diff --git a/thys/Quantales_Converse/Kleene_Algebra_Converse.thy b/thys/Quantales_Converse/Kleene_Algebra_Converse.thy new file mode 100644 --- /dev/null +++ b/thys/Quantales_Converse/Kleene_Algebra_Converse.thy @@ -0,0 +1,159 @@ +(* +Title: Kleene algebra with converse +Author: Cameron Calk, Georg Struth +Maintainer: Georg Struth +*) + +section \Kleene algebra with converse\ + +theory "Kleene_Algebra_Converse" + imports Kleene_Algebra.Kleene_Algebra + +begin + +text \We start from involutive dioids and Kleene algebra and then add a so-called strong Gelfand property +to obtain an operation of converse that is closer to algebras of paths and relations.\ + +subsection \Involutive Kleene algebra\ + +class invol_op = + fixes invol :: "'a \ 'a" ("_\<^sup>\" [101] 100) + +class involutive_dioid = dioid_one_zero + invol_op + + assumes inv_invol [simp]: "(x\<^sup>\)\<^sup>\ = x" + and inv_contrav [simp]: "(x \ y)\<^sup>\ = y\<^sup>\ \ x\<^sup>\" + and inv_sup [simp]: "(x + y)\<^sup>\ = x\<^sup>\ + y\<^sup>\" + +begin + +lemma inv_zero [simp]: "0\<^sup>\ = 0" +proof- + have "0\<^sup>\ = (0\<^sup>\ \ 0)\<^sup>\" + by simp + also have "\ = 0\<^sup>\ \ (0\<^sup>\)\<^sup>\" + using local.inv_contrav by blast + also have "\ = 0\<^sup>\ \ 0" + by simp + also have "\ = 0" + by simp + finally show ?thesis. +qed + +lemma inv_one [simp]: "1\<^sup>\ = 1" +proof- + have "1\<^sup>\ = 1\<^sup>\ \ (1\<^sup>\)\<^sup>\" + by simp + also have "\ = (1\<^sup>\ \ 1)\<^sup>\" + using local.inv_contrav by presburger + also have "\ = (1\<^sup>\)\<^sup>\" + by simp + also have "\ = 1" + by simp + finally show ?thesis. +qed + +lemma inv_iso: "x \ y \ x\<^sup>\ \ y\<^sup>\" + by (metis local.inv_sup local.less_eq_def) + +lemma inv_adj: "(x\<^sup>\ \ y) = (x \ y\<^sup>\)" + using inv_iso by fastforce + +end + +text \Here is an equivalent axiomatisation from Doornbos, Backhouse and van der Woude's paper +on a calculational approach to mathematical induction.\ + +class involutive_dioid_alt = dioid_one_zero + + fixes inv_alt :: "'a \ 'a" + assumes inv_alt: "(inv_alt x \ y) = (x \ inv_alt y)" + and inv_alt_contrav [simp]: "inv_alt (x \ y) = inv_alt y \ inv_alt x" + +begin + +lemma inv_alt_invol [simp]: "inv_alt (inv_alt x) = x" +proof- + have "inv_alt (inv_alt x) \ x" + by (simp add: inv_alt) + thus ?thesis + by (meson inv_alt order_antisym) +qed + +lemma inv_alt_add: "inv_alt (x + y) = inv_alt x + inv_alt y" +proof- + {fix z + have "(inv_alt (x + y) \ z) = (x + y \ inv_alt z)" + by (simp add: inv_alt) + also have "\ = (x \ inv_alt z \ y \ inv_alt z)" + by simp + also have "\ = (inv_alt x \ z \ inv_alt y \ z)" + by (simp add: inv_alt) + also have "\ = (inv_alt x + inv_alt y \ z)" + by force + finally have "(inv_alt (x + y) \ z) = (inv_alt x + inv_alt y \ z)".} + thus ?thesis + using order_antisym by blast +qed + +sublocale altinv: involutive_dioid _ _ _ _ _ _ inv_alt + by unfold_locales (simp_all add: inv_alt_add) + +end + +sublocale involutive_dioid \ altinv: involutive_dioid_alt _ _ _ _ _ _ invol + by unfold_locales (simp_all add: local.inv_adj) + +class involutive_kleene_algebra = involutive_dioid + kleene_algebra + +begin + +lemma inv_star: "(x\<^sup>\)\<^sup>\ = (x\<^sup>\)\<^sup>\" +proof (rule order.antisym) + have "((x\<^sup>\)\<^sup>\)\<^sup>\ = (1 + (x\<^sup>\)\<^sup>\ \ x\<^sup>\)\<^sup>\" + by simp + also have "\ = 1 + (x\<^sup>\)\<^sup>\ \ ((x\<^sup>\)\<^sup>\)\<^sup>\" + using local.inv_contrav local.inv_one local.inv_sup by presburger + finally have "1 + x \ ((x\<^sup>\)\<^sup>\)\<^sup>\ \ ((x\<^sup>\)\<^sup>\)\<^sup>\" + by simp + hence "x\<^sup>\ \ ((x\<^sup>\)\<^sup>\)\<^sup>\" + using local.star_inductl by force + thus "(x\<^sup>\)\<^sup>\ \ (x\<^sup>\)\<^sup>\" + by (simp add: local.inv_adj) +next + have "(x\<^sup>\)\<^sup>\ = (1 + x\<^sup>\ \ x)\<^sup>\" + by simp + also have "\ = 1 + x\<^sup>\ \ (x\<^sup>\)\<^sup>\" + using local.inv_contrav local.inv_one local.inv_sup by presburger + finally have "1 + x\<^sup>\ \ (x\<^sup>\)\<^sup>\ \ (x\<^sup>\)\<^sup>\" + by simp + thus "(x\<^sup>\)\<^sup>\ \ (x\<^sup>\)\<^sup>\" + using local.star_inductl by force +qed + +end + + +subsection \Kleene algebra with converse\ + +text \The name "strong Gelfand property" has been borrowed from Palmigiano and Re.\ + +class dioid_converse = involutive_dioid + + assumes strong_gelfand: "x \ x \ x\<^sup>\ \ x" + +lemma (in dioid_converse) subid_conv: "x \ 1 \ x\<^sup>\ = x" +proof (rule order.antisym) + assume h: "x \ 1" + have "x \ x \ x\<^sup>\ \ x" + by (simp add: local.strong_gelfand) + also have "\ \ 1 \ x\<^sup>\ \ 1" + using h local.mult_isol_var by blast + also have "\ = x\<^sup>\" + by simp + finally show "x \ x\<^sup>\" + by simp + thus "x\<^sup>\ \ x" + by (simp add: local.inv_adj) +qed + +class kleene_algebra_converse = involutive_kleene_algebra + dioid_converse + +end diff --git a/thys/Quantales_Converse/Modal_Kleene_Algebra_Converse.thy b/thys/Quantales_Converse/Modal_Kleene_Algebra_Converse.thy new file mode 100644 --- /dev/null +++ b/thys/Quantales_Converse/Modal_Kleene_Algebra_Converse.thy @@ -0,0 +1,131 @@ +(* +Title: Modal Kleene Algebra with converse +Author: Cameron Calk, Georg Struth +Maintainer: Georg Struth +*) + +section \Modal Kleene algebra with converse\ + +theory "Modal_Kleene_Algebra_Converse" + imports Modal_Kleene_Algebra_Var Kleene_Algebra_Converse + +begin + +text \Here we mainly study the interaction of converse with domain and codomain.\ + +subsection \Involutive modal Kleene algebras\ + +class involutive_domain_semiring = domain_semiring + involutive_dioid + +begin + +notation domain_op ("dom") + +lemma strong_conv_conv: "dom x \ x \ x\<^sup>\ \ x \ x \ x\<^sup>\ \ x" +proof- + assume h: "dom x \ x \ x\<^sup>\" + have "x = dom x \ x" + by simp + also have "\ \ x \ x\<^sup>\ \ x" + using h local.mult_isor by presburger + finally show ?thesis. +qed + +end + +class involutive_dr_modal_semiring = dr_modal_semiring + involutive_dioid + +class involutive_dr_modal_kleene_algebra = involutive_dr_modal_semiring + kleene_algebra + + +subsection \Modal semirings algebras with converse\ + +class dr_modal_semiring_converse = dr_modal_semiring + dioid_converse + +begin + +lemma d_conv [simp]: "(dom x)\<^sup>\ = dom x" +proof- + have "dom x \ dom x \ (dom x)\<^sup>\ \ dom x" + by (simp add: local.strong_gelfand) + also have "\ \ 1 \ (dom x)\<^sup>\ \ 1" + by (simp add: local.subid_conv) + finally have a: "dom x \ (dom x)\<^sup>\" + by simp + hence "(dom x)\<^sup>\ \ dom x" + by (simp add: local.inv_adj) + thus ?thesis + using a by auto +qed + +lemma cod_conv: "(cod x)\<^sup>\ = cod x" + by (metis d_conv local.dc_compat) + +lemma d_conv_cod [simp]: "dom (x\<^sup>\) = cod x" +proof- + have "dom (x\<^sup>\) = dom ((x \ cod x)\<^sup>\)" + by simp + also have "\ = dom ((cod x)\<^sup>\ \ x\<^sup>\)" + using local.inv_contrav by presburger + also have "\ = dom (cod x \ x\<^sup>\)" + by (simp add: cod_conv) + also have "\ = dom (dom (cod x) \ x\<^sup>\)" + by simp + also have "\ = dom (cod x) \ dom (x\<^sup>\)" + using local.dsg3 by blast + also have "\ = cod x \ dom (x\<^sup>\)" + by simp + also have "\ = cod x \ cod (dom (x\<^sup>\))" + by simp + also have "\ = cod (x \ cod (dom (x\<^sup>\)))" + using local.rdual.dsg3 by presburger + also have "\ = cod (x \ dom (x\<^sup>\))" + by simp + also have "\ = cod ((x\<^sup>\)\<^sup>\ \ (dom (x\<^sup>\))\<^sup>\)" + by simp + also have "\ = cod ((dom (x\<^sup>\) \ x\<^sup>\)\<^sup>\)" + using local.inv_contrav by presburger + also have "\ = cod ((x\<^sup>\)\<^sup>\)" + by simp + also have "\ = cod x" + by simp + finally show ?thesis. +qed + +lemma cod_conv_d: "cod (x\<^sup>\) = dom x" + by (metis d_conv_cod local.inv_invol) + +lemma "dom y = y \ fd (x\<^sup>\) y = bd x y" +proof- + assume h: "dom y = y" + have "fd (x\<^sup>\) y = dom (x\<^sup>\ \ dom y)" + by (simp add: local.fd_def) + also have "\ = dom ((dom y \ x)\<^sup>\)" + by simp + also have "\ = cod (dom y \ x)" + using d_conv_cod by blast + also have "\ = bd x y" + by (simp add: h local.bd_def) + finally show ?thesis. +qed + +lemma "dom y = y \ bd (x\<^sup>\) y = fd x y" + by (metis cod_conv_d d_conv local.bd_def local.fd_def local.inv_contrav) + +end + + +subsection \Modal Kleene algebras with converse\ + +class dr_modal_kleene_algebra_converse = dr_modal_semiring_converse + kleene_algebra + +class dr_modal_semiring_strong_converse = involutive_dr_modal_semiring + + assumes weak_dom_def: "dom x \ x \ x\<^sup>\" + and weak_cod_def: "cod x \ x\<^sup>\ \ x" + +subclass (in dr_modal_semiring_strong_converse) dr_modal_semiring_converse + by unfold_locales (metis local.ddual.mult_isol_var local.dsg1 local.eq_refl local.weak_dom_def) + +class dr_modal_kleene_algebra_strong_converse = dr_modal_semiring_strong_converse + kleene_algebra + +end diff --git a/thys/Quantales_Converse/Modal_Kleene_Algebra_Var.thy b/thys/Quantales_Converse/Modal_Kleene_Algebra_Var.thy new file mode 100644 --- /dev/null +++ b/thys/Quantales_Converse/Modal_Kleene_Algebra_Var.thy @@ -0,0 +1,51 @@ +(* +Title: Modal Kleene algebra based on domain and range semirings +Author: Georg Struth +Maintainer: Georg Struth +*) + +section \Modal Kleene algebra based on domain and range semirings\ + +theory "Modal_Kleene_Algebra_Var" + imports KAD.Domain_Semiring KAD.Range_Semiring + +begin + +notation domain_op ("dom") +notation range_op ("cod") + +subclass (in domain_semiring) dioid_one_zero.. + +subclass (in range_semiring) dioid_one_zero + by unfold_locales simp + +subsection \Modal semirings\ + +text \The following modal semirings are based on domain and range semirings instead of antidomain and antirange semirings, +as in the AFP entry for Kleene algebra with domain.\ + +class dr_modal_semiring = domain_semiring + range_semiring + + assumes dc_compat [simp]: "dom (cod x) = cod x" + and cd_compat [simp]: "cod (dom x) = dom x" + +begin + +sublocale msrdual: dr_modal_semiring "(+)" "\x y. y \ x" 1 0 cod "(\)" "(<)" dom + by unfold_locales simp_all + +lemma d_cod_fix: "(dom x = x) = (x = cod x)" + by (metis local.cd_compat local.dc_compat) + +lemma local_var: "(x \ y = 0) = (cod x \ dom y = 0)" + using local.dom_weakly_local local.rdual.dom_weakly_local by force + +lemma fbdia_conjugation: "(fd x (dom p) \ dom q = 0) = (dom p \ bd x (dom q) = 0)" + by (metis local.bd_def local.cd_compat local.ddual.mult_assoc local.dom_weakly_local local.fd_def local.rdual.dom_weakly_local local.rdual.dsg4) + +end + +subsection \Modal Kleene algebra\ + +class dr_modal_kleene_algebra = dr_modal_semiring + kleene_algebra + +end diff --git a/thys/Quantales_Converse/Modal_Quantale.thy b/thys/Quantales_Converse/Modal_Quantale.thy new file mode 100644 --- /dev/null +++ b/thys/Quantales_Converse/Modal_Quantale.thy @@ -0,0 +1,329 @@ +(* +Title: Modal quantales +Author: Georg Struth +Maintainer: Georg Struth +*) + +section \Modal quantales\ + +theory Modal_Quantale + imports Quantales.Quantale_Star Modal_Kleene_Algebra_Var KAD.Modal_Kleene_Algebra + +begin + +subsection \Simplified modal semirings and Kleene algebras\ + +text \The previous formalisation of modal Kleene algebra in the AFP adds two compatibility axioms between domain and codomain +when combining an antidomain semiring with an antirange semiring. But these are unnecessary. They are derivable from the other +axioms. Thus I provide a simpler axiomatisation that should eventually replace the one in the AFP.\ + +class modal_semiring_simp = antidomain_semiring + antirange_semiring + +lemma (in modal_semiring_simp) dr_compat [simp]: "d (r x) = r x" +proof- + have a: "ar x \ d (r x) = 0" + using local.ads_d_def local.ars_r_def local.dpdz.dom_weakly_local by auto + have "r x \ d (r x) \ ar x \ r x \ ar x" + by (simp add: local.a_subid_aux2 local.ads_d_def local.mult_isor) + hence b: "r x \ d (r x) \ ar x = 0" + by (simp add: local.ardual.am2 local.ars_r_def local.join.bot_unique) + have "d (r x) = (ar x + r x) \ d (r x)" + using local.add_comm local.ardual.ans3 local.ars_r_def local.mult_1_left by presburger + also have "\ = ar x \ d (r x) + r x \ d (r x)" + by simp + also have "\ = r x \ d (r x)" + by (simp add: a) + also have "\ = r x \ d (r x) \ (ar x + r x)" + using local.add_comm local.ardual.ans3 local.ars_r_def by auto + also have "\ = r x \ d (r x) \ ar x + r x \ d (r x) \ r x" + by simp + also have "\ = r x \ d (r x) \ r x" + using b by auto + also have "\ = r x" + by (metis local.ads_d_def local.am3 local.ardual.a_mult_idem local.ars_r_def local.ds.ddual.mult_assoc) + finally show ?thesis + by simp +qed + +lemma (in modal_semiring_simp) rd_compat [simp]: "r (d x) = d x" + by (smt (verit) local.a_mult_idem local.ads_d_def local.am2 local.ardual.dpdz.dom_weakly_local local.ars_r_def local.dr_compat local.kat_3_equiv') + +subclass (in modal_semiring_simp) modal_semiring + apply unfold_locales by simp_all + +class modal_kleene_algebra_simp = modal_semiring_simp + kleene_algebra + +subclass (in modal_kleene_algebra_simp) modal_kleene_algebra.. + + +subsection \Domain quantales\ + +class domain_quantale = unital_quantale + domain_op + + assumes dom_absorb: "x \ dom x \ x" + and dom_local: "dom (x \ dom y) = dom (x \ y)" + and dom_add: "dom (x \ y) = dom x \ dom y" + and dom_subid: "dom x \ 1" + and dom_zero [simp]: "dom \ = \" + +text \The definition is that of a domain semiring. I cannot extend the quantale class with respect to domain semirings +because of different operations are used for addition/sup. The following sublocale statement brings all those properties into scope.\ + +sublocale domain_quantale \ dqmsr: domain_semiring "(\)" "(\)" 1 \ dom "(\)" "(<)" + by unfold_locales (simp_all add: dom_add dom_local dom_absorb sup.absorb2 dom_subid) + +sublocale domain_quantale \ dqmka: domain_kleene_algebra "(\)" "(\)" 1 \ dom "(\)" "(<)" qstar.. + +typedef (overloaded) 'a d_element = "{x :: 'a :: domain_quantale. dom x = x}" + using dqmsr.dom_one by blast + +setup_lifting type_definition_d_element + +instantiation d_element :: (domain_quantale) bounded_lattice + +begin + +lift_definition less_eq_d_element :: "'a d_element \ 'a d_element \ bool" is "(\)" . + +lift_definition less_d_element :: "'a d_element \ 'a d_element \ bool" is "(<)" . + +lift_definition bot_d_element :: "'a d_element" is \ + by simp + +lift_definition top_d_element :: "'a d_element" is 1 + by simp + +lift_definition inf_d_element :: "'a d_element \ 'a d_element \ 'a d_element" is "(\)" + by (metis dqmsr.dom_mult_closed) + +lift_definition sup_d_element :: "'a d_element \ 'a d_element \ 'a d_element" is "(\)" + by simp + +instance + apply (standard; transfer) + apply (simp_all add: less_le_not_le) + apply (metis dqmsr.dom_subid_aux2'') + apply (metis dqmsr.dom_subid_aux1'') + apply (metis dqmsr.dom_glb_eq) + by (metis dqmsr.dom_subid) + +end + +instance d_element :: (domain_quantale) distrib_lattice + by (standard, transfer, metis dqmsr.dom_distrib) + +context domain_quantale +begin + +lemma dom_top [simp]: "dom \ = 1" +proof- + have "1 \ \" + by simp + hence "dom 1 \ dom \" + using local.dqmsr.d_iso by blast + thus ?thesis + by (simp add: local.dual_order.antisym) +qed + +lemma dom_top2: "x \ \ \ dom x \ \" +proof- + have "x \ \ = dom x \ x \ \" + by simp + also have "\ \ dom x \ \ \ \" + using local.dqmsr.d_restrict_iff_1 local.top_greatest local.top_times_top mult_assoc by presburger + finally show ?thesis + by (simp add: local.mult.semigroup_axioms semigroup.assoc) +qed + +lemma weak_twisted: "x \ dom y \ dom (x \ y) \ x" + using local.dqmsr.fd_def local.dqmsr.fdemodalisation2 local.eq_refl by blast + +lemma dom_meet: "dom x \ dom y = dom x \ dom y" + apply (rule order.antisym) + apply (simp add: local.dqmsr.dom_subid_aux2 local.dqmsr.dom_subid_aux2'') + by (smt (z3) local.dom_absorb local.dqmsr.dom_iso local.dqmsr.dom_subid_aux2 local.dqmsr.dsg3 local.dqmsr.dsg4 local.dual_order.antisym local.inf.cobounded1 local.inf.cobounded2 local.psrpq.mult_isol_var) + +lemma dom_meet_pres: "dom (dom x \ dom y) = dom x \ dom y" + using dom_meet local.dqmsr.dom_mult_closed by presburger + +lemma dom_meet_distl: "dom x \ (y \ z) = (dom x \ y) \ (dom x \ z)" +proof- + have a: "dom x \ (y \ z) \ (dom x \ y) \ (dom x \ z)" + using local.mult_isol by force + have "(dom x \ y) \ (dom x \ z) = dom ((dom x \ y) \ (dom x \ z)) \ ((dom x \ y) \ (dom x \ z))" + by simp + also have "\ \ dom ((dom x \ y)) \ ((dom x \ y) \ (dom x \ z))" + using calculation local.dqmsr.dom_iso local.dqmsr.dom_llp2 local.inf.cobounded1 by presburger + also have "\ \ dom x \ ((dom x \ y) \ (dom x \ z))" + by (metis local.dqmsr.domain_1'' local.dqmsr.domain_invol local.mult_isor) + also have "\ \ dom x \ (y \ z)" + by (meson local.dqmsr.dom_subid_aux2 local.inf_mono local.order_refl local.psrpq.mult_isol_var) + finally show ?thesis + using a local.dual_order.antisym by blast +qed + +lemma dom_meet_approx: "dom ((dom x \ y) \ (dom x \ z)) \ dom x" + by (metis dom_meet_distl local.dqmsr.domain_1'' local.dqmsr.domain_invol) + +lemma dom_inf_pres_aux: "Y \ {} \ dom (\y \ Y. dom x \ y) \ dom x" +proof- + assume "Y \ {}" + have "\z\Y. dom (\y \ Y. dom x \ y) \ dom (dom x \ z)" + by (meson local.INF_lower local.dqmsr.dom_iso) + hence "\z\Y. dom (\y \ Y. dom x \ y) \ dom x \ dom z" + by fastforce + hence "\z\Y. dom (\y \ Y. dom x \ y) \ dom x" + using dom_meet by fastforce + thus "dom (\y \ Y. dom x \ y) \ dom x" + using \Y \ {}\ by blast +qed + +lemma dom_inf_pres_aux2: "(\y \ Y. dom x \ y) \ \Y" + by (simp add: local.INF_lower2 local.dqmsr.dom_subid_aux2 local.le_Inf_iff) + +lemma dom_inf_pres: "Y \ {} \ dom x \ (\Y) = (\y \ Y. dom x \ y)" +proof- + assume hyp: "Y \ {}" + have a: "dom x \ (\Y) \ (\y \ Y. dom x \ y)" + by (simp add: Setcompr_eq_image local.Inf_subdistl) + have "(\y \ Y. dom x \ y) = dom (\y \ Y. dom x \ y) \ (\y \ Y. dom x \ y)" + by simp + also have "\ \ dom x \ (\y \ Y. dom x \ y)" + using dom_inf_pres_aux hyp local.mult_isor by blast + also have "\ \ dom x \ \Y" + by (simp add: dom_inf_pres_aux2 local.psrpq.mult_isol_var) + finally show ?thesis + using a order.antisym by blast +qed + +lemma "dom (\X) \ \ (dom ` X)" + by (simp add: local.INF_greatest local.Inf_lower local.dqmsr.dom_iso) + +text \The domain operation need not preserve arbitrary sups, though this property holds, for instance, +in quantales of binary relations. I do not aim at a stronger axiomatisation in this theory.\ + +lemma dom_top_pres: "(x \ dom y \ x) = (x \ dom y \ \)" + apply standard + apply (meson local.dqmsr.ddual.mult_isol_var local.dual_order.eq_iff local.dual_order.trans local.top_greatest) + using local.dqmsr.dom_iso local.dqmsr.dom_llp by fastforce + +lemma dom_lla_var: "(dom x \ dom y) = (x \ dom y \ \)" + using dom_top_pres local.dqmsr.dom_llp by force + +lemma "dom (1 \ x) = 1 \ x \ x \ 1 \ dom x = x" + using local.inf_absorb2 by force + +lemma dom_meet_sub: "dom (x \ y) \ dom x \ dom y" + by (simp add: local.dqmsr.d_iso) + +lemma dom_dist1: "dom x \ (dom y \ dom z) = (dom x \ dom y) \ (dom x \ dom z)" + by (metis dom_meet local.dom_add local.dqmsr.dom_distrib) + +lemma dom_dist2: "dom x \ (dom y \ dom z) = (dom x \ dom y) \ (dom x \ dom z)" + by (metis dom_meet local.dom_add local.sup_distl) + +abbreviation "fd' \ dqmsr.fd" + +definition "bb x y = \{dom z |z. fd' x z \ dom y}" + +lemma fd'_bb_galois_aux: "fd' x (dom p) \ dom q \ dom p \ bb x (dom q)" + by (simp add: bb_def local.SUP_upper setcompr_eq_image) + +lemma dom_iso_var: "(\x \ X. dom x) \ dom (\x \ X. dom x)" + by (meson local.SUP_le_iff local.dom_subid local.dqmsr.domain_subid) + +lemma dom_iso_var2: "(\x \ X. dom x) \ dom (\x \ X. x)" + by (simp add: local.SUP_le_iff local.Sup_upper local.dqmsr.dom_iso) + +end + + +subsection \Codomain quantales\ + +class codomain_quantale = unital_quantale + range_op + + assumes cod_absorb: "x \ x \ cod x" + and cod_local: "cod (cod x \ y) = cod (x \ y)" + and cod_add: "cod (x \ y) = cod x \ cod y" + and cod_subid: "cod x \ 1" + and cod_zero: "cod \ = \" + +sublocale codomain_quantale \ coddual: domain_quantale range_op _ "\x y. y \ x" _ _ _ _ _ _ _ _ + by unfold_locales (auto simp: mult_assoc cod_subid cod_zero cod_add cod_local cod_absorb Sup_distr Sup_distl) + +abbreviation (in codomain_quantale) "bd' \ coddual.fd'" + +definition (in codomain_quantale) "fb x y = \{cod z |z. bd' x z \ cod y}" + +lemma (in codomain_quantale) bd'_fb_galois_aux: "bd' x (cod p) \ cod q \ cod p \ fb x (cod q)" + using local.coddual.bb_def local.coddual.fd'_bb_galois_aux local.fb_def by auto + + +subsection \Modal quantales\ + +class dc_modal_quantale = domain_quantale + codomain_quantale + + assumes dc_compat [simp]: "dom (cod x) = cod x" + and cd_compat [simp]: "cod (dom x) = dom x" + +sublocale dc_modal_quantale \ mqs: dr_modal_kleene_algebra "(\)" "(\)" 1 \ "(\)" "(<)" qstar dom cod + by unfold_locales simp_all + +sublocale dc_modal_quantale \ mqdual: dc_modal_quantale _ "\x y. y \ x" _ _ _ _ _ _ _ _ dom cod + by unfold_locales simp_all + +lemma (in dc_modal_quantale) "x \ \ = dom x \ \" +(* nitpick[expect=genuine] *) + oops + +lemma (in dc_modal_quantale) "\ \ x = \ \ cod x" +(* nitpick[expect=genuine] *) + oops + + +subsection \Antidomain and anticodomain quantales\ + +notation antidomain_op ("adom") + +class antidomain_quantale = unital_quantale + antidomain_op + + assumes as1 [simp]: "adom x \ x = \" + and as2 [simp]: "adom (x \ y) \ adom (x \ adom (adom y))" + and as3 [simp]: "adom (adom x) \ adom x = 1" + +definition (in antidomain_quantale) "ddom = adom \ adom" + +sublocale antidomain_quantale \ adqmsr: antidomain_semiring adom "(\)" "(\)" 1 \ "(\)" "(<)" + by unfold_locales (simp_all add: local.sup.absorb2) + +sublocale antidomain_quantale \ adqmka: antidomain_kleene_algebra adom "(\)" "(\)" 1 \ "(\)" "(<)" qstar.. + +sublocale antidomain_quantale \ addq: domain_quantale ddom + by unfold_locales (simp_all add: ddom_def local.adqmsr.ans_d_def) + +notation antirange_op ("acod") + +class anticodomain_quantale = unital_quantale + antirange_op + + assumes ars1 [simp]: "x \ acod x = \" + and ars2 [simp]: "acod (x \ y) \ acod (acod (acod x) \ y)" + and ars3 [simp]: "acod (acod x) \ acod x = 1" + +sublocale anticodomain_quantale \ acoddual: antidomain_quantale acod _ "\x y. y \ x" _ _ _ _ _ _ _ _ + by unfold_locales (auto simp: mult_assoc Sup_distl Sup_distr) + +definition (in anticodomain_quantale) "ccod = acod \ acod" + +sublocale anticodomain_quantale \ acdqmsr: antirange_semiring "(\)" "(\)" 1 \ acod "(\)" "(<)".. + +sublocale anticodomain_quantale \ acdqmka: antirange_kleene_algebra "(\)" "(\)" 1 \ "(\)" "(<)" qstar acod.. + +sublocale anticodomain_quantale \ acddq: codomain_quantale _ _ _ _ _ _ _ _ _ _ "\ x. acod (acod x)" + by unfold_locales (simp_all add: local.acoddual.adqmsr.ans_d_def) + +class modal_quantale = antidomain_quantale + anticodomain_quantale + +sublocale modal_quantale \ mmqs: modal_kleene_algebra_simp "(\)" "(\)" 1 \ "(\)" "(<)" qstar adom acod.. + +sublocale modal_quantale \ mmqdual: modal_quantale _ "\x y. y \ x" _ _ _ _ _ _ _ _ adom acod + by unfold_locales simp_all + +end + + + diff --git a/thys/Quantales_Converse/Quantale_Converse.thy b/thys/Quantales_Converse/Quantale_Converse.thy new file mode 100644 --- /dev/null +++ b/thys/Quantales_Converse/Quantale_Converse.thy @@ -0,0 +1,1583 @@ +(* +Title: Quantales with converse +Author: Cameron Calk, Georg Struth +Maintainer: Georg Struth +*) + +section \Quantales with converse\ + +theory Quantale_Converse + imports Modal_Quantale Modal_Kleene_Algebra_Converse + +begin + +subsection \Properties of unital quantales\ + +text \These properties should eventually added to the quantales AFP entry.\ + +lemma (in quantale) bres_bot_top [simp]: "\ \ \ = \" + by (simp add: local.bres_galois_imp local.order.antisym) + +lemma (in quantale) fres_top_bot [simp]: "\ \ \ = \" + by (meson local.fres_galois local.order_antisym local.top_greatest) + +lemma (in unital_quantale) bres_top_top2 [simp]: "(x \ y \ \) \ \ = x \ y \ \" +proof- + have "(x \ y \ \) \ \ \ x \ y \ \ \ \" + by (simp add: local.bres_interchange) + hence "(x \ y \ \) \ \ \ x \ y \ \" + by (simp add: mult_assoc) + thus ?thesis + by (metis local.mult_1_right local.order_eq_iff local.psrpq.subdistl local.sup_top_right) +qed + +lemma (in unital_quantale) fres_top_top2 [simp]: "\ \ (\ \ y \ x) = \ \ y \ x" + by (metis local.dual_order.antisym local.fres_interchange local.le_top local.top_greatest mult_assoc) + +lemma (in unital_quantale) bres_top_bot [simp]: "\ \ \ = \" + by (metis local.bot_least local.bres_canc1 local.le_top local.order.antisym) + +lemma (in unital_quantale) fres_bot_top [simp]: "\ \ \ = \" + by (metis local.bot_unique local.fres_canc1 local.top_le local.uqka.independence2 local.uwqlka.star_ext) + +lemma (in unital_quantale) top_bot_iff: "(x \ \ = \) = (x = \)" + by (metis local.fres_bot_top local.fres_canc2 local.le_bot local.mult_botl) + + +subsection \Involutive quantales\ + +text \The following axioms for involutive quantales are standard.\ + +class involutive_quantale = unital_quantale + invol_op + + assumes inv_invol [simp]: "(x\<^sup>\)\<^sup>\ = x" + and inv_contrav: "(x \ y)\<^sup>\ = y\<^sup>\ \ x\<^sup>\" + and inv_sup [simp]: "(\X)\<^sup>\ = (\x \ X. x\<^sup>\)" + +context involutive_quantale +begin + +lemma inv_binsup [simp]: "(x \ y)\<^sup>\ = x\<^sup>\ \ y\<^sup>\" +proof- + have "(x \ y)\<^sup>\ = (\z \ {x,y}. z\<^sup>\)" + using local.inv_sup local.sup_Sup by presburger + also have "\ = (\z \ {x\<^sup>\,y\<^sup>\}. z)" + by simp + also have "\ = x\<^sup>\ \ y\<^sup>\" + by fastforce + finally show ?thesis. +qed + +lemma inv_iso: "x \ y \ x\<^sup>\ \ y\<^sup>\" + by (metis inv_binsup local.sup.absorb_iff1) + +lemma inv_galois: "(x\<^sup>\ \ y) = (x \ y\<^sup>\)" + using local.inv_iso by fastforce + +lemma bres_fres_conv: "(y\<^sup>\ \ x\<^sup>\)\<^sup>\ = x \ y" +proof- + have "(y\<^sup>\ \ x\<^sup>\)\<^sup>\ = (\{z. z \ x\<^sup>\ \ y\<^sup>\})\<^sup>\" + by (simp add: local.fres_def) + also have "\ = \{z\<^sup>\ |z. z \ x\<^sup>\ \ y\<^sup>\}" + by (simp add: image_Collect) + also have "\ = \{z. z\<^sup>\ \ x\<^sup>\ \ y\<^sup>\}" + by (metis local.inv_invol) + also have "\ = \{z. (x \ z)\<^sup>\ \ y\<^sup>\}" + by (simp add: local.inv_contrav) + also have "\ = \{z. x \ z \ y}" + by (metis local.inv_invol local.inv_iso) + also have "\ = x \ y" + by (simp add: local.bres_def) + finally show ?thesis. +qed + +lemma fres_bres_conv: "(y\<^sup>\ \ x\<^sup>\)\<^sup>\ = x \ y" + by (metis bres_fres_conv local.inv_invol) + +sublocale invqka: involutive_kleene_algebra "(\)" "(\)" 1 \ "(\)" "(<)" qstar invol + by unfold_locales (simp_all add: local.inv_contrav) + +lemma inv_binf [simp]: "(x \ y)\<^sup>\ = x\<^sup>\ \ y\<^sup>\" +proof- + {fix z + have "(z \ (x \ y)\<^sup>\) = (z\<^sup>\ \ x \ y)" + using invqka.inv_adj by blast + also have "\ = (z\<^sup>\ \ x \ z\<^sup>\ \ y)" + by simp + also have "\ = (z \ x\<^sup>\ \ z \ y\<^sup>\)" + by (simp add: invqka.inv_adj) + also have "\ = (z \ x\<^sup>\ \ y\<^sup>\)" + by simp + finally have "(z \ (x \ y)\<^sup>\) = (z \ x\<^sup>\ \ y\<^sup>\)".} + thus ?thesis + using local.dual_order.antisym by blast +qed + +lemma inv_inf [simp]: "(\X)\<^sup>\ = (\x \ X. x\<^sup>\)" + by (metis invqka.inv_adj local.INF_eqI local.Inf_greatest local.Inf_lower local.inv_invol) + +lemma inv_top [simp]: "\\<^sup>\ = \" +proof- + have a: "\\<^sup>\ \ \" + by simp + hence "(\\<^sup>\)\<^sup>\ \ \\<^sup>\" + using local.inv_iso by blast + hence "\ \ \\<^sup>\" + by simp + thus ?thesis + by (simp add: local.top_le) +qed + +lemma inv_qstar_aux [simp]: "(x ^ i)\<^sup>\ = (x\<^sup>\) ^ i" + by (induct i, simp_all add: local.power_commutes) + +lemma inv_conjugate: "(x\<^sup>\ \ y = \) = (x \ y\<^sup>\ = \)" + using inv_binf invqka.inv_zero by fastforce + +text \We define domain and codomain as in relation algebra and compare with the domain +and codomain axioms above.\ + +definition do :: "'a \ 'a" where + "do x = 1 \ (x \ x\<^sup>\)" + +definition cd :: "'a \ 'a" where + "cd x = 1 \ (x\<^sup>\ \ x)" + +lemma do_inv: "do (x\<^sup>\) = cd x" +proof- + have "do (x\<^sup>\) = 1 \ (x\<^sup>\ \ (x\<^sup>\)\<^sup>\)" + by (simp add: do_def) + also have "\ = 1 \ (x\<^sup>\ \ x)" + by simp + also have "\ = cd x" + by (simp add: cd_def) + finally show ?thesis. +qed + +lemma cd_inv: "cd (x\<^sup>\) = do x" + by (simp add: cd_def do_def) + +lemma do_le_top: "do x \ 1 \ (x \ \)" + by (simp add: do_def local.inf.coboundedI2 local.mult_isol) + +lemma do_subid: "do x \ 1" + by (simp add: do_def) + +lemma cd_subid: "cd x \ 1" + by (simp add: cd_def) + +lemma do_bot [simp]: "do \ = \" + by (simp add: do_def) + +lemma cd_bot [simp]: "cd \ = \" + by (simp add: cd_def) + +lemma do_iso: "x \ y \ do x \ do y" + by (simp add: do_def local.inf.coboundedI2 local.inv_iso local.psrpq.mult_isol_var) + +lemma cd_iso: "x \ y \ cd x \ cd y" + using cd_def local.eq_refl local.inf_mono local.inv_iso local.psrpq.mult_isol_var by presburger + +lemma do_subdist: "do x \ do y \ do (x \ y)" +proof- + have "do x \ do (x \ y)" and "do y \ do (x \ y)" + by (simp_all add: do_iso) + thus ?thesis + by simp +qed + +lemma cd_subdist: "cd x \ cd y \ cd (x \ y)" + by (simp add: cd_iso) + +lemma inv_do [simp]: "(do x)\<^sup>\ = do x" + by (simp add: do_def) + +lemma inv_cd [simp]: "(cd x)\<^sup>\ = cd x" + by (metis do_inv inv_do) + +lemma dedekind_modular: + assumes "(x \ y) \ z \ (x \ (z \ y\<^sup>\)) \ (y \ (x\<^sup>\ \ z))" + shows "(x \ y) \ z \ (x \ (z \ y\<^sup>\)) \ y" + using assms local.inf.cobounded1 local.mult_isol local.order_trans by blast + +lemma modular_eq1: + assumes "\x y z w. (y \ (z \ x\<^sup>\) \ w \ (y \ x) \ z \ w \ x)" + shows "\x y z. (x \ y) \ z \ (x \ (z \ y\<^sup>\)) \ y" + using assms by blast + +lemma "do x \ do y = do x \ do y" (* nitpick[expect=genuine]*) + oops + +lemma "p \ 1 \ q \ 1 \ p \ q = p \ q" (* nitpick[expect=genuine]*) + oops + +end + +sublocale ab_unital_quantale \ ciq: involutive_quantale id _ _ _ _ _ _ _ _ _ _ + by unfold_locales (simp_all add: mult_commute) + +class distributive_involutive_quantale = involutive_quantale + distrib_unital_quantale + +class boolean_involutive_quantale = involutive_quantale + bool_unital_quantale + +begin + +lemma res_peirce: + assumes "\x y. x\<^sup>\ \ -(x \ y) \ -y" + shows "((x \ y) \ z\<^sup>\ = \) = ((y \ z) \ x\<^sup>\ = \)" +proof + assume "(x \ y) \ z\<^sup>\ = \" + hence "z\<^sup>\ \ -(x \ y)" + by (simp add: local.inf.commute local.inf_shunt) + thus "(y \ z) \ x\<^sup>\ = \" + by (metis assms local.inf_shunt local.inv_conjugate local.inv_contrav local.inv_invol local.mult_isol local.order.trans) +next + assume "(y \ z) \ x\<^sup>\ = \" + hence "x\<^sup>\ \ -(y \ z)" + using local.compl_le_swap1 local.inf_shunt by blast + thus "(x \ y) \ z\<^sup>\ = \" + by (metis assms local.dual_order.trans local.inf_shunt local.inv_conjugate local.inv_contrav local.mult_isol) +qed + +lemma res_schroeder1: + assumes "\x y. x\<^sup>\ \ -(x \ y) \ -y" + shows "((x \ y) \ z = \) = (y \ (x\<^sup>\ \ z) = \)" +proof + assume h: "(x \ y) \ z = \" + hence "z \ -(x \ y)" + by (simp add: local.inf.commute local.inf_shunt) + thus "y \ (x\<^sup>\ \ z) = \" + by (metis assms local.dual_order.trans local.inf.commute local.inf_shunt local.mult_isol) +next + assume "y \ (x\<^sup>\ \ z) = \" + hence "y \ -(x\<^sup>\ \ z)" + by (simp add: local.inf_shunt) + thus "(x \ y) \ z = \" + by (metis assms local.inf_shunt local.inv_invol local.order_trans mult_isol) +qed + +lemma res_schroeder2: + assumes "\x y. x\<^sup>\ \ -(x \ y) \ -y" + shows "((x \ y) \ z = \) = (x \ (z \ y\<^sup>\) = \)" + by (metis assms local.inv_invol local.res_peirce local.res_schroeder1) + +lemma res_mod: + assumes "\x y. x\<^sup>\ \ -(x \ y) \ -y" + shows "(x \ y) \ z \ (x \ (z \ y\<^sup>\)) \ y" +proof- + have "(x \ y) \ z = ((x \ ((z \ y\<^sup>\) \ -(z \ y\<^sup>\))) \ y) \ z" + by simp + also have "\ = (((x \ (z \ y\<^sup>\)) \ y) \ z) \ (((x \ -(z \ y\<^sup>\)) \ y) \ z)" + using local.chaq.wswq.distrib_left local.inf.commute local.sup_distr by presburger + also have "\ \ ((x \ (z \ y\<^sup>\)) \ y) \ ((x \ y) \ (-(z \ y\<^sup>\)) \ y \ z)" + by (metis assms local.inf.commute local.inf_compl_bot_right local.sup.orderI local.sup_inf_absorb res_schroeder2) + also have "\ \ ((x \ (z \ y\<^sup>\)) \ y) \ ((x \ y) \ -z \ z)" + by (metis assms local.dual_order.eq_iff local.inf.commute local.inf_compl_bot_right res_schroeder2) + also have "\ \ ((x \ (z \ y\<^sup>\)) \ y)" + by (simp add: local.inf.commute) + finally show ?thesis. +qed + +end + +text \The strong Gelfand property (name by Palmigiano and Re) is important for dioids and Kleene algebras. +The modular law is a convenient axiom for relational quantales, in a setting where the underlying +lattice is not boolean.\ + +class quantale_converse = involutive_quantale + + assumes strong_gelfand: "x \ x \ x\<^sup>\ \ x" + +begin + +lemma do_gelfand [simp]: "do x \ do x \ do x = do x" + apply (rule order.antisym) + using local.do_subid local.h_seq local.mult_isol apply fastforce + by (metis local.inv_do local.strong_gelfand) + +lemma cd_gelfand [simp]: "cd x \ cd x \ cd x = cd x" + by (metis do_gelfand local.do_inv) + +lemma do_idem [simp]: "do x \ do x = do x" + apply (rule order.antisym) + using local.do_subid local.mult_isol apply fastforce + by (metis do_gelfand local.do_subid local.eq_refl local.nsrnqo.mult_oner local.psrpq.mult_isol_var) + +lemma cd_idem [simp]: "cd x \ cd x = cd x" + by (metis do_idem local.do_inv) + +lemma dodo [simp]: "do (do x) = do x" +proof- + have "do (do x) = 1 \ (do x \ do x)" + using local.do_def local.inv_do by force + also have "\ = 1 \ do x" + by simp + also have "\ = do x" + by (simp add: local.do_def) + finally show ?thesis. +qed + +lemma cdcd [simp]: "cd (cd x) = cd x" + using cd_idem local.cd_def local.inv_cd by force + +lemma docd_compat [simp]: "do (cd x) = cd x" +proof- + have "do (cd x) = do (do (x\<^sup>\))" + by (simp add: local.do_inv) + also have "\ = do (x\<^sup>\)" + by simp + also have "\ = cd x" + by (simp add: local.do_inv) + finally show ?thesis. +qed + +lemma cddo_compat [simp]: "cd (do x) = do x" + by (metis docd_compat local.cd_inv local.inv_do) + +end + +sublocale quantale_converse \ convqka: kleene_algebra_converse "(\)" "(\)" 1 \ "(\)" "(<)" invol qstar + by unfold_locales (simp add: local.strong_gelfand) + + +subsection \Dedekind quantales\ + +class dedekind_quantale = involutive_quantale + + assumes modular_law: "(x \ y) \ z \ (x \ (z \ y\<^sup>\)) \ y" + +begin + +sublocale convdqka: kleene_algebra_converse "(\)" "(\)" 1 \ "(\)" "(<)" invol qstar + by unfold_locales (metis local.inf.absorb2 local.le_top local.modular_law local.top_greatest) + +subclass quantale_converse + by unfold_locales (simp add: local.convdqka.strong_gelfand) + +lemma modular_2 [simp]: "((x \ (z \ y\<^sup>\)) \ y) \ z = (x \ y) \ z" + apply (rule order.antisym) + using local.inf.cobounded1 local.inf_mono local.mult_isor local.order_refl apply presburger + by (simp add: local.modular_law) + +lemma modular_1 [simp]: "(x \ (y \ (x\<^sup>\ \ z))) \ z = (x \ y) \ z" + by (metis local.inv_binf local.inv_contrav local.inv_invol modular_2) + +lemma modular3: "(x \ y) \ z \ x \ (y \ (x\<^sup>\ \ z))" + by (metis local.inf.cobounded1 modular_1) + +text \The name Dedekind quantale owes to the following formula, which is equivalent to the modular law. Dedekind quantales +are called modular quantales in Rosenthal's book on quantaloids (to be precise: he discusses modular quantaloids, but the +notion of modular quantale is then obvious).\ + +lemma dedekind: "(x \ y) \ z \ (x \ (z \ y\<^sup>\)) \ (y \ (x\<^sup>\ \ z))" +proof- + have "(x \ y) \ z = (x \ (y \ (x\<^sup>\ \ z))) \ z" + by simp + also have "\ \ (x \ (z \ (y \ (x\<^sup>\ \ z))\<^sup>\)) \ (y \ (x\<^sup>\ \ z))" + using local.modular_law by presburger + also have "\ = (x \ (z \ (y\<^sup>\ \ (z\<^sup>\ \ x)))) \ (y \ (x\<^sup>\ \ z))" + by simp + also have "\ \ (x \ (z \ y\<^sup>\)) \ (y \ (x\<^sup>\ \ z))" + using local.inf.commute modular_1 by fastforce + finally show ?thesis. +qed + +lemma peirce: "((x \ y) \ z\<^sup>\ = \) = ((y \ z) \ x\<^sup>\ = \)" +proof + assume "(x \ y) \ z\<^sup>\ = \" + hence "((x \ y) \ z\<^sup>\) \ y\<^sup>\ = \" + by simp + hence "(z\<^sup>\ \ y\<^sup>\) \ x = \" + by (metis local.inf.commute local.inv_invol local.le_bot local.modular_law) + hence "((y \ z) \ x\<^sup>\)\<^sup>\ = \\<^sup>\" + by simp + thus "(y \ z) \ x\<^sup>\ = \" + by (metis local.inv_invol) +next + assume h: "(y \ z) \ x\<^sup>\ = \" + hence "z\<^sup>\ \ ((y \ z) \ x\<^sup>\) = \" + by simp + hence "(y\<^sup>\ \ x\<^sup>\) \ z = \" + by (metis h local.inf.commute local.inv_invol local.le_bot local.mult_botr modular3) + hence "((x \ y) \ z\<^sup>\)\<^sup>\ = \\<^sup>\" + by simp + thus "(x \ y) \ z\<^sup>\ = \" + by (metis local.inv_invol) +qed + +lemma schroeder_1: "((x \ y) \ z = \) = (y \ (x\<^sup>\ \ z) = \)" + by (metis local.inf.commute local.inf_bot_right local.inv_invol local.mult_botr modular_1) + +lemma schroeder_2: "((x \ y) \ z = \) = (x \ (z \ y\<^sup>\) = \)" + by (metis local.inv_invol peirce schroeder_1) + +lemma modular_eq2: "y \ (z \ x\<^sup>\) \ w \ (y \ x) \ z \ w \ x" + by (meson local.dual_order.trans local.eq_refl local.h_w1 local.modular_law) + +lemma lla_top_aux: "p \ 1 \ ((x \ p \ x) = (x \ p \ \))" +proof + assume h: "p \ 1" + and h1: "x \ p \ x" + thus "x \ p \ \" + by (meson local.mult_isol local.order_trans local.top_greatest) +next + assume h: "p \ 1" + and "x \ p \ \" + hence "x = (p \ \) \ x" + using local.inf.absorb_iff2 by auto + also have "\ \ p \ (\ \ (p\<^sup>\ \ x))" + using modular3 by blast + also have "\ = p \ p \ x" + by (simp add: h local.convdqka.subid_conv mult_assoc) + finally show "x \ p \ x" + by (metis h local.dual_order.trans local.mult_isor local.nsrnqo.mult_onel) +qed + +text \Next we turn to properties of domain and codomain in Dedekind quantales.\ + +lemma lra_top_aux: "p \ 1 \ ((x \ x \ p ) = (x \ \ \ p))" + by (metis convdqka.subid_conv local.inf.absorb_iff2 local.mult_1_right local.psrpq.subdistl local.sup.absorb_iff2 local.top_greatest modular_eq2) + +lemma lla: "p \ 1 \ ((do x \ p) = (x \ p \ \))" +proof + assume a1: "x \ p \ \" + assume a2: "p \ 1" + have f3: "x \ \ \ p \ \ \ \" + by (simp add: a1 local.mult_isor) + have f4: "p \ do x \ p" + by (simp add: local.do_subid local.uqka.star_inductr_var_equiv local.uwqlka.star_subid) + have "x \ \ \ p \ \" + using f3 by (simp add: local.mult.semigroup_axioms semigroup.assoc) + thus "do x \ p" + using f4 a2 lla_top_aux local.do_le_top local.inf.bounded_iff local.order_trans by blast +next + assume a1: "do x \ p" + assume a2: "p \ 1" + hence "do x \ x \ p \ x" + by (simp add: a1 local.mult_isor) + hence "x \ p \ x" + using a1 local.do_def modular_eq2 by fastforce + thus "x \ p \ \" + by (simp add: a2 lla_top_aux) +qed + +lemma lla_Inf: "do x = \{p. x \ p \ \ \ p \ 1}" + apply (rule order.antisym) + using lla local.Inf_greatest apply fastforce + by (metis CollectI lla local.Inf_lower local.do_subid local.order.refl) + +lemma lra: "p \ 1 \ ((cd x \ p) = (x \ \ \ p))" + by (metis invqka.inv_adj lla local.convdqka.subid_conv local.do_inv local.inv_contrav local.inv_top) + +lemma lra_Inf: "cd x = \{p. x \ \ \ p \ p \ 1}" + apply (rule order.antisym) + using local.Inf_greatest lra apply fastforce + by (metis CollectI local.Inf_lower local.cd_subid local.order.refl lra) + +lemma lla_var: "p \ 1 \ ((do x \ p) = (x \ p \ x))" + by (simp add: lla lla_top_aux) + +lemma lla_Inf_var: "do x = \{p. x \ p \ x \ p \ 1}" + apply (rule order.antisym) + using lla_var local.Inf_greatest apply fastforce + by (metis CollectI lla_var local.Inf_lower local.do_subid local.order.refl) + +lemma lra_var: "p \ 1 \ ((cd x \ p) = (x \ x \ p))" + by (simp add: lra lra_top_aux) + +lemma lra_Inf_var: "cd x = \{p. x \ x \ p \ p \ 1}" + apply (rule order.antisym) + using local.Inf_greatest lra_var apply fastforce + by (metis CollectI local.Inf_lower local.cd_subid local.order.refl lra_var) + +lemma do_top: "do x = 1 \ (x \ \)" +proof- + have "1 \ (x \ \) = 1 \ (x \ (\ \ x\<^sup>\ \ 1))" + by (metis local.inf.commute local.inf_top.left_neutral modular_1) + also have "\ = do x" + by (simp add: local.do_def) + finally show ?thesis.. +qed + +lemma cd_top: "cd x = 1 \ (\ \ x)" + by (metis do_top invqka.inv_one local.do_inv local.inv_binf local.inv_cd local.inv_contrav local.inv_invol local.inv_top) + +text \We start deriving the axioms of modal semirings and modal quantales.\ + +lemma do_absorp: "x \ do x \ x" + using lla_var local.do_subid by blast + +lemma cd_absorp: "x \ x \ cd x" + using local.cd_subid lra_var by blast + +lemma do_absorp_eq [simp]: "do x \ x = x" + using do_absorp local.do_subid local.dual_order.antisym local.h_w1 by fastforce + +lemma cd_absorp_eq [simp]: "x \ cd x = x" + by (metis do_top local.do_inv local.inf_top.right_neutral local.nsrnqo.mult_oner modular_1) + +lemma do_top2: "x \ \ = do x \ \" +proof (rule order.antisym) + have "x \ \ = do x \ x \ \" + by simp + also have "\ \ do x \ \ \ \" + using local.psrpq.mult_double_iso local.top_greatest by presburger + also have "\ = do x \ \" + by (simp add: local.mult.semigroup_axioms semigroup.assoc) + finally show "x \ \ \ do x \ \". + have "do x \ \ = (1 \ (x \ \)) \ \" + by (simp add: do_top) + also have "\ \ (1 \ \) \ (x \ \ \ \)" + by (simp add: local.mult_isor) + also have "\ = x \ \" + by (simp add: mult_assoc) + finally show "do x \ \ \ x \ \". +qed + +lemma cd_top2: "\ \ x = \ \ cd x" + by (metis do_top2 local.do_inv local.inv_cd local.inv_contrav local.inv_invol local.inv_top) + +lemma do_local [simp]: "do (x \ do y) = do (x \ y)" +proof- + have "do (x \ do y) = 1 \ (x \ do y \ \)" + using do_top by force + also have "\ = 1 \ (x \ y \ \)" + using do_top2 mult_assoc by force + also have "\ = do (x \ y)" + by (simp add: do_top) + finally show ?thesis + by force +qed + +lemma cd_local [simp]: "cd (cd x \ y) = cd (x \ y)" + by (metis cd_top cd_top2 mult_assoc) + +lemma do_fix_subid: "(do x = x) = (x \ 1)" +proof + assume "do x = x" + thus "x \ 1" + by (metis local.do_subid) +next + assume a: "x \ 1" + hence "x = do x \ x" + by simp + hence b: "x \ do x" + by (metis a local.mult_isol local.nsrnqo.mult_oner) + have "x \ x \ x" + using a local.mult_isor by fastforce + hence "do x \ x" + by (simp add: a lla_var local.le_top lra_top_aux) + thus "do x = x" + by (simp add: b local.dual_order.antisym) +qed + +lemma cd_fix_subid: "(cd x = x) = (x \ 1)" + by (metis local.convdqka.subid_conv local.do_inv local.do_fix_subid local.docd_compat) + +lemma do_inf2: "do (do x \ do y) = do x \ do y" + using do_top local.do_fix_subid local.inf.assoc by auto + +lemma do_inf_comp: "do x \ do y = do x \ do y" + by (smt (verit, best) local.do_def local.do_idem local.do_fix_subid local.dodo local.dual_order.trans local.inf_commute local.inf_idem local.inv_contrav local.inv_do local.mult_1_right local.mult_isol modular_1 mult_assoc) + +lemma cd_inf_comp: "cd x \ cd y = cd x \ cd y" + by (metis do_inf_comp local.docd_compat) + +lemma subid_mult_meet: "p \ 1 \ q \ 1 \ p \ q = p \ q" + by (metis do_inf_comp local.do_fix_subid) + +lemma dodo_sup: "do (do x \ do y) = do x \ do y" +proof- + have "do (do x \ do y) = 1 \ ((do x \ do y) \ (do x \ do y)\<^sup>\)" + using local.do_def by blast + also have "\ = 1 \ ((do x \ do y) \ (do x \ do y))" + by simp + also have "\ = 1 \ (do x \ do y)" + using local.do_subid local.dodo local.inf.idem local.le_supI subid_mult_meet by presburger + also have "\ = do x \ do y" + by (simp add: local.do_def local.inf_absorb2) + finally show ?thesis. +qed + +lemma do_sup [simp]: "do (x \ y) = do x \ do y" +proof- + have "do (x \ y) = 1 \ ((x \ y) \ \)" + by (simp add: do_top) + also have "\ = 1 \ (x \ \ \ y \ \)" + by simp + also have "\ = 1 \ (do x \ \ \ do y \ \)" + using do_top2 by force + also have "\ = 1 \ ((do x \ do y) \ \)" + by simp + also have "\ = do (do x \ do y)" + by (simp add: do_top) + finally show ?thesis + by (simp add: dodo_sup) +qed + +lemma cdcd_sup: "cd (cd x \ cd y) = cd x \ cd y" + using local.cd_fix_subid by fastforce + +lemma cd_sup [simp]: "cd (x \ y) = cd x \ cd y" + by (metis do_sup local.do_inv local.inv_binsup) + +text \Next we show that Dedekind quantales are modal quantales, hence also modal semirings.\ + +sublocale dmq: dc_modal_quantale 1 "(\)" Inf Sup "(\)" "(\)" "(<)" "(\)" "\" "\" cd do +proof + show "\x. cd x \ 1" + by (simp add: cd_top) + show "\x. do x \ 1" + by (simp add: do_top) +qed simp_all + +lemma do_top3 [simp]: "do (x \ \) = do x" + using dmq.coddual.le_top dmq.dqmsr.domain_1'' local.do_iso local.order.antisym by presburger + +lemma cd_top3 [simp]: "cd (\ \ x) = cd x" + by (simp add: cd_top dmq.coddual.mult_assoc) + +lemma dodo_Sup_pres: "do (\x \ X. do x) = (\x \ X. do x)" + by (simp add: local.SUP_least local.do_fix_subid) + +text \The domain elements form a complete Heyting algebra.\ + +lemma do_complete_heyting: "do x \ (\y \ Y. do y) = (\y \ Y. do x \ do y)" +proof- + have "do x \ (\y \ Y. do y) = do x \ (\y \ Y. do y)" + by (metis do_inf_comp dodo_Sup_pres) + also have "\ = (\y \ Y. do x \ do y)" + by (simp add: dmq.coddual.Sup_distr image_image) + also have "\ = (\y \ Y. do x \ do y)" + using do_inf_comp by force + finally show ?thesis. +qed + +lemma cdcd_Sup_pres: "cd (\x \ X. cd x) = (\x \ X. cd x)" + by (simp add: local.SUP_least local.cd_fix_subid) + +lemma cd_complete_heyting: "cd x \ (\y \ Y. cd y) = (\y \ Y. cd x \ cd y)" +proof- + have "cd x \ (\y \ Y. cd y) = cd x \ (\y \ Y. cd y)" + by (metis cd_inf_comp cdcd_Sup_pres) + also have "\ = (\y \ Y. cd x \ cd y)" + by (simp add: dmq.coddual.Sup_distr image_image) + also have "\ = (\y \ Y. cd x \ cd y)" + using cd_inf_comp by force + finally show ?thesis. +qed + +lemma subid_complete_heyting: + assumes "p \ 1" + and "\q \ Q. q \ 1" + shows "p \ (\Q) = (\q \ Q. p \ q)" +proof- + have a: "do p = p" + by (simp add: assms(1) local.do_fix_subid) + have b: "\q \ Q. do q = q" + using assms(2) local.do_fix_subid by presburger + hence "p \ (\Q) = do p \ (\q \ Q. do q)" + by (simp add: a) + also have "\ = (\q \ Q. do p \ do q)" + using do_complete_heyting by blast + also have "\ = (\q \ Q. p \ q)" + using a b by force + finally show ?thesis. +qed + +text \Next we show that domain and codomain preserve arbitrary Sups.\ + +lemma do_Sup_pres_aux: "(\x \ X. do x \ \) = (\x \ do ` X. x \ \)" + by (smt (verit, best) Sup.SUP_cong image_image) + +lemma do_Sup_pres: "do (\x \ X. x) = (\x \ X. do x)" +proof- + have "do (\x \ X. x) = 1 \ ((\x \ X. x) \ \)" + by (simp add: do_top) + also have "\ = 1 \ (\x \ X. x \ \)" + by (simp add: dmq.coddual.Sup_distl) + also have "\ = 1 \ (\x \ X. do x \ \)" + using do_top2 by force + also have "\ = 1 \ (\x \ do ` X. x \ \)" + using do_Sup_pres_aux by presburger + also have "\ = 1 \ ((\x \ X. do x) \ \)" + using dmq.coddual.Sup_distl by presburger + also have "\ = do (\x \ X. do x)" + by (simp add: do_top) + finally show ?thesis + using dodo_Sup_pres by presburger +qed + +lemma cd_Sup_pres: "cd (\x \ X. x) = (\x \ X. cd x)" +proof- + have "cd (\x \ X. x) = do ((\x \ X. x)\<^sup>\)" + using local.do_inv by presburger + also have "\ = do (\x \ X. x\<^sup>\)" + by simp + also have "\ = (\x \ X. do (x\<^sup>\))" + by (metis do_Sup_pres image_ident image_image) + also have "\ = (\x \ X. cd x)" + using local.do_inv by presburger + finally show ?thesis. +qed + +lemma do_inf: "do (x \ y) = 1 \ (y \ x\<^sup>\)" + by (smt (z3) do_absorp_eq invqka.inv_one local.do_def local.inf_commute local.inv_binf local.inv_contrav local.inv_invol local.mult_1_right modular_1 modular_2 mult_assoc) + +lemma cd_inf: "cd (x \ y) = 1 \ (y\<^sup>\ \ x)" + by (metis do_inf local.do_inv local.inv_binf local.inv_invol) + +lemma do_bres_prop: "p \ 1 \ do (x \ p \ \) = 1 \ (x \ p \ \)" + by (simp add: do_top) + +lemma cd_fres_prop: "p \ 1 \ cd (\ \ p \ x) = 1 \ (\ \ p \ x)" + by (simp add: cd_top) + +lemma do_meet_prop: "(do p \ x) \ (x \ do q) = do p \ x \ do q" +proof (rule order.antisym) + have "x \ (do p \ x \ do q) \ do p \ x" + by (simp add: dmq.dqmsr.dom_subid_aux2'' local.inf.coboundedI2) + thus "(do p \ x) \ (x \ do q) \ do p \ x \ do q" + by (simp add: local.inf.commute modular_eq2) +next + have "do p \ x \ do q = (do p \ x \ do q) \ (do p \ x \ do q)" + by simp + also have "\ \ (do p \ x) \ (x \ do q)" + using dmq.dqmsr.dom_subid_aux2 dmq.dqmsr.dom_subid_aux2'' local.psrpq.mult_isol_var by auto + finally show "do p \ x \ do q \ (do p \ x) \ (x \ do q)". +qed + +lemma subid_meet_prop: "p \ 1 \ q \ 1 \ (p \ x) \ (x \ q) = p \ x \ q" + by (metis do_fix_subid do_meet_prop) + +text \Next we consider box and diamond operators like in modal semirings and modal quantales. +These are inherited from domain quantales. Diamonds are defined with respect to domain and codomain. +The box operators are defined as Sups and hence right adjoints of diamonds.\ + +abbreviation "do_dia \ dmq.fd'" + +abbreviation "cd_dia \ dmq.bd'" + +abbreviation "do_box \ dmq.bb" + +abbreviation "cd_box \ dmq.fb" + +text \In the sense of modal logic, the domain-based diamond is a backward operator, the codomain-based +one a forward operator. These are related by opposition/converse.\ + +lemma do_dia_cd_dia_conv: "p \ 1 \ do_dia (x\<^sup>\) p = cd_dia x p" + by (simp add: convdqka.subid_conv dmq.coddual.dqmsr.fd_def dmq.dqmsr.fd_def local.cd_def local.do_def) + +lemma cd_dia_do_dia_conv: "p \ 1 \ cd_dia (x\<^sup>\) p = do_dia x p" + by (metis do_dia_cd_dia_conv local.inv_invol) + +text \Diamonds preserve sups in both arguments.\ + +lemma do_dia_Sup: "do_dia (\X) p = (\x \ X. do_dia x p)" +proof- + have "do_dia (\X) p = do ((\X) \ p)" + by (simp add: dmq.dqmsr.fd_def) + also have "\ = do (\x \ X. x \ p)" + using local.Sup_distr by fastforce + also have "\ = (\x \ X. do (x \ p))" + by (metis do_Sup_pres image_ident image_image) + also have "\ = (\x \ X. do_dia x p)" + using dmq.dqmsr.fd_def by fastforce + finally show ?thesis. +qed + +lemma do_dia_Sup2: "do_dia x (\P) = (\p \ P. do_dia x p)" +proof- + have "do_dia x (\P) = do (x \ (\P))" + by (simp add: dmq.dqmsr.fd_def) + also have "\ = (\p \ P. do (x \ p))" + by (metis dmq.coddual.Sup_distr do_Sup_pres image_ident image_image) + also have "\ = (\p \ P. do_dia x p)" + using dmq.dqmsr.fd_def by auto + finally show ?thesis. +qed + +lemma cd_dia_Sup: "cd_dia (\X) p = (\x \ X. cd_dia x p)" +proof- + have "cd_dia (\X) p = cd (p \ (\X))" + by (simp add: dmq.coddual.dqmsr.fd_def) + also have "\ = cd (\x \ X. p \ x)" + using dmq.coddual.Sup_distr by auto + also have "\ = (\x \ X. cd (p \ x))" + by (metis cd_Sup_pres image_ident image_image) + also have "\ = (\x \ X. cd_dia x p)" + using dmq.coddual.dqmsr.fd_def by force + finally show ?thesis. +qed + +lemma cd_dia_Sup2: "cd_dia x (\P) = (\p \ P. cd_dia x p)" +proof- + have "cd_dia x (\P) = cd ((\P) \ x)" + by (simp add: dmq.coddual.dqmsr.fd_def) + also have "\ = (\p \ P. cd (p \ x))" + by (metis cd_Sup_pres dmq.coddual.Sup_distl image_ident image_image) + also have "\ = (\p \ P. cd_dia x p)" + using dmq.coddual.dqmsr.fd_def by auto + finally show ?thesis. +qed + +text \The domain-based box is a forward operator, the codomain-based on a backward one. These interact +again with respect to converse.\ + +lemma do_box_var: "p \ 1 \ do_box x p = \{q. do_dia x q \ p \ q \ 1}" + by (smt (verit, best) Collect_cong dmq.bb_def dmq.dqmsr.fdia_d_simp local.do_fix_subid local.dodo) + +lemma cd_box_var: "p \ 1 \ cd_box x p = \{q. cd_dia x q \ p \ q \ 1}" + by (smt (verit, best) Collect_cong dmq.coddual.dqmsr.fdia_d_simp dmq.fb_def local.cd_fix_subid local.cdcd) + +lemma do_box_cd_box_conv: "p \ 1 \ do_box (x\<^sup>\) p = cd_box x p" +proof- + assume a: "p \ 1" + hence "do_box (x\<^sup>\) p = \{q. do_dia (x\<^sup>\) q \ p \ q \ 1}" + by (simp add: do_box_var) + also have "\ = \{q. cd_dia x q \ p \ q \ 1}" + by (metis do_dia_cd_dia_conv) + also have "\ = cd_box x p" + using a cd_box_var by auto + finally show ?thesis. +qed + +lemma cd_box_do_box_conv: "p \ 1 \ cd_box (x\<^sup>\) p = do_box x p" + by (metis do_box_cd_box_conv local.inv_invol) + +lemma do_box_subid: "do_box x p \ 1" + using dmq.bb_def local.Sup_le_iff by force + +lemma cd_box_subid: "p \ 1 \ cd_box x p \ 1" + by (metis do_box_subid local.do_box_cd_box_conv) + +text \Next we prove that boxes and diamonds are adjoints, and then demodalisation laws known +from modal semirings.\ + +lemma do_dia_do_box_galois: + assumes "p \ 1" + and "q \ 1" + shows "(do_dia x p \ q) = (p \ do_box x q)" +proof + show "do_dia x p \ q \ p \ do_box x q" + by (simp add: assms do_box_var local.Sup_upper) +next + assume "p \ do_box x q" + hence "do_dia x p \ do (x \ \{t. do_dia x t \ q \ t \ 1})" + by (simp add: assms(2) local.dmq.dqmsr.fd_def local.do_box_var local.do_iso local.mult_isol) + also have "\ = \{do (x \ t) |t. do_dia x t \ q \ t \ 1}" + by (metis do_Sup_pres image_ident image_image local.Sup_distl setcompr_eq_image) + also have "\ = \{do_dia x t |t. do_dia x t \ q \ t \ 1}" + using local.dmq.dqmsr.fd_def by fastforce + also have "\ \ q" + using local.Sup_le_iff by blast + finally have "do_dia x p \ q". + thus "p \ do_box x q \ do_dia x p \ q". +qed + +lemma cd_dia_cd_box_galois: + assumes "p \ 1" + and "q \ 1" +shows "(cd_dia x p \ q) = (p \ cd_box x q)" + by (metis assms do_box_cd_box_conv do_dia_cd_dia_conv do_dia_do_box_galois) + +lemma do_dia_demod_subid: + assumes "p \ 1" + and "q \ 1" +shows "(do_dia x p \ q) = (x \ p \ q \ x)" + by (metis assms dmq.dqmsr.fdemodalisation2 local.do_fix_subid) + +text \The demodalisation laws have variants based on residuals.\ + +lemma do_dia_demod_subid_fres: + assumes "p \ 1" + and "q \ 1" + shows "(do_dia x p \ q) = (p \ x \ q \ x)" + by (simp add: assms do_dia_demod_subid local.bres_galois) + +lemma do_dia_demod_subid_var: + assumes "p \ 1" + and "q \ 1" +shows "(do_dia x p \ q) = (x \ p \ q \ \)" + by (simp add: assms(2) dmq.dqmsr.fd_def lla) + +lemma do_dia_demod_subid_var_fres: + assumes "p \ 1" + and "q \ 1" +shows "(do_dia x p \ q) = (p \ x \ q \ \)" + by (simp add: assms do_dia_demod_subid_var local.bres_galois) + +lemma cd_dia_demod_subid: + assumes "p \ 1" + and "q \ 1" +shows "(cd_dia x p \ q) = (p \ x \ x \ q)" + by (metis assms dmq.coddual.dqmsr.fdemodalisation2 local.cd_fix_subid) + +lemma cd_dia_demod_subid_fres: + assumes "p \ 1" + and "q \ 1" +shows "(cd_dia x p \ q) = (p \ x \ q \ x)" + by (simp add: assms cd_dia_demod_subid local.fres_galois) + +lemma cd_dia_demod_subid_var: + assumes "p \ 1" + and "q \ 1" +shows "(cd_dia x p \ q) = (p \ x \ \ \ q)" + by (simp add: assms(2) dmq.coddual.dqmsr.fd_def lra) + +lemma cd_dia_demod_subid_var_fres: + assumes "p \ 1" + and "q \ 1" +shows "(cd_dia x p \ q) = (p \ \ \ q \ x)" + by (simp add: assms cd_dia_demod_subid_var local.fres_galois) + +lemma do_box_iso: + assumes "p \ 1" + and "q \ 1" + and "p \ q" +shows "do_box x p \ do_box x q" + by (meson assms do_box_subid do_dia_do_box_galois local.order.refl local.order.trans) + +lemma cd_box_iso: + assumes "p \ 1" + and "q \ 1" + and "p \ q" +shows "cd_box x p \ cd_box x q" + by (metis assms do_box_cd_box_conv do_box_iso) + +lemma do_box_demod_subid: + assumes "p \ 1" + and "q \ 1" + shows "(p \ do_box x q) = (x \ p \ q \ x)" + using assms do_dia_do_box_galois local.do_dia_demod_subid by force + +lemma do_box_demod_subid_bres: + assumes "p \ 1" + and "q \ 1" + shows "(p \ do_box x q) = (p \ x \ q \ x)" + by (simp add: assms do_box_demod_subid local.bres_galois) + +lemma do_box_demod_subid_var: + assumes "p \ 1" + and "q \ 1" + shows "(p \ do_box x q) = (x \ p \ q \ \)" + using assms do_dia_demod_subid_var do_dia_do_box_galois by auto + +lemma do_box_demod_subid_var_bres: + assumes "p \ 1" + and "q \ 1" + shows "(p \ do_box x q) = (p \ x \ q \ \)" + by (simp add: assms do_box_demod_subid_var local.bres_galois) + +lemma do_box_demod_subid_var_bres_do: + assumes "p \ 1" + and "q \ 1" + shows "(p \ do_box x q) = (p \ do (x \ q \ \))" + by (simp add: assms do_box_demod_subid_var_bres do_top) + +lemma cd_box_demod_subid: + assumes "p \ 1" + and "q \ 1" + shows "(p \ cd_box x q) = (p \ x \ x \ q)" + using assms local.cd_dia_cd_box_galois local.cd_dia_demod_subid by force + +lemma cd_box_demod_subid_fres: + assumes "p \ 1" + and "q \ 1" + shows "(p \ cd_box x q) = (p \ x \ q \ x)" + by (simp add: assms cd_box_demod_subid local.fres_galois) + +lemma cd_box_demod_subid_var: + assumes "p \ 1" + and "q \ 1" + shows "(p \ cd_box x q) = (p \ x \ \ \ q)" + using assms cd_dia_cd_box_galois cd_dia_demod_subid_var by force + +lemma cd_box_demod_subid_var_fres: + assumes "p \ 1" + and "q \ 1" + shows "(p \ cd_box x q) = (p \ \ \ q \ x)" + by (simp add: assms cd_box_demod_subid_var local.fres_galois) + +text \We substitute demodalisation inequalities for diamonds in the definitions of boxes.\ + +lemma do_box_var2: "p \ 1 \ do_box x p = \{q. x \ q \ p \ x \ q \ 1}" + unfolding do_box_var by (meson do_dia_demod_subid) + +lemma do_box_bres1: "p \ 1 \ do_box x p = \{q. q \ x \ p \ x \ q \ 1}" + unfolding do_box_var by (meson do_dia_demod_subid_fres) + +lemma do_box_bres2: "p \ 1 \ do_box x p = \{q. q \ x \ p \ \ \ q \ 1}" + unfolding do_box_var by (simp add: dmq.dqmsr.fd_def lla local.bres_galois) + +lemma do_box_var3: "p \ 1 \ do_box x p = \{q. x \ q \ p \ \ \ q \ 1}" + unfolding do_box_var using dmq.dqmsr.fd_def lla by force + +lemma cd_box_var2: "p \ 1 \ cd_box x p = \{q. q \ x \ x \ p \ q \ 1}" + unfolding cd_box_var by (metis cd_dia_demod_subid) + +lemma cd_box_var3: "p \ 1 \ cd_box x p = \{q. q \ x \ \ \ p \ q \ 1}" + unfolding cd_box_var by (simp add: dmq.coddual.dqmsr.fd_def lra) + +text \Using these results we get a simple characterisation of boxes via domain and codomain. +Similar laws can be found implicitly in Doornbos, Backhouse and van der Woude's paper on a calculational +approach to mathematical induction, which speaks about wlp operators instead modal operators.\ + +lemma bres_do_box: "p \ 1 \ do_box x p = do (x \ p \ \)" + by (meson do_box_demod_subid_var_bres_do do_box_subid local.cd_fix_subid local.cddo_compat local.dual_order.antisym local.eq_refl) + +lemma bres_do_box_var: "p \ 1 \ do_box x p = 1 \ (x \ p \ \)" + using bres_do_box do_bres_prop by force + +lemma bres_do_box_top: "p \ 1 \ (do_box x p) \ \ = x \ p \ \" + using bres_do_box do_top2 by auto + +lemma fres_cd_box: "p \ 1 \ cd_box x p = cd (\ \ p \ x)" +proof- + assume h0: "p \ 1" + {fix q + assume h1: "q \ 1" + have "(q \ cd_box x p) = (q \ x \ \ \ p)" + by (simp add: cd_box_demod_subid_var h0 h1) + also have "\ = (q \ \ \ p \ x)" + by (simp add: local.fres_galois) + also have "\ = (q \ 1 \ (\ \ p \ x))" + by (simp add: h1) + also have "\ = (q \ cd (\ \ p \ x))" + by (simp add: cd_fres_prop h0) + finally have "(q \ cd_box x p) = (q \ cd (\ \ p \ x))".} + hence "\y. y \ cd_box x p \ y \ cd (\ \ p \ x)" + by (meson cd_box_subid dmq.coddual.dqmsr.dpd3 h0 local.dual_order.trans) + thus ?thesis + using local.dual_order.antisym by blast +qed + +lemma fres_cd_box_var: "p \ 1 \ cd_box x p = 1 \ (\ \ p \ x)" + by (simp add: cd_fres_prop fres_cd_box) + +lemma fres_cd_box_top: "p \ 1 \ \ \ cd_box x p = \ \ p \ x" + using cd_top2 fres_cd_box by auto + + +text \Next we show that the box operators act on the complete Heyting algebra of subidentities.\ + +lemma cd_box_act: + assumes "p \ 1" + shows "cd_box (x \ y) p = cd_box x (cd_box y p)" +proof- + {fix q + assume a: "q \ 1" + hence "(q \ cd_box (x \ y) p) = (cd_dia (x \ y) q \ p)" + by (simp add: assms cd_dia_cd_box_galois) + also have "\ = (cd_dia y (cd_dia x q) \ p)" + by (simp add: local.dmq.coddual.dqmsr.fdia_mult) + also have "\ = (cd_dia x q \ cd_box y p)" + using assms cd_dia_cd_box_galois cd_top dmq.coddual.dqmsr.fd_def by force + also have "\ = (q \ cd_box x (cd_box y p))" + by (simp add: a assms cd_dia_cd_box_galois local.cd_box_subid) + finally have "(q \ cd_box (x \ y) p) = (q \ cd_box x (cd_box y p))".} + thus ?thesis + by (meson assms local.cd_box_subid local.dual_order.eq_iff) +qed + +lemma do_box_act: + assumes "p \ 1" + shows "do_box (x \ y) p = do_box y (do_box x p)" + by (smt (verit) assms cd_box_act local.cd_box_do_box_conv local.do_box_subid local.inv_contrav) + +text \Next we show that the box operators are Sup reversing in the first and Inf preserving +in the second argument.\ + +lemma do_box_sup_inf: "p \ 1 \ do_box (x \ y) p = do_box x p \ do_box y p" +proof- + assume h1: "p \ 1" + {fix q + assume h2: "q \ 1" + hence "(q \ do_box (x \ y) p) = (do_dia (x \ y) q \ p)" + by (simp add: do_dia_do_box_galois h1) + also have "\ = (do_dia x q \ p \ do_dia y q \ p)" + by (simp add: dmq.dqmsr.fdia_add2) + also have "\ = (q \ do_box x p \ q \ do_box y p)" + by (simp add: do_dia_do_box_galois h1 h2) + also have "\ = (q \ do_box x p \ do_box y p)" + by (simp add: do_box_subid subid_mult_meet) + finally have "(q \ do_box (x \ y) p) = (q \ do_box x p \ do_box y p)".} + hence "\z. z \ do_box (x \ y) p \ z \ do_box x p \ do_box y p" + by (metis do_box_subid local.dual_order.trans local.inf.boundedE subid_mult_meet) + thus ?thesis + using local.dual_order.antisym by blast +qed + +lemma do_box_sup_inf_var: "p \ 1 \ do_box (x \ y) p = do_box x p \ do_box y p" + by (simp add: do_box_subid do_box_sup_inf subid_mult_meet) + +lemma do_box_Sup_Inf: + assumes "X \ {}" + and "p \ 1" + shows "do_box (\X) p = (\x \ X. do_box x p)" +proof- + {fix q + assume h: "q \ 1" + hence "(q \ do_box (\X) p) = (do_dia (\X) q \ p)" + by (simp add: do_dia_do_box_galois assms(2)) + also have "\ = ((\x \ X. do_dia x q) \ p)" + using do_dia_Sup by force + also have "\ = (\x \ X. do_dia x q \ p)" + by (simp add: local.SUP_le_iff) + also have "\ = (\x \ X. q \ do_box x p)" + using do_dia_do_box_galois assms(2) h by blast + also have "\ = (q \ (\x \ X. do_box x p))" + by (simp add: local.le_INF_iff) + finally have "(q \ do_box (\X) p) = (q \ (\x \ X. do_box x p))".} + hence "\y. y \ do_box (\X) p \ y \ (\x \ X. do_box x p)" + by (smt (verit, ccfv_threshold) assms(1) do_box_subid local.INF_le_SUP local.SUP_least local.order_trans) + thus ?thesis + using local.dual_order.antisym by blast +qed + +lemma do_box_Sup_Inf2: + assumes "P \ {}" + and "\p \ P. p \ 1" + shows "do_box x (\P) = (\p \ P. do_box x p)" +proof- + have h0: "(\p \ P. do_box x p) \ 1" + by (meson all_not_in_conv assms(1) do_box_subid local.INF_lower2) + {fix q + assume h1: "q \ 1" + hence "(q \ do_box x (\P)) = (do_dia x q \ \P)" + by (simp add: assms do_dia_do_box_galois local.Inf_less_eq) + also have "\ = (\p \ P. do_dia x q \ p)" + using local.le_Inf_iff by blast + also have "\ = (\p \ P. q \ do_box x p)" + using assms(2) do_dia_do_box_galois h1 by auto + also have "\ = (q \ (\p \ P. do_box x p))" + by (simp add: local.le_INF_iff) + finally have "(q \ do_box x (\P)) = (q \ (\p \ P. do_box x p))".} + thus ?thesis + using do_box_subid h0 local.dual_order.antisym by blast +qed + +lemma cd_box_sup_inf: "p \ 1 \ cd_box (x \ y) p = cd_box x p \ cd_box y p" + by (metis do_box_cd_box_conv do_box_sup_inf local.inv_binsup) + +lemma cd_box_sup_inf_var: "p \ 1 \ cd_box (x \ y) p = cd_box x p \ cd_box y p" + by (simp add: cd_box_subid cd_box_sup_inf subid_mult_meet) + +lemma cd_box_Sup_Inf: + assumes "X \ {}" + and "p \ 1" +shows "cd_box (\X) p = (\x \ X. cd_box x p)" +proof- + have "cd_box (\X) p = do_box ((\X)\<^sup>\) p" + using assms(2) do_box_cd_box_conv by presburger + also have "\ = (\y \ {x\<^sup>\|x. x \ X}. do_box y p)" + by (simp add: Setcompr_eq_image assms do_box_Sup_Inf) + also have "\ = (\x \ X. do_box (x\<^sup>\) p)" + by (simp add: Setcompr_eq_image image_image) + also have "\ = (\x \ X. cd_box x p)" + using assms(2) do_box_cd_box_conv by force + finally show ?thesis. +qed + +lemma cd_box_Sup_Inf2: + assumes "P \ {}" + and "\p \ P. p \ 1" +shows "cd_box x (\P) = (\p \ P. cd_box x p)" +proof- + have "cd_box x (\P) = do_box (x\<^sup>\) (\P)" + by (simp add: assms do_box_cd_box_conv local.Inf_less_eq) + also have "\ = (\p \ P. do_box (x\<^sup>\) p)" + using assms do_box_Sup_Inf2 by presburger + also have "\ = (\p \ P. cd_box x p)" + using assms(2) do_box_cd_box_conv by force + finally show ?thesis. +qed + +text \Next we define an antidomain operation in the style of modal semirings. A natural condition is +that the antidomain of an element is the greatest test that cannot be left-composed with that elements, +and hence a greatest left annihilator. The definition of anticodomain is similar. As we are not in a +boolean domain algebra, we cannot expect that the antidomain of the antidomain yields the domain or +that the union of a domain element with the corresponding antidomain element equals one.\ + +definition "ado x = \{p. p \ x = \ \ p \ 1}" + +definition "acd x = \{p. x \ p = \ \ p \ 1}" + +lemma ado_acd: "ado (x\<^sup>\) = acd x" + unfolding ado_def acd_def + by (metis convdqka.subid_conv invqka.inv_zero local.inv_contrav local.inv_invol) + +lemma acd_ado: "acd (x\<^sup>\) = ado x" + unfolding ado_def acd_def + by (metis acd_def ado_acd ado_def local.inv_invol) + +lemma ado_left_zero [simp]: "ado x \ x = \" + unfolding ado_def + using dmq.coddual.Sup_distl by auto + +lemma acd_right_zero [simp]: "x \ acd x = \" + unfolding acd_def + by (simp add: dmq.coddual.h_Sup local.dual_order.antisym) + +lemma ado_greatest: "p \ 1 \ p \ x = \ \ p \ ado x" + by (simp add: ado_def local.Sup_upper) + +lemma acd_greatest: "p \ 1 \ x \ p = \ \ p \ acd x" + by (simp add: acd_def local.Sup_upper) + +lemma ado_subid: "ado x \ 1" + using ado_def local.Sup_le_iff by force + +lemma acd_subid: "acd x \ 1" + by (simp add: acd_def local.Sup_le_iff) + +lemma ado_left_zero_iff: "p \ 1 \ (p \ ado x) = (p \ x = \)" + by (metis ado_greatest ado_left_zero local.bot_unique local.mult_isor) + +lemma acd_right_zero_iff: "p \ 1 \ (p \ acd x) = (x \ p = \)" + by (metis acd_greatest acd_right_zero local.bot_unique local.mult_isol) + +text \This gives an eqational characterisation of antidomain and anticodomain.\ + +lemma ado_cd_bot: "ado x = cd (\ \ x)" +proof- + {fix p + assume h: "p \ 1" + hence "(p \ ado x) = (p \ x = \)" + by (simp add: ado_left_zero_iff) + also have "\ = (p \ \ \ x)" + using local.bot_unique local.fres_galois by blast + also have "\ = (p \ 1 \ (\ \ x))" + by (simp add: h) + also have "\ = (p \ cd (\ \ x))" + by (metis cd_fres_prop local.bot_least local.mult_botr) + finally have "(p \ ado x) = (p \ cd (\ \ x))".} + hence "\y. y \ ado x \ y \ cd (\ \ x)" + using ado_subid local.cd_subid local.dual_order.trans by blast + thus ?thesis + using local.dual_order.antisym by blast +qed + +lemma acd_do_bot: "acd x = do (x \ \)" + by (metis ado_acd ado_cd_bot invqka.inv_zero local.bres_fres_conv local.cd_inv local.inv_invol) + +lemma ado_cd_bot_id: "ado x = 1 \ (\ \ x)" + by (metis ado_cd_bot cd_fres_prop local.cd_bot local.cd_subid local.mult_botr) + +lemma acd_do_bot_id: "acd x = 1 \ (x \ \)" + by (metis acd_do_bot do_bres_prop local.bot_least local.mult_botl) + +lemma ado_cd_bot_var: "ado x = cd (\ \ do x)" + by (metis ado_cd_bot do_top2 local.fres_bot_top local.fres_curry) + +lemma acd_do_bot_var: "acd x = do (cd x \ \)" + by (metis acd_do_bot cd_top2 local.bres_curry local.bres_top_bot) + +lemma ado_do_bot: "ado x = do (do x \ \)" + using acd_ado acd_do_bot_var local.cd_inv by auto + +lemma "do x = ado (ado x)" (* nitpick[expect=genuine]*) + oops + +lemma acd_cd_bot: "acd x = cd (\ \ cd x)" + by (metis ado_acd ado_cd_bot_var local.cd_inv local.inv_invol) + +lemma ado_do_bot_var: "ado x = 1 \ (do x \ \)" + by (metis ado_do_bot do_bres_prop local.bot_unique local.bres_bot_bot local.bres_canc1 local.do_bot local.do_subid) + + lemma acd_cd_bot_var: "acd x = 1 \ (\ \ cd x)" + by (metis acd_cd_bot acd_right_zero cd_top local.fres_top_top2) + + +text \Domain and codomain are compatible with the boxes.\ + +lemma cd_box_ado: "cd_box x \ = ado x" + by (simp add: ado_cd_bot fres_cd_box) + +lemma do_box_acd: "do_box x \ = acd x" + by (simp add: acd_do_bot bres_do_box) + +lemma ado_subid_prop: "p \ 1 \ ado p = 1 \ (p \ \)" + by (metis ado_do_bot_var do_fix_subid) + +lemma ado_do: "p \ 1 \ ado p = do (p \ \)" + using ado_do_bot do_fix_subid by force + +lemma ado_do_compl: "ado x \ do x = \" + using dmq.dqmsr.dom_weakly_local by force + +lemma "ado x \ do x = \" (* nitpick[expect = genuine]*) + oops + +lemma "\x p. \f. 1 \ (\ \ p \ x) = 1 \ (\ \ (x \ p \ \))" (* nitpick[expect=genuine]*) + oops + +lemma "cd_box x p = ado (x \ ado p)" (* nitpick[expect=genuine]*) + oops + +lemma ad_do_bot [simp]: "(1 \ (do x \ \)) \ do x = \" + using ado_do_bot_var ado_left_zero dmq.dqmsr.dom_weakly_local by presburger + +lemma do_heyting_galois: "(do x \ do y \ do z) = (do x \ 1 \ (do y \ do z))" + by (metis dmq.dqmsr.dsg4 dmq.mqdual.cod_subid local.bres_galois local.le_inf_iff) + +lemma do_heyting_galois_var: "(do x \ do y \ do z) = (do x \ cd_box (do y) (do z))" + by (metis cd_dia_cd_box_galois cd_fix_subid dmq.coddual.dqmsr.fd_def dmq.dqmsr.dom_mult_closed local.do_subid) + +text \Antidomain is therefore Heyting negation.\ + +lemma ado_heyting_negation: "ado (do x) = cd_box (do x) \" + by (simp add: cd_box_ado) + +lemma ad_ax1 [simp]: "(1 \ (do x \ \)) \ x = \" + by (simp add: local.dmq.dqmsr.dom_weakly_local) + +lemma "1 \ (do (1 \ (do x \ \)) \ \) = do x" (* nitpick[expect=genuine]*) + oops + +lemma "p \ 1 \ do_dia x p = 1 \ (cd_box x (1 \ (p \ \)) \ \)" (* nitpick[expect=genuine]*) + oops + +lemma "p \ 1 \ cd_box x p = 1 \ (do_dia x (1 \ (p \ \)) \ \)" (* nitpick[expect=genuine]*) + oops + +lemma "p \ 1 \ cd_dia x p = 1 \ (do_box x (1 \ (p \ \)) \ \)" (* nitpick[expect=genuine]*) + oops + +lemma "p \ 1 \ do_box x p = 1 \ (cd_dia x (1 \ (p \ \)) \ \)" (* nitpick[expect=genuine]*) + oops + +end + +subsection \Boolean Dedekind quantales\ + +class distributive_dedekind_quantale = distrib_unital_quantale + dedekind_quantale + +class boolean_dedekind_quantale = bool_unital_quantale + distributive_dedekind_quantale + +begin + +lemma ad_do_bot [simp]: "(1 - do x) \ do x = \" + by (simp add: local.diff_eq local.inf_shunt local.subid_mult_meet) + +lemma ad_ax1 [simp]: "(1 - do x) \ x = \" + by (simp add: local.dmq.dqmsr.dom_weakly_local) + +lemma ad_do [simp]: "1 - do (1 - do x) = do x" +proof- + have "1 - do (1 - do x) = 1 - (1 - do x)" + by (metis local.diff_eq local.do_fix_subid local.inf.cobounded1) + also have "\ = 1 \ -(1 \ - do x)" + by (simp add: local.diff_eq) + also have "\ = do x" + by (simp add: local.chaq.wswq.distrib_left local.do_top) + finally show ?thesis. +qed + +lemma ad_ax2: "1 - do (x \ y) \ (1 - do (x \ (1 - do (1 - do y)))) = 1 - do (x \ (1 - do (1 - do y)))" + by simp + +lemma ad_ax3 [simp]: "do x \ (1 - do x) = 1" +proof- + have "do x \ (1 - do x) = do x \ (1 \ -do x)" + using local.diff_eq by force + also have "\ = 1 \ (do x \ -do x)" + by (simp add: local.chaq.wswq.distrib_left local.do_top) + also have "\ = 1" + by simp + finally show ?thesis. +qed + +sublocale bdad: antidomain_semiring "\x. 1 - do x" "(\)" "(\)" 1 \ _ _ + by unfold_locales simp_all + +sublocale bdadka: antidomain_kleene_algebra "\x. 1 - do x" "(\)" "(\)" 1 \ _ _ qstar.. + +sublocale bdar: antirange_semiring "(\)" "(\)" 1 \ "\x. 1 - cd x" _ _ + apply unfold_locales + apply (metis ad_ax1 ad_do dmq.mqs.local_var local.docd_compat) + apply (metis ad_do local.cddo_compat local.dmq.coddual.dqmsr.dsr2 local.docd_compat local.sup.idem) + by (metis bdad.a_subid' bdad.as3 local.convdqka.subid_conv local.do_inv) + +sublocale bdaka: antirange_kleene_algebra "(\)" "(\)" 1 \ _ _ qstar "\x. 1 - cd x".. + +sublocale bmod: modal_semiring_simp "\x. 1 - do x" "(\)" "(\)" 1 \ _ _ "\x. 1 - cd x".. + +sublocale bmod: modal_kleene_algebra_simp "(\)" "(\)" 1 \ _ _ qstar "\x. 1 - do x" "\x. 1 - cd x".. + +lemma inv_neg: "(-x)\<^sup>\ = -(x\<^sup>\)" + by (metis local.diff_eq local.diff_shunt_var local.dual_order.eq_iff local.inf.commute local.inv_conjugate local.inv_galois) + +lemma residuation: "x\<^sup>\ \ -(x \ y) \ -y" + by (metis local.inf.commute local.inf_compl_bot local.inf_shunt local.schroeder_1) + +lemma bres_prop: "x \ y = -(x\<^sup>\ \ -y)" + by (metis local.ba_dual.dual_iff local.bres_canc1 local.bres_galois_imp local.compl_le_swap1 local.dmq.coddual.h_w1 local.dual_order.antisym local.inv_invol residuation) + +lemma fres_prop: "x \ y = -(-x \ y\<^sup>\)" + using bres_prop inv_neg local.fres_bres_conv by auto + +lemma do_dia_fdia: "do_dia x p = bdad.fdia x p" + by (simp add: local.bdad.fdia_def local.dmq.dqmsr.fd_def) + +lemma cd_dia_bdia: "cd_dia x p = bdar.bdia x p" + by (metis ad_do bdar.ardual.a_subid' bdar.bdia_def local.cd_fix_subid local.dmq.coddual.dqmsr.fd_def local.docd_compat) + +lemma do_dia_fbox_de_morgan: "p \ 1 \ do_dia x p = 1 - bdad.fbox x (1 - p)" + by (smt (verit, ccfv_SIG) ad_do bdad.a_closure bdad.am_d_def bdad.fbox_def local.dmq.dqmsr.fd_def local.do_fix_subid) + +lemma fbox_do_dia_de_morgan: "p \ 1 \ bdad.fbox x p = 1 - do_dia x (1 - p)" + using bdad.fbox_def local.dmq.dqmsr.fd_def local.do_fix_subid by force + +lemma cd_dia_bbox_de_morgan: "p \ 1 \ cd_dia x p = 1 - bdar.bbox x (1 - p)" + by (smt (verit, best) ad_do bdar.bbox_def bdar.bdia_def cd_dia_bdia local.cd_fix_subid local.do_subid local.docd_compat) + +lemma bbox_cd_dia_de_morgan: "p \ 1 \ bdar.bbox x p = 1 - cd_dia x (1 - p)" + using bdar.bbox_def local.cd_fix_subid local.dmq.coddual.dqmsr.fd_def by force + +lemma do_box_bbox: "p \ 1 \ do_box x p = bdar.bbox x p" +proof- + assume a: "p \ 1" + {fix q + assume b: "q \ 1" + hence "(q \ do_box x p) = (x \ q \ p \ x)" + by (simp add: a local.do_box_demod_subid) + also have "\ = (x \ cd q \ cd p \ x)" + by (metis a b local.cd_fix_subid) + also have "\ = (cd q \ bdar.bbox x p)" + by (metis bdar.bbox_def bdar.bdia_def cd_dia_bdia local.bdar.ardual.a_closure' local.bdar.ardual.ans_d_def local.bdar.ardual.dnsz.dsg1 local.bdar.ardual.fbox_demodalisation3 local.bdar.ardual.fbox_one local.dmq.coddual.dqmsr.fd_def local.nsrnqo.mult_oner) + also have "\ = (q \ bdar.bbox x p)" + using b local.cd_fix_subid by force + finally have "(q \ do_box x p) = (q \ bdar.bbox x p)".} + thus ?thesis + by (metis bdar.bbox_def local.bdar.ardual.a_subid' local.do_box_subid local.dual_order.antisym local.eq_refl) +qed + +lemma cd_box_fbox: "p \ 1 \ cd_box x p = bdad.fbox x p" + by (smt (verit, ccfv_SIG) bdar.bbox_def do_box_bbox local.bdad.fbox_def local.cd_dia_do_dia_conv local.cd_inv local.cd_fix_subid local.cd_top local.diff_eq local.dmq.bb_def local.dmq.coddual.dqmsr.fd_def local.dmq.coddual.mult_assoc local.dmq.dqmsr.fd_def local.dmq.fb_def local.do_box_cd_box_conv local.do_fix_subid local.do_top local.inf.cobounded1) + +lemma do_dia_cd_box_de_morgan: "p \ 1 \ do_dia x p = 1 - cd_box x (1 - p)" + by (simp add: cd_box_fbox local.diff_eq local.do_dia_fbox_de_morgan) + +lemma cd_box_do_dia_de_morgan: "p \ 1 \ cd_box x p = 1 - do_dia x (1 - p)" + by (simp add: cd_box_fbox local.fbox_do_dia_de_morgan) + +lemma cd_dia_do_box_de_morgan: "p \ 1 \ cd_dia x p = 1 - do_box x (1 - p)" + by (simp add: do_box_bbox local.cd_dia_bbox_de_morgan local.diff_eq) + +lemma do_box_cd_dia_de_morgan: "p \ 1 \ do_box x p = 1 - cd_dia x (1 - p)" + by (simp add: do_box_bbox local.bbox_cd_dia_de_morgan) + +end + +class dc_involutive_modal_quantale = dc_modal_quantale + involutive_quantale + +begin + +sublocale invmqmka: involutive_dr_modal_kleene_algebra "(\)" "(\)" 1 \ "(\)" "(<)" qstar invol dom cod.. + +lemma do_approx_dom: "do x \ dom x" +proof - + have "do x = dom (do x) \ do x" + by simp + also have "\ \ dom (1 \ (x \ x\<^sup>\))" + by (simp add: local.do_def local.dqmsr.domain_subid) + also have "\ \ dom 1 \ dom (x \ x\<^sup>\)" + using local.dom_meet_sub by presburger + also have "\ \ dom (x \ dom (x\<^sup>\))" + by simp + also have "\ \ dom x" + by (simp add: local.dqmsr.domain_1'') + finally show ?thesis. +qed + +end + +class dc_modal_quantale_converse = dc_involutive_modal_quantale + quantale_converse + +sublocale dc_modal_quantale_converse \ invmqmka: dr_modal_kleene_algebra_converse "(\)" "(\)" 1 \ "(\)" "(<)" qstar invol dom cod.. + +class dc_modal_quantale_strong_converse = dc_involutive_modal_quantale + + assumes weak_dom_def: "dom x \ x \ x\<^sup>\" + and weak_cod_def: "cod x \ x\<^sup>\ \ x" + +begin + +sublocale invmqmka: dr_modal_kleene_algebra_strong_converse "(\)" "(\)" 1 \ "(\)" "(<)" qstar invol dom cod + by (unfold_locales, simp_all add: local.weak_dom_def local.weak_cod_def) + +lemma dom_def: "dom x = 1 \ (x \ x\<^sup>\)" + using local.do_approx_dom local.do_def local.dual_order.eq_iff local.weak_dom_def by force + +lemma cod_def: "cod x = 1 \ (x\<^sup>\ \ x)" + using local.dom_def local.invmqmka.d_conv_cod by auto + +lemma do_dom: "do x = dom x" + by (simp add: local.do_def local.dom_def) + +lemma cd_cod: "cd x = cod x" + by (simp add: local.cd_def local.cod_def) + +end + +class dc_modal_dedekind_quantale = dc_involutive_modal_quantale + dedekind_quantale + +class cd_distributive_modal_dedekind_quantale = dc_modal_dedekind_quantale + distrib_unital_quantale + +class dc_boolean_modal_dedekind_quantale = dc_modal_dedekind_quantale + bool_unital_quantale + +begin + +lemma subid_idem: "p \ 1 \ p \ p = p" + by (simp add: local.subid_mult_meet) + +lemma subid_comm: "p \ 1 \ q \ 1 \ p \ q = q \ p" + using local.inf.commute local.subid_mult_meet by force + +lemma subid_meet_comp: "p \ 1 \ q \ 1 \ p \ q = p \ q" + by (simp add: local.subid_mult_meet) + +lemma subid_dom: "p \ 1 \ dom p = p" +proof- + assume h: "p \ 1" + have a: "p \ (1 \ -p) = 1" + by (metis h local.inf_sup_absorb local.sup.commute local.sup.orderE local.sup_compl_top local.sup_inf_distrib1) + have b: "(1 \ -p) \ p = \" + by (simp add: local.inf.commute) + hence "dom p = (p \ (1 \ -p)) \ dom p" + by (simp add: a) + also have "\ = p \ dom p \ dom ((1 \ -p) \ dom p) \ (1 \ -p) \ dom p" + using local.dqmsr.dsg1 local.wswq.distrib_right mult_assoc by presburger + also have "\ \ p \ dom ((1 \ -p) \ dom p)" + by (metis b h local.dom_subid local.dom_zero local.inf.cobounded1 local.mqdual.cod_local local.mult_botr local.sup.mono subid_comm subid_meet_comp) + also have "\ = p \ dom ((1 \ -p) \ p)" + by simp + also have "\ = p \ dom \" + using b h subid_meet_comp by fastforce + also have "\ = p" + by simp + finally have "dom p \ p". + thus ?thesis + using h local.dqmsr.domain_subid local.dual_order.antisym by presburger +qed + +lemma do_prop: "(do x \ do y) = (x \ do y \ \)" + by (simp add: local.lla) + +lemma do_lla: "(do x \ do y) = (x \ do y \ x)" + by (simp add: local.lla_var) + +lemma lla_subid: "p \ 1 \ ((dom x \ p) = (x \ p \ x))" + by (metis local.dqmsr.dom_llp subid_dom) + +lemma dom_do: "dom x = do x" +proof- + have "x \ do x \ x" + by simp + hence "dom x \ do x" + using lla_subid local.do_subid local.dodo by presburger + thus ?thesis + by (simp add: local.antisym_conv local.do_approx_dom) +qed + +end + +end + diff --git a/thys/Quantales_Converse/ROOT b/thys/Quantales_Converse/ROOT new file mode 100644 --- /dev/null +++ b/thys/Quantales_Converse/ROOT @@ -0,0 +1,20 @@ +chapter AFP + +session "Quantales_Converse" (AFP) = HOL + + options [timeout = 600] + + sessions + Kleene_Algebra + KAD + Quantales + + theories + Modal_Kleene_Algebra_Var + Kleene_Algebra_Converse + Modal_Kleene_Algebra_Converse + Modal_Quantale + Quantale_Converse + + document_files + "root.tex" + "root.bib" diff --git a/thys/Quantales_Converse/document/root.bib b/thys/Quantales_Converse/document/root.bib new file mode 100644 --- /dev/null +++ b/thys/Quantales_Converse/document/root.bib @@ -0,0 +1,126 @@ +@article{ArmstrongSW13, + author = {Alasdair Armstrong and + Georg Struth and + Tjark Weber}, + title = {Kleene Algebra}, + journal = {Archive of Formal Proofs}, + year = {2013}, + url = {https://www.isa-afp.org/entries/Kleene\_Algebra.shtml}, + timestamp = {Mon, 25 May 2020 09:13:27 +0200}, + biburl = {https://dblp.org/rec/journals/afp/ArmstrongSW13.bib}, + bibsource = {dblp computer science bibliography, https://dblp.org} +} + +@article{CalkGMS22, + author = {Cameron Calk and + Eric Goubault and + Philippe Malbos and + Georg Struth}, + title = {Algebraic coherent confluence and higher globular {K}leene algebras}, + journal = {Logical Methods in Computer Science}, + volume = {18}, + number = {4}, + year = {2022}, + url = {https://doi.org/10.46298/lmcs-18(4:9)2022}, + doi = {10.46298/lmcs-18(4:9)2022}, + timestamp = {Tue, 24 Jan 2023 10:48:24 +0100}, + biburl = {https://dblp.org/rec/journals/lmcs/CalkGMS22.bib}, + bibsource = {dblp computer science bibliography, https://dblp.org} +} + +@article{CalkMPS23, +Author = {Cameron Calk and Philippe Malbos and Damien Pous and Georg Struth}, +Title = {Higher Catoids, Higher Quantales and their Correspondences}, +Year = {2023}, +journal = {arXiv}, +volume = {2307.09253}, +} + +@article{FahrenbergJSZ23, + author = {Fahrenberg, Uli and + Johansen, Christian and + Struth, Georg and + Ziemia{\'n}ski, Krzysztof}, + title = {Catoids and Modal Convolution Algebras}, + journal = {Algebra Universalis}, + volume = {84}, + pages = {10}, + year = {2023} +} + +@article{GomesGHSW16, + author = {Victor B. F. Gomes and + Walter Guttmann and + Peter H{\"{o}}fner and + Georg Struth and + Tjark Weber}, + title = {Kleene Algebras with Domain}, + journal = {Archive of Formal Proofs}, + year = {2016}, + url = {https://www.isa-afp.org/entries/KAD.shtml}, + timestamp = {Mon, 25 May 2020 09:13:24 +0200}, + biburl = {https://dblp.org/rec/journals/afp/GomesGHSW16.bib}, + bibsource = {dblp computer science bibliography, https://dblp.org} +} + +@inproceedings{GomesS16, + author = {Victor B. F. Gomes and Georg Struth}, + title = {Modal {K}leene Algebra Applied to Program Correctness}, + booktitle = {{FM} 2016}, + series = {LNCS}, + volume = {9995}, + pages = {310--325}, + year = {2016}, + url = {https://doi.org/10.1007/978-3-319-48989-6\_19}, + doi = {10.1007/978-3-319-48989-6\_19}, + timestamp = {Tue, 14 May 2019 10:00:46 +0200}, + biburl = {https://dblp.org/rec/conf/fm/GomesS16.bib}, + bibsource = {dblp computer science bibliography, https://dblp.org} +} + +@Unpublished{PousS23, + author = {Damien Pous and Georg Struth}, + title = {Dedekind Quantaloids as Intuitionistic Modal Algebras}, + note = {In preparation}, + year = 2023} + +@Article{Resende18, + author = {Pedro Resende}, + title = {Open Maps of Involutive Quantales}, + journal = {Applied Categorical Structures}, + year = 2018, + volume = 26, + pages = {631-644}} + +@Book{Rosenthal90, + author = {Rosenthal, Kimmo. I.}, + title = {Quantales and Their Applications}, + publisher = {Longman Scientific $\&$ Technical}, + year = 1990} + +@Book{Rosenthal96, + author = {Rosenthal, K. I.}, + title = {The Theory of Quantaloids}, + publisher = {Addison Wesley Longman Limited}, + year = 1996} + +@article{Struth18, + author = {Georg Struth}, + title = {Quantales}, + journal = {Archive of Formal Proofs}, + year = {2018}, + url = {https://www.isa-afp.org/entries/Quantales.html}, + timestamp = {Mon, 25 May 2020 09:13:16 +0200}, + biburl = {https://dblp.org/rec/journals/afp/Struth18a.bib}, + bibsource = {dblp computer science bibliography, https://dblp.org} +} + +@Article{Tarski41, + author = {Alfred Tarski}, + title = {On the Calculus of Relations}, + journal = {Journal of Symbolic Logic}, + year = 1941, + volume = 6, + number = 3, + pages = {73--89}} + diff --git a/thys/Quantales_Converse/document/root.tex b/thys/Quantales_Converse/document/root.tex new file mode 100644 --- /dev/null +++ b/thys/Quantales_Converse/document/root.tex @@ -0,0 +1,121 @@ +\documentclass[11pt,a4paper]{article} +\usepackage[T1]{fontenc} +\usepackage{isabelle,isabellesym} + +% further packages required for unusual symbols (see also +% isabellesym.sty), use only when needed + +%\usepackage{amssymb} + %for \, \, \, \, \, \, + %\, \, \, \, \, + %\, \, \ + +%\usepackage{eurosym} + %for \ + +\usepackage[only,bigsqcap,bigparallel,fatsemi,interleave,sslash]{stmaryrd} + %for \, \, \, \, \ + +%\usepackage{eufrak} + %for \ ... \, \ ... \ (also included in amssymb) + +%\usepackage{textcomp} + %for \, \, \, \, \, + %\ + +% this should be the last package used +\usepackage{pdfsetup} + +% urls in roman style, theory text in math-similar italics +\urlstyle{rm} +\isabellestyle{it} + +% for uniform font size +%\renewcommand{\isastyle}{\isastyleminor} + +\begin{document} + +\title{Modal quantales, involutive Quantales, Dedekind Quantales} +\author{Cameron Calk and Georg Struth} +\maketitle + +\begin{abstract} + This AFP entry provides mathematical components for modal quantales, + involutive quantales and Dedekind quantales. Modal quantales are + simple extensions of modal Kleene algebras useful for the + verification of recursive programs. Involutive quantales appear in + the study of $C^\ast$-algebras. Dedekind quantales are relatives of + Tarski's relation algebras, hence relevant to program verification + and beyond that to higher rewriting. We also provide + components for weaker variants such as Kleene algebras with converse + and modal Kleene algebras with converse. +\end{abstract} + +\tableofcontents + +% sane default for proof documents +\parindent 0pt\parskip 0.5ex + +% generated text of all theories + +\section{Introductory Remarks} + +In this AFP entry we provide mathematical components for modal +quantales, involutive quantales and Dedekind quantales. Modal +quantales are simple extensions of modal Kleene algebras that can be +used in the verification of recursive +programs~\cite{GomesS16}. Involutive quantales appear in the study of +$C^\ast$-algebras~\cite{Resende18}. Dedekind quantales, +categorifications of which are known as \emph{modular + quantaloids}~\cite{Rosenthal96}, are relatives of Tarski's relation +algebras~\cite{Tarski41}, and hence relevant to program verification +as well. We also provide components for weaker variants such as Kleene +algebras and modal Kleene algebras with converse. + +Our main interest in these structures comes from recent applications +in higher-dimensional rewriting~\cite{CalkGMS22,CalkMPS23}, where they +are used in coherence proofs for rewriting systems based on computads +or polygraphs. This includes proofs of coherent Church-Rosser theorems +and coherent Newman's lemmas. A more long-term programme considers +the formalisation of algebraic aspects of higher rewriting with proof +assistants. + + Modal quantales have previously been studied + in~\cite{FahrenbergJSZ23}, where it is shown, for instance, that any + category can be lifted to a modal quantale at powerset level. Such + lifting results will be formalised in a companion AFP entry. + + Dedekind quantales give also rise to intuitionistic modal algebras, + as the results in this AFP entry show. In particular, the set of all + subidentities or coreflexives of a Dedekind quantale forms a + complete Heyting algebra (aka frame or locale), on which modal box + and diamond operators can be defined. A paper explaining these + results is in preparation~\cite{PousS23}. A further application of + Dedekind quantales lies once again in higher-dimensional + rewriting~\cite{CalkGMS22,CalkMPS23}. Any groupoid, in particular, + can be lifted to a Dedekind quantale at powerset level, a result + which will once again be formalised in a companion AFP entry. + + Our components build on extant AFP components for Kleene + algebras~\cite{ArmstrongSW13}, modal Kleene + algebras~\cite{GomesGHSW16} and quantales~\cite{Struth18}. + + \vspace{\baselineskip} + + Georg Struth is grateful for an invited professorship at École + polytechnique and a fellowship at the Collegium de Lyon, Institute + of Advanced Study, during which most of this formalisation work + has been done. + +\input{session} + +% optional bibliography +\bibliographystyle{abbrv} +\bibliography{root} + +\end{document} + +%%% Local Variables: +%%% mode: latex +%%% TeX-master: t +%%% End: diff --git a/thys/ROOTS b/thys/ROOTS --- a/thys/ROOTS +++ b/thys/ROOTS @@ -1,757 +1,758 @@ ABY3_Protocols ADS_Functor AI_Planning_Languages_Semantics AODV AOT AVL-Trees AWN Abortable_Linearizable_Modules Abs_Int_ITP2012 Abstract-Hoare-Logics Abstract-Rewriting Abstract_Completeness Abstract_Soundness Ackermanns_not_PR Actuarial_Mathematics Adaptive_State_Counting Affine_Arithmetic Aggregation_Algebras Akra_Bazzi Algebraic_Numbers Algebraic_VCs Allen_Calculus Amicable_Numbers Amortized_Complexity AnselmGod Applicative_Lifting Approximation_Algorithms Architectural_Design_Patterns Aristotles_Assertoric_Syllogistic Arith_Prog_Rel_Primes ArrowImpossibilityGS Attack_Trees Auto2_HOL Auto2_Imperative_HOL AutoFocus-Stream Automated_Stateful_Protocol_Verification Automatic_Refinement AxiomaticCategoryTheory BDD BD_Security_Compositional BNF_CC BNF_Operations BTree Balog_Szemeredi_Gowers Banach_Steinhaus Belief_Revision Bell_Numbers_Spivey BenOr_Kozen_Reif Berlekamp_Zassenhaus Bernoulli Bertrands_Postulate Bicategory BinarySearchTree Binary_Code_Imprimitive Binding_Syntax_Theory Binomial-Heaps Binomial-Queues BirdKMP Birkhoff_Finite_Distributive_Lattices Blue_Eyes Bondy Boolean_Expression_Checkers Boolos_Curious_Inference Boolos_Curious_Inference_Automated Bounded_Deducibility_Security Buchi_Complementation Budan_Fourier Buffons_Needle Buildings BytecodeLogicJmlTypes C2KA_DistributedSystems CAVA_Automata CAVA_LTL_Modelchecker CCS CHERI-C_Memory_Model CISC-Kernel CRDT CRYSTALS-Kyber CSP_RefTK CVP_Hardness CYK CZH_Elementary_Categories CZH_Foundations CZH_Universal_Constructions CakeML CakeML_Codegen Call_Arity Card_Equiv_Relations Card_Multisets Card_Number_Partitions Card_Partitions Cartan_FP Case_Labeling Catalan_Numbers Category Category2 Category3 Cauchy Cayley_Hamilton Certification_Monads Chandy_Lamport Chord_Segments Circus Clean Clique_and_Monotone_Circuits ClockSynchInst Closest_Pair_Points CoCon CoSMeDis CoSMed CofGroups Coinductive Coinductive_Languages Collections Combinable_Wands Combinatorial_Enumeration_Algorithms Combinatorics_Words Combinatorics_Words_Graph_Lemma Combinatorics_Words_Lyndon CommCSL Commuting_Hermitian Comparison_Sort_Lower_Bound Compiling-Exceptions-Correctly Complete_Non_Orders Completeness Complex_Bounded_Operators Complex_Geometry Complx ComponentDependencies ConcurrentGC ConcurrentIMP Concurrent_Ref_Alg Concurrent_Revisions Conditional_Simplification Conditional_Transfer_Rule Consensus_Refined Constructive_Cryptography Constructive_Cryptography_CM Constructor_Funs Containers Cook_Levin CoreC++ Core_DOM Core_SC_DOM Correctness_Algebras Cotangent_PFD_Formula Count_Complex_Roots CryptHOL CryptoBasedCompositionalProperties Crypto_Standards Cubic_Quartic_Equations DCR-ExecutionEquivalence DFS_Framework DOM_Components DPRM_Theorem DPT-SAT-Solver DataRefinementIBP Datatype_Order_Generator Decl_Sem_Fun_PL Decreasing-Diagrams Decreasing-Diagrams-II Dedekind_Real Deep_Learning Delta_System_Lemma Density_Compiler Dependent_SIFUM_Refinement Dependent_SIFUM_Type_Systems Depth-First-Search Derangements Deriving Descartes_Sign_Rule Design_Theory Dict_Construction Differential_Dynamic_Logic Differential_Game_Logic DigitsInBase Digit_Expansions Dijkstra_Shortest_Path Diophantine_Eqns_Lin_Hom Dirichlet_L Dirichlet_Series DiscretePricing Discrete_Summation DiskPaxos Distributed_Distinct_Elements Dominance_CHK DynamicArchitectures Dynamic_Tables E_Transcendental Earley_Parser Echelon_Form EdmondsKarp_Maxflow Edwards_Elliptic_Curves_Group Efficient-Mergesort Efficient_Weighted_Path_Order Elliptic_Curves_Group_Law Encodability_Process_Calculi Epistemic_Logic Equivalence_Relation_Enumeration Ergodic_Theory Error_Function Euler_MacLaurin Euler_Partition Eval_FO Example-Submission Executable_Randomized_Algorithms Expander_Graphs Extended_Finite_State_Machine_Inference Extended_Finite_State_Machines FFT FLP FOL-Fitting FOL_Axiomatic FOL_Harrison FOL_Seq_Calc1 FOL_Seq_Calc2 FOL_Seq_Calc3 FO_Theory_Rewriting FSM_Tests Factor_Algebraic_Polynomial Factored_Transition_System_Bounding Falling_Factorial_Sum Farkas FeatherweightJava Featherweight_OCL Fermat3_4 FileRefinement FinFun Finger-Trees Finite-Map-Extras Finite_Automata_HF Finite_Fields Finitely_Generated_Abelian_Groups First_Order_Terms First_Welfare_Theorem Fishburn_Impossibility Fisher_Yates Fishers_Inequality Flow_Networks Floyd_Warshall Flyspeck-Tame FocusStreamsCaseStudies Forcing Formal_Puiseux_Series Formal_SSA Formula_Derivatives Foundation_of_geometry Fourier Free-Boolean-Algebra Free-Groups Frequency_Moments Fresh_Identifiers FunWithFunctions FunWithTilings Functional-Automata Functional_Ordered_Resolution_Prover Furstenberg_Topology GPU_Kernel_PL Gabow_SCC GaleStewart_Games Gale_Shapley Game_Based_Crypto Gauss-Jordan-Elim-Fun Gauss_Jordan Gauss_Sums Gaussian_Integers GenClock General-Triangle Generalized_Counting_Sort Generic_Deriving Generic_Join GewirthPGCProof Girth_Chromatic Given_Clause_Loops GoedelGod Goedel_HFSet_Semantic Goedel_HFSet_Semanticless Goedel_Incompleteness Goodstein_Lambda GraphMarkingIBP Graph_Saturation Graph_Theory Gray_Codes Green Groebner_Bases Groebner_Macaulay Gromov_Hyperbolicity Grothendieck_Schemes Group-Ring-Module HOL-CSP HOLCF-Prelude HRB-Slicing Hahn_Jordan_Decomposition Hales_Jewett Heard_Of Hello_World HereditarilyFinite Hermite Hermite_Lindemann Hidden_Markov_Models Higher_Order_Terms HoareForDivergence Hoare_Time Hood_Melville_Queue HotelKeyCards Huffman Hybrid_Logic Hybrid_Multi_Lane_Spatial_Logic Hybrid_Systems_VCs HyperCTL HyperHoareLogic Hyperdual IEEE_Floating_Point IFC_Tracking IMAP-CRDT IMO2019 IMP2 IMP2_Binary_Heap IMP_Compiler IMP_Compiler_Reuse IP_Addresses Imperative_Insertion_Sort Implicational_Logic Impossible_Geometry Incompleteness Incredible_Proof_Machine Independence_CH Inductive_Confidentiality Inductive_Inference InfPathElimination InformationFlowSlicing InformationFlowSlicing_Inter Integration Interpolation_Polynomials_HOL_Algebra Interpreter_Optimizations Interval_Arithmetic_Word32 Intro_Dest_Elim Involutions2Squares Iptables_Semantics Irrational_Series_Erdos_Straus Irrationality_J_Hancl Irrationals_From_THEBOOK IsaGeoCoq IsaNet Isabelle_C Isabelle_Marries_Dirac Isabelle_Meta_Model Jacobson_Basic_Algebra Jinja JinjaDCI JinjaThreads JiveDataStoreModel Jordan_Hoelder Jordan_Normal_Form KAD KAT_and_DRA KBPs KD_Tree Key_Agreement_Strong_Adversaries Khovanskii_Theorem Kleene_Algebra Kneser_Cauchy_Davenport Knights_Tour Knot_Theory Knuth_Bendix_Order Knuth_Morris_Pratt Koenigsberg_Friendship Kruskal Kuratowski_Closure_Complement LLL_Basis_Reduction LLL_Factorization LOFT LP_Duality LTL LTL_Master_Theorem LTL_Normal_Form LTL_to_DRA LTL_to_GBA Lam-ml-Normalization LambdaAuth LambdaMu Lambda_Free_EPO Lambda_Free_KBOs Lambda_Free_RPOs Lambert_W Landau_Symbols Laplace_Transform Latin_Square LatticeProperties Launchbury Laws_of_Large_Numbers Lazy-Lists-II Lazy_Case Lehmer Lifting_Definition_Option Lifting_the_Exponent LightweightJava LinearQuantifierElim Linear_Inequalities Linear_Programming Linear_Recurrences Liouville_Numbers List-Index List-Infinite List_Interleaving List_Inversions List_Update LocalLexing Localization_Ring Locally-Nameless-Sigma Logging_Independent_Anonymity Lowe_Ontological_Argument Lower_Semicontinuous Lp Lucas_Theorem MDP-Algorithms MDP-Rewards MFMC_Countable MFODL_Monitor_Optimized MFOTL_Monitor MSO_Regex_Equivalence Markov_Models Marriage Mason_Stothers Matrices_for_ODEs Matrix Matrix_Tensor Matroids Max-Card-Matching Maximum_Segment_Sum Median_Method Median_Of_Medians_Selection Menger Mereology Mersenne_Primes Metalogic_ProofChecker MHComputation MiniML MiniSail Minimal_SSA Minkowskis_Theorem Minsky_Machines MLSS_Decision_Proc Modal_Logics_for_NTS Modular_Assembly_Kit_Security Modular_arithmetic_LLL_and_HNF_algorithms Monad_Memo_DP Monad_Normalisation MonoBoolTranAlgebra MonoidalCategory Monomorphic_Monad MuchAdoAboutTwo Multi_Party_Computation Multirelations Multirelations_Heterogeneous Multiset_Ordering_NPC Multitape_To_Singletape_TM Myhill-Nerode Name_Carrying_Type_Inference Nano_JSON Nash_Williams Nat-Interval-Logic Native_Word Nested_Multisets_Ordinals Network_Security_Policy_Verification Neumann_Morgenstern_Utility No_FTL_observers No_FTL_observers_Gen_Rel Nominal2 Noninterference_CSP Noninterference_Concurrent_Composition Noninterference_Generic_Unwinding Noninterference_Inductive_Unwinding Noninterference_Ipurge_Unwinding Noninterference_Sequential_Composition NormByEval Nullstellensatz Number_Theoretic_Transform Octonions OpSets Open_Induction Optics Optimal_BST Orbit_Stabiliser Order_Lattice_Props Ordered_Resolution_Prover Ordinal Ordinal_Partitions Ordinals_and_Cardinals Ordinary_Differential_Equations PAC_Checker PAL PAPP_Impossibility PCF PLM POPLmark-deBruijn PSemigroupsConvolution Package_logic Padic_Field Padic_Ints Pairing_Heap Paraconsistency Parity_Game Partial_Function_MR Partial_Order_Reduction Password_Authentication_Protocol Pell Perfect-Number-Thm Perron_Frobenius Physical_Quantities Pi_Calculus Pi_Transcendental Planarity_Certificates Pluennecke_Ruzsa_Inequality Poincare_Bendixson Poincare_Disc Polynomial_Factorization Polynomial_Interpolation Polynomials Pop_Refinement Posix-Lexing Possibilistic_Noninterference Power_Sum_Polynomials Pratt_Certificate Prefix_Free_Code_Combinators Presburger-Automata Prim_Dijkstra_Simple Prime_Distribution_Elementary Prime_Harmonic_Series Prime_Number_Theorem Priority_Queue_Braun Priority_Search_Trees Probabilistic_Noninterference Probabilistic_Prime_Tests Probabilistic_System_Zoo Probabilistic_Timed_Automata Probabilistic_While Probability_Inequality_Completeness Program-Conflict-Analysis Progress_Tracking Projective_Geometry Projective_Measurements Promela Proof_Strategy_Language PropResPI Propositional_Logic_Class Propositional_Proof_Systems Prpu_Maxflow PseudoHoops Psi_Calculi Ptolemys_Theorem Public_Announcement_Logic QHLProver QR_Decomposition Quantales +Quantales_Converse Quantifier_Elimination_Hybrid Quasi_Borel_Spaces Quaternions Query_Optimization Quick_Sort_Cost RIPEMD-160-SPARK ROBDD RSAPSS Ramsey-Infinite Random_BSTs Random_Graph_Subgraph_Threshold Randomised_BSTs Randomised_Social_Choice Rank_Nullity_Theorem Real_Impl Real_Power Real_Time_Deque Recursion-Addition Recursion-Theory-I Refine_Imperative_HOL Refine_Monadic RefinementReactive Regex_Equivalence Registers Regression_Test_Selection Regular-Sets Regular_Algebras Regular_Tree_Relations Relation_Algebra Relational-Incorrectness-Logic Relational_Disjoint_Set_Forests Relational_Forests Relational_Method Relational_Minimum_Spanning_Trees Relational_Paths Rensets Rep_Fin_Groups ResiduatedTransitionSystem Residuated_Lattices Resolution_FOL Rewrite_Properties_Reduction Rewriting_Z Ribbon_Proofs Risk_Free_Lending Robbins-Conjecture Robinson_Arithmetic Root_Balanced_Tree Roth_Arithmetic_Progressions Routing Roy_Floyd_Warshall SATSolverVerification SCC_Bloemen_Sequential SC_DOM_Components SDS_Impossibility SIFPL SIFUM_Type_Systems SPARCv8 Safe_Distance Safe_OCL Safe_Range_RC Saturation_Framework Saturation_Framework_Extensions Sauer_Shelah_Lemma Schutz_Spacetime Schwartz_Zippel Secondary_Sylow Security_Protocol_Refinement Selection_Heap_Sort SenSocialChoice Separata Separation_Algebra Separation_Logic_Imperative_HOL Separation_Logic_Unbounded SequentInvertibility Shadow_DOM Shadow_SC_DOM Shivers-CFA ShortestPath Show Sigma_Commit_Crypto Signature_Groebner Simpl Simple_Clause_Learning Simple_Firewall Simplex Simplicial_complexes_and_boolean_functions SimplifiedOntologicalArgument Skew_Heap Skip_Lists Slicing Sliding_Window_Algorithm Smith_Normal_Form Smooth_Manifolds Solidity Sophomores_Dream Sort_Encodings Source_Coding_Theorem SpecCheck Special_Function_Bounds Splay_Tree Sqrt_Babylonian Stable_Matching Stalnaker_Logic Statecharts Stateful_Protocol_Composition_and_Typing Stellar_Quorums Stern_Brocot Stewart_Apollonius Stirling_Formula Stochastic_Matrices Stone_Algebras Stone_Kleene_Relation_Algebras Stone_Relation_Algebras Store_Buffer_Reduction Stream-Fusion Stream_Fusion_Code StrictOmegaCategories Strong_Security Sturm_Sequences Sturm_Tarski Stuttering_Equivalence Subresultants Subset_Boolean_Algebras SumSquares Sunflowers SuperCalc Suppes_Theorem Surprise_Paradox Symmetric_Polynomials Syntax_Independent_Logic Synthetic_Completeness Szemeredi_Regularity Szpilrajn TESL_Language TLA Tail_Recursive_Functions Tarskis_Geometry Taylor_Models Three_Circles Three_Squares Timed_Automata Topological_Semantics Topology TortoiseHare TsirelsonBound Transcendence_Series_Hancl_Rucki Transformer_Semantics Transition_Systems_and_Automata Transitive-Closure Transitive-Closure-II Transitive_Models Treaps Tree-Automata Tree_Decomposition Tree_Enumeration Triangle Trie Turans_Graph_Theorem Twelvefold_Way Two_Generated_Word_Monoids_Intersection Tycon Types_Tableaus_and_Goedels_God Types_To_Sets_Extension UPF UPF_Firewall UTP Undirected_Graph_Theory Universal_Hash_Families Universal_Turing_Machine UpDown_Scheme VYDRA_MDL Valuation Van_Emde_Boas_Trees Van_der_Waerden VectorSpace VeriComp Verified-Prover Verified_SAT_Based_AI_Planning VerifyThis2018 VerifyThis2019 Vickrey_Clarke_Groves Virtual_Substitution VolpanoSmith WHATandWHERE_Security WOOT_Strong_Eventual_Consistency WebAssembly Weight_Balanced_Trees Weighted_Arithmetic_Geometric_Mean Weighted_Path_Order Well_Quasi_Orders Wetzels_Problem Winding_Number_Eval Word_Lib WorkerWrapper X86_Semantics XML Youngs_Inequality ZFC_in_HOL Zeckendorf Zeta_3_Irrational Zeta_Function pGCL