text‹\label{sec:rtc} \index{reflexive transitive closure!defining inductively|(}% An inductive definition may accept parameters, so it can express functions that yield sets. Relations too can be defined inductively, since they are just sets of pairs. A perfect example is the function that maps a relation to its reflexive transitive closure. This concept was already introduced in \S\ref{sec:Relations}, where the operator ‹🪙*› w
defined as a least fixed point because inductive definitions were not yet
available. But now they are: ›
text‹\noindent The function 🍋‹rtc› i ‹rtc r› we can write 🍋‹r*›. The actual definition
consists of two rules. Reflexivity is obvious andis immediately given the ‹iff› attribute to increase automation. The
second rule, @{thm[source]rtc_step}, says that we can always add one more 🍋‹r›-step to the left. Although we could make @{thm[source]rtc_step} an
introduction rule, this is dangerous: the recursion in the second premise
slows down and may even kill the automatic tactics.
The above definition of the concept of reflexive transitive closure may
be sufficiently intuitive but it is certainly not the only possible one: for a start, it does not even mention transitivity.
The rest of this sectionis devoted to proving that it is equivalent to
the standard definition. We start with a simple lemma: ›
text‹\noindent Although the lemma itself is an unremarkable consequence of the basic rules, it has the advantage that it can be declared an introduction rule without the danger of killing the automatic tactics because 🍋‹r*› o
the conclusion and not in the premise. Thus some proofs that would otherwise
need @{thm[source]rtc_step} can now be found automatically. The proofalso shows that ‹blast›is able to handle @{thm[source]rtc_step}. But
some of the other automatic tactics are more sensitive, and even ‹blast› can be lead astray in the presence of large numbers of rules.
To prove transitivity, we need rule induction, i.e.\ theorem
@{thm[source]rtc.induct}:
@{thm[display]rtc.induct}
It says that ‹?P› holds for an arbitrary pair @{thm (prem 1) rtc.induct} if‹?P›is preserved by all rules of the inductivedefinition,
i.e.\ if‹?P› holds for the conclusion provided it holds for the
premises. In general, rule inductionfor an $n$-ary inductive relation $R$
expects a premise of the form $(x@1,\dots,x@n) \in R$.
Now we turn to the inductiveproof of transitivity: ›
txt‹\noindent Unfortunately, even the base case is a problem: @{subgoals[display,indent=0,goals_limit=1]} We have to abandon this proof attempt. To understand what is going on, let us look again at @{thm[source]rtc.induct}. In the above application of ‹erule›,
@{thm[source]rtc.induct} is unified with the first suitable assumption, which is🍋‹(x,y) ∈ r*› rather than 🍋‹(y,z) ∈ r*›. Although that is what we want, it is merely due to the order in which the assumptions occur in the subgoal, which it is not good practice to rely on. As a result, ‹?xb› becomes 🍋‹x›, ‹?xa› becomes 🍋‹y›and‹?P› becomes 🍋‹λu v. (u,z) ∈ r*›, thus
yielding the above subgoal. So what went wrong?
When looking at the instantiation of ‹?P› we see that it does not
depend on its second parameter at all. The reason is that in our original
goal, of the pair 🍋‹(x,y)› only 🍋‹x› appears alsoin the
conclusion, but not 🍋‹y›. Thus our induction statement is too
general. Fortunately, it can easily be specialized:
transfer the additional premise 🍋‹(y,z)∈r*› into the conclusion:› (*<*)oops(*>*) lemma rtc_trans[rule_format]: "(x,y) ∈ r* ==> (y,z) ∈ r* ⟶ (x,z) ∈ r*"
txt‹\noindent This is not an obscure trick but a generally applicable heuristic: \begin{quote}\em When proving a statement by rule induction on $(x@1,\dots,x@n) \in R$, pull all other premises containing any of the $x@i$ into the conclusion using $\longrightarrow$. \end{quote} A similar heuristic for other kinds of inductions is formulated in \S\ref{sec:ind-var-in-prems}. The ‹rule_format› d ‹⟶›back into ‹==>›: in the end we obtain the original
statement of our lemma. ›
apply(erule rtc.induct)
txt‹\noindent Now induction produces two subgoals which are both proved automatically: @{subgoals[display,indent=0]} ›
apply(blast) apply(blast intro: rtc_step) done
text‹ Let us now prove that 🍋‹r*› i
of 🍋‹r›, i.e.\ the least reflexive and transitive
relation containing 🍋‹r›. The latter is easily formalized ›
inductive_set
rtc2 :: "('a × 'a)set ==> ('a × 'a)set" for r :: "('a × 'a)set" where "(x,y) ∈ r ==> (x,y) ∈ rtc2 r"
| "(x,x) ∈ rtc2 r"
| "[ (x,y) ∈ rtc2 r; (y,z) ∈ rtc2 r ]==> (x,z) ∈ rtc2 r"
text‹\noindent and the equivalence of the two definitions is easily shown by the obvious rule inductions: ›
text‹ So why did we start with the first definition? Because it is simpler. It contains only two rules, and the single step rule is simpler than transitivity. As a consequence, @{thm[source]rtc.induct} is simpler than @{thm[source]rtc2.induct}. Since inductive proofs are hard enough anyway, we should always pick the simplest induction schema available. Hence 🍋‹rtc› i \index{reflexive transitive closure!defining inductively|)}
\begin{exercise}\label{ex:converse-rtc-step} Show that the converse of @{thm[source]rtc_step} also holds:
@{prop[display]"[| (x,y) ∈ r*; (y,z) ∈ r |] ==> (x,z) ∈ r*"} \end{exercise} \begin{exercise}
Repeat the development of this section, but starting with a definition of 🍋‹rtc›where @{thm[source]rtc_step} is replaced by its converse as shown in exercise~\ref{ex:converse-rtc-step}. \end{exercise} › (*<*) lemma rtc_step2[rule_format]: "(x,y) ∈ r* ==> (y,z) ∈ r ⟶ (x,z) ∈ r*" apply(erule rtc.induct) apply blast apply(blast intro: rtc_step) done
end (*>*)
Messung V0.5 in Prozent
¤ Dauer der Verarbeitung: 0.14 Sekunden
(vorverarbeitet am 2026-04-28)
¤
Die Informationen auf dieser Webseite wurden
nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit,
noch Qualität der bereit gestellten Informationen zugesichert.
Bemerkung:
Die farbliche Syntaxdarstellung und die Messung sind noch experimentell.
