288 show "P" (*<*)sorry(*>*) txt_raw{*\ $\dots$\\*} |
288 show "P" (*<*)sorry(*>*) txt_raw{*\ $\dots$\\*} |
289 qed(*<*)qed(*>*) |
289 qed(*<*)qed(*>*) |
290 text_raw {* } |
290 text_raw {* } |
291 \medskip |
291 \medskip |
292 \begin{isamarkuptext}% |
292 \begin{isamarkuptext}% |
293 Proofs by contradiction: |
293 Proofs by contradiction (@{thm[source] ccontr} stands for ``classical contradiction''): |
294 \end{isamarkuptext}% |
294 \end{isamarkuptext}% |
295 \begin{tabular}{@ {}ll@ {}} |
295 \begin{tabular}{@ {}ll@ {}} |
296 \begin{minipage}[t]{.4\textwidth} |
296 \begin{minipage}[t]{.4\textwidth} |
297 \isa{% |
297 \isa{% |
298 *} |
298 *} |
357 \end{minipage} |
355 \end{minipage} |
358 \end{tabular} |
356 \end{tabular} |
359 \medskip |
357 \medskip |
360 \begin{isamarkuptext}% |
358 \begin{isamarkuptext}% |
361 In the proof of \noquotes{@{prop[source]"\<forall>x. P(x)"}}, |
359 In the proof of \noquotes{@{prop[source]"\<forall>x. P(x)"}}, |
362 the step \isacom{fix}~@{text x} introduces a locally fixed variable @{text x} |
360 the step \indexed{\isacom{fix}}{fix}~@{text x} introduces a locally fixed variable @{text x} |
363 into the subproof, the proverbial ``arbitrary but fixed value''. |
361 into the subproof, the proverbial ``arbitrary but fixed value''. |
364 Instead of @{text x} we could have chosen any name in the subproof. |
362 Instead of @{text x} we could have chosen any name in the subproof. |
365 In the proof of \noquotes{@{prop[source]"\<exists>x. P(x)"}}, |
363 In the proof of \noquotes{@{prop[source]"\<exists>x. P(x)"}}, |
366 @{text witness} is some arbitrary |
364 @{text witness} is some arbitrary |
367 term for which we can prove that it satisfies @{text P}. |
365 term for which we can prove that it satisfies @{text P}. |
617 the relevant @{const take} and @{const drop} lemmas for you. |
615 the relevant @{const take} and @{const drop} lemmas for you. |
618 \endexercise |
616 \endexercise |
619 |
617 |
620 |
618 |
621 \section{Case Analysis and Induction} |
619 \section{Case Analysis and Induction} |
622 \index{case analysis}\index{induction} |
620 |
623 \subsection{Datatype Case Analysis} |
621 \subsection{Datatype Case Analysis} |
|
622 \index{case analysis|(} |
624 |
623 |
625 We have seen case analysis on formulas. Now we want to distinguish |
624 We have seen case analysis on formulas. Now we want to distinguish |
626 which form some term takes: is it @{text 0} or of the form @{term"Suc n"}, |
625 which form some term takes: is it @{text 0} or of the form @{term"Suc n"}, |
627 is it @{term"[]"} or of the form @{term"x#xs"}, etc. Here is a typical example |
626 is it @{term"[]"} or of the form @{term"x#xs"}, etc. Here is a typical example |
628 proof by case analysis on the form of @{text xs}: |
627 proof by case analysis on the form of @{text xs}: |
635 next |
634 next |
636 fix y ys assume "xs = y#ys" |
635 fix y ys assume "xs = y#ys" |
637 thus ?thesis by simp |
636 thus ?thesis by simp |
638 qed |
637 qed |
639 |
638 |
640 text{* Function @{text tl} (''tail'') is defined by @{thm tl.simps(1)} and |
639 text{*\index{cases@@{text"cases"}|(}Function @{text tl} (''tail'') is defined by @{thm tl.simps(1)} and |
641 @{thm tl.simps(2)}. Note that the result type of @{const length} is @{typ nat} |
640 @{thm tl.simps(2)}. Note that the result type of @{const length} is @{typ nat} |
642 and @{prop"0 - 1 = (0::nat)"}. |
641 and @{prop"0 - 1 = (0::nat)"}. |
643 |
642 |
644 This proof pattern works for any term @{text t} whose type is a datatype. |
643 This proof pattern works for any term @{text t} whose type is a datatype. |
645 The goal has to be proved for each constructor @{text C}: |
644 The goal has to be proved for each constructor @{text C}: |
646 \begin{quote} |
645 \begin{quote} |
647 \isacom{fix} \ @{text"x\<^sub>1 \<dots> x\<^sub>n"} \isacom{assume} @{text"\"t = C x\<^sub>1 \<dots> x\<^sub>n\""} |
646 \isacom{fix} \ @{text"x\<^sub>1 \<dots> x\<^sub>n"} \isacom{assume} @{text"\"t = C x\<^sub>1 \<dots> x\<^sub>n\""} |
648 \end{quote} |
647 \end{quote}\index{case@\isacom{case}|(} |
649 Each case can be written in a more compact form by means of the \isacom{case} |
648 Each case can be written in a more compact form by means of the \isacom{case} |
650 command: |
649 command: |
651 \begin{quote} |
650 \begin{quote} |
652 \isacom{case} @{text "(C x\<^sub>1 \<dots> x\<^sub>n)"} |
651 \isacom{case} @{text "(C x\<^sub>1 \<dots> x\<^sub>n)"} |
653 \end{quote} |
652 \end{quote} |
667 |
666 |
668 text{* Remember that @{text Nil} and @{text Cons} are the alphanumeric names |
667 text{* Remember that @{text Nil} and @{text Cons} are the alphanumeric names |
669 for @{text"[]"} and @{text"#"}. The names of the assumptions |
668 for @{text"[]"} and @{text"#"}. The names of the assumptions |
670 are not used because they are directly piped (via \isacom{thus}) |
669 are not used because they are directly piped (via \isacom{thus}) |
671 into the proof of the claim. |
670 into the proof of the claim. |
|
671 \index{case analysis|)} |
672 |
672 |
673 \subsection{Structural Induction} |
673 \subsection{Structural Induction} |
|
674 \index{induction|(} |
|
675 \index{structural induction|(} |
674 |
676 |
675 We illustrate structural induction with an example based on natural numbers: |
677 We illustrate structural induction with an example based on natural numbers: |
676 the sum (@{text"\<Sum>"}) of the first @{text n} natural numbers |
678 the sum (@{text"\<Sum>"}) of the first @{text n} natural numbers |
677 (@{text"{0..n::nat}"}) is equal to \mbox{@{term"n*(n+1) div 2::nat"}}. |
679 (@{text"{0..n::nat}"}) is equal to \mbox{@{term"n*(n+1) div 2::nat"}}. |
678 Never mind the details, just focus on the pattern: |
680 Never mind the details, just focus on the pattern: |
717 case (Suc n) |
719 case (Suc n) |
718 thus ?case by simp |
720 thus ?case by simp |
719 qed |
721 qed |
720 |
722 |
721 text{* |
723 text{* |
722 The unknown @{text "?case"} is set in each case to the required |
724 The unknown @{text"?case"}\index{case?@@{text"?case"}|(} is set in each case to the required |
723 claim, i.e.\ @{text"?P 0"} and \mbox{@{text"?P(Suc n)"}} in the above proof, |
725 claim, i.e.\ @{text"?P 0"} and \mbox{@{text"?P(Suc n)"}} in the above proof, |
724 without requiring the user to define a @{text "?P"}. The general |
726 without requiring the user to define a @{text "?P"}. The general |
725 pattern for induction over @{typ nat} is shown on the left-hand side: |
727 pattern for induction over @{typ nat} is shown on the left-hand side: |
726 *}text_raw{* |
728 *}text_raw{* |
727 \begin{tabular}{@ {}ll@ {}} |
729 \begin{tabular}{@ {}ll@ {}} |
784 (here @{text"A(Suc n)"}). |
786 (here @{text"A(Suc n)"}). |
785 |
787 |
786 Induction works for any datatype. |
788 Induction works for any datatype. |
787 Proving a goal @{text"\<lbrakk> A\<^sub>1(x); \<dots>; A\<^sub>k(x) \<rbrakk> \<Longrightarrow> P(x)"} |
789 Proving a goal @{text"\<lbrakk> A\<^sub>1(x); \<dots>; A\<^sub>k(x) \<rbrakk> \<Longrightarrow> P(x)"} |
788 by induction on @{text x} generates a proof obligation for each constructor |
790 by induction on @{text x} generates a proof obligation for each constructor |
789 @{text C} of the datatype. The command @{text"case (C x\<^sub>1 \<dots> x\<^sub>n)"} |
791 @{text C} of the datatype. The command \isacom{case}~@{text"(C x\<^sub>1 \<dots> x\<^sub>n)"} |
790 performs the following steps: |
792 performs the following steps: |
791 \begin{enumerate} |
793 \begin{enumerate} |
792 \item \isacom{fix} @{text"x\<^sub>1 \<dots> x\<^sub>n"} |
794 \item \isacom{fix} @{text"x\<^sub>1 \<dots> x\<^sub>n"} |
793 \item \isacom{assume} the induction hypotheses (calling them @{text C.IH}) |
795 \item \isacom{assume} the induction hypotheses (calling them @{text C.IH}\index{IH@@{text".IH"}}) |
794 and the premises \mbox{@{text"A\<^sub>i(C x\<^sub>1 \<dots> x\<^sub>n)"}} (calling them @{text"C.prems"}) |
796 and the premises \mbox{@{text"A\<^sub>i(C x\<^sub>1 \<dots> x\<^sub>n)"}} (calling them @{text"C.prems"}\index{prems@@{text".prems"}}) |
795 and calling the whole list @{text C} |
797 and calling the whole list @{text C} |
796 \item \isacom{let} @{text"?case = \"P(C x\<^sub>1 \<dots> x\<^sub>n)\""} |
798 \item \isacom{let} @{text"?case = \"P(C x\<^sub>1 \<dots> x\<^sub>n)\""} |
797 \end{enumerate} |
799 \end{enumerate} |
|
800 \index{structural induction|)} |
798 |
801 |
799 \subsection{Rule Induction} |
802 \subsection{Rule Induction} |
|
803 \index{rule induction|(} |
800 |
804 |
801 Recall the inductive and recursive definitions of even numbers in |
805 Recall the inductive and recursive definitions of even numbers in |
802 \autoref{sec:inductive-defs}: |
806 \autoref{sec:inductive-defs}: |
803 *} |
807 *} |
804 |
808 |
890 text{* |
894 text{* |
891 \indent |
895 \indent |
892 In general, let @{text I} be a (for simplicity unary) inductively defined |
896 In general, let @{text I} be a (for simplicity unary) inductively defined |
893 predicate and let the rules in the definition of @{text I} |
897 predicate and let the rules in the definition of @{text I} |
894 be called @{text "rule\<^sub>1"}, \dots, @{text "rule\<^sub>n"}. A proof by rule |
898 be called @{text "rule\<^sub>1"}, \dots, @{text "rule\<^sub>n"}. A proof by rule |
895 induction follows this pattern: |
899 induction follows this pattern:\index{inductionrule@@{text"induction ... rule:"}} |
896 *} |
900 *} |
897 |
901 |
898 (*<*) |
902 (*<*) |
899 inductive I where rule\<^sub>1: "I()" | rule\<^sub>2: "I()" | rule\<^sub>n: "I()" |
903 inductive I where rule\<^sub>1: "I()" | rule\<^sub>2: "I()" | rule\<^sub>n: "I()" |
900 lemma "I x \<Longrightarrow> P x" proof-(*>*) |
904 lemma "I x \<Longrightarrow> P x" proof-(*>*) |
925 \label{sec:assm-naming} |
929 \label{sec:assm-naming} |
926 |
930 |
927 In any induction, \isacom{case}~@{text name} sets up a list of assumptions |
931 In any induction, \isacom{case}~@{text name} sets up a list of assumptions |
928 also called @{text name}, which is subdivided into three parts: |
932 also called @{text name}, which is subdivided into three parts: |
929 \begin{description} |
933 \begin{description} |
930 \item[@{text name.IH}] contains the induction hypotheses. |
934 \item[@{text name.IH}]\index{IH@@{text".IH"}} contains the induction hypotheses. |
931 \item[@{text name.hyps}] contains all the other hypotheses of this case in the |
935 \item[@{text name.hyps}]\index{hyps@@{text".hyps"}} contains all the other hypotheses of this case in the |
932 induction rule. For rule inductions these are the hypotheses of rule |
936 induction rule. For rule inductions these are the hypotheses of rule |
933 @{text name}, for structural inductions these are empty. |
937 @{text name}, for structural inductions these are empty. |
934 \item[@{text name.prems}] contains the (suitably instantiated) premises |
938 \item[@{text name.prems}]\index{prems@@{text".prems"}} contains the (suitably instantiated) premises |
935 of the statement being proved, i.e. the @{text A\<^sub>i} when |
939 of the statement being proved, i.e. the @{text A\<^sub>i} when |
936 proving @{text"\<lbrakk> A\<^sub>1; \<dots>; A\<^sub>n \<rbrakk> \<Longrightarrow> A"}. |
940 proving @{text"\<lbrakk> A\<^sub>1; \<dots>; A\<^sub>n \<rbrakk> \<Longrightarrow> A"}. |
937 \end{description} |
941 \end{description} |
938 \begin{warn} |
942 \begin{warn} |
939 Proof method @{text induct} differs from @{text induction} |
943 Proof method @{text induct} differs from @{text induction} |
947 This is where the indexing of fact lists comes in handy, e.g.\ |
951 This is where the indexing of fact lists comes in handy, e.g.\ |
948 @{text"name.IH(2)"} or @{text"name.prems(1-2)"}. |
952 @{text"name.IH(2)"} or @{text"name.prems(1-2)"}. |
949 |
953 |
950 \subsection{Rule Inversion} |
954 \subsection{Rule Inversion} |
951 \label{sec:rule-inversion} |
955 \label{sec:rule-inversion} |
|
956 \index{rule inversion|(} |
952 |
957 |
953 Rule inversion is case analysis of which rule could have been used to |
958 Rule inversion is case analysis of which rule could have been used to |
954 derive some fact. The name \concept{rule inversion} emphasizes that we are |
959 derive some fact. The name \conceptnoidx{rule inversion} emphasizes that we are |
955 reasoning backwards: by which rules could some given fact have been proved? |
960 reasoning backwards: by which rules could some given fact have been proved? |
956 For the inductive definition of @{const ev}, rule inversion can be summarized |
961 For the inductive definition of @{const ev}, rule inversion can be summarized |
957 like this: |
962 like this: |
958 @{prop[display]"ev n \<Longrightarrow> n = 0 \<or> (EX k. n = Suc(Suc k) \<and> ev k)"} |
963 @{prop[display]"ev n \<Longrightarrow> n = 0 \<or> (EX k. n = Suc(Suc k) \<and> ev k)"} |
959 The realisation in Isabelle is a case analysis. |
964 The realisation in Isabelle is a case analysis. |
1031 |
1036 |
1032 However, induction can do the above transformation for us, behind the curtains, so we never |
1037 However, induction can do the above transformation for us, behind the curtains, so we never |
1033 need to see the expanded version of the lemma. This is what we need to write: |
1038 need to see the expanded version of the lemma. This is what we need to write: |
1034 \begin{isabelle} |
1039 \begin{isabelle} |
1035 \isacom{lemma} @{text[source]"I r s t \<Longrightarrow> \<dots>"}\isanewline |
1040 \isacom{lemma} @{text[source]"I r s t \<Longrightarrow> \<dots>"}\isanewline |
1036 \isacom{proof}@{text"(induction \"r\" \"s\" \"t\" arbitrary: \<dots> rule: I.induct)"} |
1041 \isacom{proof}@{text"(induction \"r\" \"s\" \"t\" arbitrary: \<dots> rule: I.induct)"}\index{inductionrule@@{text"induction ... rule:"}}\index{arbitrary@@{text"arbitrary:"}} |
1037 \end{isabelle} |
1042 \end{isabelle} |
1038 Just like for rule inversion, cases that are impossible because of constructor clashes |
1043 Just like for rule inversion, cases that are impossible because of constructor clashes |
1039 will not show up at all. Here is a concrete example: *} |
1044 will not show up at all. Here is a concrete example: *} |
1040 |
1045 |
1041 lemma "ev (Suc m) \<Longrightarrow> \<not> ev m" |
1046 lemma "ev (Suc m) \<Longrightarrow> \<not> ev m" |
1074 This advanced form of induction does not support the @{text IH} |
1079 This advanced form of induction does not support the @{text IH} |
1075 naming schema explained in \autoref{sec:assm-naming}: |
1080 naming schema explained in \autoref{sec:assm-naming}: |
1076 the induction hypotheses are instead found under the name @{text hyps}, like for the simpler |
1081 the induction hypotheses are instead found under the name @{text hyps}, like for the simpler |
1077 @{text induct} method. |
1082 @{text induct} method. |
1078 \end{warn} |
1083 \end{warn} |
1079 |
1084 \index{induction|)} |
|
1085 \index{cases@@{text"cases"}|)} |
|
1086 \index{case@\isacom{case}|)} |
|
1087 \index{case?@@{text"?case"}|)} |
|
1088 \index{rule induction|)} |
|
1089 \index{rule inversion|)} |
1080 |
1090 |
1081 \subsection*{Exercises} |
1091 \subsection*{Exercises} |
1082 |
1092 |
1083 |
1093 |
1084 \exercise |
1094 \exercise |