(* Goal verification framework - Logic *) \ \This theory sets up syntax, semantics and a sequent for classical logic with no quantifiers. The type for atoms is arbitrary to allow reuse in different logic languages to be defined.\ theory Gvf_Logic imports "HOL-Library.Multiset" begin section \Syntax\ \ \The usual infix operators are in bold to avoid conflict with Isabelle's built-in operators.\ datatype 'a \\<^sub>P = Atom 'a | Negation \'a \\<^sub>P\ (\\<^bold>\\) | Implication \'a \\<^sub>P\ \'a \\<^sub>P\ (infixr \\<^bold>\\ 60) | Disjunction \'a \\<^sub>P\ \'a \\<^sub>P\ (infixl \\<^bold>\\ 70) | Conjunction \'a \\<^sub>P\ \'a \\<^sub>P\ (infixl \\<^bold>\\ 80) \ \'a is a type variable for the type of atoms. An element of this type is parsed to the constructor for Atom. The Boolean operators take one (or two) formula(s) as input (having the same type for atoms).\ \ \Bi-implication is defined from conjunction and implication.\ abbreviation Equiv\<^sub>P :: \'a \\<^sub>P \ 'a \\<^sub>P \ 'a \\<^sub>P\ (infix \\<^bold>\\ 60) where \P \<^bold>\ Q \ P \<^bold>\ Q \<^bold>\ Q \<^bold>\ P\ \ \Example (untyped free variable atoms).\ value \Atom P \<^bold>\ (Atom P \<^bold>\ Atom Q) \<^bold>\ Atom Q\ section \Semantics\ \ \The semantics function takes an interpretation and a formula and returns a Boolean.\ primrec semantics\<^sub>P :: \('a \ bool) \ 'a \\<^sub>P \ bool\ where \semantics\<^sub>P f (Atom x) = f x\ | \semantics\<^sub>P f (\<^bold>\ p) = (\semantics\<^sub>P f p)\ | \semantics\<^sub>P f (p \<^bold>\ q) = (semantics\<^sub>P f p \ semantics\<^sub>P f q)\ | \semantics\<^sub>P f (p \<^bold>\ q) = (semantics\<^sub>P f p \ semantics\<^sub>P f q)\ | \semantics\<^sub>P f (p \<^bold>\ q) = (semantics\<^sub>P f p \ semantics\<^sub>P f q)\ \ \The interpretation f is a function from atom (element of type 'a) to Boolean. In the case of an atom the value is looked up and returned. In case of a Boolean operator, we can exploit Isabelle's built-in operators. This could also be achieved by proper coding of if-then structures.\ \ \Example (holds for any f, P and Q).\ lemma \semantics\<^sub>P f (Atom P \<^bold>\ (Atom P \<^bold>\ Atom Q) \<^bold>\ Atom Q)\ by simp \ \Entailment.\ abbreviation entails :: \'a \\<^sub>P set \ 'a \\<^sub>P set \ bool\ (infix \\\<^sub>P#\ 50) where \\ \\<^sub>P# \ \ (\f. (\p\\. semantics\<^sub>P f p) \ (\p\\. semantics\<^sub>P f p))\ \ \L entails R if, for all interpretations, all formulas in L true implies at least one in R true.\ \ \Example.\ lemma \{ Atom P } \\<^sub>P# { Atom P, Atom Q }\ by simp \ \Entailment for a singleton on rhs.\ abbreviation entails_singleton :: \'a \\<^sub>P set \ 'a \\<^sub>P \ bool\ (infix \\\<^sub>P\ 50) where \\ \\<^sub>P \ \ \ \\<^sub>P# { \ }\ \ \Example.\ lemma \{ Atom P \<^bold>\ Atom Q } \\<^sub>P Atom P\ by simp \ \Example.\ lemma \Q \ P \ \ { Atom Q } \\<^sub>P Atom P\ by auto \ \Weakening of assumptions for entailment\ lemma weakening_entailment: \\' \ \ \ \' \\<^sub>P# \ \ \ \\<^sub>P# \\ by blast \ \Example.\ lemma \{ P\<^sub>1, P\<^sub>2 } \\<^sub>P# { Q } \ { P\<^sub>1, P\<^sub>2, P\<^sub>3 } \\<^sub>P# { Q }\ using weakening_entailment by simp section \Sequent calculus\ \ \A standard sequent calculus proof system.\ inductive sequent_calculus :: \'a \\<^sub>P multiset \ 'a \\<^sub>P multiset \ bool\ (infix \\\<^sub>P#\ 40) where \ \Non-branching\ Axiom: \{# p #} + \ \\<^sub>P# \ + {# p #}\ | L_Neg: \\ \\<^sub>P# \ + {# p #} \ \ + {# \<^bold>\ p #} \\<^sub>P# \\ | R_Neg: \\ + {# p #} \\<^sub>P# \ \ \ \\<^sub>P# \ + {# \<^bold>\ p #}\ | R_Imp: \\ + {# p #} \\<^sub>P# \ + {# q #} \ \ \\<^sub>P# \ + {# p \<^bold>\ q #}\ | R_Or: \\ \\<^sub>P# \ + {# p, q #} \ \ \\<^sub>P# \ + {# p \<^bold>\ q #}\ | L_And: \\ + {# p, q #} \\<^sub>P# \ \ \ + {# p \<^bold>\ q #} \\<^sub>P# \\ | \ \Branching\ R_And: \\ \\<^sub>P# \ + {# p #} \ \ \\<^sub>P# \ + {# q #} \ \ \\<^sub>P# \ + {# p \<^bold>\ q #}\ | L_Or: \\ + {# p #} \\<^sub>P# \ \ \ + {# q #} \\<^sub>P# \ \ \ + {# p \<^bold>\ q #} \\<^sub>P# \\ | L_Imp: \\ \\<^sub>P# \ + {# p #} \ \ + {# q #} \\<^sub>P# \ \ \ + {# p \<^bold>\ q #} \\<^sub>P# \\ \ \The arrow ==> signifies that the rightmost predicate (must be of the inductive type) may be introduced following proof of the assumptions. Axioms may either be directly introduced, or follow from non-inductive preconditions. The inductive rules specify the construction of more complex proofs from existing ones.\ \ \Example.\ lemma \{# Atom P \<^bold>\ Atom Q #} \\<^sub>P# {# Atom P #}\ using L_And Axiom by fastforce \ \Notation for empty lhs and singleton rhs.\ abbreviation provable :: \'a \\<^sub>P \ bool\ (\\\<^sub>P _\ 40) where \\\<^sub>P p \ {#} \\<^sub>P# {# p #}\ \ \Example single-step.\ lemma \\\<^sub>P Atom P \<^bold>\ (Atom P \<^bold>\ Atom Q) \<^bold>\ Atom Q\ proof - from R_Imp have \{#} \\<^sub>P# {# Atom P \<^bold>\ (Atom P \<^bold>\ Atom Q) \<^bold>\ Atom Q #}\ if \{# Atom P #} \\<^sub>P# {# (Atom P \<^bold>\ Atom Q) \<^bold>\ Atom Q #}\ using that by simp with R_Imp have ?thesis if \{# Atom P \<^bold>\ Atom Q, Atom P #} \\<^sub>P# {# Atom Q #}\ using that by auto with L_Imp have ?thesis if \{# Atom P #} \\<^sub>P# {# Atom Q #} + {# Atom P #}\ and \{# Atom P #} + {# Atom Q #} \\<^sub>P# {# Atom Q #}\ using that by auto with Axiom show ?thesis by auto qed \ \The hassle of manually proving even simple formulas calls for an implementation of proof tactics. The deep embedding of the logic means that trivial formulas cannot be proved using Isabelle's vast knowledge about logic formulas, however I am not sure if there is a good way around this.\ section \Soundness\ \ \The soundness theorem.\ theorem soundness\<^sub>P: \\ \\<^sub>P# \ \ set_mset \ \\<^sub>P# set_mset \\ by (induct rule: sequent_calculus.induct) (auto) \ \Proving the formula implies that it is valid. Because the sequent calculus is based on the use of multisets, whereas the semantics is based on regular sets, a conversion is required. In general going from multisets to sets is more clean due to the former always being finite.\