author | wenzelm |
Tue, 08 Jan 2002 21:02:15 +0100 | |
changeset 12678 | 4d36d8df29fa |
parent 9907 | 473a6604da94 |
child 12884 | 5d18148e9059 |
permissions | -rw-r--r-- |
9907 | 1 |
(* Title: ZF/WF.ML |
0 | 2 |
ID: $Id$ |
1461 | 3 |
Author: Tobias Nipkow and Lawrence C Paulson |
4515 | 4 |
Copyright 1998 University of Cambridge |
0 | 5 |
|
4515 | 6 |
Well-founded Recursion |
0 | 7 |
|
8 |
Derived first for transitive relations, and finally for arbitrary WF relations |
|
9 |
via wf_trancl and trans_trancl. |
|
10 |
||
11 |
It is difficult to derive this general case directly, using r^+ instead of |
|
12 |
r. In is_recfun, the two occurrences of the relation must have the same |
|
13 |
form. Inserting r^+ in the_recfun or wftrec yields a recursion rule with |
|
14 |
r^+ -`` {a} instead of r-``{a}. This recursion rule is stronger in |
|
15 |
principle, but harder to use, especially to prove wfrec_eclose_eq in |
|
16 |
epsilon.ML. Expanding out the definition of wftrec in wfrec would yield |
|
17 |
a mess. |
|
18 |
*) |
|
19 |
||
20 |
||
21 |
(*** Well-founded relations ***) |
|
22 |
||
435 | 23 |
(** Equivalences between wf and wf_on **) |
24 |
||
5147
825877190618
More tidying and removal of "\!\!... from Goal commands
paulson
parents:
5137
diff
changeset
|
25 |
Goalw [wf_def, wf_on_def] "wf(r) ==> wf[A](r)"; |
4515 | 26 |
by (Clarify_tac 1); (*essential for Blast_tac's efficiency*) |
3016 | 27 |
by (Blast_tac 1); |
760 | 28 |
qed "wf_imp_wf_on"; |
435 | 29 |
|
5147
825877190618
More tidying and removal of "\!\!... from Goal commands
paulson
parents:
5137
diff
changeset
|
30 |
Goalw [wf_def, wf_on_def] "wf[field(r)](r) ==> wf(r)"; |
2469 | 31 |
by (Fast_tac 1); |
760 | 32 |
qed "wf_on_field_imp_wf"; |
435 | 33 |
|
5067 | 34 |
Goal "wf(r) <-> wf[field(r)](r)"; |
4091 | 35 |
by (blast_tac (claset() addIs [wf_imp_wf_on, wf_on_field_imp_wf]) 1); |
760 | 36 |
qed "wf_iff_wf_on_field"; |
0 | 37 |
|
5147
825877190618
More tidying and removal of "\!\!... from Goal commands
paulson
parents:
5137
diff
changeset
|
38 |
Goalw [wf_on_def, wf_def] "[| wf[A](r); B<=A |] ==> wf[B](r)"; |
5265
9d1d4c43c76d
Disjointness reasoning by AddEs [equals0E, sym RS equals0E]
paulson
parents:
5147
diff
changeset
|
39 |
by (Fast_tac 1); |
760 | 40 |
qed "wf_on_subset_A"; |
435 | 41 |
|
5147
825877190618
More tidying and removal of "\!\!... from Goal commands
paulson
parents:
5137
diff
changeset
|
42 |
Goalw [wf_on_def, wf_def] "[| wf[A](r); s<=r |] ==> wf[A](s)"; |
5265
9d1d4c43c76d
Disjointness reasoning by AddEs [equals0E, sym RS equals0E]
paulson
parents:
5147
diff
changeset
|
43 |
by (Fast_tac 1); |
760 | 44 |
qed "wf_on_subset_r"; |
435 | 45 |
|
46 |
(** Introduction rules for wf_on **) |
|
47 |
||
48 |
(*If every non-empty subset of A has an r-minimal element then wf[A](r).*) |
|
5321 | 49 |
val [prem] = Goalw [wf_on_def, wf_def] |
435 | 50 |
"[| !!Z u. [| Z<=A; u:Z; ALL x:Z. EX y:Z. <y,x>:r |] ==> False |] \ |
51 |
\ ==> wf[A](r)"; |
|
0 | 52 |
by (rtac (equals0I RS disjCI RS allI) 1); |
435 | 53 |
by (res_inst_tac [ ("Z", "Z") ] prem 1); |
3016 | 54 |
by (ALLGOALS Blast_tac); |
760 | 55 |
qed "wf_onI"; |
0 | 56 |
|
435 | 57 |
(*If r allows well-founded induction over A then wf[A](r) |
58 |
Premise is equivalent to |
|
59 |
!!B. ALL x:A. (ALL y. <y,x>: r --> y:B) --> x:B ==> A<=B *) |
|
5321 | 60 |
val [prem] = Goal |
435 | 61 |
"[| !!y B. [| ALL x:A. (ALL y:A. <y,x>:r --> y:B) --> x:B; y:A \ |
62 |
\ |] ==> y:B |] \ |
|
63 |
\ ==> wf[A](r)"; |
|
437 | 64 |
by (rtac wf_onI 1); |
435 | 65 |
by (res_inst_tac [ ("c", "u") ] (prem RS DiffE) 1); |
66 |
by (contr_tac 3); |
|
3016 | 67 |
by (Blast_tac 2); |
2469 | 68 |
by (Fast_tac 1); |
760 | 69 |
qed "wf_onI2"; |
0 | 70 |
|
71 |
||
72 |
(** Well-founded Induction **) |
|
73 |
||
74 |
(*Consider the least z in domain(r) Un {a} such that P(z) does not hold...*) |
|
5321 | 75 |
val [major,minor] = Goalw [wf_def] |
0 | 76 |
"[| wf(r); \ |
77 |
\ !!x.[| ALL y. <y,x>: r --> P(y) |] ==> P(x) \ |
|
78 |
\ |] ==> P(a)"; |
|
79 |
by (res_inst_tac [ ("x", "{z:domain(r) Un {a}. ~P(z)}") ] (major RS allE) 1); |
|
80 |
by (etac disjE 1); |
|
4091 | 81 |
by (blast_tac (claset() addEs [equalityE]) 1); |
82 |
by (asm_full_simp_tac (simpset() addsimps [domainI]) 1); |
|
83 |
by (blast_tac (claset() addSDs [minor]) 1); |
|
760 | 84 |
qed "wf_induct"; |
0 | 85 |
|
86 |
(*Perform induction on i, then prove the wf(r) subgoal using prems. *) |
|
87 |
fun wf_ind_tac a prems i = |
|
88 |
EVERY [res_inst_tac [("a",a)] wf_induct i, |
|
1461 | 89 |
rename_last_tac a ["1"] (i+1), |
90 |
ares_tac prems i]; |
|
0 | 91 |
|
485 | 92 |
(*The form of this rule is designed to match wfI*) |
5321 | 93 |
val wfr::amem::prems = Goal |
0 | 94 |
"[| wf(r); a:A; field(r)<=A; \ |
95 |
\ !!x.[| x: A; ALL y. <y,x>: r --> P(y) |] ==> P(x) \ |
|
96 |
\ |] ==> P(a)"; |
|
97 |
by (rtac (amem RS rev_mp) 1); |
|
98 |
by (wf_ind_tac "a" [wfr] 1); |
|
99 |
by (rtac impI 1); |
|
100 |
by (eresolve_tac prems 1); |
|
4091 | 101 |
by (blast_tac (claset() addIs (prems RL [subsetD])) 1); |
760 | 102 |
qed "wf_induct2"; |
0 | 103 |
|
9180 | 104 |
Goal "field(r Int A*A) <= A"; |
3016 | 105 |
by (Blast_tac 1); |
760 | 106 |
qed "field_Int_square"; |
435 | 107 |
|
5321 | 108 |
val wfr::amem::prems = Goalw [wf_on_def] |
1461 | 109 |
"[| wf[A](r); a:A; \ |
110 |
\ !!x.[| x: A; ALL y:A. <y,x>: r --> P(y) |] ==> P(x) \ |
|
435 | 111 |
\ |] ==> P(a)"; |
112 |
by (rtac ([wfr, amem, field_Int_square] MRS wf_induct2) 1); |
|
113 |
by (REPEAT (ares_tac prems 1)); |
|
3016 | 114 |
by (Blast_tac 1); |
760 | 115 |
qed "wf_on_induct"; |
435 | 116 |
|
117 |
fun wf_on_ind_tac a prems i = |
|
118 |
EVERY [res_inst_tac [("a",a)] wf_on_induct i, |
|
1461 | 119 |
rename_last_tac a ["1"] (i+2), |
120 |
REPEAT (ares_tac prems i)]; |
|
435 | 121 |
|
122 |
(*If r allows well-founded induction then wf(r)*) |
|
5321 | 123 |
val [subs,indhyp] = Goal |
435 | 124 |
"[| field(r)<=A; \ |
125 |
\ !!y B. [| ALL x:A. (ALL y:A. <y,x>:r --> y:B) --> x:B; y:A \ |
|
126 |
\ |] ==> y:B |] \ |
|
127 |
\ ==> wf(r)"; |
|
437 | 128 |
by (rtac ([wf_onI2, subs] MRS (wf_on_subset_A RS wf_on_field_imp_wf)) 1); |
435 | 129 |
by (REPEAT (ares_tac [indhyp] 1)); |
760 | 130 |
qed "wfI"; |
435 | 131 |
|
132 |
||
133 |
(*** Properties of well-founded relations ***) |
|
134 |
||
5137 | 135 |
Goal "wf(r) ==> <a,a> ~: r"; |
435 | 136 |
by (wf_ind_tac "a" [] 1); |
3016 | 137 |
by (Blast_tac 1); |
760 | 138 |
qed "wf_not_refl"; |
435 | 139 |
|
5452 | 140 |
Goal "wf(r) ==> ALL x. <a,x>:r --> <x,a> ~: r"; |
141 |
by (wf_ind_tac "a" [] 1); |
|
3016 | 142 |
by (Blast_tac 1); |
5452 | 143 |
qed_spec_mp "wf_not_sym"; |
144 |
||
145 |
(* [| wf(r); <a,x> : r; ~P ==> <x,a> : r |] ==> P *) |
|
146 |
bind_thm ("wf_asym", wf_not_sym RS swap); |
|
0 | 147 |
|
5137 | 148 |
Goal "[| wf[A](r); a: A |] ==> <a,a> ~: r"; |
435 | 149 |
by (wf_on_ind_tac "a" [] 1); |
3016 | 150 |
by (Blast_tac 1); |
760 | 151 |
qed "wf_on_not_refl"; |
435 | 152 |
|
5452 | 153 |
Goal "[| wf[A](r); a:A; b:A |] ==> <a,b>:r --> <b,a>~:r"; |
154 |
by (res_inst_tac [("x","b")] bspec 1); |
|
155 |
by (assume_tac 2); |
|
156 |
by (wf_on_ind_tac "a" [] 1); |
|
3016 | 157 |
by (Blast_tac 1); |
5452 | 158 |
qed_spec_mp "wf_on_not_sym"; |
159 |
||
9173 | 160 |
(* [| wf[A](r); ~Z ==> <a,b> : r; |
161 |
<b,a> ~: r ==> Z; ~Z ==> a : A; ~Z ==> b : A |] ==> Z *) |
|
162 |
bind_thm ("wf_on_asym", permute_prems 1 2 (cla_make_elim wf_on_not_sym)); |
|
435 | 163 |
|
164 |
(*Needed to prove well_ordI. Could also reason that wf[A](r) means |
|
165 |
wf(r Int A*A); thus wf( (r Int A*A)^+ ) and use wf_not_refl *) |
|
5147
825877190618
More tidying and removal of "\!\!... from Goal commands
paulson
parents:
5137
diff
changeset
|
166 |
Goal "[| wf[A](r); <a,b>:r; <b,c>:r; <c,a>:r; a:A; b:A; c:A |] ==> P"; |
825877190618
More tidying and removal of "\!\!... from Goal commands
paulson
parents:
5137
diff
changeset
|
167 |
by (subgoal_tac "ALL y:A. ALL z:A. <a,y>:r --> <y,z>:r --> <z,a>:r --> P" 1); |
435 | 168 |
by (wf_on_ind_tac "a" [] 2); |
3016 | 169 |
by (Blast_tac 2); |
170 |
by (Blast_tac 1); |
|
760 | 171 |
qed "wf_on_chain3"; |
435 | 172 |
|
173 |
||
174 |
(*retains the universal formula for later use!*) |
|
175 |
val bchain_tac = EVERY' [rtac (bspec RS mp), assume_tac, assume_tac ]; |
|
176 |
||
177 |
(*transitive closure of a WF relation is WF provided A is downwards closed*) |
|
9907 | 178 |
val [wfr,subs] = goal (the_context ()) |
435 | 179 |
"[| wf[A](r); r-``A <= A |] ==> wf[A](r^+)"; |
437 | 180 |
by (rtac wf_onI2 1); |
435 | 181 |
by (bchain_tac 1); |
182 |
by (eres_inst_tac [("a","y")] (wfr RS wf_on_induct) 1); |
|
183 |
by (cut_facts_tac [subs] 1); |
|
4091 | 184 |
by (blast_tac (claset() addEs [tranclE]) 1); |
760 | 185 |
qed "wf_on_trancl"; |
435 | 186 |
|
5137 | 187 |
Goal "wf(r) ==> wf(r^+)"; |
4091 | 188 |
by (asm_full_simp_tac (simpset() addsimps [wf_iff_wf_on_field]) 1); |
437 | 189 |
by (rtac (trancl_type RS field_rel_subset RSN (2, wf_on_subset_A)) 1); |
190 |
by (etac wf_on_trancl 1); |
|
3016 | 191 |
by (Blast_tac 1); |
760 | 192 |
qed "wf_trancl"; |
0 | 193 |
|
435 | 194 |
|
195 |
||
0 | 196 |
(** r-``{a} is the set of everything under a in r **) |
197 |
||
6112 | 198 |
bind_thm ("underI", vimage_singleton_iff RS iffD2); |
199 |
bind_thm ("underD", vimage_singleton_iff RS iffD1); |
|
0 | 200 |
|
201 |
(** is_recfun **) |
|
202 |
||
5321 | 203 |
Goalw [is_recfun_def] "is_recfun(r,a,H,f) ==> f: r-``{a} -> range(f)"; |
204 |
by (etac ssubst 1); |
|
0 | 205 |
by (rtac (lamI RS rangeI RS lam_type) 1); |
206 |
by (assume_tac 1); |
|
760 | 207 |
qed "is_recfun_type"; |
0 | 208 |
|
9907 | 209 |
val [isrec,rel] = goalw (the_context ()) [is_recfun_def] |
0 | 210 |
"[| is_recfun(r,a,H,f); <x,a>:r |] ==> f`x = H(x, restrict(f,r-``{x}))"; |
443
10884e64c241
added parentheses made necessary by new constrain precedence
clasohm
parents:
437
diff
changeset
|
211 |
by (res_inst_tac [("P", "%x.?t(x) = (?u::i)")] (isrec RS ssubst) 1); |
0 | 212 |
by (rtac (rel RS underI RS beta) 1); |
760 | 213 |
qed "apply_recfun"; |
0 | 214 |
|
215 |
(*eresolve_tac transD solves <a,b>:r using transitivity AT MOST ONCE |
|
216 |
spec RS mp instantiates induction hypotheses*) |
|
217 |
fun indhyp_tac hyps = |
|
6112 | 218 |
resolve_tac (TrueI::refl::reflexive_thm::hyps) ORELSE' |
0 | 219 |
(cut_facts_tac hyps THEN' |
220 |
DEPTH_SOLVE_1 o (ares_tac [TrueI, ballI] ORELSE' |
|
1461 | 221 |
eresolve_tac [underD, transD, spec RS mp])); |
0 | 222 |
|
6
8ce8c4d13d4d
Installation of new simplifier for ZF. Deleted all congruence rules not
lcp
parents:
0
diff
changeset
|
223 |
(*** NOTE! some simplifications need a different solver!! ***) |
7570 | 224 |
val wf_super_ss = simpset() setSolver (mk_solver "WF" indhyp_tac); |
0 | 225 |
|
5147
825877190618
More tidying and removal of "\!\!... from Goal commands
paulson
parents:
5137
diff
changeset
|
226 |
Goalw [is_recfun_def] |
0 | 227 |
"[| wf(r); trans(r); is_recfun(r,a,H,f); is_recfun(r,b,H,g) |] ==> \ |
228 |
\ <x,a>:r --> <x,b>:r --> f`x=g`x"; |
|
5147
825877190618
More tidying and removal of "\!\!... from Goal commands
paulson
parents:
5137
diff
changeset
|
229 |
by (wf_ind_tac "x" [] 1); |
0 | 230 |
by (REPEAT (rtac impI 1 ORELSE etac ssubst 1)); |
231 |
by (rewtac restrict_def); |
|
6
8ce8c4d13d4d
Installation of new simplifier for ZF. Deleted all congruence rules not
lcp
parents:
0
diff
changeset
|
232 |
by (asm_simp_tac (wf_super_ss addsimps [vimage_singleton_iff]) 1); |
6112 | 233 |
qed_spec_mp "is_recfun_equal"; |
0 | 234 |
|
9907 | 235 |
val prems as [wfr,transr,recf,recg,_] = goal (the_context ()) |
0 | 236 |
"[| wf(r); trans(r); \ |
237 |
\ is_recfun(r,a,H,f); is_recfun(r,b,H,g); <b,a>:r |] ==> \ |
|
238 |
\ restrict(f, r-``{b}) = g"; |
|
239 |
by (cut_facts_tac prems 1); |
|
240 |
by (rtac (consI1 RS restrict_type RS fun_extension) 1); |
|
241 |
by (etac is_recfun_type 1); |
|
242 |
by (ALLGOALS |
|
6
8ce8c4d13d4d
Installation of new simplifier for ZF. Deleted all congruence rules not
lcp
parents:
0
diff
changeset
|
243 |
(asm_simp_tac (wf_super_ss addsimps |
1461 | 244 |
[ [wfr,transr,recf,recg] MRS is_recfun_equal ]))); |
760 | 245 |
qed "is_recfun_cut"; |
0 | 246 |
|
247 |
(*** Main Existence Lemma ***) |
|
248 |
||
5321 | 249 |
Goal "[| wf(r); trans(r); is_recfun(r,a,H,f); is_recfun(r,a,H,g) |] ==> f=g"; |
0 | 250 |
by (rtac fun_extension 1); |
251 |
by (REPEAT (ares_tac [is_recfun_equal] 1 |
|
252 |
ORELSE eresolve_tac [is_recfun_type,underD] 1)); |
|
760 | 253 |
qed "is_recfun_functional"; |
0 | 254 |
|
255 |
(*If some f satisfies is_recfun(r,a,H,-) then so does the_recfun(r,a,H) *) |
|
5321 | 256 |
Goalw [the_recfun_def] |
0 | 257 |
"[| is_recfun(r,a,H,f); wf(r); trans(r) |] \ |
258 |
\ ==> is_recfun(r, a, H, the_recfun(r,a,H))"; |
|
259 |
by (rtac (ex1I RS theI) 1); |
|
5321 | 260 |
by (REPEAT (ares_tac [is_recfun_functional] 1)); |
760 | 261 |
qed "is_the_recfun"; |
0 | 262 |
|
5321 | 263 |
Goal "[| wf(r); trans(r) |] ==> is_recfun(r, a, H, the_recfun(r,a,H))"; |
264 |
by (wf_ind_tac "a" [] 1); |
|
0 | 265 |
by (res_inst_tac [("f", "lam y: r-``{a1}. wftrec(r,y,H)")] is_the_recfun 1); |
266 |
by (REPEAT (assume_tac 2)); |
|
267 |
by (rewrite_goals_tac [is_recfun_def, wftrec_def]); |
|
268 |
(*Applying the substitution: must keep the quantified assumption!!*) |
|
6
8ce8c4d13d4d
Installation of new simplifier for ZF. Deleted all congruence rules not
lcp
parents:
0
diff
changeset
|
269 |
by (REPEAT (dtac underD 1 ORELSE resolve_tac [refl, lam_cong] 1)); |
0 | 270 |
by (fold_tac [is_recfun_def]); |
6
8ce8c4d13d4d
Installation of new simplifier for ZF. Deleted all congruence rules not
lcp
parents:
0
diff
changeset
|
271 |
by (rtac (consI1 RS restrict_type RSN (2,fun_extension) RS subst_context) 1); |
0 | 272 |
by (rtac is_recfun_type 1); |
273 |
by (ALLGOALS |
|
6
8ce8c4d13d4d
Installation of new simplifier for ZF. Deleted all congruence rules not
lcp
parents:
0
diff
changeset
|
274 |
(asm_simp_tac |
8ce8c4d13d4d
Installation of new simplifier for ZF. Deleted all congruence rules not
lcp
parents:
0
diff
changeset
|
275 |
(wf_super_ss addsimps [underI RS beta, apply_recfun, is_recfun_cut]))); |
760 | 276 |
qed "unfold_the_recfun"; |
0 | 277 |
|
278 |
||
279 |
(*** Unfolding wftrec ***) |
|
280 |
||
5147
825877190618
More tidying and removal of "\!\!... from Goal commands
paulson
parents:
5137
diff
changeset
|
281 |
Goal "[| wf(r); trans(r); <b,a>:r |] ==> \ |
825877190618
More tidying and removal of "\!\!... from Goal commands
paulson
parents:
5137
diff
changeset
|
282 |
\ restrict(the_recfun(r,a,H), r-``{b}) = the_recfun(r,b,H)"; |
825877190618
More tidying and removal of "\!\!... from Goal commands
paulson
parents:
5137
diff
changeset
|
283 |
by (REPEAT (ares_tac [is_recfun_cut, unfold_the_recfun] 1)); |
760 | 284 |
qed "the_recfun_cut"; |
0 | 285 |
|
4515 | 286 |
(*NOT SUITABLE FOR REWRITING: it is recursive!*) |
5067 | 287 |
Goalw [wftrec_def] |
5147
825877190618
More tidying and removal of "\!\!... from Goal commands
paulson
parents:
5137
diff
changeset
|
288 |
"[| wf(r); trans(r) |] ==> \ |
6
8ce8c4d13d4d
Installation of new simplifier for ZF. Deleted all congruence rules not
lcp
parents:
0
diff
changeset
|
289 |
\ wftrec(r,a,H) = H(a, lam x: r-``{a}. wftrec(r,x,H))"; |
2033 | 290 |
by (stac (rewrite_rule [is_recfun_def] unfold_the_recfun) 1); |
4515 | 291 |
by (ALLGOALS |
292 |
(asm_simp_tac |
|
293 |
(simpset() addsimps [vimage_singleton_iff RS iff_sym, the_recfun_cut]))); |
|
760 | 294 |
qed "wftrec"; |
0 | 295 |
|
296 |
(** Removal of the premise trans(r) **) |
|
297 |
||
4515 | 298 |
(*NOT SUITABLE FOR REWRITING: it is recursive!*) |
9907 | 299 |
val [wfr] = goalw (the_context ()) [wfrec_def] |
0 | 300 |
"wf(r) ==> wfrec(r,a,H) = H(a, lam x:r-``{a}. wfrec(r,x,H))"; |
2033 | 301 |
by (stac (wfr RS wf_trancl RS wftrec) 1); |
0 | 302 |
by (rtac trans_trancl 1); |
6
8ce8c4d13d4d
Installation of new simplifier for ZF. Deleted all congruence rules not
lcp
parents:
0
diff
changeset
|
303 |
by (rtac (vimage_pair_mono RS restrict_lam_eq RS subst_context) 1); |
0 | 304 |
by (etac r_into_trancl 1); |
305 |
by (rtac subset_refl 1); |
|
760 | 306 |
qed "wfrec"; |
0 | 307 |
|
308 |
(*This form avoids giant explosions in proofs. NOTE USE OF == *) |
|
5321 | 309 |
val rew::prems = Goal |
0 | 310 |
"[| !!x. h(x)==wfrec(r,x,H); wf(r) |] ==> \ |
311 |
\ h(a) = H(a, lam x: r-``{a}. h(x))"; |
|
312 |
by (rewtac rew); |
|
313 |
by (REPEAT (resolve_tac (prems@[wfrec]) 1)); |
|
760 | 314 |
qed "def_wfrec"; |
0 | 315 |
|
5321 | 316 |
val prems = Goal |
0 | 317 |
"[| wf(r); a:A; field(r)<=A; \ |
318 |
\ !!x u. [| x: A; u: Pi(r-``{x}, B) |] ==> H(x,u) : B(x) \ |
|
319 |
\ |] ==> wfrec(r,a,H) : B(a)"; |
|
320 |
by (res_inst_tac [("a","a")] wf_induct2 1); |
|
2033 | 321 |
by (stac wfrec 4); |
0 | 322 |
by (REPEAT (ares_tac (prems@[lam_type]) 1 |
323 |
ORELSE eresolve_tac [spec RS mp, underD] 1)); |
|
760 | 324 |
qed "wfrec_type"; |
435 | 325 |
|
326 |
||
5067 | 327 |
Goalw [wf_on_def, wfrec_on_def] |
5147
825877190618
More tidying and removal of "\!\!... from Goal commands
paulson
parents:
5137
diff
changeset
|
328 |
"[| wf[A](r); a: A |] ==> \ |
435 | 329 |
\ wfrec[A](r,a,H) = H(a, lam x: (r-``{a}) Int A. wfrec[A](r,x,H))"; |
437 | 330 |
by (etac (wfrec RS trans) 1); |
4091 | 331 |
by (asm_simp_tac (simpset() addsimps [vimage_Int_square, cons_subset_iff]) 1); |
760 | 332 |
qed "wfrec_on"; |
435 | 333 |
|
9883 | 334 |
(*---------------------------------------------------------------------------- |
335 |
* Minimal-element characterization of well-foundedness |
|
336 |
*---------------------------------------------------------------------------*) |
|
337 |
||
338 |
Goalw [wf_def] "wf(r) ==> x:Q --> (EX z:Q. ALL y. <y,z>:r --> y~:Q)"; |
|
339 |
by (dtac spec 1); |
|
340 |
by (Blast_tac 1); |
|
341 |
val lemma1 = result(); |
|
342 |
||
343 |
Goalw [wf_def] |
|
344 |
"(ALL Q x. x:Q --> (EX z:Q. ALL y. <y,z>:r --> y~:Q)) ==> wf(r)"; |
|
345 |
by (Clarify_tac 1); |
|
346 |
by (Blast_tac 1); |
|
347 |
val lemma2 = result(); |
|
348 |
||
349 |
Goal "wf(r) <-> (ALL Q x. x:Q --> (EX z:Q. ALL y. <y,z>:r --> y~:Q))"; |
|
350 |
by (blast_tac (claset() addSIs [lemma1, lemma2]) 1); |
|
351 |
qed "wf_eq_minimal"; |
|
352 |