1

I wanted to transform this proof to Isar as ab exercise (for myself to learn Isar) using only basic natural deduction rules (ND) from propositional logic (e.g. notI, notE, impI, impE... etc).

I can do it in an apply script easily:

lemma very_simple0: "A ⟶ A ∨ B"
  apply (rule impI) (* A ⟹ A ∨ B *)
  thm disjI1 (* ?P ⟹ ?P ∨ ?Q *)
  apply (rule disjI1) (* A ⟹ A *)
  by assumption

but my attempts at an Isar proof fail:

lemma very_simple1: "A ⟶ A ∨ B"
proof (* TODO why/how does this introduce A by itself*)
  assume A (* probably not neccessary since Isabelle did impI by itself *)
  have "A ⟹ A" by disjI1
  show "A ⟹ A" by assumption
qed

my main error is:

Undefined method: "disjI1"⌂

which seems mysterious to me because the rules worked just fine in the apply script before.

What am I doing wrong?

Note this also leads to an error:

lemma very_simple2: "A ⟶ A ∨ B"
proof impI
  assume A (* probably not neccessary since Isabelle did impI by itself *)
  have "A ⟹ A" by disjI1
  show "A ⟹ A" by assumption
qed

same error as above:

Undefined method: "impI"⌂

why?

Edit:

I learned that a 'method' still requires the work rule impI or metis etc but the script still fails:

lemma very_simple1: "A ⟶ A ∨ B"
proof (rule impI)
  assume A (* probably not neccessary since Isabelle did impI by itself *)
  have "A ⟹ A" by (rule disjI1)
  show "A ⟹ A" by assumption
qed

Edit2:

lemma very_simple1: "A ⟶ A ∨ B"
proof (rule impI)
  have 0: "A ⟹ A ∨ B" by (rule disjI1)
  have 1: "A ⟹ A" by assumption
  from 1 show "True" by assumption
qed

I still can't complete the proof.

Charlie Parker
  • 5,884
  • 57
  • 198
  • 323

1 Answers1

2

You have several problems.

Let us consider the example:

have "A ⟹ A" by (rule disjI1)

That fails, so first what is the theorem disjI1 actually?

thm disjI1
(* ?P ⟹ ?P ∨ ?Q *)

Due to how rules works, it tries to match the goal "A" with "?P ∨ ?Q", which fails. Now, if your goal has the right form:

have "A ⟹ A ∨ B" by (rule disjI1)

it works!

Second problem:

 proof

is by default equivalent to "proof standard" and applies some theorem by default. Typically, you will use "proof -" to apply no theorem.

Lastly, let us consider your example

lemma very_simple1: "A ⟶ A ∨ B"
proof (rule impI)

In the state view, you see:

proof (state)
goal (1 subgoal):
 1. A ⟹ A ∨ B

This means that the Isar must look like

lemma very_simple1: "A ⟶ A ∨ B"
proof (rule impI)
  assume ‹A›
  show ‹A ∨ B›
    sorry
qed

The fact that show works indicates that proof block has the correct form.

Beware: This is an important step especially at the beginning. ALWAYS start with the assume and the show. Do not wright anything else. If the show does not work, the structure induced by the Isar proof (assume and show) does not match the expected proof (which can be seen in the State panel).

You can do whatever you want from there (including starting a new proof block), but you cannot change that structure without changing which rule was applied.

Let's finish the proof. We want to use the assumption (so we add a then) and the rule to prove the goal.

lemma very_simple1: "A ⟶ A ∨ B"
proof (rule impI)
  assume ‹A›
  then show ‹A ∨ B›
    by (rule disjI1)
qed

Overall, I think you should read the Isar part of the Concrete Semantics.

EDIT: The most important problem is that you misunderstand what Isar is: Isar is not here to help you with the different proof steps (like proving tha "A ==> A"). It is here to do a forward proof: You start from the assumption (here A) and go to the conclusion. So the Isar proof will look like

  assume A
  show "A \/ B"

You never have to repeat the assumption A in the proof!

Mathias Fleury
  • 2,221
  • 5
  • 12
  • I am of course going through it but wanted to work a simpler example than Cantor's proof they give (that only uses single step proof methods). Why does my proof attempt still not work? – Charlie Parker May 12 '20 at 18:57
  • I expanded my answer a bit. Additionnaly, most Isabelle approaches try to teach a more automated style with auto and co. It is a good thing (and what you should do), but if you only interested in using `rule`, you can also read section 5 of the tutorial https://isabelle.in.tum.de/doc/tutorial.pdf – Mathias Fleury May 12 '20 at 19:21
  • What is a "good thing"? Did you refer learning to use `auto` & `co`? I assume those are good for doing "real proofs" but I hate that they are black boxes. I have no idea what they are doing or how to implement one of my own. – Charlie Parker May 13 '20 at 14:21
  • Im curious, why are you putting the `< >` in your proof? – Charlie Parker May 13 '20 at 14:23
  • Thanks for the help. It seems I don't understand Isar at all, specially considering that the "assumption" command/rule was not needed to complete the proof. Perhaps using their example (Cantor's Argument) and go through the chapter is the only practical way to learn Isar. Thanks for the help so far btw! – Charlie Parker May 13 '20 at 14:33
  • I prefer cartouches ‹› to quotes. It is a matter of style. Using auto is the "right way" in Isabelle. It is a black box and you well never be able to guess what you will end up with (at least, I still don't). However, I would start with auto, follow the Concrete Semantics, and only later go for the manual proofs instead of fighting the book. It is the major difference in teaching between Isabelle and Coq. – Mathias Fleury May 13 '20 at 21:12
  • What is the major difference in teaching Isabelle & Coq? Isabelle is more of a black box than Coq? – Charlie Parker May 14 '20 at 14:30
  • I am so fairly interested in understanding ATPs/Tactics and implement some myself. Is there a good place to learn about this for Isabelle? – Charlie Parker May 14 '20 at 14:45
  • Usually (and to caricature), after two hours of teaching Isabelle you prove the explicit form of $\sum_{k=0}^n k$ and in Coq you prove that $(P --> Q) --> P --> Q$. About tactics: you can read about Eisbach, but I believe the best way is to start proving with the tactics and then decide what you need that does not exist yet. Tactics are more widely used in Coq (e.g., see Chlipala's CPDT), because the base tactics are weaker. – Mathias Fleury May 14 '20 at 16:25