|
8745
|
1 |
(*<*)
|
|
|
2 |
theory case_splits = Main:;
|
|
|
3 |
(*>*)
|
|
|
4 |
|
|
|
5 |
text{*
|
|
|
6 |
Goals containing \isaindex{if}-expressions are usually proved by case
|
|
|
7 |
distinction on the condition of the \isa{if}. For example the goal
|
|
|
8 |
*}
|
|
|
9 |
|
|
|
10 |
lemma "\\<forall>xs. if xs = [] then rev xs = [] else rev xs \\<noteq> []";
|
|
|
11 |
|
|
|
12 |
txt{*\noindent
|
|
|
13 |
can be split into
|
|
|
14 |
\begin{isabellepar}%
|
|
|
15 |
~1.~{\isasymforall}xs.~(xs~=~[]~{\isasymlongrightarrow}~rev~xs~=~[])~{\isasymand}~(xs~{\isasymnoteq}~[]~{\isasymlongrightarrow}~rev~xs~{\isasymnoteq}~[])%
|
|
|
16 |
\end{isabellepar}%
|
|
|
17 |
by a degenerate form of simplification
|
|
|
18 |
*}
|
|
|
19 |
|
|
|
20 |
apply(simp only: split: split_if);
|
|
|
21 |
(*<*)oops;(*>*)
|
|
|
22 |
|
|
|
23 |
text{*\noindent
|
|
|
24 |
where no simplification rules are included (\isa{only:} is followed by the
|
|
|
25 |
empty list of theorems) but the rule \isaindexbold{split_if} for
|
|
|
26 |
splitting \isa{if}s is added (via the modifier \isa{split:}). Because
|
|
|
27 |
case-splitting on \isa{if}s is almost always the right proof strategy, the
|
|
|
28 |
simplifier performs it automatically. Try \isacommand{apply}\isa{(simp)}
|
|
|
29 |
on the initial goal above.
|
|
|
30 |
|
|
|
31 |
This splitting idea generalizes from \isa{if} to \isaindex{case}:
|
|
|
32 |
*}
|
|
|
33 |
|
|
|
34 |
lemma "(case xs of [] \\<Rightarrow> zs | y#ys \\<Rightarrow> y#(ys@zs)) = xs@zs";
|
|
|
35 |
txt{*\noindent
|
|
|
36 |
becomes
|
|
|
37 |
\begin{isabellepar}%
|
|
|
38 |
~1.~(xs~=~[]~{\isasymlongrightarrow}~zs~=~xs~@~zs)~{\isasymand}\isanewline
|
|
|
39 |
~~~~({\isasymforall}a~list.~xs~=~a~\#~list~{\isasymlongrightarrow}~a~\#~list~@~zs~=~xs~@~zs)%
|
|
|
40 |
\end{isabellepar}%
|
|
|
41 |
by typing
|
|
|
42 |
*}
|
|
|
43 |
|
|
|
44 |
apply(simp only: split: list.split);
|
|
|
45 |
(*<*)oops;(*>*)
|
|
|
46 |
|
|
|
47 |
text{*\noindent
|
|
|
48 |
In contrast to \isa{if}-expressions, the simplifier does not split
|
|
|
49 |
\isa{case}-expressions by default because this can lead to nontermination
|
|
|
50 |
in case of recursive datatypes. Again, if the \isa{only:} modifier is
|
|
8771
|
51 |
dropped, the above goal is solved,
|
|
8745
|
52 |
*}
|
|
|
53 |
(*<*)
|
|
|
54 |
lemma "(case xs of [] \\<Rightarrow> zs | y#ys \\<Rightarrow> y#(ys@zs)) = xs@zs";
|
|
|
55 |
(*>*)
|
|
9458
|
56 |
by(simp split: list.split);
|
|
8745
|
57 |
|
|
8771
|
58 |
text{*\noindent%
|
|
|
59 |
which \isacommand{apply}\isa{(simp)} alone will not do.
|
|
|
60 |
|
|
8745
|
61 |
In general, every datatype $t$ comes with a theorem
|
|
|
62 |
\isa{$t$.split} which can be declared to be a \bfindex{split rule} either
|
|
|
63 |
locally as above, or by giving it the \isa{split} attribute globally:
|
|
|
64 |
*}
|
|
|
65 |
|
|
|
66 |
theorems [split] = list.split;
|
|
|
67 |
|
|
|
68 |
text{*\noindent
|
|
|
69 |
The \isa{split} attribute can be removed with the \isa{del} modifier,
|
|
|
70 |
either locally
|
|
|
71 |
*}
|
|
|
72 |
(*<*)
|
|
|
73 |
lemma "dummy=dummy";
|
|
|
74 |
(*>*)
|
|
|
75 |
apply(simp split del: split_if);
|
|
|
76 |
(*<*)
|
|
|
77 |
oops;
|
|
|
78 |
(*>*)
|
|
|
79 |
text{*\noindent
|
|
|
80 |
or globally:
|
|
|
81 |
*}
|
|
|
82 |
theorems [split del] = list.split;
|
|
|
83 |
|
|
|
84 |
(*<*)
|
|
|
85 |
end
|
|
|
86 |
(*>*)
|