src/HOL/Nominal/Examples/VC_Condition.thy
author ballarin
Sun, 27 Sep 2009 11:50:27 +0200
changeset 32803 fc02b4b9eccc
parent 26932 c398a3866082
child 41589 bbd861837ebc
permissions -rw-r--r--
Archive registrations by external view.
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
25722
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
     1
(* $Id$ *)
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
     2
25727
e43d91f31118 adapted theory name;
wenzelm
parents: 25722
diff changeset
     3
theory VC_Condition
25722
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
     4
imports "../Nominal" 
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
     5
begin
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
     6
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
     7
text {* 
26262
urbanc
parents: 26095
diff changeset
     8
  We give here two examples showing that if we use the variable  
25722
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
     9
  convention carelessly in rule inductions, we might end 
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    10
  up with faulty lemmas. The point is that the examples
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    11
  are not variable-convention compatible and therefore in the 
25751
a4e69ce247e0 tuned proofs and comments
urbanc
parents: 25727
diff changeset
    12
  nominal data package one is protected from such bogus reasoning.
25722
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    13
*}
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    14
25751
a4e69ce247e0 tuned proofs and comments
urbanc
parents: 25727
diff changeset
    15
text {* We define alpha-equated lambda-terms as usual. *}
25722
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    16
atom_decl name 
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    17
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    18
nominal_datatype lam = 
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    19
    Var "name"
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    20
  | App "lam" "lam"
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    21
  | Lam "\<guillemotleft>name\<guillemotright>lam" ("Lam [_]._" [100,100] 100)
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    22
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    23
text {*
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    24
  The inductive relation 'unbind' unbinds the top-most  
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    25
  binders of a lambda-term; this relation is obviously  
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    26
  not a function, since it does not respect alpha-      
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    27
  equivalence. However as a relation 'unbind' is ok and     
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    28
  a similar relation has been used in our formalisation 
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    29
  of the algorithm W. *}
26055
a7a537e0413a tuned proofs and comments
urbanc
parents: 25867
diff changeset
    30
25722
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    31
inductive
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    32
  unbind :: "lam \<Rightarrow> name list \<Rightarrow> lam \<Rightarrow> bool" ("_ \<mapsto> _,_" [60,60,60] 60)
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    33
where
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    34
  u_var: "(Var a) \<mapsto> [],(Var a)"
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    35
| u_app: "(App t1 t2) \<mapsto> [],(App t1 t2)"
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    36
| u_lam: "t\<mapsto>xs,t' \<Longrightarrow> (Lam [x].t) \<mapsto> (x#xs),t'"
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    37
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    38
text {*
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    39
  We can show that Lam [x].Lam [x].Var x unbinds to [x,x],Var x 
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    40
  and also to [z,y],Var y (though the proof for the second is a 
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    41
  bit clumsy). *} 
26055
a7a537e0413a tuned proofs and comments
urbanc
parents: 25867
diff changeset
    42
25722
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    43
lemma unbind_lambda_lambda1: 
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    44
  shows "Lam [x].Lam [x].(Var x)\<mapsto>[x,x],(Var x)"
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    45
by (auto intro: unbind.intros)
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    46
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    47
lemma unbind_lambda_lambda2: 
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    48
  shows "Lam [x].Lam [x].(Var x)\<mapsto>[y,z],(Var z)"
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    49
proof -
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    50
  have "Lam [x].Lam [x].(Var x) = Lam [y].Lam [z].(Var z)" 
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    51
    by (auto simp add: lam.inject alpha calc_atm abs_fresh fresh_atm)
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    52
  moreover
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    53
  have "Lam [y].Lam [z].(Var z) \<mapsto> [y,z],(Var z)"
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    54
    by (auto intro: unbind.intros)
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    55
  ultimately 
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    56
  show "Lam [x].Lam [x].(Var x)\<mapsto>[y,z],(Var z)" by simp
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    57
qed
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    58
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    59
text {* Unbind is equivariant ...*}
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    60
equivariance unbind
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    61
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    62
text {*
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    63
  ... but it is not variable-convention compatible (see Urban, 
25751
a4e69ce247e0 tuned proofs and comments
urbanc
parents: 25727
diff changeset
    64
  Berghofer, Norrish [2007]). This condition requires for rule u_lam to 
a4e69ce247e0 tuned proofs and comments
urbanc
parents: 25727
diff changeset
    65
  have the binder x not being a free variable in this rule's conclusion. 
a4e69ce247e0 tuned proofs and comments
urbanc
parents: 25727
diff changeset
    66
  Because this condition is not satisfied, Isabelle will not derive a 
a4e69ce247e0 tuned proofs and comments
urbanc
parents: 25727
diff changeset
    67
  strong induction principle for 'unbind' - that means Isabelle does not 
a4e69ce247e0 tuned proofs and comments
urbanc
parents: 25727
diff changeset
    68
  allow us to use the variable convention in induction proofs over 'unbind'. 
a4e69ce247e0 tuned proofs and comments
urbanc
parents: 25727
diff changeset
    69
  We can, however, force Isabelle to derive the strengthening induction 
a4e69ce247e0 tuned proofs and comments
urbanc
parents: 25727
diff changeset
    70
  principle and see what happens. *}
25722
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    71
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    72
nominal_inductive unbind
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    73
  sorry
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    74
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    75
text {*
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    76
  To obtain a faulty lemma, we introduce the function 'bind'
25751
a4e69ce247e0 tuned proofs and comments
urbanc
parents: 25727
diff changeset
    77
  which takes a list of names and abstracts them away in 
25722
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    78
  a given lambda-term. *}
26055
a7a537e0413a tuned proofs and comments
urbanc
parents: 25867
diff changeset
    79
25722
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    80
fun 
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    81
  bind :: "name list \<Rightarrow> lam \<Rightarrow> lam"
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    82
where
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    83
  "bind [] t = t"
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    84
| "bind (x#xs) t = Lam [x].(bind xs t)"
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    85
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    86
text {*
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    87
  Although not necessary for our main argument below, we can 
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    88
  easily prove that bind undoes the unbinding. *}
26055
a7a537e0413a tuned proofs and comments
urbanc
parents: 25867
diff changeset
    89
25722
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    90
lemma bind_unbind:
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    91
  assumes a: "t \<mapsto> xs,t'"
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    92
  shows "t = bind xs t'"
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    93
using a by (induct) (auto)
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    94
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    95
text {*
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    96
  The next lemma shows by induction on xs that if x is a free 
25867
c24395ea4e71 tuned proofs
urbanc
parents: 25751
diff changeset
    97
  variable in t, and x does not occur in xs, then x is a free 
25722
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    98
  variable in bind xs t. In the nominal tradition we formulate    
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
    99
  'is a free variable in' as 'is not fresh for'. *}
26055
a7a537e0413a tuned proofs and comments
urbanc
parents: 25867
diff changeset
   100
25722
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   101
lemma free_variable:
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   102
  fixes x::"name"
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   103
  assumes a: "\<not>(x\<sharp>t)" and b: "x\<sharp>xs"
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   104
  shows "\<not>(x\<sharp>bind xs t)"
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   105
using a b
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   106
by (induct xs)
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   107
   (auto simp add: fresh_list_cons abs_fresh fresh_atm)
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   108
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   109
text {*
25751
a4e69ce247e0 tuned proofs and comments
urbanc
parents: 25727
diff changeset
   110
  Now comes the first faulty lemma. It is derived using the     
25722
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   111
  variable convention (i.e. our strong induction principle). 
26262
urbanc
parents: 26095
diff changeset
   112
  This faulty lemma states that if t unbinds to x#xs and t', 
25722
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   113
  and x is a free variable in t', then it is also a free 
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   114
  variable in bind xs t'. We show this lemma by assuming that 
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   115
  the binder x is fresh w.r.t. to the xs unbound previously. *}   
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   116
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   117
lemma faulty1:
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   118
  assumes a: "t\<mapsto>(x#xs),t'"
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   119
  shows "\<not>(x\<sharp>t') \<Longrightarrow> \<not>(x\<sharp>bind xs t')"
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   120
using a
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   121
by (nominal_induct t xs'\<equiv>"x#xs" t' avoiding: xs rule: unbind.strong_induct)
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   122
   (simp_all add: free_variable)
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   123
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   124
text {*
25751
a4e69ce247e0 tuned proofs and comments
urbanc
parents: 25727
diff changeset
   125
  Obviously this lemma is bogus. For example, in 
a4e69ce247e0 tuned proofs and comments
urbanc
parents: 25727
diff changeset
   126
  case Lam [x].Lam [x].(Var x) \<mapsto> [x,x],(Var x). 
26055
a7a537e0413a tuned proofs and comments
urbanc
parents: 25867
diff changeset
   127
  As a result, we can prove False. *}
a7a537e0413a tuned proofs and comments
urbanc
parents: 25867
diff changeset
   128
25722
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   129
lemma false1:
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   130
  shows "False"
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   131
proof -
26932
c398a3866082 avoid undeclared variables within proofs;
wenzelm
parents: 26262
diff changeset
   132
  fix x
25722
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   133
  have "Lam [x].Lam [x].(Var x)\<mapsto>[x,x],(Var x)" 
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   134
  and  "\<not>(x\<sharp>Var x)" by (simp_all add: unbind_lambda_lambda1 fresh_atm)
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   135
  then have "\<not>(x\<sharp>(bind [x] (Var x)))" by (rule faulty1)
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   136
  moreover 
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   137
  have "x\<sharp>(bind [x] (Var x))" by (simp add: abs_fresh)
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   138
  ultimately
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   139
  show "False" by simp
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   140
qed
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   141
   
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   142
text {* 
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   143
  The next example is slightly simpler, but looks more
25751
a4e69ce247e0 tuned proofs and comments
urbanc
parents: 25727
diff changeset
   144
  contrived than 'unbind'. This example, called 'strip' just 
25722
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   145
  strips off the top-most binders from lambdas. *}
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   146
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   147
inductive
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   148
  strip :: "lam \<Rightarrow> lam \<Rightarrow> bool" ("_ \<rightarrow> _" [60,60] 60)
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   149
where
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   150
  s_var: "(Var a) \<rightarrow> (Var a)"
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   151
| s_app: "(App t1 t2) \<rightarrow> (App t1 t2)"
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   152
| s_lam: "t \<rightarrow> t' \<Longrightarrow> (Lam [x].t) \<rightarrow> t'"
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   153
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   154
text {* 
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   155
  The relation is equivariant but we have to use again 
26055
a7a537e0413a tuned proofs and comments
urbanc
parents: 25867
diff changeset
   156
  sorry to derive a strong induction principle. *}
a7a537e0413a tuned proofs and comments
urbanc
parents: 25867
diff changeset
   157
25722
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   158
equivariance strip
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   159
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   160
nominal_inductive strip
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   161
  sorry
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   162
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   163
text {*
25751
a4e69ce247e0 tuned proofs and comments
urbanc
parents: 25727
diff changeset
   164
  The second faulty lemma shows that a variable being fresh
26055
a7a537e0413a tuned proofs and comments
urbanc
parents: 25867
diff changeset
   165
  for a term is also fresh for this term after striping. *}
a7a537e0413a tuned proofs and comments
urbanc
parents: 25867
diff changeset
   166
25722
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   167
lemma faulty2:
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   168
  fixes x::"name"
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   169
  assumes a: "t \<rightarrow> t'"
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   170
  shows "x\<sharp>t \<Longrightarrow> x\<sharp>t'"
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   171
using a
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   172
by (nominal_induct t t'\<equiv>t' avoiding: t' rule: strip.strong_induct)
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   173
   (auto simp add: abs_fresh)
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   174
25751
a4e69ce247e0 tuned proofs and comments
urbanc
parents: 25727
diff changeset
   175
text {* Obviously Lam [x].Var x is a counter example to this lemma. *}
26055
a7a537e0413a tuned proofs and comments
urbanc
parents: 25867
diff changeset
   176
25722
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   177
lemma false2:
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   178
  shows "False"
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   179
proof -
26932
c398a3866082 avoid undeclared variables within proofs;
wenzelm
parents: 26262
diff changeset
   180
  fix x
25722
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   181
  have "Lam [x].(Var x) \<rightarrow> (Var x)" by (auto intro: strip.intros)
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   182
  moreover
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   183
  have "x\<sharp>Lam [x].(Var x)" by (simp add: abs_fresh)
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   184
  ultimately have "x\<sharp>(Var x)" by (simp only: faulty2)
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   185
  then show "False" by (simp add: fresh_atm)
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   186
qed 
26055
a7a537e0413a tuned proofs and comments
urbanc
parents: 25867
diff changeset
   187
26262
urbanc
parents: 26095
diff changeset
   188
text {* A similar effect can be achieved by using naive inversion 
urbanc
parents: 26095
diff changeset
   189
  on rules. *}
26095
04ee0a14a9f6 slightly tuned
urbanc
parents: 26094
diff changeset
   190
04ee0a14a9f6 slightly tuned
urbanc
parents: 26094
diff changeset
   191
lemma false3: 
04ee0a14a9f6 slightly tuned
urbanc
parents: 26094
diff changeset
   192
  shows "False"
04ee0a14a9f6 slightly tuned
urbanc
parents: 26094
diff changeset
   193
proof -
26932
c398a3866082 avoid undeclared variables within proofs;
wenzelm
parents: 26262
diff changeset
   194
  fix x
26095
04ee0a14a9f6 slightly tuned
urbanc
parents: 26094
diff changeset
   195
  have "Lam [x].(Var x) \<rightarrow> (Var x)" by (auto intro: strip.intros)
26262
urbanc
parents: 26095
diff changeset
   196
  moreover obtain y::"name" where fc: "y\<sharp>x" by (rule exists_fresh) (rule fin_supp)
26095
04ee0a14a9f6 slightly tuned
urbanc
parents: 26094
diff changeset
   197
  then have "Lam [x].(Var x) = Lam [y].(Var y)"
04ee0a14a9f6 slightly tuned
urbanc
parents: 26094
diff changeset
   198
    by (simp add: lam.inject alpha calc_atm fresh_atm)
04ee0a14a9f6 slightly tuned
urbanc
parents: 26094
diff changeset
   199
  ultimately have "Lam [y].(Var y) \<rightarrow> (Var x)" by simp
26262
urbanc
parents: 26095
diff changeset
   200
  then have "Var y \<rightarrow> Var x" using fc
urbanc
parents: 26095
diff changeset
   201
    by (cases rule: strip.strong_cases[where x=y])
26095
04ee0a14a9f6 slightly tuned
urbanc
parents: 26094
diff changeset
   202
       (simp_all add: lam.inject alpha abs_fresh)
26262
urbanc
parents: 26095
diff changeset
   203
  then show "False" using fc
26095
04ee0a14a9f6 slightly tuned
urbanc
parents: 26094
diff changeset
   204
    by (cases) (simp_all add: lam.inject fresh_atm)
04ee0a14a9f6 slightly tuned
urbanc
parents: 26094
diff changeset
   205
qed
04ee0a14a9f6 slightly tuned
urbanc
parents: 26094
diff changeset
   206
26262
urbanc
parents: 26095
diff changeset
   207
text {*
urbanc
parents: 26095
diff changeset
   208
  Moral: Who would have thought that the variable convention 
urbanc
parents: 26095
diff changeset
   209
  is in general an unsound reasoning principle.
urbanc
parents: 26095
diff changeset
   210
  *}
urbanc
parents: 26095
diff changeset
   211
25722
0a104ddb72d9 polishing of some proofs
urbanc
parents:
diff changeset
   212
end