diff --git a/thys/Stalnaker_Logic/Stalnaker_Logic.thy b/thys/Stalnaker_Logic/Stalnaker_Logic.thy --- a/thys/Stalnaker_Logic/Stalnaker_Logic.thy +++ b/thys/Stalnaker_Logic/Stalnaker_Logic.thy @@ -1,599 +1,603 @@ (* File: Stalnaker_Logic.thy Author: Laura Gamboa Guzman This work is a formalization of Stalnaker's epistemic logic with countably many agents and its soundness and completeness theorems, as well as the equivalence between the axiomatization of S4 available in the Epistemic Logic theory and the topological one. It builds on the Epistemic_Logic theory by A.H. From. *) theory Stalnaker_Logic imports "Epistemic_Logic.Epistemic_Logic" begin section \Utility\ subsection \Some properties of Normal Modal Logics\ lemma duality_taut: \tautology (((K i p) \<^bold>\ K i (\<^bold>\q))\<^bold>\ ((L i q) \<^bold>\ (\<^bold>\ K i p)))\ by force lemma K_imp_trans: assumes \A \ (p \<^bold>\ q)\ \A \ (q \<^bold>\ r)\ shows \A \ (p \<^bold>\ r)\ proof - have \tautology ((p \<^bold>\ q) \<^bold>\ ( (q \<^bold>\ r) \<^bold>\ (p \<^bold>\ r)))\ by fastforce then show ?thesis by (meson A1 R1 assms(1) assms(2)) qed lemma K_imp_trans': assumes \A \ (q \<^bold>\ r)\ shows \A \ ((p \<^bold>\ q) \<^bold>\ (p \<^bold>\ r))\ proof - have \tautology ((q \<^bold>\ r) \<^bold>\ ((p \<^bold>\ q) \<^bold>\ (p \<^bold>\ r)))\ by fastforce then show ?thesis using A1 R1 assms by blast qed lemma K_imply_multi: assumes \A \ (a \<^bold>\ b)\ and \A \ (a \<^bold>\ c)\ shows \A \ (a \<^bold>\ (b\<^bold>\c))\ proof - have \tautology ((a\<^bold>\b)\<^bold>\(a\<^bold>\c)\<^bold>\(a\<^bold>\(b\<^bold>\c)))\ by force then have \A \ ((a\<^bold>\b)\<^bold>\(a\<^bold>\c)\<^bold>\(a\<^bold>\(b\<^bold>\c)))\ using A1 by blast then have \A \ ((a\<^bold>\c)\<^bold>\(a\<^bold>\(b\<^bold>\c)))\ using assms(1) R1 by blast then show ?thesis using assms(2) R1 by blast qed lemma K_multi_imply: assumes \A \ (a \<^bold>\ b \<^bold>\ c)\ shows \A \ ((a\<^bold>\b) \<^bold>\ c)\ proof - have \tautology ((a \<^bold>\ b \<^bold>\ c) \<^bold>\ ((a\<^bold>\b) \<^bold>\ c))\ by force then have \A \ ((a \<^bold>\ b \<^bold>\ c) \<^bold>\ ((a\<^bold>\b) \<^bold>\ c))\ using A1 by blast then show ?thesis using assms R1 by blast qed lemma K_thm: \A \ ((K i p) \<^bold>\ (L i q) \<^bold>\ L i (p \<^bold>\ q))\ proof - have \tautology (p \<^bold>\ (\<^bold>\(p \<^bold>\ q)) \<^bold>\ \<^bold>\ q)\ by force then have \A \ (p \<^bold>\ (\<^bold>\(p \<^bold>\ q)) \<^bold>\ \<^bold>\ q)\ by (simp add: A1) then have \A \ ((K i p) \<^bold>\ K i ((\<^bold>\(p \<^bold>\ q)) \<^bold>\ \<^bold>\ q))\ and \A \ (K i ((\<^bold>\(p \<^bold>\ q)) \<^bold>\ \<^bold>\ q) \<^bold>\ K i (\<^bold>\(p \<^bold>\ q)) \<^bold>\ K i (\<^bold>\ q))\ apply (simp add: K_map) by (meson K_A2') then have \A \ ((K i p) \<^bold>\ K i (\<^bold>\(p \<^bold>\ q)) \<^bold>\ K i (\<^bold>\ q))\ using K_imp_trans by blast then have \A \ ((K i p) \<^bold>\ L i (q) \<^bold>\ L i (p \<^bold>\ q))\ by (metis AK.simps K_imp_trans duality_taut) then show ?thesis by (simp add: K_multi_imply) qed primrec conjunct :: \'i fm list \ 'i fm\ where \conjunct [] = \<^bold>\\ | \conjunct (p#ps) = (p \<^bold>\ conjunct ps)\ lemma imply_conjunct: \tautology ((imply G p) \<^bold>\ ((conjunct G) \<^bold>\ p))\ apply(induction G) apply simp by force lemma conjunct_imply: \tautology (((conjunct G) \<^bold>\ p) \<^bold>\(imply G p))\ by (induct G) simp_all lemma K_imply_conjunct: assumes \A \ imply G p\ shows \A \ ((conjunct G) \<^bold>\ p)\ using A1 R1 assms imply_conjunct by blast lemma K_conjunct_imply: assumes \A \ ((conjunct G) \<^bold>\ p)\ shows \A \ imply G p\ using A1 R1 assms conjunct_imply by blast lemma K_conj_imply_factor: fixes A :: \(('i :: countable) fm \ bool)\ shows \A \ ((((K i p) \<^bold>\ (K i q)) \<^bold>\ r) \<^bold>\((K i (p \<^bold>\ q)) \<^bold>\ r))\ proof - have *: \A \ ((K i (p \<^bold>\ q)) \<^bold>\ ((K i p) \<^bold>\ (K i q)))\ proof (rule ccontr) assume \\ A \ ((K i (p \<^bold>\ q)) \<^bold>\ ((K i p) \<^bold>\ (K i q)))\ then have \consistent A {\<^bold>\((K i (p \<^bold>\ q)) \<^bold>\ ((K i p) \<^bold>\ (K i q)))}\ by (metis imply.simps(1) inconsistent_imply insert_is_Un list.set(1)) let ?V = \Extend A {\<^bold>\((K i (p \<^bold>\ q)) \<^bold>\ ((K i p) \<^bold>\ (K i q)))} from_nat\ - let ?M = \Kripke (mcss A) pi (reach A)\ + let ?M = \\\ = mcss A, \ = reach A, \ = pi\\ have \?V \ \ ?M \ ?M, ?V \ \<^bold>\((K i (p \<^bold>\ q)) \<^bold>\ ((K i p) \<^bold>\ (K i q)))\ using canonical_model \consistent A {\<^bold>\ (K i (p \<^bold>\ q) \<^bold>\ K i p \<^bold>\ K i q)}\ - insert_iff kripke.sel(1) mem_Collect_eq by fastforce + insert_iff mem_Collect_eq by fastforce then have o: \?M, ?V \ ((K i (p \<^bold>\ q)) \<^bold>\ \<^bold>\((K i p) \<^bold>\ (K i q)))\ by auto then have \?M, ?V \ (K i (p \<^bold>\ q))\ \(?M, ?V \ \<^bold>\(K i p)) \ (?M, ?V \ \<^bold>\(K i q))\ by auto then have \\ U \ \ ?M \ \ ?M i ?V. ?M, U \(p \<^bold>\ q)\ \\ U \ \ ?M \ \ ?M i ?V. ?M, U \ ((\<^bold>\p) \<^bold>\ (\<^bold>\q))\ - apply (meson semantics.simps(6)) using o by auto then show False by simp qed then have \A \ (((K i (p \<^bold>\ q)) \<^bold>\ ((K i p) \<^bold>\ (K i q))) \<^bold>\ ((((K i p) \<^bold>\ (K i q)) \<^bold>\ r) \<^bold>\ ((K i (p \<^bold>\ q)) \<^bold>\ r)))\ by (simp add: A1) then show ?thesis using "*" R1 by blast qed lemma K_conjunction_in: \A \ (K i (p \<^bold>\ q) \<^bold>\ ((K i p) \<^bold>\ K i q))\ proof - have o1: \A \ ((p\<^bold>\q) \<^bold>\ p)\ and o2: \A \ ((p\<^bold>\q) \<^bold>\ q)\ apply(simp add: A1) by (simp add: A1) then have c1: \A \ (K i (p \<^bold>\ q) \<^bold>\ K i q)\ and c2: \A \ (K i (p \<^bold>\ q) \<^bold>\ K i p)\ apply (simp add: K_map o2) by (simp add: K_map o1) then show ?thesis by (simp add: K_imply_multi) qed lemma K_conjunction_in_mult: \A \ ((K i (conjunct G)) \<^bold>\ conjunct (map (K i) G))\ proof (induct G) case Nil then show ?case by (simp add: A1) case (Cons a G) then have \A \ ((K i (conjunct (a#G))) \<^bold>\ (K i (a \<^bold>\ conjunct G)))\ and \A \ ((K i (a \<^bold>\ conjunct G)) \<^bold>\ ((K i a) \<^bold>\ K i (conjunct G)))\ apply (simp add: A1) by (metis K_conjunction_in) then have o1: \A \ ((K i (conjunct (a#G))) \<^bold>\ ((K i a) \<^bold>\ K i (conjunct G)))\ using K_imp_trans by blast then have \A \ (((K i a) \<^bold>\ K i (conjunct G)) \<^bold>\ K i a)\ and o2: \A \ (((K i a) \<^bold>\ K i (conjunct G)) \<^bold>\ conjunct (map (K i) G))\ apply (simp add: A1) by (metis Cons.hyps K_imply_Cons K_multi_imply imply.simps(1) imply.simps(2)) then have \A \ (((K i a) \<^bold>\ K i (conjunct G)) \<^bold>\ (K i a) \<^bold>\ conjunct (map (K i) G))\ using K_imply_multi by blast then show ?case using K_imp_trans o1 by auto qed lemma K_conjunction_out: \A \ ((K i p) \<^bold>\ (K i q) \<^bold>\ K i (p \<^bold>\ q))\ proof - have \A \ (p \<^bold>\ q \<^bold>\ p\<^bold>\q)\ by (simp add: A1) then have \A \ K i (p \<^bold>\ q \<^bold>\ p\<^bold>\q)\ by (simp add: R2) then have \A \ ((K i p) \<^bold>\ K i (q \<^bold>\ p\<^bold>\q))\ by (simp add: K_map \A \ (p \<^bold>\ q \<^bold>\ p \<^bold>\ q)\) then have \A \ ((K i p) \<^bold>\ (K i q) \<^bold>\ K i (p\<^bold>\q))\ by (meson K_A2' K_imp_trans) then show ?thesis using K_multi_imply by blast qed lemma K_conjunction_out_mult: \A \ (conjunct (map (K i) G) \<^bold>\ (K i (conjunct G)))\ proof (induct G) case Nil then show ?case by (metis A1 K_imply_conjunct Nil_is_map_conv R2 conjunct.simps(1) eval.simps(5) imply.simps(1)) case (Cons a G) then have \A \ ((conjunct (map (K i) (a#G))) \<^bold>\ ((K i a) \<^bold>\ conjunct (map (K i) G)))\ by (simp add: A1) then have *: \A \ (((K i a) \<^bold>\ conjunct (map (K i) G))\<^bold>\ (K i a) \<^bold>\ K i (conjunct G))\ by (metis Cons.hyps K_imply_Cons K_imply_head K_imply_multi K_multi_imply imply.simps(1) imply.simps(2)) then have \A \ (((K i a) \<^bold>\ K i (conjunct G))\<^bold>\ K i (conjunct (a#G)))\ by (simp add: K_conjunction_out) then show ?case using "*" K_imp_trans by auto qed subsection \More on mcs's properties\ lemma mcs_conjunction: assumes \consistent A V\ and \maximal A V\ shows \p \ V \ q \ V \ (p \<^bold>\ q) \ V\ proof - have \tautology (p \<^bold>\ q \<^bold>\ (p\<^bold>\q))\ by force then have \(p \<^bold>\ q \<^bold>\ (p\<^bold>\q)) \ V\ using A1 assms(1) assms(2) deriv_in_maximal by blast then have \p \ V \ (q \<^bold>\ (p\<^bold>\q)) \ V\ by (meson assms(1) assms(2) consequent_in_maximal) then show ?thesis using assms(1) assms(2) consequent_in_maximal by blast qed lemma mcs_conjunction_mult: assumes \consistent A V\ and \maximal A V\ shows \(set (S :: ('i fm list)) \ V \ finite (set S)) \ (conjunct S) \ V\ proof(induct S) case Nil then show ?case by (metis K_Boole assms(1) assms(2) conjunct.simps(1) consistent_def inconsistent_subset maximal_def) case (Cons a S) then have \set S \ set (a#S)\ by (meson set_subset_Cons) then have c1: \ set (a # S) \ V \ finite (set (a # S)) \ conjunct (S) \ V \ a \ V\ using Cons by fastforce then have \ conjunct (S) \ V \ a \ V \ (conjunct (a#S)) \ V \ using assms(1) assms(2) mcs_conjunction by auto then show ?case using c1 by fastforce qed lemma reach_dualK: assumes \consistent A V\ \maximal A V\ and \consistent A W\ \maximal A W\ \W \ reach A i V\ shows \\p. p \ W \ (L i p) \ V\ proof (rule ccontr) assume \\ (\p. p \ W \ (L i p) \ V)\ then obtain p' where *: \p' \ W \ (L i p') \ V\ by presburger then have \(\<^bold>\ L i p') \ V\ using assms(1) assms(2) assms(3) assms(4) assms(5) exactly_one_in_maximal by blast then have \K i (\<^bold>\ p') \ V\ using assms(1) assms(2) exactly_one_in_maximal by blast then have \(\<^bold>\ p') \ W\ using assms(5) by blast then show False by (meson "*" assms(3) assms(4) exactly_one_in_maximal) qed lemma dual_reach: assumes \consistent A V\ \maximal A V\ shows \(L i p) \ V \ (\ W. W \ reach A i V \ p \ W)\ proof - have \(\W. W \ {W. known V i \ W} \ p \ W) \ (\W. W \ {W. known V i \ W} \ (\<^bold>\p) \ W)\ by blast then have \(\W. W \ {W. known V i \ W} \ (\<^bold>\p) \ W) \ (\ W. W \ reach A i V \ (\<^bold>\p) \ W)\ by fastforce then have \(\ W. W \ reach A i V \ (\<^bold>\p) \ W) \ ((K i (\<^bold>\p)) \ V)\ by blast then have \((K i (\<^bold>\p)) \ V) \ (\((L i p) \ V))\ using assms(1) assms(2) exactly_one_in_maximal by blast then have \(\W. W \ {W. known V i \ W} \ p \ W) \ \((L i p) \ V)\ by blast then show ?thesis by blast qed section \Ax.2\ definition weakly_directed :: \('i, 's) kripke \ bool\ where \weakly_directed M \ \i. \s \ \ M. \t \ \ M. \r \ \ M. (r \ \ M i s \ t \ \ M i s)\(\ u \ \ M. (u \ \ M i r \ u \ \ M i t))\ inductive Ax_2 :: \('i :: countable) fm \ bool\ where \Ax_2 (\<^bold>\ K i (\<^bold>\ K i p) \<^bold>\ K i (\<^bold>\ K i (\<^bold>\ p)))\ subsection \Soundness\ theorem weakly_directed: assumes \weakly_directed M\ \w \ \ M\ shows \M, w \ (L i (K i p) \<^bold>\ K i (L i p))\ proof assume \M, w \ (L i (K i p))\ then have \\v \ \ M \ \ M i w. M, v \ K i p\ by simp then have \\v \ \ M \ \ M i w. \u \ \ M \ \ M i v. M, u \ p\ using \weakly_directed M\ \w \ \ M\ unfolding weakly_directed_def by (metis IntE IntI semantics.simps(6)) then have \\v \ \ M \ \ M i w. M, v \ L i p\ by simp then show \M, w \ K i (L i p)\ by simp qed lemma soundness_Ax_2: \Ax_2 p \ weakly_directed M \ w \ \ M \ M, w \ p\ by (induct p rule: Ax_2.induct) (meson weakly_directed) subsection \Imply completeness\ lemma Ax_2_weakly_directed: fixes A :: \(('i :: countable) fm \ bool)\ assumes \\p. Ax_2 p \ A p\ \consistent A V\ \maximal A V\ and \consistent A W\ \maximal A W\ \consistent A U\ \maximal A U\ and \W \ reach A i V\ \U \ reach A i V\ shows \\X. (consistent A X) \ (maximal A X) \ X \ (reach A i W) \ (reach A i U)\ proof (rule ccontr) assume \\ ?thesis\ let ?S = \(known W i) \ (known U i)\ have \\ consistent A ?S\ by (smt (verit, best) Int_Collect \\X. consistent A X \ maximal A X \ X \ {Wa. known W i \ Wa} \ {W. known U i \ W}\ maximal_extension mem_Collect_eq sup.bounded_iff) then obtain S' where *: \A \ imply S' \<^bold>\\ \set S' \ ?S\ \finite (set S')\ unfolding consistent_def by blast let ?U = \filter (\p. p \ (known U i)) S'\ let ?W = \filter (\p. p \ (known W i)) S'\ let ?p = \conjunct ?U\ and ?q = \conjunct ?W\ have \(set ?U) \ (set ?W) = (set S')\ using * by auto then have \A \ imply ?U (imply ?W \<^bold>\)\ using K_imply_weaken imply_append by (metis (mono_tags, lifting) "*"(1) set_append subset_refl) then have \A \ (?p \<^bold>\ (imply ?W \<^bold>\))\ using K_imply_conjunct by blast then have \tautology ((imply ?W \<^bold>\) \<^bold>\ (?q \<^bold>\ \<^bold>\))\ using imply_conjunct by blast then have \A \ ((imply ?W \<^bold>\) \<^bold>\ (?q \<^bold>\ \<^bold>\))\ using A1 by blast then have \A \ (?p \<^bold>\ (?q \<^bold>\ \<^bold>\))\ using K_imp_trans \A \ (conjunct (filter (\p. p \ known U i) S') \<^bold>\ imply (filter (\p. p \ known W i) S') \<^bold>\)\ by blast then have o1: \A \ ((?p \<^bold>\ ?q) \<^bold>\ \<^bold>\)\ by (meson K_multi_imply) moreover have \set ?U \ (known U i)\ and \set ?W \ (known W i)\ and \\ p. p \ set ?U \ (K i p) \ U\ and \\ p. p \ set ?W \ (K i p) \ W\ by auto then have \set (map (K i) ?U) \ U\ and c1: \set (map (K i) ?W) \ W\ apply (metis (mono_tags, lifting) imageE set_map subsetI) by auto then have c2: \conjunct (map (K i) ?U) \ U\ and c2': \conjunct (map (K i) ?W) \ W\ using assms(6) assms(7) mcs_conjunction_mult apply blast using assms(4) assms(5) c1 mcs_conjunction_mult by blast then have \((conjunct (map (K i) ?U)) \<^bold>\ (K i ?p)) \ U\ and c3: \((conjunct (map (K i) ?W)) \<^bold>\ (K i ?q)) \ W\ apply (meson K_conjunction_out_mult assms(6) assms(7) deriv_in_maximal) by (meson K_conjunction_out_mult assms(4) assms(5) deriv_in_maximal) then have c4: \(K i ?p) \ U\ and c4': \(K i ?q) \ W\ using assms(6) assms(7) c2 consequent_in_maximal apply blast using assms(4) assms(5) c2' c3 consequent_in_maximal by blast then have \(L i (K i ?p)) \ V\ and c5: \(L i (K i ?q)) \ V\ using assms(2) assms(3) assms(6) assms(7) assms(9) exactly_one_in_maximal apply blast using assms(2) assms(3) assms(4) assms(5) assms(8) c4' exactly_one_in_maximal by blast then have \(K i (L i ?p)) \ V\ by (meson Ax_2.intros assms(1) assms(2) assms(3) ax_in_maximal consequent_in_maximal) then have \((K i (L i ?p)) \<^bold>\ (L i (K i ?q))) \ V\ using assms(2) assms(3) c5 mcs_conjunction by blast then have \(L i ((L i ?p) \<^bold>\ K i ?q)) \ V\ by (meson K_thm assms(2) assms(3) consequent_in_maximal deriv_in_maximal) then have \(L i ((K i ?q) \<^bold>\ L i ?p)) \ V\ by (smt (z3) \K i (L i (conjunct (filter (\p. p \ known U i) S'))) \ V\ assms(2) assms(3) assms(4) assms(5) assms(8) c4' exactly_one_in_maximal mcs_conjunction mem_Collect_eq subset_iff) then obtain Z' where z1:\(consistent A Z') \ (maximal A Z')\ and z2:\Z' \ (reach A i V)\ and z3: \((K i ?q) \<^bold>\ L i ?p) \ Z'\ using \K i (L i (conjunct (filter (\p. p \ known U i) S'))) \ V\ assms(4) assms(5) assms(8) c4' mcs_conjunction by blast then have z4: \(L i (?q \<^bold>\ ?p)) \ Z'\ by (metis K_thm consequent_in_maximal deriv_in_maximal) then have o2:\(L i (L i (?q \<^bold>\ ?p))) \ V\ using assms(2) assms(3) mcs_properties(2) z1 z2 by blast then have \A \ K i (K i (((?p \<^bold>\ ?q) \<^bold>\ \<^bold>\)))\ by (metis R2 o1) then have o3:\K i (K i (((?p \<^bold>\ ?q) \<^bold>\ \<^bold>\))) \ V\ using assms(2) assms(3) deriv_in_maximal by blast then obtain X1 where x1:\(consistent A X1) \ (maximal A X1)\ and x2:\X1 \ (reach A i V)\ and x3: \(L i (?q \<^bold>\ ?p)) \ X1\ using z1 z2 z4 by blast then have x4:\(K i (((?p \<^bold>\ ?q) \<^bold>\ \<^bold>\))) \ X1\ using o3 by blast then have t:\\x. \y. tautology (((x\<^bold>\y)\<^bold>\\<^bold>\)\<^bold>\\<^bold>\(y\<^bold>\x))\ by (metis eval.simps(4) eval.simps(5)) then have \(((?p\<^bold>\?q)\<^bold>\\<^bold>\)\<^bold>\\<^bold>\(?q\<^bold>\?p)) \ X1\ using A1 deriv_in_maximal x1 by blast then have \K i (((?p\<^bold>\?q)\<^bold>\\<^bold>\)\<^bold>\\<^bold>\(?q\<^bold>\?p)) \ X1\ by (meson A1 R2 deriv_in_maximal t x1) then have \(K i ((?p\<^bold>\?q)\<^bold>\\<^bold>\)\<^bold>\ K i (\<^bold>\(?q\<^bold>\?p))) \ X1\ by (meson K_A2' consequent_in_maximal deriv_in_maximal x1) then have \(K i ((?p\<^bold>\?q)\<^bold>\\<^bold>\)\<^bold>\ (\<^bold>\ L i(?q\<^bold>\?p))) \ X1\ using consequent_in_maximal exactly_one_in_maximal x1 x3 x4 by blast then have \(\<^bold>\ L i(?q\<^bold>\?p)) \ X1 \ (L i(?q\<^bold>\?p)) \ X1\ using consequent_in_maximal x1 x4 x3 by blast then show False using exactly_one_in_maximal x1 by blast qed lemma mcs\<^sub>_\<^sub>2_weakly_directed: fixes A :: \(('i :: countable) fm \ bool)\ assumes \\p. Ax_2 p \ A p\ - shows \weakly_directed (Kripke (mcss A) pi (reach A))\ + shows \weakly_directed \\ = mcss A, \ = reach A, \ = pi\\ unfolding weakly_directed_def proof (intro allI ballI, auto) fix i V U W assume \consistent A V\ \maximal A V\ \consistent A U\ \maximal A U\ \consistent A W\ \maximal A W\ \known V i \ U\ \known V i \ W\ then have \\X. (consistent A X) \ (maximal A X) \ X \ (reach A i W) \ (reach A i U)\ using Ax_2_weakly_directed [where A=A and V=V and W=W and U=U] assms IntD2 by simp then have \\X. (consistent A X) \ (maximal A X) \ X \ (reach A i W) \ X \ (reach A i U)\ by simp then show \\X. (consistent A X) \ (maximal A X) \ known W i \ X \ known U i \ X\ by auto qed lemma imply_completeness_K_2: assumes valid: \\(M :: ('i :: countable, 'i fm set) kripke). \w \ \ M. weakly_directed M \ (\q \ G. M, w \ q) \ M, w \ p\ shows \\qs. set qs \ G \ (Ax_2 \ imply qs p)\ proof (rule ccontr) assume \\qs. set qs \ G \ Ax_2 \ imply qs p\ then have *: \\qs. set qs \ G \ \ Ax_2 \ imply ((\<^bold>\ p) # qs) \<^bold>\\ using K_Boole by blast let ?S = \{\<^bold>\ p} \ G\ let ?V = \Extend Ax_2 ?S from_nat\ - let ?M = \Kripke (mcss Ax_2) pi (reach Ax_2)\ + let ?M = \\\ = mcss Ax_2, \ = reach Ax_2, \ = pi\\ have \consistent Ax_2 ?S\ using * by (metis K_imply_Cons consistent_def inconsistent_subset) then have \?M, ?V \ (\<^bold>\ p)\ \\q \ G. ?M, ?V \ q\ \consistent Ax_2 ?V\ \maximal Ax_2 ?V\ using canonical_model unfolding list_all_def by fastforce+ moreover have \weakly_directed ?M\ using mcs\<^sub>_\<^sub>2_weakly_directed [where A=Ax_2] by fast ultimately have \?M, ?V \ p\ using valid by auto then show False using \?M, ?V \ (\<^bold>\ p)\ by simp qed section \System S4.2\ abbreviation SystemS4_2 :: \('i :: countable) fm \ bool\ ("\\<^sub>S\<^sub>4\<^sub>2 _" [50] 50) where \\\<^sub>S\<^sub>4\<^sub>2 p \ AxT \ Ax4 \ Ax_2 \ p\ abbreviation AxS4_2 :: \('i :: countable) fm \ bool\ where \AxS4_2 \ AxT \ Ax4 \ Ax_2\ subsection \Soundness\ abbreviation w_directed_preorder :: \('i, 'w) kripke \ bool\ where \w_directed_preorder M \ reflexive M \ transitive M \ weakly_directed M\ lemma soundness_AxS4_2: \AxS4_2 p \ w_directed_preorder M \ w \ \ M \ M, w \ p\ using soundness_AxT soundness_Ax4 soundness_Ax_2 by metis lemma soundness\<^sub>S\<^sub>4\<^sub>2: \\\<^sub>S\<^sub>4\<^sub>2 p \ w_directed_preorder M \ w \ \ M \ M, w \ p\ using soundness soundness_AxS4_2 . subsection \Completeness\ lemma imply_completeness_S4_2: assumes valid: \\(M :: ('i :: countable, 'i fm set) kripke). \w \ \ M. w_directed_preorder M \ (\q \ G. M, w \ q) \ M, w \ p\ shows \\qs. set qs \ G \ (AxS4_2 \ imply qs p)\ proof (rule ccontr) assume \\qs. set qs \ G \ AxS4_2 \ imply qs p\ then have *: \\qs. set qs \ G \ \ AxS4_2 \ imply ((\<^bold>\ p) # qs) \<^bold>\\ using K_Boole by blast let ?S = \{\<^bold>\ p} \ G\ let ?V = \Extend AxS4_2 ?S from_nat\ - let ?M = \Kripke (mcss AxS4_2) pi (reach AxS4_2)\ + let ?M = \\\ = mcss AxS4_2, \ = reach AxS4_2, \ = pi\\ have \consistent AxS4_2 ?S\ using * by (metis (no_types, lifting) K_imply_Cons consistent_def inconsistent_subset) then have \?M, ?V \ (\<^bold>\ p)\ \\q \ G. ?M, ?V \ q\ \consistent AxS4_2 ?V\ \maximal AxS4_2 ?V\ using canonical_model unfolding list_all_def by fastforce+ moreover have \w_directed_preorder ?M\ - by (simp add: mcs\<^sub>T_reflexive mcs\<^sub>_\<^sub>2_weakly_directed mcs\<^sub>K\<^sub>4_transitive) + using reflexive\<^sub>T[of AxS4_2] mcs\<^sub>_\<^sub>2_weakly_directed[of AxS4_2] transitive\<^sub>K\<^sub>4[of AxS4_2] by auto ultimately have \?M, ?V \ p\ using valid by auto then show False using \?M, ?V \ (\<^bold>\ p)\ by simp qed lemma completeness\<^sub>S\<^sub>4\<^sub>2: assumes \\(M :: ('i :: countable, 'i fm set) kripke). \w \ \ M. w_directed_preorder M \ M, w \ p\ shows \\\<^sub>S\<^sub>4\<^sub>2 p\ using assms imply_completeness_S4_2[where G=\{}\] by auto abbreviation \valid\<^sub>S\<^sub>4\<^sub>2 p \ \(M :: (nat, nat fm set) kripke). \w \ \ M. w_directed_preorder M \ M, w \ p\ theorem main\<^sub>S\<^sub>4\<^sub>2: \valid\<^sub>S\<^sub>4\<^sub>2 p \ \\<^sub>S\<^sub>4\<^sub>2 p\ using soundness\<^sub>S\<^sub>4\<^sub>2 completeness\<^sub>S\<^sub>4\<^sub>2 by fast corollary assumes \w_directed_preorder M\ \w \ \ M\ shows \valid\<^sub>S\<^sub>4\<^sub>2 p \ M, w \ p\ using assms soundness\<^sub>S\<^sub>4\<^sub>2 completeness\<^sub>S\<^sub>4\<^sub>2 by fast section \Topological S4 axioms\ abbreviation DoubleImp (infixr "\<^bold>\" 25) where \(p\<^bold>\q) \ ((p \<^bold>\ q) \<^bold>\ (q \<^bold>\ p))\ inductive System_topoS4 :: \'i fm \ bool\ ("\\<^sub>T\<^sub>o\<^sub>p _" [50] 50) where A1': \tautology p \ \\<^sub>T\<^sub>o\<^sub>p p\ | AR: \\\<^sub>T\<^sub>o\<^sub>p ((K i (p \<^bold>\ q)) \<^bold>\ ((K i p) \<^bold>\ K i q))\ | AT': \\\<^sub>T\<^sub>o\<^sub>p (K i p \<^bold>\ p)\ | A4': \\\<^sub>T\<^sub>o\<^sub>p (K i p \<^bold>\ K i (K i p))\ | AN: \\\<^sub>T\<^sub>o\<^sub>p K i \<^bold>\\ | R1': \\\<^sub>T\<^sub>o\<^sub>p p \ \\<^sub>T\<^sub>o\<^sub>p (p \<^bold>\ q) \ \\<^sub>T\<^sub>o\<^sub>p q\ | RM: \\\<^sub>T\<^sub>o\<^sub>p (p \<^bold>\ q) \ \\<^sub>T\<^sub>o\<^sub>p ((K i p) \<^bold>\ K i q)\ lemma topoS4_trans: \\\<^sub>T\<^sub>o\<^sub>p ((p \<^bold>\ q) \<^bold>\ (q \<^bold>\ r) \<^bold>\ p \<^bold>\ r)\ by (simp add: A1') lemma topoS4_conjElim: \\\<^sub>T\<^sub>o\<^sub>p (p \<^bold>\ q \<^bold>\ q)\ by (simp add: A1') lemma topoS4_AxK: \\\<^sub>T\<^sub>o\<^sub>p (K i p \<^bold>\ K i (p \<^bold>\ q) \<^bold>\ K i q)\ proof - have \\\<^sub>T\<^sub>o\<^sub>p ((p \<^bold>\ (p \<^bold>\ q)) \<^bold>\ q)\ using A1' by force then have *: \\\<^sub>T\<^sub>o\<^sub>p (K i (p \<^bold>\ (p \<^bold>\ q)) \<^bold>\ K i q)\ using RM by fastforce then have \\\<^sub>T\<^sub>o\<^sub>p (K i p \<^bold>\ K i (p \<^bold>\ q) \<^bold>\ K i (p \<^bold>\ (p \<^bold>\ q)))\ using AR topoS4_conjElim System_topoS4.simps by fast then show ?thesis by (meson "*" System_topoS4.R1' topoS4_trans) qed lemma topoS4_NecR: assumes \\\<^sub>T\<^sub>o\<^sub>p p\ shows\\\<^sub>T\<^sub>o\<^sub>p K i p\ proof - have \\\<^sub>T\<^sub>o\<^sub>p (\<^bold>\ \<^bold>\ p)\ using assms by (metis System_topoS4.A1' System_topoS4.R1' conjunct.simps(1) imply.simps(1) imply_conjunct) then have \\\<^sub>T\<^sub>o\<^sub>p (K i \<^bold>\ \<^bold>\ K i p)\ using RM by force then show ?thesis by (meson AN System_topoS4.R1') qed -lemma S4_topoS4: \\\<^sub>S\<^sub>4 p \ \\<^sub>T\<^sub>o\<^sub>p p\ +lemma empty_S4: "{} \\<^sub>S\<^sub>4 p \ AxT \ Ax4 \ p" + by simp + +lemma S4_topoS4: \{} \\<^sub>S\<^sub>4 p \ \\<^sub>T\<^sub>o\<^sub>p p\ + unfolding empty_S4 proof (induct p rule: AK.induct) case (A2 i p q) then show ?case using topoS4_AxK . next case (Ax p) then show ?case using AT' A4' by (metis AxT.cases Ax4.cases) next case (R2 p) then show ?case by (simp add: topoS4_NecR) qed (meson System_topoS4.intros)+ lemma topoS4_S4: fixes p :: \('i :: countable) fm\ - shows \\\<^sub>T\<^sub>o\<^sub>p p \ \\<^sub>S\<^sub>4 p\ + shows \\\<^sub>T\<^sub>o\<^sub>p p \ {} \\<^sub>S\<^sub>4 p\ + unfolding empty_S4 proof (induct p rule: System_topoS4.induct) case (AT' i p) then show ?case by (simp add: Ax AxT.intros) next case (A4' i p) then show ?case by (simp add: Ax Ax4.intros) next case (AR i p q) then show ?case by (meson K_conj_imply_factor K_conjunction_in K_conjunction_out K_imp_trans' K_imply_multi R1) next case (AN i) - then have *: \\\<^sub>S\<^sub>4 \<^bold>\\ + then have *: \AxT \ Ax4 \ \<^bold>\\ by (simp add: A1) then show ?case by (simp add: * R2) next case (RM p q i) - then have \\\<^sub>S\<^sub>4 K i (p \<^bold>\ q)\ + then have \AxT \ Ax4 \ K i (p \<^bold>\ q)\ by (simp add: R2) then show ?case by (simp add: K_map RM.hyps(2)) qed (meson AK.intros)+ -theorem main\<^sub>S\<^sub>4': \valid\<^sub>S\<^sub>4 p \ (\\<^sub>T\<^sub>o\<^sub>p p)\ - using main\<^sub>S\<^sub>4 S4_topoS4 topoS4_S4 by blast +theorem main\<^sub>S\<^sub>4': \{} \\<^sub>S\<^sub>4 p \ (\\<^sub>T\<^sub>o\<^sub>p p)\ + using main\<^sub>S\<^sub>4[of "{}"] S4_topoS4 topoS4_S4 by blast end