103 @{thm[display]nat0_intermed_int_val[no_vars]} |
103 @{thm[display]nat0_intermed_int_val[no_vars]} |
104 where @{term f} is of type @{typ"nat \<Rightarrow> int"}, @{typ int} are the integers, |
104 where @{term f} is of type @{typ"nat \<Rightarrow> int"}, @{typ int} are the integers, |
105 @{text"\<bar>.\<bar>"} is the absolute value function, and @{term"#1::int"} is the |
105 @{text"\<bar>.\<bar>"} is the absolute value function, and @{term"#1::int"} is the |
106 integer 1 (see \S\ref{sec:numbers}). |
106 integer 1 (see \S\ref{sec:numbers}). |
107 |
107 |
108 First we show that the our specific function, the difference between the |
108 First we show that our specific function, the difference between the |
109 numbers of @{term a}'s and @{term b}'s, does indeed only change by 1 in every |
109 numbers of @{term a}'s and @{term b}'s, does indeed only change by 1 in every |
110 move to the right. At this point we also start generalizing from @{term a}'s |
110 move to the right. At this point we also start generalizing from @{term a}'s |
111 and @{term b}'s to an arbitrary property @{term P}. Otherwise we would have |
111 and @{term b}'s to an arbitrary property @{term P}. Otherwise we would have |
112 to prove the desired lemma twice, once as stated above and once with the |
112 to prove the desired lemma twice, once as stated above and once with the |
113 roles of @{term a}'s and @{term b}'s interchanged. |
113 roles of @{term a}'s and @{term b}'s interchanged. |
117 \<bar>(int(size[x\<in>take (i+1) w. P x])-int(size[x\<in>take (i+1) w. \<not>P x])) |
117 \<bar>(int(size[x\<in>take (i+1) w. P x])-int(size[x\<in>take (i+1) w. \<not>P x])) |
118 - (int(size[x\<in>take i w. P x])-int(size[x\<in>take i w. \<not>P x]))\<bar> \<le> #1" |
118 - (int(size[x\<in>take i w. P x])-int(size[x\<in>take i w. \<not>P x]))\<bar> \<le> #1" |
119 |
119 |
120 txt{*\noindent |
120 txt{*\noindent |
121 The lemma is a bit hard to read because of the coercion function |
121 The lemma is a bit hard to read because of the coercion function |
122 @{term[source]"int :: nat \<Rightarrow> int"}. It is required because @{term size} returns |
122 @{text"int :: nat \<Rightarrow> int"}. It is required because @{term size} returns |
123 a natural number, but subtraction on type~@{typ nat} will do the wrong thing. |
123 a natural number, but subtraction on type~@{typ nat} will do the wrong thing. |
124 Function @{term take} is predefined and @{term"take i xs"} is the prefix of |
124 Function @{term take} is predefined and @{term"take i xs"} is the prefix of |
125 length @{term i} of @{term xs}; below we also need @{term"drop i xs"}, which |
125 length @{term i} of @{term xs}; below we also need @{term"drop i xs"}, which |
126 is what remains after that prefix has been dropped from @{term xs}. |
126 is what remains after that prefix has been dropped from @{term xs}. |
127 |
127 |
235 apply(erule conjE); |
235 apply(erule conjE); |
236 |
236 |
237 txt{*\noindent |
237 txt{*\noindent |
238 This yields an index @{prop"i \<le> length v"} such that |
238 This yields an index @{prop"i \<le> length v"} such that |
239 @{prop[display]"length [x\<in>take i v . x = a] = length [x\<in>take i v . x = b] + 1"} |
239 @{prop[display]"length [x\<in>take i v . x = a] = length [x\<in>take i v . x = b] + 1"} |
240 With the help of @{thm[source]part1} it follows that |
240 With the help of @{thm[source]part2} it follows that |
241 @{prop[display]"length [x\<in>drop i v . x = a] = length [x\<in>drop i v . x = b] + 1"} |
241 @{prop[display]"length [x\<in>drop i v . x = a] = length [x\<in>drop i v . x = b] + 1"} |
242 *} |
242 *} |
243 |
243 |
244 apply(drule part2[of "\<lambda>x. x=a", simplified]); |
244 apply(drule part2[of "\<lambda>x. x=a", simplified]); |
245 apply(assumption); |
245 apply(assumption); |
285 We conclude this section with a comparison of our proof with |
285 We conclude this section with a comparison of our proof with |
286 Hopcroft and Ullman's \cite[p.\ts81]{HopcroftUllman}. For a start, the texbook |
286 Hopcroft and Ullman's \cite[p.\ts81]{HopcroftUllman}. For a start, the texbook |
287 grammar, for no good reason, excludes the empty word. That complicates |
287 grammar, for no good reason, excludes the empty word. That complicates |
288 matters just a little bit because we now have 8 instead of our 7 productions. |
288 matters just a little bit because we now have 8 instead of our 7 productions. |
289 |
289 |
290 More importantly, the proof itself is different: rather than separating the |
290 More importantly, the proof itself is different: rather than |
291 two directions, they perform one induction on the length of a word. This |
291 separating the two directions, they perform one induction on the |
292 deprives them of the beauty of rule induction and in the easy direction |
292 length of a word. This deprives them of the beauty of rule induction, |
293 (correctness) their reasoning is more detailed than our @{text auto}. For the |
293 and in the easy direction (correctness) their reasoning is more |
294 hard part (completeness), they consider just one of the cases that our @{text |
294 detailed than our @{text auto}. For the hard part (completeness), they |
295 simp_all} disposes of automatically. Then they conclude the proof by saying |
295 consider just one of the cases that our @{text simp_all} disposes of |
296 about the remaining cases: ``We do this in a manner similar to our method of |
296 automatically. Then they conclude the proof by saying about the |
297 proof for part (1); this part is left to the reader''. But this is precisely |
297 remaining cases: ``We do this in a manner similar to our method of |
298 the part that requires the intermediate value theorem and thus is not at all |
298 proof for part (1); this part is left to the reader''. But this is |
299 similar to the other cases (which are automatic in Isabelle). We conclude |
299 precisely the part that requires the intermediate value theorem and |
300 that the authors are at least cavalier about this point and may even have |
300 thus is not at all similar to the other cases (which are automatic in |
301 overlooked the slight difficulty lurking in the omitted cases. This is not |
301 Isabelle). The authors are at least cavalier about this point and may |
302 atypical for pen-and-paper proofs, once analysed in detail. *} |
302 even have overlooked the slight difficulty lurking in the omitted |
|
303 cases. This is not atypical for pen-and-paper proofs, once analysed in |
|
304 detail. *} |
303 |
305 |
304 (*<*)end(*>*) |
306 (*<*)end(*>*) |