isabelle: src/HOL/Isar_examples/Basic_Logic.thy@ea6672bff5dd (annotated)

31758 3edd5f813f01 observe standard theory naming conventions; wenzelm parents: 23393 diff changeset	1	(* Title: HOL/Isar_examples/Basic_Logic.thy
6444 2ebe9e630cab Miscellaneous Isabelle/Isar examples for Higher-Order Logic. wenzelm parents: diff changeset	2	Author: Markus Wenzel, TU Muenchen
2ebe9e630cab Miscellaneous Isabelle/Isar examples for Higher-Order Logic. wenzelm parents: diff changeset	3
2ebe9e630cab Miscellaneous Isabelle/Isar examples for Higher-Order Logic. wenzelm parents: diff changeset	4	Basic propositional and quantifier reasoning.
2ebe9e630cab Miscellaneous Isabelle/Isar examples for Higher-Order Logic. wenzelm parents: diff changeset	5	*)
2ebe9e630cab Miscellaneous Isabelle/Isar examples for Higher-Order Logic. wenzelm parents: diff changeset	6
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	7	header {* Basic logical reasoning *}
7748 5b9c45b21782 improved presentation; wenzelm parents: 7740 diff changeset	8
31758 3edd5f813f01 observe standard theory naming conventions; wenzelm parents: 23393 diff changeset	9	theory Basic_Logic
3edd5f813f01 observe standard theory naming conventions; wenzelm parents: 23393 diff changeset	10	imports Main
3edd5f813f01 observe standard theory naming conventions; wenzelm parents: 23393 diff changeset	11	begin
6444 2ebe9e630cab Miscellaneous Isabelle/Isar examples for Higher-Order Logic. wenzelm parents: diff changeset	12
7761 7fab9592384f improved presentation; wenzelm parents: 7748 diff changeset	13
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	14	subsection {* Pure backward reasoning *}
7740 2fbe5ce9845f tuned comments; wenzelm parents: 7604 diff changeset	15
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	16	text {*
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	17	In order to get a first idea of how Isabelle/Isar proof documents
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	18	may look like, we consider the propositions @{text I}, @{text K},
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	19	and @{text S}. The following (rather explicit) proofs should
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	20	require little extra explanations.
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	21	*}
7001 8121e11ed765 Deriving rules in Isabelle; wenzelm parents: 6892 diff changeset	22
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	23	lemma I: "A --> A"
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	24	proof
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	25	assume A
23393 31781b2de73d tuned proofs: avoid implicit prems; wenzelm parents: 23373 diff changeset	26	show A by fact
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	27	qed
6444 2ebe9e630cab Miscellaneous Isabelle/Isar examples for Higher-Order Logic. wenzelm parents: diff changeset	28
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	29	lemma K: "A --> B --> A"
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	30	proof
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	31	assume A
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	32	show "B --> A"
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	33	proof
23393 31781b2de73d tuned proofs: avoid implicit prems; wenzelm parents: 23373 diff changeset	34	show A by fact
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	35	qed
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	36	qed
6444 2ebe9e630cab Miscellaneous Isabelle/Isar examples for Higher-Order Logic. wenzelm parents: diff changeset	37
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	38	lemma S: "(A --> B --> C) --> (A --> B) --> A --> C"
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	39	proof
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	40	assume "A --> B --> C"
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	41	show "(A --> B) --> A --> C"
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	42	proof
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	43	assume "A --> B"
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	44	show "A --> C"
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	45	proof
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	46	assume A
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	47	show C
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	48	proof (rule mp)
23393 31781b2de73d tuned proofs: avoid implicit prems; wenzelm parents: 23373 diff changeset	49	show "B --> C" by (rule mp) fact+
31781b2de73d tuned proofs: avoid implicit prems; wenzelm parents: 23373 diff changeset	50	show B by (rule mp) fact+
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	51	qed
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	52	qed
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	53	qed
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	54	qed
6444 2ebe9e630cab Miscellaneous Isabelle/Isar examples for Higher-Order Logic. wenzelm parents: diff changeset	55
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	56	text {*
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	57	Isar provides several ways to fine-tune the reasoning, avoiding
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	58	excessive detail. Several abbreviated language elements are
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	59	available, enabling the writer to express proofs in a more concise
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	60	way, even without referring to any automated proof tools yet.
7761 7fab9592384f improved presentation; wenzelm parents: 7748 diff changeset	61
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	62	First of all, proof by assumption may be abbreviated as a single
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	63	dot.
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	64	*}
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	65
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	66	lemma "A --> A"
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	67	proof
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	68	assume A
23393 31781b2de73d tuned proofs: avoid implicit prems; wenzelm parents: 23373 diff changeset	69	show A by fact+
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	70	qed
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	71
cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	72	text {*
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	73	In fact, concluding any (sub-)proof already involves solving any
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	74	remaining goals by assumption\footnote{This is not a completely
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	75	trivial operation, as proof by assumption may involve full
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	76	higher-order unification.}. Thus we may skip the rather vacuous
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	77	body of the above proof as well.
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	78	*}
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	79
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	80	lemma "A --> A"
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	81	proof
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	82	qed
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	83
cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	84	text {*
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	85	Note that the \isacommand{proof} command refers to the @{text rule}
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	86	method (without arguments) by default. Thus it implicitly applies a
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	87	single rule, as determined from the syntactic form of the statements
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	88	involved. The \isacommand{by} command abbreviates any proof with
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	89	empty body, so the proof may be further pruned.
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	90	*}
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	91
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	92	lemma "A --> A"
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	93	by rule
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	94
cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	95	text {*
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	96	Proof by a single rule may be abbreviated as double-dot.
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	97	*}
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	98
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	99	lemma "A --> A" ..
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	100
cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	101	text {*
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	102	Thus we have arrived at an adequate representation of the proof of a
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	103	tautology that holds by a single standard rule.\footnote{Apparently,
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	104	the rule here is implication introduction.}
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	105	*}
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	106
cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	107	text {*
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	108	Let us also reconsider @{text K}. Its statement is composed of
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	109	iterated connectives. Basic decomposition is by a single rule at a
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	110	time, which is why our first version above was by nesting two
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	111	proofs.
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	112
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	113	The @{text intro} proof method repeatedly decomposes a goal's
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	114	conclusion.\footnote{The dual method is @{text elim}, acting on a
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	115	goal's premises.}
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	116	*}
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	117
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	118	lemma "A --> B --> A"
12387 fe2353a8d1e8 fixed intro steps; wenzelm parents: 10636 diff changeset	119	proof (intro impI)
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	120	assume A
23393 31781b2de73d tuned proofs: avoid implicit prems; wenzelm parents: 23373 diff changeset	121	show A by fact
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	122	qed
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	123
cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	124	text {*
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	125	Again, the body may be collapsed.
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	126	*}
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	127
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	128	lemma "A --> B --> A"
12387 fe2353a8d1e8 fixed intro steps; wenzelm parents: 10636 diff changeset	129	by (intro impI)
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	130
cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	131	text {*
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	132	Just like @{text rule}, the @{text intro} and @{text elim} proof
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	133	methods pick standard structural rules, in case no explicit
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	134	arguments are given. While implicit rules are usually just fine for
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	135	single rule application, this may go too far with iteration. Thus
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	136	in practice, @{text intro} and @{text elim} would be typically
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	137	restricted to certain structures by giving a few rules only, e.g.\
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	138	\isacommand{proof}~@{text "(intro impI allI)"} to strip implications
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	139	and universal quantifiers.
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	140
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	141	Such well-tuned iterated decomposition of certain structures is the
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	142	prime application of @{text intro} and @{text elim}. In contrast,
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	143	terminal steps that solve a goal completely are usually performed by
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	144	actual automated proof methods (such as \isacommand{by}~@{text
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	145	blast}.
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	146	*}
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	147
cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	148
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	149	subsection {* Variations of backward vs.\ forward reasoning *}
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	150
cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	151	text {*
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	152	Certainly, any proof may be performed in backward-style only. On
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	153	the other hand, small steps of reasoning are often more naturally
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	154	expressed in forward-style. Isar supports both backward and forward
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	155	reasoning as a first-class concept. In order to demonstrate the
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	156	difference, we consider several proofs of @{text "A \<and> B \<longrightarrow> B \<and> A"}.
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	157
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	158	The first version is purely backward.
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	159	*}
7001 8121e11ed765 Deriving rules in Isabelle; wenzelm parents: 6892 diff changeset	160
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	161	lemma "A & B --> B & A"
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	162	proof
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	163	assume "A & B"
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	164	show "B & A"
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	165	proof
23393 31781b2de73d tuned proofs: avoid implicit prems; wenzelm parents: 23373 diff changeset	166	show B by (rule conjunct2) fact
31781b2de73d tuned proofs: avoid implicit prems; wenzelm parents: 23373 diff changeset	167	show A by (rule conjunct1) fact
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	168	qed
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	169	qed
6444 2ebe9e630cab Miscellaneous Isabelle/Isar examples for Higher-Order Logic. wenzelm parents: diff changeset	170
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	171	text {*
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	172	Above, the @{text "conjunct_1/2"} projection rules had to be named
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	173	explicitly, since the goals @{text B} and @{text A} did not provide
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	174	any structural clue. This may be avoided using \isacommand{from} to
23373 ead82c82da9e tuned proofs: avoid implicit prems; wenzelm parents: 18193 diff changeset	175	focus on the @{text "A \<and> B"} assumption as the current facts,
ead82c82da9e tuned proofs: avoid implicit prems; wenzelm parents: 18193 diff changeset	176	enabling the use of double-dot proofs. Note that \isacommand{from}
ead82c82da9e tuned proofs: avoid implicit prems; wenzelm parents: 18193 diff changeset	177	already does forward-chaining, involving the \name{conjE} rule here.
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	178	*}
6444 2ebe9e630cab Miscellaneous Isabelle/Isar examples for Higher-Order Logic. wenzelm parents: diff changeset	179
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	180	lemma "A & B --> B & A"
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	181	proof
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	182	assume "A & B"
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	183	show "B & A"
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	184	proof
23373 ead82c82da9e tuned proofs: avoid implicit prems; wenzelm parents: 18193 diff changeset	185	from `A & B` show B ..
ead82c82da9e tuned proofs: avoid implicit prems; wenzelm parents: 18193 diff changeset	186	from `A & B` show A ..
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	187	qed
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	188	qed
7604 55566b9ec7d7 tuned; wenzelm parents: 7480 diff changeset	189
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	190	text {*
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	191	In the next version, we move the forward step one level upwards.
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	192	Forward-chaining from the most recent facts is indicated by the
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	193	\isacommand{then} command. Thus the proof of @{text "B \<and> A"} from
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	194	@{text "A \<and> B"} actually becomes an elimination, rather than an
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	195	introduction. The resulting proof structure directly corresponds to
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	196	that of the @{text conjE} rule, including the repeated goal
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	197	proposition that is abbreviated as @{text ?thesis} below.
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	198	*}
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	199
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	200	lemma "A & B --> B & A"
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	201	proof
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	202	assume "A & B"
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	203	then show "B & A"
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	204	proof -- {* rule @{text conjE} of @{text "A \<and> B"} *}
23373 ead82c82da9e tuned proofs: avoid implicit prems; wenzelm parents: 18193 diff changeset	205	assume B A
ead82c82da9e tuned proofs: avoid implicit prems; wenzelm parents: 18193 diff changeset	206	then show ?thesis .. -- {* rule @{text conjI} of @{text "B \<and> A"} *}
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	207	qed
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	208	qed
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	209
cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	210	text {*
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	211	In the subsequent version we flatten the structure of the main body
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	212	by doing forward reasoning all the time. Only the outermost
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	213	decomposition step is left as backward.
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	214	*}
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	215
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	216	lemma "A & B --> B & A"
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	217	proof
23373 ead82c82da9e tuned proofs: avoid implicit prems; wenzelm parents: 18193 diff changeset	218	assume "A & B"
ead82c82da9e tuned proofs: avoid implicit prems; wenzelm parents: 18193 diff changeset	219	from `A & B` have A ..
ead82c82da9e tuned proofs: avoid implicit prems; wenzelm parents: 18193 diff changeset	220	from `A & B` have B ..
ead82c82da9e tuned proofs: avoid implicit prems; wenzelm parents: 18193 diff changeset	221	from `B` `A` show "B & A" ..
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	222	qed
6444 2ebe9e630cab Miscellaneous Isabelle/Isar examples for Higher-Order Logic. wenzelm parents: diff changeset	223
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	224	text {*
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	225	We can still push forward-reasoning a bit further, even at the risk
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	226	of getting ridiculous. Note that we force the initial proof step to
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	227	do nothing here, by referring to the ``-'' proof method.
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	228	*}
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	229
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	230	lemma "A & B --> B & A"
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	231	proof -
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	232	{
23373 ead82c82da9e tuned proofs: avoid implicit prems; wenzelm parents: 18193 diff changeset	233	assume "A & B"
ead82c82da9e tuned proofs: avoid implicit prems; wenzelm parents: 18193 diff changeset	234	from `A & B` have A ..
ead82c82da9e tuned proofs: avoid implicit prems; wenzelm parents: 18193 diff changeset	235	from `A & B` have B ..
ead82c82da9e tuned proofs: avoid implicit prems; wenzelm parents: 18193 diff changeset	236	from `B` `A` have "B & A" ..
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	237	}
23373 ead82c82da9e tuned proofs: avoid implicit prems; wenzelm parents: 18193 diff changeset	238	then show ?thesis .. -- {* rule \name{impI} *}
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	239	qed
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	240
cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	241	text {*
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	242	\medskip With these examples we have shifted through a whole range
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	243	from purely backward to purely forward reasoning. Apparently, in
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	244	the extreme ends we get slightly ill-structured proofs, which also
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	245	require much explicit naming of either rules (backward) or local
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	246	facts (forward).
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	247
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	248	The general lesson learned here is that good proof style would
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	249	achieve just the \emph{right} balance of top-down backward
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	250	decomposition, and bottom-up forward composition. In general, there
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	251	is no single best way to arrange some pieces of formal reasoning, of
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	252	course. Depending on the actual applications, the intended audience
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	253	etc., rules (and methods) on the one hand vs.\ facts on the other
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	254	hand have to be emphasized in an appropriate way. This requires the
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	255	proof writer to develop good taste, and some practice, of course.
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	256	*}
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	257
cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	258	text {*
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	259	For our example the most appropriate way of reasoning is probably
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	260	the middle one, with conjunction introduction done after
23373 ead82c82da9e tuned proofs: avoid implicit prems; wenzelm parents: 18193 diff changeset	261	elimination.
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	262	*}
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	263
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	264	lemma "A & B --> B & A"
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	265	proof
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	266	assume "A & B"
23373 ead82c82da9e tuned proofs: avoid implicit prems; wenzelm parents: 18193 diff changeset	267	then show "B & A"
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	268	proof
23373 ead82c82da9e tuned proofs: avoid implicit prems; wenzelm parents: 18193 diff changeset	269	assume B A
ead82c82da9e tuned proofs: avoid implicit prems; wenzelm parents: 18193 diff changeset	270	then show ?thesis ..
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	271	qed
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	272	qed
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	273
cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	274
6444 2ebe9e630cab Miscellaneous Isabelle/Isar examples for Higher-Order Logic. wenzelm parents: diff changeset	275
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	276	subsection {* A few examples from ``Introduction to Isabelle'' *}
7001 8121e11ed765 Deriving rules in Isabelle; wenzelm parents: 6892 diff changeset	277
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	278	text {*
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	279	We rephrase some of the basic reasoning examples of
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	280	\cite{isabelle-intro}, using HOL rather than FOL.
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	281	*}
7820 cad7cc30fa40 more explanations; wenzelm parents: 7761 diff changeset	282
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	283	subsubsection {* A propositional proof *}
7833 f5288e4b95d1 improved presentation; wenzelm parents: 7820 diff changeset	284
f5288e4b95d1 improved presentation; wenzelm parents: 7820 diff changeset	285	text {*
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	286	We consider the proposition @{text "P \<or> P \<longrightarrow> P"}. The proof below
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	287	involves forward-chaining from @{text "P \<or> P"}, followed by an
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	288	explicit case-analysis on the two \emph{identical} cases.
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	289	*}
6444 2ebe9e630cab Miscellaneous Isabelle/Isar examples for Higher-Order Logic. wenzelm parents: diff changeset	290
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	291	lemma "P \| P --> P"
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	292	proof
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	293	assume "P \| P"
23373 ead82c82da9e tuned proofs: avoid implicit prems; wenzelm parents: 18193 diff changeset	294	then show P
7833 f5288e4b95d1 improved presentation; wenzelm parents: 7820 diff changeset	295	proof -- {*
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	296	rule @{text disjE}: \smash{$\infer{C}{A \disj B & \infer{C}{[A]} & \infer{C}{[B]}}$}
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	297	*}
23393 31781b2de73d tuned proofs: avoid implicit prems; wenzelm parents: 23373 diff changeset	298	assume P show P by fact
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	299	next
23393 31781b2de73d tuned proofs: avoid implicit prems; wenzelm parents: 23373 diff changeset	300	assume P show P by fact
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	301	qed
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	302	qed
7833 f5288e4b95d1 improved presentation; wenzelm parents: 7820 diff changeset	303
f5288e4b95d1 improved presentation; wenzelm parents: 7820 diff changeset	304	text {*
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	305	Case splits are \emph{not} hardwired into the Isar language as a
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	306	special feature. The \isacommand{next} command used to separate the
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	307	cases above is just a short form of managing block structure.
7833 f5288e4b95d1 improved presentation; wenzelm parents: 7820 diff changeset	308
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	309	\medskip In general, applying proof methods may split up a goal into
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	310	separate ``cases'', i.e.\ new subgoals with individual local
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	311	assumptions. The corresponding proof text typically mimics this by
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	312	establishing results in appropriate contexts, separated by blocks.
7833 f5288e4b95d1 improved presentation; wenzelm parents: 7820 diff changeset	313
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	314	In order to avoid too much explicit parentheses, the Isar system
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	315	implicitly opens an additional block for any new goal, the
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	316	\isacommand{next} statement then closes one block level, opening a
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	317	new one. The resulting behavior is what one would expect from
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	318	separating cases, only that it is more flexible. E.g.\ an induction
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	319	base case (which does not introduce local assumptions) would
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	320	\emph{not} require \isacommand{next} to separate the subsequent step
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	321	case.
7833 f5288e4b95d1 improved presentation; wenzelm parents: 7820 diff changeset	322
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	323	\medskip In our example the situation is even simpler, since the two
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	324	cases actually coincide. Consequently the proof may be rephrased as
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	325	follows.
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	326	*}
7833 f5288e4b95d1 improved presentation; wenzelm parents: 7820 diff changeset	327
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	328	lemma "P \| P --> P"
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	329	proof
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	330	assume "P \| P"
23373 ead82c82da9e tuned proofs: avoid implicit prems; wenzelm parents: 18193 diff changeset	331	then show P
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	332	proof
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	333	assume P
23393 31781b2de73d tuned proofs: avoid implicit prems; wenzelm parents: 23373 diff changeset	334	show P by fact
31781b2de73d tuned proofs: avoid implicit prems; wenzelm parents: 23373 diff changeset	335	show P by fact
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	336	qed
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	337	qed
6444 2ebe9e630cab Miscellaneous Isabelle/Isar examples for Higher-Order Logic. wenzelm parents: diff changeset	338
7833 f5288e4b95d1 improved presentation; wenzelm parents: 7820 diff changeset	339	text {*
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	340	Again, the rather vacuous body of the proof may be collapsed. Thus
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	341	the case analysis degenerates into two assumption steps, which are
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	342	implicitly performed when concluding the single rule step of the
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	343	double-dot proof as follows.
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	344	*}
7833 f5288e4b95d1 improved presentation; wenzelm parents: 7820 diff changeset	345
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	346	lemma "P \| P --> P"
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	347	proof
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	348	assume "P \| P"
23373 ead82c82da9e tuned proofs: avoid implicit prems; wenzelm parents: 18193 diff changeset	349	then show P ..
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	350	qed
6444 2ebe9e630cab Miscellaneous Isabelle/Isar examples for Higher-Order Logic. wenzelm parents: diff changeset	351
2ebe9e630cab Miscellaneous Isabelle/Isar examples for Higher-Order Logic. wenzelm parents: diff changeset	352
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	353	subsubsection {* A quantifier proof *}
7833 f5288e4b95d1 improved presentation; wenzelm parents: 7820 diff changeset	354
f5288e4b95d1 improved presentation; wenzelm parents: 7820 diff changeset	355	text {*
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	356	To illustrate quantifier reasoning, let us prove @{text "(\<exists>x. P (f
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	357	x)) \<longrightarrow> (\<exists>y. P y)"}. Informally, this holds because any @{text a}
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	358	with @{text "P (f a)"} may be taken as a witness for the second
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	359	existential statement.
6444 2ebe9e630cab Miscellaneous Isabelle/Isar examples for Higher-Order Logic. wenzelm parents: diff changeset	360
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	361	The first proof is rather verbose, exhibiting quite a lot of
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	362	(redundant) detail. It gives explicit rules, even with some
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	363	instantiation. Furthermore, we encounter two new language elements:
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	364	the \isacommand{fix} command augments the context by some new
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	365	``arbitrary, but fixed'' element; the \isacommand{is} annotation
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	366	binds term abbreviations by higher-order pattern matching.
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	367	*}
7833 f5288e4b95d1 improved presentation; wenzelm parents: 7820 diff changeset	368
10636 d1efa59ea259 tuned; wenzelm parents: 10007 diff changeset	369	lemma "(EX x. P (f x)) --> (EX y. P y)"
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	370	proof
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	371	assume "EX x. P (f x)"
23373 ead82c82da9e tuned proofs: avoid implicit prems; wenzelm parents: 18193 diff changeset	372	then show "EX y. P y"
7833 f5288e4b95d1 improved presentation; wenzelm parents: 7820 diff changeset	373	proof (rule exE) -- {*
f5288e4b95d1 improved presentation; wenzelm parents: 7820 diff changeset	374	rule \name{exE}: \smash{$\infer{B}{\ex x A(x) & \infer*{B}{[A(x)]_x}}$}
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	375	*}
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	376	fix a
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	377	assume "P (f a)" (is "P ?witness")
23373 ead82c82da9e tuned proofs: avoid implicit prems; wenzelm parents: 18193 diff changeset	378	then show ?thesis by (rule exI [of P ?witness])
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	379	qed
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	380	qed
6444 2ebe9e630cab Miscellaneous Isabelle/Isar examples for Higher-Order Logic. wenzelm parents: diff changeset	381
7833 f5288e4b95d1 improved presentation; wenzelm parents: 7820 diff changeset	382	text {*
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	383	While explicit rule instantiation may occasionally improve
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	384	readability of certain aspects of reasoning, it is usually quite
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	385	redundant. Above, the basic proof outline gives already enough
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	386	structural clues for the system to infer both the rules and their
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	387	instances (by higher-order unification). Thus we may as well prune
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	388	the text as follows.
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	389	*}
7833 f5288e4b95d1 improved presentation; wenzelm parents: 7820 diff changeset	390
10636 d1efa59ea259 tuned; wenzelm parents: 10007 diff changeset	391	lemma "(EX x. P (f x)) --> (EX y. P y)"
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	392	proof
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	393	assume "EX x. P (f x)"
23373 ead82c82da9e tuned proofs: avoid implicit prems; wenzelm parents: 18193 diff changeset	394	then show "EX y. P y"
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	395	proof
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	396	fix a
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	397	assume "P (f a)"
23373 ead82c82da9e tuned proofs: avoid implicit prems; wenzelm parents: 18193 diff changeset	398	then show ?thesis ..
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	399	qed
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	400	qed
6444 2ebe9e630cab Miscellaneous Isabelle/Isar examples for Higher-Order Logic. wenzelm parents: diff changeset	401
9477 9506127f6fbb obtain; wenzelm parents: 8902 diff changeset	402	text {*
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	403	Explicit @{text \<exists>}-elimination as seen above can become quite
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	404	cumbersome in practice. The derived Isar language element
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	405	``\isakeyword{obtain}'' provides a more handsome way to do
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	406	generalized existence reasoning.
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	407	*}
9477 9506127f6fbb obtain; wenzelm parents: 8902 diff changeset	408
10636 d1efa59ea259 tuned; wenzelm parents: 10007 diff changeset	409	lemma "(EX x. P (f x)) --> (EX y. P y)"
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	410	proof
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	411	assume "EX x. P (f x)"
10636 d1efa59ea259 tuned; wenzelm parents: 10007 diff changeset	412	then obtain a where "P (f a)" ..
23373 ead82c82da9e tuned proofs: avoid implicit prems; wenzelm parents: 18193 diff changeset	413	then show "EX y. P y" ..
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	414	qed
9477 9506127f6fbb obtain; wenzelm parents: 8902 diff changeset	415
9506127f6fbb obtain; wenzelm parents: 8902 diff changeset	416	text {*
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	417	Technically, \isakeyword{obtain} is similar to \isakeyword{fix} and
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	418	\isakeyword{assume} together with a soundness proof of the
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	419	elimination involved. Thus it behaves similar to any other forward
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	420	proof element. Also note that due to the nature of general
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	421	existence reasoning involved here, any result exported from the
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	422	context of an \isakeyword{obtain} statement may \emph{not} refer to
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	423	the parameters introduced there.
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	424	*}
9477 9506127f6fbb obtain; wenzelm parents: 8902 diff changeset	425
9506127f6fbb obtain; wenzelm parents: 8902 diff changeset	426
6444 2ebe9e630cab Miscellaneous Isabelle/Isar examples for Higher-Order Logic. wenzelm parents: diff changeset	427
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	428	subsubsection {* Deriving rules in Isabelle *}
7001 8121e11ed765 Deriving rules in Isabelle; wenzelm parents: 6892 diff changeset	429
7833 f5288e4b95d1 improved presentation; wenzelm parents: 7820 diff changeset	430	text {*
18193 54419506df9e tuned document; wenzelm parents: 16417 diff changeset	431	We derive the conjunction elimination rule from the corresponding
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	432	projections. The proof is quite straight-forward, since
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	433	Isabelle/Isar supports non-atomic goals and assumptions fully
54419506df9e tuned document; wenzelm parents: 16417 diff changeset	434	transparently.
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	435	*}
7001 8121e11ed765 Deriving rules in Isabelle; wenzelm parents: 6892 diff changeset	436
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	437	theorem conjE: "A & B ==> (A ==> B ==> C) ==> C"
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	438	proof -
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	439	assume "A & B"
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	440	assume r: "A ==> B ==> C"
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	441	show C
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	442	proof (rule r)
23393 31781b2de73d tuned proofs: avoid implicit prems; wenzelm parents: 23373 diff changeset	443	show A by (rule conjunct1) fact
31781b2de73d tuned proofs: avoid implicit prems; wenzelm parents: 23373 diff changeset	444	show B by (rule conjunct2) fact
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	445	qed
64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	446	qed
7001 8121e11ed765 Deriving rules in Isabelle; wenzelm parents: 6892 diff changeset	447
10007 64bf7da1994a isar-strip-terminators; wenzelm parents: 9659 diff changeset	448	end

author	wenzelm
	Tue, 29 Sep 2009 18:14:08 +0200
changeset 32760	ea6672bff5dd
parent 31758	3edd5f813f01
permissions	-rw-r--r--