(* Title: FOL/IFOL_lemmas.ML


ID: $Id$


Author: Lawrence C Paulson, Cambridge University Computer Laboratory


Copyright 1992 University of Cambridge


Tactics and lemmas for theory IFOL (intuitionistic firstorder logic).


*)


(* ML bindings *)


val refl = thm "refl";


val subst = thm "subst";


val conjI = thm "conjI";


val conjunct1 = thm "conjunct1";


val conjunct2 = thm "conjunct2";


val disjI1 = thm "disjI1";


val disjI2 = thm "disjI2";


val disjE = thm "disjE";


val impI = thm "impI";


val mp = thm "mp";


val FalseE = thm "FalseE";


val True_def = thm "True_def";


val not_def = thm "not_def";


val iff_def = thm "iff_def";


val ex1_def = thm "ex1_def";


val allI = thm "allI";


val spec = thm "spec";


val exI = thm "exI";


val exE = thm "exE";


val eq_reflection = thm "eq_reflection";


val iff_reflection = thm "iff_reflection";


qed_goalw "TrueI" (the_context ()) [True_def] "True"


(fn _ => [ (REPEAT (ares_tac [impI] 1)) ]);


(*** Sequentstyle elimination rules for & > and ALL ***)


qed_goal "conjE" (the_context ())


"[ P&Q; [ P; Q ] ==> R ] ==> R"


(fn prems=>


[ (REPEAT (resolve_tac prems 1


ORELSE (resolve_tac [conjunct1, conjunct2] 1 THEN


resolve_tac prems 1))) ]);


qed_goal "impE" (the_context ())


"[ P>Q; P; Q ==> R ] ==> R"


(fn prems=> [ (REPEAT (resolve_tac (prems@[mp]) 1)) ]);


qed_goal "allE" (the_context ())


"[ ALL x. P(x); P(x) ==> R ] ==> R"


(fn prems=> [ (REPEAT (resolve_tac (prems@[spec]) 1)) ]);


(*Duplicates the quantifier; for use with eresolve_tac*)


qed_goal "all_dupE" (the_context ())


"[ ALL x. P(x); [ P(x); ALL x. P(x) ] ==> R \


\ ] ==> R"


(fn prems=> [ (REPEAT (resolve_tac (prems@[spec]) 1)) ]);


(*** Negation rules, which translate between ~P and P>False ***)


qed_goalw "notI" (the_context ()) [not_def] "(P ==> False) ==> ~P"


(fn prems=> [ (REPEAT (ares_tac (prems@[impI]) 1)) ]);


qed_goalw "notE" (the_context ()) [not_def] "[ ~P; P ] ==> R"


(fn prems=>


[ (resolve_tac [mp RS FalseE] 1),


(REPEAT (resolve_tac prems 1)) ]);


qed_goal "rev_notE" (the_context ()) "!!P R. [ P; ~P ] ==> R"


(fn _ => [REPEAT (ares_tac [notE] 1)]);


(*This is useful with the special implication rules for each kind of P. *)


qed_goal "not_to_imp" (the_context ())


"[ ~P; (P>False) ==> Q ] ==> Q"


(fn prems=> [ (REPEAT (ares_tac (prems@[impI,notE]) 1)) ]);


(* For substitution into an assumption P, reduce Q to P>Q, substitute into


this implication, then apply impI to move P back into the assumptions.


To specify P use something like


eres_inst_tac [ ("P","ALL y. ?S(x,y)") ] rev_mp 1 *)


qed_goal "rev_mp" (the_context ()) "[ P; P > Q ] ==> Q"


(fn prems=> [ (REPEAT (resolve_tac (prems@[mp]) 1)) ]);


(*Contrapositive of an inference rule*)


qed_goal "contrapos" (the_context ()) "[ ~Q; P==>Q ] ==> ~P"


(fn [major,minor]=>


[ (rtac (major RS notE RS notI) 1),


(etac minor 1) ]);


(*** Modus Ponens Tactics ***)


(*Finds P>Q and P in the assumptions, replaces implication by Q *)


fun mp_tac i = eresolve_tac [notE,impE] i THEN assume_tac i;


(*Like mp_tac but instantiates no variables*)


fun eq_mp_tac i = eresolve_tac [notE,impE] i THEN eq_assume_tac i;


(*** Ifandonlyif ***)


qed_goalw "iffI" (the_context ()) [iff_def]


"[ P ==> Q; Q ==> P ] ==> P<>Q"


(fn prems=> [ (REPEAT (ares_tac (prems@[conjI, impI]) 1)) ]);


(*Observe use of rewrite_rule to unfold "<>" in metaassumptions (prems) *)


qed_goalw "iffE" (the_context ()) [iff_def]


"[ P <> Q; [ P>Q; Q>P ] ==> R ] ==> R"


(fn prems => [ (rtac conjE 1), (REPEAT (ares_tac prems 1)) ]);


(* Destruct rules for <> similar to Modus Ponens *)


qed_goalw "iffD1" (the_context ()) [iff_def] "[ P <> Q; P ] ==> Q"


(fn prems => [ (rtac (conjunct1 RS mp) 1), (REPEAT (ares_tac prems 1)) ]);


qed_goalw "iffD2" (the_context ()) [iff_def] "[ P <> Q; Q ] ==> P"


(fn prems => [ (rtac (conjunct2 RS mp) 1), (REPEAT (ares_tac prems 1)) ]);


qed_goal "rev_iffD1" (the_context ()) "!!P. [ P; P <> Q ] ==> Q"


(fn _ => [etac iffD1 1, assume_tac 1]);


qed_goal "rev_iffD2" (the_context ()) "!!P. [ Q; P <> Q ] ==> P"


(fn _ => [etac iffD2 1, assume_tac 1]);


qed_goal "iff_refl" (the_context ()) "P <> P"


(fn _ => [ (REPEAT (ares_tac [iffI] 1)) ]);


qed_goal "iff_sym" (the_context ()) "Q <> P ==> P <> Q"


(fn [major] =>


[ (rtac (major RS iffE) 1),


(rtac iffI 1),


(REPEAT (eresolve_tac [asm_rl,mp] 1)) ]);


qed_goal "iff_trans" (the_context ())


"!!P Q R. [ P <> Q; Q<> R ] ==> P <> R"


(fn _ =>


[ (rtac iffI 1),


(REPEAT (eresolve_tac [asm_rl,iffE] 1 ORELSE mp_tac 1)) ]);


(*** Unique existence. NOTE THAT the following 2 quantifications


147 
do NOT mean the same thing. The parser treats EX!x y.P(x,y) as sequential.


150 


151 
"[ P(a); !!x. P(x) ==> x=a ] ==> EX! x. P(x)"


(fn prems => [ (REPEAT (ares_tac (prems@[exI,conjI,allI,impI]) 1)) ]);


156 
158 
159 
160 


162 
163 
164 
165 
(*** <> congruence rules for simplification ***)


(*Use iffE on a premise. For conj_cong, imp_cong, all_cong, ex_cong*)


fun iff_tac prems i =


resolve_tac (prems RL [iffE]) i THEN


REPEAT1 (eresolve_tac [asm_rl,mp] i);


qed_goal "conj_cong" (the_context ())


"[ P <> P'; P' ==> Q <> Q' ] ==> (P&Q) <> (P'&Q')"


178 
179 
180 
181 
182 


184 
185 
186 
187 
188 
189 
190 
qed_goal "disj_cong" (the_context ())


"[ P <> P'; Q <> Q' ] ==> (PQ) <> (P'Q')"


(fn prems =>


[ (cut_facts_tac prems 1),


(REPEAT (eresolve_tac [iffE,disjE,disjI1,disjI2] 1


ORELSE ares_tac [iffI] 1


ORELSE mp_tac 1)) ]);


qed_goal "imp_cong" (the_context ())


"[ P <> P'; P' ==> Q <> Q' ] ==> (P>Q) <> (P'>Q')"


(fn prems =>


[ (cut_facts_tac prems 1),


205 
ORELSE mp_tac 1 ORELSE iff_tac prems 1)) ]);


qed_goal "iff_cong" (the_context ())


"[ P <> P'; Q <> Q' ] ==> (P<>Q) <> (P'<>Q')"


(fn prems =>


[ (cut_facts_tac prems 1),


(REPEAT (etac iffE 1


ORELSE ares_tac [iffI] 1


ORELSE mp_tac 1)) ]);


qed_goal "not_cong" (the_context ())


"P <> P' ==> ~P <> ~P'"


(fn prems =>


[ (cut_facts_tac prems 1),


(REPEAT (ares_tac [iffI,notI] 1


ORELSE mp_tac 1


ORELSE eresolve_tac [iffE,notE] 1)) ]);


qed_goal "all_cong" (the_context ())


"(!!x. P(x) <> Q(x)) ==> (ALL x. P(x)) <> (ALL x. Q(x))"


(fn prems =>


[ (REPEAT (ares_tac [iffI,allI] 1


ORELSE mp_tac 1


ORELSE etac allE 1 ORELSE iff_tac prems 1)) ]);


qed_goal "ex_cong" (the_context ())


"(!!x. P(x) <> Q(x)) ==> (EX x. P(x)) <> (EX x. Q(x))"


(fn prems =>


[ (REPEAT (etac exE 1 ORELSE ares_tac [iffI,exI] 1


ORELSE mp_tac 1


ORELSE iff_tac prems 1)) ]);


qed_goal "ex1_cong" (the_context ())


"(!!x. P(x) <> Q(x)) ==> (EX! x. P(x)) <> (EX! x. Q(x))"


(fn prems =>


[ (REPEAT (eresolve_tac [ex1E, spec RS mp] 1 ORELSE ares_tac [iffI,ex1I] 1


ORELSE mp_tac 1


ORELSE iff_tac prems 1)) ]);


245 
246 


qed_goal "sym" (the_context ()) "a=b ==> b=a"


(fn [major] => [ (rtac (major RS subst) 1), (rtac refl 1) ]);


250 
(fn [prem1,prem2] => [ (rtac (prem2 RS subst) 1), (rtac prem1 1) ]);


253 
bind_thm ("not_sym", hd (compose(sym,2,contrapos)));

(* Two theorms for rewriting only one instance of a definition:


259 


261 
by (rtac iff_refl 1);


264 


266 
by (rtac refl 1);


qed "meta_eq_to_obj_eq";


270 


271 
(*Substitution: rule and tactic*)


272 
bind_thm ("ssubst", sym RS subst);


273 


274 
(*Apply an equality or definition ONCE.


275 
Fails unless the substitution has an effect*)


276 
fun stac th =


277 
let val th' = th RS meta_eq_to_obj_eq handle THM _ => th


278 
in CHANGED_GOAL (rtac (th' RS ssubst))


279 
end;


280 


281 
(*A special case of ex1E that would otherwise need quantifier expansion*)


282 
qed_goal "ex1_equalsE" (the_context ())


283 
"[ EX! x. P(x); P(a); P(b) ] ==> a=b"


284 
(fn prems =>


285 
[ (cut_facts_tac prems 1),


286 
(etac ex1E 1),


287 
(rtac trans 1),


288 
(rtac sym 2),


289 
(REPEAT (eresolve_tac [asm_rl, spec RS mp] 1)) ]);


290 


291 
(** Polymorphic congruence rules **)


292 


293 
qed_goal "subst_context" (the_context ())


294 
"[ a=b ] ==> t(a)=t(b)"


295 
(fn prems=>


296 
[ (resolve_tac (prems RL [ssubst]) 1),


297 
(rtac refl 1) ]);


298 


299 
qed_goal "subst_context2" (the_context ())


300 
"[ a=b; c=d ] ==> t(a,c)=t(b,d)"


301 
(fn prems=>


302 
[ (EVERY1 (map rtac ((prems RL [ssubst]) @ [refl]))) ]);


303 


304 
qed_goal "subst_context3" (the_context ())


305 
"[ a=b; c=d; e=f ] ==> t(a,c,e)=t(b,d,f)"


306 
(fn prems=>


307 
[ (EVERY1 (map rtac ((prems RL [ssubst]) @ [refl]))) ]);


308 


309 
(*Useful with eresolve_tac for proving equalties from known equalities.


310 
a = b


311 
 


312 
c = d *)


313 
qed_goal "box_equals" (the_context ())


314 
"[ a=b; a=c; b=d ] ==> c=d"


315 
(fn prems=>


316 
[ (rtac trans 1),


317 
(rtac trans 1),


318 
(rtac sym 1),


319 
(REPEAT (resolve_tac prems 1)) ]);


320 


321 
(*Dual of box_equals: for proving equalities backwards*)


322 
qed_goal "simp_equals" (the_context ())


323 
"[ a=c; b=d; c=d ] ==> a=b"


324 
(fn prems=>


325 
[ (rtac trans 1),


326 
(rtac trans 1),


327 
(REPEAT (resolve_tac (prems @ (prems RL [sym])) 1)) ]);


328 


329 
(** Congruence rules for predicate letters **)


330 


331 
qed_goal "pred1_cong" (the_context ())


332 
"a=a' ==> P(a) <> P(a')"


333 
(fn prems =>


334 
[ (cut_facts_tac prems 1),


335 
(rtac iffI 1),


336 
(DEPTH_SOLVE (eresolve_tac [asm_rl, subst, ssubst] 1)) ]);


337 


338 
qed_goal "pred2_cong" (the_context ())


339 
"[ a=a'; b=b' ] ==> P(a,b) <> P(a',b')"


340 
(fn prems =>


341 
[ (cut_facts_tac prems 1),


342 
(rtac iffI 1),


343 
(DEPTH_SOLVE (eresolve_tac [asm_rl, subst, ssubst] 1)) ]);


344 


345 
qed_goal "pred3_cong" (the_context ())


346 
"[ a=a'; b=b'; c=c' ] ==> P(a,b,c) <> P(a',b',c')"


347 
(fn prems =>


348 
[ (cut_facts_tac prems 1),


349 
(rtac iffI 1),


350 
(DEPTH_SOLVE (eresolve_tac [asm_rl, subst, ssubst] 1)) ]);


351 


352 
(*special cases for free variables P, Q, R, S  up to 3 arguments*)


353 


354 
val pred_congs =


355 
flat (map (fn c =>


356 
map (fn th => read_instantiate [("P",c)] th)


357 
[pred1_cong,pred2_cong,pred3_cong])


358 
(explode"PQRS"));


359 


360 
(*special case for the equality predicate!*)

361 
bind_thm ("eq_cong", read_instantiate [("P","op =")] pred2_cong);

362 


363 


364 
(*** Simplifications of assumed implications.


365 
Roy Dyckhoff has proved that conj_impE, disj_impE, and imp_impE


366 
used with mp_tac (restricted to atomic formulae) is COMPLETE for


367 
intuitionistic propositional logic. See


368 
R. Dyckhoff, Contractionfree sequent calculi for intuitionistic logic


369 
(preprint, University of St Andrews, 1991) ***)


370 


371 
qed_goal "conj_impE" (the_context ())


372 
"[ (P&Q)>S; P>(Q>S) ==> R ] ==> R"


373 
(fn major::prems=>


374 
[ (REPEAT (ares_tac ([conjI, impI, major RS mp]@prems) 1)) ]);


375 


376 
qed_goal "disj_impE" (the_context ())


377 
"[ (PQ)>S; [ P>S; Q>S ] ==> R ] ==> R"


378 
(fn major::prems=>


379 
[ (DEPTH_SOLVE (ares_tac ([disjI1, disjI2, impI, major RS mp]@prems) 1)) ]);


380 


381 
(*Simplifies the implication. Classical version is stronger.


382 
Still UNSAFE since Q must be provable  backtracking needed. *)


383 
qed_goal "imp_impE" (the_context ())


384 
"[ (P>Q)>S; [ P; Q>S ] ==> Q; S ==> R ] ==> R"


385 
(fn major::prems=>


386 
[ (REPEAT (ares_tac ([impI, major RS mp]@prems) 1)) ]);


387 


388 
(*Simplifies the implication. Classical version is stronger.


389 
Still UNSAFE since ~P must be provable  backtracking needed. *)


390 
qed_goal "not_impE" (the_context ())


391 
"[ ~P > S; P ==> False; S ==> R ] ==> R"


392 
(fn major::prems=>


393 
[ (REPEAT (ares_tac ([notI, impI, major RS mp]@prems) 1)) ]);


394 


395 
(*Simplifies the implication. UNSAFE. *)


396 
qed_goal "iff_impE" (the_context ())


397 
"[ (P<>Q)>S; [ P; Q>S ] ==> Q; [ Q; P>S ] ==> P; \


398 
\ S ==> R ] ==> R"


399 
(fn major::prems=>


400 
[ (REPEAT (ares_tac ([iffI, impI, major RS mp]@prems) 1)) ]);


401 


402 
(*What if (ALL x.~~P(x)) > ~~(ALL x.P(x)) is an assumption? UNSAFE*)


403 
qed_goal "all_impE" (the_context ())


404 
"[ (ALL x. P(x))>S; !!x. P(x); S ==> R ] ==> R"


405 
(fn major::prems=>


406 
[ (REPEAT (ares_tac ([allI, impI, major RS mp]@prems) 1)) ]);


407 


408 
(*Unsafe: (EX x.P(x))>S is equivalent to ALL x.P(x)>S. *)


409 
qed_goal "ex_impE" (the_context ())


410 
"[ (EX x. P(x))>S; P(x)>S ==> R ] ==> R"


411 
(fn major::prems=>


412 
[ (REPEAT (ares_tac ([exI, impI, major RS mp]@prems) 1)) ]);


413 


414 
(*** Courtesy of Krzysztof Grabczewski ***)


415 


416 
val major::prems = goal (the_context ()) "[ PQ; P==>R; Q==>S ] ==> RS";


417 
by (rtac (major RS disjE) 1);


418 
by (REPEAT (eresolve_tac (prems RL [disjI1, disjI2]) 1));


419 
qed "disj_imp_disj";


420 


421 


422 
(** strip ALL and > from proved goal while preserving ALLbound var names **)


423 


424 
fun make_new_spec rl =


425 
(* Use a crazy name to avoid forall_intr failing because of


426 
duplicate variable name *)


427 
let val myspec = read_instantiate [("P","?wlzickd")] rl


428 
val _ $ (_ $ (vx as Var(_,vxT))) = concl_of myspec;


429 
val cvx = cterm_of (#sign(rep_thm myspec)) vx


430 
in (vxT, forall_intr cvx myspec) end;


431 


432 
local


433 


434 
val (specT, spec') = make_new_spec spec


435 


436 
in


437 


438 
fun RSspec th =


439 
(case concl_of th of


440 
_ $ (Const("All",_) $ Abs(a,_,_)) =>


441 
let val ca = cterm_of (#sign(rep_thm th)) (Var((a,0),specT))


442 
in th RS forall_elim ca spec' end


443 
 _ => raise THM("RSspec",0,[th]));


444 


445 
fun RSmp th =


446 
(case concl_of th of


447 
_ $ (Const("op >",_)$_$_) => th RS mp


448 
 _ => raise THM("RSmp",0,[th]));


449 


450 
fun normalize_thm funs =


451 
let fun trans [] th = th


452 
 trans (f::fs) th = (trans funs (f th)) handle THM _ => trans fs th


453 
in trans funs end;


454 


455 
fun qed_spec_mp name =


456 
let val thm = normalize_thm [RSspec,RSmp] (result())


457 
in bind_thm(name, thm) end;


458 


459 
fun qed_goal_spec_mp name thy s p =


460 
bind_thm (name, normalize_thm [RSspec,RSmp] (prove_goal thy s p));


461 


462 
fun qed_goalw_spec_mp name thy defs s p =


463 
bind_thm (name, normalize_thm [RSspec,RSmp] (prove_goalw thy defs s p));


464 


465 
end;


466 


467 


468 
(* attributes *)


469 


470 
local


471 


472 
fun gen_rulify x = Attrib.no_args (Drule.rule_attribute (K (normalize_thm [RSspec, RSmp]))) x;


473 


474 
in


475 


476 
val attrib_setup =


477 
[Attrib.add_attributes


478 
[("rulify", (gen_rulify, gen_rulify), "put theorem into standard rule form")]];


479 


480 
end;
