17456
|
1 |
(* Title: CCL/CCL.thy
|
0
|
2 |
ID: $Id$
|
1474
|
3 |
Author: Martin Coen
|
0
|
4 |
Copyright 1993 University of Cambridge
|
|
5 |
*)
|
|
6 |
|
17456
|
7 |
header {* Classical Computational Logic for Untyped Lambda Calculus
|
|
8 |
with reduction to weak head-normal form *}
|
0
|
9 |
|
17456
|
10 |
theory CCL
|
|
11 |
imports Gfp
|
|
12 |
begin
|
0
|
13 |
|
17456
|
14 |
text {*
|
|
15 |
Based on FOL extended with set collection, a primitive higher-order
|
|
16 |
logic. HOL is too strong - descriptions prevent a type of programs
|
|
17 |
being defined which contains only executable terms.
|
|
18 |
*}
|
0
|
19 |
|
17456
|
20 |
classes prog < "term"
|
|
21 |
defaultsort prog
|
|
22 |
|
24825
|
23 |
arities "fun" :: (prog, prog) prog
|
17456
|
24 |
|
|
25 |
typedecl i
|
|
26 |
arities i :: prog
|
|
27 |
|
0
|
28 |
|
|
29 |
consts
|
|
30 |
(*** Evaluation Judgement ***)
|
24825
|
31 |
Eval :: "[i,i]=>prop" (infixl "--->" 20)
|
0
|
32 |
|
|
33 |
(*** Bisimulations for pre-order and equality ***)
|
24825
|
34 |
po :: "['a,'a]=>o" (infixl "[=" 50)
|
0
|
35 |
SIM :: "[i,i,i set]=>o"
|
17456
|
36 |
POgen :: "i set => i set"
|
|
37 |
EQgen :: "i set => i set"
|
|
38 |
PO :: "i set"
|
|
39 |
EQ :: "i set"
|
0
|
40 |
|
|
41 |
(*** Term Formers ***)
|
17456
|
42 |
true :: "i"
|
|
43 |
false :: "i"
|
0
|
44 |
pair :: "[i,i]=>i" ("(1<_,/_>)")
|
|
45 |
lambda :: "(i=>i)=>i" (binder "lam " 55)
|
17456
|
46 |
"case" :: "[i,i,i,[i,i]=>i,(i=>i)=>i]=>i"
|
24825
|
47 |
"apply" :: "[i,i]=>i" (infixl "`" 56)
|
0
|
48 |
bot :: "i"
|
17456
|
49 |
"fix" :: "(i=>i)=>i"
|
0
|
50 |
|
|
51 |
(*** Defined Predicates ***)
|
17456
|
52 |
Trm :: "i => o"
|
|
53 |
Dvg :: "i => o"
|
0
|
54 |
|
17456
|
55 |
axioms
|
0
|
56 |
|
|
57 |
(******* EVALUATION SEMANTICS *******)
|
|
58 |
|
|
59 |
(** This is the evaluation semantics from which the axioms below were derived. **)
|
|
60 |
(** It is included here just as an evaluator for FUN and has no influence on **)
|
|
61 |
(** inference in the theory CCL. **)
|
|
62 |
|
17456
|
63 |
trueV: "true ---> true"
|
|
64 |
falseV: "false ---> false"
|
|
65 |
pairV: "<a,b> ---> <a,b>"
|
|
66 |
lamV: "lam x. b(x) ---> lam x. b(x)"
|
|
67 |
caseVtrue: "[| t ---> true; d ---> c |] ==> case(t,d,e,f,g) ---> c"
|
|
68 |
caseVfalse: "[| t ---> false; e ---> c |] ==> case(t,d,e,f,g) ---> c"
|
|
69 |
caseVpair: "[| t ---> <a,b>; f(a,b) ---> c |] ==> case(t,d,e,f,g) ---> c"
|
|
70 |
caseVlam: "[| t ---> lam x. b(x); g(b) ---> c |] ==> case(t,d,e,f,g) ---> c"
|
0
|
71 |
|
|
72 |
(*** Properties of evaluation: note that "t ---> c" impies that c is canonical ***)
|
|
73 |
|
17456
|
74 |
canonical: "[| t ---> c; c==true ==> u--->v;
|
|
75 |
c==false ==> u--->v;
|
|
76 |
!!a b. c==<a,b> ==> u--->v;
|
|
77 |
!!f. c==lam x. f(x) ==> u--->v |] ==>
|
1149
|
78 |
u--->v"
|
0
|
79 |
|
|
80 |
(* Should be derivable - but probably a bitch! *)
|
17456
|
81 |
substitute: "[| a==a'; t(a)--->c(a) |] ==> t(a')--->c(a')"
|
0
|
82 |
|
|
83 |
(************** LOGIC ***************)
|
|
84 |
|
|
85 |
(*** Definitions used in the following rules ***)
|
|
86 |
|
17456
|
87 |
apply_def: "f ` t == case(f,bot,bot,%x y. bot,%u. u(t))"
|
|
88 |
bot_def: "bot == (lam x. x`x)`(lam x. x`x)"
|
|
89 |
fix_def: "fix(f) == (lam x. f(x`x))`(lam x. f(x`x))"
|
0
|
90 |
|
|
91 |
(* The pre-order ([=) is defined as a simulation, and behavioural equivalence (=) *)
|
|
92 |
(* as a bisimulation. They can both be expressed as (bi)simulations up to *)
|
|
93 |
(* behavioural equivalence (ie the relations PO and EQ defined below). *)
|
|
94 |
|
17456
|
95 |
SIM_def:
|
|
96 |
"SIM(t,t',R) == (t=true & t'=true) | (t=false & t'=false) |
|
|
97 |
(EX a a' b b'. t=<a,b> & t'=<a',b'> & <a,a'> : R & <b,b'> : R) |
|
3837
|
98 |
(EX f f'. t=lam x. f(x) & t'=lam x. f'(x) & (ALL x.<f(x),f'(x)> : R))"
|
0
|
99 |
|
17456
|
100 |
POgen_def: "POgen(R) == {p. EX t t'. p=<t,t'> & (t = bot | SIM(t,t',R))}"
|
|
101 |
EQgen_def: "EQgen(R) == {p. EX t t'. p=<t,t'> & (t = bot & t' = bot | SIM(t,t',R))}"
|
0
|
102 |
|
17456
|
103 |
PO_def: "PO == gfp(POgen)"
|
|
104 |
EQ_def: "EQ == gfp(EQgen)"
|
0
|
105 |
|
|
106 |
(*** Rules ***)
|
|
107 |
|
|
108 |
(** Partial Order **)
|
|
109 |
|
17456
|
110 |
po_refl: "a [= a"
|
|
111 |
po_trans: "[| a [= b; b [= c |] ==> a [= c"
|
|
112 |
po_cong: "a [= b ==> f(a) [= f(b)"
|
0
|
113 |
|
|
114 |
(* Extend definition of [= to program fragments of higher type *)
|
17456
|
115 |
po_abstractn: "(!!x. f(x) [= g(x)) ==> (%x. f(x)) [= (%x. g(x))"
|
0
|
116 |
|
|
117 |
(** Equality - equivalence axioms inherited from FOL.thy **)
|
|
118 |
(** - congruence of "=" is axiomatised implicitly **)
|
|
119 |
|
17456
|
120 |
eq_iff: "t = t' <-> t [= t' & t' [= t"
|
0
|
121 |
|
|
122 |
(** Properties of canonical values given by greatest fixed point definitions **)
|
17456
|
123 |
|
|
124 |
PO_iff: "t [= t' <-> <t,t'> : PO"
|
|
125 |
EQ_iff: "t = t' <-> <t,t'> : EQ"
|
0
|
126 |
|
|
127 |
(** Behaviour of non-canonical terms (ie case) given by the following beta-rules **)
|
|
128 |
|
17456
|
129 |
caseBtrue: "case(true,d,e,f,g) = d"
|
|
130 |
caseBfalse: "case(false,d,e,f,g) = e"
|
|
131 |
caseBpair: "case(<a,b>,d,e,f,g) = f(a,b)"
|
|
132 |
caseBlam: "case(lam x. b(x),d,e,f,g) = g(b)"
|
|
133 |
caseBbot: "case(bot,d,e,f,g) = bot" (* strictness *)
|
0
|
134 |
|
|
135 |
(** The theory is non-trivial **)
|
17456
|
136 |
distinctness: "~ lam x. b(x) = bot"
|
0
|
137 |
|
|
138 |
(*** Definitions of Termination and Divergence ***)
|
|
139 |
|
17456
|
140 |
Dvg_def: "Dvg(t) == t = bot"
|
|
141 |
Trm_def: "Trm(t) == ~ Dvg(t)"
|
0
|
142 |
|
17456
|
143 |
text {*
|
0
|
144 |
Would be interesting to build a similar theory for a typed programming language:
|
|
145 |
ie. true :: bool, fix :: ('a=>'a)=>'a etc......
|
|
146 |
|
|
147 |
This is starting to look like LCF.
|
17456
|
148 |
What are the advantages of this approach?
|
|
149 |
- less axiomatic
|
0
|
150 |
- wfd induction / coinduction and fixed point induction available
|
17456
|
151 |
*}
|
|
152 |
|
20140
|
153 |
|
|
154 |
lemmas ccl_data_defs = apply_def fix_def
|
|
155 |
and [simp] = po_refl
|
|
156 |
|
|
157 |
|
|
158 |
subsection {* Congruence Rules *}
|
|
159 |
|
|
160 |
(*similar to AP_THM in Gordon's HOL*)
|
|
161 |
lemma fun_cong: "(f::'a=>'b) = g ==> f(x)=g(x)"
|
|
162 |
by simp
|
|
163 |
|
|
164 |
(*similar to AP_TERM in Gordon's HOL and FOL's subst_context*)
|
|
165 |
lemma arg_cong: "x=y ==> f(x)=f(y)"
|
|
166 |
by simp
|
|
167 |
|
|
168 |
lemma abstractn: "(!!x. f(x) = g(x)) ==> f = g"
|
|
169 |
apply (simp add: eq_iff)
|
|
170 |
apply (blast intro: po_abstractn)
|
|
171 |
done
|
|
172 |
|
|
173 |
lemmas caseBs = caseBtrue caseBfalse caseBpair caseBlam caseBbot
|
|
174 |
|
|
175 |
|
|
176 |
subsection {* Termination and Divergence *}
|
|
177 |
|
|
178 |
lemma Trm_iff: "Trm(t) <-> ~ t = bot"
|
|
179 |
by (simp add: Trm_def Dvg_def)
|
|
180 |
|
|
181 |
lemma Dvg_iff: "Dvg(t) <-> t = bot"
|
|
182 |
by (simp add: Trm_def Dvg_def)
|
|
183 |
|
|
184 |
|
|
185 |
subsection {* Constructors are injective *}
|
|
186 |
|
|
187 |
lemma eq_lemma: "[| x=a; y=b; x=y |] ==> a=b"
|
|
188 |
by simp
|
|
189 |
|
|
190 |
ML {*
|
24825
|
191 |
fun mk_inj_rl thy rews s =
|
|
192 |
let
|
|
193 |
fun mk_inj_lemmas r = [@{thm arg_cong}] RL [r RS (r RS @{thm eq_lemma})]
|
|
194 |
val inj_lemmas = List.concat (map mk_inj_lemmas rews)
|
|
195 |
val tac = REPEAT (ares_tac [iffI, allI, conjI] 1 ORELSE
|
|
196 |
eresolve_tac inj_lemmas 1 ORELSE
|
|
197 |
asm_simp_tac (Simplifier.theory_context thy @{simpset} addsimps rews) 1)
|
|
198 |
in prove_goal thy s (fn _ => [tac]) end
|
20140
|
199 |
*}
|
|
200 |
|
|
201 |
ML {*
|
|
202 |
bind_thms ("ccl_injs",
|
24825
|
203 |
map (mk_inj_rl @{theory} @{thms caseBs})
|
20140
|
204 |
["<a,b> = <a',b'> <-> (a=a' & b=b')",
|
|
205 |
"(lam x. b(x) = lam x. b'(x)) <-> ((ALL z. b(z)=b'(z)))"])
|
|
206 |
*}
|
|
207 |
|
|
208 |
|
|
209 |
lemma pair_inject: "<a,b> = <a',b'> \<Longrightarrow> (a = a' \<Longrightarrow> b = b' \<Longrightarrow> R) \<Longrightarrow> R"
|
|
210 |
by (simp add: ccl_injs)
|
|
211 |
|
|
212 |
|
|
213 |
subsection {* Constructors are distinct *}
|
|
214 |
|
|
215 |
lemma lem: "t=t' ==> case(t,b,c,d,e) = case(t',b,c,d,e)"
|
|
216 |
by simp
|
|
217 |
|
|
218 |
ML {*
|
|
219 |
|
|
220 |
local
|
|
221 |
fun pairs_of f x [] = []
|
|
222 |
| pairs_of f x (y::ys) = (f x y) :: (f y x) :: (pairs_of f x ys)
|
|
223 |
|
|
224 |
fun mk_combs ff [] = []
|
|
225 |
| mk_combs ff (x::xs) = (pairs_of ff x xs) @ mk_combs ff xs
|
|
226 |
|
|
227 |
(* Doesn't handle binder types correctly *)
|
|
228 |
fun saturate thy sy name =
|
|
229 |
let fun arg_str 0 a s = s
|
|
230 |
| arg_str 1 a s = "(" ^ a ^ "a" ^ s ^ ")"
|
|
231 |
| arg_str n a s = arg_str (n-1) a ("," ^ a ^ (chr((ord "a")+n-1)) ^ s)
|
|
232 |
val T = Sign.the_const_type thy (Sign.intern_const thy sy);
|
|
233 |
val arity = length (fst (strip_type T))
|
|
234 |
in sy ^ (arg_str arity name "") end
|
|
235 |
|
|
236 |
fun mk_thm_str thy a b = "~ " ^ (saturate thy a "a") ^ " = " ^ (saturate thy b "b")
|
|
237 |
|
|
238 |
val lemma = thm "lem";
|
|
239 |
val eq_lemma = thm "eq_lemma";
|
|
240 |
val distinctness = thm "distinctness";
|
|
241 |
fun mk_lemma (ra,rb) = [lemma] RL [ra RS (rb RS eq_lemma)] RL
|
|
242 |
[distinctness RS notE,sym RS (distinctness RS notE)]
|
|
243 |
in
|
|
244 |
fun mk_lemmas rls = List.concat (map mk_lemma (mk_combs pair rls))
|
|
245 |
fun mk_dstnct_rls thy xs = mk_combs (mk_thm_str thy) xs
|
|
246 |
end
|
|
247 |
|
|
248 |
*}
|
|
249 |
|
|
250 |
ML {*
|
|
251 |
|
|
252 |
val caseB_lemmas = mk_lemmas (thms "caseBs")
|
|
253 |
|
|
254 |
val ccl_dstncts =
|
|
255 |
let fun mk_raw_dstnct_thm rls s =
|
|
256 |
prove_goal (the_context ()) s (fn _=> [rtac notI 1,eresolve_tac rls 1])
|
|
257 |
in map (mk_raw_dstnct_thm caseB_lemmas)
|
|
258 |
(mk_dstnct_rls (the_context ()) ["bot","true","false","pair","lambda"]) end
|
|
259 |
|
|
260 |
fun mk_dstnct_thms thy defs inj_rls xs =
|
|
261 |
let fun mk_dstnct_thm rls s = prove_goalw thy defs s
|
|
262 |
(fn _ => [simp_tac (simpset_of thy addsimps (rls@inj_rls)) 1])
|
|
263 |
in map (mk_dstnct_thm ccl_dstncts) (mk_dstnct_rls thy xs) end
|
|
264 |
|
|
265 |
fun mkall_dstnct_thms thy defs i_rls xss = List.concat (map (mk_dstnct_thms thy defs i_rls) xss)
|
|
266 |
|
|
267 |
(*** Rewriting and Proving ***)
|
|
268 |
|
|
269 |
fun XH_to_I rl = rl RS iffD2
|
|
270 |
fun XH_to_D rl = rl RS iffD1
|
|
271 |
val XH_to_E = make_elim o XH_to_D
|
|
272 |
val XH_to_Is = map XH_to_I
|
|
273 |
val XH_to_Ds = map XH_to_D
|
|
274 |
val XH_to_Es = map XH_to_E;
|
|
275 |
|
|
276 |
bind_thms ("ccl_rews", thms "caseBs" @ ccl_injs @ ccl_dstncts);
|
|
277 |
bind_thms ("ccl_dstnctsEs", ccl_dstncts RL [notE]);
|
|
278 |
bind_thms ("ccl_injDs", XH_to_Ds (thms "ccl_injs"));
|
|
279 |
*}
|
|
280 |
|
|
281 |
lemmas [simp] = ccl_rews
|
|
282 |
and [elim!] = pair_inject ccl_dstnctsEs
|
|
283 |
and [dest!] = ccl_injDs
|
|
284 |
|
|
285 |
|
|
286 |
subsection {* Facts from gfp Definition of @{text "[="} and @{text "="} *}
|
|
287 |
|
|
288 |
lemma XHlemma1: "[| A=B; a:B <-> P |] ==> a:A <-> P"
|
|
289 |
by simp
|
|
290 |
|
|
291 |
lemma XHlemma2: "(P(t,t') <-> Q) ==> (<t,t'> : {p. EX t t'. p=<t,t'> & P(t,t')} <-> Q)"
|
|
292 |
by blast
|
|
293 |
|
|
294 |
|
|
295 |
subsection {* Pre-Order *}
|
|
296 |
|
|
297 |
lemma POgen_mono: "mono(%X. POgen(X))"
|
|
298 |
apply (unfold POgen_def SIM_def)
|
|
299 |
apply (rule monoI)
|
|
300 |
apply blast
|
|
301 |
done
|
|
302 |
|
|
303 |
lemma POgenXH:
|
|
304 |
"<t,t'> : POgen(R) <-> t= bot | (t=true & t'=true) | (t=false & t'=false) |
|
|
305 |
(EX a a' b b'. t=<a,b> & t'=<a',b'> & <a,a'> : R & <b,b'> : R) |
|
|
306 |
(EX f f'. t=lam x. f(x) & t'=lam x. f'(x) & (ALL x. <f(x),f'(x)> : R))"
|
|
307 |
apply (unfold POgen_def SIM_def)
|
|
308 |
apply (rule iff_refl [THEN XHlemma2])
|
|
309 |
done
|
|
310 |
|
|
311 |
lemma poXH:
|
|
312 |
"t [= t' <-> t=bot | (t=true & t'=true) | (t=false & t'=false) |
|
|
313 |
(EX a a' b b'. t=<a,b> & t'=<a',b'> & a [= a' & b [= b') |
|
|
314 |
(EX f f'. t=lam x. f(x) & t'=lam x. f'(x) & (ALL x. f(x) [= f'(x)))"
|
|
315 |
apply (simp add: PO_iff del: ex_simps)
|
|
316 |
apply (rule POgen_mono
|
|
317 |
[THEN PO_def [THEN def_gfp_Tarski], THEN XHlemma1, unfolded POgen_def SIM_def])
|
|
318 |
apply (rule iff_refl [THEN XHlemma2])
|
|
319 |
done
|
|
320 |
|
|
321 |
lemma po_bot: "bot [= b"
|
|
322 |
apply (rule poXH [THEN iffD2])
|
|
323 |
apply simp
|
|
324 |
done
|
|
325 |
|
|
326 |
lemma bot_poleast: "a [= bot ==> a=bot"
|
|
327 |
apply (drule poXH [THEN iffD1])
|
|
328 |
apply simp
|
|
329 |
done
|
|
330 |
|
|
331 |
lemma po_pair: "<a,b> [= <a',b'> <-> a [= a' & b [= b'"
|
|
332 |
apply (rule poXH [THEN iff_trans])
|
|
333 |
apply simp
|
|
334 |
done
|
|
335 |
|
|
336 |
lemma po_lam: "lam x. f(x) [= lam x. f'(x) <-> (ALL x. f(x) [= f'(x))"
|
|
337 |
apply (rule poXH [THEN iff_trans])
|
|
338 |
apply fastsimp
|
|
339 |
done
|
|
340 |
|
|
341 |
lemmas ccl_porews = po_bot po_pair po_lam
|
|
342 |
|
|
343 |
lemma case_pocong:
|
|
344 |
assumes 1: "t [= t'"
|
|
345 |
and 2: "a [= a'"
|
|
346 |
and 3: "b [= b'"
|
|
347 |
and 4: "!!x y. c(x,y) [= c'(x,y)"
|
|
348 |
and 5: "!!u. d(u) [= d'(u)"
|
|
349 |
shows "case(t,a,b,c,d) [= case(t',a',b',c',d')"
|
|
350 |
apply (rule 1 [THEN po_cong, THEN po_trans])
|
|
351 |
apply (rule 2 [THEN po_cong, THEN po_trans])
|
|
352 |
apply (rule 3 [THEN po_cong, THEN po_trans])
|
|
353 |
apply (rule 4 [THEN po_abstractn, THEN po_abstractn, THEN po_cong, THEN po_trans])
|
|
354 |
apply (rule_tac f1 = "%d. case (t',a',b',c',d)" in
|
|
355 |
5 [THEN po_abstractn, THEN po_cong, THEN po_trans])
|
|
356 |
apply (rule po_refl)
|
|
357 |
done
|
|
358 |
|
|
359 |
lemma apply_pocong: "[| f [= f'; a [= a' |] ==> f ` a [= f' ` a'"
|
|
360 |
unfolding ccl_data_defs
|
|
361 |
apply (rule case_pocong, (rule po_refl | assumption)+)
|
|
362 |
apply (erule po_cong)
|
|
363 |
done
|
|
364 |
|
|
365 |
lemma npo_lam_bot: "~ lam x. b(x) [= bot"
|
|
366 |
apply (rule notI)
|
|
367 |
apply (drule bot_poleast)
|
|
368 |
apply (erule distinctness [THEN notE])
|
|
369 |
done
|
|
370 |
|
|
371 |
lemma po_lemma: "[| x=a; y=b; x[=y |] ==> a[=b"
|
|
372 |
by simp
|
|
373 |
|
|
374 |
lemma npo_pair_lam: "~ <a,b> [= lam x. f(x)"
|
|
375 |
apply (rule notI)
|
|
376 |
apply (rule npo_lam_bot [THEN notE])
|
|
377 |
apply (erule case_pocong [THEN caseBlam [THEN caseBpair [THEN po_lemma]]])
|
|
378 |
apply (rule po_refl npo_lam_bot)+
|
|
379 |
done
|
|
380 |
|
|
381 |
lemma npo_lam_pair: "~ lam x. f(x) [= <a,b>"
|
|
382 |
apply (rule notI)
|
|
383 |
apply (rule npo_lam_bot [THEN notE])
|
|
384 |
apply (erule case_pocong [THEN caseBpair [THEN caseBlam [THEN po_lemma]]])
|
|
385 |
apply (rule po_refl npo_lam_bot)+
|
|
386 |
done
|
|
387 |
|
|
388 |
ML {*
|
|
389 |
|
|
390 |
local
|
|
391 |
fun mk_thm s = prove_goal (the_context ()) s (fn _ =>
|
|
392 |
[rtac notI 1,dtac (thm "case_pocong") 1,etac rev_mp 5,
|
26342
|
393 |
ALLGOALS (simp_tac @{simpset}),
|
20140
|
394 |
REPEAT (resolve_tac [thm "po_refl", thm "npo_lam_bot"] 1)])
|
|
395 |
in
|
|
396 |
|
|
397 |
val npo_rls = [thm "npo_pair_lam", thm "npo_lam_pair"] @ map mk_thm
|
|
398 |
["~ true [= false", "~ false [= true",
|
|
399 |
"~ true [= <a,b>", "~ <a,b> [= true",
|
|
400 |
"~ true [= lam x. f(x)","~ lam x. f(x) [= true",
|
|
401 |
"~ false [= <a,b>", "~ <a,b> [= false",
|
|
402 |
"~ false [= lam x. f(x)","~ lam x. f(x) [= false"]
|
|
403 |
end;
|
|
404 |
|
|
405 |
bind_thms ("npo_rls", npo_rls);
|
|
406 |
*}
|
|
407 |
|
|
408 |
|
|
409 |
subsection {* Coinduction for @{text "[="} *}
|
|
410 |
|
|
411 |
lemma po_coinduct: "[| <t,u> : R; R <= POgen(R) |] ==> t [= u"
|
|
412 |
apply (rule PO_def [THEN def_coinduct, THEN PO_iff [THEN iffD2]])
|
|
413 |
apply assumption+
|
|
414 |
done
|
|
415 |
|
|
416 |
ML {*
|
27146
|
417 |
fun po_coinduct_tac s i = res_inst_tac [("R",s)] @{thm po_coinduct} i
|
20140
|
418 |
*}
|
|
419 |
|
|
420 |
|
|
421 |
subsection {* Equality *}
|
|
422 |
|
|
423 |
lemma EQgen_mono: "mono(%X. EQgen(X))"
|
|
424 |
apply (unfold EQgen_def SIM_def)
|
|
425 |
apply (rule monoI)
|
|
426 |
apply blast
|
|
427 |
done
|
|
428 |
|
|
429 |
lemma EQgenXH:
|
|
430 |
"<t,t'> : EQgen(R) <-> (t=bot & t'=bot) | (t=true & t'=true) |
|
|
431 |
(t=false & t'=false) |
|
|
432 |
(EX a a' b b'. t=<a,b> & t'=<a',b'> & <a,a'> : R & <b,b'> : R) |
|
|
433 |
(EX f f'. t=lam x. f(x) & t'=lam x. f'(x) & (ALL x.<f(x),f'(x)> : R))"
|
|
434 |
apply (unfold EQgen_def SIM_def)
|
|
435 |
apply (rule iff_refl [THEN XHlemma2])
|
|
436 |
done
|
|
437 |
|
|
438 |
lemma eqXH:
|
|
439 |
"t=t' <-> (t=bot & t'=bot) | (t=true & t'=true) | (t=false & t'=false) |
|
|
440 |
(EX a a' b b'. t=<a,b> & t'=<a',b'> & a=a' & b=b') |
|
|
441 |
(EX f f'. t=lam x. f(x) & t'=lam x. f'(x) & (ALL x. f(x)=f'(x)))"
|
|
442 |
apply (subgoal_tac "<t,t'> : EQ <-> (t=bot & t'=bot) | (t=true & t'=true) | (t=false & t'=false) | (EX a a' b b'. t=<a,b> & t'=<a',b'> & <a,a'> : EQ & <b,b'> : EQ) | (EX f f'. t=lam x. f (x) & t'=lam x. f' (x) & (ALL x. <f (x) ,f' (x) > : EQ))")
|
|
443 |
apply (erule rev_mp)
|
|
444 |
apply (simp add: EQ_iff [THEN iff_sym])
|
|
445 |
apply (rule EQgen_mono [THEN EQ_def [THEN def_gfp_Tarski], THEN XHlemma1,
|
|
446 |
unfolded EQgen_def SIM_def])
|
|
447 |
apply (rule iff_refl [THEN XHlemma2])
|
|
448 |
done
|
|
449 |
|
|
450 |
lemma eq_coinduct: "[| <t,u> : R; R <= EQgen(R) |] ==> t = u"
|
|
451 |
apply (rule EQ_def [THEN def_coinduct, THEN EQ_iff [THEN iffD2]])
|
|
452 |
apply assumption+
|
|
453 |
done
|
|
454 |
|
|
455 |
lemma eq_coinduct3:
|
|
456 |
"[| <t,u> : R; R <= EQgen(lfp(%x. EQgen(x) Un R Un EQ)) |] ==> t = u"
|
|
457 |
apply (rule EQ_def [THEN def_coinduct3, THEN EQ_iff [THEN iffD2]])
|
|
458 |
apply (rule EQgen_mono | assumption)+
|
|
459 |
done
|
|
460 |
|
|
461 |
ML {*
|
27146
|
462 |
fun eq_coinduct_tac s i = res_inst_tac [("R",s)] @{thm eq_coinduct} i
|
|
463 |
fun eq_coinduct3_tac s i = res_inst_tac [("R",s)] @{thm eq_coinduct3} i
|
20140
|
464 |
*}
|
|
465 |
|
|
466 |
|
|
467 |
subsection {* Untyped Case Analysis and Other Facts *}
|
|
468 |
|
|
469 |
lemma cond_eta: "(EX f. t=lam x. f(x)) ==> t = lam x.(t ` x)"
|
|
470 |
by (auto simp: apply_def)
|
|
471 |
|
|
472 |
lemma exhaustion: "(t=bot) | (t=true) | (t=false) | (EX a b. t=<a,b>) | (EX f. t=lam x. f(x))"
|
|
473 |
apply (cut_tac refl [THEN eqXH [THEN iffD1]])
|
|
474 |
apply blast
|
|
475 |
done
|
|
476 |
|
|
477 |
lemma term_case:
|
|
478 |
"[| P(bot); P(true); P(false); !!x y. P(<x,y>); !!b. P(lam x. b(x)) |] ==> P(t)"
|
|
479 |
using exhaustion [of t] by blast
|
17456
|
480 |
|
|
481 |
end
|