isabelle: doc-src/Logics/Old_HOL.tex@eee166d4a532 (annotated)

104 d8205bb279a7 Initial revision lcp parents: diff changeset	1	%% $Id$
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	2	\chapter{Higher-Order logic}
6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	3	The directory~\ttindexbold{HOL} contains a theory for higher-order logic.
6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	4	It is based on Gordon's~{\sc hol} system~\cite{mgordon88a}, which itself is
6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	5	based on Church~\cite{church40}. Andrews~\cite{andrews86} is a full
6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	6	description of higher-order logic. Gordon's work has demonstrated that
6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	7	higher-order logic is useful for hardware verification; beyond this, it is
6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	8	widely applicable in many areas of mathematics. It is weaker than {\ZF}
6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	9	set theory but for most applications this does not matter. If you prefer
306 eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	10	{\ML} to Lisp, you will probably prefer \HOL\ to~{\ZF}.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	11
d8205bb279a7 Initial revision lcp parents: diff changeset	12	Previous releases of Isabelle included a completely different version
306 eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	13	of~\HOL, with explicit type inference rules~\cite{paulson-COLOG}. This
104 d8205bb279a7 Initial revision lcp parents: diff changeset	14	version no longer exists, but \ttindex{ZF} supports a similar style of
d8205bb279a7 Initial revision lcp parents: diff changeset	15	reasoning.
d8205bb279a7 Initial revision lcp parents: diff changeset	16
306 eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	17	\HOL\ has a distinct feel, compared with {\ZF} and {\CTT}. It
104 d8205bb279a7 Initial revision lcp parents: diff changeset	18	identifies object-level types with meta-level types, taking advantage of
d8205bb279a7 Initial revision lcp parents: diff changeset	19	Isabelle's built-in type checker. It identifies object-level functions
d8205bb279a7 Initial revision lcp parents: diff changeset	20	with meta-level functions, so it uses Isabelle's operations for abstraction
d8205bb279a7 Initial revision lcp parents: diff changeset	21	and application. There is no ``apply'' operator: function applications are
d8205bb279a7 Initial revision lcp parents: diff changeset	22	written as simply~$f(a)$ rather than $f{\tt`}a$.
d8205bb279a7 Initial revision lcp parents: diff changeset	23
306 eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	24	These identifications allow Isabelle to support \HOL\ particularly nicely,
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	25	but they also mean that \HOL\ requires more sophistication from the user
104 d8205bb279a7 Initial revision lcp parents: diff changeset	26	--- in particular, an understanding of Isabelle's type system. Beginners
d8205bb279a7 Initial revision lcp parents: diff changeset	27	should gain experience by working in first-order logic, before attempting
d8205bb279a7 Initial revision lcp parents: diff changeset	28	to use higher-order logic. This chapter assumes familiarity with~{\FOL{}}.
d8205bb279a7 Initial revision lcp parents: diff changeset	29
d8205bb279a7 Initial revision lcp parents: diff changeset	30
d8205bb279a7 Initial revision lcp parents: diff changeset	31	\begin{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	32	\begin{center}
d8205bb279a7 Initial revision lcp parents: diff changeset	33	\begin{tabular}{rrr}
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	34	\it name &\it meta-type & \it description \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	35	\idx{Trueprop}& $bool\To prop$ & coercion to $prop$\\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	36	\idx{not} & $bool\To bool$ & negation ($\neg$) \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	37	\idx{True} & $bool$ & tautology ($\top$) \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	38	\idx{False} & $bool$ & absurdity ($\bot$) \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	39	\idx{if} & $[bool,\alpha,\alpha]\To\alpha::term$ & conditional \\
306 eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	40	\idx{Inv} & $(\alpha\To\beta)\To(\beta\To\alpha)$ & function inversion\\
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	41	\idx{Let} & $[\alpha,\alpha\To\beta]\To\beta$ & let binder
104 d8205bb279a7 Initial revision lcp parents: diff changeset	42	\end{tabular}
d8205bb279a7 Initial revision lcp parents: diff changeset	43	\end{center}
d8205bb279a7 Initial revision lcp parents: diff changeset	44	\subcaption{Constants}
d8205bb279a7 Initial revision lcp parents: diff changeset	45
d8205bb279a7 Initial revision lcp parents: diff changeset	46	\begin{center}
306 eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	47	\index{"@@{\tt\at}\|bold}
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	48	\index{*"!\|bold}
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	49	\index{*"?"!\|bold}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	50	\begin{tabular}{llrrr}
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	51	\it symbol &\it name &\it meta-type & \it prec & \it description \\
306 eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	52	\tt\at & \idx{Eps} & $(\alpha\To bool)\To\alpha::term$ & 10 &
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	53	Hilbert description ($\epsilon$) \\
306 eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	54	\tt! & \idx{All} & $(\alpha::term\To bool)\To bool$ & 10 &
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	55	universal quantifier ($\forall$) \\
104 d8205bb279a7 Initial revision lcp parents: diff changeset	56	\idx{?} & \idx{Ex} & $(\alpha::term\To bool)\To bool$ & 10 &
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	57	existential quantifier ($\exists$) \\
306 eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	58	\tt?! & \idx{Ex1} & $(\alpha::term\To bool)\To bool$ & 10 &
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	59	unique existence ($\exists!$)
104 d8205bb279a7 Initial revision lcp parents: diff changeset	60	\end{tabular}
d8205bb279a7 Initial revision lcp parents: diff changeset	61	\end{center}
d8205bb279a7 Initial revision lcp parents: diff changeset	62	\subcaption{Binders}
d8205bb279a7 Initial revision lcp parents: diff changeset	63
d8205bb279a7 Initial revision lcp parents: diff changeset	64	\begin{center}
306 eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	65	\index{*"E"X"!\|bold}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	66	\begin{tabular}{llrrr}
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	67	\it symbol &\it name &\it meta-type & \it prec & \it description \\
104 d8205bb279a7 Initial revision lcp parents: diff changeset	68	\idx{ALL} & \idx{All} & $(\alpha::term\To bool)\To bool$ & 10 &
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	69	universal quantifier ($\forall$) \\
104 d8205bb279a7 Initial revision lcp parents: diff changeset	70	\idx{EX} & \idx{Ex} & $(\alpha::term\To bool)\To bool$ & 10 &
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	71	existential quantifier ($\exists$) \\
306 eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	72	\tt EX! & \idx{Ex1} & $(\alpha::term\To bool)\To bool$ & 10 &
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	73	unique existence ($\exists!$)
104 d8205bb279a7 Initial revision lcp parents: diff changeset	74	\end{tabular}
d8205bb279a7 Initial revision lcp parents: diff changeset	75	\end{center}
d8205bb279a7 Initial revision lcp parents: diff changeset	76	\subcaption{Alternative quantifiers}
d8205bb279a7 Initial revision lcp parents: diff changeset	77
d8205bb279a7 Initial revision lcp parents: diff changeset	78	\begin{center}
d8205bb279a7 Initial revision lcp parents: diff changeset	79	\indexbold{*"=}
d8205bb279a7 Initial revision lcp parents: diff changeset	80	\indexbold{&@{\tt\&}}
d8205bb279a7 Initial revision lcp parents: diff changeset	81	\indexbold{*"\|}
d8205bb279a7 Initial revision lcp parents: diff changeset	82	\indexbold{*"-"-">}
d8205bb279a7 Initial revision lcp parents: diff changeset	83	\begin{tabular}{rrrr}
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	84	\it symbol & \it meta-type & \it precedence & \it description \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	85	\idx{o} & $[\beta\To\gamma,\alpha\To\beta]\To (\alpha\To\gamma)$ &
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	86	Right 50 & composition ($\circ$) \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	87	\tt = & $[\alpha::term,\alpha]\To bool$ & Left 50 & equality ($=$) \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	88	\tt \& & $[bool,bool]\To bool$ & Right 35 & conjunction ($\conj$) \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	89	\tt \| & $[bool,bool]\To bool$ & Right 30 & disjunction ($\disj$) \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	90	\tt --> & $[bool,bool]\To bool$ & Right 25 & implication ($\imp$) \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	91	\tt < & $[\alpha::ord,\alpha]\To bool$ & Left 50 & less than ($<$) \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	92	\tt <= & $[\alpha::ord,\alpha]\To bool$ & Left 50 &
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	93	less than or equals ($\leq$)
104 d8205bb279a7 Initial revision lcp parents: diff changeset	94	\end{tabular}
d8205bb279a7 Initial revision lcp parents: diff changeset	95	\end{center}
d8205bb279a7 Initial revision lcp parents: diff changeset	96	\subcaption{Infixes}
d8205bb279a7 Initial revision lcp parents: diff changeset	97	\caption{Syntax of {\tt HOL}} \label{hol-constants}
d8205bb279a7 Initial revision lcp parents: diff changeset	98	\end{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	99
d8205bb279a7 Initial revision lcp parents: diff changeset	100
306 eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	101	\begin{figure}
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	102	\indexbold{*let}
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	103	\indexbold{*in}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	104	\dquotes
d8205bb279a7 Initial revision lcp parents: diff changeset	105	\[\begin{array}{rcl}
d8205bb279a7 Initial revision lcp parents: diff changeset	106	term & = & \hbox{expression of class~$term$} \\
306 eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	107	& \| & "\at~~" id~id^* " . " formula \\
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	108	& \| & "let"~id~"="~term";"\dots";"~id~"="~term~"in"~term \\[2ex]
104 d8205bb279a7 Initial revision lcp parents: diff changeset	109	formula & = & \hbox{expression of type~$bool$} \\
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	110	& \| & term " = " term \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	111	& \| & term " \ttilde= " term \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	112	& \| & term " < " term \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	113	& \| & term " <= " term \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	114	& \| & "\ttilde\ " formula \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	115	& \| & formula " \& " formula \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	116	& \| & formula " \| " formula \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	117	& \| & formula " --> " formula \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	118	& \| & "!~~~" id~id^* " . " formula \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	119	& \| & "?~~~" id~id^* " . " formula \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	120	& \| & "?!~~" id~id^* " . " formula \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	121	& \| & "ALL~" id~id^* " . " formula \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	122	& \| & "EX~~" id~id^* " . " formula \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	123	& \| & "EX!~" id~id^* " . " formula
104 d8205bb279a7 Initial revision lcp parents: diff changeset	124	\end{array}
d8205bb279a7 Initial revision lcp parents: diff changeset	125	\]
d8205bb279a7 Initial revision lcp parents: diff changeset	126	\subcaption{Grammar}
306 eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	127	\caption{Full grammar for \HOL} \label{hol-grammar}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	128	\end{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	129
d8205bb279a7 Initial revision lcp parents: diff changeset	130
d8205bb279a7 Initial revision lcp parents: diff changeset	131	\section{Syntax}
d8205bb279a7 Initial revision lcp parents: diff changeset	132	Type inference is automatic, exploiting Isabelle's type classes. The class
d8205bb279a7 Initial revision lcp parents: diff changeset	133	of higher-order terms is called {\it term\/}; type variables range over
d8205bb279a7 Initial revision lcp parents: diff changeset	134	this class by default. The equality symbol and quantifiers are polymorphic
d8205bb279a7 Initial revision lcp parents: diff changeset	135	over class {\it term}.
d8205bb279a7 Initial revision lcp parents: diff changeset	136
d8205bb279a7 Initial revision lcp parents: diff changeset	137	Class {\it ord\/} consists of all ordered types; the relations $<$ and
d8205bb279a7 Initial revision lcp parents: diff changeset	138	$\leq$ are polymorphic over this class, as are the functions
d8205bb279a7 Initial revision lcp parents: diff changeset	139	\ttindex{mono}, \ttindex{min} and \ttindex{max}. Three other
d8205bb279a7 Initial revision lcp parents: diff changeset	140	type classes --- {\it plus}, {\it minus\/} and {\it times} --- permit
d8205bb279a7 Initial revision lcp parents: diff changeset	141	overloading of the operators {\tt+}, {\tt-} and {\tt*}. In particular,
d8205bb279a7 Initial revision lcp parents: diff changeset	142	{\tt-} is overloaded for set difference and subtraction.
d8205bb279a7 Initial revision lcp parents: diff changeset	143	\index{"+}\index{-@{\tt-}}\index{@{\tt*}}
d8205bb279a7 Initial revision lcp parents: diff changeset	144
d8205bb279a7 Initial revision lcp parents: diff changeset	145	Figure~\ref{hol-constants} lists the constants (including infixes and
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	146	binders), while Fig.\ts \ref{hol-grammar} presents the grammar of
6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	147	higher-order logic. Note that $a$\verb\|~=\|$b$ is translated to
6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	148	\verb\|~(\|$a$=$b$\verb\|)\|.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	149
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	150	\subsection{Types}\label{HOL-types}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	151	The type of formulae, {\it bool} belongs to class {\it term}; thus,
d8205bb279a7 Initial revision lcp parents: diff changeset	152	formulae are terms. The built-in type~$fun$, which constructs function
d8205bb279a7 Initial revision lcp parents: diff changeset	153	types, is overloaded such that $\sigma\To\tau$ belongs to class~$term$ if
d8205bb279a7 Initial revision lcp parents: diff changeset	154	$\sigma$ and~$\tau$ do; this allows quantification over functions. Types
306 eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	155	in \HOL\ must be non-empty; otherwise the quantifier rules would be
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	156	unsound~\cite[\S7]{paulson-COLOG}.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	157
d8205bb279a7 Initial revision lcp parents: diff changeset	158	Gordon's {\sc hol} system supports {\bf type definitions}. A type is
d8205bb279a7 Initial revision lcp parents: diff changeset	159	defined by exhibiting an existing type~$\sigma$, a predicate~$P::\sigma\To
d8205bb279a7 Initial revision lcp parents: diff changeset	160	bool$, and a theorem of the form $\exists x::\sigma.P(x)$. Thus~$P$
d8205bb279a7 Initial revision lcp parents: diff changeset	161	specifies a non-empty subset of~$\sigma$, and the new type denotes this
d8205bb279a7 Initial revision lcp parents: diff changeset	162	subset. New function constants are generated to establish an isomorphism
d8205bb279a7 Initial revision lcp parents: diff changeset	163	between the new type and the subset. If type~$\sigma$ involves type
d8205bb279a7 Initial revision lcp parents: diff changeset	164	variables $\alpha@1$, \ldots, $\alpha@n$, then the type definition creates
d8205bb279a7 Initial revision lcp parents: diff changeset	165	a type constructor $(\alpha@1,\ldots,\alpha@n)ty$ rather than a particular
d8205bb279a7 Initial revision lcp parents: diff changeset	166	type.
d8205bb279a7 Initial revision lcp parents: diff changeset	167
d8205bb279a7 Initial revision lcp parents: diff changeset	168	Isabelle does not support type definitions at present. Instead, they are
d8205bb279a7 Initial revision lcp parents: diff changeset	169	mimicked by explicit definitions of isomorphism functions. These should be
d8205bb279a7 Initial revision lcp parents: diff changeset	170	accompanied by theorems of the form $\exists x::\sigma.P(x)$, but this is
d8205bb279a7 Initial revision lcp parents: diff changeset	171	not checked.
d8205bb279a7 Initial revision lcp parents: diff changeset	172
d8205bb279a7 Initial revision lcp parents: diff changeset	173
d8205bb279a7 Initial revision lcp parents: diff changeset	174	\subsection{Binders}
d8205bb279a7 Initial revision lcp parents: diff changeset	175	Hilbert's {\bf description} operator~$\epsilon x.P[x]$ stands for some~$a$
306 eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	176	satisfying~$P[a]$, if such exists. Since all terms in \HOL\ denote
104 d8205bb279a7 Initial revision lcp parents: diff changeset	177	something, a description is always meaningful, but we do not know its value
d8205bb279a7 Initial revision lcp parents: diff changeset	178	unless $P[x]$ defines it uniquely. We may write descriptions as
d8205bb279a7 Initial revision lcp parents: diff changeset	179	\ttindexbold{Eps}($P$) or use the syntax
d8205bb279a7 Initial revision lcp parents: diff changeset	180	\hbox{\tt \at $x$.$P[x]$}. Existential quantification is defined
d8205bb279a7 Initial revision lcp parents: diff changeset	181	by
d8205bb279a7 Initial revision lcp parents: diff changeset	182	\[ \exists x.P(x) \equiv P(\epsilon x.P(x)) \]
d8205bb279a7 Initial revision lcp parents: diff changeset	183	The unique existence quantifier, $\exists!x.P[x]$, is defined in terms
d8205bb279a7 Initial revision lcp parents: diff changeset	184	of~$\exists$ and~$\forall$. An Isabelle binder, it admits nested
d8205bb279a7 Initial revision lcp parents: diff changeset	185	quantifications. For instance, $\exists!x y.P(x,y)$ abbreviates
d8205bb279a7 Initial revision lcp parents: diff changeset	186	$\exists!x. \exists!y.P(x,y)$; note that this does not mean that there
d8205bb279a7 Initial revision lcp parents: diff changeset	187	exists a unique pair $(x,y)$ satisfying~$P(x,y)$.
d8205bb279a7 Initial revision lcp parents: diff changeset	188
d8205bb279a7 Initial revision lcp parents: diff changeset	189	\index{"!}\index{"?}
306 eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	190	Quantifiers have two notations. As in Gordon's {\sc hol} system, \HOL\
104 d8205bb279a7 Initial revision lcp parents: diff changeset	191	uses~{\tt!}\ and~{\tt?}\ to stand for $\forall$ and $\exists$. The
d8205bb279a7 Initial revision lcp parents: diff changeset	192	existential quantifier must be followed by a space; thus {\tt?x} is an
d8205bb279a7 Initial revision lcp parents: diff changeset	193	unknown, while \verb'? x.f(x)=y' is a quantification. Isabelle's usual
d8205bb279a7 Initial revision lcp parents: diff changeset	194	notation for quantifiers, \ttindex{ALL} and \ttindex{EX}, is also
d8205bb279a7 Initial revision lcp parents: diff changeset	195	available. Both notations are accepted for input. The {\ML} reference
d8205bb279a7 Initial revision lcp parents: diff changeset	196	\ttindexbold{HOL_quantifiers} governs the output notation. If set to {\tt
d8205bb279a7 Initial revision lcp parents: diff changeset	197	true}, then~{\tt!}\ and~{\tt?}\ are displayed; this is the default. If set
d8205bb279a7 Initial revision lcp parents: diff changeset	198	to {\tt false}, then~{\tt ALL} and~{\tt EX} are displayed.
d8205bb279a7 Initial revision lcp parents: diff changeset	199
d8205bb279a7 Initial revision lcp parents: diff changeset	200	\begin{warn}
d8205bb279a7 Initial revision lcp parents: diff changeset	201	Although the description operator does not usually allow iteration of the
d8205bb279a7 Initial revision lcp parents: diff changeset	202	form \hbox{\tt \at $x@1 \dots x@n$.$P[x@1,\dots,x@n]$}, there are cases where
d8205bb279a7 Initial revision lcp parents: diff changeset	203	this is legal. If \hbox{\tt \at $y$.$P[x,y]$} is of type~{\it bool},
d8205bb279a7 Initial revision lcp parents: diff changeset	204	then \hbox{\tt \at $x\,y$.$P[x,y]$} is legal. The pretty printer will
d8205bb279a7 Initial revision lcp parents: diff changeset	205	display \hbox{\tt \at $x$.\at $y$.$P[x,y]$} as
d8205bb279a7 Initial revision lcp parents: diff changeset	206	\hbox{\tt \at $x\,y$.$P[x,y]$}.
d8205bb279a7 Initial revision lcp parents: diff changeset	207	\end{warn}
d8205bb279a7 Initial revision lcp parents: diff changeset	208
306 eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	209	\subsection{\idx{let} and \idx{case}}
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	210	Local abbreviations can be introduced via a \ttindex{let}-construct whose
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	211	syntax is shown in Fig.~\ref{hol-grammar}. Internally it is translated into
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	212	the constant \ttindex{Let} and can be expanded by rewriting with its
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	213	definition \ttindex{Let_def}.
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	214
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	215	\HOL\ also defines the basic syntax {\dquotes$"case"~e~"of"~c@1~"=>"~e@1~"\|"
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	216	\dots "\|"~c@n~"=>"~e@n$} for {\tt case}-constructs, which means that {\tt
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	217	case} and \ttindex{of} are reserved words. However, so far this is mere
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	218	syntax and has no logical meaning. In order to be useful it needs to be
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	219	filled with life by translating certain case constructs into meaningful
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	220	terms. For an example see the case construct for the type of lists below.
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	221
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	222
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	223	\begin{figure}
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	224	\begin{ttbox}\makeatother
104 d8205bb279a7 Initial revision lcp parents: diff changeset	225	\idx{refl} t = t::'a
d8205bb279a7 Initial revision lcp parents: diff changeset	226	\idx{subst} [\| s=t; P(s) \|] ==> P(t::'a)
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	227	\idx{ext} (!!x::'a. f(x)::'b = g(x)) ==> (\%x.f(x)) = (\%x.g(x))
104 d8205bb279a7 Initial revision lcp parents: diff changeset	228	\idx{impI} (P ==> Q) ==> P-->Q
d8205bb279a7 Initial revision lcp parents: diff changeset	229	\idx{mp} [\| P-->Q; P \|] ==> Q
d8205bb279a7 Initial revision lcp parents: diff changeset	230	\idx{iff} (P-->Q) --> (Q-->P) --> (P=Q)
d8205bb279a7 Initial revision lcp parents: diff changeset	231	\idx{selectI} P(x::'a) ==> P(@x.P(x))
d8205bb279a7 Initial revision lcp parents: diff changeset	232	\idx{True_or_False} (P=True) \| (P=False)
d8205bb279a7 Initial revision lcp parents: diff changeset	233	\subcaption{basic rules}
d8205bb279a7 Initial revision lcp parents: diff changeset	234
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	235	\idx{True_def} True = ((\%x.x)=(\%x.x))
6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	236	\idx{All_def} All = (\%P. P = (\%x.True))
6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	237	\idx{Ex_def} Ex = (\%P. P(@x.P(x)))
104 d8205bb279a7 Initial revision lcp parents: diff changeset	238	\idx{False_def} False = (!P.P)
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	239	\idx{not_def} not = (\%P. P-->False)
6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	240	\idx{and_def} op & = (\%P Q. !R. (P-->Q-->R) --> R)
6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	241	\idx{or_def} op \| = (\%P Q. !R. (P-->R) --> (Q-->R) --> R)
6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	242	\idx{Ex1_def} Ex1 = (\%P. ? x. P(x) & (! y. P(y) --> y=x))
104 d8205bb279a7 Initial revision lcp parents: diff changeset	243	\subcaption{Definitions of the logical constants}
d8205bb279a7 Initial revision lcp parents: diff changeset	244
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	245	\idx{Inv_def} Inv = (\%(f::'a=>'b) y. @x. f(x)=y)
6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	246	\idx{o_def} op o = (\%(f::'b=>'c) g (x::'a). f(g(x)))
6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	247	\idx{if_def} if = (\%P x y.@z::'a.(P=True --> z=x) & (P=False --> z=y))
306 eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	248	\idx{Let_def} Let(s,f) = f(s)
104 d8205bb279a7 Initial revision lcp parents: diff changeset	249	\subcaption{Further definitions}
d8205bb279a7 Initial revision lcp parents: diff changeset	250	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	251	\caption{Rules of {\tt HOL}} \label{hol-rules}
d8205bb279a7 Initial revision lcp parents: diff changeset	252	\end{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	253
d8205bb279a7 Initial revision lcp parents: diff changeset	254
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	255	\begin{figure}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	256	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	257	\idx{sym} s=t ==> t=s
d8205bb279a7 Initial revision lcp parents: diff changeset	258	\idx{trans} [\| r=s; s=t \|] ==> r=t
d8205bb279a7 Initial revision lcp parents: diff changeset	259	\idx{ssubst} [\| t=s; P(s) \|] ==> P(t::'a)
d8205bb279a7 Initial revision lcp parents: diff changeset	260	\idx{box_equals} [\| a=b; a=c; b=d \|] ==> c=d
d8205bb279a7 Initial revision lcp parents: diff changeset	261	\idx{arg_cong} s=t ==> f(s)=f(t)
d8205bb279a7 Initial revision lcp parents: diff changeset	262	\idx{fun_cong} s::'a=>'b = t ==> s(x)=t(x)
d8205bb279a7 Initial revision lcp parents: diff changeset	263	\subcaption{Equality}
d8205bb279a7 Initial revision lcp parents: diff changeset	264
d8205bb279a7 Initial revision lcp parents: diff changeset	265	\idx{TrueI} True
d8205bb279a7 Initial revision lcp parents: diff changeset	266	\idx{FalseE} False ==> P
d8205bb279a7 Initial revision lcp parents: diff changeset	267
d8205bb279a7 Initial revision lcp parents: diff changeset	268	\idx{conjI} [\| P; Q \|] ==> P&Q
d8205bb279a7 Initial revision lcp parents: diff changeset	269	\idx{conjunct1} [\| P&Q \|] ==> P
d8205bb279a7 Initial revision lcp parents: diff changeset	270	\idx{conjunct2} [\| P&Q \|] ==> Q
d8205bb279a7 Initial revision lcp parents: diff changeset	271	\idx{conjE} [\| P&Q; [\| P; Q \|] ==> R \|] ==> R
d8205bb279a7 Initial revision lcp parents: diff changeset	272
d8205bb279a7 Initial revision lcp parents: diff changeset	273	\idx{disjI1} P ==> P\|Q
d8205bb279a7 Initial revision lcp parents: diff changeset	274	\idx{disjI2} Q ==> P\|Q
d8205bb279a7 Initial revision lcp parents: diff changeset	275	\idx{disjE} [\| P \| Q; P ==> R; Q ==> R \|] ==> R
d8205bb279a7 Initial revision lcp parents: diff changeset	276
d8205bb279a7 Initial revision lcp parents: diff changeset	277	\idx{notI} (P ==> False) ==> ~ P
d8205bb279a7 Initial revision lcp parents: diff changeset	278	\idx{notE} [\| ~ P; P \|] ==> R
d8205bb279a7 Initial revision lcp parents: diff changeset	279	\idx{impE} [\| P-->Q; P; Q ==> R \|] ==> R
d8205bb279a7 Initial revision lcp parents: diff changeset	280	\subcaption{Propositional logic}
d8205bb279a7 Initial revision lcp parents: diff changeset	281
d8205bb279a7 Initial revision lcp parents: diff changeset	282	\idx{iffI} [\| P ==> Q; Q ==> P \|] ==> P=Q
d8205bb279a7 Initial revision lcp parents: diff changeset	283	\idx{iffD1} [\| P=Q; P \|] ==> Q
d8205bb279a7 Initial revision lcp parents: diff changeset	284	\idx{iffD2} [\| P=Q; Q \|] ==> P
d8205bb279a7 Initial revision lcp parents: diff changeset	285	\idx{iffE} [\| P=Q; [\| P --> Q; Q --> P \|] ==> R \|] ==> R
d8205bb279a7 Initial revision lcp parents: diff changeset	286
d8205bb279a7 Initial revision lcp parents: diff changeset	287	\idx{eqTrueI} P ==> P=True
d8205bb279a7 Initial revision lcp parents: diff changeset	288	\idx{eqTrueE} P=True ==> P
d8205bb279a7 Initial revision lcp parents: diff changeset	289	\subcaption{Logical equivalence}
d8205bb279a7 Initial revision lcp parents: diff changeset	290
d8205bb279a7 Initial revision lcp parents: diff changeset	291	\end{ttbox}
306 eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	292	\caption{Derived rules for \HOL} \label{hol-lemmas1}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	293	\end{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	294
d8205bb279a7 Initial revision lcp parents: diff changeset	295
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	296	\begin{figure}
6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	297	\begin{ttbox}\makeatother
104 d8205bb279a7 Initial revision lcp parents: diff changeset	298	\idx{allI} (!!x::'a. P(x)) ==> !x. P(x)
d8205bb279a7 Initial revision lcp parents: diff changeset	299	\idx{spec} !x::'a.P(x) ==> P(x)
d8205bb279a7 Initial revision lcp parents: diff changeset	300	\idx{allE} [\| !x.P(x); P(x) ==> R \|] ==> R
d8205bb279a7 Initial revision lcp parents: diff changeset	301	\idx{all_dupE} [\| !x.P(x); [\| P(x); !x.P(x) \|] ==> R \|] ==> R
d8205bb279a7 Initial revision lcp parents: diff changeset	302
d8205bb279a7 Initial revision lcp parents: diff changeset	303	\idx{exI} P(x) ==> ? x::'a.P(x)
d8205bb279a7 Initial revision lcp parents: diff changeset	304	\idx{exE} [\| ? x::'a.P(x); !!x. P(x) ==> Q \|] ==> Q
d8205bb279a7 Initial revision lcp parents: diff changeset	305
d8205bb279a7 Initial revision lcp parents: diff changeset	306	\idx{ex1I} [\| P(a); !!x. P(x) ==> x=a \|] ==> ?! x. P(x)
d8205bb279a7 Initial revision lcp parents: diff changeset	307	\idx{ex1E} [\| ?! x.P(x); !!x. [\| P(x); ! y. P(y) --> y=x \|] ==> R
d8205bb279a7 Initial revision lcp parents: diff changeset	308	\|] ==> R
d8205bb279a7 Initial revision lcp parents: diff changeset	309
d8205bb279a7 Initial revision lcp parents: diff changeset	310	\idx{select_equality} [\| P(a); !!x. P(x) ==> x=a \|] ==> (@x.P(x)) = a
d8205bb279a7 Initial revision lcp parents: diff changeset	311	\subcaption{Quantifiers and descriptions}
d8205bb279a7 Initial revision lcp parents: diff changeset	312
d8205bb279a7 Initial revision lcp parents: diff changeset	313	\idx{ccontr} (~P ==> False) ==> P
d8205bb279a7 Initial revision lcp parents: diff changeset	314	\idx{classical} (~P ==> P) ==> P
d8205bb279a7 Initial revision lcp parents: diff changeset	315	\idx{excluded_middle} ~P \| P
d8205bb279a7 Initial revision lcp parents: diff changeset	316
d8205bb279a7 Initial revision lcp parents: diff changeset	317	\idx{disjCI} (~Q ==> P) ==> P\|Q
d8205bb279a7 Initial revision lcp parents: diff changeset	318	\idx{exCI} (! x. ~ P(x) ==> P(a)) ==> ? x.P(x)
d8205bb279a7 Initial revision lcp parents: diff changeset	319	\idx{impCE} [\| P-->Q; ~ P ==> R; Q ==> R \|] ==> R
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	320	\idx{iffCE} [\| P=Q; [\| P; Q \|] ==> R; [\| ~P; ~Q \|] ==> R \|] ==> R
104 d8205bb279a7 Initial revision lcp parents: diff changeset	321	\idx{notnotD} ~~P ==> P
d8205bb279a7 Initial revision lcp parents: diff changeset	322	\idx{swap} ~P ==> (~Q ==> P) ==> Q
d8205bb279a7 Initial revision lcp parents: diff changeset	323	\subcaption{Classical logic}
d8205bb279a7 Initial revision lcp parents: diff changeset	324
d8205bb279a7 Initial revision lcp parents: diff changeset	325	\idx{if_True} if(True,x,y) = x
d8205bb279a7 Initial revision lcp parents: diff changeset	326	\idx{if_False} if(False,x,y) = y
d8205bb279a7 Initial revision lcp parents: diff changeset	327	\idx{if_P} P ==> if(P,x,y) = x
d8205bb279a7 Initial revision lcp parents: diff changeset	328	\idx{if_not_P} ~ P ==> if(P,x,y) = y
d8205bb279a7 Initial revision lcp parents: diff changeset	329	\idx{expand_if} P(if(Q,x,y)) = ((Q --> P(x)) & (~Q --> P(y)))
d8205bb279a7 Initial revision lcp parents: diff changeset	330	\subcaption{Conditionals}
d8205bb279a7 Initial revision lcp parents: diff changeset	331	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	332	\caption{More derived rules} \label{hol-lemmas2}
d8205bb279a7 Initial revision lcp parents: diff changeset	333	\end{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	334
d8205bb279a7 Initial revision lcp parents: diff changeset	335
d8205bb279a7 Initial revision lcp parents: diff changeset	336	\section{Rules of inference}
d8205bb279a7 Initial revision lcp parents: diff changeset	337	The basic theory has the {\ML} identifier \ttindexbold{HOL.thy}. However,
d8205bb279a7 Initial revision lcp parents: diff changeset	338	many further theories are defined, introducing product and sum types, the
d8205bb279a7 Initial revision lcp parents: diff changeset	339	natural numbers, etc.
d8205bb279a7 Initial revision lcp parents: diff changeset	340
d8205bb279a7 Initial revision lcp parents: diff changeset	341	Figure~\ref{hol-rules} shows the inference rules with their~{\ML} names.
d8205bb279a7 Initial revision lcp parents: diff changeset	342	They follow standard practice in higher-order logic: only a few connectives
d8205bb279a7 Initial revision lcp parents: diff changeset	343	are taken as primitive, with the remainder defined obscurely.
d8205bb279a7 Initial revision lcp parents: diff changeset	344
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	345	Unusually, the definitions are expressed using object-equality~({\tt=})
6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	346	rather than meta-equality~({\tt==}). This is possible because equality in
6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	347	higher-order logic may equate formulae and even functions over formulae.
6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	348	On the other hand, meta-equality is Isabelle's usual symbol for making
6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	349	definitions. Take care to note which form of equality is used before
6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	350	attempting a proof.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	351
d8205bb279a7 Initial revision lcp parents: diff changeset	352	Some of the rules mention type variables; for example, {\tt refl} mentions
d8205bb279a7 Initial revision lcp parents: diff changeset	353	the type variable~{\tt'a}. This facilitates explicit instantiation of the
d8205bb279a7 Initial revision lcp parents: diff changeset	354	type variables. By default, such variables range over class {\it term}.
d8205bb279a7 Initial revision lcp parents: diff changeset	355
d8205bb279a7 Initial revision lcp parents: diff changeset	356	\begin{warn}
d8205bb279a7 Initial revision lcp parents: diff changeset	357	Where function types are involved, Isabelle's unification code does not
d8205bb279a7 Initial revision lcp parents: diff changeset	358	guarantee to find instantiations for type variables automatically. If
d8205bb279a7 Initial revision lcp parents: diff changeset	359	resolution fails for no obvious reason, try setting \ttindex{show_types} to
d8205bb279a7 Initial revision lcp parents: diff changeset	360	{\tt true}, causing Isabelle to display types of terms. (Possibly, set
d8205bb279a7 Initial revision lcp parents: diff changeset	361	\ttindex{show_sorts} to {\tt true} also, causing Isabelle to display sorts.)
d8205bb279a7 Initial revision lcp parents: diff changeset	362	Be prepared to use \ttindex{res_inst_tac} instead of {\tt resolve_tac}.
d8205bb279a7 Initial revision lcp parents: diff changeset	363	Setting \ttindex{Unify.trace_types} to {\tt true} causes Isabelle to
d8205bb279a7 Initial revision lcp parents: diff changeset	364	report omitted search paths during unification.
d8205bb279a7 Initial revision lcp parents: diff changeset	365	\end{warn}
d8205bb279a7 Initial revision lcp parents: diff changeset	366
d8205bb279a7 Initial revision lcp parents: diff changeset	367	Here are further comments on the rules:
d8205bb279a7 Initial revision lcp parents: diff changeset	368	\begin{description}
d8205bb279a7 Initial revision lcp parents: diff changeset	369	\item[\ttindexbold{ext}]
d8205bb279a7 Initial revision lcp parents: diff changeset	370	expresses extensionality of functions.
d8205bb279a7 Initial revision lcp parents: diff changeset	371	\item[\ttindexbold{iff}]
d8205bb279a7 Initial revision lcp parents: diff changeset	372	asserts that logically equivalent formulae are equal.
d8205bb279a7 Initial revision lcp parents: diff changeset	373	\item[\ttindexbold{selectI}]
d8205bb279a7 Initial revision lcp parents: diff changeset	374	gives the defining property of the Hilbert $\epsilon$-operator. The
d8205bb279a7 Initial revision lcp parents: diff changeset	375	derived rule \ttindexbold{select_equality} (see below) is often easier to use.
d8205bb279a7 Initial revision lcp parents: diff changeset	376	\item[\ttindexbold{True_or_False}]
d8205bb279a7 Initial revision lcp parents: diff changeset	377	makes the logic classical.\footnote{In fact, the $\epsilon$-operator
d8205bb279a7 Initial revision lcp parents: diff changeset	378	already makes the logic classical, as shown by Diaconescu;
d8205bb279a7 Initial revision lcp parents: diff changeset	379	see Paulson~\cite{paulson-COLOG} for details.}
d8205bb279a7 Initial revision lcp parents: diff changeset	380	\end{description}
d8205bb279a7 Initial revision lcp parents: diff changeset	381
d8205bb279a7 Initial revision lcp parents: diff changeset	382	\begin{warn}
306 eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	383	\HOL\ has no if-and-only-if connective; logical equivalence is expressed
104 d8205bb279a7 Initial revision lcp parents: diff changeset	384	using equality. But equality has a high precedence, as befitting a
d8205bb279a7 Initial revision lcp parents: diff changeset	385	relation, while if-and-only-if typically has the lowest precedence. Thus,
d8205bb279a7 Initial revision lcp parents: diff changeset	386	$\neg\neg P=P$ abbreviates $\neg\neg (P=P)$ and not $(\neg\neg P)=P$. When
d8205bb279a7 Initial revision lcp parents: diff changeset	387	using $=$ to mean logical equivalence, enclose both operands in
d8205bb279a7 Initial revision lcp parents: diff changeset	388	parentheses.
d8205bb279a7 Initial revision lcp parents: diff changeset	389	\end{warn}
d8205bb279a7 Initial revision lcp parents: diff changeset	390
d8205bb279a7 Initial revision lcp parents: diff changeset	391	Some derived rules are shown in Figures~\ref{hol-lemmas1}
d8205bb279a7 Initial revision lcp parents: diff changeset	392	and~\ref{hol-lemmas2}, with their {\ML} names. These include natural rules
d8205bb279a7 Initial revision lcp parents: diff changeset	393	for the logical connectives, as well as sequent-style elimination rules for
d8205bb279a7 Initial revision lcp parents: diff changeset	394	conjunctions, implications, and universal quantifiers.
d8205bb279a7 Initial revision lcp parents: diff changeset	395
d8205bb279a7 Initial revision lcp parents: diff changeset	396	Note the equality rules: \ttindexbold{ssubst} performs substitution in
d8205bb279a7 Initial revision lcp parents: diff changeset	397	backward proofs, while \ttindexbold{box_equals} supports reasoning by
d8205bb279a7 Initial revision lcp parents: diff changeset	398	simplifying both sides of an equation.
d8205bb279a7 Initial revision lcp parents: diff changeset	399
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	400	See the files {\tt HOL/hol.thy} and
6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	401	{\tt HOL/hol.ML} for complete listings of the rules and
104 d8205bb279a7 Initial revision lcp parents: diff changeset	402	derived rules.
d8205bb279a7 Initial revision lcp parents: diff changeset	403
d8205bb279a7 Initial revision lcp parents: diff changeset	404
d8205bb279a7 Initial revision lcp parents: diff changeset	405	\section{Generic packages}
306 eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	406	\HOL\ instantiates most of Isabelle's generic packages;
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	407	see {\tt HOL/ROOT.ML} for details.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	408	\begin{itemize}
d8205bb279a7 Initial revision lcp parents: diff changeset	409	\item
306 eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	410	Because it includes a general substitution rule, \HOL\ instantiates the
104 d8205bb279a7 Initial revision lcp parents: diff changeset	411	tactic \ttindex{hyp_subst_tac}, which substitutes for an equality
d8205bb279a7 Initial revision lcp parents: diff changeset	412	throughout a subgoal and its hypotheses.
d8205bb279a7 Initial revision lcp parents: diff changeset	413	\item
d8205bb279a7 Initial revision lcp parents: diff changeset	414	It instantiates the simplifier, defining~\ttindexbold{HOL_ss} as the
d8205bb279a7 Initial revision lcp parents: diff changeset	415	simplification set for higher-order logic. Equality~($=$), which also
d8205bb279a7 Initial revision lcp parents: diff changeset	416	expresses logical equivalence, may be used for rewriting. See the file
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	417	{\tt HOL/simpdata.ML} for a complete listing of the simplification
104 d8205bb279a7 Initial revision lcp parents: diff changeset	418	rules.
d8205bb279a7 Initial revision lcp parents: diff changeset	419	\item
d8205bb279a7 Initial revision lcp parents: diff changeset	420	It instantiates the classical reasoning module. See~\S\ref{hol-cla-prover}
d8205bb279a7 Initial revision lcp parents: diff changeset	421	for details.
d8205bb279a7 Initial revision lcp parents: diff changeset	422	\end{itemize}
d8205bb279a7 Initial revision lcp parents: diff changeset	423
d8205bb279a7 Initial revision lcp parents: diff changeset	424
d8205bb279a7 Initial revision lcp parents: diff changeset	425	\begin{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	426	\begin{center}
d8205bb279a7 Initial revision lcp parents: diff changeset	427	\begin{tabular}{rrr}
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	428	\it name &\it meta-type & \it description \\
104 d8205bb279a7 Initial revision lcp parents: diff changeset	429	\index{"{"}@{\tt\{\}}}
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	430	{\tt\{\}} & $\alpha\,set$ & the empty set \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	431	\idx{insert} & $[\alpha,\alpha\,set]\To \alpha\,set$
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	432	& insertion of element \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	433	\idx{Collect} & $(\alpha\To bool)\To\alpha\,set$
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	434	& comprehension \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	435	\idx{Compl} & $(\alpha\,set)\To\alpha\,set$
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	436	& complement \\
104 d8205bb279a7 Initial revision lcp parents: diff changeset	437	\idx{INTER} & $[\alpha\,set,\alpha\To\beta\,set]\To\beta\,set$
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	438	& intersection over a set\\
104 d8205bb279a7 Initial revision lcp parents: diff changeset	439	\idx{UNION} & $[\alpha\,set,\alpha\To\beta\,set]\To\beta\,set$
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	440	& union over a set\\
104 d8205bb279a7 Initial revision lcp parents: diff changeset	441	\idx{Inter} & $((\alpha\,set)set)\To\alpha\,set$
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	442	&set of sets intersection \\
104 d8205bb279a7 Initial revision lcp parents: diff changeset	443	\idx{Union} & $((\alpha\,set)set)\To\alpha\,set$
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	444	&set of sets union \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	445	\idx{range} & $(\alpha\To\beta )\To\beta\,set$
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	446	& range of a function \\[1ex]
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	447	\idx{Ball}~~\idx{Bex} & $[\alpha\,set,\alpha\To bool]\To bool$
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	448	& bounded quantifiers \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	449	\idx{mono} & $(\alpha\,set\To\beta\,set)\To bool$
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	450	& monotonicity \\
104 d8205bb279a7 Initial revision lcp parents: diff changeset	451	\idx{inj}~~\idx{surj}& $(\alpha\To\beta )\To bool$
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	452	& injective/surjective \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	453	\idx{inj_onto} & $[\alpha\To\beta ,\alpha\,set]\To bool$
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	454	& injective over subset
104 d8205bb279a7 Initial revision lcp parents: diff changeset	455	\end{tabular}
d8205bb279a7 Initial revision lcp parents: diff changeset	456	\end{center}
d8205bb279a7 Initial revision lcp parents: diff changeset	457	\subcaption{Constants}
d8205bb279a7 Initial revision lcp parents: diff changeset	458
d8205bb279a7 Initial revision lcp parents: diff changeset	459	\begin{center}
d8205bb279a7 Initial revision lcp parents: diff changeset	460	\begin{tabular}{llrrr}
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	461	\it symbol &\it name &\it meta-type & \it prec & \it description \\
104 d8205bb279a7 Initial revision lcp parents: diff changeset	462	\idx{INT} & \idx{INTER1} & $(\alpha\To\beta\,set)\To\beta\,set$ & 10 &
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	463	intersection over a type\\
104 d8205bb279a7 Initial revision lcp parents: diff changeset	464	\idx{UN} & \idx{UNION1} & $(\alpha\To\beta\,set)\To\beta\,set$ & 10 &
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	465	union over a type
104 d8205bb279a7 Initial revision lcp parents: diff changeset	466	\end{tabular}
d8205bb279a7 Initial revision lcp parents: diff changeset	467	\end{center}
d8205bb279a7 Initial revision lcp parents: diff changeset	468	\subcaption{Binders}
d8205bb279a7 Initial revision lcp parents: diff changeset	469
d8205bb279a7 Initial revision lcp parents: diff changeset	470	\begin{center}
d8205bb279a7 Initial revision lcp parents: diff changeset	471	\indexbold{*"`"`}
d8205bb279a7 Initial revision lcp parents: diff changeset	472	\indexbold{*":}
d8205bb279a7 Initial revision lcp parents: diff changeset	473	\indexbold{*"<"=}
d8205bb279a7 Initial revision lcp parents: diff changeset	474	\begin{tabular}{rrrr}
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	475	\it symbol & \it meta-type & \it precedence & \it description \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	476	\tt `` & $[\alpha\To\beta ,\alpha\,set]\To (\beta\,set)$
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	477	& Left 90 & image \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	478	\idx{Int} & $[\alpha\,set,\alpha\,set]\To\alpha\,set$
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	479	& Left 70 & intersection ($\inter$) \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	480	\idx{Un} & $[\alpha\,set,\alpha\,set]\To\alpha\,set$
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	481	& Left 65 & union ($\union$) \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	482	\tt: & $[\alpha ,\alpha\,set]\To bool$
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	483	& Left 50 & membership ($\in$) \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	484	\tt <= & $[\alpha\,set,\alpha\,set]\To bool$
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	485	& Left 50 & subset ($\subseteq$)
104 d8205bb279a7 Initial revision lcp parents: diff changeset	486	\end{tabular}
d8205bb279a7 Initial revision lcp parents: diff changeset	487	\end{center}
d8205bb279a7 Initial revision lcp parents: diff changeset	488	\subcaption{Infixes}
306 eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	489	\caption{Syntax of \HOL's set theory} \label{hol-set-syntax}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	490	\end{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	491
d8205bb279a7 Initial revision lcp parents: diff changeset	492
d8205bb279a7 Initial revision lcp parents: diff changeset	493	\begin{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	494	\begin{center} \tt\frenchspacing
306 eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	495	\index{*"!\|bold}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	496	\begin{tabular}{rrr}
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	497	\it external & \it internal & \it description \\
104 d8205bb279a7 Initial revision lcp parents: diff changeset	498	$a$ \ttilde: $b$ & \ttilde($a$ : $b$) & \rm negated membership\\
154 f8c3715457b8 corrected obvious errors; wenzelm parents: 114 diff changeset	499	\{$a@1$, $\ldots$, $a@n$\} & insert($a@1$,$\cdots$,insert($a@n$,\{\})) &
104 d8205bb279a7 Initial revision lcp parents: diff changeset	500	\rm finite set \\
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	501	\{$x$.$P[x]$\} & Collect($\lambda x.P[x]$) &
104 d8205bb279a7 Initial revision lcp parents: diff changeset	502	\rm comprehension \\
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	503	\idx{INT} $x$:$A$.$B[x]$ & INTER($A$,$\lambda x.B[x]$) &
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	504	\rm intersection over a set \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	505	\idx{UN} $x$:$A$.$B[x]$ & UNION($A$,$\lambda x.B[x]$) &
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	506	\rm union over a set \\
306 eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	507	\tt ! $x$:$A$.$P[x]$ & Ball($A$,$\lambda x.P[x]$) &
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	508	\rm bounded $\forall$ \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	509	\idx{?} $x$:$A$.$P[x]$ & Bex($A$,$\lambda x.P[x]$) &
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	510	\rm bounded $\exists$ \\[1ex]
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	511	\idx{ALL} $x$:$A$.$P[x]$ & Ball($A$,$\lambda x.P[x]$) &
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	512	\rm bounded $\forall$ \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	513	\idx{EX} $x$:$A$.$P[x]$ & Bex($A$,$\lambda x.P[x]$) &
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	514	\rm bounded $\exists$
104 d8205bb279a7 Initial revision lcp parents: diff changeset	515	\end{tabular}
d8205bb279a7 Initial revision lcp parents: diff changeset	516	\end{center}
d8205bb279a7 Initial revision lcp parents: diff changeset	517	\subcaption{Translations}
d8205bb279a7 Initial revision lcp parents: diff changeset	518
d8205bb279a7 Initial revision lcp parents: diff changeset	519	\dquotes
d8205bb279a7 Initial revision lcp parents: diff changeset	520	\[\begin{array}{rcl}
d8205bb279a7 Initial revision lcp parents: diff changeset	521	term & = & \hbox{other terms\ldots} \\
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	522	& \| & "\{\}" \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	523	& \| & "\{ " term\; ("," term)^* " \}" \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	524	& \| & "\{ " id " . " formula " \}" \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	525	& \| & term " `` " term \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	526	& \| & term " Int " term \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	527	& \| & term " Un " term \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	528	& \| & "INT~~" id ":" term " . " term \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	529	& \| & "UN~~~" id ":" term " . " term \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	530	& \| & "INT~~" id~id^* " . " term \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	531	& \| & "UN~~~" id~id^* " . " term \\[2ex]
104 d8205bb279a7 Initial revision lcp parents: diff changeset	532	formula & = & \hbox{other formulae\ldots} \\
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	533	& \| & term " : " term \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	534	& \| & term " \ttilde: " term \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	535	& \| & term " <= " term \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	536	& \| & "!~~~" id ":" term " . " formula \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	537	& \| & "?~~~" id ":" term " . " formula \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	538	& \| & "ALL " id ":" term " . " formula \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	539	& \| & "EX~~" id ":" term " . " formula
104 d8205bb279a7 Initial revision lcp parents: diff changeset	540	\end{array}
d8205bb279a7 Initial revision lcp parents: diff changeset	541	\]
d8205bb279a7 Initial revision lcp parents: diff changeset	542	\subcaption{Full Grammar}
306 eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	543	\caption{Syntax of \HOL's set theory (continued)} \label{hol-set-syntax2}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	544	\end{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	545
d8205bb279a7 Initial revision lcp parents: diff changeset	546
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	547	\begin{figure} \underscoreon
104 d8205bb279a7 Initial revision lcp parents: diff changeset	548	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	549	\idx{mem_Collect_eq} (a : \{x.P(x)\}) = P(a)
d8205bb279a7 Initial revision lcp parents: diff changeset	550	\idx{Collect_mem_eq} \{x.x:A\} = A
d8205bb279a7 Initial revision lcp parents: diff changeset	551	\subcaption{Isomorphisms between predicates and sets}
d8205bb279a7 Initial revision lcp parents: diff changeset	552
154 f8c3715457b8 corrected obvious errors; wenzelm parents: 114 diff changeset	553	\idx{empty_def} \{\} == \{x.x=False\}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	554	\idx{insert_def} insert(a,B) == \{x.x=a\} Un B
d8205bb279a7 Initial revision lcp parents: diff changeset	555	\idx{Ball_def} Ball(A,P) == ! x. x:A --> P(x)
d8205bb279a7 Initial revision lcp parents: diff changeset	556	\idx{Bex_def} Bex(A,P) == ? x. x:A & P(x)
d8205bb279a7 Initial revision lcp parents: diff changeset	557	\idx{subset_def} A <= B == ! x:A. x:B
d8205bb279a7 Initial revision lcp parents: diff changeset	558	\idx{Un_def} A Un B == \{x.x:A \| x:B\}
d8205bb279a7 Initial revision lcp parents: diff changeset	559	\idx{Int_def} A Int B == \{x.x:A & x:B\}
d8205bb279a7 Initial revision lcp parents: diff changeset	560	\idx{set_diff_def} A - B == \{x.x:A & x~:B\}
d8205bb279a7 Initial revision lcp parents: diff changeset	561	\idx{Compl_def} Compl(A) == \{x. ~ x:A\}
d8205bb279a7 Initial revision lcp parents: diff changeset	562	\idx{INTER_def} INTER(A,B) == \{y. ! x:A. y: B(x)\}
d8205bb279a7 Initial revision lcp parents: diff changeset	563	\idx{UNION_def} UNION(A,B) == \{y. ? x:A. y: B(x)\}
d8205bb279a7 Initial revision lcp parents: diff changeset	564	\idx{INTER1_def} INTER1(B) == INTER(\{x.True\}, B)
d8205bb279a7 Initial revision lcp parents: diff changeset	565	\idx{UNION1_def} UNION1(B) == UNION(\{x.True\}, B)
d8205bb279a7 Initial revision lcp parents: diff changeset	566	\idx{Inter_def} Inter(S) == (INT x:S. x)
d8205bb279a7 Initial revision lcp parents: diff changeset	567	\idx{Union_def} Union(S) == (UN x:S. x)
d8205bb279a7 Initial revision lcp parents: diff changeset	568	\idx{image_def} f``A == \{y. ? x:A. y=f(x)\}
d8205bb279a7 Initial revision lcp parents: diff changeset	569	\idx{range_def} range(f) == \{y. ? x. y=f(x)\}
d8205bb279a7 Initial revision lcp parents: diff changeset	570	\idx{mono_def} mono(f) == !A B. A <= B --> f(A) <= f(B)
d8205bb279a7 Initial revision lcp parents: diff changeset	571	\idx{inj_def} inj(f) == ! x y. f(x)=f(y) --> x=y
d8205bb279a7 Initial revision lcp parents: diff changeset	572	\idx{surj_def} surj(f) == ! y. ? x. y=f(x)
d8205bb279a7 Initial revision lcp parents: diff changeset	573	\idx{inj_onto_def} inj_onto(f,A) == !x:A. !y:A. f(x)=f(y) --> x=y
d8205bb279a7 Initial revision lcp parents: diff changeset	574	\subcaption{Definitions}
d8205bb279a7 Initial revision lcp parents: diff changeset	575	\end{ttbox}
306 eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	576	\caption{Rules of \HOL's set theory} \label{hol-set-rules}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	577	\end{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	578
d8205bb279a7 Initial revision lcp parents: diff changeset	579
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	580	\begin{figure} \underscoreon
104 d8205bb279a7 Initial revision lcp parents: diff changeset	581	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	582	\idx{CollectI} [\| P(a) \|] ==> a : \{x.P(x)\}
d8205bb279a7 Initial revision lcp parents: diff changeset	583	\idx{CollectD} [\| a : \{x.P(x)\} \|] ==> P(a)
d8205bb279a7 Initial revision lcp parents: diff changeset	584	\idx{CollectE} [\| a : \{x.P(x)\}; P(a) ==> W \|] ==> W
d8205bb279a7 Initial revision lcp parents: diff changeset	585	\idx{Collect_cong} [\| !!x. P(x)=Q(x) \|] ==> \{x. P(x)\} = \{x. Q(x)\}
d8205bb279a7 Initial revision lcp parents: diff changeset	586	\subcaption{Comprehension}
d8205bb279a7 Initial revision lcp parents: diff changeset	587
d8205bb279a7 Initial revision lcp parents: diff changeset	588	\idx{ballI} [\| !!x. x:A ==> P(x) \|] ==> ! x:A. P(x)
d8205bb279a7 Initial revision lcp parents: diff changeset	589	\idx{bspec} [\| ! x:A. P(x); x:A \|] ==> P(x)
d8205bb279a7 Initial revision lcp parents: diff changeset	590	\idx{ballE} [\| ! x:A. P(x); P(x) ==> Q; ~ x:A ==> Q \|] ==> Q
d8205bb279a7 Initial revision lcp parents: diff changeset	591	\idx{ball_cong} [\| A=A'; !!x. x:A' ==> P(x) = P'(x) \|] ==>
d8205bb279a7 Initial revision lcp parents: diff changeset	592	(! x:A. P(x)) = (! x:A'. P'(x))
d8205bb279a7 Initial revision lcp parents: diff changeset	593
d8205bb279a7 Initial revision lcp parents: diff changeset	594	\idx{bexI} [\| P(x); x:A \|] ==> ? x:A. P(x)
d8205bb279a7 Initial revision lcp parents: diff changeset	595	\idx{bexCI} [\| ! x:A. ~ P(x) ==> P(a); a:A \|] ==> ? x:A.P(x)
d8205bb279a7 Initial revision lcp parents: diff changeset	596	\idx{bexE} [\| ? x:A. P(x); !!x. [\| x:A; P(x) \|] ==> Q \|] ==> Q
d8205bb279a7 Initial revision lcp parents: diff changeset	597	\subcaption{Bounded quantifiers}
d8205bb279a7 Initial revision lcp parents: diff changeset	598
d8205bb279a7 Initial revision lcp parents: diff changeset	599	\idx{subsetI} (!!x.x:A ==> x:B) ==> A <= B
d8205bb279a7 Initial revision lcp parents: diff changeset	600	\idx{subsetD} [\| A <= B; c:A \|] ==> c:B
d8205bb279a7 Initial revision lcp parents: diff changeset	601	\idx{subsetCE} [\| A <= B; ~ (c:A) ==> P; c:B ==> P \|] ==> P
d8205bb279a7 Initial revision lcp parents: diff changeset	602
d8205bb279a7 Initial revision lcp parents: diff changeset	603	\idx{subset_refl} A <= A
d8205bb279a7 Initial revision lcp parents: diff changeset	604	\idx{subset_antisym} [\| A <= B; B <= A \|] ==> A = B
d8205bb279a7 Initial revision lcp parents: diff changeset	605	\idx{subset_trans} [\| A<=B; B<=C \|] ==> A<=C
d8205bb279a7 Initial revision lcp parents: diff changeset	606
d8205bb279a7 Initial revision lcp parents: diff changeset	607	\idx{set_ext} [\| !!x. (x:A) = (x:B) \|] ==> A = B
d8205bb279a7 Initial revision lcp parents: diff changeset	608	\idx{equalityD1} A = B ==> A<=B
d8205bb279a7 Initial revision lcp parents: diff changeset	609	\idx{equalityD2} A = B ==> B<=A
d8205bb279a7 Initial revision lcp parents: diff changeset	610	\idx{equalityE} [\| A = B; [\| A<=B; B<=A \|] ==> P \|] ==> P
d8205bb279a7 Initial revision lcp parents: diff changeset	611
d8205bb279a7 Initial revision lcp parents: diff changeset	612	\idx{equalityCE} [\| A = B; [\| c:A; c:B \|] ==> P;
d8205bb279a7 Initial revision lcp parents: diff changeset	613	[\| ~ c:A; ~ c:B \|] ==> P
d8205bb279a7 Initial revision lcp parents: diff changeset	614	\|] ==> P
d8205bb279a7 Initial revision lcp parents: diff changeset	615	\subcaption{The subset and equality relations}
d8205bb279a7 Initial revision lcp parents: diff changeset	616	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	617	\caption{Derived rules for set theory} \label{hol-set1}
d8205bb279a7 Initial revision lcp parents: diff changeset	618	\end{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	619
d8205bb279a7 Initial revision lcp parents: diff changeset	620
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	621	\begin{figure} \underscoreon
104 d8205bb279a7 Initial revision lcp parents: diff changeset	622	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	623	\idx{emptyE} a : \{\} ==> P
d8205bb279a7 Initial revision lcp parents: diff changeset	624
d8205bb279a7 Initial revision lcp parents: diff changeset	625	\idx{insertI1} a : insert(a,B)
d8205bb279a7 Initial revision lcp parents: diff changeset	626	\idx{insertI2} a : B ==> a : insert(b,B)
114 96c627d2815e Misc updates lcp parents: 111 diff changeset	627	\idx{insertE} [\| a : insert(b,A); a=b ==> P; a:A ==> P \|] ==> P
104 d8205bb279a7 Initial revision lcp parents: diff changeset	628
d8205bb279a7 Initial revision lcp parents: diff changeset	629	\idx{ComplI} [\| c:A ==> False \|] ==> c : Compl(A)
d8205bb279a7 Initial revision lcp parents: diff changeset	630	\idx{ComplD} [\| c : Compl(A) \|] ==> ~ c:A
d8205bb279a7 Initial revision lcp parents: diff changeset	631
d8205bb279a7 Initial revision lcp parents: diff changeset	632	\idx{UnI1} c:A ==> c : A Un B
d8205bb279a7 Initial revision lcp parents: diff changeset	633	\idx{UnI2} c:B ==> c : A Un B
d8205bb279a7 Initial revision lcp parents: diff changeset	634	\idx{UnCI} (~c:B ==> c:A) ==> c : A Un B
d8205bb279a7 Initial revision lcp parents: diff changeset	635	\idx{UnE} [\| c : A Un B; c:A ==> P; c:B ==> P \|] ==> P
d8205bb279a7 Initial revision lcp parents: diff changeset	636
d8205bb279a7 Initial revision lcp parents: diff changeset	637	\idx{IntI} [\| c:A; c:B \|] ==> c : A Int B
d8205bb279a7 Initial revision lcp parents: diff changeset	638	\idx{IntD1} c : A Int B ==> c:A
d8205bb279a7 Initial revision lcp parents: diff changeset	639	\idx{IntD2} c : A Int B ==> c:B
d8205bb279a7 Initial revision lcp parents: diff changeset	640	\idx{IntE} [\| c : A Int B; [\| c:A; c:B \|] ==> P \|] ==> P
d8205bb279a7 Initial revision lcp parents: diff changeset	641
d8205bb279a7 Initial revision lcp parents: diff changeset	642	\idx{UN_I} [\| a:A; b: B(a) \|] ==> b: (UN x:A. B(x))
d8205bb279a7 Initial revision lcp parents: diff changeset	643	\idx{UN_E} [\| b: (UN x:A. B(x)); !!x.[\| x:A; b:B(x) \|] ==> R \|] ==> R
d8205bb279a7 Initial revision lcp parents: diff changeset	644
d8205bb279a7 Initial revision lcp parents: diff changeset	645	\idx{INT_I} (!!x. x:A ==> b: B(x)) ==> b : (INT x:A. B(x))
d8205bb279a7 Initial revision lcp parents: diff changeset	646	\idx{INT_D} [\| b: (INT x:A. B(x)); a:A \|] ==> b: B(a)
d8205bb279a7 Initial revision lcp parents: diff changeset	647	\idx{INT_E} [\| b: (INT x:A. B(x)); b: B(a) ==> R; ~ a:A ==> R \|] ==> R
d8205bb279a7 Initial revision lcp parents: diff changeset	648
d8205bb279a7 Initial revision lcp parents: diff changeset	649	\idx{UnionI} [\| X:C; A:X \|] ==> A : Union(C)
d8205bb279a7 Initial revision lcp parents: diff changeset	650	\idx{UnionE} [\| A : Union(C); !!X.[\| A:X; X:C \|] ==> R \|] ==> R
d8205bb279a7 Initial revision lcp parents: diff changeset	651
d8205bb279a7 Initial revision lcp parents: diff changeset	652	\idx{InterI} [\| !!X. X:C ==> A:X \|] ==> A : Inter(C)
d8205bb279a7 Initial revision lcp parents: diff changeset	653	\idx{InterD} [\| A : Inter(C); X:C \|] ==> A:X
d8205bb279a7 Initial revision lcp parents: diff changeset	654	\idx{InterE} [\| A : Inter(C); A:X ==> R; ~ X:C ==> R \|] ==> R
d8205bb279a7 Initial revision lcp parents: diff changeset	655	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	656	\caption{Further derived rules for set theory} \label{hol-set2}
d8205bb279a7 Initial revision lcp parents: diff changeset	657	\end{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	658
d8205bb279a7 Initial revision lcp parents: diff changeset	659
d8205bb279a7 Initial revision lcp parents: diff changeset	660	\section{A formulation of set theory}
d8205bb279a7 Initial revision lcp parents: diff changeset	661	Historically, higher-order logic gives a foundation for Russell and
d8205bb279a7 Initial revision lcp parents: diff changeset	662	Whitehead's theory of classes. Let us use modern terminology and call them
d8205bb279a7 Initial revision lcp parents: diff changeset	663	{\bf sets}, but note that these sets are distinct from those of {\ZF} set
d8205bb279a7 Initial revision lcp parents: diff changeset	664	theory, and behave more like {\ZF} classes.
d8205bb279a7 Initial revision lcp parents: diff changeset	665	\begin{itemize}
d8205bb279a7 Initial revision lcp parents: diff changeset	666	\item
d8205bb279a7 Initial revision lcp parents: diff changeset	667	Sets are given by predicates over some type~$\sigma$. Types serve to
d8205bb279a7 Initial revision lcp parents: diff changeset	668	define universes for sets, but type checking is still significant.
d8205bb279a7 Initial revision lcp parents: diff changeset	669	\item
d8205bb279a7 Initial revision lcp parents: diff changeset	670	There is a universal set (for each type). Thus, sets have complements, and
d8205bb279a7 Initial revision lcp parents: diff changeset	671	may be defined by absolute comprehension.
d8205bb279a7 Initial revision lcp parents: diff changeset	672	\item
d8205bb279a7 Initial revision lcp parents: diff changeset	673	Although sets may contain other sets as elements, the containing set must
d8205bb279a7 Initial revision lcp parents: diff changeset	674	have a more complex type.
d8205bb279a7 Initial revision lcp parents: diff changeset	675	\end{itemize}
306 eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	676	Finite unions and intersections have the same behaviour in \HOL\ as they
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	677	do in~{\ZF}. In \HOL\ the intersection of the empty set is well-defined,
104 d8205bb279a7 Initial revision lcp parents: diff changeset	678	denoting the universal set for the given type.
d8205bb279a7 Initial revision lcp parents: diff changeset	679
d8205bb279a7 Initial revision lcp parents: diff changeset	680	\subsection{Syntax of set theory}
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	681	The type $\alpha\,set$ is essentially the same as $\alpha\To bool$. The
6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	682	new type is defined for clarity and to avoid complications involving
6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	683	function types in unification. Since Isabelle does not support type
6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	684	definitions (as mentioned in \S\ref{HOL-types}), the isomorphisms between
6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	685	the two types are declared explicitly. Here they are natural: {\tt
6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	686	Collect} maps $\alpha\To bool$ to $\alpha\,set$, while \hbox{\tt op :}
6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	687	maps in the other direction (ignoring argument order).
104 d8205bb279a7 Initial revision lcp parents: diff changeset	688
d8205bb279a7 Initial revision lcp parents: diff changeset	689	Figure~\ref{hol-set-syntax} lists the constants, infixes, and syntax
d8205bb279a7 Initial revision lcp parents: diff changeset	690	translations. Figure~\ref{hol-set-syntax2} presents the grammar of the new
d8205bb279a7 Initial revision lcp parents: diff changeset	691	constructs. Infix operators include union and intersection ($A\union B$
d8205bb279a7 Initial revision lcp parents: diff changeset	692	and $A\inter B$), the subset and membership relations, and the image
d8205bb279a7 Initial revision lcp parents: diff changeset	693	operator~{\tt``}. Note that $a$\verb\|~:\|$b$ is translated to
d8205bb279a7 Initial revision lcp parents: diff changeset	694	\verb\|~(\|$a$:$b$\verb\|)\|. The {\tt\{\ldots\}} notation abbreviates finite
d8205bb279a7 Initial revision lcp parents: diff changeset	695	sets constructed in the obvious manner using~{\tt insert} and~$\{\}$ (the
d8205bb279a7 Initial revision lcp parents: diff changeset	696	empty set):
d8205bb279a7 Initial revision lcp parents: diff changeset	697	\begin{eqnarray*}
154 f8c3715457b8 corrected obvious errors; wenzelm parents: 114 diff changeset	698	\{a,b,c\} & \equiv & {\tt insert}(a,{\tt insert}(b,{\tt insert}(c,\{\})))
104 d8205bb279a7 Initial revision lcp parents: diff changeset	699	\end{eqnarray*}
d8205bb279a7 Initial revision lcp parents: diff changeset	700
d8205bb279a7 Initial revision lcp parents: diff changeset	701	The set \hbox{\tt\{$x$.$P[x]$\}} consists of all $x$ (of suitable type)
d8205bb279a7 Initial revision lcp parents: diff changeset	702	that satisfy~$P[x]$, where $P[x]$ is a formula that may contain free
d8205bb279a7 Initial revision lcp parents: diff changeset	703	occurrences of~$x$. This syntax expands to \ttindexbold{Collect}$(\lambda
d8205bb279a7 Initial revision lcp parents: diff changeset	704	x.P[x])$.
d8205bb279a7 Initial revision lcp parents: diff changeset	705
d8205bb279a7 Initial revision lcp parents: diff changeset	706	The set theory defines two {\bf bounded quantifiers}:
d8205bb279a7 Initial revision lcp parents: diff changeset	707	\begin{eqnarray*}
d8205bb279a7 Initial revision lcp parents: diff changeset	708	\forall x\in A.P[x] &\hbox{which abbreviates}& \forall x. x\in A\imp P[x] \\
d8205bb279a7 Initial revision lcp parents: diff changeset	709	\exists x\in A.P[x] &\hbox{which abbreviates}& \exists x. x\in A\conj P[x]
d8205bb279a7 Initial revision lcp parents: diff changeset	710	\end{eqnarray*}
d8205bb279a7 Initial revision lcp parents: diff changeset	711	The constants~\ttindexbold{Ball} and~\ttindexbold{Bex} are defined
d8205bb279a7 Initial revision lcp parents: diff changeset	712	accordingly. Instead of {\tt Ball($A$,$P$)} and {\tt Bex($A$,$P$)} we may
d8205bb279a7 Initial revision lcp parents: diff changeset	713	write\index{"!}\index{"?}\index{ALL}\index{EX}
d8205bb279a7 Initial revision lcp parents: diff changeset	714	\hbox{\tt !~$x$:$A$.$P[x]$} and \hbox{\tt ?~$x$:$A$.$P[x]$}.
d8205bb279a7 Initial revision lcp parents: diff changeset	715	Isabelle's usual notation, \ttindex{ALL} and \ttindex{EX}, is also
d8205bb279a7 Initial revision lcp parents: diff changeset	716	available. As with
d8205bb279a7 Initial revision lcp parents: diff changeset	717	ordinary quantifiers, the contents of \ttindexbold{HOL_quantifiers} specifies
d8205bb279a7 Initial revision lcp parents: diff changeset	718	which notation should be used for output.
d8205bb279a7 Initial revision lcp parents: diff changeset	719
d8205bb279a7 Initial revision lcp parents: diff changeset	720	Unions and intersections over sets, namely $\bigcup@{x\in A}B[x]$ and
d8205bb279a7 Initial revision lcp parents: diff changeset	721	$\bigcap@{x\in A}B[x]$, are written
d8205bb279a7 Initial revision lcp parents: diff changeset	722	\ttindexbold{UN}~\hbox{\tt$x$:$A$.$B[x]$} and
d8205bb279a7 Initial revision lcp parents: diff changeset	723	\ttindexbold{INT}~\hbox{\tt$x$:$A$.$B[x]$}.
d8205bb279a7 Initial revision lcp parents: diff changeset	724	Unions and intersections over types, namely $\bigcup@x B[x]$ and
d8205bb279a7 Initial revision lcp parents: diff changeset	725	$\bigcap@x B[x]$, are written
d8205bb279a7 Initial revision lcp parents: diff changeset	726	\ttindexbold{UN}~\hbox{\tt$x$.$B[x]$} and
d8205bb279a7 Initial revision lcp parents: diff changeset	727	\ttindexbold{INT}~\hbox{\tt$x$.$B[x]$}; they are equivalent to the previous
d8205bb279a7 Initial revision lcp parents: diff changeset	728	union/intersection operators when $A$ is the universal set.
d8205bb279a7 Initial revision lcp parents: diff changeset	729	The set of set union and intersection operators ($\bigcup A$ and $\bigcap
d8205bb279a7 Initial revision lcp parents: diff changeset	730	A$) are not binders, but equals $\bigcup@{x\in A}x$ and $\bigcap@{x\in
d8205bb279a7 Initial revision lcp parents: diff changeset	731	A}x$, respectively.
d8205bb279a7 Initial revision lcp parents: diff changeset	732
d8205bb279a7 Initial revision lcp parents: diff changeset	733	\subsection{Axioms and rules of set theory}
d8205bb279a7 Initial revision lcp parents: diff changeset	734	The axioms \ttindexbold{mem_Collect_eq} and
d8205bb279a7 Initial revision lcp parents: diff changeset	735	\ttindexbold{Collect_mem_eq} assert that the functions {\tt Collect} and
d8205bb279a7 Initial revision lcp parents: diff changeset	736	\hbox{\tt op :} are isomorphisms.
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	737	All the other axioms are definitions; see Fig.\ts \ref{hol-set-rules}.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	738	These include straightforward properties of functions: image~({\tt``}) and
d8205bb279a7 Initial revision lcp parents: diff changeset	739	{\tt range}, and predicates concerning monotonicity, injectiveness, etc.
d8205bb279a7 Initial revision lcp parents: diff changeset	740
306 eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	741	\HOL's set theory has the {\ML} identifier \ttindexbold{Set.thy}.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	742
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	743	\begin{figure} \underscoreon
104 d8205bb279a7 Initial revision lcp parents: diff changeset	744	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	745	\idx{imageI} [\| x:A \|] ==> f(x) : f``A
d8205bb279a7 Initial revision lcp parents: diff changeset	746	\idx{imageE} [\| b : f``A; !!x.[\| b=f(x); x:A \|] ==> P \|] ==> P
d8205bb279a7 Initial revision lcp parents: diff changeset	747
d8205bb279a7 Initial revision lcp parents: diff changeset	748	\idx{rangeI} f(x) : range(f)
d8205bb279a7 Initial revision lcp parents: diff changeset	749	\idx{rangeE} [\| b : range(f); !!x.[\| b=f(x) \|] ==> P \|] ==> P
d8205bb279a7 Initial revision lcp parents: diff changeset	750
d8205bb279a7 Initial revision lcp parents: diff changeset	751	\idx{monoI} [\| !!A B. A <= B ==> f(A) <= f(B) \|] ==> mono(f)
d8205bb279a7 Initial revision lcp parents: diff changeset	752	\idx{monoD} [\| mono(f); A <= B \|] ==> f(A) <= f(B)
d8205bb279a7 Initial revision lcp parents: diff changeset	753
d8205bb279a7 Initial revision lcp parents: diff changeset	754	\idx{injI} [\| !! x y. f(x) = f(y) ==> x=y \|] ==> inj(f)
d8205bb279a7 Initial revision lcp parents: diff changeset	755	\idx{inj_inverseI} (!!x. g(f(x)) = x) ==> inj(f)
d8205bb279a7 Initial revision lcp parents: diff changeset	756	\idx{injD} [\| inj(f); f(x) = f(y) \|] ==> x=y
d8205bb279a7 Initial revision lcp parents: diff changeset	757
d8205bb279a7 Initial revision lcp parents: diff changeset	758	\idx{Inv_f_f} inj(f) ==> Inv(f,f(x)) = x
d8205bb279a7 Initial revision lcp parents: diff changeset	759	\idx{f_Inv_f} y : range(f) ==> f(Inv(f,y)) = y
d8205bb279a7 Initial revision lcp parents: diff changeset	760
d8205bb279a7 Initial revision lcp parents: diff changeset	761	\idx{Inv_injective}
d8205bb279a7 Initial revision lcp parents: diff changeset	762	[\| Inv(f,x)=Inv(f,y); x: range(f); y: range(f) \|] ==> x=y
d8205bb279a7 Initial revision lcp parents: diff changeset	763
d8205bb279a7 Initial revision lcp parents: diff changeset	764	\idx{inj_ontoI}
d8205bb279a7 Initial revision lcp parents: diff changeset	765	(!! x y. [\| f(x) = f(y); x:A; y:A \|] ==> x=y) ==> inj_onto(f,A)
d8205bb279a7 Initial revision lcp parents: diff changeset	766
d8205bb279a7 Initial revision lcp parents: diff changeset	767	\idx{inj_onto_inverseI}
d8205bb279a7 Initial revision lcp parents: diff changeset	768	(!!x. x:A ==> g(f(x)) = x) ==> inj_onto(f,A)
d8205bb279a7 Initial revision lcp parents: diff changeset	769
d8205bb279a7 Initial revision lcp parents: diff changeset	770	\idx{inj_ontoD}
d8205bb279a7 Initial revision lcp parents: diff changeset	771	[\| inj_onto(f,A); f(x)=f(y); x:A; y:A \|] ==> x=y
d8205bb279a7 Initial revision lcp parents: diff changeset	772
d8205bb279a7 Initial revision lcp parents: diff changeset	773	\idx{inj_onto_contraD}
d8205bb279a7 Initial revision lcp parents: diff changeset	774	[\| inj_onto(f,A); x~=y; x:A; y:A \|] ==> ~ f(x)=f(y)
d8205bb279a7 Initial revision lcp parents: diff changeset	775	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	776	\caption{Derived rules involving functions} \label{hol-fun}
d8205bb279a7 Initial revision lcp parents: diff changeset	777	\end{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	778
d8205bb279a7 Initial revision lcp parents: diff changeset	779
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	780	\begin{figure} \underscoreon
104 d8205bb279a7 Initial revision lcp parents: diff changeset	781	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	782	\idx{Union_upper} B:A ==> B <= Union(A)
d8205bb279a7 Initial revision lcp parents: diff changeset	783	\idx{Union_least} [\| !!X. X:A ==> X<=C \|] ==> Union(A) <= C
d8205bb279a7 Initial revision lcp parents: diff changeset	784
d8205bb279a7 Initial revision lcp parents: diff changeset	785	\idx{Inter_lower} B:A ==> Inter(A) <= B
d8205bb279a7 Initial revision lcp parents: diff changeset	786	\idx{Inter_greatest} [\| !!X. X:A ==> C<=X \|] ==> C <= Inter(A)
d8205bb279a7 Initial revision lcp parents: diff changeset	787
d8205bb279a7 Initial revision lcp parents: diff changeset	788	\idx{Un_upper1} A <= A Un B
d8205bb279a7 Initial revision lcp parents: diff changeset	789	\idx{Un_upper2} B <= A Un B
d8205bb279a7 Initial revision lcp parents: diff changeset	790	\idx{Un_least} [\| A<=C; B<=C \|] ==> A Un B <= C
d8205bb279a7 Initial revision lcp parents: diff changeset	791
d8205bb279a7 Initial revision lcp parents: diff changeset	792	\idx{Int_lower1} A Int B <= A
d8205bb279a7 Initial revision lcp parents: diff changeset	793	\idx{Int_lower2} A Int B <= B
d8205bb279a7 Initial revision lcp parents: diff changeset	794	\idx{Int_greatest} [\| C<=A; C<=B \|] ==> C <= A Int B
d8205bb279a7 Initial revision lcp parents: diff changeset	795	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	796	\caption{Derived rules involving subsets} \label{hol-subset}
d8205bb279a7 Initial revision lcp parents: diff changeset	797	\end{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	798
d8205bb279a7 Initial revision lcp parents: diff changeset	799
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	800	\begin{figure} \underscoreon
104 d8205bb279a7 Initial revision lcp parents: diff changeset	801	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	802	\idx{Int_absorb} A Int A = A
d8205bb279a7 Initial revision lcp parents: diff changeset	803	\idx{Int_commute} A Int B = B Int A
d8205bb279a7 Initial revision lcp parents: diff changeset	804	\idx{Int_assoc} (A Int B) Int C = A Int (B Int C)
d8205bb279a7 Initial revision lcp parents: diff changeset	805	\idx{Int_Un_distrib} (A Un B) Int C = (A Int C) Un (B Int C)
d8205bb279a7 Initial revision lcp parents: diff changeset	806
d8205bb279a7 Initial revision lcp parents: diff changeset	807	\idx{Un_absorb} A Un A = A
d8205bb279a7 Initial revision lcp parents: diff changeset	808	\idx{Un_commute} A Un B = B Un A
d8205bb279a7 Initial revision lcp parents: diff changeset	809	\idx{Un_assoc} (A Un B) Un C = A Un (B Un C)
d8205bb279a7 Initial revision lcp parents: diff changeset	810	\idx{Un_Int_distrib} (A Int B) Un C = (A Un C) Int (B Un C)
d8205bb279a7 Initial revision lcp parents: diff changeset	811
d8205bb279a7 Initial revision lcp parents: diff changeset	812	\idx{Compl_disjoint} A Int Compl(A) = \{x.False\}
d8205bb279a7 Initial revision lcp parents: diff changeset	813	\idx{Compl_partition} A Un Compl(A) = \{x.True\}
d8205bb279a7 Initial revision lcp parents: diff changeset	814	\idx{double_complement} Compl(Compl(A)) = A
d8205bb279a7 Initial revision lcp parents: diff changeset	815	\idx{Compl_Un} Compl(A Un B) = Compl(A) Int Compl(B)
d8205bb279a7 Initial revision lcp parents: diff changeset	816	\idx{Compl_Int} Compl(A Int B) = Compl(A) Un Compl(B)
d8205bb279a7 Initial revision lcp parents: diff changeset	817
d8205bb279a7 Initial revision lcp parents: diff changeset	818	\idx{Union_Un_distrib} Union(A Un B) = Union(A) Un Union(B)
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	819	\idx{Int_Union} A Int Union(B) = (UN C:B. A Int C)
104 d8205bb279a7 Initial revision lcp parents: diff changeset	820	\idx{Un_Union_image}
d8205bb279a7 Initial revision lcp parents: diff changeset	821	(UN x:C. A(x) Un B(x)) = Union(A``C) Un Union(B``C)
d8205bb279a7 Initial revision lcp parents: diff changeset	822
d8205bb279a7 Initial revision lcp parents: diff changeset	823	\idx{Inter_Un_distrib} Inter(A Un B) = Inter(A) Int Inter(B)
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	824	\idx{Un_Inter} A Un Inter(B) = (INT C:B. A Un C)
104 d8205bb279a7 Initial revision lcp parents: diff changeset	825	\idx{Int_Inter_image}
d8205bb279a7 Initial revision lcp parents: diff changeset	826	(INT x:C. A(x) Int B(x)) = Inter(A``C) Int Inter(B``C)
d8205bb279a7 Initial revision lcp parents: diff changeset	827	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	828	\caption{Set equalities} \label{hol-equalities}
d8205bb279a7 Initial revision lcp parents: diff changeset	829	\end{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	830
d8205bb279a7 Initial revision lcp parents: diff changeset	831
d8205bb279a7 Initial revision lcp parents: diff changeset	832	\subsection{Derived rules for sets}
d8205bb279a7 Initial revision lcp parents: diff changeset	833	Figures~\ref{hol-set1} and~\ref{hol-set2} present derived rules. Most
d8205bb279a7 Initial revision lcp parents: diff changeset	834	are obvious and resemble rules of Isabelle's {\ZF} set theory. The
d8205bb279a7 Initial revision lcp parents: diff changeset	835	rules named $XXX${\tt_cong} break down equalities. Certain rules, such as
d8205bb279a7 Initial revision lcp parents: diff changeset	836	\ttindexbold{subsetCE}, \ttindexbold{bexCI} and \ttindexbold{UnCI}, are
d8205bb279a7 Initial revision lcp parents: diff changeset	837	designed for classical reasoning; the more natural rules \ttindexbold{subsetD},
d8205bb279a7 Initial revision lcp parents: diff changeset	838	\ttindexbold{bexI}, \ttindexbold{Un1} and~\ttindexbold{Un2} are not
d8205bb279a7 Initial revision lcp parents: diff changeset	839	strictly necessary. Similarly, \ttindexbold{equalityCE} supports classical
d8205bb279a7 Initial revision lcp parents: diff changeset	840	reasoning about extensionality, after the fashion of \ttindex{iffCE}. See
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	841	the file {\tt HOL/set.ML} for proofs pertaining to set theory.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	842
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	843	Figure~\ref{hol-fun} presents derived inference rules involving functions. See
6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	844	the file {\tt HOL/fun.ML} for a complete listing.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	845
d8205bb279a7 Initial revision lcp parents: diff changeset	846	Figure~\ref{hol-subset} presents lattice properties of the subset relation.
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	847	See the file {\tt HOL/subset.ML}.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	848
d8205bb279a7 Initial revision lcp parents: diff changeset	849	Figure~\ref{hol-equalities} presents set equalities. See
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	850	{\tt HOL/equalities.ML}.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	851
d8205bb279a7 Initial revision lcp parents: diff changeset	852
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	853	\begin{figure}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	854	\begin{center}
d8205bb279a7 Initial revision lcp parents: diff changeset	855	\begin{tabular}{rrr}
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	856	\it name &\it meta-type & \it description \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	857	\idx{Pair} & $[\alpha,\beta]\To \alpha\times\beta$
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	858	& ordered pairs $\langle a,b\rangle$ \\
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	859	\idx{fst} & $\alpha\times\beta \To \alpha$ & first projection\\
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	860	\idx{snd} & $\alpha\times\beta \To \beta$ & second projection\\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	861	\idx{split} & $[\alpha\times\beta, [\alpha,\beta]\To\gamma] \To \gamma$
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	862	& generalized projection\\
6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	863	\idx{Sigma} &
6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	864	$[\alpha\,set, \alpha\To\beta\,set]\To(\alpha\times\beta)set$ &
6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	865	general sum of sets
104 d8205bb279a7 Initial revision lcp parents: diff changeset	866	\end{tabular}
d8205bb279a7 Initial revision lcp parents: diff changeset	867	\end{center}
d8205bb279a7 Initial revision lcp parents: diff changeset	868	\subcaption{Constants}
d8205bb279a7 Initial revision lcp parents: diff changeset	869
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	870	\begin{ttbox}\makeatletter
104 d8205bb279a7 Initial revision lcp parents: diff changeset	871	\idx{fst_def} fst(p) == @a. ? b. p = <a,b>
d8205bb279a7 Initial revision lcp parents: diff changeset	872	\idx{snd_def} snd(p) == @b. ? a. p = <a,b>
d8205bb279a7 Initial revision lcp parents: diff changeset	873	\idx{split_def} split(p,c) == c(fst(p),snd(p))
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	874	\idx{Sigma_def} Sigma(A,B) == UN x:A. UN y:B(x). \{<x,y>\}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	875	\subcaption{Definitions}
d8205bb279a7 Initial revision lcp parents: diff changeset	876
d8205bb279a7 Initial revision lcp parents: diff changeset	877	\idx{Pair_inject} [\| <a, b> = <a',b'>; [\| a=a'; b=b' \|] ==> R \|] ==> R
d8205bb279a7 Initial revision lcp parents: diff changeset	878
d8205bb279a7 Initial revision lcp parents: diff changeset	879	\idx{fst} fst(<a,b>) = a
d8205bb279a7 Initial revision lcp parents: diff changeset	880	\idx{snd} snd(<a,b>) = b
d8205bb279a7 Initial revision lcp parents: diff changeset	881	\idx{split} split(<a,b>, c) = c(a,b)
d8205bb279a7 Initial revision lcp parents: diff changeset	882
d8205bb279a7 Initial revision lcp parents: diff changeset	883	\idx{surjective_pairing} p = <fst(p),snd(p)>
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	884
6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	885	\idx{SigmaI} [\| a:A; b:B(a) \|] ==> <a,b> : Sigma(A,B)
6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	886
6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	887	\idx{SigmaE} [\| c: Sigma(A,B);
6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	888	!!x y.[\| x:A; y:B(x); c=<x,y> \|] ==> P \|] ==> P
104 d8205bb279a7 Initial revision lcp parents: diff changeset	889	\subcaption{Derived rules}
d8205bb279a7 Initial revision lcp parents: diff changeset	890	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	891	\caption{Type $\alpha\times\beta$}
d8205bb279a7 Initial revision lcp parents: diff changeset	892	\label{hol-prod}
d8205bb279a7 Initial revision lcp parents: diff changeset	893	\end{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	894
d8205bb279a7 Initial revision lcp parents: diff changeset	895
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	896	\begin{figure}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	897	\begin{center}
d8205bb279a7 Initial revision lcp parents: diff changeset	898	\begin{tabular}{rrr}
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	899	\it name &\it meta-type & \it description \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	900	\idx{Inl} & $\alpha \To \alpha+\beta$ & first injection\\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	901	\idx{Inr} & $\beta \To \alpha+\beta$ & second injection\\
306 eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	902	\idx{sum_case} & $[\alpha+\beta, \alpha\To\gamma, \beta\To\gamma] \To\gamma$
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	903	& conditional
104 d8205bb279a7 Initial revision lcp parents: diff changeset	904	\end{tabular}
d8205bb279a7 Initial revision lcp parents: diff changeset	905	\end{center}
d8205bb279a7 Initial revision lcp parents: diff changeset	906	\subcaption{Constants}
d8205bb279a7 Initial revision lcp parents: diff changeset	907
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	908	\begin{ttbox}\makeatletter
306 eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	909	\idx{sum_case_def} sum_case == (\%p f g. @z. (!x. p=Inl(x) --> z=f(x)) &
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	910	(!y. p=Inr(y) --> z=g(y)))
104 d8205bb279a7 Initial revision lcp parents: diff changeset	911	\subcaption{Definition}
d8205bb279a7 Initial revision lcp parents: diff changeset	912
d8205bb279a7 Initial revision lcp parents: diff changeset	913	\idx{Inl_not_Inr} ~ Inl(a)=Inr(b)
d8205bb279a7 Initial revision lcp parents: diff changeset	914
d8205bb279a7 Initial revision lcp parents: diff changeset	915	\idx{inj_Inl} inj(Inl)
d8205bb279a7 Initial revision lcp parents: diff changeset	916	\idx{inj_Inr} inj(Inr)
d8205bb279a7 Initial revision lcp parents: diff changeset	917
d8205bb279a7 Initial revision lcp parents: diff changeset	918	\idx{sumE} [\| !!x::'a. P(Inl(x)); !!y::'b. P(Inr(y)) \|] ==> P(s)
d8205bb279a7 Initial revision lcp parents: diff changeset	919
306 eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	920	\idx{sum_case_Inl} sum_case(Inl(x), f, g) = f(x)
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	921	\idx{sum_case_Inr} sum_case(Inr(x), f, g) = g(x)
104 d8205bb279a7 Initial revision lcp parents: diff changeset	922
306 eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	923	\idx{surjective_sum} sum_case(s, %x::'a. f(Inl(x)), %y::'b. f(Inr(y))) = f(s)
104 d8205bb279a7 Initial revision lcp parents: diff changeset	924	\subcaption{Derived rules}
d8205bb279a7 Initial revision lcp parents: diff changeset	925	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	926	\caption{Rules for type $\alpha+\beta$}
d8205bb279a7 Initial revision lcp parents: diff changeset	927	\label{hol-sum}
d8205bb279a7 Initial revision lcp parents: diff changeset	928	\end{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	929
d8205bb279a7 Initial revision lcp parents: diff changeset	930
d8205bb279a7 Initial revision lcp parents: diff changeset	931	\section{Types}
d8205bb279a7 Initial revision lcp parents: diff changeset	932	The basic higher-order logic is augmented with a tremendous amount of
d8205bb279a7 Initial revision lcp parents: diff changeset	933	material, including support for recursive function and type definitions.
d8205bb279a7 Initial revision lcp parents: diff changeset	934	Space does not permit a detailed discussion. The present section describes
d8205bb279a7 Initial revision lcp parents: diff changeset	935	product, sum, natural number and list types.
d8205bb279a7 Initial revision lcp parents: diff changeset	936
d8205bb279a7 Initial revision lcp parents: diff changeset	937	\subsection{Product and sum types}
306 eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	938	\HOL\ defines the product type $\alpha\times\beta$ and the sum type
104 d8205bb279a7 Initial revision lcp parents: diff changeset	939	$\alpha+\beta$, with the ordered pair syntax {\tt<$a$,$b$>}, using fairly
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	940	standard constructions (Figs.~\ref{hol-prod} and~\ref{hol-sum}). Because
6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	941	Isabelle does not support abstract type definitions, the isomorphisms
6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	942	between these types and their representations are made explicitly.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	943
d8205bb279a7 Initial revision lcp parents: diff changeset	944	Most of the definitions are suppressed, but observe that the projections
d8205bb279a7 Initial revision lcp parents: diff changeset	945	and conditionals are defined as descriptions. Their properties are easily
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	946	proved using \ttindex{select_equality}. See {\tt HOL/prod.thy} and
6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	947	{\tt HOL/sum.thy} for details.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	948
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	949	\begin{figure}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	950	\indexbold{*"<}
d8205bb279a7 Initial revision lcp parents: diff changeset	951	\begin{center}
d8205bb279a7 Initial revision lcp parents: diff changeset	952	\begin{tabular}{rrr}
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	953	\it symbol & \it meta-type & \it description \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	954	\idx{0} & $nat$ & zero \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	955	\idx{Suc} & $nat \To nat$ & successor function\\
104 d8205bb279a7 Initial revision lcp parents: diff changeset	956	\idx{nat_case} & $[nat, \alpha, nat\To\alpha] \To\alpha$
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	957	& conditional\\
104 d8205bb279a7 Initial revision lcp parents: diff changeset	958	\idx{nat_rec} & $[nat, \alpha, [nat, \alpha]\To\alpha] \To \alpha$
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	959	& primitive recursor\\
104 d8205bb279a7 Initial revision lcp parents: diff changeset	960	\idx{pred_nat} & $(nat\times nat) set$ & predecessor relation
d8205bb279a7 Initial revision lcp parents: diff changeset	961	\end{tabular}
d8205bb279a7 Initial revision lcp parents: diff changeset	962	\end{center}
d8205bb279a7 Initial revision lcp parents: diff changeset	963
d8205bb279a7 Initial revision lcp parents: diff changeset	964	\begin{center}
d8205bb279a7 Initial revision lcp parents: diff changeset	965	\indexbold{*"+}
d8205bb279a7 Initial revision lcp parents: diff changeset	966	\index{@{\tt}\|bold}
d8205bb279a7 Initial revision lcp parents: diff changeset	967	\index{/@{\tt/}\|bold}
d8205bb279a7 Initial revision lcp parents: diff changeset	968	\index{//@{\tt//}\|bold}
d8205bb279a7 Initial revision lcp parents: diff changeset	969	\index{+@{\tt+}\|bold}
d8205bb279a7 Initial revision lcp parents: diff changeset	970	\index{-@{\tt-}\|bold}
d8205bb279a7 Initial revision lcp parents: diff changeset	971	\begin{tabular}{rrrr}
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	972	\it symbol & \it meta-type & \it precedence & \it description \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	973	\tt * & $[nat,nat]\To nat$ & Left 70 & multiplication \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	974	\tt / & $[nat,nat]\To nat$ & Left 70 & division\\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	975	\tt // & $[nat,nat]\To nat$ & Left 70 & modulus\\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	976	\tt + & $[nat,nat]\To nat$ & Left 65 & addition\\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	977	\tt - & $[nat,nat]\To nat$ & Left 65 & subtraction
104 d8205bb279a7 Initial revision lcp parents: diff changeset	978	\end{tabular}
d8205bb279a7 Initial revision lcp parents: diff changeset	979	\end{center}
d8205bb279a7 Initial revision lcp parents: diff changeset	980	\subcaption{Constants and infixes}
d8205bb279a7 Initial revision lcp parents: diff changeset	981
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	982	\begin{ttbox}\makeatother
6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	983	\idx{nat_case_def} nat_case == (\%n a f. @z. (n=0 --> z=a) &
104 d8205bb279a7 Initial revision lcp parents: diff changeset	984	(!x. n=Suc(x) --> z=f(x)))
d8205bb279a7 Initial revision lcp parents: diff changeset	985	\idx{pred_nat_def} pred_nat == \{p. ? n. p = <n, Suc(n)>\}
d8205bb279a7 Initial revision lcp parents: diff changeset	986	\idx{less_def} m<n == <m,n>:pred_nat^+
d8205bb279a7 Initial revision lcp parents: diff changeset	987	\idx{nat_rec_def} nat_rec(n,c,d) ==
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	988	wfrec(pred_nat, n, \%l g.nat_case(l, c, \%m.d(m,g(m))))
104 d8205bb279a7 Initial revision lcp parents: diff changeset	989
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	990	\idx{add_def} m+n == nat_rec(m, n, \%u v.Suc(v))
6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	991	\idx{diff_def} m-n == nat_rec(n, m, \%u v. nat_rec(v, 0, \%x y.x))
6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	992	\idx{mult_def} m*n == nat_rec(m, 0, \%u v. n + v)
6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	993	\idx{mod_def} m//n == wfrec(trancl(pred_nat), m, \%j f. if(j<n,j,f(j-n)))
104 d8205bb279a7 Initial revision lcp parents: diff changeset	994	\idx{quo_def} m/n == wfrec(trancl(pred_nat),
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	995	m, \%j f. if(j<n,0,Suc(f(j-n))))
104 d8205bb279a7 Initial revision lcp parents: diff changeset	996	\subcaption{Definitions}
d8205bb279a7 Initial revision lcp parents: diff changeset	997	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	998	\caption{Defining $nat$, the type of natural numbers} \label{hol-nat1}
d8205bb279a7 Initial revision lcp parents: diff changeset	999	\end{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	1000
d8205bb279a7 Initial revision lcp parents: diff changeset	1001
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	1002	\begin{figure} \underscoreon
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1003	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1004	\idx{nat_induct} [\| P(0); !!k. [\| P(k) \|] ==> P(Suc(k)) \|] ==> P(n)
d8205bb279a7 Initial revision lcp parents: diff changeset	1005
d8205bb279a7 Initial revision lcp parents: diff changeset	1006	\idx{Suc_not_Zero} Suc(m) ~= 0
d8205bb279a7 Initial revision lcp parents: diff changeset	1007	\idx{inj_Suc} inj(Suc)
d8205bb279a7 Initial revision lcp parents: diff changeset	1008	\idx{n_not_Suc_n} n~=Suc(n)
d8205bb279a7 Initial revision lcp parents: diff changeset	1009	\subcaption{Basic properties}
d8205bb279a7 Initial revision lcp parents: diff changeset	1010
d8205bb279a7 Initial revision lcp parents: diff changeset	1011	\idx{pred_natI} <n, Suc(n)> : pred_nat
d8205bb279a7 Initial revision lcp parents: diff changeset	1012	\idx{pred_natE}
d8205bb279a7 Initial revision lcp parents: diff changeset	1013	[\| p : pred_nat; !!x n. [\| p = <n, Suc(n)> \|] ==> R \|] ==> R
d8205bb279a7 Initial revision lcp parents: diff changeset	1014
d8205bb279a7 Initial revision lcp parents: diff changeset	1015	\idx{nat_case_0} nat_case(0, a, f) = a
d8205bb279a7 Initial revision lcp parents: diff changeset	1016	\idx{nat_case_Suc} nat_case(Suc(k), a, f) = f(k)
d8205bb279a7 Initial revision lcp parents: diff changeset	1017
d8205bb279a7 Initial revision lcp parents: diff changeset	1018	\idx{wf_pred_nat} wf(pred_nat)
d8205bb279a7 Initial revision lcp parents: diff changeset	1019	\idx{nat_rec_0} nat_rec(0,c,h) = c
d8205bb279a7 Initial revision lcp parents: diff changeset	1020	\idx{nat_rec_Suc} nat_rec(Suc(n), c, h) = h(n, nat_rec(n,c,h))
d8205bb279a7 Initial revision lcp parents: diff changeset	1021	\subcaption{Case analysis and primitive recursion}
d8205bb279a7 Initial revision lcp parents: diff changeset	1022
d8205bb279a7 Initial revision lcp parents: diff changeset	1023	\idx{less_trans} [\| i<j; j<k \|] ==> i<k
d8205bb279a7 Initial revision lcp parents: diff changeset	1024	\idx{lessI} n < Suc(n)
d8205bb279a7 Initial revision lcp parents: diff changeset	1025	\idx{zero_less_Suc} 0 < Suc(n)
d8205bb279a7 Initial revision lcp parents: diff changeset	1026
d8205bb279a7 Initial revision lcp parents: diff changeset	1027	\idx{less_not_sym} n<m --> ~ m<n
d8205bb279a7 Initial revision lcp parents: diff changeset	1028	\idx{less_not_refl} ~ n<n
d8205bb279a7 Initial revision lcp parents: diff changeset	1029	\idx{not_less0} ~ n<0
d8205bb279a7 Initial revision lcp parents: diff changeset	1030
d8205bb279a7 Initial revision lcp parents: diff changeset	1031	\idx{Suc_less_eq} (Suc(m) < Suc(n)) = (m<n)
d8205bb279a7 Initial revision lcp parents: diff changeset	1032	\idx{less_induct} [\| !!n. [\| ! m. m<n --> P(m) \|] ==> P(n) \|] ==> P(n)
d8205bb279a7 Initial revision lcp parents: diff changeset	1033
d8205bb279a7 Initial revision lcp parents: diff changeset	1034	\idx{less_linear} m<n \| m=n \| n<m
d8205bb279a7 Initial revision lcp parents: diff changeset	1035	\subcaption{The less-than relation}
d8205bb279a7 Initial revision lcp parents: diff changeset	1036	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1037	\caption{Derived rules for~$nat$} \label{hol-nat2}
d8205bb279a7 Initial revision lcp parents: diff changeset	1038	\end{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	1039
d8205bb279a7 Initial revision lcp parents: diff changeset	1040
d8205bb279a7 Initial revision lcp parents: diff changeset	1041	\subsection{The type of natural numbers, $nat$}
306 eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1042	\HOL\ defines the natural numbers in a roundabout but traditional way.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1043	The axiom of infinity postulates an type~$ind$ of individuals, which is
d8205bb279a7 Initial revision lcp parents: diff changeset	1044	non-empty and closed under an injective operation. The natural numbers are
d8205bb279a7 Initial revision lcp parents: diff changeset	1045	inductively generated by choosing an arbitrary individual for~0 and using
d8205bb279a7 Initial revision lcp parents: diff changeset	1046	the injective operation to take successors. As usual, the isomorphisms
d8205bb279a7 Initial revision lcp parents: diff changeset	1047	between~$nat$ and its representation are made explicitly.
d8205bb279a7 Initial revision lcp parents: diff changeset	1048
d8205bb279a7 Initial revision lcp parents: diff changeset	1049	The definition makes use of a least fixed point operator \ttindex{lfp},
d8205bb279a7 Initial revision lcp parents: diff changeset	1050	defined using the Knaster-Tarski theorem. This in turn defines an operator
d8205bb279a7 Initial revision lcp parents: diff changeset	1051	\ttindex{trancl} for taking the transitive closure of a relation. See
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	1052	files {\tt HOL/lfp.thy} and {\tt HOL/trancl.thy} for
6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	1053	details. The definition of~$nat$ resides on {\tt HOL/nat.thy}.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1054
d8205bb279a7 Initial revision lcp parents: diff changeset	1055	Type $nat$ is postulated to belong to class~$ord$, which overloads $<$ and
d8205bb279a7 Initial revision lcp parents: diff changeset	1056	$\leq$ on the natural numbers. As of this writing, Isabelle provides no
d8205bb279a7 Initial revision lcp parents: diff changeset	1057	means of verifying that such overloading is sensible. On the other hand,
306 eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1058	the \HOL\ theory includes no polymorphic axioms stating general properties
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1059	of $<$ and $\leq$.
d8205bb279a7 Initial revision lcp parents: diff changeset	1060
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	1061	File {\tt HOL/arith.ML} develops arithmetic on the natural numbers.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1062	It defines addition, multiplication, subtraction, division, and remainder,
d8205bb279a7 Initial revision lcp parents: diff changeset	1063	proving the theorem $a \bmod b + (a/b)\times b = a$. Division and
d8205bb279a7 Initial revision lcp parents: diff changeset	1064	remainder are defined by repeated subtraction, which requires well-founded
d8205bb279a7 Initial revision lcp parents: diff changeset	1065	rather than primitive recursion.
d8205bb279a7 Initial revision lcp parents: diff changeset	1066
d8205bb279a7 Initial revision lcp parents: diff changeset	1067	Primitive recursion makes use of \ttindex{wfrec}, an operator for recursion
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	1068	along arbitrary well-founded relations; see {\tt HOL/wf.ML} for the
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1069	development. The predecessor relation, \ttindexbold{pred_nat}, is shown to
d8205bb279a7 Initial revision lcp parents: diff changeset	1070	be well-founded; recursion along this relation is primitive recursion,
d8205bb279a7 Initial revision lcp parents: diff changeset	1071	while its transitive closure is~$<$.
d8205bb279a7 Initial revision lcp parents: diff changeset	1072
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	1073	\begin{figure}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1074	\begin{center}
d8205bb279a7 Initial revision lcp parents: diff changeset	1075	\begin{tabular}{rrr}
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1076	\it symbol & \it meta-type & \it description \\
306 eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1077	\idx{Nil} & $\alpha list$ & empty list\\
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1078	\idx{null} & $\alpha list \To bool$ & emptyness test\\
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1079	\idx{hd} & $\alpha list \To \alpha$ & head \\
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1080	\idx{tl} & $\alpha list \To \alpha list$ & tail \\
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1081	\idx{ttl} & $\alpha list \To \alpha list$ & total tail \\
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1082	\idx{map} & $(\alpha\To\beta) \To (\alpha list \To \beta list)$
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1083	& mapping functional\\
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1084	\idx{list_all}& $(\alpha \To bool) \To (\alpha list \To bool)$
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1085	& forall functional\\
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1086	\idx{filter} & $(\alpha \To bool) \To (\alpha list \To \alpha list)$
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1087	& filter functional\\
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1088	\idx{list_rec} & $[\alpha list, \beta, [\alpha ,\alpha list,
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1089	\beta]\To\beta] \To \beta$
306 eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1090	& list recursor
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1091	\end{tabular}
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1092	\end{center}
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1093
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1094	\begin{center}
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1095	\index{"# @{\tt\#}\|bold}
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1096	\index{"@@{\tt\at}\|bold}
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1097	\begin{tabular}{rrrr}
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1098	\it symbol & \it meta-type & \it precedence & \it description \\
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1099	\tt \# & $[\alpha,\alpha list]\To \alpha list$ & Right 65 & cons \\
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1100	\tt\at & $[\alpha list,\alpha list]\To \alpha list$ & Left 65 & append \\
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1101	\idx{mem} & $[\alpha,\alpha list]\To bool$ & Left 55 & membership
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1102	\end{tabular}
d8205bb279a7 Initial revision lcp parents: diff changeset	1103	\end{center}
306 eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1104	\subcaption{Constants and infixes}
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1105
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1106	\begin{center} \tt\frenchspacing
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1107	\begin{tabular}{rrr}
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1108	\it external & \it internal & \it description \\{}
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1109	\idx{[]} & Nil & empty list \\{}
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1110	[$x@1$, $\dots$, $x@n$] & $x@1$\#$\cdots$\#$x@n$\#[] &
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1111	\rm finite list \\{}
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1112	[$x$:$xs$ . $P$] & filter(\%$x$.$P$,$xs$) & list comprehension\\
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1113	\begin{tabular}{r@{}l}
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1114	\idx{case} $e$ of&\ [] => $a$\\
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1115	\|&\ $x$\#$xs$ => $b$
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1116	\end{tabular} & list_case($e$,$a$,\%$x~xs$.$b$)
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1117	& case analysis
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1118	\end{tabular}
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1119	\end{center}
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1120	\subcaption{Translations}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1121
d8205bb279a7 Initial revision lcp parents: diff changeset	1122	\begin{ttbox}
306 eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1123	\idx{list_induct} [\| P([]); !!x xs. [\| P(xs) \|] ==> P(x#xs)) \|] ==> P(l)
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1124
306 eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1125	\idx{Cons_not_Nil} (x # xs) ~= []
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1126	\idx{Cons_Cons_eq} ((x # xs) = (y # ys)) = (x=y & xs=ys)
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1127	\subcaption{Induction and freeness}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1128	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1129	\caption{The type of lists and its operations} \label{hol-list}
d8205bb279a7 Initial revision lcp parents: diff changeset	1130	\end{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	1131
306 eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1132	\begin{figure}
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1133	\begin{ttbox}\makeatother
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1134	list_rec([],c,h) = c list_rec(a \# l, c, h) = h(a, l, list_rec(l,c,h))
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1135	list_case([],c,h) = c list_case(x # xs, c, h) = h(x, xs)
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1136	map(f,[]) = [] map(f, x \# xs) = f(x) \# map(f,xs)
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1137	null([]) = True null(x # xs) = False
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1138	hd(x # xs) = x tl(x # xs) = xs
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1139	ttl([]) = [] ttl(x # xs) = xs
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1140	[] @ ys = ys (x # xs) \at ys = x # xs \at ys
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1141	x mem [] = False x mem y # ys = if(y = x, True, x mem ys)
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1142	filter(P, []) = [] filter(P,x#xs) = if(P(x),x#filter(P,xs),filter(P,xs))
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1143	list_all(P,[]) = True list_all(P, x # xs) = (P(x) & list_all(P, xs))
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1144	\end{ttbox}
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1145	\caption{Rewrite rules for lists} \label{hol-list-simps}
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1146	\end{figure}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1147
d8205bb279a7 Initial revision lcp parents: diff changeset	1148	\subsection{The type constructor for lists, $\alpha\,list$}
306 eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1149	\HOL's definition of lists is an example of an experimental method for
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1150	handling recursive data types. The details need not concern us here; see the
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1151	file {\tt HOL/list.ML}. Figure~\ref{hol-list} presents the basic list
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1152	operations, with their types and properties. In particular,
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1153	\ttindexbold{list_rec} is a primitive recursion operator for lists, in the
d8205bb279a7 Initial revision lcp parents: diff changeset	1154	style of Martin-L\"of type theory. It is derived from well-founded
d8205bb279a7 Initial revision lcp parents: diff changeset	1155	recursion, a general principle that can express arbitrary total recursive
306 eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1156	functions. The basic rewrite rules shown in Fig.~\ref{hol-list-simps} are
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1157	contained, together with additional useful lemmas, in the simpset {\tt
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1158	list_ss}. Induction over the variable $xs$ in subgoal $i$ is performed by
eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1159	{\tt list_ind_tac "$xs$" $i$}.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1160
d8205bb279a7 Initial revision lcp parents: diff changeset	1161
d8205bb279a7 Initial revision lcp parents: diff changeset	1162	\subsection{The type constructor for lazy lists, $\alpha\,llist$}
d8205bb279a7 Initial revision lcp parents: diff changeset	1163	The definition of lazy lists demonstrates methods for handling infinite
d8205bb279a7 Initial revision lcp parents: diff changeset	1164	data structures and co-induction in higher-order logic. It defines an
d8205bb279a7 Initial revision lcp parents: diff changeset	1165	operator for co-recursion on lazy lists, which is used to define a few
d8205bb279a7 Initial revision lcp parents: diff changeset	1166	simple functions such as map and append. Co-recursion cannot easily define
d8205bb279a7 Initial revision lcp parents: diff changeset	1167	operations such as filter, which can compute indefinitely before yielding
d8205bb279a7 Initial revision lcp parents: diff changeset	1168	the next element (if any!) of the lazy list. A co-induction principle is
d8205bb279a7 Initial revision lcp parents: diff changeset	1169	defined for proving equations on lazy lists. See the files
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	1170	{\tt HOL/llist.thy} and {\tt HOL/llist.ML} for the formal
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1171	derivations. I have written a report discussing the treatment of lazy
d8205bb279a7 Initial revision lcp parents: diff changeset	1172	lists, and finite lists also~\cite{paulson-coind}.
d8205bb279a7 Initial revision lcp parents: diff changeset	1173
d8205bb279a7 Initial revision lcp parents: diff changeset	1174
d8205bb279a7 Initial revision lcp parents: diff changeset	1175	\section{Classical proof procedures} \label{hol-cla-prover}
306 eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1176	\HOL\ derives classical introduction rules for $\disj$ and~$\exists$, as
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1177	well as classical elimination rules for~$\imp$ and~$\bimp$, and the swap
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	1178	rule (Fig.~\ref{hol-lemmas2}).
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1179
d8205bb279a7 Initial revision lcp parents: diff changeset	1180	The classical reasoning module is set up for \HOL, as the structure
d8205bb279a7 Initial revision lcp parents: diff changeset	1181	\ttindexbold{Classical}. This structure is open, so {\ML} identifiers such
d8205bb279a7 Initial revision lcp parents: diff changeset	1182	as {\tt step_tac}, {\tt fast_tac}, {\tt best_tac}, etc., refer to it.
d8205bb279a7 Initial revision lcp parents: diff changeset	1183
306 eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1184	\HOL\ defines the following classical rule sets:
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1185	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1186	prop_cs : claset
d8205bb279a7 Initial revision lcp parents: diff changeset	1187	HOL_cs : claset
d8205bb279a7 Initial revision lcp parents: diff changeset	1188	HOL_dup_cs : claset
d8205bb279a7 Initial revision lcp parents: diff changeset	1189	set_cs : claset
d8205bb279a7 Initial revision lcp parents: diff changeset	1190	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1191	\begin{description}
d8205bb279a7 Initial revision lcp parents: diff changeset	1192	\item[\ttindexbold{prop_cs}] contains the propositional rules, namely
d8205bb279a7 Initial revision lcp parents: diff changeset	1193	those for~$\top$, $\bot$, $\conj$, $\disj$, $\neg$, $\imp$ and~$\bimp$,
d8205bb279a7 Initial revision lcp parents: diff changeset	1194	along with the rule~\ttindex{refl}.
d8205bb279a7 Initial revision lcp parents: diff changeset	1195
d8205bb279a7 Initial revision lcp parents: diff changeset	1196	\item[\ttindexbold{HOL_cs}]
d8205bb279a7 Initial revision lcp parents: diff changeset	1197	extends {\tt prop_cs} with the safe rules \ttindex{allI} and~\ttindex{exE}
d8205bb279a7 Initial revision lcp parents: diff changeset	1198	and the unsafe rules \ttindex{allE} and~\ttindex{exI}, as well as rules for
d8205bb279a7 Initial revision lcp parents: diff changeset	1199	unique existence. Search using this is incomplete since quantified
d8205bb279a7 Initial revision lcp parents: diff changeset	1200	formulae are used at most once.
d8205bb279a7 Initial revision lcp parents: diff changeset	1201
d8205bb279a7 Initial revision lcp parents: diff changeset	1202	\item[\ttindexbold{HOL_dup_cs}]
d8205bb279a7 Initial revision lcp parents: diff changeset	1203	extends {\tt prop_cs} with the safe rules \ttindex{allI} and~\ttindex{exE}
d8205bb279a7 Initial revision lcp parents: diff changeset	1204	and the unsafe rules \ttindex{all_dupE} and~\ttindex{exCI}, as well as
d8205bb279a7 Initial revision lcp parents: diff changeset	1205	rules for unique existence. Search using this is complete --- quantified
d8205bb279a7 Initial revision lcp parents: diff changeset	1206	formulae may be duplicated --- but frequently fails to terminate. It is
d8205bb279a7 Initial revision lcp parents: diff changeset	1207	generally unsuitable for depth-first search.
d8205bb279a7 Initial revision lcp parents: diff changeset	1208
d8205bb279a7 Initial revision lcp parents: diff changeset	1209	\item[\ttindexbold{set_cs}]
d8205bb279a7 Initial revision lcp parents: diff changeset	1210	extends {\tt HOL_cs} with rules for the bounded quantifiers, subsets,
d8205bb279a7 Initial revision lcp parents: diff changeset	1211	comprehensions, unions/intersections, complements, finite setes, images and
d8205bb279a7 Initial revision lcp parents: diff changeset	1212	ranges.
d8205bb279a7 Initial revision lcp parents: diff changeset	1213	\end{description}
d8205bb279a7 Initial revision lcp parents: diff changeset	1214	\noindent
d8205bb279a7 Initial revision lcp parents: diff changeset	1215	See the {\em Reference Manual} for more discussion of classical proof
d8205bb279a7 Initial revision lcp parents: diff changeset	1216	methods.
d8205bb279a7 Initial revision lcp parents: diff changeset	1217
d8205bb279a7 Initial revision lcp parents: diff changeset	1218
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1219	\section{The examples directories}
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1220	Directory {\tt Subst} contains Martin Coen's mechanization of a theory of
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1221	substitutions and unifiers. It is based on Paulson's previous
114 96c627d2815e Misc updates lcp parents: 111 diff changeset	1222	mechanization in {\LCF}~\cite{paulson85} of Manna and Waldinger's
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1223	theory~\cite{mw81}.
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1224
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1225	Directory {\tt ex} contains other examples and experimental proofs in
306 eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1226	\HOL. Here is an overview of the more interesting files.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1227	\begin{description}
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	1228	\item[{\tt HOL/ex/meson.ML}]
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1229	contains an experimental implementation of the MESON proof procedure,
d8205bb279a7 Initial revision lcp parents: diff changeset	1230	inspired by Plaisted~\cite{plaisted90}. It is much more powerful than
d8205bb279a7 Initial revision lcp parents: diff changeset	1231	Isabelle's classical module.
d8205bb279a7 Initial revision lcp parents: diff changeset	1232
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	1233	\item[{\tt HOL/ex/mesontest.ML}]
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1234	contains test data for the MESON proof procedure.
d8205bb279a7 Initial revision lcp parents: diff changeset	1235
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	1236	\item[{\tt HOL/ex/set.ML}]
6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	1237	proves Cantor's Theorem, which is presented below, and the
6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	1238	Schr\"oder-Bernstein Theorem.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1239
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	1240	\item[{\tt HOL/ex/pl.ML}]
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1241	proves the soundness and completeness of classical propositional logic,
d8205bb279a7 Initial revision lcp parents: diff changeset	1242	given a truth table semantics. The only connective is $\imp$. A
d8205bb279a7 Initial revision lcp parents: diff changeset	1243	Hilbert-style axiom system is specified, and its set of theorems defined
d8205bb279a7 Initial revision lcp parents: diff changeset	1244	inductively.
d8205bb279a7 Initial revision lcp parents: diff changeset	1245
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	1246	\item[{\tt HOL/ex/term.ML}]
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1247	contains proofs about an experimental recursive type definition;
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1248	the recursion goes through the type constructor~$list$.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1249
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	1250	\item[{\tt HOL/ex/simult.ML}]
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1251	defines primitives for solving mutually recursive equations over sets.
d8205bb279a7 Initial revision lcp parents: diff changeset	1252	It constructs sets of trees and forests as an example, including induction
d8205bb279a7 Initial revision lcp parents: diff changeset	1253	and recursion rules that handle the mutual recursion.
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1254
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	1255	\item[{\tt HOL/ex/mt.ML}]
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1256	contains Jacob Frost's formalization~\cite{frost93} of a co-induction
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1257	example by Milner and Tofte~\cite{milner-coind}.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1258	\end{description}
d8205bb279a7 Initial revision lcp parents: diff changeset	1259
d8205bb279a7 Initial revision lcp parents: diff changeset	1260
d8205bb279a7 Initial revision lcp parents: diff changeset	1261	\section{Example: deriving the conjunction rules}
306 eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1262	\HOL\ comes with a body of derived rules, ranging from simple properties
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1263	of the logical constants and set theory to well-founded recursion. Many of
d8205bb279a7 Initial revision lcp parents: diff changeset	1264	them are worth studying.
d8205bb279a7 Initial revision lcp parents: diff changeset	1265
d8205bb279a7 Initial revision lcp parents: diff changeset	1266	Deriving natural deduction rules for the logical constants from their
d8205bb279a7 Initial revision lcp parents: diff changeset	1267	definitions is an archetypal example of higher-order reasoning. Let us
d8205bb279a7 Initial revision lcp parents: diff changeset	1268	verify two conjunction rules:
d8205bb279a7 Initial revision lcp parents: diff changeset	1269	\[ \infer[({\conj}I)]{P\conj Q}{P & Q} \qquad\qquad
d8205bb279a7 Initial revision lcp parents: diff changeset	1270	\infer[({\conj}E1)]{P}{P\conj Q}
d8205bb279a7 Initial revision lcp parents: diff changeset	1271	\]
d8205bb279a7 Initial revision lcp parents: diff changeset	1272
d8205bb279a7 Initial revision lcp parents: diff changeset	1273	\subsection{The introduction rule}
d8205bb279a7 Initial revision lcp parents: diff changeset	1274	We begin by stating the rule as the goal. The list of premises $[P,Q]$ is
d8205bb279a7 Initial revision lcp parents: diff changeset	1275	bound to the {\ML} variable~{\tt prems}.
d8205bb279a7 Initial revision lcp parents: diff changeset	1276	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1277	val prems = goal HOL.thy "[\| P; Q \|] ==> P&Q";
d8205bb279a7 Initial revision lcp parents: diff changeset	1278	{\out Level 0}
d8205bb279a7 Initial revision lcp parents: diff changeset	1279	{\out P & Q}
d8205bb279a7 Initial revision lcp parents: diff changeset	1280	{\out 1. P & Q}
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1281	{\out val prems = ["P [P]", "Q [Q]"] : thm list}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1282	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1283	The next step is to unfold the definition of conjunction. But
306 eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1284	\ttindex{and_def} uses \HOL's internal equality, so
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1285	\ttindex{rewrite_goals_tac} is unsuitable.
d8205bb279a7 Initial revision lcp parents: diff changeset	1286	Instead, we perform substitution using the rule \ttindex{ssubst}:
d8205bb279a7 Initial revision lcp parents: diff changeset	1287	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1288	by (resolve_tac [and_def RS ssubst] 1);
d8205bb279a7 Initial revision lcp parents: diff changeset	1289	{\out Level 1}
d8205bb279a7 Initial revision lcp parents: diff changeset	1290	{\out P & Q}
d8205bb279a7 Initial revision lcp parents: diff changeset	1291	{\out 1. ! R. (P --> Q --> R) --> R}
d8205bb279a7 Initial revision lcp parents: diff changeset	1292	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1293	We now apply $(\forall I)$ and $({\imp}I)$:
d8205bb279a7 Initial revision lcp parents: diff changeset	1294	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1295	by (resolve_tac [allI] 1);
d8205bb279a7 Initial revision lcp parents: diff changeset	1296	{\out Level 2}
d8205bb279a7 Initial revision lcp parents: diff changeset	1297	{\out P & Q}
d8205bb279a7 Initial revision lcp parents: diff changeset	1298	{\out 1. !!R. (P --> Q --> R) --> R}
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	1299	\ttbreak
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1300	by (resolve_tac [impI] 1);
d8205bb279a7 Initial revision lcp parents: diff changeset	1301	{\out Level 3}
d8205bb279a7 Initial revision lcp parents: diff changeset	1302	{\out P & Q}
d8205bb279a7 Initial revision lcp parents: diff changeset	1303	{\out 1. !!R. P --> Q --> R ==> R}
d8205bb279a7 Initial revision lcp parents: diff changeset	1304	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1305	The assumption is a nested implication, which may be eliminated
d8205bb279a7 Initial revision lcp parents: diff changeset	1306	using~\ttindex{mp} resolved with itself. Elim-resolution, here, performs
d8205bb279a7 Initial revision lcp parents: diff changeset	1307	backwards chaining. More straightforward would be to use~\ttindex{impE}
d8205bb279a7 Initial revision lcp parents: diff changeset	1308	twice.
d8205bb279a7 Initial revision lcp parents: diff changeset	1309	\index{*RS}
d8205bb279a7 Initial revision lcp parents: diff changeset	1310	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1311	by (eresolve_tac [mp RS mp] 1);
d8205bb279a7 Initial revision lcp parents: diff changeset	1312	{\out Level 4}
d8205bb279a7 Initial revision lcp parents: diff changeset	1313	{\out P & Q}
d8205bb279a7 Initial revision lcp parents: diff changeset	1314	{\out 1. !!R. P}
d8205bb279a7 Initial revision lcp parents: diff changeset	1315	{\out 2. !!R. Q}
d8205bb279a7 Initial revision lcp parents: diff changeset	1316	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1317	These two subgoals are simply the premises:
d8205bb279a7 Initial revision lcp parents: diff changeset	1318	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1319	by (REPEAT (resolve_tac prems 1));
d8205bb279a7 Initial revision lcp parents: diff changeset	1320	{\out Level 5}
d8205bb279a7 Initial revision lcp parents: diff changeset	1321	{\out P & Q}
d8205bb279a7 Initial revision lcp parents: diff changeset	1322	{\out No subgoals!}
d8205bb279a7 Initial revision lcp parents: diff changeset	1323	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1324
d8205bb279a7 Initial revision lcp parents: diff changeset	1325
d8205bb279a7 Initial revision lcp parents: diff changeset	1326	\subsection{The elimination rule}
d8205bb279a7 Initial revision lcp parents: diff changeset	1327	Again, we bind the list of premises (in this case $[P\conj Q]$)
d8205bb279a7 Initial revision lcp parents: diff changeset	1328	to~{\tt prems}.
d8205bb279a7 Initial revision lcp parents: diff changeset	1329	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1330	val prems = goal HOL.thy "[\| P & Q \|] ==> P";
d8205bb279a7 Initial revision lcp parents: diff changeset	1331	{\out Level 0}
d8205bb279a7 Initial revision lcp parents: diff changeset	1332	{\out P}
d8205bb279a7 Initial revision lcp parents: diff changeset	1333	{\out 1. P}
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1334	{\out val prems = ["P & Q [P & Q]"] : thm list}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1335	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1336	Working with premises that involve defined constants can be tricky. We
d8205bb279a7 Initial revision lcp parents: diff changeset	1337	must expand the definition of conjunction in the meta-assumption $P\conj
d8205bb279a7 Initial revision lcp parents: diff changeset	1338	Q$. The rule \ttindex{subst} performs substitution in forward proofs.
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	1339	We get {\it two\/} resolvents since the vacuous substitution is valid:
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1340	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1341	prems RL [and_def RS subst];
d8205bb279a7 Initial revision lcp parents: diff changeset	1342	{\out val it = ["! R. (P --> Q --> R) --> R [P & Q]",}
d8205bb279a7 Initial revision lcp parents: diff changeset	1343	{\out "P & Q [P & Q]"] : thm list}
d8205bb279a7 Initial revision lcp parents: diff changeset	1344	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1345	By applying $(\forall E)$ and $({\imp}E)$ to the resolvents, we dispose of
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	1346	the vacuous one and put the other into a convenient form:\footnote {Why use
6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	1347	{\tt [spec] RL [mp]} instead of {\tt [spec RS mp]} to join the rules? In
6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	1348	higher-order logic, {\tt spec RS mp} fails because the resolution yields
6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	1349	two results, namely ${\List{\forall x.x; P}\Imp Q}$ and ${\List{\forall
6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	1350	x.P(x)\imp Q(x); P(x)}\Imp Q(x)}$. In first-order logic, the
6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	1351	resolution yields only the latter result because $\forall x.x$ is not a
6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	1352	first-order formula; in fact, it is equivalent to falsity.} \index{*RL}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1353	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1354	prems RL [and_def RS subst] RL [spec] RL [mp];
d8205bb279a7 Initial revision lcp parents: diff changeset	1355	{\out val it = ["P --> Q --> ?Q ==> ?Q [P & Q]"] : thm list}
d8205bb279a7 Initial revision lcp parents: diff changeset	1356	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1357	This is a list containing a single rule, which is directly applicable to
d8205bb279a7 Initial revision lcp parents: diff changeset	1358	our goal:
d8205bb279a7 Initial revision lcp parents: diff changeset	1359	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1360	by (resolve_tac it 1);
d8205bb279a7 Initial revision lcp parents: diff changeset	1361	{\out Level 1}
d8205bb279a7 Initial revision lcp parents: diff changeset	1362	{\out P}
d8205bb279a7 Initial revision lcp parents: diff changeset	1363	{\out 1. P --> Q --> P}
d8205bb279a7 Initial revision lcp parents: diff changeset	1364	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1365	The subgoal is a trivial implication. Recall that \ttindex{ares_tac} is a
d8205bb279a7 Initial revision lcp parents: diff changeset	1366	combination of \ttindex{assume_tac} and \ttindex{resolve_tac}.
d8205bb279a7 Initial revision lcp parents: diff changeset	1367	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1368	by (REPEAT (ares_tac [impI] 1));
d8205bb279a7 Initial revision lcp parents: diff changeset	1369	{\out Level 2}
d8205bb279a7 Initial revision lcp parents: diff changeset	1370	{\out P}
d8205bb279a7 Initial revision lcp parents: diff changeset	1371	{\out No subgoals!}
d8205bb279a7 Initial revision lcp parents: diff changeset	1372	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1373
d8205bb279a7 Initial revision lcp parents: diff changeset	1374
d8205bb279a7 Initial revision lcp parents: diff changeset	1375	\section{Example: Cantor's Theorem}
d8205bb279a7 Initial revision lcp parents: diff changeset	1376	Cantor's Theorem states that every set has more subsets than it has
d8205bb279a7 Initial revision lcp parents: diff changeset	1377	elements. It has become a favourite example in higher-order logic since
d8205bb279a7 Initial revision lcp parents: diff changeset	1378	it is so easily expressed:
d8205bb279a7 Initial revision lcp parents: diff changeset	1379	\[ \forall f::[\alpha,\alpha]\To bool. \exists S::\alpha\To bool.
d8205bb279a7 Initial revision lcp parents: diff changeset	1380	\forall x::\alpha. f(x) \not= S
d8205bb279a7 Initial revision lcp parents: diff changeset	1381	\]
d8205bb279a7 Initial revision lcp parents: diff changeset	1382	Viewing types as sets, $\alpha\To bool$ represents the powerset
d8205bb279a7 Initial revision lcp parents: diff changeset	1383	of~$\alpha$. This version states that for every function from $\alpha$ to
d8205bb279a7 Initial revision lcp parents: diff changeset	1384	its powerset, some subset is outside its range.
306 eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1385	The Isabelle proof uses \HOL's set theory, with the type $\alpha\,set$ and
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1386	the operator \ttindex{range}. Since it avoids quantification, we may
d8205bb279a7 Initial revision lcp parents: diff changeset	1387	inspect the subset found by the proof.
d8205bb279a7 Initial revision lcp parents: diff changeset	1388	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1389	goal Set.thy "~ ?S : range(f :: 'a=>'a set)";
d8205bb279a7 Initial revision lcp parents: diff changeset	1390	{\out Level 0}
d8205bb279a7 Initial revision lcp parents: diff changeset	1391	{\out ~ ?S : range(f)}
d8205bb279a7 Initial revision lcp parents: diff changeset	1392	{\out 1. ~ ?S : range(f)}
d8205bb279a7 Initial revision lcp parents: diff changeset	1393	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1394	The first two steps are routine. The rule \ttindex{rangeE} reasons that,
d8205bb279a7 Initial revision lcp parents: diff changeset	1395	since $\Var{S}\in range(f)$, we have $\Var{S}=f(x)$ for some~$x$.
d8205bb279a7 Initial revision lcp parents: diff changeset	1396	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1397	by (resolve_tac [notI] 1);
d8205bb279a7 Initial revision lcp parents: diff changeset	1398	{\out Level 1}
d8205bb279a7 Initial revision lcp parents: diff changeset	1399	{\out ~ ?S : range(f)}
d8205bb279a7 Initial revision lcp parents: diff changeset	1400	{\out 1. ?S : range(f) ==> False}
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	1401	\ttbreak
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1402	by (eresolve_tac [rangeE] 1);
d8205bb279a7 Initial revision lcp parents: diff changeset	1403	{\out Level 2}
d8205bb279a7 Initial revision lcp parents: diff changeset	1404	{\out ~ ?S : range(f)}
d8205bb279a7 Initial revision lcp parents: diff changeset	1405	{\out 1. !!x. ?S = f(x) ==> False}
d8205bb279a7 Initial revision lcp parents: diff changeset	1406	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1407	Next, we apply \ttindex{equalityCE}, reasoning that since $\Var{S}=f(x)$,
d8205bb279a7 Initial revision lcp parents: diff changeset	1408	we have $\Var{c}\in \Var{S}$ if and only if $\Var{c}\in f(x)$ for
d8205bb279a7 Initial revision lcp parents: diff changeset	1409	any~$\Var{c}$.
d8205bb279a7 Initial revision lcp parents: diff changeset	1410	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1411	by (eresolve_tac [equalityCE] 1);
d8205bb279a7 Initial revision lcp parents: diff changeset	1412	{\out Level 3}
d8205bb279a7 Initial revision lcp parents: diff changeset	1413	{\out ~ ?S : range(f)}
d8205bb279a7 Initial revision lcp parents: diff changeset	1414	{\out 1. !!x. [\| ?c3(x) : ?S; ?c3(x) : f(x) \|] ==> False}
d8205bb279a7 Initial revision lcp parents: diff changeset	1415	{\out 2. !!x. [\| ~ ?c3(x) : ?S; ~ ?c3(x) : f(x) \|] ==> False}
d8205bb279a7 Initial revision lcp parents: diff changeset	1416	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1417	Now we use a bit of creativity. Suppose that $\Var{S}$ has the form of a
d8205bb279a7 Initial revision lcp parents: diff changeset	1418	comprehension. Then $\Var{c}\in\{x.\Var{P}(x)\}$ implies
d8205bb279a7 Initial revision lcp parents: diff changeset	1419	$\Var{P}(\Var{c})\}$.\index{*CollectD}
d8205bb279a7 Initial revision lcp parents: diff changeset	1420	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1421	by (dresolve_tac [CollectD] 1);
d8205bb279a7 Initial revision lcp parents: diff changeset	1422	{\out Level 4}
d8205bb279a7 Initial revision lcp parents: diff changeset	1423	{\out ~ \{x. ?P7(x)\} : range(f)}
d8205bb279a7 Initial revision lcp parents: diff changeset	1424	{\out 1. !!x. [\| ?c3(x) : f(x); ?P7(?c3(x)) \|] ==> False}
d8205bb279a7 Initial revision lcp parents: diff changeset	1425	{\out 2. !!x. [\| ~ ?c3(x) : \{x. ?P7(x)\}; ~ ?c3(x) : f(x) \|] ==> False}
d8205bb279a7 Initial revision lcp parents: diff changeset	1426	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1427	Forcing a contradiction between the two assumptions of subgoal~1 completes
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	1428	the instantiation of~$S$. It is now the set $\{x. x\not\in f(x)\}$, the
6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	1429	standard diagonal construction.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1430	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1431	by (contr_tac 1);
d8205bb279a7 Initial revision lcp parents: diff changeset	1432	{\out Level 5}
d8205bb279a7 Initial revision lcp parents: diff changeset	1433	{\out ~ \{x. ~ x : f(x)\} : range(f)}
d8205bb279a7 Initial revision lcp parents: diff changeset	1434	{\out 1. !!x. [\| ~ x : \{x. ~ x : f(x)\}; ~ x : f(x) \|] ==> False}
d8205bb279a7 Initial revision lcp parents: diff changeset	1435	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1436	The rest should be easy. To apply \ttindex{CollectI} to the negated
d8205bb279a7 Initial revision lcp parents: diff changeset	1437	assumption, we employ \ttindex{swap_res_tac}:
d8205bb279a7 Initial revision lcp parents: diff changeset	1438	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1439	by (swap_res_tac [CollectI] 1);
d8205bb279a7 Initial revision lcp parents: diff changeset	1440	{\out Level 6}
d8205bb279a7 Initial revision lcp parents: diff changeset	1441	{\out ~ \{x. ~ x : f(x)\} : range(f)}
d8205bb279a7 Initial revision lcp parents: diff changeset	1442	{\out 1. !!x. [\| ~ x : f(x); ~ False \|] ==> ~ x : f(x)}
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	1443	\ttbreak
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1444	by (assume_tac 1);
d8205bb279a7 Initial revision lcp parents: diff changeset	1445	{\out Level 7}
d8205bb279a7 Initial revision lcp parents: diff changeset	1446	{\out ~ \{x. ~ x : f(x)\} : range(f)}
d8205bb279a7 Initial revision lcp parents: diff changeset	1447	{\out No subgoals!}
d8205bb279a7 Initial revision lcp parents: diff changeset	1448	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1449	How much creativity is required? As it happens, Isabelle can prove this
d8205bb279a7 Initial revision lcp parents: diff changeset	1450	theorem automatically. The classical set \ttindex{set_cs} contains rules
306 eee166d4a532 changed lists and added "let" and "case" nipkow parents: 287 diff changeset	1451	for most of the constructs of \HOL's set theory. We augment it with
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1452	\ttindex{equalityCE} --- set equalities are not broken up by default ---
d8205bb279a7 Initial revision lcp parents: diff changeset	1453	and apply best-first search. Depth-first search would diverge, but
d8205bb279a7 Initial revision lcp parents: diff changeset	1454	best-first search successfully navigates through the large search space.
d8205bb279a7 Initial revision lcp parents: diff changeset	1455	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1456	choplev 0;
d8205bb279a7 Initial revision lcp parents: diff changeset	1457	{\out Level 0}
d8205bb279a7 Initial revision lcp parents: diff changeset	1458	{\out ~ ?S : range(f)}
d8205bb279a7 Initial revision lcp parents: diff changeset	1459	{\out 1. ~ ?S : range(f)}
287 6b62a6ddbe15 first draft of Springer book lcp parents: 154 diff changeset	1460	\ttbreak
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1461	by (best_tac (set_cs addSEs [equalityCE]) 1);
d8205bb279a7 Initial revision lcp parents: diff changeset	1462	{\out Level 1}
d8205bb279a7 Initial revision lcp parents: diff changeset	1463	{\out ~ \{x. ~ x : f(x)\} : range(f)}
d8205bb279a7 Initial revision lcp parents: diff changeset	1464	{\out No subgoals!}
d8205bb279a7 Initial revision lcp parents: diff changeset	1465	\end{ttbox}

author	nipkow
	Wed, 30 Mar 1994 17:31:18 +0200
changeset 306	eee166d4a532
parent 287	6b62a6ddbe15
child 315	ebf62069d889
permissions	-rw-r--r--