equal
deleted
inserted
replaced
1 (*<*)theory Star = Main:(*>*) |
1 (*<*)theory Star = Main:(*>*) |
2 |
2 |
3 section{*The reflexive transitive closure*} |
3 section{*The reflexive transitive closure*} |
4 |
4 |
5 text{*\label{sec:rtc} |
5 text{*\label{sec:rtc} |
6 |
|
7 {\bf Say something about inductive relations as opposed to sets? Or has that |
6 {\bf Say something about inductive relations as opposed to sets? Or has that |
8 been said already? If not, explain induction!} |
7 been said already? If not, explain induction!} |
9 |
8 |
10 A perfect example of an inductive definition is the reflexive transitive |
9 A perfect example of an inductive definition is the reflexive transitive |
11 closure of a relation. This concept was already introduced in |
10 closure of a relation. This concept was already introduced in |
23 |
22 |
24 text{*\noindent |
23 text{*\noindent |
25 The function @{term rtc} is annotated with concrete syntax: instead of |
24 The function @{term rtc} is annotated with concrete syntax: instead of |
26 @{text"rtc r"} we can read and write {term"r*"}. The actual definition |
25 @{text"rtc r"} we can read and write {term"r*"}. The actual definition |
27 consists of two rules. Reflexivity is obvious and is immediately declared an |
26 consists of two rules. Reflexivity is obvious and is immediately declared an |
28 equivalence. Thus the automatic tools will apply it automatically. The second |
27 equivalence rule. Thus the automatic tools will apply it automatically. The |
29 rule, @{thm[source]rtc_step}, says that we can always add one more @{term |
28 second rule, @{thm[source]rtc_step}, says that we can always add one more |
30 r}-step to the left. Although we could make @{thm[source]rtc_step} an |
29 @{term r}-step to the left. Although we could make @{thm[source]rtc_step} an |
31 introduction rule, this is dangerous: the recursion slows down and may |
30 introduction rule, this is dangerous: the recursion slows down and may |
32 even kill the automatic tactics. |
31 even kill the automatic tactics. |
33 |
32 |
34 The above definition of the concept of reflexive transitive closure may |
33 The above definition of the concept of reflexive transitive closure may |
35 be sufficiently intuitive but it is certainly not the only possible one: |
34 be sufficiently intuitive but it is certainly not the only possible one: |
59 |
58 |
60 txt{*\noindent |
59 txt{*\noindent |
61 The proof starts canonically by rule induction: |
60 The proof starts canonically by rule induction: |
62 *} |
61 *} |
63 |
62 |
64 apply(erule rtc.induct)(*pr(latex xsymbols symbols);*)(*<*)oops(*>*) |
63 apply(erule rtc.induct) |
65 text{*\noindent |
64 |
|
65 txt{*\noindent |
66 However, even the resulting base case is a problem |
66 However, even the resulting base case is a problem |
67 \begin{isabelle} |
67 @{subgoals[display,indent=0,goals_limit=1]} |
68 \ {\isadigit{1}}{\isachardot}\ {\isasymAnd}x{\isachardot}\ {\isacharparenleft}y{\isacharcomma}\ z{\isacharparenright}\ {\isasymin}\ r{\isacharasterisk}\ {\isasymLongrightarrow}\ {\isacharparenleft}x{\isacharcomma}\ z{\isacharparenright}\ {\isasymin}\ r{\isacharasterisk} |
|
69 \end{isabelle} |
|
70 and maybe not what you had expected. We have to abandon this proof attempt. |
68 and maybe not what you had expected. We have to abandon this proof attempt. |
71 To understand what is going on, |
69 To understand what is going on, |
72 let us look at the induction rule @{thm[source]rtc.induct}: |
70 let us look at the induction rule @{thm[source]rtc.induct}: |
73 \[ \frac{(x,y) \in r^* \qquad \bigwedge x.~P~x~x \quad \dots}{P~x~y} \] |
71 \[ \frac{(x,y) \in r^* \qquad \bigwedge x.~P~x~x \quad \dots}{P~x~y} \] |
74 When applying this rule, $x$ becomes @{term x}, $y$ becomes |
72 When applying this rule, $x$ becomes @{term x}, $y$ becomes |
78 When looking at the instantiation of $P~x~y$ we see |
76 When looking at the instantiation of $P~x~y$ we see |
79 that $P$ does not depend on its second parameter at |
77 that $P$ does not depend on its second parameter at |
80 all. The reason is that in our original goal, of the pair @{term"(x,y)"} only |
78 all. The reason is that in our original goal, of the pair @{term"(x,y)"} only |
81 @{term x} appears also in the conclusion, but not @{term y}. Thus our |
79 @{term x} appears also in the conclusion, but not @{term y}. Thus our |
82 induction statement is too weak. Fortunately, it can easily be strengthened: |
80 induction statement is too weak. Fortunately, it can easily be strengthened: |
83 transfer the additional premise @{prop"(y,z):r*"} into the conclusion: |
81 transfer the additional premise @{prop"(y,z):r*"} into the conclusion:*} |
84 *} |
82 (*<*)oops(*>*) |
85 |
|
86 lemma rtc_trans[rule_format]: |
83 lemma rtc_trans[rule_format]: |
87 "(x,y) \<in> r* \<Longrightarrow> (y,z) \<in> r* \<longrightarrow> (x,z) \<in> r*" |
84 "(x,y) \<in> r* \<Longrightarrow> (y,z) \<in> r* \<longrightarrow> (x,z) \<in> r*" |
88 |
85 |
89 txt{*\noindent |
86 txt{*\noindent |
90 This is not an obscure trick but a generally applicable heuristic: |
87 This is not an obscure trick but a generally applicable heuristic: |
95 \end{quote} |
92 \end{quote} |
96 A similar heuristic for other kinds of inductions is formulated in |
93 A similar heuristic for other kinds of inductions is formulated in |
97 \S\ref{sec:ind-var-in-prems}. The @{text rule_format} directive turns |
94 \S\ref{sec:ind-var-in-prems}. The @{text rule_format} directive turns |
98 @{text"\<longrightarrow>"} back into @{text"\<Longrightarrow>"}. Thus in the end we obtain the original |
95 @{text"\<longrightarrow>"} back into @{text"\<Longrightarrow>"}. Thus in the end we obtain the original |
99 statement of our lemma. |
96 statement of our lemma. |
100 |
|
101 Now induction produces two subgoals which are both proved automatically: |
|
102 \begin{isabelle} |
|
103 \ {\isadigit{1}}{\isachardot}\ {\isasymAnd}x{\isachardot}\ {\isacharparenleft}x{\isacharcomma}\ z{\isacharparenright}\ {\isasymin}\ r{\isacharasterisk}\ {\isasymlongrightarrow}\ {\isacharparenleft}x{\isacharcomma}\ z{\isacharparenright}\ {\isasymin}\ r{\isacharasterisk}\isanewline |
|
104 \ {\isadigit{2}}{\isachardot}\ {\isasymAnd}x\ y\ za{\isachardot}\isanewline |
|
105 \ \ \ \ \ \ \ {\isasymlbrakk}{\isacharparenleft}x{\isacharcomma}\ y{\isacharparenright}\ {\isasymin}\ r{\isacharsemicolon}\ {\isacharparenleft}y{\isacharcomma}\ za{\isacharparenright}\ {\isasymin}\ r{\isacharasterisk}{\isacharsemicolon}\ {\isacharparenleft}za{\isacharcomma}\ z{\isacharparenright}\ {\isasymin}\ r{\isacharasterisk}\ {\isasymlongrightarrow}\ {\isacharparenleft}y{\isacharcomma}\ z{\isacharparenright}\ {\isasymin}\ r{\isacharasterisk}{\isasymrbrakk}\isanewline |
|
106 \ \ \ \ \ \ \ {\isasymLongrightarrow}\ {\isacharparenleft}za{\isacharcomma}\ z{\isacharparenright}\ {\isasymin}\ r{\isacharasterisk}\ {\isasymlongrightarrow}\ {\isacharparenleft}x{\isacharcomma}\ z{\isacharparenright}\ {\isasymin}\ r{\isacharasterisk} |
|
107 \end{isabelle} |
|
108 *} |
97 *} |
109 |
98 |
110 apply(erule rtc.induct)(*pr(latex xsymbols symbols);*) |
99 apply(erule rtc.induct) |
|
100 |
|
101 txt{*\noindent |
|
102 Now induction produces two subgoals which are both proved automatically: |
|
103 @{subgoals[display,indent=0]} |
|
104 *} |
|
105 |
111 apply(blast); |
106 apply(blast); |
112 apply(blast intro: rtc_step); |
107 apply(blast intro: rtc_step); |
113 done |
108 done |
114 |
109 |
115 text{* |
110 text{* |