diff --git a/thys/FOL_Seq_Calc3/Completeness.thy b/thys/FOL_Seq_Calc3/Completeness.thy --- a/thys/FOL_Seq_Calc3/Completeness.thy +++ b/thys/FOL_Seq_Calc3/Completeness.thy @@ -1,281 +1,281 @@ section \Completeness\ theory Completeness imports Prover Semantics begin subsection \Hintikka Counter Model\ locale Hintikka = fixes A B :: \fm set\ assumes - Basic: \\<^bold>\n ts \ A \ \<^bold>\n ts \ B \ False\ and + Basic: \\<^bold>\P ts \ A \ \<^bold>\P ts \ B \ False\ and FlsA: \\<^bold>\ \ A\ and ImpA: \p \<^bold>\ q \ A \ p \ B \ q \ A\ and ImpB: \p \<^bold>\ q \ B \ p \ A \ q \ B\ and - UniA: \\<^bold>\p \ A \ \t. p\t/0\ \ A\ and - UniB: \\<^bold>\p \ B \ \t. p\t/0\ \ B\ + UniA: \\<^bold>\p \ A \ \t. \t\p \ A\ and + UniB: \\<^bold>\p \ B \ \t. \t\p \ B\ -abbreviation \M A \ \\<^bold>#, \<^bold>\, \n ts. \<^bold>\n ts \ A\\ +abbreviation \M A \ \\<^bold>#, \<^bold>\, \P ts. \<^bold>\P ts \ A\\ lemma id_tm [simp]: \\\<^bold>#, \<^bold>\\ t = t\ by (induct t) (auto cong: map_cong) -lemma size_sub [simp]: \size (p\t/i\) = size p\ - by (induct p arbitrary: i t) auto +lemma size_sub_fm [simp]: \size (sub_fm s p) = size p\ + by (induct p arbitrary: s) auto theorem Hintikka_counter_model: assumes \Hintikka A B\ shows \(p \ A \ M A p) \ (p \ B \ \ M A p)\ proof (induct p rule: wf_induct [where r=\measure size\]) case 1 then show ?case .. next case (2 x) then show ?case proof (cases x; safe del: notI) case Falsity show \\<^bold>\ \ A \ M A \<^bold>\\ \\<^bold>\ \ B \ \ M A \<^bold>\\ using Hintikka.FlsA assms by simp_all next - case (Pre n ts) - show \\<^bold>\n ts \ A \ M A (\<^bold>\n ts)\ \\<^bold>\n ts \ B \ \ M A (\<^bold>\n ts)\ + case (Pre P ts) + show \\<^bold>\P ts \ A \ M A (\<^bold>\P ts)\ \\<^bold>\P ts \ B \ \ M A (\<^bold>\P ts)\ using Hintikka.Basic assms by (auto cong: map_cong) next case (Imp p q) show \p \<^bold>\ q \ A \ M A (p \<^bold>\ q)\ \p \<^bold>\ q \ B \ \ M A (p \<^bold>\ q)\ using assms Hintikka.ImpA[of A B p q] Hintikka.ImpB[of A B p q] Imp 2 by auto next case (Uni p) - have \p\t/0\ \ A \ M A (p\t/0\)\ \p\t/0\ \ B \ \ M A (p\t/0\)\ for t - using Uni 2 by (metis fm.size(8) in_measure lessI less_add_same_cancel1 size_sub)+ + have \\t\p \ A \ M A (\t\p)\ \\t\p \ B \ \ M A (\t\p)\ for t + using Uni 2 by (metis fm.size(8) in_measure lessI less_add_same_cancel1 size_sub_fm)+ then show \\<^bold>\p \ A \ M A (\<^bold>\p)\ \\<^bold>\p \ B \ \ M A (\<^bold>\p)\ using assms Hintikka.UniA[of A B p] Hintikka.UniB[of A B p] by auto qed qed subsection \Escape Paths Form Hintikka Sets\ lemma sset_sdrop: \sset (sdrop n s) \ sset s\ by (induct n arbitrary: s) (auto intro: stl_sset in_mono) lemma epath_sdrop: \epath steps \ epath (sdrop n steps)\ by (induct n) (auto elim: epath.cases) lemma eff_preserves_Pre: assumes \effStep ((A, B), r) ss\ \(A', B') |\| ss\ - shows \(\<^bold>\n ts [\] A \ \<^bold>\n ts [\] A')\ \\<^bold>\n ts [\] B \ \<^bold>\n ts [\] B'\ + shows \(\<^bold>\P ts [\] A \ \<^bold>\P ts [\] A')\ \\<^bold>\P ts [\] B \ \<^bold>\P ts [\] B'\ using assms by (induct r \(A, B)\ rule: eff.induct) (auto split: if_splits) lemma epath_eff: assumes \epath steps\ \effStep (shd steps) ss\ shows \fst (shd (stl steps)) |\| ss\ using assms by (auto elim: epath.cases) abbreviation \lhs s \ fst (fst s)\ abbreviation \rhs s \ snd (fst s)\ abbreviation \lhsd s \ lhs (shd s)\ abbreviation \rhsd s \ rhs (shd s)\ lemma epath_Pre_sdrop: assumes \epath steps\ shows - \\<^bold>\n ts [\] lhs (shd steps) \ \<^bold>\n ts [\] lhsd (sdrop m steps)\ - \\<^bold>\n ts [\] rhs (shd steps) \ \<^bold>\n ts [\] rhsd (sdrop m steps)\ + \\<^bold>\P ts [\] lhs (shd steps) \ \<^bold>\P ts [\] lhsd (sdrop m steps)\ + \\<^bold>\P ts [\] rhs (shd steps) \ \<^bold>\P ts [\] rhsd (sdrop m steps)\ using assms eff_preserves_Pre by (induct m arbitrary: steps) (simp; metis (no_types, lifting) epath.cases surjective_pairing)+ lemma Saturated_sdrop: assumes \Saturated steps\ shows \Saturated (sdrop n steps)\ using assms unfolding Saturated_def saturated_def by (simp add: alw_iff_sdrop) definition treeA :: \(sequent \ rule) stream \ fm set\ where \treeA steps \ \s \ sset steps. set (lhs s)\ definition treeB :: \(sequent \ rule) stream \ fm set\ where \treeB steps \ \s \ sset steps. set (rhs s)\ lemma treeA_snth: \p \ treeA steps \ \n. p [\] lhsd (sdrop n steps)\ unfolding treeA_def using sset_range[of steps] by simp lemma treeB_snth: \p \ treeB steps \ \n. p [\] rhsd (sdrop n steps)\ unfolding treeB_def using sset_range[of steps] by simp lemma treeA_sdrop: \treeA (sdrop n steps) \ treeA steps\ unfolding treeA_def by (induct n) (simp, metis SUP_subset_mono order_refl sset_sdrop) lemma treeB_sdrop: \treeB (sdrop n steps) \ treeB steps\ unfolding treeB_def by (induct n) (simp, metis SUP_subset_mono order_refl sset_sdrop) lemma enabled_ex_taken: assumes \epath steps\ \Saturated steps\ \enabled r (fst (shd steps))\ shows \\k. takenAtStep r (shd (sdrop k steps))\ using assms unfolding Saturated_def saturated_def UNIV_rules by (auto simp: ev_iff_sdrop) lemma Hintikka_epath: assumes \epath steps\ \Saturated steps\ shows \Hintikka (treeA steps) (treeB steps)\ proof - fix n ts - assume \\<^bold>\n ts \ treeA steps\ - then obtain m where m: \\<^bold>\n ts [\] lhsd (sdrop m steps)\ + fix P ts + assume \\<^bold>\P ts \ treeA steps\ + then obtain m where m: \\<^bold>\P ts [\] lhsd (sdrop m steps)\ using treeA_snth by auto - assume \\<^bold>\n ts \ treeB steps\ - then obtain k where k: \\<^bold>\n ts [\] rhsd (sdrop k steps)\ + assume \\<^bold>\P ts \ treeB steps\ + then obtain k where k: \\<^bold>\P ts [\] rhsd (sdrop k steps)\ using treeB_snth by auto let ?j = \m + k\ let ?jstep = \shd (sdrop ?j steps)\ - have \\<^bold>\n ts [\] lhs ?jstep\ + have \\<^bold>\P ts [\] lhs ?jstep\ using assms m epath_sdrop epath_Pre_sdrop by (metis (no_types, lifting) sdrop_add) - moreover have \\<^bold>\n ts [\] rhs ?jstep\ + moreover have \\<^bold>\P ts [\] rhs ?jstep\ using assms k epath_sdrop epath_Pre_sdrop by (metis (no_types, lifting) add.commute sdrop_add) - ultimately have \enabled (Axiom n ts) (fst ?jstep)\ + ultimately have \enabled (Axiom P ts) (fst ?jstep)\ unfolding enabled_def by (metis eff.simps(2) prod.exhaust_sel) - then obtain j' where \takenAtStep (Axiom n ts) (shd (sdrop j' steps))\ + then obtain j' where \takenAtStep (Axiom P ts) (shd (sdrop j' steps))\ using enabled_ex_taken[OF epath_sdrop[OF assms(1)] Saturated_sdrop[OF assms(2)]] by auto then have \eff (snd (shd (sdrop j' steps))) (fst (shd (sdrop j' steps))) = None\ using assms(1) epath_sdrop epath_eff by (metis (no_types, lifting) eff.simps(2) epath.simps equalsffemptyD surjective_pairing) then show False using assms(1) epath_sdrop by (metis epath.cases option.discI) next show \\<^bold>\ \ treeA steps\ proof assume \\<^bold>\ \ treeA steps\ then have \\j. enabled FlsL (fst (shd (sdrop j steps)))\ unfolding enabled_def using treeA_snth by (metis eff.simps(3) prod.exhaust_sel sdrop_simps(1)) then obtain j where \takenAtStep FlsL (shd (sdrop j steps))\ (is \takenAtStep _ (shd ?steps)\) using enabled_ex_taken[OF epath_sdrop[OF assms(1)] Saturated_sdrop[OF assms(2)]] by auto then have \eff (snd (shd ?steps)) (fst (shd ?steps)) = None\ using assms(1) epath_sdrop epath_eff by (metis (no_types, lifting) eff.simps(3) epath.simps equalsffemptyD surjective_pairing) then show False using assms(1) epath_sdrop by (metis epath.cases option.discI) qed next fix p q assume \p \<^bold>\ q \ treeA steps\ then have \\k. enabled (ImpL p q) (fst (shd (sdrop k steps)))\ unfolding enabled_def using treeA_snth by (metis eff.simps(5) prod.exhaust_sel sdrop_simps(1)) then obtain j where \takenAtStep (ImpL p q) (shd (sdrop j steps))\ (is \takenAtStep _ (shd ?s)\) using enabled_ex_taken[OF epath_sdrop[OF assms(1)] Saturated_sdrop[OF assms(2)]] by auto then have \fst (shd (stl ?s)) |\| {| (lhsd ?s [\
] (p \<^bold>\ q), p # rhsd ?s), (q # lhsd ?s [\
] (p \<^bold>\ q), rhsd ?s) |}\ using assms(1) epath_sdrop epath_eff by (metis (no_types, lifting) eff.simps(5) epath.cases option.distinct(1) prod.collapse) then have \p [\] rhs (shd (stl ?s)) \ q [\] lhs (shd (stl ?s))\ by auto then have \p \ treeB (stl ?s) \ q \ treeA (stl ?s)\ unfolding treeA_def treeB_def by (meson UN_I shd_sset) then show \p \ treeB steps \ q \ treeA steps\ using treeA_sdrop treeB_sdrop by (metis sdrop_simps(2) subsetD) next fix p q assume \p \<^bold>\ q \ treeB steps\ then have \\k. enabled (ImpR p q) (fst (shd (sdrop k steps)))\ unfolding enabled_def using treeB_snth by (metis eff.simps(6) prod.exhaust_sel sdrop_simps(1)) then obtain j where \takenAtStep (ImpR p q) (shd (sdrop j steps))\ (is \takenAtStep _ (shd ?s)\) using enabled_ex_taken[OF epath_sdrop[OF assms(1)] Saturated_sdrop[OF assms(2)]] by auto then have \fst (shd (stl ?s)) |\| {| (p # lhsd ?s, q # rhsd ?s [\
] (p \<^bold>\ q)) |}\ using assms(1) epath_sdrop epath_eff by (metis (no_types, lifting) eff.simps(6) epath.cases option.distinct(1) prod.collapse) then have \p [\] lhs (shd (stl ?s)) \ q [\] rhs (shd (stl ?s))\ by auto then have \p \ treeA (stl ?s) \ q \ treeB (stl ?s)\ unfolding treeA_def treeB_def by (meson UN_I shd_sset) then show \p \ treeA steps \ q \ treeB steps\ using treeA_sdrop treeB_sdrop by (metis sdrop_simps(2) subsetD) next fix p assume *: \\<^bold>\p \ treeA steps\ - show \\t. p\t/0\ \ treeA steps\ + show \\t. \t\p \ treeA steps\ proof fix t from * have \\k. enabled (UniL t p) (fst (shd (sdrop k steps)))\ unfolding enabled_def using treeA_snth by (metis eff.simps(7) prod.exhaust_sel sdrop_simps(1)) then obtain j where \takenAtStep (UniL t p) (shd (sdrop j steps))\(is \takenAtStep _ (shd ?s)\) using enabled_ex_taken[OF epath_sdrop[OF assms(1)] Saturated_sdrop[OF assms(2)]] by auto - then have \fst (shd (stl ?s)) |\| {| (p\t/0\ # lhsd ?s, rhsd ?s) |}\ + then have \fst (shd (stl ?s)) |\| {| (\t\p # lhsd ?s, rhsd ?s) |}\ using assms(1) epath_sdrop epath_eff by (metis (no_types, lifting) eff.simps(7) epath.cases option.distinct(1) prod.collapse) - then have \p\t/0\ [\] lhs (shd (stl ?s))\ + then have \\t\p [\] lhs (shd (stl ?s))\ by auto - then have \p\t/0\ \ treeA (stl ?s)\ + then have \\t\p \ treeA (stl ?s)\ unfolding treeA_def by (meson UN_I shd_sset) - then show \p\t/0\ \ treeA steps\ + then show \\t\p \ treeA steps\ using treeA_sdrop by (metis sdrop_simps(2) subsetD) qed next fix p assume *: \\<^bold>\p \ treeB steps\ then have \\k. enabled (UniR p) (fst (shd (sdrop k steps)))\ unfolding enabled_def using treeB_snth by (metis eff.simps(8) prod.exhaust_sel sdrop_simps(1)) then obtain j where \takenAtStep (UniR p) (shd (sdrop j steps))\(is \takenAtStep _ (shd ?s)\) using enabled_ex_taken[OF epath_sdrop[OF assms(1)] Saturated_sdrop[OF assms(2)]] by auto then have \fst (shd (stl ?s)) |\| - {| (lhsd ?s, p\\<^bold>#(fresh (lhsd ?s @ rhsd ?s))/0\ # rhsd ?s [\
] \<^bold>\p) |}\ + {| (lhsd ?s, \\<^bold>#(fresh (lhsd ?s @ rhsd ?s))\p # rhsd ?s [\
] \<^bold>\p) |}\ using assms(1) epath_sdrop epath_eff by (metis (no_types, lifting) eff.simps(8) epath.cases option.distinct(1) prod.collapse) - then have \\t. p\t/0\ [\] rhs (shd (stl ?s))\ + then have \\t. \t\p [\] rhs (shd (stl ?s))\ by auto - then have \\t. p\t/0\ \ treeB (stl ?s)\ + then have \\t. \t\p \ treeB (stl ?s)\ unfolding treeB_def by (meson UN_I shd_sset) - then show \\t. p\t/0\ \ treeB steps\ + then show \\t. \t\p \ treeB steps\ using treeB_sdrop by (metis sdrop_simps(2) subsetD) qed subsection \Completeness\ lemma fair_stream_rules: \Fair_Stream.fair rules\ unfolding rules_def using fair_stream surj_rule_of_nat . lemma fair_rules: \fair rules\ using fair_stream_rules unfolding Fair_Stream.fair_def fair_def alw_iff_sdrop ev_holds_sset by (metis dual_order.refl le_Suc_ex sdrop_snth snth_sset) lemma epath_prover: fixes A B :: \fm list\ defines \t \ prover (A, B)\ shows \(fst (root t) = (A, B) \ wf t \ tfinite t) \ (\steps. fst (shd steps) = (A, B) \ epath steps \ Saturated steps)\ (is \?A \ ?B\) proof - { assume \\ ?A\ with assms have \\ tfinite (mkTree rules (A, B))\ unfolding prover_def using wf_mkTree fair_rules by simp then obtain steps where \ipath (mkTree rules (A, B)) steps\ using Konig by blast with assms have \fst (shd steps) = (A, B) \ epath steps \ Saturated steps\ by (metis (no_types, lifting) fair_rules UNIV_I fst_conv ipath.cases ipath_mkTree_Saturated mkTree.simps(1) wf_ipath_epath wf_mkTree) then have ?B by blast } then show ?thesis by blast qed lemma epath_countermodel: assumes \fst (shd steps) = (A, B)\ \epath steps\ \Saturated steps\ shows \\(E :: _ \ tm) F G. \ sc (E, F, G) (A, B)\ proof - have \Hintikka (treeA steps) (treeB steps)\ (is \Hintikka ?A ?B\) using assms Hintikka_epath assms by simp moreover have \\p [\] A. p \ ?A\ \\p [\] B. p \ ?B\ using assms shd_sset unfolding treeA_def treeB_def by fastforce+ ultimately have \\p [\] A. M ?A p\ \\p [\] B. \ M ?A p\ using Hintikka_counter_model assms by blast+ then show ?thesis by auto qed theorem prover_completeness: assumes \\(E :: _ \ tm) F G. sc (E, F, G) (A, B)\ defines \t \ prover (A, B)\ shows \fst (root t) = (A, B) \ wf t \ tfinite t\ using assms epath_prover epath_countermodel by blast corollary assumes \\(E :: _ \ tm) F G. \E, F, G\ p\ defines \t \ prover ([], [p])\ shows \fst (root t) = ([], [p]) \ wf t \ tfinite t\ using assms prover_completeness by simp end diff --git a/thys/FOL_Seq_Calc3/Fair_Stream.thy b/thys/FOL_Seq_Calc3/Fair_Stream.thy --- a/thys/FOL_Seq_Calc3/Fair_Stream.thy +++ b/thys/FOL_Seq_Calc3/Fair_Stream.thy @@ -1,89 +1,89 @@ section \Fair Streams\ theory Fair_Stream imports "HOL-Library.Stream" begin definition upt_lists :: \nat list stream\ where \upt_lists \ smap (upt 0) (stl nats)\ definition fair_nats :: \nat stream\ where \fair_nats \ flat upt_lists\ definition fair :: \'a stream \ bool\ where \fair s \ \x \ sset s. \m. \n \ m. s !! n = x\ lemma upt_lists_snth: \x \ n \ x \ set (upt_lists !! n)\ unfolding upt_lists_def by auto lemma all_ex_upt_lists: \\n \ m. x \ set (upt_lists !! n)\ using upt_lists_snth by (meson dual_order.strict_trans1 gt_ex nle_le) lemma upt_lists_ne: \\xs \ sset upt_lists. xs \ []\ unfolding upt_lists_def by (simp add: sset_range) lemma sset_flat_stl: \sset (flat (stl s)) \ sset (flat s)\ proof (cases s) case (SCons x xs) then show ?thesis by (cases x) (simp add: stl_sset subsetI, auto) qed lemma flat_snth_nth: assumes \x = s !! n ! m\ \m < length (s !! n)\ \\xs \ sset s. xs \ []\ shows \\n' \ n. x = flat s !! n'\ using assms proof (induct n arbitrary: s) case 0 then show ?case using flat_snth by fastforce next case (Suc n) have \?case = (\n' \ n. x = flat s !! Suc n')\ by (metis Suc_le_D Suc_le_mono) also have \\ = (\n' \ n. x = stl (flat s) !! n')\ by simp finally have \?case = (\n' \ n. x = (tl (shd s) @- flat (stl s)) !! n')\ using Suc.prems flat_unfold by (simp add: shd_sset) then have ?case if \\n' \ n. x = flat (stl s) !! n'\ using that by (metis (no_types, opaque_lifting) add.commute add_diff_cancel_left' dual_order.trans le_add2 shift_snth_ge) moreover { have \x = stl s !! n ! m\ \ m < length (stl s !! n)\ using Suc.prems by simp_all moreover have \\xs \ sset (stl s). xs \ []\ using Suc.prems by (cases s) simp_all ultimately have \\n' \ n. x = flat (stl s) !! n'\ using Suc.hyps by blast } ultimately show ?case . qed lemma all_ex_fair_nats: \\n \ m. fair_nats !! n = x\ proof - have \\n \ m. x \ set (upt_lists !! n)\ using all_ex_upt_lists . then have \\n \ m. \k < length (upt_lists !! n). upt_lists !! n ! k = x\ by (simp add: in_set_conv_nth) then obtain n k where \m \ n\ \k < length (upt_lists !! n)\ \upt_lists !! n ! k = x\ by blast then obtain n' where \n \ n'\ \x = flat upt_lists !! n'\ using flat_snth_nth upt_lists_ne by metis moreover have \m \ n'\ using \m \ n\ \n \ n'\ by simp ultimately show ?thesis unfolding fair_nats_def by blast qed lemma fair_surj: assumes \surj f\ shows \fair (smap f fair_nats)\ using assms unfolding fair_def by (metis UNIV_I all_ex_fair_nats imageE snth_smap) definition fair_stream :: \(nat \ 'a) \ 'a stream\ where - \fair_stream f = smap f fair_nats\ + \fair_stream f \ smap f fair_nats\ theorem fair_stream: \surj f \ fair (fair_stream f)\ unfolding fair_stream_def using fair_surj . theorem UNIV_stream: \surj f \ sset (fair_stream f) = UNIV\ unfolding fair_stream_def using all_ex_fair_nats by (metis sset_range stream.set_map surjI) end diff --git a/thys/FOL_Seq_Calc3/Main.hs b/thys/FOL_Seq_Calc3/Main.hs --- a/thys/FOL_Seq_Calc3/Main.hs +++ b/thys/FOL_Seq_Calc3/Main.hs @@ -1,61 +1,59 @@ import Prelude import Data.Char (chr, ord) import Data.List (intersperse) import System.Environment import Arith import Prover instance Show Arith.Nat where show (Nat n) = show n charFrom :: Char -> Arith.Nat -> Char charFrom c n = chr (ord c + fromInteger (Arith.integer_of_nat n)) instance Show Tm where show (Var n) = show n show (Fun f []) = charFrom 'a' f : "" show (Fun f ts) = charFrom 'f' f : "(" ++ concat (intersperse ", " (map show ts)) ++ ")" instance Show Fm where show Falsity = "Falsity" show (Pre p []) = charFrom 'P' p : "" show (Pre p ts) = charFrom 'P' p : "(" ++ concat (intersperse ", " (map show ts)) ++ ")" show (Imp p q) = "(" ++ show p ++ ") --> (" ++ show q ++ ")" show (Uni p) = "forall " ++ show p showRule :: Rule -> String showRule (Axiom n ts) = "Axiom on " ++ show (Pre n ts) showRule FlsL = "FlsL" showRule FlsR = "FlsR" showRule Idle = "Idle" showRule (ImpL p q) = "ImpL on " ++ show p ++ " and " ++ show q showRule (ImpR p q) = "ImpR on " ++ show p ++ " and " ++ show q showRule (UniL t p) = "UniL on " ++ show t ++ " and " ++ show p showRule (UniR p) = "UniR on " ++ show p showFms :: [Fm] -> String showFms ps = concat (intersperse ", " (map show ps)) showTree :: Int -> Tree (([Fm], [Fm]), Rule) -> String showTree n (Node ((l, r), rule) (Abs_fset (Set ts))) = let inc = if length ts > 1 then 2 else 0 in replicate n ' ' ++ showFms l ++ " |- " ++ showFms r ++ "\n" ++ replicate n ' ' ++ " + " ++ showRule rule ++ "\n" ++ concat (map (showTree (n + inc)) ts) --- deriving instance Read Arith.Nat - instance Read Arith.Nat where readsPrec d s = map (\(n, s) -> (Arith.Nat n, s)) (readsPrec d s :: [(Integer, String)]) deriving instance Read Tm deriving instance Read Fm main :: IO () main = do args <- getArgs let p = read (head args) :: Fm let res = prove p putStrLn (showTree 0 res) diff --git a/thys/FOL_Seq_Calc3/Prover.thy b/thys/FOL_Seq_Calc3/Prover.thy --- a/thys/FOL_Seq_Calc3/Prover.thy +++ b/thys/FOL_Seq_Calc3/Prover.thy @@ -1,48 +1,48 @@ section \Prover\ theory Prover imports "Abstract_Completeness.Abstract_Completeness" Encoding Fair_Stream begin function eff :: \rule \ sequent \ (sequent fset) option\ where \eff Idle (A, B) = Some {| (A, B) |}\ -| \eff (Axiom n ts) (A, B) = (if \<^bold>\n ts [\] A \ \<^bold>\n ts [\] B then +| \eff (Axiom P ts) (A, B) = (if \<^bold>\P ts [\] A \ \<^bold>\P ts [\] B then Some {||} else None)\ | \eff FlsL (A, B) = (if \<^bold>\ [\] A then Some {||} else None)\ | \eff FlsR (A, B) = (if \<^bold>\ [\] B then Some {| (A, B [\
] \<^bold>\) |} else None)\ | \eff (ImpL p q) (A, B) = (if (p \<^bold>\ q) [\] A then Some {| (A [\
] (p \<^bold>\ q), p # B), (q # A [\
] (p \<^bold>\ q), B) |} else None)\ | \eff (ImpR p q) (A, B) = (if (p \<^bold>\ q) [\] B then Some {| (p # A, q # B [\
] (p \<^bold>\ q)) |} else None)\ | \eff (UniL t p) (A, B) = (if \<^bold>\p [\] A then - Some {| (p\t/0\ # A, B) |} else None)\ + Some {| (\t\p # A, B) |} else None)\ | \eff (UniR p) (A, B) = (if \<^bold>\p [\] B then - Some {| (A, p\\<^bold>#(fresh (A @ B))/0\ # B [\
] \<^bold>\p) |} else None)\ + Some {| (A, \\<^bold>#(fresh (A @ B))\p # B [\
] \<^bold>\p) |} else None)\ by pat_completeness auto termination by (relation \measure size\) standard definition rules :: \rule stream\ where \rules \ fair_stream rule_of_nat\ lemma UNIV_rules: \sset rules = UNIV\ unfolding rules_def using UNIV_stream surj_rule_of_nat . interpretation RuleSystem \\r s ss. eff r s = Some ss\ rules UNIV by unfold_locales (auto simp: UNIV_rules intro: exI[of _ Idle]) lemma per_rules': assumes \enabled r (A, B)\ \\ enabled r (A', B')\ \eff r' (A, B) = Some ss'\ \(A', B') |\| ss'\ shows \r' = r\ using assms by (cases r r' rule: rule.exhaust[case_product rule.exhaust]) (unfold enabled_def, auto split: if_splits) lemma per_rules: \per r\ unfolding per_def UNIV_rules using per_rules' by fast interpretation PersistentRuleSystem \\r s ss. eff r s = Some ss\ rules UNIV using per_rules by unfold_locales definition \prover \ mkTree rules\ end diff --git a/thys/FOL_Seq_Calc3/Semantics.thy b/thys/FOL_Seq_Calc3/Semantics.thy --- a/thys/FOL_Seq_Calc3/Semantics.thy +++ b/thys/FOL_Seq_Calc3/Semantics.thy @@ -1,87 +1,66 @@ section \Semantics\ theory Semantics imports Syntax begin -subsection \Shift\ - -definition shift :: \(nat \ 'a) \ nat \ 'a \ nat \ 'a\ - (\_\_:_\\ [90, 0, 0] 91) where - \E\n:x\ = (\m. if m < n then E m else if m = n then x else E (m-1))\ - -lemma shift_eq [simp]: \n = m \ (E\n:x\) m = x\ - by (simp add: shift_def) - -lemma shift_gt [simp]: \m < n \ (E\n:x\) m = E m\ - by (simp add: shift_def) - -lemma shift_lt [simp]: \n < m \ (E\n:x\) m = E (m-1)\ - by (simp add: shift_def) - -lemma shift_commute [simp]: \E\n:y\\0:x\ = E\0:x\\n+1:y\\ -proof - fix m - show \(E\n:y\\0:x\) m = (E\0:x\\n+1:y\) m\ - unfolding shift_def by (cases m) simp_all -qed - subsection \Definition\ type_synonym 'a var_denot = \nat \ 'a\ type_synonym 'a fun_denot = \nat \ 'a list \ 'a\ type_synonym 'a pre_denot = \nat \ 'a list \ bool\ primrec semantics_tm :: \'a var_denot \ 'a fun_denot \ tm \ 'a\ (\\_, _\\) where \\E, F\ (\<^bold>#n) = E n\ | \\E, F\ (\<^bold>\f ts) = F f (map \E, F\ ts)\ primrec semantics_fm :: \'a var_denot \ 'a fun_denot \ 'a pre_denot \ fm \ bool\ (\\_, _, _\\) where \\_, _, _\ \<^bold>\ = False\ | \\E, F, G\ (\<^bold>\P ts) = G P (map \E, F\ ts)\ | \\E, F, G\ (p \<^bold>\ q) = (\E, F, G\ p \ \E, F, G\ q)\ -| \\E, F, G\ (\<^bold>\p) = (\x. \E\0:x\, F, G\ p)\ +| \\E, F, G\ (\<^bold>\p) = (\x. \x \ E, F, G\ p)\ fun sc :: \('a var_denot \ 'a fun_denot \ 'a pre_denot) \ sequent \ bool\ where \sc (E, F, G) (A, B) = ((\p [\] A. \E, F, G\ p) \ (\q [\] B. \E, F, G\ q))\ -subsection \Instantiation\ +subsection \Substitution\ -lemma lift_lemma [simp]: \\E\0:x\, F\ (\<^bold>\t) = \E, F\ t\ +lemma add_env_semantics [simp]: \\E, F\ ((t \ s) n) = (\E, F\ t \ \m. \E, F\ (s m)) n\ + by (induct n) simp_all + +lemma lift_lemma [simp]: \\x \ E, F\ (lift_tm t) = \E, F\ t\ by (induct t) (auto cong: map_cong) -lemma inst_tm_semantics [simp]: \\E, F\ (t\s/m\) = \E\m:\E, F\ s\, F\ t\ +lemma sub_tm_semantics [simp]: \\E, F\ (sub_tm s t) = \\n. \E, F\ (s n), F\ t\ by (induct t) (auto cong: map_cong) -lemma inst_fm_semantics [simp]: \\E, F, G\ (p\t/m\) = \E\m:\E, F\ t\, F, G\ p\ - by (induct p arbitrary: E m t) (auto cong: map_cong) +lemma sub_fm_semantics [simp]: \\E, F, G\ (sub_fm s p) = \\n. \E, F\ (s n), F, G\ p\ + by (induct p arbitrary: E s) (auto cong: map_cong) subsection \Variables\ lemma upd_vars_tm [simp]: \n [\] vars_tm t \ \E(n := x), F\ t = \E, F\ t\ by (induct t) (auto cong: map_cong) -lemma shift_upd_commute: \m \ n \ (E(n := x)\m:y\) = ((E\m:y\)(Suc n := x))\ - unfolding shift_def by fastforce +lemma add_upd_commute [simp]: \(y \ E(n := x)) m = ((y \ E)(Suc n := x)) m\ + by (induct m) simp_all lemma upd_vars_fm [simp]: \max_list (vars_fm p) < n \ \E(n := x), F, G\ p = \E, F, G\ p\ proof (induct p arbitrary: E n) case (Pre P ts) moreover have \max_list (concat (map vars_tm ts)) < n\ using Pre.prems max_list_concat by simp then have \n [\] concat (map vars_tm ts)\ using max_list_in by blast then have \\t [\] ts. n [\] vars_tm t\ by simp ultimately show ?case using upd_vars_tm by (metis list.map_cong semantics_fm.simps(2)) next case (Uni p) - have \?case = ((\y. \E(n := x)\0:y\, F, G\ p) = (\y. \E\0:y\, F, G\ p))\ + have \?case = ((\y. \\m. (y \ E(n := x)) m, F, G\ p) = (\y. \y \ E, F, G\ p))\ by (simp add: fun_upd_def) - also have \\ = ((\y. \(E\0:y\)(n + 1 := x), F, G\ p) = (\y. \E\0:y\, F, G\ p))\ - by (simp add: shift_upd_commute) - finally show ?case - using Uni by fastforce + then show ?case + using Uni by simp qed (auto simp: max_list_append cong: map_cong) end diff --git a/thys/FOL_Seq_Calc3/Soundness.thy b/thys/FOL_Seq_Calc3/Soundness.thy --- a/thys/FOL_Seq_Calc3/Soundness.thy +++ b/thys/FOL_Seq_Calc3/Soundness.thy @@ -1,51 +1,53 @@ section \Soundness\ theory Soundness imports "Abstract_Soundness.Finite_Proof_Soundness" Prover Semantics begin lemma eff_sound: - fixes E :: \_ \ 'a\ assumes \eff r (A, B) = Some ss\ \\A B. (A, B) |\| ss \ (\(E :: _ \ 'a). sc (E, F, G) (A, B))\ shows \sc (E, F, G) (A, B)\ using assms proof (induct r \(A, B)\ rule: eff.induct) case (5 p q) then have \sc (E, F, G) (A [\
] (p \<^bold>\ q), p # B)\ \sc (E, F, G) (q # A [\
] (p \<^bold>\ q), B)\ by (metis eff.simps(5) finsertCI option.inject option.simps(3))+ then show ?case using "5.prems"(1) by (force split: if_splits) next case (7 t p) - then have \sc (E, F, G) (p\t/0\ # A, B)\ + then have \sc (E, F, G) (\t\p # A, B)\ by (metis eff.simps(7) finsert_iff option.inject option.simps(3)) then show ?case using "7.prems"(1) by (fastforce split: if_splits) next case (8 p) let ?n = \fresh (A @ B)\ have A: \\p [\] A. max_list (vars_fm p) < ?n\ and B: \\p [\] B. max_list (vars_fm p) < ?n\ unfolding fresh_def using max_list_vars_fms max_list_mono vars_fms_member by (metis Un_iff le_imp_less_Suc set_append)+ - from 8 have \sc (E(?n := x), F, G) (A, p\\<^bold>#?n/0\ # B [\
] \<^bold>\ p)\ for x + from 8 have \sc (E(?n := x), F, G) (A, \\<^bold>#?n\p # B [\
] \<^bold>\p)\ for x by (metis eff.simps(8) finsert_iff option.inject option.simps(3)) then have \(\p [\] A. \E, F, G\ p) \ - (\x. \(E\0:x\)(Suc ?n := x), F, G\ p) \ (\q [\] B [\
] \<^bold>\ p. \E, F, G\ q)\ - using A B upd_vars_fm by (auto simp: shift_upd_commute) + (\x. \(x \ \m. (E(?n := x)) m), F, G\ p) \ (\q [\] B [\
] \<^bold>\p. \E, F, G\ q)\ + using A B upd_vars_fm by fastforce + then have \(\p [\] A. \E, F, G\ p) \ + (\x. \((x \ E)(Suc ?n := x)), F, G\ p) \ (\q [\] B [\
] \<^bold>\p. \E, F, G\ q)\ + unfolding add_upd_commute by blast moreover have \max_list (vars_fm p) < ?n\ using B "8.prems"(1) by (metis eff.simps(8) option.distinct(1) vars_fm.simps(4)) - ultimately have \sc (E, F, G) (A, \<^bold>\p # (B [\
] \<^bold>\ p))\ + ultimately have \sc (E, F, G) (A, \<^bold>\p # (B [\
] \<^bold>\p))\ by auto moreover have \\<^bold>\p [\] B\ using "8.prems"(1) by (simp split: if_splits) ultimately show ?case by (metis (full_types) Diff_iff sc.simps set_ConsD set_removeAll) qed (fastforce split: if_splits)+ interpretation Soundness \\r s ss. eff r s = Some ss\ rules UNIV sc unfolding Soundness_def using eff_sound by fast theorem prover_soundness: assumes \tfinite t\ and \wf t\ shows \sc (E, F, G) (fst (root t))\ using assms soundness by fast end diff --git a/thys/FOL_Seq_Calc3/Syntax.thy b/thys/FOL_Seq_Calc3/Syntax.thy --- a/thys/FOL_Seq_Calc3/Syntax.thy +++ b/thys/FOL_Seq_Calc3/Syntax.thy @@ -1,93 +1,97 @@ section \Syntax\ theory Syntax imports List_Syntax begin subsection \Terms and Formulas\ datatype tm = Var nat (\\<^bold>#\) | Fun nat \tm list\ (\\<^bold>\\) datatype fm = Falsity (\\<^bold>\\) | Pre nat \tm list\ (\\<^bold>\\) | Imp fm fm (infixr \\<^bold>\\ 55) | Uni fm (\\<^bold>\\) type_synonym sequent = \fm list \ fm list\ -subsubsection \Instantiation\ - -primrec lift_tm :: \tm \ tm\ (\\<^bold>\\) where - \\<^bold>\(\<^bold>#n) = \<^bold>#(n+1)\ -| \\<^bold>\(\<^bold>\f ts) = \<^bold>\f (map \<^bold>\ ts)\ +subsubsection \Substitution\ -primrec inst_tm :: \tm \ tm \ nat \ tm\ (\_'\_'/_'\\ [90, 0, 0] 91) where - \(\<^bold>#n)\s/m\ = (if n < m then \<^bold>#n else if n = m then s else \<^bold>#(n-1))\ -| \(\<^bold>\f ts)\s/m\ = \<^bold>\f (map (\t. t\s/m\) ts)\ +primrec add_env (infix \\\ 0) where + \(t \ s) 0 = t\ +| \(t \ s) (Suc n) = s n\ -primrec inst_fm :: \fm \ tm \ nat \ fm\ (\_'\_'/_'\\ [90, 0, 0] 91) where - \\<^bold>\\_/_\ = \<^bold>\\ -| \(\<^bold>\P ts)\s/m\ = \<^bold>\P (map (\t. t\s/m\) ts)\ -| \(p \<^bold>\ q)\s/m\ = (p\s/m\ \<^bold>\ q\s/m\)\ -| \(\<^bold>\p)\s/m\ = \<^bold>\(p\\<^bold>\s/m+1\)\ +primrec lift_tm where + \lift_tm (\<^bold>#n) = \<^bold>#(n+1)\ +| \lift_tm (\<^bold>\f ts) = \<^bold>\f (map lift_tm ts)\ + +primrec sub_tm where + \sub_tm s (\<^bold>#n) = s n\ +| \sub_tm s (\<^bold>\f ts) = \<^bold>\f (map (sub_tm s) ts)\ + +primrec sub_fm where + \sub_fm s \<^bold>\ = \<^bold>\\ +| \sub_fm s (\<^bold>\P ts) = \<^bold>\P (map (sub_tm s) ts)\ +| \sub_fm s (p \<^bold>\ q) = sub_fm s p \<^bold>\ sub_fm s q\ +| \sub_fm s (\<^bold>\p) = \<^bold>\(sub_fm (\<^bold>#0 \ \n. lift_tm (s n)) p)\ + +abbreviation inst_single (\\_\\) where + \\t\p \ sub_fm (t \ \<^bold>#) p\ subsubsection \Variables\ primrec vars_tm :: \tm \ nat list\ where \vars_tm (\<^bold>#n) = [n]\ | \vars_tm (\<^bold>\_ ts) = concat (map vars_tm ts)\ primrec vars_fm :: \fm \ nat list\ where \vars_fm \<^bold>\ = []\ | \vars_fm (\<^bold>\_ ts) = concat (map vars_tm ts)\ | \vars_fm (p \<^bold>\ q) = vars_fm p @ vars_fm q\ | \vars_fm (\<^bold>\p) = vars_fm p\ primrec max_list :: \nat list \ nat\ where \max_list [] = 0\ | \max_list (x # xs) = max x (max_list xs)\ -definition max_var_fm :: \fm \ nat\ where - \max_var_fm p = max_list (vars_fm p)\ - lemma max_list_append: \max_list (xs @ ys) = max (max_list xs) (max_list ys)\ by (induct xs) auto lemma max_list_concat: \xs [\] xss \ max_list xs \ max_list (concat xss)\ by (induct xss) (auto simp: max_list_append) lemma max_list_in: \max_list xs < n \ n [\] xs\ by (induct xs) auto definition vars_fms :: \fm list \ nat list\ where \vars_fms A \ concat (map vars_fm A)\ lemma vars_fms_member: \p [\] A \ vars_fm p [\] vars_fms A\ unfolding vars_fms_def by (induct A) auto lemma max_list_mono: \A [\] B \ max_list A \ max_list B\ by (induct A) (simp, metis linorder_not_le list.set_intros(1) max.absorb2 max.absorb3 max_list.simps(2) max_list_in set_subset_Cons subset_code(1)) lemma max_list_vars_fms: assumes \max_list (vars_fms A) \ n\ \p [\] A\ shows \max_list (vars_fm p) \ n\ using assms max_list_mono vars_fms_member by (meson dual_order.trans) definition fresh :: \fm list \ nat\ where \fresh A \ Suc (max_list (vars_fms A))\ subsection \Rules\ datatype rule = Idle | Axiom nat \tm list\ | FlsL | FlsR | ImpL fm fm | ImpR fm fm | UniL tm fm | UniR fm end