 diff changeset	79	%
9844 8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	80	\begin{isamarkuptext}%
8749 2665170f104a Adding generated files nipkow parents: diff changeset	81	\noindent
2665170f104a Adding generated files nipkow parents: diff changeset	82	This time induction on \isa{xs} followed by simplification succeeds. This
2665170f104a Adding generated files nipkow parents: diff changeset	83	leads to another heuristic for generalization:
2665170f104a Adding generated files nipkow parents: diff changeset	84	\begin{quote}
9754 a123a64cadeb * empty log message * nipkow parents: 9723 diff changeset	85	\emph{Generalize goals for induction by universally quantifying all free
8749 2665170f104a Adding generated files nipkow parents: diff changeset	86	variables {\em(except the induction variable itself!)}.}
2665170f104a Adding generated files nipkow parents: diff changeset	87	\end{quote}
11458 09a6c44a48ea numerous stylistic changes and indexing paulson parents: 10971 diff changeset	88	This prevents trivial failures like the one above and does not affect the
09a6c44a48ea numerous stylistic changes and indexing paulson parents: 10971 diff changeset	89	validity of the goal. However, this heuristic should not be applied blindly.
09a6c44a48ea numerous stylistic changes and indexing paulson parents: 10971 diff changeset	90	It is not always required, and the additional quantifiers can complicate
13081 ab4a3aef3591 * empty log message * nipkow parents: 11866 diff changeset	91	matters in some cases. The variables that should be quantified are typically
11458 09a6c44a48ea numerous stylistic changes and indexing paulson parents: 10971 diff changeset	92	those that change in recursive calls.
9644 6b0b6b471855 * empty log message * nipkow parents: 9541 diff changeset	93
9844 8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	94	A final point worth mentioning is the orientation of the equation we just
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	95	proved: the more complex notion (\isa{itrev}) is on the left-hand
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	96	side, the simpler one (\isa{rev}) on the right-hand side. This constitutes
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	97	another, albeit weak heuristic that is not restricted to induction:
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	98	\begin{quote}
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	99	\emph{The right-hand side of an equation should (in some sense) be simpler
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	100	than the left-hand side.}
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	101	\end{quote}
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	102	This heuristic is tricky to apply because it is not obvious that
8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	103	\isa{rev\ xs\ {\isacharat}\ ys} is simpler than \isa{itrev\ xs\ ys}. But see what
10971 6852682eaf16 * empty log message * nipkow parents: 10950 diff changeset	104	happens if you try to prove \isa{rev\ xs\ {\isacharat}\ ys\ {\isacharequal}\ itrev\ xs\ ys}!
6852682eaf16 * empty log message * nipkow parents: 10950 diff changeset	105
11458 09a6c44a48ea numerous stylistic changes and indexing paulson parents: 10971 diff changeset	106	If you have tried these heuristics and still find your
10971 6852682eaf16 * empty log message * nipkow parents: 10950 diff changeset	107	induction does not go through, and no obvious lemma suggests itself, you may
6852682eaf16 * empty log message * nipkow parents: 10950 diff changeset	108	need to generalize your proposition even further. This requires insight into
11458 09a6c44a48ea numerous stylistic changes and indexing paulson parents: 10971 diff changeset	109	the problem at hand and is beyond simple rules of thumb.
09a6c44a48ea numerous stylistic changes and indexing paulson parents: 10971 diff changeset	110	Additionally, you can read \S\ref{sec:advanced-ind}
10971 6852682eaf16 * empty log message * nipkow parents: 10950 diff changeset	111	to learn about some advanced techniques for inductive proofs.%
11458 09a6c44a48ea numerous stylistic changes and indexing paulson parents: 10971 diff changeset	112	\index{induction heuristics\|)}%
9844 8016321c7de1 * empty log message * nipkow parents: 9792 diff changeset	113	\end{isamarkuptext}%
11866 fbd097aec213 updated; wenzelm parents: 11458 diff changeset	114	\isamarkuptrue%
fbd097aec213 updated; wenzelm parents: 11458 diff changeset	115	\isamarkupfalse%
9722 a5f86aed785b * empty log message * nipkow parents: 9721 diff changeset	116	\end{isabellebody}%
9145 9f7b8de5bfaf updated; wenzelm parents: 8749 diff changeset	117	%%% Local Variables:
9f7b8de5bfaf updated; wenzelm parents: 8749 diff changeset	118	%%% mode: latex
9f7b8de5bfaf updated; wenzelm parents: 8749 diff changeset	119	%%% TeX-master: "root"
9f7b8de5bfaf updated; wenzelm parents: 8749 diff changeset	120	%%% End:

author	paulson
	Fri, 18 Mar 2005 14:31:50 +0100
changeset 15614	b098158a3f39
parent 15481	fc075ae929e4
child 16069	3f2a9f400168
permissions	-rw-r--r--