| author | Christian Urban <christian dot urban at kcl dot ac dot uk> |
| Wed, 30 Mar 2016 17:27:34 +0100 | |
| changeset 415 | f1be8028a4a9 |
| permissions | -rw-r--r-- |
|
415
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
1 |
(***************************************************************** |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
2 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
3 |
Isabelle Tutorial |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
4 |
----------------- |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
5 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
6 |
27th May 2009, Beijing |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
7 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
8 |
This file contains most of the material that will be covered in the |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
9 |
tutorial. The file can be "stepped through"; though it contains much |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
10 |
commented code (purple text). |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
11 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
12 |
*) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
13 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
14 |
(***************************************************************** |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
15 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
16 |
Proof General |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
17 |
------------- |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
18 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
19 |
Proof General is the front end for Isabelle. |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
20 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
21 |
Proof General "paints" blue the part of the proof-script that has already |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
22 |
been processed by Isabelle. You can advance or retract the "frontier" of |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
23 |
this processed part using the "Next" and "Undo" buttons in the |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
24 |
menubar. "Goto" will process everything up to the current cursor position, |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
25 |
or retract if the cursor is inside the blue part. The key-combination |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
26 |
control-c control-return is a short-cut for the "Goto"-operation. |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
27 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
28 |
Proof General gives feedback inside the "Response" and "Goals" buffers. |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
29 |
The response buffer will contain warning messages (in yellow) and |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
30 |
error messages (in red). Warning messages can generally be ignored. Error |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
31 |
messages must be dealt with in order to advance the proof script. The goal |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
32 |
buffer shows which goals need to be proved. The sole idea of interactive |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
33 |
theorem proving is to get the message "No subgoals." ;o) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
34 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
35 |
*) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
36 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
37 |
(***************************************************************** |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
38 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
39 |
X-Symbols |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
40 |
--------- |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
41 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
42 |
X-symbols provide a nice way to input non-ascii characters. For example: |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
43 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
44 |
\<forall>, \<exists>, \<Down>, \<sharp>, \<And>, \<Gamma>, \<times>, \<noteq>, \<in>, \<subseteq>, \<dots> |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
45 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
46 |
They need to be input via the combination \<name-of-x-symbol> |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
47 |
where name-of-x-symbol coincides with the usual latex name of |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
48 |
that symbol. |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
49 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
50 |
However, there are some handy short-cuts for frequently used X-symbols. |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
51 |
For example |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
52 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
53 |
[| \<dots> \<lbrakk> |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
54 |
|] \<dots> \<rbrakk> |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
55 |
==> \<dots> \<Longrightarrow> |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
56 |
=> \<dots> \<Rightarrow> |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
57 |
--> \<dots> \<longrightarrow> |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
58 |
/\ \<dots> \<and> |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
59 |
\/ \<dots> \<or> |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
60 |
|-> \<dots> \<mapsto> |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
61 |
=_ \<dots> \<equiv> |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
62 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
63 |
*) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
64 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
65 |
(***************************************************************** |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
66 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
67 |
Theories |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
68 |
-------- |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
69 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
70 |
Every Isabelle proof-script needs to have a name and must import |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
71 |
some pre-existing theory. This will normally be the theory Main. |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
72 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
73 |
*) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
74 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
75 |
theory Lec1 |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
76 |
imports "Main" |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
77 |
begin |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
78 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
79 |
text {*****************************************************************
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
80 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
81 |
Types |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
82 |
----- |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
83 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
84 |
Isabelle is based on types including some polymorphism. It also includes |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
85 |
some overloading, which means that sometimes explicit type annotations |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
86 |
need to be given. |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
87 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
88 |
- Base types include: nat, bool, string |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
89 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
90 |
- Type formers include: 'a list, ('a\<times>'b), 'c set
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
91 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
92 |
- Type variables are written like in ML with an apostrophe: 'a, 'b, \<dots> |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
93 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
94 |
Types known to Isabelle can be queried using: |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
95 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
96 |
*} |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
97 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
98 |
typ nat |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
99 |
typ bool |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
100 |
typ string (* the type for alpha-equated lambda-terms *) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
101 |
typ "('a \<times> 'b)" (* pair type *)
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
102 |
typ "'c set" (* set type *) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
103 |
typ "'a list" (* list type *) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
104 |
typ "nat \<Rightarrow> bool" (* the type of functions from nat to bool *) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
105 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
106 |
(* These give errors: *) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
107 |
(*typ boolean *) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
108 |
(*typ set*) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
109 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
110 |
text {*****************************************************************
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
111 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
112 |
Terms |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
113 |
----- |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
114 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
115 |
Every term in Isabelle needs to be well-typed (however they can have |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
116 |
polymorphic type). Whether a term is accepted can be queried using: |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
117 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
118 |
*} |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
119 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
120 |
term c (* a variable of polymorphic type *) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
121 |
term "1::nat" (* the constant 1 in natural numbers *) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
122 |
term 1 (* the constant 1 with polymorphic type *) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
123 |
term "{1, 2, 3::nat}" (* the set containing natural numbers 1, 2 and 3 *)
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
124 |
term "[1, 2, 3]" (* the list containing the polymorphic numbers 1, 2 and 3 *) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
125 |
term "(True, ''c'')" (* a pair consisting of true and the string "c" *) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
126 |
term "Suc 0" (* successor of 0, in other words 1 *) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
127 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
128 |
text {*
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
129 |
Isabelle provides some useful colour feedback about what are constants (in black), |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
130 |
free variables (in blue) and bound variables (in green). *} |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
131 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
132 |
term "True" (* a constant that is defined in HOL *) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
133 |
term "true" (* not recognised as a constant, therefore it is interpreted as a variable *) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
134 |
term "\<forall>x. P x" (* x is bound, P is free *) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
135 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
136 |
text {* Every formula in Isabelle needs to have type bool *}
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
137 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
138 |
term "True" |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
139 |
term "True \<and> False" |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
140 |
term "True \<or> B" |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
141 |
term "{1,2,3} = {3,2,1}"
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
142 |
term "\<forall>x. P x" |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
143 |
term "A \<longrightarrow> B" |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
144 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
145 |
text {*
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
146 |
When working with Isabelle, one is confronted with an object logic (that is HOL) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
147 |
and Isabelle's meta-logic (called Pure). Sometimes one has to pay attention |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
148 |
to this fact. *} |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
149 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
150 |
term "A \<longrightarrow> B" (* versus *) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
151 |
term "A \<Longrightarrow> B" |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
152 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
153 |
term "\<forall>x. P x" (* versus *) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
154 |
term "\<And>x. P x" |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
155 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
156 |
term "A \<Longrightarrow> B \<Longrightarrow> C" (* is synonymous with *) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
157 |
term "\<lbrakk>A; B\<rbrakk> \<Longrightarrow> C" |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
158 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
159 |
text {*****************************************************************
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
160 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
161 |
Inductive Definitions: The even predicate |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
162 |
----------------------------------------- |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
163 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
164 |
Inductive definitions start with the keyword "inductive" and a predicate name. |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
165 |
One also needs to provide a type for the predicate. Clauses of the inductive |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
166 |
predicate are introduced by "where" and more than two clauses need to be |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
167 |
separated by "|". Optionally one can give a name to each clause and indicate |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
168 |
that it should be added to the hints database ("[intro]"). A typical clause
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
169 |
has some premises and a conclusion. This is written in Isabelle as: |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
170 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
171 |
"premise \<Longrightarrow> conclusion" |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
172 |
"\<lbrakk>premise1; premise2; \<dots> \<rbrakk> \<Longrightarrow> conclusion" |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
173 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
174 |
If no premise is present, then one just writes |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
175 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
176 |
"conclusion" |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
177 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
178 |
Below we define the even predicate for natural numbers. |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
179 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
180 |
*} |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
181 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
182 |
inductive |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
183 |
even :: "nat \<Rightarrow> bool" |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
184 |
where |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
185 |
eZ[intro]: "even 0" |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
186 |
| eSS[intro]: "even n \<Longrightarrow> even (Suc (Suc n))" |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
187 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
188 |
text {*****************************************************************
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
189 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
190 |
Theorems |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
191 |
-------- |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
192 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
193 |
A central concept in Isabelle is that of theorems. Isabelle's theorem |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
194 |
database can be queried using |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
195 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
196 |
*} |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
197 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
198 |
thm eZ |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
199 |
thm eSS |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
200 |
thm conjI |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
201 |
thm conjunct1 |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
202 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
203 |
text {*
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
204 |
Notice that theorems usually contain schematic variables (e.g. ?P, ?Q, \<dots>). |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
205 |
These schematic variables can be substituted with any term (of the right type |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
206 |
of course). It is sometimes useful to suppress the "?" from the schematic |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
207 |
variables. This can be achieved by using the attribute "[no_vars]". *} |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
208 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
209 |
thm eZ[no_vars] |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
210 |
thm eSS[no_vars] |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
211 |
thm conjI[no_vars] |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
212 |
thm conjunct1[no_vars] |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
213 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
214 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
215 |
text {*
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
216 |
When defining the predicate eval, Isabelle provides us automatically with |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
217 |
the following theorems that state how the even predicate can be introduced |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
218 |
and what constitutes an induction over the predicate even. *} |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
219 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
220 |
thm even.intros[no_vars] |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
221 |
thm even.induct[no_vars] |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
222 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
223 |
text {*****************************************************************
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
224 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
225 |
Lemma / Theorem / Corollary Statements |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
226 |
-------------------------------------- |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
227 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
228 |
Whether to use lemma, theorem or corollary makes no semantic difference |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
229 |
in Isabelle. A lemma starts with "lemma" and consists of a statement |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
230 |
("shows \<dots>") and optionally a lemma name, some type-information for
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
231 |
variables ("fixes \<dots>") and some assumptions ("assumes \<dots>"). Lemmas
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
232 |
also need to have a proof, but ignore this 'detail' for the moment. |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
233 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
234 |
*} |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
235 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
236 |
lemma even_double: |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
237 |
shows "even (2 * n)" |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
238 |
by (induct n) (auto) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
239 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
240 |
lemma even_add_n_m: |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
241 |
assumes a: "even n" |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
242 |
and b: "even m" |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
243 |
shows "even (n + m)" |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
244 |
using a b by (induct) (auto) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
245 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
246 |
lemma neutral_element: |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
247 |
fixes x::"nat" |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
248 |
shows "x + 0 = x" |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
249 |
by simp |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
250 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
251 |
text {*****************************************************************
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
252 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
253 |
Isar Proofs |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
254 |
----------- |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
255 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
256 |
Isar is a language for writing down proofs that can be understood by humans |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
257 |
and by Isabelle. An Isar proof can be thought of as a sequence of 'stepping stones' |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
258 |
that start with the assumptions and lead to the goal to be established. Every such |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
259 |
stepping stone is introduced by "have" followed by the statement of the stepping |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
260 |
stone. An exception is the goal to be proved, which need to be introduced with "show". |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
261 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
262 |
Since proofs usually do not proceed in a linear fashion, a label can be given |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
263 |
to each stepping stone and then used later to refer to this stepping stone |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
264 |
("using").
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
265 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
266 |
Each stepping stone (or have-statement) needs to have a justification. The |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
267 |
simplest justification is "sorry" which admits any stepping stone, even false |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
268 |
ones (this is good during the development of proofs). Assumption can be |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
269 |
"justified" using "by fact". Derived facts can be justified using |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
270 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
271 |
- by simp (* simplification *) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
272 |
- by auto (* proof search and simplification *) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
273 |
- by blast (* only proof search *) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
274 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
275 |
If facts or lemmas are needed in order to justify a have-statement, then |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
276 |
one can feed these facts into the proof by using "using label \<dots>" or |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
277 |
"using theorem-name \<dots>". More than one label at the time is allowed. |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
278 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
279 |
Induction proofs in Isar are set up by indicating over which predicate(s) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
280 |
the induction proceeds ("using a b") followed by the command "proof (induct)".
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
281 |
In this way, Isabelle uses default settings for which induction should |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
282 |
be performed. These default settings can be overridden by giving more |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
283 |
information, like the variable over which a structural induction should |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
284 |
proceed, or a specific induction principle such as well-founded inductions. |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
285 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
286 |
After the induction is set up, the proof proceeds by cases. In Isar these |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
287 |
cases can be given in any order, but must be started with "case" and the |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
288 |
name of the case, and optionally some legible names for the variables |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
289 |
referred to inside the case. |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
290 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
291 |
The possible case-names can be found by looking inside the menu "Isabelle -> |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
292 |
Show me -> cases". In each "case", we need to establish a statement introduced |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
293 |
by "show". Once this has been done, the next case can be started using "next". |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
294 |
When all cases are completed, the proof can be finished using "qed". |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
295 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
296 |
This means a typical induction proof has the following pattern |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
297 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
298 |
proof (induct) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
299 |
case \<dots> |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
300 |
\<dots> |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
301 |
show \<dots> |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
302 |
next |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
303 |
case \<dots> |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
304 |
\<dots> |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
305 |
show \<dots> |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
306 |
\<dots> |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
307 |
qed |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
308 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
309 |
The four lemmas are by induction on the predicate machines. All proofs establish |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
310 |
the same property, namely a transitivity rule for machines. The complete Isar |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
311 |
proofs are given for the first three proofs. The point of these three proofs is |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
312 |
that each proof increases the readability for humans. |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
313 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
314 |
*} |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
315 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
316 |
text {*****************************************************************
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
317 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
318 |
1.) EXERCISE |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
319 |
------------ |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
320 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
321 |
Remove the sorries in the proof below and fill in the correct |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
322 |
justifications. |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
323 |
*} |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
324 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
325 |
lemma |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
326 |
shows "even (2 * n)" |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
327 |
proof (induct n) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
328 |
case 0 |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
329 |
show "even (2 * 0)" sorry |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
330 |
next |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
331 |
case (Suc n) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
332 |
have ih: "even (2 * n)" by fact |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
333 |
have eq: "2 * (Suc n) = Suc (Suc (2 * n))" sorry |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
334 |
have h1: "even (Suc (Suc (2 * n)))" sorry |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
335 |
show "even (2 * (Suc n))" sorry |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
336 |
qed |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
337 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
338 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
339 |
text {*****************************************************************
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
340 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
341 |
2.) EXERCISE |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
342 |
------------ |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
343 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
344 |
Remove the sorries in the proof below and fill in the correct |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
345 |
justifications. |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
346 |
*} |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
347 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
348 |
lemma |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
349 |
shows "even (n + n)" |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
350 |
proof (induct n) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
351 |
case 0 |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
352 |
show "even (0 + 0)" sorry |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
353 |
next |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
354 |
case (Suc n) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
355 |
have ih: "even (n + n)" by fact |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
356 |
have eq: "(Suc n) + (Suc n) = Suc (Suc (n + n))" sorry |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
357 |
have a: "even (Suc (Suc (n + n)))" sorry |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
358 |
show "even ((Suc n) + (Suc n))" sorry |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
359 |
qed |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
360 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
361 |
text {*
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
362 |
Just like gotos in the Basic programming language, labels can reduce |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
363 |
the readability of proofs. Therefore one can use in Isar the notation |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
364 |
"then have" in order to feed a have-statement to the proof of |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
365 |
the next have-statement. In the proof below this has been used |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
366 |
in order to get rid of the labels a. |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
367 |
*} |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
368 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
369 |
lemma even_twice: |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
370 |
shows "even (n + n)" |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
371 |
proof (induct n) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
372 |
case 0 |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
373 |
show "even (0 + 0)" by auto |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
374 |
next |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
375 |
case (Suc n) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
376 |
have ih: "even (n + n)" by fact |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
377 |
have eq: "(Suc n) + (Suc n) = Suc (Suc (n + n))" by simp |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
378 |
have "even (Suc (Suc (n + n)))" using ih by auto |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
379 |
then show "even ((Suc n) + (Suc n))" using eq by simp |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
380 |
qed |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
381 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
382 |
text {*
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
383 |
The label eq cannot be got rid of in this way, because both |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
384 |
facts are needed to prove the show-statement. We can still avoid the |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
385 |
labels by feeding a sequence of facts into a proof using the chaining |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
386 |
mechanism: |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
387 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
388 |
have "statement1" \<dots> |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
389 |
moreover |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
390 |
have "statement2" \<dots> |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
391 |
\<dots> |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
392 |
moreover |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
393 |
have "statementn" \<dots> |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
394 |
ultimately have "statement" \<dots> |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
395 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
396 |
In this chain, all "statementi" can be used in the proof of the final |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
397 |
"statement". With this we can simplify our proof further to: |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
398 |
*} |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
399 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
400 |
lemma |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
401 |
shows "even (n + n)" |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
402 |
proof (induct n) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
403 |
case 0 |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
404 |
show "even (0 + 0)" by auto |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
405 |
next |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
406 |
case (Suc n) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
407 |
have ih: "even (n + n)" by fact |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
408 |
have "(Suc n) + (Suc n) = Suc (Suc (n + n))" by simp |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
409 |
moreover |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
410 |
have "even (Suc (Suc (n + n)))" using ih by auto |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
411 |
ultimately show "even ((Suc n) + (Suc n))" by simp |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
412 |
qed |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
413 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
414 |
text {*
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
415 |
While automatic proof procedures in Isabelle are not able to prove statements |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
416 |
like "P = NP" assuming usual definitions for P and NP, they can automatically |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
417 |
discharge the lemmas we just proved. For this we only have to set up the induction |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
418 |
and auto will take care of the rest. This means we can write: |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
419 |
*} |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
420 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
421 |
lemma |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
422 |
shows "even (2 * n)" |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
423 |
by (induct n) (auto) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
424 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
425 |
lemma |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
426 |
shows "even (n + n)" |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
427 |
by (induct n) (auto) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
428 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
429 |
text {*****************************************************************
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
430 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
431 |
Rule Inductions |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
432 |
--------------- |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
433 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
434 |
Inductive predicates are defined in terms of rules of the form |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
435 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
436 |
prem1 \<dots> premn |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
437 |
-------------- |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
438 |
concl |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
439 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
440 |
In Isabelle we write such rules as |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
441 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
442 |
\<lbrakk>prem1; \<dots>; premn\<rbrakk> \<Longrightarrow> concl |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
443 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
444 |
You can do induction over such rules according to the following |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
445 |
scheme: |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
446 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
447 |
1.) Assume the property for the premises. Assume the side-conditions. |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
448 |
2.) Show the property for the conclusion. |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
449 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
450 |
In Isabelle the corresponding theorem is called, for example |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
451 |
*} |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
452 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
453 |
thm even.induct |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
454 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
455 |
text {*****************************************************************
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
456 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
457 |
3.) EXERCISE |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
458 |
------------ |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
459 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
460 |
Remove the sorries in the proof below and fill in the correct |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
461 |
justifications. |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
462 |
*} |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
463 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
464 |
lemma even_add: |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
465 |
assumes a: "even n" |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
466 |
and b: "even m" |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
467 |
shows "even (n + m)" |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
468 |
using a b |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
469 |
proof (induct) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
470 |
case eZ |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
471 |
have as: "even m" by fact |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
472 |
show "even (0 + m)" sorry |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
473 |
next |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
474 |
case (eSS n) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
475 |
have ih: "even m \<Longrightarrow> even (n + m)" by fact |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
476 |
have as: "even m" by fact |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
477 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
478 |
show "even (Suc (Suc n) + m)" sorry |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
479 |
qed |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
480 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
481 |
text {*
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
482 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
483 |
Whenever a lemma is of the form |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
484 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
485 |
lemma |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
486 |
assumes "pred" |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
487 |
and \<dots> |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
488 |
shows "something" |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
489 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
490 |
then a rule induction is generally appropriate (but |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
491 |
not always). |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
492 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
493 |
In case of even_add it is definitely *not* appropriate. |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
494 |
Compare for example what you have to prove when you attempt |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
495 |
an induction over natural numbers. |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
496 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
497 |
*} |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
498 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
499 |
lemma even_add_does_not_work: |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
500 |
assumes a: "even n" |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
501 |
and b: "even m" |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
502 |
shows "even (n + m)" |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
503 |
using a b |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
504 |
proof (induct n rule: nat_induct) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
505 |
case 0 |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
506 |
have "even m" by fact |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
507 |
then show "even (0 + m)" by simp |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
508 |
next |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
509 |
case (Suc n) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
510 |
have ih: "\<lbrakk>even n; even m\<rbrakk> \<Longrightarrow> even (n + m)" by fact |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
511 |
have as1: "even (Suc n)" by fact |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
512 |
have as2: "even m" by fact |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
513 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
514 |
show "even ((Suc n) + m)" oops |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
515 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
516 |
text {*****************************************************************
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
517 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
518 |
4.) EXERCISE (Last fact about even) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
519 |
----------------------------------- |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
520 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
521 |
Remove the sorries in the proof below and fill in the correct |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
522 |
justifications. The following two lemmas should be useful |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
523 |
*} |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
524 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
525 |
thm even_twice[no_vars] |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
526 |
thm even_add[no_vars] |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
527 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
528 |
text {*
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
529 |
Remember you can include lemmas in the "using" statement, |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
530 |
just like other facts. For example: |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
531 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
532 |
have "something" using even_twice by simp |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
533 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
534 |
*} |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
535 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
536 |
lemma even_mul: |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
537 |
assumes a: "even n" |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
538 |
shows "even (n * m)" |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
539 |
using a |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
540 |
proof (induct) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
541 |
case eZ |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
542 |
show "even (0 * m)" by auto |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
543 |
next |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
544 |
case (eSS n) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
545 |
have as: "even n" by fact |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
546 |
have ih: "even (n * m)" by fact |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
547 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
548 |
show "even (Suc (Suc n) * m)" sorry |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
549 |
qed |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
550 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
551 |
text {*****************************************************************
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
552 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
553 |
Definitions |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
554 |
----------- |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
555 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
556 |
Often it is useful to define new concepts in terms of existsing |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
557 |
concepts. In Isabelle you introduce definitions with the key- |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
558 |
word "definition". For example |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
559 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
560 |
*} |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
561 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
562 |
definition |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
563 |
divide :: "nat \<Rightarrow> nat \<Rightarrow> bool" ("_ DVD _" [100,100] 100)
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
564 |
where |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
565 |
"m DVD n = (\<exists>k. n = m * k)" |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
566 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
567 |
text {*
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
568 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
569 |
The annotation ("_ DVD _" [100,100] 100) introduces some fancier
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
570 |
syntax. In this case we define this predicate as infix. The underscores |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
571 |
correspond to the to arguments. The numbers stand for precedences. |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
572 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
573 |
Once this definition is stated, it can be accessed as a normal |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
574 |
theorem. For example |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
575 |
*} |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
576 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
577 |
thm divide_def |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
578 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
579 |
text {*
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
580 |
Below we prove the really last fact about even. Note |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
581 |
how we deal with existential quantified formulas, where |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
582 |
we have to use |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
583 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
584 |
obtain \<dots> where \<dots> |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
585 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
586 |
in order to obtain a witness with which we can reason further. |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
587 |
*} |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
588 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
589 |
lemma even_divide: |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
590 |
assumes a: "even n" |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
591 |
shows "2 DVD n" |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
592 |
using a |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
593 |
proof (induct) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
594 |
case eZ |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
595 |
have "0 = 2 * (0::nat)" by simp |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
596 |
then show "2 DVD 0" by (auto simp add: divide_def) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
597 |
next |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
598 |
case (eSS n) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
599 |
have "2 DVD n" by fact |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
600 |
then have "\<exists>k. n = 2 * k" by (simp add: divide_def) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
601 |
then obtain k where eq: "n = 2 * k" by (auto) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
602 |
have "Suc (Suc n) = 2 * (Suc k)" using eq by simp |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
603 |
then have "\<exists>k. Suc (Suc n) = 2 * k" by blast |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
604 |
then show "2 DVD (Suc (Suc n))" by (simp add: divide_def) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
605 |
qed |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
606 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
607 |
text {*****************************************************************
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
608 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
609 |
Function Definitions |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
610 |
-------------------- |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
611 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
612 |
Many functions over datatypes can be defined by recursion on the |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
613 |
structure. For this purpose, Isabelle provides "fun". To use it one needs |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
614 |
to give a name for the function, its type, optionally some pretty-syntax |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
615 |
and then some equations defining the function. Like in "inductive", |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
616 |
"fun" expects that more than one such equation is separated by "|". |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
617 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
618 |
Below we define function iteration using function composition |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
619 |
defined as "o". |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
620 |
*} |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
621 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
622 |
fun |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
623 |
iter :: "('a \<Rightarrow> 'a) \<Rightarrow> nat \<Rightarrow> ('a \<Rightarrow> 'a)" ("_ !! _")
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
624 |
where |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
625 |
"f !! 0 = (\<lambda>x. x)" |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
626 |
| "f !! (Suc n) = (f !! n) o f" |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
627 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
628 |
text {*
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
629 |
5.) EXERCISE |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
630 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
631 |
Prove the following property by induction over n. |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
632 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
633 |
*} |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
634 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
635 |
lemma |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
636 |
shows "f !! (m + n) = (f !! m) o (f !! n)" |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
637 |
sorry |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
638 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
639 |
text {*
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
640 |
A textbook proof of this lemma usually goes: |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
641 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
642 |
Case 0: Trivial |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
643 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
644 |
Case (Suc n): We have to prove that |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
645 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
646 |
"f !! (m + (Suc n)) = f !! m o (f !! (Suc n))" |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
647 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
648 |
holds. The induction hypothesis is |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
649 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
650 |
"f !! (m + n) = (f !! m) o (f !! n)" |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
651 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
652 |
The proof is as follows |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
653 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
654 |
"f !! (m + (Suc n)) = f !! (Suc (m + n))" |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
655 |
= f !! (m + n) o f |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
656 |
= (f !! m) o (f !! n) o f (by ih) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
657 |
= (f !! m) o ((f !! n) o f) (by o_assoc) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
658 |
= (f !! m) o (f !! (Suc n)) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
659 |
Done. |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
660 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
661 |
*} |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
662 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
663 |
lemma |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
664 |
shows "f !! (m + n) = (f !! m) o (f !! n)" |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
665 |
proof (induct n) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
666 |
case 0 |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
667 |
show "f !! (m + 0) = (f !! m) o (f !! 0)" sorry |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
668 |
next |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
669 |
case (Suc n) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
670 |
have ih: "f !! (m + n) = (f !! m) o (f !! n)" by fact |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
671 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
672 |
show "f !! (m + (Suc n)) = f !! m o (f !! (Suc n))" sorry |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
673 |
qed |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
674 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
675 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
676 |
text {*
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
677 |
The following proof involves several steps of equational reasoning. |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
678 |
Isar provides some convenient means to express such equational |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
679 |
reasoning in a much cleaner fashion using the "also have" |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
680 |
construction. *} |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
681 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
682 |
lemma |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
683 |
shows "f !! (m + n) = (f !! m) o (f !! n)" |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
684 |
proof (induct n) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
685 |
case 0 |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
686 |
show "f !! (m + 0) = (f !! m) o (f !! 0)" by (simp add: comp_def) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
687 |
next |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
688 |
case (Suc n) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
689 |
have ih: "f !! (m + n) = (f !! m) o (f !! n)" by fact |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
690 |
have eq1: "f !! (m + (Suc n)) = f !! (Suc (m + n))" by simp |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
691 |
have eq2: "f !! (Suc (m + n)) = f !! (m + n) o f" by simp |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
692 |
have eq3: "f !! (m + n) o f = (f !! m) o (f !! n) o f" using ih by simp |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
693 |
have eq4: "(f !! m) o (f !! n) o f = (f !! m) o ((f !! n) o f)" by (simp add: o_assoc) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
694 |
have eq5: "(f !! m) o ((f !! n) o f) = (f !! m) o (f !! (Suc n))" by simp |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
695 |
show "f !! (m + (Suc n)) = f !! m o (f !! (Suc n))" |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
696 |
using eq1 eq2 eq3 eq4 eq5 by (simp only:) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
697 |
qed |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
698 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
699 |
text {*
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
700 |
The equations can be stringed together with "also have" and "\<dots>", |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
701 |
as shown below. *} |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
702 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
703 |
lemma |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
704 |
shows "f !! (m + n) = (f !! m) o (f !! n)" |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
705 |
proof (induct n) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
706 |
case 0 |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
707 |
show "f !! (m + 0) = (f !! m) o (f !! 0)" by (simp add: comp_def) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
708 |
next |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
709 |
case (Suc n) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
710 |
have ih: "f !! (m + n) = (f !! m) o (f !! n)" by fact |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
711 |
have "f !! (m + (Suc n)) = f !! (Suc (m + n))" by simp |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
712 |
also have "\<dots> = f !! (m + n) o f" by simp |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
713 |
also have "\<dots> = (f !! m) o (f !! n) o f" using ih by simp |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
714 |
also have "\<dots> = (f !! m) o ((f !! n) o f)" by (simp add: o_assoc) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
715 |
also have "\<dots> = (f !! m) o (f !! (Suc n))" by simp |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
716 |
finally show "f !! (m + (Suc n)) = f !! m o (f !! (Suc n))" by simp |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
717 |
qed |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
718 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
719 |
text {*
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
720 |
This type of equational reasoning also extends to relations. |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
721 |
For this consider the following power function and the auxiliary |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
722 |
fact about less-equal and multiplication. *} |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
723 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
724 |
fun |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
725 |
pow :: "nat \<Rightarrow> nat \<Rightarrow> nat" ("_ \<up> _")
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
726 |
where |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
727 |
"m \<up> 0 = 1" |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
728 |
| "m \<up> (Suc n) = m * (m \<up> n)" |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
729 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
730 |
lemma aux: |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
731 |
fixes a b c::"nat" |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
732 |
assumes a: "a \<le> b" |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
733 |
shows " (c * a) \<le> (c * b)" |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
734 |
using a by (auto) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
735 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
736 |
text {*
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
737 |
With this you can easily implement the following proof |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
738 |
which is straight taken out of Velleman's "How To Prove It". |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
739 |
*} |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
740 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
741 |
lemma |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
742 |
shows "1 + n * x \<le> (1 + x) \<up> n" |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
743 |
proof (induct n) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
744 |
case 0 |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
745 |
show "1 + 0 * x \<le> (1 + x) \<up> 0" by simp |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
746 |
next |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
747 |
case (Suc n) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
748 |
have ih: "1 + n * x \<le> (1 + x) \<up> n" by fact |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
749 |
have "1 + (Suc n) * x \<le> 1 + x + (n * x) + (n * x * x)" by (simp) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
750 |
also have "\<dots> = (1 + x) * (1 + n * x)" by simp |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
751 |
also have "\<dots> \<le> (1 + x) * ((1 + x) \<up> n)" using ih aux by blast |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
752 |
also have "\<dots> = (1 + x) \<up> (Suc n)" by simp |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
753 |
finally show "1 + (Suc n) * x \<le> (1 + x) \<up> (Suc n)" by simp |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
754 |
qed |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
755 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
756 |
text {*
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
757 |
What Velleman actually wants to prove is a proper |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
758 |
inequality. For this we can nest proofs. |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
759 |
*} |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
760 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
761 |
lemma |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
762 |
shows "n * x < (1 + x) \<up> n" |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
763 |
proof - |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
764 |
have "1 + n * x \<le> (1 + x) \<up> n" |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
765 |
proof (induct n) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
766 |
case 0 |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
767 |
show "1 + 0 * x \<le> (1 + x) \<up> 0" by simp |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
768 |
next |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
769 |
case (Suc n) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
770 |
have ih: "1 + n * x \<le> (1 + x) \<up> n" by fact |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
771 |
have "1 + (Suc n) * x \<le> 1 + x + (n * x) + (n * x * x)" by (simp) |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
772 |
also have "\<dots> = (1 + x) * (1 + n * x)" by simp |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
773 |
also have "\<dots> \<le> (1 + x) * ((1 + x) \<up> n)" using ih aux by blast |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
774 |
also have "\<dots> = (1 + x) \<up> (Suc n)" by simp |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
775 |
finally show "1 + (Suc n) * x \<le> (1 + x) \<up> (Suc n)" by simp |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
776 |
qed |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
777 |
then show "n * x < (1 + x) \<up> n" by simp |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
778 |
qed |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
779 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
780 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
781 |
end |
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
782 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
783 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
784 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
785 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
786 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
787 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
788 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
789 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
790 |
|
|
f1be8028a4a9
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
791 |