theory LiveDemo03
  imports 
    Main
begin

section \<open>Finding Theorems and Constants\<close>

find_theorems                            (* by far too many results *)
find_theorems "_ * (_ + _) = _"          (* find distributive law *)
find_theorems "?x * ?x = _"              (* use same value *)
find_theorems "_ \<longrightarrow> _"                  (* too many results *)
find_theorems "_ \<longrightarrow> _" name: HOL        (* restrict by name *)
find_theorems (100) "_ \<longrightarrow> _" name: HOL  (* show up to 100 results *)
find_theorems "_ \<longrightarrow> _" name: HOL -"_ \<or> _" -"_ \<and> _" -All -Ex  (* restrict by exclusion *)
term "(\<forall> x. P x) \<Longrightarrow> Q x" 
 
find_consts "?'a \<Rightarrow> ?'a \<Rightarrow> _ list" 

section \<open>Drinker's Paradox -- Tuning Proofs\<close>

text \<open>previous version copied from Demo02\<close>

lemma drinkers_paradox_v2: "\<exists> p. drinks p \<longrightarrow> (\<forall> x. drinks x)" 
proof -
  {
    assume "\<exists> x. \<not> drinks x"  
    then obtain x where nex: "\<not> drinks x" by auto
    have ?thesis
    proof 
      from nex show "drinks x \<longrightarrow> (\<forall>y. drinks y)" 
        by auto
    qed
  } 
  hence part1: "(\<exists> x. \<not> drinks x) \<Longrightarrow> ?thesis" by auto
  {
    assume "\<not> (\<exists> x. \<not> drinks x)" 
    hence "\<forall> x. drinks x" by auto
    hence ?thesis by auto
  }
  hence "\<not> (\<exists> x. \<not> drinks x) \<Longrightarrow> ?thesis" by auto
  thus ?thesis using part1 by auto
qed

lemma drinkers_paradox_v2a: "\<exists> p. drinks p \<longrightarrow> (\<forall> x. drinks x)" 
proof -
  {
    assume "\<exists> x. \<not> drinks x"  
    then obtain x where nex: "\<not> drinks x" by auto
    have ?thesis
    proof 
      from nex show "drinks x \<longrightarrow> (\<forall>y. drinks y)" 
        by auto
    qed
  } 
  moreover
  have "5 > (3 :: nat)" by auto
  moreover
  {
    assume "\<not> (\<exists> x. \<not> drinks x)" 
    hence "\<forall> x. drinks x" by auto
    hence ?thesis by auto
  }
  ultimately show ?thesis by auto
qed

text \<open>Usage of "then", "hence", "moreover", "ultimately"\<close>

lemma drinkers_paradox_v3: "\<exists> p. drinks p \<longrightarrow> (\<forall> x. drinks x)" 
proof -
  {
    assume "\<exists> x. \<not> drinks x"  
    then obtain x where "\<not> drinks x" by auto (* then = from this *)
    hence ?thesis by auto                    (* hence = then have *)
  } 
  moreover                                   (* store fact *)
  {
    assume "\<not> (\<exists> x. \<not> drinks x)" 
    hence ?thesis by auto
  }
  ultimately show ?thesis by auto    (* assume previously stored facts and "this" *)
qed


text \<open>Usage of case-analysis on Booleans with cases True/False separated by "next".\<close>

lemma drinkers_paradox_v4: "\<exists> p. drinks p \<longrightarrow> (\<forall> x. drinks x)" 
proof (cases "\<exists> x. \<not> drinks x")
  case True
  then obtain x where "\<not> drinks x" by auto
  then show ?thesis by auto
qed auto





section \<open>Intro and Elim: apply several introduction / elimination rules\<close>

lemma "A \<and> (\<exists> x :: nat. B x \<and> (C \<or> D x))" 
proof (intro conjI exI)
  \<comment> \<open>three subgoals: A, B ?x, C \<or> D ?x\<close>
  show A sorry
  show "B 5" sorry        (* here we choose witness 5 *) 
  show "C \<or> D 5" sorry    (* no choice of witness anymore *)
qed

lemma True  (* True is used as dummy property *) 
proof -
  fix A B C D
  assume "\<exists> x :: nat. A \<and> (B x \<or> C x)" 
  hence D
  proof (elim exE conjE disjE) (* apply multiple elimination rules *)
    (* inspect proof goals at this point *)
    oops 



section \<open>Case-Analysis and Induction\<close>

text \<open>A copy of the list datatype to illustrate print-theorems\<close>
datatype 'a ls = Empty | Con 'a "'a ls" 

text \<open>This datatype definition proves a lot of theorems for you, as
  can be seen by print_theorems that is used directly after some definition.\<close>

thm list.exhaust (* case analysis on lists *)
thm list.induct  (* induction on lists *)
thm list.simps   (* simplification rules for list-constructors *)

fun app :: "'a list \<Rightarrow> 'a list \<Rightarrow> 'a list" where 
  "app [] ys = ys" 
| "app (x # xs) ys = x # (app xs ys)" 

print_theorems

fun reverse :: "'a list \<Rightarrow> 'a list" where
  "reverse [] = []"  
| "reverse (x # xs) = app (reverse xs) ([x])"

lemma app_Nil_right[simp]: "app xs [] = xs" 
  by (induction xs) auto

lemma app_assoc: "app (app xs ys) zs = app xs (app ys zs)" 
  by (induction xs) auto

lemma rev_app: "reverse (app xs ys) = app (reverse ys) (reverse xs)"
proof (induction xs)
  case [simp]: (Cons x xs)
  show ?case by (auto simp: app_assoc)
qed auto

lemma rev_rev[simp]: "reverse (reverse xs) = xs"
proof (induction xs)
  case (Cons y ys)
  thus ?case by (auto simp: rev_app)
qed auto

text \<open>A proof by case-analysis\<close>

fun tail :: "'a list \<Rightarrow> 'a list" where
  "tail [] = []"
| "tail (_ # xs) = xs" 

lemma len_tail: "length (tail xs) = length xs - 1" 
proof (cases xs)
  case (Cons y ys)
  then show ?thesis by auto
qed auto


text \<open>An induction proof involving case-analysis\<close>

fun drop_last :: "'a list \<Rightarrow> 'a list" where
  "drop_last (x # y # ys) = x # drop_last (y # ys)" 
| "drop_last xs = []"

thm drop_last.simps (* observe how the second defining equation is handled *)

lemma len_drop: "length (drop_last xs) = length xs - 1"
proof (induction xs)
  case (Cons x xs)
  show ?case
  proof (cases xs)
    case innerCons: (Cons y ys)
    thus ?thesis using Cons by auto
  qed auto
qed auto

lemma len_drop2: "length (drop_last xs) = length xs - 1"
proof (induction xs)
  case (Cons x xs)
  thus ?case by (cases xs) auto
qed auto

end