src/HOL/Lattices.thy
 author haftmann Tue Sep 22 15:36:55 2009 +0200 (2009-09-22) changeset 32642 026e7c6a6d08 parent 32568 89518a3074e1 child 32780 be337ec31268 permissions -rw-r--r--
be more cautious wrt. simp rules: inf_absorb1, inf_absorb2, sup_absorb1, sup_absorb2 are no simp rules by default any longer
```     1 (*  Title:      HOL/Lattices.thy
```
```     2     Author:     Tobias Nipkow
```
```     3 *)
```
```     4
```
```     5 header {* Abstract lattices *}
```
```     6
```
```     7 theory Lattices
```
```     8 imports Orderings
```
```     9 begin
```
```    10
```
```    11 subsection {* Lattices *}
```
```    12
```
```    13 notation
```
```    14   less_eq  (infix "\<sqsubseteq>" 50) and
```
```    15   less  (infix "\<sqsubset>" 50) and
```
```    16   top ("\<top>") and
```
```    17   bot ("\<bottom>")
```
```    18
```
```    19 class lower_semilattice = order +
```
```    20   fixes inf :: "'a \<Rightarrow> 'a \<Rightarrow> 'a" (infixl "\<sqinter>" 70)
```
```    21   assumes inf_le1 [simp]: "x \<sqinter> y \<sqsubseteq> x"
```
```    22   and inf_le2 [simp]: "x \<sqinter> y \<sqsubseteq> y"
```
```    23   and inf_greatest: "x \<sqsubseteq> y \<Longrightarrow> x \<sqsubseteq> z \<Longrightarrow> x \<sqsubseteq> y \<sqinter> z"
```
```    24
```
```    25 class upper_semilattice = order +
```
```    26   fixes sup :: "'a \<Rightarrow> 'a \<Rightarrow> 'a" (infixl "\<squnion>" 65)
```
```    27   assumes sup_ge1 [simp]: "x \<sqsubseteq> x \<squnion> y"
```
```    28   and sup_ge2 [simp]: "y \<sqsubseteq> x \<squnion> y"
```
```    29   and sup_least: "y \<sqsubseteq> x \<Longrightarrow> z \<sqsubseteq> x \<Longrightarrow> y \<squnion> z \<sqsubseteq> x"
```
```    30 begin
```
```    31
```
```    32 text {* Dual lattice *}
```
```    33
```
```    34 lemma dual_semilattice:
```
```    35   "lower_semilattice (op \<ge>) (op >) sup"
```
```    36 by (rule lower_semilattice.intro, rule dual_order)
```
```    37   (unfold_locales, simp_all add: sup_least)
```
```    38
```
```    39 end
```
```    40
```
```    41 class lattice = lower_semilattice + upper_semilattice
```
```    42
```
```    43
```
```    44 subsubsection {* Intro and elim rules*}
```
```    45
```
```    46 context lower_semilattice
```
```    47 begin
```
```    48
```
```    49 lemma le_infI1:
```
```    50   "a \<sqsubseteq> x \<Longrightarrow> a \<sqinter> b \<sqsubseteq> x"
```
```    51   by (rule order_trans) auto
```
```    52
```
```    53 lemma le_infI2:
```
```    54   "b \<sqsubseteq> x \<Longrightarrow> a \<sqinter> b \<sqsubseteq> x"
```
```    55   by (rule order_trans) auto
```
```    56
```
```    57 lemma le_infI: "x \<sqsubseteq> a \<Longrightarrow> x \<sqsubseteq> b \<Longrightarrow> x \<sqsubseteq> a \<sqinter> b"
```
```    58   by (blast intro: inf_greatest)
```
```    59
```
```    60 lemma le_infE: "x \<sqsubseteq> a \<sqinter> b \<Longrightarrow> (x \<sqsubseteq> a \<Longrightarrow> x \<sqsubseteq> b \<Longrightarrow> P) \<Longrightarrow> P"
```
```    61   by (blast intro: order_trans le_infI1 le_infI2)
```
```    62
```
```    63 lemma le_inf_iff [simp]:
```
```    64   "x \<sqsubseteq> y \<sqinter> z \<longleftrightarrow> x \<sqsubseteq> y \<and> x \<sqsubseteq> z"
```
```    65   by (blast intro: le_infI elim: le_infE)
```
```    66
```
```    67 lemma le_iff_inf:
```
```    68   "x \<sqsubseteq> y \<longleftrightarrow> x \<sqinter> y = x"
```
```    69   by (auto intro: le_infI1 antisym dest: eq_iff [THEN iffD1])
```
```    70
```
```    71 lemma mono_inf:
```
```    72   fixes f :: "'a \<Rightarrow> 'b\<Colon>lower_semilattice"
```
```    73   shows "mono f \<Longrightarrow> f (A \<sqinter> B) \<le> f A \<sqinter> f B"
```
```    74   by (auto simp add: mono_def intro: Lattices.inf_greatest)
```
```    75
```
```    76 end
```
```    77
```
```    78 context upper_semilattice
```
```    79 begin
```
```    80
```
```    81 lemma le_supI1:
```
```    82   "x \<sqsubseteq> a \<Longrightarrow> x \<sqsubseteq> a \<squnion> b"
```
```    83   by (rule order_trans) auto
```
```    84
```
```    85 lemma le_supI2:
```
```    86   "x \<sqsubseteq> b \<Longrightarrow> x \<sqsubseteq> a \<squnion> b"
```
```    87   by (rule order_trans) auto
```
```    88
```
```    89 lemma le_supI:
```
```    90   "a \<sqsubseteq> x \<Longrightarrow> b \<sqsubseteq> x \<Longrightarrow> a \<squnion> b \<sqsubseteq> x"
```
```    91   by (blast intro: sup_least)
```
```    92
```
```    93 lemma le_supE:
```
```    94   "a \<squnion> b \<sqsubseteq> x \<Longrightarrow> (a \<sqsubseteq> x \<Longrightarrow> b \<sqsubseteq> x \<Longrightarrow> P) \<Longrightarrow> P"
```
```    95   by (blast intro: le_supI1 le_supI2 order_trans)
```
```    96
```
```    97 lemma le_sup_iff [simp]:
```
```    98   "x \<squnion> y \<sqsubseteq> z \<longleftrightarrow> x \<sqsubseteq> z \<and> y \<sqsubseteq> z"
```
```    99   by (blast intro: le_supI elim: le_supE)
```
```   100
```
```   101 lemma le_iff_sup:
```
```   102   "x \<sqsubseteq> y \<longleftrightarrow> x \<squnion> y = y"
```
```   103   by (auto intro: le_supI2 antisym dest: eq_iff [THEN iffD1])
```
```   104
```
```   105 lemma mono_sup:
```
```   106   fixes f :: "'a \<Rightarrow> 'b\<Colon>upper_semilattice"
```
```   107   shows "mono f \<Longrightarrow> f A \<squnion> f B \<le> f (A \<squnion> B)"
```
```   108   by (auto simp add: mono_def intro: Lattices.sup_least)
```
```   109
```
```   110 end
```
```   111
```
```   112
```
```   113 subsubsection {* Equational laws *}
```
```   114
```
```   115 context lower_semilattice
```
```   116 begin
```
```   117
```
```   118 lemma inf_commute: "(x \<sqinter> y) = (y \<sqinter> x)"
```
```   119   by (rule antisym) auto
```
```   120
```
```   121 lemma inf_assoc: "(x \<sqinter> y) \<sqinter> z = x \<sqinter> (y \<sqinter> z)"
```
```   122   by (rule antisym) (auto intro: le_infI1 le_infI2)
```
```   123
```
```   124 lemma inf_idem[simp]: "x \<sqinter> x = x"
```
```   125   by (rule antisym) auto
```
```   126
```
```   127 lemma inf_left_idem[simp]: "x \<sqinter> (x \<sqinter> y) = x \<sqinter> y"
```
```   128   by (rule antisym) (auto intro: le_infI2)
```
```   129
```
```   130 lemma inf_absorb1: "x \<sqsubseteq> y \<Longrightarrow> x \<sqinter> y = x"
```
```   131   by (rule antisym) auto
```
```   132
```
```   133 lemma inf_absorb2: "y \<sqsubseteq> x \<Longrightarrow> x \<sqinter> y = y"
```
```   134   by (rule antisym) auto
```
```   135
```
```   136 lemma inf_left_commute: "x \<sqinter> (y \<sqinter> z) = y \<sqinter> (x \<sqinter> z)"
```
```   137   by (rule mk_left_commute [of inf]) (fact inf_assoc inf_commute)+
```
```   138
```
```   139 lemmas inf_aci = inf_commute inf_assoc inf_left_commute inf_left_idem
```
```   140
```
```   141 end
```
```   142
```
```   143 context upper_semilattice
```
```   144 begin
```
```   145
```
```   146 lemma sup_commute: "(x \<squnion> y) = (y \<squnion> x)"
```
```   147   by (rule antisym) auto
```
```   148
```
```   149 lemma sup_assoc: "(x \<squnion> y) \<squnion> z = x \<squnion> (y \<squnion> z)"
```
```   150   by (rule antisym) (auto intro: le_supI1 le_supI2)
```
```   151
```
```   152 lemma sup_idem[simp]: "x \<squnion> x = x"
```
```   153   by (rule antisym) auto
```
```   154
```
```   155 lemma sup_left_idem[simp]: "x \<squnion> (x \<squnion> y) = x \<squnion> y"
```
```   156   by (rule antisym) (auto intro: le_supI2)
```
```   157
```
```   158 lemma sup_absorb1: "y \<sqsubseteq> x \<Longrightarrow> x \<squnion> y = x"
```
```   159   by (rule antisym) auto
```
```   160
```
```   161 lemma sup_absorb2: "x \<sqsubseteq> y \<Longrightarrow> x \<squnion> y = y"
```
```   162   by (rule antisym) auto
```
```   163
```
```   164 lemma sup_left_commute: "x \<squnion> (y \<squnion> z) = y \<squnion> (x \<squnion> z)"
```
```   165   by (rule mk_left_commute [of sup]) (fact sup_assoc sup_commute)+
```
```   166
```
```   167 lemmas sup_aci = sup_commute sup_assoc sup_left_commute sup_left_idem
```
```   168
```
```   169 end
```
```   170
```
```   171 context lattice
```
```   172 begin
```
```   173
```
```   174 lemma dual_lattice:
```
```   175   "lattice (op \<ge>) (op >) sup inf"
```
```   176   by (rule lattice.intro, rule dual_semilattice, rule upper_semilattice.intro, rule dual_order)
```
```   177     (unfold_locales, auto)
```
```   178
```
```   179 lemma inf_sup_absorb: "x \<sqinter> (x \<squnion> y) = x"
```
```   180   by (blast intro: antisym inf_le1 inf_greatest sup_ge1)
```
```   181
```
```   182 lemma sup_inf_absorb: "x \<squnion> (x \<sqinter> y) = x"
```
```   183   by (blast intro: antisym sup_ge1 sup_least inf_le1)
```
```   184
```
```   185 lemmas inf_sup_aci = inf_aci sup_aci
```
```   186
```
```   187 lemmas inf_sup_ord = inf_le1 inf_le2 sup_ge1 sup_ge2
```
```   188
```
```   189 text{* Towards distributivity *}
```
```   190
```
```   191 lemma distrib_sup_le: "x \<squnion> (y \<sqinter> z) \<sqsubseteq> (x \<squnion> y) \<sqinter> (x \<squnion> z)"
```
```   192   by (auto intro: le_infI1 le_infI2 le_supI1 le_supI2)
```
```   193
```
```   194 lemma distrib_inf_le: "(x \<sqinter> y) \<squnion> (x \<sqinter> z) \<sqsubseteq> x \<sqinter> (y \<squnion> z)"
```
```   195   by (auto intro: le_infI1 le_infI2 le_supI1 le_supI2)
```
```   196
```
```   197 text{* If you have one of them, you have them all. *}
```
```   198
```
```   199 lemma distrib_imp1:
```
```   200 assumes D: "!!x y z. x \<sqinter> (y \<squnion> z) = (x \<sqinter> y) \<squnion> (x \<sqinter> z)"
```
```   201 shows "x \<squnion> (y \<sqinter> z) = (x \<squnion> y) \<sqinter> (x \<squnion> z)"
```
```   202 proof-
```
```   203   have "x \<squnion> (y \<sqinter> z) = (x \<squnion> (x \<sqinter> z)) \<squnion> (y \<sqinter> z)" by(simp add:sup_inf_absorb)
```
```   204   also have "\<dots> = x \<squnion> (z \<sqinter> (x \<squnion> y))" by(simp add:D inf_commute sup_assoc del:sup_absorb1)
```
```   205   also have "\<dots> = ((x \<squnion> y) \<sqinter> x) \<squnion> ((x \<squnion> y) \<sqinter> z)"
```
```   206     by(simp add:inf_sup_absorb inf_commute)
```
```   207   also have "\<dots> = (x \<squnion> y) \<sqinter> (x \<squnion> z)" by(simp add:D)
```
```   208   finally show ?thesis .
```
```   209 qed
```
```   210
```
```   211 lemma distrib_imp2:
```
```   212 assumes D: "!!x y z. x \<squnion> (y \<sqinter> z) = (x \<squnion> y) \<sqinter> (x \<squnion> z)"
```
```   213 shows "x \<sqinter> (y \<squnion> z) = (x \<sqinter> y) \<squnion> (x \<sqinter> z)"
```
```   214 proof-
```
```   215   have "x \<sqinter> (y \<squnion> z) = (x \<sqinter> (x \<squnion> z)) \<sqinter> (y \<squnion> z)" by(simp add:inf_sup_absorb)
```
```   216   also have "\<dots> = x \<sqinter> (z \<squnion> (x \<sqinter> y))" by(simp add:D sup_commute inf_assoc del:inf_absorb1)
```
```   217   also have "\<dots> = ((x \<sqinter> y) \<squnion> x) \<sqinter> ((x \<sqinter> y) \<squnion> z)"
```
```   218     by(simp add:sup_inf_absorb sup_commute)
```
```   219   also have "\<dots> = (x \<sqinter> y) \<squnion> (x \<sqinter> z)" by(simp add:D)
```
```   220   finally show ?thesis .
```
```   221 qed
```
```   222
```
```   223 end
```
```   224
```
```   225 subsubsection {* Strict order *}
```
```   226
```
```   227 context lower_semilattice
```
```   228 begin
```
```   229
```
```   230 lemma less_infI1:
```
```   231   "a \<sqsubset> x \<Longrightarrow> a \<sqinter> b \<sqsubset> x"
```
```   232   by (auto simp add: less_le inf_absorb1 intro: le_infI1)
```
```   233
```
```   234 lemma less_infI2:
```
```   235   "b \<sqsubset> x \<Longrightarrow> a \<sqinter> b \<sqsubset> x"
```
```   236   by (auto simp add: less_le inf_absorb2 intro: le_infI2)
```
```   237
```
```   238 end
```
```   239
```
```   240 context upper_semilattice
```
```   241 begin
```
```   242
```
```   243 lemma less_supI1:
```
```   244   "x < a \<Longrightarrow> x < a \<squnion> b"
```
```   245 proof -
```
```   246   interpret dual: lower_semilattice "op \<ge>" "op >" sup
```
```   247     by (fact dual_semilattice)
```
```   248   assume "x < a"
```
```   249   then show "x < a \<squnion> b"
```
```   250     by (fact dual.less_infI1)
```
```   251 qed
```
```   252
```
```   253 lemma less_supI2:
```
```   254   "x < b \<Longrightarrow> x < a \<squnion> b"
```
```   255 proof -
```
```   256   interpret dual: lower_semilattice "op \<ge>" "op >" sup
```
```   257     by (fact dual_semilattice)
```
```   258   assume "x < b"
```
```   259   then show "x < a \<squnion> b"
```
```   260     by (fact dual.less_infI2)
```
```   261 qed
```
```   262
```
```   263 end
```
```   264
```
```   265
```
```   266 subsection {* Distributive lattices *}
```
```   267
```
```   268 class distrib_lattice = lattice +
```
```   269   assumes sup_inf_distrib1: "x \<squnion> (y \<sqinter> z) = (x \<squnion> y) \<sqinter> (x \<squnion> z)"
```
```   270
```
```   271 context distrib_lattice
```
```   272 begin
```
```   273
```
```   274 lemma sup_inf_distrib2:
```
```   275  "(y \<sqinter> z) \<squnion> x = (y \<squnion> x) \<sqinter> (z \<squnion> x)"
```
```   276 by(simp add: inf_sup_aci sup_inf_distrib1)
```
```   277
```
```   278 lemma inf_sup_distrib1:
```
```   279  "x \<sqinter> (y \<squnion> z) = (x \<sqinter> y) \<squnion> (x \<sqinter> z)"
```
```   280 by(rule distrib_imp2[OF sup_inf_distrib1])
```
```   281
```
```   282 lemma inf_sup_distrib2:
```
```   283  "(y \<squnion> z) \<sqinter> x = (y \<sqinter> x) \<squnion> (z \<sqinter> x)"
```
```   284 by(simp add: inf_sup_aci inf_sup_distrib1)
```
```   285
```
```   286 lemma dual_distrib_lattice:
```
```   287   "distrib_lattice (op \<ge>) (op >) sup inf"
```
```   288   by (rule distrib_lattice.intro, rule dual_lattice)
```
```   289     (unfold_locales, fact inf_sup_distrib1)
```
```   290
```
```   291 lemmas distrib =
```
```   292   sup_inf_distrib1 sup_inf_distrib2 inf_sup_distrib1 inf_sup_distrib2
```
```   293
```
```   294 end
```
```   295
```
```   296
```
```   297 subsection {* Boolean algebras *}
```
```   298
```
```   299 class boolean_algebra = distrib_lattice + top + bot + minus + uminus +
```
```   300   assumes inf_compl_bot: "x \<sqinter> - x = bot"
```
```   301     and sup_compl_top: "x \<squnion> - x = top"
```
```   302   assumes diff_eq: "x - y = x \<sqinter> - y"
```
```   303 begin
```
```   304
```
```   305 lemma dual_boolean_algebra:
```
```   306   "boolean_algebra (\<lambda>x y. x \<squnion> - y) uminus (op \<ge>) (op >) (op \<squnion>) (op \<sqinter>) top bot"
```
```   307   by (rule boolean_algebra.intro, rule dual_distrib_lattice)
```
```   308     (unfold_locales,
```
```   309       auto simp add: inf_compl_bot sup_compl_top diff_eq less_le_not_le)
```
```   310
```
```   311 lemma compl_inf_bot:
```
```   312   "- x \<sqinter> x = bot"
```
```   313   by (simp add: inf_commute inf_compl_bot)
```
```   314
```
```   315 lemma compl_sup_top:
```
```   316   "- x \<squnion> x = top"
```
```   317   by (simp add: sup_commute sup_compl_top)
```
```   318
```
```   319 lemma inf_bot_left [simp]:
```
```   320   "bot \<sqinter> x = bot"
```
```   321   by (rule inf_absorb1) simp
```
```   322
```
```   323 lemma inf_bot_right [simp]:
```
```   324   "x \<sqinter> bot = bot"
```
```   325   by (rule inf_absorb2) simp
```
```   326
```
```   327 lemma sup_top_left [simp]:
```
```   328   "top \<squnion> x = top"
```
```   329   by (rule sup_absorb1) simp
```
```   330
```
```   331 lemma sup_top_right [simp]:
```
```   332   "x \<squnion> top = top"
```
```   333   by (rule sup_absorb2) simp
```
```   334
```
```   335 lemma inf_top_left [simp]:
```
```   336   "top \<sqinter> x = x"
```
```   337   by (rule inf_absorb2) simp
```
```   338
```
```   339 lemma inf_top_right [simp]:
```
```   340   "x \<sqinter> top = x"
```
```   341   by (rule inf_absorb1) simp
```
```   342
```
```   343 lemma sup_bot_left [simp]:
```
```   344   "bot \<squnion> x = x"
```
```   345   by (rule sup_absorb2) simp
```
```   346
```
```   347 lemma sup_bot_right [simp]:
```
```   348   "x \<squnion> bot = x"
```
```   349   by (rule sup_absorb1) simp
```
```   350
```
```   351 lemma inf_eq_top_eq1:
```
```   352   assumes "A \<sqinter> B = \<top>"
```
```   353   shows "A = \<top>"
```
```   354 proof (cases "B = \<top>")
```
```   355   case True with assms show ?thesis by simp
```
```   356 next
```
```   357   case False with top_greatest have "B < \<top>" by (auto intro: neq_le_trans)
```
```   358   then have "A \<sqinter> B < \<top>" by (rule less_infI2)
```
```   359   with assms show ?thesis by simp
```
```   360 qed
```
```   361
```
```   362 lemma inf_eq_top_eq2:
```
```   363   assumes "A \<sqinter> B = \<top>"
```
```   364   shows "B = \<top>"
```
```   365   by (rule inf_eq_top_eq1, unfold inf_commute [of B]) (fact assms)
```
```   366
```
```   367 lemma sup_eq_bot_eq1:
```
```   368   assumes "A \<squnion> B = \<bottom>"
```
```   369   shows "A = \<bottom>"
```
```   370 proof -
```
```   371   interpret dual: boolean_algebra "\<lambda>x y. x \<squnion> - y" uminus "op \<ge>" "op >" "op \<squnion>" "op \<sqinter>" top bot
```
```   372     by (rule dual_boolean_algebra)
```
```   373   from dual.inf_eq_top_eq1 assms show ?thesis .
```
```   374 qed
```
```   375
```
```   376 lemma sup_eq_bot_eq2:
```
```   377   assumes "A \<squnion> B = \<bottom>"
```
```   378   shows "B = \<bottom>"
```
```   379 proof -
```
```   380   interpret dual: boolean_algebra "\<lambda>x y. x \<squnion> - y" uminus "op \<ge>" "op >" "op \<squnion>" "op \<sqinter>" top bot
```
```   381     by (rule dual_boolean_algebra)
```
```   382   from dual.inf_eq_top_eq2 assms show ?thesis .
```
```   383 qed
```
```   384
```
```   385 lemma compl_unique:
```
```   386   assumes "x \<sqinter> y = bot"
```
```   387     and "x \<squnion> y = top"
```
```   388   shows "- x = y"
```
```   389 proof -
```
```   390   have "(x \<sqinter> - x) \<squnion> (- x \<sqinter> y) = (x \<sqinter> y) \<squnion> (- x \<sqinter> y)"
```
```   391     using inf_compl_bot assms(1) by simp
```
```   392   then have "(- x \<sqinter> x) \<squnion> (- x \<sqinter> y) = (y \<sqinter> x) \<squnion> (y \<sqinter> - x)"
```
```   393     by (simp add: inf_commute)
```
```   394   then have "- x \<sqinter> (x \<squnion> y) = y \<sqinter> (x \<squnion> - x)"
```
```   395     by (simp add: inf_sup_distrib1)
```
```   396   then have "- x \<sqinter> top = y \<sqinter> top"
```
```   397     using sup_compl_top assms(2) by simp
```
```   398   then show "- x = y" by (simp add: inf_top_right)
```
```   399 qed
```
```   400
```
```   401 lemma double_compl [simp]:
```
```   402   "- (- x) = x"
```
```   403   using compl_inf_bot compl_sup_top by (rule compl_unique)
```
```   404
```
```   405 lemma compl_eq_compl_iff [simp]:
```
```   406   "- x = - y \<longleftrightarrow> x = y"
```
```   407 proof
```
```   408   assume "- x = - y"
```
```   409   then have "- x \<sqinter> y = bot"
```
```   410     and "- x \<squnion> y = top"
```
```   411     by (simp_all add: compl_inf_bot compl_sup_top)
```
```   412   then have "- (- x) = y" by (rule compl_unique)
```
```   413   then show "x = y" by simp
```
```   414 next
```
```   415   assume "x = y"
```
```   416   then show "- x = - y" by simp
```
```   417 qed
```
```   418
```
```   419 lemma compl_bot_eq [simp]:
```
```   420   "- bot = top"
```
```   421 proof -
```
```   422   from sup_compl_top have "bot \<squnion> - bot = top" .
```
```   423   then show ?thesis by simp
```
```   424 qed
```
```   425
```
```   426 lemma compl_top_eq [simp]:
```
```   427   "- top = bot"
```
```   428 proof -
```
```   429   from inf_compl_bot have "top \<sqinter> - top = bot" .
```
```   430   then show ?thesis by simp
```
```   431 qed
```
```   432
```
```   433 lemma compl_inf [simp]:
```
```   434   "- (x \<sqinter> y) = - x \<squnion> - y"
```
```   435 proof (rule compl_unique)
```
```   436   have "(x \<sqinter> y) \<sqinter> (- x \<squnion> - y) = ((x \<sqinter> y) \<sqinter> - x) \<squnion> ((x \<sqinter> y) \<sqinter> - y)"
```
```   437     by (rule inf_sup_distrib1)
```
```   438   also have "... = (y \<sqinter> (x \<sqinter> - x)) \<squnion> (x \<sqinter> (y \<sqinter> - y))"
```
```   439     by (simp only: inf_commute inf_assoc inf_left_commute)
```
```   440   finally show "(x \<sqinter> y) \<sqinter> (- x \<squnion> - y) = bot"
```
```   441     by (simp add: inf_compl_bot)
```
```   442 next
```
```   443   have "(x \<sqinter> y) \<squnion> (- x \<squnion> - y) = (x \<squnion> (- x \<squnion> - y)) \<sqinter> (y \<squnion> (- x \<squnion> - y))"
```
```   444     by (rule sup_inf_distrib2)
```
```   445   also have "... = (- y \<squnion> (x \<squnion> - x)) \<sqinter> (- x \<squnion> (y \<squnion> - y))"
```
```   446     by (simp only: sup_commute sup_assoc sup_left_commute)
```
```   447   finally show "(x \<sqinter> y) \<squnion> (- x \<squnion> - y) = top"
```
```   448     by (simp add: sup_compl_top)
```
```   449 qed
```
```   450
```
```   451 lemma compl_sup [simp]:
```
```   452   "- (x \<squnion> y) = - x \<sqinter> - y"
```
```   453 proof -
```
```   454   interpret boolean_algebra "\<lambda>x y. x \<squnion> - y" uminus "op \<ge>" "op >" "op \<squnion>" "op \<sqinter>" top bot
```
```   455     by (rule dual_boolean_algebra)
```
```   456   then show ?thesis by simp
```
```   457 qed
```
```   458
```
```   459 end
```
```   460
```
```   461
```
```   462 subsection {* Uniqueness of inf and sup *}
```
```   463
```
```   464 lemma (in lower_semilattice) inf_unique:
```
```   465   fixes f (infixl "\<triangle>" 70)
```
```   466   assumes le1: "\<And>x y. x \<triangle> y \<le> x" and le2: "\<And>x y. x \<triangle> y \<le> y"
```
```   467   and greatest: "\<And>x y z. x \<le> y \<Longrightarrow> x \<le> z \<Longrightarrow> x \<le> y \<triangle> z"
```
```   468   shows "x \<sqinter> y = x \<triangle> y"
```
```   469 proof (rule antisym)
```
```   470   show "x \<triangle> y \<le> x \<sqinter> y" by (rule le_infI) (rule le1, rule le2)
```
```   471 next
```
```   472   have leI: "\<And>x y z. x \<le> y \<Longrightarrow> x \<le> z \<Longrightarrow> x \<le> y \<triangle> z" by (blast intro: greatest)
```
```   473   show "x \<sqinter> y \<le> x \<triangle> y" by (rule leI) simp_all
```
```   474 qed
```
```   475
```
```   476 lemma (in upper_semilattice) sup_unique:
```
```   477   fixes f (infixl "\<nabla>" 70)
```
```   478   assumes ge1 [simp]: "\<And>x y. x \<le> x \<nabla> y" and ge2: "\<And>x y. y \<le> x \<nabla> y"
```
```   479   and least: "\<And>x y z. y \<le> x \<Longrightarrow> z \<le> x \<Longrightarrow> y \<nabla> z \<le> x"
```
```   480   shows "x \<squnion> y = x \<nabla> y"
```
```   481 proof (rule antisym)
```
```   482   show "x \<squnion> y \<le> x \<nabla> y" by (rule le_supI) (rule ge1, rule ge2)
```
```   483 next
```
```   484   have leI: "\<And>x y z. x \<le> z \<Longrightarrow> y \<le> z \<Longrightarrow> x \<nabla> y \<le> z" by (blast intro: least)
```
```   485   show "x \<nabla> y \<le> x \<squnion> y" by (rule leI) simp_all
```
```   486 qed
```
```   487
```
```   488
```
```   489 subsection {* @{const min}/@{const max} on linear orders as
```
```   490   special case of @{const inf}/@{const sup} *}
```
```   491
```
```   492 sublocale linorder < min_max!: distrib_lattice less_eq less min max
```
```   493 proof
```
```   494   fix x y z
```
```   495   show "max x (min y z) = min (max x y) (max x z)"
```
```   496     by (auto simp add: min_def max_def)
```
```   497 qed (auto simp add: min_def max_def not_le less_imp_le)
```
```   498
```
```   499 lemma inf_min: "inf = (min \<Colon> 'a\<Colon>{lower_semilattice, linorder} \<Rightarrow> 'a \<Rightarrow> 'a)"
```
```   500   by (rule ext)+ (auto intro: antisym)
```
```   501
```
```   502 lemma sup_max: "sup = (max \<Colon> 'a\<Colon>{upper_semilattice, linorder} \<Rightarrow> 'a \<Rightarrow> 'a)"
```
```   503   by (rule ext)+ (auto intro: antisym)
```
```   504
```
```   505 lemmas le_maxI1 = min_max.sup_ge1
```
```   506 lemmas le_maxI2 = min_max.sup_ge2
```
```   507
```
```   508 lemmas max_ac = min_max.sup_assoc min_max.sup_commute
```
```   509   mk_left_commute [of max, OF min_max.sup_assoc min_max.sup_commute]
```
```   510
```
```   511 lemmas min_ac = min_max.inf_assoc min_max.inf_commute
```
```   512   mk_left_commute [of min, OF min_max.inf_assoc min_max.inf_commute]
```
```   513
```
```   514
```
```   515 subsection {* Bool as lattice *}
```
```   516
```
```   517 instantiation bool :: boolean_algebra
```
```   518 begin
```
```   519
```
```   520 definition
```
```   521   bool_Compl_def: "uminus = Not"
```
```   522
```
```   523 definition
```
```   524   bool_diff_def: "A - B \<longleftrightarrow> A \<and> \<not> B"
```
```   525
```
```   526 definition
```
```   527   inf_bool_eq: "P \<sqinter> Q \<longleftrightarrow> P \<and> Q"
```
```   528
```
```   529 definition
```
```   530   sup_bool_eq: "P \<squnion> Q \<longleftrightarrow> P \<or> Q"
```
```   531
```
```   532 instance proof
```
```   533 qed (simp_all add: inf_bool_eq sup_bool_eq le_bool_def
```
```   534   bot_bool_eq top_bool_eq bool_Compl_def bool_diff_def, auto)
```
```   535
```
```   536 end
```
```   537
```
```   538
```
```   539 subsection {* Fun as lattice *}
```
```   540
```
```   541 instantiation "fun" :: (type, lattice) lattice
```
```   542 begin
```
```   543
```
```   544 definition
```
```   545   inf_fun_eq [code del]: "f \<sqinter> g = (\<lambda>x. f x \<sqinter> g x)"
```
```   546
```
```   547 definition
```
```   548   sup_fun_eq [code del]: "f \<squnion> g = (\<lambda>x. f x \<squnion> g x)"
```
```   549
```
```   550 instance
```
```   551 apply intro_classes
```
```   552 unfolding inf_fun_eq sup_fun_eq
```
```   553 apply (auto intro: le_funI)
```
```   554 apply (rule le_funI)
```
```   555 apply (auto dest: le_funD)
```
```   556 apply (rule le_funI)
```
```   557 apply (auto dest: le_funD)
```
```   558 done
```
```   559
```
```   560 end
```
```   561
```
```   562 instance "fun" :: (type, distrib_lattice) distrib_lattice
```
```   563 proof
```
```   564 qed (auto simp add: inf_fun_eq sup_fun_eq sup_inf_distrib1)
```
```   565
```
```   566 instantiation "fun" :: (type, uminus) uminus
```
```   567 begin
```
```   568
```
```   569 definition
```
```   570   fun_Compl_def: "- A = (\<lambda>x. - A x)"
```
```   571
```
```   572 instance ..
```
```   573
```
```   574 end
```
```   575
```
```   576 instantiation "fun" :: (type, minus) minus
```
```   577 begin
```
```   578
```
```   579 definition
```
```   580   fun_diff_def: "A - B = (\<lambda>x. A x - B x)"
```
```   581
```
```   582 instance ..
```
```   583
```
```   584 end
```
```   585
```
```   586 instance "fun" :: (type, boolean_algebra) boolean_algebra
```
```   587 proof
```
```   588 qed (simp_all add: inf_fun_eq sup_fun_eq bot_fun_eq top_fun_eq fun_Compl_def fun_diff_def
```
```   589   inf_compl_bot sup_compl_top diff_eq)
```
```   590
```
```   591
```
```   592 no_notation
```
```   593   less_eq  (infix "\<sqsubseteq>" 50) and
```
```   594   less (infix "\<sqsubset>" 50) and
```
```   595   inf  (infixl "\<sqinter>" 70) and
```
```   596   sup  (infixl "\<squnion>" 65) and
```
```   597   top ("\<top>") and
```
```   598   bot ("\<bottom>")
```
```   599
```
```   600 end
```