% --------------------------------------------------------------------- %
% DIRECTORY:   ind-defs                                                 %
%                                                                       %
% DESCRIPTION: Alternative inductive definitions package.               %
%                                                                       %
% AUTHOR:      John Harrison                                            %
%                                                                       %
% ADDRESS:     University of Cambridge Computer Laboratory              %
%              New Museums Site                                         %
%              Pembroke Street                                          %
%              Cambridge CB2 3QG                                        %
%              U. K.                                                    %
%                                                                       %
%              email: jrh@cl.cam.ac.uk                                  %
%                                                                       %
% DATE:        95.05.08                                                 %
% --------------------------------------------------------------------- %

This contribution provides broadly similar facilities to Tom Melham's
`ind_defs' library, with two additional features:

 * Mutually inductive definitions are supported

 * Arbitrary monotone hypotheses are allowed in rules

However, so-called "strong induction" is not automated, there is no custom
tactic support, and the interface is different.

Any monotone function in the relation being defined is permitted as a
hypothesis, and monotonicity is proved automatically for a wide range of
operations including (possibly paired) universal and existential quantifiers,
and list conjunction (ALL_EL). Users may augment the stock of monotonicity
rules with those for particular operations they may require. The monotonicity
prover is integrated with the tactic mechanism so that users can easily provide
manual assistance with tricky proofs.

The main function is "new_inductive_definition" which takes two trivial
arguments specifying the name of the definition in the theory file and the
fixity status of the new constants, and a third argument which is a list of
terms of the form:

 "!x1..xn. E[R1,..,Rm,x1,..,xn] ==> Ri (t1[xs]) .. (tk[xs])

This is a rule for the relation "Ri". The antecedent of this implication may
be absent. The first arguments of the relation may be schematic variables;
these must occur in the same way for each of the relations being defined. The
function defines the appropriate mutually inductive relations and returns a
triple of the rules, induction and cases theorems. This is probably best
illustrated by a few examples:

  #new_inductive_definition
  # `EVEN_ODD_DEF`
  # [`constant`,`EVEN_NUM`; `constant`,`ODD_NUM`]
  # (conjuncts
  #   "EVEN_NUM(0) /\
  #    ODD_NUM(1) /\
  #    (!n. ODD_NUM(n) ==> EVEN_NUM(n + 1)) /\
  #    (!n. EVEN_NUM(n) ==> ODD_NUM(n + 1))");;
  (|- EVEN_NUM 0 /\
      ODD_NUM 1 /\
      (!n. ODD_NUM n ==> EVEN_NUM(n + 1)) /\
      (!n. EVEN_NUM n ==> ODD_NUM(n + 1)),
   |- !EVEN_NUM' ODD_NUM'.
       EVEN_NUM' 0 /\
       ODD_NUM' 1 /\
       (!n. ODD_NUM' n ==> EVEN_NUM'(n + 1)) /\
       (!n. EVEN_NUM' n ==> ODD_NUM'(n + 1)) ==>
       (!a0. EVEN_NUM a0 ==> EVEN_NUM' a0) /\
       (!a1. ODD_NUM a1 ==> ODD_NUM' a1),
   |- (!a0. EVEN_NUM a0 = (a0 = 0) \/ (?n. (a0 = n + 1) /\ ODD_NUM n)) /\
      (!a1. ODD_NUM a1 = (a1 = 1) \/ (?n. (a1 = n + 1) /\ EVEN_NUM n)))

#new_inductive_definition
# `RSTC_DEF`
# [`constant`,`RSTC`]
# (conjuncts
#   "(!x y. R x y ==> RSTC R x y) /\
#    (!x:*. RSTC R x x) /\
#    (!x y. RSTC R x y ==> RSTC R y x) /\
#    (!x y z. RSTC R x y /\ RSTC R y z ==> RSTC R x z)");;
(|- (!x y. R x y ==> RSTC R x y) /\
    (!x. RSTC R x x) /\
    (!x y. RSTC R x y ==> RSTC R y x) /\
    (!x y z. RSTC R x y /\ RSTC R y z ==> RSTC R x z),
 |- !RSTC'.
     (!x y. R x y ==> RSTC' x y) /\
     (!x. RSTC' x x) /\
     (!x y. RSTC' x y ==> RSTC' y x) /\
     (!x y z. RSTC' x y /\ RSTC' y z ==> RSTC' x z) ==>
     (!a0 a1. RSTC R a0 a1 ==> RSTC' a0 a1),
 |- !a0 a1.
     RSTC R a0 a1 =
     R a0 a1 \/
     (a1 = a0) \/
     RSTC R a1 a0 \/
     (?y. RSTC R a0 y /\ RSTC R y a1))

There is no documentation except the comments in the source file and what I
have just written. But I hope people will find it useful, and tell me of any
bugs. I plan to port it to hol90 when I have used it more extensively and
fixed any problems.

I might include a derivation of "strong induction" in the future. It's quite
easy, but best integrated with the derivation of the other three theorems,
because the proof contains an appeal to monotonicity. Basically given a rule:

 |- !x. E[R,x] ==> R (t[x])

and an induction theorem

 |- !R'. (!x. E[R',x] ==> R' (t[x]))
         ==> !x. R x ==> R' x

we can weaken the hypothesis to

 |- !R'. (!x. E[R'',x] ==> R' (t[x]))
         ==> !x. R x ==> R' x

where R'' x = R x /\ R' x. Indeed |- R'' x ==> R x, so by monotonicity of E we
get |- E[R'',x] ==> E[R,x]. By the rule |- E[R,x] ==> R (t[x]), and by
hypothesis |- E[R'',x] ==> R' (t[x]). Thus the result follows easily.

There are various other functions which might be handy for some users. A quick
look through the source code should explain what most of these are.

John.
