# HG changeset patch # User wenzelm # Date 1451138621 -3600 # Node ID ed47044ee6a6478a4d6ac442eb74d48566f9ce4c # Parent 380cbe15cca5b55606467be85297a832ceb96350 more proofs, more text; diff -r 380cbe15cca5 -r ed47044ee6a6 src/HOL/Isar_Examples/Cantor.thy --- a/src/HOL/Isar_Examples/Cantor.thy Sat Dec 26 12:28:47 2015 +0100 +++ b/src/HOL/Isar_Examples/Cantor.thy Sat Dec 26 15:03:41 2015 +0100 @@ -8,6 +8,8 @@ imports Main begin +subsection \Mathematical statement and proof\ + text \ Cantor's Theorem states that there is no surjection from a set to its powerset. The proof works by diagonalization. E.g.\ see @@ -15,20 +17,22 @@ \<^item> @{url "https://en.wikipedia.org/wiki/Cantor's_diagonal_argument"} \ -theorem Cantor: "\ (\f :: 'a \ 'a set. \A :: 'a set. \x :: 'a. f x = A)" +theorem Cantor: "\ (\f :: 'a \ 'a set. \A :: 'a set. \x :: 'a. A = f x)" proof - assume "\f :: 'a \ 'a set. \A. \x. f x = A" - then obtain f :: "'a \ 'a set" where *: "\A. \x. f x = A" .. + assume "\f :: 'a \ 'a set. \A. \x. A = f x" + then obtain f :: "'a \ 'a set" where *: "\A. \x. A = f x" .. let ?D = "{x. x \ f x}" - from * obtain a where "f a = ?D" by blast + from * obtain a where "?D = f a" by blast moreover have "a \ ?D \ a \ f a" by blast ultimately show False by blast qed +subsection \Automated proofs\ + text \ - Here are shorter proofs via automated proof tools, but without any hints why - and how it works. + These automated proofs are much shorter, but lack information why and how it + works. \ theorem "\ (\f :: 'a \ 'a set. \A. \x. f x = A)" @@ -38,14 +42,47 @@ by force +subsection \Elementary version in higher-order predicate logic\ + +text \ + The subsequent formulation bypasses set notation of HOL; it uses elementary + \\\-calculus and predicate logic, with standard introduction and elimination + rules. This also shows that the proof does not require classical reasoning. +\ + +lemma iff_contradiction: + assumes *: "\ A \ A" + shows False +proof (rule notE) + show "\ A" + proof + assume A + with * have "\ A" .. + from this and \A\ show False .. + qed + with * show A .. +qed + +theorem Cantor': "\ (\f :: 'a \ 'a \ bool. \A :: 'a \ bool. \x :: 'a. A = f x)" +proof + assume "\f :: 'a \ 'a \ bool. \A :: 'a \ bool. \x. A = f x" + then obtain f :: "'a \ 'a \ bool" where *: "\A. \x. A = f x" .. + let ?D = "\x. \ f x x" + from * have "\x. ?D = f x" .. + then obtain a where "?D = f a" .. + then have "?D a \ f a a" using refl by (rule subst) + then show False by (rule iff_contradiction) +qed + + subsection \Classic Isabelle/HOL example\ text \ - The following treatment of Cantor's Theorem follows the classic from the - early 1990s, e.g.\ see the file @{verbatim "92/HOL/ex/set.ML"} in Isabelle92 - or @{cite \\S18.7\ "paulson-isa-book"}. The old tactic scripts synthesize - key information of the proof by refinement of schematic goal states. In - contrast, the Isar proof needs to say explicitly what is proven. + The following treatment of Cantor's Theorem follows the classic example from + the early 1990s, e.g.\ see the file @{verbatim "92/HOL/ex/set.ML"} in + Isabelle92 or @{cite \\S18.7\ "paulson-isa-book"}. The old tactic scripts + synthesize key information of the proof by refinement of schematic goal + states. In contrast, the Isar proof needs to say explicitly what is proven. \<^bigskip> Cantor's Theorem states that every set has more subsets than it has