# HG changeset patch # User urbanc # Date 1134298621 -3600 # Node ID 5f40a59a798b76db99c0c2a7e1dc1e47b258645b # Parent 44578c918349dc16402c3be58b8e9bb3dfd3ff1b ISAR-fied some proofs diff -r 44578c918349 -r 5f40a59a798b src/HOL/Nominal/Examples/SN.thy --- a/src/HOL/Nominal/Examples/SN.thy Sun Dec 11 01:21:26 2005 +0100 +++ b/src/HOL/Nominal/Examples/SN.thy Sun Dec 11 11:57:01 2005 +0100 @@ -32,7 +32,7 @@ apply(auto simp add: abs_fresh fresh_atm) done -lemma subs_lemma: +lemma subst_lemma: assumes a: "x\y" and b: "x\L" shows "M[x::=N][y::=L] = M[y::=L][x::=N[y::=L]]" @@ -158,9 +158,11 @@ shows "M[x::=N]\\<^isub>\ M'[x::=N]" using a apply(nominal_induct M M' avoiding: x N rule: beta_induct) -apply(auto simp add: fresh_atm subs_lemma) +apply(auto simp add: fresh_atm subst_lemma) done +section {* types *} + datatype ty = TVar "string" | TArr "ty" "ty" (infix "\" 200) @@ -363,8 +365,7 @@ assumes a: "(a,\)\set \" shows "a\set(dom_ty \)" using a -apply(induct \) -apply(auto) +apply(induct \, auto) done lemma free_vars: @@ -434,12 +435,14 @@ qed next case (App s1 s2) - have b1: "\ \t2:\" by fact - have b2: "((c,\)#\)\App s1 s2 : \" by fact - hence "\\'. (((c,\)#\)\s1:\'\\ \ ((c,\)#\)\s2:\')" by (rule t2_elim) - then obtain \' where b3a: "((c,\)#\)\s1:\'\\" and b3b: "((c,\)#\)\s2:\'" by force - show "\ \ (App s1 s2)[c::=t2] : \" - using b1 b3a b3b prems by (simp, rule_tac \="\'" in t2, auto) + have ih_s1: "\c \ \ t2 \. ((c,\)#\) \ s1:\ \ \\ t2: \ \ \ \ s1[c::=t2]:\" by fact + have ih_s2: "\c \ \ t2 \. ((c,\)#\) \ s2:\ \ \\ t2: \ \ \ \ s2[c::=t2]:\" by fact + have "((c,\)#\)\App s1 s2 : \" by fact + hence "\\'. ((c,\)#\)\s1:\'\\ \ ((c,\)#\)\s2:\'" by (rule t2_elim) + then obtain \' where "((c,\)#\)\s1:\'\\" and "((c,\)#\)\s2:\'" by blast + moreover + have "\ \t2:\" by fact + ultimately show "\ \ (App s1 s2)[c::=t2] : \" using ih_s1 ih_s2 by (simp, blast) next case (Lam a s) have "a\\" "a\\" "a\\" "a\c" "a\t2" by fact @@ -470,51 +473,43 @@ qed lemma subject: - fixes \ ::"(name\ty) list" - and t1 ::"lam" - and t2 ::"lam" - and \ ::"ty" assumes a: "t1\\<^isub>\t2" and b: "\ \ t1:\" shows "\ \ t2:\" using a b proof (nominal_induct t1 t2 avoiding: \ \ rule: beta_induct) - case (b1 t s1 s2) - have i: "\\ \. \ \ s1:\ \ \ \ s2 : \" by fact + case (b1 t s1 s2) --"App-case left" + have ih: "\\ \. \ \ s1:\ \ \ \ s2 : \" by fact have "\ \ App s1 t : \" by fact hence "\\. \ \ s1 : \\\ \ \ \ t : \" by (rule t2_elim) - then obtain \ where a1: "\ \ s1 : \\\" and a2: "\ \ t : \" by blast - thus "\ \ App s2 t : \" using i by blast + then obtain \ where "\ \ s1 : \\\" and "\ \ t : \" by blast + with ih show "\ \ App s2 t : \" by blast next - case (b2 t s1 s2) - have i: "\\ \. \ \ s1 : \ \ \ \ s2 : \" by fact + case (b2 t s1 s2) --"App-case right" + have ih: "\\ \. \ \ s1 : \ \ \ \ s2 : \" by fact have "\ \ App t s1 : \" by fact hence "\\. \ \ t : \\\ \ \ \ s1 : \" by (rule t2_elim) - then obtain \ where a1: "\ \ t : \\\" and a2: "\ \ s1 : \" by blast - thus "\ \ App t s2 : \" using i by blast + then obtain \ where "\ \ t : \\\" and "\ \ s1 : \" by blast + with ih show "\ \ App t s2 : \" by blast next - case (b3 a s1 s2) - have f: "a\\" and "a\\" by fact - have i: "\\ \. \ \ s1 : \ \ \ \ s2 : \" by fact + case (b3 a s1 s2) --"Lam-case" + have fr: "a\\" "a\\" by fact + have ih: "\\ \. \ \ s1 : \ \ \ \ s2 : \" by fact have "\ \ Lam [a].s1 : \" by fact - with f have "\\1 \2. \=\1\\2 \ ((a,\1)#\) \ s1 : \2" by (blast dest: t3_elim) - then obtain \1 \2 where a1: "\=\1\\2" and a2: "((a,\1)#\) \ s1 : \2" by blast - thus "\ \ Lam [a].s2 : \" using f i by blast + with fr have "\\1 \2. \=\1\\2 \ ((a,\1)#\) \ s1 : \2" by (simp add: t3_elim) + then obtain \1 \2 where "\=\1\\2" and "((a,\1)#\) \ s1 : \2" by blast + with ih show "\ \ Lam [a].s2 : \" using fr by blast next - case (b4 a s1 s2) - have f: "a\\" by fact + case (b4 a s1 s2) --"Beta-redex" + have fr: "a\\" by fact have "\ \ App (Lam [a].s1) s2 : \" by fact - hence "\\. (\ \ (Lam [a].s1) : \\\ \ \ \ s2 : \)" by (rule t2_elim) - then obtain \ where a1: "\ \ (Lam [(a::name)].s1) : \\\" and a2: "\ \ s2 : \" by blast - have "((a,\)#\) \ s1 : \" using a1 f by (blast dest!: t3_elim) - with a2 show "\ \ s1[a::=s2] : \" by (blast intro: ty_subs) + hence "\\. (\ \ (Lam [a].s1) : \\\ \ \ \ s2 : \)" by (simp add: t2_elim) + then obtain \ where a1: "\ \ (Lam [a].s1) : \\\" and a2: "\ \ s2 : \" by blast + from a1 have "((a,\)#\) \ s1 : \" using fr by (blast dest!: t3_elim) + with a2 show "\ \ s1[a::=s2] : \" by (simp add: ty_subs) qed lemma subject_automatic: - fixes \ ::"(name\ty) list" - and t1 ::"lam" - and t2 ::"lam" - and \ ::"ty" assumes a: "t1\\<^isub>\t2" and b: "\ \ t1:\" shows "\ \ t2:\" @@ -529,17 +524,27 @@ "NORMAL" :: "lam \ bool" "NORMAL t \ \(\t'. t\\<^isub>\ t')" +lemma NORMAL_Var: + shows "NORMAL (Var a)" +proof - + { assume "\t'. (Var a) \\<^isub>\ t'" + then obtain t' where "(Var a) \\<^isub>\ t'" by blast + hence False by (cases, auto) + } + thus "NORMAL (Var a)" by (force simp add: NORMAL_def) +qed + constdefs "SN" :: "lam \ bool" "SN t \ t\termi Beta" -lemma qq1: "\SN(t1);t1\\<^isub>\ t2\\SN(t2)" +lemma SN_preserved: "\SN(t1);t1\\<^isub>\ t2\\SN(t2)" apply(simp add: SN_def) apply(drule_tac a="t2" in acc_downward) apply(auto) done -lemma qq2: "(\t2. t1\\<^isub>\t2 \ SN(t2))\SN(t1)" +lemma SN_intro: "(\t2. t1\\<^isub>\t2 \ SN(t2))\SN(t1)" apply(simp add: SN_def) apply(rule accI) apply(auto) @@ -587,21 +592,23 @@ apply(auto intro: b1) done +section {* Candidates *} + constdefs - "CR1" :: "ty \ bool" - "CR1 \ \ \ t. (t\RED \ \ SN(t))" + "CR1" :: "ty \ bool" + "CR1 \ \ \ t. (t\RED \ \ SN(t))" - "CR2" :: "ty \ bool" - "CR2 \ \ \t t'. ((t\RED \ \ t \\<^isub>\ t') \ t'\RED \)" + "CR2" :: "ty \ bool" + "CR2 \ \ \t t'. (t\RED \ \ t \\<^isub>\ t') \ t'\RED \" - "CR3_RED" :: "lam \ ty \ bool" - "CR3_RED t \ \ \t'. (t\\<^isub>\ t' \ t'\RED \)" + "CR3_RED" :: "lam \ ty \ bool" + "CR3_RED t \ \ \t'. t\\<^isub>\ t' \ t'\RED \" - "CR3" :: "ty \ bool" - "CR3 \ \ \t. (NEUT t \ CR3_RED t \) \ t\RED \" + "CR3" :: "ty \ bool" + "CR3 \ \ \t. (NEUT t \ CR3_RED t \) \ t\RED \" - "CR4" :: "ty \ bool" - "CR4 \ \ \t. (NEUT t \ NORMAL t) \t\RED \" + "CR4" :: "ty \ bool" + "CR4 \ \ \t. (NEUT t \ NORMAL t) \t\RED \" lemma CR3_CR4: "CR3 \ \ CR4 \" apply(simp (no_asm_use) add: CR3_def CR3_RED_def CR4_def NORMAL_def) @@ -636,74 +643,61 @@ apply(auto simp only: NEUT_def lam.inject lam.distinct) done -lemma RED_props: "CR1 \ \ CR2 \ \ CR3 \" -apply(induct_tac \) -apply(auto) -(* atom types *) -(* C1 *) -apply(simp add: CR1_def) -(* C2 *) -apply(simp add: CR2_def) -apply(clarify) -apply(drule_tac ?t2.0="t'" in qq1) -apply(assumption)+ -(* C3 *) -apply(simp add: CR3_def CR3_RED_def) -apply(clarify) -apply(rule qq2) -apply(assumption) -(* arrow types *) -(* C1 *) -apply(simp (no_asm) add: CR1_def) -apply(clarify) -apply(subgoal_tac "NEUT (Var a)")(*A*) -apply(subgoal_tac "(Var a)\RED ty1")(*C*) -apply(drule_tac x="Var a" in spec) -apply(simp) -apply(simp add: CR1_def) -apply(rotate_tac 1) -apply(drule_tac x="App t (Var a)" in spec) -apply(simp) -apply(drule qq3) -apply(assumption) -(*C*) -apply(simp (no_asm_use) add: CR3_def CR3_RED_def) -apply(drule_tac x="Var a" in spec) -apply(drule mp) -apply(clarify) -apply(ind_cases " Var a \\<^isub>\ t'") -apply(simp (no_asm_use) add: lam.distinct)+ -(*A*) -apply(simp (no_asm) only: NEUT_def) -apply(rule disjCI) -apply(rule_tac x="a" in exI) -apply(simp (no_asm)) -(* C2 *) -apply(simp (no_asm) add: CR2_def) -apply(clarify) -apply(drule_tac x="u" in spec) -apply(simp) -apply(subgoal_tac "App t u \\<^isub>\ App t' u")(*X*) -apply(simp (no_asm_use) only: CR2_def) -apply(blast) -(*X*) -apply(force intro!: b1) -(* C3 *) -apply(unfold CR3_def) -apply(rule allI) -apply(rule impI) -apply(erule conjE) -apply(simp (no_asm)) -apply(rule allI) -apply(rule impI) -apply(subgoal_tac "SN(u)")(*Z*) -apply(fold CR3_def) -apply(drule_tac \="ty1" and \="ty2" in sub_ind) -apply(simp) -(*Z*) -apply(simp add: CR1_def) -done - +lemma RED_props: + shows "CR1 \" and "CR2 \" and "CR3 \" +proof (induct \) + case (TVar a) + have "CR1 (TVar a)" by (simp add: CR1_def) + moreover + have "CR2 (TVar a)" by (force intro: SN_preserved simp add: CR2_def) + moreover + have "CR3 (TVar a)" by (force intro: SN_intro simp add: CR3_def CR3_RED_def) + ultimately show "CR1 (TVar a) \ CR2 (TVar a) \ CR3 (TVar a)" by simp +next + case (TArr \1 \2) + have ih_\1: "CR1 \1 \ CR2 \1 \ CR3 \1" by fact + have ih_\2: "CR1 \2 \ CR2 \2 \ CR3 \2" by fact + have "CR1 (\1 \ \2)" + proof (simp add: CR1_def, intro strip) + fix t + assume a: "\u. u \ RED \1 \ App t u \ RED \2" + from ih_\1 have "CR4 \1" by (simp add: CR3_CR4) + moreover + have "NEUT (Var a)" by (force simp add: NEUT_def) + moreover + have "NORMAL (Var a)" by (rule NORMAL_Var) + ultimately have "(Var a)\ RED \1" by (simp add: CR4_def) + with a have "App t (Var a) \ RED \2" by simp + moreover + from ih_\2 have "CR1 \2" by simp + ultimately have "SN (App t (Var a))" by (simp add: CR1_def) + thus "SN(t)" by (rule qq3) + qed + moreover + have "CR2 (\1 \ \2)" + proof (simp add: CR2_def, intro strip) + fix t1 t2 u + assume "(\u. u \ RED \1 \ App t1 u \ RED \2) \ t1 \\<^isub>\ t2" + and "u \ RED \1" + hence "t1 \\<^isub>\ t2" and "App t1 u \ RED \2" by simp_all + moreover + from ih_\2 have "CR2 \2" by simp + ultimately show "App t2 u \ RED \2" by (force simp add: CR2_def) + qed + moreover + have "CR3 (\1 \ \2)" + proof (simp add: CR3_def, intro strip) + fix t u + assume a1: "u \ RED \1" + assume a2: "NEUT t \ CR3_RED t (\1 \ \2)" + from a1 have "SN(u)" using ih_\1 by (simp add: CR1_def) + hence "u\RED \1\(\t. (NEUT t\CR2 \1\CR3 \2\CR3_RED t (\1\\2))\(App t u)\RED \2)" + by (rule sub_ind) + with a1 a2 show "(App t u)\RED \2" using ih_\1 ih_\2 by simp + qed + ultimately show "CR1 (\1 \ \2) \ CR2 (\1 \ \2) \ CR3 (\1 \ \2)" by blast +qed + lemma double_acc_aux: assumes a_acc: "a \ acc r" and b_acc: "b \ acc r" @@ -835,12 +829,19 @@ apply(auto simp add: fresh_prod fresh_list_cons fresh_atm) done -lemma fresh_at[rule_format]: "a\set(domain \) \ c\\\c\(\)" -apply(induct_tac \) +lemma fresh_at: + assumes a: "a\set(domain \)" + and b: "c\\" + shows "c\(\)" +using a b +apply(induct \) apply(auto simp add: fresh_prod fresh_list_cons) done -lemma psubst_subst[rule_format]: "c\\\ (t[<\>])[c::=s] = t[<((c,s)#\)>]" +lemma psubst_subst: + assumes a: "c\\" + shows "(t[<\>])[c::=s] = t[<((c,s)#\)>]" +using a apply(nominal_induct t avoiding: \ c s rule: lam_induct) apply(auto dest: fresh_domain) apply(drule fresh_at) @@ -874,24 +875,7 @@ thus "(Lam [a].t)[<\>] \ RED \" using fresh \_inst by simp qed (force dest!: t1_elim t2_elim)+ -lemma all_RED: - assumes a: "\\t:\" - and b: "\a \. (a,\)\set(\) \ (a\set(domain \)\\\RED \)" - shows "t[<\>]\RED \" -using a b -apply(nominal_induct t avoiding: \ \ \ rule: lam_induct) -(* Variables *) -apply(force dest: t1_elim) -(* Applications *) -apply(atomize) -apply(force dest!: t2_elim) -(* Abstractions *) -apply(auto dest!: t3_elim simp only: psubst_Lam) -apply(rule abs_RED[THEN mp]) -apply(force dest: fresh_context simp add: psubst_subst) -done - -(* identity substitution generated from a \ *) +(* identity substitution generated from a context \ *) consts "id" :: "(name\ty) list \ (name\lam) list" primrec @@ -915,9 +899,7 @@ done lemma id_apply: - assumes a: "valid \" shows "t[<(id \)>] = t" -using a apply(nominal_induct t avoiding: \ rule: lam_induct) apply(auto) apply(simp add: id_var) @@ -932,30 +914,41 @@ apply(induct \, auto) done -lemma ty_in_RED: - shows "\\t:\\t\RED \" -apply(frule typing_valid) -apply(drule_tac \="id \" in all_RED) +lemma id_prop: + shows "\a \. (a,\)\set(\) \ (a\set(domain (id \))\(id \)\RED \)" +apply(auto) apply(simp add: id_mem) apply(frule id_mem) apply(simp add: id_var) -apply(subgoal_tac "CR3 \") +apply(subgoal_tac "CR3 \")(*A*) apply(drule CR3_CR4) apply(simp add: CR4_def) apply(drule_tac x="Var a" in spec) -apply(drule mp) -apply(auto simp add: NEUT_def NORMAL_def) -apply(ind_cases "(Var a) \\<^isub>\ t'") -apply(rule RED_props[THEN conjunct2, THEN conjunct2]) -apply(simp add: id_apply) +apply(force simp add: NEUT_def NORMAL_Var) +(*A*) +apply(rule RED_props) done -lemma ty_SN: "\\t:\\SN(t)" -apply(drule ty_in_RED) -apply(subgoal_tac "CR1 \")(*A*) -apply(simp add: CR1_def) -(*A*) -apply(rule RED_props[THEN conjunct1]) -done +lemma typing_implies_RED: + assumes a: "\\t:\" + shows "t \ RED \" +proof - + have "t[>]\RED \" + proof - + have "\a \. (a,\)\set(\) \ (a\set(domain (id \))\(id \)\RED \)" by (rule id_prop) + with a show ?thesis by (rule all_RED) + qed + thus"t \ RED \" by (simp add: id_apply) +qed + +lemma typing_implies_SN: + assumes a: "\\t:\" + shows "SN(t)" +proof - + from a have "t \ RED \" by (rule typing_implies_RED) + moreover + have "CR1 \" by (rule RED_props) + ultimately show "SN(t)" by (simp add: CR1_def) +qed end \ No newline at end of file