isabelle: doc-src/TutorialI/Overview/Isar.thy@332347b9b942 (annotated)

11235 860c65c7388a * empty log message * nipkow parents: diff changeset	1	theory Isar = Sets:
860c65c7388a * empty log message * nipkow parents: diff changeset	2
860c65c7388a * empty log message * nipkow parents: diff changeset	3	section{A Taste of Structured Proofs in Isar}
860c65c7388a * empty log message * nipkow parents: diff changeset	4
860c65c7388a * empty log message * nipkow parents: diff changeset	5	lemma [intro?]: "mono f \<Longrightarrow> x \<in> f (lfp f) \<Longrightarrow> x \<in> lfp f"
860c65c7388a * empty log message * nipkow parents: diff changeset	6	by(simp only: lfp_unfold [symmetric])
860c65c7388a * empty log message * nipkow parents: diff changeset	7
860c65c7388a * empty log message * nipkow parents: diff changeset	8	lemma "lfp(\<lambda>T. A \<union> M\<inverse> `` T) = {s. \<exists>t. (s,t) \<in> M\<^sup>* \<and> t \<in> A}"
860c65c7388a * empty log message * nipkow parents: diff changeset	9	(is "lfp ?F = ?toA")
860c65c7388a * empty log message * nipkow parents: diff changeset	10	proof
860c65c7388a * empty log message * nipkow parents: diff changeset	11	show "lfp ?F \<subseteq> ?toA"
860c65c7388a * empty log message * nipkow parents: diff changeset	12	by (blast intro!: lfp_lowerbound intro:rtrancl_trans)
860c65c7388a * empty log message * nipkow parents: diff changeset	13
860c65c7388a * empty log message * nipkow parents: diff changeset	14	show "?toA \<subseteq> lfp ?F"
860c65c7388a * empty log message * nipkow parents: diff changeset	15	proof
860c65c7388a * empty log message * nipkow parents: diff changeset	16	fix s assume "s \<in> ?toA"
11238 1d789889c922 * empty log message * nipkow parents: 11235 diff changeset	17	then obtain t where stM: "(s,t) \<in> M\<^sup>*" and tA: "t \<in> A"
1d789889c922 * empty log message * nipkow parents: 11235 diff changeset	18	by blast
11235 860c65c7388a * empty log message * nipkow parents: diff changeset	19	from stM show "s \<in> lfp ?F"
860c65c7388a * empty log message * nipkow parents: diff changeset	20	proof (rule converse_rtrancl_induct)
860c65c7388a * empty log message * nipkow parents: diff changeset	21	from tA have "t \<in> ?F (lfp ?F)" by blast
860c65c7388a * empty log message * nipkow parents: diff changeset	22	with mono_ef show "t \<in> lfp ?F" ..
11238 1d789889c922 * empty log message * nipkow parents: 11235 diff changeset	23	fix s s' assume "(s,s') \<in> M" and "(s',t) \<in> M\<^sup>*"
1d789889c922 * empty log message * nipkow parents: 11235 diff changeset	24	and "s' \<in> lfp ?F"
11235 860c65c7388a * empty log message * nipkow parents: diff changeset	25	then have "s \<in> ?F (lfp ?F)" by blast
860c65c7388a * empty log message * nipkow parents: diff changeset	26	with mono_ef show "s \<in> lfp ?F" ..
860c65c7388a * empty log message * nipkow parents: diff changeset	27	qed
860c65c7388a * empty log message * nipkow parents: diff changeset	28	qed
860c65c7388a * empty log message * nipkow parents: diff changeset	29	qed
860c65c7388a * empty log message * nipkow parents: diff changeset	30
860c65c7388a * empty log message * nipkow parents: diff changeset	31	end
860c65c7388a * empty log message * nipkow parents: diff changeset	32

author	paulson
	Tue, 17 Jul 2001 13:46:21 +0200
changeset 11428	332347b9b942
parent 11238	1d789889c922
child 12815	1f073030b97a
permissions	-rw-r--r--