isabelle: doc-src/TutorialI/Inductive/document/AB.tex@d74fe18f01e9 (annotated)

10217 e61e7e1eacaf * empty log message * nipkow parents: diff changeset	1	%
e61e7e1eacaf * empty log message * nipkow parents: diff changeset	2	\begin{isabellebody}%
e61e7e1eacaf * empty log message * nipkow parents: diff changeset	3	\def\isabellecontext{AB}%
17056 05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	4	%
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	5	\isadelimtheory
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	6	%
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	7	\endisadelimtheory
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	8	%
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	9	\isatagtheory
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	10	%
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	11	\endisatagtheory
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	12	{\isafoldtheory}%
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	13	%
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	14	\isadelimtheory
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	15	%
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	16	\endisadelimtheory
10225 b9fd52525b69 * empty log message * nipkow parents: 10217 diff changeset	17	%
10878 b254d5ad6dd4 auto update paulson parents: 10696 diff changeset	18	\isamarkupsection{Case Study: A Context Free Grammar%
10395 7ef380745743 updated; wenzelm parents: 10299 diff changeset	19	}
11866 fbd097aec213 updated; wenzelm parents: 11708 diff changeset	20	\isamarkuptrue%
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	21	%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	22	\begin{isamarkuptext}%
10242 028f54cd2cc9 * empty log message * nipkow parents: 10237 diff changeset	23	\label{sec:CFG}
11494 23a118849801 revisions and indexing paulson parents: 11310 diff changeset	24	\index{grammars!defining inductively\|(}%
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	25	Grammars are nothing but shorthands for inductive definitions of nonterminals
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	26	which represent sets of strings. For example, the production
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	27	$A \to B c$ is short for
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	28	\[ w \in B \Longrightarrow wc \in A \]
10878 b254d5ad6dd4 auto update paulson parents: 10696 diff changeset	29	This section demonstrates this idea with an example
b254d5ad6dd4 auto update paulson parents: 10696 diff changeset	30	due to Hopcroft and Ullman, a grammar for generating all words with an
b254d5ad6dd4 auto update paulson parents: 10696 diff changeset	31	equal number of $a$'s and~$b$'s:
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	32	\begin{eqnarray}
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	33	S &\to& \epsilon \mid b A \mid a B \nonumber\\
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	34	A &\to& a S \mid b A A \nonumber\\
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	35	B &\to& b S \mid a B B \nonumber
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	36	\end{eqnarray}
10878 b254d5ad6dd4 auto update paulson parents: 10696 diff changeset	37	At the end we say a few words about the relationship between
b254d5ad6dd4 auto update paulson parents: 10696 diff changeset	38	the original proof \cite[p.\ts81]{HopcroftUllman} and our formal version.
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	39
10299 8627da9246da auto gen paulson parents: 10283 diff changeset	40	We start by fixing the alphabet, which consists only of \isa{a}'s
10878 b254d5ad6dd4 auto update paulson parents: 10696 diff changeset	41	and~\isa{b}'s:%
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	42	\end{isamarkuptext}%
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	43	\isamarkuptrue%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	44	\isacommand{datatype}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	45	\ alfa\ {\isacharequal}\ a\ {\isacharbar}\ b%
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	46	\begin{isamarkuptext}%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	47	\noindent
10299 8627da9246da auto gen paulson parents: 10283 diff changeset	48	For convenience we include the following easy lemmas as simplification rules:%
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	49	\end{isamarkuptext}%
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	50	\isamarkuptrue%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	51	\isacommand{lemma}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	52	\ {\isacharbrackleft}simp{\isacharbrackright}{\isacharcolon}\ {\isachardoublequoteopen}{\isacharparenleft}x\ {\isasymnoteq}\ a{\isacharparenright}\ {\isacharequal}\ {\isacharparenleft}x\ {\isacharequal}\ b{\isacharparenright}\ {\isasymand}\ {\isacharparenleft}x\ {\isasymnoteq}\ b{\isacharparenright}\ {\isacharequal}\ {\isacharparenleft}x\ {\isacharequal}\ a{\isacharparenright}{\isachardoublequoteclose}\isanewline
17056 05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	53	%
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	54	\isadelimproof
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	55	%
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	56	\endisadelimproof
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	57	%
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	58	\isatagproof
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	59	\isacommand{by}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	60	\ {\isacharparenleft}case{\isacharunderscore}tac\ x{\isacharcomma}\ auto{\isacharparenright}%
17056 05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	61	\endisatagproof
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	62	{\isafoldproof}%
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	63	%
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	64	\isadelimproof
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	65	%
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	66	\endisadelimproof
11866 fbd097aec213 updated; wenzelm parents: 11708 diff changeset	67	%
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	68	\begin{isamarkuptext}%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	69	\noindent
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	70	Words over this alphabet are of type \isa{alfa\ list}, and
23733 3f8ad7418e55 Adapted to new inductive definition package. berghofe parents: 23380 diff changeset	71	the three nonterminals are declared as sets of such words.
10878 b254d5ad6dd4 auto update paulson parents: 10696 diff changeset	72	The productions above are recast as a \emph{mutual} inductive
10242 028f54cd2cc9 * empty log message * nipkow parents: 10237 diff changeset	73	definition\index{inductive definition!simultaneous}
10878 b254d5ad6dd4 auto update paulson parents: 10696 diff changeset	74	of \isa{S}, \isa{A} and~\isa{B}:%
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	75	\end{isamarkuptext}%
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	76	\isamarkuptrue%
23733 3f8ad7418e55 Adapted to new inductive definition package. berghofe parents: 23380 diff changeset	77	\isacommand{inductive{\isacharunderscore}set}\isamarkupfalse%
3f8ad7418e55 Adapted to new inductive definition package. berghofe parents: 23380 diff changeset	78	\isanewline
25330 15bf0f47a87d added inductive nipkow parents: 23733 diff changeset	79	\ \ S\ {\isacharcolon}{\isacharcolon}\ {\isachardoublequoteopen}alfa\ list\ set{\isachardoublequoteclose}\ \isakeyword{and}\isanewline
15bf0f47a87d added inductive nipkow parents: 23733 diff changeset	80	\ \ A\ {\isacharcolon}{\isacharcolon}\ {\isachardoublequoteopen}alfa\ list\ set{\isachardoublequoteclose}\ \isakeyword{and}\isanewline
15bf0f47a87d added inductive nipkow parents: 23733 diff changeset	81	\ \ B\ {\isacharcolon}{\isacharcolon}\ {\isachardoublequoteopen}alfa\ list\ set{\isachardoublequoteclose}\isanewline
23733 3f8ad7418e55 Adapted to new inductive definition package. berghofe parents: 23380 diff changeset	82	\isakeyword{where}\isanewline
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	83	\ \ {\isachardoublequoteopen}{\isacharbrackleft}{\isacharbrackright}\ {\isasymin}\ S{\isachardoublequoteclose}\isanewline
23733 3f8ad7418e55 Adapted to new inductive definition package. berghofe parents: 23380 diff changeset	84	{\isacharbar}\ {\isachardoublequoteopen}w\ {\isasymin}\ A\ {\isasymLongrightarrow}\ b{\isacharhash}w\ {\isasymin}\ S{\isachardoublequoteclose}\isanewline
3f8ad7418e55 Adapted to new inductive definition package. berghofe parents: 23380 diff changeset	85	{\isacharbar}\ {\isachardoublequoteopen}w\ {\isasymin}\ B\ {\isasymLongrightarrow}\ a{\isacharhash}w\ {\isasymin}\ S{\isachardoublequoteclose}\isanewline
10217 e61e7e1eacaf * empty log message * nipkow parents: diff changeset	86	\isanewline
23733 3f8ad7418e55 Adapted to new inductive definition package. berghofe parents: 23380 diff changeset	87	{\isacharbar}\ {\isachardoublequoteopen}w\ {\isasymin}\ S\ \ \ \ \ \ \ \ {\isasymLongrightarrow}\ a{\isacharhash}w\ \ \ {\isasymin}\ A{\isachardoublequoteclose}\isanewline
3f8ad7418e55 Adapted to new inductive definition package. berghofe parents: 23380 diff changeset	88	{\isacharbar}\ {\isachardoublequoteopen}{\isasymlbrakk}\ v{\isasymin}A{\isacharsemicolon}\ w{\isasymin}A\ {\isasymrbrakk}\ {\isasymLongrightarrow}\ b{\isacharhash}v{\isacharat}w\ {\isasymin}\ A{\isachardoublequoteclose}\isanewline
10217 e61e7e1eacaf * empty log message * nipkow parents: diff changeset	89	\isanewline
23733 3f8ad7418e55 Adapted to new inductive definition package. berghofe parents: 23380 diff changeset	90	{\isacharbar}\ {\isachardoublequoteopen}w\ {\isasymin}\ S\ \ \ \ \ \ \ \ \ \ \ \ {\isasymLongrightarrow}\ b{\isacharhash}w\ \ \ {\isasymin}\ B{\isachardoublequoteclose}\isanewline
3f8ad7418e55 Adapted to new inductive definition package. berghofe parents: 23380 diff changeset	91	{\isacharbar}\ {\isachardoublequoteopen}{\isasymlbrakk}\ v\ {\isasymin}\ B{\isacharsemicolon}\ w\ {\isasymin}\ B\ {\isasymrbrakk}\ {\isasymLongrightarrow}\ a{\isacharhash}v{\isacharat}w\ {\isasymin}\ B{\isachardoublequoteclose}%
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	92	\begin{isamarkuptext}%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	93	\noindent
10878 b254d5ad6dd4 auto update paulson parents: 10696 diff changeset	94	First we show that all words in \isa{S} contain the same number of \isa{a}'s and \isa{b}'s. Since the definition of \isa{S} is by mutual
b254d5ad6dd4 auto update paulson parents: 10696 diff changeset	95	induction, so is the proof: we show at the same time that all words in
27167 a99747ccba87 typo nipkow parents: 25330 diff changeset	96	\isa{A} contain one more \isa{a} than \isa{b} and all words in \isa{B} contain one more \isa{b} than \isa{a}.%
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	97	\end{isamarkuptext}%
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	98	\isamarkuptrue%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	99	\isacommand{lemma}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	100	\ correctness{\isacharcolon}\isanewline
23380 15f7a6745cce fixed filter syntax nipkow parents: 19654 diff changeset	101	\ \ {\isachardoublequoteopen}{\isacharparenleft}w\ {\isasymin}\ S\ {\isasymlongrightarrow}\ size{\isacharbrackleft}x{\isasymleftarrow}w{\isachardot}\ x{\isacharequal}a{\isacharbrackright}\ {\isacharequal}\ size{\isacharbrackleft}x{\isasymleftarrow}w{\isachardot}\ x{\isacharequal}b{\isacharbrackright}{\isacharparenright}\ \ \ \ \ {\isasymand}\isanewline
15f7a6745cce fixed filter syntax nipkow parents: 19654 diff changeset	102	\ \ \ {\isacharparenleft}w\ {\isasymin}\ A\ {\isasymlongrightarrow}\ size{\isacharbrackleft}x{\isasymleftarrow}w{\isachardot}\ x{\isacharequal}a{\isacharbrackright}\ {\isacharequal}\ size{\isacharbrackleft}x{\isasymleftarrow}w{\isachardot}\ x{\isacharequal}b{\isacharbrackright}\ {\isacharplus}\ {\isadigit{1}}{\isacharparenright}\ {\isasymand}\isanewline
15f7a6745cce fixed filter syntax nipkow parents: 19654 diff changeset	103	\ \ \ {\isacharparenleft}w\ {\isasymin}\ B\ {\isasymlongrightarrow}\ size{\isacharbrackleft}x{\isasymleftarrow}w{\isachardot}\ x{\isacharequal}b{\isacharbrackright}\ {\isacharequal}\ size{\isacharbrackleft}x{\isasymleftarrow}w{\isachardot}\ x{\isacharequal}a{\isacharbrackright}\ {\isacharplus}\ {\isadigit{1}}{\isacharparenright}{\isachardoublequoteclose}%
17056 05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	104	\isadelimproof
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	105	%
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	106	\endisadelimproof
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	107	%
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	108	\isatagproof
16069 3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	109	%
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	110	\begin{isamarkuptxt}%
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	111	\noindent
23380 15f7a6745cce fixed filter syntax nipkow parents: 19654 diff changeset	112	These propositions are expressed with the help of the predefined \isa{filter} function on lists, which has the convenient syntax \isa{{\isacharbrackleft}x{\isasymleftarrow}xs{\isachardot}\ P\ x{\isacharbrackright}}, the list of all elements \isa{x} in \isa{xs} such that \isa{P\ x}
16069 3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	113	holds. Remember that on lists \isa{size} and \isa{length} are synonymous.
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	114
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	115	The proof itself is by rule induction and afterwards automatic:%
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	116	\end{isamarkuptxt}%
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	117	\isamarkuptrue%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	118	\isacommand{by}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	119	\ {\isacharparenleft}rule\ S{\isacharunderscore}A{\isacharunderscore}B{\isachardot}induct{\isacharcomma}\ auto{\isacharparenright}%
17056 05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	120	\endisatagproof
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	121	{\isafoldproof}%
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	122	%
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	123	\isadelimproof
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	124	%
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	125	\endisadelimproof
11866 fbd097aec213 updated; wenzelm parents: 11708 diff changeset	126	%
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	127	\begin{isamarkuptext}%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	128	\noindent
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	129	This may seem surprising at first, and is indeed an indication of the power
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	130	of inductive definitions. But it is also quite straightforward. For example,
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	131	consider the production $A \to b A A$: if $v,w \in A$ and the elements of $A$
10878 b254d5ad6dd4 auto update paulson parents: 10696 diff changeset	132	contain one more $a$ than~$b$'s, then $bvw$ must again contain one more $a$
b254d5ad6dd4 auto update paulson parents: 10696 diff changeset	133	than~$b$'s.
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	134
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	135	As usual, the correctness of syntactic descriptions is easy, but completeness
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	136	is hard: does \isa{S} contain \emph{all} words with an equal number of
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	137	\isa{a}'s and \isa{b}'s? It turns out that this proof requires the
10878 b254d5ad6dd4 auto update paulson parents: 10696 diff changeset	138	following lemma: every string with two more \isa{a}'s than \isa{b}'s can be cut somewhere such that each half has one more \isa{a} than
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	139	\isa{b}. This is best seen by imagining counting the difference between the
10283 ff003e2b790c * empty log message * nipkow parents: 10242 diff changeset	140	number of \isa{a}'s and \isa{b}'s starting at the left end of the
ff003e2b790c * empty log message * nipkow parents: 10242 diff changeset	141	word. We start with 0 and end (at the right end) with 2. Since each move to the
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	142	right increases or decreases the difference by 1, we must have passed through
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	143	1 on our way from 0 to 2. Formally, we appeal to the following discrete
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	144	intermediate value theorem \isa{nat{\isadigit{0}}{\isacharunderscore}intermed{\isacharunderscore}int{\isacharunderscore}val}
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	145	\begin{isabelle}%
19654 2c02a8054616 updated; wenzelm parents: 19288 diff changeset	146	\ \ \ \ \ {\isasymlbrakk}{\isasymforall}i{\isacharless}n{\isachardot}\ {\isasymbar}f\ {\isacharparenleft}i\ {\isacharplus}\ {\isadigit{1}}{\isacharparenright}\ {\isacharminus}\ f\ i{\isasymbar}\ {\isasymle}\ {\isadigit{1}}{\isacharsemicolon}\ f\ {\isadigit{0}}\ {\isasymle}\ k{\isacharsemicolon}\ k\ {\isasymle}\ f\ n{\isasymrbrakk}\isanewline
2c02a8054616 updated; wenzelm parents: 19288 diff changeset	147	\isaindent{\ \ \ \ \ }{\isasymLongrightarrow}\ {\isasymexists}i{\isasymle}n{\isachardot}\ f\ i\ {\isacharequal}\ k%
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	148	\end{isabelle}
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	149	where \isa{f} is of type \isa{nat\ {\isasymRightarrow}\ int}, \isa{int} are the integers,
11308 b28bbb153603 * empty log message * nipkow parents: 11257 diff changeset	150	\isa{{\isasymbar}{\isachardot}{\isasymbar}} is the absolute value function\footnote{See
b28bbb153603 * empty log message * nipkow parents: 11257 diff changeset	151	Table~\ref{tab:ascii} in the Appendix for the correct \textsc{ascii}
11708 d27253c4594f * empty log message * wenzelm parents: 11494 diff changeset	152	syntax.}, and \isa{{\isadigit{1}}} is the integer 1 (see \S\ref{sec:numbers}).
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	153
11147 d848c6693185 * empty log message * nipkow parents: 10950 diff changeset	154	First we show that our specific function, the difference between the
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	155	numbers of \isa{a}'s and \isa{b}'s, does indeed only change by 1 in every
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	156	move to the right. At this point we also start generalizing from \isa{a}'s
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	157	and \isa{b}'s to an arbitrary property \isa{P}. Otherwise we would have
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	158	to prove the desired lemma twice, once as stated above and once with the
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	159	roles of \isa{a}'s and \isa{b}'s interchanged.%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	160	\end{isamarkuptext}%
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	161	\isamarkuptrue%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	162	\isacommand{lemma}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	163	\ step{\isadigit{1}}{\isacharcolon}\ {\isachardoublequoteopen}{\isasymforall}i\ {\isacharless}\ size\ w{\isachardot}\isanewline
23380 15f7a6745cce fixed filter syntax nipkow parents: 19654 diff changeset	164	\ \ {\isasymbar}{\isacharparenleft}int{\isacharparenleft}size{\isacharbrackleft}x{\isasymleftarrow}take\ {\isacharparenleft}i{\isacharplus}{\isadigit{1}}{\isacharparenright}\ w{\isachardot}\ P\ x{\isacharbrackright}{\isacharparenright}{\isacharminus}int{\isacharparenleft}size{\isacharbrackleft}x{\isasymleftarrow}take\ {\isacharparenleft}i{\isacharplus}{\isadigit{1}}{\isacharparenright}\ w{\isachardot}\ {\isasymnot}P\ x{\isacharbrackright}{\isacharparenright}{\isacharparenright}\isanewline
15f7a6745cce fixed filter syntax nipkow parents: 19654 diff changeset	165	\ \ \ {\isacharminus}\ {\isacharparenleft}int{\isacharparenleft}size{\isacharbrackleft}x{\isasymleftarrow}take\ i\ w{\isachardot}\ P\ x{\isacharbrackright}{\isacharparenright}{\isacharminus}int{\isacharparenleft}size{\isacharbrackleft}x{\isasymleftarrow}take\ i\ w{\isachardot}\ {\isasymnot}P\ x{\isacharbrackright}{\isacharparenright}{\isacharparenright}{\isasymbar}\ {\isasymle}\ {\isadigit{1}}{\isachardoublequoteclose}%
17056 05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	166	\isadelimproof
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	167	%
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	168	\endisadelimproof
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	169	%
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	170	\isatagproof
16069 3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	171	%
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	172	\begin{isamarkuptxt}%
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	173	\noindent
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	174	The lemma is a bit hard to read because of the coercion function
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	175	\isa{int\ {\isacharcolon}{\isacharcolon}\ nat\ {\isasymRightarrow}\ int}. It is required because \isa{size} returns
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	176	a natural number, but subtraction on type~\isa{nat} will do the wrong thing.
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	177	Function \isa{take} is predefined and \isa{take\ i\ xs} is the prefix of
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	178	length \isa{i} of \isa{xs}; below we also need \isa{drop\ i\ xs}, which
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	179	is what remains after that prefix has been dropped from \isa{xs}.
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	180
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	181	The proof is by induction on \isa{w}, with a trivial base case, and a not
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	182	so trivial induction step. Since it is essentially just arithmetic, we do not
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	183	discuss it.%
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	184	\end{isamarkuptxt}%
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	185	\isamarkuptrue%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	186	\isacommand{apply}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	187	{\isacharparenleft}induct{\isacharunderscore}tac\ w{\isacharparenright}\isanewline
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	188	\isacommand{apply}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	189	{\isacharparenleft}auto\ simp\ add{\isacharcolon}\ abs{\isacharunderscore}if\ take{\isacharunderscore}Cons\ split{\isacharcolon}\ nat{\isachardot}split{\isacharparenright}\isanewline
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	190	\isacommand{done}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	191	%
17056 05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	192	\endisatagproof
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	193	{\isafoldproof}%
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	194	%
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	195	\isadelimproof
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	196	%
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	197	\endisadelimproof
11866 fbd097aec213 updated; wenzelm parents: 11708 diff changeset	198	%
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	199	\begin{isamarkuptext}%
11494 23a118849801 revisions and indexing paulson parents: 11310 diff changeset	200	Finally we come to the above-mentioned lemma about cutting in half a word with two more elements of one sort than of the other sort:%
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	201	\end{isamarkuptext}%
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	202	\isamarkuptrue%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	203	\isacommand{lemma}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	204	\ part{\isadigit{1}}{\isacharcolon}\isanewline
23380 15f7a6745cce fixed filter syntax nipkow parents: 19654 diff changeset	205	\ {\isachardoublequoteopen}size{\isacharbrackleft}x{\isasymleftarrow}w{\isachardot}\ P\ x{\isacharbrackright}\ {\isacharequal}\ size{\isacharbrackleft}x{\isasymleftarrow}w{\isachardot}\ {\isasymnot}P\ x{\isacharbrackright}{\isacharplus}{\isadigit{2}}\ {\isasymLongrightarrow}\isanewline
15f7a6745cce fixed filter syntax nipkow parents: 19654 diff changeset	206	\ \ {\isasymexists}i{\isasymle}size\ w{\isachardot}\ size{\isacharbrackleft}x{\isasymleftarrow}take\ i\ w{\isachardot}\ P\ x{\isacharbrackright}\ {\isacharequal}\ size{\isacharbrackleft}x{\isasymleftarrow}take\ i\ w{\isachardot}\ {\isasymnot}P\ x{\isacharbrackright}{\isacharplus}{\isadigit{1}}{\isachardoublequoteclose}%
17056 05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	207	\isadelimproof
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	208	%
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	209	\endisadelimproof
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	210	%
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	211	\isatagproof
16069 3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	212	%
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	213	\begin{isamarkuptxt}%
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	214	\noindent
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	215	This is proved by \isa{force} with the help of the intermediate value theorem,
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	216	instantiated appropriately and with its first premise disposed of by lemma
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	217	\isa{step{\isadigit{1}}}:%
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	218	\end{isamarkuptxt}%
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	219	\isamarkuptrue%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	220	\isacommand{apply}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	221	{\isacharparenleft}insert\ nat{\isadigit{0}}{\isacharunderscore}intermed{\isacharunderscore}int{\isacharunderscore}val{\isacharbrackleft}OF\ step{\isadigit{1}}{\isacharcomma}\ of\ {\isachardoublequoteopen}P{\isachardoublequoteclose}\ {\isachardoublequoteopen}w{\isachardoublequoteclose}\ {\isachardoublequoteopen}{\isadigit{1}}{\isachardoublequoteclose}{\isacharbrackright}{\isacharparenright}\isanewline
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	222	\isacommand{by}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	223	\ force%
17056 05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	224	\endisatagproof
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	225	{\isafoldproof}%
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	226	%
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	227	\isadelimproof
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	228	%
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	229	\endisadelimproof
11866 fbd097aec213 updated; wenzelm parents: 11708 diff changeset	230	%
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	231	\begin{isamarkuptext}%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	232	\noindent
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	233
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	234	Lemma \isa{part{\isadigit{1}}} tells us only about the prefix \isa{take\ i\ w}.
10878 b254d5ad6dd4 auto update paulson parents: 10696 diff changeset	235	An easy lemma deals with the suffix \isa{drop\ i\ w}:%
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	236	\end{isamarkuptext}%
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	237	\isamarkuptrue%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	238	\isacommand{lemma}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	239	\ part{\isadigit{2}}{\isacharcolon}\isanewline
23380 15f7a6745cce fixed filter syntax nipkow parents: 19654 diff changeset	240	\ \ {\isachardoublequoteopen}{\isasymlbrakk}size{\isacharbrackleft}x{\isasymleftarrow}take\ i\ w\ {\isacharat}\ drop\ i\ w{\isachardot}\ P\ x{\isacharbrackright}\ {\isacharequal}\isanewline
15f7a6745cce fixed filter syntax nipkow parents: 19654 diff changeset	241	\ \ \ \ size{\isacharbrackleft}x{\isasymleftarrow}take\ i\ w\ {\isacharat}\ drop\ i\ w{\isachardot}\ {\isasymnot}P\ x{\isacharbrackright}{\isacharplus}{\isadigit{2}}{\isacharsemicolon}\isanewline
15f7a6745cce fixed filter syntax nipkow parents: 19654 diff changeset	242	\ \ \ \ size{\isacharbrackleft}x{\isasymleftarrow}take\ i\ w{\isachardot}\ P\ x{\isacharbrackright}\ {\isacharequal}\ size{\isacharbrackleft}x{\isasymleftarrow}take\ i\ w{\isachardot}\ {\isasymnot}P\ x{\isacharbrackright}{\isacharplus}{\isadigit{1}}{\isasymrbrakk}\isanewline
15f7a6745cce fixed filter syntax nipkow parents: 19654 diff changeset	243	\ \ \ {\isasymLongrightarrow}\ size{\isacharbrackleft}x{\isasymleftarrow}drop\ i\ w{\isachardot}\ P\ x{\isacharbrackright}\ {\isacharequal}\ size{\isacharbrackleft}x{\isasymleftarrow}drop\ i\ w{\isachardot}\ {\isasymnot}P\ x{\isacharbrackright}{\isacharplus}{\isadigit{1}}{\isachardoublequoteclose}\isanewline
17056 05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	244	%
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	245	\isadelimproof
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	246	%
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	247	\endisadelimproof
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	248	%
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	249	\isatagproof
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	250	\isacommand{by}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	251	{\isacharparenleft}simp\ del{\isacharcolon}\ append{\isacharunderscore}take{\isacharunderscore}drop{\isacharunderscore}id{\isacharparenright}%
17056 05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	252	\endisatagproof
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	253	{\isafoldproof}%
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	254	%
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	255	\isadelimproof
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	256	%
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	257	\endisadelimproof
11866 fbd097aec213 updated; wenzelm parents: 11708 diff changeset	258	%
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	259	\begin{isamarkuptext}%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	260	\noindent
11257 622331bbdb7f * empty log message * nipkow parents: 11158 diff changeset	261	In the proof we have disabled the normally useful lemma
10878 b254d5ad6dd4 auto update paulson parents: 10696 diff changeset	262	\begin{isabelle}
b254d5ad6dd4 auto update paulson parents: 10696 diff changeset	263	\isa{take\ n\ xs\ {\isacharat}\ drop\ n\ xs\ {\isacharequal}\ xs}
b254d5ad6dd4 auto update paulson parents: 10696 diff changeset	264	\rulename{append_take_drop_id}
b254d5ad6dd4 auto update paulson parents: 10696 diff changeset	265	\end{isabelle}
11257 622331bbdb7f * empty log message * nipkow parents: 11158 diff changeset	266	to allow the simplifier to apply the following lemma instead:
622331bbdb7f * empty log message * nipkow parents: 11158 diff changeset	267	\begin{isabelle}%
622331bbdb7f * empty log message * nipkow parents: 11158 diff changeset	268	\ \ \ \ \ {\isacharbrackleft}x{\isasymin}xs{\isacharat}ys{\isachardot}\ P\ x{\isacharbrackright}\ {\isacharequal}\ {\isacharbrackleft}x{\isasymin}xs{\isachardot}\ P\ x{\isacharbrackright}\ {\isacharat}\ {\isacharbrackleft}x{\isasymin}ys{\isachardot}\ P\ x{\isacharbrackright}%
622331bbdb7f * empty log message * nipkow parents: 11158 diff changeset	269	\end{isabelle}
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	270
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	271	To dispose of trivial cases automatically, the rules of the inductive
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	272	definition are declared simplification rules:%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	273	\end{isamarkuptext}%
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	274	\isamarkuptrue%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	275	\isacommand{declare}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	276	\ S{\isacharunderscore}A{\isacharunderscore}B{\isachardot}intros{\isacharbrackleft}simp{\isacharbrackright}%
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	277	\begin{isamarkuptext}%
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	278	\noindent
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	279	This could have been done earlier but was not necessary so far.
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	280
7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	281	The completeness theorem tells us that if a word has the same number of
10878 b254d5ad6dd4 auto update paulson parents: 10696 diff changeset	282	\isa{a}'s and \isa{b}'s, then it is in \isa{S}, and similarly
b254d5ad6dd4 auto update paulson parents: 10696 diff changeset	283	for \isa{A} and \isa{B}:%
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	284	\end{isamarkuptext}%
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	285	\isamarkuptrue%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	286	\isacommand{theorem}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	287	\ completeness{\isacharcolon}\isanewline
23380 15f7a6745cce fixed filter syntax nipkow parents: 19654 diff changeset	288	\ \ {\isachardoublequoteopen}{\isacharparenleft}size{\isacharbrackleft}x{\isasymleftarrow}w{\isachardot}\ x{\isacharequal}a{\isacharbrackright}\ {\isacharequal}\ size{\isacharbrackleft}x{\isasymleftarrow}w{\isachardot}\ x{\isacharequal}b{\isacharbrackright}\ \ \ \ \ {\isasymlongrightarrow}\ w\ {\isasymin}\ S{\isacharparenright}\ {\isasymand}\isanewline
15f7a6745cce fixed filter syntax nipkow parents: 19654 diff changeset	289	\ \ \ {\isacharparenleft}size{\isacharbrackleft}x{\isasymleftarrow}w{\isachardot}\ x{\isacharequal}a{\isacharbrackright}\ {\isacharequal}\ size{\isacharbrackleft}x{\isasymleftarrow}w{\isachardot}\ x{\isacharequal}b{\isacharbrackright}\ {\isacharplus}\ {\isadigit{1}}\ {\isasymlongrightarrow}\ w\ {\isasymin}\ A{\isacharparenright}\ {\isasymand}\isanewline
15f7a6745cce fixed filter syntax nipkow parents: 19654 diff changeset	290	\ \ \ {\isacharparenleft}size{\isacharbrackleft}x{\isasymleftarrow}w{\isachardot}\ x{\isacharequal}b{\isacharbrackright}\ {\isacharequal}\ size{\isacharbrackleft}x{\isasymleftarrow}w{\isachardot}\ x{\isacharequal}a{\isacharbrackright}\ {\isacharplus}\ {\isadigit{1}}\ {\isasymlongrightarrow}\ w\ {\isasymin}\ B{\isacharparenright}{\isachardoublequoteclose}%
17056 05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	291	\isadelimproof
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	292	%
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	293	\endisadelimproof
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	294	%
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	295	\isatagproof
16069 3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	296	%
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	297	\begin{isamarkuptxt}%
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	298	\noindent
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	299	The proof is by induction on \isa{w}. Structural induction would fail here
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	300	because, as we can see from the grammar, we need to make bigger steps than
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	301	merely appending a single letter at the front. Hence we induct on the length
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	302	of \isa{w}, using the induction rule \isa{length{\isacharunderscore}induct}:%
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	303	\end{isamarkuptxt}%
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	304	\isamarkuptrue%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	305	\isacommand{apply}\isamarkupfalse%
27167 a99747ccba87 typo nipkow parents: 25330 diff changeset	306	{\isacharparenleft}induct{\isacharunderscore}tac\ w\ rule{\isacharcolon}\ length{\isacharunderscore}induct{\isacharparenright}\isanewline
a99747ccba87 typo nipkow parents: 25330 diff changeset	307	\isacommand{apply}\isamarkupfalse%
a99747ccba87 typo nipkow parents: 25330 diff changeset	308	{\isacharparenleft}rename{\isacharunderscore}tac\ w{\isacharparenright}%
16069 3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	309	\begin{isamarkuptxt}%
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	310	\noindent
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	311	The \isa{rule} parameter tells \isa{induct{\isacharunderscore}tac} explicitly which induction
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	312	rule to use. For details see \S\ref{sec:complete-ind} below.
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	313	In this case the result is that we may assume the lemma already
27167 a99747ccba87 typo nipkow parents: 25330 diff changeset	314	holds for all words shorter than \isa{w}. Because the induction step renames
a99747ccba87 typo nipkow parents: 25330 diff changeset	315	the induction variable we rename it back to \isa{w}.
16069 3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	316
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	317	The proof continues with a case distinction on \isa{w},
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	318	on whether \isa{w} is empty or not.%
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	319	\end{isamarkuptxt}%
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	320	\isamarkuptrue%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	321	\isacommand{apply}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	322	{\isacharparenleft}case{\isacharunderscore}tac\ w{\isacharparenright}\isanewline
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	323	\ \isacommand{apply}\isamarkupfalse%
17181 5f42dd5e6570 updated; wenzelm parents: 17175 diff changeset	324	{\isacharparenleft}simp{\isacharunderscore}all{\isacharparenright}%
16069 3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	325	\begin{isamarkuptxt}%
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	326	\noindent
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	327	Simplification disposes of the base case and leaves only a conjunction
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	328	of two step cases to be proved:
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	329	if \isa{w\ {\isacharequal}\ a\ {\isacharhash}\ v} and \begin{isabelle}%
23380 15f7a6745cce fixed filter syntax nipkow parents: 19654 diff changeset	330	\ \ \ \ \ length\ {\isacharparenleft}if\ x\ {\isacharequal}\ a\ then\ {\isacharbrackleft}x\ {\isasymin}\ v{\isacharbrackright}\ else\ {\isacharbrackleft}{\isacharbrackright}{\isacharparenright}\ {\isacharequal}\isanewline
15f7a6745cce fixed filter syntax nipkow parents: 19654 diff changeset	331	\isaindent{\ \ \ \ \ }length\ {\isacharparenleft}if\ x\ {\isacharequal}\ b\ then\ {\isacharbrackleft}x\ {\isasymin}\ v{\isacharbrackright}\ else\ {\isacharbrackleft}{\isacharbrackright}{\isacharparenright}\ {\isacharplus}\ {\isadigit{2}}%
16069 3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	332	\end{isabelle} then
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	333	\isa{b\ {\isacharhash}\ v\ {\isasymin}\ A}, and similarly for \isa{w\ {\isacharequal}\ b\ {\isacharhash}\ v}.
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	334	We only consider the first case in detail.
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	335
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	336	After breaking the conjunction up into two cases, we can apply
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	337	\isa{part{\isadigit{1}}} to the assumption that \isa{w} contains two more \isa{a}'s than \isa{b}'s.%
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	338	\end{isamarkuptxt}%
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	339	\isamarkuptrue%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	340	\isacommand{apply}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	341	{\isacharparenleft}rule\ conjI{\isacharparenright}\isanewline
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	342	\ \isacommand{apply}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	343	{\isacharparenleft}clarify{\isacharparenright}\isanewline
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	344	\ \isacommand{apply}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	345	{\isacharparenleft}frule\ part{\isadigit{1}}{\isacharbrackleft}of\ {\isachardoublequoteopen}{\isasymlambda}x{\isachardot}\ x{\isacharequal}a{\isachardoublequoteclose}{\isacharcomma}\ simplified{\isacharbrackright}{\isacharparenright}\isanewline
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	346	\ \isacommand{apply}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	347	{\isacharparenleft}clarify{\isacharparenright}%
16069 3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	348	\begin{isamarkuptxt}%
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	349	\noindent
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	350	This yields an index \isa{i\ {\isasymle}\ length\ v} such that
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	351	\begin{isabelle}%
23380 15f7a6745cce fixed filter syntax nipkow parents: 19654 diff changeset	352	\ \ \ \ \ length\ {\isacharbrackleft}x{\isasymleftarrow}take\ i\ v\ {\isachardot}\ x\ {\isacharequal}\ a{\isacharbrackright}\ {\isacharequal}\ length\ {\isacharbrackleft}x{\isasymleftarrow}take\ i\ v\ {\isachardot}\ x\ {\isacharequal}\ b{\isacharbrackright}\ {\isacharplus}\ {\isadigit{1}}%
16069 3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	353	\end{isabelle}
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	354	With the help of \isa{part{\isadigit{2}}} it follows that
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	355	\begin{isabelle}%
23380 15f7a6745cce fixed filter syntax nipkow parents: 19654 diff changeset	356	\ \ \ \ \ length\ {\isacharbrackleft}x{\isasymleftarrow}drop\ i\ v\ {\isachardot}\ x\ {\isacharequal}\ a{\isacharbrackright}\ {\isacharequal}\ length\ {\isacharbrackleft}x{\isasymleftarrow}drop\ i\ v\ {\isachardot}\ x\ {\isacharequal}\ b{\isacharbrackright}\ {\isacharplus}\ {\isadigit{1}}%
16069 3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	357	\end{isabelle}%
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	358	\end{isamarkuptxt}%
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	359	\isamarkuptrue%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	360	\ \isacommand{apply}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	361	{\isacharparenleft}drule\ part{\isadigit{2}}{\isacharbrackleft}of\ {\isachardoublequoteopen}{\isasymlambda}x{\isachardot}\ x{\isacharequal}a{\isachardoublequoteclose}{\isacharcomma}\ simplified{\isacharbrackright}{\isacharparenright}\isanewline
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	362	\ \ \isacommand{apply}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	363	{\isacharparenleft}assumption{\isacharparenright}%
16069 3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	364	\begin{isamarkuptxt}%
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	365	\noindent
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	366	Now it is time to decompose \isa{v} in the conclusion \isa{b\ {\isacharhash}\ v\ {\isasymin}\ A}
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	367	into \isa{take\ i\ v\ {\isacharat}\ drop\ i\ v},%
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	368	\end{isamarkuptxt}%
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	369	\isamarkuptrue%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	370	\ \isacommand{apply}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	371	{\isacharparenleft}rule{\isacharunderscore}tac\ n{\isadigit{1}}{\isacharequal}i\ \isakeyword{and}\ t{\isacharequal}v\ \isakeyword{in}\ subst{\isacharbrackleft}OF\ append{\isacharunderscore}take{\isacharunderscore}drop{\isacharunderscore}id{\isacharbrackright}{\isacharparenright}%
16069 3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	372	\begin{isamarkuptxt}%
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	373	\noindent
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	374	(the variables \isa{n{\isadigit{1}}} and \isa{t} are the result of composing the
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	375	theorems \isa{subst} and \isa{append{\isacharunderscore}take{\isacharunderscore}drop{\isacharunderscore}id})
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	376	after which the appropriate rule of the grammar reduces the goal
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	377	to the two subgoals \isa{take\ i\ v\ {\isasymin}\ A} and \isa{drop\ i\ v\ {\isasymin}\ A}:%
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	378	\end{isamarkuptxt}%
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	379	\isamarkuptrue%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	380	\ \isacommand{apply}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	381	{\isacharparenleft}rule\ S{\isacharunderscore}A{\isacharunderscore}B{\isachardot}intros{\isacharparenright}%
16069 3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	382	\begin{isamarkuptxt}%
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	383	Both subgoals follow from the induction hypothesis because both \isa{take\ i\ v} and \isa{drop\ i\ v} are shorter than \isa{w}:%
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	384	\end{isamarkuptxt}%
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	385	\isamarkuptrue%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	386	\ \ \isacommand{apply}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	387	{\isacharparenleft}force\ simp\ add{\isacharcolon}\ min{\isacharunderscore}less{\isacharunderscore}iff{\isacharunderscore}disj{\isacharparenright}\isanewline
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	388	\ \isacommand{apply}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	389	{\isacharparenleft}force\ split\ add{\isacharcolon}\ nat{\isacharunderscore}diff{\isacharunderscore}split{\isacharparenright}%
16069 3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	390	\begin{isamarkuptxt}%
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	391	The case \isa{w\ {\isacharequal}\ b\ {\isacharhash}\ v} is proved analogously:%
3f2a9f400168 * empty log message * nipkow parents: 15481 diff changeset	392	\end{isamarkuptxt}%
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	393	\isamarkuptrue%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	394	\isacommand{apply}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	395	{\isacharparenleft}clarify{\isacharparenright}\isanewline
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	396	\isacommand{apply}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	397	{\isacharparenleft}frule\ part{\isadigit{1}}{\isacharbrackleft}of\ {\isachardoublequoteopen}{\isasymlambda}x{\isachardot}\ x{\isacharequal}b{\isachardoublequoteclose}{\isacharcomma}\ simplified{\isacharbrackright}{\isacharparenright}\isanewline
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	398	\isacommand{apply}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	399	{\isacharparenleft}clarify{\isacharparenright}\isanewline
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	400	\isacommand{apply}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	401	{\isacharparenleft}drule\ part{\isadigit{2}}{\isacharbrackleft}of\ {\isachardoublequoteopen}{\isasymlambda}x{\isachardot}\ x{\isacharequal}b{\isachardoublequoteclose}{\isacharcomma}\ simplified{\isacharbrackright}{\isacharparenright}\isanewline
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	402	\ \isacommand{apply}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	403	{\isacharparenleft}assumption{\isacharparenright}\isanewline
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	404	\isacommand{apply}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	405	{\isacharparenleft}rule{\isacharunderscore}tac\ n{\isadigit{1}}{\isacharequal}i\ \isakeyword{and}\ t{\isacharequal}v\ \isakeyword{in}\ subst{\isacharbrackleft}OF\ append{\isacharunderscore}take{\isacharunderscore}drop{\isacharunderscore}id{\isacharbrackright}{\isacharparenright}\isanewline
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	406	\isacommand{apply}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	407	{\isacharparenleft}rule\ S{\isacharunderscore}A{\isacharunderscore}B{\isachardot}intros{\isacharparenright}\isanewline
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	408	\ \isacommand{apply}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	409	{\isacharparenleft}force\ simp\ add{\isacharcolon}\ min{\isacharunderscore}less{\isacharunderscore}iff{\isacharunderscore}disj{\isacharparenright}\isanewline
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	410	\isacommand{by}\isamarkupfalse%
1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	411	{\isacharparenleft}force\ simp\ add{\isacharcolon}\ min{\isacharunderscore}less{\isacharunderscore}iff{\isacharunderscore}disj\ split\ add{\isacharcolon}\ nat{\isacharunderscore}diff{\isacharunderscore}split{\isacharparenright}%
17056 05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	412	\endisatagproof
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	413	{\isafoldproof}%
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	414	%
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	415	\isadelimproof
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	416	%
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	417	\endisadelimproof
11866 fbd097aec213 updated; wenzelm parents: 11708 diff changeset	418	%
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	419	\begin{isamarkuptext}%
10878 b254d5ad6dd4 auto update paulson parents: 10696 diff changeset	420	We conclude this section with a comparison of our proof with
11494 23a118849801 revisions and indexing paulson parents: 11310 diff changeset	421	Hopcroft\index{Hopcroft, J. E.} and Ullman's\index{Ullman, J. D.}
23a118849801 revisions and indexing paulson parents: 11310 diff changeset	422	\cite[p.\ts81]{HopcroftUllman}.
23a118849801 revisions and indexing paulson parents: 11310 diff changeset	423	For a start, the textbook
11257 622331bbdb7f * empty log message * nipkow parents: 11158 diff changeset	424	grammar, for no good reason, excludes the empty word, thus complicating
622331bbdb7f * empty log message * nipkow parents: 11158 diff changeset	425	matters just a little bit: they have 8 instead of our 7 productions.
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	426
11158 5652018b809a * empty log message * nipkow parents: 11147 diff changeset	427	More importantly, the proof itself is different: rather than
5652018b809a * empty log message * nipkow parents: 11147 diff changeset	428	separating the two directions, they perform one induction on the
5652018b809a * empty log message * nipkow parents: 11147 diff changeset	429	length of a word. This deprives them of the beauty of rule induction,
5652018b809a * empty log message * nipkow parents: 11147 diff changeset	430	and in the easy direction (correctness) their reasoning is more
5652018b809a * empty log message * nipkow parents: 11147 diff changeset	431	detailed than our \isa{auto}. For the hard part (completeness), they
5652018b809a * empty log message * nipkow parents: 11147 diff changeset	432	consider just one of the cases that our \isa{simp{\isacharunderscore}all} disposes of
5652018b809a * empty log message * nipkow parents: 11147 diff changeset	433	automatically. Then they conclude the proof by saying about the
5652018b809a * empty log message * nipkow parents: 11147 diff changeset	434	remaining cases: ``We do this in a manner similar to our method of
5652018b809a * empty log message * nipkow parents: 11147 diff changeset	435	proof for part (1); this part is left to the reader''. But this is
5652018b809a * empty log message * nipkow parents: 11147 diff changeset	436	precisely the part that requires the intermediate value theorem and
5652018b809a * empty log message * nipkow parents: 11147 diff changeset	437	thus is not at all similar to the other cases (which are automatic in
5652018b809a * empty log message * nipkow parents: 11147 diff changeset	438	Isabelle). The authors are at least cavalier about this point and may
5652018b809a * empty log message * nipkow parents: 11147 diff changeset	439	even have overlooked the slight difficulty lurking in the omitted
11494 23a118849801 revisions and indexing paulson parents: 11310 diff changeset	440	cases. Such errors are found in many pen-and-paper proofs when they
23a118849801 revisions and indexing paulson parents: 11310 diff changeset	441	are scrutinized formally.%
23a118849801 revisions and indexing paulson parents: 11310 diff changeset	442	\index{grammars!defining inductively\|)}%
10236 7626cb4e1407 * empty log message * nipkow parents: 10225 diff changeset	443	\end{isamarkuptext}%
17175 1eced27ee0e1 updated; wenzelm parents: 17056 diff changeset	444	\isamarkuptrue%
17056 05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	445	%
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	446	\isadelimtheory
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	447	%
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	448	\endisadelimtheory
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	449	%
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	450	\isatagtheory
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	451	%
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	452	\endisatagtheory
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	453	{\isafoldtheory}%
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	454	%
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	455	\isadelimtheory
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	456	%
05fc32a23b8b updated; wenzelm parents: 16585 diff changeset	457	\endisadelimtheory
10217 e61e7e1eacaf * empty log message * nipkow parents: diff changeset	458	\end{isabellebody}%
e61e7e1eacaf * empty log message * nipkow parents: diff changeset	459	%%% Local Variables:
e61e7e1eacaf * empty log message * nipkow parents: diff changeset	460	%%% mode: latex
e61e7e1eacaf * empty log message * nipkow parents: diff changeset	461	%%% TeX-master: "root"
e61e7e1eacaf * empty log message * nipkow parents: diff changeset	462	%%% End:

author	nipkow
	Thu, 11 Feb 2010 08:44:19 +0100
changeset 35103	d74fe18f01e9
parent 27167	a99747ccba87
child 40406	313a24b66a8d
permissions	-rw-r--r--