Tutorial on Isabelle/HOL

2.8 The Definitional Approach 252.7.2 Constant DefinitionsNonrecursive definitions can be made with the definition command, forexample nand and xor gates (based on type gate above):definition nand :: gate where "nand A B ≡ ¬(A ∧ B)"definition xor :: gate where "xor A B ≡ A ∧ ¬B ∨ ¬A ∧ B"The symbol ≡ is a special form of equality that must be used in constantdefinitions. Pattern-matching is not allowed: each definition must be of theform f x 1 . . . x n ≡ t. Section 3.1.6 explains how definitions are used in proofs.The default name of each definition is f _def, where f is the name of thedefined constant.!!A common mistake when writing definitions is to introduce extra free variableson the right-hand side. Consider the following, flawed definition (where dvdmeans “divides”):"prime p ≡ 1 < p ∧ (m dvd p −→ m = 1 ∨ m = p)"Isabelle rejects this “definition” because of the extra m on the right-hand side, whichwould introduce an inconsistency (why?). The correct version is"prime p ≡ 1 < p ∧ (∀ m. m dvd p −→ m = 1 ∨ m = p)"2.8 The Definitional ApproachAs we pointed out at the beginning of the chapter, asserting arbitrary axiomssuch as f (n) = f (n) + 1 can easily lead to contradictions. In order toavoid this danger, we advocate the definitional rather than the axiomatic approach:introduce new concepts by definitions. However, Isabelle/HOL seemsto support many richer definitional constructs, such as primrec. The pointis that Isabelle reduces such constructs to first principles. For example, eachprimrec function definition is turned into a proper (nonrecursive!) definitionfrom which the user-supplied recursion equations are automatically proved.This process is hidden from the user, who does not have to understand thedetails. Other commands described later, like fun and inductive, work similarly.This strict adherence to the definitional approach reduces the risk ofsoundness errors.