isabelle: doc-src/TutorialI/Overview/Isar0.thy@8f394f266025 (annotated)

13258 8f394f266025 * empty log message * nipkow parents: diff changeset	1	theory Isar0 = Main:
8f394f266025 * empty log message * nipkow parents: diff changeset	2
8f394f266025 * empty log message * nipkow parents: diff changeset	3	(*
8f394f266025 * empty log message * nipkow parents: diff changeset	4	proof ::= "proof" [method] statement* "qed"
8f394f266025 * empty log message * nipkow parents: diff changeset	5	\| "by" method
8f394f266025 * empty log message * nipkow parents: diff changeset	6	statement ::= "fix" variables
8f394f266025 * empty log message * nipkow parents: diff changeset	7	\| "assume" proposition*
8f394f266025 * empty log message * nipkow parents: diff changeset	8	\| ["then"] ("show" \| "have") proposition proof
8f394f266025 * empty log message * nipkow parents: diff changeset	9	proposition ::= [label":"] string
8f394f266025 * empty log message * nipkow parents: diff changeset	10
8f394f266025 * empty log message * nipkow parents: diff changeset	11	Typical skelton:
8f394f266025 * empty log message * nipkow parents: diff changeset	12
8f394f266025 * empty log message * nipkow parents: diff changeset	13	proof
8f394f266025 * empty log message * nipkow parents: diff changeset	14	assume <assumptions>
8f394f266025 * empty log message * nipkow parents: diff changeset	15	have <formula1> -- intermediate result
8f394f266025 * empty log message * nipkow parents: diff changeset	16	:
8f394f266025 * empty log message * nipkow parents: diff changeset	17	have <formulan> -- intermediate result
8f394f266025 * empty log message * nipkow parents: diff changeset	18	show ?thesis -- the conclusion
8f394f266025 * empty log message * nipkow parents: diff changeset	19	end
8f394f266025 * empty log message * nipkow parents: diff changeset	20	*)
8f394f266025 * empty log message * nipkow parents: diff changeset	21
8f394f266025 * empty log message * nipkow parents: diff changeset	22	lemma "A \<longrightarrow> A"
8f394f266025 * empty log message * nipkow parents: diff changeset	23	proof (rule impI)
8f394f266025 * empty log message * nipkow parents: diff changeset	24	assume A: "A"
8f394f266025 * empty log message * nipkow parents: diff changeset	25	show "A" by(rule A)
8f394f266025 * empty log message * nipkow parents: diff changeset	26	qed
8f394f266025 * empty log message * nipkow parents: diff changeset	27
8f394f266025 * empty log message * nipkow parents: diff changeset	28	(* Operational reading: assume A - show A proves "A \<Longrightarrow> A", which rule impI
8f394f266025 * empty log message * nipkow parents: diff changeset	29	turns into the desired "A \<longrightarrow> A". Too much (operational) text *)
8f394f266025 * empty log message * nipkow parents: diff changeset	30
8f394f266025 * empty log message * nipkow parents: diff changeset	31	(* 1st Principle: let "proof" select the rule automatically; based on the
8f394f266025 * empty log message * nipkow parents: diff changeset	32	goal and a predefined list of (introduction) rules. Here: impI is found
8f394f266025 * empty log message * nipkow parents: diff changeset	33	automatically: *)
8f394f266025 * empty log message * nipkow parents: diff changeset	34
8f394f266025 * empty log message * nipkow parents: diff changeset	35	lemma "A \<longrightarrow> A"
8f394f266025 * empty log message * nipkow parents: diff changeset	36	proof
8f394f266025 * empty log message * nipkow parents: diff changeset	37	assume A: "A"
8f394f266025 * empty log message * nipkow parents: diff changeset	38	show "A" by(rule A)
8f394f266025 * empty log message * nipkow parents: diff changeset	39	qed
8f394f266025 * empty log message * nipkow parents: diff changeset	40
8f394f266025 * empty log message * nipkow parents: diff changeset	41	(* Proof by assumption should be trivial. Method "." does just that (and a
8f394f266025 * empty log message * nipkow parents: diff changeset	42	bit more - see later). Thus naming of assumptions is often superfluous. *)
8f394f266025 * empty log message * nipkow parents: diff changeset	43
8f394f266025 * empty log message * nipkow parents: diff changeset	44	lemma "A \<longrightarrow> A"
8f394f266025 * empty log message * nipkow parents: diff changeset	45	proof
8f394f266025 * empty log message * nipkow parents: diff changeset	46	assume "A"
8f394f266025 * empty log message * nipkow parents: diff changeset	47	have "A" .
8f394f266025 * empty log message * nipkow parents: diff changeset	48	qed
8f394f266025 * empty log message * nipkow parents: diff changeset	49
8f394f266025 * empty log message * nipkow parents: diff changeset	50	(* To hide proofs by assumption, by(method) first applies method and then
8f394f266025 * empty log message * nipkow parents: diff changeset	51	tries to solve all remaining subgoals by assumption. *)
8f394f266025 * empty log message * nipkow parents: diff changeset	52
8f394f266025 * empty log message * nipkow parents: diff changeset	53	lemma "A \<longrightarrow> A & A"
8f394f266025 * empty log message * nipkow parents: diff changeset	54	proof
8f394f266025 * empty log message * nipkow parents: diff changeset	55	assume A
8f394f266025 * empty log message * nipkow parents: diff changeset	56	show "A & A" by(rule conjI)
8f394f266025 * empty log message * nipkow parents: diff changeset	57	qed
8f394f266025 * empty log message * nipkow parents: diff changeset	58
8f394f266025 * empty log message * nipkow parents: diff changeset	59	(* Proofs of the form by(rule <rule>) can be abbreviated to ".." if <rule> is
8f394f266025 * empty log message * nipkow parents: diff changeset	60	one of the predefined introduction rules (for user supplied rules see below).
8f394f266025 * empty log message * nipkow parents: diff changeset	61	Thus
8f394f266025 * empty log message * nipkow parents: diff changeset	62	*)
8f394f266025 * empty log message * nipkow parents: diff changeset	63
8f394f266025 * empty log message * nipkow parents: diff changeset	64	lemma "A \<longrightarrow> A & A"
8f394f266025 * empty log message * nipkow parents: diff changeset	65	proof
8f394f266025 * empty log message * nipkow parents: diff changeset	66	assume A
8f394f266025 * empty log message * nipkow parents: diff changeset	67	show "A & A" ..
8f394f266025 * empty log message * nipkow parents: diff changeset	68	qed
8f394f266025 * empty log message * nipkow parents: diff changeset	69
8f394f266025 * empty log message * nipkow parents: diff changeset	70	(* What happens: applies "conj" (first "."), then solves the two subgoals by
8f394f266025 * empty log message * nipkow parents: diff changeset	71	assumptions (second ".") *)
8f394f266025 * empty log message * nipkow parents: diff changeset	72
8f394f266025 * empty log message * nipkow parents: diff changeset	73	(* Now: elimination *)
8f394f266025 * empty log message * nipkow parents: diff changeset	74
8f394f266025 * empty log message * nipkow parents: diff changeset	75	lemma "A & B \<longrightarrow> B & A"
8f394f266025 * empty log message * nipkow parents: diff changeset	76	proof
8f394f266025 * empty log message * nipkow parents: diff changeset	77	assume AB: "A & B"
8f394f266025 * empty log message * nipkow parents: diff changeset	78	show "B & A"
8f394f266025 * empty log message * nipkow parents: diff changeset	79	proof (rule conjE[OF AB])
8f394f266025 * empty log message * nipkow parents: diff changeset	80	assume A and B
8f394f266025 * empty log message * nipkow parents: diff changeset	81	show ?thesis .. --"thesis = statement in previous show"
8f394f266025 * empty log message * nipkow parents: diff changeset	82	qed
8f394f266025 * empty log message * nipkow parents: diff changeset	83	qed
8f394f266025 * empty log message * nipkow parents: diff changeset	84
8f394f266025 * empty log message * nipkow parents: diff changeset	85	(* Again: too much text.
8f394f266025 * empty log message * nipkow parents: diff changeset	86
8f394f266025 * empty log message * nipkow parents: diff changeset	87	Elimination rules are used to conclude new stuff from old. In Isar they are
8f394f266025 * empty log message * nipkow parents: diff changeset	88	triggered by propositions being fed INTO a proof block. Syntax:
8f394f266025 * empty log message * nipkow parents: diff changeset	89	from <previously proved propositions> show \<dots>
8f394f266025 * empty log message * nipkow parents: diff changeset	90	applies an elimination rule whose first premise matches one of the <previously proved propositions>. Thus:
8f394f266025 * empty log message * nipkow parents: diff changeset	91	*)
8f394f266025 * empty log message * nipkow parents: diff changeset	92
8f394f266025 * empty log message * nipkow parents: diff changeset	93	lemma "A & B \<longrightarrow> B & A"
8f394f266025 * empty log message * nipkow parents: diff changeset	94	proof
8f394f266025 * empty log message * nipkow parents: diff changeset	95	assume AB: "A & B"
8f394f266025 * empty log message * nipkow parents: diff changeset	96	from AB show "B & A"
8f394f266025 * empty log message * nipkow parents: diff changeset	97	proof
8f394f266025 * empty log message * nipkow parents: diff changeset	98	assume A and B
8f394f266025 * empty log message * nipkow parents: diff changeset	99	show ?thesis ..
8f394f266025 * empty log message * nipkow parents: diff changeset	100	qed
8f394f266025 * empty log message * nipkow parents: diff changeset	101	qed
8f394f266025 * empty log message * nipkow parents: diff changeset	102
8f394f266025 * empty log message * nipkow parents: diff changeset	103	(*
8f394f266025 * empty log message * nipkow parents: diff changeset	104	2nd principle: try to arrange sequence of propositions in a UNIX like
8f394f266025 * empty log message * nipkow parents: diff changeset	105	pipe, such that the proof of the next proposition uses the previous
8f394f266025 * empty log message * nipkow parents: diff changeset	106	one. The previous proposition can be referred to via "this".
8f394f266025 * empty log message * nipkow parents: diff changeset	107	This greatly reduces the need for explicit naming of propositions.
8f394f266025 * empty log message * nipkow parents: diff changeset	108	*)
8f394f266025 * empty log message * nipkow parents: diff changeset	109	lemma "A & B \<longrightarrow> B & A"
8f394f266025 * empty log message * nipkow parents: diff changeset	110	proof
8f394f266025 * empty log message * nipkow parents: diff changeset	111	assume "A & B"
8f394f266025 * empty log message * nipkow parents: diff changeset	112	from this show "B & A"
8f394f266025 * empty log message * nipkow parents: diff changeset	113	proof
8f394f266025 * empty log message * nipkow parents: diff changeset	114	assume A and B
8f394f266025 * empty log message * nipkow parents: diff changeset	115	show ?thesis ..
8f394f266025 * empty log message * nipkow parents: diff changeset	116	qed
8f394f266025 * empty log message * nipkow parents: diff changeset	117	qed
8f394f266025 * empty log message * nipkow parents: diff changeset	118
8f394f266025 * empty log message * nipkow parents: diff changeset	119	(* Final simplification: "from this" = "thus".
8f394f266025 * empty log message * nipkow parents: diff changeset	120
8f394f266025 * empty log message * nipkow parents: diff changeset	121	Alternative: pure forward reasoning: *)
8f394f266025 * empty log message * nipkow parents: diff changeset	122
8f394f266025 * empty log message * nipkow parents: diff changeset	123	lemma "A & B --> B & A"
8f394f266025 * empty log message * nipkow parents: diff changeset	124	proof
8f394f266025 * empty log message * nipkow parents: diff changeset	125	assume ab: "A & B"
8f394f266025 * empty log message * nipkow parents: diff changeset	126	from ab have a: A ..
8f394f266025 * empty log message * nipkow parents: diff changeset	127	from ab have b: B ..
8f394f266025 * empty log message * nipkow parents: diff changeset	128	from b a show "B & A" ..
8f394f266025 * empty log message * nipkow parents: diff changeset	129	qed
8f394f266025 * empty log message * nipkow parents: diff changeset	130
8f394f266025 * empty log message * nipkow parents: diff changeset	131	(* New: itermediate haves *)
8f394f266025 * empty log message * nipkow parents: diff changeset	132
8f394f266025 * empty log message * nipkow parents: diff changeset	133	(* The predefined introduction and elimination rules include all the usual
8f394f266025 * empty log message * nipkow parents: diff changeset	134	natural deduction rules for propositional logic. Here is a longer example: *)
8f394f266025 * empty log message * nipkow parents: diff changeset	135
8f394f266025 * empty log message * nipkow parents: diff changeset	136	lemma "~(A & B) \<longrightarrow> ~A \| ~B"
8f394f266025 * empty log message * nipkow parents: diff changeset	137	proof
8f394f266025 * empty log message * nipkow parents: diff changeset	138	assume n: "~(A & B)"
8f394f266025 * empty log message * nipkow parents: diff changeset	139	show "~A \| ~B"
8f394f266025 * empty log message * nipkow parents: diff changeset	140	proof (rule ccontr)
8f394f266025 * empty log message * nipkow parents: diff changeset	141	assume nn: "~(~ A \| ~B)"
8f394f266025 * empty log message * nipkow parents: diff changeset	142	from n show False
8f394f266025 * empty log message * nipkow parents: diff changeset	143	proof
8f394f266025 * empty log message * nipkow parents: diff changeset	144	show "A & B"
8f394f266025 * empty log message * nipkow parents: diff changeset	145	proof
8f394f266025 * empty log message * nipkow parents: diff changeset	146	show A
8f394f266025 * empty log message * nipkow parents: diff changeset	147	proof (rule ccontr)
8f394f266025 * empty log message * nipkow parents: diff changeset	148	assume "~A"
8f394f266025 * empty log message * nipkow parents: diff changeset	149	have "\<not> A \<or> \<not> B" ..
8f394f266025 * empty log message * nipkow parents: diff changeset	150	from nn this show False ..
8f394f266025 * empty log message * nipkow parents: diff changeset	151	qed
8f394f266025 * empty log message * nipkow parents: diff changeset	152	next
8f394f266025 * empty log message * nipkow parents: diff changeset	153	show B
8f394f266025 * empty log message * nipkow parents: diff changeset	154	proof (rule ccontr)
8f394f266025 * empty log message * nipkow parents: diff changeset	155	assume "~B"
8f394f266025 * empty log message * nipkow parents: diff changeset	156	have "\<not> A \<or> \<not> B" ..
8f394f266025 * empty log message * nipkow parents: diff changeset	157	from nn this show False ..
8f394f266025 * empty log message * nipkow parents: diff changeset	158	qed
8f394f266025 * empty log message * nipkow parents: diff changeset	159	qed
8f394f266025 * empty log message * nipkow parents: diff changeset	160	qed
8f394f266025 * empty log message * nipkow parents: diff changeset	161	qed
8f394f266025 * empty log message * nipkow parents: diff changeset	162	qed;
8f394f266025 * empty log message * nipkow parents: diff changeset	163
8f394f266025 * empty log message * nipkow parents: diff changeset	164	(* New:
8f394f266025 * empty log message * nipkow parents: diff changeset	165
8f394f266025 * empty log message * nipkow parents: diff changeset	166	1. Multiple subgoals. When showing "A & B" we need to show both A and B.
8f394f266025 * empty log message * nipkow parents: diff changeset	167	Each subgoal is proved separately, in ANY order. The individual proofs are
8f394f266025 * empty log message * nipkow parents: diff changeset	168	separated by "next".
8f394f266025 * empty log message * nipkow parents: diff changeset	169
8f394f266025 * empty log message * nipkow parents: diff changeset	170	2. "have" for proving an intermediate fact
8f394f266025 * empty log message * nipkow parents: diff changeset	171	*)
8f394f266025 * empty log message * nipkow parents: diff changeset	172
8f394f266025 * empty log message * nipkow parents: diff changeset	173	subsection{Becoming more concise}
8f394f266025 * empty log message * nipkow parents: diff changeset	174
8f394f266025 * empty log message * nipkow parents: diff changeset	175	(* Normally want to prove rules expressed with \<Longrightarrow>, not \<longrightarrow> *)
8f394f266025 * empty log message * nipkow parents: diff changeset	176
8f394f266025 * empty log message * nipkow parents: diff changeset	177	lemma "\<lbrakk> A \<Longrightarrow> False \<rbrakk> \<Longrightarrow> \<not> A"
8f394f266025 * empty log message * nipkow parents: diff changeset	178	proof
8f394f266025 * empty log message * nipkow parents: diff changeset	179	assume "A \<Longrightarrow> False" A
8f394f266025 * empty log message * nipkow parents: diff changeset	180	thus False .
8f394f266025 * empty log message * nipkow parents: diff changeset	181	qed
8f394f266025 * empty log message * nipkow parents: diff changeset	182
8f394f266025 * empty log message * nipkow parents: diff changeset	183	(* In this case the "proof" works on the "~A", thus selecting notI
8f394f266025 * empty log message * nipkow parents: diff changeset	184
8f394f266025 * empty log message * nipkow parents: diff changeset	185	Now: avoid repeating formulae (which may be large). *)
8f394f266025 * empty log message * nipkow parents: diff changeset	186
8f394f266025 * empty log message * nipkow parents: diff changeset	187	lemma "(large_formula \<Longrightarrow> False) \<Longrightarrow> ~ large_formula"
8f394f266025 * empty log message * nipkow parents: diff changeset	188	(is "(?P \<Longrightarrow> _) \<Longrightarrow> _")
8f394f266025 * empty log message * nipkow parents: diff changeset	189	proof
8f394f266025 * empty log message * nipkow parents: diff changeset	190	assume "?P \<Longrightarrow> False" ?P
8f394f266025 * empty log message * nipkow parents: diff changeset	191	thus False .
8f394f266025 * empty log message * nipkow parents: diff changeset	192	qed
8f394f266025 * empty log message * nipkow parents: diff changeset	193
8f394f266025 * empty log message * nipkow parents: diff changeset	194	(* Even better: can state assumptions directly *)
8f394f266025 * empty log message * nipkow parents: diff changeset	195
8f394f266025 * empty log message * nipkow parents: diff changeset	196	lemma assumes A: "large_formula \<Longrightarrow> False"
8f394f266025 * empty log message * nipkow parents: diff changeset	197	shows "~ large_formula" (is "~ ?P")
8f394f266025 * empty log message * nipkow parents: diff changeset	198	proof
8f394f266025 * empty log message * nipkow parents: diff changeset	199	assume ?P
8f394f266025 * empty log message * nipkow parents: diff changeset	200	from A show False .
8f394f266025 * empty log message * nipkow parents: diff changeset	201	qed;
8f394f266025 * empty log message * nipkow parents: diff changeset	202
8f394f266025 * empty log message * nipkow parents: diff changeset	203
8f394f266025 * empty log message * nipkow parents: diff changeset	204	(* Predicate calculus. Keyword fix introduces new local variables into a
8f394f266025 * empty log message * nipkow parents: diff changeset	205	proof. Corresponds to !! just like assume-show corresponds to \<Longrightarrow> *)
8f394f266025 * empty log message * nipkow parents: diff changeset	206
8f394f266025 * empty log message * nipkow parents: diff changeset	207	lemma assumes P: "!x. P x" shows "!x. P(f x)"
8f394f266025 * empty log message * nipkow parents: diff changeset	208	proof --"allI"
8f394f266025 * empty log message * nipkow parents: diff changeset	209	fix x
8f394f266025 * empty log message * nipkow parents: diff changeset	210	from P show "P(f x)" .. --"allE"
8f394f266025 * empty log message * nipkow parents: diff changeset	211	qed
8f394f266025 * empty log message * nipkow parents: diff changeset	212
8f394f266025 * empty log message * nipkow parents: diff changeset	213	lemma assumes Pf: "EX x. P (f x)" shows "EX y. P y"
8f394f266025 * empty log message * nipkow parents: diff changeset	214	proof -
8f394f266025 * empty log message * nipkow parents: diff changeset	215	from Pf show ?thesis
8f394f266025 * empty log message * nipkow parents: diff changeset	216	proof --"exE"
8f394f266025 * empty log message * nipkow parents: diff changeset	217	fix a
8f394f266025 * empty log message * nipkow parents: diff changeset	218	assume "P(f a)"
8f394f266025 * empty log message * nipkow parents: diff changeset	219	show ?thesis .. --"exI"
8f394f266025 * empty log message * nipkow parents: diff changeset	220	qed
8f394f266025 * empty log message * nipkow parents: diff changeset	221	qed
8f394f266025 * empty log message * nipkow parents: diff changeset	222
8f394f266025 * empty log message * nipkow parents: diff changeset	223	text {*
8f394f266025 * empty log message * nipkow parents: diff changeset	224	Explicit $\exists$-elimination as seen above can become quite
8f394f266025 * empty log message * nipkow parents: diff changeset	225	cumbersome in practice. The derived Isar language element
8f394f266025 * empty log message * nipkow parents: diff changeset	226	``\isakeyword{obtain}'' provides a more handsome way to do
8f394f266025 * empty log message * nipkow parents: diff changeset	227	generalized existence reasoning.
8f394f266025 * empty log message * nipkow parents: diff changeset	228	*}
8f394f266025 * empty log message * nipkow parents: diff changeset	229
8f394f266025 * empty log message * nipkow parents: diff changeset	230	lemma assumes Pf: "EX x. P (f x)" shows "EX y. P y"
8f394f266025 * empty log message * nipkow parents: diff changeset	231	proof -
8f394f266025 * empty log message * nipkow parents: diff changeset	232	from Pf obtain a where "P (f a)" .. --"exE"
8f394f266025 * empty log message * nipkow parents: diff changeset	233	thus "EX y. P y" .. --"exI"
8f394f266025 * empty log message * nipkow parents: diff changeset	234	qed
8f394f266025 * empty log message * nipkow parents: diff changeset	235
8f394f266025 * empty log message * nipkow parents: diff changeset	236	text {*
8f394f266025 * empty log message * nipkow parents: diff changeset	237	Technically, \isakeyword{obtain} is similar to \isakeyword{fix} and
8f394f266025 * empty log message * nipkow parents: diff changeset	238	\isakeyword{assume} together with a soundness proof of the
8f394f266025 * empty log message * nipkow parents: diff changeset	239	elimination involved. Thus it behaves similar to any other forward
8f394f266025 * empty log message * nipkow parents: diff changeset	240	proof element. Also note that due to the nature of general existence
8f394f266025 * empty log message * nipkow parents: diff changeset	241	reasoning involved here, any result exported from the context of an
8f394f266025 * empty log message * nipkow parents: diff changeset	242	\isakeyword{obtain} statement may \emph{not} refer to the parameters
8f394f266025 * empty log message * nipkow parents: diff changeset	243	introduced there.
8f394f266025 * empty log message * nipkow parents: diff changeset	244	*}
8f394f266025 * empty log message * nipkow parents: diff changeset	245
8f394f266025 * empty log message * nipkow parents: diff changeset	246	lemma assumes ex: "EX x. ALL y. P x y" shows "ALL y. EX x. P x y"
8f394f266025 * empty log message * nipkow parents: diff changeset	247	proof --"allI"
8f394f266025 * empty log message * nipkow parents: diff changeset	248	fix y
8f394f266025 * empty log message * nipkow parents: diff changeset	249	from ex obtain x where "ALL y. P x y" .. --"exE"
8f394f266025 * empty log message * nipkow parents: diff changeset	250	from this have "P x y" .. --"allE"
8f394f266025 * empty log message * nipkow parents: diff changeset	251	thus "EX x. P x y" .. --"exI"
8f394f266025 * empty log message * nipkow parents: diff changeset	252	qed
8f394f266025 * empty log message * nipkow parents: diff changeset	253
8f394f266025 * empty log message * nipkow parents: diff changeset	254	(* some example with blast, if . and .. fail *)
8f394f266025 * empty log message * nipkow parents: diff changeset	255
8f394f266025 * empty log message * nipkow parents: diff changeset	256	theorem "EX S. S ~: range (f :: 'a => 'a set)"
8f394f266025 * empty log message * nipkow parents: diff changeset	257	proof
8f394f266025 * empty log message * nipkow parents: diff changeset	258	let ?S = "{x. x ~: f x}"
8f394f266025 * empty log message * nipkow parents: diff changeset	259	show "?S ~: range f"
8f394f266025 * empty log message * nipkow parents: diff changeset	260	proof
8f394f266025 * empty log message * nipkow parents: diff changeset	261	assume "?S : range f"
8f394f266025 * empty log message * nipkow parents: diff changeset	262	then obtain y where fy: "?S = f y" ..
8f394f266025 * empty log message * nipkow parents: diff changeset	263	show False
8f394f266025 * empty log message * nipkow parents: diff changeset	264	proof (cases)
8f394f266025 * empty log message * nipkow parents: diff changeset	265	assume "y : ?S"
8f394f266025 * empty log message * nipkow parents: diff changeset	266	with fy show False by blast
8f394f266025 * empty log message * nipkow parents: diff changeset	267	next
8f394f266025 * empty log message * nipkow parents: diff changeset	268	assume "y ~: ?S"
8f394f266025 * empty log message * nipkow parents: diff changeset	269	with fy show False by blast
8f394f266025 * empty log message * nipkow parents: diff changeset	270	qed
8f394f266025 * empty log message * nipkow parents: diff changeset	271	qed
8f394f266025 * empty log message * nipkow parents: diff changeset	272	qed
8f394f266025 * empty log message * nipkow parents: diff changeset	273
8f394f266025 * empty log message * nipkow parents: diff changeset	274	theorem "EX S. S ~: range (f :: 'a => 'a set)"
8f394f266025 * empty log message * nipkow parents: diff changeset	275	proof
8f394f266025 * empty log message * nipkow parents: diff changeset	276	let ?S = "{x. x ~: f x}"
8f394f266025 * empty log message * nipkow parents: diff changeset	277	show "?S ~: range f"
8f394f266025 * empty log message * nipkow parents: diff changeset	278	proof
8f394f266025 * empty log message * nipkow parents: diff changeset	279	assume "?S : range f"
8f394f266025 * empty log message * nipkow parents: diff changeset	280	then obtain y where eq: "?S = f y" ..
8f394f266025 * empty log message * nipkow parents: diff changeset	281	show False
8f394f266025 * empty log message * nipkow parents: diff changeset	282	proof (cases)
8f394f266025 * empty log message * nipkow parents: diff changeset	283	assume A: "y : ?S"
8f394f266025 * empty log message * nipkow parents: diff changeset	284	hence isin: "y : f y" by(simp add:eq)
8f394f266025 * empty log message * nipkow parents: diff changeset	285	from A have "y ~: f y" by simp
8f394f266025 * empty log message * nipkow parents: diff changeset	286	with isin show False by contradiction
8f394f266025 * empty log message * nipkow parents: diff changeset	287	next
8f394f266025 * empty log message * nipkow parents: diff changeset	288	assume A: "y ~: ?S"
8f394f266025 * empty log message * nipkow parents: diff changeset	289	hence notin: "y ~: f y" by(simp add:eq)
8f394f266025 * empty log message * nipkow parents: diff changeset	290	from A have "y : f y" by simp
8f394f266025 * empty log message * nipkow parents: diff changeset	291	with notin show False by contradiction
8f394f266025 * empty log message * nipkow parents: diff changeset	292	qed
8f394f266025 * empty log message * nipkow parents: diff changeset	293	qed
8f394f266025 * empty log message * nipkow parents: diff changeset	294	qed
8f394f266025 * empty log message * nipkow parents: diff changeset	295
8f394f266025 * empty log message * nipkow parents: diff changeset	296	text {*
8f394f266025 * empty log message * nipkow parents: diff changeset	297	How much creativity is required? As it happens, Isabelle can prove
8f394f266025 * empty log message * nipkow parents: diff changeset	298	this theorem automatically using best-first search. Depth-first
8f394f266025 * empty log message * nipkow parents: diff changeset	299	search would diverge, but best-first search successfully navigates
8f394f266025 * empty log message * nipkow parents: diff changeset	300	through the large search space. The context of Isabelle's classical
8f394f266025 * empty log message * nipkow parents: diff changeset	301	prover contains rules for the relevant constructs of HOL's set
8f394f266025 * empty log message * nipkow parents: diff changeset	302	theory.
8f394f266025 * empty log message * nipkow parents: diff changeset	303	*}
8f394f266025 * empty log message * nipkow parents: diff changeset	304
8f394f266025 * empty log message * nipkow parents: diff changeset	305	theorem "EX S. S ~: range (f :: 'a => 'a set)"
8f394f266025 * empty log message * nipkow parents: diff changeset	306	by best
8f394f266025 * empty log message * nipkow parents: diff changeset	307
8f394f266025 * empty log message * nipkow parents: diff changeset	308	end

author	nipkow
	Fri, 28 Jun 2002 20:01:09 +0200
changeset 13258	8f394f266025
child 13262	bbfc360db011
permissions	-rw-r--r--