theory %visible First_Order_Logic imports Base (* FIXME Pure!? *) begin
text\<open> In order to commence a new object-logic within Isabelle/Pure we introduce
abstract syntactic categories \<open>i\<close> for individuals and \<open>o\<close> for
object-propositions. The latter is embedded into the language of Pure
propositions by means of a separate judgment. \<close>
typedecl i typedecl o
judgment Trueprop :: "o \ prop" (\_\ 5)
text\<open> Note that the object-logic judgmentis implicit in the syntax: writing \<^prop>\<open>A\<close> produces \<^term>\<open>Trueprop A\<close> internally. From the Pure
perspective this means ``\<^prop>\<open>A\<close> is derivable in the object-logic''. \<close>
text\<open>
Equality is axiomatized as a binary predicate on individuals, with
reflexivity as introduction, and substitution as elimination principle. Note
that the latter is particularly convenient in a framework like Isabelle,
because syntactic congruences are implicitly produced by unification of \<open>B x\<close> against expressions containing occurrences of \<open>x\<close>. \<close>
axiomatization equal :: "i \ i \ o" (infix \=\ 50) where refl [intro]: "x = x" and subst [elim]: "x = y \ B x \ B y"
text\<open>
Substitution is very powerful, but also hard to control in full generality.
We derive some common symmetry~/ transitivity schemes of \<^term>\<open>equal\<close> as
particular consequences. \<close>
theorem sym [sym]: assumes"x = y" shows"y = x" proof - have"x = x" .. with\<open>x = y\<close> show "y = x" .. qed
theorem forw_subst [trans]: assumes"y = x"and"B x" shows"B y" proof - from\<open>y = x\<close> have "x = y" .. from this and\<open>B x\<close> show "B y" .. qed
theorem trans [trans]: assumes"x = y"and"y = z" shows"x = z" proof - from\<open>y = z\<close> and \<open>x = y\<close> show"x = z" .. qed
subsection \<open>Basic group theory\<close>
text\<open>
As an example for equational reasoning we consider some bits of group theory. The subsequent localedefinition postulates group operations and axioms; we also derive some consequences of this specification. \<close>
locale group = fixes prod :: "i \ i \ i" (infix \\\ 70) and inv :: "i \ i" (\(_\)\ [1000] 999) and unit :: i (\<open>1\<close>) assumes assoc: "(x \ y) \ z = x \ (y \ z)" and left_unit: "1 \ x = x" and left_inv: "x\ \ x = 1" begin
theorem right_inv: "x \ x\ = 1" proof - have"x \ x\ = 1 \ (x \ x\)" by (rule left_unit [symmetric]) alsohave"\ = (1 \ x) \ x\" by (rule assoc [symmetric]) alsohave"1 = (x\)\ \ x\" by (rule left_inv [symmetric]) alsohave"\ \ x = (x\)\ \ (x\ \ x)" by (rule assoc) alsohave"x\ \ x = 1" by (rule left_inv) alsohave"((x\)\ \ \) \ x\ = (x\)\ \ (1 \ x\)" by (rule assoc) alsohave"1 \ x\ = x\" by (rule left_unit) alsohave"(x\)\ \ \ = 1" by (rule left_inv) finallyshow"x \ x\ = 1" . qed
theorem right_unit: "x \ 1 = x" proof - have"1 = x\ \ x" by (rule left_inv [symmetric]) alsohave"x \ \ = (x \ x\) \ x" by (rule assoc [symmetric]) alsohave"x \ x\ = 1" by (rule right_inv) alsohave"\ \ x = x" by (rule left_unit) finallyshow"x \ 1 = x" . qed
text\<open>
Reasoning from basic axiomsis often tedious. Our proofs work by producing
various instances of the given rules (potentially the symmetric form) using
the pattern ``\<^theory_text>\<open>have eq by (rule r)\<close>'' and composing the chain of results
via \<^theory_text>\<open>also\<close>/\<^theory_text>\<open>finally\<close>. These steps may involve any of the transitivity
rules declared in\secref{sec:framework-ex-equal}, namely @{thm trans} in
combining the first two results in @{thm right_inv} andin the final steps
of both proofs, @{thm forw_subst} in the first combination of @{thm
right_unit}, and @{thm back_subst} in all other calculational steps.
Occasional substitutions in calculations are adequate, but should not be
over-emphasized. The other extreme istocompose a chain by plain
transitivity only, with replacements occurring always in topmost position. For example: \<close>
text\<open>
Here we have re-used the built-in mechanism forunfolding definitions in
order to normalize each equational problem. A more realistic object-logic
would include proper setupfor the Simplifier (\secref{sec:simplifier}), the
main automated tool for equational reasoning in Isabelle. Then ``\<^theory_text>\<open>unfolding
left_inv ..\<close>'' would become ``\<^theory_text>\<open>by (simp only: left_inv)\<close>'' etc. \<close>
text\<open>
We axiomatize basic connectives of propositional logic: implication,
disjunction, and conjunction. The associated rules are modeled after
Gentzen's system of Natural Deduction \<^cite>\"Gentzen:1935"\. \<close>
axiomatization imp :: "o \ o \ o" (infixr \\\ 25) where impI [intro]: "(A \ B) \ A \ B" and impD [dest]: "(A \ B) \ A \ B"
axiomatization disj :: "o \ o \ o" (infixr \\\ 30) where disjI\<^sub>1 [intro]: "A \<Longrightarrow> A \<or> B" and disjI\<^sub>2 [intro]: "B \<Longrightarrow> A \<or> B" and disjE [elim]: "A \ B \ (A \ C) \ (B \ C) \ C"
axiomatization conj :: "o \ o \ o" (infixr \\\ 35) where conjI [intro]: "A \ B \ A \ B" and conjD\<^sub>1: "A \<and> B \<Longrightarrow> A" and conjD\<^sub>2: "A \<and> B \<Longrightarrow> B"
text\<open>
The conjunctive destructions have the disadvantage that decomposing \<^prop>\<open>A \<and> B\<close> involves an immediate decision which component should be projected.
The more convenient simultaneous elimination \<^prop>\<open>A \<and> B \<Longrightarrow> (A \<Longrightarrow> B \<Longrightarrow> C) \<Longrightarrow>
C\<close> can be derived as follows: \<close>
theorem conjE [elim]: assumes"A \ B" obtains A and B proof from\<open>A \<and> B\<close> show A by (rule conjD\<^sub>1) from\<open>A \<and> B\<close> show B by (rule conjD\<^sub>2) qed
text\<open>
Here is an example of swapping conjuncts with a single intermediate
elimination step: \<close>
(*<*) lemma"\A. PROP A \ PROP A" proof - fix A B (*>*) assume"A \ B" thenobtain B and A .. thenhave"B \ A" .. (*<*) qed (*>*)
text\<open> Note that the analogous elimination rule for disjunction ``\<^theory_text>\<open>assumes "A \<or> B" obtains A \<BBAR> B\<close>'' coincides with the original axiomatization of @{thm
disjE}.
\<^medskip>
We continue propositional logic by introducing absurdity with its
characteristic elimination. Plain truth may then be defined as a proposition
that is trivially true. \<close>
axiomatization false :: o (\<open>\<bottom>\<close>) where falseE [elim]: "\ \ A"
definition true :: o (\<open>\<top>\<close>) where"\ \ \ \ \"
text\<open> \<^medskip>
Now negation represents an implication towards absurdity: \<close>
definition not :: "o \ o" (\\ _\ [40] 40) where"\ A \ A \ \"
theorem notI [intro]: assumes"A \ \" shows"\ A" unfolding not_def proof assume A thenshow\<bottom> by (rule \<open>A \<Longrightarrow> \<bottom>\<close>) qed
theoremnotE [elim]: assumes"\ A" and A shows B proof - from\<open>\<not> A\<close> have "A \<longrightarrow> \<bottom>" unfolding not_def . from\<open>A \<longrightarrow> \<bottom>\<close> and \<open>A\<close> have \<bottom> .. thenshow B .. qed
subsection \<open>Classical logic\<close>
text\<open>
Subsequently we state the principle of classical contradiction as a local
assumption. Thus we refrain from forcing the object-logic into the classical
perspective. Within that context, we may derive well-known consequences of
the classical principle. \<close>
locale classical = assumes classical: "(\ C \ C) \ C" begin
theorem double_negation: assumes"\ \ C" shows C proof (rule classical) assume"\ C" with\<open>\<not> \<not> C\<close> show C .. qed
theorem tertium_non_datur: "C \ \ C" proof (rule double_negation) show"\ \ (C \ \ C)" proof assume"\ (C \ \ C)" have"\ C" proof assume C thenhave"C \ \ C" .. with\<open>\<not> (C \<or> \<not> C)\<close> show \<bottom> .. qed thenhave"C \ \ C" .. with\<open>\<not> (C \<or> \<not> C)\<close> show \<bottom> .. qed qed
text\<open>
These examples illustrate both classical reasoning and non-trivial
propositional proofs in general. All three rules characterize classical
logic independently, but the original rule is already the most convenient to use, because it leaves the conclusion unchanged. Note that \<^prop>\<open>(\<not> C \<Longrightarrow> C) \<Longrightarrow> C\<close> fits again into our format for eliminations, despite the additional
twist that the context refers to the main conclusion. So we may write @{thm
classical} as the Isar statement ``\<^theory_text>\<open>obtains \<not> thesis\<close>''. This also explains
nicely how classical reasoning really works: whatever the main \<open>thesis\<close>
might be, we may always assume its negation! \<close>
text\<open>
Representing quantifiers is easy, thanks to the higher-order nature of the
underlying framework. According to the well-known technique introduced by
Church \<^cite>\<open>"church40"\<close>, quantifiers are operators on predicates, which
are syntactically represented as \<open>\<lambda>\<close>-terms of type \<^typ>\<open>i \<Rightarrow> o\<close>. Binder notation turns \<open>All (\<lambda>x. B x)\<close> into \<open>\<forall>x. B x\<close> etc. \<close>
axiomatization All :: "(i \ o) \ o" (binder \\\ 10) where allI [intro]: "(\x. B x) \ \x. B x" and allD [dest]: "(\x. B x) \ B a"
axiomatization Ex :: "(i \ o) \ o" (binder \\\ 10) where exI [intro]: "B a \ (\x. B x)" and exE [elim]: "(\x. B x) \ (\x. B x \ C) \ C"
text\<open>
The statement of @{thm exE} corresponds to ``\<^theory_text>\<open>assumes "\<exists>x. B x" obtains x where"B x"\<close>'' in Isar. In the subsequent example we illustrate quantifier
reasoning involving all four rules: \<close>
theorem assumes"\x. \y. R x y" shows"\y. \x. R x y" proof\<comment> \<open>\<open>\<forall>\<close> introduction\<close> obtain x where"\y. R x y" using \\x. \y. R x y\ .. \ \\\\ elimination\ fix y have"R x y"using\<open>\<forall>y. R x y\<close> .. \<comment> \<open>\<open>\<forall>\<close> destruction\<close> thenshow"\x. R x y" .. \ \\\\ introduction\ qed
text\<open>
The main rules of first-order predicate logic from \secref{sec:framework-ex-prop} and \secref{sec:framework-ex-quant} can now
be summarized as follows, using the native Isar statement format of \secref{sec:framework-stmt}.
\<^medskip> \begin{tabular}{l} \<^theory_text>\<open>impI: assumes "A \<Longrightarrow> B" shows "A \<longrightarrow> B"\<close> \\ \<^theory_text>\<open>impD: assumes "A \<longrightarrow> B" and A shows B\<close> \\[1ex]
\<^theory_text>\<open>disjI\<^sub>1: assumes A shows "A \<or> B"\<close> \\ \<^theory_text>\<open>disjI\<^sub>2: assumes B shows "A \<or> B"\<close> \\ \<^theory_text>\<open>disjE: assumes "A \<or> B" obtains A \<BBAR> B\<close> \\[1ex]
\<^theory_text>\<open>conjI: assumes A and B shows A \<and> B\<close> \\ \<^theory_text>\<open>conjE: assumes "A \<and> B" obtains A and B\<close> \\[1ex]
\<^theory_text>\<open>notI: assumes "A \<Longrightarrow> \<bottom>" shows "\<not> A"\<close> \\ \<^theory_text>\<open>notE: assumes "\<not> A" and A shows B\<close> \\[1ex]
\<^theory_text>\<open>allI: assumes "\<And>x. B x" shows "\<forall>x. B x"\<close> \\ \<^theory_text>\<open>allE: assumes "\<forall>x. B x" shows "B a"\<close> \\[1ex]
\<^theory_text>\<open>exI: assumes "B a" shows "\<exists>x. B x"\<close> \\ \<^theory_text>\<open>exE: assumes "\<exists>x. B x" obtains a where "B a"\<close> \end{tabular} \<^medskip>
This essentially provides a declarative reading of Pure rules as Isar
reasoning patterns: the rule statements tells how a canonical proof outline
shall look like. Since the above rules have already been declared as
@{attribute (Pure) intro}, @{attribute (Pure) elim}, @{attribute (Pure)
dest} --- each according to its particular shape --- we can immediately
write Isar proof texts as follows: \<close>
text\<open> \<^bigskip>
Of course, these proofs are merely examples. As sketched in \secref{sec:framework-subproof}, there is a fair amount of flexibility in
expressing Pure deductions in Isar. Here the user is asked to express
himself adequately, aiming at proof texts of literary quality. \<close>
end %visible
¤ Dauer der Verarbeitung: 0.14 Sekunden
(vorverarbeitet)
¤
Die Informationen auf dieser Webseite wurden
nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit,
noch Qualität der bereit gestellten Informationen zugesichert.
Bemerkung:
Die farbliche Syntaxdarstellung ist noch experimentell.
