isabelle: doc-src/TutorialI/Types/Pairs.thy@f4da791d4850 (annotated)

10560 f4da791d4850 * empty log message * nipkow parents: diff changeset	1	(<)theory Pairs = Main:(>)
f4da791d4850 * empty log message * nipkow parents: diff changeset	2
f4da791d4850 * empty log message * nipkow parents: diff changeset	3	section{Pairs}
f4da791d4850 * empty log message * nipkow parents: diff changeset	4
f4da791d4850 * empty log message * nipkow parents: diff changeset	5	text{*\label{sec:products}
f4da791d4850 * empty log message * nipkow parents: diff changeset	6	Pairs were already introduced in \S\ref{sec:pairs}, but only with a minimal
f4da791d4850 * empty log message * nipkow parents: diff changeset	7	repertoire of operations: pairing and the two projections @{term fst} and
f4da791d4850 * empty log message * nipkow parents: diff changeset	8	@{term snd}. In any nontrivial application of pairs you will find that this
f4da791d4850 * empty log message * nipkow parents: diff changeset	9	quickly leads to unreadable formulae involvings nests of projections. This
f4da791d4850 * empty log message * nipkow parents: diff changeset	10	section is concerned with introducing some syntactic sugar to overcome this
f4da791d4850 * empty log message * nipkow parents: diff changeset	11	problem: pattern matching with tuples.
f4da791d4850 * empty log message * nipkow parents: diff changeset	12	*}
f4da791d4850 * empty log message * nipkow parents: diff changeset	13
f4da791d4850 * empty log message * nipkow parents: diff changeset	14	subsection{Notation}
f4da791d4850 * empty log message * nipkow parents: diff changeset	15
f4da791d4850 * empty log message * nipkow parents: diff changeset	16	text{*
f4da791d4850 * empty log message * nipkow parents: diff changeset	17	It is possible to use (nested) tuples as patterns in $\lambda$-abstractions,
f4da791d4850 * empty log message * nipkow parents: diff changeset	18	for example @{text"\<lambda>(x,y,z).x+y+z"} and @{text"\<lambda>((x,y),z).x+y+z"}. In fact,
f4da791d4850 * empty log message * nipkow parents: diff changeset	19	tuple patterns can be used in most variable binding constructs. Here are
f4da791d4850 * empty log message * nipkow parents: diff changeset	20	some typical examples:
f4da791d4850 * empty log message * nipkow parents: diff changeset	21	\begin{quote}
f4da791d4850 * empty log message * nipkow parents: diff changeset	22	@{term"let (x,y) = f z in (y,x)"}\\
f4da791d4850 * empty log message * nipkow parents: diff changeset	23	@{term"case xs of [] => 0 \| (x,y)#zs => x+y"}\\
f4da791d4850 * empty log message * nipkow parents: diff changeset	24	@{text"\<forall>(x,y)\<in>A. x=y"}\\
f4da791d4850 * empty log message * nipkow parents: diff changeset	25	@{text"{(x,y). x=y}"}\\
f4da791d4850 * empty log message * nipkow parents: diff changeset	26	@{term"\<Union>(x,y)\<in>A. {x+y}"}
f4da791d4850 * empty log message * nipkow parents: diff changeset	27	\end{quote}
f4da791d4850 * empty log message * nipkow parents: diff changeset	28	*}
f4da791d4850 * empty log message * nipkow parents: diff changeset	29
f4da791d4850 * empty log message * nipkow parents: diff changeset	30	text{*
f4da791d4850 * empty log message * nipkow parents: diff changeset	31	The intuitive meaning of this notations should be pretty obvious.
f4da791d4850 * empty log message * nipkow parents: diff changeset	32	Unfortunately, we need to know in more detail what the notation really stands
f4da791d4850 * empty log message * nipkow parents: diff changeset	33	for once we have to reason about it. The fact of the matter is that abstraction
f4da791d4850 * empty log message * nipkow parents: diff changeset	34	over pairs and tuples is merely a convenient shorthand for a more complex
f4da791d4850 * empty log message * nipkow parents: diff changeset	35	internal representation. Thus the internal and external form of a term may
f4da791d4850 * empty log message * nipkow parents: diff changeset	36	differ, which can affect proofs. If you want to avoid this complication,
f4da791d4850 * empty log message * nipkow parents: diff changeset	37	stick to @{term fst} and @{term snd} and write @{term"%p. fst p + snd p"}
f4da791d4850 * empty log message * nipkow parents: diff changeset	38	instead of @{text"\<lambda>(x,y). x+y"} (which denote the same function but are quite
f4da791d4850 * empty log message * nipkow parents: diff changeset	39	different terms).
f4da791d4850 * empty log message * nipkow parents: diff changeset	40
f4da791d4850 * empty log message * nipkow parents: diff changeset	41	Internally, @{term"%(x,y). t"} becomes @{text"split (\<lambda>x y. t)"}, where
f4da791d4850 * empty log message * nipkow parents: diff changeset	42	@{term split} is the uncurrying function of type @{text"('a \<Rightarrow> 'b
f4da791d4850 * empty log message * nipkow parents: diff changeset	43	\<Rightarrow> 'c) \<Rightarrow> 'a \<times> 'b \<Rightarrow> 'c"} defined as
f4da791d4850 * empty log message * nipkow parents: diff changeset	44	\begin{center}
f4da791d4850 * empty log message * nipkow parents: diff changeset	45	@{thm split_def}
f4da791d4850 * empty log message * nipkow parents: diff changeset	46	\hfill(@{thm[source]split_def})
f4da791d4850 * empty log message * nipkow parents: diff changeset	47	\end{center}
f4da791d4850 * empty log message * nipkow parents: diff changeset	48	Pattern matching in
f4da791d4850 * empty log message * nipkow parents: diff changeset	49	other variable binding constructs is translated similarly. Thus we need to
f4da791d4850 * empty log message * nipkow parents: diff changeset	50	understand how to reason about such constructs.
f4da791d4850 * empty log message * nipkow parents: diff changeset	51	*}
f4da791d4850 * empty log message * nipkow parents: diff changeset	52
f4da791d4850 * empty log message * nipkow parents: diff changeset	53	subsection{Theorem proving}
f4da791d4850 * empty log message * nipkow parents: diff changeset	54
f4da791d4850 * empty log message * nipkow parents: diff changeset	55	text{*
f4da791d4850 * empty log message * nipkow parents: diff changeset	56	The most obvious approach is the brute force expansion of @{term split}:
f4da791d4850 * empty log message * nipkow parents: diff changeset	57	*}
f4da791d4850 * empty log message * nipkow parents: diff changeset	58
f4da791d4850 * empty log message * nipkow parents: diff changeset	59	lemma "(\<lambda>(x,y).x) p = fst p"
f4da791d4850 * empty log message * nipkow parents: diff changeset	60	by(simp add:split_def)
f4da791d4850 * empty log message * nipkow parents: diff changeset	61
f4da791d4850 * empty log message * nipkow parents: diff changeset	62	text{* This works well if rewriting with @{thm[source]split_def} finishes the
f4da791d4850 * empty log message * nipkow parents: diff changeset	63	proof, as in the above lemma. But if it doesn't, you end up with exactly what
f4da791d4850 * empty log message * nipkow parents: diff changeset	64	we are trying to avoid: nests of @{term fst} and @{term snd}. Thus this
f4da791d4850 * empty log message * nipkow parents: diff changeset	65	approach is neither elegant nor very practical in large examples, although it
f4da791d4850 * empty log message * nipkow parents: diff changeset	66	can be effective in small ones.
f4da791d4850 * empty log message * nipkow parents: diff changeset	67
f4da791d4850 * empty log message * nipkow parents: diff changeset	68	If we step back and ponder why the above lemma presented a problem in the
f4da791d4850 * empty log message * nipkow parents: diff changeset	69	first place, we quickly realize that what we would like is to replace @{term
f4da791d4850 * empty log message * nipkow parents: diff changeset	70	p} with some concrete pair @{term"(a,b)"}, in which case both sides of the
f4da791d4850 * empty log message * nipkow parents: diff changeset	71	equation would simplify to @{term a} because of the simplification rules
f4da791d4850 * empty log message * nipkow parents: diff changeset	72	@{thm Product_Type.split[no_vars]} and @{thm fst_conv[no_vars]}. This is the
f4da791d4850 * empty log message * nipkow parents: diff changeset	73	key problem one faces when reasoning about pattern matching with pairs: how to
f4da791d4850 * empty log message * nipkow parents: diff changeset	74	convert some atomic term into a pair.
f4da791d4850 * empty log message * nipkow parents: diff changeset	75
f4da791d4850 * empty log message * nipkow parents: diff changeset	76	In case of a subterm of the form @{term"split f p"} this is easy: the split
f4da791d4850 * empty log message * nipkow parents: diff changeset	77	rule @{thm[source]split_split} replaces @{term p} by a pair:
f4da791d4850 * empty log message * nipkow parents: diff changeset	78	*}
f4da791d4850 * empty log message * nipkow parents: diff changeset	79
f4da791d4850 * empty log message * nipkow parents: diff changeset	80	lemma "(\<lambda>(x,y).y) p = snd p"
f4da791d4850 * empty log message * nipkow parents: diff changeset	81	apply(simp only: split:split_split);
f4da791d4850 * empty log message * nipkow parents: diff changeset	82
f4da791d4850 * empty log message * nipkow parents: diff changeset	83	txt{*
f4da791d4850 * empty log message * nipkow parents: diff changeset	84	@{subgoals[display,indent=0]}
f4da791d4850 * empty log message * nipkow parents: diff changeset	85	This subgoal is easily proved by simplification. The @{text"only:"} above
f4da791d4850 * empty log message * nipkow parents: diff changeset	86	merely serves to show the effect of splitting and to avoid solving the goal
f4da791d4850 * empty log message * nipkow parents: diff changeset	87	outright.
f4da791d4850 * empty log message * nipkow parents: diff changeset	88
f4da791d4850 * empty log message * nipkow parents: diff changeset	89	Let us look at a second example:
f4da791d4850 * empty log message * nipkow parents: diff changeset	90	*}
f4da791d4850 * empty log message * nipkow parents: diff changeset	91
f4da791d4850 * empty log message * nipkow parents: diff changeset	92	(<)by simp(>)
f4da791d4850 * empty log message * nipkow parents: diff changeset	93	lemma "let (x,y) = p in fst p = x";
f4da791d4850 * empty log message * nipkow parents: diff changeset	94	apply(simp only:Let_def)
f4da791d4850 * empty log message * nipkow parents: diff changeset	95
f4da791d4850 * empty log message * nipkow parents: diff changeset	96	txt{*
f4da791d4850 * empty log message * nipkow parents: diff changeset	97	@{subgoals[display,indent=0]}
f4da791d4850 * empty log message * nipkow parents: diff changeset	98	A paired @{text let} reduces to a paired $\lambda$-abstraction, which
f4da791d4850 * empty log message * nipkow parents: diff changeset	99	can be split as above. The same is true for paired set comprehension:
f4da791d4850 * empty log message * nipkow parents: diff changeset	100	*}
f4da791d4850 * empty log message * nipkow parents: diff changeset	101
f4da791d4850 * empty log message * nipkow parents: diff changeset	102	(<)by(simp split:split_split)(>)
f4da791d4850 * empty log message * nipkow parents: diff changeset	103	lemma "p \<in> {(x,y). x=y} \<longrightarrow> fst p = snd p"
f4da791d4850 * empty log message * nipkow parents: diff changeset	104	apply simp
f4da791d4850 * empty log message * nipkow parents: diff changeset	105
f4da791d4850 * empty log message * nipkow parents: diff changeset	106	txt{*
f4da791d4850 * empty log message * nipkow parents: diff changeset	107	@{subgoals[display,indent=0]}
f4da791d4850 * empty log message * nipkow parents: diff changeset	108	Again, simplification produces a term suitable for @{thm[source]split_split}
f4da791d4850 * empty log message * nipkow parents: diff changeset	109	as above. If you are worried about the funny form of the premise:
f4da791d4850 * empty log message * nipkow parents: diff changeset	110	@{term"split (op =)"} is the same as @{text"\<lambda>(x,y). x=y"}.
f4da791d4850 * empty log message * nipkow parents: diff changeset	111	The same procedure works for
f4da791d4850 * empty log message * nipkow parents: diff changeset	112	*}
f4da791d4850 * empty log message * nipkow parents: diff changeset	113
f4da791d4850 * empty log message * nipkow parents: diff changeset	114	(<)by(simp split:split_split)(>)
f4da791d4850 * empty log message * nipkow parents: diff changeset	115	lemma "p \<in> {(x,y). x=y} \<Longrightarrow> fst p = snd p"
f4da791d4850 * empty log message * nipkow parents: diff changeset	116
f4da791d4850 * empty log message * nipkow parents: diff changeset	117	txt{*\noindent
f4da791d4850 * empty log message * nipkow parents: diff changeset	118	except that we now have to use @{thm[source]split_split_asm}, because
f4da791d4850 * empty log message * nipkow parents: diff changeset	119	@{term split} occurs in the assumptions.
f4da791d4850 * empty log message * nipkow parents: diff changeset	120
f4da791d4850 * empty log message * nipkow parents: diff changeset	121	However, splitting @{term split} is not always a solution, as no @{term split}
f4da791d4850 * empty log message * nipkow parents: diff changeset	122	may be present in the goal. Consider the following function:
f4da791d4850 * empty log message * nipkow parents: diff changeset	123	*}
f4da791d4850 * empty log message * nipkow parents: diff changeset	124
f4da791d4850 * empty log message * nipkow parents: diff changeset	125	(<)by(simp split:split_split_asm)(>)
f4da791d4850 * empty log message * nipkow parents: diff changeset	126	consts swap :: "'a \<times> 'b \<Rightarrow> 'b \<times> 'a"
f4da791d4850 * empty log message * nipkow parents: diff changeset	127	primrec
f4da791d4850 * empty log message * nipkow parents: diff changeset	128	"swap (x,y) = (y,x)"
f4da791d4850 * empty log message * nipkow parents: diff changeset	129
f4da791d4850 * empty log message * nipkow parents: diff changeset	130	text{*\noindent
f4da791d4850 * empty log message * nipkow parents: diff changeset	131	Note that the above \isacommand{primrec} definition is admissible
f4da791d4850 * empty log message * nipkow parents: diff changeset	132	because @{text"\<times>"} is a datatype. When we now try to prove
f4da791d4850 * empty log message * nipkow parents: diff changeset	133	*}
f4da791d4850 * empty log message * nipkow parents: diff changeset	134
f4da791d4850 * empty log message * nipkow parents: diff changeset	135	lemma "swap(swap p) = p"
f4da791d4850 * empty log message * nipkow parents: diff changeset	136
f4da791d4850 * empty log message * nipkow parents: diff changeset	137	txt{*\noindent
f4da791d4850 * empty log message * nipkow parents: diff changeset	138	simplification will do nothing, because the defining equation for @{term swap}
f4da791d4850 * empty log message * nipkow parents: diff changeset	139	expects a pair. Again, we need to turn @{term p} into a pair first, but this
f4da791d4850 * empty log message * nipkow parents: diff changeset	140	time there is no @{term split} in sight. In this case the only thing we can do
f4da791d4850 * empty log message * nipkow parents: diff changeset	141	is to split the term by hand:
f4da791d4850 * empty log message * nipkow parents: diff changeset	142	*}
f4da791d4850 * empty log message * nipkow parents: diff changeset	143	apply(case_tac p)
f4da791d4850 * empty log message * nipkow parents: diff changeset	144
f4da791d4850 * empty log message * nipkow parents: diff changeset	145	txt{*\noindent
f4da791d4850 * empty log message * nipkow parents: diff changeset	146	@{subgoals[display,indent=0]}
f4da791d4850 * empty log message * nipkow parents: diff changeset	147	Again, @{text case_tac} is applicable because @{text"\<times>"} is a datatype.
f4da791d4850 * empty log message * nipkow parents: diff changeset	148	The subgoal is easily proved by @{text simp}.
f4da791d4850 * empty log message * nipkow parents: diff changeset	149
f4da791d4850 * empty log message * nipkow parents: diff changeset	150	In case the term to be split is a quantified variable, there are more options.
f4da791d4850 * empty log message * nipkow parents: diff changeset	151	You can split \emph{all} @{text"\<And>"}-quantified variables in a goal
f4da791d4850 * empty log message * nipkow parents: diff changeset	152	with the rewrite rule @{thm[source]split_paired_all}:
f4da791d4850 * empty log message * nipkow parents: diff changeset	153	*}
f4da791d4850 * empty log message * nipkow parents: diff changeset	154
f4da791d4850 * empty log message * nipkow parents: diff changeset	155	(<)by simp(>)
f4da791d4850 * empty log message * nipkow parents: diff changeset	156	lemma "\<And>p q. swap(swap p) = q \<longrightarrow> p = q"
f4da791d4850 * empty log message * nipkow parents: diff changeset	157	apply(simp only:split_paired_all)
f4da791d4850 * empty log message * nipkow parents: diff changeset	158
f4da791d4850 * empty log message * nipkow parents: diff changeset	159	txt{*\noindent
f4da791d4850 * empty log message * nipkow parents: diff changeset	160	@{subgoals[display,indent=0]}
f4da791d4850 * empty log message * nipkow parents: diff changeset	161	*}
f4da791d4850 * empty log message * nipkow parents: diff changeset	162
f4da791d4850 * empty log message * nipkow parents: diff changeset	163	apply simp
f4da791d4850 * empty log message * nipkow parents: diff changeset	164	done
f4da791d4850 * empty log message * nipkow parents: diff changeset	165
f4da791d4850 * empty log message * nipkow parents: diff changeset	166	text{*\noindent
f4da791d4850 * empty log message * nipkow parents: diff changeset	167	Note that we have intentionally included only @{thm[source]split_paired_all}
f4da791d4850 * empty log message * nipkow parents: diff changeset	168	in the first simplification step. This time the reason was not merely
f4da791d4850 * empty log message * nipkow parents: diff changeset	169	pedagogical:
f4da791d4850 * empty log message * nipkow parents: diff changeset	170	@{thm[source]split_paired_all} may interfere with certain congruence
f4da791d4850 * empty log message * nipkow parents: diff changeset	171	rules of the simplifier, i.e.
f4da791d4850 * empty log message * nipkow parents: diff changeset	172	*}
f4da791d4850 * empty log message * nipkow parents: diff changeset	173
f4da791d4850 * empty log message * nipkow parents: diff changeset	174	(<)
f4da791d4850 * empty log message * nipkow parents: diff changeset	175	lemma "\<And>p q. swap(swap p) = q \<longrightarrow> p = q"
f4da791d4850 * empty log message * nipkow parents: diff changeset	176	(>)
f4da791d4850 * empty log message * nipkow parents: diff changeset	177	apply(simp add:split_paired_all)
f4da791d4850 * empty log message * nipkow parents: diff changeset	178	(<)done(>)
f4da791d4850 * empty log message * nipkow parents: diff changeset	179	text{*\noindent
f4da791d4850 * empty log message * nipkow parents: diff changeset	180	may fail (here it does not) where the above two stages succeed.
f4da791d4850 * empty log message * nipkow parents: diff changeset	181
f4da791d4850 * empty log message * nipkow parents: diff changeset	182	Finally, all @{text"\<forall>"} and @{text"\<exists>"}-quantified variables are split
f4da791d4850 * empty log message * nipkow parents: diff changeset	183	automatically by the simplifier:
f4da791d4850 * empty log message * nipkow parents: diff changeset	184	*}
f4da791d4850 * empty log message * nipkow parents: diff changeset	185
f4da791d4850 * empty log message * nipkow parents: diff changeset	186	lemma "\<forall>p. \<exists>q. swap p = swap q"
f4da791d4850 * empty log message * nipkow parents: diff changeset	187	apply simp;
f4da791d4850 * empty log message * nipkow parents: diff changeset	188	done
f4da791d4850 * empty log message * nipkow parents: diff changeset	189
f4da791d4850 * empty log message * nipkow parents: diff changeset	190	text{*\noindent
f4da791d4850 * empty log message * nipkow parents: diff changeset	191	In case you would like to turn off this automatic splitting, just disable the
f4da791d4850 * empty log message * nipkow parents: diff changeset	192	responsible simplification rules:
f4da791d4850 * empty log message * nipkow parents: diff changeset	193	\begin{center}
f4da791d4850 * empty log message * nipkow parents: diff changeset	194	@{thm split_paired_All}
f4da791d4850 * empty log message * nipkow parents: diff changeset	195	\hfill
f4da791d4850 * empty log message * nipkow parents: diff changeset	196	(@{thm[source]split_paired_All})\\
f4da791d4850 * empty log message * nipkow parents: diff changeset	197	@{thm split_paired_Ex}
f4da791d4850 * empty log message * nipkow parents: diff changeset	198	\hfill
f4da791d4850 * empty log message * nipkow parents: diff changeset	199	(@{thm[source]split_paired_Ex})
f4da791d4850 * empty log message * nipkow parents: diff changeset	200	\end{center}
f4da791d4850 * empty log message * nipkow parents: diff changeset	201	*}
f4da791d4850 * empty log message * nipkow parents: diff changeset	202	(<)
f4da791d4850 * empty log message * nipkow parents: diff changeset	203	end
f4da791d4850 * empty log message * nipkow parents: diff changeset	204	(>)

author	nipkow
	Fri, 01 Dec 2000 12:15:47 +0100
changeset 10560	f4da791d4850
child 10608	620647438780
permissions	-rw-r--r--