{AS} 
Hi, total beginner question. But what corresponds to "intro" from Coq in Isabelle? 
larsrh 
{AS}: not quite sure what rules "intro" applies, but I think "apply safe" is a close candidate in Isabelle 
larsrh 
it applies some default introduction rules 
larsrh 
like conjunction introduction 
{AS} 
larsrh: Thanks! 
{AS} 
So maybe I should rephrase my question, if I have "/\ x. P x", how do i get something of P x' where x' is available to apply tactics on 
{AS} 
Oh, I see, this is already how things work in Isabelle 
ThreeOfEight 
{AS}: could you clarify that? 
{AS} 
ThreeOfEight: So in Coq if you have a goal "forall x : Nat. P x" , in order to do induction on x, you have to use "introduction x" which gives you "x : Nat  P x" (that is moves x to the context) and then you can do "induction x" 
{AS} 
I was wondering how I moved things to the "context" in isabelle 
ThreeOfEight 
⋀ is the metalogical universal quantifier 
ThreeOfEight 
it is "transparent" in a way 
ThreeOfEight 
if you have a goal of the form "⋀ a b c. …", then a, b, and c are locally fixed variables 
{AS} 
ThreeOfEight: Aha, interesting :) 
{AS} 
Thanks :) 
ThreeOfEight 
However, to do induction, you have to do something like "apply (induction a)", which will not work because referencing locally fixed variables is tricky 
ThreeOfEight 
(depending on where those variables come from, their names might change) 
{AS} 
ThreeOfEight: Yeah 
ThreeOfEight 
(so referencing locally fixed variables by name is discouraged) 
ThreeOfEight 
you can do something like "apply (induct_tac a)", but as I said, that is discouraged 
ThreeOfEight 
the best way to do something like this is to do a structured Isar proof 
ThreeOfEight 
but these things are best explained by example, so if you have some snippet of code, I will happily comment on it 
{AS} 
ThreeOfEight: Sure, I will just paste it 
ThreeOfEight 
you can use http://downthetypehole.de/paste (which has Isabelle syntax highlighting) 
{AS} 
ThreeOfEight: Thanks, here it is: http://downthetypehole.de/paste/Aov9eR0g 
{AS} 
I am stuck on the last proof 
{AS} 
This is btw one of the sample Isabelle files 
{AS} 
I just tried adding more methods to it :) 
{AS} 
So my goal is " ⋀x' xs a seq. conc (reverse xs) (Seq x' Empty) = Seq a seq ⟹ len seq < Suc (Suc (len xs))" 
{AS} 
so I know that my hypothesis gives me Suc (len xs) = len seq 
{AS} 
but I don't know how to go from my hypothesis to that 
ThreeOfEight 
{AS}: you can do this: http://downthetypehole.de/paste/ei8VCLLj 
{AS} 
ThreeOfEight: Thank you very much! 
ThreeOfEight 
I think there are probably nicer ways to write down that definition that are more amenable to automation 
ThreeOfEight 
it takes some experience with the system to write things down in such a way that the automation (especially the simplifier) can handle them easily 
ThreeOfEight 
(Makarius calls this "proof by correct definition") 
ThreeOfEight 
{AS}: by the way, are you aware that by your definition, everything is a palindrome? 
{AS} 
ThreeOfEight: Yes 
{AS} 
I had the x == y before 
{AS} 
but I wanted to try a simpler proof before :) 
ThreeOfEight 
For termination, it should make no differene 
ThreeOfEight 
*difference 
{AS} 
Yeah 
{AS} 
ThreeOfEight: Is there a guide how to write it like this? 
ThreeOfEight 
In any case, my approach would be to define "isPalindrome xs ⟷ xs = reverse xs" 
ThreeOfEight 
then you don't have to prove termination 
ThreeOfEight 
and you can easily prove the recursive characterisation 
{AS} 
Oh that makes sense 
ThreeOfEight 
{AS}: What do you mean? 
{AS} 
I mean, I am unsure how you solved the goals by using fix assume etc. :) 
{AS} 
and how you were able to pick the right definitions 
{AS} 
because it seems to me that somehow we only changed the proof state in the "thus" command 
{AS} 
I was wondering if you got some tips on how to do this 
ThreeOfEight 
well the "fix" stuff is Isar 
ThreeOfEight 
there are some tutorials about how to write structured Isar proofs 
ThreeOfEight 
the relevant step in my proof is to use the equation "reverse (Seq x' xs) = Seq y ys" 
{AS} 
ThreeOfEight: Thanks, I will take a look at that :) 
ThreeOfEight 
I essentially said "if they're equal, then their lengths must be equal" 
ThreeOfEight 
and then everything falls into place easily 
ThreeOfEight 
automation is not smart enough to figure this out on its own 
{AS} 
Aha 
{AS} 
so even if I had len_reverse, it would not apply it to the hypotheses automatically 
{AS} 
In any case, thanks very much! 
{AS} 
So I often find that sledgehammer returns hard to understand proofs. Is the idea more to use sledgehammer to check whether it is provable and then do a manual proof by hand? 
larsrh 
{AS}: no, many people will happily use complicated sledgehammer proofs 
larsrh 
But sure, it's no problem to try and reprove it using Isar 
larsrh 
(it's also very common that auto/force/... solve goals in mysterious ways, but as long as it's solved, you don't care) 
{AS} 
OK, interesting, thanks. So usually it depedends whether people care about reading their proofs (with Isar) or just want to show that the theorem holds. 
{AS} 
I see 
larsrh 
right 
larsrh 
In an ideal world people would be writing their proofs in a readable way 
larsrh 
that's what Isar is for! 
larsrh 
But in the actual world people need to carry on with their task at hand, so there's often a time constraint involved 
larsrh 
a common workflow is: make it quick & dirty for the paper deadline, make it a little bit more beautiful for AFP submission afterwards 
{AS} 
Makes sense 
{AS} 
In a sense I was perhaps wondering if sledgehammer could provide slightly more beautiful proofs automatically (I know, I know, it is a hard research project, but it would be so cool :) ). 
larsrh 
sledgehammer tries doing that already :) 
larsrh 
There is an "Isar proof" option which will give you, well, an Isar proof 
{AS} 
larsrh: Oh, let me see 
larsrh 
and it internally tries to compress it so that you don't get lots of tedious details 
larsrh 
still, it can look strange 
{AS} 
Ah cool 
{AS} 
Isabelle really has a lot of cool automation features :) 
ThreeOfEight 
actually, Sledgehammer's "Isar proofs" are still pretty ugly 
ThreeOfEight 
and I think sledgehammer only generates Isar proofs when the goal is too difficult for a oneline proof 
{AS} 
ThreeOfEight: Yeah, I wanted to test it, but I couldn't come up with a "difficult enough" theorem that made sense to see the output :) 
{AS} 
I mean it should also not be too difficult because then sledgehammer times out :) 
ammbauer 
http://xkcd.com/1724/ 
{AS} 
Heh 
