# HG changeset patch # User paulson # Date 1586103146 -3600 # Node ID 65489718f4dcc4c8ef8f1ffb1a013e3c87a716f0 # Parent d682b4000a77318f114134f4be29ca9bcc22c091 Tidied up more ancient, horrible proofs. Liberalised frac_le diff -r d682b4000a77 -r 65489718f4dc src/HOL/Fields.thy --- a/src/HOL/Fields.thy Sat Apr 04 21:38:20 2020 +0200 +++ b/src/HOL/Fields.thy Sun Apr 05 17:12:26 2020 +0100 @@ -125,11 +125,14 @@ qed lemma inverse_zero_imp_zero: - "inverse a = 0 \ a = 0" -apply (rule classical) -apply (drule nonzero_imp_inverse_nonzero) -apply auto -done + assumes "inverse a = 0" shows "a = 0" +proof (rule ccontr) + assume "a \ 0" + then have "inverse a \ 0" + by (simp add: nonzero_imp_inverse_nonzero) + with assms show False + by auto +qed lemma inverse_unique: assumes ab: "a * b = 1" @@ -209,10 +212,10 @@ lemma minus_divide_left: "- (a / b) = (-a) / b" by (simp add: divide_inverse) -lemma nonzero_minus_divide_right: "b \ 0 ==> - (a / b) = a / (- b)" +lemma nonzero_minus_divide_right: "b \ 0 \ - (a / b) = a / (- b)" by (simp add: divide_inverse nonzero_inverse_minus_eq) -lemma nonzero_minus_divide_divide: "b \ 0 ==> (-a) / (-b) = a / b" +lemma nonzero_minus_divide_divide: "b \ 0 \ (-a) / (-b) = a / b" by (simp add: divide_inverse nonzero_inverse_minus_eq) lemma divide_minus_left [simp]: "(-a) / b = - (a / b)" @@ -712,10 +715,16 @@ qed lemma inverse_less_imp_less: - "inverse a < inverse b \ 0 < a \ b < a" -apply (simp add: less_le [of "inverse a"] less_le [of "b"]) -apply (force dest!: inverse_le_imp_le nonzero_inverse_eq_imp_eq) -done + assumes "inverse a < inverse b" "0 < a" + shows "b < a" +proof - + have "a \ b" + using assms by (simp add: less_le) + moreover have "b \ a" + using assms by (force simp: less_le dest: inverse_le_imp_le) + ultimately show ?thesis + by (simp add: less_le) +qed text\Both premises are essential. Consider -1 and 1.\ lemma inverse_less_iff_less [simp]: @@ -734,41 +743,44 @@ text\These results refer to both operands being negative. The opposite-sign case is trivial, since inverse preserves signs.\ lemma inverse_le_imp_le_neg: - "inverse a \ inverse b \ b < 0 \ b \ a" -apply (rule classical) -apply (subgoal_tac "a < 0") - prefer 2 apply force -apply (insert inverse_le_imp_le [of "-b" "-a"]) -apply (simp add: nonzero_inverse_minus_eq) -done + assumes "inverse a \ inverse b" "b < 0" + shows "b \ a" +proof (rule classical) + assume "\ b \ a" + with \b < 0\ have "a < 0" + by force + with assms show "b \ a" + using inverse_le_imp_le [of "-b" "-a"] by (simp add: nonzero_inverse_minus_eq) +qed lemma less_imp_inverse_less_neg: - "a < b \ b < 0 \ inverse b < inverse a" -apply (subgoal_tac "a < 0") - prefer 2 apply (blast intro: less_trans) -apply (insert less_imp_inverse_less [of "-b" "-a"]) -apply (simp add: nonzero_inverse_minus_eq) -done + assumes "a < b" "b < 0" + shows "inverse b < inverse a" +proof - + have "a < 0" + using assms by (blast intro: less_trans) + with less_imp_inverse_less [of "-b" "-a"] show ?thesis + by (simp add: nonzero_inverse_minus_eq assms) +qed lemma inverse_less_imp_less_neg: - "inverse a < inverse b \ b < 0 \ b < a" -apply (rule classical) -apply (subgoal_tac "a < 0") - prefer 2 - apply force -apply (insert inverse_less_imp_less [of "-b" "-a"]) -apply (simp add: nonzero_inverse_minus_eq) -done + assumes "inverse a < inverse b" "b < 0" + shows "b < a" +proof (rule classical) + assume "\ b < a" + with \b < 0\ have "a < 0" + by force + with inverse_less_imp_less [of "-b" "-a"] show ?thesis + by (simp add: nonzero_inverse_minus_eq assms) +qed lemma inverse_less_iff_less_neg [simp]: "a < 0 \ b < 0 \ inverse a < inverse b \ b < a" -apply (insert inverse_less_iff_less [of "-b" "-a"]) -apply (simp del: inverse_less_iff_less - add: nonzero_inverse_minus_eq) -done + using inverse_less_iff_less [of "-b" "-a"] + by (simp del: inverse_less_iff_less add: nonzero_inverse_minus_eq) lemma le_imp_inverse_le_neg: - "a \ b \ b < 0 ==> inverse b \ inverse a" + "a \ b \ b < 0 \ inverse b \ inverse a" by (force simp add: le_less less_imp_inverse_less_neg) lemma inverse_le_iff_le_neg [simp]: @@ -907,113 +919,125 @@ by (subst le_iff_diff_le_0) (simp add: diff_frac_eq ) lemma divide_pos_pos[simp]: - "0 < x ==> 0 < y ==> 0 < x / y" + "0 < x \ 0 < y \ 0 < x / y" by(simp add:field_simps) lemma divide_nonneg_pos: - "0 <= x ==> 0 < y ==> 0 <= x / y" + "0 \ x \ 0 < y \ 0 \ x / y" by(simp add:field_simps) lemma divide_neg_pos: - "x < 0 ==> 0 < y ==> x / y < 0" -by(simp add:field_simps) + "x < 0 \ 0 < y \ x / y < 0" + by(simp add:field_simps) lemma divide_nonpos_pos: - "x <= 0 ==> 0 < y ==> x / y <= 0" -by(simp add:field_simps) + "x \ 0 \ 0 < y \ x / y \ 0" + by(simp add:field_simps) lemma divide_pos_neg: - "0 < x ==> y < 0 ==> x / y < 0" -by(simp add:field_simps) + "0 < x \ y < 0 \ x / y < 0" + by(simp add:field_simps) lemma divide_nonneg_neg: - "0 <= x ==> y < 0 ==> x / y <= 0" -by(simp add:field_simps) + "0 \ x \ y < 0 \ x / y \ 0" + by(simp add:field_simps) lemma divide_neg_neg: - "x < 0 ==> y < 0 ==> 0 < x / y" -by(simp add:field_simps) + "x < 0 \ y < 0 \ 0 < x / y" + by(simp add:field_simps) lemma divide_nonpos_neg: - "x <= 0 ==> y < 0 ==> 0 <= x / y" -by(simp add:field_simps) + "x \ 0 \ y < 0 \ 0 \ x / y" + by(simp add:field_simps) lemma divide_strict_right_mono: - "[|a < b; 0 < c|] ==> a / c < b / c" -by (simp add: less_imp_not_eq2 divide_inverse mult_strict_right_mono - positive_imp_inverse_positive) + "\a < b; 0 < c\ \ a / c < b / c" + by (simp add: less_imp_not_eq2 divide_inverse mult_strict_right_mono + positive_imp_inverse_positive) lemma divide_strict_right_mono_neg: - "[|b < a; c < 0|] ==> a / c < b / c" -apply (drule divide_strict_right_mono [of _ _ "-c"], simp) -apply (simp add: less_imp_not_eq nonzero_minus_divide_right [symmetric]) -done + assumes "b < a" "c < 0" shows "a / c < b / c" +proof - + have "b / - c < a / - c" + by (rule divide_strict_right_mono) (use assms in auto) + then show ?thesis + by (simp add: less_imp_not_eq) +qed text\The last premise ensures that \<^term>\a\ and \<^term>\b\ have the same sign\ lemma divide_strict_left_mono: - "[|b < a; 0 < c; 0 < a*b|] ==> c / a < c / b" + "\b < a; 0 < c; 0 < a*b\ \ c / a < c / b" by (auto simp: field_simps zero_less_mult_iff mult_strict_right_mono) lemma divide_left_mono: - "[|b \ a; 0 \ c; 0 < a*b|] ==> c / a \ c / b" + "\b \ a; 0 \ c; 0 < a*b\ \ c / a \ c / b" by (auto simp: field_simps zero_less_mult_iff mult_right_mono) lemma divide_strict_left_mono_neg: - "[|a < b; c < 0; 0 < a*b|] ==> c / a < c / b" + "\a < b; c < 0; 0 < a*b\ \ c / a < c / b" by (auto simp: field_simps zero_less_mult_iff mult_strict_right_mono_neg) -lemma mult_imp_div_pos_le: "0 < y ==> x <= z * y ==> - x / y <= z" +lemma mult_imp_div_pos_le: "0 < y \ x \ z * y \ x / y \ z" by (subst pos_divide_le_eq, assumption+) -lemma mult_imp_le_div_pos: "0 < y ==> z * y <= x ==> - z <= x / y" +lemma mult_imp_le_div_pos: "0 < y \ z * y \ x \ z \ x / y" by(simp add:field_simps) -lemma mult_imp_div_pos_less: "0 < y ==> x < z * y ==> - x / y < z" +lemma mult_imp_div_pos_less: "0 < y \ x < z * y \ x / y < z" by(simp add:field_simps) -lemma mult_imp_less_div_pos: "0 < y ==> z * y < x ==> - z < x / y" +lemma mult_imp_less_div_pos: "0 < y \ z * y < x \ z < x / y" by(simp add:field_simps) -lemma frac_le: "0 <= x ==> - x <= y ==> 0 < w ==> w <= z ==> x / z <= y / w" - apply (rule mult_imp_div_pos_le) - apply simp - apply (subst times_divide_eq_left) - apply (rule mult_imp_le_div_pos, assumption) - apply (rule mult_mono) - apply simp_all -done +lemma frac_le: + assumes "0 \ y" "x \ y" "0 < w" "w \ z" + shows "x / z \ y / w" +proof (rule mult_imp_div_pos_le) + show "z > 0" + using assms by simp + have "x \ y * z / w" + proof (rule mult_imp_le_div_pos [OF \0 < w\]) + show "x * w \ y * z" + using assms by (auto intro: mult_mono) + qed + also have "... = y / w * z" + by simp + finally show "x \ y / w * z" . +qed -lemma frac_less: "0 <= x ==> - x < y ==> 0 < w ==> w <= z ==> x / z < y / w" - apply (rule mult_imp_div_pos_less) - apply simp - apply (subst times_divide_eq_left) - apply (rule mult_imp_less_div_pos, assumption) - apply (erule mult_less_le_imp_less) - apply simp_all -done +lemma frac_less: + assumes "0 \ x" "x < y" "0 < w" "w \ z" + shows "x / z < y / w" +proof (rule mult_imp_div_pos_less) + show "z > 0" + using assms by simp + have "x < y * z / w" + proof (rule mult_imp_less_div_pos [OF \0 < w\]) + show "x * w < y * z" + using assms by (auto intro: mult_less_le_imp_less) + qed + also have "... = y / w * z" + by simp + finally show "x < y / w * z" . +qed -lemma frac_less2: "0 < x ==> - x <= y ==> 0 < w ==> w < z ==> x / z < y / w" - apply (rule mult_imp_div_pos_less) - apply simp_all - apply (rule mult_imp_less_div_pos, assumption) - apply (erule mult_le_less_imp_less) - apply simp_all -done +lemma frac_less2: + assumes "0 < x" "x \ y" "0 < w" "w < z" + shows "x / z < y / w" +proof (rule mult_imp_div_pos_less) + show "z > 0" + using assms by simp + show "x < y / w * z" + using assms by (force intro: mult_imp_less_div_pos mult_le_less_imp_less) +qed -lemma less_half_sum: "a < b ==> a < (a+b) / (1+1)" -by (simp add: field_simps zero_less_two) +lemma less_half_sum: "a < b \ a < (a+b) / (1+1)" + by (simp add: field_simps zero_less_two) -lemma gt_half_sum: "a < b ==> (a+b)/(1+1) < b" -by (simp add: field_simps zero_less_two) +lemma gt_half_sum: "a < b \ (a+b)/(1+1) < b" + by (simp add: field_simps zero_less_two) subclass unbounded_dense_linorder proof @@ -1037,11 +1061,11 @@ by (cases b 0 rule: linorder_cases) simp_all lemma nonzero_abs_inverse: - "a \ 0 ==> \inverse a\ = inverse \a\" + "a \ 0 \ \inverse a\ = inverse \a\" by (rule abs_inverse) lemma nonzero_abs_divide: - "b \ 0 ==> \a / b\ = \a\ / \b\" + "b \ 0 \ \a / b\ = \a\ / \b\" by (rule abs_divide) lemma field_le_epsilon: @@ -1055,24 +1079,24 @@ then show "t \ y" by (simp add: algebra_simps) qed -lemma inverse_positive_iff_positive [simp]: - "(0 < inverse a) = (0 < a)" -apply (cases "a = 0", simp) -apply (blast intro: inverse_positive_imp_positive positive_imp_inverse_positive) -done +lemma inverse_positive_iff_positive [simp]: "(0 < inverse a) = (0 < a)" +proof (cases "a = 0") + case False + then show ?thesis + by (blast intro: inverse_positive_imp_positive positive_imp_inverse_positive) +qed auto -lemma inverse_negative_iff_negative [simp]: - "(inverse a < 0) = (a < 0)" -apply (cases "a = 0", simp) -apply (blast intro: inverse_negative_imp_negative negative_imp_inverse_negative) -done +lemma inverse_negative_iff_negative [simp]: "(inverse a < 0) = (a < 0)" +proof (cases "a = 0") + case False + then show ?thesis + by (blast intro: inverse_negative_imp_negative negative_imp_inverse_negative) +qed auto -lemma inverse_nonnegative_iff_nonnegative [simp]: - "0 \ inverse a \ 0 \ a" +lemma inverse_nonnegative_iff_nonnegative [simp]: "0 \ inverse a \ 0 \ a" by (simp add: not_less [symmetric]) -lemma inverse_nonpositive_iff_nonpositive [simp]: - "inverse a \ 0 \ a \ 0" +lemma inverse_nonpositive_iff_nonpositive [simp]: "inverse a \ 0 \ a \ 0" by (simp add: not_less [symmetric]) lemma one_less_inverse_iff: "1 < inverse x \ 0 < x \ x < 1" @@ -1144,20 +1168,14 @@ by (simp add: divide_less_0_iff) lemma divide_right_mono: - "[|a \ b; 0 \ c|] ==> a/c \ b/c" -by (force simp add: divide_strict_right_mono le_less) + "\a \ b; 0 \ c\ \ a/c \ b/c" + by (force simp add: divide_strict_right_mono le_less) -lemma divide_right_mono_neg: "a <= b - ==> c <= 0 ==> b / c <= a / c" -apply (drule divide_right_mono [of _ _ "- c"]) -apply auto -done +lemma divide_right_mono_neg: "a \ b \ c \ 0 \ b / c \ a / c" + by (auto dest: divide_right_mono [of _ _ "- c"]) -lemma divide_left_mono_neg: "a <= b - ==> c <= 0 ==> 0 < a * b ==> c / a <= c / b" - apply (drule divide_left_mono [of _ _ "- c"]) - apply (auto simp add: mult.commute) -done +lemma divide_left_mono_neg: "a \ b \ c \ 0 \ 0 < a * b \ c / a \ c / b" + by (auto simp add: mult.commute dest: divide_left_mono [of _ _ "- c"]) lemma inverse_le_iff: "inverse a \ inverse b \ (0 < a * b \ b \ a) \ (a * b \ 0 \ a \ b)" by (cases a 0 b 0 rule: linorder_cases[case_product linorder_cases]) @@ -1176,19 +1194,19 @@ lemma le_divide_eq_1: "(1 \ b / a) = ((0 < a \ a \ b) \ (a < 0 \ b \ a))" -by (auto simp add: le_divide_eq) + by (auto simp add: le_divide_eq) lemma divide_le_eq_1: "(b / a \ 1) = ((0 < a \ b \ a) \ (a < 0 \ a \ b) \ a=0)" -by (auto simp add: divide_le_eq) + by (auto simp add: divide_le_eq) lemma less_divide_eq_1: "(1 < b / a) = ((0 < a \ a < b) \ (a < 0 \ b < a))" -by (auto simp add: less_divide_eq) + by (auto simp add: less_divide_eq) lemma divide_less_eq_1: "(b / a < 1) = ((0 < a \ b < a) \ (a < 0 \ a < b) \ a=0)" -by (auto simp add: divide_less_eq) + by (auto simp add: divide_less_eq) lemma divide_nonneg_nonneg [simp]: "0 \ x \ 0 \ y \ 0 \ x / y" @@ -1210,55 +1228,52 @@ lemma le_divide_eq_1_pos [simp]: "0 < a \ (1 \ b/a) = (a \ b)" -by (auto simp add: le_divide_eq) + by (auto simp add: le_divide_eq) lemma le_divide_eq_1_neg [simp]: "a < 0 \ (1 \ b/a) = (b \ a)" -by (auto simp add: le_divide_eq) + by (auto simp add: le_divide_eq) lemma divide_le_eq_1_pos [simp]: "0 < a \ (b/a \ 1) = (b \ a)" -by (auto simp add: divide_le_eq) + by (auto simp add: divide_le_eq) lemma divide_le_eq_1_neg [simp]: "a < 0 \ (b/a \ 1) = (a \ b)" -by (auto simp add: divide_le_eq) + by (auto simp add: divide_le_eq) lemma less_divide_eq_1_pos [simp]: "0 < a \ (1 < b/a) = (a < b)" -by (auto simp add: less_divide_eq) + by (auto simp add: less_divide_eq) lemma less_divide_eq_1_neg [simp]: "a < 0 \ (1 < b/a) = (b < a)" -by (auto simp add: less_divide_eq) + by (auto simp add: less_divide_eq) lemma divide_less_eq_1_pos [simp]: "0 < a \ (b/a < 1) = (b < a)" -by (auto simp add: divide_less_eq) + by (auto simp add: divide_less_eq) lemma divide_less_eq_1_neg [simp]: "a < 0 \ b/a < 1 \ a < b" -by (auto simp add: divide_less_eq) + by (auto simp add: divide_less_eq) lemma eq_divide_eq_1 [simp]: "(1 = b/a) = ((a \ 0 \ a = b))" -by (auto simp add: eq_divide_eq) + by (auto simp add: eq_divide_eq) lemma divide_eq_eq_1 [simp]: "(b/a = 1) = ((a \ 0 \ a = b))" -by (auto simp add: divide_eq_eq) + by (auto simp add: divide_eq_eq) -lemma abs_div_pos: "0 < y ==> - \x\ / y = \x / y\" - apply (subst abs_divide) - apply (simp add: order_less_imp_le) -done +lemma abs_div_pos: "0 < y \ \x\ / y = \x / y\" + by (simp add: order_less_imp_le) lemma zero_le_divide_abs_iff [simp]: "(0 \ a / \b\) = (0 \ a \ b = 0)" -by (auto simp: zero_le_divide_iff) + by (auto simp: zero_le_divide_iff) lemma divide_le_0_abs_iff [simp]: "(a / \b\ \ 0) = (a \ 0 \ b = 0)" -by (auto simp: divide_le_0_iff) + by (auto simp: divide_le_0_iff) lemma field_le_mult_one_interval: assumes *: "\z. \ 0 < z ; z < 1 \ \ z * x \ y" @@ -1279,13 +1294,14 @@ text\For creating values between \<^term>\u\ and \<^term>\v\.\ lemma scaling_mono: assumes "u \ v" "0 \ r" "r \ s" - shows "u + r * (v - u) / s \ v" + shows "u + r * (v - u) / s \ v" proof - have "r/s \ 1" using assms using divide_le_eq_1 by fastforce - then have "(r/s) * (v - u) \ 1 * (v - u)" - apply (rule mult_right_mono) + moreover have "0 \ v - u" using assms by simp + ultimately have "(r/s) * (v - u) \ 1 * (v - u)" + by (rule mult_right_mono) then show ?thesis by (simp add: field_simps) qed diff -r d682b4000a77 -r 65489718f4dc src/HOL/Hilbert_Choice.thy --- a/src/HOL/Hilbert_Choice.thy Sat Apr 04 21:38:20 2020 +0200 +++ b/src/HOL/Hilbert_Choice.thy Sun Apr 05 17:12:26 2020 +0100 @@ -49,27 +49,25 @@ using ext[of P Q, OF assms] by simp text \ - Easier to apply than \someI\ if the witness comes from an + Easier to use than \someI\ if the witness comes from an existential formula. \ lemma someI_ex [elim?]: "\x. P x \ P (SOME x. P x)" - apply (erule exE) - apply (erule someI) - done + by (elim exE someI) lemma some_eq_imp: assumes "Eps P = a" "P b" shows "P a" using assms someI_ex by force text \ - Easier to apply than \someI\ because the conclusion has only one + Easier to use than \someI\ because the conclusion has only one occurrence of \<^term>\P\. \ lemma someI2: "P a \ (\x. P x \ Q x) \ Q (SOME x. P x)" by (blast intro: someI) text \ - Easier to apply than \someI2\ if the witness comes from an + Easier to use than \someI2\ if the witness comes from an existential formula. \ lemma someI2_ex: "\a. P a \ (\x. P x \ Q x) \ Q (SOME x. P x)" @@ -94,10 +92,7 @@ by (rule some_equality) (rule refl) lemma some_sym_eq_trivial [simp]: "(SOME y. x = y) = x" - apply (rule some_equality) - apply (rule refl) - apply (erule sym) - done + by (iprover intro: some_equality) subsection \Axiom of Choice, Proved Using the Description Operator\ @@ -240,11 +235,16 @@ lemma surj_iff_all: "surj f \ (\x. f (inv f x) = x)" by (simp add: o_def surj_iff fun_eq_iff) -lemma surj_imp_inv_eq: "surj f \ \x. g (f x) = x \ inv f = g" - apply (rule ext) - apply (drule_tac x = "inv f x" in spec) - apply (simp add: surj_f_inv_f) - done +lemma surj_imp_inv_eq: + assumes "surj f" and gf: "\x. g (f x) = x" + shows "inv f = g" +proof (rule ext) + fix x + have "g (f (inv f x)) = inv f x" + by (rule gf) + then show "inv f x = g x" + by (simp add: surj_f_inv_f \surj f\) +qed lemma bij_imp_bij_inv: "bij f \ bij (inv f)" by (simp add: bij_def inj_imp_surj_inv surj_imp_inj_inv) @@ -266,11 +266,7 @@ lemma inv_into_comp: "inj_on f (g ` A) \ inj_on g A \ x \ f ` g ` A \ inv_into A (f \ g) x = (inv_into A g \ inv_into (g ` A) f) x" - apply (rule inv_into_f_eq) - apply (fast intro: comp_inj_on) - apply (simp add: inv_into_into) - apply (simp add: f_inv_into_f inv_into_into) - done + by (auto simp: f_inv_into_f inv_into_into intro: inv_into_f_eq comp_inj_on) lemma o_inv_distrib: "bij f \ bij g \ inv (f \ g) = inv g \ inv f" by (rule inv_equality) (auto simp add: bij_def surj_f_inv_f) @@ -281,16 +277,25 @@ lemma image_inv_f_f: "inj f \ inv f ` (f ` A) = A" by simp -lemma bij_image_Collect_eq: "bij f \ f ` Collect P = {y. P (inv f y)}" - apply auto - apply (force simp add: bij_is_inj) - apply (blast intro: bij_is_surj [THEN surj_f_inv_f, symmetric]) - done +lemma bij_image_Collect_eq: + assumes "bij f" + shows "f ` Collect P = {y. P (inv f y)}" +proof + show "f ` Collect P \ {y. P (inv f y)}" + using assms by (force simp add: bij_is_inj) + show "{y. P (inv f y)} \ f ` Collect P" + using assms by (blast intro: bij_is_surj [THEN surj_f_inv_f, symmetric]) +qed -lemma bij_vimage_eq_inv_image: "bij f \ f -` A = inv f ` A" - apply (auto simp add: bij_is_surj [THEN surj_f_inv_f]) - apply (blast intro: bij_is_inj [THEN inv_into_f_f, symmetric]) - done +lemma bij_vimage_eq_inv_image: + assumes "bij f" + shows "f -` A = inv f ` A" +proof + show "f -` A \ inv f ` A" + using assms by (blast intro: bij_is_inj [THEN inv_into_f_f, symmetric]) + show "inv f ` A \ f -` A" + using assms by (auto simp add: bij_is_surj [THEN surj_f_inv_f]) +qed lemma inv_fn_o_fn_is_id: fixes f::"'a \ 'a" @@ -338,11 +343,16 @@ shows "inv (f^^n) = ((inv f)^^n)" proof - have "inv (f^^n) x = ((inv f)^^n) x" for x - apply (rule inv_into_f_eq, auto simp add: inj_fn[OF bij_is_inj[OF assms]]) - using fn_o_inv_fn_is_id[OF assms, of n, THEN fun_cong] by (simp) + proof (rule inv_into_f_eq) + show "inj (f ^^ n)" + by (simp add: inj_fn[OF bij_is_inj [OF assms]]) + show "(f ^^ n) ((inv f ^^ n) x) = x" + using fn_o_inv_fn_is_id[OF assms, THEN fun_cong] by force + qed auto then show ?thesis by auto qed + lemma mono_inv: fixes f::"'a::linorder \ 'b::linorder" assumes "mono f" "bij f" @@ -746,13 +756,16 @@ qed then have "N \ card (f N)" by simp also have "\ \ card S" using S by (intro card_mono) - finally have "f (card S) = f N" using eq by auto - then show ?thesis - using eq inj [of N] - apply auto - apply (case_tac "n < N") - apply (auto simp: not_less) - done + finally have \
: "f (card S) = f N" using eq by auto + moreover have "\ (range f) \ f N" + proof clarify + fix x n + assume "x \ f n" + with eq inj [of N] show "x \ f N" + by (cases "n < N") (auto simp: not_less) + qed + ultimately show ?thesis + by auto qed @@ -822,28 +835,13 @@ case True with infinite have "\ finite (A - {a})" by auto with infinite_iff_countable_subset[of "A - {a}"] - obtain f :: "nat \ 'a" where 1: "inj f" and 2: "f ` UNIV \ A - {a}" by blast + obtain f :: "nat \ 'a" where "inj f" and f: "f ` UNIV \ A - {a}" by blast define g where "g n = (if n = 0 then a else f (Suc n))" for n define A' where "A' = g ` UNIV" - have *: "\y. f y \ a" using 2 by blast + have *: "\y. f y \ a" using f by blast have 3: "inj_on g UNIV \ g ` UNIV \ A \ a \ g ` UNIV" - apply (auto simp add: True g_def [abs_def]) - apply (unfold inj_on_def) - apply (intro ballI impI) - apply (case_tac "x = 0") - apply (auto simp add: 2) - proof - - fix y - assume "a = (if y = 0 then a else f (Suc y))" - then show "y = 0" by (cases "y = 0") (use * in auto) - next - fix x y - assume "f (Suc x) = (if y = 0 then a else f (Suc y))" - with 1 * show "x = y" by (cases "y = 0") (auto simp: inj_on_def) - next - fix n - from 2 show "f (Suc n) \ A" by blast - qed + using \inj f\ f * unfolding inj_on_def g_def + by (auto simp add: True image_subset_iff) then have 4: "bij_betw g UNIV A' \ a \ A' \ A' \ A" using inj_on_imp_bij_betw[of g] by (auto simp: A'_def) then have 5: "bij_betw (inv g) A' UNIV" @@ -852,38 +850,14 @@ have 6: "bij_betw g (UNIV - {n}) (A' - {a})" by (rule bij_betw_subset) (use 3 4 n in \auto simp: image_set_diff A'_def\) define v where "v m = (if m < n then m else Suc m)" for m - have 7: "bij_betw v UNIV (UNIV - {n})" - proof (unfold bij_betw_def inj_on_def, intro conjI, clarify) - fix m1 m2 - assume "v m1 = v m2" - then show "m1 = m2" - apply (cases "m1 < n") - apply (cases "m2 < n") - apply (auto simp: inj_on_def v_def [abs_def]) - apply (cases "m2 < n") - apply auto - done - next - show "v ` UNIV = UNIV - {n}" - proof (auto simp: v_def [abs_def]) - fix m - assume "m \ n" - assume *: "m \ Suc ` {m'. \ m' < n}" - have False if "n \ m" - proof - - from \m \ n\ that have **: "Suc n \ m" by auto - from Suc_le_D [OF this] obtain m' where m': "m = Suc m'" .. - with ** have "n \ m'" by auto - with m' * show ?thesis by auto - qed - then show "m < n" by force - qed - qed + have "m < n \ m = n" if "\k. k < n \ m \ Suc k" for m + using that [of "m-1"] by auto + then have 7: "bij_betw v UNIV (UNIV - {n})" + unfolding bij_betw_def inj_on_def v_def by auto define h' where "h' = g \ v \ (inv g)" with 5 6 7 have 8: "bij_betw h' A' (A' - {a})" by (auto simp add: bij_betw_trans) define h where "h b = (if b \ A' then h' b else b)" for b - then have "\b \ A'. h b = h' b" by simp with 8 have "bij_betw h A' (A' - {a})" using bij_betw_cong[of A' h] by auto moreover @@ -943,14 +917,14 @@ lemma Sup_Inf: "\ (Inf ` A) = \ (Sup ` {f ` A |f. \B\A. f B \ B})" proof (rule antisym) show "\ (Inf ` A) \ \ (Sup ` {f ` A |f. \B\A. f B \ B})" - apply (rule Sup_least, rule INF_greatest) - using Inf_lower2 Sup_upper by auto + using Inf_lower2 Sup_upper + by (fastforce simp add: intro: Sup_least INF_greatest) next show "\ (Sup ` {f ` A |f. \B\A. f B \ B}) \ \ (Inf ` A)" proof (simp add: Inf_Sup, rule SUP_least, simp, safe) fix f assume "\Y. (\f. Y = f ` A \ (\Y\A. f Y \ Y)) \ f Y \ Y" - from this have B: "\ F . (\ Y \ A . F Y \ Y) \ \ Z \ A . f (F ` A) = F Z" + then have B: "\ F . (\ Y \ A . F Y \ Y) \ \ Z \ A . f (F ` A) = F Z" by auto show "\(f ` {f ` A |f. \Y\A. f Y \ Y}) \ \(Inf ` A)" proof (cases "\ Z \ A . \(f ` {f ` A |f. \Y\A. f Y \ Y}) \ Inf Z") @@ -963,21 +937,20 @@ by simp next case False - from this have X: "\ Z . Z \ A \ \ x . x \ Z \ \ \(f ` {f ` A |f. \Y\A. f Y \ Y}) \ x" + then have X: "\ Z . Z \ A \ \ x . x \ Z \ \ \(f ` {f ` A |f. \Y\A. f Y \ Y}) \ x" using Inf_greatest by blast define F where "F = (\ Z . SOME x . x \ Z \ \ \(f ` {f ` A |f. \Y\A. f Y \ Y}) \ x)" - have C: "\ Y . Y \ A \ F Y \ Y" + have C: "\Y. Y \ A \ F Y \ Y" using X by (simp add: F_def, rule someI2_ex, auto) - have E: "\ Y . Y \ A \ \ \(f ` {f ` A |f. \Y\A. f Y \ Y}) \ F Y" + have E: "\Y. Y \ A \ \ \(f ` {f ` A |f. \Y\A. f Y \ Y}) \ F Y" using X by (simp add: F_def, rule someI2_ex, auto) from C and B obtain Z where D: "Z \ A " and Y: "f (F ` A) = F Z" by blast from E and D have W: "\ \(f ` {f ` A |f. \Y\A. f Y \ Y}) \ F Z" by simp have "\(f ` {f ` A |f. \Y\A. f Y \ Y}) \ f (F ` A)" - apply (rule INF_lower) - using C by blast - from this and W and Y show ?thesis + using C by (blast intro: INF_lower) + with W Y show ?thesis by simp qed qed @@ -985,15 +958,13 @@ lemma dual_complete_distrib_lattice: "class.complete_distrib_lattice Sup Inf sup (\) (>) inf \ \" - apply (rule class.complete_distrib_lattice.intro) - apply (fact dual_complete_lattice) - by (simp add: class.complete_distrib_lattice_axioms_def Sup_Inf) + by (simp add: class.complete_distrib_lattice.intro [OF dual_complete_lattice] + class.complete_distrib_lattice_axioms_def Sup_Inf) lemma sup_Inf: "a \ \B = \((\) a ` B)" proof (rule antisym) show "a \ \B \ \((\) a ` B)" - apply (rule INF_greatest) - using Inf_lower sup.mono by fastforce + using Inf_lower sup.mono by (fastforce intro: INF_greatest) next have "\((\) a ` B) \ \(Sup ` {{f {a}, f B} |f. f {a} = a \ f B \ B})" by (rule INF_greatest, auto simp add: INF_lower) @@ -1034,8 +1005,7 @@ have "(INF x\{uu. \y. uu = {uu. \x. uu = P x y}}. f x) \ f {uu. \x. uu = P x y}" by (rule INF_lower, blast) also have "... \ P (SOME x. f {uu . \x. uu = P x y} = P x y) y" - apply (rule someI2_ex) - using A by auto + by (rule someI2_ex) (use A in auto) finally show "\(f ` {uu. \y. uu = {uu. \x. uu = P x y}}) \ P (SOME x. f {uu. \x. uu = P x y} = P x y) y" by simp @@ -1050,70 +1020,46 @@ qed lemma INF_SUP_set: "(\B\A. \(g ` B)) = (\B\{f ` A |f. \C\A. f C \ C}. \(g ` B))" + (is "_ = (\B\?F. _)") proof (rule antisym) - have "\ ((g \ f) ` A) \ \ (g ` B)" if "\B. B \ A \ f B \ B" and "B \ A" - for f and B + have "\ ((g \ f) ` A) \ \ (g ` B)" if "\B. B \ A \ f B \ B" "B \ A" for f B using that by (auto intro: SUP_upper2 INF_lower2) - then show "(\x\{f ` A |f. \Y\A. f Y \ Y}. \a\x. g a) \ (\x\A. \a\x. g a)" + then show "(\x\?F. \a\x. g a) \ (\x\A. \a\x. g a)" by (auto intro!: SUP_least INF_greatest simp add: image_comp) next - show "(\x\A. \a\x. g a) \ (\x\{f ` A |f. \Y\A. f Y \ Y}. \a\x. g a)" + show "(\x\A. \a\x. g a) \ (\x\?F. \a\x. g a)" proof (cases "{} \ A") case True then show ?thesis by (rule INF_lower2) simp_all next case False - have *: "\f B. B \ A \ f B \ B \ - (\B. if B \ A then if f B \ B then g (f B) else \ else \) \ g (f B)" - by (rule INF_lower2, auto) - have **: "\f B. B \ A \ f B \ B \ - (\B. if B \ A then if f B \ B then g (f B) else \ else \) \ g (SOME x. x \ B)" - by (rule INF_lower2, auto) - have ****: "\f B. B \ A \ - (\B. if B \ A then if f B \ B then g (f B) else \ else \) - \ (if f B \ B then g (f B) else g (SOME x. x \ B))" - by (rule INF_lower2) auto - have ***: "\x. (\B. if B \ A then if x B \ B then g (x B) else \ else \) - \ (\x\{f ` A |f. \Y\A. f Y \ Y}. \x\x. g x)" - proof - - fix x - define F where "F = (\ (y::'b set) . if x y \ y then x y else (SOME x . x \y))" - have B: "(\Y\A. F Y \ Y)" - using False some_in_eq F_def by auto - have A: "F ` A \ {f ` A |f. \Y\A. f Y \ Y}" - using B by blast - show "(\xa. if xa \ A then if x xa \ xa then g (x xa) else \ else \) \ (\x\{f ` A |f. \Y\A. f Y \ Y}. \x\x. g x)" - using A apply (rule SUP_upper2) - apply (rule INF_greatest) - using * ** - apply (auto simp add: F_def) - done - qed - {fix x - have "(\x\A. \x\x. g x) \ (\xa. if x \ A then if xa \ x then g xa else \ else \)" + have "(\x\A. \x\x. g x) \ (\u. if x \ A then if u \ x then g u else \ else \)" proof (cases "x \ A") case True then show ?thesis - apply (rule INF_lower2) - apply (rule SUP_least) - apply (rule SUP_upper2) - apply auto - done - next - case False - then show ?thesis by simp + by (intro INF_lower2 SUP_least SUP_upper2) auto + qed auto + } + then have "(\Y\A. \a\Y. g a) \ (\Y. \y. if Y \ A then if y \ Y then g y else \ else \)" + by (rule INF_greatest) + also have "... = (\x. \Y. if Y \ A then if x Y \ Y then g (x Y) else \ else \)" + by (simp only: INF_SUP) + also have "... \ (\x\?F. \a\x. g a)" + proof (rule SUP_least) + show "(\B. if B \ A then if x B \ B then g (x B) else \ else \) + \ (\x\?F. \x\x. g x)" for x + proof - + define G where "G \ \Y. if x Y \ Y then x Y else (SOME x. x \Y)" + have "\Y\A. G Y \ Y" + using False some_in_eq G_def by auto + then have A: "G ` A \ ?F" + by blast + show "(\Y. if Y \ A then if x Y \ Y then g (x Y) else \ else \) \ (\x\?F. \x\x. g x)" + by (fastforce simp: G_def intro: SUP_upper2 [OF A] INF_greatest INF_lower2) qed - } - from this have "(\x\A. \a\x. g a) \ (\x. \xa. if x \ A then if xa \ x then g xa else \ else \)" - by (rule INF_greatest) - also have "... = (\x. \xa. if xa \ A then if x xa \ xa then g (x xa) else \ else \)" - by (simp only: INF_SUP) - also have "... \ (\x\{f ` A |f. \Y\A. f Y \ Y}. \a\x. g a)" - apply (rule SUP_least) - using *** apply simp - done + qed finally show ?thesis by simp qed qed @@ -1181,22 +1127,15 @@ instance proof (standard, clarsimp) fix A :: "(('a set) set) set" fix x::'a - define F where "F = (\ Y . (SOME X . (Y \ A \ X \ Y \ x \ X)))" - assume A: "\xa\A. \X\xa. x \ X" - - from this have B: " (\xa \ F ` A. x \ xa)" - apply (safe, simp add: F_def) - by (rule someI2_ex, auto) - - have C: "(\Y\A. F Y \ Y)" - apply (simp add: F_def, safe) - apply (rule someI2_ex) - using A by auto - - have "(\f. F ` A = f ` A \ (\Y\A. f Y \ Y))" - using C by blast - - from B and this show "\X. (\f. X = f ` A \ (\Y\A. f Y \ Y)) \ (\xa\X. x \ xa)" + assume A: "\\\A. \X\\. x \ X" + define F where "F \ \Y. SOME X. Y \ A \ X \ Y \ x \ X" + have "(\S \ F ` A. x \ S)" + using A unfolding F_def by (fastforce intro: someI2_ex) + moreover have "\Y\A. F Y \ Y" + using A unfolding F_def by (fastforce intro: someI2_ex) + then have "\f. F ` A = f ` A \ (\Y\A. f Y \ Y)" + by blast + ultimately show "\X. (\f. X = f ` A \ (\Y\A. f Y \ Y)) \ (\S\X. x \ S)" by auto qed end @@ -1212,85 +1151,56 @@ context complete_linorder begin - + subclass complete_distrib_lattice proof (standard, rule ccontr) - fix A - assume "\ \(Sup ` A) \ \(Inf ` {f ` A |f. \Y\A. f Y \ Y})" - then have C: "\(Sup ` A) > \(Inf ` {f ` A |f. \Y\A. f Y \ Y})" + fix A :: "'a set set" + let ?F = "{f ` A |f. \Y\A. f Y \ Y}" + assume "\ \(Sup ` A) \ \(Inf ` ?F)" + then have C: "\(Sup ` A) > \(Inf ` ?F)" by (simp add: not_le) show False - proof (cases "\ z . \(Sup ` A) > z \ z > \(Inf ` {f ` A |f. \Y\A. f Y \ Y})") - case True - from this obtain z where A: "z < \(Sup ` A)" and X: "z > \(Inf ` {f ` A |f. \Y\A. f Y \ Y})" - by blast - - from A have "\ Y . Y \ A \ z < Sup Y" - by (simp add: less_INF_D) - - from this have B: "\ Y . Y \ A \ \ k \Y . z < k" - using local.less_Sup_iff by blast - - define F where "F = (\ Y . SOME k . k \ Y \ z < k)" - - have D: "\ Y . Y \ A \ z < F Y" - using B apply (simp add: F_def) - by (rule someI2_ex, auto) + proof (cases "\ z . \(Sup ` A) > z \ z > \(Inf ` ?F)") + case True + then obtain z where A: "z < \(Sup ` A)" and X: "z > \(Inf ` ?F)" + by blast + then have B: "\Y. Y \ A \ \k \Y . z < k" + using local.less_Sup_iff by(force dest: less_INF_D) + + define G where "G \ \Y. SOME k . k \ Y \ z < k" + have E: "\Y. Y \ A \ G Y \ Y" + using B unfolding G_def by (fastforce intro: someI2_ex) + have "z \ Inf (G ` A)" + proof (rule INF_greatest) + show "\Y. Y \ A \ z \ G Y" + using B unfolding G_def by (fastforce intro: someI2_ex) + qed + also have "... \ \(Inf ` ?F)" + by (rule SUP_upper) (use E in blast) + finally have "z \ \(Inf ` ?F)" + by simp - - have E: "\ Y . Y \ A \ F Y \ Y" - using B apply (simp add: F_def) - by (rule someI2_ex, auto) - - have "z \ Inf (F ` A)" - by (simp add: D local.INF_greatest local.order.strict_implies_order) - - also have "... \ \(Inf ` {f ` A |f. \Y\A. f Y \ Y})" - apply (rule SUP_upper, safe) - using E by blast - finally have "z \ \(Inf ` {f ` A |f. \Y\A. f Y \ Y})" - by simp - - from X and this show ?thesis - using local.not_less by blast - next - case False - from this have A: "\ z . \(Sup ` A) \ z \ z \ \(Inf ` {f ` A |f. \Y\A. f Y \ Y})" - using local.le_less_linear by blast - - from C have "\ Y . Y \ A \ \(Inf ` {f ` A |f. \Y\A. f Y \ Y}) < Sup Y" - by (simp add: less_INF_D) - - from this have B: "\ Y . Y \ A \ \ k \Y . \(Inf ` {f ` A |f. \Y\A. f Y \ Y}) < k" - using local.less_Sup_iff by blast - - define F where "F = (\ Y . SOME k . k \ Y \ \(Inf ` {f ` A |f. \Y\A. f Y \ Y}) < k)" - - have D: "\ Y . Y \ A \ \(Inf ` {f ` A |f. \Y\A. f Y \ Y}) < F Y" - using B apply (simp add: F_def) - by (rule someI2_ex, auto) - - have E: "\ Y . Y \ A \ F Y \ Y" - using B apply (simp add: F_def) - by (rule someI2_ex, auto) - - have "\ Y . Y \ A \ \(Sup ` A) \ F Y" - using D False local.leI by blast - - from this have "\(Sup ` A) \ Inf (F ` A)" - by (simp add: local.INF_greatest) - - also have "Inf (F ` A) \ \(Inf ` {f ` A |f. \Y\A. f Y \ Y})" - apply (rule SUP_upper, safe) - using E by blast - - finally have "\(Sup ` A) \ \(Inf ` {f ` A |f. \Y\A. f Y \ Y})" - by simp - - from C and this show ?thesis - using not_less by blast - qed + with X show ?thesis + using local.not_less by blast + next + case False + have B: "\Y. Y \ A \ \ k \Y . \(Inf ` ?F) < k" + using C local.less_Sup_iff by(force dest: less_INF_D) + define G where "G \ \ Y . SOME k . k \ Y \ \(Inf ` ?F) < k" + have E: "\Y. Y \ A \ G Y \ Y" + using B unfolding G_def by (fastforce intro: someI2_ex) + have "\Y. Y \ A \ \(Sup ` A) \ G Y" + using B False local.leI unfolding G_def by (fastforce intro: someI2_ex) + then have "\(Sup ` A) \ Inf (G ` A)" + by (simp add: local.INF_greatest) + also have "Inf (G ` A) \ \(Inf ` ?F)" + by (rule SUP_upper) (use E in blast) + finally have "\(Sup ` A) \ \(Inf ` ?F)" + by simp + with C show ?thesis + using not_less by blast qed +qed end