diff --git a/thys/Public_Announcement_Logic/PAL.thy b/thys/Public_Announcement_Logic/PAL.thy --- a/thys/Public_Announcement_Logic/PAL.thy +++ b/thys/Public_Announcement_Logic/PAL.thy @@ -1,810 +1,885 @@ (* File: PAL.thy Author: Asta Halkjær From This work is a formalization of public announcement logic with countably many agents. It includes proofs of soundness and completeness for a variant of the axiom system PA + DIST! + NEC!. The completeness proof builds on the Epistemic Logic theory. *) theory PAL imports "Epistemic_Logic.Epistemic_Logic" begin section \Syntax\ datatype 'i pfm = FF (\\<^bold>\\<^sub>!\) | Pro' id (\Pro\<^sub>!\) | Dis \'i pfm\ \'i pfm\ (infixr \\<^bold>\\<^sub>!\ 30) | Con \'i pfm\ \'i pfm\ (infixr \\<^bold>\\<^sub>!\ 35) | Imp \'i pfm\ \'i pfm\ (infixr \\<^bold>\\<^sub>!\ 25) | K' 'i \'i pfm\ (\K\<^sub>!\) | Ann \'i pfm\ \'i pfm\ (\[_]\<^sub>! _\ [50, 50] 50) abbreviation PIff :: \'i pfm \ 'i pfm \ 'i pfm\ (infixr \\<^bold>\\<^sub>!\ 25) where \p \<^bold>\\<^sub>! q \ (p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! (q \<^bold>\\<^sub>! p)\ abbreviation PNeg (\\<^bold>\\<^sub>! _\ [40] 40) where \\<^bold>\\<^sub>! p \ p \<^bold>\\<^sub>! \<^bold>\\<^sub>!\ abbreviation PL (\L\<^sub>!\) where \L\<^sub>! i p \ (\<^bold>\\<^sub>! (K\<^sub>! i (\<^bold>\\<^sub>! p)))\ section \Semantics\ fun psemantics :: \('i, 'w) kripke \ 'w \ 'i pfm \ bool\ (\_, _ \\<^sub>! _\ [50, 50] 50) and restrict :: \('i, 'w) kripke \ 'i pfm \ ('i, 'w) kripke\ where \(M, w \\<^sub>! \<^bold>\\<^sub>!) = False\ | \(M, w \\<^sub>! Pro\<^sub>! x) = \ M w x\ | \(M, w \\<^sub>! (p \<^bold>\\<^sub>! q)) = ((M, w \\<^sub>! p) \ (M, w \\<^sub>! q))\ | \(M, w \\<^sub>! (p \<^bold>\\<^sub>! q)) = ((M, w \\<^sub>! p) \ (M, w \\<^sub>! q))\ | \(M, w \\<^sub>! (p \<^bold>\\<^sub>! q)) = ((M, w \\<^sub>! p) \ (M, w \\<^sub>! q))\ | \(M, w \\<^sub>! K\<^sub>! i p) = (\v \ \ M \ \ M i w. M, v \\<^sub>! p)\ | \(M, w \\<^sub>! [r]\<^sub>! p) = ((M, w \\<^sub>! r) \ (restrict M r, w \\<^sub>! p))\ | \restrict M p = Kripke {w. w \ \ M \ M, w \\<^sub>! p} (\ M) (\ M)\ primrec static :: \'i pfm \ bool\ where \static \<^bold>\\<^sub>! = True\ | \static (Pro\<^sub>! _) = True\ | \static (p \<^bold>\\<^sub>! q) = (static p \ static q)\ | \static (p \<^bold>\\<^sub>! q) = (static p \ static q)\ | \static (p \<^bold>\\<^sub>! q) = (static p \ static q)\ | \static (K\<^sub>! i p) = static p\ | \static ([r]\<^sub>! p) = False\ primrec lower :: \'i pfm \ 'i fm\ where \lower \<^bold>\\<^sub>! = \<^bold>\\ | \lower (Pro\<^sub>! x) = Pro x\ | \lower (p \<^bold>\\<^sub>! q) = (lower p \<^bold>\ lower q)\ | \lower (p \<^bold>\\<^sub>! q) = (lower p \<^bold>\ lower q)\ | \lower (p \<^bold>\\<^sub>! q) = (lower p \<^bold>\ lower q)\ | \lower (K\<^sub>! i p) = K i (lower p)\ | \lower ([r]\<^sub>! p) = undefined\ primrec lift :: \'i fm \ 'i pfm\ where \lift \<^bold>\ = \<^bold>\\<^sub>!\ | \lift (Pro x) = Pro\<^sub>! x\ | \lift (p \<^bold>\ q) = (lift p \<^bold>\\<^sub>! lift q)\ | \lift (p \<^bold>\ q) = (lift p \<^bold>\\<^sub>! lift q)\ | \lift (p \<^bold>\ q) = (lift p \<^bold>\\<^sub>! lift q)\ | \lift (K i p) = K\<^sub>! i (lift p)\ lemma lower_semantics: assumes \static p\ shows \(M, w \ lower p) \ (M, w \\<^sub>! p)\ using assms by (induct p arbitrary: w) simp_all lemma lift_semantics: \(M, w \ p) \ (M, w \\<^sub>! lift p)\ by (induct p arbitrary: w) simp_all lemma lower_lift: \lower (lift p) = p\ by (induct p) simp_all lemma lift_lower: \static p \ lift (lower p) = p\ by (induct p) simp_all section \Soundness of Reduction\ primrec reduce' :: \'i pfm \ 'i pfm \ 'i pfm\ where \reduce' r \<^bold>\\<^sub>! = (r \<^bold>\\<^sub>! \<^bold>\\<^sub>!)\ | \reduce' r (Pro\<^sub>! x) = (r \<^bold>\\<^sub>! Pro\<^sub>! x)\ | \reduce' r (p \<^bold>\\<^sub>! q) = (reduce' r p \<^bold>\\<^sub>! reduce' r q)\ | \reduce' r (p \<^bold>\\<^sub>! q) = (reduce' r p \<^bold>\\<^sub>! reduce' r q)\ | \reduce' r (p \<^bold>\\<^sub>! q) = (reduce' r p \<^bold>\\<^sub>! reduce' r q)\ | \reduce' r (K\<^sub>! i p) = (r \<^bold>\\<^sub>! K\<^sub>! i (reduce' r p))\ | \reduce' r ([p]\<^sub>! q) = undefined\ primrec reduce :: \'i pfm \ 'i pfm\ where \reduce \<^bold>\\<^sub>! = \<^bold>\\<^sub>!\ | \reduce (Pro\<^sub>! x) = Pro\<^sub>! x\ | \reduce (p \<^bold>\\<^sub>! q) = (reduce p \<^bold>\\<^sub>! reduce q)\ | \reduce (p \<^bold>\\<^sub>! q) = (reduce p \<^bold>\\<^sub>! reduce q)\ | \reduce (p \<^bold>\\<^sub>! q) = (reduce p \<^bold>\\<^sub>! reduce q)\ | \reduce (K\<^sub>! i p) = K\<^sub>! i (reduce p)\ | \reduce ([r]\<^sub>! p) = reduce' (reduce r) (reduce p)\ lemma static_reduce': \static p \ static r \ static (reduce' r p)\ by (induct p) simp_all lemma static_reduce: \static (reduce p)\ by (induct p) (simp_all add: static_reduce') lemma reduce'_semantics: assumes \static q\ shows \((M, w \\<^sub>! [p]\<^sub>! (q))) = (M, w \\<^sub>! reduce' p q)\ using assms by (induct q arbitrary: w) auto lemma reduce_semantics: \(M, w \\<^sub>! p) = (M, w \\<^sub>! reduce p)\ proof (induct p arbitrary: M w) case (Ann p q) then show ?case using reduce'_semantics static_reduce by fastforce qed simp_all section \Chains of Implications\ primrec implyP :: \'i pfm list \ 'i pfm \ 'i pfm\ (infixr \\<^bold>\\<^sub>!\ 26) where \([] \<^bold>\\<^sub>! q) = q\ | \(p # ps \<^bold>\\<^sub>! q) = (p \<^bold>\\<^sub>! ps \<^bold>\\<^sub>! q)\ -lemma lift_imply: \lift (ps \<^bold>\ q) = (map lift ps \<^bold>\\<^sub>! lift q)\ +lemma lift_implyP: \lift (ps \<^bold>\ q) = (map lift ps \<^bold>\\<^sub>! lift q)\ by (induct ps) auto -lemma reduce_imply: \reduce (ps \<^bold>\\<^sub>! q) = (map reduce ps \<^bold>\\<^sub>! reduce q)\ +lemma reduce_implyP: \reduce (ps \<^bold>\\<^sub>! q) = (map reduce ps \<^bold>\\<^sub>! reduce q)\ by (induct ps) auto section \Proof System\ primrec peval :: \(id \ bool) \ ('i pfm \ bool) \ 'i pfm \ bool\ where \peval _ _ \<^bold>\\<^sub>! = False\ | \peval g _ (Pro\<^sub>! x) = g x\ | \peval g h (p \<^bold>\\<^sub>! q) = (peval g h p \ peval g h q)\ | \peval g h (p \<^bold>\\<^sub>! q) = (peval g h p \ peval g h q)\ | \peval g h (p \<^bold>\\<^sub>! q) = (peval g h p \ peval g h q)\ | \peval _ h (K\<^sub>! i p) = h (K\<^sub>! i p)\ | \peval _ h ([r]\<^sub>! p) = h ([r]\<^sub>! p)\ abbreviation \ptautology p \ \g h. peval g h p\ inductive PAK :: \('i pfm \ bool) \ 'i pfm \ bool\ (\_ \\<^sub>! _\ [20, 20] 20) for A :: \'i pfm \ bool\ where PA1: \ptautology p \ A \\<^sub>! p\ | PA2: \A \\<^sub>! K\<^sub>! i p \<^bold>\\<^sub>! K\<^sub>! i (p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! K\<^sub>! i q\ | PAx: \A p \ A \\<^sub>! p\ | PR1: \A \\<^sub>! p \ A \\<^sub>! p \<^bold>\\<^sub>! q \ A \\<^sub>! q\ | PR2: \A \\<^sub>! p \ A \\<^sub>! K\<^sub>! i p\ | PFF: \A \\<^sub>! [r]\<^sub>! \<^bold>\\<^sub>! \<^bold>\\<^sub>! (r \<^bold>\\<^sub>! \<^bold>\\<^sub>!)\ | PPro: \A \\<^sub>! [r]\<^sub>! Pro\<^sub>! x \<^bold>\\<^sub>! (r \<^bold>\\<^sub>! Pro\<^sub>! x)\ | PDis: \A \\<^sub>! [r]\<^sub>! (p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! [r]\<^sub>! p \<^bold>\\<^sub>! [r]\<^sub>! q\ | PCon: \A \\<^sub>! [r]\<^sub>! (p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! [r]\<^sub>! p \<^bold>\\<^sub>! [r]\<^sub>! q\ | PImp: \A \\<^sub>! ([r]\<^sub>! (p \<^bold>\\<^sub>! q)) \<^bold>\\<^sub>! ([r]\<^sub>! p \<^bold>\\<^sub>! [r]\<^sub>! q)\ | PK: \A \\<^sub>! ([r]\<^sub>! K\<^sub>! i p) \<^bold>\\<^sub>! (r \<^bold>\\<^sub>! K\<^sub>! i ([r]\<^sub>! p))\ | PAnn: \A \\<^sub>! p \ A \\<^sub>! [r]\<^sub>! p\ +abbreviation PAK_assms (\_, _ \\<^sub>! _\ [20, 20, 20] 20) where + \A, G \\<^sub>! p \ \qs. set qs \ G \ (A \\<^sub>! qs \<^bold>\\<^sub>! p)\ + lemma eval_peval: \eval h (g o lift) p = peval h g (lift p)\ by (induct p) simp_all lemma tautology_ptautology: \tautology p \ ptautology (lift p)\ using eval_peval by blast theorem AK_PAK: \A o lift \ p \ A \\<^sub>! lift p\ by (induct p rule: AK.induct) (auto intro: PAK.intros(1-5) simp: tautology_ptautology) +abbreviation validPS :: \(('i, 'w) kripke \ bool) \ 'i pfm set \ 'i pfm \ bool\ (\valid\<^sub>!\\) + where \valid\<^sub>!\ P G p \ \M. \w \ \ M. P M \ (\q \ G. M, w \\<^sub>! q) \ M, w \\<^sub>! p\ + abbreviation validP :: \(('i :: countable, 'i fm set) kripke \ bool) \ 'i pfm set \ 'i pfm \ bool\ (\valid\<^sub>!\) - where \valid\<^sub>! P G p \ \M. \w \ \ M. P M \ (\q \ G. M, w \\<^sub>! q) \ M, w \\<^sub>! p\ + where \valid\<^sub>! \ valid\<^sub>!\\ lemma set_map_inv: assumes \set xs \ f ` X\ shows \\ys. set ys \ X \ map f ys = xs\ using assms proof (induct xs) case (Cons x xs) then obtain ys where \set ys \ X\ \map f ys = xs\ by auto moreover obtain y where \y \ X\ \f y = x\ using Cons.prems by auto ultimately have \set (y # ys) \ X\ \map f (y # ys) = x # xs\ by simp_all then show ?case by meson qed simp -theorem strong_static_completeness: +lemma strong_static_completeness': assumes \static p\ and \\q \ G. static q\ and \valid\<^sub>! P G p\ - and \valid P (lower ` G) (lower p) \ - \qs. set qs \ lower ` G \ (A o lift \ qs \<^bold>\ lower p)\ - shows \\qs. set qs \ G \ (A \\<^sub>! qs \<^bold>\\<^sub>! p)\ + and \valid\ P (lower ` G) (lower p) \ A o lift, lower ` G \ lower p\ + shows \A, G \\<^sub>! p\ proof - have \valid P (lower ` G) (lower p)\ using assms by (simp add: lower_semantics) - then have \\qs. set qs \ lower ` G \ (A o lift \ qs \<^bold>\ lower p)\ - using assms(4) by fast + then have \A o lift, lower ` G \ lower p\ + using assms(4) by blast then obtain qs where \set qs \ G\ and \A o lift \ map lower qs \<^bold>\ lower p\ using set_map_inv by blast then have \A \\<^sub>! lift (map lower qs \<^bold>\ lower p)\ using AK_PAK by fast then have \A \\<^sub>! map lift (map lower qs) \<^bold>\\<^sub>! lift (lower p)\ - using lift_imply by metis + using lift_implyP by metis then have \A \\<^sub>! map (lift o lower) qs \<^bold>\\<^sub>! lift (lower p)\ by simp then show ?thesis using assms(1-2) \set qs \ G\ lift_lower by (metis (mono_tags, lifting) comp_apply map_idI subset_eq) qed -corollary static_completeness: +theorem strong_static_completeness: + assumes \static p\ and \\q \ G. static q\ and \valid\<^sub>! P G p\ + and \\G p. valid P G p \ A o lift, G \ p\ + shows \A, G \\<^sub>! p\ + using strong_static_completeness' assms . + +corollary static_completeness': assumes \static p\ and \valid\<^sub>! P {} p\ and \valid P {} (lower p) \ A o lift \ lower p\ shows \A \\<^sub>! p\ - using assms strong_static_completeness[where G=\{}\ and p=p] by simp + using assms strong_static_completeness'[where G=\{}\ and p=p] by simp + +corollary static_completeness: + assumes \static p\ and \valid\<^sub>! P {} p\ and \\p. valid P {} p \ A o lift \ p\ + shows \A \\<^sub>! p\ + using static_completeness' assms . corollary assumes \static p\ \valid\<^sub>! (\_. True) {} p\ shows \A \\<^sub>! p\ using assms static_completeness[where P=\\_. True\ and p=p] completeness\<^sub>A by blast section \Soundness\ lemma peval_semantics: \peval (val w) (\q. Kripke W val r, w \\<^sub>! q) p = (Kripke W val r, w \\<^sub>! p)\ by (induct p) simp_all lemma ptautology: assumes \ptautology p\ shows \M, w \\<^sub>! p\ proof - from assms have \peval (g w) (\q. Kripke W g r, w \\<^sub>! q) p\ for W g r by simp then have \Kripke W g r, w \\<^sub>! p\ for W g r using peval_semantics by fast then show \M, w \\<^sub>! p\ by (metis kripke.collapse) qed theorem soundness: assumes \\M p w. A p \ P M \ w \ \ M \ M, w \\<^sub>! p\ \\M p. P M \ P (restrict M p)\ shows \A \\<^sub>! p \ P M \ w \ \ M \ M, w \\<^sub>! p\ proof (induct p arbitrary: M w rule: PAK.induct) case (PAnn p r) moreover have \P (restrict M r)\ using PAnn(3) assms(2) by simp ultimately show ?case by simp qed (simp_all add: assms ptautology) corollary \(\_. False) \\<^sub>! p \ w \ \ M \ M, w \\<^sub>! p\ using soundness[where P=\\_. True\] by metis +section \Strong Soundness\ + +lemma ptautology_imply_superset: + assumes \set ps \ set qs\ + shows \ptautology (ps \<^bold>\\<^sub>! r \<^bold>\\<^sub>! qs \<^bold>\\<^sub>! r)\ +proof (rule ccontr) + assume \\ ?thesis\ + then obtain g h where \\ peval g h (ps \<^bold>\\<^sub>! r \<^bold>\\<^sub>! qs \<^bold>\\<^sub>! r)\ + by blast + then have \peval g h (ps \<^bold>\\<^sub>! r)\ \\ peval g h (qs \<^bold>\\<^sub>! r)\ + by simp_all + then consider (np) \\p \ set ps. \ peval g h p\ | (r) \\p \ set ps. peval g h p\ \peval g h r\ + by (induct ps) auto + then show False + proof cases + case np + then have \\p \ set qs. \ peval g h p\ + using \set ps \ set qs\ by blast + then have \peval g h (qs \<^bold>\\<^sub>! r)\ + by (induct qs) simp_all + then show ?thesis + using \\ peval g h (qs \<^bold>\\<^sub>! r)\ by blast + next + case r + then have \peval g h (qs \<^bold>\\<^sub>! r)\ + by (induct qs) simp_all + then show ?thesis + using \\ peval g h (qs \<^bold>\\<^sub>! r)\ by blast + qed +qed + +lemma PK_imply_weaken: + assumes \A \\<^sub>! ps \<^bold>\\<^sub>! q\ \set ps \ set ps'\ + shows \A \\<^sub>! ps' \<^bold>\\<^sub>! q\ +proof - + have \ptautology (ps \<^bold>\\<^sub>! q \<^bold>\\<^sub>! ps' \<^bold>\\<^sub>! q)\ + using \set ps \ set ps'\ ptautology_imply_superset by blast + then have \A \\<^sub>! ps \<^bold>\\<^sub>! q \<^bold>\\<^sub>! ps' \<^bold>\\<^sub>! q\ + using PA1 by blast + then show ?thesis + using \A \\<^sub>! ps \<^bold>\\<^sub>! q\ PR1 by blast +qed + +lemma implyP_append: \(ps @ ps' \<^bold>\\<^sub>! q) = (ps \<^bold>\\<^sub>! ps' \<^bold>\\<^sub>! q)\ + by (induct ps) simp_all + +lemma PK_ImpI: + assumes \A \\<^sub>! p # G \<^bold>\\<^sub>! q\ + shows \A \\<^sub>! G \<^bold>\\<^sub>! (p \<^bold>\\<^sub>! q)\ +proof - + have \set (p # G) \ set (G @ [p])\ + by simp + then have \A \\<^sub>! G @ [p] \<^bold>\\<^sub>! q\ + using assms PK_imply_weaken by blast + then have \A \\<^sub>! G \<^bold>\\<^sub>! [p] \<^bold>\\<^sub>! q\ + using implyP_append by metis + then show ?thesis + by simp +qed + +corollary soundness_imply: + assumes + \\M p w. A p \ P M \ w \ \ M \ M, w \\<^sub>! p\ + \\M p. P M \ P (restrict M p)\ + shows \A \\<^sub>! qs \<^bold>\\<^sub>! p \ P M \ w \ \ M \ \q \ set qs. M, w \\<^sub>! q \ M, w \\<^sub>! p\ +proof (induct qs arbitrary: p) + case Nil + then show ?case + using soundness[of A P p M w] assms by simp +next + case (Cons q qs) + then show ?case + using PK_ImpI by fastforce +qed + +theorem strong_soundness: + assumes + \\M w p. A p \ P M \ w \ \ M \ M, w \\<^sub>! p\ + \\M p. P M \ P (restrict M p)\ + shows \A, G \\<^sub>! p \ valid\<^sub>!\ P G p\ +proof safe + fix qs w and M :: \('a, 'b) kripke\ + assume \A \\<^sub>! qs \<^bold>\\<^sub>! p\ + moreover assume \set qs \ G\ \\q \ G. M, w \\<^sub>! q\ + then have \\q \ set qs. M, w \\<^sub>! q\ + using \set qs \ G\ by blast + moreover assume \P M\ \w \ \ M\ + ultimately show \M, w \\<^sub>! p\ + using soundness_imply[of A P qs p] assms by blast +qed + section \Completeness\ lemma ConE: assumes \A \\<^sub>! p \<^bold>\\<^sub>! q\ shows \A \\<^sub>! p\ \A \\<^sub>! q\ using assms by (metis PA1 PR1 peval.simps(4-5))+ lemma Iff_Dis: assumes \A \\<^sub>! p \<^bold>\\<^sub>! p'\ \A \\<^sub>! q \<^bold>\\<^sub>! q'\ shows \A \\<^sub>! ((p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! (p' \<^bold>\\<^sub>! q'))\ proof - have \A \\<^sub>! (p \<^bold>\\<^sub>! p') \<^bold>\\<^sub>! (q \<^bold>\\<^sub>! q') \<^bold>\\<^sub>! ((p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! (p' \<^bold>\\<^sub>! q'))\ by (simp add: PA1) then show ?thesis using assms PR1 by blast qed lemma Iff_Con: assumes \A \\<^sub>! p \<^bold>\\<^sub>! p'\ \A \\<^sub>! q \<^bold>\\<^sub>! q'\ shows \A \\<^sub>! (p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! (p' \<^bold>\\<^sub>! q')\ proof - have \A \\<^sub>! (p \<^bold>\\<^sub>! p') \<^bold>\\<^sub>! (q \<^bold>\\<^sub>! q') \<^bold>\\<^sub>! ((p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! (p' \<^bold>\\<^sub>! q'))\ by (simp add: PA1) then show ?thesis using assms PR1 by blast qed lemma Iff_Imp: assumes \A \\<^sub>! p \<^bold>\\<^sub>! p'\ \A \\<^sub>! q \<^bold>\\<^sub>! q'\ shows \A \\<^sub>! ((p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! (p' \<^bold>\\<^sub>! q'))\ proof - have \A \\<^sub>! (p \<^bold>\\<^sub>! p') \<^bold>\\<^sub>! (q \<^bold>\\<^sub>! q') \<^bold>\\<^sub>! ((p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! (p' \<^bold>\\<^sub>! q'))\ by (simp add: PA1) then show ?thesis using assms PR1 by blast qed lemma Iff_sym: \(A \\<^sub>! p \<^bold>\\<^sub>! q) = (A \\<^sub>! q \<^bold>\\<^sub>! p)\ proof - have \A \\<^sub>! (p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! (q \<^bold>\\<^sub>! p)\ by (simp add: PA1) then show ?thesis using PR1 ConE by blast qed lemma Iff_Iff: assumes \A \\<^sub>! p \<^bold>\\<^sub>! p'\ \A \\<^sub>! p \<^bold>\\<^sub>! q\ shows \A \\<^sub>! p' \<^bold>\\<^sub>! q\ proof - have \ptautology ((p \<^bold>\\<^sub>! p') \<^bold>\\<^sub>! (p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! (p' \<^bold>\\<^sub>! q))\ by (metis peval.simps(4-5)) with PA1 have \A \\<^sub>! (p \<^bold>\\<^sub>! p') \<^bold>\\<^sub>! (p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! (p' \<^bold>\\<^sub>! q)\ . then show ?thesis using assms PR1 by blast qed lemma K'_A2': \A \\<^sub>! K\<^sub>! i (p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! K\<^sub>! i p \<^bold>\\<^sub>! K\<^sub>! i q\ proof - have \A \\<^sub>! K\<^sub>! i p \<^bold>\\<^sub>! K\<^sub>! i (p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! K\<^sub>! i q\ using PA2 by fast moreover have \A \\<^sub>! (P \<^bold>\\<^sub>! Q \<^bold>\\<^sub>! R) \<^bold>\\<^sub>! (Q \<^bold>\\<^sub>! P \<^bold>\\<^sub>! R)\ for P Q R by (simp add: PA1) ultimately show ?thesis using PR1 by fast qed lemma K'_map: assumes \A \\<^sub>! p \<^bold>\\<^sub>! q\ shows \A \\<^sub>! K\<^sub>! i p \<^bold>\\<^sub>! K\<^sub>! i q\ proof - note \A \\<^sub>! p \<^bold>\\<^sub>! q\ then have \A \\<^sub>! K\<^sub>! i (p \<^bold>\\<^sub>! q)\ using PR2 by fast moreover have \A \\<^sub>! K\<^sub>! i (p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! K\<^sub>! i p \<^bold>\\<^sub>! K\<^sub>! i q\ using K'_A2' by fast ultimately show ?thesis using PR1 by fast qed lemma ConI: assumes \A \\<^sub>! p\ \A \\<^sub>! q\ shows \A \\<^sub>! p \<^bold>\\<^sub>! q\ proof - have \A \\<^sub>! p \<^bold>\\<^sub>! q \<^bold>\\<^sub>! p \<^bold>\\<^sub>! q\ by (simp add: PA1) then show ?thesis using assms PR1 by blast qed lemma Iff_wk: assumes \A \\<^sub>! p \<^bold>\\<^sub>! q\ shows \A \\<^sub>! (r \<^bold>\\<^sub>! p) \<^bold>\\<^sub>! (r \<^bold>\\<^sub>! q)\ proof - have \A \\<^sub>! (p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! ((r \<^bold>\\<^sub>! p) \<^bold>\\<^sub>! (r \<^bold>\\<^sub>! q))\ by (simp add: PA1) then show ?thesis using assms PR1 by blast qed lemma Iff_reduce': assumes \static p\ shows \A \\<^sub>! [r]\<^sub>! p \<^bold>\\<^sub>! reduce' r p\ using assms proof (induct p rule: pfm.induct) case FF then show ?case by (simp add: PFF) next case (Pro' x) then show ?case by (simp add: PPro) next case (Dis p q) then have \A \\<^sub>! [r]\<^sub>! p \<^bold>\\<^sub>! [r]\<^sub>! q \<^bold>\\<^sub>! reduce' r (p \<^bold>\\<^sub>! q)\ using Iff_Dis by fastforce moreover have \A \\<^sub>! ([r]\<^sub>! p \<^bold>\\<^sub>! [r]\<^sub>! q) \<^bold>\\<^sub>! ([r]\<^sub>! (p \<^bold>\\<^sub>! q))\ using PDis Iff_sym by fastforce ultimately show ?case using PA1 PR1 Iff_Iff by blast next case (Con p q) then have \A \\<^sub>! [r]\<^sub>! p \<^bold>\\<^sub>! [r]\<^sub>! q \<^bold>\\<^sub>! reduce' r (p \<^bold>\\<^sub>! q)\ using Iff_Con by fastforce moreover have \A \\<^sub>! ([r]\<^sub>! p \<^bold>\\<^sub>! [r]\<^sub>! q) \<^bold>\\<^sub>! ([r]\<^sub>! (p \<^bold>\\<^sub>! q))\ using PCon Iff_sym by fastforce ultimately show ?case using PA1 PR1 Iff_Iff by blast next case (Imp p q) then have \A \\<^sub>! ([r]\<^sub>! p \<^bold>\\<^sub>! [r]\<^sub>! q) \<^bold>\\<^sub>! reduce' r (p \<^bold>\\<^sub>! q)\ using Iff_Imp by fastforce moreover have \A \\<^sub>! ([r]\<^sub>! p \<^bold>\\<^sub>! [r]\<^sub>! q) \<^bold>\\<^sub>! ([r]\<^sub>! (p \<^bold>\\<^sub>! q))\ using PImp Iff_sym by fastforce ultimately show ?case using PA1 PR1 Iff_Iff by blast next case (K' i p) then have \A \\<^sub>! [r]\<^sub>! p \<^bold>\\<^sub>! reduce' r p\ by simp then have \A \\<^sub>! K\<^sub>! i ([r]\<^sub>! p) \<^bold>\\<^sub>! K\<^sub>! i (reduce' r p)\ using K'_map ConE ConI by metis moreover have \A \\<^sub>! [r]\<^sub>! K\<^sub>! i p \<^bold>\\<^sub>! r \<^bold>\\<^sub>! K\<^sub>! i ([r]\<^sub>! p)\ using PK . ultimately have \A \\<^sub>! [r]\<^sub>! K\<^sub>! i p \<^bold>\\<^sub>! r \<^bold>\\<^sub>! K\<^sub>! i (reduce' r p)\ by (meson Iff_Iff Iff_sym Iff_wk) then show ?case by simp next case (Ann r p) then show ?case by simp qed lemma Iff_Ann1: assumes r: \A \\<^sub>! r \<^bold>\\<^sub>! r'\ and \static p\ shows \A \\<^sub>! [r]\<^sub>! p \<^bold>\\<^sub>! [r']\<^sub>! p\ using assms(2-) proof (induct p) case FF have \A \\<^sub>! (r \<^bold>\\<^sub>! r') \<^bold>\\<^sub>! ((r \<^bold>\\<^sub>! \<^bold>\\<^sub>!) \<^bold>\\<^sub>! (r' \<^bold>\\<^sub>! \<^bold>\\<^sub>!))\ by (auto intro: PA1) then have \A \\<^sub>! (r \<^bold>\\<^sub>! \<^bold>\\<^sub>!) \<^bold>\\<^sub>! (r' \<^bold>\\<^sub>! \<^bold>\\<^sub>!)\ using r PR1 by blast then show ?case by (meson PFF Iff_Iff Iff_sym) next case (Pro' x) have \A \\<^sub>! (r \<^bold>\\<^sub>! r') \<^bold>\\<^sub>! ((r \<^bold>\\<^sub>! Pro\<^sub>! x) \<^bold>\\<^sub>! (r' \<^bold>\\<^sub>! Pro\<^sub>! x))\ by (auto intro: PA1) then have \A \\<^sub>! (r \<^bold>\\<^sub>! Pro\<^sub>! x) \<^bold>\\<^sub>! (r' \<^bold>\\<^sub>! Pro\<^sub>! x)\ using r PR1 by blast then show ?case by (meson PPro Iff_Iff Iff_sym) next case (Dis p q) then have \A \\<^sub>! [r]\<^sub>! p \<^bold>\\<^sub>! [r]\<^sub>! q \<^bold>\\<^sub>! [r']\<^sub>! p \<^bold>\\<^sub>! [r']\<^sub>! q\ by (simp add: Iff_Dis) then show ?case by (meson PDis Iff_Iff Iff_sym) next case (Con p q) then have \A \\<^sub>! [r]\<^sub>! p \<^bold>\\<^sub>! [r]\<^sub>! q \<^bold>\\<^sub>! [r']\<^sub>! p \<^bold>\\<^sub>! [r']\<^sub>! q\ by (simp add: Iff_Con) then show ?case by (meson PCon Iff_Iff Iff_sym) next case (Imp p q) then have \A \\<^sub>! ([r]\<^sub>! p \<^bold>\\<^sub>! [r]\<^sub>! q) \<^bold>\\<^sub>! ([r']\<^sub>! p \<^bold>\\<^sub>! [r']\<^sub>! q)\ by (simp add: Iff_Imp) then show ?case by (meson PImp Iff_Iff Iff_sym) next case (K' i p) then have \A \\<^sub>! [r]\<^sub>! p \<^bold>\\<^sub>! [r']\<^sub>! p\ by simp then have \A \\<^sub>! K\<^sub>! i ([r]\<^sub>! p) \<^bold>\\<^sub>! K\<^sub>! i ([r']\<^sub>! p)\ using K'_map ConE ConI by metis then show ?case by (meson Iff_Iff Iff_Imp Iff_sym PK r) next case (Ann s p) then show ?case by simp qed lemma Iff_Ann2: assumes \A \\<^sub>! p \<^bold>\\<^sub>! p'\ shows \A \\<^sub>! [r]\<^sub>! p \<^bold>\\<^sub>! [r]\<^sub>! p'\ using assms PAnn ConE ConI PImp PR1 by metis lemma Iff_reduce: \A \\<^sub>! p \<^bold>\\<^sub>! reduce p\ proof (induct p) case (Dis p q) then show ?case by (simp add: Iff_Dis) next case (Con p q) then show ?case by (simp add: Iff_Con) next case (Imp p q) then show ?case by (simp add: Iff_Imp) next case (K' i p) have \A \\<^sub>! K\<^sub>! i p \<^bold>\\<^sub>! K\<^sub>! i (reduce p)\ \A \\<^sub>! K\<^sub>! i (reduce p) \<^bold>\\<^sub>! K\<^sub>! i p\ using K' K'_map ConE by fast+ then have \A \\<^sub>! K\<^sub>! i p \<^bold>\\<^sub>! K\<^sub>! i (reduce p)\ using ConI by blast then show ?case by simp next case (Ann r p) have \A \\<^sub>! [reduce r]\<^sub>! reduce p \<^bold>\\<^sub>! reduce' (reduce r) (reduce p)\ using Iff_reduce' static_reduce by blast moreover have \A \\<^sub>! [r]\<^sub>! reduce p \<^bold>\\<^sub>! [reduce r]\<^sub>! reduce p\ using Ann(1) Iff_Ann1 static_reduce by blast ultimately have \A \\<^sub>! [r]\<^sub>! reduce p \<^bold>\\<^sub>! reduce' (reduce r) (reduce p)\ using Iff_Iff Iff_sym by blast moreover have \A \\<^sub>! [r]\<^sub>! reduce p \<^bold>\\<^sub>! [r]\<^sub>! p\ by (meson Ann(2) static_reduce Iff_Ann2 Iff_sym) ultimately have \A \\<^sub>! [r]\<^sub>! p \<^bold>\\<^sub>! reduce' (reduce r) (reduce p)\ using Iff_Iff by blast then show ?case by simp qed (simp_all add: PA1) -theorem strong_completeness\<^sub>P: +lemma strong_completeness\<^sub>P': assumes \valid\<^sub>! P G p\ - and \valid P (lower ` reduce ` G) (lower (reduce p)) \ - \qs. set qs \ lower ` reduce ` G \ (A o lift \ qs \<^bold>\ lower (reduce p))\ - shows \\qs. set qs \ G \ (A \\<^sub>! qs \<^bold>\\<^sub>! p)\ + and \valid\ P (lower ` reduce ` G) (lower (reduce p)) \ + A o lift, lower ` reduce ` G \ lower (reduce p)\ + shows \A, G \\<^sub>! p\ proof - have \valid\<^sub>! P (reduce ` G) (reduce p)\ using assms(1) reduce_semantics by fast moreover have \static (reduce p)\ \\q \ reduce ` G. static q\ using static_reduce by fast+ - ultimately have \\qs. set qs \ reduce ` G \ (A \\<^sub>! qs \<^bold>\\<^sub>! reduce p)\ - using assms(2) strong_static_completeness[where G=\reduce ` G\ and p=\reduce p\] by presburger + ultimately have \A, reduce ` G \\<^sub>! reduce p\ + using assms(2) strong_static_completeness'[where G=\reduce ` G\ and p=\reduce p\] + by presburger then have \\qs. set qs \ G \ (A \\<^sub>! map reduce qs \<^bold>\\<^sub>! reduce p)\ using set_map_inv by fast then obtain qs where qs: \set qs \ G\ and \A \\<^sub>! map reduce qs \<^bold>\\<^sub>! reduce p\ by blast then have \A \\<^sub>! reduce (qs \<^bold>\\<^sub>! p)\ - using reduce_imply by metis + using reduce_implyP by metis moreover have \A \\<^sub>! (qs \<^bold>\\<^sub>! p) \<^bold>\\<^sub>! reduce (qs \<^bold>\\<^sub>! p)\ using Iff_reduce by blast ultimately have \A \\<^sub>! qs \<^bold>\\<^sub>! p\ using ConE(2) PR1 by blast then show ?thesis using qs by blast qed -corollary completeness\<^sub>P: +theorem strong_completeness\<^sub>P: + assumes \valid\<^sub>! P G p\ + and \\G p. valid\ P G p \ A o lift, G \ p\ + shows \\qs. set qs \ G \ (A \\<^sub>! qs \<^bold>\\<^sub>! p)\ + using strong_completeness\<^sub>P' assms . + +corollary completeness\<^sub>P': assumes \valid\<^sub>! P {} p\ and \\p. valid P {} (lower p) \ A o lift \ lower p\ shows \A \\<^sub>! p\ - using assms strong_completeness\<^sub>P[where P=P and G=\{}\] by simp + using assms strong_completeness\<^sub>P'[where P=P and G=\{}\] by simp + +corollary completeness\<^sub>P: + assumes \valid\<^sub>! P {} p\ and \\p. valid P {} p \ A o lift \ p\ + shows \A \\<^sub>! p\ + using completeness\<^sub>P' assms . corollary completeness\<^sub>P\<^sub>A: assumes \valid\<^sub>! (\_. True) {} p\ shows \A \\<^sub>! p\ using assms completeness\<^sub>P[where P=\\_. True\ and p=p] completeness\<^sub>A by blast section \System PAL + K\ -abbreviation SystemPK :: \'i pfm \ bool\ (\\\<^sub>!\<^sub>K _\ [20] 20) where - \\\<^sub>!\<^sub>K p \ (\_. False) \\<^sub>! p\ +abbreviation SystemPK (\_ \\<^sub>!\<^sub>K _\ [50, 50] 50) where + \G \\<^sub>!\<^sub>K p \ (\_. False), G \\<^sub>! p\ -lemma soundness\<^sub>P\<^sub>K: \\\<^sub>!\<^sub>K p \ w \ \ M \ M, w \\<^sub>! p\ - using soundness[where P=\\_. True\] by metis +lemma strong_soundness\<^sub>P\<^sub>K: \G \\<^sub>!\<^sub>K p \ valid\<^sub>!\ (\_. True) G p\ + using strong_soundness[of \\_. False\ \\_. True\] by fast abbreviation validPK (\valid\<^sub>!\<^sub>K\) where \valid\<^sub>!\<^sub>K \ valid\<^sub>! (\_. True)\ -theorem strong_completeness\<^sub>P\<^sub>K: +lemma strong_completeness\<^sub>P\<^sub>K: assumes \valid\<^sub>!\<^sub>K G p\ - shows \\qs. set qs \ G \ (\\<^sub>!\<^sub>K qs \<^bold>\\<^sub>! p)\ + shows \G \\<^sub>!\<^sub>K p\ using strong_completeness\<^sub>P assms strong_completeness\<^sub>K unfolding comp_apply . -corollary completeness\<^sub>P\<^sub>K: - assumes \valid\<^sub>!\<^sub>K {} p\ - shows \\\<^sub>!\<^sub>K p\ - using completeness\<^sub>P\<^sub>A assms . +theorem main\<^sub>P\<^sub>K: \valid\<^sub>!\<^sub>K G p \ G \\<^sub>!\<^sub>K p\ + using strong_soundness\<^sub>P\<^sub>K[of G p] strong_completeness\<^sub>P\<^sub>K[of G p] by fast -theorem main\<^sub>P\<^sub>K: \valid\<^sub>!\<^sub>K {} p = (\\<^sub>!\<^sub>K p)\ - using soundness\<^sub>P\<^sub>K completeness\<^sub>P\<^sub>K by fast - -corollary - assumes \valid\<^sub>!\<^sub>K {} p\ and \w \ \ M\ - shows \M, w \\<^sub>! p\ - using assms soundness\<^sub>P\<^sub>K completeness\<^sub>P\<^sub>K by metis +corollary \valid\<^sub>!\<^sub>K G p \ valid\<^sub>!\ (\_. True) G p\ + using strong_soundness\<^sub>P\<^sub>K[of G p] strong_completeness\<^sub>P\<^sub>K[of G p] by fast section \System PAL + T\ text \Also known as System PAL + M\ inductive AxPT :: \'i pfm \ bool\ where \AxPT (K\<^sub>! i p \<^bold>\\<^sub>! p)\ -abbreviation SystemPT :: \'i pfm \ bool\ (\\\<^sub>!\<^sub>T _\ [20] 20) where - \\\<^sub>!\<^sub>T p \ AxPT \\<^sub>! p\ +abbreviation SystemPT (\_ \\<^sub>!\<^sub>T _\ [50, 50] 50) where + \G \\<^sub>!\<^sub>T p \ AxPT, G \\<^sub>! p\ lemma soundness_AxPT: \AxPT p \ reflexive M \ w \ \ M \ M, w \\<^sub>! p\ unfolding reflexive_def by (induct p rule: AxPT.induct) simp lemma reflexive_restrict: \reflexive M \ reflexive (restrict M p)\ unfolding reflexive_def by simp -lemma soundness\<^sub>P\<^sub>T: \\\<^sub>!\<^sub>T p \ reflexive M \ w \ \ M \ M, w \\<^sub>! p\ - using soundness[where A=AxPT and P=reflexive] soundness_AxPT reflexive_restrict by fastforce +lemma strong_soundness\<^sub>P\<^sub>T: \G \\<^sub>!\<^sub>T p \ valid\<^sub>!\ reflexive G p\ + using strong_soundness[of AxPT reflexive G p] soundness_AxPT reflexive_restrict by fast lemma AxT_AxPT: \AxT = AxPT o lift\ unfolding comp_apply using lower_lift by (metis AxPT.simps AxT.simps lift.simps(5-6) lower.simps(5-6)) abbreviation validPT (\valid\<^sub>!\<^sub>T\) where \valid\<^sub>!\<^sub>T \ valid\<^sub>! reflexive\ -theorem strong_completeness\<^sub>P\<^sub>T: +lemma strong_completeness\<^sub>P\<^sub>T: assumes \valid\<^sub>!\<^sub>T G p\ - shows \\qs. set qs \ G \ (\\<^sub>!\<^sub>T qs \<^bold>\\<^sub>! p)\ + shows \G \\<^sub>!\<^sub>T p\ using strong_completeness\<^sub>P assms strong_completeness\<^sub>T unfolding AxT_AxPT . -corollary completeness\<^sub>P\<^sub>T: - assumes \valid\<^sub>!\<^sub>T {} p\ - shows \\\<^sub>!\<^sub>T p\ - using assms strong_completeness\<^sub>P\<^sub>T[where G=\{}\] by auto +theorem main\<^sub>P\<^sub>T: \valid\<^sub>!\<^sub>T G p \ G \\<^sub>!\<^sub>T p\ + using strong_soundness\<^sub>P\<^sub>T[of G p] strong_completeness\<^sub>P\<^sub>T[of G p] by fast -theorem main\<^sub>P\<^sub>T: \valid\<^sub>!\<^sub>T {} p \ (\\<^sub>!\<^sub>T p)\ - using soundness\<^sub>P\<^sub>T completeness\<^sub>P\<^sub>T by fast - -corollary - assumes \reflexive M\ \w \ \ M\ - shows \valid\<^sub>!\<^sub>T {} p \ M, w \\<^sub>! p\ - using assms soundness\<^sub>P\<^sub>T completeness\<^sub>P\<^sub>T by fast +corollary \valid\<^sub>!\<^sub>T G p \ valid\<^sub>!\ reflexive G p\ + using strong_soundness\<^sub>P\<^sub>T[of G p] strong_completeness\<^sub>P\<^sub>T[of G p] by fast section \System PAL + KB\ inductive AxPB :: \'i pfm \ bool\ where \AxPB (p \<^bold>\\<^sub>! K\<^sub>! i (L\<^sub>! i p))\ -abbreviation SystemPKB :: \'i pfm \ bool\ (\\\<^sub>!\<^sub>K\<^sub>B _\ [20] 20) where - \\\<^sub>!\<^sub>K\<^sub>B p \ AxPB \\<^sub>! p\ +abbreviation SystemPKB (\_ \\<^sub>!\<^sub>K\<^sub>B _\ [50, 50] 50) where + \G \\<^sub>!\<^sub>K\<^sub>B p \ AxPB, G \\<^sub>! p\ lemma soundness_AxPB: \AxPB p \ symmetric M \ w \ \ M \ M, w \\<^sub>! p\ unfolding symmetric_def by (induct p rule: AxPB.induct) auto lemma symmetric_restrict: \symmetric M \ symmetric (restrict M p)\ unfolding symmetric_def by simp -lemma soundness\<^sub>P\<^sub>K\<^sub>B: \\\<^sub>!\<^sub>K\<^sub>B p \ symmetric M \ w \ \ M \ M, w \\<^sub>! p\ - using soundness[where A=AxPB and P=symmetric] soundness_AxPB symmetric_restrict by fastforce +lemma strong_soundness\<^sub>P\<^sub>K\<^sub>B: \G \\<^sub>!\<^sub>K\<^sub>B p \ valid\<^sub>!\ symmetric G p\ + using strong_soundness[of AxPB symmetric G p] soundness_AxPB symmetric_restrict by fast lemma AxB_AxPB: \AxB = AxPB o lift\ proof fix p :: \'i fm\ show \AxB p = (AxPB \ lift) p\ unfolding comp_apply using lower_lift by (smt (verit, best) AxB.simps AxPB.simps lift.simps(1, 5-6) lower.simps(5-6)) qed abbreviation validPKB (\valid\<^sub>!\<^sub>K\<^sub>B\) where \valid\<^sub>!\<^sub>K\<^sub>B \ valid\<^sub>! symmetric\ -theorem strong_completeness\<^sub>P\<^sub>K\<^sub>B: +lemma strong_completeness\<^sub>P\<^sub>K\<^sub>B: assumes \valid\<^sub>!\<^sub>K\<^sub>B G p\ - shows \\qs. set qs \ G \ (\\<^sub>!\<^sub>K\<^sub>B qs \<^bold>\\<^sub>! p)\ + shows \G \\<^sub>!\<^sub>K\<^sub>B p\ using strong_completeness\<^sub>P assms strong_completeness\<^sub>K\<^sub>B unfolding AxB_AxPB . -corollary completeness\<^sub>P\<^sub>K\<^sub>B: - assumes \valid\<^sub>!\<^sub>K\<^sub>B {} p\ - shows \\\<^sub>!\<^sub>K\<^sub>B p\ - using assms strong_completeness\<^sub>P\<^sub>K\<^sub>B[where G=\{}\] by auto +theorem main\<^sub>P\<^sub>K\<^sub>B: \valid\<^sub>!\<^sub>K\<^sub>B G p \ G \\<^sub>!\<^sub>K\<^sub>B p\ + using strong_soundness\<^sub>P\<^sub>K\<^sub>B[of G p] strong_completeness\<^sub>P\<^sub>K\<^sub>B[of G p] by fast -theorem main\<^sub>P\<^sub>K\<^sub>B: \valid\<^sub>!\<^sub>K\<^sub>B {} p \ (\\<^sub>!\<^sub>K\<^sub>B p)\ - using soundness\<^sub>P\<^sub>K\<^sub>B completeness\<^sub>P\<^sub>K\<^sub>B by fast - -corollary - assumes \symmetric M\ \w \ \ M\ - shows \valid\<^sub>!\<^sub>K\<^sub>B {} p \ M, w \\<^sub>! p\ - using assms soundness\<^sub>P\<^sub>K\<^sub>B completeness\<^sub>P\<^sub>K\<^sub>B by fast +corollary \valid\<^sub>!\<^sub>K\<^sub>B G p \ valid\<^sub>!\ symmetric G p\ + using strong_soundness\<^sub>P\<^sub>K\<^sub>B[of G p] strong_completeness\<^sub>P\<^sub>K\<^sub>B[of G p] by fast section \System PAL + K4\ inductive AxP4 :: \'i pfm \ bool\ where \AxP4 (K\<^sub>! i p \<^bold>\\<^sub>! K\<^sub>! i (K\<^sub>! i p))\ -abbreviation SystemPK4 :: \'i pfm \ bool\ (\\\<^sub>!\<^sub>K\<^sub>4 _\ [20] 20) where - \\\<^sub>!\<^sub>K\<^sub>4 p \ AxP4 \\<^sub>! p\ +abbreviation SystemPK4 (\_ \\<^sub>!\<^sub>K\<^sub>4 _\ [50, 50] 50) where + \G \\<^sub>!\<^sub>K\<^sub>4 p \ AxP4, G \\<^sub>! p\ lemma pos_introspection: assumes \transitive M\ \w \ \ M\ shows \M, w \\<^sub>! (K\<^sub>! i p \<^bold>\\<^sub>! K\<^sub>! i (K\<^sub>! i p))\ proof - { assume \M, w \\<^sub>! K\<^sub>! i p\ then have \\v \ \ M \ \ M i w. M, v \\<^sub>! p\ by simp then have \\v \ \ M \ \ M i w. \u \ \ M \ \ M i v. M, u \\<^sub>! p\ using \transitive M\ \w \ \ M\ unfolding transitive_def by blast then have \\v \ \ M \ \ M i w. M, v \\<^sub>! K\<^sub>! i p\ by simp then have \M, w \\<^sub>! K\<^sub>! i (K\<^sub>! i p)\ by simp } then show ?thesis by fastforce qed lemma soundness_AxP4: \AxP4 p \ transitive M \ w \ \ M \ M, w \\<^sub>! p\ by (induct p rule: AxP4.induct) (metis pos_introspection) lemma transitive_restrict: \transitive M \ transitive (restrict M p)\ unfolding transitive_def by (metis (no_types, lifting) kripke.exhaust_sel kripke.inject mem_Collect_eq restrict.elims) -lemma soundness\<^sub>P\<^sub>K\<^sub>4: \\\<^sub>!\<^sub>K\<^sub>4 p \ transitive M \ w \ \ M \ M, w \\<^sub>! p\ - using soundness[where A=AxP4 and P=transitive] soundness_AxP4 transitive_restrict by fastforce +lemma strong_soundness\<^sub>P\<^sub>K\<^sub>4: \G \\<^sub>!\<^sub>K\<^sub>4 p \ valid\<^sub>!\ transitive G p\ + using strong_soundness[of AxP4 transitive G p] soundness_AxP4 transitive_restrict by fast lemma Ax4_AxP4: \Ax4 = AxP4 o lift\ proof fix p :: \'i fm\ show \Ax4 p = (AxP4 \ lift) p\ unfolding comp_apply using lower_lift by (smt (verit, best) Ax4.simps AxP4.simps lift.simps(1, 5-6) lower.simps(5-6)) qed abbreviation validPK4 (\valid\<^sub>!\<^sub>K\<^sub>4\) where \valid\<^sub>!\<^sub>K\<^sub>4 \ valid\<^sub>! transitive\ -theorem strong_completeness\<^sub>P\<^sub>K\<^sub>4: +lemma strong_completeness\<^sub>P\<^sub>K\<^sub>4: assumes \valid\<^sub>!\<^sub>K\<^sub>4 G p\ - shows \\qs. set qs \ G \ (\\<^sub>!\<^sub>K\<^sub>4 qs \<^bold>\\<^sub>! p)\ + shows \G \\<^sub>!\<^sub>K\<^sub>4 p\ using strong_completeness\<^sub>P assms strong_completeness\<^sub>K\<^sub>4 unfolding Ax4_AxP4 . -corollary completeness\<^sub>P\<^sub>K\<^sub>4: - assumes \valid\<^sub>!\<^sub>K\<^sub>4 {} p\ - shows \\\<^sub>!\<^sub>K\<^sub>4 p\ - using assms strong_completeness\<^sub>P\<^sub>K\<^sub>4[where G=\{}\] by auto +theorem main\<^sub>P\<^sub>K\<^sub>4: \valid\<^sub>!\<^sub>K\<^sub>4 G p \ G \\<^sub>!\<^sub>K\<^sub>4 p\ + using strong_soundness\<^sub>P\<^sub>K\<^sub>4[of G p] strong_completeness\<^sub>P\<^sub>K\<^sub>4[of G p] by fast -theorem main\<^sub>P\<^sub>K\<^sub>4: \valid\<^sub>!\<^sub>K\<^sub>4 {} p \ (\\<^sub>!\<^sub>K\<^sub>4 p)\ - using soundness\<^sub>P\<^sub>K\<^sub>4 completeness\<^sub>P\<^sub>K\<^sub>4 by fast - -corollary - assumes \transitive M\ \w \ \ M\ - shows \valid\<^sub>!\<^sub>K\<^sub>4 {} p \ M, w \\<^sub>! p\ - using assms soundness\<^sub>P\<^sub>K\<^sub>4 completeness\<^sub>P\<^sub>K\<^sub>4 by fast +corollary \valid\<^sub>!\<^sub>K\<^sub>4 G p \ valid\<^sub>!\ transitive G p\ + using strong_soundness\<^sub>P\<^sub>K\<^sub>4[of G p] strong_completeness\<^sub>P\<^sub>K\<^sub>4[of G p] by fast section \System PAL + S4\ -abbreviation SystemPS4 :: \'i pfm \ bool\ (\\\<^sub>!\<^sub>S\<^sub>4 _\ [20] 20) where - \\\<^sub>!\<^sub>S\<^sub>4 p \ AxPT \ AxP4 \\<^sub>! p\ +abbreviation SystemPS4 (\_ \\<^sub>!\<^sub>S\<^sub>4 _\ [50, 50] 50) where + \G \\<^sub>!\<^sub>S\<^sub>4 p \ AxPT \ AxP4, G \\<^sub>! p\ lemma soundness_AxPT4: \(AxPT \ AxP4) p \ refltrans M \ w \ \ M \ M, w \\<^sub>! p\ using soundness_AxPT soundness_AxP4 by fast lemma refltrans_restrict: \refltrans M \ refltrans (restrict M p)\ using reflexive_restrict transitive_restrict by blast -lemma soundness\<^sub>P\<^sub>S\<^sub>4: \\\<^sub>!\<^sub>S\<^sub>4 p \ reflexive M \ transitive M \ w \ \ M \ M, w \\<^sub>! p\ - using soundness[where A=\AxPT \ AxP4\ and P=refltrans] soundness_AxPT4 refltrans_restrict - by fastforce +lemma strong_soundness\<^sub>P\<^sub>S\<^sub>4: \G \\<^sub>!\<^sub>S\<^sub>4 p \ valid\<^sub>!\ refltrans G p\ + using strong_soundness[of \AxPT \ AxP4\ refltrans G p] soundness_AxPT4 refltrans_restrict by fast lemma AxT4_AxPT4: \(AxT \ Ax4) = (AxPT \ AxP4) o lift\ using AxT_AxPT Ax4_AxP4 unfolding comp_apply by metis abbreviation validPS4 (\valid\<^sub>!\<^sub>S\<^sub>4\) where \valid\<^sub>!\<^sub>S\<^sub>4 \ valid\<^sub>! refltrans\ theorem strong_completeness\<^sub>P\<^sub>S\<^sub>4: assumes \valid\<^sub>!\<^sub>S\<^sub>4 G p\ - shows \\qs. set qs \ G \ (\\<^sub>!\<^sub>S\<^sub>4 qs \<^bold>\\<^sub>! p)\ + shows \G \\<^sub>!\<^sub>S\<^sub>4 p\ using strong_completeness\<^sub>P assms strong_completeness\<^sub>S\<^sub>4 unfolding AxT4_AxPT4 . -corollary completeness\<^sub>P\<^sub>S\<^sub>4: - assumes \valid\<^sub>!\<^sub>S\<^sub>4 {} p\ - shows \\\<^sub>!\<^sub>S\<^sub>4 p\ - using assms strong_completeness\<^sub>P\<^sub>S\<^sub>4[where G=\{}\] by auto +theorem main\<^sub>P\<^sub>S\<^sub>4: \valid\<^sub>!\<^sub>S\<^sub>4 G p \ G \\<^sub>!\<^sub>S\<^sub>4 p\ + using strong_soundness\<^sub>P\<^sub>S\<^sub>4[of G p] strong_completeness\<^sub>P\<^sub>S\<^sub>4[of G p] by fast -theorem main\<^sub>P\<^sub>S\<^sub>4: \valid\<^sub>!\<^sub>S\<^sub>4 {} p \ (\\<^sub>!\<^sub>S\<^sub>4 p)\ - using soundness\<^sub>P\<^sub>S\<^sub>4 completeness\<^sub>P\<^sub>S\<^sub>4 by fast - -corollary - assumes \reflexive M\ \transitive M\ \w \ \ M\ - shows \valid\<^sub>!\<^sub>S\<^sub>4 {} p \ M, w \\<^sub>! p\ - using assms soundness\<^sub>P\<^sub>S\<^sub>4 completeness\<^sub>P\<^sub>S\<^sub>4 by fast +corollary \valid\<^sub>!\<^sub>S\<^sub>4 G p \ valid\<^sub>!\ refltrans G p\ + using strong_soundness\<^sub>P\<^sub>S\<^sub>4[of G p] strong_completeness\<^sub>P\<^sub>S\<^sub>4[of G p] by fast section \System PAL + S5\ -abbreviation SystemPS5 :: \'i pfm \ bool\ (\\\<^sub>!\<^sub>S\<^sub>5 _\ [20] 20) where - \\\<^sub>!\<^sub>S\<^sub>5 p \ AxPT \ AxPB \ AxP4 \\<^sub>! p\ +abbreviation SystemPS5 (\_ \\<^sub>!\<^sub>S\<^sub>5 _\ [50, 50] 50) where + \G \\<^sub>!\<^sub>S\<^sub>5 p \ AxPT \ AxPB \ AxP4, G \\<^sub>! p\ abbreviation AxPTB4 :: \'i pfm \ bool\ where \AxPTB4 \ AxPT \ AxPB \ AxP4\ lemma soundness_AxPTB4: \AxPTB4 p \ equivalence M \ w \ \ M \ M, w \\<^sub>! p\ using soundness_AxPT soundness_AxPB soundness_AxP4 by fast lemma equivalence_restrict: \equivalence M \ equivalence (restrict M p)\ using reflexive_restrict symmetric_restrict transitive_restrict by blast -lemma soundness\<^sub>P\<^sub>S\<^sub>5: \\\<^sub>!\<^sub>S\<^sub>5 p \ equivalence M \ w \ \ M \ M, w \\<^sub>! p\ - using soundness[where A=AxPTB4 and P=equivalence and M=M and w=w] - soundness_AxPTB4 equivalence_restrict by fast +lemma strong_soundness\<^sub>P\<^sub>S\<^sub>5: \G \\<^sub>!\<^sub>S\<^sub>5 p \ valid\<^sub>!\ equivalence G p\ + using strong_soundness[of AxPTB4 equivalence G p] soundness_AxPTB4 equivalence_restrict by fast lemma AxTB4_AxPTB4: \AxTB4 = AxPTB4 o lift\ using AxT_AxPT AxB_AxPB Ax4_AxP4 unfolding comp_apply by metis abbreviation validPS5 (\valid\<^sub>!\<^sub>S\<^sub>5\) where \valid\<^sub>!\<^sub>S\<^sub>5 \ valid\<^sub>! equivalence\ theorem strong_completeness\<^sub>P\<^sub>S\<^sub>5: assumes \valid\<^sub>!\<^sub>S\<^sub>5 G p\ - shows \\qs. set qs \ G \ (\\<^sub>!\<^sub>S\<^sub>5 qs \<^bold>\\<^sub>! p)\ + shows \G \\<^sub>!\<^sub>S\<^sub>5 p\ using strong_completeness\<^sub>P assms strong_completeness\<^sub>S\<^sub>5 unfolding AxTB4_AxPTB4 . -corollary completeness\<^sub>P\<^sub>S\<^sub>5: - assumes \valid\<^sub>!\<^sub>S\<^sub>5 {} p\ - shows \\\<^sub>!\<^sub>S\<^sub>5 p\ - using assms strong_completeness\<^sub>P\<^sub>S\<^sub>5[where G=\{}\] by auto +theorem main\<^sub>P\<^sub>S\<^sub>5: \valid\<^sub>!\<^sub>S\<^sub>5 G p \ G \\<^sub>!\<^sub>S\<^sub>5 p\ + using strong_soundness\<^sub>P\<^sub>S\<^sub>5[of G p] strong_completeness\<^sub>P\<^sub>S\<^sub>5[of G p] by fast -theorem main\<^sub>P\<^sub>S\<^sub>5: \valid\<^sub>!\<^sub>S\<^sub>5 {} p \ (\\<^sub>!\<^sub>S\<^sub>5 p)\ - using soundness\<^sub>P\<^sub>S\<^sub>5 completeness\<^sub>P\<^sub>S\<^sub>5 by fast - -corollary - assumes \reflexive M\ \symmetric M\ \transitive M\ \w \ \ M\ - shows \valid\<^sub>!\<^sub>S\<^sub>5 {} p \ M, w \\<^sub>! p\ - using assms soundness\<^sub>P\<^sub>S\<^sub>5 completeness\<^sub>P\<^sub>S\<^sub>5 by fast +corollary \valid\<^sub>!\<^sub>S\<^sub>5 G p \ valid\<^sub>!\ equivalence G p\ + using strong_soundness\<^sub>P\<^sub>S\<^sub>5[of G p] strong_completeness\<^sub>P\<^sub>S\<^sub>5[of G p] by fast end