theory Typed_Set_Theory imports Main begin section\Typed set theory\ (*some finite sets*) term "{}" term "{0,1,2,(3::nat)}" term "{True, False}" (*a simple set comprehension*) term "{x. x \ (5::nat) }" (*a set defined by a set comprehension, and computing with that comprehension*) term "{ x. x \ {True,False} \ x \ \ x }" value "{ x. x \ {True,False} \ x \ \ x }" (*the universal set (at a given type)*) term "UNIV" (*some familiar relations on sets*) term "P \ Q" term "P \ Q" term "x \ P" term "P \ Q" term "(P::'a set) - Q" term "P = (Q::'a set)" (*note some relations also have abbreviated negated forms*) term "x \ P" term "P \ Q" (*an infinite set, and computing with that infinite set*) term "UNIV - {1,2,3::nat}" value "UNIV - {1,2,3::nat}" subsection\Intersection and union\ thm IntI thm IntE thm IntD1 thm IntD2 thm UnE thm UnI1 thm UnI2 (*A faulty lemma: but quickcheck to the rescue!*) lemma assumes "x \ A \ (B \ C)" shows "x \ A \ C" quickcheck (*tries to find counterexamples to theorem statements*) oops (*quickcheck works by either 1. exhaustively enumerating all possible values for the variables in the statement 2. randomly generating values for variables in the statement (you can configure which mode it uses manually, but by default it uses exhaustive checking) "nitpick" is another automated tool for refuting theorem statements which uses SAT technology*) lemma assumes "x \ A \ (B \ C)" shows "x \ A \ C" using assms apply - apply(erule IntE) apply(rule UnI1) apply assumption done lemma shows "x \ P \ Q \ x \ P \ x \ Q" apply(rule iffI) apply(erule UnE) apply(rule disjI1, assumption) apply(rule disjI2, assumption) apply(erule disjE) apply(rule UnI1, assumption) apply(rule UnI2, assumption) done lemma shows "x \ P \ Q \ x \ P \ x \ Q" apply(rule iffI) apply(erule IntE) apply(rule conjI; assumption) (*foo;goo = first apply foo then apply goo to all new goals*) apply(erule conjE) apply(rule IntI; assumption) done subsection\Subset relations\ (*improper relations*) thm subsetI thm subsetD (*proper relations*) thm psubsetI thm psubsetE thm psubsetD lemma assumes "P \ R" and "Q \ R" shows "P \ Q \ R" using assms apply - apply(rule subsetI) apply(erule UnE) apply(erule subsetD, assumption)+ done lemma assumes "P \ Q" and "Q \ R" shows "P \ R" using assms apply - apply(rule subsetI) apply(erule subsetD) apply(erule subsetD) apply assumption done lemma assumes "P \ Q" and "x \ Q" shows "x \ P" using assms apply - apply(rule notI) apply(drule psubsetD, assumption) (*drule used for forward reasoning from assumptions*) apply(erule notE, assumption) done (* drule 1. resolves major premiss of theorem against an assumption 2. deletes that assumption 3. inserts conclusion of theorem as new assumption 4. opens new subgoals for remaining assumptions of theorem frule is same, apart from the deletion step in (2) *) subsection\Set equality\ (*equality at set type is mutual subset inclusion*) thm equalityI thm equalityE lemma shows "A \ (B \ C) = (A \ B) \ (A \ C)" apply(rule equalityI) apply(rule subsetI) apply(erule IntE) apply(erule UnE) apply(rule UnI1) apply(rule IntI) apply assumption+ apply(rule UnI2) apply(rule IntI) apply assumption+ apply(rule subsetI) apply(erule UnE) apply(erule IntE) apply(rule IntI) apply assumption apply(rule UnI1) apply assumption apply(erule IntE) apply(rule IntI) apply assumption apply(rule UnI2) apply assumption done lemma fixes A B :: "'a set" (*fixes keyword: used to provide optional type annotation for variables*) assumes "A = B" and "x \ A" (*recall x\A is abbreviation for \(x \ A)*) shows "x \ B" using assms apply - apply(rule notI) apply(erule equalityE) apply(drule subsetD, assumption) apply(erule notE) apply assumption done lemma assumes "A \ B" shows "A \ B = A" using assms apply - apply(rule equalityI; rule subsetI) apply(erule IntE, assumption) apply(rule IntI) apply assumption apply(erule subsetD, assumption) done subsection\Empty and universal sets\ thm UNIV_I thm emptyE lemma shows "A \ UNIV" apply(rule subsetI) apply(rule UNIV_I) done lemma assumes "x \ P \ {}" shows "x \ P" using assms apply - apply(erule UnE) apply assumption apply(erule emptyE) done lemma shows "P \ {} = {}" apply(rule equalityI; rule subsetI) apply(erule IntE) apply assumption apply(erule emptyE) done subsection\Set difference\ thm DiffI thm DiffD1 thm DiffD2 thm DiffE lemma shows "A - (B \ C) = (A - B) - C" apply(rule equalityI; rule subsetI) apply(erule DiffE) apply(rule DiffI) apply(rule DiffI) apply assumption apply(rule notI) apply(erule notE) apply(rule UnI1) apply assumption apply(rule notI) apply(erule notE) apply(rule UnI2) apply assumption apply(erule DiffE) apply(erule DiffE) apply(rule DiffI) apply assumption apply(rule notI) apply(erule UnE) apply(erule notE, assumption)+ done lemma shows "A - A = {}" apply(rule equalityI; rule subsetI) apply(erule DiffE) apply(erule notE, assumption) apply(erule emptyE) done subsection\Set comprehensions\ thm CollectD thm CollectI lemma assumes "x \ {y. P y}" and "x \ {y. Q y}" shows "x \ {y. P y \ Q y}" using assms apply - apply(drule CollectD) apply(drule CollectD) apply(rule CollectI) apply(rule conjI) apply assumption+ done lemma shows "{x. P x} \ {x. Q x} \ (\x. P x \ Q x)" apply(rule iffI) apply(rule allI) apply(rule impI) apply(drule subsetD, rule CollectI, assumption) apply(drule CollectD) apply assumption apply(rule subsetI) apply(drule CollectD) apply(erule allE) apply(erule impE) apply assumption apply(rule CollectI) apply assumption done lemma shows "{} = {x. False}" apply(rule equalityI; rule subsetI) apply(erule emptyE) apply(drule CollectD) apply(erule FalseE) done subsection\Bounded quantifiers\ term "\x\S. P" term "\x\S. P" thm ballI thm ballE thm bexI thm bexE lemma assumes "\x\S. P" and "\x\T. P" shows "\x\S\T. P" using assms apply - apply(rule ballI) apply(erule UnE) apply(erule_tac x=x in ballE) apply assumption apply(erule notE, assumption) apply(erule_tac x=x in ballE) back apply assumption apply(erule notE, assumption) done lemma assumes "\x\{}. P" shows "Q" using assms apply - apply(erule bexE) apply(erule emptyE) done lemma shows "(\x\UNIV. P x) \ (\x. P x)" apply(rule iffI) apply(rule allI) apply(erule_tac x=x in ballE) apply assumption apply(erule notE) apply(rule UNIV_I) apply(rule ballI) apply(erule_tac x=x in allE) apply assumption done subsection\Image\ (*set image is a map-like function*) term "f ` S" term "image" value "((op +) 1) ` {(0::nat), 1, 2, 3}" thm imageI thm imageE lemma assumes "x \ f ` S" and "x \ f ` T" shows "x \ f ` (S \ T)" using assms apply - apply(erule imageE) apply(erule imageE) apply clarify (*clarify: "clarifies" goal by rewriting throughout with assumed equalities*) apply(rule imageI) apply(rule UnI1) apply assumption done section\"Big" union and intersection\ term "\i\S. f i" term "\i\S. f i" value "\i\{True,False}. {i \ False}" (*bounded form*) value "\{{1,2,(3::nat)},{2,3},{2}}" (*unbounded form*) thm UNION_eq thm INTER_eq lemma shows "(\i\S. f i) \ (\i\S. g i) = (\i\S. f i \ g i)" apply(rule equalityI; rule subsetI) apply(erule IntE) apply(subst INTER_eq) (*subst: substitutes using an equational theorem in the conclusion of the goal*) apply(subst (asm) INTER_eq) (* subst (asm): substitutes using an equational theorem in the assumption of the goal*) apply(subst (asm) INTER_eq) apply(drule CollectD)+ apply(rule CollectI) apply(rule ballI) apply(rename_tac xa) (*rename_tac: renames bound variable (Isabelle auto-generated names are not stable)*) apply(erule_tac x=xa in ballE)+ apply(rule IntI; assumption) apply(erule notE, assumption)+ apply(subst INTER_eq)+ apply(subst (asm) INTER_eq) apply(rule IntI) apply(drule CollectD) apply(rule CollectI) apply(rule ballI) apply(rename_tac xa) apply(erule_tac x=xa in ballE) apply(erule IntE) apply assumption apply(erule notE) apply assumption apply(drule CollectD) apply(rule CollectI) apply(rule ballI) apply(rename_tac xa) apply(erule_tac x=xa in ballE) apply(erule IntE) apply assumption apply(erule notE) apply assumption done lemma shows "j \ S \ f j \ (\i\S. f i)" apply(rule subsetI) apply(subst UNION_eq) apply(rule CollectI) apply(rule bexI[where x=j]) apply assumption apply assumption done lemma shows "j \ S \ f j \ (\i\S. f i)" by blast (*tableaux prover good for sets and logical reasoning*) end