1 % $Id$ |
1 % $Id$ |
2 \section{The Set of Even Numbers} |
2 \section{The Set of Even Numbers} |
3 |
3 |
|
4 \index{even numbers!defining inductively|(}% |
4 The set of even numbers can be inductively defined as the least set |
5 The set of even numbers can be inductively defined as the least set |
5 containing 0 and closed under the operation $+2$. Obviously, |
6 containing 0 and closed under the operation $+2$. Obviously, |
6 \emph{even} can also be expressed using the divides relation (\isa{dvd}). |
7 \emph{even} can also be expressed using the divides relation (\isa{dvd}). |
7 We shall prove below that the two formulations coincide. On the way we |
8 We shall prove below that the two formulations coincide. On the way we |
8 shall examine the primary means of reasoning about inductively defined |
9 shall examine the primary means of reasoning about inductively defined |
9 sets: rule induction. |
10 sets: rule induction. |
10 |
11 |
11 \subsection{Making an Inductive Definition} |
12 \subsection{Making an Inductive Definition} |
12 |
13 |
13 Using \isacommand{consts}, we declare the constant \isa{even} to be a set |
14 Using \isacommand{consts}, we declare the constant \isa{even} to be a set |
14 of natural numbers. The \isacommand{inductive} declaration gives it the |
15 of natural numbers. The \commdx{inductive} declaration gives it the |
15 desired properties. |
16 desired properties. |
16 \begin{isabelle} |
17 \begin{isabelle} |
17 \isacommand{consts}\ even\ ::\ "nat\ set"\isanewline |
18 \isacommand{consts}\ even\ ::\ "nat\ set"\isanewline |
18 \isacommand{inductive}\ even\isanewline |
19 \isacommand{inductive}\ even\isanewline |
19 \isakeyword{intros}\isanewline |
20 \isakeyword{intros}\isanewline |
39 n\ \isasymin \ even\ \isasymLongrightarrow \ Suc\ (Suc\ n)\ \isasymin \ |
40 n\ \isasymin \ even\ \isasymLongrightarrow \ Suc\ (Suc\ n)\ \isasymin \ |
40 even% |
41 even% |
41 \rulename{even.step} |
42 \rulename{even.step} |
42 \end{isabelle} |
43 \end{isabelle} |
43 |
44 |
44 The introduction rules can be given attributes. Here both rules are |
45 The introduction rules can be given attributes. Here |
45 specified as \isa{intro!}, directing the classical reasoner to |
46 both rules are specified as \isa{intro!},% |
|
47 \index{intro"!@\isa {intro"!} (attribute)} |
|
48 directing the classical reasoner to |
46 apply them aggressively. Obviously, regarding 0 as even is safe. The |
49 apply them aggressively. Obviously, regarding 0 as even is safe. The |
47 \isa{step} rule is also safe because $n+2$ is even if and only if $n$ is |
50 \isa{step} rule is also safe because $n+2$ is even if and only if $n$ is |
48 even. We prove this equivalence later. |
51 even. We prove this equivalence later. |
49 |
52 |
50 \subsection{Using Introduction Rules} |
53 \subsection{Using Introduction Rules} |
81 \end{isabelle} |
84 \end{isabelle} |
82 |
85 |
83 \subsection{Rule Induction} |
86 \subsection{Rule Induction} |
84 \label{sec:rule-induction} |
87 \label{sec:rule-induction} |
85 |
88 |
|
89 \index{rule induction|(}% |
86 From the definition of the set |
90 From the definition of the set |
87 \isa{even}, Isabelle has |
91 \isa{even}, Isabelle has |
88 generated an induction rule: |
92 generated an induction rule: |
89 \begin{isabelle} |
93 \begin{isabelle} |
90 \isasymlbrakk xa\ \isasymin \ even;\isanewline |
94 \isasymlbrakk xa\ \isasymin \ even;\isanewline |
159 |
163 |
160 |
164 |
161 \subsection{Generalization and Rule Induction} |
165 \subsection{Generalization and Rule Induction} |
162 \label{sec:gen-rule-induction} |
166 \label{sec:gen-rule-induction} |
163 |
167 |
|
168 \index{generalizing for induction}% |
164 Before applying induction, we typically must generalize |
169 Before applying induction, we typically must generalize |
165 the induction formula. With rule induction, the required generalization |
170 the induction formula. With rule induction, the required generalization |
166 can be hard to find and sometimes requires a complete reformulation of the |
171 can be hard to find and sometimes requires a complete reformulation of the |
167 problem. In this example, our first attempt uses the obvious statement of |
172 problem. In this example, our first attempt uses the obvious statement of |
168 the result. It fails: |
173 the result. It fails: |
198 \ 1.\ 0\ -\ \#2\ \isasymin \ even\isanewline |
203 \ 1.\ 0\ -\ \#2\ \isasymin \ even\isanewline |
199 \ 2.\ \isasymAnd n.\ \isasymlbrakk n\ \isasymin \ even;\ n\ -\ \#2\ \isasymin \ even\isasymrbrakk \ \isasymLongrightarrow \ Suc\ (Suc\ n)\ -\ \#2\ \isasymin \ even% |
204 \ 2.\ \isasymAnd n.\ \isasymlbrakk n\ \isasymin \ even;\ n\ -\ \#2\ \isasymin \ even\isasymrbrakk \ \isasymLongrightarrow \ Suc\ (Suc\ n)\ -\ \#2\ \isasymin \ even% |
200 \end{isabelle} |
205 \end{isabelle} |
201 The first is trivial because \isa{0\ -\ \#2} simplifies to \isa{0}, which is |
206 The first is trivial because \isa{0\ -\ \#2} simplifies to \isa{0}, which is |
202 even. The second is trivial too: \isa{Suc\ (Suc\ n)\ -\ \#2} simplifies to |
207 even. The second is trivial too: \isa{Suc\ (Suc\ n)\ -\ \#2} simplifies to |
203 \isa{n}, matching the assumption. |
208 \isa{n}, matching the assumption.% |
|
209 \index{rule induction|)} %the sequel isn't really about induction |
204 |
210 |
205 \medskip |
211 \medskip |
206 Using our lemma, we can easily prove the result we originally wanted: |
212 Using our lemma, we can easily prove the result we originally wanted: |
207 \begin{isabelle} |
213 \begin{isabelle} |
208 \isacommand{lemma}\ Suc_Suc_even_imp_even:\ "Suc\ (Suc\ n)\ \isasymin \ even\ \isasymLongrightarrow \ n\ \isasymin \ even"\isanewline |
214 \isacommand{lemma}\ Suc_Suc_even_imp_even:\ "Suc\ (Suc\ n)\ \isasymin \ even\ \isasymLongrightarrow \ n\ \isasymin \ even"\isanewline |
209 \isacommand{by}\ (drule\ even_imp_even_minus_2, simp) |
215 \isacommand{by}\ (drule\ even_imp_even_minus_2, simp) |
210 \end{isabelle} |
216 \end{isabelle} |
211 |
217 |
212 We have just proved the converse of the introduction rule \isa{even.step}. |
218 We have just proved the converse of the introduction rule \isa{even.step}. |
213 This suggests proving the following equivalence. We give it the \isa{iff} |
219 This suggests proving the following equivalence. We give it the |
214 attribute because of its obvious value for simplification. |
220 \attrdx{iff} attribute because of its obvious value for simplification. |
215 \begin{isabelle} |
221 \begin{isabelle} |
216 \isacommand{lemma}\ [iff]:\ "((Suc\ (Suc\ n))\ \isasymin \ even)\ =\ (n\ |
222 \isacommand{lemma}\ [iff]:\ "((Suc\ (Suc\ n))\ \isasymin \ even)\ =\ (n\ |
217 \isasymin \ even)"\isanewline |
223 \isasymin \ even)"\isanewline |
218 \isacommand{by}\ (blast\ dest:\ Suc_Suc_even_imp_even) |
224 \isacommand{by}\ (blast\ dest:\ Suc_Suc_even_imp_even) |
219 \end{isabelle} |
225 \end{isabelle} |
220 |
226 |
221 |
227 |
222 \subsection{Rule Inversion}\label{sec:rule-inversion} |
228 \subsection{Rule Inversion}\label{sec:rule-inversion} |
223 |
229 |
224 Case analysis on an inductive definition is called \textbf{rule inversion}. |
230 \index{rule inversion|(}% |
225 It is frequently used in proofs about operational semantics. It can be |
231 Case analysis on an inductive definition is called \textbf{rule |
226 highly effective when it is applied automatically. Let us look at how rule |
232 inversion}. It is frequently used in proofs about operational |
227 inversion is done in Isabelle/HOL\@. |
233 semantics. It can be highly effective when it is applied |
|
234 automatically. Let us look at how rule inversion is done in |
|
235 Isabelle/HOL\@. |
228 |
236 |
229 Recall that \isa{even} is the minimal set closed under these two rules: |
237 Recall that \isa{even} is the minimal set closed under these two rules: |
230 \begin{isabelle} |
238 \begin{isabelle} |
231 0\ \isasymin \ even\isanewline |
239 0\ \isasymin \ even\isanewline |
232 n\ \isasymin \ even\ \isasymLongrightarrow \ Suc\ (Suc\ n)\ \isasymin |
240 n\ \isasymin \ even\ \isasymLongrightarrow \ Suc\ (Suc\ n)\ \isasymin |
256 this instance for us: |
264 this instance for us: |
257 \begin{isabelle} |
265 \begin{isabelle} |
258 \isacommand{inductive\_cases}\ Suc_Suc_cases\ [elim!]: |
266 \isacommand{inductive\_cases}\ Suc_Suc_cases\ [elim!]: |
259 \ "Suc(Suc\ n)\ \isasymin \ even" |
267 \ "Suc(Suc\ n)\ \isasymin \ even" |
260 \end{isabelle} |
268 \end{isabelle} |
261 The \isacommand{inductive\_cases} command generates an instance of the |
269 The \commdx{inductive\protect\_cases} command generates an instance of |
|
270 the |
262 \isa{cases} rule for the supplied pattern and gives it the supplied name: |
271 \isa{cases} rule for the supplied pattern and gives it the supplied name: |
263 % |
272 % |
264 \begin{isabelle} |
273 \begin{isabelle} |
265 \isasymlbrakk Suc(Suc\ n)\ \isasymin \ even;\ n\ \isasymin \ even\ |
274 \isasymlbrakk Suc(Suc\ n)\ \isasymin \ even;\ n\ \isasymin \ even\ |
266 \isasymLongrightarrow \ P\isasymrbrakk \ \isasymLongrightarrow \ P% |
275 \isasymLongrightarrow \ P\isasymrbrakk \ \isasymLongrightarrow \ P% |
271 would yield two. Rule inversion works well when the conclusions of the |
280 would yield two. Rule inversion works well when the conclusions of the |
272 introduction rules involve datatype constructors like \isa{Suc} and \isa{\#} |
281 introduction rules involve datatype constructors like \isa{Suc} and \isa{\#} |
273 (list ``cons''); freeness reasoning discards all but one or two cases. |
282 (list ``cons''); freeness reasoning discards all but one or two cases. |
274 |
283 |
275 In the \isacommand{inductive\_cases} command we supplied an |
284 In the \isacommand{inductive\_cases} command we supplied an |
276 attribute, \isa{elim!}, indicating that this elimination rule can be applied |
285 attribute, \isa{elim!}, |
277 aggressively. The original |
286 \index{elim"!@\isa {elim"!} (attribute)}% |
|
287 indicating that this elimination rule can be |
|
288 applied aggressively. The original |
278 \isa{cases} rule would loop if used in that manner because the |
289 \isa{cases} rule would loop if used in that manner because the |
279 pattern~\isa{a} matches everything. |
290 pattern~\isa{a} matches everything. |
280 |
291 |
281 The rule \isa{Suc_Suc_cases} is equivalent to the following implication: |
292 The rule \isa{Suc_Suc_cases} is equivalent to the following implication: |
282 \begin{isabelle} |
293 \begin{isabelle} |
298 \end{isabelle} |
309 \end{isabelle} |
299 The specified instance of the \isa{cases} rule is generated, then applied |
310 The specified instance of the \isa{cases} rule is generated, then applied |
300 as an elimination rule. |
311 as an elimination rule. |
301 |
312 |
302 To summarize, every inductive definition produces a \isa{cases} rule. The |
313 To summarize, every inductive definition produces a \isa{cases} rule. The |
303 \isacommand{inductive\_cases} command stores an instance of the \isa{cases} |
314 \commdx{inductive\protect\_cases} command stores an instance of the |
304 rule for a given pattern. Within a proof, the \isa{ind_cases} method |
315 \isa{cases} rule for a given pattern. Within a proof, the |
305 applies an instance of the \isa{cases} |
316 \isa{ind_cases} method applies an instance of the \isa{cases} |
306 rule. |
317 rule. |
307 |
318 |
308 The even numbers example has shown how inductive definitions can be |
319 The even numbers example has shown how inductive definitions can be |
309 used. Later examples will show that they are actually worth using. |
320 used. Later examples will show that they are actually worth using.% |
|
321 \index{rule inversion|)}% |
|
322 \index{even numbers!defining inductively|)} |