| Quellcodebibliothek Statistik Leitseite products/Sources/formale Sprachen/Isabelle/HOL/Examples/ (Beweissystem Isabelle Version 2025-1©) Datei vom 16.11.2025 mit Größe 4 kB |
|
Quelle Cantor.thy Sprache: Isabelle |
|||||||||
|
(* Title: HOL/Examples/Cantor.thy
Author: Makarius *) section \<open>Cantor's Theorem\<close> theory Cantor imports Main begin subsection \<open>Mathematical statement and proof\<close> text \<open> Cantor's Theorem states that there is no surjection from a set to its powerset. The proof works by diagonalization. E.g.\ see \<^item> \<^url>\<open>http://mathworld.wolfram.com/CantorDiagonalMethod.html\<close> \<^item> \<^url>\<open>https://en.wikipedia.org/wiki/Cantor's_diagonal_argument\<close> \<close> theorem Cantor: "\ proof assume "\ then obtain f :: "'a \ let ?D = "{x. x \ from * obtain a where "?D = f a" by blast moreover have "a \ ultimately show False by blast qed subsection \<open>Automated proofs\<close> text \<open> These automated proofs are much shorter, but lack information why and how it works. \<close> theorem "\ by best theorem "\ by force subsection \<open>Elementary version in higher-order predicate logic\<close> text \<open> The subsequent formulation bypasses set notation of HOL; it uses elementary \<open>\<lambda>\<close>-calculus and predicate logic, with standard introduction and eliminat rules. This also shows that the proof does not require classical reasoning. \<close> lemma iff_contradiction: assumes *: "\ shows False proof (rule notE) show "\ proof assume A with * have "\ from this and \<open>A\<close> show False .. qed with * show A .. qed theorem Cantor': "\ proof assume "\ then obtain f :: "'a \ let ?D = "\ from * have "\ then obtain a where "?D = f a" .. then have "?D a \ then have "\ then show False by (rule iff_contradiction) qed subsection \<open>Classic Isabelle/HOL example\<close> text \<open> The following treatment of Cantor's Theorem follows the classic example from the early 1990s, e.g.\ see the file \<^verbatim>\<open>92/HOL/ex/set.ML\<close> in Isabelle92 or \<^cite>\<open>\<open>\S18.7\<close> in "paulson-isa-book"\<close>. The old tactic s synthesize key information of the proof by refinement of schematic goal states. In contrast, the Isar proof needs to say explicitly what is proven. \<^bigskip> Cantor's Theorem states that every set has more subsets than it has elements. It has become a favourite basic example in pure higher-order logic since it is so easily expressed: @{text [display] \<open>\<forall>f::\<alpha> \<Rightarrow> \<alpha> \<Rightarrow> bool. \<exists>S::\<alpha> \<Rightarro Viewing types as sets, \<open>\<alpha> \<Rightarrow> bool\<close> represents the powerset of \<open>\< version of the theorem states that for every function from \<open>\<alpha>\<close> to its powerset, some subset is outside its range. The Isabelle/Isar proofs below uses HOL's set theory, with the type \ \<beta>) \<Rightarrow> \<beta> set\<close>. \<close> theorem "\ proof let ?S = "{x. x \ show "?S \ proof assume "?S \ then obtain y where "?S = f y" .. then show False proof (rule equalityCE) assume "y \ assume "y \ then have "y \ with \<open>y \<in> f y\<close> show ?thesis by contradiction next assume "y \ assume "y \ then have "y \ with \<open>y \<notin> ?S\<close> show ?thesis by contradiction qed qed qed text \<open> How much creativity is required? As it happens, Isabelle can prove this theorem automatically using best-first search. Depth-first search would diverge, but best-first search successfully navigates through the large search space. The context of Isabelle's classical prover contains rules for the relevant constructs of HOL's set theory. \<close> theorem "\ by best end ¤ Dauer der Verarbeitung: 0.2 Sekunden (vorverarbeitet) ¤*© Formatika GbR, Deutschland |
|
2026-03-28