问题
I am trying to learn isabelle/Isar and make sense out of the following simple proof about mod from Rings.thy. I made a copy of the type class to avoid clashing with the original:
class semiring_modulo1 = comm_semiring_1_cancel + divide + modulo +
assumes div_mult_mod_eq: "a div b * b + a mod b = a"
begin
Then this is the lemma whose proof confuses me. The first line makes sense as it uses a previous theorem and rewrites it by symmetry. But the next two lines look really strange. Each of them states the same thing equals itself (e.g. "a div b = a div b"). They seem useless/meaningless. They do not connect to the q or r in the lemma to prove (q and r were never mentioned in the proof).
lemma mod_div_decomp:
fixes a b
obtains q r where "q = a div b" and "r = a mod b"
and "a = q * b + r"
proof -
from div_mult_mod_eq have "a = a div b * b + a mod b" by simp
moreover have "a div b = a div b" ..
moreover have "a mod b = a mod b" ..
note that ultimately show thesis by blast
qed
My questions are:
Why are these empty equalities necessary (and leaving them out breaks the proof)?
What is the equivalent statement of these in English/Mizar?
Are there alternative ways in Isar to write the proof in a way that is closer to English (e.g. take q = a div b ...)?
回答1:
They're not necessary. It's just that the rule that (which is produced by the obtains keyword) looks like this:
?q1 = a div b ⟹ ?r1 = a mod b ⟹ a = ?q1 * b + ?r1 ⟹ thesis
This is the usual encoding of existential statements in higher-order logic. The a div b = a div b and a mod b = a mod b simply provides hints to blast about how to instantiate the first two assumptions. However, it seems that this is not really needed, it also works without these two trivial equalities.
In any case, even if I had wanted to give instantiation hints, I probably would have done it with that[of "a div b" "a mod b"] or that[OF refl refl] instead.
That said, I'm not really sure why this lemma exists in the first place. The assumptions seem kind of vacuous.
来源:https://stackoverflow.com/questions/65786736/why-are-the-following-trivial-self-equalities-needed-in-the-isabelle-isar-proof