I have a problem problem such as:
¬P ∨ (Q ∨ R)
I used the law that :
¬P ∨ (Q ∨ R) ≡ ¬P ∨ Q ∨ R
But I do not remember the name of the law. Can anybody help me?
You are thinking of the associative law, but there is a subtlety:
What the associative law says is that
P v (Q v R) = (P v Q) v R
Depending on your formal system of logic, there is a good chance that
P v Q v R
isn't officially a wff (well-formed formula) since it is syntactically ambiguous. The associative law guarantees that both ways of parsing it are equivalent, hence it is a common abbreviation for (P v Q) v R.
Thus, I would tend to regard
P v (Q v R) = P v Q v R
as giving an abbreviation which is underwritten by the associative law rather than as an application of the associative law per se.
Related
The universal quantifier in first-order logic (the symbol is ∀) and meta-universal quantifier in meta-logic (the symbol is ⋀) what is the main difference?
For the following two lemmas, the first example proves successful using universal quantifiers, while the meta-universal quantifiers do not.
lemma "∀ x. P x ⟹ P 0"
apply simp
done
lemma "⋀ x. P x ⟹ P 0"
oops
Isabelle is a generic framework for interactive theorem proving. Its meta-logic Isabelle/Pure allows to define a broad range of object-logics, one of them being Isabelle/HOL. As you already hinted, the symbol ∀ is Isabelle/HOL's universal quantifier and the symbol ⋀ is Isabelle/Pure's universal quantifier. Also, the symbol ⟹ is Isabelle/Pure's implication. The operator precedence rules state that ⋀ has lower precedence than ⟹, and ∀ has higher precedence than ⋀ and ⟹. Therefore ⋀ x. P x ⟹ P 0 is actually parsed as ⋀ x. (P x ⟹ P 0) (which clearly doesn't hold) instead of (⋀ x. P x) ⟹ P 0, so you need to explicitly parenthesize the proposition ⋀ x. P x. Then, your lemma can be trivially proved using the usual elimination rule for ⋀ in natural deduction as follows:
lemma "(⋀ x. P x) ⟹ P 0"
by (rule meta_spec)
In order to try to avoid this kind of nuances, I'd suggest you to adopt the Isabelle/Isar style for stating your lemmas, namely the following:
lemma
assumes "⋀ x. P x"
shows "P 0"
using assms by (rule meta_spec)
Please refer to Programming and Proving in Isabelle/HOL and The Isabelle/Isar Reference Manual for more information.
While trying to prove some things, I encountered an innocent looking claim that I failed to prove in Coq. The claim is that for a given Finite Ensemble, the powerset is also finite. The statement is given in the Coq code below.
I looked through the Coq documentation on finite sets and facts about finite sets and powersets, but I could not find something that deconstructs the powerset into a union of subsets (such that the Union_is_finite constructor can be used). Another approach may be to show that the cardinal number of the powerset is 2^|S| but here I certainly have no idea how to approach the proof.
From Coq Require Export Sets.Ensembles.
From Coq Require Export Sets.Powerset.
From Coq Require Export Sets.Finite_sets.
Lemma powerset_finite {T} (S : Ensemble T) :
Finite T S -> Finite (Ensemble T) (Power_set T S).
Proof.
(* I don't know how to proceed. *)
Admitted.
I did not solve it completely because I myself struggled a lot with this proof. I merely transferred it along your line of thought. Now the crux of problem is, proving the cardinality of power set of a set of n elements is 2^n.
From Coq Require Export Sets.Ensembles.
From Coq Require Export Sets.Powerset.
From Coq Require Export Sets.Finite_sets.
From Coq Require Export Sets.Finite_sets_facts.
Fixpoint exp (n m : nat) : nat :=
match m with
| 0 => 1
| S m' => n * (exp n m')
end.
Theorem power_set_empty :
forall (U : Type), Power_set _ (Empty_set U) = Singleton _ (Empty_set _).
Proof with auto with sets.
intros U.
apply Extensionality_Ensembles.
unfold Same_set. split.
+ unfold Included. intros x Hin.
inversion Hin; subst.
apply Singleton_intro.
symmetry. apply less_than_empty; auto.
+ unfold Included. intros x Hin.
constructor. inversion Hin; subst.
unfold Included; intros; assumption.
Qed.
Lemma cardinality_power_set :
forall (U : Type) (A : Ensemble U) (n : nat),
cardinal U A n -> cardinal _ (Power_set _ A) (exp 2 n).
Proof.
intros U A n. revert A.
induction n; cbn; intros He Hc.
+ inversion Hc; subst. rewrite power_set_empty.
Search Singleton.
rewrite <- Empty_set_zero'.
constructor; repeat auto with sets.
+ inversion Hc; subst; clear Hc.
Admitted.
Lemma powerset_finite {T} (S : Ensemble T) :
Finite T S -> Finite (Ensemble T) (Power_set T S).
Proof.
intros Hf.
destruct (finite_cardinal _ S Hf) as [n Hc].
eapply cardinal_finite with (n := exp 2 n).
apply cardinality_power_set; auto.
Qed.
I need to prove the following:
lemma "m = min_list(x#xs) ⟹ m ∈ set (x#xs)"
In plain English, I need to prove that the return value from "min_list (x#xs)" is always a member of (x#xs)
I tried:
apply(induct xs)
apply(auto)
I also tried to reuse existing lemmas for the min_list by using:
find_theorems min_list
The sub-goal at this point is so long that I do not know how to proceed.
I am not looking for a full answer just hints on how to approach this lemma. Moreover, is this proof an easy one or significantly difficult one for someone just learning Isabelle?
Spoiler: it is possible to use the standard list induction and auto to prove the theorem, i.e. something similar to by (induct xs ...) (auto simp: ...). I deliberately left out sections in the proof for you to fill in on your own. You will need to think about if any variables (i.e. m or x) need to be specified as arbitrary and also understand what information the simplifier may need (look for clues in the specification of min_list in the theory List).
With regard to your question about the difficulty of the problem, I believe, that difficulty is a function of experience. Most certainly, when I started learning Isabelle, I was finding it difficult to formalise proofs similar to the one in your question. After a certain time spent coding in Isabelle (by the time of answering this question, I must have accrued an equivalent of 4-5 months of full-time coding in Isabelle), such problems no longer seem to present a significant challenge for me. Of course, there are other factors that need to be taken into account, e.g. previous training in mathematics or logic and previous coding experience.
General advice from someone who is learning Isabelle on his own (the advice may not be consistent with the approach that is normally recommended by professional instructors)
I believe, when proving similar results, it is important to understand that Isabelle is, primarily, a tool for formalisation of 'pen-and-paper' proofs. Therefore, it is important to have the 'pen-and-paper' proof at hand before trying to formalise it. I would suggest the following general approach when attacking similar problems:
Write the proof on paper.
Formalise the proof using Isar, providing as many details as possible and not caring too much about the length of the proof. Also, try not to rely on the tools for automated reasoning (i.e. auto, blast, meson, metis, fastforce) and use direct methods like rule and intro as much as you can.
Once your Isar proof is complete, apply tools for automated reasoning (e.g. auto, blast) to your Isar proof to simplify your proof as much as possible.
Of course, eventually, it will become increasingly easy to omit 1 and 2 as you make progress in learning Isabelle.
I can provide further details, e.g. the complete short proof and the long Isar version of the proof.
UPDATE
As per your request in the comments, I provide an informal proof.
Lemma. m = min_list (x # xs) ⟹ m ∈ set (x # xs).
Remarks. For completeness, I also provide the definition of min_list and some comments about the const set. The definition of min_list can be found in the theory List:
fun min_list :: "'a::ord list ⇒ 'a" where
"min_list (x # xs) = (case xs of [] ⇒ x | _ ⇒ min x (min_list xs))"
The const set is defined implicitly and constitutes a part of the datatype infrastructure for list (see the document "Defining (Co)datatypes and Primitively (Co)recursive Functions in Isabelle/HOL" in the standard documentation if Isabelle). In particular, it is called the 'set function' of the datatype. Many basic properties of the const set can be found by inspection/search, e.g. find_theorems list.set. I believe that the theorem thm list.set is representative of the main properties of the const set (I took the liberty to rename the schematic variables in the theorem):
set [] = {}
set (?x # ?xs) = insert ?x (set ?xs)
Proof. The proof is by structural induction on the list xs. The induction principle is stated as an unnamed lemma at the beginning of the theory List. For completeness, I restate the induction principle below:
"P [] ⟹ (⋀a list. P list ⟹ P (a # list)) ⟹ P list"
Base case: assume xs = [], show m = min_list (x # xs) ⟹ m ∈ set (x # xs) for all x. From the definition of min_list, it is trivial to see that min_list (x # []) = x. Similarly, set (x # []) = {x} can be shown directly from the properties of the const set. Substituting into the predicate above, it remains to show that m = x ⟹ m ∈ {x} for all x. This follows from basic set theory.
Inductive step: assume ⋀x. m = min_list (x # xs) ⟹ m ∈ set (x # xs), show m = min_list (a # x # xs) ⟹ m ∈ set (a # x # xs) for all a, x and xs. Fix a, x and xs. Assume m = min_list (a # x # xs). Then it remains to show that m ∈ set (a # x # xs). Given m = min_list (a # x # xs), from the definition of min_list, it is easy to infer that either m = a or m = min_list (x # xs). Consider these cases explicitly:
Case I: m = a. a ∈ set (a # x # xs) follows from the definitions. Then, m ∈ set (a # x # xs) by substitution.
Case II: m = min_list (x # xs). Then, from the assumption ⋀x. m = min_list (x # xs) ⟹ m ∈ set (x # xs) it follows that m ∈ set (x # xs). Thus, m ∈ set (a # x # xs) follows from the properties of set.
In all possible cases m ∈ set (a # x # xs), which is what was required to prove.
Thus, the proof is concluded.
Concluding thoughts. Try converting this informal proof to an Isar proof. Also, please note that the proof may not be ideal - I might make edits to the proof later.
I'm trying to translate the argument I gave in this answer into Isabelle and I managed to prove it almost completely. However, I still need to prove:
"(∑k | k ∈ {1..n} ∧ d dvd k. f (k/n)) =
(∑q | q ∈ {1..n/d}. f (q/(n/d)))" for d :: nat
My idea was to use this theorem:
sum.reindex_bij_witness
however, I cannot instantiate the transformations i,j that relate the sets S,T of the theorem. In principle, the setting should be:
S = {k. k ∈ {1..n} ∧ d dvd k}
T = {q. q ∈ {1..n/d}}
i k = k/d
j q = q d
I believe there is a typing error. Perhaps I should be using div?
First of all, note that instead of gcd a b = 1, you should write coprime a b. That is equivalent (at least for all types that have a GCD), but it is more convenient to use.
Second, I would not write assumptions like ⋀n. F n = …. It makes more sense to write that as a defines, i.e.
lemma
fixes F :: "nat ⇒ complex"
defines "F ≡ (λn. …)"
Third, {q. q ∈ {1..n/d}} is exactly the same as {1..n/d}, so I suggest you write it that way.
To answer your actual question: If what you have written in your question is how you wrote it in Isabelle and n and d are of type nat, you should be aware that {q. q ∈ {1..n/d}} actually means {1..real n / real d}. If n / d > 1, this is actually an infinite set of real numbers and probably not what you want.
What you actually want is probably the set {1..n div d} where div denotes division on natural numbers. This is then a finite set of natural numbers.
Then you can prove the following fairly easily:
lemma
fixes f :: "real ⇒ complex" and n d :: nat
assumes "d > 0" "d dvd n"
shows "(∑k | k ∈ {1..n} ∧ d dvd k. f (k/n)) =
(∑q∈{1..n div d}. f (q/(n/d)))"
by (rule sum.reindex_bij_witness[of _ "λk. k * d" "λk. k div d"])
(use assms in ‹force simp: div_le_mono›)+
A note on div
div and / denote the same function, namely Rings.divide.divide. However, / for historic reasons (and perhaps in fond memory of Pascal), / additionally imposes the type class restriction inverse, i.e. it only works on types that have an inverse function.
In most practical cases, this means that div is a general kind of division operation on rings, whereas / only works in fields (or division rings, or things that are ‘almost’ fields like formal power series).
If you write a / b for natural numbers a and b, this is therefore a type error. The coercion system of Isabelle then infers that you probably meant to write real a / real b and that's what you get.
It's a good idea to look at the output in such cases to ensure that the inferred coercions match what you intended.
Debugging non-matching rules
If you apply some rule (e.g. with apply (rule …)) and it fails and you don't understand why, there is a little trick to find out. If you add a using [[unify_trace_failure]] before the apply, you get an error message that indicates where exactly the unification failed. In this case, the message is
The following types do not unify:
(nat ⇒ complex) ⇒ nat set ⇒ complex
(real ⇒ complex) ⇒ real set ⇒ complex
This indicates that there is a summation over a set of reals somewhere that should be a summation over a set of naturals.
Lets say we have an expression like
2f(n) = O(2g(n))
I don't understand the expression. I know that what f(n) = O(n) is. It basically means that the left side is asymptotically bounded above at O(n).
O being the Big O notation.
Basically it means 2g(n) is an asymptotic upper bound for 2f(n).
Now one can think this is the same as f(n) ∈ O(g(n)), but this is only correct in one direction.
2f(n) ∈ O(2g(n)) ⇒ f(n) ∈ O(g(n))
But the other way around is not correct.
E.g.:
f(n) = 2n, g(n) = n so
2n ∈ O(n) holds, but 22n = 4n ∉ O(2n).