Old_HOL: comparison LList.ML

equal deleted inserted replaced

-:142f1eb707b4
+:befa4e9f7c90
 Author: 	Lawrence C Paulson, Cambridge University Computer Laboratory
 Copyright   1993  University of Cambridge
 For llist.thy.
-SHOULD LListD_Fun_CONS_I, etc., be equations (for rewriting)
+SHOULD LListD_Fun_CONS_I, etc., be equations (for rewriting)?
+TOO LONG!  needs splitting up
 *)
 open LList;
 (** Simplification **)
 val llist_simps = [case_Inl, case_Inr];
 val llist_ss = univ_ss addsimps llist_simps
-setloop (split_tac [expand_split,expand_case]);
+addcongs [split_weak_cong, case_weak_cong]
+setloop (split_tac [expand_split, expand_case]);
 (** the llist functional **)
 val LList_unfold = rewrite_rule [List_Fun_def]
 	 (List_Fun_mono RS (LList_def RS def_gfp_Tarski));
 (*** Type checking by co-induction, using List_Fun ***)
 val prems = goalw LList.thy [LList_def]
-"[| M: X;  X <= List_Fun(A,X) |] ==> M: LList(A)";
+"[| M : X;  X <= List_Fun(A, X Un LList(A)) |] ==>  M : LList(A)";
-by (REPEAT (resolve_tac (prems@[coinduct]) 1));
+by (REPEAT (resolve_tac (prems@[List_Fun_mono RS coinduct]) 1));
 val LList_coinduct = result();
-(*stronger version*)
-val prems = goalw LList.thy [LList_def]
-"[| M : X;  X <= List_Fun(A, X) Un LList(A) |] ==>  M : LList(A)";
-by (REPEAT (resolve_tac (prems@[coinduct2,List_Fun_mono]) 1));
-val LList_coinduct2 = result();
 (** Rules to prove the 2nd premise of LList_coinduct **)
 goalw LList.thy [List_Fun_def,NIL_def] "NIL: List_Fun(A,X)";
 by (resolve_tac [singletonI RS usum_In0I] 1);
 goalw LList.thy [List_Fun_def,CONS_def]
 "!!M N. [| M: A;  N: X |] ==> CONS(M,N) : List_Fun(A,X)";
 by (REPEAT (ares_tac [uprodI RS usum_In1I] 1));
 val List_Fun_CONS_I = result();
+(*Utilise the "strong" part, i.e. gfp(f)*)
+goalw LList.thy [LList_def]
+"!!M N. M: LList(A) ==> M : List_Fun(A, X Un LList(A))";
+by (etac (List_Fun_mono RS gfp_fun_UnI2) 1);
+val List_Fun_LList_I = result();
 (*** LList_corec satisfies the desired recurion equation ***)
 (*A continuity result?*)
 goalw LList.thy [CONS_def] "CONS(M, UN x.f(x)) = (UN x. CONS(M, f(x)))";
-by(simp_tac (univ_ss addsimps [In1_UN1, Scons_UN1_y]) 1);
+by (simp_tac (univ_ss addsimps [In1_UN1, Scons_UN1_y]) 1);
 val CONS_UN1 = result();
 goal Prod.thy "split(p, %x y.UN z.f(x,y,z)) = (UN z. split(p, %x y.f(x,y,z)))";
-by(simp_tac (pair_ss setloop (split_tac [expand_split])) 1);
+by (simp_tac (pair_ss setloop (split_tac [expand_split])) 1);
 val split_UN1 = result();
 goal Sum.thy "case(s, f, %y. UN z.g(y,z)) = (UN z. case(s, f, %y. g(y,z)))";
-by(simp_tac (sum_ss setloop (split_tac [expand_case])) 1);
+by (simp_tac (sum_ss setloop (split_tac [expand_case])) 1);
 val case2_UN1 = result();
 val prems = goalw LList.thy [CONS_def]
 "[| M<=M';  N<=N' |] ==> CONS(M,N) <= CONS(M',N')";
 by (REPEAT (resolve_tac ([In1_mono,Scons_mono]@prems) 1));
 goalw LList.thy [LList_corec_def]
 "LList_corec(a,f) <= case(f(a), %u.NIL, \
 \			   %v. split(v, %z w. CONS(z, LList_corec(w,f))))";
 by (rtac UN1_least 1);
 by (nat_ind_tac "k" 1);
-by(ALLGOALS(simp_tac corec_fun_ss));
+by (ALLGOALS(simp_tac corec_fun_ss));
 by (REPEAT (resolve_tac [allI, impI, subset_refl RS CONS_mono, UN1_upper] 1));
 val LList_corec_subset1 = result();
 goalw LList.thy [LList_corec_def]
 "case(f(a), %u.NIL, %v. split(v, %z w. CONS(z, LList_corec(w,f)))) <= \
 goal LList.thy "LList_corec(a,f) : LList({u.True})";
 by (res_inst_tac [("X", "range(%x.LList_corec(x,?g))")] LList_coinduct 1);
 by (rtac rangeI 1);
 by (safe_tac set_cs);
 by (stac LList_corec 1);
-by(simp_tac (llist_ss addsimps [List_Fun_NIL_I,List_Fun_CONS_I,
+by (simp_tac (llist_ss addsimps [List_Fun_NIL_I,List_Fun_CONS_I,
 CollectI, range_eqI]) 1);
 (* 6.7 vs 3.4 !!!
 by (ASM_SIMP_TAC (llist_ss addsimps [List_Fun_NIL_I,List_Fun_CONS_I,
 				    CollectI, rangeI]) 1);
 *)
 val LList_corec_type = result();
 by (rtac rangeI 1);
 by (safe_tac set_cs);
 by (stac LList_corec 1);
 (*nested "case"; requires an explicit split*)
 by (res_inst_tac [("s", "f(xa)")] sumE 1);
-by(asm_simp_tac (univ_ss addsimps (llist_simps@[List_Fun_NIL_I])) 1);
+by (asm_simp_tac (univ_ss addsimps (llist_simps@[List_Fun_NIL_I])) 1);
-by(asm_simp_tac (univ_ss addsimps (llist_simps@[List_Fun_CONS_I, range_eqI])
+by (asm_simp_tac (univ_ss addsimps (llist_simps@[List_Fun_CONS_I, range_eqI])
 setloop (split_tac [expand_split])) 1);
 (* FIXME: can the selection of the case split be automated?
 by (ASM_SIMP_TAC (llist_ss addsimps [List_Fun_CONS_I, rangeI]) 1);*)
 val LList_corec_type2 = result();
 (**** LList equality as a gfp; the bisimulation principle ****)
 goalw LList.thy [LListD_Fun_def] "mono(LListD_Fun(r))";
 by (REPEAT (ares_tac [monoI, subset_refl, dsum_mono, dprod_mono] 1));
-val LListD_fun_mono = result();
+val LListD_Fun_mono = result();
 val LListD_unfold = rewrite_rule [LListD_Fun_def]
-	 (LListD_fun_mono RS (LListD_def RS def_gfp_Tarski));
+	 (LListD_Fun_mono RS (LListD_def RS def_gfp_Tarski));
 goal LList.thy "!M N. <M,N> : LListD(diag(A)) --> ntrunc(k,M) = ntrunc(k,N)";
 by (res_inst_tac [("n", "k")] less_induct 1);
 by (safe_tac set_cs);
 by (etac (LListD_unfold RS equalityD1 RS subsetD RS dsumE) 1);
 by (safe_tac (set_cs addSEs [Pair_inject, dprodE, diagE]));
 by (res_inst_tac [("n", "n")] natE 1);
-by(asm_simp_tac (univ_ss addsimps [ntrunc_0]) 1);
+by (asm_simp_tac (univ_ss addsimps [ntrunc_0]) 1);
 by (res_inst_tac [("n", "xb")] natE 1);
-by(asm_simp_tac (univ_ss addsimps [ntrunc_one_In1]) 1);
+by (asm_simp_tac (univ_ss addsimps [ntrunc_one_In1]) 1);
-by(asm_simp_tac (univ_ss addsimps [ntrunc_In1, ntrunc_Scons]) 1);
+by (asm_simp_tac (univ_ss addsimps [ntrunc_In1, ntrunc_Scons]) 1);
 val LListD_implies_ntrunc_equality = result();
 goalw LList.thy [LList_def,List_Fun_def] "fst``LListD(diag(A)) <= LList(A)";
 by (rtac gfp_upperbound 1);
 by (res_inst_tac [("P", "%x. fst``x <= ?B")] (LListD_unfold RS ssubst) 1);
-by(simp_tac fst_image_ss 1);
+by (simp_tac fst_image_ss 1);
 val fst_image_LListD = result();
 (*This inclusion justifies the use of coinduction to show M=N*)
 goal LList.thy "LListD(diag(A)) <= diag(LList(A))";
 by (rtac subsetI 1);
 goal LList.thy "LListD(diag(A)) = diag(LList(A))";
 by (REPEAT (resolve_tac [equalityI, LListD_subset_diag,
 			 diag_subset_LListD] 1));
 val LListD_eq_diag = result();
-(** To show two LLists are equal, exhibit a bisimulation! **)
+(** To show two LLists are equal, exhibit a bisimulation!
-(* Replace "A" by some particular set, like {x.True}??? *)
+[also admits true equality]
-val prems = goal LList.thy
+Replace "A" by some particular set, like {x.True}??? *)
-"[| <M,N> : r;  r <= LListD_Fun(diag(A), r) |] ==>  M=N";
+goal LList.thy
+"!!r. [| <M,N> : r;  r <= LListD_Fun(diag(A), r Un diag(LList(A))) \
+\         |] ==>  M=N";
 by (rtac (rewrite_rule [LListD_def]
 (LListD_subset_diag RS subsetD RS diagE)) 1);
-by (REPEAT (resolve_tac (prems@[coinduct]) 1));
+by (etac (LListD_Fun_mono RS coinduct) 1);
+by (etac (rewrite_rule [LListD_def] LListD_eq_diag RS ssubst) 1);
 by (safe_tac (set_cs addSEs [Pair_inject]));
 val LList_equalityI = result();
-(*Stronger notion of bisimulation -- also admits true equality*)
-val prems = goal LList.thy
-"[| <M,N> : r;  r <= LListD_Fun(diag(A), r) Un diag(LList(A)) |] ==>  M=N";
-by (rtac (rewrite_rule [LListD_def]
-(LListD_subset_diag RS subsetD RS diagE)) 1);
-by (rtac coinduct2 1);
-by (stac (rewrite_rule [LListD_def] LListD_eq_diag) 2);
-by (REPEAT (resolve_tac (prems@[LListD_fun_mono]) 1));
-by (safe_tac (set_cs addSEs [Pair_inject]));
-val LList_equalityI2 = result();
 (** Rules to prove the 2nd premise of LList_equalityI **)
 goalw LList.thy [LListD_Fun_def,NIL_def] "<NIL,NIL> : LListD_Fun(r,s)";
 by (rtac (singletonI RS diagI RS dsum_In0I) 1);
 val prems = goalw LList.thy [LListD_Fun_def,CONS_def]
 "[| x:A;  <M,N>:s |] ==> <CONS(x,M), CONS(x,N)> : LListD_Fun(diag(A),s)";
 by (rtac (dprodI RS dsum_In1I) 1);
 by (REPEAT (resolve_tac (diagI::prems) 1));
 val LListD_Fun_CONS_I = result();
+(*Utilise the "strong" part, i.e. gfp(f)*)
+goal LList.thy
+"!!M N. M: LList(A) ==> <M,M> : LListD_Fun(diag(A), X Un diag(LList(A)))";
+br (rewrite_rule [LListD_def] LListD_eq_diag RS subst) 1;
+br (LListD_Fun_mono RS gfp_fun_UnI2) 1;
+br (rewrite_rule [LListD_def] LListD_eq_diag RS ssubst) 1;
+be diagI 1;
+val LListD_Fun_diag_I = result();
 (*** Finality of LList(A): Uniqueness of functions defined by corecursion ***)
 (*abstract proof using a bisimulation*)
 		  ("r", "range(%u. <h1(u),h2(u)>)")] LList_equalityI 1);
 by (rtac rangeI 1);
 by (safe_tac set_cs);
 by (stac prem1 1);
 by (stac prem2 1);
-by(simp_tac (llist_ss addsimps [LListD_Fun_NIL_I, range_eqI,
+by (simp_tac (llist_ss addsimps [LListD_Fun_NIL_I, range_eqI,
-				    CollectI RS LListD_Fun_CONS_I]) 1);
+				 CollectI RS LListD_Fun_CONS_I]) 1);
 (* 9.5 vs 9.2/4.1/4.3
 by (ASM_SIMP_TAC (llist_ss addsimps [LListD_Fun_NIL_I, rangeI,
 				    CollectI RS LListD_Fun_CONS_I]) 1);*)
 val LList_corec_unique = result();
 by (rtac ntrunc_one_In1 1);
 val ntrunc_one_CONS = result();
 goalw LList.thy [CONS_def]
 "ntrunc(Suc(Suc(k)), CONS(M,N)) = CONS (ntrunc(k,M), ntrunc(k,N))";
-by(simp_tac (HOL_ss addsimps [ntrunc_Scons,ntrunc_In1]) 1);
+by (simp_tac (HOL_ss addsimps [ntrunc_Scons,ntrunc_In1]) 1);
 val ntrunc_CONS = result();
 val [prem1,prem2] = goal LList.thy
 "[| !!x. h1(x) = case(f(x), %u.NIL, %v. split(v, %z w. CONS(z,h1(w))));  \
 \    !!x. h2(x) = case(f(x), %u.NIL, %v. split(v, %z w. CONS(z,h2(w)))) |] \
 by (res_inst_tac [("x", "x")] spec 1);
 by (res_inst_tac [("n", "k")] less_induct 1);
 by (rtac allI 1);
 by (stac prem1 1);
 by (stac prem2 1);
-by(simp_tac (sum_ss setloop (split_tac [expand_split,expand_case])) 1);
+by (simp_tac (sum_ss setloop (split_tac [expand_split,expand_case])) 1);
 by (strip_tac 1);
 by (res_inst_tac [("n", "n")] natE 1);
 by (res_inst_tac [("n", "xc")] natE 2);
-by(ALLGOALS(asm_simp_tac(nat_ss addsimps
+by (ALLGOALS(asm_simp_tac(nat_ss addsimps
 [ntrunc_0,ntrunc_one_CONS,ntrunc_CONS])));
 val LList_corec_unique = result();
 (*** Lconst -- defined directly using lfp, but equivalent to a LList_corec ***)
 The containing set is simply the singleton {Lconst(M)}. *)
 goal LList.thy "!!M A. M:A ==> Lconst(M): LList(A)";
 by (rtac (singletonI RS LList_coinduct) 1);
 by (safe_tac set_cs);
 by (res_inst_tac [("P", "%u. u: ?A")] (Lconst RS ssubst) 1);
-by (REPEAT (ares_tac [List_Fun_CONS_I, singletonI] 1));
+by (REPEAT (ares_tac [List_Fun_CONS_I, singletonI, UnI1] 1));
 val Lconst_type = result();
 goal LList.thy "Lconst(M) = LList_corec(M, %x.Inr(<x,x>))";
 by (rtac (equals_LList_corec RS fun_cong) 1);
-by(simp_tac sum_ss 1);
+by (simp_tac sum_ss 1);
 by (rtac Lconst 1);
 val Lconst_eq_LList_corec = result();
 (*Thus we could have used gfp in the definition of Lconst*)
 goal LList.thy "gfp(%N. CONS(M, N)) = LList_corec(M, %x.Inr(<x,x>))";
 by (rtac (equals_LList_corec RS fun_cong) 1);
-by(simp_tac sum_ss 1);
+by (simp_tac sum_ss 1);
 by (rtac (Lconst_fun_mono RS gfp_Tarski) 1);
 val gfp_Lconst_eq_LList_corec = result();
 (** Introduction rules for LList constructors **)
 val [MList,gMList,NILcase,CONScase] = goal LList.thy
 "[| M: LList(A); g(NIL): LList(A); 				\
 \    f(NIL)=g(NIL);						\
 \    !!x l. [| x:A;  l: LList(A) |] ==>				\
 \	    <f(CONS(x,l)),g(CONS(x,l))> :			\
-\               LListD_Fun(diag(A), (%u.<f(u),g(u)>)``LList(A)) Un  \
+\               LListD_Fun(diag(A), (%u.<f(u),g(u)>)``LList(A) Un  \
-\               diag(LList(A))	\
+\                                   diag(LList(A)))		\
 \ |] ==> f(M) = g(M)";
-by (rtac LList_equalityI2 1);
+by (rtac LList_equalityI 1);
 br (MList RS imageI) 1;
 by (rtac subsetI 1);
 by (etac imageE 1);
 by (etac ssubst 1);
 by (etac LListE 1);
 by (etac ssubst 1);
 by (stac NILcase 1);
-br (gMList RS diagI RS UnI2) 1;
+br (gMList RS LListD_Fun_diag_I) 1;
 by (etac ssubst 1);
 by (REPEAT (ares_tac [CONScase] 1));
 val LList_fun_equalityI = result();
 (*** The functional "Lmap" ***)
 goal LList.thy "Lmap(f,NIL) = NIL";
 by (rtac (Lmap_def RS def_LList_corec RS trans) 1);
-by(simp_tac List_case_ss 1);
+by (simp_tac List_case_ss 1);
 val Lmap_NIL = result();
 goal LList.thy "Lmap(f, CONS(M,N)) = CONS(f(M), Lmap(f,N))";
 by (rtac (Lmap_def RS def_LList_corec RS trans) 1);
-by(simp_tac List_case_ss 1);
+by (simp_tac List_case_ss 1);
 val Lmap_CONS = result();
 (*Another type-checking proof by coinduction*)
 val [major,minor] = goal LList.thy
 "[| M: LList(A);  !!x. x:A ==> f(x):B |] ==> Lmap(f,M): LList(B)";
 by (rtac (major RS imageI RS LList_coinduct) 1);
 by (safe_tac set_cs);
 by (etac LListE 1);
-by(ALLGOALS (asm_simp_tac (HOL_ss addsimps [Lmap_NIL,Lmap_CONS])));
+by (ALLGOALS (asm_simp_tac (HOL_ss addsimps [Lmap_NIL,Lmap_CONS])));
-by (REPEAT (ares_tac [List_Fun_NIL_I, List_Fun_CONS_I, minor, imageI] 1));
+by (REPEAT (ares_tac [List_Fun_NIL_I, List_Fun_CONS_I,
+		      minor, imageI, UnI1] 1));
 val Lmap_type = result();
 (*This type checking rule synthesises a sufficiently large set for f*)
 val [major] = goal LList.thy  "M: LList(A) ==> Lmap(f,M): LList(f``A)";
 by (rtac (major RS Lmap_type) 1);
 "M: LList(A) ==> Lmap(f o g, M) = Lmap(f, Lmap(g, M))";
 by (rtac (prem RS imageI RS LList_equalityI) 1);
 by (stac o_def 1);
 by (safe_tac set_cs);
 by (etac LListE 1);
-by(ALLGOALS (asm_simp_tac (HOL_ss addsimps [Lmap_NIL,Lmap_CONS])));
+by (ALLGOALS (asm_simp_tac (HOL_ss addsimps [Lmap_NIL,Lmap_CONS])));
-by (REPEAT (ares_tac [LListD_Fun_NIL_I, imageI,
+by (REPEAT (ares_tac [LListD_Fun_NIL_I, imageI, UnI1,
-			 rangeI RS LListD_Fun_CONS_I] 1));
+		      rangeI RS LListD_Fun_CONS_I] 1));
 val Lmap_compose = result();
 val [prem] = goal LList.thy "M: LList(A) ==> Lmap(%x.x, M) = M";
 by (rtac (prem RS imageI RS LList_equalityI) 1);
 by (safe_tac set_cs);
 by (etac LListE 1);
-by(ALLGOALS (asm_simp_tac (HOL_ss addsimps [Lmap_NIL,Lmap_CONS])));
+by (ALLGOALS (asm_simp_tac (HOL_ss addsimps [Lmap_NIL,Lmap_CONS])));
-by (REPEAT (ares_tac [LListD_Fun_NIL_I, imageI,
+by (REPEAT (ares_tac [LListD_Fun_NIL_I, imageI RS UnI1,
-			 rangeI RS LListD_Fun_CONS_I] 1));
+		      rangeI RS LListD_Fun_CONS_I] 1));
 val Lmap_ident = result();
 (*** Lappend -- its two arguments cause some complications! ***)
 goalw LList.thy [Lappend_def] "Lappend(NIL,NIL) = NIL";
 by (rtac (LList_corec RS trans) 1);
 (* takes 2.4(3.4 w NORM) vs 0.9 w/o NORM terms *)
-by(simp_tac List_case_ss 1);
+by (simp_tac List_case_ss 1);
 (*by (SIMP_TAC List_case_ss 1);*)
 val Lappend_NIL_NIL = result();
 goalw LList.thy [Lappend_def]
 "Lappend(NIL,CONS(N,N')) = CONS(N, Lappend(NIL,N'))";
 by (rtac (LList_corec RS trans) 1);
 (* takes 5(7 w NORM) vs 2.1 w/o NORM terms *)
-by(simp_tac List_case_ss 1);
+by (simp_tac List_case_ss 1);
 (*by (SIMP_TAC List_case_ss 1);*)
 val Lappend_NIL_CONS = result();
 goalw LList.thy [Lappend_def]
 "Lappend(CONS(M,M'), N) = CONS(M, Lappend(M',N))";
 by (rtac (LList_corec RS trans) 1);
 (* takes 4.9(6.7) vs 2.2 w/o NORM terms *)
-by(simp_tac List_case_ss 1);
+by (simp_tac List_case_ss 1);
 (*by (SIMP_TAC List_case_ss 1);*)
 val Lappend_CONS = result();
 val Lappend_ss = List_case_ss addsimps
 [NIL_LListI, Lappend_NIL_NIL, Lappend_NIL_CONS,
 val Lappend_type = result();
 (*strong co-induction: bisimulation and case analysis on one variable*)
 goal LList.thy
 "!!M N. [| M: LList(A); N: LList(A) |] ==> Lappend(M,N): LList(A)";
-by (res_inst_tac [("X", "(%u.Lappend(u,N))``LList(A)")] LList_coinduct2 1);
+by (res_inst_tac [("X", "(%u.Lappend(u,N))``LList(A)")] LList_coinduct 1);
-fe imageI;
+be imageI 1;
 br subsetI 1;
 be imageE 1;
 by (eres_inst_tac [("L", "u")] LListE 1);
-by (asm_simp_tac (Lappend_ss addsimps [Lappend_NIL]) 1);
+by (asm_simp_tac (Lappend_ss addsimps [Lappend_NIL, List_Fun_LList_I]) 1);
 by (asm_simp_tac Lappend_ss 1);
 by (fast_tac (set_cs addSIs [List_Fun_CONS_I]) 1);
 val Lappend_type = result();
 (**** Lazy lists as the type 'a llist -- strongly typed versions of above ****)
 		 Abs_LList_inverse, Rep_LList_inverse, NIL_LListI, CONS_LListI,
 		 Rep_LList, rangeI, inj_Leaf, Inv_f_f];
 val Rep_LList_ss = llist_ss addsimps Rep_LList_simps;
 goalw LList.thy [llist_case_def,LNil_def]  "llist_case(LNil, c, d) = c";
-by(simp_tac Rep_LList_ss 1);
+by (simp_tac Rep_LList_ss 1);
 val llist_case_LNil = result();
 goalw LList.thy [llist_case_def,LCons_def]
 "llist_case(LCons(M,N), c, d) = d(M,N)";
-by(simp_tac Rep_LList_ss 1);
+by (simp_tac Rep_LList_ss 1);
 val llist_case_LCons = result();
 (*Elimination is case analysis, not induction.*)
 val [prem1,prem2] = goalw LList.thy [NIL_def,CONS_def]
 "[| l=LNil ==> P;  !!x l'. l=LCons(x,l') ==> P \
 by (rtac (inj_Rep_LList RS injD RS prem1) 1);
 by (stac Rep_LList_LNil 1);
 by (assume_tac 1);
 by (etac rangeE 1);
 by (rtac (inj_Rep_LList RS injD RS prem2) 1);
-by(asm_simp_tac (HOL_ss addsimps [Rep_LList_LCons]) 1);
+by (asm_simp_tac (HOL_ss addsimps [Rep_LList_LCons]) 1);
 by (etac (Abs_LList_inverse RS ssubst) 1);
 by (rtac refl 1);
 val llistE = result();
 (** llist_corec: corecursion for 'a llist **)
 goalw LList.thy [llist_corec_def,LNil_def,LCons_def]
 "llist_corec(a,f) = case(f(a), %u. LNil, \
 \			     %v. split(v, %z w. LCons(z, llist_corec(w,f))))";
 by (stac LList_corec 1);
-by(res_inst_tac [("s","f(a)")] sumE 1);
+by (res_inst_tac [("s","f(a)")] sumE 1);
-by(asm_simp_tac (llist_ss addsimps [LList_corec_type2,Abs_LList_inverse]) 1);
+by (asm_simp_tac (llist_ss addsimps [LList_corec_type2,Abs_LList_inverse]) 1);
-by(res_inst_tac [("p","y")] PairE 1);
+by (res_inst_tac [("p","y")] PairE 1);
-by(asm_simp_tac (llist_ss addsimps [LList_corec_type2,Abs_LList_inverse]) 1);
+by (asm_simp_tac (llist_ss addsimps [LList_corec_type2,Abs_LList_inverse]) 1);
 (*FIXME: correct case splits usd to be found automatically:
-by(ASM_SIMP_TAC(llist_ss addsimps [LList_corec_type2,Abs_LList_inverse]) 1);*)
+by (ASM_SIMP_TAC(llist_ss addsimps [LList_corec_type2,Abs_LList_inverse]) 1);*)
 val llist_corec = result();
 (*definitional version of same*)
 val [rew] = goal LList.thy
 "[| !!x. h(x) == llist_corec(x,f) |] ==>	\
 "r <= Sigma(LList(range(Leaf)), %x.LList(range(Leaf))) ==> \
 \    prod_fun(Rep_LList o Abs_LList, Rep_LList o Abs_LList) `` r <= r";
 by (safe_tac (set_cs addSEs [prod_fun_imageE]));
 by (rtac (prem RS subsetD RS SigmaE2) 1);
 by (assume_tac 1);
-by(asm_simp_tac (HOL_ss addsimps [o_def,prod_fun,Abs_LList_inverse]) 1);
+by (asm_simp_tac (HOL_ss addsimps [o_def,prod_fun,Abs_LList_inverse]) 1);
 val prod_fun_lemma = result();
-(** To show two llists are equal, exhibit a bisimulation! **)
+goal LList.thy
+"prod_fun(Rep_LList, Rep_LList) `` range(%x. <x, x>) = \
+\    diag(LList(range(Leaf)))";
+br equalityI 1;
+by (fast_tac (set_cs addIs  [diagI, Rep_LList]
+		     addSEs [prod_fun_imageE, Pair_inject]) 1);
+by (fast_tac (set_cs addIs  [prod_fun_imageI, rangeI]
+		     addSEs [diagE, Abs_LList_inverse RS subst]) 1);
+val prod_fun_range_eq_diag = result();
+(** To show two llists are equal, exhibit a bisimulation!
+[also admits true equality] **)
 val [prem1,prem2] = goalw LList.thy [llistD_Fun_def]
-"[| <l1,l2> : r;  r <= llistD_Fun(r) |] ==>  l1=l2";
+"[| <l1,l2> : r;  r <= llistD_Fun(r Un range(%x.<x,x>)) |] ==> l1=l2";
 by (rtac (inj_Rep_LList RS injD) 1);
-by (res_inst_tac [("r", "prod_fun(Rep_LList,Rep_LList)``r")]
+by (res_inst_tac [("r", "prod_fun(Rep_LList,Rep_LList)``r"),
+		  ("A", "range(Leaf)")]
 	LList_equalityI 1);
 by (rtac (prem1 RS prod_fun_imageI) 1);
 by (rtac (prem2 RS image_mono RS subset_trans) 1);
 by (rtac (image_compose RS subst) 1);
 by (rtac (prod_fun_compose RS subst) 1);
-by (rtac (subset_Sigma_LList RS LListD_Fun_subset_Sigma_LList RS
+by (rtac (image_Un RS ssubst) 1);
-	  prod_fun_lemma) 1);
+by (stac prod_fun_range_eq_diag 1);
+by (rtac (LListD_Fun_subset_Sigma_LList RS prod_fun_lemma) 1);
+by (rtac (subset_Sigma_LList RS Un_least) 1);
+by (rtac diag_subset_Sigma 1);
 val llist_equalityI = result();
-(*Stronger notion of bisimulation -- also admits true equality*)
-val [prem1,prem2] = goalw LList.thy [llistD_Fun_def]
-"[| <l1,l2> : r;  r <= llistD_Fun(r) Un range(%x.<x,x>) |] ==> l1=l2";
-by (rtac (inj_Rep_LList RS injD) 1);
-by (res_inst_tac [("r", "prod_fun(Rep_LList,Rep_LList)``r"),
-		  ("A", "range(Leaf)")]
-	LList_equalityI2 1);
-by (rtac (prem1 RS prod_fun_imageI) 1);
-by (rtac (prem2 RS image_mono RS subset_trans) 1);
-by (rtac (image_Un RS ssubst) 1);
-by (rtac Un_least 1);
-by (rtac (image_compose RS subst) 1);
-by (rtac (prod_fun_compose RS subst) 1);
-by (rtac (subset_Sigma_LList RS LListD_Fun_subset_Sigma_LList RS
-	  prod_fun_lemma RS subset_trans) 1);
-by (rtac Un_upper1 1);
-by (fast_tac (set_cs addSEs [prod_fun_imageE, Pair_inject]
-addIs [diagI,Rep_LList]) 1);
-val llist_equalityI2 = result();
 (** Rules to prove the 2nd premise of llist_equalityI **)
 goalw LList.thy [llistD_Fun_def,LNil_def] "<LNil,LNil> : llistD_Fun(r)";
 by (rtac (LListD_Fun_NIL_I RS prod_fun_imageI) 1);
 val llistD_Fun_LNil_I = result();
 "<l1,l2>:r ==> <LCons(x,l1), LCons(x,l2)> : llistD_Fun(r)";
 by (rtac (rangeI RS LListD_Fun_CONS_I RS prod_fun_imageI) 1);
 by (rtac (prem RS prod_fun_imageI) 1);
 val llistD_Fun_LCons_I = result();
+(*Utilise the "strong" part, i.e. gfp(f)*)
+goalw LList.thy [llistD_Fun_def]
+"!!l. <l,l> : llistD_Fun(r Un range(%x.<x,x>))";
+br (Rep_LList_inverse RS subst) 1;
+br prod_fun_imageI 1;
+by (rtac (image_Un RS ssubst) 1);
+by (stac prod_fun_range_eq_diag 1);
+br (Rep_LList RS LListD_Fun_diag_I) 1;
+val llistD_Fun_range_I = result();
 (*A special case of list_equality for functions over lazy lists*)
 val [prem1,prem2] = goal LList.thy
 "[| f(LNil)=g(LNil);						\
 \       !!x l. <f(LCons(x,l)),g(LCons(x,l))> :				\
-\              llistD_Fun(range(%u. <f(u),g(u)>)) Un range(%v. <v,v>)	\
+\              llistD_Fun(range(%u. <f(u),g(u)>) Un range(%v. <v,v>))	\
 \    |]	==> f(l) = g(l :: 'a llist) :: 'b llist";
-by (res_inst_tac [("r", "range(%u. <f(u),g(u)>)")] llist_equalityI2 1);
+by (res_inst_tac [("r", "range(%u. <f(u),g(u)>)")] llist_equalityI 1);
 by (rtac rangeI 1);
 by (rtac subsetI 1);
 by (etac rangeE 1);
 by (etac ssubst 1);
 by (res_inst_tac [("l", "u")] llistE 1);
 by (etac ssubst 1);
 by (stac prem1 1);
-by (fast_tac set_cs 1);
+by (rtac llistD_Fun_range_I 1);
 by (etac ssubst 1);
 by (rtac prem2 1);
 val llist_fun_equalityI = result();
 (*simpset for llist bisimulations*)
 (*** The functional "lmap" ***)
 goal LList.thy "lmap(f,LNil) = LNil";
 by (rtac (lmap_def RS def_llist_corec RS trans) 1);
-by(simp_tac llistD_ss 1);
+by (simp_tac llistD_ss 1);
 val lmap_LNil = result();
 goal LList.thy "lmap(f, LCons(M,N)) = LCons(f(M), lmap(f,N))";
 by (rtac (lmap_def RS def_llist_corec RS trans) 1);
-by(simp_tac llistD_ss 1);
+by (simp_tac llistD_ss 1);
 val lmap_LCons = result();
 (** Two easy results about lmap **)
 (*** iterates -- llist_fun_equalityI cannot be used! ***)
 goal LList.thy "iterates(f,x) = LCons(x, iterates(f,f(x)))";
 by (rtac (iterates_def RS def_llist_corec RS trans) 1);
-by(simp_tac sum_ss 1);
+by (simp_tac sum_ss 1);
 val iterates = result();
 goal LList.thy "lmap(f, iterates(f,x)) = iterates(f,f(x))";
 by (res_inst_tac [("r", "range(%u.<lmap(f,iterates(f,u)),iterates(f,f(u))>)")]
 llist_equalityI 1);
 goal LList.thy
 "nat_rec(n, LCons(b, l), %m. lmap(f)) =	\
 \    LCons(nat_rec(n, b, %m. f), nat_rec(n, l, %m. lmap(f)))";
 by (nat_ind_tac "n" 1);
-by(ALLGOALS (asm_simp_tac (nat_ss addsimps [lmap_LCons])));
+by (ALLGOALS (asm_simp_tac (nat_ss addsimps [lmap_LCons])));
 val fun_power_lmap = result();
 goal Nat.thy "nat_rec(n, g(x), %m. g) = nat_rec(Suc(n), x, %m. g)";
 by (nat_ind_tac "n" 1);
-by(ALLGOALS (asm_simp_tac nat_ss));
+by (ALLGOALS (asm_simp_tac nat_ss));
 val fun_power_Suc = result();
 val Pair_cong = read_instantiate_sg (sign_of Prod.thy)
 [("f","Pair")] (standard(refl RS cong RS cong));
 by (stac fun_power_lmap 1);
 br llistD_Fun_LCons_I 1;
 by (rtac (lmap_iterates RS subst) 1);
 by (stac fun_power_Suc 1);
 by (stac fun_power_Suc 1);
-br UN1_I 1;
+br (UN1_I RS UnI1) 1;
 br rangeI 1;
 val iterates_equality = result();
 (*** lappend -- its two arguments cause some complications! ***)
 goalw LList.thy [lappend_def] "lappend(LNil,LNil) = LNil";
 by (rtac (llist_corec RS trans) 1);
-by(simp_tac llistD_ss 1);
+by (simp_tac llistD_ss 1);
 val lappend_LNil_LNil = result();
 goalw LList.thy [lappend_def]
 "lappend(LNil,LCons(l,l')) = LCons(l, lappend(LNil,l'))";
 by (rtac (llist_corec RS trans) 1);
-by(simp_tac llistD_ss 1);
+by (simp_tac llistD_ss 1);
 (* 3.3(5.7) vs 1.3 !by (SIMP_TAC llistD_ss 1);*)
 val lappend_LNil_LCons = result();
 goalw LList.thy [lappend_def]
 "lappend(LCons(l,l'), N) = LCons(l, lappend(l',N))";
 by (rtac (llist_corec RS trans) 1);
-by(simp_tac llistD_ss 1);
+by (simp_tac llistD_ss 1);
 (* 5(5.5) vs 1.3 !by (SIMP_TAC llistD_ss 1);*)
 val lappend_LCons = result();
 goal LList.thy "lappend(LNil,l) = l";
 by (res_inst_tac [("l","l")] llist_fun_equalityI 1);
 by (res_inst_tac [("l", "l")] llistE 1);
 by (res_inst_tac [("l", "n")] llistE 1);
 by (ALLGOALS (asm_simp_tac (llistD_ss addsimps
 [lappend_LNil_LNil,lappend_LCons,lappend_LNil_LCons,
 lmap_LNil,lmap_LCons])));
-by (REPEAT_SOME (ares_tac [llistD_Fun_LCons_I, UN1_I, rangeI]));
+by (REPEAT_SOME (ares_tac [llistD_Fun_LCons_I, UN1_I RS UnI1, rangeI]));
 by (rtac range_eqI 1);
 by (rtac (refl RS Pair_cong) 1);
 by (stac lmap_LNil 1);
 by (rtac refl 1);
 val lmap_lappend_distrib = result();
-(*Shorter proof of the theorem above using llist_equalityI2*)
+(*Shorter proof of theorem above using llist_equalityI as strong coinduction*)
 goal LList.thy "lmap(f, lappend(l,n)) = lappend(lmap(f,l), lmap(f,n))";
 by (res_inst_tac [("l","l")] llist_fun_equalityI 1);
 by (simp_tac (llistD_ss addsimps [lappend_LNil, lmap_LNil])1);
 by (simp_tac (llistD_ss addsimps [lappend_LCons, lmap_LCons]) 1);
 val lmap_lappend_distrib = result();
-(*Without llist_equalityI2, three case analyses might be needed*)
+(*Without strong coinduction, three case analyses might be needed*)
 goal LList.thy "lappend(lappend(l1,l2) ,l3) = lappend(l1, lappend(l2,l3))";
 by (res_inst_tac [("l","l1")] llist_fun_equalityI 1);
 by (simp_tac (llistD_ss addsimps [lappend_LNil])1);
 by (simp_tac (llistD_ss addsimps [lappend_LCons]) 1);
 val lappend_assoc = result();

changeset 2	befa4e9f7c90
parent 0	7949f97df77a
child 22	17b6487e1ac7