Mercurial Mercurial > repos > isabelle / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
src/Doc/Tutorial/Advanced/WFrec.thy
changeset 67406 23307fd33906
parent 58620 7435b6a3f72e
child 69505 cc2d676d5395
equal deleted inserted replaced
67405:e9ab4ad7bd15 67406:23307fd33906 
     1 (*<*)theory WFrec imports Main begin(*>*)
 
     1 (*<*)theory WFrec imports Main begin(*>*)
 
     2 
     2 
     3 text{*\noindent
 
     3 text\<open>\noindent
 
     4 So far, all recursive definitions were shown to terminate via measure
 
     4 So far, all recursive definitions were shown to terminate via measure
 
     5 functions. Sometimes this can be inconvenient or
 
     5 functions. Sometimes this can be inconvenient or
 
     6 impossible. Fortunately, \isacommand{recdef} supports much more
 
     6 impossible. Fortunately, \isacommand{recdef} supports much more
 
     7 general definitions. For example, termination of Ackermann's function
 
     7 general definitions. For example, termination of Ackermann's function
 
     8 can be shown by means of the \rmindex{lexicographic product} @{text"<*lex*>"}:
 
     8 can be shown by means of the \rmindex{lexicographic product} @{text"<*lex*>"}:
 
     9 *}
 
     9 \<close>
 
    10 
    10 
    11 consts ack :: "nat\<times>nat \<Rightarrow> nat"
 
    11 consts ack :: "nat\<times>nat \<Rightarrow> nat"
 
    12 recdef ack "measure(\<lambda>m. m) <*lex*> measure(\<lambda>n. n)"
 
    12 recdef ack "measure(\<lambda>m. m) <*lex*> measure(\<lambda>n. n)"
 
    13   "ack(0,n)         = Suc n"
 
    13   "ack(0,n)         = Suc n"
 
    14   "ack(Suc m,0)     = ack(m, 1)"
 
    14   "ack(Suc m,0)     = ack(m, 1)"
 
    15   "ack(Suc m,Suc n) = ack(m,ack(Suc m,n))"
 
    15   "ack(Suc m,Suc n) = ack(m,ack(Suc m,n))"
 
    16 
    16 
    17 text{*\noindent
 
    17 text\<open>\noindent
 
    18 The lexicographic product decreases if either its first component
 
    18 The lexicographic product decreases if either its first component
 
    19 decreases (as in the second equation and in the outer call in the
 
    19 decreases (as in the second equation and in the outer call in the
 
    20 third equation) or its first component stays the same and the second
 
    20 third equation) or its first component stays the same and the second
 
    21 component decreases (as in the inner call in the third equation).
 
    21 component decreases (as in the inner call in the third equation).
 
    22 
    22 
    37 constructions of well-founded relations (see \S\ref{sec:Well-founded}). For
 
    37 constructions of well-founded relations (see \S\ref{sec:Well-founded}). For
 
    38 example, @{term"measure f"} is always well-founded.   The lexicographic
 
    38 example, @{term"measure f"} is always well-founded.   The lexicographic
 
    39 product of two well-founded relations is again well-founded, which we relied
 
    39 product of two well-founded relations is again well-founded, which we relied
 
    40 on when defining Ackermann's function above.
 
    40 on when defining Ackermann's function above.
 
    41 Of course the lexicographic product can also be iterated:
 
    41 Of course the lexicographic product can also be iterated:
 
    42 *}
 
    42 \<close>
 
    43 
    43 
    44 consts contrived :: "nat \<times> nat \<times> nat \<Rightarrow> nat"
 
    44 consts contrived :: "nat \<times> nat \<times> nat \<Rightarrow> nat"
 
    45 recdef contrived
 
    45 recdef contrived
 
    46   "measure(\<lambda>i. i) <*lex*> measure(\<lambda>j. j) <*lex*> measure(\<lambda>k. k)"
 
    46   "measure(\<lambda>i. i) <*lex*> measure(\<lambda>j. j) <*lex*> measure(\<lambda>k. k)"
 
    47 "contrived(i,j,Suc k) = contrived(i,j,k)"
 
    47 "contrived(i,j,Suc k) = contrived(i,j,k)"
 
    48 "contrived(i,Suc j,0) = contrived(i,j,j)"
 
    48 "contrived(i,Suc j,0) = contrived(i,j,j)"
 
    49 "contrived(Suc i,0,0) = contrived(i,i,i)"
 
    49 "contrived(Suc i,0,0) = contrived(i,i,i)"
 
    50 "contrived(0,0,0)     = 0"
 
    50 "contrived(0,0,0)     = 0"
 
    51 
    51 
    52 text{*
 
    52 text\<open>
 
    53 Lexicographic products of measure functions already go a long
 
    53 Lexicographic products of measure functions already go a long
 
    54 way. Furthermore, you may embed a type in an
 
    54 way. Furthermore, you may embed a type in an
 
    55 existing well-founded relation via the inverse image construction @{term
 
    55 existing well-founded relation via the inverse image construction @{term
 
    56 inv_image}. All these constructions are known to \isacommand{recdef}. Thus you
 
    56 inv_image}. All these constructions are known to \isacommand{recdef}. Thus you
 
    57 will never have to prove well-foundedness of any relation composed
 
    57 will never have to prove well-foundedness of any relation composed
 
    62 
    62 
    63 It is also possible to use your own well-founded relations with
 
    63 It is also possible to use your own well-founded relations with
 
    64 \isacommand{recdef}.  For example, the greater-than relation can be made
 
    64 \isacommand{recdef}.  For example, the greater-than relation can be made
 
    65 well-founded by cutting it off at a certain point.  Here is an example
 
    65 well-founded by cutting it off at a certain point.  Here is an example
 
    66 of a recursive function that calls itself with increasing values up to ten:
 
    66 of a recursive function that calls itself with increasing values up to ten:
 
    67 *}
 
    67 \<close>
 
    68 
    68 
    69 consts f :: "nat \<Rightarrow> nat"
 
    69 consts f :: "nat \<Rightarrow> nat"
 
    70 recdef (*<*)(permissive)(*>*)f "{(i,j). j<i \<and> i \<le> (10::nat)}"
 
    70 recdef (*<*)(permissive)(*>*)f "{(i,j). j<i \<and> i \<le> (10::nat)}"
 
    71 "f i = (if 10 \<le> i then 0 else i * f(Suc i))"
 
    71 "f i = (if 10 \<le> i then 0 else i * f(Suc i))"
 
    72 
    72 
    73 text{*\noindent
 
    73 text\<open>\noindent
 
    74 Since \isacommand{recdef} is not prepared for the relation supplied above,
 
    74 Since \isacommand{recdef} is not prepared for the relation supplied above,
 
    75 Isabelle rejects the definition.  We should first have proved that
 
    75 Isabelle rejects the definition.  We should first have proved that
 
    76 our relation was well-founded:
 
    76 our relation was well-founded:
 
    77 *}
 
    77 \<close>
 
    78 
    78 
    79 lemma wf_greater: "wf {(i,j). j<i \<and> i \<le> (N::nat)}"
 
    79 lemma wf_greater: "wf {(i,j). j<i \<and> i \<le> (N::nat)}"
 
    80 
    80 
    81 txt{*\noindent
 
    81 txt\<open>\noindent
 
    82 The proof is by showing that our relation is a subset of another well-founded
 
    82 The proof is by showing that our relation is a subset of another well-founded
 
    83 relation: one given by a measure function.\index{*wf_subset (theorem)}
 
    83 relation: one given by a measure function.\index{*wf_subset (theorem)}
 
    84 *}
 
    84 \<close>
 
    85 
    85 
    86 apply (rule wf_subset [of "measure (\<lambda>k::nat. N-k)"], blast)
 
    86 apply (rule wf_subset [of "measure (\<lambda>k::nat. N-k)"], blast)
 
    87 
    87 
    88 txt{*
 
    88 txt\<open>
 
    89 @{subgoals[display,indent=0,margin=65]}
 
    89 @{subgoals[display,indent=0,margin=65]}
 
    90 
    90 
    91 \noindent
 
    91 \noindent
 
    92 The inclusion remains to be proved. After unfolding some definitions, 
    92 The inclusion remains to be proved. After unfolding some definitions, 
    93 we are left with simple arithmetic that is dispatched automatically.
 
    93 we are left with simple arithmetic that is dispatched automatically.
 
    94 *}
 
    94 \<close>
 
    95 
    95 
    96 by (clarify, simp add: measure_def inv_image_def)
 
    96 by (clarify, simp add: measure_def inv_image_def)
 
    97 
    97 
    98 text{*\noindent
 
    98 text\<open>\noindent
 
    99 
    99 
   100 Armed with this lemma, we use the \attrdx{recdef_wf} attribute to attach a
 
   100 Armed with this lemma, we use the \attrdx{recdef_wf} attribute to attach a
 
   101 crucial hint\cmmdx{hints} to our definition:
 
   101 crucial hint\cmmdx{hints} to our definition:
 
   102 *}
 
   102 \<close>
 
   103 (*<*)
 
   103 (*<*)
 
   104 consts g :: "nat \<Rightarrow> nat"
 
   104 consts g :: "nat \<Rightarrow> nat"
 
   105 recdef g "{(i,j). j<i \<and> i \<le> (10::nat)}"
 
   105 recdef g "{(i,j). j<i \<and> i \<le> (10::nat)}"
 
   106 "g i = (if 10 \<le> i then 0 else i * g(Suc i))"
 
   106 "g i = (if 10 \<le> i then 0 else i * g(Suc i))"
 
   107 (*>*)
 
   107 (*>*)
 
   108 (hints recdef_wf: wf_greater)
 
   108 (hints recdef_wf: wf_greater)
 
   109 
   109 
   110 text{*\noindent
 
   110 text\<open>\noindent
 
   111 Alternatively, we could have given @{text "measure (\<lambda>k::nat. 10-k)"} for the
 
   111 Alternatively, we could have given @{text "measure (\<lambda>k::nat. 10-k)"} for the
 
   112 well-founded relation in our \isacommand{recdef}.  However, the arithmetic
 
   112 well-founded relation in our \isacommand{recdef}.  However, the arithmetic
 
   113 goal in the lemma above would have arisen instead in the \isacommand{recdef}
 
   113 goal in the lemma above would have arisen instead in the \isacommand{recdef}
 
   114 termination proof, where we have less control.  A tailor-made termination
 
   114 termination proof, where we have less control.  A tailor-made termination
 
   115 relation makes even more sense when it can be used in several function
 
   115 relation makes even more sense when it can be used in several function
 
   116 declarations.
 
   116 declarations.
 
   117 *}
 
   117 \<close>
 
   118 
   118 
   119 (*<*)end(*>*)
 
   119 (*<*)end(*>*)
isabelle