(*<*)

 theory simplification = Main:;

 (*>*)

 text{*

 Once we have succeeded in proving all termination conditions, the recursion

 equations become simplification rules, just as with

 \isacommand{primrec}. In most cases this works fine, but there is a subtle

 problem that must be mentioned: simplification may not

 terminate because of automatic splitting of @{name"if"}.

 Let us look at an example:

 *}

 consts gcd :: "nat*nat \\<Rightarrow> nat";

 recdef gcd "measure (\\<lambda>(m,n).n)"

   "gcd (m, n) = (if n=0 then m else gcd(n, m mod n))";

 text{*\noindent

 According to the measure function, the second argument should decrease with

 each recursive call. The resulting termination condition

 \begin{quote}

 @{term[display]"n ~= 0 ==> m mod n < n"}

 \end{quote}

 is provded automatically because it is already present as a lemma in the

 arithmetic library. Thus the recursion equation becomes a simplification

 rule. Of course the equation is nonterminating if we are allowed to unfold

 the recursive call inside the @{name"if"} branch, which is why programming

 languages and our simplifier don't do that. Unfortunately the simplifier does

 something else which leads to the same problem: it splits @{name"if"}s if the

 condition simplifies to neither @{term"True"} nor @{term"False"}. For

 example, simplification reduces

 \begin{quote}

 @{term[display]"gcd(m,n) = k"}

 \end{quote}

 in one step to

 \begin{quote}

 @{term[display]"(if n=0 then m else gcd(n, m mod n)) = k"}

 \end{quote}

 where the condition cannot be reduced further, and splitting leads to

 \begin{quote}

 @{term[display]"(n=0 --> m=k) & (n ~= 0 --> gcd(n, m mod n)=k)"}

 \end{quote}

 Since the recursive call @{term"gcd(n, m mod n)"} is no longer protected by

 an @{name"if"}, it is unfolded again, which leads to an infinite chain of

 simplification steps. Fortunately, this problem can be avoided in many

 different ways.

 The most radical solution is to disable the offending \@{name"split_if"} as

 shown in the section on case splits in \S\ref{sec:Simplification}.  However,

 we do not recommend this because it means you will often have to invoke the

 rule explicitly when @{name"if"} is involved.

 If possible, the definition should be given by pattern matching on the left

 rather than @{name"if"} on the right. In the case of @{term"gcd"} the

 following alternative definition suggests itself:

 *}

 consts gcd1 :: "nat*nat \\<Rightarrow> nat";

 recdef gcd1 "measure (\\<lambda>(m,n).n)"

   "gcd1 (m, 0) = m"

   "gcd1 (m, n) = gcd1(n, m mod n)";

 text{*\noindent

 Note that the order of equations is important and hides the side condition

 @{prop"n ~= 0"}. Unfortunately, in general the case distinction

 may not be expressible by pattern matching.

 A very simple alternative is to replace @{name"if"} by @{name"case"}, which

 is also available for @{typ"bool"} but is not split automatically:

 *}

 consts gcd2 :: "nat*nat \\<Rightarrow> nat";

 recdef gcd2 "measure (\\<lambda>(m,n).n)"

   "gcd2(m,n) = (case n=0 of True \\<Rightarrow> m | False \\<Rightarrow> gcd2(n,m mod n))";

 text{*\noindent

 In fact, this is probably the neatest solution next to pattern matching.

 A final alternative is to replace the offending simplification rules by

 derived conditional ones. For @{term"gcd"} it means we have to prove

 *}

 lemma [simp]: "gcd (m, 0) = m";

 by(simp);

 lemma [simp]: "n \\<noteq> 0 \\<Longrightarrow> gcd(m, n) = gcd(n, m mod n)";

 by(simp);

 text{*\noindent

 after which we can disable the original simplification rule:

 *}

 lemmas [simp del] = gcd.simps;

 (*<*)

 end

 (*>*)