support for 'chapter' specifications within session ROOT;
1 
chapter ZF 
2 

3 
session ZF (main timing) = Pure + 
4 
description {* 
5 
Author: Lawrence C Paulson, Cambridge University Computer Laboratory 
6 
Copyright 1995 University of Cambridge 
7 

8 
ZermeloFraenkel Set Theory. This theory is the work of Martin Coen, 
9 
Philippe Noel and Lawrence Paulson. 
10 

11 
Isabelle/ZF formalizes the greater part of elementary set theory, including 
12 
relations, functions, injections, surjections, ordinals and cardinals. 
13 
Results proved include Cantor's Theorem, the Recursion Theorem, the 
14 
SchroederBernstein Theorem, and (assuming AC) the Wellordering Theorem. 
15 

16 
Isabelle/ZF also provides theories of lists, trees, etc., for formalizing 
17 
computational notions. It supports inductive definitions of 
18 
infinitebranching trees for any cardinality of branching. 
19 

20 

21 
Useful references for Isabelle/ZF: 
22 

23 
Lawrence C. Paulson, Set theory for verification: I. From foundations to 
24 
functions. J. Automated Reasoning 11 (1993), 353389. 
25 

51403
26 
Lawrence C. Paulson, Set theory for verification: II. Induction and 
27 
recursion. Report 312, Computer Lab (1993). 
28 

29 
Lawrence C. Paulson, A fixedpoint approach to implementing (co)inductive 
30 
definitions. In: A. Bundy (editor), CADE12: 12th International 
31 
Conference on Automated Deduction, (Springer LNAI 814, 1994), 148161. 
32 

33 

34 
Useful references on ZF set theory: 
35 

36 
Paul R. Halmos, Naive Set Theory (Van Nostrand, 1960) 
37 

38 
Patrick Suppes, Axiomatic Set Theory (Dover, 1972) 
39 

40 
Keith J. Devlin, Fundamentals of Contemporary Set Theory (Springer, 1979) 
41 

42 
Kenneth Kunen, Set Theory: An Introduction to Independence Proofs, 
43 
(NorthHolland, 1980) 
44 
*} 
66444  45 
sessions 
46 
FOL 

47 
theories 
65527  48 
ZF (global) 
49 
ZFC (global) 

50 
document_files "root.tex" 
51 

52 
session "ZFAC" in AC = ZF + 
53 
description {* 
54 
Author: Lawrence C Paulson, Cambridge University Computer Laboratory 
55 
Copyright 1995 University of Cambridge 
56 

57 
Proofs of ACequivalences, due to Krzysztof Grabczewski. 
58 

59 
See also the book "Equivalents of the Axiom of Choice, II" by H. Rubin and 
60 
J.E. Rubin, 1985. 
61 

62 
The report 
63 
http://www.cl.cam.ac.uk/Research/Reports/TR377lcpmechanisingsettheory.ps.gz 
64 
"Mechanizing Set Theory", by Paulson and Grabczewski, describes both this 
65 
development and ZF's theories of cardinals. 
66 
*} 
67 
theories 
68 
WO6_WO1 
69 
WO1_WO7 
70 
AC7_AC9 
71 
WO1_AC 
72 
AC15_WO6 
73 
WO2_AC16 
74 
AC16_WO4 
75 
AC17_AC1 
76 
AC18_AC19 
77 
DC 
78 
document_files "root.tex" "root.bib" 
79 

80 
session "ZFCoind" in Coind = ZF + 
81 
description {* 
82 
Author: Jacob Frost, Cambridge University Computer Laboratory 
83 
Copyright 1995 University of Cambridge 
84 

85 
Coind  A Coinduction Example. 
86 

87 
It involves proving the consistency of the dynamic and static semantics for 
88 
a small functional language. A codatatype definition specifies values and 
89 
value environments in mutual recursion: nonwellfounded values represent 
90 
recursive functions; value environments are variant functions from 
91 
variables into values. 
92 

93 
Based upon the article 
94 
Robin Milner and Mads Tofte, 
95 
Coinduction in Relational Semantics, 
96 
Theoretical Computer Science 87 (1991), pages 209220. 
97 

98 
Written up as 
99 
Jacob Frost, A Case Study of Co_induction in Isabelle 
100 
Report, Computer Lab, University of Cambridge (1995). 
101 
http://www.cl.cam.ac.uk/Research/Reports/TR359jf10008coinductioninisabelle.dvi.gz 
102 
*} 
103 
options [document = false] 
104 
theories ECR 
105 

106 
session "ZFConstructible" in Constructible = ZF + 
107 
description {* 
108 
Relative Consistency of the Axiom of Choice: 
109 
Inner Models, Absoluteness and Consistency Proofs. 
110 

111 
GÃ¶del's proof of the relative consistency of the axiom of choice is 
112 
mechanized using Isabelle/ZF. The proof builds upon a previous 
113 
mechanization of the reflection theorem (see 
114 
http://www.cl.cam.ac.uk/users/lcp/papers/Sets/reflection.pdf). The heavy 
115 
reliance on metatheory in the original proof makes the formalization 
116 
unusually long, and not entirely satisfactory: two parts of the proof do 
117 
not fit together. It seems impossible to solve these problems without 
118 
formalizing the metatheory. However, the present development follows a 
119 
standard textbook, Kunen's Set Theory, and could support the formalization 
120 
of further material from that book. It also serves as an example of what to 
121 
expect when deep mathematics is formalized. 
122 

123 
A paper describing this development is 
124 
http://www.cl.cam.ac.uk/TechReports/UCAMCLTR551.pdf 
125 
*} 
59446  126 
theories 
127 
DPow_absolute 

128 
AC_in_L 

129 
Rank_Separation 

130 
document_files "root.tex" "root.bib" 
131 

132 
session "ZFIMP" in IMP = ZF + 
133 
description {* 
134 
Author: Heiko Loetzbeyer & Robert Sandner, TUM 
135 
Copyright 1994 TUM 
136 

137 
Formalization of the denotational and operational semantics of a 
138 
simple whilelanguage, including an equivalence proof. 
139 

140 
The whole development essentially formalizes/transcribes 
141 
chapters 2 and 5 of 
142 

143 
Glynn Winskel. The Formal Semantics of Programming Languages. 
144 
MIT Press, 1993. 
145 
*} 
146 
theories Equiv 
66750  147 
document_files 
148 
"root.tex" 

149 
"root.bib" 

150 

151 
session "ZFInduct" in Induct = ZF + 
152 
description {* 
153 
Author: Lawrence C Paulson, Cambridge University Computer Laboratory 
154 
Copyright 2001 University of Cambridge 
155 

156 
Inductive definitions. 
157 
*} 
158 
theories 
159 
(** Datatypes **) 
160 
Datatypes (*sample datatypes*) 
161 
Binary_Trees (*binary trees*) 
162 
Term (*recursion over the list functor*) 
163 
Ntree (*variablebranching trees; function demo*) 
164 
Tree_Forest (*mutual recursion*) 
165 
Brouwer (*Infinitebranching trees*) 
166 
Mutil (*mutilated chess board*) 
167 

168 
(*by Sidi Ehmety: Multisets. A parent is FoldSet, the "fold" function for 
169 
finite sets*) 
170 
Multiset 
171 
Rmap (*mapping a relation over a list*) 
172 
PropLog (*completeness of propositional logic*) 
173 

174 
(*two Coq examples by Christine PaulinMohring*) 
175 
ListN 
176 
Acc 
177 

178 
Comb (*Combinatory Logic example*) 
179 
Primrec (*Primitive recursive functions*) 
183 

184 
session "ZFResid" in Resid = ZF + 
185 
description {* 
186 
Author: Lawrence C Paulson, Cambridge University Computer Laboratory 
187 
Copyright 1995 University of Cambridge 
188 

189 
Residuals  a proof of the ChurchRosser Theorem for the 
190 
untyped lambdacalculus. 
191 

192 
By Ole Rasmussen, following the Coq proof given in 
193 

194 
Gerard Huet. Residual Theory in LambdaCalculus: A Formal Development. 
195 
J. Functional Programming 4(3) 1994, 371394. 
196 

197 
See Rasmussen's report: The ChurchRosser Theorem in Isabelle: A Proof 
198 
Porting Experiment. 
199 
http://www.cl.cam.ac.uk/ftp/papers/reports/TR364or200churchrosserisabelle.ps.gz 
200 
*} 
201 
options [document = false] 
202 
theories Confluence 
203 

204 
session "ZFUNITY" (timing) in UNITY = "ZFInduct" + 
205 
description {* 
206 
Author: Lawrence C Paulson, Cambridge University Computer Laboratory 
207 
Copyright 1998 University of Cambridge 
208 

209 
ZF/UNITY proofs. 
210 
*} 
211 
options [document = false] 
212 
theories 
213 
(*Simple examples: no composition*) 
214 
Mutex 
215 

216 
(*Basic metatheory*) 
217 
Guar 
218 

219 
(*Prefix relation; the Allocator example*) 
220 
Distributor Merge ClientImpl AllocImpl 
221 

222 
session "ZFex" in ex = ZF + 
223 
description {* 
224 
Author: Lawrence C Paulson, Cambridge University Computer Laboratory 
225 
Copyright 1993 University of Cambridge 
226 

227 
Miscellaneous examples for ZermeloFraenkel Set Theory. 
228 

229 
Includes a simple form of Ramsey's theorem. A report is available: 
230 
http://www.cl.cam.ac.uk/Research/Reports/TR271lcpsettheory.dvi.Z 
231 

232 
Several (co)inductive and (co)datatype definitions are presented. The 
233 
report http://www.cl.cam.ac.uk/Research/Reports/TR312lcpsetII.ps.gz 
234 
describes the theoretical foundations of datatypes while 
235 
href="http://www.cl.cam.ac.uk/Research/Reports/TR320lcpisabelleinddefs.dvi.gz 
236 
describes the package that automates their declaration. 
237 
*} 
238 
options [document = false] 
239 
theories 
240 
misc 
241 
Ring (*abstract algebra*) 
242 
Commutation (*abstract ChurchRosser theory*) 
243 
Primes (*GCD theory*) 
244 
NatSum (*Summing integers, squares, cubes, etc.*) 
245 
Ramsey (*Simple form of Ramsey's theorem*) 
246 
Limit (*Inverse limit construction of domains*) 
247 
BinEx (*Binary integer arithmetic*) 
248 
LList CoUnit (*CoDatatypes*) 