| products/Sources/formale Sprachen/Coq/proofs/ |
|
Quellcode-Bibliothek© Kompilation durch diese Firma[Weder Korrektheit noch Funktionsfähigkeit der Software werden zugesichert.]Datei: Arithmetic.ftn Sprache: FortranOriginal von: Isabelle© |
|
||||||
|
(* Title: CTT/CTT.thy
Author: Lawrence C Paulson, Cambridge University Computer Laboratory Copyright 1993 University of Cambridge *) theory CTT imports Pure begin section \<open>Constructive Type Theory: axiomatic basis\<close> ML_file \<open>~~/src/Provers/typedsimp.ML\<close> setup Pure_Thy.old_appl_syntax_setup typedecl i typedecl t typedecl o consts \<comment> \<open>Types\<close> F :: "t" T :: "t" \<comment> \<open>\<open>F\<close> is empty, \<open>T\<close> contains one element\<close> contr :: "i\ tt :: "i" \<comment> \<open>Natural numbers\<close> N :: "t" succ :: "i\ rec :: "[i, i, [i,i]\ \<comment> \<open>Unions\<close> inl :: "i\ inr :: "i\ "when" :: "[i, i\ \<comment> \<open>General Sum and Binary Product\<close> Sum :: "[t, i\ fst :: "i\ snd :: "i\ split :: "[i, [i,i]\ \<comment> \<open>General Product and Function Space\<close> Prod :: "[t, i\ \<comment> \<open>Types\<close> Plus :: "[t,t]\ \<comment> \<open>Equality type\<close> Eq :: "[t,i,i]\ eq :: "i" \<comment> \<open>Judgements\<close> Type :: "t \ Eqtype :: "[t,t]\ Elem :: "[i, t]\ Eqelem :: "[i,i,t]\ Reduce :: "[i,i]\ \<comment> \<open>Types\<close> \<comment> \<open>Functions\<close> lambda :: "(i \ app :: "[i,i]\ \<comment> \<open>Natural numbers\<close> Zero :: "i" ("0") \<comment> \<open>Pairing\<close> pair :: "[i,i]\ syntax "_PROD" :: "[idt,t,t]\ "_SUM" :: "[idt,t,t]\ translations "\ "\ abbreviation Arrow :: "[t,t]\ where "A \ abbreviation Times :: "[t,t]\ where "A \ text \<open> Reduction: a weaker notion than equality; a hack for simplification. \<open>Reduce[a,b]\<close> means either that \<open>a = b : A\<close> for some \<open>A\<close> or else that \<open>a\<close> and \<open>b\<close> are textually identical. Does not verify \<open>a:A\<close>! Sound because only \<open>trans_red\<close> uses a \<open>Reduce premise. No new theorems can be proved about the standard judgements. \<close> axiomatization where refl_red: "\ red_if_equal: "\ trans_red: "\ \<comment> \<open>Reflexivity\<close> refl_type: "\ refl_elem: "\ \<comment> \<open>Symmetry\<close> sym_type: "\ sym_elem: "\ \<comment> \<open>Transitivity\<close> trans_type: "\ trans_elem: "\ equal_types: "\ equal_typesL: "\ \<comment> \<open>Substitution\<close> subst_type: "\ subst_typeL: "\ subst_elem: "\ subst_elemL: "\ \<comment> \<open>The type \<open>N\<close> -- natural numbers\<close> NF: "N type" and NI0: "0 : N" and NI_succ: "\ NI_succL: "\ NE: "\ \<Longrightarrow> rec(p, a, \<lambda>u v. b(u,v)) : C(p)" and NEL: "\ \<And>u v. \<lbrakk>u: N; v: C(u)\<rbrakk> \<Longrightarrow> b(u,v) = d(u,v): C(succ(u))\<rbrakk> \<Longrightarrow> rec(p, a, \<lambda>u v. b(u,v)) = rec(q,c,d) : C(p)" and NC0: "\ \<Longrightarrow> rec(0, a, \<lambda>u v. b(u,v)) = a : C(0)" and NC_succ: "\ rec(succ(p), a, \<lambda>u v. b(u,v)) = b(p, rec(p, a, \<lambda>u v. b(u,v))) : C(succ(p))" and \<comment> \<open>The fourth Peano axiom. See page 91 of Martin-Löf's book.\<close> zero_ne_succ: "\ \<comment> \<open>The Product of a family of types\<close> ProdF: "\ ProdFL: "\ ProdI: "\ ProdIL: "\ \<^bold>\<lambda>x. b(x) = \<^bold>\<lambda>x. c(x) : \<Prod>x:A. B(x)" and ProdE: "\ ProdEL: "\ ProdC: "\ ProdC2: "\ \<comment> \<open>The Sum of a family of types\<close> SumF: "\ SumFL: "\ SumI: "\ SumIL: "\ SumE: "\ \<Longrightarrow> split(p, \<lambda>x y. c(x,y)) : C(p)" and SumEL: "\ \<And>x y. \<lbrakk>x:A; y:B(x)\<rbrakk> \<Longrightarrow> c(x,y)=d(x,y): C(<x,y>)\<rbrakk> \<Longrightarrow> split(p, \<lambda>x y. c(x,y)) = split(q, \<lambda>x y. d(x,y)) : C(p)" and SumC: "\ \<Longrightarrow> split(<a,b>, \<lambda>x y. c(x,y)) = c(a,b) : C(<a,b>)" and fst_def: "\ snd_def: "\ \<comment> \<open>The sum of two types\<close> PlusF: "\ PlusFL: "\ PlusI_inl: "\ PlusI_inlL: "\ PlusI_inr: "\ PlusI_inrL: "\ PlusE: "\ \<And>x. x:A \<Longrightarrow> c(x): C(inl(x)); \<And>y. y:B \<Longrightarrow> d(y): C(inr(y)) \<rbrakk> \<Longrightarrow> when(p, \<lambda>x. c(x) PlusEL: "\ \<And>x. x: A \<Longrightarrow> c(x) = e(x) : C(inl(x)); \<And>y. y: B \<Longrightarrow> d(y) = f(y) : C(inr(y))\<rbrakk> \<Longrightarrow> when(p, \<lambda>x. c(x), \<lambda>y. d(y)) = when(q, \<lambda>x. e(x), \<lambda>y PlusC_inl: "\ \<And>x. x:A \<Longrightarrow> c(x): C(inl(x)); \<And>y. y:B \<Longrightarrow> d(y): C(inr(y)) \<rbrakk> \<Longrightarrow> when(inl(a), \<lambda>x. c(x), \<lambda>y. d(y)) = c(a) : C(inl(a))" and PlusC_inr: "\ \<And>x. x:A \<Longrightarrow> c(x): C(inl(x)); \<And>y. y:B \<Longrightarrow> d(y): C(inr(y))\<rbrakk> \<Longrightarrow> when(inr(b), \<lambda>x. c(x), \<lambda>y. d(y)) = d(b) : C(inr(b))" and \<comment> \<open>The type \<open>Eq\<close>\<close> EqF: "\ EqFL: "\ EqI: "\ EqE: "\ \<comment> \<open>By equality of types, can prove \<open>C(p)\<close> from \<open>C(eq)\<close>, an eli EqC: "\ \<comment> \<open>The type \<open>F\<close>\<close> FF: "F type" and FE: "\ FEL: "\ \<comment> \<open>The type T\<close> \<comment> \<open>Martin-Löf's book (page 68) discusses elimination and computation. Elimination can be derived by computation and equality of types, but with an extra premise \<open>C(x)\<close> type \<open>x:T\<close>. Also computation can be derived from elimination.\<close> TF: "T type" and TI: "tt : T" and TE: "\ TEL: "\ TC: "\ subsection "Tactics and derived rules for Constructive Type Theory" text \<open>Formation rules.\<close> lemmas form_rls = NF ProdF SumF PlusF EqF FF TF and formL_rls = ProdFL SumFL PlusFL EqFL text \<open> Introduction rules. OMITTED: \<^item> \<open>EqI\<close>, because its premise is an \<open>eqelem\<close>, not an \<open>elem\<close> \<close> lemmas intr_rls = NI0 NI_succ ProdI SumI PlusI_inl PlusI_inr TI and intrL_rls = NI_succL ProdIL SumIL PlusI_inlL PlusI_inrL text \<open> Elimination rules. OMITTED: \<^item> \<open>EqE\<close>, because its conclusion is an \<open>eqelem\<close>, not an \<open>elem\<cl \<^item> \<open>TE\<close>, because it does not involve a constructor. \<close> lemmas elim_rls = NE ProdE SumE PlusE FE and elimL_rls = NEL ProdEL SumEL PlusEL FEL text \<open>OMITTED: \<open>eqC\<close> are \<open>TC\<close> because they make rewriting loop: \<ope lemmas comp_rls = NC0 NC_succ ProdC SumC PlusC_inl PlusC_inr text \<open>Rules with conclusion \<open>a:A\<close>, an elem judgement.\<close> lemmas element_rls = intr_rls elim_rls text \<open>Definitions are (meta)equality axioms.\<close> lemmas basic_defs = fst_def snd_def text \<open>Compare with standard version: \<open>B\<close> is applied to UNSIMPLIFIED expressio lemma SumIL2: "\ by (rule sym_elem) (rule SumIL; rule sym_elem) lemmas intrL2_rls = NI_succL ProdIL SumIL2 PlusI_inlL PlusI_inrL text \<open> Exploit \<open>p:Prod(A,B)\<close> to create the assumption \<open>z:B(a)\<close>. A more natural form of product elimination. \<close> lemma subst_prodE: assumes "p: Prod(A,B)" and "a: A" and "\ shows "c(p`a): C(p`a)" by (rule assms ProdE)+ subsection \<open>Tactics for type checking\<close> ML \<open> local fun is_rigid_elem (Const(\<^const_name>\<open>Elem\<close>,_) $ a $ _) = not(is_Var (head_of a)) | is_rigid_elem (Const(\<^const_name>\<open>Eqelem\<close>,_) $ a $ _ $ _) = not(is_Var (head_of a | is_rigid_elem (Const(\<^const_name>\<open>Type\<close>,_) $ a) = not(is_Var (head_of a)) | is_rigid_elem _ = false in (*Try solving a:A or a=b:A by assumption provided a is rigid!*) fun test_assume_tac ctxt = SUBGOAL (fn (prem, i) => if is_rigid_elem (Logic.strip_assums_concl prem) then assume_tac ctxt i else no_tac) fun ASSUME ctxt tf i = test_assume_tac ctxt i ORELSE tf i end \<close> text \<open> For simplification: type formation and checking, but no equalities between terms. \<close> lemmas routine_rls = form_rls formL_rls refl_type element_rls ML \<open> fun routine_tac rls ctxt prems = ASSUME ctxt (filt_resolve_from_net_tac ctxt 4 (Tactic.build_net (prems @ rls))); (*Solve all subgoals "A type" using formation rules. *) val form_net = Tactic.build_net @{thms form_rls}; fun form_tac ctxt = REPEAT_FIRST (ASSUME ctxt (filt_resolve_from_net_tac ctxt 1 form_net)); (*Type checking: solve a:A (a rigid, A flexible) by intro and elim rules. *) fun typechk_tac ctxt thms = let val tac = filt_resolve_from_net_tac ctxt 3 (Tactic.build_net (thms @ @{thms form_rls} @ @{thms element_rls})) in REPEAT_FIRST (ASSUME ctxt tac) end (*Solve a:A (a flexible, A rigid) by introduction rules. Cannot use stringtrees (filt_resolve_tac) since goals like ?a:SUM(A,B) have a trivial head-string *) fun intr_tac ctxt thms = let val tac = filt_resolve_from_net_tac ctxt 1 (Tactic.build_net (thms @ @{thms form_rls} @ @{thms intr_rls})) in REPEAT_FIRST (ASSUME ctxt tac) end (*Equality proving: solve a=b:A (where a is rigid) by long rules. *) fun equal_tac ctxt thms = REPEAT_FIRST (ASSUME ctxt (filt_resolve_from_net_tac ctxt 3 (Tactic.build_net (thms @ @{thms form_rls element_rls intrL_rls elimL_rls refl_elem})))) \<close> method_setup form = \<open>Scan.succeed (fn ctxt => SIMPLE_METHOD (form_tac ctxt))\<close> method_setup typechk = \<open>Attrib.thms >> (fn ths => fn ctxt => SIMPLE_METHOD (typechk_tac ctxt t method_setup intr = \<open>Attrib.thms >> (fn ths => fn ctxt => SIMPLE_METHOD (intr_tac ctxt ths))\<c method_setup equal = \<open>Attrib.thms >> (fn ths => fn ctxt => SIMPLE_METHOD (equal_tac ctxt ths)) subsection \<open>Simplification\<close> text \<open>To simplify the type in a goal.\<close> lemma replace_type: "\ apply (rule equal_types) apply (rule_tac [2] sym_type) apply assumption+ done text \<open>Simplify the parameter of a unary type operator.\<close> lemma subst_eqtyparg: assumes 1: "a=c : A" and 2: "\ shows "B(a) = B(c)" apply (rule subst_typeL) apply (rule_tac [2] refl_type) apply (rule 1) apply (erule 2) done text \<open>Simplification rules for Constructive Type Theory.\<close> lemmas reduction_rls = comp_rls [THEN trans_elem] ML \<open> (*Converts each goal "e : Eq(A,a,b)" into "a=b:A" for simplification. Uses other intro rules to avoid changing flexible goals.*) val eqintr_net = Tactic.build_net @{thms EqI intr_rls} fun eqintr_tac ctxt = REPEAT_FIRST (ASSUME ctxt (filt_resolve_from_net_tac ctxt 1 eqintr_net)) (** Tactics that instantiate CTT-rules. Vars in the given terms will be incremented! The (rtac EqE i) lets them apply to equality judgements. **) fun NE_tac ctxt sp i = TRY (resolve_tac ctxt @{thms EqE} i) THEN Rule_Insts.res_inst_tac ctxt [((("p", 0), Position.none), sp)] [] @{thm NE} i fun SumE_tac ctxt sp i = TRY (resolve_tac ctxt @{thms EqE} i) THEN Rule_Insts.res_inst_tac ctxt [((("p", 0), Position.none), sp)] [] @{thm SumE} i fun PlusE_tac ctxt sp i = TRY (resolve_tac ctxt @{thms EqE} i) THEN Rule_Insts.res_inst_tac ctxt [((("p", 0), Position.none), sp)] [] @{thm PlusE} i (** Predicate logic reasoning, WITH THINNING!! Procedures adapted from NJ. **) (*Finds f:Prod(A,B) and a:A in the assumptions, concludes there is z:B(a) *) fun add_mp_tac ctxt i = resolve_tac ctxt @{thms subst_prodE} i THEN assume_tac ctxt i THEN assume_tac ctxt i (*Finds P\<longrightarrow>Q and P in the assumptions, replaces implication by Q *) fun mp_tac ctxt i = eresolve_tac ctxt @{thms subst_prodE} i THEN assume_tac ctxt i (*"safe" when regarded as predicate calculus rules*) val safe_brls = sort (make_ord lessb) [ (true, @{thm FE}), (true,asm_rl), (false, @{thm ProdI}), (true, @{thm SumE}), (true, @{thm PlusE}) ] val unsafe_brls = [ (false, @{thm PlusI_inl}), (false, @{thm PlusI_inr}), (false, @{thm SumI}), (true, @{thm subst_prodE}) ] (*0 subgoals vs 1 or more*) val (safe0_brls, safep_brls) = List.partition (curry (op =) 0 o subgoals_of_brl) safe_brls fun safestep_tac ctxt thms i = form_tac ctxt ORELSE resolve_tac ctxt thms i ORELSE biresolve_tac ctxt safe0_brls i ORELSE mp_tac ctxt i ORELSE DETERM (biresolve_tac ctxt safep_brls i) fun safe_tac ctxt thms i = DEPTH_SOLVE_1 (safestep_tac ctxt thms i) fun step_tac ctxt thms = safestep_tac ctxt thms ORELSE' biresolve_tac ctxt unsafe_brls (*Fails unless it solves the goal!*) fun pc_tac ctxt thms = DEPTH_SOLVE_1 o (step_tac ctxt thms) \<close> method_setup eqintr = \<open>Scan.succeed (SIMPLE_METHOD o eqintr_tac)\<close> method_setup NE = \<open> Scan.lift Args.embedded_inner_syntax >> (fn s => fn ctxt => SIMPLE_METHOD' (NE_tac ctxt s)) \<close> method_setup pc = \<open>Attrib.thms >> (fn ths => fn ctxt => SIMPLE_METHOD' (pc_tac ctxt ths))\<clos method_setup add_mp = \<open>Scan.succeed (SIMPLE_METHOD' o add_mp_tac)\<close> ML_file \<open>rew.ML\<close> method_setup rew = \<open>Attrib.thms >> (fn ths => fn ctxt => SIMPLE_METHOD (rew_tac ctxt ths))\<clo method_setup hyp_rew = \<open>Attrib.thms >> (fn ths => fn ctxt => SIMPLE_METHOD (hyp_rew_tac ctxt t subsection \<open>The elimination rules for fst/snd\<close> lemma SumE_fst: "p : Sum(A,B) \ apply (unfold basic_defs) apply (erule SumE) apply assumption done text \<open>The first premise must be \<open>p:Sum(A,B)\<close>!!.\<close> lemma SumE_snd: assumes major: "p: Sum(A,B)" and "A type" and "\ shows "snd(p) : B(fst(p))" apply (unfold basic_defs) apply (rule major [THEN SumE]) apply (rule SumC [THEN subst_eqtyparg, THEN replace_type]) apply (typechk assms) done section \<open>The two-element type (booleans and conditionals)\<close> definition Bool :: "t" where "Bool \ definition true :: "i" where "true \ definition false :: "i" where "false \ definition cond :: "[i,i,i]\ where "cond(a,b,c) \ lemmas bool_defs = Bool_def true_def false_def cond_def subsection \<open>Derivation of rules for the type \<open>Bool\<close>\<close> text \<open>Formation rule.\<close> lemma boolF: "Bool type" unfolding bool_defs by typechk text \<open>Introduction rules for \<open>true\<close>, \<open>false\<close>.\<close> lemma boolI_true: "true : Bool" unfolding bool_defs by typechk lemma boolI_false: "false : Bool" unfolding bool_defs by typechk text \<open>Elimination rule: typing of \<open>cond\<close>.\<close> lemma boolE: "\ unfolding bool_defs apply (typechk; erule TE) apply typechk done lemma boolEL: "\ \<Longrightarrow> cond(p,a,b) = cond(q,c,d) : C(p)" unfolding bool_defs apply (rule PlusEL) apply (erule asm_rl refl_elem [THEN TEL])+ done text \<open>Computation rules for \<open>true\<close>, \<open>false\<close>.\<close> lemma boolC_true: "\ unfolding bool_defs apply (rule comp_rls) apply typechk apply (erule_tac [!] TE) apply typechk done lemma boolC_false: "\ unfolding bool_defs apply (rule comp_rls) apply typechk apply (erule_tac [!] TE) apply typechk done section \<open>Elementary arithmetic\<close> subsection \<open>Arithmetic operators and their definitions\<close> definition add :: "[i,i]\ where "a#+b \ definition diff :: "[i,i]\ where "a-b \ definition absdiff :: "[i,i]\ where "a|-|b \ definition mult :: "[i,i]\ where "a#*b \ definition mod :: "[i,i]\ where "a mod b \ definition div :: "[i,i]\ where "a div b \ lemmas arith_defs = add_def diff_def absdiff_def mult_def mod_def div_def subsection \<open>Proofs about elementary arithmetic: addition, multiplication, etc.\<clos subsubsection \<open>Addition\<close> text \<open>Typing of \<open>add\<close>: short and long versions.\<close> lemma add_typing: "\ unfolding arith_defs by typechk lemma add_typingL: "\ unfolding arith_defs by equal text \<open>Computation for \<open>add\<close>: 0 and successor cases.\<close> lemma addC0: "b:N \ unfolding arith_defs by rew lemma addC_succ: "\ unfolding arith_defs by rew subsubsection \<open>Multiplication\<close> text \<open>Typing of \<open>mult\<close>: short and long versions.\<close> lemma mult_typing: "\ unfolding arith_defs by (typechk add_typing) lemma mult_typingL: "\ unfolding arith_defs by (equal add_typingL) text \<open>Computation for \<open>mult\<close>: 0 and successor cases.\<close> lemma multC0: "b:N \ unfolding arith_defs by rew lemma multC_succ: "\ unfolding arith_defs by rew subsubsection \<open>Difference\<close> text \<open>Typing of difference.\<close> lemma diff_typing: "\ unfolding arith_defs by typechk lemma diff_typingL: "\ unfolding arith_defs by equal text \<open>Computation for difference: 0 and successor cases.\<close> lemma diffC0: "a:N \ unfolding arith_defs by rew text \<open>Note: \<open>rec(a, 0, \<lambda>z w.z)\<close> is \<open>pred(a).\<close>\<close> lemma diff_0_eq_0: "b:N \ unfolding arith_defs apply (NE b) apply hyp_rew done text \<open> Essential to simplify FIRST!! (Else we get a critical pair) \<open>succ(a) - succ(b)\<close> rewrites to \<open>pred(succ(a) - b)\<close>. \<close> lemma diff_succ_succ: "\ unfolding arith_defs apply hyp_rew apply (NE b) apply hyp_rew done subsection \<open>Simplification\<close> lemmas arith_typing_rls = add_typing mult_typing diff_typing and arith_congr_rls = add_typingL mult_typingL diff_typingL lemmas congr_rls = arith_congr_rls intrL2_rls elimL_rls lemmas arithC_rls = addC0 addC_succ multC0 multC_succ diffC0 diff_0_eq_0 diff_succ_succ ML \<open> structure Arith_simp = TSimpFun( val refl = @{thm refl_elem} val sym = @{thm sym_elem} val trans = @{thm trans_elem} val refl_red = @{thm refl_red} val trans_red = @{thm trans_red} val red_if_equal = @{thm red_if_equal} val default_rls = @{thms arithC_rls comp_rls} val routine_tac = routine_tac @{thms arith_typing_rls routine_rls} ) fun arith_rew_tac ctxt prems = make_rew_tac ctxt (Arith_simp.norm_tac ctxt (@{thms congr_rls}, prems)) fun hyp_arith_rew_tac ctxt prems = make_rew_tac ctxt (Arith_simp.cond_norm_tac ctxt (prove_cond_tac ctxt, @{thms congr_rls}, prems)) \<close> method_setup arith_rew = \<open> Attrib.thms >> (fn ths => fn ctxt => SIMPLE_METHOD (arith_rew_tac ctxt ths)) \<close> method_setup hyp_arith_rew = \<open> Attrib.thms >> (fn ths => fn ctxt => SIMPLE_METHOD (hyp_arith_rew_tac ctxt ths)) \<close> subsection \<open>Addition\<close> text \<open>Associative law for addition.\<close> lemma add_assoc: "\ apply (NE a) apply hyp_arith_rew done text \<open>Commutative law for addition. Can be proved using three inductions. Must simplify after first induction! Orientation of rewrites is delicate.\<close> lemma add_commute: "\ apply (NE a) apply hyp_arith_rew apply (rule sym_elem) prefer 2 apply (NE b) prefer 4 apply (NE b) apply hyp_arith_rew done subsection \<open>Multiplication\<close> text \<open>Right annihilation in product.\<close> lemma mult_0_right: "a:N \ apply (NE a) apply hyp_arith_rew done text \<open>Right successor law for multiplication.\<close> lemma mult_succ_right: "\ apply (NE a) apply (hyp_arith_rew add_assoc [THEN sym_elem]) apply (assumption | rule add_commute mult_typingL add_typingL intrL_rls refl_elem)+ done text \<open>Commutative law for multiplication.\<close> lemma mult_commute: "\ apply (NE a) apply (hyp_arith_rew mult_0_right mult_succ_right) done text \<open>Addition distributes over multiplication.\<close> lemma add_mult_distrib: "\ apply (NE a) apply (hyp_arith_rew add_assoc [THEN sym_elem]) done text \<open>Associative law for multiplication.\<close> lemma mult_assoc: "\ apply (NE a) apply (hyp_arith_rew add_mult_distrib) done subsection \<open>Difference\<close> text \<open> Difference on natural numbers, without negative numbers \<^item> \<open>a - b = 0\<close> iff \<open>a \<le> b\<close> \<^item> \<open>a - b = succ(c)\<close> iff \<open>a > b\<close> \<close> lemma diff_self_eq_0: "a:N \ apply (NE a) apply hyp_arith_rew done lemma add_0_right: "\ by (rule addC0 [THEN [3] add_commute [THEN trans_elem]]) text \<open> Addition is the inverse of subtraction: if \<open>b \<le> x\<close> then \<open>b #+ (x - b) = x\<close>. An example of induction over a quantified formula (a product). Uses rewriting with a quantified, implicative inductive hypothesis. \<close> schematic_goal add_diff_inverse_lemma: "b:N \ apply (NE b) \<comment> \<open>strip one "universal quantifier" but not the "implication"\<close> apply (rule_tac [3] intr_rls) \<comment> \<open>case analysis on \<open>x\<close> in \<open>succ(u) \<le> x \<longrightarrow> succ(u) # prefer 4 apply (NE x) apply assumption \<comment> \<open>Prepare for simplification of types -- the antecedent \<open>succ(u) \<le> x\<clos apply (rule_tac [2] replace_type) apply (rule_tac [1] replace_type) apply arith_rew \<comment> \<open>Solves first 0 goal, simplifies others. Two sugbgoals remain. Both follow by rewriting, (2) using quantified induction hyp.\<close> apply intr \<comment> \<open>strips remaining \<open>\<Prod>\<close>s\<close> apply (hyp_arith_rew add_0_right) apply assumption done text \<open> Version of above with premise \<open>b - a = 0\<close> i.e. \<open>a \<ge> b\<close>. Using @{thm ProdE} does not work -- for \<open>?B(?a)\<close> is ambiguous. Instead, @{thm add_diff_inverse_lemma} states the desired induction scheme; the use of \<open>THEN\<close> below instantiates Vars in @{thm ProdE} automatically. \<close> lemma add_diff_inverse: "\ apply (rule EqE) apply (rule add_diff_inverse_lemma [THEN ProdE, THEN ProdE]) apply (assumption | rule EqI)+ done subsection \<open>Absolute difference\<close> text \<open>Typing of absolute difference: short and long versions.\<close> lemma absdiff_typing: "\ unfolding arith_defs by typechk lemma absdiff_typingL: "\ unfolding arith_defs by equal lemma absdiff_self_eq_0: "a:N \ unfolding absdiff_def by (arith_rew diff_self_eq_0) lemma absdiffC0: "a:N \ unfolding absdiff_def by hyp_arith_rew lemma absdiff_succ_succ: "\ unfolding absdiff_def by hyp_arith_rew text \<open>Note how easy using commutative laws can be? ...not always...\<close> lemma absdiff_commute: "\ unfolding absdiff_def apply (rule add_commute) apply (typechk diff_typing) done text \<open>If \<open>a + b = 0\<close> then \<open>a = 0\<close>. Surprisingly tedious.\<close> schematic_goal add_eq0_lemma: "\ apply (NE a) apply (rule_tac [3] replace_type) apply arith_rew apply intr \<comment> \<open>strips remaining \<open>\<Prod>\<close>s\<close> apply (rule_tac [2] zero_ne_succ [THEN FE]) apply (erule_tac [3] EqE [THEN sym_elem]) apply (typechk add_typing) done text \<open> Version of above with the premise \<open>a + b = 0\<close>. Again, resolution instantiates variables in @{thm ProdE}. \<close> lemma add_eq0: "\ apply (rule EqE) apply (rule add_eq0_lemma [THEN ProdE]) apply (rule_tac [3] EqI) apply typechk done text \<open>Here is a lemma to infer \<open>a - b = 0\<close> and \<open>b - a = 0\<close> from \<open>a |-| b = 0\< schematic_goal absdiff_eq0_lem: "\ apply (unfold absdiff_def) apply intr apply eqintr apply (rule_tac [2] add_eq0) apply (rule add_eq0) apply (rule_tac [6] add_commute [THEN trans_elem]) apply (typechk diff_typing) done text \<open>If \<open>a |-| b = 0\<close> then \<open>a = b\<close> proof: \<open>a - b = 0\<close> and \<open>b - a = 0\<close>, so \<open>b = a + (b - a) = a + 0 = a\<close>. \<close> lemma absdiff_eq0: "\ apply (rule EqE) apply (rule absdiff_eq0_lem [THEN SumE]) apply eqintr apply (rule add_diff_inverse [THEN sym_elem, THEN trans_elem]) apply (erule_tac [3] EqE) apply (hyp_arith_rew add_0_right) done subsection \<open>Remainder and Quotient\<close> text \<open>Typing of remainder: short and long versions.\<close> lemma mod_typing: "\ unfolding mod_def by (typechk absdiff_typing) lemma mod_typingL: "\ unfolding mod_def by (equal absdiff_typingL) text \<open>Computation for \<open>mod\<close>: 0 and successor cases.\<close> lemma modC0: "b:N \ unfolding mod_def by (rew absdiff_typing) lemma modC_succ: "\ succ(a) mod b = rec(succ(a mod b) |-| b, 0, \<lambda>x y. succ(a mod b)) : N" unfolding mod_def by (rew absdiff_typing) text \<open>Typing of quotient: short and long versions.\<close> lemma div_typing: "\ unfolding div_def by (typechk absdiff_typing mod_typing) lemma div_typingL: "\ unfolding div_def by (equal absdiff_typingL mod_typingL) lemmas div_typing_rls = mod_typing div_typing absdiff_typing text \<open>Computation for quotient: 0 and successor cases.\<close> lemma divC0: "b:N \ unfolding div_def by (rew mod_typing absdiff_typing) lemma divC_succ: "\ succ(a) div b = rec(succ(a) mod b, succ(a div b), \<lambda>x y. a div b) : N" unfolding div_def by (rew mod_typing) text \<open>Version of above with same condition as the \<open>mod\<close> one.\<close> lemma divC_succ2: "\ succ(a) div b =rec(succ(a mod b) |-| b, succ(a div b), \<lambda>x y. a div b) : N" apply (rule divC_succ [THEN trans_elem]) apply (rew div_typing_rls modC_succ) apply (NE "succ (a mod b) |-|b") apply (rew mod_typing div_typing absdiff_typing) done text \<open>For case analysis on whether a number is 0 or a successor.\<close> lemma iszero_decidable: "a:N \ Eq(N,a,0) + (\<Sum>x:N. Eq(N,a, succ(x)))" apply (NE a) apply (rule_tac [3] PlusI_inr) apply (rule_tac [2] PlusI_inl) apply eqintr apply equal done text \<open>Main Result. Holds when \<open>b\<close> is 0 since \<open>a mod 0 = a\<close> and \<open>a div 0 lemma mod_div_equality: "\ apply (NE a) apply (arith_rew div_typing_rls modC0 modC_succ divC0 divC_succ2) apply (rule EqE) \<comment> \<open>case analysis on \<open>succ(u mod b) |-| b\<close>\<close> apply (rule_tac a1 = "succ (u mod b) |-| b" in iszero_decidable [THEN PlusE]) apply (erule_tac [3] SumE) apply (hyp_arith_rew div_typing_rls modC0 modC_succ divC0 divC_succ2) \<comment> \<open>Replace one occurrence of \<open>b\<close> by \<open>succ(u mod b)\<close>. Clumsy!\< apply (rule add_typingL [THEN trans_elem]) apply (erule EqE [THEN absdiff_eq0, THEN sym_elem]) apply (rule_tac [3] refl_elem) apply (hyp_arith_rew div_typing_rls) done end ¤ Dauer der Verarbeitung: 0.191 Sekunden (vorverarbeitet) ¤ |
Haftungshinweis
Die Informationen auf dieser Webseite wurden
nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit,
noch Qualität der bereit gestellten Informationen zugesichert.
Bemerkung:Die farbliche Syntaxdarstellung ist noch experimentell.Bot Zugriff |
