doc-src/ZF/ZF.tex
author blanchet
Wed, 16 Nov 2011 17:06:14 +0100
changeset 45521 0cd6e59bd0b5
parent 42637 381fdcab0f36
permissions -rw-r--r--
give each time slice its own lambda translation
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
     1
\chapter{Zermelo-Fraenkel Set Theory}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
     2
\index{set theory|(}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
     3
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
     4
The theory~\thydx{ZF} implements Zermelo-Fraenkel set
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
     5
theory~\cite{halmos60,suppes72} as an extension of~\texttt{FOL}, classical
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
     6
first-order logic.  The theory includes a collection of derived natural
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
     7
deduction rules, for use with Isabelle's classical reasoner.  Some
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
     8
of it is based on the work of No\"el~\cite{noel}.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
     9
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    10
A tremendous amount of set theory has been formally developed, including the
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    11
basic properties of relations, functions, ordinals and cardinals.  Significant
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    12
results have been proved, such as the Schr\"oder-Bernstein Theorem, the
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    13
Wellordering Theorem and a version of Ramsey's Theorem.  \texttt{ZF} provides
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    14
both the integers and the natural numbers.  General methods have been
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    15
developed for solving recursion equations over monotonic functors; these have
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    16
been applied to yield constructions of lists, trees, infinite lists, etc.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    17
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    18
\texttt{ZF} has a flexible package for handling inductive definitions,
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    19
such as inference systems, and datatype definitions, such as lists and
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    20
trees.  Moreover it handles coinductive definitions, such as
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    21
bisimulation relations, and codatatype definitions, such as streams.  It
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    22
provides a streamlined syntax for defining primitive recursive functions over
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    23
datatypes. 
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    24
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    25
Published articles~\cite{paulson-set-I,paulson-set-II} describe \texttt{ZF}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    26
less formally than this chapter.  Isabelle employs a novel treatment of
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    27
non-well-founded data structures within the standard {\sc zf} axioms including
6592
c120262044b6 Now uses manual.bib; some references updated
paulson
parents: 6173
diff changeset
    28
the Axiom of Foundation~\cite{paulson-mscs}.
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    29
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    30
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    31
\section{Which version of axiomatic set theory?}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    32
The two main axiom systems for set theory are Bernays-G\"odel~({\sc bg})
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    33
and Zermelo-Fraenkel~({\sc zf}).  Resolution theorem provers can use {\sc
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    34
  bg} because it is finite~\cite{boyer86,quaife92}.  {\sc zf} does not
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    35
have a finite axiom system because of its Axiom Scheme of Replacement.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    36
This makes it awkward to use with many theorem provers, since instances
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    37
of the axiom scheme have to be invoked explicitly.  Since Isabelle has no
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    38
difficulty with axiom schemes, we may adopt either axiom system.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    39
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    40
These two theories differ in their treatment of {\bf classes}, which are
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    41
collections that are `too big' to be sets.  The class of all sets,~$V$,
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    42
cannot be a set without admitting Russell's Paradox.  In {\sc bg}, both
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    43
classes and sets are individuals; $x\in V$ expresses that $x$ is a set.  In
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    44
{\sc zf}, all variables denote sets; classes are identified with unary
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    45
predicates.  The two systems define essentially the same sets and classes,
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    46
with similar properties.  In particular, a class cannot belong to another
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    47
class (let alone a set).
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    48
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    49
Modern set theorists tend to prefer {\sc zf} because they are mainly concerned
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    50
with sets, rather than classes.  {\sc bg} requires tiresome proofs that various
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    51
collections are sets; for instance, showing $x\in\{x\}$ requires showing that
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    52
$x$ is a set.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    53
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    54
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    55
\begin{figure} \small
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    56
\begin{center}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    57
\begin{tabular}{rrr} 
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    58
  \it name      &\it meta-type  & \it description \\ 
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    59
  \cdx{Let}     & $[\alpha,\alpha\To\beta]\To\beta$ & let binder\\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    60
  \cdx{0}       & $i$           & empty set\\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    61
  \cdx{cons}    & $[i,i]\To i$  & finite set constructor\\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    62
  \cdx{Upair}   & $[i,i]\To i$  & unordered pairing\\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    63
  \cdx{Pair}    & $[i,i]\To i$  & ordered pairing\\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    64
  \cdx{Inf}     & $i$   & infinite set\\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    65
  \cdx{Pow}     & $i\To i$      & powerset\\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    66
  \cdx{Union} \cdx{Inter} & $i\To i$    & set union/intersection \\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    67
  \cdx{split}   & $[[i,i]\To i, i] \To i$ & generalized projection\\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    68
  \cdx{fst} \cdx{snd}   & $i\To i$      & projections\\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    69
  \cdx{converse}& $i\To i$      & converse of a relation\\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    70
  \cdx{succ}    & $i\To i$      & successor\\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    71
  \cdx{Collect} & $[i,i\To o]\To i$     & separation\\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    72
  \cdx{Replace} & $[i, [i,i]\To o] \To i$       & replacement\\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    73
  \cdx{PrimReplace} & $[i, [i,i]\To o] \To i$   & primitive replacement\\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    74
  \cdx{RepFun}  & $[i, i\To i] \To i$   & functional replacement\\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    75
  \cdx{Pi} \cdx{Sigma}  & $[i,i\To i]\To i$     & general product/sum\\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    76
  \cdx{domain}  & $i\To i$      & domain of a relation\\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    77
  \cdx{range}   & $i\To i$      & range of a relation\\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    78
  \cdx{field}   & $i\To i$      & field of a relation\\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    79
  \cdx{Lambda}  & $[i, i\To i]\To i$    & $\lambda$-abstraction\\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    80
  \cdx{restrict}& $[i, i] \To i$        & restriction of a function\\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    81
  \cdx{The}     & $[i\To o]\To i$       & definite description\\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    82
  \cdx{if}      & $[o,i,i]\To i$        & conditional\\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    83
  \cdx{Ball} \cdx{Bex}  & $[i, i\To o]\To o$    & bounded quantifiers
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    84
\end{tabular}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    85
\end{center}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    86
\subcaption{Constants}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    87
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    88
\begin{center}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    89
\index{*"`"` symbol}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    90
\index{*"-"`"` symbol}
9836
56b632fd1dcd simplified two index entries, since now ZF is by itself
paulson
parents: 9695
diff changeset
    91
\index{*"` symbol}\index{function applications}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    92
\index{*"- symbol}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    93
\index{*": symbol}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    94
\index{*"<"= symbol}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    95
\begin{tabular}{rrrr} 
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    96
  \it symbol  & \it meta-type & \it priority & \it description \\ 
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    97
  \tt ``        & $[i,i]\To i$  &  Left 90      & image \\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    98
  \tt -``       & $[i,i]\To i$  &  Left 90      & inverse image \\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
    99
  \tt `         & $[i,i]\To i$  &  Left 90      & application \\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   100
  \sdx{Int}     & $[i,i]\To i$  &  Left 70      & intersection ($\int$) \\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   101
  \sdx{Un}      & $[i,i]\To i$  &  Left 65      & union ($\un$) \\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   102
  \tt -         & $[i,i]\To i$  &  Left 65      & set difference ($-$) \\[1ex]
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   103
  \tt:          & $[i,i]\To o$  &  Left 50      & membership ($\in$) \\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   104
  \tt <=        & $[i,i]\To o$  &  Left 50      & subset ($\subseteq$) 
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   105
\end{tabular}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   106
\end{center}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   107
\subcaption{Infixes}
9695
ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty;
wenzelm
parents: 9584
diff changeset
   108
\caption{Constants of ZF} \label{zf-constants}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   109
\end{figure} 
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   110
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   111
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   112
\section{The syntax of set theory}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   113
The language of set theory, as studied by logicians, has no constants.  The
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   114
traditional axioms merely assert the existence of empty sets, unions,
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   115
powersets, etc.; this would be intolerable for practical reasoning.  The
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   116
Isabelle theory declares constants for primitive sets.  It also extends
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   117
\texttt{FOL} with additional syntax for finite sets, ordered pairs,
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   118
comprehension, general union/intersection, general sums/products, and
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   119
bounded quantifiers.  In most other respects, Isabelle implements precisely
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   120
Zermelo-Fraenkel set theory.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   121
9695
ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty;
wenzelm
parents: 9584
diff changeset
   122
Figure~\ref{zf-constants} lists the constants and infixes of~ZF, while
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   123
Figure~\ref{zf-trans} presents the syntax translations.  Finally,
9695
ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty;
wenzelm
parents: 9584
diff changeset
   124
Figure~\ref{zf-syntax} presents the full grammar for set theory, including the
ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty;
wenzelm
parents: 9584
diff changeset
   125
constructs of FOL.
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   126
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   127
Local abbreviations can be introduced by a \isa{let} construct whose
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   128
syntax appears in Fig.\ts\ref{zf-syntax}.  Internally it is translated into
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   129
the constant~\cdx{Let}.  It can be expanded by rewriting with its
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   130
definition, \tdx{Let_def}.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   131
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   132
Apart from \isa{let}, set theory does not use polymorphism.  All terms in
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   133
ZF have type~\tydx{i}, which is the type of individuals and has
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   134
class~\cldx{term}.  The type of first-order formulae, remember, 
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   135
is~\tydx{o}.
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   136
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   137
Infix operators include binary union and intersection ($A\un B$ and
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   138
$A\int B$), set difference ($A-B$), and the subset and membership
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   139
relations.  Note that $a$\verb|~:|$b$ is translated to $\lnot(a\in b)$,
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   140
which is equivalent to  $a\notin b$.  The
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   141
union and intersection operators ($\bigcup A$ and $\bigcap A$) form the
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   142
union or intersection of a set of sets; $\bigcup A$ means the same as
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   143
$\bigcup@{x\in A}x$.  Of these operators, only $\bigcup A$ is primitive.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   144
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   145
The constant \cdx{Upair} constructs unordered pairs; thus \isa{Upair($A$,$B$)} denotes the set~$\{A,B\}$ and
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   146
\isa{Upair($A$,$A$)} denotes the singleton~$\{A\}$.  General union is
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   147
used to define binary union.  The Isabelle version goes on to define
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   148
the constant
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   149
\cdx{cons}:
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   150
\begin{eqnarray*}
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   151
   A\cup B              & \equiv &       \bigcup(\isa{Upair}(A,B)) \\
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   152
   \isa{cons}(a,B)      & \equiv &        \isa{Upair}(a,a) \un B
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   153
\end{eqnarray*}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   154
The $\{a@1, \ldots\}$ notation abbreviates finite sets constructed in the
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   155
obvious manner using~\isa{cons} and~$\emptyset$ (the empty set) \isasymin \begin{eqnarray*}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   156
 \{a,b,c\} & \equiv & \isa{cons}(a,\isa{cons}(b,\isa{cons}(c,\emptyset)))
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   157
\end{eqnarray*}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   158
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   159
The constant \cdx{Pair} constructs ordered pairs, as in \isa{Pair($a$,$b$)}.  Ordered pairs may also be written within angle brackets,
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   160
as {\tt<$a$,$b$>}.  The $n$-tuple {\tt<$a@1$,\ldots,$a@{n-1}$,$a@n$>}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   161
abbreviates the nest of pairs\par\nobreak
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   162
\centerline{\isa{Pair($a@1$,\ldots,Pair($a@{n-1}$,$a@n$)\ldots).}}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   163
9695
ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty;
wenzelm
parents: 9584
diff changeset
   164
In ZF, a function is a set of pairs.  A ZF function~$f$ is simply an
ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty;
wenzelm
parents: 9584
diff changeset
   165
individual as far as Isabelle is concerned: its Isabelle type is~$i$, not say
ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty;
wenzelm
parents: 9584
diff changeset
   166
$i\To i$.  The infix operator~{\tt`} denotes the application of a function set
ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty;
wenzelm
parents: 9584
diff changeset
   167
to its argument; we must write~$f{\tt`}x$, not~$f(x)$.  The syntax for image
ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty;
wenzelm
parents: 9584
diff changeset
   168
is~$f{\tt``}A$ and that for inverse image is~$f{\tt-``}A$.
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   169
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   170
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   171
\begin{figure} 
9836
56b632fd1dcd simplified two index entries, since now ZF is by itself
paulson
parents: 9695
diff changeset
   172
\index{lambda abs@$\lambda$-abstractions}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   173
\index{*"-"> symbol}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   174
\index{*"* symbol}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   175
\begin{center} \footnotesize\tt\frenchspacing
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   176
\begin{tabular}{rrr} 
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   177
  \it external          & \it internal  & \it description \\ 
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   178
  $a$ \ttilde: $b$      & \ttilde($a$ : $b$)    & \rm negated membership\\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   179
  \ttlbrace$a@1$, $\ldots$, $a@n$\ttrbrace  &  cons($a@1$,$\ldots$,cons($a@n$,0)) &
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   180
        \rm finite set \\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   181
  <$a@1$, $\ldots$, $a@{n-1}$, $a@n$> & 
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   182
        Pair($a@1$,\ldots,Pair($a@{n-1}$,$a@n$)\ldots) &
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   183
        \rm ordered $n$-tuple \\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   184
  \ttlbrace$x$:$A . P[x]$\ttrbrace    &  Collect($A$,$\lambda x. P[x]$) &
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   185
        \rm separation \\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   186
  \ttlbrace$y . x$:$A$, $Q[x,y]$\ttrbrace  &  Replace($A$,$\lambda x\,y. Q[x,y]$) &
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   187
        \rm replacement \\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   188
  \ttlbrace$b[x] . x$:$A$\ttrbrace  &  RepFun($A$,$\lambda x. b[x]$) &
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   189
        \rm functional replacement \\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   190
  \sdx{INT} $x$:$A . B[x]$      & Inter(\ttlbrace$B[x] . x$:$A$\ttrbrace) &
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   191
        \rm general intersection \\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   192
  \sdx{UN}  $x$:$A . B[x]$      & Union(\ttlbrace$B[x] . x$:$A$\ttrbrace) &
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   193
        \rm general union \\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   194
  \sdx{PROD} $x$:$A . B[x]$     & Pi($A$,$\lambda x. B[x]$) & 
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   195
        \rm general product \\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   196
  \sdx{SUM}  $x$:$A . B[x]$     & Sigma($A$,$\lambda x. B[x]$) & 
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   197
        \rm general sum \\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   198
  $A$ -> $B$            & Pi($A$,$\lambda x. B$) & 
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   199
        \rm function space \\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   200
  $A$ * $B$             & Sigma($A$,$\lambda x. B$) & 
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   201
        \rm binary product \\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   202
  \sdx{THE}  $x . P[x]$ & The($\lambda x. P[x]$) & 
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   203
        \rm definite description \\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   204
  \sdx{lam}  $x$:$A . b[x]$     & Lambda($A$,$\lambda x. b[x]$) & 
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   205
        \rm $\lambda$-abstraction\\[1ex]
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   206
  \sdx{ALL} $x$:$A . P[x]$      & Ball($A$,$\lambda x. P[x]$) & 
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   207
        \rm bounded $\forall$ \\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   208
  \sdx{EX}  $x$:$A . P[x]$      & Bex($A$,$\lambda x. P[x]$) & 
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   209
        \rm bounded $\exists$
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   210
\end{tabular}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   211
\end{center}
9695
ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty;
wenzelm
parents: 9584
diff changeset
   212
\caption{Translations for ZF} \label{zf-trans}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   213
\end{figure} 
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   214
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   215
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   216
\begin{figure} 
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   217
\index{*let symbol}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   218
\index{*in symbol}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   219
\dquotes
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   220
\[\begin{array}{rcl}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   221
    term & = & \hbox{expression of type~$i$} \\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   222
         & | & "let"~id~"="~term";"\dots";"~id~"="~term~"in"~term \\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   223
         & | & "if"~term~"then"~term~"else"~term \\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   224
         & | & "{\ttlbrace} " term\; ("," term)^* " {\ttrbrace}" \\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   225
         & | & "< "  term\; ("," term)^* " >"  \\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   226
         & | & "{\ttlbrace} " id ":" term " . " formula " {\ttrbrace}" \\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   227
         & | & "{\ttlbrace} " id " . " id ":" term ", " formula " {\ttrbrace}" \\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   228
         & | & "{\ttlbrace} " term " . " id ":" term " {\ttrbrace}" \\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   229
         & | & term " `` " term \\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   230
         & | & term " -`` " term \\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   231
         & | & term " ` " term \\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   232
         & | & term " * " term \\
14158
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
   233
         & | & term " \isasyminter " term \\
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   234
         & | & term " \isasymunion " term \\
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   235
         & | & term " - " term \\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   236
         & | & term " -> " term \\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   237
         & | & "THE~~"  id  " . " formula\\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   238
         & | & "lam~~"  id ":" term " . " term \\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   239
         & | & "INT~~"  id ":" term " . " term \\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   240
         & | & "UN~~~"  id ":" term " . " term \\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   241
         & | & "PROD~"  id ":" term " . " term \\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   242
         & | & "SUM~~"  id ":" term " . " term \\[2ex]
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   243
 formula & = & \hbox{expression of type~$o$} \\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   244
         & | & term " : " term \\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   245
         & | & term " \ttilde: " term \\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   246
         & | & term " <= " term \\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   247
         & | & term " = " term \\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   248
         & | & term " \ttilde= " term \\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   249
         & | & "\ttilde\ " formula \\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   250
         & | & formula " \& " formula \\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   251
         & | & formula " | " formula \\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   252
         & | & formula " --> " formula \\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   253
         & | & formula " <-> " formula \\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   254
         & | & "ALL " id ":" term " . " formula \\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   255
         & | & "EX~~" id ":" term " . " formula \\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   256
         & | & "ALL~" id~id^* " . " formula \\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   257
         & | & "EX~~" id~id^* " . " formula \\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   258
         & | & "EX!~" id~id^* " . " formula
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   259
  \end{array}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   260
\]
9695
ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty;
wenzelm
parents: 9584
diff changeset
   261
\caption{Full grammar for ZF} \label{zf-syntax}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   262
\end{figure} 
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   263
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   264
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   265
\section{Binding operators}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   266
The constant \cdx{Collect} constructs sets by the principle of {\bf
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   267
  separation}.  The syntax for separation is
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   268
\hbox{\tt\ttlbrace$x$:$A$.\ $P[x]$\ttrbrace}, where $P[x]$ is a formula
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   269
that may contain free occurrences of~$x$.  It abbreviates the set \isa{Collect($A$,$\lambda x. P[x]$)}, which consists of all $x\in A$ that
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   270
satisfy~$P[x]$.  Note that \isa{Collect} is an unfortunate choice of
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   271
name: some set theories adopt a set-formation principle, related to
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   272
replacement, called collection.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   273
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   274
The constant \cdx{Replace} constructs sets by the principle of {\bf
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   275
  replacement}.  The syntax
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   276
\hbox{\tt\ttlbrace$y$.\ $x$:$A$,$Q[x,y]$\ttrbrace} denotes the set 
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   277
\isa{Replace($A$,$\lambda x\,y. Q[x,y]$)}, which consists of all~$y$ such
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   278
that there exists $x\in A$ satisfying~$Q[x,y]$.  The Replacement Axiom
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   279
has the condition that $Q$ must be single-valued over~$A$: for
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   280
all~$x\in A$ there exists at most one $y$ satisfying~$Q[x,y]$.  A
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   281
single-valued binary predicate is also called a {\bf class function}.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   282
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   283
The constant \cdx{RepFun} expresses a special case of replacement,
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   284
where $Q[x,y]$ has the form $y=b[x]$.  Such a $Q$ is trivially
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   285
single-valued, since it is just the graph of the meta-level
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   286
function~$\lambda x. b[x]$.  The resulting set consists of all $b[x]$
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   287
for~$x\in A$.  This is analogous to the \ML{} functional \isa{map},
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   288
since it applies a function to every element of a set.  The syntax is
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   289
\isa{\ttlbrace$b[x]$.\ $x$:$A$\ttrbrace}, which expands to 
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   290
\isa{RepFun($A$,$\lambda x. b[x]$)}.
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   291
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   292
\index{*INT symbol}\index{*UN symbol} 
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   293
General unions and intersections of indexed
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   294
families of sets, namely $\bigcup@{x\in A}B[x]$ and $\bigcap@{x\in A}B[x]$,
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   295
are written \isa{UN $x$:$A$.\ $B[x]$} and \isa{INT $x$:$A$.\ $B[x]$}.
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   296
Their meaning is expressed using \isa{RepFun} as
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   297
\[
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   298
\bigcup(\{B[x]. x\in A\}) \qquad\hbox{and}\qquad 
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   299
\bigcap(\{B[x]. x\in A\}). 
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   300
\]
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   301
General sums $\sum@{x\in A}B[x]$ and products $\prod@{x\in A}B[x]$ can be
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   302
constructed in set theory, where $B[x]$ is a family of sets over~$A$.  They
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   303
have as special cases $A\times B$ and $A\to B$, where $B$ is simply a set.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   304
This is similar to the situation in Constructive Type Theory (set theory
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   305
has `dependent sets') and calls for similar syntactic conventions.  The
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   306
constants~\cdx{Sigma} and~\cdx{Pi} construct general sums and
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   307
products.  Instead of \isa{Sigma($A$,$B$)} and \isa{Pi($A$,$B$)} we may
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   308
write 
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   309
\isa{SUM $x$:$A$.\ $B[x]$} and \isa{PROD $x$:$A$.\ $B[x]$}.  
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   310
\index{*SUM symbol}\index{*PROD symbol}%
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   311
The special cases as \hbox{\tt$A$*$B$} and \hbox{\tt$A$->$B$} abbreviate
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   312
general sums and products over a constant family.\footnote{Unlike normal
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   313
infix operators, {\tt*} and {\tt->} merely define abbreviations; there are
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   314
no constants~\isa{op~*} and~\isa{op~->}.} Isabelle accepts these
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   315
abbreviations in parsing and uses them whenever possible for printing.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   316
9695
ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty;
wenzelm
parents: 9584
diff changeset
   317
\index{*THE symbol} As mentioned above, whenever the axioms assert the
ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty;
wenzelm
parents: 9584
diff changeset
   318
existence and uniqueness of a set, Isabelle's set theory declares a constant
ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty;
wenzelm
parents: 9584
diff changeset
   319
for that set.  These constants can express the {\bf definite description}
ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty;
wenzelm
parents: 9584
diff changeset
   320
operator~$\iota x. P[x]$, which stands for the unique~$a$ satisfying~$P[a]$,
ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty;
wenzelm
parents: 9584
diff changeset
   321
if such exists.  Since all terms in ZF denote something, a description is
ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty;
wenzelm
parents: 9584
diff changeset
   322
always meaningful, but we do not know its value unless $P[x]$ defines it
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   323
uniquely.  Using the constant~\cdx{The}, we may write descriptions as 
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   324
\isa{The($\lambda x. P[x]$)} or use the syntax \isa{THE $x$.\ $P[x]$}.
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   325
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   326
\index{*lam symbol}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   327
Function sets may be written in $\lambda$-notation; $\lambda x\in A. b[x]$
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   328
stands for the set of all pairs $\pair{x,b[x]}$ for $x\in A$.  In order for
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   329
this to be a set, the function's domain~$A$ must be given.  Using the
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   330
constant~\cdx{Lambda}, we may express function sets as \isa{Lambda($A$,$\lambda x. b[x]$)} or use the syntax \isa{lam $x$:$A$.\ $b[x]$}.
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   331
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   332
Isabelle's set theory defines two {\bf bounded quantifiers}:
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   333
\begin{eqnarray*}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   334
   \forall x\in A. P[x] &\hbox{abbreviates}& \forall x. x\in A\imp P[x] \\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   335
   \exists x\in A. P[x] &\hbox{abbreviates}& \exists x. x\in A\conj P[x]
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   336
\end{eqnarray*}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   337
The constants~\cdx{Ball} and~\cdx{Bex} are defined
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   338
accordingly.  Instead of \isa{Ball($A$,$P$)} and \isa{Bex($A$,$P$)} we may
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   339
write
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   340
\isa{ALL $x$:$A$.\ $P[x]$} and \isa{EX $x$:$A$.\ $P[x]$}.
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   341
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   342
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   343
%%%% ZF.thy
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   344
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   345
\begin{figure}
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   346
\begin{alltt*}\isastyleminor
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   347
\tdx{Let_def}:           Let(s, f) == f(s)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   348
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   349
\tdx{Ball_def}:          Ball(A,P) == {\isasymforall}x. x \isasymin A --> P(x)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   350
\tdx{Bex_def}:           Bex(A,P)  == {\isasymexists}x. x \isasymin A & P(x)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   351
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   352
\tdx{subset_def}:        A \isasymsubseteq B  == {\isasymforall}x \isasymin A. x \isasymin B
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   353
\tdx{extension}:         A = B  <->  A \isasymsubseteq B & B \isasymsubseteq A
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   354
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   355
\tdx{Union_iff}:         A \isasymin Union(C) <-> ({\isasymexists}B \isasymin C. A \isasymin B)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   356
\tdx{Pow_iff}:           A \isasymin Pow(B) <-> A \isasymsubseteq B
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   357
\tdx{foundation}:        A=0 | ({\isasymexists}x \isasymin A. {\isasymforall}y \isasymin x. y \isasymnotin A)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   358
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   359
\tdx{replacement}:       ({\isasymforall}x \isasymin A. {\isasymforall}y z. P(x,y) & P(x,z) --> y=z) ==>
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   360
                   b \isasymin PrimReplace(A,P) <-> ({\isasymexists}x{\isasymin}A. P(x,b))
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   361
\subcaption{The Zermelo-Fraenkel Axioms}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   362
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   363
\tdx{Replace_def}: Replace(A,P) == 
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   364
                   PrimReplace(A, \%x y. (\isasymexists!z. P(x,z)) & P(x,y))
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   365
\tdx{RepFun_def}:  RepFun(A,f)  == {\ttlbrace}y . x \isasymin A, y=f(x)\ttrbrace
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   366
\tdx{the_def}:     The(P)       == Union({\ttlbrace}y . x \isasymin {\ttlbrace}0{\ttrbrace}, P(y){\ttrbrace})
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   367
\tdx{if_def}:      if(P,a,b)    == THE z. P & z=a | ~P & z=b
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   368
\tdx{Collect_def}: Collect(A,P) == {\ttlbrace}y . x \isasymin A, x=y & P(x){\ttrbrace}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   369
\tdx{Upair_def}:   Upair(a,b)   == 
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   370
               {\ttlbrace}y. x\isasymin{}Pow(Pow(0)), x=0 & y=a | x=Pow(0) & y=b{\ttrbrace}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   371
\subcaption{Consequences of replacement}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   372
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   373
\tdx{Inter_def}:   Inter(A) == {\ttlbrace}x \isasymin Union(A) . {\isasymforall}y \isasymin A. x \isasymin y{\ttrbrace}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   374
\tdx{Un_def}:      A \isasymunion B  == Union(Upair(A,B))
14158
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
   375
\tdx{Int_def}:     A \isasyminter B  == Inter(Upair(A,B))
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   376
\tdx{Diff_def}:    A - B    == {\ttlbrace}x \isasymin A . x \isasymnotin B{\ttrbrace}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   377
\subcaption{Union, intersection, difference}
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   378
\end{alltt*}
9695
ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty;
wenzelm
parents: 9584
diff changeset
   379
\caption{Rules and axioms of ZF} \label{zf-rules}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   380
\end{figure}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   381
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   382
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   383
\begin{figure}
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   384
\begin{alltt*}\isastyleminor
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   385
\tdx{cons_def}:    cons(a,A) == Upair(a,a) \isasymunion A
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   386
\tdx{succ_def}:    succ(i) == cons(i,i)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   387
\tdx{infinity}:    0 \isasymin Inf & ({\isasymforall}y \isasymin Inf. succ(y) \isasymin Inf)
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   388
\subcaption{Finite and infinite sets}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   389
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   390
\tdx{Pair_def}:      <a,b>      == {\ttlbrace}{\ttlbrace}a,a{\ttrbrace}, {\ttlbrace}a,b{\ttrbrace}{\ttrbrace}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   391
\tdx{split_def}:     split(c,p) == THE y. {\isasymexists}a b. p=<a,b> & y=c(a,b)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   392
\tdx{fst_def}:       fst(A)     == split(\%x y. x, p)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   393
\tdx{snd_def}:       snd(A)     == split(\%x y. y, p)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   394
\tdx{Sigma_def}:     Sigma(A,B) == {\isasymUnion}x \isasymin A. {\isasymUnion}y \isasymin B(x). {\ttlbrace}<x,y>{\ttrbrace}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   395
\subcaption{Ordered pairs and Cartesian products}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   396
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   397
\tdx{converse_def}: converse(r) == {\ttlbrace}z. w\isasymin{}r, {\isasymexists}x y. w=<x,y> & z=<y,x>{\ttrbrace}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   398
\tdx{domain_def}:   domain(r)   == {\ttlbrace}x. w \isasymin r, {\isasymexists}y. w=<x,y>{\ttrbrace}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   399
\tdx{range_def}:    range(r)    == domain(converse(r))
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   400
\tdx{field_def}:    field(r)    == domain(r) \isasymunion range(r)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   401
\tdx{image_def}:    r `` A      == {\ttlbrace}y\isasymin{}range(r) . {\isasymexists}x \isasymin A. <x,y> \isasymin r{\ttrbrace}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   402
\tdx{vimage_def}:   r -`` A     == converse(r)``A
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   403
\subcaption{Operations on relations}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   404
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   405
\tdx{lam_def}:   Lambda(A,b) == {\ttlbrace}<x,b(x)> . x \isasymin A{\ttrbrace}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   406
\tdx{apply_def}: f`a         == THE y. <a,y> \isasymin f
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   407
\tdx{Pi_def}: Pi(A,B) == {\ttlbrace}f\isasymin{}Pow(Sigma(A,B)). {\isasymforall}x\isasymin{}A. \isasymexists!y. <x,y>\isasymin{}f{\ttrbrace}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   408
\tdx{restrict_def}:  restrict(f,A) == lam x \isasymin A. f`x
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   409
\subcaption{Functions and general product}
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   410
\end{alltt*}
9695
ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty;
wenzelm
parents: 9584
diff changeset
   411
\caption{Further definitions of ZF} \label{zf-defs}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   412
\end{figure}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   413
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   414
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   415
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   416
\section{The Zermelo-Fraenkel axioms}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   417
The axioms appear in Fig.\ts \ref{zf-rules}.  They resemble those
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   418
presented by Suppes~\cite{suppes72}.  Most of the theory consists of
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   419
definitions.  In particular, bounded quantifiers and the subset relation
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   420
appear in other axioms.  Object-level quantifiers and implications have
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   421
been replaced by meta-level ones wherever possible, to simplify use of the
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   422
axioms.  
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   423
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   424
The traditional replacement axiom asserts
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   425
\[ y \in \isa{PrimReplace}(A,P) \bimp (\exists x\in A. P(x,y)) \]
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   426
subject to the condition that $P(x,y)$ is single-valued for all~$x\in A$.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   427
The Isabelle theory defines \cdx{Replace} to apply
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   428
\cdx{PrimReplace} to the single-valued part of~$P$, namely
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   429
\[ (\exists!z. P(x,z)) \conj P(x,y). \]
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   430
Thus $y\in \isa{Replace}(A,P)$ if and only if there is some~$x$ such that
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   431
$P(x,-)$ holds uniquely for~$y$.  Because the equivalence is unconditional,
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   432
\isa{Replace} is much easier to use than \isa{PrimReplace}; it defines the
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   433
same set, if $P(x,y)$ is single-valued.  The nice syntax for replacement
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   434
expands to \isa{Replace}.
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   435
14158
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
   436
Other consequences of replacement include replacement for 
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
   437
meta-level functions
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   438
(\cdx{RepFun}) and definite descriptions (\cdx{The}).
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   439
Axioms for separation (\cdx{Collect}) and unordered pairs
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   440
(\cdx{Upair}) are traditionally assumed, but they actually follow
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   441
from replacement~\cite[pages 237--8]{suppes72}.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   442
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   443
The definitions of general intersection, etc., are straightforward.  Note
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   444
the definition of \isa{cons}, which underlies the finite set notation.
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   445
The axiom of infinity gives us a set that contains~0 and is closed under
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   446
successor (\cdx{succ}).  Although this set is not uniquely defined,
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   447
the theory names it (\cdx{Inf}) in order to simplify the
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   448
construction of the natural numbers.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   449
                                             
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   450
Further definitions appear in Fig.\ts\ref{zf-defs}.  Ordered pairs are
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   451
defined in the standard way, $\pair{a,b}\equiv\{\{a\},\{a,b\}\}$.  Recall
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   452
that \cdx{Sigma}$(A,B)$ generalizes the Cartesian product of two
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   453
sets.  It is defined to be the union of all singleton sets
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   454
$\{\pair{x,y}\}$, for $x\in A$ and $y\in B(x)$.  This is a typical usage of
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   455
general union.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   456
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   457
The projections \cdx{fst} and~\cdx{snd} are defined in terms of the
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   458
generalized projection \cdx{split}.  The latter has been borrowed from
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   459
Martin-L\"of's Type Theory, and is often easier to use than \cdx{fst}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   460
and~\cdx{snd}.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   461
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   462
Operations on relations include converse, domain, range, and image.  The
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   463
set $\isa{Pi}(A,B)$ generalizes the space of functions between two sets.
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   464
Note the simple definitions of $\lambda$-abstraction (using
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   465
\cdx{RepFun}) and application (using a definite description).  The
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   466
function \cdx{restrict}$(f,A)$ has the same values as~$f$, but only
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   467
over the domain~$A$.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   468
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   469
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   470
%%%% zf.thy
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   471
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   472
\begin{figure}
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   473
\begin{alltt*}\isastyleminor
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   474
\tdx{ballI}:     [| !!x. x\isasymin{}A ==> P(x) |] ==> {\isasymforall}x\isasymin{}A. P(x)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   475
\tdx{bspec}:     [| {\isasymforall}x\isasymin{}A. P(x);  x\isasymin{}A |] ==> P(x)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   476
\tdx{ballE}:     [| {\isasymforall}x\isasymin{}A. P(x);  P(x) ==> Q;  x \isasymnotin A ==> Q |] ==> Q
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   477
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   478
\tdx{ball_cong}:  [| A=A';  !!x. x\isasymin{}A' ==> P(x) <-> P'(x) |] ==> 
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   479
             ({\isasymforall}x\isasymin{}A. P(x)) <-> ({\isasymforall}x\isasymin{}A'. P'(x))
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   480
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   481
\tdx{bexI}:      [| P(x);  x\isasymin{}A |] ==> {\isasymexists}x\isasymin{}A. P(x)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   482
\tdx{bexCI}:     [| {\isasymforall}x\isasymin{}A. ~P(x) ==> P(a);  a\isasymin{}A |] ==> {\isasymexists}x\isasymin{}A. P(x)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   483
\tdx{bexE}:      [| {\isasymexists}x\isasymin{}A. P(x);  !!x. [| x\isasymin{}A; P(x) |] ==> Q |] ==> Q
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   484
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   485
\tdx{bex_cong}:  [| A=A';  !!x. x\isasymin{}A' ==> P(x) <-> P'(x) |] ==> 
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   486
             ({\isasymexists}x\isasymin{}A. P(x)) <-> ({\isasymexists}x\isasymin{}A'. P'(x))
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   487
\subcaption{Bounded quantifiers}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   488
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   489
\tdx{subsetI}:     (!!x. x \isasymin A ==> x \isasymin B) ==> A \isasymsubseteq B
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   490
\tdx{subsetD}:     [| A \isasymsubseteq B;  c \isasymin A |] ==> c \isasymin B
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   491
\tdx{subsetCE}:    [| A \isasymsubseteq B;  c \isasymnotin A ==> P;  c \isasymin B ==> P |] ==> P
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   492
\tdx{subset_refl}:  A \isasymsubseteq A
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   493
\tdx{subset_trans}: [| A \isasymsubseteq B;  B \isasymsubseteq C |] ==> A \isasymsubseteq C
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   494
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   495
\tdx{equalityI}:   [| A \isasymsubseteq B;  B \isasymsubseteq A |] ==> A = B
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   496
\tdx{equalityD1}:  A = B ==> A \isasymsubseteq B
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   497
\tdx{equalityD2}:  A = B ==> B \isasymsubseteq A
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   498
\tdx{equalityE}:   [| A = B;  [| A \isasymsubseteq B; B \isasymsubseteq A |] ==> P |]  ==>  P
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   499
\subcaption{Subsets and extensionality}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   500
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   501
\tdx{emptyE}:        a \isasymin 0 ==> P
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   502
\tdx{empty_subsetI}:  0 \isasymsubseteq A
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   503
\tdx{equals0I}:      [| !!y. y \isasymin A ==> False |] ==> A=0
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   504
\tdx{equals0D}:      [| A=0;  a \isasymin A |] ==> P
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   505
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   506
\tdx{PowI}:          A \isasymsubseteq B ==> A \isasymin Pow(B)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   507
\tdx{PowD}:          A \isasymin Pow(B)  ==>  A \isasymsubseteq B
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   508
\subcaption{The empty set; power sets}
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   509
\end{alltt*}
9695
ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty;
wenzelm
parents: 9584
diff changeset
   510
\caption{Basic derived rules for ZF} \label{zf-lemmas1}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   511
\end{figure}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   512
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   513
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   514
\section{From basic lemmas to function spaces}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   515
Faced with so many definitions, it is essential to prove lemmas.  Even
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   516
trivial theorems like $A \int B = B \int A$ would be difficult to
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   517
prove from the definitions alone.  Isabelle's set theory derives many
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   518
rules using a natural deduction style.  Ideally, a natural deduction
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   519
rule should introduce or eliminate just one operator, but this is not
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   520
always practical.  For most operators, we may forget its definition
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   521
and use its derived rules instead.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   522
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   523
\subsection{Fundamental lemmas}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   524
Figure~\ref{zf-lemmas1} presents the derived rules for the most basic
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   525
operators.  The rules for the bounded quantifiers resemble those for the
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   526
ordinary quantifiers, but note that \tdx{ballE} uses a negated assumption
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   527
in the style of Isabelle's classical reasoner.  The \rmindex{congruence
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   528
  rules} \tdx{ball_cong} and \tdx{bex_cong} are required by Isabelle's
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   529
simplifier, but have few other uses.  Congruence rules must be specially
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   530
derived for all binding operators, and henceforth will not be shown.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   531
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   532
Figure~\ref{zf-lemmas1} also shows rules for the subset and equality
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   533
relations (proof by extensionality), and rules about the empty set and the
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   534
power set operator.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   535
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   536
Figure~\ref{zf-lemmas2} presents rules for replacement and separation.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   537
The rules for \cdx{Replace} and \cdx{RepFun} are much simpler than
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   538
comparable rules for \isa{PrimReplace} would be.  The principle of
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   539
separation is proved explicitly, although most proofs should use the
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   540
natural deduction rules for \isa{Collect}.  The elimination rule
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   541
\tdx{CollectE} is equivalent to the two destruction rules
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   542
\tdx{CollectD1} and \tdx{CollectD2}, but each rule is suited to
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   543
particular circumstances.  Although too many rules can be confusing, there
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   544
is no reason to aim for a minimal set of rules.  
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   545
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   546
Figure~\ref{zf-lemmas3} presents rules for general union and intersection.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   547
The empty intersection should be undefined.  We cannot have
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   548
$\bigcap(\emptyset)=V$ because $V$, the universal class, is not a set.  All
9695
ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty;
wenzelm
parents: 9584
diff changeset
   549
expressions denote something in ZF set theory; the definition of
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   550
intersection implies $\bigcap(\emptyset)=\emptyset$, but this value is
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   551
arbitrary.  The rule \tdx{InterI} must have a premise to exclude
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   552
the empty intersection.  Some of the laws governing intersections require
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   553
similar premises.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   554
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   555
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   556
%the [p] gives better page breaking for the book
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   557
\begin{figure}[p]
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   558
\begin{alltt*}\isastyleminor
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   559
\tdx{ReplaceI}:   [| x\isasymin{}A;  P(x,b);  !!y. P(x,y) ==> y=b |] ==> 
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   560
            b\isasymin{}{\ttlbrace}y. x\isasymin{}A, P(x,y){\ttrbrace}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   561
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   562
\tdx{ReplaceE}:   [| b\isasymin{}{\ttlbrace}y. x\isasymin{}A, P(x,y){\ttrbrace};  
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   563
               !!x. [| x\isasymin{}A; P(x,b); {\isasymforall}y. P(x,y)-->y=b |] ==> R 
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   564
            |] ==> R
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   565
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   566
\tdx{RepFunI}:    [| a\isasymin{}A |] ==> f(a)\isasymin{}{\ttlbrace}f(x). x\isasymin{}A{\ttrbrace}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   567
\tdx{RepFunE}:    [| b\isasymin{}{\ttlbrace}f(x). x\isasymin{}A{\ttrbrace};  
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   568
                !!x.[| x\isasymin{}A;  b=f(x) |] ==> P |] ==> P
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   569
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   570
\tdx{separation}:  a\isasymin{}{\ttlbrace}x\isasymin{}A. P(x){\ttrbrace} <-> a\isasymin{}A & P(a)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   571
\tdx{CollectI}:    [| a\isasymin{}A;  P(a) |] ==> a\isasymin{}{\ttlbrace}x\isasymin{}A. P(x){\ttrbrace}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   572
\tdx{CollectE}:    [| a\isasymin{}{\ttlbrace}x\isasymin{}A. P(x){\ttrbrace};  [| a\isasymin{}A; P(a) |] ==> R |] ==> R
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   573
\tdx{CollectD1}:   a\isasymin{}{\ttlbrace}x\isasymin{}A. P(x){\ttrbrace} ==> a\isasymin{}A
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   574
\tdx{CollectD2}:   a\isasymin{}{\ttlbrace}x\isasymin{}A. P(x){\ttrbrace} ==> P(a)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   575
\end{alltt*}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   576
\caption{Replacement and separation} \label{zf-lemmas2}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   577
\end{figure}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   578
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   579
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   580
\begin{figure}
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   581
\begin{alltt*}\isastyleminor
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   582
\tdx{UnionI}: [| B\isasymin{}C;  A\isasymin{}B |] ==> A\isasymin{}Union(C)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   583
\tdx{UnionE}: [| A\isasymin{}Union(C);  !!B.[| A\isasymin{}B;  B\isasymin{}C |] ==> R |] ==> R
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   584
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   585
\tdx{InterI}: [| !!x. x\isasymin{}C ==> A\isasymin{}x;  c\isasymin{}C |] ==> A\isasymin{}Inter(C)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   586
\tdx{InterD}: [| A\isasymin{}Inter(C);  B\isasymin{}C |] ==> A\isasymin{}B
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   587
\tdx{InterE}: [| A\isasymin{}Inter(C);  A\isasymin{}B ==> R;  B \isasymnotin C ==> R |] ==> R
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   588
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   589
\tdx{UN_I}:   [| a\isasymin{}A;  b\isasymin{}B(a) |] ==> b\isasymin{}({\isasymUnion}x\isasymin{}A. B(x))
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   590
\tdx{UN_E}:   [| b\isasymin{}({\isasymUnion}x\isasymin{}A. B(x));  !!x.[| x\isasymin{}A;  b\isasymin{}B(x) |] ==> R 
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   591
           |] ==> R
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   592
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   593
\tdx{INT_I}:  [| !!x. x\isasymin{}A ==> b\isasymin{}B(x);  a\isasymin{}A |] ==> b\isasymin{}({\isasymInter}x\isasymin{}A. B(x))
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   594
\tdx{INT_E}:  [| b\isasymin{}({\isasymInter}x\isasymin{}A. B(x));  a\isasymin{}A |] ==> b\isasymin{}B(a)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   595
\end{alltt*}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   596
\caption{General union and intersection} \label{zf-lemmas3}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   597
\end{figure}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   598
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   599
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   600
%%% upair.thy
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   601
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   602
\begin{figure}
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   603
\begin{alltt*}\isastyleminor
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   604
\tdx{pairing}:   a\isasymin{}Upair(b,c) <-> (a=b | a=c)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   605
\tdx{UpairI1}:   a\isasymin{}Upair(a,b)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   606
\tdx{UpairI2}:   b\isasymin{}Upair(a,b)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   607
\tdx{UpairE}:    [| a\isasymin{}Upair(b,c);  a=b ==> P;  a=c ==> P |] ==> P
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   608
\end{alltt*}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   609
\caption{Unordered pairs} \label{zf-upair1}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   610
\end{figure}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   611
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   612
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   613
\begin{figure}
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   614
\begin{alltt*}\isastyleminor
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   615
\tdx{UnI1}:      c\isasymin{}A ==> c\isasymin{}A \isasymunion B
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   616
\tdx{UnI2}:      c\isasymin{}B ==> c\isasymin{}A \isasymunion B
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   617
\tdx{UnCI}:      (c \isasymnotin B ==> c\isasymin{}A) ==> c\isasymin{}A \isasymunion B
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   618
\tdx{UnE}:       [| c\isasymin{}A \isasymunion B;  c\isasymin{}A ==> P;  c\isasymin{}B ==> P |] ==> P
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   619
14158
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
   620
\tdx{IntI}:      [| c\isasymin{}A;  c\isasymin{}B |] ==> c\isasymin{}A \isasyminter B
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
   621
\tdx{IntD1}:     c\isasymin{}A \isasyminter B ==> c\isasymin{}A
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
   622
\tdx{IntD2}:     c\isasymin{}A \isasyminter B ==> c\isasymin{}B
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
   623
\tdx{IntE}:      [| c\isasymin{}A \isasyminter B;  [| c\isasymin{}A; c\isasymin{}B |] ==> P |] ==> P
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   624
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   625
\tdx{DiffI}:     [| c\isasymin{}A;  c \isasymnotin B |] ==> c\isasymin{}A - B
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   626
\tdx{DiffD1}:    c\isasymin{}A - B ==> c\isasymin{}A
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   627
\tdx{DiffD2}:    c\isasymin{}A - B ==> c  \isasymnotin  B
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   628
\tdx{DiffE}:     [| c\isasymin{}A - B;  [| c\isasymin{}A; c \isasymnotin B |] ==> P |] ==> P
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   629
\end{alltt*}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   630
\caption{Union, intersection, difference} \label{zf-Un}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   631
\end{figure}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   632
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   633
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   634
\begin{figure}
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   635
\begin{alltt*}\isastyleminor
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   636
\tdx{consI1}:    a\isasymin{}cons(a,B)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   637
\tdx{consI2}:    a\isasymin{}B ==> a\isasymin{}cons(b,B)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   638
\tdx{consCI}:    (a \isasymnotin B ==> a=b) ==> a\isasymin{}cons(b,B)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   639
\tdx{consE}:     [| a\isasymin{}cons(b,A);  a=b ==> P;  a\isasymin{}A ==> P |] ==> P
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   640
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   641
\tdx{singletonI}:  a\isasymin{}{\ttlbrace}a{\ttrbrace}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   642
\tdx{singletonE}:  [| a\isasymin{}{\ttlbrace}b{\ttrbrace}; a=b ==> P |] ==> P
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   643
\end{alltt*}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   644
\caption{Finite and singleton sets} \label{zf-upair2}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   645
\end{figure}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   646
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   647
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   648
\begin{figure}
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   649
\begin{alltt*}\isastyleminor
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   650
\tdx{succI1}:    i\isasymin{}succ(i)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   651
\tdx{succI2}:    i\isasymin{}j ==> i\isasymin{}succ(j)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   652
\tdx{succCI}:    (i \isasymnotin j ==> i=j) ==> i\isasymin{}succ(j)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   653
\tdx{succE}:     [| i\isasymin{}succ(j);  i=j ==> P;  i\isasymin{}j ==> P |] ==> P
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   654
\tdx{succ_neq_0}:  [| succ(n)=0 |] ==> P
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   655
\tdx{succ_inject}: succ(m) = succ(n) ==> m=n
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   656
\end{alltt*}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   657
\caption{The successor function} \label{zf-succ}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   658
\end{figure}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   659
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   660
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   661
\begin{figure}
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   662
\begin{alltt*}\isastyleminor
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   663
\tdx{the_equality}: [| P(a); !!x. P(x) ==> x=a |] ==> (THE x. P(x))=a
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   664
\tdx{theI}:         \isasymexists! x. P(x) ==> P(THE x. P(x))
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   665
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   666
\tdx{if_P}:          P ==> (if P then a else b) = a
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   667
\tdx{if_not_P}:     ~P ==> (if P then a else b) = b
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   668
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   669
\tdx{mem_asym}:     [| a\isasymin{}b;  b\isasymin{}a |] ==> P
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   670
\tdx{mem_irrefl}:   a\isasymin{}a ==> P
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   671
\end{alltt*}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   672
\caption{Descriptions; non-circularity} \label{zf-the}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   673
\end{figure}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   674
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   675
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   676
\subsection{Unordered pairs and finite sets}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   677
Figure~\ref{zf-upair1} presents the principle of unordered pairing, along
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   678
with its derived rules.  Binary union and intersection are defined in terms
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   679
of ordered pairs (Fig.\ts\ref{zf-Un}).  Set difference is also included.  The
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   680
rule \tdx{UnCI} is useful for classical reasoning about unions,
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   681
like \isa{disjCI}\@; it supersedes \tdx{UnI1} and
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   682
\tdx{UnI2}, but these rules are often easier to work with.  For
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   683
intersection and difference we have both elimination and destruction rules.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   684
Again, there is no reason to provide a minimal rule set.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   685
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   686
Figure~\ref{zf-upair2} is concerned with finite sets: it presents rules
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   687
for~\isa{cons}, the finite set constructor, and rules for singleton
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   688
sets.  Figure~\ref{zf-succ} presents derived rules for the successor
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   689
function, which is defined in terms of~\isa{cons}.  The proof that 
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   690
\isa{succ} is injective appears to require the Axiom of Foundation.
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   691
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   692
Definite descriptions (\sdx{THE}) are defined in terms of the singleton
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   693
set~$\{0\}$, but their derived rules fortunately hide this
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   694
(Fig.\ts\ref{zf-the}).  The rule~\tdx{theI} is difficult to apply
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   695
because of the two occurrences of~$\Var{P}$.  However,
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   696
\tdx{the_equality} does not have this problem and the files contain
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   697
many examples of its use.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   698
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   699
Finally, the impossibility of having both $a\in b$ and $b\in a$
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   700
(\tdx{mem_asym}) is proved by applying the Axiom of Foundation to
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   701
the set $\{a,b\}$.  The impossibility of $a\in a$ is a trivial consequence.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   702
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   703
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   704
%%% subset.thy?
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   705
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   706
\begin{figure}
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   707
\begin{alltt*}\isastyleminor
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   708
\tdx{Union_upper}:    B\isasymin{}A ==> B \isasymsubseteq Union(A)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   709
\tdx{Union_least}:    [| !!x. x\isasymin{}A ==> x \isasymsubseteq C |] ==> Union(A) \isasymsubseteq C
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   710
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   711
\tdx{Inter_lower}:    B\isasymin{}A ==> Inter(A) \isasymsubseteq B
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   712
\tdx{Inter_greatest}: [| a\isasymin{}A; !!x. x\isasymin{}A ==> C \isasymsubseteq x |] ==> C\isasymsubseteq{}Inter(A)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   713
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   714
\tdx{Un_upper1}:      A \isasymsubseteq A \isasymunion B
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   715
\tdx{Un_upper2}:      B \isasymsubseteq A \isasymunion B
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   716
\tdx{Un_least}:       [| A \isasymsubseteq C;  B \isasymsubseteq C |] ==> A \isasymunion B \isasymsubseteq C
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   717
14158
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
   718
\tdx{Int_lower1}:     A \isasyminter B \isasymsubseteq A
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
   719
\tdx{Int_lower2}:     A \isasyminter B \isasymsubseteq B
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
   720
\tdx{Int_greatest}:   [| C \isasymsubseteq A;  C \isasymsubseteq B |] ==> C \isasymsubseteq A \isasyminter B
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   721
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   722
\tdx{Diff_subset}:    A-B \isasymsubseteq A
14158
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
   723
\tdx{Diff_contains}:  [| C \isasymsubseteq A;  C \isasyminter B = 0 |] ==> C \isasymsubseteq A-B
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   724
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   725
\tdx{Collect_subset}: Collect(A,P) \isasymsubseteq A
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   726
\end{alltt*}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   727
\caption{Subset and lattice properties} \label{zf-subset}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   728
\end{figure}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   729
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   730
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   731
\subsection{Subset and lattice properties}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   732
The subset relation is a complete lattice.  Unions form least upper bounds;
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   733
non-empty intersections form greatest lower bounds.  Figure~\ref{zf-subset}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   734
shows the corresponding rules.  A few other laws involving subsets are
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   735
included. 
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   736
Reasoning directly about subsets often yields clearer proofs than
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   737
reasoning about the membership relation.  Section~\ref{sec:ZF-pow-example}
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   738
below presents an example of this, proving the equation 
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   739
${\isa{Pow}(A)\cap \isa{Pow}(B)}= \isa{Pow}(A\cap B)$.
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   740
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   741
%%% pair.thy
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   742
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   743
\begin{figure}
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   744
\begin{alltt*}\isastyleminor
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   745
\tdx{Pair_inject1}: <a,b> = <c,d> ==> a=c
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   746
\tdx{Pair_inject2}: <a,b> = <c,d> ==> b=d
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   747
\tdx{Pair_inject}:  [| <a,b> = <c,d>;  [| a=c; b=d |] ==> P |] ==> P
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   748
\tdx{Pair_neq_0}:   <a,b>=0 ==> P
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   749
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   750
\tdx{fst_conv}:     fst(<a,b>) = a
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   751
\tdx{snd_conv}:     snd(<a,b>) = b
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   752
\tdx{split}:        split(\%x y. c(x,y), <a,b>) = c(a,b)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   753
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   754
\tdx{SigmaI}:     [| a\isasymin{}A;  b\isasymin{}B(a) |] ==> <a,b>\isasymin{}Sigma(A,B)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   755
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   756
\tdx{SigmaE}:     [| c\isasymin{}Sigma(A,B);  
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   757
                !!x y.[| x\isasymin{}A; y\isasymin{}B(x); c=<x,y> |] ==> P |] ==> P
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   758
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   759
\tdx{SigmaE2}:    [| <a,b>\isasymin{}Sigma(A,B);    
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   760
                [| a\isasymin{}A;  b\isasymin{}B(a) |] ==> P   |] ==> P
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   761
\end{alltt*}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   762
\caption{Ordered pairs; projections; general sums} \label{zf-pair}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   763
\end{figure}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   764
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   765
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   766
\subsection{Ordered pairs} \label{sec:pairs}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   767
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   768
Figure~\ref{zf-pair} presents the rules governing ordered pairs,
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   769
projections and general sums --- in particular, that
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   770
$\{\{a\},\{a,b\}\}$ functions as an ordered pair.  This property is
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   771
expressed as two destruction rules,
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   772
\tdx{Pair_inject1} and \tdx{Pair_inject2}, and equivalently
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   773
as the elimination rule \tdx{Pair_inject}.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   774
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   775
The rule \tdx{Pair_neq_0} asserts $\pair{a,b}\neq\emptyset$.  This
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   776
is a property of $\{\{a\},\{a,b\}\}$, and need not hold for other 
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   777
encodings of ordered pairs.  The non-standard ordered pairs mentioned below
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   778
satisfy $\pair{\emptyset;\emptyset}=\emptyset$.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   779
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   780
The natural deduction rules \tdx{SigmaI} and \tdx{SigmaE}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   781
assert that \cdx{Sigma}$(A,B)$ consists of all pairs of the form
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   782
$\pair{x,y}$, for $x\in A$ and $y\in B(x)$.  The rule \tdx{SigmaE2}
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   783
merely states that $\pair{a,b}\in \isa{Sigma}(A,B)$ implies $a\in A$ and
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   784
$b\in B(a)$.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   785
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   786
In addition, it is possible to use tuples as patterns in abstractions:
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   787
\begin{center}
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   788
{\tt\%<$x$,$y$>. $t$} \quad stands for\quad \isa{split(\%$x$ $y$.\ $t$)}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   789
\end{center}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   790
Nested patterns are translated recursively:
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   791
{\tt\%<$x$,$y$,$z$>. $t$} $\leadsto$ {\tt\%<$x$,<$y$,$z$>>. $t$} $\leadsto$
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   792
\isa{split(\%$x$.\%<$y$,$z$>. $t$)} $\leadsto$ \isa{split(\%$x$. split(\%$y$
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   793
  $z$.\ $t$))}.  The reverse translation is performed upon printing.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   794
\begin{warn}
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   795
  The translation between patterns and \isa{split} is performed automatically
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   796
  by the parser and printer.  Thus the internal and external form of a term
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   797
  may differ, which affects proofs.  For example the term \isa{(\%<x,y>.<y,x>)<a,b>} requires the theorem \isa{split} to rewrite to
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   798
  {\tt<b,a>}.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   799
\end{warn}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   800
In addition to explicit $\lambda$-abstractions, patterns can be used in any
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   801
variable binding construct which is internally described by a
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   802
$\lambda$-abstraction.  Here are some important examples:
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   803
\begin{description}
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   804
\item[Let:] \isa{let {\it pattern} = $t$ in $u$}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   805
\item[Choice:] \isa{THE~{\it pattern}~.~$P$}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   806
\item[Set operations:] \isa{\isasymUnion~{\it pattern}:$A$.~$B$}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   807
\item[Comprehension:] \isa{{\ttlbrace}~{\it pattern}:$A$~.~$P$~{\ttrbrace}}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   808
\end{description}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   809
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   810
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   811
%%% domrange.thy?
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   812
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   813
\begin{figure}
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   814
\begin{alltt*}\isastyleminor
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   815
\tdx{domainI}:     <a,b>\isasymin{}r ==> a\isasymin{}domain(r)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   816
\tdx{domainE}:     [| a\isasymin{}domain(r); !!y. <a,y>\isasymin{}r ==> P |] ==> P
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   817
\tdx{domain_subset}: domain(Sigma(A,B)) \isasymsubseteq A
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   818
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   819
\tdx{rangeI}:      <a,b>\isasymin{}r ==> b\isasymin{}range(r)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   820
\tdx{rangeE}:      [| b\isasymin{}range(r); !!x. <x,b>\isasymin{}r ==> P |] ==> P
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   821
\tdx{range_subset}: range(A*B) \isasymsubseteq B
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   822
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   823
\tdx{fieldI1}:     <a,b>\isasymin{}r ==> a\isasymin{}field(r)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   824
\tdx{fieldI2}:     <a,b>\isasymin{}r ==> b\isasymin{}field(r)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   825
\tdx{fieldCI}:     (<c,a> \isasymnotin r ==> <a,b>\isasymin{}r) ==> a\isasymin{}field(r)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   826
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   827
\tdx{fieldE}:      [| a\isasymin{}field(r); 
14158
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
   828
                !!x. <a,x>\isasymin{}r ==> P; 
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
   829
                !!x. <x,a>\isasymin{}r ==> P      
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
   830
             |] ==> P
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   831
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   832
\tdx{field_subset}:  field(A*A) \isasymsubseteq A
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   833
\end{alltt*}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   834
\caption{Domain, range and field of a relation} \label{zf-domrange}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   835
\end{figure}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   836
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   837
\begin{figure}
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   838
\begin{alltt*}\isastyleminor
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   839
\tdx{imageI}:      [| <a,b>\isasymin{}r; a\isasymin{}A |] ==> b\isasymin{}r``A
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   840
\tdx{imageE}:      [| b\isasymin{}r``A; !!x.[| <x,b>\isasymin{}r; x\isasymin{}A |] ==> P |] ==> P
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   841
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   842
\tdx{vimageI}:     [| <a,b>\isasymin{}r; b\isasymin{}B |] ==> a\isasymin{}r-``B
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   843
\tdx{vimageE}:     [| a\isasymin{}r-``B; !!x.[| <a,x>\isasymin{}r;  x\isasymin{}B |] ==> P |] ==> P
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   844
\end{alltt*}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   845
\caption{Image and inverse image} \label{zf-domrange2}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   846
\end{figure}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   847
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   848
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   849
\subsection{Relations}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   850
Figure~\ref{zf-domrange} presents rules involving relations, which are sets
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   851
of ordered pairs.  The converse of a relation~$r$ is the set of all pairs
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   852
$\pair{y,x}$ such that $\pair{x,y}\in r$; if $r$ is a function, then
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   853
{\cdx{converse}$(r)$} is its inverse.  The rules for the domain
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   854
operation, namely \tdx{domainI} and~\tdx{domainE}, assert that
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   855
\cdx{domain}$(r)$ consists of all~$x$ such that $r$ contains
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   856
some pair of the form~$\pair{x,y}$.  The range operation is similar, and
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   857
the field of a relation is merely the union of its domain and range.  
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   858
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   859
Figure~\ref{zf-domrange2} presents rules for images and inverse images.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   860
Note that these operations are generalisations of range and domain,
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   861
respectively. 
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   862
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   863
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   864
%%% func.thy
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   865
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   866
\begin{figure}
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   867
\begin{alltt*}\isastyleminor
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   868
\tdx{fun_is_rel}:     f\isasymin{}Pi(A,B) ==> f \isasymsubseteq Sigma(A,B)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   869
14158
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
   870
\tdx{apply_equality}:  [| <a,b>\isasymin{}f; f\isasymin{}Pi(A,B) |] ==> f`a = b
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   871
\tdx{apply_equality2}: [| <a,b>\isasymin{}f; <a,c>\isasymin{}f; f\isasymin{}Pi(A,B) |] ==> b=c
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   872
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   873
\tdx{apply_type}:     [| f\isasymin{}Pi(A,B); a\isasymin{}A |] ==> f`a\isasymin{}B(a)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   874
\tdx{apply_Pair}:     [| f\isasymin{}Pi(A,B); a\isasymin{}A |] ==> <a,f`a>\isasymin{}f
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   875
\tdx{apply_iff}:      f\isasymin{}Pi(A,B) ==> <a,b>\isasymin{}f <-> a\isasymin{}A & f`a = b
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   876
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   877
\tdx{fun_extension}:  [| f\isasymin{}Pi(A,B); g\isasymin{}Pi(A,D);
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   878
                   !!x. x\isasymin{}A ==> f`x = g`x     |] ==> f=g
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   879
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   880
\tdx{domain_type}:    [| <a,b>\isasymin{}f; f\isasymin{}Pi(A,B) |] ==> a\isasymin{}A
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   881
\tdx{range_type}:     [| <a,b>\isasymin{}f; f\isasymin{}Pi(A,B) |] ==> b\isasymin{}B(a)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   882
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   883
\tdx{Pi_type}:        [| f\isasymin{}A->C; !!x. x\isasymin{}A ==> f`x\isasymin{}B(x) |] ==> f\isasymin{}Pi(A,B)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   884
\tdx{domain_of_fun}:  f\isasymin{}Pi(A,B) ==> domain(f)=A
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   885
\tdx{range_of_fun}:   f\isasymin{}Pi(A,B) ==> f\isasymin{}A->range(f)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   886
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   887
\tdx{restrict}:       a\isasymin{}A ==> restrict(f,A) ` a = f`a
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   888
\tdx{restrict_type}:  [| !!x. x\isasymin{}A ==> f`x\isasymin{}B(x) |] ==> 
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   889
                restrict(f,A)\isasymin{}Pi(A,B)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   890
\end{alltt*}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   891
\caption{Functions} \label{zf-func1}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   892
\end{figure}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   893
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   894
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   895
\begin{figure}
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   896
\begin{alltt*}\isastyleminor
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   897
\tdx{lamI}:     a\isasymin{}A ==> <a,b(a)>\isasymin{}(lam x\isasymin{}A. b(x))
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   898
\tdx{lamE}:     [| p\isasymin{}(lam x\isasymin{}A. b(x)); !!x.[| x\isasymin{}A; p=<x,b(x)> |] ==> P 
8249
3fc32155372c fixed some overfull lines
paulson
parents: 6745
diff changeset
   899
          |] ==>  P
3fc32155372c fixed some overfull lines
paulson
parents: 6745
diff changeset
   900
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   901
\tdx{lam_type}: [| !!x. x\isasymin{}A ==> b(x)\isasymin{}B(x) |] ==> (lam x\isasymin{}A. b(x))\isasymin{}Pi(A,B)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   902
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   903
\tdx{beta}:     a\isasymin{}A ==> (lam x\isasymin{}A. b(x)) ` a = b(a)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   904
\tdx{eta}:      f\isasymin{}Pi(A,B) ==> (lam x\isasymin{}A. f`x) = f
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   905
\end{alltt*}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   906
\caption{$\lambda$-abstraction} \label{zf-lam}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   907
\end{figure}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   908
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   909
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   910
\begin{figure}
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   911
\begin{alltt*}\isastyleminor
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   912
\tdx{fun_empty}:           0\isasymin{}0->0
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   913
\tdx{fun_single}:          {\ttlbrace}<a,b>{\ttrbrace}\isasymin{}{\ttlbrace}a{\ttrbrace} -> {\ttlbrace}b{\ttrbrace}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   914
14158
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
   915
\tdx{fun_disjoint_Un}:     [| f\isasymin{}A->B; g\isasymin{}C->D; A \isasyminter C = 0  |] ==>  
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   916
                     (f \isasymunion g)\isasymin{}(A \isasymunion C) -> (B \isasymunion D)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   917
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   918
\tdx{fun_disjoint_apply1}: [| a\isasymin{}A; f\isasymin{}A->B; g\isasymin{}C->D;  A\isasyminter{}C = 0 |] ==>  
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   919
                     (f \isasymunion g)`a = f`a
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   920
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   921
\tdx{fun_disjoint_apply2}: [| c\isasymin{}C; f\isasymin{}A->B; g\isasymin{}C->D;  A\isasyminter{}C = 0 |] ==>  
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   922
                     (f \isasymunion g)`c = g`c
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   923
\end{alltt*}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   924
\caption{Constructing functions from smaller sets} \label{zf-func2}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   925
\end{figure}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   926
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   927
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   928
\subsection{Functions}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   929
Functions, represented by graphs, are notoriously difficult to reason
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   930
about.  The ZF theory provides many derived rules, which overlap more
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   931
than they ought.  This section presents the more important rules.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   932
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   933
Figure~\ref{zf-func1} presents the basic properties of \cdx{Pi}$(A,B)$,
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   934
the generalized function space.  For example, if $f$ is a function and
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   935
$\pair{a,b}\in f$, then $f`a=b$ (\tdx{apply_equality}).  Two functions
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   936
are equal provided they have equal domains and deliver equals results
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   937
(\tdx{fun_extension}).
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   938
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   939
By \tdx{Pi_type}, a function typing of the form $f\in A\to C$ can be
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   940
refined to the dependent typing $f\in\prod@{x\in A}B(x)$, given a suitable
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   941
family of sets $\{B(x)\}@{x\in A}$.  Conversely, by \tdx{range_of_fun},
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   942
any dependent typing can be flattened to yield a function type of the form
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   943
$A\to C$; here, $C=\isa{range}(f)$.
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   944
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   945
Among the laws for $\lambda$-abstraction, \tdx{lamI} and \tdx{lamE}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   946
describe the graph of the generated function, while \tdx{beta} and
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   947
\tdx{eta} are the standard conversions.  We essentially have a
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   948
dependently-typed $\lambda$-calculus (Fig.\ts\ref{zf-lam}).
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   949
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   950
Figure~\ref{zf-func2} presents some rules that can be used to construct
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   951
functions explicitly.  We start with functions consisting of at most one
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   952
pair, and may form the union of two functions provided their domains are
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   953
disjoint.  
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   954
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   955
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   956
\begin{figure}
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   957
\begin{alltt*}\isastyleminor
14158
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
   958
\tdx{Int_absorb}:        A \isasyminter A = A
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
   959
\tdx{Int_commute}:       A \isasyminter B = B \isasyminter A
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
   960
\tdx{Int_assoc}:         (A \isasyminter B) \isasyminter C  =  A \isasyminter (B \isasyminter C)
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
   961
\tdx{Int_Un_distrib}:    (A \isasymunion B) \isasyminter C  =  (A \isasyminter C) \isasymunion (B \isasyminter C)
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   962
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   963
\tdx{Un_absorb}:         A \isasymunion A = A
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   964
\tdx{Un_commute}:        A \isasymunion B = B \isasymunion A
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   965
\tdx{Un_assoc}:          (A \isasymunion B) \isasymunion C  =  A \isasymunion (B \isasymunion C)
14158
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
   966
\tdx{Un_Int_distrib}:    (A \isasyminter B) \isasymunion C  =  (A \isasymunion C) \isasyminter (B \isasymunion C)
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   967
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   968
\tdx{Diff_cancel}:       A-A = 0
14158
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
   969
\tdx{Diff_disjoint}:     A \isasyminter (B-A) = 0
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   970
\tdx{Diff_partition}:    A \isasymsubseteq B ==> A \isasymunion (B-A) = B
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   971
\tdx{double_complement}: [| A \isasymsubseteq B; B \isasymsubseteq C |] ==> (B - (C-A)) = A
14158
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
   972
\tdx{Diff_Un}:           A - (B \isasymunion C) = (A-B) \isasyminter (A-C)
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
   973
\tdx{Diff_Int}:          A - (B \isasyminter C) = (A-B) \isasymunion (A-C)
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   974
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   975
\tdx{Union_Un_distrib}:  Union(A \isasymunion B) = Union(A) \isasymunion Union(B)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   976
\tdx{Inter_Un_distrib}:  [| a \isasymin A;  b \isasymin B |] ==> 
14158
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
   977
                   Inter(A \isasymunion B) = Inter(A) \isasyminter Inter(B)
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
   978
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
   979
\tdx{Int_Union_RepFun}:  A \isasyminter Union(B) = ({\isasymUnion}C \isasymin B. A \isasyminter C)
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   980
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   981
\tdx{Un_Inter_RepFun}:   b \isasymin B ==> 
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   982
                   A \isasymunion Inter(B) = ({\isasymInter}C \isasymin B. A \isasymunion C)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   983
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   984
\tdx{SUM_Un_distrib1}:   (SUM x \isasymin A \isasymunion B. C(x)) = 
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   985
                   (SUM x \isasymin A. C(x)) \isasymunion (SUM x \isasymin B. C(x))
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   986
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   987
\tdx{SUM_Un_distrib2}:   (SUM x \isasymin C. A(x) \isasymunion B(x)) =
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   988
                   (SUM x \isasymin C. A(x)) \isasymunion (SUM x \isasymin C. B(x))
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   989
14158
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
   990
\tdx{SUM_Int_distrib1}:  (SUM x \isasymin A \isasyminter B. C(x)) =
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
   991
                   (SUM x \isasymin A. C(x)) \isasyminter (SUM x \isasymin B. C(x))
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
   992
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
   993
\tdx{SUM_Int_distrib2}:  (SUM x \isasymin C. A(x) \isasyminter B(x)) =
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
   994
                   (SUM x \isasymin C. A(x)) \isasyminter (SUM x \isasymin C. B(x))
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
   995
\end{alltt*}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   996
\caption{Equalities} \label{zf-equalities}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   997
\end{figure}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   998
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
   999
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1000
\begin{figure}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1001
%\begin{constants} 
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1002
%  \cdx{1}       & $i$           &       & $\{\emptyset\}$       \\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1003
%  \cdx{bool}    & $i$           &       & the set $\{\emptyset,1\}$     \\
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1004
%  \cdx{cond}   & $[i,i,i]\To i$ &       & conditional for \isa{bool}    \\
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1005
%  \cdx{not}    & $i\To i$       &       & negation for \isa{bool}       \\
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1006
%  \sdx{and}    & $[i,i]\To i$   & Left 70 & conjunction for \isa{bool}  \\
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1007
%  \sdx{or}     & $[i,i]\To i$   & Left 65 & disjunction for \isa{bool}  \\
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1008
%  \sdx{xor}    & $[i,i]\To i$   & Left 65 & exclusive-or for \isa{bool}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1009
%\end{constants}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1010
%
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1011
\begin{alltt*}\isastyleminor
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1012
\tdx{bool_def}:      bool == {\ttlbrace}0,1{\ttrbrace}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1013
\tdx{cond_def}:      cond(b,c,d) == if b=1 then c else d
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1014
\tdx{not_def}:       not(b)  == cond(b,0,1)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1015
\tdx{and_def}:       a and b == cond(a,b,0)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1016
\tdx{or_def}:        a or b  == cond(a,1,b)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1017
\tdx{xor_def}:       a xor b == cond(a,not(b),b)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1018
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1019
\tdx{bool_1I}:       1 \isasymin bool
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1020
\tdx{bool_0I}:       0 \isasymin bool
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1021
\tdx{boolE}:         [| c \isasymin bool;  c=1 ==> P;  c=0 ==> P |] ==> P
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1022
\tdx{cond_1}:        cond(1,c,d) = c
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1023
\tdx{cond_0}:        cond(0,c,d) = d
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1024
\end{alltt*}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1025
\caption{The booleans} \label{zf-bool}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1026
\end{figure}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1027
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1028
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1029
\section{Further developments}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1030
The next group of developments is complex and extensive, and only
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1031
highlights can be covered here.  It involves many theories and proofs. 
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1032
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1033
Figure~\ref{zf-equalities} presents commutative, associative, distributive,
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1034
and idempotency laws of union and intersection, along with other equations.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1035
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1036
Theory \thydx{Bool} defines $\{0,1\}$ as a set of booleans, with the usual
9695
ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty;
wenzelm
parents: 9584
diff changeset
  1037
operators including a conditional (Fig.\ts\ref{zf-bool}).  Although ZF is a
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1038
first-order theory, you can obtain the effect of higher-order logic using
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1039
\isa{bool}-valued functions, for example.  The constant~\isa{1} is
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1040
translated to \isa{succ(0)}.
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1041
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1042
\begin{figure}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1043
\index{*"+ symbol}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1044
\begin{constants}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1045
  \it symbol    & \it meta-type & \it priority & \it description \\ 
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1046
  \tt +         & $[i,i]\To i$  &  Right 65     & disjoint union operator\\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1047
  \cdx{Inl}~~\cdx{Inr}  & $i\To i$      &       & injections\\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1048
  \cdx{case}    & $[i\To i,i\To i, i]\To i$ &   & conditional for $A+B$
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1049
\end{constants}
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1050
\begin{alltt*}\isastyleminor
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1051
\tdx{sum_def}:   A+B == {\ttlbrace}0{\ttrbrace}*A \isasymunion {\ttlbrace}1{\ttrbrace}*B
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1052
\tdx{Inl_def}:   Inl(a) == <0,a>
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1053
\tdx{Inr_def}:   Inr(b) == <1,b>
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1054
\tdx{case_def}:  case(c,d,u) == split(\%y z. cond(y, d(z), c(z)), u)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1055
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1056
\tdx{InlI}:      a \isasymin A ==> Inl(a) \isasymin A+B
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1057
\tdx{InrI}:      b \isasymin B ==> Inr(b) \isasymin A+B
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1058
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1059
\tdx{Inl_inject}:  Inl(a)=Inl(b) ==> a=b
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1060
\tdx{Inr_inject}:  Inr(a)=Inr(b) ==> a=b
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1061
\tdx{Inl_neq_Inr}: Inl(a)=Inr(b) ==> P
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1062
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1063
\tdx{sum_iff}:  u \isasymin A+B <-> ({\isasymexists}x\isasymin{}A. u=Inl(x)) | ({\isasymexists}y\isasymin{}B. u=Inr(y))
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1064
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1065
\tdx{case_Inl}:  case(c,d,Inl(a)) = c(a)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1066
\tdx{case_Inr}:  case(c,d,Inr(b)) = d(b)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1067
\end{alltt*}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1068
\caption{Disjoint unions} \label{zf-sum}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1069
\end{figure}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1070
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1071
9584
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1072
\subsection{Disjoint unions}
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1073
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1074
Theory \thydx{Sum} defines the disjoint union of two sets, with
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1075
injections and a case analysis operator (Fig.\ts\ref{zf-sum}).  Disjoint
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1076
unions play a role in datatype definitions, particularly when there is
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1077
mutual recursion~\cite{paulson-set-II}.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1078
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1079
\begin{figure}
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1080
\begin{alltt*}\isastyleminor
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1081
\tdx{QPair_def}:      <a;b> == a+b
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1082
\tdx{qsplit_def}:     qsplit(c,p)  == THE y. {\isasymexists}a b. p=<a;b> & y=c(a,b)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1083
\tdx{qfsplit_def}:    qfsplit(R,z) == {\isasymexists}x y. z=<x;y> & R(x,y)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1084
\tdx{qconverse_def}:  qconverse(r) == {\ttlbrace}z. w \isasymin r, {\isasymexists}x y. w=<x;y> & z=<y;x>{\ttrbrace}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1085
\tdx{QSigma_def}:     QSigma(A,B)  == {\isasymUnion}x \isasymin A. {\isasymUnion}y \isasymin B(x). {\ttlbrace}<x;y>{\ttrbrace}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1086
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1087
\tdx{qsum_def}:       A <+> B      == ({\ttlbrace}0{\ttrbrace} <*> A) \isasymunion ({\ttlbrace}1{\ttrbrace} <*> B)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1088
\tdx{QInl_def}:       QInl(a)      == <0;a>
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1089
\tdx{QInr_def}:       QInr(b)      == <1;b>
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1090
\tdx{qcase_def}:      qcase(c,d)   == qsplit(\%y z. cond(y, d(z), c(z)))
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1091
\end{alltt*}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1092
\caption{Non-standard pairs, products and sums} \label{zf-qpair}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1093
\end{figure}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1094
9584
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1095
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1096
\subsection{Non-standard ordered pairs}
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1097
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1098
Theory \thydx{QPair} defines a notion of ordered pair that admits
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1099
non-well-founded tupling (Fig.\ts\ref{zf-qpair}).  Such pairs are written
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1100
{\tt<$a$;$b$>}.  It also defines the eliminator \cdx{qsplit}, the
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1101
converse operator \cdx{qconverse}, and the summation operator
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1102
\cdx{QSigma}.  These are completely analogous to the corresponding
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1103
versions for standard ordered pairs.  The theory goes on to define a
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1104
non-standard notion of disjoint sum using non-standard pairs.  All of these
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1105
concepts satisfy the same properties as their standard counterparts; in
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1106
addition, {\tt<$a$;$b$>} is continuous.  The theory supports coinductive
6592
c120262044b6 Now uses manual.bib; some references updated
paulson
parents: 6173
diff changeset
  1107
definitions, for example of infinite lists~\cite{paulson-mscs}.
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1108
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1109
\begin{figure}
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1110
\begin{alltt*}\isastyleminor
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1111
\tdx{bnd_mono_def}:  bnd_mono(D,h) == 
14158
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1112
               h(D)\isasymsubseteq{}D & ({\isasymforall}W X. W\isasymsubseteq{}X --> X\isasymsubseteq{}D --> h(W)\isasymsubseteq{}h(X))
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1113
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1114
\tdx{lfp_def}:       lfp(D,h) == Inter({\ttlbrace}X \isasymin Pow(D). h(X) \isasymsubseteq X{\ttrbrace})
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1115
\tdx{gfp_def}:       gfp(D,h) == Union({\ttlbrace}X \isasymin Pow(D). X \isasymsubseteq h(X){\ttrbrace})
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1116
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1117
14158
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1118
\tdx{lfp_lowerbound}: [| h(A) \isasymsubseteq A;  A \isasymsubseteq D |] ==> lfp(D,h) \isasymsubseteq A
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1119
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1120
\tdx{lfp_subset}:    lfp(D,h) \isasymsubseteq D
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1121
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1122
\tdx{lfp_greatest}:  [| bnd_mono(D,h);  
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1123
                  !!X. [| h(X) \isasymsubseteq X;  X \isasymsubseteq D |] ==> A \isasymsubseteq X 
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1124
               |] ==> A \isasymsubseteq lfp(D,h)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1125
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1126
\tdx{lfp_Tarski}:    bnd_mono(D,h) ==> lfp(D,h) = h(lfp(D,h))
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1127
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1128
\tdx{induct}:        [| a \isasymin lfp(D,h);  bnd_mono(D,h);
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1129
                  !!x. x \isasymin h(Collect(lfp(D,h),P)) ==> P(x)
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1130
               |] ==> P(a)
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1131
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1132
\tdx{lfp_mono}:      [| bnd_mono(D,h);  bnd_mono(E,i);
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1133
                  !!X. X \isasymsubseteq D ==> h(X) \isasymsubseteq i(X)  
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1134
               |] ==> lfp(D,h) \isasymsubseteq lfp(E,i)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1135
14158
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1136
\tdx{gfp_upperbound}: [| A \isasymsubseteq h(A);  A \isasymsubseteq D |] ==> A \isasymsubseteq gfp(D,h)
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1137
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1138
\tdx{gfp_subset}:    gfp(D,h) \isasymsubseteq D
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1139
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1140
\tdx{gfp_least}:     [| bnd_mono(D,h);  
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1141
                  !!X. [| X \isasymsubseteq h(X);  X \isasymsubseteq D |] ==> X \isasymsubseteq A
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1142
               |] ==> gfp(D,h) \isasymsubseteq A
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1143
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1144
\tdx{gfp_Tarski}:    bnd_mono(D,h) ==> gfp(D,h) = h(gfp(D,h))
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1145
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1146
\tdx{coinduct}:      [| bnd_mono(D,h); a \isasymin X; X \isasymsubseteq h(X \isasymunion gfp(D,h)); X \isasymsubseteq D 
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1147
               |] ==> a \isasymin gfp(D,h)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1148
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1149
\tdx{gfp_mono}:      [| bnd_mono(D,h);  D \isasymsubseteq E;
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1150
                  !!X. X \isasymsubseteq D ==> h(X) \isasymsubseteq i(X)  
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1151
               |] ==> gfp(D,h) \isasymsubseteq gfp(E,i)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1152
\end{alltt*}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1153
\caption{Least and greatest fixedpoints} \label{zf-fixedpt}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1154
\end{figure}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1155
9584
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1156
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1157
\subsection{Least and greatest fixedpoints}
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1158
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1159
The Knaster-Tarski Theorem states that every monotone function over a
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1160
complete lattice has a fixedpoint.  Theory \thydx{Fixedpt} proves the
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1161
Theorem only for a particular lattice, namely the lattice of subsets of a
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1162
set (Fig.\ts\ref{zf-fixedpt}).  The theory defines least and greatest
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1163
fixedpoint operators with corresponding induction and coinduction rules.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1164
These are essential to many definitions that follow, including the natural
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1165
numbers and the transitive closure operator.  The (co)inductive definition
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1166
package also uses the fixedpoint operators~\cite{paulson-CADE}.  See
6745
74e8f703f5f2 tuned manual.bib;
wenzelm
parents: 6592
diff changeset
  1167
Davey and Priestley~\cite{davey-priestley} for more on the Knaster-Tarski
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1168
Theorem and my paper~\cite{paulson-set-II} for discussion of the Isabelle
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1169
proofs.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1170
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1171
Monotonicity properties are proved for most of the set-forming operations:
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1172
union, intersection, Cartesian product, image, domain, range, etc.  These
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1173
are useful for applying the Knaster-Tarski Fixedpoint Theorem.  The proofs
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1174
themselves are trivial applications of Isabelle's classical reasoner. 
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1175
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1176
9584
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1177
\subsection{Finite sets and lists}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1178
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1179
Theory \texttt{Finite} (Figure~\ref{zf-fin}) defines the finite set operator;
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1180
$\isa{Fin}(A)$ is the set of all finite sets over~$A$.  The theory employs
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1181
Isabelle's inductive definition package, which proves various rules
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1182
automatically.  The induction rule shown is stronger than the one proved by
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1183
the package.  The theory also defines the set of all finite functions
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1184
between two given sets.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1185
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1186
\begin{figure}
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1187
\begin{alltt*}\isastyleminor
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1188
\tdx{Fin.emptyI}      0 \isasymin Fin(A)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1189
\tdx{Fin.consI}       [| a \isasymin A;  b \isasymin Fin(A) |] ==> cons(a,b) \isasymin Fin(A)
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1190
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1191
\tdx{Fin_induct}
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1192
    [| b \isasymin Fin(A);
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1193
       P(0);
14158
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1194
       !!x y. [| x\isasymin{}A; y\isasymin{}Fin(A); x\isasymnotin{}y; P(y) |] ==> P(cons(x,y))
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1195
    |] ==> P(b)
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1196
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1197
\tdx{Fin_mono}:       A \isasymsubseteq B ==> Fin(A) \isasymsubseteq Fin(B)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1198
\tdx{Fin_UnI}:        [| b \isasymin Fin(A);  c \isasymin Fin(A) |] ==> b \isasymunion c \isasymin Fin(A)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1199
\tdx{Fin_UnionI}:     C \isasymin Fin(Fin(A)) ==> Union(C) \isasymin Fin(A)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1200
\tdx{Fin_subset}:     [| c \isasymsubseteq b;  b \isasymin Fin(A) |] ==> c \isasymin Fin(A)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1201
\end{alltt*}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1202
\caption{The finite set operator} \label{zf-fin}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1203
\end{figure}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1204
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1205
\begin{figure}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1206
\begin{constants}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1207
  \it symbol  & \it meta-type & \it priority & \it description \\ 
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1208
  \cdx{list}    & $i\To i$      && lists over some set\\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1209
  \cdx{list_case} & $[i, [i,i]\To i, i] \To i$  && conditional for $list(A)$ \\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1210
  \cdx{map}     & $[i\To i, i] \To i$   &       & mapping functional\\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1211
  \cdx{length}  & $i\To i$              &       & length of a list\\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1212
  \cdx{rev}     & $i\To i$              &       & reverse of a list\\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1213
  \tt \at       & $[i,i]\To i$  &  Right 60     & append for lists\\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1214
  \cdx{flat}    & $i\To i$   &                  & append of list of lists
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1215
\end{constants}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1216
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1217
\underscoreon %%because @ is used here
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1218
\begin{alltt*}\isastyleminor
14158
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1219
\tdx{NilI}:       Nil \isasymin list(A)
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1220
\tdx{ConsI}:      [| a \isasymin A;  l \isasymin list(A) |] ==> Cons(a,l) \isasymin list(A)
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1221
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1222
\tdx{List.induct}
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1223
    [| l \isasymin list(A);
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1224
       P(Nil);
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1225
       !!x y. [| x \isasymin A;  y \isasymin list(A);  P(y) |] ==> P(Cons(x,y))
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1226
    |] ==> P(l)
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1227
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1228
\tdx{Cons_iff}:       Cons(a,l)=Cons(a',l') <-> a=a' & l=l'
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1229
\tdx{Nil_Cons_iff}:    Nil \isasymnoteq Cons(a,l)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1230
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1231
\tdx{list_mono}:      A \isasymsubseteq B ==> list(A) \isasymsubseteq list(B)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1232
14158
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1233
\tdx{map_ident}:      l\isasymin{}list(A) ==> map(\%u. u, l) = l
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1234
\tdx{map_compose}:    l\isasymin{}list(A) ==> map(h, map(j,l)) = map(\%u. h(j(u)), l)
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1235
\tdx{map_app_distrib}: xs\isasymin{}list(A) ==> map(h, xs@ys) = map(h,xs)@map(h,ys)
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1236
\tdx{map_type}
14158
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1237
    [| l\isasymin{}list(A); !!x. x\isasymin{}A ==> h(x)\isasymin{}B |] ==> map(h,l)\isasymin{}list(B)
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1238
\tdx{map_flat}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1239
    ls: list(list(A)) ==> map(h, flat(ls)) = flat(map(map(h),ls))
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1240
\end{alltt*}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1241
\caption{Lists} \label{zf-list}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1242
\end{figure}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1243
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1244
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1245
Figure~\ref{zf-list} presents the set of lists over~$A$, $\isa{list}(A)$.  The
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1246
definition employs Isabelle's datatype package, which defines the introduction
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1247
and induction rules automatically, as well as the constructors, case operator
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1248
(\isa{list\_case}) and recursion operator.  The theory then defines the usual
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1249
list functions by primitive recursion.  See theory \texttt{List}.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1250
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1251
9584
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1252
\subsection{Miscellaneous}
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1253
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1254
\begin{figure}
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1255
\begin{constants} 
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1256
  \it symbol  & \it meta-type & \it priority & \it description \\ 
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1257
  \sdx{O}       & $[i,i]\To i$  &  Right 60     & composition ($\circ$) \\
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1258
  \cdx{id}      & $i\To i$      &       & identity function \\
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1259
  \cdx{inj}     & $[i,i]\To i$  &       & injective function space\\
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1260
  \cdx{surj}    & $[i,i]\To i$  &       & surjective function space\\
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1261
  \cdx{bij}     & $[i,i]\To i$  &       & bijective function space
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1262
\end{constants}
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1263
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1264
\begin{alltt*}\isastyleminor
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1265
\tdx{comp_def}: r O s     == {\ttlbrace}xz \isasymin domain(s)*range(r) . 
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1266
                        {\isasymexists}x y z. xz=<x,z> & <x,y> \isasymin s & <y,z> \isasymin r{\ttrbrace}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1267
\tdx{id_def}:   id(A)     == (lam x \isasymin A. x)
14158
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1268
\tdx{inj_def}:  inj(A,B)  == {\ttlbrace} f\isasymin{}A->B. {\isasymforall}w\isasymin{}A. {\isasymforall}x\isasymin{}A. f`w=f`x --> w=x {\ttrbrace}
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1269
\tdx{surj_def}: surj(A,B) == {\ttlbrace} f\isasymin{}A->B . {\isasymforall}y\isasymin{}B. {\isasymexists}x\isasymin{}A. f`x=y {\ttrbrace}
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1270
\tdx{bij_def}:  bij(A,B)  == inj(A,B) \isasyminter surj(A,B)
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1271
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1272
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1273
\tdx{left_inverse}:    [| f\isasymin{}inj(A,B);  a\isasymin{}A |] ==> converse(f)`(f`a) = a
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1274
\tdx{right_inverse}:   [| f\isasymin{}inj(A,B);  b\isasymin{}range(f) |] ==> 
9584
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1275
                 f`(converse(f)`b) = b
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1276
14158
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1277
\tdx{inj_converse_inj}: f\isasymin{}inj(A,B) ==> converse(f) \isasymin inj(range(f),A)
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1278
\tdx{bij_converse_bij}: f\isasymin{}bij(A,B) ==> converse(f) \isasymin bij(B,A)
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1279
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1280
\tdx{comp_type}:     [| s \isasymsubseteq A*B;  r \isasymsubseteq B*C |] ==> (r O s) \isasymsubseteq A*C
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1281
\tdx{comp_assoc}:    (r O s) O t = r O (s O t)
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1282
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1283
\tdx{left_comp_id}:  r \isasymsubseteq A*B ==> id(B) O r = r
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1284
\tdx{right_comp_id}: r \isasymsubseteq A*B ==> r O id(A) = r
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1285
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1286
\tdx{comp_func}:     [| g\isasymin{}A->B; f\isasymin{}B->C |] ==> (f O g) \isasymin A->C
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1287
\tdx{comp_func_apply}: [| g\isasymin{}A->B; f\isasymin{}B->C; a\isasymin{}A |] ==> (f O g)`a = f`(g`a)
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1288
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1289
\tdx{comp_inj}:      [| g\isasymin{}inj(A,B);  f\isasymin{}inj(B,C)  |] ==> (f O g)\isasymin{}inj(A,C)
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1290
\tdx{comp_surj}:     [| g\isasymin{}surj(A,B); f\isasymin{}surj(B,C) |] ==> (f O g)\isasymin{}surj(A,C)
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1291
\tdx{comp_bij}:      [| g\isasymin{}bij(A,B); f\isasymin{}bij(B,C) |] ==> (f O g)\isasymin{}bij(A,C)
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1292
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1293
\tdx{left_comp_inverse}:    f\isasymin{}inj(A,B) ==> converse(f) O f = id(A)
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1294
\tdx{right_comp_inverse}:   f\isasymin{}surj(A,B) ==> f O converse(f) = id(B)
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1295
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1296
\tdx{bij_disjoint_Un}:  
14158
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1297
    [| f\isasymin{}bij(A,B);  g\isasymin{}bij(C,D);  A \isasyminter C = 0;  B \isasyminter D = 0 |] ==> 
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1298
    (f \isasymunion g)\isasymin{}bij(A \isasymunion C, B \isasymunion D)
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1299
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1300
\tdx{restrict_bij}: [| f\isasymin{}inj(A,B); C\isasymsubseteq{}A |] ==> restrict(f,C)\isasymin{}bij(C, f``C)
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1301
\end{alltt*}
9584
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1302
\caption{Permutations} \label{zf-perm}
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1303
\end{figure}
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1304
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1305
The theory \thydx{Perm} is concerned with permutations (bijections) and
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1306
related concepts.  These include composition of relations, the identity
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1307
relation, and three specialized function spaces: injective, surjective and
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1308
bijective.  Figure~\ref{zf-perm} displays many of their properties that
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1309
have been proved.  These results are fundamental to a treatment of
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1310
equipollence and cardinality.
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1311
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1312
Theory \thydx{Univ} defines a `universe' $\isa{univ}(A)$, which is used by
9584
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1313
the datatype package.  This set contains $A$ and the
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1314
natural numbers.  Vitally, it is closed under finite products: 
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1315
$\isa{univ}(A)\times\isa{univ}(A)\subseteq\isa{univ}(A)$.  This theory also
9584
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1316
defines the cumulative hierarchy of axiomatic set theory, which
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1317
traditionally is written $V@\alpha$ for an ordinal~$\alpha$.  The
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1318
`universe' is a simple generalization of~$V@\omega$.
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1319
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1320
Theory \thydx{QUniv} defines a `universe' $\isa{quniv}(A)$, which is used by
9584
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1321
the datatype package to construct codatatypes such as streams.  It is
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1322
analogous to $\isa{univ}(A)$ (and is defined in terms of it) but is closed
9584
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1323
under the non-standard product and sum.
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1324
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1325
6173
2c0579e8e6fa documented typecheck_tac, etc
paulson
parents: 6143
diff changeset
  1326
\section{Automatic Tools}
2c0579e8e6fa documented typecheck_tac, etc
paulson
parents: 6143
diff changeset
  1327
9695
ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty;
wenzelm
parents: 9584
diff changeset
  1328
ZF provides the simplifier and the classical reasoner.  Moreover it supplies a
ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty;
wenzelm
parents: 9584
diff changeset
  1329
specialized tool to infer `types' of terms.
6173
2c0579e8e6fa documented typecheck_tac, etc
paulson
parents: 6143
diff changeset
  1330
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1331
\subsection{Simplification and Classical Reasoning}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1332
9695
ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty;
wenzelm
parents: 9584
diff changeset
  1333
ZF inherits simplification from FOL but adopts it for set theory.  The
ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty;
wenzelm
parents: 9584
diff changeset
  1334
extraction of rewrite rules takes the ZF primitives into account.  It can
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1335
strip bounded universal quantifiers from a formula; for example, ${\forall
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1336
  x\in A. f(x)=g(x)}$ yields the conditional rewrite rule $x\in A \Imp
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1337
f(x)=g(x)$.  Given $a\in\{x\in A. P(x)\}$ it extracts rewrite rules from $a\in
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1338
A$ and~$P(a)$.  It can also break down $a\in A\int B$ and $a\in A-B$.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1339
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1340
The default simpset used by \isa{simp} contains congruence rules for all of ZF's
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1341
binding operators.  It contains all the conversion rules, such as
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1342
\isa{fst} and
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1343
\isa{snd}, as well as the rewrites shown in Fig.\ts\ref{zf-simpdata}.
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1344
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1345
Classical reasoner methods such as \isa{blast} and \isa{auto} refer to
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1346
a rich collection of built-in axioms for all the set-theoretic
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1347
primitives.
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1348
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1349
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1350
\begin{figure}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1351
\begin{eqnarray*}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1352
  a\in \emptyset        & \bimp &  \bot\\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1353
  a \in A \un B      & \bimp &  a\in A \disj a\in B\\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1354
  a \in A \int B      & \bimp &  a\in A \conj a\in B\\
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1355
  a \in A-B             & \bimp &  a\in A \conj \lnot (a\in B)\\
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1356
  \pair{a,b}\in \isa{Sigma}(A,B)
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1357
                        & \bimp &  a\in A \conj b\in B(a)\\
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1358
  a \in \isa{Collect}(A,P)      & \bimp &  a\in A \conj P(a)\\
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1359
  (\forall x \in \emptyset. P(x)) & \bimp &  \top\\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1360
  (\forall x \in A. \top)       & \bimp &  \top
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1361
\end{eqnarray*}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1362
\caption{Some rewrite rules for set theory} \label{zf-simpdata}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1363
\end{figure}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1364
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1365
6173
2c0579e8e6fa documented typecheck_tac, etc
paulson
parents: 6143
diff changeset
  1366
\subsection{Type-Checking Tactics}
2c0579e8e6fa documented typecheck_tac, etc
paulson
parents: 6143
diff changeset
  1367
\index{type-checking tactics}
2c0579e8e6fa documented typecheck_tac, etc
paulson
parents: 6143
diff changeset
  1368
9695
ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty;
wenzelm
parents: 9584
diff changeset
  1369
Isabelle/ZF provides simple tactics to help automate those proofs that are
6173
2c0579e8e6fa documented typecheck_tac, etc
paulson
parents: 6143
diff changeset
  1370
essentially type-checking.  Such proofs are built by applying rules such as
2c0579e8e6fa documented typecheck_tac, etc
paulson
parents: 6143
diff changeset
  1371
these:
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1372
\begin{ttbox}\isastyleminor
14158
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1373
[| ?P ==> ?a \isasymin ?A; ~?P ==> ?b \isasymin ?A |] 
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1374
==> (if ?P then ?a else ?b) \isasymin ?A
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1375
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1376
[| ?m \isasymin nat; ?n \isasymin nat |] ==> ?m #+ ?n \isasymin nat
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1377
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1378
?a \isasymin ?A ==> Inl(?a) \isasymin ?A + ?B  
6173
2c0579e8e6fa documented typecheck_tac, etc
paulson
parents: 6143
diff changeset
  1379
\end{ttbox}
2c0579e8e6fa documented typecheck_tac, etc
paulson
parents: 6143
diff changeset
  1380
In typical applications, the goal has the form $t\in\Var{A}$: in other words,
2c0579e8e6fa documented typecheck_tac, etc
paulson
parents: 6143
diff changeset
  1381
we have a specific term~$t$ and need to infer its `type' by instantiating the
2c0579e8e6fa documented typecheck_tac, etc
paulson
parents: 6143
diff changeset
  1382
set variable~$\Var{A}$.  Neither the simplifier nor the classical reasoner
2c0579e8e6fa documented typecheck_tac, etc
paulson
parents: 6143
diff changeset
  1383
does this job well.  The if-then-else rule, and many similar ones, can make
2c0579e8e6fa documented typecheck_tac, etc
paulson
parents: 6143
diff changeset
  1384
the classical reasoner loop.  The simplifier refuses (on principle) to
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1385
instantiate variables during rewriting, so goals such as \isa{i\#+j \isasymin \ ?A}
6173
2c0579e8e6fa documented typecheck_tac, etc
paulson
parents: 6143
diff changeset
  1386
are left unsolved.
2c0579e8e6fa documented typecheck_tac, etc
paulson
parents: 6143
diff changeset
  1387
2c0579e8e6fa documented typecheck_tac, etc
paulson
parents: 6143
diff changeset
  1388
The simplifier calls the type-checker to solve rewritten subgoals: this stage
2c0579e8e6fa documented typecheck_tac, etc
paulson
parents: 6143
diff changeset
  1389
can indeed instantiate variables.  If you have defined new constants and
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1390
proved type-checking rules for them, then declare the rules using
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1391
the attribute \isa{TC} and the rest should be automatic.  In
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1392
particular, the simplifier will use type-checking to help satisfy
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1393
conditional rewrite rules. Call the method \ttindex{typecheck} to
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1394
break down all subgoals using type-checking rules. You can add new
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1395
type-checking rules temporarily like this:
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1396
\begin{isabelle}
14158
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1397
\isacommand{apply}\ (typecheck add:\ inj_is_fun)
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1398
\end{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1399
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1400
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1401
%Though the easiest way to invoke the type-checker is via the simplifier,
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1402
%specialized applications may require more detailed knowledge of
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1403
%the type-checking primitives.  They are modelled on the simplifier's:
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1404
%\begin{ttdescription}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1405
%\item[\ttindexbold{tcset}] is the type of tcsets: sets of type-checking rules.
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1406
%
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1407
%\item[\ttindexbold{addTCs}] is an infix operator to add type-checking rules to
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1408
%  a tcset.
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1409
%  
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1410
%\item[\ttindexbold{delTCs}] is an infix operator to remove type-checking rules
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1411
%  from a tcset.
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1412
%
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1413
%\item[\ttindexbold{typecheck_tac}] is a tactic for attempting to prove all
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1414
%  subgoals using the rules given in its argument, a tcset.
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1415
%\end{ttdescription}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1416
%
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1417
%Tcsets, like simpsets, are associated with theories and are merged when
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1418
%theories are merged.  There are further primitives that use the default tcset.
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1419
%\begin{ttdescription}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1420
%\item[\ttindexbold{tcset}] is a function to return the default tcset; use the
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1421
%  expression \isa{tcset()}.
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1422
%
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1423
%\item[\ttindexbold{AddTCs}] adds type-checking rules to the default tcset.
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1424
%  
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1425
%\item[\ttindexbold{DelTCs}] removes type-checking rules from the default
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1426
%  tcset.
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1427
%
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1428
%\item[\ttindexbold{Typecheck_tac}] calls \isa{typecheck_tac} using the
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1429
%  default tcset.
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1430
%\end{ttdescription}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1431
%
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1432
%To supply some type-checking rules temporarily, using \isa{Addrules} and
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1433
%later \isa{Delrules} is the simplest way.  There is also a high-tech
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1434
%approach.  Call the simplifier with a new solver expressed using
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1435
%\ttindexbold{type_solver_tac} and your temporary type-checking rules.
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1436
%\begin{ttbox}\isastyleminor
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1437
%by (asm_simp_tac 
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1438
%     (simpset() setSolver type_solver_tac (tcset() addTCs prems)) 2);
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1439
%\end{ttbox}
6173
2c0579e8e6fa documented typecheck_tac, etc
paulson
parents: 6143
diff changeset
  1440
2c0579e8e6fa documented typecheck_tac, etc
paulson
parents: 6143
diff changeset
  1441
9584
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1442
\section{Natural number and integer arithmetic}
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1443
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1444
\index{arithmetic|(}
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1445
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1446
\begin{figure}\small
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1447
\index{#*@{\tt\#*} symbol}
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1448
\index{*div symbol}
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1449
\index{*mod symbol}
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1450
\index{#+@{\tt\#+} symbol}
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1451
\index{#-@{\tt\#-} symbol}
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1452
\begin{constants}
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1453
  \it symbol  & \it meta-type & \it priority & \it description \\ 
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1454
  \cdx{nat}     & $i$                   &       & set of natural numbers \\
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1455
  \cdx{nat_case}& $[i,i\To i,i]\To i$     &     & conditional for $nat$\\
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1456
  \tt \#*       & $[i,i]\To i$  &  Left 70      & multiplication \\
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1457
  \tt div       & $[i,i]\To i$  &  Left 70      & division\\
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1458
  \tt mod       & $[i,i]\To i$  &  Left 70      & modulus\\
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1459
  \tt \#+       & $[i,i]\To i$  &  Left 65      & addition\\
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1460
  \tt \#-       & $[i,i]\To i$  &  Left 65      & subtraction
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1461
\end{constants}
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1462
14158
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1463
\begin{alltt*}\isastyleminor
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1464
\tdx{nat_def}: nat == lfp(lam r \isasymin Pow(Inf). {\ttlbrace}0{\ttrbrace} \isasymunion {\ttlbrace}succ(x). x \isasymin r{\ttrbrace}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1465
14158
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1466
\tdx{nat_case_def}:  nat_case(a,b,k) == 
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1467
              THE y. k=0 & y=a | ({\isasymexists}x. k=succ(x) & y=b(x))
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1468
14158
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1469
\tdx{nat_0I}:           0 \isasymin nat
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1470
\tdx{nat_succI}:        n \isasymin nat ==> succ(n) \isasymin nat
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1471
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1472
\tdx{nat_induct}:        
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1473
    [| n \isasymin nat;  P(0);  !!x. [| x \isasymin nat;  P(x) |] ==> P(succ(x)) 
9584
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1474
    |] ==> P(n)
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1475
14158
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1476
\tdx{nat_case_0}:       nat_case(a,b,0) = a
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1477
\tdx{nat_case_succ}:    nat_case(a,b,succ(m)) = b(m)
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1478
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1479
\tdx{add_0_natify}:     0 #+ n = natify(n)
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1480
\tdx{add_succ}:         succ(m) #+ n = succ(m #+ n)
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1481
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1482
\tdx{mult_type}:        m #* n \isasymin nat
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1483
\tdx{mult_0}:           0 #* n = 0
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1484
\tdx{mult_succ}:        succ(m) #* n = n #+ (m #* n)
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1485
\tdx{mult_commute}:     m #* n = n #* m
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1486
\tdx{add_mult_dist}:    (m #+ n) #* k = (m #* k) #+ (n #* k)
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1487
\tdx{mult_assoc}:       (m #* n) #* k = m #* (n #* k)
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1488
\tdx{mod_div_equality}: m \isasymin nat ==> (m div n)#*n #+ m mod n = m
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1489
\end{alltt*}
9584
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1490
\caption{The natural numbers} \label{zf-nat}
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1491
\end{figure}
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1492
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1493
\index{natural numbers}
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1494
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1495
Theory \thydx{Nat} defines the natural numbers and mathematical
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1496
induction, along with a case analysis operator.  The set of natural
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1497
numbers, here called \isa{nat}, is known in set theory as the ordinal~$\omega$.
9584
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1498
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1499
Theory \thydx{Arith} develops arithmetic on the natural numbers
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1500
(Fig.\ts\ref{zf-nat}).  Addition, multiplication and subtraction are defined
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1501
by primitive recursion.  Division and remainder are defined by repeated
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1502
subtraction, which requires well-founded recursion; the termination argument
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1503
relies on the divisor's being non-zero.  Many properties are proved:
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1504
commutative, associative and distributive laws, identity and cancellation
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1505
laws, etc.  The most interesting result is perhaps the theorem $a \bmod b +
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1506
(a/b)\times b = a$.
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1507
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1508
To minimize the need for tedious proofs of $t\in\isa{nat}$, the arithmetic
9584
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1509
operators coerce their arguments to be natural numbers.  The function
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1510
\cdx{natify} is defined such that $\isa{natify}(n) = n$ if $n$ is a natural
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1511
number, $\isa{natify}(\isa{succ}(x)) =
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1512
\isa{succ}(\isa{natify}(x))$ for all $x$, and finally
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1513
$\isa{natify}(x)=0$ in all other cases.  The benefit is that the addition,
9584
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1514
subtraction, multiplication, division and remainder operators always return
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1515
natural numbers, regardless of their arguments.  Algebraic laws (commutative,
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1516
associative, distributive) are unconditional.  Occurrences of \isa{natify}
9584
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1517
as operands of those operators are simplified away.  Any remaining occurrences
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1518
can either be tolerated or else eliminated by proving that the argument is a
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1519
natural number.
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1520
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1521
The simplifier automatically cancels common terms on the opposite sides of
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1522
subtraction and of relations ($=$, $<$ and $\le$).  Here is an example:
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1523
\begin{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1524
 1. i \#+ j \#+ k \#- j < k \#+ l\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1525
\isacommand{apply}\ simp\isanewline
9584
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1526
 1. natify(i) < natify(l)
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1527
\end{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1528
Given the assumptions \isa{i \isasymin nat} and \isa{l \isasymin nat}, both occurrences of
9584
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1529
\cdx{natify} would be simplified away.
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1530
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1531
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1532
\begin{figure}\small
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1533
\index{$*@{\tt\$*} symbol}
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1534
\index{$+@{\tt\$+} symbol}
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1535
\index{$-@{\tt\$-} symbol}
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1536
\begin{constants}
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1537
  \it symbol  & \it meta-type & \it priority & \it description \\ 
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1538
  \cdx{int}     & $i$                   &       & set of integers \\
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1539
  \tt \$*       & $[i,i]\To i$  &  Left 70      & multiplication \\
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1540
  \tt \$+       & $[i,i]\To i$  &  Left 65      & addition\\
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1541
  \tt \$-       & $[i,i]\To i$  &  Left 65      & subtraction\\
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1542
  \tt \$<       & $[i,i]\To o$  &  Left 50      & $<$ on integers\\
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1543
  \tt \$<=      & $[i,i]\To o$  &  Left 50      & $\le$ on integers
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1544
\end{constants}
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1545
14158
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1546
\begin{alltt*}\isastyleminor
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1547
\tdx{zadd_0_intify}:    0 $+ n = intify(n)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1548
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1549
\tdx{zmult_type}:       m $* n \isasymin int
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1550
\tdx{zmult_0}:          0 $* n = 0
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1551
\tdx{zmult_commute}:    m $* n = n $* m
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1552
\tdx{zadd_zmult_dist}:   (m $+ n) $* k = (m $* k) $+ (n $* k)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1553
\tdx{zmult_assoc}:      (m $* n) $* k = m $* (n $* k)
14158
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1554
\end{alltt*}
9584
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1555
\caption{The integers} \label{zf-int}
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1556
\end{figure}
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1557
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1558
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1559
\index{integers}
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1560
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1561
Theory \thydx{Int} defines the integers, as equivalence classes of natural
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1562
numbers.   Figure~\ref{zf-int} presents a tidy collection of laws.  In
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1563
fact, a large library of facts is proved, including monotonicity laws for
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1564
addition and multiplication, covering both positive and negative operands.  
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1565
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1566
As with the natural numbers, the need for typing proofs is minimized.  All the
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1567
operators defined in Fig.\ts\ref{zf-int} coerce their operands to integers by
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1568
applying the function \cdx{intify}.  This function is the identity on integers
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1569
and maps other operands to zero.
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1570
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1571
Decimal notation is provided for the integers.  Numbers, written as
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1572
\isa{\#$nnn$} or \isa{\#-$nnn$}, are represented internally in
9584
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1573
two's-complement binary.  Expressions involving addition, subtraction and
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1574
multiplication of numeral constants are evaluated (with acceptable efficiency)
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1575
by simplification.  The simplifier also collects similar terms, multiplying
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1576
them by a numerical coefficient.  It also cancels occurrences of the same
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1577
terms on the other side of the relational operators.  Example:
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1578
\begin{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1579
 1. y \$+ z \$+ \#-3 \$* x \$+ y \$<=  x \$* \#2 \$+
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1580
z\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1581
\isacommand{apply}\ simp\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1582
 1. \#2 \$* y \$<= \#5 \$* x
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1583
\end{isabelle}
9584
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1584
For more information on the integers, please see the theories on directory
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1585
\texttt{ZF/Integ}. 
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1586
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1587
\index{arithmetic|)}
af21f4364c05 documented the integers and updated section on nat arithmetic
paulson
parents: 8249
diff changeset
  1588
6173
2c0579e8e6fa documented typecheck_tac, etc
paulson
parents: 6143
diff changeset
  1589
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1590
\section{Datatype definitions}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1591
\label{sec:ZF:datatype}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1592
\index{*datatype|(}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1593
9695
ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty;
wenzelm
parents: 9584
diff changeset
  1594
The \ttindex{datatype} definition package of ZF constructs inductive datatypes
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1595
similar to \ML's.  It can also construct coinductive datatypes
9695
ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty;
wenzelm
parents: 9584
diff changeset
  1596
(codatatypes), which are non-well-founded structures such as streams.  It
ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty;
wenzelm
parents: 9584
diff changeset
  1597
defines the set using a fixed-point construction and proves induction rules,
ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty;
wenzelm
parents: 9584
diff changeset
  1598
as well as theorems for recursion and case combinators.  It supplies
ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty;
wenzelm
parents: 9584
diff changeset
  1599
mechanisms for reasoning about freeness.  The datatype package can handle both
ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty;
wenzelm
parents: 9584
diff changeset
  1600
mutual and indirect recursion.
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1601
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1602
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1603
\subsection{Basics}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1604
\label{subsec:datatype:basics}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1605
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1606
A \isa{datatype} definition has the following form:
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1607
\[
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1608
\begin{array}{llcl}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1609
\mathtt{datatype} & t@1(A@1,\ldots,A@h) & = &
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1610
  constructor^1@1 ~\mid~ \ldots ~\mid~ constructor^1@{k@1} \\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1611
 & & \vdots \\
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1612
\mathtt{and} & t@n(A@1,\ldots,A@h) & = &
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1613
  constructor^n@1~ ~\mid~ \ldots ~\mid~ constructor^n@{k@n}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1614
\end{array}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1615
\]
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1616
Here $t@1$, \ldots,~$t@n$ are identifiers and $A@1$, \ldots,~$A@h$ are
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1617
variables: the datatype's parameters.  Each constructor specification has the
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1618
form \dquotesoff
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1619
\[ C \hbox{\tt~( } \hbox{\tt"} x@1 \hbox{\tt:} T@1 \hbox{\tt"},\;
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1620
                   \ldots,\;
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1621
                   \hbox{\tt"} x@m \hbox{\tt:} T@m \hbox{\tt"}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1622
     \hbox{\tt~)}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1623
\]
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1624
Here $C$ is the constructor name, and variables $x@1$, \ldots,~$x@m$ are the
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1625
constructor arguments, belonging to the sets $T@1$, \ldots, $T@m$,
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1626
respectively.  Typically each $T@j$ is either a constant set, a datatype
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1627
parameter (one of $A@1$, \ldots, $A@h$) or a recursive occurrence of one of
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1628
the datatypes, say $t@i(A@1,\ldots,A@h)$.  More complex possibilities exist,
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1629
but they are much harder to realize.  Often, additional information must be
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1630
supplied in the form of theorems.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1631
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1632
A datatype can occur recursively as the argument of some function~$F$.  This
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1633
is called a {\em nested} (or \emph{indirect}) occurrence.  It is only allowed
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1634
if the datatype package is given a theorem asserting that $F$ is monotonic.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1635
If the datatype has indirect occurrences, then Isabelle/ZF does not support
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1636
recursive function definitions.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1637
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1638
A simple example of a datatype is \isa{list}, which is built-in, and is
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1639
defined by
14158
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1640
\begin{alltt*}\isastyleminor
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1641
consts     list :: "i=>i"
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1642
datatype  "list(A)" = Nil | Cons ("a \isasymin A", "l \isasymin list(A)")
14158
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1643
\end{alltt*}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1644
Note that the datatype operator must be declared as a constant first.
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1645
However, the package declares the constructors.  Here, \isa{Nil} gets type
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1646
$i$ and \isa{Cons} gets type $[i,i]\To i$.
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1647
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1648
Trees and forests can be modelled by the mutually recursive datatype
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1649
definition
14158
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1650
\begin{alltt*}\isastyleminor
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1651
consts   
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1652
  tree :: "i=>i"
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1653
  forest :: "i=>i"
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1654
  tree_forest :: "i=>i"
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1655
datatype  "tree(A)"   = Tcons ("a{\isasymin}A",  "f{\isasymin}forest(A)")
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1656
and "forest(A)" = Fnil | Fcons ("t{\isasymin}tree(A)",  "f{\isasymin}forest(A)")
14158
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1657
\end{alltt*}
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1658
Here $\isa{tree}(A)$ is the set of trees over $A$, $\isa{forest}(A)$ is
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1659
the set of forests over $A$, and  $\isa{tree_forest}(A)$ is the union of
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1660
the previous two sets.  All three operators must be declared first.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1661
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1662
The datatype \isa{term}, which is defined by
14158
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1663
\begin{alltt*}\isastyleminor
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1664
consts     term :: "i=>i"
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1665
datatype  "term(A)" = Apply ("a \isasymin A", "l \isasymin list(term(A))")
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1666
  monos list_mono
28871
111bbd2b12db Added a line that was missing from the definition
paulson
parents: 14202
diff changeset
  1667
  type_elims list_univ [THEN subsetD, elim_format]
14158
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1668
\end{alltt*}
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1669
is an example of nested recursion.  (The theorem \isa{list_mono} is proved
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1670
in theory \isa{List}, and the \isa{term} example is developed in
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1671
theory
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1672
\thydx{Induct/Term}.)
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1673
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1674
\subsubsection{Freeness of the constructors}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1675
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1676
Constructors satisfy {\em freeness} properties.  Constructions are distinct,
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1677
for example $\isa{Nil}\not=\isa{Cons}(a,l)$, and they are injective, for
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1678
example $\isa{Cons}(a,l)=\isa{Cons}(a',l') \bimp a=a' \conj l=l'$.
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1679
Because the number of freeness is quadratic in the number of constructors, the
6143
1eb364a68c54 freeness reasoning: T.free_iffs
paulson
parents: 6141
diff changeset
  1680
datatype package does not prove them.  Instead, it ensures that simplification
1eb364a68c54 freeness reasoning: T.free_iffs
paulson
parents: 6141
diff changeset
  1681
will prove them dynamically: when the simplifier encounters a formula
1eb364a68c54 freeness reasoning: T.free_iffs
paulson
parents: 6141
diff changeset
  1682
asserting the equality of two datatype constructors, it performs freeness
1eb364a68c54 freeness reasoning: T.free_iffs
paulson
parents: 6141
diff changeset
  1683
reasoning.  
1eb364a68c54 freeness reasoning: T.free_iffs
paulson
parents: 6141
diff changeset
  1684
1eb364a68c54 freeness reasoning: T.free_iffs
paulson
parents: 6141
diff changeset
  1685
Freeness reasoning can also be done using the classical reasoner, but it is
1eb364a68c54 freeness reasoning: T.free_iffs
paulson
parents: 6141
diff changeset
  1686
more complicated.  You have to add some safe elimination rules rules to the
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1687
claset.  For the \isa{list} datatype, they are called
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1688
\isa{list.free_elims}.  Occasionally this exposes the underlying
6143
1eb364a68c54 freeness reasoning: T.free_iffs
paulson
parents: 6141
diff changeset
  1689
representation of some constructor, which can be rectified using the command
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1690
\isa{unfold list.con_defs [symmetric]}.
6143
1eb364a68c54 freeness reasoning: T.free_iffs
paulson
parents: 6141
diff changeset
  1691
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1692
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1693
\subsubsection{Structural induction}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1694
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1695
The datatype package also provides structural induction rules.  For datatypes
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1696
without mutual or nested recursion, the rule has the form exemplified by
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1697
\isa{list.induct} in Fig.\ts\ref{zf-list}.  For mutually recursive
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1698
datatypes, the induction rule is supplied in two forms.  Consider datatype
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1699
\isa{TF}.  The rule \isa{tree_forest.induct} performs induction over a
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1700
single predicate~\isa{P}, which is presumed to be defined for both trees
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1701
and forests:
14158
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1702
\begin{alltt*}\isastyleminor
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1703
[| x \isasymin tree_forest(A);
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1704
   !!a f. [| a \isasymin A; f \isasymin forest(A); P(f) |] ==> P(Tcons(a, f)); 
8249
3fc32155372c fixed some overfull lines
paulson
parents: 6745
diff changeset
  1705
   P(Fnil);
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1706
   !!f t. [| t \isasymin tree(A); P(t); f \isasymin forest(A); P(f) |]
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1707
          ==> P(Fcons(t, f)) 
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1708
|] ==> P(x)
14158
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1709
\end{alltt*}
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1710
The rule \isa{tree_forest.mutual_induct} performs induction over two
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1711
distinct predicates, \isa{P_tree} and \isa{P_forest}.
14158
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1712
\begin{alltt*}\isastyleminor
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1713
[| !!a f.
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1714
      [| a{\isasymin}A; f{\isasymin}forest(A); P_forest(f) |] ==> P_tree(Tcons(a,f));
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1715
   P_forest(Fnil);
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1716
   !!f t. [| t{\isasymin}tree(A); P_tree(t); f{\isasymin}forest(A); P_forest(f) |]
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1717
          ==> P_forest(Fcons(t, f)) 
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1718
|] ==> ({\isasymforall}za. za \isasymin tree(A) --> P_tree(za)) &
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1719
    ({\isasymforall}za. za \isasymin forest(A) --> P_forest(za))
14158
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1720
\end{alltt*}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1721
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1722
For datatypes with nested recursion, such as the \isa{term} example from
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1723
above, things are a bit more complicated.  The rule \isa{term.induct}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1724
refers to the monotonic operator, \isa{list}:
14158
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1725
\begin{alltt*}\isastyleminor
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1726
[| x \isasymin term(A);
14158
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1727
   !!a l. [| a\isasymin{}A; l\isasymin{}list(Collect(term(A), P)) |] ==> P(Apply(a,l)) 
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1728
|] ==> P(x)
14158
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1729
\end{alltt*}
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1730
The theory \isa{Induct/Term.thy} derives two higher-level induction rules,
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1731
one of which is particularly useful for proving equations:
14158
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1732
\begin{alltt*}\isastyleminor
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1733
[| t \isasymin term(A);
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1734
   !!x zs. [| x \isasymin A; zs \isasymin list(term(A)); map(f, zs) = map(g, zs) |]
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1735
           ==> f(Apply(x, zs)) = g(Apply(x, zs)) 
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1736
|] ==> f(t) = g(t)  
14158
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1737
\end{alltt*}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1738
How this can be generalized to other nested datatypes is a matter for future
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1739
research.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1740
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1741
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1742
\subsubsection{The \isa{case} operator}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1743
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1744
The package defines an operator for performing case analysis over the
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1745
datatype.  For \isa{list}, it is called \isa{list_case} and satisfies
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1746
the equations
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1747
\begin{ttbox}\isastyleminor
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1748
list_case(f_Nil, f_Cons, []) = f_Nil
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1749
list_case(f_Nil, f_Cons, Cons(a, l)) = f_Cons(a, l)
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1750
\end{ttbox}
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1751
Here \isa{f_Nil} is the value to return if the argument is \isa{Nil} and
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1752
\isa{f_Cons} is a function that computes the value to return if the
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1753
argument has the form $\isa{Cons}(a,l)$.  The function can be expressed as
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1754
an abstraction, over patterns if desired (\S\ref{sec:pairs}).
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1755
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1756
For mutually recursive datatypes, there is a single \isa{case} operator.
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1757
In the tree/forest example, the constant \isa{tree_forest_case} handles all
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1758
of the constructors of the two datatypes.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1759
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1760
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1761
\subsection{Defining datatypes}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1762
42619
9691759a9b3c removed obsolete rail diagram (which was about old-style theory syntax);
wenzelm
parents: 28871
diff changeset
  1763
The theory syntax for datatype definitions is shown in the
9691759a9b3c removed obsolete rail diagram (which was about old-style theory syntax);
wenzelm
parents: 28871
diff changeset
  1764
Isabelle/Isar reference manual.  In order to be well-formed, a
9691759a9b3c removed obsolete rail diagram (which was about old-style theory syntax);
wenzelm
parents: 28871
diff changeset
  1765
datatype definition has to obey the rules stated in the previous
9691759a9b3c removed obsolete rail diagram (which was about old-style theory syntax);
wenzelm
parents: 28871
diff changeset
  1766
section.  As a result the theory is extended with the new types, the
9691759a9b3c removed obsolete rail diagram (which was about old-style theory syntax);
wenzelm
parents: 28871
diff changeset
  1767
constructors, and the theorems listed in the previous section.
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1768
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1769
Codatatypes are declared like datatypes and are identical to them in every
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1770
respect except that they have a coinduction rule instead of an induction rule.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1771
Note that while an induction rule has the effect of limiting the values
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1772
contained in the set, a coinduction rule gives a way of constructing new
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1773
values of the set.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1774
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1775
Most of the theorems about datatypes become part of the default simpset.  You
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1776
never need to see them again because the simplifier applies them
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1777
automatically.  
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1778
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1779
\subsubsection{Specialized methods for datatypes}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1780
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1781
Induction and case-analysis can be invoked using these special-purpose
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1782
methods:
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1783
\begin{ttdescription}
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1784
\item[\methdx{induct_tac} $x$] applies structural
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1785
  induction on variable $x$ to subgoal~1, provided the type of $x$ is a
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1786
  datatype.  The induction variable should not occur among other assumptions
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1787
  of the subgoal.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1788
\end{ttdescription}
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1789
% 
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1790
% we also have the ind_cases method, but what does it do?
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1791
In some situations, induction is overkill and a case distinction over all
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1792
constructors of the datatype suffices.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1793
\begin{ttdescription}
14202
643fc73e2910 case_tac tweak
paulson
parents: 14158
diff changeset
  1794
\item[\methdx{case_tac} $x$]
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1795
 performs a case analysis for the variable~$x$.
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1796
\end{ttdescription}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1797
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1798
Both tactics can only be applied to a variable, whose typing must be given in
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1799
some assumption, for example the assumption \isa{x \isasymin \ list(A)}.  The tactics
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1800
also work for the natural numbers (\isa{nat}) and disjoint sums, although
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1801
these sets were not defined using the datatype package.  (Disjoint sums are
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1802
not recursive, so only \isa{case_tac} is available.)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1803
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1804
Structured Isar methods are also available. Below, $t$ 
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1805
stands for the name of the datatype.
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1806
\begin{ttdescription}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1807
\item[\methdx{induct} \isa{set:}\ $t$] is the Isar induction tactic.
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1808
\item[\methdx{cases} \isa{set:}\ $t$] is the Isar case-analysis tactic.
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1809
\end{ttdescription}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1810
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1811
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1812
\subsubsection{The theorems proved by a datatype declaration}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1813
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1814
Here are some more details for the technically minded.  Processing the
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1815
datatype declaration of a set~$t$ produces a name space~$t$ containing
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1816
the following theorems:
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1817
\begin{ttbox}\isastyleminor
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1818
intros          \textrm{the introduction rules}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1819
cases           \textrm{the case analysis rule}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1820
induct          \textrm{the standard induction rule}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1821
mutual_induct   \textrm{the mutual induction rule, if needed}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1822
case_eqns       \textrm{equations for the case operator}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1823
recursor_eqns   \textrm{equations for the recursor}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1824
simps           \textrm{the union of} case_eqns \textrm{and} recursor_eqns
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1825
con_defs        \textrm{definitions of the case operator and constructors}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1826
free_iffs       \textrm{logical equivalences for proving freeness}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1827
free_elims      \textrm{elimination rules for proving freeness}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1828
defs            \textrm{datatype definition(s)}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1829
\end{ttbox}
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1830
Furthermore there is the theorem $C$ for every constructor~$C$; for
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1831
example, the \isa{list} datatype's introduction rules are bound to the
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1832
identifiers \isa{Nil} and \isa{Cons}.
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1833
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1834
For a codatatype, the component \isa{coinduct} is the coinduction rule,
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1835
replacing the \isa{induct} component.
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1836
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1837
See the theories \isa{Induct/Ntree} and \isa{Induct/Brouwer} for examples of
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1838
infinitely branching datatypes.  See theory \isa{Induct/LList} for an example
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1839
of a codatatype.  Some of these theories illustrate the use of additional,
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1840
undocumented features of the datatype package.  Datatype definitions are
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1841
reduced to inductive definitions, and the advanced features should be
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1842
understood in that light.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1843
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1844
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1845
\subsection{Examples}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1846
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1847
\subsubsection{The datatype of binary trees}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1848
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1849
Let us define the set $\isa{bt}(A)$ of binary trees over~$A$.  The theory
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1850
must contain these lines:
14158
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1851
\begin{alltt*}\isastyleminor
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1852
consts   bt :: "i=>i"
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1853
datatype "bt(A)" = Lf | Br ("a\isasymin{}A", "t1\isasymin{}bt(A)", "t2\isasymin{}bt(A)")
14158
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1854
\end{alltt*}
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1855
After loading the theory, we can prove some theorem.  
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1856
We begin by declaring the constructor's typechecking rules
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1857
as simplification rules:
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1858
\begin{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1859
\isacommand{declare}\ bt.intros\ [simp]%
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1860
\end{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1861
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1862
Our first example is the theorem that no tree equals its
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1863
left branch.  To make the inductive hypothesis strong enough, 
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1864
the proof requires a quantified induction formula, but 
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1865
the \isa{rule\_format} attribute will remove the quantifiers 
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1866
before the theorem is stored.
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1867
\begin{isabelle}
14158
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1868
\isacommand{lemma}\ Br\_neq\_left\ [rule\_format]:\ "l\isasymin bt(A)\ ==>\ \isasymforall x\ r.\ Br(x,l,r)\isasymnoteq{}l"\isanewline
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1869
\ 1.\ l\ \isasymin \ bt(A)\ \isasymLongrightarrow \ \isasymforall x\ r.\ Br(x,\ l,\ r)\ \isasymnoteq \ l%
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1870
\end{isabelle}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1871
This can be proved by the structural induction tactic:
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1872
\begin{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1873
\ \ \isacommand{apply}\ (induct\_tac\ l)\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1874
\ 1.\ \isasymforall x\ r.\ Br(x,\ Lf,\ r)\ \isasymnoteq \ Lf\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1875
\ 2.\ \isasymAnd a\ t1\ t2.\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1876
\isaindent{\ 2.\ \ \ \ }\isasymlbrakk a\ \isasymin \ A;\ t1\ \isasymin \ bt(A);\ \isasymforall x\ r.\ Br(x,\ t1,\ r)\ \isasymnoteq \ t1;\ t2\ \isasymin \ bt(A);\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1877
\isaindent{\ 2.\ \ \ \ \ \ \ }\isasymforall x\ r.\ Br(x,\ t2,\ r)\ \isasymnoteq \ t2\isasymrbrakk \isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1878
\isaindent{\ 2.\ \ \ \ }\isasymLongrightarrow \ \isasymforall x\ r.\ Br(x,\ Br(a,\ t1,\ t2),\ r)\ \isasymnoteq \ Br(a,\ t1,\ t2)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1879
\end{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1880
Both subgoals are proved using \isa{auto}, which performs the necessary
6143
1eb364a68c54 freeness reasoning: T.free_iffs
paulson
parents: 6141
diff changeset
  1881
freeness reasoning. 
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1882
\begin{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1883
\ \ \isacommand{apply}\ auto\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1884
No\ subgoals!\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1885
\isacommand{done}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1886
\end{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1887
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1888
An alternative proof uses Isar's fancy \isa{induct} method, which 
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1889
automatically quantifies over all free variables:
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1890
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1891
\begin{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1892
\isacommand{lemma}\ Br\_neq\_left':\ "l\ \isasymin \ bt(A)\ ==>\ (!!x\ r.\ Br(x,\ l,\ r)\ \isasymnoteq \ l)"\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1893
\ \ \isacommand{apply}\ (induct\ set:\ bt)\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1894
\ 1.\ \isasymAnd x\ r.\ Br(x,\ Lf,\ r)\ \isasymnoteq \ Lf\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1895
\ 2.\ \isasymAnd a\ t1\ t2\ x\ r.\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1896
\isaindent{\ 2.\ \ \ \ }\isasymlbrakk a\ \isasymin \ A;\ t1\ \isasymin \ bt(A);\ \isasymAnd x\ r.\ Br(x,\ t1,\ r)\ \isasymnoteq \ t1;\ t2\ \isasymin \ bt(A);\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1897
\isaindent{\ 2.\ \ \ \ \ \ \ }\isasymAnd x\ r.\ Br(x,\ t2,\ r)\ \isasymnoteq \ t2\isasymrbrakk \isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1898
\isaindent{\ 2.\ \ \ \ }\isasymLongrightarrow \ Br(x,\ Br(a,\ t1,\ t2),\ r)\ \isasymnoteq \ Br(a,\ t1,\ t2)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1899
\end{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1900
Compare the form of the induction hypotheses with the corresponding ones in
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1901
the previous proof. As before, to conclude requires only \isa{auto}.
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1902
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1903
When there are only a few constructors, we might prefer to prove the freenness
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1904
theorems for each constructor.  This is simple:
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1905
\begin{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1906
\isacommand{lemma}\ Br\_iff:\ "Br(a,l,r)\ =\ Br(a',l',r')\ <->\ a=a'\ \&\ l=l'\ \&\ r=r'"\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1907
\ \ \isacommand{by}\ (blast\ elim!:\ bt.free\_elims)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1908
\end{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1909
Here we see a demonstration of freeness reasoning using
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1910
\isa{bt.free\_elims}, but simpler still is just to apply \isa{auto}.
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1911
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1912
An \ttindex{inductive\_cases} declaration generates instances of the
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1913
case analysis rule that have been simplified  using freeness
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1914
reasoning. 
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1915
\begin{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1916
\isacommand{inductive\_cases}\ Br\_in\_bt:\ "Br(a,\ l,\ r)\ \isasymin \ bt(A)"
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1917
\end{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1918
The theorem just created is 
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1919
\begin{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1920
\isasymlbrakk Br(a,\ l,\ r)\ \isasymin \ bt(A);\ \isasymlbrakk a\ \isasymin \ A;\ l\ \isasymin \ bt(A);\ r\ \isasymin \ bt(A)\isasymrbrakk \ \isasymLongrightarrow \ Q\isasymrbrakk \ \isasymLongrightarrow \ Q.
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1921
\end{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1922
It is an elimination rule that from $\isa{Br}(a,l,r)\in\isa{bt}(A)$
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1923
lets us infer $a\in A$, $l\in\isa{bt}(A)$ and
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1924
$r\in\isa{bt}(A)$.
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1925
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1926
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1927
\subsubsection{Mixfix syntax in datatypes}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1928
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1929
Mixfix syntax is sometimes convenient.  The theory \isa{Induct/PropLog} makes a
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1930
deep embedding of propositional logic:
14158
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1931
\begin{alltt*}\isastyleminor
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1932
consts     prop :: i
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1933
datatype  "prop" = Fls
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1934
                 | Var ("n \isasymin nat")                ("#_" [100] 100)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1935
                 | "=>" ("p \isasymin prop", "q \isasymin prop")   (infixr 90)
14158
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1936
\end{alltt*}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1937
The second constructor has a special $\#n$ syntax, while the third constructor
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1938
is an infixed arrow.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1939
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1940
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1941
\subsubsection{A giant enumeration type}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1942
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1943
This example shows a datatype that consists of 60 constructors:
14158
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1944
\begin{alltt*}\isastyleminor
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1945
consts  enum :: i
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1946
datatype
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1947
  "enum" = C00 | C01 | C02 | C03 | C04 | C05 | C06 | C07 | C08 | C09
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1948
         | C10 | C11 | C12 | C13 | C14 | C15 | C16 | C17 | C18 | C19
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1949
         | C20 | C21 | C22 | C23 | C24 | C25 | C26 | C27 | C28 | C29
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1950
         | C30 | C31 | C32 | C33 | C34 | C35 | C36 | C37 | C38 | C39
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1951
         | C40 | C41 | C42 | C43 | C44 | C45 | C46 | C47 | C48 | C49
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1952
         | C50 | C51 | C52 | C53 | C54 | C55 | C56 | C57 | C58 | C59
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1953
end
14158
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  1954
\end{alltt*}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1955
The datatype package scales well.  Even though all properties are proved
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1956
rather than assumed, full processing of this definition takes around two seconds
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1957
(on a 1.8GHz machine).  The constructors have a balanced representation,
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1958
related to binary notation, so freeness properties can be proved fast.
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1959
\begin{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1960
\isacommand{lemma}\ "C00 \isasymnoteq\ C01"\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1961
\ \ \isacommand{by}\ simp
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1962
\end{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1963
You need not derive such inequalities explicitly.  The simplifier will
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1964
dispose of them automatically.
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1965
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1966
\index{*datatype|)}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1967
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1968
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1969
\subsection{Recursive function definitions}\label{sec:ZF:recursive}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1970
\index{recursive functions|see{recursion}}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1971
\index{*primrec|(}
6173
2c0579e8e6fa documented typecheck_tac, etc
paulson
parents: 6143
diff changeset
  1972
\index{recursion!primitive|(}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1973
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1974
Datatypes come with a uniform way of defining functions, {\bf primitive
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1975
  recursion}.  Such definitions rely on the recursion operator defined by the
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1976
datatype package.  Isabelle proves the desired recursion equations as
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1977
theorems.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1978
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1979
In principle, one could introduce primitive recursive functions by asserting
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1980
their reduction rules as axioms.  Here is a dangerous way of defining a
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1981
recursive function over binary trees:
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1982
\begin{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1983
\isacommand{consts}\ \ n\_nodes\ ::\ "i\ =>\ i"\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1984
\isacommand{axioms}\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1985
\ \ n\_nodes\_Lf:\ "n\_nodes(Lf)\ =\ 0"\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1986
\ \ n\_nodes\_Br:\ "n\_nodes(Br(a,l,r))\ =\ succ(n\_nodes(l)\ \#+\ n\_nodes(r))"
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1987
\end{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1988
Asserting axioms brings the danger of accidentally introducing
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1989
contradictions.  It should be avoided whenever possible.
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1990
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1991
The \ttindex{primrec} declaration is a safe means of defining primitive
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  1992
recursive functions on datatypes:
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1993
\begin{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1994
\isacommand{consts}\ \ n\_nodes\ ::\ "i\ =>\ i"\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1995
\isacommand{primrec}\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1996
\ \ "n\_nodes(Lf)\ =\ 0"\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1997
\ \ "n\_nodes(Br(a,\ l,\ r))\ =\ succ(n\_nodes(l)\ \#+\ n\_nodes(r))"
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1998
\end{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  1999
Isabelle will now derive the two equations from a low-level definition  
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2000
based upon well-founded recursion.  If they do not define a legitimate
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2001
recursion, then Isabelle will reject the declaration.
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2002
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2003
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2004
\subsubsection{Syntax of recursive definitions}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2005
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2006
The general form of a primitive recursive definition is
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2007
\begin{ttbox}\isastyleminor
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2008
primrec
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2009
    {\it reduction rules}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2010
\end{ttbox}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2011
where \textit{reduction rules} specify one or more equations of the form
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2012
\[ f \, x@1 \, \dots \, x@m \, (C \, y@1 \, \dots \, y@k) \, z@1 \,
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2013
\dots \, z@n = r \] such that $C$ is a constructor of the datatype, $r$
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2014
contains only the free variables on the left-hand side, and all recursive
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2015
calls in $r$ are of the form $f \, \dots \, y@i \, \dots$ for some $i$.  
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2016
There must be at most one reduction rule for each constructor.  The order is
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2017
immaterial.  For missing constructors, the function is defined to return zero.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2018
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2019
All reduction rules are added to the default simpset.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2020
If you would like to refer to some rule by name, then you must prefix
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2021
the rule with an identifier.  These identifiers, like those in the
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2022
\isa{rules} section of a theory, will be visible in proof scripts.
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2023
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2024
The reduction rules become part of the default simpset, which
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2025
leads to short proof scripts:
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2026
\begin{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2027
\isacommand{lemma}\ n\_nodes\_type\ [simp]:\ "t\ \isasymin \ bt(A)\ ==>\ n\_nodes(t)\ \isasymin \ nat"\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2028
\ \ \isacommand{by}\ (induct\_tac\ t,\ auto)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2029
\end{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2030
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2031
You can even use the \isa{primrec} form with non-recursive datatypes and
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2032
with codatatypes.  Recursion is not allowed, but it provides a convenient
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2033
syntax for defining functions by cases.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2034
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2035
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2036
\subsubsection{Example: varying arguments}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2037
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2038
All arguments, other than the recursive one, must be the same in each equation
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2039
and in each recursive call.  To get around this restriction, use explict
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2040
$\lambda$-abstraction and function application.  For example, let us
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2041
define the tail-recursive version of \isa{n\_nodes}, using an 
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2042
accumulating argument for the counter.  The second argument, $k$, varies in
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2043
recursive calls.
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2044
\begin{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2045
\isacommand{consts}\ \ n\_nodes\_aux\ ::\ "i\ =>\ i"\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2046
\isacommand{primrec}\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2047
\ \ "n\_nodes\_aux(Lf)\ =\ (\isasymlambda k\ \isasymin \ nat.\ k)"\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2048
\ \ "n\_nodes\_aux(Br(a,l,r))\ =\ \isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2049
\ \ \ \ \ \ (\isasymlambda k\ \isasymin \ nat.\ n\_nodes\_aux(r)\ `\ \ (n\_nodes\_aux(l)\ `\ succ(k)))"
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2050
\end{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2051
Now \isa{n\_nodes\_aux(t)\ `\ k} is our function in two arguments. We
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2052
can prove a theorem relating it to \isa{n\_nodes}. Note the quantification
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2053
over \isa{k\ \isasymin \ nat}:
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2054
\begin{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2055
\isacommand{lemma}\ n\_nodes\_aux\_eq\ [rule\_format]:\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2056
\ \ \ \ \ "t\ \isasymin \ bt(A)\ ==>\ \isasymforall k\ \isasymin \ nat.\ n\_nodes\_aux(t)`k\ =\ n\_nodes(t)\ \#+\ k"\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2057
\ \ \isacommand{by}\ (induct\_tac\ t,\ simp\_all)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2058
\end{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2059
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2060
Now, we can use \isa{n\_nodes\_aux} to define a tail-recursive version
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2061
of \isa{n\_nodes}:
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2062
\begin{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2063
\isacommand{constdefs}\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2064
\ \ n\_nodes\_tail\ ::\ "i\ =>\ i"\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2065
\ \ \ "n\_nodes\_tail(t)\ ==\ n\_nodes\_aux(t)\ `\ 0"
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2066
\end{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2067
It is easy to
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2068
prove that \isa{n\_nodes\_tail} is equivalent to \isa{n\_nodes}:
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2069
\begin{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2070
\isacommand{lemma}\ "t\ \isasymin \ bt(A)\ ==>\ n\_nodes\_tail(t)\ =\ n\_nodes(t)"\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2071
\ \isacommand{by}\ (simp\ add:\ n\_nodes\_tail\_def\ n\_nodes\_aux\_eq)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2072
\end{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2073
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2074
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2075
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2076
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2077
\index{recursion!primitive|)}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2078
\index{*primrec|)}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2079
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2080
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2081
\section{Inductive and coinductive definitions}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2082
\index{*inductive|(}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2083
\index{*coinductive|(}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2084
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2085
An {\bf inductive definition} specifies the least set~$R$ closed under given
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2086
rules.  (Applying a rule to elements of~$R$ yields a result within~$R$.)  For
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2087
example, a structural operational semantics is an inductive definition of an
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2088
evaluation relation.  Dually, a {\bf coinductive definition} specifies the
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2089
greatest set~$R$ consistent with given rules.  (Every element of~$R$ can be
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2090
seen as arising by applying a rule to elements of~$R$.)  An important example
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2091
is using bisimulation relations to formalise equivalence of processes and
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2092
infinite data structures.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2093
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2094
A theory file may contain any number of inductive and coinductive
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2095
definitions.  They may be intermixed with other declarations; in
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2096
particular, the (co)inductive sets {\bf must} be declared separately as
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2097
constants, and may have mixfix syntax or be subject to syntax translations.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2098
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2099
Each (co)inductive definition adds definitions to the theory and also
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2100
proves some theorems.  It behaves identially to the analogous
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2101
inductive definition except that instead of an induction rule there is
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2102
a coinduction rule.  Its treatment of coinduction is described in
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2103
detail in a separate paper,%
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2104
\footnote{It appeared in CADE~\cite{paulson-CADE}; a longer version is
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2105
  distributed with Isabelle as \emph{A Fixedpoint Approach to 
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2106
 (Co)Inductive and (Co)Datatype Definitions}.}  %
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2107
which you might refer to for background information.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2108
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2109
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2110
\subsection{The syntax of a (co)inductive definition}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2111
An inductive definition has the form
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2112
\begin{ttbox}\isastyleminor
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2113
inductive
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2114
  domains     {\it domain declarations}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2115
  intros      {\it introduction rules}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2116
  monos       {\it monotonicity theorems}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2117
  con_defs    {\it constructor definitions}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2118
  type_intros {\it introduction rules for type-checking}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2119
  type_elims  {\it elimination rules for type-checking}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2120
\end{ttbox}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2121
A coinductive definition is identical, but starts with the keyword
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2122
\isa{co\-inductive}.  
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2123
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2124
The \isa{monos}, \isa{con\_defs}, \isa{type\_intros} and \isa{type\_elims}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2125
sections are optional.  If present, each is specified as a list of
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2126
theorems, which may contain Isar attributes as usual.
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2127
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2128
\begin{description}
8249
3fc32155372c fixed some overfull lines
paulson
parents: 6745
diff changeset
  2129
\item[\it domain declarations] are items of the form
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2130
  {\it string\/}~\isa{\isasymsubseteq }~{\it string}, associating each recursive set with
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2131
  its domain.  (The domain is some existing set that is large enough to
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2132
  hold the new set being defined.)
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2133
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2134
\item[\it introduction rules] specify one or more introduction rules in
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2135
  the form {\it ident\/}~{\it string}, where the identifier gives the name of
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2136
  the rule in the result structure.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2137
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2138
\item[\it monotonicity theorems] are required for each operator applied to
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2139
  a recursive set in the introduction rules.  There \textbf{must} be a theorem
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2140
  of the form $A\subseteq B\Imp M(A)\subseteq M(B)$, for each premise $t\in M(R_i)$
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2141
  in an introduction rule!
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2142
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2143
\item[\it constructor definitions] contain definitions of constants
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2144
  appearing in the introduction rules.  The (co)datatype package supplies
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2145
  the constructors' definitions here.  Most (co)inductive definitions omit
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2146
  this section; one exception is the primitive recursive functions example;
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2147
  see theory \isa{Induct/Primrec}.
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2148
  
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2149
\item[\it type\_intros] consists of introduction rules for type-checking the
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2150
  definition: for demonstrating that the new set is included in its domain.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2151
  (The proof uses depth-first search.)
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2152
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2153
\item[\it type\_elims] consists of elimination rules for type-checking the
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2154
  definition.  They are presumed to be safe and are applied as often as
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2155
  possible prior to the \isa{type\_intros} search.
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2156
\end{description}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2157
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2158
The package has a few restrictions:
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2159
\begin{itemize}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2160
\item The theory must separately declare the recursive sets as
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2161
  constants.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2162
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2163
\item The names of the recursive sets must be identifiers, not infix
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2164
operators.  
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2165
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2166
\item Side-conditions must not be conjunctions.  However, an introduction rule
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2167
may contain any number of side-conditions.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2168
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2169
\item Side-conditions of the form $x=t$, where the variable~$x$ does not
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2170
  occur in~$t$, will be substituted through the rule \isa{mutual\_induct}.
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2171
\end{itemize}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2172
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2173
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2174
\subsection{Example of an inductive definition}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2175
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2176
Below, we shall see how Isabelle/ZF defines the finite powerset
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2177
operator.  The first step is to declare the constant~\isa{Fin}.  Then we
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2178
must declare it inductively, with two introduction rules:
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2179
\begin{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2180
\isacommand{consts}\ \ Fin\ ::\ "i=>i"\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2181
\isacommand{inductive}\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2182
\ \ \isakeyword{domains}\ \ \ "Fin(A)"\ \isasymsubseteq\ "Pow(A)"\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2183
\ \ \isakeyword{intros}\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2184
\ \ \ \ emptyI:\ \ "0\ \isasymin\ Fin(A)"\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2185
\ \ \ \ consI:\ \ \ "[|\ a\ \isasymin\ A;\ \ b\ \isasymin\ Fin(A)\ |]\ ==>\ cons(a,b)\ \isasymin\ Fin(A)"\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2186
\ \ \isakeyword{type\_intros}\ \ empty\_subsetI\ cons\_subsetI\ PowI\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2187
\ \ \isakeyword{type\_elims}\ \ \ PowD\ [THEN\ revcut\_rl]\end{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2188
The resulting theory contains a name space, called~\isa{Fin}.
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2189
The \isa{Fin}$~A$ introduction rules can be referred to collectively as
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2190
\isa{Fin.intros}, and also individually as \isa{Fin.emptyI} and
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2191
\isa{Fin.consI}.  The induction rule is \isa{Fin.induct}.
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2192
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2193
The chief problem with making (co)inductive definitions involves type-checking
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2194
the rules.  Sometimes, additional theorems need to be supplied under
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2195
\isa{type_intros} or \isa{type_elims}.  If the package fails when trying
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2196
to prove your introduction rules, then set the flag \ttindexbold{trace_induct}
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2197
to \isa{true} and try again.  (See the manual \emph{A Fixedpoint Approach
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2198
  \ldots} for more discussion of type-checking.)
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2199
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2200
In the example above, $\isa{Pow}(A)$ is given as the domain of
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2201
$\isa{Fin}(A)$, for obviously every finite subset of~$A$ is a subset
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2202
of~$A$.  However, the inductive definition package can only prove that given a
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2203
few hints.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2204
Here is the output that results (with the flag set) when the
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2205
\isa{type_intros} and \isa{type_elims} are omitted from the inductive
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2206
definition above:
14158
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  2207
\begin{alltt*}\isastyleminor
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2208
Inductive definition Finite.Fin
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2209
Fin(A) ==
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2210
lfp(Pow(A),
14158
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  2211
    \%X. {z\isasymin{}Pow(A) . z = 0 | ({\isasymexists}a b. z = cons(a,b) & a\isasymin{}A & b\isasymin{}X)})
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2212
  Proving monotonicity...
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2213
\ttbreak
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2214
  Proving the introduction rules...
6173
2c0579e8e6fa documented typecheck_tac, etc
paulson
parents: 6143
diff changeset
  2215
The type-checking subgoal:
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2216
0 \isasymin Fin(A)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2217
 1. 0 \isasymin Pow(A)
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2218
\ttbreak
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2219
The subgoal after monos, type_elims:
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2220
0 \isasymin Fin(A)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2221
 1. 0 \isasymin Pow(A)
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2222
*** prove_goal: tactic failed
14158
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  2223
\end{alltt*}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2224
We see the need to supply theorems to let the package prove
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2225
$\emptyset\in\isa{Pow}(A)$.  Restoring the \isa{type_intros} but not the
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2226
\isa{type_elims}, we again get an error message:
14158
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  2227
\begin{alltt*}\isastyleminor
6173
2c0579e8e6fa documented typecheck_tac, etc
paulson
parents: 6143
diff changeset
  2228
The type-checking subgoal:
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2229
0 \isasymin Fin(A)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2230
 1. 0 \isasymin Pow(A)
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2231
\ttbreak
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2232
The subgoal after monos, type_elims:
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2233
0 \isasymin Fin(A)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2234
 1. 0 \isasymin Pow(A)
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2235
\ttbreak
6173
2c0579e8e6fa documented typecheck_tac, etc
paulson
parents: 6143
diff changeset
  2236
The type-checking subgoal:
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2237
cons(a, b) \isasymin Fin(A)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2238
 1. [| a \isasymin A; b \isasymin Fin(A) |] ==> cons(a, b) \isasymin Pow(A)
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2239
\ttbreak
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2240
The subgoal after monos, type_elims:
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2241
cons(a, b) \isasymin Fin(A)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2242
 1. [| a \isasymin A; b \isasymin Pow(A) |] ==> cons(a, b) \isasymin Pow(A)
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2243
*** prove_goal: tactic failed
14158
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  2244
\end{alltt*}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2245
The first rule has been type-checked, but the second one has failed.  The
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2246
simplest solution to such problems is to prove the failed subgoal separately
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2247
and to supply it under \isa{type_intros}.  The solution actually used is
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2248
to supply, under \isa{type_elims}, a rule that changes
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2249
$b\in\isa{Pow}(A)$ to $b\subseteq A$; together with \isa{cons_subsetI}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2250
and \isa{PowI}, it is enough to complete the type-checking.
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2251
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2252
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2253
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2254
\subsection{Further examples}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2255
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2256
An inductive definition may involve arbitrary monotonic operators.  Here is a
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2257
standard example: the accessible part of a relation.  Note the use
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2258
of~\isa{Pow} in the introduction rule and the corresponding mention of the
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2259
rule \isa{Pow\_mono} in the \isa{monos} list.  If the desired rule has a
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2260
universally quantified premise, usually the effect can be obtained using
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2261
\isa{Pow}.
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2262
\begin{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2263
\isacommand{consts}\ \ acc\ ::\ "i\ =>\ i"\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2264
\isacommand{inductive}\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2265
\ \ \isakeyword{domains}\ "acc(r)"\ \isasymsubseteq \ "field(r)"\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2266
\ \ \isakeyword{intros}\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2267
\ \ \ \ vimage:\ \ "[|\ r-``\isacharbraceleft a\isacharbraceright\ \isasymin\ Pow(acc(r));\ a\ \isasymin \ field(r)\ |]
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2268
\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2269
\ \ \ \ \ \ \ \ \ \ \ \ \ \ ==>\ a\ \isasymin \ acc(r)"\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2270
\ \ \isakeyword{monos}\ \ Pow\_mono
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2271
\end{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2272
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2273
Finally, here are some coinductive definitions.  We begin by defining
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2274
lazy (potentially infinite) lists as a codatatype:
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2275
\begin{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2276
\isacommand{consts}\ \ llist\ \ ::\ "i=>i"\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2277
\isacommand{codatatype}\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2278
\ \ "llist(A)"\ =\ LNil\ |\ LCons\ ("a\ \isasymin \ A",\ "l\ \isasymin \ llist(A)")\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2279
\end{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2280
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2281
The notion of equality on such lists is modelled as a bisimulation:
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2282
\begin{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2283
\isacommand{consts}\ \ lleq\ ::\ "i=>i"\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2284
\isacommand{coinductive}\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2285
\ \ \isakeyword{domains}\ "lleq(A)"\ <=\ "llist(A)\ *\ llist(A)"\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2286
\ \ \isakeyword{intros}\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2287
\ \ \ \ LNil:\ \ "<LNil,\ LNil>\ \isasymin \ lleq(A)"\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2288
\ \ \ \ LCons:\ "[|\ a\ \isasymin \ A;\ <l,l'>\ \isasymin \ lleq(A)\ |]\ \isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2289
\ \ \ \ \ \ \ \ \ \ \ \ ==>\ <LCons(a,l),\ LCons(a,l')>\ \isasymin \ lleq(A)"\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2290
\ \ \isakeyword{type\_intros}\ \ llist.intros
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2291
\end{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2292
This use of \isa{type_intros} is typical: the relation concerns the
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2293
codatatype \isa{llist}, so naturally the introduction rules for that
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2294
codatatype will be required for type-checking the rules.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2295
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2296
The Isabelle distribution contains many other inductive definitions.  Simple
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2297
examples are collected on subdirectory \isa{ZF/Induct}.  The directory
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2298
\isa{Coind} and the theory \isa{ZF/Induct/LList} contain coinductive
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2299
definitions.  Larger examples may be found on other subdirectories of
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2300
\isa{ZF}, such as \isa{IMP}, and \isa{Resid}.
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2301
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2302
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2303
\subsection{Theorems generated}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2304
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2305
Each (co)inductive set defined in a theory file generates a name space
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2306
containing the following elements:
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2307
\begin{ttbox}\isastyleminor
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2308
intros        \textrm{the introduction rules}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2309
elim          \textrm{the elimination (case analysis) rule}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2310
induct        \textrm{the standard induction rule}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2311
mutual_induct \textrm{the mutual induction rule, if needed}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2312
defs          \textrm{definitions of inductive sets}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2313
bnd_mono      \textrm{monotonicity property}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2314
dom_subset    \textrm{inclusion in `bounding set'}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2315
\end{ttbox}
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2316
Furthermore, each introduction rule is available under its declared
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2317
name. For a codatatype, the component \isa{coinduct} is the coinduction rule,
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2318
replacing the \isa{induct} component.
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2319
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2320
Recall that the \ttindex{inductive\_cases} declaration generates
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2321
simplified instances of the case analysis rule.  It is as useful for
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2322
inductive definitions as it is for datatypes.  There are many examples
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2323
in the theory
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2324
\isa{Induct/Comb}, which is discussed at length
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2325
elsewhere~\cite{paulson-generic}.  The theory first defines the
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2326
datatype
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2327
\isa{comb} of combinators:
14158
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  2328
\begin{alltt*}\isastyleminor
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2329
consts comb :: i
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2330
datatype  "comb" = K
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2331
                 | S
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2332
                 | "#" ("p \isasymin comb", "q \isasymin comb")   (infixl 90)
14158
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  2333
\end{alltt*}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2334
The theory goes on to define contraction and parallel contraction
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2335
inductively.  Then the theory \isa{Induct/Comb.thy} defines special
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2336
cases of contraction, such as this one:
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2337
\begin{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2338
\isacommand{inductive\_cases}\ K\_contractE [elim!]:\ "K -1-> r"
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2339
\end{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2340
The theorem just created is \isa{K -1-> r \ \isasymLongrightarrow \ Q},
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2341
which expresses that the combinator \isa{K} cannot reduce to
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2342
anything.  (From the assumption \isa{K-1->r}, we can conclude any desired
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2343
formula \isa{Q}\@.)  Similar elimination rules for \isa{S} and application are also
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2344
generated. The attribute \isa{elim!}\ shown above supplies the generated
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2345
theorem to the classical reasoner.  This mode of working allows
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2346
effective reasoniung about operational semantics.
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2347
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2348
\index{*coinductive|)} \index{*inductive|)}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2349
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2350
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2351
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2352
\section{The outer reaches of set theory}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2353
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2354
The constructions of the natural numbers and lists use a suite of
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2355
operators for handling recursive function definitions.  I have described
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2356
the developments in detail elsewhere~\cite{paulson-set-II}.  Here is a brief
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2357
summary:
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2358
\begin{itemize}
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2359
  \item Theory \isa{Trancl} defines the transitive closure of a relation
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2360
    (as a least fixedpoint).
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2361
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2362
  \item Theory \isa{WF} proves the well-founded recursion theorem, using an
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2363
    elegant approach of Tobias Nipkow.  This theorem permits general
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2364
    recursive definitions within set theory.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2365
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2366
  \item Theory \isa{Ord} defines the notions of transitive set and ordinal
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2367
    number.  It derives transfinite induction.  A key definition is {\bf
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2368
      less than}: $i<j$ if and only if $i$ and $j$ are both ordinals and
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2369
    $i\in j$.  As a special case, it includes less than on the natural
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2370
    numbers.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2371
    
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2372
  \item Theory \isa{Epsilon} derives $\varepsilon$-induction and
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2373
    $\varepsilon$-recursion, which are generalisations of transfinite
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2374
    induction and recursion.  It also defines \cdx{rank}$(x)$, which is the
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2375
    least ordinal $\alpha$ such that $x$ is constructed at stage $\alpha$ of
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2376
    the cumulative hierarchy (thus $x\in V@{\alpha+1}$).
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2377
\end{itemize}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2378
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2379
Other important theories lead to a theory of cardinal numbers.  They have
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2380
not yet been written up anywhere.  Here is a summary:
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2381
\begin{itemize}
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2382
\item Theory \isa{Rel} defines the basic properties of relations, such as
14158
15bab630ae31 finished conversion to Isar format
paulson
parents: 14154
diff changeset
  2383
  reflexivity, symmetry and transitivity.
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2384
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2385
\item Theory \isa{EquivClass} develops a theory of equivalence
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2386
  classes, not using the Axiom of Choice.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2387
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2388
\item Theory \isa{Order} defines partial orderings, total orderings and
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2389
  wellorderings.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2390
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2391
\item Theory \isa{OrderArith} defines orderings on sum and product sets.
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2392
  These can be used to define ordinal arithmetic and have applications to
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2393
  cardinal arithmetic.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2394
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2395
\item Theory \isa{OrderType} defines order types.  Every wellordering is
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2396
  equivalent to a unique ordinal, which is its order type.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2397
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2398
\item Theory \isa{Cardinal} defines equipollence and cardinal numbers.
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2399
 
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2400
\item Theory \isa{CardinalArith} defines cardinal addition and
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2401
  multiplication, and proves their elementary laws.  It proves that there
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2402
  is no greatest cardinal.  It also proves a deep result, namely
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2403
  $\kappa\otimes\kappa=\kappa$ for every infinite cardinal~$\kappa$; see
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2404
  Kunen~\cite[page 29]{kunen80}.  None of these results assume the Axiom of
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2405
  Choice, which complicates their proofs considerably.  
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2406
\end{itemize}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2407
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2408
The following developments involve the Axiom of Choice (AC):
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2409
\begin{itemize}
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2410
\item Theory \isa{AC} asserts the Axiom of Choice and proves some simple
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2411
  equivalent forms.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2412
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2413
\item Theory \isa{Zorn} proves Hausdorff's Maximal Principle, Zorn's Lemma
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2414
  and the Wellordering Theorem, following Abrial and
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2415
  Laffitte~\cite{abrial93}.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2416
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2417
\item Theory \isa{Cardinal\_AC} uses AC to prove simplified theorems about
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2418
  the cardinals.  It also proves a theorem needed to justify
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2419
  infinitely branching datatype declarations: if $\kappa$ is an infinite
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2420
  cardinal and $|X(\alpha)| \le \kappa$ for all $\alpha<\kappa$ then
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2421
  $|\union\sb{\alpha<\kappa} X(\alpha)| \le \kappa$.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2422
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2423
\item Theory \isa{InfDatatype} proves theorems to justify infinitely
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2424
  branching datatypes.  Arbitrary index sets are allowed, provided their
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2425
  cardinalities have an upper bound.  The theory also justifies some
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2426
  unusual cases of finite branching, involving the finite powerset operator
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2427
  and the finite function space operator.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2428
\end{itemize}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2429
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2430
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2431
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2432
\section{The examples directories}
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2433
Directory \isa{HOL/IMP} contains a mechanised version of a semantic
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2434
equivalence proof taken from Winskel~\cite{winskel93}.  It formalises the
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2435
denotational and operational semantics of a simple while-language, then
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2436
proves the two equivalent.  It contains several datatype and inductive
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2437
definitions, and demonstrates their use.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2438
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2439
The directory \isa{ZF/ex} contains further developments in ZF set theory.
9695
ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty;
wenzelm
parents: 9584
diff changeset
  2440
Here is an overview; see the files themselves for more details.  I describe
ec7d7f877712 proper setup of iman.sty/extra.sty/ttbox.sty;
wenzelm
parents: 9584
diff changeset
  2441
much of this material in other
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2442
publications~\cite{paulson-set-I,paulson-set-II,paulson-fixedpt-milner}.
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2443
\begin{itemize}
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2444
\item File \isa{misc.ML} contains miscellaneous examples such as
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2445
  Cantor's Theorem, the Schr\"oder-Bernstein Theorem and the `Composition
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2446
  of homomorphisms' challenge~\cite{boyer86}.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2447
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2448
\item Theory \isa{Ramsey} proves the finite exponent 2 version of
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2449
  Ramsey's Theorem, following Basin and Kaufmann's
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2450
  presentation~\cite{basin91}.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2451
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2452
\item Theory \isa{Integ} develops a theory of the integers as
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2453
  equivalence classes of pairs of natural numbers.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2454
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2455
\item Theory \isa{Primrec} develops some computation theory.  It
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2456
  inductively defines the set of primitive recursive functions and presents a
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2457
  proof that Ackermann's function is not primitive recursive.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2458
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2459
\item Theory \isa{Primes} defines the Greatest Common Divisor of two
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2460
  natural numbers and and the ``divides'' relation.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2461
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2462
\item Theory \isa{Bin} defines a datatype for two's complement binary
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2463
  integers, then proves rewrite rules to perform binary arithmetic.  For
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2464
  instance, $1359\times {-}2468 = {-}3354012$ takes 0.3 seconds.
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2465
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2466
\item Theory \isa{BT} defines the recursive data structure $\isa{bt}(A)$, labelled binary trees.
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2467
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2468
\item Theory \isa{Term} defines a recursive data structure for terms
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2469
  and term lists.  These are simply finite branching trees.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2470
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2471
\item Theory \isa{TF} defines primitives for solving mutually
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2472
  recursive equations over sets.  It constructs sets of trees and forests
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2473
  as an example, including induction and recursion rules that handle the
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2474
  mutual recursion.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2475
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2476
\item Theory \isa{Prop} proves soundness and completeness of
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2477
  propositional logic~\cite{paulson-set-II}.  This illustrates datatype
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2478
  definitions, inductive definitions, structural induction and rule
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2479
  induction.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2480
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2481
\item Theory \isa{ListN} inductively defines the lists of $n$
6592
c120262044b6 Now uses manual.bib; some references updated
paulson
parents: 6173
diff changeset
  2482
  elements~\cite{paulin-tlca}.
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2483
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2484
\item Theory \isa{Acc} inductively defines the accessible part of a
6592
c120262044b6 Now uses manual.bib; some references updated
paulson
parents: 6173
diff changeset
  2485
  relation~\cite{paulin-tlca}.
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2486
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2487
\item Theory \isa{Comb} defines the datatype of combinators and
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2488
  inductively defines contraction and parallel contraction.  It goes on to
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2489
  prove the Church-Rosser Theorem.  This case study follows Camilleri and
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2490
  Melham~\cite{camilleri92}.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2491
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2492
\item Theory \isa{LList} defines lazy lists and a coinduction
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2493
  principle for proving equations between them.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2494
\end{itemize}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2495
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2496
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2497
\section{A proof about powersets}\label{sec:ZF-pow-example}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2498
To demonstrate high-level reasoning about subsets, let us prove the
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2499
equation ${\isa{Pow}(A)\cap \isa{Pow}(B)}= \isa{Pow}(A\cap B)$.  Compared
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2500
with first-order logic, set theory involves a maze of rules, and theorems
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2501
have many different proofs.  Attempting other proofs of the theorem might
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2502
be instructive.  This proof exploits the lattice properties of
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2503
intersection.  It also uses the monotonicity of the powerset operation,
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2504
from \isa{ZF/mono.ML}:
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2505
\begin{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2506
\tdx{Pow_mono}:     A \isasymsubseteq B ==> Pow(A) \isasymsubseteq Pow(B)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2507
\end{isabelle}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2508
We enter the goal and make the first step, which breaks the equation into
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2509
two inclusions by extensionality:\index{*equalityI theorem}
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2510
\begin{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2511
\isacommand{lemma}\ "Pow(A\ Int\ B)\ =\ Pow(A)\ Int\ Pow(B)"\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2512
\ 1.\ Pow(A\ \isasyminter \ B)\ =\ Pow(A)\ \isasyminter \ Pow(B)\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2513
\isacommand{apply}\ (rule\ equalityI)\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2514
\ 1.\ Pow(A\ \isasyminter \ B)\ \isasymsubseteq \ Pow(A)\ \isasyminter \ Pow(B)\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2515
\ 2.\ Pow(A)\ \isasyminter \ Pow(B)\ \isasymsubseteq \ Pow(A\ \isasyminter \ B)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2516
\end{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2517
Both inclusions could be tackled straightforwardly using \isa{subsetI}.
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2518
A shorter proof results from noting that intersection forms the greatest
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2519
lower bound:\index{*Int_greatest theorem}
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2520
\begin{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2521
\isacommand{apply}\ (rule\ Int\_greatest)\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2522
\ 1.\ Pow(A\ \isasyminter \ B)\ \isasymsubseteq \ Pow(A)\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2523
\ 2.\ Pow(A\ \isasyminter \ B)\ \isasymsubseteq \ Pow(B)\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2524
\ 3.\ Pow(A)\ \isasyminter \ Pow(B)\ \isasymsubseteq \ Pow(A\ \isasyminter \ B)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2525
\end{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2526
Subgoal~1 follows by applying the monotonicity of \isa{Pow} to $A\int
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2527
B\subseteq A$; subgoal~2 follows similarly:
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2528
\index{*Int_lower1 theorem}\index{*Int_lower2 theorem}
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2529
\begin{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2530
\isacommand{apply}\ (rule\ Int\_lower1\ [THEN\ Pow\_mono])\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2531
\ 1.\ Pow(A\ \isasyminter \ B)\ \isasymsubseteq \ Pow(B)\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2532
\ 2.\ Pow(A)\ \isasyminter \ Pow(B)\ \isasymsubseteq \ Pow(A\ \isasyminter \ B)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2533
\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2534
\isacommand{apply}\ (rule\ Int\_lower2\ [THEN\ Pow\_mono])\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2535
\ 1.\ Pow(A)\ \isasyminter \ Pow(B)\ \isasymsubseteq \ Pow(A\ \isasyminter \ B)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2536
\end{isabelle}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2537
We are left with the opposite inclusion, which we tackle in the
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2538
straightforward way:\index{*subsetI theorem}
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2539
\begin{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2540
\isacommand{apply}\ (rule\ subsetI)\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2541
\ 1.\ \isasymAnd x.\ x\ \isasymin \ Pow(A)\ \isasyminter \ Pow(B)\ \isasymLongrightarrow \ x\ \isasymin \ Pow(A\ \isasyminter \ B)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2542
\end{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2543
The subgoal is to show $x\in \isa{Pow}(A\cap B)$ assuming $x\in\isa{Pow}(A)\cap \isa{Pow}(B)$; eliminating this assumption produces two
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2544
subgoals.  The rule \tdx{IntE} treats the intersection like a conjunction
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2545
instead of unfolding its definition.
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2546
\begin{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2547
\isacommand{apply}\ (erule\ IntE)\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2548
\ 1.\ \isasymAnd x.\ \isasymlbrakk x\ \isasymin \ Pow(A);\ x\ \isasymin \ Pow(B)\isasymrbrakk \ \isasymLongrightarrow \ x\ \isasymin \ Pow(A\ \isasyminter \ B)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2549
\end{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2550
The next step replaces the \isa{Pow} by the subset
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2551
relation~($\subseteq$).\index{*PowI theorem}
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2552
\begin{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2553
\isacommand{apply}\ (rule\ PowI)\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2554
\ 1.\ \isasymAnd x.\ \isasymlbrakk x\ \isasymin \ Pow(A);\ x\ \isasymin \ Pow(B)\isasymrbrakk \ \isasymLongrightarrow \ x\ \isasymsubseteq \ A\ \isasyminter \ B%
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2555
\end{isabelle}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2556
We perform the same replacement in the assumptions.  This is a good
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2557
demonstration of the tactic \ttindex{drule}:\index{*PowD theorem}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2558
\begin{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2559
\isacommand{apply}\ (drule\ PowD)+\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2560
\ 1.\ \isasymAnd x.\ \isasymlbrakk x\ \isasymsubseteq \ A;\ x\ \isasymsubseteq \ B\isasymrbrakk \ \isasymLongrightarrow \ x\ \isasymsubseteq \ A\ \isasyminter \ B%
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2561
\end{isabelle}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2562
The assumptions are that $x$ is a lower bound of both $A$ and~$B$, but
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2563
$A\int B$ is the greatest lower bound:\index{*Int_greatest theorem}
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2564
\begin{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2565
\isacommand{apply}\ (rule\ Int\_greatest)\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2566
\ 1.\ \isasymAnd x.\ \isasymlbrakk x\ \isasymsubseteq \ A;\ x\ \isasymsubseteq \ B\isasymrbrakk \ \isasymLongrightarrow \ x\ \isasymsubseteq \ A\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2567
\ 2.\ \isasymAnd x.\ \isasymlbrakk x\ \isasymsubseteq \ A;\ x\ \isasymsubseteq \ B\isasymrbrakk \ \isasymLongrightarrow \ x\ \isasymsubseteq \ B%
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2568
\end{isabelle}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2569
To conclude the proof, we clear up the trivial subgoals:
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2570
\begin{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2571
\isacommand{apply}\ (assumption+)\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2572
\isacommand{done}%
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2573
\end{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2574
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2575
We could have performed this proof instantly by calling
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2576
\ttindex{blast}:
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2577
\begin{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2578
\isacommand{lemma}\ "Pow(A\ Int\ B)\ =\ Pow(A)\ Int\ Pow(B)"\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2579
\isacommand{by}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2580
\end{isabelle}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2581
Past researchers regarded this as a difficult proof, as indeed it is if all
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2582
the symbols are replaced by their definitions.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2583
\goodbreak
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2584
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2585
\section{Monotonicity of the union operator}
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2586
For another example, we prove that general union is monotonic:
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2587
${C\subseteq D}$ implies $\bigcup(C)\subseteq \bigcup(D)$.  To begin, we
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2588
tackle the inclusion using \tdx{subsetI}:
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2589
\begin{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2590
\isacommand{lemma}\ "C\isasymsubseteq D\ ==>\ Union(C)\
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2591
\isasymsubseteq \ Union(D)"\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2592
\isacommand{apply}\ (rule\ subsetI)\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2593
\ 1.\ \isasymAnd x.\ \isasymlbrakk C\ \isasymsubseteq \ D;\ x\ \isasymin \ \isasymUnion C\isasymrbrakk \ \isasymLongrightarrow \ x\ \isasymin \ \isasymUnion D%
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2594
\end{isabelle}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2595
Big union is like an existential quantifier --- the occurrence in the
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2596
assumptions must be eliminated early, since it creates parameters.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2597
\index{*UnionE theorem}
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2598
\begin{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2599
\isacommand{apply}\ (erule\ UnionE)\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2600
\ 1.\ \isasymAnd x\ B.\ \isasymlbrakk C\ \isasymsubseteq \ D;\ x\ \isasymin \ B;\ B\ \isasymin \ C\isasymrbrakk \ \isasymLongrightarrow \ x\ \isasymin \ \isasymUnion D%
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2601
\end{isabelle}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2602
Now we may apply \tdx{UnionI}, which creates an unknown involving the
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2603
parameters.  To show \isa{x\ \isasymin \ \isasymUnion D} it suffices to show that~\isa{x} belongs
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2604
to some element, say~\isa{?B2(x,B)}, of~\isa{D}\@.
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2605
\begin{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2606
\isacommand{apply}\ (rule\ UnionI)\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2607
\ 1.\ \isasymAnd x\ B.\ \isasymlbrakk C\ \isasymsubseteq \ D;\ x\ \isasymin \ B;\ B\ \isasymin \ C\isasymrbrakk \ \isasymLongrightarrow \ ?B2(x,\ B)\ \isasymin \ D\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2608
\ 2.\ \isasymAnd x\ B.\ \isasymlbrakk C\ \isasymsubseteq \ D;\ x\ \isasymin \ B;\ B\ \isasymin \ C\isasymrbrakk \ \isasymLongrightarrow \ x\ \isasymin \ ?B2(x,\ B)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2609
\end{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2610
Combining the rule \tdx{subsetD} with the assumption \isa{C\ \isasymsubseteq \ D} yields 
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2611
$\Var{a}\in C \Imp \Var{a}\in D$, which reduces subgoal~1.  Note that
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2612
\isa{erule} removes the subset assumption.
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2613
\begin{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2614
\isacommand{apply}\ (erule\ subsetD)\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2615
\ 1.\ \isasymAnd x\ B.\ \isasymlbrakk x\ \isasymin \ B;\ B\ \isasymin \ C\isasymrbrakk \ \isasymLongrightarrow \ ?B2(x,\ B)\ \isasymin \ C\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2616
\ 2.\ \isasymAnd x\ B.\ \isasymlbrakk C\ \isasymsubseteq \ D;\ x\ \isasymin \ B;\ B\ \isasymin \ C\isasymrbrakk \ \isasymLongrightarrow \ x\ \isasymin \ ?B2(x,\ B)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2617
\end{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2618
The rest is routine.  Observe how the first call to \isa{assumption}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2619
instantiates \isa{?B2(x,B)} to~\isa{B}\@.
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2620
\begin{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2621
\isacommand{apply}\ assumption\ \isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2622
\ 1.\ \isasymAnd x\ B.\ \isasymlbrakk C\ \isasymsubseteq \ D;\ x\ \isasymin \ B;\ B\ \isasymin \ C\isasymrbrakk \ \isasymLongrightarrow \ x\ \isasymin \ B%
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2623
\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2624
\isacommand{apply}\ assumption\ \isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2625
No\ subgoals!\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2626
\isacommand{done}%
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2627
\end{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2628
Again, \isa{blast} can prove this theorem in one step.
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2629
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2630
The theory \isa{ZF/equalities.thy} has many similar proofs.  Reasoning about
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2631
general intersection can be difficult because of its anomalous behaviour on
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2632
the empty set.  However, \isa{blast} copes well with these.  Here is
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2633
a typical example, borrowed from Devlin~\cite[page 12]{devlin79}:
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2634
\[ a\in C \,\Imp\, \inter@{x\in C} \Bigl(A(x) \int B(x)\Bigr) =        
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2635
       \Bigl(\inter@{x\in C} A(x)\Bigr)  \int  
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2636
       \Bigl(\inter@{x\in C} B(x)\Bigr)  \]
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2637
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2638
\section{Low-level reasoning about functions}
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2639
The derived rules \isa{lamI}, \isa{lamE}, \isa{lam_type}, \isa{beta}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2640
and \isa{eta} support reasoning about functions in a
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2641
$\lambda$-calculus style.  This is generally easier than regarding
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2642
functions as sets of ordered pairs.  But sometimes we must look at the
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2643
underlying representation, as in the following proof
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2644
of~\tdx{fun_disjoint_apply1}.  This states that if $f$ and~$g$ are
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2645
functions with disjoint domains~$A$ and~$C$, and if $a\in A$, then
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2646
$(f\un g)`a = f`a$:
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2647
\begin{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2648
\isacommand{lemma}\ "[|\ a\ \isasymin \ A;\ \ f\ \isasymin \ A->B;\ \ g\ \isasymin \ C->D;\ \ A\ \isasyminter \ C\ =\ 0\ |]
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2649
\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2650
\ \ \ \ \ \ \ \ ==>\ (f\ \isasymunion \ g)`a\ =\ f`a"
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2651
\end{isabelle}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2652
Using \tdx{apply_equality}, we reduce the equality to reasoning about
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2653
ordered pairs.  The second subgoal is to verify that \isa{f\ \isasymunion \ g} is a function, since
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2654
\isa{Pi(?A,?B)} denotes a dependent function space.
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2655
\begin{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2656
\isacommand{apply}\ (rule\ apply\_equality)\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2657
\ 1.\ \isasymlbrakk a\ \isasymin \ A;\ f\ \isasymin \ A\ \isasymrightarrow \ B;\ g\ \isasymin \ C\ \isasymrightarrow \ D;\ A\ \isasyminter \ C\ =\ 0\isasymrbrakk \isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2658
\isaindent{\ 1.\ }\isasymLongrightarrow \ \isasymlangle a,\ f\ `\ a\isasymrangle \ \isasymin \ f\ \isasymunion \ g\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2659
\ 2.\ \isasymlbrakk a\ \isasymin \ A;\ f\ \isasymin \ A\ \isasymrightarrow \ B;\ g\ \isasymin \ C\ \isasymrightarrow \ D;\ A\ \isasyminter \ C\ =\ 0\isasymrbrakk \isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2660
\isaindent{\ 2.\ }\isasymLongrightarrow \ f\ \isasymunion \ g\ \isasymin \ Pi(?A,\ ?B)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2661
\end{isabelle}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2662
We must show that the pair belongs to~$f$ or~$g$; by~\tdx{UnI1} we
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2663
choose~$f$:
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2664
\begin{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2665
\isacommand{apply}\ (rule\ UnI1)\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2666
\ 1.\ \isasymlbrakk a\ \isasymin \ A;\ f\ \isasymin \ A\ \isasymrightarrow \ B;\ g\ \isasymin \ C\ \isasymrightarrow \ D;\ A\ \isasyminter \ C\ =\ 0\isasymrbrakk \ \isasymLongrightarrow \ \isasymlangle a,\ f\ `\ a\isasymrangle \ \isasymin \ f\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2667
\ 2.\ \isasymlbrakk a\ \isasymin \ A;\ f\ \isasymin \ A\ \isasymrightarrow \ B;\ g\ \isasymin \ C\ \isasymrightarrow \ D;\ A\ \isasyminter \ C\ =\ 0\isasymrbrakk \isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2668
\isaindent{\ 2.\ }\isasymLongrightarrow \ f\ \isasymunion \ g\ \isasymin \ Pi(?A,\ ?B)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2669
\end{isabelle}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2670
To show $\pair{a,f`a}\in f$ we use \tdx{apply_Pair}, which is
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2671
essentially the converse of \tdx{apply_equality}:
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2672
\begin{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2673
\isacommand{apply}\ (rule\ apply\_Pair)\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2674
\ 1.\ \isasymlbrakk a\ \isasymin \ A;\ f\ \isasymin \ A\ \isasymrightarrow \ B;\ g\ \isasymin \ C\ \isasymrightarrow \ D;\ A\ \isasyminter \ C\ =\ 0\isasymrbrakk \ \isasymLongrightarrow \ f\ \isasymin \ Pi(?A2,?B2)\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2675
\ 2.\ \isasymlbrakk a\ \isasymin \ A;\ f\ \isasymin \ A\ \isasymrightarrow \ B;\ g\ \isasymin \ C\ \isasymrightarrow \ D;\ A\ \isasyminter \ C\ =\ 0\isasymrbrakk \ \isasymLongrightarrow \ a\ \isasymin \ ?A2\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2676
\ 3.\ \isasymlbrakk a\ \isasymin \ A;\ f\ \isasymin \ A\ \isasymrightarrow \ B;\ g\ \isasymin \ C\ \isasymrightarrow \ D;\ A\ \isasyminter \ C\ =\ 0\isasymrbrakk \isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2677
\isaindent{\ 3.\ }\isasymLongrightarrow \ f\ \isasymunion \ g\ \isasymin \ Pi(?A,\ ?B)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2678
\end{isabelle}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2679
Using the assumptions $f\in A\to B$ and $a\in A$, we solve the two subgoals
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2680
from \tdx{apply_Pair}.  Recall that a $\Pi$-set is merely a generalized
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2681
function space, and observe that~{\tt?A2} gets instantiated to~\isa{A}.
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2682
\begin{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2683
\isacommand{apply}\ assumption\ \isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2684
\ 1.\ \isasymlbrakk a\ \isasymin \ A;\ f\ \isasymin \ A\ \isasymrightarrow \ B;\ g\ \isasymin \ C\ \isasymrightarrow \ D;\ A\ \isasyminter \ C\ =\ 0\isasymrbrakk \ \isasymLongrightarrow \ a\ \isasymin \ A\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2685
\ 2.\ \isasymlbrakk a\ \isasymin \ A;\ f\ \isasymin \ A\ \isasymrightarrow \ B;\ g\ \isasymin \ C\ \isasymrightarrow \ D;\ A\ \isasyminter \ C\ =\ 0\isasymrbrakk \isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2686
\isaindent{\ 2.\ }\isasymLongrightarrow \ f\ \isasymunion \ g\ \isasymin \ Pi(?A,\ ?B)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2687
\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2688
\isacommand{apply}\ assumption\ \isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2689
\ 1.\ \isasymlbrakk a\ \isasymin \ A;\ f\ \isasymin \ A\ \isasymrightarrow \ B;\ g\ \isasymin \ C\ \isasymrightarrow \ D;\ A\ \isasyminter \ C\ =\ 0\isasymrbrakk \isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2690
\isaindent{\ 1.\ }\isasymLongrightarrow \ f\ \isasymunion \ g\ \isasymin \ Pi(?A,\ ?B)
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2691
\end{isabelle}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2692
To construct functions of the form $f\un g$, we apply
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2693
\tdx{fun_disjoint_Un}:
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2694
\begin{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2695
\isacommand{apply}\ (rule\ fun\_disjoint\_Un)\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2696
\ 1.\ \isasymlbrakk a\ \isasymin \ A;\ f\ \isasymin \ A\ \isasymrightarrow \ B;\ g\ \isasymin \ C\ \isasymrightarrow \ D;\ A\ \isasyminter \ C\ =\ 0\isasymrbrakk \ \isasymLongrightarrow \ f\ \isasymin \ ?A3\ \isasymrightarrow \ ?B3\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2697
\ 2.\ \isasymlbrakk a\ \isasymin \ A;\ f\ \isasymin \ A\ \isasymrightarrow \ B;\ g\ \isasymin \ C\ \isasymrightarrow \ D;\ A\ \isasyminter \ C\ =\ 0\isasymrbrakk \ \isasymLongrightarrow \ g\ \isasymin \ ?C3\ \isasymrightarrow \ ?D3\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2698
\ 3.\ \isasymlbrakk a\ \isasymin \ A;\ f\ \isasymin \ A\ \isasymrightarrow \ B;\ g\ \isasymin \ C\ \isasymrightarrow \ D;\ A\ \isasyminter \ C\ =\ 0\isasymrbrakk \ \isasymLongrightarrow \ ?A3\ \isasyminter \ ?C3\ =\ 0
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2699
\end{isabelle}
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2700
The remaining subgoals are instances of the assumptions.  Again, observe how
14154
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2701
unknowns become instantiated:
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2702
\begin{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2703
\isacommand{apply}\ assumption\ \isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2704
\ 1.\ \isasymlbrakk a\ \isasymin \ A;\ f\ \isasymin \ A\ \isasymrightarrow \ B;\ g\ \isasymin \ C\ \isasymrightarrow \ D;\ A\ \isasyminter \ C\ =\ 0\isasymrbrakk \ \isasymLongrightarrow \ g\ \isasymin \ ?C3\ \isasymrightarrow \ ?D3\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2705
\ 2.\ \isasymlbrakk a\ \isasymin \ A;\ f\ \isasymin \ A\ \isasymrightarrow \ B;\ g\ \isasymin \ C\ \isasymrightarrow \ D;\ A\ \isasyminter \ C\ =\ 0\isasymrbrakk \ \isasymLongrightarrow \ A\ \isasyminter \ ?C3\ =\ 0
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2706
\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2707
\isacommand{apply}\ assumption\ \isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2708
\ 1.\ \isasymlbrakk a\ \isasymin \ A;\ f\ \isasymin \ A\ \isasymrightarrow \ B;\ g\ \isasymin \ C\ \isasymrightarrow \ D;\ A\ \isasyminter \ C\ =\ 0\isasymrbrakk \ \isasymLongrightarrow \ A\ \isasyminter \ C\ =\ 0
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2709
\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2710
\isacommand{apply}\ assumption\ \isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2711
No\ subgoals!\isanewline
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2712
\isacommand{done}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2713
\end{isabelle}
3bc0128e2c74 partial conversion to Isar format
paulson
parents: 9836
diff changeset
  2714
See the theories \isa{ZF/func.thy} and \isa{ZF/WF.thy} for more
6121
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2715
examples of reasoning about functions.
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2716
5fe77b9b5185 the separate FOL and ZF logics manual, with new material on datatypes and
paulson
parents:
diff changeset
  2717
\index{set theory|)}