# HG changeset patch # User wenzelm # Date 1470082289 -7200 # Node ID b9bd9e61fd633c07ee4dd6570d75ae4bb4754a14 # Parent 4ea48cbc54c1e8b5442b1c66b23c64f4784b99e7 misc tuning and modernization; diff -r 4ea48cbc54c1 -r b9bd9e61fd63 src/HOL/Complete_Lattices.thy --- a/src/HOL/Complete_Lattices.thy Mon Aug 01 13:51:17 2016 +0200 +++ b/src/HOL/Complete_Lattices.thy Mon Aug 01 22:11:29 2016 +0200 @@ -1,9 +1,14 @@ -(* Author: Tobias Nipkow, Lawrence C Paulson and Markus Wenzel; Florian Haftmann, TU Muenchen *) +(* Title: HOL/Complete_Lattices.thy + Author: Tobias Nipkow + Author: Lawrence C Paulson + Author: Markus Wenzel + Author: Florian Haftmann +*) section \Complete lattices\ theory Complete_Lattices -imports Fun + imports Fun begin notation @@ -14,27 +19,22 @@ subsection \Syntactic infimum and supremum operations\ class Inf = - fixes Inf :: "'a set \ 'a" ("\_" [900] 900) + fixes Inf :: "'a set \ 'a" ("\_" [900] 900) begin abbreviation INFIMUM :: "'b set \ ('b \ 'a) \ 'a" -where - "INFIMUM A f \ \(f ` A)" + where "INFIMUM A f \ \(f ` A)" -lemma INF_image [simp]: - "INFIMUM (f ` A) g = INFIMUM A (g \ f)" +lemma INF_image [simp]: "INFIMUM (f ` A) g = INFIMUM A (g \ f)" by (simp add: image_comp) -lemma INF_identity_eq [simp]: - "INFIMUM A (\x. x) = \A" +lemma INF_identity_eq [simp]: "INFIMUM A (\x. x) = \A" by simp -lemma INF_id_eq [simp]: - "INFIMUM A id = \A" +lemma INF_id_eq [simp]: "INFIMUM A id = \A" by simp -lemma INF_cong: - "A = B \ (\x. x \ B \ C x = D x) \ INFIMUM A C = INFIMUM B D" +lemma INF_cong: "A = B \ (\x. x \ B \ C x = D x) \ INFIMUM A C = INFIMUM B D" by (simp add: image_def) lemma strong_INF_cong [cong]: @@ -44,27 +44,22 @@ end class Sup = - fixes Sup :: "'a set \ 'a" ("\_" [900] 900) + fixes Sup :: "'a set \ 'a" ("\_" [900] 900) begin abbreviation SUPREMUM :: "'b set \ ('b \ 'a) \ 'a" -where - "SUPREMUM A f \ \(f ` A)" + where "SUPREMUM A f \ \(f ` A)" -lemma SUP_image [simp]: - "SUPREMUM (f ` A) g = SUPREMUM A (g \ f)" +lemma SUP_image [simp]: "SUPREMUM (f ` A) g = SUPREMUM A (g \ f)" by (simp add: image_comp) -lemma SUP_identity_eq [simp]: - "SUPREMUM A (\x. x) = \A" +lemma SUP_identity_eq [simp]: "SUPREMUM A (\x. x) = \A" by simp -lemma SUP_id_eq [simp]: - "SUPREMUM A id = \A" +lemma SUP_id_eq [simp]: "SUPREMUM A id = \A" by (simp add: id_def) -lemma SUP_cong: - "A = B \ (\x. x \ B \ C x = D x) \ SUPREMUM A C = SUPREMUM B D" +lemma SUP_cong: "A = B \ (\x. x \ B \ C x = D x) \ SUPREMUM A C = SUPREMUM B D" by (simp add: image_def) lemma strong_SUP_cong [cong]: @@ -122,25 +117,25 @@ class complete_lattice = lattice + Inf + Sup + bot + top + assumes Inf_lower: "x \ A \ \A \ x" - and Inf_greatest: "(\x. x \ A \ z \ x) \ z \ \A" - assumes Sup_upper: "x \ A \ x \ \A" - and Sup_least: "(\x. x \ A \ x \ z) \ \A \ z" - assumes Inf_empty [simp]: "\{} = \" - assumes Sup_empty [simp]: "\{} = \" + and Inf_greatest: "(\x. x \ A \ z \ x) \ z \ \A" + and Sup_upper: "x \ A \ x \ \A" + and Sup_least: "(\x. x \ A \ x \ z) \ \A \ z" + and Inf_empty [simp]: "\{} = \" + and Sup_empty [simp]: "\{} = \" begin subclass bounded_lattice proof fix a - show "\ \ a" by (auto intro: Sup_least simp only: Sup_empty [symmetric]) - show "a \ \" by (auto intro: Inf_greatest simp only: Inf_empty [symmetric]) + show "\ \ a" + by (auto intro: Sup_least simp only: Sup_empty [symmetric]) + show "a \ \" + by (auto intro: Inf_greatest simp only: Inf_empty [symmetric]) qed -lemma dual_complete_lattice: - "class.complete_lattice Sup Inf sup (op \) (op >) inf \ \" +lemma dual_complete_lattice: "class.complete_lattice Sup Inf sup (op \) (op >) inf \ \" by (auto intro!: class.complete_lattice.intro dual_lattice) - (unfold_locales, (fact Inf_empty Sup_empty - Sup_upper Sup_least Inf_lower Inf_greatest)+) + (unfold_locales, (fact Inf_empty Sup_empty Sup_upper Sup_least Inf_lower Inf_greatest)+) end @@ -217,12 +212,10 @@ lemma SUP_empty [simp]: "(\x\{}. f x) = \" by (simp cong del: strong_SUP_cong) -lemma Inf_UNIV [simp]: - "\UNIV = \" +lemma Inf_UNIV [simp]: "\UNIV = \" by (auto intro!: antisym Inf_lower) -lemma Sup_UNIV [simp]: - "\UNIV = \" +lemma Sup_UNIV [simp]: "\UNIV = \" by (auto intro!: antisym Sup_upper) lemma Inf_Sup: "\A = \{b. \a \ A. b \ a}" @@ -247,8 +240,7 @@ with \a \ b\ show "\A \ b" by auto qed -lemma INF_mono: - "(\m. m \ B \ \n\A. f n \ g m) \ (\n\A. f n) \ (\n\B. g n)" +lemma INF_mono: "(\m. m \ B \ \n\A. f n \ g m) \ (\n\A. f n) \ (\n\B. g n)" using Inf_mono [of "g ` B" "f ` A"] by auto lemma Sup_mono: @@ -261,17 +253,14 @@ with \a \ b\ show "a \ \B" by auto qed -lemma SUP_mono: - "(\n. n \ A \ \m\B. f n \ g m) \ (\n\A. f n) \ (\n\B. g n)" +lemma SUP_mono: "(\n. n \ A \ \m\B. f n \ g m) \ (\n\A. f n) \ (\n\B. g n)" using Sup_mono [of "f ` A" "g ` B"] by auto -lemma INF_superset_mono: - "B \ A \ (\x. x \ B \ f x \ g x) \ (\x\A. f x) \ (\x\B. g x)" +lemma INF_superset_mono: "B \ A \ (\x. x \ B \ f x \ g x) \ (\x\A. f x) \ (\x\B. g x)" \ \The last inclusion is POSITIVE!\ by (blast intro: INF_mono dest: subsetD) -lemma SUP_subset_mono: - "A \ B \ (\x. x \ A \ f x \ g x) \ (\x\A. f x) \ (\x\B. g x)" +lemma SUP_subset_mono: "A \ B \ (\x. x \ A \ f x \ g x) \ (\x\A. f x) \ (\x\B. g x)" by (blast intro: SUP_mono dest: subsetD) lemma Inf_less_eq: @@ -296,13 +285,13 @@ lemma INF_eq: assumes "\i. i \ A \ \j\B. f i \ g j" - assumes "\j. j \ B \ \i\A. g j \ f i" + and "\j. j \ B \ \i\A. g j \ f i" shows "INFIMUM A f = INFIMUM B g" by (intro antisym INF_greatest) (blast intro: INF_lower2 dest: assms)+ lemma SUP_eq: assumes "\i. i \ A \ \j\B. f i \ g j" - assumes "\j. j \ B \ \i\A. g j \ f i" + and "\j. j \ B \ \i\A. g j \ f i" shows "SUPREMUM A f = SUPREMUM B g" by (intro antisym SUP_least) (blast intro: SUP_upper2 dest: assms)+ @@ -315,25 +304,25 @@ lemma Inf_union_distrib: "\(A \ B) = \A \ \B" by (rule antisym) (auto intro: Inf_greatest Inf_lower le_infI1 le_infI2) -lemma INF_union: - "(\i \ A \ B. M i) = (\i \ A. M i) \ (\i\B. M i)" +lemma INF_union: "(\i \ A \ B. M i) = (\i \ A. M i) \ (\i\B. M i)" by (auto intro!: antisym INF_mono intro: le_infI1 le_infI2 INF_greatest INF_lower) lemma Sup_union_distrib: "\(A \ B) = \A \ \B" by (rule antisym) (auto intro: Sup_least Sup_upper le_supI1 le_supI2) -lemma SUP_union: - "(\i \ A \ B. M i) = (\i \ A. M i) \ (\i\B. M i)" +lemma SUP_union: "(\i \ A \ B. M i) = (\i \ A. M i) \ (\i\B. M i)" by (auto intro!: antisym SUP_mono intro: le_supI1 le_supI2 SUP_least SUP_upper) lemma INF_inf_distrib: "(\a\A. f a) \ (\a\A. g a) = (\a\A. f a \ g a)" by (rule antisym) (rule INF_greatest, auto intro: le_infI1 le_infI2 INF_lower INF_mono) -lemma SUP_sup_distrib: "(\a\A. f a) \ (\a\A. g a) = (\a\A. f a \ g a)" (is "?L = ?R") +lemma SUP_sup_distrib: "(\a\A. f a) \ (\a\A. g a) = (\a\A. f a \ g a)" + (is "?L = ?R") proof (rule antisym) - show "?L \ ?R" by (auto intro: le_supI1 le_supI2 SUP_upper SUP_mono) -next - show "?R \ ?L" by (rule SUP_least) (auto intro: le_supI1 le_supI2 SUP_upper) + show "?L \ ?R" + by (auto intro: le_supI1 le_supI2 SUP_upper SUP_mono) + show "?R \ ?L" + by (rule SUP_least) (auto intro: le_supI1 le_supI2 SUP_upper) qed lemma Inf_top_conv [simp]: @@ -364,14 +353,14 @@ using Inf_top_conv [of "B ` A"] by simp_all lemma Sup_bot_conv [simp]: - "\A = \ \ (\x\A. x = \)" (is ?P) - "\ = \A \ (\x\A. x = \)" (is ?Q) + "\A = \ \ (\x\A. x = \)" + "\ = \A \ (\x\A. x = \)" using dual_complete_lattice by (rule complete_lattice.Inf_top_conv)+ lemma SUP_bot_conv [simp]: - "(\x\A. B x) = \ \ (\x\A. B x = \)" - "\ = (\x\A. B x) \ (\x\A. B x = \)" + "(\x\A. B x) = \ \ (\x\A. B x = \)" + "\ = (\x\A. B x) \ (\x\A. B x = \)" using Sup_bot_conv [of "B ` A"] by simp_all lemma INF_const [simp]: "A \ {} \ (\i\A. f) = f" @@ -408,25 +397,22 @@ then show ?thesis by simp qed -lemma INF_inf_const1: - "I \ {} \ (INF i:I. inf x (f i)) = inf x (INF i:I. f i)" +lemma INF_inf_const1: "I \ {} \ (INF i:I. inf x (f i)) = inf x (INF i:I. f i)" by (intro antisym INF_greatest inf_mono order_refl INF_lower) (auto intro: INF_lower2 le_infI2 intro!: INF_mono) -lemma INF_inf_const2: - "I \ {} \ (INF i:I. inf (f i) x) = inf (INF i:I. f i) x" +lemma INF_inf_const2: "I \ {} \ (INF i:I. inf (f i) x) = inf (INF i:I. f i) x" using INF_inf_const1[of I x f] by (simp add: inf_commute) -lemma INF_constant: - "(\y\A. c) = (if A = {} then \ else c)" +lemma INF_constant: "(\y\A. c) = (if A = {} then \ else c)" by simp -lemma SUP_constant: - "(\y\A. c) = (if A = {} then \ else c)" +lemma SUP_constant: "(\y\A. c) = (if A = {} then \ else c)" by simp lemma less_INF_D: - assumes "y < (\i\A. f i)" "i \ A" shows "y < f i" + assumes "y < (\i\A. f i)" "i \ A" + shows "y < f i" proof - note \y < (\i\A. f i)\ also have "(\i\A. f i) \ f i" using \i \ A\ @@ -435,20 +421,19 @@ qed lemma SUP_lessD: - assumes "(\i\A. f i) < y" "i \ A" shows "f i < y" + assumes "(\i\A. f i) < y" "i \ A" + shows "f i < y" proof - - have "f i \ (\i\A. f i)" using \i \ A\ - by (rule SUP_upper) + have "f i \ (\i\A. f i)" + using \i \ A\ by (rule SUP_upper) also note \(\i\A. f i) < y\ finally show "f i < y" . qed -lemma INF_UNIV_bool_expand: - "(\b. A b) = A True \ A False" +lemma INF_UNIV_bool_expand: "(\b. A b) = A True \ A False" by (simp add: UNIV_bool inf_commute) -lemma SUP_UNIV_bool_expand: - "(\b. A b) = A True \ A False" +lemma SUP_UNIV_bool_expand: "(\b. A b) = A True \ A False" by (simp add: UNIV_bool sup_commute) lemma Inf_le_Sup: "A \ {} \ Inf A \ Sup A" @@ -457,21 +442,17 @@ lemma INF_le_SUP: "A \ {} \ INFIMUM A f \ SUPREMUM A f" using Inf_le_Sup [of "f ` A"] by simp -lemma INF_eq_const: - "I \ {} \ (\i. i \ I \ f i = x) \ INFIMUM I f = x" +lemma INF_eq_const: "I \ {} \ (\i. i \ I \ f i = x) \ INFIMUM I f = x" by (auto intro: INF_eqI) -lemma SUP_eq_const: - "I \ {} \ (\i. i \ I \ f i = x) \ SUPREMUM I f = x" +lemma SUP_eq_const: "I \ {} \ (\i. i \ I \ f i = x) \ SUPREMUM I f = x" by (auto intro: SUP_eqI) -lemma INF_eq_iff: - "I \ {} \ (\i. i \ I \ f i \ c) \ (INFIMUM I f = c) \ (\i\I. f i = c)" +lemma INF_eq_iff: "I \ {} \ (\i. i \ I \ f i \ c) \ INFIMUM I f = c \ (\i\I. f i = c)" using INF_eq_const [of I f c] INF_lower [of _ I f] by (auto intro: antisym cong del: strong_INF_cong) -lemma SUP_eq_iff: - "I \ {} \ (\i. i \ I \ c \ f i) \ (SUPREMUM I f = c) \ (\i\I. f i = c)" +lemma SUP_eq_iff: "I \ {} \ (\i. i \ I \ c \ f i) \ SUPREMUM I f = c \ (\i\I. f i = c)" using SUP_eq_const [of I f c] SUP_upper [of _ I f] by (auto intro: antisym cong del: strong_SUP_cong) @@ -479,61 +460,52 @@ class complete_distrib_lattice = complete_lattice + assumes sup_Inf: "a \ \B = (\b\B. a \ b)" - assumes inf_Sup: "a \ \B = (\b\B. a \ b)" + and inf_Sup: "a \ \B = (\b\B. a \ b)" begin -lemma sup_INF: - "a \ (\b\B. f b) = (\b\B. a \ f b)" +lemma sup_INF: "a \ (\b\B. f b) = (\b\B. a \ f b)" by (simp add: sup_Inf) -lemma inf_SUP: - "a \ (\b\B. f b) = (\b\B. a \ f b)" +lemma inf_SUP: "a \ (\b\B. f b) = (\b\B. a \ f b)" by (simp add: inf_Sup) lemma dual_complete_distrib_lattice: "class.complete_distrib_lattice Sup Inf sup (op \) (op >) inf \ \" apply (rule class.complete_distrib_lattice.intro) - apply (fact dual_complete_lattice) + apply (fact dual_complete_lattice) apply (rule class.complete_distrib_lattice_axioms.intro) - apply (simp_all add: inf_Sup sup_Inf) + apply (simp_all add: inf_Sup sup_Inf) done -subclass distrib_lattice proof +subclass distrib_lattice +proof fix a b c - from sup_Inf have "a \ \{b, c} = (\d\{b, c}. a \ d)" . + have "a \ \{b, c} = (\d\{b, c}. a \ d)" by (rule sup_Inf) then show "a \ b \ c = (a \ b) \ (a \ c)" by simp qed -lemma Inf_sup: - "\B \ a = (\b\B. b \ a)" +lemma Inf_sup: "\B \ a = (\b\B. b \ a)" by (simp add: sup_Inf sup_commute) -lemma Sup_inf: - "\B \ a = (\b\B. b \ a)" +lemma Sup_inf: "\B \ a = (\b\B. b \ a)" by (simp add: inf_Sup inf_commute) -lemma INF_sup: - "(\b\B. f b) \ a = (\b\B. f b \ a)" +lemma INF_sup: "(\b\B. f b) \ a = (\b\B. f b \ a)" by (simp add: sup_INF sup_commute) -lemma SUP_inf: - "(\b\B. f b) \ a = (\b\B. f b \ a)" +lemma SUP_inf: "(\b\B. f b) \ a = (\b\B. f b \ a)" by (simp add: inf_SUP inf_commute) -lemma Inf_sup_eq_top_iff: - "(\B \ a = \) \ (\b\B. b \ a = \)" +lemma Inf_sup_eq_top_iff: "(\B \ a = \) \ (\b\B. b \ a = \)" by (simp only: Inf_sup INF_top_conv) -lemma Sup_inf_eq_bot_iff: - "(\B \ a = \) \ (\b\B. b \ a = \)" +lemma Sup_inf_eq_bot_iff: "(\B \ a = \) \ (\b\B. b \ a = \)" by (simp only: Sup_inf SUP_bot_conv) -lemma INF_sup_distrib2: - "(\a\A. f a) \ (\b\B. g b) = (\a\A. \b\B. f a \ g b)" +lemma INF_sup_distrib2: "(\a\A. f a) \ (\b\B. g b) = (\a\A. \b\B. f a \ g b)" by (subst INF_commute) (simp add: sup_INF INF_sup) -lemma SUP_inf_distrib2: - "(\a\A. f a) \ (\b\B. g b) = (\a\A. \b\B. f a \ g b)" +lemma SUP_inf_distrib2: "(\a\A. f a) \ (\b\B. g b) = (\a\A. \b\B. f a \ g b)" by (subst SUP_commute) (simp add: inf_SUP SUP_inf) context @@ -541,20 +513,16 @@ assumes "mono f" begin -lemma mono_Inf: - shows "f (\A) \ (\x\A. f x)" +lemma mono_Inf: "f (\A) \ (\x\A. f x)" using \mono f\ by (auto intro: complete_lattice_class.INF_greatest Inf_lower dest: monoD) -lemma mono_Sup: - shows "(\x\A. f x) \ f (\A)" +lemma mono_Sup: "(\x\A. f x) \ f (\A)" using \mono f\ by (auto intro: complete_lattice_class.SUP_least Sup_upper dest: monoD) -lemma mono_INF: - "f (INF i : I. A i) \ (INF x : I. f (A x))" +lemma mono_INF: "f (INF i : I. A i) \ (INF x : I. f (A x))" by (intro complete_lattice_class.INF_greatest monoD[OF \mono f\] INF_lower) -lemma mono_SUP: - "(SUP x : I. f (A x)) \ f (SUP i : I. A i)" +lemma mono_SUP: "(SUP x : I. f (A x)) \ f (SUP i : I. A i)" by (intro complete_lattice_class.SUP_least monoD[OF \mono f\] SUP_upper) end @@ -566,10 +534,11 @@ lemma dual_complete_boolean_algebra: "class.complete_boolean_algebra Sup Inf sup (op \) (op >) inf \ \ (\x y. x \ - y) uminus" - by (rule class.complete_boolean_algebra.intro, rule dual_complete_distrib_lattice, rule dual_boolean_algebra) + by (rule class.complete_boolean_algebra.intro, + rule dual_complete_distrib_lattice, + rule dual_boolean_algebra) -lemma uminus_Inf: - "- (\A) = \(uminus ` A)" +lemma uminus_Inf: "- (\A) = \(uminus ` A)" proof (rule antisym) show "- \A \ \(uminus ` A)" by (rule compl_le_swap2, rule Inf_greatest, rule compl_le_swap2, rule Sup_upper) simp @@ -580,13 +549,13 @@ lemma uminus_INF: "- (\x\A. B x) = (\x\A. - B x)" by (simp add: uminus_Inf image_image) -lemma uminus_Sup: - "- (\A) = \(uminus ` A)" +lemma uminus_Sup: "- (\A) = \(uminus ` A)" proof - - have "\A = - \(uminus ` A)" by (simp add: image_image uminus_INF) + have "\A = - \(uminus ` A)" + by (simp add: image_image uminus_INF) then show ?thesis by simp qed - + lemma uminus_SUP: "- (\x\A. B x) = (\x\A. - B x)" by (simp add: uminus_Sup image_image) @@ -605,29 +574,27 @@ lemma complete_linorder_sup_max: "sup = max" by (auto intro: antisym simp add: max_def fun_eq_iff) -lemma Inf_less_iff: - "\S \ a \ (\x\S. x \ a)" +lemma Inf_less_iff: "\S \ a \ (\x\S. x \ a)" by (simp add: not_le [symmetric] le_Inf_iff) -lemma INF_less_iff: - "(\i\A. f i) \ a \ (\x\A. f x \ a)" +lemma INF_less_iff: "(\i\A. f i) \ a \ (\x\A. f x \ a)" by (simp add: Inf_less_iff [of "f ` A"]) -lemma less_Sup_iff: - "a \ \S \ (\x\S. a \ x)" +lemma less_Sup_iff: "a \ \S \ (\x\S. a \ x)" by (simp add: not_le [symmetric] Sup_le_iff) -lemma less_SUP_iff: - "a \ (\i\A. f i) \ (\x\A. a \ f x)" +lemma less_SUP_iff: "a \ (\i\A. f i) \ (\x\A. a \ f x)" by (simp add: less_Sup_iff [of _ "f ` A"]) -lemma Sup_eq_top_iff [simp]: - "\A = \ \ (\x<\. \i\A. x < i)" +lemma Sup_eq_top_iff [simp]: "\A = \ \ (\x<\. \i\A. x < i)" proof assume *: "\A = \" - show "(\x<\. \i\A. x < i)" unfolding * [symmetric] + show "(\x<\. \i\A. x < i)" + unfolding * [symmetric] proof (intro allI impI) - fix x assume "x < \A" then show "\i\A. x < i" + fix x + assume "x < \A" + then show "\i\A. x < i" by (simp add: less_Sup_iff) qed next @@ -635,42 +602,40 @@ show "\A = \" proof (rule ccontr) assume "\A \ \" - with top_greatest [of "\A"] - have "\A < \" unfolding le_less by auto - then have "\A < \A" - using * unfolding less_Sup_iff by auto + with top_greatest [of "\A"] have "\A < \" + unfolding le_less by auto + with * have "\A < \A" + unfolding less_Sup_iff by auto then show False by auto qed qed -lemma SUP_eq_top_iff [simp]: - "(\i\A. f i) = \ \ (\x<\. \i\A. x < f i)" +lemma SUP_eq_top_iff [simp]: "(\i\A. f i) = \ \ (\x<\. \i\A. x < f i)" using Sup_eq_top_iff [of "f ` A"] by simp -lemma Inf_eq_bot_iff [simp]: - "\A = \ \ (\x>\. \i\A. i < x)" +lemma Inf_eq_bot_iff [simp]: "\A = \ \ (\x>\. \i\A. i < x)" using dual_complete_linorder by (rule complete_linorder.Sup_eq_top_iff) -lemma INF_eq_bot_iff [simp]: - "(\i\A. f i) = \ \ (\x>\. \i\A. f i < x)" +lemma INF_eq_bot_iff [simp]: "(\i\A. f i) = \ \ (\x>\. \i\A. f i < x)" using Inf_eq_bot_iff [of "f ` A"] by simp lemma Inf_le_iff: "\A \ x \ (\y>x. \a\A. y > a)" proof safe - fix y assume "x \ \A" "y > x" + fix y + assume "x \ \A" "y > x" then have "y > \A" by auto then show "\a\A. y > a" unfolding Inf_less_iff . qed (auto elim!: allE[of _ "\A"] simp add: not_le[symmetric] Inf_lower) -lemma INF_le_iff: - "INFIMUM A f \ x \ (\y>x. \i\A. y > f i)" +lemma INF_le_iff: "INFIMUM A f \ x \ (\y>x. \i\A. y > f i)" using Inf_le_iff [of "f ` A"] by simp lemma le_Sup_iff: "x \ \A \ (\ya\A. y < a)" proof safe - fix y assume "x \ \A" "y < x" + fix y + assume "x \ \A" "y < x" then have "y < \A" by auto then show "\a\A. y < a" unfolding less_Sup_iff . @@ -696,35 +661,29 @@ instantiation bool :: complete_lattice begin -definition - [simp, code]: "\A \ False \ A" +definition [simp, code]: "\A \ False \ A" -definition - [simp, code]: "\A \ True \ A" +definition [simp, code]: "\A \ True \ A" -instance proof -qed (auto intro: bool_induct) +instance + by standard (auto intro: bool_induct) end -lemma not_False_in_image_Ball [simp]: - "False \ P ` A \ Ball A P" +lemma not_False_in_image_Ball [simp]: "False \ P ` A \ Ball A P" by auto -lemma True_in_image_Bex [simp]: - "True \ P ` A \ Bex A P" +lemma True_in_image_Bex [simp]: "True \ P ` A \ Bex A P" by auto -lemma INF_bool_eq [simp]: - "INFIMUM = Ball" +lemma INF_bool_eq [simp]: "INFIMUM = Ball" by (simp add: fun_eq_iff) -lemma SUP_bool_eq [simp]: - "SUPREMUM = Bex" +lemma SUP_bool_eq [simp]: "SUPREMUM = Bex" by (simp add: fun_eq_iff) -instance bool :: complete_boolean_algebra proof -qed (auto intro: bool_induct) +instance bool :: complete_boolean_algebra + by standard (auto intro: bool_induct) subsection \Complete lattice on @{typ "_ \ _"}\ @@ -732,11 +691,9 @@ instantiation "fun" :: (type, Inf) Inf begin -definition - "\A = (\x. \f\A. f x)" +definition "\A = (\x. \f\A. f x)" -lemma Inf_apply [simp, code]: - "(\A) x = (\f\A. f x)" +lemma Inf_apply [simp, code]: "(\A) x = (\f\A. f x)" by (simp add: Inf_fun_def) instance .. @@ -746,11 +703,9 @@ instantiation "fun" :: (type, Sup) Sup begin -definition - "\A = (\x. \f\A. f x)" +definition "\A = (\x. \f\A. f x)" -lemma Sup_apply [simp, code]: - "(\A) x = (\f\A. f x)" +lemma Sup_apply [simp, code]: "(\A) x = (\f\A. f x)" by (simp add: Sup_fun_def) instance .. @@ -760,57 +715,47 @@ instantiation "fun" :: (type, complete_lattice) complete_lattice begin -instance proof -qed (auto simp add: le_fun_def intro: INF_lower INF_greatest SUP_upper SUP_least) +instance + by standard (auto simp add: le_fun_def intro: INF_lower INF_greatest SUP_upper SUP_least) end -lemma INF_apply [simp]: - "(\y\A. f y) x = (\y\A. f y x)" +lemma INF_apply [simp]: "(\y\A. f y) x = (\y\A. f y x)" using Inf_apply [of "f ` A"] by (simp add: comp_def) -lemma SUP_apply [simp]: - "(\y\A. f y) x = (\y\A. f y x)" +lemma SUP_apply [simp]: "(\y\A. f y) x = (\y\A. f y x)" using Sup_apply [of "f ` A"] by (simp add: comp_def) -instance "fun" :: (type, complete_distrib_lattice) complete_distrib_lattice proof -qed (auto simp add: inf_Sup sup_Inf fun_eq_iff image_image) +instance "fun" :: (type, complete_distrib_lattice) complete_distrib_lattice + by standard (auto simp add: inf_Sup sup_Inf fun_eq_iff image_image) instance "fun" :: (type, complete_boolean_algebra) complete_boolean_algebra .. subsection \Complete lattice on unary and binary predicates\ -lemma Inf1_I: - "(\P. P \ A \ P a) \ (\A) a" +lemma Inf1_I: "(\P. P \ A \ P a) \ (\A) a" by auto -lemma INF1_I: - "(\x. x \ A \ B x b) \ (\x\A. B x) b" +lemma INF1_I: "(\x. x \ A \ B x b) \ (\x\A. B x) b" by simp -lemma INF2_I: - "(\x. x \ A \ B x b c) \ (\x\A. B x) b c" +lemma INF2_I: "(\x. x \ A \ B x b c) \ (\x\A. B x) b c" by simp -lemma Inf2_I: - "(\r. r \ A \ r a b) \ (\A) a b" +lemma Inf2_I: "(\r. r \ A \ r a b) \ (\A) a b" by auto -lemma Inf1_D: - "(\A) a \ P \ A \ P a" +lemma Inf1_D: "(\A) a \ P \ A \ P a" by auto -lemma INF1_D: - "(\x\A. B x) b \ a \ A \ B a b" +lemma INF1_D: "(\x\A. B x) b \ a \ A \ B a b" by simp -lemma Inf2_D: - "(\A) a b \ r \ A \ r a b" +lemma Inf2_D: "(\A) a b \ r \ A \ r a b" by auto -lemma INF2_D: - "(\x\A. B x) b c \ a \ A \ B a b c" +lemma INF2_D: "(\x\A. B x) b c \ a \ A \ B a b c" by simp lemma Inf1_E: @@ -833,20 +778,16 @@ obtains "B a b c" | "a \ A" using assms by auto -lemma Sup1_I: - "P \ A \ P a \ (\A) a" +lemma Sup1_I: "P \ A \ P a \ (\A) a" by auto -lemma SUP1_I: - "a \ A \ B a b \ (\x\A. B x) b" +lemma SUP1_I: "a \ A \ B a b \ (\x\A. B x) b" by auto -lemma Sup2_I: - "r \ A \ r a b \ (\A) a b" +lemma Sup2_I: "r \ A \ r a b \ (\A) a b" by auto -lemma SUP2_I: - "a \ A \ B a b c \ (\x\A. B x) b c" +lemma SUP2_I: "a \ A \ B a b c \ (\x\A. B x) b c" by auto lemma Sup1_E: @@ -875,29 +816,25 @@ instantiation "set" :: (type) complete_lattice begin -definition - "\A = {x. \((\B. x \ B) ` A)}" +definition "\A = {x. \((\B. x \ B) ` A)}" -definition - "\A = {x. \((\B. x \ B) ` A)}" +definition "\A = {x. \((\B. x \ B) ` A)}" -instance proof -qed (auto simp add: less_eq_set_def Inf_set_def Sup_set_def le_fun_def) +instance + by standard (auto simp add: less_eq_set_def Inf_set_def Sup_set_def le_fun_def) end instance "set" :: (type) complete_boolean_algebra -proof -qed (auto simp add: Inf_set_def Sup_set_def image_def) - + by standard (auto simp add: Inf_set_def Sup_set_def image_def) + subsubsection \Inter\ abbreviation Inter :: "'a set set \ 'a set" ("\_" [900] 900) where "\S \ \S" - -lemma Inter_eq: - "\A = {x. \B \ A. x \ B}" + +lemma Inter_eq: "\A = {x. \B \ A. x \ B}" proof (rule set_eqI) fix x have "(\Q\{P. \B\A. P \ x \ B}. Q) \ (\B\A. x \ B)" @@ -913,7 +850,7 @@ by (simp add: Inter_eq) text \ - \medskip A ``destruct'' rule -- every @{term X} in @{term C} + \<^medskip> A ``destruct'' rule -- every @{term X} in @{term C} contains @{term A} as an element, but @{prop "A \ X"} can hold when @{prop "X \ C"} does not! This rule is analogous to \spec\. \ @@ -924,13 +861,12 @@ lemma InterE [elim]: "A \ \C \ (X \ C \ R) \ (A \ X \ R) \ R" \ \``Classical'' elimination rule -- does not require proving @{prop "X \ C"}.\ - by (unfold Inter_eq) blast + unfolding Inter_eq by blast lemma Inter_lower: "B \ A \ \A \ B" by (fact Inf_lower) -lemma Inter_subset: - "(\X. X \ A \ X \ B) \ A \ {} \ \A \ B" +lemma Inter_subset: "(\X. X \ A \ X \ B) \ A \ {} \ \A \ B" by (fact Inf_less_eq) lemma Inter_greatest: "(\X. X \ A \ C \ X) \ C \ \A" @@ -992,8 +928,7 @@ [Syntax_Trans.preserve_binder_abs2_tr' @{const_syntax INTER} @{syntax_const "_INTER"}] \ \ \to avoid eta-contraction of body\ -lemma INTER_eq: - "(\x\A. B x) = {y. \x\A. y \ B x}" +lemma INTER_eq: "(\x\A. B x) = {y. \x\A. y \ B x}" by (auto intro!: INF_eqI) lemma INT_iff [simp]: "b \ (\x\A. B x) \ (\x\A. b \ B x)" @@ -1036,23 +971,21 @@ lemma INT_Un: "(\i \ A \ B. M i) = (\i \ A. M i) \ (\i\B. M i)" by (fact INF_union) -lemma INT_insert_distrib: - "u \ A \ (\x\A. insert a (B x)) = insert a (\x\A. B x)" +lemma INT_insert_distrib: "u \ A \ (\x\A. insert a (B x)) = insert a (\x\A. B x)" by blast lemma INT_constant [simp]: "(\y\A. c) = (if A = {} then UNIV else c)" by (fact INF_constant) lemma INTER_UNIV_conv: - "(UNIV = (\x\A. B x)) = (\x\A. B x = UNIV)" - "((\x\A. B x) = UNIV) = (\x\A. B x = UNIV)" + "(UNIV = (\x\A. B x)) = (\x\A. B x = UNIV)" + "((\x\A. B x) = UNIV) = (\x\A. B x = UNIV)" by (fact INF_top_conv)+ (* already simp *) lemma INT_bool_eq: "(\b. A b) = A True \ A False" by (fact INF_UNIV_bool_expand) -lemma INT_anti_mono: - "A \ B \ (\x. x \ A \ f x \ g x) \ (\x\B. f x) \ (\x\A. g x)" +lemma INT_anti_mono: "A \ B \ (\x. x \ A \ f x \ g x) \ (\x\B. f x) \ (\x\A. g x)" \ \The last inclusion is POSITIVE!\ by (fact INF_superset_mono) @@ -1068,8 +1001,7 @@ abbreviation Union :: "'a set set \ 'a set" ("\_" [900] 900) where "\S \ \S" -lemma Union_eq: - "\A = {x. \B \ A. x \ B}" +lemma Union_eq: "\A = {x. \B \ A. x \ B}" proof (rule set_eqI) fix x have "(\Q\{P. \B\A. P \ x \ B}. Q) \ (\B\A. x \ B)" @@ -1078,18 +1010,15 @@ by (simp add: Sup_set_def image_def) qed -lemma Union_iff [simp]: - "A \ \C \ (\X\C. A\X)" +lemma Union_iff [simp]: "A \ \C \ (\X\C. A\X)" by (unfold Union_eq) blast -lemma UnionI [intro]: - "X \ C \ A \ X \ A \ \C" +lemma UnionI [intro]: "X \ C \ A \ X \ A \ \C" \ \The order of the premises presupposes that @{term C} is rigid; @{term A} may be flexible.\ by auto -lemma UnionE [elim!]: - "A \ \C \ (\X. A \ X \ X \ C \ R) \ R" +lemma UnionE [elim!]: "A \ \C \ (\X. A \ X \ X \ C \ R) \ R" by auto lemma Union_upper: "B \ A \ B \ \A" @@ -1131,6 +1060,7 @@ lemma Union_subsetI: "(\x. x \ A \ \y. y \ B \ x \ y) \ \A \ \B" by blast + subsubsection \Unions of families\ abbreviation UNION :: "'a set \ ('a \ 'b set) \ 'b set" @@ -1169,16 +1099,13 @@ [Syntax_Trans.preserve_binder_abs2_tr' @{const_syntax UNION} @{syntax_const "_UNION"}] \ \ \to avoid eta-contraction of body\ -lemma UNION_eq: - "(\x\A. B x) = {y. \x\A. y \ B x}" +lemma UNION_eq: "(\x\A. B x) = {y. \x\A. y \ B x}" by (auto intro!: SUP_eqI) -lemma bind_UNION [code]: - "Set.bind A f = UNION A f" +lemma bind_UNION [code]: "Set.bind A f = UNION A f" by (simp add: bind_def UNION_eq) -lemma member_bind [simp]: - "x \ Set.bind P f \ x \ UNION P f " +lemma member_bind [simp]: "x \ Set.bind P f \ x \ UNION P f " by (simp add: bind_UNION) lemma Union_SetCompr_eq: "\{f x| x. P x} = {a. \x. P x \ a \ f x}" @@ -1281,6 +1208,7 @@ lemma inj_on_image: "inj_on f (\A) \ inj_on (op ` f) A" unfolding inj_on_def by blast + subsubsection \Distributive laws\ lemma Int_Union: "A \ \B = (\C\B. A \ C)" @@ -1298,10 +1226,10 @@ lemma UN_Un_distrib: "(\i\I. A i \ B i) = (\i\I. A i) \ (\i\I. B i)" by (rule sym) (rule SUP_sup_distrib) -lemma Int_Inter_image: "(\x\C. A x \ B x) = \(A ` C) \ \(B ` C)" \ \FIXME drop\ +lemma Int_Inter_image: "(\x\C. A x \ B x) = \(A ` C) \ \(B ` C)" (* FIXME drop *) by (simp add: INT_Int_distrib) -lemma Un_Union_image: "(\x\C. A x \ B x) = \(A ` C) \ \(B ` C)" \ \FIXME drop\ +lemma Un_Union_image: "(\x\C. A x \ B x) = \(A ` C) \ \(B ` C)" (* FIXME drop *) \ \Devlin, Fundamentals of Contemporary Set Theory, page 12, exercise 5:\ \ \Union of a family of unions\ by (simp add: UN_Un_distrib) @@ -1323,86 +1251,82 @@ by (fact Sup_inf_eq_bot_iff) lemma SUP_UNION: "(SUP x:(UN y:A. g y). f x) = (SUP y:A. SUP x:g y. f x :: _ :: complete_lattice)" -by(rule order_antisym)(blast intro: SUP_least SUP_upper2)+ + by (rule order_antisym) (blast intro: SUP_least SUP_upper2)+ + subsection \Injections and bijections\ -lemma inj_on_Inter: - "S \ {} \ (\A. A \ S \ inj_on f A) \ inj_on f (\S)" +lemma inj_on_Inter: "S \ {} \ (\A. A \ S \ inj_on f A) \ inj_on f (\S)" unfolding inj_on_def by blast -lemma inj_on_INTER: - "I \ {} \ (\i. i \ I \ inj_on f (A i)) \ inj_on f (\i \ I. A i)" +lemma inj_on_INTER: "I \ {} \ (\i. i \ I \ inj_on f (A i)) \ inj_on f (\i \ I. A i)" unfolding inj_on_def by safe simp lemma inj_on_UNION_chain: - assumes CH: "\ i j. \i \ I; j \ I\ \ A i \ A j \ A j \ A i" and - INJ: "\ i. i \ I \ inj_on f (A i)" + assumes chain: "\i j. i \ I \ j \ I \ A i \ A j \ A j \ A i" + and inj: "\i. i \ I \ inj_on f (A i)" shows "inj_on f (\i \ I. A i)" proof - - { - fix i j x y - assume *: "i \ I" "j \ I" and **: "x \ A i" "y \ A j" - and ***: "f x = f y" - have "x = y" - proof - - { - assume "A i \ A j" - with ** have "x \ A j" by auto - with INJ * ** *** have ?thesis - by(auto simp add: inj_on_def) - } - moreover - { - assume "A j \ A i" - with ** have "y \ A i" by auto - with INJ * ** *** have ?thesis - by(auto simp add: inj_on_def) - } - ultimately show ?thesis using CH * by blast - qed - } - then show ?thesis by (unfold inj_on_def UNION_eq) auto + have "x = y" + if *: "i \ I" "j \ I" + and **: "x \ A i" "y \ A j" + and ***: "f x = f y" + for i j x y + using chain [OF *] + proof + assume "A i \ A j" + with ** have "x \ A j" by auto + with inj * ** *** show ?thesis + by (auto simp add: inj_on_def) + next + assume "A j \ A i" + with ** have "y \ A i" by auto + with inj * ** *** show ?thesis + by (auto simp add: inj_on_def) + qed + then show ?thesis + by (unfold inj_on_def UNION_eq) auto qed lemma bij_betw_UNION_chain: - assumes CH: "\ i j. \i \ I; j \ I\ \ A i \ A j \ A j \ A i" and - BIJ: "\ i. i \ I \ bij_betw f (A i) (A' i)" + assumes chain: "\i j. i \ I \ j \ I \ A i \ A j \ A j \ A i" + and bij: "\i. i \ I \ bij_betw f (A i) (A' i)" shows "bij_betw f (\i \ I. A i) (\i \ I. A' i)" -proof (unfold bij_betw_def, auto) - have "\ i. i \ I \ inj_on f (A i)" - using BIJ bij_betw_def[of f] by auto - thus "inj_on f (\i \ I. A i)" - using CH inj_on_UNION_chain[of I A f] by auto + unfolding bij_betw_def +proof auto (* slow *) + have "\i. i \ I \ inj_on f (A i)" + using bij bij_betw_def[of f] by auto + then show "inj_on f (\i \ I. A i)" + using chain inj_on_UNION_chain[of I A f] by auto next fix i x assume *: "i \ I" "x \ A i" - hence "f x \ A' i" using BIJ bij_betw_def[of f] by auto - thus "\j \ I. f x \ A' j" using * by blast + then have "f x \ A' i" + using bij bij_betw_def[of f] by auto + with * show "\j \ I. f x \ A' j" by blast next fix i x' assume *: "i \ I" "x' \ A' i" - hence "\x \ A i. x' = f x" using BIJ bij_betw_def[of f] by blast - then have "\j \ I. \x \ A j. x' = f x" - using * by blast - then show "x' \ f ` (\x\I. A x)" by blast + then have "\x \ A i. x' = f x" + using bij bij_betw_def[of f] by blast + with * have "\j \ I. \x \ A j. x' = f x" + by blast + then show "x' \ f ` (\x\I. A x)" + by blast qed (*injectivity's required. Left-to-right inclusion holds even if A is empty*) -lemma image_INT: - "[| inj_on f C; ALL x:A. B x <= C; j:A |] - ==> f ` (INTER A B) = (INT x:A. f ` B x)" - by (simp add: inj_on_def, auto) blast +lemma image_INT: "inj_on f C \ \x\A. B x \ C \ j \ A \ f ` (INTER A B) = (INT x:A. f ` B x)" + by (auto simp add: inj_on_def) blast -lemma bij_image_INT: "bij f ==> f ` (INTER A B) = (INT x:A. f ` B x)" - apply (simp add: bij_def) - apply (simp add: inj_on_def surj_def) +lemma bij_image_INT: "bij f \ f ` (INTER A B) = (INT x:A. f ` B x)" + apply (simp only: bij_def) + apply (simp only: inj_on_def surj_def) apply auto apply blast done -lemma UNION_fun_upd: - "UNION J (A(i := B)) = UNION (J - {i}) A \ (if i \ J then B else {})" +lemma UNION_fun_upd: "UNION J (A(i := B)) = UNION (J - {i}) A \ (if i \ J then B else {})" by (auto simp add: set_eq_iff) lemma bij_betw_Pow: @@ -1436,8 +1360,7 @@ subsubsection \Miniscoping and maxiscoping\ -text \\medskip Miniscoping: pushing in quantifiers and big Unions - and Intersections.\ +text \\<^medskip> Miniscoping: pushing in quantifiers and big Unions and Intersections.\ lemma UN_simps [simp]: "\a B C. (\x\C. insert a (B x)) = (if C={} then {} else insert a (\x\C. B x))" @@ -1473,7 +1396,7 @@ by auto -text \\medskip Maxiscoping: pulling out big Unions and Intersections.\ +text \\<^medskip> Maxiscoping: pulling out big Unions and Intersections.\ lemma UN_extend_simps: "\a B C. insert a (\x\C. B x) = (if C={} then {a} else (\x\C. insert a (B x)))" @@ -1513,4 +1436,3 @@ \ \Each of these has ALREADY been added \[simp]\ above.\ end - diff -r 4ea48cbc54c1 -r b9bd9e61fd63 src/HOL/Fun.thy --- a/src/HOL/Fun.thy Mon Aug 01 13:51:17 2016 +0200 +++ b/src/HOL/Fun.thy Mon Aug 01 22:11:29 2016 +0200 @@ -7,8 +7,8 @@ section \Notions about functions\ theory Fun -imports Set -keywords "functor" :: thy_goal + imports Set + keywords "functor" :: thy_goal begin lemma apply_inverse: "f x = u \ (\x. P x \ g (f x) = x) \ P x \ x = g u" @@ -63,12 +63,10 @@ lemma comp_id [simp]: "f \ id = f" by (simp add: fun_eq_iff) -lemma comp_eq_dest: - "a \ b = c \ d \ a (b v) = c (d v)" +lemma comp_eq_dest: "a \ b = c \ d \ a (b v) = c (d v)" by (simp add: fun_eq_iff) -lemma comp_eq_elim: - "a \ b = c \ d \ ((\v. a (b v) = c (d v)) \ R) \ R" +lemma comp_eq_elim: "a \ b = c \ d \ ((\v. a (b v) = c (d v)) \ R) \ R" by (simp add: fun_eq_iff) lemma comp_eq_dest_lhs: "a \ b = c \ a (b v) = c v" @@ -104,7 +102,7 @@ subsection \The Forward Composition Operator \fcomp\\ -definition fcomp :: "('a \ 'b) \ ('b \ 'c) \ 'a \ 'c" (infixl "\>" 60) +definition fcomp :: "('a \ 'b) \ ('b \ 'c) \ 'a \ 'c" (infixl "\>" 60) where "f \> g = (\x. g (f x))" lemma fcomp_apply [simp]: "(f \> g) x = g (f x)" @@ -145,8 +143,10 @@ definition bij_betw :: "('a \ 'b) \ 'a set \ 'b set \ bool" \ \bijective\ where "bij_betw f A B \ inj_on f A \ f ` A = B" -text \A common special case: functions injective, surjective or bijective over - the entire domain type.\ +text \ + A common special case: functions injective, surjective or bijective over + the entire domain type. +\ abbreviation "inj f \ inj_on f UNIV" @@ -212,7 +212,7 @@ lemma inj_on_subset: assumes "inj_on f A" - assumes "B \ A" + and "B \ A" shows "inj_on f B" proof (rule inj_onI) fix a b @@ -296,7 +296,7 @@ by (simp add: surj_def) lemma surjE: "surj f \ (\x. y = f x \ C) \ C" - by (simp add: surj_def, blast) + by (simp add: surj_def) blast lemma comp_surj: "surj f \ surj g \ surj (g \ f)" by (simp add: image_comp [symmetric]) @@ -354,18 +354,19 @@ using img proof (auto simp add: bij_betw_def) assume "inj_on (f' \ f) A" - then show "inj_on f A" using inj_on_imageI2 by blast + then show "inj_on f A" + using inj_on_imageI2 by blast next fix a' assume **: "a' \ A'" - then have "f' a' \ A''" using bij unfolding bij_betw_def by auto - then obtain a where 1: "a \ A \ f'(f a) = f' a'" - using * unfolding bij_betw_def by force - then have "f a \ A'" using img by auto - then have "f a = a'" - using bij ** 1 unfolding bij_betw_def inj_on_def by auto - then show "a' \ f ` A" - using 1 by auto + with bij have "f' a' \ A''" + unfolding bij_betw_def by auto + with * obtain a where 1: "a \ A \ f' (f a) = f' a'" + unfolding bij_betw_def by force + with img have "f a \ A'" by auto + with bij ** 1 have "f a = a'" + unfolding bij_betw_def inj_on_def by auto + with 1 show "a' \ f ` A" by auto qed qed @@ -379,9 +380,10 @@ let ?g = "\b. The (?P b)" have g: "?g b = a" if P: "?P b a" for a b proof - - from that have ex1: "\a. ?P b a" using s by blast + from that s have ex1: "\a. ?P b a" by blast then have uex1: "\!a. ?P b a" by (blast dest:inj_onD[OF i]) - then show ?thesis using the1_equality[OF uex1, OF P] P by simp + then show ?thesis + using the1_equality[OF uex1, OF P] P by simp qed have "inj_on ?g B" proof (rule inj_onI) @@ -396,15 +398,16 @@ fix b assume "b \ B" with s obtain a where P: "?P b a" by blast - then show "?g b \ A" using g[OF P] by auto + with g[OF P] show "?g b \ A" by auto next fix a assume "a \ A" - then obtain b where P: "?P b a" using s by blast - then have "b \ B" using s by blast + with s obtain b where P: "?P b a" by blast + with s have "b \ B" by blast with g[OF P] show "\b\B. a = ?g b" by blast qed - ultimately show ?thesis by (auto simp: bij_betw_def) + ultimately show ?thesis + by (auto simp: bij_betw_def) qed lemma bij_betw_cong: "(\ a. a \ A \ f a = g a) \ bij_betw f A A' = bij_betw g A A'" @@ -500,9 +503,7 @@ lemma inj_vimage_singleton: "inj f \ f -` {a} \ {THE x. f x = a}" \ \The inverse image of a singleton under an injective function is included in a singleton.\ - apply (auto simp add: inj_on_def) - apply (blast intro: the_equality [symmetric]) - done + by (simp add: inj_on_def) (blast intro: the_equality [symmetric]) lemma inj_on_vimage_singleton: "inj_on f A \ f -` {a} \ A \ {THE x. x \ A \ f x = a}" by (auto simp add: inj_on_def intro: the_equality [symmetric]) @@ -516,21 +517,21 @@ lemma bij_betw_byWitness: assumes left: "\a \ A. f' (f a) = a" and right: "\a' \ A'. f (f' a') = a'" - and "f ` A \ A'" - and img2: "f' ` A' \ A" + and "f ` A \ A'" + and img2: "f' ` A' \ A" shows "bij_betw f A A'" using assms unfolding bij_betw_def inj_on_def proof safe fix a b - assume *: "a \ A" "b \ A" and **: "f a = f b" - have "a = f' (f a) \ b = f'(f b)" using * left by simp - with ** show "a = b" by simp + assume "a \ A" "b \ A" + with left have "a = f' (f a) \ b = f' (f b)" by simp + moreover assume "f a = f b" + ultimately show "a = b" by simp next fix a' assume *: "a' \ A'" - then have "f' a' \ A" using img2 by blast - moreover - have "a' = f (f' a')" using * right by simp + with img2 have "f' a' \ A" by blast + moreover from * right have "a' = f (f' a')" by simp ultimately show "a' \ f ` A" by blast qed @@ -565,7 +566,8 @@ moreover have False if "f a = f b" proof - - have "a = b" using * ** that unfolding bij_betw_def inj_on_def by blast + have "a = b" + using * ** that unfolding bij_betw_def inj_on_def by blast with \b \ A\ ** show ?thesis by blast qed ultimately show "f a \ A'" by blast @@ -611,9 +613,9 @@ lemma fun_upd_idem_iff: "f(x:=y) = f \ f x = y" unfolding fun_upd_def apply safe - apply (erule subst) - apply (rule_tac [2] ext) - apply auto + apply (erule subst) + apply (rule_tac [2] ext) + apply auto done lemma fun_upd_idem: "f x = y \ f(x := y) = f" @@ -667,10 +669,10 @@ by (simp add:override_on_def) lemma override_on_insert: "override_on f g (insert x X) = (override_on f g X)(x:=g x)" -unfolding override_on_def by (simp add: fun_eq_iff) + unfolding override_on_def by (simp add: fun_eq_iff) lemma override_on_insert': "override_on f g (insert x X) = (override_on (f(x:=g x)) g X)" -unfolding override_on_def by (simp add: fun_eq_iff) + unfolding override_on_def by (simp add: fun_eq_iff) subsection \\swap\\ @@ -691,7 +693,7 @@ by (simp add: fun_upd_def swap_def fun_eq_iff) lemma swap_nilpotent [simp]: "swap a b (swap a b f) = f" - by (rule ext, simp add: fun_upd_def swap_def) + by (rule ext) (simp add: fun_upd_def swap_def) lemma swap_comp_involutory [simp]: "swap a b \ swap a b = id" by (rule ext) simp @@ -757,14 +759,14 @@ lemma f_the_inv_into_f: "inj_on f A \ y \ f ` A \ f (the_inv_into A f y) = y" apply (simp add: the_inv_into_def) apply (rule the1I2) - apply(blast dest: inj_onD) + apply (blast dest: inj_onD) apply blast done lemma the_inv_into_into: "inj_on f A \ x \ f ` A \ A \ B \ the_inv_into A f x \ B" apply (simp add: the_inv_into_def) apply (rule the1I2) - apply(blast dest: inj_onD) + apply (blast dest: inj_onD) apply blast done diff -r 4ea48cbc54c1 -r b9bd9e61fd63 src/HOL/HOL.thy --- a/src/HOL/HOL.thy Mon Aug 01 13:51:17 2016 +0200 +++ b/src/HOL/HOL.thy Mon Aug 01 22:11:29 2016 +0200 @@ -218,20 +218,20 @@ by (rule trans [OF _ sym]) lemma meta_eq_to_obj_eq: - assumes meq: "A \ B" + assumes "A \ B" shows "A = B" - by (unfold meq) (rule refl) + unfolding assms by (rule refl) text \Useful with \erule\ for proving equalities from known equalities.\ (* a = b | | c = d *) lemma box_equals: "\a = b; a = c; b = d\ \ c = d" -apply (rule trans) -apply (rule trans) -apply (rule sym) -apply assumption+ -done + apply (rule trans) + apply (rule trans) + apply (rule sym) + apply assumption+ + done text \For calculational reasoning:\ @@ -246,25 +246,25 @@ text \Similar to \AP_THM\ in Gordon's HOL.\ lemma fun_cong: "(f :: 'a \ 'b) = g \ f x = g x" -apply (erule subst) -apply (rule refl) -done + apply (erule subst) + apply (rule refl) + done text \Similar to \AP_TERM\ in Gordon's HOL and FOL's \subst_context\.\ lemma arg_cong: "x = y \ f x = f y" -apply (erule subst) -apply (rule refl) -done + apply (erule subst) + apply (rule refl) + done lemma arg_cong2: "\a = b; c = d\ \ f a c = f b d" -apply (erule ssubst)+ -apply (rule refl) -done + apply (erule ssubst)+ + apply (rule refl) + done lemma cong: "\f = g; (x::'a) = y\ \ f x = g y" -apply (erule subst)+ -apply (rule refl) -done + apply (erule subst)+ + apply (rule refl) + done ML \fun cong_tac ctxt = Cong_Tac.cong_tac ctxt @{thm cong}\ @@ -295,7 +295,7 @@ subsubsection \True\ -lemma TrueI: "True" +lemma TrueI: True unfolding True_def by (rule refl) lemma eqTrueI: "P \ P = True" @@ -307,14 +307,16 @@ subsubsection \Universal quantifier\ -lemma allI: assumes "\x::'a. P x" shows "\x. P x" +lemma allI: + assumes "\x::'a. P x" + shows "\x. P x" unfolding All_def by (iprover intro: ext eqTrueI assms) lemma spec: "\x::'a. P x \ P x" -apply (unfold All_def) -apply (rule eqTrueE) -apply (erule fun_cong) -done + apply (unfold All_def) + apply (rule eqTrueE) + apply (erule fun_cong) + done lemma allE: assumes major: "\x. P x" @@ -380,24 +382,24 @@ lemma impE: assumes "P \ Q" P "Q \ R" shows R -by (iprover intro: assms mp) + by (iprover intro: assms mp) -(* Reduces Q to P \ Q, allowing substitution in P. *) +text \Reduces \Q\ to \P \ Q\, allowing substitution in \P\.\ lemma rev_mp: "\P; P \ Q\ \ Q" -by (iprover intro: mp) + by (iprover intro: mp) lemma contrapos_nn: assumes major: "\ Q" - and minor: "P \ Q" + and minor: "P \ Q" shows "\ P" -by (iprover intro: notI minor major [THEN notE]) + by (iprover intro: notI minor major [THEN notE]) -(*not used at all, but we already have the other 3 combinations *) +text \Not used at all, but we already have the other 3 combinations.\ lemma contrapos_pn: assumes major: "Q" - and minor: "P \ \ Q" + and minor: "P \ \ Q" shows "\ P" -by (iprover intro: notI minor major notE) + by (iprover intro: notI minor major notE) lemma not_sym: "t \ s \ s \ t" by (erule contrapos_nn) (erule sym) @@ -409,69 +411,56 @@ subsubsection \Existential quantifier\ lemma exI: "P x \ \x::'a. P x" -apply (unfold Ex_def) -apply (iprover intro: allI allE impI mp) -done + unfolding Ex_def by (iprover intro: allI allE impI mp) lemma exE: assumes major: "\x::'a. P x" - and minor: "\x. P x \ Q" + and minor: "\x. P x \ Q" shows "Q" -apply (rule major [unfolded Ex_def, THEN spec, THEN mp]) -apply (iprover intro: impI [THEN allI] minor) -done + by (rule major [unfolded Ex_def, THEN spec, THEN mp]) (iprover intro: impI [THEN allI] minor) subsubsection \Conjunction\ lemma conjI: "\P; Q\ \ P \ Q" -apply (unfold and_def) -apply (iprover intro: impI [THEN allI] mp) -done + unfolding and_def by (iprover intro: impI [THEN allI] mp) lemma conjunct1: "\P \ Q\ \ P" -apply (unfold and_def) -apply (iprover intro: impI dest: spec mp) -done + unfolding and_def by (iprover intro: impI dest: spec mp) lemma conjunct2: "\P \ Q\ \ Q" -apply (unfold and_def) -apply (iprover intro: impI dest: spec mp) -done + unfolding and_def by (iprover intro: impI dest: spec mp) lemma conjE: assumes major: "P \ Q" - and minor: "\P; Q\ \ R" + and minor: "\P; Q\ \ R" shows R -apply (rule minor) -apply (rule major [THEN conjunct1]) -apply (rule major [THEN conjunct2]) -done + apply (rule minor) + apply (rule major [THEN conjunct1]) + apply (rule major [THEN conjunct2]) + done lemma context_conjI: - assumes P "P \ Q" shows "P \ Q" -by (iprover intro: conjI assms) + assumes P "P \ Q" + shows "P \ Q" + by (iprover intro: conjI assms) subsubsection \Disjunction\ lemma disjI1: "P \ P \ Q" -apply (unfold or_def) -apply (iprover intro: allI impI mp) -done + unfolding or_def by (iprover intro: allI impI mp) lemma disjI2: "Q \ P \ Q" -apply (unfold or_def) -apply (iprover intro: allI impI mp) -done + unfolding or_def by (iprover intro: allI impI mp) lemma disjE: assumes major: "P \ Q" - and minorP: "P \ R" - and minorQ: "Q \ R" + and minorP: "P \ R" + and minorQ: "Q \ R" shows R -by (iprover intro: minorP minorQ impI - major [unfolded or_def, THEN spec, THEN mp, THEN mp]) + by (iprover intro: minorP minorQ impI + major [unfolded or_def, THEN spec, THEN mp, THEN mp]) subsubsection \Classical logic\ @@ -479,37 +468,37 @@ lemma classical: assumes prem: "\ P \ P" shows P -apply (rule True_or_False [THEN disjE, THEN eqTrueE]) -apply assumption -apply (rule notI [THEN prem, THEN eqTrueI]) -apply (erule subst) -apply assumption -done + apply (rule True_or_False [THEN disjE, THEN eqTrueE]) + apply assumption + apply (rule notI [THEN prem, THEN eqTrueI]) + apply (erule subst) + apply assumption + done lemmas ccontr = FalseE [THEN classical] -(*notE with premises exchanged; it discharges \ R so that it can be used to - make elimination rules*) +text \\notE\ with premises exchanged; it discharges \\ R\ so that it can be used to + make elimination rules.\ lemma rev_notE: assumes premp: P - and premnot: "\ R \ \ P" + and premnot: "\ R \ \ P" shows R -apply (rule ccontr) -apply (erule notE [OF premnot premp]) -done + apply (rule ccontr) + apply (erule notE [OF premnot premp]) + done -(*Double negation law*) +text \Double negation law.\ lemma notnotD: "\\ P \ P" -apply (rule classical) -apply (erule notE) -apply assumption -done + apply (rule classical) + apply (erule notE) + apply assumption + done lemma contrapos_pp: assumes p1: Q - and p2: "\ P \ \ Q" + and p2: "\ P \ \ Q" shows P -by (iprover intro: classical p1 p2 notE) + by (iprover intro: classical p1 p2 notE) subsubsection \Unique existence\ @@ -517,90 +506,87 @@ lemma ex1I: assumes "P a" "\x. P x \ x = a" shows "\!x. P x" -by (unfold Ex1_def, iprover intro: assms exI conjI allI impI) + unfolding Ex1_def by (iprover intro: assms exI conjI allI impI) -text\Sometimes easier to use: the premises have no shared variables. Safe!\ +text \Sometimes easier to use: the premises have no shared variables. Safe!\ lemma ex_ex1I: assumes ex_prem: "\x. P x" - and eq: "\x y. \P x; P y\ \ x = y" + and eq: "\x y. \P x; P y\ \ x = y" shows "\!x. P x" -by (iprover intro: ex_prem [THEN exE] ex1I eq) + by (iprover intro: ex_prem [THEN exE] ex1I eq) lemma ex1E: assumes major: "\!x. P x" - and minor: "\x. \P x; \y. P y \ y = x\ \ R" + and minor: "\x. \P x; \y. P y \ y = x\ \ R" shows R -apply (rule major [unfolded Ex1_def, THEN exE]) -apply (erule conjE) -apply (iprover intro: minor) -done + apply (rule major [unfolded Ex1_def, THEN exE]) + apply (erule conjE) + apply (iprover intro: minor) + done lemma ex1_implies_ex: "\!x. P x \ \x. P x" -apply (erule ex1E) -apply (rule exI) -apply assumption -done + apply (erule ex1E) + apply (rule exI) + apply assumption + done subsubsection \Classical intro rules for disjunction and existential quantifiers\ lemma disjCI: - assumes "\ Q \ P" shows "P \ Q" -apply (rule classical) -apply (iprover intro: assms disjI1 disjI2 notI elim: notE) -done + assumes "\ Q \ P" + shows "P \ Q" + by (rule classical) (iprover intro: assms disjI1 disjI2 notI elim: notE) lemma excluded_middle: "\ P \ P" -by (iprover intro: disjCI) + by (iprover intro: disjCI) text \ case distinction as a natural deduction rule. - Note that @{term "\ P"} is the second case, not the first + Note that \\ P\ is the second case, not the first. \ lemma case_split [case_names True False]: assumes prem1: "P \ Q" - and prem2: "\ P \ Q" + and prem2: "\ P \ Q" shows Q -apply (rule excluded_middle [THEN disjE]) -apply (erule prem2) -apply (erule prem1) -done + apply (rule excluded_middle [THEN disjE]) + apply (erule prem2) + apply (erule prem1) + done -(*Classical implies (\) elimination. *) +text \Classical implies (\\\) elimination.\ lemma impCE: assumes major: "P \ Q" - and minor: "\ P \ R" "Q \ R" + and minor: "\ P \ R" "Q \ R" shows R -apply (rule excluded_middle [of P, THEN disjE]) -apply (iprover intro: minor major [THEN mp])+ -done + apply (rule excluded_middle [of P, THEN disjE]) + apply (iprover intro: minor major [THEN mp])+ + done -(*This version of \ elimination works on Q before P. It works best for - those cases in which P holds "almost everywhere". Can't install as - default: would break old proofs.*) +text \ + This version of \\\ elimination works on \Q\ before \P\. It works best for + those cases in which \P\ holds "almost everywhere". Can't install as + default: would break old proofs. +\ lemma impCE': assumes major: "P \ Q" - and minor: "Q \ R" "\ P \ R" + and minor: "Q \ R" "\ P \ R" shows R -apply (rule excluded_middle [of P, THEN disjE]) -apply (iprover intro: minor major [THEN mp])+ -done + apply (rule excluded_middle [of P, THEN disjE]) + apply (iprover intro: minor major [THEN mp])+ + done -(*Classical <-> elimination. *) +text \Classical \\\ elimination.\ lemma iffCE: assumes major: "P = Q" - and minor: "\P; Q\ \ R" "\\ P; \ Q\ \ R" + and minor: "\P; Q\ \ R" "\\ P; \ Q\ \ R" shows R -apply (rule major [THEN iffE]) -apply (iprover intro: minor elim: impCE notE) -done + by (rule major [THEN iffE]) (iprover intro: minor elim: impCE notE) lemma exCI: assumes "\x. \ P x \ P a" shows "\x. P x" -apply (rule ccontr) -apply (iprover intro: assms exI allI notI notE [of "\x. P x"]) -done + by (rule ccontr) (iprover intro: assms exI allI notI notE [of "\x. P x"]) subsubsection \Intuitionistic Reasoning\ @@ -650,7 +636,7 @@ subsubsection \Atomizing meta-level connectives\ axiomatization where - eq_reflection: "x = y \ x \ y" (*admissible axiom*) + eq_reflection: "x = y \ x \ y" \ \admissible axiom\ lemma atomize_all [atomize]: "(\x. P x) \ Trueprop (\x. P x)" proof @@ -731,9 +717,9 @@ subsubsection \Sledgehammer setup\ text \ -Theorems blacklisted to Sledgehammer. These theorems typically produce clauses -that are prolific (match too many equality or membership literals) and relate to -seldom-used facts. Some duplicate other rules. + Theorems blacklisted to Sledgehammer. These theorems typically produce clauses + that are prolific (match too many equality or membership literals) and relate to + seldom-used facts. Some duplicate other rules. \ named_theorems no_atp "theorems that should be filtered out by Sledgehammer" @@ -830,18 +816,18 @@ lemmas [intro?] = ext and [elim?] = ex1_implies_ex -(*Better then ex1E for classical reasoner: needs no quantifier duplication!*) +text \Better than \ex1E\ for classical reasoner: needs no quantifier duplication!\ lemma alt_ex1E [elim!]: assumes major: "\!x. P x" - and prem: "\x. \ P x; \y y'. P y \ P y' \ y = y' \ \ R" + and prem: "\x. \P x; \y y'. P y \ P y' \ y = y'\ \ R" shows R -apply (rule ex1E [OF major]) -apply (rule prem) -apply assumption -apply (rule allI)+ -apply (tactic \eresolve_tac @{context} [Classical.dup_elim @{context} @{thm allE}] 1\) -apply iprover -done + apply (rule ex1E [OF major]) + apply (rule prem) + apply assumption + apply (rule allI)+ + apply (tactic \eresolve_tac @{context} [Classical.dup_elim @{context} @{thm allE}] 1\) + apply iprover + done ML \ structure Blast = Blast @@ -862,27 +848,29 @@ lemma the_equality [intro]: assumes "P a" - and "\x. P x \ x = a" + and "\x. P x \ x = a" shows "(THE x. P x) = a" by (blast intro: assms trans [OF arg_cong [where f=The] the_eq_trivial]) lemma theI: - assumes "P a" and "\x. P x \ x = a" + assumes "P a" + and "\x. P x \ x = a" shows "P (THE x. P x)" -by (iprover intro: assms the_equality [THEN ssubst]) + by (iprover intro: assms the_equality [THEN ssubst]) lemma theI': "\!x. P x \ P (THE x. P x)" by (blast intro: theI) -(*Easier to apply than theI: only one occurrence of P*) +text \Easier to apply than \theI\: only one occurrence of \P\.\ lemma theI2: assumes "P a" "\x. P x \ x = a" "\x. P x \ Q x" shows "Q (THE x. P x)" -by (iprover intro: assms theI) + by (iprover intro: assms theI) -lemma the1I2: assumes "\!x. P x" "\x. P x \ Q x" shows "Q (THE x. P x)" -by(iprover intro:assms(2) theI2[where P=P and Q=Q] ex1E[OF assms(1)] - elim:allE impE) +lemma the1I2: + assumes "\!x. P x" "\x. P x \ Q x" + shows "Q (THE x. P x)" + by (iprover intro: assms(2) theI2[where P=P and Q=Q] ex1E[OF assms(1)] elim: allE impE) lemma the1_equality [elim?]: "\\!x. P x; P a\ \ (THE x. P x) = a" by blast @@ -929,136 +917,136 @@ "\P. (\x. t = x \ P x) = P t" by (blast, blast, blast, blast, blast, iprover+) -lemma disj_absorb: "(A \ A) = A" +lemma disj_absorb: "A \ A \ A" by blast -lemma disj_left_absorb: "(A \ (A \ B)) = (A \ B)" +lemma disj_left_absorb: "A \ (A \ B) \ A \ B" by blast -lemma conj_absorb: "(A \ A) = A" +lemma conj_absorb: "A \ A \ A" by blast -lemma conj_left_absorb: "(A \ (A \ B)) = (A \ B)" +lemma conj_left_absorb: "A \ (A \ B) \ A \ B" by blast lemma eq_ac: shows eq_commute: "a = b \ b = a" and iff_left_commute: "(P \ (Q \ R)) \ (Q \ (P \ R))" - and iff_assoc: "((P \ Q) \ R) \ (P \ (Q \ R))" by (iprover, blast+) + and iff_assoc: "((P \ Q) \ R) \ (P \ (Q \ R))" + by (iprover, blast+) + lemma neq_commute: "a \ b \ b \ a" by iprover lemma conj_comms: - shows conj_commute: "(P \ Q) = (Q \ P)" - and conj_left_commute: "(P \ (Q \ R)) = (Q \ (P \ R))" by iprover+ -lemma conj_assoc: "((P \ Q) \ R) = (P \ (Q \ R))" by iprover + shows conj_commute: "P \ Q \ Q \ P" + and conj_left_commute: "P \ (Q \ R) \ Q \ (P \ R)" by iprover+ +lemma conj_assoc: "(P \ Q) \ R \ P \ (Q \ R)" by iprover lemmas conj_ac = conj_commute conj_left_commute conj_assoc lemma disj_comms: - shows disj_commute: "(P \ Q) = (Q \ P)" - and disj_left_commute: "(P \ (Q \ R)) = (Q \ (P \ R))" by iprover+ -lemma disj_assoc: "((P \ Q) \ R) = (P \ (Q \ R))" by iprover + shows disj_commute: "P \ Q \ Q \ P" + and disj_left_commute: "P \ (Q \ R) \ Q \ (P \ R)" by iprover+ +lemma disj_assoc: "(P \ Q) \ R \ P \ (Q \ R)" by iprover lemmas disj_ac = disj_commute disj_left_commute disj_assoc -lemma conj_disj_distribL: "(P \ (Q \ R)) = (P \ Q \ P \ R)" by iprover -lemma conj_disj_distribR: "((P \ Q) \ R) = (P \ R \ Q \ R)" by iprover +lemma conj_disj_distribL: "P \ (Q \ R) \ P \ Q \ P \ R" by iprover +lemma conj_disj_distribR: "(P \ Q) \ R \ P \ R \ Q \ R" by iprover -lemma disj_conj_distribL: "(P \ (Q \ R)) = ((P \ Q) \ (P \ R))" by iprover -lemma disj_conj_distribR: "((P \ Q) \ R) = ((P \ R) \ (Q \ R))" by iprover +lemma disj_conj_distribL: "P \ (Q \ R) \ (P \ Q) \ (P \ R)" by iprover +lemma disj_conj_distribR: "(P \ Q) \ R \ (P \ R) \ (Q \ R)" by iprover lemma imp_conjR: "(P \ (Q \ R)) = ((P \ Q) \ (P \ R))" by iprover lemma imp_conjL: "((P \ Q) \ R) = (P \ (Q \ R))" by iprover lemma imp_disjL: "((P \ Q) \ R) = ((P \ R) \ (Q \ R))" by iprover text \These two are specialized, but \imp_disj_not1\ is useful in \Auth/Yahalom\.\ -lemma imp_disj_not1: "(P \ Q \ R) = (\ Q \ P \ R)" by blast -lemma imp_disj_not2: "(P \ Q \ R) = (\ R \ P \ Q)" by blast +lemma imp_disj_not1: "(P \ Q \ R) \ (\ Q \ P \ R)" by blast +lemma imp_disj_not2: "(P \ Q \ R) \ (\ R \ P \ Q)" by blast -lemma imp_disj1: "((P \ Q) \ R) = (P \ Q \ R)" by blast -lemma imp_disj2: "(Q \ (P \ R)) = (P \ Q \ R)" by blast +lemma imp_disj1: "((P \ Q) \ R) \ (P \ Q \ R)" by blast +lemma imp_disj2: "(Q \ (P \ R)) \ (P \ Q \ R)" by blast -lemma imp_cong: "(P = P') \ (P' \ (Q = Q')) \ ((P \ Q) = (P' \ Q'))" +lemma imp_cong: "(P = P') \ (P' \ (Q = Q')) \ ((P \ Q) \ (P' \ Q'))" by iprover -lemma de_Morgan_disj: "(\ (P \ Q)) = (\ P \ \ Q)" by iprover -lemma de_Morgan_conj: "(\ (P \ Q)) = (\ P \ \ Q)" by blast -lemma not_imp: "(\ (P \ Q)) = (P \ \ Q)" by blast -lemma not_iff: "(P \ Q) = (P = (\ Q))" by blast -lemma disj_not1: "(\ P \ Q) = (P \ Q)" by blast -lemma disj_not2: "(P \ \ Q) = (Q \ P)" \ \changes orientation :-(\ - by blast -lemma imp_conv_disj: "(P \ Q) = ((\ P) \ Q)" by blast +lemma de_Morgan_disj: "\ (P \ Q) \ \ P \ \ Q" by iprover +lemma de_Morgan_conj: "\ (P \ Q) \ \ P \ \ Q" by blast +lemma not_imp: "\ (P \ Q) \ P \ \ Q" by blast +lemma not_iff: "P \ Q \ (P \ \ Q)" by blast +lemma disj_not1: "\ P \ Q \ (P \ Q)" by blast +lemma disj_not2: "P \ \ Q \ (Q \ P)" by blast \ \changes orientation :-(\ +lemma imp_conv_disj: "(P \ Q) \ (\ P) \ Q" by blast lemma disj_imp: "P \ Q \ \ P \ Q" by blast -lemma iff_conv_conj_imp: "(P = Q) = ((P \ Q) \ (Q \ P))" by iprover +lemma iff_conv_conj_imp: "(P \ Q) \ (P \ Q) \ (Q \ P)" by iprover -lemma cases_simp: "((P \ Q) \ (\ P \ Q)) = Q" +lemma cases_simp: "(P \ Q) \ (\ P \ Q) \ Q" \ \Avoids duplication of subgoals after \if_split\, when the true and false\ \ \cases boil down to the same thing.\ by blast -lemma not_all: "(\ (\x. P x)) = (\x. \ P x)" by blast -lemma imp_all: "((\x. P x) \ Q) = (\x. P x \ Q)" by blast -lemma not_ex: "(\ (\x. P x)) = (\x. \ P x)" by iprover -lemma imp_ex: "((\x. P x) \ Q) = (\x. P x \ Q)" by iprover -lemma all_not_ex: "(\x. P x) = (\ (\x. \ P x ))" by blast +lemma not_all: "\ (\x. P x) \ (\x. \ P x)" by blast +lemma imp_all: "((\x. P x) \ Q) \ (\x. P x \ Q)" by blast +lemma not_ex: "\ (\x. P x) \ (\x. \ P x)" by iprover +lemma imp_ex: "((\x. P x) \ Q) \ (\x. P x \ Q)" by iprover +lemma all_not_ex: "(\x. P x) \ \ (\x. \ P x)" by blast declare All_def [no_atp] -lemma ex_disj_distrib: "(\x. P x \ Q x) = ((\x. P x) \ (\x. Q x))" by iprover -lemma all_conj_distrib: "(\x. P x \ Q x) = ((\x. P x) \ (\x. Q x))" by iprover +lemma ex_disj_distrib: "(\x. P x \ Q x) \ (\x. P x) \ (\x. Q x)" by iprover +lemma all_conj_distrib: "(\x. P x \ Q x) \ (\x. P x) \ (\x. Q x)" by iprover text \ - \medskip The \\\ congruence rule: not included by default! + \<^medskip> The \\\ congruence rule: not included by default! May slow rewrite proofs down by as much as 50\%\ -lemma conj_cong: - "(P = P') \ (P' \ (Q = Q')) \ ((P \ Q) = (P' \ Q'))" +lemma conj_cong: "P = P' \ (P' \ Q = Q') \ (P \ Q) = (P' \ Q')" by iprover -lemma rev_conj_cong: - "(Q = Q') \ (Q' \ (P = P')) \ ((P \ Q) = (P' \ Q'))" +lemma rev_conj_cong: "Q = Q' \ (Q' \ P = P') \ (P \ Q) = (P' \ Q')" by iprover text \The \|\ congruence rule: not included by default!\ -lemma disj_cong: - "(P = P') \ (\ P' \ (Q = Q')) \ ((P \ Q) = (P' \ Q'))" +lemma disj_cong: "P = P' \ (\ P' \ Q = Q') \ (P \ Q) = (P' \ Q')" by blast -text \\medskip if-then-else rules\ +text \\<^medskip> if-then-else rules\ lemma if_True [code]: "(if True then x else y) = x" - by (unfold If_def) blast + unfolding If_def by blast lemma if_False [code]: "(if False then x else y) = y" - by (unfold If_def) blast + unfolding If_def by blast lemma if_P: "P \ (if P then x else y) = x" - by (unfold If_def) blast + unfolding If_def by blast lemma if_not_P: "\ P \ (if P then x else y) = y" - by (unfold If_def) blast + unfolding If_def by blast lemma if_split: "P (if Q then x else y) = ((Q \ P x) \ (\ Q \ P y))" apply (rule case_split [of Q]) apply (simplesubst if_P) - prefer 3 apply (simplesubst if_not_P, blast+) + prefer 3 + apply (simplesubst if_not_P) + apply blast+ done lemma if_split_asm: "P (if Q then x else y) = (\ ((Q \ \ P x) \ (\ Q \ \ P y)))" -by (simplesubst if_split, blast) + by (simplesubst if_split) blast lemmas if_splits [no_atp] = if_split if_split_asm lemma if_cancel: "(if c then x else x) = x" -by (simplesubst if_split, blast) + by (simplesubst if_split) blast lemma if_eq_cancel: "(if x = y then y else x) = x" -by (simplesubst if_split, blast) + by (simplesubst if_split) blast lemma if_bool_eq_conj: "(if P then Q else R) = ((P \ Q) \ (\ P \ R))" \ \This form is useful for expanding \if\s on the RIGHT of the \\\ symbol.\ @@ -1068,10 +1056,10 @@ \ \And this form is useful for expanding \if\s on the LEFT.\ by (simplesubst if_split) blast -lemma Eq_TrueI: "P \ P \ True" by (unfold atomize_eq) iprover -lemma Eq_FalseI: "\ P \ P \ False" by (unfold atomize_eq) iprover +lemma Eq_TrueI: "P \ P \ True" unfolding atomize_eq by iprover +lemma Eq_FalseI: "\ P \ P \ False" unfolding atomize_eq by iprover -text \\medskip let rules for simproc\ +text \\<^medskip> let rules for simproc\ lemma Let_folded: "f x \ g x \ Let x f \ Let x g" by (unfold Let_def) @@ -1085,8 +1073,8 @@ its premise. \ -definition simp_implies :: "[prop, prop] \ prop" (infixr "=simp=>" 1) where - "simp_implies \ op \" +definition simp_implies :: "prop \ prop \ prop" (infixr "=simp=>" 1) + where "simp_implies \ op \" lemma simp_impliesI: assumes PQ: "(PROP P \ PROP Q)" @@ -1098,8 +1086,8 @@ lemma simp_impliesE: assumes PQ: "PROP P =simp=> PROP Q" - and P: "PROP P" - and QR: "PROP Q \ PROP R" + and P: "PROP P" + and QR: "PROP Q \ PROP R" shows "PROP R" apply (rule QR) apply (rule PQ [unfolded simp_implies_def]) @@ -1108,18 +1096,19 @@ lemma simp_implies_cong: assumes PP' :"PROP P \ PROP P'" - and P'QQ': "PROP P' \ (PROP Q \ PROP Q')" + and P'QQ': "PROP P' \ (PROP Q \ PROP Q')" shows "(PROP P =simp=> PROP Q) \ (PROP P' =simp=> PROP Q')" -proof (unfold simp_implies_def, rule equal_intr_rule) + unfolding simp_implies_def +proof (rule equal_intr_rule) assume PQ: "PROP P \ PROP Q" - and P': "PROP P'" + and P': "PROP P'" from PP' [symmetric] and P' have "PROP P" by (rule equal_elim_rule1) then have "PROP Q" by (rule PQ) with P'QQ' [OF P'] show "PROP Q'" by (rule equal_elim_rule1) next assume P'Q': "PROP P' \ PROP Q'" - and P: "PROP P" + and P: "PROP P" from PP' and P have P': "PROP P'" by (rule equal_elim_rule1) then have "PROP Q'" by (rule P'Q') with P'QQ' [OF P', symmetric] show "PROP Q" @@ -1141,12 +1130,10 @@ shows "(\x. P x) = (\x. Q x)" using assms by blast -lemma all_comm: - "(\x y. P x y) = (\y x. P x y)" +lemma all_comm: "(\x y. P x y) = (\y x. P x y)" by blast -lemma ex_comm: - "(\x y. P x y) = (\y x. P x y)" +lemma ex_comm: "(\x y. P x y) = (\y x. P x y)" by blast ML_file "Tools/simpdata.ML" @@ -1163,79 +1150,80 @@ text \Simproc for proving \(y = x) \ False\ from premise \\ (x = y)\:\ simproc_setup neq ("x = y") = \fn _ => -let - val neq_to_EQ_False = @{thm not_sym} RS @{thm Eq_FalseI}; - fun is_neq eq lhs rhs thm = - (case Thm.prop_of thm of - _ $ (Not $ (eq' $ l' $ r')) => - Not = HOLogic.Not andalso eq' = eq andalso - r' aconv lhs andalso l' aconv rhs - | _ => false); - fun proc ss ct = - (case Thm.term_of ct of - eq $ lhs $ rhs => - (case find_first (is_neq eq lhs rhs) (Simplifier.prems_of ss) of - SOME thm => SOME (thm RS neq_to_EQ_False) - | NONE => NONE) - | _ => NONE); -in proc end; + let + val neq_to_EQ_False = @{thm not_sym} RS @{thm Eq_FalseI}; + fun is_neq eq lhs rhs thm = + (case Thm.prop_of thm of + _ $ (Not $ (eq' $ l' $ r')) => + Not = HOLogic.Not andalso eq' = eq andalso + r' aconv lhs andalso l' aconv rhs + | _ => false); + fun proc ss ct = + (case Thm.term_of ct of + eq $ lhs $ rhs => + (case find_first (is_neq eq lhs rhs) (Simplifier.prems_of ss) of + SOME thm => SOME (thm RS neq_to_EQ_False) + | NONE => NONE) + | _ => NONE); + in proc end; \ simproc_setup let_simp ("Let x f") = \ -let - fun count_loose (Bound i) k = if i >= k then 1 else 0 - | count_loose (s $ t) k = count_loose s k + count_loose t k - | count_loose (Abs (_, _, t)) k = count_loose t (k + 1) - | count_loose _ _ = 0; - fun is_trivial_let (Const (@{const_name Let}, _) $ x $ t) = - (case t of - Abs (_, _, t') => count_loose t' 0 <= 1 - | _ => true); -in - fn _ => fn ctxt => fn ct => - if is_trivial_let (Thm.term_of ct) - then SOME @{thm Let_def} (*no or one ocurrence of bound variable*) - else - let (*Norbert Schirmer's case*) - val t = Thm.term_of ct; - val ([t'], ctxt') = Variable.import_terms false [t] ctxt; - in - Option.map (hd o Variable.export ctxt' ctxt o single) - (case t' of Const (@{const_name Let},_) $ x $ f => (* x and f are already in normal form *) - if is_Free x orelse is_Bound x orelse is_Const x - then SOME @{thm Let_def} - else - let - val n = case f of (Abs (x, _, _)) => x | _ => "x"; - val cx = Thm.cterm_of ctxt x; - val xT = Thm.typ_of_cterm cx; - val cf = Thm.cterm_of ctxt f; - val fx_g = Simplifier.rewrite ctxt (Thm.apply cf cx); - val (_ $ _ $ g) = Thm.prop_of fx_g; - val g' = abstract_over (x, g); - val abs_g'= Abs (n, xT, g'); - in - if g aconv g' then - let - val rl = - infer_instantiate ctxt [(("f", 0), cf), (("x", 0), cx)] @{thm Let_unfold}; - in SOME (rl OF [fx_g]) end - else if (Envir.beta_eta_contract f) aconv (Envir.beta_eta_contract abs_g') - then NONE (*avoid identity conversion*) - else - let - val g'x = abs_g' $ x; - val g_g'x = Thm.symmetric (Thm.beta_conversion false (Thm.cterm_of ctxt g'x)); - val rl = - @{thm Let_folded} |> infer_instantiate ctxt - [(("f", 0), Thm.cterm_of ctxt f), - (("x", 0), cx), - (("g", 0), Thm.cterm_of ctxt abs_g')]; - in SOME (rl OF [Thm.transitive fx_g g_g'x]) end - end - | _ => NONE) - end -end\ + let + fun count_loose (Bound i) k = if i >= k then 1 else 0 + | count_loose (s $ t) k = count_loose s k + count_loose t k + | count_loose (Abs (_, _, t)) k = count_loose t (k + 1) + | count_loose _ _ = 0; + fun is_trivial_let (Const (@{const_name Let}, _) $ x $ t) = + (case t of + Abs (_, _, t') => count_loose t' 0 <= 1 + | _ => true); + in + fn _ => fn ctxt => fn ct => + if is_trivial_let (Thm.term_of ct) + then SOME @{thm Let_def} (*no or one ocurrence of bound variable*) + else + let (*Norbert Schirmer's case*) + val t = Thm.term_of ct; + val ([t'], ctxt') = Variable.import_terms false [t] ctxt; + in + Option.map (hd o Variable.export ctxt' ctxt o single) + (case t' of Const (@{const_name Let},_) $ x $ f => (* x and f are already in normal form *) + if is_Free x orelse is_Bound x orelse is_Const x + then SOME @{thm Let_def} + else + let + val n = case f of (Abs (x, _, _)) => x | _ => "x"; + val cx = Thm.cterm_of ctxt x; + val xT = Thm.typ_of_cterm cx; + val cf = Thm.cterm_of ctxt f; + val fx_g = Simplifier.rewrite ctxt (Thm.apply cf cx); + val (_ $ _ $ g) = Thm.prop_of fx_g; + val g' = abstract_over (x, g); + val abs_g'= Abs (n, xT, g'); + in + if g aconv g' then + let + val rl = + infer_instantiate ctxt [(("f", 0), cf), (("x", 0), cx)] @{thm Let_unfold}; + in SOME (rl OF [fx_g]) end + else if (Envir.beta_eta_contract f) aconv (Envir.beta_eta_contract abs_g') + then NONE (*avoid identity conversion*) + else + let + val g'x = abs_g' $ x; + val g_g'x = Thm.symmetric (Thm.beta_conversion false (Thm.cterm_of ctxt g'x)); + val rl = + @{thm Let_folded} |> infer_instantiate ctxt + [(("f", 0), Thm.cterm_of ctxt f), + (("x", 0), cx), + (("g", 0), Thm.cterm_of ctxt abs_g')]; + in SOME (rl OF [Thm.transitive fx_g g_g'x]) end + end + | _ => NONE) + end + end +\ lemma True_implies_equals: "(True \ PROP P) \ PROP P" proof @@ -1254,9 +1242,10 @@ (* This is not made a simp rule because it does not improve any proofs but slows some AFP entries down by 5% (cpu time). May 2015 *) -lemma implies_False_swap: "NO_MATCH (Trueprop False) P \ - (False \ PROP P \ PROP Q) \ (PROP P \ False \ PROP Q)" -by(rule swap_prems_eq) +lemma implies_False_swap: + "NO_MATCH (Trueprop False) P \ + (False \ PROP P \ PROP Q) \ (PROP P \ False \ PROP Q)" + by (rule swap_prems_eq) lemma ex_simps: "\P Q. (\x. P x \ Q) = ((\x. P x) \ Q)" @@ -1279,19 +1268,19 @@ by (iprover | blast)+ lemmas [simp] = - triv_forall_equality (*prunes params*) - True_implies_equals implies_True_equals (*prune True in asms*) - False_implies_equals (*prune False in asms*) + triv_forall_equality \ \prunes params\ + True_implies_equals implies_True_equals \ \prune \True\ in asms\ + False_implies_equals \ \prune \False\ in asms\ if_True if_False if_cancel if_eq_cancel - imp_disjL - (*In general it seems wrong to add distributive laws by default: they - might cause exponential blow-up. But imp_disjL has been in for a while + imp_disjL \ + \In general it seems wrong to add distributive laws by default: they + might cause exponential blow-up. But \imp_disjL\ has been in for a while and cannot be removed without affecting existing proofs. Moreover, - rewriting by "(P \ Q \ R) = ((P \ R) \ (Q \ R))" might be justified on the - grounds that it allows simplification of R in the two cases.*) + rewriting by \(P \ Q \ R) = ((P \ R) \ (Q \ R))\ might be justified on the + grounds that it allows simplification of \R\ in the two cases.\ conj_assoc disj_assoc de_Morgan_conj @@ -1314,15 +1303,15 @@ ML \val HOL_ss = simpset_of @{context}\ -text \Simplifies @{term x} assuming @{prop c} and @{term y} assuming @{prop "\ c"}\ +text \Simplifies \x\ assuming \c\ and \y\ assuming \\ c\.\ lemma if_cong: assumes "b = c" - and "c \ x = u" - and "\ c \ y = v" + and "c \ x = u" + and "\ c \ y = v" shows "(if b then x else y) = (if c then u else v)" using assms by simp -text \Prevents simplification of x and y: +text \Prevents simplification of \x\ and \y\: faster and allows the execution of functional programs.\ lemma if_weak_cong [cong]: assumes "b = c" @@ -1341,11 +1330,10 @@ shows "(t \ u) \ (t \ u')" using assms by simp -lemma if_distrib: - "f (if c then x else y) = (if c then f x else f y)" +lemma if_distrib: "f (if c then x else y) = (if c then f x else f y)" by simp -text\As a simplification rule, it replaces all function equalities by +text \As a simplification rule, it replaces all function equalities by first-order equalities.\ lemma fun_eq_iff: "f = g \ (\x. f x = g x)" by auto @@ -1578,27 +1566,32 @@ lemma choice_eq: "(\x. \!y. P x y) = (\!f. \x. P x (f x))" apply (rule iffI) - apply (rule_tac a = "\x. THE y. P x y" in ex1I) - apply (fast dest!: theI') - apply (fast intro: the1_equality [symmetric]) + apply (rule_tac a = "\x. THE y. P x y" in ex1I) + apply (fast dest!: theI') + apply (fast intro: the1_equality [symmetric]) apply (erule ex1E) apply (rule allI) apply (rule ex1I) - apply (erule spec) + apply (erule spec) apply (erule_tac x = "\z. if z = x then y else f z" in allE) apply (erule impE) - apply (rule allI) - apply (case_tac "xa = x") - apply (drule_tac [3] x = x in fun_cong, simp_all) + apply (rule allI) + apply (case_tac "xa = x") + apply (drule_tac [3] x = x in fun_cong) + apply simp_all done lemmas eq_sym_conv = eq_commute lemma nnf_simps: - "(\(P \ Q)) = (\ P \ \ Q)" "(\ (P \ Q)) = (\ P \ \Q)" "(P \ Q) = (\P \ Q)" - "(P = Q) = ((P \ Q) \ (\P \ \ Q))" "(\(P = Q)) = ((P \ \ Q) \ (\P \ Q))" - "(\ \(P)) = P" -by blast+ + "(\ (P \ Q)) = (\ P \ \ Q)" + "(\ (P \ Q)) = (\ P \ \ Q)" + "(P \ Q) = (\ P \ Q)" + "(P = Q) = ((P \ Q) \ (\ P \ \ Q))" + "(\ (P = Q)) = ((P \ \ Q) \ (\ P \ Q))" + "(\ \ P) = P" + by blast+ + subsection \Basic ML bindings\ @@ -1659,12 +1652,15 @@ section \\NO_MATCH\ simproc\ text \ - The simplification procedure can be used to avoid simplification of terms of a certain form + The simplification procedure can be used to avoid simplification of terms + of a certain form. \ -definition NO_MATCH :: "'a \ 'b \ bool" where "NO_MATCH pat val \ True" +definition NO_MATCH :: "'a \ 'b \ bool" + where "NO_MATCH pat val \ True" -lemma NO_MATCH_cong[cong]: "NO_MATCH pat val = NO_MATCH pat val" by (rule refl) +lemma NO_MATCH_cong[cong]: "NO_MATCH pat val = NO_MATCH pat val" + by (rule refl) declare [[coercion_args NO_MATCH - -]] @@ -1678,24 +1674,26 @@ text \ This setup ensures that a rewrite rule of the form @{term "NO_MATCH pat val \ t"} - is only applied, if the pattern @{term pat} does not match the value @{term val}. + is only applied, if the pattern \pat\ does not match the value \val\. \ -text\Tagging a premise of a simp rule with ASSUMPTION forces the simplifier -not to simplify the argument and to solve it by an assumption.\ +text\ + Tagging a premise of a simp rule with ASSUMPTION forces the simplifier + not to simplify the argument and to solve it by an assumption. +\ -definition ASSUMPTION :: "bool \ bool" where -"ASSUMPTION A \ A" +definition ASSUMPTION :: "bool \ bool" + where "ASSUMPTION A \ A" lemma ASSUMPTION_cong[cong]: "ASSUMPTION A = ASSUMPTION A" -by (rule refl) + by (rule refl) lemma ASSUMPTION_I: "A \ ASSUMPTION A" -by(simp add: ASSUMPTION_def) + by (simp add: ASSUMPTION_def) lemma ASSUMPTION_D: "ASSUMPTION A \ A" -by(simp add: ASSUMPTION_def) + by (simp add: ASSUMPTION_def) setup \ let @@ -1712,12 +1710,10 @@ subsubsection \Generic code generator preprocessor setup\ -lemma conj_left_cong: - "P \ Q \ P \ R \ Q \ R" +lemma conj_left_cong: "P \ Q \ P \ R \ Q \ R" by (fact arg_cong) -lemma disj_left_cong: - "P \ Q \ P \ R \ Q \ R" +lemma disj_left_cong: "P \ Q \ P \ R \ Q \ R" by (fact arg_cong) setup \ @@ -1772,29 +1768,32 @@ shows "False \ P \ False" and "True \ P \ P" and "P \ False \ False" - and "P \ True \ P" by simp_all + and "P \ True \ P" + by simp_all lemma [code]: shows "False \ P \ P" and "True \ P \ True" and "P \ False \ P" - and "P \ True \ True" by simp_all + and "P \ True \ True" + by simp_all lemma [code]: shows "(False \ P) \ True" and "(True \ P) \ P" and "(P \ False) \ \ P" - and "(P \ True) \ True" by simp_all + and "(P \ True) \ True" + by simp_all text \More about @{typ prop}\ lemma [code nbe]: shows "(True \ PROP Q) \ PROP Q" and "(PROP Q \ True) \ Trueprop True" - and "(P \ R) \ Trueprop (P \ R)" by (auto intro!: equal_intr_rule) + and "(P \ R) \ Trueprop (P \ R)" + by (auto intro!: equal_intr_rule) -lemma Trueprop_code [code]: - "Trueprop True \ Code_Generator.holds" +lemma Trueprop_code [code]: "Trueprop True \ Code_Generator.holds" by (auto intro!: equal_intr_rule holds) declare Trueprop_code [symmetric, code_post] @@ -1806,21 +1805,21 @@ instantiation itself :: (type) equal begin -definition equal_itself :: "'a itself \ 'a itself \ bool" where - "equal_itself x y \ x = y" +definition equal_itself :: "'a itself \ 'a itself \ bool" + where "equal_itself x y \ x = y" -instance proof -qed (fact equal_itself_def) +instance + by standard (fact equal_itself_def) end -lemma equal_itself_code [code]: - "equal TYPE('a) TYPE('a) \ True" +lemma equal_itself_code [code]: "equal TYPE('a) TYPE('a) \ True" by (simp add: equal) setup \Sign.add_const_constraint (@{const_name equal}, SOME @{typ "'a::type \ 'a \ bool"})\ -lemma equal_alias_cert: "OFCLASS('a, equal_class) \ ((op = :: 'a \ 'a \ bool) \ equal)" (is "?ofclass \ ?equal") +lemma equal_alias_cert: "OFCLASS('a, equal_class) \ ((op = :: 'a \ 'a \ bool) \ equal)" + (is "?ofclass \ ?equal") proof assume "PROP ?ofclass" show "PROP ?equal" @@ -1900,15 +1899,13 @@ code_module Pure \ (SML) HOL and (OCaml) HOL and (Haskell) HOL and (Scala) HOL -text \using built-in Haskell equality\ - +text \Using built-in Haskell equality.\ code_printing type_class equal \ (Haskell) "Eq" | constant HOL.equal \ (Haskell) infix 4 "==" | constant HOL.eq \ (Haskell) infix 4 "==" -text \undefined\ - +text \\undefined\\ code_printing constant undefined \ (SML) "!(raise/ Fail/ \"undefined\")" @@ -1956,7 +1953,7 @@ and nitpick_choice_spec "choice specification of constants as needed by Nitpick" declare if_bool_eq_conj [nitpick_unfold, no_atp] - if_bool_eq_disj [no_atp] + and if_bool_eq_disj [no_atp] subsection \Preprocessing for the predicate compiler\ diff -r 4ea48cbc54c1 -r b9bd9e61fd63 src/HOL/Product_Type.thy --- a/src/HOL/Product_Type.thy Mon Aug 01 13:51:17 2016 +0200 +++ b/src/HOL/Product_Type.thy Mon Aug 01 22:11:29 2016 +0200 @@ -6,8 +6,8 @@ section \Cartesian products\ theory Product_Type -imports Typedef Inductive Fun -keywords "inductive_set" "coinductive_set" :: thy_decl + imports Typedef Inductive Fun + keywords "inductive_set" "coinductive_set" :: thy_decl begin subsection \@{typ bool} is a datatype\ @@ -38,7 +38,7 @@ \ "prefer plain propositional version" lemma [code]: "HOL.equal False P \ \ P" - and [code]: "HOL.equal True P \ P" + and [code]: "HOL.equal True P \ P" and [code]: "HOL.equal P False \ \ P" and [code]: "HOL.equal P True \ P" and [code nbe]: "HOL.equal P P \ True" @@ -317,7 +317,7 @@ (case (head_of t) of Const (@{const_syntax case_prod}, _) => raise Match | _ => - let + let val (_ :: yT :: _) = binder_types (domain_type T) handle Bind => raise Match; val (y, t') = Syntax_Trans.atomic_abs_tr' ("y", yT, incr_boundvars 1 t $ Bound 0); val (x', t'') = Syntax_Trans.atomic_abs_tr' (x, xT, t'); @@ -618,7 +618,7 @@ declare case_prodI2' [intro!] \ \postponed to maintain traditional declaration order!\ declare case_prodI2 [intro!] \ \postponed to maintain traditional declaration order!\ declare case_prodI [intro!] \ \postponed to maintain traditional declaration order!\ - + lemma mem_case_prodE [elim!]: assumes "z \ case_prod c p" obtains x y where "p = (x, y)" and "z \ c x y" @@ -631,10 +631,10 @@ | exists_p_split (Abs (_, _, t)) = exists_p_split t | exists_p_split _ = false; in -fun split_conv_tac ctxt = SUBGOAL (fn (t, i) => - if exists_p_split t - then safe_full_simp_tac (put_simpset HOL_basic_ss ctxt addsimps @{thms case_prod_conv}) i - else no_tac); + fun split_conv_tac ctxt = SUBGOAL (fn (t, i) => + if exists_p_split t + then safe_full_simp_tac (put_simpset HOL_basic_ss ctxt addsimps @{thms case_prod_conv}) i + else no_tac); end; \ @@ -656,7 +656,7 @@ a) only helps in special situations b) can lead to nontermination in the presence of split_def *) -lemma split_comp_eq: +lemma split_comp_eq: fixes f :: "'a \ 'b \ 'c" and g :: "'d \ 'a" shows "(\u. f (g (fst u)) (snd u)) = case_prod (\x. f (g x))" @@ -836,7 +836,7 @@ apply (rule major [THEN imageE]) apply (case_tac x) apply (rule cases) - apply simp_all + apply simp_all done definition apfst :: "('a \ 'c) \ 'a \ 'b \ 'c \ 'b" @@ -845,10 +845,10 @@ definition apsnd :: "('b \ 'c) \ 'a \ 'b \ 'a \ 'c" where "apsnd f = map_prod id f" -lemma apfst_conv [simp, code]: "apfst f (x, y) = (f x, y)" +lemma apfst_conv [simp, code]: "apfst f (x, y) = (f x, y)" by (simp add: apfst_def) -lemma apsnd_conv [simp, code]: "apsnd f (x, y) = (x, f y)" +lemma apsnd_conv [simp, code]: "apsnd f (x, y) = (x, f y)" by (simp add: apsnd_def) lemma fst_apfst [simp]: "fst (apfst f x) = f (fst x)" @@ -1029,11 +1029,11 @@ lemma Collect_case_prod_mono: "A \ B \ Collect (case_prod A) \ Collect (case_prod B)" by auto (auto elim!: le_funE) -lemma Collect_split_mono_strong: +lemma Collect_split_mono_strong: "X = fst ` A \ Y = snd ` A \ \a\X. \b \ Y. P a b \ Q a b \ A \ Collect (case_prod P) \ A \ Collect (case_prod Q)" by fastforce - + lemma UN_Times_distrib: "(\(a, b)\A \ B. E a \ F b) = UNION A E \ UNION B F" \ \Suggested by Pierre Chartier\ by blast @@ -1151,18 +1151,19 @@ context begin -qualified definition product :: "'a set \ 'b set \ ('a \ 'b) set" where - [code_abbrev]: "product A B = A \ B" +qualified definition product :: "'a set \ 'b set \ ('a \ 'b) set" + where [code_abbrev]: "product A B = A \ B" lemma member_product: "x \ Product_Type.product A B \ x \ A \ B" by (simp add: product_def) end - + text \The following @{const map_prod} lemmas are due to Joachim Breitner:\ lemma map_prod_inj_on: - assumes "inj_on f A" and "inj_on g B" + assumes "inj_on f A" + and "inj_on g B" shows "inj_on (map_prod f g) (A \ B)" proof (rule inj_onI) fix x :: "'a \ 'c" diff -r 4ea48cbc54c1 -r b9bd9e61fd63 src/HOL/Sum_Type.thy --- a/src/HOL/Sum_Type.thy Mon Aug 01 13:51:17 2016 +0200 +++ b/src/HOL/Sum_Type.thy Mon Aug 01 22:11:29 2016 +0200 @@ -3,10 +3,10 @@ Copyright 1992 University of Cambridge *) -section\The Disjoint Sum of Two Types\ +section \The Disjoint Sum of Two Types\ theory Sum_Type -imports Typedef Inductive Fun + imports Typedef Inductive Fun begin subsection \Construction of the sum type and its basic abstract operations\ @@ -85,7 +85,8 @@ proof (rule Abs_sum_cases [of s]) fix f assume "s = Abs_sum f" and "f \ sum" - with assms show P by (auto simp add: sum_def Inl_def Inr_def) + with assms show P + by (auto simp add: sum_def Inl_def Inr_def) qed free_constructors case_sum for @@ -123,9 +124,9 @@ setup \Sign.parent_path\ primrec map_sum :: "('a \ 'c) \ ('b \ 'd) \ 'a + 'b \ 'c + 'd" -where - "map_sum f1 f2 (Inl a) = Inl (f1 a)" -| "map_sum f1 f2 (Inr a) = Inr (f2 a)" + where + "map_sum f1 f2 (Inl a) = Inl (f1 a)" + | "map_sum f1 f2 (Inr a) = Inr (f2 a)" functor map_sum: map_sum proof -