author  wenzelm 
Thu, 28 Feb 2013 13:54:45 +0100  
changeset 51307  943ad9c0d99d 
parent 47966  b8a94ed1646e 
child 51670  d721d21e6374 
permissions  rwrr 
17456  1 
(* Title: CCL/CCL.thy 
1474  2 
Author: Martin Coen 
0  3 
Copyright 1993 University of Cambridge 
4 
*) 

5 

17456  6 
header {* Classical Computational Logic for Untyped Lambda Calculus 
7 
with reduction to weak headnormal form *} 

0  8 

17456  9 
theory CCL 
10 
imports Gfp 

11 
begin 

0  12 

17456  13 
text {* 
14 
Based on FOL extended with set collection, a primitive higherorder 

15 
logic. HOL is too strong  descriptions prevent a type of programs 

16 
being defined which contains only executable terms. 

17 
*} 

0  18 

17456  19 
classes prog < "term" 
36452  20 
default_sort prog 
17456  21 

24825  22 
arities "fun" :: (prog, prog) prog 
17456  23 

24 
typedecl i 

25 
arities i :: prog 

26 

0  27 

28 
consts 

29 
(*** Evaluation Judgement ***) 

24825  30 
Eval :: "[i,i]=>prop" (infixl ">" 20) 
0  31 

32 
(*** Bisimulations for preorder and equality ***) 

24825  33 
po :: "['a,'a]=>o" (infixl "[=" 50) 
0  34 
SIM :: "[i,i,i set]=>o" 
17456  35 
POgen :: "i set => i set" 
36 
EQgen :: "i set => i set" 

37 
PO :: "i set" 

38 
EQ :: "i set" 

0  39 

40 
(*** Term Formers ***) 

17456  41 
true :: "i" 
42 
false :: "i" 

0  43 
pair :: "[i,i]=>i" ("(1<_,/_>)") 
44 
lambda :: "(i=>i)=>i" (binder "lam " 55) 

17456  45 
"case" :: "[i,i,i,[i,i]=>i,(i=>i)=>i]=>i" 
24825  46 
"apply" :: "[i,i]=>i" (infixl "`" 56) 
0  47 
bot :: "i" 
17456  48 
"fix" :: "(i=>i)=>i" 
0  49 

50 
(*** Defined Predicates ***) 

17456  51 
Trm :: "i => o" 
52 
Dvg :: "i => o" 

0  53 

54 
(******* EVALUATION SEMANTICS *******) 

55 

56 
(** This is the evaluation semantics from which the axioms below were derived. **) 

57 
(** It is included here just as an evaluator for FUN and has no influence on **) 

58 
(** inference in the theory CCL. **) 

59 

51307  60 
axiomatization where 
61 
trueV: "true > true" and 

62 
falseV: "false > false" and 

63 
pairV: "<a,b> > <a,b>" and 

64 
lamV: "\<And>b. lam x. b(x) > lam x. b(x)" and 

65 

66 
caseVtrue: "[ t > true; d > c ] ==> case(t,d,e,f,g) > c" and 

67 
caseVfalse: "[ t > false; e > c ] ==> case(t,d,e,f,g) > c" and 

68 
caseVpair: "[ t > <a,b>; f(a,b) > c ] ==> case(t,d,e,f,g) > c" and 

69 
caseVlam: "\<And>b. [ t > lam x. b(x); g(b) > c ] ==> case(t,d,e,f,g) > c" 

0  70 

71 
(*** Properties of evaluation: note that "t > c" impies that c is canonical ***) 

72 

51307  73 
axiomatization where 
17456  74 
canonical: "[ t > c; c==true ==> u>v; 
75 
c==false ==> u>v; 

76 
!!a b. c==<a,b> ==> u>v; 

77 
!!f. c==lam x. f(x) ==> u>v ] ==> 

1149  78 
u>v" 
0  79 

80 
(* Should be derivable  but probably a bitch! *) 

51307  81 
axiomatization where 
17456  82 
substitute: "[ a==a'; t(a)>c(a) ] ==> t(a')>c(a')" 
0  83 

84 
(************** LOGIC ***************) 

85 

86 
(*** Definitions used in the following rules ***) 

87 

51307  88 
axiomatization where 
89 
bot_def: "bot == (lam x. x`x)`(lam x. x`x)" and 

17456  90 
apply_def: "f ` t == case(f,bot,bot,%x y. bot,%u. u(t))" 
42156  91 

92 
defs 

17456  93 
fix_def: "fix(f) == (lam x. f(x`x))`(lam x. f(x`x))" 
0  94 

95 
(* The preorder ([=) is defined as a simulation, and behavioural equivalence (=) *) 

96 
(* as a bisimulation. They can both be expressed as (bi)simulations up to *) 

97 
(* behavioural equivalence (ie the relations PO and EQ defined below). *) 

98 

17456  99 
SIM_def: 
100 
"SIM(t,t',R) == (t=true & t'=true)  (t=false & t'=false)  

101 
(EX a a' b b'. t=<a,b> & t'=<a',b'> & <a,a'> : R & <b,b'> : R)  

3837  102 
(EX f f'. t=lam x. f(x) & t'=lam x. f'(x) & (ALL x.<f(x),f'(x)> : R))" 
0  103 

17456  104 
POgen_def: "POgen(R) == {p. EX t t'. p=<t,t'> & (t = bot  SIM(t,t',R))}" 
105 
EQgen_def: "EQgen(R) == {p. EX t t'. p=<t,t'> & (t = bot & t' = bot  SIM(t,t',R))}" 

0  106 

17456  107 
PO_def: "PO == gfp(POgen)" 
108 
EQ_def: "EQ == gfp(EQgen)" 

0  109 

110 
(*** Rules ***) 

111 

112 
(** Partial Order **) 

113 

51307  114 
axiomatization where 
115 
po_refl: "a [= a" and 

116 
po_trans: "[ a [= b; b [= c ] ==> a [= c" and 

117 
po_cong: "a [= b ==> f(a) [= f(b)" and 

0  118 

119 
(* Extend definition of [= to program fragments of higher type *) 

17456  120 
po_abstractn: "(!!x. f(x) [= g(x)) ==> (%x. f(x)) [= (%x. g(x))" 
0  121 

122 
(** Equality  equivalence axioms inherited from FOL.thy **) 

123 
(**  congruence of "=" is axiomatised implicitly **) 

124 

51307  125 
axiomatization where 
17456  126 
eq_iff: "t = t' <> t [= t' & t' [= t" 
0  127 

128 
(** Properties of canonical values given by greatest fixed point definitions **) 

17456  129 

51307  130 
axiomatization where 
131 
PO_iff: "t [= t' <> <t,t'> : PO" and 

17456  132 
EQ_iff: "t = t' <> <t,t'> : EQ" 
0  133 

134 
(** Behaviour of noncanonical terms (ie case) given by the following betarules **) 

135 

51307  136 
axiomatization where 
137 
caseBtrue: "case(true,d,e,f,g) = d" and 

138 
caseBfalse: "case(false,d,e,f,g) = e" and 

139 
caseBpair: "case(<a,b>,d,e,f,g) = f(a,b)" and 

140 
caseBlam: "\<And>b. case(lam x. b(x),d,e,f,g) = g(b)" and 

141 
caseBbot: "case(bot,d,e,f,g) = bot" (* strictness *) 

0  142 

143 
(** The theory is nontrivial **) 

51307  144 
axiomatization where 
17456  145 
distinctness: "~ lam x. b(x) = bot" 
0  146 

147 
(*** Definitions of Termination and Divergence ***) 

148 

42156  149 
defs 
17456  150 
Dvg_def: "Dvg(t) == t = bot" 
151 
Trm_def: "Trm(t) == ~ Dvg(t)" 

0  152 

17456  153 
text {* 
0  154 
Would be interesting to build a similar theory for a typed programming language: 
155 
ie. true :: bool, fix :: ('a=>'a)=>'a etc...... 

156 

157 
This is starting to look like LCF. 

17456  158 
What are the advantages of this approach? 
159 
 less axiomatic 

0  160 
 wfd induction / coinduction and fixed point induction available 
17456  161 
*} 
162 

20140  163 

164 
lemmas ccl_data_defs = apply_def fix_def 

32153
a0e57fb1b930
misc modernization: proper method setup instead of adhoc ML proofs;
wenzelm
parents:
32149
diff
changeset

165 

a0e57fb1b930
misc modernization: proper method setup instead of adhoc ML proofs;
wenzelm
parents:
32149
diff
changeset

166 
declare po_refl [simp] 
20140  167 

168 

169 
subsection {* Congruence Rules *} 

170 

171 
(*similar to AP_THM in Gordon's HOL*) 

172 
lemma fun_cong: "(f::'a=>'b) = g ==> f(x)=g(x)" 

173 
by simp 

174 

175 
(*similar to AP_TERM in Gordon's HOL and FOL's subst_context*) 

176 
lemma arg_cong: "x=y ==> f(x)=f(y)" 

177 
by simp 

178 

179 
lemma abstractn: "(!!x. f(x) = g(x)) ==> f = g" 

180 
apply (simp add: eq_iff) 

181 
apply (blast intro: po_abstractn) 

182 
done 

183 

184 
lemmas caseBs = caseBtrue caseBfalse caseBpair caseBlam caseBbot 

185 

186 

187 
subsection {* Termination and Divergence *} 

188 

189 
lemma Trm_iff: "Trm(t) <> ~ t = bot" 

190 
by (simp add: Trm_def Dvg_def) 

191 

192 
lemma Dvg_iff: "Dvg(t) <> t = bot" 

193 
by (simp add: Trm_def Dvg_def) 

194 

195 

196 
subsection {* Constructors are injective *} 

197 

198 
lemma eq_lemma: "[ x=a; y=b; x=y ] ==> a=b" 

199 
by simp 

200 

201 
ML {* 

32154  202 
fun inj_rl_tac ctxt rews i = 
24825  203 
let 
204 
fun mk_inj_lemmas r = [@{thm arg_cong}] RL [r RS (r RS @{thm eq_lemma})] 

32153
a0e57fb1b930
misc modernization: proper method setup instead of adhoc ML proofs;
wenzelm
parents:
32149
diff
changeset

205 
val inj_lemmas = maps mk_inj_lemmas rews 
32154  206 
in 
35409  207 
CHANGED (REPEAT (ares_tac [@{thm iffI}, @{thm allI}, @{thm conjI}] i ORELSE 
32154  208 
eresolve_tac inj_lemmas i ORELSE 
209 
asm_simp_tac (simpset_of ctxt addsimps rews) i)) 

210 
end; 

20140  211 
*} 
212 

32154  213 
method_setup inj_rl = {* 
214 
Attrib.thms >> (fn rews => fn ctxt => SIMPLE_METHOD' (inj_rl_tac ctxt rews)) 

42814  215 
*} 
32154  216 

217 
lemma ccl_injs: 

218 
"<a,b> = <a',b'> <> (a=a' & b=b')" 

219 
"!!b b'. (lam x. b(x) = lam x. b'(x)) <> ((ALL z. b(z)=b'(z)))" 

220 
by (inj_rl caseBs) 

20140  221 

222 

223 
lemma pair_inject: "<a,b> = <a',b'> \<Longrightarrow> (a = a' \<Longrightarrow> b = b' \<Longrightarrow> R) \<Longrightarrow> R" 

224 
by (simp add: ccl_injs) 

225 

226 

227 
subsection {* Constructors are distinct *} 

228 

229 
lemma lem: "t=t' ==> case(t,b,c,d,e) = case(t',b,c,d,e)" 

230 
by simp 

231 

232 
ML {* 

233 

234 
local 

235 
fun pairs_of f x [] = [] 

236 
 pairs_of f x (y::ys) = (f x y) :: (f y x) :: (pairs_of f x ys) 

237 

238 
fun mk_combs ff [] = [] 

239 
 mk_combs ff (x::xs) = (pairs_of ff x xs) @ mk_combs ff xs 

240 

241 
(* Doesn't handle binder types correctly *) 

242 
fun saturate thy sy name = 

243 
let fun arg_str 0 a s = s 

244 
 arg_str 1 a s = "(" ^ a ^ "a" ^ s ^ ")" 

245 
 arg_str n a s = arg_str (n1) a ("," ^ a ^ (chr((ord "a")+n1)) ^ s) 

246 
val T = Sign.the_const_type thy (Sign.intern_const thy sy); 

40844  247 
val arity = length (binder_types T) 
20140  248 
in sy ^ (arg_str arity name "") end 
249 

250 
fun mk_thm_str thy a b = "~ " ^ (saturate thy a "a") ^ " = " ^ (saturate thy b "b") 

251 

39159  252 
val lemma = @{thm lem}; 
253 
val eq_lemma = @{thm eq_lemma}; 

254 
val distinctness = @{thm distinctness}; 

42480  255 
fun mk_lemma (ra,rb) = 
256 
[lemma] RL [ra RS (rb RS eq_lemma)] RL 

257 
[distinctness RS @{thm notE}, @{thm sym} RS (distinctness RS @{thm notE})] 

20140  258 
in 
32153
a0e57fb1b930
misc modernization: proper method setup instead of adhoc ML proofs;
wenzelm
parents:
32149
diff
changeset

259 
fun mk_lemmas rls = maps mk_lemma (mk_combs pair rls) 
20140  260 
fun mk_dstnct_rls thy xs = mk_combs (mk_thm_str thy) xs 
261 
end 

262 

263 
*} 

264 

265 
ML {* 

266 

32010  267 
val caseB_lemmas = mk_lemmas @{thms caseBs} 
20140  268 

269 
val ccl_dstncts = 

32175  270 
let 
271 
fun mk_raw_dstnct_thm rls s = 

272 
Goal.prove_global @{theory} [] [] (Syntax.read_prop_global @{theory} s) 

35409  273 
(fn _=> rtac @{thm notI} 1 THEN eresolve_tac rls 1) 
32175  274 
in map (mk_raw_dstnct_thm caseB_lemmas) 
275 
(mk_dstnct_rls @{theory} ["bot","true","false","pair","lambda"]) end 

20140  276 

277 
fun mk_dstnct_thms thy defs inj_rls xs = 

32175  278 
let 
279 
fun mk_dstnct_thm rls s = 

280 
Goal.prove_global thy [] [] (Syntax.read_prop_global thy s) 

281 
(fn _ => 

282 
rewrite_goals_tac defs THEN 

283 
simp_tac (global_simpset_of thy addsimps (rls @ inj_rls)) 1) 

32149
ef59550a55d3
renamed simpset_of to global_simpset_of, and local_simpset_of to simpset_of  same for claset and clasimpset;
wenzelm
parents:
32010
diff
changeset

284 
in map (mk_dstnct_thm ccl_dstncts) (mk_dstnct_rls thy xs) end 
20140  285 

32153
a0e57fb1b930
misc modernization: proper method setup instead of adhoc ML proofs;
wenzelm
parents:
32149
diff
changeset

286 
fun mkall_dstnct_thms thy defs i_rls xss = maps (mk_dstnct_thms thy defs i_rls) xss 
20140  287 

288 
(*** Rewriting and Proving ***) 

289 

42480  290 
fun XH_to_I rl = rl RS @{thm iffD2} 
291 
fun XH_to_D rl = rl RS @{thm iffD1} 

20140  292 
val XH_to_E = make_elim o XH_to_D 
293 
val XH_to_Is = map XH_to_I 

294 
val XH_to_Ds = map XH_to_D 

295 
val XH_to_Es = map XH_to_E; 

296 

32154  297 
bind_thms ("ccl_rews", @{thms caseBs} @ @{thms ccl_injs} @ ccl_dstncts); 
42480  298 
bind_thms ("ccl_dstnctsEs", ccl_dstncts RL [@{thm notE}]); 
32010  299 
bind_thms ("ccl_injDs", XH_to_Ds @{thms ccl_injs}); 
20140  300 
*} 
301 

302 
lemmas [simp] = ccl_rews 

303 
and [elim!] = pair_inject ccl_dstnctsEs 

304 
and [dest!] = ccl_injDs 

305 

306 

307 
subsection {* Facts from gfp Definition of @{text "[="} and @{text "="} *} 

308 

309 
lemma XHlemma1: "[ A=B; a:B <> P ] ==> a:A <> P" 

310 
by simp 

311 

312 
lemma XHlemma2: "(P(t,t') <> Q) ==> (<t,t'> : {p. EX t t'. p=<t,t'> & P(t,t')} <> Q)" 

313 
by blast 

314 

315 

316 
subsection {* PreOrder *} 

317 

318 
lemma POgen_mono: "mono(%X. POgen(X))" 

319 
apply (unfold POgen_def SIM_def) 

320 
apply (rule monoI) 

321 
apply blast 

322 
done 

323 

324 
lemma POgenXH: 

325 
"<t,t'> : POgen(R) <> t= bot  (t=true & t'=true)  (t=false & t'=false)  

326 
(EX a a' b b'. t=<a,b> & t'=<a',b'> & <a,a'> : R & <b,b'> : R)  

327 
(EX f f'. t=lam x. f(x) & t'=lam x. f'(x) & (ALL x. <f(x),f'(x)> : R))" 

328 
apply (unfold POgen_def SIM_def) 

329 
apply (rule iff_refl [THEN XHlemma2]) 

330 
done 

331 

332 
lemma poXH: 

333 
"t [= t' <> t=bot  (t=true & t'=true)  (t=false & t'=false)  

334 
(EX a a' b b'. t=<a,b> & t'=<a',b'> & a [= a' & b [= b')  

335 
(EX f f'. t=lam x. f(x) & t'=lam x. f'(x) & (ALL x. f(x) [= f'(x)))" 

336 
apply (simp add: PO_iff del: ex_simps) 

337 
apply (rule POgen_mono 

338 
[THEN PO_def [THEN def_gfp_Tarski], THEN XHlemma1, unfolded POgen_def SIM_def]) 

339 
apply (rule iff_refl [THEN XHlemma2]) 

340 
done 

341 

342 
lemma po_bot: "bot [= b" 

343 
apply (rule poXH [THEN iffD2]) 

344 
apply simp 

345 
done 

346 

347 
lemma bot_poleast: "a [= bot ==> a=bot" 

348 
apply (drule poXH [THEN iffD1]) 

349 
apply simp 

350 
done 

351 

352 
lemma po_pair: "<a,b> [= <a',b'> <> a [= a' & b [= b'" 

353 
apply (rule poXH [THEN iff_trans]) 

354 
apply simp 

355 
done 

356 

357 
lemma po_lam: "lam x. f(x) [= lam x. f'(x) <> (ALL x. f(x) [= f'(x))" 

358 
apply (rule poXH [THEN iff_trans]) 

47966  359 
apply fastforce 
20140  360 
done 
361 

362 
lemmas ccl_porews = po_bot po_pair po_lam 

363 

364 
lemma case_pocong: 

365 
assumes 1: "t [= t'" 

366 
and 2: "a [= a'" 

367 
and 3: "b [= b'" 

368 
and 4: "!!x y. c(x,y) [= c'(x,y)" 

369 
and 5: "!!u. d(u) [= d'(u)" 

370 
shows "case(t,a,b,c,d) [= case(t',a',b',c',d')" 

371 
apply (rule 1 [THEN po_cong, THEN po_trans]) 

372 
apply (rule 2 [THEN po_cong, THEN po_trans]) 

373 
apply (rule 3 [THEN po_cong, THEN po_trans]) 

374 
apply (rule 4 [THEN po_abstractn, THEN po_abstractn, THEN po_cong, THEN po_trans]) 

375 
apply (rule_tac f1 = "%d. case (t',a',b',c',d)" in 

376 
5 [THEN po_abstractn, THEN po_cong, THEN po_trans]) 

377 
apply (rule po_refl) 

378 
done 

379 

380 
lemma apply_pocong: "[ f [= f'; a [= a' ] ==> f ` a [= f' ` a'" 

381 
unfolding ccl_data_defs 

382 
apply (rule case_pocong, (rule po_refl  assumption)+) 

383 
apply (erule po_cong) 

384 
done 

385 

386 
lemma npo_lam_bot: "~ lam x. b(x) [= bot" 

387 
apply (rule notI) 

388 
apply (drule bot_poleast) 

389 
apply (erule distinctness [THEN notE]) 

390 
done 

391 

392 
lemma po_lemma: "[ x=a; y=b; x[=y ] ==> a[=b" 

393 
by simp 

394 

395 
lemma npo_pair_lam: "~ <a,b> [= lam x. f(x)" 

396 
apply (rule notI) 

397 
apply (rule npo_lam_bot [THEN notE]) 

398 
apply (erule case_pocong [THEN caseBlam [THEN caseBpair [THEN po_lemma]]]) 

399 
apply (rule po_refl npo_lam_bot)+ 

400 
done 

401 

402 
lemma npo_lam_pair: "~ lam x. f(x) [= <a,b>" 

403 
apply (rule notI) 

404 
apply (rule npo_lam_bot [THEN notE]) 

405 
apply (erule case_pocong [THEN caseBpair [THEN caseBlam [THEN po_lemma]]]) 

406 
apply (rule po_refl npo_lam_bot)+ 

407 
done 

408 

32153
a0e57fb1b930
misc modernization: proper method setup instead of adhoc ML proofs;
wenzelm
parents:
32149
diff
changeset

409 
lemma npo_rls1: 
a0e57fb1b930
misc modernization: proper method setup instead of adhoc ML proofs;
wenzelm
parents:
32149
diff
changeset

410 
"~ true [= false" 
a0e57fb1b930
misc modernization: proper method setup instead of adhoc ML proofs;
wenzelm
parents:
32149
diff
changeset

411 
"~ false [= true" 
a0e57fb1b930
misc modernization: proper method setup instead of adhoc ML proofs;
wenzelm
parents:
32149
diff
changeset

412 
"~ true [= <a,b>" 
a0e57fb1b930
misc modernization: proper method setup instead of adhoc ML proofs;
wenzelm
parents:
32149
diff
changeset

413 
"~ <a,b> [= true" 
a0e57fb1b930
misc modernization: proper method setup instead of adhoc ML proofs;
wenzelm
parents:
32149
diff
changeset

414 
"~ true [= lam x. f(x)" 
a0e57fb1b930
misc modernization: proper method setup instead of adhoc ML proofs;
wenzelm
parents:
32149
diff
changeset

415 
"~ lam x. f(x) [= true" 
a0e57fb1b930
misc modernization: proper method setup instead of adhoc ML proofs;
wenzelm
parents:
32149
diff
changeset

416 
"~ false [= <a,b>" 
a0e57fb1b930
misc modernization: proper method setup instead of adhoc ML proofs;
wenzelm
parents:
32149
diff
changeset

417 
"~ <a,b> [= false" 
a0e57fb1b930
misc modernization: proper method setup instead of adhoc ML proofs;
wenzelm
parents:
32149
diff
changeset

418 
"~ false [= lam x. f(x)" 
a0e57fb1b930
misc modernization: proper method setup instead of adhoc ML proofs;
wenzelm
parents:
32149
diff
changeset

419 
"~ lam x. f(x) [= false" 
a0e57fb1b930
misc modernization: proper method setup instead of adhoc ML proofs;
wenzelm
parents:
32149
diff
changeset

420 
by (tactic {* 
35409  421 
REPEAT (rtac @{thm notI} 1 THEN 
32153
a0e57fb1b930
misc modernization: proper method setup instead of adhoc ML proofs;
wenzelm
parents:
32149
diff
changeset

422 
dtac @{thm case_pocong} 1 THEN 
35409  423 
etac @{thm rev_mp} 5 THEN 
32153
a0e57fb1b930
misc modernization: proper method setup instead of adhoc ML proofs;
wenzelm
parents:
32149
diff
changeset

424 
ALLGOALS (simp_tac @{simpset}) THEN 
a0e57fb1b930
misc modernization: proper method setup instead of adhoc ML proofs;
wenzelm
parents:
32149
diff
changeset

425 
REPEAT (resolve_tac [@{thm po_refl}, @{thm npo_lam_bot}] 1)) *}) 
20140  426 

32153
a0e57fb1b930
misc modernization: proper method setup instead of adhoc ML proofs;
wenzelm
parents:
32149
diff
changeset

427 
lemmas npo_rls = npo_pair_lam npo_lam_pair npo_rls1 
20140  428 

429 

430 
subsection {* Coinduction for @{text "[="} *} 

431 

432 
lemma po_coinduct: "[ <t,u> : R; R <= POgen(R) ] ==> t [= u" 

433 
apply (rule PO_def [THEN def_coinduct, THEN PO_iff [THEN iffD2]]) 

434 
apply assumption+ 

435 
done 

436 

437 

438 
subsection {* Equality *} 

439 

440 
lemma EQgen_mono: "mono(%X. EQgen(X))" 

441 
apply (unfold EQgen_def SIM_def) 

442 
apply (rule monoI) 

443 
apply blast 

444 
done 

445 

446 
lemma EQgenXH: 

447 
"<t,t'> : EQgen(R) <> (t=bot & t'=bot)  (t=true & t'=true)  

448 
(t=false & t'=false)  

449 
(EX a a' b b'. t=<a,b> & t'=<a',b'> & <a,a'> : R & <b,b'> : R)  

450 
(EX f f'. t=lam x. f(x) & t'=lam x. f'(x) & (ALL x.<f(x),f'(x)> : R))" 

451 
apply (unfold EQgen_def SIM_def) 

452 
apply (rule iff_refl [THEN XHlemma2]) 

453 
done 

454 

455 
lemma eqXH: 

456 
"t=t' <> (t=bot & t'=bot)  (t=true & t'=true)  (t=false & t'=false)  

457 
(EX a a' b b'. t=<a,b> & t'=<a',b'> & a=a' & b=b')  

458 
(EX f f'. t=lam x. f(x) & t'=lam x. f'(x) & (ALL x. f(x)=f'(x)))" 

459 
apply (subgoal_tac "<t,t'> : EQ <> (t=bot & t'=bot)  (t=true & t'=true)  (t=false & t'=false)  (EX a a' b b'. t=<a,b> & t'=<a',b'> & <a,a'> : EQ & <b,b'> : EQ)  (EX f f'. t=lam x. f (x) & t'=lam x. f' (x) & (ALL x. <f (x) ,f' (x) > : EQ))") 

460 
apply (erule rev_mp) 

461 
apply (simp add: EQ_iff [THEN iff_sym]) 

462 
apply (rule EQgen_mono [THEN EQ_def [THEN def_gfp_Tarski], THEN XHlemma1, 

463 
unfolded EQgen_def SIM_def]) 

464 
apply (rule iff_refl [THEN XHlemma2]) 

465 
done 

466 

467 
lemma eq_coinduct: "[ <t,u> : R; R <= EQgen(R) ] ==> t = u" 

468 
apply (rule EQ_def [THEN def_coinduct, THEN EQ_iff [THEN iffD2]]) 

469 
apply assumption+ 

470 
done 

471 

472 
lemma eq_coinduct3: 

473 
"[ <t,u> : R; R <= EQgen(lfp(%x. EQgen(x) Un R Un EQ)) ] ==> t = u" 

474 
apply (rule EQ_def [THEN def_coinduct3, THEN EQ_iff [THEN iffD2]]) 

475 
apply (rule EQgen_mono  assumption)+ 

476 
done 

477 

478 
ML {* 

27239  479 
fun eq_coinduct_tac ctxt s i = res_inst_tac ctxt [(("R", 0), s)] @{thm eq_coinduct} i 
480 
fun eq_coinduct3_tac ctxt s i = res_inst_tac ctxt [(("R", 0), s)] @{thm eq_coinduct3} i 

20140  481 
*} 
482 

483 

484 
subsection {* Untyped Case Analysis and Other Facts *} 

485 

486 
lemma cond_eta: "(EX f. t=lam x. f(x)) ==> t = lam x.(t ` x)" 

487 
by (auto simp: apply_def) 

488 

489 
lemma exhaustion: "(t=bot)  (t=true)  (t=false)  (EX a b. t=<a,b>)  (EX f. t=lam x. f(x))" 

490 
apply (cut_tac refl [THEN eqXH [THEN iffD1]]) 

491 
apply blast 

492 
done 

493 

494 
lemma term_case: 

495 
"[ P(bot); P(true); P(false); !!x y. P(<x,y>); !!b. P(lam x. b(x)) ] ==> P(t)" 

496 
using exhaustion [of t] by blast 

17456  497 

498 
end 