theory Isar imports Sets begin
section{*A Taste of Structured Proofs in Isar*}
lemma [intro?]: "mono f \<Longrightarrow> x \<in> f (lfp f) \<Longrightarrow> x \<in> lfp f"
by(simp only: lfp_unfold [symmetric])
lemma "lfp(\<lambda>T. A \<union> M\<inverse> `` T) = {s. \<exists>t. (s,t) \<in> M\<^sup>* \<and> t \<in> A}"
(is "lfp ?F = ?toA")
proof
show "lfp ?F \<subseteq> ?toA"
by (blast intro!: lfp_lowerbound intro: rtrancl_trans)
next
show "?toA \<subseteq> lfp ?F"
proof
fix s assume "s \<in> ?toA"
then obtain t where stM: "(s,t) \<in> M\<^sup>*" and tA: "t \<in> A"
by blast
from stM show "s \<in> lfp ?F"
proof (rule converse_rtrancl_induct)
from tA have "t \<in> ?F (lfp ?F)" by blast
with mono_ef show "t \<in> lfp ?F" ..
next
fix s s' assume "(s,s') \<in> M" and "(s',t) \<in> M\<^sup>*"
and "s' \<in> lfp ?F"
then have "s \<in> ?F (lfp ?F)" by blast
with mono_ef show "s \<in> lfp ?F" ..
qed
qed
qed
end