isabelle: src/HOL/Isar_examples/BasicLogic.thy@aa3a30b625d1 (annotated)

6444 2ebe9e630cab Miscellaneous Isabelle/Isar examples for Higher-Order Logic. wenzelm parents: diff changeset	1	(* Title: HOL/Isar_examples/BasicLogic.thy
2ebe9e630cab Miscellaneous Isabelle/Isar examples for Higher-Order Logic. wenzelm parents: diff changeset	2	ID: $Id$
2ebe9e630cab Miscellaneous Isabelle/Isar examples for Higher-Order Logic. wenzelm parents: diff changeset	3	Author: Markus Wenzel, TU Muenchen
2ebe9e630cab Miscellaneous Isabelle/Isar examples for Higher-Order Logic. wenzelm parents: diff changeset	4
2ebe9e630cab Miscellaneous Isabelle/Isar examples for Higher-Order Logic. wenzelm parents: diff changeset	5	Basic propositional and quantifier reasoning.
2ebe9e630cab Miscellaneous Isabelle/Isar examples for Higher-Order Logic. wenzelm parents: diff changeset	6	*)
2ebe9e630cab Miscellaneous Isabelle/Isar examples for Higher-Order Logic. wenzelm parents: diff changeset	7
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	8	header {* Basic logical reasoning *}
7748 5b9c45b21782 improved presentation; wenzelm parents: 7740 diff changeset	9
16417 9bc16273c2d4 migrated theory headers to new format haftmann parents: 12387 diff changeset	10	theory BasicLogic imports Main begin
6444 2ebe9e630cab Miscellaneous Isabelle/Isar examples for Higher-Order Logic. wenzelm parents: diff changeset	11
7761 7fab9592384f improved presentation; wenzelm parents: 7748 diff changeset	12
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	13	subsection {* Pure backward reasoning *}
7740 2fbe5ce9845f tuned comments; wenzelm parents: 7604 diff changeset	14
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	15	text {*
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	16	In order to get a first idea of how Isabelle/Isar proof documents
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	17	may look like, we consider the propositions @{text I}, @{text K},
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	18	and @{text S}. The following (rather explicit) proofs should
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	19	require little extra explanations.
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	20	*}
7001 8121e11ed765 Deriving rules in Isabelle; wenzelm parents: 6892 diff changeset	21
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	22	lemma I: "A --> A"
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	23	proof
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	24	assume A
23393 31781b2de73d tuned proofs: avoid implicit prems; wenzelm parents: 23373 diff changeset	25	show A by fact
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	26	qed
6444 2ebe9e630cab Miscellaneous Isabelle/Isar examples for Higher-Order Logic. wenzelm parents: diff changeset	27
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	28	lemma K: "A --> B --> A"
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	29	proof
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	30	assume A
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	31	show "B --> A"
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	32	proof
23393 31781b2de73d tuned proofs: avoid implicit prems; wenzelm parents: 23373 diff changeset	33	show A by fact
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	34	qed
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	35	qed
6444 2ebe9e630cab Miscellaneous Isabelle/Isar examples for Higher-Order Logic. wenzelm parents: diff changeset	36
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	37	lemma S: "(A --> B --> C) --> (A --> B) --> A --> C"
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	38	proof
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	39	assume "A --> B --> C"
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	40	show "(A --> B) --> A --> C"
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	41	proof
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	42	assume "A --> B"
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	43	show "A --> C"
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	44	proof
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	45	assume A
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	46	show C
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	47	proof (rule mp)
23393 31781b2de73d tuned proofs: avoid implicit prems; wenzelm parents: 23373 diff changeset	48	show "B --> C" by (rule mp) fact+
31781b2de73d tuned proofs: avoid implicit prems; wenzelm parents: 23373 diff changeset	49	show B by (rule mp) fact+
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	50	qed
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	51	qed
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	52	qed
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	53	qed
6444 2ebe9e630cab Miscellaneous Isabelle/Isar examples for Higher-Order Logic. wenzelm parents: diff changeset	54
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	55	text {*
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	56	Isar provides several ways to fine-tune the reasoning, avoiding
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	57	excessive detail. Several abbreviated language elements are
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	58	available, enabling the writer to express proofs in a more concise
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	59	way, even without referring to any automated proof tools yet.
7761 7fab9592384f improved presentation; wenzelm parents: 7748 diff changeset	60
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	61	First of all, proof by assumption may be abbreviated as a single
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	62	dot.
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	63	*}
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	64
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	65	lemma "A --> A"
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	66	proof
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	67	assume A
23393 31781b2de73d tuned proofs: avoid implicit prems; wenzelm parents: 23373 diff changeset	68	show A by fact+
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	69	qed
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	70
cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	71	text {*
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	72	In fact, concluding any (sub-)proof already involves solving any
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	73	remaining goals by assumption\footnote{This is not a completely
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	74	trivial operation, as proof by assumption may involve full
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	75	higher-order unification.}. Thus we may skip the rather vacuous
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	76	body of the above proof as well.
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	77	*}
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	78
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	79	lemma "A --> A"
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	80	proof
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	81	qed
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	82
cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	83	text {*
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	84	Note that the \isacommand{proof} command refers to the @{text rule}
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	85	method (without arguments) by default. Thus it implicitly applies a
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	86	single rule, as determined from the syntactic form of the statements
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	87	involved. The \isacommand{by} command abbreviates any proof with
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	88	empty body, so the proof may be further pruned.
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	89	*}
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	90
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	91	lemma "A --> A"
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	92	by rule
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	93
cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	94	text {*
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	95	Proof by a single rule may be abbreviated as double-dot.
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	96	*}
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	97
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	98	lemma "A --> A" ..
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	99
cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	100	text {*
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	101	Thus we have arrived at an adequate representation of the proof of a
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	102	tautology that holds by a single standard rule.\footnote{Apparently,
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	103	the rule here is implication introduction.}
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	104	*}
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	105
cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	106	text {*
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	107	Let us also reconsider @{text K}. Its statement is composed of
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	108	iterated connectives. Basic decomposition is by a single rule at a
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	109	time, which is why our first version above was by nesting two
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	110	proofs.
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	111
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	112	The @{text intro} proof method repeatedly decomposes a goal's
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	113	conclusion.\footnote{The dual method is @{text elim}, acting on a
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	114	goal's premises.}
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	115	*}
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	116
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	117	lemma "A --> B --> A"
12387 fe2353a8d1e8 fixed intro steps; wenzelm parents: 10636 diff changeset	118	proof (intro impI)
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	119	assume A
23393 31781b2de73d tuned proofs: avoid implicit prems; wenzelm parents: 23373 diff changeset	120	show A by fact
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	121	qed
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	122
cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	123	text {*
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	124	Again, the body may be collapsed.
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	125	*}
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	126
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	127	lemma "A --> B --> A"
12387 fe2353a8d1e8 fixed intro steps; wenzelm parents: 10636 diff changeset	128	by (intro impI)
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	129
cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	130	text {*
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	131	Just like @{text rule}, the @{text intro} and @{text elim} proof
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	132	methods pick standard structural rules, in case no explicit
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	133	arguments are given. While implicit rules are usually just fine for
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	134	single rule application, this may go too far with iteration. Thus
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	135	in practice, @{text intro} and @{text elim} would be typically
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	136	restricted to certain structures by giving a few rules only, e.g.\
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	137	\isacommand{proof}~@{text "(intro impI allI)"} to strip implications
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	138	and universal quantifiers.
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	139
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	140	Such well-tuned iterated decomposition of certain structures is the
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	141	prime application of @{text intro} and @{text elim}. In contrast,
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	142	terminal steps that solve a goal completely are usually performed by
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	143	actual automated proof methods (such as \isacommand{by}~@{text
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	144	blast}.
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	145	*}
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	146
cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	147
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	148	subsection {* Variations of backward vs.\ forward reasoning *}
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	149
cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	150	text {*
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	151	Certainly, any proof may be performed in backward-style only. On
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	152	the other hand, small steps of reasoning are often more naturally
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	153	expressed in forward-style. Isar supports both backward and forward
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	154	reasoning as a first-class concept. In order to demonstrate the
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	155	difference, we consider several proofs of @{text "A \<and> B \<longrightarrow> B \<and> A"}.
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	156
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	157	The first version is purely backward.
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	158	*}
7001 8121e11ed765 Deriving rules in Isabelle; wenzelm parents: 6892 diff changeset	159
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	160	lemma "A & B --> B & A"
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	161	proof
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	162	assume "A & B"
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	163	show "B & A"
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	164	proof
23393 31781b2de73d tuned proofs: avoid implicit prems; wenzelm parents: 23373 diff changeset	165	show B by (rule conjunct2) fact
31781b2de73d tuned proofs: avoid implicit prems; wenzelm parents: 23373 diff changeset	166	show A by (rule conjunct1) fact
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	167	qed
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	168	qed
6444 2ebe9e630cab Miscellaneous Isabelle/Isar examples for Higher-Order Logic. wenzelm parents: diff changeset	169
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	170	text {*
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	171	Above, the @{text "conjunct_1/2"} projection rules had to be named
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	172	explicitly, since the goals @{text B} and @{text A} did not provide
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	173	any structural clue. This may be avoided using \isacommand{from} to
23373 ead82c82da9e tuned proofs: avoid implicit prems; wenzelm parents: 18193 diff changeset	174	focus on the @{text "A \<and> B"} assumption as the current facts,
ead82c82da9e tuned proofs: avoid implicit prems; wenzelm parents: 18193 diff changeset	175	enabling the use of double-dot proofs. Note that \isacommand{from}
ead82c82da9e tuned proofs: avoid implicit prems; wenzelm parents: 18193 diff changeset	176	already does forward-chaining, involving the \name{conjE} rule here.
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	177	*}
6444 2ebe9e630cab Miscellaneous Isabelle/Isar examples for Higher-Order Logic. wenzelm parents: diff changeset	178
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	179	lemma "A & B --> B & A"
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	180	proof
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	181	assume "A & B"
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	182	show "B & A"
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	183	proof
23373 ead82c82da9e tuned proofs: avoid implicit prems; wenzelm parents: 18193 diff changeset	184	from `A & B` show B ..
ead82c82da9e tuned proofs: avoid implicit prems; wenzelm parents: 18193 diff changeset	185	from `A & B` show A ..
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	186	qed
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	187	qed
7604 55566b9ec7d7 tuned; wenzelm parents: 7480 diff changeset	188
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	189	text {*
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	190	In the next version, we move the forward step one level upwards.
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	191	Forward-chaining from the most recent facts is indicated by the
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	192	\isacommand{then} command. Thus the proof of @{text "B \<and> A"} from
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	193	@{text "A \<and> B"} actually becomes an elimination, rather than an
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	194	introduction. The resulting proof structure directly corresponds to
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	195	that of the @{text conjE} rule, including the repeated goal
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	196	proposition that is abbreviated as @{text ?thesis} below.
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	197	*}
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	198
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	199	lemma "A & B --> B & A"
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	200	proof
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	201	assume "A & B"
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	202	then show "B & A"
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	203	proof -- {* rule @{text conjE} of @{text "A \<and> B"} *}
23373 ead82c82da9e tuned proofs: avoid implicit prems; wenzelm parents: 18193 diff changeset	204	assume B A
ead82c82da9e tuned proofs: avoid implicit prems; wenzelm parents: 18193 diff changeset	205	then show ?thesis .. -- {* rule @{text conjI} of @{text "B \<and> A"} *}
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	206	qed
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	207	qed
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	208
cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	209	text {*
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	210	In the subsequent version we flatten the structure of the main body
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	211	by doing forward reasoning all the time. Only the outermost
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	212	decomposition step is left as backward.
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	213	*}
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	214
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	215	lemma "A & B --> B & A"
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	216	proof
23373 ead82c82da9e tuned proofs: avoid implicit prems; wenzelm parents: 18193 diff changeset	217	assume "A & B"
ead82c82da9e tuned proofs: avoid implicit prems; wenzelm parents: 18193 diff changeset	218	from `A & B` have A ..
ead82c82da9e tuned proofs: avoid implicit prems; wenzelm parents: 18193 diff changeset	219	from `A & B` have B ..
ead82c82da9e tuned proofs: avoid implicit prems; wenzelm parents: 18193 diff changeset	220	from `B` `A` show "B & A" ..
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	221	qed
6444 2ebe9e630cab Miscellaneous Isabelle/Isar examples for Higher-Order Logic. wenzelm parents: diff changeset	222
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	223	text {*
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	224	We can still push forward-reasoning a bit further, even at the risk
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	225	of getting ridiculous. Note that we force the initial proof step to
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	226	do nothing here, by referring to the ``-'' proof method.
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	227	*}
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	228
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	229	lemma "A & B --> B & A"
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	230	proof -
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	231	{
23373 ead82c82da9e tuned proofs: avoid implicit prems; wenzelm parents: 18193 diff changeset	232	assume "A & B"
ead82c82da9e tuned proofs: avoid implicit prems; wenzelm parents: 18193 diff changeset	233	from `A & B` have A ..
ead82c82da9e tuned proofs: avoid implicit prems; wenzelm parents: 18193 diff changeset	234	from `A & B` have B ..
ead82c82da9e tuned proofs: avoid implicit prems; wenzelm parents: 18193 diff changeset	235	from `B` `A` have "B & A" ..
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	236	}
23373 ead82c82da9e tuned proofs: avoid implicit prems; wenzelm parents: 18193 diff changeset	237	then show ?thesis .. -- {* rule \name{impI} *}
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	238	qed
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	239
cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	240	text {*
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	241	\medskip With these examples we have shifted through a whole range
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	242	from purely backward to purely forward reasoning. Apparently, in
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	243	the extreme ends we get slightly ill-structured proofs, which also
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	244	require much explicit naming of either rules (backward) or local
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	245	facts (forward).
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	246
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	247	The general lesson learned here is that good proof style would
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	248	achieve just the \emph{right} balance of top-down backward
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	249	decomposition, and bottom-up forward composition. In general, there
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	250	is no single best way to arrange some pieces of formal reasoning, of
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	251	course. Depending on the actual applications, the intended audience
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	252	etc., rules (and methods) on the one hand vs.\ facts on the other
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	253	hand have to be emphasized in an appropriate way. This requires the
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	254	proof writer to develop good taste, and some practice, of course.
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	255	*}
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	256
cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	257	text {*
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	258	For our example the most appropriate way of reasoning is probably
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	259	the middle one, with conjunction introduction done after
23373 ead82c82da9e tuned proofs: avoid implicit prems; wenzelm parents: 18193 diff changeset	260	elimination.
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	261	*}
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	262
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	263	lemma "A & B --> B & A"
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	264	proof
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	265	assume "A & B"
23373 ead82c82da9e tuned proofs: avoid implicit prems; wenzelm parents: 18193 diff changeset	266	then show "B & A"
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	267	proof
23373 ead82c82da9e tuned proofs: avoid implicit prems; wenzelm parents: 18193 diff changeset	268	assume B A
ead82c82da9e tuned proofs: avoid implicit prems; wenzelm parents: 18193 diff changeset	269	then show ?thesis ..
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	270	qed
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	271	qed
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	272
cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	273
6444 2ebe9e630cab Miscellaneous Isabelle/Isar examples for Higher-Order Logic. wenzelm parents: diff changeset	274
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	275	subsection {* A few examples from ``Introduction to Isabelle'' *}
7001 8121e11ed765 Deriving rules in Isabelle; wenzelm parents: 6892 diff changeset	276
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	277	text {*
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	278	We rephrase some of the basic reasoning examples of
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	279	\cite{isabelle-intro}, using HOL rather than FOL.
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	280	*}
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	281
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	282	subsubsection {* A propositional proof *}
7833 f5288e4b95d1 improved presentation; wenzelm parents: 7820 diff changeset	283
f5288e4b95d1 improved presentation; wenzelm parents: 7820 diff changeset	284	text {*
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	285	We consider the proposition @{text "P \<or> P \<longrightarrow> P"}. The proof below
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	286	involves forward-chaining from @{text "P \<or> P"}, followed by an
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	287	explicit case-analysis on the two \emph{identical} cases.
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	288	*}
6444 2ebe9e630cab Miscellaneous Isabelle/Isar examples for Higher-Order Logic. wenzelm parents: diff changeset	289
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	290	lemma "P \| P --> P"
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	291	proof
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	292	assume "P \| P"
23373 ead82c82da9e tuned proofs: avoid implicit prems; wenzelm parents: 18193 diff changeset	293	then show P
7833 f5288e4b95d1 improved presentation; wenzelm parents: 7820 diff changeset	294	proof -- {*
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	295	rule @{text disjE}: \smash{$\infer{C}{A \disj B & \infer{C}{[A]} & \infer{C}{[B]}}$}
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	296	*}
23393 31781b2de73d tuned proofs: avoid implicit prems; wenzelm parents: 23373 diff changeset	297	assume P show P by fact
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	298	next
23393 31781b2de73d tuned proofs: avoid implicit prems; wenzelm parents: 23373 diff changeset	299	assume P show P by fact
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	300	qed
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	301	qed
7833 f5288e4b95d1 improved presentation; wenzelm parents: 7820 diff changeset	302
f5288e4b95d1 improved presentation; wenzelm parents: 7820 diff changeset	303	text {*
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	304	Case splits are \emph{not} hardwired into the Isar language as a
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	305	special feature. The \isacommand{next} command used to separate the
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	306	cases above is just a short form of managing block structure.
7833 f5288e4b95d1 improved presentation; wenzelm parents: 7820 diff changeset	307
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	308	\medskip In general, applying proof methods may split up a goal into
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	309	separate ``cases'', i.e.\ new subgoals with individual local
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	310	assumptions. The corresponding proof text typically mimics this by
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	311	establishing results in appropriate contexts, separated by blocks.
7833 f5288e4b95d1 improved presentation; wenzelm parents: 7820 diff changeset	312
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	313	In order to avoid too much explicit parentheses, the Isar system
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	314	implicitly opens an additional block for any new goal, the
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	315	\isacommand{next} statement then closes one block level, opening a
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	316	new one. The resulting behavior is what one would expect from
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	317	separating cases, only that it is more flexible. E.g.\ an induction
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	318	base case (which does not introduce local assumptions) would
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	319	\emph{not} require \isacommand{next} to separate the subsequent step
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	320	case.
7833 f5288e4b95d1 improved presentation; wenzelm parents: 7820 diff changeset	321
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	322	\medskip In our example the situation is even simpler, since the two
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	323	cases actually coincide. Consequently the proof may be rephrased as
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	324	follows.
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	325	*}
7833 f5288e4b95d1 improved presentation; wenzelm parents: 7820 diff changeset	326
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	327	lemma "P \| P --> P"
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	328	proof
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	329	assume "P \| P"
23373 ead82c82da9e tuned proofs: avoid implicit prems; wenzelm parents: 18193 diff changeset	330	then show P
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	331	proof
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	332	assume P
23393 31781b2de73d tuned proofs: avoid implicit prems; wenzelm parents: 23373 diff changeset	333	show P by fact
31781b2de73d tuned proofs: avoid implicit prems; wenzelm parents: 23373 diff changeset	334	show P by fact
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	335	qed
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	336	qed
6444 2ebe9e630cab Miscellaneous Isabelle/Isar examples for Higher-Order Logic. wenzelm parents: diff changeset	337
7833 f5288e4b95d1 improved presentation; wenzelm parents: 7820 diff changeset	338	text {*
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	339	Again, the rather vacuous body of the proof may be collapsed. Thus
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	340	the case analysis degenerates into two assumption steps, which are
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	341	implicitly performed when concluding the single rule step of the
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	342	double-dot proof as follows.
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	343	*}
7833 f5288e4b95d1 improved presentation; wenzelm parents: 7820 diff changeset	344
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	345	lemma "P \| P --> P"
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	346	proof
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	347	assume "P \| P"
23373 ead82c82da9e tuned proofs: avoid implicit prems; wenzelm parents: 18193 diff changeset	348	then show P ..
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	349	qed
6444 2ebe9e630cab Miscellaneous Isabelle/Isar examples for Higher-Order Logic. wenzelm parents: diff changeset	350
2ebe9e630cab Miscellaneous Isabelle/Isar examples for Higher-Order Logic. wenzelm parents: diff changeset	351
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	352	subsubsection {* A quantifier proof *}
7833 f5288e4b95d1 improved presentation; wenzelm parents: 7820 diff changeset	353
f5288e4b95d1 improved presentation; wenzelm parents: 7820 diff changeset	354	text {*
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	355	To illustrate quantifier reasoning, let us prove @{text "(\<exists>x. P (f
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	356	x)) \<longrightarrow> (\<exists>y. P y)"}. Informally, this holds because any @{text a}
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	357	with @{text "P (f a)"} may be taken as a witness for the second
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	358	existential statement.
6444 2ebe9e630cab Miscellaneous Isabelle/Isar examples for Higher-Order Logic. wenzelm parents: diff changeset	359
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	360	The first proof is rather verbose, exhibiting quite a lot of
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	361	(redundant) detail. It gives explicit rules, even with some
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	362	instantiation. Furthermore, we encounter two new language elements:
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	363	the \isacommand{fix} command augments the context by some new
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	364	``arbitrary, but fixed'' element; the \isacommand{is} annotation
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	365	binds term abbreviations by higher-order pattern matching.
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	366	*}
7833 f5288e4b95d1 improved presentation; wenzelm parents: 7820 diff changeset	367
10636 d1efa59ea259 tuned; wenzelm parents: 10007 diff changeset	368	lemma "(EX x. P (f x)) --> (EX y. P y)"
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	369	proof
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	370	assume "EX x. P (f x)"
23373 ead82c82da9e tuned proofs: avoid implicit prems; wenzelm parents: 18193 diff changeset	371	then show "EX y. P y"
7833 f5288e4b95d1 improved presentation; wenzelm parents: 7820 diff changeset	372	proof (rule exE) -- {*
f5288e4b95d1 improved presentation; wenzelm parents: 7820 diff changeset	373	rule \name{exE}: \smash{$\infer{B}{\ex x A(x) & \infer*{B}{[A(x)]_x}}$}
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	374	*}
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	375	fix a
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	376	assume "P (f a)" (is "P ?witness")
23373 ead82c82da9e tuned proofs: avoid implicit prems; wenzelm parents: 18193 diff changeset	377	then show ?thesis by (rule exI [of P ?witness])
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	378	qed
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	379	qed
6444 2ebe9e630cab Miscellaneous Isabelle/Isar examples for Higher-Order Logic. wenzelm parents: diff changeset	380
7833 f5288e4b95d1 improved presentation; wenzelm parents: 7820 diff changeset	381	text {*
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	382	While explicit rule instantiation may occasionally improve
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	383	readability of certain aspects of reasoning, it is usually quite
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	384	redundant. Above, the basic proof outline gives already enough
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	385	structural clues for the system to infer both the rules and their
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	386	instances (by higher-order unification). Thus we may as well prune
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	387	the text as follows.
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	388	*}
7833 f5288e4b95d1 improved presentation; wenzelm parents: 7820 diff changeset	389
10636 d1efa59ea259 tuned; wenzelm parents: 10007 diff changeset	390	lemma "(EX x. P (f x)) --> (EX y. P y)"
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	391	proof
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	392	assume "EX x. P (f x)"
23373 ead82c82da9e tuned proofs: avoid implicit prems; wenzelm parents: 18193 diff changeset	393	then show "EX y. P y"
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	394	proof
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	395	fix a
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	396	assume "P (f a)"
23373 ead82c82da9e tuned proofs: avoid implicit prems; wenzelm parents: 18193 diff changeset	397	then show ?thesis ..
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	398	qed
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	399	qed
6444 2ebe9e630cab Miscellaneous Isabelle/Isar examples for Higher-Order Logic. wenzelm parents: diff changeset	400
9477 9506127f6fbb obtain; wenzelm parents: 8902 diff changeset	401	text {*
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	402	Explicit @{text \<exists>}-elimination as seen above can become quite
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	403	cumbersome in practice. The derived Isar language element
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	404	``\isakeyword{obtain}'' provides a more handsome way to do
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	405	generalized existence reasoning.
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	406	*}
9477 9506127f6fbb obtain; wenzelm parents: 8902 diff changeset	407
10636 d1efa59ea259 tuned; wenzelm parents: 10007 diff changeset	408	lemma "(EX x. P (f x)) --> (EX y. P y)"
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	409	proof
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	410	assume "EX x. P (f x)"
10636 d1efa59ea259 tuned; wenzelm parents: 10007 diff changeset	411	then obtain a where "P (f a)" ..
23373 ead82c82da9e tuned proofs: avoid implicit prems; wenzelm parents: 18193 diff changeset	412	then show "EX y. P y" ..
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	413	qed
9477 9506127f6fbb obtain; wenzelm parents: 8902 diff changeset	414
9506127f6fbb obtain; wenzelm parents: 8902 diff changeset	415	text {*
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	416	Technically, \isakeyword{obtain} is similar to \isakeyword{fix} and
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	417	\isakeyword{assume} together with a soundness proof of the
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	418	elimination involved. Thus it behaves similar to any other forward
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	419	proof element. Also note that due to the nature of general
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	420	existence reasoning involved here, any result exported from the
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	421	context of an \isakeyword{obtain} statement may \emph{not} refer to
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	422	the parameters introduced there.
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	423	*}
9477 9506127f6fbb obtain; wenzelm parents: 8902 diff changeset	424
9506127f6fbb obtain; wenzelm parents: 8902 diff changeset	425
6444 2ebe9e630cab Miscellaneous Isabelle/Isar examples for Higher-Order Logic. wenzelm parents: diff changeset	426
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	427	subsubsection {* Deriving rules in Isabelle *}
7001 8121e11ed765 Deriving rules in Isabelle; wenzelm parents: 6892 diff changeset	428
7833 f5288e4b95d1 improved presentation; wenzelm parents: 7820 diff changeset	429	text {*
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	430	We derive the conjunction elimination rule from the corresponding
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	431	projections. The proof is quite straight-forward, since
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	432	Isabelle/Isar supports non-atomic goals and assumptions fully
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	433	transparently.
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	434	*}
7001 8121e11ed765 Deriving rules in Isabelle; wenzelm parents: 6892 diff changeset	435
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	436	theorem conjE: "A & B ==> (A ==> B ==> C) ==> C"
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	437	proof -
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	438	assume "A & B"
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	439	assume r: "A ==> B ==> C"
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	440	show C
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	441	proof (rule r)
23393 31781b2de73d tuned proofs: avoid implicit prems; wenzelm parents: 23373 diff changeset	442	show A by (rule conjunct1) fact
31781b2de73d tuned proofs: avoid implicit prems; wenzelm parents: 23373 diff changeset	443	show B by (rule conjunct2) fact
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	444	qed
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	445	qed
7001 8121e11ed765 Deriving rules in Isabelle; wenzelm parents: 6892 diff changeset	446
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	447	end

author	haftmann
	Wed, 07 Jan 2009 22:31:36 +0100
changeset 29392	aa3a30b625d1
parent 23393	31781b2de73d
permissions	-rw-r--r--