Interactive Formal Verification
11: Structured Induction Proofs
Tjark Weber
(Slides: Lawrence C Paulson)
Computer Laboratory
University of Cambridge
A Proof about Binary Trees
A Proof about Binary Trees
Must we copy each case
and such big contexts?
Finding Predefined Cases
Finding Predefined Cases
Built-in
cases
Finding Predefined Cases
Built-in
cases
name of
induction hyps
Finding Predefined Cases
abbreviation of conclusion
Built-in
cases
name of
induction hyps
The Finished Proof
The Finished Proof
the two cases
The Finished Proof
the two cases
instances of
the goal
The Finished Proof
the two cases
instances of
the goal
list of bound variables
The Finished Proof
the two cases
instances of
the goal
list of bound variables
Isabelle has proved the
induction step
A More Sophisticated Proof
A More Sophisticated Proof
a named induction rule
A More Sophisticated Proof
a named induction rule
an arbitrary variable
A More Sophisticated Proof
a named induction rule
an arbitrary variable
non-empty premises
Proving the Base Case
Proving the Base Case
“thus” makes the premise available
Proving the Base Case
“arbitrary” variables must be named!
“thus” makes the premise available
A Nested Case Analysis
A Nested Case Analysis
case analysis on this formula
A Nested Case Analysis
“arbitrary” variables must
(again) be named!
case analysis on this formula
The Complete Proof
The Complete Proof
true and
false cases
The Complete Proof
induction hypothesis and premise
true and
false cases
The Complete Proof
induction hypothesis and premise
the true case: B⊆A
true and
false cases
The Complete Proof
induction hypothesis and premise
the true case: B⊆A
true and
false cases
the false case: ¬ B⊆A
The Complete Proof
induction hypothesis and premise
the true case: B⊆A
true and
false cases
direct quotation of a fact
the false case: ¬ B⊆A
Which Theorems are Available?
Which Theorems are Available?
a recently proved fact
Which Theorems are Available?
a recently proved fact
the false case: ¬ B⊆A
Which Theorems are Available?
a recently proved fact
the false case: ¬ B⊆A
facts for the case insertI
Which Theorems are Available?
a recently proved fact
the false case: ¬ B⊆A
facts for the case insertI
separate hyps and
prems for insertI
Existential Claims: “obtain”
b dvd a
(∃k. a = b × k)
Existential Claims: “obtain”
to obtain variables
satisfying given properties,
b dvd a
(∃k. a = b × k)
Existential Claims: “obtain”
to obtain variables
satisfying given properties,
... Isabelle needs to
prove an elimination rule
b dvd a
(∃k. a = b × k)
Continuing the Proof
Continuing the Proof
we now have the
key property of j
The Finished Proof
The Finished Proof
removing k from
the equality
Introducing “then”
Introducing “then”
includes facts from the previous step
Introducing “then”
includes facts from the previous step
here, the induction context
Another Example of “obtain”
(map f xs = y#ys)
(∃z zs. xs = z#zs & f z = y & map f zs = ys)
Another Example of “obtain”
we “obtain” two quantities
(map f xs = y#ys)
(∃z zs. xs = z#zs & f z = y & map f zs = ys)
Facts from Two Sources
Facts from Two Sources
the effect of “then”
Facts from Two Sources
the effect of “then”
the effect of “using”
Finishing Up
Finishing Up
a direct use of the
induction hypothesis
Finishing Up
a direct use of the
induction hypothesis
“then” / “using” again!
The Complete Proof
The Complete Proof
“then have” = “hence”
The Complete Proof
“then have” = “hence”
“then show” = “thus”
Additional Proof Structures
Additional Proof Structures
from 〈facts〉 ... = ... using 〈facts〉
Additional Proof Structures
from 〈facts〉 ... = ... using 〈facts〉
with 〈facts〉 ... = then from 〈facts〉...
Additional Proof Structures
from 〈facts〉 ... = ... using 〈facts〉
with 〈facts〉 ... = then from 〈facts〉...
(where ... is have / show / obtain)