theory Structured_Proofs
imports Main "~~/src/HOL/Library/Monad_Syntax" (*for examples at bottom of file*)
begin
section\Conjunction and disjunction\
lemma
assumes "A \ B"
shows "B \ (B \ B)"
using assms proof (*"proof" starts a structured proof --- note how it applies a default (or standard) rule*)
assume 1: "B" (*give our assumption a name*)
from this have "B \ B" (*this = the previous fact to be established*)
by auto
from this and 1 show "B \ (B \ B)" (*show = refines a subgoal*)
by auto
qed (*"qed" closes a structured proof: will complain if proof is not finished*)
lemma
shows "True \ True"
proof -
have "True"
by auto
then show "True \ True" (*"then show" could have been "from this show" here*)
by auto
qed
lemma
assumes "A \ (B \ C) \ D"
shows "B \ D"
using assms proof -
have "A" and "B \ C" and "D"
using assms by auto (*using: add additional facts to use, alternative to writing "from assms have "A" and ..."*)
have "B" and "C"
using \B \ C\ by auto (*note how facts can be referred to using \...\ notation*)
show "B \ D"
using \B\ \D\ by auto
qed
lemma
assumes "A \ (B \ C) \ D"
shows "B \ D"
proof -
have "A" and "B \ C" and "D"
using assms by auto
from this also have "B" and "C" (*also: chains together facts and "carries them along"*)
by auto
ultimately show "B \ D" (*ultimately uses the chained facts*)
by auto
qed
lemma
assumes "A \ (B \ C) \ D"
shows "B \ D"
using assms proof
assume "(B \ C) \ D"
hence "B" and "D" (*"hence" is a shorthand for "then have"*)
by auto
thus "B \ D" (*thus = shorthand for "then show"*)
by auto
qed
lemma
assumes "A \ (B \ C)"
shows "(A \ B) \ (A \ C)"
using assms proof
assume "B \ C" and "A"
{ (*opens a block to do hypothetical reasoning*)
assume "B"
hence "A \ B"
using \A\ by auto
} (*B \ A \ B*)
note L = this (*call the fact established in the block above "L"*)
{
assume "C"
hence "A \ C"
using \A\ by auto
} (*C \ A \ C*)
thus "(A \ B) \ (A \ C)"
using L \B \ C\ by auto
qed
thm disjE
thm excluded_middle
thm disjE[OF excluded_middle] (*OF: modus ponens*)
lemma
assumes "A \ (B \ C)"
shows "(A \ B) \ (A \ C)"
using assms proof
assume "B \ C" and "A"
show "(A \ B) \ (A \ C)"
proof(rule disjE[OF \B \ C\]) (*proofs can be nested*)
assume "B"
hence "A \ B"
using \A\ by auto
thus "(A \ B) \ (A \ C)"
by auto
next (*"next" moves us onto the next block*)
assume "C"
hence "A \ C"
using \A\ by auto
thus "(A \ B) \ (A \ C)"
by auto
qed
qed
section\Implication\
lemma
shows "P \ P"
proof(rule impI)
assume "P"
thus "P"
by auto
qed
lemma
shows "P \ P"
proof
assume "P"
thus "P"
by auto
qed
lemma
assumes "P \ False"
and "Q \ P"
and "Q"
shows "R"
proof -
have "P"
using \Q\ \Q \ P\ by auto
hence "False"
using \P \ False\ by auto
thus "R"
by auto
qed
lemma
assumes "P \ Q \ R"
and "Q \ S \ T"
and "R \ S"
and "T \ False"
and "P"
shows "S"
proof -
have "Q \ R"
using \P\ and \P \ Q \ R\ by auto
thus "S"
proof (*note "proof" does case analysis on "Q \ R" here*)
assume "Q"
hence "S \ T"
using \Q \ S \ T\ by auto
thus "S"
proof (*2 subgoals, but I only address one by hand...*)
assume "T"
hence "False"
using \T \ False\ by auto
thus "S"
by auto
qed auto (*"qed auto" applies "auto" to all other subgoals*)
next
assume "R"
thus "S"
using \R \ S\ by auto
qed
qed
section\Universal quantification\
lemma
assumes "\x. P x \ Q x"
shows "\x. P x"
proof
fix x (*fix an arbitrary element*)
have "P x \ Q x"
using assms by auto
thus "P x"
by auto
qed
lemma
assumes "\x. P \ Q x"
shows "P \ (\x. Q x)"
proof
assume "P"
{ (*hypothetical reasoning again*)
fix x
have "P \ Q x"
using assms by auto
hence "Q x"
using \P\ by auto
} (*\x. Q x*)
thus "\x. Q x"
by simp
qed
lemma
assumes "\x. P \ Q x"
and "\y. Q y \ R y"
and "P"
shows "R z"
proof -
have "Q z"
using assms by auto
thus "R z"
using assms by auto
qed
lemma
assumes "\x\S. Q x"
and "\x\S. P x"
and "T \ S"
shows "\x\T. P x \ Q x"
proof (*splits the bounded quantifier*)
fix x
assume "x \ T"
hence "x \ S"
using assms by auto
hence "Q x" and "P x"
using assms by auto
thus "P x \ Q x"
by auto
qed
section\Existential quantification\
lemma
assumes "\x. P x \ Q x"
and "\x. P x \ S"
and "\x. Q x \ S"
shows "S"
proof -
obtain x where "P x \ Q x" (*use "obtain" to eliminate an existential of form "\x. P x", obtaining an arbitrary element "y" such that "P y" holds*)
using assms by auto
thus "S"
proof
assume "P x"
thus "S"
using assms by auto
next
assume "Q x"
thus "S"
using assms by auto
qed
qed
lemma
shows "\x. x \ P"
proof - (*one way to prove "\x. P x" is to show "P t" for some suitably chosen "t"*)
have "False \ P"
by auto
thus "\x. x \ P"
by auto
qed
lemma
assumes "\x\X. P x"
and "X \ Y"
shows "\x\Y. P x"
proof -
obtain x where "x \ X" and 1: "P x" (*you can name any fact, not just assumptions*)
using assms by auto
hence "x \ Y"
using assms by auto
thus "\x\Y. P x"
using 1 by auto
qed
section\Negation\
lemma
assumes "P \ Q"
shows "\ Q \ \ P"
proof
assume "\ Q"
show "\ P"
proof
assume "P"
hence "Q"
using assms by auto
thus "False"
using \\ Q\ by auto
qed
qed
lemma
assumes "\ (P \ Q)"
shows "\ P \ \ Q"
proof(cases "P"; cases "Q") (*you can tell Isabelle which initial tactics to apply*)
assume "P" and "Q"
hence "P \ Q"
by auto
hence "False"
using assms by auto
thus "\ P \ \ Q"
by auto
next
assume "\ Q"
thus "\ P \ \ Q"
by auto
next
assume "\ Q"
thus "\ P \ \ Q"
by auto
next
assume "\ P"
thus "\ P \ \ Q"
by auto
qed
(*same proof, but shorter: focus on the interesting cases and let automation handle the rest*)
lemma
assumes "\ (P \ Q)"
shows "\ P \ \ Q"
proof(cases "P"; cases "Q") (*you can tell Isabelle which initial tactics to apply*)
assume "P" and "Q"
hence "P \ Q"
by auto
hence "False"
using assms by auto
thus "\ P \ \ Q"
by auto
qed auto (*all the other cases are similar and uninteresting*)
section\Sets reasoning\
lemma
assumes "P \ R"
and "R \ Q"
and "Q \ T"
and "x \ P"
shows "x \ T"
proof -
have "x \ R"
using assms by auto
hence "x \ Q"
using assms by auto
thus "x \ T"
using assms by auto
qed
lemma
shows "P \ (Q \ R) = (P \ Q) \ (P \ R)"
proof(rule equalityI; rule subsetI)
fix x
assume "x \ P \ (Q \ R)"
hence "x \ P" and "x \ Q \ R"
by auto
hence "x \ Q \ x \ R"
by auto
thus "x \ (P \ Q) \ (P \ R)"
proof
assume "x \ Q"
hence "x \ P \ Q"
using \x \ P\ by auto
thus "x \ (P \ Q) \