63 % |
108 % |
64 \isadelimproof |
109 \isadelimproof |
65 % |
110 % |
66 \endisadelimproof |
111 \endisadelimproof |
67 % |
112 % |
68 \begin{isamarkuptext}% |
113 \isadelimproof |
69 \begin{isabelle}% |
114 % |
70 \ \ \ \ \ {\isasymlbrakk}a\ {\isasymin}\ even{\isacharsemicolon}\ a\ {\isacharequal}\ {\isadigit{0}}\ {\isasymLongrightarrow}\ P{\isacharsemicolon}\ {\isasymAnd}n{\isachardot}\ {\isasymlbrakk}a\ {\isacharequal}\ Suc\ {\isacharparenleft}Suc\ n{\isacharparenright}{\isacharsemicolon}\ n\ {\isasymin}\ even{\isasymrbrakk}\ {\isasymLongrightarrow}\ P{\isasymrbrakk}\ {\isasymLongrightarrow}\ P% |
115 \endisadelimproof |
71 \end{isabelle} |
116 % |
72 \rulename{even.cases} |
117 \isatagproof |
73 |
118 % |
74 Just as a demo I include |
|
75 the two forms that Markus has made available. First the one for binding the |
|
76 result to a name% |
|
77 \end{isamarkuptext}% |
|
78 \isamarkuptrue% |
|
79 \isacommand{inductive{\isacharunderscore}cases}\isamarkupfalse% |
|
80 \ Suc{\isacharunderscore}Suc{\isacharunderscore}cases\ {\isacharbrackleft}elim{\isacharbang}{\isacharbrackright}{\isacharcolon}\isanewline |
|
81 \ \ {\isachardoublequoteopen}Suc{\isacharparenleft}Suc\ n{\isacharparenright}\ {\isasymin}\ even{\isachardoublequoteclose}\isanewline |
|
82 \isanewline |
|
83 \isacommand{thm}\isamarkupfalse% |
|
84 \ Suc{\isacharunderscore}Suc{\isacharunderscore}cases% |
|
85 \begin{isamarkuptext}% |
|
86 \begin{isabelle}% |
|
87 \ \ \ \ \ {\isasymlbrakk}Suc\ {\isacharparenleft}Suc\ n{\isacharparenright}\ {\isasymin}\ even{\isacharsemicolon}\ n\ {\isasymin}\ even\ {\isasymLongrightarrow}\ P{\isasymrbrakk}\ {\isasymLongrightarrow}\ P% |
|
88 \end{isabelle} |
|
89 \rulename{Suc_Suc_cases} |
|
90 |
|
91 and now the one for local usage:% |
|
92 \end{isamarkuptext}% |
|
93 \isamarkuptrue% |
|
94 \isacommand{lemma}\isamarkupfalse% |
|
95 \ {\isachardoublequoteopen}Suc{\isacharparenleft}Suc\ n{\isacharparenright}\ {\isasymin}\ even\ {\isasymLongrightarrow}\ P\ n{\isachardoublequoteclose}\isanewline |
|
96 % |
|
97 \isadelimproof |
|
98 % |
|
99 \endisadelimproof |
|
100 % |
|
101 \isatagproof |
|
102 \isacommand{apply}\isamarkupfalse% |
|
103 \ {\isacharparenleft}ind{\isacharunderscore}cases\ {\isachardoublequoteopen}Suc{\isacharparenleft}Suc\ n{\isacharparenright}\ {\isasymin}\ even{\isachardoublequoteclose}{\isacharparenright}\isanewline |
|
104 \isacommand{oops}\isamarkupfalse% |
|
105 % |
|
106 \endisatagproof |
|
107 {\isafoldproof}% |
|
108 % |
|
109 \isadelimproof |
|
110 \isanewline |
|
111 % |
|
112 \endisadelimproof |
|
113 \isanewline |
|
114 \isacommand{inductive{\isacharunderscore}cases}\isamarkupfalse% |
|
115 \ gterm{\isacharunderscore}Apply{\isacharunderscore}elim\ {\isacharbrackleft}elim{\isacharbang}{\isacharbrackright}{\isacharcolon}\ {\isachardoublequoteopen}Apply\ f\ args\ {\isasymin}\ gterms\ F{\isachardoublequoteclose}% |
|
116 \begin{isamarkuptext}% |
|
117 this is what we get: |
|
118 |
|
119 \begin{isabelle}% |
|
120 \ \ \ \ \ {\isasymlbrakk}Apply\ f\ args\ {\isasymin}\ gterms\ F{\isacharsemicolon}\ {\isasymlbrakk}{\isasymforall}t{\isasymin}set\ args{\isachardot}\ t\ {\isasymin}\ gterms\ F{\isacharsemicolon}\ f\ {\isasymin}\ F{\isasymrbrakk}\ {\isasymLongrightarrow}\ P{\isasymrbrakk}\ {\isasymLongrightarrow}\ P% |
|
121 \end{isabelle} |
|
122 \rulename{gterm_Apply_elim}% |
|
123 \end{isamarkuptext}% |
|
124 \isamarkuptrue% |
|
125 \isacommand{lemma}\isamarkupfalse% |
|
126 \ gterms{\isacharunderscore}IntI\ {\isacharbrackleft}rule{\isacharunderscore}format{\isacharcomma}\ intro{\isacharbang}{\isacharbrackright}{\isacharcolon}\isanewline |
|
127 \ \ \ \ \ {\isachardoublequoteopen}t\ {\isasymin}\ gterms\ F\ {\isasymLongrightarrow}\ t\ {\isasymin}\ gterms\ G\ {\isasymlongrightarrow}\ t\ {\isasymin}\ gterms\ {\isacharparenleft}F{\isasyminter}G{\isacharparenright}{\isachardoublequoteclose}\isanewline |
|
128 % |
|
129 \isadelimproof |
|
130 % |
|
131 \endisadelimproof |
|
132 % |
|
133 \isatagproof |
|
134 \isacommand{apply}\isamarkupfalse% |
|
135 \ {\isacharparenleft}erule\ gterms{\isachardot}induct{\isacharparenright}% |
|
136 \begin{isamarkuptxt}% |
119 \begin{isamarkuptxt}% |
137 \begin{isabelle}% |
120 Intuitively, this theorem says that |
138 \ {\isadigit{1}}{\isachardot}\ {\isasymAnd}args\ f{\isachardot}\isanewline |
121 enlarging the set of function symbols enlarges the set of ground |
139 \isaindent{\ {\isadigit{1}}{\isachardot}\ \ \ \ }{\isasymlbrakk}{\isasymforall}t{\isasymin}set\ args{\isachardot}\isanewline |
122 terms. The proof is a trivial rule induction. |
140 \isaindent{\ {\isadigit{1}}{\isachardot}\ \ \ \ {\isasymlbrakk}\ \ \ }t\ {\isasymin}\ gterms\ F\ {\isasyminter}\isanewline |
123 First we use the \isa{clarify} method to assume the existence of an element of |
141 \isaindent{\ {\isadigit{1}}{\isachardot}\ \ \ \ {\isasymlbrakk}\ \ \ t\ {\isasymin}\ }{\isacharbraceleft}x{\isachardot}\ x\ {\isasymin}\ gterms\ G\ {\isasymlongrightarrow}\ x\ {\isasymin}\ gterms\ {\isacharparenleft}F\ {\isasyminter}\ G{\isacharparenright}{\isacharbraceright}{\isacharsemicolon}\isanewline |
124 \isa{gterms\ F}. (We could have used \isa{intro\ subsetI}.) We then |
142 \isaindent{\ {\isadigit{1}}{\isachardot}\ \ \ \ \ }f\ {\isasymin}\ F{\isasymrbrakk}\isanewline |
125 apply rule induction. Here is the resulting subgoal: |
143 \isaindent{\ {\isadigit{1}}{\isachardot}\ \ \ \ }{\isasymLongrightarrow}\ Apply\ f\ args\ {\isasymin}\ gterms\ G\ {\isasymlongrightarrow}\isanewline |
126 \begin{isabelle}% |
144 \isaindent{\ {\isadigit{1}}{\isachardot}\ \ \ \ {\isasymLongrightarrow}\ }Apply\ f\ args\ {\isasymin}\ gterms\ {\isacharparenleft}F\ {\isasyminter}\ G{\isacharparenright}% |
127 \ {\isadigit{1}}{\isachardot}\ {\isasymAnd}x\ args\ f{\isachardot}\isanewline |
145 \end{isabelle}% |
128 \isaindent{\ {\isadigit{1}}{\isachardot}\ \ \ \ }{\isasymlbrakk}F\ {\isasymsubseteq}\ G{\isacharsemicolon}\ {\isasymforall}t{\isasymin}set\ args{\isachardot}\ t\ {\isasymin}\ gterms\ F\ {\isasymand}\ t\ {\isasymin}\ gterms\ G{\isacharsemicolon}\ f\ {\isasymin}\ F{\isasymrbrakk}\isanewline |
|
129 \isaindent{\ {\isadigit{1}}{\isachardot}\ \ \ \ }{\isasymLongrightarrow}\ Apply\ f\ args\ {\isasymin}\ gterms\ G% |
|
130 \end{isabelle} |
|
131 The assumptions state that \isa{f} belongs |
|
132 to~\isa{F}, which is included in~\isa{G}, and that every element of the list \isa{args} is |
|
133 a ground term over~\isa{G}. The \isa{blast} method finds this chain of reasoning easily.% |
146 \end{isamarkuptxt}% |
134 \end{isamarkuptxt}% |
147 \isamarkuptrue% |
135 \isamarkuptrue% |
148 \isacommand{apply}\isamarkupfalse% |
136 % |
149 \ blast\isanewline |
137 \endisatagproof |
150 \isacommand{done}\isamarkupfalse% |
138 {\isafoldproof}% |
151 % |
139 % |
152 \endisatagproof |
140 \isadelimproof |
153 {\isafoldproof}% |
141 % |
154 % |
142 \endisadelimproof |
155 \isadelimproof |
143 % |
156 % |
144 \begin{isamarkuptext}% |
157 \endisadelimproof |
145 \begin{warn} |
158 % |
146 Why do we call this function \isa{gterms} instead |
159 \begin{isamarkuptext}% |
147 of \isa{gterm}? A constant may have the same name as a type. However, |
160 \begin{isabelle}% |
148 name clashes could arise in the theorems that Isabelle generates. |
161 \ \ \ \ \ mono\ f\ {\isasymLongrightarrow}\ f\ {\isacharparenleft}A\ {\isasyminter}\ B{\isacharparenright}\ {\isasymsubseteq}\ f\ A\ {\isasyminter}\ f\ B% |
149 Our choice of names keeps \isa{gterms{\isachardot}induct} separate from |
162 \end{isabelle} |
150 \isa{gterm{\isachardot}induct}. |
163 \rulename{mono_Int}% |
151 \end{warn} |
164 \end{isamarkuptext}% |
152 |
165 \isamarkuptrue% |
153 Call a term \textbf{well-formed} if each symbol occurring in it is applied |
166 \isacommand{lemma}\isamarkupfalse% |
154 to the correct number of arguments. (This number is called the symbol's |
167 \ gterms{\isacharunderscore}Int{\isacharunderscore}eq\ {\isacharbrackleft}simp{\isacharbrackright}{\isacharcolon}\isanewline |
155 \textbf{arity}.) We can express well-formedness by |
168 \ \ \ \ \ {\isachardoublequoteopen}gterms\ {\isacharparenleft}F{\isasyminter}G{\isacharparenright}\ {\isacharequal}\ gterms\ F\ {\isasyminter}\ gterms\ G{\isachardoublequoteclose}\isanewline |
156 generalizing the inductive definition of |
169 % |
157 \isa{gterms}. |
170 \isadelimproof |
158 Suppose we are given a function called \isa{arity}, specifying the arities |
171 % |
159 of all symbols. In the inductive step, we have a list \isa{args} of such |
172 \endisadelimproof |
160 terms and a function symbol~\isa{f}. If the length of the list matches the |
173 % |
161 function's arity then applying \isa{f} to \isa{args} yields a well-formed |
174 \isatagproof |
162 term.% |
175 \isacommand{by}\isamarkupfalse% |
163 \end{isamarkuptext}% |
176 \ {\isacharparenleft}blast\ intro{\isacharbang}{\isacharcolon}\ mono{\isacharunderscore}Int\ monoI\ gterms{\isacharunderscore}mono{\isacharparenright}% |
164 \isamarkuptrue% |
177 \endisatagproof |
|
178 {\isafoldproof}% |
|
179 % |
|
180 \isadelimproof |
|
181 % |
|
182 \endisadelimproof |
|
183 % |
|
184 \begin{isamarkuptext}% |
|
185 the following declaration isn't actually used% |
|
186 \end{isamarkuptext}% |
|
187 \isamarkuptrue% |
|
188 \isacommand{consts}\isamarkupfalse% |
|
189 \ integer{\isacharunderscore}arity\ {\isacharcolon}{\isacharcolon}\ {\isachardoublequoteopen}integer{\isacharunderscore}op\ {\isasymRightarrow}\ nat{\isachardoublequoteclose}\isanewline |
|
190 \isacommand{primrec}\isamarkupfalse% |
|
191 \isanewline |
|
192 {\isachardoublequoteopen}integer{\isacharunderscore}arity\ {\isacharparenleft}Number\ n{\isacharparenright}\ \ \ \ \ \ \ \ {\isacharequal}\ {\isadigit{0}}{\isachardoublequoteclose}\isanewline |
|
193 {\isachardoublequoteopen}integer{\isacharunderscore}arity\ UnaryMinus\ \ \ \ \ \ \ \ {\isacharequal}\ {\isadigit{1}}{\isachardoublequoteclose}\isanewline |
|
194 {\isachardoublequoteopen}integer{\isacharunderscore}arity\ Plus\ \ \ \ \ \ \ \ \ \ \ \ \ \ {\isacharequal}\ {\isadigit{2}}{\isachardoublequoteclose}\isanewline |
|
195 \isanewline |
|
196 \isacommand{inductive{\isacharunderscore}set}\isamarkupfalse% |
165 \isacommand{inductive{\isacharunderscore}set}\isamarkupfalse% |
197 \isanewline |
166 \isanewline |
198 \ \ well{\isacharunderscore}formed{\isacharunderscore}gterm\ {\isacharcolon}{\isacharcolon}\ {\isachardoublequoteopen}{\isacharparenleft}{\isacharprime}f\ {\isasymRightarrow}\ nat{\isacharparenright}\ {\isasymRightarrow}\ {\isacharprime}f\ gterm\ set{\isachardoublequoteclose}\isanewline |
167 \ \ well{\isacharunderscore}formed{\isacharunderscore}gterm\ {\isacharcolon}{\isacharcolon}\ {\isachardoublequoteopen}{\isacharparenleft}{\isacharprime}f\ {\isasymRightarrow}\ nat{\isacharparenright}\ {\isasymRightarrow}\ {\isacharprime}f\ gterm\ set{\isachardoublequoteclose}\isanewline |
199 \ \ \isakeyword{for}\ arity\ {\isacharcolon}{\isacharcolon}\ {\isachardoublequoteopen}{\isacharprime}f\ {\isasymRightarrow}\ nat{\isachardoublequoteclose}\isanewline |
168 \ \ \isakeyword{for}\ arity\ {\isacharcolon}{\isacharcolon}\ {\isachardoublequoteopen}{\isacharprime}f\ {\isasymRightarrow}\ nat{\isachardoublequoteclose}\isanewline |
200 \isakeyword{where}\isanewline |
169 \isakeyword{where}\isanewline |
201 step{\isacharbrackleft}intro{\isacharbang}{\isacharbrackright}{\isacharcolon}\ {\isachardoublequoteopen}{\isasymlbrakk}{\isasymforall}t\ {\isasymin}\ set\ args{\isachardot}\ t\ {\isasymin}\ well{\isacharunderscore}formed{\isacharunderscore}gterm\ arity{\isacharsemicolon}\ \ \isanewline |
170 step{\isacharbrackleft}intro{\isacharbang}{\isacharbrackright}{\isacharcolon}\ {\isachardoublequoteopen}{\isasymlbrakk}{\isasymforall}t\ {\isasymin}\ set\ args{\isachardot}\ t\ {\isasymin}\ well{\isacharunderscore}formed{\isacharunderscore}gterm\ arity{\isacharsemicolon}\ \ \isanewline |
202 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ length\ args\ {\isacharequal}\ arity\ f{\isasymrbrakk}\isanewline |
171 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ length\ args\ {\isacharequal}\ arity\ f{\isasymrbrakk}\isanewline |
203 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ {\isasymLongrightarrow}\ {\isacharparenleft}Apply\ f\ args{\isacharparenright}\ {\isasymin}\ well{\isacharunderscore}formed{\isacharunderscore}gterm\ arity{\isachardoublequoteclose}\isanewline |
172 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ {\isasymLongrightarrow}\ {\isacharparenleft}Apply\ f\ args{\isacharparenright}\ {\isasymin}\ well{\isacharunderscore}formed{\isacharunderscore}gterm\ arity{\isachardoublequoteclose}% |
204 \isanewline |
173 \begin{isamarkuptext}% |
205 \isanewline |
174 The inductive definition neatly captures the reasoning above. |
|
175 The universal quantification over the |
|
176 \isa{set} of arguments expresses that all of them are well-formed.% |
|
177 \index{quantifiers!and inductive definitions|)}% |
|
178 \end{isamarkuptext}% |
|
179 \isamarkuptrue% |
|
180 % |
|
181 \isamarkupsubsection{Alternative Definition Using a Monotone Function% |
|
182 } |
|
183 \isamarkuptrue% |
|
184 % |
|
185 \begin{isamarkuptext}% |
|
186 \index{monotone functions!and inductive definitions|(}% |
|
187 An inductive definition may refer to the |
|
188 inductively defined set through an arbitrary monotone function. To |
|
189 demonstrate this powerful feature, let us |
|
190 change the inductive definition above, replacing the |
|
191 quantifier by a use of the function \isa{lists}. This |
|
192 function, from the Isabelle theory of lists, is analogous to the |
|
193 function \isa{gterms} declared above: if \isa{A} is a set then |
|
194 \isa{lists\ A} is the set of lists whose elements belong to |
|
195 \isa{A}. |
|
196 |
|
197 In the inductive definition of well-formed terms, examine the one |
|
198 introduction rule. The first premise states that \isa{args} belongs to |
|
199 the \isa{lists} of well-formed terms. This formulation is more |
|
200 direct, if more obscure, than using a universal quantifier.% |
|
201 \end{isamarkuptext}% |
|
202 \isamarkuptrue% |
206 \isacommand{inductive{\isacharunderscore}set}\isamarkupfalse% |
203 \isacommand{inductive{\isacharunderscore}set}\isamarkupfalse% |
207 \isanewline |
204 \isanewline |
208 \ \ well{\isacharunderscore}formed{\isacharunderscore}gterm{\isacharprime}\ {\isacharcolon}{\isacharcolon}\ {\isachardoublequoteopen}{\isacharparenleft}{\isacharprime}f\ {\isasymRightarrow}\ nat{\isacharparenright}\ {\isasymRightarrow}\ {\isacharprime}f\ gterm\ set{\isachardoublequoteclose}\isanewline |
205 \ \ well{\isacharunderscore}formed{\isacharunderscore}gterm{\isacharprime}\ {\isacharcolon}{\isacharcolon}\ {\isachardoublequoteopen}{\isacharparenleft}{\isacharprime}f\ {\isasymRightarrow}\ nat{\isacharparenright}\ {\isasymRightarrow}\ {\isacharprime}f\ gterm\ set{\isachardoublequoteclose}\isanewline |
209 \ \ \isakeyword{for}\ arity\ {\isacharcolon}{\isacharcolon}\ {\isachardoublequoteopen}{\isacharprime}f\ {\isasymRightarrow}\ nat{\isachardoublequoteclose}\isanewline |
206 \ \ \isakeyword{for}\ arity\ {\isacharcolon}{\isacharcolon}\ {\isachardoublequoteopen}{\isacharprime}f\ {\isasymRightarrow}\ nat{\isachardoublequoteclose}\isanewline |
210 \isakeyword{where}\isanewline |
207 \isakeyword{where}\isanewline |
211 step{\isacharbrackleft}intro{\isacharbang}{\isacharbrackright}{\isacharcolon}\ {\isachardoublequoteopen}{\isasymlbrakk}args\ {\isasymin}\ lists\ {\isacharparenleft}well{\isacharunderscore}formed{\isacharunderscore}gterm{\isacharprime}\ arity{\isacharparenright}{\isacharsemicolon}\ \ \isanewline |
208 step{\isacharbrackleft}intro{\isacharbang}{\isacharbrackright}{\isacharcolon}\ {\isachardoublequoteopen}{\isasymlbrakk}args\ {\isasymin}\ lists\ {\isacharparenleft}well{\isacharunderscore}formed{\isacharunderscore}gterm{\isacharprime}\ arity{\isacharparenright}{\isacharsemicolon}\ \ \isanewline |
212 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ length\ args\ {\isacharequal}\ arity\ f{\isasymrbrakk}\isanewline |
209 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ length\ args\ {\isacharequal}\ arity\ f{\isasymrbrakk}\isanewline |
213 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ {\isasymLongrightarrow}\ {\isacharparenleft}Apply\ f\ args{\isacharparenright}\ {\isasymin}\ well{\isacharunderscore}formed{\isacharunderscore}gterm{\isacharprime}\ arity{\isachardoublequoteclose}\isanewline |
210 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ {\isasymLongrightarrow}\ {\isacharparenleft}Apply\ f\ args{\isacharparenright}\ {\isasymin}\ well{\isacharunderscore}formed{\isacharunderscore}gterm{\isacharprime}\ arity{\isachardoublequoteclose}\isanewline |
214 \isakeyword{monos}\ lists{\isacharunderscore}mono\isanewline |
211 \isakeyword{monos}\ lists{\isacharunderscore}mono% |
215 \isanewline |
212 \begin{isamarkuptext}% |
|
213 We cite the theorem \isa{lists{\isacharunderscore}mono} to justify |
|
214 using the function \isa{lists}.% |
|
215 \footnote{This particular theorem is installed by default already, but we |
|
216 include the \isakeyword{monos} declaration in order to illustrate its syntax.} |
|
217 \begin{isabelle}% |
|
218 A\ {\isasymsubseteq}\ B\ {\isasymLongrightarrow}\ lists\ A\ {\isasymsubseteq}\ lists\ B\rulename{lists{\isacharunderscore}mono}% |
|
219 \end{isabelle} |
|
220 Why must the function be monotone? An inductive definition describes |
|
221 an iterative construction: each element of the set is constructed by a |
|
222 finite number of introduction rule applications. For example, the |
|
223 elements of \isa{even} are constructed by finitely many applications of |
|
224 the rules |
|
225 \begin{isabelle}% |
|
226 {\isadigit{0}}\ {\isasymin}\ even\isasep\isanewline% |
|
227 n\ {\isasymin}\ even\ {\isasymLongrightarrow}\ Suc\ {\isacharparenleft}Suc\ n{\isacharparenright}\ {\isasymin}\ even% |
|
228 \end{isabelle} |
|
229 All references to a set in its |
|
230 inductive definition must be positive. Applications of an |
|
231 introduction rule cannot invalidate previous applications, allowing the |
|
232 construction process to converge. |
|
233 The following pair of rules do not constitute an inductive definition: |
|
234 \begin{trivlist} |
|
235 \item \isa{{\isadigit{0}}\ {\isasymin}\ even} |
|
236 \item \isa{n\ {\isasymnotin}\ even\ {\isasymLongrightarrow}\ Suc\ n\ {\isasymin}\ even} |
|
237 \end{trivlist} |
|
238 Showing that 4 is even using these rules requires showing that 3 is not |
|
239 even. It is far from trivial to show that this set of rules |
|
240 characterizes the even numbers. |
|
241 |
|
242 Even with its use of the function \isa{lists}, the premise of our |
|
243 introduction rule is positive: |
|
244 \begin{isabelle}% |
|
245 args\ {\isasymin}\ lists\ {\isacharparenleft}well{\isacharunderscore}formed{\isacharunderscore}gterm{\isacharprime}\ arity{\isacharparenright}% |
|
246 \end{isabelle} |
|
247 To apply the rule we construct a list \isa{args} of previously |
|
248 constructed well-formed terms. We obtain a |
|
249 new term, \isa{Apply\ f\ args}. Because \isa{lists} is monotone, |
|
250 applications of the rule remain valid as new terms are constructed. |
|
251 Further lists of well-formed |
|
252 terms become available and none are taken away.% |
|
253 \index{monotone functions!and inductive definitions|)}% |
|
254 \end{isamarkuptext}% |
|
255 \isamarkuptrue% |
|
256 % |
|
257 \isamarkupsubsection{A Proof of Equivalence% |
|
258 } |
|
259 \isamarkuptrue% |
|
260 % |
|
261 \begin{isamarkuptext}% |
|
262 We naturally hope that these two inductive definitions of ``well-formed'' |
|
263 coincide. The equality can be proved by separate inclusions in |
|
264 each direction. Each is a trivial rule induction.% |
|
265 \end{isamarkuptext}% |
|
266 \isamarkuptrue% |
216 \isacommand{lemma}\isamarkupfalse% |
267 \isacommand{lemma}\isamarkupfalse% |
217 \ {\isachardoublequoteopen}well{\isacharunderscore}formed{\isacharunderscore}gterm\ arity\ {\isasymsubseteq}\ well{\isacharunderscore}formed{\isacharunderscore}gterm{\isacharprime}\ arity{\isachardoublequoteclose}\isanewline |
268 \ {\isachardoublequoteopen}well{\isacharunderscore}formed{\isacharunderscore}gterm\ arity\ {\isasymsubseteq}\ well{\isacharunderscore}formed{\isacharunderscore}gterm{\isacharprime}\ arity{\isachardoublequoteclose}\isanewline |
218 % |
269 % |
219 \isadelimproof |
270 \isadelimproof |
220 % |
271 % |
221 \endisadelimproof |
272 \endisadelimproof |
222 % |
273 % |
223 \isatagproof |
274 \isatagproof |
224 \isacommand{apply}\isamarkupfalse% |
275 \isacommand{apply}\isamarkupfalse% |
225 \ clarify% |
276 \ clarify\isanewline |
|
277 \isacommand{apply}\isamarkupfalse% |
|
278 \ {\isacharparenleft}erule\ well{\isacharunderscore}formed{\isacharunderscore}gterm{\isachardot}induct{\isacharparenright}\isanewline |
|
279 \isacommand{apply}\isamarkupfalse% |
|
280 \ auto\isanewline |
|
281 \isacommand{done}\isamarkupfalse% |
|
282 % |
|
283 \endisatagproof |
|
284 {\isafoldproof}% |
|
285 % |
|
286 \isadelimproof |
|
287 % |
|
288 \endisadelimproof |
|
289 % |
|
290 \isadelimproof |
|
291 % |
|
292 \endisadelimproof |
|
293 % |
|
294 \isatagproof |
|
295 % |
226 \begin{isamarkuptxt}% |
296 \begin{isamarkuptxt}% |
227 The situation after clarify |
297 The \isa{clarify} method gives |
228 \begin{isabelle}% |
298 us an element of \isa{well{\isacharunderscore}formed{\isacharunderscore}gterm\ arity} on which to perform |
229 \ {\isadigit{1}}{\isachardot}\ {\isasymAnd}x{\isachardot}\ x\ {\isasymin}\ well{\isacharunderscore}formed{\isacharunderscore}gterm\ arity\ {\isasymLongrightarrow}\isanewline |
299 induction. The resulting subgoal can be proved automatically: |
230 \isaindent{\ {\isadigit{1}}{\isachardot}\ {\isasymAnd}x{\isachardot}\ }x\ {\isasymin}\ well{\isacharunderscore}formed{\isacharunderscore}gterm{\isacharprime}\ arity% |
|
231 \end{isabelle}% |
|
232 \end{isamarkuptxt}% |
|
233 \isamarkuptrue% |
|
234 \isacommand{apply}\isamarkupfalse% |
|
235 \ {\isacharparenleft}erule\ well{\isacharunderscore}formed{\isacharunderscore}gterm{\isachardot}induct{\isacharparenright}% |
|
236 \begin{isamarkuptxt}% |
|
237 note the induction hypothesis! |
|
238 \begin{isabelle}% |
300 \begin{isabelle}% |
239 \ {\isadigit{1}}{\isachardot}\ {\isasymAnd}x\ args\ f{\isachardot}\isanewline |
301 \ {\isadigit{1}}{\isachardot}\ {\isasymAnd}x\ args\ f{\isachardot}\isanewline |
240 \isaindent{\ {\isadigit{1}}{\isachardot}\ \ \ \ }{\isasymlbrakk}{\isasymforall}t{\isasymin}set\ args{\isachardot}\isanewline |
302 \isaindent{\ {\isadigit{1}}{\isachardot}\ \ \ \ }{\isasymlbrakk}{\isasymforall}t{\isasymin}set\ args{\isachardot}\isanewline |
241 \isaindent{\ {\isadigit{1}}{\isachardot}\ \ \ \ {\isasymlbrakk}\ \ \ }t\ {\isasymin}\ well{\isacharunderscore}formed{\isacharunderscore}gterm\ arity\ {\isasyminter}\isanewline |
303 \isaindent{\ {\isadigit{1}}{\isachardot}\ \ \ \ {\isasymlbrakk}\ \ \ }t\ {\isasymin}\ well{\isacharunderscore}formed{\isacharunderscore}gterm\ arity\ {\isasymand}\ t\ {\isasymin}\ well{\isacharunderscore}formed{\isacharunderscore}gterm{\isacharprime}\ arity{\isacharsemicolon}\isanewline |
242 \isaindent{\ {\isadigit{1}}{\isachardot}\ \ \ \ {\isasymlbrakk}\ \ \ t\ {\isasymin}\ }{\isacharbraceleft}x{\isachardot}\ x\ {\isasymin}\ well{\isacharunderscore}formed{\isacharunderscore}gterm{\isacharprime}\ arity{\isacharbraceright}{\isacharsemicolon}\isanewline |
|
243 \isaindent{\ {\isadigit{1}}{\isachardot}\ \ \ \ \ }length\ args\ {\isacharequal}\ arity\ f{\isasymrbrakk}\isanewline |
304 \isaindent{\ {\isadigit{1}}{\isachardot}\ \ \ \ \ }length\ args\ {\isacharequal}\ arity\ f{\isasymrbrakk}\isanewline |
244 \isaindent{\ {\isadigit{1}}{\isachardot}\ \ \ \ }{\isasymLongrightarrow}\ Apply\ f\ args\ {\isasymin}\ well{\isacharunderscore}formed{\isacharunderscore}gterm{\isacharprime}\ arity% |
305 \isaindent{\ {\isadigit{1}}{\isachardot}\ \ \ \ }{\isasymLongrightarrow}\ Apply\ f\ args\ {\isasymin}\ well{\isacharunderscore}formed{\isacharunderscore}gterm{\isacharprime}\ arity% |
245 \end{isabelle}% |
306 \end{isabelle} |
|
307 This proof resembles the one given in |
|
308 {\S}\ref{sec:gterm-datatype} above, especially in the form of the |
|
309 induction hypothesis. Next, we consider the opposite inclusion:% |
246 \end{isamarkuptxt}% |
310 \end{isamarkuptxt}% |
247 \isamarkuptrue% |
311 \isamarkuptrue% |
|
312 % |
|
313 \endisatagproof |
|
314 {\isafoldproof}% |
|
315 % |
|
316 \isadelimproof |
|
317 % |
|
318 \endisadelimproof |
|
319 \isacommand{lemma}\isamarkupfalse% |
|
320 \ {\isachardoublequoteopen}well{\isacharunderscore}formed{\isacharunderscore}gterm{\isacharprime}\ arity\ {\isasymsubseteq}\ well{\isacharunderscore}formed{\isacharunderscore}gterm\ arity{\isachardoublequoteclose}\isanewline |
|
321 % |
|
322 \isadelimproof |
|
323 % |
|
324 \endisadelimproof |
|
325 % |
|
326 \isatagproof |
|
327 \isacommand{apply}\isamarkupfalse% |
|
328 \ clarify\isanewline |
|
329 \isacommand{apply}\isamarkupfalse% |
|
330 \ {\isacharparenleft}erule\ well{\isacharunderscore}formed{\isacharunderscore}gterm{\isacharprime}{\isachardot}induct{\isacharparenright}\isanewline |
248 \isacommand{apply}\isamarkupfalse% |
331 \isacommand{apply}\isamarkupfalse% |
249 \ auto\isanewline |
332 \ auto\isanewline |
250 \isacommand{done}\isamarkupfalse% |
333 \isacommand{done}\isamarkupfalse% |
251 % |
334 % |
252 \endisatagproof |
335 \endisatagproof |
253 {\isafoldproof}% |
336 {\isafoldproof}% |
254 % |
337 % |
255 \isadelimproof |
338 \isadelimproof |
256 \isanewline |
339 % |
257 % |
340 \endisadelimproof |
258 \endisadelimproof |
341 % |
259 \isanewline |
342 \isadelimproof |
260 \isanewline |
343 % |
261 \isanewline |
344 \endisadelimproof |
262 \isacommand{lemma}\isamarkupfalse% |
345 % |
263 \ {\isachardoublequoteopen}well{\isacharunderscore}formed{\isacharunderscore}gterm{\isacharprime}\ arity\ {\isasymsubseteq}\ well{\isacharunderscore}formed{\isacharunderscore}gterm\ arity{\isachardoublequoteclose}\isanewline |
346 \isatagproof |
264 % |
347 % |
265 \isadelimproof |
|
266 % |
|
267 \endisadelimproof |
|
268 % |
|
269 \isatagproof |
|
270 \isacommand{apply}\isamarkupfalse% |
|
271 \ clarify% |
|
272 \begin{isamarkuptxt}% |
348 \begin{isamarkuptxt}% |
273 The situation after clarify |
349 The proof script is identical, but the subgoal after applying induction may |
274 \begin{isabelle}% |
350 be surprising: |
275 \ {\isadigit{1}}{\isachardot}\ {\isasymAnd}x{\isachardot}\ x\ {\isasymin}\ well{\isacharunderscore}formed{\isacharunderscore}gterm{\isacharprime}\ arity\ {\isasymLongrightarrow}\isanewline |
|
276 \isaindent{\ {\isadigit{1}}{\isachardot}\ {\isasymAnd}x{\isachardot}\ }x\ {\isasymin}\ well{\isacharunderscore}formed{\isacharunderscore}gterm\ arity% |
|
277 \end{isabelle}% |
|
278 \end{isamarkuptxt}% |
|
279 \isamarkuptrue% |
|
280 \isacommand{apply}\isamarkupfalse% |
|
281 \ {\isacharparenleft}erule\ well{\isacharunderscore}formed{\isacharunderscore}gterm{\isacharprime}{\isachardot}induct{\isacharparenright}% |
|
282 \begin{isamarkuptxt}% |
|
283 note the induction hypothesis! |
|
284 \begin{isabelle}% |
351 \begin{isabelle}% |
285 \ {\isadigit{1}}{\isachardot}\ {\isasymAnd}x\ args\ f{\isachardot}\isanewline |
352 \ {\isadigit{1}}{\isachardot}\ {\isasymAnd}x\ args\ f{\isachardot}\isanewline |
286 \isaindent{\ {\isadigit{1}}{\isachardot}\ \ \ \ }{\isasymlbrakk}args\isanewline |
353 \isaindent{\ {\isadigit{1}}{\isachardot}\ \ \ \ }{\isasymlbrakk}args\isanewline |
287 \isaindent{\ {\isadigit{1}}{\isachardot}\ \ \ \ {\isasymlbrakk}}{\isasymin}\ lists\isanewline |
354 \isaindent{\ {\isadigit{1}}{\isachardot}\ \ \ \ {\isasymlbrakk}}{\isasymin}\ lists\isanewline |
288 \isaindent{\ {\isadigit{1}}{\isachardot}\ \ \ \ {\isasymlbrakk}{\isasymin}\ \ }{\isacharparenleft}well{\isacharunderscore}formed{\isacharunderscore}gterm{\isacharprime}\ arity\ {\isasyminter}\isanewline |
355 \isaindent{\ {\isadigit{1}}{\isachardot}\ \ \ \ {\isasymlbrakk}{\isasymin}\ \ }{\isacharparenleft}well{\isacharunderscore}formed{\isacharunderscore}gterm{\isacharprime}\ arity\ {\isasyminter}\isanewline |
289 \isaindent{\ {\isadigit{1}}{\isachardot}\ \ \ \ {\isasymlbrakk}{\isasymin}\ \ {\isacharparenleft}}{\isacharbraceleft}a{\isachardot}\ a\ {\isasymin}\ well{\isacharunderscore}formed{\isacharunderscore}gterm\ arity{\isacharbraceright}{\isacharparenright}{\isacharsemicolon}\isanewline |
356 \isaindent{\ {\isadigit{1}}{\isachardot}\ \ \ \ {\isasymlbrakk}{\isasymin}\ \ {\isacharparenleft}}{\isacharbraceleft}a{\isachardot}\ a\ {\isasymin}\ well{\isacharunderscore}formed{\isacharunderscore}gterm\ arity{\isacharbraceright}{\isacharparenright}{\isacharsemicolon}\isanewline |
290 \isaindent{\ {\isadigit{1}}{\isachardot}\ \ \ \ \ }length\ args\ {\isacharequal}\ arity\ f{\isasymrbrakk}\isanewline |
357 \isaindent{\ {\isadigit{1}}{\isachardot}\ \ \ \ \ }length\ args\ {\isacharequal}\ arity\ f{\isasymrbrakk}\isanewline |
291 \isaindent{\ {\isadigit{1}}{\isachardot}\ \ \ \ }{\isasymLongrightarrow}\ Apply\ f\ args\ {\isasymin}\ well{\isacharunderscore}formed{\isacharunderscore}gterm\ arity% |
358 \isaindent{\ {\isadigit{1}}{\isachardot}\ \ \ \ }{\isasymLongrightarrow}\ Apply\ f\ args\ {\isasymin}\ well{\isacharunderscore}formed{\isacharunderscore}gterm\ arity% |
|
359 \end{isabelle} |
|
360 The induction hypothesis contains an application of \isa{lists}. Using a |
|
361 monotone function in the inductive definition always has this effect. The |
|
362 subgoal may look uninviting, but fortunately |
|
363 \isa{lists} distributes over intersection: |
|
364 \begin{isabelle}% |
|
365 lists\ {\isacharparenleft}A\ {\isasyminter}\ B{\isacharparenright}\ {\isacharequal}\ lists\ A\ {\isasyminter}\ lists\ B\rulename{lists{\isacharunderscore}Int{\isacharunderscore}eq}% |
|
366 \end{isabelle} |
|
367 Thanks to this default simplification rule, the induction hypothesis |
|
368 is quickly replaced by its two parts: |
|
369 \begin{trivlist} |
|
370 \item \isa{args\ {\isasymin}\ lists\ {\isacharparenleft}well{\isacharunderscore}formed{\isacharunderscore}gterm{\isacharprime}\ arity{\isacharparenright}} |
|
371 \item \isa{args\ {\isasymin}\ lists\ {\isacharparenleft}well{\isacharunderscore}formed{\isacharunderscore}gterm\ arity{\isacharparenright}} |
|
372 \end{trivlist} |
|
373 Invoking the rule \isa{well{\isacharunderscore}formed{\isacharunderscore}gterm{\isachardot}step} completes the proof. The |
|
374 call to \isa{auto} does all this work. |
|
375 |
|
376 This example is typical of how monotone functions |
|
377 \index{monotone functions} can be used. In particular, many of them |
|
378 distribute over intersection. Monotonicity implies one direction of |
|
379 this set equality; we have this theorem: |
|
380 \begin{isabelle}% |
|
381 mono\ f\ {\isasymLongrightarrow}\ f\ {\isacharparenleft}A\ {\isasyminter}\ B{\isacharparenright}\ {\isasymsubseteq}\ f\ A\ {\isasyminter}\ f\ B\rulename{mono{\isacharunderscore}Int}% |
292 \end{isabelle}% |
382 \end{isabelle}% |
293 \end{isamarkuptxt}% |
383 \end{isamarkuptxt}% |
294 \isamarkuptrue% |
384 \isamarkuptrue% |
295 \isacommand{apply}\isamarkupfalse% |
385 % |
296 \ auto\isanewline |
386 \endisatagproof |
|
387 {\isafoldproof}% |
|
388 % |
|
389 \isadelimproof |
|
390 % |
|
391 \endisadelimproof |
|
392 % |
|
393 \isamarkupsubsection{Another Example of Rule Inversion% |
|
394 } |
|
395 \isamarkuptrue% |
|
396 % |
|
397 \begin{isamarkuptext}% |
|
398 \index{rule inversion|(}% |
|
399 Does \isa{gterms} distribute over intersection? We have proved that this |
|
400 function is monotone, so \isa{mono{\isacharunderscore}Int} gives one of the inclusions. The |
|
401 opposite inclusion asserts that if \isa{t} is a ground term over both of the |
|
402 sets |
|
403 \isa{F} and~\isa{G} then it is also a ground term over their intersection, |
|
404 \isa{F\ {\isasyminter}\ G}.% |
|
405 \end{isamarkuptext}% |
|
406 \isamarkuptrue% |
|
407 \isacommand{lemma}\isamarkupfalse% |
|
408 \ gterms{\isacharunderscore}IntI{\isacharcolon}\isanewline |
|
409 \ \ \ \ \ {\isachardoublequoteopen}t\ {\isasymin}\ gterms\ F\ {\isasymLongrightarrow}\ t\ {\isasymin}\ gterms\ G\ {\isasymlongrightarrow}\ t\ {\isasymin}\ gterms\ {\isacharparenleft}F{\isasyminter}G{\isacharparenright}{\isachardoublequoteclose}% |
|
410 \isadelimproof |
|
411 % |
|
412 \endisadelimproof |
|
413 % |
|
414 \isatagproof |
|
415 % |
|
416 \endisatagproof |
|
417 {\isafoldproof}% |
|
418 % |
|
419 \isadelimproof |
|
420 % |
|
421 \endisadelimproof |
|
422 % |
|
423 \begin{isamarkuptext}% |
|
424 Attempting this proof, we get the assumption |
|
425 \isa{Apply\ f\ args\ {\isasymin}\ gterms\ G}, which cannot be broken down. |
|
426 It looks like a job for rule inversion:\cmmdx{inductive\protect\_cases}% |
|
427 \end{isamarkuptext}% |
|
428 \isamarkuptrue% |
|
429 \isacommand{inductive{\isacharunderscore}cases}\isamarkupfalse% |
|
430 \ gterm{\isacharunderscore}Apply{\isacharunderscore}elim\ {\isacharbrackleft}elim{\isacharbang}{\isacharbrackright}{\isacharcolon}\ {\isachardoublequoteopen}Apply\ f\ args\ {\isasymin}\ gterms\ F{\isachardoublequoteclose}% |
|
431 \begin{isamarkuptext}% |
|
432 Here is the result. |
|
433 \begin{isabelle}% |
|
434 {\isasymlbrakk}Apply\ f\ args\ {\isasymin}\ gterms\ F{\isacharsemicolon}\isanewline |
|
435 \isaindent{\ }{\isasymlbrakk}{\isasymforall}t{\isasymin}set\ args{\isachardot}\ t\ {\isasymin}\ gterms\ F{\isacharsemicolon}\ f\ {\isasymin}\ F{\isasymrbrakk}\ {\isasymLongrightarrow}\ P{\isasymrbrakk}\isanewline |
|
436 {\isasymLongrightarrow}\ P\rulename{gterm{\isacharunderscore}Apply{\isacharunderscore}elim}% |
|
437 \end{isabelle} |
|
438 This rule replaces an assumption about \isa{Apply\ f\ args} by |
|
439 assumptions about \isa{f} and~\isa{args}. |
|
440 No cases are discarded (there was only one to begin |
|
441 with) but the rule applies specifically to the pattern \isa{Apply\ f\ args}. |
|
442 It can be applied repeatedly as an elimination rule without looping, so we |
|
443 have given the \isa{elim{\isacharbang}} attribute. |
|
444 |
|
445 Now we can prove the other half of that distributive law.% |
|
446 \end{isamarkuptext}% |
|
447 \isamarkuptrue% |
|
448 \isacommand{lemma}\isamarkupfalse% |
|
449 \ gterms{\isacharunderscore}IntI\ {\isacharbrackleft}rule{\isacharunderscore}format{\isacharcomma}\ intro{\isacharbang}{\isacharbrackright}{\isacharcolon}\isanewline |
|
450 \ \ \ \ \ {\isachardoublequoteopen}t\ {\isasymin}\ gterms\ F\ {\isasymLongrightarrow}\ t\ {\isasymin}\ gterms\ G\ {\isasymlongrightarrow}\ t\ {\isasymin}\ gterms\ {\isacharparenleft}F{\isasyminter}G{\isacharparenright}{\isachardoublequoteclose}\isanewline |
|
451 % |
|
452 \isadelimproof |
|
453 % |
|
454 \endisadelimproof |
|
455 % |
|
456 \isatagproof |
|
457 \isacommand{apply}\isamarkupfalse% |
|
458 \ {\isacharparenleft}erule\ gterms{\isachardot}induct{\isacharparenright}\isanewline |
|
459 \isacommand{apply}\isamarkupfalse% |
|
460 \ blast\isanewline |
297 \isacommand{done}\isamarkupfalse% |
461 \isacommand{done}\isamarkupfalse% |
298 % |
462 % |
299 \endisatagproof |
463 \endisatagproof |
300 {\isafoldproof}% |
464 {\isafoldproof}% |
301 % |
465 % |
302 \isadelimproof |
466 \isadelimproof |
303 % |
467 % |
304 \endisadelimproof |
468 \endisadelimproof |
305 % |
469 % |
306 \begin{isamarkuptext}% |
470 \isadelimproof |
307 \begin{isabelle}% |
471 % |
308 \ \ \ \ \ lists\ {\isacharparenleft}A\ {\isasyminter}\ B{\isacharparenright}\ {\isacharequal}\ lists\ A\ {\isasyminter}\ lists\ B% |
472 \endisadelimproof |
309 \end{isabelle}% |
473 % |
310 \end{isamarkuptext}% |
474 \isatagproof |
311 \isamarkuptrue% |
475 % |
312 % |
476 \begin{isamarkuptxt}% |
313 \begin{isamarkuptext}% |
477 The proof begins with rule induction over the definition of |
314 the rest isn't used: too complicated. OK for an exercise though.% |
478 \isa{gterms}, which leaves a single subgoal: |
315 \end{isamarkuptext}% |
479 \begin{isabelle}% |
316 \isamarkuptrue% |
480 \ {\isadigit{1}}{\isachardot}\ {\isasymAnd}args\ f{\isachardot}\isanewline |
317 \isacommand{inductive{\isacharunderscore}set}\isamarkupfalse% |
481 \isaindent{\ {\isadigit{1}}{\isachardot}\ \ \ \ }{\isasymlbrakk}{\isasymforall}t{\isasymin}set\ args{\isachardot}\isanewline |
318 \isanewline |
482 \isaindent{\ {\isadigit{1}}{\isachardot}\ \ \ \ {\isasymlbrakk}\ \ \ }t\ {\isasymin}\ gterms\ F\ {\isasymand}\ {\isacharparenleft}t\ {\isasymin}\ gterms\ G\ {\isasymlongrightarrow}\ t\ {\isasymin}\ gterms\ {\isacharparenleft}F\ {\isasyminter}\ G{\isacharparenright}{\isacharparenright}{\isacharsemicolon}\isanewline |
319 \ \ integer{\isacharunderscore}signature\ {\isacharcolon}{\isacharcolon}\ {\isachardoublequoteopen}{\isacharparenleft}integer{\isacharunderscore}op\ {\isacharasterisk}\ {\isacharparenleft}unit\ list\ {\isacharasterisk}\ unit{\isacharparenright}{\isacharparenright}\ set{\isachardoublequoteclose}\isanewline |
483 \isaindent{\ {\isadigit{1}}{\isachardot}\ \ \ \ \ }f\ {\isasymin}\ F{\isasymrbrakk}\isanewline |
320 \isakeyword{where}\isanewline |
484 \isaindent{\ {\isadigit{1}}{\isachardot}\ \ \ \ }{\isasymLongrightarrow}\ Apply\ f\ args\ {\isasymin}\ gterms\ G\ {\isasymlongrightarrow}\isanewline |
321 \ \ Number{\isacharcolon}\ \ \ \ \ {\isachardoublequoteopen}{\isacharparenleft}Number\ n{\isacharcomma}\ \ \ {\isacharparenleft}{\isacharbrackleft}{\isacharbrackright}{\isacharcomma}\ {\isacharparenleft}{\isacharparenright}{\isacharparenright}{\isacharparenright}\ {\isasymin}\ integer{\isacharunderscore}signature{\isachardoublequoteclose}\isanewline |
485 \isaindent{\ {\isadigit{1}}{\isachardot}\ \ \ \ {\isasymLongrightarrow}\ }Apply\ f\ args\ {\isasymin}\ gterms\ {\isacharparenleft}F\ {\isasyminter}\ G{\isacharparenright}% |
322 {\isacharbar}\ UnaryMinus{\isacharcolon}\ {\isachardoublequoteopen}{\isacharparenleft}UnaryMinus{\isacharcomma}\ {\isacharparenleft}{\isacharbrackleft}{\isacharparenleft}{\isacharparenright}{\isacharbrackright}{\isacharcomma}\ {\isacharparenleft}{\isacharparenright}{\isacharparenright}{\isacharparenright}\ {\isasymin}\ integer{\isacharunderscore}signature{\isachardoublequoteclose}\isanewline |
486 \end{isabelle} |
323 {\isacharbar}\ Plus{\isacharcolon}\ \ \ \ \ \ \ {\isachardoublequoteopen}{\isacharparenleft}Plus{\isacharcomma}\ \ \ \ \ \ \ {\isacharparenleft}{\isacharbrackleft}{\isacharparenleft}{\isacharparenright}{\isacharcomma}{\isacharparenleft}{\isacharparenright}{\isacharbrackright}{\isacharcomma}\ {\isacharparenleft}{\isacharparenright}{\isacharparenright}{\isacharparenright}\ {\isasymin}\ integer{\isacharunderscore}signature{\isachardoublequoteclose}\isanewline |
487 To prove this, we assume \isa{Apply\ f\ args\ {\isasymin}\ gterms\ G}. Rule inversion, |
324 \isanewline |
488 in the form of \isa{gterm{\isacharunderscore}Apply{\isacharunderscore}elim}, infers |
325 \isanewline |
489 that every element of \isa{args} belongs to |
|
490 \isa{gterms\ G}; hence (by the induction hypothesis) it belongs |
|
491 to \isa{gterms\ {\isacharparenleft}F\ {\isasyminter}\ G{\isacharparenright}}. Rule inversion also yields |
|
492 \isa{f\ {\isasymin}\ G} and hence \isa{f\ {\isasymin}\ F\ {\isasyminter}\ G}. |
|
493 All of this reasoning is done by \isa{blast}. |
|
494 |
|
495 \smallskip |
|
496 Our distributive law is a trivial consequence of previously-proved results:% |
|
497 \end{isamarkuptxt}% |
|
498 \isamarkuptrue% |
|
499 % |
|
500 \endisatagproof |
|
501 {\isafoldproof}% |
|
502 % |
|
503 \isadelimproof |
|
504 % |
|
505 \endisadelimproof |
|
506 \isacommand{lemma}\isamarkupfalse% |
|
507 \ gterms{\isacharunderscore}Int{\isacharunderscore}eq\ {\isacharbrackleft}simp{\isacharbrackright}{\isacharcolon}\isanewline |
|
508 \ \ \ \ \ {\isachardoublequoteopen}gterms\ {\isacharparenleft}F\ {\isasyminter}\ G{\isacharparenright}\ {\isacharequal}\ gterms\ F\ {\isasyminter}\ gterms\ G{\isachardoublequoteclose}\isanewline |
|
509 % |
|
510 \isadelimproof |
|
511 % |
|
512 \endisadelimproof |
|
513 % |
|
514 \isatagproof |
|
515 \isacommand{by}\isamarkupfalse% |
|
516 \ {\isacharparenleft}blast\ intro{\isacharbang}{\isacharcolon}\ mono{\isacharunderscore}Int\ monoI\ gterms{\isacharunderscore}mono{\isacharparenright}% |
|
517 \endisatagproof |
|
518 {\isafoldproof}% |
|
519 % |
|
520 \isadelimproof |
|
521 % |
|
522 \endisadelimproof |
|
523 % |
|
524 \index{rule inversion|)}% |
|
525 \index{ground terms example|)} |
|
526 |
|
527 |
|
528 \begin{isamarkuptext} |
|
529 \begin{exercise} |
|
530 A function mapping function symbols to their |
|
531 types is called a \textbf{signature}. Given a type |
|
532 ranging over type symbols, we can represent a function's type by a |
|
533 list of argument types paired with the result type. |
|
534 Complete this inductive definition: |
|
535 \begin{isabelle} |
326 \isacommand{inductive{\isacharunderscore}set}\isamarkupfalse% |
536 \isacommand{inductive{\isacharunderscore}set}\isamarkupfalse% |
327 \isanewline |
537 \isanewline |
328 \ \ well{\isacharunderscore}typed{\isacharunderscore}gterm\ {\isacharcolon}{\isacharcolon}\ {\isachardoublequoteopen}{\isacharparenleft}{\isacharprime}f\ {\isasymRightarrow}\ {\isacharprime}t\ list\ {\isacharasterisk}\ {\isacharprime}t{\isacharparenright}\ {\isasymRightarrow}\ {\isacharparenleft}{\isacharprime}f\ gterm\ {\isacharasterisk}\ {\isacharprime}t{\isacharparenright}set{\isachardoublequoteclose}\isanewline |
538 \ \ well{\isacharunderscore}typed{\isacharunderscore}gterm\ {\isacharcolon}{\isacharcolon}\ {\isachardoublequoteopen}{\isacharparenleft}{\isacharprime}f\ {\isasymRightarrow}\ {\isacharprime}t\ list\ {\isacharasterisk}\ {\isacharprime}t{\isacharparenright}\ {\isasymRightarrow}\ {\isacharparenleft}{\isacharprime}f\ gterm\ {\isacharasterisk}\ {\isacharprime}t{\isacharparenright}set{\isachardoublequoteclose}\isanewline |
329 \ \ \isakeyword{for}\ sig\ {\isacharcolon}{\isacharcolon}\ {\isachardoublequoteopen}{\isacharprime}f\ {\isasymRightarrow}\ {\isacharprime}t\ list\ {\isacharasterisk}\ {\isacharprime}t{\isachardoublequoteclose}\isanewline |
539 \ \ \isakeyword{for}\ sig\ {\isacharcolon}{\isacharcolon}\ {\isachardoublequoteopen}{\isacharprime}f\ {\isasymRightarrow}\ {\isacharprime}t\ list\ {\isacharasterisk}\ {\isacharprime}t{\isachardoublequoteclose}% |
330 \isakeyword{where}\isanewline |
540 \end{isabelle} |
331 step{\isacharbrackleft}intro{\isacharbang}{\isacharbrackright}{\isacharcolon}\ \isanewline |
541 \end{exercise} |
332 \ \ \ \ {\isachardoublequoteopen}{\isasymlbrakk}{\isasymforall}pair\ {\isasymin}\ set\ args{\isachardot}\ pair\ {\isasymin}\ well{\isacharunderscore}typed{\isacharunderscore}gterm\ sig{\isacharsemicolon}\ \isanewline |
542 \end{isamarkuptext} |
333 \ \ \ \ \ \ sig\ f\ {\isacharequal}\ {\isacharparenleft}map\ snd\ args{\isacharcomma}\ rtype{\isacharparenright}{\isasymrbrakk}\isanewline |
543 % |
334 \ \ \ \ \ {\isasymLongrightarrow}\ {\isacharparenleft}Apply\ f\ {\isacharparenleft}map\ fst\ args{\isacharparenright}{\isacharcomma}\ rtype{\isacharparenright}\ \isanewline |
544 \isadelimproof |
335 \ \ \ \ \ \ \ \ \ {\isasymin}\ well{\isacharunderscore}typed{\isacharunderscore}gterm\ sig{\isachardoublequoteclose}\isanewline |
545 % |
336 \isanewline |
546 \endisadelimproof |
337 \isacommand{inductive{\isacharunderscore}set}\isamarkupfalse% |
547 % |
338 \isanewline |
548 \isatagproof |
339 \ \ well{\isacharunderscore}typed{\isacharunderscore}gterm{\isacharprime}\ {\isacharcolon}{\isacharcolon}\ {\isachardoublequoteopen}{\isacharparenleft}{\isacharprime}f\ {\isasymRightarrow}\ {\isacharprime}t\ list\ {\isacharasterisk}\ {\isacharprime}t{\isacharparenright}\ {\isasymRightarrow}\ {\isacharparenleft}{\isacharprime}f\ gterm\ {\isacharasterisk}\ {\isacharprime}t{\isacharparenright}set{\isachardoublequoteclose}\isanewline |
549 % |
340 \ \ \isakeyword{for}\ sig\ {\isacharcolon}{\isacharcolon}\ {\isachardoublequoteopen}{\isacharprime}f\ {\isasymRightarrow}\ {\isacharprime}t\ list\ {\isacharasterisk}\ {\isacharprime}t{\isachardoublequoteclose}\isanewline |
550 \endisatagproof |
341 \isakeyword{where}\isanewline |
551 {\isafoldproof}% |
342 step{\isacharbrackleft}intro{\isacharbang}{\isacharbrackright}{\isacharcolon}\ \isanewline |
552 % |
343 \ \ \ \ {\isachardoublequoteopen}{\isasymlbrakk}args\ {\isasymin}\ lists{\isacharparenleft}well{\isacharunderscore}typed{\isacharunderscore}gterm{\isacharprime}\ sig{\isacharparenright}{\isacharsemicolon}\ \isanewline |
553 \isadelimproof |
344 \ \ \ \ \ \ sig\ f\ {\isacharequal}\ {\isacharparenleft}map\ snd\ args{\isacharcomma}\ rtype{\isacharparenright}{\isasymrbrakk}\isanewline |
554 % |
345 \ \ \ \ \ {\isasymLongrightarrow}\ {\isacharparenleft}Apply\ f\ {\isacharparenleft}map\ fst\ args{\isacharparenright}{\isacharcomma}\ rtype{\isacharparenright}\ \isanewline |
555 \endisadelimproof |
346 \ \ \ \ \ \ \ \ \ {\isasymin}\ well{\isacharunderscore}typed{\isacharunderscore}gterm{\isacharprime}\ sig{\isachardoublequoteclose}\isanewline |
556 % |
347 \isakeyword{monos}\ lists{\isacharunderscore}mono\isanewline |
557 \isadelimproof |
348 \isanewline |
558 % |
349 \isanewline |
559 \endisadelimproof |
350 \isacommand{lemma}\isamarkupfalse% |
560 % |
351 \ {\isachardoublequoteopen}well{\isacharunderscore}typed{\isacharunderscore}gterm\ sig\ {\isasymsubseteq}\ well{\isacharunderscore}typed{\isacharunderscore}gterm{\isacharprime}\ sig{\isachardoublequoteclose}\isanewline |
561 \isatagproof |
352 % |
562 % |
353 \isadelimproof |
563 \endisatagproof |
354 % |
564 {\isafoldproof}% |
355 \endisadelimproof |
565 % |
356 % |
566 \isadelimproof |
357 \isatagproof |
567 % |
358 \isacommand{apply}\isamarkupfalse% |
568 \endisadelimproof |
359 \ clarify\isanewline |
|
360 \isacommand{apply}\isamarkupfalse% |
|
361 \ {\isacharparenleft}erule\ well{\isacharunderscore}typed{\isacharunderscore}gterm{\isachardot}induct{\isacharparenright}\isanewline |
|
362 \isacommand{apply}\isamarkupfalse% |
|
363 \ auto\isanewline |
|
364 \isacommand{done}\isamarkupfalse% |
|
365 % |
|
366 \endisatagproof |
|
367 {\isafoldproof}% |
|
368 % |
|
369 \isadelimproof |
|
370 \isanewline |
|
371 % |
|
372 \endisadelimproof |
|
373 \isanewline |
|
374 \isacommand{lemma}\isamarkupfalse% |
|
375 \ {\isachardoublequoteopen}well{\isacharunderscore}typed{\isacharunderscore}gterm{\isacharprime}\ sig\ {\isasymsubseteq}\ well{\isacharunderscore}typed{\isacharunderscore}gterm\ sig{\isachardoublequoteclose}\isanewline |
|
376 % |
|
377 \isadelimproof |
|
378 % |
|
379 \endisadelimproof |
|
380 % |
|
381 \isatagproof |
|
382 \isacommand{apply}\isamarkupfalse% |
|
383 \ clarify\isanewline |
|
384 \isacommand{apply}\isamarkupfalse% |
|
385 \ {\isacharparenleft}erule\ well{\isacharunderscore}typed{\isacharunderscore}gterm{\isacharprime}{\isachardot}induct{\isacharparenright}\isanewline |
|
386 \isacommand{apply}\isamarkupfalse% |
|
387 \ auto\isanewline |
|
388 \isacommand{done}\isamarkupfalse% |
|
389 % |
|
390 \endisatagproof |
|
391 {\isafoldproof}% |
|
392 % |
|
393 \isadelimproof |
|
394 \isanewline |
|
395 % |
|
396 \endisadelimproof |
|
397 \isanewline |
|
398 % |
569 % |
399 \isadelimtheory |
570 \isadelimtheory |
400 \isanewline |
|
401 % |
571 % |
402 \endisadelimtheory |
572 \endisadelimtheory |
403 % |
573 % |
404 \isatagtheory |
574 \isatagtheory |
405 \isacommand{end}\isamarkupfalse% |
|
406 % |
575 % |
407 \endisatagtheory |
576 \endisatagtheory |
408 {\isafoldtheory}% |
577 {\isafoldtheory}% |
409 % |
578 % |
410 \isadelimtheory |
579 \isadelimtheory |
411 \isanewline |
|
412 % |
580 % |
413 \endisadelimtheory |
581 \endisadelimtheory |
414 \isanewline |
|
415 \end{isabellebody}% |
582 \end{isabellebody}% |
416 %%% Local Variables: |
583 %%% Local Variables: |
417 %%% mode: latex |
584 %%% mode: latex |
418 %%% TeX-master: "root" |
585 %%% TeX-master: "root" |
419 %%% End: |
586 %%% End: |