isabelle-cookbook: comparison CookBook/Package/Ind

equal deleted inserted replaced

-:039845fc96bd
+:c9ff326e3ce5
 begin
 section{* Examples of Inductive Definitions \label{sec:ind-examples} *}
 text {*
-Let us first give three examples showing how to define inductive predicates
+Let us first give three examples showing how to define by hand inductive
-by hand and then how to prove characteristic properties about them, such as
+predicates and then also how to prove by hand characteristic properties
-introduction rules and an induction principle. From these examples, we will
+about them, such as introduction rules and induction principles. From
-figure out a
+these examples, we will figure out a general method for defining inductive
-general method for defining inductive predicates.  The aim in this section is
+predicates.  The aim in this section is \emph{not} to write proofs that are as
-not to write proofs that are as beautiful as possible, but as close as
+beautiful as possible, but as close as possible to the ML-code we will
-possible to the ML-code producing the proofs that we will develop later.
+develop later.
 As a first example, let us consider the transitive closure of a relation @{text
-R}. It is an inductive predicate characterized by the two introduction rules
+R}. It is an inductive predicate characterised by the two introduction rules:
 \begin{center}
-@{term[mode=Axiom] "trcl R x x"} \hspace{5mm}
+@{prop[mode=Axiom] "trcl R x x"} \hspace{5mm}
-@{term[mode=Rule] "R x y \<Longrightarrow> trcl R y z \<Longrightarrow> trcl R x z"}
+@{prop[mode=Rule] "R x y \<Longrightarrow> trcl R y z \<Longrightarrow> trcl R x z"}
 \end{center}
-(FIXME first rule should be an ``axiom'')
 Note that the @{text trcl} predicate has two different kinds of parameters: the
 first parameter @{text R} stays \emph{fixed} throughout the definition, whereas
-the second and third parameter changes in the ``recursive call''.
+the second and third parameter changes in the ``recursive call''. This will
+become important later on when we deal with fixed parameters and locales.
 Since an inductively defined predicate is the least predicate closed under
 a collection of introduction rules, we define the predicate @{text "trcl R x y"} in
 such a way that it holds if and only if @{text "P x y"} holds for every predicate
 @{text P} closed under the rules above. This gives rise to the definition
 definition "trcl R x y \<equiv>
 \<forall>P. (\<forall>x. P x x) \<longrightarrow> (\<forall>x y z. R x y \<longrightarrow> P y z \<longrightarrow> P x z) \<longrightarrow> P x y"
 text {*
 where we quantify over the predicate @{text P}. Note that we have to use the
-object implication @{text "\<longrightarrow>"} and object quantification @{text "\<forall>"} for stating
+object implication @{text "\<longrightarrow>"} and object quantification @{text "\<forall>"} for
-this definition. The introduction rules and induction principles derived later
+stating this definition (there is no other way for definitions in
-should use the corresponding meta-connectives since they simplify the reasoning for
+HOL). However, the introduction rules and induction principles derived later
-the user.
+should use the corresponding meta-connectives since they simplify the
+reasoning for the user.
-With this definition, the proof of the induction theorem for the transitive
+With this definition, the proof of the induction principle for the transitive
 closure is almost immediate. It suffices to convert all the meta-level
-connectives in the induction rule to object-level connectives using the
+connectives in the lemma to object-level connectives using the
-@{text atomize} proof method (Line 4), expand the definition of @{text trcl}
+proof method @{text atomize} (Line 4), expand the definition of @{text trcl}
 (Line 5 and 6), eliminate the universal quantifier contained in it (Line 7),
 and then solve the goal by assumption (Line 8).
 *}
 apply(assumption)
 done
 text {*
 The proofs for the introduction are slightly more complicated. We need to prove
-the goals @{prop "trcl R x x"} and @{prop "R x y \<Longrightarrow> trcl R y z \<Longrightarrow> trcl R x z"}.
+the facs @{prop "trcl R x x"} and @{prop "R x y \<Longrightarrow> trcl R y z \<Longrightarrow> trcl R x z"}.
 In order to prove the first goal, we again unfold the definition and
 then apply the introdution rules for @{text "\<forall>"} and @{text "\<longrightarrow>"} as often as possible.
-We then end up in the goal state
+We then end up in the goal state:
 *}
 (*<*)lemma "trcl R x x"
 apply (unfold trcl_def)
 apply (rule allI impI)+(*>*)
 apply(drule spec)
 apply(assumption)
 done
 text {*
-Since the second introduction rule has premises, its proof is not as easy. After unfolding
+Since the second @{text trcl}-rule has premises, the proof of its
-the definitions and applying the introduction rules for @{text "\<forall>"} and @{text "\<longrightarrow>"}, we
+introduction rule is not as easy. After unfolding the definitions and
-get the goal state
+applying the introduction rules for @{text "\<forall>"} and @{text "\<longrightarrow>"}, we get the
+goal state:
 *}
 (*<*)lemma "R x y \<Longrightarrow> trcl R y z \<Longrightarrow> trcl R x z"
 apply (unfold trcl_def)
 apply (rule allI impI)+(*>*)
 txt {*@{subgoals [display]} *}
 (*<*)oops(*>*)
 text {*
-The third and fourth assumption corresponds to the first and second
+The third and fourth assumption correspond to the first and second
 introduction rule, respectively, whereas the first and second assumption
 corresponds to the pre\-mises of the introduction rule. Since we want to prove
 the second introduction rule, we apply the fourth assumption to the goal
 @{term "P x z"}. In order for the assumption to be applicable as a rule, we have to
 eliminate the universal quantifier and turn the object-level implications
 have a3: "\<forall>x. P x x" by fact
 have a4: "\<forall>x y z. R x y \<longrightarrow> P y z \<longrightarrow> P x z" by fact
 show "P x z"
 apply(rule a4[rule_format])
 apply(rule a1)
-apply(rule a2 [THEN spec[where x=P], THEN mp, THEN mp, OF a3, OF a4])
+apply(rule a2[THEN spec[where x=P], THEN mp, THEN mp, OF a3, OF a4])
 done
 qed
 text {*
-It might be surprising that we are not using the automatic tactics in
+It might be surprising that we are not using the automatic tactics available in
-Isabelle in order to prove the lemmas we are after. After all @{text "blast"}
+Isabelle for proving this lemmas. After all @{text "blast"} would easily
-would easily dispense of the lemmas.
+dispense of it.
 *}
 lemma trcl_step_blast: "R x y \<Longrightarrow> trcl R y z \<Longrightarrow> trcl R x z"
 apply(unfold trcl_def)
 apply(blast)
 done
 text {*
-Experience has shown that it is generally a bad idea to rely heavily on @{term blast}
+Experience has shown that it is generally a bad idea to rely heavily on
-and the like in automated proofs. The reason is that you do not have precise control
+@{text blast}, @{text auto} and the like in automated proofs. The reason is
-over them (the user can, for example, declare new intro- or simplification rules that
+that you do not have precise control over them (the user can, for example,
-can throw automatic tactics off course) and also it is very hard to debug
+declare new intro- or simplification rules that can throw automatic tactics
-proofs involving automatic tactics. Therefore whenever possible, automatic tactics
+off course) and also it is very hard to debug proofs involving automatic
-should be avoided or constrained.
+tactics whenever something goes wrong. Therefore if possible, automatic
+tactics should be avoided or sufficiently constrained.
-This method of defining inductive predicates generalises also to mutually inductive
+The method of defining inductive predicates by impredicative quantification
-predicates. The next example defines the predicates @{text even} and @{text odd}
+also generalises to mutually inductive predicates. The next example defines
-characterised by the following rules:
+the predicates @{text even} and @{text odd} characterised by the following
+rules:
 \begin{center}
-@{term[mode=Axiom] "even (0::nat)"} \hspace{5mm}
+@{prop[mode=Axiom] "even (0::nat)"} \hspace{5mm}
-@{term[mode=Rule] "odd m \<Longrightarrow> even (Suc m)"} \hspace{5mm}
+@{prop[mode=Rule] "odd m \<Longrightarrow> even (Suc m)"} \hspace{5mm}
-@{term[mode=Rule] "even m \<Longrightarrow> odd (Suc m)"}
+@{prop[mode=Rule] "even m \<Longrightarrow> odd (Suc m)"}
 \end{center}
 Since the predicates are mutually inductive, each definition
 quantifies over both predicates, below named @{text P} and @{text Q}.
 *}
 definition "odd n \<equiv>
 \<forall>P Q. P 0 \<longrightarrow> (\<forall>m. Q m \<longrightarrow> P (Suc m))
 \<longrightarrow> (\<forall>m. P m \<longrightarrow> Q (Suc m)) \<longrightarrow> Q n"
 text {*
-For proving the induction rule, we use exactly the same technique as in the transitive
+For proving the induction principles, we use exactly the same technique
-closure example:
+as in the transitive closure example, namely:
 *}
 lemma even_induct:
 assumes asm: "even n"
 shows "P 0 \<Longrightarrow>
 apply(drule spec[where x=Q])
 apply(assumption)
 done
 text {*
-We omit the other induction rule having @{term "Q n"} as conclusion.
+We omit the other induction principle that has @{term "Q n"} as conclusion.
 The proofs of the introduction rules are also very similar to the ones in the
-@{text "trcl"}-example. We only show the proof of the second introduction rule:
+@{text "trcl"}-example. We only show the proof of the second introduction rule.
 *}
 lemma evenS: "odd m \<Longrightarrow> even (Suc m)"
 apply (unfold odd_def even_def)
 apply (rule allI impI)+
 	THEN mp, THEN mp, THEN mp, OF a2, OF a3, OF a4])
 done
 qed
 text {*
-As a final example, we definethe accessible part of a relation @{text R} characterised
+As a final example, we define the accessible part of a relation @{text R} characterised
 by the introduction rule
 \begin{center}
 @{term[mode=Rule] "(\<forall>y. R y x \<longrightarrow> accpart R y) \<Longrightarrow> accpart R x"}
 \end{center}
 whose premise involves a universal quantifier and an implication. The
-definition of @{text accpart} is as follows:
+definition of @{text accpart} is:
 *}
 definition "accpart R x \<equiv> \<forall>P. (\<forall>x. (\<forall>y. R y x \<longrightarrow> P y) \<longrightarrow> P x) \<longrightarrow> P x"
 text {*
-The proof of the induction theorem is again straightforward.
+The proof of the induction principle is again straightforward.
 *}
 lemma accpart_induct:
 assumes asm: "accpart R x"
 shows "(\<And>x. (\<forall>y. R y x \<longrightarrow> P y) \<Longrightarrow> P x) \<Longrightarrow> P x"
 done
 qed
 qed
 text {*
-Now the point is to figure out what the automatic proofs should do. For
+The point of these examples is to get a feeling what the automatic proofs
-this it might be instructive to look at the general construction principle
+should do in order to solve all inductive definitions we throw at them. For this
-of inductive definitions, which we shall do next.
+it is instructive to look at the general construction principle
+of inductive definitions, which we shall do in the next section.
 *}
 end

changeset 116	c9ff326e3ce5
parent 115	039845fc96bd
child 120	c39f83d8daeb