12 proof (rule impI) |
12 proof (rule impI) |
13 assume a: "A" |
13 assume a: "A" |
14 show "A" by(rule a) |
14 show "A" by(rule a) |
15 qed |
15 qed |
16 text{*\noindent |
16 text{*\noindent |
17 The operational reading: the \isakeyword{assume}-\isakeyword{show} block |
17 The operational reading: the \isakeyword{assume}-\isakeyword{show} |
18 proves @{prop"A \<Longrightarrow> A"}, |
18 block proves @{prop"A \<Longrightarrow> A"} (@{term a} is a degenerate rule (no |
19 which rule @{thm[source]impI} (@{thm impI}) |
19 assumptions) that proves @{term A} outright), which rule |
20 turns into the desired @{prop"A \<longrightarrow> A"}. |
20 @{thm[source]impI} (@{thm impI}) turns into the desired @{prop"A \<longrightarrow> |
21 However, this text is much too detailed for comfort. Therefore Isar |
21 A"}. However, this text is much too detailed for comfort. Therefore |
22 implements the following principle: |
22 Isar implements the following principle: \begin{quote}\em Command |
23 \begin{quote}\em |
23 \isakeyword{proof} automatically tries to select an introduction rule |
24 Command \isakeyword{proof} automatically tries to select an introduction rule |
24 based on the goal and a predefined list of rules. \end{quote} Here |
25 based on the goal and a predefined list of rules. |
25 @{thm[source]impI} is applied automatically: *} |
26 \end{quote} |
|
27 Here @{thm[source]impI} is applied automatically: |
|
28 *} |
|
29 |
26 |
30 lemma "A \<longrightarrow> A" |
27 lemma "A \<longrightarrow> A" |
31 proof |
28 proof |
32 assume a: "A" |
29 assume a: A |
33 show "A" by(rule a) |
30 show A by(rule a) |
34 qed |
31 qed |
35 |
32 |
36 text{* Trivial proofs, in particular those by assumption, should be trivial |
33 text{*\noindent Single-identifier formulae such as @{term A} need not |
|
34 be enclosed in double quotes. However, we will continue to do so for |
|
35 uniformity. |
|
36 |
|
37 Trivial proofs, in particular those by assumption, should be trivial |
37 to perform. Proof ``.'' does just that (and a bit more). Thus |
38 to perform. Proof ``.'' does just that (and a bit more). Thus |
38 naming of assumptions is often superfluous: *} |
39 naming of assumptions is often superfluous: *} |
39 lemma "A \<longrightarrow> A" |
40 lemma "A \<longrightarrow> A" |
40 proof |
41 proof |
41 assume "A" |
42 assume "A" |
131 show ?thesis .. |
131 show ?thesis .. |
132 qed |
132 qed |
133 qed |
133 qed |
134 |
134 |
135 text{*\noindent Because of the frequency of \isakeyword{from}~@{text |
135 text{*\noindent Because of the frequency of \isakeyword{from}~@{text |
136 this} Isar provides two abbreviations: |
136 this}, Isar provides two abbreviations: |
137 \begin{center} |
137 \begin{center} |
138 \begin{tabular}{rcl} |
138 \begin{tabular}{r@ {\quad=\quad}l} |
139 \isakeyword{then} &=& \isakeyword{from} @{text this} \\ |
139 \isakeyword{then} & \isakeyword{from} @{text this} \\ |
140 \isakeyword{thus} &=& \isakeyword{then} \isakeyword{show} |
140 \isakeyword{thus} & \isakeyword{then} \isakeyword{show} |
141 \end{tabular} |
141 \end{tabular} |
142 \end{center} |
142 \end{center} |
143 \medskip |
|
144 |
143 |
145 Here is an alternative proof that operates purely by forward reasoning: *} |
144 Here is an alternative proof that operates purely by forward reasoning: *} |
146 lemma "A \<and> B \<longrightarrow> B \<and> A" |
145 lemma "A \<and> B \<longrightarrow> B \<and> A" |
147 proof |
146 proof |
148 assume ab: "A \<and> B" |
147 assume ab: "A \<and> B" |
149 from ab have a: "A" .. |
148 from ab have a: "A" .. |
150 from ab have b: "B" .. |
149 from ab have b: "B" .. |
151 from b a show "B \<and> A" .. |
150 from b a show "B \<and> A" .. |
152 qed |
151 qed |
153 text{*\noindent |
152 |
154 It is worth examining this text in detail because it exhibits a number of new concepts. |
153 text{*\noindent It is worth examining this text in detail because it |
155 |
154 exhibits a number of new concepts. For a start, it is the first time |
156 For a start, this is the first time we have proved intermediate propositions |
155 we have proved intermediate propositions (\isakeyword{have}) on the |
157 (\isakeyword{have}) on the way to the final \isakeyword{show}. This is the |
156 way to the final \isakeyword{show}. This is the norm in nontrivial |
158 norm in any nontrivial proof where one cannot bridge the gap between the |
157 proofs where one cannot bridge the gap between the assumptions and the |
159 assumptions and the conclusion in one step. Both \isakeyword{have}s above are |
158 conclusion in one step. To understand how the proof works we need to |
160 proved automatically via @{thm[source]conjE} triggered by |
159 explain more Isar details. |
161 \isakeyword{from}~@{text ab}. |
160 |
162 |
161 Method @{text rule} can be given a list of rules, in which case |
163 The \isakeyword{show} command illustrates two things: |
162 @{text"(rule"}~\textit{rules}@{text")"} applies the first matching |
164 \begin{itemize} |
163 rule in the list \textit{rules}. Command \isakeyword{from} can be |
165 \item \isakeyword{from} can be followed by any number of facts. |
164 followed by any number of facts. Given \isakeyword{from}~@{text |
166 Given \isakeyword{from}~@{text f}$_1$~\dots~@{text f}$_n$, the |
165 f}$_1$~\dots~@{text f}$_n$, the proof step |
167 \isakeyword{proof} step after \isakeyword{show} |
166 @{text"(rule"}~\textit{rules}@{text")"} following a \isakeyword{have} |
168 tries to find an elimination rule whose first $n$ premises can be proved |
167 or \isakeyword{show} searches \textit{rules} for a rule whose first |
169 by the given facts in the given order. |
168 $n$ premises can be proved by @{text f}$_1$~\dots~@{text f}$_n$ in the |
170 \item If there is no matching elimination rule, introduction rules are tried, |
169 given order. Finally one needs to know that ``..'' is short for |
171 again using the facts to prove the premises. |
170 @{text"by(rule"}~\textit{elim-rules intro-rules}@{text")"} (or |
172 \end{itemize} |
171 @{text"by(rule"}~\textit{intro-rules}@{text")"} if there are no facts |
173 In this case, the proof succeeds with @{thm[source]conjI}. Note that the proof |
172 fed into the proof), i.e.\ elimination rules are tried before |
174 would fail had we written \isakeyword{from}~@{text"a b"} |
173 introduction rules. |
175 instead of \isakeyword{from}~@{text"b a"}. |
174 |
176 |
175 Thus in the above proof both \isakeyword{have}s are proved via |
177 This treatment of facts fed into a proof is not restricted to implicit |
176 @{thm[source]conjE} triggered by \isakeyword{from}~@{text ab} whereas |
178 application of introduction and elimination rules but applies to explicit |
177 in the \isakeyword{show} step no elimination rule is applicable and |
179 application of rules as well. Thus you could replace the final ``..'' above |
178 the proof succeeds with @{thm[source]conjI}. The latter would fail had |
180 with \isakeyword{by}@{text"(rule conjI)"}. |
179 we written \isakeyword{from}~@{text"a b"} instead of |
181 *} |
180 \isakeyword{from}~@{text"b a"}. |
|
181 |
|
182 Proofs starting with a plain @{text proof} behave the same because the |
|
183 latter is short for @{text"proof (rule"}~\textit{elim-rules |
|
184 intro-rules}@{text")"} (or @{text"proof |
|
185 (rule"}~\textit{intro-rules}@{text")"} if there are no facts fed into |
|
186 the proof). *} |
182 |
187 |
183 subsection{*More constructs*} |
188 subsection{*More constructs*} |
184 |
189 |
185 text{* In the previous proof of @{prop"A \<and> B \<longrightarrow> B \<and> A"} we needed to feed |
190 text{* In the previous proof of @{prop"A \<and> B \<longrightarrow> B \<and> A"} we needed to feed |
186 more than one fact into a proof step, a frequent situation. Then the |
191 more than one fact into a proof step, a frequent situation. Then the |
260 \begin{description} |
265 \begin{description} |
261 \item[\isakeyword{next}] deals with multiple subgoals. For example, |
266 \item[\isakeyword{next}] deals with multiple subgoals. For example, |
262 when showing @{term"A \<and> B"} we need to show both @{term A} and @{term |
267 when showing @{term"A \<and> B"} we need to show both @{term A} and @{term |
263 B}. Each subgoal is proved separately, in \emph{any} order. The |
268 B}. Each subgoal is proved separately, in \emph{any} order. The |
264 individual proofs are separated by \isakeyword{next}. |
269 individual proofs are separated by \isakeyword{next}. |
|
270 |
|
271 Strictly speaking \isakeyword{next} is only required if the subgoals |
|
272 are proved in different assumption contexts which need to be |
|
273 separated, which is not the case above. For clarity we |
|
274 have employed \isakeyword{next} anyway and will continue to do so. |
265 \end{description} |
275 \end{description} |
266 |
276 |
267 This is all very well as long as formulae are small. Let us now look at some |
277 This is all very well as long as formulae are small. Let us now look at some |
268 devices to avoid repeating (possibly large) formulae. A very general method |
278 devices to avoid repeating (possibly large) formulae. A very general method |
269 is pattern matching: *} |
279 is pattern matching: *} |
552 |
562 |
553 subsubsection{*\isakeyword{note}*} |
563 subsubsection{*\isakeyword{note}*} |
554 text{* If you want to remember intermediate fact(s) that cannot be |
564 text{* If you want to remember intermediate fact(s) that cannot be |
555 named directly, use \isakeyword{note}. For example the result of raw |
565 named directly, use \isakeyword{note}. For example the result of raw |
556 proof block can be named by following it with |
566 proof block can be named by following it with |
557 \isakeyword{note}~@{text"note some_name = this"}. As a side effect |
567 \isakeyword{note}~@{text"some_name = this"}. As a side effect, |
558 @{text this} is set to the list of facts on the right-hand side. You |
568 @{text this} is set to the list of facts on the right-hand side. You |
559 can also say @{text"note some_fact"}, which simply sets @{text this}, |
569 can also say @{text"note some_fact"}, which simply sets @{text this}, |
560 i.e.\ recalls @{text"some_fact"}. *} |
570 i.e.\ recalls @{text"some_fact"}, e.g.\ in a \isakeyword{moreover} sequence. *} |
561 |
571 |
562 |
572 |
563 subsubsection{*\isakeyword{fixes}*} |
573 subsubsection{*\isakeyword{fixes}*} |
564 |
574 |
565 text{* Sometimes it is necessary to decorate a proposition with type |
575 text{* Sometimes it is necessary to decorate a proposition with type |