Why is this seemingly incorrect proof OK with Isabelle?

Question

While copying the following proof from the PDF tutorial of Isabelle 2020 into the IDE (about Cantor’s theorem that a function from a set to its powerset cannot be surjective), I made a typo on the "from 1 have 2" line.

lemma "¬ surj (f :: 'a ⇒ 'a set)"
proof
  assume 0: "surj f"
  from 0 have 1: "∀ A. ∃ a. A = f a" by(simp add: surj_def )
  from 1 have 2: "∃ a. {x. x ∉ f x} = f a" by blast
  from 2 show "False" by blast
qed

, so that the line now reads (with a wrong forall quantifier)

  from 1 have 2: "∀ a. {x. x ∉ f x} = f a" by blast

Strangely, both the original proof in the example and this changed version work. But the changed version is incorrect, isn't it?

Am I missing something or can someone explain how the changed version (below) is correct?

lemma "¬ surj (f :: 'a ⇒ 'a set)"
proof
  assume 0: "surj f"
  from 0 have 1: "∀ A. ∃ a. A = f a" by(simp add: surj_def )
  from 1 have 2: "∀ a. {x. x ∉ f x} = f a" by blast
  from 2 show "False" by blast
qed

--- Update ---

To help diagnose the problem, below is the output when I place the mouse on the "from 2 show ..." line. It mentions an exported rule, which seems to be the theorem to be proven. (I don't remember exporting the rule myself, other than maybe accidentally getting the quantifier right in a few trials.)

show False 
Successful attempt to solve goal by exported rule:
  (surj f) ⟹ False 
proof (state)
this:
  False

goal:
No subgoals!

I just tried closing Isabelle and reopening the same .thy file, and got the same result. (As you can see, I am new to the Isabelle environment). Did I just save the theorem somewhere when I entered the right text?

Why is this seemingly incorrect proof OK with Isabelle?

Answers (1)

Related Questions