isabelle: doc-src/TutorialI/Inductive/even-example.tex@ca2b00c4bba7 (annotated)

10879 ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	1	% $Id$
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	2	\section{The Set of Even Numbers}
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	3
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	4	The set of even numbers can be inductively defined as the least set
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	5	containing 0 and closed under the operation ${\cdots}+2$. Obviously,
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	6	\emph{even} can also be expressed using the divides relation (\isa{dvd}).
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	7	We shall prove below that the two formulations coincide. On the way we
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	8	shall examine the primary means of reasoning about inductively defined
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	9	sets: rule induction.
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	10
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	11	\subsection{Making an Inductive Definition}
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	12
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	13	Using \isacommand{consts}, we declare the constant \isa{even} to be a set
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	14	of natural numbers. The \isacommand{inductive} declaration gives it the
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	15	desired properties.
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	16	\begin{isabelle}
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	17	\isacommand{consts}\ even\ ::\ "nat\ set"\isanewline
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	18	\isacommand{inductive}\ even\isanewline
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	19	\isakeyword{intros}\isanewline
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	20	zero[intro!]:\ "0\ \isasymin \ even"\isanewline
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	21	step[intro!]:\ "n\ \isasymin \ even\ \isasymLongrightarrow \ (Suc\ (Suc\
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	22	n))\ \isasymin \ even"
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	23	\end{isabelle}
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	24
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	25	An inductive definition consists of introduction rules. The first one
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	26	above states that 0 is even; the second states that if $n$ is even, then so
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	27	is
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	28	$n+2$. Given this declaration, Isabelle generates a fixed point definition
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	29	for \isa{even} and proves theorems about it. These theorems include the
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	30	introduction rules specified in the declaration, an elimination rule for case
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	31	analysis and an induction rule. We can refer to these theorems by
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	32	automatically-generated names. Here are two examples:
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	33	%
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	34	\begin{isabelle}
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	35	0\ \isasymin \ even
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	36	\rulename{even.zero}
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	37	\par\smallskip
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	38	n\ \isasymin \ even\ \isasymLongrightarrow \ Suc\ (Suc\ n)\ \isasymin \
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	39	even%
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	40	\rulename{even.step}
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	41	\end{isabelle}
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	42
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	43	The introduction rules can be given attributes. Here both rules are
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	44	specified as \isa{intro!}, directing the classical reasoner to
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	45	apply them aggressively. Obviously, regarding 0 as even is safe. The
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	46	\isa{step} rule is also safe because $n+2$ is even if and only if $n$ is
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	47	even. We prove this equivalence later.
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	48
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	49	\subsection{Using Introduction Rules}
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	50
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	51	Our first lemma states that numbers of the form $2\times k$ are even.
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	52	Introduction rules are used to show that specific values belong to the
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	53	inductive set. Such proofs typically involve
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	54	induction, perhaps over some other inductive set.
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	55	\begin{isabelle}
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	56	\isacommand{lemma}\ two_times_even[intro!]:\ "\#2*k\ \isasymin \ even"
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	57	\isanewline
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	58	\isacommand{apply}\ (induct\ "k")\isanewline
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	59	\ \isacommand{apply}\ auto\isanewline
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	60	\isacommand{done}
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	61	\end{isabelle}
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	62	%
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	63	The first step is induction on the natural number \isa{k}, which leaves
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	64	two subgoals:
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	65	\begin{isabelle}
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	66	\ 1.\ \#2\ *\ 0\ \isasymin \ even\isanewline
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	67	\ 2.\ \isasymAnd n.\ \#2\ \ n\ \isasymin \ even\ \isasymLongrightarrow \ \#2\ \ Suc\ n\ \isasymin \ even
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	68	\end{isabelle}
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	69	%
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	70	Here \isa{auto} simplifies both subgoals so that they match the introduction
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	71	rules, which are then applied automatically.
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	72
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	73	Our ultimate goal is to prove the equivalence between the traditional
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	74	definition of \isa{even} (using the divides relation) and our inductive
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	75	definition. One direction of this equivalence is immediate by the lemma
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	76	just proved, whose \isa{intro!} attribute ensures it will be used.
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	77	\begin{isabelle}
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	78	\isacommand{lemma}\ dvd_imp_even:\ "\#2\ dvd\ n\ \isasymLongrightarrow \ n\ \isasymin \ even"\isanewline
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	79	\isacommand{by}\ (auto\ simp\ add:\ dvd_def)
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	80	\end{isabelle}
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	81
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	82	\subsection{Rule Induction}
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	83	\label{sec:rule-induction}
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	84
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	85	From the definition of the set
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	86	\isa{even}, Isabelle has
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	87	generated an induction rule:
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	88	\begin{isabelle}
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	89	\isasymlbrakk xa\ \isasymin \ even;\isanewline
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	90	\ P\ 0;\isanewline
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	91	\ \isasymAnd n.\ \isasymlbrakk n\ \isasymin \ even;\ P\ n\isasymrbrakk \
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	92	\isasymLongrightarrow \ P\ (Suc\ (Suc\ n))\isasymrbrakk\isanewline
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	93	\ \isasymLongrightarrow \ P\ xa%
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	94	\rulename{even.induct}
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	95	\end{isabelle}
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	96	A property \isa{P} holds for every even number provided it
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	97	holds for~\isa{0} and is closed under the operation
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	98	\isa{Suc(Suc$\cdots$)}. Then \isa{P} is closed under the introduction
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	99	rules for \isa{even}, which is the least set closed under those rules.
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	100	This type of inductive argument is called \textbf{rule induction}.
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	101
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	102	Apart from the double application of \isa{Suc}, the induction rule above
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	103	resembles the familiar mathematical induction, which indeed is an instance
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	104	of rule induction; the natural numbers can be defined inductively to be
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	105	the least set containing \isa{0} and closed under~\isa{Suc}.
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	106
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	107	Induction is the usual way of proving a property of the elements of an
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	108	inductively defined set. Let us prove that all members of the set
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	109	\isa{even} are multiples of two.
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	110	\begin{isabelle}
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	111	\isacommand{lemma}\ even_imp_dvd:\ "n\ \isasymin \ even\ \isasymLongrightarrow \ \#2\ dvd\ n"
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	112	\end{isabelle}
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	113	%
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	114	We begin by applying induction. Note that \isa{even.induct} has the form
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	115	of an elimination rule, so we use the method \isa{erule}. We get two
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	116	subgoals:
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	117	\begin{isabelle}
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	118	\isacommand{apply}\ (erule\ even.induct)
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	119	\isanewline\isanewline
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	120	\ 1.\ \#2\ dvd\ 0\isanewline
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	121	\ 2.\ \isasymAnd n.\ \isasymlbrakk n\ \isasymin \ even;\ \#2\ dvd\ n\isasymrbrakk \ \isasymLongrightarrow \ \#2\ dvd\ Suc\ (Suc\ n)
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	122	\end{isabelle}
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	123	%
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	124	We unfold the definition of \isa{dvd} in both subgoals, proving the first
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	125	one and simplifying the second:
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	126	\begin{isabelle}
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	127	\isacommand{apply}\ (simp_all\ add:\ dvd_def)
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	128	\isanewline\isanewline
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	129	\ 1.\ \isasymAnd n.\ \isasymlbrakk n\ \isasymin \ even;\ \isasymexists k.\
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	130	n\ =\ \#2\ *\ k\isasymrbrakk \ \isasymLongrightarrow \ \isasymexists k.\
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	131	Suc\ (Suc\ n)\ =\ \#2\ *\ k
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	132	\end{isabelle}
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	133	%
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	134	The next command eliminates the existential quantifier from the assumption
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	135	and replaces \isa{n} by \isa{\#2\ *\ k}.
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	136	\begin{isabelle}
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	137	\isacommand{apply}\ clarify
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	138	\isanewline\isanewline
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	139	\ 1.\ \isasymAnd n\ k.\ \#2\ \ k\ \isasymin \ even\ \isasymLongrightarrow \ \isasymexists ka.\ Suc\ (Suc\ (\#2\ \ k))\ =\ \#2\ *\ ka%
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	140	\end{isabelle}
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	141	%
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	142	To conclude, we tell Isabelle that the desired value is
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	143	\isa{Suc\ k}. With this hint, the subgoal falls to \isa{simp}.
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	144	\begin{isabelle}
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	145	\isacommand{apply}\ (rule_tac\ x\ =\ "Suc\ k"\ \isakeyword{in}\ exI,
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	146	\isacommand{apply}\ simp)
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	147	\end{isabelle}
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	148
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	149
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	150	\medskip
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	151	Combining the previous two results yields our objective, the
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	152	equivalence relating \isa{even} and \isa{dvd}.
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	153	%
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	154	%we don't want [iff]: discuss?
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	155	\begin{isabelle}
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	156	\isacommand{theorem}\ even_iff_dvd:\ "(n\ \isasymin \ even)\ =\ (\#2\ dvd\ n)"\isanewline
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	157	\isacommand{by}\ (blast\ intro:\ dvd_imp_even\ even_imp_dvd)
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	158	\end{isabelle}
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	159
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	160
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	161	\subsection{Generalization and Rule Induction}
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	162	\label{sec:gen-rule-induction}
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	163
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	164	Before applying induction, we typically must generalize
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	165	the induction formula. With rule induction, the required generalization
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	166	can be hard to find and sometimes requires a complete reformulation of the
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	167	problem. In this example, the obvious statement of the result is not
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	168	inductive:
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	169	%
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	170	\begin{isabelle}
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	171	\isacommand{lemma}\ "Suc\ (Suc\ n)\ \isasymin \ even\
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	172	\isasymLongrightarrow \ n\ \isasymin \ even"\isanewline
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	173	\isacommand{apply}\ (erule\ even.induct)\isanewline
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	174	\isacommand{oops}
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	175	\end{isabelle}
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	176	%
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	177	Rule induction finds no occurrences of \isa{Suc(Suc\ n)} in the
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	178	conclusion, which it therefore leaves unchanged. (Look at
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	179	\isa{even.induct} to see why this happens.) We have these subgoals:
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	180	\begin{isabelle}
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	181	\ 1.\ n\ \isasymin \ even\isanewline
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	182	\ 2.\ \isasymAnd na.\ \isasymlbrakk na\ \isasymin \ even;\ n\ \isasymin \ even\isasymrbrakk \ \isasymLongrightarrow \ n\ \isasymin \ even%
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	183	\end{isabelle}
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	184	The first one is hopeless. Rule inductions involving
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	185	non-trivial terms usually fail. How to deal with such situations
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	186	in general is described in {\S}\ref{sec:ind-var-in-prems} below.
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	187	In the current case the solution is easy because
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	188	we have the necessary inverse, subtraction:
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	189	\begin{isabelle}
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	190	\isacommand{lemma}\ even_imp_even_minus_2:\ "n\ \isasymin \ even\ \isasymLongrightarrow \ n-\#2\ \isasymin \ even"\isanewline
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	191	\isacommand{apply}\ (erule\ even.induct)\isanewline
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	192	\ \isacommand{apply}\ auto\isanewline
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	193	\isacommand{done}
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	194	\end{isabelle}
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	195	%
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	196	This lemma is trivially inductive. Here are the subgoals:
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	197	\begin{isabelle}
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	198	\ 1.\ 0\ -\ \#2\ \isasymin \ even\isanewline
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	199	\ 2.\ \isasymAnd n.\ \isasymlbrakk n\ \isasymin \ even;\ n\ -\ \#2\ \isasymin \ even\isasymrbrakk \ \isasymLongrightarrow \ Suc\ (Suc\ n)\ -\ \#2\ \isasymin \ even%
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	200	\end{isabelle}
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	201	The first is trivial because \isa{0\ -\ \#2} simplifies to \isa{0}, which is
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	202	even. The second is trivial too: \isa{Suc\ (Suc\ n)\ -\ \#2} simplifies to
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	203	\isa{n}, matching the assumption.
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	204
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	205	\medskip
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	206	Using our lemma, we can easily prove the result we originally wanted:
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	207	\begin{isabelle}
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	208	\isacommand{lemma}\ Suc_Suc_even_imp_even:\ "Suc\ (Suc\ n)\ \isasymin \ even\ \isasymLongrightarrow \ n\ \isasymin \ even"\isanewline
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	209	\isacommand{by}\ (drule\ even_imp_even_minus_2, \isacommand{apply}\ simp)
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	210	\end{isabelle}
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	211
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	212	We have just proved the converse of the introduction rule \isa{even.step}.
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	213	This suggests proving the following equivalence. We give it the \isa{iff}
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	214	attribute because of its obvious value for simplification.
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	215	\begin{isabelle}
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	216	\isacommand{lemma}\ [iff]:\ "((Suc\ (Suc\ n))\ \isasymin \ even)\ =\ (n\
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	217	\isasymin \ even)"\isanewline
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	218	\isacommand{by}\ (blast\ dest:\ Suc_Suc_even_imp_even)
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	219	\end{isabelle}
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	220
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	221	The even numbers example has shown how inductive definitions can be used.
ca2b00c4bba7 renaming to avoid clashes paulson parents: diff changeset	222	Later examples will show that they are actually worth using.

author	paulson
	Fri, 12 Jan 2001 16:09:33 +0100
changeset 10879	ca2b00c4bba7
child 11129	6f6892bea902
permissions	-rw-r--r--