a = b c . . . 1 C ONTENT Intro & motivation, getting started - - PowerPoint PPT Presentation
NICTA Advanced Course Theorem Proving Principles, Techniques, Applications a = b c . . . 1 C ONTENT Intro & motivation, getting started with Isabelle Foundations & Principles Lambda Calculus Higher Order Logic,
NICTA Advanced Course Theorem Proving Principles, Techniques, Applications
1
CONTENT
➜ Intro & motivation, getting started with Isabelle ➜ Foundations & Principles
➜ Proof & Specification Techniques
CONTENT 2
LAST WEEK
➜ Constructive Logic & Curry-Howard-Isomorphism
LAST WEEK 3
LAST WEEK
➜ Constructive Logic & Curry-Howard-Isomorphism ➜ The Coq System
LAST WEEK 3-A
LAST WEEK
➜ Constructive Logic & Curry-Howard-Isomorphism ➜ The Coq System ➜ The HOL4 system
LAST WEEK 3-B
LAST WEEK
➜ Constructive Logic & Curry-Howard-Isomorphism ➜ The Coq System ➜ The HOL4 system ➜ Before that: datatypes, recursion, induction
LAST WEEK 3-C
GENERAL RECURSION
The Choice
GENERAL RECURSION 4
GENERAL RECURSION
The Choice
➜ Limited expressiveness, automatic termination
GENERAL RECURSION 4-A
GENERAL RECURSION
The Choice
➜ Limited expressiveness, automatic termination
➜ High expressiveness, prove termination manually
GENERAL RECURSION 4-B
RECDEF — EXAMPLES
consts sep :: ”’a × ’a list ⇒ ’a list” recdef sep ”measure (λ(a, xs). size xs)” ”sep (a, x # y # zs) = x # a # sep (a, y # zs)” ”sep (a, xs) = xs”
RECDEF — EXAMPLES
5
RECDEF — EXAMPLES
consts sep :: ”’a × ’a list ⇒ ’a list” recdef sep ”measure (λ(a, xs). size xs)” ”sep (a, x # y # zs) = x # a # sep (a, y # zs)” ”sep (a, xs) = xs” consts ack :: ”nat × nat ⇒ nat” recdef ack ”measure (λm. m) <*lex*> measure (λn. n)” ”ack (0, n) = Suc n” ”ack (Suc m, 0) = ack (m, 1)” ”ack (Suc m, Suc n) = ack (m, ack (Suc m, n))”
RECDEF — EXAMPLES
5-A
RECDEF
➜ The definiton:
(measure sufficient for most cases)
RECDEF
6
RECDEF
➜ The definiton:
(measure sufficient for most cases) ➜ Termination relation:
RECDEF
6-A
RECDEF
➜ The definiton:
(measure sufficient for most cases) ➜ Termination relation:
➜ Generates own induction principle
RECDEF
6-B
RECDEF — INDUCTION PRINCIPLE
➜ Each recdef definition induces an induction principle
RECDEF — INDUCTION PRINCIPLE
7
RECDEF — INDUCTION PRINCIPLE
➜ Each recdef definition induces an induction principle ➜ For each equation: show that the property holds for the lhs provided it holds for each recursive call on the rhs
RECDEF — INDUCTION PRINCIPLE
7-A
RECDEF — INDUCTION PRINCIPLE
➜ Each recdef definition induces an induction principle ➜ For each equation: show that the property holds for the lhs provided it holds for each recursive call on the rhs ➜ Example sep.induct: [ [ V a. P a []; V a w. P a [w] V a x y zs. P a (y#zs) = ⇒ P a (x#y#zs); ] ] = ⇒ P a xs
RECDEF — INDUCTION PRINCIPLE
7-B
TERMINATION
Isabelle tries to prove termination automatically
➜ For most functions and termination relations this works.
TERMINATION 8
TERMINATION
Isabelle tries to prove termination automatically
➜ For most functions and termination relations this works. ➜ Sometimes not
TERMINATION 8-A
TERMINATION
Isabelle tries to prove termination automatically
➜ For most functions and termination relations this works. ➜ Sometimes not ⇒ error message with unsolved subgoal
TERMINATION 8-B
TERMINATION
Isabelle tries to prove termination automatically
➜ For most functions and termination relations this works. ➜ Sometimes not ⇒ error message with unsolved subgoal ➜ You can give hints (additional lemmas) to the recdef package: recdef quicksort ”measure length” quicksort [] = [] quicksort (x#xs) = quicksort [y ∈ xs.y ≤ x]@[x]@ quicksort [y ∈ xs.x < y] (hints recdef simp: less Suc eq le)
TERMINATION 8-C
TERMINATION
Isabelle tries to prove termination automatically
➜ For most functions and termination relations this works. ➜ Sometimes not ⇒ error message with unsolved subgoal ➜ You can give hints (additional lemmas) to the recdef package: recdef quicksort ”measure length” quicksort [] = [] quicksort (x#xs) = quicksort [y ∈ xs.y ≤ x]@[x]@ quicksort [y ∈ xs.x < y] (hints recdef simp: less Suc eq le)
For exploration:
➜ allow failing termination proof
TERMINATION 8-D
TERMINATION
Isabelle tries to prove termination automatically
➜ For most functions and termination relations this works. ➜ Sometimes not ⇒ error message with unsolved subgoal ➜ You can give hints (additional lemmas) to the recdef package: recdef quicksort ”measure length” quicksort [] = [] quicksort (x#xs) = quicksort [y ∈ xs.y ≤ x]@[x]@ quicksort [y ∈ xs.x < y] (hints recdef simp: less Suc eq le)
For exploration:
➜ allow failing termination proof ➜ recdef (permissive) quicksort ”measure length”
TERMINATION 8-E
TERMINATION
Isabelle tries to prove termination automatically
➜ For most functions and termination relations this works. ➜ Sometimes not ⇒ error message with unsolved subgoal ➜ You can give hints (additional lemmas) to the recdef package: recdef quicksort ”measure length” quicksort [] = [] quicksort (x#xs) = quicksort [y ∈ xs.y ≤ x]@[x]@ quicksort [y ∈ xs.x < y] (hints recdef simp: less Suc eq le)
For exploration:
➜ allow failing termination proof ➜ recdef (permissive) quicksort ”measure length” ➜ termination conditions as assumption in simp and induct rules
TERMINATION 8-F
9
HOW DOES RECDEF WORK?
We need: general recursion operator
HOW DOES RECDEF WORK? 10
HOW DOES RECDEF WORK?
We need: general recursion operator something like: rec F = F (rec F)
HOW DOES RECDEF WORK? 10-A
HOW DOES RECDEF WORK?
We need: general recursion operator something like: rec F = F (rec F)
(F stands for the recursion equations)
Example:
HOW DOES RECDEF WORK? 10-B
HOW DOES RECDEF WORK?
We need: general recursion operator something like: rec F = F (rec F)
(F stands for the recursion equations)
Example:
➜ recursion equations: f = 0 f (Suc n) = fn
HOW DOES RECDEF WORK? 10-C
HOW DOES RECDEF WORK?
We need: general recursion operator something like: rec F = F (rec F)
(F stands for the recursion equations)
Example:
➜ recursion equations: f = 0 f (Suc n) = fn ➜ as one λ-term: f = λn′. case n′ of 0 ⇒ 0 | Suc n ⇒ f n
HOW DOES RECDEF WORK? 10-D
HOW DOES RECDEF WORK?
We need: general recursion operator something like: rec F = F (rec F)
(F stands for the recursion equations)
Example:
➜ recursion equations: f = 0 f (Suc n) = fn ➜ as one λ-term: f = λn′. case n′ of 0 ⇒ 0 | Suc n ⇒ f n ➜ functor: F = λf. λn′. case n′ of 0 ⇒ 0 | Suc n ⇒ f n
HOW DOES RECDEF WORK? 10-E
HOW DOES RECDEF WORK?
We need: general recursion operator something like: rec F = F (rec F)
(F stands for the recursion equations)
Example:
➜ recursion equations: f = 0 f (Suc n) = fn ➜ as one λ-term: f = λn′. case n′ of 0 ⇒ 0 | Suc n ⇒ f n ➜ functor: F = λf. λn′. case n′ of 0 ⇒ 0 | Suc n ⇒ f n ➜ rec :: ((α ⇒ β) ⇒ (α ⇒ β)) ⇒ (α ⇒ β) like above cannot exist in HOL (only total functions) ➜ But ’guarded’ form possible: wfrec :: (α × α) set ⇒ ((α ⇒ β) ⇒ (α ⇒ β)) ⇒ (α ⇒ β) ➜ (α × α) set a well founded order, decreasing with execution
HOW DOES RECDEF WORK? 10-F
HOW DOES RECDEF WORK?
Why rec F = F (rec F)?
HOW DOES RECDEF WORK? 11
HOW DOES RECDEF WORK?
Why rec F = F (rec F)? Because we want the recursion equations to hold. Example: F ≡ λg. λn′. case n′ of 0 ⇒ 0 | Suc n ⇒ g n f ≡ rec F
HOW DOES RECDEF WORK? 11-A
HOW DOES RECDEF WORK?
Why rec F = F (rec F)? Because we want the recursion equations to hold. Example: F ≡ λg. λn′. case n′ of 0 ⇒ 0 | Suc n ⇒ g n f ≡ rec F f 0 = rec F 0
HOW DOES RECDEF WORK? 11-B
HOW DOES RECDEF WORK?
Why rec F = F (rec F)? Because we want the recursion equations to hold. Example: F ≡ λg. λn′. case n′ of 0 ⇒ 0 | Suc n ⇒ g n f ≡ rec F f 0 = rec F 0 . . . = F (rec F) 0
HOW DOES RECDEF WORK? 11-C
HOW DOES RECDEF WORK?
Why rec F = F (rec F)? Because we want the recursion equations to hold. Example: F ≡ λg. λn′. case n′ of 0 ⇒ 0 | Suc n ⇒ g n f ≡ rec F f 0 = rec F 0 . . . = F (rec F) 0 . . . = (λg. λn′. case n′ of 0 ⇒ 0| Suc n ⇒ g n) (rec F) 0
HOW DOES RECDEF WORK? 11-D
HOW DOES RECDEF WORK?
Why rec F = F (rec F)? Because we want the recursion equations to hold. Example: F ≡ λg. λn′. case n′ of 0 ⇒ 0 | Suc n ⇒ g n f ≡ rec F f 0 = rec F 0 . . . = F (rec F) 0 . . . = (λg. λn′. case n′ of 0 ⇒ 0| Suc n ⇒ g n) (rec F) 0 . . . = (case 0 of 0 ⇒ 0 | Suc n ⇒ rec F n)
HOW DOES RECDEF WORK? 11-E
HOW DOES RECDEF WORK?
Why rec F = F (rec F)? Because we want the recursion equations to hold. Example: F ≡ λg. λn′. case n′ of 0 ⇒ 0 | Suc n ⇒ g n f ≡ rec F f 0 = rec F 0 . . . = F (rec F) 0 . . . = (λg. λn′. case n′ of 0 ⇒ 0| Suc n ⇒ g n) (rec F) 0 . . . = (case 0 of 0 ⇒ 0 | Suc n ⇒ rec F n) . . . =
HOW DOES RECDEF WORK? 11-F
WELL FOUNDED ORDERS
Definition <r is well founded if well founded induction holds wf r ≡ ∀P. (∀x. (∀y <r x.P y) − → P x) − → (∀x. P x)
WELL FOUNDED ORDERS 12
WELL FOUNDED ORDERS
Definition <r is well founded if well founded induction holds wf r ≡ ∀P. (∀x. (∀y <r x.P y) − → P x) − → (∀x. P x) Well founded induction rule: wf r
⇒ Px Pa
WELL FOUNDED ORDERS 12-A
WELL FOUNDED ORDERS
Definition <r is well founded if well founded induction holds wf r ≡ ∀P. (∀x. (∀y <r x.P y) − → P x) − → (∀x. P x) Well founded induction rule: wf r
⇒ Px Pa Alternative definition (equivalent): there are no infi nite descending chains, or (equivalent): every nonempty set has a minimal element wrt <r min r Q x ≡ ∀y ∈ Q. y <r x wf r = (∀Q = {}. ∃m ∈ Q. min r Q m)
WELL FOUNDED ORDERS 12-B
WELL FOUNDED ORDERS: EXAMPLES
➜ < on I N is well founded well founded induction = complete induction
WELL FOUNDED ORDERS: EXAMPLES 13
WELL FOUNDED ORDERS: EXAMPLES
➜ < on I N is well founded well founded induction = complete induction ➜ > and ≤ on I N are not well founded
WELL FOUNDED ORDERS: EXAMPLES 13-A
WELL FOUNDED ORDERS: EXAMPLES
➜ < on I N is well founded well founded induction = complete induction ➜ > and ≤ on I N are not well founded ➜ x <r y = x dvd y ∧ x = 1 on I N is well founded the minimal elements are the prime numbers
WELL FOUNDED ORDERS: EXAMPLES 13-B
WELL FOUNDED ORDERS: EXAMPLES
➜ < on I N is well founded well founded induction = complete induction ➜ > and ≤ on I N are not well founded ➜ x <r y = x dvd y ∧ x = 1 on I N is well founded the minimal elements are the prime numbers ➜ (a, b) <r (x, y) = a <1 x ∨ a = x ∧ b <1 y is well founded if <1 and <2 are
WELL FOUNDED ORDERS: EXAMPLES 13-C
WELL FOUNDED ORDERS: EXAMPLES
➜ < on I N is well founded well founded induction = complete induction ➜ > and ≤ on I N are not well founded ➜ x <r y = x dvd y ∧ x = 1 on I N is well founded the minimal elements are the prime numbers ➜ (a, b) <r (x, y) = a <1 x ∨ a = x ∧ b <1 y is well founded if <1 and <2 are ➜ A <r B = A ⊂ B ∧ finite B is well founded
WELL FOUNDED ORDERS: EXAMPLES 13-D
WELL FOUNDED ORDERS: EXAMPLES
➜ < on I N is well founded well founded induction = complete induction ➜ > and ≤ on I N are not well founded ➜ x <r y = x dvd y ∧ x = 1 on I N is well founded the minimal elements are the prime numbers ➜ (a, b) <r (x, y) = a <1 x ∨ a = x ∧ b <1 y is well founded if <1 and <2 are ➜ A <r B = A ⊂ B ∧ finite B is well founded ➜ ⊆ and ⊂ in general are not well founded
More about well founded relations: Term Rewriting and All That
WELL FOUNDED ORDERS: EXAMPLES 13-E
THE RECURSION OPERATOR
Back to recursion: rec F = F (rec F) not possible Idea:
THE RECURSION OPERATOR 14
THE RECURSION OPERATOR
Back to recursion: rec F = F (rec F) not possible Idea: have wfrec R F where R is well founded
THE RECURSION OPERATOR 14-A
THE RECURSION OPERATOR
Back to recursion: rec F = F (rec F) not possible Idea: have wfrec R F where R is well founded Cut:
➜ only do recursion if parameter decreases wrt R ➜ otherwise: abort
THE RECURSION OPERATOR 14-B
THE RECURSION OPERATOR
Back to recursion: rec F = F (rec F) not possible Idea: have wfrec R F where R is well founded Cut:
➜ only do recursion if parameter decreases wrt R ➜ otherwise: abort ➜ arbitrary :: α cut :: (α ⇒ β) ⇒ (α × α) set ⇒ α ⇒ (α ⇒ β) cut G R x ≡ λy. if (y, x) ∈ R then G y else arbitrary
THE RECURSION OPERATOR 14-C
THE RECURSION OPERATOR
Back to recursion: rec F = F (rec F) not possible Idea: have wfrec R F where R is well founded Cut:
➜ only do recursion if parameter decreases wrt R ➜ otherwise: abort ➜ arbitrary :: α cut :: (α ⇒ β) ⇒ (α × α) set ⇒ α ⇒ (α ⇒ β) cut G R x ≡ λy. if (y, x) ∈ R then G y else arbitrary
wf R = ⇒ wfrec R F x = F (cut (wfrec R F) R x) x
THE RECURSION OPERATOR 14-D
THE RECURSION OPERATOR
Admissible recursion
➜ recursive call for x only depends on parameters y <R x ➜ describes exactly one function if R is well founded
THE RECURSION OPERATOR 15
THE RECURSION OPERATOR
Admissible recursion
➜ recursive call for x only depends on parameters y <R x ➜ describes exactly one function if R is well founded adm wf R F ≡ ∀f g x. (∀z. (z, x) ∈ R − → f z = g z) − → F f x = F g x
THE RECURSION OPERATOR 15-A
THE RECURSION OPERATOR
Admissible recursion
➜ recursive call for x only depends on parameters y <R x ➜ describes exactly one function if R is well founded adm wf R F ≡ ∀f g x. (∀z. (z, x) ∈ R − → f z = g z) − → F f x = F g x
Definition of wf rec: again fi rst by induction, then by epsilon (x, ) ∈ wfrec rel R F
THE RECURSION OPERATOR 15-B
THE RECURSION OPERATOR
Admissible recursion
➜ recursive call for x only depends on parameters y <R x ➜ describes exactly one function if R is well founded adm wf R F ≡ ∀f g x. (∀z. (z, x) ∈ R − → f z = g z) − → F f x = F g x
Definition of wf rec: again fi rst by induction, then by epsilon (x, F g x) ∈ wfrec rel R F
THE RECURSION OPERATOR 15-C
THE RECURSION OPERATOR
Admissible recursion
➜ recursive call for x only depends on parameters y <R x ➜ describes exactly one function if R is well founded adm wf R F ≡ ∀f g x. (∀z. (z, x) ∈ R − → f z = g z) − → F f x = F g x
Definition of wf rec: again fi rst by induction, then by epsilon ∀z. (z, x) ∈ R − → (z, g z) ∈ wfrec rel R F (x, F g x) ∈ wfrec rel R F
THE RECURSION OPERATOR 15-D
THE RECURSION OPERATOR
Admissible recursion
➜ recursive call for x only depends on parameters y <R x ➜ describes exactly one function if R is well founded adm wf R F ≡ ∀f g x. (∀z. (z, x) ∈ R − → f z = g z) − → F f x = F g x
Definition of wf rec: again fi rst by induction, then by epsilon ∀z. (z, x) ∈ R − → (z, g z) ∈ wfrec rel R F (x, F g x) ∈ wfrec rel R F wfrec R F x ≡ THE y. (x, y) ∈ wfrec rel R (λf x. F (cut f R x) x)
More: John Harrison, Inductive definitions: automation and application
THE RECURSION OPERATOR 15-E
16
17
THE GOAL
x · x−1 = 1 · (x · x−1) . . . = 1 · x · x−1 . . . = (x−1)−1 · x−1 · x · x−1 . . . = (x−1)−1 · (x−1 · x) · x−1 . . . = (x−1)−1 · 1 · x−1 . . . = (x−1)−1 · (1 · x−1) . . . = (x−1)−1 · x−1 . . . = 1
THE GOAL 18
THE GOAL
x · x−1 = 1 · (x · x−1) . . . = 1 · x · x−1 . . . = (x−1)−1 · x−1 · x · x−1 . . . = (x−1)−1 · (x−1 · x) · x−1 . . . = (x−1)−1 · 1 · x−1 . . . = (x−1)−1 · (1 · x−1) . . . = (x−1)−1 · x−1 . . . = 1 Can we do this in Isabelle?
THE GOAL 18-A
THE GOAL
x · x−1 = 1 · (x · x−1) . . . = 1 · x · x−1 . . . = (x−1)−1 · x−1 · x · x−1 . . . = (x−1)−1 · (x−1 · x) · x−1 . . . = (x−1)−1 · 1 · x−1 . . . = (x−1)−1 · (1 · x−1) . . . = (x−1)−1 · x−1 . . . = 1 Can we do this in Isabelle?
➜ Simplifier: too eager
THE GOAL 18-B
THE GOAL
x · x−1 = 1 · (x · x−1) . . . = 1 · x · x−1 . . . = (x−1)−1 · x−1 · x · x−1 . . . = (x−1)−1 · (x−1 · x) · x−1 . . . = (x−1)−1 · 1 · x−1 . . . = (x−1)−1 · (1 · x−1) . . . = (x−1)−1 · x−1 . . . = 1 Can we do this in Isabelle?
➜ Simplifier: too eager ➜ Manual: difficult in apply stile
THE GOAL 18-C
THE GOAL
x · x−1 = 1 · (x · x−1) . . . = 1 · x · x−1 . . . = (x−1)−1 · x−1 · x · x−1 . . . = (x−1)−1 · (x−1 · x) · x−1 . . . = (x−1)−1 · 1 · x−1 . . . = (x−1)−1 · (1 · x−1) . . . = (x−1)−1 · x−1 . . . = 1 Can we do this in Isabelle?
➜ Simplifier: too eager ➜ Manual: difficult in apply stile ➜ Isar: with the methods we know, too verbose
THE GOAL 18-D
CHAINS OF EQUATIONS
The Problem a = b . . . = c . . . = d shows a = d by transitivity of =
CHAINS OF EQUATIONS 19
CHAINS OF EQUATIONS
The Problem a = b . . . = c . . . = d shows a = d by transitivity of = Each step usually nontrivial (requires own subproof)
CHAINS OF EQUATIONS 19-A
CHAINS OF EQUATIONS
The Problem a = b . . . = c . . . = d shows a = d by transitivity of = Each step usually nontrivial (requires own subproof) Solution in Isar:
➜ Keywords also and finally to delimit steps
CHAINS OF EQUATIONS 19-B
CHAINS OF EQUATIONS
The Problem a = b . . . = c . . . = d shows a = d by transitivity of = Each step usually nontrivial (requires own subproof) Solution in Isar:
➜ Keywords also and finally to delimit steps ➜ . . . : predefined schematic term variable, refers to right hand side of last expression
CHAINS OF EQUATIONS 19-C
CHAINS OF EQUATIONS
The Problem a = b . . . = c . . . = d shows a = d by transitivity of = Each step usually nontrivial (requires own subproof) Solution in Isar:
➜ Keywords also and finally to delimit steps ➜ . . . : predefined schematic term variable, refers to right hand side of last expression ➜ Automatic use of transitivity rules to connect steps
CHAINS OF EQUATIONS 19-D
ALSO/FINALLY
have ”t0 = t1” [proof] also
ALSO/FINALLY
20
ALSO/FINALLY
have ”t0 = t1” [proof] calculation register also ”t0 = t1”
ALSO/FINALLY
20-A
ALSO/FINALLY
have ”t0 = t1” [proof] calculation register also ”t0 = t1” have ”. . . = t2” [proof]
ALSO/FINALLY
20-B
ALSO/FINALLY
have ”t0 = t1” [proof] calculation register also ”t0 = t1” have ”. . . = t2” [proof] also ”t0 = t2”
ALSO/FINALLY
20-C
ALSO/FINALLY
have ”t0 = t1” [proof] calculation register also ”t0 = t1” have ”. . . = t2” [proof] also ”t0 = t2” . . . . . . also ”t0 = tn−1”
ALSO/FINALLY
20-D
ALSO/FINALLY
have ”t0 = t1” [proof] calculation register also ”t0 = t1” have ”. . . = t2” [proof] also ”t0 = t2” . . . . . . also ”t0 = tn−1” have ”· · · = tn” [proof]
ALSO/FINALLY
20-E
ALSO/FINALLY
have ”t0 = t1” [proof] calculation register also ”t0 = t1” have ”. . . = t2” [proof] also ”t0 = t2” . . . . . . also ”t0 = tn−1” have ”· · · = tn” [proof] finally t0 = tn
ALSO/FINALLY
20-F
ALSO/FINALLY
have ”t0 = t1” [proof] calculation register also ”t0 = t1” have ”. . . = t2” [proof] also ”t0 = t2” . . . . . . also ”t0 = tn−1” have ”· · · = tn” [proof] finally t0 = tn show P —’fi nally’ pipes fact ”t0 = tn” into the proof
ALSO/FINALLY
20-G
MORE ABOUT ALSO
➜ Works for all combinations of =, ≤ and <.
MORE ABOUT ALSO 21
MORE ABOUT ALSO
➜ Works for all combinations of =, ≤ and <. ➜ Uses all rules declared as [trans].
MORE ABOUT ALSO 21-A
MORE ABOUT ALSO
➜ Works for all combinations of =, ≤ and <. ➜ Uses all rules declared as [trans]. ➜ To view all combinations in Proof General: Isabelle/Isar → Show me → Transitivity rules
MORE ABOUT ALSO 21-B
DESIGING [TRANS] RULES
calculation = ”l1 ⊙ r1” have ”. . . ⊙ r2” [proof] also ⇐ =
DESIGING [TRANS] RULES 22
DESIGING [TRANS] RULES
calculation = ”l1 ⊙ r1” have ”. . . ⊙ r2” [proof] also ⇐ =
Anatomy of a [trans] rule:
➜ Usual form: plain transitivity [ [l1 ⊙ r1; r1 ⊙ r2] ] = ⇒ l1 ⊙ r2
DESIGING [TRANS] RULES 22-A
DESIGING [TRANS] RULES
calculation = ”l1 ⊙ r1” have ”. . . ⊙ r2” [proof] also ⇐ =
Anatomy of a [trans] rule:
➜ Usual form: plain transitivity [ [l1 ⊙ r1; r1 ⊙ r2] ] = ⇒ l1 ⊙ r2 ➜ More general form: [ [P l1 r1; Q r1 r2; A] ] = ⇒ C l1 r2
Examples:
DESIGING [TRANS] RULES 22-B
DESIGING [TRANS] RULES
calculation = ”l1 ⊙ r1” have ”. . . ⊙ r2” [proof] also ⇐ =
Anatomy of a [trans] rule:
➜ Usual form: plain transitivity [ [l1 ⊙ r1; r1 ⊙ r2] ] = ⇒ l1 ⊙ r2 ➜ More general form: [ [P l1 r1; Q r1 r2; A] ] = ⇒ C l1 r2
Examples:
➜ pure transitivity: [ [a = b; b = c] ] = ⇒ a = c
DESIGING [TRANS] RULES 22-C
DESIGING [TRANS] RULES
calculation = ”l1 ⊙ r1” have ”. . . ⊙ r2” [proof] also ⇐ =
Anatomy of a [trans] rule:
➜ Usual form: plain transitivity [ [l1 ⊙ r1; r1 ⊙ r2] ] = ⇒ l1 ⊙ r2 ➜ More general form: [ [P l1 r1; Q r1 r2; A] ] = ⇒ C l1 r2
Examples:
➜ pure transitivity: [ [a = b; b = c] ] = ⇒ a = c ➜ mixed: [ [a ≤ b; b < c] ] = ⇒ a < c
DESIGING [TRANS] RULES 22-D
DESIGING [TRANS] RULES
calculation = ”l1 ⊙ r1” have ”. . . ⊙ r2” [proof] also ⇐ =
Anatomy of a [trans] rule:
➜ Usual form: plain transitivity [ [l1 ⊙ r1; r1 ⊙ r2] ] = ⇒ l1 ⊙ r2 ➜ More general form: [ [P l1 r1; Q r1 r2; A] ] = ⇒ C l1 r2
Examples:
➜ pure transitivity: [ [a = b; b = c] ] = ⇒ a = c ➜ mixed: [ [a ≤ b; b < c] ] = ⇒ a < c ➜ substitution: [ [P a; a = b] ] = ⇒ P b
DESIGING [TRANS] RULES 22-E
DESIGING [TRANS] RULES
calculation = ”l1 ⊙ r1” have ”. . . ⊙ r2” [proof] also ⇐ =
Anatomy of a [trans] rule:
➜ Usual form: plain transitivity [ [l1 ⊙ r1; r1 ⊙ r2] ] = ⇒ l1 ⊙ r2 ➜ More general form: [ [P l1 r1; Q r1 r2; A] ] = ⇒ C l1 r2
Examples:
➜ pure transitivity: [ [a = b; b = c] ] = ⇒ a = c ➜ mixed: [ [a ≤ b; b < c] ] = ⇒ a < c ➜ substitution: [ [P a; a = b] ] = ⇒ P b ➜ antisymmetry: [ [a < b; b < a] ] = ⇒ P
DESIGING [TRANS] RULES 22-F
DESIGING [TRANS] RULES
calculation = ”l1 ⊙ r1” have ”. . . ⊙ r2” [proof] also ⇐ =
Anatomy of a [trans] rule:
➜ Usual form: plain transitivity [ [l1 ⊙ r1; r1 ⊙ r2] ] = ⇒ l1 ⊙ r2 ➜ More general form: [ [P l1 r1; Q r1 r2; A] ] = ⇒ C l1 r2
Examples:
➜ pure transitivity: [ [a = b; b = c] ] = ⇒ a = c ➜ mixed: [ [a ≤ b; b < c] ] = ⇒ a < c ➜ substitution: [ [P a; a = b] ] = ⇒ P b ➜ antisymmetry: [ [a < b; b < a] ] = ⇒ P ➜ monotonicity: [ [a = f b; b < c; V x y. x < y = ⇒ f x < f y] ] = ⇒ a < f c
DESIGING [TRANS] RULES 22-G
23
WE HAVE SEEN TODAY ...
➜ Recdef ➜ More induction ➜ Well founded orders ➜ Well founded recursion ➜ Calculations: also/finally ➜ [trans]-rules
WE HAVE SEEN TODAY ... 24
EXERCISES
➜ Define a predicate sorted over lists ➜ Show that sorted (quicksort xs) holds ➜ Look at http://isabelle.in.tum.de/library/HOL/ Wellfounded_Recursion.html ➜ Show that in groups, the left-one is also a right-one: x · 1 = x (you can use the right inv lemma from the demo) ➜ Take an algebra textbook and formalize a simple theorem over groups in Isabelle.
EXERCISES 25