equal
deleted
inserted
replaced
1 (* Title: HOL/Isar_examples/Peirce.thy |
1 (* Title: HOL/Isar_examples/Peirce.thy |
2 ID: $Id$ |
2 ID: $Id$ |
3 Author: Markus Wenzel, TU Muenchen |
3 Author: Markus Wenzel, TU Muenchen |
4 *) |
4 *) |
5 |
5 |
6 header {* Examples of classical proof: Peirce's Law *}; |
6 header {* Peirce's Law *}; |
7 |
7 |
8 theory Peirce = Main:; |
8 theory Peirce = Main:; |
|
9 |
|
10 text {* |
|
11 We consider Peirce's Law: $((A \impl B) \impl A) \impl A$. This is |
|
12 an inherently non-intuitionistic statement, so its proof will |
|
13 certainly involve some form of classical contradiction. |
|
14 |
|
15 The first proof is again a well-balanced combination of plain |
|
16 backward and forward reasoning. The actual classical reasoning step |
|
17 is where the negated goal is introduced as additional assumption. |
|
18 This eventually leads to a contradiction.\footnote{The rule involved |
|
19 here is negation elimination; it holds in intuitionistic logic as |
|
20 well.} |
|
21 *}; |
9 |
22 |
10 theorem "((A --> B) --> A) --> A"; |
23 theorem "((A --> B) --> A) --> A"; |
11 proof; |
24 proof; |
12 assume aba: "(A --> B) --> A"; |
25 assume aba: "(A --> B) --> A"; |
13 show A; |
26 show A; |
19 thus B; by contradiction; |
32 thus B; by contradiction; |
20 qed; |
33 qed; |
21 with aba; show A; ..; |
34 with aba; show A; ..; |
22 qed; |
35 qed; |
23 qed; |
36 qed; |
|
37 |
|
38 text {* |
|
39 The subsequent version rearranges the reasoning by means of ``weak |
|
40 assumptions'' (as introduced by \isacommand{presume}). Before |
|
41 assuming the negated goal $\neg A$, its intended consequence $A \impl |
|
42 B$ is put into place in order to solve the main problem. |
|
43 Nevertheless, we do not get anything for free, but have to establish |
|
44 $A \impl B$ later on. The overall effect is that of a \emph{cut}. |
|
45 |
|
46 Technically speaking, whenever some goal is solved by |
|
47 \isacommand{show} in the context of weak assumptions then the latter |
|
48 give rise to new subgoals, which may be established separately. In |
|
49 contrast, strong assumptions (as introduced by \isacommand{assume}) |
|
50 are solved immediately. |
|
51 *}; |
24 |
52 |
25 theorem "((A --> B) --> A) --> A"; |
53 theorem "((A --> B) --> A) --> A"; |
26 proof; |
54 proof; |
27 assume aba: "(A --> B) --> A"; |
55 assume aba: "(A --> B) --> A"; |
28 show A; |
56 show A; |
37 with not_a; show B; ..; |
65 with not_a; show B; ..; |
38 qed; |
66 qed; |
39 qed; |
67 qed; |
40 qed; |
68 qed; |
41 |
69 |
|
70 text {* |
|
71 Note that the goals stemming from weak assumptions may be even left |
|
72 until qed time, where they get eventually solved ``by assumption'' as |
|
73 well. In that case there is really no big difference between the two |
|
74 kinds of assumptions, apart from the order of reducing the individual |
|
75 parts of the proof configuration. |
|
76 |
|
77 Nevertheless, the ``strong'' mode of plain assumptions is quite |
|
78 important in practice to achieve robustness of proof document |
|
79 interpretation. By forcing both the conclusion \emph{and} the |
|
80 assumptions to unify with any pending goal to be solved, goal |
|
81 selection becomes quite deterministic. For example, typical |
|
82 ``case-analysis'' rules give rise to several goals that only differ |
|
83 in there local contexts. With strong assumptions these may be still |
|
84 solved in any order in a predictable way, while weak ones would |
|
85 quickly lead to great confusion, eventually demanding even some |
|
86 backtracking. |
|
87 *}; |
|
88 |
42 end; |
89 end; |