isabelle: comparison src/HOL/Wellfounded.thy

equal deleted inserted replaced

-:932cf444f2fe
+:02b885591735
 imports Transitive_Closure
 begin
 subsection \<open>Basic Definitions\<close>
-definition wf :: "('a * 'a) set => bool" where
+definition wf :: "('a \<times> 'a) set \<Rightarrow> bool"
-"wf r \<longleftrightarrow> (!P. (!x. (!y. (y,x):r --> P(y)) --> P(x)) --> (!x. P(x)))"
+where "wf r \<longleftrightarrow> (\<forall>P. (\<forall>x. (\<forall>y. (y, x) \<in> r \<longrightarrow> P y) \<longrightarrow> P x) \<longrightarrow> (\<forall>x. P x))"
-definition wfP :: "('a => 'a => bool) => bool" where
+definition wfP :: "('a \<Rightarrow> 'a \<Rightarrow> bool) \<Rightarrow> bool"
-"wfP r \<longleftrightarrow> wf {(x, y). r x y}"
+where "wfP r \<longleftrightarrow> wf {(x, y). r x y}"
 lemma wfP_wf_eq [pred_set_conv]: "wfP (\<lambda>x y. (x, y) \<in> r) = wf r"
 by (simp add: wfP_def)
-lemma wfUNIVI:
+lemma wfUNIVI: "(\<And>P x. (\<forall>x. (\<forall>y. (y, x) \<in> r \<longrightarrow> P y) \<longrightarrow> P x) \<Longrightarrow> P x) \<Longrightarrow> wf r"
-"(!!P x. (ALL x. (ALL y. (y,x) : r --> P(y)) --> P(x)) ==> P(x)) ==> wf(r)"
 unfolding wf_def by blast
 lemmas wfPUNIVI = wfUNIVI [to_pred]
-text\<open>Restriction to domain @{term A} and range @{term B}.  If @{term r} is
+text \<open>Restriction to domain \<open>A\<close> and range \<open>B\<close>.
-well-founded over their intersection, then @{term "wf r"}\<close>
+If \<open>r\<close> is well-founded over their intersection, then \<open>wf r\<close>.\<close>
 lemma wfI:
-"[| r \<subseteq> A \<times> B;
+assumes "r \<subseteq> A \<times> B"
-!!x P. [|\<forall>x. (\<forall>y. (y,x) : r --> P y) --> P x;  x : A; x : B |] ==> P x |]
+and "\<And>x P. \<lbrakk>\<forall>x. (\<forall>y. (y, x) \<in> r \<longrightarrow> P y) \<longrightarrow> P x;  x \<in> A; x \<in> B\<rbrakk> \<Longrightarrow> P x"
-==>  wf r"
+shows "wf r"
-unfolding wf_def by blast
+using assms unfolding wf_def by blast
 lemma wf_induct:
-"[| wf(r);
+assumes "wf r"
-!!x.[| ALL y. (y,x): r --> P(y) |] ==> P(x)
+and "\<And>x. \<forall>y. (y, x) \<in> r \<longrightarrow> P y \<Longrightarrow> P x"
-|]  ==>  P(a)"
+shows "P a"
-unfolding wf_def by blast
+using assms unfolding wf_def by blast
 lemmas wfP_induct = wf_induct [to_pred]
 lemmas wf_induct_rule = wf_induct [rule_format, consumes 1, case_names less, induct set: wf]
 lemmas wfP_induct_rule = wf_induct_rule [to_pred, induct set: wfP]
-lemma wf_not_sym: "wf r ==> (a, x) : r ==> (x, a) ~: r"
+lemma wf_not_sym: "wf r \<Longrightarrow> (a, x) \<in> r \<Longrightarrow> (x, a) \<notin> r"
 by (induct a arbitrary: x set: wf) blast
 lemma wf_asym:
 assumes "wf r" "(a, x) \<in> r"
 obtains "(x, a) \<notin> r"
 by (drule wf_not_sym[OF assms])
-lemma wf_not_refl [simp]: "wf r ==> (a, a) ~: r"
+lemma wf_not_refl [simp]: "wf r \<Longrightarrow> (a, a) \<notin> r"
 by (blast elim: wf_asym)
 lemma wf_irrefl: assumes "wf r" obtains "(a, a) \<notin> r"
 by (drule wf_not_refl[OF assms])
 lemma wf_wellorderI:
 assumes wf: "wf {(x::'a::ord, y). x < y}"
 assumes lin: "OFCLASS('a::ord, linorder_class)"
 shows "OFCLASS('a::ord, wellorder_class)"
-using lin by (rule wellorder_class.intro)
+using lin
-(rule class.wellorder_axioms.intro, rule wf_induct_rule [OF wf], simp)
+apply (rule wellorder_class.intro)
+apply (rule class.wellorder_axioms.intro)
-lemma (in wellorder) wf:
+apply (rule wf_induct_rule [OF wf])
-"wf {(x, y). x < y}"
+apply simp
-unfolding wf_def by (blast intro: less_induct)
+done
+lemma (in wellorder) wf: "wf {(x, y). x < y}"
+unfolding wf_def by (blast intro: less_induct)
 subsection \<open>Basic Results\<close>
 text \<open>Point-free characterization of well-foundedness\<close>
 lemma wfE_pf:
 assumes wf: "wf R"
 assumes a: "A \<subseteq> R `` A"
 shows "A = {}"
 proof -
-{ fix x
+from wf have "x \<notin> A" for x
-from wf have "x \<notin> A"
+proof induct
-proof induct
+fix x assume "\<And>y. (y, x) \<in> R \<Longrightarrow> y \<notin> A"
-fix x assume "\<And>y. (y, x) \<in> R \<Longrightarrow> y \<notin> A"
+then have "x \<notin> R `` A" by blast
-then have "x \<notin> R `` A" by blast
+with a show "x \<notin> A" by blast
-with a show "x \<notin> A" by blast
+qed
-qed
+then show ?thesis by auto
-} thus ?thesis by auto
 qed
 lemma wfI_pf:
 assumes a: "\<And>A. A \<subseteq> R `` A \<Longrightarrow> A = {}"
 shows "wf R"
 assume "\<forall>x. (\<forall>y. (y, x) \<in> R \<longrightarrow> P y) \<longrightarrow> P x"
 then have "?A \<subseteq> R `` ?A" by blast
 with a show "P x" by blast
 qed
-text\<open>Minimal-element characterization of well-foundedness\<close>
+subsubsection \<open>Minimal-element characterization of well-foundedness\<close>
 lemma wfE_min:
 assumes wf: "wf R" and Q: "x \<in> Q"
 obtains z where "z \<in> Q" "\<And>y. (y, z) \<in> R \<Longrightarrow> y \<notin> Q"
 using Q wfE_pf[OF wf, of Q] by blast
 lemma wfI_min:
 assumes a: "\<And>x Q. x \<in> Q \<Longrightarrow> \<exists>z\<in>Q. \<forall>y. (y, z) \<in> R \<longrightarrow> y \<notin> Q"
 shows "wf R"
 proof (rule wfI_pf)
-fix A assume b: "A \<subseteq> R `` A"
+fix A
-{ fix x assume "x \<in> A"
+assume b: "A \<subseteq> R `` A"
-from a[OF this] b have "False" by blast
+have False if "x \<in> A" for x
-}
+using a[OF that] b by blast
-thus "A = {}" by blast
+then show "A = {}" by blast
 qed
-lemma wf_eq_minimal: "wf r = (\<forall>Q x. x\<in>Q --> (\<exists>z\<in>Q. \<forall>y. (y,z)\<in>r --> y\<notin>Q))"
+lemma wf_eq_minimal: "wf r \<longleftrightarrow> (\<forall>Q x. x \<in> Q \<longrightarrow> (\<exists>z\<in>Q. \<forall>y. (y, z) \<in> r \<longrightarrow> y \<notin> Q))"
 apply auto
 apply (erule wfE_min, assumption, blast)
 apply (rule wfI_min, auto)
 done
 lemmas wfP_eq_minimal = wf_eq_minimal [to_pred]
-text\<open>Well-foundedness of transitive closure\<close>
+subsubsection \<open>Well-foundedness of transitive closure\<close>
 lemma wf_trancl:
 assumes "wf r"
-shows "wf (r^+)"
+shows "wf (r\<^sup>+)"
 proof -
-{
+have "P x" if induct_step: "\<And>x. (\<And>y. (y, x) \<in> r\<^sup>+ \<Longrightarrow> P y) \<Longrightarrow> P x" for P x
-fix P and x
+proof (rule induct_step)
-assume induct_step: "!!x. (!!y. (y, x) : r^+ ==> P y) ==> P x"
+show "P y" if "(y, x) \<in> r\<^sup>+" for y
-have "P x"
+using \<open>wf r\<close> and that
-proof (rule induct_step)
+proof (induct x arbitrary: y)
-fix y assume "(y, x) : r^+"
+case (less x)
-with \<open>wf r\<close> show "P y"
+note hyp = \<open>\<And>x' y'. (x', x) \<in> r \<Longrightarrow> (y', x') \<in> r\<^sup>+ \<Longrightarrow> P y'\<close>
-proof (induct x arbitrary: y)
+from \<open>(y, x) \<in> r\<^sup>+\<close> show "P y"
-case (less x)
+proof cases
-note hyp = \<open>\<And>x' y'. (x', x) : r ==> (y', x') : r^+ ==> P y'\<close>
+case base
-from \<open>(y, x) : r^+\<close> show "P y"
+show "P y"
-proof cases
+proof (rule induct_step)
-case base
+fix y'
-show "P y"
+assume "(y', y) \<in> r\<^sup>+"
-proof (rule induct_step)
+with \<open>(y, x) \<in> r\<close> show "P y'"
-fix y' assume "(y', y) : r^+"
+by (rule hyp [of y y'])
-with \<open>(y, x) : r\<close> show "P y'" by (rule hyp [of y y'])
-qed
-next
-case step
-then obtain x' where "(x', x) : r" and "(y, x') : r^+" by simp
-then show "P y" by (rule hyp [of x' y])
 qed
+next
+case step
+then obtain x' where "(x', x) \<in> r" and "(y, x') \<in> r\<^sup>+"
+by simp
+then show "P y" by (rule hyp [of x' y])
 qed
 qed
-} then show ?thesis unfolding wf_def by blast
+qed
+then show ?thesis unfolding wf_def by blast
 qed
 lemmas wfP_trancl = wf_trancl [to_pred]
-lemma wf_converse_trancl: "wf (r^-1) ==> wf ((r^+)^-1)"
+lemma wf_converse_trancl: "wf (r\<inverse>) \<Longrightarrow> wf ((r\<^sup>+)\<inverse>)"
 apply (subst trancl_converse [symmetric])
 apply (erule wf_trancl)
 done
 text \<open>Well-foundedness of subsets\<close>
-lemma wf_subset: "[| wf(r);  p<=r |] ==> wf(p)"
+lemma wf_subset: "wf r \<Longrightarrow> p \<subseteq> r \<Longrightarrow> wf p"
-apply (simp (no_asm_use) add: wf_eq_minimal)
+apply (simp add: wf_eq_minimal)
 apply fast
 done
 lemmas wfP_subset = wf_subset [to_pred]
 proof -
 have "wfP bot" by (fact wf_empty [to_pred bot_empty_eq2])
 then show ?thesis by (simp add: bot_fun_def)
 qed
-lemma wf_Int1: "wf r ==> wf (r Int r')"
+lemma wf_Int1: "wf r \<Longrightarrow> wf (r Int r')"
 apply (erule wf_subset)
 apply (rule Int_lower1)
 done
-lemma wf_Int2: "wf r ==> wf (r' Int r)"
+lemma wf_Int2: "wf r \<Longrightarrow> wf (r' Int r)"
 apply (erule wf_subset)
 apply (rule Int_lower2)
 done
 text \<open>Exponentiation\<close>
 lemma wf_exp:
 assumes "wf (R ^^ n)"
 show "A = {}" by (rule wfE_pf)
 qed
 text \<open>Well-foundedness of insert\<close>
-lemma wf_insert [iff]: "wf(insert (y,x) r) = (wf(r) & (x,y) ~: r^*)"
+lemma wf_insert [iff]: "wf (insert (y, x) r) \<longleftrightarrow> wf r \<and> (x, y) \<notin> r\<^sup>*"
 apply (rule iffI)
 apply (blast elim: wf_trancl [THEN wf_irrefl]
 intro: rtrancl_into_trancl1 wf_subset
 rtrancl_mono [THEN [2] rev_subsetD])
 apply (simp add: wf_eq_minimal, safe)
 apply (rule allE, assumption, erule impE, blast)
 apply (erule bexE)
 apply (rename_tac "a", case_tac "a = x")
 prefer 2
 apply blast
-apply (case_tac "y:Q")
+apply (case_tac "y \<in> Q")
 prefer 2 apply blast
-apply (rule_tac x = "{z. z:Q & (z,y) : r^*}" in allE)
+apply (rule_tac x = "{z. z \<in> Q \<and> (z,y) \<in> r\<^sup>*}" in allE)
 apply assumption
-apply (erule_tac V = "ALL Q. (EX x. x : Q) --> P Q" for P in thin_rl)
+apply (erule_tac V = "\<forall>Q. (\<exists>x. x \<in> Q) \<longrightarrow> P Q" for P in thin_rl)
-\<comment>\<open>essential for speed\<close>
+(*essential for speed*)
-txt\<open>Blast with new substOccur fails\<close>
+(*blast with new substOccur fails*)
 apply (fast intro: converse_rtrancl_into_rtrancl)
 done
-text\<open>Well-foundedness of image\<close>
+subsubsection \<open>Well-foundedness of image\<close>
-lemma wf_map_prod_image: "[| wf r; inj f |] ==> wf (map_prod f f ` r)"
+lemma wf_map_prod_image: "wf r \<Longrightarrow> inj f \<Longrightarrow> wf (map_prod f f ` r)"
 apply (simp only: wf_eq_minimal, clarify)
-apply (case_tac "EX p. f p : Q")
+apply (case_tac "\<exists>p. f p \<in> Q")
-apply (erule_tac x = "{p. f p : Q}" in allE)
+apply (erule_tac x = "{p. f p \<in> Q}" in allE)
 apply (fast dest: inj_onD, blast)
 done
 subsection \<open>Well-Foundedness Results for Unions\<close>
 lemma wf_union_compatible:
 assumes "wf R" "wf S"
 assumes "R O S \<subseteq> R"
 shows "wf (R \<union> S)"
 proof (rule wfI_min)
 fix x :: 'a and Q
 let ?Q' = "{x \<in> Q. \<forall>y. (y, x) \<in> R \<longrightarrow> y \<notin> Q}"
 assume "x \<in> Q"
 obtain a where "a \<in> ?Q'"
 by (rule wfE_min [OF \<open>wf R\<close> \<open>x \<in> Q\<close>]) blast
-with \<open>wf S\<close>
+with \<open>wf S\<close> obtain z where "z \<in> ?Q'" and zmin: "\<And>y. (y, z) \<in> S \<Longrightarrow> y \<notin> ?Q'"
-obtain z where "z \<in> ?Q'" and zmin: "\<And>y. (y, z) \<in> S \<Longrightarrow> y \<notin> ?Q'" by (erule wfE_min)
+by (erule wfE_min)
 {
 fix y assume "(y, z) \<in> S"
 then have "y \<notin> ?Q'" by (rule zmin)
 have "y \<notin> Q"
 proof
 assume "y \<in> Q"
-with \<open>y \<notin> ?Q'\<close>
+with \<open>y \<notin> ?Q'\<close> obtain w where "(w, y) \<in> R" and "w \<in> Q" by auto
-obtain w where "(w, y) \<in> R" and "w \<in> Q" by auto
 from \<open>(w, y) \<in> R\<close> \<open>(y, z) \<in> S\<close> have "(w, z) \<in> R O S" by (rule relcompI)
 with \<open>R O S \<subseteq> R\<close> have "(w, z) \<in> R" ..
 with \<open>z \<in> ?Q'\<close> have "w \<notin> Q" by blast
 with \<open>w \<in> Q\<close> show False by contradiction
 qed
 }
 with \<open>z \<in> ?Q'\<close> show "\<exists>z\<in>Q. \<forall>y. (y, z) \<in> R \<union> S \<longrightarrow> y \<notin> Q" by blast
 qed
 text \<open>Well-foundedness of indexed union with disjoint domains and ranges\<close>
-lemma wf_UN: "[| ALL i:I. wf(r i);
+lemma wf_UN:
-ALL i:I. ALL j:I. r i ~= r j --> Domain(r i) Int Range(r j) = {}
+assumes "\<forall>i\<in>I. wf (r i)"
-|] ==> wf(UN i:I. r i)"
+and "\<forall>i\<in>I. \<forall>j\<in>I. r i \<noteq> r j \<longrightarrow> Domain (r i) \<inter> Range (r j) = {}"
-apply (simp only: wf_eq_minimal, clarify)
+shows "wf (\<Union>i\<in>I. r i)"
-apply (rename_tac A a, case_tac "EX i:I. EX a:A. EX b:A. (b,a) : r i")
+using assms
-prefer 2
+apply (simp only: wf_eq_minimal)
-apply force
+apply clarify
-apply clarify
+apply (rename_tac A a, case_tac "\<exists>i\<in>I. \<exists>a\<in>A. \<exists>b\<in>A. (b, a) \<in> r i")
-apply (drule bspec, assumption)
+prefer 2
-apply (erule_tac x="{a. a:A & (EX b:A. (b,a) : r i) }" in allE)
+apply force
-apply (blast elim!: allE)
+apply clarify
-done
+apply (drule bspec, assumption)
+apply (erule_tac x="{a. a \<in> A \<and> (\<exists>b\<in>A. (b, a) \<in> r i) }" in allE)
+apply (blast elim!: allE)
+done
 lemma wfP_SUP:
 "\<forall>i. wfP (r i) \<Longrightarrow> \<forall>i j. r i \<noteq> r j \<longrightarrow> inf (DomainP (r i)) (RangeP (r j)) = bot \<Longrightarrow> wfP (SUPREMUM UNIV r)"
 apply (rule wf_UN[to_pred])
 apply simp_all
 done
 lemma wf_Union:
-"[| ALL r:R. wf r;
+assumes "\<forall>r\<in>R. wf r"
-ALL r:R. ALL s:R. r ~= s --> Domain r Int Range s = {}
+and "\<forall>r\<in>R. \<forall>s\<in>R. r \<noteq> s \<longrightarrow> Domain r \<inter> Range s = {}"
-|] ==> wf (\<Union> R)"
+shows "wf (\<Union>R)"
-using wf_UN[of R "\<lambda>i. i"] by simp
+using assms wf_UN[of R "\<lambda>i. i"] by simp
 (*Intuition: we find an (R u S)-min element of a nonempty subset A
 by case distinction.
 1. There is a step a -R-> b with a,b : A.
 Pick an R-min element z of the (nonempty) set {a:A | EX b:A. a -R-> b}.
 have an S-successor and is thus S-min in A as well.
 2. There is no such step.
 Pick an S-min element of A. In this case it must be an R-min
 element of A as well.
 *)
-lemma wf_Un:
+lemma wf_Un: "wf r \<Longrightarrow> wf s \<Longrightarrow> Domain r \<inter> Range s = {} \<Longrightarrow> wf (r \<union> s)"
-"[| wf r; wf s; Domain r Int Range s = {} |] ==> wf(r Un s)"
+using wf_union_compatible[of s r]
-using wf_union_compatible[of s r]
 by (auto simp: Un_ac)
-lemma wf_union_merge:
+lemma wf_union_merge: "wf (R \<union> S) = wf (R O R \<union> S O R \<union> S)"
-"wf (R \<union> S) = wf (R O R \<union> S O R \<union> S)" (is "wf ?A = wf ?B")
+(is "wf ?A = wf ?B")
 proof
 assume "wf ?A"
-with wf_trancl have wfT: "wf (?A^+)" .
+with wf_trancl have wfT: "wf (?A\<^sup>+)" .
-moreover have "?B \<subseteq> ?A^+"
+moreover have "?B \<subseteq> ?A\<^sup>+"
 by (subst trancl_unfold, subst trancl_unfold) blast
 ultimately show "wf ?B" by (rule wf_subset)
 next
 assume "wf ?B"
 show "wf ?A"
 proof (rule wfI_min)
 fix Q :: "'a set" and x
 assume "x \<in> Q"
 with \<open>wf ?B\<close>
 obtain z where "z \<in> Q" and "\<And>y. (y, z) \<in> ?B \<Longrightarrow> y \<notin> Q"
 by (erule wfE_min)
 then have A1: "\<And>y. (y, z) \<in> R O R \<Longrightarrow> y \<notin> Q"
 and A2: "\<And>y. (y, z) \<in> S O R \<Longrightarrow> y \<notin> Q"
 and A3: "\<And>y. (y, z) \<in> S \<Longrightarrow> y \<notin> Q"
 by auto
 show "\<exists>z\<in>Q. \<forall>y. (y, z) \<in> ?A \<longrightarrow> y \<notin> Q"
 proof (cases "\<forall>y. (y, z) \<in> R \<longrightarrow> y \<notin> Q")
 case True
 with \<open>z \<in> Q\<close> A3 show ?thesis by blast
 next
 case False
 then obtain z' where "z'\<in>Q" "(z', z) \<in> R" by blast
 have "\<forall>y. (y, z') \<in> ?A \<longrightarrow> y \<notin> Q"
 proof (intro allI impI)
 fix y assume "(y, z') \<in> ?A"
 then show "y \<notin> Q"
 proof
 assume "(y, z') \<in> R"
 then have "(y, z) \<in> R O R" using \<open>(z', z) \<in> R\<close> ..
 with A1 show "y \<notin> Q" .
 next
 assume "(y, z') \<in> S"
 then have "(y, z) \<in> S O R" using  \<open>(z', z) \<in> R\<close> ..
 with A2 show "y \<notin> Q" .
 qed
 qed
 with \<open>z' \<in> Q\<close> show ?thesis ..
 qed
 subsection \<open>Acyclic relations\<close>
-lemma wf_acyclic: "wf r ==> acyclic r"
+lemma wf_acyclic: "wf r \<Longrightarrow> acyclic r"
 apply (simp add: acyclic_def)
 apply (blast elim: wf_trancl [THEN wf_irrefl])
 done
 lemmas wfP_acyclicP = wf_acyclic [to_pred]
-text\<open>Wellfoundedness of finite acyclic relations\<close>
+subsubsection \<open>Wellfoundedness of finite acyclic relations\<close>
-lemma finite_acyclic_wf [rule_format]: "finite r ==> acyclic r --> wf r"
+lemma finite_acyclic_wf [rule_format]: "finite r \<Longrightarrow> acyclic r \<longrightarrow> wf r"
 apply (erule finite_induct, blast)
-apply (simp (no_asm_simp) only: split_tupled_all)
+apply (simp only: split_tupled_all)
 apply simp
 done
-lemma finite_acyclic_wf_converse: "[|finite r; acyclic r|] ==> wf (r^-1)"
+lemma finite_acyclic_wf_converse: "finite r \<Longrightarrow> acyclic r \<Longrightarrow> wf (r\<inverse>)"
 apply (erule finite_converse [THEN iffD2, THEN finite_acyclic_wf])
 apply (erule acyclic_converse [THEN iffD2])
 done
 text \<open>
 have "acyclic r"
 using \<open>irrefl r\<close> and \<open>trans r\<close> by (simp add: irrefl_def acyclic_irrefl)
 with \<open>finite r\<close> show ?thesis by (rule finite_acyclic_wf_converse)
 qed
-lemma wf_iff_acyclic_if_finite: "finite r ==> wf r = acyclic r"
+lemma wf_iff_acyclic_if_finite: "finite r \<Longrightarrow> wf r = acyclic r"
 by (blast intro: finite_acyclic_wf wf_acyclic)
 subsection \<open>@{typ nat} is well-founded\<close>
-lemma less_nat_rel: "op < = (\<lambda>m n. n = Suc m)^++"
+lemma less_nat_rel: "op < = (\<lambda>m n. n = Suc m)\<^sup>+\<^sup>+"
 proof (rule ext, rule ext, rule iffI)
 fix n m :: nat
-assume "m < n"
+show "(\<lambda>m n. n = Suc m)\<^sup>+\<^sup>+ m n" if "m < n"
-then show "(\<lambda>m n. n = Suc m)^++ m n"
+using that
 proof (induct n)
-case 0 then show ?case by auto
+case 0
+then show ?case by auto
 next
-case (Suc n) then show ?case
+case (Suc n)
+then show ?case
 by (auto simp add: less_Suc_eq_le le_less intro: tranclp.trancl_into_trancl)
 qed
-next
+show "m < n" if "(\<lambda>m n. n = Suc m)\<^sup>+\<^sup>+ m n"
-fix n m :: nat
+using that by (induct n) (simp_all add: less_Suc_eq_le reflexive le_less)
-assume "(\<lambda>m n. n = Suc m)^++ m n"
+qed
-then show "m < n"
-by (induct n)
+definition pred_nat :: "(nat \<times> nat) set"
-(simp_all add: less_Suc_eq_le reflexive le_less)
+where "pred_nat = {(m, n). n = Suc m}"
-qed
+definition less_than :: "(nat \<times> nat) set"
-definition
+where "less_than = pred_nat\<^sup>+"
-pred_nat :: "(nat * nat) set" where
-"pred_nat = {(m, n). n = Suc m}"
+lemma less_eq: "(m, n) \<in> pred_nat\<^sup>+ \<longleftrightarrow> m < n"
-definition
-less_than :: "(nat * nat) set" where
-"less_than = pred_nat^+"
-lemma less_eq: "(m, n) \<in> pred_nat^+ \<longleftrightarrow> m < n"
 unfolding less_nat_rel pred_nat_def trancl_def by simp
-lemma pred_nat_trancl_eq_le:
+lemma pred_nat_trancl_eq_le: "(m, n) \<in> pred_nat\<^sup>* \<longleftrightarrow> m \<le> n"
-"(m, n) \<in> pred_nat^* \<longleftrightarrow> m \<le> n"
 unfolding less_eq rtrancl_eq_or_trancl by auto
 lemma wf_pred_nat: "wf pred_nat"
 apply (unfold wf_def pred_nat_def, clarify)
 apply (induct_tac x, blast+)
 by (simp add: less_than_def wf_pred_nat [THEN wf_trancl])
 lemma trans_less_than [iff]: "trans less_than"
 by (simp add: less_than_def)
-lemma less_than_iff [iff]: "((x,y): less_than) = (x<y)"
+lemma less_than_iff [iff]: "((x,y) \<in> less_than) = (x<y)"
 by (simp add: less_than_def less_eq)
 lemma wf_less: "wf {(x, y::nat). x < y}"
 by (rule Wellfounded.wellorder_class.wf)
 subsection \<open>Accessible Part\<close>
 text \<open>
-Inductive definition of the accessible part @{term "acc r"} of a
+Inductive definition of the accessible part \<open>acc r\<close> of a
 relation; see also @{cite "paulin-tlca"}.
 \<close>
-inductive_set
+inductive_set acc :: "('a \<times> 'a) set \<Rightarrow> 'a set" for r :: "('a \<times> 'a) set"
-acc :: "('a * 'a) set => 'a set"
+where accI: "(\<And>y. (y, x) \<in> r \<Longrightarrow> y \<in> acc r) \<Longrightarrow> x \<in> acc r"
-for r :: "('a * 'a) set"
-where
+abbreviation termip :: "('a \<Rightarrow> 'a \<Rightarrow> bool) \<Rightarrow> 'a \<Rightarrow> bool"
-accI: "(!!y. (y, x) : r ==> y : acc r) ==> x : acc r"
+where "termip r \<equiv> accp (r\<inverse>\<inverse>)"
-abbreviation
+abbreviation termi :: "('a \<times> 'a) set \<Rightarrow> 'a set"
-termip :: "('a => 'a => bool) => 'a => bool" where
+where "termi r \<equiv> acc (r\<inverse>)"
-"termip r \<equiv> accp (r\<inverse>\<inverse>)"
-abbreviation
-termi :: "('a * 'a) set => 'a set" where
-"termi r \<equiv> acc (r\<inverse>)"
 lemmas accpI = accp.accI
-lemma accp_eq_acc [code]:
+lemma accp_eq_acc [code]: "accp r = (\<lambda>x. x \<in> Wellfounded.acc {(x, y). r x y})"
-"accp r = (\<lambda>x. x \<in> Wellfounded.acc {(x, y). r x y})"
 by (simp add: acc_def)
 text \<open>Induction rules\<close>
 theorem accp_induct:
 assumes major: "accp r a"
-assumes hyp: "!!x. accp r x ==> \<forall>y. r y x --> P y ==> P x"
+assumes hyp: "\<And>x. accp r x \<Longrightarrow> \<forall>y. r y x \<longrightarrow> P y \<Longrightarrow> P x"
 shows "P a"
 apply (rule major [THEN accp.induct])
 apply (rule hyp)
 apply (rule accp.accI)
 apply fast
 apply fast
 done
 lemmas accp_induct_rule = accp_induct [rule_format, induct set: accp]
-theorem accp_downward: "accp r b ==> r a b ==> accp r a"
+theorem accp_downward: "accp r b \<Longrightarrow> r a b \<Longrightarrow> accp r a"
 apply (erule accp.cases)
 apply fast
 done
 lemma not_accp_down:
 assumes na: "\<not> accp R x"
 obtains z where "R z x" and "\<not> accp R z"
 proof -
 assume a: "\<And>z. \<lbrakk>R z x; \<not> accp R z\<rbrakk> \<Longrightarrow> thesis"
 show thesis
 proof (cases "\<forall>z. R z x \<longrightarrow> accp R z")
 case True
-hence "\<And>z. R z x \<Longrightarrow> accp R z" by auto
+then have "\<And>z. R z x \<Longrightarrow> accp R z" by auto
-hence "accp R x"
+then have "accp R x" by (rule accp.accI)
-by (rule accp.accI)
 with na show thesis ..
 next
 case False then obtain z where "R z x" and "\<not> accp R z"
 by auto
 with a show thesis .
 qed
 qed
-lemma accp_downwards_aux: "r\<^sup>*\<^sup>* b a ==> accp r a --> accp r b"
+lemma accp_downwards_aux: "r\<^sup>*\<^sup>* b a \<Longrightarrow> accp r a \<longrightarrow> accp r b"
 apply (erule rtranclp_induct)
 apply blast
 apply (blast dest: accp_downward)
 done
-theorem accp_downwards: "accp r a ==> r\<^sup>*\<^sup>* b a ==> accp r b"
+theorem accp_downwards: "accp r a \<Longrightarrow> r\<^sup>*\<^sup>* b a \<Longrightarrow> accp r b"
 apply (blast dest: accp_downwards_aux)
 done
-theorem accp_wfPI: "\<forall>x. accp r x ==> wfP r"
+theorem accp_wfPI: "\<forall>x. accp r x \<Longrightarrow> wfP r"
 apply (rule wfPUNIVI)
 apply (rule_tac P=P in accp_induct)
 apply blast
 apply blast
 done
-theorem accp_wfPD: "wfP r ==> accp r x"
+theorem accp_wfPD: "wfP r \<Longrightarrow> accp r x"
 apply (erule wfP_induct_rule)
 apply (rule accp.accI)
 apply blast
 done
 subsection \<open>Tools for building wellfounded relations\<close>
 text \<open>Inverse Image\<close>
-lemma wf_inv_image [simp,intro!]: "wf(r) ==> wf(inv_image r (f::'a=>'b))"
+lemma wf_inv_image [simp,intro!]: "wf r \<Longrightarrow> wf (inv_image r f)" for f :: "'a \<Rightarrow> 'b"
 apply (simp (no_asm_use) add: inv_image_def wf_eq_minimal)
 apply clarify
-apply (subgoal_tac "EX (w::'b) . w : {w. EX (x::'a) . x: Q & (f x = w) }")
+apply (subgoal_tac "\<exists>w::'b. w \<in> {w. \<exists>x::'a. x \<in> Q \<and> f x = w}")
 prefer 2 apply (blast del: allE)
 apply (erule allE)
 apply (erule (1) notE impE)
 apply blast
 done
 text \<open>Measure functions into @{typ nat}\<close>
-definition measure :: "('a => nat) => ('a * 'a)set"
+definition measure :: "('a \<Rightarrow> nat) \<Rightarrow> ('a \<times> 'a) set"
 where "measure = inv_image less_than"
-lemma in_measure[simp, code_unfold]: "((x,y) : measure f) = (f x < f y)"
+lemma in_measure[simp, code_unfold]: "(x, y) \<in> measure f \<longleftrightarrow> f x < f y"
 by (simp add:measure_def)
 lemma wf_measure [iff]: "wf (measure f)"
 apply (unfold measure_def)
 apply (rule wf_less_than [THEN wf_inv_image])
 done
-lemma wf_if_measure: fixes f :: "'a \<Rightarrow> nat"
+lemma wf_if_measure: "(\<And>x. P x \<Longrightarrow> f(g x) < f x) \<Longrightarrow> wf {(y,x). P x \<and> y = g x}"
-shows "(!!x. P x \<Longrightarrow> f(g x) < f x) \<Longrightarrow> wf {(y,x). P x \<and> y = g x}"
+for f :: "'a \<Rightarrow> nat"
 apply(insert wf_measure[of f])
 apply(simp only: measure_def inv_image_def less_than_def less_eq)
 apply(erule wf_subset)
 apply auto
 done
-text\<open>Lexicographic combinations\<close>
+subsubsection \<open>Lexicographic combinations\<close>
-definition lex_prod :: "('a \<times>'a) set \<Rightarrow> ('b \<times> 'b) set \<Rightarrow> (('a \<times> 'b) \<times> ('a \<times> 'b)) set" (infixr "<*lex*>" 80) where
+definition lex_prod :: "('a \<times>'a) set \<Rightarrow> ('b \<times> 'b) set \<Rightarrow> (('a \<times> 'b) \<times> ('a \<times> 'b)) set"
-"ra <*lex*> rb = {((a, b), (a', b')). (a, a') \<in> ra \<or> a = a' \<and> (b, b') \<in> rb}"
+(infixr "<*lex*>" 80)
+where "ra <*lex*> rb = {((a, b), (a', b')). (a, a') \<in> ra \<or> a = a' \<and> (b, b') \<in> rb}"
-lemma wf_lex_prod [intro!]: "[| wf(ra); wf(rb) |] ==> wf(ra <*lex*> rb)"
-apply (unfold wf_def lex_prod_def)
+lemma wf_lex_prod [intro!]: "wf ra \<Longrightarrow> wf rb \<Longrightarrow> wf (ra <*lex*> rb)"
+apply (unfold wf_def lex_prod_def)
 apply (rule allI, rule impI)
 apply (simp (no_asm_use) only: split_paired_All)
 apply (drule spec, erule mp)
 apply (rule allI, rule impI)
 apply (drule spec, erule mp, blast)
 done
-lemma in_lex_prod[simp]:
+lemma in_lex_prod[simp]: "((a, b), (a', b')) \<in> r <*lex*> s \<longleftrightarrow> (a, a') \<in> r \<or> a = a' \<and> (b, b') \<in> s"
-"(((a,b),(a',b')): r <*lex*> s) = ((a,a'): r \<or> (a = a' \<and> (b, b') : s))"
 by (auto simp:lex_prod_def)
-text\<open>@{term "op <*lex*>"} preserves transitivity\<close>
+text \<open>\<open><*lex*>\<close> preserves transitivity\<close>
+lemma trans_lex_prod [intro!]: "trans R1 \<Longrightarrow> trans R2 \<Longrightarrow> trans (R1 <*lex*> R2)"
-lemma trans_lex_prod [intro!]:
+unfolding trans_def lex_prod_def by blast
-"[| trans R1; trans R2 |] ==> trans (R1 <*lex*> R2)"
-by (unfold trans_def lex_prod_def, blast)
 text \<open>lexicographic combinations with measure functions\<close>
-definition
+definition mlex_prod :: "('a \<Rightarrow> nat) \<Rightarrow> ('a \<times> 'a) set \<Rightarrow> ('a \<times> 'a) set" (infixr "<*mlex*>" 80)
-mlex_prod :: "('a \<Rightarrow> nat) \<Rightarrow> ('a \<times> 'a) set \<Rightarrow> ('a \<times> 'a) set" (infixr "<*mlex*>" 80)
+where "f <*mlex*> R = inv_image (less_than <*lex*> R) (\<lambda>x. (f x, x))"
-where
-"f <*mlex*> R = inv_image (less_than <*lex*> R) (%x. (f x, x))"
 lemma wf_mlex: "wf R \<Longrightarrow> wf (f <*mlex*> R)"
 unfolding mlex_prod_def
 by auto
 lemma mlex_less: "f x < f y \<Longrightarrow> (x, y) \<in> f <*mlex*> R"
 unfolding mlex_prod_def by simp
 lemma mlex_leq: "f x \<le> f y \<Longrightarrow> (x, y) \<in> R \<Longrightarrow> (x, y) \<in> f <*mlex*> R"
 unfolding mlex_prod_def by auto
 text \<open>proper subset relation on finite sets\<close>
-definition finite_psubset  :: "('a set * 'a set) set"
+definition finite_psubset :: "('a set \<times> 'a set) set"
-where "finite_psubset = {(A,B). A < B & finite B}"
+where "finite_psubset = {(A,B). A < B \<and> finite B}"
-lemma wf_finite_psubset[simp]: "wf(finite_psubset)"
+lemma wf_finite_psubset[simp]: "wf finite_psubset"
 apply (unfold finite_psubset_def)
 apply (rule wf_measure [THEN wf_subset])
 apply (simp add: measure_def inv_image_def less_than_def less_eq)
 apply (fast elim!: psubset_card_mono)
 done
 lemma trans_finite_psubset: "trans finite_psubset"
-by (simp add: finite_psubset_def less_le trans_def, blast)
+by (auto simp add: finite_psubset_def less_le trans_def)
-lemma in_finite_psubset[simp]: "(A, B) \<in> finite_psubset = (A < B & finite B)"
+lemma in_finite_psubset[simp]: "(A, B) \<in> finite_psubset \<longleftrightarrow> A < B \<and> finite B"
 unfolding finite_psubset_def by auto
 text \<open>max- and min-extension of order to finite sets\<close>
 inductive_set max_ext :: "('a \<times> 'a) set \<Rightarrow> ('a set \<times> 'a set) set"
 for R :: "('a \<times> 'a) set"
 where
 max_extI[intro]: "finite X \<Longrightarrow> finite Y \<Longrightarrow> Y \<noteq> {} \<Longrightarrow> (\<And>x. x \<in> X \<Longrightarrow> \<exists>y\<in>Y. (x, y) \<in> R) \<Longrightarrow> (X, Y) \<in> max_ext R"
 lemma max_ext_wf:
 assumes wf: "wf r"
 shows "wf (max_ext r)"
 proof (rule acc_wfI, intro allI)
-fix M show "M \<in> acc (max_ext r)" (is "_ \<in> ?W")
+fix M
+show "M \<in> acc (max_ext r)" (is "_ \<in> ?W")
 proof cases
 assume "finite M"
-thus ?thesis
+then show ?thesis
 proof (induct M)
 show "{} \<in> ?W"
 by (rule accI) (auto elim: max_ext.cases)
 next
 fix M a assume "M \<in> ?W" "finite M"
 with wf show "insert a M \<in> ?W"
 proof (induct arbitrary: M)
 fix M a
 assume "M \<in> ?W"  and  [intro]: "finite M"
 assume hyp: "\<And>b M. (b, a) \<in> r \<Longrightarrow> M \<in> ?W \<Longrightarrow> finite M \<Longrightarrow> insert b M \<in> ?W"
-{
+have add_less: "\<lbrakk>M \<in> ?W ; (\<And>y. y \<in> N \<Longrightarrow> (y, a) \<in> r)\<rbrakk> \<Longrightarrow> N \<union> M \<in> ?W"
-fix N M :: "'a set"
+if "finite N" "finite M" for N M :: "'a set"
-assume "finite N" "finite M"
+using that by (induct N arbitrary: M) (auto simp: hyp)
-then
-have "\<lbrakk>M \<in> ?W ; (\<And>y. y \<in> N \<Longrightarrow> (y, a) \<in> r)\<rbrakk> \<Longrightarrow>  N \<union> M \<in> ?W"
-by (induct N arbitrary: M) (auto simp: hyp)
-}
-note add_less = this
 show "insert a M \<in> ?W"
 proof (rule accI)
-fix N assume Nless: "(N, insert a M) \<in> max_ext r"
+fix N
-hence asm1: "\<And>x. x \<in> N \<Longrightarrow> (x, a) \<in> r \<or> (\<exists>y \<in> M. (x, y) \<in> r)"
+assume Nless: "(N, insert a M) \<in> max_ext r"
+then have *: "\<And>x. x \<in> N \<Longrightarrow> (x, a) \<in> r \<or> (\<exists>y \<in> M. (x, y) \<in> r)"
 by (auto elim!: max_ext.cases)
-let ?N1 = "{ n \<in> N. (n, a) \<in> r }"
+let ?N1 = "{n \<in> N. (n, a) \<in> r}"
-let ?N2 = "{ n \<in> N. (n, a) \<notin> r }"
+let ?N2 = "{n \<in> N. (n, a) \<notin> r}"
 have N: "?N1 \<union> ?N2 = N" by (rule set_eqI) auto
 from Nless have "finite N" by (auto elim: max_ext.cases)
 then have finites: "finite ?N1" "finite ?N2" by auto
 have "?N2 \<in> ?W"
 proof cases
 assume [simp]: "M = {}"
 have Mw: "{} \<in> ?W" by (rule accI) (auto elim: max_ext.cases)
-from asm1 have "?N2 = {}" by auto
+from * have "?N2 = {}" by auto
 with Mw show "?N2 \<in> ?W" by (simp only:)
 next
 assume "M \<noteq> {}"
-from asm1 finites have N2: "(?N2, M) \<in> max_ext r"
+from * finites have N2: "(?N2, M) \<in> max_ext r"
 by (rule_tac max_extI[OF _ _ \<open>M \<noteq> {}\<close>]) auto
 with \<open>M \<in> ?W\<close> show "?N2 \<in> ?W" by (rule acc_downward)
 qed
 with finites have "?N1 \<union> ?N2 \<in> ?W"
 by (rule add_less) simp
 then show "N \<in> ?W" by (simp only: N)
 qed
 qed
 qed
 show ?thesis
 by (rule accI) (auto elim: max_ext.cases)
 qed
 qed
 lemma max_ext_additive:
 "(A, B) \<in> max_ext R \<Longrightarrow> (C, D) \<in> max_ext R \<Longrightarrow>
 (A \<union> C, B \<union> D) \<in> max_ext R"
 by (force elim!: max_ext.cases)
-definition min_ext :: "('a \<times> 'a) set \<Rightarrow> ('a set \<times> 'a set) set"  where
+definition min_ext :: "('a \<times> 'a) set \<Rightarrow> ('a set \<times> 'a set) set"
-"min_ext r = {(X, Y) | X Y. X \<noteq> {} \<and> (\<forall>y \<in> Y. (\<exists>x \<in> X. (x, y) \<in> r))}"
+where "min_ext r = {(X, Y) | X Y. X \<noteq> {} \<and> (\<forall>y \<in> Y. (\<exists>x \<in> X. (x, y) \<in> r))}"
 lemma min_ext_wf:
 assumes "wf r"
 shows "wf (min_ext r)"
 proof (rule wfI_min)
-fix Q :: "'a set set"
+show "\<exists>m \<in> Q. (\<forall> n. (n, m) \<in> min_ext r \<longrightarrow> n \<notin> Q)" if nonempty: "x \<in> Q"
-fix x
+for Q :: "'a set set" and x
-assume nonempty: "x \<in> Q"
+proof (cases "Q = {{}}")
-show "\<exists>m \<in> Q. (\<forall> n. (n, m) \<in> min_ext r \<longrightarrow> n \<notin> Q)"
+case True
-proof cases
+then show ?thesis by (simp add: min_ext_def)
-assume "Q = {{}}" thus ?thesis by (simp add: min_ext_def)
 next
-assume "Q \<noteq> {{}}"
+case False
-with nonempty
+with nonempty obtain e x where "x \<in> Q" "e \<in> x" by force
-obtain e x where "x \<in> Q" "e \<in> x" by force
 then have eU: "e \<in> \<Union>Q" by auto
 with \<open>wf r\<close>
 obtain z where z: "z \<in> \<Union>Q" "\<And>y. (y, z) \<in> r \<Longrightarrow> y \<notin> \<Union>Q"
 by (erule wfE_min)
 from z obtain m where "m \<in> Q" "z \<in> m" by auto
 from \<open>m \<in> Q\<close>
 show ?thesis
 proof (rule, intro bexI allI impI)
 fix n
 assume smaller: "(n, m) \<in> min_ext r"
 with \<open>z \<in> m\<close> obtain y where y: "y \<in> n" "(y, z) \<in> r" by (auto simp: min_ext_def)
 then show "n \<notin> Q" using z(2) by auto
 qed
 qed
 qed
-text\<open>Bounded increase must terminate:\<close>
+subsubsection \<open>Bounded increase must terminate\<close>
 lemma wf_bounded_measure:
-fixes ub :: "'a \<Rightarrow> nat" and f :: "'a \<Rightarrow> nat"
+fixes ub :: "'a \<Rightarrow> nat"
-assumes "!!a b. (b,a) : r \<Longrightarrow> ub b \<le> ub a & ub a \<ge> f b & f b > f a"
+and f :: "'a \<Rightarrow> nat"
-shows "wf r"
+assumes "\<And>a b. (b, a) \<in> r \<Longrightarrow> ub b \<le> ub a \<and> ub a \<ge> f b \<and> f b > f a"
-apply(rule wf_subset[OF wf_measure[of "%a. ub a - f a"]])
+shows "wf r"
-apply (auto dest: assms)
+apply (rule wf_subset[OF wf_measure[of "\<lambda>a. ub a - f a"]])
-done
+apply (auto dest: assms)
+done
 lemma wf_bounded_set:
-fixes ub :: "'a \<Rightarrow> 'b set" and f :: "'a \<Rightarrow> 'b set"
+fixes ub :: "'a \<Rightarrow> 'b set"
-assumes "!!a b. (b,a) : r \<Longrightarrow>
+and f :: "'a \<Rightarrow> 'b set"
-finite(ub a) & ub b \<subseteq> ub a & ub a \<supseteq> f b & f b \<supset> f a"
+assumes "\<And>a b. (b,a) \<in> r \<Longrightarrow> finite (ub a) \<and> ub b \<subseteq> ub a \<and> ub a \<supseteq> f b \<and> f b \<supset> f a"
 shows "wf r"
-apply(rule wf_bounded_measure[of r "%a. card(ub a)" "%a. card(f a)"])
+apply(rule wf_bounded_measure[of r "\<lambda>a. card(ub a)" "\<lambda>a. card(f a)"])
 apply(drule assms)
 apply (blast intro: card_mono finite_subset psubset_card_mono dest: psubset_eq[THEN iffD2])
 done
 lemma finite_subset_wf:
 assumes "finite A"
 shows   "wf {(X,Y). X \<subset> Y \<and> Y \<subseteq> A}"
 proof (intro finite_acyclic_wf)
 have "{(X,Y). X \<subset> Y \<and> Y \<subseteq> A} \<subseteq> Pow A \<times> Pow A" by blast
-thus "finite {(X,Y). X \<subset> Y \<and> Y \<subseteq> A}"
+then show "finite {(X,Y). X \<subset> Y \<and> Y \<subseteq> A}"
 by (rule finite_subset) (auto simp: assms finite_cartesian_product)
 next
 have "{(X, Y). X \<subset> Y \<and> Y \<subseteq> A}\<^sup>+ = {(X, Y). X \<subset> Y \<and> Y \<subseteq> A}"
 by (intro trancl_id transI) blast
 also have " \<forall>x. (x, x) \<notin> \<dots>" by blast

changeset 63108	02b885591735
parent 63099	af0e964aad7b
child 63109	87a4283537e4