author urbanc Wed, 12 Mar 2008 11:57:12 +0100 changeset 26262 f5cb9602145f parent 26261 b6a103ace4db child 26263 c95b91870e3b
tuned
```--- a/src/HOL/Nominal/Examples/Height.thy	Wed Mar 12 08:47:37 2008 +0100
+++ b/src/HOL/Nominal/Examples/Height.thy	Wed Mar 12 11:57:12 2008 +0100
@@ -5,7 +5,7 @@
begin

text {*
-  A trivial problem suggested by D. Wang. It shows how
+  A small problem suggested by D. Wang. It shows how
the height of a lambda-terms behaves under substitution.
*}

@@ -17,7 +17,6 @@
| Lam "\<guillemotleft>name\<guillemotright>lam" ("Lam [_]._" [100,100] 100)

text {* Definition of the height-function on lambda-terms. *}
-
consts
height :: "lam \<Rightarrow> int"

@@ -46,7 +45,7 @@
apply(fresh_guess)+
done

-text{* The next lemma is needed in the Var-case of the theorem. *}
+text{* The next lemma is needed in the Var-case of the theorem below. *}

lemma height_ge_one:
shows "1 \<le> (height e)"
@@ -54,26 +53,46 @@

text {*
Unlike the proplem suggested by Wang, however, the
-  theorem is here formulated  entirely by using functions.
+  theorem is here formulated entirely by using functions.
*}

theorem height_subst:
-  shows "height (e[x::=e']) \<le> (((height e) - 1) + (height e'))"
+  shows "height (e[x::=e']) \<le> ((height e) - 1) + (height e')"
proof (nominal_induct e avoiding: x e' rule: lam.induct)
case (Var y)
have "1 \<le> height e'" by (rule height_ge_one)
then show "height (Var y[x::=e']) \<le> height (Var y) - 1 + height e'" by simp
next
case (Lam y e1)
-  hence ih: "height (e1[x::=e']) \<le> (((height e1) - 1) + (height e'))" by simp
+  hence ih: "height (e1[x::=e']) \<le> ((height e1) - 1) + (height e')" by simp
moreover
have vc: "y\<sharp>x" "y\<sharp>e'" by fact+ (* usual variable convention *)
ultimately show "height ((Lam [y].e1)[x::=e']) \<le> height (Lam [y].e1) - 1 + height e'" by simp
next
case (App e1 e2)
-  hence ih1: "height (e1[x::=e']) \<le> (((height e1) - 1) + (height e'))"
-    and ih2: "height (e2[x::=e']) \<le> (((height e2) - 1) + (height e'))" by simp_all
+  hence ih1: "height (e1[x::=e']) \<le> ((height e1) - 1) + (height e')"
+    and ih2: "height (e2[x::=e']) \<le> ((height e2) - 1) + (height e')" by simp_all
then show "height ((App e1 e2)[x::=e']) \<le> height (App e1 e2) - 1 + height e'"  by simp
qed

+theorem height_subst:
+  shows "height (e[x::=e']) \<le> ((height e) - 1) + (height e')"
+proof (nominal_induct e avoiding: x e' rule: lam.induct)
+  case (Var y)
+  have "1 \<le> height e'" by (rule height_ge_one)
+  then show "height (Var y[x::=e']) \<le> height (Var y) - 1 + height e'" by simp
+next
+  case (Lam y e1)
+  hence ih: "height (e1[x::=e']) \<le> ((height e1) - 1) + (height e')" by simp
+  moreover
+  have vc: "y\<sharp>x" "y\<sharp>e'" by fact+ (* usual variable convention *)
+  ultimately show "height ((Lam [y].e1)[x::=e']) \<le> height (Lam [y].e1) - 1 + height e'" by simp
+next
+  case (App e1 e2)
+  hence ih1: "height (e1[x::=e']) \<le> ((height e1) - 1) + (height e')"
+    and ih2: "height (e2[x::=e']) \<le> ((height e2) - 1) + (height e')" by simp_all
+  then show "height ((App e1 e2)[x::=e']) \<le> height (App e1 e2) - 1 + height e'"  by simp
+qed
+
+
end```
```--- a/src/HOL/Nominal/Examples/Support.thy	Wed Mar 12 08:47:37 2008 +0100
+++ b/src/HOL/Nominal/Examples/Support.thy	Wed Mar 12 11:57:12 2008 +0100
@@ -9,11 +9,10 @@

x\<sharp>(A \<union> B) does not imply  x\<sharp>A and  x\<sharp>B

-  with A and B being sets. For this we set A to the set of
-  even atoms and B to the set of odd atoms. Then A \<union> B, that
-  is the set of all atoms, has empty support. The sets A,
-  respectively B, however have the set of all atoms as
-  their support.
+  For this we set A to the set of even atoms and B to
+  the set of odd atoms. Then A \<union> B, that is the set of
+  all atoms, has empty support. The sets A, respectively B,
+  however have the set of all atoms as their support.
*}

atom_decl atom
@@ -38,7 +37,7 @@

text {*
The union of even and odd atoms is the set of all atoms.
-  Unfortunately I do not know a simpler proof of this fact. *}
+  (Unfortunately I do not know a simpler proof of this fact.) *}
lemma EVEN_union_ODD:
shows "EVEN \<union> ODD = UNIV"
using even_or_odd
@@ -84,7 +83,7 @@
qed

text {*
-  A general fact about a set S of names that is both infinite and
+  A general fact about a set S of atoms that is both infinite and
coinfinite. Then S has all atoms as its support. Steve Zdancewick
helped with proving this fact. *}
```
```--- a/src/HOL/Nominal/Examples/VC_Condition.thy	Wed Mar 12 08:47:37 2008 +0100
+++ b/src/HOL/Nominal/Examples/VC_Condition.thy	Wed Mar 12 11:57:12 2008 +0100
@@ -5,7 +5,7 @@
begin

text {*
-  We give here two examples that show if we use the variable
+  We give here two examples showing that if we use the variable
convention carelessly in rule inductions, we might end
up with faulty lemmas. The point is that the examples
are not variable-convention compatible and therefore in the
@@ -109,7 +109,7 @@
text {*
Now comes the first faulty lemma. It is derived using the
variable convention (i.e. our strong induction principle).
-  This faulty lemma states that if t unbinds to x::xs and t',
+  This faulty lemma states that if t unbinds to x#xs and t',
and x is a free variable in t', then it is also a free
variable in bind xs t'. We show this lemma by assuming that
the binder x is fresh w.r.t. to the xs unbound previously. *}
@@ -183,30 +183,27 @@
then show "False" by (simp add: fresh_atm)
qed

-text {*
-  Moral: Who would have thought that the variable convention
-  is in general an unsound reasoning principle.
-  *}
-
-
-text
-  {* BTW: A similar effect can be achieved by using naive (that
-     is strong) inversion rules. *}
+text {* A similar effect can be achieved by using naive inversion
+  on rules. *}

lemma false3:
shows "False"
proof -
have "Lam [x].(Var x) \<rightarrow> (Var x)" by (auto intro: strip.intros)
-  moreover obtain y::name where y: "y\<sharp>x"
-    by (rule exists_fresh) (rule fin_supp)
+  moreover obtain y::"name" where fc: "y\<sharp>x" by (rule exists_fresh) (rule fin_supp)
then have "Lam [x].(Var x) = Lam [y].(Var y)"
by (simp add: lam.inject alpha calc_atm fresh_atm)
ultimately have "Lam [y].(Var y) \<rightarrow> (Var x)" by simp
-  then have "Var y \<rightarrow> Var x" using y
-    by (cases rule: strip.strong_cases [where x=y])
+  then have "Var y \<rightarrow> Var x" using fc
+    by (cases rule: strip.strong_cases[where x=y])
(simp_all add: lam.inject alpha abs_fresh)
-  then show "False" using y
+  then show "False" using fc
by (cases) (simp_all add: lam.inject fresh_atm)
qed

+text {*
+  Moral: Who would have thought that the variable convention
+  is in general an unsound reasoning principle.
+  *}
+
end
\ No newline at end of file```
```--- a/src/HOL/Nominal/Examples/Weakening.thy	Wed Mar 12 08:47:37 2008 +0100
+++ b/src/HOL/Nominal/Examples/Weakening.thy	Wed Mar 12 11:57:12 2008 +0100
@@ -150,8 +150,10 @@
oops

text{*
-  To show that the proof is not simple, here proof without using
-  the variable convention.
+  To show that the proof with explicit renaming is not simple,
+  here is the proof without using the variable convention. It
+  crucially depends on the equivariance property of the typing
+  relation.

*}

@@ -197,7 +199,7 @@
then show "\<Gamma>2 \<turnstile> Lam [c].([(c,x)]\<bullet>t) : T1 \<rightarrow> T2" using fc1 by auto
qed
ultimately show "\<Gamma>2 \<turnstile> Lam [x].t : T1 \<rightarrow> T2" by simp
-qed (auto)
+qed (auto) (* var and app cases *)

text {*
Moral: compare the proof with explicit renamings to weakening_version1 ```