I want to match and remove those elements in l :: 'a list that match the predicate P :: ('a => bool)
What is the best way to accomplish such a task? How can I find out about existing functions that might help me?
One way to find functions you expect to exist is the document What's in Main from the Isabelle documentation. It gives a quick overview of the main types, functions and syntax provided by the theory Main of Isabelle/HOL.
If you look at the List section in ths document, you find the function filter which seems to have the correct type.
Short Story: Use find_consts
Long Story:
This a How-To to conquer such problems.
In Main, there is List.dropWhile
List.dropWhile :: "('a => bool) => 'a list => 'a list"
However, it only removes from the beginning. This may not be the intended function.
value "List.dropWhile (λ x. x = ''c'') [''c'', ''c'', ''d'']"
"[''d'']"
value "List.dropWhile (λ x. x = ''c'') [''d'', ''c'', ''c'']"
"[''d'', ''c'', ''c'']"
Manual Approach
We can write a function ourselves which removes all occurrences
fun dropAll :: "('a => bool) => 'a list => 'a list" where
"dropAll P [] = []"
| "dropAll P (x # xs) = (if P x then dropAll P xs else x # (dropAll P xs))"
Searching the Library
However, this function is equivalent to filtering with ¬ P
How can we find such library functions?
If we know the signature of what we want to do, we can use find_consts
find_consts "('a ⇒ bool) ⇒ 'a list ⇒ 'a list"
It returns 3 functions from Main, with that signature: List.dropWhile, List.filter, List.takeWhile
Now, let's show that we don't need dropAll but can do the same with filter.
lemma "dropAll P l = filter (λ x. ¬ P x) l"
apply(induction l)
by simp_all
It is advisable not to implement things like dropAllyourself but rather use filter. Thus, all lemmata proven for filter are usable.
Hints
Hint: we can use the convenient list comprehension syntax to write e.g. filter expressions
lemma "filter (λ x. ¬ P x) l = [x ← l. ¬ P x]" by simp
Related
I made this:
abbreviation "preimage f y ≡ { x . f x = y }"
Isn't there a built-in definition I could be using instead? How would I find that?
f -` {a}
aka
vimage f {a}
I found by searching for theorems with the name image in it and hoping to find the right one with the symbol:
find_theorems name:image
I was lucky enough that it appeared in the first theorems... In general, a better approach is have an idea of the type and use find_consts:
find_consts "('a ⇒ 'b) ⇒ 'b set ⇒ 'a set"
For a uni project I'm working on a proof with Iabelle/HOL 2018. I'm getting an error when applying obvious results. However, this error is not stating anything about what is going wrong.
At first I thought it was an unification problem. But when I simplified it turned out to be a behavior I totally don't understand.
I have a minimal example which is as follows:
I define proposition formulas as type1 and then I have a tail-recursive function that simply collects each sub formula. There are probably better ways to do that. I just tried to replicate the error in the easiest way possible. Then I want to show a simple equality (I have proven that in my code, here I just simplify by "sorry") and then I want to use that fact in some other proof, however it doesn't seem to apply the proven fact, even though I added it to the simp set. Even, directly applying it doesn't work for me.
Here is the Code:
theory test
imports Main
begin
datatype 'a type1 =
Bot
| Atm 'a
| Neg "'a type1"
| Imp "'a type1" "'a type1"
fun func :: "'a type1 ⇒ ('a type1) list list ⇒ ('a type1) list list"
where
"func Bot acc = acc"
| "func (Atm p) acc = acc"
| "func (Neg p) acc = func p ([Neg p] # acc)"
| "func (Imp p q) acc = func q (func p ([Imp p q] # acc))"
lemma lemma1 [simp]:
"func p acc = func p [] # acc"
sorry
lemma lemma2:
"func p acc = func p acc"
proof -
have "func p acc = func p [] # acc" by auto
show ?thesis sorry
qed
end
In my opinion this should be no problem. However, in the first line of the proof of lemma2 I get an error. But there is no explanation to the error such as "failed to finish proof" or anything similar.
Does anyone know what I'm doing wrong? Or did anyone have similar problems or behavior?
Quoting from the book 'A Proof Assistant for Higher-Order Logic': "In its most basic form, simplification means the repeated application of equations from left to right ... Only equations that really simplify, like rev (rev xs) = xs and xs # [] = xs, should be declared as default simplification rules." (there are other valuable resources that explain this issue, e.g. the official Isabelle/Isar reference manual or the textbook 'Concrete Semantics with Isabelle/HOL'). Therefore, lemma1 is not a good choice for a default simplification rule and adding it to the simpset can lead to nontermination, as your example demonstrates.
If you would like to use lemma1 in another proof, perhaps, you can use something similar to
have "func p acc = func p [] # acc by (rule lemma1)"
or merely rewrite the simp rule as
func p [] # acc = func p acc.
However, in general, you need to be very careful when introducing new simp rules, especially in the global theory context.
What is the easiest way to generate code for a sorting algorithm that sorts its argument in reverse order, while building on top of the existing List.sort?
I came up with two solutions that are shown below in my answer. But both of them are not really satisfactory.
Any other ideas how this could be done?
I came up with two possible solutions. But both have (severe) drawbacks. (I would have liked to obtain the result almost automatically.)
Introduce a Haskell-style newtype. E.g., if we wanted to sort lists of nats, something like
datatype 'a new = New (old : 'a)
instantiation new :: (linorder) linorder
begin
definition "less_eq_new x y ⟷ old x ≥ old y"
definition "less_new x y ⟷ old x > old y"
instance by (default, case_tac [!] x) (auto simp: less_eq_new_def less_new_def)
end
At this point
value [code] "sort_key New [0::nat, 1, 0, 0, 1, 2]"
yields the desired reverse sorting. While this is comparatively easy, it is not as automatic as I would like the solution to be and in addition has a small runtime overhead (since Isabelle doesn't have Haskell's newtype).
Via a locale for the dual of a linear order. First we more or less copy the existing code for insertion sort (but instead of relying on a type class, we make the parameter that represents the comparison explicit).
fun insort_by_key :: "('b ⇒ 'b ⇒ bool) ⇒ ('a ⇒ 'b) ⇒ 'a ⇒ 'a list ⇒ 'a list"
where
"insort_by_key P f x [] = [x]"
| "insort_by_key P f x (y # ys) =
(if P (f x) (f y) then x # y # ys else y # insort_by_key P f x ys)"
definition "revsort_key f xs = foldr (insort_by_key (op ≥) f) xs []"
at this point we have code for revsort_key.
value [code] "revsort_key id [0::nat, 1, 0, 0, 1, 2]"
but we also want all the nice results that have already been proved in the linorder locale (that derives from the linorder class). To this end, we introduce the dual of a linear order and use a "mixin" (not sure if I'm using the correct naming here) to replace all occurrences of linorder.sort_key (which does not allow for code generation) by our new "code constant" revsort_key.
interpretation dual_linorder!: linorder "op ≥ :: 'a::linorder ⇒ 'a ⇒ bool" "op >"
where
"linorder.sort_key (op ≥ :: 'a ⇒ 'a ⇒ bool) f xs = revsort_key f xs"
proof -
show "class.linorder (op ≥ :: 'a ⇒ 'a ⇒ bool) (op >)" by (rule dual_linorder)
then interpret rev_order: linorder "op ≥ :: 'a ⇒ 'a ⇒ bool" "op >" .
have "rev_order.insort_key f = insort_by_key (op ≥) f"
by (intro ext) (induct_tac xa; simp)
then show "rev_order.sort_key f xs = revsort_key f xs"
by (simp add: rev_order.sort_key_def revsort_key_def)
qed
While with this solution we do not have any runtime penalty, it is far too verbose for my taste and is not easily adaptable to changes in the standard code setup (e.g., if we wanted to use the mergesort implementation from the Archive of Formal Proofs for all of our sorting operations).
Up until several days ago, I always defined a type, and then proved theorems directly about the type. Now I'm trying to use type classes.
Problem
The problem is that I can't instantiate cNAT for my type myD below, and it appears it's because simp has no effect on the abstract function cNAT, which I've made concrete with my primrec function cNAT_myD. I can only guess what's happening because of the automation that happens after instance proof.
Questions
Q1: Below, at the statement instantiation myD :: (type) cNAT, can you tell me how to finish the proof, and why I can prove the following theorem, but not the type class proof, which requires injective?
theorem dNAT_1_to_1: "(dNAT n = dNAT m) ==> n = m"
assumes injective: "(cNAT n = cNAT m) ==> n = m"
Q2: This is not as important, but at the bottom is this statement:
instantiation myD :: (type) cNAT2
It involves another way I was trying to instantiate cNAT. Can you tell me why I get Failed to refine any pending goal at shows? I put some comments in the source to explain some of what I did to set it up. I used this slightly modified formula for the requirement injective:
assumes injective: "!!n m. (cNAT2 n = cNAT2 m) --> n = m"
Specifics
My contrived datatype is this, which may be useful to me someday: (Update: Well, for another example maybe. A good mental exercise is for me to try and figure out how I can actually get something inside a 'a myD list, other than []. With BNF, something like datatype_new 'a myD = myS "'a myD fset" gives me the warning that there's an unused type variable on the right-hand side)
datatype 'a myD = myL "'a myD list"
The type class is this, which requires an injective function from nat to 'a:
class cNAT =
fixes cNAT :: "nat => 'a"
assumes injective: "(cNAT n = cNAT m) ==> n = m"
dNAT: this non-type class version of cNAT works
fun get_myL :: "'a myD => 'a myD list" where
"get_myL (myL L) = L"
primrec dNAT :: "nat => 'a myD" where
"dNAT 0 = myL []"
|"dNAT (Suc n) = myL (myL [] # get_myL(dNAT n))"
fun myD2nat :: "'a myD => nat" where
"myD2nat (myL []) = 0"
|"myD2nat (myL (x # xs)) = Suc(myD2nat (myL xs))"
theorem left_inverse_1 [simp]:
"myD2nat(dNAT n) = n"
apply(induct n, auto)
by(metis get_myL.cases get_myL.simps)
theorem dNAT_1_to_1:
"(dNAT n = dNAT m) ==> n = m"
apply(induct n)
apply(simp) (*
The simp method expanded dNAT.*)
apply(metis left_inverse_1 myD2nat.simps(1))
by (metis left_inverse_1)
cNAT: type class version that I can't instantiate
instantiation myD :: (type) cNAT
begin
primrec cNAT_myD :: "nat => 'a myD" where
"cNAT_myD 0 = myL []"
|"cNAT_myD (Suc n) = myL (myL [] # get_myL(cNAT_myD n))"
instance
proof
fix n m :: nat
show "cNAT n = cNAT m ==> n = m"
apply(induct n)
apply(simp) (*
The simp method won't expand cNAT to cNAT_myD's definition.*)
by(metis injective)+ (*
Metis proved it without unfolding cNAT_myD. It's useless. Goals always remain,
and the type variables in the output panel are all weird.*)
oops
end
cNAT2: Failed to refine any pending goal at show
(*I define a variation of `injective` in which the `assumes` definition, the
goal, and the `show` statement are exactly the same, and that strange `fails
to refine any pending goal shows up.*)
class cNAT2 =
fixes cNAT2 :: "nat => 'a"
assumes injective: "!!n m. (cNAT2 n = cNAT2 m) --> n = m"
instantiation myD :: (type) cNAT2
begin
primrec cNAT2_myD :: "nat => 'a myD" where
"cNAT2_myD 0 = myL []"
|"cNAT2_myD (Suc n) = myL (myL [] # get_myL(cNAT2_myD n))"
instance
proof (*
goal: !!n m. cNAT2 n = cNAT2 m --> n = m.*)
show
"!!n m. cNAT2 n = cNAT2 m --> n = m"
(*Failed to refine any pending goal
Local statement fails to refine any pending goal
Failed attempt to solve goal by exported rule:
cNAT2 (n::nat) = cNAT2 (m::nat) --> n = m *)
Your function cNAT is polymorphic in its result type, but the type variable does not appear among the parameters. This often causes type inference to compute a type which is more general than you want. In your case for cNAT, Isabelle infers for the two occurrences of cNAT in the show statement the type nat => 'b for some 'b of sort cNAT, but their type in the goal is nat => 'a myD. You can see this in jEdit by Ctrl-hovering over the cNAT occurrences to inspect the types. In ProofGeneral, you can enable printing of types with using [[show_consts]].
Therefore, you have to explicitly constrain types in the show statement as follows:
fix n m
assume "(cNAT n :: 'a myD) = cNAT m"
then show "n = m"
Note that it is usually not a good idea to use Isabelle's meta-connectives !! and ==> inside a show statement, you better rephrase them using fix/assume/show.
I want to create a definition which has a tuple as its argument.
definition my_def :: "('a × 'a) ⇒ bool" where
"my_def (a, b) ⟷ a = b"
However, this is not accepted. The error message is
Bad arguments on lhs: "(a, b)"
The error(s) above occurred in definition:
"my_def (a, b) ≡ a = b"
Using fun instead of definition works but this is not what I want. The following notation also works but is somewhat ugly:
definition my_def :: "('a × 'a) ⇒ bool" where
"my_def t ⟷ fst t = snd t"
What is the best way to use tuples as arguments in a definition?
Using fun is probably the least painful way to do this, the definition package doesn't recognise patterns on the left hand side.
Another option is to use tuple patterns for lambda expressions:
my_def ≡ %(a,b). a = b