src/CTT/Arith.ML
changeset 0 a5a9c433f639
child 354 edf1ffedf139
     1.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     1.2 +++ b/src/CTT/Arith.ML	Thu Sep 16 12:20:38 1993 +0200
     1.3 @@ -0,0 +1,497 @@
     1.4 +(*  Title: 	CTT/arith
     1.5 +    ID:         $Id$
     1.6 +    Author: 	Lawrence C Paulson, Cambridge University Computer Laboratory
     1.7 +    Copyright   1991  University of Cambridge
     1.8 +
     1.9 +Theorems for arith.thy (Arithmetic operators)
    1.10 +
    1.11 +Proofs about elementary arithmetic: addition, multiplication, etc.
    1.12 +Tests definitions and simplifier.
    1.13 +*)
    1.14 +
    1.15 +open Arith;
    1.16 +val arith_defs = [add_def, diff_def, absdiff_def, mult_def, mod_def, div_def];
    1.17 +
    1.18 +
    1.19 +(** Addition *)
    1.20 +
    1.21 +(*typing of add: short and long versions*)
    1.22 +
    1.23 +val add_typing = prove_goal Arith.thy 
    1.24 +    "[| a:N;  b:N |] ==> a #+ b : N"
    1.25 + (fn prems=>
    1.26 +  [ (rewrite_goals_tac arith_defs),
    1.27 +    (typechk_tac prems) ]);
    1.28 +
    1.29 +val add_typingL = prove_goal Arith.thy 
    1.30 +    "[| a=c:N;  b=d:N |] ==> a #+ b = c #+ d : N"
    1.31 + (fn prems=>
    1.32 +  [ (rewrite_goals_tac arith_defs),
    1.33 +    (equal_tac prems) ]);
    1.34 +
    1.35 +
    1.36 +(*computation for add: 0 and successor cases*)
    1.37 +
    1.38 +val addC0 = prove_goal Arith.thy 
    1.39 +    "b:N ==> 0 #+ b = b : N"
    1.40 + (fn prems=>
    1.41 +  [ (rewrite_goals_tac arith_defs),
    1.42 +    (rew_tac prems) ]);
    1.43 +
    1.44 +val addC_succ = prove_goal Arith.thy 
    1.45 +    "[| a:N;  b:N |] ==> succ(a) #+ b = succ(a #+ b) : N"
    1.46 + (fn prems=>
    1.47 +  [ (rewrite_goals_tac arith_defs),
    1.48 +    (rew_tac prems) ]); 
    1.49 +
    1.50 +
    1.51 +(** Multiplication *)
    1.52 +
    1.53 +(*typing of mult: short and long versions*)
    1.54 +
    1.55 +val mult_typing = prove_goal Arith.thy 
    1.56 +    "[| a:N;  b:N |] ==> a #* b : N"
    1.57 + (fn prems=>
    1.58 +  [ (rewrite_goals_tac arith_defs),
    1.59 +    (typechk_tac([add_typing]@prems)) ]);
    1.60 +
    1.61 +val mult_typingL = prove_goal Arith.thy 
    1.62 +    "[| a=c:N;  b=d:N |] ==> a #* b = c #* d : N"
    1.63 + (fn prems=>
    1.64 +  [ (rewrite_goals_tac arith_defs),
    1.65 +    (equal_tac (prems@[add_typingL])) ]);
    1.66 +
    1.67 +(*computation for mult: 0 and successor cases*)
    1.68 +
    1.69 +val multC0 = prove_goal Arith.thy 
    1.70 +    "b:N ==> 0 #* b = 0 : N"
    1.71 + (fn prems=>
    1.72 +  [ (rewrite_goals_tac arith_defs),
    1.73 +    (rew_tac prems) ]);
    1.74 +
    1.75 +val multC_succ = prove_goal Arith.thy 
    1.76 +    "[| a:N;  b:N |] ==> succ(a) #* b = b #+ (a #* b) : N"
    1.77 + (fn prems=>
    1.78 +  [ (rewrite_goals_tac arith_defs),
    1.79 +    (rew_tac prems) ]);
    1.80 +
    1.81 +
    1.82 +(** Difference *)
    1.83 +
    1.84 +(*typing of difference*)
    1.85 +
    1.86 +val diff_typing = prove_goal Arith.thy 
    1.87 +    "[| a:N;  b:N |] ==> a - b : N"
    1.88 + (fn prems=>
    1.89 +  [ (rewrite_goals_tac arith_defs),
    1.90 +    (typechk_tac prems) ]);
    1.91 +
    1.92 +val diff_typingL = prove_goal Arith.thy 
    1.93 +    "[| a=c:N;  b=d:N |] ==> a - b = c - d : N"
    1.94 + (fn prems=>
    1.95 +  [ (rewrite_goals_tac arith_defs),
    1.96 +    (equal_tac prems) ]);
    1.97 +
    1.98 +
    1.99 +
   1.100 +(*computation for difference: 0 and successor cases*)
   1.101 +
   1.102 +val diffC0 = prove_goal Arith.thy 
   1.103 +    "a:N ==> a - 0 = a : N"
   1.104 + (fn prems=>
   1.105 +  [ (rewrite_goals_tac arith_defs),
   1.106 +    (rew_tac prems) ]);
   1.107 +
   1.108 +(*Note: rec(a, 0, %z w.z) is pred(a). *)
   1.109 +
   1.110 +val diff_0_eq_0 = prove_goal Arith.thy 
   1.111 +    "b:N ==> 0 - b = 0 : N"
   1.112 + (fn prems=>
   1.113 +  [ (NE_tac "b" 1),
   1.114 +    (rewrite_goals_tac arith_defs),
   1.115 +    (hyp_rew_tac prems) ]);
   1.116 +
   1.117 +
   1.118 +(*Essential to simplify FIRST!!  (Else we get a critical pair)
   1.119 +  succ(a) - succ(b) rewrites to   pred(succ(a) - b)  *)
   1.120 +val diff_succ_succ = prove_goal Arith.thy 
   1.121 +    "[| a:N;  b:N |] ==> succ(a) - succ(b) = a - b : N"
   1.122 + (fn prems=>
   1.123 +  [ (rewrite_goals_tac arith_defs),
   1.124 +    (hyp_rew_tac prems),
   1.125 +    (NE_tac "b" 1),
   1.126 +    (hyp_rew_tac prems) ]);
   1.127 +
   1.128 +
   1.129 +
   1.130 +(*** Simplification *)
   1.131 +
   1.132 +val arith_typing_rls =
   1.133 +  [add_typing, mult_typing, diff_typing];
   1.134 +
   1.135 +val arith_congr_rls =
   1.136 +  [add_typingL, mult_typingL, diff_typingL];
   1.137 +
   1.138 +val congr_rls = arith_congr_rls@standard_congr_rls;
   1.139 +
   1.140 +val arithC_rls =
   1.141 +  [addC0, addC_succ,
   1.142 +   multC0, multC_succ,
   1.143 +   diffC0, diff_0_eq_0, diff_succ_succ];
   1.144 +
   1.145 +
   1.146 +structure Arith_simp_data: TSIMP_DATA =
   1.147 +  struct
   1.148 +  val refl		= refl_elem
   1.149 +  val sym		= sym_elem
   1.150 +  val trans		= trans_elem
   1.151 +  val refl_red		= refl_red
   1.152 +  val trans_red		= trans_red
   1.153 +  val red_if_equal	= red_if_equal
   1.154 +  val default_rls 	= arithC_rls @ comp_rls
   1.155 +  val routine_tac 	= routine_tac (arith_typing_rls @ routine_rls)
   1.156 +  end;
   1.157 +
   1.158 +structure Arith_simp = TSimpFun (Arith_simp_data);
   1.159 +
   1.160 +fun arith_rew_tac prems = make_rew_tac
   1.161 +    (Arith_simp.norm_tac(congr_rls, prems));
   1.162 +
   1.163 +fun hyp_arith_rew_tac prems = make_rew_tac
   1.164 +    (Arith_simp.cond_norm_tac(prove_cond_tac, congr_rls, prems));
   1.165 +
   1.166 +
   1.167 +(**********
   1.168 +  Addition
   1.169 + **********)
   1.170 +
   1.171 +(*Associative law for addition*)
   1.172 +val add_assoc = prove_goal Arith.thy 
   1.173 +    "[| a:N;  b:N;  c:N |] ==> (a #+ b) #+ c = a #+ (b #+ c) : N"
   1.174 + (fn prems=>
   1.175 +  [ (NE_tac "a" 1),
   1.176 +    (hyp_arith_rew_tac prems) ]);
   1.177 +
   1.178 +
   1.179 +(*Commutative law for addition.  Can be proved using three inductions.
   1.180 +  Must simplify after first induction!  Orientation of rewrites is delicate*)  
   1.181 +val add_commute = prove_goal Arith.thy 
   1.182 +    "[| a:N;  b:N |] ==> a #+ b = b #+ a : N"
   1.183 + (fn prems=>
   1.184 +  [ (NE_tac "a" 1),
   1.185 +    (hyp_arith_rew_tac prems),
   1.186 +    (NE_tac "b" 2),
   1.187 +    (resolve_tac [sym_elem] 1),
   1.188 +    (NE_tac "b" 1),
   1.189 +    (hyp_arith_rew_tac prems) ]);
   1.190 +
   1.191 +
   1.192 +(****************
   1.193 +  Multiplication
   1.194 + ****************)
   1.195 +
   1.196 +(*Commutative law for multiplication
   1.197 +val mult_commute = prove_goal Arith.thy 
   1.198 +    "[| a:N;  b:N |] ==> a #* b = b #* a : N"
   1.199 + (fn prems=>
   1.200 +  [ (NE_tac "a" 1),
   1.201 +    (hyp_arith_rew_tac prems),
   1.202 +    (NE_tac "b" 2),
   1.203 +    (resolve_tac [sym_elem] 1),
   1.204 +    (NE_tac "b" 1),
   1.205 +    (hyp_arith_rew_tac prems) ]);   NEEDS COMMUTATIVE MATCHING
   1.206 +***************)
   1.207 +
   1.208 +(*right annihilation in product*)
   1.209 +val mult_0_right = prove_goal Arith.thy 
   1.210 +    "a:N ==> a #* 0 = 0 : N"
   1.211 + (fn prems=>
   1.212 +  [ (NE_tac "a" 1),
   1.213 +    (hyp_arith_rew_tac prems) ]);
   1.214 +
   1.215 +(*right successor law for multiplication*)
   1.216 +val mult_succ_right = prove_goal Arith.thy 
   1.217 +    "[| a:N;  b:N |] ==> a #* succ(b) = a #+ (a #* b) : N"
   1.218 + (fn prems=>
   1.219 +  [ (NE_tac "a" 1),
   1.220 +(*swap round the associative law of addition*)
   1.221 +    (hyp_arith_rew_tac (prems @ [add_assoc RS sym_elem])),  
   1.222 +(*leaves a goal involving a commutative law*)
   1.223 +    (REPEAT (assume_tac 1  ORELSE  
   1.224 +            resolve_tac
   1.225 +             (prems@[add_commute,mult_typingL,add_typingL]@
   1.226 +	       intrL_rls@[refl_elem])   1)) ]);
   1.227 +
   1.228 +(*Commutative law for multiplication*)
   1.229 +val mult_commute = prove_goal Arith.thy 
   1.230 +    "[| a:N;  b:N |] ==> a #* b = b #* a : N"
   1.231 + (fn prems=>
   1.232 +  [ (NE_tac "a" 1),
   1.233 +    (hyp_arith_rew_tac (prems @ [mult_0_right, mult_succ_right])) ]);
   1.234 +
   1.235 +(*addition distributes over multiplication*)
   1.236 +val add_mult_distrib = prove_goal Arith.thy 
   1.237 +    "[| a:N;  b:N;  c:N |] ==> (a #+ b) #* c = (a #* c) #+ (b #* c) : N"
   1.238 + (fn prems=>
   1.239 +  [ (NE_tac "a" 1),
   1.240 +(*swap round the associative law of addition*)
   1.241 +    (hyp_arith_rew_tac (prems @ [add_assoc RS sym_elem])) ]);
   1.242 +
   1.243 +
   1.244 +(*Associative law for multiplication*)
   1.245 +val mult_assoc = prove_goal Arith.thy 
   1.246 +    "[| a:N;  b:N;  c:N |] ==> (a #* b) #* c = a #* (b #* c) : N"
   1.247 + (fn prems=>
   1.248 +  [ (NE_tac "a" 1),
   1.249 +    (hyp_arith_rew_tac (prems @ [add_mult_distrib])) ]);
   1.250 +
   1.251 +
   1.252 +(************
   1.253 +  Difference
   1.254 + ************
   1.255 +
   1.256 +Difference on natural numbers, without negative numbers
   1.257 +  a - b = 0  iff  a<=b    a - b = succ(c) iff a>b   *)
   1.258 +
   1.259 +val diff_self_eq_0 = prove_goal Arith.thy 
   1.260 +    "a:N ==> a - a = 0 : N"
   1.261 + (fn prems=>
   1.262 +  [ (NE_tac "a" 1),
   1.263 +    (hyp_arith_rew_tac prems) ]);
   1.264 +
   1.265 +
   1.266 +(*  [| c : N; 0 : N; c : N |] ==> c #+ 0 = c : N  *)
   1.267 +val add_0_right = addC0 RSN (3, add_commute RS trans_elem);
   1.268 +
   1.269 +(*Addition is the inverse of subtraction: if b<=x then b#+(x-b) = x.
   1.270 +  An example of induction over a quantified formula (a product).
   1.271 +  Uses rewriting with a quantified, implicative inductive hypothesis.*)
   1.272 +val prems =
   1.273 +goal Arith.thy 
   1.274 +    "b:N ==> ?a : PROD x:N. Eq(N, b-x, 0) --> Eq(N, b #+ (x-b), x)";
   1.275 +by (NE_tac "b" 1);
   1.276 +(*strip one "universal quantifier" but not the "implication"*)
   1.277 +by (resolve_tac intr_rls 3);  
   1.278 +(*case analysis on x in
   1.279 +    (succ(u) <= x) --> (succ(u)#+(x-succ(u)) = x) *)
   1.280 +by (NE_tac "x" 4 THEN assume_tac 4); 
   1.281 +(*Prepare for simplification of types -- the antecedent succ(u)<=x *)
   1.282 +by (resolve_tac [replace_type] 5);
   1.283 +by (resolve_tac [replace_type] 4);
   1.284 +by (arith_rew_tac prems); 
   1.285 +(*Solves first 0 goal, simplifies others.  Two sugbgoals remain.
   1.286 +  Both follow by rewriting, (2) using quantified induction hyp*)
   1.287 +by (intr_tac[]);  (*strips remaining PRODs*)
   1.288 +by (hyp_arith_rew_tac (prems@[add_0_right]));  
   1.289 +by (assume_tac 1);
   1.290 +val add_diff_inverse_lemma = result();
   1.291 +
   1.292 +
   1.293 +(*Version of above with premise   b-a=0   i.e.    a >= b.
   1.294 +  Using ProdE does not work -- for ?B(?a) is ambiguous.
   1.295 +  Instead, add_diff_inverse_lemma states the desired induction scheme;
   1.296 +    the use of RS below instantiates Vars in ProdE automatically. *)
   1.297 +val prems =
   1.298 +goal Arith.thy "[| a:N;  b:N;  b-a = 0 : N |] ==> b #+ (a-b) = a : N";
   1.299 +by (resolve_tac [EqE] 1);
   1.300 +by (resolve_tac [ add_diff_inverse_lemma RS ProdE RS ProdE ] 1);
   1.301 +by (REPEAT (resolve_tac (prems@[EqI]) 1));
   1.302 +val add_diff_inverse = result();
   1.303 +
   1.304 +
   1.305 +(********************
   1.306 +  Absolute difference
   1.307 + ********************)
   1.308 +
   1.309 +(*typing of absolute difference: short and long versions*)
   1.310 +
   1.311 +val absdiff_typing = prove_goal Arith.thy 
   1.312 +    "[| a:N;  b:N |] ==> a |-| b : N"
   1.313 + (fn prems=>
   1.314 +  [ (rewrite_goals_tac arith_defs),
   1.315 +    (typechk_tac prems) ]);
   1.316 +
   1.317 +val absdiff_typingL = prove_goal Arith.thy 
   1.318 +    "[| a=c:N;  b=d:N |] ==> a |-| b = c |-| d : N"
   1.319 + (fn prems=>
   1.320 +  [ (rewrite_goals_tac arith_defs),
   1.321 +    (equal_tac prems) ]);
   1.322 +
   1.323 +val absdiff_self_eq_0 = prove_goal Arith.thy 
   1.324 +    "a:N ==> a |-| a = 0 : N"
   1.325 + (fn prems=>
   1.326 +  [ (rewrite_goals_tac [absdiff_def]),
   1.327 +    (arith_rew_tac (prems@[diff_self_eq_0])) ]);
   1.328 +
   1.329 +val absdiffC0 = prove_goal Arith.thy 
   1.330 +    "a:N ==> 0 |-| a = a : N"
   1.331 + (fn prems=>
   1.332 +  [ (rewrite_goals_tac [absdiff_def]),
   1.333 +    (hyp_arith_rew_tac prems) ]);
   1.334 +
   1.335 +
   1.336 +val absdiff_succ_succ = prove_goal Arith.thy 
   1.337 +    "[| a:N;  b:N |] ==> succ(a) |-| succ(b)  =  a |-| b : N"
   1.338 + (fn prems=>
   1.339 +  [ (rewrite_goals_tac [absdiff_def]),
   1.340 +    (hyp_arith_rew_tac prems) ]);
   1.341 +
   1.342 +(*Note how easy using commutative laws can be?  ...not always... *)
   1.343 +val prems = goal Arith.thy "[| a:N;  b:N |] ==> a |-| b = b |-| a : N";
   1.344 +by (rewrite_goals_tac [absdiff_def]);
   1.345 +by (resolve_tac [add_commute] 1);
   1.346 +by (typechk_tac ([diff_typing]@prems));
   1.347 +val absdiff_commute = result();
   1.348 +
   1.349 +(*If a+b=0 then a=0.   Surprisingly tedious*)
   1.350 +val prems =
   1.351 +goal Arith.thy "[| a:N;  b:N |] ==> ?c : PROD u: Eq(N,a#+b,0) .  Eq(N,a,0)";
   1.352 +by (NE_tac "a" 1);
   1.353 +by (resolve_tac [replace_type] 3);
   1.354 +by (arith_rew_tac prems);
   1.355 +by (intr_tac[]);  (*strips remaining PRODs*)
   1.356 +by (resolve_tac [ zero_ne_succ RS FE ] 2);
   1.357 +by (etac (EqE RS sym_elem) 3);
   1.358 +by (typechk_tac ([add_typing] @prems));
   1.359 +val add_eq0_lemma = result();
   1.360 +
   1.361 +(*Version of above with the premise  a+b=0.
   1.362 +  Again, resolution instantiates variables in ProdE *)
   1.363 +val prems =
   1.364 +goal Arith.thy "[| a:N;  b:N;  a #+ b = 0 : N |] ==> a = 0 : N";
   1.365 +by (resolve_tac [EqE] 1);
   1.366 +by (resolve_tac [add_eq0_lemma RS ProdE] 1);
   1.367 +by (resolve_tac [EqI] 3);
   1.368 +by (ALLGOALS (resolve_tac prems));
   1.369 +val add_eq0 = result();
   1.370 +
   1.371 +(*Here is a lemma to infer a-b=0 and b-a=0 from a|-|b=0, below. *)
   1.372 +val prems = goal Arith.thy
   1.373 +    "[| a:N;  b:N;  a |-| b = 0 : N |] ==> \
   1.374 +\    ?a : SUM v: Eq(N, a-b, 0) . Eq(N, b-a, 0)";
   1.375 +by (intr_tac[]);
   1.376 +by eqintr_tac;
   1.377 +by (resolve_tac [add_eq0] 2);
   1.378 +by (resolve_tac [add_eq0] 1);
   1.379 +by (resolve_tac [add_commute RS trans_elem] 6);
   1.380 +by (typechk_tac (diff_typing:: map (rewrite_rule [absdiff_def]) prems));
   1.381 +val absdiff_eq0_lem = result();
   1.382 +
   1.383 +(*if  a |-| b = 0  then  a = b  
   1.384 +  proof: a-b=0 and b-a=0, so b = a+(b-a) = a+0 = a*)
   1.385 +val prems =
   1.386 +goal Arith.thy "[| a |-| b = 0 : N;  a:N;  b:N |] ==> a = b : N";
   1.387 +by (resolve_tac [EqE] 1);
   1.388 +by (resolve_tac [absdiff_eq0_lem RS SumE] 1);
   1.389 +by (TRYALL (resolve_tac prems));
   1.390 +by eqintr_tac;
   1.391 +by (resolve_tac [add_diff_inverse RS sym_elem RS trans_elem] 1);
   1.392 +by (resolve_tac [EqE] 3  THEN  assume_tac 3);
   1.393 +by (hyp_arith_rew_tac (prems@[add_0_right]));
   1.394 +val absdiff_eq0 = result();
   1.395 +
   1.396 +(***********************
   1.397 +  Remainder and Quotient
   1.398 + ***********************)
   1.399 +
   1.400 +(*typing of remainder: short and long versions*)
   1.401 +
   1.402 +val mod_typing = prove_goal Arith.thy
   1.403 +    "[| a:N;  b:N |] ==> a mod b : N"
   1.404 + (fn prems=>
   1.405 +  [ (rewrite_goals_tac [mod_def]),
   1.406 +    (typechk_tac (absdiff_typing::prems)) ]);
   1.407 + 
   1.408 +val mod_typingL = prove_goal Arith.thy
   1.409 +    "[| a=c:N;  b=d:N |] ==> a mod b = c mod d : N"
   1.410 + (fn prems=>
   1.411 +  [ (rewrite_goals_tac [mod_def]),
   1.412 +    (equal_tac (prems@[absdiff_typingL])) ]);
   1.413 + 
   1.414 +
   1.415 +(*computation for  mod : 0 and successor cases*)
   1.416 +
   1.417 +val modC0 = prove_goal Arith.thy "b:N ==> 0 mod b = 0 : N"
   1.418 + (fn prems=>
   1.419 +  [ (rewrite_goals_tac [mod_def]),
   1.420 +    (rew_tac(absdiff_typing::prems)) ]);
   1.421 +
   1.422 +val modC_succ = prove_goal Arith.thy 
   1.423 +"[| a:N; b:N |] ==> succ(a) mod b = rec(succ(a mod b) |-| b, 0, %x y.succ(a mod b)) : N"
   1.424 + (fn prems=>
   1.425 +  [ (rewrite_goals_tac [mod_def]),
   1.426 +    (rew_tac(absdiff_typing::prems)) ]);
   1.427 +
   1.428 +
   1.429 +(*typing of quotient: short and long versions*)
   1.430 +
   1.431 +val div_typing = prove_goal Arith.thy "[| a:N;  b:N |] ==> a div b : N"
   1.432 + (fn prems=>
   1.433 +  [ (rewrite_goals_tac [div_def]),
   1.434 +    (typechk_tac ([absdiff_typing,mod_typing]@prems)) ]);
   1.435 +
   1.436 +val div_typingL = prove_goal Arith.thy
   1.437 +   "[| a=c:N;  b=d:N |] ==> a div b = c div d : N"
   1.438 + (fn prems=>
   1.439 +  [ (rewrite_goals_tac [div_def]),
   1.440 +    (equal_tac (prems @ [absdiff_typingL, mod_typingL])) ]);
   1.441 +
   1.442 +val div_typing_rls = [mod_typing, div_typing, absdiff_typing];
   1.443 +
   1.444 +
   1.445 +(*computation for quotient: 0 and successor cases*)
   1.446 +
   1.447 +val divC0 = prove_goal Arith.thy "b:N ==> 0 div b = 0 : N"
   1.448 + (fn prems=>
   1.449 +  [ (rewrite_goals_tac [div_def]),
   1.450 +    (rew_tac([mod_typing, absdiff_typing] @ prems)) ]);
   1.451 +
   1.452 +val divC_succ =
   1.453 +prove_goal Arith.thy "[| a:N;  b:N |] ==> succ(a) div b = \
   1.454 +\    rec(succ(a) mod b, succ(a div b), %x y. a div b) : N"
   1.455 + (fn prems=>
   1.456 +  [ (rewrite_goals_tac [div_def]),
   1.457 +    (rew_tac([mod_typing]@prems)) ]);
   1.458 +
   1.459 +
   1.460 +(*Version of above with same condition as the  mod  one*)
   1.461 +val divC_succ2 = prove_goal Arith.thy
   1.462 +    "[| a:N;  b:N |] ==> \
   1.463 +\    succ(a) div b =rec(succ(a mod b) |-| b, succ(a div b), %x y. a div b) : N"
   1.464 + (fn prems=>
   1.465 +  [ (resolve_tac [ divC_succ RS trans_elem ] 1),
   1.466 +    (rew_tac(div_typing_rls @ prems @ [modC_succ])),
   1.467 +    (NE_tac "succ(a mod b)|-|b" 1),
   1.468 +    (rew_tac ([mod_typing, div_typing, absdiff_typing] @prems)) ]);
   1.469 +
   1.470 +(*for case analysis on whether a number is 0 or a successor*)
   1.471 +val iszero_decidable = prove_goal Arith.thy
   1.472 +    "a:N ==> rec(a, inl(eq), %ka kb.inr(<ka, eq>)) : \
   1.473 +\		      Eq(N,a,0) + (SUM x:N. Eq(N,a, succ(x)))"
   1.474 + (fn prems=>
   1.475 +  [ (NE_tac "a" 1),
   1.476 +    (resolve_tac [PlusI_inr] 3),
   1.477 +    (resolve_tac [PlusI_inl] 2),
   1.478 +    eqintr_tac,
   1.479 +    (equal_tac prems) ]);
   1.480 +
   1.481 +(*Main Result.  Holds when b is 0 since   a mod 0 = a     and    a div 0 = 0  *)
   1.482 +val prems =
   1.483 +goal Arith.thy "[| a:N;  b:N |] ==> a mod b  #+  (a div b) #* b = a : N";
   1.484 +by (NE_tac "a" 1);
   1.485 +by (arith_rew_tac (div_typing_rls@prems@[modC0,modC_succ,divC0,divC_succ2])); 
   1.486 +by (resolve_tac [EqE] 1);
   1.487 +(*case analysis on   succ(u mod b)|-|b  *)
   1.488 +by (res_inst_tac [("a1", "succ(u mod b) |-| b")] 
   1.489 +                 (iszero_decidable RS PlusE) 1);
   1.490 +by (etac SumE 3);
   1.491 +by (hyp_arith_rew_tac (prems @ div_typing_rls @
   1.492 +	[modC0,modC_succ, divC0, divC_succ2])); 
   1.493 +(*Replace one occurence of  b  by succ(u mod b).  Clumsy!*)
   1.494 +by (resolve_tac [ add_typingL RS trans_elem ] 1);
   1.495 +by (eresolve_tac [EqE RS absdiff_eq0 RS sym_elem] 1);
   1.496 +by (resolve_tac [refl_elem] 3);
   1.497 +by (hyp_arith_rew_tac (prems @ div_typing_rls)); 
   1.498 +val mod_div_equality = result();
   1.499 +
   1.500 +writeln"Reached end of file.";