diff --git a/thys/Epistemic_Logic/Epistemic_Logic.thy b/thys/Epistemic_Logic/Epistemic_Logic.thy --- a/thys/Epistemic_Logic/Epistemic_Logic.thy +++ b/thys/Epistemic_Logic/Epistemic_Logic.thy @@ -1,1268 +1,1395 @@ (* File: Epistemic_Logic.thy Author: Asta Halkjær From This work is a formalization of epistemic logic with countably many agents. It includes proofs of soundness and completeness for the axiom system K. The completeness proof is based on the textbook "Reasoning About Knowledge" by Fagin, Halpern, Moses and Vardi (MIT Press 1995). The extensions of system K (T, KB, K4, S4, S5) and their completeness proofs are based on the textbook "Modal Logic" by Blackburn, de Rijke and Venema - (Cambridge University Press 2001). + (Cambridge University Press 5001). *) theory Epistemic_Logic imports "HOL-Library.Countable" begin section \Syntax\ type_synonym id = string datatype 'i fm = FF (\\<^bold>\\) | Pro id - | Dis \'i fm\ \'i fm\ (infixr \\<^bold>\\ 30) - | Con \'i fm\ \'i fm\ (infixr \\<^bold>\\ 35) - | Imp \'i fm\ \'i fm\ (infixr \\<^bold>\\ 25) + | Dis \'i fm\ \'i fm\ (infixr \\<^bold>\\ 60) + | Con \'i fm\ \'i fm\ (infixr \\<^bold>\\ 65) + | Imp \'i fm\ \'i fm\ (infixr \\<^bold>\\ 55) | K 'i \'i fm\ abbreviation TT (\\<^bold>\\) where \TT \ \<^bold>\ \<^bold>\ \<^bold>\\ -abbreviation Neg (\\<^bold>\ _\ [40] 40) where +abbreviation Neg (\\<^bold>\ _\ [70] 70) where \Neg p \ p \<^bold>\ \<^bold>\\ abbreviation \L i p \ \<^bold>\ K i (\<^bold>\ p)\ section \Semantics\ datatype ('i, 'w) kripke = Kripke (\: \'w set\) (\: \'w \ id \ bool\) (\: \'i \ 'w \ 'w set\) primrec semantics :: \('i, 'w) kripke \ 'w \ 'i fm \ bool\ (\_, _ \ _\ [50, 50] 50) where \(M, w \ \<^bold>\) = False\ | \(M, w \ Pro x) = \ M w x\ -| \(M, w \ (p \<^bold>\ q)) = ((M, w \ p) \ (M, w \ q))\ -| \(M, w \ (p \<^bold>\ q)) = ((M, w \ p) \ (M, w \ q))\ -| \(M, w \ (p \<^bold>\ q)) = ((M, w \ p) \ (M, w \ q))\ +| \(M, w \ p \<^bold>\ q) = ((M, w \ p) \ (M, w \ q))\ +| \(M, w \ p \<^bold>\ q) = ((M, w \ p) \ (M, w \ q))\ +| \(M, w \ p \<^bold>\ q) = ((M, w \ p) \ (M, w \ q))\ | \(M, w \ K i p) = (\v \ \ M \ \ M i w. M, v \ p)\ section \S5 Axioms\ definition reflexive :: \('i, 'w) kripke \ bool\ where \reflexive M \ \i. \w \ \ M. w \ \ M i w\ definition symmetric :: \('i, 'w) kripke \ bool\ where \symmetric M \ \i. \v \ \ M. \w \ \ M. v \ \ M i w \ w \ \ M i v\ definition transitive :: \('i, 'w) kripke \ bool\ where \transitive M \ \i. \u \ \ M. \v \ \ M. \w \ \ M. w \ \ M i v \ u \ \ M i w \ u \ \ M i v\ abbreviation refltrans :: \('i, 'w) kripke \ bool\ where \refltrans M \ reflexive M \ transitive M\ abbreviation equivalence :: \('i, 'w) kripke \ bool\ where \equivalence M \ reflexive M \ symmetric M \ transitive M\ -lemma Imp_intro [intro]: \(M, w \ p \ M, w \ q) \ M, w \ (p \<^bold>\ q)\ +definition Euclidean :: \('i, 'w) kripke \ bool\ where + \Euclidean M \ \i. \u \ \ M. \v \ \ M. \w \ \ M. + v \ \ M i u \ w \ \ M i u \ w \ \ M i v\ + +lemma Imp_intro [intro]: \(M, w \ p \ M, w \ q) \ M, w \ p \<^bold>\ q\ by simp -theorem distribution: \M, w \ (K i p \<^bold>\ K i (p \<^bold>\ q) \<^bold>\ K i q)\ +theorem distribution: \M, w \ K i p \<^bold>\ K i (p \<^bold>\ q) \<^bold>\ K i q\ proof - assume \M, w \ (K i p \<^bold>\ K i (p \<^bold>\ q))\ + assume \M, w \ K i p \<^bold>\ K i (p \<^bold>\ q)\ then have \M, w \ K i p\ \M, w \ K i (p \<^bold>\ q)\ by simp_all - then have \\v \ \ M \ \ M i w. M, v \ p\ \\v \ \ M \ \ M i w. M, v \ (p \<^bold>\ q)\ + then have \\v \ \ M \ \ M i w. M, v \ p\ \\v \ \ M \ \ M i w. M, v \ p \<^bold>\ q\ by simp_all then have \\v \ \ M \ \ M i w. M, v \ q\ by simp then show \M, w \ K i q\ by simp qed theorem generalization: assumes valid: \\(M :: ('i, 'w) kripke) w. M, w \ p\ shows \(M :: ('i, 'w) kripke), w \ K i p\ proof - have \\w' \ \ M i w. M, w' \ p\ using valid by blast then show \M, w \ K i p\ by simp qed theorem truth: assumes \reflexive M\ \w \ \ M\ - shows \M, w \ (K i p \<^bold>\ p)\ + shows \M, w \ K i p \<^bold>\ p\ proof assume \M, w \ K i p\ then have \\v \ \ M \ \ M i w. M, v \ p\ by simp moreover have \w \ \ M i w\ using \reflexive M\ \w \ \ M\ unfolding reflexive_def by blast ultimately show \M, w \ p\ using \w \ \ M\ by simp qed theorem pos_introspection: assumes \transitive M\ \w \ \ M\ - shows \M, w \ (K i p \<^bold>\ K i (K i p))\ + shows \M, w \ K i p \<^bold>\ K i (K i p)\ proof assume \M, w \ K i p\ then have \\v \ \ M \ \ M i w. M, v \ p\ by simp then have \\v \ \ M \ \ M i w. \u \ \ M \ \ M i v. M, u \ p\ using \transitive M\ \w \ \ M\ unfolding transitive_def by blast then have \\v \ \ M \ \ M i w. M, v \ K i p\ by simp then show \M, w \ K i (K i p)\ by simp qed theorem neg_introspection: assumes \symmetric M\ \transitive M\ \w \ \ M\ - shows \M, w \ (\<^bold>\ K i p \<^bold>\ K i (\<^bold>\ K i p))\ + shows \M, w \ \<^bold>\ K i p \<^bold>\ K i (\<^bold>\ K i p)\ proof assume \M, w \ \<^bold>\ (K i p)\ then obtain u where \u \ \ M i w\ \\ (M, u \ p)\ \u \ \ M\ by auto moreover have \\v \ \ M \ \ M i w. u \ \ M \ \ M i v\ using \u \ \ M i w\ \symmetric M\ \transitive M\ \u \ \ M\ \w \ \ M\ unfolding symmetric_def transitive_def by blast ultimately have \\v \ \ M \ \ M i w. M, v \ \<^bold>\ K i p\ by auto then show \M, w \ K i (\<^bold>\ K i p)\ by simp qed section \Normal Modal Logic\ primrec eval :: \(id \ bool) \ ('i fm \ bool) \ 'i fm \ bool\ where \eval _ _ \<^bold>\ = False\ | \eval g _ (Pro x) = g x\ | \eval g h (p \<^bold>\ q) = (eval g h p \ eval g h q)\ | \eval g h (p \<^bold>\ q) = (eval g h p \ eval g h q)\ | \eval g h (p \<^bold>\ q) = (eval g h p \ eval g h q)\ | \eval _ h (K i p) = h (K i p)\ abbreviation \tautology p \ \g h. eval g h p\ -inductive AK :: \('i fm \ bool) \ 'i fm \ bool\ (\_ \ _\ [20, 20] 20) +inductive AK :: \('i fm \ bool) \ 'i fm \ bool\ (\_ \ _\ [50, 50] 50) for A :: \'i fm \ bool\ where A1: \tautology p \ A \ p\ | A2: \A \ K i p \<^bold>\ K i (p \<^bold>\ q) \<^bold>\ K i q\ | Ax: \A p \ A \ p\ | R1: \A \ p \ A \ p \<^bold>\ q \ A \ q\ | R2: \A \ p \ A \ K i p\ -primrec imply :: \'i fm list \ 'i fm \ 'i fm\ (infixr \\<^bold>\\ 26) where +primrec imply :: \'i fm list \ 'i fm \ 'i fm\ (infixr \\<^bold>\\ 56) where \([] \<^bold>\ q) = q\ | \(p # ps \<^bold>\ q) = (p \<^bold>\ ps \<^bold>\ q)\ -abbreviation AK_assms (\_, _ \ _\ [20, 20, 20] 20) where - \A, G \ p \ \qs. set qs \ G \ (A \ qs \<^bold>\ p)\ +abbreviation AK_assms (\_; _ \ _\ [50, 50, 50] 50) where + \A; G \ p \ \qs. set qs \ G \ (A \ qs \<^bold>\ p)\ section \Soundness\ lemma eval_semantics: \eval (pi w) (\q. Kripke W pi r, w \ q) p = (Kripke W pi r, w \ p)\ by (induct p) simp_all lemma tautology: assumes \tautology p\ shows \M, w \ p\ proof - from assms have \eval (g w) (\q. Kripke W g r, w \ q) p\ for W g r by simp then have \Kripke W g r, w \ p\ for W g r using eval_semantics by fast then show \M, w \ p\ by (metis kripke.collapse) qed theorem soundness: assumes \\M w p. A p \ P M \ w \ \ M \ M, w \ p\ shows \A \ p \ P M \ w \ \ M \ M, w \ p\ by (induct p arbitrary: w rule: AK.induct) (auto simp: assms tautology) section \Derived rules\ lemma K_A2': \A \ K i (p \<^bold>\ q) \<^bold>\ K i p \<^bold>\ K i q\ proof - have \A \ K i p \<^bold>\ K i (p \<^bold>\ q) \<^bold>\ K i q\ using A2 by fast moreover have \A \ (P \<^bold>\ Q \<^bold>\ R) \<^bold>\ (Q \<^bold>\ P \<^bold>\ R)\ for P Q R by (simp add: A1) ultimately show ?thesis using R1 by fast qed lemma K_map: assumes \A \ p \<^bold>\ q\ shows \A \ K i p \<^bold>\ K i q\ proof - note \A \ p \<^bold>\ q\ then have \A \ K i (p \<^bold>\ q)\ using R2 by fast moreover have \A \ K i (p \<^bold>\ q) \<^bold>\ K i p \<^bold>\ K i q\ using K_A2' by fast ultimately show ?thesis using R1 by fast qed lemma K_LK: \A \ (L i (\<^bold>\ p) \<^bold>\ \<^bold>\ K i p)\ proof - have \A \ (p \<^bold>\ \<^bold>\ \<^bold>\ p)\ by (simp add: A1) moreover have \A \ ((P \<^bold>\ Q) \<^bold>\ (\<^bold>\ Q \<^bold>\ \<^bold>\ P))\ for P Q using A1 by force ultimately show ?thesis using K_map R1 by fast qed lemma K_imply_head: \A \ (p # ps \<^bold>\ p)\ proof - have \tautology (p # ps \<^bold>\ p)\ by (induct ps) simp_all then show ?thesis using A1 by blast qed lemma K_imply_Cons: assumes \A \ ps \<^bold>\ q\ shows \A \ p # ps \<^bold>\ q\ proof - have \A \ (ps \<^bold>\ q \<^bold>\ p # ps \<^bold>\ q)\ by (simp add: A1) with R1 assms show ?thesis . qed lemma K_right_mp: assumes \A \ ps \<^bold>\ p\ \A \ ps \<^bold>\ (p \<^bold>\ q)\ shows \A \ ps \<^bold>\ q\ proof - have \tautology (ps \<^bold>\ p \<^bold>\ ps \<^bold>\ (p \<^bold>\ q) \<^bold>\ ps \<^bold>\ q)\ by (induct ps) simp_all with A1 have \A \ ps \<^bold>\ p \<^bold>\ ps \<^bold>\ (p \<^bold>\ q) \<^bold>\ ps \<^bold>\ q\ . then show ?thesis using assms R1 by blast qed lemma tautology_imply_superset: assumes \set ps \ set qs\ shows \tautology (ps \<^bold>\ r \<^bold>\ qs \<^bold>\ r)\ proof (rule ccontr) assume \\ tautology (ps \<^bold>\ r \<^bold>\ qs \<^bold>\ r)\ then obtain g h where \\ eval g h (ps \<^bold>\ r \<^bold>\ qs \<^bold>\ r)\ by blast then have \eval g h (ps \<^bold>\ r)\ \\ eval g h (qs \<^bold>\ r)\ by simp_all then consider (np) \\p \ set ps. \ eval g h p\ | (r) \\p \ set ps. eval g h p\ \eval g h r\ by (induct ps) auto then show False proof cases case np then have \\p \ set qs. \ eval g h p\ using \set ps \ set qs\ by blast then have \eval g h (qs \<^bold>\ r)\ by (induct qs) simp_all then show ?thesis using \\ eval g h (qs \<^bold>\ r)\ by blast next case r then have \eval g h (qs \<^bold>\ r)\ by (induct qs) simp_all then show ?thesis using \\ eval g h (qs \<^bold>\ r)\ by blast qed qed lemma K_imply_weaken: assumes \A \ ps \<^bold>\ q\ \set ps \ set ps'\ shows \A \ ps' \<^bold>\ q\ proof - have \tautology (ps \<^bold>\ q \<^bold>\ ps' \<^bold>\ q)\ using \set ps \ set ps'\ tautology_imply_superset by blast - then have \A \ (ps \<^bold>\ q \<^bold>\ ps' \<^bold>\ q)\ + then have \A \ ps \<^bold>\ q \<^bold>\ ps' \<^bold>\ q\ using A1 by blast then show ?thesis using \A \ ps \<^bold>\ q\ R1 by blast qed lemma imply_append: \(ps @ ps' \<^bold>\ q) = (ps \<^bold>\ ps' \<^bold>\ q)\ by (induct ps) simp_all lemma K_ImpI: assumes \A \ p # G \<^bold>\ q\ shows \A \ G \<^bold>\ (p \<^bold>\ q)\ proof - have \set (p # G) \ set (G @ [p])\ by simp then have \A \ G @ [p] \<^bold>\ q\ using assms K_imply_weaken by blast then have \A \ G \<^bold>\ [p] \<^bold>\ q\ using imply_append by metis then show ?thesis by simp qed lemma K_Boole: assumes \A \ (\<^bold>\ p) # G \<^bold>\ \<^bold>\\ shows \A \ G \<^bold>\ p\ proof - have \A \ G \<^bold>\ \<^bold>\ \<^bold>\ p\ using assms K_ImpI by blast moreover have \tautology (G \<^bold>\ \<^bold>\ \<^bold>\ p \<^bold>\ G \<^bold>\ p)\ by (induct G) simp_all then have \A \ (G \<^bold>\ \<^bold>\ \<^bold>\ p \<^bold>\ G \<^bold>\ p)\ using A1 by blast ultimately show ?thesis using R1 by blast qed lemma K_DisE: assumes \A \ p # G \<^bold>\ r\ \A \ q # G \<^bold>\ r\ \A \ G \<^bold>\ p \<^bold>\ q\ shows \A \ G \<^bold>\ r\ proof - have \tautology (p # G \<^bold>\ r \<^bold>\ q # G \<^bold>\ r \<^bold>\ G \<^bold>\ p \<^bold>\ q \<^bold>\ G \<^bold>\ r)\ by (induct G) auto then have \A \ p # G \<^bold>\ r \<^bold>\ q # G \<^bold>\ r \<^bold>\ G \<^bold>\ p \<^bold>\ q \<^bold>\ G \<^bold>\ r\ using A1 by blast then show ?thesis using assms R1 by blast qed lemma K_mp: \A \ p # (p \<^bold>\ q) # G \<^bold>\ q\ by (meson K_imply_head K_imply_weaken K_right_mp set_subset_Cons) lemma K_swap: assumes \A \ p # q # G \<^bold>\ r\ shows \A \ q # p # G \<^bold>\ r\ using assms K_ImpI by (metis imply.simps(1-2)) lemma K_DisL: assumes \A \ p # ps \<^bold>\ q\ \A \ p' # ps \<^bold>\ q\ shows \A \ (p \<^bold>\ p') # ps \<^bold>\ q\ proof - have \A \ p # (p \<^bold>\ p') # ps \<^bold>\ q\ \A \ p' # (p \<^bold>\ p') # ps \<^bold>\ q\ using assms K_swap K_imply_Cons by blast+ moreover have \A \ (p \<^bold>\ p') # ps \<^bold>\ p \<^bold>\ p'\ using K_imply_head by blast ultimately show ?thesis using K_DisE by blast qed lemma K_distrib_K_imp: assumes \A \ K i (G \<^bold>\ q)\ shows \A \ map (K i) G \<^bold>\ K i q\ proof - have \A \ (K i (G \<^bold>\ q) \<^bold>\ map (K i) G \<^bold>\ K i q)\ proof (induct G) case Nil then show ?case by (simp add: A1) next case (Cons a G) have \A \ K i a \<^bold>\ K i (a # G \<^bold>\ q) \<^bold>\ K i (G \<^bold>\ q)\ by (simp add: A2) moreover have \A \ ((K i a \<^bold>\ K i (a # G \<^bold>\ q) \<^bold>\ K i (G \<^bold>\ q)) \<^bold>\ (K i (G \<^bold>\ q) \<^bold>\ map (K i) G \<^bold>\ K i q) \<^bold>\ (K i a \<^bold>\ K i (a # G \<^bold>\ q) \<^bold>\ map (K i) G \<^bold>\ K i q))\ by (simp add: A1) ultimately have \A \ K i a \<^bold>\ K i (a # G \<^bold>\ q) \<^bold>\ map (K i) G \<^bold>\ K i q\ using Cons R1 by blast moreover have \A \ ((K i a \<^bold>\ K i (a # G \<^bold>\ q) \<^bold>\ map (K i) G \<^bold>\ K i q) \<^bold>\ (K i (a # G \<^bold>\ q) \<^bold>\ K i a \<^bold>\ map (K i) G \<^bold>\ K i q))\ by (simp add: A1) ultimately have \A \ (K i (a # G \<^bold>\ q) \<^bold>\ K i a \<^bold>\ map (K i) G \<^bold>\ K i q)\ using R1 by blast then show ?case by simp qed then show ?thesis using assms R1 by blast qed +lemma K_trans: \A \ (p \<^bold>\ q) \<^bold>\ (q \<^bold>\ r) \<^bold>\ p \<^bold>\ r\ + by (auto intro: A1) + +lemma K_L_dual: \A \ \<^bold>\ L i (\<^bold>\ p) \<^bold>\ K i p\ +proof - + have \A \ K i p \<^bold>\ K i p\ \A \ \<^bold>\ \<^bold>\ p \<^bold>\ p\ + by (auto intro: A1) + then have \A \ K i (\<^bold>\ \<^bold>\ p) \<^bold>\ K i p\ + by (auto intro: K_map) + moreover have \A \ (P \<^bold>\ Q) \<^bold>\ (\<^bold>\ \<^bold>\ P \<^bold>\ Q)\ for P Q + by (auto intro: A1) + ultimately show \A \ \<^bold>\ \<^bold>\ K i (\<^bold>\ \<^bold>\ p) \<^bold>\ K i p\ + by (auto intro: R1) +qed + section \Strong Soundness\ abbreviation validStar :: \(('i, 'w) kripke \ bool) \ 'i fm set \ 'i fm \ bool\ (\valid\\) where \valid\ P G p \ \M. \w \ \ M. P M \ (\q \ G. M, w \ q) \ M, w \ p\ corollary soundness_imply: assumes \\M w p. A p \ P M \ w \ \ M \ M, w \ p\ shows \A \ ps \<^bold>\ p \ valid\ P (set ps) p\ proof (induct ps arbitrary: p) case Nil then show ?case using soundness[of A P p] assms by simp next case (Cons a ps) then show ?case using K_ImpI by fastforce qed theorem strong_soundness: assumes \\M w p. A p \ P M \ w \ \ M \ M, w \ p\ - shows \A, G \ p \ valid\ P G p\ + shows \A; G \ p \ valid\ P G p\ proof safe fix qs w and M :: \('a, 'b) kripke\ assume \A \ qs \<^bold>\ p\ moreover assume \set qs \ G\ \\q \ G. M, w \ q\ then have \\q \ set qs. M, w \ q\ using \set qs \ G\ by blast moreover assume \P M\ \w \ \ M\ ultimately show \M, w \ p\ using soundness_imply[of A P qs p] assms by blast qed section \Completeness\ subsection \Consistent sets\ definition consistent :: \('i fm \ bool) \ 'i fm set \ bool\ where - \consistent A S \ \S'. set S' \ S \ (A \ S' \<^bold>\ \<^bold>\)\ + \consistent A S \ \ (A; S \ \<^bold>\)\ lemma inconsistent_subset: assumes \consistent A V\ \\ consistent A ({p} \ V)\ obtains V' where \set V' \ V\ \A \ p # V' \<^bold>\ \<^bold>\\ proof - obtain V' where V': \set V' \ ({p} \ V)\ \p \ set V'\ \A \ V' \<^bold>\ \<^bold>\\ using assms unfolding consistent_def by blast then have *: \A \ p # V' \<^bold>\ \<^bold>\\ using K_imply_Cons by blast let ?S = \removeAll p V'\ have \set (p # V') \ set (p # ?S)\ by auto then have \A \ p # ?S \<^bold>\ \<^bold>\\ using * K_imply_weaken by blast moreover have \set ?S \ V\ using V'(1) by (metis Diff_subset_conv set_removeAll) ultimately show ?thesis using that by blast qed lemma consistent_consequent: assumes \consistent A V\ \p \ V\ \A \ p \<^bold>\ q\ shows \consistent A ({q} \ V)\ proof - have \\V'. set V' \ V \ \ (A \ p # V' \<^bold>\ \<^bold>\)\ using \consistent A V\ \p \ V\ unfolding consistent_def by (metis insert_subset list.simps(15)) then have \\V'. set V' \ V \ \ (A \ q # V' \<^bold>\ \<^bold>\)\ using \A \ (p \<^bold>\ q)\ K_imply_head K_right_mp by (metis imply.simps(1-2)) then show ?thesis using \consistent A V\ inconsistent_subset by metis qed lemma consistent_consequent': assumes \consistent A V\ \p \ V\ \tautology (p \<^bold>\ q)\ shows \consistent A ({q} \ V)\ using assms consistent_consequent A1 by blast lemma consistent_disjuncts: assumes \consistent A V\ \(p \<^bold>\ q) \ V\ shows \consistent A ({p} \ V) \ consistent A ({q} \ V)\ proof (rule ccontr) assume \\ ?thesis\ then have \\ consistent A ({p} \ V)\ \\ consistent A ({q} \ V)\ by blast+ then obtain S' T' where S': \set S' \ V\ \A \ p # S' \<^bold>\ \<^bold>\\ and T': \set T' \ V\ \A \ q # T' \<^bold>\ \<^bold>\\ using \consistent A V\ inconsistent_subset by metis from S' have p: \A \ p # S' @ T' \<^bold>\ \<^bold>\\ by (metis K_imply_weaken Un_upper1 append_Cons set_append) moreover from T' have q: \A \ q # S' @ T' \<^bold>\ \<^bold>\\ by (metis K_imply_head K_right_mp R1 imply.simps(2) imply_append) ultimately have \A \ (p \<^bold>\ q) # S' @ T' \<^bold>\ \<^bold>\\ using K_DisL by blast then have \A \ S' @ T' \<^bold>\ \<^bold>\\ using S'(1) T'(1) p q \consistent A V\ \(p \<^bold>\ q) \ V\ unfolding consistent_def by (metis Un_subset_iff insert_subset list.simps(15) set_append) moreover have \set (S' @ T') \ V\ by (simp add: S'(1) T'(1)) ultimately show False using \consistent A V\ unfolding consistent_def by blast qed lemma exists_finite_inconsistent: assumes \\ consistent A ({\<^bold>\ p} \ V)\ obtains W where \{\<^bold>\ p} \ W \ {\<^bold>\ p} \ V\ \(\<^bold>\ p) \ W\ \finite W\ \\ consistent A ({\<^bold>\ p} \ W)\ proof - obtain W' where W': \set W' \ {\<^bold>\ p} \ V\ \A \ W' \<^bold>\ \<^bold>\\ using assms unfolding consistent_def by blast let ?S = \removeAll (\<^bold>\ p) W'\ have \\ consistent A ({\<^bold>\ p} \ set ?S)\ unfolding consistent_def using W'(2) by auto moreover have \finite (set ?S)\ by blast moreover have \{\<^bold>\ p} \ set ?S \ {\<^bold>\ p} \ V\ using W'(1) by auto moreover have \(\<^bold>\ p) \ set ?S\ by simp ultimately show ?thesis by (meson that) qed lemma inconsistent_imply: assumes \\ consistent A ({\<^bold>\ p} \ set G)\ shows \A \ G \<^bold>\ p\ using assms K_Boole K_imply_weaken unfolding consistent_def by (metis insert_is_Un list.simps(15)) subsection \Maximal consistent sets\ definition maximal :: \('i fm \ bool) \ 'i fm set \ bool\ where \maximal A S \ \p. p \ S \ \ consistent A ({p} \ S)\ theorem deriv_in_maximal: assumes \consistent A V\ \maximal A V\ \A \ p\ shows \p \ V\ using assms R1 inconsistent_subset unfolding consistent_def maximal_def by (metis imply.simps(2)) theorem exactly_one_in_maximal: assumes \consistent A V\ \maximal A V\ shows \p \ V \ (\<^bold>\ p) \ V\ proof assume \p \ V\ then show \(\<^bold>\ p) \ V\ using assms K_mp unfolding consistent_def maximal_def by (metis empty_subsetI insert_subset list.set(1) list.simps(15)) next assume \(\<^bold>\ p) \ V\ have \A \ (p \<^bold>\ \<^bold>\ p)\ by (simp add: A1) then have \(p \<^bold>\ \<^bold>\ p) \ V\ using assms deriv_in_maximal by blast then have \consistent A ({p} \ V) \ consistent A ({\<^bold>\ p} \ V)\ using assms consistent_disjuncts by blast then show \p \ V\ using \maximal A V\ \(\<^bold>\ p) \ V\ unfolding maximal_def by blast qed theorem consequent_in_maximal: assumes \consistent A V\ \maximal A V\ \p \ V\ \(p \<^bold>\ q) \ V\ shows \q \ V\ proof - have \\V'. set V' \ V \ \ (A \ p # (p \<^bold>\ q) # V' \<^bold>\ \<^bold>\)\ using \consistent A V\ \p \ V\ \(p \<^bold>\ q) \ V\ unfolding consistent_def by (metis insert_subset list.simps(15)) then have \\V'. set V' \ V \ \ (A \ q # V' \<^bold>\ \<^bold>\)\ by (meson K_mp K_ImpI K_imply_weaken K_right_mp set_subset_Cons) then have \consistent A ({q} \ V)\ using \consistent A V\ inconsistent_subset by metis then show ?thesis using \maximal A V\ unfolding maximal_def by fast qed theorem ax_in_maximal: assumes \consistent A V\ \maximal A V\ \A p\ shows \p \ V\ using assms deriv_in_maximal Ax by blast theorem mcs_properties: assumes \consistent A V\ and \maximal A V\ shows \A \ p \ p \ V\ and \p \ V \ (\<^bold>\ p) \ V\ and \p \ V \ (p \<^bold>\ q) \ V \ q \ V\ using assms deriv_in_maximal exactly_one_in_maximal consequent_in_maximal by blast+ subsection \Lindenbaum extension\ instantiation fm :: (countable) countable begin instance by countable_datatype end primrec extend :: \('i fm \ bool) \ 'i fm set \ (nat \ 'i fm) \ nat \ 'i fm set\ where \extend A S f 0 = S\ | \extend A S f (Suc n) = (if consistent A ({f n} \ extend A S f n) then {f n} \ extend A S f n else extend A S f n)\ definition Extend :: \('i fm \ bool) \ 'i fm set \ (nat \ 'i fm) \ 'i fm set\ where \Extend A S f \ \n. extend A S f n\ lemma Extend_subset: \S \ Extend A S f\ unfolding Extend_def using Union_upper extend.simps(1) range_eqI by metis lemma extend_bound: \(\n \ m. extend A S f n) = extend A S f m\ by (induct m) (simp_all add: atMost_Suc) lemma consistent_extend: \consistent A S \ consistent A (extend A S f n)\ by (induct n) simp_all lemma UN_finite_bound: assumes \finite A\ \A \ (\n. f n)\ shows \\m :: nat. A \ (\n \ m. f n)\ using assms proof (induct rule: finite_induct) case (insert x A) then obtain m where \A \ (\n \ m. f n)\ by fast then have \A \ (\n \ (m + k). f n)\ for k by fastforce moreover obtain m' where \x \ f m'\ using insert(4) by blast ultimately have \{x} \ A \ (\n \ m + m'. f n)\ by auto then show ?case by blast qed simp lemma consistent_Extend: assumes \consistent A S\ shows \consistent A (Extend A S f)\ unfolding Extend_def proof (rule ccontr) assume \\ consistent A (\n. extend A S f n)\ then obtain S' where \A \ S' \<^bold>\ \<^bold>\\ \set S' \ (\n. extend A S f n)\ unfolding consistent_def by blast then obtain m where \set S' \ (\n \ m. extend A S f n)\ using UN_finite_bound by (metis List.finite_set) then have \set S' \ extend A S f m\ using extend_bound by blast moreover have \consistent A (extend A S f m)\ using assms consistent_extend by blast ultimately show False unfolding consistent_def using \A \ S' \<^bold>\ \<^bold>\\ by blast qed lemma maximal_Extend: assumes \surj f\ shows \maximal A (Extend A S f)\ proof (rule ccontr) assume \\ maximal A (Extend A S f)\ then obtain p where \p \ Extend A S f\ \consistent A ({p} \ Extend A S f)\ unfolding maximal_def using assms consistent_Extend by blast obtain k where n: \f k = p\ using \surj f\ unfolding surj_def by metis then have \p \ extend A S f (Suc k)\ using \p \ Extend A S f\ unfolding Extend_def by blast then have \\ consistent A ({p} \ extend A S f k)\ using n by fastforce moreover have \{p} \ extend A S f k \ {p} \ Extend A S f\ unfolding Extend_def by blast ultimately have \\ consistent A ({p} \ Extend A S f)\ unfolding consistent_def by fastforce then show False using \consistent A ({p} \ Extend A S f)\ by blast qed lemma maximal_extension: fixes V :: \('i :: countable) fm set\ assumes \consistent A V\ obtains W where \V \ W\ \consistent A W\ \maximal A W\ proof - let ?W = \Extend A V from_nat\ have \V \ ?W\ using Extend_subset by blast moreover have \consistent A ?W\ using assms consistent_Extend by blast moreover have \maximal A ?W\ using assms maximal_Extend surj_from_nat by blast ultimately show ?thesis using that by blast qed subsection \Canonical model\ abbreviation pi :: \'i fm set \ id \ bool\ where \pi V x \ Pro x \ V\ abbreviation known :: \'i fm set \ 'i \ 'i fm set\ where \known V i \ {p. K i p \ V}\ abbreviation reach :: \('i fm \ bool) \ 'i \ 'i fm set \ 'i fm set set\ where \reach A i V \ {W. known V i \ W}\ abbreviation mcss :: \('i fm \ bool) \ 'i fm set set\ where \mcss A \ {W. consistent A W \ maximal A W}\ abbreviation canonical :: \('i fm \ bool) \ ('i, 'i fm set) kripke\ where \canonical A \ Kripke (mcss A) pi (reach A)\ lemma truth_lemma: - fixes A and p :: \('i :: countable) fm\ + fixes p :: \('i :: countable) fm\ assumes \consistent A V\ and \maximal A V\ shows \p \ V \ canonical A, V \ p\ using assms proof (induct p arbitrary: V) case FF then show ?case proof safe assume \\<^bold>\ \ V\ then have False using \consistent A V\ K_imply_head unfolding consistent_def by (metis bot.extremum insert_subset list.set(1) list.simps(15)) then show \canonical A, V \ \<^bold>\\ .. next assume \canonical A, V \ \<^bold>\\ then show \\<^bold>\ \ V\ by simp qed next case (Pro x) then show ?case by simp next case (Dis p q) then show ?case proof safe assume \(p \<^bold>\ q) \ V\ then have \consistent A ({p} \ V) \ consistent A ({q} \ V)\ using \consistent A V\ consistent_disjuncts by blast then have \p \ V \ q \ V\ using \maximal A V\ unfolding maximal_def by fast then show \canonical A, V \ (p \<^bold>\ q)\ using Dis by simp next assume \canonical A, V \ (p \<^bold>\ q)\ then consider \canonical A, V \ p\ | \canonical A, V \ q\ by auto then have \p \ V \ q \ V\ using Dis by auto moreover have \A \ p \<^bold>\ p \<^bold>\ q\ \A \ q \<^bold>\ p \<^bold>\ q\ by (auto simp: A1) ultimately show \(p \<^bold>\ q) \ V\ using Dis.prems deriv_in_maximal consequent_in_maximal by blast qed next case (Con p q) then show ?case proof safe assume \(p \<^bold>\ q) \ V\ then have \consistent A ({p} \ V)\ \consistent A ({q} \ V)\ using \consistent A V\ consistent_consequent' by fastforce+ then have \p \ V\ \q \ V\ using \maximal A V\ unfolding maximal_def by fast+ then show \canonical A, V \ (p \<^bold>\ q)\ using Con by simp next assume \canonical A, V \ (p \<^bold>\ q)\ then have \canonical A, V \ p\ \canonical A, V \ q\ by auto then have \p \ V\ \q \ V\ using Con by auto moreover have \A \ p \<^bold>\ q \<^bold>\ p \<^bold>\ q\ by (auto simp: A1) ultimately show \(p \<^bold>\ q) \ V\ using Con.prems deriv_in_maximal consequent_in_maximal by blast qed next case (Imp p q) then show ?case proof safe assume \(p \<^bold>\ q) \ V\ then have \consistent A ({\<^bold>\ p \<^bold>\ q} \ V)\ using \consistent A V\ consistent_consequent' by fastforce then have \consistent A ({\<^bold>\ p} \ V) \ consistent A ({q} \ V)\ using \consistent A V\ \maximal A V\ consistent_disjuncts unfolding maximal_def by blast then have \(\<^bold>\ p) \ V \ q \ V\ using \maximal A V\ unfolding maximal_def by fast then have \p \ V \ q \ V\ using Imp.prems exactly_one_in_maximal by blast then show \canonical A, V \ (p \<^bold>\ q)\ using Imp by simp next assume \canonical A, V \ (p \<^bold>\ q)\ then consider \\ canonical A, V \ p\ | \canonical A, V \ q\ by auto then have \p \ V \ q \ V\ using Imp by auto then have \(\<^bold>\ p) \ V \ q \ V\ using Imp.prems exactly_one_in_maximal by blast moreover have \A \ \<^bold>\ p \<^bold>\ p \<^bold>\ q\ \A \ q \<^bold>\ p \<^bold>\ q\ by (auto simp: A1) ultimately show \(p \<^bold>\ q) \ V\ using Imp.prems deriv_in_maximal consequent_in_maximal by blast qed next case (K i p) then show ?case proof safe assume \K i p \ V\ then show \canonical A, V \ K i p\ using K.hyps by auto next assume \canonical A, V \ K i p\ have \\ consistent A ({\<^bold>\ p} \ known V i)\ proof assume \consistent A ({\<^bold>\ p} \ known V i)\ then obtain W where W: \{\<^bold>\ p} \ known V i \ W\ \consistent A W\ \maximal A W\ using \consistent A V\ maximal_extension by blast then have \canonical A, W \ \<^bold>\ p\ using K \consistent A V\ exactly_one_in_maximal by auto moreover have \W \ reach A i V\ \W \ mcss A\ using W by simp_all ultimately have \canonical A, V \ \<^bold>\ K i p\ by auto then show False using \canonical A, V \ K i p\ by auto qed then obtain W where W: \{\<^bold>\ p} \ W \ {\<^bold>\ p} \ known V i\ \(\<^bold>\ p) \ W\ \finite W\ \\ consistent A ({\<^bold>\ p} \ W)\ using exists_finite_inconsistent by metis obtain L where L: \set L = W\ using \finite W\ finite_list by blast then have \A \ L \<^bold>\ p\ using W(4) inconsistent_imply by blast then have \A \ K i (L \<^bold>\ p)\ using R2 by fast then have \A \ map (K i) L \<^bold>\ K i p\ using K_distrib_K_imp by fast then have \(map (K i) L \<^bold>\ K i p) \ V\ using deriv_in_maximal K.prems(1, 2) by blast then show \K i p \ V\ using L W(1-2) proof (induct L arbitrary: W) case (Cons a L) then have \K i a \ V\ by auto then have \(map (K i) L \<^bold>\ K i p) \ V\ using Cons(2) \consistent A V\ \maximal A V\ consequent_in_maximal by auto then show ?case using Cons by auto qed simp qed qed lemma canonical_model: assumes \consistent A S\ and \p \ S\ defines \V \ Extend A S from_nat\ and \M \ canonical A\ shows \M, V \ p\ and \consistent A V\ and \maximal A V\ proof - have \consistent A V\ using \consistent A S\ unfolding V_def using consistent_Extend by blast have \maximal A V\ unfolding V_def using maximal_Extend surj_from_nat by blast - { fix x assume \x \ S\ then have \x \ V\ unfolding V_def using Extend_subset by blast then have \M, V \ x\ unfolding M_def using truth_lemma \consistent A V\ \maximal A V\ by blast } then show \M, V \ p\ using \p \ S\ by blast+ show \consistent A V\ \maximal A V\ by fact+ qed subsection \Completeness\ abbreviation valid :: \(('i :: countable, 'i fm set) kripke \ bool) \ 'i fm set \ 'i fm \ bool\ - (\valid\) where \valid \ valid\\ + where \valid \ valid\\ theorem strong_completeness: assumes \valid P G p\ and \P (canonical A)\ - shows \\qs. set qs \ G \ (A \ qs \<^bold>\ p)\ + shows \A; G \ p\ proof (rule ccontr) assume \\qs. set qs \ G \ (A \ qs \<^bold>\ p)\ then have *: \\qs. set qs \ G \ \ (A \ (\<^bold>\ p) # qs \<^bold>\ \<^bold>\)\ using K_Boole by blast let ?S = \{\<^bold>\ p} \ G\ let ?V = \Extend A ?S from_nat\ let ?M = \canonical A\ have \consistent A ?S\ using * by (metis K_imply_Cons consistent_def inconsistent_subset) then have \?M, ?V \ (\<^bold>\ p)\ \\q \ G. ?M, ?V \ q\ using canonical_model by fastforce+ moreover have \?V \ mcss A\ using \consistent A ?S\ consistent_Extend maximal_Extend surj_from_nat by blast ultimately have \?M, ?V \ p\ using assms by simp then show False using \?M, ?V \ (\<^bold>\ p)\ by simp qed corollary completeness: assumes \valid P {} p\ and \P (canonical A)\ shows \A \ p\ using assms strong_completeness[where G=\{}\] by simp corollary completeness\<^sub>A: assumes \valid (\_. True) {} p\ shows \A \ p\ using assms completeness by blast section \System K\ abbreviation SystemK (\_ \\<^sub>K _\ [50] 50) where - \G \\<^sub>K p \ (\_. False), G \ p\ + \G \\<^sub>K p \ (\_. False); G \ p\ lemma strong_soundness\<^sub>K: \G \\<^sub>K p \ valid\ P G p\ using strong_soundness[of \\_. False\ \\_. True\] by fast abbreviation \valid\<^sub>K \ valid (\_. True)\ lemma strong_completeness\<^sub>K: \valid\<^sub>K G p \ G \\<^sub>K p\ using strong_completeness[of \\_. True\] by blast theorem main\<^sub>K: \valid\<^sub>K G p \ G \\<^sub>K p\ using strong_soundness\<^sub>K[of G p] strong_completeness\<^sub>K[of G p] by fast corollary \valid\<^sub>K G p \ valid\ (\_. True) G p\ using strong_soundness\<^sub>K[of G p] strong_completeness\<^sub>K[of G p] by fast section \System T\ text \Also known as System M\ inductive AxT :: \'i fm \ bool\ where \AxT (K i p \<^bold>\ p)\ abbreviation SystemT (\_ \\<^sub>T _\ [50, 50] 50) where - \G \\<^sub>T p \ AxT, G \ p\ + \G \\<^sub>T p \ AxT; G \ p\ lemma soundness_AxT: \AxT p \ reflexive M \ w \ \ M \ M, w \ p\ by (induct p rule: AxT.induct) (meson truth) lemma strong_soundness\<^sub>T: \G \\<^sub>T p \ valid\ reflexive G p\ using strong_soundness soundness_AxT . lemma AxT_reflexive: assumes \AxT \ A\ and \consistent A V\ and \maximal A V\ shows \V \ reach A i V\ proof - have \(K i p \<^bold>\ p) \ V\ for p using assms ax_in_maximal AxT.intros by fast then have \p \ V\ if \K i p \ V\ for p using that assms consequent_in_maximal by blast then show ?thesis using assms by blast qed lemma reflexive\<^sub>T: assumes \AxT \ A\ shows \reflexive (canonical A)\ unfolding reflexive_def proof safe fix i V assume \V \ \ (canonical A)\ then have \consistent A V\ \maximal A V\ by simp_all with AxT_reflexive assms have \V \ reach A i V\ . then show \V \ \ (canonical A) i V\ by simp qed abbreviation \valid\<^sub>T \ valid reflexive\ lemma strong_completeness\<^sub>T: \valid\<^sub>T G p \ G \\<^sub>T p\ using strong_completeness reflexive\<^sub>T by blast theorem main\<^sub>T: \valid\<^sub>T G p \ G \\<^sub>T p\ using strong_soundness\<^sub>T[of G p] strong_completeness\<^sub>T[of G p] by fast corollary \valid\<^sub>T G p \ valid\ reflexive G p\ using strong_soundness\<^sub>T[of G p] strong_completeness\<^sub>T[of G p] by fast section \System KB\ inductive AxB :: \'i fm \ bool\ where \AxB (p \<^bold>\ K i (L i p))\ abbreviation SystemKB (\_ \\<^sub>K\<^sub>B _\ [50, 50] 50) where - \G \\<^sub>K\<^sub>B p \ AxB, G \ p\ + \G \\<^sub>K\<^sub>B p \ AxB; G \ p\ lemma soundness_AxB: \AxB p \ symmetric M \ w \ \ M \ M, w \ p\ unfolding symmetric_def by (induct p rule: AxB.induct) auto lemma strong_soundness\<^sub>K\<^sub>B: \G \\<^sub>K\<^sub>B p \ valid\ symmetric G p\ using strong_soundness soundness_AxB . lemma AxB_symmetric': assumes \AxB \ A\ \consistent A V\ \maximal A V\ \consistent A W\ \maximal A W\ and \W \ reach A i V\ shows \V \ reach A i W\ proof - have \\p. K i p \ W \ p \ V\ - proof (intro allI impI, rule ccontr) + proof (safe, rule ccontr) fix p assume \K i p \ W\ \p \ V\ then have \(\<^bold>\ p) \ V\ using assms(2-3) exactly_one_in_maximal by fast then have \K i (L i (\<^bold>\ p)) \ V\ using assms(1-3) ax_in_maximal AxB.intros consequent_in_maximal by fast then have \L i (\<^bold>\ p) \ W\ using \W \ reach A i V\ by fast then have \(\<^bold>\ K i p) \ W\ using assms(4-5) by (meson K_LK consistent_consequent maximal_def) then show False using \K i p \ W\ assms(4-5) exactly_one_in_maximal by fast qed then have \known W i \ V\ by blast then show ?thesis using assms(2-3) by simp qed lemma symmetric\<^sub>K\<^sub>B: assumes \AxB \ A\ shows \symmetric (canonical A)\ unfolding symmetric_def proof (intro allI ballI) fix i V W assume \V \ \ (canonical A)\ \W \ \ (canonical A)\ then have \consistent A V\ \maximal A V\ \consistent A W\ \maximal A W\ by simp_all with AxB_symmetric' assms have \W \ reach A i V \ V \ reach A i W\ by metis then show \(W \ \ (canonical A) i V) = (V \ \ (canonical A) i W)\ by simp qed abbreviation \valid\<^sub>K\<^sub>B \ valid symmetric\ lemma strong_completeness\<^sub>K\<^sub>B: \valid\<^sub>K\<^sub>B G p \ G \\<^sub>K\<^sub>B p\ using strong_completeness symmetric\<^sub>K\<^sub>B by blast theorem main\<^sub>K\<^sub>B: \valid\<^sub>K\<^sub>B G p \ G \\<^sub>K\<^sub>B p\ using strong_soundness\<^sub>K\<^sub>B[of G p] strong_completeness\<^sub>K\<^sub>B[of G p] by fast corollary \valid\<^sub>K\<^sub>B G p \ valid\ symmetric G p\ using strong_soundness\<^sub>K\<^sub>B[of G p] strong_completeness\<^sub>K\<^sub>B[of G p] by fast section \System K4\ inductive Ax4 :: \'i fm \ bool\ where \Ax4 (K i p \<^bold>\ K i (K i p))\ abbreviation SystemK4 (\_ \\<^sub>K\<^sub>4 _\ [50, 50] 50) where - \G \\<^sub>K\<^sub>4 p \ Ax4, G \ p\ + \G \\<^sub>K\<^sub>4 p \ Ax4; G \ p\ lemma soundness_Ax4: \Ax4 p \ transitive M \ w \ \ M \ M, w \ p\ by (induct p rule: Ax4.induct) (meson pos_introspection) lemma strong_soundness\<^sub>K\<^sub>4: \G \\<^sub>K\<^sub>4 p \ valid\ transitive G p\ using strong_soundness soundness_Ax4 . lemma Ax4_transitive: assumes \Ax4 \ A\ \consistent A V\ \maximal A V\ and \W \ reach A i V\ \U \ reach A i W\ shows \U \ reach A i V\ proof - have \(K i p \<^bold>\ K i (K i p)) \ V\ for p using assms(1-3) ax_in_maximal Ax4.intros by fast then have \K i (K i p) \ V\ if \K i p \ V\ for p using that assms(2-3) consequent_in_maximal by blast then show ?thesis using assms(4-5) by blast qed lemma transitive\<^sub>K\<^sub>4: assumes \Ax4 \ A\ shows \transitive (canonical A)\ unfolding transitive_def proof safe fix i U V W assume \V \ \ (canonical A)\ then have \consistent A V\ \maximal A V\ by simp_all moreover assume \W \ \ (canonical A) i V\ \U \ \ (canonical A) i W\ ultimately have \U \ reach A i V\ using Ax4_transitive assms by simp then show \U \ \ (canonical A) i V\ by simp qed abbreviation \valid\<^sub>K\<^sub>4 \ valid transitive\ lemma strong_completeness\<^sub>K\<^sub>4: \valid\<^sub>K\<^sub>4 G p \ G \\<^sub>K\<^sub>4 p\ using strong_completeness transitive\<^sub>K\<^sub>4 by blast theorem main\<^sub>K\<^sub>4: \valid\<^sub>K\<^sub>4 G p \ G \\<^sub>K\<^sub>4 p\ using strong_soundness\<^sub>K\<^sub>4[of G p] strong_completeness\<^sub>K\<^sub>4[of G p] by fast corollary \valid\<^sub>K\<^sub>4 G p \ valid\ transitive G p\ using strong_soundness\<^sub>K\<^sub>4[of G p] strong_completeness\<^sub>K\<^sub>4[of G p] by fast +section \System K5\ + +inductive Ax5 :: \'i fm \ bool\ where + \Ax5 (L i p \<^bold>\ K i (L i p))\ + +abbreviation SystemK5 (\_ \\<^sub>K\<^sub>5 _\ [50, 50] 50) where + \G \\<^sub>K\<^sub>5 p \ Ax5; G \ p\ + +lemma soundness_Ax5: \Ax5 p \ Euclidean M \ w \ \ M \ M, w \ p\ + by (induct p rule: Ax5.induct) (unfold Euclidean_def semantics.simps, blast) + +lemma strong_soundness\<^sub>K\<^sub>5: \G \\<^sub>K\<^sub>5 p \ valid\ Euclidean G p\ + using strong_soundness soundness_Ax5 . + +lemma Ax5_Euclidean: + assumes \Ax5 \ A\ + \consistent A U\ \maximal A U\ + \consistent A V\ \maximal A V\ + \consistent A W\ \maximal A W\ + and \V \ reach A i U\ \W \ reach A i U\ + shows \W \ reach A i V\ + using assms +proof - + { fix p + assume \K i p \ V\ \p \ W\ + then have \(\<^bold>\ p) \ W\ + using assms(6-7) exactly_one_in_maximal by fast + then have \L i (\<^bold>\ p) \ U\ + using assms(2-3, 6-7, 9) exactly_one_in_maximal by blast + then have \K i (L i (\<^bold>\ p)) \ U\ + using assms(1-3) ax_in_maximal Ax5.intros consequent_in_maximal by fast + then have \L i (\<^bold>\ p) \ V\ + using assms(8) by blast + then have \\<^bold>\ K i p \ V\ + using assms(4-5) K_LK consequent_in_maximal deriv_in_maximal by fast + then have False + using assms(4-5) \K i p \ V\ exactly_one_in_maximal by fast + } + then show ?thesis + by blast +qed + +lemma Euclidean\<^sub>K\<^sub>5: + assumes \Ax5 \ A\ + shows \Euclidean (canonical A)\ + unfolding Euclidean_def +proof safe + fix i U V W + assume \U \ \ (canonical A)\ \V \ \ (canonical A)\ \W \ \ (canonical A)\ + then have + \consistent A U\ \maximal A U\ + \consistent A V\ \maximal A V\ + \consistent A W\ \maximal A W\ + by simp_all + moreover assume + \V \ \ (canonical A) i U\ + \W \ \ (canonical A) i U\ + ultimately have \W \ reach A i V\ + using Ax5_Euclidean assms by simp + then show \W \ \ (canonical A) i V\ + by simp +qed + +abbreviation \valid\<^sub>K\<^sub>5 \ valid Euclidean\ + +lemma strong_completeness\<^sub>K\<^sub>5: \valid\<^sub>K\<^sub>5 G p \ G \\<^sub>K\<^sub>5 p\ + using strong_completeness Euclidean\<^sub>K\<^sub>5 by blast + +theorem main\<^sub>K\<^sub>5: \valid\<^sub>K\<^sub>5 G p \ G \\<^sub>K\<^sub>5 p\ + using strong_soundness\<^sub>K\<^sub>5[of G p] strong_completeness\<^sub>K\<^sub>5[of G p] by fast + +corollary \valid\<^sub>K\<^sub>5 G p \ valid\ Euclidean G p\ + using strong_soundness\<^sub>K\<^sub>5[of G p] strong_completeness\<^sub>K\<^sub>5[of G p] by fast + section \System S4\ abbreviation Or :: \('a \ bool) \ ('a \ bool) \ 'a \ bool\ (infixl \\\ 65) where - \A \ A' \ \x. A x \ A' x\ + \(A \ A') p \ A p \ A' p\ abbreviation SystemS4 (\_ \\<^sub>S\<^sub>4 _\ [50, 50] 50) where - \G \\<^sub>S\<^sub>4 p \ AxT \ Ax4, G \ p\ + \G \\<^sub>S\<^sub>4 p \ AxT \ Ax4; G \ p\ lemma soundness_AxT4: \(AxT \ Ax4) p \ reflexive M \ transitive M \ w \ \ M \ M, w \ p\ using soundness_AxT soundness_Ax4 by fast lemma strong_soundness\<^sub>S\<^sub>4: \G \\<^sub>S\<^sub>4 p \ valid\ refltrans G p\ using strong_soundness soundness_AxT4 . abbreviation \valid\<^sub>S\<^sub>4 \ valid refltrans\ lemma strong_completeness\<^sub>S\<^sub>4: \valid\<^sub>S\<^sub>4 G p \ G \\<^sub>S\<^sub>4 p\ using strong_completeness[of refltrans] reflexive\<^sub>T[of \AxT \ Ax4\] transitive\<^sub>K\<^sub>4[of \AxT \ Ax4\] by blast theorem main\<^sub>S\<^sub>4: \valid\<^sub>S\<^sub>4 G p \ G \\<^sub>S\<^sub>4 p\ using strong_soundness\<^sub>S\<^sub>4[of G p] strong_completeness\<^sub>S\<^sub>4[of G p] by fast corollary \valid\<^sub>S\<^sub>4 G p \ valid\ refltrans G p\ using strong_soundness\<^sub>S\<^sub>4[of G p] strong_completeness\<^sub>S\<^sub>4[of G p] by fast section \System S5\ +subsection \T + B + 4\ + abbreviation SystemS5 (\_ \\<^sub>S\<^sub>5 _\ [50, 50] 50) where - \G \\<^sub>S\<^sub>5 p \ AxT \ AxB \ Ax4, G \ p\ + \G \\<^sub>S\<^sub>5 p \ AxT \ AxB \ Ax4; G \ p\ abbreviation AxTB4 :: \'i fm \ bool\ where \AxTB4 \ AxT \ AxB \ Ax4\ lemma soundness_AxTB4: \AxTB4 p \ equivalence M \ w \ \ M \ M, w \ p\ using soundness_AxT soundness_AxB soundness_Ax4 by fast lemma strong_soundness\<^sub>S\<^sub>5: \G \\<^sub>S\<^sub>5 p \ valid\ equivalence G p\ using strong_soundness soundness_AxTB4 . abbreviation \valid\<^sub>S\<^sub>5 \ valid equivalence\ lemma strong_completeness\<^sub>S\<^sub>5: \valid\<^sub>S\<^sub>5 G p \ G \\<^sub>S\<^sub>5 p\ using strong_completeness[of equivalence] reflexive\<^sub>T[of AxTB4] symmetric\<^sub>K\<^sub>B[of AxTB4] transitive\<^sub>K\<^sub>4[of AxTB4] by blast theorem main\<^sub>S\<^sub>5: \valid\<^sub>S\<^sub>5 G p \ G \\<^sub>S\<^sub>5 p\ using strong_soundness\<^sub>S\<^sub>5[of G p] strong_completeness\<^sub>S\<^sub>5[of G p] by fast corollary \valid\<^sub>S\<^sub>5 G p \ valid\ equivalence G p\ using strong_soundness\<^sub>S\<^sub>5[of G p] strong_completeness\<^sub>S\<^sub>5[of G p] by fast -subsection \Traditional formulation\ - -inductive SystemS5' :: \'i fm \ bool\ (\\\<^sub>S\<^sub>5'' _\ [20] 20) where - A1': \tautology p \ \\<^sub>S\<^sub>5' p\ -| A2': \\\<^sub>S\<^sub>5' K i (p \<^bold>\ q) \<^bold>\ K i p \<^bold>\ K i q\ -| AT': \\\<^sub>S\<^sub>5' K i p \<^bold>\ p\ -| A5': \\\<^sub>S\<^sub>5' \<^bold>\ K i p \<^bold>\ K i (\<^bold>\ K i p)\ -| R1': \\\<^sub>S\<^sub>5' p \ \\<^sub>S\<^sub>5' p \<^bold>\ q \ \\<^sub>S\<^sub>5' q\ -| R2': \\\<^sub>S\<^sub>5' p \ \\<^sub>S\<^sub>5' K i p\ - -lemma S5'_trans: \\\<^sub>S\<^sub>5' (p \<^bold>\ q) \<^bold>\ (q \<^bold>\ r) \<^bold>\ p \<^bold>\ r\ - by (simp add: A1') - -lemma S5'_L: \\\<^sub>S\<^sub>5' p \<^bold>\ L i p\ -proof - - have \\\<^sub>S\<^sub>5' K i (\<^bold>\ p) \<^bold>\ \<^bold>\ p\ - using AT' by fast - moreover have \\\<^sub>S\<^sub>5' (P \<^bold>\ \<^bold>\ Q) \<^bold>\ Q \<^bold>\ \<^bold>\ P\ for P Q :: \'i fm\ - using A1' by force - ultimately show ?thesis - using R1' by blast -qed +subsection \T + 5\ -lemma S5'_B: \\\<^sub>S\<^sub>5' p \<^bold>\ K i (L i p)\ - using A5' S5'_L R1' S5'_trans by metis +abbreviation SystemS5' (\_ \\<^sub>S\<^sub>5'' _\ [50, 50] 50) where + \G \\<^sub>S\<^sub>5' p \ AxT \ Ax5; G \ p\ -lemma S5'_map_K: - assumes \\\<^sub>S\<^sub>5' p \<^bold>\ q\ - shows \\\<^sub>S\<^sub>5' K i p \<^bold>\ K i q\ +abbreviation AxT5 :: \'i fm \ bool\ where + \AxT5 \ AxT \ Ax5\ + +lemma symm_trans_Euclid: \symmetric M \ transitive M \ Euclidean M\ + unfolding symmetric_def transitive_def Euclidean_def by blast + +lemma soundness_AxT5: \AxT5 p \ equivalence M \ w \ \ M \ M, w \ p\ + using soundness_AxT[of p M w] soundness_Ax5[of p M w] symm_trans_Euclid by blast + +lemma strong_soundness\<^sub>S\<^sub>5': \G \\<^sub>S\<^sub>5' p \ valid\ equivalence G p\ + using strong_soundness soundness_AxT5 . + +lemma refl_Euclid_equiv: \reflexive M \ Euclidean M \ equivalence M\ + unfolding reflexive_def symmetric_def transitive_def Euclidean_def by metis + +lemma strong_completeness\<^sub>S\<^sub>5': \valid\<^sub>S\<^sub>5 G p \ G \\<^sub>S\<^sub>5' p\ + using strong_completeness[of equivalence] + reflexive\<^sub>T[of AxT5] Euclidean\<^sub>K\<^sub>5[of AxT5] refl_Euclid_equiv by blast + +theorem main\<^sub>S\<^sub>5': \valid\<^sub>S\<^sub>5 G p \ G \\<^sub>S\<^sub>5' p\ + using strong_soundness\<^sub>S\<^sub>5'[of G p] strong_completeness\<^sub>S\<^sub>5'[of G p] by fast + +subsection \Equivalence between systems\ + +subsubsection \Axiom 5 from B and 4\ + +lemma K4_L: + assumes \Ax4 \ A\ + shows \A \ L i (L i p) \<^bold>\ L i p\ proof - - note \\\<^sub>S\<^sub>5' p \<^bold>\ q\ - then have \\\<^sub>S\<^sub>5' K i (p \<^bold>\ q)\ - using R2' by fast - moreover have \\\<^sub>S\<^sub>5' K i (p \<^bold>\ q) \<^bold>\ K i p \<^bold>\ K i q\ - using A2' by fast - ultimately show ?thesis - using R1' by fast -qed - -lemma S5'_L_dual: \\\<^sub>S\<^sub>5' \<^bold>\ L i (\<^bold>\ p) \<^bold>\ K i p\ -proof - - have \\\<^sub>S\<^sub>5' K i p \<^bold>\ K i p\ \\\<^sub>S\<^sub>5' \<^bold>\ \<^bold>\ p \<^bold>\ p\ - by (simp_all add: A1') - then have \\\<^sub>S\<^sub>5' K i (\<^bold>\ \<^bold>\ p) \<^bold>\ K i p\ - by (simp add: S5'_map_K) - moreover have \\\<^sub>S\<^sub>5' (P \<^bold>\ Q) \<^bold>\ (\<^bold>\ \<^bold>\ P \<^bold>\ Q)\ for P Q :: \'i fm\ - by (simp add: A1') - ultimately show \\\<^sub>S\<^sub>5' \<^bold>\ \<^bold>\ K i (\<^bold>\ \<^bold>\ p) \<^bold>\ K i p\ - using R1' by blast + have \A \ K i (\<^bold>\ p) \<^bold>\ K i (K i (\<^bold>\ p))\ + using assms by (auto intro: Ax Ax4.intros) + then show ?thesis + by (meson K_LK K_trans R1) qed -lemma S5'_4: \\\<^sub>S\<^sub>5' K i p \<^bold>\ K i (K i p)\ +lemma KB4_5: + assumes \AxB \ A\ \Ax4 \ A\ + shows \A \ L i p \<^bold>\ K i (L i p)\ proof - - have \\\<^sub>S\<^sub>5' L i (\<^bold>\ p) \<^bold>\ K i (L i (\<^bold>\ p))\ - using A5' by fast - moreover have \\\<^sub>S\<^sub>5' (P \<^bold>\ Q) \<^bold>\ \<^bold>\ Q \<^bold>\ \<^bold>\ P\ for P Q :: \'i fm\ - using A1' by force - ultimately have \\\<^sub>S\<^sub>5' \<^bold>\ K i (L i (\<^bold>\ p)) \<^bold>\ \<^bold>\ L i (\<^bold>\ p)\ - using R1' by fast - then have \\\<^sub>S\<^sub>5' L i (K i (\<^bold>\ \<^bold>\ p)) \<^bold>\ \<^bold>\ L i (\<^bold>\ p)\ - by blast - moreover have \\\<^sub>S\<^sub>5' p \<^bold>\ \<^bold>\ \<^bold>\ p\ - by (simp add: A1') - ultimately have \\\<^sub>S\<^sub>5' L i (K i p) \<^bold>\ \<^bold>\ L i (\<^bold>\ p)\ - by (metis (no_types, opaque_lifting) R1' S5'_map_K S5'_trans) - then have \\\<^sub>S\<^sub>5' L i (K i p) \<^bold>\ K i p\ - by (meson S5'_L_dual R1' S5'_trans) - then show ?thesis - by (metis A2' R1' R2' S5'_B S5'_trans) + have \A \ L i p \<^bold>\ K i (L i (L i p))\ + using assms by (auto intro: Ax AxB.intros) + moreover have \A \ L i (L i p) \<^bold>\ L i p\ + using assms by (auto intro: K4_L) + then have \A \ K i (L i (L i p)) \<^bold>\ K i (L i p)\ + using K_map by fast + ultimately show ?thesis + using K_trans R1 by metis qed -lemma S5_S5': \AxTB4 \ p \ \\<^sub>S\<^sub>5' p\ -proof (induct p rule: AK.induct) - case (A2 i p q) - have \\\<^sub>S\<^sub>5' K i (p \<^bold>\ q) \<^bold>\ K i p \<^bold>\ K i q\ - using A2' . - moreover have \\\<^sub>S\<^sub>5' (P \<^bold>\ Q \<^bold>\ R) \<^bold>\ (Q \<^bold>\ P \<^bold>\ R)\ for P Q R :: \'i fm\ - by (simp add: A1') - ultimately show ?case - using R1' by blast -next - case (Ax p) - then show ?case - using AT' S5'_B S5'_4 - by (metis Ax4.cases AxB.cases AxT.cases) -qed (meson SystemS5'.intros)+ +subsubsection \Axioms B and 4 from T and 5\ -lemma S5'_S5: - fixes p :: \('i :: countable) fm\ - shows \\\<^sub>S\<^sub>5' p \ AxTB4 \ p\ -proof (induct p rule: SystemS5'.induct) - case (AT' i p) - then show ?case - by (simp add: Ax AxT.intros) -next - case (A5' i p) - let ?p = \\<^bold>\ K i p \<^bold>\ K i (\<^bold>\ K i p)\ - have \valid\<^sub>S\<^sub>5 {} ?p\ - by (meson neg_introspection) - then show ?case - using strong_completeness\<^sub>S\<^sub>5[of \{}\ \?p\] by fastforce -qed (meson AK.intros K_A2')+ +lemma T_L: + assumes \AxT \ A\ + shows \A \ p \<^bold>\ L i p\ +proof - + have \A \ K i (\<^bold>\ p) \<^bold>\ \<^bold>\ p\ + using assms by (auto intro: Ax AxT.intros) + moreover have \A \ (P \<^bold>\ \<^bold>\ Q) \<^bold>\ Q \<^bold>\ \<^bold>\ P\ for P Q + by (auto intro: A1) + ultimately show ?thesis + by (auto intro: R1) +qed -theorem strong_completeness\<^sub>S\<^sub>5': - assumes \valid\<^sub>S\<^sub>5 G p\ - shows \\qs. set qs \ G \ (\\<^sub>S\<^sub>5' qs \<^bold>\ p)\ - using assms strong_completeness\<^sub>S\<^sub>5 S5_S5' S5'_S5 by blast +lemma S5'_B: + assumes \AxT \ A\ \Ax5 \ A\ + shows \A \ p \<^bold>\ K i (L i p)\ +proof - + have \A \ L i p \<^bold>\ K i (L i p)\ + using assms(2) by (auto intro: Ax Ax5.intros) + moreover have \A \ p \<^bold>\ L i p\ + using assms(1) by (auto intro: T_L) + ultimately show ?thesis + using K_trans R1 by metis +qed -theorem main\<^sub>S\<^sub>5': \valid\<^sub>S\<^sub>5 {} p \ (\\<^sub>S\<^sub>5' p)\ - using main\<^sub>S\<^sub>5[of \{}\ p] S5_S5' S5'_S5 by auto +lemma K5_L: + assumes \Ax5 \ A\ + shows \A \ L i (K i p) \<^bold>\ K i p\ +proof - + have \A \ L i (\<^bold>\ p) \<^bold>\ K i (L i (\<^bold>\ p))\ + using assms by (auto intro: Ax Ax5.intros) + then have \A \ L i (\<^bold>\ p) \<^bold>\ K i (\<^bold>\ K i p)\ + using K_LK by (metis K_map K_trans R1) + moreover have \A \ (P \<^bold>\ Q) \<^bold>\ \<^bold>\ Q \<^bold>\ \<^bold>\ P\ for P Q + by (auto intro: A1) + ultimately have \A \ \<^bold>\ K i (\<^bold>\ K i p) \<^bold>\ \<^bold>\ L i (\<^bold>\ p)\ + using R1 by blast + then have \A \ \<^bold>\ K i (\<^bold>\ K i p) \<^bold>\ K i p\ + using K_L_dual R1 K_trans by metis + then show ?thesis + by blast +qed + +lemma S5'_4: + assumes \AxT \ A\ \Ax5 \ A\ + shows \A \ K i p \<^bold>\ K i (K i p)\ +proof - + have \A \ L i (K i p) \<^bold>\ K i (L i (K i p))\ + using assms(2) by (auto intro: Ax Ax5.intros) + moreover have \A \ K i p \<^bold>\ L i (K i p)\ + using assms(1) by (auto intro: T_L) + ultimately have \A \ K i p \<^bold>\ K i (L i (K i p))\ + using K_trans R1 by metis + moreover have \A \ L i (K i p) \<^bold>\ K i p\ + using assms(2) K5_L by metis + then have \A \ K i (L i (K i p)) \<^bold>\ K i (K i p)\ + using K_map by fast + ultimately show ?thesis + using R1 K_trans by metis +qed + +lemma S5_S5': \AxTB4 \ p \ AxT5 \ p\ +proof (induct p rule: AK.induct) + case (Ax p) + moreover have \AxT5 \ p\ if \AxT p\ + using that AK.Ax by metis + moreover have \AxT5 \ p\ if \AxB p\ + using that S5'_B by (metis (no_types, lifting) AxB.cases predicate1I) + moreover have \AxT5 \ p\ if \Ax4 p\ + using that S5'_4 by (metis (no_types, lifting) Ax4.cases predicate1I) + ultimately show ?case + by blast +qed (auto intro: AK.intros) + +lemma S5'_S5: \AxT5 \ p \ AxTB4 \ p\ +proof (induct p rule: AK.induct) + case (Ax p) + moreover have \AxTB4 \ p\ if \AxT p\ + using that AK.Ax by metis + moreover have \AxTB4 \ p\ if \Ax5 p\ + using that KB4_5 by (metis (no_types, lifting) Ax5.cases predicate1I) + ultimately show ?case + by blast +qed (auto intro: AK.intros) + +corollary S5_S5'_assms: \G \\<^sub>S\<^sub>5 p \ G \\<^sub>S\<^sub>5' p\ + using S5_S5' S5'_S5 by blast section \Acknowledgements\ text \ The formalization is inspired by Berghofer's formalization of Henkin-style completeness. \<^item> Stefan Berghofer: First-Order Logic According to Fitting. \<^url>\https://www.isa-afp.org/entries/FOL-Fitting.shtml\ \ end diff --git a/thys/Public_Announcement_Logic/PAL.thy b/thys/Public_Announcement_Logic/PAL.thy --- a/thys/Public_Announcement_Logic/PAL.thy +++ b/thys/Public_Announcement_Logic/PAL.thy @@ -1,885 +1,999 @@ (* File: PAL.thy Author: Asta Halkjær From This work is a formalization of public announcement logic with countably many agents. - It includes proofs of soundness and completeness for a variant of the axiom system + It includes proofs of soundness and completeness for variants of the axiom system PA + DIST! + NEC!. - The completeness proof builds on the Epistemic Logic theory. + The completeness proofs build on the Epistemic Logic theory. *) theory PAL imports "Epistemic_Logic.Epistemic_Logic" begin section \Syntax\ datatype 'i pfm = FF (\\<^bold>\\<^sub>!\) | Pro' id (\Pro\<^sub>!\) - | Dis \'i pfm\ \'i pfm\ (infixr \\<^bold>\\<^sub>!\ 30) - | Con \'i pfm\ \'i pfm\ (infixr \\<^bold>\\<^sub>!\ 35) - | Imp \'i pfm\ \'i pfm\ (infixr \\<^bold>\\<^sub>!\ 25) + | Dis \'i pfm\ \'i pfm\ (infixr \\<^bold>\\<^sub>!\ 60) + | Con \'i pfm\ \'i pfm\ (infixr \\<^bold>\\<^sub>!\ 65) + | Imp \'i pfm\ \'i pfm\ (infixr \\<^bold>\\<^sub>!\ 55) | K' 'i \'i pfm\ (\K\<^sub>!\) - | Ann \'i pfm\ \'i pfm\ (\[_]\<^sub>! _\ [50, 50] 50) + | Ann \'i pfm\ \'i pfm\ (\[_]\<^sub>! _\ [80, 80] 80) -abbreviation PIff :: \'i pfm \ 'i pfm \ 'i pfm\ (infixr \\<^bold>\\<^sub>!\ 25) where +abbreviation PIff :: \'i pfm \ 'i pfm \ 'i pfm\ (infixr \\<^bold>\\<^sub>!\ 55) where \p \<^bold>\\<^sub>! q \ (p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! (q \<^bold>\\<^sub>! p)\ -abbreviation PNeg (\\<^bold>\\<^sub>! _\ [40] 40) where +abbreviation PNeg (\\<^bold>\\<^sub>! _\ [70] 70) where \\<^bold>\\<^sub>! p \ p \<^bold>\\<^sub>! \<^bold>\\<^sub>!\ abbreviation PL (\L\<^sub>!\) where \L\<^sub>! i p \ (\<^bold>\\<^sub>! (K\<^sub>! i (\<^bold>\\<^sub>! p)))\ +primrec anns :: \'i pfm \ 'i pfm set\ where + \anns \<^bold>\\<^sub>! = {}\ +| \anns (Pro\<^sub>! _) = {}\ +| \anns (p \<^bold>\\<^sub>! q) = (anns p \ anns q)\ +| \anns (p \<^bold>\\<^sub>! q) = (anns p \ anns q)\ +| \anns (p \<^bold>\\<^sub>! q) = (anns p \ anns q)\ +| \anns (K\<^sub>! i p) = anns p\ +| \anns ([r]\<^sub>! p) = {r} \ anns r \ anns p\ + section \Semantics\ fun psemantics :: \('i, 'w) kripke \ 'w \ 'i pfm \ bool\ (\_, _ \\<^sub>! _\ [50, 50] 50) and restrict :: \('i, 'w) kripke \ 'i pfm \ ('i, 'w) kripke\ where \(M, w \\<^sub>! \<^bold>\\<^sub>!) = False\ | \(M, w \\<^sub>! Pro\<^sub>! x) = \ M w x\ -| \(M, w \\<^sub>! (p \<^bold>\\<^sub>! q)) = ((M, w \\<^sub>! p) \ (M, w \\<^sub>! q))\ -| \(M, w \\<^sub>! (p \<^bold>\\<^sub>! q)) = ((M, w \\<^sub>! p) \ (M, w \\<^sub>! q))\ -| \(M, w \\<^sub>! (p \<^bold>\\<^sub>! q)) = ((M, w \\<^sub>! p) \ (M, w \\<^sub>! q))\ +| \(M, w \\<^sub>! p \<^bold>\\<^sub>! q) = ((M, w \\<^sub>! p) \ (M, w \\<^sub>! q))\ +| \(M, w \\<^sub>! p \<^bold>\\<^sub>! q) = ((M, w \\<^sub>! p) \ (M, w \\<^sub>! q))\ +| \(M, w \\<^sub>! p \<^bold>\\<^sub>! q) = ((M, w \\<^sub>! p) \ (M, w \\<^sub>! q))\ | \(M, w \\<^sub>! K\<^sub>! i p) = (\v \ \ M \ \ M i w. M, v \\<^sub>! p)\ | \(M, w \\<^sub>! [r]\<^sub>! p) = ((M, w \\<^sub>! r) \ (restrict M r, w \\<^sub>! p))\ -| \restrict M p = Kripke {w. w \ \ M \ M, w \\<^sub>! p} (\ M) (\ M)\ +| \restrict M r = Kripke {w. w \ \ M \ M, w \\<^sub>! r} (\ M) (\ M)\ primrec static :: \'i pfm \ bool\ where \static \<^bold>\\<^sub>! = True\ | \static (Pro\<^sub>! _) = True\ | \static (p \<^bold>\\<^sub>! q) = (static p \ static q)\ | \static (p \<^bold>\\<^sub>! q) = (static p \ static q)\ | \static (p \<^bold>\\<^sub>! q) = (static p \ static q)\ | \static (K\<^sub>! i p) = static p\ | \static ([r]\<^sub>! p) = False\ primrec lower :: \'i pfm \ 'i fm\ where \lower \<^bold>\\<^sub>! = \<^bold>\\ | \lower (Pro\<^sub>! x) = Pro x\ | \lower (p \<^bold>\\<^sub>! q) = (lower p \<^bold>\ lower q)\ | \lower (p \<^bold>\\<^sub>! q) = (lower p \<^bold>\ lower q)\ | \lower (p \<^bold>\\<^sub>! q) = (lower p \<^bold>\ lower q)\ | \lower (K\<^sub>! i p) = K i (lower p)\ | \lower ([r]\<^sub>! p) = undefined\ primrec lift :: \'i fm \ 'i pfm\ where \lift \<^bold>\ = \<^bold>\\<^sub>!\ | \lift (Pro x) = Pro\<^sub>! x\ | \lift (p \<^bold>\ q) = (lift p \<^bold>\\<^sub>! lift q)\ | \lift (p \<^bold>\ q) = (lift p \<^bold>\\<^sub>! lift q)\ | \lift (p \<^bold>\ q) = (lift p \<^bold>\\<^sub>! lift q)\ | \lift (K i p) = K\<^sub>! i (lift p)\ lemma lower_semantics: assumes \static p\ shows \(M, w \ lower p) \ (M, w \\<^sub>! p)\ using assms by (induct p arbitrary: w) simp_all lemma lift_semantics: \(M, w \ p) \ (M, w \\<^sub>! lift p)\ by (induct p arbitrary: w) simp_all lemma lower_lift: \lower (lift p) = p\ by (induct p) simp_all lemma lift_lower: \static p \ lift (lower p) = p\ by (induct p) simp_all section \Soundness of Reduction\ primrec reduce' :: \'i pfm \ 'i pfm \ 'i pfm\ where \reduce' r \<^bold>\\<^sub>! = (r \<^bold>\\<^sub>! \<^bold>\\<^sub>!)\ | \reduce' r (Pro\<^sub>! x) = (r \<^bold>\\<^sub>! Pro\<^sub>! x)\ | \reduce' r (p \<^bold>\\<^sub>! q) = (reduce' r p \<^bold>\\<^sub>! reduce' r q)\ | \reduce' r (p \<^bold>\\<^sub>! q) = (reduce' r p \<^bold>\\<^sub>! reduce' r q)\ | \reduce' r (p \<^bold>\\<^sub>! q) = (reduce' r p \<^bold>\\<^sub>! reduce' r q)\ | \reduce' r (K\<^sub>! i p) = (r \<^bold>\\<^sub>! K\<^sub>! i (reduce' r p))\ | \reduce' r ([p]\<^sub>! q) = undefined\ primrec reduce :: \'i pfm \ 'i pfm\ where \reduce \<^bold>\\<^sub>! = \<^bold>\\<^sub>!\ | \reduce (Pro\<^sub>! x) = Pro\<^sub>! x\ | \reduce (p \<^bold>\\<^sub>! q) = (reduce p \<^bold>\\<^sub>! reduce q)\ | \reduce (p \<^bold>\\<^sub>! q) = (reduce p \<^bold>\\<^sub>! reduce q)\ | \reduce (p \<^bold>\\<^sub>! q) = (reduce p \<^bold>\\<^sub>! reduce q)\ | \reduce (K\<^sub>! i p) = K\<^sub>! i (reduce p)\ | \reduce ([r]\<^sub>! p) = reduce' (reduce r) (reduce p)\ lemma static_reduce': \static p \ static r \ static (reduce' r p)\ by (induct p) simp_all lemma static_reduce: \static (reduce p)\ by (induct p) (simp_all add: static_reduce') lemma reduce'_semantics: assumes \static q\ - shows \((M, w \\<^sub>! [p]\<^sub>! (q))) = (M, w \\<^sub>! reduce' p q)\ + shows \(M, w \\<^sub>! [p]\<^sub>! q) = (M, w \\<^sub>! reduce' p q)\ using assms by (induct q arbitrary: w) auto lemma reduce_semantics: \(M, w \\<^sub>! p) = (M, w \\<^sub>! reduce p)\ proof (induct p arbitrary: M w) case (Ann p q) then show ?case using reduce'_semantics static_reduce by fastforce qed simp_all section \Chains of Implications\ -primrec implyP :: \'i pfm list \ 'i pfm \ 'i pfm\ (infixr \\<^bold>\\<^sub>!\ 26) where +primrec implyP :: \'i pfm list \ 'i pfm \ 'i pfm\ (infixr \\<^bold>\\<^sub>!\ 56) where \([] \<^bold>\\<^sub>! q) = q\ | \(p # ps \<^bold>\\<^sub>! q) = (p \<^bold>\\<^sub>! ps \<^bold>\\<^sub>! q)\ lemma lift_implyP: \lift (ps \<^bold>\ q) = (map lift ps \<^bold>\\<^sub>! lift q)\ by (induct ps) auto lemma reduce_implyP: \reduce (ps \<^bold>\\<^sub>! q) = (map reduce ps \<^bold>\\<^sub>! reduce q)\ by (induct ps) auto section \Proof System\ primrec peval :: \(id \ bool) \ ('i pfm \ bool) \ 'i pfm \ bool\ where \peval _ _ \<^bold>\\<^sub>! = False\ | \peval g _ (Pro\<^sub>! x) = g x\ | \peval g h (p \<^bold>\\<^sub>! q) = (peval g h p \ peval g h q)\ | \peval g h (p \<^bold>\\<^sub>! q) = (peval g h p \ peval g h q)\ | \peval g h (p \<^bold>\\<^sub>! q) = (peval g h p \ peval g h q)\ | \peval _ h (K\<^sub>! i p) = h (K\<^sub>! i p)\ | \peval _ h ([r]\<^sub>! p) = h ([r]\<^sub>! p)\ abbreviation \ptautology p \ \g h. peval g h p\ -inductive PAK :: \('i pfm \ bool) \ 'i pfm \ bool\ (\_ \\<^sub>! _\ [20, 20] 20) - for A :: \'i pfm \ bool\ where - PA1: \ptautology p \ A \\<^sub>! p\ - | PA2: \A \\<^sub>! K\<^sub>! i p \<^bold>\\<^sub>! K\<^sub>! i (p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! K\<^sub>! i q\ - | PAx: \A p \ A \\<^sub>! p\ - | PR1: \A \\<^sub>! p \ A \\<^sub>! p \<^bold>\\<^sub>! q \ A \\<^sub>! q\ - | PR2: \A \\<^sub>! p \ A \\<^sub>! K\<^sub>! i p\ - | PFF: \A \\<^sub>! [r]\<^sub>! \<^bold>\\<^sub>! \<^bold>\\<^sub>! (r \<^bold>\\<^sub>! \<^bold>\\<^sub>!)\ - | PPro: \A \\<^sub>! [r]\<^sub>! Pro\<^sub>! x \<^bold>\\<^sub>! (r \<^bold>\\<^sub>! Pro\<^sub>! x)\ - | PDis: \A \\<^sub>! [r]\<^sub>! (p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! [r]\<^sub>! p \<^bold>\\<^sub>! [r]\<^sub>! q\ - | PCon: \A \\<^sub>! [r]\<^sub>! (p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! [r]\<^sub>! p \<^bold>\\<^sub>! [r]\<^sub>! q\ - | PImp: \A \\<^sub>! ([r]\<^sub>! (p \<^bold>\\<^sub>! q)) \<^bold>\\<^sub>! ([r]\<^sub>! p \<^bold>\\<^sub>! [r]\<^sub>! q)\ - | PK: \A \\<^sub>! ([r]\<^sub>! K\<^sub>! i p) \<^bold>\\<^sub>! (r \<^bold>\\<^sub>! K\<^sub>! i ([r]\<^sub>! p))\ - | PAnn: \A \\<^sub>! p \ A \\<^sub>! [r]\<^sub>! p\ +inductive PAK :: \('i pfm \ bool) \ ('i pfm \ bool) \ 'i pfm \ bool\ + (\_; _ \\<^sub>! _\ [50, 50, 50] 50) + for A B :: \'i pfm \ bool\ where + PA1: \ptautology p \ A; B \\<^sub>! p\ + | PA2: \A; B \\<^sub>! K\<^sub>! i p \<^bold>\\<^sub>! K\<^sub>! i (p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! K\<^sub>! i q\ + | PAx: \A p \ A; B \\<^sub>! p\ + | PR1: \A; B \\<^sub>! p \ A; B \\<^sub>! p \<^bold>\\<^sub>! q \ A; B \\<^sub>! q\ + | PR2: \A; B \\<^sub>! p \ A; B \\<^sub>! K\<^sub>! i p\ + | PAnn: \A; B \\<^sub>! p \ B r \ A; B \\<^sub>! [r]\<^sub>! p\ + | PFF: \A; B \\<^sub>! [r]\<^sub>! \<^bold>\\<^sub>! \<^bold>\\<^sub>! (r \<^bold>\\<^sub>! \<^bold>\\<^sub>!)\ + | PPro: \A; B \\<^sub>! [r]\<^sub>! Pro\<^sub>! x \<^bold>\\<^sub>! (r \<^bold>\\<^sub>! Pro\<^sub>! x)\ + | PDis: \A; B \\<^sub>! [r]\<^sub>! (p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! [r]\<^sub>! p \<^bold>\\<^sub>! [r]\<^sub>! q\ + | PCon: \A; B \\<^sub>! [r]\<^sub>! (p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! [r]\<^sub>! p \<^bold>\\<^sub>! [r]\<^sub>! q\ + | PImp: \A; B \\<^sub>! [r]\<^sub>! (p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! ([r]\<^sub>! p \<^bold>\\<^sub>! [r]\<^sub>! q)\ + | PK: \A; B \\<^sub>! [r]\<^sub>! K\<^sub>! i p \<^bold>\\<^sub>! (r \<^bold>\\<^sub>! K\<^sub>! i ([r]\<^sub>! p))\ -abbreviation PAK_assms (\_, _ \\<^sub>! _\ [20, 20, 20] 20) where - \A, G \\<^sub>! p \ \qs. set qs \ G \ (A \\<^sub>! qs \<^bold>\\<^sub>! p)\ +abbreviation PAK_assms (\_; _; _ \\<^sub>! _\ [50, 50, 50, 50] 50) where + \A; B; G \\<^sub>! p \ \qs. set qs \ G \ (A; B \\<^sub>! qs \<^bold>\\<^sub>! p)\ lemma eval_peval: \eval h (g o lift) p = peval h g (lift p)\ by (induct p) simp_all lemma tautology_ptautology: \tautology p \ ptautology (lift p)\ using eval_peval by blast -theorem AK_PAK: \A o lift \ p \ A \\<^sub>! lift p\ +theorem AK_PAK: \A o lift \ p \ A; B \\<^sub>! lift p\ by (induct p rule: AK.induct) (auto intro: PAK.intros(1-5) simp: tautology_ptautology) abbreviation validPS :: \(('i, 'w) kripke \ bool) \ 'i pfm set \ 'i pfm \ bool\ (\valid\<^sub>!\\) where \valid\<^sub>!\ P G p \ \M. \w \ \ M. P M \ (\q \ G. M, w \\<^sub>! q) \ M, w \\<^sub>! p\ abbreviation validP :: \(('i :: countable, 'i fm set) kripke \ bool) \ 'i pfm set \ 'i pfm \ bool\ (\valid\<^sub>!\) where \valid\<^sub>! \ valid\<^sub>!\\ lemma set_map_inv: assumes \set xs \ f ` X\ shows \\ys. set ys \ X \ map f ys = xs\ using assms proof (induct xs) case (Cons x xs) then obtain ys where \set ys \ X\ \map f ys = xs\ by auto moreover obtain y where \y \ X\ \f y = x\ using Cons.prems by auto ultimately have \set (y # ys) \ X\ \map f (y # ys) = x # xs\ by simp_all then show ?case by meson qed simp lemma strong_static_completeness': assumes \static p\ and \\q \ G. static q\ and \valid\<^sub>! P G p\ - and \valid\ P (lower ` G) (lower p) \ A o lift, lower ` G \ lower p\ - shows \A, G \\<^sub>! p\ + and \valid\ P (lower ` G) (lower p) \ A o lift; lower ` G \ lower p\ + shows \A; B; G \\<^sub>! p\ proof - have \valid P (lower ` G) (lower p)\ using assms by (simp add: lower_semantics) - then have \A o lift, lower ` G \ lower p\ + then have \A o lift; lower ` G \ lower p\ using assms(4) by blast then obtain qs where \set qs \ G\ and \A o lift \ map lower qs \<^bold>\ lower p\ using set_map_inv by blast - then have \A \\<^sub>! lift (map lower qs \<^bold>\ lower p)\ + then have \A; B \\<^sub>! lift (map lower qs \<^bold>\ lower p)\ using AK_PAK by fast - then have \A \\<^sub>! map lift (map lower qs) \<^bold>\\<^sub>! lift (lower p)\ + then have \A; B \\<^sub>! map lift (map lower qs) \<^bold>\\<^sub>! lift (lower p)\ using lift_implyP by metis - then have \A \\<^sub>! map (lift o lower) qs \<^bold>\\<^sub>! lift (lower p)\ + then have \A; B \\<^sub>! map (lift o lower) qs \<^bold>\\<^sub>! lift (lower p)\ by simp then show ?thesis using assms(1-2) \set qs \ G\ lift_lower by (metis (mono_tags, lifting) comp_apply map_idI subset_eq) qed theorem strong_static_completeness: assumes \static p\ and \\q \ G. static q\ and \valid\<^sub>! P G p\ - and \\G p. valid P G p \ A o lift, G \ p\ - shows \A, G \\<^sub>! p\ + and \\G p. valid P G p \ A o lift; G \ p\ + shows \A; B; G \\<^sub>! p\ using strong_static_completeness' assms . corollary static_completeness': assumes \static p\ and \valid\<^sub>! P {} p\ and \valid P {} (lower p) \ A o lift \ lower p\ - shows \A \\<^sub>! p\ + shows \A; B \\<^sub>! p\ using assms strong_static_completeness'[where G=\{}\ and p=p] by simp corollary static_completeness: assumes \static p\ and \valid\<^sub>! P {} p\ and \\p. valid P {} p \ A o lift \ p\ - shows \A \\<^sub>! p\ + shows \A; B \\<^sub>! p\ using static_completeness' assms . corollary assumes \static p\ \valid\<^sub>! (\_. True) {} p\ - shows \A \\<^sub>! p\ + shows \A; B \\<^sub>! p\ using assms static_completeness[where P=\\_. True\ and p=p] completeness\<^sub>A by blast section \Soundness\ lemma peval_semantics: \peval (val w) (\q. Kripke W val r, w \\<^sub>! q) p = (Kripke W val r, w \\<^sub>! p)\ by (induct p) simp_all lemma ptautology: assumes \ptautology p\ shows \M, w \\<^sub>! p\ proof - from assms have \peval (g w) (\q. Kripke W g r, w \\<^sub>! q) p\ for W g r by simp then have \Kripke W g r, w \\<^sub>! p\ for W g r using peval_semantics by fast then show \M, w \\<^sub>! p\ by (metis kripke.collapse) qed -theorem soundness: +theorem soundness\<^sub>P: assumes \\M p w. A p \ P M \ w \ \ M \ M, w \\<^sub>! p\ - \\M p. P M \ P (restrict M p)\ - shows \A \\<^sub>! p \ P M \ w \ \ M \ M, w \\<^sub>! p\ + \\M r. P M \ B r \ P (restrict M r)\ + shows \A; B \\<^sub>! p \ P M \ w \ \ M \ M, w \\<^sub>! p\ proof (induct p arbitrary: M w rule: PAK.induct) case (PAnn p r) - moreover have \P (restrict M r)\ - using PAnn(3) assms(2) by simp - ultimately show ?case - by simp + then show ?case + using assms by simp qed (simp_all add: assms ptautology) -corollary \(\_. False) \\<^sub>! p \ w \ \ M \ M, w \\<^sub>! p\ - using soundness[where P=\\_. True\] by metis +corollary \(\_. False); B \\<^sub>! p \ w \ \ M \ M, w \\<^sub>! p\ + using soundness\<^sub>P[where P=\\_. True\] by metis section \Strong Soundness\ lemma ptautology_imply_superset: assumes \set ps \ set qs\ shows \ptautology (ps \<^bold>\\<^sub>! r \<^bold>\\<^sub>! qs \<^bold>\\<^sub>! r)\ proof (rule ccontr) assume \\ ?thesis\ then obtain g h where \\ peval g h (ps \<^bold>\\<^sub>! r \<^bold>\\<^sub>! qs \<^bold>\\<^sub>! r)\ by blast then have \peval g h (ps \<^bold>\\<^sub>! r)\ \\ peval g h (qs \<^bold>\\<^sub>! r)\ by simp_all then consider (np) \\p \ set ps. \ peval g h p\ | (r) \\p \ set ps. peval g h p\ \peval g h r\ by (induct ps) auto then show False proof cases case np then have \\p \ set qs. \ peval g h p\ using \set ps \ set qs\ by blast then have \peval g h (qs \<^bold>\\<^sub>! r)\ by (induct qs) simp_all then show ?thesis using \\ peval g h (qs \<^bold>\\<^sub>! r)\ by blast next case r then have \peval g h (qs \<^bold>\\<^sub>! r)\ by (induct qs) simp_all then show ?thesis using \\ peval g h (qs \<^bold>\\<^sub>! r)\ by blast qed qed lemma PK_imply_weaken: - assumes \A \\<^sub>! ps \<^bold>\\<^sub>! q\ \set ps \ set ps'\ - shows \A \\<^sub>! ps' \<^bold>\\<^sub>! q\ + assumes \A; B \\<^sub>! ps \<^bold>\\<^sub>! q\ \set ps \ set ps'\ + shows \A; B \\<^sub>! ps' \<^bold>\\<^sub>! q\ proof - have \ptautology (ps \<^bold>\\<^sub>! q \<^bold>\\<^sub>! ps' \<^bold>\\<^sub>! q)\ using \set ps \ set ps'\ ptautology_imply_superset by blast - then have \A \\<^sub>! ps \<^bold>\\<^sub>! q \<^bold>\\<^sub>! ps' \<^bold>\\<^sub>! q\ + then have \A; B \\<^sub>! ps \<^bold>\\<^sub>! q \<^bold>\\<^sub>! ps' \<^bold>\\<^sub>! q\ using PA1 by blast then show ?thesis - using \A \\<^sub>! ps \<^bold>\\<^sub>! q\ PR1 by blast + using \A; B \\<^sub>! ps \<^bold>\\<^sub>! q\ PR1 by blast qed lemma implyP_append: \(ps @ ps' \<^bold>\\<^sub>! q) = (ps \<^bold>\\<^sub>! ps' \<^bold>\\<^sub>! q)\ by (induct ps) simp_all lemma PK_ImpI: - assumes \A \\<^sub>! p # G \<^bold>\\<^sub>! q\ - shows \A \\<^sub>! G \<^bold>\\<^sub>! (p \<^bold>\\<^sub>! q)\ + assumes \A; B \\<^sub>! p # G \<^bold>\\<^sub>! q\ + shows \A; B \\<^sub>! G \<^bold>\\<^sub>! (p \<^bold>\\<^sub>! q)\ proof - have \set (p # G) \ set (G @ [p])\ by simp - then have \A \\<^sub>! G @ [p] \<^bold>\\<^sub>! q\ + then have \A; B \\<^sub>! G @ [p] \<^bold>\\<^sub>! q\ using assms PK_imply_weaken by blast - then have \A \\<^sub>! G \<^bold>\\<^sub>! [p] \<^bold>\\<^sub>! q\ + then have \A; B \\<^sub>! G \<^bold>\\<^sub>! [p] \<^bold>\\<^sub>! q\ using implyP_append by metis then show ?thesis by simp qed -corollary soundness_imply: +corollary soundness_imply\<^sub>P: assumes \\M p w. A p \ P M \ w \ \ M \ M, w \\<^sub>! p\ - \\M p. P M \ P (restrict M p)\ - shows \A \\<^sub>! qs \<^bold>\\<^sub>! p \ P M \ w \ \ M \ \q \ set qs. M, w \\<^sub>! q \ M, w \\<^sub>! p\ + \\M r. P M \ B r \ P (restrict M r)\ + shows \A; B \\<^sub>! qs \<^bold>\\<^sub>! p \ P M \ w \ \ M \ \q \ set qs. M, w \\<^sub>! q \ M, w \\<^sub>! p\ proof (induct qs arbitrary: p) case Nil then show ?case - using soundness[of A P p M w] assms by simp + using soundness\<^sub>P[of A P B p M w] assms by simp next case (Cons q qs) then show ?case using PK_ImpI by fastforce qed -theorem strong_soundness: +theorem strong_soundness\<^sub>P: assumes \\M w p. A p \ P M \ w \ \ M \ M, w \\<^sub>! p\ - \\M p. P M \ P (restrict M p)\ - shows \A, G \\<^sub>! p \ valid\<^sub>!\ P G p\ + \\M r. P M \ B r \ P (restrict M r)\ + shows \A; B; G \\<^sub>! p \ valid\<^sub>!\ P G p\ proof safe fix qs w and M :: \('a, 'b) kripke\ - assume \A \\<^sub>! qs \<^bold>\\<^sub>! p\ + assume \A; B \\<^sub>! qs \<^bold>\\<^sub>! p\ moreover assume \set qs \ G\ \\q \ G. M, w \\<^sub>! q\ then have \\q \ set qs. M, w \\<^sub>! q\ using \set qs \ G\ by blast moreover assume \P M\ \w \ \ M\ ultimately show \M, w \\<^sub>! p\ - using soundness_imply[of A P qs p] assms by blast + using soundness_imply\<^sub>P[of A P B qs p] assms by blast qed section \Completeness\ lemma ConE: - assumes \A \\<^sub>! p \<^bold>\\<^sub>! q\ - shows \A \\<^sub>! p\ \A \\<^sub>! q\ + assumes \A; B \\<^sub>! p \<^bold>\\<^sub>! q\ + shows \A; B \\<^sub>! p\ \A; B \\<^sub>! q\ using assms by (metis PA1 PR1 peval.simps(4-5))+ lemma Iff_Dis: - assumes \A \\<^sub>! p \<^bold>\\<^sub>! p'\ \A \\<^sub>! q \<^bold>\\<^sub>! q'\ - shows \A \\<^sub>! ((p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! (p' \<^bold>\\<^sub>! q'))\ + assumes \A; B \\<^sub>! p \<^bold>\\<^sub>! p'\ \A; B \\<^sub>! q \<^bold>\\<^sub>! q'\ + shows \A; B \\<^sub>! ((p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! (p' \<^bold>\\<^sub>! q'))\ proof - - have \A \\<^sub>! (p \<^bold>\\<^sub>! p') \<^bold>\\<^sub>! (q \<^bold>\\<^sub>! q') \<^bold>\\<^sub>! ((p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! (p' \<^bold>\\<^sub>! q'))\ + have \A; B \\<^sub>! (p \<^bold>\\<^sub>! p') \<^bold>\\<^sub>! (q \<^bold>\\<^sub>! q') \<^bold>\\<^sub>! ((p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! (p' \<^bold>\\<^sub>! q'))\ by (simp add: PA1) then show ?thesis using assms PR1 by blast qed lemma Iff_Con: - assumes \A \\<^sub>! p \<^bold>\\<^sub>! p'\ \A \\<^sub>! q \<^bold>\\<^sub>! q'\ - shows \A \\<^sub>! (p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! (p' \<^bold>\\<^sub>! q')\ + assumes \A; B \\<^sub>! p \<^bold>\\<^sub>! p'\ \A; B \\<^sub>! q \<^bold>\\<^sub>! q'\ + shows \A; B \\<^sub>! (p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! (p' \<^bold>\\<^sub>! q')\ proof - - have \A \\<^sub>! (p \<^bold>\\<^sub>! p') \<^bold>\\<^sub>! (q \<^bold>\\<^sub>! q') \<^bold>\\<^sub>! ((p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! (p' \<^bold>\\<^sub>! q'))\ + have \A; B \\<^sub>! (p \<^bold>\\<^sub>! p') \<^bold>\\<^sub>! (q \<^bold>\\<^sub>! q') \<^bold>\\<^sub>! ((p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! (p' \<^bold>\\<^sub>! q'))\ by (simp add: PA1) then show ?thesis using assms PR1 by blast qed lemma Iff_Imp: - assumes \A \\<^sub>! p \<^bold>\\<^sub>! p'\ \A \\<^sub>! q \<^bold>\\<^sub>! q'\ - shows \A \\<^sub>! ((p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! (p' \<^bold>\\<^sub>! q'))\ + assumes \A; B \\<^sub>! p \<^bold>\\<^sub>! p'\ \A; B \\<^sub>! q \<^bold>\\<^sub>! q'\ + shows \A; B \\<^sub>! ((p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! (p' \<^bold>\\<^sub>! q'))\ proof - - have \A \\<^sub>! (p \<^bold>\\<^sub>! p') \<^bold>\\<^sub>! (q \<^bold>\\<^sub>! q') \<^bold>\\<^sub>! ((p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! (p' \<^bold>\\<^sub>! q'))\ + have \A; B \\<^sub>! (p \<^bold>\\<^sub>! p') \<^bold>\\<^sub>! (q \<^bold>\\<^sub>! q') \<^bold>\\<^sub>! ((p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! (p' \<^bold>\\<^sub>! q'))\ by (simp add: PA1) then show ?thesis using assms PR1 by blast qed -lemma Iff_sym: \(A \\<^sub>! p \<^bold>\\<^sub>! q) = (A \\<^sub>! q \<^bold>\\<^sub>! p)\ +lemma Iff_sym: \(A; B \\<^sub>! p \<^bold>\\<^sub>! q) = (A; B \\<^sub>! q \<^bold>\\<^sub>! p)\ proof - - have \A \\<^sub>! (p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! (q \<^bold>\\<^sub>! p)\ + have \A; B \\<^sub>! (p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! (q \<^bold>\\<^sub>! p)\ by (simp add: PA1) then show ?thesis using PR1 ConE by blast qed lemma Iff_Iff: - assumes \A \\<^sub>! p \<^bold>\\<^sub>! p'\ \A \\<^sub>! p \<^bold>\\<^sub>! q\ - shows \A \\<^sub>! p' \<^bold>\\<^sub>! q\ + assumes \A; B \\<^sub>! p \<^bold>\\<^sub>! p'\ \A; B \\<^sub>! p \<^bold>\\<^sub>! q\ + shows \A; B \\<^sub>! p' \<^bold>\\<^sub>! q\ proof - have \ptautology ((p \<^bold>\\<^sub>! p') \<^bold>\\<^sub>! (p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! (p' \<^bold>\\<^sub>! q))\ by (metis peval.simps(4-5)) - with PA1 have \A \\<^sub>! (p \<^bold>\\<^sub>! p') \<^bold>\\<^sub>! (p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! (p' \<^bold>\\<^sub>! q)\ . + with PA1 have \A; B \\<^sub>! (p \<^bold>\\<^sub>! p') \<^bold>\\<^sub>! (p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! (p' \<^bold>\\<^sub>! q)\ . then show ?thesis using assms PR1 by blast qed -lemma K'_A2': \A \\<^sub>! K\<^sub>! i (p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! K\<^sub>! i p \<^bold>\\<^sub>! K\<^sub>! i q\ +lemma K'_A2': \A; B \\<^sub>! K\<^sub>! i (p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! K\<^sub>! i p \<^bold>\\<^sub>! K\<^sub>! i q\ proof - - have \A \\<^sub>! K\<^sub>! i p \<^bold>\\<^sub>! K\<^sub>! i (p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! K\<^sub>! i q\ + have \A; B \\<^sub>! K\<^sub>! i p \<^bold>\\<^sub>! K\<^sub>! i (p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! K\<^sub>! i q\ using PA2 by fast - moreover have \A \\<^sub>! (P \<^bold>\\<^sub>! Q \<^bold>\\<^sub>! R) \<^bold>\\<^sub>! (Q \<^bold>\\<^sub>! P \<^bold>\\<^sub>! R)\ for P Q R + moreover have \A; B \\<^sub>! (P \<^bold>\\<^sub>! Q \<^bold>\\<^sub>! R) \<^bold>\\<^sub>! (Q \<^bold>\\<^sub>! P \<^bold>\\<^sub>! R)\ for P Q R by (simp add: PA1) ultimately show ?thesis using PR1 by fast qed lemma K'_map: - assumes \A \\<^sub>! p \<^bold>\\<^sub>! q\ - shows \A \\<^sub>! K\<^sub>! i p \<^bold>\\<^sub>! K\<^sub>! i q\ + assumes \A; B \\<^sub>! p \<^bold>\\<^sub>! q\ + shows \A; B \\<^sub>! K\<^sub>! i p \<^bold>\\<^sub>! K\<^sub>! i q\ proof - - note \A \\<^sub>! p \<^bold>\\<^sub>! q\ - then have \A \\<^sub>! K\<^sub>! i (p \<^bold>\\<^sub>! q)\ + note \A; B \\<^sub>! p \<^bold>\\<^sub>! q\ + then have \A; B \\<^sub>! K\<^sub>! i (p \<^bold>\\<^sub>! q)\ using PR2 by fast - moreover have \A \\<^sub>! K\<^sub>! i (p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! K\<^sub>! i p \<^bold>\\<^sub>! K\<^sub>! i q\ + moreover have \A; B \\<^sub>! K\<^sub>! i (p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! K\<^sub>! i p \<^bold>\\<^sub>! K\<^sub>! i q\ using K'_A2' by fast ultimately show ?thesis using PR1 by fast qed lemma ConI: - assumes \A \\<^sub>! p\ \A \\<^sub>! q\ - shows \A \\<^sub>! p \<^bold>\\<^sub>! q\ + assumes \A; B \\<^sub>! p\ \A; B \\<^sub>! q\ + shows \A; B \\<^sub>! p \<^bold>\\<^sub>! q\ proof - - have \A \\<^sub>! p \<^bold>\\<^sub>! q \<^bold>\\<^sub>! p \<^bold>\\<^sub>! q\ + have \A; B \\<^sub>! p \<^bold>\\<^sub>! q \<^bold>\\<^sub>! p \<^bold>\\<^sub>! q\ by (simp add: PA1) then show ?thesis using assms PR1 by blast qed lemma Iff_wk: - assumes \A \\<^sub>! p \<^bold>\\<^sub>! q\ - shows \A \\<^sub>! (r \<^bold>\\<^sub>! p) \<^bold>\\<^sub>! (r \<^bold>\\<^sub>! q)\ + assumes \A; B \\<^sub>! p \<^bold>\\<^sub>! q\ + shows \A; B \\<^sub>! (r \<^bold>\\<^sub>! p) \<^bold>\\<^sub>! (r \<^bold>\\<^sub>! q)\ proof - - have \A \\<^sub>! (p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! ((r \<^bold>\\<^sub>! p) \<^bold>\\<^sub>! (r \<^bold>\\<^sub>! q))\ + have \A; B \\<^sub>! (p \<^bold>\\<^sub>! q) \<^bold>\\<^sub>! ((r \<^bold>\\<^sub>! p) \<^bold>\\<^sub>! (r \<^bold>\\<^sub>! q))\ by (simp add: PA1) then show ?thesis using assms PR1 by blast qed lemma Iff_reduce': assumes \static p\ - shows \A \\<^sub>! [r]\<^sub>! p \<^bold>\\<^sub>! reduce' r p\ + shows \A; B \\<^sub>! [r]\<^sub>! p \<^bold>\\<^sub>! reduce' r p\ using assms proof (induct p rule: pfm.induct) case FF then show ?case by (simp add: PFF) next case (Pro' x) then show ?case by (simp add: PPro) next case (Dis p q) - then have \A \\<^sub>! [r]\<^sub>! p \<^bold>\\<^sub>! [r]\<^sub>! q \<^bold>\\<^sub>! reduce' r (p \<^bold>\\<^sub>! q)\ + then have \A; B \\<^sub>! [r]\<^sub>! p \<^bold>\\<^sub>! [r]\<^sub>! q \<^bold>\\<^sub>! reduce' r (p \<^bold>\\<^sub>! q)\ using Iff_Dis by fastforce - moreover have \A \\<^sub>! ([r]\<^sub>! p \<^bold>\\<^sub>! [r]\<^sub>! q) \<^bold>\\<^sub>! ([r]\<^sub>! (p \<^bold>\\<^sub>! q))\ + moreover have \A; B \\<^sub>! ([r]\<^sub>! p \<^bold>\\<^sub>! [r]\<^sub>! q) \<^bold>\\<^sub>! ([r]\<^sub>! (p \<^bold>\\<^sub>! q))\ using PDis Iff_sym by fastforce ultimately show ?case using PA1 PR1 Iff_Iff by blast next case (Con p q) - then have \A \\<^sub>! [r]\<^sub>! p \<^bold>\\<^sub>! [r]\<^sub>! q \<^bold>\\<^sub>! reduce' r (p \<^bold>\\<^sub>! q)\ + then have \A; B \\<^sub>! [r]\<^sub>! p \<^bold>\\<^sub>! [r]\<^sub>! q \<^bold>\\<^sub>! reduce' r (p \<^bold>\\<^sub>! q)\ using Iff_Con by fastforce - moreover have \A \\<^sub>! ([r]\<^sub>! p \<^bold>\\<^sub>! [r]\<^sub>! q) \<^bold>\\<^sub>! ([r]\<^sub>! (p \<^bold>\\<^sub>! q))\ + moreover have \A; B \\<^sub>! ([r]\<^sub>! p \<^bold>\\<^sub>! [r]\<^sub>! q) \<^bold>\\<^sub>! ([r]\<^sub>! (p \<^bold>\\<^sub>! q))\ using PCon Iff_sym by fastforce ultimately show ?case using PA1 PR1 Iff_Iff by blast next case (Imp p q) - then have \A \\<^sub>! ([r]\<^sub>! p \<^bold>\\<^sub>! [r]\<^sub>! q) \<^bold>\\<^sub>! reduce' r (p \<^bold>\\<^sub>! q)\ + then have \A; B \\<^sub>! ([r]\<^sub>! p \<^bold>\\<^sub>! [r]\<^sub>! q) \<^bold>\\<^sub>! reduce' r (p \<^bold>\\<^sub>! q)\ using Iff_Imp by fastforce - moreover have \A \\<^sub>! ([r]\<^sub>! p \<^bold>\\<^sub>! [r]\<^sub>! q) \<^bold>\\<^sub>! ([r]\<^sub>! (p \<^bold>\\<^sub>! q))\ + moreover have \A; B \\<^sub>! ([r]\<^sub>! p \<^bold>\\<^sub>! [r]\<^sub>! q) \<^bold>\\<^sub>! ([r]\<^sub>! (p \<^bold>\\<^sub>! q))\ using PImp Iff_sym by fastforce ultimately show ?case using PA1 PR1 Iff_Iff by blast next case (K' i p) - then have \A \\<^sub>! [r]\<^sub>! p \<^bold>\\<^sub>! reduce' r p\ + then have \A; B \\<^sub>! [r]\<^sub>! p \<^bold>\\<^sub>! reduce' r p\ by simp - then have \A \\<^sub>! K\<^sub>! i ([r]\<^sub>! p) \<^bold>\\<^sub>! K\<^sub>! i (reduce' r p)\ + then have \A; B \\<^sub>! K\<^sub>! i ([r]\<^sub>! p) \<^bold>\\<^sub>! K\<^sub>! i (reduce' r p)\ using K'_map ConE ConI by metis - moreover have \A \\<^sub>! [r]\<^sub>! K\<^sub>! i p \<^bold>\\<^sub>! r \<^bold>\\<^sub>! K\<^sub>! i ([r]\<^sub>! p)\ + moreover have \A; B \\<^sub>! [r]\<^sub>! K\<^sub>! i p \<^bold>\\<^sub>! r \<^bold>\\<^sub>! K\<^sub>! i ([r]\<^sub>! p)\ using PK . - ultimately have \A \\<^sub>! [r]\<^sub>! K\<^sub>! i p \<^bold>\\<^sub>! r \<^bold>\\<^sub>! K\<^sub>! i (reduce' r p)\ + ultimately have \A; B \\<^sub>! [r]\<^sub>! K\<^sub>! i p \<^bold>\\<^sub>! r \<^bold>\\<^sub>! K\<^sub>! i (reduce' r p)\ by (meson Iff_Iff Iff_sym Iff_wk) then show ?case by simp next case (Ann r p) then show ?case by simp qed lemma Iff_Ann1: - assumes r: \A \\<^sub>! r \<^bold>\\<^sub>! r'\ and \static p\ - shows \A \\<^sub>! [r]\<^sub>! p \<^bold>\\<^sub>! [r']\<^sub>! p\ + assumes r: \A; B \\<^sub>! r \<^bold>\\<^sub>! r'\ and \static p\ + shows \A; B \\<^sub>! [r]\<^sub>! p \<^bold>\\<^sub>! [r']\<^sub>! p\ using assms(2-) proof (induct p) case FF - have \A \\<^sub>! (r \<^bold>\\<^sub>! r') \<^bold>\\<^sub>! ((r \<^bold>\\<^sub>! \<^bold>\\<^sub>!) \<^bold>\\<^sub>! (r' \<^bold>\\<^sub>! \<^bold>\\<^sub>!))\ + have \A; B \\<^sub>! (r \<^bold>\\<^sub>! r') \<^bold>\\<^sub>! ((r \<^bold>\\<^sub>! \<^bold>\\<^sub>!) \<^bold>\\<^sub>! (r' \<^bold>\\<^sub>! \<^bold>\\<^sub>!))\ by (auto intro: PA1) - then have \A \\<^sub>! (r \<^bold>\\<^sub>! \<^bold>\\<^sub>!) \<^bold>\\<^sub>! (r' \<^bold>\\<^sub>! \<^bold>\\<^sub>!)\ + then have \A; B \\<^sub>! (r \<^bold>\\<^sub>! \<^bold>\\<^sub>!) \<^bold>\\<^sub>! (r' \<^bold>\\<^sub>! \<^bold>\\<^sub>!)\ using r PR1 by blast then show ?case by (meson PFF Iff_Iff Iff_sym) next case (Pro' x) - have \A \\<^sub>! (r \<^bold>\\<^sub>! r') \<^bold>\\<^sub>! ((r \<^bold>\\<^sub>! Pro\<^sub>! x) \<^bold>\\<^sub>! (r' \<^bold>\\<^sub>! Pro\<^sub>! x))\ + have \A; B \\<^sub>! (r \<^bold>\\<^sub>! r') \<^bold>\\<^sub>! ((r \<^bold>\\<^sub>! Pro\<^sub>! x) \<^bold>\\<^sub>! (r' \<^bold>\\<^sub>! Pro\<^sub>! x))\ by (auto intro: PA1) - then have \A \\<^sub>! (r \<^bold>\\<^sub>! Pro\<^sub>! x) \<^bold>\\<^sub>! (r' \<^bold>\\<^sub>! Pro\<^sub>! x)\ + then have \A; B \\<^sub>! (r \<^bold>\\<^sub>! Pro\<^sub>! x) \<^bold>\\<^sub>! (r' \<^bold>\\<^sub>! Pro\<^sub>! x)\ using r PR1 by blast then show ?case by (meson PPro Iff_Iff Iff_sym) next case (Dis p q) - then have \A \\<^sub>! [r]\<^sub>! p \<^bold>\\<^sub>! [r]\<^sub>! q \<^bold>\\<^sub>! [r']\<^sub>! p \<^bold>\\<^sub>! [r']\<^sub>! q\ + then have \A; B \\<^sub>! [r]\<^sub>! p \<^bold>\\<^sub>! [r]\<^sub>! q \<^bold>\\<^sub>! [r']\<^sub>! p \<^bold>\\<^sub>! [r']\<^sub>! q\ by (simp add: Iff_Dis) then show ?case by (meson PDis Iff_Iff Iff_sym) next case (Con p q) - then have \A \\<^sub>! [r]\<^sub>! p \<^bold>\\<^sub>! [r]\<^sub>! q \<^bold>\\<^sub>! [r']\<^sub>! p \<^bold>\\<^sub>! [r']\<^sub>! q\ + then have \A; B \\<^sub>! [r]\<^sub>! p \<^bold>\\<^sub>! [r]\<^sub>! q \<^bold>\\<^sub>! [r']\<^sub>! p \<^bold>\\<^sub>! [r']\<^sub>! q\ by (simp add: Iff_Con) then show ?case by (meson PCon Iff_Iff Iff_sym) next case (Imp p q) - then have \A \\<^sub>! ([r]\<^sub>! p \<^bold>\\<^sub>! [r]\<^sub>! q) \<^bold>\\<^sub>! ([r']\<^sub>! p \<^bold>\\<^sub>! [r']\<^sub>! q)\ + then have \A; B \\<^sub>! ([r]\<^sub>! p \<^bold>\\<^sub>! [r]\<^sub>! q) \<^bold>\\<^sub>! ([r']\<^sub>! p \<^bold>\\<^sub>! [r']\<^sub>! q)\ by (simp add: Iff_Imp) then show ?case by (meson PImp Iff_Iff Iff_sym) next case (K' i p) - then have \A \\<^sub>! [r]\<^sub>! p \<^bold>\\<^sub>! [r']\<^sub>! p\ + then have \A; B \\<^sub>! [r]\<^sub>! p \<^bold>\\<^sub>! [r']\<^sub>! p\ by simp - then have \A \\<^sub>! K\<^sub>! i ([r]\<^sub>! p) \<^bold>\\<^sub>! K\<^sub>! i ([r']\<^sub>! p)\ + then have \A; B \\<^sub>! K\<^sub>! i ([r]\<^sub>! p) \<^bold>\\<^sub>! K\<^sub>! i ([r']\<^sub>! p)\ using K'_map ConE ConI by metis then show ?case by (meson Iff_Iff Iff_Imp Iff_sym PK r) next case (Ann s p) then show ?case by simp qed lemma Iff_Ann2: - assumes \A \\<^sub>! p \<^bold>\\<^sub>! p'\ - shows \A \\<^sub>! [r]\<^sub>! p \<^bold>\\<^sub>! [r]\<^sub>! p'\ + assumes \A; B \\<^sub>! p \<^bold>\\<^sub>! p'\ and \B r\ + shows \A; B \\<^sub>! [r]\<^sub>! p \<^bold>\\<^sub>! [r]\<^sub>! p'\ using assms PAnn ConE ConI PImp PR1 by metis -lemma Iff_reduce: \A \\<^sub>! p \<^bold>\\<^sub>! reduce p\ +lemma Iff_reduce: + assumes \\r \ anns p. B r\ + shows \A; B \\<^sub>! p \<^bold>\\<^sub>! reduce p\ + using assms proof (induct p) case (Dis p q) then show ?case by (simp add: Iff_Dis) next case (Con p q) then show ?case by (simp add: Iff_Con) next case (Imp p q) then show ?case by (simp add: Iff_Imp) next case (K' i p) - have - \A \\<^sub>! K\<^sub>! i p \<^bold>\\<^sub>! K\<^sub>! i (reduce p)\ - \A \\<^sub>! K\<^sub>! i (reduce p) \<^bold>\\<^sub>! K\<^sub>! i p\ - using K' K'_map ConE by fast+ - then have \A \\<^sub>! K\<^sub>! i p \<^bold>\\<^sub>! K\<^sub>! i (reduce p)\ + then have + \A; B \\<^sub>! K\<^sub>! i p \<^bold>\\<^sub>! K\<^sub>! i (reduce p)\ + \A; B \\<^sub>! K\<^sub>! i (reduce p) \<^bold>\\<^sub>! K\<^sub>! i p\ + using K'_map ConE by fastforce+ + then have \A; B \\<^sub>! K\<^sub>! i p \<^bold>\\<^sub>! K\<^sub>! i (reduce p)\ using ConI by blast then show ?case by simp next case (Ann r p) - have \A \\<^sub>! [reduce r]\<^sub>! reduce p \<^bold>\\<^sub>! reduce' (reduce r) (reduce p)\ + then have \B r\ + by simp + have \A; B \\<^sub>! [reduce r]\<^sub>! reduce p \<^bold>\\<^sub>! reduce' (reduce r) (reduce p)\ using Iff_reduce' static_reduce by blast - moreover have \A \\<^sub>! [r]\<^sub>! reduce p \<^bold>\\<^sub>! [reduce r]\<^sub>! reduce p\ - using Ann(1) Iff_Ann1 static_reduce by blast - ultimately have \A \\<^sub>! [r]\<^sub>! reduce p \<^bold>\\<^sub>! reduce' (reduce r) (reduce p)\ + moreover have \A; B \\<^sub>! [r]\<^sub>! reduce p \<^bold>\\<^sub>! [reduce r]\<^sub>! reduce p\ + using Ann Iff_Ann1 static_reduce by fastforce + ultimately have \A; B \\<^sub>! [r]\<^sub>! reduce p \<^bold>\\<^sub>! reduce' (reduce r) (reduce p)\ using Iff_Iff Iff_sym by blast - moreover have \A \\<^sub>! [r]\<^sub>! reduce p \<^bold>\\<^sub>! [r]\<^sub>! p\ - by (meson Ann(2) static_reduce Iff_Ann2 Iff_sym) - ultimately have \A \\<^sub>! [r]\<^sub>! p \<^bold>\\<^sub>! reduce' (reduce r) (reduce p)\ + moreover have \\r \ anns p. B r\ + using Ann.prems by simp + then have \A; B \\<^sub>! p \<^bold>\\<^sub>! reduce p\ + using Ann.hyps(2) by blast + then have \A; B \\<^sub>! [r]\<^sub>! reduce p \<^bold>\\<^sub>! [r]\<^sub>! p\ + using \B r\ Iff_Ann2 Iff_sym by blast + ultimately have \A; B \\<^sub>! [r]\<^sub>! p \<^bold>\\<^sub>! reduce' (reduce r) (reduce p)\ using Iff_Iff by blast then show ?case by simp qed (simp_all add: PA1) +lemma anns_implyP [simp]: + \anns (ps \<^bold>\\<^sub>! q) = anns q \ (\p \ set ps. anns p)\ + by (induct ps) auto + lemma strong_completeness\<^sub>P': assumes \valid\<^sub>! P G p\ + and \\r \ anns p. B r\ \\q \ G. \r \ anns q. B r\ and \valid\ P (lower ` reduce ` G) (lower (reduce p)) \ - A o lift, lower ` reduce ` G \ lower (reduce p)\ - shows \A, G \\<^sub>! p\ + A o lift; lower ` reduce ` G \ lower (reduce p)\ + shows \A; B; G \\<^sub>! p\ proof - have \valid\<^sub>! P (reduce ` G) (reduce p)\ using assms(1) reduce_semantics by fast moreover have \static (reduce p)\ \\q \ reduce ` G. static q\ using static_reduce by fast+ - ultimately have \A, reduce ` G \\<^sub>! reduce p\ - using assms(2) strong_static_completeness'[where G=\reduce ` G\ and p=\reduce p\] + ultimately have \A; B; reduce ` G \\<^sub>! reduce p\ + using assms(4) strong_static_completeness'[where G=\reduce ` G\ and p=\reduce p\] by presburger - then have \\qs. set qs \ G \ (A \\<^sub>! map reduce qs \<^bold>\\<^sub>! reduce p)\ + then have \\qs. set qs \ G \ (A; B \\<^sub>! map reduce qs \<^bold>\\<^sub>! reduce p)\ using set_map_inv by fast - then obtain qs where qs: \set qs \ G\ and \A \\<^sub>! map reduce qs \<^bold>\\<^sub>! reduce p\ + then obtain qs where qs: \set qs \ G\ and \A; B \\<^sub>! map reduce qs \<^bold>\\<^sub>! reduce p\ by blast - then have \A \\<^sub>! reduce (qs \<^bold>\\<^sub>! p)\ + then have \A; B \\<^sub>! reduce (qs \<^bold>\\<^sub>! p)\ using reduce_implyP by metis - moreover have \A \\<^sub>! (qs \<^bold>\\<^sub>! p) \<^bold>\\<^sub>! reduce (qs \<^bold>\\<^sub>! p)\ + moreover have \\r \ anns (qs \<^bold>\\<^sub>! p). B r\ + using assms(2-3) qs by auto + then have \A; B \\<^sub>! qs \<^bold>\\<^sub>! p \<^bold>\\<^sub>! reduce (qs \<^bold>\\<^sub>! p)\ using Iff_reduce by blast - ultimately have \A \\<^sub>! qs \<^bold>\\<^sub>! p\ + ultimately have \A; B \\<^sub>! qs \<^bold>\\<^sub>! p\ using ConE(2) PR1 by blast then show ?thesis using qs by blast qed theorem strong_completeness\<^sub>P: assumes \valid\<^sub>! P G p\ - and \\G p. valid\ P G p \ A o lift, G \ p\ - shows \\qs. set qs \ G \ (A \\<^sub>! qs \<^bold>\\<^sub>! p)\ + and \\r \ anns p. B r\ \\q \ G. \r \ anns q. B r\ + and \\G p. valid\ P G p \ A o lift; G \ p\ + shows \A; B; G \\<^sub>! p\ using strong_completeness\<^sub>P' assms . +theorem main\<^sub>P: + assumes \\M w p. A p \ P M \ w \ \ M \ M, w \\<^sub>! p\ + and \\M r. P M \ B r \ P (restrict M r)\ + and \\r \ anns p. B r\ \\q \ G. \r \ anns q. B r\ + and \\G p. valid\ P G p \ A o lift; G \ p\ + shows \valid\<^sub>! P G p \ A; B; G \\<^sub>! p\ + using strong_soundness\<^sub>P[of A P B G p] strong_completeness\<^sub>P[of P G p B A] assms by blast + +corollary strong_completeness\<^sub>P\<^sub>B: + assumes \valid\<^sub>! P G p\ + and \\G p. valid\ P G p \ A o lift; G \ p\ + shows \A; (\_. True); G \\<^sub>! p\ + using strong_completeness\<^sub>P[where B=\\_. True\] assms by blast + corollary completeness\<^sub>P': - assumes \valid\<^sub>! P {} p\ and \\p. valid P {} (lower p) \ A o lift \ lower p\ - shows \A \\<^sub>! p\ + assumes \valid\<^sub>! P {} p\ + and \\r \ anns p. B r\ + and \\p. valid P {} (lower p) \ A o lift \ lower p\ + shows \A; B \\<^sub>! p\ using assms strong_completeness\<^sub>P'[where P=P and G=\{}\] by simp corollary completeness\<^sub>P: - assumes \valid\<^sub>! P {} p\ and \\p. valid P {} p \ A o lift \ p\ - shows \A \\<^sub>! p\ + assumes \valid\<^sub>! P {} p\ + and \\r \ anns p. B r\ + and \\p. valid P {} p \ A o lift \ p\ + shows \A; B \\<^sub>! p\ using completeness\<^sub>P' assms . corollary completeness\<^sub>P\<^sub>A: assumes \valid\<^sub>! (\_. True) {} p\ - shows \A \\<^sub>! p\ - using assms completeness\<^sub>P[where P=\\_. True\ and p=p] completeness\<^sub>A by blast + shows \A; (\_. True) \\<^sub>! p\ + using assms completeness\<^sub>P[of \\_. True\ p \\_. True\] completeness\<^sub>A by blast section \System PAL + K\ abbreviation SystemPK (\_ \\<^sub>!\<^sub>K _\ [50, 50] 50) where - \G \\<^sub>!\<^sub>K p \ (\_. False), G \\<^sub>! p\ + \G \\<^sub>!\<^sub>K p \ (\_. False); (\_. True); G \\<^sub>! p\ lemma strong_soundness\<^sub>P\<^sub>K: \G \\<^sub>!\<^sub>K p \ valid\<^sub>!\ (\_. True) G p\ - using strong_soundness[of \\_. False\ \\_. True\] by fast + using strong_soundness\<^sub>P[of \\_. False\ \\_. True\] by fast abbreviation validPK (\valid\<^sub>!\<^sub>K\) where \valid\<^sub>!\<^sub>K \ valid\<^sub>! (\_. True)\ lemma strong_completeness\<^sub>P\<^sub>K: assumes \valid\<^sub>!\<^sub>K G p\ shows \G \\<^sub>!\<^sub>K p\ - using strong_completeness\<^sub>P assms strong_completeness\<^sub>K unfolding comp_apply . + using strong_completeness\<^sub>P\<^sub>B assms strong_completeness\<^sub>K unfolding comp_apply . theorem main\<^sub>P\<^sub>K: \valid\<^sub>!\<^sub>K G p \ G \\<^sub>!\<^sub>K p\ using strong_soundness\<^sub>P\<^sub>K[of G p] strong_completeness\<^sub>P\<^sub>K[of G p] by fast corollary \valid\<^sub>!\<^sub>K G p \ valid\<^sub>!\ (\_. True) G p\ using strong_soundness\<^sub>P\<^sub>K[of G p] strong_completeness\<^sub>P\<^sub>K[of G p] by fast section \System PAL + T\ text \Also known as System PAL + M\ inductive AxPT :: \'i pfm \ bool\ where \AxPT (K\<^sub>! i p \<^bold>\\<^sub>! p)\ abbreviation SystemPT (\_ \\<^sub>!\<^sub>T _\ [50, 50] 50) where - \G \\<^sub>!\<^sub>T p \ AxPT, G \\<^sub>! p\ + \G \\<^sub>!\<^sub>T p \ AxPT; (\_. True); G \\<^sub>! p\ lemma soundness_AxPT: \AxPT p \ reflexive M \ w \ \ M \ M, w \\<^sub>! p\ unfolding reflexive_def by (induct p rule: AxPT.induct) simp lemma reflexive_restrict: \reflexive M \ reflexive (restrict M p)\ unfolding reflexive_def by simp lemma strong_soundness\<^sub>P\<^sub>T: \G \\<^sub>!\<^sub>T p \ valid\<^sub>!\ reflexive G p\ - using strong_soundness[of AxPT reflexive G p] soundness_AxPT reflexive_restrict by fast + using strong_soundness\<^sub>P[of AxPT reflexive \\_. True\ G p] + soundness_AxPT reflexive_restrict by fast lemma AxT_AxPT: \AxT = AxPT o lift\ unfolding comp_apply using lower_lift by (metis AxPT.simps AxT.simps lift.simps(5-6) lower.simps(5-6)) abbreviation validPT (\valid\<^sub>!\<^sub>T\) where \valid\<^sub>!\<^sub>T \ valid\<^sub>! reflexive\ lemma strong_completeness\<^sub>P\<^sub>T: assumes \valid\<^sub>!\<^sub>T G p\ shows \G \\<^sub>!\<^sub>T p\ - using strong_completeness\<^sub>P assms strong_completeness\<^sub>T unfolding AxT_AxPT . + using strong_completeness\<^sub>P\<^sub>B assms strong_completeness\<^sub>T unfolding AxT_AxPT . theorem main\<^sub>P\<^sub>T: \valid\<^sub>!\<^sub>T G p \ G \\<^sub>!\<^sub>T p\ using strong_soundness\<^sub>P\<^sub>T[of G p] strong_completeness\<^sub>P\<^sub>T[of G p] by fast corollary \valid\<^sub>!\<^sub>T G p \ valid\<^sub>!\ reflexive G p\ using strong_soundness\<^sub>P\<^sub>T[of G p] strong_completeness\<^sub>P\<^sub>T[of G p] by fast section \System PAL + KB\ inductive AxPB :: \'i pfm \ bool\ where \AxPB (p \<^bold>\\<^sub>! K\<^sub>! i (L\<^sub>! i p))\ abbreviation SystemPKB (\_ \\<^sub>!\<^sub>K\<^sub>B _\ [50, 50] 50) where - \G \\<^sub>!\<^sub>K\<^sub>B p \ AxPB, G \\<^sub>! p\ + \G \\<^sub>!\<^sub>K\<^sub>B p \ AxPB; (\_. True); G \\<^sub>! p\ lemma soundness_AxPB: \AxPB p \ symmetric M \ w \ \ M \ M, w \\<^sub>! p\ unfolding symmetric_def by (induct p rule: AxPB.induct) auto lemma symmetric_restrict: \symmetric M \ symmetric (restrict M p)\ unfolding symmetric_def by simp lemma strong_soundness\<^sub>P\<^sub>K\<^sub>B: \G \\<^sub>!\<^sub>K\<^sub>B p \ valid\<^sub>!\ symmetric G p\ - using strong_soundness[of AxPB symmetric G p] soundness_AxPB symmetric_restrict by fast + using strong_soundness\<^sub>P[of AxPB symmetric \\_. True\ G p] + soundness_AxPB symmetric_restrict by fast lemma AxB_AxPB: \AxB = AxPB o lift\ proof fix p :: \'i fm\ show \AxB p = (AxPB \ lift) p\ unfolding comp_apply using lower_lift by (smt (verit, best) AxB.simps AxPB.simps lift.simps(1, 5-6) lower.simps(5-6)) qed abbreviation validPKB (\valid\<^sub>!\<^sub>K\<^sub>B\) where \valid\<^sub>!\<^sub>K\<^sub>B \ valid\<^sub>! symmetric\ lemma strong_completeness\<^sub>P\<^sub>K\<^sub>B: assumes \valid\<^sub>!\<^sub>K\<^sub>B G p\ shows \G \\<^sub>!\<^sub>K\<^sub>B p\ - using strong_completeness\<^sub>P assms strong_completeness\<^sub>K\<^sub>B unfolding AxB_AxPB . + using strong_completeness\<^sub>P\<^sub>B assms strong_completeness\<^sub>K\<^sub>B unfolding AxB_AxPB . theorem main\<^sub>P\<^sub>K\<^sub>B: \valid\<^sub>!\<^sub>K\<^sub>B G p \ G \\<^sub>!\<^sub>K\<^sub>B p\ using strong_soundness\<^sub>P\<^sub>K\<^sub>B[of G p] strong_completeness\<^sub>P\<^sub>K\<^sub>B[of G p] by fast corollary \valid\<^sub>!\<^sub>K\<^sub>B G p \ valid\<^sub>!\ symmetric G p\ using strong_soundness\<^sub>P\<^sub>K\<^sub>B[of G p] strong_completeness\<^sub>P\<^sub>K\<^sub>B[of G p] by fast section \System PAL + K4\ inductive AxP4 :: \'i pfm \ bool\ where \AxP4 (K\<^sub>! i p \<^bold>\\<^sub>! K\<^sub>! i (K\<^sub>! i p))\ abbreviation SystemPK4 (\_ \\<^sub>!\<^sub>K\<^sub>4 _\ [50, 50] 50) where - \G \\<^sub>!\<^sub>K\<^sub>4 p \ AxP4, G \\<^sub>! p\ + \G \\<^sub>!\<^sub>K\<^sub>4 p \ AxP4; (\_. True); G \\<^sub>! p\ lemma pos_introspection: assumes \transitive M\ \w \ \ M\ shows \M, w \\<^sub>! (K\<^sub>! i p \<^bold>\\<^sub>! K\<^sub>! i (K\<^sub>! i p))\ proof - { assume \M, w \\<^sub>! K\<^sub>! i p\ then have \\v \ \ M \ \ M i w. M, v \\<^sub>! p\ by simp then have \\v \ \ M \ \ M i w. \u \ \ M \ \ M i v. M, u \\<^sub>! p\ using \transitive M\ \w \ \ M\ unfolding transitive_def by blast then have \\v \ \ M \ \ M i w. M, v \\<^sub>! K\<^sub>! i p\ by simp then have \M, w \\<^sub>! K\<^sub>! i (K\<^sub>! i p)\ by simp } then show ?thesis by fastforce qed lemma soundness_AxP4: \AxP4 p \ transitive M \ w \ \ M \ M, w \\<^sub>! p\ by (induct p rule: AxP4.induct) (metis pos_introspection) lemma transitive_restrict: \transitive M \ transitive (restrict M p)\ unfolding transitive_def by (metis (no_types, lifting) kripke.exhaust_sel kripke.inject mem_Collect_eq restrict.elims) lemma strong_soundness\<^sub>P\<^sub>K\<^sub>4: \G \\<^sub>!\<^sub>K\<^sub>4 p \ valid\<^sub>!\ transitive G p\ - using strong_soundness[of AxP4 transitive G p] soundness_AxP4 transitive_restrict by fast + using strong_soundness\<^sub>P[of AxP4 transitive \\_. True\ G p] + soundness_AxP4 transitive_restrict by fast lemma Ax4_AxP4: \Ax4 = AxP4 o lift\ proof fix p :: \'i fm\ show \Ax4 p = (AxP4 \ lift) p\ unfolding comp_apply using lower_lift by (smt (verit, best) Ax4.simps AxP4.simps lift.simps(1, 5-6) lower.simps(5-6)) qed abbreviation validPK4 (\valid\<^sub>!\<^sub>K\<^sub>4\) where \valid\<^sub>!\<^sub>K\<^sub>4 \ valid\<^sub>! transitive\ lemma strong_completeness\<^sub>P\<^sub>K\<^sub>4: assumes \valid\<^sub>!\<^sub>K\<^sub>4 G p\ shows \G \\<^sub>!\<^sub>K\<^sub>4 p\ - using strong_completeness\<^sub>P assms strong_completeness\<^sub>K\<^sub>4 unfolding Ax4_AxP4 . + using strong_completeness\<^sub>P\<^sub>B assms strong_completeness\<^sub>K\<^sub>4 unfolding Ax4_AxP4 . theorem main\<^sub>P\<^sub>K\<^sub>4: \valid\<^sub>!\<^sub>K\<^sub>4 G p \ G \\<^sub>!\<^sub>K\<^sub>4 p\ using strong_soundness\<^sub>P\<^sub>K\<^sub>4[of G p] strong_completeness\<^sub>P\<^sub>K\<^sub>4[of G p] by fast corollary \valid\<^sub>!\<^sub>K\<^sub>4 G p \ valid\<^sub>!\ transitive G p\ using strong_soundness\<^sub>P\<^sub>K\<^sub>4[of G p] strong_completeness\<^sub>P\<^sub>K\<^sub>4[of G p] by fast +section \System PAL + K5\ + +inductive AxP5 :: \'i pfm \ bool\ where + \AxP5 (L\<^sub>! i p \<^bold>\\<^sub>! K\<^sub>! i (L\<^sub>! i p))\ + +abbreviation SystemPK5 (\_ \\<^sub>!\<^sub>K\<^sub>5 _\ [50, 50] 50) where + \G \\<^sub>!\<^sub>K\<^sub>5 p \ AxP5; (\_. True); G \\<^sub>! p\ + +lemma soundness_AxP5: \AxP5 p \ Euclidean M \ w \ \ M \ M, w \\<^sub>! p\ + by (induct p rule: AxP5.induct) (unfold Euclidean_def psemantics.simps, blast) + +lemma Euclidean_restrict: \Euclidean M \ Euclidean (restrict M p)\ + unfolding Euclidean_def by auto + +lemma strong_soundness\<^sub>P\<^sub>K\<^sub>5: \G \\<^sub>!\<^sub>K\<^sub>5 p \ valid\<^sub>!\ Euclidean G p\ + using strong_soundness\<^sub>P[of AxP5 Euclidean \\_. True\ G p] + soundness_AxP5 Euclidean_restrict by fast + +lemma Ax5_AxP5: \Ax5 = AxP5 o lift\ +proof + fix p :: \'i fm\ + show \Ax5 p = (AxP5 \ lift) p\ + unfolding comp_apply using lower_lift + by (smt (verit, best) Ax5.simps AxP5.simps lift.simps(1, 5-6) lower.simps(5-6)) +qed + +abbreviation validPK5 (\valid\<^sub>!\<^sub>K\<^sub>5\) where + \valid\<^sub>!\<^sub>K\<^sub>5 \ valid\<^sub>! Euclidean\ + +lemma strong_completeness\<^sub>P\<^sub>K\<^sub>5: + assumes \valid\<^sub>!\<^sub>K\<^sub>5 G p\ + shows \G \\<^sub>!\<^sub>K\<^sub>5 p\ + using strong_completeness\<^sub>P\<^sub>B assms strong_completeness\<^sub>K\<^sub>5 unfolding Ax5_AxP5 . + +theorem main\<^sub>P\<^sub>K\<^sub>5: \valid\<^sub>!\<^sub>K\<^sub>5 G p \ G \\<^sub>!\<^sub>K\<^sub>5 p\ + using strong_soundness\<^sub>P\<^sub>K\<^sub>5[of G p] strong_completeness\<^sub>P\<^sub>K\<^sub>5[of G p] by fast + +corollary \valid\<^sub>!\<^sub>K\<^sub>5 G p \ valid\<^sub>!\ Euclidean G p\ + using strong_soundness\<^sub>P\<^sub>K\<^sub>5[of G p] strong_completeness\<^sub>P\<^sub>K\<^sub>5[of G p] by fast + section \System PAL + S4\ abbreviation SystemPS4 (\_ \\<^sub>!\<^sub>S\<^sub>4 _\ [50, 50] 50) where - \G \\<^sub>!\<^sub>S\<^sub>4 p \ AxPT \ AxP4, G \\<^sub>! p\ + \G \\<^sub>!\<^sub>S\<^sub>4 p \ AxPT \ AxP4; (\_. True); G \\<^sub>! p\ lemma soundness_AxPT4: \(AxPT \ AxP4) p \ refltrans M \ w \ \ M \ M, w \\<^sub>! p\ using soundness_AxPT soundness_AxP4 by fast lemma refltrans_restrict: \refltrans M \ refltrans (restrict M p)\ using reflexive_restrict transitive_restrict by blast lemma strong_soundness\<^sub>P\<^sub>S\<^sub>4: \G \\<^sub>!\<^sub>S\<^sub>4 p \ valid\<^sub>!\ refltrans G p\ - using strong_soundness[of \AxPT \ AxP4\ refltrans G p] soundness_AxPT4 refltrans_restrict by fast + using strong_soundness\<^sub>P[of \AxPT \ AxP4\ refltrans \\_. True\ G p] + soundness_AxPT4 refltrans_restrict by fast lemma AxT4_AxPT4: \(AxT \ Ax4) = (AxPT \ AxP4) o lift\ using AxT_AxPT Ax4_AxP4 unfolding comp_apply by metis abbreviation validPS4 (\valid\<^sub>!\<^sub>S\<^sub>4\) where \valid\<^sub>!\<^sub>S\<^sub>4 \ valid\<^sub>! refltrans\ theorem strong_completeness\<^sub>P\<^sub>S\<^sub>4: assumes \valid\<^sub>!\<^sub>S\<^sub>4 G p\ shows \G \\<^sub>!\<^sub>S\<^sub>4 p\ - using strong_completeness\<^sub>P assms strong_completeness\<^sub>S\<^sub>4 unfolding AxT4_AxPT4 . + using strong_completeness\<^sub>P\<^sub>B assms strong_completeness\<^sub>S\<^sub>4 unfolding AxT4_AxPT4 . theorem main\<^sub>P\<^sub>S\<^sub>4: \valid\<^sub>!\<^sub>S\<^sub>4 G p \ G \\<^sub>!\<^sub>S\<^sub>4 p\ using strong_soundness\<^sub>P\<^sub>S\<^sub>4[of G p] strong_completeness\<^sub>P\<^sub>S\<^sub>4[of G p] by fast corollary \valid\<^sub>!\<^sub>S\<^sub>4 G p \ valid\<^sub>!\ refltrans G p\ using strong_soundness\<^sub>P\<^sub>S\<^sub>4[of G p] strong_completeness\<^sub>P\<^sub>S\<^sub>4[of G p] by fast section \System PAL + S5\ abbreviation SystemPS5 (\_ \\<^sub>!\<^sub>S\<^sub>5 _\ [50, 50] 50) where - \G \\<^sub>!\<^sub>S\<^sub>5 p \ AxPT \ AxPB \ AxP4, G \\<^sub>! p\ + \G \\<^sub>!\<^sub>S\<^sub>5 p \ AxPT \ AxPB \ AxP4; (\_. True); G \\<^sub>! p\ abbreviation AxPTB4 :: \'i pfm \ bool\ where \AxPTB4 \ AxPT \ AxPB \ AxP4\ lemma soundness_AxPTB4: \AxPTB4 p \ equivalence M \ w \ \ M \ M, w \\<^sub>! p\ using soundness_AxPT soundness_AxPB soundness_AxP4 by fast lemma equivalence_restrict: \equivalence M \ equivalence (restrict M p)\ using reflexive_restrict symmetric_restrict transitive_restrict by blast lemma strong_soundness\<^sub>P\<^sub>S\<^sub>5: \G \\<^sub>!\<^sub>S\<^sub>5 p \ valid\<^sub>!\ equivalence G p\ - using strong_soundness[of AxPTB4 equivalence G p] soundness_AxPTB4 equivalence_restrict by fast + using strong_soundness\<^sub>P[of AxPTB4 equivalence \\_. True\ G p] + soundness_AxPTB4 equivalence_restrict by fast lemma AxTB4_AxPTB4: \AxTB4 = AxPTB4 o lift\ using AxT_AxPT AxB_AxPB Ax4_AxP4 unfolding comp_apply by metis abbreviation validPS5 (\valid\<^sub>!\<^sub>S\<^sub>5\) where \valid\<^sub>!\<^sub>S\<^sub>5 \ valid\<^sub>! equivalence\ theorem strong_completeness\<^sub>P\<^sub>S\<^sub>5: assumes \valid\<^sub>!\<^sub>S\<^sub>5 G p\ shows \G \\<^sub>!\<^sub>S\<^sub>5 p\ - using strong_completeness\<^sub>P assms strong_completeness\<^sub>S\<^sub>5 unfolding AxTB4_AxPTB4 . + using strong_completeness\<^sub>P\<^sub>B assms strong_completeness\<^sub>S\<^sub>5 unfolding AxTB4_AxPTB4 . theorem main\<^sub>P\<^sub>S\<^sub>5: \valid\<^sub>!\<^sub>S\<^sub>5 G p \ G \\<^sub>!\<^sub>S\<^sub>5 p\ using strong_soundness\<^sub>P\<^sub>S\<^sub>5[of G p] strong_completeness\<^sub>P\<^sub>S\<^sub>5[of G p] by fast corollary \valid\<^sub>!\<^sub>S\<^sub>5 G p \ valid\<^sub>!\ equivalence G p\ using strong_soundness\<^sub>P\<^sub>S\<^sub>5[of G p] strong_completeness\<^sub>P\<^sub>S\<^sub>5[of G p] by fast +section \System PAL + S5'\ + +abbreviation SystemPS5' (\_ \\<^sub>!\<^sub>S\<^sub>5'' _\ [50, 50] 50) where + \G \\<^sub>!\<^sub>S\<^sub>5' p \ AxPT \ AxP5; (\_. True); G \\<^sub>! p\ + +abbreviation AxPT5 :: \'i pfm \ bool\ where + \AxPT5 \ AxPT \ AxP5\ + +lemma soundness_AxPT5: \AxPT5 p \ equivalence M \ w \ \ M \ M, w \\<^sub>! p\ + using soundness_AxPT soundness_AxPT soundness_AxP5 symm_trans_Euclid by fast + +lemma strong_soundness\<^sub>P\<^sub>S\<^sub>5': \G \\<^sub>!\<^sub>S\<^sub>5' p \ valid\<^sub>!\ equivalence G p\ + using strong_soundness\<^sub>P[of AxPT5 equivalence \\_. True\ G p] + soundness_AxPT5 equivalence_restrict by fast + +lemma AxT5_AxPT5: \AxT5 = AxPT5 o lift\ + using AxT_AxPT Ax5_AxP5 unfolding comp_apply by metis + +theorem strong_completeness\<^sub>P\<^sub>S\<^sub>5': + assumes \valid\<^sub>!\<^sub>S\<^sub>5 G p\ + shows \G \\<^sub>!\<^sub>S\<^sub>5' p\ + using strong_completeness\<^sub>P\<^sub>B assms strong_completeness\<^sub>S\<^sub>5' unfolding AxT5_AxPT5 . + +theorem main\<^sub>P\<^sub>S\<^sub>5': \valid\<^sub>!\<^sub>S\<^sub>5 G p \ G \\<^sub>!\<^sub>S\<^sub>5' p\ + using strong_soundness\<^sub>P\<^sub>S\<^sub>5'[of G p] strong_completeness\<^sub>P\<^sub>S\<^sub>5'[of G p] by fast + end diff --git a/thys/Public_Announcement_Logic/document/root.tex b/thys/Public_Announcement_Logic/document/root.tex --- a/thys/Public_Announcement_Logic/document/root.tex +++ b/thys/Public_Announcement_Logic/document/root.tex @@ -1,67 +1,67 @@ \documentclass[11pt,a4paper]{article} \usepackage[T1]{fontenc} \usepackage{isabelle,isabellesym} % further packages required for unusual symbols (see also % isabellesym.sty), use only when needed \usepackage{amssymb} %for \, \, \, \, \, \, %\, \, \, \, \, %\, \, \ %\usepackage{eurosym} %for \ %\usepackage[only,bigsqcap]{stmaryrd} %for \ %\usepackage{eufrak} %for \ ... \, \ ... \ (also included in amssymb) %\usepackage{textcomp} %for \, \, \, \, \, %\ % this should be the last package used \usepackage{pdfsetup} % urls in roman style, theory text in math-similar italics \urlstyle{rm} \isabellestyle{it} % for uniform font size %\renewcommand{\isastyle}{\isastyleminor} \begin{document} \title{Public Announcement Logic} \author{Asta Halkjær From} \maketitle \begin{abstract} This work is a formalization of public announcement logic with countably many agents. - It includes proofs of soundness and completeness for a variant of the axiom system PA + DIST! + NEC!~\cite{WangC13}. The completeness proof builds on the Epistemic Logic theory. + It includes proofs of soundness and completeness for variants of the axiom system PA + DIST! + NEC!~\cite{WangC13}. The completeness proofs build on the Epistemic Logic theory. \end{abstract} \tableofcontents \newpage % sane default for proof documents \parindent 0pt\parskip 0.5ex % generated text of all theories \input{session} % optional bibliography \bibliographystyle{abbrv} \bibliography{root} \end{document} %%% Local Variables: %%% mode: latex %%% TeX-master: t %%% End: