53 \begin{isabellepar}% |
53 \begin{isabellepar}% |
54 \ 1.\ []\ {\isasymnoteq}\ []\ {\isasymlongrightarrow}\ hd\ (rev\ [])\ =\ last\ [] |
54 \ 1.\ []\ {\isasymnoteq}\ []\ {\isasymlongrightarrow}\ hd\ (rev\ [])\ =\ last\ [] |
55 \end{isabellepar}% |
55 \end{isabellepar}% |
56 which is trivial, and \isa{auto} finishes the whole proof. |
56 which is trivial, and \isa{auto} finishes the whole proof. |
57 |
57 |
58 If \isa{hd\_rev} is meant to be simplification rule, you are done. But if you |
58 If \isa{hd\_rev} is meant to be a simplification rule, you are done. But if you |
59 really need the \isa{\isasymLongrightarrow}-version of \isa{hd\_rev}, for |
59 really need the \isa{\isasymLongrightarrow}-version of \isa{hd\_rev}, for |
60 example because you want to apply it as an introduction rule, you need to |
60 example because you want to apply it as an introduction rule, you need to |
61 derive it separately, by combining it with modus ponens:% |
61 derive it separately, by combining it with modus ponens:% |
62 \end{isamarkuptext}% |
62 \end{isamarkuptext}% |
63 \isacommand{lemmas}\ hd{\isacharunderscore}revI\ {\isacharequal}\ hd{\isacharunderscore}rev{\isacharbrackleft}THEN\ mp{\isacharbrackright}% |
63 \isacommand{lemmas}\ hd{\isacharunderscore}revI\ {\isacharequal}\ hd{\isacharunderscore}rev{\isacharbrackleft}THEN\ mp{\isacharbrackright}% |
71 (see the remark?? in \S\ref{??}). |
71 (see the remark?? in \S\ref{??}). |
72 Additionally, you may also have to universally quantify some other variables, |
72 Additionally, you may also have to universally quantify some other variables, |
73 which can yield a fairly complex conclusion. |
73 which can yield a fairly complex conclusion. |
74 Here is a simple example (which is proved by \isa{blast}):% |
74 Here is a simple example (which is proved by \isa{blast}):% |
75 \end{isamarkuptext}% |
75 \end{isamarkuptext}% |
76 \isacommand{lemma}\ simple{\isacharcolon}\ {\isachardoublequote}{\isasymforall}\ y{\isachardot}\ A\ y\ {\isasymlongrightarrow}\ B\ y\ {\isasymlongrightarrow}\ B\ y\ {\isacharampersand}\ A\ y{\isachardoublequote}% |
76 \isacommand{lemma}\ simple{\isacharcolon}\ {\isachardoublequote}{\isasymforall}y{\isachardot}\ A\ y\ {\isasymlongrightarrow}\ B\ y\ {\isasymlongrightarrow}\ B\ y\ {\isacharampersand}\ A\ y{\isachardoublequote}% |
77 \begin{isamarkuptext}% |
77 \begin{isamarkuptext}% |
78 \noindent |
78 \noindent |
79 You can get the desired lemma by explicit |
79 You can get the desired lemma by explicit |
80 application of modus ponens and \isa{spec}:% |
80 application of modus ponens and \isa{spec}:% |
81 \end{isamarkuptext}% |
81 \end{isamarkuptext}% |
86 \isa{\isasymlongrightarrow} in the conclusion via \isa{rulify}% |
86 \isa{\isasymlongrightarrow} in the conclusion via \isa{rulify}% |
87 \end{isamarkuptext}% |
87 \end{isamarkuptext}% |
88 \isacommand{lemmas}\ myrule\ {\isacharequal}\ simple{\isacharbrackleft}rulify{\isacharbrackright}% |
88 \isacommand{lemmas}\ myrule\ {\isacharequal}\ simple{\isacharbrackleft}rulify{\isacharbrackright}% |
89 \begin{isamarkuptext}% |
89 \begin{isamarkuptext}% |
90 \noindent |
90 \noindent |
91 yielding \isa{{\isasymlbrakk}\mbox{{\isacharquery}A}\ \mbox{{\isacharquery}y}{\isacharsemicolon}\ \mbox{{\isacharquery}B}\ \mbox{{\isacharquery}y}{\isasymrbrakk}\ {\isasymLongrightarrow}\ \mbox{{\isacharquery}B}\ \mbox{{\isacharquery}y}\ {\isasymand}\ \mbox{{\isacharquery}A}\ \mbox{{\isacharquery}y}}. |
91 yielding \isa{{\isasymlbrakk}\mbox{A}\ \mbox{y}{\isacharsemicolon}\ \mbox{B}\ \mbox{y}{\isasymrbrakk}\ {\isasymLongrightarrow}\ \mbox{B}\ \mbox{y}\ {\isasymand}\ \mbox{A}\ \mbox{y}}. |
92 You can go one step further and include these derivations already in the |
92 You can go one step further and include these derivations already in the |
93 statement of your original lemma, thus avoiding the intermediate step:% |
93 statement of your original lemma, thus avoiding the intermediate step:% |
94 \end{isamarkuptext}% |
94 \end{isamarkuptext}% |
95 \isacommand{lemma}\ myrule{\isacharbrackleft}rulify{\isacharbrackright}{\isacharcolon}\ \ {\isachardoublequote}{\isasymforall}\ y{\isachardot}\ A\ y\ {\isasymlongrightarrow}\ B\ y\ {\isasymlongrightarrow}\ B\ y\ {\isacharampersand}\ A\ y{\isachardoublequote}% |
95 \isacommand{lemma}\ myrule{\isacharbrackleft}rulify{\isacharbrackright}{\isacharcolon}\ \ {\isachardoublequote}{\isasymforall}y{\isachardot}\ A\ y\ {\isasymlongrightarrow}\ B\ y\ {\isasymlongrightarrow}\ B\ y\ {\isacharampersand}\ A\ y{\isachardoublequote}% |
96 \begin{isamarkuptext}% |
96 \begin{isamarkuptext}% |
97 \bigskip |
97 \bigskip |
98 |
98 |
99 A second reason why your proposition may not be amenable to induction is that |
99 A second reason why your proposition may not be amenable to induction is that |
100 you want to induct on a whole term, rather than an individual variable. In |
100 you want to induct on a whole term, rather than an individual variable. In |
102 \[ \forall y@1 \dots y@n.~ x = t \longrightarrow C \] where $y@1 \dots y@n$ |
102 \[ \forall y@1 \dots y@n.~ x = t \longrightarrow C \] where $y@1 \dots y@n$ |
103 are the free variables in $t$ and $x$ is new, and perform induction on $x$ |
103 are the free variables in $t$ and $x$ is new, and perform induction on $x$ |
104 afterwards. An example appears below.% |
104 afterwards. An example appears below.% |
105 \end{isamarkuptext}% |
105 \end{isamarkuptext}% |
106 % |
106 % |
107 \isamarkupsubsection{Beyond structural induction} |
107 \isamarkupsubsection{Beyond structural and recursion induction} |
108 % |
108 % |
109 \begin{isamarkuptext}% |
109 \begin{isamarkuptext}% |
110 So far, inductive proofs where by structural induction for |
110 So far, inductive proofs where by structural induction for |
111 primitive recursive functions and recursion induction for total recursive |
111 primitive recursive functions and recursion induction for total recursive |
112 functions. But sometimes structural induction is awkward and there is no |
112 functions. But sometimes structural induction is awkward and there is no |
119 induction'', where you must prove $P(n)$ under the assumption that $P(m)$ |
119 induction'', where you must prove $P(n)$ under the assumption that $P(m)$ |
120 holds for all $m<n$. In Isabelle, this is the theorem \isa{less\_induct}: |
120 holds for all $m<n$. In Isabelle, this is the theorem \isa{less\_induct}: |
121 \begin{quote} |
121 \begin{quote} |
122 |
122 |
123 \begin{isabelle}% |
123 \begin{isabelle}% |
124 {\isacharparenleft}{\isasymAnd}\mbox{n}{\isachardot}\ {\isasymforall}\mbox{m}{\isachardot}\ \mbox{m}\ {\isacharless}\ \mbox{n}\ {\isasymlongrightarrow}\ \mbox{{\isacharquery}P}\ \mbox{m}\ {\isasymLongrightarrow}\ \mbox{{\isacharquery}P}\ \mbox{n}{\isacharparenright}\ {\isasymLongrightarrow}\ \mbox{{\isacharquery}P}\ \mbox{{\isacharquery}n} |
124 {\isacharparenleft}{\isasymAnd}\mbox{n}{\isachardot}\ {\isasymforall}\mbox{m}{\isachardot}\ \mbox{m}\ {\isacharless}\ \mbox{n}\ {\isasymlongrightarrow}\ \mbox{P}\ \mbox{m}\ {\isasymLongrightarrow}\ \mbox{P}\ \mbox{n}{\isacharparenright}\ {\isasymLongrightarrow}\ \mbox{P}\ \mbox{n} |
125 \end{isabelle}% |
125 \end{isabelle}% |
126 |
126 |
127 \end{quote} |
127 \end{quote} |
128 Here is an example of its application.% |
128 Here is an example of its application.% |
129 \end{isamarkuptext}% |
129 \end{isamarkuptext}% |
167 \begin{isamarkuptext}% |
167 \begin{isamarkuptext}% |
168 \noindent |
168 \noindent |
169 It is not surprising if you find the last step puzzling. |
169 It is not surprising if you find the last step puzzling. |
170 The proof goes like this (writing \isa{j} instead of \isa{nat}). |
170 The proof goes like this (writing \isa{j} instead of \isa{nat}). |
171 Since \isa{\mbox{i}\ {\isacharequal}\ Suc\ \mbox{j}} it suffices to show |
171 Since \isa{\mbox{i}\ {\isacharequal}\ Suc\ \mbox{j}} it suffices to show |
172 \isa{\mbox{j}\ {\isacharless}\ f\ {\isacharparenleft}Suc\ \mbox{j}{\isacharparenright}} (by \isa{Suc\_leI}: \isa{\mbox{{\isacharquery}m}\ {\isacharless}\ \mbox{{\isacharquery}n}\ {\isasymLongrightarrow}\ Suc\ \mbox{{\isacharquery}m}\ {\isasymle}\ \mbox{{\isacharquery}n}}). This is |
172 \isa{\mbox{j}\ {\isacharless}\ f\ {\isacharparenleft}Suc\ \mbox{j}{\isacharparenright}} (by \isa{Suc\_leI}: \isa{\mbox{m}\ {\isacharless}\ \mbox{n}\ {\isasymLongrightarrow}\ Suc\ \mbox{m}\ {\isasymle}\ \mbox{n}}). This is |
173 proved as follows. From \isa{f\_ax} we have \isa{f\ {\isacharparenleft}f\ \mbox{j}{\isacharparenright}\ {\isacharless}\ f\ {\isacharparenleft}Suc\ \mbox{j}{\isacharparenright}} |
173 proved as follows. From \isa{f\_ax} we have \isa{f\ {\isacharparenleft}f\ \mbox{j}{\isacharparenright}\ {\isacharless}\ f\ {\isacharparenleft}Suc\ \mbox{j}{\isacharparenright}} |
174 (1) which implies \isa{f\ \mbox{j}\ {\isasymle}\ f\ {\isacharparenleft}f\ \mbox{j}{\isacharparenright}} (by the induction hypothesis). |
174 (1) which implies \isa{f\ \mbox{j}\ {\isasymle}\ f\ {\isacharparenleft}f\ \mbox{j}{\isacharparenright}} (by the induction hypothesis). |
175 Using (1) once more we obtain \isa{f\ \mbox{j}\ {\isacharless}\ f\ {\isacharparenleft}Suc\ \mbox{j}{\isacharparenright}} (2) by transitivity |
175 Using (1) once more we obtain \isa{f\ \mbox{j}\ {\isacharless}\ f\ {\isacharparenleft}Suc\ \mbox{j}{\isacharparenright}} (2) by transitivity |
176 (\isa{le_less_trans}: \isa{{\isasymlbrakk}\mbox{{\isacharquery}i}\ {\isasymle}\ \mbox{{\isacharquery}j}{\isacharsemicolon}\ \mbox{{\isacharquery}j}\ {\isacharless}\ \mbox{{\isacharquery}k}{\isasymrbrakk}\ {\isasymLongrightarrow}\ \mbox{{\isacharquery}i}\ {\isacharless}\ \mbox{{\isacharquery}k}}). |
176 (\isa{le_less_trans}: \isa{{\isasymlbrakk}\mbox{i}\ {\isasymle}\ \mbox{j}{\isacharsemicolon}\ \mbox{j}\ {\isacharless}\ \mbox{k}{\isasymrbrakk}\ {\isasymLongrightarrow}\ \mbox{i}\ {\isacharless}\ \mbox{k}}). |
177 Using the induction hypothesis once more we obtain \isa{\mbox{j}\ {\isasymle}\ f\ \mbox{j}} |
177 Using the induction hypothesis once more we obtain \isa{\mbox{j}\ {\isasymle}\ f\ \mbox{j}} |
178 which, together with (2) yields \isa{\mbox{j}\ {\isacharless}\ f\ {\isacharparenleft}Suc\ \mbox{j}{\isacharparenright}} (again by |
178 which, together with (2) yields \isa{\mbox{j}\ {\isacharless}\ f\ {\isacharparenleft}Suc\ \mbox{j}{\isacharparenright}} (again by |
179 \isa{le_less_trans}). |
179 \isa{le_less_trans}). |
180 |
180 |
181 This last step shows both the power and the danger of automatic proofs: they |
181 This last step shows both the power and the danger of automatic proofs: they |
186 |
186 |
187 We can now derive the desired \isa{\mbox{i}\ {\isasymle}\ f\ \mbox{i}} from \isa{f\_incr}:% |
187 We can now derive the desired \isa{\mbox{i}\ {\isasymle}\ f\ \mbox{i}} from \isa{f\_incr}:% |
188 \end{isamarkuptext}% |
188 \end{isamarkuptext}% |
189 \isacommand{lemmas}\ f{\isacharunderscore}incr\ {\isacharequal}\ f{\isacharunderscore}incr{\isacharunderscore}lem{\isacharbrackleft}rulify{\isacharcomma}\ OF\ refl{\isacharbrackright}% |
189 \isacommand{lemmas}\ f{\isacharunderscore}incr\ {\isacharequal}\ f{\isacharunderscore}incr{\isacharunderscore}lem{\isacharbrackleft}rulify{\isacharcomma}\ OF\ refl{\isacharbrackright}% |
190 \begin{isamarkuptext}% |
190 \begin{isamarkuptext}% |
|
191 \noindent |
191 The final \isa{refl} gets rid of the premise \isa{?k = f ?i}. Again, we could |
192 The final \isa{refl} gets rid of the premise \isa{?k = f ?i}. Again, we could |
192 have included this derivation in the original statement of the lemma:% |
193 have included this derivation in the original statement of the lemma:% |
193 \end{isamarkuptext}% |
194 \end{isamarkuptext}% |
194 \isacommand{lemma}\ f{\isacharunderscore}incr{\isacharbrackleft}rulify{\isacharcomma}\ OF\ refl{\isacharbrackright}{\isacharcolon}\ {\isachardoublequote}{\isasymforall}i{\isachardot}\ k\ {\isacharequal}\ f\ i\ {\isasymlongrightarrow}\ i\ {\isasymle}\ f\ i{\isachardoublequote}% |
195 \isacommand{lemma}\ f{\isacharunderscore}incr{\isacharbrackleft}rulify{\isacharcomma}\ OF\ refl{\isacharbrackright}{\isacharcolon}\ {\isachardoublequote}{\isasymforall}i{\isachardot}\ k\ {\isacharequal}\ f\ i\ {\isasymlongrightarrow}\ i\ {\isasymle}\ f\ i{\isachardoublequote}% |
195 \begin{isamarkuptext}% |
196 \begin{isamarkuptext}% |
207 In fact, \isa{induct\_tac} even allows the conclusion of |
208 In fact, \isa{induct\_tac} even allows the conclusion of |
208 \isa{r} to be an (iterated) conjunction of formulae of the above form, in |
209 \isa{r} to be an (iterated) conjunction of formulae of the above form, in |
209 which case the application is |
210 which case the application is |
210 \begin{ttbox} |
211 \begin{ttbox} |
211 apply(induct_tac y1 ... yn and ... and z1 ... zm rule: r) |
212 apply(induct_tac y1 ... yn and ... and z1 ... zm rule: r) |
212 \end{ttbox} |
213 \end{ttbox}% |
213 |
214 \end{isamarkuptext}% |
|
215 % |
|
216 \isamarkupsubsection{Derivation of new induction schemas} |
|
217 % |
|
218 \begin{isamarkuptext}% |
|
219 \label{sec:derive-ind} |
|
220 Induction schemas are ordinary theorems and you can derive new ones |
|
221 whenever you wish. This section shows you how to, using the example |
|
222 of \isa{less\_induct}. Assume we only have structural induction |
|
223 available for \isa{nat} and want to derive complete induction. This |
|
224 requires us to generalize the statement first:% |
|
225 \end{isamarkuptext}% |
|
226 \isacommand{lemma}\ induct{\isacharunderscore}lem{\isacharcolon}\ {\isachardoublequote}{\isacharparenleft}{\isasymAnd}n{\isacharcolon}{\isacharcolon}nat{\isachardot}\ {\isasymforall}m{\isacharless}n{\isachardot}\ P\ m\ {\isasymLongrightarrow}\ P\ n{\isacharparenright}\ {\isacharequal}{\isacharequal}{\isachargreater}\ {\isasymforall}m{\isacharless}n{\isachardot}\ P\ m{\isachardoublequote}\isanewline |
|
227 \isacommand{apply}{\isacharparenleft}induct{\isacharunderscore}tac\ n{\isacharparenright}% |
|
228 \begin{isamarkuptxt}% |
|
229 \noindent |
|
230 The base case is trivially true. For the induction step (\isa{\mbox{m}\ {\isacharless}\ Suc\ \mbox{n}}) we distinguish two cases: \isa{\mbox{m}\ {\isacharless}\ \mbox{n}} is true by induction |
|
231 hypothesis and \isa{\mbox{m}\ {\isacharequal}\ \mbox{n}} follow from the assumption again using |
|
232 the induction hypothesis:% |
|
233 \end{isamarkuptxt}% |
|
234 \isacommand{apply}{\isacharparenleft}blast{\isacharparenright}\isanewline |
|
235 \isanewline |
|
236 \isacommand{ML}{\isachardoublequote}set\ quick{\isacharunderscore}and{\isacharunderscore}dirty{\isachardoublequote}\isanewline |
|
237 \isacommand{sorry}\isanewline |
|
238 \isacommand{ML}{\isachardoublequote}reset\ quick{\isacharunderscore}and{\isacharunderscore}dirty{\isachardoublequote}% |
|
239 \begin{isamarkuptext}% |
|
240 \noindent |
|
241 The elimination rule \isa{less_SucE} expresses the case distinction: |
|
242 \begin{quote} |
|
243 |
|
244 \begin{isabelle}% |
|
245 {\isasymlbrakk}\mbox{m}\ {\isacharless}\ Suc\ \mbox{n}{\isacharsemicolon}\ \mbox{m}\ {\isacharless}\ \mbox{n}\ {\isasymLongrightarrow}\ \mbox{P}{\isacharsemicolon}\ \mbox{m}\ {\isacharequal}\ \mbox{n}\ {\isasymLongrightarrow}\ \mbox{P}{\isasymrbrakk}\ {\isasymLongrightarrow}\ \mbox{P} |
|
246 \end{isabelle}% |
|
247 |
|
248 \end{quote} |
|
249 |
|
250 Now it is straightforward to derive the original version of |
|
251 \isa{less\_induct} by manipulting the conclusion of the above lemma: |
|
252 instantiate \isa{n} by \isa{Suc\ \mbox{n}} and \isa{m} by \isa{n} and |
|
253 remove the trivial condition \isa{\mbox{n}\ {\isacharless}\ \mbox{Sc}\ \mbox{n}}. Fortunately, this |
|
254 happens automatically when we add the lemma as a new premise to the |
|
255 desired goal:% |
|
256 \end{isamarkuptext}% |
|
257 \isacommand{theorem}\ less{\isacharunderscore}induct{\isacharcolon}\ {\isachardoublequote}{\isacharparenleft}{\isasymAnd}n{\isacharcolon}{\isacharcolon}nat{\isachardot}\ {\isasymforall}m{\isacharless}n{\isachardot}\ P\ m\ {\isasymLongrightarrow}\ P\ n{\isacharparenright}\ {\isacharequal}{\isacharequal}{\isachargreater}\ P\ n{\isachardoublequote}\isanewline |
|
258 \isacommand{by}{\isacharparenleft}insert\ induct{\isacharunderscore}lem{\isacharcomma}\ blast{\isacharparenright}% |
|
259 \begin{isamarkuptext}% |
|
260 \noindent |
214 Finally we should mention that HOL already provides the mother of all |
261 Finally we should mention that HOL already provides the mother of all |
215 inductions, \emph{wellfounded induction} (\isa{wf\_induct}): |
262 inductions, \emph{wellfounded induction} (\isa{wf\_induct}): |
216 \begin{quote} |
263 \begin{quote} |
217 |
264 |
218 \begin{isabelle}% |
265 \begin{isabelle}% |
219 {\isasymlbrakk}wf\ \mbox{{\isacharquery}r}{\isacharsemicolon}\ {\isasymAnd}\mbox{x}{\isachardot}\ {\isasymforall}\mbox{y}{\isachardot}\ {\isacharparenleft}\mbox{y}{\isacharcomma}\ \mbox{x}{\isacharparenright}\ {\isasymin}\ \mbox{{\isacharquery}r}\ {\isasymlongrightarrow}\ \mbox{{\isacharquery}P}\ \mbox{y}\ {\isasymLongrightarrow}\ \mbox{{\isacharquery}P}\ \mbox{x}{\isasymrbrakk}\ {\isasymLongrightarrow}\ \mbox{{\isacharquery}P}\ \mbox{{\isacharquery}a} |
266 {\isasymlbrakk}wf\ \mbox{r}{\isacharsemicolon}\ {\isasymAnd}\mbox{x}{\isachardot}\ {\isasymforall}\mbox{y}{\isachardot}\ {\isacharparenleft}\mbox{y}{\isacharcomma}\ \mbox{x}{\isacharparenright}\ {\isasymin}\ \mbox{r}\ {\isasymlongrightarrow}\ \mbox{P}\ \mbox{y}\ {\isasymLongrightarrow}\ \mbox{P}\ \mbox{x}{\isasymrbrakk}\ {\isasymLongrightarrow}\ \mbox{P}\ \mbox{a} |
220 \end{isabelle}% |
267 \end{isabelle}% |
221 |
268 |
222 \end{quote} |
269 \end{quote} |
|
270 where \isa{wf\ \mbox{r}} means that the relation \isa{r} is wellfounded. |
|
271 For example \isa{less\_induct} is the special case where \isa{r} is \isa{<} on \isa{nat}. |
223 For details see the library.% |
272 For details see the library.% |
224 \end{isamarkuptext}% |
273 \end{isamarkuptext}% |
225 \end{isabelle}% |
274 \end{isabelle}% |
226 %%% Local Variables: |
275 %%% Local Variables: |
227 %%% mode: latex |
276 %%% mode: latex |