184 \isa{(x\#xs = y\#ys) = (x=y \isasymand~xs=ys)}, are used automatically |
184 \isa{(x\#xs = y\#ys) = (x=y \isasymand~xs=ys)}, are used automatically |
185 during proofs by simplification. The same is true for the equations in |
185 during proofs by simplification. The same is true for the equations in |
186 primitive recursive function definitions. |
186 primitive recursive function definitions. |
187 |
187 |
188 Every datatype $t$ comes equipped with a \isa{size} function from $t$ into |
188 Every datatype $t$ comes equipped with a \isa{size} function from $t$ into |
189 the natural numbers (see~\S\ref{sec:nat} below). For lists, \isa{size} is |
189 the natural numbers (see~{\S}\ref{sec:nat} below). For lists, \isa{size} is |
190 just the length, i.e.\ \isa{size [] = 0} and \isa{size(x \# xs) = size xs + |
190 just the length, i.e.\ \isa{size [] = 0} and \isa{size(x \# xs) = size xs + |
191 1}. In general, \isaindexbold{size} returns \isa{0} for all constructors |
191 1}. In general, \isaindexbold{size} returns \isa{0} for all constructors |
192 that do not have an argument of type $t$, and for all other constructors |
192 that do not have an argument of type $t$, and for all other constructors |
193 \isa{1 +} the sum of the sizes of all arguments of type $t$. Note that because |
193 \isa{1 +} the sum of the sizes of all arguments of type $t$. Note that because |
194 \isa{size} is defined on every datatype, it is overloaded; on lists |
194 \isa{size} is defined on every datatype, it is overloaded; on lists |
207 $f$ in $r$ are of the form $f \, \dots \, y@i \, \dots$ for some $i$. Thus |
207 $f$ in $r$ are of the form $f \, \dots \, y@i \, \dots$ for some $i$. Thus |
208 Isabelle immediately sees that $f$ terminates because one (fixed!) argument |
208 Isabelle immediately sees that $f$ terminates because one (fixed!) argument |
209 becomes smaller with every recursive call. There must be exactly one equation |
209 becomes smaller with every recursive call. There must be exactly one equation |
210 for each constructor. Their order is immaterial. |
210 for each constructor. Their order is immaterial. |
211 A more general method for defining total recursive functions is introduced in |
211 A more general method for defining total recursive functions is introduced in |
212 \S\ref{sec:recdef}. |
212 {\S}\ref{sec:recdef}. |
213 |
213 |
214 \begin{exercise}\label{ex:Tree} |
214 \begin{exercise}\label{ex:Tree} |
215 \input{Misc/document/Tree.tex}% |
215 \input{Misc/document/Tree.tex}% |
216 \end{exercise} |
216 \end{exercise} |
217 |
217 |
218 \input{Misc/document/case_exprs.tex} |
218 \input{Misc/document/case_exprs.tex} |
219 |
219 |
220 \begin{warn} |
220 \begin{warn} |
221 Induction is only allowed on free (or \isasymAnd-bound) variables that |
221 Induction is only allowed on free (or \isasymAnd-bound) variables that |
222 should not occur among the assumptions of the subgoal; see |
222 should not occur among the assumptions of the subgoal; see |
223 \S\ref{sec:ind-var-in-prems} for details. Case distinction |
223 {\S}\ref{sec:ind-var-in-prems} for details. Case distinction |
224 (\isa{case_tac}) works for arbitrary terms, which need to be |
224 (\isa{case_tac}) works for arbitrary terms, which need to be |
225 quoted if they are non-atomic. |
225 quoted if they are non-atomic. |
226 \end{warn} |
226 \end{warn} |
227 |
227 |
228 |
228 |
236 \index{arithmetic|(} |
236 \index{arithmetic|(} |
237 |
237 |
238 \input{Misc/document/fakenat.tex} |
238 \input{Misc/document/fakenat.tex} |
239 \input{Misc/document/natsum.tex} |
239 \input{Misc/document/natsum.tex} |
240 |
240 |
241 The usual arithmetic operations \ttindexboldpos{+}{$HOL2arithfun}, |
|
242 \ttindexboldpos{-}{$HOL2arithfun}, \ttindexboldpos{*}{$HOL2arithfun}, |
|
243 \isaindexbold{div}, \isaindexbold{mod}, \isaindexbold{min} and |
|
244 \isaindexbold{max} are predefined, as are the relations |
|
245 \indexboldpos{\isasymle}{$HOL2arithrel} and |
|
246 \ttindexboldpos{<}{$HOL2arithrel}. There is even a least number operation |
|
247 \isaindexbold{LEAST}. For example, \isa{(LEAST n.$\,$1 < n) = 2}, although |
|
248 Isabelle does not prove this completely automatically. Note that \isa{1} and |
|
249 \isa{2} are available as abbreviations for the corresponding |
|
250 \isa{Suc}-expressions. If you need the full set of numerals, |
|
251 see~\S\ref{nat-numerals}. |
|
252 |
|
253 \begin{warn} |
|
254 The constant \ttindexbold{0} and the operations |
|
255 \ttindexboldpos{+}{$HOL2arithfun}, \ttindexboldpos{-}{$HOL2arithfun}, |
|
256 \ttindexboldpos{*}{$HOL2arithfun}, \isaindexbold{min}, \isaindexbold{max}, |
|
257 \indexboldpos{\isasymle}{$HOL2arithrel} and |
|
258 \ttindexboldpos{<}{$HOL2arithrel} are overloaded, i.e.\ they are available |
|
259 not just for natural numbers but at other types as well (see |
|
260 \S\ref{sec:overloading}). For example, given the goal \isa{x+0 = x}, there |
|
261 is nothing to indicate that you are talking about natural numbers. Hence |
|
262 Isabelle can only infer that \isa{x} is of some arbitrary type where |
|
263 \isa{0} and \isa{+} are declared. As a consequence, you will be unable to |
|
264 prove the goal (although it may take you some time to realize what has |
|
265 happened if \texttt{show_types} is not set). In this particular example, |
|
266 you need to include an explicit type constraint, for example \isa{x+0 = |
|
267 (x::nat)}. If there is enough contextual information this may not be |
|
268 necessary: \isa{Suc x = x} automatically implies \isa{x::nat} because |
|
269 \isa{Suc} is not overloaded. |
|
270 \end{warn} |
|
271 |
|
272 Simple arithmetic goals are proved automatically by both \isa{auto} |
|
273 and the simplification methods introduced in \S\ref{sec:Simplification}. For |
|
274 example, |
|
275 |
|
276 \input{Misc/document/arith1.tex}% |
|
277 is proved automatically. The main restriction is that only addition is taken |
|
278 into account; other arithmetic operations and quantified formulae are ignored. |
|
279 |
|
280 For more complex goals, there is the special method |
|
281 \isaindexbold{arith} (which attacks the first subgoal). It proves |
|
282 arithmetic goals involving the usual logical connectives (\isasymnot, |
|
283 \isasymand, \isasymor, \isasymimp), the relations \isasymle\ and \isa{<}, and |
|
284 the operations \isa{+}, \isa{-}, \isa{min} and \isa{max}. For example, |
|
285 |
|
286 \input{Misc/document/arith2.tex}% |
|
287 succeeds because \isa{k*k} can be treated as atomic. |
|
288 In contrast, |
|
289 |
|
290 \input{Misc/document/arith3.tex}% |
|
291 is not even proved by \isa{arith} because the proof relies essentially |
|
292 on properties of multiplication. |
|
293 |
|
294 \begin{warn} |
|
295 The running time of \isa{arith} is exponential in the number of occurrences |
|
296 of \ttindexboldpos{-}{$HOL2arithfun}, \isaindexbold{min} and |
|
297 \isaindexbold{max} because they are first eliminated by case distinctions. |
|
298 |
|
299 \isa{arith} is incomplete even for the restricted class of formulae |
|
300 described above (known as ``linear arithmetic''). If divisibility plays a |
|
301 role, it may fail to prove a valid formula, for example $m+m \neq n+n+1$. |
|
302 Fortunately, such examples are rare in practice. |
|
303 \end{warn} |
|
304 |
|
305 \index{arithmetic|)} |
241 \index{arithmetic|)} |
306 |
242 |
307 |
243 |
308 \subsection{Pairs} |
244 \subsection{Pairs} |
309 \input{Misc/document/pairs.tex} |
245 \input{Misc/document/pairs.tex} |
310 |
|
311 %FIXME move stuff below into section on proofs about products? |
|
312 \begin{warn} |
|
313 Abstraction over pairs and tuples is merely a convenient shorthand for a |
|
314 more complex internal representation. Thus the internal and external form |
|
315 of a term may differ, which can affect proofs. If you want to avoid this |
|
316 complication, use \isa{fst} and \isa{snd}, i.e.\ write |
|
317 \isa{\isasymlambda{}p.~fst p + snd p} instead of |
|
318 \isa{\isasymlambda(x,y).~x + y}. See~\S\ref{sec:products} for |
|
319 theorem proving with tuple patterns. |
|
320 \end{warn} |
|
321 |
|
322 Note that products, like type \isa{nat}, are datatypes, which means |
|
323 in particular that \isa{induct_tac} and \isa{case_tac} are applicable to |
|
324 products (see \S\ref{sec:products}). |
|
325 |
|
326 Instead of tuples with many components (where ``many'' is not much above 2), |
|
327 it is far preferable to use records (see \S\ref{sec:records}). |
|
328 |
246 |
329 \section{Definitions} |
247 \section{Definitions} |
330 \label{sec:Definitions} |
248 \label{sec:Definitions} |
331 |
249 |
332 A definition is simply an abbreviation, i.e.\ a new name for an existing |
250 A definition is simply an abbreviation, i.e.\ a new name for an existing |
344 |
262 |
345 \input{Misc/document/types.tex}% |
263 \input{Misc/document/types.tex}% |
346 |
264 |
347 Note that pattern-matching is not allowed, i.e.\ each definition must be of |
265 Note that pattern-matching is not allowed, i.e.\ each definition must be of |
348 the form $f\,x@1\,\dots\,x@n~\isasymequiv~t$. |
266 the form $f\,x@1\,\dots\,x@n~\isasymequiv~t$. |
349 Section~\S\ref{sec:Simplification} explains how definitions are used |
267 Section~{\S}\ref{sec:Simplification} explains how definitions are used |
350 in proofs. |
268 in proofs. |
351 |
269 |
352 \input{Misc/document/prime_def.tex} |
270 \input{Misc/document/prime_def.tex} |
353 |
271 |
354 |
272 |
355 \chapter{More Functional Programming} |
273 \chapter{More Functional Programming} |
356 |
274 |
357 The purpose of this chapter is to deepen the reader's understanding of the |
275 The purpose of this chapter is to deepen the reader's understanding of the |
358 concepts encountered so far and to introduce advanced forms of datatypes and |
276 concepts encountered so far and to introduce advanced forms of datatypes and |
359 recursive functions. The first two sections give a structured presentation of |
277 recursive functions. The first two sections give a structured presentation of |
360 theorem proving by simplification (\S\ref{sec:Simplification}) and discuss |
278 theorem proving by simplification ({\S}\ref{sec:Simplification}) and discuss |
361 important heuristics for induction (\S\ref{sec:InductionHeuristics}). They can |
279 important heuristics for induction ({\S}\ref{sec:InductionHeuristics}). They can |
362 be skipped by readers less interested in proofs. They are followed by a case |
280 be skipped by readers less interested in proofs. They are followed by a case |
363 study, a compiler for expressions (\S\ref{sec:ExprCompiler}). Advanced |
281 study, a compiler for expressions ({\S}\ref{sec:ExprCompiler}). Advanced |
364 datatypes, including those involving function spaces, are covered in |
282 datatypes, including those involving function spaces, are covered in |
365 \S\ref{sec:advanced-datatypes}, which closes with another case study, search |
283 {\S}\ref{sec:advanced-datatypes}, which closes with another case study, search |
366 trees (``tries''). Finally we introduce \isacommand{recdef}, a very general |
284 trees (``tries''). Finally we introduce \isacommand{recdef}, a very general |
367 form of recursive function definition which goes well beyond what |
285 form of recursive function definition which goes well beyond what |
368 \isacommand{primrec} allows (\S\ref{sec:recdef}). |
286 \isacommand{primrec} allows ({\S}\ref{sec:recdef}). |
369 |
287 |
370 |
288 |
371 \section{Simplification} |
289 \section{Simplification} |
372 \label{sec:Simplification} |
290 \label{sec:Simplification} |
373 \index{simplification|(} |
291 \index{simplification|(} |
380 |
298 |
381 Simplification is one of the central theorem proving tools in Isabelle and |
299 Simplification is one of the central theorem proving tools in Isabelle and |
382 many other systems. The tool itself is called the \bfindex{simplifier}. The |
300 many other systems. The tool itself is called the \bfindex{simplifier}. The |
383 purpose of this section is introduce the many features of the simplifier. |
301 purpose of this section is introduce the many features of the simplifier. |
384 Anybody intending to use HOL should read this section. Later on |
302 Anybody intending to use HOL should read this section. Later on |
385 (\S\ref{sec:simplification-II}) we explain some more advanced features and a |
303 ({\S}\ref{sec:simplification-II}) we explain some more advanced features and a |
386 little bit of how the simplifier works. The serious student should read that |
304 little bit of how the simplifier works. The serious student should read that |
387 section as well, in particular in order to understand what happened if things |
305 section as well, in particular in order to understand what happened if things |
388 do not simplify as expected. |
306 do not simplify as expected. |
389 |
307 |
390 \subsubsection{What is simplification} |
308 \subsubsection{What is simplification} |
548 this is not always the case. Arbitrary total recursive functions can be |
466 this is not always the case. Arbitrary total recursive functions can be |
549 defined by means of \isacommand{recdef}: you can use full pattern-matching, |
467 defined by means of \isacommand{recdef}: you can use full pattern-matching, |
550 recursion need not involve datatypes, and termination is proved by showing |
468 recursion need not involve datatypes, and termination is proved by showing |
551 that the arguments of all recursive calls are smaller in a suitable (user |
469 that the arguments of all recursive calls are smaller in a suitable (user |
552 supplied) sense. In this section we ristrict ourselves to measure functions; |
470 supplied) sense. In this section we ristrict ourselves to measure functions; |
553 more advanced termination proofs are discussed in \S\ref{sec:beyond-measure}. |
471 more advanced termination proofs are discussed in {\S}\ref{sec:beyond-measure}. |
554 |
472 |
555 \subsection{Defining recursive functions} |
473 \subsection{Defining recursive functions} |
556 |
474 |
557 \input{Recdef/document/examples.tex} |
475 \input{Recdef/document/examples.tex} |
558 |
476 |