Datatype Rules
Datatype rules may seem a bit difficult to understand at first sight. Here are a few examples intended to make them clearer.
Datatypes used
The rules will be applied to the following datatypes:
Directions:
direction ::= north | east | south | west
Let us have a function
first two arguments are a start position, third is a direction, result is the end position.
Lists:
list(T) ::= nil | cons( head : T, tail : list(T) )
Let us have a predicate
meaning that the first argument is a member of the list.
Trees:
tree(T) ::= empty | node( left : tree(T), value : T, right : tree(T) )
Let us have a function
defining the height of a tree
Distinct Case
The rule states
Distinct Case on directions
Starting from goal
we can free variables x,y,d then apply Distinct Case on d:
The resulting proof step is
further simplifications depend on the existence of rules about move and the various directions.
Distinct Case on lists
Starting from goal
we can free variable l then apply Distinct Case on it:
The left antecedent shows that the case of the nil list has been forgotten when writing the theorem. The right antecedent looks as hard to prove as the initial goal (but see the induction application).
Distinct Case on trees
Starting from goal
we can free variables l,v,r,t then apply IMP_R and then Distinct Case on t:
the left antecedent will then be proved using the contradiction in hypotheses. The right one will require eh on t in hypotheses and SIMP_EQUAL_CONSTR, then properties about height.
Induction
The rule states
The only difference with Distinct Case resides in the hypotheses for inductive parameters.
Induction on directions
Starting from goal
we can free variables x,y,d then apply Induction on d:
The resulting proof step is
As we can see, it is exactly the same proof step as for Distinct Case: the reason is that the direction constructors contain no parameters, a fortiori no inductive parameters, so there are no additional hypotheses.
Induction on lists
Starting from goal
we can free variable l then apply Induction on it:
The left antecedent shows the same problem as Distinct for nil list. The benefit of the Induction is in the right antecedent with the additional hypothesis that the predicate stands for tail1. Next step will be to make eh on l, free the x in the tail1 hypothesis, then use it to instantiate the x in the goal with . In this proof, application of Distinct Case does not allow to complete the proof (at least not so easily), whereas Induction does.
Induction on trees
Starting from goal
we can free variables l,v,r,t then apply IMP_R and then Induction on t:
the left antecedent will then be proved using the contradiction in hypotheses. In the right one, additional induction hypotheses do not provide much help: in this situation, using Distinct Case and properties about height is sufficient to discharge the proof.