

theorem T4:

for f, x0 st f is_differentiable_on right_open_halfline(0) &

(x0>0) &

(for x st (x>0 & x<x0) holds diff(f,x)<=0) &

(for x st x>x0 holds diff(f,x)>=0) holds

for x st x>0 holds f.x>=f.x0

proof

let f be Function of REAL,REAL; let x0 be Real;

assume H1: f is_differentiable_on right_open_halfline(0);

L1: :: A simple corollary of the Lagrange middle value theorem

for a,b st (a>0 & b>a) ex x2 st x2 in ].a,b.[ & diff(f,x2)=(f.b-f.a)/(b-a)

proof

let a,b be Real; assume LH1: a>0; assume LH2: b>a;

LH5: f is_continuous_on right_open_halfline(0) by H1,FDIFF_1:33;

LH6: [.a,b.] c= right_open_halfline(0) by LH1,LH2,T3; then

LH3: f is_continuous_on [.a,b.] by LH5,FCONT_1:17;



].a,b.[ c= [.a,b.] by RCOMP_1:15; then

].a,b.[ c= right_open_halfline(0) by LH6,XBOOLE_1:1; then

LH4: f is_differentiable_on ].a,b.[ by H1,FDIFF_1:34;

thus thesis by ROLLE:3,LH2,LH3,LH4;

end;

assume H2: x0>0;

assume H3: for x st (x>0 & x<x0) holds diff(f,x)<=0;

assume H4: for x st x>x0 holds diff(f,x)>=0;

let x1 be Real; assume H5: x1>0;

per cases;

suppose x1=x0;

then f.x1=f.x0;

hence thesis;

end;

suppose H6: x1<>x0;

per cases by XREAL_1:57,H6;

suppose H8: 0<x1-x0;

then x1>x0 by XREAL_1:49;

then consider x2 such that

H7: x2 in ].x0,x1.[ & diff(f,x2)=(f.x1-f.x0)/(x1-x0) by L1,H2;

x2>x0 by H7,T2; then diff(f,x2)>=0 by H4;

then (f.x1-f.x0)/(x1-x0)>=0 by H7;

then f.x1-f.x0>=0 by H8,XREAL_1:143;

hence f.x1>=f.x0 by XREAL_1:51;

end;

suppose H9: 0<x0-x1;

then x1<x0 by XREAL_1:49;

then consider x2 such that

H10: x2 in ].x1,x0.[ & diff(f,x2)=(f.x0-f.x1)/(x0-x1) by L1,H5,H2;

x2>0 & x2<x0 by H10,T2,H5,XREAL_1:2;

then diff(f,x2)<=0 by H3;

then (f.x0-f.x1)/(x0-x1)<=0 by H10;

then f.x0-f.x1<=0 by H9,XREAL_1:141;

hence f.x1>=f.x0 by XREAL_1:52;

end;

end;

end;



I have been playing with the Mizar system ( http://www.mizar.org/ ) recently.Mizar is a system for formalizing mathematics. In other words, the user of the system must specify axioms, definitions, theorems and their step-by-step proofs using a special computer language, and the computer will verify the correctness of the proof. Currently many branches of mathematics have been covered, including set theory, arithmetic, algebra, calculus, etc., and there are long proofs of important theorems, such as the Hahn-Banach theorem in functional analysis.Documentations is quite scarce, but the tutorial ( http://www.cs.ru.nl/~freek/courses/pa-2005/mizman.ps.gz ), which I found at the Mizar wiki ( http://wiki.mizar.org/cgi-bin/twiki/view/Mizar ), contains a very helpful introduction to the language. Of course, having a good overview of the huge library ("MML") containing definitions and theorems already formalized is also important, and this would likely take more time as the library consists of 946 articles containing 68MB of code in the proof language.A similar system is Coq ( http://coq.inria.fr/ ), which I have been playing with for quite a few years. Overall I like Mizar better than Coq, mostly because the proofs are much more readable: Mizar proofs look much like ordinary mathematics language (except for being more verbose) with keywords such as "assume", "let", "then" and "thus" that have rigorously defined meanings, while Coq proofs consist of a long sequence of "tactics" that are applied in an interactive environment, so they are generally hard to understand by themselves without actually typing them in one by one interactively. Also, the Mizar engine is a bit more "intelligent" (but also somewhat less predictable for beginners, of course) with more flexibility in dealing with complex logical formulas and inequalities (e.g. it identifies A->B and ~B->~A, as well as AA), while the Coq engine generally works in smaller steps except for some specialized tactics. The tutorial above contains a more detailed comparison.IMHO the Mizar syntax looks somewhat like Metapost, while Coq, due to its type theory basis, looks like a functional programming language. For example, here is the proof of a simple theorem in calculus that I have written as an exercise (but it is already much more advanced than anything I have written in Coq):Certain parts of Mizar are still quite annoying. For one, it is very hard, for a beginner at least, to find the articles (similar to C headers) containing all necessary definitions. Missing an article reference would often result in cryptic error messages. Other error messages are likewise uninformative; for example, exactly the same error (invalid inference) is given when a theorem cannot be applied, whatever the reason is (the skipping of too many steps, applying the wrong theorem, missing a precondition, or maybe just some subtle type error such as mixing "real number" vs. "Real"). Indeed, I'm not sure where to use "real number" and where to use "Real". It looks much like an inconsistency.But anyway, I find Mizar a fun and addictive thing, even though sometimes it can be so frustrating.