tuned Metis examples
authorblanchet
Mon Jun 06 20:36:35 2011 +0200 (2011-06-06)
changeset 43197c71657bbdbc0
parent 43196 c6c6c2bc6fe8
child 43198 7a2bc89ac48e
tuned Metis examples
src/HOL/IsaMakefile
src/HOL/Metis_Examples/Abstraction.thy
src/HOL/Metis_Examples/BT.thy
src/HOL/Metis_Examples/BigO.thy
src/HOL/Metis_Examples/Big_O.thy
src/HOL/Metis_Examples/Binary_Tree.thy
src/HOL/Metis_Examples/Clausification.thy
src/HOL/Metis_Examples/Clausify.thy
src/HOL/Metis_Examples/HO_Reas.thy
src/HOL/Metis_Examples/Message.thy
src/HOL/Metis_Examples/Proxies.thy
src/HOL/Metis_Examples/ROOT.ML
src/HOL/Metis_Examples/Sets.thy
src/HOL/Metis_Examples/Tarski.thy
src/HOL/Metis_Examples/TransClosure.thy
src/HOL/Metis_Examples/Trans_Closure.thy
src/HOL/Metis_Examples/Type_Encodings.thy
src/HOL/Metis_Examples/Typings.thy
src/HOL/Metis_Examples/set.thy
     1.1 --- a/src/HOL/IsaMakefile	Mon Jun 06 20:36:35 2011 +0200
     1.2 +++ b/src/HOL/IsaMakefile	Mon Jun 06 20:36:35 2011 +0200
     1.3 @@ -706,11 +706,11 @@
     1.4  HOL-Metis_Examples: HOL $(LOG)/HOL-Metis_Examples.gz
     1.5  
     1.6  $(LOG)/HOL-Metis_Examples.gz: $(OUT)/HOL Metis_Examples/ROOT.ML \
     1.7 -  Metis_Examples/Abstraction.thy Metis_Examples/BigO.thy \
     1.8 -  Metis_Examples/BT.thy Metis_Examples/Clausify.thy \
     1.9 -  Metis_Examples/HO_Reas.thy Metis_Examples/Message.thy \
    1.10 -  Metis_Examples/Tarski.thy Metis_Examples/TransClosure.thy \
    1.11 -  Metis_Examples/Typings.thy Metis_Examples/set.thy
    1.12 +  Metis_Examples/Abstraction.thy Metis_Examples/Big_O.thy \
    1.13 +  Metis_Examples/Binary_Tree.thy Metis_Examples/Clausification.thy \
    1.14 +  Metis_Examples/Message.thy Metis_Examples/Proxies.thy \
    1.15 +  Metis_Examples/Sets.thy Metis_Examples/Tarski.thy \
    1.16 +  Metis_Examples/Trans_Closure.thy Metis_Examples/Type_Encodings.thy
    1.17  	@$(ISABELLE_TOOL) usedir $(OUT)/HOL Metis_Examples
    1.18  
    1.19  
     2.1 --- a/src/HOL/Metis_Examples/Abstraction.thy	Mon Jun 06 20:36:35 2011 +0200
     2.2 +++ b/src/HOL/Metis_Examples/Abstraction.thy	Mon Jun 06 20:36:35 2011 +0200
     2.3 @@ -1,10 +1,12 @@
     2.4  (*  Title:      HOL/Metis_Examples/Abstraction.thy
     2.5 -    Author:     Lawrence C Paulson, Cambridge University Computer Laboratory
     2.6 +    Author:     Lawrence C. Paulson, Cambridge University Computer Laboratory
     2.7      Author:     Jasmin Blanchette, TU Muenchen
     2.8  
     2.9 -Testing Metis.
    2.10 +Example featuring Metis's support for lambda-abstractions.
    2.11  *)
    2.12  
    2.13 +header {* Example Featuring Metis's Support for Lambda-Abstractions *}
    2.14 +
    2.15  theory Abstraction
    2.16  imports Main "~~/src/HOL/Library/FuncSet"
    2.17  begin
    2.18 @@ -93,7 +95,7 @@
    2.19  
    2.20  declare [[ sledgehammer_problem_prefix = "Abstraction__Sigma_Collect_Pi" ]]
    2.21  lemma
    2.22 -    "(cl,f) \<in> (SIGMA cl: CL. {f. f \<in> pset cl \<rightarrow> pset cl}) ==> 
    2.23 +    "(cl,f) \<in> (SIGMA cl: CL. {f. f \<in> pset cl \<rightarrow> pset cl}) ==>
    2.24      f \<in> pset cl \<rightarrow> pset cl"
    2.25  proof -
    2.26    assume A1: "(cl, f) \<in> (SIGMA cl:CL. {f. f \<in> pset cl \<rightarrow> pset cl})"
    2.27 @@ -125,38 +127,38 @@
    2.28  by auto
    2.29  
    2.30  declare [[ sledgehammer_problem_prefix = "Abstraction__CLF_subset_Collect_Int" ]]
    2.31 -lemma "(cl,f) \<in> CLF ==> 
    2.32 +lemma "(cl,f) \<in> CLF ==>
    2.33     CLF \<subseteq> (SIGMA cl: CL. {f. f \<in> pset cl \<inter> cl}) ==>
    2.34     f \<in> pset cl \<inter> cl"
    2.35  by auto
    2.36  
    2.37  
    2.38  declare [[ sledgehammer_problem_prefix = "Abstraction__CLF_eq_Collect_Int" ]]
    2.39 -lemma "(cl,f) \<in> CLF ==> 
    2.40 +lemma "(cl,f) \<in> CLF ==>
    2.41     CLF = (SIGMA cl: CL. {f. f \<in> pset cl \<inter> cl}) ==>
    2.42     f \<in> pset cl \<inter> cl"
    2.43  by auto
    2.44  
    2.45  
    2.46  declare [[ sledgehammer_problem_prefix = "Abstraction__CLF_subset_Collect_Pi" ]]
    2.47 -lemma 
    2.48 -   "(cl,f) \<in> CLF ==> 
    2.49 -    CLF \<subseteq> (SIGMA cl': CL. {f. f \<in> pset cl' \<rightarrow> pset cl'}) ==> 
    2.50 +lemma
    2.51 +   "(cl,f) \<in> CLF ==>
    2.52 +    CLF \<subseteq> (SIGMA cl': CL. {f. f \<in> pset cl' \<rightarrow> pset cl'}) ==>
    2.53      f \<in> pset cl \<rightarrow> pset cl"
    2.54  by fast
    2.55  
    2.56  
    2.57  declare [[ sledgehammer_problem_prefix = "Abstraction__CLF_eq_Collect_Pi" ]]
    2.58 -lemma 
    2.59 -  "(cl,f) \<in> CLF ==> 
    2.60 -   CLF = (SIGMA cl: CL. {f. f \<in> pset cl \<rightarrow> pset cl}) ==> 
    2.61 +lemma
    2.62 +  "(cl,f) \<in> CLF ==>
    2.63 +   CLF = (SIGMA cl: CL. {f. f \<in> pset cl \<rightarrow> pset cl}) ==>
    2.64     f \<in> pset cl \<rightarrow> pset cl"
    2.65  by auto
    2.66  
    2.67  
    2.68  declare [[ sledgehammer_problem_prefix = "Abstraction__CLF_eq_Collect_Pi_mono" ]]
    2.69 -lemma 
    2.70 -  "(cl,f) \<in> CLF ==> 
    2.71 +lemma
    2.72 +  "(cl,f) \<in> CLF ==>
    2.73     CLF = (SIGMA cl: CL. {f. f \<in> pset cl \<rightarrow> pset cl & monotone f (pset cl) (order cl)}) ==>
    2.74     (f \<in> pset cl \<rightarrow> pset cl)  &  (monotone f (pset cl) (order cl))"
    2.75  by auto
    2.76 @@ -168,7 +170,7 @@
    2.77  by auto
    2.78  
    2.79  declare [[ sledgehammer_problem_prefix = "Abstraction__map_eq_zipB" ]]
    2.80 -lemma "map (%w. (w -> w, w \<times> w)) xs = 
    2.81 +lemma "map (%w. (w -> w, w \<times> w)) xs =
    2.82         zip (map (%w. w -> w) xs) (map (%w. w \<times> w) xs)"
    2.83  apply (induct xs)
    2.84   apply (metis Nil_is_map_conv zip_Nil)
    2.85 @@ -179,12 +181,12 @@
    2.86  by (metis Collect_def image_subset_iff mem_def)
    2.87  
    2.88  declare [[ sledgehammer_problem_prefix = "Abstraction__image_evenB" ]]
    2.89 -lemma "(%x. f (f x)) ` ((%x. Suc(f x)) ` {x. even x}) <= A 
    2.90 +lemma "(%x. f (f x)) ` ((%x. Suc(f x)) ` {x. even x}) <= A
    2.91         ==> (\<forall>x. even x --> f (f (Suc(f x))) \<in> A)";
    2.92  by (metis Collect_def imageI image_image image_subset_iff mem_def)
    2.93  
    2.94  declare [[ sledgehammer_problem_prefix = "Abstraction__image_curry" ]]
    2.95 -lemma "f \<in> (%u v. b \<times> u \<times> v) ` A ==> \<forall>u v. P (b \<times> u \<times> v) ==> P(f y)" 
    2.96 +lemma "f \<in> (%u v. b \<times> u \<times> v) ` A ==> \<forall>u v. P (b \<times> u \<times> v) ==> P(f y)"
    2.97  (*sledgehammer*)
    2.98  by auto
    2.99  
   2.100 @@ -203,13 +205,13 @@
   2.101  (*V manages from here: Abstraction__image_TimesA_simpler_1_a.p*)
   2.102  apply (erule ssubst)
   2.103  apply (subst split_conv)
   2.104 -apply (rule SigmaI) 
   2.105 +apply (rule SigmaI)
   2.106  apply (erule imageI) +
   2.107  txt{*subgoal 2*}
   2.108  apply (clarify );
   2.109 -apply (simp add: );  
   2.110 -apply (rule rev_image_eqI)  
   2.111 -apply (blast intro: elim:); 
   2.112 +apply (simp add: );
   2.113 +apply (rule rev_image_eqI)
   2.114 +apply (blast intro: elim:);
   2.115  apply (simp add: );
   2.116  done
   2.117  
   2.118 @@ -224,8 +226,8 @@
   2.119  
   2.120  declare [[ sledgehammer_problem_prefix = "Abstraction__image_TimesC" ]]
   2.121  lemma image_TimesC:
   2.122 -    "(%(x,y). (x \<rightarrow> x, y \<times> y)) ` (A \<times> B) = 
   2.123 -     ((%x. x \<rightarrow> x) ` A) \<times> ((%y. y \<times> y) ` B)" 
   2.124 +    "(%(x,y). (x \<rightarrow> x, y \<times> y)) ` (A \<times> B) =
   2.125 +     ((%x. x \<rightarrow> x) ` A) \<times> ((%y. y \<times> y) ` B)"
   2.126  (*sledgehammer*)
   2.127  by auto
   2.128  
     3.1 --- a/src/HOL/Metis_Examples/BT.thy	Mon Jun 06 20:36:35 2011 +0200
     3.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
     3.3 @@ -1,278 +0,0 @@
     3.4 -(*  Title:      HOL/Metis_Examples/BT.thy
     3.5 -    Author:     Lawrence C Paulson, Cambridge University Computer Laboratory
     3.6 -    Author:     Jasmin Blanchette, TU Muenchen
     3.7 -
     3.8 -Testing Metis.
     3.9 -*)
    3.10 -
    3.11 -header {* Binary trees *}
    3.12 -
    3.13 -theory BT
    3.14 -imports Main
    3.15 -begin
    3.16 -
    3.17 -declare [[metis_new_skolemizer]]
    3.18 -
    3.19 -datatype 'a bt =
    3.20 -    Lf
    3.21 -  | Br 'a  "'a bt"  "'a bt"
    3.22 -
    3.23 -primrec n_nodes :: "'a bt => nat" where
    3.24 -  "n_nodes Lf = 0"
    3.25 -| "n_nodes (Br a t1 t2) = Suc (n_nodes t1 + n_nodes t2)"
    3.26 -
    3.27 -primrec n_leaves :: "'a bt => nat" where
    3.28 -  "n_leaves Lf = Suc 0"
    3.29 -| "n_leaves (Br a t1 t2) = n_leaves t1 + n_leaves t2"
    3.30 -
    3.31 -primrec depth :: "'a bt => nat" where
    3.32 -  "depth Lf = 0"
    3.33 -| "depth (Br a t1 t2) = Suc (max (depth t1) (depth t2))"
    3.34 -
    3.35 -primrec reflect :: "'a bt => 'a bt" where
    3.36 -  "reflect Lf = Lf"
    3.37 -| "reflect (Br a t1 t2) = Br a (reflect t2) (reflect t1)"
    3.38 -
    3.39 -primrec bt_map :: "('a => 'b) => ('a bt => 'b bt)" where
    3.40 -  "bt_map f Lf = Lf"
    3.41 -| "bt_map f (Br a t1 t2) = Br (f a) (bt_map f t1) (bt_map f t2)"
    3.42 -
    3.43 -primrec preorder :: "'a bt => 'a list" where
    3.44 -  "preorder Lf = []"
    3.45 -| "preorder (Br a t1 t2) = [a] @ (preorder t1) @ (preorder t2)"
    3.46 -
    3.47 -primrec inorder :: "'a bt => 'a list" where
    3.48 -  "inorder Lf = []"
    3.49 -| "inorder (Br a t1 t2) = (inorder t1) @ [a] @ (inorder t2)"
    3.50 -
    3.51 -primrec postorder :: "'a bt => 'a list" where
    3.52 -  "postorder Lf = []"
    3.53 -| "postorder (Br a t1 t2) = (postorder t1) @ (postorder t2) @ [a]"
    3.54 -
    3.55 -primrec append :: "'a bt => 'a bt => 'a bt" where
    3.56 -  "append Lf t = t"
    3.57 -| "append (Br a t1 t2) t = Br a (append t1 t) (append t2 t)"
    3.58 -
    3.59 -text {* \medskip BT simplification *}
    3.60 -
    3.61 -declare [[ sledgehammer_problem_prefix = "BT__n_leaves_reflect" ]]
    3.62 -
    3.63 -lemma n_leaves_reflect: "n_leaves (reflect t) = n_leaves t"
    3.64 -proof (induct t)
    3.65 -  case Lf thus ?case
    3.66 -  proof -
    3.67 -    let "?p\<^isub>1 x\<^isub>1" = "x\<^isub>1 \<noteq> n_leaves (reflect (Lf::'a bt))"
    3.68 -    have "\<not> ?p\<^isub>1 (Suc 0)" by (metis reflect.simps(1) n_leaves.simps(1))
    3.69 -    hence "\<not> ?p\<^isub>1 (n_leaves (Lf::'a bt))" by (metis n_leaves.simps(1))
    3.70 -    thus "n_leaves (reflect (Lf::'a bt)) = n_leaves (Lf::'a bt)" by metis
    3.71 -  qed
    3.72 -next
    3.73 -  case (Br a t1 t2) thus ?case
    3.74 -    by (metis n_leaves.simps(2) nat_add_commute reflect.simps(2))
    3.75 -qed
    3.76 -
    3.77 -declare [[ sledgehammer_problem_prefix = "BT__n_nodes_reflect" ]]
    3.78 -
    3.79 -lemma n_nodes_reflect: "n_nodes (reflect t) = n_nodes t"
    3.80 -proof (induct t)
    3.81 -  case Lf thus ?case by (metis reflect.simps(1))
    3.82 -next
    3.83 -  case (Br a t1 t2) thus ?case
    3.84 -    by (metis add_commute n_nodes.simps(2) reflect.simps(2))
    3.85 -qed
    3.86 -
    3.87 -declare [[ sledgehammer_problem_prefix = "BT__depth_reflect" ]]
    3.88 -
    3.89 -lemma depth_reflect: "depth (reflect t) = depth t"
    3.90 -apply (induct t)
    3.91 - apply (metis depth.simps(1) reflect.simps(1))
    3.92 -by (metis depth.simps(2) min_max.inf_sup_aci(5) reflect.simps(2))
    3.93 -
    3.94 -text {*
    3.95 -The famous relationship between the numbers of leaves and nodes.
    3.96 -*}
    3.97 -
    3.98 -declare [[ sledgehammer_problem_prefix = "BT__n_leaves_nodes" ]]
    3.99 -
   3.100 -lemma n_leaves_nodes: "n_leaves t = Suc (n_nodes t)"
   3.101 -apply (induct t)
   3.102 - apply (metis n_leaves.simps(1) n_nodes.simps(1))
   3.103 -by auto
   3.104 -
   3.105 -declare [[ sledgehammer_problem_prefix = "BT__reflect_reflect_ident" ]]
   3.106 -
   3.107 -lemma reflect_reflect_ident: "reflect (reflect t) = t"
   3.108 -apply (induct t)
   3.109 - apply (metis reflect.simps(1))
   3.110 -proof -
   3.111 -  fix a :: 'a and t1 :: "'a bt" and t2 :: "'a bt"
   3.112 -  assume A1: "reflect (reflect t1) = t1"
   3.113 -  assume A2: "reflect (reflect t2) = t2"
   3.114 -  have "\<And>V U. reflect (Br U V (reflect t1)) = Br U t1 (reflect V)"
   3.115 -    using A1 by (metis reflect.simps(2))
   3.116 -  hence "\<And>V U. Br U t1 (reflect (reflect V)) = reflect (reflect (Br U t1 V))"
   3.117 -    by (metis reflect.simps(2))
   3.118 -  hence "\<And>U. reflect (reflect (Br U t1 t2)) = Br U t1 t2"
   3.119 -    using A2 by metis
   3.120 -  thus "reflect (reflect (Br a t1 t2)) = Br a t1 t2" by blast
   3.121 -qed
   3.122 -
   3.123 -declare [[ sledgehammer_problem_prefix = "BT__bt_map_ident" ]]
   3.124 -
   3.125 -lemma bt_map_ident: "bt_map (%x. x) = (%y. y)"
   3.126 -apply (rule ext) 
   3.127 -apply (induct_tac y)
   3.128 - apply (metis bt_map.simps(1))
   3.129 -by (metis bt_map.simps(2))
   3.130 -
   3.131 -declare [[ sledgehammer_problem_prefix = "BT__bt_map_append" ]]
   3.132 -
   3.133 -lemma bt_map_append: "bt_map f (append t u) = append (bt_map f t) (bt_map f u)"
   3.134 -apply (induct t)
   3.135 - apply (metis append.simps(1) bt_map.simps(1))
   3.136 -by (metis append.simps(2) bt_map.simps(2))
   3.137 -
   3.138 -declare [[ sledgehammer_problem_prefix = "BT__bt_map_compose" ]]
   3.139 -
   3.140 -lemma bt_map_compose: "bt_map (f o g) t = bt_map f (bt_map g t)"
   3.141 -apply (induct t)
   3.142 - apply (metis bt_map.simps(1))
   3.143 -by (metis bt_map.simps(2) o_eq_dest_lhs)
   3.144 -
   3.145 -declare [[ sledgehammer_problem_prefix = "BT__bt_map_reflect" ]]
   3.146 -
   3.147 -lemma bt_map_reflect: "bt_map f (reflect t) = reflect (bt_map f t)"
   3.148 -apply (induct t)
   3.149 - apply (metis bt_map.simps(1) reflect.simps(1))
   3.150 -by (metis bt_map.simps(2) reflect.simps(2))
   3.151 -
   3.152 -declare [[ sledgehammer_problem_prefix = "BT__preorder_bt_map" ]]
   3.153 -
   3.154 -lemma preorder_bt_map: "preorder (bt_map f t) = map f (preorder t)"
   3.155 -apply (induct t)
   3.156 - apply (metis bt_map.simps(1) map.simps(1) preorder.simps(1))
   3.157 -by simp
   3.158 -
   3.159 -declare [[ sledgehammer_problem_prefix = "BT__inorder_bt_map" ]]
   3.160 -
   3.161 -lemma inorder_bt_map: "inorder (bt_map f t) = map f (inorder t)"
   3.162 -proof (induct t)
   3.163 -  case Lf thus ?case
   3.164 -  proof -
   3.165 -    have "map f [] = []" by (metis map.simps(1))
   3.166 -    hence "map f [] = inorder Lf" by (metis inorder.simps(1))
   3.167 -    hence "inorder (bt_map f Lf) = map f []" by (metis bt_map.simps(1))
   3.168 -    thus "inorder (bt_map f Lf) = map f (inorder Lf)" by (metis inorder.simps(1))
   3.169 -  qed
   3.170 -next
   3.171 -  case (Br a t1 t2) thus ?case by simp
   3.172 -qed
   3.173 -
   3.174 -declare [[ sledgehammer_problem_prefix = "BT__postorder_bt_map" ]]
   3.175 -
   3.176 -lemma postorder_bt_map: "postorder (bt_map f t) = map f (postorder t)"
   3.177 -apply (induct t)
   3.178 - apply (metis Nil_is_map_conv bt_map.simps(1) postorder.simps(1))
   3.179 -by simp
   3.180 -
   3.181 -declare [[ sledgehammer_problem_prefix = "BT__depth_bt_map" ]]
   3.182 -
   3.183 -lemma depth_bt_map [simp]: "depth (bt_map f t) = depth t"
   3.184 -apply (induct t)
   3.185 - apply (metis bt_map.simps(1) depth.simps(1))
   3.186 -by simp
   3.187 -
   3.188 -declare [[ sledgehammer_problem_prefix = "BT__n_leaves_bt_map" ]]
   3.189 -
   3.190 -lemma n_leaves_bt_map [simp]: "n_leaves (bt_map f t) = n_leaves t"
   3.191 -apply (induct t)
   3.192 - apply (metis bt_map.simps(1) n_leaves.simps(1))
   3.193 -proof -
   3.194 -  fix a :: 'b and t1 :: "'b bt" and t2 :: "'b bt"
   3.195 -  assume A1: "n_leaves (bt_map f t1) = n_leaves t1"
   3.196 -  assume A2: "n_leaves (bt_map f t2) = n_leaves t2"
   3.197 -  have "\<And>V U. n_leaves (Br U (bt_map f t1) V) = n_leaves t1 + n_leaves V"
   3.198 -    using A1 by (metis n_leaves.simps(2))
   3.199 -  hence "\<And>V U. n_leaves (bt_map f (Br U t1 V)) = n_leaves t1 + n_leaves (bt_map f V)"
   3.200 -    by (metis bt_map.simps(2))
   3.201 -  hence F1: "\<And>U. n_leaves (bt_map f (Br U t1 t2)) = n_leaves t1 + n_leaves t2"
   3.202 -    using A2 by metis
   3.203 -  have "n_leaves t1 + n_leaves t2 = n_leaves (Br a t1 t2)"
   3.204 -    by (metis n_leaves.simps(2))
   3.205 -  thus "n_leaves (bt_map f (Br a t1 t2)) = n_leaves (Br a t1 t2)"
   3.206 -    using F1 by metis
   3.207 -qed
   3.208 -
   3.209 -declare [[ sledgehammer_problem_prefix = "BT__preorder_reflect" ]]
   3.210 -
   3.211 -lemma preorder_reflect: "preorder (reflect t) = rev (postorder t)"
   3.212 -apply (induct t)
   3.213 - apply (metis Nil_is_rev_conv postorder.simps(1) preorder.simps(1)
   3.214 -              reflect.simps(1))
   3.215 -apply simp
   3.216 -done
   3.217 -
   3.218 -declare [[ sledgehammer_problem_prefix = "BT__inorder_reflect" ]]
   3.219 -
   3.220 -lemma inorder_reflect: "inorder (reflect t) = rev (inorder t)"
   3.221 -apply (induct t)
   3.222 - apply (metis Nil_is_rev_conv inorder.simps(1) reflect.simps(1))
   3.223 -by simp
   3.224 -(* Slow:
   3.225 -by (metis append.simps(1) append_eq_append_conv2 inorder.simps(2)
   3.226 -          reflect.simps(2) rev.simps(2) rev_append)
   3.227 -*)
   3.228 -
   3.229 -declare [[ sledgehammer_problem_prefix = "BT__postorder_reflect" ]]
   3.230 -
   3.231 -lemma postorder_reflect: "postorder (reflect t) = rev (preorder t)"
   3.232 -apply (induct t)
   3.233 - apply (metis Nil_is_rev_conv postorder.simps(1) preorder.simps(1)
   3.234 -              reflect.simps(1))
   3.235 -by (metis preorder_reflect reflect_reflect_ident rev_swap)
   3.236 -
   3.237 -text {*
   3.238 -Analogues of the standard properties of the append function for lists.
   3.239 -*}
   3.240 -
   3.241 -declare [[ sledgehammer_problem_prefix = "BT__append_assoc" ]]
   3.242 -
   3.243 -lemma append_assoc [simp]: "append (append t1 t2) t3 = append t1 (append t2 t3)"
   3.244 -apply (induct t1)
   3.245 - apply (metis append.simps(1))
   3.246 -by (metis append.simps(2))
   3.247 -
   3.248 -declare [[ sledgehammer_problem_prefix = "BT__append_Lf2" ]]
   3.249 -
   3.250 -lemma append_Lf2 [simp]: "append t Lf = t"
   3.251 -apply (induct t)
   3.252 - apply (metis append.simps(1))
   3.253 -by (metis append.simps(2))
   3.254 -
   3.255 -declare max_add_distrib_left [simp]
   3.256 -
   3.257 -declare [[ sledgehammer_problem_prefix = "BT__depth_append" ]]
   3.258 -
   3.259 -lemma depth_append [simp]: "depth (append t1 t2) = depth t1 + depth t2"
   3.260 -apply (induct t1)
   3.261 - apply (metis append.simps(1) depth.simps(1) plus_nat.simps(1))
   3.262 -by simp
   3.263 -
   3.264 -declare [[ sledgehammer_problem_prefix = "BT__n_leaves_append" ]]
   3.265 -
   3.266 -lemma n_leaves_append [simp]:
   3.267 -     "n_leaves (append t1 t2) = n_leaves t1 * n_leaves t2"
   3.268 -apply (induct t1)
   3.269 - apply (metis append.simps(1) n_leaves.simps(1) nat_mult_1 plus_nat.simps(1)
   3.270 -              semiring_norm(111))
   3.271 -by (simp add: left_distrib)
   3.272 -
   3.273 -declare [[ sledgehammer_problem_prefix = "BT__bt_map_append" ]]
   3.274 -
   3.275 -lemma (*bt_map_append:*)
   3.276 -     "bt_map f (append t1 t2) = append (bt_map f t1) (bt_map f t2)"
   3.277 -apply (induct t1)
   3.278 - apply (metis append.simps(1) bt_map.simps(1))
   3.279 -by (metis bt_map_append)
   3.280 -
   3.281 -end
     4.1 --- a/src/HOL/Metis_Examples/BigO.thy	Mon Jun 06 20:36:35 2011 +0200
     4.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
     4.3 @@ -1,966 +0,0 @@
     4.4 -(*  Title:      HOL/Metis_Examples/BigO.thy
     4.5 -    Author:     Lawrence C Paulson, Cambridge University Computer Laboratory
     4.6 -    Author:     Jasmin Blanchette, TU Muenchen
     4.7 -
     4.8 -Testing Metis.
     4.9 -*)
    4.10 -
    4.11 -header {* Big O notation *}
    4.12 -
    4.13 -theory BigO
    4.14 -imports
    4.15 -  "~~/src/HOL/Decision_Procs/Dense_Linear_Order"
    4.16 -  Main
    4.17 -  "~~/src/HOL/Library/Function_Algebras"
    4.18 -  "~~/src/HOL/Library/Set_Algebras"
    4.19 -begin
    4.20 -
    4.21 -declare [[metis_new_skolemizer]]
    4.22 -
    4.23 -subsection {* Definitions *}
    4.24 -
    4.25 -definition bigo :: "('a => 'b::linordered_idom) => ('a => 'b) set"    ("(1O'(_'))") where
    4.26 -  "O(f::('a => 'b)) ==   {h. EX c. ALL x. abs (h x) <= c * abs (f x)}"
    4.27 -
    4.28 -declare [[ sledgehammer_problem_prefix = "BigO__bigo_pos_const" ]]
    4.29 -lemma bigo_pos_const: "(EX (c::'a::linordered_idom). 
    4.30 -    ALL x. (abs (h x)) <= (c * (abs (f x))))
    4.31 -      = (EX c. 0 < c & (ALL x. (abs(h x)) <= (c * (abs (f x)))))"
    4.32 -  apply auto
    4.33 -  apply (case_tac "c = 0", simp)
    4.34 -  apply (rule_tac x = "1" in exI, simp)
    4.35 -  apply (rule_tac x = "abs c" in exI, auto)
    4.36 -  apply (metis abs_ge_zero abs_of_nonneg Orderings.xt1(6) abs_mult)
    4.37 -  done
    4.38 -
    4.39 -(*** Now various verions with an increasing shrink factor ***)
    4.40 -
    4.41 -sledgehammer_params [isar_proof, isar_shrink_factor = 1]
    4.42 -
    4.43 -lemma (*bigo_pos_const:*) "(EX (c::'a::linordered_idom). 
    4.44 -    ALL x. (abs (h x)) <= (c * (abs (f x))))
    4.45 -      = (EX c. 0 < c & (ALL x. (abs(h x)) <= (c * (abs (f x)))))"
    4.46 -  apply auto
    4.47 -  apply (case_tac "c = 0", simp)
    4.48 -  apply (rule_tac x = "1" in exI, simp)
    4.49 -  apply (rule_tac x = "abs c" in exI, auto)
    4.50 -proof -
    4.51 -  fix c :: 'a and x :: 'b
    4.52 -  assume A1: "\<forall>x. \<bar>h x\<bar> \<le> c * \<bar>f x\<bar>"
    4.53 -  have F1: "\<forall>x\<^isub>1\<Colon>'a\<Colon>linordered_idom. 0 \<le> \<bar>x\<^isub>1\<bar>" by (metis abs_ge_zero)
    4.54 -  have F2: "\<forall>x\<^isub>1\<Colon>'a\<Colon>linordered_idom. 1 * x\<^isub>1 = x\<^isub>1" by (metis mult_1)
    4.55 -  have F3: "\<forall>x\<^isub>1 x\<^isub>3. x\<^isub>3 \<le> \<bar>h x\<^isub>1\<bar> \<longrightarrow> x\<^isub>3 \<le> c * \<bar>f x\<^isub>1\<bar>" by (metis A1 order_trans)
    4.56 -  have F4: "\<forall>x\<^isub>2 x\<^isub>3\<Colon>'a\<Colon>linordered_idom. \<bar>x\<^isub>3\<bar> * \<bar>x\<^isub>2\<bar> = \<bar>x\<^isub>3 * x\<^isub>2\<bar>"
    4.57 -    by (metis abs_mult)
    4.58 -  have F5: "\<forall>x\<^isub>3 x\<^isub>1\<Colon>'a\<Colon>linordered_idom. 0 \<le> x\<^isub>1 \<longrightarrow> \<bar>x\<^isub>3 * x\<^isub>1\<bar> = \<bar>x\<^isub>3\<bar> * x\<^isub>1"
    4.59 -    by (metis abs_mult_pos)
    4.60 -  hence "\<forall>x\<^isub>1\<ge>0. \<bar>x\<^isub>1\<Colon>'a\<Colon>linordered_idom\<bar> = \<bar>1\<bar> * x\<^isub>1" by (metis F2)
    4.61 -  hence "\<forall>x\<^isub>1\<ge>0. \<bar>x\<^isub>1\<Colon>'a\<Colon>linordered_idom\<bar> = x\<^isub>1" by (metis F2 abs_one)
    4.62 -  hence "\<forall>x\<^isub>3. 0 \<le> \<bar>h x\<^isub>3\<bar> \<longrightarrow> \<bar>c * \<bar>f x\<^isub>3\<bar>\<bar> = c * \<bar>f x\<^isub>3\<bar>" by (metis F3)
    4.63 -  hence "\<forall>x\<^isub>3. \<bar>c * \<bar>f x\<^isub>3\<bar>\<bar> = c * \<bar>f x\<^isub>3\<bar>" by (metis F1)
    4.64 -  hence "\<forall>x\<^isub>3. (0\<Colon>'a) \<le> \<bar>f x\<^isub>3\<bar> \<longrightarrow> c * \<bar>f x\<^isub>3\<bar> = \<bar>c\<bar> * \<bar>f x\<^isub>3\<bar>" by (metis F5)
    4.65 -  hence "\<forall>x\<^isub>3. (0\<Colon>'a) \<le> \<bar>f x\<^isub>3\<bar> \<longrightarrow> c * \<bar>f x\<^isub>3\<bar> = \<bar>c * f x\<^isub>3\<bar>" by (metis F4)
    4.66 -  hence "\<forall>x\<^isub>3. c * \<bar>f x\<^isub>3\<bar> = \<bar>c * f x\<^isub>3\<bar>" by (metis F1)
    4.67 -  hence "\<bar>h x\<bar> \<le> \<bar>c * f x\<bar>" by (metis A1)
    4.68 -  thus "\<bar>h x\<bar> \<le> \<bar>c\<bar> * \<bar>f x\<bar>" by (metis F4)
    4.69 -qed
    4.70 -
    4.71 -sledgehammer_params [isar_proof, isar_shrink_factor = 2]
    4.72 -
    4.73 -lemma (*bigo_pos_const:*) "(EX (c::'a::linordered_idom). 
    4.74 -    ALL x. (abs (h x)) <= (c * (abs (f x))))
    4.75 -      = (EX c. 0 < c & (ALL x. (abs(h x)) <= (c * (abs (f x)))))"
    4.76 -  apply auto
    4.77 -  apply (case_tac "c = 0", simp)
    4.78 -  apply (rule_tac x = "1" in exI, simp)
    4.79 -  apply (rule_tac x = "abs c" in exI, auto)
    4.80 -proof -
    4.81 -  fix c :: 'a and x :: 'b
    4.82 -  assume A1: "\<forall>x. \<bar>h x\<bar> \<le> c * \<bar>f x\<bar>"
    4.83 -  have F1: "\<forall>x\<^isub>1\<Colon>'a\<Colon>linordered_idom. 1 * x\<^isub>1 = x\<^isub>1" by (metis mult_1)
    4.84 -  have F2: "\<forall>x\<^isub>2 x\<^isub>3\<Colon>'a\<Colon>linordered_idom. \<bar>x\<^isub>3\<bar> * \<bar>x\<^isub>2\<bar> = \<bar>x\<^isub>3 * x\<^isub>2\<bar>"
    4.85 -    by (metis abs_mult)
    4.86 -  have "\<forall>x\<^isub>1\<ge>0. \<bar>x\<^isub>1\<Colon>'a\<Colon>linordered_idom\<bar> = x\<^isub>1" by (metis F1 abs_mult_pos abs_one)
    4.87 -  hence "\<forall>x\<^isub>3. \<bar>c * \<bar>f x\<^isub>3\<bar>\<bar> = c * \<bar>f x\<^isub>3\<bar>" by (metis A1 abs_ge_zero order_trans)
    4.88 -  hence "\<forall>x\<^isub>3. 0 \<le> \<bar>f x\<^isub>3\<bar> \<longrightarrow> c * \<bar>f x\<^isub>3\<bar> = \<bar>c * f x\<^isub>3\<bar>" by (metis F2 abs_mult_pos)
    4.89 -  hence "\<bar>h x\<bar> \<le> \<bar>c * f x\<bar>" by (metis A1 abs_ge_zero)
    4.90 -  thus "\<bar>h x\<bar> \<le> \<bar>c\<bar> * \<bar>f x\<bar>" by (metis F2)
    4.91 -qed
    4.92 -
    4.93 -sledgehammer_params [isar_proof, isar_shrink_factor = 3]
    4.94 -
    4.95 -lemma (*bigo_pos_const:*) "(EX (c::'a::linordered_idom). 
    4.96 -    ALL x. (abs (h x)) <= (c * (abs (f x))))
    4.97 -      = (EX c. 0 < c & (ALL x. (abs(h x)) <= (c * (abs (f x)))))"
    4.98 -  apply auto
    4.99 -  apply (case_tac "c = 0", simp)
   4.100 -  apply (rule_tac x = "1" in exI, simp)
   4.101 -  apply (rule_tac x = "abs c" in exI, auto)
   4.102 -proof -
   4.103 -  fix c :: 'a and x :: 'b
   4.104 -  assume A1: "\<forall>x. \<bar>h x\<bar> \<le> c * \<bar>f x\<bar>"
   4.105 -  have F1: "\<forall>x\<^isub>1\<Colon>'a\<Colon>linordered_idom. 1 * x\<^isub>1 = x\<^isub>1" by (metis mult_1)
   4.106 -  have F2: "\<forall>x\<^isub>3 x\<^isub>1\<Colon>'a\<Colon>linordered_idom. 0 \<le> x\<^isub>1 \<longrightarrow> \<bar>x\<^isub>3 * x\<^isub>1\<bar> = \<bar>x\<^isub>3\<bar> * x\<^isub>1" by (metis abs_mult_pos)
   4.107 -  hence "\<forall>x\<^isub>1\<ge>0. \<bar>x\<^isub>1\<Colon>'a\<Colon>linordered_idom\<bar> = x\<^isub>1" by (metis F1 abs_one)
   4.108 -  hence "\<forall>x\<^isub>3. 0 \<le> \<bar>f x\<^isub>3\<bar> \<longrightarrow> c * \<bar>f x\<^isub>3\<bar> = \<bar>c\<bar> * \<bar>f x\<^isub>3\<bar>" by (metis F2 A1 abs_ge_zero order_trans)
   4.109 -  thus "\<bar>h x\<bar> \<le> \<bar>c\<bar> * \<bar>f x\<bar>" by (metis A1 abs_mult abs_ge_zero)
   4.110 -qed
   4.111 -
   4.112 -sledgehammer_params [isar_proof, isar_shrink_factor = 4]
   4.113 -
   4.114 -lemma (*bigo_pos_const:*) "(EX (c::'a::linordered_idom). 
   4.115 -    ALL x. (abs (h x)) <= (c * (abs (f x))))
   4.116 -      = (EX c. 0 < c & (ALL x. (abs(h x)) <= (c * (abs (f x)))))"
   4.117 -  apply auto
   4.118 -  apply (case_tac "c = 0", simp)
   4.119 -  apply (rule_tac x = "1" in exI, simp)
   4.120 -  apply (rule_tac x = "abs c" in exI, auto)
   4.121 -proof -
   4.122 -  fix c :: 'a and x :: 'b
   4.123 -  assume A1: "\<forall>x. \<bar>h x\<bar> \<le> c * \<bar>f x\<bar>"
   4.124 -  have "\<forall>x\<^isub>1\<Colon>'a\<Colon>linordered_idom. 1 * x\<^isub>1 = x\<^isub>1" by (metis mult_1)
   4.125 -  hence "\<forall>x\<^isub>3. \<bar>c * \<bar>f x\<^isub>3\<bar>\<bar> = c * \<bar>f x\<^isub>3\<bar>"
   4.126 -    by (metis A1 abs_ge_zero order_trans abs_mult_pos abs_one)
   4.127 -  hence "\<bar>h x\<bar> \<le> \<bar>c * f x\<bar>" by (metis A1 abs_ge_zero abs_mult_pos abs_mult)
   4.128 -  thus "\<bar>h x\<bar> \<le> \<bar>c\<bar> * \<bar>f x\<bar>" by (metis abs_mult)
   4.129 -qed
   4.130 -
   4.131 -sledgehammer_params [isar_proof, isar_shrink_factor = 1]
   4.132 -
   4.133 -lemma bigo_alt_def: "O(f) = 
   4.134 -    {h. EX c. (0 < c & (ALL x. abs (h x) <= c * abs (f x)))}"
   4.135 -by (auto simp add: bigo_def bigo_pos_const)
   4.136 -
   4.137 -declare [[ sledgehammer_problem_prefix = "BigO__bigo_elt_subset" ]]
   4.138 -lemma bigo_elt_subset [intro]: "f : O(g) ==> O(f) <= O(g)"
   4.139 -  apply (auto simp add: bigo_alt_def)
   4.140 -  apply (rule_tac x = "ca * c" in exI)
   4.141 -  apply (rule conjI)
   4.142 -  apply (rule mult_pos_pos)
   4.143 -  apply (assumption)+ 
   4.144 -(*sledgehammer*)
   4.145 -  apply (rule allI)
   4.146 -  apply (drule_tac x = "xa" in spec)+
   4.147 -  apply (subgoal_tac "ca * abs(f xa) <= ca * (c * abs(g xa))")
   4.148 -  apply (erule order_trans)
   4.149 -  apply (simp add: mult_ac)
   4.150 -  apply (rule mult_left_mono, assumption)
   4.151 -  apply (rule order_less_imp_le, assumption)
   4.152 -done
   4.153 -
   4.154 -
   4.155 -declare [[ sledgehammer_problem_prefix = "BigO__bigo_refl" ]]
   4.156 -lemma bigo_refl [intro]: "f : O(f)"
   4.157 -apply (auto simp add: bigo_def)
   4.158 -by (metis mult_1 order_refl)
   4.159 -
   4.160 -declare [[ sledgehammer_problem_prefix = "BigO__bigo_zero" ]]
   4.161 -lemma bigo_zero: "0 : O(g)"
   4.162 -apply (auto simp add: bigo_def func_zero)
   4.163 -by (metis mult_zero_left order_refl)
   4.164 -
   4.165 -lemma bigo_zero2: "O(%x.0) = {%x.0}"
   4.166 -  by (auto simp add: bigo_def) 
   4.167 -
   4.168 -lemma bigo_plus_self_subset [intro]: 
   4.169 -  "O(f) \<oplus> O(f) <= O(f)"
   4.170 -  apply (auto simp add: bigo_alt_def set_plus_def)
   4.171 -  apply (rule_tac x = "c + ca" in exI)
   4.172 -  apply auto
   4.173 -  apply (simp add: ring_distribs func_plus)
   4.174 -  apply (blast intro:order_trans abs_triangle_ineq add_mono elim:) 
   4.175 -done
   4.176 -
   4.177 -lemma bigo_plus_idemp [simp]: "O(f) \<oplus> O(f) = O(f)"
   4.178 -  apply (rule equalityI)
   4.179 -  apply (rule bigo_plus_self_subset)
   4.180 -  apply (rule set_zero_plus2) 
   4.181 -  apply (rule bigo_zero)
   4.182 -done
   4.183 -
   4.184 -lemma bigo_plus_subset [intro]: "O(f + g) <= O(f) \<oplus> O(g)"
   4.185 -  apply (rule subsetI)
   4.186 -  apply (auto simp add: bigo_def bigo_pos_const func_plus set_plus_def)
   4.187 -  apply (subst bigo_pos_const [symmetric])+
   4.188 -  apply (rule_tac x = 
   4.189 -    "%n. if abs (g n) <= (abs (f n)) then x n else 0" in exI)
   4.190 -  apply (rule conjI)
   4.191 -  apply (rule_tac x = "c + c" in exI)
   4.192 -  apply (clarsimp)
   4.193 -  apply (auto)
   4.194 -  apply (subgoal_tac "c * abs (f xa + g xa) <= (c + c) * abs (f xa)")
   4.195 -  apply (erule_tac x = xa in allE)
   4.196 -  apply (erule order_trans)
   4.197 -  apply (simp)
   4.198 -  apply (subgoal_tac "c * abs (f xa + g xa) <= c * (abs (f xa) + abs (g xa))")
   4.199 -  apply (erule order_trans)
   4.200 -  apply (simp add: ring_distribs)
   4.201 -  apply (rule mult_left_mono)
   4.202 -  apply assumption
   4.203 -  apply (simp add: order_less_le)
   4.204 -  apply (rule mult_left_mono)
   4.205 -  apply (simp add: abs_triangle_ineq)
   4.206 -  apply (simp add: order_less_le)
   4.207 -  apply (rule mult_nonneg_nonneg)
   4.208 -  apply (rule add_nonneg_nonneg)
   4.209 -  apply auto
   4.210 -  apply (rule_tac x = "%n. if (abs (f n)) <  abs (g n) then x n else 0" 
   4.211 -     in exI)
   4.212 -  apply (rule conjI)
   4.213 -  apply (rule_tac x = "c + c" in exI)
   4.214 -  apply auto
   4.215 -  apply (subgoal_tac "c * abs (f xa + g xa) <= (c + c) * abs (g xa)")
   4.216 -  apply (erule_tac x = xa in allE)
   4.217 -  apply (erule order_trans)
   4.218 -  apply (simp)
   4.219 -  apply (subgoal_tac "c * abs (f xa + g xa) <= c * (abs (f xa) + abs (g xa))")
   4.220 -  apply (erule order_trans)
   4.221 -  apply (simp add: ring_distribs)
   4.222 -  apply (rule mult_left_mono)
   4.223 -  apply (simp add: order_less_le)
   4.224 -  apply (simp add: order_less_le)
   4.225 -  apply (rule mult_left_mono)
   4.226 -  apply (rule abs_triangle_ineq)
   4.227 -  apply (simp add: order_less_le)
   4.228 -apply (metis abs_not_less_zero double_less_0_iff less_not_permute linorder_not_less mult_less_0_iff)
   4.229 -  apply (rule ext)
   4.230 -  apply (auto simp add: if_splits linorder_not_le)
   4.231 -done
   4.232 -
   4.233 -lemma bigo_plus_subset2 [intro]: "A <= O(f) ==> B <= O(f) ==> A \<oplus> B <= O(f)"
   4.234 -  apply (subgoal_tac "A \<oplus> B <= O(f) \<oplus> O(f)")
   4.235 -  apply (erule order_trans)
   4.236 -  apply simp
   4.237 -  apply (auto del: subsetI simp del: bigo_plus_idemp)
   4.238 -done
   4.239 -
   4.240 -declare [[ sledgehammer_problem_prefix = "BigO__bigo_plus_eq" ]]
   4.241 -lemma bigo_plus_eq: "ALL x. 0 <= f x ==> ALL x. 0 <= g x ==> 
   4.242 -  O(f + g) = O(f) \<oplus> O(g)"
   4.243 -  apply (rule equalityI)
   4.244 -  apply (rule bigo_plus_subset)
   4.245 -  apply (simp add: bigo_alt_def set_plus_def func_plus)
   4.246 -  apply clarify 
   4.247 -(*sledgehammer*) 
   4.248 -  apply (rule_tac x = "max c ca" in exI)
   4.249 -  apply (rule conjI)
   4.250 -   apply (metis Orderings.less_max_iff_disj)
   4.251 -  apply clarify
   4.252 -  apply (drule_tac x = "xa" in spec)+
   4.253 -  apply (subgoal_tac "0 <= f xa + g xa")
   4.254 -  apply (simp add: ring_distribs)
   4.255 -  apply (subgoal_tac "abs(a xa + b xa) <= abs(a xa) + abs(b xa)")
   4.256 -  apply (subgoal_tac "abs(a xa) + abs(b xa) <= 
   4.257 -      max c ca * f xa + max c ca * g xa")
   4.258 -  apply (blast intro: order_trans)
   4.259 -  defer 1
   4.260 -  apply (rule abs_triangle_ineq)
   4.261 -  apply (metis add_nonneg_nonneg)
   4.262 -  apply (rule add_mono)
   4.263 -using [[ sledgehammer_problem_prefix = "BigO__bigo_plus_eq_simpler" ]]
   4.264 -  apply (metis le_maxI2 linorder_linear min_max.sup_absorb1 mult_right_mono xt1(6))
   4.265 -  apply (metis le_maxI2 linorder_not_le mult_le_cancel_right order_trans)
   4.266 -done
   4.267 -
   4.268 -declare [[ sledgehammer_problem_prefix = "BigO__bigo_bounded_alt" ]]
   4.269 -lemma bigo_bounded_alt: "ALL x. 0 <= f x ==> ALL x. f x <= c * g x ==> 
   4.270 -    f : O(g)" 
   4.271 -  apply (auto simp add: bigo_def)
   4.272 -(* Version 1: one-line proof *)
   4.273 -  apply (metis abs_le_D1 linorder_class.not_less  order_less_le  Orderings.xt1(12)  abs_mult)
   4.274 -  done
   4.275 -
   4.276 -lemma (*bigo_bounded_alt:*) "ALL x. 0 <= f x ==> ALL x. f x <= c * g x ==> 
   4.277 -    f : O(g)"
   4.278 -apply (auto simp add: bigo_def)
   4.279 -(* Version 2: structured proof *)
   4.280 -proof -
   4.281 -  assume "\<forall>x. f x \<le> c * g x"
   4.282 -  thus "\<exists>c. \<forall>x. f x \<le> c * \<bar>g x\<bar>" by (metis abs_mult abs_ge_self order_trans)
   4.283 -qed
   4.284 -
   4.285 -text{*So here is the easier (and more natural) problem using transitivity*}
   4.286 -declare [[ sledgehammer_problem_prefix = "BigO__bigo_bounded_alt_trans" ]]
   4.287 -lemma "ALL x. 0 <= f x ==> ALL x. f x <= c * g x ==> f : O(g)" 
   4.288 -apply (auto simp add: bigo_def)
   4.289 -(* Version 1: one-line proof *)
   4.290 -by (metis abs_ge_self abs_mult order_trans)
   4.291 -
   4.292 -text{*So here is the easier (and more natural) problem using transitivity*}
   4.293 -declare [[ sledgehammer_problem_prefix = "BigO__bigo_bounded_alt_trans" ]]
   4.294 -lemma "ALL x. 0 <= f x ==> ALL x. f x <= c * g x ==> f : O(g)" 
   4.295 -  apply (auto simp add: bigo_def)
   4.296 -(* Version 2: structured proof *)
   4.297 -proof -
   4.298 -  assume "\<forall>x. f x \<le> c * g x"
   4.299 -  thus "\<exists>c. \<forall>x. f x \<le> c * \<bar>g x\<bar>" by (metis abs_mult abs_ge_self order_trans)
   4.300 -qed
   4.301 -
   4.302 -lemma bigo_bounded: "ALL x. 0 <= f x ==> ALL x. f x <= g x ==> 
   4.303 -    f : O(g)" 
   4.304 -  apply (erule bigo_bounded_alt [of f 1 g])
   4.305 -  apply simp
   4.306 -done
   4.307 -
   4.308 -declare [[ sledgehammer_problem_prefix = "BigO__bigo_bounded2" ]]
   4.309 -lemma bigo_bounded2: "ALL x. lb x <= f x ==> ALL x. f x <= lb x + g x ==>
   4.310 -    f : lb +o O(g)"
   4.311 -apply (rule set_minus_imp_plus)
   4.312 -apply (rule bigo_bounded)
   4.313 - apply (auto simp add: diff_minus fun_Compl_def func_plus)
   4.314 - prefer 2
   4.315 - apply (drule_tac x = x in spec)+
   4.316 - apply (metis add_right_mono add_commute diff_add_cancel diff_minus_eq_add le_less order_trans)
   4.317 -proof -
   4.318 -  fix x :: 'a
   4.319 -  assume "\<forall>x. lb x \<le> f x"
   4.320 -  thus "(0\<Colon>'b) \<le> f x + - lb x" by (metis not_leE diff_minus less_iff_diff_less_0 less_le_not_le)
   4.321 -qed
   4.322 -
   4.323 -declare [[ sledgehammer_problem_prefix = "BigO__bigo_abs" ]]
   4.324 -lemma bigo_abs: "(%x. abs(f x)) =o O(f)" 
   4.325 -apply (unfold bigo_def)
   4.326 -apply auto
   4.327 -by (metis mult_1 order_refl)
   4.328 -
   4.329 -declare [[ sledgehammer_problem_prefix = "BigO__bigo_abs2" ]]
   4.330 -lemma bigo_abs2: "f =o O(%x. abs(f x))"
   4.331 -apply (unfold bigo_def)
   4.332 -apply auto
   4.333 -by (metis mult_1 order_refl)
   4.334 - 
   4.335 -lemma bigo_abs3: "O(f) = O(%x. abs(f x))"
   4.336 -proof -
   4.337 -  have F1: "\<forall>v u. u \<in> O(v) \<longrightarrow> O(u) \<subseteq> O(v)" by (metis bigo_elt_subset)
   4.338 -  have F2: "\<forall>u. (\<lambda>R. \<bar>u R\<bar>) \<in> O(u)" by (metis bigo_abs)
   4.339 -  have "\<forall>u. u \<in> O(\<lambda>R. \<bar>u R\<bar>)" by (metis bigo_abs2)
   4.340 -  thus "O(f) = O(\<lambda>x. \<bar>f x\<bar>)" using F1 F2 by auto
   4.341 -qed 
   4.342 -
   4.343 -lemma bigo_abs4: "f =o g +o O(h) ==> 
   4.344 -    (%x. abs (f x)) =o (%x. abs (g x)) +o O(h)"
   4.345 -  apply (drule set_plus_imp_minus)
   4.346 -  apply (rule set_minus_imp_plus)
   4.347 -  apply (subst fun_diff_def)
   4.348 -proof -
   4.349 -  assume a: "f - g : O(h)"
   4.350 -  have "(%x. abs (f x) - abs (g x)) =o O(%x. abs(abs (f x) - abs (g x)))"
   4.351 -    by (rule bigo_abs2)
   4.352 -  also have "... <= O(%x. abs (f x - g x))"
   4.353 -    apply (rule bigo_elt_subset)
   4.354 -    apply (rule bigo_bounded)
   4.355 -    apply force
   4.356 -    apply (rule allI)
   4.357 -    apply (rule abs_triangle_ineq3)
   4.358 -    done
   4.359 -  also have "... <= O(f - g)"
   4.360 -    apply (rule bigo_elt_subset)
   4.361 -    apply (subst fun_diff_def)
   4.362 -    apply (rule bigo_abs)
   4.363 -    done
   4.364 -  also have "... <= O(h)"
   4.365 -    using a by (rule bigo_elt_subset)
   4.366 -  finally show "(%x. abs (f x) - abs (g x)) : O(h)".
   4.367 -qed
   4.368 -
   4.369 -lemma bigo_abs5: "f =o O(g) ==> (%x. abs(f x)) =o O(g)" 
   4.370 -by (unfold bigo_def, auto)
   4.371 -
   4.372 -lemma bigo_elt_subset2 [intro]: "f : g +o O(h) ==> O(f) <= O(g) \<oplus> O(h)"
   4.373 -proof -
   4.374 -  assume "f : g +o O(h)"
   4.375 -  also have "... <= O(g) \<oplus> O(h)"
   4.376 -    by (auto del: subsetI)
   4.377 -  also have "... = O(%x. abs(g x)) \<oplus> O(%x. abs(h x))"
   4.378 -    apply (subst bigo_abs3 [symmetric])+
   4.379 -    apply (rule refl)
   4.380 -    done
   4.381 -  also have "... = O((%x. abs(g x)) + (%x. abs(h x)))"
   4.382 -    by (rule bigo_plus_eq [symmetric], auto)
   4.383 -  finally have "f : ...".
   4.384 -  then have "O(f) <= ..."
   4.385 -    by (elim bigo_elt_subset)
   4.386 -  also have "... = O(%x. abs(g x)) \<oplus> O(%x. abs(h x))"
   4.387 -    by (rule bigo_plus_eq, auto)
   4.388 -  finally show ?thesis
   4.389 -    by (simp add: bigo_abs3 [symmetric])
   4.390 -qed
   4.391 -
   4.392 -declare [[ sledgehammer_problem_prefix = "BigO__bigo_mult" ]]
   4.393 -lemma bigo_mult [intro]: "O(f)\<otimes>O(g) <= O(f * g)"
   4.394 -  apply (rule subsetI)
   4.395 -  apply (subst bigo_def)
   4.396 -  apply (auto simp del: abs_mult mult_ac
   4.397 -              simp add: bigo_alt_def set_times_def func_times)
   4.398 -(*sledgehammer*)
   4.399 -  apply (rule_tac x = "c * ca" in exI)
   4.400 -  apply(rule allI)
   4.401 -  apply(erule_tac x = x in allE)+
   4.402 -  apply(subgoal_tac "c * ca * abs(f x * g x) = 
   4.403 -      (c * abs(f x)) * (ca * abs(g x))")
   4.404 -using [[ sledgehammer_problem_prefix = "BigO__bigo_mult_simpler" ]]
   4.405 -prefer 2 
   4.406 -apply (metis mult_assoc mult_left_commute
   4.407 -  abs_of_pos mult_left_commute
   4.408 -  abs_mult mult_pos_pos)
   4.409 -  apply (erule ssubst) 
   4.410 -  apply (subst abs_mult)
   4.411 -(* not quite as hard as BigO__bigo_mult_simpler_1 (a hard problem!) since
   4.412 -   abs_mult has just been done *)
   4.413 -by (metis abs_ge_zero mult_mono')
   4.414 -
   4.415 -declare [[ sledgehammer_problem_prefix = "BigO__bigo_mult2" ]]
   4.416 -lemma bigo_mult2 [intro]: "f *o O(g) <= O(f * g)"
   4.417 -  apply (auto simp add: bigo_def elt_set_times_def func_times abs_mult)
   4.418 -(*sledgehammer*)
   4.419 -  apply (rule_tac x = c in exI)
   4.420 -  apply clarify
   4.421 -  apply (drule_tac x = x in spec)
   4.422 -using [[ sledgehammer_problem_prefix = "BigO__bigo_mult2_simpler" ]]
   4.423 -(*sledgehammer [no luck]*)
   4.424 -  apply (subgoal_tac "abs(f x) * abs(b x) <= abs(f x) * (c * abs(g x))")
   4.425 -  apply (simp add: mult_ac)
   4.426 -  apply (rule mult_left_mono, assumption)
   4.427 -  apply (rule abs_ge_zero)
   4.428 -done
   4.429 -
   4.430 -declare [[ sledgehammer_problem_prefix = "BigO__bigo_mult3" ]]
   4.431 -lemma bigo_mult3: "f : O(h) ==> g : O(j) ==> f * g : O(h * j)"
   4.432 -by (metis bigo_mult set_rev_mp set_times_intro)
   4.433 -
   4.434 -declare [[ sledgehammer_problem_prefix = "BigO__bigo_mult4" ]]
   4.435 -lemma bigo_mult4 [intro]:"f : k +o O(h) ==> g * f : (g * k) +o O(g * h)"
   4.436 -by (metis bigo_mult2 set_plus_mono_b set_times_intro2 set_times_plus_distrib)
   4.437 -
   4.438 -
   4.439 -lemma bigo_mult5: "ALL x. f x ~= 0 ==>
   4.440 -    O(f * g) <= (f::'a => ('b::linordered_field)) *o O(g)"
   4.441 -proof -
   4.442 -  assume a: "ALL x. f x ~= 0"
   4.443 -  show "O(f * g) <= f *o O(g)"
   4.444 -  proof
   4.445 -    fix h
   4.446 -    assume h: "h : O(f * g)"
   4.447 -    then have "(%x. 1 / (f x)) * h : (%x. 1 / f x) *o O(f * g)"
   4.448 -      by auto
   4.449 -    also have "... <= O((%x. 1 / f x) * (f * g))"
   4.450 -      by (rule bigo_mult2)
   4.451 -    also have "(%x. 1 / f x) * (f * g) = g"
   4.452 -      apply (simp add: func_times) 
   4.453 -      apply (rule ext)
   4.454 -      apply (simp add: a h nonzero_divide_eq_eq mult_ac)
   4.455 -      done
   4.456 -    finally have "(%x. (1::'b) / f x) * h : O(g)".
   4.457 -    then have "f * ((%x. (1::'b) / f x) * h) : f *o O(g)"
   4.458 -      by auto
   4.459 -    also have "f * ((%x. (1::'b) / f x) * h) = h"
   4.460 -      apply (simp add: func_times) 
   4.461 -      apply (rule ext)
   4.462 -      apply (simp add: a h nonzero_divide_eq_eq mult_ac)
   4.463 -      done
   4.464 -    finally show "h : f *o O(g)".
   4.465 -  qed
   4.466 -qed
   4.467 -
   4.468 -declare [[ sledgehammer_problem_prefix = "BigO__bigo_mult6" ]]
   4.469 -lemma bigo_mult6: "ALL x. f x ~= 0 ==>
   4.470 -    O(f * g) = (f::'a => ('b::linordered_field)) *o O(g)"
   4.471 -by (metis bigo_mult2 bigo_mult5 order_antisym)
   4.472 -
   4.473 -(*proof requires relaxing relevance: 2007-01-25*)
   4.474 -declare [[ sledgehammer_problem_prefix = "BigO__bigo_mult7" ]]
   4.475 -  declare bigo_mult6 [simp]
   4.476 -lemma bigo_mult7: "ALL x. f x ~= 0 ==>
   4.477 -    O(f * g) <= O(f::'a => ('b::linordered_field)) \<otimes> O(g)"
   4.478 -(*sledgehammer*)
   4.479 -  apply (subst bigo_mult6)
   4.480 -  apply assumption
   4.481 -  apply (rule set_times_mono3) 
   4.482 -  apply (rule bigo_refl)
   4.483 -done
   4.484 -  declare bigo_mult6 [simp del]
   4.485 -
   4.486 -declare [[ sledgehammer_problem_prefix = "BigO__bigo_mult8" ]]
   4.487 -  declare bigo_mult7[intro!]
   4.488 -lemma bigo_mult8: "ALL x. f x ~= 0 ==>
   4.489 -    O(f * g) = O(f::'a => ('b::linordered_field)) \<otimes> O(g)"
   4.490 -by (metis bigo_mult bigo_mult7 order_antisym_conv)
   4.491 -
   4.492 -lemma bigo_minus [intro]: "f : O(g) ==> - f : O(g)"
   4.493 -  by (auto simp add: bigo_def fun_Compl_def)
   4.494 -
   4.495 -lemma bigo_minus2: "f : g +o O(h) ==> -f : -g +o O(h)"
   4.496 -  apply (rule set_minus_imp_plus)
   4.497 -  apply (drule set_plus_imp_minus)
   4.498 -  apply (drule bigo_minus)
   4.499 -  apply (simp add: diff_minus)
   4.500 -done
   4.501 -
   4.502 -lemma bigo_minus3: "O(-f) = O(f)"
   4.503 -  by (auto simp add: bigo_def fun_Compl_def abs_minus_cancel)
   4.504 -
   4.505 -lemma bigo_plus_absorb_lemma1: "f : O(g) ==> f +o O(g) <= O(g)"
   4.506 -proof -
   4.507 -  assume a: "f : O(g)"
   4.508 -  show "f +o O(g) <= O(g)"
   4.509 -  proof -
   4.510 -    have "f : O(f)" by auto
   4.511 -    then have "f +o O(g) <= O(f) \<oplus> O(g)"
   4.512 -      by (auto del: subsetI)
   4.513 -    also have "... <= O(g) \<oplus> O(g)"
   4.514 -    proof -
   4.515 -      from a have "O(f) <= O(g)" by (auto del: subsetI)
   4.516 -      thus ?thesis by (auto del: subsetI)
   4.517 -    qed
   4.518 -    also have "... <= O(g)" by (simp add: bigo_plus_idemp)
   4.519 -    finally show ?thesis .
   4.520 -  qed
   4.521 -qed
   4.522 -
   4.523 -lemma bigo_plus_absorb_lemma2: "f : O(g) ==> O(g) <= f +o O(g)"
   4.524 -proof -
   4.525 -  assume a: "f : O(g)"
   4.526 -  show "O(g) <= f +o O(g)"
   4.527 -  proof -
   4.528 -    from a have "-f : O(g)" by auto
   4.529 -    then have "-f +o O(g) <= O(g)" by (elim bigo_plus_absorb_lemma1)
   4.530 -    then have "f +o (-f +o O(g)) <= f +o O(g)" by auto
   4.531 -    also have "f +o (-f +o O(g)) = O(g)"
   4.532 -      by (simp add: set_plus_rearranges)
   4.533 -    finally show ?thesis .
   4.534 -  qed
   4.535 -qed
   4.536 -
   4.537 -declare [[ sledgehammer_problem_prefix = "BigO__bigo_plus_absorb" ]]
   4.538 -lemma bigo_plus_absorb [simp]: "f : O(g) ==> f +o O(g) = O(g)"
   4.539 -by (metis bigo_plus_absorb_lemma1 bigo_plus_absorb_lemma2 order_eq_iff)
   4.540 -
   4.541 -lemma bigo_plus_absorb2 [intro]: "f : O(g) ==> A <= O(g) ==> f +o A <= O(g)"
   4.542 -  apply (subgoal_tac "f +o A <= f +o O(g)")
   4.543 -  apply force+
   4.544 -done
   4.545 -
   4.546 -lemma bigo_add_commute_imp: "f : g +o O(h) ==> g : f +o O(h)"
   4.547 -  apply (subst set_minus_plus [symmetric])
   4.548 -  apply (subgoal_tac "g - f = - (f - g)")
   4.549 -  apply (erule ssubst)
   4.550 -  apply (rule bigo_minus)
   4.551 -  apply (subst set_minus_plus)
   4.552 -  apply assumption
   4.553 -  apply  (simp add: diff_minus add_ac)
   4.554 -done
   4.555 -
   4.556 -lemma bigo_add_commute: "(f : g +o O(h)) = (g : f +o O(h))"
   4.557 -  apply (rule iffI)
   4.558 -  apply (erule bigo_add_commute_imp)+
   4.559 -done
   4.560 -
   4.561 -lemma bigo_const1: "(%x. c) : O(%x. 1)"
   4.562 -by (auto simp add: bigo_def mult_ac)
   4.563 -
   4.564 -declare [[ sledgehammer_problem_prefix = "BigO__bigo_const2" ]]
   4.565 -lemma (*bigo_const2 [intro]:*) "O(%x. c) <= O(%x. 1)"
   4.566 -by (metis bigo_const1 bigo_elt_subset)
   4.567 -
   4.568 -lemma bigo_const2 [intro]: "O(%x. c::'b::linordered_idom) <= O(%x. 1)"
   4.569 -(* "thus" had to be replaced by "show" with an explicit reference to "F1" *)
   4.570 -proof -
   4.571 -  have F1: "\<forall>u. (\<lambda>Q. u) \<in> O(\<lambda>Q. 1)" by (metis bigo_const1)
   4.572 -  show "O(\<lambda>x. c) \<subseteq> O(\<lambda>x. 1)" by (metis F1 bigo_elt_subset)
   4.573 -qed
   4.574 -
   4.575 -declare [[ sledgehammer_problem_prefix = "BigO__bigo_const3" ]]
   4.576 -lemma bigo_const3: "(c::'a::linordered_field) ~= 0 ==> (%x. 1) : O(%x. c)"
   4.577 -apply (simp add: bigo_def)
   4.578 -by (metis abs_eq_0 left_inverse order_refl)
   4.579 -
   4.580 -lemma bigo_const4: "(c::'a::linordered_field) ~= 0 ==> O(%x. 1) <= O(%x. c)"
   4.581 -by (rule bigo_elt_subset, rule bigo_const3, assumption)
   4.582 -
   4.583 -lemma bigo_const [simp]: "(c::'a::linordered_field) ~= 0 ==> 
   4.584 -    O(%x. c) = O(%x. 1)"
   4.585 -by (rule equalityI, rule bigo_const2, rule bigo_const4, assumption)
   4.586 -
   4.587 -declare [[ sledgehammer_problem_prefix = "BigO__bigo_const_mult1" ]]
   4.588 -lemma bigo_const_mult1: "(%x. c * f x) : O(f)"
   4.589 -  apply (simp add: bigo_def abs_mult)
   4.590 -by (metis le_less)
   4.591 -
   4.592 -lemma bigo_const_mult2: "O(%x. c * f x) <= O(f)"
   4.593 -by (rule bigo_elt_subset, rule bigo_const_mult1)
   4.594 -
   4.595 -declare [[ sledgehammer_problem_prefix = "BigO__bigo_const_mult3" ]]
   4.596 -lemma bigo_const_mult3: "(c::'a::linordered_field) ~= 0 ==> f : O(%x. c * f x)"
   4.597 -  apply (simp add: bigo_def)
   4.598 -(*sledgehammer [no luck]*)
   4.599 -  apply (rule_tac x = "abs(inverse c)" in exI)
   4.600 -  apply (simp only: abs_mult [symmetric] mult_assoc [symmetric])
   4.601 -apply (subst left_inverse) 
   4.602 -apply (auto )
   4.603 -done
   4.604 -
   4.605 -lemma bigo_const_mult4: "(c::'a::linordered_field) ~= 0 ==> 
   4.606 -    O(f) <= O(%x. c * f x)"
   4.607 -by (rule bigo_elt_subset, rule bigo_const_mult3, assumption)
   4.608 -
   4.609 -lemma bigo_const_mult [simp]: "(c::'a::linordered_field) ~= 0 ==> 
   4.610 -    O(%x. c * f x) = O(f)"
   4.611 -by (rule equalityI, rule bigo_const_mult2, erule bigo_const_mult4)
   4.612 -
   4.613 -declare [[ sledgehammer_problem_prefix = "BigO__bigo_const_mult5" ]]
   4.614 -lemma bigo_const_mult5 [simp]: "(c::'a::linordered_field) ~= 0 ==> 
   4.615 -    (%x. c) *o O(f) = O(f)"
   4.616 -  apply (auto del: subsetI)
   4.617 -  apply (rule order_trans)
   4.618 -  apply (rule bigo_mult2)
   4.619 -  apply (simp add: func_times)
   4.620 -  apply (auto intro!: subsetI simp add: bigo_def elt_set_times_def func_times)
   4.621 -  apply (rule_tac x = "%y. inverse c * x y" in exI)
   4.622 -  apply (rename_tac g d) 
   4.623 -  apply safe
   4.624 -  apply (rule_tac [2] ext) 
   4.625 -   prefer 2 
   4.626 -   apply simp
   4.627 -  apply (simp add: mult_assoc [symmetric] abs_mult)
   4.628 -  (* couldn't get this proof without the step above *)
   4.629 -proof -
   4.630 -  fix g :: "'b \<Rightarrow> 'a" and d :: 'a
   4.631 -  assume A1: "c \<noteq> (0\<Colon>'a)"
   4.632 -  assume A2: "\<forall>x\<Colon>'b. \<bar>g x\<bar> \<le> d * \<bar>f x\<bar>"
   4.633 -  have F1: "inverse \<bar>c\<bar> = \<bar>inverse c\<bar>" using A1 by (metis nonzero_abs_inverse)
   4.634 -  have F2: "(0\<Colon>'a) < \<bar>c\<bar>" using A1 by (metis zero_less_abs_iff)
   4.635 -  have "(0\<Colon>'a) < \<bar>c\<bar> \<longrightarrow> (0\<Colon>'a) < \<bar>inverse c\<bar>" using F1 by (metis positive_imp_inverse_positive)
   4.636 -  hence "(0\<Colon>'a) < \<bar>inverse c\<bar>" using F2 by metis
   4.637 -  hence F3: "(0\<Colon>'a) \<le> \<bar>inverse c\<bar>" by (metis order_le_less)
   4.638 -  have "\<exists>(u\<Colon>'a) SKF\<^isub>7\<Colon>'a \<Rightarrow> 'b. \<bar>g (SKF\<^isub>7 (\<bar>inverse c\<bar> * u))\<bar> \<le> u * \<bar>f (SKF\<^isub>7 (\<bar>inverse c\<bar> * u))\<bar>"
   4.639 -    using A2 by metis
   4.640 -  hence F4: "\<exists>(u\<Colon>'a) SKF\<^isub>7\<Colon>'a \<Rightarrow> 'b. \<bar>g (SKF\<^isub>7 (\<bar>inverse c\<bar> * u))\<bar> \<le> u * \<bar>f (SKF\<^isub>7 (\<bar>inverse c\<bar> * u))\<bar> \<and> (0\<Colon>'a) \<le> \<bar>inverse c\<bar>"
   4.641 -    using F3 by metis
   4.642 -  hence "\<exists>(v\<Colon>'a) (u\<Colon>'a) SKF\<^isub>7\<Colon>'a \<Rightarrow> 'b. \<bar>inverse c\<bar> * \<bar>g (SKF\<^isub>7 (u * v))\<bar> \<le> u * (v * \<bar>f (SKF\<^isub>7 (u * v))\<bar>)"
   4.643 -    by (metis comm_mult_left_mono)
   4.644 -  thus "\<exists>ca\<Colon>'a. \<forall>x\<Colon>'b. \<bar>inverse c\<bar> * \<bar>g x\<bar> \<le> ca * \<bar>f x\<bar>"
   4.645 -    using A2 F4 by (metis ab_semigroup_mult_class.mult_ac(1) comm_mult_left_mono)
   4.646 -qed
   4.647 -
   4.648 -
   4.649 -declare [[ sledgehammer_problem_prefix = "BigO__bigo_const_mult6" ]]
   4.650 -lemma bigo_const_mult6 [intro]: "(%x. c) *o O(f) <= O(f)"
   4.651 -  apply (auto intro!: subsetI
   4.652 -    simp add: bigo_def elt_set_times_def func_times
   4.653 -    simp del: abs_mult mult_ac)
   4.654 -(*sledgehammer*)
   4.655 -  apply (rule_tac x = "ca * (abs c)" in exI)
   4.656 -  apply (rule allI)
   4.657 -  apply (subgoal_tac "ca * abs(c) * abs(f x) = abs(c) * (ca * abs(f x))")
   4.658 -  apply (erule ssubst)
   4.659 -  apply (subst abs_mult)
   4.660 -  apply (rule mult_left_mono)
   4.661 -  apply (erule spec)
   4.662 -  apply simp
   4.663 -  apply(simp add: mult_ac)
   4.664 -done
   4.665 -
   4.666 -lemma bigo_const_mult7 [intro]: "f =o O(g) ==> (%x. c * f x) =o O(g)"
   4.667 -proof -
   4.668 -  assume "f =o O(g)"
   4.669 -  then have "(%x. c) * f =o (%x. c) *o O(g)"
   4.670 -    by auto
   4.671 -  also have "(%x. c) * f = (%x. c * f x)"
   4.672 -    by (simp add: func_times)
   4.673 -  also have "(%x. c) *o O(g) <= O(g)"
   4.674 -    by (auto del: subsetI)
   4.675 -  finally show ?thesis .
   4.676 -qed
   4.677 -
   4.678 -lemma bigo_compose1: "f =o O(g) ==> (%x. f(k x)) =o O(%x. g(k x))"
   4.679 -by (unfold bigo_def, auto)
   4.680 -
   4.681 -lemma bigo_compose2: "f =o g +o O(h) ==> (%x. f(k x)) =o (%x. g(k x)) +o 
   4.682 -    O(%x. h(k x))"
   4.683 -  apply (simp only: set_minus_plus [symmetric] diff_minus fun_Compl_def
   4.684 -      func_plus)
   4.685 -  apply (erule bigo_compose1)
   4.686 -done
   4.687 -
   4.688 -subsection {* Setsum *}
   4.689 -
   4.690 -lemma bigo_setsum_main: "ALL x. ALL y : A x. 0 <= h x y ==> 
   4.691 -    EX c. ALL x. ALL y : A x. abs(f x y) <= c * (h x y) ==>
   4.692 -      (%x. SUM y : A x. f x y) =o O(%x. SUM y : A x. h x y)"  
   4.693 -  apply (auto simp add: bigo_def)
   4.694 -  apply (rule_tac x = "abs c" in exI)
   4.695 -  apply (subst abs_of_nonneg) back back
   4.696 -  apply (rule setsum_nonneg)
   4.697 -  apply force
   4.698 -  apply (subst setsum_right_distrib)
   4.699 -  apply (rule allI)
   4.700 -  apply (rule order_trans)
   4.701 -  apply (rule setsum_abs)
   4.702 -  apply (rule setsum_mono)
   4.703 -apply (blast intro: order_trans mult_right_mono abs_ge_self) 
   4.704 -done
   4.705 -
   4.706 -declare [[ sledgehammer_problem_prefix = "BigO__bigo_setsum1" ]]
   4.707 -lemma bigo_setsum1: "ALL x y. 0 <= h x y ==> 
   4.708 -    EX c. ALL x y. abs(f x y) <= c * (h x y) ==>
   4.709 -      (%x. SUM y : A x. f x y) =o O(%x. SUM y : A x. h x y)"
   4.710 -  apply (rule bigo_setsum_main)
   4.711 -(*sledgehammer*)
   4.712 -  apply force
   4.713 -  apply clarsimp
   4.714 -  apply (rule_tac x = c in exI)
   4.715 -  apply force
   4.716 -done
   4.717 -
   4.718 -lemma bigo_setsum2: "ALL y. 0 <= h y ==> 
   4.719 -    EX c. ALL y. abs(f y) <= c * (h y) ==>
   4.720 -      (%x. SUM y : A x. f y) =o O(%x. SUM y : A x. h y)"
   4.721 -by (rule bigo_setsum1, auto)  
   4.722 -
   4.723 -declare [[ sledgehammer_problem_prefix = "BigO__bigo_setsum3" ]]
   4.724 -lemma bigo_setsum3: "f =o O(h) ==>
   4.725 -    (%x. SUM y : A x. (l x y) * f(k x y)) =o
   4.726 -      O(%x. SUM y : A x. abs(l x y * h(k x y)))"
   4.727 -  apply (rule bigo_setsum1)
   4.728 -  apply (rule allI)+
   4.729 -  apply (rule abs_ge_zero)
   4.730 -  apply (unfold bigo_def)
   4.731 -  apply (auto simp add: abs_mult)
   4.732 -(*sledgehammer*)
   4.733 -  apply (rule_tac x = c in exI)
   4.734 -  apply (rule allI)+
   4.735 -  apply (subst mult_left_commute)
   4.736 -  apply (rule mult_left_mono)
   4.737 -  apply (erule spec)
   4.738 -  apply (rule abs_ge_zero)
   4.739 -done
   4.740 -
   4.741 -lemma bigo_setsum4: "f =o g +o O(h) ==>
   4.742 -    (%x. SUM y : A x. l x y * f(k x y)) =o
   4.743 -      (%x. SUM y : A x. l x y * g(k x y)) +o
   4.744 -        O(%x. SUM y : A x. abs(l x y * h(k x y)))"
   4.745 -  apply (rule set_minus_imp_plus)
   4.746 -  apply (subst fun_diff_def)
   4.747 -  apply (subst setsum_subtractf [symmetric])
   4.748 -  apply (subst right_diff_distrib [symmetric])
   4.749 -  apply (rule bigo_setsum3)
   4.750 -  apply (subst fun_diff_def [symmetric])
   4.751 -  apply (erule set_plus_imp_minus)
   4.752 -done
   4.753 -
   4.754 -declare [[ sledgehammer_problem_prefix = "BigO__bigo_setsum5" ]]
   4.755 -lemma bigo_setsum5: "f =o O(h) ==> ALL x y. 0 <= l x y ==> 
   4.756 -    ALL x. 0 <= h x ==>
   4.757 -      (%x. SUM y : A x. (l x y) * f(k x y)) =o
   4.758 -        O(%x. SUM y : A x. (l x y) * h(k x y))" 
   4.759 -  apply (subgoal_tac "(%x. SUM y : A x. (l x y) * h(k x y)) = 
   4.760 -      (%x. SUM y : A x. abs((l x y) * h(k x y)))")
   4.761 -  apply (erule ssubst)
   4.762 -  apply (erule bigo_setsum3)
   4.763 -  apply (rule ext)
   4.764 -  apply (rule setsum_cong2)
   4.765 -  apply (thin_tac "f \<in> O(h)") 
   4.766 -apply (metis abs_of_nonneg zero_le_mult_iff)
   4.767 -done
   4.768 -
   4.769 -lemma bigo_setsum6: "f =o g +o O(h) ==> ALL x y. 0 <= l x y ==>
   4.770 -    ALL x. 0 <= h x ==>
   4.771 -      (%x. SUM y : A x. (l x y) * f(k x y)) =o
   4.772 -        (%x. SUM y : A x. (l x y) * g(k x y)) +o
   4.773 -          O(%x. SUM y : A x. (l x y) * h(k x y))" 
   4.774 -  apply (rule set_minus_imp_plus)
   4.775 -  apply (subst fun_diff_def)
   4.776 -  apply (subst setsum_subtractf [symmetric])
   4.777 -  apply (subst right_diff_distrib [symmetric])
   4.778 -  apply (rule bigo_setsum5)
   4.779 -  apply (subst fun_diff_def [symmetric])
   4.780 -  apply (drule set_plus_imp_minus)
   4.781 -  apply auto
   4.782 -done
   4.783 -
   4.784 -subsection {* Misc useful stuff *}
   4.785 -
   4.786 -lemma bigo_useful_intro: "A <= O(f) ==> B <= O(f) ==>
   4.787 -  A \<oplus> B <= O(f)"
   4.788 -  apply (subst bigo_plus_idemp [symmetric])
   4.789 -  apply (rule set_plus_mono2)
   4.790 -  apply assumption+
   4.791 -done
   4.792 -
   4.793 -lemma bigo_useful_add: "f =o O(h) ==> g =o O(h) ==> f + g =o O(h)"
   4.794 -  apply (subst bigo_plus_idemp [symmetric])
   4.795 -  apply (rule set_plus_intro)
   4.796 -  apply assumption+
   4.797 -done
   4.798 -  
   4.799 -lemma bigo_useful_const_mult: "(c::'a::linordered_field) ~= 0 ==> 
   4.800 -    (%x. c) * f =o O(h) ==> f =o O(h)"
   4.801 -  apply (rule subsetD)
   4.802 -  apply (subgoal_tac "(%x. 1 / c) *o O(h) <= O(h)")
   4.803 -  apply assumption
   4.804 -  apply (rule bigo_const_mult6)
   4.805 -  apply (subgoal_tac "f = (%x. 1 / c) * ((%x. c) * f)")
   4.806 -  apply (erule ssubst)
   4.807 -  apply (erule set_times_intro2)
   4.808 -  apply (simp add: func_times) 
   4.809 -done
   4.810 -
   4.811 -declare [[ sledgehammer_problem_prefix = "BigO__bigo_fix" ]]
   4.812 -lemma bigo_fix: "(%x. f ((x::nat) + 1)) =o O(%x. h(x + 1)) ==> f 0 = 0 ==>
   4.813 -    f =o O(h)"
   4.814 -  apply (simp add: bigo_alt_def)
   4.815 -(*sledgehammer*)
   4.816 -  apply clarify
   4.817 -  apply (rule_tac x = c in exI)
   4.818 -  apply safe
   4.819 -  apply (case_tac "x = 0")
   4.820 -apply (metis abs_ge_zero  abs_zero  order_less_le  split_mult_pos_le) 
   4.821 -  apply (subgoal_tac "x = Suc (x - 1)")
   4.822 -  apply metis
   4.823 -  apply simp
   4.824 -  done
   4.825 -
   4.826 -
   4.827 -lemma bigo_fix2: 
   4.828 -    "(%x. f ((x::nat) + 1)) =o (%x. g(x + 1)) +o O(%x. h(x + 1)) ==> 
   4.829 -       f 0 = g 0 ==> f =o g +o O(h)"
   4.830 -  apply (rule set_minus_imp_plus)
   4.831 -  apply (rule bigo_fix)
   4.832 -  apply (subst fun_diff_def)
   4.833 -  apply (subst fun_diff_def [symmetric])
   4.834 -  apply (rule set_plus_imp_minus)
   4.835 -  apply simp
   4.836 -  apply (simp add: fun_diff_def)
   4.837 -done
   4.838 -
   4.839 -subsection {* Less than or equal to *}
   4.840 -
   4.841 -definition lesso :: "('a => 'b::linordered_idom) => ('a => 'b) => ('a => 'b)" (infixl "<o" 70) where
   4.842 -  "f <o g == (%x. max (f x - g x) 0)"
   4.843 -
   4.844 -lemma bigo_lesseq1: "f =o O(h) ==> ALL x. abs (g x) <= abs (f x) ==>
   4.845 -    g =o O(h)"
   4.846 -  apply (unfold bigo_def)
   4.847 -  apply clarsimp
   4.848 -apply (blast intro: order_trans) 
   4.849 -done
   4.850 -
   4.851 -lemma bigo_lesseq2: "f =o O(h) ==> ALL x. abs (g x) <= f x ==>
   4.852 -      g =o O(h)"
   4.853 -  apply (erule bigo_lesseq1)
   4.854 -apply (blast intro: abs_ge_self order_trans) 
   4.855 -done
   4.856 -
   4.857 -lemma bigo_lesseq3: "f =o O(h) ==> ALL x. 0 <= g x ==> ALL x. g x <= f x ==>
   4.858 -      g =o O(h)"
   4.859 -  apply (erule bigo_lesseq2)
   4.860 -  apply (rule allI)
   4.861 -  apply (subst abs_of_nonneg)
   4.862 -  apply (erule spec)+
   4.863 -done
   4.864 -
   4.865 -lemma bigo_lesseq4: "f =o O(h) ==>
   4.866 -    ALL x. 0 <= g x ==> ALL x. g x <= abs (f x) ==>
   4.867 -      g =o O(h)"
   4.868 -  apply (erule bigo_lesseq1)
   4.869 -  apply (rule allI)
   4.870 -  apply (subst abs_of_nonneg)
   4.871 -  apply (erule spec)+
   4.872 -done
   4.873 -
   4.874 -declare [[ sledgehammer_problem_prefix = "BigO__bigo_lesso1" ]]
   4.875 -lemma bigo_lesso1: "ALL x. f x <= g x ==> f <o g =o O(h)"
   4.876 -apply (unfold lesso_def)
   4.877 -apply (subgoal_tac "(%x. max (f x - g x) 0) = 0")
   4.878 -proof -
   4.879 -  assume "(\<lambda>x. max (f x - g x) 0) = 0"
   4.880 -  thus "(\<lambda>x. max (f x - g x) 0) \<in> O(h)" by (metis bigo_zero)
   4.881 -next
   4.882 -  show "\<forall>x\<Colon>'a. f x \<le> g x \<Longrightarrow> (\<lambda>x\<Colon>'a. max (f x - g x) (0\<Colon>'b)) = (0\<Colon>'a \<Rightarrow> 'b)"
   4.883 -  apply (unfold func_zero)
   4.884 -  apply (rule ext)
   4.885 -  by (simp split: split_max)
   4.886 -qed
   4.887 -
   4.888 -declare [[ sledgehammer_problem_prefix = "BigO__bigo_lesso2" ]]
   4.889 -lemma bigo_lesso2: "f =o g +o O(h) ==>
   4.890 -    ALL x. 0 <= k x ==> ALL x. k x <= f x ==>
   4.891 -      k <o g =o O(h)"
   4.892 -  apply (unfold lesso_def)
   4.893 -  apply (rule bigo_lesseq4)
   4.894 -  apply (erule set_plus_imp_minus)
   4.895 -  apply (rule allI)
   4.896 -  apply (rule le_maxI2)
   4.897 -  apply (rule allI)
   4.898 -  apply (subst fun_diff_def)
   4.899 -apply (erule thin_rl)
   4.900 -(*sledgehammer*)
   4.901 -  apply (case_tac "0 <= k x - g x")
   4.902 -(* apply (metis abs_le_iff add_le_imp_le_right diff_minus le_less
   4.903 -                le_max_iff_disj min_max.le_supE min_max.sup_absorb2
   4.904 -                min_max.sup_commute) *)
   4.905 -proof -
   4.906 -  fix x :: 'a
   4.907 -  assume "\<forall>x\<Colon>'a. k x \<le> f x"
   4.908 -  hence F1: "\<forall>x\<^isub>1\<Colon>'a. max (k x\<^isub>1) (f x\<^isub>1) = f x\<^isub>1" by (metis min_max.sup_absorb2)
   4.909 -  assume "(0\<Colon>'b) \<le> k x - g x"
   4.910 -  hence F2: "max (0\<Colon>'b) (k x - g x) = k x - g x" by (metis min_max.sup_absorb2)
   4.911 -  have F3: "\<forall>x\<^isub>1\<Colon>'b. x\<^isub>1 \<le> \<bar>x\<^isub>1\<bar>" by (metis abs_le_iff le_less)
   4.912 -  have "\<forall>(x\<^isub>2\<Colon>'b) x\<^isub>1\<Colon>'b. max x\<^isub>1 x\<^isub>2 \<le> x\<^isub>2 \<or> max x\<^isub>1 x\<^isub>2 \<le> x\<^isub>1" by (metis le_less le_max_iff_disj)
   4.913 -  hence "\<forall>(x\<^isub>3\<Colon>'b) (x\<^isub>2\<Colon>'b) x\<^isub>1\<Colon>'b. x\<^isub>1 - x\<^isub>2 \<le> x\<^isub>3 - x\<^isub>2 \<or> x\<^isub>3 \<le> x\<^isub>1" by (metis add_le_imp_le_right diff_minus min_max.le_supE)
   4.914 -  hence "k x - g x \<le> f x - g x" by (metis F1 le_less min_max.sup_absorb2 min_max.sup_commute)
   4.915 -  hence "k x - g x \<le> \<bar>f x - g x\<bar>" by (metis F3 le_max_iff_disj min_max.sup_absorb2)
   4.916 -  thus "max (k x - g x) (0\<Colon>'b) \<le> \<bar>f x - g x\<bar>" by (metis F2 min_max.sup_commute)
   4.917 -next
   4.918 -  show "\<And>x\<Colon>'a.
   4.919 -       \<lbrakk>\<forall>x\<Colon>'a. (0\<Colon>'b) \<le> k x; \<forall>x\<Colon>'a. k x \<le> f x; \<not> (0\<Colon>'b) \<le> k x - g x\<rbrakk>
   4.920 -       \<Longrightarrow> max (k x - g x) (0\<Colon>'b) \<le> \<bar>f x - g x\<bar>"
   4.921 -    by (metis abs_ge_zero le_cases min_max.sup_absorb2)
   4.922 -qed
   4.923 -
   4.924 -declare [[ sledgehammer_problem_prefix = "BigO__bigo_lesso3" ]]
   4.925 -lemma bigo_lesso3: "f =o g +o O(h) ==>
   4.926 -    ALL x. 0 <= k x ==> ALL x. g x <= k x ==>
   4.927 -      f <o k =o O(h)"
   4.928 -  apply (unfold lesso_def)
   4.929 -  apply (rule bigo_lesseq4)
   4.930 -  apply (erule set_plus_imp_minus)
   4.931 -  apply (rule allI)
   4.932 -  apply (rule le_maxI2)
   4.933 -  apply (rule allI)
   4.934 -  apply (subst fun_diff_def)
   4.935 -apply (erule thin_rl) 
   4.936 -(*sledgehammer*)
   4.937 -  apply (case_tac "0 <= f x - k x")
   4.938 -  apply (simp)
   4.939 -  apply (subst abs_of_nonneg)
   4.940 -  apply (drule_tac x = x in spec) back
   4.941 -using [[ sledgehammer_problem_prefix = "BigO__bigo_lesso3_simpler" ]]
   4.942 -apply (metis diff_less_0_iff_less linorder_not_le not_leE uminus_add_conv_diff xt1(12) xt1(6))
   4.943 -apply (metis add_minus_cancel diff_le_eq le_diff_eq uminus_add_conv_diff)
   4.944 -apply (metis abs_ge_zero linorder_linear min_max.sup_absorb1 min_max.sup_commute)
   4.945 -done
   4.946 -
   4.947 -lemma bigo_lesso4: "f <o g =o O(k::'a=>'b::linordered_field) ==>
   4.948 -    g =o h +o O(k) ==> f <o h =o O(k)"
   4.949 -  apply (unfold lesso_def)
   4.950 -  apply (drule set_plus_imp_minus)
   4.951 -  apply (drule bigo_abs5) back
   4.952 -  apply (simp add: fun_diff_def)
   4.953 -  apply (drule bigo_useful_add)
   4.954 -  apply assumption
   4.955 -  apply (erule bigo_lesseq2) back
   4.956 -  apply (rule allI)
   4.957 -  apply (auto simp add: func_plus fun_diff_def algebra_simps
   4.958 -    split: split_max abs_split)
   4.959 -done
   4.960 -
   4.961 -declare [[ sledgehammer_problem_prefix = "BigO__bigo_lesso5" ]]
   4.962 -lemma bigo_lesso5: "f <o g =o O(h) ==>
   4.963 -    EX C. ALL x. f x <= g x + C * abs(h x)"
   4.964 -  apply (simp only: lesso_def bigo_alt_def)
   4.965 -  apply clarsimp
   4.966 -  apply (metis abs_if abs_mult add_commute diff_le_eq less_not_permute)  
   4.967 -done
   4.968 -
   4.969 -end
     5.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     5.2 +++ b/src/HOL/Metis_Examples/Big_O.thy	Mon Jun 06 20:36:35 2011 +0200
     5.3 @@ -0,0 +1,966 @@
     5.4 +(*  Title:      HOL/Metis_Examples/Big_O.thy
     5.5 +    Author:     Lawrence C. Paulson, Cambridge University Computer Laboratory
     5.6 +    Author:     Jasmin Blanchette, TU Muenchen
     5.7 +
     5.8 +Metis example featuring the Big O notation.
     5.9 +*)
    5.10 +
    5.11 +header {* Metis Example Featuring the Big O Notation *}
    5.12 +
    5.13 +theory Big_O
    5.14 +imports
    5.15 +  "~~/src/HOL/Decision_Procs/Dense_Linear_Order"
    5.16 +  Main
    5.17 +  "~~/src/HOL/Library/Function_Algebras"
    5.18 +  "~~/src/HOL/Library/Set_Algebras"
    5.19 +begin
    5.20 +
    5.21 +declare [[metis_new_skolemizer]]
    5.22 +
    5.23 +subsection {* Definitions *}
    5.24 +
    5.25 +definition bigo :: "('a => 'b::linordered_idom) => ('a => 'b) set"    ("(1O'(_'))") where
    5.26 +  "O(f::('a => 'b)) ==   {h. EX c. ALL x. abs (h x) <= c * abs (f x)}"
    5.27 +
    5.28 +declare [[ sledgehammer_problem_prefix = "BigO__bigo_pos_const" ]]
    5.29 +lemma bigo_pos_const: "(EX (c::'a::linordered_idom).
    5.30 +    ALL x. (abs (h x)) <= (c * (abs (f x))))
    5.31 +      = (EX c. 0 < c & (ALL x. (abs(h x)) <= (c * (abs (f x)))))"
    5.32 +  apply auto
    5.33 +  apply (case_tac "c = 0", simp)
    5.34 +  apply (rule_tac x = "1" in exI, simp)
    5.35 +  apply (rule_tac x = "abs c" in exI, auto)
    5.36 +  apply (metis abs_ge_zero abs_of_nonneg Orderings.xt1(6) abs_mult)
    5.37 +  done
    5.38 +
    5.39 +(*** Now various verions with an increasing shrink factor ***)
    5.40 +
    5.41 +sledgehammer_params [isar_proof, isar_shrink_factor = 1]
    5.42 +
    5.43 +lemma (*bigo_pos_const:*) "(EX (c::'a::linordered_idom).
    5.44 +    ALL x. (abs (h x)) <= (c * (abs (f x))))
    5.45 +      = (EX c. 0 < c & (ALL x. (abs(h x)) <= (c * (abs (f x)))))"
    5.46 +  apply auto
    5.47 +  apply (case_tac "c = 0", simp)
    5.48 +  apply (rule_tac x = "1" in exI, simp)
    5.49 +  apply (rule_tac x = "abs c" in exI, auto)
    5.50 +proof -
    5.51 +  fix c :: 'a and x :: 'b
    5.52 +  assume A1: "\<forall>x. \<bar>h x\<bar> \<le> c * \<bar>f x\<bar>"
    5.53 +  have F1: "\<forall>x\<^isub>1\<Colon>'a\<Colon>linordered_idom. 0 \<le> \<bar>x\<^isub>1\<bar>" by (metis abs_ge_zero)
    5.54 +  have F2: "\<forall>x\<^isub>1\<Colon>'a\<Colon>linordered_idom. 1 * x\<^isub>1 = x\<^isub>1" by (metis mult_1)
    5.55 +  have F3: "\<forall>x\<^isub>1 x\<^isub>3. x\<^isub>3 \<le> \<bar>h x\<^isub>1\<bar> \<longrightarrow> x\<^isub>3 \<le> c * \<bar>f x\<^isub>1\<bar>" by (metis A1 order_trans)
    5.56 +  have F4: "\<forall>x\<^isub>2 x\<^isub>3\<Colon>'a\<Colon>linordered_idom. \<bar>x\<^isub>3\<bar> * \<bar>x\<^isub>2\<bar> = \<bar>x\<^isub>3 * x\<^isub>2\<bar>"
    5.57 +    by (metis abs_mult)
    5.58 +  have F5: "\<forall>x\<^isub>3 x\<^isub>1\<Colon>'a\<Colon>linordered_idom. 0 \<le> x\<^isub>1 \<longrightarrow> \<bar>x\<^isub>3 * x\<^isub>1\<bar> = \<bar>x\<^isub>3\<bar> * x\<^isub>1"
    5.59 +    by (metis abs_mult_pos)
    5.60 +  hence "\<forall>x\<^isub>1\<ge>0. \<bar>x\<^isub>1\<Colon>'a\<Colon>linordered_idom\<bar> = \<bar>1\<bar> * x\<^isub>1" by (metis F2)
    5.61 +  hence "\<forall>x\<^isub>1\<ge>0. \<bar>x\<^isub>1\<Colon>'a\<Colon>linordered_idom\<bar> = x\<^isub>1" by (metis F2 abs_one)
    5.62 +  hence "\<forall>x\<^isub>3. 0 \<le> \<bar>h x\<^isub>3\<bar> \<longrightarrow> \<bar>c * \<bar>f x\<^isub>3\<bar>\<bar> = c * \<bar>f x\<^isub>3\<bar>" by (metis F3)
    5.63 +  hence "\<forall>x\<^isub>3. \<bar>c * \<bar>f x\<^isub>3\<bar>\<bar> = c * \<bar>f x\<^isub>3\<bar>" by (metis F1)
    5.64 +  hence "\<forall>x\<^isub>3. (0\<Colon>'a) \<le> \<bar>f x\<^isub>3\<bar> \<longrightarrow> c * \<bar>f x\<^isub>3\<bar> = \<bar>c\<bar> * \<bar>f x\<^isub>3\<bar>" by (metis F5)
    5.65 +  hence "\<forall>x\<^isub>3. (0\<Colon>'a) \<le> \<bar>f x\<^isub>3\<bar> \<longrightarrow> c * \<bar>f x\<^isub>3\<bar> = \<bar>c * f x\<^isub>3\<bar>" by (metis F4)
    5.66 +  hence "\<forall>x\<^isub>3. c * \<bar>f x\<^isub>3\<bar> = \<bar>c * f x\<^isub>3\<bar>" by (metis F1)
    5.67 +  hence "\<bar>h x\<bar> \<le> \<bar>c * f x\<bar>" by (metis A1)
    5.68 +  thus "\<bar>h x\<bar> \<le> \<bar>c\<bar> * \<bar>f x\<bar>" by (metis F4)
    5.69 +qed
    5.70 +
    5.71 +sledgehammer_params [isar_proof, isar_shrink_factor = 2]
    5.72 +
    5.73 +lemma (*bigo_pos_const:*) "(EX (c::'a::linordered_idom).
    5.74 +    ALL x. (abs (h x)) <= (c * (abs (f x))))
    5.75 +      = (EX c. 0 < c & (ALL x. (abs(h x)) <= (c * (abs (f x)))))"
    5.76 +  apply auto
    5.77 +  apply (case_tac "c = 0", simp)
    5.78 +  apply (rule_tac x = "1" in exI, simp)
    5.79 +  apply (rule_tac x = "abs c" in exI, auto)
    5.80 +proof -
    5.81 +  fix c :: 'a and x :: 'b
    5.82 +  assume A1: "\<forall>x. \<bar>h x\<bar> \<le> c * \<bar>f x\<bar>"
    5.83 +  have F1: "\<forall>x\<^isub>1\<Colon>'a\<Colon>linordered_idom. 1 * x\<^isub>1 = x\<^isub>1" by (metis mult_1)
    5.84 +  have F2: "\<forall>x\<^isub>2 x\<^isub>3\<Colon>'a\<Colon>linordered_idom. \<bar>x\<^isub>3\<bar> * \<bar>x\<^isub>2\<bar> = \<bar>x\<^isub>3 * x\<^isub>2\<bar>"
    5.85 +    by (metis abs_mult)
    5.86 +  have "\<forall>x\<^isub>1\<ge>0. \<bar>x\<^isub>1\<Colon>'a\<Colon>linordered_idom\<bar> = x\<^isub>1" by (metis F1 abs_mult_pos abs_one)
    5.87 +  hence "\<forall>x\<^isub>3. \<bar>c * \<bar>f x\<^isub>3\<bar>\<bar> = c * \<bar>f x\<^isub>3\<bar>" by (metis A1 abs_ge_zero order_trans)
    5.88 +  hence "\<forall>x\<^isub>3. 0 \<le> \<bar>f x\<^isub>3\<bar> \<longrightarrow> c * \<bar>f x\<^isub>3\<bar> = \<bar>c * f x\<^isub>3\<bar>" by (metis F2 abs_mult_pos)
    5.89 +  hence "\<bar>h x\<bar> \<le> \<bar>c * f x\<bar>" by (metis A1 abs_ge_zero)
    5.90 +  thus "\<bar>h x\<bar> \<le> \<bar>c\<bar> * \<bar>f x\<bar>" by (metis F2)
    5.91 +qed
    5.92 +
    5.93 +sledgehammer_params [isar_proof, isar_shrink_factor = 3]
    5.94 +
    5.95 +lemma (*bigo_pos_const:*) "(EX (c::'a::linordered_idom).
    5.96 +    ALL x. (abs (h x)) <= (c * (abs (f x))))
    5.97 +      = (EX c. 0 < c & (ALL x. (abs(h x)) <= (c * (abs (f x)))))"
    5.98 +  apply auto
    5.99 +  apply (case_tac "c = 0", simp)
   5.100 +  apply (rule_tac x = "1" in exI, simp)
   5.101 +  apply (rule_tac x = "abs c" in exI, auto)
   5.102 +proof -
   5.103 +  fix c :: 'a and x :: 'b
   5.104 +  assume A1: "\<forall>x. \<bar>h x\<bar> \<le> c * \<bar>f x\<bar>"
   5.105 +  have F1: "\<forall>x\<^isub>1\<Colon>'a\<Colon>linordered_idom. 1 * x\<^isub>1 = x\<^isub>1" by (metis mult_1)
   5.106 +  have F2: "\<forall>x\<^isub>3 x\<^isub>1\<Colon>'a\<Colon>linordered_idom. 0 \<le> x\<^isub>1 \<longrightarrow> \<bar>x\<^isub>3 * x\<^isub>1\<bar> = \<bar>x\<^isub>3\<bar> * x\<^isub>1" by (metis abs_mult_pos)
   5.107 +  hence "\<forall>x\<^isub>1\<ge>0. \<bar>x\<^isub>1\<Colon>'a\<Colon>linordered_idom\<bar> = x\<^isub>1" by (metis F1 abs_one)
   5.108 +  hence "\<forall>x\<^isub>3. 0 \<le> \<bar>f x\<^isub>3\<bar> \<longrightarrow> c * \<bar>f x\<^isub>3\<bar> = \<bar>c\<bar> * \<bar>f x\<^isub>3\<bar>" by (metis F2 A1 abs_ge_zero order_trans)
   5.109 +  thus "\<bar>h x\<bar> \<le> \<bar>c\<bar> * \<bar>f x\<bar>" by (metis A1 abs_mult abs_ge_zero)
   5.110 +qed
   5.111 +
   5.112 +sledgehammer_params [isar_proof, isar_shrink_factor = 4]
   5.113 +
   5.114 +lemma (*bigo_pos_const:*) "(EX (c::'a::linordered_idom).
   5.115 +    ALL x. (abs (h x)) <= (c * (abs (f x))))
   5.116 +      = (EX c. 0 < c & (ALL x. (abs(h x)) <= (c * (abs (f x)))))"
   5.117 +  apply auto
   5.118 +  apply (case_tac "c = 0", simp)
   5.119 +  apply (rule_tac x = "1" in exI, simp)
   5.120 +  apply (rule_tac x = "abs c" in exI, auto)
   5.121 +proof -
   5.122 +  fix c :: 'a and x :: 'b
   5.123 +  assume A1: "\<forall>x. \<bar>h x\<bar> \<le> c * \<bar>f x\<bar>"
   5.124 +  have "\<forall>x\<^isub>1\<Colon>'a\<Colon>linordered_idom. 1 * x\<^isub>1 = x\<^isub>1" by (metis mult_1)
   5.125 +  hence "\<forall>x\<^isub>3. \<bar>c * \<bar>f x\<^isub>3\<bar>\<bar> = c * \<bar>f x\<^isub>3\<bar>"
   5.126 +    by (metis A1 abs_ge_zero order_trans abs_mult_pos abs_one)
   5.127 +  hence "\<bar>h x\<bar> \<le> \<bar>c * f x\<bar>" by (metis A1 abs_ge_zero abs_mult_pos abs_mult)
   5.128 +  thus "\<bar>h x\<bar> \<le> \<bar>c\<bar> * \<bar>f x\<bar>" by (metis abs_mult)
   5.129 +qed
   5.130 +
   5.131 +sledgehammer_params [isar_proof, isar_shrink_factor = 1]
   5.132 +
   5.133 +lemma bigo_alt_def: "O(f) =
   5.134 +    {h. EX c. (0 < c & (ALL x. abs (h x) <= c * abs (f x)))}"
   5.135 +by (auto simp add: bigo_def bigo_pos_const)
   5.136 +
   5.137 +declare [[ sledgehammer_problem_prefix = "BigO__bigo_elt_subset" ]]
   5.138 +lemma bigo_elt_subset [intro]: "f : O(g) ==> O(f) <= O(g)"
   5.139 +  apply (auto simp add: bigo_alt_def)
   5.140 +  apply (rule_tac x = "ca * c" in exI)
   5.141 +  apply (rule conjI)
   5.142 +  apply (rule mult_pos_pos)
   5.143 +  apply (assumption)+
   5.144 +(*sledgehammer*)
   5.145 +  apply (rule allI)
   5.146 +  apply (drule_tac x = "xa" in spec)+
   5.147 +  apply (subgoal_tac "ca * abs(f xa) <= ca * (c * abs(g xa))")
   5.148 +  apply (erule order_trans)
   5.149 +  apply (simp add: mult_ac)
   5.150 +  apply (rule mult_left_mono, assumption)
   5.151 +  apply (rule order_less_imp_le, assumption)
   5.152 +done
   5.153 +
   5.154 +
   5.155 +declare [[ sledgehammer_problem_prefix = "BigO__bigo_refl" ]]
   5.156 +lemma bigo_refl [intro]: "f : O(f)"
   5.157 +apply (auto simp add: bigo_def)
   5.158 +by (metis mult_1 order_refl)
   5.159 +
   5.160 +declare [[ sledgehammer_problem_prefix = "BigO__bigo_zero" ]]
   5.161 +lemma bigo_zero: "0 : O(g)"
   5.162 +apply (auto simp add: bigo_def func_zero)
   5.163 +by (metis mult_zero_left order_refl)
   5.164 +
   5.165 +lemma bigo_zero2: "O(%x.0) = {%x.0}"
   5.166 +  by (auto simp add: bigo_def)
   5.167 +
   5.168 +lemma bigo_plus_self_subset [intro]:
   5.169 +  "O(f) \<oplus> O(f) <= O(f)"
   5.170 +  apply (auto simp add: bigo_alt_def set_plus_def)
   5.171 +  apply (rule_tac x = "c + ca" in exI)
   5.172 +  apply auto
   5.173 +  apply (simp add: ring_distribs func_plus)
   5.174 +  apply (blast intro:order_trans abs_triangle_ineq add_mono elim:)
   5.175 +done
   5.176 +
   5.177 +lemma bigo_plus_idemp [simp]: "O(f) \<oplus> O(f) = O(f)"
   5.178 +  apply (rule equalityI)
   5.179 +  apply (rule bigo_plus_self_subset)
   5.180 +  apply (rule set_zero_plus2)
   5.181 +  apply (rule bigo_zero)
   5.182 +done
   5.183 +
   5.184 +lemma bigo_plus_subset [intro]: "O(f + g) <= O(f) \<oplus> O(g)"
   5.185 +  apply (rule subsetI)
   5.186 +  apply (auto simp add: bigo_def bigo_pos_const func_plus set_plus_def)
   5.187 +  apply (subst bigo_pos_const [symmetric])+
   5.188 +  apply (rule_tac x =
   5.189 +    "%n. if abs (g n) <= (abs (f n)) then x n else 0" in exI)
   5.190 +  apply (rule conjI)
   5.191 +  apply (rule_tac x = "c + c" in exI)
   5.192 +  apply (clarsimp)
   5.193 +  apply (auto)
   5.194 +  apply (subgoal_tac "c * abs (f xa + g xa) <= (c + c) * abs (f xa)")
   5.195 +  apply (erule_tac x = xa in allE)
   5.196 +  apply (erule order_trans)
   5.197 +  apply (simp)
   5.198 +  apply (subgoal_tac "c * abs (f xa + g xa) <= c * (abs (f xa) + abs (g xa))")
   5.199 +  apply (erule order_trans)
   5.200 +  apply (simp add: ring_distribs)
   5.201 +  apply (rule mult_left_mono)
   5.202 +  apply assumption
   5.203 +  apply (simp add: order_less_le)
   5.204 +  apply (rule mult_left_mono)
   5.205 +  apply (simp add: abs_triangle_ineq)
   5.206 +  apply (simp add: order_less_le)
   5.207 +  apply (rule mult_nonneg_nonneg)
   5.208 +  apply (rule add_nonneg_nonneg)
   5.209 +  apply auto
   5.210 +  apply (rule_tac x = "%n. if (abs (f n)) <  abs (g n) then x n else 0"
   5.211 +     in exI)
   5.212 +  apply (rule conjI)
   5.213 +  apply (rule_tac x = "c + c" in exI)
   5.214 +  apply auto
   5.215 +  apply (subgoal_tac "c * abs (f xa + g xa) <= (c + c) * abs (g xa)")
   5.216 +  apply (erule_tac x = xa in allE)
   5.217 +  apply (erule order_trans)
   5.218 +  apply (simp)
   5.219 +  apply (subgoal_tac "c * abs (f xa + g xa) <= c * (abs (f xa) + abs (g xa))")
   5.220 +  apply (erule order_trans)
   5.221 +  apply (simp add: ring_distribs)
   5.222 +  apply (rule mult_left_mono)
   5.223 +  apply (simp add: order_less_le)
   5.224 +  apply (simp add: order_less_le)
   5.225 +  apply (rule mult_left_mono)
   5.226 +  apply (rule abs_triangle_ineq)
   5.227 +  apply (simp add: order_less_le)
   5.228 +apply (metis abs_not_less_zero double_less_0_iff less_not_permute linorder_not_less mult_less_0_iff)
   5.229 +  apply (rule ext)
   5.230 +  apply (auto simp add: if_splits linorder_not_le)
   5.231 +done
   5.232 +
   5.233 +lemma bigo_plus_subset2 [intro]: "A <= O(f) ==> B <= O(f) ==> A \<oplus> B <= O(f)"
   5.234 +  apply (subgoal_tac "A \<oplus> B <= O(f) \<oplus> O(f)")
   5.235 +  apply (erule order_trans)
   5.236 +  apply simp
   5.237 +  apply (auto del: subsetI simp del: bigo_plus_idemp)
   5.238 +done
   5.239 +
   5.240 +declare [[ sledgehammer_problem_prefix = "BigO__bigo_plus_eq" ]]
   5.241 +lemma bigo_plus_eq: "ALL x. 0 <= f x ==> ALL x. 0 <= g x ==>
   5.242 +  O(f + g) = O(f) \<oplus> O(g)"
   5.243 +  apply (rule equalityI)
   5.244 +  apply (rule bigo_plus_subset)
   5.245 +  apply (simp add: bigo_alt_def set_plus_def func_plus)
   5.246 +  apply clarify
   5.247 +(*sledgehammer*)
   5.248 +  apply (rule_tac x = "max c ca" in exI)
   5.249 +  apply (rule conjI)
   5.250 +   apply (metis Orderings.less_max_iff_disj)
   5.251 +  apply clarify
   5.252 +  apply (drule_tac x = "xa" in spec)+
   5.253 +  apply (subgoal_tac "0 <= f xa + g xa")
   5.254 +  apply (simp add: ring_distribs)
   5.255 +  apply (subgoal_tac "abs(a xa + b xa) <= abs(a xa) + abs(b xa)")
   5.256 +  apply (subgoal_tac "abs(a xa) + abs(b xa) <=
   5.257 +      max c ca * f xa + max c ca * g xa")
   5.258 +  apply (blast intro: order_trans)
   5.259 +  defer 1
   5.260 +  apply (rule abs_triangle_ineq)
   5.261 +  apply (metis add_nonneg_nonneg)
   5.262 +  apply (rule add_mono)
   5.263 +using [[ sledgehammer_problem_prefix = "BigO__bigo_plus_eq_simpler" ]]
   5.264 +  apply (metis le_maxI2 linorder_linear min_max.sup_absorb1 mult_right_mono xt1(6))
   5.265 +  apply (metis le_maxI2 linorder_not_le mult_le_cancel_right order_trans)
   5.266 +done
   5.267 +
   5.268 +declare [[ sledgehammer_problem_prefix = "BigO__bigo_bounded_alt" ]]
   5.269 +lemma bigo_bounded_alt: "ALL x. 0 <= f x ==> ALL x. f x <= c * g x ==>
   5.270 +    f : O(g)"
   5.271 +  apply (auto simp add: bigo_def)
   5.272 +(* Version 1: one-line proof *)
   5.273 +  apply (metis abs_le_D1 linorder_class.not_less  order_less_le  Orderings.xt1(12)  abs_mult)
   5.274 +  done
   5.275 +
   5.276 +lemma (*bigo_bounded_alt:*) "ALL x. 0 <= f x ==> ALL x. f x <= c * g x ==>
   5.277 +    f : O(g)"
   5.278 +apply (auto simp add: bigo_def)
   5.279 +(* Version 2: structured proof *)
   5.280 +proof -
   5.281 +  assume "\<forall>x. f x \<le> c * g x"
   5.282 +  thus "\<exists>c. \<forall>x. f x \<le> c * \<bar>g x\<bar>" by (metis abs_mult abs_ge_self order_trans)
   5.283 +qed
   5.284 +
   5.285 +text{*So here is the easier (and more natural) problem using transitivity*}
   5.286 +declare [[ sledgehammer_problem_prefix = "BigO__bigo_bounded_alt_trans" ]]
   5.287 +lemma "ALL x. 0 <= f x ==> ALL x. f x <= c * g x ==> f : O(g)"
   5.288 +apply (auto simp add: bigo_def)
   5.289 +(* Version 1: one-line proof *)
   5.290 +by (metis abs_ge_self abs_mult order_trans)
   5.291 +
   5.292 +text{*So here is the easier (and more natural) problem using transitivity*}
   5.293 +declare [[ sledgehammer_problem_prefix = "BigO__bigo_bounded_alt_trans" ]]
   5.294 +lemma "ALL x. 0 <= f x ==> ALL x. f x <= c * g x ==> f : O(g)"
   5.295 +  apply (auto simp add: bigo_def)
   5.296 +(* Version 2: structured proof *)
   5.297 +proof -
   5.298 +  assume "\<forall>x. f x \<le> c * g x"
   5.299 +  thus "\<exists>c. \<forall>x. f x \<le> c * \<bar>g x\<bar>" by (metis abs_mult abs_ge_self order_trans)
   5.300 +qed
   5.301 +
   5.302 +lemma bigo_bounded: "ALL x. 0 <= f x ==> ALL x. f x <= g x ==>
   5.303 +    f : O(g)"
   5.304 +  apply (erule bigo_bounded_alt [of f 1 g])
   5.305 +  apply simp
   5.306 +done
   5.307 +
   5.308 +declare [[ sledgehammer_problem_prefix = "BigO__bigo_bounded2" ]]
   5.309 +lemma bigo_bounded2: "ALL x. lb x <= f x ==> ALL x. f x <= lb x + g x ==>
   5.310 +    f : lb +o O(g)"
   5.311 +apply (rule set_minus_imp_plus)
   5.312 +apply (rule bigo_bounded)
   5.313 + apply (auto simp add: diff_minus fun_Compl_def func_plus)
   5.314 + prefer 2
   5.315 + apply (drule_tac x = x in spec)+
   5.316 + apply (metis add_right_mono add_commute diff_add_cancel diff_minus_eq_add le_less order_trans)
   5.317 +proof -
   5.318 +  fix x :: 'a
   5.319 +  assume "\<forall>x. lb x \<le> f x"
   5.320 +  thus "(0\<Colon>'b) \<le> f x + - lb x" by (metis not_leE diff_minus less_iff_diff_less_0 less_le_not_le)
   5.321 +qed
   5.322 +
   5.323 +declare [[ sledgehammer_problem_prefix = "BigO__bigo_abs" ]]
   5.324 +lemma bigo_abs: "(%x. abs(f x)) =o O(f)"
   5.325 +apply (unfold bigo_def)
   5.326 +apply auto
   5.327 +by (metis mult_1 order_refl)
   5.328 +
   5.329 +declare [[ sledgehammer_problem_prefix = "BigO__bigo_abs2" ]]
   5.330 +lemma bigo_abs2: "f =o O(%x. abs(f x))"
   5.331 +apply (unfold bigo_def)
   5.332 +apply auto
   5.333 +by (metis mult_1 order_refl)
   5.334 +
   5.335 +lemma bigo_abs3: "O(f) = O(%x. abs(f x))"
   5.336 +proof -
   5.337 +  have F1: "\<forall>v u. u \<in> O(v) \<longrightarrow> O(u) \<subseteq> O(v)" by (metis bigo_elt_subset)
   5.338 +  have F2: "\<forall>u. (\<lambda>R. \<bar>u R\<bar>) \<in> O(u)" by (metis bigo_abs)
   5.339 +  have "\<forall>u. u \<in> O(\<lambda>R. \<bar>u R\<bar>)" by (metis bigo_abs2)
   5.340 +  thus "O(f) = O(\<lambda>x. \<bar>f x\<bar>)" using F1 F2 by auto
   5.341 +qed
   5.342 +
   5.343 +lemma bigo_abs4: "f =o g +o O(h) ==>
   5.344 +    (%x. abs (f x)) =o (%x. abs (g x)) +o O(h)"
   5.345 +  apply (drule set_plus_imp_minus)
   5.346 +  apply (rule set_minus_imp_plus)
   5.347 +  apply (subst fun_diff_def)
   5.348 +proof -
   5.349 +  assume a: "f - g : O(h)"
   5.350 +  have "(%x. abs (f x) - abs (g x)) =o O(%x. abs(abs (f x) - abs (g x)))"
   5.351 +    by (rule bigo_abs2)
   5.352 +  also have "... <= O(%x. abs (f x - g x))"
   5.353 +    apply (rule bigo_elt_subset)
   5.354 +    apply (rule bigo_bounded)
   5.355 +    apply force
   5.356 +    apply (rule allI)
   5.357 +    apply (rule abs_triangle_ineq3)
   5.358 +    done
   5.359 +  also have "... <= O(f - g)"
   5.360 +    apply (rule bigo_elt_subset)
   5.361 +    apply (subst fun_diff_def)
   5.362 +    apply (rule bigo_abs)
   5.363 +    done
   5.364 +  also have "... <= O(h)"
   5.365 +    using a by (rule bigo_elt_subset)
   5.366 +  finally show "(%x. abs (f x) - abs (g x)) : O(h)".
   5.367 +qed
   5.368 +
   5.369 +lemma bigo_abs5: "f =o O(g) ==> (%x. abs(f x)) =o O(g)"
   5.370 +by (unfold bigo_def, auto)
   5.371 +
   5.372 +lemma bigo_elt_subset2 [intro]: "f : g +o O(h) ==> O(f) <= O(g) \<oplus> O(h)"
   5.373 +proof -
   5.374 +  assume "f : g +o O(h)"
   5.375 +  also have "... <= O(g) \<oplus> O(h)"
   5.376 +    by (auto del: subsetI)
   5.377 +  also have "... = O(%x. abs(g x)) \<oplus> O(%x. abs(h x))"
   5.378 +    apply (subst bigo_abs3 [symmetric])+
   5.379 +    apply (rule refl)
   5.380 +    done
   5.381 +  also have "... = O((%x. abs(g x)) + (%x. abs(h x)))"
   5.382 +    by (rule bigo_plus_eq [symmetric], auto)
   5.383 +  finally have "f : ...".
   5.384 +  then have "O(f) <= ..."
   5.385 +    by (elim bigo_elt_subset)
   5.386 +  also have "... = O(%x. abs(g x)) \<oplus> O(%x. abs(h x))"
   5.387 +    by (rule bigo_plus_eq, auto)
   5.388 +  finally show ?thesis
   5.389 +    by (simp add: bigo_abs3 [symmetric])
   5.390 +qed
   5.391 +
   5.392 +declare [[ sledgehammer_problem_prefix = "BigO__bigo_mult" ]]
   5.393 +lemma bigo_mult [intro]: "O(f)\<otimes>O(g) <= O(f * g)"
   5.394 +  apply (rule subsetI)
   5.395 +  apply (subst bigo_def)
   5.396 +  apply (auto simp del: abs_mult mult_ac
   5.397 +              simp add: bigo_alt_def set_times_def func_times)
   5.398 +(*sledgehammer*)
   5.399 +  apply (rule_tac x = "c * ca" in exI)
   5.400 +  apply(rule allI)
   5.401 +  apply(erule_tac x = x in allE)+
   5.402 +  apply(subgoal_tac "c * ca * abs(f x * g x) =
   5.403 +      (c * abs(f x)) * (ca * abs(g x))")
   5.404 +using [[ sledgehammer_problem_prefix = "BigO__bigo_mult_simpler" ]]
   5.405 +prefer 2
   5.406 +apply (metis mult_assoc mult_left_commute
   5.407 +  abs_of_pos mult_left_commute
   5.408 +  abs_mult mult_pos_pos)
   5.409 +  apply (erule ssubst)
   5.410 +  apply (subst abs_mult)
   5.411 +(* not quite as hard as BigO__bigo_mult_simpler_1 (a hard problem!) since
   5.412 +   abs_mult has just been done *)
   5.413 +by (metis abs_ge_zero mult_mono')
   5.414 +
   5.415 +declare [[ sledgehammer_problem_prefix = "BigO__bigo_mult2" ]]
   5.416 +lemma bigo_mult2 [intro]: "f *o O(g) <= O(f * g)"
   5.417 +  apply (auto simp add: bigo_def elt_set_times_def func_times abs_mult)
   5.418 +(*sledgehammer*)
   5.419 +  apply (rule_tac x = c in exI)
   5.420 +  apply clarify
   5.421 +  apply (drule_tac x = x in spec)
   5.422 +using [[ sledgehammer_problem_prefix = "BigO__bigo_mult2_simpler" ]]
   5.423 +(*sledgehammer [no luck]*)
   5.424 +  apply (subgoal_tac "abs(f x) * abs(b x) <= abs(f x) * (c * abs(g x))")
   5.425 +  apply (simp add: mult_ac)
   5.426 +  apply (rule mult_left_mono, assumption)
   5.427 +  apply (rule abs_ge_zero)
   5.428 +done
   5.429 +
   5.430 +declare [[ sledgehammer_problem_prefix = "BigO__bigo_mult3" ]]
   5.431 +lemma bigo_mult3: "f : O(h) ==> g : O(j) ==> f * g : O(h * j)"
   5.432 +by (metis bigo_mult set_rev_mp set_times_intro)
   5.433 +
   5.434 +declare [[ sledgehammer_problem_prefix = "BigO__bigo_mult4" ]]
   5.435 +lemma bigo_mult4 [intro]:"f : k +o O(h) ==> g * f : (g * k) +o O(g * h)"
   5.436 +by (metis bigo_mult2 set_plus_mono_b set_times_intro2 set_times_plus_distrib)
   5.437 +
   5.438 +
   5.439 +lemma bigo_mult5: "ALL x. f x ~= 0 ==>
   5.440 +    O(f * g) <= (f::'a => ('b::linordered_field)) *o O(g)"
   5.441 +proof -
   5.442 +  assume a: "ALL x. f x ~= 0"
   5.443 +  show "O(f * g) <= f *o O(g)"
   5.444 +  proof
   5.445 +    fix h
   5.446 +    assume h: "h : O(f * g)"
   5.447 +    then have "(%x. 1 / (f x)) * h : (%x. 1 / f x) *o O(f * g)"
   5.448 +      by auto
   5.449 +    also have "... <= O((%x. 1 / f x) * (f * g))"
   5.450 +      by (rule bigo_mult2)
   5.451 +    also have "(%x. 1 / f x) * (f * g) = g"
   5.452 +      apply (simp add: func_times)
   5.453 +      apply (rule ext)
   5.454 +      apply (simp add: a h nonzero_divide_eq_eq mult_ac)
   5.455 +      done
   5.456 +    finally have "(%x. (1::'b) / f x) * h : O(g)".
   5.457 +    then have "f * ((%x. (1::'b) / f x) * h) : f *o O(g)"
   5.458 +      by auto
   5.459 +    also have "f * ((%x. (1::'b) / f x) * h) = h"
   5.460 +      apply (simp add: func_times)
   5.461 +      apply (rule ext)
   5.462 +      apply (simp add: a h nonzero_divide_eq_eq mult_ac)
   5.463 +      done
   5.464 +    finally show "h : f *o O(g)".
   5.465 +  qed
   5.466 +qed
   5.467 +
   5.468 +declare [[ sledgehammer_problem_prefix = "BigO__bigo_mult6" ]]
   5.469 +lemma bigo_mult6: "ALL x. f x ~= 0 ==>
   5.470 +    O(f * g) = (f::'a => ('b::linordered_field)) *o O(g)"
   5.471 +by (metis bigo_mult2 bigo_mult5 order_antisym)
   5.472 +
   5.473 +(*proof requires relaxing relevance: 2007-01-25*)
   5.474 +declare [[ sledgehammer_problem_prefix = "BigO__bigo_mult7" ]]
   5.475 +  declare bigo_mult6 [simp]
   5.476 +lemma bigo_mult7: "ALL x. f x ~= 0 ==>
   5.477 +    O(f * g) <= O(f::'a => ('b::linordered_field)) \<otimes> O(g)"
   5.478 +(*sledgehammer*)
   5.479 +  apply (subst bigo_mult6)
   5.480 +  apply assumption
   5.481 +  apply (rule set_times_mono3)
   5.482 +  apply (rule bigo_refl)
   5.483 +done
   5.484 +  declare bigo_mult6 [simp del]
   5.485 +
   5.486 +declare [[ sledgehammer_problem_prefix = "BigO__bigo_mult8" ]]
   5.487 +  declare bigo_mult7[intro!]
   5.488 +lemma bigo_mult8: "ALL x. f x ~= 0 ==>
   5.489 +    O(f * g) = O(f::'a => ('b::linordered_field)) \<otimes> O(g)"
   5.490 +by (metis bigo_mult bigo_mult7 order_antisym_conv)
   5.491 +
   5.492 +lemma bigo_minus [intro]: "f : O(g) ==> - f : O(g)"
   5.493 +  by (auto simp add: bigo_def fun_Compl_def)
   5.494 +
   5.495 +lemma bigo_minus2: "f : g +o O(h) ==> -f : -g +o O(h)"
   5.496 +  apply (rule set_minus_imp_plus)
   5.497 +  apply (drule set_plus_imp_minus)
   5.498 +  apply (drule bigo_minus)
   5.499 +  apply (simp add: diff_minus)
   5.500 +done
   5.501 +
   5.502 +lemma bigo_minus3: "O(-f) = O(f)"
   5.503 +  by (auto simp add: bigo_def fun_Compl_def abs_minus_cancel)
   5.504 +
   5.505 +lemma bigo_plus_absorb_lemma1: "f : O(g) ==> f +o O(g) <= O(g)"
   5.506 +proof -
   5.507 +  assume a: "f : O(g)"
   5.508 +  show "f +o O(g) <= O(g)"
   5.509 +  proof -
   5.510 +    have "f : O(f)" by auto
   5.511 +    then have "f +o O(g) <= O(f) \<oplus> O(g)"
   5.512 +      by (auto del: subsetI)
   5.513 +    also have "... <= O(g) \<oplus> O(g)"
   5.514 +    proof -
   5.515 +      from a have "O(f) <= O(g)" by (auto del: subsetI)
   5.516 +      thus ?thesis by (auto del: subsetI)
   5.517 +    qed
   5.518 +    also have "... <= O(g)" by (simp add: bigo_plus_idemp)
   5.519 +    finally show ?thesis .
   5.520 +  qed
   5.521 +qed
   5.522 +
   5.523 +lemma bigo_plus_absorb_lemma2: "f : O(g) ==> O(g) <= f +o O(g)"
   5.524 +proof -
   5.525 +  assume a: "f : O(g)"
   5.526 +  show "O(g) <= f +o O(g)"
   5.527 +  proof -
   5.528 +    from a have "-f : O(g)" by auto
   5.529 +    then have "-f +o O(g) <= O(g)" by (elim bigo_plus_absorb_lemma1)
   5.530 +    then have "f +o (-f +o O(g)) <= f +o O(g)" by auto
   5.531 +    also have "f +o (-f +o O(g)) = O(g)"
   5.532 +      by (simp add: set_plus_rearranges)
   5.533 +    finally show ?thesis .
   5.534 +  qed
   5.535 +qed
   5.536 +
   5.537 +declare [[ sledgehammer_problem_prefix = "BigO__bigo_plus_absorb" ]]
   5.538 +lemma bigo_plus_absorb [simp]: "f : O(g) ==> f +o O(g) = O(g)"
   5.539 +by (metis bigo_plus_absorb_lemma1 bigo_plus_absorb_lemma2 order_eq_iff)
   5.540 +
   5.541 +lemma bigo_plus_absorb2 [intro]: "f : O(g) ==> A <= O(g) ==> f +o A <= O(g)"
   5.542 +  apply (subgoal_tac "f +o A <= f +o O(g)")
   5.543 +  apply force+
   5.544 +done
   5.545 +
   5.546 +lemma bigo_add_commute_imp: "f : g +o O(h) ==> g : f +o O(h)"
   5.547 +  apply (subst set_minus_plus [symmetric])
   5.548 +  apply (subgoal_tac "g - f = - (f - g)")
   5.549 +  apply (erule ssubst)
   5.550 +  apply (rule bigo_minus)
   5.551 +  apply (subst set_minus_plus)
   5.552 +  apply assumption
   5.553 +  apply  (simp add: diff_minus add_ac)
   5.554 +done
   5.555 +
   5.556 +lemma bigo_add_commute: "(f : g +o O(h)) = (g : f +o O(h))"
   5.557 +  apply (rule iffI)
   5.558 +  apply (erule bigo_add_commute_imp)+
   5.559 +done
   5.560 +
   5.561 +lemma bigo_const1: "(%x. c) : O(%x. 1)"
   5.562 +by (auto simp add: bigo_def mult_ac)
   5.563 +
   5.564 +declare [[ sledgehammer_problem_prefix = "BigO__bigo_const2" ]]
   5.565 +lemma (*bigo_const2 [intro]:*) "O(%x. c) <= O(%x. 1)"
   5.566 +by (metis bigo_const1 bigo_elt_subset)
   5.567 +
   5.568 +lemma bigo_const2 [intro]: "O(%x. c::'b::linordered_idom) <= O(%x. 1)"
   5.569 +(* "thus" had to be replaced by "show" with an explicit reference to "F1" *)
   5.570 +proof -
   5.571 +  have F1: "\<forall>u. (\<lambda>Q. u) \<in> O(\<lambda>Q. 1)" by (metis bigo_const1)
   5.572 +  show "O(\<lambda>x. c) \<subseteq> O(\<lambda>x. 1)" by (metis F1 bigo_elt_subset)
   5.573 +qed
   5.574 +
   5.575 +declare [[ sledgehammer_problem_prefix = "BigO__bigo_const3" ]]
   5.576 +lemma bigo_const3: "(c::'a::linordered_field) ~= 0 ==> (%x. 1) : O(%x. c)"
   5.577 +apply (simp add: bigo_def)
   5.578 +by (metis abs_eq_0 left_inverse order_refl)
   5.579 +
   5.580 +lemma bigo_const4: "(c::'a::linordered_field) ~= 0 ==> O(%x. 1) <= O(%x. c)"
   5.581 +by (rule bigo_elt_subset, rule bigo_const3, assumption)
   5.582 +
   5.583 +lemma bigo_const [simp]: "(c::'a::linordered_field) ~= 0 ==>
   5.584 +    O(%x. c) = O(%x. 1)"
   5.585 +by (rule equalityI, rule bigo_const2, rule bigo_const4, assumption)
   5.586 +
   5.587 +declare [[ sledgehammer_problem_prefix = "BigO__bigo_const_mult1" ]]
   5.588 +lemma bigo_const_mult1: "(%x. c * f x) : O(f)"
   5.589 +  apply (simp add: bigo_def abs_mult)
   5.590 +by (metis le_less)
   5.591 +
   5.592 +lemma bigo_const_mult2: "O(%x. c * f x) <= O(f)"
   5.593 +by (rule bigo_elt_subset, rule bigo_const_mult1)
   5.594 +
   5.595 +declare [[ sledgehammer_problem_prefix = "BigO__bigo_const_mult3" ]]
   5.596 +lemma bigo_const_mult3: "(c::'a::linordered_field) ~= 0 ==> f : O(%x. c * f x)"
   5.597 +  apply (simp add: bigo_def)
   5.598 +(*sledgehammer [no luck]*)
   5.599 +  apply (rule_tac x = "abs(inverse c)" in exI)
   5.600 +  apply (simp only: abs_mult [symmetric] mult_assoc [symmetric])
   5.601 +apply (subst left_inverse)
   5.602 +apply (auto )
   5.603 +done
   5.604 +
   5.605 +lemma bigo_const_mult4: "(c::'a::linordered_field) ~= 0 ==>
   5.606 +    O(f) <= O(%x. c * f x)"
   5.607 +by (rule bigo_elt_subset, rule bigo_const_mult3, assumption)
   5.608 +
   5.609 +lemma bigo_const_mult [simp]: "(c::'a::linordered_field) ~= 0 ==>
   5.610 +    O(%x. c * f x) = O(f)"
   5.611 +by (rule equalityI, rule bigo_const_mult2, erule bigo_const_mult4)
   5.612 +
   5.613 +declare [[ sledgehammer_problem_prefix = "BigO__bigo_const_mult5" ]]
   5.614 +lemma bigo_const_mult5 [simp]: "(c::'a::linordered_field) ~= 0 ==>
   5.615 +    (%x. c) *o O(f) = O(f)"
   5.616 +  apply (auto del: subsetI)
   5.617 +  apply (rule order_trans)
   5.618 +  apply (rule bigo_mult2)
   5.619 +  apply (simp add: func_times)
   5.620 +  apply (auto intro!: subsetI simp add: bigo_def elt_set_times_def func_times)
   5.621 +  apply (rule_tac x = "%y. inverse c * x y" in exI)
   5.622 +  apply (rename_tac g d)
   5.623 +  apply safe
   5.624 +  apply (rule_tac [2] ext)
   5.625 +   prefer 2
   5.626 +   apply simp
   5.627 +  apply (simp add: mult_assoc [symmetric] abs_mult)
   5.628 +  (* couldn't get this proof without the step above *)
   5.629 +proof -
   5.630 +  fix g :: "'b \<Rightarrow> 'a" and d :: 'a
   5.631 +  assume A1: "c \<noteq> (0\<Colon>'a)"
   5.632 +  assume A2: "\<forall>x\<Colon>'b. \<bar>g x\<bar> \<le> d * \<bar>f x\<bar>"
   5.633 +  have F1: "inverse \<bar>c\<bar> = \<bar>inverse c\<bar>" using A1 by (metis nonzero_abs_inverse)
   5.634 +  have F2: "(0\<Colon>'a) < \<bar>c\<bar>" using A1 by (metis zero_less_abs_iff)
   5.635 +  have "(0\<Colon>'a) < \<bar>c\<bar> \<longrightarrow> (0\<Colon>'a) < \<bar>inverse c\<bar>" using F1 by (metis positive_imp_inverse_positive)
   5.636 +  hence "(0\<Colon>'a) < \<bar>inverse c\<bar>" using F2 by metis
   5.637 +  hence F3: "(0\<Colon>'a) \<le> \<bar>inverse c\<bar>" by (metis order_le_less)
   5.638 +  have "\<exists>(u\<Colon>'a) SKF\<^isub>7\<Colon>'a \<Rightarrow> 'b. \<bar>g (SKF\<^isub>7 (\<bar>inverse c\<bar> * u))\<bar> \<le> u * \<bar>f (SKF\<^isub>7 (\<bar>inverse c\<bar> * u))\<bar>"
   5.639 +    using A2 by metis
   5.640 +  hence F4: "\<exists>(u\<Colon>'a) SKF\<^isub>7\<Colon>'a \<Rightarrow> 'b. \<bar>g (SKF\<^isub>7 (\<bar>inverse c\<bar> * u))\<bar> \<le> u * \<bar>f (SKF\<^isub>7 (\<bar>inverse c\<bar> * u))\<bar> \<and> (0\<Colon>'a) \<le> \<bar>inverse c\<bar>"
   5.641 +    using F3 by metis
   5.642 +  hence "\<exists>(v\<Colon>'a) (u\<Colon>'a) SKF\<^isub>7\<Colon>'a \<Rightarrow> 'b. \<bar>inverse c\<bar> * \<bar>g (SKF\<^isub>7 (u * v))\<bar> \<le> u * (v * \<bar>f (SKF\<^isub>7 (u * v))\<bar>)"
   5.643 +    by (metis comm_mult_left_mono)
   5.644 +  thus "\<exists>ca\<Colon>'a. \<forall>x\<Colon>'b. \<bar>inverse c\<bar> * \<bar>g x\<bar> \<le> ca * \<bar>f x\<bar>"
   5.645 +    using A2 F4 by (metis ab_semigroup_mult_class.mult_ac(1) comm_mult_left_mono)
   5.646 +qed
   5.647 +
   5.648 +
   5.649 +declare [[ sledgehammer_problem_prefix = "BigO__bigo_const_mult6" ]]
   5.650 +lemma bigo_const_mult6 [intro]: "(%x. c) *o O(f) <= O(f)"
   5.651 +  apply (auto intro!: subsetI
   5.652 +    simp add: bigo_def elt_set_times_def func_times
   5.653 +    simp del: abs_mult mult_ac)
   5.654 +(*sledgehammer*)
   5.655 +  apply (rule_tac x = "ca * (abs c)" in exI)
   5.656 +  apply (rule allI)
   5.657 +  apply (subgoal_tac "ca * abs(c) * abs(f x) = abs(c) * (ca * abs(f x))")
   5.658 +  apply (erule ssubst)
   5.659 +  apply (subst abs_mult)
   5.660 +  apply (rule mult_left_mono)
   5.661 +  apply (erule spec)
   5.662 +  apply simp
   5.663 +  apply(simp add: mult_ac)
   5.664 +done
   5.665 +
   5.666 +lemma bigo_const_mult7 [intro]: "f =o O(g) ==> (%x. c * f x) =o O(g)"
   5.667 +proof -
   5.668 +  assume "f =o O(g)"
   5.669 +  then have "(%x. c) * f =o (%x. c) *o O(g)"
   5.670 +    by auto
   5.671 +  also have "(%x. c) * f = (%x. c * f x)"
   5.672 +    by (simp add: func_times)
   5.673 +  also have "(%x. c) *o O(g) <= O(g)"
   5.674 +    by (auto del: subsetI)
   5.675 +  finally show ?thesis .
   5.676 +qed
   5.677 +
   5.678 +lemma bigo_compose1: "f =o O(g) ==> (%x. f(k x)) =o O(%x. g(k x))"
   5.679 +by (unfold bigo_def, auto)
   5.680 +
   5.681 +lemma bigo_compose2: "f =o g +o O(h) ==> (%x. f(k x)) =o (%x. g(k x)) +o
   5.682 +    O(%x. h(k x))"
   5.683 +  apply (simp only: set_minus_plus [symmetric] diff_minus fun_Compl_def
   5.684 +      func_plus)
   5.685 +  apply (erule bigo_compose1)
   5.686 +done
   5.687 +
   5.688 +subsection {* Setsum *}
   5.689 +
   5.690 +lemma bigo_setsum_main: "ALL x. ALL y : A x. 0 <= h x y ==>
   5.691 +    EX c. ALL x. ALL y : A x. abs(f x y) <= c * (h x y) ==>
   5.692 +      (%x. SUM y : A x. f x y) =o O(%x. SUM y : A x. h x y)"
   5.693 +  apply (auto simp add: bigo_def)
   5.694 +  apply (rule_tac x = "abs c" in exI)
   5.695 +  apply (subst abs_of_nonneg) back back
   5.696 +  apply (rule setsum_nonneg)
   5.697 +  apply force
   5.698 +  apply (subst setsum_right_distrib)
   5.699 +  apply (rule allI)
   5.700 +  apply (rule order_trans)
   5.701 +  apply (rule setsum_abs)
   5.702 +  apply (rule setsum_mono)
   5.703 +apply (blast intro: order_trans mult_right_mono abs_ge_self)
   5.704 +done
   5.705 +
   5.706 +declare [[ sledgehammer_problem_prefix = "BigO__bigo_setsum1" ]]
   5.707 +lemma bigo_setsum1: "ALL x y. 0 <= h x y ==>
   5.708 +    EX c. ALL x y. abs(f x y) <= c * (h x y) ==>
   5.709 +      (%x. SUM y : A x. f x y) =o O(%x. SUM y : A x. h x y)"
   5.710 +  apply (rule bigo_setsum_main)
   5.711 +(*sledgehammer*)
   5.712 +  apply force
   5.713 +  apply clarsimp
   5.714 +  apply (rule_tac x = c in exI)
   5.715 +  apply force
   5.716 +done
   5.717 +
   5.718 +lemma bigo_setsum2: "ALL y. 0 <= h y ==>
   5.719 +    EX c. ALL y. abs(f y) <= c * (h y) ==>
   5.720 +      (%x. SUM y : A x. f y) =o O(%x. SUM y : A x. h y)"
   5.721 +by (rule bigo_setsum1, auto)
   5.722 +
   5.723 +declare [[ sledgehammer_problem_prefix = "BigO__bigo_setsum3" ]]
   5.724 +lemma bigo_setsum3: "f =o O(h) ==>
   5.725 +    (%x. SUM y : A x. (l x y) * f(k x y)) =o
   5.726 +      O(%x. SUM y : A x. abs(l x y * h(k x y)))"
   5.727 +  apply (rule bigo_setsum1)
   5.728 +  apply (rule allI)+
   5.729 +  apply (rule abs_ge_zero)
   5.730 +  apply (unfold bigo_def)
   5.731 +  apply (auto simp add: abs_mult)
   5.732 +(*sledgehammer*)
   5.733 +  apply (rule_tac x = c in exI)
   5.734 +  apply (rule allI)+
   5.735 +  apply (subst mult_left_commute)
   5.736 +  apply (rule mult_left_mono)
   5.737 +  apply (erule spec)
   5.738 +  apply (rule abs_ge_zero)
   5.739 +done
   5.740 +
   5.741 +lemma bigo_setsum4: "f =o g +o O(h) ==>
   5.742 +    (%x. SUM y : A x. l x y * f(k x y)) =o
   5.743 +      (%x. SUM y : A x. l x y * g(k x y)) +o
   5.744 +        O(%x. SUM y : A x. abs(l x y * h(k x y)))"
   5.745 +  apply (rule set_minus_imp_plus)
   5.746 +  apply (subst fun_diff_def)
   5.747 +  apply (subst setsum_subtractf [symmetric])
   5.748 +  apply (subst right_diff_distrib [symmetric])
   5.749 +  apply (rule bigo_setsum3)
   5.750 +  apply (subst fun_diff_def [symmetric])
   5.751 +  apply (erule set_plus_imp_minus)
   5.752 +done
   5.753 +
   5.754 +declare [[ sledgehammer_problem_prefix = "BigO__bigo_setsum5" ]]
   5.755 +lemma bigo_setsum5: "f =o O(h) ==> ALL x y. 0 <= l x y ==>
   5.756 +    ALL x. 0 <= h x ==>
   5.757 +      (%x. SUM y : A x. (l x y) * f(k x y)) =o
   5.758 +        O(%x. SUM y : A x. (l x y) * h(k x y))"
   5.759 +  apply (subgoal_tac "(%x. SUM y : A x. (l x y) * h(k x y)) =
   5.760 +      (%x. SUM y : A x. abs((l x y) * h(k x y)))")
   5.761 +  apply (erule ssubst)
   5.762 +  apply (erule bigo_setsum3)
   5.763 +  apply (rule ext)
   5.764 +  apply (rule setsum_cong2)
   5.765 +  apply (thin_tac "f \<in> O(h)")
   5.766 +apply (metis abs_of_nonneg zero_le_mult_iff)
   5.767 +done
   5.768 +
   5.769 +lemma bigo_setsum6: "f =o g +o O(h) ==> ALL x y. 0 <= l x y ==>
   5.770 +    ALL x. 0 <= h x ==>
   5.771 +      (%x. SUM y : A x. (l x y) * f(k x y)) =o
   5.772 +        (%x. SUM y : A x. (l x y) * g(k x y)) +o
   5.773 +          O(%x. SUM y : A x. (l x y) * h(k x y))"
   5.774 +  apply (rule set_minus_imp_plus)
   5.775 +  apply (subst fun_diff_def)
   5.776 +  apply (subst setsum_subtractf [symmetric])
   5.777 +  apply (subst right_diff_distrib [symmetric])
   5.778 +  apply (rule bigo_setsum5)
   5.779 +  apply (subst fun_diff_def [symmetric])
   5.780 +  apply (drule set_plus_imp_minus)
   5.781 +  apply auto
   5.782 +done
   5.783 +
   5.784 +subsection {* Misc useful stuff *}
   5.785 +
   5.786 +lemma bigo_useful_intro: "A <= O(f) ==> B <= O(f) ==>
   5.787 +  A \<oplus> B <= O(f)"
   5.788 +  apply (subst bigo_plus_idemp [symmetric])
   5.789 +  apply (rule set_plus_mono2)
   5.790 +  apply assumption+
   5.791 +done
   5.792 +
   5.793 +lemma bigo_useful_add: "f =o O(h) ==> g =o O(h) ==> f + g =o O(h)"
   5.794 +  apply (subst bigo_plus_idemp [symmetric])
   5.795 +  apply (rule set_plus_intro)
   5.796 +  apply assumption+
   5.797 +done
   5.798 +
   5.799 +lemma bigo_useful_const_mult: "(c::'a::linordered_field) ~= 0 ==>
   5.800 +    (%x. c) * f =o O(h) ==> f =o O(h)"
   5.801 +  apply (rule subsetD)
   5.802 +  apply (subgoal_tac "(%x. 1 / c) *o O(h) <= O(h)")
   5.803 +  apply assumption
   5.804 +  apply (rule bigo_const_mult6)
   5.805 +  apply (subgoal_tac "f = (%x. 1 / c) * ((%x. c) * f)")
   5.806 +  apply (erule ssubst)
   5.807 +  apply (erule set_times_intro2)
   5.808 +  apply (simp add: func_times)
   5.809 +done
   5.810 +
   5.811 +declare [[ sledgehammer_problem_prefix = "BigO__bigo_fix" ]]
   5.812 +lemma bigo_fix: "(%x. f ((x::nat) + 1)) =o O(%x. h(x + 1)) ==> f 0 = 0 ==>
   5.813 +    f =o O(h)"
   5.814 +  apply (simp add: bigo_alt_def)
   5.815 +(*sledgehammer*)
   5.816 +  apply clarify
   5.817 +  apply (rule_tac x = c in exI)
   5.818 +  apply safe
   5.819 +  apply (case_tac "x = 0")
   5.820 +apply (metis abs_ge_zero  abs_zero  order_less_le  split_mult_pos_le)
   5.821 +  apply (subgoal_tac "x = Suc (x - 1)")
   5.822 +  apply metis
   5.823 +  apply simp
   5.824 +  done
   5.825 +
   5.826 +
   5.827 +lemma bigo_fix2:
   5.828 +    "(%x. f ((x::nat) + 1)) =o (%x. g(x + 1)) +o O(%x. h(x + 1)) ==>
   5.829 +       f 0 = g 0 ==> f =o g +o O(h)"
   5.830 +  apply (rule set_minus_imp_plus)
   5.831 +  apply (rule bigo_fix)
   5.832 +  apply (subst fun_diff_def)
   5.833 +  apply (subst fun_diff_def [symmetric])
   5.834 +  apply (rule set_plus_imp_minus)
   5.835 +  apply simp
   5.836 +  apply (simp add: fun_diff_def)
   5.837 +done
   5.838 +
   5.839 +subsection {* Less than or equal to *}
   5.840 +
   5.841 +definition lesso :: "('a => 'b::linordered_idom) => ('a => 'b) => ('a => 'b)" (infixl "<o" 70) where
   5.842 +  "f <o g == (%x. max (f x - g x) 0)"
   5.843 +
   5.844 +lemma bigo_lesseq1: "f =o O(h) ==> ALL x. abs (g x) <= abs (f x) ==>
   5.845 +    g =o O(h)"
   5.846 +  apply (unfold bigo_def)
   5.847 +  apply clarsimp
   5.848 +apply (blast intro: order_trans)
   5.849 +done
   5.850 +
   5.851 +lemma bigo_lesseq2: "f =o O(h) ==> ALL x. abs (g x) <= f x ==>
   5.852 +      g =o O(h)"
   5.853 +  apply (erule bigo_lesseq1)
   5.854 +apply (blast intro: abs_ge_self order_trans)
   5.855 +done
   5.856 +
   5.857 +lemma bigo_lesseq3: "f =o O(h) ==> ALL x. 0 <= g x ==> ALL x. g x <= f x ==>
   5.858 +      g =o O(h)"
   5.859 +  apply (erule bigo_lesseq2)
   5.860 +  apply (rule allI)
   5.861 +  apply (subst abs_of_nonneg)
   5.862 +  apply (erule spec)+
   5.863 +done
   5.864 +
   5.865 +lemma bigo_lesseq4: "f =o O(h) ==>
   5.866 +    ALL x. 0 <= g x ==> ALL x. g x <= abs (f x) ==>
   5.867 +      g =o O(h)"
   5.868 +  apply (erule bigo_lesseq1)
   5.869 +  apply (rule allI)
   5.870 +  apply (subst abs_of_nonneg)
   5.871 +  apply (erule spec)+
   5.872 +done
   5.873 +
   5.874 +declare [[ sledgehammer_problem_prefix = "BigO__bigo_lesso1" ]]
   5.875 +lemma bigo_lesso1: "ALL x. f x <= g x ==> f <o g =o O(h)"
   5.876 +apply (unfold lesso_def)
   5.877 +apply (subgoal_tac "(%x. max (f x - g x) 0) = 0")
   5.878 +proof -
   5.879 +  assume "(\<lambda>x. max (f x - g x) 0) = 0"
   5.880 +  thus "(\<lambda>x. max (f x - g x) 0) \<in> O(h)" by (metis bigo_zero)
   5.881 +next
   5.882 +  show "\<forall>x\<Colon>'a. f x \<le> g x \<Longrightarrow> (\<lambda>x\<Colon>'a. max (f x - g x) (0\<Colon>'b)) = (0\<Colon>'a \<Rightarrow> 'b)"
   5.883 +  apply (unfold func_zero)
   5.884 +  apply (rule ext)
   5.885 +  by (simp split: split_max)
   5.886 +qed
   5.887 +
   5.888 +declare [[ sledgehammer_problem_prefix = "BigO__bigo_lesso2" ]]
   5.889 +lemma bigo_lesso2: "f =o g +o O(h) ==>
   5.890 +    ALL x. 0 <= k x ==> ALL x. k x <= f x ==>
   5.891 +      k <o g =o O(h)"
   5.892 +  apply (unfold lesso_def)
   5.893 +  apply (rule bigo_lesseq4)
   5.894 +  apply (erule set_plus_imp_minus)
   5.895 +  apply (rule allI)
   5.896 +  apply (rule le_maxI2)
   5.897 +  apply (rule allI)
   5.898 +  apply (subst fun_diff_def)
   5.899 +apply (erule thin_rl)
   5.900 +(*sledgehammer*)
   5.901 +  apply (case_tac "0 <= k x - g x")
   5.902 +(* apply (metis abs_le_iff add_le_imp_le_right diff_minus le_less
   5.903 +                le_max_iff_disj min_max.le_supE min_max.sup_absorb2
   5.904 +                min_max.sup_commute) *)
   5.905 +proof -
   5.906 +  fix x :: 'a
   5.907 +  assume "\<forall>x\<Colon>'a. k x \<le> f x"
   5.908 +  hence F1: "\<forall>x\<^isub>1\<Colon>'a. max (k x\<^isub>1) (f x\<^isub>1) = f x\<^isub>1" by (metis min_max.sup_absorb2)
   5.909 +  assume "(0\<Colon>'b) \<le> k x - g x"
   5.910 +  hence F2: "max (0\<Colon>'b) (k x - g x) = k x - g x" by (metis min_max.sup_absorb2)
   5.911 +  have F3: "\<forall>x\<^isub>1\<Colon>'b. x\<^isub>1 \<le> \<bar>x\<^isub>1\<bar>" by (metis abs_le_iff le_less)
   5.912 +  have "\<forall>(x\<^isub>2\<Colon>'b) x\<^isub>1\<Colon>'b. max x\<^isub>1 x\<^isub>2 \<le> x\<^isub>2 \<or> max x\<^isub>1 x\<^isub>2 \<le> x\<^isub>1" by (metis le_less le_max_iff_disj)
   5.913 +  hence "\<forall>(x\<^isub>3\<Colon>'b) (x\<^isub>2\<Colon>'b) x\<^isub>1\<Colon>'b. x\<^isub>1 - x\<^isub>2 \<le> x\<^isub>3 - x\<^isub>2 \<or> x\<^isub>3 \<le> x\<^isub>1" by (metis add_le_imp_le_right diff_minus min_max.le_supE)
   5.914 +  hence "k x - g x \<le> f x - g x" by (metis F1 le_less min_max.sup_absorb2 min_max.sup_commute)
   5.915 +  hence "k x - g x \<le> \<bar>f x - g x\<bar>" by (metis F3 le_max_iff_disj min_max.sup_absorb2)
   5.916 +  thus "max (k x - g x) (0\<Colon>'b) \<le> \<bar>f x - g x\<bar>" by (metis F2 min_max.sup_commute)
   5.917 +next
   5.918 +  show "\<And>x\<Colon>'a.
   5.919 +       \<lbrakk>\<forall>x\<Colon>'a. (0\<Colon>'b) \<le> k x; \<forall>x\<Colon>'a. k x \<le> f x; \<not> (0\<Colon>'b) \<le> k x - g x\<rbrakk>
   5.920 +       \<Longrightarrow> max (k x - g x) (0\<Colon>'b) \<le> \<bar>f x - g x\<bar>"
   5.921 +    by (metis abs_ge_zero le_cases min_max.sup_absorb2)
   5.922 +qed
   5.923 +
   5.924 +declare [[ sledgehammer_problem_prefix = "BigO__bigo_lesso3" ]]
   5.925 +lemma bigo_lesso3: "f =o g +o O(h) ==>
   5.926 +    ALL x. 0 <= k x ==> ALL x. g x <= k x ==>
   5.927 +      f <o k =o O(h)"
   5.928 +  apply (unfold lesso_def)
   5.929 +  apply (rule bigo_lesseq4)
   5.930 +  apply (erule set_plus_imp_minus)
   5.931 +  apply (rule allI)
   5.932 +  apply (rule le_maxI2)
   5.933 +  apply (rule allI)
   5.934 +  apply (subst fun_diff_def)
   5.935 +apply (erule thin_rl)
   5.936 +(*sledgehammer*)
   5.937 +  apply (case_tac "0 <= f x - k x")
   5.938 +  apply (simp)
   5.939 +  apply (subst abs_of_nonneg)
   5.940 +  apply (drule_tac x = x in spec) back
   5.941 +using [[ sledgehammer_problem_prefix = "BigO__bigo_lesso3_simpler" ]]
   5.942 +apply (metis diff_less_0_iff_less linorder_not_le not_leE uminus_add_conv_diff xt1(12) xt1(6))
   5.943 +apply (metis add_minus_cancel diff_le_eq le_diff_eq uminus_add_conv_diff)
   5.944 +apply (metis abs_ge_zero linorder_linear min_max.sup_absorb1 min_max.sup_commute)
   5.945 +done
   5.946 +
   5.947 +lemma bigo_lesso4: "f <o g =o O(k::'a=>'b::linordered_field) ==>
   5.948 +    g =o h +o O(k) ==> f <o h =o O(k)"
   5.949 +  apply (unfold lesso_def)
   5.950 +  apply (drule set_plus_imp_minus)
   5.951 +  apply (drule bigo_abs5) back
   5.952 +  apply (simp add: fun_diff_def)
   5.953 +  apply (drule bigo_useful_add)
   5.954 +  apply assumption
   5.955 +  apply (erule bigo_lesseq2) back
   5.956 +  apply (rule allI)
   5.957 +  apply (auto simp add: func_plus fun_diff_def algebra_simps
   5.958 +    split: split_max abs_split)
   5.959 +done
   5.960 +
   5.961 +declare [[ sledgehammer_problem_prefix = "BigO__bigo_lesso5" ]]
   5.962 +lemma bigo_lesso5: "f <o g =o O(h) ==>
   5.963 +    EX C. ALL x. f x <= g x + C * abs(h x)"
   5.964 +  apply (simp only: lesso_def bigo_alt_def)
   5.965 +  apply clarsimp
   5.966 +  apply (metis abs_if abs_mult add_commute diff_le_eq less_not_permute)
   5.967 +done
   5.968 +
   5.969 +end
     6.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     6.2 +++ b/src/HOL/Metis_Examples/Binary_Tree.thy	Mon Jun 06 20:36:35 2011 +0200
     6.3 @@ -0,0 +1,278 @@
     6.4 +(*  Title:      HOL/Metis_Examples/Binary_Tree.thy
     6.5 +    Author:     Lawrence C. Paulson, Cambridge University Computer Laboratory
     6.6 +    Author:     Jasmin Blanchette, TU Muenchen
     6.7 +
     6.8 +Metis example featuring binary trees.
     6.9 +*)
    6.10 +
    6.11 +header {* Metis Example Featuring Binary Trees *}
    6.12 +
    6.13 +theory Binary_Tree
    6.14 +imports Main
    6.15 +begin
    6.16 +
    6.17 +declare [[metis_new_skolemizer]]
    6.18 +
    6.19 +datatype 'a bt =
    6.20 +    Lf
    6.21 +  | Br 'a  "'a bt"  "'a bt"
    6.22 +
    6.23 +primrec n_nodes :: "'a bt => nat" where
    6.24 +  "n_nodes Lf = 0"
    6.25 +| "n_nodes (Br a t1 t2) = Suc (n_nodes t1 + n_nodes t2)"
    6.26 +
    6.27 +primrec n_leaves :: "'a bt => nat" where
    6.28 +  "n_leaves Lf = Suc 0"
    6.29 +| "n_leaves (Br a t1 t2) = n_leaves t1 + n_leaves t2"
    6.30 +
    6.31 +primrec depth :: "'a bt => nat" where
    6.32 +  "depth Lf = 0"
    6.33 +| "depth (Br a t1 t2) = Suc (max (depth t1) (depth t2))"
    6.34 +
    6.35 +primrec reflect :: "'a bt => 'a bt" where
    6.36 +  "reflect Lf = Lf"
    6.37 +| "reflect (Br a t1 t2) = Br a (reflect t2) (reflect t1)"
    6.38 +
    6.39 +primrec bt_map :: "('a => 'b) => ('a bt => 'b bt)" where
    6.40 +  "bt_map f Lf = Lf"
    6.41 +| "bt_map f (Br a t1 t2) = Br (f a) (bt_map f t1) (bt_map f t2)"
    6.42 +
    6.43 +primrec preorder :: "'a bt => 'a list" where
    6.44 +  "preorder Lf = []"
    6.45 +| "preorder (Br a t1 t2) = [a] @ (preorder t1) @ (preorder t2)"
    6.46 +
    6.47 +primrec inorder :: "'a bt => 'a list" where
    6.48 +  "inorder Lf = []"
    6.49 +| "inorder (Br a t1 t2) = (inorder t1) @ [a] @ (inorder t2)"
    6.50 +
    6.51 +primrec postorder :: "'a bt => 'a list" where
    6.52 +  "postorder Lf = []"
    6.53 +| "postorder (Br a t1 t2) = (postorder t1) @ (postorder t2) @ [a]"
    6.54 +
    6.55 +primrec append :: "'a bt => 'a bt => 'a bt" where
    6.56 +  "append Lf t = t"
    6.57 +| "append (Br a t1 t2) t = Br a (append t1 t) (append t2 t)"
    6.58 +
    6.59 +text {* \medskip BT simplification *}
    6.60 +
    6.61 +declare [[ sledgehammer_problem_prefix = "BT__n_leaves_reflect" ]]
    6.62 +
    6.63 +lemma n_leaves_reflect: "n_leaves (reflect t) = n_leaves t"
    6.64 +proof (induct t)
    6.65 +  case Lf thus ?case
    6.66 +  proof -
    6.67 +    let "?p\<^isub>1 x\<^isub>1" = "x\<^isub>1 \<noteq> n_leaves (reflect (Lf::'a bt))"
    6.68 +    have "\<not> ?p\<^isub>1 (Suc 0)" by (metis reflect.simps(1) n_leaves.simps(1))
    6.69 +    hence "\<not> ?p\<^isub>1 (n_leaves (Lf::'a bt))" by (metis n_leaves.simps(1))
    6.70 +    thus "n_leaves (reflect (Lf::'a bt)) = n_leaves (Lf::'a bt)" by metis
    6.71 +  qed
    6.72 +next
    6.73 +  case (Br a t1 t2) thus ?case
    6.74 +    by (metis n_leaves.simps(2) nat_add_commute reflect.simps(2))
    6.75 +qed
    6.76 +
    6.77 +declare [[ sledgehammer_problem_prefix = "BT__n_nodes_reflect" ]]
    6.78 +
    6.79 +lemma n_nodes_reflect: "n_nodes (reflect t) = n_nodes t"
    6.80 +proof (induct t)
    6.81 +  case Lf thus ?case by (metis reflect.simps(1))
    6.82 +next
    6.83 +  case (Br a t1 t2) thus ?case
    6.84 +    by (metis add_commute n_nodes.simps(2) reflect.simps(2))
    6.85 +qed
    6.86 +
    6.87 +declare [[ sledgehammer_problem_prefix = "BT__depth_reflect" ]]
    6.88 +
    6.89 +lemma depth_reflect: "depth (reflect t) = depth t"
    6.90 +apply (induct t)
    6.91 + apply (metis depth.simps(1) reflect.simps(1))
    6.92 +by (metis depth.simps(2) min_max.inf_sup_aci(5) reflect.simps(2))
    6.93 +
    6.94 +text {*
    6.95 +The famous relationship between the numbers of leaves and nodes.
    6.96 +*}
    6.97 +
    6.98 +declare [[ sledgehammer_problem_prefix = "BT__n_leaves_nodes" ]]
    6.99 +
   6.100 +lemma n_leaves_nodes: "n_leaves t = Suc (n_nodes t)"
   6.101 +apply (induct t)
   6.102 + apply (metis n_leaves.simps(1) n_nodes.simps(1))
   6.103 +by auto
   6.104 +
   6.105 +declare [[ sledgehammer_problem_prefix = "BT__reflect_reflect_ident" ]]
   6.106 +
   6.107 +lemma reflect_reflect_ident: "reflect (reflect t) = t"
   6.108 +apply (induct t)
   6.109 + apply (metis reflect.simps(1))
   6.110 +proof -
   6.111 +  fix a :: 'a and t1 :: "'a bt" and t2 :: "'a bt"
   6.112 +  assume A1: "reflect (reflect t1) = t1"
   6.113 +  assume A2: "reflect (reflect t2) = t2"
   6.114 +  have "\<And>V U. reflect (Br U V (reflect t1)) = Br U t1 (reflect V)"
   6.115 +    using A1 by (metis reflect.simps(2))
   6.116 +  hence "\<And>V U. Br U t1 (reflect (reflect V)) = reflect (reflect (Br U t1 V))"
   6.117 +    by (metis reflect.simps(2))
   6.118 +  hence "\<And>U. reflect (reflect (Br U t1 t2)) = Br U t1 t2"
   6.119 +    using A2 by metis
   6.120 +  thus "reflect (reflect (Br a t1 t2)) = Br a t1 t2" by blast
   6.121 +qed
   6.122 +
   6.123 +declare [[ sledgehammer_problem_prefix = "BT__bt_map_ident" ]]
   6.124 +
   6.125 +lemma bt_map_ident: "bt_map (%x. x) = (%y. y)"
   6.126 +apply (rule ext)
   6.127 +apply (induct_tac y)
   6.128 + apply (metis bt_map.simps(1))
   6.129 +by (metis bt_map.simps(2))
   6.130 +
   6.131 +declare [[ sledgehammer_problem_prefix = "BT__bt_map_append" ]]
   6.132 +
   6.133 +lemma bt_map_append: "bt_map f (append t u) = append (bt_map f t) (bt_map f u)"
   6.134 +apply (induct t)
   6.135 + apply (metis append.simps(1) bt_map.simps(1))
   6.136 +by (metis append.simps(2) bt_map.simps(2))
   6.137 +
   6.138 +declare [[ sledgehammer_problem_prefix = "BT__bt_map_compose" ]]
   6.139 +
   6.140 +lemma bt_map_compose: "bt_map (f o g) t = bt_map f (bt_map g t)"
   6.141 +apply (induct t)
   6.142 + apply (metis bt_map.simps(1))
   6.143 +by (metis bt_map.simps(2) o_eq_dest_lhs)
   6.144 +
   6.145 +declare [[ sledgehammer_problem_prefix = "BT__bt_map_reflect" ]]
   6.146 +
   6.147 +lemma bt_map_reflect: "bt_map f (reflect t) = reflect (bt_map f t)"
   6.148 +apply (induct t)
   6.149 + apply (metis bt_map.simps(1) reflect.simps(1))
   6.150 +by (metis bt_map.simps(2) reflect.simps(2))
   6.151 +
   6.152 +declare [[ sledgehammer_problem_prefix = "BT__preorder_bt_map" ]]
   6.153 +
   6.154 +lemma preorder_bt_map: "preorder (bt_map f t) = map f (preorder t)"
   6.155 +apply (induct t)
   6.156 + apply (metis bt_map.simps(1) map.simps(1) preorder.simps(1))
   6.157 +by simp
   6.158 +
   6.159 +declare [[ sledgehammer_problem_prefix = "BT__inorder_bt_map" ]]
   6.160 +
   6.161 +lemma inorder_bt_map: "inorder (bt_map f t) = map f (inorder t)"
   6.162 +proof (induct t)
   6.163 +  case Lf thus ?case
   6.164 +  proof -
   6.165 +    have "map f [] = []" by (metis map.simps(1))
   6.166 +    hence "map f [] = inorder Lf" by (metis inorder.simps(1))
   6.167 +    hence "inorder (bt_map f Lf) = map f []" by (metis bt_map.simps(1))
   6.168 +    thus "inorder (bt_map f Lf) = map f (inorder Lf)" by (metis inorder.simps(1))
   6.169 +  qed
   6.170 +next
   6.171 +  case (Br a t1 t2) thus ?case by simp
   6.172 +qed
   6.173 +
   6.174 +declare [[ sledgehammer_problem_prefix = "BT__postorder_bt_map" ]]
   6.175 +
   6.176 +lemma postorder_bt_map: "postorder (bt_map f t) = map f (postorder t)"
   6.177 +apply (induct t)
   6.178 + apply (metis Nil_is_map_conv bt_map.simps(1) postorder.simps(1))
   6.179 +by simp
   6.180 +
   6.181 +declare [[ sledgehammer_problem_prefix = "BT__depth_bt_map" ]]
   6.182 +
   6.183 +lemma depth_bt_map [simp]: "depth (bt_map f t) = depth t"
   6.184 +apply (induct t)
   6.185 + apply (metis bt_map.simps(1) depth.simps(1))
   6.186 +by simp
   6.187 +
   6.188 +declare [[ sledgehammer_problem_prefix = "BT__n_leaves_bt_map" ]]
   6.189 +
   6.190 +lemma n_leaves_bt_map [simp]: "n_leaves (bt_map f t) = n_leaves t"
   6.191 +apply (induct t)
   6.192 + apply (metis bt_map.simps(1) n_leaves.simps(1))
   6.193 +proof -
   6.194 +  fix a :: 'b and t1 :: "'b bt" and t2 :: "'b bt"
   6.195 +  assume A1: "n_leaves (bt_map f t1) = n_leaves t1"
   6.196 +  assume A2: "n_leaves (bt_map f t2) = n_leaves t2"
   6.197 +  have "\<And>V U. n_leaves (Br U (bt_map f t1) V) = n_leaves t1 + n_leaves V"
   6.198 +    using A1 by (metis n_leaves.simps(2))
   6.199 +  hence "\<And>V U. n_leaves (bt_map f (Br U t1 V)) = n_leaves t1 + n_leaves (bt_map f V)"
   6.200 +    by (metis bt_map.simps(2))
   6.201 +  hence F1: "\<And>U. n_leaves (bt_map f (Br U t1 t2)) = n_leaves t1 + n_leaves t2"
   6.202 +    using A2 by metis
   6.203 +  have "n_leaves t1 + n_leaves t2 = n_leaves (Br a t1 t2)"
   6.204 +    by (metis n_leaves.simps(2))
   6.205 +  thus "n_leaves (bt_map f (Br a t1 t2)) = n_leaves (Br a t1 t2)"
   6.206 +    using F1 by metis
   6.207 +qed
   6.208 +
   6.209 +declare [[ sledgehammer_problem_prefix = "BT__preorder_reflect" ]]
   6.210 +
   6.211 +lemma preorder_reflect: "preorder (reflect t) = rev (postorder t)"
   6.212 +apply (induct t)
   6.213 + apply (metis Nil_is_rev_conv postorder.simps(1) preorder.simps(1)
   6.214 +              reflect.simps(1))
   6.215 +apply simp
   6.216 +done
   6.217 +
   6.218 +declare [[ sledgehammer_problem_prefix = "BT__inorder_reflect" ]]
   6.219 +
   6.220 +lemma inorder_reflect: "inorder (reflect t) = rev (inorder t)"
   6.221 +apply (induct t)
   6.222 + apply (metis Nil_is_rev_conv inorder.simps(1) reflect.simps(1))
   6.223 +by simp
   6.224 +(* Slow:
   6.225 +by (metis append.simps(1) append_eq_append_conv2 inorder.simps(2)
   6.226 +          reflect.simps(2) rev.simps(2) rev_append)
   6.227 +*)
   6.228 +
   6.229 +declare [[ sledgehammer_problem_prefix = "BT__postorder_reflect" ]]
   6.230 +
   6.231 +lemma postorder_reflect: "postorder (reflect t) = rev (preorder t)"
   6.232 +apply (induct t)
   6.233 + apply (metis Nil_is_rev_conv postorder.simps(1) preorder.simps(1)
   6.234 +              reflect.simps(1))
   6.235 +by (metis preorder_reflect reflect_reflect_ident rev_swap)
   6.236 +
   6.237 +text {*
   6.238 +Analogues of the standard properties of the append function for lists.
   6.239 +*}
   6.240 +
   6.241 +declare [[ sledgehammer_problem_prefix = "BT__append_assoc" ]]
   6.242 +
   6.243 +lemma append_assoc [simp]: "append (append t1 t2) t3 = append t1 (append t2 t3)"
   6.244 +apply (induct t1)
   6.245 + apply (metis append.simps(1))
   6.246 +by (metis append.simps(2))
   6.247 +
   6.248 +declare [[ sledgehammer_problem_prefix = "BT__append_Lf2" ]]
   6.249 +
   6.250 +lemma append_Lf2 [simp]: "append t Lf = t"
   6.251 +apply (induct t)
   6.252 + apply (metis append.simps(1))
   6.253 +by (metis append.simps(2))
   6.254 +
   6.255 +declare max_add_distrib_left [simp]
   6.256 +
   6.257 +declare [[ sledgehammer_problem_prefix = "BT__depth_append" ]]
   6.258 +
   6.259 +lemma depth_append [simp]: "depth (append t1 t2) = depth t1 + depth t2"
   6.260 +apply (induct t1)
   6.261 + apply (metis append.simps(1) depth.simps(1) plus_nat.simps(1))
   6.262 +by simp
   6.263 +
   6.264 +declare [[ sledgehammer_problem_prefix = "BT__n_leaves_append" ]]
   6.265 +
   6.266 +lemma n_leaves_append [simp]:
   6.267 +     "n_leaves (append t1 t2) = n_leaves t1 * n_leaves t2"
   6.268 +apply (induct t1)
   6.269 + apply (metis append.simps(1) n_leaves.simps(1) nat_mult_1 plus_nat.simps(1)
   6.270 +              semiring_norm(111))
   6.271 +by (simp add: left_distrib)
   6.272 +
   6.273 +declare [[ sledgehammer_problem_prefix = "BT__bt_map_append" ]]
   6.274 +
   6.275 +lemma (*bt_map_append:*)
   6.276 +     "bt_map f (append t1 t2) = append (bt_map f t1) (bt_map f t2)"
   6.277 +apply (induct t1)
   6.278 + apply (metis append.simps(1) bt_map.simps(1))
   6.279 +by (metis bt_map_append)
   6.280 +
   6.281 +end
     7.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     7.2 +++ b/src/HOL/Metis_Examples/Clausification.thy	Mon Jun 06 20:36:35 2011 +0200
     7.3 @@ -0,0 +1,150 @@
     7.4 +(*  Title:      HOL/Metis_Examples/Clausification.thy
     7.5 +    Author:     Jasmin Blanchette, TU Muenchen
     7.6 +
     7.7 +Example that exercises Metis's Clausifier.
     7.8 +*)
     7.9 +
    7.10 +header {* Example that Exercises Metis's Clausifier *}
    7.11 +
    7.12 +theory Clausification
    7.13 +imports Complex_Main
    7.14 +begin
    7.15 +
    7.16 +(* FIXME: shouldn't need this *)
    7.17 +declare [[unify_search_bound = 100]]
    7.18 +declare [[unify_trace_bound = 100]]
    7.19 +
    7.20 +
    7.21 +text {* Definitional CNF for facts *}
    7.22 +
    7.23 +declare [[meson_max_clauses = 10]]
    7.24 +
    7.25 +axiomatization q :: "nat \<Rightarrow> nat \<Rightarrow> bool" where
    7.26 +qax: "\<exists>b. \<forall>a. (q b a \<and> q 0 0 \<and> q 1 a \<and> q a 1) \<or> (q 0 1 \<and> q 1 0 \<and> q a b \<and> q 1 1)"
    7.27 +
    7.28 +declare [[metis_new_skolemizer = false]]
    7.29 +
    7.30 +lemma "\<exists>b. \<forall>a. (q b a \<or> q a b)"
    7.31 +by (metis qax)
    7.32 +
    7.33 +lemma "\<exists>b. \<forall>a. (q b a \<or> q a b)"
    7.34 +by (metisFT qax)
    7.35 +
    7.36 +lemma "\<exists>b. \<forall>a. (q b a \<and> q 0 0 \<and> q 1 a \<and> q a 1) \<or> (q 0 1 \<and> q 1 0 \<and> q a b \<and> q 1 1)"
    7.37 +by (metis qax)
    7.38 +
    7.39 +lemma "\<exists>b. \<forall>a. (q b a \<and> q 0 0 \<and> q 1 a \<and> q a 1) \<or> (q 0 1 \<and> q 1 0 \<and> q a b \<and> q 1 1)"
    7.40 +by (metisFT qax)
    7.41 +
    7.42 +declare [[metis_new_skolemizer]]
    7.43 +
    7.44 +lemma "\<exists>b. \<forall>a. (q b a \<or> q a b)"
    7.45 +by (metis qax)
    7.46 +
    7.47 +lemma "\<exists>b. \<forall>a. (q b a \<or> q a b)"
    7.48 +by (metisFT qax)
    7.49 +
    7.50 +lemma "\<exists>b. \<forall>a. (q b a \<and> q 0 0 \<and> q 1 a \<and> q a 1) \<or> (q 0 1 \<and> q 1 0 \<and> q a b \<and> q 1 1)"
    7.51 +by (metis qax)
    7.52 +
    7.53 +lemma "\<exists>b. \<forall>a. (q b a \<and> q 0 0 \<and> q 1 a \<and> q a 1) \<or> (q 0 1 \<and> q 1 0 \<and> q a b \<and> q 1 1)"
    7.54 +by (metisFT qax)
    7.55 +
    7.56 +declare [[meson_max_clauses = 60]]
    7.57 +
    7.58 +axiomatization r :: "nat \<Rightarrow> nat \<Rightarrow> bool" where
    7.59 +rax: "(r 0 0 \<and> r 0 1 \<and> r 0 2 \<and> r 0 3) \<or>
    7.60 +      (r 1 0 \<and> r 1 1 \<and> r 1 2 \<and> r 1 3) \<or>
    7.61 +      (r 2 0 \<and> r 2 1 \<and> r 2 2 \<and> r 2 3) \<or>
    7.62 +      (r 3 0 \<and> r 3 1 \<and> r 3 2 \<and> r 3 3)"
    7.63 +
    7.64 +declare [[metis_new_skolemizer = false]]
    7.65 +
    7.66 +lemma "r 0 0 \<or> r 1 1 \<or> r 2 2 \<or> r 3 3"
    7.67 +by (metis rax)
    7.68 +
    7.69 +lemma "r 0 0 \<or> r 1 1 \<or> r 2 2 \<or> r 3 3"
    7.70 +by (metisFT rax)
    7.71 +
    7.72 +declare [[metis_new_skolemizer]]
    7.73 +
    7.74 +lemma "r 0 0 \<or> r 1 1 \<or> r 2 2 \<or> r 3 3"
    7.75 +by (metis rax)
    7.76 +
    7.77 +lemma "r 0 0 \<or> r 1 1 \<or> r 2 2 \<or> r 3 3"
    7.78 +by (metisFT rax)
    7.79 +
    7.80 +lemma "(r 0 0 \<and> r 0 1 \<and> r 0 2 \<and> r 0 3) \<or>
    7.81 +       (r 1 0 \<and> r 1 1 \<and> r 1 2 \<and> r 1 3) \<or>
    7.82 +       (r 2 0 \<and> r 2 1 \<and> r 2 2 \<and> r 2 3) \<or>
    7.83 +       (r 3 0 \<and> r 3 1 \<and> r 3 2 \<and> r 3 3)"
    7.84 +by (metis rax)
    7.85 +
    7.86 +lemma "(r 0 0 \<and> r 0 1 \<and> r 0 2 \<and> r 0 3) \<or>
    7.87 +       (r 1 0 \<and> r 1 1 \<and> r 1 2 \<and> r 1 3) \<or>
    7.88 +       (r 2 0 \<and> r 2 1 \<and> r 2 2 \<and> r 2 3) \<or>
    7.89 +       (r 3 0 \<and> r 3 1 \<and> r 3 2 \<and> r 3 3)"
    7.90 +by (metisFT rax)
    7.91 +
    7.92 +
    7.93 +text {* Definitional CNF for goal *}
    7.94 +
    7.95 +axiomatization p :: "nat \<Rightarrow> nat \<Rightarrow> bool" where
    7.96 +pax: "\<exists>b. \<forall>a. (p b a \<and> p 0 0 \<and> p 1 a) \<or> (p 0 1 \<and> p 1 0 \<and> p a b)"
    7.97 +
    7.98 +declare [[metis_new_skolemizer = false]]
    7.99 +
   7.100 +lemma "\<exists>b. \<forall>a. \<exists>x. (p b a \<or> x) \<and> (p 0 0 \<or> x) \<and> (p 1 a \<or> x) \<and>
   7.101 +                   (p 0 1 \<or> \<not> x) \<and> (p 1 0 \<or> \<not> x) \<and> (p a b \<or> \<not> x)"
   7.102 +by (metis pax)
   7.103 +
   7.104 +lemma "\<exists>b. \<forall>a. \<exists>x. (p b a \<or> x) \<and> (p 0 0 \<or> x) \<and> (p 1 a \<or> x) \<and>
   7.105 +                   (p 0 1 \<or> \<not> x) \<and> (p 1 0 \<or> \<not> x) \<and> (p a b \<or> \<not> x)"
   7.106 +by (metisFT pax)
   7.107 +
   7.108 +declare [[metis_new_skolemizer]]
   7.109 +
   7.110 +lemma "\<exists>b. \<forall>a. \<exists>x. (p b a \<or> x) \<and> (p 0 0 \<or> x) \<and> (p 1 a \<or> x) \<and>
   7.111 +                   (p 0 1 \<or> \<not> x) \<and> (p 1 0 \<or> \<not> x) \<and> (p a b \<or> \<not> x)"
   7.112 +by (metis pax)
   7.113 +
   7.114 +lemma "\<exists>b. \<forall>a. \<exists>x. (p b a \<or> x) \<and> (p 0 0 \<or> x) \<and> (p 1 a \<or> x) \<and>
   7.115 +                   (p 0 1 \<or> \<not> x) \<and> (p 1 0 \<or> \<not> x) \<and> (p a b \<or> \<not> x)"
   7.116 +by (metisFT pax)
   7.117 +
   7.118 +
   7.119 +text {* New Skolemizer *}
   7.120 +
   7.121 +declare [[metis_new_skolemizer]]
   7.122 +
   7.123 +lemma
   7.124 +  fixes x :: real
   7.125 +  assumes fn_le: "!!n. f n \<le> x" and 1: "f ----> lim f"
   7.126 +  shows "lim f \<le> x"
   7.127 +by (metis 1 LIMSEQ_le_const2 fn_le)
   7.128 +
   7.129 +definition
   7.130 +  bounded :: "'a::metric_space set \<Rightarrow> bool" where
   7.131 +  "bounded S \<longleftrightarrow> (\<exists>x eee. \<forall>y\<in>S. dist x y \<le> eee)"
   7.132 +
   7.133 +lemma "bounded T \<Longrightarrow> S \<subseteq> T ==> bounded S"
   7.134 +by (metis bounded_def subset_eq)
   7.135 +
   7.136 +lemma
   7.137 +  assumes a: "Quotient R Abs Rep"
   7.138 +  shows "symp R"
   7.139 +using a unfolding Quotient_def using sympI
   7.140 +by metisFT
   7.141 +
   7.142 +lemma
   7.143 +  "(\<exists>x \<in> set xs. P x) \<longleftrightarrow>
   7.144 +   (\<exists>ys x zs. xs = ys @ x # zs \<and> P x \<and> (\<forall>z \<in> set zs. \<not> P z))"
   7.145 +by (metis split_list_last_prop [where P = P] in_set_conv_decomp)
   7.146 +
   7.147 +lemma ex_tl: "EX ys. tl ys = xs"
   7.148 +using tl.simps(2) by fast
   7.149 +
   7.150 +lemma "(\<exists>ys\<Colon>nat list. tl ys = xs) \<and> (\<exists>bs\<Colon>int list. tl bs = as)"
   7.151 +by (metis ex_tl)
   7.152 +
   7.153 +end
     8.1 --- a/src/HOL/Metis_Examples/Clausify.thy	Mon Jun 06 20:36:35 2011 +0200
     8.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
     8.3 @@ -1,148 +0,0 @@
     8.4 -(*  Title:      HOL/Metis_Examples/Clausify.thy
     8.5 -    Author:     Jasmin Blanchette, TU Muenchen
     8.6 -
     8.7 -Testing Metis's clausifier.
     8.8 -*)
     8.9 -
    8.10 -theory Clausify
    8.11 -imports Complex_Main
    8.12 -begin
    8.13 -
    8.14 -(* FIXME: shouldn't need this *)
    8.15 -declare [[unify_search_bound = 100]]
    8.16 -declare [[unify_trace_bound = 100]]
    8.17 -
    8.18 -
    8.19 -text {* Definitional CNF for facts *}
    8.20 -
    8.21 -declare [[meson_max_clauses = 10]]
    8.22 -
    8.23 -axiomatization q :: "nat \<Rightarrow> nat \<Rightarrow> bool" where
    8.24 -qax: "\<exists>b. \<forall>a. (q b a \<and> q 0 0 \<and> q 1 a \<and> q a 1) \<or> (q 0 1 \<and> q 1 0 \<and> q a b \<and> q 1 1)"
    8.25 -
    8.26 -declare [[metis_new_skolemizer = false]]
    8.27 -
    8.28 -lemma "\<exists>b. \<forall>a. (q b a \<or> q a b)"
    8.29 -by (metis qax)
    8.30 -
    8.31 -lemma "\<exists>b. \<forall>a. (q b a \<or> q a b)"
    8.32 -by (metisFT qax)
    8.33 -
    8.34 -lemma "\<exists>b. \<forall>a. (q b a \<and> q 0 0 \<and> q 1 a \<and> q a 1) \<or> (q 0 1 \<and> q 1 0 \<and> q a b \<and> q 1 1)"
    8.35 -by (metis qax)
    8.36 -
    8.37 -lemma "\<exists>b. \<forall>a. (q b a \<and> q 0 0 \<and> q 1 a \<and> q a 1) \<or> (q 0 1 \<and> q 1 0 \<and> q a b \<and> q 1 1)"
    8.38 -by (metisFT qax)
    8.39 -
    8.40 -declare [[metis_new_skolemizer]]
    8.41 -
    8.42 -lemma "\<exists>b. \<forall>a. (q b a \<or> q a b)"
    8.43 -by (metis qax)
    8.44 -
    8.45 -lemma "\<exists>b. \<forall>a. (q b a \<or> q a b)"
    8.46 -by (metisFT qax)
    8.47 -
    8.48 -lemma "\<exists>b. \<forall>a. (q b a \<and> q 0 0 \<and> q 1 a \<and> q a 1) \<or> (q 0 1 \<and> q 1 0 \<and> q a b \<and> q 1 1)"
    8.49 -by (metis qax)
    8.50 -
    8.51 -lemma "\<exists>b. \<forall>a. (q b a \<and> q 0 0 \<and> q 1 a \<and> q a 1) \<or> (q 0 1 \<and> q 1 0 \<and> q a b \<and> q 1 1)"
    8.52 -by (metisFT qax)
    8.53 -
    8.54 -declare [[meson_max_clauses = 60]]
    8.55 -
    8.56 -axiomatization r :: "nat \<Rightarrow> nat \<Rightarrow> bool" where
    8.57 -rax: "(r 0 0 \<and> r 0 1 \<and> r 0 2 \<and> r 0 3) \<or>
    8.58 -      (r 1 0 \<and> r 1 1 \<and> r 1 2 \<and> r 1 3) \<or>
    8.59 -      (r 2 0 \<and> r 2 1 \<and> r 2 2 \<and> r 2 3) \<or>
    8.60 -      (r 3 0 \<and> r 3 1 \<and> r 3 2 \<and> r 3 3)"
    8.61 -
    8.62 -declare [[metis_new_skolemizer = false]]
    8.63 -
    8.64 -lemma "r 0 0 \<or> r 1 1 \<or> r 2 2 \<or> r 3 3"
    8.65 -by (metis rax)
    8.66 -
    8.67 -lemma "r 0 0 \<or> r 1 1 \<or> r 2 2 \<or> r 3 3"
    8.68 -by (metisFT rax)
    8.69 -
    8.70 -declare [[metis_new_skolemizer]]
    8.71 -
    8.72 -lemma "r 0 0 \<or> r 1 1 \<or> r 2 2 \<or> r 3 3"
    8.73 -by (metis rax)
    8.74 -
    8.75 -lemma "r 0 0 \<or> r 1 1 \<or> r 2 2 \<or> r 3 3"
    8.76 -by (metisFT rax)
    8.77 -
    8.78 -lemma "(r 0 0 \<and> r 0 1 \<and> r 0 2 \<and> r 0 3) \<or>
    8.79 -       (r 1 0 \<and> r 1 1 \<and> r 1 2 \<and> r 1 3) \<or>
    8.80 -       (r 2 0 \<and> r 2 1 \<and> r 2 2 \<and> r 2 3) \<or>
    8.81 -       (r 3 0 \<and> r 3 1 \<and> r 3 2 \<and> r 3 3)"
    8.82 -by (metis rax)
    8.83 -
    8.84 -lemma "(r 0 0 \<and> r 0 1 \<and> r 0 2 \<and> r 0 3) \<or>
    8.85 -       (r 1 0 \<and> r 1 1 \<and> r 1 2 \<and> r 1 3) \<or>
    8.86 -       (r 2 0 \<and> r 2 1 \<and> r 2 2 \<and> r 2 3) \<or>
    8.87 -       (r 3 0 \<and> r 3 1 \<and> r 3 2 \<and> r 3 3)"
    8.88 -by (metisFT rax)
    8.89 -
    8.90 -
    8.91 -text {* Definitional CNF for goal *}
    8.92 -
    8.93 -axiomatization p :: "nat \<Rightarrow> nat \<Rightarrow> bool" where
    8.94 -pax: "\<exists>b. \<forall>a. (p b a \<and> p 0 0 \<and> p 1 a) \<or> (p 0 1 \<and> p 1 0 \<and> p a b)"
    8.95 -
    8.96 -declare [[metis_new_skolemizer = false]]
    8.97 -
    8.98 -lemma "\<exists>b. \<forall>a. \<exists>x. (p b a \<or> x) \<and> (p 0 0 \<or> x) \<and> (p 1 a \<or> x) \<and>
    8.99 -                   (p 0 1 \<or> \<not> x) \<and> (p 1 0 \<or> \<not> x) \<and> (p a b \<or> \<not> x)"
   8.100 -by (metis pax)
   8.101 -
   8.102 -lemma "\<exists>b. \<forall>a. \<exists>x. (p b a \<or> x) \<and> (p 0 0 \<or> x) \<and> (p 1 a \<or> x) \<and>
   8.103 -                   (p 0 1 \<or> \<not> x) \<and> (p 1 0 \<or> \<not> x) \<and> (p a b \<or> \<not> x)"
   8.104 -by (metisFT pax)
   8.105 -
   8.106 -declare [[metis_new_skolemizer]]
   8.107 -
   8.108 -lemma "\<exists>b. \<forall>a. \<exists>x. (p b a \<or> x) \<and> (p 0 0 \<or> x) \<and> (p 1 a \<or> x) \<and>
   8.109 -                   (p 0 1 \<or> \<not> x) \<and> (p 1 0 \<or> \<not> x) \<and> (p a b \<or> \<not> x)"
   8.110 -by (metis pax)
   8.111 -
   8.112 -lemma "\<exists>b. \<forall>a. \<exists>x. (p b a \<or> x) \<and> (p 0 0 \<or> x) \<and> (p 1 a \<or> x) \<and>
   8.113 -                   (p 0 1 \<or> \<not> x) \<and> (p 1 0 \<or> \<not> x) \<and> (p a b \<or> \<not> x)"
   8.114 -by (metisFT pax)
   8.115 -
   8.116 -
   8.117 -text {* New Skolemizer *}
   8.118 -
   8.119 -declare [[metis_new_skolemizer]]
   8.120 -
   8.121 -lemma
   8.122 -  fixes x :: real
   8.123 -  assumes fn_le: "!!n. f n \<le> x" and 1: "f ----> lim f"
   8.124 -  shows "lim f \<le> x"
   8.125 -by (metis 1 LIMSEQ_le_const2 fn_le)
   8.126 -
   8.127 -definition
   8.128 -  bounded :: "'a::metric_space set \<Rightarrow> bool" where
   8.129 -  "bounded S \<longleftrightarrow> (\<exists>x eee. \<forall>y\<in>S. dist x y \<le> eee)"
   8.130 -
   8.131 -lemma "bounded T \<Longrightarrow> S \<subseteq> T ==> bounded S"
   8.132 -by (metis bounded_def subset_eq)
   8.133 -
   8.134 -lemma
   8.135 -  assumes a: "Quotient R Abs Rep"
   8.136 -  shows "symp R"
   8.137 -using a unfolding Quotient_def using sympI
   8.138 -by metisFT
   8.139 -
   8.140 -lemma
   8.141 -  "(\<exists>x \<in> set xs. P x) \<longleftrightarrow>
   8.142 -   (\<exists>ys x zs. xs = ys @ x # zs \<and> P x \<and> (\<forall>z \<in> set zs. \<not> P z))"
   8.143 -by (metis split_list_last_prop [where P = P] in_set_conv_decomp)
   8.144 -
   8.145 -lemma ex_tl: "EX ys. tl ys = xs"
   8.146 -using tl.simps(2) by fast
   8.147 -
   8.148 -lemma "(\<exists>ys\<Colon>nat list. tl ys = xs) \<and> (\<exists>bs\<Colon>int list. tl bs = as)"
   8.149 -by (metis ex_tl)
   8.150 -
   8.151 -end
     9.1 --- a/src/HOL/Metis_Examples/HO_Reas.thy	Mon Jun 06 20:36:35 2011 +0200
     9.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
     9.3 @@ -1,262 +0,0 @@
     9.4 -(*  Title:      HOL/Metis_Examples/HO_Reas.thy
     9.5 -    Author:     Jasmin Blanchette, TU Muenchen
     9.6 -
     9.7 -Testing Metis's and Sledgehammer's higher-order reasoning capabilities.
     9.8 -*)
     9.9 -
    9.10 -theory HO_Reas
    9.11 -imports Typings
    9.12 -begin
    9.13 -
    9.14 -declare [[metis_new_skolemizer]]
    9.15 -
    9.16 -sledgehammer_params [prover = e, blocking, timeout = 10, preplay_timeout = 0]
    9.17 -
    9.18 -text {* Extensionality and set constants *}
    9.19 -
    9.20 -lemma plus_1_not_0: "n + (1\<Colon>nat) \<noteq> 0"
    9.21 -by simp
    9.22 -
    9.23 -definition inc :: "nat \<Rightarrow> nat" where
    9.24 -"inc x = x + 1"
    9.25 -
    9.26 -lemma "inc \<noteq> (\<lambda>y. 0)"
    9.27 -sledgehammer [expect = some] (inc_def plus_1_not_0)
    9.28 -by (metis_eXhaust inc_def plus_1_not_0)
    9.29 -
    9.30 -lemma "inc = (\<lambda>y. y + 1)"
    9.31 -sledgehammer [expect = some] (inc_def)
    9.32 -by (metis_eXhaust inc_def)
    9.33 -
    9.34 -definition add_swap :: "nat \<Rightarrow> nat \<Rightarrow> nat" where
    9.35 -"add_swap = (\<lambda>x y. y + x)"
    9.36 -
    9.37 -lemma "add_swap m n = n + m"
    9.38 -sledgehammer [expect = some] (add_swap_def)
    9.39 -by (metis_eXhaust add_swap_def)
    9.40 -
    9.41 -definition "A = {xs\<Colon>'a list. True}"
    9.42 -
    9.43 -lemma "xs \<in> A"
    9.44 -sledgehammer [expect = some]
    9.45 -by (metis_eXhaust A_def Collect_def mem_def)
    9.46 -
    9.47 -definition "B (y::int) \<equiv> y \<le> 0"
    9.48 -definition "C (y::int) \<equiv> y \<le> 1"
    9.49 -
    9.50 -lemma int_le_0_imp_le_1: "x \<le> (0::int) \<Longrightarrow> x \<le> 1"
    9.51 -by linarith
    9.52 -
    9.53 -lemma "B \<subseteq> C"
    9.54 -sledgehammer [type_sys = poly_args, max_relevant = 200, expect = some]
    9.55 -by (metis_eXhaust B_def C_def int_le_0_imp_le_1 predicate1I)
    9.56 -
    9.57 -
    9.58 -text {* Proxies for logical constants *}
    9.59 -
    9.60 -lemma "id (op =) x x"
    9.61 -sledgehammer [type_sys = erased, expect = none] (id_apply)
    9.62 -sledgehammer [type_sys = poly_tags?, expect = none] (id_apply) (* unfortunate *)
    9.63 -sledgehammer [type_sys = poly_tags, expect = some] (id_apply)
    9.64 -sledgehammer [type_sys = poly_preds?, expect = some] (id_apply)
    9.65 -sledgehammer [type_sys = poly_preds, expect = some] (id_apply)
    9.66 -sledgehammer [type_sys = mangled_tags?, expect = some] (id_apply)
    9.67 -sledgehammer [type_sys = mangled_tags, expect = some] (id_apply)
    9.68 -sledgehammer [type_sys = mangled_preds?, expect = some] (id_apply)
    9.69 -sledgehammer [type_sys = mangled_preds, expect = some] (id_apply)
    9.70 -by (metisX id_apply)
    9.71 -
    9.72 -lemma "id True"
    9.73 -sledgehammer [type_sys = erased, expect = some] (id_apply)
    9.74 -sledgehammer [type_sys = poly_tags?, expect = some] (id_apply)
    9.75 -sledgehammer [type_sys = poly_tags, expect = some] (id_apply)
    9.76 -sledgehammer [type_sys = poly_preds?, expect = some] (id_apply)
    9.77 -sledgehammer [type_sys = poly_preds, expect = some] (id_apply)
    9.78 -sledgehammer [type_sys = mangled_tags?, expect = some] (id_apply)
    9.79 -sledgehammer [type_sys = mangled_tags, expect = some] (id_apply)
    9.80 -sledgehammer [type_sys = mangled_preds?, expect = some] (id_apply)
    9.81 -sledgehammer [type_sys = mangled_preds, expect = some] (id_apply)
    9.82 -by (metis_eXhaust id_apply)
    9.83 -
    9.84 -lemma "\<not> id False"
    9.85 -sledgehammer [type_sys = erased, expect = some] (id_apply)
    9.86 -sledgehammer [type_sys = poly_tags?, expect = some] (id_apply)
    9.87 -sledgehammer [type_sys = poly_tags, expect = some] (id_apply)
    9.88 -sledgehammer [type_sys = poly_preds?, expect = some] (id_apply)
    9.89 -sledgehammer [type_sys = poly_preds, expect = some] (id_apply)
    9.90 -sledgehammer [type_sys = mangled_tags?, expect = some] (id_apply)
    9.91 -sledgehammer [type_sys = mangled_tags, expect = some] (id_apply)
    9.92 -sledgehammer [type_sys = mangled_preds?, expect = some] (id_apply)
    9.93 -sledgehammer [type_sys = mangled_preds, expect = some] (id_apply)
    9.94 -by (metis_eXhaust id_apply)
    9.95 -
    9.96 -lemma "x = id True \<or> x = id False"
    9.97 -sledgehammer [type_sys = erased, expect = some] (id_apply)
    9.98 -sledgehammer [type_sys = poly_tags?, expect = some] (id_apply)
    9.99 -sledgehammer [type_sys = poly_tags, expect = some] (id_apply)
   9.100 -sledgehammer [type_sys = poly_preds?, expect = some] (id_apply)
   9.101 -sledgehammer [type_sys = poly_preds, expect = some] (id_apply)
   9.102 -sledgehammer [type_sys = mangled_tags?, expect = some] (id_apply)
   9.103 -sledgehammer [type_sys = mangled_tags, expect = some] (id_apply)
   9.104 -sledgehammer [type_sys = mangled_preds?, expect = some] (id_apply)
   9.105 -sledgehammer [type_sys = mangled_preds, expect = some] (id_apply)
   9.106 -by (metis_eXhaust id_apply)
   9.107 -
   9.108 -lemma "id x = id True \<or> id x = id False"
   9.109 -sledgehammer [type_sys = erased, expect = some] (id_apply)
   9.110 -sledgehammer [type_sys = poly_tags?, expect = some] (id_apply)
   9.111 -sledgehammer [type_sys = poly_tags, expect = some] (id_apply)
   9.112 -sledgehammer [type_sys = poly_preds?, expect = some] (id_apply)
   9.113 -sledgehammer [type_sys = poly_preds, expect = some] (id_apply)
   9.114 -sledgehammer [type_sys = mangled_tags?, expect = some] (id_apply)
   9.115 -sledgehammer [type_sys = mangled_tags, expect = some] (id_apply)
   9.116 -sledgehammer [type_sys = mangled_preds?, expect = some] (id_apply)
   9.117 -sledgehammer [type_sys = mangled_preds, expect = some] (id_apply)
   9.118 -by (metis_eXhaust id_apply)
   9.119 -
   9.120 -lemma "P True \<Longrightarrow> P False \<Longrightarrow> P x"
   9.121 -sledgehammer [type_sys = erased, expect = none] ()
   9.122 -sledgehammer [type_sys = poly_args, expect = none] ()
   9.123 -sledgehammer [type_sys = poly_tags?, expect = some] ()
   9.124 -sledgehammer [type_sys = poly_tags, expect = some] ()
   9.125 -sledgehammer [type_sys = poly_preds?, expect = some] (id_apply)
   9.126 -sledgehammer [type_sys = poly_preds, expect = some] ()
   9.127 -sledgehammer [type_sys = mangled_tags?, expect = some] ()
   9.128 -sledgehammer [type_sys = mangled_tags, expect = some] ()
   9.129 -sledgehammer [type_sys = mangled_preds?, expect = some] ()
   9.130 -sledgehammer [type_sys = mangled_preds, expect = some] ()
   9.131 -by metisX
   9.132 -
   9.133 -lemma "id (\<not> a) \<Longrightarrow> \<not> id a"
   9.134 -sledgehammer [type_sys = erased, expect = some] (id_apply)
   9.135 -sledgehammer [type_sys = poly_tags?, expect = some] (id_apply)
   9.136 -sledgehammer [type_sys = poly_tags, expect = some] (id_apply)
   9.137 -sledgehammer [type_sys = poly_preds?, expect = some] (id_apply)
   9.138 -sledgehammer [type_sys = poly_preds, expect = some] (id_apply)
   9.139 -sledgehammer [type_sys = mangled_tags?, expect = some] (id_apply)
   9.140 -sledgehammer [type_sys = mangled_tags, expect = some] (id_apply)
   9.141 -sledgehammer [type_sys = mangled_preds?, expect = some] (id_apply)
   9.142 -sledgehammer [type_sys = mangled_preds, expect = some] (id_apply)
   9.143 -by (metis_eXhaust id_apply)
   9.144 -
   9.145 -lemma "id (\<not> \<not> a) \<Longrightarrow> id a"
   9.146 -sledgehammer [type_sys = erased, expect = some] (id_apply)
   9.147 -sledgehammer [type_sys = poly_tags?, expect = some] (id_apply)
   9.148 -sledgehammer [type_sys = poly_tags, expect = some] (id_apply)
   9.149 -sledgehammer [type_sys = poly_preds?, expect = some] (id_apply)
   9.150 -sledgehammer [type_sys = poly_preds, expect = some] (id_apply)
   9.151 -sledgehammer [type_sys = mangled_tags?, expect = some] (id_apply)
   9.152 -sledgehammer [type_sys = mangled_tags, expect = some] (id_apply)
   9.153 -sledgehammer [type_sys = mangled_preds?, expect = some] (id_apply)
   9.154 -sledgehammer [type_sys = mangled_preds, expect = some] (id_apply)
   9.155 -by (metis_eXhaust id_apply)
   9.156 -
   9.157 -lemma "id (\<not> (id (\<not> a))) \<Longrightarrow> id a"
   9.158 -sledgehammer [type_sys = erased, expect = some] (id_apply)
   9.159 -sledgehammer [type_sys = poly_tags?, expect = some] (id_apply)
   9.160 -sledgehammer [type_sys = poly_tags, expect = some] (id_apply)
   9.161 -sledgehammer [type_sys = poly_preds?, expect = some] (id_apply)
   9.162 -sledgehammer [type_sys = poly_preds, expect = some] (id_apply)
   9.163 -sledgehammer [type_sys = mangled_tags?, expect = some] (id_apply)
   9.164 -sledgehammer [type_sys = mangled_tags, expect = some] (id_apply)
   9.165 -sledgehammer [type_sys = mangled_preds?, expect = some] (id_apply)
   9.166 -sledgehammer [type_sys = mangled_preds, expect = some] (id_apply)
   9.167 -by (metis_eXhaust id_apply)
   9.168 -
   9.169 -lemma "id (a \<and> b) \<Longrightarrow> id a"
   9.170 -sledgehammer [type_sys = erased, expect = some] (id_apply)
   9.171 -sledgehammer [type_sys = poly_tags?, expect = some] (id_apply)
   9.172 -sledgehammer [type_sys = poly_tags, expect = some] (id_apply)
   9.173 -sledgehammer [type_sys = poly_preds?, expect = some] (id_apply)
   9.174 -sledgehammer [type_sys = poly_preds, expect = some] (id_apply)
   9.175 -sledgehammer [type_sys = mangled_tags?, expect = some] (id_apply)
   9.176 -sledgehammer [type_sys = mangled_tags, expect = some] (id_apply)
   9.177 -sledgehammer [type_sys = mangled_preds?, expect = some] (id_apply)
   9.178 -sledgehammer [type_sys = mangled_preds, expect = some] (id_apply)
   9.179 -by (metis_eXhaust id_apply)
   9.180 -
   9.181 -lemma "id (a \<and> b) \<Longrightarrow> id b"
   9.182 -sledgehammer [type_sys = erased, expect = some] (id_apply)
   9.183 -sledgehammer [type_sys = poly_tags?, expect = some] (id_apply)
   9.184 -sledgehammer [type_sys = poly_tags, expect = some] (id_apply)
   9.185 -sledgehammer [type_sys = poly_preds?, expect = some] (id_apply)
   9.186 -sledgehammer [type_sys = poly_preds, expect = some] (id_apply)
   9.187 -sledgehammer [type_sys = mangled_tags?, expect = some] (id_apply)
   9.188 -sledgehammer [type_sys = mangled_tags, expect = some] (id_apply)
   9.189 -sledgehammer [type_sys = mangled_preds?, expect = some] (id_apply)
   9.190 -sledgehammer [type_sys = mangled_preds, expect = some] (id_apply)
   9.191 -by (metis_eXhaust id_apply)
   9.192 -
   9.193 -lemma "id a \<Longrightarrow> id b \<Longrightarrow> id (a \<and> b)"
   9.194 -sledgehammer [type_sys = erased, expect = some] (id_apply)
   9.195 -sledgehammer [type_sys = poly_tags?, expect = some] (id_apply)
   9.196 -sledgehammer [type_sys = poly_tags, expect = some] (id_apply)
   9.197 -sledgehammer [type_sys = poly_preds?, expect = some] (id_apply)
   9.198 -sledgehammer [type_sys = poly_preds, expect = some] (id_apply)
   9.199 -sledgehammer [type_sys = mangled_tags?, expect = some] (id_apply)
   9.200 -sledgehammer [type_sys = mangled_tags, expect = some] (id_apply)
   9.201 -sledgehammer [type_sys = mangled_preds?, expect = some] (id_apply)
   9.202 -sledgehammer [type_sys = mangled_preds, expect = some] (id_apply)
   9.203 -by (metis_eXhaust id_apply)
   9.204 -
   9.205 -lemma "id a \<Longrightarrow> id (a \<or> b)"
   9.206 -sledgehammer [type_sys = erased, expect = some] (id_apply)
   9.207 -sledgehammer [type_sys = poly_tags?, expect = some] (id_apply)
   9.208 -sledgehammer [type_sys = poly_tags, expect = some] (id_apply)
   9.209 -sledgehammer [type_sys = poly_preds?, expect = some] (id_apply)
   9.210 -sledgehammer [type_sys = poly_preds, expect = some] (id_apply)
   9.211 -sledgehammer [type_sys = mangled_tags?, expect = some] (id_apply)
   9.212 -sledgehammer [type_sys = mangled_tags, expect = some] (id_apply)
   9.213 -sledgehammer [type_sys = mangled_preds?, expect = some] (id_apply)
   9.214 -sledgehammer [type_sys = mangled_preds, expect = some] (id_apply)
   9.215 -by (metis_eXhaust id_apply)
   9.216 -
   9.217 -lemma "id b \<Longrightarrow> id (a \<or> b)"
   9.218 -sledgehammer [type_sys = erased, expect = some] (id_apply)
   9.219 -sledgehammer [type_sys = poly_tags?, expect = some] (id_apply)
   9.220 -sledgehammer [type_sys = poly_tags, expect = some] (id_apply)
   9.221 -sledgehammer [type_sys = poly_preds?, expect = some] (id_apply)
   9.222 -sledgehammer [type_sys = poly_preds, expect = some] (id_apply)
   9.223 -sledgehammer [type_sys = mangled_tags?, expect = some] (id_apply)
   9.224 -sledgehammer [type_sys = mangled_tags, expect = some] (id_apply)
   9.225 -sledgehammer [type_sys = mangled_preds?, expect = some] (id_apply)
   9.226 -sledgehammer [type_sys = mangled_preds, expect = some] (id_apply)
   9.227 -by (metis_eXhaust id_apply)
   9.228 -
   9.229 -lemma "id (\<not> a) \<Longrightarrow> id (\<not> b) \<Longrightarrow> id (\<not> (a \<or> b))"
   9.230 -sledgehammer [type_sys = erased, expect = some] (id_apply)
   9.231 -sledgehammer [type_sys = poly_tags?, expect = some] (id_apply)
   9.232 -sledgehammer [type_sys = poly_tags, expect = some] (id_apply)
   9.233 -sledgehammer [type_sys = poly_preds?, expect = some] (id_apply)
   9.234 -sledgehammer [type_sys = poly_preds, expect = some] (id_apply)
   9.235 -sledgehammer [type_sys = mangled_tags?, expect = some] (id_apply)
   9.236 -sledgehammer [type_sys = mangled_tags, expect = some] (id_apply)
   9.237 -sledgehammer [type_sys = mangled_preds?, expect = some] (id_apply)
   9.238 -sledgehammer [type_sys = mangled_preds, expect = some] (id_apply)
   9.239 -by (metis_eXhaust id_apply)
   9.240 -
   9.241 -lemma "id (\<not> a) \<Longrightarrow> id (a \<longrightarrow> b)"
   9.242 -sledgehammer [type_sys = erased, expect = some] (id_apply)
   9.243 -sledgehammer [type_sys = poly_tags?, expect = some] (id_apply)
   9.244 -sledgehammer [type_sys = poly_tags, expect = some] (id_apply)
   9.245 -sledgehammer [type_sys = poly_preds?, expect = some] (id_apply)
   9.246 -sledgehammer [type_sys = poly_preds, expect = some] (id_apply)
   9.247 -sledgehammer [type_sys = mangled_tags?, expect = some] (id_apply)
   9.248 -sledgehammer [type_sys = mangled_tags, expect = some] (id_apply)
   9.249 -sledgehammer [type_sys = mangled_preds?, expect = some] (id_apply)
   9.250 -sledgehammer [type_sys = mangled_preds, expect = some] (id_apply)
   9.251 -by (metis_eXhaust id_apply)
   9.252 -
   9.253 -lemma "id (a \<longrightarrow> b) \<longleftrightarrow> id (\<not> a \<or> b)"
   9.254 -sledgehammer [type_sys = erased, expect = some] (id_apply)
   9.255 -sledgehammer [type_sys = poly_tags?, expect = some] (id_apply)
   9.256 -sledgehammer [type_sys = poly_tags, expect = some] (id_apply)
   9.257 -sledgehammer [type_sys = poly_preds?, expect = some] (id_apply)
   9.258 -sledgehammer [type_sys = poly_preds, expect = some] (id_apply)
   9.259 -sledgehammer [type_sys = mangled_tags?, expect = some] (id_apply)
   9.260 -sledgehammer [type_sys = mangled_tags, expect = some] (id_apply)
   9.261 -sledgehammer [type_sys = mangled_preds?, expect = some] (id_apply)
   9.262 -sledgehammer [type_sys = mangled_preds, expect = some] (id_apply)
   9.263 -by (metis_eXhaust id_apply)
   9.264 -
   9.265 -end
    10.1 --- a/src/HOL/Metis_Examples/Message.thy	Mon Jun 06 20:36:35 2011 +0200
    10.2 +++ b/src/HOL/Metis_Examples/Message.thy	Mon Jun 06 20:36:35 2011 +0200
    10.3 @@ -1,10 +1,12 @@
    10.4  (*  Title:      HOL/Metis_Examples/Message.thy
    10.5 -    Author:     Lawrence C Paulson, Cambridge University Computer Laboratory
    10.6 +    Author:     Lawrence C. Paulson, Cambridge University Computer Laboratory
    10.7      Author:     Jasmin Blanchette, TU Muenchen
    10.8  
    10.9 -Testing Metis.
   10.10 +Metis example featuring message authentication.
   10.11  *)
   10.12  
   10.13 +header {* Metis Example Featuring Message Authentication *}
   10.14 +
   10.15  theory Message
   10.16  imports Main
   10.17  begin
   10.18 @@ -135,7 +137,7 @@
   10.19  lemma keysFor_insert_MPair [simp]: "keysFor (insert {|X,Y|} H) = keysFor H"
   10.20  by (unfold keysFor_def, auto)
   10.21  
   10.22 -lemma keysFor_insert_Crypt [simp]: 
   10.23 +lemma keysFor_insert_Crypt [simp]:
   10.24      "keysFor (insert (Crypt K X) H) = insert (invKey K) (keysFor H)"
   10.25  by (unfold keysFor_def, auto)
   10.26  
   10.27 @@ -149,13 +151,13 @@
   10.28  subsection{*Inductive relation "parts"*}
   10.29  
   10.30  lemma MPair_parts:
   10.31 -     "[| {|X,Y|} \<in> parts H;        
   10.32 +     "[| {|X,Y|} \<in> parts H;
   10.33           [| X \<in> parts H; Y \<in> parts H |] ==> P |] ==> P"
   10.34 -by (blast dest: parts.Fst parts.Snd) 
   10.35 +by (blast dest: parts.Fst parts.Snd)
   10.36  
   10.37  declare MPair_parts [elim!] parts.Body [dest!]
   10.38  text{*NB These two rules are UNSAFE in the formal sense, as they discard the
   10.39 -     compound message.  They work well on THIS FILE.  
   10.40 +     compound message.  They work well on THIS FILE.
   10.41    @{text MPair_parts} is left as SAFE because it speeds up proofs.
   10.42    The Crypt rule is normally kept UNSAFE to avoid breaking up certificates.*}
   10.43  
   10.44 @@ -218,9 +220,9 @@
   10.45    NOTE: the UN versions are no longer used!*}
   10.46  
   10.47  
   10.48 -text{*This allows @{text blast} to simplify occurrences of 
   10.49 +text{*This allows @{text blast} to simplify occurrences of
   10.50    @{term "parts(G\<union>H)"} in the assumption.*}
   10.51 -lemmas in_parts_UnE = parts_Un [THEN equalityD1, THEN subsetD, THEN UnE] 
   10.52 +lemmas in_parts_UnE = parts_Un [THEN equalityD1, THEN subsetD, THEN UnE]
   10.53  declare in_parts_UnE [elim!]
   10.54  
   10.55  lemma parts_insert_subset: "insert X (parts H) \<subseteq> parts(insert X H)"
   10.56 @@ -235,13 +237,13 @@
   10.57  by blast
   10.58  
   10.59  lemma parts_subset_iff [simp]: "(parts G \<subseteq> parts H) = (G \<subseteq> parts H)"
   10.60 -apply (rule iffI) 
   10.61 +apply (rule iffI)
   10.62  apply (metis Un_absorb1 Un_subset_iff parts_Un parts_increasing)
   10.63  apply (metis parts_idem parts_mono)
   10.64  done
   10.65  
   10.66  lemma parts_trans: "[| X\<in> parts G;  G \<subseteq> parts H |] ==> X\<in> parts H"
   10.67 -by (blast dest: parts_mono); 
   10.68 +by (blast dest: parts_mono);
   10.69  
   10.70  lemma parts_cut: "[|Y\<in> parts (insert X G);  X\<in> parts H|] ==> Y\<in> parts(G \<union> H)"
   10.71  by (metis Un_insert_left Un_insert_right insert_absorb mem_def parts_Un parts_idem sup1CI)
   10.72 @@ -254,36 +256,36 @@
   10.73  
   10.74  lemma parts_insert_Agent [simp]:
   10.75       "parts (insert (Agent agt) H) = insert (Agent agt) (parts H)"
   10.76 -apply (rule parts_insert_eq_I) 
   10.77 -apply (erule parts.induct, auto) 
   10.78 +apply (rule parts_insert_eq_I)
   10.79 +apply (erule parts.induct, auto)
   10.80  done
   10.81  
   10.82  lemma parts_insert_Nonce [simp]:
   10.83       "parts (insert (Nonce N) H) = insert (Nonce N) (parts H)"
   10.84 -apply (rule parts_insert_eq_I) 
   10.85 -apply (erule parts.induct, auto) 
   10.86 +apply (rule parts_insert_eq_I)
   10.87 +apply (erule parts.induct, auto)
   10.88  done
   10.89  
   10.90  lemma parts_insert_Number [simp]:
   10.91       "parts (insert (Number N) H) = insert (Number N) (parts H)"
   10.92 -apply (rule parts_insert_eq_I) 
   10.93 -apply (erule parts.induct, auto) 
   10.94 +apply (rule parts_insert_eq_I)
   10.95 +apply (erule parts.induct, auto)
   10.96  done
   10.97  
   10.98  lemma parts_insert_Key [simp]:
   10.99       "parts (insert (Key K) H) = insert (Key K) (parts H)"
  10.100 -apply (rule parts_insert_eq_I) 
  10.101 -apply (erule parts.induct, auto) 
  10.102 +apply (rule parts_insert_eq_I)
  10.103 +apply (erule parts.induct, auto)
  10.104  done
  10.105  
  10.106  lemma parts_insert_Hash [simp]:
  10.107       "parts (insert (Hash X) H) = insert (Hash X) (parts H)"
  10.108 -apply (rule parts_insert_eq_I) 
  10.109 -apply (erule parts.induct, auto) 
  10.110 +apply (rule parts_insert_eq_I)
  10.111 +apply (erule parts.induct, auto)
  10.112  done
  10.113  
  10.114  lemma parts_insert_Crypt [simp]:
  10.115 -     "parts (insert (Crypt K X) H) =  
  10.116 +     "parts (insert (Crypt K X) H) =
  10.117            insert (Crypt K X) (parts (insert X H))"
  10.118  apply (rule equalityI)
  10.119  apply (rule subsetI)
  10.120 @@ -292,7 +294,7 @@
  10.121  done
  10.122  
  10.123  lemma parts_insert_MPair [simp]:
  10.124 -     "parts (insert {|X,Y|} H) =  
  10.125 +     "parts (insert {|X,Y|} H) =
  10.126            insert {|X,Y|} (parts (insert X (insert Y H)))"
  10.127  apply (rule equalityI)
  10.128  apply (rule subsetI)
  10.129 @@ -306,7 +308,7 @@
  10.130  done
  10.131  
  10.132  lemma msg_Nonce_supply: "\<exists>N. \<forall>n. N\<le>n --> Nonce n \<notin> parts {msg}"
  10.133 -apply (induct_tac "msg") 
  10.134 +apply (induct_tac "msg")
  10.135  apply (simp_all add: parts_insert2)
  10.136  apply (metis Suc_n_not_le_n)
  10.137  apply (metis le_trans linorder_linear)
  10.138 @@ -325,21 +327,21 @@
  10.139      Inj [intro,simp] :    "X \<in> H ==> X \<in> analz H"
  10.140    | Fst:     "{|X,Y|} \<in> analz H ==> X \<in> analz H"
  10.141    | Snd:     "{|X,Y|} \<in> analz H ==> Y \<in> analz H"
  10.142 -  | Decrypt [dest]: 
  10.143 +  | Decrypt [dest]:
  10.144               "[|Crypt K X \<in> analz H; Key(invKey K): analz H|] ==> X \<in> analz H"
  10.145  
  10.146  
  10.147  text{*Monotonicity; Lemma 1 of Lowe's paper*}
  10.148  lemma analz_mono: "G\<subseteq>H ==> analz(G) \<subseteq> analz(H)"
  10.149  apply auto
  10.150 -apply (erule analz.induct) 
  10.151 -apply (auto dest: analz.Fst analz.Snd) 
  10.152 +apply (erule analz.induct)
  10.153 +apply (auto dest: analz.Fst analz.Snd)
  10.154  done
  10.155  
  10.156  text{*Making it safe speeds up proofs*}
  10.157  lemma MPair_analz [elim!]:
  10.158 -     "[| {|X,Y|} \<in> analz H;        
  10.159 -             [| X \<in> analz H; Y \<in> analz H |] ==> P   
  10.160 +     "[| {|X,Y|} \<in> analz H;
  10.161 +             [| X \<in> analz H; Y \<in> analz H |] ==> P
  10.162            |] ==> P"
  10.163  by (blast dest: analz.Fst analz.Snd)
  10.164  
  10.165 @@ -376,7 +378,7 @@
  10.166  apply (erule analz.induct, blast+)
  10.167  done
  10.168  
  10.169 -text{*Converse fails: we can analz more from the union than from the 
  10.170 +text{*Converse fails: we can analz more from the union than from the
  10.171    separate parts, as a key in one might decrypt a message in the other*}
  10.172  lemma analz_Un: "analz(G) \<union> analz(H) \<subseteq> analz(G \<union> H)"
  10.173  by (intro Un_least analz_mono Un_upper1 Un_upper2)
  10.174 @@ -390,39 +392,39 @@
  10.175  
  10.176  lemma analz_insert_Agent [simp]:
  10.177       "analz (insert (Agent agt) H) = insert (Agent agt) (analz H)"
  10.178 -apply (rule analz_insert_eq_I) 
  10.179 -apply (erule analz.induct, auto) 
  10.180 +apply (rule analz_insert_eq_I)
  10.181 +apply (erule analz.induct, auto)
  10.182  done
  10.183  
  10.184  lemma analz_insert_Nonce [simp]:
  10.185       "analz (insert (Nonce N) H) = insert (Nonce N) (analz H)"
  10.186 -apply (rule analz_insert_eq_I) 
  10.187 -apply (erule analz.induct, auto) 
  10.188 +apply (rule analz_insert_eq_I)
  10.189 +apply (erule analz.induct, auto)
  10.190  done
  10.191  
  10.192  lemma analz_insert_Number [simp]:
  10.193       "analz (insert (Number N) H) = insert (Number N) (analz H)"
  10.194 -apply (rule analz_insert_eq_I) 
  10.195 -apply (erule analz.induct, auto) 
  10.196 +apply (rule analz_insert_eq_I)
  10.197 +apply (erule analz.induct, auto)
  10.198  done
  10.199  
  10.200  lemma analz_insert_Hash [simp]:
  10.201       "analz (insert (Hash X) H) = insert (Hash X) (analz H)"
  10.202 -apply (rule analz_insert_eq_I) 
  10.203 -apply (erule analz.induct, auto) 
  10.204 +apply (rule analz_insert_eq_I)
  10.205 +apply (erule analz.induct, auto)
  10.206  done
  10.207  
  10.208  text{*Can only pull out Keys if they are not needed to decrypt the rest*}
  10.209 -lemma analz_insert_Key [simp]: 
  10.210 -    "K \<notin> keysFor (analz H) ==>   
  10.211 +lemma analz_insert_Key [simp]:
  10.212 +    "K \<notin> keysFor (analz H) ==>
  10.213            analz (insert (Key K) H) = insert (Key K) (analz H)"
  10.214  apply (unfold keysFor_def)
  10.215 -apply (rule analz_insert_eq_I) 
  10.216 -apply (erule analz.induct, auto) 
  10.217 +apply (rule analz_insert_eq_I)
  10.218 +apply (erule analz.induct, auto)
  10.219  done
  10.220  
  10.221  lemma analz_insert_MPair [simp]:
  10.222 -     "analz (insert {|X,Y|} H) =  
  10.223 +     "analz (insert {|X,Y|} H) =
  10.224            insert {|X,Y|} (analz (insert X (insert Y H)))"
  10.225  apply (rule equalityI)
  10.226  apply (rule subsetI)
  10.227 @@ -433,22 +435,22 @@
  10.228  
  10.229  text{*Can pull out enCrypted message if the Key is not known*}
  10.230  lemma analz_insert_Crypt:
  10.231 -     "Key (invKey K) \<notin> analz H 
  10.232 +     "Key (invKey K) \<notin> analz H
  10.233        ==> analz (insert (Crypt K X) H) = insert (Crypt K X) (analz H)"
  10.234 -apply (rule analz_insert_eq_I) 
  10.235 -apply (erule analz.induct, auto) 
  10.236 +apply (rule analz_insert_eq_I)
  10.237 +apply (erule analz.induct, auto)
  10.238  
  10.239  done
  10.240  
  10.241 -lemma lemma1: "Key (invKey K) \<in> analz H ==>   
  10.242 -               analz (insert (Crypt K X) H) \<subseteq>  
  10.243 -               insert (Crypt K X) (analz (insert X H))" 
  10.244 +lemma lemma1: "Key (invKey K) \<in> analz H ==>
  10.245 +               analz (insert (Crypt K X) H) \<subseteq>
  10.246 +               insert (Crypt K X) (analz (insert X H))"
  10.247  apply (rule subsetI)
  10.248  apply (erule_tac x = x in analz.induct, auto)
  10.249  done
  10.250  
  10.251 -lemma lemma2: "Key (invKey K) \<in> analz H ==>   
  10.252 -               insert (Crypt K X) (analz (insert X H)) \<subseteq>  
  10.253 +lemma lemma2: "Key (invKey K) \<in> analz H ==>
  10.254 +               insert (Crypt K X) (analz (insert X H)) \<subseteq>
  10.255                 analz (insert (Crypt K X) H)"
  10.256  apply auto
  10.257  apply (erule_tac x = x in analz.induct, auto)
  10.258 @@ -456,26 +458,26 @@
  10.259  done
  10.260  
  10.261  lemma analz_insert_Decrypt:
  10.262 -     "Key (invKey K) \<in> analz H ==>   
  10.263 -               analz (insert (Crypt K X) H) =  
  10.264 +     "Key (invKey K) \<in> analz H ==>
  10.265 +               analz (insert (Crypt K X) H) =
  10.266                 insert (Crypt K X) (analz (insert X H))"
  10.267  by (intro equalityI lemma1 lemma2)
  10.268  
  10.269  text{*Case analysis: either the message is secure, or it is not! Effective,
  10.270  but can cause subgoals to blow up! Use with @{text "split_if"}; apparently
  10.271  @{text "split_tac"} does not cope with patterns such as @{term"analz (insert
  10.272 -(Crypt K X) H)"} *} 
  10.273 +(Crypt K X) H)"} *}
  10.274  lemma analz_Crypt_if [simp]:
  10.275 -     "analz (insert (Crypt K X) H) =                 
  10.276 -          (if (Key (invKey K) \<in> analz H)                 
  10.277 -           then insert (Crypt K X) (analz (insert X H))  
  10.278 +     "analz (insert (Crypt K X) H) =
  10.279 +          (if (Key (invKey K) \<in> analz H)
  10.280 +           then insert (Crypt K X) (analz (insert X H))
  10.281             else insert (Crypt K X) (analz H))"
  10.282  by (simp add: analz_insert_Crypt analz_insert_Decrypt)
  10.283  
  10.284  
  10.285  text{*This rule supposes "for the sake of argument" that we have the key.*}
  10.286  lemma analz_insert_Crypt_subset:
  10.287 -     "analz (insert (Crypt K X) H) \<subseteq>   
  10.288 +     "analz (insert (Crypt K X) H) \<subseteq>
  10.289             insert (Crypt K X) (analz (insert X H))"
  10.290  apply (rule subsetI)
  10.291  apply (erule analz.induct, auto)
  10.292 @@ -498,8 +500,8 @@
  10.293  
  10.294  lemma analz_subset_iff [simp]: "(analz G \<subseteq> analz H) = (G \<subseteq> analz H)"
  10.295  apply (rule iffI)
  10.296 -apply (iprover intro: subset_trans analz_increasing)  
  10.297 -apply (frule analz_mono, simp) 
  10.298 +apply (iprover intro: subset_trans analz_increasing)
  10.299 +apply (frule analz_mono, simp)
  10.300  done
  10.301  
  10.302  lemma analz_trans: "[| X\<in> analz G;  G \<subseteq> analz H |] ==> X\<in> analz H"
  10.303 @@ -525,7 +527,7 @@
  10.304  text{*A congruence rule for "analz" *}
  10.305  
  10.306  lemma analz_subset_cong:
  10.307 -     "[| analz G \<subseteq> analz G'; analz H \<subseteq> analz H' |] 
  10.308 +     "[| analz G \<subseteq> analz G'; analz H \<subseteq> analz H' |]
  10.309        ==> analz (G \<union> H) \<subseteq> analz (G' \<union> H')"
  10.310  apply simp
  10.311  apply (metis Un_absorb2 Un_commute Un_subset_iff Un_upper1 Un_upper2 analz_mono)
  10.312 @@ -533,9 +535,9 @@
  10.313  
  10.314  
  10.315  lemma analz_cong:
  10.316 -     "[| analz G = analz G'; analz H = analz H'  
  10.317 +     "[| analz G = analz G'; analz H = analz H'
  10.318                 |] ==> analz (G \<union> H) = analz (G' \<union> H')"
  10.319 -by (intro equalityI analz_subset_cong, simp_all) 
  10.320 +by (intro equalityI analz_subset_cong, simp_all)
  10.321  
  10.322  lemma analz_insert_cong:
  10.323       "analz H = analz H' ==> analz(insert X H) = analz(insert X H')"
  10.324 @@ -579,9 +581,9 @@
  10.325  
  10.326  text{*Monotonicity*}
  10.327  lemma synth_mono: "G\<subseteq>H ==> synth(G) \<subseteq> synth(H)"
  10.328 -  by (auto, erule synth.induct, auto)  
  10.329 +  by (auto, erule synth.induct, auto)
  10.330  
  10.331 -text{*NO @{text Agent_synth}, as any Agent name can be synthesized.  
  10.332 +text{*NO @{text Agent_synth}, as any Agent name can be synthesized.
  10.333    The same holds for @{term Number}*}
  10.334  inductive_cases Nonce_synth [elim!]: "Nonce n \<in> synth H"
  10.335  inductive_cases Key_synth   [elim!]: "Key K \<in> synth H"
  10.336 @@ -595,7 +597,7 @@
  10.337  
  10.338  subsubsection{*Unions *}
  10.339  
  10.340 -text{*Converse fails: we can synth more from the union than from the 
  10.341 +text{*Converse fails: we can synth more from the union than from the
  10.342    separate parts, building a compound message using elements of each.*}
  10.343  lemma synth_Un: "synth(G) \<union> synth(H) \<subseteq> synth(G \<union> H)"
  10.344  by (intro Un_least synth_mono Un_upper1 Un_upper2)
  10.345 @@ -613,8 +615,8 @@
  10.346  
  10.347  lemma synth_subset_iff [simp]: "(synth G \<subseteq> synth H) = (G \<subseteq> synth H)"
  10.348  apply (rule iffI)
  10.349 -apply (iprover intro: subset_trans synth_increasing)  
  10.350 -apply (frule synth_mono, simp add: synth_idem) 
  10.351 +apply (iprover intro: subset_trans synth_increasing)
  10.352 +apply (frule synth_mono, simp add: synth_idem)
  10.353  done
  10.354  
  10.355  lemma synth_trans: "[| X\<in> synth G;  G \<subseteq> synth H |] ==> X\<in> synth H"
  10.356 @@ -644,7 +646,7 @@
  10.357  by blast
  10.358  
  10.359  
  10.360 -lemma keysFor_synth [simp]: 
  10.361 +lemma keysFor_synth [simp]:
  10.362      "keysFor (synth H) = keysFor H \<union> invKey`{K. Key K \<in> H}"
  10.363  by (unfold keysFor_def, blast)
  10.364  
  10.365 @@ -706,7 +708,7 @@
  10.366  qed
  10.367  
  10.368  lemma Fake_parts_insert:
  10.369 -     "X \<in> synth (analz H) ==>  
  10.370 +     "X \<in> synth (analz H) ==>
  10.371        parts (insert X H) \<subseteq> synth (analz H) \<union> parts H"
  10.372  proof -
  10.373    assume A1: "X \<in> synth (analz H)"
  10.374 @@ -735,11 +737,11 @@
  10.375  qed
  10.376  
  10.377  lemma Fake_parts_insert_in_Un:
  10.378 -     "[|Z \<in> parts (insert X H);  X: synth (analz H)|] 
  10.379 +     "[|Z \<in> parts (insert X H);  X: synth (analz H)|]
  10.380        ==> Z \<in>  synth (analz H) \<union> parts H";
  10.381  by (blast dest: Fake_parts_insert [THEN subsetD, dest])
  10.382  
  10.383 -declare analz_mono [intro] synth_mono [intro] 
  10.384 +declare analz_mono [intro] synth_mono [intro]
  10.385  
  10.386  lemma Fake_analz_insert:
  10.387       "X \<in> synth (analz G) ==>
  10.388 @@ -748,7 +750,7 @@
  10.389            analz_mono analz_synth_Un insert_absorb)
  10.390  
  10.391  lemma Fake_analz_insert_simpler:
  10.392 -     "X \<in> synth (analz G) ==>  
  10.393 +     "X \<in> synth (analz G) ==>
  10.394        analz (insert X H) \<subseteq> synth (analz G) \<union> analz (G \<union> H)"
  10.395  apply (rule subsetI)
  10.396  apply (subgoal_tac "x \<in> analz (synth (analz G) \<union> H) ")
    11.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    11.2 +++ b/src/HOL/Metis_Examples/Proxies.thy	Mon Jun 06 20:36:35 2011 +0200
    11.3 @@ -0,0 +1,264 @@
    11.4 +(*  Title:      HOL/Metis_Examples/Proxies.thy
    11.5 +    Author:     Jasmin Blanchette, TU Muenchen
    11.6 +
    11.7 +Example that exercises Metis's and Sledgehammer's logical symbol proxies for
    11.8 +rudimentary higher-order reasoning.
    11.9 +*)
   11.10 +
   11.11 +header {*
   11.12 +Example that Exercises Metis's and Sledgehammer's Logical Symbol Proxies for
   11.13 +Rudimentary Higher-Order Reasoning.
   11.14 +*}
   11.15 +
   11.16 +theory Proxies
   11.17 +imports Type_Encodings
   11.18 +begin
   11.19 +
   11.20 +text {* Extensionality and set constants *}
   11.21 +
   11.22 +lemma plus_1_not_0: "n + (1\<Colon>nat) \<noteq> 0"
   11.23 +by simp
   11.24 +
   11.25 +definition inc :: "nat \<Rightarrow> nat" where
   11.26 +"inc x = x + 1"
   11.27 +
   11.28 +lemma "inc \<noteq> (\<lambda>y. 0)"
   11.29 +sledgehammer [expect = some] (inc_def plus_1_not_0)
   11.30 +by (metis_eXhaust inc_def plus_1_not_0)
   11.31 +
   11.32 +lemma "inc = (\<lambda>y. y + 1)"
   11.33 +sledgehammer [expect = some] (inc_def)
   11.34 +by (metis_eXhaust inc_def)
   11.35 +
   11.36 +definition add_swap :: "nat \<Rightarrow> nat \<Rightarrow> nat" where
   11.37 +"add_swap = (\<lambda>x y. y + x)"
   11.38 +
   11.39 +lemma "add_swap m n = n + m"
   11.40 +sledgehammer [expect = some] (add_swap_def)
   11.41 +by (metis_eXhaust add_swap_def)
   11.42 +
   11.43 +definition "A = {xs\<Colon>'a list. True}"
   11.44 +
   11.45 +lemma "xs \<in> A"
   11.46 +sledgehammer [expect = some]
   11.47 +by (metis_eXhaust A_def Collect_def mem_def)
   11.48 +
   11.49 +definition "B (y::int) \<equiv> y \<le> 0"
   11.50 +definition "C (y::int) \<equiv> y \<le> 1"
   11.51 +
   11.52 +lemma int_le_0_imp_le_1: "x \<le> (0::int) \<Longrightarrow> x \<le> 1"
   11.53 +by linarith
   11.54 +
   11.55 +lemma "B \<subseteq> C"
   11.56 +sledgehammer [type_sys = poly_args, max_relevant = 200, expect = some]
   11.57 +by (metis_eXhaust B_def C_def int_le_0_imp_le_1 predicate1I)
   11.58 +
   11.59 +
   11.60 +text {* Proxies for logical constants *}
   11.61 +
   11.62 +lemma "id (op =) x x"
   11.63 +sledgehammer [type_sys = erased, expect = none] (id_apply)
   11.64 +sledgehammer [type_sys = poly_tags?, expect = none] (id_apply) (* unfortunate *)
   11.65 +sledgehammer [type_sys = poly_tags, expect = some] (id_apply)
   11.66 +sledgehammer [type_sys = poly_preds?, expect = some] (id_apply)
   11.67 +sledgehammer [type_sys = poly_preds, expect = some] (id_apply)
   11.68 +sledgehammer [type_sys = mangled_tags?, expect = some] (id_apply)
   11.69 +sledgehammer [type_sys = mangled_tags, expect = some] (id_apply)
   11.70 +sledgehammer [type_sys = mangled_preds?, expect = some] (id_apply)
   11.71 +sledgehammer [type_sys = mangled_preds, expect = some] (id_apply)
   11.72 +by (metisX id_apply)
   11.73 +
   11.74 +lemma "id True"
   11.75 +sledgehammer [type_sys = erased, expect = some] (id_apply)
   11.76 +sledgehammer [type_sys = poly_tags?, expect = some] (id_apply)
   11.77 +sledgehammer [type_sys = poly_tags, expect = some] (id_apply)
   11.78 +sledgehammer [type_sys = poly_preds?, expect = some] (id_apply)
   11.79 +sledgehammer [type_sys = poly_preds, expect = some] (id_apply)
   11.80 +sledgehammer [type_sys = mangled_tags?, expect = some] (id_apply)
   11.81 +sledgehammer [type_sys = mangled_tags, expect = some] (id_apply)
   11.82 +sledgehammer [type_sys = mangled_preds?, expect = some] (id_apply)
   11.83 +sledgehammer [type_sys = mangled_preds, expect = some] (id_apply)
   11.84 +by (metis_eXhaust id_apply)
   11.85 +
   11.86 +lemma "\<not> id False"
   11.87 +sledgehammer [type_sys = erased, expect = some] (id_apply)
   11.88 +sledgehammer [type_sys = poly_tags?, expect = some] (id_apply)
   11.89 +sledgehammer [type_sys = poly_tags, expect = some] (id_apply)
   11.90 +sledgehammer [type_sys = poly_preds?, expect = some] (id_apply)
   11.91 +sledgehammer [type_sys = poly_preds, expect = some] (id_apply)
   11.92 +sledgehammer [type_sys = mangled_tags?, expect = some] (id_apply)
   11.93 +sledgehammer [type_sys = mangled_tags, expect = some] (id_apply)
   11.94 +sledgehammer [type_sys = mangled_preds?, expect = some] (id_apply)
   11.95 +sledgehammer [type_sys = mangled_preds, expect = some] (id_apply)
   11.96 +by (metis_eXhaust id_apply)
   11.97 +
   11.98 +lemma "x = id True \<or> x = id False"
   11.99 +sledgehammer [type_sys = erased, expect = some] (id_apply)
  11.100 +sledgehammer [type_sys = poly_tags?, expect = some] (id_apply)
  11.101 +sledgehammer [type_sys = poly_tags, expect = some] (id_apply)
  11.102 +sledgehammer [type_sys = poly_preds?, expect = some] (id_apply)
  11.103 +sledgehammer [type_sys = poly_preds, expect = some] (id_apply)
  11.104 +sledgehammer [type_sys = mangled_tags?, expect = some] (id_apply)
  11.105 +sledgehammer [type_sys = mangled_tags, expect = some] (id_apply)
  11.106 +sledgehammer [type_sys = mangled_preds?, expect = some] (id_apply)
  11.107 +sledgehammer [type_sys = mangled_preds, expect = some] (id_apply)
  11.108 +by (metis_eXhaust id_apply)
  11.109 +
  11.110 +lemma "id x = id True \<or> id x = id False"
  11.111 +sledgehammer [type_sys = erased, expect = some] (id_apply)
  11.112 +sledgehammer [type_sys = poly_tags?, expect = some] (id_apply)
  11.113 +sledgehammer [type_sys = poly_tags, expect = some] (id_apply)
  11.114 +sledgehammer [type_sys = poly_preds?, expect = some] (id_apply)
  11.115 +sledgehammer [type_sys = poly_preds, expect = some] (id_apply)
  11.116 +sledgehammer [type_sys = mangled_tags?, expect = some] (id_apply)
  11.117 +sledgehammer [type_sys = mangled_tags, expect = some] (id_apply)
  11.118 +sledgehammer [type_sys = mangled_preds?, expect = some] (id_apply)
  11.119 +sledgehammer [type_sys = mangled_preds, expect = some] (id_apply)
  11.120 +by (metis_eXhaust id_apply)
  11.121 +
  11.122 +lemma "P True \<Longrightarrow> P False \<Longrightarrow> P x"
  11.123 +sledgehammer [type_sys = erased, expect = none] ()
  11.124 +sledgehammer [type_sys = poly_args, expect = none] ()
  11.125 +sledgehammer [type_sys = poly_tags?, expect = some] ()
  11.126 +sledgehammer [type_sys = poly_tags, expect = some] ()
  11.127 +sledgehammer [type_sys = poly_preds?, expect = some] (id_apply)
  11.128 +sledgehammer [type_sys = poly_preds, expect = some] ()
  11.129 +sledgehammer [type_sys = mangled_tags?, expect = some] ()
  11.130 +sledgehammer [type_sys = mangled_tags, expect = some] ()
  11.131 +sledgehammer [type_sys = mangled_preds?, expect = some] ()
  11.132 +sledgehammer [type_sys = mangled_preds, expect = some] ()
  11.133 +by metisX
  11.134 +
  11.135 +lemma "id (\<not> a) \<Longrightarrow> \<not> id a"
  11.136 +sledgehammer [type_sys = erased, expect = some] (id_apply)
  11.137 +sledgehammer [type_sys = poly_tags?, expect = some] (id_apply)
  11.138 +sledgehammer [type_sys = poly_tags, expect = some] (id_apply)
  11.139 +sledgehammer [type_sys = poly_preds?, expect = some] (id_apply)
  11.140 +sledgehammer [type_sys = poly_preds, expect = some] (id_apply)
  11.141 +sledgehammer [type_sys = mangled_tags?, expect = some] (id_apply)
  11.142 +sledgehammer [type_sys = mangled_tags, expect = some] (id_apply)
  11.143 +sledgehammer [type_sys = mangled_preds?, expect = some] (id_apply)
  11.144 +sledgehammer [type_sys = mangled_preds, expect = some] (id_apply)
  11.145 +by (metis_eXhaust id_apply)
  11.146 +
  11.147 +lemma "id (\<not> \<not> a) \<Longrightarrow> id a"
  11.148 +sledgehammer [type_sys = erased, expect = some] (id_apply)
  11.149 +sledgehammer [type_sys = poly_tags?, expect = some] (id_apply)
  11.150 +sledgehammer [type_sys = poly_tags, expect = some] (id_apply)
  11.151 +sledgehammer [type_sys = poly_preds?, expect = some] (id_apply)
  11.152 +sledgehammer [type_sys = poly_preds, expect = some] (id_apply)
  11.153 +sledgehammer [type_sys = mangled_tags?, expect = some] (id_apply)
  11.154 +sledgehammer [type_sys = mangled_tags, expect = some] (id_apply)
  11.155 +sledgehammer [type_sys = mangled_preds?, expect = some] (id_apply)
  11.156 +sledgehammer [type_sys = mangled_preds, expect = some] (id_apply)
  11.157 +by (metis_eXhaust id_apply)
  11.158 +
  11.159 +lemma "id (\<not> (id (\<not> a))) \<Longrightarrow> id a"
  11.160 +sledgehammer [type_sys = erased, expect = some] (id_apply)
  11.161 +sledgehammer [type_sys = poly_tags?, expect = some] (id_apply)
  11.162 +sledgehammer [type_sys = poly_tags, expect = some] (id_apply)
  11.163 +sledgehammer [type_sys = poly_preds?, expect = some] (id_apply)
  11.164 +sledgehammer [type_sys = poly_preds, expect = some] (id_apply)
  11.165 +sledgehammer [type_sys = mangled_tags?, expect = some] (id_apply)
  11.166 +sledgehammer [type_sys = mangled_tags, expect = some] (id_apply)
  11.167 +sledgehammer [type_sys = mangled_preds?, expect = some] (id_apply)
  11.168 +sledgehammer [type_sys = mangled_preds, expect = some] (id_apply)
  11.169 +by (metis_eXhaust id_apply)
  11.170 +
  11.171 +lemma "id (a \<and> b) \<Longrightarrow> id a"
  11.172 +sledgehammer [type_sys = erased, expect = some] (id_apply)
  11.173 +sledgehammer [type_sys = poly_tags?, expect = some] (id_apply)
  11.174 +sledgehammer [type_sys = poly_tags, expect = some] (id_apply)
  11.175 +sledgehammer [type_sys = poly_preds?, expect = some] (id_apply)
  11.176 +sledgehammer [type_sys = poly_preds, expect = some] (id_apply)
  11.177 +sledgehammer [type_sys = mangled_tags?, expect = some] (id_apply)
  11.178 +sledgehammer [type_sys = mangled_tags, expect = some] (id_apply)
  11.179 +sledgehammer [type_sys = mangled_preds?, expect = some] (id_apply)
  11.180 +sledgehammer [type_sys = mangled_preds, expect = some] (id_apply)
  11.181 +by (metis_eXhaust id_apply)
  11.182 +
  11.183 +lemma "id (a \<and> b) \<Longrightarrow> id b"
  11.184 +sledgehammer [type_sys = erased, expect = some] (id_apply)
  11.185 +sledgehammer [type_sys = poly_tags?, expect = some] (id_apply)
  11.186 +sledgehammer [type_sys = poly_tags, expect = some] (id_apply)
  11.187 +sledgehammer [type_sys = poly_preds?, expect = some] (id_apply)
  11.188 +sledgehammer [type_sys = poly_preds, expect = some] (id_apply)
  11.189 +sledgehammer [type_sys = mangled_tags?, expect = some] (id_apply)
  11.190 +sledgehammer [type_sys = mangled_tags, expect = some] (id_apply)
  11.191 +sledgehammer [type_sys = mangled_preds?, expect = some] (id_apply)
  11.192 +sledgehammer [type_sys = mangled_preds, expect = some] (id_apply)
  11.193 +by (metis_eXhaust id_apply)
  11.194 +
  11.195 +lemma "id a \<Longrightarrow> id b \<Longrightarrow> id (a \<and> b)"
  11.196 +sledgehammer [type_sys = erased, expect = some] (id_apply)
  11.197 +sledgehammer [type_sys = poly_tags?, expect = some] (id_apply)
  11.198 +sledgehammer [type_sys = poly_tags, expect = some] (id_apply)
  11.199 +sledgehammer [type_sys = poly_preds?, expect = some] (id_apply)
  11.200 +sledgehammer [type_sys = poly_preds, expect = some] (id_apply)
  11.201 +sledgehammer [type_sys = mangled_tags?, expect = some] (id_apply)
  11.202 +sledgehammer [type_sys = mangled_tags, expect = some] (id_apply)
  11.203 +sledgehammer [type_sys = mangled_preds?, expect = some] (id_apply)
  11.204 +sledgehammer [type_sys = mangled_preds, expect = some] (id_apply)
  11.205 +by (metis_eXhaust id_apply)
  11.206 +
  11.207 +lemma "id a \<Longrightarrow> id (a \<or> b)"
  11.208 +sledgehammer [type_sys = erased, expect = some] (id_apply)
  11.209 +sledgehammer [type_sys = poly_tags?, expect = some] (id_apply)
  11.210 +sledgehammer [type_sys = poly_tags, expect = some] (id_apply)
  11.211 +sledgehammer [type_sys = poly_preds?, expect = some] (id_apply)
  11.212 +sledgehammer [type_sys = poly_preds, expect = some] (id_apply)
  11.213 +sledgehammer [type_sys = mangled_tags?, expect = some] (id_apply)
  11.214 +sledgehammer [type_sys = mangled_tags, expect = some] (id_apply)
  11.215 +sledgehammer [type_sys = mangled_preds?, expect = some] (id_apply)
  11.216 +sledgehammer [type_sys = mangled_preds, expect = some] (id_apply)
  11.217 +by (metis_eXhaust id_apply)
  11.218 +
  11.219 +lemma "id b \<Longrightarrow> id (a \<or> b)"
  11.220 +sledgehammer [type_sys = erased, expect = some] (id_apply)
  11.221 +sledgehammer [type_sys = poly_tags?, expect = some] (id_apply)
  11.222 +sledgehammer [type_sys = poly_tags, expect = some] (id_apply)
  11.223 +sledgehammer [type_sys = poly_preds?, expect = some] (id_apply)
  11.224 +sledgehammer [type_sys = poly_preds, expect = some] (id_apply)
  11.225 +sledgehammer [type_sys = mangled_tags?, expect = some] (id_apply)
  11.226 +sledgehammer [type_sys = mangled_tags, expect = some] (id_apply)
  11.227 +sledgehammer [type_sys = mangled_preds?, expect = some] (id_apply)
  11.228 +sledgehammer [type_sys = mangled_preds, expect = some] (id_apply)
  11.229 +by (metis_eXhaust id_apply)
  11.230 +
  11.231 +lemma "id (\<not> a) \<Longrightarrow> id (\<not> b) \<Longrightarrow> id (\<not> (a \<or> b))"
  11.232 +sledgehammer [type_sys = erased, expect = some] (id_apply)
  11.233 +sledgehammer [type_sys = poly_tags?, expect = some] (id_apply)
  11.234 +sledgehammer [type_sys = poly_tags, expect = some] (id_apply)
  11.235 +sledgehammer [type_sys = poly_preds?, expect = some] (id_apply)
  11.236 +sledgehammer [type_sys = poly_preds, expect = some] (id_apply)
  11.237 +sledgehammer [type_sys = mangled_tags?, expect = some] (id_apply)
  11.238 +sledgehammer [type_sys = mangled_tags, expect = some] (id_apply)
  11.239 +sledgehammer [type_sys = mangled_preds?, expect = some] (id_apply)
  11.240 +sledgehammer [type_sys = mangled_preds, expect = some] (id_apply)
  11.241 +by (metis_eXhaust id_apply)
  11.242 +
  11.243 +lemma "id (\<not> a) \<Longrightarrow> id (a \<longrightarrow> b)"
  11.244 +sledgehammer [type_sys = erased, expect = some] (id_apply)
  11.245 +sledgehammer [type_sys = poly_tags?, expect = some] (id_apply)
  11.246 +sledgehammer [type_sys = poly_tags, expect = some] (id_apply)
  11.247 +sledgehammer [type_sys = poly_preds?, expect = some] (id_apply)
  11.248 +sledgehammer [type_sys = poly_preds, expect = some] (id_apply)
  11.249 +sledgehammer [type_sys = mangled_tags?, expect = some] (id_apply)
  11.250 +sledgehammer [type_sys = mangled_tags, expect = some] (id_apply)
  11.251 +sledgehammer [type_sys = mangled_preds?, expect = some] (id_apply)
  11.252 +sledgehammer [type_sys = mangled_preds, expect = some] (id_apply)
  11.253 +by (metis_eXhaust id_apply)
  11.254 +
  11.255 +lemma "id (a \<longrightarrow> b) \<longleftrightarrow> id (\<not> a \<or> b)"
  11.256 +sledgehammer [type_sys = erased, expect = some] (id_apply)
  11.257 +sledgehammer [type_sys = poly_tags?, expect = some] (id_apply)
  11.258 +sledgehammer [type_sys = poly_tags, expect = some] (id_apply)
  11.259 +sledgehammer [type_sys = poly_preds?, expect = some] (id_apply)
  11.260 +sledgehammer [type_sys = poly_preds, expect = some] (id_apply)
  11.261 +sledgehammer [type_sys = mangled_tags?, expect = some] (id_apply)
  11.262 +sledgehammer [type_sys = mangled_tags, expect = some] (id_apply)
  11.263 +sledgehammer [type_sys = mangled_preds?, expect = some] (id_apply)
  11.264 +sledgehammer [type_sys = mangled_preds, expect = some] (id_apply)
  11.265 +by (metis_eXhaust id_apply)
  11.266 +
  11.267 +end
    12.1 --- a/src/HOL/Metis_Examples/ROOT.ML	Mon Jun 06 20:36:35 2011 +0200
    12.2 +++ b/src/HOL/Metis_Examples/ROOT.ML	Mon Jun 06 20:36:35 2011 +0200
    12.3 @@ -5,5 +5,5 @@
    12.4  Testing Metis and Sledgehammer.
    12.5  *)
    12.6  
    12.7 -use_thys ["Abstraction", "BigO", "BT", "Clausify", "HO_Reas", "Message",
    12.8 -          "Tarski", "TransClosure", "Typings", "set"];
    12.9 +use_thys ["Abstraction", "Big_O", "Binary_Tree", "Clausification", "Message",
   12.10 +          "Proxies", "Tarski", "Trans_Closure", "Sets"];
    13.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    13.2 +++ b/src/HOL/Metis_Examples/Sets.thy	Mon Jun 06 20:36:35 2011 +0200
    13.3 @@ -0,0 +1,204 @@
    13.4 +(*  Title:      HOL/Metis_Examples/Sets.thy
    13.5 +    Author:     Lawrence C. Paulson, Cambridge University Computer Laboratory
    13.6 +    Author:     Jasmin Blanchette, TU Muenchen
    13.7 +
    13.8 +Metis example featuring typed set theory.
    13.9 +*)
   13.10 +
   13.11 +header {* Metis Example Featuring Typed Set Theory *}
   13.12 +
   13.13 +theory Sets
   13.14 +imports Main
   13.15 +begin
   13.16 +
   13.17 +declare [[metis_new_skolemizer]]
   13.18 +
   13.19 +lemma "EX x X. ALL y. EX z Z. (~P(y,y) | P(x,x) | ~S(z,x)) &
   13.20 +               (S(x,y) | ~S(y,z) | Q(Z,Z))  &
   13.21 +               (Q(X,y) | ~Q(y,Z) | S(X,X))"
   13.22 +by metis
   13.23 +
   13.24 +lemma "P(n::nat) ==> ~P(0) ==> n ~= 0"
   13.25 +by metis
   13.26 +
   13.27 +sledgehammer_params [isar_proof, isar_shrink_factor = 1]
   13.28 +
   13.29 +(*multiple versions of this example*)
   13.30 +lemma (*equal_union: *)
   13.31 +   "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))"
   13.32 +proof -
   13.33 +  have F1: "\<forall>(x\<^isub>2\<Colon>'b \<Rightarrow> bool) x\<^isub>1\<Colon>'b \<Rightarrow> bool. x\<^isub>1 \<subseteq> x\<^isub>1 \<union> x\<^isub>2" by (metis Un_commute Un_upper2)
   13.34 +  have F2a: "\<forall>(x\<^isub>2\<Colon>'b \<Rightarrow> bool) x\<^isub>1\<Colon>'b \<Rightarrow> bool. x\<^isub>1 \<subseteq> x\<^isub>2 \<longrightarrow> x\<^isub>2 = x\<^isub>2 \<union> x\<^isub>1" by (metis Un_commute subset_Un_eq)
   13.35 +  have F2: "\<forall>(x\<^isub>2\<Colon>'b \<Rightarrow> bool) x\<^isub>1\<Colon>'b \<Rightarrow> bool. x\<^isub>1 \<subseteq> x\<^isub>2 \<and> x\<^isub>2 \<subseteq> x\<^isub>1 \<longrightarrow> x\<^isub>1 = x\<^isub>2" by (metis F2a subset_Un_eq)
   13.36 +  { assume "\<not> Z \<subseteq> X"
   13.37 +    hence "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a \<Rightarrow> bool. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis Un_upper2) }
   13.38 +  moreover
   13.39 +  { assume AA1: "Y \<union> Z \<noteq> X"
   13.40 +    { assume "\<not> Y \<subseteq> X"
   13.41 +      hence "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a \<Rightarrow> bool. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis F1) }
   13.42 +    moreover
   13.43 +    { assume AAA1: "Y \<subseteq> X \<and> Y \<union> Z \<noteq> X"
   13.44 +      { assume "\<not> Z \<subseteq> X"
   13.45 +        hence "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a \<Rightarrow> bool. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis Un_upper2) }
   13.46 +      moreover
   13.47 +      { assume "(Z \<subseteq> X \<and> Y \<subseteq> X) \<and> Y \<union> Z \<noteq> X"
   13.48 +        hence "Y \<union> Z \<subseteq> X \<and> X \<noteq> Y \<union> Z" by (metis Un_subset_iff)
   13.49 +        hence "Y \<union> Z \<noteq> X \<and> \<not> X \<subseteq> Y \<union> Z" by (metis F2)
   13.50 +        hence "\<exists>x\<^isub>1\<Colon>'a \<Rightarrow> bool. Y \<subseteq> x\<^isub>1 \<union> Z \<and> Y \<union> Z \<noteq> X \<and> \<not> X \<subseteq> x\<^isub>1 \<union> Z" by (metis F1)
   13.51 +        hence "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a \<Rightarrow> bool. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis Un_upper2) }
   13.52 +      ultimately have "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a \<Rightarrow> bool. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis AAA1) }
   13.53 +    ultimately have "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a \<Rightarrow> bool. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis AA1) }
   13.54 +  moreover
   13.55 +  { assume "\<exists>x\<^isub>1\<Colon>'a \<Rightarrow> bool. (Z \<subseteq> x\<^isub>1 \<and> Y \<subseteq> x\<^isub>1) \<and> \<not> X \<subseteq> x\<^isub>1"
   13.56 +    { assume "\<not> Y \<subseteq> X"
   13.57 +      hence "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a \<Rightarrow> bool. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis F1) }
   13.58 +    moreover
   13.59 +    { assume AAA1: "Y \<subseteq> X \<and> Y \<union> Z \<noteq> X"
   13.60 +      { assume "\<not> Z \<subseteq> X"
   13.61 +        hence "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a \<Rightarrow> bool. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis Un_upper2) }
   13.62 +      moreover
   13.63 +      { assume "(Z \<subseteq> X \<and> Y \<subseteq> X) \<and> Y \<union> Z \<noteq> X"
   13.64 +        hence "Y \<union> Z \<subseteq> X \<and> X \<noteq> Y \<union> Z" by (metis Un_subset_iff)
   13.65 +        hence "Y \<union> Z \<noteq> X \<and> \<not> X \<subseteq> Y \<union> Z" by (metis F2)
   13.66 +        hence "\<exists>x\<^isub>1\<Colon>'a \<Rightarrow> bool. Y \<subseteq> x\<^isub>1 \<union> Z \<and> Y \<union> Z \<noteq> X \<and> \<not> X \<subseteq> x\<^isub>1 \<union> Z" by (metis F1)
   13.67 +        hence "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a \<Rightarrow> bool. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis Un_upper2) }
   13.68 +      ultimately have "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a \<Rightarrow> bool. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis AAA1) }
   13.69 +    ultimately have "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a \<Rightarrow> bool. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by blast }
   13.70 +  moreover
   13.71 +  { assume "\<not> Y \<subseteq> X"
   13.72 +    hence "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a \<Rightarrow> bool. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis F1) }
   13.73 +  ultimately show "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a \<Rightarrow> bool. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by metis
   13.74 +qed
   13.75 +
   13.76 +sledgehammer_params [isar_proof, isar_shrink_factor = 2]
   13.77 +
   13.78 +lemma (*equal_union: *)
   13.79 +   "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))"
   13.80 +proof -
   13.81 +  have F1: "\<forall>(x\<^isub>2\<Colon>'b \<Rightarrow> bool) x\<^isub>1\<Colon>'b \<Rightarrow> bool. x\<^isub>1 \<subseteq> x\<^isub>2 \<and> x\<^isub>2 \<subseteq> x\<^isub>1 \<longrightarrow> x\<^isub>1 = x\<^isub>2" by (metis Un_commute subset_Un_eq)
   13.82 +  { assume AA1: "\<exists>x\<^isub>1\<Colon>'a \<Rightarrow> bool. (Z \<subseteq> x\<^isub>1 \<and> Y \<subseteq> x\<^isub>1) \<and> \<not> X \<subseteq> x\<^isub>1"
   13.83 +    { assume AAA1: "Y \<subseteq> X \<and> Y \<union> Z \<noteq> X"
   13.84 +      { assume "\<not> Z \<subseteq> X"
   13.85 +        hence "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a \<Rightarrow> bool. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis Un_upper2) }
   13.86 +      moreover
   13.87 +      { assume "Y \<union> Z \<subseteq> X \<and> X \<noteq> Y \<union> Z"
   13.88 +        hence "\<exists>x\<^isub>1\<Colon>'a \<Rightarrow> bool. Y \<subseteq> x\<^isub>1 \<union> Z \<and> Y \<union> Z \<noteq> X \<and> \<not> X \<subseteq> x\<^isub>1 \<union> Z" by (metis F1 Un_commute Un_upper2)
   13.89 +        hence "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a \<Rightarrow> bool. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis Un_upper2) }
   13.90 +      ultimately have "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a \<Rightarrow> bool. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis AAA1 Un_subset_iff) }
   13.91 +    moreover
   13.92 +    { assume "\<not> Y \<subseteq> X"
   13.93 +      hence "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a \<Rightarrow> bool. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis Un_commute Un_upper2) }
   13.94 +    ultimately have "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a \<Rightarrow> bool. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis AA1 Un_subset_iff) }
   13.95 +  moreover
   13.96 +  { assume "\<not> Z \<subseteq> X"
   13.97 +    hence "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a \<Rightarrow> bool. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis Un_upper2) }
   13.98 +  moreover
   13.99 +  { assume "\<not> Y \<subseteq> X"
  13.100 +    hence "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a \<Rightarrow> bool. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis Un_commute Un_upper2) }
  13.101 +  moreover
  13.102 +  { assume AA1: "Y \<subseteq> X \<and> Y \<union> Z \<noteq> X"
  13.103 +    { assume "\<not> Z \<subseteq> X"
  13.104 +      hence "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a \<Rightarrow> bool. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis Un_upper2) }
  13.105 +    moreover
  13.106 +    { assume "Y \<union> Z \<subseteq> X \<and> X \<noteq> Y \<union> Z"
  13.107 +      hence "\<exists>x\<^isub>1\<Colon>'a \<Rightarrow> bool. Y \<subseteq> x\<^isub>1 \<union> Z \<and> Y \<union> Z \<noteq> X \<and> \<not> X \<subseteq> x\<^isub>1 \<union> Z" by (metis F1 Un_commute Un_upper2)
  13.108 +      hence "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a \<Rightarrow> bool. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis Un_upper2) }
  13.109 +    ultimately have "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a \<Rightarrow> bool. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis AA1 Un_subset_iff) }
  13.110 +  ultimately show "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a \<Rightarrow> bool. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by metis
  13.111 +qed
  13.112 +
  13.113 +sledgehammer_params [isar_proof, isar_shrink_factor = 3]
  13.114 +
  13.115 +lemma (*equal_union: *)
  13.116 +   "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))"
  13.117 +proof -
  13.118 +  have F1a: "\<forall>(x\<^isub>2\<Colon>'b \<Rightarrow> bool) x\<^isub>1\<Colon>'b \<Rightarrow> bool. x\<^isub>1 \<subseteq> x\<^isub>2 \<longrightarrow> x\<^isub>2 = x\<^isub>2 \<union> x\<^isub>1" by (metis Un_commute subset_Un_eq)
  13.119 +  have F1: "\<forall>(x\<^isub>2\<Colon>'b \<Rightarrow> bool) x\<^isub>1\<Colon>'b \<Rightarrow> bool. x\<^isub>1 \<subseteq> x\<^isub>2 \<and> x\<^isub>2 \<subseteq> x\<^isub>1 \<longrightarrow> x\<^isub>1 = x\<^isub>2" by (metis F1a subset_Un_eq)
  13.120 +  { assume "(Z \<subseteq> X \<and> Y \<subseteq> X) \<and> Y \<union> Z \<noteq> X"
  13.121 +    hence "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a \<Rightarrow> bool. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis F1 Un_commute Un_subset_iff Un_upper2) }
  13.122 +  moreover
  13.123 +  { assume AA1: "\<exists>x\<^isub>1\<Colon>'a \<Rightarrow> bool. (Z \<subseteq> x\<^isub>1 \<and> Y \<subseteq> x\<^isub>1) \<and> \<not> X \<subseteq> x\<^isub>1"
  13.124 +    { assume "(Z \<subseteq> X \<and> Y \<subseteq> X) \<and> Y \<union> Z \<noteq> X"
  13.125 +      hence "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a \<Rightarrow> bool. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis F1 Un_commute Un_subset_iff Un_upper2) }
  13.126 +    hence "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a \<Rightarrow> bool. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis AA1 Un_commute Un_subset_iff Un_upper2) }
  13.127 +  ultimately show "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a \<Rightarrow> bool. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis Un_commute Un_upper2)
  13.128 +qed
  13.129 +
  13.130 +sledgehammer_params [isar_proof, isar_shrink_factor = 4]
  13.131 +
  13.132 +lemma (*equal_union: *)
  13.133 +   "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))"
  13.134 +proof -
  13.135 +  have F1: "\<forall>(x\<^isub>2\<Colon>'b \<Rightarrow> bool) x\<^isub>1\<Colon>'b \<Rightarrow> bool. x\<^isub>1 \<subseteq> x\<^isub>2 \<and> x\<^isub>2 \<subseteq> x\<^isub>1 \<longrightarrow> x\<^isub>1 = x\<^isub>2" by (metis Un_commute subset_Un_eq)
  13.136 +  { assume "\<not> Y \<subseteq> X"
  13.137 +    hence "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a \<Rightarrow> bool. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis Un_commute Un_upper2) }
  13.138 +  moreover
  13.139 +  { assume AA1: "Y \<subseteq> X \<and> Y \<union> Z \<noteq> X"
  13.140 +    { assume "\<exists>x\<^isub>1\<Colon>'a \<Rightarrow> bool. Y \<subseteq> x\<^isub>1 \<union> Z \<and> Y \<union> Z \<noteq> X \<and> \<not> X \<subseteq> x\<^isub>1 \<union> Z"
  13.141 +      hence "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a \<Rightarrow> bool. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis Un_upper2) }
  13.142 +    hence "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a \<Rightarrow> bool. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis AA1 F1 Un_commute Un_subset_iff Un_upper2) }
  13.143 +  ultimately show "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a \<Rightarrow> bool. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis Un_subset_iff Un_upper2)
  13.144 +qed
  13.145 +
  13.146 +sledgehammer_params [isar_proof, isar_shrink_factor = 1]
  13.147 +
  13.148 +lemma (*equal_union: *)
  13.149 +   "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))"
  13.150 +by (metis Un_least Un_upper1 Un_upper2 set_eq_subset)
  13.151 +
  13.152 +lemma "(X = Y \<inter> Z) = (X \<subseteq> Y \<and> X \<subseteq> Z \<and> (\<forall>V. V \<subseteq> Y \<and> V \<subseteq> Z \<longrightarrow> V \<subseteq> X))"
  13.153 +by (metis Int_greatest Int_lower1 Int_lower2 subset_antisym)
  13.154 +
  13.155 +lemma fixedpoint: "\<exists>!x. f (g x) = x \<Longrightarrow> \<exists>!y. g (f y) = y"
  13.156 +by metis
  13.157 +
  13.158 +lemma (* fixedpoint: *) "\<exists>!x. f (g x) = x \<Longrightarrow> \<exists>!y. g (f y) = y"
  13.159 +proof -
  13.160 +  assume "\<exists>!x\<Colon>'a. f (g x) = x"
  13.161 +  thus "\<exists>!y\<Colon>'b. g (f y) = y" by metis
  13.162 +qed
  13.163 +
  13.164 +lemma (* singleton_example_2: *)
  13.165 +     "\<forall>x \<in> S. \<Union>S \<subseteq> x \<Longrightarrow> \<exists>z. S \<subseteq> {z}"
  13.166 +by (metis Set.subsetI Union_upper insertCI set_eq_subset)
  13.167 +
  13.168 +lemma (* singleton_example_2: *)
  13.169 +     "\<forall>x \<in> S. \<Union>S \<subseteq> x \<Longrightarrow> \<exists>z. S \<subseteq> {z}"
  13.170 +by (metis Set.subsetI Union_upper insert_iff set_eq_subset)
  13.171 +
  13.172 +lemma singleton_example_2:
  13.173 +     "\<forall>x \<in> S. \<Union>S \<subseteq> x \<Longrightarrow> \<exists>z. S \<subseteq> {z}"
  13.174 +proof -
  13.175 +  assume "\<forall>x \<in> S. \<Union>S \<subseteq> x"
  13.176 +  hence "\<forall>x\<^isub>1. x\<^isub>1 \<subseteq> \<Union>S \<and> x\<^isub>1 \<in> S \<longrightarrow> x\<^isub>1 = \<Union>S" by (metis set_eq_subset)
  13.177 +  hence "\<forall>x\<^isub>1. x\<^isub>1 \<in> S \<longrightarrow> x\<^isub>1 = \<Union>S" by (metis Union_upper)
  13.178 +  hence "\<forall>x\<^isub>1\<Colon>('a \<Rightarrow> bool) \<Rightarrow> bool. \<Union>S \<in> x\<^isub>1 \<longrightarrow> S \<subseteq> x\<^isub>1" by (metis subsetI)
  13.179 +  hence "\<forall>x\<^isub>1\<Colon>('a \<Rightarrow> bool) \<Rightarrow> bool. S \<subseteq> insert (\<Union>S) x\<^isub>1" by (metis insert_iff)
  13.180 +  thus "\<exists>z. S \<subseteq> {z}" by metis
  13.181 +qed
  13.182 +
  13.183 +text {*
  13.184 +  From W. W. Bledsoe and Guohui Feng, SET-VAR. JAR 11 (3), 1993, pages
  13.185 +  293-314.
  13.186 +*}
  13.187 +
  13.188 +(* Notes: (1) The numbering doesn't completely agree with the paper.
  13.189 +   (2) We must rename set variables to avoid type clashes. *)
  13.190 +lemma "\<exists>B. (\<forall>x \<in> B. x \<le> (0::int))"
  13.191 +      "D \<in> F \<Longrightarrow> \<exists>G. \<forall>A \<in> G. \<exists>B \<in> F. A \<subseteq> B"
  13.192 +      "P a \<Longrightarrow> \<exists>A. (\<forall>x \<in> A. P x) \<and> (\<exists>y. y \<in> A)"
  13.193 +      "a < b \<and> b < (c::int) \<Longrightarrow> \<exists>B. a \<notin> B \<and> b \<in> B \<and> c \<notin> B"
  13.194 +      "P (f b) \<Longrightarrow> \<exists>s A. (\<forall>x \<in> A. P x) \<and> f s \<in> A"
  13.195 +      "P (f b) \<Longrightarrow> \<exists>s A. (\<forall>x \<in> A. P x) \<and> f s \<in> A"
  13.196 +      "\<exists>A. a \<notin> A"
  13.197 +      "(\<forall>C. (0, 0) \<in> C \<and> (\<forall>x y. (x, y) \<in> C \<longrightarrow> (Suc x, Suc y) \<in> C) \<longrightarrow> (n, m) \<in> C) \<and> Q n \<longrightarrow> Q m"
  13.198 +       apply (metis all_not_in_conv)
  13.199 +      apply (metis all_not_in_conv)
  13.200 +     apply (metis mem_def)
  13.201 +    apply (metis less_int_def singleton_iff)
  13.202 +   apply (metis mem_def)
  13.203 +  apply (metis mem_def)
  13.204 + apply (metis all_not_in_conv)
  13.205 +by (metis pair_in_Id_conv)
  13.206 +
  13.207 +end
    14.1 --- a/src/HOL/Metis_Examples/Tarski.thy	Mon Jun 06 20:36:35 2011 +0200
    14.2 +++ b/src/HOL/Metis_Examples/Tarski.thy	Mon Jun 06 20:36:35 2011 +0200
    14.3 @@ -1,11 +1,11 @@
    14.4  (*  Title:      HOL/Metis_Examples/Tarski.thy
    14.5 -    Author:     Lawrence C Paulson, Cambridge University Computer Laboratory
    14.6 +    Author:     Lawrence C. Paulson, Cambridge University Computer Laboratory
    14.7      Author:     Jasmin Blanchette, TU Muenchen
    14.8  
    14.9 -Testing Metis.
   14.10 +Metis example featuring the full theorem of Tarski.
   14.11  *)
   14.12  
   14.13 -header {* The Full Theorem of Tarski *}
   14.14 +header {* Metis Example Featuring the Full Theorem of Tarski *}
   14.15  
   14.16  theory Tarski
   14.17  imports Main "~~/src/HOL/Library/FuncSet"
   14.18 @@ -260,7 +260,7 @@
   14.19  by (simp add: dual_def)
   14.20  
   14.21  lemma (in PO) monotone_dual:
   14.22 -     "monotone f (pset cl) (order cl) 
   14.23 +     "monotone f (pset cl) (order cl)
   14.24       ==> monotone f (pset (dual cl)) (order(dual cl))"
   14.25  by (simp add: monotone_def dualA_iff dualr_iff)
   14.26  
   14.27 @@ -436,7 +436,7 @@
   14.28  lemma (in CLF) CLF_dual: "(dual cl, f) \<in> CLF_set"
   14.29  apply (simp del: dualA_iff)
   14.30  apply (simp)
   14.31 -done 
   14.32 +done
   14.33  
   14.34  declare (in CLF) CLF_set_def[simp del] CL_dualCL[simp del] monotone_dual[simp del]
   14.35            dualA_iff[simp del]
   14.36 @@ -459,7 +459,7 @@
   14.37  
   14.38  (*never proved, 2007-01-22*)
   14.39  declare [[ sledgehammer_problem_prefix = "Tarski__CLF_lubH_le_flubH" ]]
   14.40 -  declare CL.lub_least[intro] CLF.f_in_funcset[intro] funcset_mem[intro] CL.lub_in_lattice[intro] PO.transE[intro] PO.monotoneE[intro] CLF.monotone_f[intro] CL.lub_upper[intro] 
   14.41 +  declare CL.lub_least[intro] CLF.f_in_funcset[intro] funcset_mem[intro] CL.lub_in_lattice[intro] PO.transE[intro] PO.monotoneE[intro] CLF.monotone_f[intro] CL.lub_upper[intro]
   14.42  lemma (in CLF) lubH_le_flubH:
   14.43       "H = {x. (x, f x) \<in> r & x \<in> A} ==> (lub H cl, f (lub H cl)) \<in> r"
   14.44  apply (rule lub_least, fast)
   14.45 @@ -480,15 +480,15 @@
   14.46  apply (rule lub_upper, fast)
   14.47  apply assumption
   14.48  done
   14.49 -  declare CL.lub_least[rule del] CLF.f_in_funcset[rule del] 
   14.50 -          funcset_mem[rule del] CL.lub_in_lattice[rule del] 
   14.51 -          PO.transE[rule del] PO.monotoneE[rule del] 
   14.52 -          CLF.monotone_f[rule del] CL.lub_upper[rule del] 
   14.53 +  declare CL.lub_least[rule del] CLF.f_in_funcset[rule del]
   14.54 +          funcset_mem[rule del] CL.lub_in_lattice[rule del]
   14.55 +          PO.transE[rule del] PO.monotoneE[rule del]
   14.56 +          CLF.monotone_f[rule del] CL.lub_upper[rule del]
   14.57  
   14.58  (*never proved, 2007-01-22*)
   14.59  declare [[ sledgehammer_problem_prefix = "Tarski__CLF_flubH_le_lubH" ]]
   14.60    declare CLF.f_in_funcset[intro] funcset_mem[intro] CL.lub_in_lattice[intro]
   14.61 -       PO.monotoneE[intro] CLF.monotone_f[intro] CL.lub_upper[intro] 
   14.62 +       PO.monotoneE[intro] CLF.monotone_f[intro] CL.lub_upper[intro]
   14.63         CLF.lubH_le_flubH[simp]
   14.64  lemma (in CLF) flubH_le_lubH:
   14.65       "[|  H = {x. (x, f x) \<in> r & x \<in> A} |] ==> (f (lub H cl), lub H cl) \<in> r"
   14.66 @@ -498,14 +498,14 @@
   14.67  apply (rule conjI)
   14.68  using [[ sledgehammer_problem_prefix = "Tarski__CLF_flubH_le_lubH_simpler" ]]
   14.69  (*??no longer terminates, with combinators
   14.70 -apply (metis CO_refl_on lubH_le_flubH monotone_def monotone_f reflD1 reflD2) 
   14.71 +apply (metis CO_refl_on lubH_le_flubH monotone_def monotone_f reflD1 reflD2)
   14.72  *)
   14.73  apply (metis CO_refl_on lubH_le_flubH monotoneE [OF monotone_f] refl_onD1 refl_onD2)
   14.74  apply (metis CO_refl_on lubH_le_flubH refl_onD2)
   14.75  done
   14.76 -  declare CLF.f_in_funcset[rule del] funcset_mem[rule del] 
   14.77 -          CL.lub_in_lattice[rule del] PO.monotoneE[rule del] 
   14.78 -          CLF.monotone_f[rule del] CL.lub_upper[rule del] 
   14.79 +  declare CLF.f_in_funcset[rule del] funcset_mem[rule del]
   14.80 +          CL.lub_in_lattice[rule del] PO.monotoneE[rule del]
   14.81 +          CLF.monotone_f[rule del] CL.lub_upper[rule del]
   14.82            CLF.lubH_le_flubH[simp del]
   14.83  
   14.84  
   14.85 @@ -577,7 +577,7 @@
   14.86  
   14.87  subsection {* Tarski fixpoint theorem 1, first part *}
   14.88  declare [[ sledgehammer_problem_prefix = "Tarski__CLF_T_thm_1_lub" ]]
   14.89 -  declare CL.lubI[intro] fix_subset[intro] CL.lub_in_lattice[intro] 
   14.90 +  declare CL.lubI[intro] fix_subset[intro] CL.lub_in_lattice[intro]
   14.91            CLF.fixf_le_lubH[simp] CLF.lubH_least_fixf[simp]
   14.92  lemma (in CLF) T_thm_1_lub: "lub P cl = lub {x. (x, f x) \<in> r & x \<in> A} cl"
   14.93  (*sledgehammer;*)
   14.94 @@ -585,7 +585,7 @@
   14.95  apply (simp add: P_def)
   14.96  apply (rule lubI)
   14.97  using [[ sledgehammer_problem_prefix = "Tarski__CLF_T_thm_1_lub_simpler" ]]
   14.98 -apply (metis P_def fix_subset) 
   14.99 +apply (metis P_def fix_subset)
  14.100  apply (metis Collect_conj_eq Collect_mem_eq Int_commute Int_lower1 lub_in_lattice vimage_def)
  14.101  (*??no longer terminates, with combinators
  14.102  apply (metis P_def fix_def fixf_le_lubH)
  14.103 @@ -594,13 +594,13 @@
  14.104  apply (simp add: fixf_le_lubH)
  14.105  apply (simp add: lubH_least_fixf)
  14.106  done
  14.107 -  declare CL.lubI[rule del] fix_subset[rule del] CL.lub_in_lattice[rule del] 
  14.108 +  declare CL.lubI[rule del] fix_subset[rule del] CL.lub_in_lattice[rule del]
  14.109            CLF.fixf_le_lubH[simp del] CLF.lubH_least_fixf[simp del]
  14.110  
  14.111  
  14.112  (*never proved, 2007-01-22*)
  14.113  declare [[ sledgehammer_problem_prefix = "Tarski__CLF_glbH_is_fixp" ]]
  14.114 -  declare glb_dual_lub[simp] PO.dualA_iff[intro] CLF.lubH_is_fixp[intro] 
  14.115 +  declare glb_dual_lub[simp] PO.dualA_iff[intro] CLF.lubH_is_fixp[intro]
  14.116            PO.dualPO[intro] CL.CL_dualCL[intro] PO.dualr_iff[simp]
  14.117  lemma (in CLF) glbH_is_fixp: "H = {x. (f x, x) \<in> r & x \<in> A} ==> glb H cl \<in> P"
  14.118    -- {* Tarski for glb *}
  14.119 @@ -618,7 +618,7 @@
  14.120  apply (rule CLF_dual)
  14.121  apply (simp add: dualr_iff dualA_iff)
  14.122  done
  14.123 -  declare glb_dual_lub[simp del] PO.dualA_iff[rule del] CLF.lubH_is_fixp[rule del] 
  14.124 +  declare glb_dual_lub[simp del] PO.dualA_iff[rule del] CLF.lubH_is_fixp[rule del]
  14.125            PO.dualPO[rule del] CL.CL_dualCL[rule del] PO.dualr_iff[simp del]
  14.126  
  14.127  
  14.128 @@ -645,11 +645,11 @@
  14.129    declare (in CLF) CO_refl_on[simp del]  refl_on_def [simp del]
  14.130  
  14.131  declare [[ sledgehammer_problem_prefix = "Tarski__interval_subset" ]]
  14.132 -  declare (in CLF) rel_imp_elem[intro] 
  14.133 +  declare (in CLF) rel_imp_elem[intro]
  14.134    declare interval_def [simp]
  14.135  lemma (in CLF) interval_subset: "[| a \<in> A; b \<in> A |] ==> interval r a b \<subseteq> A"
  14.136  by (metis CO_refl_on interval_imp_mem refl_onD refl_onD2 rel_imp_elem subset_eq)
  14.137 -  declare (in CLF) rel_imp_elem[rule del] 
  14.138 +  declare (in CLF) rel_imp_elem[rule del]
  14.139    declare interval_def [simp del]
  14.140  
  14.141  
  14.142 @@ -682,7 +682,7 @@
  14.143  declare [[ sledgehammer_problem_prefix = "Tarski__L_in_interval" ]]  (*ALL THEOREMS*)
  14.144  lemma (in CLF) L_in_interval:
  14.145       "[| a \<in> A; b \<in> A; S \<subseteq> interval r a b;
  14.146 -         S \<noteq> {}; isLub S cl L; interval r a b \<noteq> {} |] ==> L \<in> interval r a b" 
  14.147 +         S \<noteq> {}; isLub S cl L; interval r a b \<noteq> {} |] ==> L \<in> interval r a b"
  14.148  (*WON'T TERMINATE
  14.149  apply (metis CO_trans intervalI interval_lemma1 interval_lemma2 isLub_least isLub_upper subset_empty subset_iff trans_def)
  14.150  *)
  14.151 @@ -807,7 +807,7 @@
  14.152  (*sledgehammer; *)
  14.153  apply (simp add: Bot_def least_def)
  14.154  apply (rule_tac a="glb A cl" in someI2)
  14.155 -apply (simp_all add: glb_in_lattice glb_lower 
  14.156 +apply (simp_all add: glb_in_lattice glb_lower
  14.157                       r_def [symmetric] A_def [symmetric])
  14.158  done
  14.159  
  14.160 @@ -827,14 +827,14 @@
  14.161  apply (simp add: Top_def greatest_def)
  14.162  apply (rule_tac a="lub A cl" in someI2)
  14.163  apply (rule someI2)
  14.164 -apply (simp_all add: lub_in_lattice lub_upper 
  14.165 +apply (simp_all add: lub_in_lattice lub_upper
  14.166                       r_def [symmetric] A_def [symmetric])
  14.167  done
  14.168  
  14.169  (*never proved, 2007-01-22*)
  14.170 -declare [[ sledgehammer_problem_prefix = "Tarski__Bot_prop" ]]  (*ALL THEOREMS*) 
  14.171 +declare [[ sledgehammer_problem_prefix = "Tarski__Bot_prop" ]]  (*ALL THEOREMS*)
  14.172  lemma (in CLF) Bot_prop: "x \<in> A ==> (Bot cl, x) \<in> r"
  14.173 -(*sledgehammer*) 
  14.174 +(*sledgehammer*)
  14.175  apply (simp add: Bot_dual_Top r_def)
  14.176  apply (rule dualr_iff [THEN subst])
  14.177  apply (simp add: CLF.Top_prop [of _ f, OF CLF.intro, OF CL.intro CLF_axioms.intro, OF PO.intro CL_axioms.intro]
  14.178 @@ -842,12 +842,12 @@
  14.179  done
  14.180  
  14.181  declare [[ sledgehammer_problem_prefix = "Tarski__Bot_in_lattice" ]]  (*ALL THEOREMS*)
  14.182 -lemma (in CLF) Top_intv_not_empty: "x \<in> A  ==> interval r x (Top cl) \<noteq> {}" 
  14.183 +lemma (in CLF) Top_intv_not_empty: "x \<in> A  ==> interval r x (Top cl) \<noteq> {}"
  14.184  apply (metis Top_in_lattice Top_prop empty_iff intervalI reflE)
  14.185  done
  14.186  
  14.187  declare [[ sledgehammer_problem_prefix = "Tarski__Bot_intv_not_empty" ]]  (*ALL THEOREMS*)
  14.188 -lemma (in CLF) Bot_intv_not_empty: "x \<in> A ==> interval r (Bot cl) x \<noteq> {}" 
  14.189 +lemma (in CLF) Bot_intv_not_empty: "x \<in> A ==> interval r (Bot cl) x \<noteq> {}"
  14.190  apply (metis Bot_prop ex_in_conv intervalI reflE rel_imp_elem)
  14.191  done
  14.192  
  14.193 @@ -862,7 +862,7 @@
  14.194    declare (in Tarski) P_def[simp] Y_ss [simp]
  14.195    declare fix_subset [intro] subset_trans [intro]
  14.196  lemma (in Tarski) Y_subset_A: "Y \<subseteq> A"
  14.197 -(*sledgehammer*) 
  14.198 +(*sledgehammer*)
  14.199  apply (rule subset_trans [OF _ fix_subset])
  14.200  apply (rule Y_ss [simplified P_def])
  14.201  done
  14.202 @@ -876,7 +876,7 @@
  14.203  (*never proved, 2007-01-22*)
  14.204  declare [[ sledgehammer_problem_prefix = "Tarski__lubY_le_flubY" ]]  (*ALL THEOREMS*)
  14.205  lemma (in Tarski) lubY_le_flubY: "(lub Y cl, f (lub Y cl)) \<in> r"
  14.206 -(*sledgehammer*) 
  14.207 +(*sledgehammer*)
  14.208  apply (rule lub_least)
  14.209  apply (rule Y_subset_A)
  14.210  apply (rule f_in_funcset [THEN funcset_mem])
  14.211 @@ -900,7 +900,7 @@
  14.212  (*first proved 2007-01-25 after relaxing relevance*)
  14.213  declare [[ sledgehammer_problem_prefix = "Tarski__intY1_subset" ]]  (*ALL THEOREMS*)
  14.214  lemma (in Tarski) intY1_subset: "intY1 \<subseteq> A"
  14.215 -(*sledgehammer*) 
  14.216 +(*sledgehammer*)
  14.217  apply (unfold intY1_def)
  14.218  apply (rule interval_subset)
  14.219  apply (rule lubY_in_A)
  14.220 @@ -912,7 +912,7 @@
  14.221  (*never proved, 2007-01-22*)
  14.222  declare [[ sledgehammer_problem_prefix = "Tarski__intY1_f_closed" ]]  (*ALL THEOREMS*)
  14.223  lemma (in Tarski) intY1_f_closed: "x \<in> intY1 \<Longrightarrow> f x \<in> intY1"
  14.224 -(*sledgehammer*) 
  14.225 +(*sledgehammer*)
  14.226  apply (simp add: intY1_def  interval_def)
  14.227  apply (rule conjI)
  14.228  apply (rule transE)
  14.229 @@ -925,7 +925,7 @@
  14.230  apply (rule lubY_in_A)
  14.231  apply (simp add: intY1_def interval_def  intY1_elem)
  14.232  apply (simp add: intY1_def  interval_def)
  14.233 --- {* @{text "(f x, Top cl) \<in> r"} *} 
  14.234 +-- {* @{text "(f x, Top cl) \<in> r"} *}
  14.235  apply (rule Top_prop)
  14.236  apply (rule f_in_funcset [THEN funcset_mem])
  14.237  apply (simp add: intY1_def interval_def  intY1_elem)
  14.238 @@ -949,7 +949,7 @@
  14.239  declare [[ sledgehammer_problem_prefix = "Tarski__intY1_is_cl" ]]  (*ALL THEOREMS*)
  14.240  lemma (in Tarski) intY1_is_cl:
  14.241      "(| pset = intY1, order = induced intY1 r |) \<in> CompleteLattice"
  14.242 -(*sledgehammer*) 
  14.243 +(*sledgehammer*)
  14.244  apply (unfold intY1_def)
  14.245  apply (rule interv_is_compl_latt)
  14.246  apply (rule lubY_in_A)
  14.247 @@ -961,7 +961,7 @@
  14.248  (*never proved, 2007-01-22*)
  14.249  declare [[ sledgehammer_problem_prefix = "Tarski__v_in_P" ]]  (*ALL THEOREMS*)
  14.250  lemma (in Tarski) v_in_P: "v \<in> P"
  14.251 -(*sledgehammer*) 
  14.252 +(*sledgehammer*)
  14.253  apply (unfold P_def)
  14.254  apply (rule_tac A = "intY1" in fixf_subset)
  14.255  apply (rule intY1_subset)
  14.256 @@ -985,7 +985,7 @@
  14.257  
  14.258  declare [[ sledgehammer_problem_prefix = "Tarski__fz_in_int_rel" ]]  (*ALL THEOREMS*)
  14.259  lemma (in Tarski) f'z_in_int_rel: "[| z \<in> P; \<forall>y\<in>Y. (y, z) \<in> induced P r |]
  14.260 -      ==> ((%x: intY1. f x) z, z) \<in> induced intY1 r" 
  14.261 +      ==> ((%x: intY1. f x) z, z) \<in> induced intY1 r"
  14.262  apply (metis P_def acc_def fix_imp_eq fix_subset indI reflE restrict_apply subset_eq z_in_interval)
  14.263  done
  14.264  
  14.265 @@ -998,7 +998,7 @@
  14.266  -- {* @{text "v \<in> P"} *}
  14.267  apply (simp add: v_in_P)
  14.268  apply (rule conjI)
  14.269 -(*sledgehammer*) 
  14.270 +(*sledgehammer*)
  14.271  -- {* @{text v} is lub *}
  14.272  -- {* @{text "1. \<forall>y:Y. (y, v) \<in> induced P r"} *}
  14.273  apply (rule ballI)
  14.274 @@ -1021,12 +1021,12 @@
  14.275  apply (unfold v_def)
  14.276  (*never proved, 2007-01-22*)
  14.277  using [[ sledgehammer_problem_prefix = "Tarski__tarski_full_lemma_simpler" ]]
  14.278 -(*sledgehammer*) 
  14.279 +(*sledgehammer*)
  14.280  apply (rule indE)
  14.281  apply (rule_tac [2] intY1_subset)
  14.282  (*never proved, 2007-01-22*)
  14.283  using [[ sledgehammer_problem_prefix = "Tarski__tarski_full_lemma_simplest" ]]
  14.284 -(*sledgehammer*) 
  14.285 +(*sledgehammer*)
  14.286  apply (rule CL.glb_lower [OF CL.intro, OF PO.intro CL_axioms.intro, OF _ intY1_is_cl, simplified])
  14.287    apply (simp add: CL_imp_PO intY1_is_cl)
  14.288   apply force
  14.289 @@ -1049,12 +1049,12 @@
  14.290                 CompleteLatticeI_simp [intro]
  14.291  theorem (in CLF) Tarski_full:
  14.292       "(| pset = P, order = induced P r|) \<in> CompleteLattice"
  14.293 -(*sledgehammer*) 
  14.294 +(*sledgehammer*)
  14.295  apply (rule CompleteLatticeI_simp)
  14.296  apply (rule fixf_po, clarify)
  14.297  (*never proved, 2007-01-22*)
  14.298  using [[ sledgehammer_problem_prefix = "Tarski__Tarski_full_simpler" ]]
  14.299 -(*sledgehammer*) 
  14.300 +(*sledgehammer*)
  14.301  apply (simp add: P_def A_def r_def)
  14.302  apply (blast intro!: Tarski.tarski_full_lemma [OF Tarski.intro, OF CLF.intro Tarski_axioms.intro,
  14.303    OF CL.intro CLF_axioms.intro, OF PO.intro CL_axioms.intro] cl_po cl_co f_cl)
    15.1 --- a/src/HOL/Metis_Examples/TransClosure.thy	Mon Jun 06 20:36:35 2011 +0200
    15.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
    15.3 @@ -1,64 +0,0 @@
    15.4 -(*  Title:      HOL/Metis_Examples/TransClosure.thy
    15.5 -    Author:     Lawrence C Paulson, Cambridge University Computer Laboratory
    15.6 -    Author:     Jasmin Blanchette, TU Muenchen
    15.7 -
    15.8 -Testing Metis.
    15.9 -*)
   15.10 -
   15.11 -theory TransClosure
   15.12 -imports Main
   15.13 -begin
   15.14 -
   15.15 -declare [[metis_new_skolemizer]]
   15.16 -
   15.17 -type_synonym addr = nat
   15.18 -
   15.19 -datatype val
   15.20 -  = Unit        -- "dummy result value of void expressions"
   15.21 -  | Null        -- "null reference"
   15.22 -  | Bool bool   -- "Boolean value"
   15.23 -  | Intg int    -- "integer value"
   15.24 -  | Addr addr   -- "addresses of objects in the heap"
   15.25 -
   15.26 -consts R :: "(addr \<times> addr) set"
   15.27 -
   15.28 -consts f :: "addr \<Rightarrow> val"
   15.29 -
   15.30 -lemma "\<lbrakk>f c = Intg x; \<forall>y. f b = Intg y \<longrightarrow> y \<noteq> x; (a, b) \<in> R\<^sup>*; (b, c) \<in> R\<^sup>*\<rbrakk>
   15.31 -       \<Longrightarrow> \<exists>c. (b, c) \<in> R \<and> (a, c) \<in> R\<^sup>*"
   15.32 -(* sledgehammer *)
   15.33 -proof -
   15.34 -  assume A1: "f c = Intg x"
   15.35 -  assume A2: "\<forall>y. f b = Intg y \<longrightarrow> y \<noteq> x"
   15.36 -  assume A3: "(a, b) \<in> R\<^sup>*"
   15.37 -  assume A4: "(b, c) \<in> R\<^sup>*"
   15.38 -  have F1: "f c \<noteq> f b" using A2 A1 by metis
   15.39 -  have F2: "\<forall>u. (b, u) \<in> R \<longrightarrow> (a, u) \<in> R\<^sup>*" using A3 by (metis transitive_closure_trans(6))
   15.40 -  have F3: "\<exists>x. (b, x b c R) \<in> R \<or> c = b" using A4 by (metis converse_rtranclE)
   15.41 -  have "c \<noteq> b" using F1 by metis
   15.42 -  hence "\<exists>u. (b, u) \<in> R" using F3 by metis
   15.43 -  thus "\<exists>c. (b, c) \<in> R \<and> (a, c) \<in> R\<^sup>*" using F2 by metis
   15.44 -qed
   15.45 -
   15.46 -lemma "\<lbrakk>f c = Intg x; \<forall>y. f b = Intg y \<longrightarrow> y \<noteq> x; (a, b) \<in> R\<^sup>*; (b,c) \<in> R\<^sup>*\<rbrakk>
   15.47 -       \<Longrightarrow> \<exists>c. (b, c) \<in> R \<and> (a, c) \<in> R\<^sup>*"
   15.48 -(* sledgehammer [isar_proof, isar_shrink_factor = 2] *)
   15.49 -proof -
   15.50 -  assume A1: "f c = Intg x"
   15.51 -  assume A2: "\<forall>y. f b = Intg y \<longrightarrow> y \<noteq> x"
   15.52 -  assume A3: "(a, b) \<in> R\<^sup>*"
   15.53 -  assume A4: "(b, c) \<in> R\<^sup>*"
   15.54 -  have "(R\<^sup>*) (a, b)" using A3 by (metis mem_def)
   15.55 -  hence F1: "(a, b) \<in> R\<^sup>*" by (metis mem_def)
   15.56 -  have "b \<noteq> c" using A1 A2 by metis
   15.57 -  hence "\<exists>x\<^isub>1. (b, x\<^isub>1) \<in> R" using A4 by (metis converse_rtranclE)
   15.58 -  thus "\<exists>c. (b, c) \<in> R \<and> (a, c) \<in> R\<^sup>*" using F1 by (metis transitive_closure_trans(6))
   15.59 -qed
   15.60 -
   15.61 -lemma "\<lbrakk>f c = Intg x; \<forall>y. f b = Intg y \<longrightarrow> y \<noteq> x; (a, b) \<in> R\<^sup>*; (b, c) \<in> R\<^sup>*\<rbrakk>
   15.62 -       \<Longrightarrow> \<exists>c. (b, c) \<in> R \<and> (a, c) \<in> R\<^sup>*"
   15.63 -apply (erule_tac x = b in converse_rtranclE)
   15.64 - apply metis
   15.65 -by (metis transitive_closure_trans(6))
   15.66 -
   15.67 -end
    16.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    16.2 +++ b/src/HOL/Metis_Examples/Trans_Closure.thy	Mon Jun 06 20:36:35 2011 +0200
    16.3 @@ -0,0 +1,66 @@
    16.4 +(*  Title:      HOL/Metis_Examples/Trans_Closure.thy
    16.5 +    Author:     Lawrence C. Paulson, Cambridge University Computer Laboratory
    16.6 +    Author:     Jasmin Blanchette, TU Muenchen
    16.7 +
    16.8 +Metis example featuring the transitive closure.
    16.9 +*)
   16.10 +
   16.11 +header {* Metis Example Featuring the Transitive Closure *}
   16.12 +
   16.13 +theory Trans_Closure
   16.14 +imports Main
   16.15 +begin
   16.16 +
   16.17 +declare [[metis_new_skolemizer]]
   16.18 +
   16.19 +type_synonym addr = nat
   16.20 +
   16.21 +datatype val
   16.22 +  = Unit        -- "dummy result value of void expressions"
   16.23 +  | Null        -- "null reference"
   16.24 +  | Bool bool   -- "Boolean value"
   16.25 +  | Intg int    -- "integer value"
   16.26 +  | Addr addr   -- "addresses of objects in the heap"
   16.27 +
   16.28 +consts R :: "(addr \<times> addr) set"
   16.29 +
   16.30 +consts f :: "addr \<Rightarrow> val"
   16.31 +
   16.32 +lemma "\<lbrakk>f c = Intg x; \<forall>y. f b = Intg y \<longrightarrow> y \<noteq> x; (a, b) \<in> R\<^sup>*; (b, c) \<in> R\<^sup>*\<rbrakk>
   16.33 +       \<Longrightarrow> \<exists>c. (b, c) \<in> R \<and> (a, c) \<in> R\<^sup>*"
   16.34 +(* sledgehammer *)
   16.35 +proof -
   16.36 +  assume A1: "f c = Intg x"
   16.37 +  assume A2: "\<forall>y. f b = Intg y \<longrightarrow> y \<noteq> x"
   16.38 +  assume A3: "(a, b) \<in> R\<^sup>*"
   16.39 +  assume A4: "(b, c) \<in> R\<^sup>*"
   16.40 +  have F1: "f c \<noteq> f b" using A2 A1 by metis
   16.41 +  have F2: "\<forall>u. (b, u) \<in> R \<longrightarrow> (a, u) \<in> R\<^sup>*" using A3 by (metis transitive_closure_trans(6))
   16.42 +  have F3: "\<exists>x. (b, x b c R) \<in> R \<or> c = b" using A4 by (metis converse_rtranclE)
   16.43 +  have "c \<noteq> b" using F1 by metis
   16.44 +  hence "\<exists>u. (b, u) \<in> R" using F3 by metis
   16.45 +  thus "\<exists>c. (b, c) \<in> R \<and> (a, c) \<in> R\<^sup>*" using F2 by metis
   16.46 +qed
   16.47 +
   16.48 +lemma "\<lbrakk>f c = Intg x; \<forall>y. f b = Intg y \<longrightarrow> y \<noteq> x; (a, b) \<in> R\<^sup>*; (b,c) \<in> R\<^sup>*\<rbrakk>
   16.49 +       \<Longrightarrow> \<exists>c. (b, c) \<in> R \<and> (a, c) \<in> R\<^sup>*"
   16.50 +(* sledgehammer [isar_proof, isar_shrink_factor = 2] *)
   16.51 +proof -
   16.52 +  assume A1: "f c = Intg x"
   16.53 +  assume A2: "\<forall>y. f b = Intg y \<longrightarrow> y \<noteq> x"
   16.54 +  assume A3: "(a, b) \<in> R\<^sup>*"
   16.55 +  assume A4: "(b, c) \<in> R\<^sup>*"
   16.56 +  have "(R\<^sup>*) (a, b)" using A3 by (metis mem_def)
   16.57 +  hence F1: "(a, b) \<in> R\<^sup>*" by (metis mem_def)
   16.58 +  have "b \<noteq> c" using A1 A2 by metis
   16.59 +  hence "\<exists>x\<^isub>1. (b, x\<^isub>1) \<in> R" using A4 by (metis converse_rtranclE)
   16.60 +  thus "\<exists>c. (b, c) \<in> R \<and> (a, c) \<in> R\<^sup>*" using F1 by (metis transitive_closure_trans(6))
   16.61 +qed
   16.62 +
   16.63 +lemma "\<lbrakk>f c = Intg x; \<forall>y. f b = Intg y \<longrightarrow> y \<noteq> x; (a, b) \<in> R\<^sup>*; (b, c) \<in> R\<^sup>*\<rbrakk>
   16.64 +       \<Longrightarrow> \<exists>c. (b, c) \<in> R \<and> (a, c) \<in> R\<^sup>*"
   16.65 +apply (erule_tac x = b in converse_rtranclE)
   16.66 + apply metis
   16.67 +by (metis transitive_closure_trans(6))
   16.68 +
   16.69 +end
    17.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    17.2 +++ b/src/HOL/Metis_Examples/Type_Encodings.thy	Mon Jun 06 20:36:35 2011 +0200
    17.3 @@ -0,0 +1,86 @@
    17.4 +(*  Title:      HOL/Metis_Examples/Type_Encodings.thy
    17.5 +    Author:     Jasmin Blanchette, TU Muenchen
    17.6 +
    17.7 +Example that exercises Metis's (and hence Sledgehammer's) type encodings.
    17.8 +*)
    17.9 +
   17.10 +header {*
   17.11 +Example that Exercises Metis's (and Hence Sledgehammer's) Type Encodings
   17.12 +*}
   17.13 +
   17.14 +theory Type_Encodings
   17.15 +imports Main
   17.16 +begin
   17.17 +
   17.18 +declare [[metis_new_skolemizer]]
   17.19 +
   17.20 +sledgehammer_params [prover = e, blocking, timeout = 10, preplay_timeout = 0]
   17.21 +
   17.22 +
   17.23 +text {* Setup for testing Metis exhaustively *}
   17.24 +
   17.25 +lemma fork: "P \<Longrightarrow> P \<Longrightarrow> P" by assumption
   17.26 +
   17.27 +ML {*
   17.28 +open ATP_Translate
   17.29 +
   17.30 +val polymorphisms = [Polymorphic, Monomorphic, Mangled_Monomorphic]
   17.31 +val levels =
   17.32 +  [All_Types, Nonmonotonic_Types, Finite_Types, Const_Arg_Types, No_Types]
   17.33 +val heaviness = [Heavyweight, Lightweight]
   17.34 +val type_syss =
   17.35 +  (levels |> map Simple_Types) @
   17.36 +  (map_product pair levels heaviness
   17.37 +   (* The following two families of type systems are too incomplete for our
   17.38 +      tests. *)
   17.39 +   |> remove (op =) (Nonmonotonic_Types, Heavyweight)
   17.40 +   |> remove (op =) (Finite_Types, Heavyweight)
   17.41 +   |> map_product pair polymorphisms
   17.42 +   |> map_product (fn constr => fn (poly, (level, heaviness)) =>
   17.43 +                      constr (poly, level, heaviness))
   17.44 +                  [Preds, Tags])
   17.45 +
   17.46 +fun metis_eXhaust_tac ctxt ths =
   17.47 +  let
   17.48 +    fun tac [] st = all_tac st
   17.49 +      | tac (type_sys :: type_syss) st =
   17.50 +        st (* |> tap (fn _ => tracing (PolyML.makestring type_sys)) *)
   17.51 +           |> ((if null type_syss then all_tac else rtac @{thm fork} 1)
   17.52 +               THEN Metis_Tactics.metisX_tac ctxt (SOME type_sys) ths 1
   17.53 +               THEN COND (has_fewer_prems 2) all_tac no_tac
   17.54 +               THEN tac type_syss)
   17.55 +  in tac end
   17.56 +*}
   17.57 +
   17.58 +method_setup metis_eXhaust = {*
   17.59 +  Attrib.thms >>
   17.60 +    (fn ths => fn ctxt => SIMPLE_METHOD (metis_eXhaust_tac ctxt ths type_syss))
   17.61 +*} "exhaustively run the new Metis with all type encodings"
   17.62 +
   17.63 +
   17.64 +text {* Miscellaneous tests *}
   17.65 +
   17.66 +lemma "x = y \<Longrightarrow> y = x"
   17.67 +by metis_eXhaust
   17.68 +
   17.69 +lemma "[a] = [1 + 1] \<Longrightarrow> a = 1 + (1::int)"
   17.70 +by (metis_eXhaust last.simps)
   17.71 +
   17.72 +lemma "map Suc [0] = [Suc 0]"
   17.73 +by (metis_eXhaust map.simps)
   17.74 +
   17.75 +lemma "map Suc [1 + 1] = [Suc 2]"
   17.76 +by (metis_eXhaust map.simps nat_1_add_1)
   17.77 +
   17.78 +lemma "map Suc [2] = [Suc (1 + 1)]"
   17.79 +by (metis_eXhaust map.simps nat_1_add_1)
   17.80 +
   17.81 +definition "null xs = (xs = [])"
   17.82 +
   17.83 +lemma "P (null xs) \<Longrightarrow> null xs \<Longrightarrow> xs = []"
   17.84 +by (metis_eXhaust null_def)
   17.85 +
   17.86 +lemma "(0::nat) + 0 = 0"
   17.87 +by (metis_eXhaust arithmetic_simps(38))
   17.88 +
   17.89 +end
    18.1 --- a/src/HOL/Metis_Examples/Typings.thy	Mon Jun 06 20:36:35 2011 +0200
    18.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
    18.3 @@ -1,77 +0,0 @@
    18.4 -(*  Title:      HOL/Metis_Examples/Typings.thy
    18.5 -    Author:     Jasmin Blanchette, TU Muenchen
    18.6 -
    18.7 -Testing the new Metis's (and hence Sledgehammer's) type translations.
    18.8 -*)
    18.9 -
   18.10 -theory Typings
   18.11 -imports Main
   18.12 -begin
   18.13 -
   18.14 -text {* Setup for testing Metis exhaustively *}
   18.15 -
   18.16 -lemma fork: "P \<Longrightarrow> P \<Longrightarrow> P" by assumption
   18.17 -
   18.18 -ML {*
   18.19 -open ATP_Translate
   18.20 -
   18.21 -val polymorphisms = [Polymorphic, Monomorphic, Mangled_Monomorphic]
   18.22 -val levels =
   18.23 -  [All_Types, Nonmonotonic_Types, Finite_Types, Const_Arg_Types, No_Types]
   18.24 -val heaviness = [Heavyweight, Lightweight]
   18.25 -val type_syss =
   18.26 -  (levels |> map Simple_Types) @
   18.27 -  (map_product pair levels heaviness
   18.28 -   (* The following two families of type systems are too incomplete for our
   18.29 -      tests. *)
   18.30 -   |> remove (op =) (Nonmonotonic_Types, Heavyweight)
   18.31 -   |> remove (op =) (Finite_Types, Heavyweight)
   18.32 -   |> map_product pair polymorphisms
   18.33 -   |> map_product (fn constr => fn (poly, (level, heaviness)) =>
   18.34 -                      constr (poly, level, heaviness))
   18.35 -                  [Preds, Tags])
   18.36 -
   18.37 -fun metis_eXhaust_tac ctxt ths =
   18.38 -  let
   18.39 -    fun tac [] st = all_tac st
   18.40 -      | tac (type_sys :: type_syss) st =
   18.41 -        st (* |> tap (fn _ => tracing (PolyML.makestring type_sys)) *)
   18.42 -           |> ((if null type_syss then all_tac else rtac @{thm fork} 1)
   18.43 -               THEN Metis_Tactics.metisX_tac ctxt (SOME type_sys) ths 1
   18.44 -               THEN COND (has_fewer_prems 2) all_tac no_tac
   18.45 -               THEN tac type_syss)
   18.46 -  in tac end
   18.47 -*}
   18.48 -
   18.49 -method_setup metis_eXhaust = {*
   18.50 -  Attrib.thms >>
   18.51 -    (fn ths => fn ctxt => SIMPLE_METHOD (metis_eXhaust_tac ctxt ths type_syss))
   18.52 -*} "exhaustively run the new Metis with all type encodings"
   18.53 -
   18.54 -
   18.55 -text {* Metis tests *}
   18.56 -
   18.57 -lemma "x = y \<Longrightarrow> y = x"
   18.58 -by metis_eXhaust
   18.59 -
   18.60 -lemma "[a] = [1 + 1] \<Longrightarrow> a = 1 + (1::int)"
   18.61 -by (metis_eXhaust last.simps)
   18.62 -
   18.63 -lemma "map Suc [0] = [Suc 0]"
   18.64 -by (metis_eXhaust map.simps)
   18.65 -
   18.66 -lemma "map Suc [1 + 1] = [Suc 2]"
   18.67 -by (metis_eXhaust map.simps nat_1_add_1)
   18.68 -
   18.69 -lemma "map Suc [2] = [Suc (1 + 1)]"
   18.70 -by (metis_eXhaust map.simps nat_1_add_1)
   18.71 -
   18.72 -definition "null xs = (xs = [])"
   18.73 -
   18.74 -lemma "P (null xs) \<Longrightarrow> null xs \<Longrightarrow> xs = []"
   18.75 -by (metis_eXhaust null_def)
   18.76 -
   18.77 -lemma "(0::nat) + 0 = 0"
   18.78 -by (metis_eXhaust arithmetic_simps(38))
   18.79 -
   18.80 -end
    19.1 --- a/src/HOL/Metis_Examples/set.thy	Mon Jun 06 20:36:35 2011 +0200
    19.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
    19.3 @@ -1,202 +0,0 @@
    19.4 -(*  Title:      HOL/Metis_Examples/set.thy
    19.5 -    Author:     Lawrence C Paulson, Cambridge University Computer Laboratory
    19.6 -    Author:     Jasmin Blanchette, TU Muenchen
    19.7 -
    19.8 -Testing Metis.
    19.9 -*)
   19.10 -
   19.11 -theory set
   19.12 -imports Main
   19.13 -begin
   19.14 -
   19.15 -declare [[metis_new_skolemizer]]
   19.16 -
   19.17 -lemma "EX x X. ALL y. EX z Z. (~P(y,y) | P(x,x) | ~S(z,x)) &
   19.18 -               (S(x,y) | ~S(y,z) | Q(Z,Z))  &
   19.19 -               (Q(X,y) | ~Q(y,Z) | S(X,X))" 
   19.20 -by metis
   19.21 -
   19.22 -lemma "P(n::nat) ==> ~P(0) ==> n ~= 0"
   19.23 -by metis
   19.24 -
   19.25 -sledgehammer_params [isar_proof, isar_shrink_factor = 1]
   19.26 -
   19.27 -(*multiple versions of this example*)
   19.28 -lemma (*equal_union: *)
   19.29 -   "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))"
   19.30 -proof -
   19.31 -  have F1: "\<forall>(x\<^isub>2\<Colon>'b \<Rightarrow> bool) x\<^isub>1\<Colon>'b \<Rightarrow> bool. x\<^isub>1 \<subseteq> x\<^isub>1 \<union> x\<^isub>2" by (metis Un_commute Un_upper2)
   19.32 -  have F2a: "\<forall>(x\<^isub>2\<Colon>'b \<Rightarrow> bool) x\<^isub>1\<Colon>'b \<Rightarrow> bool. x\<^isub>1 \<subseteq> x\<^isub>2 \<longrightarrow> x\<^isub>2 = x\<^isub>2 \<union> x\<^isub>1" by (metis Un_commute subset_Un_eq)
   19.33 -  have F2: "\<forall>(x\<^isub>2\<Colon>'b \<Rightarrow> bool) x\<^isub>1\<Colon>'b \<Rightarrow> bool. x\<^isub>1 \<subseteq> x\<^isub>2 \<and> x\<^isub>2 \<subseteq> x\<^isub>1 \<longrightarrow> x\<^isub>1 = x\<^isub>2" by (metis F2a subset_Un_eq)
   19.34 -  { assume "\<not> Z \<subseteq> X"
   19.35 -    hence "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a \<Rightarrow> bool. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis Un_upper2) }
   19.36 -  moreover
   19.37 -  { assume AA1: "Y \<union> Z \<noteq> X"
   19.38 -    { assume "\<not> Y \<subseteq> X"
   19.39 -      hence "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a \<Rightarrow> bool. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis F1) }
   19.40 -    moreover
   19.41 -    { assume AAA1: "Y \<subseteq> X \<and> Y \<union> Z \<noteq> X"
   19.42 -      { assume "\<not> Z \<subseteq> X"
   19.43 -        hence "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a \<Rightarrow> bool. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis Un_upper2) }
   19.44 -      moreover
   19.45 -      { assume "(Z \<subseteq> X \<and> Y \<subseteq> X) \<and> Y \<union> Z \<noteq> X"
   19.46 -        hence "Y \<union> Z \<subseteq> X \<and> X \<noteq> Y \<union> Z" by (metis Un_subset_iff)
   19.47 -        hence "Y \<union> Z \<noteq> X \<and> \<not> X \<subseteq> Y \<union> Z" by (metis F2)
   19.48 -        hence "\<exists>x\<^isub>1\<Colon>'a \<Rightarrow> bool. Y \<subseteq> x\<^isub>1 \<union> Z \<and> Y \<union> Z \<noteq> X \<and> \<not> X \<subseteq> x\<^isub>1 \<union> Z" by (metis F1)
   19.49 -        hence "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a \<Rightarrow> bool. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis Un_upper2) }
   19.50 -      ultimately have "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a \<Rightarrow> bool. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis AAA1) }
   19.51 -    ultimately have "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a \<Rightarrow> bool. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis AA1) }
   19.52 -  moreover
   19.53 -  { assume "\<exists>x\<^isub>1\<Colon>'a \<Rightarrow> bool. (Z \<subseteq> x\<^isub>1 \<and> Y \<subseteq> x\<^isub>1) \<and> \<not> X \<subseteq> x\<^isub>1"
   19.54 -    { assume "\<not> Y \<subseteq> X"
   19.55 -      hence "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a \<Rightarrow> bool. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis F1) }
   19.56 -    moreover
   19.57 -    { assume AAA1: "Y \<subseteq> X \<and> Y \<union> Z \<noteq> X"
   19.58 -      { assume "\<not> Z \<subseteq> X"
   19.59 -        hence "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a \<Rightarrow> bool. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis Un_upper2) }
   19.60 -      moreover
   19.61 -      { assume "(Z \<subseteq> X \<and> Y \<subseteq> X) \<and> Y \<union> Z \<noteq> X"
   19.62 -        hence "Y \<union> Z \<subseteq> X \<and> X \<noteq> Y \<union> Z" by (metis Un_subset_iff)
   19.63 -        hence "Y \<union> Z \<noteq> X \<and> \<not> X \<subseteq> Y \<union> Z" by (metis F2)
   19.64 -        hence "\<exists>x\<^isub>1\<Colon>'a \<Rightarrow> bool. Y \<subseteq> x\<^isub>1 \<union> Z \<and> Y \<union> Z \<noteq> X \<and> \<not> X \<subseteq> x\<^isub>1 \<union> Z" by (metis F1)
   19.65 -        hence "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a \<Rightarrow> bool. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis Un_upper2) }
   19.66 -      ultimately have "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a \<Rightarrow> bool. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis AAA1) }
   19.67 -    ultimately have "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a \<Rightarrow> bool. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by blast }
   19.68 -  moreover
   19.69 -  { assume "\<not> Y \<subseteq> X"
   19.70 -    hence "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a \<Rightarrow> bool. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis F1) }
   19.71 -  ultimately show "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a \<Rightarrow> bool. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by metis
   19.72 -qed
   19.73 -
   19.74 -sledgehammer_params [isar_proof, isar_shrink_factor = 2]
   19.75 -
   19.76 -lemma (*equal_union: *)
   19.77 -   "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))"
   19.78 -proof -
   19.79 -  have F1: "\<forall>(x\<^isub>2\<Colon>'b \<Rightarrow> bool) x\<^isub>1\<Colon>'b \<Rightarrow> bool. x\<^isub>1 \<subseteq> x\<^isub>2 \<and> x\<^isub>2 \<subseteq> x\<^isub>1 \<longrightarrow> x\<^isub>1 = x\<^isub>2" by (metis Un_commute subset_Un_eq)
   19.80 -  { assume AA1: "\<exists>x\<^isub>1\<Colon>'a \<Rightarrow> bool. (Z \<subseteq> x\<^isub>1 \<and> Y \<subseteq> x\<^isub>1) \<and> \<not> X \<subseteq> x\<^isub>1"
   19.81 -    { assume AAA1: "Y \<subseteq> X \<and> Y \<union> Z \<noteq> X"
   19.82 -      { assume "\<not> Z \<subseteq> X"
   19.83 -        hence "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a \<Rightarrow> bool. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis Un_upper2) }
   19.84 -      moreover
   19.85 -      { assume "Y \<union> Z \<subseteq> X \<and> X \<noteq> Y \<union> Z"
   19.86 -        hence "\<exists>x\<^isub>1\<Colon>'a \<Rightarrow> bool. Y \<subseteq> x\<^isub>1 \<union> Z \<and> Y \<union> Z \<noteq> X \<and> \<not> X \<subseteq> x\<^isub>1 \<union> Z" by (metis F1 Un_commute Un_upper2)
   19.87 -        hence "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a \<Rightarrow> bool. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis Un_upper2) }
   19.88 -      ultimately have "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a \<Rightarrow> bool. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis AAA1 Un_subset_iff) }
   19.89 -    moreover
   19.90 -    { assume "\<not> Y \<subseteq> X"
   19.91 -      hence "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a \<Rightarrow> bool. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis Un_commute Un_upper2) }
   19.92 -    ultimately have "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a \<Rightarrow> bool. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis AA1 Un_subset_iff) }
   19.93 -  moreover
   19.94 -  { assume "\<not> Z \<subseteq> X"
   19.95 -    hence "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a \<Rightarrow> bool. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis Un_upper2) }
   19.96 -  moreover
   19.97 -  { assume "\<not> Y \<subseteq> X"
   19.98 -    hence "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a \<Rightarrow> bool. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis Un_commute Un_upper2) }
   19.99 -  moreover
  19.100 -  { assume AA1: "Y \<subseteq> X \<and> Y \<union> Z \<noteq> X"
  19.101 -    { assume "\<not> Z \<subseteq> X"
  19.102 -      hence "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a \<Rightarrow> bool. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis Un_upper2) }
  19.103 -    moreover
  19.104 -    { assume "Y \<union> Z \<subseteq> X \<and> X \<noteq> Y \<union> Z"
  19.105 -      hence "\<exists>x\<^isub>1\<Colon>'a \<Rightarrow> bool. Y \<subseteq> x\<^isub>1 \<union> Z \<and> Y \<union> Z \<noteq> X \<and> \<not> X \<subseteq> x\<^isub>1 \<union> Z" by (metis F1 Un_commute Un_upper2)
  19.106 -      hence "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a \<Rightarrow> bool. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis Un_upper2) }
  19.107 -    ultimately have "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a \<Rightarrow> bool. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis AA1 Un_subset_iff) }
  19.108 -  ultimately show "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a \<Rightarrow> bool. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by metis
  19.109 -qed
  19.110 -
  19.111 -sledgehammer_params [isar_proof, isar_shrink_factor = 3]
  19.112 -
  19.113 -lemma (*equal_union: *)
  19.114 -   "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))"
  19.115 -proof -
  19.116 -  have F1a: "\<forall>(x\<^isub>2\<Colon>'b \<Rightarrow> bool) x\<^isub>1\<Colon>'b \<Rightarrow> bool. x\<^isub>1 \<subseteq> x\<^isub>2 \<longrightarrow> x\<^isub>2 = x\<^isub>2 \<union> x\<^isub>1" by (metis Un_commute subset_Un_eq)
  19.117 -  have F1: "\<forall>(x\<^isub>2\<Colon>'b \<Rightarrow> bool) x\<^isub>1\<Colon>'b \<Rightarrow> bool. x\<^isub>1 \<subseteq> x\<^isub>2 \<and> x\<^isub>2 \<subseteq> x\<^isub>1 \<longrightarrow> x\<^isub>1 = x\<^isub>2" by (metis F1a subset_Un_eq)
  19.118 -  { assume "(Z \<subseteq> X \<and> Y \<subseteq> X) \<and> Y \<union> Z \<noteq> X"
  19.119 -    hence "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a \<Rightarrow> bool. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis F1 Un_commute Un_subset_iff Un_upper2) }
  19.120 -  moreover
  19.121 -  { assume AA1: "\<exists>x\<^isub>1\<Colon>'a \<Rightarrow> bool. (Z \<subseteq> x\<^isub>1 \<and> Y \<subseteq> x\<^isub>1) \<and> \<not> X \<subseteq> x\<^isub>1"
  19.122 -    { assume "(Z \<subseteq> X \<and> Y \<subseteq> X) \<and> Y \<union> Z \<noteq> X"
  19.123 -      hence "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a \<Rightarrow> bool. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis F1 Un_commute Un_subset_iff Un_upper2) }
  19.124 -    hence "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a \<Rightarrow> bool. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis AA1 Un_commute Un_subset_iff Un_upper2) }
  19.125 -  ultimately show "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a \<Rightarrow> bool. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis Un_commute Un_upper2)
  19.126 -qed
  19.127 -
  19.128 -sledgehammer_params [isar_proof, isar_shrink_factor = 4]
  19.129 -
  19.130 -lemma (*equal_union: *)
  19.131 -   "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))"
  19.132 -proof -
  19.133 -  have F1: "\<forall>(x\<^isub>2\<Colon>'b \<Rightarrow> bool) x\<^isub>1\<Colon>'b \<Rightarrow> bool. x\<^isub>1 \<subseteq> x\<^isub>2 \<and> x\<^isub>2 \<subseteq> x\<^isub>1 \<longrightarrow> x\<^isub>1 = x\<^isub>2" by (metis Un_commute subset_Un_eq)
  19.134 -  { assume "\<not> Y \<subseteq> X"
  19.135 -    hence "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a \<Rightarrow> bool. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis Un_commute Un_upper2) }
  19.136 -  moreover
  19.137 -  { assume AA1: "Y \<subseteq> X \<and> Y \<union> Z \<noteq> X"
  19.138 -    { assume "\<exists>x\<^isub>1\<Colon>'a \<Rightarrow> bool. Y \<subseteq> x\<^isub>1 \<union> Z \<and> Y \<union> Z \<noteq> X \<and> \<not> X \<subseteq> x\<^isub>1 \<union> Z"
  19.139 -      hence "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a \<Rightarrow> bool. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis Un_upper2) }
  19.140 -    hence "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a \<Rightarrow> bool. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis AA1 F1 Un_commute Un_subset_iff Un_upper2) }
  19.141 -  ultimately show "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V\<Colon>'a \<Rightarrow> bool. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))" by (metis Un_subset_iff Un_upper2)
  19.142 -qed
  19.143 -
  19.144 -sledgehammer_params [isar_proof, isar_shrink_factor = 1]
  19.145 -
  19.146 -lemma (*equal_union: *)
  19.147 -   "(X = Y \<union> Z) = (Y \<subseteq> X \<and> Z \<subseteq> X \<and> (\<forall>V. Y \<subseteq> V \<and> Z \<subseteq> V \<longrightarrow> X \<subseteq> V))"
  19.148 -by (metis Un_least Un_upper1 Un_upper2 set_eq_subset)
  19.149 -
  19.150 -lemma "(X = Y \<inter> Z) = (X \<subseteq> Y \<and> X \<subseteq> Z \<and> (\<forall>V. V \<subseteq> Y \<and> V \<subseteq> Z \<longrightarrow> V \<subseteq> X))"
  19.151 -by (metis Int_greatest Int_lower1 Int_lower2 subset_antisym)
  19.152 -
  19.153 -lemma fixedpoint: "\<exists>!x. f (g x) = x \<Longrightarrow> \<exists>!y. g (f y) = y"
  19.154 -by metis
  19.155 -
  19.156 -lemma (* fixedpoint: *) "\<exists>!x. f (g x) = x \<Longrightarrow> \<exists>!y. g (f y) = y"
  19.157 -proof -
  19.158 -  assume "\<exists>!x\<Colon>'a. f (g x) = x"
  19.159 -  thus "\<exists>!y\<Colon>'b. g (f y) = y" by metis
  19.160 -qed
  19.161 -
  19.162 -lemma (* singleton_example_2: *)
  19.163 -     "\<forall>x \<in> S. \<Union>S \<subseteq> x \<Longrightarrow> \<exists>z. S \<subseteq> {z}"
  19.164 -by (metis Set.subsetI Union_upper insertCI set_eq_subset)
  19.165 -
  19.166 -lemma (* singleton_example_2: *)
  19.167 -     "\<forall>x \<in> S. \<Union>S \<subseteq> x \<Longrightarrow> \<exists>z. S \<subseteq> {z}"
  19.168 -by (metis Set.subsetI Union_upper insert_iff set_eq_subset)
  19.169 -
  19.170 -lemma singleton_example_2:
  19.171 -     "\<forall>x \<in> S. \<Union>S \<subseteq> x \<Longrightarrow> \<exists>z. S \<subseteq> {z}"
  19.172 -proof -
  19.173 -  assume "\<forall>x \<in> S. \<Union>S \<subseteq> x"
  19.174 -  hence "\<forall>x\<^isub>1. x\<^isub>1 \<subseteq> \<Union>S \<and> x\<^isub>1 \<in> S \<longrightarrow> x\<^isub>1 = \<Union>S" by (metis set_eq_subset)
  19.175 -  hence "\<forall>x\<^isub>1. x\<^isub>1 \<in> S \<longrightarrow> x\<^isub>1 = \<Union>S" by (metis Union_upper)
  19.176 -  hence "\<forall>x\<^isub>1\<Colon>('a \<Rightarrow> bool) \<Rightarrow> bool. \<Union>S \<in> x\<^isub>1 \<longrightarrow> S \<subseteq> x\<^isub>1" by (metis subsetI)
  19.177 -  hence "\<forall>x\<^isub>1\<Colon>('a \<Rightarrow> bool) \<Rightarrow> bool. S \<subseteq> insert (\<Union>S) x\<^isub>1" by (metis insert_iff)
  19.178 -  thus "\<exists>z. S \<subseteq> {z}" by metis
  19.179 -qed
  19.180 -
  19.181 -text {*
  19.182 -  From W. W. Bledsoe and Guohui Feng, SET-VAR. JAR 11 (3), 1993, pages
  19.183 -  293-314.
  19.184 -*}
  19.185 -
  19.186 -(* Notes: (1) The numbering doesn't completely agree with the paper.
  19.187 -   (2) We must rename set variables to avoid type clashes. *)
  19.188 -lemma "\<exists>B. (\<forall>x \<in> B. x \<le> (0::int))"
  19.189 -      "D \<in> F \<Longrightarrow> \<exists>G. \<forall>A \<in> G. \<exists>B \<in> F. A \<subseteq> B"
  19.190 -      "P a \<Longrightarrow> \<exists>A. (\<forall>x \<in> A. P x) \<and> (\<exists>y. y \<in> A)"
  19.191 -      "a < b \<and> b < (c::int) \<Longrightarrow> \<exists>B. a \<notin> B \<and> b \<in> B \<and> c \<notin> B"
  19.192 -      "P (f b) \<Longrightarrow> \<exists>s A. (\<forall>x \<in> A. P x) \<and> f s \<in> A"
  19.193 -      "P (f b) \<Longrightarrow> \<exists>s A. (\<forall>x \<in> A. P x) \<and> f s \<in> A"
  19.194 -      "\<exists>A. a \<notin> A"
  19.195 -      "(\<forall>C. (0, 0) \<in> C \<and> (\<forall>x y. (x, y) \<in> C \<longrightarrow> (Suc x, Suc y) \<in> C) \<longrightarrow> (n, m) \<in> C) \<and> Q n \<longrightarrow> Q m"
  19.196 -       apply (metis all_not_in_conv)
  19.197 -      apply (metis all_not_in_conv)
  19.198 -     apply (metis mem_def)
  19.199 -    apply (metis less_int_def singleton_iff)
  19.200 -   apply (metis mem_def)
  19.201 -  apply (metis mem_def)
  19.202 - apply (metis all_not_in_conv)
  19.203 -by (metis pair_in_Id_conv)
  19.204 -
  19.205 -end