# HG changeset patch # User berghofe # Date 1170866471 -3600 # Node ID 4ccb7e6be929b4c9d1396ef45245d7a941995612 # Parent 7c1e65897693470b40109d93217fb2b02329780d Converted to predicate notation. diff -r 7c1e65897693 -r 4ccb7e6be929 src/HOL/Lambda/Commutation.thy --- a/src/HOL/Lambda/Commutation.thy Wed Feb 07 17:39:49 2007 +0100 +++ b/src/HOL/Lambda/Commutation.thy Wed Feb 07 17:41:11 2007 +0100 @@ -11,26 +11,26 @@ subsection {* Basic definitions *} definition - square :: "[('a \ 'a) set, ('a \ 'a) set, ('a \ 'a) set, ('a \ 'a) set] => bool" where + square :: "['a => 'a => bool, 'a => 'a => bool, 'a => 'a => bool, 'a => 'a => bool] => bool" where "square R S T U = - (\x y. (x, y) \ R --> (\z. (x, z) \ S --> (\u. (y, u) \ T \ (z, u) \ U)))" + (\x y. R x y --> (\z. S x z --> (\u. T y u \ U z u)))" definition - commute :: "[('a \ 'a) set, ('a \ 'a) set] => bool" where + commute :: "['a => 'a => bool, 'a => 'a => bool] => bool" where "commute R S = square R S S R" definition - diamond :: "('a \ 'a) set => bool" where + diamond :: "('a => 'a => bool) => bool" where "diamond R = commute R R" definition - Church_Rosser :: "('a \ 'a) set => bool" where + Church_Rosser :: "('a => 'a => bool) => bool" where "Church_Rosser R = - (\x y. (x, y) \ (R \ R^-1)^* --> (\z. (x, z) \ R^* \ (y, z) \ R^*))" + (\x y. (join R (R^--1))^** x y --> (\z. R^** x z \ R^** y z))" abbreviation - confluent :: "('a \ 'a) set => bool" where - "confluent R == diamond (R^*)" + confluent :: "('a => 'a => bool) => bool" where + "confluent R == diamond (R^**)" subsection {* Basic lemmas *} @@ -43,31 +43,30 @@ done lemma square_subset: - "[| square R S T U; T \ T' |] ==> square R S T' U" + "[| square R S T U; T \ T' |] ==> square R S T' U" apply (unfold square_def) - apply blast + apply (blast dest: predicate2D) done lemma square_reflcl: - "[| square R S T (R^=); S \ T |] ==> square (R^=) S T (R^=)" + "[| square R S T (R^==); S \ T |] ==> square (R^==) S T (R^==)" apply (unfold square_def) - apply blast + apply (blast dest: predicate2D) done lemma square_rtrancl: - "square R S S T ==> square (R^*) S S (T^*)" + "square R S S T ==> square (R^**) S S (T^**)" apply (unfold square_def) apply (intro strip) - apply (erule rtrancl_induct) + apply (erule rtrancl_induct') apply blast - apply (blast intro: rtrancl_into_rtrancl) + apply (blast intro: rtrancl.rtrancl_into_rtrancl) done lemma square_rtrancl_reflcl_commute: - "square R S (S^*) (R^=) ==> commute (R^*) (S^*)" + "square R S (S^**) (R^==) ==> commute (R^**) (S^**)" apply (unfold commute_def) - apply (fastsimp dest: square_reflcl square_sym [THEN square_rtrancl] - elim: r_into_rtrancl) + apply (fastsimp dest: square_reflcl square_sym [THEN square_rtrancl]) done @@ -78,13 +77,13 @@ apply (blast intro: square_sym) done -lemma commute_rtrancl: "commute R S ==> commute (R^*) (S^*)" +lemma commute_rtrancl: "commute R S ==> commute (R^**) (S^**)" apply (unfold commute_def) apply (blast intro: square_rtrancl square_sym) done lemma commute_Un: - "[| commute R T; commute S T |] ==> commute (R \ S) T" + "[| commute R T; commute S T |] ==> commute (join R S) T" apply (unfold commute_def square_def) apply blast done @@ -93,7 +92,7 @@ subsubsection {* diamond, confluence, and union *} lemma diamond_Un: - "[| diamond R; diamond S; commute R S |] ==> diamond (R \ S)" + "[| diamond R; diamond S; commute R S |] ==> diamond (join R S)" apply (unfold diamond_def) apply (assumption | rule commute_Un commute_sym)+ done @@ -104,22 +103,21 @@ done lemma square_reflcl_confluent: - "square R R (R^=) (R^=) ==> confluent R" + "square R R (R^==) (R^==) ==> confluent R" apply (unfold diamond_def) - apply (fast intro: square_rtrancl_reflcl_commute r_into_rtrancl - elim: square_subset) + apply (fast intro: square_rtrancl_reflcl_commute elim: square_subset) done lemma confluent_Un: - "[| confluent R; confluent S; commute (R^*) (S^*) |] ==> confluent (R \ S)" - apply (rule rtrancl_Un_rtrancl [THEN subst]) + "[| confluent R; confluent S; commute (R^**) (S^**) |] ==> confluent (join R S)" + apply (rule rtrancl_Un_rtrancl' [THEN subst]) apply (blast dest: diamond_Un intro: diamond_confluent) done lemma diamond_to_confluence: - "[| diamond R; T \ R; R \ T^* |] ==> confluent T" + "[| diamond R; T \ R; R \ T^** |] ==> confluent T" apply (force intro: diamond_confluent - dest: rtrancl_subset [symmetric]) + dest: rtrancl_subset' [symmetric]) done @@ -130,12 +128,12 @@ apply (tactic {* safe_tac HOL_cs *}) apply (tactic {* blast_tac (HOL_cs addIs - [thm "Un_upper2" RS thm "rtrancl_mono" RS thm "subsetD" RS thm "rtrancl_trans", - thm "rtrancl_converseI", thm "converseI", - thm "Un_upper1" RS thm "rtrancl_mono" RS thm "subsetD"]) 1 *}) - apply (erule rtrancl_induct) + [thm "join_right_le" RS thm "rtrancl_mono'" RS thm "predicate2D" RS thm "rtrancl_trans'", + thm "rtrancl_converseI'", thm "conversepI", + thm "join_left_le" RS thm "rtrancl_mono'" RS thm "predicate2D"]) 1 *}) + apply (erule rtrancl_induct') apply blast - apply (blast del: rtrancl_refl intro: rtrancl_trans) + apply (blast del: rtrancl.rtrancl_refl intro: rtrancl_trans') done @@ -144,44 +142,44 @@ text {* Proof by Stefan Berghofer *} theorem newman: - assumes wf: "wf (R\)" - and lc: "\a b c. (a, b) \ R \ (a, c) \ R \ - \d. (b, d) \ R\<^sup>* \ (c, d) \ R\<^sup>*" - shows "\b c. (a, b) \ R\<^sup>* \ (a, c) \ R\<^sup>* \ - \d. (b, d) \ R\<^sup>* \ (c, d) \ R\<^sup>*" + assumes wf: "wfP (R\\)" + and lc: "\a b c. R a b \ R a c \ + \d. R\<^sup>*\<^sup>* b d \ R\<^sup>*\<^sup>* c d" + shows "\b c. R\<^sup>*\<^sup>* a b \ R\<^sup>*\<^sup>* a c \ + \d. R\<^sup>*\<^sup>* b d \ R\<^sup>*\<^sup>* c d" using wf proof induct case (less x b c) - have xc: "(x, c) \ R\<^sup>*" . - have xb: "(x, b) \ R\<^sup>*" . thus ?case - proof (rule converse_rtranclE) + have xc: "R\<^sup>*\<^sup>* x c" . + have xb: "R\<^sup>*\<^sup>* x b" . thus ?case + proof (rule converse_rtranclE') assume "x = b" - with xc have "(b, c) \ R\<^sup>*" by simp + with xc have "R\<^sup>*\<^sup>* b c" by simp thus ?thesis by iprover next fix y - assume xy: "(x, y) \ R" - assume yb: "(y, b) \ R\<^sup>*" + assume xy: "R x y" + assume yb: "R\<^sup>*\<^sup>* y b" from xc show ?thesis - proof (rule converse_rtranclE) + proof (rule converse_rtranclE') assume "x = c" - with xb have "(c, b) \ R\<^sup>*" by simp + with xb have "R\<^sup>*\<^sup>* c b" by simp thus ?thesis by iprover next fix y' - assume y'c: "(y', c) \ R\<^sup>*" - assume xy': "(x, y') \ R" - with xy have "\u. (y, u) \ R\<^sup>* \ (y', u) \ R\<^sup>*" by (rule lc) - then obtain u where yu: "(y, u) \ R\<^sup>*" and y'u: "(y', u) \ R\<^sup>*" by iprover - from xy have "(y, x) \ R\" .. - from this and yb yu have "\d. (b, d) \ R\<^sup>* \ (u, d) \ R\<^sup>*" by (rule less) - then obtain v where bv: "(b, v) \ R\<^sup>*" and uv: "(u, v) \ R\<^sup>*" by iprover - from xy' have "(y', x) \ R\" .. - moreover from y'u and uv have "(y', v) \ R\<^sup>*" by (rule rtrancl_trans) + assume y'c: "R\<^sup>*\<^sup>* y' c" + assume xy': "R x y'" + with xy have "\u. R\<^sup>*\<^sup>* y u \ R\<^sup>*\<^sup>* y' u" by (rule lc) + then obtain u where yu: "R\<^sup>*\<^sup>* y u" and y'u: "R\<^sup>*\<^sup>* y' u" by iprover + from xy have "R\\ y x" .. + from this and yb yu have "\d. R\<^sup>*\<^sup>* b d \ R\<^sup>*\<^sup>* u d" by (rule less) + then obtain v where bv: "R\<^sup>*\<^sup>* b v" and uv: "R\<^sup>*\<^sup>* u v" by iprover + from xy' have "R\\ y' x" .. + moreover from y'u and uv have "R\<^sup>*\<^sup>* y' v" by (rule rtrancl_trans') moreover note y'c - ultimately have "\d. (v, d) \ R\<^sup>* \ (c, d) \ R\<^sup>*" by (rule less) - then obtain w where vw: "(v, w) \ R\<^sup>*" and cw: "(c, w) \ R\<^sup>*" by iprover - from bv vw have "(b, w) \ R\<^sup>*" by (rule rtrancl_trans) + ultimately have "\d. R\<^sup>*\<^sup>* v d \ R\<^sup>*\<^sup>* c d" by (rule less) + then obtain w where vw: "R\<^sup>*\<^sup>* v w" and cw: "R\<^sup>*\<^sup>* c w" by iprover + from bv vw have "R\<^sup>*\<^sup>* b w" by (rule rtrancl_trans') with cw show ?thesis by iprover qed qed @@ -195,42 +193,42 @@ *} theorem newman': - assumes wf: "wf (R\)" - and lc: "\a b c. (a, b) \ R \ (a, c) \ R \ - \d. (b, d) \ R\<^sup>* \ (c, d) \ R\<^sup>*" - shows "\b c. (a, b) \ R\<^sup>* \ (a, c) \ R\<^sup>* \ - \d. (b, d) \ R\<^sup>* \ (c, d) \ R\<^sup>*" + assumes wf: "wfP (R\\)" + and lc: "\a b c. R a b \ R a c \ + \d. R\<^sup>*\<^sup>* b d \ R\<^sup>*\<^sup>* c d" + shows "\b c. R\<^sup>*\<^sup>* a b \ R\<^sup>*\<^sup>* a c \ + \d. R\<^sup>*\<^sup>* b d \ R\<^sup>*\<^sup>* c d" using wf proof induct case (less x b c) - note IH = `\y b c. \(y,x) \ R\; (y,b) \ R\<^sup>*; (y,c) \ R\<^sup>*\ - \ \d. (b,d) \ R\<^sup>* \ (c,d) \ R\<^sup>*` - have xc: "(x, c) \ R\<^sup>*" . - have xb: "(x, b) \ R\<^sup>*" . + note IH = `\y b c. \R\\ y x; R\<^sup>*\<^sup>* y b; R\<^sup>*\<^sup>* y c\ + \ \d. R\<^sup>*\<^sup>* b d \ R\<^sup>*\<^sup>* c d` + have xc: "R\<^sup>*\<^sup>* x c" . + have xb: "R\<^sup>*\<^sup>* x b" . thus ?case - proof (rule converse_rtranclE) + proof (rule converse_rtranclE') assume "x = b" - with xc have "(b, c) \ R\<^sup>*" by simp + with xc have "R\<^sup>*\<^sup>* b c" by simp thus ?thesis by iprover next fix y - assume xy: "(x, y) \ R" - assume yb: "(y, b) \ R\<^sup>*" + assume xy: "R x y" + assume yb: "R\<^sup>*\<^sup>* y b" from xc show ?thesis - proof (rule converse_rtranclE) + proof (rule converse_rtranclE') assume "x = c" - with xb have "(c, b) \ R\<^sup>*" by simp + with xb have "R\<^sup>*\<^sup>* c b" by simp thus ?thesis by iprover next fix y' - assume y'c: "(y', c) \ R\<^sup>*" - assume xy': "(x, y') \ R" - with xy obtain u where u: "(y, u) \ R\<^sup>*" "(y', u) \ R\<^sup>*" + assume y'c: "R\<^sup>*\<^sup>* y' c" + assume xy': "R x y'" + with xy obtain u where u: "R\<^sup>*\<^sup>* y u" "R\<^sup>*\<^sup>* y' u" by (blast dest: lc) from yb u y'c show ?thesis - by (blast del: rtrancl_refl - intro: rtrancl_trans - dest: IH [OF xy [symmetric]] IH [OF xy' [symmetric]]) + by (blast del: rtrancl.rtrancl_refl + intro: rtrancl_trans' + dest: IH [OF conversepI, OF xy] IH [OF conversepI, OF xy']) qed qed qed diff -r 7c1e65897693 -r 4ccb7e6be929 src/HOL/Lambda/ListOrder.thy --- a/src/HOL/Lambda/ListOrder.thy Wed Feb 07 17:39:49 2007 +0100 +++ b/src/HOL/Lambda/ListOrder.thy Wed Feb 07 17:41:11 2007 +0100 @@ -14,36 +14,35 @@ *} definition - step1 :: "('a \ 'a) set => ('a list \ 'a list) set" where + step1 :: "('a => 'a => bool) => 'a list => 'a list => bool" where "step1 r = - {(ys, xs). \us z z' vs. xs = us @ z # vs \ (z', z) \ r \ ys = - us @ z' # vs}" + (\ys xs. \us z z' vs. xs = us @ z # vs \ r z' z \ ys = + us @ z' # vs)" -lemma step1_converse [simp]: "step1 (r^-1) = (step1 r)^-1" +lemma step1_converse [simp]: "step1 (r^--1) = (step1 r)^--1" + apply (unfold step1_def) + apply (blast intro!: order_antisym) + done + +lemma in_step1_converse [iff]: "(step1 (r^--1) x y) = ((step1 r)^--1 x y)" + apply auto + done + +lemma not_Nil_step1 [iff]: "\ step1 r [] xs" apply (unfold step1_def) apply blast done -lemma in_step1_converse [iff]: "(p \ step1 (r^-1)) = (p \ (step1 r)^-1)" - apply auto - done - -lemma not_Nil_step1 [iff]: "([], xs) \ step1 r" - apply (unfold step1_def) - apply blast - done - -lemma not_step1_Nil [iff]: "(xs, []) \ step1 r" +lemma not_step1_Nil [iff]: "\ step1 r xs []" apply (unfold step1_def) apply blast done lemma Cons_step1_Cons [iff]: - "((y # ys, x # xs) \ step1 r) = - ((y, x) \ r \ xs = ys \ x = y \ (ys, xs) \ step1 r)" + "(step1 r (y # ys) (x # xs)) = + (r y x \ xs = ys \ x = y \ step1 r ys xs)" apply (unfold step1_def) - apply simp apply (rule iffI) apply (erule exE) apply (rename_tac ts) @@ -56,8 +55,8 @@ done lemma append_step1I: - "(ys, xs) \ step1 r \ vs = us \ ys = xs \ (vs, us) \ step1 r - ==> (ys @ vs, xs @ us) : step1 r" + "step1 r ys xs \ vs = us \ ys = xs \ step1 r vs us + ==> step1 r (ys @ vs) (xs @ us)" apply (unfold step1_def) apply auto apply blast @@ -65,9 +64,9 @@ done lemma Cons_step1E [elim!]: - assumes "(ys, x # xs) \ step1 r" - and "!!y. ys = y # xs \ (y, x) \ r \ R" - and "!!zs. ys = x # zs \ (zs, xs) \ step1 r \ R" + assumes "step1 r ys (x # xs)" + and "!!y. ys = y # xs \ r y x \ R" + and "!!zs. ys = x # zs \ step1 r zs xs \ R" shows R using prems apply (cases ys) @@ -76,10 +75,9 @@ done lemma Snoc_step1_SnocD: - "(ys @ [y], xs @ [x]) \ step1 r - ==> ((ys, xs) \ step1 r \ y = x \ ys = xs \ (y, x) \ r)" + "step1 r (ys @ [y]) (xs @ [x]) + ==> (step1 r ys xs \ y = x \ ys = xs \ r y x)" apply (unfold step1_def) - apply simp apply (clarify del: disjCI) apply (rename_tac vs) apply (rule_tac xs = vs in rev_exhaust) @@ -89,7 +87,7 @@ done lemma Cons_acc_step1I [intro!]: - "x \ acc r ==> xs \ acc (step1 r) \ x # xs \ acc (step1 r)" + "acc r x ==> acc (step1 r) xs \ acc (step1 r) (x # xs)" apply (induct arbitrary: xs set: acc) apply (erule thin_rl) apply (erule acc_induct) @@ -97,8 +95,8 @@ apply blast done -lemma lists_accD: "xs \ lists (acc r) ==> xs \ acc (step1 r)" - apply (induct set: lists) +lemma lists_accD: "listsp (acc r) xs ==> acc (step1 r) xs" + apply (induct set: listsp) apply (rule accI) apply simp apply (rule accI) @@ -106,18 +104,18 @@ done lemma ex_step1I: - "[| x \ set xs; (y, x) \ r |] - ==> \ys. (ys, xs) \ step1 r \ y \ set ys" + "[| x \ set xs; r y x |] + ==> \ys. step1 r ys xs \ y \ set ys" apply (unfold step1_def) apply (drule in_set_conv_decomp [THEN iffD1]) apply force done -lemma lists_accI: "xs \ acc (step1 r) ==> xs \ lists (acc r)" +lemma lists_accI: "acc (step1 r) xs ==> listsp (acc r) xs" apply (induct set: acc) apply clarify apply (rule accI) - apply (drule ex_step1I, assumption) + apply (drule_tac r=r in ex_step1I, assumption) apply blast done diff -r 7c1e65897693 -r 4ccb7e6be929 src/HOL/Library/Multiset.thy --- a/src/HOL/Library/Multiset.thy Wed Feb 07 17:39:49 2007 +0100 +++ b/src/HOL/Library/Multiset.thy Wed Feb 07 17:41:11 2007 +0100 @@ -381,28 +381,28 @@ subsubsection {* Well-foundedness *} definition - mult1 :: "('a \ 'a) set => ('a multiset \ 'a multiset) set" where + mult1 :: "('a => 'a => bool) => 'a multiset => 'a multiset => bool" where "mult1 r = - {(N, M). \a M0 K. M = M0 + {#a#} \ N = M0 + K \ - (\b. b :# K --> (b, a) \ r)}" + (%N M. \a M0 K. M = M0 + {#a#} \ N = M0 + K \ + (\b. b :# K --> r b a))" definition - mult :: "('a \ 'a) set => ('a multiset \ 'a multiset) set" where - "mult r = (mult1 r)\<^sup>+" + mult :: "('a => 'a => bool) => 'a multiset => 'a multiset => bool" where + "mult r = (mult1 r)\<^sup>+\<^sup>+" -lemma not_less_empty [iff]: "(M, {#}) \ mult1 r" +lemma not_less_empty [iff]: "\ mult1 r M {#}" by (simp add: mult1_def) -lemma less_add: "(N, M0 + {#a#}) \ mult1 r ==> - (\M. (M, M0) \ mult1 r \ N = M + {#a#}) \ - (\K. (\b. b :# K --> (b, a) \ r) \ N = M0 + K)" +lemma less_add: "mult1 r N (M0 + {#a#})==> + (\M. mult1 r M M0 \ N = M + {#a#}) \ + (\K. (\b. b :# K --> r b a) \ N = M0 + K)" (is "_ \ ?case1 (mult1 r) \ ?case2") proof (unfold mult1_def) - let ?r = "\K a. \b. b :# K --> (b, a) \ r" + let ?r = "\K a. \b. b :# K --> r b a" let ?R = "\N M. \a M0 K. M = M0 + {#a#} \ N = M0 + K \ ?r K a" - let ?case1 = "?case1 {(N, M). ?R N M}" + let ?case1 = "?case1 ?R" - assume "(N, M0 + {#a#}) \ {(N, M). ?R N M}" + assume "?R N (M0 + {#a#})" then have "\a' M0' K. M0 + {#a#} = M0' + {#a'#} \ N = M0' + K \ ?r K a'" by simp then show "?case1 \ ?case2" @@ -430,80 +430,80 @@ qed qed -lemma all_accessible: "wf r ==> \M. M \ acc (mult1 r)" +lemma all_accessible: "wfP r ==> \M. acc (mult1 r) M" proof let ?R = "mult1 r" let ?W = "acc ?R" { fix M M0 a - assume M0: "M0 \ ?W" - and wf_hyp: "!!b. (b, a) \ r ==> (\M \ ?W. M + {#b#} \ ?W)" - and acc_hyp: "\M. (M, M0) \ ?R --> M + {#a#} \ ?W" - have "M0 + {#a#} \ ?W" - proof (rule accI [of "M0 + {#a#}"]) + assume M0: "?W M0" + and wf_hyp: "!!b. r b a ==> \M \ ?W. ?W (M + {#b#})" + and acc_hyp: "\M. ?R M M0 --> ?W (M + {#a#})" + have "?W (M0 + {#a#})" + proof (rule accI [of _ "M0 + {#a#}"]) fix N - assume "(N, M0 + {#a#}) \ ?R" - then have "((\M. (M, M0) \ ?R \ N = M + {#a#}) \ - (\K. (\b. b :# K --> (b, a) \ r) \ N = M0 + K))" + assume "?R N (M0 + {#a#})" + then have "((\M. ?R M M0 \ N = M + {#a#}) \ + (\K. (\b. b :# K --> r b a) \ N = M0 + K))" by (rule less_add) - then show "N \ ?W" + then show "?W N" proof (elim exE disjE conjE) - fix M assume "(M, M0) \ ?R" and N: "N = M + {#a#}" - from acc_hyp have "(M, M0) \ ?R --> M + {#a#} \ ?W" .. - then have "M + {#a#} \ ?W" .. - then show "N \ ?W" by (simp only: N) + fix M assume "?R M M0" and N: "N = M + {#a#}" + from acc_hyp have "?R M M0 --> ?W (M + {#a#})" .. + then have "?W (M + {#a#})" .. + then show "?W N" by (simp only: N) next fix K assume N: "N = M0 + K" - assume "\b. b :# K --> (b, a) \ r" - then have "M0 + K \ ?W" + assume "\b. b :# K --> r b a" + then have "?W (M0 + K)" proof (induct K) case empty - from M0 show "M0 + {#} \ ?W" by simp + from M0 show "?W (M0 + {#})" by simp next case (add K x) - from add.prems have "(x, a) \ r" by simp - with wf_hyp have "\M \ ?W. M + {#x#} \ ?W" by blast - moreover from add have "M0 + K \ ?W" by simp - ultimately have "(M0 + K) + {#x#} \ ?W" .. - then show "M0 + (K + {#x#}) \ ?W" by (simp only: union_assoc) + from add.prems have "r x a" by simp + with wf_hyp have "\M \ ?W. ?W (M + {#x#})" by blast + moreover from add have "?W (M0 + K)" by simp + ultimately have "?W ((M0 + K) + {#x#})" .. + then show "?W (M0 + (K + {#x#}))" by (simp only: union_assoc) qed - then show "N \ ?W" by (simp only: N) + then show "?W N" by (simp only: N) qed qed } note tedious_reasoning = this - assume wf: "wf r" + assume wf: "wfP r" fix M - show "M \ ?W" + show "?W M" proof (induct M) - show "{#} \ ?W" + show "?W {#}" proof (rule accI) - fix b assume "(b, {#}) \ ?R" - with not_less_empty show "b \ ?W" by contradiction + fix b assume "?R b {#}" + with not_less_empty show "?W b" by contradiction qed - fix M a assume "M \ ?W" - from wf have "\M \ ?W. M + {#a#} \ ?W" + fix M a assume "?W M" + from wf have "\M \ ?W. ?W (M + {#a#})" proof induct fix a - assume "!!b. (b, a) \ r ==> (\M \ ?W. M + {#b#} \ ?W)" - show "\M \ ?W. M + {#a#} \ ?W" + assume "!!b. r b a ==> \M \ ?W. ?W (M + {#b#})" + show "\M \ ?W. ?W (M + {#a#})" proof - fix M assume "M \ ?W" - then show "M + {#a#} \ ?W" + fix M assume "?W M" + then show "?W (M + {#a#})" by (rule acc_induct) (rule tedious_reasoning) qed qed - then show "M + {#a#} \ ?W" .. + then show "?W (M + {#a#})" .. qed qed -theorem wf_mult1: "wf r ==> wf (mult1 r)" +theorem wf_mult1: "wfP r ==> wfP (mult1 r)" by (rule acc_wfI, rule all_accessible) -theorem wf_mult: "wf r ==> wf (mult r)" - by (unfold mult_def, rule wf_trancl, rule wf_mult1) +theorem wf_mult: "wfP r ==> wfP (mult r)" + by (unfold mult_def, rule wfP_trancl, rule wf_mult1) subsubsection {* Closure-free presentation *} @@ -516,16 +516,16 @@ text {* One direction. *} lemma mult_implies_one_step: - "trans r ==> (M, N) \ mult r ==> + "transP r ==> mult r M N ==> \I J K. N = I + J \ M = I + K \ J \ {#} \ - (\k \ set_of K. \j \ set_of J. (k, j) \ r)" + (\k \ set_of K. \j \ set_of J. r k j)" apply (unfold mult_def mult1_def set_of_def) - apply (erule converse_trancl_induct, clarify) + apply (erule converse_trancl_induct', clarify) apply (rule_tac x = M0 in exI, simp, clarify) - apply (case_tac "a :# K") + apply (case_tac "a :# Ka") apply (rule_tac x = I in exI) apply (simp (no_asm)) - apply (rule_tac x = "(K - {#a#}) + Ka" in exI) + apply (rule_tac x = "(Ka - {#a#}) + K" in exI) apply (simp (no_asm_simp) add: union_assoc [symmetric]) apply (drule_tac f = "\M. M - {#a#}" in arg_cong) apply (simp add: diff_union_single_conv) @@ -556,30 +556,29 @@ done lemma one_step_implies_mult_aux: - "trans r ==> - \I J K. (size J = n \ J \ {#} \ (\k \ set_of K. \j \ set_of J. (k, j) \ r)) - --> (I + K, I + J) \ mult r" + "\I J K. (size J = n \ J \ {#} \ (\k \