isabelle

Make automatic termination proof use different size function

南笙酒味 提交于 2019-12-01 04:48:18
问题 I have written a custom size function size2 for my datatype. Using this function I can manually prove the termination of my function: termination apply (relation "measure (λ(a,b,c). size2 c)") apply auto done Is there a way to make fun use my alternative size function for the automatic termination proof? 回答1: A function f can be registered as a measure function for the termination prover by declaring the lemma is_measure f with the attribute measure_function . In your case, this looks as

proof (rule disjE) for nested disjunction

馋奶兔 提交于 2019-12-01 04:20:37
In Isar-style Isabelle proofs, this works nicely: from `a ∨ b` have foo proof assume a show foo sorry next assume b show foo sorry qed The implicit rule called by proof here is rule conjE . But what should I put there to make it work for more than just one disjunction: from `a ∨ b ∨ c` have foo proof(?) assume a show foo sorry next assume b show foo sorry next assume c show foo sorry qed While writing the question, I had an idea, and it turns out to be what I want: from `a ∨ b ∨ c` have foo proof(elim disjE) assume a show foo sorry next assume b show foo sorry next assume c show foo sorry qed

Nested recursion and `Program Fixpoint` or `Function`

送分小仙女□ 提交于 2019-11-30 14:02:21
I’d like to define the following function using Program Fixpoint or Function in Coq: Require Import Coq.Lists.List. Import ListNotations. Require Import Coq.Program.Wf. Require Import Recdef. Inductive Tree := Node : nat -> list Tree -> Tree. Fixpoint height (t : Tree) : nat := match t with | Node x ts => S (fold_right Nat.max 0 (map height ts)) end. Program Fixpoint mapTree (f : nat -> nat) (t : Tree) {measure (height t)} : Tree := match t with Node x ts => Node (f x) (map (fun t => mapTree f t) ts) end. Next Obligation. Unfortunately, at this point I have a proof obligation height t < height

What are the strengths and weaknesses of the Isabelle proof assistant compared to Coq?

人盡茶涼 提交于 2019-11-29 19:56:35
Does Isabelle/HOL proof assistant have any weaknesses and strengths compared to Coq? I am mostly familiar with Coq, and do not have much experience with Isabelle/HOL, but I might be able to help a little bit. Perhaps others with more experience on Isabelle/HOL can help improve this. There are two big points of divergence between the two systems: the underlying theories and the style of interaction . I'll try to give a brief overview of the main differences in each case. Theories Both Coq and Isabelle/HOL are based on powerful, very expressive higher-order logics. These logics, however, differ

What is an Isabelle/HOL subtype? What Isar commands produce subtypes?

时光总嘲笑我的痴心妄想 提交于 2019-11-29 06:52:47
I'd like to know about Isabelle/HOL subtypes. I explain a little about why it's important to me in my partial answer to my last SO question: Trying to Treat Type Classes and Sub-types Like Sets and Subsets Basically, I only have one type, so it might be useful to me if I could exploit the power of HOL types through subtypes. I've done searches in the Isabelle documentation, on the Web, and on the Isabelle mailing lists. The word "subtype" is used, though not much, and it seems like it's not a super important part of the Isabelle vocabulary. Partly, I'd just like to know how to use the word

Why won't Isabelle simplify the body of my “if _ then _ else” construct?

瘦欲@ 提交于 2019-11-28 00:30:50
问题 I have the following Isabelle goal: lemma "⟦ if foo then a ≠ a else b ≠ b ⟧ ⟹ False" None of the tactics simp , fast , clarsimp , blast , fastforce , etc. make any progress on the goal, despite it being quite simple. Why doesn't Isabelle just simplify the body of the if construct so that both "a ≠ a" and "b ≠ b" become False , and hence solve the goal? 回答1: The if_weak_cong congruence rule By default, Isabelle includes a set of "congruence rules" that affect where simplification takes place.
订阅 isabelle