88 ``current goal'', i.e.\ the enclosing \isakeyword{show} (or |
88 ``current goal'', i.e.\ the enclosing \isakeyword{show} (or |
89 \isakeyword{have}) statement. |
89 \isakeyword{have}) statement. |
90 |
90 |
91 This is too much proof text. Elimination rules should be selected |
91 This is too much proof text. Elimination rules should be selected |
92 automatically based on their major premise, the formula or rather connective |
92 automatically based on their major premise, the formula or rather connective |
93 to be eliminated. In Isar they are triggered by propositions being fed |
93 to be eliminated. In Isar they are triggered by facts being fed |
94 \emph{into} a proof. Syntax: |
94 \emph{into} a proof. Syntax: |
95 \begin{center} |
95 \begin{center} |
96 \isakeyword{from} \emph{fact} \isakeyword{show} \emph{proposition} \emph{proof} |
96 \isakeyword{from} \emph{fact} \isakeyword{show} \emph{proposition} \emph{proof} |
97 \end{center} |
97 \end{center} |
98 where \emph{fact} stands for the name of a previously proved |
98 where \emph{fact} stands for the name of a previously proved |
112 assume "A" "B" |
112 assume "A" "B" |
113 show ?thesis .. |
113 show ?thesis .. |
114 qed |
114 qed |
115 qed |
115 qed |
116 |
116 |
117 text{* Now we come a second important principle: |
117 text{* Now we come to a second important principle: |
118 \begin{quote}\em |
118 \begin{quote}\em |
119 Try to arrange the sequence of propositions in a UNIX-like pipe, |
119 Try to arrange the sequence of propositions in a UNIX-like pipe, |
120 such that the proof of each proposition builds on the previous proposition. |
120 such that the proof of each proposition builds on the previous proposition. |
121 \end{quote} |
121 \end{quote} |
122 The previous proposition can be referred to via the fact @{text this}. |
122 The previous proposition can be referred to via the fact @{text this}. |
264 $\land$-elimination and the proofs are separated by \isakeyword{next}: |
264 $\land$-elimination and the proofs are separated by \isakeyword{next}: |
265 \begin{description} |
265 \begin{description} |
266 \item[\isakeyword{next}] deals with multiple subgoals. For example, |
266 \item[\isakeyword{next}] deals with multiple subgoals. For example, |
267 when showing @{term"A \<and> B"} we need to show both @{term A} and @{term |
267 when showing @{term"A \<and> B"} we need to show both @{term A} and @{term |
268 B}. Each subgoal is proved separately, in \emph{any} order. The |
268 B}. Each subgoal is proved separately, in \emph{any} order. The |
269 individual proofs are separated by \isakeyword{next}. |
269 individual proofs are separated by \isakeyword{next}. \footnote{Each |
|
270 \isakeyword{show} must prove one of the pending subgoals. If a |
|
271 \isakeyword{show} matches multiple subgoals, e.g.\ if the subgoals |
|
272 contain ?-variables, the first one is proved. Thus the order in which |
|
273 the subgoals are proved can matter --- see |
|
274 \S\ref{sec:CaseDistinction} for an example.} |
270 |
275 |
271 Strictly speaking \isakeyword{next} is only required if the subgoals |
276 Strictly speaking \isakeyword{next} is only required if the subgoals |
272 are proved in different assumption contexts which need to be |
277 are proved in different assumption contexts which need to be |
273 separated, which is not the case above. For clarity we |
278 separated, which is not the case above. For clarity we |
274 have employed \isakeyword{next} anyway and will continue to do so. |
279 have employed \isakeyword{next} anyway and will continue to do so. |
477 |
482 |
478 text{* Although we have shown how to employ powerful automatic methods like |
483 text{* Although we have shown how to employ powerful automatic methods like |
479 @{text blast} to achieve bigger proof steps, there may still be the |
484 @{text blast} to achieve bigger proof steps, there may still be the |
480 tendency to use the default introduction and elimination rules to |
485 tendency to use the default introduction and elimination rules to |
481 decompose goals and facts. This can lead to very tedious proofs: |
486 decompose goals and facts. This can lead to very tedious proofs: |
482 %\Tweakskip |
487 \Tweakskip |
483 *} |
488 *} |
484 (*<*)ML"set quick_and_dirty"(*>*) |
489 (*<*)ML"set quick_and_dirty"(*>*) |
485 lemma "\<forall>x y. A x y \<and> B x y \<longrightarrow> C x y" |
490 lemma "\<forall>x y. A x y \<and> B x y \<longrightarrow> C x y" |
486 proof |
491 proof |
487 fix x show "\<forall>y. A x y \<and> B x y \<longrightarrow> C x y" |
492 fix x show "\<forall>y. A x y \<and> B x y \<longrightarrow> C x y" |