# Re: [isabelle] Nat theory proofs

```Hi Tim,

```
Your confusion is probably caused by a misunderstanding about how subtraction is defined on type nat. If you subtract a larger number from a smaller, the result is defined to be zero. For example, at type nat, 3 - 5 = 0.
```
In your example, with a = 3 and b = 2, the left hand side evaluates to
```
a * a - (2 * b * a - b * b) = 3 * 3 - (2 * 2 * 3 - 2 * 2) = 9 - (12 - 4) = 9 - 8 = 1
```
while the right hand side evaluates to
```
(a * a - 2 * a * b) + b * b = (3 * 3 - 2 * 3 * 2) + 2 * 2 = (9 - 12) + 4 = 0 + 4 = 4
```
So this is indeed a counterexample.

```
You might be able to prove your lemma if you add more side conditions to ensure that a * a is always greater than or equal to 2 * a * b, so the subtraction won't underflow to zero. I think that a <= 2 * b would probably work.
```
Hope this helps,

- Brian

Quoting TIMOTHY KREMANN <twksoa262 at verizon.net>:

```
```I am trying to prove:

lemma nataba: "\<forall> a b. (b::nat) < a --> a * a - (2 * b * a - b * b) =
a * a - 2 * a * b + b * b"

But Isabelle returns this text when I enter the above:

proof (prove): step 0

goal (1 subgoal):
1.  \<forall> a b.
b < a -->
a * a - (2 * b * a - b * b) =
a * a - 2 * a * b + b * b

Counterexample found:

a = Suc (Suc (Suc 0))
b = Suc (Suc 0)

Can someone explain to me how 1 = 1 is a counterexample?

Thanks,
Tim

```
```

```

This archive was generated by a fusion of Pipermail (Mailman edition) and MHonArc.