# HG changeset patch # User wenzelm # Date 970787096 -7200 # Node ID 6d3987f3aad93801fe56cbec810349023e5c2cc8 # Parent 9d4d5852eb478708f28fbb27444d9a52f95be8ce * HOL/Lattice: fundamental concepts of lattice theory and order structures; diff -r 9d4d5852eb47 -r 6d3987f3aad9 NEWS --- a/NEWS Thu Oct 05 14:04:56 2000 +0200 +++ b/NEWS Fri Oct 06 01:04:56 2000 +0200 @@ -243,10 +243,17 @@ * HOL/Algebra: new theory of rings and univariate polynomials, by Clemens Ballarin; -* HOL/NumberTheory: Fundamental Theorem of Arithmetic, Chinese +* HOL/NumberTheory: fundamental Theorem of Arithmetic, Chinese Remainder Theorem, Fermat/Euler Theorem, Wilson's Theorem, by Thomas M Rasmussen; +* HOL/Lattice: fundamental concepts of lattice theory and order +structures, including duals, properties of bounds versus algebraic +laws, lattice operations versus set-theoretic ones, the Knaster-Tarski +Theorem for complete lattices etc.; may also serve as a demonstration +for abstract algebraic reasoning using axiomatic type classes, and +mathematics-style proof in Isabelle/Isar; by Markus Wenzel; + * HOL/Prolog: a (bare-bones) implementation of Lambda-Prolog, by David von Oheimb; diff -r 9d4d5852eb47 -r 6d3987f3aad9 src/HOL/IsaMakefile --- a/src/HOL/IsaMakefile Thu Oct 05 14:04:56 2000 +0200 +++ b/src/HOL/IsaMakefile Fri Oct 06 01:04:56 2000 +0200 @@ -9,13 +9,38 @@ default: HOL images: HOL HOL-Real TLA -test: HOL-Isar_examples HOL-Induct HOL-Lambda HOL-AxClasses HOL-ex HOL-Subst HOL-IMP \ - HOL-IMPP HOL-NumberTheory HOL-Hoare HOL-Lex HOL-Algebra HOL-Auth \ - HOL-UNITY HOL-Modelcheck HOL-Prolog HOL-W0 HOL-MiniML HOL-BCV \ - HOL-MicroJava HOL-IOA HOL-Real-ex HOL-Real-HahnBanach \ - TLA-Inc TLA-Buffer TLA-Memory - -all: images test +#Note: keep targets sorted! +test: \ + HOL-Algebra \ + HOL-Auth \ + HOL-AxClasses \ + HOL-BCV \ + HOL-Real-HahnBanach \ + HOL-Real-ex \ + HOL-Hoare \ + HOL-IMP \ + HOL-IMPP \ + HOL-IOA \ + HOL-Induct \ + HOL-Isar_examples \ + HOL-Lambda \ + HOL-Lattice \ + HOL-Lex \ + HOL-MicroJava \ + HOL-MiniML \ + HOL-Modelcheck \ + HOL-NumberTheory \ + HOL-Prolog \ + HOL-Subst \ + TLA-Buffer \ + TLA-Inc \ + TLA-Memory \ + HOL-UNITY \ + HOL-W0 \ + HOL-ex + # ^ this is the sort position + +all: test images ## global settings @@ -406,6 +431,16 @@ @$(ISATOOL) usedir $(OUT)/HOL AxClasses +## HOL-Lattice + +HOL-Lattice: HOL $(LOG)/HOL-Lattice.gz + +$(LOG)/HOL-Lattice.gz: $(OUT)/HOL Lattice/Bounds.thy \ + Lattice/CompleteLattice.thy Lattice/Lattice.thy Lattice/Orders.thy \ + Lattice/ROOT.ML Lattice/document/root.tex + @$(ISATOOL) usedir $(OUT)/HOL Lattice + + ## HOL-ex HOL-ex: HOL $(LOG)/HOL-ex.gz @@ -502,6 +537,6 @@ $(LOG)/HOL-W0.gz $(LOG)/HOL-MiniML.gz \ $(LOG)/HOL-BCV.gz $(LOG)/HOL-MicroJava.gz \ $(LOG)/HOL-IOA.gz $(LOG)/HOL-AxClasses \ - $(LOG)/HOL-Real-ex.gz \ + $(LOG)/HOL-Lattice $(LOG)/HOL-Real-ex.gz \ $(LOG)/HOL-Real-HahnBanach.gz $(LOG)/TLA-Inc.gz \ $(LOG)/TLA-Buffer.gz $(LOG)/TLA-Memory.gz diff -r 9d4d5852eb47 -r 6d3987f3aad9 src/HOL/Lattice/Bounds.thy --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/HOL/Lattice/Bounds.thy Fri Oct 06 01:04:56 2000 +0200 @@ -0,0 +1,325 @@ +(* Title: HOL/Lattice/Bounds.thy + ID: $Id$ + Author: Markus Wenzel, TU Muenchen +*) + +header {* Bounds *} + +theory Bounds = Orders: + +subsection {* Infimum and supremum *} + +text {* + Given a partial order, we define infimum (greatest lower bound) and + supremum (least upper bound) wrt.\ @{text \} for two and for any + number of elements. +*} + +constdefs + is_inf :: "'a::partial_order \ 'a \ 'a \ bool" + "is_inf x y inf \ inf \ x \ inf \ y \ (\z. z \ x \ z \ y \ z \ inf)" + + is_sup :: "'a::partial_order \ 'a \ 'a \ bool" + "is_sup x y sup \ x \ sup \ y \ sup \ (\z. x \ z \ y \ z \ sup \ z)" + + is_Inf :: "'a::partial_order set \ 'a \ bool" + "is_Inf A inf \ (\x \ A. inf \ x) \ (\z. (\x \ A. z \ x) \ z \ inf)" + + is_Sup :: "'a::partial_order set \ 'a \ bool" + "is_Sup A sup \ (\x \ A. x \ sup) \ (\z. (\x \ A. x \ z) \ sup \ z)" + +text {* + These definitions entail the following basic properties of boundary + elements. +*} + +lemma is_infI [intro?]: "inf \ x \ inf \ y \ + (\z. z \ x \ z \ y \ z \ inf) \ is_inf x y inf" + by (unfold is_inf_def) blast + +lemma is_inf_greatest [elim?]: + "is_inf x y inf \ z \ x \ z \ y \ z \ inf" + by (unfold is_inf_def) blast + +lemma is_inf_lower [elim?]: + "is_inf x y inf \ (inf \ x \ inf \ y \ C) \ C" + by (unfold is_inf_def) blast + + +lemma is_supI [intro?]: "x \ sup \ y \ sup \ + (\z. x \ z \ y \ z \ sup \ z) \ is_sup x y sup" + by (unfold is_sup_def) blast + +lemma is_sup_least [elim?]: + "is_sup x y sup \ x \ z \ y \ z \ sup \ z" + by (unfold is_sup_def) blast + +lemma is_sup_upper [elim?]: + "is_sup x y sup \ (x \ sup \ y \ sup \ C) \ C" + by (unfold is_sup_def) blast + + +lemma is_InfI [intro?]: "(\x. x \ A \ inf \ x) \ + (\z. (\x \ A. z \ x) \ z \ inf) \ is_Inf A inf" + by (unfold is_Inf_def) blast + +lemma is_Inf_greatest [elim?]: + "is_Inf A inf \ (\x. x \ A \ z \ x) \ z \ inf" + by (unfold is_Inf_def) blast + +lemma is_Inf_lower [dest?]: + "is_Inf A inf \ x \ A \ inf \ x" + by (unfold is_Inf_def) blast + + +lemma is_SupI [intro?]: "(\x. x \ A \ x \ sup) \ + (\z. (\x \ A. x \ z) \ sup \ z) \ is_Sup A sup" + by (unfold is_Sup_def) blast + +lemma is_Sup_least [elim?]: + "is_Sup A sup \ (\x. x \ A \ x \ z) \ sup \ z" + by (unfold is_Sup_def) blast + +lemma is_Sup_upper [dest?]: + "is_Sup A sup \ x \ A \ x \ sup" + by (unfold is_Sup_def) blast + + +subsection {* Duality *} + +text {* + Infimum and supremum are dual to each other. +*} + +theorem dual_inf [iff?]: + "is_inf (dual x) (dual y) (dual sup) = is_sup x y sup" + by (simp add: is_inf_def is_sup_def dual_all [symmetric] dual_leq) + +theorem dual_sup [iff?]: + "is_sup (dual x) (dual y) (dual inf) = is_inf x y inf" + by (simp add: is_inf_def is_sup_def dual_all [symmetric] dual_leq) + +theorem dual_Inf [iff?]: + "is_Inf (dual `` A) (dual sup) = is_Sup A sup" + by (simp add: is_Inf_def is_Sup_def dual_all [symmetric] dual_leq) + +theorem dual_Sup [iff?]: + "is_Sup (dual `` A) (dual inf) = is_Inf A inf" + by (simp add: is_Inf_def is_Sup_def dual_all [symmetric] dual_leq) + + +subsection {* Uniqueness *} + +text {* + Infima and suprema on partial orders are unique; this is mainly due + to anti-symmetry of the underlying relation. +*} + +theorem is_inf_uniq: "is_inf x y inf \ is_inf x y inf' \ inf = inf'" +proof - + assume inf: "is_inf x y inf" + assume inf': "is_inf x y inf'" + show ?thesis + proof (rule leq_antisym) + from inf' show "inf \ inf'" + proof (rule is_inf_greatest) + from inf show "inf \ x" .. + from inf show "inf \ y" .. + qed + from inf show "inf' \ inf" + proof (rule is_inf_greatest) + from inf' show "inf' \ x" .. + from inf' show "inf' \ y" .. + qed + qed +qed + +theorem is_sup_uniq: "is_sup x y sup \ is_sup x y sup' \ sup = sup'" +proof - + assume sup: "is_sup x y sup" and sup': "is_sup x y sup'" + have "dual sup = dual sup'" + proof (rule is_inf_uniq) + from sup show "is_inf (dual x) (dual y) (dual sup)" .. + from sup' show "is_inf (dual x) (dual y) (dual sup')" .. + qed + thus "sup = sup'" .. +qed + +theorem is_Inf_uniq: "is_Inf A inf \ is_Inf A inf' \ inf = inf'" +proof - + assume inf: "is_Inf A inf" + assume inf': "is_Inf A inf'" + show ?thesis + proof (rule leq_antisym) + from inf' show "inf \ inf'" + proof (rule is_Inf_greatest) + fix x assume "x \ A" + from inf show "inf \ x" .. + qed + from inf show "inf' \ inf" + proof (rule is_Inf_greatest) + fix x assume "x \ A" + from inf' show "inf' \ x" .. + qed + qed +qed + +theorem is_Sup_uniq: "is_Sup A sup \ is_Sup A sup' \ sup = sup'" +proof - + assume sup: "is_Sup A sup" and sup': "is_Sup A sup'" + have "dual sup = dual sup'" + proof (rule is_Inf_uniq) + from sup show "is_Inf (dual `` A) (dual sup)" .. + from sup' show "is_Inf (dual `` A) (dual sup')" .. + qed + thus "sup = sup'" .. +qed + + +subsection {* Related elements *} + +text {* + The binary bound of related elements is either one of the argument. +*} + +theorem is_inf_related [elim?]: "x \ y \ is_inf x y x" +proof - + assume "x \ y" + show ?thesis + proof + show "x \ x" .. + show "x \ y" . + fix z assume "z \ x" and "z \ y" show "z \ x" . + qed +qed + +theorem is_sup_related [elim?]: "x \ y \ is_sup x y y" +proof - + assume "x \ y" + show ?thesis + proof + show "x \ y" . + show "y \ y" .. + fix z assume "x \ z" and "y \ z" + show "y \ z" . + qed +qed + + +subsection {* General versus binary bounds \label{sec:gen-bin-bounds} *} + +text {* + General bounds of two-element sets coincide with binary bounds. +*} + +theorem is_Inf_binary: "is_Inf {x, y} inf = is_inf x y inf" +proof - + let ?A = "{x, y}" + show ?thesis + proof + assume is_Inf: "is_Inf ?A inf" + show "is_inf x y inf" + proof + have "x \ ?A" by simp + with is_Inf show "inf \ x" .. + have "y \ ?A" by simp + with is_Inf show "inf \ y" .. + fix z assume zx: "z \ x" and zy: "z \ y" + from is_Inf show "z \ inf" + proof (rule is_Inf_greatest) + fix a assume "a \ ?A" + hence "a = x \ a = y" by blast + thus "z \ a" + proof + assume "a = x" + with zx show ?thesis by simp + next + assume "a = y" + with zy show ?thesis by simp + qed + qed + qed + next + assume is_inf: "is_inf x y inf" + show "is_Inf {x, y} inf" + proof + fix a assume "a \ ?A" + hence "a = x \ a = y" by blast + thus "inf \ a" + proof + assume "a = x" + also from is_inf have "inf \ x" .. + finally show ?thesis . + next + assume "a = y" + also from is_inf have "inf \ y" .. + finally show ?thesis . + qed + next + fix z assume z: "\a \ ?A. z \ a" + from is_inf show "z \ inf" + proof (rule is_inf_greatest) + from z show "z \ x" by blast + from z show "z \ y" by blast + qed + qed + qed +qed + +theorem is_Sup_binary: "is_Sup {x, y} sup = is_sup x y sup" +proof - + have "is_Sup {x, y} sup = is_Inf (dual `` {x, y}) (dual sup)" + by (simp only: dual_Inf) + also have "dual `` {x, y} = {dual x, dual y}" + by simp + also have "is_Inf \ (dual sup) = is_inf (dual x) (dual y) (dual sup)" + by (rule is_Inf_binary) + also have "\ = is_sup x y sup" + by (simp only: dual_inf) + finally show ?thesis . +qed + + +subsection {* Connecting general bounds \label{sec:connect-bounds} *} + +text {* + Either kind of general bounds is sufficient to express the other. + The least upper bound (supremum) is the same as the the greatest + lower bound of the set of all upper bounds; the dual statements + holds as well; the dual statement holds as well. +*} + +theorem Inf_Sup: "is_Inf {b. \a \ A. a \ b} sup \ is_Sup A sup" +proof - + let ?B = "{b. \a \ A. a \ b}" + assume is_Inf: "is_Inf ?B sup" + show "is_Sup A sup" + proof + fix x assume x: "x \ A" + from is_Inf show "x \ sup" + proof (rule is_Inf_greatest) + fix y assume "y \ ?B" + hence "\a \ A. a \ y" .. + from this x show "x \ y" .. + qed + next + fix z assume "\x \ A. x \ z" + hence "z \ ?B" .. + with is_Inf show "sup \ z" .. + qed +qed + +theorem Sup_Inf: "is_Sup {b. \a \ A. b \ a} inf \ is_Inf A inf" +proof - + assume "is_Sup {b. \a \ A. b \ a} inf" + hence "is_Inf (dual `` {b. \a \ A. dual a \ dual b}) (dual inf)" + by (simp only: dual_Inf dual_leq) + also have "dual `` {b. \a \ A. dual a \ dual b} = {b'. \a' \ dual `` A. a' \ b'}" + by (auto iff: dual_ball dual_Collect) (* FIXME !? *) + finally have "is_Inf \ (dual inf)" . + hence "is_Sup (dual `` A) (dual inf)" + by (rule Inf_Sup) + thus ?thesis .. +qed + +end diff -r 9d4d5852eb47 -r 6d3987f3aad9 src/HOL/Lattice/CompleteLattice.thy --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/HOL/Lattice/CompleteLattice.thy Fri Oct 06 01:04:56 2000 +0200 @@ -0,0 +1,409 @@ +(* Title: HOL/Lattice/CompleteLattice.thy + ID: $Id$ + Author: Markus Wenzel, TU Muenchen +*) + +header {* Complete lattices *} + +theory CompleteLattice = Lattice: + +subsection {* Complete lattice operations *} + +text {* + A \emph{complete lattice} is a partial order with general + (infinitary) infimum of any set of elements. General supremum + exists as well, as a consequence of the connection of infinitary + bounds (see \S\ref{sec:connect-bounds}). +*} + +axclass complete_lattice < partial_order + ex_Inf: "\inf. is_Inf A inf" + +theorem ex_Sup: "\sup::'a::complete_lattice. is_Sup A sup" +proof - + from ex_Inf obtain sup where "is_Inf {b. \a\A. a \ b} sup" by blast + hence "is_Sup A sup" by (rule Inf_Sup) + thus ?thesis .. +qed + +text {* + The general @{text \} (meet) and @{text \} (join) operations select + such infimum and supremum elements. +*} + +consts + Meet :: "'a::complete_lattice set \ 'a" + Join :: "'a::complete_lattice set \ 'a" +syntax (symbols) + Meet :: "'a::complete_lattice set \ 'a" ("\_" [90] 90) + Join :: "'a::complete_lattice set \ 'a" ("\_" [90] 90) +defs + Meet_def: "\A \ SOME inf. is_Inf A inf" + Join_def: "\A \ SOME sup. is_Sup A sup" + +text {* + Due to unique existence of bounds, the complete lattice operations + may be exhibited as follows. +*} + +lemma Meet_equality [elim?]: "is_Inf A inf \ \A = inf" +proof (unfold Meet_def) + assume "is_Inf A inf" + thus "(SOME inf. is_Inf A inf) = inf" + by (rule some_equality) (rule is_Inf_uniq) +qed + +lemma MeetI [intro?]: + "(\a. a \ A \ inf \ a) \ + (\b. \a \ A. b \ a \ b \ inf) \ + \A = inf" + by (rule Meet_equality, rule is_InfI) blast+ + +lemma Join_equality [elim?]: "is_Sup A sup \ \A = sup" +proof (unfold Join_def) + assume "is_Sup A sup" + thus "(SOME sup. is_Sup A sup) = sup" + by (rule some_equality) (rule is_Sup_uniq) +qed + +lemma JoinI [intro?]: + "(\a. a \ A \ a \ sup) \ + (\b. \a \ A. a \ b \ sup \ b) \ + \A = sup" + by (rule Join_equality, rule is_SupI) blast+ + + +text {* + \medskip The @{text \} and @{text \} operations indeed determine + bounds on a complete lattice structure. +*} + +lemma is_Inf_Meet [intro?]: "is_Inf A (\A)" +proof (unfold Meet_def) + from ex_Inf show "is_Inf A (SOME inf. is_Inf A inf)" + by (rule ex_someI) +qed + +lemma Meet_greatest [intro?]: "(\a. a \ A \ x \ a) \ x \ \A" + by (rule is_Inf_greatest, rule is_Inf_Meet) blast + +lemma Meet_lower [intro?]: "a \ A \ \A \ a" + by (rule is_Inf_lower) (rule is_Inf_Meet) + + +lemma is_Sup_Join [intro?]: "is_Sup A (\A)" +proof (unfold Join_def) + from ex_Sup show "is_Sup A (SOME sup. is_Sup A sup)" + by (rule ex_someI) +qed + +lemma Join_least [intro?]: "(\a. a \ A \ a \ x) \ \A \ x" + by (rule is_Sup_least, rule is_Sup_Join) blast +lemma Join_lower [intro?]: "a \ A \ a \ \A" + by (rule is_Sup_upper) (rule is_Sup_Join) + + +subsection {* The Knaster-Tarski Theorem *} + +text {* + The Knaster-Tarski Theorem (in its simplest formulation) states that + any monotone function on a complete lattice has a least fixed-point + (see \cite[pages 93--94]{Davey-Priestley:1990} for example). This + is a consequence of the basic boundary properties of the complete + lattice operations. +*} + +theorem Knaster_Tarski: + "(\x y. x \ y \ f x \ f y) \ \a::'a::complete_lattice. f a = a" +proof + assume mono: "\x y. x \ y \ f x \ f y" + let ?H = "{u. f u \ u}" let ?a = "\?H" + have ge: "f ?a \ ?a" + proof + fix x assume x: "x \ ?H" + hence "?a \ x" .. + hence "f ?a \ f x" by (rule mono) + also from x have "... \ x" .. + finally show "f ?a \ x" . + qed + also have "?a \ f ?a" + proof + from ge have "f (f ?a) \ f ?a" by (rule mono) + thus "f ?a : ?H" .. + qed + finally show "f ?a = ?a" . +qed + + +subsection {* Bottom and top elements *} + +text {* + With general bounds available, complete lattices also have least and + greatest elements. +*} + +constdefs + bottom :: "'a::complete_lattice" ("\") + "\ \ \UNIV" + top :: "'a::complete_lattice" ("\") + "\ \ \UNIV" + +lemma bottom_least [intro?]: "\ \ x" +proof (unfold bottom_def) + have "x \ UNIV" .. + thus "\UNIV \ x" .. +qed + +lemma bottomI [intro?]: "(\a. x \ a) \ \ = x" +proof (unfold bottom_def) + assume "\a. x \ a" + show "\UNIV = x" + proof + fix a show "x \ a" . + next + fix b :: "'a::complete_lattice" + assume b: "\a \ UNIV. b \ a" + have "x \ UNIV" .. + with b show "b \ x" .. + qed +qed + +lemma top_greatest [intro?]: "x \ \" +proof (unfold top_def) + have "x \ UNIV" .. + thus "x \ \UNIV" .. +qed + +lemma topI [intro?]: "(\a. a \ x) \ \ = x" +proof (unfold top_def) + assume "\a. a \ x" + show "\UNIV = x" + proof + fix a show "a \ x" . + next + fix b :: "'a::complete_lattice" + assume b: "\a \ UNIV. a \ b" + have "x \ UNIV" .. + with b show "x \ b" .. + qed +qed + + +subsection {* Duality *} + +text {* + The class of complete lattices is closed under formation of dual + structures. +*} + +instance dual :: (complete_lattice) complete_lattice +proof intro_classes + fix A' :: "'a::complete_lattice dual set" + show "\inf'. is_Inf A' inf'" + proof - + have "\sup. is_Sup (undual `` A') sup" by (rule ex_Sup) + hence "\sup. is_Inf (dual `` undual `` A') (dual sup)" by (simp only: dual_Inf) + thus ?thesis by (simp add: dual_ex [symmetric] image_compose [symmetric]) + qed +qed + +text {* + Apparently, the @{text \} and @{text \} operations are dual to each + other. +*} + +theorem dual_Meet [intro?]: "dual (\A) = \(dual `` A)" +proof - + from is_Inf_Meet have "is_Sup (dual `` A) (dual (\A))" .. + hence "\(dual `` A) = dual (\A)" .. + thus ?thesis .. +qed + +theorem dual_Join [intro?]: "dual (\A) = \(dual `` A)" +proof - + from is_Sup_Join have "is_Inf (dual `` A) (dual (\A))" .. + hence "\(dual `` A) = dual (\A)" .. + thus ?thesis .. +qed + +text {* + Likewise are @{text \} and @{text \} duals of each other. +*} + +theorem dual_bottom [intro?]: "dual \ = \" +proof - + have "\ = dual \" + proof + fix a' have "\ \ undual a'" .. + hence "dual (undual a') \ dual \" .. + thus "a' \ dual \" by simp + qed + thus ?thesis .. +qed + +theorem dual_top [intro?]: "dual \ = \" +proof - + have "\ = dual \" + proof + fix a' have "undual a' \ \" .. + hence "dual \ \ dual (undual a')" .. + thus "dual \ \ a'" by simp + qed + thus ?thesis .. +qed + + +subsection {* Complete lattices are lattices *} + +text {* + Complete lattices (with general bounds) available are indeed plain + lattices as well. This holds due to the connection of general + versus binary bounds that has been formally established in + \S\ref{sec:gen-bin-bounds}. +*} + +lemma is_inf_binary: "is_inf x y (\{x, y})" +proof - + have "is_Inf {x, y} (\{x, y})" .. + thus ?thesis by (simp only: is_Inf_binary) +qed + +lemma is_sup_binary: "is_sup x y (\{x, y})" +proof - + have "is_Sup {x, y} (\{x, y})" .. + thus ?thesis by (simp only: is_Sup_binary) +qed + +instance complete_lattice < lattice +proof intro_classes + fix x y :: "'a::complete_lattice" + from is_inf_binary show "\inf. is_inf x y inf" .. + from is_sup_binary show "\sup. is_sup x y sup" .. +qed + +theorem meet_binary: "x \ y = \{x, y}" + by (rule meet_equality) (rule is_inf_binary) + +theorem join_binary: "x \ y = \{x, y}" + by (rule join_equality) (rule is_sup_binary) + + +subsection {* Complete lattices and set-theory operations *} + +text {* + The complete lattice operations are (anti) monotone wrt.\ set + inclusion. +*} + +theorem Meet_subset_antimono: "A \ B \ \B \ \A" +proof (rule Meet_greatest) + fix a assume "a \ A" + also assume "A \ B" + finally have "a \ B" . + thus "\B \ a" .. +qed + +theorem Join_subset_mono: "A \ B \ \A \ \B" +proof - + assume "A \ B" + hence "dual `` A \ dual `` B" by blast + hence "\(dual `` B) \ \(dual `` A)" by (rule Meet_subset_antimono) + hence "dual (\B) \ dual (\A)" by (simp only: dual_Join) + thus ?thesis by (simp only: dual_leq) +qed + +text {* + Bounds over unions of sets may be obtained separately. +*} + +theorem Meet_Un: "\(A \ B) = \A \ \B" +proof + fix a assume "a \ A \ B" + thus "\A \ \B \ a" + proof + assume a: "a \ A" + have "\A \ \B \ \A" .. + also from a have "\ \ a" .. + finally show ?thesis . + next + assume a: "a \ B" + have "\A \ \B \ \B" .. + also from a have "\ \ a" .. + finally show ?thesis . + qed +next + fix b assume b: "\a \ A \ B. b \ a" + show "b \ \A \ \B" + proof + show "b \ \A" + proof + fix a assume "a \ A" + hence "a \ A \ B" .. + with b show "b \ a" .. + qed + show "b \ \B" + proof + fix a assume "a \ B" + hence "a \ A \ B" .. + with b show "b \ a" .. + qed + qed +qed + +theorem Join_Un: "\(A \ B) = \A \ \B" +proof - + have "dual (\(A \ B)) = \(dual `` A \ dual `` B)" + by (simp only: dual_Join image_Un) + also have "\ = \(dual `` A) \ \(dual `` B)" + by (rule Meet_Un) + also have "\ = dual (\A \ \B)" + by (simp only: dual_join dual_Join) + finally show ?thesis .. +qed + +text {* + Bounds over singleton sets are trivial. +*} + +theorem Meet_singleton: "\{x} = x" +proof + fix a assume "a \ {x}" + hence "a = x" by simp + thus "x \ a" by (simp only: leq_refl) +next + fix b assume "\a \ {x}. b \ a" + thus "b \ x" by simp +qed + +theorem Join_singleton: "\{x} = x" +proof - + have "dual (\{x}) = \{dual x}" by (simp add: dual_Join) + also have "\ = dual x" by (rule Meet_singleton) + finally show ?thesis .. +qed + +text {* + Bounds over the empty and universal set correspond to each other. +*} + +theorem Meet_empty: "\{} = \UNIV" +proof + fix a :: "'a::complete_lattice" + assume "a \ {}" + hence False by simp + thus "\UNIV \ a" .. +next + fix b :: "'a::complete_lattice" + have "b \ UNIV" .. + thus "b \ \UNIV" .. +qed + +theorem Join_empty: "\{} = \UNIV" +proof - + have "dual (\{}) = \{}" by (simp add: dual_Join) + also have "\ = \UNIV" by (rule Meet_empty) + also have "\ = dual (\UNIV)" by (simp add: dual_Meet) + finally show ?thesis .. +qed + +end diff -r 9d4d5852eb47 -r 6d3987f3aad9 src/HOL/Lattice/Lattice.thy --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/HOL/Lattice/Lattice.thy Fri Oct 06 01:04:56 2000 +0200 @@ -0,0 +1,609 @@ +(* Title: HOL/Lattice/Lattice.thy + ID: $Id$ + Author: Markus Wenzel, TU Muenchen +*) + +header {* Lattices *} + +theory Lattice = Bounds: + +subsection {* Lattice operations *} + +text {* + A \emph{lattice} is a partial order with infimum and supremum of any + two elements (thus any \emph{finite} number of elements have bounds + as well). +*} + +axclass lattice < partial_order + ex_inf: "\inf. is_inf x y inf" + ex_sup: "\sup. is_sup x y sup" + +text {* + The @{text \} (meet) and @{text \} (join) operations select such + infimum and supremum elements. +*} + +consts + meet :: "'a::lattice \ 'a \ 'a" (infixl "&&" 70) + join :: "'a::lattice \ 'a \ 'a" (infixl "||" 65) +syntax (symbols) + meet :: "'a::lattice \ 'a \ 'a" (infixl "\" 70) + join :: "'a::lattice \ 'a \ 'a" (infixl "\" 65) +defs + meet_def: "x && y \ SOME inf. is_inf x y inf" + join_def: "x || y \ SOME sup. is_sup x y sup" + +text {* + Due to unique existence of bounds, the lattice operations may be + exhibited as follows. +*} + +lemma meet_equality [elim?]: "is_inf x y inf \ x \ y = inf" +proof (unfold meet_def) + assume "is_inf x y inf" + thus "(SOME inf. is_inf x y inf) = inf" + by (rule some_equality) (rule is_inf_uniq) +qed + +lemma meetI [intro?]: + "inf \ x \ inf \ y \ (\z. z \ x \ z \ y \ z \ inf) \ x \ y = inf" + by (rule meet_equality, rule is_infI) blast+ + +lemma join_equality [elim?]: "is_sup x y sup \ x \ y = sup" +proof (unfold join_def) + assume "is_sup x y sup" + thus "(SOME sup. is_sup x y sup) = sup" + by (rule some_equality) (rule is_sup_uniq) +qed + +lemma joinI [intro?]: "x \ sup \ y \ sup \ + (\z. x \ z \ y \ z \ sup \ z) \ x \ y = sup" + by (rule join_equality, rule is_supI) blast+ + + +text {* + \medskip The @{text \} and @{text \} operations indeed determine + bounds on a lattice structure. +*} + +lemma is_inf_meet [intro?]: "is_inf x y (x \ y)" +proof (unfold meet_def) + from ex_inf show "is_inf x y (SOME inf. is_inf x y inf)" + by (rule ex_someI) +qed + +lemma meet_greatest [intro?]: "z \ x \ z \ y \ z \ x \ y" + by (rule is_inf_greatest) (rule is_inf_meet) + +lemma meet_lower1 [intro?]: "x \ y \ x" + by (rule is_inf_lower) (rule is_inf_meet) + +lemma meet_lower2 [intro?]: "x \ y \ y" + by (rule is_inf_lower) (rule is_inf_meet) + + +lemma is_sup_join [intro?]: "is_sup x y (x \ y)" +proof (unfold join_def) + from ex_sup show "is_sup x y (SOME sup. is_sup x y sup)" + by (rule ex_someI) +qed + +lemma join_least [intro?]: "x \ z \ y \ z \ x \ y \ z" + by (rule is_sup_least) (rule is_sup_join) + +lemma join_upper1 [intro?]: "x \ x \ y" + by (rule is_sup_upper) (rule is_sup_join) + +lemma join_upper2 [intro?]: "y \ x \ y" + by (rule is_sup_upper) (rule is_sup_join) + + +subsection {* Duality *} + +text {* + The class of lattices is closed under formation of dual structures. + This means that for any theorem of lattice theory, the dualized + statement holds as well; this important fact simplifies many proofs + of lattice theory. +*} + +instance dual :: (lattice) lattice +proof intro_classes + fix x' y' :: "'a::lattice dual" + show "\inf'. is_inf x' y' inf'" + proof - + have "\sup. is_sup (undual x') (undual y') sup" by (rule ex_sup) + hence "\sup. is_inf (dual (undual x')) (dual (undual y')) (dual sup)" + by (simp only: dual_inf) + thus ?thesis by (simp add: dual_ex [symmetric]) + qed + show "\sup'. is_sup x' y' sup'" + proof - + have "\inf. is_inf (undual x') (undual y') inf" by (rule ex_inf) + hence "\inf. is_sup (dual (undual x')) (dual (undual y')) (dual inf)" + by (simp only: dual_sup) + thus ?thesis by (simp add: dual_ex [symmetric]) + qed +qed + +text {* + Apparently, the @{text \} and @{text \} operations are dual to each + other. +*} + +theorem dual_meet [intro?]: "dual (x \ y) = dual x \ dual y" +proof - + from is_inf_meet have "is_sup (dual x) (dual y) (dual (x \ y))" .. + hence "dual x \ dual y = dual (x \ y)" .. + thus ?thesis .. +qed + +theorem dual_join [intro?]: "dual (x \ y) = dual x \ dual y" +proof - + from is_sup_join have "is_inf (dual x) (dual y) (dual (x \ y))" .. + hence "dual x \ dual y = dual (x \ y)" .. + thus ?thesis .. +qed + + +subsection {* Algebraic properties \label{sec:lattice-algebra} *} + +text {* + The @{text \} and @{text \} operations have to following + characteristic algebraic properties: associative (A), commutative + (C), and absorptive (AB). +*} + +theorem meet_assoc: "(x \ y) \ z = x \ (y \ z)" +proof + show "x \ (y \ z) \ x \ y" + proof + show "x \ (y \ z) \ x" .. + show "x \ (y \ z) \ y" + proof - + have "x \ (y \ z) \ y \ z" .. + also have "\ \ y" .. + finally show ?thesis . + qed + qed + show "x \ (y \ z) \ z" + proof - + have "x \ (y \ z) \ y \ z" .. + also have "\ \ z" .. + finally show ?thesis . + qed + fix w assume "w \ x \ y" and "w \ z" + show "w \ x \ (y \ z)" + proof + show "w \ x" + proof - + have "w \ x \ y" . + also have "\ \ x" .. + finally show ?thesis . + qed + show "w \ y \ z" + proof + show "w \ y" + proof - + have "w \ x \ y" . + also have "\ \ y" .. + finally show ?thesis . + qed + show "w \ z" . + qed + qed +qed + +theorem join_assoc: "(x \ y) \ z = x \ (y \ z)" +proof - + have "dual ((x \ y) \ z) = (dual x \ dual y) \ dual z" + by (simp only: dual_join) + also have "\ = dual x \ (dual y \ dual z)" + by (rule meet_assoc) + also have "\ = dual (x \ (y \ z))" + by (simp only: dual_join) + finally show ?thesis .. +qed + +theorem meet_commute: "x \ y = y \ x" +proof + show "y \ x \ x" .. + show "y \ x \ y" .. + fix z assume "z \ x" and "z \ y" + show "z \ y \ x" .. +qed + +theorem join_commute: "x \ y = y \ x" +proof - + have "dual (x \ y) = dual x \ dual y" .. + also have "\ = dual y \ dual x" + by (rule meet_commute) + also have "\ = dual (y \ x)" + by (simp only: dual_join) + finally show ?thesis .. +qed + +theorem meet_join_absorb: "x \ (x \ y) = x" +proof + show "x \ x" .. + show "x \ x \ y" .. + fix z assume "z \ x" and "z \ x \ y" + show "z \ x" . +qed + +theorem join_meet_absorb: "x \ (x \ y) = x" +proof - + have "dual x \ (dual x \ dual y) = dual x" + by (rule meet_join_absorb) + hence "dual (x \ (x \ y)) = dual x" + by (simp only: dual_meet dual_join) + thus ?thesis .. +qed + +text {* + \medskip Some further algebraic properties hold as well. The + property idempotent (I) is a basic algebraic consequence of (AB). +*} + +theorem meet_idem: "x \ x = x" +proof - + have "x \ (x \ (x \ x)) = x" by (rule meet_join_absorb) + also have "x \ (x \ x) = x" by (rule join_meet_absorb) + finally show ?thesis . +qed + +theorem join_idem: "x \ x = x" +proof - + have "dual x \ dual x = dual x" + by (rule meet_idem) + hence "dual (x \ x) = dual x" + by (simp only: dual_join) + thus ?thesis .. +qed + +text {* + Meet and join are trivial for related elements. +*} + +theorem meet_related [elim?]: "x \ y \ x \ y = x" +proof + assume "x \ y" + show "x \ x" .. + show "x \ y" . + fix z assume "z \ x" and "z \ y" show "z \ x" . +qed + +theorem join_related [elim?]: "x \ y \ x \ y = y" +proof - + assume "x \ y" hence "dual y \ dual x" .. + hence "dual y \ dual x = dual y" by (rule meet_related) + also have "dual y \ dual x = dual (y \ x)" by (simp only: dual_join) + also have "y \ x = x \ y" by (rule join_commute) + finally show ?thesis .. +qed + + +subsection {* Order versus algebraic structure *} + +text {* + The @{text \} and @{text \} operations are connected with the + underlying @{text \} relation in a canonical manner. +*} + +theorem meet_connection: "(x \ y) = (x \ y = x)" +proof + assume "x \ y" + hence "is_inf x y x" .. + thus "x \ y = x" .. +next + have "x \ y \ y" .. + also assume "x \ y = x" + finally show "x \ y" . +qed + +theorem join_connection: "(x \ y) = (x \ y = y)" +proof + assume "x \ y" + hence "is_sup x y y" .. + thus "x \ y = y" .. +next + have "x \ x \ y" .. + also assume "x \ y = y" + finally show "x \ y" . +qed + +text {* + \medskip The most fundamental result of the meta-theory of lattices + is as follows (we do not prove it here). + + Given a structure with binary operations @{text \} and @{text \} + such that (A), (C), and (AB) hold (cf.\ + \S\ref{sec:lattice-algebra}). This structure represents a lattice, + if the relation @{term "x \ y"} is defined as @{term "x \ y = x"} + (alternatively as @{term "x \ y = y"}). Furthermore, infimum and + supremum with respect to this ordering coincide with the original + @{text \} and @{text \} operations. +*} + + +subsection {* Example instances *} + +subsubsection {* Linear orders *} + +text {* + Linear orders with @{term minimum} and @{term minimum} operations + are a (degenerate) example of lattice structures. +*} + +constdefs + minimum :: "'a::linear_order \ 'a \ 'a" + "minimum x y \ (if x \ y then x else y)" + maximum :: "'a::linear_order \ 'a \ 'a" + "maximum x y \ (if x \ y then y else x)" + +lemma is_inf_minimum: "is_inf x y (minimum x y)" +proof + let ?min = "minimum x y" + from leq_linear show "?min \ x" by (auto simp add: minimum_def) + from leq_linear show "?min \ y" by (auto simp add: minimum_def) + fix z assume "z \ x" and "z \ y" + with leq_linear show "z \ ?min" by (auto simp add: minimum_def) +qed + +lemma is_sup_maximum: "is_sup x y (maximum x y)" (* FIXME dualize!? *) +proof + let ?max = "maximum x y" + from leq_linear show "x \ ?max" by (auto simp add: maximum_def) + from leq_linear show "y \ ?max" by (auto simp add: maximum_def) + fix z assume "x \ z" and "y \ z" + with leq_linear show "?max \ z" by (auto simp add: maximum_def) +qed + +instance linear_order < lattice +proof intro_classes + fix x y :: "'a::linear_order" + from is_inf_minimum show "\inf. is_inf x y inf" .. + from is_sup_maximum show "\sup. is_sup x y sup" .. +qed + +text {* + The lattice operations on linear orders indeed coincide with @{term + minimum} and @{term maximum}. +*} + +theorem meet_mimimum: "x \ y = minimum x y" + by (rule meet_equality) (rule is_inf_minimum) + +theorem meet_maximum: "x \ y = maximum x y" + by (rule join_equality) (rule is_sup_maximum) + + + +subsubsection {* Binary products *} + +text {* + The class of lattices is closed under direct binary products (cf.\ + also \S\ref{sec:prod-order}). +*} + +lemma is_inf_prod: "is_inf p q (fst p \ fst q, snd p \ snd q)" +proof + show "(fst p \ fst q, snd p \ snd q) \ p" + proof - + have "fst p \ fst q \ fst p" .. + moreover have "snd p \ snd q \ snd p" .. + ultimately show ?thesis by (simp add: leq_prod_def) + qed + show "(fst p \ fst q, snd p \ snd q) \ q" + proof - + have "fst p \ fst q \ fst q" .. + moreover have "snd p \ snd q \ snd q" .. + ultimately show ?thesis by (simp add: leq_prod_def) + qed + fix r assume rp: "r \ p" and rq: "r \ q" + show "r \ (fst p \ fst q, snd p \ snd q)" + proof - + have "fst r \ fst p \ fst q" + proof + from rp show "fst r \ fst p" by (simp add: leq_prod_def) + from rq show "fst r \ fst q" by (simp add: leq_prod_def) + qed + moreover have "snd r \ snd p \ snd q" + proof + from rp show "snd r \ snd p" by (simp add: leq_prod_def) + from rq show "snd r \ snd q" by (simp add: leq_prod_def) + qed + ultimately show ?thesis by (simp add: leq_prod_def) + qed +qed + +lemma is_sup_prod: "is_sup p q (fst p \ fst q, snd p \ snd q)" (* FIXME dualize!? *) +proof + show "p \ (fst p \ fst q, snd p \ snd q)" + proof - + have "fst p \ fst p \ fst q" .. + moreover have "snd p \ snd p \ snd q" .. + ultimately show ?thesis by (simp add: leq_prod_def) + qed + show "q \ (fst p \ fst q, snd p \ snd q)" + proof - + have "fst q \ fst p \ fst q" .. + moreover have "snd q \ snd p \ snd q" .. + ultimately show ?thesis by (simp add: leq_prod_def) + qed + fix r assume "pr": "p \ r" and qr: "q \ r" + show "(fst p \ fst q, snd p \ snd q) \ r" + proof - + have "fst p \ fst q \ fst r" + proof + from "pr" show "fst p \ fst r" by (simp add: leq_prod_def) + from qr show "fst q \ fst r" by (simp add: leq_prod_def) + qed + moreover have "snd p \ snd q \ snd r" + proof + from "pr" show "snd p \ snd r" by (simp add: leq_prod_def) + from qr show "snd q \ snd r" by (simp add: leq_prod_def) + qed + ultimately show ?thesis by (simp add: leq_prod_def) + qed +qed + +instance * :: (lattice, lattice) lattice +proof intro_classes + fix p q :: "'a::lattice \ 'b::lattice" + from is_inf_prod show "\inf. is_inf p q inf" .. + from is_sup_prod show "\sup. is_sup p q sup" .. +qed + +text {* + The lattice operations on a binary product structure indeed coincide + with the products of the original ones. +*} + +theorem meet_prod: "p \ q = (fst p \ fst q, snd p \ snd q)" + by (rule meet_equality) (rule is_inf_prod) + +theorem join_prod: "p \ q = (fst p \ fst q, snd p \ snd q)" + by (rule join_equality) (rule is_sup_prod) + + +subsubsection {* General products *} + +text {* + The class of lattices is closed under general products (function + spaces) as well (cf.\ also \S\ref{sec:fun-order}). +*} + +lemma is_inf_fun: "is_inf f g (\x. f x \ g x)" +proof + show "(\x. f x \ g x) \ f" + proof + fix x show "f x \ g x \ f x" .. + qed + show "(\x. f x \ g x) \ g" + proof + fix x show "f x \ g x \ g x" .. + qed + fix h assume hf: "h \ f" and hg: "h \ g" + show "h \ (\x. f x \ g x)" + proof + fix x + show "h x \ f x \ g x" + proof + from hf show "h x \ f x" .. + from hg show "h x \ g x" .. + qed + qed +qed + +lemma is_sup_fun: "is_sup f g (\x. f x \ g x)" (* FIXME dualize!? *) +proof + show "f \ (\x. f x \ g x)" + proof + fix x show "f x \ f x \ g x" .. + qed + show "g \ (\x. f x \ g x)" + proof + fix x show "g x \ f x \ g x" .. + qed + fix h assume fh: "f \ h" and gh: "g \ h" + show "(\x. f x \ g x) \ h" + proof + fix x + show "f x \ g x \ h x" + proof + from fh show "f x \ h x" .. + from gh show "g x \ h x" .. + qed + qed +qed + +instance fun :: ("term", lattice) lattice +proof intro_classes + fix f g :: "'a \ 'b::lattice" + show "\inf. is_inf f g inf" by rule (rule is_inf_fun) (* FIXME @{text "from \ show \ .."} does not work!? unification incompleteness!? *) + show "\sup. is_sup f g sup" by rule (rule is_sup_fun) +qed + +text {* + The lattice operations on a general product structure (function + space) indeed emerge by point-wise lifting of the original ones. +*} + +theorem meet_fun: "f \ g = (\x. f x \ g x)" + by (rule meet_equality) (rule is_inf_fun) + +theorem join_fun: "f \ g = (\x. f x \ g x)" + by (rule join_equality) (rule is_sup_fun) + + +subsection {* Monotonicity and semi-morphisms *} + +text {* + The lattice operations are monotone in both argument positions. In + fact, monotonicity of the second position is trivial due to + commutativity. +*} + +theorem meet_mono: "x \ z \ y \ w \ x \ y \ z \ w" +proof - + { + fix a b c :: "'a::lattice" + assume "a \ c" have "a \ b \ c \ b" + proof + have "a \ b \ a" .. + also have "\ \ c" . + finally show "a \ b \ c" . + show "a \ b \ b" .. + qed + } note this [elim?] + assume "x \ z" hence "x \ y \ z \ y" .. + also have "\ = y \ z" by (rule meet_commute) + also assume "y \ w" hence "y \ z \ w \ z" .. + also have "\ = z \ w" by (rule meet_commute) + finally show ?thesis . +qed + +theorem join_mono: "x \ z \ y \ w \ x \ y \ z \ w" +proof - + assume "x \ z" hence "dual z \ dual x" .. + moreover assume "y \ w" hence "dual w \ dual y" .. + ultimately have "dual z \ dual w \ dual x \ dual y" + by (rule meet_mono) + hence "dual (z \ w) \ dual (x \ y)" + by (simp only: dual_join) + thus ?thesis .. +qed + +text {* + \medskip A semi-morphisms is a function $f$ that preserves the + lattice operations in the following manner: @{term "f (x \ y) \ f x + \ f y"} and @{term "f x \ f y \ f (x \ y)"}, respectively. Any of + these properties is equivalent with monotonicity. +*} (* FIXME dual version !? *) + +theorem meet_semimorph: + "(\x y. f (x \ y) \ f x \ f y) \ (\x y. x \ y \ f x \ f y)" +proof + assume morph: "\x y. f (x \ y) \ f x \ f y" + fix x y :: "'a::lattice" + assume "x \ y" hence "x \ y = x" .. + hence "x = x \ y" .. + also have "f \ \ f x \ f y" by (rule morph) + also have "\ \ f y" .. + finally show "f x \ f y" . +next + assume mono: "\x y. x \ y \ f x \ f y" + show "\x y. f (x \ y) \ f x \ f y" + proof - + fix x y + show "f (x \ y) \ f x \ f y" + proof + have "x \ y \ x" .. thus "f (x \ y) \ f x" by (rule mono) + have "x \ y \ y" .. thus "f (x \ y) \ f y" by (rule mono) + qed + qed +qed + +end diff -r 9d4d5852eb47 -r 6d3987f3aad9 src/HOL/Lattice/Orders.thy --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/HOL/Lattice/Orders.thy Fri Oct 06 01:04:56 2000 +0200 @@ -0,0 +1,294 @@ +(* Title: HOL/Lattice/Orders.thy + ID: $Id$ + Author: Markus Wenzel, TU Muenchen +*) + +header {* Orders *} + +theory Orders = Main: + +subsection {* Ordered structures *} + +text {* + We define several classes of ordered structures over some type @{typ + 'a} with relation @{text "\ \ 'a \ 'a \ bool"}. For a + \emph{quasi-order} that relation is required to be reflexive and + transitive, for a \emph{partial order} it also has to be + anti-symmetric, while for a \emph{linear order} all elements are + required to be related (in either direction). +*} + +axclass leq < "term" +consts + leq :: "'a::leq \ 'a \ bool" (infixl "[=" 50) +syntax (symbols) + leq :: "'a::leq \ 'a \ bool" (infixl "\" 50) + +axclass quasi_order < leq + leq_refl [intro?]: "x \ x" + leq_trans [trans]: "x \ y \ y \ z \ x \ z" + +axclass partial_order < quasi_order + leq_antisym [trans]: "x \ y \ y \ x \ x = y" + +axclass linear_order < partial_order + leq_linear: "x \ y \ y \ x" + +lemma linear_order_cases: + "((x::'a::linear_order) \ y \ C) \ (y \ x \ C) \ C" + by (insert leq_linear) blast + + +subsection {* Duality *} + +text {* + The \emph{dual} of an ordered structure is an isomorphic copy of the + underlying type, with the @{text \} relation defined as the inverse + of the original one. +*} + +datatype 'a dual = dual 'a + +consts + undual :: "'a dual \ 'a" +primrec + undual_dual: "undual (dual x) = x" + +instance dual :: (leq) leq + by intro_classes + +defs (overloaded) + leq_dual_def: "x' \ y' \ undual y' \ undual x'" + +lemma undual_leq [iff?]: "(undual x' \ undual y') = (y' \ x')" + by (simp add: leq_dual_def) + +lemma dual_leq [iff?]: "(dual x \ dual y) = (y \ x)" + by (simp add: leq_dual_def) + +text {* + \medskip Functions @{term dual} and @{term undual} are inverse to + each other; this entails the following fundamental properties. +*} + +lemma dual_undual [simp]: "dual (undual x') = x'" + by (cases x') simp + +lemma undual_dual_id [simp]: "undual o dual = id" + by (rule ext) simp + +lemma dual_undual_id [simp]: "dual o undual = id" + by (rule ext) simp + +text {* + \medskip Since @{term dual} (and @{term undual}) are both injective + and surjective, the basic logical connectives (equality, + quantification etc.) are transferred as follows. +*} + +lemma undual_equality [iff?]: "(undual x' = undual y') = (x' = y')" + by (cases x', cases y') simp + +lemma dual_equality [iff?]: "(dual x = dual y) = (x = y)" + by simp + +lemma dual_ball [iff?]: "(\x \ A. P (dual x)) = (\x' \ dual `` A. P x')" +proof + assume a: "\x \ A. P (dual x)" + show "\x' \ dual `` A. P x'" + proof + fix x' assume x': "x' \ dual `` A" + have "undual x' \ A" + proof - + from x' have "undual x' \ undual `` dual `` A" by simp + thus "undual x' \ A" by (simp add: image_compose [symmetric]) + qed + with a have "P (dual (undual x'))" .. + also have "\ = x'" by simp + finally show "P x'" . + qed +next + assume a: "\x' \ dual `` A. P x'" + show "\x \ A. P (dual x)" + proof + fix x assume "x \ A" + hence "dual x \ dual `` A" by simp + with a show "P (dual x)" .. + qed +qed + +lemma range_dual [simp]: "dual `` UNIV = UNIV" +proof (rule surj_range) + have "\x'. dual (undual x') = x'" by simp + thus "surj dual" by (rule surjI) +qed + +lemma dual_all [iff?]: "(\x. P (dual x)) = (\x'. P x')" +proof - + have "(\x \ UNIV. P (dual x)) = (\x' \ dual `` UNIV. P x')" + by (rule dual_ball) + thus ?thesis by simp +qed + +lemma dual_ex: "(\x. P (dual x)) = (\x'. P x')" +proof - + have "(\x. \ P (dual x)) = (\x'. \ P x')" + by (rule dual_all) + thus ?thesis by blast +qed + +lemma dual_Collect: "{dual x| x. P (dual x)} = {x'. P x'}" +proof - + have "{dual x| x. P (dual x)} = {x'. \x''. x' = x'' \ P x''}" + by (simp only: dual_ex [symmetric]) + thus ?thesis by blast +qed + + +subsection {* Transforming orders *} + +subsubsection {* Duals *} + +text {* + The classes of quasi, partial, and linear orders are all closed + under formation of dual structures. +*} + +instance dual :: (quasi_order) quasi_order +proof intro_classes + fix x' y' z' :: "'a::quasi_order dual" + have "undual x' \ undual x'" .. thus "x' \ x'" .. + assume "y' \ z'" hence "undual z' \ undual y'" .. + also assume "x' \ y'" hence "undual y' \ undual x'" .. + finally show "x' \ z'" .. +qed + +instance dual :: (partial_order) partial_order +proof intro_classes + fix x' y' :: "'a::partial_order dual" + assume "y' \ x'" hence "undual x' \ undual y'" .. + also assume "x' \ y'" hence "undual y' \ undual x'" .. + finally show "x' = y'" .. +qed + +instance dual :: (linear_order) linear_order +proof intro_classes + fix x' y' :: "'a::linear_order dual" + show "x' \ y' \ y' \ x'" + proof (rule linear_order_cases) + assume "undual y' \ undual x'" + hence "x' \ y'" .. thus ?thesis .. + next + assume "undual x' \ undual y'" + hence "y' \ x'" .. thus ?thesis .. + qed +qed + + +subsubsection {* Binary products \label{sec:prod-order} *} + +text {* + The classes of quasi and partial orders are closed under binary + products. Note that the direct product of linear orders need + \emph{not} be linear in general. +*} + +instance * :: (leq, leq) leq + by intro_classes + +defs (overloaded) + leq_prod_def: "p \ q \ fst p \ fst q \ snd p \ snd q" + +lemma leq_prodI [intro?]: + "fst p \ fst q \ snd p \ snd q \ p \ q" + by (unfold leq_prod_def) blast + +lemma leq_prodE [elim?]: + "p \ q \ (fst p \ fst q \ snd p \ snd q \ C) \ C" + by (unfold leq_prod_def) blast + +instance * :: (quasi_order, quasi_order) quasi_order +proof intro_classes + fix p q r :: "'a::quasi_order \ 'b::quasi_order" + show "p \ p" + proof + show "fst p \ fst p" .. + show "snd p \ snd p" .. + qed + assume pq: "p \ q" and qr: "q \ r" + show "p \ r" + proof + from pq have "fst p \ fst q" .. + also from qr have "\ \ fst r" .. + finally show "fst p \ fst r" . + from pq have "snd p \ snd q" .. + also from qr have "\ \ snd r" .. + finally show "snd p \ snd r" . + qed +qed + +instance * :: (partial_order, partial_order) partial_order +proof intro_classes + fix p q :: "'a::partial_order \ 'b::partial_order" + assume pq: "p \ q" and qp: "q \ p" + show "p = q" + proof + from pq have "fst p \ fst q" .. + also from qp have "\ \ fst p" .. + finally show "fst p = fst q" . + from pq have "snd p \ snd q" .. + also from qp have "\ \ snd p" .. + finally show "snd p = snd q" . + qed +qed + + +subsubsection {* General products \label{sec:fun-order} *} + +text {* + The classes of quasi and partial orders are closed under general + products (function spaces). Note that the direct product of linear + orders need \emph{not} be linear in general. +*} + +instance fun :: ("term", leq) leq + by intro_classes + +defs (overloaded) + leq_fun_def: "f \ g \ \x. f x \ g x" + +lemma leq_funI [intro?]: "(\x. f x \ g x) \ f \ g" + by (unfold leq_fun_def) blast + +lemma leq_funD [dest?]: "f \ g \ f x \ g x" + by (unfold leq_fun_def) blast + +instance fun :: ("term", quasi_order) quasi_order +proof intro_classes + fix f g h :: "'a \ 'b::quasi_order" + show "f \ f" + proof + fix x show "f x \ f x" .. + qed + assume fg: "f \ g" and gh: "g \ h" + show "f \ h" + proof + fix x from fg have "f x \ g x" .. + also from gh have "\ \ h x" .. + finally show "f x \ h x" . + qed +qed + +instance fun :: ("term", partial_order) partial_order +proof intro_classes + fix f g :: "'a \ 'b::partial_order" + assume fg: "f \ g" and gf: "g \ f" + show "f = g" + proof + fix x from fg have "f x \ g x" .. + also from gf have "\ \ f x" .. + finally show "f x = g x" . + qed +qed + +end diff -r 9d4d5852eb47 -r 6d3987f3aad9 src/HOL/Lattice/ROOT.ML --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/HOL/Lattice/ROOT.ML Fri Oct 06 01:04:56 2000 +0200 @@ -0,0 +1,8 @@ +(* Title: HOL/Lattice/ROOT.ML + ID: $Id$ + Author: Markus Wenzel, TU Muenchen + +Basic theory of lattices and orders. +*) + +time_use_thy "CompleteLattice"; diff -r 9d4d5852eb47 -r 6d3987f3aad9 src/HOL/Lattice/document/root.bib --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/HOL/Lattice/document/root.bib Fri Oct 06 01:04:56 2000 +0200 @@ -0,0 +1,48 @@ + +@InProceedings{Bauer-Wenzel:2000:HB, + author = {Gertrud Bauer and Markus Wenzel}, + title = {Computer-Assisted Mathematics at Work --- The {H}ahn-{B}anach Theorem in + {I}sabelle/{I}sar}, + booktitle = {Types for Proofs and Programs: TYPES'99}, + editor = {Thierry Coquand and Peter Dybjer and Bengt Nordstr{\"o}m + and Jan Smith}, + series = {LNCS}, + year = 2000 +} + +@Book{Davey-Priestley:1990, + author = {B. A. Davey and H. A. Priestley}, + title = {Introduction to Lattices and Order}, + publisher = {Cambridge University Press}, + year = 1990} + +@InProceedings{Wenzel:1999:TPHOL, + author = {Markus Wenzel}, + title = {{Isar} --- a Generic Interpretative Approach to Readable Formal Proof Documents}, + crossref = {tphols99}} + + +@Manual{Wenzel:2000:axclass, + author = {Markus Wenzel}, + title = {Using Axiomatic Type Classes in Isabelle}, + year = 2000, + institution = {TU Munich}, + note = {\url{http://isabelle.in.tum.de/doc/axclass.pdf}} +} + +@Manual{Wenzel:2000:isar-ref, + author = {Markus Wenzel}, + title = {The {Isabelle/Isar} Reference Manual}, + year = 2000, + institution = {TU Munich}, + note = {\url{http://isabelle.in.tum.de/doc/isar-ref.pdf}} +} + +@Proceedings{tphols99, + title = {Theorem Proving in Higher Order Logics: {TPHOLs} '99}, + booktitle = {Theorem Proving in Higher Order Logics: {TPHOLs} '99}, + editor = {Bertot, Y. and Dowek, G. and Hirschowitz, A. and + Paulin, C. and Thery, L.}, + series = {LNCS}, + volume = 1690, + year = 1999} diff -r 9d4d5852eb47 -r 6d3987f3aad9 src/HOL/Lattice/document/root.tex --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/HOL/Lattice/document/root.tex Fri Oct 06 01:04:56 2000 +0200 @@ -0,0 +1,56 @@ + +% $Id$ + +\documentclass[11pt,a4paper]{article} +\usepackage{isabelle,isabellesym,pdfsetup} +\usepackage[only,bigsqcap]{stmaryrd} + +\urlstyle{rm}\isabellestyle{it} +\pagestyle{headings} + +\hyphenation{Isabelle} +\hyphenation{Isar} + + +\begin{document} + +\title{Lattices and Orders in Isabelle/HOL} +\author{Markus Wenzel \\ TU M\"unchen} +\maketitle + +\begin{abstract} + We consider abstract structures of orders and lattices. Many fundamental + concepts of lattice theory are developed, including dual structures, + properties of bounds versus algebraic laws, lattice operations versus + set-theoretic ones etc. We also give example instantiations of lattices and + orders, such as direct products and function spaces. Well-known properties + are demonstrated, like the Knaster-Tarski Theorem for complete lattices. + + This formal theory development may serve as an example of applying + Isabelle/HOL to the domain of mathematical reasoning about ``axiomatic'' + structures. Apart from the simply-typed classical set-theory of HOL, we + employ Isabelle's system of axiomatic type classes for expressing structures + and functors in a light-weight manner. Proofs are expressed in the Isar + language for readable formal proof, while aiming at its ``best-style'' of + representing formal reasoning. +\end{abstract} + +\tableofcontents + +\newpage +{ + \parindent 0pt\parskip 0.7ex + \pagestyle{myheadings} + \renewcommand{\isamarkupheader}[1]{\markright{THEORY~``\isabellecontext''}\section{#1}} + \input{session} +} + +\nocite{Wenzel:1999:TPHOL} +\nocite{Wenzel:2000:isar-ref} +\nocite{Wenzel:2000:axclass} +\nocite{Bauer-Wenzel:2000:HB} + +\bibliographystyle{abbrv} +\bibliography{root} + +\end{document}