(*<*)

theory simplification = Main:;

(*>*)

text{*

Once we have succeeded in proving all termination conditions, the recursion

equations become simplification rules, just as with

\isacommand{primrec}. In most cases this works fine, but there is a subtle

problem that must be mentioned: simplification may not

terminate because of automatic splitting of \isa{if}.

Let us look at an example:

*}

consts gcd :: "nat*nat \\<Rightarrow> nat";

recdef gcd "measure (\\<lambda>(m,n).n)"

  "gcd (m, n) = (if n=0 then m else gcd(n, m mod n))";

text{*\noindent

According to the measure function, the second argument should decrease with

each recursive call. The resulting termination condition

*}

(*<*)term(*>*) "n \\<noteq> 0 \\<Longrightarrow> m mod n < n";

text{*\noindent

is provded automatically because it is already present as a lemma in the

arithmetic library. Thus the recursion equation becomes a simplification

rule. Of course the equation is nonterminating if we are allowed to unfold

the recursive call inside the \isa{else} branch, which is why programming

languages and our simplifier don't do that. Unfortunately the simplifier does

something else which leads to the same problem: it splits \isa{if}s if the

condition simplifies to neither \isa{True} nor \isa{False}. For

example, simplification reduces

*}

(*<*)term(*>*) "gcd(m,n) = k";

text{*\noindent

in one step to

*}

(*<*)term(*>*) "(if n=0 then m else gcd(n, m mod n)) = k";

text{*\noindent

where the condition cannot be reduced further, and splitting leads to

*}

(*<*)term(*>*) "(n=0 \\<longrightarrow> m=k) \\<and> (n\\<noteq>0 \\<longrightarrow> gcd(n, m mod n)=k)";

text{*\noindent

Since the recursive call \isa{gcd(n, m mod n)} is no longer protected by

an \isa{if}, it is unfolded again, which leads to an infinite chain of simplification steps.

Fortunately, this problem can be avoided in many different ways.

The most radical solution is to disable the offending

\isa{split_if} as shown in the section on case splits in

\S\ref{sec:SimpFeatures}.

However, we do not recommend this because it means you will often have to

invoke the rule explicitly when \isa{if} is involved.

If possible, the definition should be given by pattern matching on the left

rather than \isa{if} on the right. In the case of \isa{gcd} the

following alternative definition suggests itself:

*}

consts gcd1 :: "nat*nat \\<Rightarrow> nat";

recdef gcd1 "measure (\\<lambda>(m,n).n)"

  "gcd1 (m, 0) = m"

  "gcd1 (m, n) = gcd1(n, m mod n)";

text{*\noindent

Note that the order of equations is important and hides the side condition

\isa{n \isasymnoteq\ 0}. Unfortunately, in general the case distinction

may not be expressible by pattern matching.

A very simple alternative is to replace \isa{if} by \isa{case}, which

is also available for \isa{bool} but is not split automatically:

*}

consts gcd2 :: "nat*nat \\<Rightarrow> nat";

recdef gcd2 "measure (\\<lambda>(m,n).n)"

  "gcd2(m,n) = (case n=0 of True \\<Rightarrow> m | False \\<Rightarrow> gcd2(n,m mod n))";

text{*\noindent

In fact, this is probably the neatest solution next to pattern matching.

A final alternative is to replace the offending simplification rules by

derived conditional ones. For \isa{gcd} it means we have to prove

*}

lemma [simp]: "gcd (m, 0) = m";

by(simp);

lemma [simp]: "n \\<noteq> 0 \\<Longrightarrow> gcd(m, n) = gcd(n, m mod n)";

by(simp);

text{*\noindent

after which we can disable the original simplification rule:

*}

lemmas [simp del] = gcd.simps;

(*<*)

end

(*>*)