What is a good way to define a finite multiplication table in Isar?

Question

Suppose I have a binary operator f :: "sT => sT => sT". I want to define f so that it implements a 4x4 multiplication table for the Klein four group, shown here on the Wiki:

http://en.wikipedia.org/wiki/Klein_four-group

Here, all I'm attempting to do is create a table with 16 entries. First, I define four constants like this:

consts
  k_1::sT  
  k_a::sT  
  k_b::sT  
  k_ab::sT

Then I define my function to implement the 16 entries in the table:

  k_1 * k_1 = k_1
  k_1 * k_a = k_a
  ...
  k_ab * k_ab = k_1

I don't know how to do any normal-like programming in Isar, and I've seen on the Isabelle user's list where it was said that (certain) programming-like constructs have been intentionally de-emphasized in the language.

The other day, I was trying to create a simple, contrived function, and after finding the use of if, then, else in a source file, I couldn't find a reference to those commands in isar-ref.pdf.

In looking at the tutorials, I see definition for defining functions in a straightforward way, and other than that, I only see information on recursive and inductive functions, which require datatype, and my situation is more simple than that.

If left to my own devices, I guess I would try and define a datatype for those 4 constants shown above, and then create some conversion functions so that I end up with a binary operator f :: sT => sT => sT. I messed around a little with trying to use fun, but it wasn't turning out to be a simple deal.

I had done a little experimenting with `fun` and `inductive`

UPDATE: I add some material here in response to the comment telling me that Programming and Proving is where I'll find the answers. It seems I might be going astray of the ideal Stackoverflow format.

I had done some basic experimenting, mainly with fun, but also with inductive. I gave up on inductive fairly fast. Here's the type of error I got from simple examples:

consts
  k1::sT

inductive k4gI :: "sT => sT => sT" where
  "k4gI k1 k1 = k1"
--"OUTPUT ERROR:"
--{*Proofs for inductive predicate(s) "k4gI"
    Ill-formed introduction rule ""
    ((k4gI k1 k1) = k1)
    Conclusion of introduction rule must be an inductive predicate  
*}

My multiplication table isn't inductive, so I didn't see that inductive was what I should spend my time chasing.

"Pattern matching" seems a key idea here, so I experimented with fun. Here's some really messed up code trying to use fun with only a standard function type:

consts
  k1::sT

fun k4gF :: "sT => sT => sT" where
  "k4gF k1 k1 = k1"
--"OUTPUT ERROR:"
--"Malformed definition:
   Non-constructor pattern not allowed in sequential mode.
   ((k4gF k1 k1) = k1)"

I got that kind of error, and I had read things like this in Programming and Proving:

"Recursive functions are defined with fun by pattern matching over datatype constructors.

That all gives a novice the impression that fun requires datatype. As far its big brother function, I don't know about that.

It seems here, all I need is a recursive function with 16 base cases, and that would define my multiplication table.

Is `function` the answer?

In editing this question, I remembered function from the past, and here's function at work:

consts
  k1::sT

function k4gF :: "sT => sT => sT" where
  "k4gF k1 k1 = k1"
  try

The output of try is telling me it can be proved (Update: I think it's actually telling me that only 1 of the proof steps can be prove.):

Trying "solve_direct", "quickcheck", "try0", "sledgehammer", and "nitpick"... 
Timestamp: 00:47:27. 
solve_direct: (((k1, k1) = (k1, k1)) ⟹ (k1 = k1)) can be solved directly with
  HOL.arg_cong: ((?x = ?y) ⟹ ((?f ?x) = (?f ?y))) [name "HOL.arg_cong", kind "lemma"]
  HOL.refl: (?t = ?t) [name "HOL.refl"]
  MFZ.HOL⇣'eq⇣'is⇣'reflexive: (?r = ?r) [name "MFZ.HOL⇣'eq⇣'is⇣'reflexive", kind "theorem"]
  MFZ.HOL_eq_is_reflexive: (?r = ?r) [name "MFZ.HOL_eq_is_reflexive", kind "lemma"]
  Product_Type.Pair_inject:
    (⟦((?a, ?b) = (?a', ?b')); (⟦(?a = ?a'); (?b = ?b')⟧ ⟹ ?R)⟧ ⟹ ?R)
      [name "Product_Type.Pair_inject", kind "lemma"]

I don't know what that means. I only know about function because of trying to prove an inconsistency. I only know it doesn't complain as much. If using function like this is how I define my multiplication table, then I'm happy.

Still, being an argumentative type, I didn't learn about function in a tutorial. I learned about it several months ago in a reference manual, and I still don't know much about how to use it.

I have a function which I prove with auto, but the function is probably no good, fortunately. That adds to the function's mystery. There's information on function in Defining Recursive Functions in Isabelle/HOL, and it compares fun and function.

However, I haven't seen one example of fun or function that doesn't use a recursive datatype, such as nat or 'a list. Maybe I didn't look hard enough.

Sorry for being verbose and this not ending up as a direct question, but there's no tutorial with Isabelle that takes a person directly from A to B.

Some comments (sorry they are not really related to your main question): first, programming is not at all deemphasized in Isabelle/HOL, in fact HOL is often described as "functional programming + logic"; second, neither recursive functions nor inductive do require data types. Both are general constructs. A good point to start if you are interested in programming inside HOL would be Programming and Proving in Isabelle/HOL. — chris
@Chris, wrong choice of phrasing, I suppose. I can edit it if it's important. It was Makarius saying certain constructs were deliberately left out of Isar, in comparison to Coq. My take was that it forces a person to work a certain way, which I assume is overall better. Pg.14 of prog-prove.pdf: "Recursive functions are defined with fun by pattern matching over datatype constructors." It's not that I don't believe you that datatype is not required, and that I don't need to work through that PDF, but I don't expect to find an example in that PDF that I can use as a plug'n'play example. — user2190811
Ran out of characters. I don't know what it takes other than datatype to make fun happy. It seems to me all I need is some simple pattern matching. All of my basic experimenting and surfing through the docs did nothing but give me the impression that fun needs an inductive datatype, because it does recursion. Everything I've read in the basic docs, as far as pattern matching, emphasizes the connections between fun, inductive, and datatype. It helps to know datatype is not required, but it's not obvious where to learn the basics to not use datatype. — user2190811
@chris, could you be mistaken? And the 14 pages titled "Programming and Proving" of the PDF don't come close to addressing "general constructs", only the magic of fun with datatype? Looking at Haskell, according to this page, a new Haskell type requires it be defined when it's created. Isar allows an arbitrary undefined type with typedecl, and arbitrary constants with consts. If someone doesn't want to answer a question, that's understandable, but frequently pointing to a 57 pg PDF for every "beginner question" is not that helpful. — user2190811
The pointer to "Programming and Proving" was intended for my first comment (i.e., to show that programming is not at all deemphasized in Isabelle/HOL). Independently, it is very important to work through (not just read superficially) the available documentation, such that a basic understanding and vocabulary for Isabelle/HOL concepts is achieved. Furthermore, answers on SO should also be helpful to later readers. That's why regular pointers to proper documentation make sense. — chris

Unknown Unknown · Accepted Answer · 2013-04-30T03:04:04

Below, I don't adhere to an "only answer the question" format, but I am responding to my own question, and so everything I say will be of interest to the original poster.

(2nd update begin)

This should be my last update. To be content with "unsophisticated methods", it helps to be able to make comparisons to see the "low tech" way can be the best way.

I finally quit trying to make my main type work with the new type, and I just made me a Klein four-group out of a datatype like this, where the proof of associativity is at the end:

datatype AT4k = e4kt | a4kt | b4kt | c4kt  

fun AOP4k :: "AT4k => AT4k => AT4k" where
  "AOP4k e4kt y    = y"
| "AOP4k x    e4kt = x"
| "AOP4k a4kt a4kt = e4kt"
| "AOP4k a4kt b4kt = c4kt"
| "AOP4k a4kt c4kt = b4kt"
| "AOP4k b4kt a4kt = c4kt"
| "AOP4k b4kt b4kt = e4kt"
| "AOP4k b4kt c4kt = a4kt"
| "AOP4k c4kt a4kt = b4kt"
| "AOP4k c4kt b4kt = a4kt"
| "AOP4k c4kt c4kt = e4kt"

notation
  AOP4k ("AOP4k") and
  AOP4k (infixl "*" 70) 

theorem k4o_assoc2:
  "(x * y) * z = x * (y * z)"
by(smt AOP4k.simps(1) AOP4k.simps(10) AOP4k.simps(11) AOP4k.simps(12) 
  AOP4k.simps(13) AOP4k.simps(2) AOP4k.simps(3) AOP4k.simps(4) AOP4k.simps(5) 
  AOP4k.simps(6) AOP4k.simps(7) AOP4k.simps(8) AOP4k.simps(9) AT4k.exhaust)

The consequence is that I am now content with my if-then-else multiplication function. Why? Because the if-then-else function is very conducive to simp magic. This pattern matching doesn't work any magic in and of itself, not to mention that I would still have to work out the coercive subtyping part of it.

Here's the if-then-else function for the 4x4 multiplication table:

definition AO4k :: "sT => sT => sT" where
  "AO4k x y = 
    (if x = e4k then y   else
    (if y = e4k then x   else
    (if x = y   then e4k else
    (if x = a4k  y = c4k then b4k else
    (if x = b4k  y = c4k then a4k else
    (if x = c4k  y = a4k then b4k else  
    (if x = c4k  y = b4k then a4k else 
            c4k)))))))"

Because of the one nested if-then-else statement, when I run auto, it produces 64 goals. I made 16 simp rules, one for every value in the multiplication table, so when I run auto, with all the other simp rules, the auto proof takes about 90ms.

Low tech is the way to go sometimes; it's a RISC vs. CISC thing, somewhat.

A small thing like a multiplication table can be important for testing things, but it can't be useful if it's gonna slow my THY down because it's in some big loop that takes forever to finish.

(2nd update end)

(Update begin)

(UPDATE: My question above falls under the category "How do I do basic programming in Isabelle, like with other programming languages?" Here, I go beyond the specific question some, but I try to keep my comments about the challenge to a beginner who is trying to learn Isabelle when the docs are at the intermediate level, at least, in my opinion they are.

Specific to my question, though, is that I have need for a case statement, which is a very basic feature of many, many programming languages.

In looking for a case statement today, I thought I hit gold after doing one more search in the docs, this time in Isabelle - A Proof Assistant for Higher-Order Logic.

On page 5 it documents a case statement, but on page 18, it clarifies that it's only good for datatype, and I seem to confirm that with an error like this:

definition k4oC :: "kT => kT => kT" (infixl "**" 70) where
  "k4oC x y = (case x y of k1 k1 => k1)"
--{*Error in case expression:
    Not a datatype constructor: "i130429a.k1"
    In clause
    ((k1 k1) ⇒ k1)*}

This is an example that a person, whether expert or beginner, has a need for a tutorial to run through the basic programming features of Isabelle.

If you say, "There are tutorials that do that." I say, "No, there aren't, not in my opinion".

The tutorials emphasize the important, sophisticated features of Isabelle that separate it from the crowd.

That's commentary, but it's commentary meant to tie into the question, "How do I learn Isabelle?", and which my original question above is related to.

The way you learn Isabelle without being a PhD graduate student at Cambridge, TUM, or NICTA, is you struggle for 6 to 12 months or more. If during that time you don't abandon, you can be at a level that will allow you to appreciate the intermediate level instruction available. Experience may vary.

For me, the 3 books that will take me to the next level of proving, weaning me off of auto and metis, when I find time to go through them, are

If someone says, "You've abused the Stackoverflow answer format by engaging in long-winded commentary and opinion."

I say, "Well, I asked for a good way to do some basic programming in Isabelle, where I was hoping for something more sophisticated than a big if-then-else statement. No one provided anything close to what I asked for. In fact, I am who provided a pattern matching function, and what I needed to do it is not even close to being documented. Pattern matching is a simple concept, but not necessarily in Isabelle, due to the proof requirements for recursive functions. (If there's a simple way to do it to replace my if-then-else function below, or even a case statement way, I'd sure like to know.)

Having said that, I am inclined to take some liberties, and there are, at this time, only 36 views for this page anyway, of which probably, at least 10 come from my browser.

Isabelle/HOL is a powerful language. I'm not complaining. It only sounds like it.)

(Update end)

It can count for a lot just to know that something is true or false, in this case being told that function can work with non-inductive types. However, how I end up using function below is not a result of anything I've seen in any one Isabelle document, and I had need for this former SO question on coercive subtyping:

What is an Isabelle/HOL subtype? What Isar commands produce subtypes?

I end up with two ways that I completed a 2x2 part of my multiplication table. I link here to the theory: as ASCII friendly A_i130429a.thy, jEdit friendly i130429a.thy, the PDF, and folder.

The two ways are:

The clumsy but fast and simp friendly if-then-else way. The definition takes 0ms, and the proof takes 155ms.
The pattern matching way using function. Here I could think aloud in public for a long time about this way of doing things, but I won't. I know I'll use what I've learned here, but it's definitely not an elegant solution for a simple multiplication table function, and it's far from obvious that a person would have to do all that to create a basic function that uses pattern matching. Of course, maybe I don't have to do all that. The definition takes 391ms, and the proof takes 317ms.

As to having to resort to using if-then-else, either Isabelle/HOL is not feature rich when it comes to basic programming statements, or these basic statements aren't documented. The if-then-else statement is not even in the Isar Reference Manual index. I think, "If it's not documented, maybe there's a nice, undocumented case statement like Haskell has". Still, I'd take Isabelle over Haskell any day.

Below, I explain the different sections of A_i130429a.thy. It's sort of trivial, but not completely, since I haven't seen an example to teach me how to do that.

I start with a type and four constants, which remain undefined.

typedecl kT
consts
  k1::kT
  ka::kT
  kb::kT
  kab::kT

Of note is that the constants remain undefined. That I'm leaving a lot of things undefined is part of why I have problems finding good examples in docs and sources to use as templates for myself.

I do a test to try and intelligently use function on a non-inductive datatype, but it doesn't work. With my if-then-else function, after I figure out I'm not restricting my function domain, I then see that the problem with this function was also with the domain. The function k4f0 is wanting x to be k1 or ka for every x, which obviously is not true.

function k4f0 :: "kT => kT" where
  "k4f0 k1 = k1"
| "k4f0 ka = ka"
apply(auto)
apply(atomize_elim)
--"goal (1 subgoal):
   1. (!! (x::sT). ((x = k1) | (x = ka)))"

I give up and define me an ugly function with if-then-else.

definition k4o :: "kT => kT => kT" (infixl "**" 70) where
  "k4o x y =
    (if x = k1 & y = k1 then k1 else
    (if x = k1 & y = ka then ka else
    (if x = ka & y = k1 then ka else
    (if x = ka & y = ka then k1 else (k1)
    ))))"
declare k4o_def [simp add]

The hard part becomes trying to prove associativity of my function k4o. But that's only because I'm not restricting the domain. I put in an implication into the statement, and the auto magic kicks in, the fastforce magic is there also, and faster, so I use it.

abbreviation k4g :: "kT set" where
  "k4g == {k1, ka}"

theorem
  "(x \<in> k4g & y \<in> k4g & z \<in> k4g) --> (x ** y) ** z = x ** (y ** z)"
  by(fastforce)(*155ms*)

The magic makes me happy, and I'm then motivated to try and get it done with function and pattern matching. Because of the recent SO answer on coercive subtyping, linked to above, I figure out how to fix the domain with typedef. I don't thinks it's the perfect solution, but I definitely learned something.

typedef kTD = "{x::kT. x = k1 | x = ka}"
  by(auto)
declare [[coercion_enabled]]
declare [[coercion Abs_kTD]]

function k4f :: "kTD => kTD => kT" (infixl "***" 70) where
  "k4f k1 k1 = k1"
| "k4f k1 ka = ka"
| "k4f ka k1 = ka"
| "k4f ka ka = k1"
by((auto),(*391ms*)
  (atomize_elim),
  (metis (lifting, full_types) Abs_kTD_cases mem_Collect_eq),
  (metis (lifting, full_types) Rep_kTD_cases Rep_kTD_inverse mem_Collect_eq),
  (metis (lifting, full_types) Rep_kTD_cases Rep_kTD_inverse mem_Collect_eq),
  (metis (lifting, full_types) Rep_kTD_cases Rep_kTD_inverse mem_Collect_eq),
  (metis (lifting, full_types) Rep_kTD_cases Rep_kTD_inverse mem_Collect_eq))
termination
by(metis "termination" wf_measure)

theorem
  "(x *** y) *** z = x *** (y *** z)"
by(smt
  Abs_kTD_cases
  k4f.simps(1)
  k4f.simps(2)
  k4f.simps(3)
  k4f.simps(4)
  mem_Collect_eq)(*317ms*)