%

 \begin{isabellebody}%

 \def\isabellecontext{Nested}%

 %

 \isadelimtheory

 %

 \endisadelimtheory

 %

 \isatagtheory

 %

 \endisatagtheory

 {\isafoldtheory}%

 %

 \isadelimtheory

 %

 \endisadelimtheory

 %

 \begin{isamarkuptext}%

 \index{datatypes!and nested recursion}%

 So far, all datatypes had the property that on the right-hand side of their

 definition they occurred only at the top-level: directly below a

 constructor. Now we consider \emph{nested recursion}, where the recursive

 datatype occurs nested in some other datatype (but not inside itself!).

 Consider the following model of terms

 where function symbols can be applied to a list of arguments:%

 \end{isamarkuptext}%

 \isamarkuptrue%

 \isacommand{datatype}\isamarkupfalse%

 \ {\isacharparenleft}{\isacharprime}v{\isacharcomma}{\isacharprime}f{\isacharparenright}{\isachardoublequoteopen}term{\isachardoublequoteclose}\ {\isacharequal}\ Var\ {\isacharprime}v\ {\isacharbar}\ App\ {\isacharprime}f\ {\isachardoublequoteopen}{\isacharparenleft}{\isacharprime}v{\isacharcomma}{\isacharprime}f{\isacharparenright}term\ list{\isachardoublequoteclose}%

 \begin{isamarkuptext}%

 \noindent

 Note that we need to quote \isa{term} on the left to avoid confusion with

 the Isabelle command \isacommand{term}.

 Parameter \isa{{\isacharprime}v} is the type of variables and \isa{{\isacharprime}f} the type of

 function symbols.

 A mathematical term like $f(x,g(y))$ becomes \isa{App\ f\ {\isacharbrackleft}Var\ x{\isacharcomma}\ App\ g\ {\isacharbrackleft}Var\ y{\isacharbrackright}{\isacharbrackright}}, where \isa{f}, \isa{g}, \isa{x}, \isa{y} are

 suitable values, e.g.\ numbers or strings.

 What complicates the definition of \isa{term} is the nested occurrence of

 \isa{term} inside \isa{list} on the right-hand side. In principle,

 nested recursion can be eliminated in favour of mutual recursion by unfolding

 the offending datatypes, here \isa{list}. The result for \isa{term}

 would be something like

 \medskip

 \input{Datatype/document/unfoldnested.tex}

 \medskip

 \noindent

 Although we do not recommend this unfolding to the user, it shows how to

 simulate nested recursion by mutual recursion.

 Now we return to the initial definition of \isa{term} using

 nested recursion.

 Let us define a substitution function on terms. Because terms involve term

 lists, we need to define two substitution functions simultaneously:%

 \end{isamarkuptext}%

 \isamarkuptrue%

 \isacommand{primrec}\isamarkupfalse%

 \isanewline

 subst\ {\isacharcolon}{\isacharcolon}\ {\isachardoublequoteopen}{\isacharparenleft}{\isacharprime}v{\isasymRightarrow}{\isacharparenleft}{\isacharprime}v{\isacharcomma}{\isacharprime}f{\isacharparenright}term{\isacharparenright}\ {\isasymRightarrow}\ {\isacharparenleft}{\isacharprime}v{\isacharcomma}{\isacharprime}f{\isacharparenright}term\ \ \ \ \ \ {\isasymRightarrow}\ {\isacharparenleft}{\isacharprime}v{\isacharcomma}{\isacharprime}f{\isacharparenright}term{\isachardoublequoteclose}\ \isakeyword{and}\isanewline

 substs{\isacharcolon}{\isacharcolon}\ {\isachardoublequoteopen}{\isacharparenleft}{\isacharprime}v{\isasymRightarrow}{\isacharparenleft}{\isacharprime}v{\isacharcomma}{\isacharprime}f{\isacharparenright}term{\isacharparenright}\ {\isasymRightarrow}\ {\isacharparenleft}{\isacharprime}v{\isacharcomma}{\isacharprime}f{\isacharparenright}term\ list\ {\isasymRightarrow}\ {\isacharparenleft}{\isacharprime}v{\isacharcomma}{\isacharprime}f{\isacharparenright}term\ list{\isachardoublequoteclose}\isanewline

 \isakeyword{where}\isanewline

 {\isachardoublequoteopen}subst\ s\ {\isacharparenleft}Var\ x{\isacharparenright}\ {\isacharequal}\ s\ x{\isachardoublequoteclose}\ {\isacharbar}\isanewline

 \ \ subst{\isacharunderscore}App{\isacharcolon}\isanewline

 {\isachardoublequoteopen}subst\ s\ {\isacharparenleft}App\ f\ ts{\isacharparenright}\ {\isacharequal}\ App\ f\ {\isacharparenleft}substs\ s\ ts{\isacharparenright}{\isachardoublequoteclose}\ {\isacharbar}\isanewline

 \isanewline

 {\isachardoublequoteopen}substs\ s\ {\isacharbrackleft}{\isacharbrackright}\ {\isacharequal}\ {\isacharbrackleft}{\isacharbrackright}{\isachardoublequoteclose}\ {\isacharbar}\isanewline

 {\isachardoublequoteopen}substs\ s\ {\isacharparenleft}t\ {\isacharhash}\ ts{\isacharparenright}\ {\isacharequal}\ subst\ s\ t\ {\isacharhash}\ substs\ s\ ts{\isachardoublequoteclose}%

 \begin{isamarkuptext}%

 \noindent

 Individual equations in a \commdx{primrec} definition may be

 named as shown for \isa{subst{\isacharunderscore}App}.

 The significance of this device will become apparent below.

 Similarly, when proving a statement about terms inductively, we need

 to prove a related statement about term lists simultaneously. For example,

 the fact that the identity substitution does not change a term needs to be

 strengthened and proved as follows:%

 \end{isamarkuptext}%

 \isamarkuptrue%

 \isacommand{lemma}\isamarkupfalse%

 \ subst{\isacharunderscore}id{\isacharcolon}\ {\isachardoublequoteopen}subst\ \ Var\ t\ \ {\isacharequal}\ {\isacharparenleft}t\ {\isacharcolon}{\isacharcolon}{\isacharparenleft}{\isacharprime}v{\isacharcomma}{\isacharprime}f{\isacharparenright}term{\isacharparenright}\ \ {\isasymand}\isanewline

 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ substs\ Var\ ts\ {\isacharequal}\ {\isacharparenleft}ts{\isacharcolon}{\isacharcolon}{\isacharparenleft}{\isacharprime}v{\isacharcomma}{\isacharprime}f{\isacharparenright}term\ list{\isacharparenright}{\isachardoublequoteclose}\isanewline

 %

 \isadelimproof

 %

 \endisadelimproof

 %

 \isatagproof

 \isacommand{apply}\isamarkupfalse%

 {\isacharparenleft}induct{\isacharunderscore}tac\ t\ \isakeyword{and}\ ts{\isacharcomma}\ simp{\isacharunderscore}all{\isacharparenright}\isanewline

 \isacommand{done}\isamarkupfalse%

 %

 \endisatagproof

 {\isafoldproof}%

 %

 \isadelimproof

 %

 \endisadelimproof

 %

 \begin{isamarkuptext}%

 \noindent

 Note that \isa{Var} is the identity substitution because by definition it

 leaves variables unchanged: \isa{subst\ Var\ {\isacharparenleft}Var\ x{\isacharparenright}\ {\isacharequal}\ Var\ x}. Note also

 that the type annotations are necessary because otherwise there is nothing in

 the goal to enforce that both halves of the goal talk about the same type

 parameters \isa{{\isacharparenleft}{\isacharprime}v{\isacharcomma}{\isacharprime}f{\isacharparenright}}. As a result, induction would fail

 because the two halves of the goal would be unrelated.

 \begin{exercise}

 The fact that substitution distributes over composition can be expressed

 roughly as follows:

 \begin{isabelle}%

 \ \ \ \ \ subst\ {\isacharparenleft}f\ {\isasymcirc}\ g{\isacharparenright}\ t\ {\isacharequal}\ subst\ f\ {\isacharparenleft}subst\ g\ t{\isacharparenright}%

 \end{isabelle}

 Correct this statement (you will find that it does not type-check),

 strengthen it, and prove it. (Note: \isa{{\isasymcirc}} is function composition;

 its definition is found in theorem \isa{o{\isacharunderscore}def}).

 \end{exercise}

 \begin{exercise}\label{ex:trev-trev}

   Define a function \isa{trev} of type \isa{{\isacharparenleft}{\isacharprime}v{\isacharcomma}\ {\isacharprime}f{\isacharparenright}\ Nested{\isachardot}term\ {\isasymRightarrow}\ {\isacharparenleft}{\isacharprime}v{\isacharcomma}\ {\isacharprime}f{\isacharparenright}\ Nested{\isachardot}term}

 that recursively reverses the order of arguments of all function symbols in a

   term. Prove that \isa{trev\ {\isacharparenleft}trev\ t{\isacharparenright}\ {\isacharequal}\ t}.

 \end{exercise}

 The experienced functional programmer may feel that our definition of

 \isa{subst} is too complicated in that \isa{substs} is

 unnecessary. The \isa{App}-case can be defined directly as

 \begin{isabelle}%

 \ \ \ \ \ subst\ s\ {\isacharparenleft}App\ f\ ts{\isacharparenright}\ {\isacharequal}\ App\ f\ {\isacharparenleft}map\ {\isacharparenleft}subst\ s{\isacharparenright}\ ts{\isacharparenright}%

 \end{isabelle}

 where \isa{map} is the standard list function such that

 \isa{map\ f\ {\isacharbrackleft}x{\isadigit{1}}{\isacharcomma}{\isachardot}{\isachardot}{\isachardot}{\isacharcomma}xn{\isacharbrackright}\ {\isacharequal}\ {\isacharbrackleft}f\ x{\isadigit{1}}{\isacharcomma}{\isachardot}{\isachardot}{\isachardot}{\isacharcomma}f\ xn{\isacharbrackright}}. This is true, but Isabelle

 insists on the conjunctive format. Fortunately, we can easily \emph{prove}

 that the suggested equation holds:%

 \end{isamarkuptext}%

 \isamarkuptrue%

 %

 \isadelimproof

 %

 \endisadelimproof

 %

 \isatagproof

 %

 \endisatagproof

 {\isafoldproof}%

 %

 \isadelimproof

 %

 \endisadelimproof

 %

 \isadelimproof

 %

 \endisadelimproof

 %

 \isatagproof

 %

 \endisatagproof

 {\isafoldproof}%

 %

 \isadelimproof

 %

 \endisadelimproof

 %

 \isadelimproof

 %

 \endisadelimproof

 %

 \isatagproof

 %

 \endisatagproof

 {\isafoldproof}%

 %

 \isadelimproof

 \isanewline

 %

 \endisadelimproof

 \isacommand{lemma}\isamarkupfalse%

 \ {\isacharbrackleft}simp{\isacharbrackright}{\isacharcolon}\ {\isachardoublequoteopen}subst\ s\ {\isacharparenleft}App\ f\ ts{\isacharparenright}\ {\isacharequal}\ App\ f\ {\isacharparenleft}map\ {\isacharparenleft}subst\ s{\isacharparenright}\ ts{\isacharparenright}{\isachardoublequoteclose}\isanewline

 %

 \isadelimproof

 %

 \endisadelimproof

 %

 \isatagproof

 \isacommand{apply}\isamarkupfalse%

 {\isacharparenleft}induct{\isacharunderscore}tac\ ts{\isacharcomma}\ simp{\isacharunderscore}all{\isacharparenright}\isanewline

 \isacommand{done}\isamarkupfalse%

 %

 \endisatagproof

 {\isafoldproof}%

 %

 \isadelimproof

 %

 \endisadelimproof

 %

 \begin{isamarkuptext}%

 \noindent

 What is more, we can now disable the old defining equation as a

 simplification rule:%

 \end{isamarkuptext}%

 \isamarkuptrue%

 \isacommand{declare}\isamarkupfalse%

 \ subst{\isacharunderscore}App\ {\isacharbrackleft}simp\ del{\isacharbrackright}%

 \begin{isamarkuptext}%

 \noindent The advantage is that now we have replaced \isa{substs} by \isa{map}, we can profit from the large number of

 pre-proved lemmas about \isa{map}.  Unfortunately, inductive proofs

 about type \isa{term} are still awkward because they expect a

 conjunction. One could derive a new induction principle as well (see

 \S\ref{sec:derive-ind}), but simpler is to stop using

 \isacommand{primrec} and to define functions with \isacommand{fun}

 instead.  Simple uses of \isacommand{fun} are described in

 \S\ref{sec:fun} below.  Advanced applications, including functions

 over nested datatypes like \isa{term}, are discussed in a

 separate tutorial~\cite{isabelle-function}.

 Of course, you may also combine mutual and nested recursion of datatypes. For example,

 constructor \isa{Sum} in \S\ref{sec:datatype-mut-rec} could take a list of

 expressions as its argument: \isa{Sum}~\isa{{\isachardoublequote}{\isacharprime}a\ aexp\ list{\isachardoublequote}}.%

 \end{isamarkuptext}%

 \isamarkuptrue%

 %

 \isadelimtheory

 %

 \endisadelimtheory

 %

 \isatagtheory

 %

 \endisatagtheory

 {\isafoldtheory}%

 %

 \isadelimtheory

 %

 \endisadelimtheory

 \end{isabellebody}%

 %%% Local Variables:

 %%% mode: latex

 %%% TeX-master: "root"

 %%% End: