4 |
4 |
5 Cantor's theorem -- Isar'ized version of the final section of the HOL |
5 Cantor's theorem -- Isar'ized version of the final section of the HOL |
6 chapter of "Isabelle's Object-Logics" (Larry Paulson). |
6 chapter of "Isabelle's Object-Logics" (Larry Paulson). |
7 *) |
7 *) |
8 |
8 |
|
9 header {* More classical proofs: Cantor's Theorem *}; |
|
10 |
9 theory Cantor = Main:; |
11 theory Cantor = Main:; |
10 |
|
11 |
|
12 section {* Example: Cantor's Theorem *}; |
|
13 |
12 |
14 text {* |
13 text {* |
15 Cantor's Theorem states that every set has more subsets than it has |
14 Cantor's Theorem states that every set has more subsets than it has |
16 elements. It has become a favourite example in higher-order logic |
15 elements. It has become a favourite basic example in higher-order logic |
17 since it is so easily expressed: @{display term[show_types] "ALL f |
16 since it is so easily expressed: \[\all{f::\alpha \To \alpha \To \idt{bool}} |
18 :: 'a => 'a => bool. EX S :: 'a => bool. ALL x::'a. f x ~= S"} |
17 \ex{S::\alpha \To \idt{bool}} \all{x::\alpha}. f \ap x \not= S\] |
19 |
18 |
20 Viewing types as sets, @{type "'a => bool"} represents the powerset |
19 Viewing types as sets, $\alpha \To \idt{bool}$ represents the powerset of |
21 of @{type 'a}. This version states that for every function from |
20 $\alpha$. This version of the theorem states that for every function from |
22 @{type 'a} to its powerset, some subset is outside its range. |
21 $\alpha$ to its powerset, some subset is outside its range. The |
23 |
22 Isabelle/Isar proofs below use HOL's set theory, with the type $\alpha \ap |
24 The Isabelle/Isar proofs below use HOL's set theory, with the type |
23 \idt{set}$ and the operator $\idt{range}$. |
25 @{type "'a set"} and the operator @{term range}. |
24 |
26 *}; |
25 \bigskip We first consider a rather verbose version of the proof, with the |
27 |
26 reasoning expressed quite naively. We only make use of the pure core of the |
28 |
27 Isar proof language. |
29 text {* |
|
30 We first consider a rather verbose version of the proof, with the |
|
31 reasoning expressed quite naively. We only make use of the pure |
|
32 core of the Isar proof language. |
|
33 *}; |
28 *}; |
34 |
29 |
35 theorem "EX S. S ~: range(f :: 'a => 'a set)"; |
30 theorem "EX S. S ~: range(f :: 'a => 'a set)"; |
36 proof; |
31 proof; |
37 let ?S = "{x. x ~: f x}"; |
32 let ?S = "{x. x ~: f x}"; |
56 qed; |
51 qed; |
57 qed; |
52 qed; |
58 qed; |
53 qed; |
59 qed; |
54 qed; |
60 |
55 |
61 |
|
62 text {* |
56 text {* |
63 The following version essentially does the same reasoning, only that |
57 The following version of the proof essentially does the same reasoning, only |
64 it is expressed more neatly, with some derived Isar language |
58 that it is expressed more neatly, with some derived Isar language elements |
65 elements involved. |
59 involved. |
66 *}; |
60 *}; |
67 |
61 |
68 theorem "EX S. S ~: range(f :: 'a => 'a set)"; |
62 theorem "EX S. S ~: range(f :: 'a => 'a set)"; |
69 proof; |
63 proof; |
70 let ?S = "{x. x ~: f x}"; |
64 let ?S = "{x. x ~: f x}"; |
87 qed; |
81 qed; |
88 qed; |
82 qed; |
89 qed; |
83 qed; |
90 qed; |
84 qed; |
91 |
85 |
92 |
|
93 text {* |
86 text {* |
94 How much creativity is required? As it happens, Isabelle can prove |
87 How much creativity is required? As it happens, Isabelle can prove this |
95 this theorem automatically. The default classical set contains |
88 theorem automatically. The default classical set contains rules for most of |
96 rules for most of the constructs of HOL's set theory. We must |
89 the constructs of HOL's set theory. We must augment it with |
97 augment it with @{thm equalityCE} to break up set equalities, and |
90 \name{equalityCE} to break up set equalities, and then apply best-first |
98 then apply best-first search. Depth-first search would diverge, but |
91 search. Depth-first search would diverge, but best-first search |
99 best-first search successfully navigates through the large search |
92 successfully navigates through the large search space. |
100 space. |
|
101 *}; |
93 *}; |
102 |
94 |
103 theorem "EX S. S ~: range(f :: 'a => 'a set)"; |
95 theorem "EX S. S ~: range(f :: 'a => 'a set)"; |
104 by (best elim: equalityCE); |
96 by (best elim: equalityCE); |
105 |
97 |
106 text {* |
98 text {* |
107 While this establishes the same theorem internally, we do not get |
99 While this establishes the same theorem internally, we do not get any idea |
108 any idea of how the proof actually works. There is currently no way |
100 of how the proof actually works. There is currently no way to transform |
109 to transform internal system-level representations of Isabelle |
101 internal system-level representations of Isabelle proofs back into Isar |
110 proofs back into Isar documents. Writing Isabelle/Isar proof |
102 documents. Note that writing Isabelle/Isar proof documents actually |
111 documents actually \emph{is} a creative process. |
103 \emph{is} a creative process. |
112 *}; |
104 *}; |
113 |
105 |
114 |
|
115 end; |
106 end; |