703 \rulenamedx{ssubst} |
703 \rulenamedx{ssubst} |
704 \end{isabelle} |
704 \end{isabelle} |
705 Crucially, \isa{?P} is a function |
705 Crucially, \isa{?P} is a function |
706 variable. It can be replaced by a $\lambda$-term |
706 variable. It can be replaced by a $\lambda$-term |
707 with one bound variable, whose occurrences identify the places |
707 with one bound variable, whose occurrences identify the places |
708 in which $s$ will be replaced by~$t$. The proof above requires |
708 in which $s$ will be replaced by~$t$. The proof above requires \isa{?P} |
709 the term \isa{{\isasymlambda}x.~x=s}. |
709 to be replaced by \isa{{\isasymlambda}x.~x=s}; the second premise will then |
710 |
710 be \isa{s=s} and the conclusion will be \isa{t=s}. |
711 The \isa{simp} method replaces equals by equals, but the substitution |
711 |
712 rule gives us more control. The \methdx{subst} method is the easiest way to |
712 The \isa{simp} method also replaces equals by equals, but the substitution |
713 use the substitution rule. Suppose a |
713 rule gives us more control. Consider this proof: |
714 proof has reached this point: |
|
715 \begin{isabelle} |
|
716 \ 1.\ \isasymlbrakk P\ x\ y\ z;\ Suc\ x\ <\ y\isasymrbrakk \ \isasymLongrightarrow \ f\ z\ =\ x\ *\ y% |
|
717 \end{isabelle} |
|
718 Now we wish to apply a commutative law: |
|
719 \begin{isabelle} |
|
720 ?m\ *\ ?n\ =\ ?n\ *\ ?m% |
|
721 \rulename{mult_commute} |
|
722 \end{isabelle} |
|
723 Isabelle rejects our first attempt: |
|
724 \begin{isabelle} |
|
725 apply (simp add: mult_commute) |
|
726 \end{isabelle} |
|
727 The simplifier notices the danger of looping and refuses to apply the |
|
728 rule.% |
|
729 \footnote{More precisely, it only applies such a rule if the new term is |
|
730 smaller under a specified ordering; here, \isa{x\ *\ y} |
|
731 is already smaller than |
|
732 \isa{y\ *\ x}.} |
|
733 % |
|
734 The \isa{subst} method applies \isa{mult_commute} exactly once. |
|
735 \begin{isabelle} |
|
736 \isacommand{apply}\ (subst\ mult_commute)\isanewline |
|
737 \ 1.\ \isasymlbrakk P\ x\ y\ z;\ Suc\ x\ <\ y\isasymrbrakk \ |
|
738 \isasymLongrightarrow \ f\ z\ =\ y\ *\ x% |
|
739 \end{isabelle} |
|
740 As we wanted, \isa{x\ *\ y} has become \isa{y\ *\ x}. |
|
741 |
|
742 \medskip |
|
743 The \isa{subst} method is convenient, but to see how it works, let us |
|
744 examine an explicit use of the rule \isa{ssubst}. |
|
745 Consider this proof: |
|
746 \begin{isabelle} |
714 \begin{isabelle} |
747 \isacommand{lemma}\ |
715 \isacommand{lemma}\ |
748 "\isasymlbrakk x\ =\ f\ x;\ odd(f\ x)\isasymrbrakk\ \isasymLongrightarrow\ |
716 "\isasymlbrakk x\ =\ f\ x;\ odd(f\ x)\isasymrbrakk\ \isasymLongrightarrow\ |
749 odd\ x"\isanewline |
717 odd\ x"\isanewline |
750 \isacommand{by}\ (erule\ ssubst) |
718 \isacommand{by}\ (erule\ ssubst) |
751 \end{isabelle} |
719 \end{isabelle} |
752 % |
720 % |
753 The simplifier might loop, replacing \isa{x} by \isa{f x} and then by |
721 The assumption \isa{x\ =\ f\ x}, if used for rewriting, would loop, |
|
722 replacing \isa{x} by \isa{f x} and then by |
754 \isa{f(f x)} and so forth. (Here \isa{simp} |
723 \isa{f(f x)} and so forth. (Here \isa{simp} |
755 can see the danger and would re-orient the equality, but in more complicated |
724 would see the danger and would re-orient the equality, but in more complicated |
756 cases it can be fooled.) When we apply substitution, Isabelle replaces every |
725 cases it can be fooled.) When we apply the substitution rule, |
757 \isa{x} in the subgoal by \isa{f x} just once: it cannot loop. The |
726 Isabelle replaces every |
|
727 \isa{x} in the subgoal by \isa{f x} just once. It cannot loop. The |
758 resulting subgoal is trivial by assumption, so the \isacommand{by} command |
728 resulting subgoal is trivial by assumption, so the \isacommand{by} command |
759 proves it implicitly. |
729 proves it implicitly. |
760 |
730 |
761 We are using the \isa{erule} method in a novel way. Hitherto, |
731 We are using the \isa{erule} method in a novel way. Hitherto, |
762 the conclusion of the rule was just a variable such as~\isa{?R}, but it may |
732 the conclusion of the rule was just a variable such as~\isa{?R}, but it may |
763 be any term. The conclusion is unified with the subgoal just as |
733 be any term. The conclusion is unified with the subgoal just as |
764 it would be with the \isa{rule} method. At the same time \isa{erule} looks |
734 it would be with the \isa{rule} method. At the same time \isa{erule} looks |
765 for an assumption that matches the rule's first premise, as usual. With |
735 for an assumption that matches the rule's first premise, as usual. With |
766 \isa{ssubst} the effect is to find, use and delete an equality |
736 \isa{ssubst} the effect is to find, use and delete an equality |
767 assumption. |
737 assumption. |
|
738 |
|
739 The \methdx{subst} method performs individual substitutions. In simple cases, |
|
740 it closely resembles a use of the substitution rule. Suppose a |
|
741 proof has reached this point: |
|
742 \begin{isabelle} |
|
743 \ 1.\ \isasymlbrakk P\ x\ y\ z;\ Suc\ x\ <\ y\isasymrbrakk \ \isasymLongrightarrow \ f\ z\ =\ x\ *\ y% |
|
744 \end{isabelle} |
|
745 Now we wish to apply a commutative law: |
|
746 \begin{isabelle} |
|
747 ?m\ *\ ?n\ =\ ?n\ *\ ?m% |
|
748 \rulename{mult_commute} |
|
749 \end{isabelle} |
|
750 Isabelle rejects our first attempt: |
|
751 \begin{isabelle} |
|
752 apply (simp add: mult_commute) |
|
753 \end{isabelle} |
|
754 The simplifier notices the danger of looping and refuses to apply the |
|
755 rule.% |
|
756 \footnote{More precisely, it only applies such a rule if the new term is |
|
757 smaller under a specified ordering; here, \isa{x\ *\ y} |
|
758 is already smaller than |
|
759 \isa{y\ *\ x}.} |
|
760 % |
|
761 The \isa{subst} method applies \isa{mult_commute} exactly once. |
|
762 \begin{isabelle} |
|
763 \isacommand{apply}\ (subst\ mult_commute)\isanewline |
|
764 \ 1.\ \isasymlbrakk P\ x\ y\ z;\ Suc\ x\ <\ y\isasymrbrakk \ |
|
765 \isasymLongrightarrow \ f\ z\ =\ y\ *\ x% |
|
766 \end{isabelle} |
|
767 As we wanted, \isa{x\ *\ y} has become \isa{y\ *\ x}. |
|
768 |
|
769 \medskip |
|
770 This use of the \methdx{subst} method has the same effect as the command |
|
771 \begin{isabelle} |
|
772 \isacommand{apply}\ (rule\ mult_commute [THEN ssubst]) |
|
773 \end{isabelle} |
|
774 The attribute \isa{THEN}, which combines two rules, is described in |
|
775 {\S}\ref{sec:THEN} below. The \methdx{subst} method is more powerful than |
|
776 applying the substitution rule. It can perform substitutions in a subgoal's |
|
777 assumptions. Moreover, if the subgoal contains more than one occurrence of |
|
778 the left-hand side of the equality, the \methdx{subst} method lets us specify which occurrence should be replaced. |
768 |
779 |
769 |
780 |
770 \subsection{Unification and Its Pitfalls} |
781 \subsection{Unification and Its Pitfalls} |
771 |
782 |
772 Higher-order unification can be tricky. Here is an example, which you may |
783 Higher-order unification can be tricky. Here is an example, which you may |