author | haftmann |
Mon, 15 Jun 2009 08:16:08 +0200 | |
changeset 31636 | 138625ae4067 |
parent 24893 | b8ef7afe3a6b |
child 35762 | af3ff2ba4c54 |
permissions | -rw-r--r-- |
13165 | 1 |
(* Title: ZF/WF.thy |
0 | 2 |
ID: $Id$ |
1478 | 3 |
Author: Tobias Nipkow and Lawrence C Paulson |
435 | 4 |
Copyright 1994 University of Cambridge |
0 | 5 |
|
13165 | 6 |
Derived first for transitive relations, and finally for arbitrary WF relations |
7 |
via wf_trancl and trans_trancl. |
|
8 |
||
9 |
It is difficult to derive this general case directly, using r^+ instead of |
|
10 |
r. In is_recfun, the two occurrences of the relation must have the same |
|
11 |
form. Inserting r^+ in the_recfun or wftrec yields a recursion rule with |
|
12 |
r^+ -`` {a} instead of r-``{a}. This recursion rule is stronger in |
|
13 |
principle, but harder to use, especially to prove wfrec_eclose_eq in |
|
14 |
epsilon.ML. Expanding out the definition of wftrec in wfrec would yield |
|
15 |
a mess. |
|
0 | 16 |
*) |
17 |
||
13356 | 18 |
header{*Well-Founded Recursion*} |
19 |
||
16417 | 20 |
theory WF imports Trancl begin |
13165 | 21 |
|
24893 | 22 |
definition |
23 |
wf :: "i=>o" where |
|
13165 | 24 |
(*r is a well-founded relation*) |
25 |
"wf(r) == ALL Z. Z=0 | (EX x:Z. ALL y. <y,x>:r --> ~ y:Z)" |
|
26 |
||
24893 | 27 |
definition |
28 |
wf_on :: "[i,i]=>o" ("wf[_]'(_')") where |
|
13165 | 29 |
(*r is well-founded on A*) |
30 |
"wf_on(A,r) == wf(r Int A*A)" |
|
31 |
||
24893 | 32 |
definition |
33 |
is_recfun :: "[i, i, [i,i]=>i, i] =>o" where |
|
13165 | 34 |
"is_recfun(r,a,H,f) == (f = (lam x: r-``{a}. H(x, restrict(f, r-``{x}))))" |
35 |
||
24893 | 36 |
definition |
37 |
the_recfun :: "[i, i, [i,i]=>i] =>i" where |
|
13165 | 38 |
"the_recfun(r,a,H) == (THE f. is_recfun(r,a,H,f))" |
39 |
||
24893 | 40 |
definition |
41 |
wftrec :: "[i, i, [i,i]=>i] =>i" where |
|
13165 | 42 |
"wftrec(r,a,H) == H(a, the_recfun(r,a,H))" |
43 |
||
24893 | 44 |
definition |
45 |
wfrec :: "[i, i, [i,i]=>i] =>i" where |
|
13165 | 46 |
(*public version. Does not require r to be transitive*) |
47 |
"wfrec(r,a,H) == wftrec(r^+, a, %x f. H(x, restrict(f,r-``{x})))" |
|
48 |
||
24893 | 49 |
definition |
50 |
wfrec_on :: "[i, i, i, [i,i]=>i] =>i" ("wfrec[_]'(_,_,_')") where |
|
13165 | 51 |
"wfrec[A](r,a,H) == wfrec(r Int A*A, a, H)" |
52 |
||
53 |
||
13356 | 54 |
subsection{*Well-Founded Relations*} |
13165 | 55 |
|
13634 | 56 |
subsubsection{*Equivalences between @{term wf} and @{term wf_on}*} |
13165 | 57 |
|
58 |
lemma wf_imp_wf_on: "wf(r) ==> wf[A](r)" |
|
13780 | 59 |
by (unfold wf_def wf_on_def, force) |
13165 | 60 |
|
13248 | 61 |
lemma wf_on_imp_wf: "[|wf[A](r); r <= A*A|] ==> wf(r)"; |
62 |
by (simp add: wf_on_def subset_Int_iff) |
|
63 |
||
13165 | 64 |
lemma wf_on_field_imp_wf: "wf[field(r)](r) ==> wf(r)" |
65 |
by (unfold wf_def wf_on_def, fast) |
|
66 |
||
67 |
lemma wf_iff_wf_on_field: "wf(r) <-> wf[field(r)](r)" |
|
68 |
by (blast intro: wf_imp_wf_on wf_on_field_imp_wf) |
|
69 |
||
70 |
lemma wf_on_subset_A: "[| wf[A](r); B<=A |] ==> wf[B](r)" |
|
71 |
by (unfold wf_on_def wf_def, fast) |
|
72 |
||
73 |
lemma wf_on_subset_r: "[| wf[A](r); s<=r |] ==> wf[A](s)" |
|
74 |
by (unfold wf_on_def wf_def, fast) |
|
75 |
||
13217 | 76 |
lemma wf_subset: "[|wf(s); r<=s|] ==> wf(r)" |
77 |
by (simp add: wf_def, fast) |
|
78 |
||
13634 | 79 |
subsubsection{*Introduction Rules for @{term wf_on}*} |
13165 | 80 |
|
13634 | 81 |
text{*If every non-empty subset of @{term A} has an @{term r}-minimal element |
82 |
then we have @{term "wf[A](r)"}.*} |
|
13165 | 83 |
lemma wf_onI: |
84 |
assumes prem: "!!Z u. [| Z<=A; u:Z; ALL x:Z. EX y:Z. <y,x>:r |] ==> False" |
|
85 |
shows "wf[A](r)" |
|
86 |
apply (unfold wf_on_def wf_def) |
|
87 |
apply (rule equals0I [THEN disjCI, THEN allI]) |
|
13784 | 88 |
apply (rule_tac Z = Z in prem, blast+) |
13165 | 89 |
done |
90 |
||
13634 | 91 |
text{*If @{term r} allows well-founded induction over @{term A} |
92 |
then we have @{term "wf[A](r)"}. Premise is equivalent to |
|
22710 | 93 |
@{prop "!!B. ALL x:A. (ALL y. <y,x>: r --> y:B) --> x:B ==> A<=B"} *} |
13165 | 94 |
lemma wf_onI2: |
95 |
assumes prem: "!!y B. [| ALL x:A. (ALL y:A. <y,x>:r --> y:B) --> x:B; y:A |] |
|
96 |
==> y:B" |
|
97 |
shows "wf[A](r)" |
|
98 |
apply (rule wf_onI) |
|
99 |
apply (rule_tac c=u in prem [THEN DiffE]) |
|
100 |
prefer 3 apply blast |
|
101 |
apply fast+ |
|
102 |
done |
|
103 |
||
104 |
||
13634 | 105 |
subsubsection{*Well-founded Induction*} |
13165 | 106 |
|
13634 | 107 |
text{*Consider the least @{term z} in @{term "domain(r)"} such that |
108 |
@{term "P(z)"} does not hold...*} |
|
13534 | 109 |
lemma wf_induct [induct set: wf]: |
13165 | 110 |
"[| wf(r); |
13634 | 111 |
!!x.[| ALL y. <y,x>: r --> P(y) |] ==> P(x) |] |
112 |
==> P(a)" |
|
13165 | 113 |
apply (unfold wf_def) |
13252 | 114 |
apply (erule_tac x = "{z : domain(r). ~ P(z)}" in allE) |
13165 | 115 |
apply blast |
116 |
done |
|
435 | 117 |
|
13534 | 118 |
lemmas wf_induct_rule = wf_induct [rule_format, induct set: wf] |
13203
fac77a839aa2
Tidying up. Mainly moving proofs from Main.thy to other (Isar) theory files.
paulson
parents:
13175
diff
changeset
|
119 |
|
13634 | 120 |
text{*The form of this rule is designed to match @{text wfI}*} |
13165 | 121 |
lemma wf_induct2: |
122 |
"[| wf(r); a:A; field(r)<=A; |
|
123 |
!!x.[| x: A; ALL y. <y,x>: r --> P(y) |] ==> P(x) |] |
|
124 |
==> P(a)" |
|
125 |
apply (erule_tac P="a:A" in rev_mp) |
|
126 |
apply (erule_tac a=a in wf_induct, blast) |
|
127 |
done |
|
128 |
||
129 |
lemma field_Int_square: "field(r Int A*A) <= A" |
|
130 |
by blast |
|
131 |
||
13534 | 132 |
lemma wf_on_induct [consumes 2, induct set: wf_on]: |
13165 | 133 |
"[| wf[A](r); a:A; |
134 |
!!x.[| x: A; ALL y:A. <y,x>: r --> P(y) |] ==> P(x) |
|
135 |
|] ==> P(a)" |
|
136 |
apply (unfold wf_on_def) |
|
137 |
apply (erule wf_induct2, assumption) |
|
138 |
apply (rule field_Int_square, blast) |
|
139 |
done |
|
140 |
||
13534 | 141 |
lemmas wf_on_induct_rule = |
142 |
wf_on_induct [rule_format, consumes 2, induct set: wf_on] |
|
13203
fac77a839aa2
Tidying up. Mainly moving proofs from Main.thy to other (Isar) theory files.
paulson
parents:
13175
diff
changeset
|
143 |
|
fac77a839aa2
Tidying up. Mainly moving proofs from Main.thy to other (Isar) theory files.
paulson
parents:
13175
diff
changeset
|
144 |
|
13634 | 145 |
text{*If @{term r} allows well-founded induction |
146 |
then we have @{term "wf(r)"}.*} |
|
13165 | 147 |
lemma wfI: |
148 |
"[| field(r)<=A; |
|
149 |
!!y B. [| ALL x:A. (ALL y:A. <y,x>:r --> y:B) --> x:B; y:A|] |
|
150 |
==> y:B |] |
|
151 |
==> wf(r)" |
|
152 |
apply (rule wf_on_subset_A [THEN wf_on_field_imp_wf]) |
|
153 |
apply (rule wf_onI2) |
|
154 |
prefer 2 apply blast |
|
155 |
apply blast |
|
156 |
done |
|
157 |
||
158 |
||
13356 | 159 |
subsection{*Basic Properties of Well-Founded Relations*} |
13165 | 160 |
|
161 |
lemma wf_not_refl: "wf(r) ==> <a,a> ~: r" |
|
162 |
by (erule_tac a=a in wf_induct, blast) |
|
163 |
||
164 |
lemma wf_not_sym [rule_format]: "wf(r) ==> ALL x. <a,x>:r --> <x,a> ~: r" |
|
165 |
by (erule_tac a=a in wf_induct, blast) |
|
166 |
||
167 |
(* [| wf(r); <a,x> : r; ~P ==> <x,a> : r |] ==> P *) |
|
168 |
lemmas wf_asym = wf_not_sym [THEN swap, standard] |
|
169 |
||
170 |
lemma wf_on_not_refl: "[| wf[A](r); a: A |] ==> <a,a> ~: r" |
|
13269 | 171 |
by (erule_tac a=a in wf_on_induct, assumption, blast) |
0 | 172 |
|
13165 | 173 |
lemma wf_on_not_sym [rule_format]: |
174 |
"[| wf[A](r); a:A |] ==> ALL b:A. <a,b>:r --> <b,a>~:r" |
|
13269 | 175 |
apply (erule_tac a=a in wf_on_induct, assumption, blast) |
13165 | 176 |
done |
177 |
||
178 |
lemma wf_on_asym: |
|
179 |
"[| wf[A](r); ~Z ==> <a,b> : r; |
|
180 |
<b,a> ~: r ==> Z; ~Z ==> a : A; ~Z ==> b : A |] ==> Z" |
|
13269 | 181 |
by (blast dest: wf_on_not_sym) |
13165 | 182 |
|
183 |
||
184 |
(*Needed to prove well_ordI. Could also reason that wf[A](r) means |
|
185 |
wf(r Int A*A); thus wf( (r Int A*A)^+ ) and use wf_not_refl *) |
|
186 |
lemma wf_on_chain3: |
|
187 |
"[| wf[A](r); <a,b>:r; <b,c>:r; <c,a>:r; a:A; b:A; c:A |] ==> P" |
|
188 |
apply (subgoal_tac "ALL y:A. ALL z:A. <a,y>:r --> <y,z>:r --> <z,a>:r --> P", |
|
189 |
blast) |
|
13269 | 190 |
apply (erule_tac a=a in wf_on_induct, assumption, blast) |
13165 | 191 |
done |
192 |
||
193 |
||
194 |
||
13634 | 195 |
text{*transitive closure of a WF relation is WF provided |
196 |
@{term A} is downward closed*} |
|
13165 | 197 |
lemma wf_on_trancl: |
198 |
"[| wf[A](r); r-``A <= A |] ==> wf[A](r^+)" |
|
199 |
apply (rule wf_onI2) |
|
200 |
apply (frule bspec [THEN mp], assumption+) |
|
13784 | 201 |
apply (erule_tac a = y in wf_on_induct, assumption) |
13165 | 202 |
apply (blast elim: tranclE, blast) |
203 |
done |
|
204 |
||
205 |
lemma wf_trancl: "wf(r) ==> wf(r^+)" |
|
206 |
apply (simp add: wf_iff_wf_on_field) |
|
207 |
apply (rule wf_on_subset_A) |
|
208 |
apply (erule wf_on_trancl) |
|
209 |
apply blast |
|
210 |
apply (rule trancl_type [THEN field_rel_subset]) |
|
211 |
done |
|
212 |
||
213 |
||
13634 | 214 |
text{*@{term "r-``{a}"} is the set of everything under @{term a} in @{term r}*} |
13165 | 215 |
|
216 |
lemmas underI = vimage_singleton_iff [THEN iffD2, standard] |
|
217 |
lemmas underD = vimage_singleton_iff [THEN iffD1, standard] |
|
218 |
||
13634 | 219 |
|
220 |
subsection{*The Predicate @{term is_recfun}*} |
|
0 | 221 |
|
13165 | 222 |
lemma is_recfun_type: "is_recfun(r,a,H,f) ==> f: r-``{a} -> range(f)" |
223 |
apply (unfold is_recfun_def) |
|
224 |
apply (erule ssubst) |
|
225 |
apply (rule lamI [THEN rangeI, THEN lam_type], assumption) |
|
226 |
done |
|
227 |
||
13269 | 228 |
lemmas is_recfun_imp_function = is_recfun_type [THEN fun_is_function] |
229 |
||
13165 | 230 |
lemma apply_recfun: |
231 |
"[| is_recfun(r,a,H,f); <x,a>:r |] ==> f`x = H(x, restrict(f,r-``{x}))" |
|
232 |
apply (unfold is_recfun_def) |
|
13175
81082cfa5618
new definition of "apply" and new simprule "beta_if"
paulson
parents:
13165
diff
changeset
|
233 |
txt{*replace f only on the left-hand side*} |
81082cfa5618
new definition of "apply" and new simprule "beta_if"
paulson
parents:
13165
diff
changeset
|
234 |
apply (erule_tac P = "%x.?t(x) = ?u" in ssubst) |
13269 | 235 |
apply (simp add: underI) |
13165 | 236 |
done |
237 |
||
238 |
lemma is_recfun_equal [rule_format]: |
|
239 |
"[| wf(r); trans(r); is_recfun(r,a,H,f); is_recfun(r,b,H,g) |] |
|
240 |
==> <x,a>:r --> <x,b>:r --> f`x=g`x" |
|
13784 | 241 |
apply (frule_tac f = f in is_recfun_type) |
242 |
apply (frule_tac f = g in is_recfun_type) |
|
13165 | 243 |
apply (simp add: is_recfun_def) |
244 |
apply (erule_tac a=x in wf_induct) |
|
245 |
apply (intro impI) |
|
246 |
apply (elim ssubst) |
|
247 |
apply (simp (no_asm_simp) add: vimage_singleton_iff restrict_def) |
|
248 |
apply (rule_tac t = "%z. H (?x,z) " in subst_context) |
|
249 |
apply (subgoal_tac "ALL y : r-``{x}. ALL z. <y,z>:f <-> <y,z>:g") |
|
250 |
apply (blast dest: transD) |
|
251 |
apply (simp add: apply_iff) |
|
252 |
apply (blast dest: transD intro: sym) |
|
253 |
done |
|
254 |
||
255 |
lemma is_recfun_cut: |
|
256 |
"[| wf(r); trans(r); |
|
257 |
is_recfun(r,a,H,f); is_recfun(r,b,H,g); <b,a>:r |] |
|
258 |
==> restrict(f, r-``{b}) = g" |
|
13784 | 259 |
apply (frule_tac f = f in is_recfun_type) |
13165 | 260 |
apply (rule fun_extension) |
261 |
apply (blast dest: transD intro: restrict_type2) |
|
262 |
apply (erule is_recfun_type, simp) |
|
263 |
apply (blast dest: transD intro: is_recfun_equal) |
|
264 |
done |
|
265 |
||
13356 | 266 |
subsection{*Recursion: Main Existence Lemma*} |
435 | 267 |
|
13165 | 268 |
lemma is_recfun_functional: |
269 |
"[| wf(r); trans(r); is_recfun(r,a,H,f); is_recfun(r,a,H,g) |] ==> f=g" |
|
270 |
by (blast intro: fun_extension is_recfun_type is_recfun_equal) |
|
271 |
||
13248 | 272 |
lemma the_recfun_eq: |
273 |
"[| is_recfun(r,a,H,f); wf(r); trans(r) |] ==> the_recfun(r,a,H) = f" |
|
274 |
apply (unfold the_recfun_def) |
|
275 |
apply (blast intro: is_recfun_functional) |
|
276 |
done |
|
277 |
||
13165 | 278 |
(*If some f satisfies is_recfun(r,a,H,-) then so does the_recfun(r,a,H) *) |
279 |
lemma is_the_recfun: |
|
280 |
"[| is_recfun(r,a,H,f); wf(r); trans(r) |] |
|
281 |
==> is_recfun(r, a, H, the_recfun(r,a,H))" |
|
13248 | 282 |
by (simp add: the_recfun_eq) |
13165 | 283 |
|
284 |
lemma unfold_the_recfun: |
|
285 |
"[| wf(r); trans(r) |] ==> is_recfun(r, a, H, the_recfun(r,a,H))" |
|
286 |
apply (rule_tac a=a in wf_induct, assumption) |
|
287 |
apply (rename_tac a1) |
|
288 |
apply (rule_tac f = "lam y: r-``{a1}. wftrec (r,y,H)" in is_the_recfun) |
|
289 |
apply typecheck |
|
290 |
apply (unfold is_recfun_def wftrec_def) |
|
13634 | 291 |
--{*Applying the substitution: must keep the quantified assumption!*} |
13165 | 292 |
apply (rule lam_cong [OF refl]) |
293 |
apply (drule underD) |
|
294 |
apply (fold is_recfun_def) |
|
295 |
apply (rule_tac t = "%z. H(?x,z)" in subst_context) |
|
296 |
apply (rule fun_extension) |
|
297 |
apply (blast intro: is_recfun_type) |
|
298 |
apply (rule lam_type [THEN restrict_type2]) |
|
299 |
apply blast |
|
300 |
apply (blast dest: transD) |
|
301 |
apply (frule spec [THEN mp], assumption) |
|
302 |
apply (subgoal_tac "<xa,a1> : r") |
|
13784 | 303 |
apply (drule_tac x1 = xa in spec [THEN mp], assumption) |
13175
81082cfa5618
new definition of "apply" and new simprule "beta_if"
paulson
parents:
13165
diff
changeset
|
304 |
apply (simp add: vimage_singleton_iff |
13165 | 305 |
apply_recfun is_recfun_cut) |
306 |
apply (blast dest: transD) |
|
307 |
done |
|
308 |
||
309 |
||
13356 | 310 |
subsection{*Unfolding @{term "wftrec(r,a,H)"}*} |
13165 | 311 |
|
312 |
lemma the_recfun_cut: |
|
313 |
"[| wf(r); trans(r); <b,a>:r |] |
|
314 |
==> restrict(the_recfun(r,a,H), r-``{b}) = the_recfun(r,b,H)" |
|
13269 | 315 |
by (blast intro: is_recfun_cut unfold_the_recfun) |
0 | 316 |
|
13165 | 317 |
(*NOT SUITABLE FOR REWRITING: it is recursive!*) |
318 |
lemma wftrec: |
|
319 |
"[| wf(r); trans(r) |] ==> |
|
320 |
wftrec(r,a,H) = H(a, lam x: r-``{a}. wftrec(r,x,H))" |
|
321 |
apply (unfold wftrec_def) |
|
322 |
apply (subst unfold_the_recfun [unfolded is_recfun_def]) |
|
323 |
apply (simp_all add: vimage_singleton_iff [THEN iff_sym] the_recfun_cut) |
|
324 |
done |
|
325 |
||
13634 | 326 |
|
327 |
subsubsection{*Removal of the Premise @{term "trans(r)"}*} |
|
13165 | 328 |
|
329 |
(*NOT SUITABLE FOR REWRITING: it is recursive!*) |
|
330 |
lemma wfrec: |
|
331 |
"wf(r) ==> wfrec(r,a,H) = H(a, lam x:r-``{a}. wfrec(r,x,H))" |
|
332 |
apply (unfold wfrec_def) |
|
333 |
apply (erule wf_trancl [THEN wftrec, THEN ssubst]) |
|
334 |
apply (rule trans_trancl) |
|
335 |
apply (rule vimage_pair_mono [THEN restrict_lam_eq, THEN subst_context]) |
|
336 |
apply (erule r_into_trancl) |
|
337 |
apply (rule subset_refl) |
|
338 |
done |
|
0 | 339 |
|
13165 | 340 |
(*This form avoids giant explosions in proofs. NOTE USE OF == *) |
341 |
lemma def_wfrec: |
|
342 |
"[| !!x. h(x)==wfrec(r,x,H); wf(r) |] ==> |
|
343 |
h(a) = H(a, lam x: r-``{a}. h(x))" |
|
344 |
apply simp |
|
345 |
apply (elim wfrec) |
|
346 |
done |
|
347 |
||
348 |
lemma wfrec_type: |
|
349 |
"[| wf(r); a:A; field(r)<=A; |
|
350 |
!!x u. [| x: A; u: Pi(r-``{x}, B) |] ==> H(x,u) : B(x) |
|
351 |
|] ==> wfrec(r,a,H) : B(a)" |
|
13784 | 352 |
apply (rule_tac a = a in wf_induct2, assumption+) |
13165 | 353 |
apply (subst wfrec, assumption) |
354 |
apply (simp add: lam_type underD) |
|
355 |
done |
|
356 |
||
357 |
||
358 |
lemma wfrec_on: |
|
359 |
"[| wf[A](r); a: A |] ==> |
|
360 |
wfrec[A](r,a,H) = H(a, lam x: (r-``{a}) Int A. wfrec[A](r,x,H))" |
|
361 |
apply (unfold wf_on_def wfrec_on_def) |
|
362 |
apply (erule wfrec [THEN trans]) |
|
363 |
apply (simp add: vimage_Int_square cons_subset_iff) |
|
364 |
done |
|
0 | 365 |
|
13634 | 366 |
text{*Minimal-element characterization of well-foundedness*} |
13165 | 367 |
lemma wf_eq_minimal: |
368 |
"wf(r) <-> (ALL Q x. x:Q --> (EX z:Q. ALL y. <y,z>:r --> y~:Q))" |
|
13634 | 369 |
by (unfold wf_def, blast) |
370 |
||
0 | 371 |
end |