How to see Isabelle's phased argumentation "
I recently started researching Isabelle, and I have not found an answer to a very important question: how can you see the phased argumentation of the "evidence" found by Isabelle? I am not satisfied with lines like "auto" or "using theorem_A from explosion", I want to test the step by step output. Of course, I found out about Izar's proofs ", but 1. Such proofs by Izar cannot always be found by Hammer and 2. Even Izar's proofs do not always give stepwise reasoning. For example, Isar's proof of one of my theorems created by Sledgehammer looks like this:
proof -
have "... here is my formula ...."
using My_Theorem_1 My_axiom_2 by blast
thus ?thesis
by metis
qed
Of course, such proof cannot be called "human readable" as the enthusiasts of Isabella and Izara do. Now my question is, is it possible to step by step deduce from the "evidence" found by Isabelle? Or at least you can turn "proofs" like "auto" into Isar proofs? A situation in which step-by-step derivation is required is, for example, existence theorem proofs, they often provide useful explicit constructs. I go through several tutorials but couldn't find an answer ...
source to share
First of all, I will explain why your problem is usually not considered as important as you think. then I will answer your real question.
Isabelle is designed so that you do not need to "trust his method of proof (eg simp
, auto
, metis
) does all the evidence must pass through the core of Isabelle O, since the kernel is the only part in Isabelle, which may cause theorem. If you trust (relatively small) kernel, you can trust all proof methods Proof methods directly or indirectly call functions that the kernel exports to manipulate theorems.
The core contains functions that reflect the Isabel / Chi axioms, which I think is just a natural conclusion. Then you have the axioms of object logic (HOL in most cases) and definitions and typedefs. All of Isabel's theorems have proofs, which are basically proof trees, consisting of these stages of reasoning.
The progressive proof you are looking for is therefore this tree, and it is called an evidentiary object or proof. The problem is, they are very large and very unreadable (see Russell and Whitehead's Principia Mathematica for how large and unreadable). I think you can say that Isabelle somehow generated this evidence, but I have no idea how to do it. I found Stefan Berghofer's slide set .
I don't understand why you would say that the example you gave is not human readable. There are some details that are hidden from the reader, yes, but the same is true for most common mathematical proofs. blast
and metis
magic does not work; blast
is a first-order quality indicator, metis
is a resolution tool. If blast
they metis
can prove something in one step, the mathematician probably won't go into more detail on that step.
As for explicit constructs with existential ones: Isabelle / HOL is not constructive logic. Extracting programs from classical proofs is an ongoing study and very difficult. If you want to explicitly build something in Isabelle / HOL, my advice would not be to prove existential, but to directly validate your explicit construction. If your existential can be proven in one step at a time auto
, I would say the construction is very simple.
source to share
You can view the internal proof conditions for facts using:
prf lemma_name
For example, the following lemma from Pure
thm Pure.conjunction_imp
> (PROP ?A &&& PROP ?B ⟹ PROP ?C) ≡ (PROP ?A ⟹ PROP ?B ⟹ PROP ?C)
has as an output expression for proof:
prf Pure.conjunction_imp
> equal_intr ⋅ _ ⋅ _ ● (❙λ(H: _) (Ha: _) Hb: _. H ● (conjunctionI ⋅ _ ⋅ _ ● Ha ● Hb)) ●
(❙λ(H: _) Ha: _. H ● (conjunctionD1 ⋅ _ ⋅ _ ● Ha) ● (conjunctionD2 ⋅ _ ⋅ _ ● Ha))
With full_prf, the output becomes even more verbose.
the slides referenced by Manuel Eberl's answer provide additional information on the meaning of the symbols. Even if one doesn't understand the proven lambda members, the prf members are pretty clear about the facts used to prove the lemma.
In a default HOL session, the output will look rather boring because the internals of the proof are not compiled into a session image (see Makarius post there ). For the desired output, you need to switch to a HOL-Proofs session. (In jEdit: select HOL-Proofs from the theories panel and restart jEdit. Creation of a custom session image should start automatically. (... Well, in theory it should work like this: I just tried to build HOL-Proofs of a session in Isabelle2015, but it lasted indefinitely long on my computer ...))
source to share
Finally, I found a negative answer to my question. In the book "A Guide to Automatic Reasoning" edited by Alan J. Robinson, Andrey Voronkov, the authors of one of the chapters, on page 1226 wrote the following characteristics of Isabelle: "... you cannot use proof objects, for example, to see the details of a proof or to extract programs..."
source to share