isabelle: src/Doc/Tutorial/Inductive/AB.thy@c46ff0efa1ce (annotated)

17914 99ead7a7eb42 fix headers; wenzelm parents: 16585 diff changeset	1	(<)theory AB imports Main begin(>)
10225 b9fd52525b69 * empty log message * nipkow parents: 10217 diff changeset	2
67406 23307fd33906 isabelle update_cartouches -c; wenzelm parents: 63648 diff changeset	3	section\<open>Case Study: A Context Free Grammar\<close>
10217 e61e7e1eacaf * empty log message * nipkow parents: diff changeset	4
67406 23307fd33906 isabelle update_cartouches -c; wenzelm parents: 63648 diff changeset	5	text\<open>\label{sec:CFG}
11494 23a118849801 revisions and indexing paulson parents: 11310 diff changeset	6	\index{grammars!defining inductively\|(}%
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	7	Grammars are nothing but shorthands for inductive definitions of nonterminals
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	8	which represent sets of strings. For example, the production
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	9	$A \to B c$ is short for
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	10	\[ w \in B \Longrightarrow wc \in A \]
10884 2995639c6a09 renaming of some files paulson parents: 10608 diff changeset	11	This section demonstrates this idea with an example
2995639c6a09 renaming of some files paulson parents: 10608 diff changeset	12	due to Hopcroft and Ullman, a grammar for generating all words with an
2995639c6a09 renaming of some files paulson parents: 10608 diff changeset	13	equal number of $a$'s and~$b$'s:
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	14	\begin{eqnarray}
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	15	S &\to& \epsilon \mid b A \mid a B \nonumber\\
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	16	A &\to& a S \mid b A A \nonumber\\
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	17	B &\to& b S \mid a B B \nonumber
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	18	\end{eqnarray}
10884 2995639c6a09 renaming of some files paulson parents: 10608 diff changeset	19	At the end we say a few words about the relationship between
58620 7435b6a3f72e more antiquotations; wenzelm parents: 48985 diff changeset	20	the original proof @{cite \<open>p.\ts81\<close> HopcroftUllman} and our formal version.
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	21
69597 ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69505 diff changeset	22	We start by fixing the alphabet, which consists only of \<^term>\<open>a\<close>'s
ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69505 diff changeset	23	and~\<^term>\<open>b\<close>'s:
67406 23307fd33906 isabelle update_cartouches -c; wenzelm parents: 63648 diff changeset	24	\<close>
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	25
11705 ac8ca15c556c fixed numerals; wenzelm parents: 11494 diff changeset	26	datatype alfa = a \| b
10217 e61e7e1eacaf * empty log message * nipkow parents: diff changeset	27
67406 23307fd33906 isabelle update_cartouches -c; wenzelm parents: 63648 diff changeset	28	text\<open>\noindent
10287 9ab1671398a6 two spelling fixes paulson parents: 10283 diff changeset	29	For convenience we include the following easy lemmas as simplification rules:
67406 23307fd33906 isabelle update_cartouches -c; wenzelm parents: 63648 diff changeset	30	\<close>
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	31
11705 ac8ca15c556c fixed numerals; wenzelm parents: 11494 diff changeset	32	lemma [simp]: "(x \<noteq> a) = (x = b) \<and> (x \<noteq> b) = (x = a)"
10884 2995639c6a09 renaming of some files paulson parents: 10608 diff changeset	33	by (case_tac x, auto)
10217 e61e7e1eacaf * empty log message * nipkow parents: diff changeset	34
67406 23307fd33906 isabelle update_cartouches -c; wenzelm parents: 63648 diff changeset	35	text\<open>\noindent
69597 ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69505 diff changeset	36	Words over this alphabet are of type \<^typ>\<open>alfa list\<close>, and
23733 3f8ad7418e55 Adapted to new inductive definition package. berghofe parents: 23380 diff changeset	37	the three nonterminals are declared as sets of such words.
10884 2995639c6a09 renaming of some files paulson parents: 10608 diff changeset	38	The productions above are recast as a \emph{mutual} inductive
10242 028f54cd2cc9 * empty log message * nipkow parents: 10237 diff changeset	39	definition\index{inductive definition!simultaneous}
69597 ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69505 diff changeset	40	of \<^term>\<open>S\<close>, \<^term>\<open>A\<close> and~\<^term>\<open>B\<close>:
67406 23307fd33906 isabelle update_cartouches -c; wenzelm parents: 63648 diff changeset	41	\<close>
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	42
23733 3f8ad7418e55 Adapted to new inductive definition package. berghofe parents: 23380 diff changeset	43	inductive_set
25330 15bf0f47a87d added inductive nipkow parents: 23733 diff changeset	44	S :: "alfa list set" and
15bf0f47a87d added inductive nipkow parents: 23733 diff changeset	45	A :: "alfa list set" and
15bf0f47a87d added inductive nipkow parents: 23733 diff changeset	46	B :: "alfa list set"
23733 3f8ad7418e55 Adapted to new inductive definition package. berghofe parents: 23380 diff changeset	47	where
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	48	"[] \<in> S"
23733 3f8ad7418e55 Adapted to new inductive definition package. berghofe parents: 23380 diff changeset	49	\| "w \<in> A \<Longrightarrow> b#w \<in> S"
3f8ad7418e55 Adapted to new inductive definition package. berghofe parents: 23380 diff changeset	50	\| "w \<in> B \<Longrightarrow> a#w \<in> S"
10217 e61e7e1eacaf * empty log message * nipkow parents: diff changeset	51
23733 3f8ad7418e55 Adapted to new inductive definition package. berghofe parents: 23380 diff changeset	52	\| "w \<in> S \<Longrightarrow> a#w \<in> A"
3f8ad7418e55 Adapted to new inductive definition package. berghofe parents: 23380 diff changeset	53	\| "\<lbrakk> v\<in>A; w\<in>A \<rbrakk> \<Longrightarrow> b#v@w \<in> A"
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	54
23733 3f8ad7418e55 Adapted to new inductive definition package. berghofe parents: 23380 diff changeset	55	\| "w \<in> S \<Longrightarrow> b#w \<in> B"
3f8ad7418e55 Adapted to new inductive definition package. berghofe parents: 23380 diff changeset	56	\| "\<lbrakk> v \<in> B; w \<in> B \<rbrakk> \<Longrightarrow> a#v@w \<in> B"
10217 e61e7e1eacaf * empty log message * nipkow parents: diff changeset	57
67406 23307fd33906 isabelle update_cartouches -c; wenzelm parents: 63648 diff changeset	58	text\<open>\noindent
69597 ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69505 diff changeset	59	First we show that all words in \<^term>\<open>S\<close> contain the same number of \<^term>\<open>a\<close>'s and \<^term>\<open>b\<close>'s. Since the definition of \<^term>\<open>S\<close> is by mutual
10884 2995639c6a09 renaming of some files paulson parents: 10608 diff changeset	60	induction, so is the proof: we show at the same time that all words in
69597 ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69505 diff changeset	61	\<^term>\<open>A\<close> contain one more \<^term>\<open>a\<close> than \<^term>\<open>b\<close> and all words in \<^term>\<open>B\<close> contain one more \<^term>\<open>b\<close> than \<^term>\<open>a\<close>.
67406 23307fd33906 isabelle update_cartouches -c; wenzelm parents: 63648 diff changeset	62	\<close>
10217 e61e7e1eacaf * empty log message * nipkow parents: diff changeset	63
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	64	lemma correctness:
68386 98cf1c823c48 Keep filter input syntax nipkow parents: 68249 diff changeset	65	"(w \<in> S \<longrightarrow> size[x\<leftarrow>w. x=a] = size[x\<leftarrow>w. x=b]) \<and>
98cf1c823c48 Keep filter input syntax nipkow parents: 68249 diff changeset	66	(w \<in> A \<longrightarrow> size[x\<leftarrow>w. x=a] = size[x\<leftarrow>w. x=b] + 1) \<and>
98cf1c823c48 Keep filter input syntax nipkow parents: 68249 diff changeset	67	(w \<in> B \<longrightarrow> size[x\<leftarrow>w. x=b] = size[x\<leftarrow>w. x=a] + 1)"
10217 e61e7e1eacaf * empty log message * nipkow parents: diff changeset	68
67406 23307fd33906 isabelle update_cartouches -c; wenzelm parents: 63648 diff changeset	69	txt\<open>\noindent
69597 ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69505 diff changeset	70	These propositions are expressed with the help of the predefined \<^term>\<open>filter\<close> function on lists, which has the convenient syntax \<open>[x\<leftarrow>xs. P
ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69505 diff changeset	71	x]\<close>, the list of all elements \<^term>\<open>x\<close> in \<^term>\<open>xs\<close> such that \<^prop>\<open>P x\<close>
69505 cc2d676d5395 isabelle update_cartouches -t; wenzelm parents: 68386 diff changeset	72	holds. Remember that on lists \<open>size\<close> and \<open>length\<close> are synonymous.
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	73
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	74	The proof itself is by rule induction and afterwards automatic:
67406 23307fd33906 isabelle update_cartouches -c; wenzelm parents: 63648 diff changeset	75	\<close>
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	76
10884 2995639c6a09 renaming of some files paulson parents: 10608 diff changeset	77	by (rule S_A_B.induct, auto)
10217 e61e7e1eacaf * empty log message * nipkow parents: diff changeset	78
67406 23307fd33906 isabelle update_cartouches -c; wenzelm parents: 63648 diff changeset	79	text\<open>\noindent
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	80	This may seem surprising at first, and is indeed an indication of the power
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	81	of inductive definitions. But it is also quite straightforward. For example,
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	82	consider the production $A \to b A A$: if $v,w \in A$ and the elements of $A$
10884 2995639c6a09 renaming of some files paulson parents: 10608 diff changeset	83	contain one more $a$ than~$b$'s, then $bvw$ must again contain one more $a$
2995639c6a09 renaming of some files paulson parents: 10608 diff changeset	84	than~$b$'s.
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	85
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	86	As usual, the correctness of syntactic descriptions is easy, but completeness
69597 ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69505 diff changeset	87	is hard: does \<^term>\<open>S\<close> contain \emph{all} words with an equal number of
ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69505 diff changeset	88	\<^term>\<open>a\<close>'s and \<^term>\<open>b\<close>'s? It turns out that this proof requires the
ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69505 diff changeset	89	following lemma: every string with two more \<^term>\<open>a\<close>'s than \<^term>\<open>b\<close>'s can be cut somewhere such that each half has one more \<^term>\<open>a\<close> than
ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69505 diff changeset	90	\<^term>\<open>b\<close>. This is best seen by imagining counting the difference between the
ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69505 diff changeset	91	number of \<^term>\<open>a\<close>'s and \<^term>\<open>b\<close>'s starting at the left end of the
10283 ff003e2b790c * empty log message * nipkow parents: 10242 diff changeset	92	word. We start with 0 and end (at the right end) with 2. Since each move to the
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	93	right increases or decreases the difference by 1, we must have passed through
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	94	1 on our way from 0 to 2. Formally, we appeal to the following discrete
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	95	intermediate value theorem @{thm[source]nat0_intermed_int_val}
16412 50eab0183aea * empty log message * nipkow parents: 12815 diff changeset	96	@{thm[display,margin=60]nat0_intermed_int_val[no_vars]}
69597 ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69505 diff changeset	97	where \<^term>\<open>f\<close> is of type \<^typ>\<open>nat \<Rightarrow> int\<close>, \<^typ>\<open>int\<close> are the integers,
69505 cc2d676d5395 isabelle update_cartouches -t; wenzelm parents: 68386 diff changeset	98	\<open>\<bar>.\<bar>\<close> is the absolute value function\footnote{See
11308 b28bbb153603 * empty log message * nipkow parents: 11257 diff changeset	99	Table~\ref{tab:ascii} in the Appendix for the correct \textsc{ascii}
69597 ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69505 diff changeset	100	syntax.}, and \<^term>\<open>1::int\<close> is the integer 1 (see \S\ref{sec:numbers}).
10217 e61e7e1eacaf * empty log message * nipkow parents: diff changeset	101
11147 d848c6693185 * empty log message * nipkow parents: 10884 diff changeset	102	First we show that our specific function, the difference between the
69597 ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69505 diff changeset	103	numbers of \<^term>\<open>a\<close>'s and \<^term>\<open>b\<close>'s, does indeed only change by 1 in every
ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69505 diff changeset	104	move to the right. At this point we also start generalizing from \<^term>\<open>a\<close>'s
ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69505 diff changeset	105	and \<^term>\<open>b\<close>'s to an arbitrary property \<^term>\<open>P\<close>. Otherwise we would have
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	106	to prove the desired lemma twice, once as stated above and once with the
69597 ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69505 diff changeset	107	roles of \<^term>\<open>a\<close>'s and \<^term>\<open>b\<close>'s interchanged.
67406 23307fd33906 isabelle update_cartouches -c; wenzelm parents: 63648 diff changeset	108	\<close>
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	109
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	110	lemma step1: "\<forall>i < size w.
68386 98cf1c823c48 Keep filter input syntax nipkow parents: 68249 diff changeset	111	\<bar>(int(size[x\<leftarrow>take (i+1) w. P x])-int(size[x\<leftarrow>take (i+1) w. \<not>P x]))
98cf1c823c48 Keep filter input syntax nipkow parents: 68249 diff changeset	112	- (int(size[x\<leftarrow>take i w. P x])-int(size[x\<leftarrow>take i w. \<not>P x]))\<bar> \<le> 1"
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	113
67406 23307fd33906 isabelle update_cartouches -c; wenzelm parents: 63648 diff changeset	114	txt\<open>\noindent
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	115	The lemma is a bit hard to read because of the coercion function
69597 ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69505 diff changeset	116	\<open>int :: nat \<Rightarrow> int\<close>. It is required because \<^term>\<open>size\<close> returns
ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69505 diff changeset	117	a natural number, but subtraction on type~\<^typ>\<open>nat\<close> will do the wrong thing.
ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69505 diff changeset	118	Function \<^term>\<open>take\<close> is predefined and \<^term>\<open>take i xs\<close> is the prefix of
ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69505 diff changeset	119	length \<^term>\<open>i\<close> of \<^term>\<open>xs\<close>; below we also need \<^term>\<open>drop i xs\<close>, which
ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69505 diff changeset	120	is what remains after that prefix has been dropped from \<^term>\<open>xs\<close>.
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	121
69597 ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69505 diff changeset	122	The proof is by induction on \<^term>\<open>w\<close>, with a trivial base case, and a not
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	123	so trivial induction step. Since it is essentially just arithmetic, we do not
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	124	discuss it.
67406 23307fd33906 isabelle update_cartouches -c; wenzelm parents: 63648 diff changeset	125	\<close>
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	126
12332 aea72a834c85 * empty log message * nipkow parents: 11870 diff changeset	127	apply(induct_tac w)
16585 02cf78f0afce replacing zabs_def by abs_if paulson parents: 16412 diff changeset	128	apply(auto simp add: abs_if take_Cons split: nat.split)
02cf78f0afce replacing zabs_def by abs_if paulson parents: 16412 diff changeset	129	done
10217 e61e7e1eacaf * empty log message * nipkow parents: diff changeset	130
67406 23307fd33906 isabelle update_cartouches -c; wenzelm parents: 63648 diff changeset	131	text\<open>
11494 23a118849801 revisions and indexing paulson parents: 11310 diff changeset	132	Finally we come to the above-mentioned lemma about cutting in half a word with two more elements of one sort than of the other sort:
67406 23307fd33906 isabelle update_cartouches -c; wenzelm parents: 63648 diff changeset	133	\<close>
10217 e61e7e1eacaf * empty log message * nipkow parents: diff changeset	134
e61e7e1eacaf * empty log message * nipkow parents: diff changeset	135	lemma part1:
68386 98cf1c823c48 Keep filter input syntax nipkow parents: 68249 diff changeset	136	"size[x\<leftarrow>w. P x] = size[x\<leftarrow>w. \<not>P x]+2 \<Longrightarrow>
98cf1c823c48 Keep filter input syntax nipkow parents: 68249 diff changeset	137	\<exists>i\<le>size w. size[x\<leftarrow>take i w. P x] = size[x\<leftarrow>take i w. \<not>P x]+1"
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	138
67406 23307fd33906 isabelle update_cartouches -c; wenzelm parents: 63648 diff changeset	139	txt\<open>\noindent
69505 cc2d676d5395 isabelle update_cartouches -t; wenzelm parents: 68386 diff changeset	140	This is proved by \<open>force\<close> with the help of the intermediate value theorem,
10608 620647438780 * empty log message * nipkow parents: 10520 diff changeset	141	instantiated appropriately and with its first premise disposed of by lemma
620647438780 * empty log message * nipkow parents: 10520 diff changeset	142	@{thm[source]step1}:
67406 23307fd33906 isabelle update_cartouches -c; wenzelm parents: 63648 diff changeset	143	\<close>
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	144
11870 181bd2050cf4 Numerals now work for the integers: the binary numerals for 0 and 1 rewrite paulson parents: 11705 diff changeset	145	apply(insert nat0_intermed_int_val[OF step1, of "P" "w" "1"])
11705 ac8ca15c556c fixed numerals; wenzelm parents: 11494 diff changeset	146	by force
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	147
67406 23307fd33906 isabelle update_cartouches -c; wenzelm parents: 63648 diff changeset	148	text\<open>\noindent
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	149
69597 ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69505 diff changeset	150	Lemma @{thm[source]part1} tells us only about the prefix \<^term>\<open>take i w\<close>.
ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69505 diff changeset	151	An easy lemma deals with the suffix \<^term>\<open>drop i w\<close>:
67406 23307fd33906 isabelle update_cartouches -c; wenzelm parents: 63648 diff changeset	152	\<close>
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	153
10217 e61e7e1eacaf * empty log message * nipkow parents: diff changeset	154
e61e7e1eacaf * empty log message * nipkow parents: diff changeset	155	lemma part2:
68386 98cf1c823c48 Keep filter input syntax nipkow parents: 68249 diff changeset	156	"\<lbrakk>size[x\<leftarrow>take i w @ drop i w. P x] =
98cf1c823c48 Keep filter input syntax nipkow parents: 68249 diff changeset	157	size[x\<leftarrow>take i w @ drop i w. \<not>P x]+2;
98cf1c823c48 Keep filter input syntax nipkow parents: 68249 diff changeset	158	size[x\<leftarrow>take i w. P x] = size[x\<leftarrow>take i w. \<not>P x]+1\<rbrakk>
98cf1c823c48 Keep filter input syntax nipkow parents: 68249 diff changeset	159	\<Longrightarrow> size[x\<leftarrow>drop i w. P x] = size[x\<leftarrow>drop i w. \<not>P x]+1"
12815 1f073030b97a tuned; wenzelm parents: 12332 diff changeset	160	by(simp del: append_take_drop_id)
10217 e61e7e1eacaf * empty log message * nipkow parents: diff changeset	161
67406 23307fd33906 isabelle update_cartouches -c; wenzelm parents: 63648 diff changeset	162	text\<open>\noindent
11257 622331bbdb7f * empty log message * nipkow parents: 11147 diff changeset	163	In the proof we have disabled the normally useful lemma
10884 2995639c6a09 renaming of some files paulson parents: 10608 diff changeset	164	\begin{isabelle}
2995639c6a09 renaming of some files paulson parents: 10608 diff changeset	165	@{thm append_take_drop_id[no_vars]}
2995639c6a09 renaming of some files paulson parents: 10608 diff changeset	166	\rulename{append_take_drop_id}
2995639c6a09 renaming of some files paulson parents: 10608 diff changeset	167	\end{isabelle}
11257 622331bbdb7f * empty log message * nipkow parents: 11147 diff changeset	168	to allow the simplifier to apply the following lemma instead:
622331bbdb7f * empty log message * nipkow parents: 11147 diff changeset	169	@{text[display]"[x\<in>xs@ys. P x] = [x\<in>xs. P x] @ [x\<in>ys. P x]"}
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	170
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	171	To dispose of trivial cases automatically, the rules of the inductive
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	172	definition are declared simplification rules:
67406 23307fd33906 isabelle update_cartouches -c; wenzelm parents: 63648 diff changeset	173	\<close>
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	174
11705 ac8ca15c556c fixed numerals; wenzelm parents: 11494 diff changeset	175	declare S_A_B.intros[simp]
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	176
67406 23307fd33906 isabelle update_cartouches -c; wenzelm parents: 63648 diff changeset	177	text\<open>\noindent
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	178	This could have been done earlier but was not necessary so far.
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	179
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	180	The completeness theorem tells us that if a word has the same number of
69597 ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69505 diff changeset	181	\<^term>\<open>a\<close>'s and \<^term>\<open>b\<close>'s, then it is in \<^term>\<open>S\<close>, and similarly
ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69505 diff changeset	182	for \<^term>\<open>A\<close> and \<^term>\<open>B\<close>:
67406 23307fd33906 isabelle update_cartouches -c; wenzelm parents: 63648 diff changeset	183	\<close>
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	184
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	185	theorem completeness:
68386 98cf1c823c48 Keep filter input syntax nipkow parents: 68249 diff changeset	186	"(size[x\<leftarrow>w. x=a] = size[x\<leftarrow>w. x=b] \<longrightarrow> w \<in> S) \<and>
98cf1c823c48 Keep filter input syntax nipkow parents: 68249 diff changeset	187	(size[x\<leftarrow>w. x=a] = size[x\<leftarrow>w. x=b] + 1 \<longrightarrow> w \<in> A) \<and>
98cf1c823c48 Keep filter input syntax nipkow parents: 68249 diff changeset	188	(size[x\<leftarrow>w. x=b] = size[x\<leftarrow>w. x=a] + 1 \<longrightarrow> w \<in> B)"
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	189
67406 23307fd33906 isabelle update_cartouches -c; wenzelm parents: 63648 diff changeset	190	txt\<open>\noindent
69597 ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69505 diff changeset	191	The proof is by induction on \<^term>\<open>w\<close>. Structural induction would fail here
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	192	because, as we can see from the grammar, we need to make bigger steps than
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	193	merely appending a single letter at the front. Hence we induct on the length
69597 ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69505 diff changeset	194	of \<^term>\<open>w\<close>, using the induction rule @{thm[source]length_induct}:
67406 23307fd33906 isabelle update_cartouches -c; wenzelm parents: 63648 diff changeset	195	\<close>
10217 e61e7e1eacaf * empty log message * nipkow parents: diff changeset	196
11705 ac8ca15c556c fixed numerals; wenzelm parents: 11494 diff changeset	197	apply(induct_tac w rule: length_induct)
27167 a99747ccba87 typo nipkow parents: 25330 diff changeset	198	apply(rename_tac w)
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	199
67406 23307fd33906 isabelle update_cartouches -c; wenzelm parents: 63648 diff changeset	200	txt\<open>\noindent
69505 cc2d676d5395 isabelle update_cartouches -t; wenzelm parents: 68386 diff changeset	201	The \<open>rule\<close> parameter tells \<open>induct_tac\<close> explicitly which induction
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	202	rule to use. For details see \S\ref{sec:complete-ind} below.
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	203	In this case the result is that we may assume the lemma already
69597 ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69505 diff changeset	204	holds for all words shorter than \<^term>\<open>w\<close>. Because the induction step renames
69505 cc2d676d5395 isabelle update_cartouches -t; wenzelm parents: 68386 diff changeset	205	the induction variable we rename it back to \<open>w\<close>.
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	206
69597 ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69505 diff changeset	207	The proof continues with a case distinction on \<^term>\<open>w\<close>,
ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69505 diff changeset	208	on whether \<^term>\<open>w\<close> is empty or not.
67406 23307fd33906 isabelle update_cartouches -c; wenzelm parents: 63648 diff changeset	209	\<close>
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	210
11705 ac8ca15c556c fixed numerals; wenzelm parents: 11494 diff changeset	211	apply(case_tac w)
ac8ca15c556c fixed numerals; wenzelm parents: 11494 diff changeset	212	apply(simp_all)
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	213	(<)apply(rename_tac x v)(>)
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	214
67406 23307fd33906 isabelle update_cartouches -c; wenzelm parents: 63648 diff changeset	215	txt\<open>\noindent
11257 622331bbdb7f * empty log message * nipkow parents: 11147 diff changeset	216	Simplification disposes of the base case and leaves only a conjunction
622331bbdb7f * empty log message * nipkow parents: 11147 diff changeset	217	of two step cases to be proved:
69597 ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69505 diff changeset	218	if \<^prop>\<open>w = a#v\<close> and @{prop[display]"size[x\<in>v. x=a] = size[x\<in>v. x=b]+2"} then
ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69505 diff changeset	219	\<^prop>\<open>b#v \<in> A\<close>, and similarly for \<^prop>\<open>w = b#v\<close>.
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	220	We only consider the first case in detail.
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	221
11257 622331bbdb7f * empty log message * nipkow parents: 11147 diff changeset	222	After breaking the conjunction up into two cases, we can apply
69597 ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69505 diff changeset	223	@{thm[source]part1} to the assumption that \<^term>\<open>w\<close> contains two more \<^term>\<open>a\<close>'s than \<^term>\<open>b\<close>'s.
67406 23307fd33906 isabelle update_cartouches -c; wenzelm parents: 63648 diff changeset	224	\<close>
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	225
11257 622331bbdb7f * empty log message * nipkow parents: 11147 diff changeset	226	apply(rule conjI)
622331bbdb7f * empty log message * nipkow parents: 11147 diff changeset	227	apply(clarify)
622331bbdb7f * empty log message * nipkow parents: 11147 diff changeset	228	apply(frule part1[of "\<lambda>x. x=a", simplified])
622331bbdb7f * empty log message * nipkow parents: 11147 diff changeset	229	apply(clarify)
67406 23307fd33906 isabelle update_cartouches -c; wenzelm parents: 63648 diff changeset	230	txt\<open>\noindent
69597 ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69505 diff changeset	231	This yields an index \<^prop>\<open>i \<le> length v\<close> such that
68386 98cf1c823c48 Keep filter input syntax nipkow parents: 68249 diff changeset	232	@{prop[display]"length [x\<leftarrow>take i v . x = a] = length [x\<leftarrow>take i v . x = b] + 1"}
11147 d848c6693185 * empty log message * nipkow parents: 10884 diff changeset	233	With the help of @{thm[source]part2} it follows that
68386 98cf1c823c48 Keep filter input syntax nipkow parents: 68249 diff changeset	234	@{prop[display]"length [x\<leftarrow>drop i v . x = a] = length [x\<leftarrow>drop i v . x = b] + 1"}
67406 23307fd33906 isabelle update_cartouches -c; wenzelm parents: 63648 diff changeset	235	\<close>
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	236
11257 622331bbdb7f * empty log message * nipkow parents: 11147 diff changeset	237	apply(drule part2[of "\<lambda>x. x=a", simplified])
622331bbdb7f * empty log message * nipkow parents: 11147 diff changeset	238	apply(assumption)
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	239
67406 23307fd33906 isabelle update_cartouches -c; wenzelm parents: 63648 diff changeset	240	txt\<open>\noindent
69597 ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69505 diff changeset	241	Now it is time to decompose \<^term>\<open>v\<close> in the conclusion \<^prop>\<open>b#v \<in> A\<close>
ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69505 diff changeset	242	into \<^term>\<open>take i v @ drop i v\<close>,
67406 23307fd33906 isabelle update_cartouches -c; wenzelm parents: 63648 diff changeset	243	\<close>
11257 622331bbdb7f * empty log message * nipkow parents: 11147 diff changeset	244
622331bbdb7f * empty log message * nipkow parents: 11147 diff changeset	245	apply(rule_tac n1=i and t=v in subst[OF append_take_drop_id])
622331bbdb7f * empty log message * nipkow parents: 11147 diff changeset	246
67406 23307fd33906 isabelle update_cartouches -c; wenzelm parents: 63648 diff changeset	247	txt\<open>\noindent
69597 ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69505 diff changeset	248	(the variables \<^term>\<open>n1\<close> and \<^term>\<open>t\<close> are the result of composing the
11257 622331bbdb7f * empty log message * nipkow parents: 11147 diff changeset	249	theorems @{thm[source]subst} and @{thm[source]append_take_drop_id})
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	250	after which the appropriate rule of the grammar reduces the goal
69597 ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69505 diff changeset	251	to the two subgoals \<^prop>\<open>take i v \<in> A\<close> and \<^prop>\<open>drop i v \<in> A\<close>:
67406 23307fd33906 isabelle update_cartouches -c; wenzelm parents: 63648 diff changeset	252	\<close>
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	253
11257 622331bbdb7f * empty log message * nipkow parents: 11147 diff changeset	254	apply(rule S_A_B.intros)
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	255
67406 23307fd33906 isabelle update_cartouches -c; wenzelm parents: 63648 diff changeset	256	txt\<open>
69597 ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69505 diff changeset	257	Both subgoals follow from the induction hypothesis because both \<^term>\<open>take i
ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69505 diff changeset	258	v\<close> and \<^term>\<open>drop i v\<close> are shorter than \<^term>\<open>w\<close>:
67406 23307fd33906 isabelle update_cartouches -c; wenzelm parents: 63648 diff changeset	259	\<close>
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	260
11257 622331bbdb7f * empty log message * nipkow parents: 11147 diff changeset	261	apply(force simp add: min_less_iff_disj)
63648 f9f3006a5579 "split add" -> "split" nipkow parents: 58620 diff changeset	262	apply(force split: nat_diff_split)
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	263
67406 23307fd33906 isabelle update_cartouches -c; wenzelm parents: 63648 diff changeset	264	txt\<open>
69597 ff784d5a5bfb isabelle update -u control_cartouches; wenzelm parents: 69505 diff changeset	265	The case \<^prop>\<open>w = b#v\<close> is proved analogously:
67406 23307fd33906 isabelle update_cartouches -c; wenzelm parents: 63648 diff changeset	266	\<close>
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	267
11257 622331bbdb7f * empty log message * nipkow parents: 11147 diff changeset	268	apply(clarify)
622331bbdb7f * empty log message * nipkow parents: 11147 diff changeset	269	apply(frule part1[of "\<lambda>x. x=b", simplified])
622331bbdb7f * empty log message * nipkow parents: 11147 diff changeset	270	apply(clarify)
622331bbdb7f * empty log message * nipkow parents: 11147 diff changeset	271	apply(drule part2[of "\<lambda>x. x=b", simplified])
622331bbdb7f * empty log message * nipkow parents: 11147 diff changeset	272	apply(assumption)
622331bbdb7f * empty log message * nipkow parents: 11147 diff changeset	273	apply(rule_tac n1=i and t=v in subst[OF append_take_drop_id])
622331bbdb7f * empty log message * nipkow parents: 11147 diff changeset	274	apply(rule S_A_B.intros)
12815 1f073030b97a tuned; wenzelm parents: 12332 diff changeset	275	apply(force simp add: min_less_iff_disj)
63648 f9f3006a5579 "split add" -> "split" nipkow parents: 58620 diff changeset	276	by(force simp add: min_less_iff_disj split: nat_diff_split)
10217 e61e7e1eacaf * empty log message * nipkow parents: diff changeset	277
67406 23307fd33906 isabelle update_cartouches -c; wenzelm parents: 63648 diff changeset	278	text\<open>
10884 2995639c6a09 renaming of some files paulson parents: 10608 diff changeset	279	We conclude this section with a comparison of our proof with
11494 23a118849801 revisions and indexing paulson parents: 11310 diff changeset	280	Hopcroft\index{Hopcroft, J. E.} and Ullman's\index{Ullman, J. D.}
58620 7435b6a3f72e more antiquotations; wenzelm parents: 48985 diff changeset	281	@{cite \<open>p.\ts81\<close> HopcroftUllman}.
11494 23a118849801 revisions and indexing paulson parents: 11310 diff changeset	282	For a start, the textbook
11257 622331bbdb7f * empty log message * nipkow parents: 11147 diff changeset	283	grammar, for no good reason, excludes the empty word, thus complicating
622331bbdb7f * empty log message * nipkow parents: 11147 diff changeset	284	matters just a little bit: they have 8 instead of our 7 productions.
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	285
11147 d848c6693185 * empty log message * nipkow parents: 10884 diff changeset	286	More importantly, the proof itself is different: rather than
d848c6693185 * empty log message * nipkow parents: 10884 diff changeset	287	separating the two directions, they perform one induction on the
d848c6693185 * empty log message * nipkow parents: 10884 diff changeset	288	length of a word. This deprives them of the beauty of rule induction,
d848c6693185 * empty log message * nipkow parents: 10884 diff changeset	289	and in the easy direction (correctness) their reasoning is more
69505 cc2d676d5395 isabelle update_cartouches -t; wenzelm parents: 68386 diff changeset	290	detailed than our \<open>auto\<close>. For the hard part (completeness), they
cc2d676d5395 isabelle update_cartouches -t; wenzelm parents: 68386 diff changeset	291	consider just one of the cases that our \<open>simp_all\<close> disposes of
11147 d848c6693185 * empty log message * nipkow parents: 10884 diff changeset	292	automatically. Then they conclude the proof by saying about the
d848c6693185 * empty log message * nipkow parents: 10884 diff changeset	293	remaining cases: ``We do this in a manner similar to our method of
d848c6693185 * empty log message * nipkow parents: 10884 diff changeset	294	proof for part (1); this part is left to the reader''. But this is
d848c6693185 * empty log message * nipkow parents: 10884 diff changeset	295	precisely the part that requires the intermediate value theorem and
d848c6693185 * empty log message * nipkow parents: 10884 diff changeset	296	thus is not at all similar to the other cases (which are automatic in
d848c6693185 * empty log message * nipkow parents: 10884 diff changeset	297	Isabelle). The authors are at least cavalier about this point and may
d848c6693185 * empty log message * nipkow parents: 10884 diff changeset	298	even have overlooked the slight difficulty lurking in the omitted
11494 23a118849801 revisions and indexing paulson parents: 11310 diff changeset	299	cases. Such errors are found in many pen-and-paper proofs when they
23a118849801 revisions and indexing paulson parents: 11310 diff changeset	300	are scrutinized formally.%
23a118849801 revisions and indexing paulson parents: 11310 diff changeset	301	\index{grammars!defining inductively\|)}
67406 23307fd33906 isabelle update_cartouches -c; wenzelm parents: 63648 diff changeset	302	\<close>
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	303
10225 b9fd52525b69 * empty log message * nipkow parents: 10217 diff changeset	304	(<)end(>)

author	wenzelm
	Wed, 19 May 2021 11:54:58 +0200
changeset 73740	c46ff0efa1ce
parent 69597	ff784d5a5bfb
child 76987	4c275405faae
permissions	-rw-r--r--