merge with dummy changeset, to recover files in doc-src/IsarImplementation/ which got lost in aea5d7fa7ef5 (potentially due to insensitive file system on Mac OS);
--- a/NEWS Thu Mar 05 02:20:06 2009 +0100
+++ b/NEWS Thu Mar 05 02:24:36 2009 +0100
@@ -501,7 +501,7 @@
Suc_not_Zero Zero_not_Suc ~> nat.distinct
* The option datatype has been moved to a new theory HOL/Option.thy.
-Renamed option_map to Option.map.
+Renamed option_map to Option.map, and o2s to Option.set.
* Library/Nat_Infinity: added addition, numeral syntax and more
instantiations for algebraic structures. Removed some duplicate
--- a/doc-src/IsarImplementation/Thy/document/Base.tex Thu Mar 05 02:20:06 2009 +0100
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,29 +0,0 @@
-%
-\begin{isabellebody}%
-\def\isabellecontext{Base}%
-%
-\isadelimtheory
-%
-\endisadelimtheory
-%
-\isatagtheory
-\isacommand{theory}\isamarkupfalse%
-\ Base\isanewline
-\isakeyword{imports}\ Pure\isanewline
-\isakeyword{uses}\ {\isachardoublequoteopen}{\isachardot}{\isachardot}{\isacharslash}{\isachardot}{\isachardot}{\isacharslash}antiquote{\isacharunderscore}setup{\isachardot}ML{\isachardoublequoteclose}\isanewline
-\isakeyword{begin}\isanewline
-\isanewline
-\isacommand{end}\isamarkupfalse%
-%
-\endisatagtheory
-{\isafoldtheory}%
-%
-\isadelimtheory
-\isanewline
-%
-\endisadelimtheory
-\end{isabellebody}%
-%%% Local Variables:
-%%% mode: latex
-%%% TeX-master: "root"
-%%% End:
--- a/doc-src/IsarImplementation/Thy/document/Integration.tex Thu Mar 05 02:20:06 2009 +0100
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,520 +0,0 @@
-%
-\begin{isabellebody}%
-\def\isabellecontext{Integration}%
-%
-\isadelimtheory
-%
-\endisadelimtheory
-%
-\isatagtheory
-\isacommand{theory}\isamarkupfalse%
-\ Integration\isanewline
-\isakeyword{imports}\ Base\isanewline
-\isakeyword{begin}%
-\endisatagtheory
-{\isafoldtheory}%
-%
-\isadelimtheory
-%
-\endisadelimtheory
-%
-\isamarkupchapter{System integration%
-}
-\isamarkuptrue%
-%
-\isamarkupsection{Isar toplevel \label{sec:isar-toplevel}%
-}
-\isamarkuptrue%
-%
-\begin{isamarkuptext}%
-The Isar toplevel may be considered the centeral hub of the
- Isabelle/Isar system, where all key components and sub-systems are
- integrated into a single read-eval-print loop of Isar commands. We
- shall even incorporate the existing {\ML} toplevel of the compiler
- and run-time system (cf.\ \secref{sec:ML-toplevel}).
-
- Isabelle/Isar departs from the original ``LCF system architecture''
- where {\ML} was really The Meta Language for defining theories and
- conducting proofs. Instead, {\ML} now only serves as the
- implementation language for the system (and user extensions), while
- the specific Isar toplevel supports the concepts of theory and proof
- development natively. This includes the graph structure of theories
- and the block structure of proofs, support for unlimited undo,
- facilities for tracing, debugging, timing, profiling etc.
-
- \medskip The toplevel maintains an implicit state, which is
- transformed by a sequence of transitions -- either interactively or
- in batch-mode. In interactive mode, Isar state transitions are
- encapsulated as safe transactions, such that both failure and undo
- are handled conveniently without destroying the underlying draft
- theory (cf.~\secref{sec:context-theory}). In batch mode,
- transitions operate in a linear (destructive) fashion, such that
- error conditions abort the present attempt to construct a theory or
- proof altogether.
-
- The toplevel state is a disjoint sum of empty \isa{toplevel}, or
- \isa{theory}, or \isa{proof}. On entering the main Isar loop we
- start with an empty toplevel. A theory is commenced by giving a
- \isa{{\isasymTHEORY}} header; within a theory we may issue theory
- commands such as \isa{{\isasymDEFINITION}}, or state a \isa{{\isasymTHEOREM}} to be proven. Now we are within a proof state, with a
- rich collection of Isar proof commands for structured proof
- composition, or unstructured proof scripts. When the proof is
- concluded we get back to the theory, which is then updated by
- storing the resulting fact. Further theory declarations or theorem
- statements with proofs may follow, until we eventually conclude the
- theory development by issuing \isa{{\isasymEND}}. The resulting theory
- is then stored within the theory database and we are back to the
- empty toplevel.
-
- In addition to these proper state transformations, there are also
- some diagnostic commands for peeking at the toplevel state without
- modifying it (e.g.\ \isakeyword{thm}, \isakeyword{term},
- \isakeyword{print-cases}).%
-\end{isamarkuptext}%
-\isamarkuptrue%
-%
-\isadelimmlref
-%
-\endisadelimmlref
-%
-\isatagmlref
-%
-\begin{isamarkuptext}%
-\begin{mldecls}
- \indexdef{}{ML type}{Toplevel.state}\verb|type Toplevel.state| \\
- \indexdef{}{ML}{Toplevel.UNDEF}\verb|Toplevel.UNDEF: exn| \\
- \indexdef{}{ML}{Toplevel.is\_toplevel}\verb|Toplevel.is_toplevel: Toplevel.state -> bool| \\
- \indexdef{}{ML}{Toplevel.theory\_of}\verb|Toplevel.theory_of: Toplevel.state -> theory| \\
- \indexdef{}{ML}{Toplevel.proof\_of}\verb|Toplevel.proof_of: Toplevel.state -> Proof.state| \\
- \indexdef{}{ML}{Toplevel.debug}\verb|Toplevel.debug: bool ref| \\
- \indexdef{}{ML}{Toplevel.timing}\verb|Toplevel.timing: bool ref| \\
- \indexdef{}{ML}{Toplevel.profiling}\verb|Toplevel.profiling: int ref| \\
- \end{mldecls}
-
- \begin{description}
-
- \item \verb|Toplevel.state| represents Isar toplevel states,
- which are normally manipulated through the concept of toplevel
- transitions only (\secref{sec:toplevel-transition}). Also note that
- a raw toplevel state is subject to the same linearity restrictions
- as a theory context (cf.~\secref{sec:context-theory}).
-
- \item \verb|Toplevel.UNDEF| is raised for undefined toplevel
- operations. Many operations work only partially for certain cases,
- since \verb|Toplevel.state| is a sum type.
-
- \item \verb|Toplevel.is_toplevel|~\isa{state} checks for an empty
- toplevel state.
-
- \item \verb|Toplevel.theory_of|~\isa{state} selects the theory of
- a theory or proof (!), otherwise raises \verb|Toplevel.UNDEF|.
-
- \item \verb|Toplevel.proof_of|~\isa{state} selects the Isar proof
- state if available, otherwise raises \verb|Toplevel.UNDEF|.
-
- \item \verb|set Toplevel.debug| makes the toplevel print further
- details about internal error conditions, exceptions being raised
- etc.
-
- \item \verb|set Toplevel.timing| makes the toplevel print timing
- information for each Isar command being executed.
-
- \item \verb|Toplevel.profiling|~\verb|:=|~\isa{n} controls
- low-level profiling of the underlying {\ML} runtime system. For
- Poly/ML, \isa{n\ {\isacharequal}\ {\isadigit{1}}} means time and \isa{n\ {\isacharequal}\ {\isadigit{2}}} space
- profiling.
-
- \end{description}%
-\end{isamarkuptext}%
-\isamarkuptrue%
-%
-\endisatagmlref
-{\isafoldmlref}%
-%
-\isadelimmlref
-%
-\endisadelimmlref
-%
-\isamarkupsubsection{Toplevel transitions \label{sec:toplevel-transition}%
-}
-\isamarkuptrue%
-%
-\begin{isamarkuptext}%
-An Isar toplevel transition consists of a partial function on the
- toplevel state, with additional information for diagnostics and
- error reporting: there are fields for command name, source position,
- optional source text, as well as flags for interactive-only commands
- (which issue a warning in batch-mode), printing of result state,
- etc.
-
- The operational part is represented as the sequential union of a
- list of partial functions, which are tried in turn until the first
- one succeeds. This acts like an outer case-expression for various
- alternative state transitions. For example, \isakeyword{qed} acts
- differently for a local proofs vs.\ the global ending of the main
- proof.
-
- Toplevel transitions are composed via transition transformers.
- Internally, Isar commands are put together from an empty transition
- extended by name and source position (and optional source text). It
- is then left to the individual command parser to turn the given
- concrete syntax into a suitable transition transformer that adjoins
- actual operations on a theory or proof state etc.%
-\end{isamarkuptext}%
-\isamarkuptrue%
-%
-\isadelimmlref
-%
-\endisadelimmlref
-%
-\isatagmlref
-%
-\begin{isamarkuptext}%
-\begin{mldecls}
- \indexdef{}{ML}{Toplevel.print}\verb|Toplevel.print: Toplevel.transition -> Toplevel.transition| \\
- \indexdef{}{ML}{Toplevel.no\_timing}\verb|Toplevel.no_timing: Toplevel.transition -> Toplevel.transition| \\
- \indexdef{}{ML}{Toplevel.keep}\verb|Toplevel.keep: (Toplevel.state -> unit) ->|\isasep\isanewline%
-\verb| Toplevel.transition -> Toplevel.transition| \\
- \indexdef{}{ML}{Toplevel.theory}\verb|Toplevel.theory: (theory -> theory) ->|\isasep\isanewline%
-\verb| Toplevel.transition -> Toplevel.transition| \\
- \indexdef{}{ML}{Toplevel.theory\_to\_proof}\verb|Toplevel.theory_to_proof: (theory -> Proof.state) ->|\isasep\isanewline%
-\verb| Toplevel.transition -> Toplevel.transition| \\
- \indexdef{}{ML}{Toplevel.proof}\verb|Toplevel.proof: (Proof.state -> Proof.state) ->|\isasep\isanewline%
-\verb| Toplevel.transition -> Toplevel.transition| \\
- \indexdef{}{ML}{Toplevel.proofs}\verb|Toplevel.proofs: (Proof.state -> Proof.state Seq.seq) ->|\isasep\isanewline%
-\verb| Toplevel.transition -> Toplevel.transition| \\
- \indexdef{}{ML}{Toplevel.end\_proof}\verb|Toplevel.end_proof: (bool -> Proof.state -> Proof.context) ->|\isasep\isanewline%
-\verb| Toplevel.transition -> Toplevel.transition| \\
- \end{mldecls}
-
- \begin{description}
-
- \item \verb|Toplevel.print|~\isa{tr} sets the print flag, which
- causes the toplevel loop to echo the result state (in interactive
- mode).
-
- \item \verb|Toplevel.no_timing|~\isa{tr} indicates that the
- transition should never show timing information, e.g.\ because it is
- a diagnostic command.
-
- \item \verb|Toplevel.keep|~\isa{tr} adjoins a diagnostic
- function.
-
- \item \verb|Toplevel.theory|~\isa{tr} adjoins a theory
- transformer.
-
- \item \verb|Toplevel.theory_to_proof|~\isa{tr} adjoins a global
- goal function, which turns a theory into a proof state. The theory
- may be changed before entering the proof; the generic Isar goal
- setup includes an argument that specifies how to apply the proven
- result to the theory, when the proof is finished.
-
- \item \verb|Toplevel.proof|~\isa{tr} adjoins a deterministic
- proof command, with a singleton result.
-
- \item \verb|Toplevel.proofs|~\isa{tr} adjoins a general proof
- command, with zero or more result states (represented as a lazy
- list).
-
- \item \verb|Toplevel.end_proof|~\isa{tr} adjoins a concluding
- proof command, that returns the resulting theory, after storing the
- resulting facts in the context etc.
-
- \end{description}%
-\end{isamarkuptext}%
-\isamarkuptrue%
-%
-\endisatagmlref
-{\isafoldmlref}%
-%
-\isadelimmlref
-%
-\endisadelimmlref
-%
-\isamarkupsubsection{Toplevel control%
-}
-\isamarkuptrue%
-%
-\begin{isamarkuptext}%
-There are a few special control commands that modify the behavior
- the toplevel itself, and only make sense in interactive mode. Under
- normal circumstances, the user encounters these only implicitly as
- part of the protocol between the Isabelle/Isar system and a
- user-interface such as ProofGeneral.
-
- \begin{description}
-
- \item \isacommand{undo} follows the three-level hierarchy of empty
- toplevel vs.\ theory vs.\ proof: undo within a proof reverts to the
- previous proof context, undo after a proof reverts to the theory
- before the initial goal statement, undo of a theory command reverts
- to the previous theory value, undo of a theory header discontinues
- the current theory development and removes it from the theory
- database (\secref{sec:theory-database}).
-
- \item \isacommand{kill} aborts the current level of development:
- kill in a proof context reverts to the theory before the initial
- goal statement, kill in a theory context aborts the current theory
- development, removing it from the database.
-
- \item \isacommand{exit} drops out of the Isar toplevel into the
- underlying {\ML} toplevel (\secref{sec:ML-toplevel}). The Isar
- toplevel state is preserved and may be continued later.
-
- \item \isacommand{quit} terminates the Isabelle/Isar process without
- saving.
-
- \end{description}%
-\end{isamarkuptext}%
-\isamarkuptrue%
-%
-\isamarkupsection{ML toplevel \label{sec:ML-toplevel}%
-}
-\isamarkuptrue%
-%
-\begin{isamarkuptext}%
-The {\ML} toplevel provides a read-compile-eval-print loop for {\ML}
- values, types, structures, and functors. {\ML} declarations operate
- on the global system state, which consists of the compiler
- environment plus the values of {\ML} reference variables. There is
- no clean way to undo {\ML} declarations, except for reverting to a
- previously saved state of the whole Isabelle process. {\ML} input
- is either read interactively from a TTY, or from a string (usually
- within a theory text), or from a source file (usually loaded from a
- theory).
-
- Whenever the {\ML} toplevel is active, the current Isabelle theory
- context is passed as an internal reference variable. Thus {\ML}
- code may access the theory context during compilation, it may even
- change the value of a theory being under construction --- while
- observing the usual linearity restrictions
- (cf.~\secref{sec:context-theory}).%
-\end{isamarkuptext}%
-\isamarkuptrue%
-%
-\isadelimmlref
-%
-\endisadelimmlref
-%
-\isatagmlref
-%
-\begin{isamarkuptext}%
-\begin{mldecls}
- \indexdef{}{ML}{the\_context}\verb|the_context: unit -> theory| \\
- \indexdef{}{ML}{Context.$>$$>$ }\verb|Context.>> : (Context.generic -> Context.generic) -> unit| \\
- \end{mldecls}
-
- \begin{description}
-
- \item \verb|the_context ()| refers to the theory context of the
- {\ML} toplevel --- at compile time! {\ML} code needs to take care
- to refer to \verb|the_context ()| correctly. Recall that
- evaluation of a function body is delayed until actual runtime.
- Moreover, persistent {\ML} toplevel bindings to an unfinished theory
- should be avoided: code should either project out the desired
- information immediately, or produce an explicit \verb|theory_ref| (cf.\ \secref{sec:context-theory}).
-
- \item \verb|Context.>>|~\isa{f} applies context transformation
- \isa{f} to the implicit context of the {\ML} toplevel.
-
- \end{description}
-
- It is very important to note that the above functions are really
- restricted to the compile time, even though the {\ML} compiler is
- invoked at runtime! The majority of {\ML} code uses explicit
- functional arguments of a theory or proof context instead. Thus it
- may be invoked for an arbitrary context later on, without having to
- worry about any operational details.
-
- \bigskip
-
- \begin{mldecls}
- \indexdef{}{ML}{Isar.main}\verb|Isar.main: unit -> unit| \\
- \indexdef{}{ML}{Isar.loop}\verb|Isar.loop: unit -> unit| \\
- \indexdef{}{ML}{Isar.state}\verb|Isar.state: unit -> Toplevel.state| \\
- \indexdef{}{ML}{Isar.exn}\verb|Isar.exn: unit -> (exn * string) option| \\
- \indexdef{}{ML}{Isar.context}\verb|Isar.context: unit -> Proof.context| \\
- \indexdef{}{ML}{Isar.goal}\verb|Isar.goal: unit -> thm| \\
- \end{mldecls}
-
- \begin{description}
-
- \item \verb|Isar.main ()| invokes the Isar toplevel from {\ML},
- initializing an empty toplevel state.
-
- \item \verb|Isar.loop ()| continues the Isar toplevel with the
- current state, after having dropped out of the Isar toplevel loop.
-
- \item \verb|Isar.state ()| and \verb|Isar.exn ()| get current
- toplevel state and error condition, respectively. This only works
- after having dropped out of the Isar toplevel loop.
-
- \item \verb|Isar.context ()| produces the proof context from \verb|Isar.state ()|, analogous to \verb|Context.proof_of|
- (\secref{sec:generic-context}).
-
- \item \verb|Isar.goal ()| picks the tactical goal from \verb|Isar.state ()|, represented as a theorem according to
- \secref{sec:tactical-goals}.
-
- \end{description}%
-\end{isamarkuptext}%
-\isamarkuptrue%
-%
-\endisatagmlref
-{\isafoldmlref}%
-%
-\isadelimmlref
-%
-\endisadelimmlref
-%
-\isamarkupsection{Theory database \label{sec:theory-database}%
-}
-\isamarkuptrue%
-%
-\begin{isamarkuptext}%
-The theory database maintains a collection of theories, together
- with some administrative information about their original sources,
- which are held in an external store (i.e.\ some directory within the
- regular file system).
-
- The theory database is organized as a directed acyclic graph;
- entries are referenced by theory name. Although some additional
- interfaces allow to include a directory specification as well, this
- is only a hint to the underlying theory loader. The internal theory
- name space is flat!
-
- Theory \isa{A} is associated with the main theory file \isa{A}\verb,.thy,, which needs to be accessible through the theory
- loader path. Any number of additional {\ML} source files may be
- associated with each theory, by declaring these dependencies in the
- theory header as \isa{{\isasymUSES}}, and loading them consecutively
- within the theory context. The system keeps track of incoming {\ML}
- sources and associates them with the current theory. The file
- \isa{A}\verb,.ML, is loaded after a theory has been concluded, in
- order to support legacy proof {\ML} proof scripts.
-
- The basic internal actions of the theory database are \isa{update}, \isa{outdate}, and \isa{remove}:
-
- \begin{itemize}
-
- \item \isa{update\ A} introduces a link of \isa{A} with a
- \isa{theory} value of the same name; it asserts that the theory
- sources are now consistent with that value;
-
- \item \isa{outdate\ A} invalidates the link of a theory database
- entry to its sources, but retains the present theory value;
-
- \item \isa{remove\ A} deletes entry \isa{A} from the theory
- database.
-
- \end{itemize}
-
- These actions are propagated to sub- or super-graphs of a theory
- entry as expected, in order to preserve global consistency of the
- state of all loaded theories with the sources of the external store.
- This implies certain causalities between actions: \isa{update}
- or \isa{outdate} of an entry will \isa{outdate} all
- descendants; \isa{remove} will \isa{remove} all descendants.
-
- \medskip There are separate user-level interfaces to operate on the
- theory database directly or indirectly. The primitive actions then
- just happen automatically while working with the system. In
- particular, processing a theory header \isa{{\isasymTHEORY}\ A\ {\isasymIMPORTS}\ B\isactrlsub {\isadigit{1}}\ {\isasymdots}\ B\isactrlsub n\ {\isasymBEGIN}} ensures that the
- sub-graph of the collective imports \isa{B\isactrlsub {\isadigit{1}}\ {\isasymdots}\ B\isactrlsub n}
- is up-to-date, too. Earlier theories are reloaded as required, with
- \isa{update} actions proceeding in topological order according to
- theory dependencies. There may be also a wave of implied \isa{outdate} actions for derived theory nodes until a stable situation
- is achieved eventually.%
-\end{isamarkuptext}%
-\isamarkuptrue%
-%
-\isadelimmlref
-%
-\endisadelimmlref
-%
-\isatagmlref
-%
-\begin{isamarkuptext}%
-\begin{mldecls}
- \indexdef{}{ML}{theory}\verb|theory: string -> theory| \\
- \indexdef{}{ML}{use\_thy}\verb|use_thy: string -> unit| \\
- \indexdef{}{ML}{use\_thys}\verb|use_thys: string list -> unit| \\
- \indexdef{}{ML}{ThyInfo.touch\_thy}\verb|ThyInfo.touch_thy: string -> unit| \\
- \indexdef{}{ML}{ThyInfo.remove\_thy}\verb|ThyInfo.remove_thy: string -> unit| \\[1ex]
- \indexdef{}{ML}{ThyInfo.begin\_theory}\verb|ThyInfo.begin_theory|\verb|: ... -> bool -> theory| \\
- \indexdef{}{ML}{ThyInfo.end\_theory}\verb|ThyInfo.end_theory: theory -> unit| \\
- \indexdef{}{ML}{ThyInfo.register\_theory}\verb|ThyInfo.register_theory: theory -> unit| \\[1ex]
- \verb|datatype action = Update |\verb,|,\verb| Outdate |\verb,|,\verb| Remove| \\
- \indexdef{}{ML}{ThyInfo.add\_hook}\verb|ThyInfo.add_hook: (ThyInfo.action -> string -> unit) -> unit| \\
- \end{mldecls}
-
- \begin{description}
-
- \item \verb|theory|~\isa{A} retrieves the theory value presently
- associated with name \isa{A}. Note that the result might be
- outdated.
-
- \item \verb|use_thy|~\isa{A} ensures that theory \isa{A} is fully
- up-to-date wrt.\ the external file store, reloading outdated
- ancestors as required.
-
- \item \verb|use_thys| is similar to \verb|use_thy|, but handles
- several theories simultaneously. Thus it acts like processing the
- import header of a theory, without performing the merge of the
- result, though.
-
- \item \verb|ThyInfo.touch_thy|~\isa{A} performs and \isa{outdate} action
- on theory \isa{A} and all descendants.
-
- \item \verb|ThyInfo.remove_thy|~\isa{A} deletes theory \isa{A} and all
- descendants from the theory database.
-
- \item \verb|ThyInfo.begin_theory| is the basic operation behind a
- \isa{{\isasymTHEORY}} header declaration. This is {\ML} functions is
- normally not invoked directly.
-
- \item \verb|ThyInfo.end_theory| concludes the loading of a theory
- proper and stores the result in the theory database.
-
- \item \verb|ThyInfo.register_theory|~\isa{text\ thy} registers an
- existing theory value with the theory loader database. There is no
- management of associated sources.
-
- \item \verb|ThyInfo.add_hook|~\isa{f} registers function \isa{f} as a hook for theory database actions. The function will be
- invoked with the action and theory name being involved; thus derived
- actions may be performed in associated system components, e.g.\
- maintaining the state of an editor for the theory sources.
-
- The kind and order of actions occurring in practice depends both on
- user interactions and the internal process of resolving theory
- imports. Hooks should not rely on a particular policy here! Any
- exceptions raised by the hook are ignored.
-
- \end{description}%
-\end{isamarkuptext}%
-\isamarkuptrue%
-%
-\endisatagmlref
-{\isafoldmlref}%
-%
-\isadelimmlref
-%
-\endisadelimmlref
-%
-\isadelimtheory
-%
-\endisadelimtheory
-%
-\isatagtheory
-\isacommand{end}\isamarkupfalse%
-%
-\endisatagtheory
-{\isafoldtheory}%
-%
-\isadelimtheory
-%
-\endisadelimtheory
-\isanewline
-\end{isabellebody}%
-%%% Local Variables:
-%%% mode: latex
-%%% TeX-master: "root"
-%%% End:
--- a/doc-src/IsarImplementation/Thy/document/Isar.tex Thu Mar 05 02:20:06 2009 +0100
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,86 +0,0 @@
-%
-\begin{isabellebody}%
-\def\isabellecontext{Isar}%
-%
-\isadelimtheory
-%
-\endisadelimtheory
-%
-\isatagtheory
-\isacommand{theory}\isamarkupfalse%
-\ Isar\isanewline
-\isakeyword{imports}\ Base\isanewline
-\isakeyword{begin}%
-\endisatagtheory
-{\isafoldtheory}%
-%
-\isadelimtheory
-%
-\endisadelimtheory
-%
-\isamarkupchapter{Isar language elements%
-}
-\isamarkuptrue%
-%
-\begin{isamarkuptext}%
-The primary Isar language consists of three main categories of
- language elements:
-
- \begin{enumerate}
-
- \item Proof commands
-
- \item Proof methods
-
- \item Attributes
-
- \end{enumerate}%
-\end{isamarkuptext}%
-\isamarkuptrue%
-%
-\isamarkupsection{Proof commands%
-}
-\isamarkuptrue%
-%
-\begin{isamarkuptext}%
-FIXME%
-\end{isamarkuptext}%
-\isamarkuptrue%
-%
-\isamarkupsection{Proof methods%
-}
-\isamarkuptrue%
-%
-\begin{isamarkuptext}%
-FIXME%
-\end{isamarkuptext}%
-\isamarkuptrue%
-%
-\isamarkupsection{Attributes%
-}
-\isamarkuptrue%
-%
-\begin{isamarkuptext}%
-FIXME%
-\end{isamarkuptext}%
-\isamarkuptrue%
-%
-\isadelimtheory
-%
-\endisadelimtheory
-%
-\isatagtheory
-\isacommand{end}\isamarkupfalse%
-%
-\endisatagtheory
-{\isafoldtheory}%
-%
-\isadelimtheory
-%
-\endisadelimtheory
-\isanewline
-\end{isabellebody}%
-%%% Local Variables:
-%%% mode: latex
-%%% TeX-master: "root"
-%%% End:
--- a/doc-src/IsarImplementation/Thy/document/Logic.tex Thu Mar 05 02:20:06 2009 +0100
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,959 +0,0 @@
-%
-\begin{isabellebody}%
-\def\isabellecontext{Logic}%
-%
-\isadelimtheory
-%
-\endisadelimtheory
-%
-\isatagtheory
-\isacommand{theory}\isamarkupfalse%
-\ Logic\isanewline
-\isakeyword{imports}\ Base\isanewline
-\isakeyword{begin}%
-\endisatagtheory
-{\isafoldtheory}%
-%
-\isadelimtheory
-%
-\endisadelimtheory
-%
-\isamarkupchapter{Primitive logic \label{ch:logic}%
-}
-\isamarkuptrue%
-%
-\begin{isamarkuptext}%
-The logical foundations of Isabelle/Isar are that of the Pure logic,
- which has been introduced as a Natural Deduction framework in
- \cite{paulson700}. This is essentially the same logic as ``\isa{{\isasymlambda}HOL}'' in the more abstract setting of Pure Type Systems (PTS)
- \cite{Barendregt-Geuvers:2001}, although there are some key
- differences in the specific treatment of simple types in
- Isabelle/Pure.
-
- Following type-theoretic parlance, the Pure logic consists of three
- levels of \isa{{\isasymlambda}}-calculus with corresponding arrows, \isa{{\isasymRightarrow}} for syntactic function space (terms depending on terms), \isa{{\isasymAnd}} for universal quantification (proofs depending on terms), and
- \isa{{\isasymLongrightarrow}} for implication (proofs depending on proofs).
-
- Derivations are relative to a logical theory, which declares type
- constructors, constants, and axioms. Theory declarations support
- schematic polymorphism, which is strictly speaking outside the
- logic.\footnote{This is the deeper logical reason, why the theory
- context \isa{{\isasymTheta}} is separate from the proof context \isa{{\isasymGamma}}
- of the core calculus.}%
-\end{isamarkuptext}%
-\isamarkuptrue%
-%
-\isamarkupsection{Types \label{sec:types}%
-}
-\isamarkuptrue%
-%
-\begin{isamarkuptext}%
-The language of types is an uninterpreted order-sorted first-order
- algebra; types are qualified by ordered type classes.
-
- \medskip A \emph{type class} is an abstract syntactic entity
- declared in the theory context. The \emph{subclass relation} \isa{c\isactrlisub {\isadigit{1}}\ {\isasymsubseteq}\ c\isactrlisub {\isadigit{2}}} is specified by stating an acyclic
- generating relation; the transitive closure is maintained
- internally. The resulting relation is an ordering: reflexive,
- transitive, and antisymmetric.
-
- A \emph{sort} is a list of type classes written as \isa{s\ {\isacharequal}\ {\isacharbraceleft}c\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ c\isactrlisub m{\isacharbraceright}}, which represents symbolic
- intersection. Notationally, the curly braces are omitted for
- singleton intersections, i.e.\ any class \isa{c} may be read as
- a sort \isa{{\isacharbraceleft}c{\isacharbraceright}}. The ordering on type classes is extended to
- sorts according to the meaning of intersections: \isa{{\isacharbraceleft}c\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}\ c\isactrlisub m{\isacharbraceright}\ {\isasymsubseteq}\ {\isacharbraceleft}d\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ d\isactrlisub n{\isacharbraceright}} iff
- \isa{{\isasymforall}j{\isachardot}\ {\isasymexists}i{\isachardot}\ c\isactrlisub i\ {\isasymsubseteq}\ d\isactrlisub j}. The empty intersection
- \isa{{\isacharbraceleft}{\isacharbraceright}} refers to the universal sort, which is the largest
- element wrt.\ the sort order. The intersections of all (finitely
- many) classes declared in the current theory are the minimal
- elements wrt.\ the sort order.
-
- \medskip A \emph{fixed type variable} is a pair of a basic name
- (starting with a \isa{{\isacharprime}} character) and a sort constraint, e.g.\
- \isa{{\isacharparenleft}{\isacharprime}a{\isacharcomma}\ s{\isacharparenright}} which is usually printed as \isa{{\isasymalpha}\isactrlisub s}.
- A \emph{schematic type variable} is a pair of an indexname and a
- sort constraint, e.g.\ \isa{{\isacharparenleft}{\isacharparenleft}{\isacharprime}a{\isacharcomma}\ {\isadigit{0}}{\isacharparenright}{\isacharcomma}\ s{\isacharparenright}} which is usually
- printed as \isa{{\isacharquery}{\isasymalpha}\isactrlisub s}.
-
- Note that \emph{all} syntactic components contribute to the identity
- of type variables, including the sort constraint. The core logic
- handles type variables with the same name but different sorts as
- different, although some outer layers of the system make it hard to
- produce anything like this.
-
- A \emph{type constructor} \isa{{\isasymkappa}} is a \isa{k}-ary operator
- on types declared in the theory. Type constructor application is
- written postfix as \isa{{\isacharparenleft}{\isasymalpha}\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymalpha}\isactrlisub k{\isacharparenright}{\isasymkappa}}. For
- \isa{k\ {\isacharequal}\ {\isadigit{0}}} the argument tuple is omitted, e.g.\ \isa{prop}
- instead of \isa{{\isacharparenleft}{\isacharparenright}prop}. For \isa{k\ {\isacharequal}\ {\isadigit{1}}} the parentheses
- are omitted, e.g.\ \isa{{\isasymalpha}\ list} instead of \isa{{\isacharparenleft}{\isasymalpha}{\isacharparenright}list}.
- Further notation is provided for specific constructors, notably the
- right-associative infix \isa{{\isasymalpha}\ {\isasymRightarrow}\ {\isasymbeta}} instead of \isa{{\isacharparenleft}{\isasymalpha}{\isacharcomma}\ {\isasymbeta}{\isacharparenright}fun}.
-
- A \emph{type} is defined inductively over type variables and type
- constructors as follows: \isa{{\isasymtau}\ {\isacharequal}\ {\isasymalpha}\isactrlisub s\ {\isacharbar}\ {\isacharquery}{\isasymalpha}\isactrlisub s\ {\isacharbar}\ {\isacharparenleft}{\isasymtau}\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymtau}\isactrlsub k{\isacharparenright}{\isasymkappa}}.
-
- A \emph{type abbreviation} is a syntactic definition \isa{{\isacharparenleft}\isactrlvec {\isasymalpha}{\isacharparenright}{\isasymkappa}\ {\isacharequal}\ {\isasymtau}} of an arbitrary type expression \isa{{\isasymtau}} over
- variables \isa{\isactrlvec {\isasymalpha}}. Type abbreviations appear as type
- constructors in the syntax, but are expanded before entering the
- logical core.
-
- A \emph{type arity} declares the image behavior of a type
- constructor wrt.\ the algebra of sorts: \isa{{\isasymkappa}\ {\isacharcolon}{\isacharcolon}\ {\isacharparenleft}s\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ s\isactrlisub k{\isacharparenright}s} means that \isa{{\isacharparenleft}{\isasymtau}\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymtau}\isactrlisub k{\isacharparenright}{\isasymkappa}} is
- of sort \isa{s} if every argument type \isa{{\isasymtau}\isactrlisub i} is
- of sort \isa{s\isactrlisub i}. Arity declarations are implicitly
- completed, i.e.\ \isa{{\isasymkappa}\ {\isacharcolon}{\isacharcolon}\ {\isacharparenleft}\isactrlvec s{\isacharparenright}c} entails \isa{{\isasymkappa}\ {\isacharcolon}{\isacharcolon}\ {\isacharparenleft}\isactrlvec s{\isacharparenright}c{\isacharprime}} for any \isa{c{\isacharprime}\ {\isasymsupseteq}\ c}.
-
- \medskip The sort algebra is always maintained as \emph{coregular},
- which means that type arities are consistent with the subclass
- relation: for any type constructor \isa{{\isasymkappa}}, and classes \isa{c\isactrlisub {\isadigit{1}}\ {\isasymsubseteq}\ c\isactrlisub {\isadigit{2}}}, and arities \isa{{\isasymkappa}\ {\isacharcolon}{\isacharcolon}\ {\isacharparenleft}\isactrlvec s\isactrlisub {\isadigit{1}}{\isacharparenright}c\isactrlisub {\isadigit{1}}} and \isa{{\isasymkappa}\ {\isacharcolon}{\isacharcolon}\ {\isacharparenleft}\isactrlvec s\isactrlisub {\isadigit{2}}{\isacharparenright}c\isactrlisub {\isadigit{2}}} holds \isa{\isactrlvec s\isactrlisub {\isadigit{1}}\ {\isasymsubseteq}\ \isactrlvec s\isactrlisub {\isadigit{2}}} component-wise.
-
- The key property of a coregular order-sorted algebra is that sort
- constraints can be solved in a most general fashion: for each type
- constructor \isa{{\isasymkappa}} and sort \isa{s} there is a most general
- vector of argument sorts \isa{{\isacharparenleft}s\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ s\isactrlisub k{\isacharparenright}} such
- that a type scheme \isa{{\isacharparenleft}{\isasymalpha}\isactrlbsub s\isactrlisub {\isadigit{1}}\isactrlesub {\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymalpha}\isactrlbsub s\isactrlisub k\isactrlesub {\isacharparenright}{\isasymkappa}} is of sort \isa{s}.
- Consequently, type unification has most general solutions (modulo
- equivalence of sorts), so type-inference produces primary types as
- expected \cite{nipkow-prehofer}.%
-\end{isamarkuptext}%
-\isamarkuptrue%
-%
-\isadelimmlref
-%
-\endisadelimmlref
-%
-\isatagmlref
-%
-\begin{isamarkuptext}%
-\begin{mldecls}
- \indexdef{}{ML type}{class}\verb|type class| \\
- \indexdef{}{ML type}{sort}\verb|type sort| \\
- \indexdef{}{ML type}{arity}\verb|type arity| \\
- \indexdef{}{ML type}{typ}\verb|type typ| \\
- \indexdef{}{ML}{map\_atyps}\verb|map_atyps: (typ -> typ) -> typ -> typ| \\
- \indexdef{}{ML}{fold\_atyps}\verb|fold_atyps: (typ -> 'a -> 'a) -> typ -> 'a -> 'a| \\
- \end{mldecls}
- \begin{mldecls}
- \indexdef{}{ML}{Sign.subsort}\verb|Sign.subsort: theory -> sort * sort -> bool| \\
- \indexdef{}{ML}{Sign.of\_sort}\verb|Sign.of_sort: theory -> typ * sort -> bool| \\
- \indexdef{}{ML}{Sign.add\_types}\verb|Sign.add_types: (string * int * mixfix) list -> theory -> theory| \\
- \indexdef{}{ML}{Sign.add\_tyabbrs\_i}\verb|Sign.add_tyabbrs_i: |\isasep\isanewline%
-\verb| (string * string list * typ * mixfix) list -> theory -> theory| \\
- \indexdef{}{ML}{Sign.primitive\_class}\verb|Sign.primitive_class: string * class list -> theory -> theory| \\
- \indexdef{}{ML}{Sign.primitive\_classrel}\verb|Sign.primitive_classrel: class * class -> theory -> theory| \\
- \indexdef{}{ML}{Sign.primitive\_arity}\verb|Sign.primitive_arity: arity -> theory -> theory| \\
- \end{mldecls}
-
- \begin{description}
-
- \item \verb|class| represents type classes; this is an alias for
- \verb|string|.
-
- \item \verb|sort| represents sorts; this is an alias for
- \verb|class list|.
-
- \item \verb|arity| represents type arities; this is an alias for
- triples of the form \isa{{\isacharparenleft}{\isasymkappa}{\isacharcomma}\ \isactrlvec s{\isacharcomma}\ s{\isacharparenright}} for \isa{{\isasymkappa}\ {\isacharcolon}{\isacharcolon}\ {\isacharparenleft}\isactrlvec s{\isacharparenright}s} described above.
-
- \item \verb|typ| represents types; this is a datatype with
- constructors \verb|TFree|, \verb|TVar|, \verb|Type|.
-
- \item \verb|map_atyps|~\isa{f\ {\isasymtau}} applies the mapping \isa{f}
- to all atomic types (\verb|TFree|, \verb|TVar|) occurring in \isa{{\isasymtau}}.
-
- \item \verb|fold_atyps|~\isa{f\ {\isasymtau}} iterates the operation \isa{f} over all occurrences of atomic types (\verb|TFree|, \verb|TVar|)
- in \isa{{\isasymtau}}; the type structure is traversed from left to right.
-
- \item \verb|Sign.subsort|~\isa{thy\ {\isacharparenleft}s\isactrlisub {\isadigit{1}}{\isacharcomma}\ s\isactrlisub {\isadigit{2}}{\isacharparenright}}
- tests the subsort relation \isa{s\isactrlisub {\isadigit{1}}\ {\isasymsubseteq}\ s\isactrlisub {\isadigit{2}}}.
-
- \item \verb|Sign.of_sort|~\isa{thy\ {\isacharparenleft}{\isasymtau}{\isacharcomma}\ s{\isacharparenright}} tests whether type
- \isa{{\isasymtau}} is of sort \isa{s}.
-
- \item \verb|Sign.add_types|~\isa{{\isacharbrackleft}{\isacharparenleft}{\isasymkappa}{\isacharcomma}\ k{\isacharcomma}\ mx{\isacharparenright}{\isacharcomma}\ {\isasymdots}{\isacharbrackright}} declares a new
- type constructors \isa{{\isasymkappa}} with \isa{k} arguments and
- optional mixfix syntax.
-
- \item \verb|Sign.add_tyabbrs_i|~\isa{{\isacharbrackleft}{\isacharparenleft}{\isasymkappa}{\isacharcomma}\ \isactrlvec {\isasymalpha}{\isacharcomma}\ {\isasymtau}{\isacharcomma}\ mx{\isacharparenright}{\isacharcomma}\ {\isasymdots}{\isacharbrackright}}
- defines a new type abbreviation \isa{{\isacharparenleft}\isactrlvec {\isasymalpha}{\isacharparenright}{\isasymkappa}\ {\isacharequal}\ {\isasymtau}} with
- optional mixfix syntax.
-
- \item \verb|Sign.primitive_class|~\isa{{\isacharparenleft}c{\isacharcomma}\ {\isacharbrackleft}c\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ c\isactrlisub n{\isacharbrackright}{\isacharparenright}} declares a new class \isa{c}, together with class
- relations \isa{c\ {\isasymsubseteq}\ c\isactrlisub i}, for \isa{i\ {\isacharequal}\ {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ n}.
-
- \item \verb|Sign.primitive_classrel|~\isa{{\isacharparenleft}c\isactrlisub {\isadigit{1}}{\isacharcomma}\ c\isactrlisub {\isadigit{2}}{\isacharparenright}} declares the class relation \isa{c\isactrlisub {\isadigit{1}}\ {\isasymsubseteq}\ c\isactrlisub {\isadigit{2}}}.
-
- \item \verb|Sign.primitive_arity|~\isa{{\isacharparenleft}{\isasymkappa}{\isacharcomma}\ \isactrlvec s{\isacharcomma}\ s{\isacharparenright}} declares
- the arity \isa{{\isasymkappa}\ {\isacharcolon}{\isacharcolon}\ {\isacharparenleft}\isactrlvec s{\isacharparenright}s}.
-
- \end{description}%
-\end{isamarkuptext}%
-\isamarkuptrue%
-%
-\endisatagmlref
-{\isafoldmlref}%
-%
-\isadelimmlref
-%
-\endisadelimmlref
-%
-\isamarkupsection{Terms \label{sec:terms}%
-}
-\isamarkuptrue%
-%
-\begin{isamarkuptext}%
-The language of terms is that of simply-typed \isa{{\isasymlambda}}-calculus
- with de-Bruijn indices for bound variables (cf.\ \cite{debruijn72}
- or \cite{paulson-ml2}), with the types being determined by the
- corresponding binders. In contrast, free variables and constants
- are have an explicit name and type in each occurrence.
-
- \medskip A \emph{bound variable} is a natural number \isa{b},
- which accounts for the number of intermediate binders between the
- variable occurrence in the body and its binding position. For
- example, the de-Bruijn term \isa{{\isasymlambda}\isactrlbsub nat\isactrlesub {\isachardot}\ {\isasymlambda}\isactrlbsub nat\isactrlesub {\isachardot}\ {\isadigit{1}}\ {\isacharplus}\ {\isadigit{0}}} would
- correspond to \isa{{\isasymlambda}x\isactrlbsub nat\isactrlesub {\isachardot}\ {\isasymlambda}y\isactrlbsub nat\isactrlesub {\isachardot}\ x\ {\isacharplus}\ y} in a named
- representation. Note that a bound variable may be represented by
- different de-Bruijn indices at different occurrences, depending on
- the nesting of abstractions.
-
- A \emph{loose variable} is a bound variable that is outside the
- scope of local binders. The types (and names) for loose variables
- can be managed as a separate context, that is maintained as a stack
- of hypothetical binders. The core logic operates on closed terms,
- without any loose variables.
-
- A \emph{fixed variable} is a pair of a basic name and a type, e.g.\
- \isa{{\isacharparenleft}x{\isacharcomma}\ {\isasymtau}{\isacharparenright}} which is usually printed \isa{x\isactrlisub {\isasymtau}}. A
- \emph{schematic variable} is a pair of an indexname and a type,
- e.g.\ \isa{{\isacharparenleft}{\isacharparenleft}x{\isacharcomma}\ {\isadigit{0}}{\isacharparenright}{\isacharcomma}\ {\isasymtau}{\isacharparenright}} which is usually printed as \isa{{\isacharquery}x\isactrlisub {\isasymtau}}.
-
- \medskip A \emph{constant} is a pair of a basic name and a type,
- e.g.\ \isa{{\isacharparenleft}c{\isacharcomma}\ {\isasymtau}{\isacharparenright}} which is usually printed as \isa{c\isactrlisub {\isasymtau}}. Constants are declared in the context as polymorphic
- families \isa{c\ {\isacharcolon}{\isacharcolon}\ {\isasymsigma}}, meaning that all substitution instances
- \isa{c\isactrlisub {\isasymtau}} for \isa{{\isasymtau}\ {\isacharequal}\ {\isasymsigma}{\isasymvartheta}} are valid.
-
- The vector of \emph{type arguments} of constant \isa{c\isactrlisub {\isasymtau}}
- wrt.\ the declaration \isa{c\ {\isacharcolon}{\isacharcolon}\ {\isasymsigma}} is defined as the codomain of
- the matcher \isa{{\isasymvartheta}\ {\isacharequal}\ {\isacharbraceleft}{\isacharquery}{\isasymalpha}\isactrlisub {\isadigit{1}}\ {\isasymmapsto}\ {\isasymtau}\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isacharquery}{\isasymalpha}\isactrlisub n\ {\isasymmapsto}\ {\isasymtau}\isactrlisub n{\isacharbraceright}} presented in canonical order \isa{{\isacharparenleft}{\isasymtau}\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymtau}\isactrlisub n{\isacharparenright}}. Within a given theory context,
- there is a one-to-one correspondence between any constant \isa{c\isactrlisub {\isasymtau}} and the application \isa{c{\isacharparenleft}{\isasymtau}\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymtau}\isactrlisub n{\isacharparenright}} of its type arguments. For example, with \isa{plus\ {\isacharcolon}{\isacharcolon}\ {\isasymalpha}\ {\isasymRightarrow}\ {\isasymalpha}\ {\isasymRightarrow}\ {\isasymalpha}}, the instance \isa{plus\isactrlbsub nat\ {\isasymRightarrow}\ nat\ {\isasymRightarrow}\ nat\isactrlesub } corresponds to \isa{plus{\isacharparenleft}nat{\isacharparenright}}.
-
- Constant declarations \isa{c\ {\isacharcolon}{\isacharcolon}\ {\isasymsigma}} may contain sort constraints
- for type variables in \isa{{\isasymsigma}}. These are observed by
- type-inference as expected, but \emph{ignored} by the core logic.
- This means the primitive logic is able to reason with instances of
- polymorphic constants that the user-level type-checker would reject
- due to violation of type class restrictions.
-
- \medskip An \emph{atomic} term is either a variable or constant. A
- \emph{term} is defined inductively over atomic terms, with
- abstraction and application as follows: \isa{t\ {\isacharequal}\ b\ {\isacharbar}\ x\isactrlisub {\isasymtau}\ {\isacharbar}\ {\isacharquery}x\isactrlisub {\isasymtau}\ {\isacharbar}\ c\isactrlisub {\isasymtau}\ {\isacharbar}\ {\isasymlambda}\isactrlisub {\isasymtau}{\isachardot}\ t\ {\isacharbar}\ t\isactrlisub {\isadigit{1}}\ t\isactrlisub {\isadigit{2}}}.
- Parsing and printing takes care of converting between an external
- representation with named bound variables. Subsequently, we shall
- use the latter notation instead of internal de-Bruijn
- representation.
-
- The inductive relation \isa{t\ {\isacharcolon}{\isacharcolon}\ {\isasymtau}} assigns a (unique) type to a
- term according to the structure of atomic terms, abstractions, and
- applicatins:
- \[
- \infer{\isa{a\isactrlisub {\isasymtau}\ {\isacharcolon}{\isacharcolon}\ {\isasymtau}}}{}
- \qquad
- \infer{\isa{{\isacharparenleft}{\isasymlambda}x\isactrlsub {\isasymtau}{\isachardot}\ t{\isacharparenright}\ {\isacharcolon}{\isacharcolon}\ {\isasymtau}\ {\isasymRightarrow}\ {\isasymsigma}}}{\isa{t\ {\isacharcolon}{\isacharcolon}\ {\isasymsigma}}}
- \qquad
- \infer{\isa{t\ u\ {\isacharcolon}{\isacharcolon}\ {\isasymsigma}}}{\isa{t\ {\isacharcolon}{\isacharcolon}\ {\isasymtau}\ {\isasymRightarrow}\ {\isasymsigma}} & \isa{u\ {\isacharcolon}{\isacharcolon}\ {\isasymtau}}}
- \]
- A \emph{well-typed term} is a term that can be typed according to these rules.
-
- Typing information can be omitted: type-inference is able to
- reconstruct the most general type of a raw term, while assigning
- most general types to all of its variables and constants.
- Type-inference depends on a context of type constraints for fixed
- variables, and declarations for polymorphic constants.
-
- The identity of atomic terms consists both of the name and the type
- component. This means that different variables \isa{x\isactrlbsub {\isasymtau}\isactrlisub {\isadigit{1}}\isactrlesub } and \isa{x\isactrlbsub {\isasymtau}\isactrlisub {\isadigit{2}}\isactrlesub } may become the same after type
- instantiation. Some outer layers of the system make it hard to
- produce variables of the same name, but different types. In
- contrast, mixed instances of polymorphic constants occur frequently.
-
- \medskip The \emph{hidden polymorphism} of a term \isa{t\ {\isacharcolon}{\isacharcolon}\ {\isasymsigma}}
- is the set of type variables occurring in \isa{t}, but not in
- \isa{{\isasymsigma}}. This means that the term implicitly depends on type
- arguments that are not accounted in the result type, i.e.\ there are
- different type instances \isa{t{\isasymvartheta}\ {\isacharcolon}{\isacharcolon}\ {\isasymsigma}} and \isa{t{\isasymvartheta}{\isacharprime}\ {\isacharcolon}{\isacharcolon}\ {\isasymsigma}} with the same type. This slightly
- pathological situation notoriously demands additional care.
-
- \medskip A \emph{term abbreviation} is a syntactic definition \isa{c\isactrlisub {\isasymsigma}\ {\isasymequiv}\ t} of a closed term \isa{t} of type \isa{{\isasymsigma}},
- without any hidden polymorphism. A term abbreviation looks like a
- constant in the syntax, but is expanded before entering the logical
- core. Abbreviations are usually reverted when printing terms, using
- \isa{t\ {\isasymrightarrow}\ c\isactrlisub {\isasymsigma}} as rules for higher-order rewriting.
-
- \medskip Canonical operations on \isa{{\isasymlambda}}-terms include \isa{{\isasymalpha}{\isasymbeta}{\isasymeta}}-conversion: \isa{{\isasymalpha}}-conversion refers to capture-free
- renaming of bound variables; \isa{{\isasymbeta}}-conversion contracts an
- abstraction applied to an argument term, substituting the argument
- in the body: \isa{{\isacharparenleft}{\isasymlambda}x{\isachardot}\ b{\isacharparenright}a} becomes \isa{b{\isacharbrackleft}a{\isacharslash}x{\isacharbrackright}}; \isa{{\isasymeta}}-conversion contracts vacuous application-abstraction: \isa{{\isasymlambda}x{\isachardot}\ f\ x} becomes \isa{f}, provided that the bound variable
- does not occur in \isa{f}.
-
- Terms are normally treated modulo \isa{{\isasymalpha}}-conversion, which is
- implicit in the de-Bruijn representation. Names for bound variables
- in abstractions are maintained separately as (meaningless) comments,
- mostly for parsing and printing. Full \isa{{\isasymalpha}{\isasymbeta}{\isasymeta}}-conversion is
- commonplace in various standard operations (\secref{sec:obj-rules})
- that are based on higher-order unification and matching.%
-\end{isamarkuptext}%
-\isamarkuptrue%
-%
-\isadelimmlref
-%
-\endisadelimmlref
-%
-\isatagmlref
-%
-\begin{isamarkuptext}%
-\begin{mldecls}
- \indexdef{}{ML type}{term}\verb|type term| \\
- \indexdef{}{ML}{op aconv}\verb|op aconv: term * term -> bool| \\
- \indexdef{}{ML}{map\_types}\verb|map_types: (typ -> typ) -> term -> term| \\
- \indexdef{}{ML}{fold\_types}\verb|fold_types: (typ -> 'a -> 'a) -> term -> 'a -> 'a| \\
- \indexdef{}{ML}{map\_aterms}\verb|map_aterms: (term -> term) -> term -> term| \\
- \indexdef{}{ML}{fold\_aterms}\verb|fold_aterms: (term -> 'a -> 'a) -> term -> 'a -> 'a| \\
- \end{mldecls}
- \begin{mldecls}
- \indexdef{}{ML}{fastype\_of}\verb|fastype_of: term -> typ| \\
- \indexdef{}{ML}{lambda}\verb|lambda: term -> term -> term| \\
- \indexdef{}{ML}{betapply}\verb|betapply: term * term -> term| \\
- \indexdef{}{ML}{Sign.declare\_const}\verb|Sign.declare_const: Properties.T -> (binding * typ) * mixfix ->|\isasep\isanewline%
-\verb| theory -> term * theory| \\
- \indexdef{}{ML}{Sign.add\_abbrev}\verb|Sign.add_abbrev: string -> Properties.T -> binding * term ->|\isasep\isanewline%
-\verb| theory -> (term * term) * theory| \\
- \indexdef{}{ML}{Sign.const\_typargs}\verb|Sign.const_typargs: theory -> string * typ -> typ list| \\
- \indexdef{}{ML}{Sign.const\_instance}\verb|Sign.const_instance: theory -> string * typ list -> typ| \\
- \end{mldecls}
-
- \begin{description}
-
- \item \verb|term| represents de-Bruijn terms, with comments in
- abstractions, and explicitly named free variables and constants;
- this is a datatype with constructors \verb|Bound|, \verb|Free|, \verb|Var|, \verb|Const|, \verb|Abs|, \verb|op $|.
-
- \item \isa{t}~\verb|aconv|~\isa{u} checks \isa{{\isasymalpha}}-equivalence of two terms. This is the basic equality relation
- on type \verb|term|; raw datatype equality should only be used
- for operations related to parsing or printing!
-
- \item \verb|map_types|~\isa{f\ t} applies the mapping \isa{f} to all types occurring in \isa{t}.
-
- \item \verb|fold_types|~\isa{f\ t} iterates the operation \isa{f} over all occurrences of types in \isa{t}; the term
- structure is traversed from left to right.
-
- \item \verb|map_aterms|~\isa{f\ t} applies the mapping \isa{f}
- to all atomic terms (\verb|Bound|, \verb|Free|, \verb|Var|, \verb|Const|) occurring in \isa{t}.
-
- \item \verb|fold_aterms|~\isa{f\ t} iterates the operation \isa{f} over all occurrences of atomic terms (\verb|Bound|, \verb|Free|,
- \verb|Var|, \verb|Const|) in \isa{t}; the term structure is
- traversed from left to right.
-
- \item \verb|fastype_of|~\isa{t} determines the type of a
- well-typed term. This operation is relatively slow, despite the
- omission of any sanity checks.
-
- \item \verb|lambda|~\isa{a\ b} produces an abstraction \isa{{\isasymlambda}a{\isachardot}\ b}, where occurrences of the atomic term \isa{a} in the
- body \isa{b} are replaced by bound variables.
-
- \item \verb|betapply|~\isa{{\isacharparenleft}t{\isacharcomma}\ u{\isacharparenright}} produces an application \isa{t\ u}, with topmost \isa{{\isasymbeta}}-conversion if \isa{t} is an
- abstraction.
-
- \item \verb|Sign.declare_const|~\isa{properties\ {\isacharparenleft}{\isacharparenleft}c{\isacharcomma}\ {\isasymsigma}{\isacharparenright}{\isacharcomma}\ mx{\isacharparenright}}
- declares a new constant \isa{c\ {\isacharcolon}{\isacharcolon}\ {\isasymsigma}} with optional mixfix
- syntax.
-
- \item \verb|Sign.add_abbrev|~\isa{print{\isacharunderscore}mode\ properties\ {\isacharparenleft}c{\isacharcomma}\ t{\isacharparenright}}
- introduces a new term abbreviation \isa{c\ {\isasymequiv}\ t}.
-
- \item \verb|Sign.const_typargs|~\isa{thy\ {\isacharparenleft}c{\isacharcomma}\ {\isasymtau}{\isacharparenright}} and \verb|Sign.const_instance|~\isa{thy\ {\isacharparenleft}c{\isacharcomma}\ {\isacharbrackleft}{\isasymtau}\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymtau}\isactrlisub n{\isacharbrackright}{\isacharparenright}}
- convert between two representations of polymorphic constants: full
- type instance vs.\ compact type arguments form.
-
- \end{description}%
-\end{isamarkuptext}%
-\isamarkuptrue%
-%
-\endisatagmlref
-{\isafoldmlref}%
-%
-\isadelimmlref
-%
-\endisadelimmlref
-%
-\isamarkupsection{Theorems \label{sec:thms}%
-}
-\isamarkuptrue%
-%
-\begin{isamarkuptext}%
-A \emph{proposition} is a well-typed term of type \isa{prop}, a
- \emph{theorem} is a proven proposition (depending on a context of
- hypotheses and the background theory). Primitive inferences include
- plain Natural Deduction rules for the primary connectives \isa{{\isasymAnd}} and \isa{{\isasymLongrightarrow}} of the framework. There is also a builtin
- notion of equality/equivalence \isa{{\isasymequiv}}.%
-\end{isamarkuptext}%
-\isamarkuptrue%
-%
-\isamarkupsubsection{Primitive connectives and rules \label{sec:prim-rules}%
-}
-\isamarkuptrue%
-%
-\begin{isamarkuptext}%
-The theory \isa{Pure} contains constant declarations for the
- primitive connectives \isa{{\isasymAnd}}, \isa{{\isasymLongrightarrow}}, and \isa{{\isasymequiv}} of
- the logical framework, see \figref{fig:pure-connectives}. The
- derivability judgment \isa{A\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ A\isactrlisub n\ {\isasymturnstile}\ B} is
- defined inductively by the primitive inferences given in
- \figref{fig:prim-rules}, with the global restriction that the
- hypotheses must \emph{not} contain any schematic variables. The
- builtin equality is conceptually axiomatized as shown in
- \figref{fig:pure-equality}, although the implementation works
- directly with derived inferences.
-
- \begin{figure}[htb]
- \begin{center}
- \begin{tabular}{ll}
- \isa{all\ {\isacharcolon}{\isacharcolon}\ {\isacharparenleft}{\isasymalpha}\ {\isasymRightarrow}\ prop{\isacharparenright}\ {\isasymRightarrow}\ prop} & universal quantification (binder \isa{{\isasymAnd}}) \\
- \isa{{\isasymLongrightarrow}\ {\isacharcolon}{\isacharcolon}\ prop\ {\isasymRightarrow}\ prop\ {\isasymRightarrow}\ prop} & implication (right associative infix) \\
- \isa{{\isasymequiv}\ {\isacharcolon}{\isacharcolon}\ {\isasymalpha}\ {\isasymRightarrow}\ {\isasymalpha}\ {\isasymRightarrow}\ prop} & equality relation (infix) \\
- \end{tabular}
- \caption{Primitive connectives of Pure}\label{fig:pure-connectives}
- \end{center}
- \end{figure}
-
- \begin{figure}[htb]
- \begin{center}
- \[
- \infer[\isa{{\isacharparenleft}axiom{\isacharparenright}}]{\isa{{\isasymturnstile}\ A}}{\isa{A\ {\isasymin}\ {\isasymTheta}}}
- \qquad
- \infer[\isa{{\isacharparenleft}assume{\isacharparenright}}]{\isa{A\ {\isasymturnstile}\ A}}{}
- \]
- \[
- \infer[\isa{{\isacharparenleft}{\isasymAnd}{\isacharunderscore}intro{\isacharparenright}}]{\isa{{\isasymGamma}\ {\isasymturnstile}\ {\isasymAnd}x{\isachardot}\ b{\isacharbrackleft}x{\isacharbrackright}}}{\isa{{\isasymGamma}\ {\isasymturnstile}\ b{\isacharbrackleft}x{\isacharbrackright}} & \isa{x\ {\isasymnotin}\ {\isasymGamma}}}
- \qquad
- \infer[\isa{{\isacharparenleft}{\isasymAnd}{\isacharunderscore}elim{\isacharparenright}}]{\isa{{\isasymGamma}\ {\isasymturnstile}\ b{\isacharbrackleft}a{\isacharbrackright}}}{\isa{{\isasymGamma}\ {\isasymturnstile}\ {\isasymAnd}x{\isachardot}\ b{\isacharbrackleft}x{\isacharbrackright}}}
- \]
- \[
- \infer[\isa{{\isacharparenleft}{\isasymLongrightarrow}{\isacharunderscore}intro{\isacharparenright}}]{\isa{{\isasymGamma}\ {\isacharminus}\ A\ {\isasymturnstile}\ A\ {\isasymLongrightarrow}\ B}}{\isa{{\isasymGamma}\ {\isasymturnstile}\ B}}
- \qquad
- \infer[\isa{{\isacharparenleft}{\isasymLongrightarrow}{\isacharunderscore}elim{\isacharparenright}}]{\isa{{\isasymGamma}\isactrlsub {\isadigit{1}}\ {\isasymunion}\ {\isasymGamma}\isactrlsub {\isadigit{2}}\ {\isasymturnstile}\ B}}{\isa{{\isasymGamma}\isactrlsub {\isadigit{1}}\ {\isasymturnstile}\ A\ {\isasymLongrightarrow}\ B} & \isa{{\isasymGamma}\isactrlsub {\isadigit{2}}\ {\isasymturnstile}\ A}}
- \]
- \caption{Primitive inferences of Pure}\label{fig:prim-rules}
- \end{center}
- \end{figure}
-
- \begin{figure}[htb]
- \begin{center}
- \begin{tabular}{ll}
- \isa{{\isasymturnstile}\ {\isacharparenleft}{\isasymlambda}x{\isachardot}\ b{\isacharbrackleft}x{\isacharbrackright}{\isacharparenright}\ a\ {\isasymequiv}\ b{\isacharbrackleft}a{\isacharbrackright}} & \isa{{\isasymbeta}}-conversion \\
- \isa{{\isasymturnstile}\ x\ {\isasymequiv}\ x} & reflexivity \\
- \isa{{\isasymturnstile}\ x\ {\isasymequiv}\ y\ {\isasymLongrightarrow}\ P\ x\ {\isasymLongrightarrow}\ P\ y} & substitution \\
- \isa{{\isasymturnstile}\ {\isacharparenleft}{\isasymAnd}x{\isachardot}\ f\ x\ {\isasymequiv}\ g\ x{\isacharparenright}\ {\isasymLongrightarrow}\ f\ {\isasymequiv}\ g} & extensionality \\
- \isa{{\isasymturnstile}\ {\isacharparenleft}A\ {\isasymLongrightarrow}\ B{\isacharparenright}\ {\isasymLongrightarrow}\ {\isacharparenleft}B\ {\isasymLongrightarrow}\ A{\isacharparenright}\ {\isasymLongrightarrow}\ A\ {\isasymequiv}\ B} & logical equivalence \\
- \end{tabular}
- \caption{Conceptual axiomatization of Pure equality}\label{fig:pure-equality}
- \end{center}
- \end{figure}
-
- The introduction and elimination rules for \isa{{\isasymAnd}} and \isa{{\isasymLongrightarrow}} are analogous to formation of dependently typed \isa{{\isasymlambda}}-terms representing the underlying proof objects. Proof terms
- are irrelevant in the Pure logic, though; they cannot occur within
- propositions. The system provides a runtime option to record
- explicit proof terms for primitive inferences. Thus all three
- levels of \isa{{\isasymlambda}}-calculus become explicit: \isa{{\isasymRightarrow}} for
- terms, and \isa{{\isasymAnd}{\isacharslash}{\isasymLongrightarrow}} for proofs (cf.\
- \cite{Berghofer-Nipkow:2000:TPHOL}).
-
- Observe that locally fixed parameters (as in \isa{{\isasymAnd}{\isacharunderscore}intro}) need
- not be recorded in the hypotheses, because the simple syntactic
- types of Pure are always inhabitable. ``Assumptions'' \isa{x\ {\isacharcolon}{\isacharcolon}\ {\isasymtau}} for type-membership are only present as long as some \isa{x\isactrlisub {\isasymtau}} occurs in the statement body.\footnote{This is the key
- difference to ``\isa{{\isasymlambda}HOL}'' in the PTS framework
- \cite{Barendregt-Geuvers:2001}, where hypotheses \isa{x\ {\isacharcolon}\ A} are
- treated uniformly for propositions and types.}
-
- \medskip The axiomatization of a theory is implicitly closed by
- forming all instances of type and term variables: \isa{{\isasymturnstile}\ A{\isasymvartheta}} holds for any substitution instance of an axiom
- \isa{{\isasymturnstile}\ A}. By pushing substitutions through derivations
- inductively, we also get admissible \isa{generalize} and \isa{instance} rules as shown in \figref{fig:subst-rules}.
-
- \begin{figure}[htb]
- \begin{center}
- \[
- \infer{\isa{{\isasymGamma}\ {\isasymturnstile}\ B{\isacharbrackleft}{\isacharquery}{\isasymalpha}{\isacharbrackright}}}{\isa{{\isasymGamma}\ {\isasymturnstile}\ B{\isacharbrackleft}{\isasymalpha}{\isacharbrackright}} & \isa{{\isasymalpha}\ {\isasymnotin}\ {\isasymGamma}}}
- \quad
- \infer[\quad\isa{{\isacharparenleft}generalize{\isacharparenright}}]{\isa{{\isasymGamma}\ {\isasymturnstile}\ B{\isacharbrackleft}{\isacharquery}x{\isacharbrackright}}}{\isa{{\isasymGamma}\ {\isasymturnstile}\ B{\isacharbrackleft}x{\isacharbrackright}} & \isa{x\ {\isasymnotin}\ {\isasymGamma}}}
- \]
- \[
- \infer{\isa{{\isasymGamma}\ {\isasymturnstile}\ B{\isacharbrackleft}{\isasymtau}{\isacharbrackright}}}{\isa{{\isasymGamma}\ {\isasymturnstile}\ B{\isacharbrackleft}{\isacharquery}{\isasymalpha}{\isacharbrackright}}}
- \quad
- \infer[\quad\isa{{\isacharparenleft}instantiate{\isacharparenright}}]{\isa{{\isasymGamma}\ {\isasymturnstile}\ B{\isacharbrackleft}t{\isacharbrackright}}}{\isa{{\isasymGamma}\ {\isasymturnstile}\ B{\isacharbrackleft}{\isacharquery}x{\isacharbrackright}}}
- \]
- \caption{Admissible substitution rules}\label{fig:subst-rules}
- \end{center}
- \end{figure}
-
- Note that \isa{instantiate} does not require an explicit
- side-condition, because \isa{{\isasymGamma}} may never contain schematic
- variables.
-
- In principle, variables could be substituted in hypotheses as well,
- but this would disrupt the monotonicity of reasoning: deriving
- \isa{{\isasymGamma}{\isasymvartheta}\ {\isasymturnstile}\ B{\isasymvartheta}} from \isa{{\isasymGamma}\ {\isasymturnstile}\ B} is
- correct, but \isa{{\isasymGamma}{\isasymvartheta}\ {\isasymsupseteq}\ {\isasymGamma}} does not necessarily hold:
- the result belongs to a different proof context.
-
- \medskip An \emph{oracle} is a function that produces axioms on the
- fly. Logically, this is an instance of the \isa{axiom} rule
- (\figref{fig:prim-rules}), but there is an operational difference.
- The system always records oracle invocations within derivations of
- theorems by a unique tag.
-
- Axiomatizations should be limited to the bare minimum, typically as
- part of the initial logical basis of an object-logic formalization.
- Later on, theories are usually developed in a strictly definitional
- fashion, by stating only certain equalities over new constants.
-
- A \emph{simple definition} consists of a constant declaration \isa{c\ {\isacharcolon}{\isacharcolon}\ {\isasymsigma}} together with an axiom \isa{{\isasymturnstile}\ c\ {\isasymequiv}\ t}, where \isa{t\ {\isacharcolon}{\isacharcolon}\ {\isasymsigma}} is a closed term without any hidden polymorphism. The RHS
- may depend on further defined constants, but not \isa{c} itself.
- Definitions of functions may be presented as \isa{c\ \isactrlvec x\ {\isasymequiv}\ t} instead of the puristic \isa{c\ {\isasymequiv}\ {\isasymlambda}\isactrlvec x{\isachardot}\ t}.
-
- An \emph{overloaded definition} consists of a collection of axioms
- for the same constant, with zero or one equations \isa{c{\isacharparenleft}{\isacharparenleft}\isactrlvec {\isasymalpha}{\isacharparenright}{\isasymkappa}{\isacharparenright}\ {\isasymequiv}\ t} for each type constructor \isa{{\isasymkappa}} (for
- distinct variables \isa{\isactrlvec {\isasymalpha}}). The RHS may mention
- previously defined constants as above, or arbitrary constants \isa{d{\isacharparenleft}{\isasymalpha}\isactrlisub i{\isacharparenright}} for some \isa{{\isasymalpha}\isactrlisub i} projected from \isa{\isactrlvec {\isasymalpha}}. Thus overloaded definitions essentially work by
- primitive recursion over the syntactic structure of a single type
- argument.%
-\end{isamarkuptext}%
-\isamarkuptrue%
-%
-\isadelimmlref
-%
-\endisadelimmlref
-%
-\isatagmlref
-%
-\begin{isamarkuptext}%
-\begin{mldecls}
- \indexdef{}{ML type}{ctyp}\verb|type ctyp| \\
- \indexdef{}{ML type}{cterm}\verb|type cterm| \\
- \indexdef{}{ML}{Thm.ctyp\_of}\verb|Thm.ctyp_of: theory -> typ -> ctyp| \\
- \indexdef{}{ML}{Thm.cterm\_of}\verb|Thm.cterm_of: theory -> term -> cterm| \\
- \end{mldecls}
- \begin{mldecls}
- \indexdef{}{ML type}{thm}\verb|type thm| \\
- \indexdef{}{ML}{proofs}\verb|proofs: int ref| \\
- \indexdef{}{ML}{Thm.assume}\verb|Thm.assume: cterm -> thm| \\
- \indexdef{}{ML}{Thm.forall\_intr}\verb|Thm.forall_intr: cterm -> thm -> thm| \\
- \indexdef{}{ML}{Thm.forall\_elim}\verb|Thm.forall_elim: cterm -> thm -> thm| \\
- \indexdef{}{ML}{Thm.implies\_intr}\verb|Thm.implies_intr: cterm -> thm -> thm| \\
- \indexdef{}{ML}{Thm.implies\_elim}\verb|Thm.implies_elim: thm -> thm -> thm| \\
- \indexdef{}{ML}{Thm.generalize}\verb|Thm.generalize: string list * string list -> int -> thm -> thm| \\
- \indexdef{}{ML}{Thm.instantiate}\verb|Thm.instantiate: (ctyp * ctyp) list * (cterm * cterm) list -> thm -> thm| \\
- \indexdef{}{ML}{Thm.axiom}\verb|Thm.axiom: theory -> string -> thm| \\
- \indexdef{}{ML}{Thm.add\_oracle}\verb|Thm.add_oracle: bstring * ('a -> cterm) -> theory|\isasep\isanewline%
-\verb| -> (string * ('a -> thm)) * theory| \\
- \end{mldecls}
- \begin{mldecls}
- \indexdef{}{ML}{Theory.add\_axioms\_i}\verb|Theory.add_axioms_i: (binding * term) list -> theory -> theory| \\
- \indexdef{}{ML}{Theory.add\_deps}\verb|Theory.add_deps: string -> string * typ -> (string * typ) list -> theory -> theory| \\
- \indexdef{}{ML}{Theory.add\_defs\_i}\verb|Theory.add_defs_i: bool -> bool -> (binding * term) list -> theory -> theory| \\
- \end{mldecls}
-
- \begin{description}
-
- \item \verb|ctyp| and \verb|cterm| represent certified types
- and terms, respectively. These are abstract datatypes that
- guarantee that its values have passed the full well-formedness (and
- well-typedness) checks, relative to the declarations of type
- constructors, constants etc. in the theory.
-
- \item \verb|Thm.ctyp_of|~\isa{thy\ {\isasymtau}} and \verb|Thm.cterm_of|~\isa{thy\ t} explicitly checks types and terms,
- respectively. This also involves some basic normalizations, such
- expansion of type and term abbreviations from the theory context.
-
- Re-certification is relatively slow and should be avoided in tight
- reasoning loops. There are separate operations to decompose
- certified entities (including actual theorems).
-
- \item \verb|thm| represents proven propositions. This is an
- abstract datatype that guarantees that its values have been
- constructed by basic principles of the \verb|Thm| module.
- Every \verb|thm| value contains a sliding back-reference to the
- enclosing theory, cf.\ \secref{sec:context-theory}.
-
- \item \verb|proofs| determines the detail of proof recording within
- \verb|thm| values: \verb|0| records only the names of oracles,
- \verb|1| records oracle names and propositions, \verb|2| additionally
- records full proof terms. Officially named theorems that contribute
- to a result are always recorded.
-
- \item \verb|Thm.assume|, \verb|Thm.forall_intr|, \verb|Thm.forall_elim|, \verb|Thm.implies_intr|, and \verb|Thm.implies_elim|
- correspond to the primitive inferences of \figref{fig:prim-rules}.
-
- \item \verb|Thm.generalize|~\isa{{\isacharparenleft}\isactrlvec {\isasymalpha}{\isacharcomma}\ \isactrlvec x{\isacharparenright}}
- corresponds to the \isa{generalize} rules of
- \figref{fig:subst-rules}. Here collections of type and term
- variables are generalized simultaneously, specified by the given
- basic names.
-
- \item \verb|Thm.instantiate|~\isa{{\isacharparenleft}\isactrlvec {\isasymalpha}\isactrlisub s{\isacharcomma}\ \isactrlvec x\isactrlisub {\isasymtau}{\isacharparenright}} corresponds to the \isa{instantiate} rules
- of \figref{fig:subst-rules}. Type variables are substituted before
- term variables. Note that the types in \isa{\isactrlvec x\isactrlisub {\isasymtau}}
- refer to the instantiated versions.
-
- \item \verb|Thm.axiom|~\isa{thy\ name} retrieves a named
- axiom, cf.\ \isa{axiom} in \figref{fig:prim-rules}.
-
- \item \verb|Thm.add_oracle|~\isa{{\isacharparenleft}name{\isacharcomma}\ oracle{\isacharparenright}} produces a named
- oracle rule, essentially generating arbitrary axioms on the fly,
- cf.\ \isa{axiom} in \figref{fig:prim-rules}.
-
- \item \verb|Theory.add_axioms_i|~\isa{{\isacharbrackleft}{\isacharparenleft}name{\isacharcomma}\ A{\isacharparenright}{\isacharcomma}\ {\isasymdots}{\isacharbrackright}} declares
- arbitrary propositions as axioms.
-
- \item \verb|Theory.add_deps|~\isa{name\ c\isactrlisub {\isasymtau}\ \isactrlvec d\isactrlisub {\isasymsigma}} declares dependencies of a named specification
- for constant \isa{c\isactrlisub {\isasymtau}}, relative to existing
- specifications for constants \isa{\isactrlvec d\isactrlisub {\isasymsigma}}.
-
- \item \verb|Theory.add_defs_i|~\isa{unchecked\ overloaded\ {\isacharbrackleft}{\isacharparenleft}name{\isacharcomma}\ c\ \isactrlvec x\ {\isasymequiv}\ t{\isacharparenright}{\isacharcomma}\ {\isasymdots}{\isacharbrackright}} states a definitional axiom for an existing
- constant \isa{c}. Dependencies are recorded (cf.\ \verb|Theory.add_deps|), unless the \isa{unchecked} option is set.
-
- \end{description}%
-\end{isamarkuptext}%
-\isamarkuptrue%
-%
-\endisatagmlref
-{\isafoldmlref}%
-%
-\isadelimmlref
-%
-\endisadelimmlref
-%
-\isamarkupsubsection{Auxiliary definitions%
-}
-\isamarkuptrue%
-%
-\begin{isamarkuptext}%
-Theory \isa{Pure} provides a few auxiliary definitions, see
- \figref{fig:pure-aux}. These special constants are normally not
- exposed to the user, but appear in internal encodings.
-
- \begin{figure}[htb]
- \begin{center}
- \begin{tabular}{ll}
- \isa{conjunction\ {\isacharcolon}{\isacharcolon}\ prop\ {\isasymRightarrow}\ prop\ {\isasymRightarrow}\ prop} & (infix \isa{{\isacharampersand}}) \\
- \isa{{\isasymturnstile}\ A\ {\isacharampersand}\ B\ {\isasymequiv}\ {\isacharparenleft}{\isasymAnd}C{\isachardot}\ {\isacharparenleft}A\ {\isasymLongrightarrow}\ B\ {\isasymLongrightarrow}\ C{\isacharparenright}\ {\isasymLongrightarrow}\ C{\isacharparenright}} \\[1ex]
- \isa{prop\ {\isacharcolon}{\isacharcolon}\ prop\ {\isasymRightarrow}\ prop} & (prefix \isa{{\isacharhash}}, suppressed) \\
- \isa{{\isacharhash}A\ {\isasymequiv}\ A} \\[1ex]
- \isa{term\ {\isacharcolon}{\isacharcolon}\ {\isasymalpha}\ {\isasymRightarrow}\ prop} & (prefix \isa{TERM}) \\
- \isa{term\ x\ {\isasymequiv}\ {\isacharparenleft}{\isasymAnd}A{\isachardot}\ A\ {\isasymLongrightarrow}\ A{\isacharparenright}} \\[1ex]
- \isa{TYPE\ {\isacharcolon}{\isacharcolon}\ {\isasymalpha}\ itself} & (prefix \isa{TYPE}) \\
- \isa{{\isacharparenleft}unspecified{\isacharparenright}} \\
- \end{tabular}
- \caption{Definitions of auxiliary connectives}\label{fig:pure-aux}
- \end{center}
- \end{figure}
-
- Derived conjunction rules include introduction \isa{A\ {\isasymLongrightarrow}\ B\ {\isasymLongrightarrow}\ A\ {\isacharampersand}\ B}, and destructions \isa{A\ {\isacharampersand}\ B\ {\isasymLongrightarrow}\ A} and \isa{A\ {\isacharampersand}\ B\ {\isasymLongrightarrow}\ B}.
- Conjunction allows to treat simultaneous assumptions and conclusions
- uniformly. For example, multiple claims are intermediately
- represented as explicit conjunction, but this is refined into
- separate sub-goals before the user continues the proof; the final
- result is projected into a list of theorems (cf.\
- \secref{sec:tactical-goals}).
-
- The \isa{prop} marker (\isa{{\isacharhash}}) makes arbitrarily complex
- propositions appear as atomic, without changing the meaning: \isa{{\isasymGamma}\ {\isasymturnstile}\ A} and \isa{{\isasymGamma}\ {\isasymturnstile}\ {\isacharhash}A} are interchangeable. See
- \secref{sec:tactical-goals} for specific operations.
-
- The \isa{term} marker turns any well-typed term into a derivable
- proposition: \isa{{\isasymturnstile}\ TERM\ t} holds unconditionally. Although
- this is logically vacuous, it allows to treat terms and proofs
- uniformly, similar to a type-theoretic framework.
-
- The \isa{TYPE} constructor is the canonical representative of
- the unspecified type \isa{{\isasymalpha}\ itself}; it essentially injects the
- language of types into that of terms. There is specific notation
- \isa{TYPE{\isacharparenleft}{\isasymtau}{\isacharparenright}} for \isa{TYPE\isactrlbsub {\isasymtau}\ itself\isactrlesub }.
- Although being devoid of any particular meaning, the \isa{TYPE{\isacharparenleft}{\isasymtau}{\isacharparenright}} accounts for the type \isa{{\isasymtau}} within the term
- language. In particular, \isa{TYPE{\isacharparenleft}{\isasymalpha}{\isacharparenright}} may be used as formal
- argument in primitive definitions, in order to circumvent hidden
- polymorphism (cf.\ \secref{sec:terms}). For example, \isa{c\ TYPE{\isacharparenleft}{\isasymalpha}{\isacharparenright}\ {\isasymequiv}\ A{\isacharbrackleft}{\isasymalpha}{\isacharbrackright}} defines \isa{c\ {\isacharcolon}{\isacharcolon}\ {\isasymalpha}\ itself\ {\isasymRightarrow}\ prop} in terms of
- a proposition \isa{A} that depends on an additional type
- argument, which is essentially a predicate on types.%
-\end{isamarkuptext}%
-\isamarkuptrue%
-%
-\isadelimmlref
-%
-\endisadelimmlref
-%
-\isatagmlref
-%
-\begin{isamarkuptext}%
-\begin{mldecls}
- \indexdef{}{ML}{Conjunction.intr}\verb|Conjunction.intr: thm -> thm -> thm| \\
- \indexdef{}{ML}{Conjunction.elim}\verb|Conjunction.elim: thm -> thm * thm| \\
- \indexdef{}{ML}{Drule.mk\_term}\verb|Drule.mk_term: cterm -> thm| \\
- \indexdef{}{ML}{Drule.dest\_term}\verb|Drule.dest_term: thm -> cterm| \\
- \indexdef{}{ML}{Logic.mk\_type}\verb|Logic.mk_type: typ -> term| \\
- \indexdef{}{ML}{Logic.dest\_type}\verb|Logic.dest_type: term -> typ| \\
- \end{mldecls}
-
- \begin{description}
-
- \item \verb|Conjunction.intr| derives \isa{A\ {\isacharampersand}\ B} from \isa{A} and \isa{B}.
-
- \item \verb|Conjunction.elim| derives \isa{A} and \isa{B}
- from \isa{A\ {\isacharampersand}\ B}.
-
- \item \verb|Drule.mk_term| derives \isa{TERM\ t}.
-
- \item \verb|Drule.dest_term| recovers term \isa{t} from \isa{TERM\ t}.
-
- \item \verb|Logic.mk_type|~\isa{{\isasymtau}} produces the term \isa{TYPE{\isacharparenleft}{\isasymtau}{\isacharparenright}}.
-
- \item \verb|Logic.dest_type|~\isa{TYPE{\isacharparenleft}{\isasymtau}{\isacharparenright}} recovers the type
- \isa{{\isasymtau}}.
-
- \end{description}%
-\end{isamarkuptext}%
-\isamarkuptrue%
-%
-\endisatagmlref
-{\isafoldmlref}%
-%
-\isadelimmlref
-%
-\endisadelimmlref
-%
-\isamarkupsection{Object-level rules \label{sec:obj-rules}%
-}
-\isamarkuptrue%
-%
-\begin{isamarkuptext}%
-The primitive inferences covered so far mostly serve foundational
- purposes. User-level reasoning usually works via object-level rules
- that are represented as theorems of Pure. Composition of rules
- involves \emph{backchaining}, \emph{higher-order unification} modulo
- \isa{{\isasymalpha}{\isasymbeta}{\isasymeta}}-conversion of \isa{{\isasymlambda}}-terms, and so-called
- \emph{lifting} of rules into a context of \isa{{\isasymAnd}} and \isa{{\isasymLongrightarrow}} connectives. Thus the full power of higher-order Natural
- Deduction in Isabelle/Pure becomes readily available.%
-\end{isamarkuptext}%
-\isamarkuptrue%
-%
-\isamarkupsubsection{Hereditary Harrop Formulae%
-}
-\isamarkuptrue%
-%
-\begin{isamarkuptext}%
-The idea of object-level rules is to model Natural Deduction
- inferences in the style of Gentzen \cite{Gentzen:1935}, but we allow
- arbitrary nesting similar to \cite{extensions91}. The most basic
- rule format is that of a \emph{Horn Clause}:
- \[
- \infer{\isa{A}}{\isa{A\isactrlsub {\isadigit{1}}} & \isa{{\isasymdots}} & \isa{A\isactrlsub n}}
- \]
- where \isa{A{\isacharcomma}\ A\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ A\isactrlsub n} are atomic propositions
- of the framework, usually of the form \isa{Trueprop\ B}, where
- \isa{B} is a (compound) object-level statement. This
- object-level inference corresponds to an iterated implication in
- Pure like this:
- \[
- \isa{A\isactrlsub {\isadigit{1}}\ {\isasymLongrightarrow}\ {\isasymdots}\ A\isactrlsub n\ {\isasymLongrightarrow}\ A}
- \]
- As an example consider conjunction introduction: \isa{A\ {\isasymLongrightarrow}\ B\ {\isasymLongrightarrow}\ A\ {\isasymand}\ B}. Any parameters occurring in such rule statements are
- conceptionally treated as arbitrary:
- \[
- \isa{{\isasymAnd}x\isactrlsub {\isadigit{1}}\ {\isasymdots}\ x\isactrlsub m{\isachardot}\ A\isactrlsub {\isadigit{1}}\ x\isactrlsub {\isadigit{1}}\ {\isasymdots}\ x\isactrlsub m\ {\isasymLongrightarrow}\ {\isasymdots}\ A\isactrlsub n\ x\isactrlsub {\isadigit{1}}\ {\isasymdots}\ x\isactrlsub m\ {\isasymLongrightarrow}\ A\ x\isactrlsub {\isadigit{1}}\ {\isasymdots}\ x\isactrlsub m}
- \]
-
- Nesting of rules means that the positions of \isa{A\isactrlsub i} may
- again hold compound rules, not just atomic propositions.
- Propositions of this format are called \emph{Hereditary Harrop
- Formulae} in the literature \cite{Miller:1991}. Here we give an
- inductive characterization as follows:
-
- \medskip
- \begin{tabular}{ll}
- \isa{\isactrlbold x} & set of variables \\
- \isa{\isactrlbold A} & set of atomic propositions \\
- \isa{\isactrlbold H\ \ {\isacharequal}\ \ {\isasymAnd}\isactrlbold x\isactrlsup {\isacharasterisk}{\isachardot}\ \isactrlbold H\isactrlsup {\isacharasterisk}\ {\isasymLongrightarrow}\ \isactrlbold A} & set of Hereditary Harrop Formulas \\
- \end{tabular}
- \medskip
-
- \noindent Thus we essentially impose nesting levels on propositions
- formed from \isa{{\isasymAnd}} and \isa{{\isasymLongrightarrow}}. At each level there is a
- prefix of parameters and compound premises, concluding an atomic
- proposition. Typical examples are \isa{{\isasymlongrightarrow}}-introduction \isa{{\isacharparenleft}A\ {\isasymLongrightarrow}\ B{\isacharparenright}\ {\isasymLongrightarrow}\ A\ {\isasymlongrightarrow}\ B} or mathematical induction \isa{P\ {\isadigit{0}}\ {\isasymLongrightarrow}\ {\isacharparenleft}{\isasymAnd}n{\isachardot}\ P\ n\ {\isasymLongrightarrow}\ P\ {\isacharparenleft}Suc\ n{\isacharparenright}{\isacharparenright}\ {\isasymLongrightarrow}\ P\ n}. Even deeper nesting occurs in well-founded
- induction \isa{{\isacharparenleft}{\isasymAnd}x{\isachardot}\ {\isacharparenleft}{\isasymAnd}y{\isachardot}\ y\ {\isasymprec}\ x\ {\isasymLongrightarrow}\ P\ y{\isacharparenright}\ {\isasymLongrightarrow}\ P\ x{\isacharparenright}\ {\isasymLongrightarrow}\ P\ x}, but this
- already marks the limit of rule complexity seen in practice.
-
- \medskip Regular user-level inferences in Isabelle/Pure always
- maintain the following canonical form of results:
-
- \begin{itemize}
-
- \item Normalization by \isa{{\isacharparenleft}A\ {\isasymLongrightarrow}\ {\isacharparenleft}{\isasymAnd}x{\isachardot}\ B\ x{\isacharparenright}{\isacharparenright}\ {\isasymequiv}\ {\isacharparenleft}{\isasymAnd}x{\isachardot}\ A\ {\isasymLongrightarrow}\ B\ x{\isacharparenright}},
- which is a theorem of Pure, means that quantifiers are pushed in
- front of implication at each level of nesting. The normal form is a
- Hereditary Harrop Formula.
-
- \item The outermost prefix of parameters is represented via
- schematic variables: instead of \isa{{\isasymAnd}\isactrlvec x{\isachardot}\ \isactrlvec H\ \isactrlvec x\ {\isasymLongrightarrow}\ A\ \isactrlvec x} we have \isa{\isactrlvec H\ {\isacharquery}\isactrlvec x\ {\isasymLongrightarrow}\ A\ {\isacharquery}\isactrlvec x}.
- Note that this representation looses information about the order of
- parameters, and vacuous quantifiers vanish automatically.
-
- \end{itemize}%
-\end{isamarkuptext}%
-\isamarkuptrue%
-%
-\isadelimmlref
-%
-\endisadelimmlref
-%
-\isatagmlref
-%
-\begin{isamarkuptext}%
-\begin{mldecls}
- \indexdef{}{ML}{MetaSimplifier.norm\_hhf}\verb|MetaSimplifier.norm_hhf: thm -> thm| \\
- \end{mldecls}
-
- \begin{description}
-
- \item \verb|MetaSimplifier.norm_hhf|~\isa{thm} normalizes the given
- theorem according to the canonical form specified above. This is
- occasionally helpful to repair some low-level tools that do not
- handle Hereditary Harrop Formulae properly.
-
- \end{description}%
-\end{isamarkuptext}%
-\isamarkuptrue%
-%
-\endisatagmlref
-{\isafoldmlref}%
-%
-\isadelimmlref
-%
-\endisadelimmlref
-%
-\isamarkupsubsection{Rule composition%
-}
-\isamarkuptrue%
-%
-\begin{isamarkuptext}%
-The rule calculus of Isabelle/Pure provides two main inferences:
- \hyperlink{inference.resolution}{\mbox{\isa{resolution}}} (i.e.\ back-chaining of rules) and
- \hyperlink{inference.assumption}{\mbox{\isa{assumption}}} (i.e.\ closing a branch), both modulo
- higher-order unification. There are also combined variants, notably
- \hyperlink{inference.elim-resolution}{\mbox{\isa{elim{\isacharunderscore}resolution}}} and \hyperlink{inference.dest-resolution}{\mbox{\isa{dest{\isacharunderscore}resolution}}}.
-
- To understand the all-important \hyperlink{inference.resolution}{\mbox{\isa{resolution}}} principle,
- we first consider raw \indexdef{}{inference}{composition}\hypertarget{inference.composition}{\hyperlink{inference.composition}{\mbox{\isa{composition}}}} (modulo
- higher-order unification with substitution \isa{{\isasymvartheta}}):
- \[
- \infer[(\indexdef{}{inference}{composition}\hypertarget{inference.composition}{\hyperlink{inference.composition}{\mbox{\isa{composition}}}})]{\isa{\isactrlvec A{\isasymvartheta}\ {\isasymLongrightarrow}\ C{\isasymvartheta}}}
- {\isa{\isactrlvec A\ {\isasymLongrightarrow}\ B} & \isa{B{\isacharprime}\ {\isasymLongrightarrow}\ C} & \isa{B{\isasymvartheta}\ {\isacharequal}\ B{\isacharprime}{\isasymvartheta}}}
- \]
- Here the conclusion of the first rule is unified with the premise of
- the second; the resulting rule instance inherits the premises of the
- first and conclusion of the second. Note that \isa{C} can again
- consist of iterated implications. We can also permute the premises
- of the second rule back-and-forth in order to compose with \isa{B{\isacharprime}} in any position (subsequently we shall always refer to
- position 1 w.l.o.g.).
-
- In \hyperlink{inference.composition}{\mbox{\isa{composition}}} the internal structure of the common
- part \isa{B} and \isa{B{\isacharprime}} is not taken into account. For
- proper \hyperlink{inference.resolution}{\mbox{\isa{resolution}}} we require \isa{B} to be atomic,
- and explicitly observe the structure \isa{{\isasymAnd}\isactrlvec x{\isachardot}\ \isactrlvec H\ \isactrlvec x\ {\isasymLongrightarrow}\ B{\isacharprime}\ \isactrlvec x} of the premise of the second rule. The
- idea is to adapt the first rule by ``lifting'' it into this context,
- by means of iterated application of the following inferences:
- \[
- \infer[(\indexdef{}{inference}{imp\_lift}\hypertarget{inference.imp-lift}{\hyperlink{inference.imp-lift}{\mbox{\isa{imp{\isacharunderscore}lift}}}})]{\isa{{\isacharparenleft}\isactrlvec H\ {\isasymLongrightarrow}\ \isactrlvec A{\isacharparenright}\ {\isasymLongrightarrow}\ {\isacharparenleft}\isactrlvec H\ {\isasymLongrightarrow}\ B{\isacharparenright}}}{\isa{\isactrlvec A\ {\isasymLongrightarrow}\ B}}
- \]
- \[
- \infer[(\indexdef{}{inference}{all\_lift}\hypertarget{inference.all-lift}{\hyperlink{inference.all-lift}{\mbox{\isa{all{\isacharunderscore}lift}}}})]{\isa{{\isacharparenleft}{\isasymAnd}\isactrlvec x{\isachardot}\ \isactrlvec A\ {\isacharparenleft}{\isacharquery}\isactrlvec a\ \isactrlvec x{\isacharparenright}{\isacharparenright}\ {\isasymLongrightarrow}\ {\isacharparenleft}{\isasymAnd}\isactrlvec x{\isachardot}\ B\ {\isacharparenleft}{\isacharquery}\isactrlvec a\ \isactrlvec x{\isacharparenright}{\isacharparenright}}}{\isa{\isactrlvec A\ {\isacharquery}\isactrlvec a\ {\isasymLongrightarrow}\ B\ {\isacharquery}\isactrlvec a}}
- \]
- By combining raw composition with lifting, we get full \hyperlink{inference.resolution}{\mbox{\isa{resolution}}} as follows:
- \[
- \infer[(\indexdef{}{inference}{resolution}\hypertarget{inference.resolution}{\hyperlink{inference.resolution}{\mbox{\isa{resolution}}}})]
- {\isa{{\isacharparenleft}{\isasymAnd}\isactrlvec x{\isachardot}\ \isactrlvec H\ \isactrlvec x\ {\isasymLongrightarrow}\ \isactrlvec A\ {\isacharparenleft}{\isacharquery}\isactrlvec a\ \isactrlvec x{\isacharparenright}{\isacharparenright}{\isasymvartheta}\ {\isasymLongrightarrow}\ C{\isasymvartheta}}}
- {\begin{tabular}{l}
- \isa{\isactrlvec A\ {\isacharquery}\isactrlvec a\ {\isasymLongrightarrow}\ B\ {\isacharquery}\isactrlvec a} \\
- \isa{{\isacharparenleft}{\isasymAnd}\isactrlvec x{\isachardot}\ \isactrlvec H\ \isactrlvec x\ {\isasymLongrightarrow}\ B{\isacharprime}\ \isactrlvec x{\isacharparenright}\ {\isasymLongrightarrow}\ C} \\
- \isa{{\isacharparenleft}{\isasymlambda}\isactrlvec x{\isachardot}\ B\ {\isacharparenleft}{\isacharquery}\isactrlvec a\ \isactrlvec x{\isacharparenright}{\isacharparenright}{\isasymvartheta}\ {\isacharequal}\ B{\isacharprime}{\isasymvartheta}} \\
- \end{tabular}}
- \]
-
- Continued resolution of rules allows to back-chain a problem towards
- more and sub-problems. Branches are closed either by resolving with
- a rule of 0 premises, or by producing a ``short-circuit'' within a
- solved situation (again modulo unification):
- \[
- \infer[(\indexdef{}{inference}{assumption}\hypertarget{inference.assumption}{\hyperlink{inference.assumption}{\mbox{\isa{assumption}}}})]{\isa{C{\isasymvartheta}}}
- {\isa{{\isacharparenleft}{\isasymAnd}\isactrlvec x{\isachardot}\ \isactrlvec H\ \isactrlvec x\ {\isasymLongrightarrow}\ A\ \isactrlvec x{\isacharparenright}\ {\isasymLongrightarrow}\ C} & \isa{A{\isasymvartheta}\ {\isacharequal}\ H\isactrlsub i{\isasymvartheta}}~~\text{(for some~\isa{i})}}
- \]
-
- FIXME \indexdef{}{inference}{elim\_resolution}\hypertarget{inference.elim-resolution}{\hyperlink{inference.elim-resolution}{\mbox{\isa{elim{\isacharunderscore}resolution}}}}, \indexdef{}{inference}{dest\_resolution}\hypertarget{inference.dest-resolution}{\hyperlink{inference.dest-resolution}{\mbox{\isa{dest{\isacharunderscore}resolution}}}}%
-\end{isamarkuptext}%
-\isamarkuptrue%
-%
-\isadelimmlref
-%
-\endisadelimmlref
-%
-\isatagmlref
-%
-\begin{isamarkuptext}%
-\begin{mldecls}
- \indexdef{}{ML}{op RS}\verb|op RS: thm * thm -> thm| \\
- \indexdef{}{ML}{op OF}\verb|op OF: thm * thm list -> thm| \\
- \end{mldecls}
-
- \begin{description}
-
- \item \isa{rule\isactrlsub {\isadigit{1}}\ RS\ rule\isactrlsub {\isadigit{2}}} resolves \isa{rule\isactrlsub {\isadigit{1}}} with \isa{rule\isactrlsub {\isadigit{2}}} according to the
- \hyperlink{inference.resolution}{\mbox{\isa{resolution}}} principle explained above. Note that the
- corresponding attribute in the Isar language is called \hyperlink{attribute.THEN}{\mbox{\isa{THEN}}}.
-
- \item \isa{rule\ OF\ rules} resolves a list of rules with the
- first rule, addressing its premises \isa{{\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ length\ rules}
- (operating from last to first). This means the newly emerging
- premises are all concatenated, without interfering. Also note that
- compared to \isa{RS}, the rule argument order is swapped: \isa{rule\isactrlsub {\isadigit{1}}\ RS\ rule\isactrlsub {\isadigit{2}}\ {\isacharequal}\ rule\isactrlsub {\isadigit{2}}\ OF\ {\isacharbrackleft}rule\isactrlsub {\isadigit{1}}{\isacharbrackright}}.
-
- \end{description}%
-\end{isamarkuptext}%
-\isamarkuptrue%
-%
-\endisatagmlref
-{\isafoldmlref}%
-%
-\isadelimmlref
-%
-\endisadelimmlref
-%
-\isadelimtheory
-%
-\endisadelimtheory
-%
-\isatagtheory
-\isacommand{end}\isamarkupfalse%
-%
-\endisatagtheory
-{\isafoldtheory}%
-%
-\isadelimtheory
-%
-\endisadelimtheory
-\isanewline
-\end{isabellebody}%
-%%% Local Variables:
-%%% mode: latex
-%%% TeX-master: "root"
-%%% End:
--- a/doc-src/IsarImplementation/Thy/document/Prelim.tex Thu Mar 05 02:20:06 2009 +0100
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,896 +0,0 @@
-%
-\begin{isabellebody}%
-\def\isabellecontext{Prelim}%
-%
-\isadelimtheory
-%
-\endisadelimtheory
-%
-\isatagtheory
-\isacommand{theory}\isamarkupfalse%
-\ Prelim\isanewline
-\isakeyword{imports}\ Base\isanewline
-\isakeyword{begin}%
-\endisatagtheory
-{\isafoldtheory}%
-%
-\isadelimtheory
-%
-\endisadelimtheory
-%
-\isamarkupchapter{Preliminaries%
-}
-\isamarkuptrue%
-%
-\isamarkupsection{Contexts \label{sec:context}%
-}
-\isamarkuptrue%
-%
-\begin{isamarkuptext}%
-A logical context represents the background that is required for
- formulating statements and composing proofs. It acts as a medium to
- produce formal content, depending on earlier material (declarations,
- results etc.).
-
- For example, derivations within the Isabelle/Pure logic can be
- described as a judgment \isa{{\isasymGamma}\ {\isasymturnstile}\isactrlsub {\isasymTheta}\ {\isasymphi}}, which means that a
- proposition \isa{{\isasymphi}} is derivable from hypotheses \isa{{\isasymGamma}}
- within the theory \isa{{\isasymTheta}}. There are logical reasons for
- keeping \isa{{\isasymTheta}} and \isa{{\isasymGamma}} separate: theories can be
- liberal about supporting type constructors and schematic
- polymorphism of constants and axioms, while the inner calculus of
- \isa{{\isasymGamma}\ {\isasymturnstile}\ {\isasymphi}} is strictly limited to Simple Type Theory (with
- fixed type variables in the assumptions).
-
- \medskip Contexts and derivations are linked by the following key
- principles:
-
- \begin{itemize}
-
- \item Transfer: monotonicity of derivations admits results to be
- transferred into a \emph{larger} context, i.e.\ \isa{{\isasymGamma}\ {\isasymturnstile}\isactrlsub {\isasymTheta}\ {\isasymphi}} implies \isa{{\isasymGamma}{\isacharprime}\ {\isasymturnstile}\isactrlsub {\isasymTheta}\isactrlsub {\isacharprime}\ {\isasymphi}} for contexts \isa{{\isasymTheta}{\isacharprime}\ {\isasymsupseteq}\ {\isasymTheta}} and \isa{{\isasymGamma}{\isacharprime}\ {\isasymsupseteq}\ {\isasymGamma}}.
-
- \item Export: discharge of hypotheses admits results to be exported
- into a \emph{smaller} context, i.e.\ \isa{{\isasymGamma}{\isacharprime}\ {\isasymturnstile}\isactrlsub {\isasymTheta}\ {\isasymphi}}
- implies \isa{{\isasymGamma}\ {\isasymturnstile}\isactrlsub {\isasymTheta}\ {\isasymDelta}\ {\isasymLongrightarrow}\ {\isasymphi}} where \isa{{\isasymGamma}{\isacharprime}\ {\isasymsupseteq}\ {\isasymGamma}} and
- \isa{{\isasymDelta}\ {\isacharequal}\ {\isasymGamma}{\isacharprime}\ {\isacharminus}\ {\isasymGamma}}. Note that \isa{{\isasymTheta}} remains unchanged here,
- only the \isa{{\isasymGamma}} part is affected.
-
- \end{itemize}
-
- \medskip By modeling the main characteristics of the primitive
- \isa{{\isasymTheta}} and \isa{{\isasymGamma}} above, and abstracting over any
- particular logical content, we arrive at the fundamental notions of
- \emph{theory context} and \emph{proof context} in Isabelle/Isar.
- These implement a certain policy to manage arbitrary \emph{context
- data}. There is a strongly-typed mechanism to declare new kinds of
- data at compile time.
-
- The internal bootstrap process of Isabelle/Pure eventually reaches a
- stage where certain data slots provide the logical content of \isa{{\isasymTheta}} and \isa{{\isasymGamma}} sketched above, but this does not stop there!
- Various additional data slots support all kinds of mechanisms that
- are not necessarily part of the core logic.
-
- For example, there would be data for canonical introduction and
- elimination rules for arbitrary operators (depending on the
- object-logic and application), which enables users to perform
- standard proof steps implicitly (cf.\ the \isa{rule} method
- \cite{isabelle-isar-ref}).
-
- \medskip Thus Isabelle/Isar is able to bring forth more and more
- concepts successively. In particular, an object-logic like
- Isabelle/HOL continues the Isabelle/Pure setup by adding specific
- components for automated reasoning (classical reasoner, tableau
- prover, structured induction etc.) and derived specification
- mechanisms (inductive predicates, recursive functions etc.). All of
- this is ultimately based on the generic data management by theory
- and proof contexts introduced here.%
-\end{isamarkuptext}%
-\isamarkuptrue%
-%
-\isamarkupsubsection{Theory context \label{sec:context-theory}%
-}
-\isamarkuptrue%
-%
-\begin{isamarkuptext}%
-A \emph{theory} is a data container with explicit name and unique
- identifier. Theories are related by a (nominal) sub-theory
- relation, which corresponds to the dependency graph of the original
- construction; each theory is derived from a certain sub-graph of
- ancestor theories.
-
- The \isa{merge} operation produces the least upper bound of two
- theories, which actually degenerates into absorption of one theory
- into the other (due to the nominal sub-theory relation).
-
- The \isa{begin} operation starts a new theory by importing
- several parent theories and entering a special \isa{draft} mode,
- which is sustained until the final \isa{end} operation. A draft
- theory acts like a linear type, where updates invalidate earlier
- versions. An invalidated draft is called ``stale''.
-
- The \isa{checkpoint} operation produces an intermediate stepping
- stone that will survive the next update: both the original and the
- changed theory remain valid and are related by the sub-theory
- relation. Checkpointing essentially recovers purely functional
- theory values, at the expense of some extra internal bookkeeping.
-
- The \isa{copy} operation produces an auxiliary version that has
- the same data content, but is unrelated to the original: updates of
- the copy do not affect the original, neither does the sub-theory
- relation hold.
-
- \medskip The example in \figref{fig:ex-theory} below shows a theory
- graph derived from \isa{Pure}, with theory \isa{Length}
- importing \isa{Nat} and \isa{List}. The body of \isa{Length} consists of a sequence of updates, working mostly on
- drafts. Intermediate checkpoints may occur as well, due to the
- history mechanism provided by the Isar top-level, cf.\
- \secref{sec:isar-toplevel}.
-
- \begin{figure}[htb]
- \begin{center}
- \begin{tabular}{rcccl}
- & & \isa{Pure} \\
- & & \isa{{\isasymdown}} \\
- & & \isa{FOL} \\
- & $\swarrow$ & & $\searrow$ & \\
- \isa{Nat} & & & & \isa{List} \\
- & $\searrow$ & & $\swarrow$ \\
- & & \isa{Length} \\
- & & \multicolumn{3}{l}{~~\hyperlink{keyword.imports}{\mbox{\isa{\isakeyword{imports}}}}} \\
- & & \multicolumn{3}{l}{~~\hyperlink{keyword.begin}{\mbox{\isa{\isakeyword{begin}}}}} \\
- & & $\vdots$~~ \\
- & & \isa{{\isasymbullet}}~~ \\
- & & $\vdots$~~ \\
- & & \isa{{\isasymbullet}}~~ \\
- & & $\vdots$~~ \\
- & & \multicolumn{3}{l}{~~\hyperlink{command.end}{\mbox{\isa{\isacommand{end}}}}} \\
- \end{tabular}
- \caption{A theory definition depending on ancestors}\label{fig:ex-theory}
- \end{center}
- \end{figure}
-
- \medskip There is a separate notion of \emph{theory reference} for
- maintaining a live link to an evolving theory context: updates on
- drafts are propagated automatically. Dynamic updating stops after
- an explicit \isa{end} only.
-
- Derived entities may store a theory reference in order to indicate
- the context they belong to. This implicitly assumes monotonic
- reasoning, because the referenced context may become larger without
- further notice.%
-\end{isamarkuptext}%
-\isamarkuptrue%
-%
-\isadelimmlref
-%
-\endisadelimmlref
-%
-\isatagmlref
-%
-\begin{isamarkuptext}%
-\begin{mldecls}
- \indexdef{}{ML type}{theory}\verb|type theory| \\
- \indexdef{}{ML}{Theory.subthy}\verb|Theory.subthy: theory * theory -> bool| \\
- \indexdef{}{ML}{Theory.merge}\verb|Theory.merge: theory * theory -> theory| \\
- \indexdef{}{ML}{Theory.checkpoint}\verb|Theory.checkpoint: theory -> theory| \\
- \indexdef{}{ML}{Theory.copy}\verb|Theory.copy: theory -> theory| \\
- \end{mldecls}
- \begin{mldecls}
- \indexdef{}{ML type}{theory\_ref}\verb|type theory_ref| \\
- \indexdef{}{ML}{Theory.deref}\verb|Theory.deref: theory_ref -> theory| \\
- \indexdef{}{ML}{Theory.check\_thy}\verb|Theory.check_thy: theory -> theory_ref| \\
- \end{mldecls}
-
- \begin{description}
-
- \item \verb|theory| represents theory contexts. This is
- essentially a linear type! Most operations destroy the original
- version, which then becomes ``stale''.
-
- \item \verb|Theory.subthy|~\isa{{\isacharparenleft}thy\isactrlsub {\isadigit{1}}{\isacharcomma}\ thy\isactrlsub {\isadigit{2}}{\isacharparenright}}
- compares theories according to the inherent graph structure of the
- construction. This sub-theory relation is a nominal approximation
- of inclusion (\isa{{\isasymsubseteq}}) of the corresponding content.
-
- \item \verb|Theory.merge|~\isa{{\isacharparenleft}thy\isactrlsub {\isadigit{1}}{\isacharcomma}\ thy\isactrlsub {\isadigit{2}}{\isacharparenright}}
- absorbs one theory into the other. This fails for unrelated
- theories!
-
- \item \verb|Theory.checkpoint|~\isa{thy} produces a safe
- stepping stone in the linear development of \isa{thy}. The next
- update will result in two related, valid theories.
-
- \item \verb|Theory.copy|~\isa{thy} produces a variant of \isa{thy} that holds a copy of the same data. The result is not
- related to the original; the original is unchanged.
-
- \item \verb|theory_ref| represents a sliding reference to an
- always valid theory; updates on the original are propagated
- automatically.
-
- \item \verb|Theory.deref|~\isa{thy{\isacharunderscore}ref} turns a \verb|theory_ref| into an \verb|theory| value. As the referenced
- theory evolves monotonically over time, later invocations of \verb|Theory.deref| may refer to a larger context.
-
- \item \verb|Theory.check_thy|~\isa{thy} produces a \verb|theory_ref| from a valid \verb|theory| value.
-
- \end{description}%
-\end{isamarkuptext}%
-\isamarkuptrue%
-%
-\endisatagmlref
-{\isafoldmlref}%
-%
-\isadelimmlref
-%
-\endisadelimmlref
-%
-\isamarkupsubsection{Proof context \label{sec:context-proof}%
-}
-\isamarkuptrue%
-%
-\begin{isamarkuptext}%
-A proof context is a container for pure data with a back-reference
- to the theory it belongs to. The \isa{init} operation creates a
- proof context from a given theory. Modifications to draft theories
- are propagated to the proof context as usual, but there is also an
- explicit \isa{transfer} operation to force resynchronization
- with more substantial updates to the underlying theory. The actual
- context data does not require any special bookkeeping, thanks to the
- lack of destructive features.
-
- Entities derived in a proof context need to record inherent logical
- requirements explicitly, since there is no separate context
- identification as for theories. For example, hypotheses used in
- primitive derivations (cf.\ \secref{sec:thms}) are recorded
- separately within the sequent \isa{{\isasymGamma}\ {\isasymturnstile}\ {\isasymphi}}, just to make double
- sure. Results could still leak into an alien proof context due to
- programming errors, but Isabelle/Isar includes some extra validity
- checks in critical positions, notably at the end of a sub-proof.
-
- Proof contexts may be manipulated arbitrarily, although the common
- discipline is to follow block structure as a mental model: a given
- context is extended consecutively, and results are exported back
- into the original context. Note that the Isar proof states model
- block-structured reasoning explicitly, using a stack of proof
- contexts internally.%
-\end{isamarkuptext}%
-\isamarkuptrue%
-%
-\isadelimmlref
-%
-\endisadelimmlref
-%
-\isatagmlref
-%
-\begin{isamarkuptext}%
-\begin{mldecls}
- \indexdef{}{ML type}{Proof.context}\verb|type Proof.context| \\
- \indexdef{}{ML}{ProofContext.init}\verb|ProofContext.init: theory -> Proof.context| \\
- \indexdef{}{ML}{ProofContext.theory\_of}\verb|ProofContext.theory_of: Proof.context -> theory| \\
- \indexdef{}{ML}{ProofContext.transfer}\verb|ProofContext.transfer: theory -> Proof.context -> Proof.context| \\
- \end{mldecls}
-
- \begin{description}
-
- \item \verb|Proof.context| represents proof contexts. Elements
- of this type are essentially pure values, with a sliding reference
- to the background theory.
-
- \item \verb|ProofContext.init|~\isa{thy} produces a proof context
- derived from \isa{thy}, initializing all data.
-
- \item \verb|ProofContext.theory_of|~\isa{ctxt} selects the
- background theory from \isa{ctxt}, dereferencing its internal
- \verb|theory_ref|.
-
- \item \verb|ProofContext.transfer|~\isa{thy\ ctxt} promotes the
- background theory of \isa{ctxt} to the super theory \isa{thy}.
-
- \end{description}%
-\end{isamarkuptext}%
-\isamarkuptrue%
-%
-\endisatagmlref
-{\isafoldmlref}%
-%
-\isadelimmlref
-%
-\endisadelimmlref
-%
-\isamarkupsubsection{Generic contexts \label{sec:generic-context}%
-}
-\isamarkuptrue%
-%
-\begin{isamarkuptext}%
-A generic context is the disjoint sum of either a theory or proof
- context. Occasionally, this enables uniform treatment of generic
- context data, typically extra-logical information. Operations on
- generic contexts include the usual injections, partial selections,
- and combinators for lifting operations on either component of the
- disjoint sum.
-
- Moreover, there are total operations \isa{theory{\isacharunderscore}of} and \isa{proof{\isacharunderscore}of} to convert a generic context into either kind: a theory
- can always be selected from the sum, while a proof context might
- have to be constructed by an ad-hoc \isa{init} operation.%
-\end{isamarkuptext}%
-\isamarkuptrue%
-%
-\isadelimmlref
-%
-\endisadelimmlref
-%
-\isatagmlref
-%
-\begin{isamarkuptext}%
-\begin{mldecls}
- \indexdef{}{ML type}{Context.generic}\verb|type Context.generic| \\
- \indexdef{}{ML}{Context.theory\_of}\verb|Context.theory_of: Context.generic -> theory| \\
- \indexdef{}{ML}{Context.proof\_of}\verb|Context.proof_of: Context.generic -> Proof.context| \\
- \end{mldecls}
-
- \begin{description}
-
- \item \verb|Context.generic| is the direct sum of \verb|theory| and \verb|Proof.context|, with the datatype
- constructors \verb|Context.Theory| and \verb|Context.Proof|.
-
- \item \verb|Context.theory_of|~\isa{context} always produces a
- theory from the generic \isa{context}, using \verb|ProofContext.theory_of| as required.
-
- \item \verb|Context.proof_of|~\isa{context} always produces a
- proof context from the generic \isa{context}, using \verb|ProofContext.init| as required (note that this re-initializes the
- context data with each invocation).
-
- \end{description}%
-\end{isamarkuptext}%
-\isamarkuptrue%
-%
-\endisatagmlref
-{\isafoldmlref}%
-%
-\isadelimmlref
-%
-\endisadelimmlref
-%
-\isamarkupsubsection{Context data \label{sec:context-data}%
-}
-\isamarkuptrue%
-%
-\begin{isamarkuptext}%
-The main purpose of theory and proof contexts is to manage arbitrary
- data. New data types can be declared incrementally at compile time.
- There are separate declaration mechanisms for any of the three kinds
- of contexts: theory, proof, generic.
-
- \paragraph{Theory data} may refer to destructive entities, which are
- maintained in direct correspondence to the linear evolution of
- theory values, including explicit copies.\footnote{Most existing
- instances of destructive theory data are merely historical relics
- (e.g.\ the destructive theorem storage, and destructive hints for
- the Simplifier and Classical rules).} A theory data declaration
- needs to implement the following SML signature:
-
- \medskip
- \begin{tabular}{ll}
- \isa{{\isasymtype}\ T} & representing type \\
- \isa{{\isasymval}\ empty{\isacharcolon}\ T} & empty default value \\
- \isa{{\isasymval}\ copy{\isacharcolon}\ T\ {\isasymrightarrow}\ T} & refresh impure data \\
- \isa{{\isasymval}\ extend{\isacharcolon}\ T\ {\isasymrightarrow}\ T} & re-initialize on import \\
- \isa{{\isasymval}\ merge{\isacharcolon}\ T\ {\isasymtimes}\ T\ {\isasymrightarrow}\ T} & join on import \\
- \end{tabular}
- \medskip
-
- \noindent The \isa{empty} value acts as initial default for
- \emph{any} theory that does not declare actual data content; \isa{copy} maintains persistent integrity for impure data, it is just
- the identity for pure values; \isa{extend} is acts like a
- unitary version of \isa{merge}, both operations should also
- include the functionality of \isa{copy} for impure data.
-
- \paragraph{Proof context data} is purely functional. A declaration
- needs to implement the following SML signature:
-
- \medskip
- \begin{tabular}{ll}
- \isa{{\isasymtype}\ T} & representing type \\
- \isa{{\isasymval}\ init{\isacharcolon}\ theory\ {\isasymrightarrow}\ T} & produce initial value \\
- \end{tabular}
- \medskip
-
- \noindent The \isa{init} operation is supposed to produce a pure
- value from the given background theory.
-
- \paragraph{Generic data} provides a hybrid interface for both theory
- and proof data. The declaration is essentially the same as for
- (pure) theory data, without \isa{copy}. The \isa{init}
- operation for proof contexts merely selects the current data value
- from the background theory.
-
- \bigskip A data declaration of type \isa{T} results in the
- following interface:
-
- \medskip
- \begin{tabular}{ll}
- \isa{init{\isacharcolon}\ theory\ {\isasymrightarrow}\ T} \\
- \isa{get{\isacharcolon}\ context\ {\isasymrightarrow}\ T} \\
- \isa{put{\isacharcolon}\ T\ {\isasymrightarrow}\ context\ {\isasymrightarrow}\ context} \\
- \isa{map{\isacharcolon}\ {\isacharparenleft}T\ {\isasymrightarrow}\ T{\isacharparenright}\ {\isasymrightarrow}\ context\ {\isasymrightarrow}\ context} \\
- \end{tabular}
- \medskip
-
- \noindent Here \isa{init} is only applicable to impure theory
- data to install a fresh copy persistently (destructive update on
- uninitialized has no permanent effect). The other operations provide
- access for the particular kind of context (theory, proof, or generic
- context). Note that this is a safe interface: there is no other way
- to access the corresponding data slot of a context. By keeping
- these operations private, a component may maintain abstract values
- authentically, without other components interfering.%
-\end{isamarkuptext}%
-\isamarkuptrue%
-%
-\isadelimmlref
-%
-\endisadelimmlref
-%
-\isatagmlref
-%
-\begin{isamarkuptext}%
-\begin{mldecls}
- \indexdef{}{ML functor}{TheoryDataFun}\verb|functor TheoryDataFun| \\
- \indexdef{}{ML functor}{ProofDataFun}\verb|functor ProofDataFun| \\
- \indexdef{}{ML functor}{GenericDataFun}\verb|functor GenericDataFun| \\
- \end{mldecls}
-
- \begin{description}
-
- \item \verb|TheoryDataFun|\isa{{\isacharparenleft}spec{\isacharparenright}} declares data for
- type \verb|theory| according to the specification provided as
- argument structure. The resulting structure provides data init and
- access operations as described above.
-
- \item \verb|ProofDataFun|\isa{{\isacharparenleft}spec{\isacharparenright}} is analogous to
- \verb|TheoryDataFun| for type \verb|Proof.context|.
-
- \item \verb|GenericDataFun|\isa{{\isacharparenleft}spec{\isacharparenright}} is analogous to
- \verb|TheoryDataFun| for type \verb|Context.generic|.
-
- \end{description}%
-\end{isamarkuptext}%
-\isamarkuptrue%
-%
-\endisatagmlref
-{\isafoldmlref}%
-%
-\isadelimmlref
-%
-\endisadelimmlref
-%
-\isamarkupsection{Names \label{sec:names}%
-}
-\isamarkuptrue%
-%
-\begin{isamarkuptext}%
-In principle, a name is just a string, but there are various
- convention for encoding additional structure. For example, ``\isa{Foo{\isachardot}bar{\isachardot}baz}'' is considered as a qualified name consisting of
- three basic name components. The individual constituents of a name
- may have further substructure, e.g.\ the string
- ``\verb,\,\verb,<alpha>,'' encodes as a single symbol.%
-\end{isamarkuptext}%
-\isamarkuptrue%
-%
-\isamarkupsubsection{Strings of symbols%
-}
-\isamarkuptrue%
-%
-\begin{isamarkuptext}%
-A \emph{symbol} constitutes the smallest textual unit in Isabelle
- --- raw characters are normally not encountered at all. Isabelle
- strings consist of a sequence of symbols, represented as a packed
- string or a list of strings. Each symbol is in itself a small
- string, which has either one of the following forms:
-
- \begin{enumerate}
-
- \item a single ASCII character ``\isa{c}'', for example
- ``\verb,a,'',
-
- \item a regular symbol ``\verb,\,\verb,<,\isa{ident}\verb,>,'',
- for example ``\verb,\,\verb,<alpha>,'',
-
- \item a control symbol ``\verb,\,\verb,<^,\isa{ident}\verb,>,'',
- for example ``\verb,\,\verb,<^bold>,'',
-
- \item a raw symbol ``\verb,\,\verb,<^raw:,\isa{text}\verb,>,''
- where \isa{text} constists of printable characters excluding
- ``\verb,.,'' and ``\verb,>,'', for example
- ``\verb,\,\verb,<^raw:$\sum_{i = 1}^n$>,'',
-
- \item a numbered raw control symbol ``\verb,\,\verb,<^raw,\isa{n}\verb,>, where \isa{n} consists of digits, for example
- ``\verb,\,\verb,<^raw42>,''.
-
- \end{enumerate}
-
- \noindent The \isa{ident} syntax for symbol names is \isa{letter\ {\isacharparenleft}letter\ {\isacharbar}\ digit{\isacharparenright}\isactrlsup {\isacharasterisk}}, where \isa{letter\ {\isacharequal}\ A{\isachardot}{\isachardot}Za{\isachardot}{\isachardot}z} and \isa{digit\ {\isacharequal}\ {\isadigit{0}}{\isachardot}{\isachardot}{\isadigit{9}}}. There are infinitely many
- regular symbols and control symbols, but a fixed collection of
- standard symbols is treated specifically. For example,
- ``\verb,\,\verb,<alpha>,'' is classified as a letter, which means it
- may occur within regular Isabelle identifiers.
-
- Since the character set underlying Isabelle symbols is 7-bit ASCII
- and 8-bit characters are passed through transparently, Isabelle may
- also process Unicode/UCS data in UTF-8 encoding. Unicode provides
- its own collection of mathematical symbols, but there is no built-in
- link to the standard collection of Isabelle.
-
- \medskip Output of Isabelle symbols depends on the print mode
- (\secref{print-mode}). For example, the standard {\LaTeX} setup of
- the Isabelle document preparation system would present
- ``\verb,\,\verb,<alpha>,'' as \isa{{\isasymalpha}}, and
- ``\verb,\,\verb,<^bold>,\verb,\,\verb,<alpha>,'' as \isa{\isactrlbold {\isasymalpha}}.%
-\end{isamarkuptext}%
-\isamarkuptrue%
-%
-\isadelimmlref
-%
-\endisadelimmlref
-%
-\isatagmlref
-%
-\begin{isamarkuptext}%
-\begin{mldecls}
- \indexdef{}{ML type}{Symbol.symbol}\verb|type Symbol.symbol| \\
- \indexdef{}{ML}{Symbol.explode}\verb|Symbol.explode: string -> Symbol.symbol list| \\
- \indexdef{}{ML}{Symbol.is\_letter}\verb|Symbol.is_letter: Symbol.symbol -> bool| \\
- \indexdef{}{ML}{Symbol.is\_digit}\verb|Symbol.is_digit: Symbol.symbol -> bool| \\
- \indexdef{}{ML}{Symbol.is\_quasi}\verb|Symbol.is_quasi: Symbol.symbol -> bool| \\
- \indexdef{}{ML}{Symbol.is\_blank}\verb|Symbol.is_blank: Symbol.symbol -> bool| \\
- \end{mldecls}
- \begin{mldecls}
- \indexdef{}{ML type}{Symbol.sym}\verb|type Symbol.sym| \\
- \indexdef{}{ML}{Symbol.decode}\verb|Symbol.decode: Symbol.symbol -> Symbol.sym| \\
- \end{mldecls}
-
- \begin{description}
-
- \item \verb|Symbol.symbol| represents individual Isabelle
- symbols; this is an alias for \verb|string|.
-
- \item \verb|Symbol.explode|~\isa{str} produces a symbol list
- from the packed form. This function supercedes \verb|String.explode| for virtually all purposes of manipulating text in
- Isabelle!
-
- \item \verb|Symbol.is_letter|, \verb|Symbol.is_digit|, \verb|Symbol.is_quasi|, \verb|Symbol.is_blank| classify standard
- symbols according to fixed syntactic conventions of Isabelle, cf.\
- \cite{isabelle-isar-ref}.
-
- \item \verb|Symbol.sym| is a concrete datatype that represents
- the different kinds of symbols explicitly, with constructors \verb|Symbol.Char|, \verb|Symbol.Sym|, \verb|Symbol.Ctrl|, \verb|Symbol.Raw|.
-
- \item \verb|Symbol.decode| converts the string representation of a
- symbol into the datatype version.
-
- \end{description}%
-\end{isamarkuptext}%
-\isamarkuptrue%
-%
-\endisatagmlref
-{\isafoldmlref}%
-%
-\isadelimmlref
-%
-\endisadelimmlref
-%
-\isamarkupsubsection{Basic names \label{sec:basic-names}%
-}
-\isamarkuptrue%
-%
-\begin{isamarkuptext}%
-A \emph{basic name} essentially consists of a single Isabelle
- identifier. There are conventions to mark separate classes of basic
- names, by attaching a suffix of underscores: one underscore means
- \emph{internal name}, two underscores means \emph{Skolem name},
- three underscores means \emph{internal Skolem name}.
-
- For example, the basic name \isa{foo} has the internal version
- \isa{foo{\isacharunderscore}}, with Skolem versions \isa{foo{\isacharunderscore}{\isacharunderscore}} and \isa{foo{\isacharunderscore}{\isacharunderscore}{\isacharunderscore}}, respectively.
-
- These special versions provide copies of the basic name space, apart
- from anything that normally appears in the user text. For example,
- system generated variables in Isar proof contexts are usually marked
- as internal, which prevents mysterious name references like \isa{xaa} to appear in the text.
-
- \medskip Manipulating binding scopes often requires on-the-fly
- renamings. A \emph{name context} contains a collection of already
- used names. The \isa{declare} operation adds names to the
- context.
-
- The \isa{invents} operation derives a number of fresh names from
- a given starting point. For example, the first three names derived
- from \isa{a} are \isa{a}, \isa{b}, \isa{c}.
-
- The \isa{variants} operation produces fresh names by
- incrementing tentative names as base-26 numbers (with digits \isa{a{\isachardot}{\isachardot}z}) until all clashes are resolved. For example, name \isa{foo} results in variants \isa{fooa}, \isa{foob}, \isa{fooc}, \dots, \isa{fooaa}, \isa{fooab} etc.; each renaming
- step picks the next unused variant from this sequence.%
-\end{isamarkuptext}%
-\isamarkuptrue%
-%
-\isadelimmlref
-%
-\endisadelimmlref
-%
-\isatagmlref
-%
-\begin{isamarkuptext}%
-\begin{mldecls}
- \indexdef{}{ML}{Name.internal}\verb|Name.internal: string -> string| \\
- \indexdef{}{ML}{Name.skolem}\verb|Name.skolem: string -> string| \\
- \end{mldecls}
- \begin{mldecls}
- \indexdef{}{ML type}{Name.context}\verb|type Name.context| \\
- \indexdef{}{ML}{Name.context}\verb|Name.context: Name.context| \\
- \indexdef{}{ML}{Name.declare}\verb|Name.declare: string -> Name.context -> Name.context| \\
- \indexdef{}{ML}{Name.invents}\verb|Name.invents: Name.context -> string -> int -> string list| \\
- \indexdef{}{ML}{Name.variants}\verb|Name.variants: string list -> Name.context -> string list * Name.context| \\
- \end{mldecls}
-
- \begin{description}
-
- \item \verb|Name.internal|~\isa{name} produces an internal name
- by adding one underscore.
-
- \item \verb|Name.skolem|~\isa{name} produces a Skolem name by
- adding two underscores.
-
- \item \verb|Name.context| represents the context of already used
- names; the initial value is \verb|Name.context|.
-
- \item \verb|Name.declare|~\isa{name} enters a used name into the
- context.
-
- \item \verb|Name.invents|~\isa{context\ name\ n} produces \isa{n} fresh names derived from \isa{name}.
-
- \item \verb|Name.variants|~\isa{names\ context} produces fresh
- variants of \isa{names}; the result is entered into the context.
-
- \end{description}%
-\end{isamarkuptext}%
-\isamarkuptrue%
-%
-\endisatagmlref
-{\isafoldmlref}%
-%
-\isadelimmlref
-%
-\endisadelimmlref
-%
-\isamarkupsubsection{Indexed names%
-}
-\isamarkuptrue%
-%
-\begin{isamarkuptext}%
-An \emph{indexed name} (or \isa{indexname}) is a pair of a basic
- name and a natural number. This representation allows efficient
- renaming by incrementing the second component only. The canonical
- way to rename two collections of indexnames apart from each other is
- this: determine the maximum index \isa{maxidx} of the first
- collection, then increment all indexes of the second collection by
- \isa{maxidx\ {\isacharplus}\ {\isadigit{1}}}; the maximum index of an empty collection is
- \isa{{\isacharminus}{\isadigit{1}}}.
-
- Occasionally, basic names and indexed names are injected into the
- same pair type: the (improper) indexname \isa{{\isacharparenleft}x{\isacharcomma}\ {\isacharminus}{\isadigit{1}}{\isacharparenright}} is used
- to encode basic names.
-
- \medskip Isabelle syntax observes the following rules for
- representing an indexname \isa{{\isacharparenleft}x{\isacharcomma}\ i{\isacharparenright}} as a packed string:
-
- \begin{itemize}
-
- \item \isa{{\isacharquery}x} if \isa{x} does not end with a digit and \isa{i\ {\isacharequal}\ {\isadigit{0}}},
-
- \item \isa{{\isacharquery}xi} if \isa{x} does not end with a digit,
-
- \item \isa{{\isacharquery}x{\isachardot}i} otherwise.
-
- \end{itemize}
-
- Indexnames may acquire large index numbers over time. Results are
- normalized towards \isa{{\isadigit{0}}} at certain checkpoints, notably at
- the end of a proof. This works by producing variants of the
- corresponding basic name components. For example, the collection
- \isa{{\isacharquery}x{\isadigit{1}}{\isacharcomma}\ {\isacharquery}x{\isadigit{7}}{\isacharcomma}\ {\isacharquery}x{\isadigit{4}}{\isadigit{2}}} becomes \isa{{\isacharquery}x{\isacharcomma}\ {\isacharquery}xa{\isacharcomma}\ {\isacharquery}xb}.%
-\end{isamarkuptext}%
-\isamarkuptrue%
-%
-\isadelimmlref
-%
-\endisadelimmlref
-%
-\isatagmlref
-%
-\begin{isamarkuptext}%
-\begin{mldecls}
- \indexdef{}{ML type}{indexname}\verb|type indexname| \\
- \end{mldecls}
-
- \begin{description}
-
- \item \verb|indexname| represents indexed names. This is an
- abbreviation for \verb|string * int|. The second component is
- usually non-negative, except for situations where \isa{{\isacharparenleft}x{\isacharcomma}\ {\isacharminus}{\isadigit{1}}{\isacharparenright}}
- is used to embed basic names into this type.
-
- \end{description}%
-\end{isamarkuptext}%
-\isamarkuptrue%
-%
-\endisatagmlref
-{\isafoldmlref}%
-%
-\isadelimmlref
-%
-\endisadelimmlref
-%
-\isamarkupsubsection{Qualified names and name spaces%
-}
-\isamarkuptrue%
-%
-\begin{isamarkuptext}%
-A \emph{qualified name} consists of a non-empty sequence of basic
- name components. The packed representation uses a dot as separator,
- as in ``\isa{A{\isachardot}b{\isachardot}c}''. The last component is called \emph{base}
- name, the remaining prefix \emph{qualifier} (which may be empty).
- The idea of qualified names is to encode nested structures by
- recording the access paths as qualifiers. For example, an item
- named ``\isa{A{\isachardot}b{\isachardot}c}'' may be understood as a local entity \isa{c}, within a local structure \isa{b}, within a global
- structure \isa{A}. Typically, name space hierarchies consist of
- 1--2 levels of qualification, but this need not be always so.
-
- The empty name is commonly used as an indication of unnamed
- entities, whenever this makes any sense. The basic operations on
- qualified names are smart enough to pass through such improper names
- unchanged.
-
- \medskip A \isa{naming} policy tells how to turn a name
- specification into a fully qualified internal name (by the \isa{full} operation), and how fully qualified names may be accessed
- externally. For example, the default naming policy is to prefix an
- implicit path: \isa{full\ x} produces \isa{path{\isachardot}x}, and the
- standard accesses for \isa{path{\isachardot}x} include both \isa{x} and
- \isa{path{\isachardot}x}. Normally, the naming is implicit in the theory or
- proof context; there are separate versions of the corresponding.
-
- \medskip A \isa{name\ space} manages a collection of fully
- internalized names, together with a mapping between external names
- and internal names (in both directions). The corresponding \isa{intern} and \isa{extern} operations are mostly used for
- parsing and printing only! The \isa{declare} operation augments
- a name space according to the accesses determined by the naming
- policy.
-
- \medskip As a general principle, there is a separate name space for
- each kind of formal entity, e.g.\ logical constant, type
- constructor, type class, theorem. It is usually clear from the
- occurrence in concrete syntax (or from the scope) which kind of
- entity a name refers to. For example, the very same name \isa{c} may be used uniformly for a constant, type constructor, and
- type class.
-
- There are common schemes to name theorems systematically, according
- to the name of the main logical entity involved, e.g.\ \isa{c{\isachardot}intro} for a canonical theorem related to constant \isa{c}.
- This technique of mapping names from one space into another requires
- some care in order to avoid conflicts. In particular, theorem names
- derived from a type constructor or type class are better suffixed in
- addition to the usual qualification, e.g.\ \isa{c{\isacharunderscore}type{\isachardot}intro}
- and \isa{c{\isacharunderscore}class{\isachardot}intro} for theorems related to type \isa{c}
- and class \isa{c}, respectively.%
-\end{isamarkuptext}%
-\isamarkuptrue%
-%
-\isadelimmlref
-%
-\endisadelimmlref
-%
-\isatagmlref
-%
-\begin{isamarkuptext}%
-\begin{mldecls}
- \indexdef{}{ML}{NameSpace.base}\verb|NameSpace.base: string -> string| \\
- \indexdef{}{ML}{NameSpace.qualifier}\verb|NameSpace.qualifier: string -> string| \\
- \indexdef{}{ML}{NameSpace.append}\verb|NameSpace.append: string -> string -> string| \\
- \indexdef{}{ML}{NameSpace.implode}\verb|NameSpace.implode: string list -> string| \\
- \indexdef{}{ML}{NameSpace.explode}\verb|NameSpace.explode: string -> string list| \\
- \end{mldecls}
- \begin{mldecls}
- \indexdef{}{ML type}{NameSpace.naming}\verb|type NameSpace.naming| \\
- \indexdef{}{ML}{NameSpace.default\_naming}\verb|NameSpace.default_naming: NameSpace.naming| \\
- \indexdef{}{ML}{NameSpace.add\_path}\verb|NameSpace.add_path: string -> NameSpace.naming -> NameSpace.naming| \\
- \indexdef{}{ML}{NameSpace.full\_name}\verb|NameSpace.full_name: NameSpace.naming -> binding -> string| \\
- \end{mldecls}
- \begin{mldecls}
- \indexdef{}{ML type}{NameSpace.T}\verb|type NameSpace.T| \\
- \indexdef{}{ML}{NameSpace.empty}\verb|NameSpace.empty: NameSpace.T| \\
- \indexdef{}{ML}{NameSpace.merge}\verb|NameSpace.merge: NameSpace.T * NameSpace.T -> NameSpace.T| \\
- \indexdef{}{ML}{NameSpace.declare}\verb|NameSpace.declare: NameSpace.naming -> binding -> NameSpace.T -> string * NameSpace.T| \\
- \indexdef{}{ML}{NameSpace.intern}\verb|NameSpace.intern: NameSpace.T -> string -> string| \\
- \indexdef{}{ML}{NameSpace.extern}\verb|NameSpace.extern: NameSpace.T -> string -> string| \\
- \end{mldecls}
-
- \begin{description}
-
- \item \verb|NameSpace.base|~\isa{name} returns the base name of a
- qualified name.
-
- \item \verb|NameSpace.qualifier|~\isa{name} returns the qualifier
- of a qualified name.
-
- \item \verb|NameSpace.append|~\isa{name\isactrlisub {\isadigit{1}}\ name\isactrlisub {\isadigit{2}}}
- appends two qualified names.
-
- \item \verb|NameSpace.implode|~\isa{name} and \verb|NameSpace.explode|~\isa{names} convert between the packed string
- representation and the explicit list form of qualified names.
-
- \item \verb|NameSpace.naming| represents the abstract concept of
- a naming policy.
-
- \item \verb|NameSpace.default_naming| is the default naming policy.
- In a theory context, this is usually augmented by a path prefix
- consisting of the theory name.
-
- \item \verb|NameSpace.add_path|~\isa{path\ naming} augments the
- naming policy by extending its path component.
-
- \item \verb|NameSpace.full_name|\isa{naming\ binding} turns a name
- binding (usually a basic name) into the fully qualified
- internal name, according to the given naming policy.
-
- \item \verb|NameSpace.T| represents name spaces.
-
- \item \verb|NameSpace.empty| and \verb|NameSpace.merge|~\isa{{\isacharparenleft}space\isactrlisub {\isadigit{1}}{\isacharcomma}\ space\isactrlisub {\isadigit{2}}{\isacharparenright}} are the canonical operations for
- maintaining name spaces according to theory data management
- (\secref{sec:context-data}).
-
- \item \verb|NameSpace.declare|~\isa{naming\ bindings\ space} enters a
- name binding as fully qualified internal name into the name space,
- with external accesses determined by the naming policy.
-
- \item \verb|NameSpace.intern|~\isa{space\ name} internalizes a
- (partially qualified) external name.
-
- This operation is mostly for parsing! Note that fully qualified
- names stemming from declarations are produced via \verb|NameSpace.full_name| and \verb|NameSpace.declare|
- (or their derivatives for \verb|theory| and
- \verb|Proof.context|).
-
- \item \verb|NameSpace.extern|~\isa{space\ name} externalizes a
- (fully qualified) internal name.
-
- This operation is mostly for printing! Note unqualified names are
- produced via \verb|NameSpace.base|.
-
- \end{description}%
-\end{isamarkuptext}%
-\isamarkuptrue%
-%
-\endisatagmlref
-{\isafoldmlref}%
-%
-\isadelimmlref
-%
-\endisadelimmlref
-%
-\isadelimtheory
-%
-\endisadelimtheory
-%
-\isatagtheory
-\isacommand{end}\isamarkupfalse%
-%
-\endisatagtheory
-{\isafoldtheory}%
-%
-\isadelimtheory
-%
-\endisadelimtheory
-\isanewline
-\end{isabellebody}%
-%%% Local Variables:
-%%% mode: latex
-%%% TeX-master: "root"
-%%% End:
--- a/doc-src/IsarImplementation/Thy/document/Proof.tex Thu Mar 05 02:20:06 2009 +0100
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,394 +0,0 @@
-%
-\begin{isabellebody}%
-\def\isabellecontext{Proof}%
-%
-\isadelimtheory
-%
-\endisadelimtheory
-%
-\isatagtheory
-\isacommand{theory}\isamarkupfalse%
-\ Proof\isanewline
-\isakeyword{imports}\ Base\isanewline
-\isakeyword{begin}%
-\endisatagtheory
-{\isafoldtheory}%
-%
-\isadelimtheory
-%
-\endisadelimtheory
-%
-\isamarkupchapter{Structured proofs%
-}
-\isamarkuptrue%
-%
-\isamarkupsection{Variables \label{sec:variables}%
-}
-\isamarkuptrue%
-%
-\begin{isamarkuptext}%
-Any variable that is not explicitly bound by \isa{{\isasymlambda}}-abstraction
- is considered as ``free''. Logically, free variables act like
- outermost universal quantification at the sequent level: \isa{A\isactrlisub {\isadigit{1}}{\isacharparenleft}x{\isacharparenright}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ A\isactrlisub n{\isacharparenleft}x{\isacharparenright}\ {\isasymturnstile}\ B{\isacharparenleft}x{\isacharparenright}} means that the result
- holds \emph{for all} values of \isa{x}. Free variables for
- terms (not types) can be fully internalized into the logic: \isa{{\isasymturnstile}\ B{\isacharparenleft}x{\isacharparenright}} and \isa{{\isasymturnstile}\ {\isasymAnd}x{\isachardot}\ B{\isacharparenleft}x{\isacharparenright}} are interchangeable, provided
- that \isa{x} does not occur elsewhere in the context.
- Inspecting \isa{{\isasymturnstile}\ {\isasymAnd}x{\isachardot}\ B{\isacharparenleft}x{\isacharparenright}} more closely, we see that inside the
- quantifier, \isa{x} is essentially ``arbitrary, but fixed'',
- while from outside it appears as a place-holder for instantiation
- (thanks to \isa{{\isasymAnd}} elimination).
-
- The Pure logic represents the idea of variables being either inside
- or outside the current scope by providing separate syntactic
- categories for \emph{fixed variables} (e.g.\ \isa{x}) vs.\
- \emph{schematic variables} (e.g.\ \isa{{\isacharquery}x}). Incidently, a
- universal result \isa{{\isasymturnstile}\ {\isasymAnd}x{\isachardot}\ B{\isacharparenleft}x{\isacharparenright}} has the HHF normal form \isa{{\isasymturnstile}\ B{\isacharparenleft}{\isacharquery}x{\isacharparenright}}, which represents its generality nicely without requiring
- an explicit quantifier. The same principle works for type
- variables: \isa{{\isasymturnstile}\ B{\isacharparenleft}{\isacharquery}{\isasymalpha}{\isacharparenright}} represents the idea of ``\isa{{\isasymturnstile}\ {\isasymforall}{\isasymalpha}{\isachardot}\ B{\isacharparenleft}{\isasymalpha}{\isacharparenright}}'' without demanding a truly polymorphic framework.
-
- \medskip Additional care is required to treat type variables in a
- way that facilitates type-inference. In principle, term variables
- depend on type variables, which means that type variables would have
- to be declared first. For example, a raw type-theoretic framework
- would demand the context to be constructed in stages as follows:
- \isa{{\isasymGamma}\ {\isacharequal}\ {\isasymalpha}{\isacharcolon}\ type{\isacharcomma}\ x{\isacharcolon}\ {\isasymalpha}{\isacharcomma}\ a{\isacharcolon}\ A{\isacharparenleft}x\isactrlisub {\isasymalpha}{\isacharparenright}}.
-
- We allow a slightly less formalistic mode of operation: term
- variables \isa{x} are fixed without specifying a type yet
- (essentially \emph{all} potential occurrences of some instance
- \isa{x\isactrlisub {\isasymtau}} are fixed); the first occurrence of \isa{x}
- within a specific term assigns its most general type, which is then
- maintained consistently in the context. The above example becomes
- \isa{{\isasymGamma}\ {\isacharequal}\ x{\isacharcolon}\ term{\isacharcomma}\ {\isasymalpha}{\isacharcolon}\ type{\isacharcomma}\ A{\isacharparenleft}x\isactrlisub {\isasymalpha}{\isacharparenright}}, where type \isa{{\isasymalpha}} is fixed \emph{after} term \isa{x}, and the constraint
- \isa{x\ {\isacharcolon}{\isacharcolon}\ {\isasymalpha}} is an implicit consequence of the occurrence of
- \isa{x\isactrlisub {\isasymalpha}} in the subsequent proposition.
-
- This twist of dependencies is also accommodated by the reverse
- operation of exporting results from a context: a type variable
- \isa{{\isasymalpha}} is considered fixed as long as it occurs in some fixed
- term variable of the context. For example, exporting \isa{x{\isacharcolon}\ term{\isacharcomma}\ {\isasymalpha}{\isacharcolon}\ type\ {\isasymturnstile}\ x\isactrlisub {\isasymalpha}\ {\isacharequal}\ x\isactrlisub {\isasymalpha}} produces in the first step
- \isa{x{\isacharcolon}\ term\ {\isasymturnstile}\ x\isactrlisub {\isasymalpha}\ {\isacharequal}\ x\isactrlisub {\isasymalpha}} for fixed \isa{{\isasymalpha}},
- and only in the second step \isa{{\isasymturnstile}\ {\isacharquery}x\isactrlisub {\isacharquery}\isactrlisub {\isasymalpha}\ {\isacharequal}\ {\isacharquery}x\isactrlisub {\isacharquery}\isactrlisub {\isasymalpha}} for schematic \isa{{\isacharquery}x} and \isa{{\isacharquery}{\isasymalpha}}.
-
- \medskip The Isabelle/Isar proof context manages the gory details of
- term vs.\ type variables, with high-level principles for moving the
- frontier between fixed and schematic variables.
-
- The \isa{add{\isacharunderscore}fixes} operation explictly declares fixed
- variables; the \isa{declare{\isacharunderscore}term} operation absorbs a term into
- a context by fixing new type variables and adding syntactic
- constraints.
-
- The \isa{export} operation is able to perform the main work of
- generalizing term and type variables as sketched above, assuming
- that fixing variables and terms have been declared properly.
-
- There \isa{import} operation makes a generalized fact a genuine
- part of the context, by inventing fixed variables for the schematic
- ones. The effect can be reversed by using \isa{export} later,
- potentially with an extended context; the result is equivalent to
- the original modulo renaming of schematic variables.
-
- The \isa{focus} operation provides a variant of \isa{import}
- for nested propositions (with explicit quantification): \isa{{\isasymAnd}x\isactrlisub {\isadigit{1}}\ {\isasymdots}\ x\isactrlisub n{\isachardot}\ B{\isacharparenleft}x\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ x\isactrlisub n{\isacharparenright}} is
- decomposed by inventing fixed variables \isa{x\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ x\isactrlisub n} for the body.%
-\end{isamarkuptext}%
-\isamarkuptrue%
-%
-\isadelimmlref
-%
-\endisadelimmlref
-%
-\isatagmlref
-%
-\begin{isamarkuptext}%
-\begin{mldecls}
- \indexdef{}{ML}{Variable.add\_fixes}\verb|Variable.add_fixes: |\isasep\isanewline%
-\verb| string list -> Proof.context -> string list * Proof.context| \\
- \indexdef{}{ML}{Variable.variant\_fixes}\verb|Variable.variant_fixes: |\isasep\isanewline%
-\verb| string list -> Proof.context -> string list * Proof.context| \\
- \indexdef{}{ML}{Variable.declare\_term}\verb|Variable.declare_term: term -> Proof.context -> Proof.context| \\
- \indexdef{}{ML}{Variable.declare\_constraints}\verb|Variable.declare_constraints: term -> Proof.context -> Proof.context| \\
- \indexdef{}{ML}{Variable.export}\verb|Variable.export: Proof.context -> Proof.context -> thm list -> thm list| \\
- \indexdef{}{ML}{Variable.polymorphic}\verb|Variable.polymorphic: Proof.context -> term list -> term list| \\
- \indexdef{}{ML}{Variable.import\_thms}\verb|Variable.import_thms: bool -> thm list -> Proof.context ->|\isasep\isanewline%
-\verb| ((ctyp list * cterm list) * thm list) * Proof.context| \\
- \indexdef{}{ML}{Variable.focus}\verb|Variable.focus: cterm -> Proof.context -> (cterm list * cterm) * Proof.context| \\
- \end{mldecls}
-
- \begin{description}
-
- \item \verb|Variable.add_fixes|~\isa{xs\ ctxt} fixes term
- variables \isa{xs}, returning the resulting internal names. By
- default, the internal representation coincides with the external
- one, which also means that the given variables must not be fixed
- already. There is a different policy within a local proof body: the
- given names are just hints for newly invented Skolem variables.
-
- \item \verb|Variable.variant_fixes| is similar to \verb|Variable.add_fixes|, but always produces fresh variants of the given
- names.
-
- \item \verb|Variable.declare_term|~\isa{t\ ctxt} declares term
- \isa{t} to belong to the context. This automatically fixes new
- type variables, but not term variables. Syntactic constraints for
- type and term variables are declared uniformly, though.
-
- \item \verb|Variable.declare_constraints|~\isa{t\ ctxt} declares
- syntactic constraints from term \isa{t}, without making it part
- of the context yet.
-
- \item \verb|Variable.export|~\isa{inner\ outer\ thms} generalizes
- fixed type and term variables in \isa{thms} according to the
- difference of the \isa{inner} and \isa{outer} context,
- following the principles sketched above.
-
- \item \verb|Variable.polymorphic|~\isa{ctxt\ ts} generalizes type
- variables in \isa{ts} as far as possible, even those occurring
- in fixed term variables. The default policy of type-inference is to
- fix newly introduced type variables, which is essentially reversed
- with \verb|Variable.polymorphic|: here the given terms are detached
- from the context as far as possible.
-
- \item \verb|Variable.import_thms|~\isa{open\ thms\ ctxt} invents fixed
- type and term variables for the schematic ones occurring in \isa{thms}. The \isa{open} flag indicates whether the fixed names
- should be accessible to the user, otherwise newly introduced names
- are marked as ``internal'' (\secref{sec:names}).
-
- \item \verb|Variable.focus|~\isa{B} decomposes the outermost \isa{{\isasymAnd}} prefix of proposition \isa{B}.
-
- \end{description}%
-\end{isamarkuptext}%
-\isamarkuptrue%
-%
-\endisatagmlref
-{\isafoldmlref}%
-%
-\isadelimmlref
-%
-\endisadelimmlref
-%
-\isamarkupsection{Assumptions \label{sec:assumptions}%
-}
-\isamarkuptrue%
-%
-\begin{isamarkuptext}%
-An \emph{assumption} is a proposition that it is postulated in the
- current context. Local conclusions may use assumptions as
- additional facts, but this imposes implicit hypotheses that weaken
- the overall statement.
-
- Assumptions are restricted to fixed non-schematic statements, i.e.\
- all generality needs to be expressed by explicit quantifiers.
- Nevertheless, the result will be in HHF normal form with outermost
- quantifiers stripped. For example, by assuming \isa{{\isasymAnd}x\ {\isacharcolon}{\isacharcolon}\ {\isasymalpha}{\isachardot}\ P\ x} we get \isa{{\isasymAnd}x\ {\isacharcolon}{\isacharcolon}\ {\isasymalpha}{\isachardot}\ P\ x\ {\isasymturnstile}\ P\ {\isacharquery}x} for schematic \isa{{\isacharquery}x}
- of fixed type \isa{{\isasymalpha}}. Local derivations accumulate more and
- more explicit references to hypotheses: \isa{A\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ A\isactrlisub n\ {\isasymturnstile}\ B} where \isa{A\isactrlisub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ A\isactrlisub n} needs to
- be covered by the assumptions of the current context.
-
- \medskip The \isa{add{\isacharunderscore}assms} operation augments the context by
- local assumptions, which are parameterized by an arbitrary \isa{export} rule (see below).
-
- The \isa{export} operation moves facts from a (larger) inner
- context into a (smaller) outer context, by discharging the
- difference of the assumptions as specified by the associated export
- rules. Note that the discharged portion is determined by the
- difference contexts, not the facts being exported! There is a
- separate flag to indicate a goal context, where the result is meant
- to refine an enclosing sub-goal of a structured proof state.
-
- \medskip The most basic export rule discharges assumptions directly
- by means of the \isa{{\isasymLongrightarrow}} introduction rule:
- \[
- \infer[(\isa{{\isasymLongrightarrow}{\isacharunderscore}intro})]{\isa{{\isasymGamma}\ {\isacharbackslash}\ A\ {\isasymturnstile}\ A\ {\isasymLongrightarrow}\ B}}{\isa{{\isasymGamma}\ {\isasymturnstile}\ B}}
- \]
-
- The variant for goal refinements marks the newly introduced
- premises, which causes the canonical Isar goal refinement scheme to
- enforce unification with local premises within the goal:
- \[
- \infer[(\isa{{\isacharhash}{\isasymLongrightarrow}{\isacharunderscore}intro})]{\isa{{\isasymGamma}\ {\isacharbackslash}\ A\ {\isasymturnstile}\ {\isacharhash}A\ {\isasymLongrightarrow}\ B}}{\isa{{\isasymGamma}\ {\isasymturnstile}\ B}}
- \]
-
- \medskip Alternative versions of assumptions may perform arbitrary
- transformations on export, as long as the corresponding portion of
- hypotheses is removed from the given facts. For example, a local
- definition works by fixing \isa{x} and assuming \isa{x\ {\isasymequiv}\ t},
- with the following export rule to reverse the effect:
- \[
- \infer[(\isa{{\isasymequiv}{\isacharminus}expand})]{\isa{{\isasymGamma}\ {\isacharbackslash}\ x\ {\isasymequiv}\ t\ {\isasymturnstile}\ B\ t}}{\isa{{\isasymGamma}\ {\isasymturnstile}\ B\ x}}
- \]
- This works, because the assumption \isa{x\ {\isasymequiv}\ t} was introduced in
- a context with \isa{x} being fresh, so \isa{x} does not
- occur in \isa{{\isasymGamma}} here.%
-\end{isamarkuptext}%
-\isamarkuptrue%
-%
-\isadelimmlref
-%
-\endisadelimmlref
-%
-\isatagmlref
-%
-\begin{isamarkuptext}%
-\begin{mldecls}
- \indexdef{}{ML type}{Assumption.export}\verb|type Assumption.export| \\
- \indexdef{}{ML}{Assumption.assume}\verb|Assumption.assume: cterm -> thm| \\
- \indexdef{}{ML}{Assumption.add\_assms}\verb|Assumption.add_assms: Assumption.export ->|\isasep\isanewline%
-\verb| cterm list -> Proof.context -> thm list * Proof.context| \\
- \indexdef{}{ML}{Assumption.add\_assumes}\verb|Assumption.add_assumes: |\isasep\isanewline%
-\verb| cterm list -> Proof.context -> thm list * Proof.context| \\
- \indexdef{}{ML}{Assumption.export}\verb|Assumption.export: bool -> Proof.context -> Proof.context -> thm -> thm| \\
- \end{mldecls}
-
- \begin{description}
-
- \item \verb|Assumption.export| represents arbitrary export
- rules, which is any function of type \verb|bool -> cterm list -> thm -> thm|,
- where the \verb|bool| indicates goal mode, and the \verb|cterm list| the collection of assumptions to be discharged
- simultaneously.
-
- \item \verb|Assumption.assume|~\isa{A} turns proposition \isa{A} into a raw assumption \isa{A\ {\isasymturnstile}\ A{\isacharprime}}, where the conclusion
- \isa{A{\isacharprime}} is in HHF normal form.
-
- \item \verb|Assumption.add_assms|~\isa{r\ As} augments the context
- by assumptions \isa{As} with export rule \isa{r}. The
- resulting facts are hypothetical theorems as produced by the raw
- \verb|Assumption.assume|.
-
- \item \verb|Assumption.add_assumes|~\isa{As} is a special case of
- \verb|Assumption.add_assms| where the export rule performs \isa{{\isasymLongrightarrow}{\isacharunderscore}intro} or \isa{{\isacharhash}{\isasymLongrightarrow}{\isacharunderscore}intro}, depending on goal mode.
-
- \item \verb|Assumption.export|~\isa{is{\isacharunderscore}goal\ inner\ outer\ thm}
- exports result \isa{thm} from the the \isa{inner} context
- back into the \isa{outer} one; \isa{is{\isacharunderscore}goal\ {\isacharequal}\ true} means
- this is a goal context. The result is in HHF normal form. Note
- that \verb|ProofContext.export| combines \verb|Variable.export|
- and \verb|Assumption.export| in the canonical way.
-
- \end{description}%
-\end{isamarkuptext}%
-\isamarkuptrue%
-%
-\endisatagmlref
-{\isafoldmlref}%
-%
-\isadelimmlref
-%
-\endisadelimmlref
-%
-\isamarkupsection{Results \label{sec:results}%
-}
-\isamarkuptrue%
-%
-\begin{isamarkuptext}%
-Local results are established by monotonic reasoning from facts
- within a context. This allows common combinations of theorems,
- e.g.\ via \isa{{\isasymAnd}{\isacharslash}{\isasymLongrightarrow}} elimination, resolution rules, or equational
- reasoning, see \secref{sec:thms}. Unaccounted context manipulations
- should be avoided, notably raw \isa{{\isasymAnd}{\isacharslash}{\isasymLongrightarrow}} introduction or ad-hoc
- references to free variables or assumptions not present in the proof
- context.
-
- \medskip The \isa{SUBPROOF} combinator allows to structure a
- tactical proof recursively by decomposing a selected sub-goal:
- \isa{{\isacharparenleft}{\isasymAnd}x{\isachardot}\ A{\isacharparenleft}x{\isacharparenright}\ {\isasymLongrightarrow}\ B{\isacharparenleft}x{\isacharparenright}{\isacharparenright}\ {\isasymLongrightarrow}\ {\isasymdots}} is turned into \isa{B{\isacharparenleft}x{\isacharparenright}\ {\isasymLongrightarrow}\ {\isasymdots}}
- after fixing \isa{x} and assuming \isa{A{\isacharparenleft}x{\isacharparenright}}. This means
- the tactic needs to solve the conclusion, but may use the premise as
- a local fact, for locally fixed variables.
-
- The \isa{prove} operation provides an interface for structured
- backwards reasoning under program control, with some explicit sanity
- checks of the result. The goal context can be augmented by
- additional fixed variables (cf.\ \secref{sec:variables}) and
- assumptions (cf.\ \secref{sec:assumptions}), which will be available
- as local facts during the proof and discharged into implications in
- the result. Type and term variables are generalized as usual,
- according to the context.
-
- The \isa{obtain} operation produces results by eliminating
- existing facts by means of a given tactic. This acts like a dual
- conclusion: the proof demonstrates that the context may be augmented
- by certain fixed variables and assumptions. See also
- \cite{isabelle-isar-ref} for the user-level \isa{{\isasymOBTAIN}} and
- \isa{{\isasymGUESS}} elements. Final results, which may not refer to
- the parameters in the conclusion, need to exported explicitly into
- the original context.%
-\end{isamarkuptext}%
-\isamarkuptrue%
-%
-\isadelimmlref
-%
-\endisadelimmlref
-%
-\isatagmlref
-%
-\begin{isamarkuptext}%
-\begin{mldecls}
- \indexdef{}{ML}{SUBPROOF}\verb|SUBPROOF: ({context: Proof.context, schematics: ctyp list * cterm list,|\isasep\isanewline%
-\verb| params: cterm list, asms: cterm list, concl: cterm,|\isasep\isanewline%
-\verb| prems: thm list} -> tactic) -> Proof.context -> int -> tactic| \\
- \end{mldecls}
- \begin{mldecls}
- \indexdef{}{ML}{Goal.prove}\verb|Goal.prove: Proof.context -> string list -> term list -> term ->|\isasep\isanewline%
-\verb| ({prems: thm list, context: Proof.context} -> tactic) -> thm| \\
- \indexdef{}{ML}{Goal.prove\_multi}\verb|Goal.prove_multi: Proof.context -> string list -> term list -> term list ->|\isasep\isanewline%
-\verb| ({prems: thm list, context: Proof.context} -> tactic) -> thm list| \\
- \end{mldecls}
- \begin{mldecls}
- \indexdef{}{ML}{Obtain.result}\verb|Obtain.result: (Proof.context -> tactic) ->|\isasep\isanewline%
-\verb| thm list -> Proof.context -> (cterm list * thm list) * Proof.context| \\
- \end{mldecls}
-
- \begin{description}
-
- \item \verb|SUBPROOF|~\isa{tac\ ctxt\ i} decomposes the structure
- of the specified sub-goal, producing an extended context and a
- reduced goal, which needs to be solved by the given tactic. All
- schematic parameters of the goal are imported into the context as
- fixed ones, which may not be instantiated in the sub-proof.
-
- \item \verb|Goal.prove|~\isa{ctxt\ xs\ As\ C\ tac} states goal \isa{C} in the context augmented by fixed variables \isa{xs} and
- assumptions \isa{As}, and applies tactic \isa{tac} to solve
- it. The latter may depend on the local assumptions being presented
- as facts. The result is in HHF normal form.
-
- \item \verb|Goal.prove_multi| is simular to \verb|Goal.prove|, but
- states several conclusions simultaneously. The goal is encoded by
- means of Pure conjunction; \verb|Goal.conjunction_tac| will turn this
- into a collection of individual subgoals.
-
- \item \verb|Obtain.result|~\isa{tac\ thms\ ctxt} eliminates the
- given facts using a tactic, which results in additional fixed
- variables and assumptions in the context. Final results need to be
- exported explicitly.
-
- \end{description}%
-\end{isamarkuptext}%
-\isamarkuptrue%
-%
-\endisatagmlref
-{\isafoldmlref}%
-%
-\isadelimmlref
-%
-\endisadelimmlref
-%
-\isadelimtheory
-%
-\endisadelimtheory
-%
-\isatagtheory
-\isacommand{end}\isamarkupfalse%
-%
-\endisatagtheory
-{\isafoldtheory}%
-%
-\isadelimtheory
-%
-\endisadelimtheory
-\isanewline
-\end{isabellebody}%
-%%% Local Variables:
-%%% mode: latex
-%%% TeX-master: "root"
-%%% End:
--- a/doc-src/IsarImplementation/Thy/document/Tactic.tex Thu Mar 05 02:20:06 2009 +0100
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,497 +0,0 @@
-%
-\begin{isabellebody}%
-\def\isabellecontext{Tactic}%
-%
-\isadelimtheory
-%
-\endisadelimtheory
-%
-\isatagtheory
-\isacommand{theory}\isamarkupfalse%
-\ Tactic\isanewline
-\isakeyword{imports}\ Base\isanewline
-\isakeyword{begin}%
-\endisatagtheory
-{\isafoldtheory}%
-%
-\isadelimtheory
-%
-\endisadelimtheory
-%
-\isamarkupchapter{Tactical reasoning%
-}
-\isamarkuptrue%
-%
-\begin{isamarkuptext}%
-Tactical reasoning works by refining the initial claim in a
- backwards fashion, until a solved form is reached. A \isa{goal}
- consists of several subgoals that need to be solved in order to
- achieve the main statement; zero subgoals means that the proof may
- be finished. A \isa{tactic} is a refinement operation that maps
- a goal to a lazy sequence of potential successors. A \isa{tactical} is a combinator for composing tactics.%
-\end{isamarkuptext}%
-\isamarkuptrue%
-%
-\isamarkupsection{Goals \label{sec:tactical-goals}%
-}
-\isamarkuptrue%
-%
-\begin{isamarkuptext}%
-Isabelle/Pure represents a goal as a theorem stating that the
- subgoals imply the main goal: \isa{A\isactrlsub {\isadigit{1}}\ {\isasymLongrightarrow}\ {\isasymdots}\ {\isasymLongrightarrow}\ A\isactrlsub n\ {\isasymLongrightarrow}\ C}. The outermost goal structure is that of a Horn Clause: i.e.\
- an iterated implication without any quantifiers\footnote{Recall that
- outermost \isa{{\isasymAnd}x{\isachardot}\ {\isasymphi}{\isacharbrackleft}x{\isacharbrackright}} is always represented via schematic
- variables in the body: \isa{{\isasymphi}{\isacharbrackleft}{\isacharquery}x{\isacharbrackright}}. These variables may get
- instantiated during the course of reasoning.}. For \isa{n\ {\isacharequal}\ {\isadigit{0}}}
- a goal is called ``solved''.
-
- The structure of each subgoal \isa{A\isactrlsub i} is that of a
- general Hereditary Harrop Formula \isa{{\isasymAnd}x\isactrlsub {\isadigit{1}}\ {\isasymdots}\ {\isasymAnd}x\isactrlsub k{\isachardot}\ H\isactrlsub {\isadigit{1}}\ {\isasymLongrightarrow}\ {\isasymdots}\ {\isasymLongrightarrow}\ H\isactrlsub m\ {\isasymLongrightarrow}\ B}. Here \isa{x\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ x\isactrlsub k} are goal parameters, i.e.\
- arbitrary-but-fixed entities of certain types, and \isa{H\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ H\isactrlsub m} are goal hypotheses, i.e.\ facts that may
- be assumed locally. Together, this forms the goal context of the
- conclusion \isa{B} to be established. The goal hypotheses may be
- again arbitrary Hereditary Harrop Formulas, although the level of
- nesting rarely exceeds 1--2 in practice.
-
- The main conclusion \isa{C} is internally marked as a protected
- proposition, which is represented explicitly by the notation \isa{{\isacharhash}C}. This ensures that the decomposition into subgoals and main
- conclusion is well-defined for arbitrarily structured claims.
-
- \medskip Basic goal management is performed via the following
- Isabelle/Pure rules:
-
- \[
- \infer[\isa{{\isacharparenleft}init{\isacharparenright}}]{\isa{C\ {\isasymLongrightarrow}\ {\isacharhash}C}}{} \qquad
- \infer[\isa{{\isacharparenleft}finish{\isacharparenright}}]{\isa{C}}{\isa{{\isacharhash}C}}
- \]
-
- \medskip The following low-level variants admit general reasoning
- with protected propositions:
-
- \[
- \infer[\isa{{\isacharparenleft}protect{\isacharparenright}}]{\isa{{\isacharhash}C}}{\isa{C}} \qquad
- \infer[\isa{{\isacharparenleft}conclude{\isacharparenright}}]{\isa{A\isactrlsub {\isadigit{1}}\ {\isasymLongrightarrow}\ {\isasymdots}\ {\isasymLongrightarrow}\ A\isactrlsub n\ {\isasymLongrightarrow}\ C}}{\isa{A\isactrlsub {\isadigit{1}}\ {\isasymLongrightarrow}\ {\isasymdots}\ {\isasymLongrightarrow}\ A\isactrlsub n\ {\isasymLongrightarrow}\ {\isacharhash}C}}
- \]%
-\end{isamarkuptext}%
-\isamarkuptrue%
-%
-\isadelimmlref
-%
-\endisadelimmlref
-%
-\isatagmlref
-%
-\begin{isamarkuptext}%
-\begin{mldecls}
- \indexdef{}{ML}{Goal.init}\verb|Goal.init: cterm -> thm| \\
- \indexdef{}{ML}{Goal.finish}\verb|Goal.finish: thm -> thm| \\
- \indexdef{}{ML}{Goal.protect}\verb|Goal.protect: thm -> thm| \\
- \indexdef{}{ML}{Goal.conclude}\verb|Goal.conclude: thm -> thm| \\
- \end{mldecls}
-
- \begin{description}
-
- \item \verb|Goal.init|~\isa{C} initializes a tactical goal from
- the well-formed proposition \isa{C}.
-
- \item \verb|Goal.finish|~\isa{thm} checks whether theorem
- \isa{thm} is a solved goal (no subgoals), and concludes the
- result by removing the goal protection.
-
- \item \verb|Goal.protect|~\isa{thm} protects the full statement
- of theorem \isa{thm}.
-
- \item \verb|Goal.conclude|~\isa{thm} removes the goal
- protection, even if there are pending subgoals.
-
- \end{description}%
-\end{isamarkuptext}%
-\isamarkuptrue%
-%
-\endisatagmlref
-{\isafoldmlref}%
-%
-\isadelimmlref
-%
-\endisadelimmlref
-%
-\isamarkupsection{Tactics%
-}
-\isamarkuptrue%
-%
-\begin{isamarkuptext}%
-A \isa{tactic} is a function \isa{goal\ {\isasymrightarrow}\ goal\isactrlsup {\isacharasterisk}\isactrlsup {\isacharasterisk}} that
- maps a given goal state (represented as a theorem, cf.\
- \secref{sec:tactical-goals}) to a lazy sequence of potential
- successor states. The underlying sequence implementation is lazy
- both in head and tail, and is purely functional in \emph{not}
- supporting memoing.\footnote{The lack of memoing and the strict
- nature of SML requires some care when working with low-level
- sequence operations, to avoid duplicate or premature evaluation of
- results.}
-
- An \emph{empty result sequence} means that the tactic has failed: in
- a compound tactic expressions other tactics might be tried instead,
- or the whole refinement step might fail outright, producing a
- toplevel error message. When implementing tactics from scratch, one
- should take care to observe the basic protocol of mapping regular
- error conditions to an empty result; only serious faults should
- emerge as exceptions.
-
- By enumerating \emph{multiple results}, a tactic can easily express
- the potential outcome of an internal search process. There are also
- combinators for building proof tools that involve search
- systematically, see also \secref{sec:tacticals}.
-
- \medskip As explained in \secref{sec:tactical-goals}, a goal state
- essentially consists of a list of subgoals that imply the main goal
- (conclusion). Tactics may operate on all subgoals or on a
- particularly specified subgoal, but must not change the main
- conclusion (apart from instantiating schematic goal variables).
-
- Tactics with explicit \emph{subgoal addressing} are of the form
- \isa{int\ {\isasymrightarrow}\ tactic} and may be applied to a particular subgoal
- (counting from 1). If the subgoal number is out of range, the
- tactic should fail with an empty result sequence, but must not raise
- an exception!
-
- Operating on a particular subgoal means to replace it by an interval
- of zero or more subgoals in the same place; other subgoals must not
- be affected, apart from instantiating schematic variables ranging
- over the whole goal state.
-
- A common pattern of composing tactics with subgoal addressing is to
- try the first one, and then the second one only if the subgoal has
- not been solved yet. Special care is required here to avoid bumping
- into unrelated subgoals that happen to come after the original
- subgoal. Assuming that there is only a single initial subgoal is a
- very common error when implementing tactics!
-
- Tactics with internal subgoal addressing should expose the subgoal
- index as \isa{int} argument in full generality; a hardwired
- subgoal 1 inappropriate.
-
- \medskip The main well-formedness conditions for proper tactics are
- summarized as follows.
-
- \begin{itemize}
-
- \item General tactic failure is indicated by an empty result, only
- serious faults may produce an exception.
-
- \item The main conclusion must not be changed, apart from
- instantiating schematic variables.
-
- \item A tactic operates either uniformly on all subgoals, or
- specifically on a selected subgoal (without bumping into unrelated
- subgoals).
-
- \item Range errors in subgoal addressing produce an empty result.
-
- \end{itemize}
-
- Some of these conditions are checked by higher-level goal
- infrastructure (\secref{sec:results}); others are not checked
- explicitly, and violating them merely results in ill-behaved tactics
- experienced by the user (e.g.\ tactics that insist in being
- applicable only to singleton goals, or disallow composition with
- basic tacticals).%
-\end{isamarkuptext}%
-\isamarkuptrue%
-%
-\isadelimmlref
-%
-\endisadelimmlref
-%
-\isatagmlref
-%
-\begin{isamarkuptext}%
-\begin{mldecls}
- \indexdef{}{ML type}{tactic}\verb|type tactic = thm -> thm Seq.seq| \\
- \indexdef{}{ML}{no\_tac}\verb|no_tac: tactic| \\
- \indexdef{}{ML}{all\_tac}\verb|all_tac: tactic| \\
- \indexdef{}{ML}{print\_tac}\verb|print_tac: string -> tactic| \\[1ex]
- \indexdef{}{ML}{PRIMITIVE}\verb|PRIMITIVE: (thm -> thm) -> tactic| \\[1ex]
- \indexdef{}{ML}{SUBGOAL}\verb|SUBGOAL: (term * int -> tactic) -> int -> tactic| \\
- \indexdef{}{ML}{CSUBGOAL}\verb|CSUBGOAL: (cterm * int -> tactic) -> int -> tactic| \\
- \end{mldecls}
-
- \begin{description}
-
- \item \verb|tactic| represents tactics. The well-formedness
- conditions described above need to be observed. See also \hyperlink{file.~~/src/Pure/General/seq.ML}{\mbox{\isa{\isatt{{\isachartilde}{\isachartilde}{\isacharslash}src{\isacharslash}Pure{\isacharslash}General{\isacharslash}seq{\isachardot}ML}}}} for the underlying implementation of
- lazy sequences.
-
- \item \verb|int -> tactic| represents tactics with explicit
- subgoal addressing, with well-formedness conditions as described
- above.
-
- \item \verb|no_tac| is a tactic that always fails, returning the
- empty sequence.
-
- \item \verb|all_tac| is a tactic that always succeeds, returning a
- singleton sequence with unchanged goal state.
-
- \item \verb|print_tac|~\isa{message} is like \verb|all_tac|, but
- prints a message together with the goal state on the tracing
- channel.
-
- \item \verb|PRIMITIVE|~\isa{rule} turns a primitive inference rule
- into a tactic with unique result. Exception \verb|THM| is considered
- a regular tactic failure and produces an empty result; other
- exceptions are passed through.
-
- \item \verb|SUBGOAL|~\isa{{\isacharparenleft}fn\ {\isacharparenleft}subgoal{\isacharcomma}\ i{\isacharparenright}\ {\isacharequal}{\isachargreater}\ tactic{\isacharparenright}} is the
- most basic form to produce a tactic with subgoal addressing. The
- given abstraction over the subgoal term and subgoal number allows to
- peek at the relevant information of the full goal state. The
- subgoal range is checked as required above.
-
- \item \verb|CSUBGOAL| is similar to \verb|SUBGOAL|, but passes the
- subgoal as \verb|cterm| instead of raw \verb|term|. This
- avoids expensive re-certification in situations where the subgoal is
- used directly for primitive inferences.
-
- \end{description}%
-\end{isamarkuptext}%
-\isamarkuptrue%
-%
-\endisatagmlref
-{\isafoldmlref}%
-%
-\isadelimmlref
-%
-\endisadelimmlref
-%
-\isamarkupsubsection{Resolution and assumption tactics \label{sec:resolve-assume-tac}%
-}
-\isamarkuptrue%
-%
-\begin{isamarkuptext}%
-\emph{Resolution} is the most basic mechanism for refining a
- subgoal using a theorem as object-level rule.
- \emph{Elim-resolution} is particularly suited for elimination rules:
- it resolves with a rule, proves its first premise by assumption, and
- finally deletes that assumption from any new subgoals.
- \emph{Destruct-resolution} is like elim-resolution, but the given
- destruction rules are first turned into canonical elimination
- format. \emph{Forward-resolution} is like destruct-resolution, but
- without deleting the selected assumption. The \isa{r{\isacharslash}e{\isacharslash}d{\isacharslash}f}
- naming convention is maintained for several different kinds of
- resolution rules and tactics.
-
- Assumption tactics close a subgoal by unifying some of its premises
- against its conclusion.
-
- \medskip All the tactics in this section operate on a subgoal
- designated by a positive integer. Other subgoals might be affected
- indirectly, due to instantiation of schematic variables.
-
- There are various sources of non-determinism, the tactic result
- sequence enumerates all possibilities of the following choices (if
- applicable):
-
- \begin{enumerate}
-
- \item selecting one of the rules given as argument to the tactic;
-
- \item selecting a subgoal premise to eliminate, unifying it against
- the first premise of the rule;
-
- \item unifying the conclusion of the subgoal to the conclusion of
- the rule.
-
- \end{enumerate}
-
- Recall that higher-order unification may produce multiple results
- that are enumerated here.%
-\end{isamarkuptext}%
-\isamarkuptrue%
-%
-\isadelimmlref
-%
-\endisadelimmlref
-%
-\isatagmlref
-%
-\begin{isamarkuptext}%
-\begin{mldecls}
- \indexdef{}{ML}{resolve\_tac}\verb|resolve_tac: thm list -> int -> tactic| \\
- \indexdef{}{ML}{eresolve\_tac}\verb|eresolve_tac: thm list -> int -> tactic| \\
- \indexdef{}{ML}{dresolve\_tac}\verb|dresolve_tac: thm list -> int -> tactic| \\
- \indexdef{}{ML}{forward\_tac}\verb|forward_tac: thm list -> int -> tactic| \\[1ex]
- \indexdef{}{ML}{assume\_tac}\verb|assume_tac: int -> tactic| \\
- \indexdef{}{ML}{eq\_assume\_tac}\verb|eq_assume_tac: int -> tactic| \\[1ex]
- \indexdef{}{ML}{match\_tac}\verb|match_tac: thm list -> int -> tactic| \\
- \indexdef{}{ML}{ematch\_tac}\verb|ematch_tac: thm list -> int -> tactic| \\
- \indexdef{}{ML}{dmatch\_tac}\verb|dmatch_tac: thm list -> int -> tactic| \\
- \end{mldecls}
-
- \begin{description}
-
- \item \verb|resolve_tac|~\isa{thms\ i} refines the goal state
- using the given theorems, which should normally be introduction
- rules. The tactic resolves a rule's conclusion with subgoal \isa{i}, replacing it by the corresponding versions of the rule's
- premises.
-
- \item \verb|eresolve_tac|~\isa{thms\ i} performs elim-resolution
- with the given theorems, which should normally be elimination rules.
-
- \item \verb|dresolve_tac|~\isa{thms\ i} performs
- destruct-resolution with the given theorems, which should normally
- be destruction rules. This replaces an assumption by the result of
- applying one of the rules.
-
- \item \verb|forward_tac| is like \verb|dresolve_tac| except that the
- selected assumption is not deleted. It applies a rule to an
- assumption, adding the result as a new assumption.
-
- \item \verb|assume_tac|~\isa{i} attempts to solve subgoal \isa{i}
- by assumption (modulo higher-order unification).
-
- \item \verb|eq_assume_tac| is similar to \verb|assume_tac|, but checks
- only for immediate \isa{{\isasymalpha}}-convertibility instead of using
- unification. It succeeds (with a unique next state) if one of the
- assumptions is equal to the subgoal's conclusion. Since it does not
- instantiate variables, it cannot make other subgoals unprovable.
-
- \item \verb|match_tac|, \verb|ematch_tac|, and \verb|dmatch_tac| are
- similar to \verb|resolve_tac|, \verb|eresolve_tac|, and \verb|dresolve_tac|, respectively, but do not instantiate schematic
- variables in the goal state.
-
- Flexible subgoals are not updated at will, but are left alone.
- Strictly speaking, matching means to treat the unknowns in the goal
- state as constants; these tactics merely discard unifiers that would
- update the goal state.
-
- \end{description}%
-\end{isamarkuptext}%
-\isamarkuptrue%
-%
-\endisatagmlref
-{\isafoldmlref}%
-%
-\isadelimmlref
-%
-\endisadelimmlref
-%
-\isamarkupsubsection{Explicit instantiation within a subgoal context%
-}
-\isamarkuptrue%
-%
-\begin{isamarkuptext}%
-The main resolution tactics (\secref{sec:resolve-assume-tac})
- use higher-order unification, which works well in many practical
- situations despite its daunting theoretical properties.
- Nonetheless, there are important problem classes where unguided
- higher-order unification is not so useful. This typically involves
- rules like universal elimination, existential introduction, or
- equational substitution. Here the unification problem involves
- fully flexible \isa{{\isacharquery}P\ {\isacharquery}x} schemes, which are hard to manage
- without further hints.
-
- By providing a (small) rigid term for \isa{{\isacharquery}x} explicitly, the
- remaining unification problem is to assign a (large) term to \isa{{\isacharquery}P}, according to the shape of the given subgoal. This is
- sufficiently well-behaved in most practical situations.
-
- \medskip Isabelle provides separate versions of the standard \isa{r{\isacharslash}e{\isacharslash}d{\isacharslash}f} resolution tactics that allow to provide explicit
- instantiations of unknowns of the given rule, wrt.\ terms that refer
- to the implicit context of the selected subgoal.
-
- An instantiation consists of a list of pairs of the form \isa{{\isacharparenleft}{\isacharquery}x{\isacharcomma}\ t{\isacharparenright}}, where \isa{{\isacharquery}x} is a schematic variable occurring in
- the given rule, and \isa{t} is a term from the current proof
- context, augmented by the local goal parameters of the selected
- subgoal; cf.\ the \isa{focus} operation described in
- \secref{sec:variables}.
-
- Entering the syntactic context of a subgoal is a brittle operation,
- because its exact form is somewhat accidental, and the choice of
- bound variable names depends on the presence of other local and
- global names. Explicit renaming of subgoal parameters prior to
- explicit instantiation might help to achieve a bit more robustness.
-
- Type instantiations may be given as well, via pairs like \isa{{\isacharparenleft}{\isacharquery}{\isacharprime}a{\isacharcomma}\ {\isasymtau}{\isacharparenright}}. Type instantiations are distinguished from term
- instantiations by the syntactic form of the schematic variable.
- Types are instantiated before terms are. Since term instantiation
- already performs type-inference as expected, explicit type
- instantiations are seldom necessary.%
-\end{isamarkuptext}%
-\isamarkuptrue%
-%
-\isadelimmlref
-%
-\endisadelimmlref
-%
-\isatagmlref
-%
-\begin{isamarkuptext}%
-\begin{mldecls}
- \indexdef{}{ML}{res\_inst\_tac}\verb|res_inst_tac: Proof.context -> (indexname * string) list -> thm -> int -> tactic| \\
- \indexdef{}{ML}{eres\_inst\_tac}\verb|eres_inst_tac: Proof.context -> (indexname * string) list -> thm -> int -> tactic| \\
- \indexdef{}{ML}{dres\_inst\_tac}\verb|dres_inst_tac: Proof.context -> (indexname * string) list -> thm -> int -> tactic| \\
- \indexdef{}{ML}{forw\_inst\_tac}\verb|forw_inst_tac: Proof.context -> (indexname * string) list -> thm -> int -> tactic| \\[1ex]
- \indexdef{}{ML}{rename\_tac}\verb|rename_tac: string list -> int -> tactic| \\
- \end{mldecls}
-
- \begin{description}
-
- \item \verb|res_inst_tac|~\isa{ctxt\ insts\ thm\ i} instantiates the
- rule \isa{thm} with the instantiations \isa{insts}, as described
- above, and then performs resolution on subgoal \isa{i}.
-
- \item \verb|eres_inst_tac| is like \verb|res_inst_tac|, but performs
- elim-resolution.
-
- \item \verb|dres_inst_tac| is like \verb|res_inst_tac|, but performs
- destruct-resolution.
-
- \item \verb|forw_inst_tac| is like \verb|dres_inst_tac| except that
- the selected assumption is not deleted.
-
- \item \verb|rename_tac|~\isa{names\ i} renames the innermost
- parameters of subgoal \isa{i} according to the provided \isa{names} (which need to be distinct indentifiers).
-
- \end{description}%
-\end{isamarkuptext}%
-\isamarkuptrue%
-%
-\endisatagmlref
-{\isafoldmlref}%
-%
-\isadelimmlref
-%
-\endisadelimmlref
-%
-\isamarkupsection{Tacticals \label{sec:tacticals}%
-}
-\isamarkuptrue%
-%
-\begin{isamarkuptext}%
-A \emph{tactical} is a functional combinator for building up complex
- tactics from simpler ones. Typical tactical perform sequential
- composition, disjunction (choice), iteration, or goal addressing.
- Various search strategies may be expressed via tacticals.
-
- \medskip FIXME%
-\end{isamarkuptext}%
-\isamarkuptrue%
-%
-\isadelimtheory
-%
-\endisadelimtheory
-%
-\isatagtheory
-\isacommand{end}\isamarkupfalse%
-%
-\endisatagtheory
-{\isafoldtheory}%
-%
-\isadelimtheory
-%
-\endisadelimtheory
-\isanewline
-\end{isabellebody}%
-%%% Local Variables:
-%%% mode: latex
-%%% TeX-master: "root"
-%%% End:
--- a/doc-src/IsarRef/Thy/document/Generic.tex Thu Mar 05 02:20:06 2009 +0100
+++ b/doc-src/IsarRef/Thy/document/Generic.tex Thu Mar 05 02:24:36 2009 +0100
@@ -503,7 +503,7 @@
\item \hyperlink{command.simproc-setup}{\mbox{\isa{\isacommand{simproc{\isacharunderscore}setup}}}} defines a named simplification
procedure that is invoked by the Simplifier whenever any of the
given term patterns match the current redex. The implementation,
- which is provided as ML source text, needs to be of type \verb|"morphism -> simpset -> cterm -> thm option"|, where the \verb|cterm| represents the current redex \isa{r} and the result is
+ which is provided as ML source text, needs to be of type \verb|morphism -> simpset -> cterm -> thm option|, where the \verb|cterm| represents the current redex \isa{r} and the result is
supposed to be some proven rewrite rule \isa{{\isachardoublequote}r\ {\isasymequiv}\ r{\isacharprime}{\isachardoublequote}} (or a
generalized version), or \verb|NONE| to indicate failure. The
\verb|simpset| argument holds the full context of the current
--- a/src/HOL/Finite_Set.thy Thu Mar 05 02:20:06 2009 +0100
+++ b/src/HOL/Finite_Set.thy Thu Mar 05 02:24:36 2009 +0100
@@ -878,9 +878,54 @@
fold_image times g 1 A * fold_image times h 1 A"
by (erule finite_induct) (simp_all add: mult_ac)
+lemma fold_image_related:
+ assumes Re: "R e e"
+ and Rop: "\<forall>x1 y1 x2 y2. R x1 x2 \<and> R y1 y2 \<longrightarrow> R (x1 * y1) (x2 * y2)"
+ and fS: "finite S" and Rfg: "\<forall>x\<in>S. R (h x) (g x)"
+ shows "R (fold_image (op *) h e S) (fold_image (op *) g e S)"
+ using fS by (rule finite_subset_induct) (insert assms, auto)
+
+lemma fold_image_eq_general:
+ assumes fS: "finite S"
+ and h: "\<forall>y\<in>S'. \<exists>!x. x\<in> S \<and> h(x) = y"
+ and f12: "\<forall>x\<in>S. h x \<in> S' \<and> f2(h x) = f1 x"
+ shows "fold_image (op *) f1 e S = fold_image (op *) f2 e S'"
+proof-
+ from h f12 have hS: "h ` S = S'" by auto
+ {fix x y assume H: "x \<in> S" "y \<in> S" "h x = h y"
+ from f12 h H have "x = y" by auto }
+ hence hinj: "inj_on h S" unfolding inj_on_def Ex1_def by blast
+ from f12 have th: "\<And>x. x \<in> S \<Longrightarrow> (f2 \<circ> h) x = f1 x" by auto
+ from hS have "fold_image (op *) f2 e S' = fold_image (op *) f2 e (h ` S)" by simp
+ also have "\<dots> = fold_image (op *) (f2 o h) e S"
+ using fold_image_reindex[OF fS hinj, of f2 e] .
+ also have "\<dots> = fold_image (op *) f1 e S " using th fold_image_cong[OF fS, of "f2 o h" f1 e]
+ by blast
+ finally show ?thesis ..
+qed
+
+lemma fold_image_eq_general_inverses:
+ assumes fS: "finite S"
+ and kh: "\<And>y. y \<in> T \<Longrightarrow> k y \<in> S \<and> h (k y) = y"
+ and hk: "\<And>x. x \<in> S \<Longrightarrow> h x \<in> T \<and> k (h x) = x \<and> g (h x) = f x"
+ shows "fold_image (op *) f e S = fold_image (op *) g e T"
+ (* metis solves it, but not yet available here *)
+ apply (rule fold_image_eq_general[OF fS, of T h g f e])
+ apply (rule ballI)
+ apply (frule kh)
+ apply (rule ex1I[])
+ apply blast
+ apply clarsimp
+ apply (drule hk) apply simp
+ apply (rule sym)
+ apply (erule conjunct1[OF conjunct2[OF hk]])
+ apply (rule ballI)
+ apply (drule hk)
+ apply blast
+ done
+
end
-
subsection {* Generalized summation over a set *}
interpretation comm_monoid_add!: comm_monoid_mult "0::'a::comm_monoid_add" "op +"
@@ -1092,6 +1137,31 @@
using setsum_delta[OF fS, of a b, symmetric]
by (auto intro: setsum_cong)
+lemma setsum_restrict_set:
+ assumes fA: "finite A"
+ shows "setsum f (A \<inter> B) = setsum (\<lambda>x. if x \<in> B then f x else 0) A"
+proof-
+ from fA have fab: "finite (A \<inter> B)" by auto
+ have aba: "A \<inter> B \<subseteq> A" by blast
+ let ?g = "\<lambda>x. if x \<in> A\<inter>B then f x else 0"
+ from setsum_mono_zero_left[OF fA aba, of ?g]
+ show ?thesis by simp
+qed
+
+lemma setsum_cases:
+ assumes fA: "finite A"
+ shows "setsum (\<lambda>x. if x \<in> B then f x else g x) A =
+ setsum f (A \<inter> B) + setsum g (A \<inter> - B)"
+proof-
+ have a: "A = A \<inter> B \<union> A \<inter> -B" "(A \<inter> B) \<inter> (A \<inter> -B) = {}"
+ by blast+
+ from fA
+ have f: "finite (A \<inter> B)" "finite (A \<inter> -B)" by auto
+ let ?g = "\<lambda>x. if x \<in> B then f x else g x"
+ from setsum_Un_disjoint[OF f a(2), of ?g] a(1)
+ show ?thesis by simp
+qed
+
(*But we can't get rid of finite I. If infinite, although the rhs is 0,
the lhs need not be, since UNION I A could still be finite.*)
@@ -1158,6 +1228,62 @@
setsum f A + setsum f B - setsum f (A Int B)"
by (subst setsum_Un_Int [symmetric], auto simp add: algebra_simps)
+lemma (in comm_monoid_mult) fold_image_1: "finite S \<Longrightarrow> (\<forall>x\<in>S. f x = 1) \<Longrightarrow> fold_image op * f 1 S = 1"
+ apply (induct set: finite)
+ apply simp by (auto simp add: fold_image_insert)
+
+lemma (in comm_monoid_mult) fold_image_Un_one:
+ assumes fS: "finite S" and fT: "finite T"
+ and I0: "\<forall>x \<in> S\<inter>T. f x = 1"
+ shows "fold_image (op *) f 1 (S \<union> T) = fold_image (op *) f 1 S * fold_image (op *) f 1 T"
+proof-
+ have "fold_image op * f 1 (S \<inter> T) = 1"
+ apply (rule fold_image_1)
+ using fS fT I0 by auto
+ with fold_image_Un_Int[OF fS fT] show ?thesis by simp
+qed
+
+lemma setsum_eq_general_reverses:
+ assumes fS: "finite S" and fT: "finite T"
+ and kh: "\<And>y. y \<in> T \<Longrightarrow> k y \<in> S \<and> h (k y) = y"
+ and hk: "\<And>x. x \<in> S \<Longrightarrow> h x \<in> T \<and> k (h x) = x \<and> g (h x) = f x"
+ shows "setsum f S = setsum g T"
+ apply (simp add: setsum_def fS fT)
+ apply (rule comm_monoid_add.fold_image_eq_general_inverses[OF fS])
+ apply (erule kh)
+ apply (erule hk)
+ done
+
+
+
+lemma setsum_Un_zero:
+ assumes fS: "finite S" and fT: "finite T"
+ and I0: "\<forall>x \<in> S\<inter>T. f x = 0"
+ shows "setsum f (S \<union> T) = setsum f S + setsum f T"
+ using fS fT
+ apply (simp add: setsum_def)
+ apply (rule comm_monoid_add.fold_image_Un_one)
+ using I0 by auto
+
+
+lemma setsum_UNION_zero:
+ assumes fS: "finite S" and fSS: "\<forall>T \<in> S. finite T"
+ and f0: "\<And>T1 T2 x. T1\<in>S \<Longrightarrow> T2\<in>S \<Longrightarrow> T1 \<noteq> T2 \<Longrightarrow> x \<in> T1 \<Longrightarrow> x \<in> T2 \<Longrightarrow> f x = 0"
+ shows "setsum f (\<Union>S) = setsum (\<lambda>T. setsum f T) S"
+ using fSS f0
+proof(induct rule: finite_induct[OF fS])
+ case 1 thus ?case by simp
+next
+ case (2 T F)
+ then have fTF: "finite T" "\<forall>T\<in>F. finite T" "finite F" and TF: "T \<notin> F"
+ and H: "setsum f (\<Union> F) = setsum (setsum f) F" by (auto simp add: finite_insert)
+ from fTF have fUF: "finite (\<Union>F)" by (auto intro: finite_Union)
+ from "2.prems" TF fTF
+ show ?case
+ by (auto simp add: H[symmetric] intro: setsum_Un_zero[OF fTF(1) fUF, of f])
+qed
+
+
lemma setsum_diff1_nat: "(setsum f (A - {a}) :: nat) =
(if a:A then setsum f A - f a else setsum f A)"
apply (case_tac "finite A")
@@ -1539,6 +1665,15 @@
by (erule eq[symmetric])
qed
+lemma setprod_Un_one:
+ assumes fS: "finite S" and fT: "finite T"
+ and I0: "\<forall>x \<in> S\<inter>T. f x = 1"
+ shows "setprod f (S \<union> T) = setprod f S * setprod f T"
+ using fS fT
+ apply (simp add: setprod_def)
+ apply (rule fold_image_Un_one)
+ using I0 by auto
+
lemma setprod_1: "setprod (%i. 1) A = 1"
apply (case_tac "finite A")
--- a/src/HOL/HOL.thy Thu Mar 05 02:20:06 2009 +0100
+++ b/src/HOL/HOL.thy Thu Mar 05 02:24:36 2009 +0100
@@ -1709,6 +1709,11 @@
subsection {* Nitpick theorem store *}
ML {*
+structure Nitpick_Const_Def_Thms = NamedThmsFun
+(
+ val name = "nitpick_const_def"
+ val description = "alternative definitions of constants as needed by Nitpick"
+)
structure Nitpick_Const_Simp_Thms = NamedThmsFun
(
val name = "nitpick_const_simp"
@@ -1725,7 +1730,8 @@
val description = "introduction rules for (co)inductive predicates as needed by Nitpick"
)
*}
-setup {* Nitpick_Const_Simp_Thms.setup
+setup {* Nitpick_Const_Def_Thms.setup
+ #> Nitpick_Const_Simp_Thms.setup
#> Nitpick_Const_Psimp_Thms.setup
#> Nitpick_Ind_Intro_Thms.setup *}
--- a/src/HOL/IsaMakefile Thu Mar 05 02:20:06 2009 +0100
+++ b/src/HOL/IsaMakefile Thu Mar 05 02:24:36 2009 +0100
@@ -314,7 +314,7 @@
Library/Euclidean_Space.thy Library/Glbs.thy Library/normarith.ML \
Library/Executable_Set.thy Library/Infinite_Set.thy \
Library/FuncSet.thy Library/Permutations.thy Library/Determinants.thy\
- Library/Bit.thy \
+ Library/Bit.thy Library/Topology_Euclidean_Space.thy \
Library/Finite_Cartesian_Product.thy \
Library/FrechetDeriv.thy \
Library/Fundamental_Theorem_Algebra.thy \
--- a/src/HOL/Library/Code_Index.thy Thu Mar 05 02:20:06 2009 +0100
+++ b/src/HOL/Library/Code_Index.thy Thu Mar 05 02:24:36 2009 +0100
@@ -87,12 +87,14 @@
then show "P k" by simp
qed simp_all
-lemmas [code del] = index.recs index.cases
-
declare index_case [case_names nat, cases type: index]
declare index.induct [case_names nat, induct type: index]
-lemma [code]:
+lemma index_decr [termination_simp]:
+ "k \<noteq> Code_Index.of_nat 0 \<Longrightarrow> Code_Index.nat_of k - Suc 0 < Code_Index.nat_of k"
+ by (cases k) simp
+
+lemma [simp, code]:
"index_size = nat_of"
proof (rule ext)
fix k
@@ -102,7 +104,7 @@
finally show "index_size k = nat_of k" .
qed
-lemma [code]:
+lemma [simp, code]:
"size = nat_of"
proof (rule ext)
fix k
@@ -110,6 +112,8 @@
by (induct k) (simp_all del: zero_index_def Suc_index_def, simp_all)
qed
+lemmas [code del] = index.recs index.cases
+
lemma [code]:
"eq_class.eq k l \<longleftrightarrow> eq_class.eq (nat_of k) (nat_of l)"
by (cases k, cases l) (simp add: eq)
--- a/src/HOL/Library/Determinants.thy Thu Mar 05 02:20:06 2009 +0100
+++ b/src/HOL/Library/Determinants.thy Thu Mar 05 02:24:36 2009 +0100
@@ -1,5 +1,4 @@
(* Title: Determinants
- ID: $Id:
Author: Amine Chaieb, University of Cambridge
*)
@@ -176,7 +175,7 @@
from ld[OF i(1) piU i(2)] i(1) have ex:"\<exists>i \<in> ?U. A$i$p i = 0" by blast
from setprod_zero[OF fU ex] have "?pp p = 0" by simp}
then have p0: "\<forall>p \<in> ?PU -{id}. ?pp p = 0" by blast
- from setsum_superset[OF fPU id0 p0] show ?thesis
+ from setsum_mono_zero_cong_left[OF fPU id0 p0] show ?thesis
unfolding det_def by (simp add: sign_id)
qed
@@ -199,7 +198,7 @@
from ld[OF i(1) piU i(2)] i(1) have ex:"\<exists>i \<in> ?U. A$i$p i = 0" by blast
from setprod_zero[OF fU ex] have "?pp p = 0" by simp}
then have p0: "\<forall>p \<in> ?PU -{id}. ?pp p = 0" by blast
- from setsum_superset[OF fPU id0 p0] show ?thesis
+ from setsum_mono_zero_cong_left[OF fPU id0 p0] show ?thesis
unfolding det_def by (simp add: sign_id)
qed
@@ -750,8 +749,8 @@
have "det (A**B) = setsum (\<lambda>f. det (\<chi> i. A $ i $ f i *s B $ f i)) ?F"
unfolding matrix_mul_setsum_alt det_linear_rows_setsum[OF fU] ..
also have "\<dots> = setsum (\<lambda>f. det (\<chi> i. A$i$f i *s B$f i)) ?PU"
- unfolding setsum_superset[OF fF PUF zth, symmetric]
- unfolding det_rows_mul ..
+ using setsum_mono_zero_cong_left[OF fF PUF zth, symmetric]
+ unfolding det_rows_mul by auto
finally show ?thesis unfolding th2 .
qed
--- a/src/HOL/Library/Euclidean_Space.thy Thu Mar 05 02:20:06 2009 +0100
+++ b/src/HOL/Library/Euclidean_Space.thy Thu Mar 05 02:24:36 2009 +0100
@@ -1,5 +1,4 @@
(* Title: Library/Euclidean_Space
- ID: $Id:
Author: Amine Chaieb, University of Cambridge
*)
@@ -626,7 +625,7 @@
ultimately show ?thesis by metis
qed
-lemma dot_pos_lt: "(0 < x \<bullet> x) \<longleftrightarrow> (x::'a::{ordered_ring_strict,ring_no_zero_divisors} ^ 'n) \<noteq> 0" using dot_eq_0[of x] dot_pos_le[of x]
+lemma dot_pos_lt[simp]: "(0 < x \<bullet> x) \<longleftrightarrow> (x::'a::{ordered_ring_strict,ring_no_zero_divisors} ^ 'n) \<noteq> 0" using dot_eq_0[of x] dot_pos_le[of x]
by (auto simp add: le_less)
subsection{* The collapse of the general concepts to dimension one. *}
@@ -759,10 +758,10 @@
text{* Hence derive more interesting properties of the norm. *}
-lemma norm_0: "norm (0::real ^ 'n) = 0"
+lemma norm_0[simp]: "norm (0::real ^ 'n) = 0"
by (rule norm_zero)
-lemma norm_mul: "norm(a *s x) = abs(a) * norm x"
+lemma norm_mul[simp]: "norm(a *s x) = abs(a) * norm x"
by (simp add: vector_norm_def vector_component setL2_right_distrib
abs_mult cong: strong_setL2_cong)
lemma norm_eq_0_dot: "(norm x = 0) \<longleftrightarrow> (x \<bullet> x = (0::real))"
@@ -772,11 +771,11 @@
lemma norm_pow_2: "norm x ^ 2 = x \<bullet> x"
by (simp add: real_vector_norm_def)
lemma norm_eq_0_imp: "norm x = 0 ==> x = (0::real ^'n)" by (metis norm_eq_zero)
-lemma vector_mul_eq_0: "(a *s x = 0) \<longleftrightarrow> a = (0::'a::idom) \<or> x = 0"
+lemma vector_mul_eq_0[simp]: "(a *s x = 0) \<longleftrightarrow> a = (0::'a::idom) \<or> x = 0"
by vector
-lemma vector_mul_lcancel: "a *s x = a *s y \<longleftrightarrow> a = (0::real) \<or> x = y"
+lemma vector_mul_lcancel[simp]: "a *s x = a *s y \<longleftrightarrow> a = (0::real) \<or> x = y"
by (metis eq_iff_diff_eq_0 vector_mul_eq_0 vector_ssub_ldistrib)
-lemma vector_mul_rcancel: "a *s x = b *s x \<longleftrightarrow> (a::real) = b \<or> x = 0"
+lemma vector_mul_rcancel[simp]: "a *s x = b *s x \<longleftrightarrow> (a::real) = b \<or> x = 0"
by (metis eq_iff_diff_eq_0 vector_mul_eq_0 vector_sub_rdistrib)
lemma vector_mul_lcancel_imp: "a \<noteq> (0::real) ==> a *s x = a *s y ==> (x = y)"
by (metis vector_mul_lcancel)
@@ -814,28 +813,6 @@
lemma norm_triangle_lt: "norm(x::real ^'n) + norm(y) < e ==> norm(x + y) < e"
by (metis basic_trans_rules(21) norm_triangle_ineq)
-lemma setsum_delta:
- assumes fS: "finite S"
- shows "setsum (\<lambda>k. if k=a then b k else 0) S = (if a \<in> S then b a else 0)"
-proof-
- let ?f = "(\<lambda>k. if k=a then b k else 0)"
- {assume a: "a \<notin> S"
- hence "\<forall> k\<in> S. ?f k = 0" by simp
- hence ?thesis using a by simp}
- moreover
- {assume a: "a \<in> S"
- let ?A = "S - {a}"
- let ?B = "{a}"
- have eq: "S = ?A \<union> ?B" using a by blast
- have dj: "?A \<inter> ?B = {}" by simp
- from fS have fAB: "finite ?A" "finite ?B" by auto
- have "setsum ?f S = setsum ?f ?A + setsum ?f ?B"
- using setsum_Un_disjoint[OF fAB dj, of ?f, unfolded eq[symmetric]]
- by simp
- then have ?thesis using a by simp}
- ultimately show ?thesis by blast
-qed
-
lemma component_le_norm: "i \<in> {1 .. dimindex(UNIV :: 'n set)} ==> \<bar>x$i\<bar> <= norm (x::real ^ 'n)"
apply (simp add: vector_norm_def)
apply (rule member_le_setL2, simp_all)
@@ -852,7 +829,7 @@
lemma norm_le_l1: "norm (x:: real ^'n) <= setsum(\<lambda>i. \<bar>x$i\<bar>) {1..dimindex(UNIV::'n set)}"
by (simp add: vector_norm_def setL2_le_setsum)
-lemma real_abs_norm: "\<bar> norm x\<bar> = norm (x :: real ^'n)"
+lemma real_abs_norm[simp]: "\<bar> norm x\<bar> = norm (x :: real ^'n)"
by (rule abs_norm_cancel)
lemma real_abs_sub_norm: "\<bar>norm(x::real ^'n) - norm y\<bar> <= norm(x - y)"
by (rule norm_triangle_ineq3)
@@ -929,6 +906,7 @@
apply simp_all
done
+ (* FIXME: Move all these theorems into the ML code using lemma antiquotation *)
lemma norm_add_rule_thm: "b1 >= norm(x1 :: real ^'n) \<Longrightarrow> b2 >= norm(x2) ==> b1 + b2 >= norm(x1 + x2)"
apply (rule norm_triangle_le) by simp
@@ -977,17 +955,17 @@
text{* Hence more metric properties. *}
-lemma dist_refl: "dist x x = 0" by norm
+lemma dist_refl[simp]: "dist x x = 0" by norm
lemma dist_sym: "dist x y = dist y x"by norm
-lemma dist_pos_le: "0 <= dist x y" by norm
+lemma dist_pos_le[simp]: "0 <= dist x y" by norm
lemma dist_triangle: "dist x z <= dist x y + dist y z" by norm
lemma dist_triangle_alt: "dist y z <= dist x y + dist x z" by norm
-lemma dist_eq_0: "dist x y = 0 \<longleftrightarrow> x = y" by norm
+lemma dist_eq_0[simp]: "dist x y = 0 \<longleftrightarrow> x = y" by norm
lemma dist_pos_lt: "x \<noteq> y ==> 0 < dist x y" by norm
lemma dist_nz: "x \<noteq> y \<longleftrightarrow> 0 < dist x y" by norm
@@ -1003,12 +981,12 @@
lemma dist_triangle_add: "dist (x + y) (x' + y') <= dist x x' + dist y y'"
by norm
-lemma dist_mul: "dist (c *s x) (c *s y) = \<bar>c\<bar> * dist x y"
+lemma dist_mul[simp]: "dist (c *s x) (c *s y) = \<bar>c\<bar> * dist x y"
unfolding dist_def vector_ssub_ldistrib[symmetric] norm_mul ..
lemma dist_triangle_add_half: " dist x x' < e / 2 \<Longrightarrow> dist y y' < e / 2 ==> dist(x + y) (x' + y') < e" by norm
-lemma dist_le_0: "dist x y <= 0 \<longleftrightarrow> x = y" by norm
+lemma dist_le_0[simp]: "dist x y <= 0 \<longleftrightarrow> x = y" by norm
lemma setsum_eq: "setsum f S = (\<chi> i. setsum (\<lambda>x. (f x)$i ) S)"
apply vector
@@ -1035,47 +1013,6 @@
shows "(setsum f S)$i = setsum (\<lambda>x. (f x)$i) S"
using i by (simp add: setsum_eq Cart_lambda_beta)
- (* This needs finiteness assumption due to the definition of fold!!! *)
-
-lemma setsum_superset:
- assumes fb: "finite B" and ab: "A \<subseteq> B"
- and f0: "\<forall>x \<in> B - A. f x = 0"
- shows "setsum f B = setsum f A"
-proof-
- from ab fb have fa: "finite A" by (metis finite_subset)
- from fb have fba: "finite (B - A)" by (metis finite_Diff)
- have d: "A \<inter> (B - A) = {}" by blast
- from ab have b: "B = A \<union> (B - A)" by blast
- from setsum_Un_disjoint[OF fa fba d, of f] b
- setsum_0'[OF f0]
- show "setsum f B = setsum f A" by simp
-qed
-
-lemma setsum_restrict_set:
- assumes fA: "finite A"
- shows "setsum f (A \<inter> B) = setsum (\<lambda>x. if x \<in> B then f x else 0) A"
-proof-
- from fA have fab: "finite (A \<inter> B)" by auto
- have aba: "A \<inter> B \<subseteq> A" by blast
- let ?g = "\<lambda>x. if x \<in> A\<inter>B then f x else 0"
- from setsum_superset[OF fA aba, of ?g]
- show ?thesis by simp
-qed
-
-lemma setsum_cases:
- assumes fA: "finite A"
- shows "setsum (\<lambda>x. if x \<in> B then f x else g x) A =
- setsum f (A \<inter> B) + setsum g (A \<inter> - B)"
-proof-
- have a: "A = A \<inter> B \<union> A \<inter> -B" "(A \<inter> B) \<inter> (A \<inter> -B) = {}"
- by blast+
- from fA
- have f: "finite (A \<inter> B)" "finite (A \<inter> -B)" by auto
- let ?g = "\<lambda>x. if x \<in> B then f x else g x"
- from setsum_Un_disjoint[OF f a(2), of ?g] a(1)
- show ?thesis by simp
-qed
-
lemma setsum_norm:
fixes f :: "'a \<Rightarrow> 'b::real_normed_vector"
assumes fS: "finite S"
@@ -1173,41 +1110,6 @@
from setsum_Un_disjoint[of "?A" "?B" f] eq d show ?thesis by auto
qed
-lemma setsum_reindex_nonzero:
- assumes fS: "finite S"
- and nz: "\<And> x y. x \<in> S \<Longrightarrow> y \<in> S \<Longrightarrow> x \<noteq> y \<Longrightarrow> f x = f y \<Longrightarrow> h (f x) = 0"
- shows "setsum h (f ` S) = setsum (h o f) S"
-using nz
-proof(induct rule: finite_induct[OF fS])
- case 1 thus ?case by simp
-next
- case (2 x F)
- {assume fxF: "f x \<in> f ` F" hence "\<exists>y \<in> F . f y = f x" by auto
- then obtain y where y: "y \<in> F" "f x = f y" by auto
- from "2.hyps" y have xy: "x \<noteq> y" by auto
-
- from "2.prems"[of x y] "2.hyps" xy y have h0: "h (f x) = 0" by simp
- have "setsum h (f ` insert x F) = setsum h (f ` F)" using fxF by auto
- also have "\<dots> = setsum (h o f) (insert x F)"
- using "2.hyps" "2.prems" h0 by auto
- finally have ?case .}
- moreover
- {assume fxF: "f x \<notin> f ` F"
- have "setsum h (f ` insert x F) = h (f x) + setsum h (f ` F)"
- using fxF "2.hyps" by simp
- also have "\<dots> = setsum (h o f) (insert x F)"
- using "2.hyps" "2.prems" fxF
- apply auto apply metis done
- finally have ?case .}
- ultimately show ?case by blast
-qed
-
-lemma setsum_Un_nonzero:
- assumes fS: "finite S" and fF: "finite F"
- and f: "\<forall> x\<in> S \<inter> F . f x = (0::'a::ab_group_add)"
- shows "setsum f (S \<union> F) = setsum f S + setsum f F"
- using setsum_Un[OF fS fF, of f] setsum_0'[OF f] by simp
-
lemma setsum_natinterval_left:
assumes mn: "(m::nat) <= n"
shows "setsum f {m..n} = f m + setsum f {m + 1..n}"
@@ -1249,109 +1151,9 @@
shows "setsum (\<lambda>y. setsum g {x. x\<in> S \<and> f x = y}) T = setsum g S"
apply (subst setsum_image_gen[OF fS, of g f])
-apply (rule setsum_superset[OF fT fST])
+apply (rule setsum_mono_zero_right[OF fT fST])
by (auto intro: setsum_0')
-(* FIXME: Change the name to fold_image\<dots> *)
-lemma (in comm_monoid_mult) fold_1': "finite S \<Longrightarrow> (\<forall>x\<in>S. f x = 1) \<Longrightarrow> fold_image op * f 1 S = 1"
- apply (induct set: finite)
- apply simp by (auto simp add: fold_image_insert)
-
-lemma (in comm_monoid_mult) fold_union_nonzero:
- assumes fS: "finite S" and fT: "finite T"
- and I0: "\<forall>x \<in> S\<inter>T. f x = 1"
- shows "fold_image (op *) f 1 (S \<union> T) = fold_image (op *) f 1 S * fold_image (op *) f 1 T"
-proof-
- have "fold_image op * f 1 (S \<inter> T) = 1"
- apply (rule fold_1')
- using fS fT I0 by auto
- with fold_image_Un_Int[OF fS fT] show ?thesis by simp
-qed
-
-lemma setsum_union_nonzero:
- assumes fS: "finite S" and fT: "finite T"
- and I0: "\<forall>x \<in> S\<inter>T. f x = 0"
- shows "setsum f (S \<union> T) = setsum f S + setsum f T"
- using fS fT
- apply (simp add: setsum_def)
- apply (rule comm_monoid_add.fold_union_nonzero)
- using I0 by auto
-
-lemma setprod_union_nonzero:
- assumes fS: "finite S" and fT: "finite T"
- and I0: "\<forall>x \<in> S\<inter>T. f x = 1"
- shows "setprod f (S \<union> T) = setprod f S * setprod f T"
- using fS fT
- apply (simp add: setprod_def)
- apply (rule fold_union_nonzero)
- using I0 by auto
-
-lemma setsum_unions_nonzero:
- assumes fS: "finite S" and fSS: "\<forall>T \<in> S. finite T"
- and f0: "\<And>T1 T2 x. T1\<in>S \<Longrightarrow> T2\<in>S \<Longrightarrow> T1 \<noteq> T2 \<Longrightarrow> x \<in> T1 \<Longrightarrow> x \<in> T2 \<Longrightarrow> f x = 0"
- shows "setsum f (\<Union>S) = setsum (\<lambda>T. setsum f T) S"
- using fSS f0
-proof(induct rule: finite_induct[OF fS])
- case 1 thus ?case by simp
-next
- case (2 T F)
- then have fTF: "finite T" "\<forall>T\<in>F. finite T" "finite F" and TF: "T \<notin> F"
- and H: "setsum f (\<Union> F) = setsum (setsum f) F" by (auto simp add: finite_insert)
- from fTF have fUF: "finite (\<Union>F)" by (auto intro: finite_Union)
- from "2.prems" TF fTF
- show ?case
- by (auto simp add: H[symmetric] intro: setsum_union_nonzero[OF fTF(1) fUF, of f])
-qed
-
- (* FIXME : Copied from Pocklington --- should be moved to Finite_Set!!!!!!!! *)
-
-
-lemma (in comm_monoid_mult) fold_related:
- assumes Re: "R e e"
- and Rop: "\<forall>x1 y1 x2 y2. R x1 x2 \<and> R y1 y2 \<longrightarrow> R (x1 * y1) (x2 * y2)"
- and fS: "finite S" and Rfg: "\<forall>x\<in>S. R (h x) (g x)"
- shows "R (fold_image (op *) h e S) (fold_image (op *) g e S)"
- using fS by (rule finite_subset_induct) (insert assms, auto)
-
- (* FIXME: I think we can get rid of the finite assumption!! *)
-lemma (in comm_monoid_mult)
- fold_eq_general:
- assumes fS: "finite S"
- and h: "\<forall>y\<in>S'. \<exists>!x. x\<in> S \<and> h(x) = y"
- and f12: "\<forall>x\<in>S. h x \<in> S' \<and> f2(h x) = f1 x"
- shows "fold_image (op *) f1 e S = fold_image (op *) f2 e S'"
-proof-
- from h f12 have hS: "h ` S = S'" by auto
- {fix x y assume H: "x \<in> S" "y \<in> S" "h x = h y"
- from f12 h H have "x = y" by auto }
- hence hinj: "inj_on h S" unfolding inj_on_def Ex1_def by blast
- from f12 have th: "\<And>x. x \<in> S \<Longrightarrow> (f2 \<circ> h) x = f1 x" by auto
- from hS have "fold_image (op *) f2 e S' = fold_image (op *) f2 e (h ` S)" by simp
- also have "\<dots> = fold_image (op *) (f2 o h) e S"
- using fold_image_reindex[OF fS hinj, of f2 e] .
- also have "\<dots> = fold_image (op *) f1 e S " using th fold_image_cong[OF fS, of "f2 o h" f1 e]
- by blast
- finally show ?thesis ..
-qed
-
-lemma (in comm_monoid_mult) fold_eq_general_inverses:
- assumes fS: "finite S"
- and kh: "\<And>y. y \<in> T \<Longrightarrow> k y \<in> S \<and> h (k y) = y"
- and hk: "\<And>x. x \<in> S \<Longrightarrow> h x \<in> T \<and> k (h x) = x \<and> g (h x) = f x"
- shows "fold_image (op *) f e S = fold_image (op *) g e T"
- using fold_eq_general[OF fS, of T h g f e] kh hk by metis
-
-lemma setsum_eq_general_reverses:
- assumes fS: "finite S" and fT: "finite T"
- and kh: "\<And>y. y \<in> T \<Longrightarrow> k y \<in> S \<and> h (k y) = y"
- and hk: "\<And>x. x \<in> S \<Longrightarrow> h x \<in> T \<and> k (h x) = x \<and> g (h x) = f x"
- shows "setsum f S = setsum g T"
- apply (simp add: setsum_def fS fT)
- apply (rule comm_monoid_add.fold_eq_general_inverses[OF fS])
- apply (erule kh)
- apply (erule hk)
- done
-
lemma vsum_norm_allsubsets_bound:
fixes f:: "'a \<Rightarrow> real ^'n"
assumes fP: "finite P" and fPs: "\<And>Q. Q \<subseteq> P \<Longrightarrow> norm (setsum f Q) \<le> e"
@@ -1383,7 +1185,7 @@
by (auto simp add: setsum_negf setsum_component vector_component intro: abs_le_D1)
have "setsum (\<lambda>x. \<bar>f x $ i\<bar>) P = setsum (\<lambda>x. \<bar>f x $ i\<bar>) ?Pp + setsum (\<lambda>x. \<bar>f x $ i\<bar>) ?Pn"
apply (subst thp)
- apply (rule setsum_Un_nonzero)
+ apply (rule setsum_Un_zero)
using fP thp0 by auto
also have "\<dots> \<le> 2*e" using Pne Ppe by arith
finally show "setsum (\<lambda>x. \<bar>f x $ i\<bar>) P \<le> 2*e" .
@@ -1392,7 +1194,7 @@
qed
lemma dot_lsum: "finite S \<Longrightarrow> setsum f S \<bullet> (y::'a::{comm_ring}^'n) = setsum (\<lambda>x. f x \<bullet> y) S "
- by (induct rule: finite_induct, auto simp add: dot_lzero dot_ladd)
+ by (induct rule: finite_induct, auto simp add: dot_lzero dot_ladd dot_radd)
lemma dot_rsum: "finite S \<Longrightarrow> (y::'a::{comm_ring}^'n) \<bullet> setsum f S = setsum (\<lambda>x. y \<bullet> f x) S "
by (induct rule: finite_induct, auto simp add: dot_rzero dot_radd)
@@ -4137,7 +3939,8 @@
apply (subst Cy)
using C(1) fth
apply (simp only: setsum_clauses)
- apply (auto simp add: dot_ladd dot_lmult dot_eq_0 dot_sym[of y a] dot_lsum[OF fth])
+ thm dot_ladd
+ apply (auto simp add: dot_ladd dot_radd dot_lmult dot_rmult dot_eq_0 dot_sym[of y a] dot_lsum[OF fth])
apply (rule setsum_0')
apply clarsimp
apply (rule C(4)[unfolded pairwise_def orthogonal_def, rule_format])
@@ -5294,14 +5097,11 @@
have ?lhs unfolding collinear_def c
apply (rule exI[where x=x])
apply auto
- apply (rule exI[where x=0], simp)
apply (rule exI[where x="- 1"], simp only: vector_smult_lneg vector_smult_lid)
apply (rule exI[where x= "-c"], simp only: vector_smult_lneg)
apply (rule exI[where x=1], simp)
- apply (rule exI[where x=0], simp)
apply (rule exI[where x="1 - c"], simp add: vector_smult_lneg vector_sub_rdistrib)
apply (rule exI[where x="c - 1"], simp add: vector_smult_lneg vector_sub_rdistrib)
- apply (rule exI[where x=0], simp)
done}
ultimately have ?thesis by blast}
ultimately show ?thesis by blast
--- a/src/HOL/Library/Finite_Cartesian_Product.thy Thu Mar 05 02:20:06 2009 +0100
+++ b/src/HOL/Library/Finite_Cartesian_Product.thy Thu Mar 05 02:24:36 2009 +0100
@@ -1,5 +1,4 @@
(* Title: HOL/Library/Finite_Cartesian_Product
- ID: $Id: Finite_Cartesian_Product.thy,v 1.5 2009/01/29 22:59:46 chaieb Exp $
Author: Amine Chaieb, University of Cambridge
*)
--- a/src/HOL/Library/Glbs.thy Thu Mar 05 02:20:06 2009 +0100
+++ b/src/HOL/Library/Glbs.thy Thu Mar 05 02:24:36 2009 +0100
@@ -1,5 +1,4 @@
(* Title: Glbs
- ID: $Id:
Author: Amine Chaieb, University of Cambridge
*)
--- a/src/HOL/Library/Library.thy Thu Mar 05 02:20:06 2009 +0100
+++ b/src/HOL/Library/Library.thy Thu Mar 05 02:24:36 2009 +0100
@@ -50,6 +50,7 @@
Reflection
RBT
State_Monad
+ Topology_Euclidean_Space
Univ_Poly
While_Combinator
Word
--- a/src/HOL/Library/Permutations.thy Thu Mar 05 02:20:06 2009 +0100
+++ b/src/HOL/Library/Permutations.thy Thu Mar 05 02:24:36 2009 +0100
@@ -1,5 +1,4 @@
(* Title: Library/Permutations
- ID: $Id:
Author: Amine Chaieb, University of Cambridge
*)
--- a/src/HOL/Library/Pocklington.thy Thu Mar 05 02:20:06 2009 +0100
+++ b/src/HOL/Library/Pocklington.thy Thu Mar 05 02:24:36 2009 +0100
@@ -554,12 +554,6 @@
(* Fermat's Little theorem / Fermat-Euler theorem. *)
-lemma (in comm_monoid_mult) fold_image_related:
- assumes Re: "R e e"
- and Rop: "\<forall>x1 y1 x2 y2. R x1 x2 \<and> R y1 y2 \<longrightarrow> R (x1 * y1) (x2 * y2)"
- and fS: "finite S" and Rfg: "\<forall>x\<in>S. R (h x) (g x)"
- shows "R (fold_image (op *) h e S) (fold_image (op *) g e S)"
- using fS by (rule finite_subset_induct) (insert assms, auto)
lemma nproduct_mod:
assumes fS: "finite S" and n0: "n \<noteq> 0"
@@ -585,26 +579,6 @@
using fS unfolding setprod_def by (rule finite_subset_induct)
(insert Sn, auto simp add: coprime_mul)
-lemma (in comm_monoid_mult)
- fold_image_eq_general:
- assumes fS: "finite S"
- and h: "\<forall>y\<in>S'. \<exists>!x. x\<in> S \<and> h(x) = y"
- and f12: "\<forall>x\<in>S. h x \<in> S' \<and> f2(h x) = f1 x"
- shows "fold_image (op *) f1 e S = fold_image (op *) f2 e S'"
-proof-
- from h f12 have hS: "h ` S = S'" by auto
- {fix x y assume H: "x \<in> S" "y \<in> S" "h x = h y"
- from f12 h H have "x = y" by auto }
- hence hinj: "inj_on h S" unfolding inj_on_def Ex1_def by blast
- from f12 have th: "\<And>x. x \<in> S \<Longrightarrow> (f2 \<circ> h) x = f1 x" by auto
- from hS have "fold_image (op *) f2 e S' = fold_image (op *) f2 e (h ` S)" by simp
- also have "\<dots> = fold_image (op *) (f2 o h) e S"
- using fold_image_reindex[OF fS hinj, of f2 e] .
- also have "\<dots> = fold_image (op *) f1 e S " using th fold_image_cong[OF fS, of "f2 o h" f1 e]
- by blast
- finally show ?thesis ..
-qed
-
lemma fermat_little: assumes an: "coprime a n"
shows "[a ^ (\<phi> n) = 1] (mod n)"
proof-
@@ -1287,5 +1261,4 @@
show ?thesis by blast
qed
-
end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/HOL/Library/Topology_Euclidean_Space.thy Thu Mar 05 02:24:36 2009 +0100
@@ -0,0 +1,5691 @@
+(* Title: Topology
+ Author: Amine Chaieb, University of Cambridge
+ Author: Robert Himmelmann, TU Muenchen
+*)
+
+header {* Elementary topology in Euclidean space. *}
+
+theory Topology_Euclidean_Space
+ imports SEQ Euclidean_Space
+begin
+
+
+declare fstcart_pastecart[simp] sndcart_pastecart[simp]
+
+subsection{* General notion of a topology *}
+
+definition "istopology L \<longleftrightarrow> {} \<in> L \<and> (\<forall>S \<in>L. \<forall>T \<in>L. S \<inter> T \<in> L) \<and> (\<forall>K. K \<subseteq>L \<longrightarrow> \<Union> K \<in> L)"
+typedef (open) 'a topology = "{L::('a set) set. istopology L}"
+ morphisms "openin" "topology"
+ unfolding istopology_def by blast
+
+lemma istopology_open_in[intro]: "istopology(openin U)"
+ using openin[of U] by blast
+
+lemma topology_inverse': "istopology U \<Longrightarrow> openin (topology U) = U"
+ using topology_inverse[unfolded mem_def Collect_def] .
+
+lemma topology_inverse_iff: "istopology U \<longleftrightarrow> openin (topology U) = U"
+ using topology_inverse[of U] istopology_open_in[of "topology U"] by auto
+
+lemma topology_eq: "T1 = T2 \<longleftrightarrow> (\<forall>S. openin T1 S \<longleftrightarrow> openin T2 S)"
+proof-
+ {assume "T1=T2" hence "\<forall>S. openin T1 S \<longleftrightarrow> openin T2 S" by simp}
+ moreover
+ {assume H: "\<forall>S. openin T1 S \<longleftrightarrow> openin T2 S"
+ hence "openin T1 = openin T2" by (metis mem_def set_ext)
+ hence "topology (openin T1) = topology (openin T2)" by simp
+ hence "T1 = T2" unfolding openin_inverse .}
+ ultimately show ?thesis by blast
+qed
+
+text{* Infer the "universe" from union of all sets in the topology. *}
+
+definition "topspace T = \<Union>{S. openin T S}"
+
+subsection{* Main properties of open sets *}
+
+lemma openin_clauses:
+ fixes U :: "'a topology"
+ shows "openin U {}"
+ "\<And>S T. openin U S \<Longrightarrow> openin U T \<Longrightarrow> openin U (S\<inter>T)"
+ "\<And>K. (\<forall>S \<in> K. openin U S) \<Longrightarrow> openin U (\<Union>K)"
+ using openin[of U] unfolding istopology_def Collect_def mem_def
+ by (metis mem_def subset_eq)+
+
+lemma openin_subset[intro]: "openin U S \<Longrightarrow> S \<subseteq> topspace U"
+ unfolding topspace_def by blast
+lemma openin_empty[simp]: "openin U {}" by (simp add: openin_clauses)
+
+lemma openin_Int[intro]: "openin U S \<Longrightarrow> openin U T \<Longrightarrow> openin U (S \<inter> T)"
+ by (simp add: openin_clauses)
+
+lemma openin_Union[intro]: "(\<forall>S \<in>K. openin U S) \<Longrightarrow> openin U (\<Union> K)" by (simp add: openin_clauses)
+
+lemma openin_Un[intro]: "openin U S \<Longrightarrow> openin U T \<Longrightarrow> openin U (S \<union> T)"
+ using openin_Union[of "{S,T}" U] by auto
+
+lemma openin_topspace[intro, simp]: "openin U (topspace U)" by (simp add: openin_Union topspace_def)
+
+lemma openin_subopen: "openin U S \<longleftrightarrow> (\<forall>x \<in> S. \<exists>T. openin U T \<and> x \<in> T \<and> T \<subseteq> S)" (is "?lhs \<longleftrightarrow> ?rhs")
+proof-
+ {assume ?lhs then have ?rhs by auto }
+ moreover
+ {assume H: ?rhs
+ then obtain t where t: "\<forall>x\<in>S. openin U (t x) \<and> x \<in> t x \<and> t x \<subseteq> S"
+ unfolding Ball_def ex_simps(6)[symmetric] choice_iff by blast
+ from t have th0: "\<forall>x\<in> t`S. openin U x" by auto
+ have "\<Union> t`S = S" using t by auto
+ with openin_Union[OF th0] have "openin U S" by simp }
+ ultimately show ?thesis by blast
+qed
+
+subsection{* Closed sets *}
+
+definition "closedin U S \<longleftrightarrow> S \<subseteq> topspace U \<and> openin U (topspace U - S)"
+
+lemma closedin_subset: "closedin U S \<Longrightarrow> S \<subseteq> topspace U" by (metis closedin_def)
+lemma closedin_empty[simp]: "closedin U {}" by (simp add: closedin_def)
+lemma closedin_topspace[intro,simp]:
+ "closedin U (topspace U)" by (simp add: closedin_def)
+lemma closedin_Un[intro]: "closedin U S \<Longrightarrow> closedin U T \<Longrightarrow> closedin U (S \<union> T)"
+ by (auto simp add: Diff_Un closedin_def)
+
+lemma Diff_Inter[intro]: "A - \<Inter>S = \<Union> {A - s|s. s\<in>S}" by auto
+lemma closedin_Inter[intro]: assumes Ke: "K \<noteq> {}" and Kc: "\<forall>S \<in>K. closedin U S"
+ shows "closedin U (\<Inter> K)" using Ke Kc unfolding closedin_def Diff_Inter by auto
+
+lemma closedin_Int[intro]: "closedin U S \<Longrightarrow> closedin U T \<Longrightarrow> closedin U (S \<inter> T)"
+ using closedin_Inter[of "{S,T}" U] by auto
+
+lemma Diff_Diff_Int: "A - (A - B) = A \<inter> B" by blast
+lemma openin_closedin_eq: "openin U S \<longleftrightarrow> S \<subseteq> topspace U \<and> closedin U (topspace U - S)"
+ apply (auto simp add: closedin_def)
+ apply (metis openin_subset subset_eq)
+ apply (auto simp add: Diff_Diff_Int)
+ apply (subgoal_tac "topspace U \<inter> S = S")
+ by auto
+
+lemma openin_closedin: "S \<subseteq> topspace U \<Longrightarrow> (openin U S \<longleftrightarrow> closedin U (topspace U - S))"
+ by (simp add: openin_closedin_eq)
+
+lemma openin_diff[intro]: assumes oS: "openin U S" and cT: "closedin U T" shows "openin U (S - T)"
+proof-
+ have "S - T = S \<inter> (topspace U - T)" using openin_subset[of U S] oS cT
+ by (auto simp add: topspace_def openin_subset)
+ then show ?thesis using oS cT by (auto simp add: closedin_def)
+qed
+
+lemma closedin_diff[intro]: assumes oS: "closedin U S" and cT: "openin U T" shows "closedin U (S - T)"
+proof-
+ have "S - T = S \<inter> (topspace U - T)" using closedin_subset[of U S] oS cT
+ by (auto simp add: topspace_def )
+ then show ?thesis using oS cT by (auto simp add: openin_closedin_eq)
+qed
+
+subsection{* Subspace topology. *}
+
+definition "subtopology U V = topology {S \<inter> V |S. openin U S}"
+
+lemma istopology_subtopology: "istopology {S \<inter> V |S. openin U S}" (is "istopology ?L")
+proof-
+ have "{} \<in> ?L" by blast
+ {fix A B assume A: "A \<in> ?L" and B: "B \<in> ?L"
+ from A B obtain Sa and Sb where Sa: "openin U Sa" "A = Sa \<inter> V" and Sb: "openin U Sb" "B = Sb \<inter> V" by blast
+ have "A\<inter>B = (Sa \<inter> Sb) \<inter> V" "openin U (Sa \<inter> Sb)" using Sa Sb by blast+
+ then have "A \<inter> B \<in> ?L" by blast}
+ moreover
+ {fix K assume K: "K \<subseteq> ?L"
+ have th0: "?L = (\<lambda>S. S \<inter> V) ` openin U "
+ apply (rule set_ext)
+ apply (simp add: Ball_def image_iff)
+ by (metis mem_def)
+ from K[unfolded th0 subset_image_iff]
+ obtain Sk where Sk: "Sk \<subseteq> openin U" "K = (\<lambda>S. S \<inter> V) ` Sk" by blast
+ have "\<Union>K = (\<Union>Sk) \<inter> V" using Sk by auto
+ moreover have "openin U (\<Union> Sk)" using Sk by (auto simp add: subset_eq mem_def)
+ ultimately have "\<Union>K \<in> ?L" by blast}
+ ultimately show ?thesis unfolding istopology_def by blast
+qed
+
+lemma openin_subtopology:
+ "openin (subtopology U V) S \<longleftrightarrow> (\<exists> T. (openin U T) \<and> (S = T \<inter> V))"
+ unfolding subtopology_def topology_inverse'[OF istopology_subtopology]
+ by (auto simp add: Collect_def)
+
+lemma topspace_subtopology: "topspace(subtopology U V) = topspace U \<inter> V"
+ by (auto simp add: topspace_def openin_subtopology)
+
+lemma closedin_subtopology:
+ "closedin (subtopology U V) S \<longleftrightarrow> (\<exists>T. closedin U T \<and> S = T \<inter> V)"
+ unfolding closedin_def topspace_subtopology
+ apply (simp add: openin_subtopology)
+ apply (rule iffI)
+ apply clarify
+ apply (rule_tac x="topspace U - T" in exI)
+ by auto
+
+lemma openin_subtopology_refl: "openin (subtopology U V) V \<longleftrightarrow> V \<subseteq> topspace U"
+ unfolding openin_subtopology
+ apply (rule iffI, clarify)
+ apply (frule openin_subset[of U]) apply blast
+ apply (rule exI[where x="topspace U"])
+ by auto
+
+lemma subtopology_superset: assumes UV: "topspace U \<subseteq> V"
+ shows "subtopology U V = U"
+proof-
+ {fix S
+ {fix T assume T: "openin U T" "S = T \<inter> V"
+ from T openin_subset[OF T(1)] UV have eq: "S = T" by blast
+ have "openin U S" unfolding eq using T by blast}
+ moreover
+ {assume S: "openin U S"
+ hence "\<exists>T. openin U T \<and> S = T \<inter> V"
+ using openin_subset[OF S] UV by auto}
+ ultimately have "(\<exists>T. openin U T \<and> S = T \<inter> V) \<longleftrightarrow> openin U S" by blast}
+ then show ?thesis unfolding topology_eq openin_subtopology by blast
+qed
+
+
+lemma subtopology_topspace[simp]: "subtopology U (topspace U) = U"
+ by (simp add: subtopology_superset)
+
+lemma subtopology_UNIV[simp]: "subtopology U UNIV = U"
+ by (simp add: subtopology_superset)
+
+subsection{* The universal Euclidean versions are what we use most of the time *}
+definition "open S \<longleftrightarrow> (\<forall>x \<in> S. \<exists>e >0. \<forall>x'. dist x' x < e \<longrightarrow> x' \<in> S)"
+definition "closed S \<longleftrightarrow> open(UNIV - S)"
+definition "euclidean = topology open"
+
+lemma open_empty[intro,simp]: "open {}" by (simp add: open_def)
+lemma open_UNIV[intro,simp]: "open UNIV"
+ by (simp add: open_def, rule exI[where x="1"], auto)
+
+lemma open_inter[intro]: assumes S: "open S" and T: "open T"
+ shows "open (S \<inter> T)"
+proof-
+ note thS = S[unfolded open_def, rule_format]
+ note thT = T[unfolded open_def, rule_format]
+ {fix x assume x: "x \<in> S\<inter>T"
+ hence xS: "x \<in> S" and xT: "x \<in> T" by simp_all
+ from thS[OF xS] obtain eS where eS: "eS > 0" "\<forall>x'. dist x' x < eS \<longrightarrow> x' \<in> S" by blast
+ from thT[OF xT] obtain eT where eT: "eT > 0" "\<forall>x'. dist x' x < eT \<longrightarrow> x' \<in> T" by blast
+ from real_lbound_gt_zero[OF eS(1) eT(1)] obtain e where e: "e > 0" "e < eS" "e < eT" by blast
+ { fix x' assume d: "dist x' x < e"
+ hence dS: "dist x' x < eS" and dT: "dist x' x < eT" using e by arith+
+ from eS(2)[rule_format, OF dS] eT(2)[rule_format, OF dT] have "x' \<in> S\<inter>T" by blast}
+ hence "\<exists>e >0. \<forall>x'. dist x' x < e \<longrightarrow> x' \<in> (S\<inter>T)" using e by blast}
+ then show ?thesis unfolding open_def by blast
+qed
+
+lemma open_Union[intro]: "(\<forall>S\<in>K. open S) \<Longrightarrow> open (\<Union> K)"
+ by (simp add: open_def) metis
+
+lemma open_openin: "open S \<longleftrightarrow> openin euclidean S"
+ unfolding euclidean_def
+ apply (rule cong[where x=S and y=S])
+ apply (rule topology_inverse[symmetric])
+ apply (auto simp add: istopology_def)
+ by (auto simp add: mem_def subset_eq)
+
+lemma topspace_euclidean: "topspace euclidean = UNIV"
+ apply (simp add: topspace_def)
+ apply (rule set_ext)
+ by (auto simp add: open_openin[symmetric])
+
+lemma topspace_euclidean_subtopology[simp]: "topspace (subtopology euclidean S) = S"
+ by (simp add: topspace_euclidean topspace_subtopology)
+
+lemma closed_closedin: "closed S \<longleftrightarrow> closedin euclidean S"
+ by (simp add: closed_def closedin_def topspace_euclidean open_openin)
+
+lemma open_Un[intro]: "open S \<Longrightarrow> open T \<Longrightarrow> open (S\<union>T)"
+ by (auto simp add: open_openin)
+
+lemma open_subopen: "open S \<longleftrightarrow> (\<forall>x\<in>S. \<exists>T. open T \<and> x \<in> T \<and> T \<subseteq> S)"
+ by (simp add: open_openin openin_subopen[symmetric])
+
+lemma closed_empty[intro, simp]: "closed {}" by (simp add: closed_closedin)
+
+lemma closed_UNIV[simp,intro]: "closed UNIV"
+ by (simp add: closed_closedin topspace_euclidean[symmetric])
+
+lemma closed_Un[intro]: "closed S \<Longrightarrow> closed T \<Longrightarrow> closed (S\<union>T)"
+ by (auto simp add: closed_closedin)
+
+lemma closed_Int[intro]: "closed S \<Longrightarrow> closed T \<Longrightarrow> closed (S\<inter>T)"
+ by (auto simp add: closed_closedin)
+
+lemma closed_Inter[intro]: assumes H: "\<forall>S \<in>K. closed S" shows "closed (\<Inter>K)"
+ using H
+ unfolding closed_closedin
+ apply (cases "K = {}")
+ apply (simp add: closed_closedin[symmetric])
+ apply (rule closedin_Inter, auto)
+ done
+
+lemma open_closed: "open S \<longleftrightarrow> closed (UNIV - S)"
+ by (simp add: open_openin closed_closedin topspace_euclidean openin_closedin_eq)
+
+lemma closed_open: "closed S \<longleftrightarrow> open(UNIV - S)"
+ by (simp add: open_openin closed_closedin topspace_euclidean closedin_def)
+
+lemma open_diff[intro]: "open S \<Longrightarrow> closed T \<Longrightarrow> open (S - T)"
+ by (auto simp add: open_openin closed_closedin)
+
+lemma closed_diff[intro]: "closed S \<Longrightarrow> open T \<Longrightarrow> closed(S-T)"
+ by (auto simp add: open_openin closed_closedin)
+
+lemma open_Inter[intro]: assumes fS: "finite S" and h: "\<forall>T\<in>S. open T" shows "open (\<Inter>S)"
+ using h by (induct rule: finite_induct[OF fS], auto)
+
+lemma closed_Union[intro]: assumes fS: "finite S" and h: "\<forall>T\<in>S. closed T" shows "closed (\<Union>S)"
+ using h by (induct rule: finite_induct[OF fS], auto)
+
+subsection{* Open and closed balls. *}
+
+definition "ball x e = {y. dist x y < e}"
+definition "cball x e = {y. dist x y \<le> e}"
+
+lemma mem_ball[simp]: "y \<in> ball x e \<longleftrightarrow> dist x y < e" by (simp add: ball_def)
+lemma mem_cball[simp]: "y \<in> cball x e \<longleftrightarrow> dist x y \<le> e" by (simp add: cball_def)
+lemma mem_ball_0[simp]: "x \<in> ball 0 e \<longleftrightarrow> norm x < e" by (simp add: dist_def)
+lemma mem_cball_0[simp]: "x \<in> cball 0 e \<longleftrightarrow> norm x \<le> e" by (simp add: dist_def)
+lemma centre_in_cball[simp]: "x \<in> cball x e \<longleftrightarrow> 0\<le> e" by simp
+lemma ball_subset_cball[simp,intro]: "ball x e \<subseteq> cball x e" by (simp add: subset_eq)
+lemma subset_ball[intro]: "d <= e ==> ball x d \<subseteq> ball x e" by (simp add: subset_eq)
+lemma subset_cball[intro]: "d <= e ==> cball x d \<subseteq> cball x e" by (simp add: subset_eq)
+lemma ball_max_Un: "ball a (max r s) = ball a r \<union> ball a s"
+ by (simp add: expand_set_eq) arith
+
+lemma ball_min_Int: "ball a (min r s) = ball a r \<inter> ball a s"
+ by (simp add: expand_set_eq)
+
+subsection{* Topological properties of open balls *}
+
+lemma diff_less_iff: "(a::real) - b > 0 \<longleftrightarrow> a > b"
+ "(a::real) - b < 0 \<longleftrightarrow> a < b"
+ "a - b < c \<longleftrightarrow> a < c +b" "a - b > c \<longleftrightarrow> a > c +b" by arith+
+lemma diff_le_iff: "(a::real) - b \<ge> 0 \<longleftrightarrow> a \<ge> b" "(a::real) - b \<le> 0 \<longleftrightarrow> a \<le> b"
+ "a - b \<le> c \<longleftrightarrow> a \<le> c +b" "a - b \<ge> c \<longleftrightarrow> a \<ge> c +b" by arith+
+
+lemma open_ball[intro, simp]: "open (ball x e)"
+ unfolding open_def ball_def Collect_def Ball_def mem_def
+ unfolding dist_sym
+ apply clarify
+ apply (rule_tac x="e - dist xa x" in exI)
+ using dist_triangle_alt[where z=x]
+ apply (clarsimp simp add: diff_less_iff)
+ apply atomize
+ apply (erule_tac x="x'" in allE)
+ apply (erule_tac x="xa" in allE)
+ by arith
+
+lemma centre_in_ball[simp]: "x \<in> ball x e \<longleftrightarrow> e > 0" by (metis mem_ball dist_refl)
+lemma open_contains_ball: "open S \<longleftrightarrow> (\<forall>x\<in>S. \<exists>e>0. ball x e \<subseteq> S)"
+ unfolding open_def subset_eq mem_ball Ball_def dist_sym ..
+
+lemma open_contains_ball_eq: "open S \<Longrightarrow> \<forall>x. x\<in>S \<longleftrightarrow> (\<exists>e>0. ball x e \<subseteq> S)"
+ by (metis open_contains_ball subset_eq centre_in_ball)
+
+lemma ball_eq_empty[simp]: "ball x e = {} \<longleftrightarrow> e \<le> 0"
+ unfolding mem_ball expand_set_eq
+ apply (simp add: not_less)
+ by (metis dist_pos_le order_trans dist_refl)
+
+lemma ball_empty[intro]: "e \<le> 0 ==> ball x e = {}" by simp
+
+subsection{* Basic "localization" results are handy for connectedness. *}
+
+lemma openin_open: "openin (subtopology euclidean U) S \<longleftrightarrow> (\<exists>T. open T \<and> (S = U \<inter> T))"
+ by (auto simp add: openin_subtopology open_openin[symmetric])
+
+lemma openin_open_Int[intro]: "open S \<Longrightarrow> openin (subtopology euclidean U) (U \<inter> S)"
+ by (auto simp add: openin_open)
+
+lemma open_openin_trans[trans]:
+ "open S \<Longrightarrow> open T \<Longrightarrow> T \<subseteq> S \<Longrightarrow> openin (subtopology euclidean S) T"
+ by (metis Int_absorb1 openin_open_Int)
+
+lemma open_subset: "S \<subseteq> T \<Longrightarrow> open S \<Longrightarrow> openin (subtopology euclidean T) S"
+ by (auto simp add: openin_open)
+
+lemma closedin_closed: "closedin (subtopology euclidean U) S \<longleftrightarrow> (\<exists>T. closed T \<and> S = U \<inter> T)"
+ by (simp add: closedin_subtopology closed_closedin Int_ac)
+
+lemma closedin_closed_Int: "closed S ==> closedin (subtopology euclidean U) (U \<inter> S)"
+ by (metis closedin_closed)
+
+lemma closed_closedin_trans: "closed S \<Longrightarrow> closed T \<Longrightarrow> T \<subseteq> S \<Longrightarrow> closedin (subtopology euclidean S) T"
+ apply (subgoal_tac "S \<inter> T = T" )
+ apply auto
+ apply (frule closedin_closed_Int[of T S])
+ by simp
+
+lemma closed_subset: "S \<subseteq> T \<Longrightarrow> closed S \<Longrightarrow> closedin (subtopology euclidean T) S"
+ by (auto simp add: closedin_closed)
+
+lemma openin_euclidean_subtopology_iff: "openin (subtopology euclidean U) S
+ \<longleftrightarrow> S \<subseteq> U \<and> (\<forall>x\<in>S. \<exists>e>0. \<forall>x'\<in>U. dist x' x < e \<longrightarrow> x'\<in> S)" (is "?lhs \<longleftrightarrow> ?rhs")
+proof-
+ {assume ?lhs hence ?rhs unfolding openin_subtopology open_openin[symmetric]
+ by (simp add: open_def) blast}
+ moreover
+ {assume SU: "S \<subseteq> U" and H: "\<And>x. x \<in> S \<Longrightarrow> \<exists>e>0. \<forall>x'\<in>U. dist x' x < e \<longrightarrow> x' \<in> S"
+ from H obtain d where d: "\<And>x . x\<in> S \<Longrightarrow> d x > 0 \<and> (\<forall>x' \<in> U. dist x' x < d x \<longrightarrow> x' \<in> S)"
+ by metis
+ let ?T = "\<Union>{B. \<exists>x\<in>S. B = ball x (d x)}"
+ have oT: "open ?T" by auto
+ { fix x assume "x\<in>S"
+ hence "x \<in> \<Union>{B. \<exists>x\<in>S. B = ball x (d x)}"
+ apply simp apply(rule_tac x="ball x(d x)" in exI) apply auto
+ unfolding dist_refl using d[of x] by auto
+ hence "x\<in> ?T \<inter> U" using SU and `x\<in>S` by auto }
+ moreover
+ { fix y assume "y\<in>?T"
+ then obtain B where "y\<in>B" "B\<in>{B. \<exists>x\<in>S. B = ball x (d x)}" by auto
+ then obtain x where "x\<in>S" and x:"y \<in> ball x (d x)" by auto
+ assume "y\<in>U"
+ hence "y\<in>S" using d[OF `x\<in>S`] and x by(auto simp add: dist_sym) }
+ ultimately have "S = ?T \<inter> U" by blast
+ with oT have ?lhs unfolding openin_subtopology open_openin[symmetric] by blast}
+ ultimately show ?thesis by blast
+qed
+
+text{* These "transitivity" results are handy too. *}
+
+lemma openin_trans[trans]: "openin (subtopology euclidean T) S \<Longrightarrow> openin (subtopology euclidean U) T
+ \<Longrightarrow> openin (subtopology euclidean U) S"
+ unfolding open_openin openin_open by blast
+
+lemma openin_open_trans: "openin (subtopology euclidean T) S \<Longrightarrow> open T \<Longrightarrow> open S"
+ by (auto simp add: openin_open intro: openin_trans)
+
+lemma closedin_trans[trans]:
+ "closedin (subtopology euclidean T) S \<Longrightarrow>
+ closedin (subtopology euclidean U) T
+ ==> closedin (subtopology euclidean U) S"
+ by (auto simp add: closedin_closed closed_closedin closed_Inter Int_assoc)
+
+lemma closedin_closed_trans: "closedin (subtopology euclidean T) S \<Longrightarrow> closed T \<Longrightarrow> closed S"
+ by (auto simp add: closedin_closed intro: closedin_trans)
+
+subsection{* Connectedness *}
+
+definition "connected S \<longleftrightarrow>
+ ~(\<exists>e1 e2. open e1 \<and> open e2 \<and> S \<subseteq> (e1 \<union> e2) \<and> (e1 \<inter> e2 \<inter> S = {})
+ \<and> ~(e1 \<inter> S = {}) \<and> ~(e2 \<inter> S = {}))"
+
+lemma connected_local:
+ "connected S \<longleftrightarrow> ~(\<exists>e1 e2.
+ openin (subtopology euclidean S) e1 \<and>
+ openin (subtopology euclidean S) e2 \<and>
+ S \<subseteq> e1 \<union> e2 \<and>
+ e1 \<inter> e2 = {} \<and>
+ ~(e1 = {}) \<and>
+ ~(e2 = {}))"
+unfolding connected_def openin_open by blast
+
+lemma exists_diff: "(\<exists>S. P(UNIV - S)) \<longleftrightarrow> (\<exists>S. P S)" (is "?lhs \<longleftrightarrow> ?rhs")
+proof-
+
+ {assume "?lhs" hence ?rhs by blast }
+ moreover
+ {fix S assume H: "P S"
+ have "S = UNIV - (UNIV - S)" by auto
+ with H have "P (UNIV - (UNIV - S))" by metis }
+ ultimately show ?thesis by metis
+qed
+
+lemma connected_clopen: "connected S \<longleftrightarrow>
+ (\<forall>T. openin (subtopology euclidean S) T \<and>
+ closedin (subtopology euclidean S) T \<longrightarrow> T = {} \<or> T = S)" (is "?lhs \<longleftrightarrow> ?rhs")
+proof-
+ have " \<not> connected S \<longleftrightarrow> (\<exists>e1 e2. open e1 \<and> open (UNIV - e2) \<and> S \<subseteq> e1 \<union> (UNIV - e2) \<and> e1 \<inter> (UNIV - e2) \<inter> S = {} \<and> e1 \<inter> S \<noteq> {} \<and> (UNIV - e2) \<inter> S \<noteq> {})"
+ unfolding connected_def openin_open closedin_closed
+ apply (subst exists_diff) by blast
+ hence th0: "connected S \<longleftrightarrow> \<not> (\<exists>e2 e1. closed e2 \<and> open e1 \<and> S \<subseteq> e1 \<union> (UNIV - e2) \<and> e1 \<inter> (UNIV - e2) \<inter> S = {} \<and> e1 \<inter> S \<noteq> {} \<and> (UNIV - e2) \<inter> S \<noteq> {})"
+ (is " _ \<longleftrightarrow> \<not> (\<exists>e2 e1. ?P e2 e1)") apply (simp add: closed_def) by metis
+
+ have th1: "?rhs \<longleftrightarrow> \<not> (\<exists>t' t. closed t'\<and>t = S\<inter>t' \<and> t\<noteq>{} \<and> t\<noteq>S \<and> (\<exists>t'. open t' \<and> t = S \<inter> t'))"
+ (is "_ \<longleftrightarrow> \<not> (\<exists>t' t. ?Q t' t)")
+ unfolding connected_def openin_open closedin_closed by auto
+ {fix e2
+ {fix e1 have "?P e2 e1 \<longleftrightarrow> (\<exists>t. closed e2 \<and> t = S\<inter>e2 \<and> open e1 \<and> t = S\<inter>e1 \<and> t\<noteq>{} \<and> t\<noteq>S)"
+ by auto}
+ then have "(\<exists>e1. ?P e2 e1) \<longleftrightarrow> (\<exists>t. ?Q e2 t)" by metis}
+ then have "\<forall>e2. (\<exists>e1. ?P e2 e1) \<longleftrightarrow> (\<exists>t. ?Q e2 t)" by blast
+ then show ?thesis unfolding th0 th1 by simp
+qed
+
+lemma connected_empty[simp, intro]: "connected {}"
+ by (simp add: connected_def)
+
+subsection{* Hausdorff and other separation properties *}
+
+lemma hausdorff:
+ assumes xy: "x \<noteq> y"
+ shows "\<exists>U V. open U \<and> open V \<and> x\<in> U \<and> y \<in> V \<and> (U \<inter> V = {})" (is "\<exists>U V. ?P U V")
+proof-
+ let ?U = "ball x (dist x y / 2)"
+ let ?V = "ball y (dist x y / 2)"
+ have th0: "\<And>d x y z. (d x z :: real) <= d x y + d y z \<Longrightarrow> d y z = d z y
+ ==> ~(d x y * 2 < d x z \<and> d z y * 2 < d x z)" by arith
+ have "?P ?U ?V" using dist_pos_lt[OF xy] th0[of dist,OF dist_triangle dist_sym]
+ by (auto simp add: dist_refl expand_set_eq Arith_Tools.less_divide_eq_number_of1)
+ then show ?thesis by blast
+qed
+
+lemma separation_t2: "x \<noteq> y \<longleftrightarrow> (\<exists>U V. open U \<and> open V \<and> x \<in> U \<and> y \<in> V \<and> U \<inter> V = {})"
+ using hausdorff[of x y] by blast
+
+lemma separation_t1: "x \<noteq> y \<longleftrightarrow> (\<exists>U V. open U \<and> open V \<and> x \<in>U \<and> y\<notin> U \<and> x\<notin>V \<and> y\<in>V)"
+ using separation_t2[of x y] by blast
+
+lemma separation_t0: "x \<noteq> y \<longleftrightarrow> (\<exists>U. open U \<and> ~(x\<in>U \<longleftrightarrow> y\<in>U))" by(metis separation_t1)
+
+subsection{* Limit points *}
+
+definition islimpt:: "real ^'n \<Rightarrow> (real^'n) set \<Rightarrow> bool" (infixr "islimpt" 60) where
+ islimpt_def: "x islimpt S \<longleftrightarrow> (\<forall>T. x\<in>T \<longrightarrow> open T \<longrightarrow> (\<exists>y\<in>S. y\<in>T \<and> y\<noteq>x))"
+
+ (* FIXME: Sure this form is OK????*)
+lemma islimptE: assumes "x islimpt S" and "x \<in> T" and "open T"
+ obtains "(\<exists>y\<in>S. y\<in>T \<and> y\<noteq>x)"
+ using assms unfolding islimpt_def by auto
+
+lemma islimpt_subset: "x islimpt S \<Longrightarrow> S \<subseteq> T ==> x islimpt T" by (auto simp add: islimpt_def)
+lemma islimpt_approachable: "x islimpt S \<longleftrightarrow> (\<forall>e>0. \<exists>x'\<in>S. x' \<noteq> x \<and> dist x' x < e)"
+ unfolding islimpt_def
+ apply auto
+ apply(erule_tac x="ball x e" in allE)
+ apply (auto simp add: dist_refl)
+ apply(rule_tac x=y in bexI) apply (auto simp add: dist_sym)
+ by (metis open_def dist_sym open_ball centre_in_ball mem_ball)
+
+lemma islimpt_approachable_le: "x islimpt S \<longleftrightarrow> (\<forall>e>0. \<exists>x'\<in> S. x' \<noteq> x \<and> dist x' x <= e)"
+ unfolding islimpt_approachable
+ using approachable_lt_le[where f="\<lambda>x'. dist x' x" and P="\<lambda>x'. \<not> (x'\<in>S \<and> x'\<noteq>x)"]
+ by metis
+
+lemma islimpt_UNIV[simp, intro]: "(x:: real ^'n) islimpt UNIV"
+proof-
+ {
+ fix e::real assume ep: "e>0"
+ from vector_choose_size[of "e/2"] ep have "\<exists>(c:: real ^'n). norm c = e/2" by auto
+ then obtain c ::"real^'n" where c: "norm c = e/2" by blast
+ let ?x = "x + c"
+ have "?x \<noteq> x" using c ep by (auto simp add: norm_eq_0_imp)
+ moreover have "dist ?x x < e" using c ep apply simp by norm
+ ultimately have "\<exists>x'. x' \<noteq> x\<and> dist x' x < e" by blast}
+ then show ?thesis unfolding islimpt_approachable by blast
+qed
+
+lemma closed_limpt: "closed S \<longleftrightarrow> (\<forall>x. x islimpt S \<longrightarrow> x \<in> S)"
+ unfolding closed_def
+ apply (subst open_subopen)
+ apply (simp add: islimpt_def subset_eq)
+ by (metis DiffE DiffI UNIV_I insertCI insert_absorb mem_def)
+
+lemma islimpt_EMPTY[simp]: "\<not> x islimpt {}"
+ unfolding islimpt_approachable apply auto by ferrack
+
+lemma closed_positive_orthant: "closed {x::real^'n. \<forall>i\<in>{1.. dimindex(UNIV:: 'n set)}. 0 \<le>x$i}"
+proof-
+ let ?U = "{1 .. dimindex(UNIV :: 'n set)}"
+ let ?O = "{x::real^'n. \<forall>i\<in>?U. x$i\<ge>0}"
+ {fix x:: "real^'n" and i::nat assume H: "\<forall>e>0. \<exists>x'\<in>?O. x' \<noteq> x \<and> dist x' x < e" and i: "i \<in> ?U"
+ and xi: "x$i < 0"
+ from xi have th0: "-x$i > 0" by arith
+ from H[rule_format, OF th0] obtain x' where x': "x' \<in>?O" "x' \<noteq> x" "dist x' x < -x $ i" by blast
+ have th:" \<And>b a (x::real). abs x <= b \<Longrightarrow> b <= a ==> ~(a + x < 0)" by arith
+ have th': "\<And>x (y::real). x < 0 \<Longrightarrow> 0 <= y ==> abs x <= abs (y - x)" by arith
+ have th1: "\<bar>x$i\<bar> \<le> \<bar>(x' - x)$i\<bar>" using i x'(1) xi
+ apply (simp only: vector_component)
+ by (rule th') auto
+ have th2: "\<bar>dist x x'\<bar> \<ge> \<bar>(x' - x)$i\<bar>" using component_le_norm[OF i, of "x'-x"]
+ apply (simp add: dist_def) by norm
+ from th[OF th1 th2] x'(3) have False by (simp add: dist_sym dist_pos_le) }
+ then show ?thesis unfolding closed_limpt islimpt_approachable
+ unfolding not_le[symmetric] by blast
+qed
+
+lemma finite_set_avoid: assumes fS: "finite S" shows "\<exists>d>0. \<forall>x\<in>S. x \<noteq> a \<longrightarrow> d <= dist a x"
+proof(induct rule: finite_induct[OF fS])
+ case 1 thus ?case apply auto by ferrack
+next
+ case (2 x F)
+ from 2 obtain d where d: "d >0" "\<forall>x\<in>F. x\<noteq>a \<longrightarrow> d \<le> dist a x" by blast
+ {assume "x = a" hence ?case using d by auto }
+ moreover
+ {assume xa: "x\<noteq>a"
+ let ?d = "min d (dist a x)"
+ have dp: "?d > 0" using xa d(1) using dist_nz by auto
+ from d have d': "\<forall>x\<in>F. x\<noteq>a \<longrightarrow> ?d \<le> dist a x" by auto
+ with dp xa have ?case by(auto intro!: exI[where x="?d"]) }
+ ultimately show ?case by blast
+qed
+
+lemma islimpt_finite: assumes fS: "finite S" shows "\<not> a islimpt S"
+ unfolding islimpt_approachable
+ using finite_set_avoid[OF fS, of a] by (metis dist_sym not_le)
+
+lemma islimpt_Un: "x islimpt (S \<union> T) \<longleftrightarrow> x islimpt S \<or> x islimpt T"
+ apply (rule iffI)
+ defer
+ apply (metis Un_upper1 Un_upper2 islimpt_subset)
+ unfolding islimpt_approachable
+ apply auto
+ apply (erule_tac x="min e ea" in allE)
+ apply auto
+ done
+
+lemma discrete_imp_closed:
+ assumes e: "0 < e" and d: "\<forall>x \<in> S. \<forall>y \<in> S. norm(y - x) < e \<longrightarrow> y = x"
+ shows "closed S"
+proof-
+ {fix x assume C: "\<forall>e>0. \<exists>x'\<in>S. x' \<noteq> x \<and> dist x' x < e"
+ from e have e2: "e/2 > 0" by arith
+ from C[rule_format, OF e2] obtain y where y: "y \<in> S" "y\<noteq>x" "dist y x < e/2" by blast
+ let ?m = "min (e/2) (dist x y) "
+ from e2 y(2) have mp: "?m > 0" by (simp add: dist_nz[THEN sym])
+ from C[rule_format, OF mp] obtain z where z: "z \<in> S" "z\<noteq>x" "dist z x < ?m" by blast
+ have th: "norm (z - y) < e" using z y by norm
+ from d[rule_format, OF y(1) z(1) th] y z
+ have False by (auto simp add: dist_sym)}
+ then show ?thesis by (metis islimpt_approachable closed_limpt)
+qed
+
+subsection{* Interior of a Set *}
+definition "interior S = {x. \<exists>T. open T \<and> x \<in> T \<and> T \<subseteq> S}"
+
+lemma interior_eq: "interior S = S \<longleftrightarrow> open S"
+ apply (simp add: expand_set_eq interior_def)
+ apply (subst (2) open_subopen) by blast
+
+lemma interior_open: "open S ==> (interior S = S)" by (metis interior_eq)
+
+lemma interior_empty[simp]: "interior {} = {}" by (simp add: interior_def)
+
+lemma open_interior[simp, intro]: "open(interior S)"
+ apply (simp add: interior_def)
+ apply (subst open_subopen) by blast
+
+lemma interior_interior[simp]: "interior(interior S) = interior S" by (metis interior_eq open_interior)
+lemma interior_subset: "interior S \<subseteq> S" by (auto simp add: interior_def)
+lemma subset_interior: "S \<subseteq> T ==> (interior S) \<subseteq> (interior T)" by (auto simp add: interior_def)
+lemma interior_maximal: "T \<subseteq> S \<Longrightarrow> open T ==> T \<subseteq> (interior S)" by (auto simp add: interior_def)
+lemma interior_unique: "T \<subseteq> S \<Longrightarrow> open T \<Longrightarrow> (\<forall>T'. T' \<subseteq> S \<and> open T' \<longrightarrow> T' \<subseteq> T) \<Longrightarrow> interior S = T"
+ by (metis equalityI interior_maximal interior_subset open_interior)
+lemma mem_interior: "x \<in> interior S \<longleftrightarrow> (\<exists>e. 0 < e \<and> ball x e \<subseteq> S)"
+ apply (simp add: interior_def)
+ by (metis open_contains_ball centre_in_ball open_ball subset_trans)
+
+lemma open_subset_interior: "open S ==> S \<subseteq> interior T \<longleftrightarrow> S \<subseteq> T"
+ by (metis interior_maximal interior_subset subset_trans)
+
+lemma interior_inter[simp]: "interior(S \<inter> T) = interior S \<inter> interior T"
+ apply (rule equalityI, simp)
+ apply (metis Int_lower1 Int_lower2 subset_interior)
+ by (metis Int_mono interior_subset open_inter open_interior open_subset_interior)
+
+lemma interior_limit_point[intro]: assumes x: "x \<in> interior S" shows "x islimpt S"
+proof-
+ from x obtain e where e: "e>0" "\<forall>x'. dist x x' < e \<longrightarrow> x' \<in> S"
+ unfolding mem_interior subset_eq Ball_def mem_ball by blast
+ {fix d::real assume d: "d>0"
+ let ?m = "min d e / 2"
+ have mde2: "?m \<ge> 0" using e(1) d(1) by arith
+ from vector_choose_dist[OF mde2, of x]
+ obtain y where y: "dist x y = ?m" by blast
+ have th: "dist x y < e" "dist x y < d" unfolding y using e(1) d(1) by arith+
+ have "\<exists>x'\<in>S. x'\<noteq> x \<and> dist x' x < d"
+ apply (rule bexI[where x=y])
+ using e th y by (auto simp add: dist_sym)}
+ then show ?thesis unfolding islimpt_approachable by blast
+qed
+
+lemma interior_closed_Un_empty_interior:
+ assumes cS: "closed S" and iT: "interior T = {}"
+ shows "interior(S \<union> T) = interior S"
+proof-
+ have "interior S \<subseteq> interior (S\<union>T)"
+ by (rule subset_interior, blast)
+ moreover
+ {fix x e assume e: "e > 0" "\<forall>x' \<in> ball x e. x'\<in>(S\<union>T)"
+ {fix y assume y: "y \<in> ball x e"
+ {fix d::real assume d: "d > 0"
+ let ?k = "min d (e - dist x y)"
+ have kp: "?k > 0" using d e(1) y[unfolded mem_ball] by norm
+ have "?k/2 \<ge> 0" using kp by simp
+ then obtain w where w: "dist y w = ?k/ 2" by (metis vector_choose_dist)
+ from iT[unfolded expand_set_eq mem_interior]
+ have "\<not> ball w (?k/4) \<subseteq> T" using kp by (auto simp add: Arith_Tools.less_divide_eq_number_of1)
+ then obtain z where z: "dist w z < ?k/4" "z \<notin> T" by (auto simp add: subset_eq)
+ have "z \<notin> T \<and> z\<noteq> y \<and> dist z y < d \<and> dist x z < e" using z apply simp
+ using w e(1) d apply (auto simp only: dist_sym)
+ apply (auto simp add: min_def cong del: if_weak_cong)
+ apply (cases "d \<le> e - dist x y", auto simp add: ring_simps cong del: if_weak_cong)
+ apply norm
+ apply (cases "d \<le> e - dist x y", auto simp add: ring_simps not_le not_less cong del: if_weak_cong)
+ apply norm
+ apply norm
+ apply (cases "d \<le> e - dist x y", auto simp add: ring_simps not_le not_less cong del: if_weak_cong)
+ apply norm
+ apply norm
+ done
+ then have "\<exists>z. z \<notin> T \<and> z\<noteq> y \<and> dist z y < d \<and> dist x z < e" by blast
+ then have "\<exists>x' \<in>S. x'\<noteq>y \<and> dist x' y < d" using e by auto}
+ then have "y\<in>S" by (metis islimpt_approachable cS closed_limpt) }
+ then have "x \<in> interior S" unfolding mem_interior using e(1) by blast}
+ hence "interior (S\<union>T) \<subseteq> interior S" unfolding mem_interior Ball_def subset_eq by blast
+ ultimately show ?thesis by blast
+qed
+
+
+subsection{* Closure of a Set *}
+
+definition "closure S = S \<union> {x | x. x islimpt S}"
+
+lemma closure_interior: "closure S = UNIV - interior (UNIV - S)"
+proof-
+ { fix x
+ have "x\<in>UNIV - interior (UNIV - S) \<longleftrightarrow> x \<in> closure S" (is "?lhs = ?rhs")
+ proof
+ let ?exT = "\<lambda> y. (\<exists>T. open T \<and> y \<in> T \<and> T \<subseteq> UNIV - S)"
+ assume "?lhs"
+ hence *:"\<not> ?exT x"
+ unfolding interior_def
+ by simp
+ { assume "\<not> ?rhs"
+ hence False using *
+ unfolding closure_def islimpt_def
+ by blast
+ }
+ thus "?rhs"
+ by blast
+ next
+ assume "?rhs" thus "?lhs"
+ unfolding closure_def interior_def islimpt_def
+ by blast
+ qed
+ }
+ thus ?thesis
+ by blast
+qed
+
+lemma interior_closure: "interior S = UNIV - (closure (UNIV - S))"
+proof-
+ { fix x
+ have "x \<in> interior S \<longleftrightarrow> x \<in> UNIV - (closure (UNIV - S))"
+ unfolding interior_def closure_def islimpt_def
+ by blast
+ }
+ thus ?thesis
+ by blast
+qed
+
+lemma closed_closure[simp, intro]: "closed (closure S)"
+proof-
+ have "closed (UNIV - interior (UNIV -S))" by blast
+ thus ?thesis using closure_interior[of S] by simp
+qed
+
+lemma closure_hull: "closure S = closed hull S"
+proof-
+ have "S \<subseteq> closure S"
+ unfolding closure_def
+ by blast
+ moreover
+ have "closed (closure S)"
+ using closed_closure[of S]
+ by assumption
+ moreover
+ { fix t
+ assume *:"S \<subseteq> t" "closed t"
+ { fix x
+ assume "x islimpt S"
+ hence "x islimpt t" using *(1)
+ using islimpt_subset[of x, of S, of t]
+ by blast
+ }
+ with * have "closure S \<subseteq> t"
+ unfolding closure_def
+ using closed_limpt[of t]
+ by blast
+ }
+ ultimately show ?thesis
+ using hull_unique[of S, of "closure S", of closed]
+ unfolding mem_def
+ by simp
+qed
+
+lemma closure_eq: "closure S = S \<longleftrightarrow> closed S"
+ unfolding closure_hull
+ using hull_eq[of closed, unfolded mem_def, OF closed_Inter, of S]
+ by (metis mem_def subset_eq)
+
+lemma closure_closed[simp]: "closed S \<Longrightarrow> closure S = S"
+ using closure_eq[of S]
+ by simp
+
+lemma closure_closure[simp]: "closure (closure S) = closure S"
+ unfolding closure_hull
+ using hull_hull[of closed S]
+ by assumption
+
+lemma closure_subset: "S \<subseteq> closure S"
+ unfolding closure_hull
+ using hull_subset[of S closed]
+ by assumption
+
+lemma subset_closure: "S \<subseteq> T \<Longrightarrow> closure S \<subseteq> closure T"
+ unfolding closure_hull
+ using hull_mono[of S T closed]
+ by assumption
+
+lemma closure_minimal: "S \<subseteq> T \<Longrightarrow> closed T \<Longrightarrow> closure S \<subseteq> T"
+ using hull_minimal[of S T closed]
+ unfolding closure_hull mem_def
+ by simp
+
+lemma closure_unique: "S \<subseteq> T \<and> closed T \<and> (\<forall> T'. S \<subseteq> T' \<and> closed T' \<longrightarrow> T \<subseteq> T') \<Longrightarrow> closure S = T"
+ using hull_unique[of S T closed]
+ unfolding closure_hull mem_def
+ by simp
+
+lemma closure_empty[simp]: "closure {} = {}"
+ using closed_empty closure_closed[of "{}"]
+ by simp
+
+lemma closure_univ[simp]: "closure UNIV = UNIV"
+ using closure_closed[of UNIV]
+ by simp
+
+lemma closure_eq_empty: "closure S = {} \<longleftrightarrow> S = {}"
+ using closure_empty closure_subset[of S]
+ by blast
+
+lemma closure_subset_eq: "closure S \<subseteq> S \<longleftrightarrow> closed S"
+ using closure_eq[of S] closure_subset[of S]
+ by simp
+
+lemma open_inter_closure_eq_empty:
+ "open S \<Longrightarrow> (S \<inter> closure T) = {} \<longleftrightarrow> S \<inter> T = {}"
+ using open_subset_interior[of S "UNIV - T"]
+ using interior_subset[of "UNIV - T"]
+ unfolding closure_interior
+ by auto
+
+lemma open_inter_closure_subset: "open S \<Longrightarrow> (S \<inter> (closure T)) \<subseteq> closure(S \<inter> T)"
+proof
+ fix x
+ assume as: "open S" "x \<in> S \<inter> closure T"
+ { assume *:"x islimpt T"
+ { fix e::real
+ assume "e > 0"
+ from as `open S` obtain e' where "e' > 0" and e':"\<forall>x'. dist x' x < e' \<longrightarrow> x' \<in> S"
+ unfolding open_def
+ by auto
+ let ?e = "min e e'"
+ from `e>0` `e'>0` have "?e > 0"
+ by simp
+ then obtain y where y:"y\<in>T" "y \<noteq> x \<and> dist y x < ?e"
+ using islimpt_approachable[of x T] using *
+ by blast
+ hence "\<exists>x'\<in>S \<inter> T. x' \<noteq> x \<and> dist x' x < e" using e'
+ using y
+ by(rule_tac x=y in bexI, simp+)
+ }
+ hence "x islimpt S \<inter> T"
+ using islimpt_approachable[of x "S \<inter> T"]
+ by blast
+ }
+ then show "x \<in> closure (S \<inter> T)" using as
+ unfolding closure_def
+ by blast
+qed
+
+lemma closure_complement: "closure(UNIV - S) = UNIV - interior(S)"
+proof-
+ have "S = UNIV - (UNIV - S)"
+ by auto
+ thus ?thesis
+ unfolding closure_interior
+ by auto
+qed
+
+lemma interior_complement: "interior(UNIV - S) = UNIV - closure(S)"
+ unfolding closure_interior
+ by blast
+
+subsection{* Frontier (aka boundary) *}
+
+definition "frontier S = closure S - interior S"
+
+lemma frontier_closed: "closed(frontier S)"
+ by (simp add: frontier_def closed_diff closed_closure)
+
+lemma frontier_closures: "frontier S = (closure S) \<inter> (closure(UNIV - S))"
+ by (auto simp add: frontier_def interior_closure)
+
+lemma frontier_straddle: "a \<in> frontier S \<longleftrightarrow> (\<forall>e>0. (\<exists>x\<in>S. dist a x < e) \<and> (\<exists>x. x \<notin> S \<and> dist a x < e))" (is "?lhs \<longleftrightarrow> ?rhs")
+proof
+ assume "?lhs"
+ { fix e::real
+ assume "e > 0"
+ let ?rhse = "(\<exists>x\<in>S. dist a x < e) \<and> (\<exists>x. x \<notin> S \<and> dist a x < e)"
+ { assume "a\<in>S"
+ have "\<exists>x\<in>S. dist a x < e" using dist_refl[of a] `e>0` `a\<in>S` by(rule_tac x=a in bexI) auto
+ moreover have "\<exists>x. x \<notin> S \<and> dist a x < e" using `?lhs` `a\<in>S`
+ unfolding frontier_closures closure_def islimpt_def using dist_refl[of a] `e>0`
+ by (auto, erule_tac x="ball a e" in allE, auto)
+ ultimately have ?rhse by auto
+ }
+ moreover
+ { assume "a\<notin>S"
+ hence ?rhse using `?lhs`
+ unfolding frontier_closures closure_def islimpt_def
+ using open_ball[of a e] dist_refl[of a] `e > 0`
+ by (auto, erule_tac x = "ball a e" in allE, auto)
+ }
+ ultimately have ?rhse by auto
+ }
+ thus ?rhs by auto
+next
+ assume ?rhs
+ moreover
+ { fix T assume "a\<notin>S" and
+ as:"\<forall>e>0. (\<exists>x\<in>S. dist a x < e) \<and> (\<exists>x. x \<notin> S \<and> dist a x < e)" "a \<notin> S" "a \<in> T" "open T"
+ from `open T` `a \<in> T` have "\<exists>e>0. ball a e \<subseteq> T" unfolding open_contains_ball[of T] by auto
+ then obtain e where "e>0" "ball a e \<subseteq> T" by auto
+ then obtain y where y:"y\<in>S" "dist a y < e" using as(1) by auto
+ have "\<exists>y\<in>S. y \<in> T \<and> y \<noteq> a"
+ using `dist a y < e` `ball a e \<subseteq> T` unfolding ball_def using `y\<in>S` `a\<notin>S` by auto
+ }
+ hence "a \<in> closure S" unfolding closure_def islimpt_def using `?rhs` by auto
+ moreover
+ { fix T assume "a \<in> T" "open T" "a\<in>S"
+ then obtain e where "e>0" and balle: "ball a e \<subseteq> T" unfolding open_contains_ball using `?rhs` by auto
+ obtain x where "x \<notin> S" "dist a x < e" using `?rhs` using `e>0` by auto
+ hence "\<exists>y\<in>UNIV - S. y \<in> T \<and> y \<noteq> a" using balle `a\<in>S` unfolding ball_def by (rule_tac x=x in bexI)auto
+ }
+ hence "a islimpt (UNIV - S) \<or> a\<notin>S" unfolding islimpt_def by auto
+ ultimately show ?lhs unfolding frontier_closures using closure_def[of "UNIV - S"] by auto
+qed
+
+lemma frontier_subset_closed: "closed S \<Longrightarrow> frontier S \<subseteq> S"
+ by (metis frontier_def closure_closed Diff_subset)
+
+lemma frontier_empty: "frontier {} = {}"
+ by (simp add: frontier_def closure_empty)
+
+lemma frontier_subset_eq: "frontier S \<subseteq> S \<longleftrightarrow> closed S"
+proof-
+ { assume "frontier S \<subseteq> S"
+ hence "closure S \<subseteq> S" using interior_subset unfolding frontier_def by auto
+ hence "closed S" using closure_subset_eq by auto
+ }
+ thus ?thesis using frontier_subset_closed[of S] by auto
+qed
+
+lemma frontier_complement: "frontier(UNIV - S) = frontier S"
+ by (auto simp add: frontier_def closure_complement interior_complement)
+
+lemma frontier_disjoint_eq: "frontier S \<inter> S = {} \<longleftrightarrow> open S"
+ using frontier_complement frontier_subset_eq[of "UNIV - S"]
+ unfolding open_closed by auto
+
+subsection{* A variant of nets (Slightly non-standard but good for our purposes). *}
+
+typedef (open) 'a net =
+ "{g :: 'a \<Rightarrow> 'a \<Rightarrow> bool. \<forall>x y. (\<forall>z. g z x \<longrightarrow> g z y) \<or> (\<forall>z. g z y \<longrightarrow> g z x)}"
+ morphisms "netord" "mknet" by blast
+lemma net: "(\<forall>z. netord n z x \<longrightarrow> netord n z y) \<or> (\<forall>z. netord n z y \<longrightarrow> netord n z x)"
+ using netord[of n] by auto
+
+lemma oldnet: "netord n x x \<Longrightarrow> netord n y y \<Longrightarrow>
+ \<exists>z. netord n z z \<and> (\<forall>w. netord n w z \<longrightarrow> netord n w x \<and> netord n w y)"
+ by (metis net)
+
+lemma net_dilemma:
+ "\<exists>a. (\<exists>x. netord net x a) \<and> (\<forall>x. netord net x a \<longrightarrow> P x) \<Longrightarrow>
+ \<exists>b. (\<exists>x. netord net x b) \<and> (\<forall>x. netord net x b \<longrightarrow> Q x)
+ \<Longrightarrow> \<exists>c. (\<exists>x. netord net x c) \<and> (\<forall>x. netord net x c \<longrightarrow> P x \<and> Q x)"
+ by (metis net)
+
+subsection{* Common nets and The "within" modifier for nets. *}
+
+definition "at a = mknet(\<lambda>x y. 0 < dist x a \<and> dist x a <= dist y a)"
+definition "at_infinity = mknet(\<lambda>x y. norm x \<ge> norm y)"
+definition "sequentially = mknet(\<lambda>(m::nat) n. m >= n)"
+
+definition within :: "'a net \<Rightarrow> 'a set \<Rightarrow> 'a net" (infixr "within" 70) where
+ within_def: "net within S = mknet (\<lambda>x y. netord net x y \<and> x \<in> S)"
+
+definition indirection :: "real ^'n \<Rightarrow> real ^'n \<Rightarrow> (real ^'n) net" (infixr "indirection" 70) where
+ indirection_def: "a indirection v = (at a) within {b. \<exists>c\<ge>0. b - a = c*s v}"
+
+text{* Prove That They are all nets. *}
+
+lemma mknet_inverse': "netord (mknet r) = r \<longleftrightarrow> (\<forall>x y. (\<forall>z. r z x \<longrightarrow> r z y) \<or> (\<forall>z. r z y \<longrightarrow> r z x))"
+ using mknet_inverse[of r] apply (auto simp add: netord_inverse) by (metis net)
+
+method_setup net = {*
+ let
+ val ss1 = HOL_basic_ss addsimps [@{thm expand_fun_eq} RS sym]
+ val ss2 = HOL_basic_ss addsimps [@{thm mknet_inverse'}]
+ fun tac ths = ObjectLogic.full_atomize_tac THEN' Simplifier.simp_tac (ss1 addsimps ths) THEN' Simplifier.asm_full_simp_tac ss2
+ in Method.thms_args (Method.SIMPLE_METHOD' o tac) end
+
+*} "Reduces goals about net"
+
+lemma at: "\<And>x y. netord (at a) x y \<longleftrightarrow> 0 < dist x a \<and> dist x a <= dist y a"
+ apply (net at_def)
+ by (metis dist_sym real_le_linear real_le_trans)
+
+lemma at_infinity:
+ "\<And>x y. netord at_infinity x y \<longleftrightarrow> norm x >= norm y"
+ apply (net at_infinity_def)
+ apply (metis real_le_linear real_le_trans)
+ done
+
+lemma sequentially: "\<And>m n. netord sequentially m n \<longleftrightarrow> m >= n"
+ apply (net sequentially_def)
+ apply (metis linorder_linear min_max.le_supI2 min_max.sup_absorb1)
+ done
+
+lemma within: "netord (n within S) x y \<longleftrightarrow> netord n x y \<and> x \<in> S"
+proof-
+ have "\<forall>x y. (\<forall>z. netord n z x \<and> z \<in> S \<longrightarrow> netord n z y) \<or> (\<forall>z. netord n z y \<and> z \<in> S \<longrightarrow> netord n z x)"
+ by (metis net)
+ thus ?thesis
+ unfolding within_def
+ using mknet_inverse[of "\<lambda>x y. netord n x y \<and> x \<in> S"]
+ by simp
+qed
+
+lemma in_direction: "netord (a indirection v) x y \<longleftrightarrow> 0 < dist x a \<and> dist x a \<le> dist y a \<and> (\<exists>c \<ge> 0. x - a = c *s v)"
+ by (simp add: within at indirection_def)
+
+lemma within_UNIV: "at x within UNIV = at x"
+ by (simp add: within_def at_def netord_inverse)
+
+subsection{* Identify Trivial limits, where we can't approach arbitrarily closely. *}
+
+
+definition "trivial_limit (net:: 'a net) \<longleftrightarrow>
+ (\<forall>(a::'a) b. a = b) \<or> (\<exists>(a::'a) b. a \<noteq> b \<and> (\<forall>x. ~(netord (net) x a) \<and> ~(netord(net) x b)))"
+
+
+lemma trivial_limit_within: "trivial_limit (at (a::real^'n) within S) \<longleftrightarrow> ~(a islimpt S)"
+proof-
+ {assume "\<forall>(a::real^'n) b. a = b" hence "\<not> a islimpt S"
+ apply (simp add: islimpt_approachable_le)
+ by (rule exI[where x=1], auto)}
+ moreover
+ {fix b c assume bc: "b \<noteq> c" "\<forall>x. \<not> netord (at a within S) x b \<and> \<not> netord (at a within S) x c"
+ have "dist a b > 0 \<or> dist a c > 0" using bc by (auto simp add: within at dist_nz[THEN sym])
+ then have "\<not> a islimpt S"
+ using bc
+ unfolding within at dist_nz islimpt_approachable_le
+ by(auto simp add: dist_triangle dist_sym dist_eq_0[THEN sym]) }
+ moreover
+ {assume "\<not> a islimpt S"
+ then obtain e where e: "e > 0" "\<forall>x' \<in> S. x' \<noteq> a \<longrightarrow> dist x' a > e"
+ unfolding islimpt_approachable_le by (auto simp add: not_le)
+ from e vector_choose_dist[of e a] obtain b where b: "dist a b = e" by auto
+ from b e(1) have "a \<noteq> b" by (simp add: dist_nz)
+ moreover have "\<forall>x. \<not> ((0 < dist x a \<and> dist x a \<le> dist a a) \<and> x \<in> S) \<and>
+ \<not> ((0 < dist x a \<and> dist x a \<le> dist b a) \<and> x \<in> S)"
+ using e(2) b by (auto simp add: dist_refl dist_sym)
+ ultimately have "trivial_limit (at a within S)" unfolding trivial_limit_def within at
+ by blast}
+ ultimately show ?thesis unfolding trivial_limit_def by blast
+qed
+
+lemma trivial_limit_at: "~(trivial_limit (at a))"
+ apply (subst within_UNIV[symmetric])
+ by (simp add: trivial_limit_within islimpt_UNIV)
+
+lemma trivial_limit_at_infinity: "~(trivial_limit (at_infinity :: ('a::{norm,zero_neq_one}) net))"
+ apply (simp add: trivial_limit_def at_infinity)
+ by (metis order_refl zero_neq_one)
+
+lemma trivial_limit_sequentially: "~(trivial_limit sequentially)"
+ by (auto simp add: trivial_limit_def sequentially)
+
+subsection{* Some property holds "sufficiently close" to the limit point. *}
+
+definition "eventually P net \<longleftrightarrow> trivial_limit net \<or> (\<exists>y. (\<exists>x. netord net x y) \<and> (\<forall>x. netord net x y \<longrightarrow> P x))"
+
+lemma eventually_happens: "eventually P net ==> trivial_limit net \<or> (\<exists>x. P x)"
+ by (metis eventually_def)
+
+lemma eventually_within_le: "eventually P (at a within S) \<longleftrightarrow>
+ (\<exists>d>0. \<forall>x\<in>S. 0 < dist x a \<and> dist x a <= d \<longrightarrow> P x)" (is "?lhs = ?rhs")
+proof
+ assume "?lhs"
+ moreover
+ { assume "\<not> a islimpt S"
+ then obtain e where "e>0" and e:"\<forall>x'\<in>S. \<not> (x' \<noteq> a \<and> dist x' a \<le> e)" unfolding islimpt_approachable_le by auto
+ hence "?rhs" apply auto apply (rule_tac x=e in exI) by auto }
+ moreover
+ { assume "\<exists>y. (\<exists>x. netord (at a within S) x y) \<and> (\<forall>x. netord (at a within S) x y \<longrightarrow> P x)"
+ then obtain x y where xy:"netord (at a within S) x y \<and> (\<forall>x. netord (at a within S) x y \<longrightarrow> P x)" by auto
+ hence "?rhs" unfolding within at by auto
+ }
+ ultimately show "?rhs" unfolding eventually_def trivial_limit_within by auto
+next
+ assume "?rhs"
+ then obtain d where "d>0" and d:"\<forall>x\<in>S. 0 < dist x a \<and> dist x a \<le> d \<longrightarrow> P x" by auto
+ thus "?lhs"
+ unfolding eventually_def trivial_limit_within islimpt_approachable_le within at unfolding dist_nz[THEN sym] by (clarsimp, rule_tac x=d in exI, auto)
+qed
+
+lemma eventually_within: " eventually P (at a within S) \<longleftrightarrow>
+ (\<exists>d>0. \<forall>x\<in>S. 0 < dist x a \<and> dist x a < d \<longrightarrow> P x)"
+proof-
+ { fix d
+ assume "d>0" "\<forall>x\<in>S. 0 < dist x a \<and> dist x a < d \<longrightarrow> P x"
+ hence "\<forall>x\<in>S. 0 < dist x a \<and> dist x a \<le> (d/2) \<longrightarrow> P x" using order_less_imp_le by auto
+ }
+ thus ?thesis unfolding eventually_within_le using approachable_lt_le
+ by (auto, rule_tac x="d/2" in exI, auto)
+qed
+
+lemma eventually_at: "eventually P (at a) \<longleftrightarrow> (\<exists>d>0. \<forall>x. 0 < dist x a \<and> dist x a < d \<longrightarrow> P x)"
+ apply (subst within_UNIV[symmetric])
+ by (simp add: eventually_within)
+
+lemma eventually_sequentially: "eventually P sequentially \<longleftrightarrow> (\<exists>N. \<forall>n\<ge>N. P n)"
+ apply (simp add: eventually_def sequentially trivial_limit_sequentially)
+apply (metis dlo_simps(7) dlo_simps(9) le_maxI2 min_max.le_iff_sup min_max.sup_absorb1 order_antisym_conv) done
+
+(* FIXME Declare this with P::'a::some_type \<Rightarrow> bool *)
+lemma eventually_at_infinity: "eventually (P::(real^'n \<Rightarrow> bool)) at_infinity \<longleftrightarrow> (\<exists>b. \<forall>x. norm x >= b \<longrightarrow> P x)" (is "?lhs = ?rhs")
+proof
+ assume "?lhs" thus "?rhs"
+ unfolding eventually_def at_infinity
+ by (auto simp add: trivial_limit_at_infinity)
+next
+ assume "?rhs"
+ then obtain b where b:"\<forall>x. b \<le> norm x \<longrightarrow> P x" and "b\<ge>0"
+ by (metis norm_ge_zero real_le_linear real_le_trans)
+ obtain y::"real^'n" where y:"norm y = b" using `b\<ge>0`
+ using vector_choose_size[of b] by auto
+ thus "?lhs" unfolding eventually_def at_infinity using b y by auto
+qed
+
+lemma always_eventually: "(\<forall>(x::'a::zero_neq_one). P x) ==> eventually P net"
+ apply (auto simp add: eventually_def trivial_limit_def )
+ by (rule exI[where x=0], rule exI[where x=1], rule zero_neq_one)
+
+text{* Combining theorems for "eventually" *}
+
+lemma eventually_and: " eventually (\<lambda>x. P x \<and> Q x) net \<longleftrightarrow> eventually P net \<and> eventually Q net"
+ apply (simp add: eventually_def)
+ apply (cases "trivial_limit net")
+ using net_dilemma[of net P Q] by auto
+
+lemma eventually_mono: "(\<forall>x. P x \<longrightarrow> Q x) \<Longrightarrow> eventually P net \<Longrightarrow> eventually Q net"
+ by (metis eventually_def)
+
+lemma eventually_mp: "eventually (\<lambda>x. P x \<longrightarrow> Q x) net \<Longrightarrow> eventually P net \<Longrightarrow> eventually Q net"
+ apply (atomize(full))
+ unfolding imp_conjL[symmetric] eventually_and[symmetric]
+ by (auto simp add: eventually_def)
+
+lemma eventually_false: "eventually (\<lambda>x. False) net \<longleftrightarrow> trivial_limit net"
+ by (auto simp add: eventually_def)
+
+lemma not_eventually: "(\<forall>x. \<not> P x ) \<Longrightarrow> ~(trivial_limit net) ==> ~(eventually P net)"
+ by (auto simp add: eventually_def)
+
+subsection{* Limits, defined as vacuously true when the limit is trivial. *}
+
+definition tendsto:: "('a \<Rightarrow> real ^'n) \<Rightarrow> real ^'n \<Rightarrow> 'a net \<Rightarrow> bool" (infixr "--->" 55) where
+ tendsto_def: "(f ---> l) net \<longleftrightarrow> (\<forall>e>0. eventually (\<lambda>x. dist (f x) l < e) net)"
+
+lemma tendstoD: "(f ---> l) net \<Longrightarrow> e>0 \<Longrightarrow> eventually (\<lambda>x. dist (f x) l < e) net"
+ unfolding tendsto_def by auto
+
+ text{* Notation Lim to avoid collition with lim defined in analysis *}
+definition "Lim net f = (THE l. (f ---> l) net)"
+
+lemma Lim:
+ "(f ---> l) net \<longleftrightarrow>
+ trivial_limit net \<or>
+ (\<forall>e>0. \<exists>y. (\<exists>x. netord net x y) \<and>
+ (\<forall>x. netord(net) x y \<longrightarrow> dist (f x) l < e))"
+ by (auto simp add: tendsto_def eventually_def)
+
+
+text{* Show that they yield usual definitions in the various cases. *}
+
+lemma Lim_within_le: "(f ---> l)(at a within S) \<longleftrightarrow>
+ (\<forall>e>0. \<exists>d>0. \<forall>x\<in>S. 0 < dist x a \<and> dist x a <= d \<longrightarrow> dist (f x) l < e)"
+ by (auto simp add: tendsto_def eventually_within_le)
+
+lemma Lim_within: "(f ---> l) (at a within S) \<longleftrightarrow>
+ (\<forall>e >0. \<exists>d>0. \<forall>x \<in> S. 0 < dist x a \<and> dist x a < d \<longrightarrow> dist (f x) l < e)"
+ by (auto simp add: tendsto_def eventually_within)
+
+lemma Lim_at: "(f ---> l) (at a) \<longleftrightarrow>
+ (\<forall>e >0. \<exists>d>0. \<forall>x. 0 < dist x a \<and> dist x a < d \<longrightarrow> dist (f x) l < e)"
+ by (auto simp add: tendsto_def eventually_at)
+
+lemma Lim_at_infinity:
+ "(f ---> l) at_infinity \<longleftrightarrow> (\<forall>e>0. \<exists>b. \<forall>x::real^'n. norm x >= b \<longrightarrow> dist (f x) l < e)"
+ by (auto simp add: tendsto_def eventually_at_infinity)
+
+lemma Lim_sequentially:
+ "(S ---> l) sequentially \<longleftrightarrow>
+ (\<forall>e>0. \<exists>N. \<forall>n\<ge>N. dist (S n) l < e)"
+ by (auto simp add: tendsto_def eventually_sequentially)
+
+lemma Lim_eventually: "eventually (\<lambda>x. f x = l) net \<Longrightarrow> (f ---> l) net"
+ by (auto simp add: eventually_def Lim dist_refl)
+
+text{* The expected monotonicity property. *}
+
+lemma Lim_within_empty: "(f ---> l) (at x within {})"
+ by (simp add: Lim_within_le)
+
+lemma Lim_within_subset: "(f ---> l) (at a within S) \<Longrightarrow> T \<subseteq> S \<Longrightarrow> (f ---> l) (at a within T)"
+ apply (auto simp add: Lim_within_le)
+ by (metis subset_eq)
+
+lemma Lim_Un: assumes "(f ---> l) (at x within S)" "(f ---> l) (at x within T)"
+ shows "(f ---> l) (at x within (S \<union> T))"
+proof-
+ { fix e::real assume "e>0"
+ obtain d1 where d1:"d1>0" "\<forall>xa\<in>T. 0 < dist xa x \<and> dist xa x < d1 \<longrightarrow> dist (f xa) l < e" using assms unfolding Lim_within using `e>0` by auto
+ obtain d2 where d2:"d2>0" "\<forall>xa\<in>S. 0 < dist xa x \<and> dist xa x < d2 \<longrightarrow> dist (f xa) l < e" using assms unfolding Lim_within using `e>0` by auto
+ have "\<exists>d>0. \<forall>xa\<in>S \<union> T. 0 < dist xa x \<and> dist xa x < d \<longrightarrow> dist (f xa) l < e" using d1 d2
+ by (rule_tac x="min d1 d2" in exI)auto
+ }
+ thus ?thesis unfolding Lim_within by auto
+qed
+
+lemma Lim_Un_univ:
+ "(f ---> l) (at x within S) \<Longrightarrow> (f ---> l) (at x within T) \<Longrightarrow> S \<union> T = (UNIV::(real^'n) set)
+ ==> (f ---> l) (at x)"
+ by (metis Lim_Un within_UNIV)
+
+text{* Interrelations between restricted and unrestricted limits. *}
+
+lemma Lim_at_within: "(f ---> l)(at a) ==> (f ---> l)(at a within S)"
+ apply (simp add: Lim_at Lim_within)
+ by metis
+
+lemma Lim_within_open:
+ assumes"a \<in> S" "open S"
+ shows "(f ---> l)(at a within S) \<longleftrightarrow> (f ---> l)(at a)" (is "?lhs \<longleftrightarrow> ?rhs")
+proof
+ assume ?lhs
+ { fix e::real assume "e>0"
+ obtain d where d: "d >0" "\<forall>x\<in>S. 0 < dist x a \<and> dist x a < d \<longrightarrow> dist (f x) l < e" using `?lhs` `e>0` unfolding Lim_within by auto
+ obtain d' where d': "d'>0" "\<forall>x. dist x a < d' \<longrightarrow> x \<in> S" using assms unfolding open_def by auto
+ from d d' have "\<exists>d>0. \<forall>x. 0 < dist x a \<and> dist x a < d \<longrightarrow> dist (f x) l < e" by (rule_tac x= "min d d'" in exI)auto
+ }
+ thus ?rhs unfolding Lim_at by auto
+next
+ assume ?rhs
+ { fix e::real assume "e>0"
+ then obtain d where "d>0" and d:"\<forall>x. 0 < dist x a \<and> dist x a < d \<longrightarrow> dist (f x) l < e" using `?rhs` unfolding Lim_at by auto
+ hence "\<exists>d>0. \<forall>x. 0 < dist x a \<and> dist x a < d \<longrightarrow> dist (f x) l < e" using `d>0` by auto
+ }
+ thus ?lhs using Lim_at_within[of f l a S] by (auto simp add: Lim_at)
+qed
+
+text{* Another limit point characterization. *}
+
+lemma islimpt_sequential:
+ "x islimpt S \<longleftrightarrow> (\<exists>f. (\<forall>n::nat. f n \<in> S -{x}) \<and> (f ---> x) sequentially)" (is "?lhs = ?rhs")
+proof
+ assume ?lhs
+ then obtain f where f:"\<forall>y. y>0 \<longrightarrow> f y \<in> S \<and> f y \<noteq> x \<and> dist (f y) x < y"
+ unfolding islimpt_approachable using choice[of "\<lambda>e y. e>0 \<longrightarrow> y\<in>S \<and> y\<noteq>x \<and> dist y x < e"] by auto
+ { fix n::nat
+ have "f (inverse (real n + 1)) \<in> S - {x}" using f by auto
+ }
+ moreover
+ { fix e::real assume "e>0"
+ hence "\<exists>N::nat. inverse (real (N + 1)) < e" using real_arch_inv[of e] apply (auto simp add: Suc_pred') apply(rule_tac x="n - 1" in exI) by auto
+ then obtain N::nat where "inverse (real (N + 1)) < e" by auto
+ hence "\<forall>n\<ge>N. inverse (real n + 1) < e" by (auto, metis Suc_le_mono le_SucE less_imp_inverse_less nat_le_real_less order_less_trans real_of_nat_Suc real_of_nat_Suc_gt_zero)
+ moreover have "\<forall>n\<ge>N. dist (f (inverse (real n + 1))) x < (inverse (real n + 1))" using f `e>0` by auto
+ ultimately have "\<exists>N::nat. \<forall>n\<ge>N. dist (f (inverse (real n + 1))) x < e" apply(rule_tac x=N in exI) apply auto apply(erule_tac x=n in allE)+ by auto
+ }
+ hence " ((\<lambda>n. f (inverse (real n + 1))) ---> x) sequentially"
+ unfolding Lim_sequentially using f by auto
+ ultimately show ?rhs apply (rule_tac x="(\<lambda>n::nat. f (inverse (real n + 1)))" in exI) by auto
+next
+ assume ?rhs
+ then obtain f::"nat\<Rightarrow>real^'a" where f:"(\<forall>n. f n \<in> S - {x})" "(\<forall>e>0. \<exists>N. \<forall>n\<ge>N. dist (f n) x < e)" unfolding Lim_sequentially by auto
+ { fix e::real assume "e>0"
+ then obtain N where "dist (f N) x < e" using f(2) by auto
+ moreover have "f N\<in>S" "f N \<noteq> x" using f(1) by auto
+ ultimately have "\<exists>x'\<in>S. x' \<noteq> x \<and> dist x' x < e" by auto
+ }
+ thus ?lhs unfolding islimpt_approachable by auto
+qed
+
+text{* Basic arithmetical combining theorems for limits. *}
+
+lemma Lim_linear: fixes f :: "('a \<Rightarrow> real^'n)" and h :: "(real^'n \<Rightarrow> real^'m)"
+ assumes "(f ---> l) net" "linear h"
+ shows "((\<lambda>x. h (f x)) ---> h l) net"
+proof (cases "trivial_limit net")
+ case True
+ thus ?thesis unfolding tendsto_def unfolding eventually_def by auto
+next
+ case False note cas = this
+ obtain b where b: "b>0" "\<forall>x. norm (h x) \<le> b * norm x" using assms(2) using linear_bounded_pos[of h] by auto
+ { fix e::real assume "e >0"
+ hence "e/b > 0" using `b>0` by (metis divide_pos_pos)
+ then have "(\<exists>y. (\<exists>x. netord net x y) \<and> (\<forall>x. netord net x y \<longrightarrow> dist (f x) l < e/b))" using assms `e>0` cas
+ unfolding tendsto_def unfolding eventually_def by auto
+ then obtain y where y: "\<exists>x. netord net x y" "\<forall>x. netord net x y \<longrightarrow> dist (f x) l < e/b" by auto
+ { fix x
+ have "netord net x y \<longrightarrow> dist (h (f x)) (h l) < e"
+ using y(2) b unfolding dist_def using linear_sub[of h "f x" l] `linear h`
+ apply auto by (metis b(1) b(2) dist_def dist_sym less_le_not_le linorder_not_le mult_imp_div_pos_le real_mult_commute xt1(7))
+ }
+ hence " (\<exists>y. (\<exists>x. netord net x y) \<and> (\<forall>x. netord net x y \<longrightarrow> dist (h (f x)) (h l) < e))" using y
+ by(rule_tac x="y" in exI) auto
+ }
+ thus ?thesis unfolding tendsto_def eventually_def using `b>0` by auto
+qed
+
+lemma Lim_const: "((\<lambda>x. a) ---> a) net"
+ by (auto simp add: Lim dist_refl trivial_limit_def)
+
+lemma Lim_cmul: "(f ---> l) net ==> ((\<lambda>x. c *s f x) ---> c *s l) net"
+ apply (rule Lim_linear[where f = f])
+ apply simp
+ apply (rule linear_compose_cmul)
+ apply (rule linear_id[unfolded id_def])
+ done
+
+lemma Lim_neg: "(f ---> l) net ==> ((\<lambda>x. -(f x)) ---> -l) net"
+ apply (simp add: Lim dist_def group_simps)
+ apply (subst minus_diff_eq[symmetric])
+ unfolding norm_minus_cancel by simp
+
+lemma Lim_add: fixes f :: "'a \<Rightarrow> real^'n" shows
+ "(f ---> l) net \<Longrightarrow> (g ---> m) net \<Longrightarrow> ((\<lambda>x. f(x) + g(x)) ---> l + m) net"
+proof-
+ assume as:"(f ---> l) net" "(g ---> m) net"
+ { fix e::real
+ assume "e>0"
+ hence *:"eventually (\<lambda>x. dist (f x) l < e/2) net"
+ "eventually (\<lambda>x. dist (g x) m < e/2) net" using as
+ by (auto intro: tendstoD simp del: Arith_Tools.less_divide_eq_number_of1)
+ hence "eventually (\<lambda>x. dist (f x + g x) (l + m) < e) net"
+ proof(cases "trivial_limit net")
+ case True
+ thus ?thesis unfolding eventually_def by auto
+ next
+ case False
+ hence fl:"(\<exists>y. (\<exists>x. netord net x y) \<and> (\<forall>x. netord net x y \<longrightarrow> dist (f x) l < e / 2))" and
+ gl:"(\<exists>y. (\<exists>x. netord net x y) \<and> (\<forall>x. netord net x y \<longrightarrow> dist (g x) m < e / 2))"
+ using * unfolding eventually_def by auto
+ obtain c where c:"(\<exists>x. netord net x c)" "(\<forall>x. netord net x c \<longrightarrow> dist (f x) l < e / 2 \<and> dist (g x) m < e / 2)"
+ using net_dilemma[of net, OF fl gl] by auto
+ { fix x assume "netord net x c"
+ with c(2) have " dist (f x + g x) (l + m) < e" using dist_triangle_add[of "f x" "g x" l m] by auto
+ }
+ with c show ?thesis unfolding eventually_def by auto
+ qed
+ }
+ thus ?thesis unfolding tendsto_def by auto
+qed
+
+lemma Lim_sub: "(f ---> l) net \<Longrightarrow> (g ---> m) net \<Longrightarrow> ((\<lambda>x. f(x) - g(x)) ---> l - m) net"
+ unfolding diff_minus
+ by (simp add: Lim_add Lim_neg)
+
+lemma Lim_null: "(f ---> l) net \<longleftrightarrow> ((\<lambda>x. f(x) - l) ---> 0) net" by (simp add: Lim dist_def)
+lemma Lim_null_norm: "(f ---> 0) net \<longleftrightarrow> ((\<lambda>x. vec1(norm(f x))) ---> 0) net"
+ by (simp add: Lim dist_def norm_vec1)
+
+lemma Lim_null_comparison:
+ assumes "eventually (\<lambda>x. norm(f x) <= g x) net" "((\<lambda>x. vec1(g x)) ---> 0) net"
+ shows "(f ---> 0) net"
+proof(simp add: tendsto_def, rule+)
+ fix e::real assume "0<e"
+ { fix x
+ assume "norm (f x) \<le> g x" "dist (vec1 (g x)) 0 < e"
+ hence "dist (f x) 0 < e" unfolding vec_def using dist_vec1[of "g x" "0"]
+ by (vector dist_def norm_vec1 dist_refl real_vector_norm_def dot_def vec1_def)
+ }
+ thus "eventually (\<lambda>x. dist (f x) 0 < e) net"
+ using eventually_and[of "\<lambda>x. norm(f x) <= g x" "\<lambda>x. dist (vec1 (g x)) 0 < e" net]
+ using eventually_mono[of "(\<lambda>x. norm (f x) \<le> g x \<and> dist (vec1 (g x)) 0 < e)" "(\<lambda>x. dist (f x) 0 < e)" net]
+ using assms `e>0` unfolding tendsto_def by auto
+qed
+
+lemma Lim_component: "(f ---> l) net \<Longrightarrow> i \<in> {1 .. dimindex(UNIV:: 'n set)}
+ ==> ((\<lambda>a. vec1((f a :: real ^'n)$i)) ---> vec1(l$i)) net"
+ apply (simp add: Lim dist_def vec1_sub[symmetric] norm_vec1 vector_minus_component[symmetric] del: One_nat_def)
+ apply auto
+ apply (erule_tac x=e in allE)
+ apply clarify
+ apply (rule_tac x=y in exI)
+ apply auto
+ apply (rule order_le_less_trans)
+ apply (rule component_le_norm)
+ by auto
+
+lemma Lim_transform_bound:
+ assumes "eventually (\<lambda>n. norm(f n) <= norm(g n)) net" "(g ---> 0) net"
+ shows "(f ---> 0) net"
+proof(simp add: tendsto_def, rule+)
+ fix e::real assume "e>0"
+ { fix x
+ assume "norm (f x) \<le> norm (g x)" "dist (g x) 0 < e"
+ hence "dist (f x) 0 < e" by norm}
+ thus "eventually (\<lambda>x. dist (f x) 0 < e) net"
+ using eventually_and[of "\<lambda>x. norm (f x) \<le> norm (g x)" "\<lambda>x. dist (g x) 0 < e" net]
+ using eventually_mono[of "\<lambda>x. norm (f x) \<le> norm (g x) \<and> dist (g x) 0 < e" "\<lambda>x. dist (f x) 0 < e" net]
+ using assms `e>0` unfolding tendsto_def by blast
+qed
+
+text{* Deducing things about the limit from the elements. *}
+
+lemma Lim_in_closed_set:
+ assumes "closed S" "eventually (\<lambda>x. f(x) \<in> S) net" "\<not>(trivial_limit net)" "(f ---> l) net"
+ shows "l \<in> S"
+proof-
+ { assume "l \<notin> S"
+ obtain e where e:"e>0" "ball l e \<subseteq> UNIV - S" using assms(1) `l \<notin> S` unfolding closed_def open_contains_ball by auto
+ hence *:"\<forall>x. dist l x < e \<longrightarrow> x \<notin> S" by auto
+ obtain y where "(\<exists>x. netord net x y) \<and> (\<forall>x. netord net x y \<longrightarrow> dist (f x) l < e)"
+ using assms(3,4) `e>0` unfolding tendsto_def eventually_def by blast
+ hence "(\<exists>x. netord net x y) \<and> (\<forall>x. netord net x y \<longrightarrow> f x \<notin> S)" using * by (auto simp add: dist_sym)
+ hence False using assms(2,3)
+ using eventually_and[of "(\<lambda>x. f x \<in> S)" "(\<lambda>x. f x \<notin> S)"] not_eventually[of "(\<lambda>x. f x \<in> S \<and> f x \<notin> S)" net]
+ unfolding eventually_def by blast
+ }
+ thus ?thesis by blast
+qed
+
+text{* Need to prove closed(cball(x,e)) before deducing this as a corollary. *}
+
+lemma Lim_norm_ubound:
+ assumes "\<not>(trivial_limit net)" "(f ---> l) net" "eventually (\<lambda>x. norm(f x) <= e) net"
+ shows "norm(l) <= e"
+proof-
+ obtain y where y: "\<exists>x. netord net x y" "\<forall>x. netord net x y \<longrightarrow> norm (f x) \<le> e" using assms(1,3) unfolding eventually_def by auto
+ show ?thesis
+ proof(rule ccontr)
+ assume "\<not> norm l \<le> e"
+ then obtain z where z: "\<exists>x. netord net x z" "\<forall>x. netord net x z \<longrightarrow> dist (f x) l < norm l - e"
+ using assms(2)[unfolded Lim] using assms(1) apply simp apply(erule_tac x="norm l - e" in allE) by auto
+ obtain w where w:"netord net w z" "netord net w y" using net[of net] using z(1) y(1) by blast
+ hence "dist (f w) l < norm l - e \<and> norm (f w) <= e" using z(2) y(2) by auto
+ thus False using `\<not> norm l \<le> e` by norm
+ qed
+qed
+
+lemma Lim_norm_lbound:
+ assumes "\<not> (trivial_limit net)" "(f ---> l) net" "eventually (\<lambda>x. e <= norm(f x)) net"
+ shows "e \<le> norm l"
+proof-
+ obtain y where y: "\<exists>x. netord net x y" "\<forall>x. netord net x y \<longrightarrow> e \<le> norm (f x)" using assms(1,3) unfolding eventually_def by auto
+ show ?thesis
+ proof(rule ccontr)
+ assume "\<not> e \<le> norm l"
+ then obtain z where z: "\<exists>x. netord net x z" "\<forall>x. netord net x z \<longrightarrow> dist (f x) l < e - norm l"
+ using assms(2)[unfolded Lim] using assms(1) apply simp apply(erule_tac x="e - norm l" in allE) by auto
+ obtain w where w:"netord net w z" "netord net w y" using net[of net] using z(1) y(1) by blast
+ hence "dist (f w) l < e - norm l \<and> e \<le> norm (f w)" using z(2) y(2) by auto
+ thus False using `\<not> e \<le> norm l` by norm
+ qed
+qed
+
+text{* Uniqueness of the limit, when nontrivial. *}
+
+lemma Lim_unique:
+ fixes l::"real^'a" and net::"'b::zero_neq_one net"
+ assumes "\<not>(trivial_limit net)" "(f ---> l) net" "(f ---> l') net"
+ shows "l = l'"
+proof-
+ { fix e::real assume "e>0"
+ hence "eventually (\<lambda>x. norm (0::real^'a) \<le> e) net" unfolding norm_0 using always_eventually[of _ net] by auto
+ hence "norm (l - l') \<le> e" using Lim_norm_ubound[of net "\<lambda>x. 0" "l-l'"] using assms using Lim_sub[of f l net f l'] by auto
+ } note * = this
+ { assume "norm (l - l') > 0"
+ hence "norm (l - l') = 0" using *[of "(norm (l - l')) /2"] using norm_ge_zero[of "l - l'"] by simp
+ }
+ hence "l = l'" using norm_ge_zero[of "l - l'"] unfolding le_less and dist_nz[of l l', unfolded dist_def, THEN sym] by auto
+ thus ?thesis using assms using Lim_sub[of f l net f l'] by simp
+qed
+
+lemma tendsto_Lim:
+ "~(trivial_limit (net::('b::zero_neq_one net))) \<Longrightarrow> (f ---> l) net ==> Lim net f = l"
+ unfolding Lim_def using Lim_unique[of net f] by auto
+
+text{* Limit under bilinear function (surprisingly tedious, but important) *}
+
+lemma norm_bound_lemma:
+ "0 < e \<Longrightarrow> \<exists>d>0. \<forall>(x'::real^'b) y'::real^'a. norm(x' - (x::real^'b)) < d \<and> norm(y' - y) < d \<longrightarrow> norm(x') * norm(y' - y) + norm(x' - x) * norm(y) < e"
+proof-
+ assume e: "0 < e"
+ have th1: "(2 * norm x + 2 * norm y + 2) > 0" using norm_ge_zero[of x] norm_ge_zero[of y] by norm
+ hence th0: "0 < e / (2 * norm x + 2 * norm y + 2)" using `e>0` using divide_pos_pos by auto
+ moreover
+ { fix x' y'
+ assume h: "norm (x' - x) < 1" "norm (x' - x) < e / (2 * norm x + 2 * norm y + 2)"
+ "norm (y' - y) < 1" "norm (y' - y) < e / (2 * norm x + 2 * norm y + 2)"
+ have th: "\<And>a b (c::real). a \<ge> 0 \<Longrightarrow> c \<ge> 0 \<Longrightarrow> a + (b + c) < e ==> b < e " by arith
+ from h have thx: "norm (x' - x) * norm y < e / 2"
+ using th0 th1 apply (simp add: field_simps)
+ apply (rule th) defer defer apply assumption
+ by (simp_all add: norm_ge_zero zero_le_mult_iff)
+
+ have "norm x' - norm x < 1" apply(rule le_less_trans)
+ using h(1) using norm_triangle_ineq2[of x' x] by auto
+ hence *:"norm x' < 1 + norm x" by auto
+
+ have thy: "norm (y' - y) * norm x' < e / (2 * norm x + 2 * norm y + 2) * (1 + norm x)"
+ using mult_strict_mono'[OF h(4) * norm_ge_zero norm_ge_zero] by auto
+ also have "\<dots> \<le> e/2" apply simp unfolding divide_le_eq
+ using th1 th0 `e>0` apply auto
+ unfolding mult_assoc and real_mult_le_cancel_iff2[OF `e>0`] by auto
+
+ finally have "norm x' * norm (y' - y) + norm (x' - x) * norm y < e"
+ using thx and e by (simp add: field_simps) }
+ ultimately show ?thesis apply(rule_tac x="min 1 (e / 2 / (norm x + norm y + 1))" in exI) by auto
+qed
+
+lemma Lim_bilinear:
+ fixes net :: "'a net" and h:: "real ^'m \<Rightarrow> real ^'n \<Rightarrow> real ^'p"
+ assumes "(f ---> l) net" and "(g ---> m) net" and "bilinear h"
+ shows "((\<lambda>x. h (f x) (g x)) ---> (h l m)) net"
+proof(cases "trivial_limit net")
+ case True thus "((\<lambda>x. h (f x) (g x)) ---> h l m) net" unfolding Lim ..
+next
+ case False note ntriv = this
+ obtain B where "B>0" and B:"\<forall>x y. norm (h x y) \<le> B * norm x * norm y" using bilinear_bounded_pos[OF assms(3)] by auto
+ { fix e::real assume "e>0"
+ obtain d where "d>0" and d:"\<forall>x' y'. norm (x' - l) < d \<and> norm (y' - m) < d \<longrightarrow> norm x' * norm (y' - m) + norm (x' - l) * norm m < e / B" using `B>0` `e>0`
+ using norm_bound_lemma[of "e / B" l m] using divide_pos_pos by auto
+
+ have *:"\<And>x y. h (f x) (g x) - h l m = h (f x) (g x - m) + h (f x - l) m"
+ unfolding bilinear_rsub[OF assms(3)]
+ unfolding bilinear_lsub[OF assms(3)] by auto
+
+ { fix x assume "dist (f x) l < d \<and> dist (g x) m < d"
+ hence **:"norm (f x) * norm (g x - m) + norm (f x - l) * norm m < e / B"
+ using d[THEN spec[where x="f x"], THEN spec[where x="g x"]] unfolding dist_def by auto
+ have "norm (h (f x) (g x - m)) + norm (h (f x - l) m) \<le> B * norm (f x) * norm (g x - m) + B * norm (f x - l) * norm m"
+ using B[THEN spec[where x="f x"], THEN spec[where x="g x - m"]]
+ using B[THEN spec[where x="f x - l"], THEN spec[where x="m"]] by auto
+ also have "\<dots> < e" using ** and `B>0` by(auto simp add: field_simps)
+ finally have "dist (h (f x) (g x)) (h l m) < e" unfolding dist_def and * using norm_triangle_lt by auto
+ }
+ moreover
+ obtain c where "(\<exists>x. netord net x c) \<and> (\<forall>x. netord net x c \<longrightarrow> dist (f x) l < d \<and> dist (g x) m < d)"
+ using net_dilemma[of net "\<lambda>x. dist (f x) l < d" "\<lambda>x. dist (g x) m < d"] using assms(1,2) unfolding Lim using False and `d>0` by (auto elim!: allE[where x=d])
+ ultimately have "\<exists>y. (\<exists>x. netord net x y) \<and> (\<forall>x. netord net x y \<longrightarrow> dist (h (f x) (g x)) (h l m) < e)" by auto }
+ thus "((\<lambda>x. h (f x) (g x)) ---> h l m) net" unfolding Lim by auto
+qed
+
+text{* These are special for limits out of the same vector space. *}
+
+lemma Lim_within_id: "(id ---> a) (at a within s)" by (auto simp add: Lim_within id_def)
+lemma Lim_at_id: "(id ---> a) (at a)"
+apply (subst within_UNIV[symmetric]) by (simp add: Lim_within_id)
+
+lemma Lim_at_zero: "(f ---> l) (at (a::real^'a)) \<longleftrightarrow> ((\<lambda>x. f(a + x)) ---> l) (at 0)" (is "?lhs = ?rhs")
+proof
+ assume "?lhs"
+ { fix e::real assume "e>0"
+ with `?lhs` obtain d where d:"d>0" "\<forall>x. 0 < dist x a \<and> dist x a < d \<longrightarrow> dist (f x) l < e" unfolding Lim_at by auto
+ { fix x::"real^'a" assume "0 < dist x 0 \<and> dist x 0 < d"
+ hence "dist (f (a + x)) l < e" using d
+ apply(erule_tac x="x+a" in allE) by(auto simp add: comm_monoid_add.mult_commute dist_def dist_sym)
+ }
+ hence "\<exists>d>0. \<forall>x. 0 < dist x 0 \<and> dist x 0 < d \<longrightarrow> dist (f (a + x)) l < e" using d(1) by auto
+ }
+ thus "?rhs" unfolding Lim_at by auto
+next
+ assume "?rhs"
+ { fix e::real assume "e>0"
+ with `?rhs` obtain d where d:"d>0" "\<forall>x. 0 < dist x 0 \<and> dist x 0 < d \<longrightarrow> dist (f (a + x)) l < e"
+ unfolding Lim_at by auto
+ { fix x::"real^'a" assume "0 < dist x a \<and> dist x a < d"
+ hence "dist (f x) l < e" using d apply(erule_tac x="x-a" in allE)
+ by(auto simp add: comm_monoid_add.mult_commute dist_def dist_sym)
+ }
+ hence "\<exists>d>0. \<forall>x. 0 < dist x a \<and> dist x a < d \<longrightarrow> dist (f x) l < e" using d(1) by auto
+ }
+ thus "?lhs" unfolding Lim_at by auto
+qed
+
+text{* It's also sometimes useful to extract the limit point from the net. *}
+
+definition "netlimit net = (SOME a. \<forall>x. ~(netord net x a))"
+
+lemma netlimit_within: assumes"~(trivial_limit (at a within S))"
+ shows "(netlimit (at a within S) = a)"
+proof-
+ { fix x assume "x \<noteq> a"
+ then obtain y where y:"dist y a \<le> dist a a \<and> 0 < dist y a \<and> y \<in> S \<or> dist y a \<le> dist x a \<and> 0 < dist y a \<and> y \<in> S" using assms unfolding trivial_limit_def within at by blast
+ assume "\<forall>y. \<not> netord (at a within S) y x"
+ hence "x = a" using y unfolding within at by (auto simp add: dist_refl dist_nz)
+ }
+ moreover
+ have "\<forall>y. \<not> netord (at a within S) y a" using assms unfolding trivial_limit_def within at by (auto simp add: dist_refl)
+ ultimately show ?thesis unfolding netlimit_def using some_equality[of "\<lambda>x. \<forall>y. \<not> netord (at a within S) y x"] by blast
+qed
+
+lemma netlimit_at: "netlimit(at a) = a"
+ apply (subst within_UNIV[symmetric])
+ using netlimit_within[of a UNIV]
+ by (simp add: trivial_limit_at within_UNIV)
+
+text{* Transformation of limit. *}
+
+lemma Lim_transform: assumes "((\<lambda>x. f x - g x) ---> 0) net" "(f ---> l) net"
+ shows "(g ---> l) net"
+proof-
+ from assms have "((\<lambda>x. f x - g x - f x) ---> 0 - l) net" using Lim_sub[of "\<lambda>x. f x - g x" 0 net f l] by auto
+ thus "?thesis" using Lim_neg [of "\<lambda> x. - g x" "-l" net] by auto
+qed
+
+lemma Lim_transform_eventually: "eventually (\<lambda>x. f x = g x) net \<Longrightarrow> (f ---> l) net ==> (g ---> l) net"
+ using Lim_eventually[of "\<lambda>x. f x - g x" 0 net] Lim_transform[of f g net l] by auto
+
+lemma Lim_transform_within:
+ assumes "0 < d" "(\<forall>x'\<in>S. 0 < dist x' x \<and> dist x' x < d \<longrightarrow> f x' = g x')"
+ "(f ---> l) (at x within S)"
+ shows "(g ---> l) (at x within S)"
+proof-
+ have "((\<lambda>x. f x - g x) ---> 0) (at x within S)" unfolding Lim_within[of "\<lambda>x. f x - g x" 0 x S] using assms(1,2) by auto
+ thus ?thesis using Lim_transform[of f g "at x within S" l] using assms(3) by auto
+qed
+
+lemma Lim_transform_at: "0 < d \<Longrightarrow> (\<forall>x'. 0 < dist x' x \<and> dist x' x < d \<longrightarrow> f x' = g x') \<Longrightarrow>
+ (f ---> l) (at x) ==> (g ---> l) (at x)"
+ apply (subst within_UNIV[symmetric])
+ using Lim_transform_within[of d UNIV x f g l]
+ by (auto simp add: within_UNIV)
+
+text{* Common case assuming being away from some crucial point like 0. *}
+
+lemma Lim_transform_away_within:
+ fixes f:: "real ^'m \<Rightarrow> real ^'n"
+ assumes "a\<noteq>b" "\<forall>x\<in> S. x \<noteq> a \<and> x \<noteq> b \<longrightarrow> f x = g x"
+ and "(f ---> l) (at a within S)"
+ shows "(g ---> l) (at a within S)"
+proof-
+ have "\<forall>x'\<in>S. 0 < dist x' a \<and> dist x' a < dist a b \<longrightarrow> f x' = g x'" using assms(2)
+ apply auto apply(erule_tac x=x' in ballE) by (auto simp add: dist_sym dist_refl)
+ thus ?thesis using Lim_transform_within[of "dist a b" S a f g l] using assms(1,3) unfolding dist_nz by auto
+qed
+
+lemma Lim_transform_away_at:
+ fixes f:: "real ^'m \<Rightarrow> real ^'n"
+ assumes ab: "a\<noteq>b" and fg: "\<forall>x. x \<noteq> a \<and> x \<noteq> b \<longrightarrow> f x = g x"
+ and fl: "(f ---> l) (at a)"
+ shows "(g ---> l) (at a)"
+ using Lim_transform_away_within[OF ab, of UNIV f g l] fg fl
+ by (auto simp add: within_UNIV)
+
+text{* Alternatively, within an open set. *}
+
+lemma Lim_transform_within_open:
+ fixes f:: "real ^'m \<Rightarrow> real ^'n"
+ assumes "open S" "a \<in> S" "\<forall>x\<in>S. x \<noteq> a \<longrightarrow> f x = g x" "(f ---> l) (at a)"
+ shows "(g ---> l) (at a)"
+proof-
+ from assms(1,2) obtain e::real where "e>0" and e:"ball a e \<subseteq> S" unfolding open_contains_ball by auto
+ hence "\<forall>x'. 0 < dist x' a \<and> dist x' a < e \<longrightarrow> f x' = g x'" using assms(3)
+ unfolding ball_def subset_eq apply auto apply(erule_tac x=x' in allE) apply(erule_tac x=x' in ballE) by(auto simp add: dist_refl dist_sym)
+ thus ?thesis using Lim_transform_at[of e a f g l] `e>0` assms(4) by auto
+qed
+
+text{* A congruence rule allowing us to transform limits assuming not at point. *}
+
+lemma Lim_cong_within[cong add]:
+ "(\<And>x. x \<noteq> a \<Longrightarrow> f x = g x) ==> ((\<lambda>x. f x) ---> l) (at a within S) \<longleftrightarrow> ((g ---> l) (at a within S))"
+ by (simp add: Lim_within dist_nz[symmetric])
+
+lemma Lim_cong_at[cong add]:
+ "(\<And>x. x \<noteq> a ==> f x = g x) ==> (((\<lambda>x. f x) ---> l) (at a) \<longleftrightarrow> ((g ---> l) (at a)))"
+ by (simp add: Lim_at dist_nz[symmetric])
+
+text{* Useful lemmas on closure and set of possible sequential limits.*}
+
+lemma closure_sequential:
+ "l \<in> closure S \<longleftrightarrow> (\<exists>x. (\<forall>n. x n \<in> S) \<and> (x ---> l) sequentially)" (is "?lhs = ?rhs")
+proof
+ assume "?lhs" moreover
+ { assume "l \<in> S"
+ hence "?rhs" using Lim_const[of l sequentially] by auto
+ } moreover
+ { assume "l islimpt S"
+ hence "?rhs" unfolding islimpt_sequential by auto
+ } ultimately
+ show "?rhs" unfolding closure_def by auto
+next
+ assume "?rhs"
+ thus "?lhs" unfolding closure_def unfolding islimpt_sequential by auto
+qed
+
+lemma closed_sequential_limits:
+ "closed S \<longleftrightarrow> (\<forall>x l. (\<forall>n. x n \<in> S) \<and> (x ---> l) sequentially \<longrightarrow> l \<in> S)"
+ unfolding closed_limpt
+ by (metis closure_sequential closure_closed closed_limpt islimpt_sequential mem_delete)
+
+lemma closure_approachable: "x \<in> closure S \<longleftrightarrow> (\<forall>e>0. \<exists>y\<in>S. dist y x < e)"
+ apply (auto simp add: closure_def islimpt_approachable)
+ by (metis dist_refl)
+
+lemma closed_approachable: "closed S ==> (\<forall>e>0. \<exists>y\<in>S. dist y x < e) \<longleftrightarrow> x \<in> S"
+ by (metis closure_closed closure_approachable)
+
+text{* Some other lemmas about sequences. *}
+
+lemma seq_offset: "(f ---> l) sequentially ==> ((\<lambda>i. f( i + k)) ---> l) sequentially"
+ apply (auto simp add: Lim_sequentially)
+ by (metis trans_le_add1 )
+
+lemma seq_offset_neg: "(f ---> l) sequentially ==> ((\<lambda>i. f(i - k)) ---> l) sequentially"
+ apply (simp add: Lim_sequentially)
+ apply (subgoal_tac "\<And>N k (n::nat). N + k <= n ==> N <= n - k")
+ apply metis
+ by arith
+
+lemma seq_offset_rev: "((\<lambda>i. f(i + k)) ---> l) sequentially ==> (f ---> l) sequentially"
+ apply (simp add: Lim_sequentially)
+ apply (subgoal_tac "\<And>N k (n::nat). N + k <= n ==> N <= n - k \<and> (n - k) + k = n")
+ by metis arith
+
+lemma seq_harmonic: "((\<lambda>n. vec1(inverse (real n))) ---> 0) sequentially"
+proof-
+ { fix e::real assume "e>0"
+ hence "\<exists>N::nat. \<forall>n::nat\<ge>N. inverse (real n) < e"
+ using real_arch_inv[of e] apply auto apply(rule_tac x=n in exI)
+ by (metis dlo_simps(4) le_imp_inverse_le linorder_not_less real_of_nat_gt_zero_cancel_iff real_of_nat_less_iff xt1(7))
+ }
+ thus ?thesis unfolding Lim_sequentially dist_def apply simp unfolding norm_vec1 by auto
+qed
+
+text{* More properties of closed balls. *}
+
+lemma closed_cball: "closed(cball x e)"
+proof-
+ { fix xa::"nat\<Rightarrow>real^'a" and l assume as: "\<forall>n. dist x (xa n) \<le> e" "(xa ---> l) sequentially"
+ from as(2) have "((\<lambda>n. x - xa n) ---> x - l) sequentially" using Lim_sub[of "\<lambda>n. x" x sequentially xa l] Lim_const[of x sequentially] by auto
+ moreover from as(1) have "eventually (\<lambda>n. norm (x - xa n) \<le> e) sequentially" unfolding eventually_sequentially dist_def by auto
+ ultimately have "dist x l \<le> e"
+ unfolding dist_def
+ using Lim_norm_ubound[of sequentially _ "x - l" e] using trivial_limit_sequentially by auto
+ }
+ thus ?thesis unfolding closed_sequential_limits by auto
+qed
+
+lemma open_contains_cball: "open S \<longleftrightarrow> (\<forall>x\<in>S. \<exists>e>0. cball x e \<subseteq> S)"
+proof-
+ { fix x and e::real assume "x\<in>S" "e>0" "ball x e \<subseteq> S"
+ hence "\<exists>d>0. cball x d \<subseteq> S" unfolding subset_eq by (rule_tac x="e/2" in exI, auto)
+ } moreover
+ { fix x and e::real assume "x\<in>S" "e>0" "cball x e \<subseteq> S"
+ hence "\<exists>d>0. ball x d \<subseteq> S" unfolding subset_eq apply(rule_tac x="e/2" in exI) by auto
+ } ultimately
+ show ?thesis unfolding open_contains_ball by auto
+qed
+
+lemma open_contains_cball_eq: "open S ==> (\<forall>x. x \<in> S \<longleftrightarrow> (\<exists>e>0. cball x e \<subseteq> S))"
+ by (metis open_contains_cball subset_eq order_less_imp_le centre_in_cball mem_def)
+
+lemma mem_interior_cball: "x \<in> interior S \<longleftrightarrow> (\<exists>e>0. cball x e \<subseteq> S)"
+ apply (simp add: interior_def)
+ by (metis open_contains_cball subset_trans ball_subset_cball centre_in_ball open_ball)
+
+lemma islimpt_ball: "y islimpt ball x e \<longleftrightarrow> 0 < e \<and> y \<in> cball x e" (is "?lhs = ?rhs")
+proof
+ assume "?lhs"
+ { assume "e \<le> 0"
+ hence *:"ball x e = {}" using ball_eq_empty[of x e] by auto
+ have False using `?lhs` unfolding * using islimpt_EMPTY[of y] by auto
+ }
+ hence "e > 0" by (metis dlo_simps(3))
+ moreover
+ have "y \<in> cball x e" using closed_cball[of x e] islimpt_subset[of y "ball x e" "cball x e"] ball_subset_cball[of x e] `?lhs` unfolding closed_limpt by auto
+ ultimately show "?rhs" by auto
+next
+ assume "?rhs" hence "e>0" by auto
+ { fix d::real assume "d>0"
+ have "\<exists>x'\<in>ball x e. x' \<noteq> y \<and> dist x' y < d"
+ proof(cases "d \<le> dist x y")
+ case True thus "\<exists>x'\<in>ball x e. x' \<noteq> y \<and> dist x' y < d"
+ proof(cases "x=y")
+ case True hence False using `d \<le> dist x y` `d>0` dist_refl[of x] by auto
+ thus "\<exists>x'\<in>ball x e. x' \<noteq> y \<and> dist x' y < d" by auto
+ next
+ case False
+
+ have "dist x (y - (d / (2 * dist y x)) *s (y - x))
+ = norm (x - y + (d / (2 * norm (y - x))) *s (y - x))"
+ unfolding mem_cball mem_ball dist_def diff_diff_eq2 diff_add_eq[THEN sym] by auto
+ also have "\<dots> = \<bar>- 1 + d / (2 * norm (x - y))\<bar> * norm (x - y)"
+ using vector_sadd_rdistrib[of "- 1" "d / (2 * norm (y - x))", THEN sym, of "y - x"]
+ unfolding vector_smult_lneg vector_smult_lid
+ by (auto simp add: dist_sym[unfolded dist_def] norm_mul)
+ also have "\<dots> = \<bar>- norm (x - y) + d / 2\<bar>"
+ unfolding abs_mult_pos[of "norm (x - y)", OF norm_ge_zero[of "x - y"]]
+ unfolding real_add_mult_distrib using `x\<noteq>y`[unfolded dist_nz, unfolded dist_def] by auto
+ also have "\<dots> \<le> e - d/2" using `d \<le> dist x y` and `d>0` and `?rhs` by(auto simp add: dist_def)
+ finally have "y - (d / (2 * dist y x)) *s (y - x) \<in> ball x e" using `d>0` by auto
+
+ moreover
+
+ have "(d / (2*dist y x)) *s (y - x) \<noteq> 0"
+ using `x\<noteq>y`[unfolded dist_nz] `d>0` unfolding vector_mul_eq_0 by (auto simp add: dist_sym dist_refl)
+ moreover
+ have "dist (y - (d / (2 * dist y x)) *s (y - x)) y < d" unfolding dist_def apply simp unfolding norm_minus_cancel norm_mul
+ using `d>0` `x\<noteq>y`[unfolded dist_nz] dist_sym[of x y]
+ unfolding dist_def by auto
+ ultimately show "\<exists>x'\<in>ball x e. x' \<noteq> y \<and> dist x' y < d" by (rule_tac x="y - (d / (2*dist y x)) *s (y - x)" in bexI) auto
+ qed
+ next
+ case False hence "d > dist x y" by auto
+ show "\<exists>x'\<in>ball x e. x' \<noteq> y \<and> dist x' y < d"
+ proof(cases "x=y")
+ case True
+ obtain z where **:"dist y z = (min e d) / 2" using vector_choose_dist[of "(min e d) / 2" y]
+ using `d > 0` `e>0` by (auto simp add: dist_refl)
+ show "\<exists>x'\<in>ball x e. x' \<noteq> y \<and> dist x' y < d"
+ apply(rule_tac x=z in bexI) unfolding `x=y` dist_sym dist_refl dist_nz using ** `d > 0` `e>0` by auto
+ next
+ case False thus "\<exists>x'\<in>ball x e. x' \<noteq> y \<and> dist x' y < d"
+ using `d>0` `d > dist x y` `?rhs` by(rule_tac x=x in bexI, auto simp add: dist_refl)
+ qed
+ qed }
+ thus "?lhs" unfolding mem_cball islimpt_approachable mem_ball by auto
+qed
+
+lemma closure_ball: "0 < e ==> (closure(ball x e) = cball x e)"
+ apply (simp add: closure_def islimpt_ball expand_set_eq)
+ by arith
+
+lemma interior_cball: "interior(cball x e) = ball x e"
+proof(cases "e\<ge>0")
+ case False note cs = this
+ from cs have "ball x e = {}" using ball_empty[of e x] by auto moreover
+ { fix y assume "y \<in> cball x e"
+ hence False unfolding mem_cball using dist_nz[of x y] cs by (auto simp add: dist_refl) }
+ hence "cball x e = {}" by auto
+ hence "interior (cball x e) = {}" using interior_empty by auto
+ ultimately show ?thesis by blast
+next
+ case True note cs = this
+ have "ball x e \<subseteq> cball x e" using ball_subset_cball by auto moreover
+ { fix S y assume as: "S \<subseteq> cball x e" "open S" "y\<in>S"
+ then obtain d where "d>0" and d:"\<forall>x'. dist x' y < d \<longrightarrow> x' \<in> S" unfolding open_def by blast
+
+ then obtain xa where xa:"dist y xa = d / 2" using vector_choose_dist[of "d/2" y] by auto
+ hence xa_y:"xa \<noteq> y" using dist_nz[of y xa] using `d>0` by auto
+ have "xa\<in>S" using d[THEN spec[where x=xa]] using xa apply(auto simp add: dist_sym) unfolding dist_nz[THEN sym] using xa_y by auto
+ hence xa_cball:"xa \<in> cball x e" using as(1) by auto
+
+ hence "y \<in> ball x e" proof(cases "x = y")
+ case True
+ hence "e>0" using xa_y[unfolded dist_nz] xa_cball[unfolded mem_cball] by (auto simp add: dist_sym)
+ thus "y \<in> ball x e" using `x = y ` by simp
+ next
+ case False
+ have "dist (y + (d / 2 / dist y x) *s (y - x)) y < d" unfolding dist_def
+ using `d>0` norm_ge_zero[of "y - x"] `x \<noteq> y` by auto
+ hence *:"y + (d / 2 / dist y x) *s (y - x) \<in> cball x e" using d as(1)[unfolded subset_eq] by blast
+ have "y - x \<noteq> 0" using `x \<noteq> y` by auto
+ hence **:"d / (2 * norm (y - x)) > 0" unfolding zero_less_norm_iff[THEN sym]
+ using `d>0` divide_pos_pos[of d "2*norm (y - x)"] by auto
+
+ have "dist (y + (d / 2 / dist y x) *s (y - x)) x = norm (y + (d / (2 * norm (y - x))) *s y - (d / (2 * norm (y - x))) *s x - x)"
+ by (auto simp add: dist_def vector_ssub_ldistrib add_diff_eq)
+ also have "\<dots> = norm ((1 + d / (2 * norm (y - x))) *s (y - x))"
+ by (auto simp add: vector_sadd_rdistrib vector_smult_lid ring_simps vector_sadd_rdistrib vector_ssub_ldistrib)
+ also have "\<dots> = \<bar>1 + d / (2 * norm (y - x))\<bar> * norm (y - x)" using ** by auto
+ also have "\<dots> = (dist y x) + d/2"using ** by (auto simp add: left_distrib dist_def)
+ finally have "e \<ge> dist x y +d/2" using *[unfolded mem_cball] by (auto simp add: dist_sym)
+ thus "y \<in> ball x e" unfolding mem_ball using `d>0` by auto
+ qed }
+ hence "\<forall>S \<subseteq> cball x e. open S \<longrightarrow> S \<subseteq> ball x e" by auto
+ ultimately show ?thesis using interior_unique[of "ball x e" "cball x e"] using open_ball[of x e] by auto
+qed
+
+lemma frontier_ball: "0 < e ==> frontier(ball a e) = {x. dist a x = e}"
+ apply (simp add: frontier_def closure_ball interior_open open_ball order_less_imp_le)
+ apply (simp add: expand_set_eq)
+ by arith
+
+lemma frontier_cball: "frontier(cball a e) = {x. dist a x = e}"
+ apply (simp add: frontier_def interior_cball closed_cball closure_closed order_less_imp_le)
+ apply (simp add: expand_set_eq)
+ by arith
+
+lemma cball_eq_empty: "(cball x e = {}) \<longleftrightarrow> e < 0"
+ apply (simp add: expand_set_eq not_le)
+ by (metis dist_pos_le dist_refl order_less_le_trans)
+lemma cball_empty: "e < 0 ==> cball x e = {}" by (simp add: cball_eq_empty)
+
+lemma cball_eq_sing: "(cball x e = {x}) \<longleftrightarrow> e = 0"
+proof-
+ { assume as:"\<forall>xa. (dist x xa \<le> e) = (xa = x)"
+ hence "e \<ge> 0" apply (erule_tac x=x in allE) by (auto simp add: dist_pos_le dist_refl)
+ then obtain y where y:"dist x y = e" using vector_choose_dist[of e] by auto
+ hence "e = 0" using as apply(erule_tac x=y in allE) by (auto simp add: dist_pos_le dist_refl)
+ }
+ thus ?thesis unfolding expand_set_eq mem_cball by (auto simp add: dist_refl dist_nz dist_le_0)
+qed
+
+lemma cball_sing: "e = 0 ==> cball x e = {x}" by (simp add: cball_eq_sing)
+
+text{* For points in the interior, localization of limits makes no difference. *}
+
+lemma eventually_within_interior: assumes "x \<in> interior S"
+ shows "eventually P (at x within S) \<longleftrightarrow> eventually P (at x)" (is "?lhs = ?rhs")
+proof-
+ from assms obtain e where e:"e>0" "\<forall>y. dist x y < e \<longrightarrow> y \<in> S" unfolding mem_interior ball_def subset_eq by auto
+ { assume "?lhs" then obtain d where "d>0" "\<forall>xa\<in>S. 0 < dist xa x \<and> dist xa x < d \<longrightarrow> P xa" unfolding eventually_within by auto
+ hence "?rhs" unfolding eventually_at using e by (auto simp add: dist_sym intro!: add exI[of _ "min e d"])
+ } moreover
+ { assume "?rhs" hence "?lhs" unfolding eventually_within eventually_at by auto
+ } ultimately
+ show "?thesis" by auto
+qed
+
+lemma lim_within_interior: "x \<in> interior S ==> ((f ---> l) (at x within S) \<longleftrightarrow> (f ---> l) (at x))"
+ by (simp add: tendsto_def eventually_within_interior)
+
+lemma netlimit_within_interior: assumes "x \<in> interior S"
+ shows "netlimit(at x within S) = x" (is "?lhs = ?rhs")
+proof-
+ from assms obtain e::real where e:"e>0" "ball x e \<subseteq> S" using open_interior[of S] unfolding open_contains_ball using interior_subset[of S] by auto
+ hence "\<not> trivial_limit (at x within S)" using islimpt_subset[of x "ball x e" S] unfolding trivial_limit_within islimpt_ball centre_in_cball by auto
+ thus ?thesis using netlimit_within by auto
+qed
+
+subsection{* Boundedness. *}
+
+ (* FIXME: This has to be unified with BSEQ!! *)
+definition "bounded S \<longleftrightarrow> (\<exists>a. \<forall>(x::real^'n) \<in> S. norm x <= a)"
+
+lemma bounded_empty[simp]: "bounded {}" by (simp add: bounded_def)
+lemma bounded_subset: "bounded T \<Longrightarrow> S \<subseteq> T ==> bounded S"
+ by (metis bounded_def subset_eq)
+
+lemma bounded_interior[intro]: "bounded S ==> bounded(interior S)"
+ by (metis bounded_subset interior_subset)
+
+lemma bounded_closure[intro]: assumes "bounded S" shows "bounded(closure S)"
+proof-
+ from assms obtain a where a:"\<forall>x\<in>S. norm x \<le> a" unfolding bounded_def by auto
+ { fix x assume "x\<in>closure S"
+ then obtain xa where xa:"\<forall>n. xa n \<in> S" "(xa ---> x) sequentially" unfolding closure_sequential by auto
+ moreover have "\<exists>y. \<exists>x. netord sequentially x y" using trivial_limit_sequentially unfolding trivial_limit_def by blast
+ hence "\<exists>y. (\<exists>x. netord sequentially x y) \<and> (\<forall>x. netord sequentially x y \<longrightarrow> norm (xa x) \<le> a)" unfolding sequentially_def using a xa(1) by auto
+ ultimately have "norm x \<le> a" using Lim_norm_ubound[of sequentially xa x a] trivial_limit_sequentially unfolding eventually_def by auto
+ }
+ thus ?thesis unfolding bounded_def by auto
+qed
+
+lemma bounded_cball[simp,intro]: "bounded (cball x e)"
+ apply (simp add: bounded_def)
+ apply (rule exI[where x="norm x + e"])
+ apply (simp add: Ball_def)
+ by norm
+
+lemma bounded_ball[simp,intro]: "bounded(ball x e)"
+ by (metis ball_subset_cball bounded_cball bounded_subset)
+
+lemma finite_imp_bounded[intro]: assumes "finite S" shows "bounded S"
+proof-
+ { fix x F assume as:"bounded F"
+ then obtain a where "\<forall>x\<in>F. norm x \<le> a" unfolding bounded_def by auto
+ hence "bounded (insert x F)" unfolding bounded_def by(auto intro!: add exI[of _ "max a (norm x)"])
+ }
+ thus ?thesis using finite_induct[of S bounded] using bounded_empty assms by auto
+qed
+
+lemma bounded_Un[simp]: "bounded (S \<union> T) \<longleftrightarrow> bounded S \<and> bounded T"
+ apply (auto simp add: bounded_def)
+ by (rule_tac x="max a aa" in exI, auto)
+
+lemma bounded_Union[intro]: "finite F \<Longrightarrow> (\<forall>S\<in>F. bounded S) \<Longrightarrow> bounded(\<Union>F)"
+ by (induct rule: finite_induct[of F], auto)
+
+lemma bounded_pos: "bounded S \<longleftrightarrow> (\<exists>b>0. \<forall>x\<in> S. norm x <= b)"
+ apply (simp add: bounded_def)
+ apply (subgoal_tac "\<And>x (y::real). 0 < 1 + abs y \<and> (x <= y \<longrightarrow> x <= 1 + abs y)")
+ by metis arith
+
+lemma bounded_Int[intro]: "bounded S \<or> bounded T \<Longrightarrow> bounded (S \<inter> T)"
+ by (metis Int_lower1 Int_lower2 bounded_subset)
+
+lemma bounded_diff[intro]: "bounded S ==> bounded (S - T)"
+apply (metis Diff_subset bounded_subset)
+done
+
+lemma bounded_insert[intro]:"bounded(insert x S) \<longleftrightarrow> bounded S"
+ by (metis Diff_cancel Un_empty_right Un_insert_right bounded_Un bounded_subset finite.emptyI finite_imp_bounded infinite_remove subset_insertI)
+
+lemma bot_bounded_UNIV[simp, intro]: "~(bounded (UNIV:: (real^'n) set))"
+proof(auto simp add: bounded_pos not_le)
+ fix b::real assume b: "b >0"
+ have b1: "b +1 \<ge> 0" using b by simp
+ then obtain x:: "real^'n" where "norm x = b + 1" using vector_choose_size[of "b+1"] by blast
+ hence "norm x > b" using b by simp
+ then show "\<exists>(x::real^'n). b < norm x" by blast
+qed
+
+lemma bounded_linear_image:
+ fixes f :: "real^'m \<Rightarrow> real^'n"
+ assumes "bounded S" "linear f"
+ shows "bounded(f ` S)"
+proof-
+ from assms(1) obtain b where b:"b>0" "\<forall>x\<in>S. norm x \<le> b" unfolding bounded_pos by auto
+ from assms(2) obtain B where B:"B>0" "\<forall>x. norm (f x) \<le> B * norm x" using linear_bounded_pos by auto
+ { fix x assume "x\<in>S"
+ hence "norm x \<le> b" using b by auto
+ hence "norm (f x) \<le> B * b" using B(2) apply(erule_tac x=x in allE)
+ by (metis B(1) B(2) real_le_trans real_mult_le_cancel_iff2)
+ }
+ thus ?thesis unfolding bounded_pos apply(rule_tac x="b*B" in exI)
+ using b B real_mult_order[of b B] by (auto simp add: real_mult_commute)
+qed
+
+lemma bounded_scaling: "bounded S \<Longrightarrow> bounded ((\<lambda>x. c *s x) ` S)"
+ apply (rule bounded_linear_image, assumption)
+ by (rule linear_compose_cmul, rule linear_id[unfolded id_def])
+
+lemma bounded_translation: assumes "bounded S" shows "bounded ((\<lambda>x. a + x) ` S)"
+proof-
+ from assms obtain b where b:"b>0" "\<forall>x\<in>S. norm x \<le> b" unfolding bounded_pos by auto
+ { fix x assume "x\<in>S"
+ hence "norm (a + x) \<le> b + norm a" using norm_triangle_ineq[of a x] b by auto
+ }
+ thus ?thesis unfolding bounded_pos using norm_ge_zero[of a] b(1) using add_strict_increasing[of b 0 "norm a"]
+ by (auto intro!: add exI[of _ "b + norm a"])
+qed
+
+
+text{* Some theorems on sups and infs using the notion "bounded". *}
+
+lemma bounded_vec1: "bounded(vec1 ` S) \<longleftrightarrow> (\<exists>a. \<forall>x\<in>S. abs x <= a)"
+ by (simp add: bounded_def forall_vec1 norm_vec1 vec1_in_image_vec1)
+
+lemma bounded_has_rsup: assumes "bounded(vec1 ` S)" "S \<noteq> {}"
+ shows "\<forall>x\<in>S. x <= rsup S" and "\<forall>b. (\<forall>x\<in>S. x <= b) \<longrightarrow> rsup S <= b"
+proof
+ fix x assume "x\<in>S"
+ from assms(1) obtain a where a:"\<forall>x\<in>S. \<bar>x\<bar> \<le> a" unfolding bounded_vec1 by auto
+ hence *:"S *<= a" using setleI[of S a] by (metis abs_le_interval_iff mem_def)
+ thus "x \<le> rsup S" using rsup[OF `S\<noteq>{}`] using assms(1)[unfolded bounded_vec1] using isLubD2[of UNIV S "rsup S" x] using `x\<in>S` by auto
+next
+ show "\<forall>b. (\<forall>x\<in>S. x \<le> b) \<longrightarrow> rsup S \<le> b" using assms
+ using rsup[of S, unfolded isLub_def isUb_def leastP_def setle_def setge_def]
+ apply (auto simp add: bounded_vec1)
+ by (auto simp add: isLub_def isUb_def leastP_def setle_def setge_def)
+qed
+
+lemma rsup_insert: assumes "bounded (vec1 ` S)"
+ shows "rsup(insert x S) = (if S = {} then x else max x (rsup S))"
+proof(cases "S={}")
+ case True thus ?thesis using rsup_finite_in[of "{x}"] by auto
+next
+ let ?S = "insert x S"
+ case False
+ hence *:"\<forall>x\<in>S. x \<le> rsup S" using bounded_has_rsup(1)[of S] using assms by auto
+ hence "insert x S *<= max x (rsup S)" unfolding setle_def by auto
+ hence "isLub UNIV ?S (rsup ?S)" using rsup[of ?S] by auto
+ moreover
+ have **:"isUb UNIV ?S (max x (rsup S))" unfolding isUb_def setle_def using * by auto
+ { fix y assume as:"isUb UNIV (insert x S) y"
+ hence "max x (rsup S) \<le> y" unfolding isUb_def using rsup_le[OF `S\<noteq>{}`]
+ unfolding setle_def by auto }
+ hence "max x (rsup S) <=* isUb UNIV (insert x S)" unfolding setge_def Ball_def mem_def by auto
+ hence "isLub UNIV ?S (max x (rsup S))" using ** isLubI2[of UNIV ?S "max x (rsup S)"] unfolding Collect_def by auto
+ ultimately show ?thesis using real_isLub_unique[of UNIV ?S] using `S\<noteq>{}` by auto
+qed
+
+lemma sup_insert_finite: "finite S \<Longrightarrow> rsup(insert x S) = (if S = {} then x else max x (rsup S))"
+ apply (rule rsup_insert)
+ apply (rule finite_imp_bounded)
+ by simp
+
+lemma bounded_has_rinf:
+ assumes "bounded(vec1 ` S)" "S \<noteq> {}"
+ shows "\<forall>x\<in>S. x >= rinf S" and "\<forall>b. (\<forall>x\<in>S. x >= b) \<longrightarrow> rinf S >= b"
+proof
+ fix x assume "x\<in>S"
+ from assms(1) obtain a where a:"\<forall>x\<in>S. \<bar>x\<bar> \<le> a" unfolding bounded_vec1 by auto
+ hence *:"- a <=* S" using setgeI[of S "-a"] unfolding abs_le_interval_iff by auto
+ thus "x \<ge> rinf S" using rinf[OF `S\<noteq>{}`] using isGlbD2[of UNIV S "rinf S" x] using `x\<in>S` by auto
+next
+ show "\<forall>b. (\<forall>x\<in>S. x >= b) \<longrightarrow> rinf S \<ge> b" using assms
+ using rinf[of S, unfolded isGlb_def isLb_def greatestP_def setle_def setge_def]
+ apply (auto simp add: bounded_vec1)
+ by (auto simp add: isGlb_def isLb_def greatestP_def setle_def setge_def)
+qed
+
+(* TODO: Move this to RComplete.thy -- would need to include Glb into RComplete *)
+lemma real_isGlb_unique: "[| isGlb R S x; isGlb R S y |] ==> x = (y::real)"
+ apply (frule isGlb_isLb)
+ apply (frule_tac x = y in isGlb_isLb)
+ apply (blast intro!: order_antisym dest!: isGlb_le_isLb)
+ done
+
+lemma rinf_insert: assumes "bounded (vec1 ` S)"
+ shows "rinf(insert x S) = (if S = {} then x else min x (rinf S))" (is "?lhs = ?rhs")
+proof(cases "S={}")
+ case True thus ?thesis using rinf_finite_in[of "{x}"] by auto
+next
+ let ?S = "insert x S"
+ case False
+ hence *:"\<forall>x\<in>S. x \<ge> rinf S" using bounded_has_rinf(1)[of S] using assms by auto
+ hence "min x (rinf S) <=* insert x S" unfolding setge_def by auto
+ hence "isGlb UNIV ?S (rinf ?S)" using rinf[of ?S] by auto
+ moreover
+ have **:"isLb UNIV ?S (min x (rinf S))" unfolding isLb_def setge_def using * by auto
+ { fix y assume as:"isLb UNIV (insert x S) y"
+ hence "min x (rinf S) \<ge> y" unfolding isLb_def using rinf_ge[OF `S\<noteq>{}`]
+ unfolding setge_def by auto }
+ hence "isLb UNIV (insert x S) *<= min x (rinf S)" unfolding setle_def Ball_def mem_def by auto
+ hence "isGlb UNIV ?S (min x (rinf S))" using ** isGlbI2[of UNIV ?S "min x (rinf S)"] unfolding Collect_def by auto
+ ultimately show ?thesis using real_isGlb_unique[of UNIV ?S] using `S\<noteq>{}` by auto
+qed
+
+lemma inf_insert_finite: "finite S ==> rinf(insert x S) = (if S = {} then x else min x (rinf S))"
+ by (rule rinf_insert, rule finite_imp_bounded, simp)
+
+subsection{* Compactness (the definition is the one based on convegent subsequences). *}
+
+definition "compact S \<longleftrightarrow>
+ (\<forall>(f::nat \<Rightarrow> real^'n). (\<forall>n. f n \<in> S) \<longrightarrow>
+ (\<exists>l\<in>S. \<exists>r. (\<forall>m n. m < n \<longrightarrow> r m < r n) \<and> ((f o r) ---> l) sequentially))"
+
+lemma monotone_bigger: fixes r::"nat\<Rightarrow>nat"
+ assumes "\<forall>m n::nat. m < n --> r m < r n"
+ shows "n \<le> r n"
+proof(induct n)
+ show "0 \<le> r 0" by auto
+next
+ fix n assume "n \<le> r n"
+ moreover have "r n < r (Suc n)" using assms by auto
+ ultimately show "Suc n \<le> r (Suc n)" by auto
+qed
+
+lemma lim_subsequence: "\<forall>m n. m < n \<longrightarrow> r m < r n \<Longrightarrow> (s ---> l) sequentially \<Longrightarrow> ((s o r) ---> l) sequentially"
+unfolding Lim_sequentially by (simp, metis monotone_bigger le_trans)
+
+lemma num_Axiom: "EX! g. g 0 = e \<and> (\<forall>n. g (Suc n) = f n (g n))"
+ unfolding Ex1_def
+ apply (rule_tac x="nat_rec e f" in exI)
+ apply (rule conjI)+
+apply (rule def_nat_rec_0, simp)
+apply (rule allI, rule def_nat_rec_Suc, simp)
+apply (rule allI, rule impI, rule ext)
+apply (erule conjE)
+apply (induct_tac x)
+apply (simp add: nat_rec_0)
+apply (erule_tac x="n" in allE)
+apply (simp)
+done
+
+
+lemma convergent_bounded_increasing: fixes s ::"nat\<Rightarrow>real"
+ assumes "\<forall>m n. m \<le> n --> s m \<le> s n" and "\<forall>n. abs(s n) \<le> b"
+ shows "\<exists> l. \<forall>e::real>0. \<exists> N. \<forall>n \<ge> N. abs(s n - l) < e"
+proof-
+ have "isUb UNIV (range s) b" using assms(2) and abs_le_D1 unfolding isUb_def and setle_def by auto
+ then obtain t where t:"isLub UNIV (range s) t" using reals_complete[of "range s" ] by auto
+ { fix e::real assume "e>0" and as:"\<forall>N. \<exists>n\<ge>N. \<not> \<bar>s n - t\<bar> < e"
+ { fix n::nat
+ obtain N where "N\<ge>n" and n:"\<bar>s N - t\<bar> \<ge> e" using as[THEN spec[where x=n]] by auto
+ have "t \<ge> s N" using isLub_isUb[OF t, unfolded isUb_def setle_def] by auto
+ with n have "s N \<le> t - e" using `e>0` by auto
+ hence "s n \<le> t - e" using assms(1)[THEN spec[where x=n], THEN spec[where x=N]] using `n\<le>N` by auto }
+ hence "isUb UNIV (range s) (t - e)" unfolding isUb_def and setle_def by auto
+ hence False using isLub_le_isUb[OF t, of "t - e"] and `e>0` by auto }
+ thus ?thesis by blast
+qed
+
+lemma convergent_bounded_monotone: fixes s::"nat \<Rightarrow> real"
+ assumes "\<forall>n. abs(s n) \<le> b" and "(\<forall>m n. m \<le> n --> s m \<le> s n) \<or> (\<forall>m n. m \<le> n --> s n \<le> s m)"
+ shows "\<exists>l. \<forall>e::real>0. \<exists>N. \<forall>n\<ge>N. abs(s n - l) < e"
+ using convergent_bounded_increasing[of s b] assms using convergent_bounded_increasing[of "\<lambda>n. - s n" b]
+ apply auto unfolding minus_add_distrib[THEN sym, unfolded diff_minus[THEN sym]]
+ unfolding abs_minus_cancel by(rule_tac x="-l" in exI)auto
+
+lemma compact_real_lemma:
+ assumes "\<forall>n::nat. abs(s n) \<le> b"
+ shows "\<exists>l r. (\<forall>m n::nat. m < n --> r m < r n) \<and>
+ (\<forall>e>0::real. \<exists>N. \<forall>n\<ge>N. (abs(s (r n) - l) < e))"
+proof-
+ obtain r where r:"\<forall>m n::nat. m < n \<longrightarrow> r m < r n"
+ "(\<forall>m n. m \<le> n \<longrightarrow> s (r m) \<le> s (r n)) \<or> (\<forall>m n. m \<le> n \<longrightarrow> s (r n) \<le> s (r m))"
+ using seq_monosub[of s] by (auto simp add: subseq_def monoseq_def)
+ thus ?thesis using convergent_bounded_monotone[of "s o r" b] and assms by auto
+qed
+
+lemma compact_lemma:
+ assumes "bounded s" and "\<forall>n. (x::nat \<Rightarrow>real^'a) n \<in> s"
+ shows "\<forall>d\<in>{1.. dimindex(UNIV::'a set)}.
+ \<exists>l::(real^'a). \<exists> r. (\<forall>n m::nat. m < n --> r m < r n) \<and>
+ (\<forall>e>0. \<exists>N. \<forall>n\<ge>N. \<forall>i\<in>{1..d}. \<bar>x (r n) $ i - l $ i\<bar> < e)"
+proof-
+ obtain b where b:"\<forall>x\<in>s. norm x \<le> b" using assms(1)[unfolded bounded_def] by auto
+ { { fix i assume i:"i\<in>{1.. dimindex(UNIV::'a set)}"
+ { fix n::nat
+ have "\<bar>x n $ i\<bar> \<le> b" using b[THEN bspec[where x="x n"]] and component_le_norm[of i "x n"] and assms(2)[THEN spec[where x=n]] and i by auto }
+ hence "\<forall>n. \<bar>x n $ i\<bar> \<le> b" by auto
+ } note b' = this
+
+ fix d assume "d\<in>{1.. dimindex(UNIV::'a set)}"
+ hence "\<exists>l::(real^'a). \<exists> r. (\<forall>n m::nat. m < n --> r m < r n) \<and>
+ (\<forall>e>0. \<exists>N. \<forall>n\<ge>N. \<forall>i\<in>{1..d}. \<bar>x (r n) $ i - l $ i\<bar> < e)"
+ proof(induct d) case 0 thus ?case by auto
+ (* The induction really starts at Suc 0 *)
+ next case (Suc d)
+ show ?case proof(cases "d = 0")
+ case True hence "Suc d = Suc 0" by auto
+ obtain l r where r:"\<forall>m n::nat. m < n \<longrightarrow> r m < r n" and lr:"\<forall>e>0. \<exists>N. \<forall>n\<ge>N. \<bar>x (r n) $ 1 - l\<bar> < e" using b' and dimindex_ge_1[of "UNIV::'a set"]
+ using compact_real_lemma[of "\<lambda>i. (x i)$1" b] by auto
+ thus ?thesis apply(rule_tac x="vec l" in exI) apply(rule_tac x=r in exI)
+ unfolding `Suc d = Suc 0` apply auto
+ unfolding vec_component[OF Suc(2)[unfolded `Suc d = Suc 0`]] by auto
+ next
+ case False hence d:"d \<in>{1.. dimindex(UNIV::'a set)}" using Suc(2) by auto
+ obtain l1::"real^'a" and r1 where r1:"\<forall>n m::nat. m < n \<longrightarrow> r1 m < r1 n" and lr1:"\<forall>e>0. \<exists>N. \<forall>n\<ge>N. \<forall>i\<in>{1..d}. \<bar>x (r1 n) $ i - l1 $ i\<bar> < e"
+ using Suc(1)[OF d] by auto
+ obtain l2 r2 where r2:"\<forall>m n::nat. m < n \<longrightarrow> r2 m < r2 n" and lr2:"\<forall>e>0. \<exists>N. \<forall>n\<ge>N. \<bar>(x \<circ> r1) (r2 n) $ (Suc d) - l2\<bar> < e"
+ using b'[OF Suc(2)] and compact_real_lemma[of "\<lambda>i. ((x \<circ> r1) i)$(Suc d)" b] by auto
+ def r \<equiv> "r1 \<circ> r2" have r:"\<forall>m n. m < n \<longrightarrow> r m < r n" unfolding r_def o_def using r1 and r2 by auto
+ moreover
+ def l \<equiv> "(\<chi> i. if i = Suc d then l2 else l1$i)::real^'a"
+ { fix e::real assume "e>0"
+ from lr1 obtain N1 where N1:"\<forall>n\<ge>N1. \<forall>i\<in>{1..d}. \<bar>x (r1 n) $ i - l1 $ i\<bar> < e" using `e>0` by blast
+ from lr2 obtain N2 where N2:"\<forall>n\<ge>N2. \<bar>(x \<circ> r1) (r2 n) $ (Suc d) - l2\<bar> < e" using `e>0` by blast
+ { fix n assume n:"n\<ge> N1 + N2"
+ fix i assume i:"i\<in>{1..Suc d}" hence i':"i\<in>{1.. dimindex(UNIV::'a set)}" using Suc by auto
+ hence "\<bar>x (r n) $ i - l $ i\<bar> < e"
+ using N2[THEN spec[where x="n"]] and n
+ using N1[THEN spec[where x="r2 n"]] and n
+ using monotone_bigger[OF r] and i
+ unfolding l_def and r_def and Cart_lambda_beta'[OF i']
+ using monotone_bigger[OF r2, of n] by auto }
+ hence "\<exists>N. \<forall>n\<ge>N. \<forall>i\<in>{1..Suc d}. \<bar>x (r n) $ i - l $ i\<bar> < e" by blast }
+ ultimately show ?thesis by auto
+ qed
+ qed }
+ thus ?thesis by auto
+qed
+
+lemma bounded_closed_imp_compact: fixes s::"(real^'a) set"
+ assumes "bounded s" and "closed s"
+ shows "compact s"
+proof-
+ let ?d = "dimindex (UNIV::'a set)"
+ { fix f assume as:"\<forall>n::nat. f n \<in> s"
+ obtain l::"real^'a" and r where r:"\<forall>n m::nat. m < n \<longrightarrow> r m < r n"
+ and lr:"\<forall>e>0. \<exists>N. \<forall>n\<ge>N. \<forall>i\<in>{1..?d}. \<bar>f (r n) $ i - l $ i\<bar> < e"
+ using compact_lemma[OF assms(1) as, THEN bspec[where x="?d"]] and dimindex_ge_1[of "UNIV::'a set"] by auto
+ { fix e::real assume "e>0"
+ hence "0 < e / (real_of_nat ?d)" using dimindex_nonzero[of "UNIV::'a set"] using divide_pos_pos[of e, of "real_of_nat ?d"] by auto
+ then obtain N::nat where N:"\<forall>n\<ge>N. \<forall>i\<in>{1..?d}. \<bar>f (r n) $ i - l $ i\<bar> < e / (real_of_nat ?d)" using lr[THEN spec[where x="e / (real_of_nat ?d)"]] by blast
+ { fix n assume n:"n\<ge>N"
+ have "1 \<in> {1..?d}" using dimindex_nonzero[of "UNIV::'a set"] by auto
+ hence "finite {1..?d}" "{1..?d} \<noteq> {}" by auto
+ moreover
+ { fix i assume i:"i \<in> {1..?d}"
+ hence "\<bar>((f \<circ> r) n - l) $ i\<bar> < e / real_of_nat ?d" using `n\<ge>N` using N[THEN spec[where x=n]]
+ apply auto apply(erule_tac x=i in ballE) unfolding vector_minus_component[OF i] by auto }
+ ultimately have "(\<Sum>i = 1..?d. \<bar>((f \<circ> r) n - l) $ i\<bar>)
+ < (\<Sum>i = 1..?d. e / real_of_nat ?d)"
+ using setsum_strict_mono[of "{1..?d}" "\<lambda>i. \<bar>((f \<circ> r) n - l) $ i\<bar>" "\<lambda>i. e / (real_of_nat ?d)"] by auto
+ hence "(\<Sum>i = 1..?d. \<bar>((f \<circ> r) n - l) $ i\<bar>) < e" unfolding setsum_constant using dimindex_nonzero[of "UNIV::'a set"] by auto
+ hence "dist ((f \<circ> r) n) l < e" unfolding dist_def using norm_le_l1[of "(f \<circ> r) n - l"] by auto }
+ hence "\<exists>N. \<forall>n\<ge>N. dist ((f \<circ> r) n) l < e" by auto }
+ hence *:"((f \<circ> r) ---> l) sequentially" unfolding Lim_sequentially by auto
+ moreover have "l\<in>s"
+ using assms(2)[unfolded closed_sequential_limits, THEN spec[where x="f \<circ> r"], THEN spec[where x=l]] and * and as by auto
+ ultimately have "\<exists>l\<in>s. \<exists>r. (\<forall>m n. m < n \<longrightarrow> r m < r n) \<and> ((f \<circ> r) ---> l) sequentially" using r by auto }
+ thus ?thesis unfolding compact_def by auto
+qed
+
+subsection{* Completeness. *}
+
+ (* FIXME: Unify this with Cauchy from SEQ!!!!!*)
+
+definition cauchy_def:"cauchy s \<longleftrightarrow> (\<forall>e>0. \<exists>N. \<forall>m n. m \<ge> N \<and> n \<ge> N --> dist(s m)(s n) < e)"
+
+definition complete_def:"complete s \<longleftrightarrow> (\<forall>f::(nat=>real^'a). (\<forall>n. f n \<in> s) \<and> cauchy f
+ --> (\<exists>l \<in> s. (f ---> l) sequentially))"
+
+lemma cauchy: "cauchy s \<longleftrightarrow> (\<forall>e>0.\<exists> N::nat. \<forall>n\<ge>N. dist(s n)(s N) < e)" (is "?lhs = ?rhs")
+proof-
+ { assume ?rhs
+ { fix e::real
+ assume "e>0"
+ with `?rhs` obtain N where N:"\<forall>n\<ge>N. dist (s n) (s N) < e/2"
+ by (erule_tac x="e/2" in allE) auto
+ { fix n m
+ assume nm:"N \<le> m \<and> N \<le> n"
+ hence "dist (s m) (s n) < e" using N
+ using dist_triangle_half_l[of "s m" "s N" "e" "s n"]
+ by blast
+ }
+ hence "\<exists>N. \<forall>m n. N \<le> m \<and> N \<le> n \<longrightarrow> dist (s m) (s n) < e"
+ by blast
+ }
+ hence ?lhs
+ unfolding cauchy_def
+ by blast
+ }
+ thus ?thesis
+ unfolding cauchy_def
+ using dist_triangle_half_l
+ by blast
+qed
+
+lemma convergent_imp_cauchy:
+ "(s ---> l) sequentially ==> cauchy s"
+proof(simp only: cauchy_def, rule, rule)
+ fix e::real assume "e>0" "(s ---> l) sequentially"
+ then obtain N::nat where N:"\<forall>n\<ge>N. dist (s n) l < e/2" unfolding Lim_sequentially by(erule_tac x="e/2" in allE) auto
+ thus "\<exists>N. \<forall>m n. N \<le> m \<and> N \<le> n \<longrightarrow> dist (s m) (s n) < e" using dist_triangle_half_l[of _ l e _] by (rule_tac x=N in exI) auto
+qed
+
+lemma cauchy_imp_bounded: assumes "cauchy s" shows "bounded {y. (\<exists>n::nat. y = s n)}"
+proof-
+ from assms obtain N::nat where "\<forall>m n. N \<le> m \<and> N \<le> n \<longrightarrow> dist (s m) (s n) < 1" unfolding cauchy_def apply(erule_tac x= 1 in allE) by auto
+ hence N:"\<forall>n. N \<le> n \<longrightarrow> dist (s N) (s n) < 1" by auto
+ { fix n::nat assume "n\<ge>N"
+ hence "norm (s n) \<le> norm (s N) + 1" using N apply(erule_tac x=n in allE) unfolding dist_def
+ using norm_triangle_sub[of "s N" "s n"] by (auto, metis dist_def dist_sym le_add_right_mono norm_triangle_sub real_less_def)
+ }
+ hence "\<forall>n\<ge>N. norm (s n) \<le> norm (s N) + 1" by auto
+ moreover
+ have "bounded (s ` {0..N})" using finite_imp_bounded[of "s ` {1..N}"] by auto
+ then obtain a where a:"\<forall>x\<in>s ` {0..N}. norm x \<le> a" unfolding bounded_def by auto
+ ultimately show "?thesis" unfolding bounded_def
+ apply(rule_tac x="max a (norm (s N) + 1)" in exI) apply auto
+ apply(erule_tac x=n in allE) apply(erule_tac x=n in ballE) by auto
+qed
+
+lemma compact_imp_complete: assumes "compact s" shows "complete s"
+proof-
+ { fix f assume as: "(\<forall>n::nat. f n \<in> s)" "cauchy f"
+ from as(1) obtain l r where lr: "l\<in>s" "(\<forall>m n. m < n \<longrightarrow> r m < r n)" "((f \<circ> r) ---> l) sequentially" using assms unfolding compact_def by blast
+
+ { fix n :: nat have lr':"n \<le> r n"
+ proof (induct n)
+ show "0 \<le> r 0" using lr(2) by blast
+ next fix na assume "na \<le> r na" moreover have "na < Suc na \<longrightarrow> r na < r (Suc na)" using lr(2) by blast
+ ultimately show "Suc na \<le> r (Suc na)" by auto
+ qed } note lr' = this
+
+ { fix e::real assume "e>0"
+ from as(2) obtain N where N:"\<forall>m n. N \<le> m \<and> N \<le> n \<longrightarrow> dist (f m) (f n) < e/2" unfolding cauchy_def using `e>0` apply (erule_tac x="e/2" in allE) by auto
+ from lr(3)[unfolded Lim_sequentially, THEN spec[where x="e/2"]] obtain M where M:"\<forall>n\<ge>M. dist ((f \<circ> r) n) l < e/2" using `e>0` by auto
+ { fix n::nat assume n:"n \<ge> max N M"
+ have "dist ((f \<circ> r) n) l < e/2" using n M by auto
+ moreover have "r n \<ge> N" using lr'[of n] n by auto
+ hence "dist (f n) ((f \<circ> r) n) < e / 2" using N using n by auto
+ ultimately have "dist (f n) l < e" using dist_triangle_half_r[of "f (r n)" "f n" e l] by (auto simp add: dist_sym) }
+ hence "\<exists>N. \<forall>n\<ge>N. dist (f n) l < e" by blast }
+ hence "\<exists>l\<in>s. (f ---> l) sequentially" using `l\<in>s` unfolding Lim_sequentially by auto }
+ thus ?thesis unfolding complete_def by auto
+qed
+
+lemma complete_univ:
+ "complete UNIV"
+proof(simp add: complete_def, rule, rule)
+ fix f::"nat \<Rightarrow> real^'n" assume "cauchy f"
+ hence "bounded (f`UNIV)" using cauchy_imp_bounded[of f] unfolding image_def by auto
+ hence "compact (closure (f`UNIV))" using bounded_closed_imp_compact[of "closure (range f)"] by auto
+ hence "complete (closure (range f))" using compact_imp_complete by auto
+ thus "\<exists>l. (f ---> l) sequentially" unfolding complete_def[of "closure (range f)"] using `cauchy f` unfolding closure_def by auto
+qed
+
+lemma complete_eq_closed: "complete s \<longleftrightarrow> closed s" (is "?lhs = ?rhs")
+proof
+ assume ?lhs
+ { fix x assume "x islimpt s"
+ then obtain f where f:"\<forall>n. f n \<in> s - {x}" "(f ---> x) sequentially" unfolding islimpt_sequential by auto
+ then obtain l where l: "l\<in>s" "(f ---> l) sequentially" using `?lhs`[unfolded complete_def] using convergent_imp_cauchy[of f x] by auto
+ hence "x \<in> s" using Lim_unique[of sequentially f l x] trivial_limit_sequentially f(2) by auto }
+ thus ?rhs unfolding closed_limpt by auto
+next
+ assume ?rhs
+ { fix f assume as:"\<forall>n::nat. f n \<in> s" "cauchy f"
+ then obtain l where "(f ---> l) sequentially" using complete_univ[unfolded complete_def, THEN spec[where x=f]] by auto
+ hence "\<exists>l\<in>s. (f ---> l) sequentially" using `?rhs`[unfolded closed_sequential_limits, THEN spec[where x=f], THEN spec[where x=l]] using as(1) by auto }
+ thus ?lhs unfolding complete_def by auto
+qed
+
+lemma convergent_eq_cauchy: "(\<exists>l. (s ---> l) sequentially) \<longleftrightarrow> cauchy s" (is "?lhs = ?rhs")
+proof
+ assume ?lhs then obtain l where "(s ---> l) sequentially" by auto
+ thus ?rhs using convergent_imp_cauchy by auto
+next
+ assume ?rhs thus ?lhs using complete_univ[unfolded complete_def, THEN spec[where x=s]] by auto
+qed
+
+lemma convergent_imp_bounded: "(s ---> l) sequentially ==> bounded (s ` (UNIV::(nat set)))"
+ using convergent_eq_cauchy[of s]
+ using cauchy_imp_bounded[of s]
+ unfolding image_def
+ by auto
+
+subsection{* Total boundedness. *}
+
+fun helper_1::"((real^'n) set) \<Rightarrow> real \<Rightarrow> nat \<Rightarrow> real^'n" where
+ "helper_1 s e n = (SOME y::real^'n. y \<in> s \<and> (\<forall>m<n. \<not> (dist (helper_1 s e m) y < e)))"
+declare helper_1.simps[simp del]
+
+lemma compact_imp_totally_bounded:
+ assumes "compact s"
+ shows "\<forall>e>0. \<exists>k. finite k \<and> k \<subseteq> s \<and> s \<subseteq> (\<Union>((\<lambda>x. ball x e) ` k))"
+proof(rule, rule, rule ccontr)
+ fix e::real assume "e>0" and assm:"\<not> (\<exists>k. finite k \<and> k \<subseteq> s \<and> s \<subseteq> \<Union>(\<lambda>x. ball x e) ` k)"
+ def x \<equiv> "helper_1 s e"
+ { fix n
+ have "x n \<in> s \<and> (\<forall>m<n. \<not> dist (x m) (x n) < e)"
+ proof(induct_tac rule:nat_less_induct)
+ fix n def Q \<equiv> "(\<lambda>y. y \<in> s \<and> (\<forall>m<n. \<not> dist (x m) y < e))"
+ assume as:"\<forall>m<n. x m \<in> s \<and> (\<forall>ma<m. \<not> dist (x ma) (x m) < e)"
+ have "\<not> s \<subseteq> (\<Union>x\<in>x ` {0..<n}. ball x e)" using assm apply simp apply(erule_tac x="x ` {0 ..< n}" in allE) using as by auto
+ then obtain z where z:"z\<in>s" "z \<notin> (\<Union>x\<in>x ` {0..<n}. ball x e)" unfolding subset_eq by auto
+ have "Q (x n)" unfolding x_def and helper_1.simps[of s e n]
+ apply(rule someI2[where a=z]) unfolding x_def[symmetric] and Q_def using z by auto
+ thus "x n \<in> s \<and> (\<forall>m<n. \<not> dist (x m) (x n) < e)" unfolding Q_def by auto
+ qed }
+ hence "\<forall>n::nat. x n \<in> s" and x:"\<forall>n. \<forall>m < n. \<not> (dist (x m) (x n) < e)" by blast+
+ then obtain l r where "l\<in>s" and r:"\<forall>m n. m < n \<longrightarrow> r m < r n" and "((x \<circ> r) ---> l) sequentially" using assms(1)[unfolded compact_def, THEN spec[where x=x]] by auto
+ from this(3) have "cauchy (x \<circ> r)" using convergent_imp_cauchy by auto
+ then obtain N::nat where N:"\<forall>m n. N \<le> m \<and> N \<le> n \<longrightarrow> dist ((x \<circ> r) m) ((x \<circ> r) n) < e" unfolding cauchy_def using `e>0` by auto
+ show False
+ using N[THEN spec[where x=N], THEN spec[where x="N+1"]]
+ using r[THEN spec[where x=N], THEN spec[where x="N+1"]]
+ using x[THEN spec[where x="r (N+1)"], THEN spec[where x="r (N)"]] by auto
+qed
+
+subsection{* Heine-Borel theorem (following Burkill \& Burkill vol. 2) *}
+
+lemma heine_borel_lemma: fixes s::"(real^'n) set"
+ assumes "compact s" "s \<subseteq> (\<Union> t)" "\<forall>b \<in> t. open b"
+ shows "\<exists>e>0. \<forall>x \<in> s. \<exists>b \<in> t. ball x e \<subseteq> b"
+proof(rule ccontr)
+ assume "\<not> (\<exists>e>0. \<forall>x\<in>s. \<exists>b\<in>t. ball x e \<subseteq> b)"
+ hence cont:"\<forall>e>0. \<exists>x\<in>s. \<forall>xa\<in>t. \<not> (ball x e \<subseteq> xa)" by auto
+ { fix n::nat
+ have "1 / real (n + 1) > 0" by auto
+ hence "\<exists>x. x\<in>s \<and> (\<forall>xa\<in>t. \<not> (ball x (inverse (real (n+1))) \<subseteq> xa))" using cont unfolding Bex_def by auto }
+ hence "\<forall>n::nat. \<exists>x. x \<in> s \<and> (\<forall>xa\<in>t. \<not> ball x (inverse (real (n + 1))) \<subseteq> xa)" by auto
+ then obtain f where f:"\<forall>n::nat. f n \<in> s \<and> (\<forall>xa\<in>t. \<not> ball (f n) (inverse (real (n + 1))) \<subseteq> xa)"
+ using choice[of "\<lambda>n::nat. \<lambda>x. x\<in>s \<and> (\<forall>xa\<in>t. \<not> ball x (inverse (real (n + 1))) \<subseteq> xa)"] by auto
+
+ then obtain l r where l:"l\<in>s" and r:"\<forall>m n. m < n \<longrightarrow> r m < r n" and lr:"((f \<circ> r) ---> l) sequentially"
+ using assms(1)[unfolded compact_def, THEN spec[where x=f]] by auto
+
+ obtain b where "l\<in>b" "b\<in>t" using assms(2) and l by auto
+ then obtain e where "e>0" and e:"\<forall>z. dist z l < e \<longrightarrow> z\<in>b"
+ using assms(3)[THEN bspec[where x=b]] unfolding open_def by auto
+
+ then obtain N1 where N1:"\<forall>n\<ge>N1. dist ((f \<circ> r) n) l < e / 2"
+ using lr[unfolded Lim_sequentially, THEN spec[where x="e/2"]] by auto
+
+ obtain N2::nat where N2:"N2>0" "inverse (real N2) < e /2" using real_arch_inv[of "e/2"] and `e>0` by auto
+ have N2':"inverse (real (r (N1 + N2) +1 )) < e/2"
+ apply(rule order_less_trans) apply(rule less_imp_inverse_less) using N2
+ using monotone_bigger[OF r, of "N1 + N2"] by auto
+
+ def x \<equiv> "(f (r (N1 + N2)))"
+ have x:"\<not> ball x (inverse (real (r (N1 + N2) + 1))) \<subseteq> b" unfolding x_def
+ using f[THEN spec[where x="r (N1 + N2)"]] using `b\<in>t` by auto
+ have "\<exists>y\<in>ball x (inverse (real (r (N1 + N2) + 1))). y\<notin>b" apply(rule ccontr) using x by auto
+ then obtain y where y:"y \<in> ball x (inverse (real (r (N1 + N2) + 1)))" "y \<notin> b" by auto
+
+ have "dist x l < e/2" using N1 unfolding x_def o_def by auto
+ hence "dist y l < e" using y N2' using dist_triangle[of y l x]by (auto simp add:dist_sym)
+
+ thus False using e and `y\<notin>b` by auto
+qed
+
+lemma compact_imp_heine_borel: "compact s ==> (\<forall>f. (\<forall>t \<in> f. open t) \<and> s \<subseteq> (\<Union> f)
+ \<longrightarrow> (\<exists>f'. f' \<subseteq> f \<and> finite f' \<and> s \<subseteq> (\<Union> f')))"
+proof clarify
+ fix f assume "compact s" " \<forall>t\<in>f. open t" "s \<subseteq> \<Union>f"
+ then obtain e::real where "e>0" and "\<forall>x\<in>s. \<exists>b\<in>f. ball x e \<subseteq> b" using heine_borel_lemma[of s f] by auto
+ hence "\<forall>x\<in>s. \<exists>b. b\<in>f \<and> ball x e \<subseteq> b" by auto
+ hence "\<exists>bb. \<forall>x\<in>s. bb x \<in>f \<and> ball x e \<subseteq> bb x" using bchoice[of s "\<lambda>x b. b\<in>f \<and> ball x e \<subseteq> b"] by auto
+ then obtain bb where bb:"\<forall>x\<in>s. (bb x) \<in> f \<and> ball x e \<subseteq> (bb x)" by blast
+
+ from `compact s` have "\<exists> k. finite k \<and> k \<subseteq> s \<and> s \<subseteq> \<Union>(\<lambda>x. ball x e) ` k" using compact_imp_totally_bounded[of s] `e>0` by auto
+ then obtain k where k:"finite k" "k \<subseteq> s" "s \<subseteq> \<Union>(\<lambda>x. ball x e) ` k" by auto
+
+ have "finite (bb ` k)" using k(1) by auto
+ moreover
+ { fix x assume "x\<in>s"
+ hence "x\<in>\<Union>(\<lambda>x. ball x e) ` k" using k(3) unfolding subset_eq by auto
+ hence "\<exists>X\<in>bb ` k. x \<in> X" using bb k(2) by blast
+ hence "x \<in> \<Union>(bb ` k)" using Union_iff[of x "bb ` k"] by auto
+ }
+ ultimately show "\<exists>f'\<subseteq>f. finite f' \<and> s \<subseteq> \<Union>f'" using bb k(2) by (rule_tac x="bb ` k" in exI) auto
+qed
+
+subsection{* Bolzano-Weierstrass property. *}
+
+lemma heine_borel_imp_bolzano_weierstrass:
+ assumes "\<forall>f. (\<forall>t \<in> f. open t) \<and> s \<subseteq> (\<Union> f) --> (\<exists>f'. f' \<subseteq> f \<and> finite f' \<and> s \<subseteq> (\<Union> f'))"
+ "infinite t" "t \<subseteq> s"
+ shows "\<exists>x \<in> s. x islimpt t"
+proof(rule ccontr)
+ assume "\<not> (\<exists>x \<in> s. x islimpt t)"
+ then obtain f where f:"\<forall>x\<in>s. x \<in> f x \<and> open (f x) \<and> (\<forall>y\<in>t. y \<in> f x \<longrightarrow> y = x)" unfolding islimpt_def
+ using bchoice[of s "\<lambda> x T. x \<in> T \<and> open T \<and> (\<forall>y\<in>t. y \<in> T \<longrightarrow> y = x)"] by auto
+ obtain g where g:"g\<subseteq>{t. \<exists>x. x \<in> s \<and> t = f x}" "finite g" "s \<subseteq> \<Union>g"
+ using assms(1)[THEN spec[where x="{t. \<exists>x. x\<in>s \<and> t = f x}"]] using f by auto
+ from g(1,3) have g':"\<forall>x\<in>g. \<exists>xa \<in> s. x = f xa" by auto
+ { fix x y assume "x\<in>t" "y\<in>t" "f x = f y"
+ hence "x \<in> f x" "y \<in> f x \<longrightarrow> y = x" using f[THEN bspec[where x=x]] and `t\<subseteq>s` by auto
+ hence "x = y" using `f x = f y` and f[THEN bspec[where x=y]] and `y\<in>t` and `t\<subseteq>s` by auto }
+ hence "infinite (f ` t)" using assms(2) using finite_imageD[unfolded inj_on_def, of f t] by auto
+ moreover
+ { fix x assume "x\<in>t" "f x \<notin> g"
+ from g(3) assms(3) `x\<in>t` obtain h where "h\<in>g" and "x\<in>h" by auto
+ then obtain y where "y\<in>s" "h = f y" using g'[THEN bspec[where x=h]] by auto
+ hence "y = x" using f[THEN bspec[where x=y]] and `x\<in>t` and `x\<in>h`[unfolded `h = f y`] by auto
+ hence False using `f x \<notin> g` `h\<in>g` unfolding `h = f y` by auto }
+ hence "f ` t \<subseteq> g" by auto
+ ultimately show False using g(2) using finite_subset by auto
+qed
+
+subsection{* Complete the chain of compactness variants. *}
+
+primrec helper_2::"(real \<Rightarrow> real^'n) \<Rightarrow> nat \<Rightarrow> real ^'n" where
+ "helper_2 beyond 0 = beyond 0" |
+ "helper_2 beyond (Suc n) = beyond (norm (helper_2 beyond n) + 1 )"
+
+lemma bolzano_weierstrass_imp_bounded: fixes s::"(real^'n) set"
+ assumes "\<forall>t. infinite t \<and> t \<subseteq> s --> (\<exists>x \<in> s. x islimpt t)"
+ shows "bounded s"
+proof(rule ccontr)
+ assume "\<not> bounded s"
+ then obtain beyond where "\<forall>a. beyond a \<in>s \<and> \<not> norm (beyond a) \<le> a"
+ unfolding bounded_def apply simp using choice[of "\<lambda>a x. x\<in>s \<and> \<not> norm x \<le> a"] by auto
+ hence beyond:"\<And>a. beyond a \<in>s" "\<And>a. norm (beyond a) > a" unfolding linorder_not_le by auto
+ def x \<equiv> "helper_2 beyond"
+
+ { fix m n ::nat assume "m<n"
+ hence "norm (x m) + 1 < norm (x n)"
+ proof(induct n)
+ case 0 thus ?case by auto
+ next
+ case (Suc n)
+ have *:"norm (x n) + 1 < norm (x (Suc n))" unfolding x_def and helper_2.simps
+ using beyond(2)[of "norm (helper_2 beyond n) + 1"] by auto
+ thus ?case proof(cases "m < n")
+ case True thus ?thesis using Suc and * by auto
+ next
+ case False hence "m = n" using Suc(2) by auto
+ thus ?thesis using * by auto
+ qed
+ qed } note * = this
+ { fix m n ::nat assume "m\<noteq>n"
+ have "1 < dist (x m) (x n)"
+ proof(cases "m<n")
+ case True
+ hence "1 < norm (x n) - norm (x m)" using *[of m n] by auto
+ thus ?thesis unfolding dist_sym[of "x m" "x n"] unfolding dist_def using norm_triangle_sub[of "x n" "x m"] by auto
+ next
+ case False hence "n<m" using `m\<noteq>n` by auto
+ hence "1 < norm (x m) - norm (x n)" using *[of n m] by auto
+ thus ?thesis unfolding dist_sym[of "x n" "x m"] unfolding dist_def using norm_triangle_sub[of "x m" "x n"] by auto
+ qed } note ** = this
+ { fix a b assume "x a = x b" "a \<noteq> b"
+ hence False using **[of a b] unfolding dist_eq_0[THEN sym] by auto }
+ hence "inj x" unfolding inj_on_def by auto
+ moreover
+ { fix n::nat
+ have "x n \<in> s"
+ proof(cases "n = 0")
+ case True thus ?thesis unfolding x_def using beyond by auto
+ next
+ case False then obtain z where "n = Suc z" using not0_implies_Suc by auto
+ thus ?thesis unfolding x_def using beyond by auto
+ qed }
+ ultimately have "infinite (range x) \<and> range x \<subseteq> s" unfolding x_def using range_inj_infinite[of "helper_2 beyond"] using beyond(1) by auto
+
+ then obtain l where "l\<in>s" and l:"l islimpt range x" using assms[THEN spec[where x="range x"]] by auto
+ then obtain y where "x y \<noteq> l" and y:"dist (x y) l < 1/2" unfolding islimpt_approachable apply(erule_tac x="1/2" in allE) by auto
+ then obtain z where "x z \<noteq> l" and z:"dist (x z) l < dist (x y) l" using l[unfolded islimpt_approachable, THEN spec[where x="dist (x y) l"]]
+ unfolding dist_nz by auto
+ show False using y and z and dist_triangle_half_l[of "x y" l 1 "x z"] and **[of y z] by auto
+qed
+
+lemma sequence_infinite_lemma:
+ assumes "\<forall>n::nat. (f n \<noteq> l)" "(f ---> l) sequentially"
+ shows "infinite {y::real^'a. (\<exists> n. y = f n)}"
+proof(rule ccontr)
+ let ?A = "(\<lambda>x. dist x l) ` {y. \<exists>n. y = f n}"
+ assume "\<not> infinite {y. \<exists>n. y = f n}"
+ hence **:"finite ?A" "?A \<noteq> {}" by auto
+ obtain k where k:"dist (f k) l = Min ?A" using Min_in[OF **] by auto
+ have "0 < Min ?A" using assms(1) unfolding dist_nz unfolding Min_gr_iff[OF **] by auto
+ then obtain N where "dist (f N) l < Min ?A" using assms(2)[unfolded Lim_sequentially, THEN spec[where x="Min ?A"]] by auto
+ moreover have "dist (f N) l \<in> ?A" by auto
+ ultimately show False using Min_le[OF **(1), of "dist (f N) l"] by auto
+qed
+
+lemma sequence_unique_limpt:
+ assumes "\<forall>n::nat. (f n \<noteq> l)" "(f ---> l) sequentially" "l' islimpt {y. (\<exists>n. y = f n)}"
+ shows "l' = l"
+proof(rule ccontr)
+ def e \<equiv> "dist l' l"
+ assume "l' \<noteq> l" hence "e>0" unfolding dist_nz e_def by auto
+ then obtain N::nat where N:"\<forall>n\<ge>N. dist (f n) l < e / 2"
+ using assms(2)[unfolded Lim_sequentially, THEN spec[where x="e/2"]] by auto
+ def d \<equiv> "Min (insert (e/2) ((\<lambda>n. if dist (f n) l' = 0 then e/2 else dist (f n) l') ` {0 .. N}))"
+ have "d>0" using `e>0` unfolding d_def e_def using dist_pos_le[of _ l', unfolded order_le_less] by auto
+ obtain k where k:"f k \<noteq> l'" "dist (f k) l' < d" using `d>0` and assms(3)[unfolded islimpt_approachable, THEN spec[where x="d"]] by auto
+ have "k\<ge>N" using k(1)[unfolded dist_nz] using k(2)[unfolded d_def]
+ by force
+ hence "dist l' l < e" using N[THEN spec[where x=k]] using k(2)[unfolded d_def] and dist_triangle_half_r[of "f k" l' e l] by auto
+ thus False unfolding e_def by auto
+qed
+
+lemma bolzano_weierstrass_imp_closed:
+ assumes "\<forall>t. infinite t \<and> t \<subseteq> s --> (\<exists>x \<in> s. x islimpt t)"
+ shows "closed s"
+proof-
+ { fix x l assume as: "\<forall>n::nat. x n \<in> s" "(x ---> l) sequentially"
+ hence "l \<in> s"
+ proof(cases "\<forall>n. x n \<noteq> l")
+ case False thus "l\<in>s" using as(1) by auto
+ next
+ case True note cas = this
+ with as(2) have "infinite {y. \<exists>n. y = x n}" using sequence_infinite_lemma[of x l] by auto
+ then obtain l' where "l'\<in>s" "l' islimpt {y. \<exists>n. y = x n}" using assms[THEN spec[where x="{y. \<exists>n. y = x n}"]] as(1) by auto
+ thus "l\<in>s" using sequence_unique_limpt[of x l l'] using as cas by auto
+ qed }
+ thus ?thesis unfolding closed_sequential_limits by auto
+qed
+
+text{* Hence express everything as an equivalence. *}
+
+lemma compact_eq_heine_borel: "compact s \<longleftrightarrow>
+ (\<forall>f. (\<forall>t \<in> f. open t) \<and> s \<subseteq> (\<Union> f)
+ --> (\<exists>f'. f' \<subseteq> f \<and> finite f' \<and> s \<subseteq> (\<Union> f')))" (is "?lhs = ?rhs")
+proof
+ assume ?lhs thus ?rhs using compact_imp_heine_borel[of s] by blast
+next
+ assume ?rhs
+ hence "\<forall>t. infinite t \<and> t \<subseteq> s \<longrightarrow> (\<exists>x\<in>s. x islimpt t)" using heine_borel_imp_bolzano_weierstrass[of s] by blast
+ thus ?lhs using bolzano_weierstrass_imp_bounded[of s] bolzano_weierstrass_imp_closed[of s] bounded_closed_imp_compact[of s] by blast
+qed
+
+lemma compact_eq_bolzano_weierstrass:
+ "compact s \<longleftrightarrow> (\<forall>t. infinite t \<and> t \<subseteq> s --> (\<exists>x \<in> s. x islimpt t))" (is "?lhs = ?rhs")
+proof
+ assume ?lhs thus ?rhs unfolding compact_eq_heine_borel using heine_borel_imp_bolzano_weierstrass[of s] by auto
+next
+ assume ?rhs thus ?lhs using bolzano_weierstrass_imp_bounded bolzano_weierstrass_imp_closed bounded_closed_imp_compact by auto
+qed
+
+lemma compact_eq_bounded_closed:
+ "compact s \<longleftrightarrow> bounded s \<and> closed s" (is "?lhs = ?rhs")
+proof
+ assume ?lhs thus ?rhs unfolding compact_eq_bolzano_weierstrass using bolzano_weierstrass_imp_bounded bolzano_weierstrass_imp_closed by auto
+next
+ assume ?rhs thus ?lhs using bounded_closed_imp_compact by auto
+qed
+
+lemma compact_imp_bounded:
+ "compact s ==> bounded s"
+ unfolding compact_eq_bounded_closed
+ by simp
+
+lemma compact_imp_closed:
+ "compact s ==> closed s"
+ unfolding compact_eq_bounded_closed
+ by simp
+
+text{* In particular, some common special cases. *}
+
+lemma compact_empty[simp]:
+ "compact {}"
+ unfolding compact_def
+ by simp
+
+ (* FIXME : Rename *)
+lemma compact_union[intro]:
+ "compact s \<Longrightarrow> compact t ==> compact (s \<union> t)"
+ unfolding compact_eq_bounded_closed
+ using bounded_Un[of s t]
+ using closed_Un[of s t]
+ by simp
+
+lemma compact_inter[intro]:
+ "compact s \<Longrightarrow> compact t ==> compact (s \<inter> t)"
+ unfolding compact_eq_bounded_closed
+ using bounded_Int[of s t]
+ using closed_Int[of s t]
+ by simp
+
+lemma compact_inter_closed[intro]:
+ "compact s \<Longrightarrow> closed t ==> compact (s \<inter> t)"
+ unfolding compact_eq_bounded_closed
+ using closed_Int[of s t]
+ using bounded_subset[of "s \<inter> t" s]
+ by blast
+
+lemma closed_inter_compact[intro]:
+ "closed s \<Longrightarrow> compact t ==> compact (s \<inter> t)"
+proof-
+ assume "closed s" "compact t"
+ moreover
+ have "s \<inter> t = t \<inter> s" by auto ultimately
+ show ?thesis
+ using compact_inter_closed[of t s]
+ by auto
+qed
+
+lemma finite_imp_closed:
+ "finite s ==> closed s"
+proof-
+ assume "finite s" hence "\<not>( \<exists>t. t \<subseteq> s \<and> infinite t)" using finite_subset by auto
+ thus ?thesis using bolzano_weierstrass_imp_closed[of s] by auto
+qed
+
+lemma finite_imp_compact:
+ "finite s ==> compact s"
+ unfolding compact_eq_bounded_closed
+ using finite_imp_closed finite_imp_bounded
+ by blast
+
+lemma compact_sing[simp]:
+ "compact {a}"
+ using finite_imp_compact[of "{a}"]
+ by blast
+
+lemma closed_sing[simp]:
+ "closed {a}"
+ using compact_eq_bounded_closed compact_sing[of a]
+ by blast
+
+lemma compact_cball[simp]:
+ "compact(cball x e)"
+ using compact_eq_bounded_closed bounded_cball closed_cball
+ by blast
+
+lemma compact_frontier_bounded[intro]:
+ "bounded s ==> compact(frontier s)"
+ unfolding frontier_def
+ using compact_eq_bounded_closed
+ by blast
+
+lemma compact_frontier[intro]:
+ "compact s ==> compact (frontier s)"
+ using compact_eq_bounded_closed compact_frontier_bounded
+ by blast
+
+lemma frontier_subset_compact:
+ "compact s ==> frontier s \<subseteq> s"
+ using frontier_subset_closed compact_eq_bounded_closed
+ by blast
+
+lemma open_delete:
+ "open s ==> open(s - {x})"
+ using open_diff[of s "{x}"] closed_sing
+ by blast
+
+text{* Finite intersection property. I could make it an equivalence in fact. *}
+
+lemma compact_imp_fip:
+ assumes "compact s" "\<forall>t \<in> f. closed t"
+ "\<forall>f'. finite f' \<and> f' \<subseteq> f --> (s \<inter> (\<Inter> f') \<noteq> {})"
+ shows "s \<inter> (\<Inter> f) \<noteq> {}"
+proof
+ assume as:"s \<inter> (\<Inter> f) = {}"
+ hence "s \<subseteq> \<Union>op - UNIV ` f" by auto
+ moreover have "Ball (op - UNIV ` f) open" using open_diff closed_diff using assms(2) by auto
+ ultimately obtain f' where f':"f' \<subseteq> op - UNIV ` f" "finite f'" "s \<subseteq> \<Union>f'" using assms(1)[unfolded compact_eq_heine_borel, THEN spec[where x="(\<lambda>t. UNIV - t) ` f"]] by auto
+ hence "finite (op - UNIV ` f') \<and> op - UNIV ` f' \<subseteq> f" by(auto simp add: Diff_Diff_Int)
+ hence "s \<inter> \<Inter>op - UNIV ` f' \<noteq> {}" using assms(3)[THEN spec[where x="op - UNIV ` f'"]] by auto
+ thus False using f'(3) unfolding subset_eq and Union_iff by blast
+qed
+
+subsection{* Bounded closed nest property (proof does not use Heine-Borel). *}
+
+lemma bounded_closed_nest:
+ assumes "\<forall>n. closed(s n)" "\<forall>n. (s n \<noteq> {})"
+ "(\<forall>m n. m \<le> n --> s n \<subseteq> s m)" "bounded(s 0)"
+ shows "\<exists> a::real^'a. \<forall>n::nat. a \<in> s(n)"
+proof-
+ from assms(2) obtain x where x:"\<forall>n::nat. x n \<in> s n" using choice[of "\<lambda>n x. x\<in> s n"] by auto
+ from assms(4,1) have *:"compact (s 0)" using bounded_closed_imp_compact[of "s 0"] by auto
+
+ then obtain l r where lr:"l\<in>s 0" "\<forall>m n. m < n \<longrightarrow> r m < r n" "((x \<circ> r) ---> l) sequentially"
+ unfolding compact_def apply(erule_tac x=x in allE) using x using assms(3) by blast
+
+ { fix n::nat
+ { fix e::real assume "e>0"
+ with lr(3) obtain N where N:"\<forall>m\<ge>N. dist ((x \<circ> r) m) l < e" unfolding Lim_sequentially by auto
+ hence "dist ((x \<circ> r) (max N n)) l < e" by auto
+ moreover
+ have "r (max N n) \<ge> n" using lr(2) using monotone_bigger[of r "max N n"] by auto
+ hence "(x \<circ> r) (max N n) \<in> s n"
+ using x apply(erule_tac x=n in allE)
+ using x apply(erule_tac x="r (max N n)" in allE)
+ using assms(3) apply(erule_tac x=n in allE)apply( erule_tac x="r (max N n)" in allE) by auto
+ ultimately have "\<exists>y\<in>s n. dist y l < e" by auto
+ }
+ hence "l \<in> s n" using closed_approachable[of "s n" l] assms(1) by blast
+ }
+ thus ?thesis by auto
+qed
+
+text{* Decreasing case does not even need compactness, just completeness. *}
+
+lemma decreasing_closed_nest:
+ assumes "\<forall>n. closed(s n)"
+ "\<forall>n. (s n \<noteq> {})"
+ "\<forall>m n. m \<le> n --> s n \<subseteq> s m"
+ "\<forall>e>0. \<exists>n. \<forall>x \<in> (s n). \<forall> y \<in> (s n). dist x y < e"
+ shows "\<exists>a::real^'a. \<forall>n::nat. a \<in> s n"
+proof-
+ have "\<forall>n. \<exists> x. x\<in>s n" using assms(2) by auto
+ hence "\<exists>t. \<forall>n. t n \<in> s n" using choice[of "\<lambda> n x. x \<in> s n"] by auto
+ then obtain t where t: "\<forall>n. t n \<in> s n" by auto
+ { fix e::real assume "e>0"
+ then obtain N where N:"\<forall>x\<in>s N. \<forall>y\<in>s N. dist x y < e" using assms(4) by auto
+ { fix m n ::nat assume "N \<le> m \<and> N \<le> n"
+ hence "t m \<in> s N" "t n \<in> s N" using assms(3) t unfolding subset_eq t by blast+
+ hence "dist (t m) (t n) < e" using N by auto
+ }
+ hence "\<exists>N. \<forall>m n. N \<le> m \<and> N \<le> n \<longrightarrow> dist (t m) (t n) < e" by auto
+ }
+ hence "cauchy t" unfolding cauchy_def by auto
+ then obtain l where l:"(t ---> l) sequentially" using complete_univ unfolding complete_def by auto
+ { fix n::nat
+ { fix e::real assume "e>0"
+ then obtain N::nat where N:"\<forall>n\<ge>N. dist (t n) l < e" using l[unfolded Lim_sequentially] by auto
+ have "t (max n N) \<in> s n" using assms(3) unfolding subset_eq apply(erule_tac x=n in allE) apply (erule_tac x="max n N" in allE) using t by auto
+ hence "\<exists>y\<in>s n. dist y l < e" apply(rule_tac x="t (max n N)" in bexI) using N by auto
+ }
+ hence "l \<in> s n" using closed_approachable[of "s n" l] assms(1) by auto
+ }
+ then show ?thesis by auto
+qed
+
+text{* Strengthen it to the intersection actually being a singleton. *}
+
+lemma decreasing_closed_nest_sing:
+ assumes "\<forall>n. closed(s n)"
+ "\<forall>n. s n \<noteq> {}"
+ "\<forall>m n. m \<le> n --> s n \<subseteq> s m"
+ "\<forall>e>0. \<exists>n. \<forall>x \<in> (s n). \<forall> y\<in>(s n). dist x y < e"
+ shows "\<exists>a::real^'a. \<Inter> {t. (\<exists>n::nat. t = s n)} = {a}"
+proof-
+ obtain a where a:"\<forall>n. a \<in> s n" using decreasing_closed_nest[of s] using assms by auto
+ { fix b assume b:"b \<in> \<Inter>{t. \<exists>n. t = s n}"
+ { fix e::real assume "e>0"
+ hence "dist a b < e" using assms(4 )using b using a by blast
+ }
+ hence "dist a b = 0" by (metis dist_eq_0 dist_nz real_less_def)
+ }
+ with a have "\<Inter>{t. \<exists>n. t = s n} = {a}" unfolding dist_eq_0 by auto
+ thus ?thesis by auto
+qed
+
+text{* Cauchy-type criteria for uniform convergence. *}
+
+lemma uniformly_convergent_eq_cauchy: fixes s::"nat \<Rightarrow> 'b \<Rightarrow> real^'a" shows
+ "(\<exists>l. \<forall>e>0. \<exists>N. \<forall>n x. N \<le> n \<and> P x --> dist(s n x)(l x) < e) \<longleftrightarrow>
+ (\<forall>e>0. \<exists>N. \<forall>m n x. N \<le> m \<and> N \<le> n \<and> P x --> dist (s m x) (s n x) < e)" (is "?lhs = ?rhs")
+proof(rule)
+ assume ?lhs
+ then obtain l where l:"\<forall>e>0. \<exists>N. \<forall>n x. N \<le> n \<and> P x \<longrightarrow> dist (s n x) (l x) < e" by auto
+ { fix e::real assume "e>0"
+ then obtain N::nat where N:"\<forall>n x. N \<le> n \<and> P x \<longrightarrow> dist (s n x) (l x) < e / 2" using l[THEN spec[where x="e/2"]] by auto
+ { fix n m::nat and x::"'b" assume "N \<le> m \<and> N \<le> n \<and> P x"
+ hence "dist (s m x) (s n x) < e"
+ using N[THEN spec[where x=m], THEN spec[where x=x]]
+ using N[THEN spec[where x=n], THEN spec[where x=x]]
+ using dist_triangle_half_l[of "s m x" "l x" e "s n x"] by auto }
+ hence "\<exists>N. \<forall>m n x. N \<le> m \<and> N \<le> n \<and> P x --> dist (s m x) (s n x) < e" by auto }
+ thus ?rhs by auto
+next
+ assume ?rhs
+ hence "\<forall>x. P x \<longrightarrow> cauchy (\<lambda>n. s n x)" unfolding cauchy_def apply auto by (erule_tac x=e in allE)auto
+ then obtain l where l:"\<forall>x. P x \<longrightarrow> ((\<lambda>n. s n x) ---> l x) sequentially" unfolding convergent_eq_cauchy[THEN sym]
+ using choice[of "\<lambda>x l. P x \<longrightarrow> ((\<lambda>n. s n x) ---> l) sequentially"] by auto
+ { fix e::real assume "e>0"
+ then obtain N where N:"\<forall>m n x. N \<le> m \<and> N \<le> n \<and> P x \<longrightarrow> dist (s m x) (s n x) < e/2"
+ using `?rhs`[THEN spec[where x="e/2"]] by auto
+ { fix x assume "P x"
+ then obtain M where M:"\<forall>n\<ge>M. dist (s n x) (l x) < e/2"
+ using l[THEN spec[where x=x], unfolded Lim_sequentially] using `e>0` by(auto elim!: allE[where x="e/2"])
+ fix n::nat assume "n\<ge>N"
+ hence "dist(s n x)(l x) < e" using `P x`and N[THEN spec[where x=n], THEN spec[where x="N+M"], THEN spec[where x=x]]
+ using M[THEN spec[where x="N+M"]] and dist_triangle_half_l[of "s n x" "s (N+M) x" e "l x"] by (auto simp add: dist_sym) }
+ hence "\<exists>N. \<forall>n x. N \<le> n \<and> P x \<longrightarrow> dist(s n x)(l x) < e" by auto }
+ thus ?lhs by auto
+qed
+
+lemma uniformly_cauchy_imp_uniformly_convergent:
+ assumes "\<forall>e>0.\<exists>N. \<forall>m (n::nat) x. N \<le> m \<and> N \<le> n \<and> P x --> dist(s m x)(s n x) < e"
+ "\<forall>x. P x --> (\<forall>e>0. \<exists>N. \<forall>n. N \<le> n --> dist(s n x)(l x) < e)"
+ shows "\<forall>e>0. \<exists>N. \<forall>n x. N \<le> n \<and> P x --> dist(s n x)(l x) < e"
+proof-
+ obtain l' where l:"\<forall>e>0. \<exists>N. \<forall>n x. N \<le> n \<and> P x \<longrightarrow> dist (s n x) (l' x) < e"
+ using assms(1) unfolding uniformly_convergent_eq_cauchy[THEN sym] by auto
+ moreover
+ { fix x assume "P x"
+ hence "l x = l' x" using Lim_unique[OF trivial_limit_sequentially, of "\<lambda>n. s n x" "l x" "l' x"]
+ using l and assms(2) unfolding Lim_sequentially by blast }
+ ultimately show ?thesis by auto
+qed
+
+subsection{* Define continuity over a net to take in restrictions of the set. *}
+
+definition "continuous net f \<longleftrightarrow> (f ---> f(netlimit net)) net"
+
+lemma continuous_trivial_limit:
+ "trivial_limit net ==> continuous net f"
+ unfolding continuous_def tendsto_def eventually_def by auto
+
+lemma continuous_within: "continuous (at x within s) f \<longleftrightarrow> (f ---> f(x)) (at x within s)"
+ unfolding continuous_def
+ unfolding tendsto_def
+ using netlimit_within[of x s]
+ unfolding eventually_def
+ by (cases "trivial_limit (at x within s)") auto
+
+lemma continuous_at: "continuous (at x) f \<longleftrightarrow> (f ---> f(x)) (at x)" using within_UNIV[of x]
+ using continuous_within[of x UNIV f] by auto
+
+lemma continuous_at_within:
+ assumes "continuous (at x) f" shows "continuous (at x within s) f"
+proof(cases "x islimpt s")
+ case True show ?thesis using assms unfolding continuous_def and netlimit_at
+ using Lim_at_within[of f "f x" x s]
+ unfolding netlimit_within[unfolded trivial_limit_within not_not, OF True] by blast
+next
+ case False thus ?thesis unfolding continuous_def and netlimit_at
+ unfolding Lim and trivial_limit_within by auto
+qed
+
+text{* Derive the epsilon-delta forms, which we often use as "definitions" *}
+
+lemma continuous_within_eps_delta:
+ "continuous (at x within s) f \<longleftrightarrow> (\<forall>e>0. \<exists>d>0. \<forall>x'\<in> s. dist x' x < d --> dist (f x') (f x) < e)"
+ unfolding continuous_within and Lim_within
+ apply auto unfolding dist_nz[THEN sym] apply(auto elim!:allE) apply(rule_tac x=d in exI) by auto
+
+lemma continuous_at_eps_delta: "continuous (at x) f \<longleftrightarrow> (\<forall>e>0. \<exists>d>0.
+ \<forall>x'. dist x' x < d --> dist(f x')(f x) < e)"
+ using continuous_within_eps_delta[of x UNIV f]
+ unfolding within_UNIV by blast
+
+text{* Versions in terms of open balls. *}
+
+lemma continuous_within_ball:
+ "continuous (at x within s) f \<longleftrightarrow> (\<forall>e>0. \<exists>d>0.
+ f ` (ball x d \<inter> s) \<subseteq> ball (f x) e)" (is "?lhs = ?rhs")
+proof
+ assume ?lhs
+ { fix e::real assume "e>0"
+ then obtain d where d: "d>0" "\<forall>xa\<in>s. 0 < dist xa x \<and> dist xa x < d \<longrightarrow> dist (f xa) (f x) < e"
+ using `?lhs`[unfolded continuous_within Lim_within] by auto
+ { fix y assume "y\<in>f ` (ball x d \<inter> s)"
+ hence "y \<in> ball (f x) e" using d(2) unfolding dist_nz[THEN sym]
+ apply (auto simp add: dist_sym mem_ball) apply(erule_tac x=xa in ballE) apply auto unfolding dist_refl using `e>0` by auto
+ }
+ hence "\<exists>d>0. f ` (ball x d \<inter> s) \<subseteq> ball (f x) e" using `d>0` unfolding subset_eq ball_def by (auto simp add: dist_sym) }
+ thus ?rhs by auto
+next
+ assume ?rhs thus ?lhs unfolding continuous_within Lim_within ball_def subset_eq
+ apply (auto simp add: dist_sym) apply(erule_tac x=e in allE) by auto
+qed
+
+lemma continuous_at_ball: fixes f::"real^'a \<Rightarrow> real^'a"
+ shows "continuous (at x) f \<longleftrightarrow> (\<forall>e>0. \<exists>d>0. f ` (ball x d) \<subseteq> ball (f x) e)" (is "?lhs = ?rhs")
+proof
+ assume ?lhs thus ?rhs unfolding continuous_at Lim_at subset_eq Ball_def Bex_def image_iff mem_ball
+ apply auto apply(erule_tac x=e in allE) apply auto apply(rule_tac x=d in exI) apply auto apply(erule_tac x=xa in allE) apply (auto simp add: dist_refl dist_sym dist_nz)
+ unfolding dist_nz[THEN sym] by (auto simp add: dist_refl)
+next
+ assume ?rhs thus ?lhs unfolding continuous_at Lim_at subset_eq Ball_def Bex_def image_iff mem_ball
+ apply auto apply(erule_tac x=e in allE) apply auto apply(rule_tac x=d in exI) apply auto apply(erule_tac x="f xa" in allE) by (auto simp add: dist_refl dist_sym dist_nz)
+qed
+
+text{* For setwise continuity, just start from the epsilon-delta definitions. *}
+
+definition "continuous_on s f \<longleftrightarrow> (\<forall>x \<in> s. \<forall>e>0. \<exists>d::real>0. \<forall>x' \<in> s. dist x' x < d --> dist (f x') (f x) < e)"
+
+
+definition "uniformly_continuous_on s f \<longleftrightarrow>
+ (\<forall>e>0. \<exists>d>0. \<forall>x\<in>s. \<forall> x'\<in>s. dist x' x < d
+ --> dist (f x') (f x) < e)"
+
+text{* Some simple consequential lemmas. *}
+
+lemma uniformly_continuous_imp_continuous:
+ " uniformly_continuous_on s f ==> continuous_on s f"
+ unfolding uniformly_continuous_on_def continuous_on_def by blast
+
+lemma continuous_at_imp_continuous_within:
+ "continuous (at x) f ==> continuous (at x within s) f"
+ unfolding continuous_within continuous_at using Lim_at_within by auto
+
+lemma continuous_at_imp_continuous_on: assumes "(\<forall>x \<in> s. continuous (at x) f)"
+ shows "continuous_on s f"
+proof(simp add: continuous_at continuous_on_def, rule, rule, rule)
+ fix x and e::real assume "x\<in>s" "e>0"
+ hence "eventually (\<lambda>xa. dist (f xa) (f x) < e) (at x)" using assms unfolding continuous_at tendsto_def by auto
+ then obtain d where d:"d>0" "\<forall>xa. 0 < dist xa x \<and> dist xa x < d \<longrightarrow> dist (f xa) (f x) < e" unfolding eventually_at by auto
+ { fix x' assume "\<not> 0 < dist x' x"
+ hence "x=x'"
+ using dist_nz[of x' x] by auto
+ hence "dist (f x') (f x) < e" using dist_refl[of "f x'"] `e>0` by auto
+ }
+ thus "\<exists>d>0. \<forall>x'\<in>s. dist x' x < d \<longrightarrow> dist (f x') (f x) < e" using d by auto
+qed
+
+lemma continuous_on_eq_continuous_within:
+ "continuous_on s f \<longleftrightarrow> (\<forall>x \<in> s. continuous (at x within s) f)" (is "?lhs = ?rhs")
+proof
+ assume ?rhs
+ { fix x assume "x\<in>s"
+ fix e::real assume "e>0"
+ assume "\<exists>d>0. \<forall>xa\<in>s. 0 < dist xa x \<and> dist xa x < d \<longrightarrow> dist (f xa) (f x) < e"
+ then obtain d where "d>0" and d:"\<forall>xa\<in>s. 0 < dist xa x \<and> dist xa x < d \<longrightarrow> dist (f xa) (f x) < e" by auto
+ { fix x' assume as:"x'\<in>s" "dist x' x < d"
+ hence "dist (f x') (f x) < e" using dist_refl[of "f x'"] `e>0` d `x'\<in>s` dist_eq_0[of x' x] dist_pos_le[of x' x] as(2) by (metis dist_eq_0 dist_nz) }
+ hence "\<exists>d>0. \<forall>x'\<in>s. dist x' x < d \<longrightarrow> dist (f x') (f x) < e" using `d>0` by (auto simp add: dist_refl)
+ }
+ thus ?lhs using `?rhs` unfolding continuous_on_def continuous_within Lim_within by auto
+next
+ assume ?lhs
+ thus ?rhs unfolding continuous_on_def continuous_within Lim_within by blast
+qed
+
+lemma continuous_on:
+ "continuous_on s f \<longleftrightarrow> (\<forall>x \<in> s. (f ---> f(x)) (at x within s))"
+ by (auto simp add: continuous_on_eq_continuous_within continuous_within)
+
+lemma continuous_on_eq_continuous_at:
+ "open s ==> (continuous_on s f \<longleftrightarrow> (\<forall>x \<in> s. continuous (at x) f))"
+ by (auto simp add: continuous_on continuous_at Lim_within_open)
+
+lemma continuous_within_subset:
+ "continuous (at x within s) f \<Longrightarrow> t \<subseteq> s
+ ==> continuous (at x within t) f"
+ unfolding continuous_within by(metis Lim_within_subset)
+
+lemma continuous_on_subset:
+ "continuous_on s f \<Longrightarrow> t \<subseteq> s ==> continuous_on t f"
+ unfolding continuous_on by (metis subset_eq Lim_within_subset)
+
+lemma continuous_on_interior:
+ "continuous_on s f \<Longrightarrow> x \<in> interior s ==> continuous (at x) f"
+unfolding interior_def
+apply simp
+by (meson continuous_on_eq_continuous_at continuous_on_subset)
+
+lemma continuous_on_eq:
+ "(\<forall>x \<in> s. f x = g x) \<Longrightarrow> continuous_on s f
+ ==> continuous_on s g"
+ by (simp add: continuous_on_def)
+
+text{* Characterization of various kinds of continuity in terms of sequences. *}
+
+lemma continuous_within_sequentially:
+ "continuous (at a within s) f \<longleftrightarrow>
+ (\<forall>x. (\<forall>n::nat. x n \<in> s) \<and> (x ---> a) sequentially
+ --> ((f o x) ---> f a) sequentially)" (is "?lhs = ?rhs")
+proof
+ assume ?lhs
+ { fix x::"nat \<Rightarrow> real^'a" assume x:"\<forall>n. x n \<in> s" "\<forall>e>0. \<exists>N. \<forall>n\<ge>N. dist (x n) a < e"
+ fix e::real assume "e>0"
+ from `?lhs` obtain d where "d>0" and d:"\<forall>x\<in>s. 0 < dist x a \<and> dist x a < d \<longrightarrow> dist (f x) (f a) < e" unfolding continuous_within Lim_within using `e>0` by auto
+ from x(2) `d>0` obtain N where N:"\<forall>n\<ge>N. dist (x n) a < d" by auto
+ hence "\<exists>N. \<forall>n\<ge>N. dist ((f \<circ> x) n) (f a) < e"
+ apply(rule_tac x=N in exI) using N d apply auto using x(1)
+ apply(erule_tac x=n in allE) apply(erule_tac x=n in allE)
+ apply(erule_tac x="x n" in ballE) apply auto unfolding dist_nz[THEN sym] apply auto unfolding dist_refl using `e>0` by auto
+ }
+ thus ?rhs unfolding continuous_within unfolding Lim_sequentially by simp
+next
+ assume ?rhs
+ { fix e::real assume "e>0"
+ assume "\<not> (\<exists>d>0. \<forall>x\<in>s. 0 < dist x a \<and> dist x a < d \<longrightarrow> dist (f x) (f a) < e)"
+ hence "\<forall>d. \<exists>x. d>0 \<longrightarrow> x\<in>s \<and> (0 < dist x a \<and> dist x a < d \<and> \<not> dist (f x) (f a) < e)" by blast
+ then obtain x where x:"\<forall>d>0. x d \<in> s \<and> (0 < dist (x d) a \<and> dist (x d) a < d \<and> \<not> dist (f (x d)) (f a) < e)"
+ using choice[of "\<lambda>d x.0<d \<longrightarrow> x\<in>s \<and> (0 < dist x a \<and> dist x a < d \<and> \<not> dist (f x) (f a) < e)"] by auto
+ { fix d::real assume "d>0"
+ hence "\<exists>N::nat. inverse (real (N + 1)) < d" using real_arch_inv[of d] by (auto, rule_tac x="n - 1" in exI)auto
+ then obtain N::nat where N:"inverse (real (N + 1)) < d" by auto
+ { fix n::nat assume n:"n\<ge>N"
+ hence "dist (x (inverse (real (n + 1)))) a < inverse (real (n + 1))" using x[THEN spec[where x="inverse (real (n + 1))"]] by auto
+ moreover have "inverse (real (n + 1)) < d" using N n by (auto, metis Suc_le_mono le_SucE less_imp_inverse_less nat_le_real_less order_less_trans real_of_nat_Suc real_of_nat_Suc_gt_zero)
+ ultimately have "dist (x (inverse (real (n + 1)))) a < d" by auto
+ }
+ hence "\<exists>N::nat. \<forall>n\<ge>N. dist (x (inverse (real (n + 1)))) a < d" by auto
+ }
+ hence "(\<forall>n::nat. x (inverse (real (n + 1))) \<in> s) \<and> (\<forall>e>0. \<exists>N::nat. \<forall>n\<ge>N. dist (x (inverse (real (n + 1)))) a < e)" using x by auto
+ hence "\<forall>e>0. \<exists>N::nat. \<forall>n\<ge>N. dist (f (x (inverse (real (n + 1))))) (f a) < e" using `?rhs`[THEN spec[where x="\<lambda>n::nat. x (inverse (real (n+1)))"], unfolded Lim_sequentially] by auto
+ hence "False" apply(erule_tac x=e in allE) using `e>0` using x by auto
+ }
+ thus ?lhs unfolding continuous_within unfolding Lim_within unfolding Lim_sequentially by blast
+qed
+
+lemma continuous_at_sequentially:
+ "continuous (at a) f \<longleftrightarrow> (\<forall>x. (x ---> a) sequentially
+ --> ((f o x) ---> f a) sequentially)"
+ using continuous_within_sequentially[of a UNIV f] unfolding within_UNIV by auto
+
+lemma continuous_on_sequentially:
+ "continuous_on s f \<longleftrightarrow> (\<forall>x. \<forall>a \<in> s. (\<forall>n. x(n) \<in> s) \<and> (x ---> a) sequentially
+ --> ((f o x) ---> f(a)) sequentially)" (is "?lhs = ?rhs")
+proof
+ assume ?rhs thus ?lhs using continuous_within_sequentially[of _ s f] unfolding continuous_on_eq_continuous_within by auto
+next
+ assume ?lhs thus ?rhs unfolding continuous_on_eq_continuous_within using continuous_within_sequentially[of _ s f] by auto
+qed
+
+lemma uniformly_continuous_on_sequentially:
+ "uniformly_continuous_on s f \<longleftrightarrow> (\<forall>x y. (\<forall>n. x n \<in> s) \<and> (\<forall>n. y n \<in> s) \<and>
+ ((\<lambda>n. x n - y n) ---> 0) sequentially
+ \<longrightarrow> ((\<lambda>n. f(x n) - f(y n)) ---> 0) sequentially)" (is "?lhs = ?rhs")
+proof
+ assume ?lhs
+ { fix x y assume x:"\<forall>n. x n \<in> s" and y:"\<forall>n. y n \<in> s" and xy:"((\<lambda>n. x n - y n) ---> 0) sequentially"
+ { fix e::real assume "e>0"
+ then obtain d where "d>0" and d:"\<forall>x\<in>s. \<forall>x'\<in>s. dist x' x < d \<longrightarrow> dist (f x') (f x) < e"
+ using `?lhs`[unfolded uniformly_continuous_on_def, THEN spec[where x=e]] by auto
+ obtain N where N:"\<forall>n\<ge>N. norm (x n - y n - 0) < d" using xy[unfolded Lim_sequentially dist_def] and `d>0` by auto
+ { fix n assume "n\<ge>N"
+ hence "norm (f (x n) - f (y n) - 0) < e"
+ using N[THEN spec[where x=n]] using d[THEN bspec[where x="x n"], THEN bspec[where x="y n"]] using x and y
+ unfolding dist_sym and dist_def by simp }
+ hence "\<exists>N. \<forall>n\<ge>N. norm (f (x n) - f (y n) - 0) < e" by auto }
+ hence "((\<lambda>n. f(x n) - f(y n)) ---> 0) sequentially" unfolding Lim_sequentially and dist_def by auto }
+ thus ?rhs by auto
+next
+ assume ?rhs
+ { assume "\<not> ?lhs"
+ then obtain e where "e>0" "\<forall>d>0. \<exists>x\<in>s. \<exists>x'\<in>s. dist x' x < d \<and> \<not> dist (f x') (f x) < e" unfolding uniformly_continuous_on_def by auto
+ then obtain fa where fa:"\<forall>x. 0 < x \<longrightarrow> fst (fa x) \<in> s \<and> snd (fa x) \<in> s \<and> dist (fst (fa x)) (snd (fa x)) < x \<and> \<not> dist (f (fst (fa x))) (f (snd (fa x))) < e"
+ using choice[of "\<lambda>d x. d>0 \<longrightarrow> fst x \<in> s \<and> snd x \<in> s \<and> dist (snd x) (fst x) < d \<and> \<not> dist (f (snd x)) (f (fst x)) < e"] unfolding Bex_def
+ by (auto simp add: dist_sym)
+ def x \<equiv> "\<lambda>n::nat. fst (fa (inverse (real n + 1)))"
+ def y \<equiv> "\<lambda>n::nat. snd (fa (inverse (real n + 1)))"
+ have xyn:"\<forall>n. x n \<in> s \<and> y n \<in> s" and xy0:"\<forall>n. dist (x n) (y n) < inverse (real n + 1)" and fxy:"\<forall>n. \<not> dist (f (x n)) (f (y n)) < e"
+ unfolding x_def and y_def using fa by auto
+ have *:"\<And>x y. dist (x - y) 0 = dist x y" unfolding dist_def by auto
+ { fix e::real assume "e>0"
+ then obtain N::nat where "N \<noteq> 0" and N:"0 < inverse (real N) \<and> inverse (real N) < e" unfolding real_arch_inv[of e] by auto
+ { fix n::nat assume "n\<ge>N"
+ hence "inverse (real n + 1) < inverse (real N)" using real_of_nat_ge_zero and `N\<noteq>0` by auto
+ also have "\<dots> < e" using N by auto
+ finally have "inverse (real n + 1) < e" by auto
+ hence "dist (x n - y n) 0 < e" unfolding * using xy0[THEN spec[where x=n]] by auto }
+ hence "\<exists>N. \<forall>n\<ge>N. dist (x n - y n) 0 < e" by auto }
+ hence "\<forall>e>0. \<exists>N. \<forall>n\<ge>N. dist (f (x n) - f (y n)) 0 < e" using `?rhs`[THEN spec[where x=x], THEN spec[where x=y]] and xyn unfolding Lim_sequentially by auto
+ hence False unfolding * using fxy and `e>0` by auto }
+ thus ?lhs unfolding uniformly_continuous_on_def by blast
+qed
+
+text{* The usual transformation theorems. *}
+
+lemma continuous_transform_within:
+ assumes "0 < d" "x \<in> s" "\<forall>x' \<in> s. dist x' x < d --> f x' = g x'"
+ "continuous (at x within s) f"
+ shows "continuous (at x within s) g"
+proof-
+ { fix e::real assume "e>0"
+ then obtain d' where d':"d'>0" "\<forall>xa\<in>s. 0 < dist xa x \<and> dist xa x < d' \<longrightarrow> dist (f xa) (f x) < e" using assms(4) unfolding continuous_within Lim_within by auto
+ { fix x' assume "x'\<in>s" "0 < dist x' x" "dist x' x < (min d d')"
+ hence "dist (f x') (g x) < e" using assms(2,3) apply(erule_tac x=x in ballE) unfolding dist_refl using d' by auto }
+ hence "\<forall>xa\<in>s. 0 < dist xa x \<and> dist xa x < (min d d') \<longrightarrow> dist (f xa) (g x) < e" by blast
+ hence "\<exists>d>0. \<forall>xa\<in>s. 0 < dist xa x \<and> dist xa x < d \<longrightarrow> dist (f xa) (g x) < e" using `d>0` `d'>0` by(rule_tac x="min d d'" in exI)auto }
+ hence "(f ---> g x) (at x within s)" unfolding Lim_within using assms(1) by auto
+ thus ?thesis unfolding continuous_within using Lim_transform_within[of d s x f g "g x"] using assms by blast
+qed
+
+lemma continuous_transform_at:
+ assumes "0 < d" "\<forall>x'. dist x' x < d --> f x' = g x'"
+ "continuous (at x) f"
+ shows "continuous (at x) g"
+proof-
+ { fix e::real assume "e>0"
+ then obtain d' where d':"d'>0" "\<forall>xa. 0 < dist xa x \<and> dist xa x < d' \<longrightarrow> dist (f xa) (f x) < e" using assms(3) unfolding continuous_at Lim_at by auto
+ { fix x' assume "0 < dist x' x" "dist x' x < (min d d')"
+ hence "dist (f x') (g x) < e" using assms(2) apply(erule_tac x=x in allE) unfolding dist_refl using d' by auto
+ }
+ hence "\<forall>xa. 0 < dist xa x \<and> dist xa x < (min d d') \<longrightarrow> dist (f xa) (g x) < e" by blast
+ hence "\<exists>d>0. \<forall>xa. 0 < dist xa x \<and> dist xa x < d \<longrightarrow> dist (f xa) (g x) < e" using `d>0` `d'>0` by(rule_tac x="min d d'" in exI)auto
+ }
+ hence "(f ---> g x) (at x)" unfolding Lim_at using assms(1) by auto
+ thus ?thesis unfolding continuous_at using Lim_transform_at[of d x f g "g x"] using assms by blast
+qed
+
+text{* Combination results for pointwise continuity. *}
+
+lemma continuous_const: "continuous net (\<lambda>x::'a::zero_neq_one. c)"
+ by(auto simp add: continuous_def Lim_const)
+
+lemma continuous_cmul:
+ "continuous net f ==> continuous net (\<lambda>x. c *s f x)"
+ by(auto simp add: continuous_def Lim_cmul)
+
+lemma continuous_neg:
+ "continuous net f ==> continuous net (\<lambda>x. -(f x))"
+ by(auto simp add: continuous_def Lim_neg)
+
+lemma continuous_add:
+ "continuous net f \<Longrightarrow> continuous net g
+ ==> continuous net (\<lambda>x. f x + g x)"
+ by(auto simp add: continuous_def Lim_add)
+
+lemma continuous_sub:
+ "continuous net f \<Longrightarrow> continuous net g
+ ==> continuous net (\<lambda>x. f(x) - g(x))"
+ by(auto simp add: continuous_def Lim_sub)
+
+text{* Same thing for setwise continuity. *}
+
+lemma continuous_on_const:
+ "continuous_on s (\<lambda>x. c)"
+ unfolding continuous_on_eq_continuous_within using continuous_const by blast
+
+lemma continuous_on_cmul:
+ "continuous_on s f ==> continuous_on s (\<lambda>x. c *s (f x))"
+ unfolding continuous_on_eq_continuous_within using continuous_cmul by blast
+
+lemma continuous_on_neg:
+ "continuous_on s f ==> continuous_on s (\<lambda>x. -(f x))"
+ unfolding continuous_on_eq_continuous_within using continuous_neg by blast
+
+lemma continuous_on_add:
+ "continuous_on s f \<Longrightarrow> continuous_on s g
+ ==> continuous_on s (\<lambda>x. f x + g x)"
+ unfolding continuous_on_eq_continuous_within using continuous_add by blast
+
+lemma continuous_on_sub:
+ "continuous_on s f \<Longrightarrow> continuous_on s g
+ ==> continuous_on s (\<lambda>x. f(x) - g(x))"
+ unfolding continuous_on_eq_continuous_within using continuous_sub by blast
+
+text{* Same thing for uniform continuity, using sequential formulations. *}
+
+lemma uniformly_continuous_on_const:
+ "uniformly_continuous_on s (\<lambda>x. c)"
+ unfolding uniformly_continuous_on_sequentially using Lim_const[of 0] by auto
+
+lemma uniformly_continuous_on_cmul:
+ assumes "uniformly_continuous_on s f"
+ shows "uniformly_continuous_on s (\<lambda>x. c *s f(x))"
+proof-
+ { fix x y assume "((\<lambda>n. f (x n) - f (y n)) ---> 0) sequentially"
+ hence "((\<lambda>n. c *s f (x n) - c *s f (y n)) ---> 0) sequentially"
+ using Lim_cmul[of "(\<lambda>n. f (x n) - f (y n))" 0 sequentially c]
+ unfolding vector_smult_rzero vector_ssub_ldistrib[of c] by auto
+ }
+ thus ?thesis using assms unfolding uniformly_continuous_on_sequentially by auto
+qed
+
+lemma uniformly_continuous_on_neg:
+ "uniformly_continuous_on s f
+ ==> uniformly_continuous_on s (\<lambda>x. -(f x))"
+ using uniformly_continuous_on_cmul[of s f "-1"] unfolding pth_3 by auto
+
+lemma uniformly_continuous_on_add:
+ assumes "uniformly_continuous_on s f" "uniformly_continuous_on s g"
+ shows "uniformly_continuous_on s (\<lambda>x. f(x) + g(x) ::real^'n)"
+proof-
+ have *:"\<And>fx fy gx gy::real^'n. fx - fy + (gx - gy) = fx + gx - (fy + gy)" by auto
+ { fix x y assume "((\<lambda>n. f (x n) - f (y n)) ---> 0) sequentially"
+ "((\<lambda>n. g (x n) - g (y n)) ---> 0) sequentially"
+ hence "((\<lambda>xa. f (x xa) - f (y xa) + (g (x xa) - g (y xa))) ---> 0 + 0) sequentially"
+ using Lim_add[of "\<lambda> n. f (x n) - f (y n)" 0 sequentially "\<lambda> n. g (x n) - g (y n)" 0] by auto
+ hence "((\<lambda>n. f (x n) + g (x n) - (f (y n) + g (y n))) ---> 0) sequentially" unfolding Lim_sequentially and * by auto }
+ thus ?thesis using assms unfolding uniformly_continuous_on_sequentially by auto
+qed
+
+lemma uniformly_continuous_on_sub:
+ "uniformly_continuous_on s f \<Longrightarrow> uniformly_continuous_on s g
+ ==> uniformly_continuous_on s (\<lambda>x. f x - g x)"
+ unfolding ab_diff_minus
+ using uniformly_continuous_on_add[of s f "\<lambda>x. - g x"]
+ using uniformly_continuous_on_neg[of s g] by auto
+
+text{* Identity function is continuous in every sense. *}
+
+lemma continuous_within_id:
+ "continuous (at a within s) (\<lambda>x. x)"
+ unfolding continuous_within Lim_within by auto
+
+lemma continuous_at_id:
+ "continuous (at a) (\<lambda>x. x)"
+ unfolding continuous_at Lim_at by auto
+
+lemma continuous_on_id:
+ "continuous_on s (\<lambda>x. x)"
+ unfolding continuous_on Lim_within by auto
+
+lemma uniformly_continuous_on_id:
+ "uniformly_continuous_on s (\<lambda>x. x)"
+ unfolding uniformly_continuous_on_def by auto
+
+text{* Continuity of all kinds is preserved under composition. *}
+
+lemma continuous_within_compose:
+ assumes "continuous (at x within s) f" "continuous (at (f x) within f ` s) g"
+ shows "continuous (at x within s) (g o f)"
+proof-
+ { fix e::real assume "e>0"
+ with assms(2)[unfolded continuous_within Lim_within] obtain d where "d>0" and d:"\<forall>xa\<in>f ` s. 0 < dist xa (f x) \<and> dist xa (f x) < d \<longrightarrow> dist (g xa) (g (f x)) < e" by auto
+ from assms(1)[unfolded continuous_within Lim_within] obtain d' where "d'>0" and d':"\<forall>xa\<in>s. 0 < dist xa x \<and> dist xa x < d' \<longrightarrow> dist (f xa) (f x) < d" using `d>0` by auto
+ { fix y assume as:"y\<in>s" "0 < dist y x" "dist y x < d'"
+ hence "dist (f y) (f x) < d" using d'[THEN bspec[where x=y]] by (auto simp add:dist_sym)
+ hence "dist (g (f y)) (g (f x)) < e" using as(1) d[THEN bspec[where x="f y"]] unfolding dist_nz[THEN sym] using `e>0` by (auto simp add: dist_refl) }
+ hence "\<exists>d>0. \<forall>xa\<in>s. 0 < dist xa x \<and> dist xa x < d \<longrightarrow> dist (g (f xa)) (g (f x)) < e" using `d'>0` by auto }
+ thus ?thesis unfolding continuous_within Lim_within by auto
+qed
+
+lemma continuous_at_compose:
+ assumes "continuous (at x) f" "continuous (at (f x)) g"
+ shows "continuous (at x) (g o f)"
+proof-
+ have " continuous (at (f x) within range f) g" using assms(2) using continuous_within_subset[of "f x" UNIV g "range f", unfolded within_UNIV] by auto
+ thus ?thesis using assms(1) using continuous_within_compose[of x UNIV f g, unfolded within_UNIV] by auto
+qed
+
+lemma continuous_on_compose:
+ "continuous_on s f \<Longrightarrow> continuous_on (f ` s) g \<Longrightarrow> continuous_on s (g o f)"
+ unfolding continuous_on_eq_continuous_within using continuous_within_compose[of _ s f g] by auto
+
+lemma uniformly_continuous_on_compose:
+ assumes "uniformly_continuous_on s f" "uniformly_continuous_on (f ` s) g"
+ shows "uniformly_continuous_on s (g o f)"
+proof-
+ { fix e::real assume "e>0"
+ then obtain d where "d>0" and d:"\<forall>x\<in>f ` s. \<forall>x'\<in>f ` s. dist x' x < d \<longrightarrow> dist (g x') (g x) < e" using assms(2) unfolding uniformly_continuous_on_def by auto
+ obtain d' where "d'>0" "\<forall>x\<in>s. \<forall>x'\<in>s. dist x' x < d' \<longrightarrow> dist (f x') (f x) < d" using `d>0` using assms(1) unfolding uniformly_continuous_on_def by auto
+ hence "\<exists>d>0. \<forall>x\<in>s. \<forall>x'\<in>s. dist x' x < d \<longrightarrow> dist ((g \<circ> f) x') ((g \<circ> f) x) < e" using `d>0` using d by auto }
+ thus ?thesis using assms unfolding uniformly_continuous_on_def by auto
+qed
+
+text{* Continuity in terms of open preimages. *}
+
+lemma continuous_at_open:
+ "continuous (at x) f \<longleftrightarrow> (\<forall>t. open t \<and> f x \<in> t --> (\<exists>s. open s \<and> x \<in> s \<and> (\<forall>x' \<in> s. (f x') \<in> t)))" (is "?lhs = ?rhs")
+proof
+ assume ?lhs
+ { fix t assume as: "open t" "f x \<in> t"
+ then obtain e where "e>0" and e:"ball (f x) e \<subseteq> t" unfolding open_contains_ball by auto
+
+ obtain d where "d>0" and d:"\<forall>y. 0 < dist y x \<and> dist y x < d \<longrightarrow> dist (f y) (f x) < e" using `e>0` using `?lhs`[unfolded continuous_at Lim_at open_def] by auto
+
+ have "open (ball x d)" using open_ball by auto
+ moreover have "x \<in> ball x d" unfolding centre_in_ball using `d>0` by simp
+ moreover
+ { fix x' assume "x'\<in>ball x d" hence "f x' \<in> t"
+ using e[unfolded subset_eq Ball_def mem_ball, THEN spec[where x="f x'"]] d[THEN spec[where x=x']]
+ unfolding mem_ball apply (auto simp add: dist_sym)
+ unfolding dist_nz[THEN sym] using as(2) by auto }
+ hence "\<forall>x'\<in>ball x d. f x' \<in> t" by auto
+ ultimately have "\<exists>s. open s \<and> x \<in> s \<and> (\<forall>x'\<in>s. f x' \<in> t)"
+ apply(rule_tac x="ball x d" in exI) by simp }
+ thus ?rhs by auto
+next
+ assume ?rhs
+ { fix e::real assume "e>0"
+ then obtain s where s: "open s" "x \<in> s" "\<forall>x'\<in>s. f x' \<in> ball (f x) e" using `?rhs`[unfolded continuous_at Lim_at, THEN spec[where x="ball (f x) e"]]
+ unfolding centre_in_ball[of "f x" e, THEN sym] by auto
+ then obtain d where "d>0" and d:"ball x d \<subseteq> s" unfolding open_contains_ball by auto
+ { fix y assume "0 < dist y x \<and> dist y x < d"
+ hence "dist (f y) (f x) < e" using d[unfolded subset_eq Ball_def mem_ball, THEN spec[where x=y]]
+ using s(3)[THEN bspec[where x=y], unfolded mem_ball] by (auto simp add: dist_sym) }
+ hence "\<exists>d>0. \<forall>xa. 0 < dist xa x \<and> dist xa x < d \<longrightarrow> dist (f xa) (f x) < e" using `d>0` by auto }
+ thus ?lhs unfolding continuous_at Lim_at by auto
+qed
+
+lemma continuous_on_open:
+ "continuous_on s f \<longleftrightarrow>
+ (\<forall>t. openin (subtopology euclidean (f ` s)) t
+ --> openin (subtopology euclidean s) {x \<in> s. f x \<in> t})" (is "?lhs = ?rhs")
+proof
+ assume ?lhs
+ { fix t assume as:"openin (subtopology euclidean (f ` s)) t"
+ have "{x \<in> s. f x \<in> t} \<subseteq> s" using as[unfolded openin_euclidean_subtopology_iff] by auto
+ moreover
+ { fix x assume as':"x\<in>{x \<in> s. f x \<in> t}"
+ then obtain e where e: "e>0" "\<forall>x'\<in>f ` s. dist x' (f x) < e \<longrightarrow> x' \<in> t" using as[unfolded openin_euclidean_subtopology_iff, THEN conjunct2, THEN bspec[where x="f x"]] by auto
+ from this(1) obtain d where d: "d>0" "\<forall>xa\<in>s. 0 < dist xa x \<and> dist xa x < d \<longrightarrow> dist (f xa) (f x) < e" using `?lhs`[unfolded continuous_on Lim_within, THEN bspec[where x=x]] using as' by auto
+ have "\<exists>e>0. \<forall>x'\<in>s. dist x' x < e \<longrightarrow> x' \<in> {x \<in> s. f x \<in> t}" using d e unfolding dist_nz[THEN sym] by (rule_tac x=d in exI, auto simp add: dist_refl) }
+ ultimately have "openin (subtopology euclidean s) {x \<in> s. f x \<in> t}" unfolding openin_euclidean_subtopology_iff by auto }
+ thus ?rhs unfolding continuous_on Lim_within using openin by auto
+next
+ assume ?rhs
+ { fix e::real and x assume "x\<in>s" "e>0"
+ { fix xa x' assume "dist (f xa) (f x) < e" "xa \<in> s" "x' \<in> s" "dist (f xa) (f x') < e - dist (f xa) (f x)"
+ hence "dist (f x') (f x) < e" using dist_triangle[of "f x'" "f x" "f xa"]
+ by (auto simp add: dist_sym) }
+ hence "ball (f x) e \<inter> f ` s \<subseteq> f ` s \<and> (\<forall>xa\<in>ball (f x) e \<inter> f ` s. \<exists>ea>0. \<forall>x'\<in>f ` s. dist x' xa < ea \<longrightarrow> x' \<in> ball (f x) e \<inter> f ` s)" apply auto
+ apply(rule_tac x="e - dist (f xa) (f x)" in exI) using `e>0` by (auto simp add: dist_sym)
+ hence "\<forall>xa\<in>{xa \<in> s. f xa \<in> ball (f x) e \<inter> f ` s}. \<exists>ea>0. \<forall>x'\<in>s. dist x' xa < ea \<longrightarrow> x' \<in> {xa \<in> s. f xa \<in> ball (f x) e \<inter> f ` s}"
+ using `?rhs`[unfolded openin_euclidean_subtopology_iff, THEN spec[where x="ball (f x) e \<inter> f ` s"]] by auto
+ hence "\<exists>d>0. \<forall>xa\<in>s. 0 < dist xa x \<and> dist xa x < d \<longrightarrow> dist (f xa) (f x) < e" apply(erule_tac x=x in ballE) apply auto unfolding dist_refl using `e>0` `x\<in>s` by (auto simp add: dist_sym) }
+ thus ?lhs unfolding continuous_on Lim_within by auto
+qed
+
+(* ------------------------------------------------------------------------- *)
+(* Similarly in terms of closed sets. *)
+(* ------------------------------------------------------------------------- *)
+
+lemma continuous_on_closed:
+ "continuous_on s f \<longleftrightarrow> (\<forall>t. closedin (subtopology euclidean (f ` s)) t --> closedin (subtopology euclidean s) {x \<in> s. f x \<in> t})" (is "?lhs = ?rhs")
+proof
+ assume ?lhs
+ { fix t
+ have *:"s - {x \<in> s. f x \<in> f ` s - t} = {x \<in> s. f x \<in> t}" by auto
+ have **:"f ` s - (f ` s - (f ` s - t)) = f ` s - t" by auto
+ assume as:"closedin (subtopology euclidean (f ` s)) t"
+ hence "closedin (subtopology euclidean (f ` s)) (f ` s - (f ` s - t))" unfolding closedin_def topspace_euclidean_subtopology unfolding ** by auto
+ hence "closedin (subtopology euclidean s) {x \<in> s. f x \<in> t}" using `?lhs`[unfolded continuous_on_open, THEN spec[where x="(f ` s) - t"]]
+ unfolding openin_closedin_eq topspace_euclidean_subtopology unfolding * by auto }
+ thus ?rhs by auto
+next
+ assume ?rhs
+ { fix t
+ have *:"s - {x \<in> s. f x \<in> f ` s - t} = {x \<in> s. f x \<in> t}" by auto
+ assume as:"openin (subtopology euclidean (f ` s)) t"
+ hence "openin (subtopology euclidean s) {x \<in> s. f x \<in> t}" using `?rhs`[THEN spec[where x="(f ` s) - t"]]
+ unfolding openin_closedin_eq topspace_euclidean_subtopology *[THEN sym] closedin_subtopology by auto }
+ thus ?lhs unfolding continuous_on_open by auto
+qed
+
+text{* Half-global and completely global cases. *}
+
+lemma continuous_open_in_preimage:
+ assumes "continuous_on s f" "open t"
+ shows "openin (subtopology euclidean s) {x \<in> s. f x \<in> t}"
+proof-
+ have *:"\<forall>x. x \<in> s \<and> f x \<in> t \<longleftrightarrow> x \<in> s \<and> f x \<in> (t \<inter> f ` s)" by auto
+ have "openin (subtopology euclidean (f ` s)) (t \<inter> f ` s)"
+ using openin_open_Int[of t "f ` s", OF assms(2)] unfolding openin_open by auto
+ thus ?thesis using assms(1)[unfolded continuous_on_open, THEN spec[where x="t \<inter> f ` s"]] using * by auto
+qed
+
+lemma continuous_closed_in_preimage:
+ assumes "continuous_on s f" "closed t"
+ shows "closedin (subtopology euclidean s) {x \<in> s. f x \<in> t}"
+proof-
+ have *:"\<forall>x. x \<in> s \<and> f x \<in> t \<longleftrightarrow> x \<in> s \<and> f x \<in> (t \<inter> f ` s)" by auto
+ have "closedin (subtopology euclidean (f ` s)) (t \<inter> f ` s)"
+ using closedin_closed_Int[of t "f ` s", OF assms(2)] unfolding Int_commute by auto
+ thus ?thesis
+ using assms(1)[unfolded continuous_on_closed, THEN spec[where x="t \<inter> f ` s"]] using * by auto
+qed
+
+lemma continuous_open_preimage:
+ assumes "continuous_on s f" "open s" "open t"
+ shows "open {x \<in> s. f x \<in> t}"
+proof-
+ obtain T where T: "open T" "{x \<in> s. f x \<in> t} = s \<inter> T"
+ using continuous_open_in_preimage[OF assms(1,3)] unfolding openin_open by auto
+ thus ?thesis using open_inter[of s T, OF assms(2)] by auto
+qed
+
+lemma continuous_closed_preimage:
+ assumes "continuous_on s f" "closed s" "closed t"
+ shows "closed {x \<in> s. f x \<in> t}"
+proof-
+ obtain T where T: "closed T" "{x \<in> s. f x \<in> t} = s \<inter> T"
+ using continuous_closed_in_preimage[OF assms(1,3)] unfolding closedin_closed by auto
+ thus ?thesis using closed_Int[of s T, OF assms(2)] by auto
+qed
+
+lemma continuous_open_preimage_univ:
+ "\<forall>x. continuous (at x) f \<Longrightarrow> open s \<Longrightarrow> open {x. f x \<in> s}"
+ using continuous_open_preimage[of UNIV f s] open_UNIV continuous_at_imp_continuous_on by auto
+
+lemma continuous_closed_preimage_univ:
+ "(\<forall>x. continuous (at x) f) \<Longrightarrow> closed s ==> closed {x. f x \<in> s}"
+ using continuous_closed_preimage[of UNIV f s] closed_UNIV continuous_at_imp_continuous_on by auto
+
+text{* Equality of continuous functions on closure and related results. *}
+
+lemma continuous_closed_in_preimage_constant:
+ "continuous_on s f ==> closedin (subtopology euclidean s) {x \<in> s. f x = a}"
+ using continuous_closed_in_preimage[of s f "{a}"] closed_sing by auto
+
+lemma continuous_closed_preimage_constant:
+ "continuous_on s f \<Longrightarrow> closed s ==> closed {x \<in> s. f x = a}"
+ using continuous_closed_preimage[of s f "{a}"] closed_sing by auto
+
+lemma continuous_constant_on_closure:
+ assumes "continuous_on (closure s) f"
+ "\<forall>x \<in> s. f x = a"
+ shows "\<forall>x \<in> (closure s). f x = a"
+ using continuous_closed_preimage_constant[of "closure s" f a]
+ assms closure_minimal[of s "{x \<in> closure s. f x = a}"] closure_subset unfolding subset_eq by auto
+
+lemma image_closure_subset:
+ assumes "continuous_on (closure s) f" "closed t" "(f ` s) \<subseteq> t"
+ shows "f ` (closure s) \<subseteq> t"
+proof-
+ have "s \<subseteq> {x \<in> closure s. f x \<in> t}" using assms(3) closure_subset by auto
+ moreover have "closed {x \<in> closure s. f x \<in> t}"
+ using continuous_closed_preimage[OF assms(1)] and assms(2) by auto
+ ultimately have "closure s = {x \<in> closure s . f x \<in> t}"
+ using closure_minimal[of s "{x \<in> closure s. f x \<in> t}"] by auto
+ thus ?thesis by auto
+qed
+
+lemma continuous_on_closure_norm_le:
+ assumes "continuous_on (closure s) f" "\<forall>y \<in> s. norm(f y) \<le> b" "x \<in> (closure s)"
+ shows "norm(f x) \<le> b"
+proof-
+ have *:"f ` s \<subseteq> cball 0 b" using assms(2)[unfolded mem_cball_0[THEN sym]] by auto
+ show ?thesis
+ using image_closure_subset[OF assms(1) closed_cball[of 0 b] *] assms(3)
+ unfolding subset_eq apply(erule_tac x="f x" in ballE) by (auto simp add: dist_def)
+qed
+
+text{* Making a continuous function avoid some value in a neighbourhood. *}
+
+lemma continuous_within_avoid:
+ assumes "continuous (at x within s) f" "x \<in> s" "f x \<noteq> a"
+ shows "\<exists>e>0. \<forall>y \<in> s. dist x y < e --> f y \<noteq> a"
+proof-
+ obtain d where "d>0" and d:"\<forall>xa\<in>s. 0 < dist xa x \<and> dist xa x < d \<longrightarrow> dist (f xa) (f x) < dist (f x) a"
+ using assms(1)[unfolded continuous_within Lim_within, THEN spec[where x="dist (f x) a"]] assms(3)[unfolded dist_nz] by auto
+ { fix y assume " y\<in>s" "dist x y < d"
+ hence "f y \<noteq> a" using d[THEN bspec[where x=y]] assms(3)[unfolded dist_nz]
+ apply auto unfolding dist_nz[THEN sym] by (auto simp add: dist_sym) }
+ thus ?thesis using `d>0` by auto
+qed
+
+lemma continuous_at_avoid:
+ assumes "continuous (at x) f" "f x \<noteq> a"
+ shows "\<exists>e>0. \<forall>y. dist x y < e \<longrightarrow> f y \<noteq> a"
+using assms using continuous_within_avoid[of x UNIV f a, unfolded within_UNIV] by auto
+
+lemma continuous_on_avoid:
+ assumes "continuous_on s f" "x \<in> s" "f x \<noteq> a"
+ shows "\<exists>e>0. \<forall>y \<in> s. dist x y < e \<longrightarrow> f y \<noteq> a"
+using assms(1)[unfolded continuous_on_eq_continuous_within, THEN bspec[where x=x], OF assms(2)] continuous_within_avoid[of x s f a] assms(2,3) by auto
+
+lemma continuous_on_open_avoid:
+ assumes "continuous_on s f" "open s" "x \<in> s" "f x \<noteq> a"
+ shows "\<exists>e>0. \<forall>y. dist x y < e \<longrightarrow> f y \<noteq> a"
+using assms(1)[unfolded continuous_on_eq_continuous_at[OF assms(2)], THEN bspec[where x=x], OF assms(3)] continuous_at_avoid[of x f a] assms(3,4) by auto
+
+text{* Proving a function is constant by proving open-ness of level set. *}
+
+lemma continuous_levelset_open_in_cases:
+ "connected s \<Longrightarrow> continuous_on s f \<Longrightarrow>
+ openin (subtopology euclidean s) {x \<in> s. f x = a}
+ ==> (\<forall>x \<in> s. f x \<noteq> a) \<or> (\<forall>x \<in> s. f x = a)"
+unfolding connected_clopen using continuous_closed_in_preimage_constant by auto
+
+lemma continuous_levelset_open_in:
+ "connected s \<Longrightarrow> continuous_on s f \<Longrightarrow>
+ openin (subtopology euclidean s) {x \<in> s. f x = a} \<Longrightarrow>
+ (\<exists>x \<in> s. f x = a) ==> (\<forall>x \<in> s. f x = a)"
+using continuous_levelset_open_in_cases[of s f ]
+by meson
+
+lemma continuous_levelset_open:
+ assumes "connected s" "continuous_on s f" "open {x \<in> s. f x = a}" "\<exists>x \<in> s. f x = a"
+ shows "\<forall>x \<in> s. f x = a"
+using continuous_levelset_open_in[OF assms(1,2), of a, unfolded openin_open] using assms (3,4) by auto
+
+text{* Some arithmetical combinations (more to prove). *}
+
+lemma open_scaling[intro]:
+ assumes "c \<noteq> 0" "open s"
+ shows "open((\<lambda>x. c *s x) ` s)"
+proof-
+ { fix x assume "x \<in> s"
+ then obtain e where "e>0" and e:"\<forall>x'. dist x' x < e \<longrightarrow> x' \<in> s" using assms(2)[unfolded open_def, THEN bspec[where x=x]] by auto
+ have "e * abs c > 0" using assms(1)[unfolded zero_less_abs_iff[THEN sym]] using real_mult_order[OF `e>0`] by auto
+ moreover
+ { fix y assume "dist y (c *s x) < e * \<bar>c\<bar>"
+ hence "norm ((1 / c) *s y - x) < e" unfolding dist_def
+ using norm_mul[of c "(1 / c) *s y - x", unfolded vector_ssub_ldistrib, unfolded vector_smult_assoc] assms(1)
+ mult_less_imp_less_left[of "abs c" "norm ((1 / c) *s y - x)" e, unfolded real_mult_commute[of "abs c" e]] assms(1)[unfolded zero_less_abs_iff[THEN sym]] by simp
+ hence "y \<in> op *s c ` s" using rev_image_eqI[of "(1 / c) *s y" s y "op *s c"] e[THEN spec[where x="(1 / c) *s y"]] assms(1) unfolding dist_def vector_smult_assoc by auto }
+ ultimately have "\<exists>e>0. \<forall>x'. dist x' (c *s x) < e \<longrightarrow> x' \<in> op *s c ` s" apply(rule_tac x="e * abs c" in exI) by auto }
+ thus ?thesis unfolding open_def by auto
+qed
+
+lemma open_negations:
+ "open s ==> open ((\<lambda> x. -x) ` s)" unfolding pth_3 by auto
+
+lemma open_translation:
+ assumes "open s" shows "open((\<lambda>x. a + x) ` s)"
+proof-
+ { fix x have "continuous (at x) (\<lambda>x. x - a)" using continuous_sub[of "at x" "\<lambda>x. x" "\<lambda>x. a"] continuous_at_id[of x] continuous_const[of "at x" a] by auto }
+ moreover have "{x. x - a \<in> s} = op + a ` s" apply auto unfolding image_iff apply(rule_tac x="x - a" in bexI) by auto
+ ultimately show ?thesis using continuous_open_preimage_univ[of "\<lambda>x. x - a" s] using assms by auto
+qed
+
+lemma open_affinity:
+ assumes "open s" "c \<noteq> 0"
+ shows "open ((\<lambda>x. a + c *s x) ` s)"
+proof-
+ have *:"(\<lambda>x. a + c *s x) = (\<lambda>x. a + x) \<circ> (\<lambda>x. c *s x)" unfolding o_def ..
+ have "op + a ` op *s c ` s = (op + a \<circ> op *s c) ` s" by auto
+ thus ?thesis using assms open_translation[of "op *s c ` s" a] unfolding * by auto
+qed
+
+lemma interior_translation: "interior ((\<lambda>x. a + x) ` s) = (\<lambda>x. a + x) ` (interior s)"
+proof (rule set_ext, rule)
+ fix x assume "x \<in> interior (op + a ` s)"
+ then obtain e where "e>0" and e:"ball x e \<subseteq> op + a ` s" unfolding mem_interior by auto
+ hence "ball (x - a) e \<subseteq> s" unfolding subset_eq Ball_def mem_ball dist_def apply auto apply(erule_tac x="a + xa" in allE) unfolding ab_group_add_class.diff_diff_eq[THEN sym] by auto
+ thus "x \<in> op + a ` interior s" unfolding image_iff apply(rule_tac x="x - a" in bexI) unfolding mem_interior using `e > 0` by auto
+next
+ fix x assume "x \<in> op + a ` interior s"
+ then obtain y e where "e>0" and e:"ball y e \<subseteq> s" and y:"x = a + y" unfolding image_iff Bex_def mem_interior by auto
+ { fix z have *:"a + y - z = y + a - z" by auto
+ assume "z\<in>ball x e"
+ hence "z - a \<in> s" using e[unfolded subset_eq, THEN bspec[where x="z - a"]] unfolding mem_ball dist_def y ab_group_add_class.diff_diff_eq2 * by auto
+ hence "z \<in> op + a ` s" unfolding image_iff by(auto intro!: bexI[where x="z - a"]) }
+ hence "ball x e \<subseteq> op + a ` s" unfolding subset_eq by auto
+ thus "x \<in> interior (op + a ` s)" unfolding mem_interior using `e>0` by auto
+qed
+
+subsection {* Preservation of compactness and connectedness under continuous function. *}
+
+lemma compact_continuous_image:
+ assumes "continuous_on s f" "compact s"
+ shows "compact(f ` s)"
+proof-
+ { fix x assume x:"\<forall>n::nat. x n \<in> f ` s"
+ then obtain y where y:"\<forall>n. y n \<in> s \<and> x n = f (y n)" unfolding image_iff Bex_def using choice[of "\<lambda>n xa. xa \<in> s \<and> x n = f xa"] by auto
+ then obtain l r where "l\<in>s" and r:"\<forall>m n. m < n \<longrightarrow> r m < r n" and lr:"((y \<circ> r) ---> l) sequentially" using assms(2)[unfolded compact_def, THEN spec[where x=y]] by auto
+ { fix e::real assume "e>0"
+ then obtain d where "d>0" and d:"\<forall>x'\<in>s. dist x' l < d \<longrightarrow> dist (f x') (f l) < e" using assms(1)[unfolded continuous_on_def, THEN bspec[where x=l], OF `l\<in>s`] by auto
+ then obtain N::nat where N:"\<forall>n\<ge>N. dist ((y \<circ> r) n) l < d" using lr[unfolded Lim_sequentially, THEN spec[where x=d]] by auto
+ { fix n::nat assume "n\<ge>N" hence "dist ((x \<circ> r) n) (f l) < e" using N[THEN spec[where x=n]] d[THEN bspec[where x="y (r n)"]] y[THEN spec[where x="r n"]] by auto }
+ hence "\<exists>N. \<forall>n\<ge>N. dist ((x \<circ> r) n) (f l) < e" by auto }
+ hence "\<exists>l\<in>f ` s. \<exists>r. (\<forall>m n. m < n \<longrightarrow> r m < r n) \<and> ((x \<circ> r) ---> l) sequentially" unfolding Lim_sequentially using r lr `l\<in>s` by auto }
+ thus ?thesis unfolding compact_def by auto
+qed
+
+lemma connected_continuous_image:
+ assumes "continuous_on s f" "connected s"
+ shows "connected(f ` s)"
+proof-
+ { fix T assume as: "T \<noteq> {}" "T \<noteq> f ` s" "openin (subtopology euclidean (f ` s)) T" "closedin (subtopology euclidean (f ` s)) T"
+ have "{x \<in> s. f x \<in> T} = {} \<or> {x \<in> s. f x \<in> T} = s"
+ using assms(1)[unfolded continuous_on_open, THEN spec[where x=T]]
+ using assms(1)[unfolded continuous_on_closed, THEN spec[where x=T]]
+ using assms(2)[unfolded connected_clopen, THEN spec[where x="{x \<in> s. f x \<in> T}"]] as(3,4) by auto
+ hence False using as(1,2)
+ using as(4)[unfolded closedin_def topspace_euclidean_subtopology] by auto }
+ thus ?thesis unfolding connected_clopen by auto
+qed
+
+text{* Continuity implies uniform continuity on a compact domain. *}
+
+lemma compact_uniformly_continuous:
+ assumes "continuous_on s f" "compact s"
+ shows "uniformly_continuous_on s f"
+proof-
+ { fix x assume x:"x\<in>s"
+ hence "\<forall>xa. \<exists>y. 0 < xa \<longrightarrow> (y > 0 \<and> (\<forall>x'\<in>s. dist x' x < y \<longrightarrow> dist (f x') (f x) < xa))" using assms(1)[unfolded continuous_on_def, THEN bspec[where x=x]] by auto
+ hence "\<exists>fa. \<forall>xa>0. \<forall>x'\<in>s. fa xa > 0 \<and> (dist x' x < fa xa \<longrightarrow> dist (f x') (f x) < xa)" using choice[of "\<lambda>e d. e>0 \<longrightarrow> d>0 \<and>(\<forall>x'\<in>s. (dist x' x < d \<longrightarrow> dist (f x') (f x) < e))"] by auto }
+ then have "\<forall>x\<in>s. \<exists>y. \<forall>xa. 0 < xa \<longrightarrow> (\<forall>x'\<in>s. y xa > 0 \<and> (dist x' x < y xa \<longrightarrow> dist (f x') (f x) < xa))" by auto
+ then obtain d where d:"\<forall>e>0. \<forall>x\<in>s. \<forall>x'\<in>s. d x e > 0 \<and> (dist x' x < d x e \<longrightarrow> dist (f x') (f x) < e)"
+ using bchoice[of s "\<lambda>x fa. \<forall>xa>0. \<forall>x'\<in>s. fa xa > 0 \<and> (dist x' x < fa xa \<longrightarrow> dist (f x') (f x) < xa)"] by blast
+
+ { fix e::real assume "e>0"
+
+ { fix x assume "x\<in>s" hence "x \<in> ball x (d x (e / 2))" unfolding centre_in_ball using d[THEN spec[where x="e/2"]] using `e>0` by auto }
+ hence "s \<subseteq> \<Union>{ball x (d x (e / 2)) |x. x \<in> s}" unfolding subset_eq by auto
+ moreover
+ { fix b assume "b\<in>{ball x (d x (e / 2)) |x. x \<in> s}" hence "open b" by auto }
+ ultimately obtain ea where "ea>0" and ea:"\<forall>x\<in>s. \<exists>b\<in>{ball x (d x (e / 2)) |x. x \<in> s}. ball x ea \<subseteq> b" using heine_borel_lemma[OF assms(2), of "{ball x (d x (e / 2)) | x. x\<in>s }"] by auto
+
+ { fix x y assume "x\<in>s" "y\<in>s" and as:"dist y x < ea"
+ obtain z where "z\<in>s" and z:"ball x ea \<subseteq> ball z (d z (e / 2))" using ea[THEN bspec[where x=x]] and `x\<in>s` by auto
+ hence "x\<in>ball z (d z (e / 2))" using `ea>0` unfolding subset_eq by auto
+ hence "dist (f z) (f x) < e / 2" using d[THEN spec[where x="e/2"]] and `e>0` and `x\<in>s` and `z\<in>s`
+ by (auto simp add: dist_sym)
+ moreover have "y\<in>ball z (d z (e / 2))" using as and `ea>0` and z[unfolded subset_eq]
+ by (auto simp add: dist_sym)
+ hence "dist (f z) (f y) < e / 2" using d[THEN spec[where x="e/2"]] and `e>0` and `y\<in>s` and `z\<in>s`
+ by (auto simp add: dist_sym)
+ ultimately have "dist (f y) (f x) < e" using dist_triangle_half_r[of "f z" "f x" e "f y"]
+ by (auto simp add: dist_sym) }
+ then have "\<exists>d>0. \<forall>x\<in>s. \<forall>x'\<in>s. dist x' x < d \<longrightarrow> dist (f x') (f x) < e" using `ea>0` by auto }
+ thus ?thesis unfolding uniformly_continuous_on_def by auto
+qed
+
+text{* Continuity of inverse function on compact domain. *}
+
+lemma continuous_on_inverse:
+ assumes "continuous_on s f" "compact s" "\<forall>x \<in> s. g (f x) = x"
+ shows "continuous_on (f ` s) g"
+proof-
+ have *:"g ` f ` s = s" using assms(3) by (auto simp add: image_iff)
+ { fix t assume t:"closedin (subtopology euclidean (g ` f ` s)) t"
+ then obtain T where T: "closed T" "t = s \<inter> T" unfolding closedin_closed unfolding * by auto
+ have "continuous_on (s \<inter> T) f" using continuous_on_subset[OF assms(1), of "s \<inter> t"]
+ unfolding T(2) and Int_left_absorb by auto
+ moreover have "compact (s \<inter> T)"
+ using assms(2) unfolding compact_eq_bounded_closed
+ using bounded_subset[of s "s \<inter> T"] and T(1) by auto
+ ultimately have "closed (f ` t)" using T(1) unfolding T(2)
+ using compact_continuous_image unfolding compact_eq_bounded_closed by auto
+ moreover have "{x \<in> f ` s. g x \<in> t} = f ` s \<inter> f ` t" using assms(3) unfolding T(2) by auto
+ ultimately have "closedin (subtopology euclidean (f ` s)) {x \<in> f ` s. g x \<in> t}"
+ unfolding closedin_closed by auto }
+ thus ?thesis unfolding continuous_on_closed by auto
+qed
+
+subsection{* A uniformly convergent limit of continuous functions is continuous. *}
+
+lemma continuous_uniform_limit:
+ assumes "\<not> (trivial_limit net)" "eventually (\<lambda>n. continuous_on s (f n)) net"
+ "\<forall>e>0. eventually (\<lambda>n. \<forall>x \<in> s. norm(f n x - g x) < e) net"
+ shows "continuous_on s g"
+proof-
+ { fix x and e::real assume "x\<in>s" "e>0"
+ have "eventually (\<lambda>n. \<forall>x\<in>s. norm (f n x - g x) < e / 3) net" using `e>0` assms(3)[THEN spec[where x="e/3"]] by auto
+ then obtain n where n:"\<forall>xa\<in>s. norm (f n xa - g xa) < e / 3" "continuous_on s (f n)"
+ using eventually_and[of "(\<lambda>n. \<forall>x\<in>s. norm (f n x - g x) < e / 3)" "(\<lambda>n. continuous_on s (f n))" net] assms(1,2) eventually_happens by blast
+ have "e / 3 > 0" using `e>0` by auto
+ then obtain d where "d>0" and d:"\<forall>x'\<in>s. dist x' x < d \<longrightarrow> dist (f n x') (f n x) < e / 3"
+ using n(2)[unfolded continuous_on_def, THEN bspec[where x=x], OF `x\<in>s`, THEN spec[where x="e/3"]] by blast
+ { fix y assume "y\<in>s" "dist y x < d"
+ hence "dist (f n y) (f n x) < e / 3" using d[THEN bspec[where x=y]] by auto
+ hence "norm (f n y - g x) < 2 * e / 3" using norm_triangle_lt[of "f n y - f n x" "f n x - g x" "2*e/3"]
+ using n(1)[THEN bspec[where x=x], OF `x\<in>s`] unfolding dist_def unfolding ab_group_add_class.ab_diff_minus by auto
+ hence "dist (g y) (g x) < e" unfolding dist_def using n(1)[THEN bspec[where x=y], OF `y\<in>s`]
+ unfolding norm_minus_cancel[of "f n y - g y", THEN sym] using norm_triangle_lt[of "f n y - g x" "g y - f n y" e] by (auto simp add: uminus_add_conv_diff) }
+ hence "\<exists>d>0. \<forall>x'\<in>s. dist x' x < d \<longrightarrow> dist (g x') (g x) < e" using `d>0` by auto }
+ thus ?thesis unfolding continuous_on_def by auto
+qed
+
+subsection{* Topological properties of linear functions. *}
+
+lemma linear_lim_0: fixes f::"real^'a \<Rightarrow> real^'b"
+ assumes "linear f" shows "(f ---> 0) (at (0))"
+proof-
+ obtain B where "B>0" and B:"\<forall>x. norm (f x) \<le> B * norm x" using linear_bounded_pos[OF assms] by auto
+ { fix e::real assume "e>0"
+ { fix x::"real^'a" assume "norm x < e / B"
+ hence "B * norm x < e" using `B>0` using mult_strict_right_mono[of "norm x" " e / B" B] unfolding real_mult_commute by auto
+ hence "norm (f x) < e" using B[THEN spec[where x=x]] `B>0` using order_le_less_trans[of "norm (f x)" "B * norm x" e] by auto }
+ moreover have "e / B > 0" using `e>0` `B>0` divide_pos_pos by auto
+ ultimately have "\<exists>d>0. \<forall>x. 0 < dist x 0 \<and> dist x 0 < d \<longrightarrow> dist (f x) 0 < e" unfolding dist_def by auto }
+ thus ?thesis unfolding Lim_at by auto
+qed
+
+lemma linear_continuous_at:
+ assumes "linear f" shows "continuous (at a) f"
+ unfolding continuous_at Lim_at_zero[of f "f a" a] using linear_lim_0[OF assms]
+ unfolding Lim_null[of "\<lambda>x. f (a + x)"] unfolding linear_sub[OF assms, THEN sym] by auto
+
+lemma linear_continuous_within:
+ "linear f ==> continuous (at x within s) f"
+ using continuous_at_imp_continuous_within[of x f s] using linear_continuous_at[of f] by auto
+
+lemma linear_continuous_on:
+ "linear f ==> continuous_on s f"
+ using continuous_at_imp_continuous_on[of s f] using linear_continuous_at[of f] by auto
+
+text{* Also bilinear functions, in composition form. *}
+
+lemma bilinear_continuous_at_compose:
+ "continuous (at x) f \<Longrightarrow> continuous (at x) g \<Longrightarrow> bilinear h
+ ==> continuous (at x) (\<lambda>x. h (f x) (g x))"
+ unfolding continuous_at using Lim_bilinear[of f "f x" "(at x)" g "g x" h] by auto
+
+lemma bilinear_continuous_within_compose:
+ "continuous (at x within s) f \<Longrightarrow> continuous (at x within s) g \<Longrightarrow> bilinear h
+ ==> continuous (at x within s) (\<lambda>x. h (f x) (g x))"
+ unfolding continuous_within using Lim_bilinear[of f "f x"] by auto
+
+lemma bilinear_continuous_on_compose:
+ "continuous_on s f \<Longrightarrow> continuous_on s g \<Longrightarrow> bilinear h
+ ==> continuous_on s (\<lambda>x. h (f x) (g x))"
+ unfolding continuous_on_eq_continuous_within apply auto apply(erule_tac x=x in ballE) apply auto apply(erule_tac x=x in ballE) apply auto
+ using bilinear_continuous_within_compose[of _ s f g h] by auto
+
+subsection{* Topological stuff lifted from and dropped to R *}
+
+
+lemma open_vec1:
+ "open(vec1 ` s) \<longleftrightarrow>
+ (\<forall>x \<in> s. \<exists>e>0. \<forall>x'. abs(x' - x) < e --> x' \<in> s)" (is "?lhs = ?rhs")
+ unfolding open_def apply simp unfolding forall_vec1 dist_vec1 vec1_in_image_vec1 by simp
+
+lemma islimpt_approachable_vec1:
+ "(vec1 x) islimpt (vec1 ` s) \<longleftrightarrow>
+ (\<forall>e>0. \<exists>x'\<in> s. x' \<noteq> x \<and> abs(x' - x) < e)"
+ by (auto simp add: islimpt_approachable dist_vec1 vec1_eq)
+
+lemma closed_vec1:
+ "closed (vec1 ` s) \<longleftrightarrow>
+ (\<forall>x. (\<forall>e>0. \<exists>x' \<in> s. x' \<noteq> x \<and> abs(x' - x) < e)
+ --> x \<in> s)"
+ unfolding closed_limpt islimpt_approachable forall_vec1 apply simp
+ unfolding dist_vec1 vec1_in_image_vec1 abs_minus_commute by auto
+
+lemma continuous_at_vec1_range:
+ "continuous (at x) (vec1 o f) \<longleftrightarrow> (\<forall>e>0. \<exists>d>0.
+ \<forall>x'. norm(x' - x) < d --> abs(f x' - f x) < e)"
+ unfolding continuous_at unfolding Lim_at apply simp unfolding dist_vec1 unfolding dist_nz[THEN sym] unfolding dist_def apply auto
+ apply(erule_tac x=e in allE) apply auto apply (rule_tac x=d in exI) apply auto apply (erule_tac x=x' in allE) apply auto
+ apply(erule_tac x=e in allE) by auto
+
+lemma continuous_on_vec1_range:
+ " continuous_on s (vec1 o f) \<longleftrightarrow> (\<forall>x \<in> s. \<forall>e>0. \<exists>d>0. (\<forall>x' \<in> s. norm(x' - x) < d --> abs(f x' - f x) < e))"
+ unfolding continuous_on_def apply (simp del: dist_sym) unfolding dist_vec1 unfolding dist_def ..
+
+lemma continuous_at_vec1_norm:
+ "\<forall>x. continuous (at x) (vec1 o norm)"
+ unfolding continuous_at_vec1_range using real_abs_sub_norm order_le_less_trans by blast
+
+lemma continuous_on_vec1_norm:
+ "\<forall>s. continuous_on s (vec1 o norm)"
+unfolding continuous_on_vec1_range norm_vec1[THEN sym] by (metis norm_vec1 order_le_less_trans real_abs_sub_norm)
+
+lemma continuous_at_vec1_component:
+ assumes "1 \<le> i" "i \<le> dimindex(UNIV::('a set))"
+ shows "continuous (at (a::real^'a)) (\<lambda> x. vec1(x$i))"
+proof-
+ { fix e::real and x assume "0 < dist x a" "dist x a < e" "e>0"
+ hence "\<bar>x $ i - a $ i\<bar> < e" using component_le_norm[of i "x - a"] vector_minus_component[of i x a] assms unfolding dist_def by auto }
+ thus ?thesis unfolding continuous_at tendsto_def eventually_at dist_vec1 by auto
+qed
+
+lemma continuous_on_vec1_component:
+ assumes "i \<in> {1..dimindex (UNIV::'a set)}" shows "continuous_on s (\<lambda> x::real^'a. vec1(x$i))"
+proof-
+ { fix e::real and x xa assume "x\<in>s" "e>0" "xa\<in>s" "0 < norm (xa - x) \<and> norm (xa - x) < e"
+ hence "\<bar>xa $ i - x $ i\<bar> < e" using component_le_norm[of i "xa - x"] vector_minus_component[of i xa x] assms by auto }
+ thus ?thesis unfolding continuous_on Lim_within dist_vec1 unfolding dist_def by auto
+qed
+
+lemma continuous_at_vec1_infnorm:
+ "continuous (at x) (vec1 o infnorm)"
+ unfolding continuous_at Lim_at o_def unfolding dist_vec1 unfolding dist_def
+ apply auto apply (rule_tac x=e in exI) apply auto
+ using order_trans[OF real_abs_sub_infnorm infnorm_le_norm, of _ x] by (metis xt1(7))
+
+text{* Hence some handy theorems on distance, diameter etc. of/from a set. *}
+
+lemma compact_attains_sup:
+ assumes "compact (vec1 ` s)" "s \<noteq> {}"
+ shows "\<exists>x \<in> s. \<forall>y \<in> s. y \<le> x"
+proof-
+ from assms(1) have a:"bounded (vec1 ` s)" "closed (vec1 ` s)" unfolding compact_eq_bounded_closed by auto
+ { fix e::real assume as: "\<forall>x\<in>s. x \<le> rsup s" "rsup s \<notin> s" "0 < e" "\<forall>x'\<in>s. x' = rsup s \<or> \<not> rsup s - x' < e"
+ have "isLub UNIV s (rsup s)" using rsup[OF assms(2)] unfolding setle_def using as(1) by auto
+ moreover have "isUb UNIV s (rsup s - e)" unfolding isUb_def unfolding setle_def using as(4,2) by auto
+ ultimately have False using isLub_le_isUb[of UNIV s "rsup s" "rsup s - e"] using `e>0` by auto }
+ thus ?thesis using bounded_has_rsup(1)[OF a(1) assms(2)] using a(2)[unfolded closed_vec1, THEN spec[where x="rsup s"]]
+ apply(rule_tac x="rsup s" in bexI) by auto
+qed
+
+lemma compact_attains_inf:
+ assumes "compact (vec1 ` s)" "s \<noteq> {}" shows "\<exists>x \<in> s. \<forall>y \<in> s. x \<le> y"
+proof-
+ from assms(1) have a:"bounded (vec1 ` s)" "closed (vec1 ` s)" unfolding compact_eq_bounded_closed by auto
+ { fix e::real assume as: "\<forall>x\<in>s. x \<ge> rinf s" "rinf s \<notin> s" "0 < e"
+ "\<forall>x'\<in>s. x' = rinf s \<or> \<not> abs (x' - rinf s) < e"
+ have "isGlb UNIV s (rinf s)" using rinf[OF assms(2)] unfolding setge_def using as(1) by auto
+ moreover
+ { fix x assume "x \<in> s"
+ hence *:"abs (x - rinf s) = x - rinf s" using as(1)[THEN bspec[where x=x]] by auto
+ have "rinf s + e \<le> x" using as(4)[THEN bspec[where x=x]] using as(2) `x\<in>s` unfolding * by auto }
+ hence "isLb UNIV s (rinf s + e)" unfolding isLb_def and setge_def by auto
+ ultimately have False using isGlb_le_isLb[of UNIV s "rinf s" "rinf s + e"] using `e>0` by auto }
+ thus ?thesis using bounded_has_rinf(1)[OF a(1) assms(2)] using a(2)[unfolded closed_vec1, THEN spec[where x="rinf s"]]
+ apply(rule_tac x="rinf s" in bexI) by auto
+qed
+
+lemma continuous_attains_sup:
+ "compact s \<Longrightarrow> s \<noteq> {} \<Longrightarrow> continuous_on s (vec1 o f)
+ ==> (\<exists>x \<in> s. \<forall>y \<in> s. f y \<le> f x)"
+ using compact_attains_sup[of "f ` s"]
+ using compact_continuous_image[of s "vec1 \<circ> f"] unfolding image_compose by auto
+
+lemma continuous_attains_inf:
+ "compact s \<Longrightarrow> s \<noteq> {} \<Longrightarrow> continuous_on s (vec1 o f)
+ ==> (\<exists>x \<in> s. \<forall>y \<in> s. f x \<le> f y)"
+ using compact_attains_inf[of "f ` s"]
+ using compact_continuous_image[of s "vec1 \<circ> f"] unfolding image_compose by auto
+
+lemma distance_attains_sup:
+ assumes "compact s" "s \<noteq> {}"
+ shows "\<exists>x \<in> s. \<forall>y \<in> s. dist a y \<le> dist a x"
+proof-
+ { fix x assume "x\<in>s" fix e::real assume "e>0"
+ { fix x' assume "x'\<in>s" and as:"norm (x' - x) < e"
+ hence "\<bar>norm (x' - a) - norm (x - a)\<bar> < e"
+ using real_abs_sub_norm[of "x' - a" "x - a"] by auto }
+ hence "\<exists>d>0. \<forall>x'\<in>s. norm (x' - x) < d \<longrightarrow> \<bar>dist x' a - dist x a\<bar> < e" using `e>0` unfolding dist_def by auto }
+ thus ?thesis using assms
+ using continuous_attains_sup[of s "\<lambda>x. dist a x"]
+ unfolding continuous_on_vec1_range by (auto simp add: dist_sym)
+qed
+
+text{* For *minimal* distance, we only need closure, not compactness. *}
+
+lemma distance_attains_inf:
+ assumes "closed s" "s \<noteq> {}"
+ shows "\<exists>x \<in> s. \<forall>y \<in> s. dist a x \<le> dist a y"
+proof-
+ from assms(2) obtain b where "b\<in>s" by auto
+ let ?B = "cball a (dist b a) \<inter> s"
+ have "b \<in> ?B" using `b\<in>s` by (simp add: dist_sym)
+ hence "?B \<noteq> {}" by auto
+ moreover
+ { fix x assume "x\<in>?B"
+ fix e::real assume "e>0"
+ { fix x' assume "x'\<in>?B" and as:"norm (x' - x) < e"
+ hence "\<bar>norm (x' - a) - norm (x - a)\<bar> < e"
+ using real_abs_sub_norm[of "x' - a" "x - a"] by auto }
+ hence "\<exists>d>0. \<forall>x'\<in>?B. norm (x' - x) < d \<longrightarrow> \<bar>dist x' a - dist x a\<bar> < e" using `e>0` unfolding dist_def by auto }
+ hence "continuous_on (cball a (dist b a) \<inter> s) (vec1 \<circ> dist a)" unfolding continuous_on_vec1_range
+ by (auto simp add: dist_sym)
+ moreover have "compact ?B" using compact_cball[of a "dist b a"] unfolding compact_eq_bounded_closed using bounded_Int and closed_Int and assms(1) by auto
+ ultimately obtain x where "x\<in>cball a (dist b a) \<inter> s" "\<forall>y\<in>cball a (dist b a) \<inter> s. dist a x \<le> dist a y" using continuous_attains_inf[of ?B "dist a"] by fastsimp
+ thus ?thesis by fastsimp
+qed
+
+subsection{* We can now extend limit compositions to consider the scalar multiplier. *}
+
+lemma Lim_mul:
+ assumes "((vec1 o c) ---> vec1 d) net" "(f ---> l) net"
+ shows "((\<lambda>x. c(x) *s f x) ---> (d *s l)) net"
+proof-
+ have "bilinear (\<lambda>x. op *s (dest_vec1 (x::real^1)))" unfolding bilinear_def linear_def
+ unfolding dest_vec1_add dest_vec1_cmul
+ apply vector apply auto unfolding semiring_class.right_distrib semiring_class.left_distrib by auto
+ thus ?thesis using Lim_bilinear[OF assms, of "\<lambda>x y. (dest_vec1 x) *s y"] by auto
+qed
+
+lemma Lim_vmul:
+ "((vec1 o c) ---> vec1 d) net ==> ((\<lambda>x. c(x) *s v) ---> d *s v) net"
+ using Lim_mul[of c d net "\<lambda>x. v" v] using Lim_const[of v] by auto
+
+lemma continuous_vmul:
+ "continuous net (vec1 o c) ==> continuous net (\<lambda>x. c(x) *s v)"
+ unfolding continuous_def using Lim_vmul[of c] by auto
+
+lemma continuous_mul:
+ "continuous net (vec1 o c) \<Longrightarrow> continuous net f
+ ==> continuous net (\<lambda>x. c(x) *s f x) "
+ unfolding continuous_def using Lim_mul[of c] by auto
+
+lemma continuous_on_vmul:
+ "continuous_on s (vec1 o c) ==> continuous_on s (\<lambda>x. c(x) *s v)"
+ unfolding continuous_on_eq_continuous_within using continuous_vmul[of _ c] by auto
+
+lemma continuous_on_mul:
+ "continuous_on s (vec1 o c) \<Longrightarrow> continuous_on s f
+ ==> continuous_on s (\<lambda>x. c(x) *s f x)"
+ unfolding continuous_on_eq_continuous_within using continuous_mul[of _ c] by auto
+
+text{* And so we have continuity of inverse. *}
+
+lemma Lim_inv:
+ assumes "((vec1 o f) ---> vec1 l) (net::'a net)" "l \<noteq> 0"
+ shows "((vec1 o inverse o f) ---> vec1(inverse l)) net"
+proof(cases "trivial_limit net")
+ case True thus ?thesis unfolding tendsto_def unfolding eventually_def by auto
+next
+ case False note ntriv = this
+ { fix e::real assume "e>0"
+ hence "0 < min (\<bar>l\<bar> / 2) (l\<twosuperior> * e / 2)" using `l\<noteq>0` mult_pos_pos[of "l^2" "e/2"] by auto
+ then obtain y where y1:"\<exists>x. netord net x y" and
+ y:"\<forall>x. netord net x y \<longrightarrow> dist ((vec1 \<circ> f) x) (vec1 l) < min (\<bar>l\<bar> / 2) (l\<twosuperior> * e / 2)" using ntriv
+ using assms(1)[unfolded tendsto_def eventually_def, THEN spec[where x="min (abs l / 2) (l ^ 2 * e / 2)"]] by auto
+ { fix x assume "netord net x y"
+ hence *:"\<bar>f x - l\<bar> < min (\<bar>l\<bar> / 2) (l\<twosuperior> * e / 2)" using y[THEN spec[where x=x]] unfolding o_def dist_vec1 by auto
+ hence fx0:"f x \<noteq> 0" using `l \<noteq> 0` by auto
+ hence fxl0: "(f x) * l \<noteq> 0" using `l \<noteq> 0` by auto
+ from * have **:"\<bar>f x - l\<bar> < l\<twosuperior> * e / 2" by auto
+ have "\<bar>f x\<bar> * 2 \<ge> \<bar>l\<bar>" using * by (auto simp del: Arith_Tools.less_divide_eq_number_of1)
+ hence "\<bar>f x\<bar> * 2 * \<bar>l\<bar> \<ge> \<bar>l\<bar> * \<bar>l\<bar>" unfolding mult_le_cancel_right by auto
+ hence "\<bar>f x * l\<bar> * 2 \<ge> \<bar>l\<bar>^2" unfolding real_mult_commute and power2_eq_square by auto
+ hence ***:"inverse \<bar>f x * l\<bar> \<le> inverse (l\<twosuperior> / 2)" using fxl0
+ using le_imp_inverse_le[of "l^2 / 2" "\<bar>f x * l\<bar>"] by auto
+
+ have "dist ((vec1 \<circ> inverse \<circ> f) x) (vec1 (inverse l)) < e" unfolding o_def unfolding dist_vec1
+ unfolding inverse_diff_inverse[OF fx0 `l\<noteq>0`] apply simp
+ unfolding mult_commute[of "inverse (f x)"]
+ unfolding real_divide_def[THEN sym]
+ unfolding divide_divide_eq_left
+ unfolding nonzero_abs_divide[OF fxl0]
+ using mult_less_le_imp_less[OF **, of "inverse \<bar>f x * l\<bar>", of "inverse (l^2 / 2)"] using *** using fx0 `l\<noteq>0`
+ unfolding inverse_eq_divide using `e>0` by auto }
+ hence "(\<exists>y. (\<exists>x. netord net x y) \<and> (\<forall>x. netord net x y \<longrightarrow> dist ((vec1 \<circ> inverse \<circ> f) x) (vec1 (inverse l)) < e))"
+ using y1 by auto }
+ thus ?thesis unfolding tendsto_def eventually_def by auto
+qed
+
+lemma continuous_inv:
+ "continuous net (vec1 o f) \<Longrightarrow> f(netlimit net) \<noteq> 0
+ ==> continuous net (vec1 o inverse o f)"
+ unfolding continuous_def using Lim_inv by auto
+
+lemma continuous_at_within_inv:
+ assumes "continuous (at a within s) (vec1 o f)" "f a \<noteq> 0"
+ shows "continuous (at a within s) (vec1 o inverse o f)"
+proof(cases "trivial_limit (at a within s)")
+ case True thus ?thesis unfolding continuous_def tendsto_def eventually_def by auto
+next
+ case False note cs = this
+ thus ?thesis using netlimit_within[OF cs] assms(2) continuous_inv[OF assms(1)] by auto
+qed
+
+lemma continuous_at_inv:
+ "continuous (at a) (vec1 o f) \<Longrightarrow> f a \<noteq> 0
+ ==> continuous (at a) (vec1 o inverse o f) "
+ using within_UNIV[THEN sym, of a] using continuous_at_within_inv[of a UNIV] by auto
+
+subsection{* Preservation properties for pasted sets. *}
+
+lemma bounded_pastecart:
+ assumes "bounded s" "bounded t"
+ shows "bounded { pastecart x y | x y . (x \<in> s \<and> y \<in> t)}"
+proof-
+ obtain a b where ab:"\<forall>x\<in>s. norm x \<le> a" "\<forall>x\<in>t. norm x \<le> b" using assms[unfolded bounded_def] by auto
+ { fix x y assume "x\<in>s" "y\<in>t"
+ hence "norm x \<le> a" "norm y \<le> b" using ab by auto
+ hence "norm (pastecart x y) \<le> a + b" using norm_pastecart[of x y] by auto }
+ thus ?thesis unfolding bounded_def by auto
+qed
+
+lemma closed_pastecart:
+ assumes "closed s" "closed t"
+ shows "closed {pastecart x y | x y . x \<in> s \<and> y \<in> t}"
+proof-
+ { fix x l assume as:"\<forall>n::nat. x n \<in> {pastecart x y |x y. x \<in> s \<and> y \<in> t}" "(x ---> l) sequentially"
+ { fix n::nat have "fstcart (x n) \<in> s" "sndcart (x n) \<in> t" using as(1)[THEN spec[where x=n]] by auto } note * = this
+ moreover
+ { fix e::real assume "e>0"
+ then obtain N::nat where N:"\<forall>n\<ge>N. dist (x n) l < e" using as(2)[unfolded Lim_sequentially, THEN spec[where x=e]] by auto
+ { fix n::nat assume "n\<ge>N"
+ hence "dist (fstcart (x n)) (fstcart l) < e" "dist (sndcart (x n)) (sndcart l) < e"
+ using N[THEN spec[where x=n]] dist_fstcart[of "x n" l] dist_sndcart[of "x n" l] by auto }
+ hence "\<exists>N. \<forall>n\<ge>N. dist (fstcart (x n)) (fstcart l) < e" "\<exists>N. \<forall>n\<ge>N. dist (sndcart (x n)) (sndcart l) < e" by auto }
+ ultimately have "fstcart l \<in> s" "sndcart l \<in> t"
+ using assms(1)[unfolded closed_sequential_limits, THEN spec[where x="\<lambda>n. fstcart (x n)"], THEN spec[where x="fstcart l"]]
+ using assms(2)[unfolded closed_sequential_limits, THEN spec[where x="\<lambda>n. sndcart (x n)"], THEN spec[where x="sndcart l"]]
+ unfolding Lim_sequentially by auto
+ hence "l \<in> {pastecart x y |x y. x \<in> s \<and> y \<in> t}" using pastecart_fst_snd[THEN sym, of l] by auto }
+ thus ?thesis unfolding closed_sequential_limits by auto
+qed
+
+lemma compact_pastecart:
+ "compact s \<Longrightarrow> compact t ==> compact {pastecart x y | x y . x \<in> s \<and> y \<in> t}"
+ unfolding compact_eq_bounded_closed using bounded_pastecart[of s t] closed_pastecart[of s t] by auto
+
+text{* Hence some useful properties follow quite easily. *}
+
+lemma compact_scaling:
+ assumes "compact s" shows "compact ((\<lambda>x. c *s x) ` s)"
+proof-
+ let ?f = "\<lambda>x. c *s x"
+ have *:"linear ?f" unfolding linear_def vector_smult_assoc vector_add_ldistrib real_mult_commute by auto
+ show ?thesis using compact_continuous_image[of s ?f] continuous_at_imp_continuous_on[of s ?f]
+ using linear_continuous_at[OF *] assms by auto
+qed
+
+lemma compact_negations:
+ assumes "compact s" shows "compact ((\<lambda>x. -x) ` s)"
+proof-
+ have "uminus ` s = (\<lambda>x. -1 *s x) ` s" apply auto unfolding image_iff pth_3 by auto
+ thus ?thesis using compact_scaling[OF assms, of "-1"] by auto
+qed
+
+lemma compact_sums:
+ assumes "compact s" "compact t" shows "compact {x + y | x y. x \<in> s \<and> y \<in> t}"
+proof-
+ have *:"{x + y | x y. x \<in> s \<and> y \<in> t} =(\<lambda>z. fstcart z + sndcart z) ` {pastecart x y | x y. x \<in> s \<and> y \<in> t}"
+ apply auto unfolding image_iff apply(rule_tac x="pastecart xa y" in bexI) unfolding fstcart_pastecart sndcart_pastecart by auto
+ have "linear (\<lambda>z::real^('a, 'a) finite_sum. fstcart z + sndcart z)" unfolding linear_def
+ unfolding fstcart_add sndcart_add apply auto
+ unfolding vector_add_ldistrib fstcart_cmul[THEN sym] sndcart_cmul[THEN sym] by auto
+ hence "continuous_on {pastecart x y |x y. x \<in> s \<and> y \<in> t} (\<lambda>z. fstcart z + sndcart z)"
+ using continuous_at_imp_continuous_on linear_continuous_at by auto
+ thus ?thesis unfolding * using compact_continuous_image compact_pastecart[OF assms] by auto
+qed
+
+lemma compact_differences:
+ assumes "compact s" "compact t" shows "compact {x - y | x y. x \<in> s \<and> y \<in> t}"
+proof-
+ have "{x - y | x y::real^'a. x\<in>s \<and> y \<in> t} = {x + y | x y. x \<in> s \<and> y \<in> (uminus ` t)}"
+ apply auto apply(rule_tac x= xa in exI) apply auto apply(rule_tac x=xa in exI) by auto
+ thus ?thesis using compact_sums[OF assms(1) compact_negations[OF assms(2)]] by auto
+qed
+
+lemma compact_translation:
+ assumes "compact s" shows "compact ((\<lambda>x. a + x) ` s)"
+proof-
+ have "{x + y |x y. x \<in> s \<and> y \<in> {a}} = (\<lambda>x. a + x) ` s" by auto
+ thus ?thesis using compact_sums[OF assms compact_sing[of a]] by auto
+qed
+
+lemma compact_affinity:
+ assumes "compact s" shows "compact ((\<lambda>x. a + c *s x) ` s)"
+proof-
+ have "op + a ` op *s c ` s = (\<lambda>x. a + c *s x) ` s" by auto
+ thus ?thesis using compact_translation[OF compact_scaling[OF assms], of a c] by auto
+qed
+
+text{* Hence we get the following. *}
+
+lemma compact_sup_maxdistance:
+ assumes "compact s" "s \<noteq> {}"
+ shows "\<exists>x\<in>s. \<exists>y\<in>s. \<forall>u\<in>s. \<forall>v\<in>s. norm(u - v) \<le> norm(x - y)"
+proof-
+ have "{x - y | x y . x\<in>s \<and> y\<in>s} \<noteq> {}" using `s \<noteq> {}` by auto
+ then obtain x where x:"x\<in>{x - y |x y. x \<in> s \<and> y \<in> s}" "\<forall>y\<in>{x - y |x y. x \<in> s \<and> y \<in> s}. norm y \<le> norm x"
+ using compact_differences[OF assms(1) assms(1)]
+ using distance_attains_sup[unfolded dist_def, of "{x - y | x y . x\<in>s \<and> y\<in>s}" 0] by(auto simp add: norm_minus_cancel)
+ from x(1) obtain a b where "a\<in>s" "b\<in>s" "x = a - b" by auto
+ thus ?thesis using x(2)[unfolded `x = a - b`] by blast
+qed
+
+text{* We can state this in terms of diameter of a set. *}
+
+definition "diameter s = (if s = {} then 0::real else rsup {norm(x - y) | x y. x \<in> s \<and> y \<in> s})"
+
+lemma diameter_bounded:
+ assumes "bounded s"
+ shows "\<forall>x\<in>s. \<forall>y\<in>s. norm(x - y) \<le> diameter s"
+ "\<forall>d>0. d < diameter s --> (\<exists>x\<in>s. \<exists>y\<in>s. norm(x - y) > d)"
+proof-
+ let ?D = "{norm (x - y) |x y. x \<in> s \<and> y \<in> s}"
+ obtain a where a:"\<forall>x\<in>s. norm x \<le> a" using assms[unfolded bounded_def] by auto
+ { fix x y assume "x \<in> s" "y \<in> s"
+ hence "norm (x - y) \<le> 2 * a" using norm_triangle_ineq[of x "-y", unfolded norm_minus_cancel] a[THEN bspec[where x=x]] a[THEN bspec[where x=y]] by (auto simp add: ring_simps) }
+ note * = this
+ { fix x y assume "x\<in>s" "y\<in>s" hence "s \<noteq> {}" by auto
+ have lub:"isLub UNIV ?D (rsup ?D)" using * rsup[of ?D] using `s\<noteq>{}` unfolding setle_def by auto
+ have "norm(x - y) \<le> diameter s" unfolding diameter_def using `s\<noteq>{}` *[OF `x\<in>s` `y\<in>s`] `x\<in>s` `y\<in>s` isLubD1[OF lub] unfolding setle_def by auto }
+ moreover
+ { fix d::real assume "d>0" "d < diameter s"
+ hence "s\<noteq>{}" unfolding diameter_def by auto
+ hence lub:"isLub UNIV ?D (rsup ?D)" using * rsup[of ?D] unfolding setle_def by auto
+ have "\<exists>d' \<in> ?D. d' > d"
+ proof(rule ccontr)
+ assume "\<not> (\<exists>d'\<in>{norm (x - y) |x y. x \<in> s \<and> y \<in> s}. d < d')"
+ hence as:"\<forall>d'\<in>?D. d' \<le> d" apply auto apply(erule_tac x="norm (x - y)" in allE) by auto
+ hence "isUb UNIV ?D d" unfolding isUb_def unfolding setle_def by auto
+ thus False using `d < diameter s` `s\<noteq>{}` isLub_le_isUb[OF lub, of d] unfolding diameter_def by auto
+ qed
+ hence "\<exists>x\<in>s. \<exists>y\<in>s. norm(x - y) > d" by auto }
+ ultimately show "\<forall>x\<in>s. \<forall>y\<in>s. norm(x - y) \<le> diameter s"
+ "\<forall>d>0. d < diameter s --> (\<exists>x\<in>s. \<exists>y\<in>s. norm(x - y) > d)" by auto
+qed
+
+lemma diameter_bounded_bound:
+ "bounded s \<Longrightarrow> x \<in> s \<Longrightarrow> y \<in> s ==> norm(x - y) \<le> diameter s"
+ using diameter_bounded by blast
+
+lemma diameter_compact_attained:
+ assumes "compact s" "s \<noteq> {}"
+ shows "\<exists>x\<in>s. \<exists>y\<in>s. (norm(x - y) = diameter s)"
+proof-
+ have b:"bounded s" using assms(1) compact_eq_bounded_closed by auto
+ then obtain x y where xys:"x\<in>s" "y\<in>s" and xy:"\<forall>u\<in>s. \<forall>v\<in>s. norm (u - v) \<le> norm (x - y)" using compact_sup_maxdistance[OF assms] by auto
+ hence "diameter s \<le> norm (x - y)" using rsup_le[of "{norm (x - y) |x y. x \<in> s \<and> y \<in> s}" "norm (x - y)"]
+ unfolding setle_def and diameter_def by auto
+ thus ?thesis using diameter_bounded(1)[OF b, THEN bspec[where x=x], THEN bspec[where x=y], OF xys] and xys by auto
+qed
+
+text{* Related results with closure as the conclusion. *}
+
+lemma closed_scaling:
+ assumes "closed s" shows "closed ((\<lambda>x. c *s x) ` s)"
+proof(cases "s={}")
+ case True thus ?thesis by auto
+next
+ case False
+ show ?thesis
+ proof(cases "c=0")
+ have *:"(\<lambda>x. 0) ` s = {0}" using `s\<noteq>{}` by auto
+ case True thus ?thesis apply auto unfolding * using closed_sing by auto
+ next
+ case False
+ { fix x l assume as:"\<forall>n::nat. x n \<in> op *s c ` s" "(x ---> l) sequentially"
+ { fix n::nat have "(1 / c) *s x n \<in> s" using as(1)[THEN spec[where x=n]] using `c\<noteq>0` by (auto simp add: vector_smult_assoc) }
+ moreover
+ { fix e::real assume "e>0"
+ hence "0 < e *\<bar>c\<bar>" using `c\<noteq>0` mult_pos_pos[of e "abs c"] by auto
+ then obtain N where "\<forall>n\<ge>N. dist (x n) l < e * \<bar>c\<bar>" using as(2)[unfolded Lim_sequentially, THEN spec[where x="e * abs c"]] by auto
+ hence "\<exists>N. \<forall>n\<ge>N. dist ((1 / c) *s x n) ((1 / c) *s l) < e" unfolding dist_def unfolding vector_ssub_ldistrib[THEN sym] norm_mul
+ using mult_imp_div_pos_less[of "abs c" _ e] `c\<noteq>0` by auto }
+ hence "((\<lambda>n. (1 / c) *s x n) ---> (1 / c) *s l) sequentially" unfolding Lim_sequentially by auto
+ ultimately have "l \<in> op *s c ` s" using assms[unfolded closed_sequential_limits, THEN spec[where x="\<lambda>n. (1/c) *s x n"], THEN spec[where x="(1/c) *s l"]]
+ unfolding image_iff using `c\<noteq>0` apply(rule_tac x="(1 / c) *s l" in bexI) apply auto unfolding vector_smult_assoc by auto }
+ thus ?thesis unfolding closed_sequential_limits by auto
+ qed
+qed
+
+lemma closed_negations:
+ assumes "closed s" shows "closed ((\<lambda>x. -x) ` s)"
+ using closed_scaling[OF assms, of "-1"] unfolding pth_3 by auto
+
+lemma compact_closed_sums:
+ assumes "compact s" "closed t" shows "closed {x + y | x y. x \<in> s \<and> y \<in> t}"
+proof-
+ let ?S = "{x + y |x y. x \<in> s \<and> y \<in> t}"
+ { fix x l assume as:"\<forall>n. x n \<in> ?S" "(x ---> l) sequentially"
+ from as(1) obtain f where f:"\<forall>n. x n = fst (f n) + snd (f n)" "\<forall>n. fst (f n) \<in> s" "\<forall>n. snd (f n) \<in> t"
+ using choice[of "\<lambda>n y. x n = (fst y) + (snd y) \<and> fst y \<in> s \<and> snd y \<in> t"] by auto
+ obtain l' r where "l'\<in>s" and r:"\<forall>m n. m < n \<longrightarrow> r m < r n" and lr:"(((\<lambda>n. fst (f n)) \<circ> r) ---> l') sequentially"
+ using assms(1)[unfolded compact_def, THEN spec[where x="\<lambda> n. fst (f n)"]] using f(2) by auto
+ have "((\<lambda>n. snd (f (r n))) ---> l - l') sequentially"
+ using Lim_sub[OF lim_subsequence[OF r as(2)] lr] and f(1) unfolding o_def by auto
+ hence "l - l' \<in> t"
+ using assms(2)[unfolded closed_sequential_limits, THEN spec[where x="\<lambda> n. snd (f (r n))"], THEN spec[where x="l - l'"]]
+ using f(3) by auto
+ hence "l \<in> ?S" using `l' \<in> s` apply auto apply(rule_tac x=l' in exI) apply(rule_tac x="l - l'" in exI) by auto
+ }
+ thus ?thesis unfolding closed_sequential_limits by auto
+qed
+
+lemma closed_compact_sums:
+ assumes "closed s" "compact t"
+ shows "closed {x + y | x y. x \<in> s \<and> y \<in> t}"
+proof-
+ have "{x + y |x y. x \<in> t \<and> y \<in> s} = {x + y |x y. x \<in> s \<and> y \<in> t}" apply auto
+ apply(rule_tac x=y in exI) apply auto apply(rule_tac x=y in exI) by auto
+ thus ?thesis using compact_closed_sums[OF assms(2,1)] by simp
+qed
+
+lemma compact_closed_differences:
+ assumes "compact s" "closed t"
+ shows "closed {x - y | x y. x \<in> s \<and> y \<in> t}"
+proof-
+ have "{x + y |x y. x \<in> s \<and> y \<in> uminus ` t} = {x - y |x y. x \<in> s \<and> y \<in> t}"
+ apply auto apply(rule_tac x=xa in exI) apply auto apply(rule_tac x=xa in exI) by auto
+ thus ?thesis using compact_closed_sums[OF assms(1) closed_negations[OF assms(2)]] by auto
+qed
+
+lemma closed_compact_differences:
+ assumes "closed s" "compact t"
+ shows "closed {x - y | x y. x \<in> s \<and> y \<in> t}"
+proof-
+ have "{x + y |x y. x \<in> s \<and> y \<in> uminus ` t} = {x - y |x y. x \<in> s \<and> y \<in> t}"
+ apply auto apply(rule_tac x=xa in exI) apply auto apply(rule_tac x=xa in exI) by auto
+ thus ?thesis using closed_compact_sums[OF assms(1) compact_negations[OF assms(2)]] by simp
+qed
+
+lemma closed_translation:
+ assumes "closed s" shows "closed ((\<lambda>x. a + x) ` s)"
+proof-
+ have "{a + y |y. y \<in> s} = (op + a ` s)" by auto
+ thus ?thesis using compact_closed_sums[OF compact_sing[of a] assms] by auto
+qed
+
+lemma translation_UNIV:
+ "range (\<lambda>x::real^'a. a + x) = UNIV"
+ apply (auto simp add: image_iff) apply(rule_tac x="x - a" in exI) by auto
+
+lemma translation_diff: "(\<lambda>x::real^'a. a + x) ` (s - t) = ((\<lambda>x. a + x) ` s) - ((\<lambda>x. a + x) ` t)" by auto
+
+lemma closure_translation:
+ "closure ((\<lambda>x. a + x) ` s) = (\<lambda>x. a + x) ` (closure s)"
+proof-
+ have *:"op + a ` (UNIV - s) = UNIV - op + a ` s" apply auto unfolding image_iff apply(rule_tac x="x - a" in bexI) by auto
+ show ?thesis unfolding closure_interior translation_diff translation_UNIV using interior_translation[of a "UNIV - s"] unfolding * by auto
+qed
+
+lemma frontier_translation:
+ "frontier((\<lambda>x. a + x) ` s) = (\<lambda>x. a + x) ` (frontier s)"
+ unfolding frontier_def translation_diff interior_translation closure_translation by auto
+
+subsection{* Separation between points and sets. *}
+
+lemma separate_point_closed:
+ "closed s \<Longrightarrow> a \<notin> s ==> (\<exists>d>0. \<forall>x\<in>s. d \<le> dist a x)"
+proof(cases "s = {}")
+ case True
+ thus ?thesis by(auto intro!: exI[where x=1])
+next
+ case False
+ assume "closed s" "a \<notin> s"
+ then obtain x where "x\<in>s" "\<forall>y\<in>s. dist a x \<le> dist a y" using `s \<noteq> {}` distance_attains_inf [of s a] by blast
+ with `x\<in>s` show ?thesis using dist_pos_lt[of a x] and`a \<notin> s` by blast
+qed
+
+lemma separate_compact_closed:
+ assumes "compact s" and "closed t" and "s \<inter> t = {}"
+ shows "\<exists>d>0. \<forall>x\<in>s. \<forall>y\<in>t. d \<le> dist x y"
+proof-
+ have "0 \<notin> {x - y |x y. x \<in> s \<and> y \<in> t}" using assms(3) by auto
+ then obtain d where "d>0" and d:"\<forall>x\<in>{x - y |x y. x \<in> s \<and> y \<in> t}. d \<le> dist 0 x"
+ using separate_point_closed[OF compact_closed_differences[OF assms(1,2)], of 0] by auto
+ { fix x y assume "x\<in>s" "y\<in>t"
+ hence "x - y \<in> {x - y |x y. x \<in> s \<and> y \<in> t}" by auto
+ hence "d \<le> dist (x - y) 0" using d[THEN bspec[where x="x - y"]] using dist_sym
+ by (auto simp add: dist_sym)
+ hence "d \<le> dist x y" unfolding dist_def by auto }
+ thus ?thesis using `d>0` by auto
+qed
+
+lemma separate_closed_compact:
+ assumes "closed s" and "compact t" and "s \<inter> t = {}"
+ shows "\<exists>d>0. \<forall>x\<in>s. \<forall>y\<in>t. d \<le> dist x y"
+proof-
+ have *:"t \<inter> s = {}" using assms(3) by auto
+ show ?thesis using separate_compact_closed[OF assms(2,1) *]
+ apply auto apply(rule_tac x=d in exI) apply auto apply (erule_tac x=y in ballE)
+ by (auto simp add: dist_sym)
+qed
+
+(* A cute way of denoting open and closed intervals using overloading. *)
+
+lemma interval: fixes a :: "'a::ord^'n" shows
+ "{a <..< b} = {x::'a^'n. \<forall>i \<in> dimset a. a$i < x$i \<and> x$i < b$i}" and
+ "{a .. b} = {x::'a^'n. \<forall>i \<in> dimset a. a$i \<le> x$i \<and> x$i \<le> b$i}"
+ by (auto simp add: expand_set_eq vector_less_def vector_less_eq_def)
+
+lemma mem_interval:
+ "x \<in> {a<..<b} \<longleftrightarrow> (\<forall>i \<in> dimset a. a$i < x$i \<and> x$i < b$i)"
+ "x \<in> {a .. b} \<longleftrightarrow> (\<forall>i \<in> dimset a. a$i \<le> x$i \<and> x$i \<le> b$i)"
+ using interval[of a b]
+ by(auto simp add: expand_set_eq vector_less_def vector_less_eq_def)
+
+lemma interval_eq_empty: fixes a :: "real^'n" shows
+ "({a <..< b} = {} \<longleftrightarrow> (\<exists>i \<in> dimset a. b$i \<le> a$i))" (is ?th1) and
+ "({a .. b} = {} \<longleftrightarrow> (\<exists>i \<in> dimset a. b$i < a$i))" (is ?th2)
+proof-
+ { fix i x assume i:"i\<in>dimset a" and as:"b$i \<le> a$i" and x:"x\<in>{a <..< b}"
+ hence "a $ i < x $ i \<and> x $ i < b $ i" unfolding mem_interval by auto
+ hence "a$i < b$i" by auto
+ hence False using as by auto }
+ moreover
+ { assume as:"\<forall>i \<in> dimset a. \<not> (b$i \<le> a$i)"
+ let ?x = "(1/2) *s (a + b)"
+ { fix i assume i:"i\<in>dimset a"
+ hence "a$i < b$i" using as[THEN bspec[where x=i]] by auto
+ hence "a$i < ((1/2) *s (a+b)) $ i" "((1/2) *s (a+b)) $ i < b$i"
+ unfolding vector_smult_component[OF i] and vector_add_component[OF i]
+ by (auto simp add: Arith_Tools.less_divide_eq_number_of1) }
+ hence "{a <..< b} \<noteq> {}" using mem_interval(1)[of "?x" a b] by auto }
+ ultimately show ?th1 by blast
+
+ { fix i x assume i:"i\<in>dimset a" and as:"b$i < a$i" and x:"x\<in>{a .. b}"
+ hence "a $ i \<le> x $ i \<and> x $ i \<le> b $ i" unfolding mem_interval by auto
+ hence "a$i \<le> b$i" by auto
+ hence False using as by auto }
+ moreover
+ { assume as:"\<forall>i \<in> dimset a. \<not> (b$i < a$i)"
+ let ?x = "(1/2) *s (a + b)"
+ { fix i assume i:"i\<in>dimset a"
+ hence "a$i \<le> b$i" using as[THEN bspec[where x=i]] by auto
+ hence "a$i \<le> ((1/2) *s (a+b)) $ i" "((1/2) *s (a+b)) $ i \<le> b$i"
+ unfolding vector_smult_component[OF i] and vector_add_component[OF i]
+ by (auto simp add: Arith_Tools.less_divide_eq_number_of1) }
+ hence "{a .. b} \<noteq> {}" using mem_interval(2)[of "?x" a b] by auto }
+ ultimately show ?th2 by blast
+qed
+
+lemma interval_ne_empty: fixes a :: "real^'n" shows
+ "{a .. b} \<noteq> {} \<longleftrightarrow> (\<forall>i \<in> dimset a. a$i \<le> b$i)" and
+ "{a <..< b} \<noteq> {} \<longleftrightarrow> (\<forall>i \<in> dimset a. a$i < b$i)"
+ unfolding interval_eq_empty[of a b] by auto
+
+lemma subset_interval_imp: fixes a :: "real^'n" shows
+ "(\<forall>i \<in> dimset a. a$i \<le> c$i \<and> d$i \<le> b$i) \<Longrightarrow> {c .. d} \<subseteq> {a .. b}" and
+ "(\<forall>i \<in> dimset a. a$i < c$i \<and> d$i < b$i) \<Longrightarrow> {c .. d} \<subseteq> {a<..<b}" and
+ "(\<forall>i \<in> dimset a. a$i \<le> c$i \<and> d$i \<le> b$i) \<Longrightarrow> {c<..<d} \<subseteq> {a .. b}" and
+ "(\<forall>i \<in> dimset a. a$i \<le> c$i \<and> d$i \<le> b$i) \<Longrightarrow> {c<..<d} \<subseteq> {a<..<b}"
+ unfolding subset_eq[unfolded Ball_def] unfolding mem_interval by(auto elim!: ballE)
+
+lemma interval_sing: fixes a :: "'a::linorder^'n" shows
+ "{a .. a} = {a} \<and> {a<..<a} = {}"
+apply(auto simp add: expand_set_eq vector_less_def vector_less_eq_def Cart_eq)
+apply (simp only: order_eq_iff)
+using dimindex_ge_1[of "UNIV :: 'n set"]
+apply (auto simp add: not_less )
+apply (erule_tac x= 1 in ballE)
+apply (rule bexI[where x=1])
+apply auto
+done
+
+
+lemma interval_open_subset_closed: fixes a :: "'a::preorder^'n" shows
+ "{a<..<b} \<subseteq> {a .. b}"
+proof(simp add: subset_eq, rule)
+ fix x
+ assume x:"x \<in>{a<..<b}"
+ { fix i assume "i \<in> dimset a"
+ hence "a $ i \<le> x $ i"
+ using x order_less_imp_le[of "a$i" "x$i"]
+ by(simp add: expand_set_eq vector_less_def vector_less_eq_def Cart_eq)
+ }
+ moreover
+ { fix i assume "i \<in> dimset a"
+ hence "x $ i \<le> b $ i"
+ using x
+ using x order_less_imp_le[of "x$i" "b$i"]
+ by(simp add: expand_set_eq vector_less_def vector_less_eq_def Cart_eq)
+ }
+ ultimately
+ show "a \<le> x \<and> x \<le> b"
+ by(simp add: expand_set_eq vector_less_def vector_less_eq_def Cart_eq)
+qed
+
+lemma subset_interval: fixes a :: "real^'n" shows
+ "{c .. d} \<subseteq> {a .. b} \<longleftrightarrow> (\<forall>i \<in> dimset a. c$i \<le> d$i) --> (\<forall>i \<in> dimset a. a$i \<le> c$i \<and> d$i \<le> b$i)" (is ?th1) and
+ "{c .. d} \<subseteq> {a<..<b} \<longleftrightarrow> (\<forall>i \<in> dimset a. c$i \<le> d$i) --> (\<forall>i \<in> dimset a. a$i < c$i \<and> d$i < b$i)" (is ?th2) and
+ "{c<..<d} \<subseteq> {a .. b} \<longleftrightarrow> (\<forall>i \<in> dimset a. c$i < d$i) --> (\<forall>i \<in> dimset a. a$i \<le> c$i \<and> d$i \<le> b$i)" (is ?th3) and
+ "{c<..<d} \<subseteq> {a<..<b} \<longleftrightarrow> (\<forall>i \<in> dimset a. c$i < d$i) --> (\<forall>i \<in> dimset a. a$i \<le> c$i \<and> d$i \<le> b$i)" (is ?th4)
+proof-
+ show ?th1 unfolding subset_eq and Ball_def and mem_interval apply auto by(erule_tac x=xa in allE, simp)+
+ show ?th2 unfolding subset_eq and Ball_def and mem_interval apply auto by(erule_tac x=xa in allE, simp)+
+ { assume as: "{c<..<d} \<subseteq> {a .. b}" "\<forall>i \<in> dimset a. c$i < d$i"
+ hence "{c<..<d} \<noteq> {}" unfolding interval_eq_empty by auto
+ fix i assume i:"i \<in> dimset a"
+ (** TODO combine the following two parts as done in the HOL_light version. **)
+ { let ?x = "(\<chi> j. (if j=i then ((min (a$j) (d$j))+c$j)/2 else (c$j+d$j)/2))::real^'n"
+ assume as2: "a$i > c$i"
+ { fix j assume j:"j\<in>dimset a"
+ hence "c $ j < ?x $ j \<and> ?x $ j < d $ j" unfolding Cart_lambda_beta[THEN bspec[where x=j], OF j]
+ apply(cases "j=i") using as(2)[THEN bspec[where x=j], OF j]
+ by (auto simp add: Arith_Tools.less_divide_eq_number_of1 as2) }
+ hence "?x\<in>{c<..<d}" unfolding mem_interval by auto
+ moreover
+ have "?x\<notin>{a .. b}"
+ unfolding mem_interval apply auto apply(rule_tac x=i in bexI)
+ unfolding Cart_lambda_beta[THEN bspec[where x=i], OF i]
+ using as(2)[THEN bspec[where x=i], OF i] and as2 and i
+ by (auto simp add: Arith_Tools.less_divide_eq_number_of1)
+ ultimately have False using as by auto }
+ hence "a$i \<le> c$i" by(rule ccontr)auto
+ moreover
+ { let ?x = "(\<chi> j. (if j=i then ((max (b$j) (c$j))+d$j)/2 else (c$j+d$j)/2))::real^'n"
+ assume as2: "b$i < d$i"
+ { fix j assume j:"j\<in>dimset a"
+ hence "d $ j > ?x $ j \<and> ?x $ j > c $ j" unfolding Cart_lambda_beta[THEN bspec[where x=j], OF j]
+ apply(cases "j=i") using as(2)[THEN bspec[where x=j], OF j]
+ by (auto simp add: Arith_Tools.less_divide_eq_number_of1 as2) }
+ hence "?x\<in>{c<..<d}" unfolding mem_interval by auto
+ moreover
+ have "?x\<notin>{a .. b}"
+ unfolding mem_interval apply auto apply(rule_tac x=i in bexI)
+ unfolding Cart_lambda_beta[THEN bspec[where x=i], OF i]
+ using as(2)[THEN bspec[where x=i], OF i] and as2 and i
+ by (auto simp add: Arith_Tools.less_divide_eq_number_of1)
+ ultimately have False using as by auto }
+ hence "b$i \<ge> d$i" by(rule ccontr)auto
+ ultimately
+ have "a$i \<le> c$i \<and> d$i \<le> b$i" by auto
+ } note part1 = this
+ thus ?th3 unfolding subset_eq and Ball_def and mem_interval apply auto by(erule_tac x=xa in allE, simp)+
+ { assume as:"{c<..<d} \<subseteq> {a<..<b}" "\<forall>i \<in> dimset a. c$i < d$i"
+ fix i assume i:"i \<in> dimset a"
+ from as(1) have "{c<..<d} \<subseteq> {a..b}" using interval_open_subset_closed[of a b] by auto
+ hence "a$i \<le> c$i \<and> d$i \<le> b$i" using part1 and as(2) and i by auto } note * = this
+ thus ?th4 unfolding subset_eq and Ball_def and mem_interval apply auto by(erule_tac x=xa in allE, simp)+
+qed
+
+lemma disjoint_interval: fixes a::"real^'n" shows
+ "{a .. b} \<inter> {c .. d} = {} \<longleftrightarrow> (\<exists>i \<in> dimset a. (b$i < a$i \<or> d$i < c$i \<or> b$i < c$i \<or> d$i < a$i))" (is ?th1) and
+ "{a .. b} \<inter> {c<..<d} = {} \<longleftrightarrow> (\<exists>i \<in> dimset a. (b$i < a$i \<or> d$i \<le> c$i \<or> b$i \<le> c$i \<or> d$i \<le> a$i))" (is ?th2) and
+ "{a<..<b} \<inter> {c .. d} = {} \<longleftrightarrow> (\<exists>i \<in> dimset a. (b$i \<le> a$i \<or> d$i < c$i \<or> b$i \<le> c$i \<or> d$i \<le> a$i))" (is ?th3) and
+ "{a<..<b} \<inter> {c<..<d} = {} \<longleftrightarrow> (\<exists>i \<in> dimset a. (b$i \<le> a$i \<or> d$i \<le> c$i \<or> b$i \<le> c$i \<or> d$i \<le> a$i))" (is ?th4)
+proof-
+ let ?z = "(\<chi> i. ((max (a$i) (c$i)) + (min (b$i) (d$i))) / 2)::real^'n"
+ show ?th1 ?th2 ?th3 ?th4
+ unfolding expand_set_eq and Int_iff and empty_iff and mem_interval and ball_conj_distrib[THEN sym] and eq_False
+ by (auto simp add: Cart_lambda_beta' Arith_Tools.less_divide_eq_number_of1 intro!: bexI elim!: allE[where x="?z"])
+qed
+
+lemma inter_interval: fixes a :: "'a::linorder^'n" shows
+ "{a .. b} \<inter> {c .. d} = {(\<chi> i. max (a$i) (c$i)) .. (\<chi> i. min (b$i) (d$i))}"
+ unfolding expand_set_eq and Int_iff and mem_interval
+ by (auto simp add: Cart_lambda_beta' Arith_Tools.less_divide_eq_number_of1 intro!: bexI)
+
+(* Moved interval_open_subset_closed a bit upwards *)
+
+lemma open_interval_lemma: fixes x :: "real" shows
+ "a < x \<Longrightarrow> x < b ==> (\<exists>d>0. \<forall>x'. abs(x' - x) < d --> a < x' \<and> x' < b)"
+ by(rule_tac x="min (x - a) (b - x)" in exI, auto)
+
+lemma open_interval: fixes a :: "real^'n" shows "open {a<..<b}"
+proof-
+ { fix x assume x:"x\<in>{a<..<b}"
+ { fix i assume "i\<in>dimset x"
+ hence "\<exists>d>0. \<forall>x'. abs (x' - (x$i)) < d \<longrightarrow> a$i < x' \<and> x' < b$i"
+ using x[unfolded mem_interval, THEN bspec[where x=i]]
+ using open_interval_lemma[of "a$i" "x$i" "b$i"] by auto }
+
+ hence "\<forall>i\<in>dimset x. \<exists>d>0. \<forall>x'. abs (x' - (x$i)) < d \<longrightarrow> a$i < x' \<and> x' < b$i" by auto
+ then obtain d where d:"\<forall>i\<in>dimset x. 0 < d i \<and> (\<forall>x'. \<bar>x' - x $ i\<bar> < d i \<longrightarrow> a $ i < x' \<and> x' < b $ i)"
+ using bchoice[of "dimset x" "\<lambda>i d. d>0 \<and> (\<forall>x'. \<bar>x' - x $ i\<bar> < d \<longrightarrow> a $ i < x' \<and> x' < b $ i)"] by auto
+
+ let ?d = "Min (d ` dimset x)"
+ have **:"finite (d ` dimset x)" "d ` dimset x \<noteq> {}" using dimindex_ge_1[of "UNIV::'n set"] by auto
+ have "?d>0" unfolding Min_gr_iff[OF **] using d by auto
+ moreover
+ { fix x' assume as:"dist x' x < ?d"
+ { fix i assume i:"i \<in> dimset x"
+ have "\<bar>x'$i - x $ i\<bar> < d i"
+ using norm_bound_component_lt[OF as[unfolded dist_def], THEN bspec[where x=i], OF i]
+ unfolding vector_minus_component[OF i] and Min_gr_iff[OF **] using i by auto
+ hence "a $ i < x' $ i" "x' $ i < b $ i" using d[THEN bspec[where x=i], OF i] by auto }
+ hence "a < x' \<and> x' < b" unfolding vector_less_def by auto }
+ ultimately have "\<exists>e>0. \<forall>x'. dist x' x < e \<longrightarrow> x' \<in> {a<..<b}" by auto
+ }
+ thus ?thesis unfolding open_def using open_interval_lemma by auto
+qed
+
+lemma closed_interval: fixes a :: "real^'n" shows "closed {a .. b}"
+proof-
+ { fix x i assume i:"i\<in>dimset x" and as:"\<forall>e>0. \<exists>x'\<in>{a..b}. x' \<noteq> x \<and> dist x' x < e"(* and xab:"a$i > x$i \<or> b$i < x$i"*)
+ { assume xa:"a$i > x$i"
+ with as obtain y where y:"y\<in>{a..b}" "y \<noteq> x" "dist y x < a$i - x$i" by(erule_tac x="a$i - x$i" in allE)auto
+ hence False unfolding mem_interval and dist_def
+ using component_le_norm[OF i, of "y-x", unfolded vector_minus_component[OF i]] and i and xa by(auto elim!: ballE[where x=i])
+ } hence "a$i \<le> x$i" by(rule ccontr)auto
+ moreover
+ { assume xb:"b$i < x$i"
+ with as obtain y where y:"y\<in>{a..b}" "y \<noteq> x" "dist y x < x$i - b$i" by(erule_tac x="x$i - b$i" in allE)auto
+ hence False unfolding mem_interval and dist_def
+ using component_le_norm[OF i, of "y-x", unfolded vector_minus_component[OF i]] and i and xb by(auto elim!: ballE[where x=i])
+ } hence "x$i \<le> b$i" by(rule ccontr)auto
+ ultimately
+ have "a $ i \<le> x $ i \<and> x $ i \<le> b $ i" by auto }
+ thus ?thesis unfolding closed_limpt islimpt_approachable mem_interval by auto
+qed
+
+lemma interior_closed_interval: fixes a :: "real^'n" shows
+ "interior {a .. b} = {a<..<b}" (is "?L = ?R")
+proof(rule subset_antisym)
+ show "?R \<subseteq> ?L" using interior_maximal[OF interval_open_subset_closed open_interval] by auto
+next
+ { fix x assume "\<exists>T. open T \<and> x \<in> T \<and> T \<subseteq> {a..b}"
+ then obtain s where s:"open s" "x \<in> s" "s \<subseteq> {a..b}" by auto
+ then obtain e where "e>0" and e:"\<forall>x'. dist x' x < e \<longrightarrow> x' \<in> {a..b}" unfolding open_def and subset_eq by auto
+ { fix i assume i:"i\<in>dimset x"
+ have "dist (x - (e / 2) *s basis i) x < e"
+ "dist (x + (e / 2) *s basis i) x < e"
+ unfolding dist_def apply auto
+ unfolding norm_minus_cancel and norm_mul using norm_basis[OF i] and `e>0` by auto
+ hence "a $ i \<le> (x - (e / 2) *s basis i) $ i"
+ "(x + (e / 2) *s basis i) $ i \<le> b $ i"
+ using e[THEN spec[where x="x - (e/2) *s basis i"]]
+ and e[THEN spec[where x="x + (e/2) *s basis i"]]
+ unfolding mem_interval using i by auto
+ hence "a $ i < x $ i" and "x $ i < b $ i"
+ unfolding vector_minus_component[OF i] and vector_add_component[OF i]
+ unfolding vector_smult_component[OF i] and basis_component[OF i] using `e>0` by auto }
+ hence "x \<in> {a<..<b}" unfolding mem_interval by auto }
+ thus "?L \<subseteq> ?R" unfolding interior_def and subset_eq by auto
+qed
+
+lemma bounded_closed_interval: fixes a :: "real^'n" shows
+ "bounded {a .. b}"
+proof-
+ let ?b = "\<Sum>i\<in>dimset a. \<bar>a$i\<bar> + \<bar>b$i\<bar>"
+ { fix x::"real^'n" assume x:"\<forall>i\<in>dimset a. a $ i \<le> x $ i \<and> x $ i \<le> b $ i"
+ { fix i assume "i\<in>dimset a"
+ hence "\<bar>x$i\<bar> \<le> \<bar>a$i\<bar> + \<bar>b$i\<bar>" using x[THEN bspec[where x=i]] by auto }
+ hence "(\<Sum>i\<in>dimset a. \<bar>x $ i\<bar>) \<le> ?b" by(rule setsum_mono)auto
+ hence "norm x \<le> ?b" using norm_le_l1[of x] by auto }
+ thus ?thesis unfolding interval and bounded_def by auto
+qed
+
+lemma bounded_interval: fixes a :: "real^'n" shows
+ "bounded {a .. b} \<and> bounded {a<..<b}"
+ using bounded_closed_interval[of a b]
+ using interval_open_subset_closed[of a b]
+ using bounded_subset[of "{a..b}" "{a<..<b}"]
+ by simp
+
+lemma not_interval_univ: fixes a :: "real^'n" shows
+ "({a .. b} \<noteq> UNIV) \<and> ({a<..<b} \<noteq> UNIV)"
+ using bounded_interval[of a b]
+ by auto
+
+lemma compact_interval: fixes a :: "real^'n" shows
+ "compact {a .. b}"
+ using bounded_closed_imp_compact using bounded_interval[of a b] using closed_interval[of a b] by auto
+
+lemma open_interval_midpoint: fixes a :: "real^'n"
+ assumes "{a<..<b} \<noteq> {}" shows "((1/2) *s (a + b)) \<in> {a<..<b}"
+proof-
+ { fix i assume i:"i\<in>dimset a"
+ hence "a $ i < ((1 / 2) *s (a + b)) $ i \<and> ((1 / 2) *s (a + b)) $ i < b $ i"
+ using assms[unfolded interval_ne_empty, THEN bspec[where x=i]]
+ unfolding vector_smult_component[OF i] and vector_add_component[OF i]
+ by(auto simp add: Arith_Tools.less_divide_eq_number_of1) }
+ thus ?thesis unfolding mem_interval by auto
+qed
+
+lemma open_closed_interval_convex: fixes x :: "real^'n"
+ assumes x:"x \<in> {a<..<b}" and y:"y \<in> {a .. b}" and e:"0 < e" "e \<le> 1"
+ shows "(e *s x + (1 - e) *s y) \<in> {a<..<b}"
+proof-
+ { fix i assume i:"i\<in>dimset a"
+ have "a $ i = e * a$i + (1 - e) * a$i" unfolding left_diff_distrib by simp
+ also have "\<dots> < e * x $ i + (1 - e) * y $ i" apply(rule add_less_le_mono)
+ using e unfolding mult_less_cancel_left and mult_le_cancel_left apply simp_all
+ using x i unfolding mem_interval apply(erule_tac x=i in ballE) apply simp_all
+ using y i unfolding mem_interval apply(erule_tac x=i in ballE) by simp_all
+ finally have "a $ i < (e *s x + (1 - e) *s y) $ i" using i by (auto simp add: vector_add_component vector_smult_component)
+ moreover {
+ have "b $ i = e * b$i + (1 - e) * b$i" unfolding left_diff_distrib by simp
+ also have "\<dots> > e * x $ i + (1 - e) * y $ i" apply(rule add_less_le_mono)
+ using e unfolding mult_less_cancel_left and mult_le_cancel_left apply simp_all
+ using x i unfolding mem_interval apply(erule_tac x=i in ballE) apply simp_all
+ using y i unfolding mem_interval apply(erule_tac x=i in ballE) by simp_all
+ finally have "(e *s x + (1 - e) *s y) $ i < b $ i" using i by (auto simp add: vector_add_component vector_smult_component)
+ } ultimately have "a $ i < (e *s x + (1 - e) *s y) $ i \<and> (e *s x + (1 - e) *s y) $ i < b $ i" by auto }
+ thus ?thesis unfolding mem_interval by auto
+qed
+
+lemma closure_open_interval: fixes a :: "real^'n"
+ assumes "{a<..<b} \<noteq> {}"
+ shows "closure {a<..<b} = {a .. b}"
+proof-
+ have ab:"a < b" using assms[unfolded interval_ne_empty] unfolding vector_less_def by auto
+ let ?c = "(1 / 2) *s (a + b)"
+ { fix x assume as:"x \<in> {a .. b}"
+ def f == "\<lambda>n::nat. x + (inverse (real n + 1)) *s (?c - x)"
+ { fix n assume fn:"f n < b \<longrightarrow> a < f n \<longrightarrow> f n = x" and xc:"x \<noteq> ?c"
+ have *:"0 < inverse (real n + 1)" "inverse (real n + 1) \<le> 1" unfolding inverse_le_1_iff by auto
+ have "inverse (real n + 1) *s (1 / 2) *s (a + b) + (1 - inverse (real n + 1)) *s x =
+ x + inverse (real n + 1) *s ((1 / 2) *s (a + b) - x)" by (auto simp add: vector_ssub_ldistrib vector_add_ldistrib field_simps vector_sadd_rdistrib[THEN sym])
+ hence "f n < b" and "a < f n" using open_closed_interval_convex[OF open_interval_midpoint[OF assms] as *] unfolding f_def by auto
+ hence False using fn unfolding f_def using xc by(auto simp add: vector_mul_lcancel vector_ssub_ldistrib) }
+ moreover
+ { assume "\<not> (f ---> x) sequentially"
+ { fix e::real assume "e>0"
+ hence "\<exists>N::nat. inverse (real (N + 1)) < e" using real_arch_inv[of e] apply (auto simp add: Suc_pred') apply(rule_tac x="n - 1" in exI) by auto
+ then obtain N::nat where "inverse (real (N + 1)) < e" by auto
+ hence "\<forall>n\<ge>N. inverse (real n + 1) < e" by (auto, metis Suc_le_mono le_SucE less_imp_inverse_less nat_le_real_less order_less_trans real_of_nat_Suc real_of_nat_Suc_gt_zero)
+ hence "\<exists>N::nat. \<forall>n\<ge>N. inverse (real n + 1) < e" by auto }
+ hence "((vec1 \<circ> (\<lambda>n. inverse (real n + 1))) ---> vec1 0) sequentially"
+ unfolding Lim_sequentially by(auto simp add: dist_vec1)
+ hence "(f ---> x) sequentially" unfolding f_def
+ using Lim_add[OF Lim_const, of "\<lambda>n::nat. (inverse (real n + 1)) *s ((1 / 2) *s (a + b) - x)" 0 sequentially x]
+ using Lim_vmul[of "\<lambda>n::nat. inverse (real n + 1)" 0 sequentially "((1 / 2) *s (a + b) - x)"] by auto }
+ ultimately have "x \<in> closure {a<..<b}"
+ using as and open_interval_midpoint[OF assms] unfolding closure_def unfolding islimpt_sequential by(cases "x=?c")auto }
+ thus ?thesis using closure_minimal[OF interval_open_subset_closed closed_interval, of a b] by blast
+qed
+
+lemma bounded_subset_open_interval_symmetric: fixes s::"(real^'n) set"
+ assumes "bounded s" shows "\<exists>a. s \<subseteq> {-a<..<a}"
+proof-
+ obtain b where "b>0" and b:"\<forall>x\<in>s. norm x \<le> b" using assms[unfolded bounded_pos] by auto
+ def a \<equiv> "(\<chi> i. b+1)::real^'n"
+ { fix x assume "x\<in>s"
+ fix i assume i:"i\<in>dimset a"
+ have "(-a)$i < x$i" and "x$i < a$i" using b[THEN bspec[where x=x], OF `x\<in>s`] and component_le_norm[OF i, of x]
+ unfolding vector_uminus_component[OF i] and a_def and Cart_lambda_beta'[OF i] by auto
+ }
+ thus ?thesis by(auto intro: exI[where x=a] simp add: vector_less_def)
+qed
+
+lemma bounded_subset_open_interval:
+ "bounded s ==> (\<exists>a b. s \<subseteq> {a<..<b})"
+ by(metis bounded_subset_open_interval_symmetric)
+
+lemma bounded_subset_closed_interval_symmetric:
+ assumes "bounded s" shows "\<exists>a. s \<subseteq> {-a .. a}"
+proof-
+ obtain a where "s \<subseteq> {- a<..<a}" using bounded_subset_open_interval_symmetric[OF assms] by auto
+ thus ?thesis using interval_open_subset_closed[of "-a" a] by auto
+qed
+
+lemma bounded_subset_closed_interval:
+ "bounded s ==> (\<exists>a b. s \<subseteq> {a .. b})"
+ using bounded_subset_closed_interval_symmetric[of s] by auto
+
+lemma frontier_closed_interval:
+ "frontier {a .. b} = {a .. b} - {a<..<b}"
+ unfolding frontier_def unfolding interior_closed_interval and closure_closed[OF closed_interval] ..
+
+lemma frontier_open_interval:
+ "frontier {a<..<b} = (if {a<..<b} = {} then {} else {a .. b} - {a<..<b})"
+proof(cases "{a<..<b} = {}")
+ case True thus ?thesis using frontier_empty by auto
+next
+ case False thus ?thesis unfolding frontier_def and closure_open_interval[OF False] and interior_open[OF open_interval] by auto
+qed
+
+lemma inter_interval_mixed_eq_empty: fixes a :: "real^'n"
+ assumes "{c<..<d} \<noteq> {}" shows "{a<..<b} \<inter> {c .. d} = {} \<longleftrightarrow> {a<..<b} \<inter> {c<..<d} = {}"
+ unfolding closure_open_interval[OF assms, THEN sym] unfolding open_inter_closure_eq_empty[OF open_interval] ..
+
+
+(* Some special cases for intervals in R^1. *)
+
+lemma dim1: "dimindex (UNIV::(1 set)) = 1"
+unfolding dimindex_def
+by simp
+
+lemma interval_cases_1: fixes x :: "real^1" shows
+ "x \<in> {a .. b} ==> x \<in> {a<..<b} \<or> (x = a) \<or> (x = b)"
+ by(simp add: Cart_eq vector_less_def vector_less_eq_def dim1, auto)
+
+lemma in_interval_1: fixes x :: "real^1" shows
+ "(x \<in> {a .. b} \<longleftrightarrow> dest_vec1 a \<le> dest_vec1 x \<and> dest_vec1 x \<le> dest_vec1 b) \<and>
+ (x \<in> {a<..<b} \<longleftrightarrow> dest_vec1 a < dest_vec1 x \<and> dest_vec1 x < dest_vec1 b)"
+by(simp add: Cart_eq vector_less_def vector_less_eq_def dim1 dest_vec1_def)
+
+lemma interval_eq_empty_1: fixes a :: "real^1" shows
+ "{a .. b} = {} \<longleftrightarrow> dest_vec1 b < dest_vec1 a"
+ "{a<..<b} = {} \<longleftrightarrow> dest_vec1 b \<le> dest_vec1 a"
+ unfolding interval_eq_empty and dim1 and dest_vec1_def by auto
+
+lemma subset_interval_1: fixes a :: "real^1" shows
+ "({a .. b} \<subseteq> {c .. d} \<longleftrightarrow> dest_vec1 b < dest_vec1 a \<or>
+ dest_vec1 c \<le> dest_vec1 a \<and> dest_vec1 a \<le> dest_vec1 b \<and> dest_vec1 b \<le> dest_vec1 d)"
+ "({a .. b} \<subseteq> {c<..<d} \<longleftrightarrow> dest_vec1 b < dest_vec1 a \<or>
+ dest_vec1 c < dest_vec1 a \<and> dest_vec1 a \<le> dest_vec1 b \<and> dest_vec1 b < dest_vec1 d)"
+ "({a<..<b} \<subseteq> {c .. d} \<longleftrightarrow> dest_vec1 b \<le> dest_vec1 a \<or>
+ dest_vec1 c \<le> dest_vec1 a \<and> dest_vec1 a < dest_vec1 b \<and> dest_vec1 b \<le> dest_vec1 d)"
+ "({a<..<b} \<subseteq> {c<..<d} \<longleftrightarrow> dest_vec1 b \<le> dest_vec1 a \<or>
+ dest_vec1 c \<le> dest_vec1 a \<and> dest_vec1 a < dest_vec1 b \<and> dest_vec1 b \<le> dest_vec1 d)"
+ unfolding subset_interval[of a b c d] unfolding forall_dimindex_1 and dest_vec1_def by auto
+
+lemma eq_interval_1: fixes a :: "real^1" shows
+ "{a .. b} = {c .. d} \<longleftrightarrow>
+ dest_vec1 b < dest_vec1 a \<and> dest_vec1 d < dest_vec1 c \<or>
+ dest_vec1 a = dest_vec1 c \<and> dest_vec1 b = dest_vec1 d"
+using set_eq_subset[of "{a .. b}" "{c .. d}"]
+using subset_interval_1(1)[of a b c d]
+using subset_interval_1(1)[of c d a b]
+by auto
+
+lemma disjoint_interval_1: fixes a :: "real^1" shows
+ "{a .. b} \<inter> {c .. d} = {} \<longleftrightarrow> dest_vec1 b < dest_vec1 a \<or> dest_vec1 d < dest_vec1 c \<or> dest_vec1 b < dest_vec1 c \<or> dest_vec1 d < dest_vec1 a"
+ "{a .. b} \<inter> {c<..<d} = {} \<longleftrightarrow> dest_vec1 b < dest_vec1 a \<or> dest_vec1 d \<le> dest_vec1 c \<or> dest_vec1 b \<le> dest_vec1 c \<or> dest_vec1 d \<le> dest_vec1 a"
+ "{a<..<b} \<inter> {c .. d} = {} \<longleftrightarrow> dest_vec1 b \<le> dest_vec1 a \<or> dest_vec1 d < dest_vec1 c \<or> dest_vec1 b \<le> dest_vec1 c \<or> dest_vec1 d \<le> dest_vec1 a"
+ "{a<..<b} \<inter> {c<..<d} = {} \<longleftrightarrow> dest_vec1 b \<le> dest_vec1 a \<or> dest_vec1 d \<le> dest_vec1 c \<or> dest_vec1 b \<le> dest_vec1 c \<or> dest_vec1 d \<le> dest_vec1 a"
+ unfolding disjoint_interval and dest_vec1_def and dim1 by auto
+
+lemma open_closed_interval_1: fixes a :: "real^1" shows
+ "{a<..<b} = {a .. b} - {a, b}"
+ unfolding expand_set_eq apply simp unfolding vector_less_def and vector_less_eq_def and dim1 and dest_vec1_eq[THEN sym] and dest_vec1_def by auto
+
+lemma closed_open_interval_1: "dest_vec1 (a::real^1) \<le> dest_vec1 b ==> {a .. b} = {a<..<b} \<union> {a,b}"
+ unfolding expand_set_eq apply simp unfolding vector_less_def and vector_less_eq_def and dim1 and dest_vec1_eq[THEN sym] and dest_vec1_def by auto
+
+(* Some stuff for half-infinite intervals too; FIXME: notation? *)
+
+lemma closed_interval_left: fixes b::"real^'n"
+ shows "closed {x::real^'n. \<forall>i \<in> dimset x. x$i \<le> b$i}"
+proof-
+ { fix i assume i:"i\<in>dimset b"
+ fix x::"real^'n" assume x:"\<forall>e>0. \<exists>x'\<in>{x. \<forall>i\<in>dimset b. x $ i \<le> b $ i}. x' \<noteq> x \<and> dist x' x < e"
+ { assume "x$i > b$i"
+ then obtain y where "y $ i \<le> b $ i" "y \<noteq> x" "dist y x < x$i - b$i" using x[THEN spec[where x="x$i - b$i"]] and i by (auto, erule_tac x=i in ballE)auto
+ hence False using component_le_norm[OF i, of "y - x"] unfolding dist_def and vector_minus_component[OF i] by auto }
+ hence "x$i \<le> b$i" by(rule ccontr)auto }
+ thus ?thesis unfolding closed_limpt unfolding islimpt_approachable by blast
+qed
+
+lemma closed_interval_right: fixes a::"real^'n"
+ shows "closed {x::real^'n. \<forall>i \<in> dimset x. a$i \<le> x$i}"
+proof-
+ { fix i assume i:"i\<in>dimset a"
+ fix x::"real^'n" assume x:"\<forall>e>0. \<exists>x'\<in>{x. \<forall>i\<in>dimset a. a $ i \<le> x $ i}. x' \<noteq> x \<and> dist x' x < e"
+ { assume "a$i > x$i"
+ then obtain y where "a $ i \<le> y $ i" "y \<noteq> x" "dist y x < a$i - x$i" using x[THEN spec[where x="a$i - x$i"]] and i by(auto, erule_tac x=i in ballE)auto
+ hence False using component_le_norm[OF i, of "y - x"] unfolding dist_def and vector_minus_component[OF i] by auto }
+ hence "a$i \<le> x$i" by(rule ccontr)auto }
+ thus ?thesis unfolding closed_limpt unfolding islimpt_approachable by blast
+qed
+
+subsection{* Intervals in general, including infinite and mixtures of open and closed. *}
+
+definition "is_interval s \<longleftrightarrow> (\<forall>a\<in>s. \<forall>b\<in>s. \<forall>x. a \<le> x \<and> x \<le> b \<longrightarrow> x \<in> s)"
+
+lemma is_interval_interval: fixes a::"real^'n" shows
+ "is_interval {a<..<b}" "is_interval {a .. b}"
+ unfolding is_interval_def apply(auto simp add: vector_less_def vector_less_eq_def)
+ apply(erule_tac x=i in ballE)+ apply simp+
+ apply(erule_tac x=i in ballE)+ apply simp+
+ apply(erule_tac x=i in ballE)+ apply simp+
+ apply(erule_tac x=i in ballE)+ apply simp+
+ done
+
+lemma is_interval_empty:
+ "is_interval {}"
+ unfolding is_interval_def
+ by simp
+
+lemma is_interval_univ:
+ "is_interval UNIV"
+ unfolding is_interval_def
+ by simp
+
+subsection{* Closure of halfspaces and hyperplanes. *}
+
+lemma Lim_vec1_dot: fixes f :: "real^'m \<Rightarrow> real^'n"
+ assumes "(f ---> l) net" shows "((vec1 o (\<lambda>y. a \<bullet> (f y))) ---> vec1(a \<bullet> l)) net"
+proof(cases "a = vec 0")
+ case True thus ?thesis using dot_lzero and Lim_const[of 0 net] unfolding vec1_vec and o_def by auto
+next
+ case False
+ { fix e::real
+ assume "0 < e" "\<forall>e>0. \<exists>y. (\<exists>x. netord net x y) \<and> (\<forall>x. netord net x y \<longrightarrow> dist l (f x) < e)"
+ then obtain x y where x:"netord net x y" and y:"\<forall>x. netord net x y \<longrightarrow> dist l (f x) < e / norm a" apply(erule_tac x="e / norm a" in allE) apply auto using False using norm_ge_zero[of a] apply auto
+ using divide_pos_pos[of e "norm a"] by auto
+ { fix z assume "netord net z y" hence "dist l (f z) < e / norm a" using y by blast
+ hence "norm a * norm (l - f z) < e" unfolding dist_def and
+ pos_less_divide_eq[OF False[unfolded vec_0 zero_less_norm_iff[of a, THEN sym]]] and real_mult_commute by auto
+ hence "\<bar>a \<bullet> l - a \<bullet> f z\<bar> < e" using order_le_less_trans[OF norm_cauchy_schwarz_abs[of a "l - f z"], of e] unfolding dot_rsub[symmetric] by auto }
+ hence "\<exists>y. (\<exists>x. netord net x y) \<and> (\<forall>x. netord net x y \<longrightarrow> \<bar>a \<bullet> l - a \<bullet> f x\<bar> < e)" using x by auto }
+ thus ?thesis using assms unfolding Lim apply (auto simp add: dist_sym)
+ unfolding dist_vec1 by auto
+qed
+
+lemma continuous_at_vec1_dot:
+ "continuous (at x) (vec1 o (\<lambda>y. a \<bullet> y))"
+proof-
+ have "((\<lambda>x. x) ---> x) (at x)" unfolding Lim_at by auto
+ thus ?thesis unfolding continuous_at and o_def using Lim_vec1_dot[of "\<lambda>x. x" x "at x" a] by auto
+qed
+
+lemma continuous_on_vec1_dot:
+ "continuous_on s (vec1 o (\<lambda>y. a \<bullet> y)) "
+ using continuous_at_imp_continuous_on[of s "vec1 o (\<lambda>y. a \<bullet> y)"]
+ using continuous_at_vec1_dot
+ by auto
+
+lemma closed_halfspace_le: fixes a::"real^'n"
+ shows "closed {x. a \<bullet> x \<le> b}"
+proof-
+ have *:"{x \<in> UNIV. (vec1 \<circ> op \<bullet> a) x \<in> vec1 ` {r. \<exists>x. a \<bullet> x = r \<and> r \<le> b}} = {x. a \<bullet> x \<le> b}" by auto
+ let ?T = "{x::real^1. (\<forall>i\<in>dimset x. x$i \<le> (vec1 b)$i)}"
+ have "closed ?T" using closed_interval_left[of "vec1 b"] by simp
+ moreover have "vec1 ` {r. \<exists>x. a \<bullet> x = r \<and> r \<le> b} = range (vec1 \<circ> op \<bullet> a) \<inter> ?T" unfolding dim1
+ unfolding image_def apply auto unfolding vec1_component[unfolded One_nat_def] by auto
+ ultimately have "\<exists>T. closed T \<and> vec1 ` {r. \<exists>x. a \<bullet> x = r \<and> r \<le> b} = range (vec1 \<circ> op \<bullet> a) \<inter> T" by auto
+ hence "closedin euclidean {x \<in> UNIV. (vec1 \<circ> op \<bullet> a) x \<in> vec1 ` {r. \<exists>x. a \<bullet> x = r \<and> r \<le> b}}"
+ using continuous_on_vec1_dot[of UNIV a, unfolded continuous_on_closed subtopology_UNIV] unfolding closedin_closed
+ by (auto elim!: allE[where x="vec1 ` {r. (\<exists>x. a \<bullet> x = r \<and> r \<le> b)}"])
+ thus ?thesis unfolding closed_closedin[THEN sym] and * by auto
+qed
+
+lemma closed_halfspace_ge: "closed {x. a \<bullet> x \<ge> b}"
+ using closed_halfspace_le[of "-a" "-b"] unfolding dot_lneg by auto
+
+lemma closed_hyperplane: "closed {x. a \<bullet> x = b}"
+proof-
+ have "{x. a \<bullet> x = b} = {x. a \<bullet> x \<ge> b} \<inter> {x. a \<bullet> x \<le> b}" by auto
+ thus ?thesis using closed_halfspace_le[of a b] and closed_halfspace_ge[of b a] using closed_Int by auto
+qed
+
+lemma closed_halfspace_component_le:
+ assumes "i \<in> {1 .. dimindex (UNIV::'n set)}" shows "closed {x::real^'n. x$i \<le> a}"
+ using closed_halfspace_le[of "(basis i)::real^'n" a] unfolding dot_basis[OF assms] by auto
+
+lemma closed_halfspace_component_ge:
+ assumes "i \<in> {1 .. dimindex (UNIV::'n set)}" shows "closed {x::real^'n. x$i \<ge> a}"
+ using closed_halfspace_ge[of a "(basis i)::real^'n"] unfolding dot_basis[OF assms] by auto
+
+text{* Openness of halfspaces. *}
+
+lemma open_halfspace_lt: "open {x. a \<bullet> x < b}"
+proof-
+ have "UNIV - {x. b \<le> a \<bullet> x} = {x. a \<bullet> x < b}" by auto
+ thus ?thesis using closed_halfspace_ge[unfolded closed_def, of b a] by auto
+qed
+
+lemma open_halfspace_gt: "open {x. a \<bullet> x > b}"
+proof-
+ have "UNIV - {x. b \<ge> a \<bullet> x} = {x. a \<bullet> x > b}" by auto
+ thus ?thesis using closed_halfspace_le[unfolded closed_def, of a b] by auto
+qed
+
+lemma open_halfspace_component_lt:
+ assumes "i \<in> {1 .. dimindex(UNIV::'n set)}" shows "open {x::real^'n. x$i < a}"
+ using open_halfspace_lt[of "(basis i)::real^'n" a] unfolding dot_basis[OF assms] by auto
+
+lemma open_halfspace_component_gt:
+ assumes "i \<in> {1 .. dimindex(UNIV::'n set)}" shows "open {x::real^'n. x$i > a}"
+ using open_halfspace_gt[of a "(basis i)::real^'n"] unfolding dot_basis[OF assms] by auto
+
+text{* This gives a simple derivation of limit component bounds. *}
+
+lemma Lim_component_le: fixes f :: "'a \<Rightarrow> real^'n"
+ assumes "(f ---> l) net" "\<not> (trivial_limit net)" "eventually (\<lambda>x. f(x)$i \<le> b) net"
+ and i:"i\<in> {1 .. dimindex(UNIV::'n set)}"
+ shows "l$i \<le> b"
+proof-
+ { fix x have "x \<in> {x::real^'n. basis i \<bullet> x \<le> b} \<longleftrightarrow> x$i \<le> b" unfolding dot_basis[OF i] by auto } note * = this
+ show ?thesis using Lim_in_closed_set[of "{x. basis i \<bullet> x \<le> b}" f net l] unfolding *
+ using closed_halfspace_le[of "(basis i)::real^'n" b] and assms(1,2,3) by auto
+qed
+
+lemma Lim_component_ge: fixes f :: "'a \<Rightarrow> real^'n"
+ assumes "(f ---> l) net" "\<not> (trivial_limit net)" "eventually (\<lambda>x. b \<le> (f x)$i) net"
+ and i:"i\<in> {1 .. dimindex(UNIV::'n set)}"
+ shows "b \<le> l$i"
+proof-
+ { fix x have "x \<in> {x::real^'n. basis i \<bullet> x \<ge> b} \<longleftrightarrow> x$i \<ge> b" unfolding dot_basis[OF i] by auto } note * = this
+ show ?thesis using Lim_in_closed_set[of "{x. basis i \<bullet> x \<ge> b}" f net l] unfolding *
+ using closed_halfspace_ge[of b "(basis i)::real^'n"] and assms(1,2,3) by auto
+qed
+
+lemma Lim_component_eq: fixes f :: "'a \<Rightarrow> real^'n"
+ assumes net:"(f ---> l) net" "~(trivial_limit net)" and ev:"eventually (\<lambda>x. f(x)$i = b) net"
+ and i:"i\<in> {1 .. dimindex(UNIV::'n set)}"
+ shows "l$i = b"
+ using ev[unfolded order_eq_iff eventually_and] using Lim_component_ge[OF net, of b i] and Lim_component_le[OF net, of i b] using i by auto
+
+lemma Lim_drop_le: fixes f :: "'a \<Rightarrow> real^1" shows
+ "(f ---> l) net \<Longrightarrow> ~(trivial_limit net) \<Longrightarrow> eventually (\<lambda>x. dest_vec1 (f x) \<le> b) net ==> dest_vec1 l \<le> b"
+ using Lim_component_le[of f l net 1 b] unfolding dest_vec1_def and dim1 by auto
+
+lemma Lim_drop_ge: fixes f :: "'a \<Rightarrow> real^1" shows
+ "(f ---> l) net \<Longrightarrow> ~(trivial_limit net) \<Longrightarrow> eventually (\<lambda>x. b \<le> dest_vec1 (f x)) net ==> b \<le> dest_vec1 l"
+ using Lim_component_ge[of f l net b 1] unfolding dest_vec1_def and dim1 by auto
+
+text{* Limits relative to a union. *}
+
+lemma Lim_within_union:
+ "(f ---> l) (at x within (s \<union> t)) \<longleftrightarrow>
+ (f ---> l) (at x within s) \<and> (f ---> l) (at x within t)"
+ unfolding Lim_within apply auto apply blast apply blast
+ apply(erule_tac x=e in allE)+ apply auto
+ apply(rule_tac x="min d da" in exI) by auto
+
+lemma continuous_on_union:
+ assumes "closed s" "closed t" "continuous_on s f" "continuous_on t f"
+ shows "continuous_on (s \<union> t) f"
+ using assms unfolding continuous_on unfolding Lim_within_union
+ unfolding Lim unfolding trivial_limit_within unfolding closed_limpt by auto
+
+lemma continuous_on_cases: fixes g :: "real^'m \<Rightarrow> real ^'n"
+ assumes "closed s" "closed t" "continuous_on s f" "continuous_on t g"
+ "\<forall>x. (x\<in>s \<and> \<not> P x) \<or> (x \<in> t \<and> P x) \<longrightarrow> f x = g x"
+ shows "continuous_on (s \<union> t) (\<lambda>x. if P x then f x else g x)"
+proof-
+ let ?h = "(\<lambda>x. if P x then f x else g x)"
+ have "\<forall>x\<in>s. f x = (if P x then f x else g x)" using assms(5) by auto
+ hence "continuous_on s ?h" using continuous_on_eq[of s f ?h] using assms(3) by auto
+ moreover
+ have "\<forall>x\<in>t. g x = (if P x then f x else g x)" using assms(5) by auto
+ hence "continuous_on t ?h" using continuous_on_eq[of t g ?h] using assms(4) by auto
+ ultimately show ?thesis using continuous_on_union[OF assms(1,2), of ?h] by auto
+qed
+
+
+text{* Some more convenient intermediate-value theorem formulations. *}
+
+lemma connected_ivt_hyperplane: fixes y :: "real^'n"
+ assumes "connected s" "x \<in> s" "y \<in> s" "a \<bullet> x \<le> b" "b \<le> a \<bullet> y"
+ shows "\<exists>z \<in> s. a \<bullet> z = b"
+proof(rule ccontr)
+ assume as:"\<not> (\<exists>z\<in>s. a \<bullet> z = b)"
+ let ?A = "{x::real^'n. a \<bullet> x < b}"
+ let ?B = "{x::real^'n. a \<bullet> x > b}"
+ have "open ?A" "open ?B" using open_halfspace_lt and open_halfspace_gt by auto
+ moreover have "?A \<inter> ?B = {}" by auto
+ moreover have "s \<subseteq> ?A \<union> ?B" using as by auto
+ ultimately show False using assms(1)[unfolded connected_def not_ex, THEN spec[where x="?A"], THEN spec[where x="?B"]] and assms(2-5) by auto
+qed
+
+lemma connected_ivt_component: fixes x::"real^'n" shows
+ "connected s \<Longrightarrow> x \<in> s \<Longrightarrow> y \<in> s \<Longrightarrow> k \<in> dimset x \<Longrightarrow> x$k \<le> a \<Longrightarrow> a \<le> y$k \<Longrightarrow> (\<exists>z\<in>s. z$k = a)"
+ using connected_ivt_hyperplane[of s x y "(basis k)::real^'n" a] by (auto simp add: dot_basis)
+
+text{* Also more convenient formulations of monotone convergence. *}
+
+lemma bounded_increasing_convergent: fixes s::"nat \<Rightarrow> real^1"
+ assumes "bounded {s n| n::nat. True}" "\<forall>n. dest_vec1(s n) \<le> dest_vec1(s(Suc n))"
+ shows "\<exists>l. (s ---> l) sequentially"
+proof-
+ obtain a where a:"\<forall>n. \<bar>dest_vec1 (s n)\<bar> \<le> a" using assms(1)[unfolded bounded_def abs_dest_vec1] by auto
+ { fix m::nat
+ have "\<And> n. n\<ge>m \<longrightarrow> dest_vec1 (s m) \<le> dest_vec1 (s n)"
+ apply(induct_tac n) apply simp using assms(2) apply(erule_tac x="na" in allE) by(auto simp add: not_less_eq_eq) }
+ hence "\<forall>m n. m \<le> n \<longrightarrow> dest_vec1 (s m) \<le> dest_vec1 (s n)" by auto
+ then obtain l where "\<forall>e>0. \<exists>N. \<forall>n\<ge>N. \<bar>dest_vec1 (s n) - l\<bar> < e" using convergent_bounded_monotone[OF a] by auto
+ thus ?thesis unfolding Lim_sequentially apply(rule_tac x="vec1 l" in exI)
+ unfolding dist_def unfolding abs_dest_vec1 and dest_vec1_sub by auto
+qed
+
+subsection{* Basic homeomorphism definitions. *}
+
+definition "homeomorphism s t f g \<equiv>
+ (\<forall>x\<in>s. (g(f x) = x)) \<and> (f ` s = t) \<and> continuous_on s f \<and>
+ (\<forall>y\<in>t. (f(g y) = y)) \<and> (g ` t = s) \<and> continuous_on t g"
+
+definition homeomorphic :: "((real^'a) set) \<Rightarrow> ((real^'b) set) \<Rightarrow> bool" (infixr "homeomorphic" 60) where
+ homeomorphic_def: "s homeomorphic t \<equiv> (\<exists>f g. homeomorphism s t f g)"
+
+lemma homeomorphic_refl: "s homeomorphic s"
+ unfolding homeomorphic_def
+ unfolding homeomorphism_def
+ using continuous_on_id
+ apply(rule_tac x = "(\<lambda>x::real^'a.x)" in exI)
+ apply(rule_tac x = "(\<lambda>x::real^'b.x)" in exI)
+ by blast
+
+lemma homeomorphic_sym:
+ "s homeomorphic t \<longleftrightarrow> t homeomorphic s"
+unfolding homeomorphic_def
+unfolding homeomorphism_def
+by blast
+
+lemma homeomorphic_trans:
+ assumes "s homeomorphic t" "t homeomorphic u" shows "s homeomorphic u"
+proof-
+ obtain f1 g1 where fg1:"\<forall>x\<in>s. g1 (f1 x) = x" "f1 ` s = t" "continuous_on s f1" "\<forall>y\<in>t. f1 (g1 y) = y" "g1 ` t = s" "continuous_on t g1"
+ using assms(1) unfolding homeomorphic_def homeomorphism_def by auto
+ obtain f2 g2 where fg2:"\<forall>x\<in>t. g2 (f2 x) = x" "f2 ` t = u" "continuous_on t f2" "\<forall>y\<in>u. f2 (g2 y) = y" "g2 ` u = t" "continuous_on u g2"
+ using assms(2) unfolding homeomorphic_def homeomorphism_def by auto
+
+ { fix x assume "x\<in>s" hence "(g1 \<circ> g2) ((f2 \<circ> f1) x) = x" using fg1(1)[THEN bspec[where x=x]] and fg2(1)[THEN bspec[where x="f1 x"]] and fg1(2) by auto }
+ moreover have "(f2 \<circ> f1) ` s = u" using fg1(2) fg2(2) by auto
+ moreover have "continuous_on s (f2 \<circ> f1)" using continuous_on_compose[OF fg1(3)] and fg2(3) unfolding fg1(2) by auto
+ moreover { fix y assume "y\<in>u" hence "(f2 \<circ> f1) ((g1 \<circ> g2) y) = y" using fg2(4)[THEN bspec[where x=y]] and fg1(4)[THEN bspec[where x="g2 y"]] and fg2(5) by auto }
+ moreover have "(g1 \<circ> g2) ` u = s" using fg1(5) fg2(5) by auto
+ moreover have "continuous_on u (g1 \<circ> g2)" using continuous_on_compose[OF fg2(6)] and fg1(6) unfolding fg2(5) by auto
+ ultimately show ?thesis unfolding homeomorphic_def homeomorphism_def apply(rule_tac x="f2 \<circ> f1" in exI) apply(rule_tac x="g1 \<circ> g2" in exI) by auto
+qed
+
+lemma homeomorphic_minimal:
+ "s homeomorphic t \<longleftrightarrow>
+ (\<exists>f g. (\<forall>x\<in>s. f(x) \<in> t \<and> (g(f(x)) = x)) \<and>
+ (\<forall>y\<in>t. g(y) \<in> s \<and> (f(g(y)) = y)) \<and>
+ continuous_on s f \<and> continuous_on t g)"
+unfolding homeomorphic_def homeomorphism_def
+apply auto apply (rule_tac x=f in exI) apply (rule_tac x=g in exI)
+apply auto apply (rule_tac x=f in exI) apply (rule_tac x=g in exI) apply auto
+unfolding image_iff
+apply(erule_tac x="g x" in ballE) apply(erule_tac x="x" in ballE)
+apply auto apply(rule_tac x="g x" in bexI) apply auto
+apply(erule_tac x="f x" in ballE) apply(erule_tac x="x" in ballE)
+apply auto apply(rule_tac x="f x" in bexI) by auto
+
+subsection{* Relatively weak hypotheses if a set is compact. *}
+
+definition "inv_on f s = (\<lambda>x. SOME y. y\<in>s \<and> f y = x)"
+
+lemma assumes "inj_on f s" "x\<in>s"
+ shows "inv_on f s (f x) = x"
+ using assms unfolding inj_on_def inv_on_def by auto
+
+lemma homeomorphism_compact:
+ assumes "compact s" "continuous_on s f" "f ` s = t" "inj_on f s"
+ shows "\<exists>g. homeomorphism s t f g"
+proof-
+ def g \<equiv> "\<lambda>x. SOME y. y\<in>s \<and> f y = x"
+ have g:"\<forall>x\<in>s. g (f x) = x" using assms(3) assms(4)[unfolded inj_on_def] unfolding g_def by auto
+ { fix y assume "y\<in>t"
+ then obtain x where x:"f x = y" "x\<in>s" using assms(3) by auto
+ hence "g (f x) = x" using g by auto
+ hence "f (g y) = y" unfolding x(1)[THEN sym] by auto }
+ hence g':"\<forall>x\<in>t. f (g x) = x" by auto
+ moreover
+ { fix x
+ have "x\<in>s \<Longrightarrow> x \<in> g ` t" using g[THEN bspec[where x=x]] unfolding image_iff using assms(3) by(auto intro!: bexI[where x="f x"])
+ moreover
+ { assume "x\<in>g ` t"
+ then obtain y where y:"y\<in>t" "g y = x" by auto
+ then obtain x' where x':"x'\<in>s" "f x' = y" using assms(3) by auto
+ hence "x \<in> s" unfolding g_def using someI2[of "\<lambda>b. b\<in>s \<and> f b = y" x' "\<lambda>x. x\<in>s"] unfolding y(2)[THEN sym] and g_def by auto }
+ ultimately have "x\<in>s \<longleftrightarrow> x \<in> g ` t" by auto }
+ hence "g ` t = s" by auto
+ ultimately
+ show ?thesis unfolding homeomorphism_def homeomorphic_def
+ apply(rule_tac x=g in exI) using g and assms(3) and continuous_on_inverse[OF assms(2,1), of g, unfolded assms(3)] and assms(2) by auto
+qed
+
+lemma homeomorphic_compact:
+ "compact s \<Longrightarrow> continuous_on s f \<Longrightarrow> (f ` s = t) \<Longrightarrow> inj_on f s
+ \<Longrightarrow> s homeomorphic t"
+ unfolding homeomorphic_def by(metis homeomorphism_compact)
+
+text{* Preservation of topological properties. *}
+
+lemma homeomorphic_compactness:
+ "s homeomorphic t ==> (compact s \<longleftrightarrow> compact t)"
+unfolding homeomorphic_def homeomorphism_def
+by (metis compact_continuous_image)
+
+text{* Results on translation, scaling etc. *}
+
+lemma homeomorphic_scaling:
+ assumes "c \<noteq> 0" shows "s homeomorphic ((\<lambda>x. c *s x) ` s)"
+ unfolding homeomorphic_minimal
+ apply(rule_tac x="\<lambda>x. c *s x" in exI)
+ apply(rule_tac x="\<lambda>x. (1 / c) *s x" in exI)
+ apply auto unfolding vector_smult_assoc using assms apply auto
+ using continuous_on_cmul[OF continuous_on_id] by auto
+
+lemma homeomorphic_translation:
+ "s homeomorphic ((\<lambda>x. a + x) ` s)"
+ unfolding homeomorphic_minimal
+ apply(rule_tac x="\<lambda>x. a + x" in exI)
+ apply(rule_tac x="\<lambda>x. -a + x" in exI)
+ using continuous_on_add[OF continuous_on_const continuous_on_id] by auto
+
+lemma homeomorphic_affinity:
+ assumes "c \<noteq> 0" shows "s homeomorphic ((\<lambda>x. a + c *s x) ` s)"
+proof-
+ have *:"op + a ` op *s c ` s = (\<lambda>x. a + c *s x) ` s" by auto
+ show ?thesis
+ using homeomorphic_trans
+ using homeomorphic_scaling[OF assms, of s]
+ using homeomorphic_translation[of "(\<lambda>x. c *s x) ` s" a] unfolding * by auto
+qed
+
+lemma homeomorphic_balls: fixes a b ::"real^'a"
+ assumes "0 < d" "0 < e"
+ shows "(ball a d) homeomorphic (ball b e)" (is ?th)
+ "(cball a d) homeomorphic (cball b e)" (is ?cth)
+proof-
+ have *:"\<bar>e / d\<bar> > 0" "\<bar>d / e\<bar> >0" using assms using divide_pos_pos by auto
+ show ?th unfolding homeomorphic_minimal
+ apply(rule_tac x="\<lambda>x. b + (e/d) *s (x - a)" in exI)
+ apply(rule_tac x="\<lambda>x. a + (d/e) *s (x - b)" in exI)
+ apply (auto simp add: dist_sym) unfolding dist_def and vector_smult_assoc using assms apply auto
+ unfolding norm_minus_cancel and norm_mul
+ using continuous_on_add[OF continuous_on_const continuous_on_cmul[OF continuous_on_sub[OF continuous_on_id continuous_on_const]]]
+ apply (auto simp add: dist_sym)
+ using pos_less_divide_eq[OF *(1), THEN sym] unfolding real_mult_commute[of _ "\<bar>e / d\<bar>"]
+ using pos_less_divide_eq[OF *(2), THEN sym] unfolding real_mult_commute[of _ "\<bar>d / e\<bar>"]
+ by (auto simp add: dist_sym)
+next
+ have *:"\<bar>e / d\<bar> > 0" "\<bar>d / e\<bar> >0" using assms using divide_pos_pos by auto
+ show ?cth unfolding homeomorphic_minimal
+ apply(rule_tac x="\<lambda>x. b + (e/d) *s (x - a)" in exI)
+ apply(rule_tac x="\<lambda>x. a + (d/e) *s (x - b)" in exI)
+ apply (auto simp add: dist_sym) unfolding dist_def and vector_smult_assoc using assms apply auto
+ unfolding norm_minus_cancel and norm_mul
+ using continuous_on_add[OF continuous_on_const continuous_on_cmul[OF continuous_on_sub[OF continuous_on_id continuous_on_const]]]
+ apply auto
+ using pos_le_divide_eq[OF *(1), THEN sym] unfolding real_mult_commute[of _ "\<bar>e / d\<bar>"]
+ using pos_le_divide_eq[OF *(2), THEN sym] unfolding real_mult_commute[of _ "\<bar>d / e\<bar>"]
+ by auto
+qed
+
+text{* "Isometry" (up to constant bounds) of injective linear map etc. *}
+
+lemma cauchy_isometric:
+ assumes e:"0 < e" and s:"subspace s" and f:"linear f" and normf:"\<forall>x\<in>s. norm(f x) \<ge> e * norm(x)" and xs:"\<forall>n::nat. x n \<in> s" and cf:"cauchy(f o x)"
+ shows "cauchy x"
+proof-
+ { fix d::real assume "d>0"
+ then obtain N where N:"\<forall>n\<ge>N. norm (f (x n) - f (x N)) < e * d"
+ using cf[unfolded cauchy o_def dist_def, THEN spec[where x="e*d"]] and e and mult_pos_pos[of e d] by auto
+ { fix n assume "n\<ge>N"
+ hence "norm (f (x n - x N)) < e * d" using N[THEN spec[where x=n]] unfolding linear_sub[OF f, THEN sym] by auto
+ moreover have "e * norm (x n - x N) \<le> norm (f (x n - x N))"
+ using subspace_sub[OF s, of "x n" "x N"] using xs[THEN spec[where x=N]] and xs[THEN spec[where x=n]]
+ using normf[THEN bspec[where x="x n - x N"]] by auto
+ ultimately have "norm (x n - x N) < d" using `e>0`
+ using mult_left_less_imp_less[of e "norm (x n - x N)" d] by auto }
+ hence "\<exists>N. \<forall>n\<ge>N. norm (x n - x N) < d" by auto }
+ thus ?thesis unfolding cauchy and dist_def by auto
+qed
+
+lemma complete_isometric_image:
+ assumes "0 < e" and s:"subspace s" and f:"linear f" and normf:"\<forall>x\<in>s. norm(f x) \<ge> e * norm(x)" and cs:"complete s"
+ shows "complete(f ` s)"
+proof-
+ { fix g assume as:"\<forall>n::nat. g n \<in> f ` s" and cfg:"cauchy g"
+ then obtain x where "\<forall>n. x n \<in> s \<and> g n = f (x n)" unfolding image_iff and Bex_def
+ using choice[of "\<lambda> n xa. xa \<in> s \<and> g n = f xa"] by auto
+ hence x:"\<forall>n. x n \<in> s" "\<forall>n. g n = f (x n)" by auto
+ hence "f \<circ> x = g" unfolding expand_fun_eq by auto
+ then obtain l where "l\<in>s" and l:"(x ---> l) sequentially"
+ using cs[unfolded complete_def, THEN spec[where x="x"]]
+ using cauchy_isometric[OF `0<e` s f normf] and cfg and x(1) by auto
+ hence "\<exists>l\<in>f ` s. (g ---> l) sequentially"
+ using linear_continuous_at[OF f, unfolded continuous_at_sequentially, THEN spec[where x=x], of l]
+ unfolding `f \<circ> x = g` by auto }
+ thus ?thesis unfolding complete_def by auto
+qed
+
+lemma dist_0_norm:"dist 0 x = norm x" unfolding dist_def by(auto simp add: norm_minus_cancel)
+
+lemma injective_imp_isometric: fixes f::"real^'m \<Rightarrow> real^'n"
+ assumes s:"closed s" "subspace s" and f:"linear f" "\<forall>x\<in>s. (f x = 0) \<longrightarrow> (x = 0)"
+ shows "\<exists>e>0. \<forall>x\<in>s. norm (f x) \<ge> e * norm(x)"
+proof(cases "s \<subseteq> {0::real^'m}")
+ case True
+ { fix x assume "x \<in> s"
+ hence "x = 0" using True by auto
+ hence "norm x \<le> norm (f x)" by auto }
+ thus ?thesis by(auto intro!: exI[where x=1])
+next
+ case False
+ then obtain a where a:"a\<noteq>0" "a\<in>s" by auto
+ from False have "s \<noteq> {}" by auto
+ let ?S = "{f x| x. (x \<in> s \<and> norm x = norm a)}"
+ let ?S' = "{x::real^'m. x\<in>s \<and> norm x = norm a}"
+ let ?S'' = "{x::real^'m. norm x = norm a}"
+
+ have "?S'' = frontier(cball 0 (norm a))" unfolding frontier_cball and dist_def by (auto simp add: norm_minus_cancel)
+ hence "compact ?S''" using compact_frontier[OF compact_cball, of 0 "norm a"] by auto
+ moreover have "?S' = s \<inter> ?S''" by auto
+ ultimately have "compact ?S'" using closed_inter_compact[of s ?S''] using s(1) by auto
+ moreover have *:"f ` ?S' = ?S" by auto
+ ultimately have "compact ?S" using compact_continuous_image[OF linear_continuous_on[OF f(1)], of ?S'] by auto
+ hence "closed ?S" using compact_imp_closed by auto
+ moreover have "?S \<noteq> {}" using a by auto
+ ultimately obtain b' where "b'\<in>?S" "\<forall>y\<in>?S. norm b' \<le> norm y" using distance_attains_inf[of ?S 0] unfolding dist_0_norm by auto
+ then obtain b where "b\<in>s" and ba:"norm b = norm a" and b:"\<forall>x\<in>{x \<in> s. norm x = norm a}. norm (f b) \<le> norm (f x)" unfolding *[THEN sym] unfolding image_iff by auto
+
+ let ?e = "norm (f b) / norm b"
+ have "norm b > 0" using ba and a and norm_ge_zero by auto
+ moreover have "norm (f b) > 0" using f(2)[THEN bspec[where x=b], OF `b\<in>s`] using `norm b >0` unfolding zero_less_norm_iff by auto
+ ultimately have "0 < norm (f b) / norm b" by(simp only: divide_pos_pos)
+ moreover
+ { fix x assume "x\<in>s"
+ hence "norm (f b) / norm b * norm x \<le> norm (f x)"
+ proof(cases "x=0")
+ case True thus "norm (f b) / norm b * norm x \<le> norm (f x)" by auto
+ next
+ case False
+ hence *:"0 < norm a / norm x" using `a\<noteq>0` unfolding zero_less_norm_iff[THEN sym] by(simp only: divide_pos_pos)
+ have "\<forall>c. \<forall>x\<in>s. c *s x \<in> s" using s[unfolded subspace_def] by auto
+ hence "(norm a / norm x) *s x \<in> {x \<in> s. norm x = norm a}" using `x\<in>s` and `x\<noteq>0` by auto
+ thus "norm (f b) / norm b * norm x \<le> norm (f x)" using b[THEN bspec[where x="(norm a / norm x) *s x"]]
+ unfolding linear_cmul[OF f(1)] and norm_mul and ba using `x\<noteq>0` `a\<noteq>0`
+ by (auto simp add: real_mult_commute pos_le_divide_eq pos_divide_le_eq)
+ qed }
+ ultimately
+ show ?thesis by auto
+qed
+
+lemma closed_injective_image_subspace:
+ assumes "subspace s" "linear f" "\<forall>x\<in>s. f x = 0 --> x = 0" "closed s"
+ shows "closed(f ` s)"
+proof-
+ obtain e where "e>0" and e:"\<forall>x\<in>s. e * norm x \<le> norm (f x)" using injective_imp_isometric[OF assms(4,1,2,3)] by auto
+ show ?thesis using complete_isometric_image[OF `e>0` assms(1,2) e] and assms(4)
+ unfolding complete_eq_closed[THEN sym] by auto
+qed
+
+subsection{* Some properties of a canonical subspace. *}
+
+lemma subspace_substandard:
+ "subspace {x::real^'n. (\<forall>i \<in> dimset x. d < i \<longrightarrow> x$i = 0)}"
+ unfolding subspace_def by(auto simp add: vector_add_component vector_smult_component elim!: ballE)
+
+lemma closed_substandard:
+ "closed {x::real^'n. \<forall>i \<in> dimset x. d < i --> x$i = 0}" (is "closed ?A")
+proof-
+ let ?D = "{Suc d..dimindex(UNIV::('n set))}"
+ let ?Bs = "{{x::real^'n. basis i \<bullet> x = 0}| i. i \<in> ?D}"
+ { fix x
+ { assume "x\<in>?A"
+ hence x:"\<forall>i\<in>?D. d < i \<longrightarrow> x $ i = 0" by auto
+ hence "x\<in> \<Inter> ?Bs" by(auto simp add: dot_basis x) }
+ moreover
+ { assume x:"x\<in>\<Inter>?Bs"
+ { fix i assume i:"i\<in>dimset x" and "d < i"
+ hence "i \<in> ?D" by auto
+ then obtain B where BB:"B \<in> ?Bs" and B:"B = {x::real^'n. basis i \<bullet> x = 0}" by auto
+ hence "x $ i = 0" unfolding B unfolding dot_basis[OF i] using x by auto }
+ hence "x\<in>?A" by auto }
+ ultimately have "x\<in>?A \<longleftrightarrow> x\<in> \<Inter>?Bs" by auto }
+ hence "?A = \<Inter> ?Bs" by auto
+ thus ?thesis by(auto simp add: closed_Inter closed_hyperplane)
+qed
+
+lemma dim_substandard:
+ assumes "d \<le> dimindex(UNIV::'n set)"
+ shows "dim {x::real^'n. \<forall>i \<in> dimset x. d < i --> x$i = 0} = d" (is "dim ?A = d")
+proof-
+ let ?D = "{1..dimindex (UNIV::'n set)}"
+ let ?B = "(basis::nat\<Rightarrow>real^'n) ` {1..d}"
+
+ let ?bas = "basis::nat \<Rightarrow> real^'n"
+
+ have "?B \<subseteq> ?A" by (auto simp add: basis_component)
+
+ moreover
+ { fix x::"real^'n" assume "x\<in>?A"
+ hence "x\<in> span ?B"
+ proof(induct d arbitrary: x)
+ case 0 hence "x=0" unfolding Cart_eq by auto
+ thus ?case using subspace_0[OF subspace_span[of "{}"]] by auto
+ next
+ case (Suc n)
+ hence *:"\<forall>i\<in>?D. Suc n < i \<longrightarrow> x $ i = 0" by auto
+ have **:"{1..n} \<subseteq> {1..Suc n}" by auto
+ def y \<equiv> "x - x$(Suc n) *s basis (Suc n)"
+ have y:"x = y + (x$Suc n) *s basis (Suc n)" unfolding y_def by auto
+ { fix i assume i:"i\<in>?D" and i':"n < i"
+ hence "y $ i = 0" unfolding y_def unfolding vector_minus_component[OF i]
+ and vector_smult_component[OF i] and basis_component[OF i] using i'
+ using *[THEN bspec[where x=i]] by auto }
+ hence "y \<in> span (basis ` {1..Suc n})" using Suc(1)[of y]
+ using span_mono[of "?bas ` {1..n}" "?bas ` {1..Suc n}"]
+ using image_mono[OF **, of basis] by auto
+ moreover
+ have "basis (Suc n) \<in> span (?bas ` {1..Suc n})" by(rule span_superset, auto)
+ hence "x$(Suc n) *s basis (Suc n) \<in> span (?bas ` {1..Suc n})" using span_mul by auto
+ ultimately
+ have "y + x$(Suc n) *s basis (Suc n) \<in> span (?bas ` {1..Suc n})"
+ using span_add by auto
+ thus ?case using y by auto
+ qed
+ }
+ hence "?A \<subseteq> span ?B" by auto
+
+ moreover
+ { fix x assume "x \<in> ?B"
+ hence "x\<in>{(basis i)::real^'n |i. i \<in> ?D}" using assms by auto }
+ hence "independent ?B" using independent_mono[OF independent_stdbasis, of ?B] and assms by auto
+
+ moreover
+ have "{1..d} \<subseteq> ?D" unfolding subset_eq using assms by auto
+ hence *:"inj_on (basis::nat\<Rightarrow>real^'n) {1..d}" using subset_inj_on[OF basis_inj, of "{1..d}"] using assms by auto
+ have "?B hassize d" unfolding hassize_def and card_image[OF *] by auto
+
+ ultimately show ?thesis using dim_unique[of "basis ` {1..d}" ?A] by auto
+qed
+
+text{* Hence closure and completeness of all subspaces. *}
+
+lemma closed_subspace: fixes s::"(real^'n) set"
+ assumes "subspace s" shows "closed s"
+proof-
+ let ?t = "{x::real^'n. \<forall>i\<in>{1..dimindex (UNIV :: 'n set)}. dim s<i \<longrightarrow> x$i = 0}"
+ have "dim s \<le> dimindex (UNIV :: 'n set)" using dim_subset_univ by auto
+ obtain f where f:"linear f" "f ` ?t = s" "inj_on f ?t"
+ using subspace_isomorphism[OF subspace_substandard[of "dim s"] assms]
+ using dim_substandard[OF dim_subset_univ[of s]] by auto
+ have "\<forall>x\<in>?t. f x = 0 \<longrightarrow> x = 0" using linear_0[OF f(1)] using f(3)[unfolded inj_on_def]
+ by(erule_tac x=0 in ballE) auto
+ moreover have "closed ?t" using closed_substandard by auto
+ moreover have "subspace ?t" using subspace_substandard by auto
+ ultimately show ?thesis using closed_injective_image_subspace[of ?t f]
+ unfolding f(2) using f(1) by auto
+qed
+
+lemma complete_subspace:
+ "subspace s ==> complete s"
+ using complete_eq_closed closed_subspace
+ by auto
+
+lemma dim_closure:
+ "dim(closure s) = dim s" (is "?dc = ?d")
+proof-
+ have "?dc \<le> ?d" using closure_minimal[OF span_inc, of s]
+ using closed_subspace[OF subspace_span, of s]
+ using dim_subset[of "closure s" "span s"] unfolding dim_span by auto
+ thus ?thesis using dim_subset[OF closure_subset, of s] by auto
+qed
+
+text{* Affine transformations of intervals. *}
+
+lemma affinity_inverses:
+ assumes m0: "m \<noteq> (0::'a::field)"
+ shows "(\<lambda>x. m *s x + c) o (\<lambda>x. inverse(m) *s x + (-(inverse(m) *s c))) = id"
+ "(\<lambda>x. inverse(m) *s x + (-(inverse(m) *s c))) o (\<lambda>x. m *s x + c) = id"
+ using m0
+apply (auto simp add: expand_fun_eq vector_add_ldistrib vector_smult_assoc)
+by (simp add: vector_smult_lneg[symmetric] vector_smult_assoc vector_sneg_minus1[symmetric])
+
+lemma real_affinity_le:
+ "0 < (m::'a::ordered_field) ==> (m * x + c \<le> y \<longleftrightarrow> x \<le> inverse(m) * y + -(c / m))"
+ by (simp add: field_simps inverse_eq_divide)
+
+lemma real_le_affinity:
+ "0 < (m::'a::ordered_field) ==> (y \<le> m * x + c \<longleftrightarrow> inverse(m) * y + -(c / m) \<le> x)"
+ by (simp add: field_simps inverse_eq_divide)
+
+lemma real_affinity_lt:
+ "0 < (m::'a::ordered_field) ==> (m * x + c < y \<longleftrightarrow> x < inverse(m) * y + -(c / m))"
+ by (simp add: field_simps inverse_eq_divide)
+
+lemma real_lt_affinity:
+ "0 < (m::'a::ordered_field) ==> (y < m * x + c \<longleftrightarrow> inverse(m) * y + -(c / m) < x)"
+ by (simp add: field_simps inverse_eq_divide)
+
+lemma real_affinity_eq:
+ "(m::'a::ordered_field) \<noteq> 0 ==> (m * x + c = y \<longleftrightarrow> x = inverse(m) * y + -(c / m))"
+ by (simp add: field_simps inverse_eq_divide)
+
+lemma real_eq_affinity:
+ "(m::'a::ordered_field) \<noteq> 0 ==> (y = m * x + c \<longleftrightarrow> inverse(m) * y + -(c / m) = x)"
+ by (simp add: field_simps inverse_eq_divide)
+
+lemma vector_affinity_eq:
+ assumes m0: "(m::'a::field) \<noteq> 0"
+ shows "m *s x + c = y \<longleftrightarrow> x = inverse m *s y + -(inverse m *s c)"
+proof
+ assume h: "m *s x + c = y"
+ hence "m *s x = y - c" by (simp add: ring_simps)
+ hence "inverse m *s (m *s x) = inverse m *s (y - c)" by simp
+ then show "x = inverse m *s y + - (inverse m *s c)"
+ using m0 by (simp add: vector_smult_assoc vector_ssub_ldistrib)
+next
+ assume h: "x = inverse m *s y + - (inverse m *s c)"
+ show "m *s x + c = y" unfolding h diff_minus[symmetric]
+ using m0 by (simp add: vector_smult_assoc vector_ssub_ldistrib)
+qed
+
+lemma vector_eq_affinity:
+ "(m::'a::field) \<noteq> 0 ==> (y = m *s x + c \<longleftrightarrow> inverse(m) *s y + -(inverse(m) *s c) = x)"
+ using vector_affinity_eq[where m=m and x=x and y=y and c=c]
+ by metis
+
+lemma image_affinity_interval: fixes m::real
+ shows "(\<lambda>x. m *s x + c) ` {a .. b} =
+ (if {a .. b} = {} then {}
+ else (if 0 \<le> m then {m *s a + c .. m *s b + c}
+ else {m *s b + c .. m *s a + c}))"
+proof(cases "m=0")
+ { fix x assume "x \<le> c" "c \<le> x"
+ hence "x=c" unfolding vector_less_eq_def and Cart_eq by(auto elim!: ballE) }
+ moreover case True
+ moreover have "c \<in> {m *s a + c..m *s b + c}" unfolding True by(auto simp add: vector_less_eq_def)
+ ultimately show ?thesis by auto
+next
+ case False
+ { fix y assume "a \<le> y" "y \<le> b" "m > 0"
+ hence "m *s a + c \<le> m *s y + c" "m *s y + c \<le> m *s b + c"
+ unfolding vector_less_eq_def by(auto simp add: vector_smult_component vector_add_component)
+ } moreover
+ { fix y assume "a \<le> y" "y \<le> b" "m < 0"
+ hence "m *s b + c \<le> m *s y + c" "m *s y + c \<le> m *s a + c"
+ unfolding vector_less_eq_def by(auto simp add: vector_smult_component vector_add_component mult_left_mono_neg elim!:ballE)
+ } moreover
+ { fix y assume "m > 0" "m *s a + c \<le> y" "y \<le> m *s b + c"
+ hence "y \<in> (\<lambda>x. m *s x + c) ` {a..b}"
+ unfolding image_iff Bex_def mem_interval vector_less_eq_def
+ apply(auto simp add: vector_smult_component vector_add_component vector_minus_component vector_smult_assoc pth_3[symmetric]
+ intro!: exI[where x="(1 / m) *s (y - c)"])
+ by(auto elim!: ballE simp add: pos_le_divide_eq pos_divide_le_eq real_mult_commute)
+ } moreover
+ { fix y assume "m *s b + c \<le> y" "y \<le> m *s a + c" "m < 0"
+ hence "y \<in> (\<lambda>x. m *s x + c) ` {a..b}"
+ unfolding image_iff Bex_def mem_interval vector_less_eq_def
+ apply(auto simp add: vector_smult_component vector_add_component vector_minus_component vector_smult_assoc pth_3[symmetric]
+ intro!: exI[where x="(1 / m) *s (y - c)"])
+ by(auto elim!: ballE simp add: neg_le_divide_eq neg_divide_le_eq real_mult_commute)
+ }
+ ultimately show ?thesis using False by auto
+qed
+
+subsection{* Banach fixed point theorem (not really topological...) *}
+
+lemma banach_fix:
+ assumes s:"complete s" "s \<noteq> {}" and c:"0 \<le> c" "c < 1" and f:"(f ` s) \<subseteq> s" and
+ lipschitz:"\<forall>x\<in>s. \<forall>y\<in>s. dist (f x) (f y) \<le> c * dist x y"
+ shows "\<exists>! x\<in>s. (f x = x)"
+proof-
+ have "1 - c > 0" using c by auto
+
+ from s(2) obtain z0 where "z0 \<in> s" by auto
+ def z \<equiv> "\<lambda> n::nat. fun_pow n f z0"
+ { fix n::nat
+ have "z n \<in> s" unfolding z_def
+ proof(induct n) case 0 thus ?case using `z0 \<in>s` by auto
+ next case Suc thus ?case using f by auto qed }
+ note z_in_s = this
+
+ def d \<equiv> "dist (z 0) (z 1)"
+
+ have fzn:"\<And>n. f (z n) = z (Suc n)" unfolding z_def by auto
+ { fix n::nat
+ have "dist (z n) (z (Suc n)) \<le> (c ^ n) * d"
+ proof(induct n)
+ case 0 thus ?case unfolding d_def by auto
+ next
+ case (Suc m)
+ hence "c * dist (z m) (z (Suc m)) \<le> c ^ Suc m * d"
+ using `0 \<le> c` using mult_mono1_class.mult_mono1[of "dist (z m) (z (Suc m))" "c ^ m * d" c] by auto
+ thus ?case using lipschitz[THEN bspec[where x="z m"], OF z_in_s, THEN bspec[where x="z (Suc m)"], OF z_in_s]
+ unfolding fzn and mult_le_cancel_left by auto
+ qed
+ } note cf_z = this
+
+ { fix n m::nat
+ have "(1 - c) * dist (z m) (z (m+n)) \<le> (c ^ m) * d * (1 - c ^ n)"
+ proof(induct n)
+ case 0 show ?case by auto
+ next
+ case (Suc k)
+ have "(1 - c) * dist (z m) (z (m + Suc k)) \<le> (1 - c) * (dist (z m) (z (m + k)) + dist (z (m + k)) (z (Suc (m + k))))"
+ using dist_triangle and c by(auto simp add: dist_triangle)
+ also have "\<dots> \<le> (1 - c) * (dist (z m) (z (m + k)) + c ^ (m + k) * d)"
+ using cf_z[of "m + k"] and c by auto
+ also have "\<dots> \<le> c ^ m * d * (1 - c ^ k) + (1 - c) * c ^ (m + k) * d"
+ using Suc by (auto simp add: ring_simps)
+ also have "\<dots> = (c ^ m) * (d * (1 - c ^ k) + (1 - c) * c ^ k * d)"
+ unfolding power_add by (auto simp add: ring_simps)
+ also have "\<dots> \<le> (c ^ m) * d * (1 - c ^ Suc k)"
+ using c by (auto simp add: ring_simps dist_pos_le)
+ finally show ?case by auto
+ qed
+ } note cf_z2 = this
+ { fix e::real assume "e>0"
+ hence "\<exists>N. \<forall>m n. N \<le> m \<and> N \<le> n \<longrightarrow> dist (z m) (z n) < e"
+ proof(cases "d = 0")
+ case True
+ hence "\<And>n. z n = z0" using cf_z2[of 0] and c unfolding z_def by (auto simp add: pos_prod_le[OF `1 - c > 0`] dist_le_0)
+ thus ?thesis using `e>0` by auto
+ next
+ case False hence "d>0" unfolding d_def using dist_pos_le[of "z 0" "z 1"]
+ by (metis False d_def real_less_def)
+ hence "0 < e * (1 - c) / d" using `e>0` and `1-c>0`
+ using divide_pos_pos[of "e * (1 - c)" d] and mult_pos_pos[of e "1 - c"] by auto
+ then obtain N where N:"c ^ N < e * (1 - c) / d" using real_arch_pow_inv[of "e * (1 - c) / d" c] and c by auto
+ { fix m n::nat assume "m>n" and as:"m\<ge>N" "n\<ge>N"
+ have *:"c ^ n \<le> c ^ N" using `n\<ge>N` and c using power_decreasing[OF `n\<ge>N`, of c] by auto
+ have "1 - c ^ (m - n) > 0" using c and power_strict_mono[of c 1 "m - n"] using `m>n` by auto
+ hence **:"d * (1 - c ^ (m - n)) / (1 - c) > 0"
+ using real_mult_order[OF `d>0`, of "1 - c ^ (m - n)"]
+ using divide_pos_pos[of "d * (1 - c ^ (m - n))" "1 - c"]
+ using `0 < 1 - c` by auto
+
+ have "dist (z m) (z n) \<le> c ^ n * d * (1 - c ^ (m - n)) / (1 - c)"
+ using cf_z2[of n "m - n"] and `m>n` unfolding pos_le_divide_eq[OF `1-c>0`]
+ by (auto simp add: real_mult_commute dist_sym)
+ also have "\<dots> \<le> c ^ N * d * (1 - c ^ (m - n)) / (1 - c)"
+ using mult_right_mono[OF * order_less_imp_le[OF **]]
+ unfolding real_mult_assoc by auto
+ also have "\<dots> < (e * (1 - c) / d) * d * (1 - c ^ (m - n)) / (1 - c)"
+ using mult_strict_right_mono[OF N **] unfolding real_mult_assoc by auto
+ also have "\<dots> = e * (1 - c ^ (m - n))" using c and `d>0` and `1 - c > 0` by auto
+ also have "\<dots> \<le> e" using c and `1 - c ^ (m - n) > 0` and `e>0` using mult_right_le_one_le[of e "1 - c ^ (m - n)"] by auto
+ finally have "dist (z m) (z n) < e" by auto
+ } note * = this
+ { fix m n::nat assume as:"N\<le>m" "N\<le>n"
+ hence "dist (z n) (z m) < e"
+ proof(cases "n = m")
+ case True thus ?thesis using `e>0` by auto
+ next
+ case False thus ?thesis using as and *[of n m] *[of m n] unfolding nat_neq_iff by (auto simp add: dist_sym)
+ qed }
+ thus ?thesis by auto
+ qed
+ }
+ hence "cauchy z" unfolding cauchy_def by auto
+ then obtain x where "x\<in>s" and x:"(z ---> x) sequentially" using s(1)[unfolded compact_def complete_def, THEN spec[where x=z]] and z_in_s by auto
+
+ def e \<equiv> "dist (f x) x"
+ have "e = 0" proof(rule ccontr)
+ assume "e \<noteq> 0" hence "e>0" unfolding e_def using dist_pos_le[of "f x" x]
+ by (metis dist_eq_0 dist_nz dist_sym e_def)
+ then obtain N where N:"\<forall>n\<ge>N. dist (z n) x < e / 2"
+ using x[unfolded Lim_sequentially, THEN spec[where x="e/2"]] by auto
+ hence N':"dist (z N) x < e / 2" by auto
+
+ have *:"c * dist (z N) x \<le> dist (z N) x" unfolding mult_le_cancel_right2
+ using dist_pos_le[of "z N" x] and c
+ by (metis dist_eq_0 dist_nz dist_sym order_less_asym real_less_def)
+ have "dist (f (z N)) (f x) \<le> c * dist (z N) x" using lipschitz[THEN bspec[where x="z N"], THEN bspec[where x=x]]
+ using z_in_s[of N] `x\<in>s` using c by auto
+ also have "\<dots> < e / 2" using N' and c using * by auto
+ finally show False unfolding fzn
+ using N[THEN spec[where x="Suc N"]] and dist_triangle_half_r[of "z (Suc N)" "f x" e x]
+ unfolding e_def by auto
+ qed
+ hence "f x = x" unfolding e_def and dist_eq_0 by auto
+ moreover
+ { fix y assume "f y = y" "y\<in>s"
+ hence "dist x y \<le> c * dist x y" using lipschitz[THEN bspec[where x=x], THEN bspec[where x=y]]
+ using `x\<in>s` and `f x = x` by auto
+ hence "dist x y = 0" unfolding mult_le_cancel_right1
+ using c and dist_pos_le[of x y] by auto
+ hence "y = x" unfolding dist_eq_0 by auto
+ }
+ ultimately show ?thesis unfolding Bex1_def using `x\<in>s` by blast+
+qed
+
+subsection{* Edelstein fixed point theorem. *}
+
+lemma edelstein_fix:
+ assumes s:"compact s" "s \<noteq> {}" and gs:"(g ` s) \<subseteq> s"
+ and dist:"\<forall>x\<in>s. \<forall>y\<in>s. x \<noteq> y \<longrightarrow> dist (g x) (g y) < dist x y"
+ shows "\<exists>! x::real^'a\<in>s. g x = x"
+proof(cases "\<exists>x\<in>s. g x \<noteq> x")
+ obtain x where "x\<in>s" using s(2) by auto
+ case False hence g:"\<forall>x\<in>s. g x = x" by auto
+ { fix y assume "y\<in>s"
+ hence "x = y" using `x\<in>s` and dist[THEN bspec[where x=x], THEN bspec[where x=y]]
+ unfolding g[THEN bspec[where x=x], OF `x\<in>s`]
+ unfolding g[THEN bspec[where x=y], OF `y\<in>s`] by auto }
+ thus ?thesis unfolding Bex1_def using `x\<in>s` and g by blast+
+next
+ case True
+ then obtain x where [simp]:"x\<in>s" and "g x \<noteq> x" by auto
+ { fix x y assume "x \<in> s" "y \<in> s"
+ hence "dist (g x) (g y) \<le> dist x y"
+ using dist[THEN bspec[where x=x], THEN bspec[where x=y]] by auto } note dist' = this
+ def y \<equiv> "g x"
+ have [simp]:"y\<in>s" unfolding y_def using gs[unfolded image_subset_iff] and `x\<in>s` by blast
+ def f \<equiv> "\<lambda> n. fun_pow n g"
+ have [simp]:"\<And>n z. g (f n z) = f (Suc n) z" unfolding f_def by auto
+ have [simp]:"\<And>z. f 0 z = z" unfolding f_def by auto
+ { fix n::nat and z assume "z\<in>s"
+ have "f n z \<in> s" unfolding f_def
+ proof(induct n)
+ case 0 thus ?case using `z\<in>s` by simp
+ next
+ case (Suc n) thus ?case using gs[unfolded image_subset_iff] by auto
+ qed } note fs = this
+ { fix m n ::nat assume "m\<le>n"
+ fix w z assume "w\<in>s" "z\<in>s"
+ have "dist (f n w) (f n z) \<le> dist (f m w) (f m z)" using `m\<le>n`
+ proof(induct n)
+ case 0 thus ?case by auto
+ next
+ case (Suc n)
+ thus ?case proof(cases "m\<le>n")
+ case True thus ?thesis using Suc(1)
+ using dist'[OF fs fs, OF `w\<in>s` `z\<in>s`, of n n] by auto
+ next
+ case False hence mn:"m = Suc n" using Suc(2) by simp
+ show ?thesis unfolding mn by auto
+ qed
+ qed } note distf = this
+
+ def h \<equiv> "\<lambda>n. pastecart (f n x) (f n y)"
+ let ?s2 = "{pastecart x y |x y. x \<in> s \<and> y \<in> s}"
+ obtain l r where "l\<in>?s2" and r:"\<forall>m n. m < n \<longrightarrow> r m < r n" and lr:"((h \<circ> r) ---> l) sequentially"
+ using compact_pastecart[OF s(1) s(1), unfolded compact_def, THEN spec[where x=h]] unfolding h_def
+ using fs[OF `x\<in>s`] and fs[OF `y\<in>s`] by blast
+ def a \<equiv> "fstcart l" def b \<equiv> "sndcart l"
+ have lab:"l = pastecart a b" unfolding a_def b_def and pastecart_fst_snd by simp
+ have [simp]:"a\<in>s" "b\<in>s" unfolding a_def b_def using `l\<in>?s2` by auto
+
+ have "continuous_on UNIV fstcart" and "continuous_on UNIV sndcart"
+ using linear_continuous_on using linear_fstcart and linear_sndcart by auto
+ hence lima:"((fstcart \<circ> (h \<circ> r)) ---> a) sequentially" and limb:"((sndcart \<circ> (h \<circ> r)) ---> b) sequentially"
+ unfolding atomize_conj unfolding continuous_on_sequentially
+ apply(erule_tac x="h \<circ> r" in allE) apply(erule_tac x="h \<circ> r" in allE) using lr
+ unfolding o_def and h_def a_def b_def by auto
+
+ { fix n::nat
+ have *:"\<And>fx fy x y. dist fx fy \<le> dist x y \<Longrightarrow> \<not> (dist (fx - fy) (a - b) < dist a b - dist x y)" unfolding dist_def by norm
+ { fix x y ::"real^'a"
+ have "dist (-x) (-y) = dist x y" unfolding dist_def
+ using norm_minus_cancel[of "x - y"] by (auto simp add: uminus_add_conv_diff) } note ** = this
+
+ { assume as:"dist a b > dist (f n x) (f n y)"
+ then obtain Na Nb where "\<forall>m\<ge>Na. dist (f (r m) x) a < (dist a b - dist (f n x) (f n y)) / 2"
+ and "\<forall>m\<ge>Nb. dist (f (r m) y) b < (dist a b - dist (f n x) (f n y)) / 2"
+ using lima limb unfolding h_def Lim_sequentially by (fastsimp simp del: Arith_Tools.less_divide_eq_number_of1)
+ hence "dist (f (r (Na + Nb + n)) x - f (r (Na + Nb + n)) y) (a - b) < dist a b - dist (f n x) (f n y)"
+ apply(erule_tac x="Na+Nb+n" in allE)
+ apply(erule_tac x="Na+Nb+n" in allE) apply simp
+ using dist_triangle_add_half[of a "f (r (Na + Nb + n)) x" "dist a b - dist (f n x) (f n y)"
+ "-b" "- f (r (Na + Nb + n)) y"]
+ unfolding ** unfolding group_simps(12) by (auto simp add: dist_sym)
+ moreover
+ have "dist (f (r (Na + Nb + n)) x - f (r (Na + Nb + n)) y) (a - b) \<ge> dist a b - dist (f n x) (f n y)"
+ using distf[of n "r (Na+Nb+n)", OF _ `x\<in>s` `y\<in>s`]
+ using monotone_bigger[OF r, of "Na+Nb+n"]
+ using *[of "f (r (Na + Nb + n)) x" "f (r (Na + Nb + n)) y" "f n x" "f n y"] by auto
+ ultimately have False by simp
+ }
+ hence "dist a b \<le> dist (f n x) (f n y)" by(rule ccontr)auto }
+ note ab_fn = this
+
+ have [simp]:"a = b" proof(rule ccontr)
+ def e \<equiv> "dist a b - dist (g a) (g b)"
+ assume "a\<noteq>b" hence "e > 0" unfolding e_def using dist by fastsimp
+ hence "\<exists>n. dist (f n x) a < e/2 \<and> dist (f n y) b < e/2"
+ using lima limb unfolding Lim_sequentially
+ apply (auto elim!: allE[where x="e/2"]) apply(rule_tac x="r (max N Na)" in exI) unfolding h_def by fastsimp
+ then obtain n where n:"dist (f n x) a < e/2 \<and> dist (f n y) b < e/2" by auto
+ have "dist (f (Suc n) x) (g a) \<le> dist (f n x) a"
+ using dist[THEN bspec[where x="f n x"], THEN bspec[where x="a"]] and fs by auto
+ moreover have "dist (f (Suc n) y) (g b) \<le> dist (f n y) b"
+ using dist[THEN bspec[where x="f n y"], THEN bspec[where x="b"]] and fs by auto
+ ultimately have "dist (f (Suc n) x) (g a) + dist (f (Suc n) y) (g b) < e" using n by auto
+ thus False unfolding e_def using ab_fn[of "Suc n"] by norm
+ qed
+
+ have [simp]:"\<And>n. f (Suc n) x = f n y" unfolding f_def y_def by(induct_tac n)auto
+ { fix x y assume "x\<in>s" "y\<in>s" moreover
+ fix e::real assume "e>0" ultimately
+ have "dist y x < e \<longrightarrow> dist (g y) (g x) < e" using dist by fastsimp }
+ hence "continuous_on s g" unfolding continuous_on_def by auto
+
+ hence "((sndcart \<circ> h \<circ> r) ---> g a) sequentially" unfolding continuous_on_sequentially
+ apply (rule allE[where x="\<lambda>n. (fstcart \<circ> h \<circ> r) n"]) apply (erule ballE[where x=a])
+ using lima unfolding h_def o_def using fs[OF `x\<in>s`] by (auto simp add: y_def)
+ hence "g a = a" using Lim_unique[OF trivial_limit_sequentially limb, of "g a"]
+ unfolding `a=b` and o_assoc by auto
+ moreover
+ { fix x assume "x\<in>s" "g x = x" "x\<noteq>a"
+ hence "False" using dist[THEN bspec[where x=a], THEN bspec[where x=x]]
+ using `g a = a` and `a\<in>s` by auto }
+ ultimately show "\<exists>!x\<in>s. g x = x" unfolding Bex1_def using `a\<in>s` by blast
+qed
+
+end
\ No newline at end of file
--- a/src/HOL/Nominal/nominal_primrec.ML Thu Mar 05 02:20:06 2009 +0100
+++ b/src/HOL/Nominal/nominal_primrec.ML Thu Mar 05 02:24:36 2009 +0100
@@ -374,7 +374,9 @@
in
lthy''
|> LocalTheory.note Thm.theoremK ((qualify (Binding.name "simps"),
- [Attrib.internal (K Simplifier.simp_add)]), maps snd simps')
+ map (Attrib.internal o K)
+ [Simplifier.simp_add, Nitpick_Const_Simp_Thms.add]),
+ maps snd simps')
|> snd
end)
[goals] |>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/HOL/Option.thy Thu Mar 05 02:24:36 2009 +0100
@@ -0,0 +1,124 @@
+(* Title: HOL/Option.thy
+ Author: Folklore
+*)
+
+header {* Datatype option *}
+
+theory Option
+imports Datatype
+begin
+
+datatype 'a option = None | Some 'a
+
+lemma not_None_eq [iff]: "(x ~= None) = (EX y. x = Some y)"
+ by (induct x) auto
+
+lemma not_Some_eq [iff]: "(ALL y. x ~= Some y) = (x = None)"
+ by (induct x) auto
+
+text{*Although it may appear that both of these equalities are helpful
+only when applied to assumptions, in practice it seems better to give
+them the uniform iff attribute. *}
+
+lemma option_caseE:
+ assumes c: "(case x of None => P | Some y => Q y)"
+ obtains
+ (None) "x = None" and P
+ | (Some) y where "x = Some y" and "Q y"
+ using c by (cases x) simp_all
+
+lemma insert_None_conv_UNIV: "insert None (range Some) = UNIV"
+ by (rule set_ext, case_tac x) auto
+
+lemma inj_Some [simp]: "inj_on Some A"
+ by (rule inj_onI) simp
+
+
+subsubsection {* Operations *}
+
+primrec the :: "'a option => 'a" where
+"the (Some x) = x"
+
+primrec set :: "'a option => 'a set" where
+"set None = {}" |
+"set (Some x) = {x}"
+
+lemma ospec [dest]: "(ALL x:set A. P x) ==> A = Some x ==> P x"
+ by simp
+
+declaration {* fn _ =>
+ Classical.map_cs (fn cs => cs addSD2 ("ospec", thm "ospec"))
+*}
+
+lemma elem_set [iff]: "(x : set xo) = (xo = Some x)"
+ by (cases xo) auto
+
+lemma set_empty_eq [simp]: "(set xo = {}) = (xo = None)"
+ by (cases xo) auto
+
+definition
+ map :: "('a \<Rightarrow> 'b) \<Rightarrow> 'a option \<Rightarrow> 'b option"
+where
+ [code del]: "map = (%f y. case y of None => None | Some x => Some (f x))"
+
+lemma option_map_None [simp, code]: "map f None = None"
+ by (simp add: map_def)
+
+lemma option_map_Some [simp, code]: "map f (Some x) = Some (f x)"
+ by (simp add: map_def)
+
+lemma option_map_is_None [iff]:
+ "(map f opt = None) = (opt = None)"
+ by (simp add: map_def split add: option.split)
+
+lemma option_map_eq_Some [iff]:
+ "(map f xo = Some y) = (EX z. xo = Some z & f z = y)"
+ by (simp add: map_def split add: option.split)
+
+lemma option_map_comp:
+ "map f (map g opt) = map (f o g) opt"
+ by (simp add: map_def split add: option.split)
+
+lemma option_map_o_sum_case [simp]:
+ "map f o sum_case g h = sum_case (map f o g) (map f o h)"
+ by (rule ext) (simp split: sum.split)
+
+
+hide (open) const set map
+
+subsubsection {* Code generator setup *}
+
+definition
+ is_none :: "'a option \<Rightarrow> bool" where
+ is_none_none [code post, symmetric, code inline]: "is_none x \<longleftrightarrow> x = None"
+
+lemma is_none_code [code]:
+ shows "is_none None \<longleftrightarrow> True"
+ and "is_none (Some x) \<longleftrightarrow> False"
+ unfolding is_none_none [symmetric] by simp_all
+
+hide (open) const is_none
+
+code_type option
+ (SML "_ option")
+ (OCaml "_ option")
+ (Haskell "Maybe _")
+
+code_const None and Some
+ (SML "NONE" and "SOME")
+ (OCaml "None" and "Some _")
+ (Haskell "Nothing" and "Just")
+
+code_instance option :: eq
+ (Haskell -)
+
+code_const "eq_class.eq \<Colon> 'a\<Colon>eq option \<Rightarrow> 'a option \<Rightarrow> bool"
+ (Haskell infixl 4 "==")
+
+code_reserved SML
+ option NONE SOME
+
+code_reserved OCaml
+ option None Some
+
+end
--- a/src/HOL/Statespace/state_space.ML Thu Mar 05 02:20:06 2009 +0100
+++ b/src/HOL/Statespace/state_space.ML Thu Mar 05 02:24:36 2009 +0100
@@ -611,7 +611,7 @@
Syntax.const "StateFun.lookup"$Syntax.free (project_name T)$Syntax.free n$s
| NONE =>
if get_silent (Context.Proof ctxt)
- then Syntax.const "StateFun.lookup"$Syntax.const "arbitrary"$Syntax.free n$s
+ then Syntax.const "StateFun.lookup" $ Syntax.const "undefined" $ Syntax.free n $ s
else raise TERM ("StateSpace.gen_lookup_tr: component " ^ n ^ " not defined",[]));
fun lookup_tr ctxt [s,Free (n,_)] = gen_lookup_tr ctxt s n;
@@ -637,8 +637,8 @@
| NONE =>
if get_silent (Context.Proof ctxt)
then Syntax.const "StateFun.update"$
- Syntax.const "arbitrary"$Syntax.const "arbitrary"$
- Syntax.free n$(Syntax.const KN $ v)$s
+ Syntax.const "undefined" $ Syntax.const "undefined" $
+ Syntax.free n $ (Syntax.const KN $ v) $ s
else raise TERM ("StateSpace.gen_update_tr: component " ^ n ^ " not defined",[]))
end;
--- a/src/HOL/Tools/datatype_package.ML Thu Mar 05 02:20:06 2009 +0100
+++ b/src/HOL/Tools/datatype_package.ML Thu Mar 05 02:24:36 2009 +0100
@@ -629,14 +629,6 @@
(** a datatype antiquotation **)
-local
-
-val sym_datatype = Pretty.command "datatype";
-val sym_binder = Pretty.str "\\ {\\isacharequal}"; (*FIXME use proper symbol*)
-val sym_sep = Pretty.str "{\\isacharbar}\\ ";
-
-in
-
fun args_datatype (ctxt, args) =
let
val (tyco, (ctxt', args')) = Args.tyname (ctxt, args);
@@ -654,26 +646,19 @@
in if member (op =) s " " then Pretty.enclose "(" ")" [p]
else p
end;
- fun pretty_constr (co, []) =
- Syntax.pretty_term ctxt (Const (co, ty))
- | pretty_constr (co, [ty']) =
- (Pretty.block o Pretty.breaks)
- [Syntax.pretty_term ctxt (Const (co, ty' --> ty)),
- pretty_typ_br ty']
- | pretty_constr (co, tys) =
- (Pretty.block o Pretty.breaks)
- (Syntax.pretty_term ctxt (Const (co, tys ---> ty)) ::
- map pretty_typ_br tys);
+ fun pretty_constr (co, tys) =
+ (Pretty.block o Pretty.breaks)
+ (Syntax.pretty_term ctxt (Const (co, tys ---> ty)) ::
+ map pretty_typ_br tys);
in
Pretty.block
- (sym_datatype :: Pretty.brk 1 ::
+ (Pretty.command "datatype" :: Pretty.brk 1 ::
Syntax.pretty_typ ctxt ty ::
- sym_binder :: Pretty.brk 1 ::
- flat (separate [Pretty.brk 1, sym_sep]
+ Pretty.str " =" :: Pretty.brk 1 ::
+ flat (separate [Pretty.brk 1, Pretty.str "| "]
(map (single o pretty_constr) cos)))
end
-end;
(** package setup **)
--- a/src/Pure/ML/ml_thms.ML Thu Mar 05 02:20:06 2009 +0100
+++ b/src/Pure/ML/ml_thms.ML Thu Mar 05 02:24:36 2009 +0100
@@ -48,25 +48,30 @@
(* ad-hoc goals *)
+val and_ = Args.$$$ "and";
val by = Args.$$$ "by";
-val goal = Scan.unless (Scan.lift by) Args.prop;
+val goal = Scan.unless (by || and_) Args.name;
val _ = ML_Context.add_antiq "lemma"
- (fn pos => Args.context -- Args.mode "open" -- Scan.repeat1 goal --
- Scan.lift (by |-- Method.parse -- Scan.option Method.parse) >>
- (fn (((ctxt, is_open), props), methods) => fn {struct_name, background} =>
+ (fn pos => Args.context -- Args.mode "open" --
+ Scan.lift (OuterParse.and_list1 (Scan.repeat1 goal) --
+ (by |-- Method.parse -- Scan.option Method.parse)) >>
+ (fn ((ctxt, is_open), (raw_propss, methods)) => fn {struct_name, background} =>
let
+ val propss = burrow (map (rpair []) o Syntax.read_props ctxt) raw_propss;
val i = serial ();
val prep_result =
Goal.norm_result #> Thm.default_position pos #> not is_open ? Thm.close_derivation;
- fun after_qed [res] goal_ctxt =
- put_thms (i, map prep_result (ProofContext.export goal_ctxt ctxt res)) goal_ctxt;
+ fun after_qed res goal_ctxt =
+ put_thms (i, map prep_result (ProofContext.export goal_ctxt ctxt (flat res))) goal_ctxt;
val ctxt' = ctxt
- |> Proof.theorem_i NONE after_qed [map (rpair []) props]
+ |> Proof.theorem_i NONE after_qed propss
|> Proof.global_terminal_proof methods;
val (a, background') = background
|> ML_Antiquote.variant "lemma" ||> put_thms (i, the_thms ctxt' i);
- val ml = (thm_bind (if length props = 1 then "thm" else "thms") a i, struct_name ^ "." ^ a);
+ val ml =
+ (thm_bind (if length (flat propss) = 1 then "thm" else "thms") a i,
+ struct_name ^ "." ^ a);
in (K ml, background') end));
end;
--- a/src/Pure/axclass.ML Thu Mar 05 02:20:06 2009 +0100
+++ b/src/Pure/axclass.ML Thu Mar 05 02:24:36 2009 +0100
@@ -234,7 +234,10 @@
val map_inst_params = AxClassData.map o apsnd o apsnd;
fun get_inst_param thy (c, tyco) =
- (the o Symtab.lookup ((the o Symtab.lookup (fst (get_inst_params thy))) c)) tyco;
+ case Symtab.lookup ((the_default Symtab.empty o Symtab.lookup (fst (get_inst_params thy))) c) tyco
+ of SOME c' => c'
+ | NONE => error ("No instance parameter for constant " ^ quote c
+ ^ " on type constructor " ^ quote tyco);
fun add_inst_param (c, tyco) inst = (map_inst_params o apfst
o Symtab.map_default (c, Symtab.empty)) (Symtab.update_new (tyco, inst))