src/CCL/CCL.thy
author wenzelm
Sat Jun 14 23:52:51 2008 +0200 (2008-06-14)
changeset 27221 31328dc30196
parent 27208 5fe899199f85
child 27239 f2f42f9fa09d
permissions -rw-r--r--
proper context for tactics derived from res_inst_tac;
     1 (*  Title:      CCL/CCL.thy
     2     ID:         $Id$
     3     Author:     Martin Coen
     4     Copyright   1993  University of Cambridge
     5 *)
     6 
     7 header {* Classical Computational Logic for Untyped Lambda Calculus
     8   with reduction to weak head-normal form *}
     9 
    10 theory CCL
    11 imports Gfp
    12 begin
    13 
    14 text {*
    15   Based on FOL extended with set collection, a primitive higher-order
    16   logic.  HOL is too strong - descriptions prevent a type of programs
    17   being defined which contains only executable terms.
    18 *}
    19 
    20 classes prog < "term"
    21 defaultsort prog
    22 
    23 arities "fun" :: (prog, prog) prog
    24 
    25 typedecl i
    26 arities i :: prog
    27 
    28 
    29 consts
    30   (*** Evaluation Judgement ***)
    31   Eval      ::       "[i,i]=>prop"          (infixl "--->" 20)
    32 
    33   (*** Bisimulations for pre-order and equality ***)
    34   po          ::       "['a,'a]=>o"           (infixl "[=" 50)
    35   SIM         ::       "[i,i,i set]=>o"
    36   POgen       ::       "i set => i set"
    37   EQgen       ::       "i set => i set"
    38   PO          ::       "i set"
    39   EQ          ::       "i set"
    40 
    41   (*** Term Formers ***)
    42   true        ::       "i"
    43   false       ::       "i"
    44   pair        ::       "[i,i]=>i"             ("(1<_,/_>)")
    45   lambda      ::       "(i=>i)=>i"            (binder "lam " 55)
    46   "case"      ::       "[i,i,i,[i,i]=>i,(i=>i)=>i]=>i"
    47   "apply"     ::       "[i,i]=>i"             (infixl "`" 56)
    48   bot         ::       "i"
    49   "fix"       ::       "(i=>i)=>i"
    50 
    51   (*** Defined Predicates ***)
    52   Trm         ::       "i => o"
    53   Dvg         ::       "i => o"
    54 
    55 axioms
    56 
    57   (******* EVALUATION SEMANTICS *******)
    58 
    59   (**  This is the evaluation semantics from which the axioms below were derived.  **)
    60   (**  It is included here just as an evaluator for FUN and has no influence on    **)
    61   (**  inference in the theory CCL.                                                **)
    62 
    63   trueV:       "true ---> true"
    64   falseV:      "false ---> false"
    65   pairV:       "<a,b> ---> <a,b>"
    66   lamV:        "lam x. b(x) ---> lam x. b(x)"
    67   caseVtrue:   "[| t ---> true;  d ---> c |] ==> case(t,d,e,f,g) ---> c"
    68   caseVfalse:  "[| t ---> false;  e ---> c |] ==> case(t,d,e,f,g) ---> c"
    69   caseVpair:   "[| t ---> <a,b>;  f(a,b) ---> c |] ==> case(t,d,e,f,g) ---> c"
    70   caseVlam:    "[| t ---> lam x. b(x);  g(b) ---> c |] ==> case(t,d,e,f,g) ---> c"
    71 
    72   (*** Properties of evaluation: note that "t ---> c" impies that c is canonical ***)
    73 
    74   canonical:  "[| t ---> c; c==true ==> u--->v;
    75                           c==false ==> u--->v;
    76                     !!a b. c==<a,b> ==> u--->v;
    77                       !!f. c==lam x. f(x) ==> u--->v |] ==>
    78              u--->v"
    79 
    80   (* Should be derivable - but probably a bitch! *)
    81   substitute: "[| a==a'; t(a)--->c(a) |] ==> t(a')--->c(a')"
    82 
    83   (************** LOGIC ***************)
    84 
    85   (*** Definitions used in the following rules ***)
    86 
    87   apply_def:     "f ` t == case(f,bot,bot,%x y. bot,%u. u(t))"
    88   bot_def:         "bot == (lam x. x`x)`(lam x. x`x)"
    89   fix_def:      "fix(f) == (lam x. f(x`x))`(lam x. f(x`x))"
    90 
    91   (*  The pre-order ([=) is defined as a simulation, and behavioural equivalence (=) *)
    92   (*  as a bisimulation.  They can both be expressed as (bi)simulations up to        *)
    93   (*  behavioural equivalence (ie the relations PO and EQ defined below).            *)
    94 
    95   SIM_def:
    96   "SIM(t,t',R) ==  (t=true & t'=true) | (t=false & t'=false) |
    97                   (EX a a' b b'. t=<a,b> & t'=<a',b'> & <a,a'> : R & <b,b'> : R) |
    98                   (EX f f'. t=lam x. f(x) & t'=lam x. f'(x) & (ALL x.<f(x),f'(x)> : R))"
    99 
   100   POgen_def:  "POgen(R) == {p. EX t t'. p=<t,t'> & (t = bot | SIM(t,t',R))}"
   101   EQgen_def:  "EQgen(R) == {p. EX t t'. p=<t,t'> & (t = bot & t' = bot | SIM(t,t',R))}"
   102 
   103   PO_def:    "PO == gfp(POgen)"
   104   EQ_def:    "EQ == gfp(EQgen)"
   105 
   106   (*** Rules ***)
   107 
   108   (** Partial Order **)
   109 
   110   po_refl:        "a [= a"
   111   po_trans:       "[| a [= b;  b [= c |] ==> a [= c"
   112   po_cong:        "a [= b ==> f(a) [= f(b)"
   113 
   114   (* Extend definition of [= to program fragments of higher type *)
   115   po_abstractn:   "(!!x. f(x) [= g(x)) ==> (%x. f(x)) [= (%x. g(x))"
   116 
   117   (** Equality - equivalence axioms inherited from FOL.thy   **)
   118   (**          - congruence of "=" is axiomatised implicitly **)
   119 
   120   eq_iff:         "t = t' <-> t [= t' & t' [= t"
   121 
   122   (** Properties of canonical values given by greatest fixed point definitions **)
   123 
   124   PO_iff:         "t [= t' <-> <t,t'> : PO"
   125   EQ_iff:         "t =  t' <-> <t,t'> : EQ"
   126 
   127   (** Behaviour of non-canonical terms (ie case) given by the following beta-rules **)
   128 
   129   caseBtrue:            "case(true,d,e,f,g) = d"
   130   caseBfalse:          "case(false,d,e,f,g) = e"
   131   caseBpair:           "case(<a,b>,d,e,f,g) = f(a,b)"
   132   caseBlam:       "case(lam x. b(x),d,e,f,g) = g(b)"
   133   caseBbot:              "case(bot,d,e,f,g) = bot"            (* strictness *)
   134 
   135   (** The theory is non-trivial **)
   136   distinctness:   "~ lam x. b(x) = bot"
   137 
   138   (*** Definitions of Termination and Divergence ***)
   139 
   140   Dvg_def:  "Dvg(t) == t = bot"
   141   Trm_def:  "Trm(t) == ~ Dvg(t)"
   142 
   143 text {*
   144 Would be interesting to build a similar theory for a typed programming language:
   145     ie.     true :: bool,      fix :: ('a=>'a)=>'a  etc......
   146 
   147 This is starting to look like LCF.
   148 What are the advantages of this approach?
   149         - less axiomatic
   150         - wfd induction / coinduction and fixed point induction available
   151 *}
   152 
   153 
   154 lemmas ccl_data_defs = apply_def fix_def
   155   and [simp] = po_refl
   156 
   157 
   158 subsection {* Congruence Rules *}
   159 
   160 (*similar to AP_THM in Gordon's HOL*)
   161 lemma fun_cong: "(f::'a=>'b) = g ==> f(x)=g(x)"
   162   by simp
   163 
   164 (*similar to AP_TERM in Gordon's HOL and FOL's subst_context*)
   165 lemma arg_cong: "x=y ==> f(x)=f(y)"
   166   by simp
   167 
   168 lemma abstractn: "(!!x. f(x) = g(x)) ==> f = g"
   169   apply (simp add: eq_iff)
   170   apply (blast intro: po_abstractn)
   171   done
   172 
   173 lemmas caseBs = caseBtrue caseBfalse caseBpair caseBlam caseBbot
   174 
   175 
   176 subsection {* Termination and Divergence *}
   177 
   178 lemma Trm_iff: "Trm(t) <-> ~ t = bot"
   179   by (simp add: Trm_def Dvg_def)
   180 
   181 lemma Dvg_iff: "Dvg(t) <-> t = bot"
   182   by (simp add: Trm_def Dvg_def)
   183 
   184 
   185 subsection {* Constructors are injective *}
   186 
   187 lemma eq_lemma: "[| x=a;  y=b;  x=y |] ==> a=b"
   188   by simp
   189 
   190 ML {*
   191   fun mk_inj_rl thy rews s =
   192     let
   193       fun mk_inj_lemmas r = [@{thm arg_cong}] RL [r RS (r RS @{thm eq_lemma})]
   194       val inj_lemmas = List.concat (map mk_inj_lemmas rews)
   195       val tac = REPEAT (ares_tac [iffI, allI, conjI] 1 ORELSE
   196         eresolve_tac inj_lemmas 1 ORELSE
   197         asm_simp_tac (Simplifier.theory_context thy @{simpset} addsimps rews) 1)
   198     in prove_goal thy s (fn _ => [tac]) end  
   199 *}
   200 
   201 ML {*
   202   bind_thms ("ccl_injs",
   203     map (mk_inj_rl @{theory} @{thms caseBs})
   204       ["<a,b> = <a',b'> <-> (a=a' & b=b')",
   205        "(lam x. b(x) = lam x. b'(x)) <-> ((ALL z. b(z)=b'(z)))"])
   206 *}
   207 
   208 
   209 lemma pair_inject: "<a,b> = <a',b'> \<Longrightarrow> (a = a' \<Longrightarrow> b = b' \<Longrightarrow> R) \<Longrightarrow> R"
   210   by (simp add: ccl_injs)
   211 
   212 
   213 subsection {* Constructors are distinct *}
   214 
   215 lemma lem: "t=t' ==> case(t,b,c,d,e) = case(t',b,c,d,e)"
   216   by simp
   217 
   218 ML {*
   219 
   220 local
   221   fun pairs_of f x [] = []
   222     | pairs_of f x (y::ys) = (f x y) :: (f y x) :: (pairs_of f x ys)
   223 
   224   fun mk_combs ff [] = []
   225     | mk_combs ff (x::xs) = (pairs_of ff x xs) @ mk_combs ff xs
   226 
   227   (* Doesn't handle binder types correctly *)
   228   fun saturate thy sy name =
   229        let fun arg_str 0 a s = s
   230          | arg_str 1 a s = "(" ^ a ^ "a" ^ s ^ ")"
   231          | arg_str n a s = arg_str (n-1) a ("," ^ a ^ (chr((ord "a")+n-1)) ^ s)
   232            val T = Sign.the_const_type thy (Sign.intern_const thy sy);
   233            val arity = length (fst (strip_type T))
   234        in sy ^ (arg_str arity name "") end
   235 
   236   fun mk_thm_str thy a b = "~ " ^ (saturate thy a "a") ^ " = " ^ (saturate thy b "b")
   237 
   238   val lemma = thm "lem";
   239   val eq_lemma = thm "eq_lemma";
   240   val distinctness = thm "distinctness";
   241   fun mk_lemma (ra,rb) = [lemma] RL [ra RS (rb RS eq_lemma)] RL
   242                            [distinctness RS notE,sym RS (distinctness RS notE)]
   243 in
   244   fun mk_lemmas rls = List.concat (map mk_lemma (mk_combs pair rls))
   245   fun mk_dstnct_rls thy xs = mk_combs (mk_thm_str thy) xs
   246 end
   247 
   248 *}
   249 
   250 ML {*
   251 
   252 val caseB_lemmas = mk_lemmas (thms "caseBs")
   253 
   254 val ccl_dstncts =
   255         let fun mk_raw_dstnct_thm rls s =
   256                   prove_goal (the_context ()) s (fn _=> [rtac notI 1,eresolve_tac rls 1])
   257         in map (mk_raw_dstnct_thm caseB_lemmas)
   258                 (mk_dstnct_rls (the_context ()) ["bot","true","false","pair","lambda"]) end
   259 
   260 fun mk_dstnct_thms thy defs inj_rls xs =
   261           let fun mk_dstnct_thm rls s = prove_goalw thy defs s
   262                                (fn _ => [simp_tac (simpset_of thy addsimps (rls@inj_rls)) 1])
   263           in map (mk_dstnct_thm ccl_dstncts) (mk_dstnct_rls thy xs) end
   264 
   265 fun mkall_dstnct_thms thy defs i_rls xss = List.concat (map (mk_dstnct_thms thy defs i_rls) xss)
   266 
   267 (*** Rewriting and Proving ***)
   268 
   269 fun XH_to_I rl = rl RS iffD2
   270 fun XH_to_D rl = rl RS iffD1
   271 val XH_to_E = make_elim o XH_to_D
   272 val XH_to_Is = map XH_to_I
   273 val XH_to_Ds = map XH_to_D
   274 val XH_to_Es = map XH_to_E;
   275 
   276 bind_thms ("ccl_rews", thms "caseBs" @ ccl_injs @ ccl_dstncts);
   277 bind_thms ("ccl_dstnctsEs", ccl_dstncts RL [notE]);
   278 bind_thms ("ccl_injDs", XH_to_Ds (thms "ccl_injs"));
   279 *}
   280 
   281 lemmas [simp] = ccl_rews
   282   and [elim!] = pair_inject ccl_dstnctsEs
   283   and [dest!] = ccl_injDs
   284 
   285 
   286 subsection {* Facts from gfp Definition of @{text "[="} and @{text "="} *}
   287 
   288 lemma XHlemma1: "[| A=B;  a:B <-> P |] ==> a:A <-> P"
   289   by simp
   290 
   291 lemma XHlemma2: "(P(t,t') <-> Q) ==> (<t,t'> : {p. EX t t'. p=<t,t'> &  P(t,t')} <-> Q)"
   292   by blast
   293 
   294 
   295 subsection {* Pre-Order *}
   296 
   297 lemma POgen_mono: "mono(%X. POgen(X))"
   298   apply (unfold POgen_def SIM_def)
   299   apply (rule monoI)
   300   apply blast
   301   done
   302 
   303 lemma POgenXH: 
   304   "<t,t'> : POgen(R) <-> t= bot | (t=true & t'=true)  | (t=false & t'=false) |  
   305            (EX a a' b b'. t=<a,b> &  t'=<a',b'>  & <a,a'> : R & <b,b'> : R) |  
   306            (EX f f'. t=lam x. f(x) &  t'=lam x. f'(x) & (ALL x. <f(x),f'(x)> : R))"
   307   apply (unfold POgen_def SIM_def)
   308   apply (rule iff_refl [THEN XHlemma2])
   309   done
   310 
   311 lemma poXH: 
   312   "t [= t' <-> t=bot | (t=true & t'=true) | (t=false & t'=false) |  
   313                  (EX a a' b b'. t=<a,b> &  t'=<a',b'>  & a [= a' & b [= b') |  
   314                  (EX f f'. t=lam x. f(x) &  t'=lam x. f'(x) & (ALL x. f(x) [= f'(x)))"
   315   apply (simp add: PO_iff del: ex_simps)
   316   apply (rule POgen_mono
   317     [THEN PO_def [THEN def_gfp_Tarski], THEN XHlemma1, unfolded POgen_def SIM_def])
   318   apply (rule iff_refl [THEN XHlemma2])
   319   done
   320 
   321 lemma po_bot: "bot [= b"
   322   apply (rule poXH [THEN iffD2])
   323   apply simp
   324   done
   325 
   326 lemma bot_poleast: "a [= bot ==> a=bot"
   327   apply (drule poXH [THEN iffD1])
   328   apply simp
   329   done
   330 
   331 lemma po_pair: "<a,b> [= <a',b'> <->  a [= a' & b [= b'"
   332   apply (rule poXH [THEN iff_trans])
   333   apply simp
   334   done
   335 
   336 lemma po_lam: "lam x. f(x) [= lam x. f'(x) <-> (ALL x. f(x) [= f'(x))"
   337   apply (rule poXH [THEN iff_trans])
   338   apply fastsimp
   339   done
   340 
   341 lemmas ccl_porews = po_bot po_pair po_lam
   342 
   343 lemma case_pocong:
   344   assumes 1: "t [= t'"
   345     and 2: "a [= a'"
   346     and 3: "b [= b'"
   347     and 4: "!!x y. c(x,y) [= c'(x,y)"
   348     and 5: "!!u. d(u) [= d'(u)"
   349   shows "case(t,a,b,c,d) [= case(t',a',b',c',d')"
   350   apply (rule 1 [THEN po_cong, THEN po_trans])
   351   apply (rule 2 [THEN po_cong, THEN po_trans])
   352   apply (rule 3 [THEN po_cong, THEN po_trans])
   353   apply (rule 4 [THEN po_abstractn, THEN po_abstractn, THEN po_cong, THEN po_trans])
   354   apply (rule_tac f1 = "%d. case (t',a',b',c',d)" in
   355     5 [THEN po_abstractn, THEN po_cong, THEN po_trans])
   356   apply (rule po_refl)
   357   done
   358 
   359 lemma apply_pocong: "[| f [= f';  a [= a' |] ==> f ` a [= f' ` a'"
   360   unfolding ccl_data_defs
   361   apply (rule case_pocong, (rule po_refl | assumption)+)
   362   apply (erule po_cong)
   363   done
   364 
   365 lemma npo_lam_bot: "~ lam x. b(x) [= bot"
   366   apply (rule notI)
   367   apply (drule bot_poleast)
   368   apply (erule distinctness [THEN notE])
   369   done
   370 
   371 lemma po_lemma: "[| x=a;  y=b;  x[=y |] ==> a[=b"
   372   by simp
   373 
   374 lemma npo_pair_lam: "~ <a,b> [= lam x. f(x)"
   375   apply (rule notI)
   376   apply (rule npo_lam_bot [THEN notE])
   377   apply (erule case_pocong [THEN caseBlam [THEN caseBpair [THEN po_lemma]]])
   378   apply (rule po_refl npo_lam_bot)+
   379   done
   380 
   381 lemma npo_lam_pair: "~ lam x. f(x) [= <a,b>"
   382   apply (rule notI)
   383   apply (rule npo_lam_bot [THEN notE])
   384   apply (erule case_pocong [THEN caseBpair [THEN caseBlam [THEN po_lemma]]])
   385   apply (rule po_refl npo_lam_bot)+
   386   done
   387 
   388 ML {*
   389 
   390 local
   391   fun mk_thm s = prove_goal (the_context ()) s (fn _ =>
   392                           [rtac notI 1,dtac (thm "case_pocong") 1,etac rev_mp 5,
   393                            ALLGOALS (simp_tac @{simpset}),
   394                            REPEAT (resolve_tac [thm "po_refl", thm "npo_lam_bot"] 1)])
   395 in
   396 
   397 val npo_rls = [thm "npo_pair_lam", thm "npo_lam_pair"] @ map mk_thm
   398             ["~ true [= false",          "~ false [= true",
   399              "~ true [= <a,b>",          "~ <a,b> [= true",
   400              "~ true [= lam x. f(x)","~ lam x. f(x) [= true",
   401             "~ false [= <a,b>",          "~ <a,b> [= false",
   402             "~ false [= lam x. f(x)","~ lam x. f(x) [= false"]
   403 end;
   404 
   405 bind_thms ("npo_rls", npo_rls);
   406 *}
   407 
   408 
   409 subsection {* Coinduction for @{text "[="} *}
   410 
   411 lemma po_coinduct: "[|  <t,u> : R;  R <= POgen(R) |] ==> t [= u"
   412   apply (rule PO_def [THEN def_coinduct, THEN PO_iff [THEN iffD2]])
   413    apply assumption+
   414   done
   415 
   416 ML {*
   417   fun po_coinduct_tac ctxt s i =
   418     RuleInsts.res_inst_tac ctxt [(("R", 0), s)] @{thm po_coinduct} i
   419 *}
   420 
   421 
   422 subsection {* Equality *}
   423 
   424 lemma EQgen_mono: "mono(%X. EQgen(X))"
   425   apply (unfold EQgen_def SIM_def)
   426   apply (rule monoI)
   427   apply blast
   428   done
   429 
   430 lemma EQgenXH: 
   431   "<t,t'> : EQgen(R) <-> (t=bot & t'=bot)  | (t=true & t'=true)  |  
   432                                              (t=false & t'=false) |  
   433                  (EX a a' b b'. t=<a,b> &  t'=<a',b'>  & <a,a'> : R & <b,b'> : R) |  
   434                  (EX f f'. t=lam x. f(x) &  t'=lam x. f'(x) & (ALL x.<f(x),f'(x)> : R))"
   435   apply (unfold EQgen_def SIM_def)
   436   apply (rule iff_refl [THEN XHlemma2])
   437   done
   438 
   439 lemma eqXH: 
   440   "t=t' <-> (t=bot & t'=bot)  | (t=true & t'=true)  | (t=false & t'=false) |  
   441                      (EX a a' b b'. t=<a,b> &  t'=<a',b'>  & a=a' & b=b') |  
   442                      (EX f f'. t=lam x. f(x) &  t'=lam x. f'(x) & (ALL x. f(x)=f'(x)))"
   443   apply (subgoal_tac "<t,t'> : EQ <-> (t=bot & t'=bot) | (t=true & t'=true) | (t=false & t'=false) | (EX a a' b b'. t=<a,b> & t'=<a',b'> & <a,a'> : EQ & <b,b'> : EQ) | (EX f f'. t=lam x. f (x) & t'=lam x. f' (x) & (ALL x. <f (x) ,f' (x) > : EQ))")
   444   apply (erule rev_mp)
   445   apply (simp add: EQ_iff [THEN iff_sym])
   446   apply (rule EQgen_mono [THEN EQ_def [THEN def_gfp_Tarski], THEN XHlemma1,
   447     unfolded EQgen_def SIM_def])
   448   apply (rule iff_refl [THEN XHlemma2])
   449   done
   450 
   451 lemma eq_coinduct: "[|  <t,u> : R;  R <= EQgen(R) |] ==> t = u"
   452   apply (rule EQ_def [THEN def_coinduct, THEN EQ_iff [THEN iffD2]])
   453    apply assumption+
   454   done
   455 
   456 lemma eq_coinduct3:
   457   "[|  <t,u> : R;  R <= EQgen(lfp(%x. EQgen(x) Un R Un EQ)) |] ==> t = u"
   458   apply (rule EQ_def [THEN def_coinduct3, THEN EQ_iff [THEN iffD2]])
   459   apply (rule EQgen_mono | assumption)+
   460   done
   461 
   462 ML {*
   463   fun eq_coinduct_tac ctxt s i =
   464     RuleInsts.res_inst_tac ctxt [(("R", 0), s)] @{thm eq_coinduct} i
   465 
   466   fun eq_coinduct3_tac ctxt s i =
   467     RuleInsts.res_inst_tac ctxt [(("R", 0), s)] @{thm eq_coinduct3} i
   468 *}
   469 
   470 
   471 subsection {* Untyped Case Analysis and Other Facts *}
   472 
   473 lemma cond_eta: "(EX f. t=lam x. f(x)) ==> t = lam x.(t ` x)"
   474   by (auto simp: apply_def)
   475 
   476 lemma exhaustion: "(t=bot) | (t=true) | (t=false) | (EX a b. t=<a,b>) | (EX f. t=lam x. f(x))"
   477   apply (cut_tac refl [THEN eqXH [THEN iffD1]])
   478   apply blast
   479   done
   480 
   481 lemma term_case:
   482   "[| P(bot);  P(true);  P(false);  !!x y. P(<x,y>);  !!b. P(lam x. b(x)) |] ==> P(t)"
   483   using exhaustion [of t] by blast
   484 
   485 end