7 first-order logic. The theory includes a collection of derived natural |
7 first-order logic. The theory includes a collection of derived natural |
8 deduction rules, for use with Isabelle's classical reasoner. Much |
8 deduction rules, for use with Isabelle's classical reasoner. Much |
9 of it is based on the work of No\"el~\cite{noel}. |
9 of it is based on the work of No\"el~\cite{noel}. |
10 |
10 |
11 A tremendous amount of set theory has been formally developed, including |
11 A tremendous amount of set theory has been formally developed, including |
12 the basic properties of relations, functions and ordinals. Significant |
12 the basic properties of relations, functions, ordinals and cardinals. |
13 results have been proved, such as the Schr\"oder-Bernstein Theorem and a |
13 Significant results have been proved, such as the Schr\"oder-Bernstein |
14 version of Ramsey's Theorem. General methods have been developed for |
14 Theorem, the Wellordering Theorem and a version of Ramsey's Theorem. |
15 solving recursion equations over monotonic functors; these have been |
15 General methods have been developed for solving recursion equations over |
16 applied to yield constructions of lists, trees, infinite lists, etc. The |
16 monotonic functors; these have been applied to yield constructions of |
17 Recursion Theorem has been proved, admitting recursive definitions of |
17 lists, trees, infinite lists, etc. The Recursion Theorem has been proved, |
18 functions over well-founded relations. Thus, we may even regard set theory |
18 admitting recursive definitions of functions over well-founded relations. |
19 as a computational logic, loosely inspired by Martin-L\"of's Type Theory. |
19 Thus, we may even regard set theory as a computational logic, loosely |
|
20 inspired by Martin-L\"of's Type Theory. |
20 |
21 |
21 Because {\ZF} is an extension of {\FOL}, it provides the same packages, |
22 Because {\ZF} is an extension of {\FOL}, it provides the same packages, |
22 namely {\tt hyp_subst_tac}, the simplifier, and the classical reasoner. |
23 namely {\tt hyp_subst_tac}, the simplifier, and the classical reasoner. |
23 The main simplification set is called {\tt ZF_ss}. Several |
24 The main simplification set is called {\tt ZF_ss}. Several |
24 classical rule sets are defined, including {\tt lemmas_cs}, |
25 classical rule sets are defined, including {\tt lemmas_cs}, |
25 {\tt upair_cs} and~{\tt ZF_cs}. |
26 {\tt upair_cs} and~{\tt ZF_cs}. |
26 |
27 |
27 {\tt ZF} now has a flexible package for handling inductive definitions, |
28 {\tt ZF} has a flexible package for handling inductive definitions, |
28 such as inference systems, and datatype definitions, such as lists and |
29 such as inference systems, and datatype definitions, such as lists and |
29 trees. Moreover it also handles coinductive definitions, such as |
30 trees. Moreover it handles coinductive definitions, such as |
30 bisimulation relations, and codatatype definitions, such as streams. A |
31 bisimulation relations, and codatatype definitions, such as streams. A |
31 recent paper describes the package~\cite{paulson-fixedpt}. |
32 recent paper describes the package~\cite{paulson-CADE}, but its examples |
|
33 use an obsolete declaration syntax. Please consult the version of the |
|
34 paper distributed with Isabelle. |
32 |
35 |
33 Recent reports~\cite{paulson-set-I,paulson-set-II} describe {\tt ZF} less |
36 Recent reports~\cite{paulson-set-I,paulson-set-II} describe {\tt ZF} less |
34 formally than this chapter. Isabelle employs a novel treatment of |
37 formally than this chapter. Isabelle employs a novel treatment of |
35 non-well-founded data structures within the standard {\sc zf} axioms including |
38 non-well-founded data structures within the standard {\sc zf} axioms including |
36 the Axiom of Foundation~\cite{paulson-final}. |
39 the Axiom of Foundation~\cite{paulson-final}. |
1130 Theorem only for a particular lattice, namely the lattice of subsets of a |
1133 Theorem only for a particular lattice, namely the lattice of subsets of a |
1131 set (Fig.\ts\ref{zf-fixedpt}). The theory defines least and greatest |
1134 set (Fig.\ts\ref{zf-fixedpt}). The theory defines least and greatest |
1132 fixedpoint operators with corresponding induction and coinduction rules. |
1135 fixedpoint operators with corresponding induction and coinduction rules. |
1133 These are essential to many definitions that follow, including the natural |
1136 These are essential to many definitions that follow, including the natural |
1134 numbers and the transitive closure operator. The (co)inductive definition |
1137 numbers and the transitive closure operator. The (co)inductive definition |
1135 package also uses the fixedpoint operators~\cite{paulson-fixedpt}. See |
1138 package also uses the fixedpoint operators~\cite{paulson-CADE}. See |
1136 Davey and Priestley~\cite{davey&priestley} for more on the Knaster-Tarski |
1139 Davey and Priestley~\cite{davey&priestley} for more on the Knaster-Tarski |
1137 Theorem and my paper~\cite{paulson-set-II} for discussion of the Isabelle |
1140 Theorem and my paper~\cite{paulson-set-II} for discussion of the Isabelle |
1138 proofs. |
1141 proofs. |
1139 |
1142 |
1140 Monotonicity properties are proved for most of the set-forming operations: |
1143 Monotonicity properties are proved for most of the set-forming operations: |
1288 Theory \thydx{QUniv} defines a `universe' ${\tt quniv}(A)$, for |
1291 Theory \thydx{QUniv} defines a `universe' ${\tt quniv}(A)$, for |
1289 constructing codatatypes such as streams. It is analogous to ${\tt |
1292 constructing codatatypes such as streams. It is analogous to ${\tt |
1290 univ}(A)$ (and is defined in terms of it) but is closed under the |
1293 univ}(A)$ (and is defined in terms of it) but is closed under the |
1291 non-standard product and sum. |
1294 non-standard product and sum. |
1292 |
1295 |
1293 Figure~\ref{zf-fin} presents the finite set operator; ${\tt Fin}(A)$ is the |
1296 Theory {\tt Finite} (Figure~\ref{zf-fin}) defines the finite set operator; |
1294 set of all finite sets over~$A$. The definition employs Isabelle's |
1297 ${\tt Fin}(A)$ is the set of all finite sets over~$A$. The theory employs |
1295 inductive definition package~\cite{paulson-fixedpt}, which proves various |
1298 Isabelle's inductive definition package, which proves various rules |
1296 rules automatically. The induction rule shown is stronger than the one |
1299 automatically. The induction rule shown is stronger than the one proved by |
1297 proved by the package. See file {\tt ZF/Fin.ML}. |
1300 the package. The theory also defines the set of all finite functions |
1298 |
1301 between two given sets. |
1299 \begin{figure} |
1302 |
1300 \begin{ttbox} |
1303 \begin{figure} |
1301 \tdx{Fin_0I} 0 : Fin(A) |
1304 \begin{ttbox} |
1302 \tdx{Fin_consI} [| a: A; b: Fin(A) |] ==> cons(a,b) : Fin(A) |
1305 \tdx{Fin.emptyI} 0 : Fin(A) |
|
1306 \tdx{Fin.consI} [| a: A; b: Fin(A) |] ==> cons(a,b) : Fin(A) |
1303 |
1307 |
1304 \tdx{Fin_induct} |
1308 \tdx{Fin_induct} |
1305 [| b: Fin(A); |
1309 [| b: Fin(A); |
1306 P(0); |
1310 P(0); |
1307 !!x y. [| x: A; y: Fin(A); x~:y; P(y) |] ==> P(cons(x,y)) |
1311 !!x y. [| x: A; y: Fin(A); x~:y; P(y) |] ==> P(cons(x,y)) |
1397 $\epsilon$-recursion, which are generalisations of transfinite |
1401 $\epsilon$-recursion, which are generalisations of transfinite |
1398 induction and recursion. It also defines \cdx{rank}$(x)$, which is the |
1402 induction and recursion. It also defines \cdx{rank}$(x)$, which is the |
1399 least ordinal $\alpha$ such that $x$ is constructed at stage $\alpha$ |
1403 least ordinal $\alpha$ such that $x$ is constructed at stage $\alpha$ |
1400 of the cumulative hierarchy (thus $x\in V@{\alpha+1}$). |
1404 of the cumulative hierarchy (thus $x\in V@{\alpha+1}$). |
1401 \end{itemize} |
1405 \end{itemize} |
|
1406 |
|
1407 Other important theories lead to a theory of cardinal numbers. They have |
|
1408 not yet been written up anywhere. Here is a summary: |
|
1409 \begin{itemize} |
|
1410 \item Theory {\tt Rel} defines the basic properties of relations, such as |
|
1411 (ir)reflexivity, (a)symmetry, and transitivity. |
|
1412 |
|
1413 \item Theory {\tt EquivClass} develops a theory of equivalence |
|
1414 classes, not using the Axiom of Choice. |
|
1415 |
|
1416 \item Theory {\tt Order} defines partial orderings, total orderings and |
|
1417 wellorderings. |
|
1418 |
|
1419 \item Theory {\tt OrderArith} defines orderings on sum and product sets. |
|
1420 These can be used to define ordinal arithmetic and have applications to |
|
1421 cardinal arithmetic. |
|
1422 |
|
1423 \item Theory {\tt OrderType} defines order types. Every wellordering is |
|
1424 equivalent to a unique ordinal, which is its order type. |
|
1425 |
|
1426 \item Theory {\tt Cardinal} defines equipollence and cardinal numbers. |
|
1427 |
|
1428 \item Theory {\tt CardinalArith} defines cardinal addition and |
|
1429 multiplication, and proves their elementary laws. It proves that there |
|
1430 is no greatest cardinal. It also proves a deep result, namely |
|
1431 $\kappa\otimes\kappa=\kappa$ for every infinite cardinal~$\kappa$; see |
|
1432 Kunen~\cite[page 29]{kunen80}. None of these results assume the Axiom of |
|
1433 Choice, which complicates their proofs considerably. |
|
1434 \end{itemize} |
|
1435 |
|
1436 The following developments involve the Axiom of Choice (AC): |
|
1437 \begin{itemize} |
|
1438 \item Theory {\tt AC} asserts the Axiom of Choice and proves some simple |
|
1439 equivalent forms. |
|
1440 |
|
1441 \item Theory {\tt Zorn} proves Hausdorff's Maximal Principle, Zorn's Lemma |
|
1442 and the Wellordering Theorem, following Abrial and |
|
1443 Laffitte~\cite{abrial93}. |
|
1444 |
|
1445 \item Theory \verb|Cardinal_AC| uses AC to prove simplified theorems about |
|
1446 the cardinals. It also proves a theorem needed to justify |
|
1447 infinitely branching datatype declarations: if $\kappa$ is an infinite |
|
1448 cardinal and $|X(\alpha)| \le \kappa$ for all $\alpha<\kappa$ then |
|
1449 $|\union\sb{\alpha<\kappa} X(\alpha)| \le \kappa$. |
|
1450 |
|
1451 \item Theory {\tt InfDatatype} proves theorems to justify infinitely |
|
1452 branching datatypes. Arbitrary index sets are allowed, provided their |
|
1453 cardinalities have an upper bound. The theory also justifies some |
|
1454 unusual cases of finite branching, involving the finite powerset operator |
|
1455 and the finite function space operator. |
|
1456 \end{itemize} |
|
1457 |
1402 |
1458 |
1403 |
1459 |
1404 \section{Simplification rules} |
1460 \section{Simplification rules} |
1405 {\ZF} does not merely inherit simplification from \FOL, but modifies it |
1461 {\ZF} does not merely inherit simplification from \FOL, but modifies it |
1406 extensively. File {\tt ZF/simpdata.ML} contains the details. |
1462 extensively. File {\tt ZF/simpdata.ML} contains the details. |
1431 \end{eqnarray*} |
1487 \end{eqnarray*} |
1432 \caption{Rewrite rules for set theory} \label{zf-simpdata} |
1488 \caption{Rewrite rules for set theory} \label{zf-simpdata} |
1433 \end{figure} |
1489 \end{figure} |
1434 |
1490 |
1435 |
1491 |
1436 \section{The examples directory} |
1492 \section{The examples directories} |
|
1493 Directory {\tt HOL/IMP} contains a mechanised version of a semantic |
|
1494 equivalence proof taken from Winskel~\cite{winskel93}. It formalises the |
|
1495 denotational and operational semantics of a simple while-language, then |
|
1496 proves the two equivalent. It contains several datatype and inductive |
|
1497 definitions, and demonstrates their use. |
|
1498 |
1437 The directory {\tt ZF/ex} contains further developments in {\ZF} set |
1499 The directory {\tt ZF/ex} contains further developments in {\ZF} set |
1438 theory. Here is an overview; see the files themselves for more details. I |
1500 theory. Here is an overview; see the files themselves for more details. I |
1439 describe much of this material in other |
1501 describe much of this material in other |
1440 publications~\cite{paulson-fixedpt,paulson-set-I,paulson-set-II}. |
1502 publications~\cite{paulson-set-I,paulson-set-II,paulson-CADE}. |
1441 \begin{ttdescription} |
1503 \begin{itemize} |
1442 \item[ZF/ex/misc.ML] contains miscellaneous examples such as |
1504 \item File {\tt misc.ML} contains miscellaneous examples such as |
1443 Cantor's Theorem, the Schr\"oder-Bernstein Theorem and the |
1505 Cantor's Theorem, the Schr\"oder-Bernstein Theorem and the `Composition |
1444 `Composition of homomorphisms' challenge~\cite{boyer86}. |
1506 of homomorphisms' challenge~\cite{boyer86}. |
1445 |
1507 |
1446 \item[ZF/ex/Ramsey.ML] |
1508 \item Theory {\tt Ramsey} proves the finite exponent 2 version of |
1447 proves the finite exponent 2 version of Ramsey's Theorem, following Basin |
1509 Ramsey's Theorem, following Basin and Kaufmann's |
1448 and Kaufmann's presentation~\cite{basin91}. |
1510 presentation~\cite{basin91}. |
1449 |
1511 |
1450 \item[ZF/ex/Equiv.ML] |
1512 \item Theory {\tt Integ} develops a theory of the integers as |
1451 develops a theory of equivalence classes, not using the Axiom of Choice. |
1513 equivalence classes of pairs of natural numbers. |
1452 |
1514 |
1453 \item[ZF/ex/Integ.ML] |
1515 \item Theory {\tt Bin} defines a datatype for two's complement binary |
1454 develops a theory of the integers as equivalence classes of pairs of |
1516 integers, then proves rewrite rules to perform binary arithmetic. For |
1455 natural numbers. |
1517 instance, $1359\times {-}2468 = {-}3354012$ takes under 14 seconds. |
1456 |
1518 |
1457 \item[ZF/ex/Bin.ML] |
1519 \item Theory {\tt BT} defines the recursive data structure ${\tt |
1458 defines a datatype for two's complement binary integers. File |
1520 bt}(A)$, labelled binary trees. |
1459 {\tt BinFn.ML} then develops rewrite rules for binary |
1521 |
1460 arithmetic. For instance, $1359\times {-}2468 = {-}3354012$ takes under |
1522 \item Theory {\tt Term} defines a recursive data structure for terms |
1461 14 seconds. |
1523 and term lists. These are simply finite branching trees. |
1462 |
1524 |
1463 \item[ZF/ex/BT.ML] |
1525 \item Theory {\tt TF} defines primitives for solving mutually |
1464 defines the recursive data structure ${\tt bt}(A)$, labelled binary trees. |
|
1465 |
|
1466 \item[ZF/ex/Term.ML] |
|
1467 and {\tt TermFn.ML} define a recursive data structure for |
|
1468 terms and term lists. These are simply finite branching trees. |
|
1469 |
|
1470 \item[ZF/ex/TF.ML] |
|
1471 and {\tt TF_Fn.ML} define primitives for solving mutually |
|
1472 recursive equations over sets. It constructs sets of trees and forests |
1526 recursive equations over sets. It constructs sets of trees and forests |
1473 as an example, including induction and recursion rules that handle the |
1527 as an example, including induction and recursion rules that handle the |
1474 mutual recursion. |
1528 mutual recursion. |
1475 |
1529 |
1476 \item[ZF/ex/Prop.ML] |
1530 \item Theory {\tt Prop} proves soundness and completeness of |
1477 and {\tt PropLog.ML} proves soundness and completeness of |
|
1478 propositional logic~\cite{paulson-set-II}. This illustrates datatype |
1531 propositional logic~\cite{paulson-set-II}. This illustrates datatype |
1479 definitions, inductive definitions, structural induction and rule induction. |
1532 definitions, inductive definitions, structural induction and rule |
1480 |
1533 induction. |
1481 \item[ZF/ex/ListN.ML] |
1534 |
1482 presents the inductive definition of the lists of $n$ elements~\cite{paulin92}. |
1535 \item Theory {\tt ListN} inductively defines the lists of $n$ |
1483 |
1536 elements~\cite{paulin92}. |
1484 \item[ZF/ex/Acc.ML] |
1537 |
1485 presents the inductive definition of the accessible part of a |
1538 \item Theory {\tt Acc} inductively defines the accessible part of a |
1486 relation~\cite{paulin92}. |
1539 relation~\cite{paulin92}. |
1487 |
1540 |
1488 \item[ZF/ex/Comb.ML] |
1541 \item Theory {\tt Comb} defines the datatype of combinators and |
1489 presents the datatype definition of combinators. The file |
1542 inductively defines contraction and parallel contraction. It goes on to |
1490 {\tt Contract0.ML} defines contraction, while file |
1543 prove the Church-Rosser Theorem. This case study follows Camilleri and |
1491 {\tt ParContract.ML} defines parallel contraction and |
1544 Melham~\cite{camilleri92}. |
1492 proves the Church-Rosser Theorem. This case study follows Camilleri and |
1545 |
1493 Melham~\cite{camilleri92}. |
1546 \item Theory {\tt LList} defines lazy lists and a coinduction |
1494 |
1547 principle for proving equations between them. |
1495 \item[ZF/ex/LList.ML] |
1548 \end{itemize} |
1496 and {\tt LList_Eq.ML} develop lazy lists and a notion |
|
1497 of coinduction for proving equations between them. |
|
1498 \end{ttdescription} |
|
1499 |
1549 |
1500 |
1550 |
1501 \section{A proof about powersets}\label{sec:ZF-pow-example} |
1551 \section{A proof about powersets}\label{sec:ZF-pow-example} |
1502 To demonstrate high-level reasoning about subsets, let us prove the |
1552 To demonstrate high-level reasoning about subsets, let us prove the |
1503 equation ${{\tt Pow}(A)\cap {\tt Pow}(B)}= {\tt Pow}(A\cap B)$. Compared |
1553 equation ${{\tt Pow}(A)\cap {\tt Pow}(B)}= {\tt Pow}(A\cap B)$. Compared |