1 (* Title: HOL/Isar_examples/Cantor.thy |
1 (* Title: HOL/Isar_examples/Cantor.thy |
2 ID: $Id$ |
2 ID: $Id$ |
3 Author: Markus Wenzel, TU Muenchen |
3 Author: Markus Wenzel, TU Muenchen |
4 |
|
5 Cantor's theorem -- Isar'ized version of the final section of the HOL |
|
6 chapter of "Isabelle's Object-Logics" (Larry Paulson). |
|
7 *) |
4 *) |
8 |
5 |
9 header {* Cantor's Theorem *}; |
6 header {* Cantor's Theorem *}; |
10 |
7 |
11 theory Cantor = Main:; |
8 theory Cantor = Main:; |
12 |
9 |
13 text {* |
10 text {* |
14 Cantor's Theorem states that every set has more subsets than it has |
11 This is an Isar'ized version of the final example of the Isabelle/HOL |
15 elements. It has become a favorite basic example in pure |
12 manual \cite{isabelle-HOL}. |
16 higher-order logic since it is so easily expressed: \[\all{f::\alpha |
13 *}; |
17 \To \alpha \To \idt{bool}} \ex{S::\alpha \To \idt{bool}} |
14 |
18 \all{x::\alpha}. f \ap x \not= S\] |
15 text {* |
|
16 Cantor's Theorem states that every set has more subsets than it has |
|
17 elements. It has become a favorite basic example in pure |
|
18 higher-order logic since it is so easily expressed: \[\all{f::\alpha |
|
19 \To \alpha \To \idt{bool}} \ex{S::\alpha \To \idt{bool}} |
|
20 \all{x::\alpha}. f \ap x \not= S\] |
19 |
21 |
20 Viewing types as sets, $\alpha \To \idt{bool}$ represents the powerset of |
22 Viewing types as sets, $\alpha \To \idt{bool}$ represents the |
21 $\alpha$. This version of the theorem states that for every function from |
23 powerset of $\alpha$. This version of the theorem states that for |
22 $\alpha$ to its powerset, some subset is outside its range. The |
24 every function from $\alpha$ to its powerset, some subset is outside |
23 Isabelle/Isar proofs below use HOL's set theory, with the type $\alpha \ap |
25 its range. The Isabelle/Isar proofs below use HOL's set theory, with |
24 \idt{set}$ and the operator $\idt{range}$. |
26 the type $\alpha \ap \idt{set}$ and the operator $\idt{range}$. |
25 |
27 |
26 \bigskip We first consider a rather verbose version of the proof, with the |
28 \bigskip We first consider a rather verbose version of the proof, |
27 reasoning expressed quite naively. We only make use of the pure core of the |
29 with the reasoning expressed quite naively. We only make use of the |
28 Isar proof language. |
30 pure core of the Isar proof language. |
29 *}; |
31 *}; |
30 |
32 |
31 theorem "EX S. S ~: range(f :: 'a => 'a set)"; |
33 theorem "EX S. S ~: range(f :: 'a => 'a set)"; |
32 proof; |
34 proof; |
33 let ?S = "{x. x ~: f x}"; |
35 let ?S = "{x. x ~: f x}"; |
53 qed; |
55 qed; |
54 qed; |
56 qed; |
55 qed; |
57 qed; |
56 |
58 |
57 text {* |
59 text {* |
58 The following version of the proof essentially does the same reasoning, only |
60 The following version of the proof essentially does the same |
59 that it is expressed more neatly, with some derived Isar language elements |
61 reasoning, only that it is expressed more neatly, with some derived |
60 involved. |
62 Isar language elements involved. |
61 *}; |
63 *}; |
62 |
64 |
63 theorem "EX S. S ~: range(f :: 'a => 'a set)"; |
65 theorem "EX S. S ~: range(f :: 'a => 'a set)"; |
64 proof; |
66 proof; |
65 let ?S = "{x. x ~: f x}"; |
67 let ?S = "{x. x ~: f x}"; |
83 qed; |
85 qed; |
84 qed; |
86 qed; |
85 qed; |
87 qed; |
86 |
88 |
87 text {* |
89 text {* |
88 How much creativity is required? As it happens, Isabelle can prove this |
90 How much creativity is required? As it happens, Isabelle can prove |
89 theorem automatically. The default classical set contains rules for most of |
91 this theorem automatically. The default classical set contains rules |
90 the constructs of HOL's set theory. We must augment it with |
92 for most of the constructs of HOL's set theory. We must augment it |
91 \name{equalityCE} to break up set equalities, and then apply best-first |
93 with \name{equalityCE} to break up set equalities, and then apply |
92 search. Depth-first search would diverge, but best-first search |
94 best-first search. Depth-first search would diverge, but best-first |
93 successfully navigates through the large search space. |
95 search successfully navigates through the large search space. |
94 *}; |
96 *}; |
95 |
97 |
96 theorem "EX S. S ~: range(f :: 'a => 'a set)"; |
98 theorem "EX S. S ~: range(f :: 'a => 'a set)"; |
97 by (best elim: equalityCE); |
99 by (best elim: equalityCE); |
98 |
100 |
99 text {* |
101 text {* |
100 While this establishes the same theorem internally, we do not get any idea |
102 While this establishes the same theorem internally, we do not get any |
101 of how the proof actually works. There is currently no way to transform |
103 idea of how the proof actually works. There is currently no way to |
102 internal system-level representations of Isabelle proofs back into Isar |
104 transform internal system-level representations of Isabelle proofs |
103 documents. Note that writing Isabelle/Isar proof documents actually |
105 back into Isar documents. Writing proof documents really is a |
104 \emph{is} a creative process. |
106 creative process. |
105 *}; |
107 *}; |
106 |
108 |
107 end; |
109 end; |