%

\begin{isabellebody}%

\def\isabellecontext{Nested{\isadigit{2}}}%

\isanewline

\isamarkupfalse%

\isacommand{lemma}\ {\isacharbrackleft}simp{\isacharbrackright}{\isacharcolon}\ {\isachardoublequote}t\ {\isasymin}\ set\ ts\ {\isasymlongrightarrow}\ size\ t\ {\isacharless}\ Suc{\isacharparenleft}term{\isacharunderscore}list{\isacharunderscore}size\ ts{\isacharparenright}{\isachardoublequote}\isanewline

\isamarkupfalse%

\isacommand{by}{\isacharparenleft}induct{\isacharunderscore}tac\ ts{\isacharcomma}\ auto{\isacharparenright}\isamarkupfalse%

\isamarkupfalse%

%

\begin{isamarkuptext}%

\noindent

By making this theorem a simplification rule, \isacommand{recdef}

applies it automatically and the definition of \isa{trev}

succeeds now. As a reward for our effort, we can now prove the desired

lemma directly.  We no longer need the verbose

induction schema for type \isa{term} and can use the simpler one arising from

\isa{trev}:%

\end{isamarkuptext}%

\isamarkuptrue%

\isacommand{lemma}\ {\isachardoublequote}trev{\isacharparenleft}trev\ t{\isacharparenright}\ {\isacharequal}\ t{\isachardoublequote}\isanewline

\isamarkupfalse%

\isacommand{apply}{\isacharparenleft}induct{\isacharunderscore}tac\ t\ rule{\isacharcolon}\ trev{\isachardot}induct{\isacharparenright}\isamarkupfalse%

%

\begin{isamarkuptxt}%

\begin{isabelle}%

\ {\isadigit{1}}{\isachardot}\ {\isasymAnd}x{\isachardot}\ trev\ {\isacharparenleft}trev\ {\isacharparenleft}Var\ x{\isacharparenright}{\isacharparenright}\ {\isacharequal}\ Var\ x\isanewline

\ {\isadigit{2}}{\isachardot}\ {\isasymAnd}f\ ts{\isachardot}\isanewline

\isaindent{\ {\isadigit{2}}{\isachardot}\ \ \ \ }{\isasymforall}x{\isachardot}\ x\ {\isasymin}\ set\ ts\ {\isasymlongrightarrow}\ trev\ {\isacharparenleft}trev\ x{\isacharparenright}\ {\isacharequal}\ x\ {\isasymLongrightarrow}\isanewline

\isaindent{\ {\isadigit{2}}{\isachardot}\ \ \ \ }trev\ {\isacharparenleft}trev\ {\isacharparenleft}App\ f\ ts{\isacharparenright}{\isacharparenright}\ {\isacharequal}\ App\ f\ ts%

\end{isabelle}

Both the base case and the induction step fall to simplification:%

\end{isamarkuptxt}%

\isamarkuptrue%

\isacommand{by}{\isacharparenleft}simp{\isacharunderscore}all\ add{\isacharcolon}\ rev{\isacharunderscore}map\ sym{\isacharbrackleft}OF\ map{\isacharunderscore}compose{\isacharbrackright}\ cong{\isacharcolon}\ map{\isacharunderscore}cong{\isacharparenright}\isamarkupfalse%

%

\begin{isamarkuptext}%

\noindent

If the proof of the induction step mystifies you, we recommend that you go through

the chain of simplification steps in detail; you will probably need the help of

\isa{trace{\isacharunderscore}simp}. Theorem \isa{map{\isacharunderscore}cong} is discussed below.

%\begin{quote}

%{term[display]"trev(trev(App f ts))"}\\

%{term[display]"App f (rev(map trev (rev(map trev ts))))"}\\

%{term[display]"App f (map trev (rev(rev(map trev ts))))"}\\

%{term[display]"App f (map trev (map trev ts))"}\\

%{term[display]"App f (map (trev o trev) ts)"}\\

%{term[display]"App f (map (%x. x) ts)"}\\

%{term[display]"App f ts"}

%\end{quote}

The definition of \isa{trev} above is superior to the one in

\S\ref{sec:nested-datatype} because it uses \isa{rev}

and lets us use existing facts such as \hbox{\isa{rev\ {\isacharparenleft}rev\ xs{\isacharparenright}\ {\isacharequal}\ xs}}.

Thus this proof is a good example of an important principle:

\begin{quote}

\emph{Chose your definitions carefully\\

because they determine the complexity of your proofs.}

\end{quote}

Let us now return to the question of how \isacommand{recdef} can come up with

sensible termination conditions in the presence of higher-order functions

like \isa{map}. For a start, if nothing were known about \isa{map}, then

\isa{map\ trev\ ts} might apply \isa{trev} to arbitrary terms, and thus

\isacommand{recdef} would try to prove the unprovable \isa{size\ t\ {\isacharless}\ Suc\ {\isacharparenleft}term{\isacharunderscore}list{\isacharunderscore}size\ ts{\isacharparenright}}, without any assumption about \isa{t}.  Therefore

\isacommand{recdef} has been supplied with the congruence theorem

\isa{map{\isacharunderscore}cong}:

\begin{isabelle}%

\ \ \ \ \ {\isasymlbrakk}xs\ {\isacharequal}\ ys{\isacharsemicolon}\ {\isasymAnd}x{\isachardot}\ x\ {\isasymin}\ set\ ys\ {\isasymLongrightarrow}\ f\ x\ {\isacharequal}\ g\ x{\isasymrbrakk}\isanewline

\isaindent{\ \ \ \ \ }{\isasymLongrightarrow}\ map\ f\ xs\ {\isacharequal}\ map\ g\ ys%

\end{isabelle}

Its second premise expresses that in \isa{map\ f\ xs},

function \isa{f} is only applied to elements of list \isa{xs}.  Congruence

rules for other higher-order functions on lists are similar.  If you get

into a situation where you need to supply \isacommand{recdef} with new

congruence rules, you can append a hint after the end of

the recursion equations:\cmmdx{hints}%

\end{isamarkuptext}%

\isamarkuptrue%

\isamarkupfalse%

{\isacharparenleft}\isakeyword{hints}\ recdef{\isacharunderscore}cong{\isacharcolon}\ map{\isacharunderscore}cong{\isacharparenright}\isamarkupfalse%

%

\begin{isamarkuptext}%

\noindent

Or you can declare them globally

by giving them the \attrdx{recdef_cong} attribute:%

\end{isamarkuptext}%

\isamarkuptrue%

\isacommand{declare}\ map{\isacharunderscore}cong{\isacharbrackleft}recdef{\isacharunderscore}cong{\isacharbrackright}\isamarkupfalse%

%

\begin{isamarkuptext}%

The \isa{cong} and \isa{recdef{\isacharunderscore}cong} attributes are

intentionally kept apart because they control different activities, namely

simplification and making recursive definitions.

%The simplifier's congruence rules cannot be used by recdef.

%For example the weak congruence rules for if and case would prevent

%recdef from generating sensible termination conditions.%

\end{isamarkuptext}%

\isamarkuptrue%

\isamarkupfalse%

\end{isabellebody}%

%%% Local Variables:

%%% mode: latex

%%% TeX-master: "root"

%%% End: