wneuper/isa: doc-src/IsarRef/Thy/Synopsis.thy@a45121ffcfcb (annotated)

wenzelm@44121	1	theory Synopsis
wenzelm@44121	2	imports Base Main
wenzelm@44121	3	begin
wenzelm@44121	4
wenzelm@44121	5	chapter {* Synopsis *}
wenzelm@44121	6
wenzelm@44121	7	section {* Notepad *}
wenzelm@44121	8
wenzelm@44121	9	text {*
wenzelm@44121	10	An Isar proof body serves as mathematical notepad to compose logical
wenzelm@44122	11	content, consisting of types, terms, facts.
wenzelm@44121	12	*}
wenzelm@44121	13
wenzelm@44121	14
wenzelm@44122	15	subsection {* Types and terms *}
wenzelm@44122	16
wenzelm@44122	17	notepad
wenzelm@44122	18	begin
wenzelm@44122	19	txt {* Locally fixed entities: *}
wenzelm@44122	20	fix x -- {* local constant, without any type information yet *}
wenzelm@44122	21	fix x :: 'a -- {* variant with explicit type-constraint for subsequent use*}
wenzelm@44122	22
wenzelm@44122	23	fix a b
wenzelm@44122	24	assume "a = b" -- {* type assignment at first occurrence in concrete term *}
wenzelm@44122	25
wenzelm@44122	26	txt {* Definitions (non-polymorphic): *}
wenzelm@44122	27	def x \<equiv> "t::'a"
wenzelm@44122	28
wenzelm@44122	29	txt {* Abbreviations (polymorphic): *}
wenzelm@44122	30	let ?f = "\<lambda>x. x"
wenzelm@44122	31	term "?f ?f"
wenzelm@44122	32
wenzelm@44122	33	txt {* Notation: *}
wenzelm@44122	34	write x ("***")
wenzelm@44122	35	end
wenzelm@44122	36
wenzelm@44122	37
wenzelm@44121	38	subsection {* Facts *}
wenzelm@44121	39
wenzelm@44121	40	text {*
wenzelm@44121	41	A fact is a simultaneous list of theorems.
wenzelm@44121	42	*}
wenzelm@44121	43
wenzelm@44121	44
wenzelm@44121	45	subsubsection {* Producing facts *}
wenzelm@44121	46
wenzelm@44121	47	notepad
wenzelm@44121	48	begin
wenzelm@44121	49
wenzelm@44121	50	txt {* Via assumption (``lambda''): *}
wenzelm@44121	51	assume a: A
wenzelm@44121	52
wenzelm@44121	53	txt {* Via proof (``let''): *}
wenzelm@44121	54	have b: B sorry
wenzelm@44121	55
wenzelm@44121	56	txt {* Via abbreviation (``let''): *}
wenzelm@44121	57	note c = a b
wenzelm@44121	58
wenzelm@44121	59	end
wenzelm@44121	60
wenzelm@44121	61
wenzelm@44121	62	subsubsection {* Referencing facts *}
wenzelm@44121	63
wenzelm@44121	64	notepad
wenzelm@44121	65	begin
wenzelm@44121	66	txt {* Via explicit name: *}
wenzelm@44121	67	assume a: A
wenzelm@44121	68	note a
wenzelm@44121	69
wenzelm@44121	70	txt {* Via implicit name: *}
wenzelm@44121	71	assume A
wenzelm@44121	72	note this
wenzelm@44121	73
wenzelm@44121	74	txt {* Via literal proposition (unification with results from the proof text): *}
wenzelm@44121	75	assume A
wenzelm@44121	76	note `A`
wenzelm@44121	77
wenzelm@44121	78	assume "\<And>x. B x"
wenzelm@44121	79	note `B a`
wenzelm@44121	80	note `B b`
wenzelm@44121	81	end
wenzelm@44121	82
wenzelm@44121	83
wenzelm@44121	84	subsubsection {* Manipulating facts *}
wenzelm@44121	85
wenzelm@44121	86	notepad
wenzelm@44121	87	begin
wenzelm@44121	88	txt {* Instantiation: *}
wenzelm@44121	89	assume a: "\<And>x. B x"
wenzelm@44121	90	note a
wenzelm@44121	91	note a [of b]
wenzelm@44121	92	note a [where x = b]
wenzelm@44121	93
wenzelm@44121	94	txt {* Backchaining: *}
wenzelm@44121	95	assume 1: A
wenzelm@44121	96	assume 2: "A \<Longrightarrow> C"
wenzelm@44121	97	note 2 [OF 1]
wenzelm@44121	98	note 1 [THEN 2]
wenzelm@44121	99
wenzelm@44121	100	txt {* Symmetric results: *}
wenzelm@44121	101	assume "x = y"
wenzelm@44121	102	note this [symmetric]
wenzelm@44121	103
wenzelm@44121	104	assume "x \<noteq> y"
wenzelm@44121	105	note this [symmetric]
wenzelm@44121	106
wenzelm@44126	107	txt {* Adhoc-simplification (take care!): *}
wenzelm@44121	108	assume "P ([] @ xs)"
wenzelm@44121	109	note this [simplified]
wenzelm@44121	110	end
wenzelm@44121	111
wenzelm@44121	112
wenzelm@44121	113	subsubsection {* Projections *}
wenzelm@44121	114
wenzelm@44121	115	text {*
wenzelm@44121	116	Isar facts consist of multiple theorems. There is notation to project
wenzelm@44121	117	interval ranges.
wenzelm@44121	118	*}
wenzelm@44121	119
wenzelm@44121	120	notepad
wenzelm@44121	121	begin
wenzelm@44121	122	assume stuff: A B C D
wenzelm@44121	123	note stuff(1)
wenzelm@44121	124	note stuff(2-3)
wenzelm@44121	125	note stuff(2-)
wenzelm@44121	126	end
wenzelm@44121	127
wenzelm@44121	128
wenzelm@44121	129	subsubsection {* Naming conventions *}
wenzelm@44121	130
wenzelm@44121	131	text {*
wenzelm@44121	132	\begin{itemize}
wenzelm@44121	133
wenzelm@44121	134	\item Lower-case identifiers are usually preferred.
wenzelm@44121	135
wenzelm@44121	136	\item Facts can be named after the main term within the proposition.
wenzelm@44121	137
wenzelm@44121	138	\item Facts should \emph{not} be named after the command that
wenzelm@44121	139	introduced them (@{command "assume"}, @{command "have"}). This is
wenzelm@44121	140	misleading and hard to maintain.
wenzelm@44121	141
wenzelm@44121	142	\item Natural numbers can be used as ``meaningless'' names (more
wenzelm@44121	143	appropriate than @{text "a1"}, @{text "a2"} etc.)
wenzelm@44121	144
wenzelm@44121	145	\item Symbolic identifiers are supported (e.g. @{text "*"}, @{text
wenzelm@44121	146	""}, @{text "*"}).
wenzelm@44121	147
wenzelm@44121	148	\end{itemize}
wenzelm@44121	149	*}
wenzelm@44121	150
wenzelm@44121	151
wenzelm@44121	152	subsection {* Block structure *}
wenzelm@44121	153
wenzelm@44121	154	text {*
wenzelm@44121	155	The formal notepad is block structured. The fact produced by the last
wenzelm@44121	156	entry of a block is exported into the outer context.
wenzelm@44121	157	*}
wenzelm@44121	158
wenzelm@44121	159	notepad
wenzelm@44121	160	begin
wenzelm@44121	161	{
wenzelm@44121	162	have a: A sorry
wenzelm@44121	163	have b: B sorry
wenzelm@44121	164	note a b
wenzelm@44121	165	}
wenzelm@44121	166	note this
wenzelm@44121	167	note `A`
wenzelm@44121	168	note `B`
wenzelm@44121	169	end
wenzelm@44121	170
wenzelm@44121	171	text {* Explicit blocks as well as implicit blocks of nested goal
wenzelm@44121	172	statements (e.g.\ @{command have}) automatically introduce one extra
wenzelm@44121	173	pair of parentheses in reserve. The @{command next} command allows
wenzelm@44121	174	to ``jump'' between these sub-blocks. *}
wenzelm@44121	175
wenzelm@44121	176	notepad
wenzelm@44121	177	begin
wenzelm@44121	178
wenzelm@44121	179	{
wenzelm@44121	180	have a: A sorry
wenzelm@44121	181	next
wenzelm@44121	182	have b: B
wenzelm@44121	183	proof -
wenzelm@44121	184	show B sorry
wenzelm@44121	185	next
wenzelm@44121	186	have c: C sorry
wenzelm@44121	187	next
wenzelm@44121	188	have d: D sorry
wenzelm@44121	189	qed
wenzelm@44121	190	}
wenzelm@44121	191
wenzelm@44121	192	txt {* Alternative version with explicit parentheses everywhere: *}
wenzelm@44121	193
wenzelm@44121	194	{
wenzelm@44121	195	{
wenzelm@44121	196	have a: A sorry
wenzelm@44121	197	}
wenzelm@44121	198	{
wenzelm@44121	199	have b: B
wenzelm@44121	200	proof -
wenzelm@44121	201	{
wenzelm@44121	202	show B sorry
wenzelm@44121	203	}
wenzelm@44121	204	{
wenzelm@44121	205	have c: C sorry
wenzelm@44121	206	}
wenzelm@44121	207	{
wenzelm@44121	208	have d: D sorry
wenzelm@44121	209	}
wenzelm@44121	210	qed
wenzelm@44121	211	}
wenzelm@44121	212	}
wenzelm@44121	213
wenzelm@44121	214	end
wenzelm@44121	215
wenzelm@44123	216
wenzelm@44125	217	section {* Calculational reasoning \label{sec:calculations-synopsis} *}
wenzelm@44123	218
wenzelm@44123	219	text {*
wenzelm@44123	220	For example, see @{file "~~/src/HOL/Isar_Examples/Group.thy"}.
wenzelm@44123	221	*}
wenzelm@44123	222
wenzelm@44123	223
wenzelm@44123	224	subsection {* Special names in Isar proofs *}
wenzelm@44123	225
wenzelm@44123	226	text {*
wenzelm@44123	227	\begin{itemize}
wenzelm@44123	228
wenzelm@44123	229	\item term @{text "?thesis"} --- the main conclusion of the
wenzelm@44123	230	innermost pending claim
wenzelm@44123	231
wenzelm@44123	232	\item term @{text "\<dots>"} --- the argument of the last explicitly
wenzelm@44123	233	stated result (for infix application this is the right-hand side)
wenzelm@44123	234
wenzelm@44123	235	\item fact @{text "this"} --- the last result produced in the text
wenzelm@44123	236
wenzelm@44123	237	\end{itemize}
wenzelm@44123	238	*}
wenzelm@44123	239
wenzelm@44123	240	notepad
wenzelm@44123	241	begin
wenzelm@44123	242	have "x = y"
wenzelm@44123	243	proof -
wenzelm@44123	244	term ?thesis
wenzelm@44123	245	show ?thesis sorry
wenzelm@44123	246	term ?thesis -- {* static! *}
wenzelm@44123	247	qed
wenzelm@44123	248	term "\<dots>"
wenzelm@44123	249	thm this
wenzelm@44123	250	end
wenzelm@44123	251
wenzelm@44123	252	text {* Calculational reasoning maintains the special fact called
wenzelm@44123	253	``@{text calculation}'' in the background. Certain language
wenzelm@44123	254	elements combine primary @{text this} with secondary @{text
wenzelm@44123	255	calculation}. *}
wenzelm@44123	256
wenzelm@44123	257
wenzelm@44123	258	subsection {* Transitive chains *}
wenzelm@44123	259
wenzelm@44123	260	text {* The Idea is to combine @{text this} and @{text calculation}
wenzelm@44123	261	via typical @{text trans} rules (see also @{command
wenzelm@44123	262	print_trans_rules}): *}
wenzelm@44123	263
wenzelm@44123	264	thm trans
wenzelm@44123	265	thm less_trans
wenzelm@44123	266	thm less_le_trans
wenzelm@44123	267
wenzelm@44123	268	notepad
wenzelm@44123	269	begin
wenzelm@44123	270	txt {* Plain bottom-up calculation: *}
wenzelm@44123	271	have "a = b" sorry
wenzelm@44123	272	also
wenzelm@44123	273	have "b = c" sorry
wenzelm@44123	274	also
wenzelm@44123	275	have "c = d" sorry
wenzelm@44123	276	finally
wenzelm@44123	277	have "a = d" .
wenzelm@44123	278
wenzelm@44123	279	txt {* Variant using the @{text "\<dots>"} abbreviation: *}
wenzelm@44123	280	have "a = b" sorry
wenzelm@44123	281	also
wenzelm@44123	282	have "\<dots> = c" sorry
wenzelm@44123	283	also
wenzelm@44123	284	have "\<dots> = d" sorry
wenzelm@44123	285	finally
wenzelm@44123	286	have "a = d" .
wenzelm@44123	287
wenzelm@44123	288	txt {* Top-down version with explicit claim at the head: *}
wenzelm@44123	289	have "a = d"
wenzelm@44123	290	proof -
wenzelm@44123	291	have "a = b" sorry
wenzelm@44123	292	also
wenzelm@44123	293	have "\<dots> = c" sorry
wenzelm@44123	294	also
wenzelm@44123	295	have "\<dots> = d" sorry
wenzelm@44123	296	finally
wenzelm@44123	297	show ?thesis .
wenzelm@44123	298	qed
wenzelm@44123	299	next
wenzelm@44123	300	txt {* Mixed inequalities (require suitable base type): *}
wenzelm@44123	301	fix a b c d :: nat
wenzelm@44123	302
wenzelm@44123	303	have "a < b" sorry
wenzelm@44123	304	also
wenzelm@44123	305	have "b\<le> c" sorry
wenzelm@44123	306	also
wenzelm@44123	307	have "c = d" sorry
wenzelm@44123	308	finally
wenzelm@44123	309	have "a < d" .
wenzelm@44123	310	end
wenzelm@44123	311
wenzelm@44123	312
wenzelm@44123	313	subsubsection {* Notes *}
wenzelm@44123	314
wenzelm@44123	315	text {*
wenzelm@44123	316	\begin{itemize}
wenzelm@44123	317
wenzelm@44123	318	\item The notion of @{text trans} rule is very general due to the
wenzelm@44123	319	flexibility of Isabelle/Pure rule composition.
wenzelm@44123	320
wenzelm@44123	321	\item User applications may declare there own rules, with some care
wenzelm@44123	322	about the operational details of higher-order unification.
wenzelm@44123	323
wenzelm@44123	324	\end{itemize}
wenzelm@44123	325	*}
wenzelm@44123	326
wenzelm@44123	327
wenzelm@44123	328	subsection {* Degenerate calculations and bigstep reasoning *}
wenzelm@44123	329
wenzelm@44123	330	text {* The Idea is to append @{text this} to @{text calculation},
wenzelm@44123	331	without rule composition. *}
wenzelm@44123	332
wenzelm@44123	333	notepad
wenzelm@44123	334	begin
wenzelm@44124	335	txt {* A vacuous proof: *}
wenzelm@44123	336	have A sorry
wenzelm@44123	337	moreover
wenzelm@44123	338	have B sorry
wenzelm@44123	339	moreover
wenzelm@44123	340	have C sorry
wenzelm@44123	341	ultimately
wenzelm@44123	342	have A and B and C .
wenzelm@44123	343	next
wenzelm@44123	344	txt {* Slightly more content (trivial bigstep reasoning): *}
wenzelm@44123	345	have A sorry
wenzelm@44123	346	moreover
wenzelm@44123	347	have B sorry
wenzelm@44123	348	moreover
wenzelm@44123	349	have C sorry
wenzelm@44123	350	ultimately
wenzelm@44123	351	have "A \<and> B \<and> C" by blast
wenzelm@44123	352	next
wenzelm@44124	353	txt {* More ambitious bigstep reasoning involving structured results: *}
wenzelm@44123	354	have "A \<or> B \<or> C" sorry
wenzelm@44123	355	moreover
wenzelm@44123	356	{ assume A have R sorry }
wenzelm@44123	357	moreover
wenzelm@44123	358	{ assume B have R sorry }
wenzelm@44123	359	moreover
wenzelm@44123	360	{ assume C have R sorry }
wenzelm@44123	361	ultimately
wenzelm@44123	362	have R by blast -- {* ``big-bang integration'' of proof blocks (occasionally fragile) *}
wenzelm@44123	363	end
wenzelm@44123	364
wenzelm@44124	365
wenzelm@44127	366	section {* Induction *}
wenzelm@44125	367
wenzelm@44125	368	subsection {* Induction as Natural Deduction *}
wenzelm@44125	369
wenzelm@44125	370	text {* In principle, induction is just a special case of Natural
wenzelm@44125	371	Deduction (see also \secref{sec:natural-deduction-synopsis}). For
wenzelm@44125	372	example: *}
wenzelm@44125	373
wenzelm@44125	374	thm nat.induct
wenzelm@44125	375	print_statement nat.induct
wenzelm@44125	376
wenzelm@44125	377	notepad
wenzelm@44125	378	begin
wenzelm@44125	379	fix n :: nat
wenzelm@44125	380	have "P n"
wenzelm@44125	381	proof (rule nat.induct) -- {* fragile rule application! *}
wenzelm@44125	382	show "P 0" sorry
wenzelm@44125	383	next
wenzelm@44125	384	fix n :: nat
wenzelm@44125	385	assume "P n"
wenzelm@44125	386	show "P (Suc n)" sorry
wenzelm@44125	387	qed
wenzelm@44125	388	end
wenzelm@44125	389
wenzelm@44125	390	text {*
wenzelm@44125	391	In practice, much more proof infrastructure is required.
wenzelm@44125	392
wenzelm@44125	393	The proof method @{method induct} provides:
wenzelm@44125	394	\begin{itemize}
wenzelm@44125	395
wenzelm@44125	396	\item implicit rule selection and robust instantiation
wenzelm@44125	397
wenzelm@44125	398	\item context elements via symbolic case names
wenzelm@44125	399
wenzelm@44125	400	\item support for rule-structured induction statements, with local
wenzelm@44125	401	parameters, premises, etc.
wenzelm@44125	402
wenzelm@44125	403	\end{itemize}
wenzelm@44125	404	*}
wenzelm@44125	405
wenzelm@44125	406	notepad
wenzelm@44125	407	begin
wenzelm@44125	408	fix n :: nat
wenzelm@44125	409	have "P n"
wenzelm@44125	410	proof (induct n)
wenzelm@44125	411	case 0
wenzelm@44125	412	show ?case sorry
wenzelm@44125	413	next
wenzelm@44125	414	case (Suc n)
wenzelm@44125	415	from Suc.hyps show ?case sorry
wenzelm@44125	416	qed
wenzelm@44125	417	end
wenzelm@44125	418
wenzelm@44125	419
wenzelm@44125	420	subsubsection {* Example *}
wenzelm@44125	421
wenzelm@44125	422	text {*
wenzelm@44125	423	The subsequent example combines the following proof patterns:
wenzelm@44125	424	\begin{itemize}
wenzelm@44125	425
wenzelm@44125	426	\item outermost induction (over the datatype structure of natural
wenzelm@44125	427	numbers), to decompose the proof problem in top-down manner
wenzelm@44125	428
wenzelm@44125	429	\item calculational reasoning (\secref{sec:calculations-synopsis})
wenzelm@44125	430	to compose the result in each case
wenzelm@44125	431
wenzelm@44125	432	\item solving local claims within the calculation by simplification
wenzelm@44125	433
wenzelm@44125	434	\end{itemize}
wenzelm@44125	435	*}
wenzelm@44125	436
wenzelm@44125	437	lemma
wenzelm@44125	438	fixes n :: nat
wenzelm@44125	439	shows "(\<Sum>i=0..n. i) = n * (n + 1) div 2"
wenzelm@44125	440	proof (induct n)
wenzelm@44125	441	case 0
wenzelm@44125	442	have "(\<Sum>i=0..0. i) = (0::nat)" by simp
wenzelm@44125	443	also have "\<dots> = 0 * (0 + 1) div 2" by simp
wenzelm@44125	444	finally show ?case .
wenzelm@44125	445	next
wenzelm@44125	446	case (Suc n)
wenzelm@44125	447	have "(\<Sum>i=0..Suc n. i) = (\<Sum>i=0..n. i) + (n + 1)" by simp
wenzelm@44125	448	also have "\<dots> = n * (n + 1) div 2 + (n + 1)" by (simp add: Suc.hyps)
wenzelm@44125	449	also have "\<dots> = (n * (n + 1) + 2 * (n + 1)) div 2" by simp
wenzelm@44125	450	also have "\<dots> = (Suc n * (Suc n + 1)) div 2" by simp
wenzelm@44125	451	finally show ?case .
wenzelm@44125	452	qed
wenzelm@44125	453
wenzelm@44125	454	text {* This demonstrates how induction proofs can be done without
wenzelm@44125	455	having to consider the raw Natural Deduction structure. *}
wenzelm@44125	456
wenzelm@44125	457
wenzelm@44125	458	subsection {* Induction with local parameters and premises *}
wenzelm@44125	459
wenzelm@44125	460	text {* Idea: Pure rule statements are passed through the induction
wenzelm@44125	461	rule. This achieves convenient proof patterns, thanks to some
wenzelm@44125	462	internal trickery in the @{method induct} method.
wenzelm@44125	463
wenzelm@44125	464	Important: Using compact HOL formulae with @{text "\<forall>/\<longrightarrow>"} is a
wenzelm@44125	465	well-known anti-pattern! It would produce useless formal noise.
wenzelm@44125	466	*}
wenzelm@44125	467
wenzelm@44125	468	notepad
wenzelm@44125	469	begin
wenzelm@44125	470	fix n :: nat
wenzelm@44125	471	fix P :: "nat \<Rightarrow> bool"
wenzelm@44125	472	fix Q :: "'a \<Rightarrow> nat \<Rightarrow> bool"
wenzelm@44125	473
wenzelm@44125	474	have "P n"
wenzelm@44125	475	proof (induct n)
wenzelm@44125	476	case 0
wenzelm@44125	477	show "P 0" sorry
wenzelm@44125	478	next
wenzelm@44125	479	case (Suc n)
wenzelm@44125	480	from `P n` show "P (Suc n)" sorry
wenzelm@44125	481	qed
wenzelm@44125	482
wenzelm@44125	483	have "A n \<Longrightarrow> P n"
wenzelm@44125	484	proof (induct n)
wenzelm@44125	485	case 0
wenzelm@44125	486	from `A 0` show "P 0" sorry
wenzelm@44125	487	next
wenzelm@44125	488	case (Suc n)
wenzelm@44125	489	from `A n \<Longrightarrow> P n`
wenzelm@44125	490	and `A (Suc n)` show "P (Suc n)" sorry
wenzelm@44125	491	qed
wenzelm@44125	492
wenzelm@44125	493	have "\<And>x. Q x n"
wenzelm@44125	494	proof (induct n)
wenzelm@44125	495	case 0
wenzelm@44125	496	show "Q x 0" sorry
wenzelm@44125	497	next
wenzelm@44125	498	case (Suc n)
wenzelm@44125	499	from `\<And>x. Q x n` show "Q x (Suc n)" sorry
wenzelm@44125	500	txt {* Local quantification admits arbitrary instances: *}
wenzelm@44125	501	note `Q a n` and `Q b n`
wenzelm@44125	502	qed
wenzelm@44125	503	end
wenzelm@44125	504
wenzelm@44125	505
wenzelm@44125	506	subsection {* Implicit induction context *}
wenzelm@44125	507
wenzelm@44125	508	text {* The @{method induct} method can isolate local parameters and
wenzelm@44125	509	premises directly from the given statement. This is convenient in
wenzelm@44125	510	practical applications, but requires some understanding of what is
wenzelm@44125	511	going on internally (as explained above). *}
wenzelm@44125	512
wenzelm@44125	513	notepad
wenzelm@44125	514	begin
wenzelm@44125	515	fix n :: nat
wenzelm@44125	516	fix Q :: "'a \<Rightarrow> nat \<Rightarrow> bool"
wenzelm@44125	517
wenzelm@44125	518	fix x :: 'a
wenzelm@44125	519	assume "A x n"
wenzelm@44125	520	then have "Q x n"
wenzelm@44125	521	proof (induct n arbitrary: x)
wenzelm@44125	522	case 0
wenzelm@44125	523	from `A x 0` show "Q x 0" sorry
wenzelm@44125	524	next
wenzelm@44125	525	case (Suc n)
wenzelm@44125	526	from `\<And>x. A x n \<Longrightarrow> Q x n` -- {* arbitrary instances can be produced here *}
wenzelm@44125	527	and `A x (Suc n)` show "Q x (Suc n)" sorry
wenzelm@44125	528	qed
wenzelm@44125	529	end
wenzelm@44125	530
wenzelm@44125	531
wenzelm@44125	532	subsection {* Advanced induction with term definitions *}
wenzelm@44125	533
wenzelm@44125	534	text {* Induction over subexpressions of a certain shape are delicate
wenzelm@44125	535	to formalize. The Isar @{method induct} method provides
wenzelm@44125	536	infrastructure for this.
wenzelm@44125	537
wenzelm@44125	538	Idea: sub-expressions of the problem are turned into a defined
wenzelm@44125	539	induction variable; often accompanied with fixing of auxiliary
wenzelm@44125	540	parameters in the original expression. *}
wenzelm@44125	541
wenzelm@44125	542	notepad
wenzelm@44125	543	begin
wenzelm@44125	544	fix a :: "'a \<Rightarrow> nat"
wenzelm@44125	545	fix A :: "nat \<Rightarrow> bool"
wenzelm@44125	546
wenzelm@44125	547	assume "A (a x)"
wenzelm@44125	548	then have "P (a x)"
wenzelm@44125	549	proof (induct "a x" arbitrary: x)
wenzelm@44125	550	case 0
wenzelm@44125	551	note prem = `A (a x)`
wenzelm@44125	552	and defn = `0 = a x`
wenzelm@44125	553	show "P (a x)" sorry
wenzelm@44125	554	next
wenzelm@44125	555	case (Suc n)
wenzelm@44125	556	note hyp = `\<And>x. n = a x \<Longrightarrow> A (a x) \<Longrightarrow> P (a x)`
wenzelm@44125	557	and prem = `A (a x)`
wenzelm@44125	558	and defn = `Suc n = a x`
wenzelm@44125	559	show "P (a x)" sorry
wenzelm@44125	560	qed
wenzelm@44125	561	end
wenzelm@44125	562
wenzelm@44125	563
wenzelm@44127	564	section {* Natural Deduction \label{sec:natural-deduction-synopsis} *}
wenzelm@44124	565
wenzelm@44124	566	subsection {* Rule statements *}
wenzelm@44124	567
wenzelm@44124	568	text {*
wenzelm@44124	569	Isabelle/Pure ``theorems'' are always natural deduction rules,
wenzelm@44124	570	which sometimes happen to consist of a conclusion only.
wenzelm@44124	571
wenzelm@44124	572	The framework connectives @{text "\<And>"} and @{text "\<Longrightarrow>"} indicate the
wenzelm@44124	573	rule structure declaratively. For example: *}
wenzelm@44124	574
wenzelm@44124	575	thm conjI
wenzelm@44124	576	thm impI
wenzelm@44124	577	thm nat.induct
wenzelm@44124	578
wenzelm@44124	579	text {*
wenzelm@44124	580	The object-logic is embedded into the Pure framework via an implicit
wenzelm@44124	581	derivability judgment @{term "Trueprop :: bool \<Rightarrow> prop"}.
wenzelm@44124	582
wenzelm@44124	583	Thus any HOL formulae appears atomic to the Pure framework, while
wenzelm@44124	584	the rule structure outlines the corresponding proof pattern.
wenzelm@44124	585
wenzelm@44124	586	This can be made explicit as follows:
wenzelm@44124	587	*}
wenzelm@44124	588
wenzelm@44124	589	notepad
wenzelm@44124	590	begin
wenzelm@44124	591	write Trueprop ("Tr")
wenzelm@44124	592
wenzelm@44124	593	thm conjI
wenzelm@44124	594	thm impI
wenzelm@44124	595	thm nat.induct
wenzelm@44124	596	end
wenzelm@44124	597
wenzelm@44124	598	text {*
wenzelm@44124	599	Isar provides first-class notation for rule statements as follows.
wenzelm@44124	600	*}
wenzelm@44124	601
wenzelm@44124	602	print_statement conjI
wenzelm@44124	603	print_statement impI
wenzelm@44124	604	print_statement nat.induct
wenzelm@44124	605
wenzelm@44124	606
wenzelm@44124	607	subsubsection {* Examples *}
wenzelm@44124	608
wenzelm@44124	609	text {*
wenzelm@44124	610	Introductions and eliminations of some standard connectives of
wenzelm@44124	611	the object-logic can be written as rule statements as follows. (The
wenzelm@44124	612	proof ``@{command "by"}~@{method blast}'' serves as sanity check.)
wenzelm@44124	613	*}
wenzelm@44124	614
wenzelm@44124	615	lemma "(P \<Longrightarrow> False) \<Longrightarrow> \<not> P" by blast
wenzelm@44124	616	lemma "\<not> P \<Longrightarrow> P \<Longrightarrow> Q" by blast
wenzelm@44124	617
wenzelm@44124	618	lemma "P \<Longrightarrow> Q \<Longrightarrow> P \<and> Q" by blast
wenzelm@44124	619	lemma "P \<and> Q \<Longrightarrow> (P \<Longrightarrow> Q \<Longrightarrow> R) \<Longrightarrow> R" by blast
wenzelm@44124	620
wenzelm@44124	621	lemma "P \<Longrightarrow> P \<or> Q" by blast
wenzelm@44124	622	lemma "Q \<Longrightarrow> P \<or> Q" by blast
wenzelm@44124	623	lemma "P \<or> Q \<Longrightarrow> (P \<Longrightarrow> R) \<Longrightarrow> (Q \<Longrightarrow> R) \<Longrightarrow> R" by blast
wenzelm@44124	624
wenzelm@44124	625	lemma "(\<And>x. P x) \<Longrightarrow> (\<forall>x. P x)" by blast
wenzelm@44124	626	lemma "(\<forall>x. P x) \<Longrightarrow> P x" by blast
wenzelm@44124	627
wenzelm@44124	628	lemma "P x \<Longrightarrow> (\<exists>x. P x)" by blast
wenzelm@44124	629	lemma "(\<exists>x. P x) \<Longrightarrow> (\<And>x. P x \<Longrightarrow> R) \<Longrightarrow> R" by blast
wenzelm@44124	630
wenzelm@44124	631	lemma "x \<in> A \<Longrightarrow> x \<in> B \<Longrightarrow> x \<in> A \<inter> B" by blast
wenzelm@44124	632	lemma "x \<in> A \<inter> B \<Longrightarrow> (x \<in> A \<Longrightarrow> x \<in> B \<Longrightarrow> R) \<Longrightarrow> R" by blast
wenzelm@44124	633
wenzelm@44124	634	lemma "x \<in> A \<Longrightarrow> x \<in> A \<union> B" by blast
wenzelm@44124	635	lemma "x \<in> B \<Longrightarrow> x \<in> A \<union> B" by blast
wenzelm@44124	636	lemma "x \<in> A \<union> B \<Longrightarrow> (x \<in> A \<Longrightarrow> R) \<Longrightarrow> (x \<in> B \<Longrightarrow> R) \<Longrightarrow> R" by blast
wenzelm@44124	637
wenzelm@44124	638
wenzelm@44124	639	subsection {* Isar context elements *}
wenzelm@44124	640
wenzelm@44124	641	text {* We derive some results out of the blue, using Isar context
wenzelm@44124	642	elements and some explicit blocks. This illustrates their meaning
wenzelm@44124	643	wrt.\ Pure connectives, without goal states getting in the way. *}
wenzelm@44124	644
wenzelm@44124	645	notepad
wenzelm@44124	646	begin
wenzelm@44124	647	{
wenzelm@44124	648	fix x
wenzelm@44124	649	have "B x" sorry
wenzelm@44124	650	}
wenzelm@44124	651	have "\<And>x. B x" by fact
wenzelm@44124	652
wenzelm@44124	653	next
wenzelm@44124	654
wenzelm@44124	655	{
wenzelm@44124	656	assume A
wenzelm@44124	657	have B sorry
wenzelm@44124	658	}
wenzelm@44124	659	have "A \<Longrightarrow> B" by fact
wenzelm@44124	660
wenzelm@44124	661	next
wenzelm@44124	662
wenzelm@44124	663	{
wenzelm@44124	664	def x \<equiv> t
wenzelm@44124	665	have "B x" sorry
wenzelm@44124	666	}
wenzelm@44124	667	have "B t" by fact
wenzelm@44124	668
wenzelm@44124	669	next
wenzelm@44124	670
wenzelm@44124	671	{
wenzelm@44124	672	obtain x :: 'a where "B x" sorry
wenzelm@44124	673	have C sorry
wenzelm@44124	674	}
wenzelm@44124	675	have C by fact
wenzelm@44124	676
wenzelm@44124	677	end
wenzelm@44124	678
wenzelm@44124	679
wenzelm@44124	680	subsection {* Pure rule composition *}
wenzelm@44124	681
wenzelm@44124	682	text {*
wenzelm@44124	683	The Pure framework provides means for:
wenzelm@44124	684
wenzelm@44124	685	\begin{itemize}
wenzelm@44124	686
wenzelm@44124	687	\item backward-chaining of rules by @{inference resolution}
wenzelm@44124	688
wenzelm@44124	689	\item closing of branches by @{inference assumption}
wenzelm@44124	690
wenzelm@44124	691	\end{itemize}
wenzelm@44124	692
wenzelm@44124	693	Both principles involve higher-order unification of @{text \<lambda>}-terms
wenzelm@44124	694	modulo @{text "\<alpha>\<beta>\<eta>"}-equivalence (cf.\ Huet and Miller). *}
wenzelm@44124	695
wenzelm@44124	696	notepad
wenzelm@44124	697	begin
wenzelm@44124	698	assume a: A and b: B
wenzelm@44124	699	thm conjI
wenzelm@44124	700	thm conjI [of A B] -- "instantiation"
wenzelm@44124	701	thm conjI [of A B, OF a b] -- "instantiation and composition"
wenzelm@44124	702	thm conjI [OF a b] -- "composition via unification (trivial)"
wenzelm@44124	703	thm conjI [OF `A` `B`]
wenzelm@44124	704
wenzelm@44124	705	thm conjI [OF disjI1]
wenzelm@44124	706	end
wenzelm@44124	707
wenzelm@44124	708	text {* Note: Low-level rule composition is tedious and leads to
wenzelm@44124	709	unreadable~/ unmaintainable expressions in the text. *}
wenzelm@44124	710
wenzelm@44124	711
wenzelm@44124	712	subsection {* Structured backward reasoning *}
wenzelm@44124	713
wenzelm@44124	714	text {* Idea: Canonical proof decomposition via @{command fix}~/
wenzelm@44124	715	@{command assume}~/ @{command show}, where the body produces a
wenzelm@44124	716	natural deduction rule to refine some goal. *}
wenzelm@44124	717
wenzelm@44124	718	notepad
wenzelm@44124	719	begin
wenzelm@44124	720	fix A B :: "'a \<Rightarrow> bool"
wenzelm@44124	721
wenzelm@44124	722	have "\<And>x. A x \<Longrightarrow> B x"
wenzelm@44124	723	proof -
wenzelm@44124	724	fix x
wenzelm@44124	725	assume "A x"
wenzelm@44124	726	show "B x" sorry
wenzelm@44124	727	qed
wenzelm@44124	728
wenzelm@44124	729	have "\<And>x. A x \<Longrightarrow> B x"
wenzelm@44124	730	proof -
wenzelm@44124	731	{
wenzelm@44124	732	fix x
wenzelm@44124	733	assume "A x"
wenzelm@44124	734	show "B x" sorry
wenzelm@44124	735	} -- "implicit block structure made explicit"
wenzelm@44124	736	note `\<And>x. A x \<Longrightarrow> B x`
wenzelm@44124	737	-- "side exit for the resulting rule"
wenzelm@44124	738	qed
wenzelm@44124	739	end
wenzelm@44124	740
wenzelm@44124	741
wenzelm@44124	742	subsection {* Structured rule application *}
wenzelm@44124	743
wenzelm@44124	744	text {*
wenzelm@44124	745	Idea: Previous facts and new claims are composed with a rule from
wenzelm@44124	746	the context (or background library).
wenzelm@44124	747	*}
wenzelm@44124	748
wenzelm@44124	749	notepad
wenzelm@44124	750	begin
wenzelm@44124	751	assume r1: "A \<Longrightarrow> B \<Longrightarrow> C" -- {* simple rule (Horn clause) *}
wenzelm@44124	752
wenzelm@44124	753	have A sorry -- "prefix of facts via outer sub-proof"
wenzelm@44124	754	then have C
wenzelm@44124	755	proof (rule r1)
wenzelm@44124	756	show B sorry -- "remaining rule premises via inner sub-proof"
wenzelm@44124	757	qed
wenzelm@44124	758
wenzelm@44124	759	have C
wenzelm@44124	760	proof (rule r1)
wenzelm@44124	761	show A sorry
wenzelm@44124	762	show B sorry
wenzelm@44124	763	qed
wenzelm@44124	764
wenzelm@44124	765	have A and B sorry
wenzelm@44124	766	then have C
wenzelm@44124	767	proof (rule r1)
wenzelm@44124	768	qed
wenzelm@44124	769
wenzelm@44124	770	have A and B sorry
wenzelm@44124	771	then have C by (rule r1)
wenzelm@44124	772
wenzelm@44124	773	next
wenzelm@44124	774
wenzelm@44124	775	assume r2: "A \<Longrightarrow> (\<And>x. B1 x \<Longrightarrow> B2 x) \<Longrightarrow> C" -- {* nested rule *}
wenzelm@44124	776
wenzelm@44124	777	have A sorry
wenzelm@44124	778	then have C
wenzelm@44124	779	proof (rule r2)
wenzelm@44124	780	fix x
wenzelm@44124	781	assume "B1 x"
wenzelm@44124	782	show "B2 x" sorry
wenzelm@44124	783	qed
wenzelm@44124	784
wenzelm@44124	785	txt {* The compound rule premise @{prop "\<And>x. B1 x \<Longrightarrow> B2 x"} is better
wenzelm@44124	786	addressed via @{command fix}~/ @{command assume}~/ @{command show}
wenzelm@44124	787	in the nested proof body. *}
wenzelm@44124	788	end
wenzelm@44124	789
wenzelm@44124	790
wenzelm@44124	791	subsection {* Example: predicate logic *}
wenzelm@44124	792
wenzelm@44124	793	text {*
wenzelm@44124	794	Using the above principles, standard introduction and elimination proofs
wenzelm@44124	795	of predicate logic connectives of HOL work as follows.
wenzelm@44124	796	*}
wenzelm@44124	797
wenzelm@44124	798	notepad
wenzelm@44124	799	begin
wenzelm@44124	800	have "A \<longrightarrow> B" and A sorry
wenzelm@44124	801	then have B ..
wenzelm@44124	802
wenzelm@44124	803	have A sorry
wenzelm@44124	804	then have "A \<or> B" ..
wenzelm@44124	805
wenzelm@44124	806	have B sorry
wenzelm@44124	807	then have "A \<or> B" ..
wenzelm@44124	808
wenzelm@44124	809	have "A \<or> B" sorry
wenzelm@44124	810	then have C
wenzelm@44124	811	proof
wenzelm@44124	812	assume A
wenzelm@44124	813	then show C sorry
wenzelm@44124	814	next
wenzelm@44124	815	assume B
wenzelm@44124	816	then show C sorry
wenzelm@44124	817	qed
wenzelm@44124	818
wenzelm@44124	819	have A and B sorry
wenzelm@44124	820	then have "A \<and> B" ..
wenzelm@44124	821
wenzelm@44124	822	have "A \<and> B" sorry
wenzelm@44124	823	then have A ..
wenzelm@44124	824
wenzelm@44124	825	have "A \<and> B" sorry
wenzelm@44124	826	then have B ..
wenzelm@44124	827
wenzelm@44124	828	have False sorry
wenzelm@44124	829	then have A ..
wenzelm@44124	830
wenzelm@44124	831	have True ..
wenzelm@44124	832
wenzelm@44124	833	have "\<not> A"
wenzelm@44124	834	proof
wenzelm@44124	835	assume A
wenzelm@44124	836	then show False sorry
wenzelm@44124	837	qed
wenzelm@44124	838
wenzelm@44124	839	have "\<not> A" and A sorry
wenzelm@44124	840	then have B ..
wenzelm@44124	841
wenzelm@44124	842	have "\<forall>x. P x"
wenzelm@44124	843	proof
wenzelm@44124	844	fix x
wenzelm@44124	845	show "P x" sorry
wenzelm@44124	846	qed
wenzelm@44124	847
wenzelm@44124	848	have "\<forall>x. P x" sorry
wenzelm@44124	849	then have "P a" ..
wenzelm@44124	850
wenzelm@44124	851	have "\<exists>x. P x"
wenzelm@44124	852	proof
wenzelm@44124	853	show "P a" sorry
wenzelm@44124	854	qed
wenzelm@44124	855
wenzelm@44124	856	have "\<exists>x. P x" sorry
wenzelm@44124	857	then have C
wenzelm@44124	858	proof
wenzelm@44124	859	fix a
wenzelm@44124	860	assume "P a"
wenzelm@44124	861	show C sorry
wenzelm@44124	862	qed
wenzelm@44124	863
wenzelm@44124	864	txt {* Less awkward version using @{command obtain}: *}
wenzelm@44124	865	have "\<exists>x. P x" sorry
wenzelm@44124	866	then obtain a where "P a" ..
wenzelm@44124	867	end
wenzelm@44124	868
wenzelm@44124	869	text {* Further variations to illustrate Isar sub-proofs involving
wenzelm@44124	870	@{command show}: *}
wenzelm@44124	871
wenzelm@44124	872	notepad
wenzelm@44124	873	begin
wenzelm@44124	874	have "A \<and> B"
wenzelm@44124	875	proof -- {* two strictly isolated subproofs *}
wenzelm@44124	876	show A sorry
wenzelm@44124	877	next
wenzelm@44124	878	show B sorry
wenzelm@44124	879	qed
wenzelm@44124	880
wenzelm@44124	881	have "A \<and> B"
wenzelm@44124	882	proof -- {* one simultaneous sub-proof *}
wenzelm@44124	883	show A and B sorry
wenzelm@44124	884	qed
wenzelm@44124	885
wenzelm@44124	886	have "A \<and> B"
wenzelm@44124	887	proof -- {* two subproofs in the same context *}
wenzelm@44124	888	show A sorry
wenzelm@44124	889	show B sorry
wenzelm@44124	890	qed
wenzelm@44124	891
wenzelm@44124	892	have "A \<and> B"
wenzelm@44124	893	proof -- {* swapped order *}
wenzelm@44124	894	show B sorry
wenzelm@44124	895	show A sorry
wenzelm@44124	896	qed
wenzelm@44124	897
wenzelm@44124	898	have "A \<and> B"
wenzelm@44124	899	proof -- {* sequential subproofs *}
wenzelm@44124	900	show A sorry
wenzelm@44124	901	show B using `A` sorry
wenzelm@44124	902	qed
wenzelm@44124	903	end
wenzelm@44124	904
wenzelm@44124	905
wenzelm@44124	906	subsubsection {* Example: set-theoretic operators *}
wenzelm@44124	907
wenzelm@44124	908	text {* There is nothing special about logical connectives (@{text
wenzelm@44124	909	"\<and>"}, @{text "\<or>"}, @{text "\<forall>"}, @{text "\<exists>"} etc.). Operators from
wenzelm@45988	910	set-theory or lattice-theory work analogously. It is only a matter
wenzelm@44124	911	of rule declarations in the library; rules can be also specified
wenzelm@44124	912	explicitly.
wenzelm@44124	913	*}
wenzelm@44124	914
wenzelm@44124	915	notepad
wenzelm@44124	916	begin
wenzelm@44124	917	have "x \<in> A" and "x \<in> B" sorry
wenzelm@44124	918	then have "x \<in> A \<inter> B" ..
wenzelm@44124	919
wenzelm@44124	920	have "x \<in> A" sorry
wenzelm@44124	921	then have "x \<in> A \<union> B" ..
wenzelm@44124	922
wenzelm@44124	923	have "x \<in> B" sorry
wenzelm@44124	924	then have "x \<in> A \<union> B" ..
wenzelm@44124	925
wenzelm@44124	926	have "x \<in> A \<union> B" sorry
wenzelm@44124	927	then have C
wenzelm@44124	928	proof
wenzelm@44124	929	assume "x \<in> A"
wenzelm@44124	930	then show C sorry
wenzelm@44124	931	next
wenzelm@44124	932	assume "x \<in> B"
wenzelm@44124	933	then show C sorry
wenzelm@44124	934	qed
wenzelm@44124	935
wenzelm@44124	936	next
wenzelm@44124	937	have "x \<in> \<Inter>A"
wenzelm@44124	938	proof
wenzelm@44124	939	fix a
wenzelm@44124	940	assume "a \<in> A"
wenzelm@44124	941	show "x \<in> a" sorry
wenzelm@44124	942	qed
wenzelm@44124	943
wenzelm@44124	944	have "x \<in> \<Inter>A" sorry
wenzelm@44124	945	then have "x \<in> a"
wenzelm@44124	946	proof
wenzelm@44124	947	show "a \<in> A" sorry
wenzelm@44124	948	qed
wenzelm@44124	949
wenzelm@44124	950	have "a \<in> A" and "x \<in> a" sorry
wenzelm@44124	951	then have "x \<in> \<Union>A" ..
wenzelm@44124	952
wenzelm@44124	953	have "x \<in> \<Union>A" sorry
wenzelm@44124	954	then obtain a where "a \<in> A" and "x \<in> a" ..
wenzelm@44124	955	end
wenzelm@44124	956
wenzelm@44126	957
wenzelm@44126	958	section {* Generalized elimination and cases *}
wenzelm@44126	959
wenzelm@44126	960	subsection {* General elimination rules *}
wenzelm@44126	961
wenzelm@44126	962	text {*
wenzelm@44126	963	The general format of elimination rules is illustrated by the
wenzelm@44126	964	following typical representatives:
wenzelm@44126	965	*}
wenzelm@44126	966
wenzelm@44126	967	thm exE -- {* local parameter *}
wenzelm@44126	968	thm conjE -- {* local premises *}
wenzelm@44126	969	thm disjE -- {* split into cases *}
wenzelm@44126	970
wenzelm@44126	971	text {*
wenzelm@44126	972	Combining these characteristics leads to the following general scheme
wenzelm@44126	973	for elimination rules with cases:
wenzelm@44126	974
wenzelm@44126	975	\begin{itemize}
wenzelm@44126	976
wenzelm@44126	977	\item prefix of assumptions (or ``major premises'')
wenzelm@44126	978
wenzelm@44126	979	\item one or more cases that enable to establish the main conclusion
wenzelm@44126	980	in an augmented context
wenzelm@44126	981
wenzelm@44126	982	\end{itemize}
wenzelm@44126	983	*}
wenzelm@44126	984
wenzelm@44126	985	notepad
wenzelm@44126	986	begin
wenzelm@44126	987	assume r:
wenzelm@44126	988	"A1 \<Longrightarrow> A2 \<Longrightarrow> (* assumptions *)
wenzelm@44126	989	(\<And>x y. B1 x y \<Longrightarrow> C1 x y \<Longrightarrow> R) \<Longrightarrow> (* case 1 *)
wenzelm@44126	990	(\<And>x y. B2 x y \<Longrightarrow> C2 x y \<Longrightarrow> R) \<Longrightarrow> (* case 2 *)
wenzelm@44126	991	R (* main conclusion *)"
wenzelm@44126	992
wenzelm@44126	993	have A1 and A2 sorry
wenzelm@44126	994	then have R
wenzelm@44126	995	proof (rule r)
wenzelm@44126	996	fix x y
wenzelm@44126	997	assume "B1 x y" and "C1 x y"
wenzelm@44126	998	show ?thesis sorry
wenzelm@44126	999	next
wenzelm@44126	1000	fix x y
wenzelm@44126	1001	assume "B2 x y" and "C2 x y"
wenzelm@44126	1002	show ?thesis sorry
wenzelm@44126	1003	qed
wenzelm@44126	1004	end
wenzelm@44126	1005
wenzelm@44126	1006	text {* Here @{text "?thesis"} is used to refer to the unchanged goal
wenzelm@44126	1007	statement. *}
wenzelm@44126	1008
wenzelm@44126	1009
wenzelm@44126	1010	subsection {* Rules with cases *}
wenzelm@44126	1011
wenzelm@44126	1012	text {*
wenzelm@44126	1013	Applying an elimination rule to some goal, leaves that unchanged
wenzelm@44126	1014	but allows to augment the context in the sub-proof of each case.
wenzelm@44126	1015
wenzelm@44126	1016	Isar provides some infrastructure to support this:
wenzelm@44126	1017
wenzelm@44126	1018	\begin{itemize}
wenzelm@44126	1019
wenzelm@44126	1020	\item native language elements to state eliminations
wenzelm@44126	1021
wenzelm@44126	1022	\item symbolic case names
wenzelm@44126	1023
wenzelm@44126	1024	\item method @{method cases} to recover this structure in a
wenzelm@44126	1025	sub-proof
wenzelm@44126	1026
wenzelm@44126	1027	\end{itemize}
wenzelm@44126	1028	*}
wenzelm@44126	1029
wenzelm@44126	1030	print_statement exE
wenzelm@44126	1031	print_statement conjE
wenzelm@44126	1032	print_statement disjE
wenzelm@44126	1033
wenzelm@44126	1034	lemma
wenzelm@44126	1035	assumes A1 and A2 -- {* assumptions *}
wenzelm@44126	1036	obtains
wenzelm@44126	1037	(case1) x y where "B1 x y" and "C1 x y"
wenzelm@44126	1038	\| (case2) x y where "B2 x y" and "C2 x y"
wenzelm@44126	1039	sorry
wenzelm@44126	1040
wenzelm@44126	1041
wenzelm@44126	1042	subsubsection {* Example *}
wenzelm@44126	1043
wenzelm@44126	1044	lemma tertium_non_datur:
wenzelm@44126	1045	obtains
wenzelm@44126	1046	(T) A
wenzelm@44126	1047	\| (F) "\<not> A"
wenzelm@44126	1048	by blast
wenzelm@44126	1049
wenzelm@44126	1050	notepad
wenzelm@44126	1051	begin
wenzelm@44126	1052	fix x y :: 'a
wenzelm@44126	1053	have C
wenzelm@44126	1054	proof (cases "x = y" rule: tertium_non_datur)
wenzelm@44126	1055	case T
wenzelm@44126	1056	from `x = y` show ?thesis sorry
wenzelm@44126	1057	next
wenzelm@44126	1058	case F
wenzelm@44126	1059	from `x \<noteq> y` show ?thesis sorry
wenzelm@44126	1060	qed
wenzelm@44126	1061	end
wenzelm@44126	1062
wenzelm@44126	1063
wenzelm@44126	1064	subsubsection {* Example *}
wenzelm@44126	1065
wenzelm@44126	1066	text {*
wenzelm@44126	1067	Isabelle/HOL specification mechanisms (datatype, inductive, etc.)
wenzelm@44126	1068	provide suitable derived cases rules.
wenzelm@44126	1069	*}
wenzelm@44126	1070
wenzelm@44126	1071	datatype foo = Foo \| Bar foo
wenzelm@44126	1072
wenzelm@44126	1073	notepad
wenzelm@44126	1074	begin
wenzelm@44126	1075	fix x :: foo
wenzelm@44126	1076	have C
wenzelm@44126	1077	proof (cases x)
wenzelm@44126	1078	case Foo
wenzelm@44126	1079	from `x = Foo` show ?thesis sorry
wenzelm@44126	1080	next
wenzelm@44126	1081	case (Bar a)
wenzelm@44126	1082	from `x = Bar a` show ?thesis sorry
wenzelm@44126	1083	qed
wenzelm@44126	1084	end
wenzelm@44126	1085
wenzelm@44126	1086
wenzelm@44126	1087	subsection {* Obtaining local contexts *}
wenzelm@44126	1088
wenzelm@44126	1089	text {* A single ``case'' branch may be inlined into Isar proof text
wenzelm@44126	1090	via @{command obtain}. This proves @{prop "(\<And>x. B x \<Longrightarrow> thesis) \<Longrightarrow>
wenzelm@44126	1091	thesis"} on the spot, and augments the context afterwards. *}
wenzelm@44126	1092
wenzelm@44126	1093	notepad
wenzelm@44126	1094	begin
wenzelm@44126	1095	fix B :: "'a \<Rightarrow> bool"
wenzelm@44126	1096
wenzelm@44126	1097	obtain x where "B x" sorry
wenzelm@44126	1098	note `B x`
wenzelm@44126	1099
wenzelm@44126	1100	txt {* Conclusions from this context may not mention @{term x} again! *}
wenzelm@44126	1101	{
wenzelm@44126	1102	obtain x where "B x" sorry
wenzelm@44126	1103	from `B x` have C sorry
wenzelm@44126	1104	}
wenzelm@44126	1105	note `C`
wenzelm@44126	1106	end
wenzelm@44126	1107
wenzelm@45988	1108	end

author	wenzelm
	Mon, 03 Oct 2011 11:14:19 +0200
changeset 45988	a45121ffcfcb
parent 44127	3ba51a3acff0
child 46685	a644ba1d7cf9
permissions	-rw-r--r--