(* Title: CCL/Wfd.thy

ID: $Id$

Author: Martin Coen, Cambridge University Computer Laboratory

Copyright 1993 University of Cambridge


*)


header {* Wellfounded relations in CCL *}


theory Wfd


imports Trancl Type Hered


begin

consts


(*** Predicates ***)


Wfd :: "[i set] => o"


(*** Relations ***)


wf :: "[i set] => i set"


wmap :: "[i=>i,i set] => i set"

lex :: "[i set,i set] => i set" (infixl "**" 70)

NatPR :: "i set"


ListPR :: "i set => i set"


defs

Wfd_def:

"Wfd(R) == ALL P.(ALL x.(ALL y.<y,x> : R > y:P) > x:P) > (ALL a. a:P)"

wf_def: "wf(R) == {x. x:R & Wfd(R)}"

wmap_def: "wmap(f,R) == {p. EX x y. p=<x,y> & <f(x),f(y)> : R}"


lex_def:

"ra**rb == {p. EX a a' b b'. p = <<a,b>,<a',b'>> & (<a,a'> : ra  (a=a' & <b,b'> : rb))}"

NatPR_def: "NatPR == {p. EX x:Nat. p=<x,succ(x)>}"


ListPR_def: "ListPR(A) == {p. EX h:A. EX t:List(A). p=<t,h$t>}"


lemma wfd_induct:


assumes 1: "Wfd(R)"


and 2: "!!x.[ ALL y. <y,x>: R > P(y) ] ==> P(x)"


shows "P(a)"


apply (rule 1 [unfolded Wfd_def, rule_format, THEN CollectD])


using 2 apply blast


done


lemma wfd_strengthen_lemma:


assumes 1: "!!x y.<x,y> : R ==> Q(x)"


and 2: "ALL x. (ALL y. <y,x> : R > y : P) > x : P"


and 3: "!!x. Q(x) ==> x:P"


shows "a:P"


apply (rule 2 [rule_format])


using 1 3


apply blast


done


ML {*


local val wfd_strengthen_lemma = thm "wfd_strengthen_lemma" in


fun wfd_strengthen_tac s i =


res_inst_tac [("Q",s)] wfd_strengthen_lemma i THEN assume_tac (i+1)


end


*}


lemma wf_anti_sym: "[ Wfd(r); <a,x>:r; <x,a>:r ] ==> P"


apply (subgoal_tac "ALL x. <a,x>:r > <x,a>:r > P")


apply blast


apply (erule wfd_induct)


apply blast


done


lemma wf_anti_refl: "[ Wfd(r); <a,a>: r ] ==> P"


apply (rule wf_anti_sym)


apply assumption+


done


subsection {* Irreflexive transitive closure *}


lemma trancl_wf:


assumes 1: "Wfd(R)"


shows "Wfd(R^+)"


apply (unfold Wfd_def)


apply (rule allI ballI impI)+


(*must retain the universal formula for later use!*)


apply (rule allE, assumption)


apply (erule mp)


apply (rule 1 [THEN wfd_induct])


apply (rule impI [THEN allI])


apply (erule tranclE)


apply blast


apply (erule spec [THEN mp, THEN spec, THEN mp])


apply assumption+


done


subsection {* Lexicographic Ordering *}


lemma lexXH:


"p : ra**rb <> (EX a a' b b'. p = <<a,b>,<a',b'>> & (<a,a'> : ra  a=a' & <b,b'> : rb))"


unfolding lex_def by blast


lemma lexI1: "<a,a'> : ra ==> <<a,b>,<a',b'>> : ra**rb"


by (blast intro!: lexXH [THEN iffD2])


lemma lexI2: "<b,b'> : rb ==> <<a,b>,<a,b'>> : ra**rb"


by (blast intro!: lexXH [THEN iffD2])


lemma lexE:


assumes 1: "p : ra**rb"


and 2: "!!a a' b b'.[ <a,a'> : ra; p=<<a,b>,<a',b'>> ] ==> R"


and 3: "!!a b b'.[ <b,b'> : rb; p = <<a,b>,<a,b'>> ] ==> R"


shows R


apply (rule 1 [THEN lexXH [THEN iffD1], THEN exE])


using 2 3


apply blast


done


lemma lex_pair: "[ p : r**s; !!a a' b b'. p = <<a,b>,<a',b'>> ==> P ] ==>P"


apply (erule lexE)


apply blast+


done


lemma lex_wf:


assumes 1: "Wfd(R)"


and 2: "Wfd(S)"


shows "Wfd(R**S)"


apply (unfold Wfd_def)


apply safe


apply (tactic {* wfd_strengthen_tac "%x. EX a b. x=<a,b>" 1 *})


apply (blast elim!: lex_pair)


apply (subgoal_tac "ALL a b.<a,b>:P")


apply blast


apply (rule 1 [THEN wfd_induct, THEN allI])


apply (rule 2 [THEN wfd_induct, THEN allI]) back


apply (fast elim!: lexE)


done


subsection {* Mapping *}


lemma wmapXH: "p : wmap(f,r) <> (EX x y. p=<x,y> & <f(x),f(y)> : r)"


unfolding wmap_def by blast


lemma wmapI: "<f(a),f(b)> : r ==> <a,b> : wmap(f,r)"


by (blast intro!: wmapXH [THEN iffD2])


lemma wmapE: "[ p : wmap(f,r); !!a b.[ <f(a),f(b)> : r; p=<a,b> ] ==> R ] ==> R"


by (blast dest!: wmapXH [THEN iffD1])


lemma wmap_wf:


assumes 1: "Wfd(r)"


shows "Wfd(wmap(f,r))"


apply (unfold Wfd_def)


apply clarify


apply (subgoal_tac "ALL b. ALL a. f (a) =b>a:P")


apply blast


apply (rule 1 [THEN wfd_induct, THEN allI])


apply clarify


apply (erule spec [THEN mp])


apply (safe elim!: wmapE)


apply (erule spec [THEN mp, THEN spec, THEN mp])


apply assumption


apply (rule refl)


done


subsection {* Projections *}


lemma wfstI: "<xa,ya> : r ==> <<xa,xb>,<ya,yb>> : wmap(fst,r)"


apply (rule wmapI)


apply simp


done


lemma wsndI: "<xb,yb> : r ==> <<xa,xb>,<ya,yb>> : wmap(snd,r)"


apply (rule wmapI)


apply simp


done


lemma wthdI: "<xc,yc> : r ==> <<xa,<xb,xc>>,<ya,<yb,yc>>> : wmap(thd,r)"


apply (rule wmapI)


apply simp


done


subsection {* Ground wellfounded relations *}


lemma wfI: "[ Wfd(r); a : r ] ==> a : wf(r)"


unfolding wf_def by blast


lemma Empty_wf: "Wfd({})"


unfolding Wfd_def by (blast elim: EmptyXH [THEN iffD1, THEN FalseE])


lemma wf_wf: "Wfd(wf(R))"


unfolding wf_def


apply (rule_tac Q = "Wfd(R)" in excluded_middle [THEN disjE])


apply simp_all


apply (rule Empty_wf)


done


lemma NatPRXH: "p : NatPR <> (EX x:Nat. p=<x,succ(x)>)"


unfolding NatPR_def by blast


lemma ListPRXH: "p : ListPR(A) <> (EX h:A. EX t:List(A).p=<t,h$t>)"


unfolding ListPR_def by blast


lemma NatPRI: "x : Nat ==> <x,succ(x)> : NatPR"


by (auto simp: NatPRXH)


lemma ListPRI: "[ t : List(A); h : A ] ==> <t,h $ t> : ListPR(A)"


by (auto simp: ListPRXH)


lemma NatPR_wf: "Wfd(NatPR)"


apply (unfold Wfd_def)


apply clarify


apply (tactic {* wfd_strengthen_tac "%x. x:Nat" 1 *})


apply (fastsimp iff: NatPRXH)


apply (erule Nat_ind)


apply (fastsimp iff: NatPRXH)+


done


lemma ListPR_wf: "Wfd(ListPR(A))"


apply (unfold Wfd_def)


apply clarify


apply (tactic {* wfd_strengthen_tac "%x. x:List (A)" 1 *})


apply (fastsimp iff: ListPRXH)


apply (erule List_ind)


apply (fastsimp iff: ListPRXH)+


done


subsection {* General Recursive Functions *}


lemma letrecT:


assumes 1: "a : A"


and 2: "!!p g.[ p:A; ALL x:{x: A. <x,p>:wf(R)}. g(x) : D(x) ] ==> h(p,g) : D(p)"


shows "letrec g x be h(x,g) in g(a) : D(a)"


apply (rule 1 [THEN rev_mp])


apply (rule wf_wf [THEN wfd_induct])


apply (subst letrecB)


apply (rule impI)


apply (erule 2)


apply blast


done


lemma SPLITB: "SPLIT(<a,b>,B) = B(a,b)"


unfolding SPLIT_def


apply (rule set_ext)


apply blast


done

lemma letrec2T:


251 
252 
253 
254 
255 
256 
257 
258 
259 
260 
261 
262 
263 
264 
265 
lemma lem: "SPLIT(<a,<b,c>>,%x xs. SPLIT(xs,%y z. B(x,y,z))) = B(a,b,c)"


by (simp add: SPLITB)


lemma letrec3T:


assumes "a : A"


and "b : B"


and "c : C"


and "!!p q r g.[ p:A; q:B; r:C;


ALL x:A. ALL y:B. ALL z:{z:C. <<x,<y,z>>,<p,<q,r>>> : wf(R)}.


g(x,y,z) : D(x,y,z) ] ==>


h(p,q,r,g) : D(p,q,r)"


shows "letrec g x y z be h(x,y,z,g) in g(a,b,c) : D(a,b,c)"


apply (unfold letrec3_def)


apply (rule lem [THEN subst])


apply (assumption  rule letrecT pairT splitT prems)+


apply (simp add: SPLITB)


apply (assumption  rule ballI SubtypeI prems)+


285 
286 
287 
288 


lemmas letrecTs = letrecT letrec2T letrec3T


292 
294 
295 
296 
297 
298 
300 
301 
302 
303 
304 
305 


lemma rcall3T:


"[ ALL x:A. ALL y:B. ALL z:{z:C.<<x,<y,z>>,<p,<q,r>>>:wf(R)}. g(x,y,z):D(x,y,z);


g(a,b,c) : D(a,b,c) ==> g(a,b,c) : E;


a:A; b:B; c:C; <<a,<b,c>>,<p,<q,r>>> : wf(R) ] ==>


g(a,b,c) : E"


313 
315 


subsection {* Instantiating an induction hypothesis with an equality assumption *}


lemma hyprcallT:


assumes 1: "g(a) = b"


321 
322 
323 
shows P


apply (rule 3 [OF 2, OF 1 [symmetric]])


327 
328 
apply (rule 5 [OF 2])


331 


lemma hyprcall2T:


334 
335 
336 
and 4: "a:A"


337 
and 5: "b:B"


338 
and 6: "<<a,b>,<p,q>>:wf(R)"


339 
shows P


340 
apply (rule 3)


341 
apply (rule 1 [symmetric])


342 
apply (rule rcall2T)

344 
345 
346 
347 
done


350 
lemma hyprcall3T:


351 
assumes 1: "g(a,b,c) = d"


352 
and 2: "ALL x:A. ALL y:B. ALL z:{z:C.<<x,<y,z>>,<p,<q,r>>>:wf(R)}.g(x,y,z):D(x,y,z)"


353 
and 3: "[ d=g(a,b,c); g(a,b,c) : D(a,b,c) ] ==> P"


354 
and 4: "a:A"


355 
and 5: "b:B"


356 
and 6: "c:C"


357 
and 7: "<<a,<b,c>>,<p,<q,r>>> : wf(R)"


358 
shows P


359 
apply (rule 3)


360 
apply (rule 1 [symmetric])


361 
apply (rule rcall3T)

apply (rule 2)


apply assumption


apply (rule 4)


apply (rule 5)


apply (rule 6)


apply (rule 7)

done


lemmas hyprcallTs = hyprcallT hyprcall2T hyprcall3T


subsection {* Rules to Remove Induction Hypotheses after Type Checking *}


lemma rmIH1: "[ ALL x:{x:A.<x,p>:wf(R)}.g(x):D(x); P ] ==> P" .


lemma rmIH2: "[ ALL x:A. ALL y:{y:B.<<x,y>,<p,q>>:wf(R)}.g(x,y):D(x,y); P ] ==> P" .


lemma rmIH3:


"[ ALL x:A. ALL y:B. ALL z:{z:C.<<x,<y,z>>,<p,<q,r>>>:wf(R)}.g(x,y,z):D(x,y,z);


P ] ==>


P" .


lemmas rmIHs = rmIH1 rmIH2 rmIH3


subsection {* Lemmas for constructors and subtypes *}


(* 0ary constructors do not need additional rules as they are handled *)


(* correctly by applying SubtypeI *)


lemma Subtype_canTs:


"!!a b A B P. a : {x:A. b:{y:B(a).P(<x,y>)}} ==> <a,b> : {x:Sigma(A,B).P(x)}"


"!!a A B P. a : {x:A. P(inl(x))} ==> inl(a) : {x:A+B. P(x)}"


"!!b A B P. b : {x:B. P(inr(x))} ==> inr(b) : {x:A+B. P(x)}"


"!!a P. a : {x:Nat. P(succ(x))} ==> succ(a) : {x:Nat. P(x)}"


"!!h t A P. h : {x:A. t : {y:List(A).P(x$y)}} ==> h$t : {x:List(A).P(x)}"


by (assumption  rule SubtypeI canTs icanTs  erule SubtypeE)+


lemma letT: "[ f(t):B; ~t=bot ] ==> let x be t in f(x) : B"


apply (erule letB [THEN ssubst])


apply assumption


done


lemma applyT2: "[ a:A; f : Pi(A,B) ] ==> f ` a : B(a)"


apply (erule applyT)


apply assumption


done


lemma rcall_lemma1: "[ a:A; a:A ==> P(a) ] ==> a : {x:A. P(x)}"


by blast


lemma rcall_lemma2: "[ a:{x:A. Q(x)}; [ a:A; Q(a) ] ==> P(a) ] ==> a : {x:A. P(x)}"


by blast


lemmas rcall_lemmas = asm_rl rcall_lemma1 SubtypeD1 rcall_lemma2


subsection {* Typechecking *}


ML {*


local


val type_rls =


thms "canTs" @ thms "icanTs" @ thms "applyT2" @ thms "ncanTs" @ thms "incanTs" @


thms "precTs" @ thms "letrecTs" @ thms "letT" @ thms "Subtype_canTs";


val rcallT = thm "rcallT";


val rcall2T = thm "rcall2T";


val rcall3T = thm "rcall3T";


val rcallTs = thms "rcallTs";


val rcall_lemmas = thms "rcall_lemmas";


val SubtypeE = thm "SubtypeE";


val SubtypeI = thm "SubtypeI";


val rmIHs = thms "rmIHs";


val hyprcallTs = thms "hyprcallTs";


fun bvars (Const("all",_) $ Abs(s,_,t)) l = bvars t (s::l)


 bvars _ l = l


fun get_bno l n (Const("all",_) $ Abs(s,_,t)) = get_bno (s::l) n t


 get_bno l n (Const("Trueprop",_) $ t) = get_bno l n t


 get_bno l n (Const("Ball",_) $ _ $ Abs(s,_,t)) = get_bno (s::l) (n+1) t

 get_bno l n (Const("mem",_) $ t $ _) = get_bno l n t

 get_bno l n (t $ s) = get_bno l n t


 get_bno l n (Bound m) = (mlength(l),n)


(* Not a great way of identifying induction hypothesis! *)


fun could_IH x = could_unify(x,hd (prems_of rcallT)) orelse


could_unify(x,hd (prems_of rcall2T)) orelse


could_unify(x,hd (prems_of rcall3T))


fun IHinst tac rls = SUBGOAL (fn (Bi,i) =>


let val bvs = bvars Bi []


val ihs = List.filter could_IH (Logic.strip_assums_hyp Bi)


val rnames = map (fn x=>


let val (a,b) = get_bno [] 0 x


in (List.nth(bvs,a),b) end) ihs


fun try_IHs [] = no_tac


 try_IHs ((x,y)::xs) = tac [("g",x)] (List.nth(rls,y1)) i ORELSE (try_IHs xs)


in try_IHs rnames end)


fun is_rigid_prog t =


case (Logic.strip_assums_concl t) of

24825

466 
(Const("Trueprop",_) $ (Const("mem",_) $ a $ _)) => (term_vars a = [])

20140

467 
 _ => false


468 
in


469 


470 
fun rcall_tac i = let fun tac ps rl i = res_inst_tac ps rl i THEN atac i


471 
in IHinst tac rcallTs i end THEN


472 
eresolve_tac rcall_lemmas i


473 


474 
fun raw_step_tac prems i = ares_tac (prems@type_rls) i ORELSE


475 
rcall_tac i ORELSE


476 
ematch_tac [SubtypeE] i ORELSE


477 
match_tac [SubtypeI] i


478 


479 
fun tc_step_tac prems = SUBGOAL (fn (Bi,i) =>


480 
if is_rigid_prog Bi then raw_step_tac prems i else no_tac)


481 


482 
fun typechk_tac rls i = SELECT_GOAL (REPEAT_FIRST (tc_step_tac rls)) i


483 


484 
val tac = typechk_tac [] 1


485 


486 
(*** Clean up Correctness Condictions ***)


487 


488 
val clean_ccs_tac = REPEAT_FIRST (eresolve_tac ([SubtypeE]@rmIHs) ORELSE'


489 
hyp_subst_tac)


490 


491 
val clean_ccs_tac =


492 
let fun tac ps rl i = eres_inst_tac ps rl i THEN atac i


493 
in TRY (REPEAT_FIRST (IHinst tac hyprcallTs ORELSE'


494 
eresolve_tac ([asm_rl,SubtypeE]@rmIHs) ORELSE'


495 
hyp_subst_tac)) end


496 


497 
fun gen_ccs_tac rls i = SELECT_GOAL (REPEAT_FIRST (tc_step_tac rls) THEN


498 
clean_ccs_tac) i

17456

499 

0

500 
end

20140

501 
*}


502 


503 


504 
subsection {* Evaluation *}


505 


506 
ML {*


507 


508 
local

24034

509 
structure Data = NamedThmsFun(val name = "eval" val description = "evaluation rules");

20140

510 
in


511 


512 
fun eval_tac ctxt ths =


513 
METAHYPS (fn prems =>

24034

514 
DEPTH_SOLVE_1 (resolve_tac (ths @ prems @ Data.get ctxt) 1)) 1;

20140

515 


516 
val eval_setup =

24034

517 
Data.setup #>

20140

518 
Method.add_methods [("eval", Method.thms_ctxt_args (fn ths => fn ctxt =>


519 
Method.SIMPLE_METHOD (CHANGED (eval_tac ctxt ths))), "evaluation")];


520 


521 
end;


522 


523 
*}


524 


525 
setup eval_setup


526 


527 
lemmas eval_rls [eval] = trueV falseV pairV lamV caseVtrue caseVfalse caseVpair caseVlam


528 


529 
lemma applyV [eval]:


530 
assumes "f > lam x. b(x)"


531 
and "b(a) > c"


532 
shows "f ` a > c"


533 
unfolding apply_def by (eval prems)


534 


535 
lemma letV:


536 
assumes 1: "t > a"


537 
and 2: "f(a) > c"


538 
shows "let x be t in f(x) > c"


539 
apply (unfold let_def)


540 
apply (rule 1 [THEN canonical])


541 
apply (tactic {*


542 
REPEAT (DEPTH_SOLVE_1 (resolve_tac (thms "prems" @ thms "eval_rls") 1 ORELSE


543 
etac (thm "substitute") 1)) *})


544 
done


545 


546 
lemma fixV: "f(fix(f)) > c ==> fix(f) > c"


547 
apply (unfold fix_def)


548 
apply (rule applyV)


549 
apply (rule lamV)


550 
apply assumption


551 
done


552 


553 
lemma letrecV:


554 
"h(t,%y. letrec g x be h(x,g) in g(y)) > c ==>


555 
letrec g x be h(x,g) in g(t) > c"


556 
apply (unfold letrec_def)


557 
apply (assumption  rule fixV applyV lamV)+


558 
done


559 


560 
lemmas [eval] = letV letrecV fixV


561 


562 
lemma V_rls [eval]:


563 
"true > true"


564 
"false > false"


565 
"!!b c t u. [ b>true; t>c ] ==> if b then t else u > c"


566 
"!!b c t u. [ b>false; u>c ] ==> if b then t else u > c"


567 
"!!a b. <a,b> > <a,b>"


568 
"!!a b c t h. [ t > <a,b>; h(a,b) > c ] ==> split(t,h) > c"


569 
"zero > zero"


570 
"!!n. succ(n) > succ(n)"


571 
"!!c n t u. [ n > zero; t > c ] ==> ncase(n,t,u) > c"


572 
"!!c n t u x. [ n > succ(x); u(x) > c ] ==> ncase(n,t,u) > c"


573 
"!!c n t u. [ n > zero; t > c ] ==> nrec(n,t,u) > c"


574 
"!!c n t u x. [ n>succ(x); u(x,nrec(x,t,u))>c ] ==> nrec(n,t,u)>c"


575 
"[] > []"


576 
"!!h t. h$t > h$t"


577 
"!!c l t u. [ l > []; t > c ] ==> lcase(l,t,u) > c"


578 
"!!c l t u x xs. [ l > x$xs; u(x,xs) > c ] ==> lcase(l,t,u) > c"


579 
"!!c l t u. [ l > []; t > c ] ==> lrec(l,t,u) > c"


580 
"!!c l t u x xs. [ l>x$xs; u(x,xs,lrec(xs,t,u))>c ] ==> lrec(l,t,u)>c"


581 
unfolding data_defs by eval+


582 


583 


584 
subsection {* Factorial *}


585 


586 
lemma


587 
"letrec f n be ncase(n,succ(zero),%x. nrec(n,zero,%y g. nrec(f(x),g,%z h. succ(h))))


588 
in f(succ(succ(zero))) > ?a"


589 
by eval


590 


591 
lemma


592 
"letrec f n be ncase(n,succ(zero),%x. nrec(n,zero,%y g. nrec(f(x),g,%z h. succ(h))))


593 
in f(succ(succ(succ(zero)))) > ?a"


594 
by eval


595 


596 
subsection {* Less Than Or Equal *}


597 


598 
lemma


599 
"letrec f p be split(p,%m n. ncase(m,true,%x. ncase(n,false,%y. f(<x,y>))))


600 
in f(<succ(zero), succ(zero)>) > ?a"


601 
by eval


602 


603 
lemma


604 
"letrec f p be split(p,%m n. ncase(m,true,%x. ncase(n,false,%y. f(<x,y>))))


605 
in f(<succ(zero), succ(succ(succ(succ(zero))))>) > ?a"


606 
by eval


607 


608 
lemma


609 
"letrec f p be split(p,%m n. ncase(m,true,%x. ncase(n,false,%y. f(<x,y>))))


610 
in f(<succ(succ(succ(succ(succ(zero))))), succ(succ(succ(succ(zero))))>) > ?a"


611 
by eval


612 


613 


614 
subsection {* Reverse *}


615 


616 
lemma


617 
"letrec id l be lcase(l,[],%x xs. x$id(xs))


618 
in id(zero$succ(zero)$[]) > ?a"


619 
by eval


620 


621 
lemma


622 
"letrec rev l be lcase(l,[],%x xs. lrec(rev(xs),x$[],%y ys g. y$g))


623 
in rev(zero$succ(zero)$(succ((lam x. x)`succ(zero)))$([])) > ?a"


624 
by eval


625 


626 
end
