diff -r bb18eed53ed6 -r a1119cf551e8 src/HOL/Nominal/Examples/SOS.thy --- a/src/HOL/Nominal/Examples/SOS.thy Tue Aug 13 14:20:22 2013 +0200 +++ b/src/HOL/Nominal/Examples/SOS.thy Tue Aug 13 16:25:47 2013 +0200 @@ -65,7 +65,7 @@ psubst :: "(name\trm) list \ trm \ trm" ("_<_>" [95,95] 105) where "\<(Var x)> = (lookup \ x)" -| "\<(App e\<^isub>1 e\<^isub>2)> = App (\1>) (\2>)" +| "\<(App e\<^sub>1 e\<^sub>2)> = App (\1>) (\2>)" | "x\\ \ \<(Lam [x].e)> = Lam [x].(\)" apply(finite_guess)+ apply(rule TrueI)+ @@ -102,7 +102,7 @@ lemma subst[simp]: shows "(Var x)[y::=t'] = (if x=y then t' else (Var x))" - and "(App t\<^isub>1 t\<^isub>2)[y::=t'] = App (t\<^isub>1[y::=t']) (t\<^isub>2[y::=t'])" + and "(App t\<^sub>1 t\<^sub>2)[y::=t'] = App (t\<^sub>1[y::=t']) (t\<^sub>2[y::=t'])" and "x\(y,t') \ (Lam [x].t)[y::=t'] = Lam [x].(t[y::=t'])" by (simp_all add: fresh_list_cons fresh_list_nil) @@ -164,8 +164,8 @@ typing :: "(name\ty) list\trm\ty\bool" ("_ \ _ : _" [60,60,60] 60) where t_Var[intro]: "\valid \; (x,T)\set \\ \ \ \ Var x : T" -| t_App[intro]: "\\ \ e\<^isub>1 : T\<^isub>1\T\<^isub>2; \ \ e\<^isub>2 : T\<^isub>1\ \ \ \ App e\<^isub>1 e\<^isub>2 : T\<^isub>2" -| t_Lam[intro]: "\x\\; (x,T\<^isub>1)#\ \ e : T\<^isub>2\ \ \ \ Lam [x].e : T\<^isub>1\T\<^isub>2" +| t_App[intro]: "\\ \ e\<^sub>1 : T\<^sub>1\T\<^sub>2; \ \ e\<^sub>2 : T\<^sub>1\ \ \ \ App e\<^sub>1 e\<^sub>2 : T\<^sub>2" +| t_Lam[intro]: "\x\\; (x,T\<^sub>1)#\ \ e : T\<^sub>2\ \ \ \ Lam [x].e : T\<^sub>1\T\<^sub>2" equivariance typing @@ -186,7 +186,7 @@ lemma t_Lam_elim: assumes a: "\ \ Lam [x].t : T" "x\\" - obtains T\<^isub>1 and T\<^isub>2 where "(x,T\<^isub>1)#\ \ t : T\<^isub>2" and "T=T\<^isub>1\T\<^isub>2" + obtains T\<^sub>1 and T\<^sub>2 where "(x,T\<^sub>1)#\ \ t : T\<^sub>2" and "T=T\<^sub>1\T\<^sub>2" using a by (cases rule: typing.strong_cases [where x="x"]) (auto simp add: abs_fresh fresh_ty alpha trm.inject) @@ -194,24 +194,24 @@ abbreviation "sub_context" :: "(name\ty) list \ (name\ty) list \ bool" ("_ \ _" [55,55] 55) where - "\\<^isub>1 \ \\<^isub>2 \ \x T. (x,T)\set \\<^isub>1 \ (x,T)\set \\<^isub>2" + "\\<^sub>1 \ \\<^sub>2 \ \x T. (x,T)\set \\<^sub>1 \ (x,T)\set \\<^sub>2" lemma weakening: - fixes \\<^isub>1 \\<^isub>2::"(name\ty) list" - assumes "\\<^isub>1 \ e: T" and "valid \\<^isub>2" and "\\<^isub>1 \ \\<^isub>2" - shows "\\<^isub>2 \ e: T" + fixes \\<^sub>1 \\<^sub>2::"(name\ty) list" + assumes "\\<^sub>1 \ e: T" and "valid \\<^sub>2" and "\\<^sub>1 \ \\<^sub>2" + shows "\\<^sub>2 \ e: T" using assms -proof(nominal_induct \\<^isub>1 e T avoiding: \\<^isub>2 rule: typing.strong_induct) - case (t_Lam x \\<^isub>1 T\<^isub>1 t T\<^isub>2 \\<^isub>2) - have vc: "x\\\<^isub>2" by fact - have ih: "\valid ((x,T\<^isub>1)#\\<^isub>2); (x,T\<^isub>1)#\\<^isub>1 \ (x,T\<^isub>1)#\\<^isub>2\ \ (x,T\<^isub>1)#\\<^isub>2 \ t : T\<^isub>2" by fact - have "valid \\<^isub>2" by fact - then have "valid ((x,T\<^isub>1)#\\<^isub>2)" using vc by auto +proof(nominal_induct \\<^sub>1 e T avoiding: \\<^sub>2 rule: typing.strong_induct) + case (t_Lam x \\<^sub>1 T\<^sub>1 t T\<^sub>2 \\<^sub>2) + have vc: "x\\\<^sub>2" by fact + have ih: "\valid ((x,T\<^sub>1)#\\<^sub>2); (x,T\<^sub>1)#\\<^sub>1 \ (x,T\<^sub>1)#\\<^sub>2\ \ (x,T\<^sub>1)#\\<^sub>2 \ t : T\<^sub>2" by fact + have "valid \\<^sub>2" by fact + then have "valid ((x,T\<^sub>1)#\\<^sub>2)" using vc by auto moreover - have "\\<^isub>1 \ \\<^isub>2" by fact - then have "(x,T\<^isub>1)#\\<^isub>1 \ (x,T\<^isub>1)#\\<^isub>2" by simp - ultimately have "(x,T\<^isub>1)#\\<^isub>2 \ t : T\<^isub>2" using ih by simp - with vc show "\\<^isub>2 \ Lam [x].t : T\<^isub>1\T\<^isub>2" by auto + have "\\<^sub>1 \ \\<^sub>2" by fact + then have "(x,T\<^sub>1)#\\<^sub>1 \ (x,T\<^sub>1)#\\<^sub>2" by simp + ultimately have "(x,T\<^sub>1)#\\<^sub>2 \ t : T\<^sub>2" using ih by simp + with vc show "\\<^sub>2 \ Lam [x].t : T\<^sub>1\T\<^sub>2" by auto qed (auto) lemma type_substitutivity_aux: @@ -254,7 +254,7 @@ lemma not_val_App[simp]: shows - "\ val (App e\<^isub>1 e\<^isub>2)" + "\ val (App e\<^sub>1 e\<^sub>2)" "\ val (Var x)" by (auto elim: val.cases) @@ -264,7 +264,7 @@ big :: "trm\trm\bool" ("_ \ _" [80,80] 80) where b_Lam[intro]: "Lam [x].e \ Lam [x].e" -| b_App[intro]: "\x\(e\<^isub>1,e\<^isub>2,e'); e\<^isub>1\Lam [x].e; e\<^isub>2\e\<^isub>2'; e[x::=e\<^isub>2']\e'\ \ App e\<^isub>1 e\<^isub>2 \ e'" +| b_App[intro]: "\x\(e\<^sub>1,e\<^sub>2,e'); e\<^sub>1\Lam [x].e; e\<^sub>2\e\<^sub>2'; e[x::=e\<^sub>2']\e'\ \ App e\<^sub>1 e\<^sub>2 \ e'" equivariance big @@ -278,8 +278,8 @@ using a by (induct) (auto simp add: abs_fresh fresh_subst) lemma b_App_elim: - assumes a: "App e\<^isub>1 e\<^isub>2 \ e'" "x\(e\<^isub>1,e\<^isub>2,e')" - obtains f\<^isub>1 and f\<^isub>2 where "e\<^isub>1 \ Lam [x]. f\<^isub>1" "e\<^isub>2 \ f\<^isub>2" "f\<^isub>1[x::=f\<^isub>2] \ e'" + assumes a: "App e\<^sub>1 e\<^sub>2 \ e'" "x\(e\<^sub>1,e\<^sub>2,e')" + obtains f\<^sub>1 and f\<^sub>2 where "e\<^sub>1 \ Lam [x]. f\<^sub>1" "e\<^sub>2 \ f\<^sub>2" "f\<^sub>1[x::=f\<^sub>2] \ e'" using a by (cases rule: big.strong_cases[where x="x" and xa="x"]) (auto simp add: trm.inject) @@ -289,20 +289,20 @@ shows "\ \ e' : T" using a b proof (nominal_induct avoiding: \ arbitrary: T rule: big.strong_induct) - case (b_App x e\<^isub>1 e\<^isub>2 e' e e\<^isub>2' \ T) + case (b_App x e\<^sub>1 e\<^sub>2 e' e e\<^sub>2' \ T) have vc: "x\\" by fact - have "\ \ App e\<^isub>1 e\<^isub>2 : T" by fact - then obtain T' where a1: "\ \ e\<^isub>1 : T'\T" and a2: "\ \ e\<^isub>2 : T'" + have "\ \ App e\<^sub>1 e\<^sub>2 : T" by fact + then obtain T' where a1: "\ \ e\<^sub>1 : T'\T" and a2: "\ \ e\<^sub>2 : T'" by (cases) (auto simp add: trm.inject) - have ih1: "\ \ e\<^isub>1 : T' \ T \ \ \ Lam [x].e : T' \ T" by fact - have ih2: "\ \ e\<^isub>2 : T' \ \ \ e\<^isub>2' : T'" by fact - have ih3: "\ \ e[x::=e\<^isub>2'] : T \ \ \ e' : T" by fact + have ih1: "\ \ e\<^sub>1 : T' \ T \ \ \ Lam [x].e : T' \ T" by fact + have ih2: "\ \ e\<^sub>2 : T' \ \ \ e\<^sub>2' : T'" by fact + have ih3: "\ \ e[x::=e\<^sub>2'] : T \ \ \ e' : T" by fact have "\ \ Lam [x].e : T'\T" using ih1 a1 by simp then have "((x,T')#\) \ e : T" using vc by (auto elim: t_Lam_elim simp add: ty.inject) moreover - have "\ \ e\<^isub>2': T'" using ih2 a2 by simp - ultimately have "\ \ e[x::=e\<^isub>2'] : T" by (simp add: type_substitutivity) + have "\ \ e\<^sub>2': T'" using ih2 a2 by simp + ultimately have "\ \ e[x::=e\<^sub>2'] : T" by (simp add: type_substitutivity) thus "\ \ e' : T" using ih3 by simp qed (blast) @@ -314,31 +314,31 @@ (force elim: t_App_elim t_Lam_elim simp add: ty.inject type_substitutivity)+ lemma unicity_of_evaluation: - assumes a: "e \ e\<^isub>1" - and b: "e \ e\<^isub>2" - shows "e\<^isub>1 = e\<^isub>2" + assumes a: "e \ e\<^sub>1" + and b: "e \ e\<^sub>2" + shows "e\<^sub>1 = e\<^sub>2" using a b -proof (nominal_induct e e\<^isub>1 avoiding: e\<^isub>2 rule: big.strong_induct) - case (b_Lam x e t\<^isub>2) - have "Lam [x].e \ t\<^isub>2" by fact - thus "Lam [x].e = t\<^isub>2" by cases (simp_all add: trm.inject) +proof (nominal_induct e e\<^sub>1 avoiding: e\<^sub>2 rule: big.strong_induct) + case (b_Lam x e t\<^sub>2) + have "Lam [x].e \ t\<^sub>2" by fact + thus "Lam [x].e = t\<^sub>2" by cases (simp_all add: trm.inject) next - case (b_App x e\<^isub>1 e\<^isub>2 e' e\<^isub>1' e\<^isub>2' t\<^isub>2) - have ih1: "\t. e\<^isub>1 \ t \ Lam [x].e\<^isub>1' = t" by fact - have ih2:"\t. e\<^isub>2 \ t \ e\<^isub>2' = t" by fact - have ih3: "\t. e\<^isub>1'[x::=e\<^isub>2'] \ t \ e' = t" by fact - have app: "App e\<^isub>1 e\<^isub>2 \ t\<^isub>2" by fact - have vc: "x\e\<^isub>1" "x\e\<^isub>2" "x\t\<^isub>2" by fact+ - then have "x\App e\<^isub>1 e\<^isub>2" by auto - from app vc obtain f\<^isub>1 f\<^isub>2 where x1: "e\<^isub>1 \ Lam [x]. f\<^isub>1" and x2: "e\<^isub>2 \ f\<^isub>2" and x3: "f\<^isub>1[x::=f\<^isub>2] \ t\<^isub>2" + case (b_App x e\<^sub>1 e\<^sub>2 e' e\<^sub>1' e\<^sub>2' t\<^sub>2) + have ih1: "\t. e\<^sub>1 \ t \ Lam [x].e\<^sub>1' = t" by fact + have ih2:"\t. e\<^sub>2 \ t \ e\<^sub>2' = t" by fact + have ih3: "\t. e\<^sub>1'[x::=e\<^sub>2'] \ t \ e' = t" by fact + have app: "App e\<^sub>1 e\<^sub>2 \ t\<^sub>2" by fact + have vc: "x\e\<^sub>1" "x\e\<^sub>2" "x\t\<^sub>2" by fact+ + then have "x\App e\<^sub>1 e\<^sub>2" by auto + from app vc obtain f\<^sub>1 f\<^sub>2 where x1: "e\<^sub>1 \ Lam [x]. f\<^sub>1" and x2: "e\<^sub>2 \ f\<^sub>2" and x3: "f\<^sub>1[x::=f\<^sub>2] \ t\<^sub>2" by (auto elim!: b_App_elim) - then have "Lam [x]. f\<^isub>1 = Lam [x]. e\<^isub>1'" using ih1 by simp + then have "Lam [x]. f\<^sub>1 = Lam [x]. e\<^sub>1'" using ih1 by simp then - have "f\<^isub>1 = e\<^isub>1'" by (auto simp add: trm.inject alpha) + have "f\<^sub>1 = e\<^sub>1'" by (auto simp add: trm.inject alpha) moreover - have "f\<^isub>2 = e\<^isub>2'" using x2 ih2 by simp - ultimately have "e\<^isub>1'[x::=e\<^isub>2'] \ t\<^isub>2" using x3 by simp - thus "e' = t\<^isub>2" using ih3 by simp + have "f\<^sub>2 = e\<^sub>2'" using x2 ih2 by simp + ultimately have "e\<^sub>1'[x::=e\<^sub>2'] \ t\<^sub>2" using x3 by simp + thus "e' = t\<^sub>2" using ih3 by simp qed lemma reduces_evaluates_to_values: @@ -352,7 +352,7 @@ V :: "ty \ trm set" where "V (TVar x) = {e. val e}" -| "V (T\<^isub>1 \ T\<^isub>2) = {Lam [x].e | x e. \ v \ (V T\<^isub>1). \ v'. e[x::=v] \ v' \ v' \ V T\<^isub>2}" +| "V (T\<^sub>1 \ T\<^sub>2) = {Lam [x].e | x e. \ v \ (V T\<^sub>1). \ v'. e[x::=v] \ v' \ v' \ V T\<^sub>2}" by (rule TrueI)+ lemma V_eqvt: @@ -377,14 +377,14 @@ done lemma V_arrow_elim_weak: - assumes h:"u \ V (T\<^isub>1 \ T\<^isub>2)" - obtains a t where "u = Lam [a].t" and "\ v \ (V T\<^isub>1). \ v'. t[a::=v] \ v' \ v' \ V T\<^isub>2" + assumes h:"u \ V (T\<^sub>1 \ T\<^sub>2)" + obtains a t where "u = Lam [a].t" and "\ v \ (V T\<^sub>1). \ v'. t[a::=v] \ v' \ v' \ V T\<^sub>2" using h by (auto) lemma V_arrow_elim_strong: fixes c::"'a::fs_name" - assumes h: "u \ V (T\<^isub>1 \ T\<^isub>2)" - obtains a t where "a\c" "u = Lam [a].t" "\v \ (V T\<^isub>1). \ v'. t[a::=v] \ v' \ v' \ V T\<^isub>2" + assumes h: "u \ V (T\<^sub>1 \ T\<^sub>2)" + obtains a t where "a\c" "u = Lam [a].t" "\v \ (V T\<^sub>1). \ v'. t[a::=v] \ v' \ v' \ V T\<^sub>2" using h apply - apply(erule V_arrow_elim_weak) @@ -489,48 +489,48 @@ shows "\v. \ \ v \ v \ V T" using h2 h1 proof(nominal_induct e avoiding: \ \ arbitrary: T rule: trm.strong_induct) - case (App e\<^isub>1 e\<^isub>2 \ \ T) - have ih\<^isub>1: "\\ \ T. \\ Vcloses \; \ \ e\<^isub>1 : T\ \ \v. \1> \ v \ v \ V T" by fact - have ih\<^isub>2: "\\ \ T. \\ Vcloses \; \ \ e\<^isub>2 : T\ \ \v. \2> \ v \ v \ V T" by fact - have as\<^isub>1: "\ Vcloses \" by fact - have as\<^isub>2: "\ \ App e\<^isub>1 e\<^isub>2 : T" by fact - then obtain T' where "\ \ e\<^isub>1 : T' \ T" and "\ \ e\<^isub>2 : T'" by (auto elim: t_App_elim) - then obtain v\<^isub>1 v\<^isub>2 where "(i)": "\1> \ v\<^isub>1" "v\<^isub>1 \ V (T' \ T)" - and "(ii)": "\2> \ v\<^isub>2" "v\<^isub>2 \ V T'" using ih\<^isub>1 ih\<^isub>2 as\<^isub>1 by blast + case (App e\<^sub>1 e\<^sub>2 \ \ T) + have ih\<^sub>1: "\\ \ T. \\ Vcloses \; \ \ e\<^sub>1 : T\ \ \v. \1> \ v \ v \ V T" by fact + have ih\<^sub>2: "\\ \ T. \\ Vcloses \; \ \ e\<^sub>2 : T\ \ \v. \2> \ v \ v \ V T" by fact + have as\<^sub>1: "\ Vcloses \" by fact + have as\<^sub>2: "\ \ App e\<^sub>1 e\<^sub>2 : T" by fact + then obtain T' where "\ \ e\<^sub>1 : T' \ T" and "\ \ e\<^sub>2 : T'" by (auto elim: t_App_elim) + then obtain v\<^sub>1 v\<^sub>2 where "(i)": "\1> \ v\<^sub>1" "v\<^sub>1 \ V (T' \ T)" + and "(ii)": "\2> \ v\<^sub>2" "v\<^sub>2 \ V T'" using ih\<^sub>1 ih\<^sub>2 as\<^sub>1 by blast from "(i)" obtain x e' - where "v\<^isub>1 = Lam [x].e'" + where "v\<^sub>1 = Lam [x].e'" and "(iii)": "(\v \ (V T').\ v'. e'[x::=v] \ v' \ v' \ V T)" - and "(iv)": "\1> \ Lam [x].e'" - and fr: "x\(\,e\<^isub>1,e\<^isub>2)" by (blast elim: V_arrow_elim_strong) - from fr have fr\<^isub>1: "x\\1>" and fr\<^isub>2: "x\\2>" by (simp_all add: fresh_psubst) - from "(ii)" "(iii)" obtain v\<^isub>3 where "(v)": "e'[x::=v\<^isub>2] \ v\<^isub>3" "v\<^isub>3 \ V T" by auto - from fr\<^isub>2 "(ii)" have "x\v\<^isub>2" by (simp add: big_preserves_fresh) - then have "x\e'[x::=v\<^isub>2]" by (simp add: fresh_subst) - then have fr\<^isub>3: "x\v\<^isub>3" using "(v)" by (simp add: big_preserves_fresh) - from fr\<^isub>1 fr\<^isub>2 fr\<^isub>3 have "x\(\1>,\2>,v\<^isub>3)" by simp - with "(iv)" "(ii)" "(v)" have "App (\1>) (\2>) \ v\<^isub>3" by auto - then show "\v. \1 e\<^isub>2> \ v \ v \ V T" using "(v)" by auto + and "(iv)": "\1> \ Lam [x].e'" + and fr: "x\(\,e\<^sub>1,e\<^sub>2)" by (blast elim: V_arrow_elim_strong) + from fr have fr\<^sub>1: "x\\1>" and fr\<^sub>2: "x\\2>" by (simp_all add: fresh_psubst) + from "(ii)" "(iii)" obtain v\<^sub>3 where "(v)": "e'[x::=v\<^sub>2] \ v\<^sub>3" "v\<^sub>3 \ V T" by auto + from fr\<^sub>2 "(ii)" have "x\v\<^sub>2" by (simp add: big_preserves_fresh) + then have "x\e'[x::=v\<^sub>2]" by (simp add: fresh_subst) + then have fr\<^sub>3: "x\v\<^sub>3" using "(v)" by (simp add: big_preserves_fresh) + from fr\<^sub>1 fr\<^sub>2 fr\<^sub>3 have "x\(\1>,\2>,v\<^sub>3)" by simp + with "(iv)" "(ii)" "(v)" have "App (\1>) (\2>) \ v\<^sub>3" by auto + then show "\v. \1 e\<^sub>2> \ v \ v \ V T" using "(v)" by auto next case (Lam x e \ \ T) have ih:"\\ \ T. \\ Vcloses \; \ \ e : T\ \ \v. \ \ v \ v \ V T" by fact - have as\<^isub>1: "\ Vcloses \" by fact - have as\<^isub>2: "\ \ Lam [x].e : T" by fact + have as\<^sub>1: "\ Vcloses \" by fact + have as\<^sub>2: "\ \ Lam [x].e : T" by fact have fs: "x\\" "x\\" by fact+ - from as\<^isub>2 fs obtain T\<^isub>1 T\<^isub>2 - where "(i)": "(x,T\<^isub>1)#\ \ e:T\<^isub>2" and "(ii)": "T = T\<^isub>1 \ T\<^isub>2" using fs + from as\<^sub>2 fs obtain T\<^sub>1 T\<^sub>2 + where "(i)": "(x,T\<^sub>1)#\ \ e:T\<^sub>2" and "(ii)": "T = T\<^sub>1 \ T\<^sub>2" using fs by (auto elim: t_Lam_elim) - from "(i)" have "(iii)": "valid ((x,T\<^isub>1)#\)" by (simp add: typing_implies_valid) - have "\v \ (V T\<^isub>1). \v'. (\)[x::=v] \ v' \ v' \ V T\<^isub>2" + from "(i)" have "(iii)": "valid ((x,T\<^sub>1)#\)" by (simp add: typing_implies_valid) + have "\v \ (V T\<^sub>1). \v'. (\)[x::=v] \ v' \ v' \ V T\<^sub>2" proof fix v - assume "v \ (V T\<^isub>1)" - with "(iii)" as\<^isub>1 have "(x,v)#\ Vcloses (x,T\<^isub>1)#\" using monotonicity by auto - with ih "(i)" obtain v' where "((x,v)#\) \ v' \ v' \ V T\<^isub>2" by blast - then have "\[x::=v] \ v' \ v' \ V T\<^isub>2" using fs by (simp add: psubst_subst_psubst) - then show "\v'. \[x::=v] \ v' \ v' \ V T\<^isub>2" by auto + assume "v \ (V T\<^sub>1)" + with "(iii)" as\<^sub>1 have "(x,v)#\ Vcloses (x,T\<^sub>1)#\" using monotonicity by auto + with ih "(i)" obtain v' where "((x,v)#\) \ v' \ v' \ V T\<^sub>2" by blast + then have "\[x::=v] \ v' \ v' \ V T\<^sub>2" using fs by (simp add: psubst_subst_psubst) + then show "\v'. \[x::=v] \ v' \ v' \ V T\<^sub>2" by auto qed - then have "Lam[x].\ \ V (T\<^isub>1 \ T\<^isub>2)" by auto - then have "\ \ Lam [x].\ \ Lam [x].\ \ V (T\<^isub>1\T\<^isub>2)" using fs by auto + then have "Lam[x].\ \ V (T\<^sub>1 \ T\<^sub>2)" by auto + then have "\ \ Lam [x].\ \ Lam [x].\ \ V (T\<^sub>1\T\<^sub>2)" using fs by auto thus "\v. \ \ v \ v \ V T" using "(ii)" by auto next case (Var x \ \ T)