# HG changeset patch # User urbanc # Date 1133694843 -3600 # Node ID 95083a68cbbb2046c008102604e81ce10bd78311 # Parent e36238ac5359896dad9c771c0a15dc6c7ce12e1f tuning diff -r e36238ac5359 -r 95083a68cbbb src/HOL/Nominal/Examples/CR.thy --- a/src/HOL/Nominal/Examples/CR.thy Fri Dec 02 22:57:36 2005 +0100 +++ b/src/HOL/Nominal/Examples/CR.thy Sun Dec 04 12:14:03 2005 +0100 @@ -32,9 +32,8 @@ assumes a: "a\t1" shows "t1[a::=t2] = t1" using a -apply (nominal_induct t1 avoiding: a t2 rule: lam_induct) -apply(auto simp add: abs_fresh fresh_atm) -done + by (nominal_induct t1 avoiding: a t2 rule: lam_induct) + (auto simp add: abs_fresh fresh_atm) lemma fresh_fact: fixes b :: "name" @@ -63,17 +62,14 @@ qed lemma fresh_fact: - fixes b :: "name" - and a :: "name" - and t1 :: "lam" - and t2 :: "lam" + fixes a::"name" assumes a: "a\t1" and b: "a\t2" shows "a\(t1[b::=t2])" using a b -apply(nominal_induct t1 avoiding: a b t2 rule: lam_induct) -apply(auto simp add: abs_fresh fresh_atm) -done +by (nominal_induct t1 avoiding: a b t2 rule: lam_induct) + (auto simp add: abs_fresh fresh_atm) + lemma subs_lemma: fixes x::"name" @@ -147,27 +143,29 @@ by (nominal_induct M avoiding: x y N L rule: lam_induct) (auto simp add: fresh_fact forget) -lemma subst_rename[rule_format]: +lemma subst_rename: fixes c :: "name" and a :: "name" and t1 :: "lam" and t2 :: "lam" - shows "c\t1 \ (t1[a::=t2] = ([(c,a)]\t1)[c::=t2])" + assumes a: "c\t1" + shows "t1[a::=t2] = ([(c,a)]\t1)[c::=t2]" +using a proof (nominal_induct t1 avoiding: a c t2 rule: lam_induct) case (Var b) - show "c\(Var b) \ (Var b)[a::=t2] = ([(c,a)]\(Var b))[c::=t2]" by (simp add: calc_atm fresh_atm) + thus "(Var b)[a::=t2] = ([(c,a)]\(Var b))[c::=t2]" by (simp add: calc_atm fresh_atm) next case App thus ?case by force next case (Lam b s) - have i: "\a c t2. c\s \ (s[a::=t2] = ([(c,a)]\s)[c::=t2])" by fact + have i: "\a c t2. c\s \ (s[a::=t2] = ([(c,a)]\s)[c::=t2])" by fact have f: "b\a" "b\c" "b\t2" by fact from f have a:"b\c" and b: "b\a" and c: "b\t2" by (simp add: fresh_atm)+ - show "c\Lam [b].s \ (Lam [b].s)[a::=t2] = ([(c,a)]\(Lam [b].s))[c::=t2]" (is "_ \ ?LHS = ?RHS") - proof - assume "c\Lam [b].s" - hence "c\s" using a by (simp add: abs_fresh) - hence d: "s[a::=t2] = ([(c,a)]\s)[c::=t2]" using i by simp + have "c\Lam [b].s" by fact + hence "c\s" using a by (simp add: abs_fresh) + hence d: "s[a::=t2] = ([(c,a)]\s)[c::=t2]" using i by simp + show "(Lam [b].s)[a::=t2] = ([(c,a)]\(Lam [b].s))[c::=t2]" (is "?LHS = ?RHS") + proof - have "?LHS = Lam [b].(s[a::=t2])" using b c by simp also have "\ = Lam [b].(([(c,a)]\s)[c::=t2])" using d by simp also have "\ = (Lam [b].([(c,a)]\s))[c::=t2]" using a c by simp @@ -176,12 +174,14 @@ qed qed -lemma subst_rename[rule_format]: +lemma subst_rename: fixes c :: "name" and a :: "name" and t1 :: "lam" and t2 :: "lam" - shows "c\t1 \ (t1[a::=t2] = ([(c,a)]\t1)[c::=t2])" + assumes a: "c\t1" + shows "t1[a::=t2] = ([(c,a)]\t1)[c::=t2]" +using a apply(nominal_induct t1 avoiding: a c t2 rule: lam_induct) apply(auto simp add: calc_atm fresh_atm abs_fresh) done @@ -551,7 +551,7 @@ qed qed -lemma one_subst[rule_format]: +lemma one_subst: assumes a: "M\\<^isub>1M'" and b: "N\\<^isub>1N'" shows "M[x::=N]\\<^isub>1M'[x::=N']" @@ -560,131 +560,117 @@ apply(auto simp add: one_subst_aux subs_lemma fresh_atm) done -(* FIXME: change to make use of the new induction facilities *) lemma diamond[rule_format]: fixes M :: "lam" and M1:: "lam" assumes a: "M\\<^isub>1M1" - shows "\M2. (M\\<^isub>1M2) \ (\M3. M1\\<^isub>1M3 \ M2\\<^isub>1M3)" - using a -proof (induct) + and b: "M\\<^isub>1M2" + shows "\M3. M1\\<^isub>1M3 \ M2\\<^isub>1M3" + using a b +proof (induct fixing: M2) case (o1 M) (* case 1 --- M1 = M *) - show "\M2. M\\<^isub>1M2 \ (\M3. M\\<^isub>1M3 \ M2\\<^isub>1M3)" by force + thus "\M3. M\\<^isub>1M3 \ M2\\<^isub>1M3" by blast next case (o4 x Q Q' P P') (* case 2 --- a beta-reduction occurs*) - assume i1: "\M2. Q \\<^isub>1M2 \ (\M3. Q'\\<^isub>1M3 \ M2\\<^isub>1M3)" - assume i2: "\M2. P \\<^isub>1M2 \ (\M3. P'\\<^isub>1M3 \ M2\\<^isub>1M3)" - show "\M2. App (Lam [x].P) Q\\<^isub>1M2 \ (\M3. P'[x::=Q']\\<^isub>1M3 \ M2\\<^isub>1M3)" - proof (intro strip) - fix M2 - assume "App (Lam [x].P) Q \\<^isub>1 M2" - hence "(\P' Q'. M2 = App (Lam [x].P') Q' \ P\\<^isub>1P' \ Q\\<^isub>1Q') \ - (\P' Q'. M2 = P'[x::=Q'] \ P\\<^isub>1P' \ Q\\<^isub>1Q')" by (simp add: one_red) - moreover (* subcase 2.1 *) - { assume "\P' Q'. M2 = App (Lam [x].P') Q' \ P\\<^isub>1P' \ Q\\<^isub>1Q'" - then obtain P'' and Q'' where - b1: "M2=App (Lam [x].P'') Q''" and b2: "P\\<^isub>1P''" and b3: "Q\\<^isub>1Q''" by force - from b2 i2 have "(\M3. P'\\<^isub>1M3 \ P''\\<^isub>1M3)" by simp - then obtain P''' where - c1: "P'\\<^isub>1P'''" and c2: "P''\\<^isub>1P'''" by force - from b3 i1 have "(\M3. Q'\\<^isub>1M3 \ Q''\\<^isub>1M3)" by simp - then obtain Q''' where - d1: "Q'\\<^isub>1Q'''" and d2: "Q''\\<^isub>1Q'''" by force - from c1 c2 d1 d2 - have "P'[x::=Q']\\<^isub>1P'''[x::=Q'''] \ App (Lam [x].P'') Q'' \\<^isub>1 P'''[x::=Q''']" - by (force simp add: one_subst) - hence "\M3. P'[x::=Q']\\<^isub>1M3 \ M2\\<^isub>1M3" using b1 by force - } - moreover (* subcase 2.2 *) - { assume "\P' Q'. M2 = P'[x::=Q'] \ P\\<^isub>1P' \ Q\\<^isub>1Q'" - then obtain P'' Q'' where - b1: "M2=P''[x::=Q'']" and b2: "P\\<^isub>1P''" and b3: "Q\\<^isub>1Q''" by force - from b2 i2 have "(\M3. P'\\<^isub>1M3 \ P''\\<^isub>1M3)" by simp - then obtain P''' where - c1: "P'\\<^isub>1P'''" and c2: "P''\\<^isub>1P'''" by force - from b3 i1 have "(\M3. Q'\\<^isub>1M3 \ Q''\\<^isub>1M3)" by simp - then obtain Q''' where - d1: "Q'\\<^isub>1Q'''" and d2: "Q''\\<^isub>1Q'''" by force - from c1 c2 d1 d2 - have "P'[x::=Q']\\<^isub>1P'''[x::=Q'''] \ P''[x::=Q'']\\<^isub>1P'''[x::=Q''']" - by (force simp add: one_subst) - hence "\M3. P'[x::=Q']\\<^isub>1M3 \ M2\\<^isub>1M3" using b1 by force - } - ultimately show "\M3. P'[x::=Q']\\<^isub>1M3 \ M2\\<^isub>1M3" by blast - qed + have i1: "\M2. Q \\<^isub>1M2 \ (\M3. Q'\\<^isub>1M3 \ M2\\<^isub>1M3)" by fact + have i2: "\M2. P \\<^isub>1M2 \ (\M3. P'\\<^isub>1M3 \ M2\\<^isub>1M3)" by fact + have "App (Lam [x].P) Q \\<^isub>1 M2" by fact + hence "(\P' Q'. M2 = App (Lam [x].P') Q' \ P\\<^isub>1P' \ Q\\<^isub>1Q') \ + (\P' Q'. M2 = P'[x::=Q'] \ P\\<^isub>1P' \ Q\\<^isub>1Q')" by (simp add: one_red) + moreover (* subcase 2.1 *) + { assume "\P' Q'. M2 = App (Lam [x].P') Q' \ P\\<^isub>1P' \ Q\\<^isub>1Q'" + then obtain P'' and Q'' where + b1: "M2=App (Lam [x].P'') Q''" and b2: "P\\<^isub>1P''" and b3: "Q\\<^isub>1Q''" by blast + from b2 i2 have "(\M3. P'\\<^isub>1M3 \ P''\\<^isub>1M3)" by simp + then obtain P''' where + c1: "P'\\<^isub>1P'''" and c2: "P''\\<^isub>1P'''" by force + from b3 i1 have "(\M3. Q'\\<^isub>1M3 \ Q''\\<^isub>1M3)" by simp + then obtain Q''' where + d1: "Q'\\<^isub>1Q'''" and d2: "Q''\\<^isub>1Q'''" by force + from c1 c2 d1 d2 + have "P'[x::=Q']\\<^isub>1P'''[x::=Q'''] \ App (Lam [x].P'') Q'' \\<^isub>1 P'''[x::=Q''']" + by (force simp add: one_subst) + hence "\M3. P'[x::=Q']\\<^isub>1M3 \ M2\\<^isub>1M3" using b1 by blast + } + moreover (* subcase 2.2 *) + { assume "\P' Q'. M2 = P'[x::=Q'] \ P\\<^isub>1P' \ Q\\<^isub>1Q'" + then obtain P'' Q'' where + b1: "M2=P''[x::=Q'']" and b2: "P\\<^isub>1P''" and b3: "Q\\<^isub>1Q''" by blast + from b2 i2 have "(\M3. P'\\<^isub>1M3 \ P''\\<^isub>1M3)" by simp + then obtain P''' where + c1: "P'\\<^isub>1P'''" and c2: "P''\\<^isub>1P'''" by blast + from b3 i1 have "(\M3. Q'\\<^isub>1M3 \ Q''\\<^isub>1M3)" by simp + then obtain Q''' where + d1: "Q'\\<^isub>1Q'''" and d2: "Q''\\<^isub>1Q'''" by blast + from c1 c2 d1 d2 + have "P'[x::=Q']\\<^isub>1P'''[x::=Q'''] \ P''[x::=Q'']\\<^isub>1P'''[x::=Q''']" + by (force simp add: one_subst) + hence "\M3. P'[x::=Q']\\<^isub>1M3 \ M2\\<^isub>1M3" using b1 by blast + } + ultimately show "\M3. P'[x::=Q']\\<^isub>1M3 \ M2\\<^isub>1M3" by blast next case (o2 Q Q' P P') (* case 3 *) - assume i0: "P\\<^isub>1P'" - assume i1: "\M2. Q \\<^isub>1M2 \ (\M3. Q'\\<^isub>1M3 \ M2\\<^isub>1M3)" - assume i2: "\M2. P \\<^isub>1M2 \ (\M3. P'\\<^isub>1M3 \ M2\\<^isub>1M3)" - show "\M2. App P Q\\<^isub>1M2 \ (\M3. App P' Q'\\<^isub>1M3 \ M2\\<^isub>1M3)" - proof (intro strip) - fix M2 - assume "App P Q \\<^isub>1 M2" - hence "(\P'' Q''. M2 = App P'' Q'' \ P\\<^isub>1P'' \ Q\\<^isub>1Q'') \ - (\x P' P'' Q'. P = Lam [x].P' \ M2 = P''[x::=Q'] \ P'\\<^isub>1 P'' \ Q\\<^isub>1Q')" - by (simp add: one_app[simplified]) - moreover (* subcase 3.1 *) - { assume "\P'' Q''. M2 = App P'' Q'' \ P\\<^isub>1P'' \ Q\\<^isub>1Q''" - then obtain P'' and Q'' where - b1: "M2=App P'' Q''" and b2: "P\\<^isub>1P''" and b3: "Q\\<^isub>1Q''" by force - from b2 i2 have "(\M3. P'\\<^isub>1M3 \ P''\\<^isub>1M3)" by simp - then obtain P''' where - c1: "P'\\<^isub>1P'''" and c2: "P''\\<^isub>1P'''" by force - from b3 i1 have "(\M3. Q'\\<^isub>1M3 \ Q''\\<^isub>1M3)" by simp - then obtain Q''' where - d1: "Q'\\<^isub>1Q'''" and d2: "Q''\\<^isub>1Q'''" by force - from c1 c2 d1 d2 - have "App P' Q'\\<^isub>1App P''' Q''' \ App P'' Q'' \\<^isub>1 App P''' Q'''" by force - hence "\M3. App P' Q'\\<^isub>1M3 \ M2\\<^isub>1M3" using b1 by force - } - moreover (* subcase 3.2 *) - { assume "\x P1 P'' Q''. P = Lam [x].P1 \ M2 = P''[x::=Q''] \ P1\\<^isub>1 P'' \ Q\\<^isub>1Q''" - then obtain x P1 P1'' Q'' where - b0: "P=Lam [x].P1" and b1: "M2=P1''[x::=Q'']" and - b2: "P1\\<^isub>1P1''" and b3: "Q\\<^isub>1Q''" by force - from b0 i0 have "\P1'. P'=Lam [x].P1' \ P1\\<^isub>1P1'" by (simp add: one_abs) - then obtain P1' where g1: "P'=Lam [x].P1'" and g2: "P1\\<^isub>1P1'" by force - from g1 b0 b2 i2 have "(\M3. (Lam [x].P1')\\<^isub>1M3 \ (Lam [x].P1'')\\<^isub>1M3)" by simp - then obtain P1''' where - c1: "(Lam [x].P1')\\<^isub>1P1'''" and c2: "(Lam [x].P1'')\\<^isub>1P1'''" by force - from c1 have "\R1. P1'''=Lam [x].R1 \ P1'\\<^isub>1R1" by (simp add: one_abs) - then obtain R1 where r1: "P1'''=Lam [x].R1" and r2: "P1'\\<^isub>1R1" by force - from c2 have "\R2. P1'''=Lam [x].R2 \ P1''\\<^isub>1R2" by (simp add: one_abs) - then obtain R2 where r3: "P1'''=Lam [x].R2" and r4: "P1''\\<^isub>1R2" by force - from r1 r3 have r5: "R1=R2" - by (simp add: lam.inject alpha) - from b3 i1 have "(\M3. Q'\\<^isub>1M3 \ Q''\\<^isub>1M3)" by simp - then obtain Q''' where - d1: "Q'\\<^isub>1Q'''" and d2: "Q''\\<^isub>1Q'''" by force - from g1 r2 d1 r4 r5 d2 - have "App P' Q'\\<^isub>1R1[x::=Q'''] \ P1''[x::=Q'']\\<^isub>1R1[x::=Q''']" by (simp add: one_subst) - hence "\M3. App P' Q'\\<^isub>1M3 \ M2\\<^isub>1M3" using b1 by force - } - ultimately show "\M3. App P' Q'\\<^isub>1M3 \ M2\\<^isub>1M3" by blast - qed + have i0: "P\\<^isub>1P'" by fact + have i1: "\M2. Q \\<^isub>1M2 \ (\M3. Q'\\<^isub>1M3 \ M2\\<^isub>1M3)" by fact + have i2: "\M2. P \\<^isub>1M2 \ (\M3. P'\\<^isub>1M3 \ M2\\<^isub>1M3)" by fact + assume "App P Q \\<^isub>1 M2" + hence "(\P'' Q''. M2 = App P'' Q'' \ P\\<^isub>1P'' \ Q\\<^isub>1Q'') \ + (\x P' P'' Q'. P = Lam [x].P' \ M2 = P''[x::=Q'] \ P'\\<^isub>1 P'' \ Q\\<^isub>1Q')" + by (simp add: one_app[simplified]) + moreover (* subcase 3.1 *) + { assume "\P'' Q''. M2 = App P'' Q'' \ P\\<^isub>1P'' \ Q\\<^isub>1Q''" + then obtain P'' and Q'' where + b1: "M2=App P'' Q''" and b2: "P\\<^isub>1P''" and b3: "Q\\<^isub>1Q''" by blast + from b2 i2 have "(\M3. P'\\<^isub>1M3 \ P''\\<^isub>1M3)" by simp + then obtain P''' where + c1: "P'\\<^isub>1P'''" and c2: "P''\\<^isub>1P'''" by blast + from b3 i1 have "\M3. Q'\\<^isub>1M3 \ Q''\\<^isub>1M3" by simp + then obtain Q''' where + d1: "Q'\\<^isub>1Q'''" and d2: "Q''\\<^isub>1Q'''" by blast + from c1 c2 d1 d2 + have "App P' Q'\\<^isub>1App P''' Q''' \ App P'' Q'' \\<^isub>1 App P''' Q'''" by blast + hence "\M3. App P' Q'\\<^isub>1M3 \ M2\\<^isub>1M3" using b1 by blast + } + moreover (* subcase 3.2 *) + { assume "\x P1 P'' Q''. P = Lam [x].P1 \ M2 = P''[x::=Q''] \ P1\\<^isub>1 P'' \ Q\\<^isub>1Q''" + then obtain x P1 P1'' Q'' where + b0: "P=Lam [x].P1" and b1: "M2=P1''[x::=Q'']" and + b2: "P1\\<^isub>1P1''" and b3: "Q\\<^isub>1Q''" by blast + from b0 i0 have "\P1'. P'=Lam [x].P1' \ P1\\<^isub>1P1'" by (simp add: one_abs) + then obtain P1' where g1: "P'=Lam [x].P1'" and g2: "P1\\<^isub>1P1'" by blast + from g1 b0 b2 i2 have "(\M3. (Lam [x].P1')\\<^isub>1M3 \ (Lam [x].P1'')\\<^isub>1M3)" by simp + then obtain P1''' where + c1: "(Lam [x].P1')\\<^isub>1P1'''" and c2: "(Lam [x].P1'')\\<^isub>1P1'''" by blast + from c1 have "\R1. P1'''=Lam [x].R1 \ P1'\\<^isub>1R1" by (simp add: one_abs) + then obtain R1 where r1: "P1'''=Lam [x].R1" and r2: "P1'\\<^isub>1R1" by blast + from c2 have "\R2. P1'''=Lam [x].R2 \ P1''\\<^isub>1R2" by (simp add: one_abs) + then obtain R2 where r3: "P1'''=Lam [x].R2" and r4: "P1''\\<^isub>1R2" by blast + from r1 r3 have r5: "R1=R2" by (simp add: lam.inject alpha) + from b3 i1 have "(\M3. Q'\\<^isub>1M3 \ Q''\\<^isub>1M3)" by simp + then obtain Q''' where + d1: "Q'\\<^isub>1Q'''" and d2: "Q''\\<^isub>1Q'''" by blast + from g1 r2 d1 r4 r5 d2 + have "App P' Q'\\<^isub>1R1[x::=Q'''] \ P1''[x::=Q'']\\<^isub>1R1[x::=Q''']" by (simp add: one_subst) + hence "\M3. App P' Q'\\<^isub>1M3 \ M2\\<^isub>1M3" using b1 by blast + } + ultimately show "\M3. App P' Q'\\<^isub>1M3 \ M2\\<^isub>1M3" by blast next case (o3 x P P') (* case 4 *) - assume i1: "P\\<^isub>1P'" - assume i2: "\M2. P \\<^isub>1M2 \ (\M3. P'\\<^isub>1M3 \ M2\\<^isub>1M3)" - show "\M2. (Lam [x].P)\\<^isub>1M2 \ (\M3. (Lam [x].P')\\<^isub>1M3 \ M2\\<^isub>1M3)" - proof (intro strip) - fix M2 - assume "(Lam [x].P)\\<^isub>1 M2" - hence "\P''. M2=Lam [x].P'' \ P\\<^isub>1P''" by (simp add: one_abs) - then obtain P'' where b1: "M2=Lam [x].P''" and b2: "P\\<^isub>1P''" by force - from i2 b1 b2 have "\M3. (Lam [x].P')\\<^isub>1M3 \ (Lam [x].P'')\\<^isub>1M3" by force - then obtain M3 where c1: "(Lam [x].P')\\<^isub>1M3" and c2: "(Lam [x].P'')\\<^isub>1M3" by force - from c1 have "\R1. M3=Lam [x].R1 \ P'\\<^isub>1R1" by (simp add: one_abs) - then obtain R1 where r1: "M3=Lam [x].R1" and r2: "P'\\<^isub>1R1" by force - from c2 have "\R2. M3=Lam [x].R2 \ P''\\<^isub>1R2" by (simp add: one_abs) - then obtain R2 where r3: "M3=Lam [x].R2" and r4: "P''\\<^isub>1R2" by force - from r1 r3 have r5: "R1=R2" - by (simp add: lam.inject alpha) - from r2 r4 have "(Lam [x].P')\\<^isub>1(Lam [x].R1) \ (Lam [x].P'')\\<^isub>1(Lam [x].R2)" - by (simp add: one_subst) - thus "\M3. (Lam [x].P')\\<^isub>1M3 \ M2\\<^isub>1M3" using b1 r5 by force - qed + have i1: "P\\<^isub>1P'" by fact + have i2: "\M2. P \\<^isub>1M2 \ (\M3. P'\\<^isub>1M3 \ M2\\<^isub>1M3)" by fact + have "(Lam [x].P)\\<^isub>1 M2" by fact + hence "\P''. M2=Lam [x].P'' \ P\\<^isub>1P''" by (simp add: one_abs) + then obtain P'' where b1: "M2=Lam [x].P''" and b2: "P\\<^isub>1P''" by blast + from i2 b1 b2 have "\M3. (Lam [x].P')\\<^isub>1M3 \ (Lam [x].P'')\\<^isub>1M3" by blast + then obtain M3 where c1: "(Lam [x].P')\\<^isub>1M3" and c2: "(Lam [x].P'')\\<^isub>1M3" by blast + from c1 have "\R1. M3=Lam [x].R1 \ P'\\<^isub>1R1" by (simp add: one_abs) + then obtain R1 where r1: "M3=Lam [x].R1" and r2: "P'\\<^isub>1R1" by blast + from c2 have "\R2. M3=Lam [x].R2 \ P''\\<^isub>1R2" by (simp add: one_abs) + then obtain R2 where r3: "M3=Lam [x].R2" and r4: "P''\\<^isub>1R2" by blast + from r1 r3 have r5: "R1=R2" by (simp add: lam.inject alpha) + from r2 r4 have "(Lam [x].P')\\<^isub>1(Lam [x].R1) \ (Lam [x].P'')\\<^isub>1(Lam [x].R2)" + by (simp add: one_subst) + thus "\M3. (Lam [x].P')\\<^isub>1M3 \ M2\\<^isub>1M3" using b1 r5 by blast qed lemma one_abs_cong: @@ -726,7 +712,7 @@ proof - have b1: "App t1 s1 \\<^isub>\\<^sup>* App t2 s1" using a1 by (rule one_pr_congL) have b2: "App t2 s1 \\<^isub>\\<^sup>* App t2 s2" using a2 by (rule one_pr_congR) - show ?thesis using b1 and b2 by (force intro: rtrancl_trans) + show ?thesis using b1 b2 by (force intro: rtrancl_trans) qed lemma one_beta_star: @@ -815,35 +801,25 @@ lemma cr_one: assumes a: "t\\<^isub>1\<^sup>*t1" - and b: "t\\<^isub>1t2" + and b: "t\\<^isub>1t2" shows "\t3. t1\\<^isub>1t3 \ t2\\<^isub>1\<^sup>*t3" -proof - - have stronger: "\t2. t\\<^isub>1t2\(\t3. t1\\<^isub>1t3\t2\\<^isub>1\<^sup>*t3)" - using a - proof induct - case 1 show ?case by (force) - next - case (2 s1 s2) - assume b: "s1 \\<^isub>1 s2" - assume h: "\t2. t \\<^isub>1 t2 \ (\t3. s1 \\<^isub>1 t3 \ t2 \\<^isub>1\<^sup>* t3)" - show ?case - proof (rule allI, rule impI) - fix t2 - assume c: "t \\<^isub>1 t2" - show "(\t3. s2 \\<^isub>1 t3 \ t2 \\<^isub>1\<^sup>* t3)" - proof - - from c h have "(\t3. s1 \\<^isub>1 t3 \ t2 \\<^isub>1\<^sup>* t3)" by force - then obtain t3 where c1: "s1 \\<^isub>1 t3" - and c2: "t2 \\<^isub>1\<^sup>* t3" by (force) - have "(\t4. s2 \\<^isub>1 t4 \ t3 \\<^isub>1 t4)" using b c1 by (force intro: diamond) - thus ?thesis using c2 by (force intro: rtrancl_trans) - qed - qed + using a b +proof (induct fixing: t2) + case 1 thus ?case by force +next + case (2 s1 s2) + have b: "s1 \\<^isub>1 s2" by fact + have h: "\t2. t \\<^isub>1 t2 \ (\t3. s1 \\<^isub>1 t3 \ t2 \\<^isub>1\<^sup>* t3)" by fact + have c: "t \\<^isub>1 t2" by fact + show "(\t3. s2 \\<^isub>1 t3 \ t2 \\<^isub>1\<^sup>* t3)" + proof - + from c h have "(\t3. s1 \\<^isub>1 t3 \ t2 \\<^isub>1\<^sup>* t3)" by force + then obtain t3 where c1: "s1 \\<^isub>1 t3" and c2: "t2 \\<^isub>1\<^sup>* t3" by (force) + have "(\t4. s2 \\<^isub>1 t4 \ t3 \\<^isub>1 t4)" using b c1 by (force intro: diamond) + thus ?thesis using c2 by (force intro: rtrancl_trans) qed - from a b stronger show ?thesis by force qed - lemma cr_one_star: assumes a: "t\\<^isub>1\<^sup>*t2" and b: "t\\<^isub>1\<^sup>*t1"