Why this trivally incorrect lemma can be proved using sos?
I'm new to Isabelle and have encountered a problem that I'm struggling with. I have the following lemma:
imports Main HOL.HOL HOL.Real "HOL-Library.Sum_of_Squares"
lemma
fixes r :: real
assumes "r = 8/7"
shows "r = 2"
proof-
show "r = 2" using assms by sos
qed
I would like to understand why Isabelle accepts this proof despite the contradiction. Is it something related to the sos method, or am I misunderstanding something fundamental about the way proofs work in Isabelle?
Any insights would be greatly appreciated, and I thank you in advance for your help.
The Isabelle theorem prover accepts this proof and outputs "No subgoals!" However, I'm puzzled, as the lemma is clearly incorrect.
This is mostly a user interface problem. The Isabelle/jEdit 2022 window for this proof should look like this:
Notice that the by sos is still highlighted in thistle. This is Isabelle/jEdit's way of communicating that the proof method has not terminated yet. (But it also has not given up yet. Giving up would be highlighted in pink.)
Compare the line to the trivial by rule proof that I've added in the line above. This is what checked proof steps look like.
Thus, by sos has not proven the bogus claim. (Phew!)
Then what's with the “No subgoals”?
But why is Isabelle then claiming No subgoals in the proof state?! The answer is that Isabelle tries to check the theory in a parallelized manner. A proof method that takes long should not block the other proof-checking threads. So, other threads continue from that line with the hypothesis that, should by sos terminate, there would be no remaining subgoals and they could use the proven lemma.
The main effect of this is that one can open, check, and edit theories much faster than one could if there were no parallelization. But it also means that following proof steps could indeed complete even though the theory is broken.
As long as there are any highlighted proof steps, everything below could be false, even though individual proof steps are sound.
- Meaning of isabelle clarsimp/fastforce's background turning light red
- What does the `using` keyword do with `blast`?
- Instantiating multiple \forall quanfiers at once
- Could not find lexicographic termination order
- Bad session in Isabelle
- Define evaluable inductive predicate for a record and set
- Cannot access definition in HOL.Bit_Operations
- What is the difference between primrec and fun in Isabelle/HOL?
- Proof by reductio ad absurdum in Isabelle
- Locale inheritance after interpretation
- How to verify C functions with array parameters using Isabelle
- Is it possible to define a context for syntax rules?
- stuck on a proof (modeling IMP language)
- Sledgehammer output with vampire
- Complex set comprehension
- Can I define an "inductive" function on finite sets?
- Why this trivally incorrect lemma can be proved using sos?
- Isabelle Nitpick cardinality limit of 65536 exceeded; what to do?
- Termination proof in Isabelle
- Custom syntax for datatype constructor
- Is 1 / 0 = 0 according to Isabelle?
- Instantiate typeclass over type_synonym
- Recursive function leads to simplifier loop in Isabelle
- Isabelle: [simp] leading to an infinite loop
- How can I use a size parameter for datatype definitions
- Work backwards from goal in structured (isar) proof
- How to prove such a lemma that one hold and other holds, the concat of two still holds
- How to reuse type variables from locales
- How to have full control over substitution in Isabelle
- Isar: Failed to retrieve literal fact