nominal2: comparison Tutorial/Tutorial1.thy

equal deleted inserted replaced

-:2abc8cb46a5c
+:3485111c7d62
 \<sharp>    sharp     (freshness)
 \<bullet>    bullet    (permutation application)
 *}
 theory Tutorial1
 imports Lambda
 begin
 section {* Theories *}
 shows "<e1, Es1> \<mapsto>* <e3, Es3>"
 using a b
 proof(induct)
 case (ms1 e1 Es1)
 have c: "<e1, Es1> \<mapsto>* <e3, Es3>" by fact
-then show "<e1, Es1> \<mapsto>* <e3, Es3>" by simp
+show "<e1, Es1> \<mapsto>* <e3, Es3>" sorry
 next
 case (ms2 e1 Es1 e2 Es2 e2' Es2')
 have ih: "<e2', Es2'> \<mapsto>* <e3, Es3> \<Longrightarrow> <e2, Es2> \<mapsto>* <e3, Es3>" by fact
 have d1: "<e2', Es2'> \<mapsto>* <e3, Es3>" by fact
 have d2: "<e1, Es1> \<mapsto> <e2, Es2>" by fact
-show "<e1, Es1> \<mapsto>* <e3, Es3>" using d1 d2 ih by blast
+show "<e1, Es1> \<mapsto>* <e3, Es3>" sorry
 qed
 text {*
 Just like gotos in the Basic programming language, labels often reduce
 the readability of proofs. Therefore one can use in Isar the notation
 -- {* your reasoning *}
 show "<App t1 t2, []> \<mapsto>* <v, []>" sorry
 qed
-theorem
-assumes a: "t \<Down> t'"
-shows "<t, Es> \<mapsto>* <t', Es>"
-using a
-proof (induct arbitrary: Es)
-case (e_Lam x t Es)
--- {* no assumptions *}
-show "<Lam [x].t, Es> \<mapsto>* <Lam [x].t, Es>" by auto
-next
-case (e_App t1 x t t2 v' v Es)
--- {* all assumptions in this case *}
-have a1: "t1 \<Down> Lam [x].t" by fact
-have ih1: "\<And>Es. <t1, Es> \<mapsto>* <Lam [x].t, Es>" by fact
-have a2: "t2 \<Down> v'" by fact
-have ih2: "\<And>Es. <t2, Es> \<mapsto>* <v', Es>" by fact
-have a3: "t[x::=v'] \<Down> v" by fact
-have ih3: "\<And>Es. <t[x::=v'], Es> \<mapsto>* <v, Es>" by fact
--- {* your reasoning *}
-have "<App t1 t2, Es> \<mapsto>* <t1, CAppL \<box> t2 # Es>" by auto
-moreover
-have "<t1, CAppL \<box> t2 # Es> \<mapsto>* <Lam [x].t, CAppL \<box> t2 # Es>" using ih1 by auto
-moreover
-have "<Lam [x].t, CAppL \<box> t2 # Es> \<mapsto>* <t2, CAppR (Lam [x].t) \<box> # Es>" by auto
-moreover
-have "<t2, CAppR (Lam [x].t) \<box> # Es> \<mapsto>* <v', CAppR (Lam [x].t) \<box> # Es>"
-using ih2 by auto
-moreover
-have "val v'" using a2 eval_to_val by auto
-then have "<v', CAppR (Lam [x].t) \<box> # Es> \<mapsto>* <t[x::=v'], Es>" by auto
-moreover
-have "<t[x::=v'], Es> \<mapsto>* <v, Es>" using ih3 by auto
-ultimately show "<App t1 t2, Es> \<mapsto>* <v, Es>" by blast
-qed
 text {*
 Again the automatic tools in Isabelle can discharge automatically
 of the routine work in these proofs. We can write:
 *}
 assumes a: "t \<Down> t'"
 shows "<t, []> \<mapsto>* <t', []>"
 using a eval_implies_machines_ctx by simp
 section {* Function Definitions: Filling a Lambda-Term into a Context *}
 text {*
 Many functions over datatypes can be defined by recursion on the
 structure. For this purpose, Isabelle provides "fun". To use it one needs
 lemma
 shows "(CAppL \<box> (Var x))\<lbrakk>Var y\<rbrakk> = App (Var y) (Var x)"
 by simp
 fun
-ctx_compose :: "ctx \<Rightarrow> ctx \<Rightarrow> ctx" ("_ \<odot> _" [99,98] 99)
+ctx_compose :: "ctx \<Rightarrow> ctx \<Rightarrow> ctx" (infixr "\<odot>" 99)
 where
 "\<box> \<odot> E' = E'"
 | "(CAppL E t') \<odot> E' = CAppL (E \<odot> E') t'"
 | "(CAppR t' E) \<odot> E' = CAppR t' (E \<odot> E')"
 case (CAppR t' E1)
 have ih: "(E1 \<odot> E2)\<lbrakk>t\<rbrakk> = E1\<lbrakk>E2\<lbrakk>t\<rbrakk>\<rbrakk>" by fact
 show "((CAppR t' E1) \<odot> E2)\<lbrakk>t\<rbrakk> = (CAppR t' E1)\<lbrakk>E2\<lbrakk>t\<rbrakk>\<rbrakk>" sorry
 qed
+subsection {* EXERCISE 6 *}
+text {*
+Remove the sorries in the ctx_append proof below. You can make
+use of the following two properties.
+*}
 lemma neut_hole:
 shows "E \<odot> \<box> = E"
 by (induct E) (simp_all)
-lemma odot_assoc: (* fixme call compose *)
+lemma compose_assoc:
 shows "(E1 \<odot> E2) \<odot> E3 = E1 \<odot> (E2 \<odot> E3)"
 by (induct E1) (simp_all)
 lemma
 shows "(Es1 @ Es2)\<down> = (Es2\<down>) \<odot> (Es1\<down>)"
 have ih: "(Es1 @ Es2)\<down> = Es2\<down> \<odot> Es1\<down>" by fact
 show "((E # Es1) @ Es2)\<down> = Es2\<down> \<odot> (E # Es1)\<down>" sorry
 qed
 text {*
 The last proof involves several steps of equational reasoning.
 Isar provides some convenient means to express such equational
 reasoning in a much cleaner fashion using the "also have"
 construction.
 *}
 lemma
 shows "(Es1 @ Es2)\<down> = (Es2\<down>) \<odot> (Es1\<down>)"
 proof (induct Es1)
 case Nil
 show "([] @ Es2)\<down> = Es2\<down> \<odot> []\<down>" using neut_hole by simp
 next
 case (Cons E Es1)
 have ih: "(Es1 @ Es2)\<down> = Es2\<down> \<odot> Es1\<down>" by fact
-have "((E # Es1) @ Es2)\<down> = (Es1 @ Es2)\<down> \<odot> E" by simp
+have "((E # Es1) @ Es2)\<down> = (E # (Es1 @ Es2))\<down>" by simp
+also have "\<dots> = (Es1 @ Es2)\<down> \<odot> E" by simp
 also have "\<dots> = (Es2\<down> \<odot> Es1\<down>) \<odot> E" using ih by simp
-also have "\<dots> = Es2\<down> \<odot> (Es1\<down> \<odot> E)" using odot_assoc by simp
+also have "\<dots> = Es2\<down> \<odot> (Es1\<down> \<odot> E)" using compose_assoc by simp
 also have "\<dots> = Es2\<down> \<odot> (E # Es1)\<down>" by simp
 finally show "((E # Es1) @ Es2)\<down> = Es2\<down> \<odot> (E # Es1)\<down>" by simp
 qed
 end

changeset 2694	3485111c7d62
parent 2693	2abc8cb46a5c
child 2704	b4bad45dbc0f