isabelle: comparison src/HOL/Proofs/Extraction/Pigeonhole.thy

equal deleted inserted replaced

-:65a9eb946ff2
+:d10eab0672f9
 theory Pigeonhole
 imports Util "~~/src/HOL/Library/Code_Target_Numeral"
 begin
 text \<open>
 We formalize two proofs of the pigeonhole principle, which lead
 to extracted programs of quite different complexity. The original
 formalization of these proofs in {\sc Nuprl} is due to
 Aleksey Nogin @{cite "Nogin-ENTCS-2000"}.
 This proof yields a polynomial program.
 \<close>
 theorem pigeonhole:
 "\<And>f. (\<And>i. i \<le> Suc n \<Longrightarrow> f i \<le> n) \<Longrightarrow> \<exists>i j. i \<le> Suc n \<and> j < i \<and> f i = f j"
 proof (induct n)
 case 0
-hence "Suc 0 \<le> Suc 0 \<and> 0 < Suc 0 \<and> f (Suc 0) = f 0" by simp
+then have "Suc 0 \<le> Suc 0 \<and> 0 < Suc 0 \<and> f (Suc 0) = f 0" by simp
-thus ?case by iprover
+then show ?case by iprover
 next
 case (Suc n)
-{
+have r:
-fix k
+"k \<le> Suc (Suc n) \<Longrightarrow>
-have
+(\<And>i j. Suc k \<le> i \<Longrightarrow> i \<le> Suc (Suc n) \<Longrightarrow> j < i \<Longrightarrow> f i \<noteq> f j) \<Longrightarrow>
-"k \<le> Suc (Suc n) \<Longrightarrow>
+(\<exists>i j. i \<le> k \<and> j < i \<and> f i = f j)" for k
-(\<And>i j. Suc k \<le> i \<Longrightarrow> i \<le> Suc (Suc n) \<Longrightarrow> j < i \<Longrightarrow> f i \<noteq> f j) \<Longrightarrow>
+proof (induct k)
-(\<exists>i j. i \<le> k \<and> j < i \<and> f i = f j)"
+case 0
-proof (induct k)
+let ?f = "\<lambda>i. if f i = Suc n then f (Suc (Suc n)) else f i"
-case 0
+have "\<not> (\<exists>i j. i \<le> Suc n \<and> j < i \<and> ?f i = ?f j)"
-let ?f = "\<lambda>i. if f i = Suc n then f (Suc (Suc n)) else f i"
+proof
-have "\<not> (\<exists>i j. i \<le> Suc n \<and> j < i \<and> ?f i = ?f j)"
+assume "\<exists>i j. i \<le> Suc n \<and> j < i \<and> ?f i = ?f j"
-proof
+then obtain i j where i: "i \<le> Suc n" and j: "j < i" and f: "?f i = ?f j"
-assume "\<exists>i j. i \<le> Suc n \<and> j < i \<and> ?f i = ?f j"
+by iprover
-then obtain i j where i: "i \<le> Suc n" and j: "j < i"
+from j have i_nz: "Suc 0 \<le> i" by simp
-and f: "?f i = ?f j" by iprover
+from i have iSSn: "i \<le> Suc (Suc n)" by simp
-from j have i_nz: "Suc 0 \<le> i" by simp
+have S0SSn: "Suc 0 \<le> Suc (Suc n)" by simp
-from i have iSSn: "i \<le> Suc (Suc n)" by simp
+show False
-have S0SSn: "Suc 0 \<le> Suc (Suc n)" by simp
+proof cases
+assume fi: "f i = Suc n"
 show False
 proof cases
-assume fi: "f i = Suc n"
+assume fj: "f j = Suc n"
-show False
+from i_nz and iSSn and j have "f i \<noteq> f j" by (rule 0)
-proof cases
+moreover from fi have "f i = f j"
-assume fj: "f j = Suc n"
+by (simp add: fj [symmetric])
-from i_nz and iSSn and j have "f i \<noteq> f j" by (rule 0)
+ultimately show ?thesis ..
-moreover from fi have "f i = f j"
+next
-by (simp add: fj [symmetric])
+from i and j have "j < Suc (Suc n)" by simp
-ultimately show ?thesis ..
+with S0SSn and le_refl have "f (Suc (Suc n)) \<noteq> f j"
-next
+by (rule 0)
-from i and j have "j < Suc (Suc n)" by simp
+moreover assume "f j \<noteq> Suc n"
-with S0SSn and le_refl have "f (Suc (Suc n)) \<noteq> f j"
+with fi and f have "f (Suc (Suc n)) = f j" by simp
-by (rule 0)
+ultimately show False ..
-moreover assume "f j \<noteq> Suc n"
+qed
-with fi and f have "f (Suc (Suc n)) = f j" by simp
+next
-ultimately show False ..
+assume fi: "f i \<noteq> Suc n"
+show False
+proof cases
+from i have "i < Suc (Suc n)" by simp
+with S0SSn and le_refl have "f (Suc (Suc n)) \<noteq> f i"
+by (rule 0)
+moreover assume "f j = Suc n"
+with fi and f have "f (Suc (Suc n)) = f i" by simp
+ultimately show False ..
+next
+from i_nz and iSSn and j
+have "f i \<noteq> f j" by (rule 0)
+moreover assume "f j \<noteq> Suc n"
+with fi and f have "f i = f j" by simp
+ultimately show False ..
+qed
+qed
+qed
+moreover have "?f i \<le> n" if "i \<le> Suc n" for i
+proof -
+from that have i: "i < Suc (Suc n)" by simp
+have "f (Suc (Suc n)) \<noteq> f i"
+by (rule 0) (simp_all add: i)
+moreover have "f (Suc (Suc n)) \<le> Suc n"
+by (rule Suc) simp
+moreover from i have "i \<le> Suc (Suc n)" by simp
+then have "f i \<le> Suc n" by (rule Suc)
+ultimately show ?thesis
+by simp
+qed
+then have "\<exists>i j. i \<le> Suc n \<and> j < i \<and> ?f i = ?f j"
+by (rule Suc)
+ultimately show ?case ..
+next
+case (Suc k)
+from search [OF nat_eq_dec] show ?case
+proof
+assume "\<exists>j<Suc k. f (Suc k) = f j"
+then show ?case by (iprover intro: le_refl)
+next
+assume nex: "\<not> (\<exists>j<Suc k. f (Suc k) = f j)"
+have "\<exists>i j. i \<le> k \<and> j < i \<and> f i = f j"
+proof (rule Suc)
+from Suc show "k \<le> Suc (Suc n)" by simp
+fix i j assume k: "Suc k \<le> i" and i: "i \<le> Suc (Suc n)"
+and j: "j < i"
+show "f i \<noteq> f j"
+proof cases
+assume eq: "i = Suc k"
+show ?thesis
+proof
+assume "f i = f j"
+then have "f (Suc k) = f j" by (simp add: eq)
+with nex and j and eq show False by iprover
 qed
 next
-assume fi: "f i \<noteq> Suc n"
+assume "i \<noteq> Suc k"
-show False
+with k have "Suc (Suc k) \<le> i" by simp
-proof cases
+then show ?thesis using i and j by (rule Suc)
-from i have "i < Suc (Suc n)" by simp
-with S0SSn and le_refl have "f (Suc (Suc n)) \<noteq> f i"
-by (rule 0)
-moreover assume "f j = Suc n"
-with fi and f have "f (Suc (Suc n)) = f i" by simp
-ultimately show False ..
-next
-from i_nz and iSSn and j
-have "f i \<noteq> f j" by (rule 0)
-moreover assume "f j \<noteq> Suc n"
-with fi and f have "f i = f j" by simp
-ultimately show False ..
-qed
 qed
 qed
-moreover have "\<And>i. i \<le> Suc n \<Longrightarrow> ?f i \<le> n"
+then show ?thesis by (iprover intro: le_SucI)
-proof -
+qed
-fix i assume "i \<le> Suc n"
+qed
-hence i: "i < Suc (Suc n)" by simp
-have "f (Suc (Suc n)) \<noteq> f i"
-by (rule 0) (simp_all add: i)
-moreover have "f (Suc (Suc n)) \<le> Suc n"
-by (rule Suc) simp
-moreover from i have "i \<le> Suc (Suc n)" by simp
-hence "f i \<le> Suc n" by (rule Suc)
-ultimately show "?thesis i"
-by simp
-qed
-hence "\<exists>i j. i \<le> Suc n \<and> j < i \<and> ?f i = ?f j"
-by (rule Suc)
-ultimately show ?case ..
-next
-case (Suc k)
-from search [OF nat_eq_dec] show ?case
-proof
-assume "\<exists>j<Suc k. f (Suc k) = f j"
-thus ?case by (iprover intro: le_refl)
-next
-assume nex: "\<not> (\<exists>j<Suc k. f (Suc k) = f j)"
-have "\<exists>i j. i \<le> k \<and> j < i \<and> f i = f j"
-proof (rule Suc)
-from Suc show "k \<le> Suc (Suc n)" by simp
-fix i j assume k: "Suc k \<le> i" and i: "i \<le> Suc (Suc n)"
-and j: "j < i"
-show "f i \<noteq> f j"
-proof cases
-assume eq: "i = Suc k"
-show ?thesis
-proof
-assume "f i = f j"
-hence "f (Suc k) = f j" by (simp add: eq)
-with nex and j and eq show False by iprover
-qed
-next
-assume "i \<noteq> Suc k"
-with k have "Suc (Suc k) \<le> i" by simp
-thus ?thesis using i and j by (rule Suc)
-qed
-qed
-thus ?thesis by (iprover intro: le_SucI)
-qed
-qed
-}
-note r = this
 show ?case by (rule r) simp_all
 qed
 text \<open>
 The following proof, although quite elegant from a mathematical point of view,
 leads to an exponential program:
 \<close>
 theorem pigeonhole_slow:
 "\<And>f. (\<And>i. i \<le> Suc n \<Longrightarrow> f i \<le> n) \<Longrightarrow> \<exists>i j. i \<le> Suc n \<and> j < i \<and> f i = f j"
 proof (induct n)
 next
 case (Suc n)
 from search [OF nat_eq_dec] show ?case
 proof
 assume "\<exists>j < Suc (Suc n). f (Suc (Suc n)) = f j"
-thus ?case by (iprover intro: le_refl)
+then show ?case by (iprover intro: le_refl)
 next
 assume "\<not> (\<exists>j < Suc (Suc n). f (Suc (Suc n)) = f j)"
-hence nex: "\<forall>j < Suc (Suc n). f (Suc (Suc n)) \<noteq> f j" by iprover
+then have nex: "\<forall>j < Suc (Suc n). f (Suc (Suc n)) \<noteq> f j" by iprover
 let ?f = "\<lambda>i. if f i = Suc n then f (Suc (Suc n)) else f i"
 have "\<And>i. i \<le> Suc n \<Longrightarrow> ?f i \<le> n"
 proof -
 fix i assume i: "i \<le> Suc n"
 show "?thesis i"
 case False
 from Suc and i have "f i \<le> Suc n" by simp
 with False show ?thesis by simp
 qed
 qed
-hence "\<exists>i j. i \<le> Suc n \<and> j < i \<and> ?f i = ?f j" by (rule Suc)
+then have "\<exists>i j. i \<le> Suc n \<and> j < i \<and> ?f i = ?f j" by (rule Suc)
 then obtain i j where i: "i \<le> Suc n" and ji: "j < i" and f: "?f i = ?f j"
 by iprover
 have "f i = f j"
 proof (cases "f i = Suc n")
 case True
 qed
 extract pigeonhole pigeonhole_slow
 text \<open>
 The programs extracted from the above proofs look as follows:
 @{thm [display] pigeonhole_def}
 @{thm [display] pigeonhole_slow_def}
 The program for searching for an element in an array is
 @{thm [display,eta_contract=false] search_def}
 The correctness statement for @{term "pigeonhole"} is
 @{thm [display] pigeonhole_correctness [no_vars]}
 In order to analyze the speed of the above programs,
 we generate ML code from them.
 \<close>
 instantiation nat :: default
 begin
 instance ..
 end
-definition
+definition "test n u = pigeonhole (nat_of_integer n) (\<lambda>m. m - 1)"
-"test n u = pigeonhole (nat_of_integer n) (\<lambda>m. m - 1)"
+definition "test' n u = pigeonhole_slow (nat_of_integer n) (\<lambda>m. m - 1)"
-definition
+definition "test'' u = pigeonhole 8 (List.nth [0, 1, 2, 3, 4, 5, 6, 3, 7, 8])"
-"test' n u = pigeonhole_slow (nat_of_integer n) (\<lambda>m. m - 1)"
-definition
+ML_val "timeit (@{code test} 10)"
-"test'' u = pigeonhole 8 (List.nth [0, 1, 2, 3, 4, 5, 6, 3, 7, 8])"
-ML_val "timeit (@{code test} 10)"
 ML_val "timeit (@{code test'} 10)"
 ML_val "timeit (@{code test} 20)"
 ML_val "timeit (@{code test'} 20)"
 ML_val "timeit (@{code test} 25)"
 ML_val "timeit (@{code test'} 25)"

changeset 63361	d10eab0672f9
parent 61986	2461779da2b8
child 66258	2b83dd24b301