65 The most obvious approach is the brute force expansion of \isa{split}:% |
65 The most obvious approach is the brute force expansion of \isa{split}:% |
66 \end{isamarkuptext}% |
66 \end{isamarkuptext}% |
67 \isamarkuptrue% |
67 \isamarkuptrue% |
68 \isacommand{lemma}\ {\isachardoublequote}{\isacharparenleft}{\isasymlambda}{\isacharparenleft}x{\isacharcomma}y{\isacharparenright}{\isachardot}x{\isacharparenright}\ p\ {\isacharequal}\ fst\ p{\isachardoublequote}\isanewline |
68 \isacommand{lemma}\ {\isachardoublequote}{\isacharparenleft}{\isasymlambda}{\isacharparenleft}x{\isacharcomma}y{\isacharparenright}{\isachardot}x{\isacharparenright}\ p\ {\isacharequal}\ fst\ p{\isachardoublequote}\isanewline |
69 \isamarkupfalse% |
69 \isamarkupfalse% |
70 \isacommand{by}{\isacharparenleft}simp\ add{\isacharcolon}\ split{\isacharunderscore}def{\isacharparenright}\isamarkupfalse% |
70 \isamarkupfalse% |
71 % |
71 % |
72 \begin{isamarkuptext}% |
72 \begin{isamarkuptext}% |
73 This works well if rewriting with \isa{split{\isacharunderscore}def} finishes the |
73 This works well if rewriting with \isa{split{\isacharunderscore}def} finishes the |
74 proof, as it does above. But if it does not, you end up with exactly what |
74 proof, as it does above. But if it does not, you end up with exactly what |
75 we are trying to avoid: nests of \isa{fst} and \isa{snd}. Thus this |
75 we are trying to avoid: nests of \isa{fst} and \isa{snd}. Thus this |
88 \index{*split (method)}% |
88 \index{*split (method)}% |
89 \end{isamarkuptext}% |
89 \end{isamarkuptext}% |
90 \isamarkuptrue% |
90 \isamarkuptrue% |
91 \isacommand{lemma}\ {\isachardoublequote}{\isacharparenleft}{\isasymlambda}{\isacharparenleft}x{\isacharcomma}y{\isacharparenright}{\isachardot}y{\isacharparenright}\ p\ {\isacharequal}\ snd\ p{\isachardoublequote}\isanewline |
91 \isacommand{lemma}\ {\isachardoublequote}{\isacharparenleft}{\isasymlambda}{\isacharparenleft}x{\isacharcomma}y{\isacharparenright}{\isachardot}y{\isacharparenright}\ p\ {\isacharequal}\ snd\ p{\isachardoublequote}\isanewline |
92 \isamarkupfalse% |
92 \isamarkupfalse% |
93 \isacommand{apply}{\isacharparenleft}split\ split{\isacharunderscore}split{\isacharparenright}\isamarkupfalse% |
93 \isamarkupfalse% |
94 % |
|
95 \begin{isamarkuptxt}% |
|
96 \begin{isabelle}% |
|
97 \ {\isadigit{1}}{\isachardot}\ {\isasymforall}x\ y{\isachardot}\ p\ {\isacharequal}\ {\isacharparenleft}x{\isacharcomma}\ y{\isacharparenright}\ {\isasymlongrightarrow}\ y\ {\isacharequal}\ snd\ p% |
|
98 \end{isabelle} |
|
99 This subgoal is easily proved by simplification. Thus we could have combined |
|
100 simplification and splitting in one command that proves the goal outright:% |
|
101 \end{isamarkuptxt}% |
|
102 \isamarkuptrue% |
94 \isamarkuptrue% |
103 \isamarkupfalse% |
95 \isamarkupfalse% |
104 \isamarkupfalse% |
96 \isamarkupfalse% |
105 \isacommand{by}{\isacharparenleft}simp\ split{\isacharcolon}\ split{\isacharunderscore}split{\isacharparenright}\isamarkupfalse% |
97 \isamarkupfalse% |
106 % |
98 % |
107 \begin{isamarkuptext}% |
99 \begin{isamarkuptext}% |
108 Let us look at a second example:% |
100 Let us look at a second example:% |
109 \end{isamarkuptext}% |
101 \end{isamarkuptext}% |
110 \isamarkuptrue% |
102 \isamarkuptrue% |
111 \isacommand{lemma}\ {\isachardoublequote}let\ {\isacharparenleft}x{\isacharcomma}y{\isacharparenright}\ {\isacharequal}\ p\ in\ fst\ p\ {\isacharequal}\ x{\isachardoublequote}\isanewline |
103 \isacommand{lemma}\ {\isachardoublequote}let\ {\isacharparenleft}x{\isacharcomma}y{\isacharparenright}\ {\isacharequal}\ p\ in\ fst\ p\ {\isacharequal}\ x{\isachardoublequote}\isanewline |
112 \isamarkupfalse% |
104 \isamarkupfalse% |
113 \isacommand{apply}{\isacharparenleft}simp\ only{\isacharcolon}\ Let{\isacharunderscore}def{\isacharparenright}\isamarkupfalse% |
105 \isamarkupfalse% |
114 % |
|
115 \begin{isamarkuptxt}% |
|
116 \begin{isabelle}% |
|
117 \ {\isadigit{1}}{\isachardot}\ {\isacharparenleft}{\isasymlambda}{\isacharparenleft}x{\isacharcomma}\ y{\isacharparenright}{\isachardot}\ fst\ p\ {\isacharequal}\ x{\isacharparenright}\ p% |
|
118 \end{isabelle} |
|
119 A paired \isa{let} reduces to a paired $\lambda$-abstraction, which |
|
120 can be split as above. The same is true for paired set comprehension:% |
|
121 \end{isamarkuptxt}% |
|
122 \isamarkuptrue% |
106 \isamarkuptrue% |
123 \isamarkupfalse% |
107 \isamarkupfalse% |
124 \isacommand{lemma}\ {\isachardoublequote}p\ {\isasymin}\ {\isacharbraceleft}{\isacharparenleft}x{\isacharcomma}y{\isacharparenright}{\isachardot}\ x{\isacharequal}y{\isacharbraceright}\ {\isasymlongrightarrow}\ fst\ p\ {\isacharequal}\ snd\ p{\isachardoublequote}\isanewline |
108 \isacommand{lemma}\ {\isachardoublequote}p\ {\isasymin}\ {\isacharbraceleft}{\isacharparenleft}x{\isacharcomma}y{\isacharparenright}{\isachardot}\ x{\isacharequal}y{\isacharbraceright}\ {\isasymlongrightarrow}\ fst\ p\ {\isacharequal}\ snd\ p{\isachardoublequote}\isanewline |
125 \isamarkupfalse% |
109 \isamarkupfalse% |
126 \isacommand{apply}\ simp\isamarkupfalse% |
110 \isamarkupfalse% |
127 % |
|
128 \begin{isamarkuptxt}% |
|
129 \begin{isabelle}% |
|
130 \ {\isadigit{1}}{\isachardot}\ split\ op\ {\isacharequal}\ p\ {\isasymlongrightarrow}\ fst\ p\ {\isacharequal}\ snd\ p% |
|
131 \end{isabelle} |
|
132 Again, simplification produces a term suitable for \isa{split{\isacharunderscore}split} |
|
133 as above. If you are worried about the strange form of the premise: |
|
134 \isa{{\isasymlambda}{\isacharparenleft}x{\isacharcomma}\ y{\isacharparenright}{\isachardot}\ x\ {\isacharequal}\ y} is short for \isa{{\isasymlambda}{\isacharparenleft}x{\isacharcomma}y{\isacharparenright}{\isachardot}\ x{\isacharequal}y}. |
|
135 The same proof procedure works for% |
|
136 \end{isamarkuptxt}% |
|
137 \isamarkuptrue% |
111 \isamarkuptrue% |
138 \isamarkupfalse% |
112 \isamarkupfalse% |
139 \isacommand{lemma}\ {\isachardoublequote}p\ {\isasymin}\ {\isacharbraceleft}{\isacharparenleft}x{\isacharcomma}y{\isacharparenright}{\isachardot}\ x{\isacharequal}y{\isacharbraceright}\ {\isasymLongrightarrow}\ fst\ p\ {\isacharequal}\ snd\ p{\isachardoublequote}\isamarkupfalse% |
113 \isacommand{lemma}\ {\isachardoublequote}p\ {\isasymin}\ {\isacharbraceleft}{\isacharparenleft}x{\isacharcomma}y{\isacharparenright}{\isachardot}\ x{\isacharequal}y{\isacharbraceright}\ {\isasymLongrightarrow}\ fst\ p\ {\isacharequal}\ snd\ p{\isachardoublequote}\isamarkupfalse% |
140 % |
|
141 \begin{isamarkuptxt}% |
|
142 \noindent |
|
143 except that we now have to use \isa{split{\isacharunderscore}split{\isacharunderscore}asm}, because |
|
144 \isa{split} occurs in the assumptions. |
|
145 |
|
146 However, splitting \isa{split} is not always a solution, as no \isa{split} |
|
147 may be present in the goal. Consider the following function:% |
|
148 \end{isamarkuptxt}% |
|
149 \isamarkuptrue% |
114 \isamarkuptrue% |
150 \isamarkupfalse% |
115 \isamarkupfalse% |
151 \isacommand{consts}\ swap\ {\isacharcolon}{\isacharcolon}\ {\isachardoublequote}{\isacharprime}a\ {\isasymtimes}\ {\isacharprime}b\ {\isasymRightarrow}\ {\isacharprime}b\ {\isasymtimes}\ {\isacharprime}a{\isachardoublequote}\isanewline |
116 \isacommand{consts}\ swap\ {\isacharcolon}{\isacharcolon}\ {\isachardoublequote}{\isacharprime}a\ {\isasymtimes}\ {\isacharprime}b\ {\isasymRightarrow}\ {\isacharprime}b\ {\isasymtimes}\ {\isacharprime}a{\isachardoublequote}\isanewline |
152 \isamarkupfalse% |
117 \isamarkupfalse% |
153 \isacommand{primrec}\isanewline |
118 \isacommand{primrec}\isanewline |
158 Note that the above \isacommand{primrec} definition is admissible |
123 Note that the above \isacommand{primrec} definition is admissible |
159 because \isa{{\isasymtimes}} is a datatype. When we now try to prove% |
124 because \isa{{\isasymtimes}} is a datatype. When we now try to prove% |
160 \end{isamarkuptext}% |
125 \end{isamarkuptext}% |
161 \isamarkuptrue% |
126 \isamarkuptrue% |
162 \isacommand{lemma}\ {\isachardoublequote}swap{\isacharparenleft}swap\ p{\isacharparenright}\ {\isacharequal}\ p{\isachardoublequote}\isamarkupfalse% |
127 \isacommand{lemma}\ {\isachardoublequote}swap{\isacharparenleft}swap\ p{\isacharparenright}\ {\isacharequal}\ p{\isachardoublequote}\isamarkupfalse% |
163 % |
|
164 \begin{isamarkuptxt}% |
|
165 \noindent |
|
166 simplification will do nothing, because the defining equation for \isa{swap} |
|
167 expects a pair. Again, we need to turn \isa{p} into a pair first, but this |
|
168 time there is no \isa{split} in sight. In this case the only thing we can do |
|
169 is to split the term by hand:% |
|
170 \end{isamarkuptxt}% |
|
171 \isamarkuptrue% |
128 \isamarkuptrue% |
172 \isacommand{apply}{\isacharparenleft}case{\isacharunderscore}tac\ p{\isacharparenright}\isamarkupfalse% |
129 \isamarkupfalse% |
173 % |
|
174 \begin{isamarkuptxt}% |
|
175 \noindent |
|
176 \begin{isabelle}% |
|
177 \ {\isadigit{1}}{\isachardot}\ {\isasymAnd}a\ b{\isachardot}\ p\ {\isacharequal}\ {\isacharparenleft}a{\isacharcomma}\ b{\isacharparenright}\ {\isasymLongrightarrow}\ swap\ {\isacharparenleft}swap\ p{\isacharparenright}\ {\isacharequal}\ p% |
|
178 \end{isabelle} |
|
179 Again, \methdx{case_tac} is applicable because \isa{{\isasymtimes}} is a datatype. |
|
180 The subgoal is easily proved by \isa{simp}. |
|
181 |
|
182 Splitting by \isa{case{\isacharunderscore}tac} also solves the previous examples and may thus |
|
183 appear preferable to the more arcane methods introduced first. However, see |
|
184 the warning about \isa{case{\isacharunderscore}tac} in \S\ref{sec:struct-ind-case}. |
|
185 |
|
186 In case the term to be split is a quantified variable, there are more options. |
|
187 You can split \emph{all} \isa{{\isasymAnd}}-quantified variables in a goal |
|
188 with the rewrite rule \isa{split{\isacharunderscore}paired{\isacharunderscore}all}:% |
|
189 \end{isamarkuptxt}% |
|
190 \isamarkuptrue% |
130 \isamarkuptrue% |
191 \isamarkupfalse% |
131 \isamarkupfalse% |
192 \isacommand{lemma}\ {\isachardoublequote}{\isasymAnd}p\ q{\isachardot}\ swap{\isacharparenleft}swap\ p{\isacharparenright}\ {\isacharequal}\ q\ {\isasymlongrightarrow}\ p\ {\isacharequal}\ q{\isachardoublequote}\isanewline |
132 \isacommand{lemma}\ {\isachardoublequote}{\isasymAnd}p\ q{\isachardot}\ swap{\isacharparenleft}swap\ p{\isacharparenright}\ {\isacharequal}\ q\ {\isasymlongrightarrow}\ p\ {\isacharequal}\ q{\isachardoublequote}\isanewline |
193 \isamarkupfalse% |
133 \isamarkupfalse% |
194 \isacommand{apply}{\isacharparenleft}simp\ only{\isacharcolon}\ split{\isacharunderscore}paired{\isacharunderscore}all{\isacharparenright}\isamarkupfalse% |
134 \isamarkupfalse% |
195 % |
|
196 \begin{isamarkuptxt}% |
|
197 \noindent |
|
198 \begin{isabelle}% |
|
199 \ {\isadigit{1}}{\isachardot}\ {\isasymAnd}a\ b\ aa\ ba{\isachardot}\isanewline |
|
200 \isaindent{\ {\isadigit{1}}{\isachardot}\ \ \ \ }swap\ {\isacharparenleft}swap\ {\isacharparenleft}a{\isacharcomma}\ b{\isacharparenright}{\isacharparenright}\ {\isacharequal}\ {\isacharparenleft}aa{\isacharcomma}\ ba{\isacharparenright}\ {\isasymlongrightarrow}\ {\isacharparenleft}a{\isacharcomma}\ b{\isacharparenright}\ {\isacharequal}\ {\isacharparenleft}aa{\isacharcomma}\ ba{\isacharparenright}% |
|
201 \end{isabelle}% |
|
202 \end{isamarkuptxt}% |
|
203 \isamarkuptrue% |
135 \isamarkuptrue% |
204 \isacommand{apply}\ simp\isanewline |
|
205 \isamarkupfalse% |
136 \isamarkupfalse% |
206 \isacommand{done}\isamarkupfalse% |
137 \isamarkupfalse% |
207 % |
138 % |
208 \begin{isamarkuptext}% |
139 \begin{isamarkuptext}% |
209 \noindent |
140 \noindent |
210 Note that we have intentionally included only \isa{split{\isacharunderscore}paired{\isacharunderscore}all} |
141 Note that we have intentionally included only \isa{split{\isacharunderscore}paired{\isacharunderscore}all} |
211 in the first simplification step, and then we simplify again. |
142 in the first simplification step, and then we simplify again. |
216 The following command could fail (here it does not) |
147 The following command could fail (here it does not) |
217 where two separate \isa{simp} applications succeed.% |
148 where two separate \isa{simp} applications succeed.% |
218 \end{isamarkuptext}% |
149 \end{isamarkuptext}% |
219 \isamarkuptrue% |
150 \isamarkuptrue% |
220 \isamarkupfalse% |
151 \isamarkupfalse% |
221 \isacommand{apply}{\isacharparenleft}simp\ add{\isacharcolon}\ split{\isacharunderscore}paired{\isacharunderscore}all{\isacharparenright}\isamarkupfalse% |
152 \isamarkupfalse% |
222 \isamarkupfalse% |
153 \isamarkupfalse% |
223 % |
154 % |
224 \begin{isamarkuptext}% |
155 \begin{isamarkuptext}% |
225 \noindent |
156 \noindent |
226 Finally, the simplifier automatically splits all \isa{{\isasymforall}} and |
157 Finally, the simplifier automatically splits all \isa{{\isasymforall}} and |
227 \isa{{\isasymexists}}-quantified variables:% |
158 \isa{{\isasymexists}}-quantified variables:% |
228 \end{isamarkuptext}% |
159 \end{isamarkuptext}% |
229 \isamarkuptrue% |
160 \isamarkuptrue% |
230 \isacommand{lemma}\ {\isachardoublequote}{\isasymforall}p{\isachardot}\ {\isasymexists}q{\isachardot}\ swap\ p\ {\isacharequal}\ swap\ q{\isachardoublequote}\isanewline |
161 \isacommand{lemma}\ {\isachardoublequote}{\isasymforall}p{\isachardot}\ {\isasymexists}q{\isachardot}\ swap\ p\ {\isacharequal}\ swap\ q{\isachardoublequote}\isanewline |
231 \isamarkupfalse% |
162 \isamarkupfalse% |
232 \isacommand{by}\ simp\isamarkupfalse% |
163 \isamarkupfalse% |
233 % |
164 % |
234 \begin{isamarkuptext}% |
165 \begin{isamarkuptext}% |
235 \noindent |
166 \noindent |
236 To turn off this automatic splitting, just disable the |
167 To turn off this automatic splitting, just disable the |
237 responsible simplification rules: |
168 responsible simplification rules: |