diff --git a/thys/Public_Announcement_Logic/PAL.thy b/thys/Public_Announcement_Logic/PAL.thy --- a/thys/Public_Announcement_Logic/PAL.thy +++ b/thys/Public_Announcement_Logic/PAL.thy @@ -1,1002 +1,1002 @@ (* File: PAL.thy Author: Asta Halkjær From This work is a formalization of public announcement logic with countably many agents. It includes proofs of soundness and completeness for variants of the axiom system PA + DIST! + NEC!. The completeness proofs build on the Epistemic Logic theory. *) theory PAL imports "Epistemic_Logic.Epistemic_Logic" begin section \Syntax\ datatype 'i pfm = FF (\\<^bold>\\<^sub>!\) | Pro' id (\Pro\<^sub>!\) | Dis \'i pfm\ \'i pfm\ (infixr \\<^bold>\\<^sub>!\ 60) | Con \'i pfm\ \'i pfm\ (infixr \\<^bold>\\<^sub>!\ 65) | Imp \'i pfm\ \'i pfm\ (infixr \\<^bold>\\<^sub>!\ 55) | K' 'i \'i pfm\ (\K\<^sub>!\) | Ann \'i pfm\ \'i pfm\ (\[_]\<^sub>! _\ [80, 80] 80) abbreviation PIff :: \'i pfm \ 'i pfm \ 'i pfm\ (infixr \\<^bold>\\<^sub>!\ 55) where \p \<^bold>\\<^sub>! q \ (p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! (q \<^bold>\\<^sub>! p)\ abbreviation PNeg (\\<^bold>\\<^sub>! _\ [70] 70) where \\<^bold>\\<^sub>! p \ p \<^bold>\\<^sub>! \<^bold>\\<^sub>!\ abbreviation PL (\L\<^sub>!\) where \L\<^sub>! i p \ (\<^bold>\\<^sub>! (K\<^sub>! i (\<^bold>\\<^sub>! p)))\ primrec anns :: \'i pfm \ 'i pfm set\ where \anns \<^bold>\\<^sub>! = {}\ | \anns (Pro\<^sub>! _) = {}\ | \anns (p \<^bold>\\<^sub>! q) = (anns p \ anns q)\ | \anns (p \<^bold>\\<^sub>! q) = (anns p \ anns q)\ | \anns (p \<^bold>\\<^sub>! q) = (anns p \ anns q)\ | \anns (K\<^sub>! i p) = anns p\ | \anns ([r]\<^sub>! p) = {r} \ anns r \ anns p\ section \Semantics\ fun psemantics :: \('i, 'w) kripke \ 'w \ 'i pfm \ bool\ (\_, _ \\<^sub>! _\ [50, 50, 50] 50) and restrict :: \('i, 'w) kripke \ 'i pfm \ ('i, 'w) kripke\ (\_[_!]\ [50, 50] 50) where \M, w \\<^sub>! \<^bold>\\<^sub>! \ False\ | \M, w \\<^sub>! Pro\<^sub>! x \ \ M w x\ | \M, w \\<^sub>! p \<^bold>\\<^sub>! q \ M, w \\<^sub>! p \ M, w \\<^sub>! q\ | \M, w \\<^sub>! p \<^bold>\\<^sub>! q \ M, w \\<^sub>! p \ M, w \\<^sub>! q\ | \M, w \\<^sub>! p \<^bold>\\<^sub>! q \ M, w \\<^sub>! p \ M, w \\<^sub>! q\ | \M, w \\<^sub>! K\<^sub>! i p \ (\v \ \ M \ \ M i w. M, v \\<^sub>! p)\ | \M, w \\<^sub>! [r]\<^sub>! p \ M, w \\<^sub>! r \ M[r!], w \\<^sub>! p\ | \M[r!] = M \\ := {w. w \ \ M \ M, w \\<^sub>! r}\\ abbreviation validPStar :: \(('i, 'w) kripke \ bool) \ 'i pfm set \ 'i pfm \ bool\ (\_; _ \\<^sub>!\ _\ [50, 50, 50] 50) where \P; G \\<^sub>!\ p \ \M. P M \ (\w \ \ M. (\q \ G. M, w \\<^sub>! q) \ M, w \\<^sub>! p)\ primrec static :: \'i pfm \ bool\ where \static \<^bold>\\<^sub>! = True\ | \static (Pro\<^sub>! _) = True\ | \static (p \<^bold>\\<^sub>! q) = (static p \ static q)\ | \static (p \<^bold>\\<^sub>! q) = (static p \ static q)\ | \static (p \<^bold>\\<^sub>! q) = (static p \ static q)\ | \static (K\<^sub>! i p) = static p\ | \static ([r]\<^sub>! p) = False\ primrec lower :: \'i pfm \ 'i fm\ where \lower \<^bold>\\<^sub>! = \<^bold>\\ | \lower (Pro\<^sub>! x) = Pro x\ | \lower (p \<^bold>\\<^sub>! q) = (lower p \<^bold>\ lower q)\ | \lower (p \<^bold>\\<^sub>! q) = (lower p \<^bold>\ lower q)\ | \lower (p \<^bold>\\<^sub>! q) = (lower p \<^bold>\ lower q)\ | \lower (K\<^sub>! i p) = K i (lower p)\ | \lower ([r]\<^sub>! p) = undefined\ primrec lift :: \'i fm \ 'i pfm\ where \lift \<^bold>\ = \<^bold>\\<^sub>!\ | \lift (Pro x) = Pro\<^sub>! x\ | \lift (p \<^bold>\ q) = (lift p \<^bold>\\<^sub>! lift q)\ | \lift (p \<^bold>\ q) = (lift p \<^bold>\\<^sub>! lift q)\ | \lift (p \<^bold>\ q) = (lift p \<^bold>\\<^sub>! lift q)\ | \lift (K i p) = K\<^sub>! i (lift p)\ lemma lower_semantics: assumes \static p\ shows \(M, w \ lower p) \ (M, w \\<^sub>! p)\ using assms by (induct p arbitrary: w) simp_all lemma lift_semantics: \(M, w \ p) \ (M, w \\<^sub>! lift p)\ by (induct p arbitrary: w) simp_all lemma lower_lift: \lower (lift p) = p\ by (induct p) simp_all lemma lift_lower: \static p \ lift (lower p) = p\ by (induct p) simp_all section \Soundness of Reduction\ primrec reduce' :: \'i pfm \ 'i pfm \ 'i pfm\ where \reduce' r \<^bold>\\<^sub>! = (r \<^bold>\\<^sub>! \<^bold>\\<^sub>!)\ | \reduce' r (Pro\<^sub>! x) = (r \<^bold>\\<^sub>! Pro\<^sub>! x)\ | \reduce' r (p \<^bold>\\<^sub>! q) = (reduce' r p \<^bold>\\<^sub>! reduce' r q)\ | \reduce' r (p \<^bold>\\<^sub>! q) = (reduce' r p \<^bold>\\<^sub>! reduce' r q)\ | \reduce' r (p \<^bold>\\<^sub>! q) = (reduce' r p \<^bold>\\<^sub>! reduce' r q)\ | \reduce' r (K\<^sub>! i p) = (r \<^bold>\\<^sub>! K\<^sub>! i (reduce' r p))\ | \reduce' r ([p]\<^sub>! q) = undefined\ primrec reduce :: \'i pfm \ 'i pfm\ where \reduce \<^bold>\\<^sub>! = \<^bold>\\<^sub>!\ | \reduce (Pro\<^sub>! x) = Pro\<^sub>! x\ | \reduce (p \<^bold>\\<^sub>! q) = (reduce p \<^bold>\\<^sub>! reduce q)\ | \reduce (p \<^bold>\\<^sub>! q) = (reduce p \<^bold>\\<^sub>! reduce q)\ | \reduce (p \<^bold>\\<^sub>! q) = (reduce p \<^bold>\\<^sub>! reduce q)\ | \reduce (K\<^sub>! i p) = K\<^sub>! i (reduce p)\ | \reduce ([r]\<^sub>! p) = reduce' (reduce r) (reduce p)\ lemma static_reduce': \static p \ static r \ static (reduce' r p)\ by (induct p) simp_all lemma static_reduce: \static (reduce p)\ by (induct p) (simp_all add: static_reduce') lemma reduce'_semantics: assumes \static q\ shows \(M, w \\<^sub>! [p]\<^sub>! q) = (M, w \\<^sub>! reduce' p q)\ using assms by (induct q arbitrary: w) auto lemma reduce_semantics: \M, w \\<^sub>! p \ M, w \\<^sub>! reduce p\ proof (induct p arbitrary: M w) case (Ann p q) then show ?case using reduce'_semantics static_reduce by fastforce qed simp_all section \Chains of Implications\ primrec implyP :: \'i pfm list \ 'i pfm \ 'i pfm\ (infixr \\<^bold>\\<^sub>!\ 56) where \([] \<^bold>\\<^sub>! q) = q\ | \(p # ps \<^bold>\\<^sub>! q) = (p \<^bold>\\<^sub>! ps \<^bold>\\<^sub>! q)\ lemma lift_implyP: \lift (ps \<^bold>\ q) = (map lift ps \<^bold>\\<^sub>! lift q)\ by (induct ps) auto lemma reduce_implyP: \reduce (ps \<^bold>\\<^sub>! q) = (map reduce ps \<^bold>\\<^sub>! reduce q)\ by (induct ps) auto section \Proof System\ primrec peval :: \(id \ bool) \ ('i pfm \ bool) \ 'i pfm \ bool\ where \peval _ _ \<^bold>\\<^sub>! = False\ | \peval g _ (Pro\<^sub>! x) = g x\ | \peval g h (p \<^bold>\\<^sub>! q) = (peval g h p \ peval g h q)\ | \peval g h (p \<^bold>\\<^sub>! q) = (peval g h p \ peval g h q)\ | \peval g h (p \<^bold>\\<^sub>! q) = (peval g h p \ peval g h q)\ | \peval _ h (K\<^sub>! i p) = h (K\<^sub>! i p)\ | \peval _ h ([r]\<^sub>! p) = h ([r]\<^sub>! p)\ abbreviation \ptautology p \ \g h. peval g h p\ inductive PAK :: \('i pfm \ bool) \ ('i pfm \ bool) \ 'i pfm \ bool\ (\_; _ \\<^sub>! _\ [50, 50, 50] 50) for A B :: \'i pfm \ bool\ where PA1: \ptautology p \ A; B \\<^sub>! p\ | PA2: \A; B \\<^sub>! K\<^sub>! i p \<^bold>\\<^sub>! K\<^sub>! i (p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! K\<^sub>! i q\ | PAx: \A p \ A; B \\<^sub>! p\ | PR1: \A; B \\<^sub>! p \ A; B \\<^sub>! p \<^bold>\\<^sub>! q \ A; B \\<^sub>! q\ | PR2: \A; B \\<^sub>! p \ A; B \\<^sub>! K\<^sub>! i p\ | PAnn: \A; B \\<^sub>! p \ B r \ A; B \\<^sub>! [r]\<^sub>! p\ | PFF: \A; B \\<^sub>! [r]\<^sub>! \<^bold>\\<^sub>! \<^bold>\\<^sub>! (r \<^bold>\\<^sub>! \<^bold>\\<^sub>!)\ | PPro: \A; B \\<^sub>! [r]\<^sub>! Pro\<^sub>! x \<^bold>\\<^sub>! (r \<^bold>\\<^sub>! Pro\<^sub>! x)\ | PDis: \A; B \\<^sub>! [r]\<^sub>! (p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! [r]\<^sub>! p \<^bold>\\<^sub>! [r]\<^sub>! q\ | PCon: \A; B \\<^sub>! [r]\<^sub>! (p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! [r]\<^sub>! p \<^bold>\\<^sub>! [r]\<^sub>! q\ | PImp: \A; B \\<^sub>! [r]\<^sub>! (p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! ([r]\<^sub>! p \<^bold>\\<^sub>! [r]\<^sub>! q)\ | PK: \A; B \\<^sub>! [r]\<^sub>! K\<^sub>! i p \<^bold>\\<^sub>! (r \<^bold>\\<^sub>! K\<^sub>! i ([r]\<^sub>! p))\ abbreviation PAK_assms (\_; _; _ \\<^sub>! _\ [50, 50, 50, 50] 50) where \A; B; G \\<^sub>! p \ \qs. set qs \ G \ (A; B \\<^sub>! qs \<^bold>\\<^sub>! p)\ lemma eval_peval: \eval h (g o lift) p = peval h g (lift p)\ by (induct p) simp_all lemma tautology_ptautology: \tautology p \ ptautology (lift p)\ using eval_peval by blast theorem AK_PAK: \A o lift \ p \ A; B \\<^sub>! lift p\ by (induct p rule: AK.induct) (auto intro: PAK.intros(1-5) simp: tautology_ptautology) abbreviation validP :: \(('i :: countable, 'i fm set) kripke \ bool) \ 'i pfm set \ 'i pfm \ bool\ (\_; _ \\<^sub>! _\ [50, 50, 50] 50) where \P; G \\<^sub>! p \ P; G \\<^sub>!\ p\ lemma set_map_inv: assumes \set xs \ f ` X\ shows \\ys. set ys \ X \ map f ys = xs\ using assms proof (induct xs) case (Cons x xs) then obtain ys where \set ys \ X\ \map f ys = xs\ by auto moreover obtain y where \y \ X\ \f y = x\ using Cons.prems by auto ultimately have \set (y # ys) \ X\ \map f (y # ys) = x # xs\ by simp_all then show ?case by meson qed simp lemma strong_static_completeness': assumes \static p\ and \\q \ G. static q\ and \P; G \\<^sub>! p\ and \P; lower ` G \\ lower p \ A o lift; lower ` G \ lower p\ shows \A; B; G \\<^sub>! p\ proof - have \P; lower ` G \\ lower p\ using assms by (simp add: lower_semantics) then have \A o lift; lower ` G \ lower p\ using assms(4) by blast then obtain qs where \set qs \ G\ and \A o lift \ map lower qs \<^bold>\ lower p\ using set_map_inv by blast then have \A; B \\<^sub>! lift (map lower qs \<^bold>\ lower p)\ using AK_PAK by fast then have \A; B \\<^sub>! map lift (map lower qs) \<^bold>\\<^sub>! lift (lower p)\ using lift_implyP by metis then have \A; B \\<^sub>! map (lift o lower) qs \<^bold>\\<^sub>! lift (lower p)\ by simp then show ?thesis using assms(1-2) \set qs \ G\ lift_lower by (metis (mono_tags, lifting) comp_apply map_idI subset_eq) qed theorem strong_static_completeness: assumes \static p\ and \\q \ G. static q\ and \P; G \\<^sub>! p\ - and \\G p. valid P G p \ A o lift; G \ p\ + and \\G p. P; G \ p \ A o lift; G \ p\ shows \A; B; G \\<^sub>! p\ using strong_static_completeness' assms . corollary static_completeness': assumes \static p\ and \P; {} \\<^sub>!\ p\ and \P; {} \ lower p \ A o lift \ lower p\ shows \A; B \\<^sub>! p\ using assms strong_static_completeness'[where G=\{}\ and p=p] by simp corollary static_completeness: assumes \static p\ and \P; {} \\<^sub>!\ p\ and \\p. P; {} \ p \ A o lift \ p\ shows \A; B \\<^sub>! p\ using static_completeness' assms . corollary assumes \static p\ \(\_. True); {} \\<^sub>! p\ shows \A; B \\<^sub>! p\ using assms static_completeness[where P=\\_. True\ and p=p] completeness\<^sub>A by blast section \Soundness\ lemma peval_semantics: \peval (val w) (\q. \\ = W, \ = r, \ = val\, w \\<^sub>! q) p = (\\ = W, \ = r, \ = val\, w \\<^sub>! p)\ by (induct p) simp_all lemma ptautology: assumes \ptautology p\ shows \M, w \\<^sub>! p\ proof - from assms have \peval (g w) (\q. \\ = W, \ = r, \ = g\, w \\<^sub>! q) p\ for W g r by simp then have \\\ = W, \ = r, \ = g\, w \\<^sub>! p\ for W g r using peval_semantics by fast then show \M, w \\<^sub>! p\ by (metis kripke.cases) qed theorem soundness\<^sub>P: assumes \\M p w. A p \ P M \ w \ \ M \ M, w \\<^sub>! p\ \\M r. P M \ B r \ P (M[r!])\ shows \A; B \\<^sub>! p \ P M \ w \ \ M \ M, w \\<^sub>! p\ proof (induct p arbitrary: M w rule: PAK.induct) case (PAnn p r) then show ?case using assms by simp qed (simp_all add: assms ptautology) corollary \(\_. False); B \\<^sub>! p \ w \ \ M \ M, w \\<^sub>! p\ using soundness\<^sub>P[where P=\\_. True\] by metis section \Strong Soundness\ lemma ptautology_imply_superset: assumes \set ps \ set qs\ shows \ptautology (ps \<^bold>\\<^sub>! r \<^bold>\\<^sub>! qs \<^bold>\\<^sub>! r)\ proof (rule ccontr) assume \\ ?thesis\ then obtain g h where \\ peval g h (ps \<^bold>\\<^sub>! r \<^bold>\\<^sub>! qs \<^bold>\\<^sub>! r)\ by blast then have \peval g h (ps \<^bold>\\<^sub>! r)\ \\ peval g h (qs \<^bold>\\<^sub>! r)\ by simp_all then consider (np) \\p \ set ps. \ peval g h p\ | (r) \\p \ set ps. peval g h p\ \peval g h r\ by (induct ps) auto then show False proof cases case np then have \\p \ set qs. \ peval g h p\ using \set ps \ set qs\ by blast then have \peval g h (qs \<^bold>\\<^sub>! r)\ by (induct qs) simp_all then show ?thesis using \\ peval g h (qs \<^bold>\\<^sub>! r)\ by blast next case r then have \peval g h (qs \<^bold>\\<^sub>! r)\ by (induct qs) simp_all then show ?thesis using \\ peval g h (qs \<^bold>\\<^sub>! r)\ by blast qed qed lemma PK_imply_weaken: assumes \A; B \\<^sub>! ps \<^bold>\\<^sub>! q\ \set ps \ set ps'\ shows \A; B \\<^sub>! ps' \<^bold>\\<^sub>! q\ proof - have \ptautology (ps \<^bold>\\<^sub>! q \<^bold>\\<^sub>! ps' \<^bold>\\<^sub>! q)\ using \set ps \ set ps'\ ptautology_imply_superset by blast then have \A; B \\<^sub>! ps \<^bold>\\<^sub>! q \<^bold>\\<^sub>! ps' \<^bold>\\<^sub>! q\ using PA1 by blast then show ?thesis using \A; B \\<^sub>! ps \<^bold>\\<^sub>! q\ PR1 by blast qed lemma implyP_append: \(ps @ ps' \<^bold>\\<^sub>! q) = (ps \<^bold>\\<^sub>! ps' \<^bold>\\<^sub>! q)\ by (induct ps) simp_all lemma PK_ImpI: assumes \A; B \\<^sub>! p # G \<^bold>\\<^sub>! q\ shows \A; B \\<^sub>! G \<^bold>\\<^sub>! (p \<^bold>\\<^sub>! q)\ proof - have \set (p # G) \ set (G @ [p])\ by simp then have \A; B \\<^sub>! G @ [p] \<^bold>\\<^sub>! q\ using assms PK_imply_weaken by blast then have \A; B \\<^sub>! G \<^bold>\\<^sub>! [p] \<^bold>\\<^sub>! q\ using implyP_append by metis then show ?thesis by simp qed corollary soundness_imply\<^sub>P: assumes \\M p w. A p \ P M \ w \ \ M \ M, w \\<^sub>! p\ \\M r. P M \ B r \ P (M[r!])\ shows \A; B \\<^sub>! qs \<^bold>\\<^sub>! p \ P M \ w \ \ M \ \q \ set qs. M, w \\<^sub>! q \ M, w \\<^sub>! p\ proof (induct qs arbitrary: p) case Nil then show ?case using soundness\<^sub>P[of A P B p M w] assms by simp next case (Cons q qs) then show ?case using PK_ImpI by fastforce qed theorem strong_soundness\<^sub>P: assumes \\M w p. A p \ P M \ w \ \ M \ M, w \\<^sub>! p\ \\M r. P M \ B r \ P (M[r!])\ - shows \A; B; G \\<^sub>! p \ P; G \\<^sub>!\ p\ + shows \A; B; G \\<^sub>! p \ P; G \\<^sub>!\ p\ proof safe fix qs w and M :: \('a, 'b) kripke\ assume \A; B \\<^sub>! qs \<^bold>\\<^sub>! p\ moreover assume \set qs \ G\ \\q \ G. M, w \\<^sub>! q\ then have \\q \ set qs. M, w \\<^sub>! q\ using \set qs \ G\ by blast moreover assume \P M\ \w \ \ M\ ultimately show \M, w \\<^sub>! p\ using soundness_imply\<^sub>P[of A P B qs p] assms by blast qed section \Completeness\ lemma ConE: assumes \A; B \\<^sub>! p \<^bold>\\<^sub>! q\ shows \A; B \\<^sub>! p\ \A; B \\<^sub>! q\ using assms by (metis PA1 PR1 peval.simps(4-5))+ lemma Iff_Dis: assumes \A; B \\<^sub>! p \<^bold>\\<^sub>! p'\ \A; B \\<^sub>! q \<^bold>\\<^sub>! q'\ shows \A; B \\<^sub>! ((p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! (p' \<^bold>\\<^sub>! q'))\ proof - have \A; B \\<^sub>! (p \<^bold>\\<^sub>! p') \<^bold>\\<^sub>! (q \<^bold>\\<^sub>! q') \<^bold>\\<^sub>! ((p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! (p' \<^bold>\\<^sub>! q'))\ by (simp add: PA1) then show ?thesis using assms PR1 by blast qed lemma Iff_Con: assumes \A; B \\<^sub>! p \<^bold>\\<^sub>! p'\ \A; B \\<^sub>! q \<^bold>\\<^sub>! q'\ shows \A; B \\<^sub>! (p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! (p' \<^bold>\\<^sub>! q')\ proof - have \A; B \\<^sub>! (p \<^bold>\\<^sub>! p') \<^bold>\\<^sub>! (q \<^bold>\\<^sub>! q') \<^bold>\\<^sub>! ((p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! (p' \<^bold>\\<^sub>! q'))\ by (simp add: PA1) then show ?thesis using assms PR1 by blast qed lemma Iff_Imp: assumes \A; B \\<^sub>! p \<^bold>\\<^sub>! p'\ \A; B \\<^sub>! q \<^bold>\\<^sub>! q'\ shows \A; B \\<^sub>! ((p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! (p' \<^bold>\\<^sub>! q'))\ proof - have \A; B \\<^sub>! (p \<^bold>\\<^sub>! p') \<^bold>\\<^sub>! (q \<^bold>\\<^sub>! q') \<^bold>\\<^sub>! ((p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! (p' \<^bold>\\<^sub>! q'))\ by (simp add: PA1) then show ?thesis using assms PR1 by blast qed lemma Iff_sym: \(A; B \\<^sub>! p \<^bold>\\<^sub>! q) = (A; B \\<^sub>! q \<^bold>\\<^sub>! p)\ proof - have \A; B \\<^sub>! (p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! (q \<^bold>\\<^sub>! p)\ by (simp add: PA1) then show ?thesis using PR1 ConE by blast qed lemma Iff_Iff: assumes \A; B \\<^sub>! p \<^bold>\\<^sub>! p'\ \A; B \\<^sub>! p \<^bold>\\<^sub>! q\ shows \A; B \\<^sub>! p' \<^bold>\\<^sub>! q\ proof - have \ptautology ((p \<^bold>\\<^sub>! p') \<^bold>\\<^sub>! (p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! (p' \<^bold>\\<^sub>! q))\ by (metis peval.simps(4-5)) with PA1 have \A; B \\<^sub>! (p \<^bold>\\<^sub>! p') \<^bold>\\<^sub>! (p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! (p' \<^bold>\\<^sub>! q)\ . then show ?thesis using assms PR1 by blast qed lemma K'_A2': \A; B \\<^sub>! K\<^sub>! i (p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! K\<^sub>! i p \<^bold>\\<^sub>! K\<^sub>! i q\ proof - have \A; B \\<^sub>! K\<^sub>! i p \<^bold>\\<^sub>! K\<^sub>! i (p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! K\<^sub>! i q\ using PA2 by fast moreover have \A; B \\<^sub>! (P \<^bold>\\<^sub>! Q \<^bold>\\<^sub>! R) \<^bold>\\<^sub>! (Q \<^bold>\\<^sub>! P \<^bold>\\<^sub>! R)\ for P Q R by (simp add: PA1) ultimately show ?thesis using PR1 by fast qed lemma K'_map: assumes \A; B \\<^sub>! p \<^bold>\\<^sub>! q\ shows \A; B \\<^sub>! K\<^sub>! i p \<^bold>\\<^sub>! K\<^sub>! i q\ proof - note \A; B \\<^sub>! p \<^bold>\\<^sub>! q\ then have \A; B \\<^sub>! K\<^sub>! i (p \<^bold>\\<^sub>! q)\ using PR2 by fast moreover have \A; B \\<^sub>! K\<^sub>! i (p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! K\<^sub>! i p \<^bold>\\<^sub>! K\<^sub>! i q\ using K'_A2' by fast ultimately show ?thesis using PR1 by fast qed lemma ConI: assumes \A; B \\<^sub>! p\ \A; B \\<^sub>! q\ shows \A; B \\<^sub>! p \<^bold>\\<^sub>! q\ proof - have \A; B \\<^sub>! p \<^bold>\\<^sub>! q \<^bold>\\<^sub>! p \<^bold>\\<^sub>! q\ by (simp add: PA1) then show ?thesis using assms PR1 by blast qed lemma Iff_wk: assumes \A; B \\<^sub>! p \<^bold>\\<^sub>! q\ shows \A; B \\<^sub>! (r \<^bold>\\<^sub>! p) \<^bold>\\<^sub>! (r \<^bold>\\<^sub>! q)\ proof - have \A; B \\<^sub>! (p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! ((r \<^bold>\\<^sub>! p) \<^bold>\\<^sub>! (r \<^bold>\\<^sub>! q))\ by (simp add: PA1) then show ?thesis using assms PR1 by blast qed lemma Iff_reduce': assumes \static p\ shows \A; B \\<^sub>! [r]\<^sub>! p \<^bold>\\<^sub>! reduce' r p\ using assms proof (induct p rule: pfm.induct) case FF then show ?case by (simp add: PFF) next case (Pro' x) then show ?case by (simp add: PPro) next case (Dis p q) then have \A; B \\<^sub>! [r]\<^sub>! p \<^bold>\\<^sub>! [r]\<^sub>! q \<^bold>\\<^sub>! reduce' r (p \<^bold>\\<^sub>! q)\ using Iff_Dis by fastforce moreover have \A; B \\<^sub>! ([r]\<^sub>! p \<^bold>\\<^sub>! [r]\<^sub>! q) \<^bold>\\<^sub>! ([r]\<^sub>! (p \<^bold>\\<^sub>! q))\ using PDis Iff_sym by fastforce ultimately show ?case using PA1 PR1 Iff_Iff by blast next case (Con p q) then have \A; B \\<^sub>! [r]\<^sub>! p \<^bold>\\<^sub>! [r]\<^sub>! q \<^bold>\\<^sub>! reduce' r (p \<^bold>\\<^sub>! q)\ using Iff_Con by fastforce moreover have \A; B \\<^sub>! ([r]\<^sub>! p \<^bold>\\<^sub>! [r]\<^sub>! q) \<^bold>\\<^sub>! ([r]\<^sub>! (p \<^bold>\\<^sub>! q))\ using PCon Iff_sym by fastforce ultimately show ?case using PA1 PR1 Iff_Iff by blast next case (Imp p q) then have \A; B \\<^sub>! ([r]\<^sub>! p \<^bold>\\<^sub>! [r]\<^sub>! q) \<^bold>\\<^sub>! reduce' r (p \<^bold>\\<^sub>! q)\ using Iff_Imp by fastforce moreover have \A; B \\<^sub>! ([r]\<^sub>! p \<^bold>\\<^sub>! [r]\<^sub>! q) \<^bold>\\<^sub>! ([r]\<^sub>! (p \<^bold>\\<^sub>! q))\ using PImp Iff_sym by fastforce ultimately show ?case using PA1 PR1 Iff_Iff by blast next case (K' i p) then have \A; B \\<^sub>! [r]\<^sub>! p \<^bold>\\<^sub>! reduce' r p\ by simp then have \A; B \\<^sub>! K\<^sub>! i ([r]\<^sub>! p) \<^bold>\\<^sub>! K\<^sub>! i (reduce' r p)\ using K'_map ConE ConI by metis moreover have \A; B \\<^sub>! [r]\<^sub>! K\<^sub>! i p \<^bold>\\<^sub>! r \<^bold>\\<^sub>! K\<^sub>! i ([r]\<^sub>! p)\ using PK . ultimately have \A; B \\<^sub>! [r]\<^sub>! K\<^sub>! i p \<^bold>\\<^sub>! r \<^bold>\\<^sub>! K\<^sub>! i (reduce' r p)\ by (meson Iff_Iff Iff_sym Iff_wk) then show ?case by simp next case (Ann r p) then show ?case by simp qed lemma Iff_Ann1: assumes r: \A; B \\<^sub>! r \<^bold>\\<^sub>! r'\ and \static p\ shows \A; B \\<^sub>! [r]\<^sub>! p \<^bold>\\<^sub>! [r']\<^sub>! p\ using assms(2-) proof (induct p) case FF have \A; B \\<^sub>! (r \<^bold>\\<^sub>! r') \<^bold>\\<^sub>! ((r \<^bold>\\<^sub>! \<^bold>\\<^sub>!) \<^bold>\\<^sub>! (r' \<^bold>\\<^sub>! \<^bold>\\<^sub>!))\ by (auto intro: PA1) then have \A; B \\<^sub>! (r \<^bold>\\<^sub>! \<^bold>\\<^sub>!) \<^bold>\\<^sub>! (r' \<^bold>\\<^sub>! \<^bold>\\<^sub>!)\ using r PR1 by blast then show ?case by (meson PFF Iff_Iff Iff_sym) next case (Pro' x) have \A; B \\<^sub>! (r \<^bold>\\<^sub>! r') \<^bold>\\<^sub>! ((r \<^bold>\\<^sub>! Pro\<^sub>! x) \<^bold>\\<^sub>! (r' \<^bold>\\<^sub>! Pro\<^sub>! x))\ by (auto intro: PA1) then have \A; B \\<^sub>! (r \<^bold>\\<^sub>! Pro\<^sub>! x) \<^bold>\\<^sub>! (r' \<^bold>\\<^sub>! Pro\<^sub>! x)\ using r PR1 by blast then show ?case by (meson PPro Iff_Iff Iff_sym) next case (Dis p q) then have \A; B \\<^sub>! [r]\<^sub>! p \<^bold>\\<^sub>! [r]\<^sub>! q \<^bold>\\<^sub>! [r']\<^sub>! p \<^bold>\\<^sub>! [r']\<^sub>! q\ by (simp add: Iff_Dis) then show ?case by (meson PDis Iff_Iff Iff_sym) next case (Con p q) then have \A; B \\<^sub>! [r]\<^sub>! p \<^bold>\\<^sub>! [r]\<^sub>! q \<^bold>\\<^sub>! [r']\<^sub>! p \<^bold>\\<^sub>! [r']\<^sub>! q\ by (simp add: Iff_Con) then show ?case by (meson PCon Iff_Iff Iff_sym) next case (Imp p q) then have \A; B \\<^sub>! ([r]\<^sub>! p \<^bold>\\<^sub>! [r]\<^sub>! q) \<^bold>\\<^sub>! ([r']\<^sub>! p \<^bold>\\<^sub>! [r']\<^sub>! q)\ by (simp add: Iff_Imp) then show ?case by (meson PImp Iff_Iff Iff_sym) next case (K' i p) then have \A; B \\<^sub>! [r]\<^sub>! p \<^bold>\\<^sub>! [r']\<^sub>! p\ by simp then have \A; B \\<^sub>! K\<^sub>! i ([r]\<^sub>! p) \<^bold>\\<^sub>! K\<^sub>! i ([r']\<^sub>! p)\ using K'_map ConE ConI by metis then show ?case by (meson Iff_Iff Iff_Imp Iff_sym PK r) next case (Ann s p) then show ?case by simp qed lemma Iff_Ann2: assumes \A; B \\<^sub>! p \<^bold>\\<^sub>! p'\ and \B r\ shows \A; B \\<^sub>! [r]\<^sub>! p \<^bold>\\<^sub>! [r]\<^sub>! p'\ using assms PAnn ConE ConI PImp PR1 by metis lemma Iff_reduce: assumes \\r \ anns p. B r\ shows \A; B \\<^sub>! p \<^bold>\\<^sub>! reduce p\ using assms proof (induct p) case (Dis p q) then show ?case by (simp add: Iff_Dis) next case (Con p q) then show ?case by (simp add: Iff_Con) next case (Imp p q) then show ?case by (simp add: Iff_Imp) next case (K' i p) then have \A; B \\<^sub>! K\<^sub>! i p \<^bold>\\<^sub>! K\<^sub>! i (reduce p)\ \A; B \\<^sub>! K\<^sub>! i (reduce p) \<^bold>\\<^sub>! K\<^sub>! i p\ using K'_map ConE by fastforce+ then have \A; B \\<^sub>! K\<^sub>! i p \<^bold>\\<^sub>! K\<^sub>! i (reduce p)\ using ConI by blast then show ?case by simp next case (Ann r p) then have \B r\ by simp have \A; B \\<^sub>! [reduce r]\<^sub>! reduce p \<^bold>\\<^sub>! reduce' (reduce r) (reduce p)\ using Iff_reduce' static_reduce by blast moreover have \A; B \\<^sub>! [r]\<^sub>! reduce p \<^bold>\\<^sub>! [reduce r]\<^sub>! reduce p\ using Ann Iff_Ann1 static_reduce by fastforce ultimately have \A; B \\<^sub>! [r]\<^sub>! reduce p \<^bold>\\<^sub>! reduce' (reduce r) (reduce p)\ using Iff_Iff Iff_sym by blast moreover have \\r \ anns p. B r\ using Ann.prems by simp then have \A; B \\<^sub>! p \<^bold>\\<^sub>! reduce p\ using Ann.hyps(2) by blast then have \A; B \\<^sub>! [r]\<^sub>! reduce p \<^bold>\\<^sub>! [r]\<^sub>! p\ using \B r\ Iff_Ann2 Iff_sym by blast ultimately have \A; B \\<^sub>! [r]\<^sub>! p \<^bold>\\<^sub>! reduce' (reduce r) (reduce p)\ using Iff_Iff by blast then show ?case by simp qed (simp_all add: PA1) lemma anns_implyP [simp]: \anns (ps \<^bold>\\<^sub>! q) = anns q \ (\p \ set ps. anns p)\ by (induct ps) auto lemma strong_completeness\<^sub>P': assumes \P; G \\<^sub>! p\ and \\r \ anns p. B r\ \\q \ G. \r \ anns q. B r\ and \P; lower ` reduce ` G \\ lower (reduce p) \ A o lift; lower ` reduce ` G \ lower (reduce p)\ shows \A; B; G \\<^sub>! p\ proof - have \P; reduce ` G \\<^sub>!\ reduce p\ using assms(1) reduce_semantics by fast moreover have \static (reduce p)\ \\q \ reduce ` G. static q\ using static_reduce by fast+ ultimately have \A; B; reduce ` G \\<^sub>! reduce p\ using assms(4) strong_static_completeness'[where G=\reduce ` G\ and p=\reduce p\] by presburger then have \\qs. set qs \ G \ (A; B \\<^sub>! map reduce qs \<^bold>\\<^sub>! reduce p)\ using set_map_inv by fast then obtain qs where qs: \set qs \ G\ and \A; B \\<^sub>! map reduce qs \<^bold>\\<^sub>! reduce p\ by blast then have \A; B \\<^sub>! reduce (qs \<^bold>\\<^sub>! p)\ using reduce_implyP by metis moreover have \\r \ anns (qs \<^bold>\\<^sub>! p). B r\ using assms(2-3) qs by auto then have \A; B \\<^sub>! qs \<^bold>\\<^sub>! p \<^bold>\\<^sub>! reduce (qs \<^bold>\\<^sub>! p)\ using Iff_reduce by blast ultimately have \A; B \\<^sub>! qs \<^bold>\\<^sub>! p\ using ConE(2) PR1 by blast then show ?thesis using qs by blast qed theorem strong_completeness\<^sub>P: assumes \P; G \\<^sub>! p\ and \\r \ anns p. B r\ \\q \ G. \r \ anns q. B r\ and \\G p. P; G \\ p \ A o lift; G \ p\ shows \A; B; G \\<^sub>! p\ using strong_completeness\<^sub>P' assms . theorem main\<^sub>P: assumes \\M w p. A p \ P M \ w \ \ M \ M, w \\<^sub>! p\ and \\M r. P M \ B r \ P (M[r!])\ and \\r \ anns p. B r\ \\q \ G. \r \ anns q. B r\ and \\G p. P; G \\ p \ A o lift; G \ p\ shows \P; G \\<^sub>! p \ A; B; G \\<^sub>! p\ using strong_soundness\<^sub>P[of A P B G p] strong_completeness\<^sub>P[of P G p B A] assms by blast corollary strong_completeness\<^sub>P\<^sub>B: assumes \P; G \\<^sub>! p\ and \\G p. P; G \\ p \ A o lift; G \ p\ shows \A; (\_. True); G \\<^sub>! p\ using strong_completeness\<^sub>P[where B=\\_. True\] assms by blast corollary completeness\<^sub>P': assumes \P; {} \\<^sub>! p\ and \\r \ anns p. B r\ - and \\p. valid P {} (lower p) \ A o lift \ lower p\ + and \\p. P; {} \ lower p \ A o lift \ lower p\ shows \A; B \\<^sub>! p\ using assms strong_completeness\<^sub>P'[where P=P and G=\{}\] by simp corollary completeness\<^sub>P: assumes \P; {} \\<^sub>! p\ and \\r \ anns p. B r\ - and \\p. valid P {} p \ A o lift \ p\ + and \\p. P; {} \ p \ A o lift \ p\ shows \A; B \\<^sub>! p\ using completeness\<^sub>P' assms . corollary completeness\<^sub>P\<^sub>A: assumes \(\_. True); {} \\<^sub>! p\ shows \A; (\_. True) \\<^sub>! p\ using assms completeness\<^sub>P[of \\_. True\ p \\_. True\] completeness\<^sub>A by blast section \System PAL + K\ abbreviation SystemPK (\_ \\<^sub>!\<^sub>K _\ [50, 50] 50) where \G \\<^sub>!\<^sub>K p \ (\_. False); (\_. True); G \\<^sub>! p\ lemma strong_soundness\<^sub>P\<^sub>K: \G \\<^sub>!\<^sub>K p \ (\_. True); G \\<^sub>!\ p\ using strong_soundness\<^sub>P[of \\_. False\ \\_. True\] by fast abbreviation validPK (\_ \\<^sub>!\<^sub>K _\ [50, 50] 50) where \G \\<^sub>!\<^sub>K p \ (\_. True); G \\<^sub>! p\ lemma strong_completeness\<^sub>P\<^sub>K: assumes \G \\<^sub>!\<^sub>K p\ shows \G \\<^sub>!\<^sub>K p\ using strong_completeness\<^sub>P\<^sub>B assms strong_completeness\<^sub>K unfolding comp_apply . theorem main\<^sub>P\<^sub>K: \G \\<^sub>!\<^sub>K p \ G \\<^sub>!\<^sub>K p\ using strong_soundness\<^sub>P\<^sub>K[of G p] strong_completeness\<^sub>P\<^sub>K[of G p] by fast corollary \G \\<^sub>!\<^sub>K p \ (\_. True); G \\<^sub>!\ p\ using strong_soundness\<^sub>P\<^sub>K[of G p] strong_completeness\<^sub>P\<^sub>K[of G p] by fast section \System PAL + T\ text \Also known as System PAL + M\ inductive AxPT :: \'i pfm \ bool\ where \AxPT (K\<^sub>! i p \<^bold>\\<^sub>! p)\ abbreviation SystemPT (\_ \\<^sub>!\<^sub>T _\ [50, 50] 50) where \G \\<^sub>!\<^sub>T p \ AxPT; (\_. True); G \\<^sub>! p\ lemma soundness_AxPT: \AxPT p \ reflexive M \ w \ \ M \ M, w \\<^sub>! p\ unfolding reflexive_def by (induct p rule: AxPT.induct) simp lemma reflexive_restrict: \reflexive M \ reflexive (M[r!])\ unfolding reflexive_def by simp lemma strong_soundness\<^sub>P\<^sub>T: \G \\<^sub>!\<^sub>T p \ reflexive; G \\<^sub>!\ p\ using strong_soundness\<^sub>P[of AxPT reflexive \\_. True\ G p] soundness_AxPT reflexive_restrict by fast lemma AxT_AxPT: \AxT = AxPT o lift\ unfolding comp_apply using lower_lift by (metis AxPT.simps AxT.simps lift.simps(5-6) lower.simps(5-6)) abbreviation validPT (\_ \\<^sub>!\<^sub>T _\ [50, 50] 50) where \G \\<^sub>!\<^sub>T p \ reflexive; G \\<^sub>! p\ lemma strong_completeness\<^sub>P\<^sub>T: assumes \G \\<^sub>!\<^sub>T p\ shows \G \\<^sub>!\<^sub>T p\ using strong_completeness\<^sub>P\<^sub>B assms strong_completeness\<^sub>T unfolding AxT_AxPT . theorem main\<^sub>P\<^sub>T: \G \\<^sub>!\<^sub>T p \ G \\<^sub>!\<^sub>T p\ using strong_soundness\<^sub>P\<^sub>T[of G p] strong_completeness\<^sub>P\<^sub>T[of G p] by fast corollary \G \\<^sub>!\<^sub>T p \ reflexive; G \\<^sub>!\ p\ using strong_soundness\<^sub>P\<^sub>T[of G p] strong_completeness\<^sub>P\<^sub>T[of G p] by fast section \System PAL + KB\ inductive AxPB :: \'i pfm \ bool\ where \AxPB (p \<^bold>\\<^sub>! K\<^sub>! i (L\<^sub>! i p))\ abbreviation SystemPKB (\_ \\<^sub>!\<^sub>K\<^sub>B _\ [50, 50] 50) where \G \\<^sub>!\<^sub>K\<^sub>B p \ AxPB; (\_. True); G \\<^sub>! p\ lemma soundness_AxPB: \AxPB p \ symmetric M \ w \ \ M \ M, w \\<^sub>! p\ unfolding symmetric_def by (induct p rule: AxPB.induct) auto lemma symmetric_restrict: \symmetric M \ symmetric (M[r!])\ unfolding symmetric_def by simp lemma strong_soundness\<^sub>P\<^sub>K\<^sub>B: \G \\<^sub>!\<^sub>K\<^sub>B p \ symmetric; G \\<^sub>!\ p\ using strong_soundness\<^sub>P[of AxPB symmetric \\_. True\ G p] soundness_AxPB symmetric_restrict by fast lemma AxB_AxPB: \AxB = AxPB o lift\ proof fix p :: \'i fm\ show \AxB p = (AxPB \ lift) p\ unfolding comp_apply using lower_lift by (smt (verit, best) AxB.simps AxPB.simps lift.simps(1, 5-6) lower.simps(5-6)) qed abbreviation validPKB (\_ \\<^sub>!\<^sub>K\<^sub>B _\ [50, 50] 50) where \G \\<^sub>!\<^sub>K\<^sub>B p \ symmetric; G \\<^sub>! p\ lemma strong_completeness\<^sub>P\<^sub>K\<^sub>B: assumes \G \\<^sub>!\<^sub>K\<^sub>B p\ shows \G \\<^sub>!\<^sub>K\<^sub>B p\ using strong_completeness\<^sub>P\<^sub>B assms strong_completeness\<^sub>K\<^sub>B unfolding AxB_AxPB . theorem main\<^sub>P\<^sub>K\<^sub>B: \G \\<^sub>!\<^sub>K\<^sub>B p \ G \\<^sub>!\<^sub>K\<^sub>B p\ using strong_soundness\<^sub>P\<^sub>K\<^sub>B[of G p] strong_completeness\<^sub>P\<^sub>K\<^sub>B[of G p] by fast corollary \G \\<^sub>!\<^sub>K\<^sub>B p \ symmetric; G \\<^sub>!\ p\ using strong_soundness\<^sub>P\<^sub>K\<^sub>B[of G p] strong_completeness\<^sub>P\<^sub>K\<^sub>B[of G p] by fast section \System PAL + K4\ inductive AxP4 :: \'i pfm \ bool\ where \AxP4 (K\<^sub>! i p \<^bold>\\<^sub>! K\<^sub>! i (K\<^sub>! i p))\ abbreviation SystemPK4 (\_ \\<^sub>!\<^sub>K\<^sub>4 _\ [50, 50] 50) where \G \\<^sub>!\<^sub>K\<^sub>4 p \ AxP4; (\_. True); G \\<^sub>! p\ lemma pos_introspection: assumes \transitive M\ \w \ \ M\ shows \M, w \\<^sub>! (K\<^sub>! i p \<^bold>\\<^sub>! K\<^sub>! i (K\<^sub>! i p))\ proof - { assume \M, w \\<^sub>! K\<^sub>! i p\ then have \\v \ \ M \ \ M i w. M, v \\<^sub>! p\ by simp then have \\v \ \ M \ \ M i w. \u \ \ M \ \ M i v. M, u \\<^sub>! p\ using \transitive M\ \w \ \ M\ unfolding transitive_def by blast then have \\v \ \ M \ \ M i w. M, v \\<^sub>! K\<^sub>! i p\ by simp then have \M, w \\<^sub>! K\<^sub>! i (K\<^sub>! i p)\ by simp } then show ?thesis by fastforce qed lemma soundness_AxP4: \AxP4 p \ transitive M \ w \ \ M \ M, w \\<^sub>! p\ by (induct p rule: AxP4.induct) (metis pos_introspection) lemma transitive_restrict: \transitive M \ transitive (M[r!])\ unfolding transitive_def by (cases M) (metis (no_types, lifting) frame.select_convs(1-2) frame.update_convs(1) mem_Collect_eq restrict.simps) lemma strong_soundness\<^sub>P\<^sub>K\<^sub>4: \G \\<^sub>!\<^sub>K\<^sub>4 p \ transitive; G \\<^sub>!\ p\ using strong_soundness\<^sub>P[of AxP4 transitive \\_. True\ G p] soundness_AxP4 transitive_restrict by fast lemma Ax4_AxP4: \Ax4 = AxP4 o lift\ proof fix p :: \'i fm\ show \Ax4 p = (AxP4 \ lift) p\ unfolding comp_apply using lower_lift by (smt (verit, best) Ax4.simps AxP4.simps lift.simps(1, 5-6) lower.simps(5-6)) qed abbreviation validPK4 (\_ \\<^sub>!\<^sub>K\<^sub>4 _\ [50, 50] 50) where \G \\<^sub>!\<^sub>K\<^sub>4 p \ transitive; G \\<^sub>! p\ lemma strong_completeness\<^sub>P\<^sub>K\<^sub>4: assumes \G \\<^sub>!\<^sub>K\<^sub>4 p\ shows \G \\<^sub>!\<^sub>K\<^sub>4 p\ using strong_completeness\<^sub>P\<^sub>B assms strong_completeness\<^sub>K\<^sub>4 unfolding Ax4_AxP4 . theorem main\<^sub>P\<^sub>K\<^sub>4: \G \\<^sub>!\<^sub>K\<^sub>4 p \ G \\<^sub>!\<^sub>K\<^sub>4 p\ using strong_soundness\<^sub>P\<^sub>K\<^sub>4[of G p] strong_completeness\<^sub>P\<^sub>K\<^sub>4[of G p] by fast corollary \G \\<^sub>!\<^sub>K\<^sub>4 p \ transitive; G \\<^sub>!\ p\ using strong_soundness\<^sub>P\<^sub>K\<^sub>4[of G p] strong_completeness\<^sub>P\<^sub>K\<^sub>4[of G p] by fast section \System PAL + K5\ inductive AxP5 :: \'i pfm \ bool\ where \AxP5 (L\<^sub>! i p \<^bold>\\<^sub>! K\<^sub>! i (L\<^sub>! i p))\ abbreviation SystemPK5 (\_ \\<^sub>!\<^sub>K\<^sub>5 _\ [50, 50] 50) where \G \\<^sub>!\<^sub>K\<^sub>5 p \ AxP5; (\_. True); G \\<^sub>! p\ lemma soundness_AxP5: \AxP5 p \ Euclidean M \ w \ \ M \ M, w \\<^sub>! p\ by (induct p rule: AxP5.induct) (unfold Euclidean_def psemantics.simps, blast) lemma Euclidean_restrict: \Euclidean M \ Euclidean (M[r!])\ unfolding Euclidean_def by auto lemma strong_soundness\<^sub>P\<^sub>K\<^sub>5: \G \\<^sub>!\<^sub>K\<^sub>5 p \ Euclidean; G \\<^sub>!\ p\ using strong_soundness\<^sub>P[of AxP5 Euclidean \\_. True\ G p] soundness_AxP5 Euclidean_restrict by fast lemma Ax5_AxP5: \Ax5 = AxP5 o lift\ proof fix p :: \'i fm\ show \Ax5 p = (AxP5 \ lift) p\ unfolding comp_apply using lower_lift by (smt (verit, best) Ax5.simps AxP5.simps lift.simps(1, 5-6) lower.simps(5-6)) qed abbreviation validPK5 (\_ \\<^sub>!\<^sub>K\<^sub>5 _\ [50, 50] 50) where \G \\<^sub>!\<^sub>K\<^sub>5 p \ Euclidean; G \\<^sub>! p\ lemma strong_completeness\<^sub>P\<^sub>K\<^sub>5: assumes \G \\<^sub>!\<^sub>K\<^sub>5 p\ shows \G \\<^sub>!\<^sub>K\<^sub>5 p\ using strong_completeness\<^sub>P\<^sub>B assms strong_completeness\<^sub>K\<^sub>5 unfolding Ax5_AxP5 . theorem main\<^sub>P\<^sub>K\<^sub>5: \G \\<^sub>!\<^sub>K\<^sub>5 p \ G \\<^sub>!\<^sub>K\<^sub>5 p\ using strong_soundness\<^sub>P\<^sub>K\<^sub>5[of G p] strong_completeness\<^sub>P\<^sub>K\<^sub>5[of G p] by fast corollary \G \\<^sub>!\<^sub>K\<^sub>5 p \ Euclidean; G \\<^sub>!\ p\ using strong_soundness\<^sub>P\<^sub>K\<^sub>5[of G p] strong_completeness\<^sub>P\<^sub>K\<^sub>5[of G p] by fast section \System PAL + S4\ abbreviation SystemPS4 (\_ \\<^sub>!\<^sub>S\<^sub>4 _\ [50, 50] 50) where \G \\<^sub>!\<^sub>S\<^sub>4 p \ AxPT \ AxP4; (\_. True); G \\<^sub>! p\ lemma soundness_AxPT4: \(AxPT \ AxP4) p \ refltrans M \ w \ \ M \ M, w \\<^sub>! p\ using soundness_AxPT soundness_AxP4 by fast lemma refltrans_restrict: \refltrans M \ refltrans (M[r!])\ using reflexive_restrict transitive_restrict by blast lemma strong_soundness\<^sub>P\<^sub>S\<^sub>4: \G \\<^sub>!\<^sub>S\<^sub>4 p \ refltrans; G \\<^sub>!\ p\ using strong_soundness\<^sub>P[of \AxPT \ AxP4\ refltrans \\_. True\ G p] soundness_AxPT4 refltrans_restrict by fast lemma AxT4_AxPT4: \(AxT \ Ax4) = (AxPT \ AxP4) o lift\ using AxT_AxPT Ax4_AxP4 unfolding comp_apply by metis abbreviation validPS4 (\_ \\<^sub>!\<^sub>S\<^sub>4 _\ [50, 50] 50) where \G \\<^sub>!\<^sub>S\<^sub>4 p \ refltrans; G \\<^sub>! p\ theorem strong_completeness\<^sub>P\<^sub>S\<^sub>4: assumes \G \\<^sub>!\<^sub>S\<^sub>4 p\ shows \G \\<^sub>!\<^sub>S\<^sub>4 p\ using strong_completeness\<^sub>P\<^sub>B assms strong_completeness\<^sub>S\<^sub>4 unfolding AxT4_AxPT4 . theorem main\<^sub>P\<^sub>S\<^sub>4: \G \\<^sub>!\<^sub>S\<^sub>4 p \ G \\<^sub>!\<^sub>S\<^sub>4 p\ using strong_soundness\<^sub>P\<^sub>S\<^sub>4[of G p] strong_completeness\<^sub>P\<^sub>S\<^sub>4[of G p] by fast corollary \G \\<^sub>!\<^sub>S\<^sub>4 p \ refltrans; G \\<^sub>!\ p\ using strong_soundness\<^sub>P\<^sub>S\<^sub>4[of G p] strong_completeness\<^sub>P\<^sub>S\<^sub>4[of G p] by fast section \System PAL + S5\ abbreviation SystemPS5 (\_ \\<^sub>!\<^sub>S\<^sub>5 _\ [50, 50] 50) where \G \\<^sub>!\<^sub>S\<^sub>5 p \ AxPT \ AxPB \ AxP4; (\_. True); G \\<^sub>! p\ abbreviation AxPTB4 :: \'i pfm \ bool\ where \AxPTB4 \ AxPT \ AxPB \ AxP4\ lemma soundness_AxPTB4: \AxPTB4 p \ equivalence M \ w \ \ M \ M, w \\<^sub>! p\ using soundness_AxPT soundness_AxPB soundness_AxP4 by fast lemma equivalence_restrict: \equivalence M \ equivalence (M[r!])\ using reflexive_restrict symmetric_restrict transitive_restrict by blast lemma strong_soundness\<^sub>P\<^sub>S\<^sub>5: \G \\<^sub>!\<^sub>S\<^sub>5 p \ equivalence; G \\<^sub>!\ p\ using strong_soundness\<^sub>P[of AxPTB4 equivalence \\_. True\ G p] soundness_AxPTB4 equivalence_restrict by fast lemma AxTB4_AxPTB4: \AxTB4 = AxPTB4 o lift\ using AxT_AxPT AxB_AxPB Ax4_AxP4 unfolding comp_apply by metis abbreviation validPS5 (\_ \\<^sub>!\<^sub>S\<^sub>5 _\ [50, 50] 50) where \G \\<^sub>!\<^sub>S\<^sub>5 p \ equivalence; G \\<^sub>! p\ theorem strong_completeness\<^sub>P\<^sub>S\<^sub>5: assumes \G \\<^sub>!\<^sub>S\<^sub>5 p\ shows \G \\<^sub>!\<^sub>S\<^sub>5 p\ using strong_completeness\<^sub>P\<^sub>B assms strong_completeness\<^sub>S\<^sub>5 unfolding AxTB4_AxPTB4 . theorem main\<^sub>P\<^sub>S\<^sub>5: \G \\<^sub>!\<^sub>S\<^sub>5 p \ G \\<^sub>!\<^sub>S\<^sub>5 p\ using strong_soundness\<^sub>P\<^sub>S\<^sub>5[of G p] strong_completeness\<^sub>P\<^sub>S\<^sub>5[of G p] by fast corollary \G \\<^sub>!\<^sub>S\<^sub>5 p \ equivalence; G \\<^sub>!\ p\ using strong_soundness\<^sub>P\<^sub>S\<^sub>5[of G p] strong_completeness\<^sub>P\<^sub>S\<^sub>5[of G p] by fast section \System PAL + S5'\ abbreviation SystemPS5' (\_ \\<^sub>!\<^sub>S\<^sub>5'' _\ [50, 50] 50) where \G \\<^sub>!\<^sub>S\<^sub>5' p \ AxPT \ AxP5; (\_. True); G \\<^sub>! p\ abbreviation AxPT5 :: \'i pfm \ bool\ where \AxPT5 \ AxPT \ AxP5\ lemma soundness_AxPT5: \AxPT5 p \ equivalence M \ w \ \ M \ M, w \\<^sub>! p\ using soundness_AxPT soundness_AxPT soundness_AxP5 symm_trans_Euclid by fast lemma strong_soundness\<^sub>P\<^sub>S\<^sub>5': \G \\<^sub>!\<^sub>S\<^sub>5' p \ equivalence; G \\<^sub>!\ p\ using strong_soundness\<^sub>P[of AxPT5 equivalence \\_. True\ G p] soundness_AxPT5 equivalence_restrict by fast lemma AxT5_AxPT5: \AxT5 = AxPT5 o lift\ using AxT_AxPT Ax5_AxP5 unfolding comp_apply by metis theorem strong_completeness\<^sub>P\<^sub>S\<^sub>5': assumes \G \\<^sub>!\<^sub>S\<^sub>5 p\ shows \G \\<^sub>!\<^sub>S\<^sub>5' p\ using strong_completeness\<^sub>P\<^sub>B assms strong_completeness\<^sub>S\<^sub>5' unfolding AxT5_AxPT5 . theorem main\<^sub>P\<^sub>S\<^sub>5': \G \\<^sub>!\<^sub>S\<^sub>5 p \ G \\<^sub>!\<^sub>S\<^sub>5' p\ using strong_soundness\<^sub>P\<^sub>S\<^sub>5'[of G p] strong_completeness\<^sub>P\<^sub>S\<^sub>5'[of G p] by fast end