70 \begin{warn} |
70 \begin{warn} |
71 The implication @{text"\<Longrightarrow>"} is part of the Isabelle framework. It structures |
71 The implication @{text"\<Longrightarrow>"} is part of the Isabelle framework. It structures |
72 theorems and proof states, separating assumptions from conclusions. |
72 theorems and proof states, separating assumptions from conclusions. |
73 The implication @{text"\<longrightarrow>"} is part of the logic HOL and can occur inside the |
73 The implication @{text"\<longrightarrow>"} is part of the logic HOL and can occur inside the |
74 formulas that make up the assumptions and conclusion. |
74 formulas that make up the assumptions and conclusion. |
75 Theorems should be of the form @{text"\<lbrakk> A\<^isub>1; \<dots>; A\<^isub>n \<rbrakk> \<Longrightarrow> A"}, |
75 Theorems should be of the form @{text"\<lbrakk> A\<^sub>1; \<dots>; A\<^sub>n \<rbrakk> \<Longrightarrow> A"}, |
76 not @{text"A\<^isub>1 \<and> \<dots> \<and> A\<^isub>n \<longrightarrow> A"}. Both are logically equivalent |
76 not @{text"A\<^sub>1 \<and> \<dots> \<and> A\<^sub>n \<longrightarrow> A"}. Both are logically equivalent |
77 but the first one works better when using the theorem in further proofs. |
77 but the first one works better when using the theorem in further proofs. |
78 \end{warn} |
78 \end{warn} |
79 |
79 |
80 \section{Sets} |
80 \section{Sets} |
81 \label{sec:Sets} |
81 \label{sec:Sets} |
82 |
82 |
83 Sets of elements of type @{typ 'a} have type @{typ"'a set"}. |
83 Sets of elements of type @{typ 'a} have type @{typ"'a set"}. |
84 They can be finite or infinite. Sets come with the usual notation: |
84 They can be finite or infinite. Sets come with the usual notation: |
85 \begin{itemize} |
85 \begin{itemize} |
86 \item @{term"{}"},\quad @{text"{e\<^isub>1,\<dots>,e\<^isub>n}"} |
86 \item @{term"{}"},\quad @{text"{e\<^sub>1,\<dots>,e\<^sub>n}"} |
87 \item @{prop"e \<in> A"},\quad @{prop"A \<subseteq> B"} |
87 \item @{prop"e \<in> A"},\quad @{prop"A \<subseteq> B"} |
88 \item @{term"A \<union> B"},\quad @{term"A \<inter> B"},\quad @{term"A - B"},\quad @{term"-A"} |
88 \item @{term"A \<union> B"},\quad @{term"A \<inter> B"},\quad @{term"A - B"},\quad @{term"-A"} |
89 \end{itemize} |
89 \end{itemize} |
90 (where @{term"A-B"} and @{text"-A"} are set difference and complement) |
90 (where @{term"A-B"} and @{text"-A"} are set difference and complement) |
91 and much more. @{const UNIV} is the set of all elements of some type. |
91 and much more. @{const UNIV} is the set of all elements of some type. |
317 The expression @{text"conjI[of \"a=b\" \"False\"]"} |
317 The expression @{text"conjI[of \"a=b\" \"False\"]"} |
318 instantiates the unknowns in @{thm[source] conjI} from left to right with the |
318 instantiates the unknowns in @{thm[source] conjI} from left to right with the |
319 two formulas @{text"a=b"} and @{text False}, yielding the rule |
319 two formulas @{text"a=b"} and @{text False}, yielding the rule |
320 @{thm[display,mode=Rule]conjI[of "a=b" False]} |
320 @{thm[display,mode=Rule]conjI[of "a=b" False]} |
321 |
321 |
322 In general, @{text"th[of string\<^isub>1 \<dots> string\<^isub>n]"} instantiates |
322 In general, @{text"th[of string\<^sub>1 \<dots> string\<^sub>n]"} instantiates |
323 the unknowns in the theorem @{text th} from left to right with the terms |
323 the unknowns in the theorem @{text th} from left to right with the terms |
324 @{text string\<^isub>1} to @{text string\<^isub>n}. |
324 @{text string\<^sub>1} to @{text string\<^sub>n}. |
325 |
325 |
326 \item By unification. \concept{Unification} is the process of making two |
326 \item By unification. \concept{Unification} is the process of making two |
327 terms syntactically equal by suitable instantiations of unknowns. For example, |
327 terms syntactically equal by suitable instantiations of unknowns. For example, |
328 unifying @{text"?P \<and> ?Q"} with \mbox{@{prop"a=b \<and> False"}} instantiates |
328 unifying @{text"?P \<and> ?Q"} with \mbox{@{prop"a=b \<and> False"}} instantiates |
329 @{text "?P"} with @{prop "a=b"} and @{text "?Q"} with @{prop False}. |
329 @{text "?P"} with @{prop "a=b"} and @{text "?Q"} with @{prop False}. |
344 results in two subgoals, one for each premise of @{thm[source]conjI}: |
344 results in two subgoals, one for each premise of @{thm[source]conjI}: |
345 \begin{quote} |
345 \begin{quote} |
346 @{text"1. \<dots> \<Longrightarrow> A"}\\ |
346 @{text"1. \<dots> \<Longrightarrow> A"}\\ |
347 @{text"2. \<dots> \<Longrightarrow> B"} |
347 @{text"2. \<dots> \<Longrightarrow> B"} |
348 \end{quote} |
348 \end{quote} |
349 In general, the application of a rule @{text"\<lbrakk> A\<^isub>1; \<dots>; A\<^isub>n \<rbrakk> \<Longrightarrow> A"} |
349 In general, the application of a rule @{text"\<lbrakk> A\<^sub>1; \<dots>; A\<^sub>n \<rbrakk> \<Longrightarrow> A"} |
350 to a subgoal \mbox{@{text"\<dots> \<Longrightarrow> C"}} proceeds in two steps: |
350 to a subgoal \mbox{@{text"\<dots> \<Longrightarrow> C"}} proceeds in two steps: |
351 \begin{enumerate} |
351 \begin{enumerate} |
352 \item |
352 \item |
353 Unify @{text A} and @{text C}, thus instantiating the unknowns in the rule. |
353 Unify @{text A} and @{text C}, thus instantiating the unknowns in the rule. |
354 \item |
354 \item |
355 Replace the subgoal @{text C} with @{text n} new subgoals @{text"A\<^isub>1"} to @{text"A\<^isub>n"}. |
355 Replace the subgoal @{text C} with @{text n} new subgoals @{text"A\<^sub>1"} to @{text"A\<^sub>n"}. |
356 \end{enumerate} |
356 \end{enumerate} |
357 This is the command to apply rule @{text xyz}: |
357 This is the command to apply rule @{text xyz}: |
358 \begin{quote} |
358 \begin{quote} |
359 \isacom{apply}@{text"(rule xyz)"} |
359 \isacom{apply}@{text"(rule xyz)"} |
360 \end{quote} |
360 \end{quote} |
428 the premises to the conclusion of the rule; application of rules to proof |
428 the premises to the conclusion of the rule; application of rules to proof |
429 states operates in the backward direction, from the conclusion to the |
429 states operates in the backward direction, from the conclusion to the |
430 premises. |
430 premises. |
431 \end{warn} |
431 \end{warn} |
432 |
432 |
433 In general @{text r} can be of the form @{text"\<lbrakk> A\<^isub>1; \<dots>; A\<^isub>n \<rbrakk> \<Longrightarrow> A"} |
433 In general @{text r} can be of the form @{text"\<lbrakk> A\<^sub>1; \<dots>; A\<^sub>n \<rbrakk> \<Longrightarrow> A"} |
434 and there can be multiple argument theorems @{text r\<^isub>1} to @{text r\<^isub>m} |
434 and there can be multiple argument theorems @{text r\<^sub>1} to @{text r\<^sub>m} |
435 (with @{text"m \<le> n"}), in which case @{text "r[OF r\<^isub>1 \<dots> r\<^isub>m]"} is obtained |
435 (with @{text"m \<le> n"}), in which case @{text "r[OF r\<^sub>1 \<dots> r\<^sub>m]"} is obtained |
436 by unifying and thus proving @{text "A\<^isub>i"} with @{text "r\<^isub>i"}, @{text"i = 1\<dots>m"}. |
436 by unifying and thus proving @{text "A\<^sub>i"} with @{text "r\<^sub>i"}, @{text"i = 1\<dots>m"}. |
437 Here is an example, where @{thm[source]refl} is the theorem |
437 Here is an example, where @{thm[source]refl} is the theorem |
438 @{thm[show_question_marks] refl}: |
438 @{thm[show_question_marks] refl}: |
439 *} |
439 *} |
440 |
440 |
441 thm conjI[OF refl[of "a"] refl[of "b"]] |
441 thm conjI[OF refl[of "a"] refl[of "b"]] |
737 \begin{quote} |
737 \begin{quote} |
738 \isacom{inductive} @{text"I :: \"\<tau> \<Rightarrow> bool\""} \isacom{where} |
738 \isacom{inductive} @{text"I :: \"\<tau> \<Rightarrow> bool\""} \isacom{where} |
739 \end{quote} |
739 \end{quote} |
740 followed by a sequence of (possibly named) rules of the form |
740 followed by a sequence of (possibly named) rules of the form |
741 \begin{quote} |
741 \begin{quote} |
742 @{text "\<lbrakk> I a\<^isub>1; \<dots>; I a\<^isub>n \<rbrakk> \<Longrightarrow> I a"} |
742 @{text "\<lbrakk> I a\<^sub>1; \<dots>; I a\<^sub>n \<rbrakk> \<Longrightarrow> I a"} |
743 \end{quote} |
743 \end{quote} |
744 separated by @{text"|"}. As usual, @{text n} can be 0. |
744 separated by @{text"|"}. As usual, @{text n} can be 0. |
745 The corresponding rule induction principle |
745 The corresponding rule induction principle |
746 @{text I.induct} applies to propositions of the form |
746 @{text I.induct} applies to propositions of the form |
747 \begin{quote} |
747 \begin{quote} |
753 Hence @{text "I x"} must be the first premise. |
753 Hence @{text "I x"} must be the first premise. |
754 \end{warn} |
754 \end{warn} |
755 Proving @{prop "I x \<Longrightarrow> P x"} by rule induction means proving |
755 Proving @{prop "I x \<Longrightarrow> P x"} by rule induction means proving |
756 for every rule of @{text I} that @{text P} is invariant: |
756 for every rule of @{text I} that @{text P} is invariant: |
757 \begin{quote} |
757 \begin{quote} |
758 @{text "\<lbrakk> I a\<^isub>1; P a\<^isub>1; \<dots>; I a\<^isub>n; P a\<^isub>n \<rbrakk> \<Longrightarrow> P a"} |
758 @{text "\<lbrakk> I a\<^sub>1; P a\<^sub>1; \<dots>; I a\<^sub>n; P a\<^sub>n \<rbrakk> \<Longrightarrow> P a"} |
759 \end{quote} |
759 \end{quote} |
760 |
760 |
761 The above format for inductive definitions is simplified in a number of |
761 The above format for inductive definitions is simplified in a number of |
762 respects. @{text I} can have any number of arguments and each rule can have |
762 respects. @{text I} can have any number of arguments and each rule can have |
763 additional premises not involving @{text I}, so-called \concept{side |
763 additional premises not involving @{text I}, so-called \concept{side |