diff --git a/thys/Goedel_Incompleteness/Abstract_Encoding.thy b/thys/Goedel_Incompleteness/Abstract_Encoding.thy new file mode 100644 --- /dev/null +++ b/thys/Goedel_Incompleteness/Abstract_Encoding.thy @@ -0,0 +1,62 @@ +chapter \Abstract Encoding\ + +(*<*) +theory Abstract_Encoding imports Deduction2 +begin +(*>*) + +text \Here we simply fix some unspecified encoding functions: encoding formulas +and proofs as numerals.\ + +locale Encode = +Syntax_with_Numerals + var trm fmla Var FvarsT substT Fvars subst + num +for +var :: "'var set" and trm :: "'trm set" and fmla :: "'fmla set" +and Var FvarsT substT Fvars subst +and num ++ +fixes enc :: "'fmla \ 'trm" ("\_\") +assumes +enc[simp,intro!]: "\ \. \ \ fmla \ enc \ \ num" +begin + +end \ \context @{locale Encode}\ + +text \Explicit proofs (encoded as numbers), needed only for the harder half of +Goedel's first, and for both half's of Rosser's version; not needed in Goedel's +second.\ + +locale Encode_Proofs = +Encode + var trm fmla Var FvarsT substT Fvars subst + num + enc ++ +Deduct2_with_Proofs + var trm fmla Var FvarsT substT Fvars subst + eql cnj imp all exi + fls + dsj + num + prv bprv + "proof" prfOf +for +var :: "'var set" and trm :: "'trm set" and fmla :: "'fmla set" +and Var FvarsT substT Fvars subst +and num +and eql cnj imp all exi +and prv bprv +and enc ("\_\") +and fls dsj +and "proof" :: "'proof set" and prfOf ++ +fixes encPf :: "'proof \ 'trm" +assumes +encPf[simp,intro!]: "\ pf. pf \ proof \ encPf pf \ num" + + +(*<*) +end +(*>*) \ No newline at end of file diff --git a/thys/Goedel_Incompleteness/Abstract_First_Goedel.thy b/thys/Goedel_Incompleteness/Abstract_First_Goedel.thy new file mode 100644 --- /dev/null +++ b/thys/Goedel_Incompleteness/Abstract_First_Goedel.thy @@ -0,0 +1,442 @@ +chapter \Abstract Formulations of Gödel's First Incompleteness Theorem\ + +(*<*) +theory Abstract_First_Goedel imports Goedel_Formula Standard_Model_More +begin +(*>*) + +section \Proof-Theoretic Versions of Gödel's First\ + +context Goedel_Form +begin + +subsection \The easy half\ + +text \First the "direct", positive formulation:\ +lemma goedel_first_theEasyHalf_pos: +assumes "prv \G" shows "prv fls" +proof- + have "prv (neg (PP \\G\))" using prv_eqv_prv[OF _ _ assms prv_\G_eqv] by auto + moreover + {have "bprv (PP \\G\)" using HBL1[OF \G Fvars_\G assms] unfolding PP_def . + from bprv_prv[OF _ _ this, simplified] have "prv (PP \\G\)" . + } + ultimately show ?thesis using PP prv_neg_fls by (meson \G enc in_num) +qed + +text \... then the more standard contrapositive formulation:\ +corollary goedel_first_theEasyHalf: +"consistent \ \ prv \G" +using goedel_first_theEasyHalf_pos unfolding consistent_def by auto + +end \ \context @{locale Goedel_Form}\ + + +subsection \The hard half\ + +text \The hard half needs explicit proofs:\ +context Goedel_Form_Proofs begin + +lemma goedel_first_theHardHalf: +assumes oc: "\consistent" +shows "\ prv (neg \G)" +proof + assume pn: "prv (neg \G)" + hence pnn: "prv (neg (neg (wrepr.PP \\G\)))" + using prv_eqv_imp_transi num wrepr.PP \G fls neg neg_def prv_\G_eqv prv_eqv_sym + by (metis (full_types) enc in_num) + note c = \consistent_implies_consistent[OF oc] + have np: "\ prv \G" using pn c unfolding consistent_def3 by blast + have "\p \ num. bprv (neg (PPf p \\G\))" using not_prv_prv_neg_PPf[OF _ _ np] by auto + hence 0: "\p \ num. prv (neg (PPf p \\G\))" using not_prv_prv_neg_PPf[OF _ _ np] + by (fastforce intro: bprv_prv) + have "\ prv (neg (neg (exi yy (PPf (Var yy) \\G\))))" using 0 oc unfolding \consistent_def by auto + hence "\ prv (neg (neg (wrepr.PP \\G\)))" + unfolding wrepr.PP_def by (subst P_def) (simp add: PPf_def2) + thus False using pnn by auto +qed + +theorem goedel_first: +assumes "\consistent" +shows "\ prv \G \ \ prv (neg \G)" + using assms goedel_first_theEasyHalf goedel_first_theHardHalf \consistent_implies_consistent by blast + +theorem goedel_first_ex: +assumes "\consistent" +shows "\ \. \ \ fmla \ \ prv \ \ \ prv (neg \)" + using assms goedel_first by (intro exI[of _ \G]) blast + + +end \ \context @{locale Goedel_Form_Proofs}\ + + +section \Model-Theoretic Versions of Gödel's First\ + +text \The model-theoretic twist is that of additionally proving +the truth of Gödel sentences.\ + + +subsection \First model-theoretic version\ + +locale Goedel_Form_Proofs_Minimal_Truth = +Goedel_Form_Proofs + var trm fmla Var FvarsT substT Fvars subst + num + eql cnj imp all exi + fls + prv bprv + enc + S + dsj + "proof" prfOf encPf + Pf ++ +Minimal_Truth_Soundness + var trm fmla Var FvarsT substT Fvars subst + eql cnj imp all exi + fls + dsj + num + bprv + isTrue +for +var :: "'var set" and trm :: "'trm set" and fmla :: "'fmla set" +and Var FvarsT substT Fvars subst +and eql cnj imp all exi +and fls +and dsj +and num +and prv bprv +and enc ("\_\") +and S +and "proof" :: "'proof set" and prfOf encPf +and Pf +and isTrue +begin + +text \Recall that "consistent" and "$\omega$-consistent" refer to @{term prv}, not to @{term bprv}.\ + +theorem isTrue_\G: + assumes "consistent" + shows "isTrue \G" +proof- + have "\ n \ num. bprv (neg (PPf n \\G\))" + using not_prv_prv_neg_PPf[OF _ _ goedel_first_theEasyHalf[OF assms]] by auto + hence "\ n \ num. isTrue (neg (PPf n \\G\))" by (auto intro: sound_isTrue) + hence "isTrue (all yy (neg (PPf (Var yy) \\G\)))" by (auto intro: isTrue_all) + moreover have "isTrue (imp (all yy (neg (PPf (Var yy) \\G\))) \G)" + using bprv_eqv_all_not_PPf_imp_\G by (auto intro!: sound_isTrue) + ultimately show ?thesis by (rule isTrue_imp[rotated -2]) auto +qed + +text \The "strong" form of Gödel's First (also asserting the truth of +the Gödel sentences):\ + +theorem goedel_first_strong: +"\consistent \ \ prv \G \ \ prv (neg \G) \ isTrue \G" + using goedel_first isTrue_\G \consistent_implies_consistent by blast + +theorem goedel_first_strong_ex: +"\consistent \ \ \. \ \ fmla \ \ prv \ \ \ prv (neg \) \ isTrue \" + using goedel_first_strong by (intro exI[of _ \G]) blast + +end \ \context @{locale Goedel_Form_Proofs_Minimal_Truth}\ + + +subsection \Second model-theoretic version\ + +locale Goedel_Form_Minimal_Truth_Soundness_HBL1iff_Compl_Pf = +Goedel_Form + var trm fmla Var num + FvarsT substT Fvars subst + eql cnj imp all exi + fls + prv bprv + enc + S + P ++ +Minimal_Truth_Soundness_HBL1iff_Compl_Pf + var trm fmla Var FvarsT substT Fvars subst + eql cnj imp all exi + fls + dsj + num + enc + prv bprv + P + isTrue + Pf +for +var :: "'var set" and trm :: "'trm set" and fmla :: "'fmla set" +and Var FvarsT substT Fvars subst +and eql cnj imp all exi +and fls +and dsj +and num +and prv bprv +and enc ("\_\") +and S +and isTrue +and P +and Pf + + +locale Goedel_Form_Minimal_Truth_Soundness_HBL1iff_Compl_Pf_Compl_NegPf = +Goedel_Form_Minimal_Truth_Soundness_HBL1iff_Compl_Pf + var trm fmla Var FvarsT substT Fvars subst + eql cnj imp all exi + fls + dsj + num + prv bprv + enc + S + isTrue + P + Pf ++ +Minimal_Truth_Soundness_HBL1iff_Compl_Pf_Compl_NegPf + var trm fmla Var FvarsT substT Fvars subst + eql cnj imp all exi + fls + dsj + num + enc + prv bprv + P + isTrue + Pf +for +var :: "'var set" and trm :: "'trm set" and fmla :: "'fmla set" +and Var FvarsT substT Fvars subst +and eql cnj imp all exi +and fls +and dsj +and num +and prv bprv +and enc ("\_\") +and S +and isTrue +and P +and Pf ++ +assumes prv_\consistent: "\consistent" + +(* Semantic Goedel's first, Goedel-style, second variant +... established as a sublocale statement *) +sublocale + Goedel_Form_Minimal_Truth_Soundness_HBL1iff_Compl_Pf_Compl_NegPf < + recover_proofs: Goedel_Form_Proofs_Minimal_Truth + where prfOf = prfOf and "proof" = "proof" and encPf = encPf + and prv = prv and bprv = bprv + by standard + +(* ... and here is the explicit statement, inside the locale that +provides all the assumptions *) +context Goedel_Form_Minimal_Truth_Soundness_HBL1iff_Compl_Pf_Compl_NegPf begin +thm recover_proofs.goedel_first_strong + +end + + +section \Classical-Logic Versions of Gödel's First\ + + +subsection \First classical-logic version\ + +locale Goedel_Form_Classical_HBL1_rev_prv = +Goedel_Form + var trm fmla Var num FvarsT substT Fvars subst + eql cnj imp all exi + fls + prv bprv + enc + S + P +for +var :: "'var set" and trm :: "'trm set" and fmla :: "'fmla set" +and Var num FvarsT substT Fvars subst +and eql cnj imp all exi +and fls +and prv bprv +and enc ("\_\") +and S +and P ++ +assumes +\ \NB: we don't really need to assume classical reasoning (double negation) +for all formulas, but only for the provability predicate:\ +classical_P_prv: "\ \. \ \ fmla \ Fvars \ = {} \ let PP = (\t. subst P t xx) in + prv (neg (neg (PP \\\))) \ prv (PP \\\)" +and +HBL1_rev_prv: "\ \. \ \ fmla \ Fvars \ = {} \ prv (PP \\\) \ prv \" +begin + +lemma HBL1_rev: + assumes f: "\ \ fmla" and fv: "Fvars \ = {}" and bp: "bprv (PP \\\)" + shows "prv \" + using assms by (auto intro!: HBL1_rev_prv bprv_prv[OF _ _ bp]) + +lemma classical_PP_prv: "\ \ fmla \ Fvars \ = {} \ prv (neg (neg (PP \\\))) \ prv (PP \\\)" + using classical_P_prv unfolding PP_def by auto + +lemma HBL1_iff: "\ \ fmla \ Fvars \ = {} \ bprv (PP \\\) \ prv \" + using HBL1 HBL1_rev unfolding PP_def by auto + +lemma HBL1_iff_prv: "\ \ fmla \ Fvars \ = {} \ prv (PP \\\) \ prv \" + by (meson HBL1_PP HBL1_rev_prv PP d_dwf.bprv_prv' enc in_num) + +lemma goedel_first_theHardHalf_pos: +assumes "prv (neg \G)" shows "prv fls" +proof- + have "prv (neg (neg (PP \\G\)))" + using assms neg_def prv_\G_eqv prv_eqv_imp_transi_rev by fastforce + hence "prv (PP \\G\)" using classical_PP_prv by auto + hence "prv \G" using Fvars_\G HBL1_rev_prv by blast + thus ?thesis using assms prv_neg_fls by blast +qed + +corollary goedel_first_theHardHalf: +"consistent \ \ prv (neg \G)" + using goedel_first_theHardHalf_pos unfolding consistent_def by auto + +theorem goedel_first_classic: +assumes "consistent" +shows "\ prv \G \ \ prv (neg \G)" + using assms goedel_first_theEasyHalf goedel_first_theHardHalf by blast + +theorem goedel_first_classic_ex: +assumes "consistent" +shows "\ \. \ \ fmla \ \ prv \ \ \ prv (neg \)" + using assms goedel_first_classic by (intro exI[of _ \G]) blast + +end \ \context @{locale Goedel_Form_Classical_HBL1_rev_prv}\ + + +subsection \Second classical-logic version\ + +locale Goedel_Form_Classical_HBL1_rev_prv_Minimal_Truth_Soundness_TIP = +Goedel_Form_Classical_HBL1_rev_prv + var trm fmla Var num FvarsT substT Fvars subst + eql cnj imp all exi + fls + prv bprv + enc + S + P ++ +Minimal_Truth_Soundness + var trm fmla Var FvarsT substT Fvars subst + eql cnj imp all exi + fls + dsj + num + bprv + isTrue +for +var :: "'var set" and trm :: "'trm set" and fmla :: "'fmla set" +and Var num FvarsT substT Fvars subst +and eql cnj dsj imp all exi +and fls +and prv bprv +and enc ("\_\") +and S +and P +and isTrue ++ +assumes +\\Truth of @{term \} implies provability (TIP) of (the internal representation of) @{term \}\ +TIP: "\ \. \ \ fmla \ Fvars \ = {} \ + let PP = (\t. subst P t xx) in + isTrue (PP \\\) \ prv \" +begin + +lemma TIP_PP: "\ \ fmla \ Fvars \ = {} \ isTrue (PP \\\) \ prv \" + using TIP unfolding PP_def by auto + +theorem isTrue_\G: + assumes consistent + shows "isTrue \G" +proof- + {assume "\ isTrue \G" + hence 1: "isTrue (neg \G)" using isTrue_neg by fastforce + have "bprv (imp (neg \G) (neg (neg (PP \\G\))))" + by (auto simp add: bprv_\G_eqv B.prv_imp_eqvER B.prv_imp_neg_rev) + from prv_imp_implies_isTrue[OF _ _ _ _ this 1, simplified] + have "isTrue (neg (neg (PP \\G\)))" . + from isTrue_neg_neg[OF _ _ this, simplified] have "isTrue (PP \\G\)" . + hence "prv \G" using assms TIP_PP by auto + hence False using goedel_first_classic assms by auto + } + thus ?thesis by auto +qed + +theorem goedel_first_classic_strong: "consistent \ \ prv \G \ \ prv (neg \G) \ isTrue \G" + using goedel_first_classic isTrue_\G by simp + +theorem goedel_first_classic_strong_ex: +"consistent \ \ \. \ \ fmla \ \ prv \ \ \ prv (neg \) \ isTrue \" + using goedel_first_classic_strong by (intro exI[of _ \G]) blast + +end \ \context @{locale Goedel_Form_Classical_HBL1_rev_prv_Minimal_Truth_Soundness_TIP}\ + + +subsection \Third classical-logic version\ + +locale Goedel_Form_Minimal_Truth_Soundness_HBL1iff_prv_Compl_Pf_Classical = +Goedel_Form + var trm fmla Var num FvarsT substT Fvars subst + eql cnj imp all exi + fls + prv bprv + enc + S + P ++ +Minimal_Truth_Soundness_HBL1iff_prv_Compl_Pf_Classical + var trm fmla Var FvarsT substT Fvars subst + eql cnj imp all exi + fls + dsj + num + enc + prv bprv + P + isTrue + Pf +for +var :: "'var set" and trm :: "'trm set" and fmla :: "'fmla set" +and Var FvarsT substT Fvars subst +and eql cnj imp all exi +and fls +and dsj +and num +and prv bprv +and enc ("\_\") +and S +and isTrue +and P +and Pf + + +sublocale Goedel_Form_Minimal_Truth_Soundness_HBL1iff_prv_Compl_Pf_Classical < + recover_proofs: Goedel_Form_Classical_HBL1_rev_prv_Minimal_Truth_Soundness_TIP where prv = prv and bprv = bprv +proof (standard, goal_cases classical rev_rpv TIPf) + case (classical \) + then show ?case using HBL1_iff classical_P by (simp add: mts_prv_mts.PP_deff) +next + case (rev_rpv \) + then show ?case using HBL1_iff_prv PP_def by simp +next + case (TIPf \) + then show ?case using classical_P by (simp add: SS_def PP_def mts_prv_mts.TIP) +qed + +context Goedel_Form_Minimal_Truth_Soundness_HBL1iff_prv_Compl_Pf_Classical begin +thm recover_proofs.goedel_first_classic_strong +end \\context @{locale Goedel_Form_Minimal_Truth_Soundness_HBL1iff_prv_Compl_Pf_Classical}\ + +(*<*) +end +(*>*) diff --git a/thys/Goedel_Incompleteness/Abstract_First_Goedel_Rosser.thy b/thys/Goedel_Incompleteness/Abstract_First_Goedel_Rosser.thy new file mode 100644 --- /dev/null +++ b/thys/Goedel_Incompleteness/Abstract_First_Goedel_Rosser.thy @@ -0,0 +1,348 @@ +chapter \Abstract Formulations of Gödel-Rosser's First Incompleteness Theorem\ + +(*<*) +theory Abstract_First_Goedel_Rosser + imports Rosser_Formula Standard_Model_More +begin +(*>*) + +text \The development here is very similar to that of Gödel First Incompleteness Theorem. +It lacks classical logical variants, since for them Rosser's trick does bring +any extra value.\ + +section \Proof-Theoretic Versions\ + +context Rosser_Form_Proofs +begin + +lemma NN_neg_unique_xx': + assumes [simp]:"\ \ fmla" "Fvars \ = {}" + shows + "bprv (imp (NN \\\ (Var xx')) + (eql \neg \\ (Var xx')))" + using B.prv_subst[of yy _ "Var xx'", OF _ _ _ NN_neg_unique[OF assms]] by fastforce + +lemma NN_imp_xx': + assumes [simp]: "\ \ fmla" "Fvars \ = {}" "\ \ fmla" + shows "bprv (imp (subst \ \neg \\ xx') + (all xx' (imp (NN \\\ (Var xx')) \)))" +proof- + have 2: "bprv (imp (eql \neg \\ (Var xx')) (imp (subst \ \neg \\ xx') \))" + using B.prv_eql_subst_trm[of xx' \ "\neg \\" "Var xx'", simplified] . + have 1: "bprv (imp (subst \ \neg \\ xx') (imp (eql \neg \\ (Var xx')) \))" + by (simp add: "2" B.prv_imp_com) + have 0: "bprv (imp (subst \ \neg \\ xx') (imp (NN \\\ (Var xx')) \))" + using 1 + by (elim B.prv_prv_imp_trans[rotated 3]) + (auto simp add: B.prv_imp_com B.prv_imp_monoR NN_neg_unique_xx') + show ?thesis by (rule B.prv_all_imp_gen) (auto simp: 0) +qed + +lemma goedel_rosser_first_theEasyHalf: + assumes c: "consistent" + shows "\ prv \R" +proof + assume 0: "prv \R" + then obtain "prf" where [simp]: "prf \ proof" and "prfOf prf \R" using prv_prfOf by auto + hence 00: "bprv (PPf (encPf prf) \\R\)" using prfOf_PPf by auto + from dwf_dwfd.d_dwf.bprv_prv'[OF _ 00, simplified] have b00: "prv (PPf (encPf prf) \\R\)" . + have "\ prv (neg \R)" using 0 c unfolding consistent_def3 by auto + hence "\ prf \ proof. \ prfOf prf (neg \R)" using 00 prv_prfOf by auto + hence "bprv (neg (PPf p \neg \R\))" if "p \ num" for p using not_prfOf_PPf Clean_PPf_encPf that + by (cases "p \ encPf ` proof") auto + hence 1: "prv (all zz (imp (LLq (Var zz) (encPf prf)) (neg (PPf (Var zz) \neg \R\))))" + (* here use locale assumption about the order-like relation: *) + by (intro LLq_num) auto + have 11: "prv (RR (encPf prf) \\R\)" + using NN_imp_xx'[of \R "neg (PPf (Var zz) (Var xx'))", simplified] + by (auto simp add: RR_def2 R_def + intro!: prv_all_congW[OF _ _ _ _ 1] prv_imp_monoL[OF _ _ _ dwf_dwfd.d_dwf.bprv_prv']) + have 3: "prv (cnj (PPf (encPf prf) \\R\) (RR (encPf prf) \\R\))" + by (rule prv_cnjI[OF _ _ b00 11]) auto + have "prv ((PP' \\R\))" unfolding PP'_def P'_def + using 3 by (auto intro: prv_exiI[of _ _ "encPf prf"]) + moreover have "prv (neg (PP' \\R\))" + using prv_eqv_prv[OF _ _ 0 prv_\R_eqv] by auto + ultimately show False using c unfolding consistent_def3 by auto +qed + +lemma goedel_rosser_first_theHardHalf: + assumes c: "consistent" + shows "\ prv (neg \R)" +proof + assume 0: "prv (neg \R)" + then obtain "prf" where [simp,intro!]: "prf \ proof" and pr: "prfOf prf (neg \R)" using prv_prfOf by auto + define p where p: "p = encPf prf" + have [simp,intro!]: "p \ num" unfolding p by auto + have 11: "bprv (PPf p \neg \R\)" using pr prfOf_PPf unfolding p by auto + have 1: "bprv (NN \\R\ \neg \R\)" using NN_neg by simp + + have "\ prv \R" using 0 c unfolding consistent_def3 by auto + from not_prv_prv_neg_PPf[OF _ _ this] + have b2: "\ r \ num. bprv (neg (PPf r \\R\))" by auto + hence 2: "\ r \ num. prv (neg (PPf r \\R\))" + by (auto intro: dwf_dwfd.d_dwf.bprv_prv') + + obtain P where P[simp,intro!]: "P \num" "finite P" + and 3: "prv (dsj (sdsj {eql (Var yy) r |r. r \ P}) (LLq p (Var yy)))" + (* here use the other locale assumption about the order-like relation: *) + using LLq_num2 by auto + + have "prv (imp (cnj (PPf (Var yy) \\R\) (RR (Var yy) \\R\)) fls)" + proof(rule prv_dsj_cases[OF _ _ _ 3]) + {fix r assume r: "r \ P" hence rn[simp]: "r \ num" using P(1) by blast + have "prv (imp (cnj (PPf r \\R\) (RR r \\R\)) fls)" + using 2 unfolding neg_def + by (metis FvarsT_num PPf RR rn \R all_not_in_conv cnj enc fls imp in_num prv_imp_cnj3L prv_imp_mp) + hence "prv (imp (eql (Var yy) r) + (imp (cnj (PPf (Var yy) \\R\) (RR (Var yy) \\R\)) fls))" + using prv_eql_subst_trm_id[of yy "cnj (PPf (Var yy) \\R\) (RR (Var yy) \\R\)" r,simplified] + unfolding neg_def[symmetric] + by (intro prv_neg_imp_imp_trans) auto + } + thus "prv (imp (sdsj {eql (Var yy) r |r. r \ P}) + (imp (cnj (PPf (Var yy) \\R\) (RR (Var yy) \\R\)) fls))" + using Var P(1) eql by (intro prv_sdsj_imp) (auto 0 0 simp: set_rev_mp) + next + let ?\ = "all xx' (imp (NN \\R\ (Var xx')) (neg (PPf p (Var xx'))))" + have "bprv (neg ?\)" + using 1 11 by (intro B.prv_imp_neg_allWI[where t = "\neg \R\"]) (auto intro: B.prv_prv_neg_imp_neg) + hence "prv (neg ?\)" by (auto intro: dwf_dwfd.d_dwf.bprv_prv') + hence 00: "prv (imp (LLq p (Var yy)) + (imp (imp (LLq p (Var yy)) ?\) fls))" + unfolding neg_def[symmetric] by (intro prv_imp_neg_imp_neg_imp) auto + have "prv (imp (LLq p (Var yy)) + (imp (RR (Var yy) \\R\) fls))" + unfolding neg_def[symmetric] using 00[folded neg_def] + by (auto simp add: RR_def2 R_def intro!: prv_imp_neg_allI[where t = p]) + thus "prv (imp (LLq p (Var yy)) + (imp (cnj (PPf (Var yy) \\R\) (RR (Var yy) \\R\)) fls))" + unfolding neg_def[symmetric] by (intro prv_imp_neg_imp_cnjR) auto + qed(auto, insert Var P(1) eql, simp_all add: set_rev_mp) + hence "prv (neg (exi yy (cnj (PPf (Var yy) \\R\) (RR (Var yy) \\R\))))" + unfolding neg_def[symmetric] by (intro prv_neg_neg_exi) auto + hence "prv (neg (PP' \\R\))" unfolding PP'_def P'_def by simp + hence "prv \R" using prv_\R_eqv by (meson PP' \R enc in_num neg prv_eqv_prv_rev) + with `\ prv \R` show False using c unfolding consistent_def3 by auto +qed + +theorem goedel_rosser_first: + assumes "consistent" + shows "\ prv \R \ \ prv (neg \R)" + using assms goedel_rosser_first_theEasyHalf goedel_rosser_first_theHardHalf by blast + +theorem goedel_rosser_first_ex: + assumes "consistent" + shows "\ \. \ \ fmla \ \ prv \ \ \ prv (neg \)" + using assms goedel_rosser_first by (intro exI[of _ \R]) blast + +end \ \context @{locale Rosser_Form}\ + + +section \Model-Theoretic Versions\ + +subsection \First model-theoretic version\ + +locale Rosser_Form_Proofs_Minimal_Truth = +Rosser_Form_Proofs + var trm fmla Var FvarsT substT Fvars subst + num + eql cnj imp all exi + fls + prv bprv + Lq + dsj + "proof" prfOf + enc + N S + encPf + Pf ++ +Minimal_Truth_Soundness + var trm fmla Var FvarsT substT Fvars subst + eql cnj imp all exi + fls + dsj + num + bprv + isTrue +for +var :: "'var set" and trm :: "'trm set" and fmla :: "'fmla set" +and Var FvarsT substT Fvars subst +and eql cnj imp all exi +and fls +and dsj +and num +and Lq +and prv bprv +and enc ("\_\") +and N S P +and "proof" :: "'proof set" and prfOf encPf +and Pf +and isTrue +begin + +lemma Fvars_PP'[simp]: "Fvars (PP' \\R\) = {}" unfolding PP'_def + by (subst Fvars_subst) auto + +lemma Fvars_RR'[simp]: "Fvars (RR (Var yy) \\R\) = {yy}" + unfolding RR_def + by (subst Fvars_psubst) (fastforce intro!: exI[of _ "{yy}"])+ + +lemma isTrue_PPf_implies_\R: +assumes "isTrue (all yy (neg (PPf (Var yy) \\R\)))" +(is "isTrue ?H") +shows "isTrue \R" +proof- + define F where "F \ RR (Var yy) \\R\" + have [simp]: "F \ fmla" "Fvars F = {yy}" + unfolding F_def by auto + have [simp]: "exi yy (PPf (Var yy) \\R\) \ fmla" + unfolding PPf_def by auto + + have 1: "bprv + (imp (all yy (neg (PPf (Var yy) \\R\))) + (neg (exi yy (PPf (Var yy) \\R\))))" + (is "bprv (imp (all yy (neg ?G)) (neg (exi yy ?G)))") + using B.prv_all_neg_imp_neg_exi[of yy ?G] by auto + have 2: "bprv (imp (neg (exi yy ?G)) (neg (exi yy (cnj ?G F))))" + by (auto intro!: B.prv_imp_neg_rev B.prv_exi_cong B.prv_imp_cnjL) + have "bprv (imp (all yy (neg ?G)) (neg (exi yy (cnj ?G F))))" + using B.prv_prv_imp_trans[OF _ _ _ 1 2] by simp + hence "bprv (imp ?H (neg (PP' \\R\)))" + unfolding PP'_def P'_def + by (simp add: F_def) + from B.prv_prv_imp_trans[OF _ _ _ this bprv_imp_\R] + have "bprv (imp ?H \R)" by auto + from prv_imp_implies_isTrue[OF _ _ _ _ this assms, simplified] + show ?thesis . +qed + +theorem isTrue_\R: + assumes "consistent" + shows "isTrue \R" +proof- + have "\ n \ num. bprv (neg (PPf n \\R\))" + using not_prv_prv_neg_PPf[OF _ _ goedel_rosser_first_theEasyHalf[OF assms]] + by auto + hence "\ n \ num. isTrue (neg (PPf n \\R\))" by (auto intro: sound_isTrue) + hence "isTrue (all yy (neg (PPf (Var yy) \\R\)))" by (auto intro: isTrue_all) + thus ?thesis using isTrue_PPf_implies_\R by auto +qed + + +theorem goedel_rosser_first_strong: "consistent \ \ prv \R \ \ prv (neg \R) \ isTrue \R" + using isTrue_\R goedel_rosser_first by blast + +theorem goedel_rosser_first_strong_ex: +"consistent \ \ \. \ \ fmla \ \ prv \ \ \ prv (neg \) \ isTrue \" + using goedel_rosser_first_strong by (intro exI[of _ \R]) blast + +end \ \context @{locale Rosser_Form_Proofs_Minimal_Truth}\ + + +subsection \Second model-theoretic version\ + +context Rosser_Form +begin +print_context +end + +locale Rosser_Form_Minimal_Truth_Soundness_HBL1iff_Compl_Pf = +Rosser_Form + var trm fmla Var + FvarsT substT Fvars subst + num + eql cnj imp all exi + fls + prv bprv + Lq + dsj + enc + N + S + P ++ +Minimal_Truth_Soundness_HBL1iff_Compl_Pf + var trm fmla Var FvarsT substT Fvars subst + eql cnj imp all exi + fls + dsj + num + enc + prv bprv + P + isTrue + Pf +for +var :: "'var set" and trm :: "'trm set" and fmla :: "'fmla set" +and Var FvarsT substT Fvars subst +and eql cnj imp all exi +and fls +and dsj +and num +and prv bprv +and Lq +and enc ("\_\") +and N S +and isTrue +and P Pf + + + +locale Rosser_Form_Minimal_Truth_Soundness_HBL1iff_Compl_Pf_Compl_NegPf = +Rosser_Form_Minimal_Truth_Soundness_HBL1iff_Compl_Pf + var trm fmla Var FvarsT substT Fvars subst + eql cnj imp all exi + fls + dsj + num + prv bprv + Lq + enc + N S + isTrue + P + Pf ++ +M : Minimal_Truth_Soundness_HBL1iff_Compl_Pf_Compl_NegPf + var trm fmla Var FvarsT substT Fvars subst + eql cnj imp all exi + fls + dsj + num + enc + prv bprv + N + isTrue + Pf +for +var :: "'var set" and trm :: "'trm set" and fmla :: "'fmla set" +and Var FvarsT substT Fvars subst +and eql cnj imp all exi +and fls +and dsj +and num +and prv bprv +and Lq +and enc ("\_\") +and N S P +and isTrue +and Pf + +sublocale + Rosser_Form_Minimal_Truth_Soundness_HBL1iff_Compl_Pf_Compl_NegPf < + recover_proofs: Rosser_Form_Proofs_Minimal_Truth + where prfOf = prfOf and "proof" = "proof" and encPf = encPf + and prv = prv and bprv = bprv + by standard + +context Rosser_Form_Minimal_Truth_Soundness_HBL1iff_Compl_Pf_Compl_NegPf +begin +thm recover_proofs.goedel_rosser_first_strong +end + +(*<*) +end +(*>*) + diff --git a/thys/Goedel_Incompleteness/Abstract_Jeroslow_Encoding.thy b/thys/Goedel_Incompleteness/Abstract_Jeroslow_Encoding.thy new file mode 100644 --- /dev/null +++ b/thys/Goedel_Incompleteness/Abstract_Jeroslow_Encoding.thy @@ -0,0 +1,165 @@ +chapter \Jeroslow's Variant of G\"odel's Second Incompleteness Theorem\ + +(*<*) +theory Abstract_Jeroslow_Encoding imports +"Syntax_Independent_Logic.Deduction" +begin +(*>*) + +section \Encodings and Derivability\ + +text \Here we formalize some of the assumptions of Jeroslow's theorem: +encoding, term-encoding and the First Derivability Condition.\ + + +subsection \Encoding of formulas\ + +locale Encode = +Syntax_with_Numerals + var trm fmla Var FvarsT substT Fvars subst + num +for +var :: "'var set" and trm :: "'trm set" and fmla :: "'fmla set" +and Var FvarsT substT Fvars subst +and num ++ +fixes +(*************************************) +(* Numeric formulas are assumed to be encoded as numerals: *) +enc :: "'fmla \ 'trm" ("\_\") +assumes +enc[simp,intro!]: "\ \. \ \ fmla \ enc \ \ num" +begin + +end \ \context @{locale Encode}\ + + +subsection \Encoding of computable functions\ + +text \Jeroslow assumes the encodability of an abstract (unspecified) class of +computable functions and the assumption that a particular function, @{term "sub \"} for each formula +@{term \}, is in this collection. This is used to prove a different flavor of the diagonalization +lemma (Jeroslow 1973). It turns out that only an encoding of unary computable functions +is needed, so we only assume that.\ + +locale Encode_UComput = +Encode + var trm fmla Var FvarsT substT Fvars subst + num + enc +for +var :: "'var set" and trm :: "'trm set" and fmla :: "'fmla set" +and Var FvarsT substT Fvars subst +and num +and enc ("\_\") ++ +\ \Abstract (unspeficied) notion of unary "computable" function +between numerals, which are encoded as numerals. They +contain a special substitution-like function @{term "sub \"} for each formula @{term "\"}.\ +fixes ucfunc :: "('trm \ 'trm) set" + and encF :: "('trm \ 'trm) \ 'trm" + and sub :: "'fmla \ 'trm \ 'trm" +assumes +\ \NB: Due to the limitations of the type system, we define @{term "ufunc"} as a set of functions +between terms, but we only care about their actions on numerals ... +so we assume they send numerals to numerals:\ +ucfunc[simp,intro!]: "\ f n. f \ ucfunc \ n \ num \ f n \ num" +and +encF[simp,intro!]: "\ f. f \ ucfunc \ encF f \ num" +and +sub[simp]: "\\. \ \ fmla \ sub \ \ ucfunc" +and +\ \The function @{term "sub \"} takes any encoding of a function @{term "f"} and returns the encoding of +the formula obtained by substituting for @{term "xx"} the value of @{term "f"} applied to its own encoding:\ +sub_enc: +"\ \ f. \ \ fmla \ Fvars \ = {xx} \ f \ ucfunc \ + sub \ (encF f) = enc (inst \ (f (encF f)))" + + +subsection \Term-encoding of computable functons\ + +text \For handling the notion of term-representation (which we introduce later), +we assume we are given a set @{term "Ops"} of term operators and their encodings as numerals. +We additionally assume that the term operators behave well w.r.t. free variables and +substitution.\ + +locale TermEncode = +Syntax_with_Numerals + var trm fmla Var FvarsT substT Fvars subst + num +for +var :: "'var set" and trm :: "'trm set" and fmla :: "'fmla set" +and Var FvarsT substT Fvars subst +and num ++ +fixes +Ops :: "('trm \ 'trm) set" +and +enc :: "('trm \ 'trm) \ 'trm" ("\_\") +assumes +Ops[simp,intro!]: "\f t. f \ Ops \ t \ trm \ f t \ trm" +and +enc[simp,intro!]: "\ f. f \ Ops \ enc f \ num" +and +Ops_FvarsT[simp]: "\ f t. f \ Ops \ t \ trm \ FvarsT (f t) = FvarsT t" +and +Ops_substT[simp]: "\ f t. f \ Ops \ t \ trm \ t1 \ trm \ x \ var \ + substT (f t) t1 x = f (substT t t1 x)" +begin + +end \ \context @{locale TermEncode}\ + + +subsection \The first Hilbert-Bernays-Löb derivability condition\ + +locale HBL1 = +Encode + var trm fmla Var FvarsT substT Fvars subst + num + enc ++ +Deduct + var trm fmla Var FvarsT substT Fvars subst + num + eql cnj imp all exi + prv +for +var :: "'var set" and trm :: "'trm set" and fmla :: "'fmla set" +and Var FvarsT substT Fvars subst +and num +and eql cnj imp all exi +and prv bprv +and enc ("\_\") ++ +fixes P :: 'fmla +assumes +P[intro!,simp]: "P \ fmla" +and +Fvars_P[simp]: "Fvars P = {xx}" +and +HBL1: "\\. \ \ fmla \ Fvars \ = {} \ prv \ \ prv (subst P \\\ xx)" +begin + +text \Predicate version of the provability formula\ +definition PP where "PP \ \t. subst P t xx" + +lemma PP[simp]: "\t. t \ trm \ PP t \ fmla" + unfolding PP_def by auto + +lemma Fvars_PP[simp]: "\t. t \ trm \ Fvars (PP t) = FvarsT t" + unfolding PP_def by auto + +lemma [simp]: +"n \ num \ subst (PP (Var yy)) n yy = PP n" +"n \ num \ subst (PP (Var xx)) n xx = PP n" + unfolding PP_def by auto + +lemma HBL1_PP: +"\ \ fmla \ Fvars \ = {} \ prv \ \ prv (PP \\\)" + using HBL1 unfolding PP_def by auto + +end \ \context @{locale HBL1}\ + +(*<*) +end +(*>*) \ No newline at end of file diff --git a/thys/Goedel_Incompleteness/Abstract_Representability.thy b/thys/Goedel_Incompleteness/Abstract_Representability.thy new file mode 100644 --- /dev/null +++ b/thys/Goedel_Incompleteness/Abstract_Representability.thy @@ -0,0 +1,458 @@ +chapter \Representability Assumptions\ + +(*<*) +theory Abstract_Representability imports Abstract_Encoding +begin +(*>*) + +text \Here we make assumptions about various functions or relations being +representable.\ + + +section \Representability of Negation\ + +text \The negation function neg is assumed to be representable by a +two-variable formula N.\ + +locale Repr_Neg = +Deduct2_with_False + var trm fmla Var FvarsT substT Fvars subst + eql cnj imp all exi + fls + num + prv bprv ++ +Encode + var trm fmla Var FvarsT substT Fvars subst + num + enc +for +var :: "'var set" and trm :: "'trm set" and fmla :: "'fmla set" +and Var FvarsT substT Fvars subst +and eql cnj imp all exi +and fls +and num +and prv bprv +and enc ("\_\") ++ +fixes N :: 'fmla +assumes +N[simp,intro!]: "N \ fmla" +and +Fvars_N[simp]: "Fvars N = {xx,yy}" +and +neg_implies_prv_N: +"\ \. + let NN = (\ t1 t2. psubst N [(t1,xx), (t2,yy)]) in + \ \ fmla \ Fvars \ = {} \ bprv (NN \\\ \neg \\)" +and +N_unique: +"\ \. + let NN = (\ t1 t2. psubst N [(t1,xx), (t2,yy)]) in + \ \ fmla \ Fvars \ = {} \ + bprv (all yy (all yy' + (imp (cnj (NN \\\ (Var yy)) (NN \\\ (Var yy'))) + (eql (Var yy) (Var yy')))))" +begin + +text \NN is a notation for the predicate that takes terms and returns corresponding instances +of N, obtained by substituting its free variables with these terms. This is very convenient +for reasoning, and will be done for all the representing formulas we will consider.\ + +definition NN where "NN \ \ t1 t2. psubst N [(t1,xx), (t2,yy)]" + +lemma NN_def2: "t1 \ trm \ t2 \ trm \ yy \ FvarsT t1 \ + NN t1 t2 = subst (subst N t1 xx) t2 yy" + unfolding NN_def by (rule psubst_eq_rawpsubst2[simplified]) auto + +lemma NN_neg: +"\ \ fmla \ Fvars \ = {} \ bprv (NN \\\ \neg \\)" + using neg_implies_prv_N unfolding Let_def NN_def by meson + +lemma NN_unique: + assumes "\ \ fmla" "Fvars \ = {}" + shows "bprv (all yy (all yy' + (imp (cnj (NN \\\ (Var yy)) (NN \\\ (Var yy'))) + (eql (Var yy) (Var yy')))))" + using assms N_unique unfolding Let_def NN_def by meson + +lemma NN[simp,intro]: +"t1 \ trm \ t2 \ trm \ NN t1 t2 \ fmla" +unfolding NN_def by auto + +lemma Fvars_NN[simp]: "t1 \ trm \ t2 \ trm \ yy \ FvarsT t1 \ +Fvars (NN t1 t2) = FvarsT t1 \ FvarsT t2" +by (auto simp add: NN_def2 subst2_fresh_switch) + +(* Here and elsewhere: hard to make into one or two uniform statements, +given that we don't assume sufficiently powerful properties for trm substitution. +So such lists would need to be maintained on an ad hoc basis, keeping adding instances +when needed. *) +lemma [simp]: +"m \ num \ n \ num \ subst (NN m (Var yy)) n yy = NN m n" +"m \ num \ n \ num \ subst (NN m (Var yy')) n yy = NN m (Var yy')" +"m \ num \ subst (NN m (Var yy')) (Var yy) yy' = NN m (Var yy)" +"n \ num \ subst (NN (Var xx) (Var yy)) n xx = NN n (Var yy)" +"n \ num \ subst (NN (Var xx) (Var xx')) n xx = NN n (Var xx')" +"m \ num \ n \ num \ subst (NN m (Var xx')) n zz = NN m (Var xx')" +"n \ num \ subst (NN n (Var yy)) (Var xx') yy = NN n (Var xx')" +"m \ num \ n \ num \ subst (NN m (Var xx')) n xx' = NN m n" + by (auto simp add: NN_def2 subst2_fresh_switch) + +lemma NN_unique2: +assumes [simp]:"\ \ fmla" "Fvars \ = {}" +shows +"bprv (all yy + (imp (NN \\\ (Var yy)) + (eql \neg \\ (Var yy))))" +proof- + have 1: "bprv (NN \\\ \neg \\)" + using NN_neg[OF assms] . + have 2: "bprv (all yy' ( + imp (cnj (NN \\\ \neg \\) + (NN \\\ (Var yy'))) + (eql \neg \\ (Var yy'))))" + using B.prv_allE[of yy, OF _ _ _ NN_unique, of "\" "\neg \\"] + by fastforce + have 31: "bprv (all yy' ( + imp (NN \\\ \neg \\) + (imp (NN \\\ (Var yy')) + (eql \neg \\ (Var yy')))))" + using B.prv_all_imp_cnj_rev[OF _ _ _ _ 2] by simp + have 32: "bprv (imp (NN \\\ \neg \\) + (all yy' (imp (NN \\\ (Var yy')) + (eql \neg \\ (Var yy')))))" + by (rule B.prv_all_imp[OF _ _ _ _ 31]) (auto simp: NN_def2) + have 33: "bprv (all yy' (imp (NN \\\ (Var yy')) + (eql \neg \\ (Var yy'))))" + by (rule B.prv_imp_mp [OF _ _ 32 1]) auto + thus ?thesis using B.all_subst_rename_prv[OF _ _ _ _ 33, of yy] by simp +qed + +lemma NN_neg_unique: +assumes [simp]:"\ \ fmla" "Fvars \ = {}" +shows +"bprv (imp (NN \\\ (Var yy)) + (eql \neg \\ (Var yy)))" (is "bprv ?A") +proof- + have 0: "bprv (all yy ?A)" + using NN_unique2[of "\"] by simp + show ?thesis by (rule B.allE_id[OF _ _ 0]) auto +qed + +lemma NN_exi_cnj: +assumes \[simp]: "\ \ fmla" "Fvars \ = {}" and \[simp]: "\ \ fmla" +assumes f: "Fvars \ = {yy}" +shows "bprv (eqv (subst \ \neg \\ yy) + (exi yy (cnj \ (NN \\\ (Var yy)))))" +(is "bprv (eqv ?A ?B)") +proof(intro B.prv_eqvI) + have yy: "yy \ var" by simp + let ?N = "NN \\\ (Var yy)" + have "bprv (imp (subst \ \neg \\ yy) ((subst (cnj \ ?N) \neg \\ yy)))" using NN_neg[OF \] + by (simp add: B.prv_imp_cnj B.prv_imp_refl B.prv_imp_triv) + thus "bprv (imp ?A ?B)" + by (elim B.prv_prv_imp_trans[rotated 3], intro B.prv_exi_inst) auto +next + have 00: "bprv (imp (eql \neg \\ (Var yy)) (imp \ (subst \ \neg \\ yy)))" + by (rule B.prv_eql_subst_trm_id_rev) auto + have 11: "bprv (imp (NN \\\ (Var yy)) (imp \ (subst \ \neg \\ yy)))" + using 00 NN_neg_unique[OF \] + using NN num Var Variable \ \ eql imp subst B.prv_prv_imp_trans + by (metis (no_types, lifting) enc in_num neg) + hence "bprv (imp (cnj \ (NN \\\ (Var yy))) (subst \ \neg \\ yy))" + by (simp add: 11 B.prv_cnj_imp_monoR2 B.prv_imp_com) + hence 1: "bprv (all yy (imp (cnj \ (NN \\\ (Var yy))) (subst \ \neg \\ yy)))" + by (simp add: B.prv_all_gen) + have 2: "Fvars (subst \ \neg \\ yy) = {}" using f by simp + show "bprv (imp ?B ?A)" using 1 2 + by (simp add: B.prv_exi_imp) +qed auto + +end \ \context @{locale Repr_Neg}\ + + +section \Representability of Self-Substitution\ + +text \Self-substitution is the function that takes a formula @{term \} +and returns $\phi[\langle\phi\rangle/\mathit{xx}]$ (for the fixed variable @{term xx}). This is all that +will be needed for the diagonalization lemma.\ + +locale Repr_SelfSubst = +Encode + var trm fmla Var FvarsT substT Fvars subst + num + enc ++ +Deduct2 + var trm fmla Var FvarsT substT Fvars subst + num + eql cnj imp all exi + prv bprv +for +var :: "'var set" and trm :: "'trm set" and fmla :: "'fmla set" +and Var FvarsT substT Fvars subst +and num +and eql cnj imp all exi +and prv bprv +and enc ("\_\") ++ +fixes S :: 'fmla +assumes +S[simp,intro!]: "S \ fmla" +and +Fvars_S[simp]: "Fvars S = {xx,yy}" +and +subst_implies_prv_S: +"\ \. + let SS = (\ t1 t2. psubst S [(t1,xx), (t2,yy)]) in + \ \ fmla \ Fvars \ = {xx} \ + bprv (SS \\\ \subst \ \\\ xx\)" +and +S_unique: +"\ \. + let SS = (\ t1 t2. psubst S [(t1,xx), (t2,yy)]) in + \ \ fmla \ Fvars \ = {xx} \ + bprv (all yy (all yy' + (imp (cnj (SS \\\ (Var yy)) (SS \\\ (Var yy'))) + (eql (Var yy) (Var yy')))))" +begin + +text \SS is the instantiation combinator of S:\ +definition SS where "SS \ \ t1 t2. psubst S [(t1,xx), (t2,yy)]" + +lemma SS_def2: "t1 \ trm \ t2 \ trm \ + yy \ FvarsT t1 \ + SS t1 t2 = subst (subst S t1 xx) t2 yy" + unfolding SS_def by (rule psubst_eq_rawpsubst2[simplified]) auto + +lemma subst_implies_prv_SS: +"\ \ fmla \ Fvars \ = {xx} \ bprv (SS \\\ \subst \ \\\ xx\)" +using subst_implies_prv_S unfolding Let_def SS_def by meson + +lemma SS_unique: +"\ \ fmla \ Fvars \ = {xx} \ + bprv (all yy (all yy' + (imp (cnj (SS \\\ (Var yy)) (SS \\\ (Var yy'))) + (eql (Var yy) (Var yy')))))" +using S_unique unfolding Let_def SS_def by meson + +lemma SS[simp,intro]: +"t1 \ trm \ t2 \ trm \ SS t1 t2 \ fmla" +unfolding SS_def by auto + +lemma Fvars_SS[simp]: "t1 \ trm \ t2 \ trm \ yy \ FvarsT t1 \ +Fvars (SS t1 t2) = FvarsT t1 \ FvarsT t2" +by (auto simp add: SS_def2 subst2_fresh_switch) + +lemma [simp]: +"m \ num \ p \ num \ subst (SS m (Var yy)) p yy = SS m p" +"m \ num \ subst (SS m (Var yy')) (Var yy) yy' = SS m (Var yy)" +"m \ num \ p \ num \ subst (SS m (Var yy')) p yy' = SS m p" +"m \ num \ p \ num \ subst (SS m (Var yy')) p yy = SS m (Var yy')" +"m \ num \ subst (SS (Var xx) (Var yy)) m xx = SS m (Var yy)" +by (auto simp add: SS_def2 subst_comp_num Let_def) + +end \ \context @{locale Repr_SelfSubst}\ + + +section \Representability of Self-Soft-Substitution\ + +text \The soft substitution function performs substitution logically instead of +syntactically. In particular, its "self" version sends @{term \} to +@{term "exi xx (cnj (eql (Var xx) (enc \)) \)"}. Representability of self-soft-substitution will be +an alternative assumption in the diagonalization lemma.\ + +locale Repr_SelfSoftSubst = +Encode + var trm fmla Var FvarsT substT Fvars subst + num + enc ++ +Deduct2 + var trm fmla Var FvarsT substT Fvars subst + num + eql cnj imp all exi + prv bprv +for +var :: "'var set" and trm :: "'trm set" and fmla :: "'fmla set" +and Var FvarsT substT Fvars subst +and num +and eql cnj imp all exi +and prv bprv +and enc ("\_\") ++ +fixes S :: 'fmla +assumes +S[simp,intro!]: "S \ fmla" +and +Fvars_S[simp]: "Fvars S = {xx,yy}" +and +softSubst_implies_prv_S: +"\ \. + let SS = (\ t1 t2. psubst S [(t1,xx), (t2,yy)]) in + \ \ fmla \ Fvars \ = {xx} \ + bprv (SS \\\ \softSubst \ \\\ xx\)" +and +S_unique: +"\ \. + let SS = (\ t1 t2. psubst S [(t1,xx), (t2,yy)]) in + \ \ fmla \ Fvars \ = {xx} \ + bprv (all yy (all yy' + (imp (cnj (SS \\\ (Var yy)) (SS \\\ (Var yy'))) + (eql (Var yy) (Var yy')))))" +begin + +text \SS is the instantiation combinator of S:\ +definition SS where "SS \ \ t1 t2. psubst S [(t1,xx), (t2,yy)]" + +lemma SS_def2: "t1 \ trm \ t2 \ trm \ + yy \ FvarsT t1 \ + SS t1 t2 = subst (subst S t1 xx) t2 yy" + unfolding SS_def by (rule psubst_eq_rawpsubst2[simplified]) auto + +lemma softSubst_implies_prv_SS: +"\ \ fmla \ Fvars \ = {xx} \ bprv (SS \\\ \softSubst \ \\\ xx\)" +using softSubst_implies_prv_S unfolding Let_def SS_def by meson + +lemma SS_unique: +"\ \ fmla \ Fvars \ = {xx} \ + bprv (all yy (all yy' + (imp (cnj (SS \\\ (Var yy)) (SS \\\ (Var yy'))) + (eql (Var yy) (Var yy')))))" +using S_unique unfolding Let_def SS_def by meson + +lemma SS[simp,intro]: +"t1 \ trm \ t2 \ trm \ SS t1 t2 \ fmla" +unfolding SS_def by auto + +lemma Fvars_SS[simp]: "t1 \ trm \ t2 \ trm \ yy \ FvarsT t1 \ +Fvars (SS t1 t2) = FvarsT t1 \ FvarsT t2" +by (auto simp add: SS_def2 subst2_fresh_switch) + +lemma [simp]: +"m \ num \ p \ num \ subst (SS m (Var yy)) p yy = SS m p" +"m \ num \ subst (SS m (Var yy')) (Var yy) yy' = SS m (Var yy)" +"m \ num \ p \ num \ subst (SS m (Var yy')) p yy' = SS m p" +"m \ num \ p \ num \ subst (SS m (Var yy')) p yy = SS m (Var yy')" +"m \ num \ subst (SS (Var xx) (Var yy)) m xx = SS m (Var yy)" +by (auto simp add: SS_def2 subst_comp_num Let_def) + +end \ \context @{locale Repr_SelfSoftSubst}\ + + +section \Clean Representability of the "Proof-of" Relation\ + + +text\For the proof-of relation, we must assume a stronger version of +representability, namely clean representability on the first argument, which +is dedicated to encoding the proof component. The property asks that the +representation predicate is provably false on numerals that do not encode +proofs; it would hold trivially for surjective proof encodings. + +Cleanness is not a standard concept in the literature -- we have +introduced it in our CADE 2019 paper~\cite{DBLP:conf/cade/0001T19}.\ + +locale CleanRepr_Proofs = +Encode_Proofs + var trm fmla Var FvarsT substT Fvars subst + num + eql cnj imp all exi + prv bprv + enc + fls + dsj + "proof" prfOf + encPf +for +var :: "'var set" and trm :: "'trm set" and fmla :: "'fmla set" +and Var FvarsT substT Fvars subst +and num +and eql cnj imp all exi +and prv bprv +and enc ("\_\") +and fls dsj +and "proof" :: "'proof set" and prfOf +and encPf ++ +fixes Pf :: 'fmla +assumes +Pf[simp,intro!]: "Pf \ fmla" +and +Fvars_Pf[simp]: "Fvars Pf = {yy,xx}" +and +prfOf_Pf: +"\ prf \. + let PPf = (\ t1 t2. psubst Pf [(t1,yy), (t2,xx)]) in + (prf \ proof \ \ \ fmla \ Fvars \ = {} \ + prfOf prf \ + \ + bprv (PPf (encPf prf) \\\))" +and +not_prfOf_Pf: +"\ prf \. + let PPf = (\ t1 t2. psubst Pf [(t1,yy), (t2,xx)]) in + (prf \ proof \ \ \ fmla \ Fvars \ = {} \ + \ prfOf prf \ + \ + bprv (neg (PPf (encPf prf) \\\)))" +and +Clean_Pf_encPf: +"\ p \. let PPf = (\ t1 t2. psubst Pf [(t1,yy), (t2,xx)]) in + p \ num \ \ \ fmla \ Fvars \ = {} \ p \ encPf ` proof \ bprv (neg (PPf p \\\))" +begin + +text \PPf is the instantiation combinator of Pf:\ +definition PPf where "PPf \ \ t1 t2. psubst Pf [(t1,yy), (t2,xx)]" + +lemma prfOf_PPf: +assumes "prf \ proof" "\ \ fmla" "Fvars \ = {}" "prfOf prf \" +shows "bprv (PPf (encPf prf) \\\)" + using assms prfOf_Pf unfolding PPf_def by auto + +lemma not_prfOf_PPf: +assumes "prf \ proof" "\ \ fmla" "Fvars \ = {}" "\ prfOf prf \" +shows "bprv (neg (PPf (encPf prf) \\\))" + using assms not_prfOf_Pf unfolding PPf_def by auto + +lemma Clean_PPf_encPf: + assumes "\ \ fmla" "Fvars \ = {}" and "p \ num" "p \ encPf ` proof" + shows "bprv (neg (PPf p \\\))" +using assms Clean_Pf_encPf unfolding PPf_def by auto + +lemma PPf[simp,intro!]: "t1 \ trm \ t2 \ trm \ xx \ FvarsT t1 \ PPf t1 t2 \ fmla" + unfolding PPf_def by auto + +lemma PPf_def2: "t1 \ trm \ t2 \ trm \ xx \ FvarsT t1 \ + PPf t1 t2 = subst (subst Pf t1 yy) t2 xx" + unfolding PPf_def by (rule psubst_eq_rawpsubst2[simplified]) auto + +lemma Fvars_PPf[simp]: +"t1 \ trm \ t2 \ trm \ xx \ FvarsT t1 \ + Fvars (PPf t1 t2) = FvarsT t1 \ FvarsT t2" +by (auto simp add: PPf_def2 subst2_fresh_switch) + +lemma [simp]: +"n \ num \ subst (PPf (Var yy) (Var xx)) n xx = PPf (Var yy) n" +"m \ num \ n \ num \ subst (PPf (Var yy) m) n yy = PPf n m" +"n \ num \ subst (PPf (Var yy) (Var xx)) n yy = PPf n (Var xx)" +"m \ num \ n \ num \ subst (PPf m (Var xx)) n xx = PPf m n" +"m \ num \ subst (PPf (Var zz) (Var xx')) m zz = PPf m (Var xx')" +"m \ num \ n \ num \ subst (PPf m (Var xx')) n xx' = PPf m n" +"n \ num \ subst (PPf (Var zz) (Var xx')) n xx' = PPf (Var zz) n" +"m \ num \ n \ num \ subst (PPf (Var zz) n) m zz = PPf m n" +by (auto simp add: PPf_def2 subst2_fresh_switch) + +lemma B_consistent_prfOf_iff_PPf: +"B.consistent \ prf \ proof \ \ \ fmla \ Fvars \ = {} \ prfOf prf \ \ bprv (PPf (encPf prf) \\\)" + unfolding B.consistent_def3 using not_prfOf_PPf[of "prf" \] prfOf_PPf[of "prf" \] by force + +lemma consistent_prfOf_iff_PPf: +"consistent \ prf \ proof \ \ \ fmla \ Fvars \ = {} \ prfOf prf \ \ bprv (PPf (encPf prf) \\\)" + using B_consistent_prfOf_iff_PPf[OF dwf_dwfd.consistent_B_consistent] . + +end \ \context @{locale CleanRepr_Proofs}\ + +(*<*) +end +(*>*) diff --git a/thys/Goedel_Incompleteness/Abstract_Second_Goedel.thy b/thys/Goedel_Incompleteness/Abstract_Second_Goedel.thy new file mode 100644 --- /dev/null +++ b/thys/Goedel_Incompleteness/Abstract_Second_Goedel.thy @@ -0,0 +1,108 @@ +chapter \Abstract Formulation of Gödel's Second Incompleteness Theorem\ + +(*<*) +theory Abstract_Second_Goedel imports Abstract_First_Goedel Derivability_Conditions +begin +(*>*) + +text \We assume all three derivability conditions, and assumptions +behind Gödel formulas:\ +locale Goedel_Second_Assumptions = +HBL1_2_3 + var trm fmla Var FvarsT substT Fvars subst + num + eql cnj imp all exi + prv bprv + enc + P ++ +Goedel_Form + var trm fmla Var num FvarsT substT Fvars subst + eql cnj imp all exi + fls + prv bprv + enc + S + P +for +var :: "'var set" and trm :: "'trm set" and fmla :: "'fmla set" +and Var FvarsT substT Fvars subst +and num +and eql cnj imp all exi +and prv bprv +and enc ("\_\") +and S +and P +and fls +begin + +lemma P_G: +"bprv (imp (PP \\G\) (PP \fls\))" +proof- + have 0: "prv (imp \G (neg (PP \\G\)))" + using prv_\G_eqv by (intro prv_imp_eqvEL) auto + have 1: "bprv (PP \imp \G (neg (PP \\G\))\)" + using HBL1_PP[OF _ _ 0] by simp + have 2: "bprv (imp (PP \\G\) (PP \neg (PP \\G\)\))" + using HBL2_imp2[OF _ _ _ _ 1] by simp + have 3: "bprv (imp (PP \\G\) (PP \PP \\G\\))" + using HBL3[OF \G] by simp + have 23: "bprv (imp (PP \\G\) + (cnj (PP \PP \\G\\) + (PP \neg (PP \\G\)\)))" + using B.prv_imp_cnj[OF _ _ _ 3 2] by simp + have 4: "bprv (imp (cnj (PP \PP \\G\\) + (PP \neg (PP \\G\)\)) + (PP \fls\))" + using HBL2[of "PP \\G\" fls] unfolding neg_def[symmetric] by simp + show ?thesis using B.prv_prv_imp_trans[OF _ _ _ 23 4] by simp +qed + +text \First the "direct", positive formulation:\ +lemma goedel_second_pos: +assumes "prv (neg (PP \fls\))" +shows "prv fls" +proof- + note PG = bprv_prv[OF _ _ P_G, simplified] + have "prv (neg (PP \\G\))" + using PG assms unfolding neg_def by (rule prv_prv_imp_trans[rotated 3]) auto + hence "prv \G" using prv_\G_eqv by (rule prv_eqv_prv_rev[rotated 2]) auto + thus ?thesis + \\The only part of Goedel's first theorem that is needed:\ + using goedel_first_theEasyHalf_pos by simp +qed + +text \Then the more standard, counterpositive formulation:\ +theorem goedel_second: +"consistent \ \ prv (neg (PP \fls\))" +using goedel_second_pos unfolding consistent_def by auto + + +text \It is an immediate consequence of Gödel's Second HLB1, HLB2 that +(assuming consistency) @{term "prv (neg (PP \\\))"} holds for no sentence, be it +provable or not. The theory is omniscient about what it can prove +(thanks to HLB1), but completely ignorant about what it cannot prove.\ + +corollary not_prv_neg_PP: +assumes c: "consistent" and [simp]: "\ \ fmla" "Fvars \ = {}" +shows "\ prv (neg (PP \\\))" +proof + assume 0: "prv (neg (PP \\\))" + have "prv (imp fls \)" by simp + hence "bprv (PP \imp fls \\)" by (intro HBL1_PP) auto + hence "bprv (imp (PP \fls\) (PP \\\))" by (intro HBL2_imp2) auto + hence "bprv (imp (neg (PP \\\)) (neg (PP \fls\)))" by (intro B.prv_imp_neg_rev) auto + from prv_imp_mp[OF _ _ bprv_prv[OF _ _ this, simplified] 0, simplified] + have "prv (neg (PP \fls\))" . + thus False using goedel_second[OF c] by simp +qed + +end \ \context @{locale Goedel_Second_Assumptions}\ + +(*<*) +end +(*>*) + + + + diff --git a/thys/Goedel_Incompleteness/All_Abstract.thy b/thys/Goedel_Incompleteness/All_Abstract.thy new file mode 100644 --- /dev/null +++ b/thys/Goedel_Incompleteness/All_Abstract.thy @@ -0,0 +1,17 @@ +(*<*) + +text \This puts together all the theories of the abstract development\ + +theory All_Abstract +imports + Abstract_First_Goedel + Abstract_First_Goedel_Rosser + Abstract_Second_Goedel + Jeroslow_Original + Jeroslow_Simplified + Loeb + Tarski +begin + +end +(*>*) diff --git a/thys/Goedel_Incompleteness/Deduction2.thy b/thys/Goedel_Incompleteness/Deduction2.thy new file mode 100644 --- /dev/null +++ b/thys/Goedel_Incompleteness/Deduction2.thy @@ -0,0 +1,280 @@ +chapter \Deduction with Two Provability Relations\ +(*<*) +theory Deduction2 imports "Syntax_Independent_Logic.Deduction" +begin +(*>*) + +text \We work with two provability relations: +provability @{term prv} and basic provability @{term bprv}.\ + +section \From Deduction with One Provability Relation to Two\ + +locale Deduct2 = +Deduct + var trm fmla Var FvarsT substT Fvars subst + num + eql cnj imp all exi + prv ++ +B: Deduct + var trm fmla Var FvarsT substT Fvars subst + num + eql cnj imp all exi + bprv +for +var :: "'var set" and trm :: "'trm set" and fmla :: "'fmla set" +and Var FvarsT substT Fvars subst +and num +and eql cnj imp all exi +and prv bprv ++ +assumes bprv_prv: "\\. \ \ fmla \ Fvars \ = {} \ bprv \ \ prv \" +begin + +(* Removing the sentence (empty Fvars) hypothesis from bprv_prv *) +lemma bprv_prv': + assumes \: "\ \ fmla" and b: "bprv \" + shows "prv \" +proof- + obtain V where V: "Fvars \ = V" by blast + have VV: "V \ var" using Fvars V \ by blast + have f: "finite V" using V finite_Fvars[OF \] by auto + thus ?thesis using \ b V VV + proof(induction V arbitrary: \ rule: finite.induct) + case (emptyI \) + then show ?case by (simp add: bprv_prv) + next + case (insertI W v \) + show ?case proof(cases "v \ W") + case True + thus ?thesis + using insertI.IH[OF `\ \ fmla`] insertI.prems + by (simp add: insert_absorb) + next + case False + hence 1: "Fvars (all v \) = W" + using insertI.prems by auto + moreover have "bprv (all v \)" + using B.prv_all_gen insertI.prems by auto + ultimately have "prv (all v \)" using insertI by auto + thus ?thesis using allE_id insertI.prems by blast + qed + qed +qed + +end \ \context @{locale Deduct2}\ + + +locale Deduct2_with_False = +Deduct_with_False + var trm fmla Var FvarsT substT Fvars subst + eql cnj imp all exi + fls + num + prv ++ +B: Deduct_with_False + var trm fmla Var FvarsT substT Fvars subst + eql cnj imp all exi + fls + num + bprv +for +var :: "'var set" and trm :: "'trm set" and fmla :: "'fmla set" +and Var FvarsT substT Fvars subst +and eql cnj imp all exi +and fls +and num +and prv bprv ++ +assumes bprv_prv: "\\. \ \ fmla \ Fvars \ = {} \ bprv \ \ prv \" + +sublocale Deduct2_with_False < d_dwf: Deduct2 + by standard (fact bprv_prv) + +context Deduct2_with_False begin + +lemma consistent_B_consistent: "consistent \ B.consistent" + using B.consistent_def bprv_prv consistent_def by blast + +end \ \context @{locale Deduct2_with_False}\ + +locale Deduct2_with_False_Disj = +Deduct_with_False_Disj + var trm fmla Var FvarsT substT Fvars subst + eql cnj imp all exi + fls + dsj + num + prv ++ +B: Deduct_with_False_Disj + var trm fmla Var FvarsT substT Fvars subst + eql cnj imp all exi + fls + dsj + num + bprv +for +var :: "'var set" and trm :: "'trm set" and fmla :: "'fmla set" +and Var FvarsT substT Fvars subst +and eql cnj imp all exi +and fls +and dsj +and num +and prv bprv ++ +assumes bprv_prv: "\\. \ \ fmla \ Fvars \ = {} \ bprv \ \ prv \" + +sublocale Deduct2_with_False_Disj < dwf_dwfd: Deduct2_with_False + by standard (fact bprv_prv) + +(* Factoring in a strict-order-like relation (not actually required to be an order): *) +locale Deduct2_with_PseudoOrder = +Deduct2_with_False_Disj + var trm fmla Var FvarsT substT Fvars subst + eql cnj imp all exi + fls + dsj + num + prv bprv ++ +Syntax_PseudoOrder + var trm fmla Var FvarsT substT Fvars subst + eql cnj imp all exi + fls + dsj + num + Lq +for +var :: "'var set" and trm :: "'trm set" and fmla :: "'fmla set" +and Var FvarsT substT Fvars subst +and eql cnj imp all exi +and fls +and dsj +and num +and prv bprv +and Lq ++ +assumes +(* We do not assume any ordering properties, but only these two axioms, Lq_num and Lq_num2, +which (interestingly) would be satisfied by both \ and < within a sufficiently strong +arithmetic such as Robinson's Q *) +(* For each formula \(z) and numeral q, if \(p) is provable for all p +then \ z \ q. \(z) is provable. +(Note that a more natural property would assume \(p) is provable for all p\q, +but we can get away with the stronger assumption (on the left of the implication). ) +*) +Lq_num: +"let LLq = (\ t1 t2. psubst Lq [(t1,zz), (t2,yy)]) in + \ \ \ fmla. \ q \ num. Fvars \ = {zz} \ (\ p \ num. bprv (subst \ p zz)) + \ prv (all zz (imp (LLq (Var zz) q) \))" +and +(* For each numeral p, there exists a finite set P such that it is provable that +\ y. (\p\P. x = p) \ y \ p +(where we write \ instead of Lq, but could also think of <): +*) +Lq_num2: +"let LLq = (\ t1 t2. psubst Lq [(t1,zz), (t2,yy)]) in + \ p \ num. \ P \ num. finite P \ prv (dsj (sdsj {eql (Var yy) r | r. r \ P}) (LLq p (Var yy)))" +begin + +lemma LLq_num: +assumes "\ \ fmla" "q \ num" "Fvars \ = {zz}" "\ p \ num. bprv (subst \ p zz)" +shows "prv (all zz (imp (LLq (Var zz) q) \))" +using assms Lq_num unfolding LLq_def by auto + +lemma LLq_num2: +assumes "p \ num" +shows "\ P \ num. finite P \ prv (dsj (sdsj {eql (Var yy) r | r. r \ P}) (LLq p (Var yy)))" +using assms Lq_num2 unfolding LLq_def by auto + +end \ \context @{locale Deduct2_with_PseudoOrder}\ + +section \Factoring In Explicit Proofs\ + +locale Deduct_with_Proofs = +Deduct_with_False_Disj + var trm fmla Var FvarsT substT Fvars subst + eql cnj imp all exi + fls + dsj + num + prv +for +var :: "'var set" and trm :: "'trm set" and fmla :: "'fmla set" +and Var FvarsT substT Fvars subst +and eql cnj imp all exi +and fls +and dsj +and num +and prv ++ +fixes +"proof" :: "'proof set" +and +prfOf :: "'proof \ 'fmla \ bool" +assumes +\ \Provability means there exists a proof (only needed for sentences):\ +prv_prfOf: "\ \. \ \ fmla \ Fvars \ = {} \ prv \ \ (\ prf \ proof. prfOf prf \)" + +(* We consider proof structure only for prv, not for bprv *) +locale Deduct2_with_Proofs = +Deduct2_with_False_Disj + var trm fmla Var FvarsT substT Fvars subst + eql cnj imp all exi + fls + dsj + num + prv bprv ++ +Deduct_with_Proofs + var trm fmla Var FvarsT substT Fvars subst + eql cnj imp all exi + fls + dsj + num + prv + "proof" prfOf +for +var :: "'var set" and trm :: "'trm set" and fmla :: "'fmla set" +and Var FvarsT substT Fvars subst +and eql cnj imp all exi +and fls +and dsj +and num +and prv bprv +and "proof" :: "'proof set" and prfOf + +locale Deduct2_with_Proofs_PseudoOrder = +Deduct2_with_Proofs + var trm fmla Var FvarsT substT Fvars subst + eql cnj imp all exi + fls + dsj + num + prv bprv + "proof" prfOf ++ +Deduct2_with_PseudoOrder + var trm fmla Var FvarsT substT Fvars subst + eql cnj imp all exi + fls + dsj + num + prv bprv + Lq +for +var :: "'var set" and trm :: "'trm set" and fmla :: "'fmla set" +and Var FvarsT substT Fvars subst +and eql cnj imp all exi +and fls +and dsj +and num +and prv bprv +and "proof" :: "'proof set" and prfOf +and Lq + +(*<*) +end +(*>*) \ No newline at end of file diff --git a/thys/Goedel_Incompleteness/Derivability_Conditions.thy b/thys/Goedel_Incompleteness/Derivability_Conditions.thy new file mode 100644 --- /dev/null +++ b/thys/Goedel_Incompleteness/Derivability_Conditions.thy @@ -0,0 +1,205 @@ +chapter \The Hilbert-Bernays-Löb (HBL) Derivability Conditions\ + +(*<*) +theory Derivability_Conditions imports Abstract_Representability +begin +(*>*) + +section \First Derivability Condition\ + +(* Assume the provability predicate is "very-weakly" representable, +in that one implication of the weak representability condition holds. *) +locale HBL1 = +Encode + var trm fmla Var FvarsT substT Fvars subst + num + enc ++ +Deduct2 + var trm fmla Var FvarsT substT Fvars subst + num + eql cnj imp all exi + prv bprv +for +var :: "'var set" and trm :: "'trm set" and fmla :: "'fmla set" +and Var FvarsT substT Fvars subst +and num +and eql cnj imp all exi +and prv bprv +and enc ("\_\") ++ +(* Very-weak represenatbility of provability, as a one-variable formula P, usually called the provability predicate: *) +fixes P :: 'fmla +assumes +P[intro!,simp]: "P \ fmla" +and +Fvars_P[simp]: "Fvars P = {xx}" +and +HBL1: "\\. \ \ fmla \ Fvars \ = {} \ prv \ \ bprv (subst P \\\ xx)" +begin + +(* For all our (very-weak) representability assumptions, in addition to + the representing formulas, +here, P, we define a corresponding instantiation combinator, here the +predicate PP. +If we think of P as P(xx), then PP t is the instance PP(t) *) +definition PP where "PP \ \t. subst P t xx" + +lemma PP[simp]: "\t. t \ trm \ PP t \ fmla" + unfolding PP_def by auto + +lemma Fvars_PP[simp]: "\t. t \ trm \ Fvars (PP t) = FvarsT t" + unfolding PP_def by auto + +lemma [simp]: +"n \ num \ subst (PP (Var yy)) n yy = PP n" +"n \ num \ subst (PP (Var xx)) n xx = PP n" + unfolding PP_def by auto + +lemma HBL1_PP: +"\ \ fmla \ Fvars \ = {} \ prv \ \ bprv (PP \\\)" + using HBL1 unfolding PP_def by auto + +end \ \context @{locale HBL1}\ + + +section \Connections between Proof Representability, +First Derivability Condition, and Its Converse\ + +context CleanRepr_Proofs +begin + +text \Defining @{term P}, the internal notion of provability, +from @{term Pf} (in its predicate form @{term PPf}), the internal notion of "proof-of". +NB: In the technical sense of the term "represents", we have that +@{term Pf} represents @{term pprv}, whereas @{term P} will not represent @{term prv}, but satisfy a weaker +condition (weaker than weak representability), namely HBL1.\ + +subsection \HBL1 from "proof-of" representability\ + +definition P :: "'fmla" where "P \ exi yy (PPf (Var yy) (Var xx))" + +lemma P[simp,intro!]: "P \ fmla" and Fvars_P[simp]: "Fvars P = {xx}" + unfolding P_def by (auto simp: PPf_def2) + +text \We infer HBL1 from Pf representing prv:\ +lemma HBL1: +assumes \: "\ \ fmla" "Fvars \ = {}" and p\: "prv \" +shows "bprv (subst P \\\ xx)" +proof- + obtain "prf" where pf: "prf \ proof" and "prfOf prf \" using prv_prfOf assms by auto + hence 0: "bprv (PPf (encPf prf) (enc \))" + using prfOf_PPf \ by auto + have 1: "subst (subst Pf (encPf prf) yy) \\\ xx = subst (subst Pf \\\ xx) (substT (encPf prf) \\\ xx) yy" + using assms pf by (intro subst_compose_diff) auto + show ?thesis using 0 unfolding P_def using assms + by (auto simp: PPf_def2 1 pf intro!: B.prv_exiI[of _ _ "encPf prf"]) +qed + +text \This is used in several places, including for the hard half of +Gödel's First and the truth of Gödel formulas (and also for the Rosser variants +of these).\ +lemma not_prv_prv_neg_PPf: +assumes [simp]: "\ \ fmla" "Fvars \ = {}" and p: "\ prv \" and n[simp]: "n \ num" +shows "bprv (neg (PPf n \\\))" +proof- + have "\prf\proof. \ prfOf prf \" using prv_prfOf p by auto + hence "\prf\proof. bprv (neg (PPf (encPf prf) \\\))" using not_prfOf_PPf by auto + thus ?thesis using not_prfOf_PPf using Clean_PPf_encPf by (cases "n \ encPf ` proof") auto +qed + +lemma consistent_not_prv_not_prv_PPf: +assumes c: consistent +and 0[simp]: "\ \ fmla" "Fvars \ = {}" "\ prv \" "n \ num" +shows "\ bprv (PPf n \\\)" + using not_prv_prv_neg_PPf[OF 0] c[THEN dwf_dwfd.consistent_B_consistent] unfolding B.consistent_def3 by auto + +end \ \context @{locale CleanRepr_Proofs}\ + +text \The inference of HBL1 from "proof-of" representability, in locale form:\ +sublocale CleanRepr_Proofs < wrepr: HBL1 + where P = P + using HBL1 by unfold_locales auto + + +subsection \Sufficient condition for the converse of HBL1\ + +context CleanRepr_Proofs +begin + +lemma PP_PPf: +assumes "\ \ fmla" +shows "wrepr.PP \\\ = exi yy (PPf (Var yy) \\\)" + unfolding wrepr.PP_def using assms + by (auto simp: PPf_def2 P_def) + +text \The converse of HLB1 condition follows from (the standard notion of) +$\omega$-consistency for @{term bprv} and strong representability of proofs:\ +lemma \consistentStd1_HBL1_rev: +assumes oc: "B.\consistentStd1" +and \[simp]: "\ \ fmla" "Fvars \ = {}" +and iPP: "bprv (wrepr.PP \\\)" +shows "prv \" +proof- + have 0: "bprv (exi yy (PPf (Var yy) \\\))" using iPP by (simp add: PP_PPf) + {assume "\ prv \" + hence "\n \ num. bprv (neg (PPf n \\\))" using not_prv_prv_neg_PPf by auto + hence "\ bprv (exi yy (PPf (Var yy) \\\))" + using oc unfolding B.\consistentStd1_def using \ by auto + hence False using 0 by simp + } + thus ?thesis by auto +qed + +end \ \context @{locale CleanRepr_Proofs}\ + + +section \Second and Third Derivability Conditions\ + +text \These are only needed for Gödel's Second.\ + +locale HBL1_2_3 = +HBL1 + var trm fmla Var FvarsT substT Fvars subst + num + eql cnj imp all exi + prv bprv + enc + P +for +var :: "'var set" and trm :: "'trm set" and fmla :: "'fmla set" +and Var FvarsT substT Fvars subst +and num +and eql cnj imp all exi +and prv bprv +and enc ("\_\") +and P ++ +assumes +HBL2: "\\ \. \ \ fmla \ \ \ fmla \ Fvars \ = {} \ Fvars \ = {} \ + bprv (imp (cnj (PP \\\) (PP \imp \ \\)) + (PP \\\))" +and +HBL3: "\\. \ \ fmla \ Fvars \ = {} \ bprv (imp (PP \\\) (PP \PP \\\\))" +begin + +text \The implicational form of HBL2:\ +lemma HBL2_imp: + "\\ \. \ \ fmla \ \ \ fmla \ Fvars \ = {} \ Fvars \ = {} \ + bprv (imp (PP \imp \ \\) (imp (PP \\\) (PP \\\)))" +using HBL2 by (simp add: B.prv_cnj_imp B.prv_imp_com) + +text \... and its weaker, "detached" version:\ +lemma HBL2_imp2: +assumes "\ \ fmla" and "\ \ fmla" "Fvars \ = {}" "Fvars \ = {}" +assumes "bprv (PP \imp \ \\)" +shows "bprv (imp (PP \\\) (PP \\\))" +using assms by (meson HBL2_imp PP enc imp num B.prv_imp_mp subsetCE) + +end \ \context @{locale HBL1_2_3}\ + +(*<*) +end +(*>*) + + diff --git a/thys/Goedel_Incompleteness/Diagonalization.thy b/thys/Goedel_Incompleteness/Diagonalization.thy new file mode 100644 --- /dev/null +++ b/thys/Goedel_Incompleteness/Diagonalization.thy @@ -0,0 +1,218 @@ +chapter \Diagonalization\ + +text \This theory proves abstract versions of the diagonalization lemma, +with both hard and soft substitution.\ + + +section \Alternative Diagonalization via Self-Substitution\ + +(*<*) +theory Diagonalization imports Abstract_Representability +begin +(*>*) + +text \ +Assuming representability of the diagonal instance of the substitution function, +we prove the standard diagonalization lemma. More precisely, we show that it applies +to any logic that +-- embeds intuitionistic first-order logic over numerals +-- has a countable number of formulas +-- has formula self-substitution representable +\ + +context Repr_SelfSubst +begin + +theorem diagonalization: + assumes \[simp,intro!]: "\ \ fmla" "Fvars \ = {xx}" + shows "\ \. \ \ fmla \ Fvars \ = {} \ bprv (eqv \ (subst \ \\\ xx))" +proof- + let ?phi = "\ t. subst \ t xx" + define \ where "\ \ exi yy (cnj (?phi (Var yy)) (SS (Var xx) (Var yy)))" + have \[simp,intro!]: "\ \ fmla" unfolding \_def by auto + let ?chi = "\ t. subst \ t xx" + define \ where "\ \ ?chi \\\" + have \[simp,intro!]: "\ \ fmla" unfolding \_def by auto + have f\[simp]: "Fvars \ = {xx}" unfolding \_def by auto + hence Fvars_\: "Fvars \ = {}" unfolding \_def by auto + have 1: "bprv (SS \\\ \\\)" + using subst_implies_prv_SS[OF \] unfolding \_def by simp + have 2: "bprv (all yy' ( + imp (cnj (SS \\\ \\\) + (SS \\\ (Var yy'))) + (eql \\\ (Var yy'))))" + using Fvars_\ B.prv_allE[OF _ _ _ SS_unique, of \ "\\\"] + by fastforce + have 31: "bprv (all yy' + (imp (SS \\\ \\\) + (imp (SS \\\ (Var yy')) + (eql \\\ (Var yy')))))" + using B.prv_all_imp_cnj_rev[OF _ _ _ _ 2] by simp + have 32: "bprv (imp (SS \\\ \\\) + (all yy' (imp (SS \\\ (Var yy')) + (eql \\\ (Var yy')))))" + by (intro B.prv_all_imp[OF _ _ _ _ 31]) (auto simp: SS_def2) + have 33: "bprv (all yy' (imp (SS \\\ (Var yy')) + (eql \\\ (Var yy'))))" + by (rule B.prv_imp_mp [OF _ _ 32 1]) auto + have 3: "bprv (all yy (imp (SS \\\ (Var yy)) + (eql \\\ (Var yy))))" + using B.all_subst_rename_prv[OF _ _ _ _ 33, of yy] + by fastforce + have 41: "bprv (imp (?phi \\\) + (cnj (?phi \\\) + (SS \\\ \\\)))" + by (auto intro: in_num B.prv_imp_cnj B.prv_imp_refl B.prv_imp_triv[OF _ _ 1]) + have [simp]: "subst (subst \ \\\ xx) \\\ yy = subst \ \\\ xx" + by (intro subst_notIn) auto + have [simp]: "subst (subst \ (Var yy) xx) \\\ yy = subst \ \\\ xx" + by (intro subst_subst) auto + have 42: "bprv (exi yy (imp (?phi \\\) + (cnj (?phi (Var yy)) + (SS \\\ (Var yy)))))" + using 41 by (intro B.prv_exiI[of _ _ "\\\"]) auto + have 4: "bprv (imp (?phi \\\) (?chi \\\))" + using B.prv_imp_exi[OF _ _ _ _ 42,simplified] + by (subst \_def) (auto simp add: subst_comp_num) + have 50: "bprv (all yy ( + (imp (eql \\\ (Var yy)) + (imp (?phi (Var yy)) + (?phi \\\)))))" + using B.prv_all_eql[of yy xx \ "\\\" "Var yy"] by simp + have 51: "bprv (all yy ( + (imp (SS \\\ (Var yy)) + (imp (?phi (Var yy)) + (?phi \\\)))))" using B.prv_all_imp_trans[OF _ _ _ _ 3 50] by simp + have 52: "bprv (all yy ( + (imp (cnj (?phi (Var yy)) + (SS \\\ (Var yy))) + (?phi \\\))))" using B.prv_all_imp_cnj[OF _ _ _ _ 51] by simp + have 5: "bprv (imp (?chi \\\) (?phi \\\))" + using B.prv_exi_imp[OF _ _ _ _ 52,simplified] + by (subst \_def) (simp add: subst_comp_num) + have 6: "bprv (eqv (?chi \\\) (?phi \\\))" + using B.prv_cnjI[OF _ _ 5 4] unfolding eqv_def by simp + have 7: "bprv (eqv \ (?phi \\\))" using 6 unfolding \_def . + show ?thesis using \ 7 Fvars_\ by blast +qed + +text \Making this existential into a function.\ + +definition diag :: "'fmla \ 'fmla" where + "diag \ \ SOME \. \ \ fmla \ Fvars \ = {} \ bprv (eqv \ (subst \ \\\ xx))" + +theorem diag_everything: + assumes "\ \ fmla" and "Fvars \ = {xx}" + shows "diag \ \ fmla \ Fvars (diag \) = {} \ bprv (eqv (diag \) (subst \ \diag \\ xx))" + unfolding diag_def using someI_ex[OF diagonalization[OF assms]] . + +lemmas diag[simp] = diag_everything[THEN conjunct1] +lemmas Fvars_diag[simp] = diag_everything[THEN conjunct2, THEN conjunct1] +lemmas bprv_diag_eqv = diag_everything[THEN conjunct2, THEN conjunct2] + +end \ \context @{locale Repr_SelfSubst}\ + + +section \Alternative Diagonalization via Soft Self-Substitution\ + +context Repr_SelfSoftSubst +begin + +theorem diagonalization: + assumes \[simp,intro!]: "\ \ fmla" "Fvars \ = {xx}" + shows "\ \. \ \ fmla \ Fvars \ = {} \ bprv (eqv \ (subst \ \\\ xx))" +proof- + let ?phi = "\ t. subst \ t xx" + define \ where "\ \ exi yy (cnj (?phi (Var yy)) (SS (Var xx) (Var yy)))" + have \[simp,intro!]: "\ \ fmla" unfolding \_def by auto + let ?chi = "\ t. softSubst \ t xx" + define \ where "\ \ ?chi \\\" + have \[simp,intro!]: "\ \ fmla" unfolding \_def by auto + have f\[simp]: "Fvars \ = {xx}" unfolding \_def by auto + hence Fvars_\: "Fvars \ = {}" unfolding \_def by auto + have 1: "bprv (SS \\\ \\\)" + using softSubst_implies_prv_SS[OF \] unfolding \_def by simp + have 2: "bprv (all yy' ( + imp (cnj (SS \\\ \\\) + (SS \\\ (Var yy'))) + (eql \\\ (Var yy'))))" + using Fvars_\ B.prv_allE[OF _ _ _ SS_unique, of \ "\\\"] + by fastforce + have 31: "bprv (all yy' + (imp (SS \\\ \\\) + (imp (SS \\\ (Var yy')) + (eql \\\ (Var yy')))))" + using B.prv_all_imp_cnj_rev[OF _ _ _ _ 2] by simp + have 32: "bprv (imp (SS \\\ \\\) + (all yy' (imp (SS \\\ (Var yy')) + (eql \\\ (Var yy')))))" + by (intro B.prv_all_imp[OF _ _ _ _ 31]) (auto simp: SS_def2) + have 33: "bprv (all yy' (imp (SS \\\ (Var yy')) + (eql \\\ (Var yy'))))" + by (rule B.prv_imp_mp [OF _ _ 32 1]) auto + have 3: "bprv (all yy (imp (SS \\\ (Var yy)) + (eql \\\ (Var yy))))" + using B.all_subst_rename_prv[OF _ _ _ _ 33, of yy] + by fastforce + have 41: "bprv (imp (?phi \\\) + (cnj (?phi \\\) + (SS \\\ \\\)))" + by (auto intro: in_num B.prv_imp_cnj B.prv_imp_refl B.prv_imp_triv[OF _ _ 1]) + have [simp]: "subst (subst \ \\\ xx) \\\ yy = subst \ \\\ xx" + by (intro subst_notIn) auto + have [simp]: "subst (subst \ (Var yy) xx) \\\ yy = subst \ \\\ xx" + by (intro subst_subst) auto + have 42: "bprv (exi yy (imp (?phi \\\) + (cnj (?phi (Var yy)) + (SS \\\ (Var yy)))))" + using 41 by (intro B.prv_exiI[of _ _ "\\\"]) auto + have 4: "bprv (imp (?phi \\\) (subst \ \\\ xx))" + using B.prv_imp_exi[OF _ _ _ _ 42,simplified] + by (subst \_def) (auto simp add: subst_comp_num) + moreover have "bprv (imp (subst \ \\\ xx) (?chi \\\))" by (rule B.prv_subst_imp_softSubst) auto + ultimately have 4: "bprv (imp (?phi \\\) (?chi \\\))" + by (rule B.prv_prv_imp_trans[rotated -2]) auto + have 50: "bprv (all yy ( + (imp (eql \\\ (Var yy)) + (imp (?phi (Var yy)) + (?phi \\\)))))" + using B.prv_all_eql[of yy xx \ "\\\" "Var yy"] by simp + have 51: "bprv (all yy ( + (imp (SS \\\ (Var yy)) + (imp (?phi (Var yy)) + (?phi \\\)))))" using B.prv_all_imp_trans[OF _ _ _ _ 3 50] by simp + have 52: "bprv (all yy ( + (imp (cnj (?phi (Var yy)) + (SS \\\ (Var yy))) + (?phi \\\))))" using B.prv_all_imp_cnj[OF _ _ _ _ 51] by simp + have "bprv (imp (?chi \\\) (subst \ \\\ xx))" by (rule B.prv_softSubst_imp_subst) auto + moreover have "bprv (imp (subst \ \\\ xx) (?phi \\\))" + using B.prv_exi_imp[OF _ _ _ _ 52,simplified] + by (subst \_def) (simp add: subst_comp_num) + ultimately have 5: "bprv (imp (?chi \\\) (?phi \\\))" + by (rule B.prv_prv_imp_trans[rotated -2]) auto + have 6: "bprv (eqv (?chi \\\) (?phi \\\))" + using B.prv_cnjI[OF _ _ 5 4] unfolding eqv_def by simp + have 7: "bprv (eqv \ (?phi \\\))" using 6 unfolding \_def . + show ?thesis using \ 7 Fvars_\ by blast +qed + +text \Making this existential into a function.\ + +definition diag :: "'fmla \ 'fmla" where + "diag \ \ SOME \. \ \ fmla \ Fvars \ = {} \ bprv (eqv \ (subst \ \\\ xx))" + +theorem diag_everything: + assumes "\ \ fmla" and "Fvars \ = {xx}" + shows "diag \ \ fmla \ Fvars (diag \) = {} \ bprv (eqv (diag \) (subst \ \diag \\ xx))" + unfolding diag_def using someI_ex[OF diagonalization[OF assms]] . + +lemmas diag[simp] = diag_everything[THEN conjunct1] +lemmas Fvars_diag[simp] = diag_everything[THEN conjunct2, THEN conjunct1] +lemmas prv_diag_eqv = diag_everything[THEN conjunct2, THEN conjunct2] + +end \ \context @{locale Repr_SelfSoftSubst}\ + +(*<*) +end +(*>*) diff --git a/thys/Goedel_Incompleteness/Goedel_Formula.thy b/thys/Goedel_Incompleteness/Goedel_Formula.thy new file mode 100644 --- /dev/null +++ b/thys/Goedel_Incompleteness/Goedel_Formula.thy @@ -0,0 +1,142 @@ +chapter \Gödel Formulas\ + +(*<*) +theory Goedel_Formula imports Diagonalization Derivability_Conditions +begin +(*>*) + +text \Gödel formulas are defined by diagonalizing the negation of the provability predicate.\ + +locale Goedel_Form = +\ \Assuming the @{term fls} (False) connective gives us negation:\ +Deduct2_with_False + var trm fmla Var FvarsT substT Fvars subst + eql cnj imp all exi + fls + num + prv bprv ++ +Repr_SelfSubst + var trm fmla Var FvarsT substT Fvars subst + num + eql cnj imp all exi + prv bprv + enc + S ++ +HBL1 + var trm fmla Var FvarsT substT Fvars subst + num + eql cnj imp all exi + prv bprv + enc + P +for +var :: "'var set" and trm :: "'trm set" and fmla :: "'fmla set" +and Var num FvarsT substT Fvars subst +and eql cnj imp all exi +and fls +and prv bprv +and enc ("\_\") +and S +and P +begin + +text \The Gödel formula. +NB, we speak of "the" Gödel formula because the diagonalization function makes a choice.\ +definition \G :: 'fmla where "\G \ diag (neg P)" + +lemma \G[simp,intro!]: "\G \ fmla" +and +Fvars_\G[simp]: "Fvars \G = {}" + unfolding \G_def PP_def by auto + +lemma bprv_\G_eqv: +"bprv (eqv \G (neg (PP \\G\)))" + unfolding \G_def PP_def using bprv_diag_eqv[of "neg P"] by simp + +lemma prv_\G_eqv: +"prv (eqv \G (neg (PP \\G\)))" + using bprv_prv[OF _ _ bprv_\G_eqv, simplified] . + +end \ \context @{locale Goedel_Form}\ + + +text \Adding cleanly representable proofs to the assumptions +behind Gödel formulas:\ + +locale Goedel_Form_Proofs = +Repr_SelfSubst + var trm fmla Var FvarsT substT Fvars subst + num + eql cnj imp all exi + prv bprv + enc + S ++ +CleanRepr_Proofs + var trm fmla Var FvarsT substT Fvars subst + num + eql cnj imp all exi + prv bprv + enc + fls + dsj + "proof" prfOf + encPf + Pf +for +var :: "'var set" and trm :: "'trm set" and fmla :: "'fmla set" +and Var FvarsT substT Fvars subst num +and eql cnj imp all exi +and fls +and prv bprv +and enc ("\_\") +and S +and dsj +and "proof" :: "'proof set" and prfOf encPf +and Pf + +text \... and extending the sublocale relationship @{locale CleanRepr_Proofs} < @{locale HBL1}:\ +sublocale Goedel_Form_Proofs < Goedel_Form where P = P by standard + + +context Goedel_Form_Proofs +begin + +lemma bprv_\G_eqv_not_exi_PPf: +"bprv (eqv \G (neg (exi yy (PPf (Var yy) \\G\))))" +proof- + have P: "P = exi yy Pf" using P_def by (simp add: PPf_def2) + hence "subst P \\G\ xx = subst (exi yy Pf) \\G\ xx" by auto + hence "subst P \\G\ xx = exi yy (subst Pf \\G\ xx)" by simp + thus ?thesis using bprv_\G_eqv by (simp add: wrepr.PP_def PPf_def2) +qed + +lemma prv_\G_eqv_not_exi_PPf: +"prv (eqv \G (neg (exi yy (PPf (Var yy) \\G\))))" +using bprv_prv[OF _ _ bprv_\G_eqv_not_exi_PPf, simplified] . + +lemma bprv_\G_eqv_all_not_PPf: +"bprv (eqv \G (all yy (neg (PPf (Var yy) \\G\))))" + by (rule B.prv_eqv_trans[OF _ _ _ bprv_\G_eqv_not_exi_PPf B.prv_neg_exi_eqv_all_neg]) auto + +lemma prv_\G_eqv_all_not_PPf: +"prv (eqv \G (all yy (neg (PPf (Var yy) \\G\))))" +using bprv_prv[OF _ _ bprv_\G_eqv_all_not_PPf, simplified] . + +lemma bprv_eqv_all_not_PPf_imp_\G: +"bprv (imp (all yy (neg (PPf (Var yy) \\G\))) \G)" + using bprv_\G_eqv_all_not_PPf by (auto intro: B.prv_imp_eqvER) + +lemma prv_eqv_all_not_PPf_imp_\G: +"prv (imp (all yy (neg (PPf (Var yy) \\G\))) \G)" +using bprv_prv[OF _ _ bprv_eqv_all_not_PPf_imp_\G, simplified] . + + +end \ \context @{locale Goedel_Form_Proofs}\ + + +(*<*) +end +(*>*) diff --git a/thys/Goedel_Incompleteness/Jeroslow_Original.thy b/thys/Goedel_Incompleteness/Jeroslow_Original.thy new file mode 100644 --- /dev/null +++ b/thys/Goedel_Incompleteness/Jeroslow_Original.thy @@ -0,0 +1,337 @@ +section \A Formalization of Jeroslow's Original Argument\ + +(*<*) +theory Jeroslow_Original imports +"Syntax_Independent_Logic.Pseudo_Term" +Abstract_Jeroslow_Encoding +begin +(*>*) + +subsection \Preliminaries\ + +text \The First Derivability Condition was stated using a formula +with free variable @{term xx}, whereas the pseudo-term theory employs a different variable, +inp. The distinction is of course immaterial, because we can perform +a change of variable in the instantiation:\ + +context HBL1 +begin + +text \Changing the variable (from @{term xx} to @{term inp}) in the provability predicate:\ +definition "Pinp \ subst P (Var inp) xx" +lemma PP_Pinp: "t \ trm \ PP t = instInp Pinp t" +unfolding PP_def Pinp_def instInp_def by auto + +text \A version of HBL1 that uses the @{term inp} variable:\ +lemma HBL1_inp: +"\ \ fmla \ Fvars \ = {} \ prv \ \ prv (instInp Pinp \\\)" +unfolding Pinp_def instInp_def by (auto intro: HBL1) + +end \ \context @{locale HBL1 }\ + + +subsection \Jeroslow-style diagonalization\ + +locale Jeroslow_Diagonalization = +Deduct_with_False_Disj_Rename + var trm fmla Var FvarsT substT Fvars subst + eql cnj imp all exi + fls + dsj + num + prv ++ +Encode + var trm fmla Var FvarsT substT Fvars subst + num + enc +for +var :: "'var set" and trm :: "'trm set" and fmla :: "'fmla set" +and Var FvarsT substT Fvars subst +and eql cnj imp all exi +and fls +and dsj +and num +and prv +and enc ("\_\") ++ +fixes F :: "('trm \ 'trm) set" + and encF :: "('trm \ 'trm) \ 'fmla" + and N :: "'trm \ 'trm" + and ssap :: "'fmla \ 'trm \ 'trm" +assumes +\ \For the members @{term f} of @{term F}, we will only care about their action on numerals, +and we assume that they send numerals to numerals.\ +F[simp,intro!]: "\ f n. f \ F \ n \ num \ f n \ num" +and +encF[simp,intro!]: "\ f. f \ F \ encF f \ ptrm (Suc 0)" +and +N[simp,intro!]: "N \ F" +and +ssap[simp]: "\\. \ \ fmla \ Fvars \ = {inp} \ ssap \ \ F" +and +ReprF: "\f n. f \ F \ n \ num \ prveqlPT (instInp (encF f) n) (f n)" +and +CapN: "\\. \ \ fmla \ Fvars \ = {} \ N \\\ = \neg \\" +and +CapSS: \ \We consider formulas @{term \} of one variable, called @{term inp}:\ +"\ \ f. \ \ fmla \ Fvars \ = {inp} \ f \ F \ + ssap \ \encF f\ = \instInpP \ 0 (instInp (encF f) \encF f\)\" +begin + +lemma encF_fmla[simp,intro!]: "\ f. f \ F \ encF f \ fmla" +by auto + +lemma enc_trm: "\ \ fmla \ \\\ \ trm" +by auto + +definition \J :: "'fmla \ 'fmla" where +"\J \ \ instInp (encF (ssap \)) (\encF (ssap \)\)" + +definition \J :: "'fmla \ 'fmla" where +"\J \ \ instInpP \ 0 (\J \)" + +lemma \J[simp]: +assumes "\ \ fmla" and "Fvars \ = {inp}" +shows "\J \ \ ptrm 0" +unfolding \J_def apply(rule instInp) +using assms by auto + +lemma \J_fmla[simp]: +assumes "\ \ fmla" and "Fvars \ = {inp}" +shows "\J \ \ fmla" +using \J[OF assms] unfolding ptrm_def by auto + +lemma FvarsT_\J[simp]: +assumes "\ \ fmla" and "Fvars \ = {inp}" +shows "Fvars (\J \) = {out}" +using \J[OF assms] unfolding ptrm_def by auto + +lemma \J[simp]: +assumes "\ \ fmla" and "Fvars \ = {inp}" +shows "\J \ \ fmla" +unfolding \J_def using assms by (intro instInpP_fmla) auto + +lemma Fvars_\J[simp]: +assumes "\ \ fmla" and "Fvars \ = {inp}" +shows "Fvars (\J \) = {}" +using assms unfolding \J_def by auto + +lemma diagonalization: +assumes \[simp]: "\ \ fmla" and [simp]: "Fvars \ = {inp}" +shows "prveqlPT (\J \) \instInpP \ 0 (\J \)\ \ + prv (eqv (\J \) (instInp \ \\J \\))" +proof + define f where "f \ ssap \" + have f[simp]: "f \ F" unfolding f_def using assms by auto + have ff: "f \encF f\ = \instInpP \ 0 (\J \)\" + using assms unfolding f_def \J_def by (intro CapSS) auto + + show "prveqlPT (\J \) \instInpP \ 0 (\J \)\" + using ReprF[OF f, of "\encF f\"] + unfolding \J_def[of \, unfolded f_def[symmetric],symmetric] ff[symmetric] + by auto + from prveqlPT_prv_instInp_eqv_instInpP[OF \, of "\J \", OF _ _ _ _ this, + unfolded \J_def[symmetric]] + show "prv (eqv (\J \) (instInp \ \\J \\))" + by auto +qed + +end \ \context @{locale Jeroslow_Diagonalization}\ + + +subsection \Jeroslow's Second Incompleteness Theorem\ + +text \We follow Jeroslow's pseudo-term-based development of the +Second Incompleteness Theorem and point out the location in the proof that +implicitly uses an unstated assumption: the fact that, for certain two provably +equivalent formulas @{term \} and @{term \'}, it is provable that +the provability of the encoding of @{term \'} implies +the provability of the encoding of @{term \}. \ + +locale Jeroslow_Godel_Second = +Jeroslow_Diagonalization + var trm fmla Var FvarsT substT Fvars subst + eql cnj imp all exi + fls + dsj + num + prv + enc + F encF N ssap ++ +HBL1 + var trm fmla Var FvarsT substT Fvars subst + num + eql cnj imp all exi + prv prv + enc + P +for +var :: "'var set" and trm :: "'trm set" and fmla :: "'fmla set" +and Var FvarsT substT Fvars subst +and eql cnj imp all exi +and fls +and dsj +and num +and prv +and enc ("\_\") +and P +and F encF N ssap ++ +assumes +SHBL3: "\\. \ \ ptrm 0 \ prv (imp (instInpP Pinp 0 \) (instInp Pinp \instInpP Pinp 0 \\))" +begin + + +text \Consistency formula a la Jeroslow:\ +definition jcons :: "'fmla" where +"jcons \ all xx (neg (cnj (instInp Pinp (Var xx)) + (instInpP Pinp 0 (instInp (encF N) (Var (xx))))))" + +lemma prv_eql_subst_trm3: +"x \ var \ \ \ fmla \ t1 \ trm \ t2 \ trm \ +prv (eql t1 t2) \ prv (subst \ t1 x) \ prv (subst \ t2 x)" +using prv_eql_subst_trm2 + by (meson subst prv_imp_mp) + +lemma Pinp[simp,intro!]: "Pinp \ fmla" +and Fvars_Pinp[simp]: "Fvars Pinp = {inp}" +unfolding Pinp_def by auto + +lemma ReprF_combineWith_CapN: +assumes "\ \ fmla" and "Fvars \ = {}" +shows "prveqlPT (instInp (encF N) \\\) \neg \\" +using assms unfolding CapN[symmetric, OF assms] by (intro ReprF) auto + +theorem jeroslow_godel_second: +assumes consistent +\ \Assumption that is not stated by Jeroslow, but seems to be needed:\ +assumes unstated: + "let \ = instInpP Pinp (Suc 0) (encF N); + \ = \J \; + \ = instInpP (instInpP Pinp (Suc 0) (encF N)) 0 \; + \' = instInpP Pinp 0 (instInpP (encF N) 0 \) + in prv (imp (instInp Pinp \\'\) (instInp Pinp \\\))" +shows "\ prv jcons" +proof + assume *: "prv jcons" + + define \ where "\ \ instInpP Pinp (Suc 0) (encF N)" + define \ where "\ \ \J \" + define \ where "\ \ \J \" + have \[simp,intro]: "\ \ fmla" "Fvars \ = {inp}" + unfolding \_def by auto + have \[simp,intro]: "\ \ ptrm 0" "\ \ fmla" "Fvars \ = {out}" + unfolding \_def by auto + have [simp]: "\ \ fmla" "Fvars \ = {}" unfolding \_def by auto + + define eN\ where "eN\ \ instInpP (encF N) 0 \" + have eN\[simp]: "eN\ \ ptrm 0" "eN\ \ fmla" "Fvars eN\ = {out}" + unfolding eN\_def by auto + define \' where "\' \ instInpP Pinp 0 eN\" + have [simp]: "\' \ fmla" "Fvars \' = {}" unfolding \'_def by auto + + have \\': "prv (imp \ \')" and \'\: "prv (imp \' \)" and \e\': "prv (eqv \ \')" + unfolding \_def \J_def \'_def eN\_def \_def[symmetric] unfolding \_def + using prv_instInpP_compose[of Pinp "encF N" \] by auto + + from diagonalization[OF \] + have "prveqlPT \ \instInpP \ 0 \\" and **: "prv (eqv \ (instInp \ \\\))" + unfolding \_def[symmetric] \_def[symmetric] by auto + have "**1": "prv (imp \ (instInp \ \\\))" "prv (imp (instInp \ \\\) \)" + using prv_imp_eqvEL[OF _ _ **] prv_imp_eqvER[OF _ _ **] by auto + + from SHBL3[OF eN\(1)] + have "prv (imp (instInpP Pinp 0 eN\) (instInp Pinp \instInpP Pinp 0 eN\\))" . + hence "prv (imp \' (instInp Pinp \\'\))" unfolding \'_def . + from prv_prv_imp_trans[OF _ _ _ \\' this] + have 0: "prv (imp \ (instInp Pinp \\'\))" by auto + + note unr = unstated[unfolded Let_def + \_def[unfolded \J_def \_def[symmetric], symmetric] \_def[symmetric] + \_def[symmetric] eN\_def[symmetric] \'_def[symmetric] \J_def] + + have 1: "prv (imp \ (instInp Pinp \\\))" + apply(nrule r: nprv_prvI) + apply(nrule r: nprv_impI) + apply(nrule r: nprv_addLemmaE[OF unr]) + apply(nrule r: nprv_addImpLemmaE[OF 0]) + apply(nrule r: nprv_clear3_3) + by (simp add: nprv_clear2_2 prv_nprv1I unr) + + have 2: "prv (imp \ (cnj (instInp Pinp \\\) + (instInp \ \\\)))" + apply(nrule r: nprv_prvI) + apply(nrule r: nprv_impI) + apply(nrule r: nprv_cnjI) + subgoal apply(nrule r: nprv_addImpLemmaE[OF 1]) . + subgoal apply(nrule r: nprv_addImpLemmaE[OF "**1"(1)]) . . + + define z where "z \ Variable (Suc (Suc 0))" + have z_facts[simp]: "z \ var" "z \ xx" "z \ Fvars Pinp" + "out \ z \ z \ out" "inp \ z \ z \ inp" + unfolding z_def by auto + + have 30: "subst (instInpP Pinp 0 (instInp (encF N) (Var xx))) \\\ xx = + instInpP Pinp 0 (instInp (encF N) \\\)" + unfolding z_def[symmetric] instInp_def instInpP_def Let_def + by (variousSubsts4 auto + s1: subst_compose_diff s2: subst_subst + s3: subst_notIn[of _ _ xx] s4: subst_compose_diff) + have 31: "subst (instInp Pinp (Var xx)) \\\ xx = + instInp Pinp \\\" unfolding instInp_def by auto + have [simp]: "instInp (instInpP Pinp (Suc 0) (encF N)) \\\ = + instInpP Pinp 0 (instInp (encF N) \\\)" + by (auto simp: instInp_instInpP \_def) + + have 3: "prv (neg (cnj (instInp Pinp \\\) + (instInp \ \\\)))" + apply(nrule r: nprv_prvI) + apply(nrule r: nprv_addLemmaE[OF *, unfolded jcons_def]) + apply(rule nprv_allE0[of _ _ _ "\\\"], auto) + unfolding 30 31 + apply(nrule r: nprv_clear2_2) + apply(nrule r: nprv_negI) + apply(nrule r: nprv_negE0) + apply(nrule r: nprv_clear2_2) + apply(nrule r: nprv_cnjE0) + apply(nrule r: nprv_clear3_3) + apply(nrule r: nprv_cnjI) + apply(nrule r: nprv_clear2_1) + unfolding \_def + apply(nrule r: nprv_hyp) . + + have ***: "prv (neg \)" + apply(nrule r: nprv_prvI) + apply(nrule r: nprv_negI) + apply(nrule r: nprv_addImpLemmaE[OF 2]) + apply(nrule r: nprv_addLemmaE[OF 3]) + apply(nrule r: nprv_negE0) . + + have 4: "prv (instInp Pinp \neg \\)" using HBL1_inp[OF _ _ ***] by auto + + have 5: "prveqlPT (instInp (encF N) \\\) \neg \\" + using ReprF_combineWith_CapN[of \] by auto + + have [simp]: "instInp (encF N) \\\ \ ptrm 0" using instInp by auto + + have 6: "prv (instInpP Pinp 0 (instInp (encF N) \\\))" + apply(nrule r: nprv_prvI) + apply(nrule r: nprv_addLemmaE[OF 4]) + apply(nrule r: prveqlPT_nprv_instInpP_instInp[OF _ _ _ _ _ 5]) . + + note lem = "**1"(2)[unfolded \_def] + have "prv \" + apply(nrule r: nprv_prvI) + apply(nrule r: nprv_addLemmaE[OF 6]) + apply(nrule r: nprv_addImpLemmaE[OF lem]) . + + from this *** `consistent` show False unfolding consistent_def3 by auto +qed + +end \ \context @{locale Jeroslow_Godel_Second}\ + +(*<*) +end +(*>*) diff --git a/thys/Goedel_Incompleteness/Jeroslow_Simplified.thy b/thys/Goedel_Incompleteness/Jeroslow_Simplified.thy new file mode 100644 --- /dev/null +++ b/thys/Goedel_Incompleteness/Jeroslow_Simplified.thy @@ -0,0 +1,380 @@ +section \A Simplification of Jeroslow's Original Argument\ + +(*<*) +theory Jeroslow_Simplified imports Abstract_Jeroslow_Encoding +begin +(*>*) + +text \This is the simplified version of Jeroslow's Second Incompleteness Theorem +reported in our CADE 2019 paper~\cite{DBLP:conf/cade/0001T19}. +The simplification consists of replacing pseudo-terms with plain terms +and representability with (what we call in the paper) term-representability. +This simplified version does not incur the complications of the original.\ + + +subsection \Jeroslow-style term-based diagonalization\ + +locale Jeroslow_Diagonalization = +Deduct_with_False + var trm fmla Var FvarsT substT Fvars subst + eql cnj imp all exi + fls + num + prv ++ +Encode + var trm fmla Var FvarsT substT Fvars subst + num + enc ++ +TermEncode + var trm fmla Var FvarsT substT Fvars subst + num + Ops tenc +for +var :: "'var set" and trm :: "'trm set" and fmla :: "'fmla set" +and Var FvarsT substT Fvars subst +and eql cnj imp all exi +and fls +and num +and prv +and enc ("\_\") +and Ops and tenc ++ +fixes F :: "('trm \ 'trm) set" + and encF :: "('trm \ 'trm) \ ('trm \ 'trm)" + and N :: "'trm \ 'trm" + and ssap :: "'fmla \ 'trm \ 'trm" +assumes +F[simp,intro!]: "\ f n. f \ F \ n \ num \ f n \ num" +and +encF[simp,intro!]: "\ f. f \ F \ encF f \ Ops" +and +N[simp,intro!]: "N \ F" +and +ssap[simp]: "\\. \ \ fmla \ Fvars \ = {xx} \ ssap \ \ F" +and +ReprF: "\f n. f \ F \ n \ num \ prv (eql (encF f n) (f n))" +and +CapN: "\\. \ \ fmla \ Fvars \ = {} \ N \\\ = \neg \\" +and +CapSS: +"\ \ f. \ \ fmla \ Fvars \ = {xx} \ f \ F \ + ssap \ (tenc (encF f)) = \inst \ (encF f (tenc (encF f)))\" +begin + +definition tJ :: "'fmla \ 'trm" where +"tJ \ \ encF (ssap \) (tenc (encF (ssap \)))" + +definition \J :: "'fmla \ 'fmla" where +"\J \ \ subst \ (tJ \) xx" + +lemma tJ[simp]: +assumes "\ \ fmla" and "Fvars \ = {xx}" +shows "tJ \ \ trm" +using assms tJ_def by auto + +lemma FvarsT_tJ[simp]: +assumes "\ \ fmla" and "Fvars \ = {xx}" +shows "FvarsT (tJ \) = {}" +using assms tJ_def by auto + +lemma \J[simp]: +assumes "\ \ fmla" and "Fvars \ = {xx}" +shows "\J \ \ fmla" +using assms \J_def by auto + +lemma Fvars_\J[simp]: +assumes "\ \ fmla" and "Fvars \ = {xx}" +shows "Fvars (\J \) = {}" +using assms \J_def by auto + +lemma diagonalization: +assumes "\ \ fmla" and "Fvars \ = {xx}" +shows "prv (eql (tJ \) \inst \ (tJ \)\) \ + prv (eqv (\J \) (inst \ \\J \\))" +proof + define fJ where "fJ \ ssap \" + have fJ[simp]: "fJ \ F" unfolding fJ_def using assms by auto + have "fJ (tenc (encF fJ)) = \inst \ (tJ \)\" + by (simp add: CapSS assms fJ_def tJ_def) + thus **: "prv (eql (tJ \) \inst \ (tJ \)\)" + using ReprF fJ fJ_def tJ_def by fastforce + show "prv (eqv (\J \) (inst \ \\J \\))" + using assms prv_eql_subst_trm_eqv[OF xx _ _ _ **, of "\"] + by (auto simp: \J_def inst_def) +qed + +end \ \context @{locale Jeroslow_Diagonalization}\ + + +subsection \Term-based version of Jeroslow's Second Incompleteness Theorem\ + +locale Jeroslow_Godel_Second = +Jeroslow_Diagonalization + var trm fmla Var FvarsT substT Fvars subst + eql cnj imp all exi + fls + num + prv + enc + Ops tenc + F encF N ssap ++ +HBL1 + var trm fmla Var FvarsT substT Fvars subst + num + eql cnj imp all exi + prv prv + enc + P +for +var :: "'var set" and trm :: "'trm set" and fmla :: "'fmla set" +and Var FvarsT substT Fvars subst +and eql cnj imp all exi +and fls +and num +and prv +and enc ("\_\") +and Ops and tenc +and P +and F encF N ssap ++ +assumes +SHBL3: "\t. t \ trm \ FvarsT t = {} \ prv (imp (PP t) (PP \PP t\))" +begin + +text \Consistency formula a la Jeroslow:\ +definition jcons :: "'fmla" where +"jcons \ all xx (neg (cnj (PP (Var xx)) (PP (encF N (Var (xx))))))" + +lemma prv_eql_subst_trm3: +"x \ var \ \ \ fmla \ t1 \ trm \ t2 \ trm \ +prv (eql t1 t2) \ prv (subst \ t1 x) \ prv (subst \ t2 x)" +using prv_eql_subst_trm2 + by (meson subst prv_imp_mp) + +lemma prv_eql_neg_encF_N: +assumes "\ \ fmla" and "Fvars \ = {}" +shows "prv (eql \neg \\ (encF N \\\))" + unfolding CapN[symmetric, OF assms] + by (rule prv_prv_eql_sym) (auto simp: assms intro: ReprF) + +lemma prv_imp_neg_encF_N_aux: +assumes "\ \ fmla" and "Fvars \ = {}" +shows "prv (imp (PP \neg \\) (PP (encF N \\\)))" +using assms prv_eql_subst_trm2[OF _ _ _ _ prv_eql_neg_encF_N[OF assms], + of xx "PP (Var xx)"] + unfolding PP_def by auto + +lemma prv_cnj_neg_encF_N_aux: +assumes "\ \ fmla" and "Fvars \ = {}" "\ \ fmla" "Fvars \ = {}" +and "prv (neg (cnj \ (PP \neg \\)))" +shows"prv (neg (cnj \ (PP (encF N \\\))))" +using assms prv_eql_subst_trm3[OF _ _ _ _ prv_eql_neg_encF_N, + of xx "neg (cnj \ (PP (Var xx)))"] + unfolding PP_def by auto + +theorem jeroslow_godel_second: +assumes consistent +shows "\ prv jcons" +proof + assume *: "prv jcons" + define \ where "\ \ PP (encF N (Var xx))" + define t where "t \ tJ \" + have \[simp,intro]: "\ \ fmla" "Fvars \ = {xx}" + and t[simp,intro]: "t \ trm" "FvarsT t = {}" + unfolding \_def t_def by auto + + have sPP[simp]: "subst (PP (encF N (Var xx))) \PP (encF N t)\ xx = + PP (encF N \PP (encF N t)\)" + unfolding PP_def by (subst subst_compose_eq_or) auto + have sPP2[simp]: "subst (PP (encF N (Var xx))) t xx = PP (encF N t)" + unfolding PP_def by (subst subst_compose_eq_or) auto + have 00: "PP (encF N t) = inst \ t" unfolding \_def inst_def PP_def + by (subst subst_compose_eq_or) auto + + define \ where "\ \ \J \" + have [simp]: "\ \ fmla" "Fvars \ = {}" unfolding \_def by auto + have **: "prv (eql t \\\)" + unfolding 00 \_def + using \J_def diagonalization inst_def t_def by auto + have \: "\ = PP (encF N t)" unfolding \_def \J_def t_def \_def + using sPP2 \_def t_def by blast + have 1: "prv (imp \ (PP \\\))" using SHBL3[of "encF N t"] + using 00 \J_def \_def \_def inst_def t_def by auto + have eqv_\: "prv (eqv \ (PP (encF N \\\)))" using diagonalization + by (metis "00" sPP \J_def \_def \ \_def diagonalization inst_def t_def) + have 2: "prv (imp \ (PP (encF N \\\)))" + using prv_cnjEL[OF _ _ eqv_\[unfolded eqv_def]] by auto + have "prv (imp (PP (encF N \\\)) \)" + using prv_cnjER[OF _ _ eqv_\[unfolded eqv_def]] by auto + from prv_prv_imp_trans[OF _ _ _ prv_imp_neg_encF_N_aux this] + have 22: "prv (imp (PP \neg \\) \)" by auto + have 3: "prv (imp \ (cnj (PP \\\) (PP (encF N \\\))))" + by (rule prv_imp_cnj[OF _ _ _ 1 2]) (auto simp: \_def) + have 4: "prv (neg (cnj (PP \\\) (PP (encF N \\\))))" + using prv_allE[OF _ _ _ *[unfolded jcons_def], of "\\\"] + by (simp add: \ \_def) + have 5: "prv (neg \)" + unfolding neg_def + by (rule prv_prv_imp_trans[OF _ _ _ 3 4[unfolded neg_def]]) auto + hence "prv (PP \neg \\)" using + HBL1_PP[OF _ _ 5] by auto + hence "prv \" using prv_imp_mp[OF _ _ 22] by auto + with 5 assms show False unfolding consistent_def3 by auto +qed + + +subsection \A variant of the Second Incompleteness Theorem\ + +text \This variant (also discussed in our CADE 2019 paper~\cite{DBLP:conf/cade/0001T19}) strengthens +the conclusion of the theorem to the standard formulation +of "does not prove its own consistency" at the expense of two +additional derivability-like conditions, HBL4 and WHBL2.\ + +theorem jeroslow_godel_second_standardCon: +assumes consistent +and HBL4: "\\1 \2. {\1,\2} \ fmla \ Fvars \1 = {} \ Fvars \2 = {} \ + prv (imp (cnj (PP \\1\) (PP \\2\)) (PP \cnj \1 \2\))" +and WHBL2: "\\1 \2. {\1,\2} \ fmla \ Fvars \1 = {} \ Fvars \2 = {} \ + prv (imp \1 \2) \ prv (imp (PP \\1\) (PP \\2\))" +shows "\ prv (neg (PP \fls\))" +proof + assume *: "prv (neg (PP \fls\))" + define \ where "\ \ PP (encF N (Var xx))" + define t where "t \ tJ \" + have \[simp,intro]: "\ \ fmla" "Fvars \ = {xx}" + and t[simp,intro]: "t \ trm" "FvarsT t = {}" + unfolding \_def t_def by auto + + have [simp]: "subst (PP (encF N (Var xx))) \PP (encF N t)\ xx = + PP (encF N \PP (encF N t)\)" + unfolding PP_def by (subst subst_compose_eq_or) auto + have [simp]: "subst (PP (encF N (Var xx))) t xx = PP (encF N t)" + unfolding PP_def by (subst subst_compose_eq_or) auto + have 00: "PP (encF N t) = inst \ t" unfolding \_def inst_def PP_def + by (subst subst_compose_eq_or) auto + + define \ where "\ = PP (encF N t)" + have [simp]: "\ \ fmla" "Fvars \ = {}" unfolding \_def by auto + have **: "prv (eql t \PP (encF N t)\)" + unfolding 00 by (simp add: diagonalization t_def) + have 1: "prv (imp \ (PP \\\))" using SHBL3[of "encF N t"] + by (auto simp: \_def) + have 2: "prv (imp \ (PP (encF N \\\)))" + using prv_eql_subst_trm2[OF xx _ _ _ **, of "PP (encF N (Var xx))"] + by (auto simp: \_def) + have "prv (imp (PP (encF N \\\)) \)" + using prv_eql_subst_trm_rev2[OF xx _ _ _ **, of "PP (encF N (Var xx))"] + by (auto simp: \_def) + from prv_prv_imp_trans[OF _ _ _ prv_imp_neg_encF_N_aux this] + have 22: "prv (imp (PP \neg \\) \)" by auto + have 3: "prv (imp \ (cnj (PP \\\) (PP (encF N \\\))))" + by (rule prv_imp_cnj[OF _ _ _ 1 2]) (auto simp: \_def) + + \ \This is the modification from the proof of @{thm jeroslow_godel_second}:\ + have 41: "prv (imp (cnj (PP \\\) (PP \neg \\)) (PP \cnj \ (neg \)\))" + using HBL4[of \ "neg \"] by auto + have "prv (imp (cnj \ (neg \)) (fls))" + by (simp add: prv_cnj_imp_monoR2 prv_imp_neg_fls) + from WHBL2[OF _ _ _ this] + have 42: "prv (imp (PP \cnj \ (neg \)\) (PP \fls\))" by auto + from prv_prv_imp_trans[OF _ _ _ 41 42] + have "prv (imp (cnj (PP \\\) (PP \neg \\)) (PP \fls\))" by auto + from prv_prv_imp_trans[OF _ _ _ this *[unfolded neg_def]] + have "prv (neg (cnj (PP \\\) (PP \neg \\)))" + unfolding neg_def by auto + from prv_cnj_neg_encF_N_aux[OF _ _ _ _ this] + have 4: "prv (neg (cnj (PP \\\) (PP (encF N \\\))))" by auto + \ \End modification\ + + have 5: "prv (neg \)" + unfolding neg_def + by (rule prv_prv_imp_trans[OF _ _ _ 3 4[unfolded neg_def]]) auto + hence "prv (PP \neg \\)" using HBL1_PP[OF _ _ 5] by auto + hence "prv \" using prv_imp_mp[OF _ _ 22] by auto + with 5 assms show False unfolding consistent_def3 by auto +qed + +text \Next we perform a formal analysis of some connection between the +above theorems' hypotheses.\ + +definition noContr :: bool where +"noContr \ \ \ \ fmla. Fvars \ = {} \ prv (neg (cnj (PP \\\) (PP \neg \\)))" + +lemma jcons_noContr: +assumes j: "prv jcons" +shows "noContr" +unfolding noContr_def proof safe + fix \ assume \[simp]: "\ \ fmla" "Fvars \ = {}" + have [simp]: "subst (PP (encF N (Var xx))) \\\ xx = + PP (encF N \\\)" + unfolding PP_def by (simp add: subst_compose_same) + note j = allE_id[OF _ _ j[unfolded jcons_def], simplified] + have 0: "prv (neg (cnj (PP \\\) + (PP (encF N \\\))))" + (is "prv (neg (cnj (PP \\\) ?j))") + using prv_subst[OF _ _ _ j, of xx "\\\"] by simp + have 1: "prv (imp (PP \neg \\) ?j)" + using prv_eql_neg_encF_N[of \, simplified] + using prv_imp_neg_encF_N_aux by auto + have 2: "prv (imp (cnj (PP \\\) (PP \neg \\)) + (cnj (PP \\\) ?j))" + using 0 1 by (simp add: prv_cnj_mono prv_imp_refl) + + have "prv (imp (cnj (PP \\\) (PP \neg \\)) + (cnj (PP \\\) ?j))" + by (simp add: 2 prv_cnj_mono prv_imp_refl) + thus "prv (neg (cnj (PP \\\) (PP \neg \\)))" using 0 + unfolding neg_def + by (elim prv_prv_imp_trans[rotated 3]) auto +qed + +text \@{term noContr} is still stronger than the standard notion of proving own consistency:\ + +lemma noContr_implies_neg_PP_fls: + assumes "noContr" + shows "prv (neg (PP \fls\))" +proof- + have "prv (neg (cnj (PP \fls\) (PP \neg fls\)))" + using assms unfolding noContr_def by auto + thus ?thesis + using Fvars_tru enc in_num tru_def PP PP_def fls imp HBL1 neg_def + prv_cnj_imp prv_fls prv_imp_com prv_imp_mp + by (metis Encode.enc HBL1_axioms HBL1_def) +qed + +corollary jcons_implies_neg_PP_fls: +assumes "prv jcons" +shows "prv (neg (PP \fls\))" +by (simp add: assms noContr_implies_neg_PP_fls jcons_noContr) + +text \However, unlike @{term jcons}, which seems to be quite a bit stronger, +@{term noContr} is equivalent to the standard notion under a slightly +stronger assumption than our WWHBL2, namely, a binary version of that:\ + +lemma neg_PP_fls_implies_noContr: + assumes WWHBL22: +"\\ \ \. \ \ fmla \ \ \ fmla \ \ \ fmla \ + Fvars \ = {} \ Fvars \ = {} \ Fvars \ = {} \ + prv (imp \ (imp \ \)) \ prv (imp (PP \\\) (imp (PP \\\) (PP \\\)))" + assumes p: "prv (neg (PP \fls\))" + shows "noContr" +unfolding noContr_def proof safe + fix \ assume \[simp]: "\ \ fmla" "Fvars \ = {}" + have 0: "prv (imp \ (imp (neg \) fls))" + by (simp add: prv_imp_neg_fls) + have 1: "prv (imp (PP \\\) (imp (PP \neg \\) (PP \fls\)))" + using WWHBL22[OF _ _ _ _ _ _ 0] by auto + show "prv (neg (cnj (PP \\\) (PP \neg \\)))" using 1 p + unfolding neg_def + by (elim prv_cnj_imp_monoR2[rotated 3, OF prv_prv_imp_trans[rotated 3]]) + (auto intro!: prv_imp_monoL) +qed + +end \ \context @{locale Jeroslow_Godel_Second}\ + +(*<*) +end +(*>*) diff --git a/thys/Goedel_Incompleteness/Loeb.thy b/thys/Goedel_Incompleteness/Loeb.thy new file mode 100644 --- /dev/null +++ b/thys/Goedel_Incompleteness/Loeb.thy @@ -0,0 +1,121 @@ +chapter \Löb's Theorem\ + +(*<*) +theory Loeb imports Loeb_Formula Derivability_Conditions +begin +(*>*) + +text \We have set up the formalization of Gödel's first (easy half) and Gödel's second +so that the following generalizations, leading to Löb's theorem, are trivial +modifications of these, replacing negation with "implies @{term \}" in all proofs.\ + +locale Loeb_Assumptions = +HBL1_2_3 + var trm fmla Var FvarsT substT Fvars subst + num + eql cnj imp all exi + prv bprv + enc + P ++ +Loeb_Form + var trm fmla Var num FvarsT substT Fvars subst + eql cnj imp all exi + prv bprv + enc + S + P +for +var :: "'var set" and trm :: "'trm set" and fmla :: "'fmla set" +and Var num FvarsT substT Fvars subst +and eql cnj imp all exi +and prv bprv +and enc ("\_\") +and S +and P +begin + +text \Generalization of $\mathit{goedel\_first\_theEasyHalf\_pos}$, replacing @{term fls} with a sentence @{term \}:\ +lemma loeb_aux_prv: +assumes \[simp]: "\ \ fmla" "Fvars \ = {}" and p: "prv (\L \)" +shows "prv \" +proof- + have "prv (imp (PP \\L \\) \)" using assms prv_eqv_prv[OF _ _ p prv_\L_eqv] by auto + moreover have "bprv (PP \\L \\)" using HBL1[OF \L[OF \] _ p] unfolding PP_def by simp + from bprv_prv[OF _ _ this, simplified] have "prv (PP \\L \\)" . + ultimately show ?thesis using PP \L by (meson assms enc in_num prv_imp_mp) +qed + +lemma loeb_aux_bprv: +assumes \[simp]: "\ \ fmla" "Fvars \ = {}" and p: "bprv (\L \)" +shows "bprv \" +proof- + note pp = bprv_prv[OF _ _ p, simplified] + have "bprv (imp (PP \\L \\) \)" using assms B.prv_eqv_prv[OF _ _ p bprv_\L_eqv] by auto + moreover have "bprv (PP \\L \\)" using HBL1[OF \L[OF \] _ pp] unfolding PP_def by simp + ultimately show ?thesis using PP \L by (meson assms enc in_num B.prv_imp_mp) +qed + +text \Generalization of $\mathit{P\_G}$, the main lemma used for Gödel's second:\ +lemma P_L: +assumes \[simp]: "\ \ fmla" "Fvars \ = {}" +shows "bprv (imp (PP \\L \\) (PP \\\))" +proof- + have 0: "prv (imp (\L \) (imp (PP \\L \\) \))" + using prv_\L_eqv by (intro prv_imp_eqvEL) auto + have 1: "bprv (PP \imp (\L \) (imp (PP \\L \\) \)\)" + using HBL1_PP[OF _ _ 0] by simp + have 2: "bprv (imp (PP \\L \\) (PP \imp (PP \\L \\) \\))" + using HBL2_imp2[OF _ _ _ _ 1] by simp + have 3: "bprv (imp (PP \\L \\) (PP \PP \\L \\\))" + using HBL3[OF \L[OF \] _] by simp + have 23: "bprv (imp (PP \\L \\) + (cnj (PP \PP \\L \\\) + (PP \imp (PP \\L \\) \\)))" + using B.prv_imp_cnj[OF _ _ _ 3 2] by simp + have 4: "bprv (imp (cnj (PP \PP \\L \\\) + (PP \imp (PP \\L \\) \\)) + (PP \\\))" + using HBL2[of "PP \\L \\" \] by simp + show ?thesis using B.prv_prv_imp_trans[OF _ _ _ 23 4] by simp +qed + +text \Löb's theorem generalizes the positive formulation Gödel's Second +($\mathit{goedel\_second}$). In our two-provability-relation framework, we get two variants of Löb's theorem. +A stronger variant, assuming @{term prv} and proving @{term bprv}, seems impossible.\ + +theorem loeb_bprv: +assumes \[simp]: "\ \ fmla" "Fvars \ = {}" and p: "bprv (imp (PP \\\) \)" +shows "bprv \" +proof- + have "bprv (imp (PP \\L \\) \)" + by (rule B.prv_prv_imp_trans[OF _ _ _ P_L p]) auto + hence "bprv (\L \)" + by (rule B.prv_eqv_prv_rev[OF _ _ _ bprv_\L_eqv, rotated 2]) auto + thus ?thesis using loeb_aux_bprv[OF \] by simp +qed + +theorem loeb_prv: +assumes \[simp]: "\ \ fmla" "Fvars \ = {}" and p: "prv (imp (PP \\\) \)" +shows "prv \" +proof- + note PL = bprv_prv[OF _ _ P_L, simplified] + have "prv (imp (PP \\L \\) \)" + by (rule prv_prv_imp_trans[OF _ _ _ PL p]) auto + hence "prv (\L \)" + by (rule prv_eqv_prv_rev[OF _ _ _ prv_\L_eqv, rotated 2]) auto + thus ?thesis using loeb_aux_prv[OF \] by simp +qed + +text \We could have of course inferred $\mathit{goedel\_first\_theEasyHalf\_pos}$ +and $\mathit{goedel\_second}$ from these more general versions, but we leave the original +arguments as they are more instructive.\ + +end \ \context @{locale Loeb_Assumptions}\ + +(*<*) +end +(*>*) + + + diff --git a/thys/Goedel_Incompleteness/Loeb_Formula.thy b/thys/Goedel_Incompleteness/Loeb_Formula.thy new file mode 100644 --- /dev/null +++ b/thys/Goedel_Incompleteness/Loeb_Formula.thy @@ -0,0 +1,63 @@ +chapter \Löb Formulas\ + +(*<*) +theory Loeb_Formula imports Diagonalization Derivability_Conditions +begin +(*>*) + +text \The Löb formula, parameterized by a sentence @{term \}, is defined by diagonalizing @{term "imp P \"}.\ + + +locale Loeb_Form = +Deduct2 + var trm fmla Var FvarsT substT Fvars subst + num + eql cnj imp all exi + prv bprv ++ +Repr_SelfSubst + var trm fmla Var FvarsT substT Fvars subst + num + eql cnj imp all exi + prv bprv + enc + S ++ +HBL1 + var trm fmla Var FvarsT substT Fvars subst + num + eql cnj imp all exi + prv bprv + enc + P +for +var :: "'var set" and trm :: "'trm set" and fmla :: "'fmla set" +and Var num FvarsT substT Fvars subst +and eql cnj imp all exi +and prv bprv +and enc ("\_\") +and S +and P +begin + +text \The Löb formula associated to a formula @{term \}:\ +definition \L :: "'fmla \ 'fmla" where "\L \ \ diag (imp P \)" + +lemma \L[simp,intro]: "\\. \ \ fmla \ Fvars \ = {} \ \L \ \ fmla" +and +Fvars_\L[simp]: "\ \ fmla \ Fvars \ = {} \ Fvars (\L \) = {}" + unfolding \L_def PP_def by auto + +lemma bprv_\L_eqv: +"\ \ fmla \ Fvars \ = {} \ bprv (eqv (\L \) (imp (PP \\L \\) \))" + unfolding \L_def PP_def using bprv_diag_eqv[of "imp P \"] by auto + +lemma prv_\L_eqv: +"\ \ fmla \ Fvars \ = {} \ prv (eqv (\L \) (imp (PP \\L \\) \))" + using bprv_prv[OF _ _ bprv_\L_eqv, simplified] by auto + +end \ \context @{locale Loeb_Form}\ + +(*<*) +end +(*>*) diff --git a/thys/Goedel_Incompleteness/ROOT b/thys/Goedel_Incompleteness/ROOT new file mode 100644 --- /dev/null +++ b/thys/Goedel_Incompleteness/ROOT @@ -0,0 +1,10 @@ +chapter AFP + +session Goedel_Incompleteness (AFP) = Syntax_Independent_Logic + + description \The Abstract Incompleteness Theorems\ + options [timeout = 600] + theories + All_Abstract + document_files + "root.tex" + "root.bib" diff --git a/thys/Goedel_Incompleteness/Rosser_Formula.thy b/thys/Goedel_Incompleteness/Rosser_Formula.thy new file mode 100644 --- /dev/null +++ b/thys/Goedel_Incompleteness/Rosser_Formula.thy @@ -0,0 +1,183 @@ +chapter \Rosser Formulas\ + +text \The Rosser formula is a modification of the Gödel formula that +is undecidable assuming consistency only (not $\omega$-consistency).\ + +(*<*) +theory Rosser_Formula + imports Diagonalization Goedel_Formula +begin +(*>*) + +locale Rosser_Form = +Deduct2_with_PseudoOrder + var trm fmla Var FvarsT substT Fvars subst + eql cnj imp all exi + fls + dsj + num + prv bprv + Lq + + +Repr_Neg + var trm fmla Var FvarsT substT Fvars subst + eql cnj imp all exi + fls + num + prv bprv + enc + N + + +Repr_SelfSubst + var trm fmla Var FvarsT substT Fvars subst + num + eql cnj imp all exi + prv bprv + enc + S + + +HBL1 + var trm fmla Var FvarsT substT Fvars subst + num + eql cnj imp all exi + prv bprv + enc + P + for + var :: "'var set" and trm :: "'trm set" and fmla :: "'fmla set" + and Var FvarsT substT Fvars subst + and num + and eql cnj imp all exi + and fls + and prv bprv + and Lq + and dsj + and enc ("\_\") + and N S P + + +locale Rosser_Form_Proofs = +Deduct2_with_PseudoOrder + var trm fmla Var FvarsT substT Fvars subst + eql cnj imp all exi + fls + dsj + num + prv bprv + Lq + + +Repr_Neg + var trm fmla Var FvarsT substT Fvars subst + eql cnj imp all exi + fls + num + prv bprv + enc + N + + +Repr_SelfSubst + var trm fmla Var FvarsT substT Fvars subst + num + eql cnj imp all exi + prv bprv + enc + S + + +CleanRepr_Proofs + var trm fmla Var FvarsT substT Fvars subst + num + eql cnj imp all exi + prv bprv + enc + fls + dsj + "proof" prfOf + encPf + Pf + for + var :: "'var set" and trm :: "'trm set" and fmla :: "'fmla set" + and Var FvarsT substT Fvars subst + and num + and eql cnj imp all exi + and fls + and prv bprv + and Lq + and dsj and "proof" :: "'proof set" and prfOf + and enc ("\_\") + and N + and S + and encPf Pf + +context Rosser_Form_Proofs +begin + +definition R where "R = all zz (imp (LLq (Var zz) (Var yy)) + (all xx' (imp (NN (Var xx) (Var xx')) + (neg (PPf (Var zz) (Var xx'))))))" + +definition RR where "RR t1 t2 = psubst R [(t1,yy), (t2,xx)]" + +lemma R[simp,intro!]: "R \ fmla" unfolding R_def by auto + +lemma RR_def2: + "t1 \ trm \ t2 \ trm \ xx \ FvarsT t1 \ RR t1 t2 = subst (subst R t1 yy) t2 xx" + unfolding RR_def by (rule psubst_eq_rawpsubst2[simplified]) auto + +definition P' where "P' = exi yy (cnj (PPf (Var yy) (Var xx)) (RR (Var yy) (Var xx)))" + +definition PP' where "PP' t = subst P' t xx" + +lemma Fvars_R[simp]: "Fvars R = {xx,yy}" unfolding R_def by auto + +lemma [simp]: "Fvars (RR (Var yy) (Var xx)) = {yy,xx}" by (auto simp: RR_def2) + +lemma P'[simp,intro!]: "P' \ fmla" unfolding P'_def by (auto simp: PPf_def2 RR_def2) + +lemma Fvars_P'[simp]: "Fvars P' = {xx}" unfolding P'_def by (auto simp: PPf_def2 RR_def2) + +lemma PP'[simp,intro!]: "t \ trm \ PP' t \ fmla" + unfolding PP'_def by auto + +lemma RR[simp,intro]: "t1 \ trm \ t2 \ trm \ RR t1 t2 \ fmla" + by (auto simp: RR_def) + +lemma RR_simps[simp]: + "n \ num \ subst (RR (Var yy) (Var xx)) n xx = RR (Var yy) n" + "m \ num \ n \ num \ subst (RR (Var yy) m) n yy = RR n m" + by (simp add: RR_def2 subst2_fresh_switch)+ + + +text \The Rosser modification of the Gödel formula\ +definition \R :: 'fmla where "\R \ diag (neg P')" + +lemma \R[simp,intro!]: "\R \ fmla" and Fvars_\R[simp]: "Fvars \R = {}" + unfolding \R_def wrepr.PP_def by auto + +lemma bprv_\R_eqv: + "bprv (eqv \R (neg (PP' \\R\)))" + unfolding \R_def PP'_def using bprv_diag_eqv[of "neg P'"] by simp + +lemma bprv_imp_\R: + "bprv (imp (neg (PP' \\R\)) \R)" + by (rule B.prv_imp_eqvER) (auto intro: bprv_\R_eqv) + +lemma prv_\R_eqv: + "prv (eqv \R (neg (PP' \\R\)))" + using dwf_dwfd.d_dwf.bprv_prv'[OF _ bprv_\R_eqv, simplified] . + +lemma prv_imp_\R: + "prv (imp (neg (PP' \\R\)) \R)" + by (rule prv_imp_eqvER) (auto intro: prv_\R_eqv) + +end \ \context @{locale Rosser_Form}\ + + +sublocale Rosser_Form_Proofs < Rosser_Form where P = P + by standard + +sublocale Rosser_Form_Proofs < Goedel_Form where P = P + by standard + +(*<*) +end +(*>*) diff --git a/thys/Goedel_Incompleteness/Standard_Model_More.thy b/thys/Goedel_Incompleteness/Standard_Model_More.thy new file mode 100644 --- /dev/null +++ b/thys/Goedel_Incompleteness/Standard_Model_More.thy @@ -0,0 +1,469 @@ +chapter \Standard Models with Two Provability Relations\ + +(*<*) +(* Abstract notion of standard model and truth *) +theory Standard_Model_More +imports Derivability_Conditions "Syntax_Independent_Logic.Standard_Model" +begin +(*>*) + +locale Minimal_Truth_Soundness_Proof_Repr = +CleanRepr_Proofs + var trm fmla Var FvarsT substT Fvars subst + num + eql cnj imp all exi + prv bprv + enc + fls + dsj + "proof" prfOf + encPf + Pf ++ \ \The label "B" stands for "basic", as a reminder that soundness +refers to the basic provability relation:\ +B: Minimal_Truth_Soundness + var trm fmla Var FvarsT substT Fvars subst + eql cnj imp all exi + fls + dsj + num + bprv + isTrue +for +var :: "'var set" and trm :: "'trm set" and fmla :: "'fmla set" +and Var FvarsT substT Fvars subst +and eql cnj imp all exi +and fls +and dsj +and num +and prv bprv +and isTrue +and enc ("\_\") +and "proof" :: "'proof set" and prfOf +and encPf Pf +begin + +lemmas prfOf_iff_PPf = B_consistent_prfOf_iff_PPf[OF B.consistent] + +text \The provability predicate is decided by basic provability on encodings:\ +lemma isTrue_prv_PPf_prf_or_neg: +"prf \ proof \ \ \ fmla \ Fvars \ = {} \ + bprv (PPf (encPf prf) \\\) \ bprv (neg (PPf (encPf prf) \\\))" + using not_prfOf_PPf prfOf_PPf by blast + +text \... hence that predicate is complete w.r.t. truth:\ +lemma isTrue_PPf_Implies_bprv_PPf: +"prf \ proof \ \ \ fmla \ Fvars \ = {} \ + isTrue (PPf (encPf prf) \\\) \ bprv (PPf (encPf prf) \\\)" + by (metis FvarsT_num Fvars_PPf Fvars_fls PPf +Un_empty empty_iff enc encPf fls in_num isTrue_prv_PPf_prf_or_neg +neg_def B.not_isTrue_fls B.prv_imp_implies_isTrue) + +text \... and thanks cleanness we can replace encoded proofs +with arbitrary numerals in the completeness property:\ +lemma isTrue_implies_bprv_PPf: +assumes [simp]: "n \ num" "\ \ fmla" "Fvars \ = {}" +and iT: "isTrue (PPf n \\\)" +shows "bprv (PPf n \\\)" +proof(cases "n \ encPf ` proof") + case True + thus ?thesis + using iT isTrue_PPf_Implies_bprv_PPf by auto +next + case False + hence "bprv (neg (PPf n \\\))" by (simp add: Clean_PPf_encPf) + hence "isTrue (neg (PPf n \\\))" by (intro B.sound_isTrue) auto + hence False using iT by (intro B.isTrue_neg_excl) auto + thus ?thesis by auto +qed + +text \... in fact, by @{locale Minimal_Truth_Soundness} we even have an iff:\ +lemma isTrue_iff_bprv_PPf: +"\ n \. n \ num \ \ \ fmla \ Fvars \ = {} \ isTrue (PPf n \\\) \ bprv (PPf n \\\)" +using isTrue_implies_bprv_PPf +using exists_no_Fvars B.not_isTrue_fls B.sound_isTrue by auto + +text \Truth of the provability representation implies provability (TIP):\ +lemma TIP: +assumes \[simp]: "\ \ fmla" "Fvars \ = {}" +and iPP: "isTrue (wrepr.PP \\\)" +shows "prv \" +proof- + have "isTrue (exi yy (PPf (Var yy) \\\))" using iPP unfolding PP_PPf[OF \(1)] . + from B.isTrue_exi[OF _ _ _ this] + obtain n where n[simp]: "n \ num" and "isTrue (PPf n \\\)" by auto + hence pP: "bprv (PPf n \\\)" using isTrue_implies_bprv_PPf by auto + hence "\ bprv (neg (PPf n \\\))" + using B.prv_neg_excl[of "PPf n \\\"] by auto + then obtain "prf" where "prf"[simp]: "prf \ proof" and nn: "n = encPf prf" + using assms n Clean_PPf_encPf \(1) by blast + have "prfOf prf \" using pP unfolding nn using prfOf_iff_PPf by auto + thus ?thesis using prv_prfOf by auto +qed + +text \The reverse HBL1 -- now without the $\omega$-consistency assumption which holds here +thanks to our truth-in-standard-model assumption:\ + +lemmas HBL1_rev = \consistentStd1_HBL1_rev[OF B.\consistentStd1] +text \Note that the above would also follow by @{locale Minimal_Truth_Soundness} from TIP:\ +lemma TIP_implies_HBL1_rev: +assumes TIP: "\\. \ \ fmla \ Fvars \ = {} \ isTrue (wrepr.PP \\\) \ prv \" +shows "\\. \ \ fmla \ Fvars \ = {} \ bprv (wrepr.PP \\\) \ prv \" +using B.sound_isTrue[of "wrepr.PP \_\"] TIP by auto + +end \ \context @{locale Minimal_Truth_Soundness_Proof_Repr}\ + + +section \Proof recovery from $\mathit{HBL1\_iff}$\ + +locale Minimal_Truth_Soundness_HBL1iff_Compl_Pf = +HBL1 + var trm fmla Var FvarsT substT Fvars subst + num + eql cnj imp all exi + prv bprv + enc + P ++ +B : Minimal_Truth_Soundness + var trm fmla Var FvarsT substT Fvars subst + eql cnj imp all exi + fls + dsj + num + bprv + isTrue ++ +Deduct_with_False_Disj + var trm fmla Var FvarsT substT Fvars subst + eql cnj imp all exi + fls + dsj + num + prv +for +var :: "'var set" and trm :: "'trm set" and fmla :: "'fmla set" +and Var FvarsT substT Fvars subst +and eql cnj imp all exi +and fls +and dsj +and num +and enc ("\_\") +and prv bprv +and P +and isTrue ++ +fixes Pf :: 'fmla +assumes +\ \@{term Pf} is a formula with free variables @{term xx} @{term yy}:\ +Pf[simp,intro!]: "Pf \ fmla" +and +Fvars_Pf[simp]: "Fvars Pf = {yy,xx}" +and +\ \@{term P} relates to @{term Pf} internally (inside basic provability) +just like a @{term prv} and a @{term prfOf} would relate---via an existential:\ +P_Pf: +"\ \ fmla \ Fvars \ = {} \ + let PPf = (\ t1 t2. psubst Pf [(t1,yy), (t2,xx)]) in + bprv (eqv (subst P \\\ xx) (exi yy (PPf (Var yy) \\\)))" +assumes +\ \We assume both $\mathit{HBL1}$ and $\mathit{HBL1\_rev}$, i.e., an iff version:\ +HBL1_iff: "\ \. \ \ fmla \ Fvars \ = {} \ bprv (PP \\\) \ prv \" +and +Compl_Pf: +"\ n \. n \ num \ \ \ fmla \ Fvars \ = {} \ + let PPf = (\ t1 t2. psubst Pf [(t1,yy), (t2,xx)]) in + isTrue (PPf n \\\) \ bprv (PPf n \\\)" +begin + +definition PPf where "PPf \ \ t1 t2. psubst Pf [(t1,yy), (t2,xx)]" + +lemma PP_deff: "PP t = subst P t xx" using PP_def by auto + +lemma PP_PPf_eqv: + "\ \ fmla \ Fvars \ = {} \ bprv (eqv (PP \\\) (exi yy (PPf (Var yy) \\\)))" + using PP_deff PPf_def P_Pf by auto + +(* *) + +lemma PPf[simp,intro!]: "t1 \ trm \ t2 \ trm \ xx \ FvarsT t1 \ PPf t1 t2 \ fmla" + unfolding PPf_def by auto + +lemma PPf_def2: "t1 \ trm \ t2 \ trm \ xx \ FvarsT t1 \ + PPf t1 t2 = subst (subst Pf t1 yy) t2 xx" + unfolding PPf_def by (rule psubst_eq_rawpsubst2[simplified]) auto + +lemma Fvars_PPf[simp]: + "t1 \ trm \ t2 \ trm \ xx \ FvarsT t1 \ Fvars (PPf t1 t2) = FvarsT t1 \ FvarsT t2" + by (auto simp add: PPf_def2 subst2_fresh_switch) + +lemma [simp]: +"n \ num \ subst (PPf (Var yy) (Var xx)) n xx = PPf (Var yy) n" +"m \ num \ n \ num \ subst (PPf (Var yy) m) n yy = PPf n m" +"n \ num \ subst (PPf (Var yy) (Var xx)) n yy = PPf n (Var xx)" +"m \ num \ n \ num \ subst (PPf m (Var xx)) n xx = PPf m n" +"m \ num \ subst (PPf (Var zz) (Var xx')) m zz = PPf m (Var xx')" +"m \ num \ n \ num \ subst (PPf m (Var xx')) n xx' = PPf m n" +"n \ num \ subst (PPf (Var zz) (Var xx')) n xx' = PPf (Var zz) n" +"m \ num \ n \ num \ subst (PPf (Var zz) n) m zz = PPf m n" + by (auto simp: PPf_def2 subst2_fresh_switch) + +(* *) + +lemma PP_PPf: +assumes "\ \ fmla" "Fvars \ = {}" shows "bprv (PP \\\) \ bprv (exi yy (PPf (Var yy) \\\))" + using assms PP_PPf_eqv[OF assms] B.prv_eqv_sym[OF _ _ PP_PPf_eqv[OF assms]] + by (auto intro!: B.prv_eqv_prv[of "PP \\\" "exi yy (PPf (Var yy) \\\)"] + B.prv_eqv_prv[of "exi yy (PPf (Var yy) \\\)" "PP \\\"]) + +lemma isTrue_implies_bprv_PPf: +"\ n \. n \ num \ \ \ fmla \ Fvars \ = {} \ + isTrue (PPf n \\\) \ bprv (PPf n \\\)" + using Compl_Pf by(simp add: PPf_def) + +lemma isTrue_iff_bprv_PPf: +"\ n \. n \ num \ \ \ fmla \ Fvars \ = {} \ isTrue (PPf n \\\) \ bprv (PPf n \\\)" +using isTrue_implies_bprv_PPf + using exists_no_Fvars B.not_isTrue_fls B.sound_isTrue by auto + +text \Preparing to instantiate this "proof recovery" alternative into our +mainstream locale hierarchy, which assumes proofs. +We define the "missing" proofs to be numerals, we encode them as the identity, +and we "copy" @{term prfOf} from the corresponding predicate one-level-up, @{term PPf}:\ + +definition "proof" :: "'trm set" where [simp]: "proof = num" +definition prfOf :: "'trm \ 'fmla \ bool" where + "prfOf n \ \ bprv (PPf n \\\)" +definition encPf :: "'trm \ 'trm" where [simp]: "encPf \ id" +(* *) + +lemma prv_exi_PPf_iff_isTrue: +assumes [simp]: "\ \ fmla" "Fvars \ = {}" +shows "bprv (exi yy (PPf (Var yy) \\\)) \ isTrue (exi yy (PPf (Var yy) \\\))" (is "?L \ ?R") +proof + assume ?L thus ?R by (intro B.sound_isTrue) auto +next + assume ?R + obtain n where n[simp]: "n \ num" and i: "isTrue (PPf n \\\)" using B.isTrue_exi[OF _ _ _ `?R`] by auto + hence "bprv (PPf n \\\)" by (auto simp: isTrue_iff_bprv_PPf) + thus ?L by (intro B.prv_exiI[of _ _ n]) auto +qed + +lemma isTrue_exi_iff: +assumes [simp]: "\ \ fmla" "Fvars \ = {}" +shows "isTrue (exi yy (PPf (Var yy) \\\)) \ (\n\num. isTrue (PPf n \\\))" (is "?L \ ?R") +proof + assume ?L thus ?R using B.isTrue_exi[OF _ _ _ `?L`] by auto +next + assume ?R + then obtain n where n[simp]: "n \ num" and i: "isTrue (PPf n \\\)" by auto + hence "bprv (PPf n \\\)" by (auto simp: isTrue_iff_bprv_PPf) + hence "bprv (exi yy (PPf (Var yy) \\\))" by (intro B.prv_exiI[of _ _ n]) auto + thus ?L by (intro B.sound_isTrue) auto +qed + +lemma prv_prfOf: +assumes "\ \ fmla" "Fvars \ = {}" +shows "prv \ \ (\n\num. prfOf n \)" +proof- + have "prv \ \ bprv (PP \\\)" using HBL1_iff[OF assms] by simp + also have "\ \ bprv (exi yy (PPf (Var yy) \\\))" unfolding PP_PPf[OF assms] .. + also have "\ \ isTrue (exi yy (PPf (Var yy) \\\))" using prv_exi_PPf_iff_isTrue[OF assms] . + also have "\ \ (\n\num. isTrue (PPf n \\\))" using isTrue_exi_iff[OF assms] . + also have "\ \ (\n\num. bprv (PPf n \\\))" using isTrue_iff_bprv_PPf[OF _ assms] by auto + also have "\ \ (\n\num. prfOf n \)" unfolding prfOf_def .. + finally show ?thesis . +qed + +lemma prfOf_prv_Pf: +assumes "n \ num" and "\ \ fmla" "Fvars \ = {}" and "prfOf n \" +shows "bprv (psubst Pf [(n, yy), (\\\, xx)])" +using assms unfolding prfOf_def by (auto simp: PPf_def2 psubst_eq_rawpsubst2) + +lemma isTrue_exi_iff_PP: +assumes [simp]: "\ \ fmla" "Fvars \ = {}" +shows "isTrue (PP \\\) \ (\n\num. isTrue (PPf n \\\))" +proof- + have "bprv (eqv (PP \\\) (exi yy (PPf (Var yy) \\\)))" + using PP_PPf_eqv by auto + hence "bprv (imp (PP \\\) (exi yy (PPf (Var yy) \\\)))" + and "bprv (imp (exi yy (PPf (Var yy) \\\)) (PP \\\))" + by (simp_all add: B.prv_imp_eqvEL B.prv_imp_eqvER) + thus ?thesis unfolding isTrue_exi_iff[OF assms, symmetric] + by (intro iffI) (rule B.prv_imp_implies_isTrue; simp)+ +qed + +lemma bprv_compl_isTrue_PP_enc: +assumes 1: "\ \ fmla" "Fvars \ = {}" and 2: "isTrue (PP \\\)" +shows "bprv (PP \\\)" +proof- + obtain n where nn: "n \ num" and i: "isTrue (PPf n \\\)" + using 2 unfolding isTrue_exi_iff_PP[OF 1] .. + hence "bprv (PPf n \\\)" + using i using nn assms isTrue_iff_bprv_PPf by blast + hence "bprv (exi yy (PPf (Var yy) \\\))" + using 2 assms isTrue_exi_iff isTrue_exi_iff_PP prv_exi_PPf_iff_isTrue by auto + thus ?thesis using PP_PPf 1 by blast +qed + +lemma TIP: +assumes 1: "\ \ fmla" "Fvars \ = {}" and 2: "isTrue (PP \\\)" +shows "prv \" +using bprv_compl_isTrue_PP_enc[OF assms] HBL1_iff assms by blast + + +end \ \context @{locale Minimal_Truth_Soundness_HBL1iff_Compl_Pf}\ + + +locale Minimal_Truth_Soundness_HBL1iff_Compl_Pf_Compl_NegPf = +Minimal_Truth_Soundness_HBL1iff_Compl_Pf ++ +assumes +Compl_NegPf: +"\ n \. n \ num \ \ \ fmla \ Fvars \ = {} \ + let PPf = (\ t1 t2. psubst Pf [(t1,yy), (t2,xx)]) in + isTrue (B.neg (PPf n \\\)) \ bprv (B.neg (PPf n \\\))" +begin + +lemma isTrue_implies_prv_neg_PPf: +"\ n \. n \ num \ \ \ fmla \ Fvars \ = {} \ + isTrue (B.neg (PPf n \\\)) \ bprv (B.neg (PPf n \\\))" + using Compl_NegPf by(simp add: PPf_def) + +lemma isTrue_iff_prv_neg_PPf: +"\ n \. n \ num \ \ \ fmla \ Fvars \ = {} \ isTrue (B.neg (PPf n \\\)) \ bprv (B.neg (PPf n \\\))" +using isTrue_implies_prv_neg_PPf + using exists_no_Fvars B.not_isTrue_fls B.sound_isTrue by auto + +lemma prv_PPf_decide: +assumes [simp]: "n \ num" "\ \ fmla" "Fvars \ = {}" +and np: "\ bprv (PPf n \\\)" +shows "bprv (B.neg (PPf n \\\))" +proof- + have "\ isTrue (PPf n \\\)" using assms by (auto simp: isTrue_iff_bprv_PPf) + hence "isTrue (B.neg (PPf n \\\))" using B.isTrue_neg[of "PPf n \\\"] by auto + thus ?thesis by (auto simp: isTrue_iff_prv_neg_PPf) +qed + +lemma not_prfOf_prv_neg_Pf: +assumes n\: "n \ num" "\ \ fmla" "Fvars \ = {}" and "\ prfOf n \" +shows "bprv (B.neg (psubst Pf [(n, yy), (\\\, xx)]))" + using assms prv_PPf_decide[OF n\] by (auto simp: prfOf_def PPf_def2 psubst_eq_rawpsubst2) + +end \ \context @{locale Minimal_Truth_Soundness_HBL1iff_Compl_Pf_Compl_NegPf}\ + +sublocale Minimal_Truth_Soundness_HBL1iff_Compl_Pf_Compl_NegPf < + repr: CleanRepr_Proofs +(* added label to avoid duplicated constant P, which is assumed +in Minimal_Truth_Soundness_HBL1iff_Compl_Pf but defined in CleanRepr_Proofs +(they are of course extensionally equal). +*) + where "proof" = "proof" and prfOf = prfOf and encPf = encPf + by standard (auto simp: bprv_prv prv_prfOf prfOf_prv_Pf not_prfOf_prv_neg_Pf) + +(* Lemma 6 ("proof recovery") from the JAR paper: *) +sublocale Minimal_Truth_Soundness_HBL1iff_Compl_Pf_Compl_NegPf < + min_truth: Minimal_Truth_Soundness_Proof_Repr +where "proof" = "proof" and prfOf = prfOf and encPf = encPf + by standard + + + +(* FOR THE CLASSICAL REASONING VERSION *) + +locale Minimal_Truth_Soundness_HBL1iff_prv_Compl_Pf = +HBL1 + var trm fmla Var FvarsT substT Fvars subst + num + eql cnj imp all exi + prv bprv + enc + P ++ +B: Minimal_Truth_Soundness + var trm fmla Var FvarsT substT Fvars subst + eql cnj imp all exi + fls + dsj + num + bprv + isTrue ++ +Deduct_with_False_Disj + var trm fmla Var FvarsT substT Fvars subst + eql cnj imp all exi + fls + dsj + num + prv +for +var :: "'var set" and trm :: "'trm set" and fmla :: "'fmla set" +and Var FvarsT substT Fvars subst +and eql cnj imp all exi +and fls +and dsj +and num +and enc ("\_\") +and prv bprv +and P +and isTrue ++ +fixes Pf :: 'fmla +assumes +(* Pf is a formula with free variables xx yy *) +Pf[simp,intro!]: "Pf \ fmla" +and +Fvars_Pf[simp]: "Fvars Pf = {yy,xx}" +and +(* P relates to Pf internally just like a prv and a proofOf would +relate: via an existential *) +P_Pf: +"\ \ fmla \ + let PPf = (\ t1 t2. psubst Pf [(t1,yy), (t2,xx)]) in + bprv (eqv (subst P \\\ xx) (exi yy (PPf (Var yy) \\\)))" +assumes +(* We assume, in addition to HBL1, the strong form of HBL1_rev: *) +HBL1_rev_prv: "\ \. \ \ fmla \ Fvars \ = {} \ prv (PP \\\) \ prv \" +and +Compl_Pf: +"\ n \. n \ num \ \ \ fmla \ Fvars \ = {} \ + let PPf = (\ t1 t2. psubst Pf [(t1,yy), (t2,xx)]) in + isTrue (PPf n \\\) \ bprv (PPf n \\\)" +begin + +lemma HBL1_rev: + assumes f: "\ \ fmla" and fv: "Fvars \ = {}" and bp: "bprv (PP \\\)" + shows "prv \" + using assms by (auto intro!: HBL1_rev_prv bprv_prv[OF _ _ bp]) + +lemma HBL1_iff: "\ \ fmla \ Fvars \ = {} \ bprv (PP \\\) \ prv \" + using HBL1 HBL1_rev unfolding PP_def by auto + +lemma HBL1_iff_prv: "\ \ fmla \ Fvars \ = {} \ prv (PP \\\) \ prv \" + by (intro iffI bprv_prv[OF _ _ HBL1_PP], elim HBL1_rev_prv[rotated -1]) auto + +end \ \context @{locale Minimal_Truth_Soundness_HBL1iff_prv_Compl_Pf}\ + +sublocale Minimal_Truth_Soundness_HBL1iff_prv_Compl_Pf < + mts_prv_mts: Minimal_Truth_Soundness_HBL1iff_Compl_Pf where Pf = Pf + using P_Pf HBL1_rev HBL1_PP Compl_Pf + by unfold_locales auto + +locale Minimal_Truth_Soundness_HBL1iff_prv_Compl_Pf_Classical = +Minimal_Truth_Soundness_HBL1iff_prv_Compl_Pf ++ +assumes +\ \NB: we don't really need to assume classical reasoning (double negation) all throughout, +but only for the provability predicate:\ +classical_P: "\ \. \ \ fmla \ Fvars \ = {} \ let PP = (\t. subst P t xx) in + prv (B.neg (B.neg (PP \\\))) \ prv (PP \\\)" +begin + +lemma classical_PP: "\ \ fmla \ Fvars \ = {} \ prv (B.neg (B.neg (PP \\\))) \ prv (PP \\\)" + using classical_P unfolding PP_def by auto + +end \ \context @{locale Minimal_Truth_Soundness_HBL1iff_prv_Compl_Pf_Classical}\ + +(*<*) +end +(*>*) diff --git a/thys/Goedel_Incompleteness/Tarski.thy b/thys/Goedel_Incompleteness/Tarski.thy new file mode 100644 --- /dev/null +++ b/thys/Goedel_Incompleteness/Tarski.thy @@ -0,0 +1,97 @@ +chapter \Abstract Formulation of Tarski's Theorems\ + +text \We prove Tarski's proof-theoretic and semantic theorems about the +non-definability and respectively non-expressiveness (in the standard model) of truth\ + +(*<*) +theory Tarski + imports Goedel_Formula Standard_Model_More +begin +(*>*) + +section \Non-Definability of Truth\ + +context Goedel_Form +begin + +context + fixes T :: 'fmla + assumes T[simp,intro!]: "T \ fmla" + and Fvars_T[simp]: "Fvars T = {xx}" + and prv_T: "\\. \ \ fmla \ Fvars \ = {} \ prv (eqv (subst T \\\ xx) \)" +begin + +definition \T :: 'fmla where "\T \ diag (neg T)" + +lemma \T[simp,intro!]: "\T \ fmla" and +Fvars_\T[simp]: "Fvars \T = {}" + unfolding \T_def PP_def by auto + +lemma bprv_\T_eqv: +"bprv (eqv \T (neg (subst T \\T\ xx)))" + unfolding \T_def using bprv_diag_eqv[of "neg T"] by simp + +lemma prv_\T_eqv: +"prv (eqv \T (neg (subst T \\T\ xx)))" + using d_dwf.bprv_prv'[OF _ bprv_\T_eqv, simplified] . + +lemma \T_prv_fls: "prv fls" +using prv_eqv_eqv_neg_prv_fls2[OF _ _ prv_T[OF \T Fvars_\T] prv_\T_eqv] by auto + +end \ \context\ + +theorem Tarski_proof_theoretic: +assumes "T \ fmla" "Fvars T = {xx}" +and "\\. \ \ fmla \ Fvars \ = {} \ prv (eqv (subst T \\\ xx) \)" +shows "\ consistent" +using \T_prv_fls[OF assms] consistent_def by auto + +end \ \context @{locale Goedel_Form}\ + + +section \Non-Expressiveness of Truth\ + +text \This follows as a corollary of the syntactic version, after taking prv +to be isTrue on sentences.Indeed, this is a virtue of our abstract treatment +of provability: We don't work with a particular predicate, but with any predicate +that is closed under some rules --- which could as well be a semantic notion of truth (for sentences).\ + +locale Goedel_Form_prv_eq_isTrue = +Goedel_Form + var trm fmla Var num FvarsT substT Fvars subst + eql cnj imp all exi + fls + prv bprv + enc + P + S +for +var :: "'var set" and trm :: "'trm set" and fmla :: "'fmla set" +and Var num FvarsT substT Fvars subst +and eql cnj imp all exi +and fls +and prv bprv +and enc ("\_\") +and S +and P ++ +fixes isTrue :: "'fmla \ bool" +assumes prv_eq_isTrue: "\ \. \ \ fmla \ Fvars \ = {} \ prv \ = isTrue \" +begin + +theorem Tarski_semantic: +assumes 0: "T \ fmla" "Fvars T = {xx}" +and 1: "\\. \ \ fmla \ Fvars \ = {} \ isTrue (eqv (subst T \\\ xx) \)" +shows "\ consistent" +using assms prv_eq_isTrue[of "eqv (subst T \_\ xx) _"] + by (intro Tarski_proof_theoretic[OF 0]) auto + +text \NB: To instantiate the semantic version of Tarski's theorem for a truth predicate +isTruth on sentences, one needs to extend it to a predicate "prv" on formulas and verify +that "prv" satisfies the rules of intuitionistic logic.\ + +end \ \context @{locale Goedel_Form_prv_eq_isTrue}\ + +(*<*) +end +(*>*) diff --git a/thys/Goedel_Incompleteness/document/root.bib b/thys/Goedel_Incompleteness/document/root.bib new file mode 100644 --- /dev/null +++ b/thys/Goedel_Incompleteness/document/root.bib @@ -0,0 +1,14 @@ +@inproceedings{DBLP:conf/cade/0001T19, + author = {Andrei Popescu and + Dmitriy Traytel}, + editor = {Pascal Fontaine}, + title = {A Formally Verified Abstract Account of {G}{\"{o}}del's Incompleteness + Theorems}, + booktitle = {{CADE} 27}, + series = {LNCS}, + volume = {11716}, + pages = {442--461}, + publisher = {Springer}, + year = {2019}, + doi = {10.1007/978-3-030-29436-6\_26}, +} \ No newline at end of file diff --git a/thys/Goedel_Incompleteness/document/root.tex b/thys/Goedel_Incompleteness/document/root.tex new file mode 100644 --- /dev/null +++ b/thys/Goedel_Incompleteness/document/root.tex @@ -0,0 +1,53 @@ +\documentclass[10pt,a4paper]{report} +\usepackage{isabelle,isabellesym} + +\usepackage{a4wide} +\usepackage[english]{babel} +\usepackage{eufrak} +\usepackage{amssymb} + +% this should be the last package used +\usepackage{pdfsetup} + +% urls in roman style, theory text in math-similar italics +\urlstyle{rm} +\isabellestyle{literal} + + +\begin{document} + +\title{An Abstract Formalization of G\"odel's Incompleteness Theorems} +\author{Andrei Popescu \and Dmitriy Traytel} + +\maketitle + +\begin{abstract} We present an abstract formalization of G\"odel's incompleteness theorems. +We analyze sufficient conditions for the theorems' applicability to a partially specified logic. +Our abstract perspective enables a comparison between alternative approaches from the literature. +These include Rosser's variation of the first theorem, Jeroslow's variation of the second theorem, +and the Swierczkowski–Paulson semantics-based approach. This AFP entry is the main entry point to the results +described in our CADE-27 paper~\cite{DBLP:conf/cade/0001T19}. + +\looseness=-1 +As part of our abstract formalization's validation, we instantiate our locales twice in the separate +AFP entries \href{https://www.isa-afp.org/entries/Goedel_HFSet_Semantic.html}{Goedel\_HFSet\_Semantic} and +\href{https://www.isa-afp.org/entries/Goedel_HFSet_Semanticless.html}{Goedel\_HFSet\_Semanticless}. +\end{abstract} + +\tableofcontents + +% sane default for proof documents +\parindent 0pt\parskip 0.5ex + +% generated text of all theories +\input{session} + +\bibliographystyle{abbrv} +\bibliography{root} + +\end{document} + +%%% Local Variables: +%%% mode: latex +%%% TeX-master: t +%%% End: diff --git a/thys/ROOTS b/thys/ROOTS --- a/thys/ROOTS +++ b/thys/ROOTS @@ -1,557 +1,558 @@ ADS_Functor AODV AVL-Trees AWN Abortable_Linearizable_Modules Abs_Int_ITP2012 Abstract-Hoare-Logics Abstract-Rewriting Abstract_Completeness Abstract_Soundness Adaptive_State_Counting Affine_Arithmetic Aggregation_Algebras Akra_Bazzi Algebraic_Numbers Algebraic_VCs Allen_Calculus Amicable_Numbers Amortized_Complexity AnselmGod Applicative_Lifting Approximation_Algorithms Architectural_Design_Patterns Aristotles_Assertoric_Syllogistic Arith_Prog_Rel_Primes ArrowImpossibilityGS Attack_Trees Auto2_HOL Auto2_Imperative_HOL AutoFocus-Stream Automated_Stateful_Protocol_Verification Automatic_Refinement AxiomaticCategoryTheory BDD BNF_CC BNF_Operations Banach_Steinhaus Bell_Numbers_Spivey Berlekamp_Zassenhaus Bernoulli Bertrands_Postulate Bicategory BinarySearchTree Binding_Syntax_Theory Binomial-Heaps Binomial-Queues BirdKMP Bondy Boolean_Expression_Checkers Bounded_Deducibility_Security Buchi_Complementation Budan_Fourier Buffons_Needle Buildings BytecodeLogicJmlTypes C2KA_DistributedSystems CAVA_Automata CAVA_LTL_Modelchecker CCS CISC-Kernel CRDT CYK CakeML CakeML_Codegen Call_Arity Card_Equiv_Relations Card_Multisets Card_Number_Partitions Card_Partitions Cartan_FP Case_Labeling Catalan_Numbers Category Category2 Category3 Cauchy Cayley_Hamilton Certification_Monads Chandy_Lamport Chord_Segments Circus Clean ClockSynchInst Closest_Pair_Points CofGroups Coinductive Coinductive_Languages Collections Comparison_Sort_Lower_Bound Compiling-Exceptions-Correctly Complete_Non_Orders Completeness Complex_Geometry Complx ComponentDependencies ConcurrentGC ConcurrentIMP Concurrent_Ref_Alg Concurrent_Revisions Consensus_Refined Constructive_Cryptography Constructor_Funs Containers CoreC++ Core_DOM Count_Complex_Roots CryptHOL CryptoBasedCompositionalProperties DFS_Framework DPT-SAT-Solver DataRefinementIBP Datatype_Order_Generator Decl_Sem_Fun_PL Decreasing-Diagrams Decreasing-Diagrams-II Deep_Learning Density_Compiler Dependent_SIFUM_Refinement Dependent_SIFUM_Type_Systems Depth-First-Search Derangements Deriving Descartes_Sign_Rule Dict_Construction Differential_Dynamic_Logic Differential_Game_Logic Dijkstra_Shortest_Path Diophantine_Eqns_Lin_Hom Dirichlet_L Dirichlet_Series DiscretePricing Discrete_Summation DiskPaxos DynamicArchitectures Dynamic_Tables EFSM_Inference E_Transcendental Echelon_Form EdmondsKarp_Maxflow Efficient-Mergesort Elliptic_Curves_Group_Law Encodability_Process_Calculi Epistemic_Logic Ergodic_Theory Error_Function Euler_MacLaurin Euler_Partition Example-Submission Extended_Finite_State_Machines FFT FLP FOL-Fitting FOL_Harrison FOL_Seq_Calc1 Factored_Transition_System_Bounding Falling_Factorial_Sum Farkas FeatherweightJava Featherweight_OCL Fermat3_4 FileRefinement FinFun Finger-Trees Finite_Automata_HF First_Order_Terms First_Welfare_Theorem Fishburn_Impossibility Fisher_Yates Flow_Networks Floyd_Warshall Flyspeck-Tame FocusStreamsCaseStudies Forcing Formal_SSA Formula_Derivatives Fourier Free-Boolean-Algebra Free-Groups FunWithFunctions FunWithTilings Functional-Automata Functional_Ordered_Resolution_Prover Furstenberg_Topology GPU_Kernel_PL Gabow_SCC Game_Based_Crypto Gauss-Jordan-Elim-Fun Gauss_Jordan Gauss_Sums Gaussian_Integers GenClock General-Triangle Generalized_Counting_Sort Generic_Deriving Generic_Join GewirthPGCProof Girth_Chromatic GoedelGod +Goedel_Incompleteness Goodstein_Lambda GraphMarkingIBP Graph_Saturation Graph_Theory Green Groebner_Bases Groebner_Macaulay Gromov_Hyperbolicity Group-Ring-Module HOL-CSP HOLCF-Prelude HRB-Slicing Heard_Of Hello_World HereditarilyFinite Hermite Hidden_Markov_Models Higher_Order_Terms Hoare_Time HotelKeyCards Huffman Hybrid_Logic Hybrid_Multi_Lane_Spatial_Logic Hybrid_Systems_VCs HyperCTL IEEE_Floating_Point IMAP-CRDT IMO2019 IMP2 IMP2_Binary_Heap IP_Addresses Imperative_Insertion_Sort Impossible_Geometry Incompleteness Incredible_Proof_Machine Inductive_Confidentiality Inductive_Inference InfPathElimination InformationFlowSlicing InformationFlowSlicing_Inter Integration Interval_Arithmetic_Word32 Iptables_Semantics Irrational_Series_Erdos_Straus Irrationality_J_Hancl Isabelle_C Isabelle_Meta_Model Jacobson_Basic_Algebra Jinja JinjaThreads JiveDataStoreModel Jordan_Hoelder Jordan_Normal_Form KAD KAT_and_DRA KBPs KD_Tree Key_Agreement_Strong_Adversaries Kleene_Algebra Knot_Theory Knuth_Bendix_Order Knuth_Morris_Pratt Koenigsberg_Friendship Kruskal Kuratowski_Closure_Complement LLL_Basis_Reduction LLL_Factorization LOFT LTL LTL_Master_Theorem LTL_Normal_Form LTL_to_DRA LTL_to_GBA Lam-ml-Normalization LambdaAuth LambdaMu Lambda_Free_EPO Lambda_Free_KBOs Lambda_Free_RPOs Lambert_W Landau_Symbols Laplace_Transform Latin_Square LatticeProperties Launchbury Lazy-Lists-II Lazy_Case Lehmer Lifting_Definition_Option LightweightJava LinearQuantifierElim Linear_Inequalities Linear_Programming Linear_Recurrences Liouville_Numbers List-Index List-Infinite List_Interleaving List_Inversions List_Update LocalLexing Localization_Ring Locally-Nameless-Sigma Lowe_Ontological_Argument Lower_Semicontinuous Lp Lucas_Theorem MFMC_Countable MFODL_Monitor_Optimized MFOTL_Monitor MSO_Regex_Equivalence Markov_Models Marriage Mason_Stothers Matrices_for_ODEs Matrix Matrix_Tensor Matroids Max-Card-Matching Median_Of_Medians_Selection Menger Mersenne_Primes MiniML Minimal_SSA Minkowskis_Theorem Minsky_Machines Modal_Logics_for_NTS Modular_Assembly_Kit_Security Monad_Memo_DP Monad_Normalisation MonoBoolTranAlgebra MonoidalCategory Monomorphic_Monad MuchAdoAboutTwo Multi_Party_Computation Multirelations Myhill-Nerode Name_Carrying_Type_Inference Nash_Williams Nat-Interval-Logic Native_Word Nested_Multisets_Ordinals Network_Security_Policy_Verification Neumann_Morgenstern_Utility No_FTL_observers Nominal2 Noninterference_CSP Noninterference_Concurrent_Composition Noninterference_Generic_Unwinding Noninterference_Inductive_Unwinding Noninterference_Ipurge_Unwinding Noninterference_Sequential_Composition NormByEval Nullstellensatz Octonions OpSets Open_Induction Optics Optimal_BST Orbit_Stabiliser Order_Lattice_Props Ordered_Resolution_Prover Ordinal Ordinal_Partitions Ordinals_and_Cardinals Ordinary_Differential_Equations PAC_Checker PCF PLM POPLmark-deBruijn PSemigroupsConvolution Pairing_Heap Paraconsistency Parity_Game Partial_Function_MR Partial_Order_Reduction Password_Authentication_Protocol Pell Perfect-Number-Thm Perron_Frobenius Pi_Calculus Pi_Transcendental Planarity_Certificates Poincare_Bendixson Poincare_Disc Polynomial_Factorization Polynomial_Interpolation Polynomials Pop_Refinement Posix-Lexing Possibilistic_Noninterference Power_Sum_Polynomials Pratt_Certificate Presburger-Automata Prim_Dijkstra_Simple Prime_Distribution_Elementary Prime_Harmonic_Series Prime_Number_Theorem Priority_Queue_Braun Priority_Search_Trees Probabilistic_Noninterference Probabilistic_Prime_Tests Probabilistic_System_Zoo Probabilistic_Timed_Automata Probabilistic_While Program-Conflict-Analysis Projective_Geometry Promela Proof_Strategy_Language PropResPI Propositional_Proof_Systems Prpu_Maxflow PseudoHoops Psi_Calculi Ptolemys_Theorem QHLProver QR_Decomposition Quantales Quaternions Quick_Sort_Cost RIPEMD-160-SPARK ROBDD RSAPSS Ramsey-Infinite Random_BSTs Random_Graph_Subgraph_Threshold Randomised_BSTs Randomised_Social_Choice Rank_Nullity_Theorem Real_Impl Recursion-Addition Recursion-Theory-I Refine_Imperative_HOL Refine_Monadic RefinementReactive Regex_Equivalence Regular-Sets Regular_Algebras Relation_Algebra Relational-Incorrectness-Logic Relational_Disjoint_Set_Forests Relational_Paths Rep_Fin_Groups Residuated_Lattices Resolution_FOL Rewriting_Z Ribbon_Proofs Robbins-Conjecture Root_Balanced_Tree Routing Roy_Floyd_Warshall SATSolverVerification SDS_Impossibility SIFPL SIFUM_Type_Systems SPARCv8 Safe_Distance Safe_OCL Saturation_Framework Secondary_Sylow Security_Protocol_Refinement Selection_Heap_Sort SenSocialChoice Separata Separation_Algebra Separation_Logic_Imperative_HOL SequentInvertibility Shivers-CFA ShortestPath Show Sigma_Commit_Crypto Signature_Groebner Simpl Simple_Firewall Simplex Skew_Heap Skip_Lists Slicing Sliding_Window_Algorithm Smith_Normal_Form Smooth_Manifolds Sort_Encodings Source_Coding_Theorem Special_Function_Bounds Splay_Tree Sqrt_Babylonian Stable_Matching Statecharts Stateful_Protocol_Composition_and_Typing Stellar_Quorums Stern_Brocot Stewart_Apollonius Stirling_Formula Stochastic_Matrices Stone_Algebras Stone_Kleene_Relation_Algebras Stone_Relation_Algebras Store_Buffer_Reduction Stream-Fusion Stream_Fusion_Code Strong_Security Sturm_Sequences Sturm_Tarski Stuttering_Equivalence Subresultants Subset_Boolean_Algebras SumSquares SuperCalc Surprise_Paradox Symmetric_Polynomials Syntax_Independent_Logic Szpilrajn TESL_Language TLA Tail_Recursive_Functions Tarskis_Geometry Taylor_Models Timed_Automata Topology TortoiseHare Transcendence_Series_Hancl_Rucki Transformer_Semantics Transition_Systems_and_Automata Transitive-Closure Transitive-Closure-II Treaps Tree-Automata Tree_Decomposition Triangle Trie Twelvefold_Way Tycon Types_Tableaus_and_Goedels_God UPF UPF_Firewall UTP Universal_Turing_Machine UpDown_Scheme Valuation VectorSpace VeriComp Verified-Prover VerifyThis2018 VerifyThis2019 Vickrey_Clarke_Groves VolpanoSmith WHATandWHERE_Security WOOT_Strong_Eventual_Consistency WebAssembly Weight_Balanced_Trees Well_Quasi_Orders Winding_Number_Eval Word_Lib WorkerWrapper XML ZFC_in_HOL Zeta_3_Irrational Zeta_Function pGCL