Re: [isabelle] Nat theory proofs



Hi Tim,

Your confusion is probably caused by a misunderstanding about how subtraction is defined on type nat. If you subtract a larger number from a smaller, the result is defined to be zero. For example, at type nat, 3 - 5 = 0.

In your example, with a = 3 and b = 2, the left hand side evaluates to
a * a - (2 * b * a - b * b) = 3 * 3 - (2 * 2 * 3 - 2 * 2) = 9 - (12 - 4) = 9 - 8 = 1

while the right hand side evaluates to
(a * a - 2 * a * b) + b * b = (3 * 3 - 2 * 3 * 2) + 2 * 2 = (9 - 12) + 4 = 0 + 4 = 4

So this is indeed a counterexample.

You might be able to prove your lemma if you add more side conditions to ensure that a * a is always greater than or equal to 2 * a * b, so the subtraction won't underflow to zero. I think that a <= 2 * b would probably work.

Hope this helps,

- Brian

Quoting TIMOTHY KREMANN <twksoa262 at verizon.net>:

I am trying to prove:

lemma nataba: "\<forall> a b. (b::nat) < a --> a * a - (2 * b * a - b * b) =
                              a * a - 2 * a * b + b * b"

But Isabelle returns this text when I enter the above:



proof (prove): step 0

goal (1 subgoal):
 1.  \<forall> a b.
       b < a -->
       a * a - (2 * b * a - b * b) =
       a * a - 2 * a * b + b * b

Counterexample found:

a = Suc (Suc (Suc 0))
b = Suc (Suc 0)

Can someone explain to me how 1 = 1 is a counterexample?

Thanks,
Tim










This archive was generated by a fusion of Pipermail (Mailman edition) and MHonArc.