diff --git a/thys/Epistemic_Logic/Epistemic_Logic.thy b/thys/Epistemic_Logic/Epistemic_Logic.thy --- a/thys/Epistemic_Logic/Epistemic_Logic.thy +++ b/thys/Epistemic_Logic/Epistemic_Logic.thy @@ -1,1672 +1,829 @@ (* File: Epistemic_Logic.thy Author: Asta Halkjær From This work is a formalization of epistemic logic with countably many agents. It includes proofs of soundness and completeness for the axiom system K. The completeness proof is based on the textbook "Reasoning About Knowledge" by Fagin, Halpern, Moses and Vardi (MIT Press 1995). *) theory Epistemic_Logic imports "HOL-Library.Countable" begin section \Syntax\ type_synonym id = string datatype 'i fm = FF ("\<^bold>\") | Pro id | Dis \'i fm\ \'i fm\ (infixr "\<^bold>\" 30) | Con \'i fm\ \'i fm\ (infixr "\<^bold>\" 35) | Imp \'i fm\ \'i fm\ (infixr "\<^bold>\" 25) | K 'i \'i fm\ abbreviation TT ("\<^bold>\") where \TT \ \<^bold>\ \<^bold>\ \<^bold>\\ abbreviation Neg ("\<^bold>\ _" [40] 40) where \Neg p \ p \<^bold>\ \<^bold>\\ section \Semantics\ datatype ('i, 's) kripke = Kripke (\: \'s \ id \ bool\) (\: \'i \ 's \ 's set\) primrec semantics :: \('i, 's) kripke \ 's \ 'i fm \ bool\ ("_, _ \ _" [50,50] 50) where \(_, _ \ \<^bold>\) = False\ | \(M, s \ Pro i) = \ M s i\ | \(M, s \ (p \<^bold>\ q)) = ((M, s \ p) \ (M, s \ q))\ | \(M, s \ (p \<^bold>\ q)) = ((M, s \ p) \ (M, s \ q))\ | \(M, s \ (p \<^bold>\ q)) = ((M, s \ p) \ (M, s \ q))\ | \(M, s \ K i p) = (\t \ \ M i s. M, t \ p)\ -section \Utility\ +section \S5 Axioms\ abbreviation reflexive :: \('i, 's) kripke \ bool\ where \reflexive M \ \i s. s \ \ M i s\ abbreviation symmetric :: \('i, 's) kripke \ bool\ where \symmetric M \ \i s t. t \ \ M i s \ s \ \ M i t\ abbreviation transitive :: \('i, 's) kripke \ bool\ where \transitive M \ \i s t u. t \ \ M i s \ u \ \ M i t \ u \ \ M i s\ -lemma Imp_intro: \(M, s \ p \ M, s \ q) \ M, s \ Imp p q\ +lemma Imp_intro [intro]: \(M, s \ p \ M, s \ q) \ M, s \ Imp p q\ by simp -section \S5 Axioms\ - theorem distribution: \M, s \ (K i p \<^bold>\ K i (p \<^bold>\ q) \<^bold>\ K i q)\ -proof (rule Imp_intro) +proof assume \M, s \ (K i p \<^bold>\ K i (p \<^bold>\ q))\ then have \M, s \ K i p\ \M, s \ K i (p \<^bold>\ q)\ by simp_all then have \\t \ \ M i s. M, t \ p\ \\t \ \ M i s. M, t \ (p \<^bold>\ q)\ by simp_all then have \\t \ \ M i s. M, t \ q\ by simp then show \M, s \ K i q\ by simp qed theorem generalization: assumes valid: \\(M :: ('i, 's) kripke) s. M, s \ p\ shows \(M :: ('i, 's) kripke), s \ K i p\ proof - have \\t \ \ M i s. M, t \ p\ using valid by blast then show \M, s \ K i p\ by simp qed theorem truth: assumes \reflexive M\ shows \M, s \ (K i p \<^bold>\ p)\ -proof (rule Imp_intro) +proof assume \M, s \ K i p\ then have \\t \ \ M i s. M, t \ p\ by simp moreover have \s \ \ M i s\ using \reflexive M\ by blast ultimately show \M, s \ p\ by blast qed theorem pos_introspection: assumes \transitive M\ shows \M, s \ (K i p \<^bold>\ K i (K i p))\ -proof (rule Imp_intro) +proof assume \M,s \ K i p\ then have \\t \ \ M i s. M, t \ p\ by simp then have \\t \ \ M i s. \u \ \ M i t. M, u \ p\ using \transitive M\ by blast then have \\t \ \ M i s. M, t \ K i p\ by simp then show \M, s \ K i (K i p)\ by simp qed theorem neg_introspection: assumes \symmetric M\ \transitive M\ shows \M, s \ (\<^bold>\ K i p \<^bold>\ K i (\<^bold>\ K i p))\ -proof (rule Imp_intro) +proof assume \M,s \ \<^bold>\ (K i p)\ then obtain u where \u \ \ M i s\ \\ (M, u \ p)\ by auto moreover have \\t \ \ M i s. u \ \ M i t\ using \u \ \ M i s\ \symmetric M\ \transitive M\ by blast ultimately have \\t \ \ M i s. M, t \ \<^bold>\ K i p\ by auto then show \M, s \ K i (\<^bold>\ K i p)\ by simp qed section \Axiom System K\ primrec eval :: \(id \ bool) \ ('i fm \ bool) \ 'i fm \ bool\ where \eval _ _ \<^bold>\ = False\ | \eval g _ (Pro i) = g i\ | \eval g h (p \<^bold>\ q) = (eval g h p \ eval g h q)\ | \eval g h (p \<^bold>\ q) = (eval g h p \ eval g h q)\ | \eval g h (p \<^bold>\ q) = (eval g h p \ eval g h q)\ | \eval _ h (K i p) = h (K i p)\ abbreviation \tautology p \ \g h. eval g h p\ inductive SystemK :: \'i fm \ bool\ ("\ _" [50] 50) where A1: \tautology p \ \ p\ | A2: \\ (K i p \<^bold>\ K i (p \<^bold>\ q) \<^bold>\ K i q)\ | R1: \\ p \ \ (p \<^bold>\ q) \ \ q\ | R2: \\ p \ \ K i p\ section \Soundness\ lemma eval_semantics: \eval (pi s) (\q. Kripke pi r, s \ q) p = (Kripke pi r, s \ p)\ by (induct p) simp_all -theorem tautology: \tautology p \ M, s \ p\ +lemma tautology: + assumes \tautology p\ + shows \M, s \ p\ proof - - assume \tautology p\ - then have \eval (g s) (\q. Kripke g r, s \ q) p\ for g r + from assms have \eval (g s) (\q. Kripke g r, s \ q) p\ for g r by simp then have \Kripke g r, s \ p\ for g r using eval_semantics by metis then show \M, s \ p\ by (metis kripke.collapse) qed theorem soundness: \\ p \ M, s \ p\ by (induct p arbitrary: s rule: SystemK.induct) (simp_all add: tautology) section \Derived rules\ -lemma K_FFI: \\ (p \<^bold>\ (\<^bold>\ p) \<^bold>\ \<^bold>\)\ - by (simp add: A1) - -primrec conjoin :: \'i fm list \ 'i fm \ 'i fm\ where - \conjoin [] q = q\ -| \conjoin (p # ps) q = (p \<^bold>\ conjoin ps q)\ - primrec imply :: \'i fm list \ 'i fm \ 'i fm\ where \imply [] q = q\ | \imply (p # ps) q = (p \<^bold>\ imply ps q)\ lemma K_imply_head: \\ imply (p # ps) p\ proof - have \tautology (imply (p # ps) p)\ by (induct ps) simp_all then show ?thesis using A1 by blast qed lemma K_imply_Cons: assumes \\ imply ps q\ shows \\ imply (p # ps) q\ proof - - have \tautology (imply ps q \<^bold>\ imply (p # ps) q)\ - by simp - then have \\ (imply ps q \<^bold>\ imply (p # ps) q)\ - using A1 by blast - then show ?thesis - using assms R1 by blast -qed - -lemma K_imply_member: \p \ set ps \ \ imply ps p\ -proof (induct ps) - case Nil - then show ?case - by simp -next - case (Cons a ps) - then show ?case - proof (cases \a = p\) - case True - then show ?thesis - using Cons K_imply_head by blast - next - case False - then show ?thesis - using Cons K_imply_Cons by simp - qed + have \\ (imply ps q \<^bold>\ imply (p # ps) q)\ + by (simp add: A1) + with R1 assms show ?thesis . qed lemma K_right_mp: assumes \\ imply ps p\ \\ imply ps (p \<^bold>\ q)\ shows \\ imply ps q\ proof - have \tautology (imply ps p \<^bold>\ imply ps (p \<^bold>\ q) \<^bold>\ imply ps q)\ by (induct ps) simp_all - then have \\ (imply ps p \<^bold>\ imply ps (p \<^bold>\ q) \<^bold>\ imply ps q)\ - using A1 by blast + with A1 have \\ (imply ps p \<^bold>\ imply ps (p \<^bold>\ q) \<^bold>\ imply ps q)\ . then show ?thesis using assms R1 by blast qed lemma tautology_imply_superset: assumes \set ps \ set qs\ shows \tautology (imply ps r \<^bold>\ imply qs r)\ proof (rule ccontr) assume \\ tautology (imply ps r \<^bold>\ imply qs r)\ then obtain g h where \\ eval g h (imply ps r \<^bold>\ imply qs r)\ by blast then have \eval g h (imply ps r)\ \\ eval g h (imply qs r)\ by simp_all then consider (np) \\p \ set ps. \ eval g h p\ | (r) \\p \ set ps. eval g h p\ \eval g h r\ by (induct ps) auto then show False proof cases case np then have \\p \ set qs. \ eval g h p\ using \set ps \ set qs\ by blast then have \eval g h (imply qs r)\ by (induct qs) simp_all then show ?thesis using \\ eval g h (imply qs r)\ by blast next case r then have \eval g h (imply qs r)\ by (induct qs) simp_all then show ?thesis using \\ eval g h (imply qs r)\ by blast qed qed -lemma tautology_imply: \tautology q \ tautology (imply ps q)\ - by (induct ps) simp_all - -theorem K_imply_weaken: +lemma K_imply_weaken: assumes \\ imply ps q\ \set ps \ set ps'\ shows \\ imply ps' q\ proof - have \tautology (imply ps q \<^bold>\ imply ps' q)\ - using \set ps \ set ps'\ - proof (induct ps arbitrary: ps') - case Nil - then show ?case - by (induct ps') simp_all - next - case (Cons a G) - then show ?case - using tautology_imply_superset by blast - qed + using \set ps \ set ps'\ tautology_imply_superset by blast then have \\ (imply ps q \<^bold>\ imply ps' q)\ using A1 by blast then show ?thesis using \\ imply ps q\ R1 by blast qed lemma imply_append: \imply (ps @ ps') q = imply ps (imply ps' q)\ by (induct ps) simp_all lemma K_ImpI: assumes \\ imply (p # G) q\ shows \\ imply G (p \<^bold>\ q)\ proof - have \set (p # G) \ set (G @ [p])\ by simp then have \\ imply (G @ [p]) q\ using assms K_imply_weaken by blast then have \\ imply G (imply [p] q)\ using imply_append by metis then show ?thesis by simp qed -lemma cut: \\ imply G p \ \ imply (p # G) q \ \ imply G q\ - using K_ImpI K_right_mp by blast - -lemma K_Boole: \\ imply ((\<^bold>\ p) # G) \<^bold>\ \ \ imply G p\ +lemma K_Boole: + assumes \\ imply ((\<^bold>\ p) # G) \<^bold>\\ + shows \\ imply G p\ proof - - assume \\ imply ((\<^bold>\ p) # G) \<^bold>\\ - then have \\ imply G (\<^bold>\ \<^bold>\ p)\ - using K_ImpI by blast + have \\ imply G (\<^bold>\ \<^bold>\ p)\ + using assms K_ImpI by blast moreover have \tautology (imply G (\<^bold>\ \<^bold>\ p) \<^bold>\ imply G p)\ by (induct G) simp_all then have \\ (imply G (\<^bold>\ \<^bold>\ p) \<^bold>\ imply G p)\ using A1 by blast ultimately show ?thesis using R1 by blast qed lemma K_DisE: assumes \\ imply (A # G) C\ \\ imply (B # G) C\ \\ imply G (A \<^bold>\ B)\ shows \\ imply G C\ proof - have \tautology (imply (A # G) C \<^bold>\ imply (B # G) C \<^bold>\ imply G (A \<^bold>\ B) \<^bold>\ imply G C)\ by (induct G) auto then have \\ (imply (A # G) C \<^bold>\ imply (B # G) C \<^bold>\ imply G (A \<^bold>\ B) \<^bold>\ imply G C)\ using A1 by blast then show ?thesis using assms R1 by blast qed -lemma K_conjoin_imply: - assumes \\ (\<^bold>\ conjoin G (\<^bold>\ p))\ - shows \\ imply G p\ +lemma K_mp: \\ imply (p # (p \<^bold>\ q) # V) q\ + by (meson K_imply_head K_imply_weaken K_right_mp set_subset_Cons) + +lemma K_swap: + assumes \\ imply (p # q # G) r\ + shows \\ imply (q # p # G) r\ + using assms K_ImpI by (metis imply.simps(1-2)) + +lemma K_DisL: + assumes \\ imply (p # ps) q\ \\ imply (p' # ps) q\ + shows \\ imply ((p \<^bold>\ p') # ps) q\ proof - - have \tautology (\<^bold>\ conjoin G (\<^bold>\ p) \<^bold>\ imply G p)\ - by (induct G) simp_all - then have \\ (\<^bold>\ conjoin G (\<^bold>\ p) \<^bold>\ imply G p)\ - using A1 by blast - then show ?thesis - using assms R1 by blast + have \\ imply (p # (p \<^bold>\ p') # ps) q\ \\ imply (p' # (p \<^bold>\ p') # ps) q\ + using assms K_swap K_imply_Cons by blast+ + moreover have \\ imply ((p \<^bold>\ p') # ps) (p \<^bold>\ p')\ + using K_imply_head by blast + ultimately show ?thesis + using K_DisE by blast qed lemma K_distrib_K_imp: assumes \\ K i (imply G q)\ shows \\ imply (map (K i) G) (K i q)\ proof - have \\ (K i (imply G q) \<^bold>\ imply (map (K i) G) (K i q))\ proof (induct G) case Nil then show ?case by (simp add: A1) next case (Cons a G) have \\ (K i a \<^bold>\ K i (imply (a # G) q) \<^bold>\ K i (imply G q))\ by (simp add: A2) moreover have \\ ((K i a \<^bold>\ K i (imply (a # G) q) \<^bold>\ K i (imply G q)) \<^bold>\ (K i (imply G q) \<^bold>\ imply (map (K i) G) (K i q)) \<^bold>\ (K i a \<^bold>\ K i (imply (a # G) q) \<^bold>\ imply (map (K i) G) (K i q)))\ by (simp add: A1) ultimately have \\ (K i a \<^bold>\ K i (imply (a # G) q) \<^bold>\ imply (map (K i) G) (K i q))\ using Cons R1 by blast moreover have \\ ((K i a \<^bold>\ K i (imply (a # G) q) \<^bold>\ imply (map (K i) G) (K i q)) \<^bold>\ (K i (imply (a # G) q) \<^bold>\ K i a \<^bold>\ imply (map (K i) G) (K i q)))\ by (simp add: A1) ultimately have \\ (K i (imply (a # G) q) \<^bold>\ K i a \<^bold>\ imply (map (K i) G) (K i q))\ using R1 by blast then show ?case by simp qed then show ?thesis using assms R1 by blast qed -section \Consistency\ - -definition consistency :: \'i fm set set \ bool\ where - \consistency C \ \S \ C. - (\p. \ (Pro p \ S \ (\<^bold>\ Pro p) \ S)) \ - \<^bold>\ \ S \ - (\Z. (\<^bold>\ (\<^bold>\ Z)) \ S \ S \ {Z} \ C) \ - (\A B. (A \<^bold>\ B) \ S \ S \ {A, B} \ C) \ - (\A B. (\<^bold>\ (A \<^bold>\ B)) \ S \ S \ {\<^bold>\ A, \<^bold>\ B} \ C) \ - (\A B. (A \<^bold>\ B) \ S \ S \ {A} \ C \ S \ {B} \ C) \ - (\A B. (\<^bold>\ (A \<^bold>\ B)) \ S \ S \ {\<^bold>\ A} \ C \ S \ {\<^bold>\ B} \ C) \ - (\A B. (A \<^bold>\ B) \ S \ S \ {\<^bold>\ A} \ C \ S \ {B} \ C) \ - (\A B. (\<^bold>\ (A \<^bold>\ B)) \ S \ S \ {A, \<^bold>\ B} \ C) \ - (\A. tautology A \ S \ {A} \ C) \ - (\A i. \ (K i A \ S \ (\<^bold>\ K i A) \ S))\ - -subsection \Closure under subsets\ - -definition close :: \'i fm set set \ 'i fm set set\ where - \close C \ {S. \S' \ C. S \ S'}\ - -definition subset_closed :: \'a set set \ bool\ where - \subset_closed C \ (\S' \ C. \S. S \ S' \ S \ C)\ - -lemma subset_in_close: - assumes \S' \ S\ \S \ x \ C\ - shows \S' \ x \ close C\ -proof - - have \S \ x \ close C\ - unfolding close_def using \S \ x \ C\ by blast - then show ?thesis - unfolding close_def using \S' \ S\ by blast -qed - -theorem close_consistency: - fixes C :: \'i fm set set\ - assumes \consistency C\ - shows \consistency (close C)\ - unfolding consistency_def -proof (intro ballI allI impI conjI) - fix S' :: \'i fm set\ - assume \S' \ close C\ - then obtain S where \S \ C\ \S' \ S\ - unfolding close_def by blast - - { fix p - have \\ (Pro p \ S \ (\<^bold>\ Pro p) \ S)\ - using \S \ C\ \consistency C\ unfolding consistency_def by simp - then show \\ (Pro p \ S' \ (\<^bold>\ Pro p) \ S')\ - using \S' \ S\ by blast } - - { have \\<^bold>\ \ S\ - using \S \ C\ \consistency C\ unfolding consistency_def by blast - then show \\<^bold>\ \ S'\ - using \S' \ S\ by blast } - - { fix Z - assume \(\<^bold>\ (\<^bold>\ Z)) \ S'\ - then have \(\<^bold>\ (\<^bold>\ Z)) \ S\ - using \S' \ S\ by blast - then have \S \ {Z} \ C\ - using \S \ C\ \consistency C\ unfolding consistency_def by simp - then show \S' \ {Z} \ close C\ - using \S' \ S\ subset_in_close by blast } - - { fix A B - assume \(A \<^bold>\ B) \ S'\ - then have \(A \<^bold>\ B) \ S\ - using \S' \ S\ by blast - then have \S \ {A, B} \ C\ - using \S \ C\ \consistency C\ unfolding consistency_def by simp - then show \S' \ {A, B} \ close C\ - using \S' \ S\ subset_in_close by blast } +section \Completeness\ - { fix A B - assume \(\<^bold>\ (A \<^bold>\ B)) \ S'\ - then have \(\<^bold>\ (A \<^bold>\ B)) \ S\ - using \S' \ S\ by blast - then have \S \ {\<^bold>\ A, \<^bold>\ B} \ C\ - using \S \ C\ \consistency C\ unfolding consistency_def by simp - then show \S' \ {\<^bold>\ A, \<^bold>\ B} \ close C\ - using \S' \ S\ subset_in_close by blast } - - { fix A B - assume \(\<^bold>\ (A \<^bold>\ B)) \ S'\ - then have \(\<^bold>\ (A \<^bold>\ B)) \ S\ - using \S' \ S\ by blast - then have \S \ {A, \<^bold>\ B} \ C\ - using \S \ C\ \consistency C\ unfolding consistency_def by metis - then show \S' \ {A, \<^bold>\ B} \ close C\ - using \S' \ S\ subset_in_close by blast } - - { fix A B - assume \(A \<^bold>\ B) \ S'\ - then have \(A \<^bold>\ B) \ S\ - using \S' \ S\ by blast - then have \S \ {A} \ C \ S \ {B} \ C\ - using \S \ C\ \consistency C\ unfolding consistency_def by simp - then show \S' \ {A} \ close C \ S' \ {B} \ close C\ - using \S' \ S\ subset_in_close by blast } - - { fix A B - assume \(\<^bold>\ (A \<^bold>\ B)) \ S'\ - then have \(\<^bold>\ (A \<^bold>\ B)) \ S\ - using \S' \ S\ by blast - then have \S \ {\<^bold>\ A} \ C \ S \ {\<^bold>\ B} \ C\ - using \S \ C\ \consistency C\ unfolding consistency_def by simp - then show \S' \ {\<^bold>\ A} \ close C \ S' \ {\<^bold>\ B} \ close C\ - using \S' \ S\ subset_in_close by blast } +subsection \Consistent sets\ - { fix A B - assume \(A \<^bold>\ B) \ S'\ - then have \(A \<^bold>\ B) \ S\ - using \S' \ S\ by blast - then have \S \ {\<^bold>\ A} \ C \ S \ {B} \ C\ - using \S \ C\ \consistency C\ unfolding consistency_def by simp - then show \S' \ {\<^bold>\ A} \ close C \ S' \ {B} \ close C\ - using \S' \ S\ subset_in_close by blast } - - { fix A :: \'i fm\ - assume \tautology A\ - then have \S \ {A} \ C\ - using \S \ C\ \consistency C\ unfolding consistency_def by simp - then show \S' \ {A} \ close C\ - using \S' \ S\ subset_in_close by blast } - - { fix A i - have \\ (K i A \ S \ (\<^bold>\ K i A) \ S)\ - using \S \ C\ \consistency C\ unfolding consistency_def by simp - then show \\ (K i A \ S' \ (\<^bold>\ K i A) \ S')\ - using \S' \ S\ by blast } - -qed +definition consistent :: \'i fm set \ bool\ where + \consistent S \ \S'. set S' \ S \ \ imply S' \<^bold>\\ -theorem close_closed: \subset_closed (close C)\ - unfolding close_def subset_closed_def by blast - -theorem close_subset: \C \ close C\ - unfolding close_def by blast - -subsection \Finite character\ - -definition finite_char :: \'a set set \ bool\ where - \finite_char C \ (\S. S \ C = (\S'. finite S' \ S' \ S \ S' \ C))\ +lemma inconsistent_subset: + assumes \consistent V\ \\ consistent ({p} \ V)\ + obtains S where \set S \ V\ \\ imply (p # S) \<^bold>\\ +proof - + obtain V' where V': \set V' \ ({p} \ V)\ \p \ set V'\ \\ imply V' \<^bold>\\ + using assms unfolding consistent_def by blast + then have *: \\ imply (p # V') \<^bold>\\ + using K_imply_Cons by blast -definition mk_finite_char :: \'a set set \ 'a set set\ where - \mk_finite_char C \ {S. \S'. finite S' \ S' \ S \ S' \ C}\ - -theorem finite_char: \finite_char (mk_finite_char C)\ - unfolding finite_char_def mk_finite_char_def by blast - -theorem finite_char_closed: \finite_char C \ subset_closed C\ - unfolding finite_char_def subset_closed_def -proof (intro ballI allI impI) - fix S S' - assume *: \\S. (S \ C) = (\S'. finite S' \ S' \ S \ S' \ C)\ - and \S' \ C\ \S \ S'\ - then have \\S'. finite S' \ S' \ S \ S' \ C\ - by blast - then show \S \ C\ - using * by blast + let ?S = \removeAll p V'\ + have \set (p # V') \ set (p # ?S)\ + by auto + then have \\ imply (p # ?S) \<^bold>\\ + using * K_imply_weaken by blast + moreover have \set ?S \ V\ + using V'(1) by (metis Diff_subset_conv set_removeAll) + ultimately show ?thesis + using that by blast qed -theorem finite_char_subset: \subset_closed C \ C \ mk_finite_char C\ - unfolding mk_finite_char_def subset_closed_def by blast - -theorem finite_consistency: - fixes C :: \'i fm set set\ - assumes \consistency C\ \subset_closed C\ - shows \consistency (mk_finite_char C)\ - unfolding consistency_def -proof (intro ballI allI impI conjI) - fix S - assume \S \ mk_finite_char C\ - then have finc: \\S' \ S. finite S' \ S' \ C\ - unfolding mk_finite_char_def by blast - - have \\S' \ C. \S \ S'. S \ C\ - using \subset_closed C\ unfolding subset_closed_def by blast - then have sc: \\S' x. S' \ x \ C \ (\S \ S' \ x. S \ C)\ - by blast - - { fix i - show \\ (Pro i \ S \ (\<^bold>\ Pro i) \ S)\ - proof - assume \Pro i \ S \ (\<^bold>\ Pro i) \ S\ - then have \{Pro i, (\<^bold>\ Pro i)} \ C\ - using finc by simp - then show False - using \consistency C\ unfolding consistency_def by fast - qed } - - show \\<^bold>\ \ S\ - proof - assume \\<^bold>\ \ S\ - then have \{\<^bold>\} \ C\ - using finc by simp - then show False - using \consistency C\ unfolding consistency_def by fast - qed - - { fix Z - assume *: \(\<^bold>\ \<^bold>\ Z) \ S\ - show \S \ {Z} \ mk_finite_char C\ - unfolding mk_finite_char_def - proof (intro allI impI CollectI) - fix S' - let ?S' = \S' - {Z} \ {\<^bold>\ \<^bold>\ Z}\ - - assume \S' \ S \ {Z}\ \finite S'\ - then have \?S' \ S\ - using * by blast - moreover have \finite ?S'\ - using \finite S'\ by blast - ultimately have \?S' \ C\ - using finc by blast - then have \?S' \ {Z} \ C\ - using \consistency C\ unfolding consistency_def by simp - then show \S' \ C\ - using sc by blast - qed } - - { fix A B - assume *: \(A \<^bold>\ B) \ S\ - show \S \ {A, B} \ mk_finite_char C\ - unfolding mk_finite_char_def - proof (intro allI impI CollectI) - fix S' - let ?S' = \S' - {A, B} \ {A \<^bold>\ B}\ - - assume \S' \ S \ {A, B}\ \finite S'\ - then have \?S' \ S\ - using * by blast - moreover have \finite ?S'\ - using \finite S'\ by blast - ultimately have \?S' \ C\ - using finc by blast - then have \?S' \ {A, B} \ C\ - using \consistency C\ unfolding consistency_def by simp - then show \S' \ C\ - using sc by blast - qed } - - { fix A B - assume *: \(\<^bold>\ (A \<^bold>\ B)) \ S\ - show \S \ {\<^bold>\ A, \<^bold>\ B} \ mk_finite_char C\ - unfolding mk_finite_char_def - proof (intro allI impI CollectI) - fix S' - let ?S' = \S' - {\<^bold>\ A, \<^bold>\ B} \ {\<^bold>\ (A \<^bold>\ B)}\ - - assume \S' \ S \ {\<^bold>\ A, \<^bold>\ B}\ \finite S'\ - then have \?S' \ S\ - using * by blast - moreover have \finite ?S'\ - using \finite S'\ by blast - ultimately have \?S' \ C\ - using finc by blast - then have \?S' \ {\<^bold>\ A, \<^bold>\ B} \ C\ - using \consistency C\ unfolding consistency_def by simp - then show \S' \ C\ - using sc by blast - qed } - - { fix A B - assume *: \(\<^bold>\ (A \<^bold>\ B)) \ S\ - show \S \ {A, \<^bold>\ B} \ mk_finite_char C\ - unfolding mk_finite_char_def - proof (intro allI impI CollectI) - fix S' - let ?S' = \S' - {A, \<^bold>\ B} \ {\<^bold>\ (A \<^bold>\ B)}\ - - assume \S' \ S \ {A, \<^bold>\ B}\ \finite S'\ - then have \?S' \ S\ - using * by blast - moreover have \finite ?S'\ - using \finite S'\ by blast - ultimately have \?S' \ C\ - using finc by blast - then have \?S' \ {A, \<^bold>\ B} \ C\ - using \consistency C\ unfolding consistency_def by simp - then show \S' \ C\ - using sc by blast - qed } - - { fix A B - assume *: \(A \<^bold>\ B) \ S\ - show \S \ {A} \ mk_finite_char C \ S \ {B} \ mk_finite_char C\ - proof (rule ccontr) - assume \\ ?thesis\ - then obtain Sa Sb - where \Sa \ S \ {A}\ \finite Sa\ \Sa \ C\ - and \Sb \ S \ {B}\ \finite Sb\ \Sb \ C\ - unfolding mk_finite_char_def by blast - - let ?S' = \(Sa - {A}) \ (Sb - {B}) \ {A \<^bold>\ B}\ - - have \?S' \ S\ - using \Sa \ S \ {A}\ \Sb \ S \ {B}\ * by blast - moreover have \finite ?S'\ - using \finite Sa\ \finite Sb\ by blast - ultimately have \?S' \ C\ - using finc by blast - then have \?S' \ {A} \ C \ ?S' \ {B} \ C\ - using \consistency C\ unfolding consistency_def by simp - then have \Sa \ C \ Sb \ C\ - using sc by blast - then show False - using \Sa \ C\ \Sb \ C\ by blast - qed } - - { fix A B - assume *: \(\<^bold>\ (A \<^bold>\ B)) \ S\ - show \S \ {\<^bold>\ A} \ mk_finite_char C \ S \ {\<^bold>\ B} \ mk_finite_char C\ - proof (rule ccontr) - assume \\ ?thesis\ - then obtain Sa Sb - where \Sa \ S \ {\<^bold>\ A}\ \finite Sa\ \Sa \ C\ - and \Sb \ S \ {\<^bold>\ B}\ \finite Sb\ \Sb \ C\ - unfolding mk_finite_char_def by blast - - let ?S' = \(Sa - {\<^bold>\ A}) \ (Sb - {\<^bold>\ B}) \ {\<^bold>\ (A \<^bold>\ B)}\ - - have \?S' \ S\ - using \Sa \ S \ {\<^bold>\ A}\ \Sb \ S \ {\<^bold>\ B}\ * by blast - moreover have \finite ?S'\ - using \finite Sa\ \finite Sb\ by blast - ultimately have \?S' \ C\ - using finc by blast - then have \?S' \ {\<^bold>\ A} \ C \ ?S' \ {\<^bold>\ B} \ C\ - using \consistency C\ unfolding consistency_def by simp - then have \Sa \ C \ Sb \ C\ - using sc by blast - then show False - using \Sa \ C\ \Sb \ C\ by blast - qed } - - { fix A B - assume *: \(A \<^bold>\ B) \ S\ - show \S \ {\<^bold>\ A} \ mk_finite_char C \ S \ {B} \ mk_finite_char C\ - proof (rule ccontr) - assume \\ ?thesis\ - then obtain Sa Sb - where \Sa \ S \ {\<^bold>\ A}\ \finite Sa\ \Sa \ C\ - and \Sb \ S \ {B}\ \finite Sb\ \Sb \ C\ - unfolding mk_finite_char_def by blast - - let ?S' = \(Sa - {\<^bold>\ A}) \ (Sb - {B}) \ {A \<^bold>\ B}\ - - have \?S' \ S\ - using \Sa \ S \ {\<^bold>\ A}\ \Sb \ S \ {B}\ * by blast - moreover have \finite ?S'\ - using \finite Sa\ \finite Sb\ by blast - ultimately have \?S' \ C\ - using finc by blast - then have \?S' \ {\<^bold>\ A} \ C \ ?S' \ {B} \ C\ - using \consistency C\ unfolding consistency_def by simp - then have \Sa \ C \ Sb \ C\ - using sc by blast - then show False - using \Sa \ C\ \Sb \ C\ by blast - qed } - - { fix A :: \'i fm\ - assume *: \tautology A\ - show \S \ {A} \ mk_finite_char C\ - unfolding mk_finite_char_def - proof (intro allI impI CollectI) - fix S' - let ?S' = \S' - {A}\ - - assume \S' \ S \ {A}\ \finite S'\ - then have \?S' \ S\ - using * by blast - moreover have \finite ?S'\ - using \finite S'\ by blast - ultimately have \?S' \ C\ - using finc by blast - then have \?S' \ {A} \ C\ - using * \consistency C\ unfolding consistency_def by metis - then show \S' \ C\ - using sc by blast - qed } - - { fix A i - assume \S \ mk_finite_char C\ - show \\ (K i A \ S \ (\<^bold>\ K i A) \ S)\ - proof - assume \K i A \ S \ (\<^bold>\ K i A) \ S\ - then have \{K i A, (\<^bold>\ K i A)} \ C\ - using finc by simp - then show False - using \consistency C\ unfolding consistency_def by auto - qed } - +lemma consistent_consequent: + assumes \consistent V\ \p \ V\ \\ (p \<^bold>\ q)\ + shows \consistent ({q} \ V)\ +proof - + have \\V'. set V' \ V \ \ \ imply (p # V') \<^bold>\\ + using \consistent V\ \p \ V\ unfolding consistent_def + by (metis insert_subset list.simps(15)) + then have \\V'. set V' \ V \ \ \ imply (q # V') \<^bold>\\ + using \\ (p \<^bold>\ q)\ K_imply_head K_right_mp by (metis imply.simps(1-2)) + then show ?thesis + using \consistent V\ inconsistent_subset by metis qed -subsection \Maximal extension\ +lemma consistent_consequent': + assumes \consistent V\ \p \ V\ \tautology (p \<^bold>\ q)\ + shows \consistent ({q} \ V)\ + using assms consistent_consequent A1 by blast + +lemma consistent_disjuncts: + assumes \consistent V\ \(p \<^bold>\ q) \ V\ + shows \consistent ({p} \ V) \ consistent ({q} \ V)\ +proof (rule ccontr) + assume \\ ?thesis\ + then have \\ consistent ({p} \ V)\ \\ consistent ({q} \ V)\ + by blast+ + + then obtain S' T' where + S': \set S' \ V\ \\ imply (p # S') \<^bold>\\ and + T': \set T' \ V\ \\ imply (q # T') \<^bold>\\ + using \consistent V\ inconsistent_subset by metis + + from S' have p: \\ imply (p # S' @ T') \<^bold>\\ + by (metis K_imply_weaken Un_upper1 append_Cons set_append) + moreover from T' have q: \\ imply (q # S' @ T') \<^bold>\\ + by (metis K_imply_head K_right_mp R1 imply.simps(2) imply_append) + ultimately have \\ imply ((p \<^bold>\ q) # S' @ T') \<^bold>\\ + using K_DisL by blast + then have \\ imply (S' @ T') \<^bold>\\ + using S'(1) T'(1) p q \consistent V\ \(p \<^bold>\ q) \ V\ unfolding consistent_def + by (metis Un_subset_iff insert_subset list.simps(15) set_append) + moreover have \set (S' @ T') \ V\ + by (simp add: S'(1) T'(1)) + ultimately show False + using \consistent V\ unfolding consistent_def by blast +qed + +lemma exists_finite_inconsistent: + assumes \\ consistent ({\<^bold>\ p} \ V)\ + obtains W where \{\<^bold>\ p} \ W \ {\<^bold>\ p} \ V\ \(\<^bold>\ p) \ W\ \finite W\ \\ consistent ({\<^bold>\ p} \ W)\ +proof - + obtain W' where W': \set W' \ {\<^bold>\ p} \ V\ \\ imply W' \<^bold>\\ + using assms unfolding consistent_def by blast + let ?S = \removeAll (\<^bold>\ p) W'\ + have \\ consistent ({\<^bold>\ p} \ set ?S)\ + unfolding consistent_def using W'(2) by auto + moreover have \finite (set ?S)\ + by blast + moreover have \{\<^bold>\ p} \ set ?S \ {\<^bold>\ p} \ V\ + using W'(1) by auto + moreover have \(\<^bold>\ p) \ set ?S\ + by simp + ultimately show ?thesis + by (meson that) +qed + +lemma inconsistent_imply: + assumes \\ consistent ({\<^bold>\ p} \ set W)\ + shows \\ imply W p\ + using assms K_Boole K_imply_weaken unfolding consistent_def + by (metis insert_is_Un list.simps(15)) + +subsection \Maximal consistent sets\ + +definition maximal :: \'i fm set \ bool\ where + \maximal S \ \p. p \ S \ \ consistent ({p} \ S)\ + +theorem K_deriv_in_maximal: + assumes \consistent V\ \maximal V\ \\ p\ + shows \p \ V\ + using assms R1 inconsistent_subset unfolding consistent_def maximal_def + by (metis imply.simps(2)) + +theorem exactly_one_in_maximal: + assumes \consistent V\ \maximal V\ + shows \p \ V \ (\<^bold>\ p) \ V\ +proof + assume \p \ V\ + then show \(\<^bold>\ p) \ V\ + using assms K_mp unfolding consistent_def maximal_def + by (metis empty_subsetI insert_subset list.set(1) list.simps(15)) +next + assume \(\<^bold>\ p) \ V\ + have \\ (p \<^bold>\ \<^bold>\ p)\ + by (simp add: A1) + then have \(p \<^bold>\ \<^bold>\ p) \ V\ + using assms K_deriv_in_maximal by blast + then have \consistent ({p} \ V) \ consistent ({\<^bold>\ p} \ V)\ + using assms consistent_disjuncts by blast + then show \p \ V\ + using \maximal V\ \(\<^bold>\ p) \ V\ unfolding maximal_def by blast +qed + +theorem consequent_in_maximal: + assumes \consistent V\ \maximal V\ \p \ V\ \(p \<^bold>\ q) \ V\ + shows \q \ V\ +proof - + have \\V'. set V' \ V \ \ \ imply (p # (p \<^bold>\ q) # V') \<^bold>\\ + using \consistent V\ \p \ V\ \(p \<^bold>\ q) \ V\ unfolding consistent_def + by (metis insert_subset list.simps(15)) + then have \\V'. set V' \ V \ \ \ imply (q # V') \<^bold>\\ + by (meson K_mp K_ImpI K_imply_weaken K_right_mp set_subset_Cons) + then have \consistent ({q} \ V)\ + using \consistent V\ inconsistent_subset by metis + then show ?thesis + using \maximal V\ unfolding maximal_def by fast +qed + +subsection \Lindenbaum extension\ instantiation fm :: (countable) countable begin instance by countable_datatype end -definition is_chain :: \(nat \ 'a set) \ bool\ where - \is_chain f \ \n. f n \ f (Suc n)\ - -lemma is_chainD: \is_chain f \ x \ f m \ x \ f (m + n)\ - by (induct n) (auto simp: is_chain_def) - -lemma is_chainD': - assumes \is_chain f\ \x \ f m\ \m \ k\ - shows \x \ f k\ -proof - - obtain n where \k = m + n\ - using \m \ k\ le_iff_add - by metis - then show \x \ f k\ - using \is_chain f\ \x \ f m\ is_chainD - by metis -qed - -lemma chain_index: - assumes \is_chain f\ \finite F\ - shows \F \ (\n. f n) \ \n. F \ f n\ - using \finite F\ -proof (induct F rule: finite_induct) - case empty - then show ?case - by blast -next - case (insert x F) - then have \\n. F \ f n\ \\m. x \ f m\ \F \ (\x. f x)\ - using \is_chain f\ by simp_all - then obtain n and m where \F \ f n\ \x \ f m\ - by blast - have \m \ max n m\ \n \ max n m\ - by simp_all - have \x \ f (max n m)\ - using is_chainD' \is_chain f\ \x \ f m\ \m \ max n m\ - by fast - moreover have \F \ f (max n m)\ - using is_chainD' \is_chain f\ \F \ f n\ \n \ max n m\ - by fast - ultimately show ?case - by blast -qed +primrec extend :: \'i fm set \ (nat \ 'i fm) \ nat \ 'i fm set\ where + \extend S f 0 = S\ | + \extend S f (Suc n) = + (if consistent ({f n} \ extend S f n) + then {f n} \ extend S f n + else extend S f n)\ -lemma chain_union_closed': - assumes \is_chain f\ \\n. f n \ C\ \\S' \ C. \S \ S'. S \ C\ \finite S'\ \S' \ (\n. f n)\ - shows \S' \ C\ -proof - - obtain n where \S' \ f n\ - using chain_index \is_chain f\ \finite S'\ \S' \ (\n. f n)\ - by blast - moreover have \f n \ C\ - using \\n. f n \ C\ - by blast - ultimately show \S' \ C\ - using \\S' \ C. \S \ S'. S \ C\ - by blast -qed +definition Extend :: \'i fm set \ (nat \ 'i fm) \ 'i fm set\ where + \Extend S f \ \n. extend S f n\ -lemma chain_union_closed: - assumes \finite_char C\ \is_chain f\ \\n. f n \ C\ - shows \(\n. f n) \ C\ -proof - - have \subset_closed C\ - using finite_char_closed \finite_char C\ - by blast - then have \\S' \ C. \S \ S'. S \ C\ - unfolding subset_closed_def - by blast - then have \\S'. finite S' \ S' \ (\n. f n) \ S' \ C\ - using chain_union_closed' assms - by blast - moreover have \((\n. f n) \ C) = (\S'. finite S' \ S' \ (\n. f n) \ S' \ C)\ - using \finite_char C\ unfolding finite_char_def - by blast - ultimately show ?thesis - by blast -qed - -primrec extend :: \'i fm set \ 'i fm set set \ (nat \ 'i fm) \ nat \ 'i fm set\ where - \extend S C f 0 = S\ | - \extend S C f (Suc n) = - (if extend S C f n \ {f n} \ C - then extend S C f n \ {f n} - else extend S C f n)\ - -definition Extend :: \'i fm set \ 'i fm set set \ (nat \ 'i fm) \ 'i fm set\ where - \Extend S C f \ \n. extend S C f n\ - -lemma is_chain_extend: \is_chain (extend S C f)\ - by (simp add: is_chain_def) blast - -lemma extend_in_C: \consistency C \ S \ C \ extend S C f n \ C\ - by (induct n) simp_all - -theorem Extend_in_C: \consistency C \ finite_char C \ S \ C \ Extend S C f \ C\ - using chain_union_closed is_chain_extend extend_in_C unfolding Extend_def - by blast - -theorem Extend_subset: \S \ Extend S C f\ +lemma Extend_subset: \S \ Extend S f\ unfolding Extend_def using Union_upper extend.simps(1) range_eqI by metis -definition maximal :: \'a set \ 'a set set \ bool\ where - \maximal S C \ \S' \ C. S \ S' \ S = S'\ - -theorem Extend_maximal: - assumes \\y :: 'i fm. \n. y = f n\ \finite_char C\ - shows \maximal (Extend S C f) C\ - unfolding maximal_def Extend_def -proof (intro ballI impI) - fix S' - assume \S' \ C\ \(\x. extend S C f x) \ S'\ - moreover have \S' \ (\x. extend S C f x)\ - proof (rule ccontr) - assume \\ S' \ (\x. extend S C f x)\ - then obtain z where \z \ S'\ \z \ (\x. extend S C f x)\ - by blast - then obtain n where \z = f n\ - using \\y. \n. y = f n\ - by blast - - have \extend S C f n \ {f n} \ S'\ - using \(\x. extend S C f x) \ S'\ \z = f n\ \z \ S'\ - by blast - - have \subset_closed C\ - using \finite_char C\ finite_char_closed - by blast - then have \\S' \ C. \S \ S'. S \ C\ - unfolding subset_closed_def - by simp - then have \\S \ S'. S \ C\ - using \S' \ C\ - by blast - then have \extend S C f n \ {f n} \ C\ - using \extend S C f n \ {f n} \ S'\ - by blast - then have \z \ extend S C f (Suc n)\ - using \z \ (\x. extend S C f x)\ \z = f n\ - by simp - then show False - using \z \ (\x. extend S C f x)\ - by blast - qed - ultimately show \(\x. extend S C f x) = S'\ - by simp -qed - -subsection \K consistency\ - -theorem K_consistency: \consistency {set G | G. \ \ imply G \<^bold>\}\ - unfolding consistency_def -proof (intro conjI ballI allI impI notI) - fix S :: \'i fm set\ - assume \S \ {set G | G. \ \ imply G \<^bold>\}\ (is \S \ ?C\) - then obtain G where *: \S = set G\ and \\ \ imply G \<^bold>\\ - by blast - - { fix i - assume \Pro i \ S \ (\<^bold>\ Pro i) \ S\ - then have \\ imply G (Pro i)\ \\ imply G (\<^bold>\ Pro i)\ - using K_imply_member * by blast+ - then have \\ imply G \<^bold>\\ - using K_FFI K_right_mp by blast - then show False - using \\ \ imply G \<^bold>\\ by blast } - - { assume \\<^bold>\ \ S\ - then have \\ imply G \<^bold>\\ - using K_imply_member * by blast - then show False - using \\ \ imply G \<^bold>\\ by blast } - - { fix Z - assume \(\<^bold>\ \<^bold>\ Z) \ S\ - then have \\ imply G (\<^bold>\ \<^bold>\ Z)\ - using K_imply_member * by simp - then have \\ \ imply (Z # G) \<^bold>\\ - using K_ImpI K_right_mp \\ \ imply G \<^bold>\\ by blast - moreover have \S \ {Z} = set (Z # G)\ - using * by simp - ultimately show \S \ {Z} \ ?C\ - by blast } - - { fix A B - assume \(A \<^bold>\ B) \ S\ - then have \\ imply G (A \<^bold>\ B)\ - using K_imply_member * by simp - moreover have \\ ((A \<^bold>\ B) \<^bold>\ A)\ \\ ((A \<^bold>\ B) \<^bold>\ B)\ - using A1 by force+ - ultimately have \\ imply G A\ \\ imply G B\ - using K_right_mp K_imply_head R1 by (metis imply.simps(2))+ - then have \\ \ imply (A # B # G) \<^bold>\\ - using K_imply_Cons \\ \ imply G \<^bold>\\ cut by metis - moreover have \S \ {A, B} = set (A # B # G)\ - using * by simp - ultimately show \S \ {A, B} \ ?C\ - by blast } +lemma extend_bound: \(\n \ m. extend S f n) = extend S f m\ + by (induct m) (simp_all add: atMost_Suc) - { fix A B - assume \(\<^bold>\ (A \<^bold>\ B)) \ S\ - then have \\ imply ((\<^bold>\ B) # G) (\<^bold>\ (A \<^bold>\ B))\ \\ imply G (\<^bold>\ (A \<^bold>\ B))\ - using * K_imply_Cons K_imply_member by blast+ - moreover have \\ imply ((\<^bold>\ B) # G) (\<^bold>\ (A \<^bold>\ B) \<^bold>\ \<^bold>\ A)\ \\ imply G (\<^bold>\ (A \<^bold>\ B) \<^bold>\ \<^bold>\ B)\ - by (simp_all add: A1 tautology_imply) - ultimately have \\ imply ((\<^bold>\ B) # G) (\<^bold>\ A)\ \\ imply G (\<^bold>\ B)\ - using K_right_mp by blast+ - - then have \\ \ imply ((\<^bold>\ A) # (\<^bold>\ B) # G) \<^bold>\\ - using \\ \ imply G \<^bold>\\ cut by blast - moreover have \S \ {\<^bold>\ A, \<^bold>\ B} = set ((\<^bold>\ A) # (\<^bold>\ B) # G)\ - using * by simp - ultimately show \S \ {\<^bold>\ A, \<^bold>\ B} \ ?C\ - by blast } - - { fix A B - assume \(\<^bold>\ (A \<^bold>\ B)) \ S\ - then have \\ imply ((\<^bold>\ B) # G) (\<^bold>\ (A \<^bold>\ B))\ \\ imply G (\<^bold>\ (A \<^bold>\ B))\ - using * K_imply_member K_imply_Cons by blast+ - moreover have - \\ imply ((\<^bold>\ B) # G) (\<^bold>\ (A \<^bold>\ B) \<^bold>\ A)\ - \\ imply G (\<^bold>\ (A \<^bold>\ B) \<^bold>\ \<^bold>\ B)\ - by (simp_all add: A1 tautology_imply) - ultimately have \\ imply ((\<^bold>\ B) # G) A\ \\ imply G (\<^bold>\ B)\ - using K_right_mp by blast+ - - then have \\ \ imply (A # (\<^bold>\ B) # G) \<^bold>\\ - using \\ \ imply G \<^bold>\\ cut by blast - moreover have \S \ {A, \<^bold>\ B} = set (A # (\<^bold>\ B) # G)\ - using * by simp - ultimately show \S \ {A, \<^bold>\ B} \ ?C\ - by blast } - - { fix A B - assume \(A \<^bold>\ B) \ S\ - then have \\ imply G (A \<^bold>\ B)\ - using * K_imply_member by simp - - { assume \(\G'. set G' = S \ {A} \ \ imply G' \<^bold>\)\ - and \(\G'. set G' = S \ {B} \ \ imply G' \<^bold>\)\ - then have \\ imply (A # G) \<^bold>\\ \\ imply (B # G) \<^bold>\\ - using * by (metis Un_insert_right list.simps(15) sup_bot.right_neutral)+ - then have \\ imply G \<^bold>\\ - using \\ imply G (A \<^bold>\ B)\ K_DisE by blast - then have False - using \\ \ imply G \<^bold>\\ by blast } - then show \S \ {A} \ ?C \ S \ {B} \ ?C\ - by blast } +lemma consistent_extend: \consistent S \ consistent (extend S f n)\ + by (induct n) simp_all - { fix A B - assume \(\<^bold>\ (A \<^bold>\ B)) \ S\ - then have \\ imply G (\<^bold>\ (A \<^bold>\ B))\ - using * K_imply_member by blast - moreover have \\ imply G (\<^bold>\ (A \<^bold>\ B) \<^bold>\ (\<^bold>\ A) \<^bold>\ (\<^bold>\ B))\ - by (simp add: A1 tautology_imply) - ultimately have \\ imply G ((\<^bold>\ A) \<^bold>\ (\<^bold>\ B))\ - using K_right_mp by blast - - { assume \(\G'. set G' = S \ {\<^bold>\ A} \ \ imply G' \<^bold>\)\ - and \(\G'. set G' = S \ {\<^bold>\ B} \ \ imply G' \<^bold>\)\ - then have \\ imply ((\<^bold>\ A) # G) \<^bold>\\ \\ imply ((\<^bold>\ B) # G) \<^bold>\\ - using * by (metis Un_insert_right list.simps(15) sup_bot.right_neutral)+ - then have \\ imply G \<^bold>\\ - using K_DisE \\ imply G ((\<^bold>\ A) \<^bold>\ (\<^bold>\ B))\ by blast - then have False - using \\ \ imply G \<^bold>\\ by blast } - then show \S \ {\<^bold>\ A} \ ?C \ S \ {\<^bold>\ B} \ ?C\ - by blast } - - { fix A B - assume \(A \<^bold>\ B) \ S\ - then have \\ imply G (A \<^bold>\ B)\ - using * K_imply_member by blast - moreover have \\ imply G ((A \<^bold>\ B) \<^bold>\ (\<^bold>\ A) \<^bold>\ B)\ - by (simp add: A1 tautology_imply) - ultimately have \\ imply G ((\<^bold>\ A) \<^bold>\ B)\ - using K_right_mp by blast +lemma UN_finite_bound: + assumes \finite A\ \A \ (\n. f n)\ + shows \\m :: nat. A \ (\n \ m. f n)\ + using assms +proof (induct rule: finite_induct) + case (insert x A) + then obtain m where \A \ (\n \ m. f n)\ + by fast + then have \A \ (\n \ (m + k). f n)\ for k + by fastforce + moreover obtain m' where \x \ f m'\ + using insert(4) by blast + ultimately have \{x} \ A \ (\n \ m + m'. f n)\ + by auto + then show ?case + by blast +qed simp - { assume \(\G'. set G' = S \ {\<^bold>\ A} \ \ imply G' \<^bold>\)\ - and \(\G'. set G' = S \ {B} \ \ imply G' \<^bold>\)\ - then have \\ imply ((\<^bold>\ A) # G) \<^bold>\\ \\ imply (B # G) \<^bold>\\ - using * by (metis Un_insert_right list.simps(15) sup_bot.right_neutral)+ - then have \\ imply G \<^bold>\\ - using K_DisE \\ imply G ((\<^bold>\ A) \<^bold>\ B)\ by blast - then have False - using \\ \ imply G \<^bold>\\ by blast } - then show \S \ {\<^bold>\ A} \ ?C \ S \ {B} \ ?C\ - by blast } - - { fix A :: \'i fm\ - assume \tautology A\ - then have \\ imply G A\ - using tautology_imply A1 by blast - then have \\ imply (A # G) \<^bold>\ \ \ imply G \<^bold>\\ - using cut by blast - moreover have \S \ {A} = set (A # G)\ - using * by simp - ultimately show \S \ {A} \ ?C\ - using \\ \ imply G \<^bold>\\ by blast } - - { fix A i - assume \K i A \ S \ (\<^bold>\ K i A) \ S\ - then have \\ imply G (K i A)\ \\ imply G (\<^bold>\ K i A)\ - using K_imply_member * by blast+ - then have \\ imply G \<^bold>\\ - using K_FFI K_right_mp by blast - then show False - using \\ \ imply G \<^bold>\\ by blast } - +lemma consistent_Extend: + assumes \consistent S\ + shows \consistent (Extend S f)\ + unfolding Extend_def +proof (rule ccontr) + assume \\ consistent (\n. extend S f n)\ + then obtain S' where \\ imply S' \<^bold>\\ \set S' \ (\n. extend S f n)\ + unfolding consistent_def by blast + then obtain m where \set S' \ (\n \ m. extend S f n)\ + using UN_finite_bound by (metis List.finite_set) + then have \set S' \ extend S f m\ + using extend_bound by blast + moreover have \consistent (extend S f m)\ + using assms consistent_extend by blast + ultimately show False + unfolding consistent_def using \\ imply S' \<^bold>\\ by blast qed -theorem K_finite_consistency: \consistency (mk_finite_char (close {set G | G. \ \ imply G \<^bold>\}))\ - using K_consistency finite_consistency close_closed close_consistency by blast - -theorem K_concrete_finite_consistency: - defines \C \ mk_finite_char (close {set G | G. \ \ imply G \<^bold>\})\ - assumes \set G \ C\ - shows \\ \ imply G \<^bold>\\ - using assms unfolding C_def mk_finite_char_def close_def - using K_imply_weaken by fastforce - -section \Model existence\ - -lemma at_least_one_in_maximal: - assumes \consistency C\ \V \ C\ \maximal V C\ - shows \p \ V \ (\<^bold>\ p) \ V\ -proof - - have \V \ {p} \ C \ V \ {\<^bold>\ p} \ C\ - proof (rule ccontr) - assume \\ (V \ {p} \ C \ V \ {\<^bold>\ p} \ C)\ - then have \V \ {p \<^bold>\ \<^bold>\ p} \ C\ - using assms unfolding consistency_def maximal_def - by (metis (no_types, hide_lams) insert_iff subset_iff sup.absorb_iff1 sup.cobounded1) - then show False - using assms unfolding consistency_def maximal_def - by simp - qed - then show ?thesis - using \maximal V C\ unfolding maximal_def - by fast -qed - -lemma at_most_one_in_maximal: - assumes \consistency C\ \V \ C\ \maximal V C\ - shows \\ (p \ V \ (\<^bold>\ p) \ V)\ -proof (induct p) - case FF - then show ?case - using assms unfolding consistency_def by blast -next - case (Pro x) - then show ?case - using assms unfolding consistency_def by simp -next - case (Dis p q) - show ?case - proof - assume \(p \<^bold>\ q) \ V \ (\<^bold>\ (p \<^bold>\ q)) \ V\ - then have \V \ {p} \ C \ V \ {q} \ C\ \V \ {\<^bold>\ p, \<^bold>\ q} \ C\ - using \consistency C\ \V \ C\ unfolding consistency_def by simp_all - then have \p \ V \ q \ V\ \(\<^bold>\ p) \ V\ \(\<^bold>\ q) \ V\ - using \maximal V C\ unfolding maximal_def by fast+ - then show False - using Dis by blast - qed -next - case (Con p q) - show ?case - proof - assume \(p \<^bold>\ q) \ V \ (\<^bold>\ (p \<^bold>\ q)) \ V\ - then have \V \ {p, q} \ C\ \V \ {\<^bold>\ p} \ C \ V \ {\<^bold>\ q} \ C\ - using \consistency C\ \V \ C\ unfolding consistency_def by simp_all - then have \p \ V\ \q \ V\ \(\<^bold>\ p) \ V \ (\<^bold>\ q) \ V\ - using \maximal V C\ unfolding maximal_def by fast+ - then show False - using Con by blast - qed -next - case (Imp p q) - show ?case - proof - assume \(p \<^bold>\ q) \ V \ (\<^bold>\ (p \<^bold>\ q)) \ V\ - then have \V \ {\<^bold>\ p} \ C \ V \ {q} \ C\ \V \ {p, \<^bold>\ q} \ C\ - using \consistency C\ \V \ C\ unfolding consistency_def by simp_all - then have \(\<^bold>\ p) \ V \ q \ V\ \p \ V\ \(\<^bold>\ q) \ V\ - using \maximal V C\ unfolding maximal_def by fast+ - then show False - using Imp by blast - qed -next - case (K i p) - then show ?case - using \consistency C\ \V \ C\ unfolding consistency_def - by simp -qed - -theorem exactly_one_in_maximal: - assumes \consistency C\ \V \ C\ \maximal V C\ - shows \(p \ V) \ ((\<^bold>\ p) \ V)\ - using assms at_least_one_in_maximal at_most_one_in_maximal by blast - -theorem conjuncts_in_maximal: - assumes \consistency C\ \V \ C\ \maximal V C\ - shows \(p \<^bold>\ q) \ V \ p \ V \ q \ V\ -proof - assume \(p \<^bold>\ q) \ V\ - have \V \ {p, q} \ C\ - using \(p \<^bold>\ q) \ V\ \consistency C\ \V \ C\ unfolding consistency_def - by simp - then show \p \ V \ q \ V\ - using \maximal V C\ unfolding maximal_def - by fast -next - assume \p \ V \ q \ V\ - show \(p \<^bold>\ q) \ V\ - proof (rule ccontr) - assume \(p \<^bold>\ q) \ V\ - then have \(\<^bold>\ (p \<^bold>\ q)) \ V\ - using at_least_one_in_maximal assms by blast - then have \V \ {\<^bold>\ p} \ C \ V \ {\<^bold>\ q} \ C\ - using \consistency C\ \V \ C\ unfolding consistency_def - by simp - then have \(\<^bold>\ p) \ V \ (\<^bold>\ q) \ V\ - using \maximal V C\ unfolding maximal_def - by fast - then show False - using \p \ V \ q \ V\ assms at_most_one_in_maximal - by metis - qed +lemma Extend_maximal: + assumes \surj f\ + shows \maximal (Extend S f)\ +proof (rule ccontr) + assume \\ maximal (Extend S f)\ + then obtain p where \p \ Extend S f\ \consistent ({p} \ Extend S f)\ + unfolding maximal_def using assms consistent_Extend by blast + obtain k where n: \f k = p\ + using \surj f\ unfolding surj_def by metis + then have \p \ extend S f (Suc k)\ + using \p \ Extend S f\ unfolding Extend_def by blast + then have \\ consistent ({p} \ extend S f k)\ + using n by fastforce + moreover have \{p} \ extend S f k \ {p} \ Extend S f\ + unfolding Extend_def by blast + ultimately have \\ consistent ({p} \ Extend S f)\ + unfolding consistent_def by fastforce + then show False + using \consistent ({p} \ Extend S f)\ by blast qed -theorem consequent_in_maximal: - assumes \consistency C\ \V \ C\ \maximal V C\ \p \ V\ \(p \<^bold>\ q) \ V\ - shows \q \ V\ -proof - - consider (np) \V \ {\<^bold>\ p} \ C\ | (q) \V \ {q} \ C\ - using \(p \<^bold>\ q) \ V\ \consistency C\ \V \ C\ unfolding consistency_def - by metis - then show ?thesis - proof cases - case np - then have \(\<^bold>\ p) \ V\ - using \maximal V C\ unfolding maximal_def - by fast - then show ?thesis - using assms at_most_one_in_maximal - by blast - next - case q - then show ?thesis - using \maximal V C\ unfolding maximal_def - by fast - qed -qed - -lemma K_not_neg_in_consistency: \\ \ (\<^bold>\ p) \ {p} \ {set G | G. \ \ imply G \<^bold>\}\ -proof - - assume \\ \ (\<^bold>\ p)\ - moreover have \set [p] = {p}\ - by simp - moreover have \imply [p] \<^bold>\ = (\<^bold>\ p)\ - by simp - ultimately show ?thesis - by fastforce -qed - -lemma K_inconsistent_neg: - defines \C \ mk_finite_char (close {set G | G. \ \ imply G \<^bold>\})\ - assumes \{p} \ C\ - shows \\ (\<^bold>\ p)\ - using assms unfolding C_def mk_finite_char_def close_def - using K_not_neg_in_consistency by fastforce - -lemma conjuncts_in_consistency: - assumes \consistency C\ \subset_closed C\ \S \ {p \<^bold>\ q} \ C\ - shows \S \ {p, q} \ C\ +lemma maximal_extension: + fixes V :: \('i :: countable) fm set\ + assumes \consistent V\ + obtains W where \V \ W\ \consistent W\ \maximal W\ proof - - let ?S = \S \ {p \<^bold>\ q}\ - have \?S \ C\ - using assms by blast - moreover have \(p \<^bold>\ q) \ ?S\ - by simp - ultimately have \?S \ {p, q} \ C\ - using assms unfolding consistency_def by simp - moreover have \S \ {p, q} \ ?S \ {p, q}\ - by blast - ultimately show \S \ {p, q} \ C\ - using \subset_closed C\ unfolding subset_closed_def by simp -qed - -lemma conjoined_in_consistency: - assumes \consistency C\ \subset_closed C\ \S \ {conjoin ps q} \ C\ - shows \S \ set ps \ {q} \ C\ - using \S \ {conjoin ps q} \ C\ -proof (induct ps arbitrary: S) - case Nil - then show ?case - using \subset_closed C\ unfolding subset_closed_def by simp -next - case (Cons p ps) - then have \S \ {p, conjoin ps q} \ C\ - using assms conjuncts_in_consistency by auto - then have \S \ {p} \ {conjoin ps q} \ C\ - by (metis insert_is_Un sup_assoc) - then show ?case - using Cons by fastforce -qed - -lemma inconsistent_conjoin: - defines \C \ mk_finite_char (close {set G | G. \ \ imply G \<^bold>\})\ - assumes \set G \ {p} \ C\ - shows \\ (\<^bold>\ conjoin G p)\ -proof (rule ccontr) - have \consistency C\ - unfolding C_def using K_finite_consistency by auto - have \subset_closed C\ - unfolding C_def by (simp add: finite_char finite_char_closed) - - assume \\ \ (\<^bold>\ conjoin G p)\ - then have \{conjoin G p} \ C\ - unfolding C_def using K_inconsistent_neg by blast - then have \set G \ {p} \ C\ - using conjoined_in_consistency \consistency C\ \subset_closed C\ by fastforce - then show False - using assms(2) by blast -qed - -theorem K_in_maximal: - defines \C \ mk_finite_char (close {set G | G. \ \ imply G \<^bold>\})\ - assumes \\ p\ \V \ C\ \maximal V C\ - shows \p \ V\ -proof - - have \consistency C\ - unfolding C_def using K_finite_consistency by auto - have \subset_closed C\ - unfolding C_def by (simp add: finite_char finite_char_closed) - - have \\ (p \<^bold>\ \<^bold>\ \<^bold>\ p)\ - by (simp add: A1) - then have \\ (\<^bold>\ \<^bold>\ p)\ - using \\ p\ R1 by blast - - show ?thesis - proof (rule ccontr) - assume \p \ V\ - then have \(\<^bold>\ p) \ V\ - using at_least_one_in_maximal \consistency C\ \V \ C\ \maximal V C\ by blast - then have \set [\<^bold>\ p] \ C\ - using \V \ C\ \subset_closed C\ unfolding subset_closed_def by simp - then have \\ \ (\<^bold>\ \<^bold>\ p)\ - using C_def K_concrete_finite_consistency by fastforce - then show False - using \\ (\<^bold>\ \<^bold>\ p)\ by blast - qed -qed - -lemma exists_finite_inconsistent: - fixes C :: \'i fm set set\ - assumes \finite_char C\ \V \ {\<^bold>\ p} \ C\ - shows \\W. W \ {\<^bold>\ p} \ V \ {\<^bold>\ p} \ (\<^bold>\ p) \ W \ finite W \ W \ {\<^bold>\ p} \ C\ - using assms unfolding finite_char_def - by (smt Un_insert_right Un_subset_iff finite_insert inf_sup_ord(4) - mk_disjoint_insert sup_bot.comm_neutral sup_ge1) - -theorem exists_maximal_superset: - fixes C :: \('i :: countable) fm set set\ - assumes \consistency C\ \finite_char C\ \V \ C\ - obtains W where \V \ W\ \ W \ C\ \maximal W C\ -proof - - let ?W = \Extend V C from_nat\ + let ?W = \Extend V from_nat\ have \V \ ?W\ using Extend_subset by blast - moreover have \?W \ C\ - using assms Extend_in_C by blast - moreover have \maximal ?W C\ - using assms Extend_maximal - by (metis from_nat_to_nat) + moreover have \consistent ?W\ + using assms consistent_Extend by blast + moreover have \maximal ?W\ + using assms Extend_maximal surj_from_nat by blast ultimately show ?thesis using that by blast qed +subsection \Model existence\ + type_synonym 'i s_max = \'i fm set\ abbreviation pi :: \'i s_max \ id \ bool\ where \pi s i \ Pro i \ s\ abbreviation partition :: \'i fm set \ 'i \ 'i fm set\ where \partition V i \ {p. K i p \ V}\ -abbreviation reach :: \'i fm set set \ 'i \ 'i s_max \ 'i s_max set\ where - \reach C i V \ {W. partition V i \ W \ W \ C \ maximal W C}\ +abbreviation reach :: \'i \ 'i s_max \ 'i s_max set\ where + \reach i V \ {W. partition V i \ W \ consistent W \ maximal W}\ theorem model_existence: fixes p :: \('i :: countable) fm\ - defines \C \ mk_finite_char (close {set G | G. \ \ imply G \<^bold>\})\ - assumes \V \ C\ \maximal V C\ - shows \(p \ V \ Kripke pi (reach C), V \ p) \ - ((\<^bold>\ p) \ V \ Kripke pi (reach C), V \ \<^bold>\ p)\ -proof - - have \consistency C\ - unfolding C_def using K_finite_consistency by auto - have \finite_char C\ - unfolding C_def by (simp add: finite_char) - have \subset_closed C\ - unfolding C_def by (simp add: finite_char finite_char_closed) - - show ?thesis - using \V \ C\ \maximal V C\ - proof (induct p arbitrary: V) - case FF - then show ?case - proof (intro conjI impI iffI) - assume \\<^bold>\ \ V\ - then have False - using \consistency C\ \V \ C\ unfolding consistency_def by blast - then show \Kripke pi (reach C), V \ \<^bold>\\ .. - next - assume \(\<^bold>\ \<^bold>\) \ V\ - show \Kripke pi (reach C), V \ \<^bold>\ \<^bold>\\ - by simp - next - assume \Kripke pi (reach C), V \ \<^bold>\\ - then show \\<^bold>\ \ V\ - by simp - next - assume \Kripke pi (reach C), V \ \<^bold>\ \<^bold>\\ - have \\<^bold>\ \ V\ - using \consistency C\ \V \ C\ unfolding consistency_def - by blast - then show \(\<^bold>\ \<^bold>\) \ V\ - using at_least_one_in_maximal FF \consistency C\ - by blast - qed + assumes \consistent V\ \maximal V\ + shows \(p \ V \ Kripke pi reach, V \ p) \ ((\<^bold>\ p) \ V \ Kripke pi reach, V \ \<^bold>\ p)\ + using assms +proof (induct p arbitrary: V) + case FF + then show ?case + proof (intro conjI impI iffI) + assume \\<^bold>\ \ V\ + then have False + using \consistent V\ K_imply_head unfolding consistent_def + by (metis bot.extremum insert_subset list.set(1) list.simps(15)) + then show \Kripke pi reach, V \ \<^bold>\\ .. next - case (Pro i) - then show ?case - proof (intro conjI impI iffI) - assume \Pro i \ V\ - then have \pi V i\ - using \maximal V C\ by blast - then show \Kripke pi (reach C), V \ Pro i\ - by simp - next - assume \(\<^bold>\ Pro i) \ V\ - then have \Pro i \ V\ - using \consistency C\ \V \ C\ unfolding consistency_def by fast - then have \\ (pi V i)\ - using \maximal V C\ by blast - then show \Kripke pi (reach C), V \ \<^bold>\ Pro i\ - by simp - next - assume \Kripke pi (reach C), V \ Pro i\ - then show \Pro i \ V\ - by simp - next - assume \Kripke pi (reach C), V \ \<^bold>\ Pro i\ - then have \Pro i \ V\ - by simp - then show \(\<^bold>\ Pro i) \ V\ - using at_least_one_in_maximal Pro \consistency C\ - by blast - qed + assume \Kripke pi reach, V \ \<^bold>\ \<^bold>\\ + then show \(\<^bold>\ \<^bold>\) \ V\ + using \consistent V\ \maximal V\ unfolding maximal_def + by (meson K_Boole inconsistent_subset consistent_def) + qed simp_all +next + case (Pro i) + then show ?case + proof (intro conjI impI iffI) + assume \(\<^bold>\ Pro i) \ V\ + then show \Kripke pi reach, V \ \<^bold>\ Pro i\ + using \consistent V\ \maximal V\ exactly_one_in_maximal by auto next - case (Dis p q) - have \(p \<^bold>\ q) \ V \ Kripke pi (reach C), V \ (p \<^bold>\ q)\ - proof - assume \(p \<^bold>\ q) \ V\ - then have \V \ {p} \ C \ V \ {q} \ C\ - using \consistency C\ \V \ C\ unfolding consistency_def by simp - then consider \p \ V\ | \q \ V\ - using \maximal V C\ unfolding maximal_def by fast - then show \Kripke pi (reach C), V \ (p \<^bold>\ q)\ - using Dis by cases simp_all - qed - moreover have \(\<^bold>\ (p \<^bold>\ q)) \ V \ Kripke pi (reach C), V \ \<^bold>\ (p \<^bold>\ q)\ - proof - assume \(\<^bold>\ (p \<^bold>\ q)) \ V\ - then have \V \ {\<^bold>\ p, \<^bold>\ q} \ C\ - using \consistency C\ \V \ C\ unfolding consistency_def by simp - then have \(\<^bold>\ p) \ V \ (\<^bold>\ q) \ V\ - using \maximal V C\ unfolding maximal_def by fast - then show \Kripke pi (reach C), V \ \<^bold>\ (p \<^bold>\ q)\ - using Dis by simp - qed - ultimately show ?case - using at_least_one_in_maximal Dis \consistency C\ - by auto - next - case (Con p q) - have \(p \<^bold>\ q) \ V \ Kripke pi (reach C), V \ (p \<^bold>\ q)\ - proof - assume \(p \<^bold>\ q) \ V\ - then have \V \ {p, q} \ C\ - using \consistency C\ \V \ C\ unfolding consistency_def by simp - then have \p \ V\ \q \ V\ - using \maximal V C\ unfolding maximal_def by fast+ - then show \Kripke pi (reach C), V \ (p \<^bold>\ q)\ - using Con by simp - qed - moreover have \(\<^bold>\ (p \<^bold>\ q)) \ V \ Kripke pi (reach C), V \ \<^bold>\ (p \<^bold>\ q)\ + assume \Kripke pi reach, V \ \<^bold>\ Pro i\ + then show \(\<^bold>\ Pro i) \ V\ + using \consistent V\ \maximal V\ exactly_one_in_maximal by auto + qed (simp_all add: \maximal V\ maximal_def) +next + case (Dis p q) + have \(p \<^bold>\ q) \ V \ Kripke pi reach, V \ (p \<^bold>\ q)\ + proof + assume \(p \<^bold>\ q) \ V\ + then have \consistent ({p} \ V) \ consistent ({q} \ V)\ + using \consistent V\ consistent_disjuncts by blast + then have \p \ V \ q \ V\ + using \maximal V\ unfolding maximal_def by fast + then show \Kripke pi reach, V \ (p \<^bold>\ q)\ + using Dis by simp + qed + moreover have \(\<^bold>\ (p \<^bold>\ q)) \ V \ Kripke pi reach, V \ \<^bold>\ (p \<^bold>\ q)\ + proof + assume \(\<^bold>\ (p \<^bold>\ q)) \ V\ + then have \consistent ({\<^bold>\ q} \ V)\ \consistent ({\<^bold>\ p} \ V)\ + using \consistent V\ consistent_consequent' by fastforce+ + then have \(\<^bold>\ p) \ V\ \(\<^bold>\ q) \ V\ + using \maximal V\ unfolding maximal_def by fast+ + then show \Kripke pi reach, V \ \<^bold>\ (p \<^bold>\ q)\ + using Dis by simp + qed + ultimately show ?case + using exactly_one_in_maximal Dis by auto +next + case (Con p q) + have \(p \<^bold>\ q) \ V \ Kripke pi reach, V \ (p \<^bold>\ q)\ + proof + assume \(p \<^bold>\ q) \ V\ + then have \consistent ({p} \ V)\ \consistent ({q} \ V)\ + using \consistent V\ consistent_consequent' by fastforce+ + then have \p \ V\ \q \ V\ + using \maximal V\ unfolding maximal_def by fast+ + then show \Kripke pi reach, V \ (p \<^bold>\ q)\ + using Con by simp + qed + moreover have \(\<^bold>\ (p \<^bold>\ q)) \ V \ Kripke pi reach, V \ \<^bold>\ (p \<^bold>\ q)\ + proof + assume \(\<^bold>\ (p \<^bold>\ q)) \ V\ + then have \consistent ({\<^bold>\ p \<^bold>\ \<^bold>\ q} \ V)\ + using \consistent V\ consistent_consequent' by fastforce + then have \consistent ({\<^bold>\ p} \ V) \ consistent ({\<^bold>\ q} \ V)\ + using \consistent V\ \maximal V\ consistent_disjuncts unfolding maximal_def by blast + then have \(\<^bold>\ p) \ V \ (\<^bold>\ q) \ V\ + using \maximal V\ unfolding maximal_def by fast + then show \Kripke pi reach, V \ \<^bold>\ (p \<^bold>\ q)\ + using Con by simp + qed + ultimately show ?case + using exactly_one_in_maximal Con by auto +next + case (Imp p q) + have \(p \<^bold>\ q) \ V \ Kripke pi reach, V \ (p \<^bold>\ q)\ + proof + assume \(p \<^bold>\ q) \ V\ + then have \consistent ({\<^bold>\ p \<^bold>\ q} \ V)\ + using \consistent V\ consistent_consequent' by fastforce + then have \consistent ({\<^bold>\ p} \ V) \ consistent ({q} \ V)\ + using \consistent V\ \maximal V\ consistent_disjuncts unfolding maximal_def by blast + then have \(\<^bold>\ p) \ V \ q \ V\ + using \maximal V\ unfolding maximal_def by fast + then show \Kripke pi reach, V \ (p \<^bold>\ q)\ + using Imp by simp + qed + moreover have \(\<^bold>\ (p \<^bold>\ q)) \ V \ Kripke pi reach, V \ \<^bold>\ (p \<^bold>\ q)\ + proof + assume \(\<^bold>\ (p \<^bold>\ q)) \ V\ + then have \consistent ({p} \ V)\ \consistent ({\<^bold>\ q} \ V)\ + using \consistent V\ consistent_consequent' by fastforce+ + then have \p \ V\ \(\<^bold>\ q) \ V\ + using \maximal V\ unfolding maximal_def by fast+ + then show \Kripke pi reach, V \ \<^bold>\ (p \<^bold>\ q)\ + using Imp by simp + qed + ultimately show ?case + using exactly_one_in_maximal Imp \consistent V\ by auto +next + case (K i p) + then have \K i p \ V \ Kripke pi reach, V \ K i p\ + by auto + moreover have \(Kripke pi reach, V \ K i p) \ K i p \ V\ + proof (intro allI impI) + assume \Kripke pi reach, V \ K i p\ + + have \\ consistent ({\<^bold>\ p} \ partition V i)\ proof - assume \(\<^bold>\ (p \<^bold>\ q)) \ V\ - then have \V \ {\<^bold>\ p} \ C \ V \ {\<^bold>\ q} \ C\ - using \consistency C\ \V \ C\ unfolding consistency_def by simp - then consider \(\<^bold>\ p) \ V\ | \(\<^bold>\ q) \ V\ - using \maximal V C\ unfolding maximal_def by fast - then show \Kripke pi (reach C), V \ \<^bold>\ (p \<^bold>\ q)\ - using Con by cases simp_all - qed - ultimately show ?case - using at_least_one_in_maximal Con \consistency C\ - by auto - next - case (Imp p q) - have \(p \<^bold>\ q) \ V \ Kripke pi (reach C), V \ (p \<^bold>\ q)\ - proof - assume \(p \<^bold>\ q) \ V\ - then have \V \ {\<^bold>\ p} \ C \ V \ {q} \ C\ - using \consistency C\ \V \ C\ unfolding consistency_def by simp - then consider \(\<^bold>\ p) \ V\ | \q \ V\ - using \maximal V C\ unfolding maximal_def by fast - then show \Kripke pi (reach C), V \ (p \<^bold>\ q)\ - using Imp by cases simp_all + assume \consistent ({\<^bold>\ p} \ partition V i)\ + then obtain W where W: \{\<^bold>\ p} \ partition V i \ W\ \consistent W\ \maximal W\ + using \consistent V\ maximal_extension by blast + then have \Kripke pi reach, W \ \<^bold>\ p\ + using K \consistent V\ by blast + moreover have \W \ reach i V\ + using W by simp + ultimately have \Kripke pi reach, V \ \<^bold>\ K i p\ + by auto + then show False + using \Kripke pi reach, V \ K i p\ by auto qed - moreover have \(\<^bold>\ (p \<^bold>\ q)) \ V \ Kripke pi (reach C), V \ \<^bold>\ (p \<^bold>\ q)\ - proof - assume \(\<^bold>\ (p \<^bold>\ q)) \ V\ - then have \V \ {p, \<^bold>\ q} \ C\ - using \consistency C\ \V \ C\ unfolding consistency_def by simp - then have \p \ V \ (\<^bold>\ q) \ V\ - using \maximal V C\ unfolding maximal_def by fast - then show \Kripke pi (reach C), V \ \<^bold>\ (p \<^bold>\ q)\ - using Imp by simp - qed - ultimately show ?case - using at_least_one_in_maximal Imp \consistency C\ - by auto - next - case (K i p) - have \K i p \ V \ Kripke pi (reach C), V \ K i p\ - proof - assume \K i p \ V\ - then have \\W \ reach C i V. p \ W \ W \ C \ maximal W C\ - using \consistency C\ by blast - then have \\W \ reach C i V. Kripke pi (reach C), W \ p\ - using K by simp - then show \Kripke pi (reach C), V \ K i p\ - by simp - qed - moreover have \(Kripke pi (reach C), V \ K i p) \ K i p \ V\ - proof (intro allI impI) - assume \Kripke pi (reach C), V \ K i p\ - have \partition V i \ {\<^bold>\ p} \ C\ - proof - assume \partition V i \ {\<^bold>\ p} \ C\ - then obtain W where \partition V i \ {\<^bold>\ p} \ W\ \W \ C\ \maximal W C\ - using \consistency C\ \finite_char C\ exists_maximal_superset by blast - then have \Kripke pi (reach C), W \ \<^bold>\ p\ - using K \consistency C\ \finite_char C\ by blast - moreover have \W \ reach C i V\ - using \partition V i \ {\<^bold>\ p} \ W\ \W \ C\ \maximal W C\ - by simp - ultimately have \Kripke pi (reach C), V \ \<^bold>\ K i p\ - by auto - then show False - using \Kripke pi (reach C), V \ K i p\ - by auto - qed - - then obtain W where - \W \ {\<^bold>\ p} \ partition V i \ {\<^bold>\ p}\ \(\<^bold>\ p) \ W\ \finite W\ \W \ {\<^bold>\ p} \ C\ - using \finite_char C\ exists_finite_inconsistent by force - - obtain L where \set L = W\ - using \finite W\ finite_list by blast + then obtain W where W: + \{\<^bold>\ p} \ W \ {\<^bold>\ p} \ partition V i\ \(\<^bold>\ p) \ W\ \finite W\ \\ consistent ({\<^bold>\ p} \ W)\ + using exists_finite_inconsistent by metis - then have \\ (\<^bold>\ conjoin L (\<^bold>\ p))\ - using inconsistent_conjoin \W \ {\<^bold>\ p} \ C\ C_def by blast - then have \\ imply L p\ - using K_conjoin_imply by blast - then have \\ K i (imply L p)\ - using R2 by fast - then have \\ imply (map (K i) L) (K i p)\ - using K_distrib_K_imp by fast + obtain L where L: \set L = W\ + using \finite W\ finite_list by blast + + then have \\ imply L p\ + using W(4) inconsistent_imply by blast + then have \\ K i (imply L p)\ + using R2 by fast + then have \\ imply (map (K i) L) (K i p)\ + using K_distrib_K_imp by fast + then have \imply (map (K i) L) (K i p) \ V\ + using K_deriv_in_maximal K.prems(1, 2) by blast + then show \K i p \ V\ + using L W(1-2) + proof (induct L arbitrary: W) + case (Cons a L) + then have \K i a \ V\ + by auto then have \imply (map (K i) L) (K i p) \ V\ - using K_in_maximal K.prems(1, 2) unfolding C_def by blast - then show \K i p \ V\ - using \set L = W\ \W \ {\<^bold>\ p} \ partition V i \ {\<^bold>\ p}\ \(\<^bold>\ p) \ W\ - proof (induct L arbitrary: W) - case Nil - then show ?case - by simp - next - case (Cons a L) - then have \K i a \ V\ - by auto - then have \imply (map (K i) L) (K i p) \ V\ - using Cons(2) \consistency C\ \V \ C\ \maximal V C\ consequent_in_maximal by auto - then show ?case - using Cons by auto - qed - qed - moreover have \(Kripke pi (reach C), V \ \<^bold>\ K i p) \ (\<^bold>\ K i p) \ V\ - using K.prems(1) \consistency C\ \maximal V C\ at_least_one_in_maximal calculation(1) by auto - moreover have \(\<^bold>\ K i p) \ V \ Kripke pi (reach C), V \ \<^bold>\ K i p\ - using K.prems(1) \consistency C\ \maximal V C\ calculation(2) exactly_one_in_maximal by auto - ultimately show ?case - by blast + using Cons(2) \consistent V\ \maximal V\ consequent_in_maximal by auto + then show ?case + using Cons by auto + qed simp qed + moreover have \(Kripke pi reach, V \ \<^bold>\ K i p) \ (\<^bold>\ K i p) \ V\ + using \consistent V\ \maximal V\ exactly_one_in_maximal calculation(1) by auto + moreover have \(\<^bold>\ K i p) \ V \ Kripke pi reach, V \ \<^bold>\ K i p\ + using \consistent V\ \maximal V\ calculation(2) exactly_one_in_maximal by auto + ultimately show ?case + by blast qed subsection \Completeness\ lemma imply_completeness: assumes valid: \\(M :: ('i, ('i :: countable) fm set) kripke) s. list_all (\q. M, s \ q) G \ M, s \ p\ shows \\ imply G p\ proof (rule K_Boole, rule ccontr) assume \\ \ imply ((\<^bold>\ p) # G) \<^bold>\\ let ?S = \set ((\<^bold>\ p) # G)\ - let ?C = \mk_finite_char (close {set G | G. \ \ imply G \<^bold>\})\ - let ?V = \Extend ?S ?C from_nat\ - let ?M = \Kripke pi (reach ?C)\ + let ?V = \Extend ?S from_nat\ + let ?M = \Kripke pi reach\ - have \consistency ?C\ - by (simp add: K_finite_consistency) - have \subset_closed ?C\ - using finite_char finite_char_closed by blast - have \finite_char ?C\ - using finite_char by blast + have \consistent ?S\ + unfolding consistent_def using \\ \ imply ((\<^bold>\ p) # G) \<^bold>\\ K_imply_weaken by blast + then have \consistent ?V\ + using consistent_Extend by blast - have \?S \ ?C\ - using \\ \ imply ((\<^bold>\ p) # G) \<^bold>\\ close_closed close_subset finite_char_subset - by fast - then have \?V \ ?C\ - using Extend_in_C K_finite_consistency \finite_char ?C\ by blast - - have \\y :: 'i fm. \n. y = from_nat n\ - by (metis from_nat_to_nat) - then have \maximal ?V ?C\ - using Extend_maximal \finite_char ?C\ by blast + have \maximal ?V\ + using Extend_maximal surj_from_nat by blast { fix x assume \x \ ?S\ then have \x \ ?V\ using Extend_subset by blast then have \?M, ?V \ x\ - using model_existence \?V \ ?C\ \maximal ?V ?C\ by blast } + using model_existence \consistent ?V\ \maximal ?V\ by blast } then have \?M, ?V \ (\<^bold>\ p)\ \list_all (\p. ?M, ?V \ p) G\ unfolding list_all_def by fastforce+ then have \?M, ?V \ p\ using valid by blast then show False using \?M, ?V \ (\<^bold>\ p)\ by simp qed theorem completeness: assumes \\(M :: ('i :: countable, 'i fm set) kripke) s. M, s \ p\ shows \\ p\ using assms imply_completeness[where G=\[]\] by auto section \Main Result\ \ \System K is sound and complete\ abbreviation \valid p \ \(M :: (nat, nat s_max) kripke) s. M, s \ p\ theorem main: \valid p \ \ p\ proof assume \valid p\ with completeness show \\ p\ by blast next assume \\ p\ with soundness show \valid p\ by (intro allI) qed corollary \valid p \ M, s \ p\ proof assume \valid p\ then have \\ p\ unfolding main . with soundness show \M, s \ p\ . qed section \Acknowledgements\ text \ -The definition of a consistency property, subset closure, finite character and maximally consistent -sets is based on work by Berghofer, but has been adapted from first-order logic to epistemic logic. +The formalization is inspired by work by Berghofer, which also formalizes Henkin-style completeness. \<^item> Stefan Berghofer: First-Order Logic According to Fitting. \<^url>\https://www.isa-afp.org/entries/FOL-Fitting.shtml\ \ end