# HG changeset patch # User urbanc # Date 1169058595 -3600 # Node ID b1be13d32efd0575f67a11251042ebef1b5eaee9 # Parent fd2b69c2f15d47f2372b0bc271959df9fddb3dd7 tuned a bit the proofs diff -r fd2b69c2f15d -r b1be13d32efd src/HOL/Nominal/Examples/Crary.thy --- a/src/HOL/Nominal/Examples/Crary.thy Wed Jan 17 11:39:32 2007 +0100 +++ b/src/HOL/Nominal/Examples/Crary.thy Wed Jan 17 19:29:55 2007 +0100 @@ -1,10 +1,12 @@ (* "$Id$" *) (* *) -(* Formalisation of the chapter *) -(* Logical Relations and a Case Study in Equivalence *) -(* Checking *) -(* by Crary. *) -(* Formalisation by Julien Narboux and Christian Urban*) +(* Formalisation of the chapter on Logical Relations *) +(* and a Case Study in Equivalence Checking *) +(* by Karl Crary from the book on Advanced Topics in *) +(* Types and Programming Languages, MIT Press 2005 *) + +(* The formalisation was done by Julien Narboux and *) +(* Christian Urban *) theory Crary imports "Nominal" @@ -22,7 +24,7 @@ | App "trm" "trm" | Const "nat" -(* FIXME: the next lemma needs to be in Nominal.thy *) +(* The next 3 lemmas should be in the nominal library *) lemma eq_eqvt: fixes pi::"name prm" and x::"'a::pt_name" @@ -42,8 +44,7 @@ and xs::"('a::pt_name) list" shows "pi$set xs) = set (pi\xs)" by (perm_simp add: pt_list_set_pi[OF pt_name_inst]) - -(* End of library *) +(* end of library *) lemma perm_ty[simp]: fixes T::"ty" @@ -60,9 +61,7 @@ lemma ty_cases: fixes T::ty shows "(\ T1 T2. T=T1\T2) \ T=TUnit \ T=TBase" -apply (induct T rule:ty.induct_weak) -apply (auto) -done +by (induct T rule:ty.induct_weak) (auto) text {* Size Functions *} @@ -100,7 +99,7 @@ inductive2 valid :: "(name \ 'a::pt_name) list \ bool" where - v_nil[intro]: "valid []" + v_nil[intro]: "valid []" | v_cons[intro]: "\valid \;a\\\ \ valid ((a,$#\)" lemma valid_eqvt: @@ -113,7 +112,7 @@ inductive_cases2 valid_cons_elim_auto[elim]:"valid ((x,T)#\)" -text {* typing judgements for trms *} +text {* typing judgements for terms *} inductive2 typing :: "(name\ty) list\trm\ty\bool" (" _ \ _ : _ " [60,60,60] 60) @@ -423,13 +422,10 @@ by (simp, blast intro: equiv_def_eqvt) next case (Q_Ext x \ s t T1 T2 pi c) - then show "P c (pi\\) (pi\s) (pi\t) (T1\T2)" using a7 - apply - + then show "P c (pi\\) (pi\s) (pi\t) (T1\T2)" + apply(auto intro!: a7 simp add: fresh_bij) + apply(drule equiv_def_eqvt) apply(simp) - apply(rule_tac x="pi\x" in a7) - apply(simp add: fresh_bij) - apply(drule equiv_def_eqvt) - apply(simp)+ done next case (Q_Abs x \ T1 s2 t2 T2 pi c) @@ -539,25 +535,23 @@ fixes pi::"name prm" assumes a: "t \ t'" shows "(pi\t) \ (pi\t')" - using a - apply(induct) - apply(auto simp add: subst_eqvt fresh_bij) - done +using a +by (induct) (auto simp add: subst_eqvt fresh_bij) lemma whn_eqvt: fixes pi::"name prm" assumes a: "t \ t'" shows "(pi\t) \ (pi\t')" - using a - apply(induct) - apply(rule QAN_Reduce) - apply(rule whr_eqvt) - apply(assumption)+ - apply(rule QAN_Normal) - apply(auto) - apply(drule_tac pi="rev pi" in whr_eqvt) - apply(perm_simp) - done +using a +apply(induct) +apply(rule QAN_Reduce) +apply(rule whr_eqvt) +apply(assumption)+ +apply(rule QAN_Normal) +apply(auto) +apply(drule_tac pi="rev pi" in whr_eqvt) +apply(perm_simp) +done text {* Algorithmic term equivalence and algorithmic path equivalence *} @@ -677,9 +671,8 @@ then show ?thesis by simp qed -(* post-processing of the strong induction principle *) -(* extracts the strong_inducts-version from strong_induct *) - +(* post-processing of the strong induction principle proved above; *) +(* the code extracts the strong_inducts-version from strong_induct *) setup {* PureThy.add_thmss [(("alg_equiv_alg_path_equiv_strong_inducts", @@ -747,9 +740,10 @@ where "\ \ s is t : TUnit = valid \" | "\ \ s is t : TBase = \ \ s <=> t : TBase" - | "\ \ s is t : (T1 \ T2) = (valid \ \ (\\' s' t'. \\\' \ \' \ s' is t' : T1 \ (\' \ (App s s') is (App t t') : T2)))" + | "\ \ s is t : (T1 \ T2) = + (valid \ \ (\\' s' t'. \\\' \ \' \ s' is t' : T1 \ (\' \ (App s s') is (App t t') : T2)))" apply (auto simp add: ty.inject) -apply (subgoal_tac "(\ T1 T2. b=T1 \ T2) \ b=TUnit \ b=TBase" ) +apply (subgoal_tac "(\T1 T2. b=T1 \ T2) \ b=TUnit \ b=TBase" ) apply (force) apply (rule ty_cases) done @@ -791,8 +785,8 @@ assumes a: "x\L" shows "L[x::=P] = L" using a - by (nominal_induct L avoiding: x P rule: trm.induct) - (auto simp add: fresh_atm abs_fresh) +by (nominal_induct L avoiding: x P rule: trm.induct) + (auto simp add: fresh_atm abs_fresh) lemma subst_fun_eq: fixes u::trm @@ -820,15 +814,14 @@ assumes h:"c \ \" shows "\[c::=s] = (c,s)#\" using h - apply(nominal_induct t avoiding: \ c s rule: trm.induct) - apply(auto simp add: fresh_list_cons fresh_atm forget lookup_fresh lookup_fresh' fresh_psubst) - done +by (nominal_induct t avoiding: \ c s rule: trm.induct) + (auto simp add: fresh_list_cons fresh_atm forget lookup_fresh lookup_fresh' fresh_psubst) lemma subst_fresh_simpl: - assumes "x\\" + assumes a: "x\\" shows "\= Var x" - using assms - by (induct \ arbitrary: x, auto simp add:fresh_list_cons fresh_prod fresh_atm) +using a +by (induct \ arbitrary: x, auto simp add:fresh_list_cons fresh_prod fresh_atm) lemma psubst_subst_propagate: assumes "x\\" @@ -873,15 +866,13 @@ assumes "\ \ s \ t : T" shows "s \|" and "t \|" using assms -by (induct rule: alg_equiv_alg_path_equiv.inducts (2)) (simp, auto) +by (induct rule: alg_equiv_alg_path_equiv.inducts(2)) (simp, auto) lemma path_equiv_implies_nf: shows "\ \ s <=> t : T \ True" and "\ \ s \ t : T \ s \|" "\ \ s \ t : T \ t \|" - apply (induct rule: alg_equiv_alg_path_equiv.inducts) - apply auto - done +by (induct rule: alg_equiv_alg_path_equiv.inducts) (auto) lemma main_lemma: shows "\ \ s is t : T \ \ \ s <=> t : T" and "\ \ p \ q : T \ \ \ p is q : T" @@ -928,33 +919,35 @@ qed (auto elim:alg_equiv_valid) corollary corollary_main: - assumes "\ \ s \ t : T" + assumes a: "\ \ s \ t : T" shows "\ \ s <=> t : T" -using assms main_lemma by blast +using a main_lemma by blast lemma algorithmic_symmetry_aux: - shows "(\ \ s <=> t : T \ \ \ t <=> s : T) \ (\ \ s \ t : T \ \ \ t \ s : T)" -by (rule alg_equiv_alg_path_equiv.induct,auto) + shows "\ \ s <=> t : T \ \ \ t <=> s : T" + and "\ \ s \ t : T \ \ \ t \ s : T" +by (induct rule: alg_equiv_alg_path_equiv.inducts) (auto) lemma algorithmic_symmetry: - assumes "\ \ s <=> t : T" + assumes a: "\ \ s <=> t : T" shows "\ \ t <=> s : T" -using assms by (simp add: algorithmic_symmetry_aux) +using a by (simp add: algorithmic_symmetry_aux) lemma algorithmic_path_symmetry: - assumes "\ \ s \ t : T" + assumes a: "\ \ s \ t : T" shows "\ \ t \ s : T" -using assms by (simp add: algorithmic_symmetry_aux) +using a by (simp add: algorithmic_symmetry_aux) lemma red_unicity : - assumes "x \ a" "x \ b" + assumes a: "x \ a" + and b: "x \ b" shows "a=b" - using assms + using a b apply (induct arbitrary: b) apply (erule whr_App_Lam) apply (clarify) apply (rule subst_fun_eq) -apply (force) +apply (simp) apply (force) apply (erule whr_App) apply (blast)+ @@ -975,7 +968,7 @@ qed (auto) lemma Q_eqvt : - fixes pi:: "(name \ name) list" + fixes pi:: "name prm" shows "\ \ s <=> t : T \ (pi\\) \ (pi\s) <=> (pi\t) : T" and "\ \ s \ t : T \ (pi\\) \ (pi\s) \ (pi\t) : T" using assms @@ -998,7 +991,7 @@ (* FIXME this lemma should not be here I am reinventing the wheel I guess *) lemma perm_basic[simp]: - fixes x y ::name + fixes x y::"name" shows "[(x,y)]\y = x" using assms using calc_atm by perm_simp @@ -1006,13 +999,15 @@ assumes fs:"x\\" "x\t" "x\u" and h:"\ \ t <=> u : T1\T2" shows "(x,T1)#\ \ App t (Var x) <=> App u (Var x) : T2" proof - -obtain y where fs2:"y\\" "y\u" "y\t" and "(y,T1)#\ \ App t (Var y) <=> App u (Var y) : T2" using h by auto -then have "([(x,y)]$(y,T1)#$) \ [(x,y)]\ App t (Var y) <=> [(x,y)]\ App u (Var y) : T2" using Q_eqvt by blast -then show ?thesis using fs fs2 by (perm_simp) + obtain y where fs2:"y\\" "y\u" "y\t" and "(y,T1)#\ \ App t (Var y) <=> App u (Var y) : T2" + using h by auto + then have "([(x,y)]$(y,T1)#$) \ [(x,y)]\ App t (Var y) <=> [(x,y)]\ App u (Var y) : T2" + using Q_eqvt by blast + then show ?thesis using fs fs2 by (perm_simp) qed -lemma fresh_context[rule_format]: - fixes \ :: "(name\ty)list" +lemma fresh_context: + fixes \ :: "(name\ty) list" and a :: "name" assumes "a\\" shows "$\\::ty. (a,$\set \)" @@ -1042,7 +1037,8 @@ lemma algorithmic_path_type_unicity: shows "\ \ \ s \ t : T ; \ \ s \ u : T' \ \ T = T'" -proof (induct arbitrary: u T' rule:alg_equiv_alg_path_equiv.inducts(2) [of _ _ _ _ _ "%a b c d . True" ]) +proof (induct arbitrary: u T' + rule: alg_equiv_alg_path_equiv.inducts(2) [of _ _ _ _ _ "%a b c d . True" ]) case (QAP_Var \ x T u T') have "\ \ Var x \ u : T'" by fact then have "u=Var x" and "(x,T') \ set \" by auto @@ -1073,10 +1069,12 @@ case (QAT_Arrow x \ s t T1 T2 u) have fs:"x\\" "x\s" "x\t" by fact moreover have h:"\ \ t <=> u : T1\T2" by fact - moreover then obtain y where "y\\" "y\t" "y\u" and "(y,T1)#\ \ App t (Var y) <=> App u (Var y) : T2" by auto + moreover then obtain y where "y\\" "y\t" "y\u" and "(y,T1)#\ \ App t (Var y) <=> App u (Var y) : T2" + by auto moreover have fs2:"x\u" by fact ultimately have "(x,T1)#\ \ App t (Var x) <=> App u (Var x) : T2" using Q_Arrow_strong_inversion by blast - moreover have ih:"\ v. (x,T1)#\ \ App t (Var x) <=> v : T2 \ (x,T1)#\ \ App s (Var x) <=> v : T2" by fact + moreover have ih:"\ v. (x,T1)#\ \ App t (Var x) <=> v : T2 \ (x,T1)#\ \ App s (Var x) <=> v : T2" + by fact ultimately have "(x,T1)#\ \ App s (Var x) <=> App u (Var x) : T2" by auto then show "\ \ s <=> u : T1\T2" using fs fs2 by auto next @@ -1086,7 +1084,8 @@ have "\ \ s <=> t : T1" by fact have ih2:"\u. \ \ t <=> u : T1 \ \ \ s <=> u : T1" by fact have "\ \ App q t \ u : T2" by fact - then obtain r T1' v where ha:"\ \ q \ r : T1'\T2" and hb:"\ \ t <=> v : T1'" and eq:"u = App r v" by auto + then obtain r T1' v where ha:"\ \ q \ r : T1'\T2" and hb:"\ \ t <=> v : T1'" and eq:"u = App r v" + by auto moreover have "\ \ q \ p : T1\T2" using h1 algorithmic_path_symmetry by auto ultimately have "T1'\T2 = T1\T2" using algorithmic_path_type_unicity by auto then have "T1' = T1" using ty.inject by auto @@ -1101,9 +1100,10 @@ (auto) lemma logical_symmetry: - assumes "\ \ s is t : T" + assumes a: "\ \ s is t : T" shows "\ \ t is s : T" -using assms by (nominal_induct arbitrary: \ s t rule:ty.induct, auto simp add: algorithmic_symmetry) +using a +by (nominal_induct arbitrary: \ s t rule:ty.induct) (auto simp add: algorithmic_symmetry) lemma logical_transitivity: assumes "\ \ s is t : T" "\ \ t is u : T" @@ -1132,19 +1132,19 @@ qed (auto) lemma logical_weak_head_closure: - assumes "\ \ s is t : T" "s' \ s" "t' \ t" + assumes a: "\ \ s is t : T" "s' \ s" "t' \ t" shows "\ \ s' is t' : T" -using assms -apply (nominal_induct arbitrary: \ s t s' t' rule:ty.induct) -apply (auto simp add: algorithmic_weak_head_closure) -apply (blast) +using a +apply(nominal_induct arbitrary: \ s t s' t' rule:ty.induct) +apply(auto simp add: algorithmic_weak_head_closure) +apply(blast) done lemma logical_weak_head_closure': assumes "\ \ s is t : T" "s' \ s" shows "\ \ s' is t : T" using assms -proof (nominal_induct arbitrary: \ s t s' rule:ty.induct) +proof (nominal_induct arbitrary: \ s t s' rule: ty.induct) case (TBase \ s t s') then show ?case by force next @@ -1243,7 +1243,6 @@ ultimately show "\' \ \ is \ : T1\T2" using fs by auto qed (auto) - theorem fundamental_theorem_2: assumes h1: "\ \ s == t : T" and h2: "\' \ \ is \ over \" @@ -1321,7 +1320,8 @@ then have "\'' \ \ is \ over \" using h2 logical_subst_monotonicity by blast then have "\'' \ (x,s')#\ is (x,t')#\ over (x,T1)#\" using equiv_subst_ext hl fs by blast then have "\'' \ (x,s')#\ is (x,t')#\ : T2" using ih by blast - then have "\'' \ App (((x,s')#\)) (((x,s')#\)<(Var x)>) is App ((x,t')#\) ((x,t')#\<(Var x)>) : T2" by auto + then have "\'' \ App (((x,s')#\)) (((x,s')#\)<(Var x)>) is App ((x,t')#\) ((x,t')#\<(Var x)>) : T2" + by auto then have "\'' \ App ((x,s')#\) s' is App ((x,t')#\) t' : T2" by auto then have "\'' \ App (\) s' is App (\) t' : T2" using fs fresh_psubst_simpl by auto } @@ -1346,12 +1346,12 @@ then show "\ \ s <=> t : T" using main_lemma by simp qed -(* Soundness is left as an exercise - like in the book*) +(* Soundness is left as an exercise - like in the book - for the avid formalist -(* theorem soundness: - shows "\ \ \ s <=> t : T ; \ \ t : T ; \ \ s : T \ \ \ \ s == t : T" - and "\ \ \ s \ t : T ; \ \ t : T ; \ \ s : T \ \ \ \ s == t : T" + shows "\\ \ s <=> t : T; \ \ t : T; \ \ s : T\ \ \ \ s == t : T" + and "\\ \ s \ t : T; \ \ t : T; \ \ s : T\ \ \ \ s == t : T" + *) end