169 We assume the negation of the conclusion and prove @{term"s : lfp(af A)"}. |
169 We assume the negation of the conclusion and prove @{term"s : lfp(af A)"}. |
170 Unfolding @{term lfp} once and |
170 Unfolding @{term lfp} once and |
171 simplifying with the definition of @{term af} finishes the proof. |
171 simplifying with the definition of @{term af} finishes the proof. |
172 |
172 |
173 Now we iterate this process. The following construction of the desired |
173 Now we iterate this process. The following construction of the desired |
174 path is parameterized by a predicate @{term P} that should hold along the path: |
174 path is parameterized by a predicate @{term Q} that should hold along the path: |
175 *}; |
175 *}; |
176 |
176 |
177 consts path :: "state \<Rightarrow> (state \<Rightarrow> bool) \<Rightarrow> (nat \<Rightarrow> state)"; |
177 consts path :: "state \<Rightarrow> (state \<Rightarrow> bool) \<Rightarrow> (nat \<Rightarrow> state)"; |
178 primrec |
178 primrec |
179 "path s P 0 = s" |
179 "path s Q 0 = s" |
180 "path s P (Suc n) = (SOME t. (path s P n,t) \<in> M \<and> P t)"; |
180 "path s Q (Suc n) = (SOME t. (path s Q n,t) \<in> M \<and> Q t)"; |
181 |
181 |
182 text{*\noindent |
182 text{*\noindent |
183 Element @{term"n+1"} on this path is some arbitrary successor |
183 Element @{term"n+1"} on this path is some arbitrary successor |
184 @{term t} of element @{term n} such that @{term"P t"} holds. Remember that @{text"SOME t. R t"} |
184 @{term t} of element @{term n} such that @{term"Q t"} holds. Remember that @{text"SOME t. R t"} |
185 is some arbitrary but fixed @{term t} such that @{prop"R t"} holds (see \S\ref{sec:SOME}). Of |
185 is some arbitrary but fixed @{term t} such that @{prop"R t"} holds (see \S\ref{sec:SOME}). Of |
186 course, such a @{term t} need not exist, but that is of no |
186 course, such a @{term t} need not exist, but that is of no |
187 concern to us since we will only use @{term path} when a |
187 concern to us since we will only use @{term path} when a |
188 suitable @{term t} does exist. |
188 suitable @{term t} does exist. |
189 |
189 |
190 Let us show that if each state @{term s} that satisfies @{term P} |
190 Let us show that if each state @{term s} that satisfies @{term Q} |
191 has a successor that again satisfies @{term P}, then there exists an infinite @{term P}-path: |
191 has a successor that again satisfies @{term Q}, then there exists an infinite @{term Q}-path: |
192 *}; |
192 *}; |
193 |
193 |
194 lemma infinity_lemma: |
194 lemma infinity_lemma: |
195 "\<lbrakk> P s; \<forall>s. P s \<longrightarrow> (\<exists> t. (s,t) \<in> M \<and> P t) \<rbrakk> \<Longrightarrow> |
195 "\<lbrakk> Q s; \<forall>s. Q s \<longrightarrow> (\<exists> t. (s,t) \<in> M \<and> Q t) \<rbrakk> \<Longrightarrow> |
196 \<exists>p\<in>Paths s. \<forall>i. P(p i)"; |
196 \<exists>p\<in>Paths s. \<forall>i. Q(p i)"; |
197 |
197 |
198 txt{*\noindent |
198 txt{*\noindent |
199 First we rephrase the conclusion slightly because we need to prove both the path property |
199 First we rephrase the conclusion slightly because we need to prove both the path property |
200 and the fact that @{term P} holds simultaneously: |
200 and the fact that @{term Q} holds simultaneously: |
201 *}; |
201 *}; |
202 |
202 |
203 apply(subgoal_tac "\<exists>p. s = p 0 \<and> (\<forall>i. (p i,p(i+1)) \<in> M \<and> P(p i))"); |
203 apply(subgoal_tac "\<exists>p. s = p 0 \<and> (\<forall>i. (p i,p(i+1)) \<in> M \<and> Q(p i))"); |
204 |
204 |
205 txt{*\noindent |
205 txt{*\noindent |
206 From this proposition the original goal follows easily: |
206 From this proposition the original goal follows easily: |
207 *}; |
207 *}; |
208 |
208 |
209 apply(simp add:Paths_def, blast); |
209 apply(simp add:Paths_def, blast); |
210 |
210 |
211 txt{*\noindent |
211 txt{*\noindent |
212 The new subgoal is proved by providing the witness @{term "path s P"} for @{term p}: |
212 The new subgoal is proved by providing the witness @{term "path s Q"} for @{term p}: |
213 *}; |
213 *}; |
214 |
214 |
215 apply(rule_tac x = "path s P" in exI); |
215 apply(rule_tac x = "path s Q" in exI); |
216 apply(clarsimp); |
216 apply(clarsimp); |
217 |
217 |
218 txt{*\noindent |
218 txt{*\noindent |
219 After simplification and clarification the subgoal has the following compact form |
219 After simplification and clarification the subgoal has the following compact form |
220 @{subgoals[display,indent=0,margin=70,goals_limit=1]} |
220 @{subgoals[display,indent=0,margin=70,goals_limit=1]} |
230 The conclusion looks exceedingly trivial: after all, @{term t} is chosen such that @{prop"(s,t):M"} |
230 The conclusion looks exceedingly trivial: after all, @{term t} is chosen such that @{prop"(s,t):M"} |
231 holds. However, we first have to show that such a @{term t} actually exists! This reasoning |
231 holds. However, we first have to show that such a @{term t} actually exists! This reasoning |
232 is embodied in the theorem @{thm[source]someI2_ex}: |
232 is embodied in the theorem @{thm[source]someI2_ex}: |
233 @{thm[display,eta_contract=false]someI2_ex} |
233 @{thm[display,eta_contract=false]someI2_ex} |
234 When we apply this theorem as an introduction rule, @{text"?P x"} becomes |
234 When we apply this theorem as an introduction rule, @{text"?P x"} becomes |
235 @{prop"(s, x) : M & P x"} and @{text"?Q x"} becomes @{prop"(s,x) : M"} and we have to prove |
235 @{prop"(s, x) : M & Q x"} and @{text"?Q x"} becomes @{prop"(s,x) : M"} and we have to prove |
236 two subgoals: @{prop"EX a. (s, a) : M & P a"}, which follows from the assumptions, and |
236 two subgoals: @{prop"EX a. (s, a) : M & Q a"}, which follows from the assumptions, and |
237 @{prop"(s, x) : M & P x ==> (s,x) : M"}, which is trivial. Thus it is not surprising that |
237 @{prop"(s, x) : M & Q x ==> (s,x) : M"}, which is trivial. Thus it is not surprising that |
238 @{text fast} can prove the base case quickly: |
238 @{text fast} can prove the base case quickly: |
239 *}; |
239 *}; |
240 |
240 |
241 apply(fast intro:someI2_ex); |
241 apply(fast intro:someI2_ex); |
242 |
242 |
269 Function @{term path} has fulfilled its purpose now and can be forgotten. |
269 Function @{term path} has fulfilled its purpose now and can be forgotten. |
270 It was merely defined to provide the witness in the proof of the |
270 It was merely defined to provide the witness in the proof of the |
271 @{thm[source]infinity_lemma}. Aficionados of minimal proofs might like to know |
271 @{thm[source]infinity_lemma}. Aficionados of minimal proofs might like to know |
272 that we could have given the witness without having to define a new function: |
272 that we could have given the witness without having to define a new function: |
273 the term |
273 the term |
274 @{term[display]"nat_rec s (\<lambda>n t. SOME u. (t,u)\<in>M \<and> P u)"} |
274 @{term[display]"nat_rec s (\<lambda>n t. SOME u. (t,u)\<in>M \<and> Q u)"} |
275 is extensionally equal to @{term"path s P"}, |
275 is extensionally equal to @{term"path s Q"}, |
276 where @{term nat_rec} is the predefined primitive recursor on @{typ nat}. |
276 where @{term nat_rec} is the predefined primitive recursor on @{typ nat}. |
277 *}; |
277 *}; |
278 (*<*) |
278 (*<*) |
279 lemma infinity_lemma: |
279 lemma infinity_lemma: |
280 "\<lbrakk> P s; \<forall> s. P s \<longrightarrow> (\<exists> t. (s,t)\<in>M \<and> P t) \<rbrakk> \<Longrightarrow> |
280 "\<lbrakk> Q s; \<forall> s. Q s \<longrightarrow> (\<exists> t. (s,t)\<in>M \<and> Q t) \<rbrakk> \<Longrightarrow> |
281 \<exists> p\<in>Paths s. \<forall> i. P(p i)"; |
281 \<exists> p\<in>Paths s. \<forall> i. Q(p i)"; |
282 apply(subgoal_tac |
282 apply(subgoal_tac |
283 "\<exists> p. s = p 0 \<and> (\<forall> i. (p i,p(Suc i))\<in>M \<and> P(p i))"); |
283 "\<exists> p. s = p 0 \<and> (\<forall> i. (p i,p(Suc i))\<in>M \<and> Q(p i))"); |
284 apply(simp add:Paths_def); |
284 apply(simp add:Paths_def); |
285 apply(blast); |
285 apply(blast); |
286 apply(rule_tac x = "nat_rec s (\<lambda>n t. SOME u. (t,u)\<in>M \<and> P u)" in exI); |
286 apply(rule_tac x = "nat_rec s (\<lambda>n t. SOME u. (t,u)\<in>M \<and> Q u)" in exI); |
287 apply(simp); |
287 apply(simp); |
288 apply(intro strip); |
288 apply(intro strip); |
289 apply(induct_tac i); |
289 apply(induct_tac i); |
290 apply(simp); |
290 apply(simp); |
291 apply(fast intro:someI2_ex); |
291 apply(fast intro:someI2_ex); |