diff --git a/thys/Belief_Revision/AGM_Contraction.thy b/thys/Belief_Revision/AGM_Contraction.thy new file mode 100755 --- /dev/null +++ b/thys/Belief_Revision/AGM_Contraction.thy @@ -0,0 +1,674 @@ +(*<*) +\\ ******************************************************************** + * Project : AGM Theory + * Version : 1.0 + * + * Authors : Valentin Fouillard, Safouan Taha, Frederic Boulanger + and Nicolas Sabouret + * + * This file : AGM contraction + * + * Copyright (c) 2021 Université Paris Saclay, France + * + * All rights reserved. + * + ******************************************************************************\ + +theory AGM_Contraction + +imports AGM_Logic AGM_Remainder + +begin +(*>*) + +section \Contractions\ +text\The first operator of belief change of the AGM framework is contraction. This operator consist to remove +a sentence @{term \\\} from a belief set @{term \K\} in such a way that @{term \K\} no longer imply @{term \\\}. + +In the following we will first axiomatize such operators at different levels of logics (Tarskian, supraclassical and compact) +and then we will give constructions satisfying these axioms. The following graph summarizes all equivalences we established: + +\includegraphics[width=\textwidth]{"graph_locales.pdf"} + +We will use the extension feature of locales in Isabelle/HOL to incrementally define the contraction +operator as shown by blue arrows in the previous figure. Then, using the interpretation feature of locales, we will prove the equivalence between +descriptive and constructive approaches at each level depending on the adopted logics (black arrows). +\ + +subsection\AGM contraction postulates\ +text\ +The operator of contraction is denoted by the symbol @{text \\
\} and respects the six following conditions : +\<^item> @{text \contract_closure\} : a belief set @{term \K\} contracted by @{term \\\} should be logically closed +\<^item> @{text \contract_inclusion\} : a contracted set @{term \K\} should be a subset of the original one +\<^item> @{text \contract_vacuity\} : if @{term \\\} is not included in a set @{term \K\} then the contraction of @{term \K\} by @{term \\\} involves no change at all +\<^item> @{text \contract_success\} : if a set @{term \K\} is contracted by @{term \\\} then @{term \K\} does not imply @{term \\\} +\<^item> @{text \contract_recovery\}: all propositions removed in a set @{term \K\} by contraction of @{term \\\} will be recovered by expansion of @{term \\\} +\<^item> @{text \contract_extensionality\} : Extensionality guarantees that the logic of contraction is extensional in the sense of allowing logically +quivalent sentences to be freely substituted for each other\ +locale AGM_Contraction = Tarskian_logic + +fixes contraction::\'a set \ 'a \ 'a set\ (infix \\
\ 55) +assumes contract_closure: \K = Cn(A) \ K \
\ = Cn(K \
\)\ + and contract_inclusion: \K = Cn(A) \ K \
\ \ K\ + and contract_vacuity: \K = Cn(A) \ \ \ K \ K \
\ = K\ + and contract_success: \K = Cn(A) \ \ \ Cn({}) \ \ \ K \
\\ + and contract_recovery: \K = Cn(A) \ K \ ((K \
\) \ \)\ + and contract_extensionality: \K = Cn(A) \ Cn({\}) = Cn({\}) \ K \
\ = K \
\\ + + +text\ +A full contraction is defined by two more postulates to rule the conjunction. We base on a supraclassical logic. +\<^item> @{text \contract_conj_overlap\} : An element in both @{text \K \
\\} and @{text \K \
\\} is also an element of @{text \K \
(\ \ \)\} +\<^item> @{text \contract_conj_inclusion\} : If @{term \\\} not in @{text \K \
(\ \ \)\} then all elements removed by this contraction are also removed from @{text \K \
\\}\ +locale AGM_FullContraction = AGM_Contraction + Supraclassical_logic + + assumes contract_conj_overlap: \K = Cn(A) \ (K \
\) \ (K \
\) \ (K \
(\ .\. \))\ + and contract_conj_inclusion: \K = Cn(A) \ \ \ (K \
(\ .\. \)) \ ((K \
(\ .\. \) \ (K \
\)))\ + +begin +\ \two important lemmas/corollaries that can replace the two assumptions @{text \contract_conj_overlap\} and @{text \contract_conj_inclusion\}\ +text\@{text \contract_conj_overlap_variant\} does not need \\\ to occur in the left side! \ +corollary contract_conj_overlap_variant: \K = Cn(A) \ (K \
\) \ Cn({\}) \ (K \
(\ .\. \))\ +proof - + assume a:\K = Cn(A)\ + { assume b:\K \ \\ and c:\K \ \\ + hence d:\K \
(\ .\. \) = K \
(\ .\. ((.\ \) .\. \))\ + apply(rule_tac contract_extensionality[OF a]) + using conj_overlap[of _ \ \] by (simp add: Cn_same) + have e:\K \ Cn {\} \ K \
(.\ \ .\. \)\ + proof(safe) + fix \ + assume f:\\ \ K\ and g:\\ \ Cn {\}\ + have \K \
(.\ \ .\. \) \ (.\ \ .\. \) .\. \\ + by (metis a contract_recovery expansion_def f impI_PL infer_def subset_eq) + hence \K \
(.\ \ .\. \) \ .\ \ .\. \\ + by (meson disjI1_PL imp_trans inclusion_L infer_def insert_subset validD_L valid_imp_PL) + with g show \\ \ K \
(.\ \ .\. \)\ + by (metis a contract_closure disjE_PL ex_mid_PL infer_def validD_L valid_imp_PL) + qed + have ?thesis + unfolding d using e contract_conj_overlap[OF a, of \ \(.\ \ .\. \)\] a contract_inclusion by force + } + then show ?thesis + apply (cases \\ K \ \ \ \ K \ \\) + by (metis IntE a assumption_L conjE1_PL conjE2_PL contract_inclusion contract_vacuity subsetD subsetI) blast +qed + +text\@{text \contract_conj_inclusion_variant\}: Everything retained in @{text \K \
(\ \ \)\} is retained in @{text \K \
\\}\ +corollary contract_conj_inclusion_variant : \K = Cn(A) \ (K \
(\ .\. \) \ (K \
\)) \ (K \
(\ .\. \) \ (K \
\))\ +proof - + assume a:\K = Cn(A)\ + { assume d:\\ \ (K \
(\ .\. \)) \ \ \ (K \
(\ .\. \))\ + hence \\ .\. \ \ (K \
(\ .\. \))\ + using Supraclassical_logic.conjI_PL Supraclassical_logic_axioms a contract_closure by fastforce + with d have ?thesis + by (metis (no_types, lifting) Supraclassical_logic.valid_conj_PL Supraclassical_logic_axioms + Tarskian_logic.valid_expansion Tarskian_logic_axioms a contract_closure contract_inclusion + contract_recovery contract_success dual_order.trans expansion_def) + } + then show ?thesis + by (metis a conj_com_Cn contract_conj_inclusion contract_extensionality) +qed + +end + +subsection \Partial meet contraction definition\ + +text\A partial meet contraction of @{term \K\} by @{term \\\} is the intersection of some sets that not imply @{term \\\}. +We define these sets as the "remainders" @{text \(K .\. \\}. +The function of selection @{term \\\} select the best set of the remainders that do not imply @{term \\\}. +This function respect these postulates : +\<^item> @{text \is_selection\} : if there exist some set that do not imply @{term \\\} then the function selection @{term \\\} is a subset of these sets +\<^item> @{text \tautology_selection\} : if there is no set that do not imply @{term \\\} then the result of the selection function is @{term \K\} +\<^item> @{text nonempty_selection} : An empty selection function do not exist +\<^item> @{text extensional_selection} : Two proposition with the same closure have the same selection function\ +locale PartialMeetContraction = Tarskian_logic + + +fixes selection::\'a set \ 'a \ 'a set set\ (\\\) +assumes is_selection: \K = Cn(A) \ (K .\. \) \ {} \ \ K \ \ (K .\. \)\ +assumes tautology_selection: \K = Cn(A) \ (K .\. \) = {} \ \ K \ = {K}\ +assumes nonempty_selection: \K = Cn(A) \ \ K \ \ {}\ +assumes extensional_selection: \K = Cn(A) \ Cn({\}) = Cn({\}) \ \ K \ = \ K \\ + +\ \extensionality seems very hard to implement for a constructive approach, +one basic implementation will be to ignore @{term \A\} and @{term \\\} +and only base on @{text \A .\. \\} that +is already proved as extensional (lemma @{text \remainder_extensionality\})\ + +begin + +text \A partial meet is the intersection of set of selected element.\ +definition (in Tarskian_logic) meet_contraction::\'a set \ ('a set \ 'a \ 'a set set) \ 'a \ 'a set\ (\_ \
\<^bsub>_\<^esub> _\ [60,50,60]55) + where mc: \(A \
\<^bsub>\\<^esub> \) \ \(\ A \)\ + +text \Following this definition 4 postulates of AGM can be proved on a partial meet contraction: +\<^item> @{text \contract_inclusion\} +\<^item> @{text \ contract_vacuity\} +\<^item> @{text \ contract_closure\} +\<^item> @{text \ contract_extensionality\}\ + +text \@{text \pmc_inclusion\ } :a partial meet contraction is a subset of the contracted set\ +lemma pmc_inclusion: \K = Cn(A) \ K \
\<^bsub>\\<^esub> \ \ K\ + apply (cases \(K .\. \) = {}\, simp_all add: mc tautology_selection) + by (meson Inf_less_eq in_mono is_selection nonempty_selection rem_inclusion) + +text\@{text \pmc_vacuity\} : if @{term \\\} is not included in a set @{term \K\} then the partial meet contraction of @{term \K\} by @{term \\\} involves not change at all\ +lemma pmc_vacuity: \K = Cn(A) \ \ K \ \ \ K \
\<^bsub>\\<^esub> \ = K\ + unfolding mc nonconsequence_remainder + by (metis Inf_superset_mono Un_absorb1 cInf_singleton insert_not_empty is_selection mc nonconsequence_remainder pmc_inclusion sup_commute) + +text\@{text \pmc_closure\} : a partial meet contraction is logically closed\ +lemma pmc_closure: \K = Cn(A) \ (K \
\<^bsub>\\<^esub> \) = Cn(K \
\<^bsub>\\<^esub> \)\ +proof (rule subset_antisym, simp_all add:inclusion_L mc transitivity_L, goal_cases) + case 1 + have \\(\ (Cn A) \) = \{Cn(B)|B. B \ \ (Cn A) \}\ + by auto (metis idempotency_L insert_absorb insert_iff insert_subset is_selection rem_closure tautology_selection)+ + from Cn_Inter[OF this] show ?case by blast +qed + +text \@{text \pmc_extensionality\} : Extensionality guarantees that the logic of contraction is extensional in the sense of allowing logically equivalent sentences to be freely substituted for each other\ +lemma pmc_extensionality: \K = Cn(A) \ Cn({\}) = Cn({\}) \ K \
\<^bsub>\\<^esub> \ = K \
\<^bsub>\\<^esub> \\ + by (metis extensional_selection mc) + +text \@{text \pmc_tautology\} : if @{term \\\} is a tautology then the partial meet contraction of @{term \K\} by @{term \\\} is @{term \K\}\ +lemma pmc_tautology: \K = Cn(A) \ \ \ \ K \
\<^bsub>\\<^esub> \ = K\ + by (simp add: mc taut2emptyrem tautology_selection) + +text\@{text \completion\} is a an operator that can build an equivalent selection from an existing one\ +definition (in Tarskian_logic) completion::\('a set \ 'a \ 'a set set) \ 'a set \ 'a \ 'a set set\ (\*\) + where \* \ A \ \ if (A .\. \) = {} then {A} else {B. B \ A .\. \ \ \ (\ A \) \ B}\ + + +lemma selection_completion: "K = Cn(A) \ \ K \ \ * \ K \" + using completion_def is_selection tautology_selection by fastforce + +lemma (in Tarskian_logic) completion_completion: "K = Cn(A) \ * (* \) K \ = * \ K \" + by (auto simp add:completion_def) + +lemma pmc_completion: \K = Cn(A) \ K \
\<^bsub>*\\<^esub> \ = K \
\<^bsub>\\<^esub> \\ + apply(auto simp add: mc completion_def tautology_selection) + by (metis Inter_lower equals0D in_mono is_selection) + +end + +text\A transitively relational meet contraction is a partial meet contraction using a binary relation between the elements of the selection function\ +text\A relation is : +\<^item> transitive (@{text \trans_rel\}) +\<^item> non empty (there is always an element preferred to the others (@{text \nonempty_rel\}))\ + +text\A selection function @{term \\\<^sub>T\<^sub>R\} is transitively relational @{text \rel_sel\} with the following condition : +\<^item> If the the remainders @{text \K .\. \\} is empty then the selection function return @{term \K\} +\<^item> Else the selection function return a non empty transitive relation on the remainders\ +locale TransitivelyRelationalMeetContraction = Tarskian_logic + + +fixes relation::\'a set \ 'a set \ 'a set \ bool\ (\_ \\<^bsub>_\<^esub> _\ [60,50,60]55) +assumes trans_rel: \K = Cn(A) \ B \\<^bsub>K\<^esub> C \ C \\<^bsub>K\<^esub> D \ B \\<^bsub>K\<^esub> D\ +assumes nonempty_rel: \K = Cn(A) \ (K .\. \) \ {} \ \B\(K .\. \). (\C\(K .\. \). C \\<^bsub>K\<^esub> B)\ \ \pas clair dans la litterrature\ + +fixes rel_sel::\'a set \ 'a \ 'a set set\ (\\\<^sub>T\<^sub>R\) +defines rel_sel: \\\<^sub>T\<^sub>R K \ \ if (K .\. \) = {} then {K} + else {B. B\(K .\. \) \ (\C\(K .\. \). C \\<^bsub>K\<^esub> B)}\ + +begin + +text\A transitively relational selection function respect the partial meet contraction postulates.\ +sublocale PartialMeetContraction where selection = \\<^sub>T\<^sub>R + apply(unfold_locales) + apply(simp_all add: rel_sel) + using nonempty_rel apply blast + using remainder_extensionality by blast + +end + +text\A full meet contraction is a limiting case of the partial meet contraction where if the remainders are not empty then +the selection function return all the remainders (as defined by @{text \full_sel\}\ +locale FullMeetContraction = Tarskian_logic + + +fixes full_sel::\'a set \ 'a \ 'a set set\ (\\\<^sub>F\<^sub>C\) +defines full_sel: \\\<^sub>F\<^sub>C K \ \ if K .\. \ = {} then {K} else K .\. \\ + +begin + + +text\A full selection and a relation ? is a transitively relational meet contraction postulates.\ +sublocale TransitivelyRelationalMeetContraction where relation = \\ K A B. True\ and rel_sel=\\<^sub>F\<^sub>C + by (unfold_locales, auto simp add:full_sel, rule eq_reflection, simp) + +end + +subsection\Equivalence of partial meet contraction and AGM contraction\ + + +locale PMC_SC = PartialMeetContraction + Supraclassical_logic + Compact_logic + +begin + +text \In a context of a supraclassical and a compact logic the two remaining postulates of AGM contraction : +\<^item> @{text \contract_recovery\} +\<^item> @{text \contract_success\} +can be proved on a partial meet contraction.\ + +text\@{text \pmc_recovery\} : all proposition removed by a partial meet contraction of @{term \\\} will be recovered by the expansion of @{term \\\}\ + +\ \recovery requires supraclassicality\ +lemma pmc_recovery: \K = Cn(A) \ K \ ((K \
\<^bsub>\\<^esub> \) \ \)\ + apply(cases \(K .\. \) = {}\, simp_all (no_asm) add:mc expansion_def) + using inclusion_L tautology_selection apply fastforce + proof - + assume a:\K = Cn(A)\ and b:\K .\. \ \ {}\ + { fix \ + assume d:\K \ \\ + have \\ .\. \ \ \(\ K \)\ + using is_selection[OF a b] + by auto (metis a d infer_def rem_closure remainder_recovery subsetD) + } + with a b show \K \ Cn (insert \ (\ (\ K \)))\ + by (metis (no_types, lifting) Un_commute assumption_L imp_PL infer_def insert_is_Un subsetI) + qed + +text \@{text \pmc_success\} : a partial meet contraction of @{term \K\} by @{term \\\} not imply @{term \\\}\ +\ \success requires compacteness\ +lemma pmc_success: \K = Cn(A) \ \ \ Cn({}) \ \ \ K \
\<^bsub>\\<^esub> \\ +proof + assume a:\K = Cn(A)\ and b:\\ \ Cn({})\ and c:\\ \ K \
\<^bsub>\\<^esub> \\ + from c show False unfolding mc + proof(cases \K .\. \ = {K}\) + case True + then show ?thesis + by (meson assumption_L c nonconsequence_remainder pmc_inclusion[OF a] subsetD) + next + case False + hence \\B\K .\. \. \ \ B\ using assumption_L rem by auto + moreover have \K .\. \ \ {}\ using b emptyrem2taut validD_L by blast + ultimately show ?thesis + using b c mc nonempty_selection[OF a] validD_L emptyrem2taut is_selection[OF a] + by (metis Inter_iff bot.extremum_uniqueI subset_iff) + qed +qed + +text\As a partial meet contraction has been proven to respect all postulates of AGM contraction +the equivalence between the both are straightforward\ +sublocale AGM_Contraction where contraction = \\A \. A \
\<^bsub>\\<^esub> \\ + using pmc_closure pmc_inclusion pmc_vacuity + pmc_success pmc_recovery pmc_extensionality + expansion_def idempotency_L infer_def + by (unfold_locales) metis+ + +end + + +locale AGMC_SC = AGM_Contraction + Supraclassical_logic + Compact_logic + +begin + +text \obs 2.5 page 514\ +definition AGM_selection::\'a set \ 'a \ 'a set set\ (\\\<^sub>A\<^sub>G\<^sub>M\) + where AGM_sel: \\\<^sub>A\<^sub>G\<^sub>M A \ \ if A .\. \ = {} then {A} else {B. B \ A .\. \ \ A \
\ \ B}\ + +text\The selection function @{term \\\<^sub>A\<^sub>G\<^sub>M\} respect the partial meet contraction postulates\ +sublocale PartialMeetContraction where selection = \\<^sub>A\<^sub>G\<^sub>M +proof(unfold_locales, unfold AGM_sel, simp_all, goal_cases) + case (1 K A \) \ \@{text \non_emptiness\} of selection requires a compact logic\ + then show ?case using upper_remainder[of \K \
\\ K \] contract_success[OF 1(1)] + by (metis contract_closure contract_inclusion infer_def taut2emptyrem valid_def) +next + case (2 K A \ \) + then show ?case + by (metis (mono_tags, lifting) contract_extensionality Collect_cong remainder_extensionality) +qed + +text \@{text \contraction_is_pmc\} : an AGM contraction is equivalent to a partial met contraction using the selection function \\\<^sub>A\<^sub>G\<^sub>M\\ +lemma contraction_is_pmc: \K = Cn(A) \ K \
\ = K \
\<^bsub>\\<^sub>A\<^sub>G\<^sub>M\<^esub> \\ \ \requires a supraclassical logic\ +proof + assume a:\K = Cn(A)\ + show \K \
\ \ K \
\<^bsub>\\<^sub>A\<^sub>G\<^sub>M\<^esub> \\ + using contract_inclusion[OF a] by (auto simp add:mc AGM_sel) +next + assume a:\K = Cn(A)\ + show \K \
\<^bsub>\\<^sub>A\<^sub>G\<^sub>M\<^esub> \ \ K \
\\ + proof (cases \\ \\) + case True + hence \K .\. \ = {}\ + using nonconsequence_remainder taut2emptyrem by auto + then show ?thesis + apply(simp_all add:mc AGM_sel) + by (metis a emptyrem2taut contract_closure contract_recovery valid_expansion) + next + case validFalse:False + then show ?thesis + proof (cases \K \ \\) + case True + hence b:\K .\. \ \ {}\ + using emptyrem2taut validFalse by blast + have d:\\ \ K \ \ .\. \ \ K \
\\ for \ + using Supraclassical_logic.impI_PL Supraclassical_logic_axioms a contract_closure contract_recovery expansion_def by fastforce + { fix \ + assume e:\\ \ K \ and f:\\ \ K \
\\ + have \(\ .\. \) .\. \ \ K \
\\ + using imp_recovery2[of \K \
\\ \ \] a contract_closure d e f by auto + hence g:\\ (K \
\) \ {\ .\. \} \ \\ + using a contract_closure impI_PL by fastforce + then obtain B where h:\(K \
\) \ {\ .\. \} \ B\ and i:\B \ K .\. \\ + using upper_remainder[of \(K \
\) \ {\ .\. \}\ K \] a True contract_inclusion idempotency_L impI2 by auto + hence j:\\ \ Cn(B)\ + by (metis (no_types, lifting) CollectD mp_PL Un_insert_right a infer_def insert_subset rem rem_closure) + have \\ \ K \
\<^bsub>\\<^sub>A\<^sub>G\<^sub>M\<^esub> \\ + apply(simp add:mc AGM_sel b, rule_tac x=B in exI) + by (meson Tarskian_logic.assumption_L Tarskian_logic_axioms h i j le_sup_iff) + } + then show ?thesis + using a pmc_inclusion by fastforce + next + case False + hence \K .\. \ = {K}\ + using nonconsequence_remainder taut2emptyrem by auto + then show ?thesis + using False a contract_vacuity idempotency_L pmc_vacuity by auto + qed + qed +qed + +lemma contraction_with_completion: \K = Cn(A) \ K \
\ = K \
\<^bsub>* \\<^sub>A\<^sub>G\<^sub>M\<^esub> \\ + by (simp add: contraction_is_pmc pmc_completion) + +end + +(* in case of doubt uncomment one of these\ +sublocale AGMC_SC \ PMC_SC where selection = \\<^sub>A\<^sub>G\<^sub>M\<^sub>C + by (unfold_locales) + +sublocale PMC_SC \ AGMC_SC where contraction = \\A \. A \
\<^bsub>\\<^esub> \\ + by (unfold_locales) +*) + +locale TRMC_SC = TransitivelyRelationalMeetContraction + PMC_SC where selection = \\<^sub>T\<^sub>R + +begin +text \A transitively relational selection function respect conjuctive overlap.\ +lemma rel_sel_conj_overlap: \K = Cn(A) \ \\<^sub>T\<^sub>R K (\ .\. \) \ \\<^sub>T\<^sub>R K \ \ \\<^sub>T\<^sub>R K \\ +proof(intro subsetI) + fix B + assume a:\K = Cn(A)\ and b:\B \ \\<^sub>T\<^sub>R K (\ .\. \)\ + show \B \ \\<^sub>T\<^sub>R K \ \ \\<^sub>T\<^sub>R K \\ (is ?A) + proof(cases \\ \ \ \ \ \ \ K \ \ \ \ K \ \\, elim disjE) + assume \\ \\ + hence c:\Cn({\ .\. \}) = Cn({\})\ + using conj_equiv valid_Cn_equiv valid_def by blast + from b show ?A + by (metis Un_iff a c extensional_selection) + next + assume \\ \\ + hence c:\Cn({\ .\. \}) = Cn({\})\ + by (simp add: Cn_conj_bis Cn_same validD_L) + from b show ?A + by (metis Un_iff a c extensional_selection) + next + assume \\ K \ \\ + then show ?A + by (metis UnI1 a b conjE1_PL is_selection nonconsequence_remainder nonempty_selection tautology_selection subset_singletonD) + next + assume \\ K \ \\ + then show ?A + by (metis UnI2 a b conjE2_PL is_selection nonconsequence_remainder nonempty_selection tautology_selection subset_singletonD) + next + assume d:\\ (\ \ \ \ \ \ \ K \ \ \ \ K \ \)\ + hence h:\K .\. \ \ {}\ and i:\K .\. \ \ {}\ and j:\K .\. (\ .\. \) \ {}\ and k:"K \ \ .\. \" + using d emptyrem2taut valid_conj_PL apply auto + by (meson Supraclassical_logic.conjI_PL Supraclassical_logic_axioms d) + show ?A + using remainder_conj[OF a k] b h i j rel_sel by auto + qed +qed + +text\A transitively relational meet contraction respect conjuctive overlap.\ +lemma trmc_conj_overlap: \K = Cn(A) \ (K \
\<^bsub>\\<^sub>T\<^sub>R\<^esub> \) \ (K \
\<^bsub>\\<^sub>T\<^sub>R\<^esub> \) \ (K \
\<^bsub>\\<^sub>T\<^sub>R\<^esub> (\ .\. \))\ + unfolding mc using rel_sel_conj_overlap by blast + +text\A transitively relational selection function respect conjuctive inclusion\ +lemma rel_sel_conj_inclusion: \K = Cn(A) \ \\<^sub>T\<^sub>R K (\ .\. \) \ (K .\. \) \ {} \ \\<^sub>T\<^sub>R K \ \ \\<^sub>T\<^sub>R K (\ .\. \)\ +proof(intro subsetI) + fix B + assume a:\K = Cn(A)\ and b:\\\<^sub>T\<^sub>R K (\ .\. \) \ (K .\. \) \ {}\ and c:\B \ \\<^sub>T\<^sub>R K \\ + show \B \ \\<^sub>T\<^sub>R K (\ .\. \)\ (is ?A) + proof(cases \\ \ \ \ \ \ \ K \ \ \ \ K \ \\, auto) + assume \\ \\ + then show ?A + using b taut2emptyrem by auto + next + assume \\ \\ + hence \Cn({\ .\. \}) = Cn({\})\ + by (simp add: Cn_conj_bis Cn_same validD_L) + then show ?A + using a c extensional_selection by blast + next + assume d:\\ \ Cn K\ + with d show ?A + by (metis Int_emptyI Tarskian_logic.nonconsequence_remainder Tarskian_logic_axioms a b c idempotency_L + inf_bot_right is_selection nonempty_selection singletonD subset_singletonD) + next + assume d:\\ \ Cn K\ + hence e:\(\ .\. \) \ Cn K\ + by (meson Supraclassical_logic.conjE2_PL Supraclassical_logic_axioms) + hence f:\\\<^sub>T\<^sub>R K (\ .\. \) = {K}\ + by (metis Tarskian_logic.nonconsequence_remainder Tarskian_logic_axioms a insert_not_empty is_selection + nonempty_selection subset_singletonD) + with b have g:\(K .\. \) = {K}\ + unfolding nonconsequence_remainder[symmetric] using rem by auto + with d f show ?A + using a c is_selection by fastforce + next + assume d:\\ \ \\ and e:\\ \ \\ and f:\\ \ Cn K\ and g:\\ \ Cn K\ + hence h:\K .\. \ \ {}\ and i:\K .\. \ \ {}\ and j:\K .\. (\ .\. \) \ {}\ and k:"K \ \ .\. \" + using e d emptyrem2taut valid_conj_PL apply auto + by (meson Supraclassical_logic.conjI_PL Supraclassical_logic_axioms f g) + have o:\B \ K .\. \ \ B \ K .\. (\ .\. \)\ for B + using a k remainder_conj by auto + from b obtain B' where l:\B' \ K .\. (\ .\. \)\ and m:\\C\K .\. (\ .\. \). C \\<^bsub>K\<^esub> B'\ and n:\\ \ B'\ + apply (auto simp add:mc rel_sel j) + using assumption_L rem by force + have p:\B' \ K .\. \\ + apply(simp add: rem) + by (metis (no_types, lifting) Supraclassical_logic.conjE1_PL Supraclassical_logic_axioms + Tarskian_logic.rem Tarskian_logic_axioms a l mem_Collect_eq n rem_closure) + from c show ?A + apply (simp add:rel_sel o j h) + using m p trans_rel a by blast + qed +qed + +text\A transitively relational meet contraction respect conjuctive inclusion\ +lemma trmc_conj_inclusion: \K = Cn(A) \ \ \ (K \
\<^bsub>\\<^sub>T\<^sub>R\<^esub> (\ .\. \)) \ ((K \
\<^bsub>\\<^sub>T\<^sub>R\<^esub> (\ .\. \) \ (K \
\<^bsub>\\<^sub>T\<^sub>R\<^esub> \)))\ +proof - + assume a:\K = Cn(A)\ and b:\\ \ (K \
\<^bsub>\\<^sub>T\<^sub>R\<^esub> (\ .\. \))\ + then obtain B where c:\B \ \\<^sub>T\<^sub>R K (\ .\. \)\ and d:\\ B \ \\ apply(simp add:mc) + by (metis b emptyrem2taut is_selection pmc_tautology rem_closure subset_iff validD_L valid_conj_PL) + hence \B \ (K .\. \)\ + using remainder_recovery_bis[OF a _ d, of \\ .\. \\] + by (metis (no_types, hide_lams) a conj_PL emptyrem2taut insert_not_empty is_selection + nonconsequence_remainder subsetD taut2emptyrem) + with c have e:\\\<^sub>T\<^sub>R K (\ .\. \) \ (K .\. \) \ {}\ by blast + then show \((K \
\<^bsub>\\<^sub>T\<^sub>R\<^esub> (\ .\. \) \ (K \
\<^bsub>\\<^sub>T\<^sub>R\<^esub> \)))\ + unfolding mc using rel_sel_conj_inclusion[OF a e] by blast +qed + +text\As a transitively relational meet contraction has been proven to respect all postulates of AGM full contraction +the equivalence between the both are straightforward\ +sublocale AGM_FullContraction where contraction = \\A \. A \
\<^bsub>\\<^sub>T\<^sub>R\<^esub> \\ + using trmc_conj_inclusion trmc_conj_overlap + by (unfold_locales, simp_all) + +end + + +locale AGMFC_SC = AGM_FullContraction + AGMC_SC + +begin + +text\An AGM relation is defined as ?\ +definition AGM_relation::\'a set \ 'a set \ 'a set \ bool\ + where AGM_rel: \AGM_relation C K B \ (C = K \ B = K) \ ( (\\. K \ \ \ C \ K .\. \) + \ (\\. K \ \ \ B \ K .\. \ \ K \
\ \ B) + \ (\\. (K \ \ \ C \ K .\. \ \ B \ K .\. \ \ K \
\ \ C) \ K \
\ \ B))\ +text\An AGM relational selection is defined as a function that return @{term \K\} if the remainders of @{text \K .\. \\} is empty and +the best element of the remainders according to an AGM relation\ +definition AGM_relational_selection::\'a set \ 'a \ 'a set set\ (\\\<^sub>A\<^sub>G\<^sub>M\<^sub>T\<^sub>R\) + where AGM_rel_sel: \\\<^sub>A\<^sub>G\<^sub>M\<^sub>T\<^sub>R K \ \ if (K .\. \) = {} + then {K} + else {B. B\(K .\. \) \ (\C\(K .\. \). AGM_relation C K B)}\ + +lemma AGM_rel_sel_completion: \K = Cn(A) \ \\<^sub>A\<^sub>G\<^sub>M\<^sub>T\<^sub>R K \ = * \\<^sub>A\<^sub>G\<^sub>M K \\ + apply (unfold AGM_rel_sel, simp add:completion_def split: if_splits) +proof(auto simp add:AGM_sel) + fix S B C + assume a:\S \ Cn(A) .\. \\ and b:\B \ Cn(A) .\. \\ and c:\\ {B \ Cn(A) .\. \. Cn(A) \
\ \ B} \ B\ + and d:\C \ Cn(A) .\. \\ + hence e:\\ \ Cn(A) \
\\ + using Tarskian_logic.taut2emptyrem Tarskian_logic_axioms contract_success by fastforce + show \AGM_relation C (Cn(A)) B\ + proof(cases \\ \ Cn(A)\) + case True + { fix \ + assume \Cn A \
\ \ C\ + hence \Cn A \
(\ .\. \) \ Cn A \
\\ + using contract_conj_inclusion_variant[of \Cn(A)\ A \ \] + by (metis (mono_tags, lifting) assumption_L contract_conj_inclusion d mem_Collect_eq rem subset_iff) + } note f = this + { fix \ \' + assume g:\\ \ Cn A \
\'\ and h:\B \ Cn A .\. \'\ and j:\Cn A \
\' \ C\ and i:\\ \ B\ + hence \\' .\. \ \ Cn A \
\'\ + using Supraclassical_logic.disjI2_PL Supraclassical_logic_axioms contract_closure by fastforce + hence k:\\' .\. \ \ Cn A \
\\ + using contract_conj_overlap_variant[of \Cn(A)\ A \' \] f[OF j] + by (metis IntI Supraclassical_logic.disjI1_PL Supraclassical_logic_axioms conj_com_Cn + contract_extensionality inclusion_L singletonI subsetD) + hence l:\Cn A \
\ \ B\ using c by auto + from k l have m:\\' .\. \ \ B\ and n:\B =Cn(B)\ + using b rem_closure by blast+ + have \B \ {\} \ \'\ using g h i + by (simp add:rem) (metis contract_inclusion insertI1 insert_subsetI psubsetI subsetD subset_insertI) + with n m have \B \ \'\ + by (metis Cn_equiv assumption_L disjE_PL disj_com equiv_PL imp_PL) + with h have False + using assumption_L rem by auto + } note g = this + with True show ?thesis + apply(unfold AGM_rel, rule_tac disjI2) + using d b c by (auto simp add:AGM_rel idempotency_L del:subsetI) blast+ + next + case False + then show ?thesis + by (metis AGM_rel b d idempotency_L infer_def nonconsequence_remainder singletonD) + qed +next + fix S B \ + assume a:\S \ Cn(A) .\. \\ and b:\B \ Cn(A) .\. \\ and c:\\C\Cn A .\. \. AGM_relation C (Cn A) B\ + and d:\\C'. C' \ Cn A .\. \ \ Cn A \
\ \ C' \ \ \ C'\ + then show \\ \ B\ + unfolding AGM_rel + by (metis (no_types, lifting) AGM_sel empty_Collect_eq insert_Diff insert_not_empty + nonconsequence_remainder nonempty_selection singletonD) +qed + +text\A transitively relational selection and an AGM relation is a transitively relational meet contraction\ +sublocale TransitivelyRelationalMeetContraction where relation = AGM_relation and rel_sel = \\\<^sub>A\<^sub>G\<^sub>M\<^sub>T\<^sub>R\ +proof(unfold_locales, simp_all (no_asm) only:atomize_eq, goal_cases) + case a:(1 K A C B' B) \ \Very difficult proof requires litterature and high automation of isabelle!\ + from a(2,3) show ?case + unfolding AGM_rel apply(elim disjE conjE, simp_all) + proof(intro disjI2 allI impI, elim exE conjE, goal_cases) + case (1 \ _ _ \) + have b:\B \ K .\. (\ .\. \)\ and c:\B' \ K .\. (\ .\. \)\ and d:\C \ K .\. (\ .\. \)\ + using remainder_conj[OF a(1)] 1 conjI_PL by auto + hence e:\K \
(\ .\. \) \ B\ + using contract_conj_inclusion_variant[OF a(1), of \ \] + by (meson "1"(1) "1"(12) "1"(16) "1"(2) "1"(3) "1"(8) Supraclassical_logic.conj_PL + Supraclassical_logic_axioms dual_order.trans) + { fix \ + assume f:\\ \ K \
\\ + have \\ .\. \ \ (K \
\) \ Cn {\}\ + by (metis Int_iff Supraclassical_logic.disjI1_PL Supraclassical_logic.disjI2_PL Supraclassical_logic_axioms + f a(1) contract_closure in_mono inclusion_L singletonI) + hence g:\\ .\. \ \ B\ + using contract_conj_overlap_variant[OF a(1), of \] + by (metis AGM_Contraction.contract_extensionality AGM_Contraction_axioms a(1) conj_com_Cn e in_mono) + have \\ .\. \ \ B\ + by (metis a(1) "1"(10) "1"(15) "1"(16) assumption_L f in_mono infer_def rem_closure rem_inclusion remainder_recovery) + with g have \\ \ B\ + by (metis 1(15) a(1) disjE_PL infer_def order_refl rem_closure validD_L valid_Cn_imp) + } + then show ?case by blast + qed +next + case (2 K A \) + hence \* \\<^sub>A\<^sub>G\<^sub>M K \ \ {}\ + using nonempty_selection[OF 2(1), of \] selection_completion[OF 2(1), of \] by blast + then show ?case + using AGM_rel_sel_completion[OF 2(1), of \] AGM_rel_sel 2(1,2) by force +next + case (3 K \) + then show ?case using AGM_rel_sel_completion AGM_rel_sel by simp +qed + +\ \ça marche tout seul! ==> Je ne vois pas où sont utilisés ces lemmas\ +lemmas fullcontraction_is_pmc = contraction_is_pmc +lemmas fullcontraction_is_trmc = contraction_with_completion + +end + + +locale FMC_SC = FullMeetContraction + TRMC_SC + +begin + +lemma full_meet_weak1: \K = Cn(A) \ K \ \ \ (K \
\<^bsub>\\<^sub>F\<^sub>C\<^esub> \) = K \ Cn({.\ \})\ +proof(intro subset_antisym Int_greatest) + assume a:\K = Cn(A)\ and b:\K \ \\ + then show \ (K \
\<^bsub>\\<^sub>F\<^sub>C\<^esub> \) \ K\ + by (simp add: Inf_less_eq full_sel mc rem_inclusion) +next + assume a:\K = Cn(A)\ and b:\K \ \\ + show \(K \
\<^bsub>\\<^sub>F\<^sub>C\<^esub> \) \ Cn({.\ \})\ + proof + fix \ + assume c:\\ \ (K \
\<^bsub>\\<^sub>F\<^sub>C\<^esub> \)\ + { assume \\ {.\ \} \ \\ + hence \\ {.\ \} \ \\ + by (metis Un_insert_right insert_is_Un not_PL notnot_PL) + hence \\ {\ .\. .\ \} \ \\ + by (metis assumption_L disjI2_PL singleton_iff transitivity2_L) + then obtain B where d:\{\ .\. .\ \} \ B\ and e:\B \ K .\. \\ + by (metis a b disjI1_PL empty_subsetI idempotency_L infer_def insert_subset upper_remainder) + hence f:\\ \ \ B\ + by (metis (no_types, lifting) CollectD assumption_L insert_subset disj_notE_PL rem) + hence \\ \ \ (K \
\<^bsub>\\<^sub>F\<^sub>C\<^esub> \)\ + using e mc full_sel by auto + } + then show \\ \ Cn({.\ \})\ + using c infer_def by blast + qed +next + assume a:\K = Cn(A)\ and b:\K \ \\ + show \K \ Cn({.\ \}) \ (K \
\<^bsub>\\<^sub>F\<^sub>C\<^esub> \)\ + proof(safe) + fix \ + assume c:\\ \ K\ and d: \\ \ Cn {.\ \}\ + have e:\B \ .\ \ .\. \\ for B + by (simp add: d validD_L valid_imp_PL) + { fix B + assume f:\B \ K .\. \\ + hence \B \ \ .\. \\ + using a assumption_L c remainder_recovery by auto + then have f:\B \ \\ using d e + using disjE_PL ex_mid_PL by blast + } + then show \\ \ (K \
\<^bsub>\\<^sub>F\<^sub>C\<^esub> \)\ + apply(simp_all add:mc c full_sel) + using a rem_closure by blast + qed +qed + +lemma full_meet_weak2:\K = Cn(A) \ K \ \ \ Cn((K \
\<^bsub>\\<^sub>F\<^sub>C\<^esub> \) \ {.\ \}) = Cn({.\ \})\ + unfolding full_meet_weak1 + by (metis Cn_union idempotency_L inf.cobounded2 sup.absorb_iff2 sup_commute) + +end + +end diff --git a/thys/Belief_Revision/AGM_Logic.thy b/thys/Belief_Revision/AGM_Logic.thy new file mode 100755 --- /dev/null +++ b/thys/Belief_Revision/AGM_Logic.thy @@ -0,0 +1,480 @@ +(*<*) +\\ ******************************************************************** + * Project : AGM Theory + * Version : 1.0 + * + * Authors : Valentin Fouillard, Safouan Taha, Frederic Boulanger + and Nicolas Sabouret + * + * This file : AGM logics + * + * Copyright (c) 2021 Université Paris Saclay, France + * + ******************************************************************************\ + +theory AGM_Logic + +imports Main + +begin +(*>*) + +section \Introduction\ + +text\ +The 1985 paper by Carlos Alchourrón, Peter Gärdenfors, +and David Makinson (AGM), “On the Logic of Theory Change: Partial Meet +Contraction and Revision Functions” @{cite "alchourron1985logic"} launches a large and +rapidly growing literature that employs formal models and logics to handle changing beliefs of a rational agent +and to take into account new piece of information observed by this agent. +In 2011, a review book titled "AGM 25 Years: Twenty-Five Years of Research in Belief Change" +was edited to summarize the first twenty five years of works based on AGM +@{cite "Ferme2011"}. + +According to Google Scholar, the original AGM paper was cited 4000 times! +This AFP entry is HOL-based and it is a faithful formalization of the logic operators (e.g. contraction, revision, remainder \dots ) +axiomatized in the AGM paper. It also contains the proofs of all the theorems stated in the paper that show how these operators combine. +Both proofs of Harper and Levi identities are established. +\ + +text\A belief state can be considered as a consistent set of beliefs (logical propositions) closed under logical reasoning. +Belief changes represent the operations that apply on a belief state to remove some of it and/or to add new beliefs (propositions). +In the latter case, it is possible that other beliefs are affected by these changes (to preserve consistency for example). +AGM define several postulates to guarantee that such operations preserve consistency meaning that the agent keeps rational. +Three kinds of operators are defined : +\<^item> The contraction @{text \\
\} : where a proposition is removed from a belief set +\<^item> The expansion @{text \\\} : where a proposition is added to a belief set +\<^item> The revision @{text \\<^bold>*\} : where a proposition is added to a belief set such that the belief set remains consistent +\ + +text\In this AFP entry, there are three theory files: +\<^enum> The AGM Logic file contains a classification of logics used in the AGM framework. +\<^enum> The AGM Remainder defines a important operator used in the AGM framework. +\<^enum> The AGM Contraction file contains the postulates of the AGM contraction and its relation with the meet contraction. +\<^enum> The AGM Revision file contains the postulates of the AGM revision and its relation with the meet revision. +\ + +section \Logics\ + +text\The AGM framework depends on the underlying logic used to express beliefs. AGM requires at least a Tarskian propositional calculus. +If this logic is also supra-classical and/or compact, new properties are established and the main theorems of AGM are strengthened. +To model AGM it is therefore important to start by formalizing this underlying logic and its various extensions. +We opted for a deep embedding in HOL which required the redefinition of all the logical operators and an axiomatization of their rules. +This is certainly not efficient in terms of proof but it gives a total control of our formalization and an assurance +that the logic used has no hidden properties depending on the Isabelle/HOL implementation. +We use the Isabelle \<^emph>\locales\ feature and we take advantage of the inheritance/extension mechanisms between locales.\ + + +subsection \Tarskian Logic\ + +text \ +The first locale formalizes a Tarskian logic based on the famous Tarski's consequence operator: @{term \Cn(A)\} +which gives the set of all propositions (\<^bold>\closure\) that can be inferred from the set of propositions @{term \A\}, +Exactly as it is classically axiomatized in the literature, three assumptions of the locale define the consequence operator. +\ +locale Tarskian_logic = +fixes Cn::\'a set \ 'a set\ +assumes monotonicity_L: \A \ B \ Cn(A) \ Cn(B)\ + and inclusion_L: \A \ Cn(A)\ + and transitivity_L: \Cn(Cn(A)) \ Cn(A)\ + +\ \ + Short notation for ``@{term \\\} can be inferred from the propositions in @{term \A\}''. +\ +fixes infer::\'a set \ 'a \ bool\ (infix \\\ 50) +defines \A \ \ \ \ \ Cn(A)\ + +\ \ + @{term \\\} is valid (a tautology) if it can be inferred from nothing. +\ +fixes valid::\'a \ bool\ (\\\) +defines \\ \ \ {} \ \\ + +\ \ + @{term \A \ \\} is all that can be infered from @{term \A\} and @{term \\\}. +\ +fixes expansion::\'a set \ 'a \ 'a set\ (infix \\\ 57) +defines \A \ \ \ Cn(A \ {\})\ + +begin + +lemma idempotency_L: \Cn(Cn(A)) = Cn(A)\ + by (simp add: inclusion_L transitivity_L subset_antisym) + +lemma assumption_L: \\ \ A \ A \ \\ + using inclusion_L infer_def by blast + +lemma validD_L: \\ \ \ \ \ Cn(A)\ + using monotonicity_L valid_def infer_def by fastforce + +lemma valid_expansion: \K = Cn(A) \ \ \ \ K \ \ = K\ + by (simp add: idempotency_L insert_absorb validD_L valid_def expansion_def) + +lemma transitivity2_L: + assumes \\\ \ B. A \ \\ + and \B \ \\ + shows \A \ \\ +proof - + from assms(1) have \B \ Cn(A)\ by (simp add: infer_def subsetI) + hence \Cn(B) \ Cn(A)\ using idempotency_L monotonicity_L by blast + moreover from assms(2) have \\ \ Cn(B)\ by (simp add: infer_def) + ultimately show ?thesis using infer_def by blast +qed + +lemma Cn_same: \(Cn(A) = Cn(B)) \ (\C. A \ Cn(C) \ B \ Cn(C))\ +proof + { assume h:\Cn(A) = Cn(B)\ + from h have \\\ \ B. A \ \\ + by (simp add: Tarskian_logic.assumption_L Tarskian_logic_axioms infer_def) + moreover from h[symmetric] have \\\ \ A. B \ \\ + by (simp add: Tarskian_logic.assumption_L Tarskian_logic_axioms infer_def) + ultimately have \\C. A \ Cn(C) \ B \ Cn(C)\ + using h idempotency_L inclusion_L monotonicity_L by blast + } thus \Cn(A) = Cn(B) \ \C. (A \ Cn(C)) = (B \ Cn(C))\ . +next + { assume h:\\C. (A \ Cn(C)) = (B \ Cn(C))\ + from h have \(A \ Cn(A)) = (B \ Cn(A))\ and \(A \ Cn(B)) = (B \ Cn(B))\ by simp+ + hence \B \ Cn(A)\ and \A \ Cn(B)\ by (simp add: inclusion_L)+ + hence \Cn(A) = Cn(B)\ + using idempotency_L monotonicity_L by blast + } thus \(\C. (A \ Cn(C)) = (B \ Cn(C))) \ Cn(A) = Cn(B)\ . +qed + +\ \ +The closure of the union of two consequence closures. +\ +lemma Cn_union: \Cn(Cn(A) \ Cn(B)) = Cn(A \ B)\ +proof + have \Cn(Cn(A) \ Cn(B)) \ Cn(Cn (A \ B))\ by (simp add: monotonicity_L) + thus \Cn(Cn(A) \ Cn(B)) \ Cn(A \ B)\ by (simp add: idempotency_L) +next + have \(A \ B) \ (Cn(A) \ Cn(B))\ using inclusion_L by blast + thus \Cn(A \ B) \ Cn(Cn(A) \ Cn(B))\ by (simp add: monotonicity_L) +qed + +\ \ +The closure of an infinite union of consequence closures. +\ +lemma Cn_Union: \Cn(\{Cn(B)|B. P B}) = Cn(\{B. P B})\ (is \?A = ?B\) +proof + have \?A \ Cn ?B\ + apply(rule monotonicity_L, rule Union_least, auto) + by (metis Sup_upper in_mono mem_Collect_eq monotonicity_L) + then show \?A \ ?B\ + by (simp add: idempotency_L) +next + show \?B \ ?A\ + by (metis (mono_tags, lifting) Union_subsetI inclusion_L mem_Collect_eq monotonicity_L) +qed + +\ \ +The intersection of two closures is closed. +\ +lemma Cn_inter: \K = Cn(A) \ Cn(B) \ K = Cn(K)\ +proof - + { fix K assume h:\K = Cn(A) \ Cn(B)\ + from h have \K \ Cn(A)\ and \K \ Cn(B)\ by simp+ + hence \Cn(K) \ Cn(A)\ and \Cn(K) \ Cn(B)\ using idempotency_L monotonicity_L by blast+ + hence \Cn(K) \ Cn(A) \ Cn(B)\ by simp + with h have \K = Cn(K)\ by (simp add: inclusion_L subset_antisym) + } thus \K = Cn(A) \ Cn(B) \ K = Cn(K)\ . +qed + +\ \ +An infinite intersection of closures is closed. +\ +lemma Cn_Inter: \K = \{Cn(B)|B. P B} \ K = Cn(K)\ +proof - + { fix K assume h:\K = \{Cn(B)|B. P B}\ + from h have \\B. P B \ K \ Cn(B)\ by blast + hence \\B. P B \ Cn(K) \ Cn(B)\ using idempotency_L monotonicity_L by blast + hence \Cn(K) \ \{Cn(B)|B. P B}\ by blast + with h have \K = Cn(K)\ by (simp add: inclusion_L subset_antisym) + } thus \K = \{Cn(B)|B. P B} \ K = Cn(K)\ . +qed + +end + +subsection \Supraclassical Logic\ + +text \ +A Tarskian logic has only one abstract operator catching the notion of consequence. A basic case of such a logic is a \<^bold>\Supraclassical\ logic that +is a logic with all classical propositional operators (e.g. conjunction (\\\), implication(\\\), negation (\\\) \dots ) together with their classical semantics. + +We define a new locale. In order to distinguish the propositional operators of our supraclassical logic from those of Isabelle/HOL, we use dots (e.g. \.\.\ stands for conjunction). +We axiomatize the introduction and elimination rules of each operator as it is commonly established in the classical literature. As explained before, +we give priority to a complete control of our logic instead of an efficient shallow embedding in Isabelle/HOL. +\ + +locale Supraclassical_logic = Tarskian_logic + + +fixes true_PL:: \'a\ (\\\) + and false_PL:: \'a\ (\\\) + and imp_PL:: \'a \ 'a \ 'a\ (infix \.\.\ 55) + and not_PL:: \'a \ 'a\ (\.\\) + and conj_PL:: \'a \ 'a \ 'a\ (infix \.\.\ 55) + and disj_PL:: \'a \ 'a \ 'a\ (infix \.\.\ 55) + and equiv_PL:: \'a \ 'a \ 'a\ (infix \.\.\ 55) + +assumes true_PL: \A \ \\ + + and false_PL: \{\} \ p\ + + and impI_PL: \A \ {p} \ q \ A \ (p .\. q)\ + and mp_PL: \A \ p .\. q \ A \ p \ A \ q\ + + and notI_PL: \A \ p .\. \ \ A \ .\ p\ + and notE_PL: \A \ .\ p \ A \ (p .\. \)\ + + and conjI_PL: \A \ p \ A \ q \ A \ (p .\. q)\ + and conjE1_PL: \A \ p .\. q \ A \ p\ + and conjE2_PL: \A \ p .\. q \ A \ q\ + + and disjI1_PL: \A \ p \ A \ (p .\. q)\ + and disjI2_PL: \A \ q \ A \ (p .\. q)\ + and disjE_PL: \A \ p .\. q \ A \ p .\. r \ A \ q.\. r \ A \ r\ + + and equivI_PL: \A \ p .\. q \ A \ q .\. p \ A \ (p .\. q)\ + and equivE1_PL: \A \ p .\. q \ A \ p .\. q\ + and equivE2_PL: \A \ p .\. q \ A \ q .\. p\ + +\ \non intuitionistic rules\ + and absurd_PL: \A \ .\ (.\ p) \ A \ p\ + and ex_mid_PL: \A \ p .\. (.\ p)\ + +begin + +text \In the following, we will first retrieve the classical logic operators semantics coming from previous introduction and elimination rules\ + +lemma non_consistency: + assumes \A \ .\ p\ + and \A \ p\ + shows \A \ q\ + by (metis assms(1) assms(2) false_PL mp_PL notE_PL singleton_iff transitivity2_L) + +\ \this direct result brings directly many remarkable properties of implication (i.e. transitivity)\ +lemma imp_PL: \A \ p .\. q \ A \ {p} \ q\ + apply (intro iffI impI_PL) + apply(rule mp_PL[where p=p], meson UnI1 assumption_L transitivity2_L) + using assumption_L by auto + +lemma not_PL: \A \ .\ p \ A \ {p} \ \\ + using notE_PL notI_PL imp_PL by blast + +\ \Classical logic result\ +lemma notnot_PL: \A \ .\ (.\ p) \ A \ p\ + apply(rule iffI, simp add:absurd_PL) + by (meson mp_PL notE_PL Un_upper1 Un_upper2 assumption_L infer_def monotonicity_L not_PL singletonI subsetD) + +lemma conj_PL: \A \ p .\. q \ (A \ p \ A \ q)\ + using conjE1_PL conjE2_PL conjI_PL by blast + +lemma disj_PL: \A \ p .\. q \ A \ {.\ p} \ q\ +proof + assume a:\A \ p .\. q\ + have b:\A \ p .\. (.\ p .\. q)\ + by (intro impI_PL) (meson Un_iff assumption_L insertI1 non_consistency) + have c:\A \ q .\. (.\ p .\. q)\ + by (simp add: assumption_L impI_PL) + from a b c have \A \ .\ p .\. q\ + by (erule_tac disjE_PL) simp_all + then show \A \ {.\ p} \ q\ + using imp_PL by blast +next + assume a:\A \ {.\ p} \ q\ + hence b:\A \ .\ p .\. q\ by (simp add: impI_PL) + then show \A \ p .\. q\ + apply(rule_tac disjE_PL[OF ex_mid_PL, of A p \p .\. q\]) + by (auto simp add: assumption_L disjI2_PL disjI1_PL impI_PL imp_PL) +qed + +lemma equiv_PL:\A \ p .\. q \ (A \ {p} \ q \ A \ {q} \ p)\ + using imp_PL equivE1_PL equivE2_PL equivI_PL by blast + +corollary valid_imp_PL: \\ (p .\. q) = ({p} \ q)\ + and valid_not_PL: \\ (.\ p) = ({p} \ \)\ + and valid_conj_PL: \\ (p .\. q) = (\ p \ \ q)\ + and valid_disj_PL: \\ (p .\. q) = ({.\ p} \ q)\ + and valid_equiv_PL:\\ (p .\. q) = ({p} \ q \ {q} \ p)\ + using imp_PL not_PL conj_PL disj_PL equiv_PL valid_def by auto + +text\Second, we will combine each logical operator with the consequence operator \Cn\: it is a trick to profit from set theory to get many essential +lemmas without complex inferences\ +declare infer_def[simp] + +lemma nonemptyCn: \Cn(A) \ {}\ + using true_PL by auto + +lemma Cn_true: \Cn({\}) = Cn({})\ + using Cn_same true_PL by auto + +lemma Cn_false: \Cn({\}) = UNIV\ + using false_PL by auto + +lemma Cn_imp: \A \ (p .\. q) \ Cn({q}) \ Cn(A \ {p})\ + and Cn_imp_bis: \A \ (p .\. q) \ Cn(A \ {q}) \ Cn(A \ {p})\ + using Cn_same imp_PL idempotency_L inclusion_L infer_def subset_insertI by force+ + +lemma Cn_not: \A \ .\ p \ Cn(A \ {p}) = UNIV\ + using Cn_false Cn_imp notE_PL not_PL by fastforce + +lemma Cn_conj: \A \ (p .\. q) \ Cn({p}) \ Cn({q}) \ Cn(A)\ + apply(intro iffI conjI_PL, frule conjE1_PL, frule conjE2_PL) + using Cn_same Un_insert_right bot.extremum idempotency_L inclusion_L by auto + +lemma Cn_conj_bis: \Cn({p .\. q}) = Cn({p, q})\ + by (unfold Cn_same) + (meson Supraclassical_logic.conj_PL Supraclassical_logic_axioms insert_subset) + +lemma Cn_disj: \A \ (p .\. q) \ Cn({q}) \ Cn(A \ {.\ p})\ + and Cn_disj_bis: \A \ (p .\. q) \ Cn(A \ {q}) \ Cn(A \ {.\ p})\ + using disj_PL Cn_same imp_PL idempotency_L inclusion_L infer_def subset_insertI by force+ + +lemma Cn_equiv: \A \ (p .\. q) \ Cn(A \ {p}) = Cn(A \ {q})\ + by (metis Cn_imp_bis equivE1_PL equivE2_PL equivI_PL set_eq_subset) + +corollary valid_nonemptyCn: \Cn({}) \ {}\ + and valid_Cn_imp: \\ (p .\. q) \ Cn({q}) \ Cn({p})\ + and valid_Cn_not: \\ (.\ p) \ Cn({p}) = UNIV\ + and valid_Cn_conj: \\ (p .\. q) \ Cn({p}) \ Cn({q}) \ Cn({})\ + and valid_Cn_disj: \\ (p .\. q) \ Cn({q}) \ Cn({.\ p})\ + and valid_Cn_equiv: \\ (p .\. q) \ Cn({p}) = Cn({q})\ + using nonemptyCn Cn_imp Cn_not Cn_conj Cn_disj Cn_equiv valid_def by auto + +\ \Finally, we group additional lemmas that were essential in further proofs\ +lemma consistency: \Cn({p}) \ Cn({.\ p}) = Cn({})\ +proof + { fix q + assume \{p} \ q\ and \{.\ p} \ q\ + hence "{} \ p .\. q" and "{} \ (.\ p) .\. q" + using impI_PL by auto + hence \{} \ q\ + using ex_mid_PL by (rule_tac disjE_PL[where p=p and q=\.\ p\]) blast + } + then show \Cn({p}) \ Cn({.\ p}) \ Cn({})\ by (simp add: subset_iff) +next + show \Cn({}) \ Cn({p}) \ Cn({.\ p})\ by (simp add: monotonicity_L) +qed + +lemma Cn_notnot: \Cn({.\ (.\ \)}) = Cn({\})\ + by (metis (no_types, hide_lams) notnot_PL valid_Cn_equiv valid_equiv_PL) + +lemma conj_com: \A \ p .\. q \ A \ q .\. p\ + using conj_PL by auto + +lemma conj_com_Cn: \Cn({p .\. q}) = Cn({q .\. p})\ + by (simp add: Cn_conj_bis insert_commute) + +lemma disj_com: \A \ p .\. q \ A \ q .\. p\ +proof - + { fix p q + have \A \ p .\. q \ A \ q .\. p\ + apply(erule disjE_PL) + using assumption_L disjI2_PL disjI1_PL impI_PL by auto + } + then show ?thesis by auto +qed + +lemma disj_com_Cn: \Cn({p .\. q}) = Cn({q .\. p})\ + unfolding Cn_same using disj_com by simp + +lemma imp_contrapos: \A \ p .\. q \ A \ .\ q .\. .\ p\ + by (metis Cn_not Un_insert_left Un_insert_right imp_PL notnot_PL) + +lemma equiv_negation: \A \ p .\. q \ A \ .\ p .\. .\ q\ + using equivE1_PL equivE2_PL equivI_PL imp_contrapos by blast + +lemma imp_trans: \A \ p .\.q \ A \ q .\.r \ A \ p .\.r\ + using Cn_imp_bis by auto + +lemma imp_recovery0: \A \ p .\. (p .\. q)\ + apply(subst disj_PL, subst imp_contrapos) + using assumption_L impI_PL by auto + +lemma imp_recovery1: \A \ {p .\. q} \ p \ A \ p\ + using disjE_PL[OF imp_recovery0, of A p p q] assumption_L imp_PL by auto + +lemma imp_recovery2: \A \ p .\. q \ A \ (q .\. p) .\. p \ A \ q\ + using imp_PL imp_recovery1 imp_trans by blast + +lemma impI2: \A \ q \ A \ p .\. q\ + by (meson assumption_L impI_PL in_mono sup_ge1 transitivity2_L) + +lemma conj_equiv: \A \ p \ A \ ((p .\. q) .\. q)\ + by (metis Un_insert_right assumption_L conjE2_PL conjI_PL equiv_PL impI2 imp_PL insertI1 sup_bot.right_neutral) + +lemma conj_imp: \A \ (p .\. q) .\. r \ A \ p .\. (q .\. r)\ +proof + assume "A \ (p .\. q) .\. r" + then have "Cn (A \ {r}) \ Cn (A \ {p, q})" + by (metis (no_types) Cn_conj_bis Cn_imp_bis Cn_union Un_insert_right sup_bot.right_neutral) + then show \A \ p .\. (q .\. r)\ + by (metis Un_insert_right impI_PL inclusion_L infer_def insert_commute insert_subset subset_eq sup_bot.right_neutral) +next + assume "A \ p .\. (q .\. r)" + then have "A \ {p} \ {q} \ r" + using imp_PL by auto + then show "A \ (p .\. q) .\. r" + by (metis (full_types) Cn_conj_bis Cn_union impI_PL infer_def insert_is_Un sup_assoc) +qed + +lemma conj_not_impE_PL: \A \ (p .\. q) .\. r \ A \ (p .\. .\ q) .\. r \ A \ p .\. r\ + by (meson conj_imp disjE_PL ex_mid_PL imp_PL) + +lemma disj_notE_PL: \A \ q \ A \ p .\. .\ q \ A \ p\ + using Cn_imp Cn_imp_bis Cn_not disjE_PL notnot_PL by blast + +lemma disj_not_impE_PL: \A \ (p .\. q) .\. r \ A \ (p .\. .\ q) .\. r \ A \ r\ + by (metis Un_insert_right disjE_PL disj_PL disj_com ex_mid_PL insert_commute sup_bot.right_neutral) + +lemma imp_conj: \A \ p .\. q \ A \ r .\. s \ A \ (p .\. r) .\. (q .\. s)\ + apply(intro impI_PL conjI_PL, unfold imp_PL[symmetric]) + by (meson assumption_L conjE1_PL conjE2_PL imp_trans infer_def insertI1 validD_L valid_imp_PL)+ + +lemma conj_overlap: \A \ (p .\. q) \ A \ (p .\. ((.\ p) .\. q))\ + by (meson conj_PL disjI2_PL disj_com disj_notE_PL) + +lemma morgan: \A \ .\ (p .\. q) \ A \ (.\ p) .\. (.\ q)\ + by (meson conj_imp disj_PL disj_com imp_PL imp_contrapos notE_PL notI_PL) + +lemma conj_superexpansion1: \A \ .\ (p .\. q) .\. .\ p \ A \ .\ p\ + using conj_PL disjI1_PL morgan by auto + +lemma conj_superexpansion2: \A \ (p .\. q) .\. p \ A \ p\ + using conj_PL disjI1_PL by auto + +end + +subsection \Compact Logic\ +text\If the logic is compact, which means that any result is based on a finite set of hypothesis\ +locale Compact_logic = Tarskian_logic + + assumes compactness_L: \A \ \ \ (\A'. A'\ A \ finite A' \ A'\ \)\ + +begin + +text \Very important lemma preparing the application of the Zorn's lemma. It states that in a compact logic, we can not deduce \\\ +if we accumulate an infinity of hypothesis groups which locally do not deduce phi\ +lemma chain_closure: \\ \ \ \ subset.chain {B. \ B \ \} C \ \ \C \ \\ +proof + assume a:\subset.chain {B. \ B \ \} C\ and b:\\ \ \\ and \\ C \ \\ + then obtain A' where c:\A'\ \ C\ and d:\finite A'\ and e:\A' \ \\ using compactness_L by blast + define f where f:\f \ \a. SOME B. B \ C \ a \ B\ + have g:\finite (f ` A')\ using f d by simp + have h:\(f ` A') \ C\ + unfolding f by auto (metis (mono_tags, lifting) Union_iff c someI_ex subset_eq) + have i:\subset.chain {B. \ B \ \} (f ` A')\ using a h + using a h by (meson subsetD subset_chain_def subset_trans) + have \A' \ {} \ \ (f ` A') \ {B. \ B \ \}\ using g i + by (meson Union_in_chain image_is_empty subset_chain_def subset_eq) + hence j:\A' \ {} \ \ \(f ` A') \ \\ by simp + have \A' \ \(f ` A')\ + unfolding f by auto (metis (no_types, lifting) Union_iff c someI_ex subset_iff) + with j e b show False + by (metis infer_def monotonicity_L subsetD valid_def) +qed + +end + +end + + diff --git a/thys/Belief_Revision/AGM_Remainder.thy b/thys/Belief_Revision/AGM_Remainder.thy new file mode 100644 --- /dev/null +++ b/thys/Belief_Revision/AGM_Remainder.thy @@ -0,0 +1,167 @@ +(*<*) +\\ ******************************************************************** + * Project : AGM Theory + * Version : 1.0 + * + * Authors : Valentin Fouillard, Safouan Taha, Frederic Boulanger + and Nicolas Sabouret + * + * This file : AGM Remainders + * + * Copyright (c) 2021 Université Paris Saclay, France + * + ******************************************************************************\ + +theory AGM_Remainder + +imports AGM_Logic + +begin + +(*>*) + + + +section \Remainders\ + +text\In AGM, one important feature is to eliminate some proposition from a set of propositions by ensuring +that the set of retained clauses is maximal and that nothing among these clauses allows to retrieve the eliminated proposition\ + +subsection \Remainders in a Tarskian logic\ +text \In a general context of a Tarskian logic, we consider a descriptive definition (by comprehension)\ +context Tarskian_logic + +begin +definition remainder::\'a set \ 'a \ 'a set set\ (infix \.\.\ 55) + where rem: \A .\. \ \ {B. B \ A \ \ B \ \ \ (\B'\ A. B \ B' \ B' \ \)}\ + +lemma rem_inclusion: \B \ A .\. \ \ B \ A\ + by (auto simp add:rem split:if_splits) + +lemma rem_closure: "K = Cn(A) \ B \ K .\. \ \ B = Cn(B)" + apply(cases \K .\. \ = {}\, simp) + by (simp add:rem infer_def) (metis idempotency_L inclusion_L monotonicity_L psubsetI) + +lemma remainder_extensionality: \Cn({\}) = Cn({\}) \ A .\. \ = A .\. \\ + unfolding rem infer_def apply safe + by (simp_all add: Cn_same) blast+ + +lemma nonconsequence_remainder: \A .\. \ = {A} \ \ A \ \\ + unfolding rem by auto + +\ \As we will see further, the other direction requires compactness!\ +lemma taut2emptyrem: \\ \ \ A .\. \ = {}\ + unfolding rem by (simp add: infer_def validD_L) + +end + +subsection \Remainders in a supraclassical logic\ +text\In case of a supraclassical logic, remainders get impressive properties\ +context Supraclassical_logic + +begin + +\ \As an effect of being maximal, a remainder keeps the eliminated proposition in its propositions hypothesis\ +lemma remainder_recovery: \K = Cn(A) \ K \ \ \ B \ K .\. \ \ B \ \ .\. \\ +proof - + { fix \ and B + assume a:\K = Cn(A)\ and c:\\ \ K\ and d:\B \ K .\. \\ and e:\\ .\. \ \ Cn(B)\ + with a have f:\\ .\. \ \ K\ using impI2 infer_def by blast + with d e have \\ \ Cn(B \ {\ .\. \})\ + apply (simp add:rem, elim conjE) + by (metis dual_order.order_iff_strict inclusion_L insert_subset) + with d have False using rem imp_recovery1 + by (metis (no_types, lifting) CollectD infer_def) + } + thus \K = Cn(A) \ K \ \ \ B \ K .\. \ \ B \ \ .\. \\ + using idempotency_L by auto +qed + +\ \When you remove some proposition \\\ several other propositions can be lost. +An important lemma states that the resulting remainder is also a remainder of any lost proposition\ +lemma remainder_recovery_bis: \K = Cn(A) \ K \ \ \ \ B \ \ \ B \ K .\. \ \ B \ K .\. \\ +proof- + assume a:\K = Cn(A)\ and b:\\ B \ \\ and c:\B \ K .\. \\ and d:\K \ \\ + hence d:\B \ \ .\. \\ using remainder_recovery by simp + with c show \B \ K .\. \\ + by (simp add:rem) (meson b dual_order.trans infer_def insert_subset monotonicity_L mp_PL order_refl psubset_imp_subset) +qed + +corollary remainder_recovery_imp: \K = Cn(A) \ K \ \ \ \ (\ .\. \) \ B \ K .\. \ \ B \ K .\. \\ + apply(rule remainder_recovery_bis, simp_all) + by (simp add:rem) (meson infer_def mp_PL validD_L) + +\ \If we integrate back the eliminated proposition into the remainder, we retrieve the original set!\ +lemma remainder_expansion: \K = Cn(A) \ K \ \ \ \ B \ \ \ B \ K .\. \ \ B \ \ = K\ +proof + assume a:\K = Cn(A)\ and b:\K \ \\ and c:\\ B \ \\ and d:\B \ K .\. \\ + then show \B \ \ \ K\ + by (metis Un_insert_right expansion_def idempotency_L infer_def insert_subset + monotonicity_L rem_inclusion sup_bot.right_neutral) +next + assume a:\K = Cn(A)\ and b:\K \ \\ and c:\\ B \ \\ and d:\B \ K .\. \\ + { fix \ + assume \\ \ K\ + hence e:\B \ \ .\.\\ using remainder_recovery[OF a _ d, of \] assumption_L by blast + have \\ \ K\ using a b idempotency_L infer_def by blast + hence f:\B \ {\} \ \\ using b c d apply(simp add:rem) + by (meson inclusion_L insert_iff insert_subsetI less_le_not_le subset_iff) + from e f have \B \ {\} \ \\ using imp_PL imp_trans by blast + } + then show \K \ B \ \\ + by (simp add: expansion_def subsetI) +qed + +text\To eliminate a conjunction, we only need to remove one side\ +lemma remainder_conj: \K = Cn(A) \ K \ \ .\. \ \ K .\. (\ .\. \) = (K .\. \) \ (K .\. \)\ + apply(intro subset_antisym Un_least subsetI, simp add:rem) + apply (meson conj_PL infer_def) + using remainder_recovery_imp[of K A \\ .\. \\ \] + apply (meson assumption_L conjE1_PL singletonI subsetI valid_imp_PL) + using remainder_recovery_imp[of K A \\ .\. \\ \] + by (meson assumption_L conjE2_PL singletonI subsetI valid_imp_PL) + +end + +subsection \Remainders in a compact logic\ +text\In case of a supraclassical logic, remainders get impressive properties\ +context Compact_logic +begin + +text \The following lemma is the Lindembaum's lemma requiring the Zorn's lemma (already available in standard Isabelle/HOL). + For more details, please refer to the book "Theory of logical calculi" @{cite wojcicki2013theory}. +This very important lemma states that we can get a maximal set (remainder \B'\) starting from any set +\B\ if this latter does not infer the proposition \\\ we want to eliminate\ +lemma upper_remainder: \B \ A \ \ B \ \ \ \B'. B \ B' \ B' \ A .\. \\ +proof - + assume a:\B \ A\ and b:\\ B \ \\ + have c:\\ \ \\ + using b infer_def validD_L by blast + define \ where "\ \ {B'. B \ B' \ B' \ A \ \ B' \ \}" + have d:\subset.chain \ C \ subset.chain {B. \ B \ \} C\ for C + unfolding \_def + by (simp add: le_fun_def less_eq_set_def subset_chain_def) + have e:\C \ {} \ subset.chain \ C \ B \ \ C\ for C + by (metis (no_types, lifting) \_def subset_chain_def less_eq_Sup mem_Collect_eq subset_iff) + { fix C + assume f:\C \ {}\ and g:\subset.chain \ C\ + have \\ C \ \\ + using \_def e[OF f g] chain_closure[OF c d[OF g]] + by simp (metis (no_types, lifting) CollectD Sup_least Sup_subset_mono g subset.chain_def subset_trans) + } note f=this + have \subset.chain \ C \ \U\\. \X\C. X \ U\ for C + apply (cases \C \ {}\) + apply (meson Union_upper f) + using \_def a b by blast + with subset_Zorn[OF this, simplified] obtain B' where f:\B'\ \ \ (\X\\. B' \ X \ X = B')\ by auto + then show ?thesis + by (simp add:rem \_def, rule_tac x=B' in exI) (metis psubsetE subset_trans) +qed + +\ \An immediate corollary ruling tautologies\ +corollary emptyrem2taut: \A .\. \ = {} \ \ \\ + by (metis bot.extremum empty_iff upper_remainder valid_def) + +end + +end diff --git a/thys/Belief_Revision/AGM_Revision.thy b/thys/Belief_Revision/AGM_Revision.thy new file mode 100755 --- /dev/null +++ b/thys/Belief_Revision/AGM_Revision.thy @@ -0,0 +1,236 @@ +(*<*) +\\ ******************************************************************** + * Project : AGM Theory + * Version : 1.0 + * + * Authors : Valentin Fouillard, Safouan Taha, Frederic Boulanger + and Nicolas Sabouret + * + * This file : AGM revision + * + * Copyright (c) 2021 Université Paris Saclay, France + * + ******************************************************************************\ + +theory AGM_Revision + +imports AGM_Contraction + +begin +(*>*) + +section \Revisions\ +text \The third operator of belief change introduce by the AGM framework is the revision. In revision a sentence +@{term \\\} is added to the belief set @{term \K\} in such a way that other sentences +of @{term \K\} are removed if needed so that @{term \K\} is consistent\ + +subsection \AGM revision postulates\ + +text \The revision operator is denoted by the symbol @{text \\<^bold>*\} and respect the following conditions : +\<^item> @{text \revis_closure\} : a belief set @{term \K\} revised by @{term \\\} should be logically closed +\<^item> @{text \revis_inclusion\} : a belief set @{term \K\} revised by @{term \\\} should be a subset of @{term \K\} expanded by @{term \\\} +\<^item> @{text \revis_vacuity\} : if @{text \\\\} is not in @{term \K\} then the revision of @{term \K\} by @{term \\\} is equivalent of the expansion of @{term \K\} by @{term \\\} +\<^item> @{text \revis_success\} : a belief set @{term \K\} revised by @{term \\\} should contain @{term \\\} +\<^item> @{text \revis_extensionality\} : Extensionality guarantees that the logic of contraction is extensional in the sense of allowing logically equivalent sentences to be freely substituted for each other +\<^item> @{text \revis_consistency\} : a belief set @{term \K\} revised by @{term \\\} is consistent if @{term \\\} is consistent\ +locale AGM_Revision = Supraclassical_logic + + +fixes revision:: \'a set \ 'a \ 'a set\ (infix \\<^bold>*\ 55) + +assumes revis_closure: \K = Cn(A) \ K \<^bold>* \ = Cn(K \<^bold>* \)\ + and revis_inclusion: \K = Cn(A) \ K \<^bold>* \ \ K \ \\ + and revis_vacuity: \K = Cn(A) \ .\ \ \ K \ K \ \ \ K \<^bold>* \\ + and revis_success: \K = Cn(A) \ \ \ K \<^bold>* \\ + and revis_extensionality: \K = Cn(A) \ Cn({\}) = Cn({\}) \ K \<^bold>* \ = K \<^bold>* \\ + and revis_consistency: \K = Cn(A) \ .\ \ \ Cn({}) \ \ \ K \<^bold>* \\ + +text\A full revision is defined by two more postulates : +\<^item> @{text \revis_superexpansion\} : An element of @{text \ K \<^bold>* (\ .\. \)\} is also an element of @{term \K\} revised by @{term \\\} and expanded by @{term \\\} +\<^item> @{text \revis_subexpansion\} : An element of @{text \(K \<^bold>* \) \ \\} is also an element of @{term \K\} revised by @{text \\ .\. \\} if @{text \(K \<^bold>* \)\} do not imply @{text \\ \\} +\ +locale AGM_FullRevision = AGM_Revision + + assumes revis_superexpansion: \K = Cn(A) \ K \<^bold>* (\ .\. \) \ (K \<^bold>* \) \ \\ + and revis_subexpansion: \K = Cn(A) \ .\ \ \ (K \<^bold>* \) \ (K \<^bold>* \) \ \ \ K \<^bold>* (\ .\. \)\ + +begin + +\ \important lemmas/corollaries that can replace the previous assumptions\ +corollary revis_superexpansion_ext : \K = Cn(A) \ (K \<^bold>* \) \ (K \<^bold>* \) \ (K \<^bold>* (\ .\. \))\ +proof(intro subsetI, elim IntE) + fix \ + assume a:\K = Cn(A)\ and b:\\ \ (K \<^bold>* \)\ and c:\\ \ (K \<^bold>* \)\ + have \ Cn({(\' .\. \') .\. \'}) = Cn({\'})\ for \' \' + using conj_superexpansion2 by (simp add: Cn_same) + hence d:\K \<^bold>* \' \ (K \<^bold>* (\' .\. \')) \ \'\ for \' \' + using revis_superexpansion[OF a, of \\' .\. \'\ \'] revis_extensionality a by metis + hence \\ .\. \ \ (K \<^bold>* (\ .\. \))\ and \\ .\. \ \ (K \<^bold>* (\ .\. \))\ + using d[of \ \] d[of \ \] revis_extensionality[OF a disj_com_Cn, of \ \] + using imp_PL a b c expansion_def revis_closure by fastforce+ + then show c:\\ \ (K \<^bold>* (\ .\. \))\ + using disjE_PL a revis_closure revis_success by fastforce +qed + +end + +subsection \Relation of AGM revision and AGM contraction \ + +text\The AGM contraction of @{term \K\} by @{term \\\} can be defined as the AGM revision of @{term \K\} by @{text \\\\} +intersect with @{term \K\} (to remove @{text \\\\} from K revised). This definition is known as Harper identity @{cite "Harper1976"}\ +sublocale AGM_Revision \ AGM_Contraction where contraction = \\K \. K \ (K \<^bold>* .\ \)\ +proof(unfold_locales, goal_cases) + case closure:(1 K A \) + then show ?case + by (metis Cn_inter revis_closure) +next + case inclusion:(2 K A \) + then show ?case by blast +next + case vacuity:(3 K A \) + hence \.\ (.\ \) \ K\ + using absurd_PL infer_def by blast + hence \K \ (K \<^bold>* .\ \)\ + using revis_vacuity[where \=\.\ \\] expansion_def inclusion_L vacuity(1) by fastforce + then show ?case + by fast +next + case success:(4 K A \) + hence \.\ (.\ \) \ Cn({})\ + using infer_def notnot_PL by blast + hence a:\\ \ K \<^bold>* (.\ \)\ + by (simp add: revis_consistency success(1)) + have \.\ \ \ K \<^bold>* (.\ \)\ + by (simp add: revis_success success(1)) + with a have \\ \ K \<^bold>* (.\ \)\ + using infer_def non_consistency revis_closure success(1) by blast + then show ?case + by simp +next + case recovery:(5 K A \) + show ?case + proof + fix \ + assume a:\\ \ K\ + hence b:\\ .\. \ \ K\ using impI2 recovery by auto + have \.\ \ .\. .\ \ \ K \<^bold>* .\ \\ + using impI2 recovery revis_closure revis_success by fastforce + hence \\ .\. \ \ K \<^bold>* .\ \\ + using imp_contrapos recovery revis_closure by fastforce + with b show \\ \ Cn (K \ (K \<^bold>* .\ \) \ {\})\ + by (meson Int_iff Supraclassical_logic.imp_PL Supraclassical_logic_axioms inclusion_L subsetD) + qed +next + case extensionality:(6 K A \ \) + hence \Cn({.\ \}) = Cn({.\ \})\ + using equiv_negation[of \{}\ \ \] valid_Cn_equiv valid_def by auto + hence \(K \<^bold>* .\ \) = (K \<^bold>* .\ \)\ + using extensionality(1) revis_extensionality by blast + then show ?case by simp +qed + + +locale AGMC_S = AGM_Contraction + Supraclassical_logic + +text\The AGM revision of @{term \K\} by @{term \\\} can be defined as the AGM contraction of @{term \K\} by @{text \\\\} +followed by an expansion by @{term \\\}. This definition is known as Levi identity @{cite "Levi1977SubjunctivesDA"}.\ +sublocale AGMC_S \ AGM_Revision where revision = \\K \. (K \
.\ \) \ \\ +proof(unfold_locales, goal_cases) + case closure:(1 K A \) + then show ?case + by (simp add: expansion_def idempotency_L) +next + case inclusion:(2 K A \) + have "K \
.\ \ \ K \ {\}" + using contract_inclusion inclusion by auto + then show ?case + by (simp add: expansion_def monotonicity_L) +next + case vacuity:(3 K A \) + then show ?case + by (simp add: contract_vacuity expansion_def) +next + case success:(4 K A \) + then show ?case + using assumption_L expansion_def by auto +next + case extensionality:(5 K A \ \) + hence \Cn({.\ \}) = Cn({.\ \})\ + using equiv_negation[of \{}\ \ \] valid_Cn_equiv valid_def by auto + hence \(K \
.\ \) = (K \
.\ \)\ + using contract_extensionality extensionality(1) by blast + then show ?case + by (metis Cn_union expansion_def extensionality(2)) +next + case consistency:(6 K A \) + then show ?case + by (metis contract_closure contract_success expansion_def infer_def not_PL) +qed + +text\The relationship between AGM full revision and AGM full contraction is the same as the relation between AGM revison and AGM contraction\ +sublocale AGM_FullRevision \ AGM_FullContraction where contraction = \\K \. K \ (K \<^bold>* .\ \)\ +proof(unfold_locales, goal_cases) + case conj_overlap:(1 K A \ \) + have a:\Cn({.\ (\ .\. \)}) = Cn({(.\ \) .\. (.\ \)})\ + using Cn_same morgan by simp + show ?case (is ?A) + using revis_superexpansion_ext[OF conj_overlap(1), of \.\ \\ \.\ \\] + revis_extensionality[OF conj_overlap(1) a] by auto +next + case conj_inclusion:(2 K A \ \) + have a:\Cn({.\ (\ .\. \) .\. .\ \}) = Cn({.\ \})\ + using conj_superexpansion1 by (simp add: Cn_same) + from conj_inclusion show ?case + proof(cases \\ \ K\) + case True + hence b:\.\ (.\ \) \ K \<^bold>* .\ (\ .\. \)\ + using absurd_PL conj_inclusion revis_closure by fastforce + show ?thesis + using revis_subexpansion[OF conj_inclusion(1) b] revis_extensionality[OF conj_inclusion(1) a] + expansion_def inclusion_L by fastforce + next + case False + then show ?thesis + by (simp add: conj_inclusion(1) contract_vacuity) + qed +qed + + +locale AGMFC_S = AGM_FullContraction + AGMC_S + +sublocale AGMFC_S \ AGM_FullRevision where revision = \\K \. (K \
.\ \) \ \\ +proof(unfold_locales, safe, goal_cases) + case super:(1 K A \ \ \) + hence a:\(\ .\. \) .\. \ \ Cn(Cn(A) \
.\ (\ .\. \))\ + using Supraclassical_logic.imp_PL Supraclassical_logic_axioms expansion_def by fastforce + have b:\(\ .\. \) .\. \ \ Cn({.\ (\ .\. \)})\ + by (meson Supraclassical_logic.imp_recovery0 Supraclassical_logic.valid_disj_PL Supraclassical_logic_axioms) + have c:\(\ .\. \) .\. \ \ Cn(A) \
(.\ (\ .\. \) .\. .\ \)\ + using contract_conj_overlap_variant[of \Cn(A)\ A \.\ (\ .\. \)\ \.\ \\] a b + using AGM_Contraction.contract_closure AGM_FullContraction_axioms AGM_FullContraction_def by fastforce + have d:\Cn({.\ (\ .\. \) .\. .\ \}) = Cn({.\ \})\ + using conj_superexpansion1 by (simp add: Cn_same) + hence e:\(\ .\. \) .\. \ \ Cn(A) \
.\ \\ + using AGM_Contraction.contract_extensionality[OF _ _ d] c + AGM_FullContraction_axioms AGM_FullContraction_def by fastforce + hence f:\\ .\. (\ .\. \) \ Cn(A) \
.\ \\ + using conj_imp AGM_Contraction.contract_closure AGM_FullContraction_axioms AGM_FullContraction_def conj_imp by fastforce + then show ?case + by (metis assumption_L expansion_def imp_PL infer_def) +next + case sub:(2 K A \ \ \) + hence a:\\ .\. (\ .\. \) \ Cn(A) \
.\ \\ + by (metis AGMC_S.axioms(1) AGMC_S_axioms AGM_Contraction.contract_closure expansion_def impI_PL infer_def revis_closure) + have b:\Cn({.\ (\ .\. \) .\. .\ \}) = Cn({.\ \})\ + using conj_superexpansion1 by (simp add: Cn_same) + have c:\.\ (\ .\. \) \ Cn A \
(.\ \)\ + using sub(1) by (metis assumption_L conj_imp expansion_def imp_PL infer_def not_PL) + have c:\Cn(A) \
.\ \ \ Cn(A) \
(.\ (\ .\. \))\ + using contract_conj_inclusion[of \Cn(A)\ A \.\ (\ .\. \)\ \.\ \\] + by (metis AGM_Contraction.contract_extensionality AGM_FullContraction.axioms(1) AGM_FullContraction_axioms b c) + then show ?case + by (metis a assumption_L conj_imp expansion_def imp_PL in_mono infer_def) +qed + + +end + + diff --git a/thys/Belief_Revision/ROOT b/thys/Belief_Revision/ROOT new file mode 100644 --- /dev/null +++ b/thys/Belief_Revision/ROOT @@ -0,0 +1,15 @@ +chapter AFP + +session "Belief_Revision" (AFP) = HOL + + options [timeout=600] + theories + AGM_Logic + AGM_Contraction + AGM_Revision + AGM_Remainder + document_files + "root.tex" + "adb-long.bib" + "root.bib" + "graph_locales.pdf" + diff --git a/thys/Belief_Revision/document/adb-long.bib b/thys/Belief_Revision/document/adb-long.bib new file mode 100644 --- /dev/null +++ b/thys/Belief_Revision/document/adb-long.bib @@ -0,0 +1,80 @@ +% $Id: adb-long.bib 6518 2010-01-24 14:18:10Z brucker $ +@PREAMBLE{ {\providecommand{\ac}[1]{\textsc{#1}} } + # {\providecommand{\acs}[1]{\textsc{#1}} } + # {\providecommand{\acf}[1]{\textsc{#1}} } + # {\providecommand{\TAP}{T\kern-.1em\lower-.5ex\hbox{A}\kern-.1em P} } + # {\providecommand{\leanTAP}{\mbox{\sf lean\it\TAP}} } + # {\providecommand{\holz}{\textsc{hol-z}} } + # {\providecommand{\holocl}{\textsc{hol-ocl}} } + # {\providecommand{\isbn}{\textsc{isbn}} } + # {\providecommand{\Cpp}{C++} } + # {\providecommand{\Specsharp}{Spec\#} } + # {\providecommand{\doi}[1]{\href{http://dx.doi.org/#1}{doi: + {\urlstyle{rm}\nolinkurl{#1}}}}} } +@STRING{conf-tphols="\acs{tphols}" } +@STRING{iso = {International Organization for Standardization} } +@STRING{j-ar = "Journal of Automated Reasoning" } +@STRING{j-cacm = "Communications of the \acs{acm}" } +@STRING{j-acta-informatica = "Acta Informatica" } +@STRING{j-sosym = "Software and Systems Modeling" } +@STRING{j-sttt = "International Journal on Software Tools for Technology" } +@STRING{j-ist = "Information and Software Technology" } +@STRING{j-toplas= "\acs{acm} Transactions on Programming Languages and + Systems" } +@STRING{j-tosem = "\acs{acm} Transactions on Software Engineering and + Methodology" } +@STRING{j-eceasst="Electronic Communications of the \acs{easst}" } +@STRING{j-fac = "Formal Aspects of Computing" } +@STRING{j-ucs = "Journal of Universal Computer Science" } +@STRING{j-sl = "Journal of Symbolic Logic" } +@STRING{j-fp = "Journal of Functional Programming" } +@STRING{j-tkde = {\acs{ieee} Transaction on Knowledge and Data Engineering} } +@STRING{j-tse = {\acs{ieee} Transaction on Software Engineering} } +@STRING{j-entcs = {Electronic Notes in Theoretical Computer Science} } +@STRING{s-lnai = "Lecture Notes in Computer Science" } +@STRING{s-lncs = "Lecture Notes in Computer Science" } +@STRING{s-lnbip = "Lecture Notes in Business Information Processing" } +@String{j-computer = "Computer"} +@String{j-tissec = "\acs{acm} Transactions on Information and System Security"} +@STRING{omg = {Object Management Group} } +@STRING{j-ipl = {Information Processing Letters} } +@STRING{j-login = ";login: the USENIX Association newsletter" } + +@STRING{PROC = "Proceedings of the " } + + +% Publisher: +% ========== +@STRING{pub-awl = {Addison-Wesley Longman, Inc.} } +@STRING{pub-awl:adr={Reading, MA, \acs{usa}} } +@STRING{pub-springer={Springer-Verlag} } +@STRING{pub-springer:adr={Heidelberg} } +@STRING{pub-cup = {Cambridge University Press} } +@STRING{pub-cup:adr={New York, \acs{ny}, \acs{usa}} } +@STRING{pub-mit = {\acs{mit} Press} } +@STRING{pub-mit:adr={Cambridge, Massachusetts} } +@STRING{pub-springer-ny={Springer-Verlag} } +, +@STRING{pub-springer-netherlands={Springer Netherlands} } +@STRING{pub-springer-netherlands:adr={} } +@STRING{pub-springer-ny:adr={New York, \acs{ny}, \acs{usa}} } +@STRING{pub-springer-london={Springer-Verlag} } +@STRING{pub-springer-london:adr={London} } +@STRING{pub-ieee= {\acs{ieee} Computer Society} } +@STRING{pub-ieee:adr={Los Alamitos, \acs{ca}, \acs{usa}} } +@STRING{pub-prentice={Prentice Hall, Inc.} } +@STRING{pub-prentice:adr={Upper Saddle River, \acs{nj}, \acs{usa}} } +@STRING{pub-acm = {\acs{acm} Press} } +@STRING{pub-acm:adr={New York, \acs{ny} \acs{usa}} } +@STRING{pub-oxford={Oxford University Press, Inc.} } +@STRING{pub-oxford:adr={New York, \acs{ny}, \acs{usa}} } +@STRING{pub-kluwer={Kluwer Academic Publishers} } +@STRING{pub-kluwer:adr={Dordrecht} } +@STRING{pub-elsevier={Elsevier Science Publishers} } +@STRING{pub-elsevier:adr={Amsterdam} } +@STRING{pub-north={North-Holland Publishing Co.} } +@STRING{pub-north:adr={Nijmegen, The Netherlands} } +@STRING{pub-ios = {\textsc{ios} Press} } +@STRING{pub-ios:adr={Amsterdam, The Netherlands} } +@STRING{pub-heise={Heise Zeitschriften Verlag} } +@STRING{pub-heise:adr={Hannover, Germany} } diff --git a/thys/Belief_Revision/document/graph_locales.pdf b/thys/Belief_Revision/document/graph_locales.pdf new file mode 100755 index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..de82b63fc62377704afc6b23a3a81da12b89981e GIT binary patch literal 13771 zc$|fM1yo!~vv3IR?l!mum>JyNEx0>_J40{?4uL?>;1b+|y9Rf6w-5p$3GVR2?!NEs z+kNl+bIzUauBxu8F1tPF)X=?_lx797aiP%l3YN+{pqWER5m?b%mHZpm=7q>nX&pNTYQeYVRAE6iJMe z0@3V^;Jp=UMKQ%3{iqi4tl92w?+2%3^}OyTUvdSNJLpNc$olUN#8u=TZ){~x#mwuB zo6~~nrc&hn?jLS{A7buoz`j5Eb(o%<9#M zO3O~b@uSs`gG0lk8&2QyhklW()3KRNZAL#$K>gFlP-^5i?TYJ^MD03@qaDQ?2w)5tK zJb$Um4aWlf- z3OR@8XV6I`yoze@zLY-9dXw2-S~V1pz)k!!oVlw)l7l;9h4@BOCqt)enMB50iQbn#+SL}yGSeAfXZ)}1K?;Ko|KG}&3^yVORj+XZD_ew$N z%JIDfbFw#Kr}f>V@wsxzn)+itG%m&?%6Wl+^jBT1gKmen8FY;=7|B&91`e)`Sl;z7 zefmmFlE0ouIrHj+s|fOI4jiVh?ny>t@utajQl#~_E0gWz2X#3bkp-9pp2+RdGE2*^ zqx1%CS0cmR&h5uI=j(q28Sf#}BJLy*YQJqLBmz2j36qNnXKDg;#0!U@LDS?(=D|+* z#L_6f*qo=-=}5`t3r&Jw4{P?kng|4$SoiNIzbnb&uy1*Z71DNCW`Cl)P6|a!mJ$`O znOdCmw7?KmkfV1AUbLNZ$F-U^<7i{(axXPHpaLZIXo`G3F6kYtad~M9?P*a7*Hb7U z&`@B=DNG-oB}Zs$DxT`cV3Mhir)lq&UrZcXmiH9xeno;Cx}eJ!i0L3h)VbOZqdS+{ z@Pj8obwV~Bw|lppBAy-#spl&j zGur^bP>E6@cLlUi)Dr%P&18Oyo^nY&SwgG!Gj8fy(tMZI+~QK6g8?}LqRg`HN*z&6 zedE>C7RQ=SEg6H=Or&Zabx>xai);igP&yd%ld|TLA8Lfb#h6C%#WP_+Z>Si`pz!sy z$W}TWY5%A%km*_Grh>uMAYJ#XC>R^`vQ>smJh|H4yvLi2rifdz!bm(9(w{8g?U@Dj zE1+G`Oh8BVi^-t_y$>qIv#{bblZblGVhVxx`F%pbX=gg(Gz;Cjxz=>ijVU%(!oyEz zuJWcKNb}U4@&Vl2Ufi~|3@k22*#r)=)JmbpP0^#gbKWK%zBkK;5q3m!dz=#!i*Ed7 zUlocNXKWTU^~FH)3pxSgI?~+9#RHhDwe?`b3DX+6an}PhzRUrkWtr=I?s@jz(ap5n z#Hny)6>2u31G^={pw~BWYEBO^c};j1<9Uu&0I4wKbE-sw($pxmY8-%D*;`NvAHHl> zfBj!sYKP^{-pWS(?rf4wQ`cr3o%q#2P+IRhmX0u%uB6Pl@eWv>7cDaSmhr*e9N&^E z;rP+0s^}I{AJ}$juTtSXkrHXwJel2&Uz{gbTM~mMrt=UH0%Em>8Yicc;6g0pJ>#{~ z&ori(Vbh;$TvpT{^ACJ_ zDq0HM2%H|427}g4jD*IbQpCrLY1&Nnf%}b6|AqvMm%M97@CwcQlQf|n9(b@8ZLnbF z5y2aJp*Josz2OU`!SM*>(k2E7@D4Z@JG5I7Rm`{ONC^sFacD|4<;%9~u?aqUZ?GAN z_@*?7?^145X#MK77oGSKa<@t|wr)P*$YoMOvA;LYtV1p5;EYa2``lgUYxi`4W=sSO}5K9g@&KsEKJLqVxY z$&9HiT~?hi#4ozuus*ZOLS{*!7!>zTnSF<1niLPTGVY)FV{?1gYdKbjJ-_Q(@MysN zrPUjGZ!J6h{nuV9OlG&J%uaBPj{Hy?V=|hEegiGW zf$}O7uj~se3#RhVPiRpXDN|v3@x4vaONmgHi6fXHxX@!4@2yast>-l=Bh-IMOYuQM zM74`f`J5Vp8Ob5#Gm6|?a=yKDMLBtfTZ95}wD{|4^)!3FjiGS-bu9yP@N)hK$n~$g z8u$NkSNjVO0)RL@5IS6h><3X7L=x&OqC+a)Iu%x5onE zpwt5X^mVDqWyst8%ln@mk1ayqv-mZO4rWVA)r*v^J{^q&^~&-iDfEUFJp5jvY(FKT z+U2D(anPZ_Up(=s#rjDTqPsxksCToOdpLp9&4v3(XmPfsrkZE$(Mmj8S)5EDE%>2p zs)WTAiP#+vqG&DMJ2p+OXHSDkywt|&eF{D7iNygg#~cmlOQ1j0UjAyvU2%PER=DR0 zPhTuSqcR^|Bv`&v2#%$n_YXf36vrV5mx$Z9bnSaVwbN?h-6TZR;V~cBvlxTjtt>;f zDbo>+WV_4Vpew$ed_ai+;UpnQCuZ$JeG)8qTlUN4yQmQ&b%De zJs?d`LRV|Rs~++LeY6&B=J5shPZ}l9+b!5xH&}sltMcndKN~G`BiXI>M04v+avS`E z2P*G?a@$F-+C^$va&r5Ed!6EA18K}Nn@{AQ$c>q8r7b|a|xAc8qlx3$e}wY zu5SI7u@p&3eA5YAZuOIEoJ1>drAAIwL!7^_bY7OP zaZ;6~`Z;IJ^_bPH<1`r#Lx29r8u!6WABy*`1Z^T;RaU;Q_TN3SP~aE%6{Fi$4ay>} z1~vNH4x}QQFJ%$afhu3sx7j*poS;gGM^AA2gp4~OD-WE`eIzu$W0p>^c}N~KiB6>m zF4b%F<&&S9&&({K$gQjGmzEURNrZENErw5Iyt?KkYu^OQ%`vt$g?jc(LfDXb^5Js9y}Vb*+YYo|0e)$G(?; zZLvQ4%iA_kk0z}{6S{`C;Bs~ z#enB%b^b3hN0p*EYP_#E*2XaPY53OIX1)X@$jxD3lhwgjnU>44H_F#H!-23Cy5-_= zh<$^u@`7~d2OB4r0w`FMlMo|1tiAdEUSgyO|2cEIHLvEutxB2j`q7;6=&#=0)p!$i zV!wuMlj<}U)CiJTlfgpL2c#OGbsUimwZ-ME?$M;+b(5`>kFeE%lM6yd&SZ>$ok*v! zRX%rqXMpe(&`Y6Mtd;m9mZjHFd-SdUyMQR}mE2EN%4n3+K;1bLPOXNOBc#bcVrW9`LUy*k$P+tRLW zRHPhQ2kvNGj`s8pnA{_5R1@zKLX|U%+FH~JeyYOb%=&6Y4^q7{vT>O-0I*wQ?iqcF zR!C#pA9qwuBy>Ba)s3*y%9&9&6iB`3_jOI*A@F*|!W4eeJkxJ!Zks-T6zJ~OBBi6< zo^ugFY}f4WW_QWarC6E0cSsRgw@mYrinV z>(S%=4h51(gMlZg#%@;aDn|CS_=dp&Sg;d#&;%U!sNu{md0NUt>169j1w{)^ z!7|fx{;aQ9n!ePRA$=%PQpqnBzBIL2H1=iMyXY%Be{sVcvsC$A7NFBdn5D4uKt+fs znugf1t9_C_1gz0{Wj1D0!rv}DH(Ds5X!BvPuz-#sf!`P`1GUU7E}M1#{$}6X-H$&r zu5YEdfx%xQsXOtsE4W(%XsA5m+-L-Q2a z#(@jvj-+HKwBsGJ^#MNGIA}aW;R=+#+<|-?&MuQZaOa1+Fk5pEau6=TkT;Hit>+if z58Y@}1EpNJv7c;&w>CED+D{%3r^{4C1q@Dw75z^j-;IkVWH%(bwXFiJ{2$|>&H-qj z?@=|rIH<@?+{4#>V7=G9(Yh%*lX^yy9f*+ac{^>XgQtRwoN z7G0fE#hGMk`GZ+LR5gi<+k%d>sIUrl6tD!1U4CqthY87K=6k;I2C+~bJybhU3lYzw zkq6A{xd1+lF!JdS%< zp}Z$ozk}h(4aoIhYzmJ4PF#fBAP>Xm;k?0H_Ul9cmle8G8{cm^6&Sdkv=YVa}I`PBHIbR_w?8t1Z|x7Y=-4Y0HjbPZ;w-kY$4ExIdsECfY|t#nCG8pIjL-<+^pUacuI7aq=t`eYFg7^VO>e#bXF$VoL0#t&)=? zP!KP`Jl!3Xr<6My3MapwOu{6;#u^X5@hu(=7ko!n6OuGr=7_7gg9wC}?oBlhW3ev3w&&S!JB(Hyvr5VLx|>PP_Kur?Z~A9JBFv1ulj( zwB9hLmH}iCLq_2Q48z$}TLr*lvR9Z0K!ksyr%}@!8q(sT4MS=~kk4`B?P6opMj|~s#_UEYDzn7%&x1`nvZrxPBeF|h>vTAm9 zg-4D^s82&npNW%==qcQ4TZ$wuU;9~l#&={n|2mTR)m+AVD-YgGbibv^1oZQz$vE^r z&yH~fE^A0As>J~Q>&z&&lf;azVjlV!QA38DT34!Yv4Py}lX12Q26*)oq-4Jfr*tY+F71pV?zRq>e+w!T+wUgdu^v~CBd*k>lGaS;! zD_YIpb5|CM5)FNnyvBD~z%oXD?~P+td?xv{PX}!7XXulw^;o~;7k^XAK$oq@jHpQi z@tsZj)?``+ISYzpP>8D~`@qw&wpf^ssDHFFdL{7Akxxe%pI}iZ<3tDNJ)WFM zpk1!$80s+N^@(Vz^@4a*QI&~VU`5xSs(5yDcjNv<K==^BN*gwkXCZnF_PX4 z*7nHVZr-u0)1(rsAee(%Pb*#-e&E*4L|*+(+3|3I=6iAfjlJB@b0zG&(;F(pA%3HA zL$+#SdXld`J>cimaZdTGeWR?rNZD60*I%D)+|(s_r;58Vb1yeGJVEg6H`b1+04BL$ zh?n!R$@bP6)-(o1i)Zns>D!t!wL6n(BOege83Jnx4y;lS~)~5J*tus4WH!U!~!ToXKd7?+LdWFc*dQ&}3 zwU$Hhq5-d5!{X3XET*tkyTv%oJ^K25p^L&BuB9X3#PmBe@A2UVu=WP?xNO7kciB*|dp)sGeXx?(-DZ8={gkI*guo=8M4gp+vp! z9I5B_1uEIghi@qme>jVNgykp0dL!Bn%S`^^+uL-uu`wt!(Ff+UygoJ`KQoe@RpQ|F9dEXQbJt~(z1qKLT_HWlz!@{A~LV?{84;#w@ z+1{QT1SFVBI*q@&TKwR2sf`NeXyYwf4b5pX6lCk?wm!dn!_77Kg@4ptSO#oYeEQW! zigl*oXa=muI^vG>n*A++F^h4~5IPe}58Azp6ZBkQvQw_?UY_@+1l(gqTjjE|W;Lw> zdquv~?t=W3u^{^L?~`Y?H=Ke~DO~4uOTkDLS##EC2nH|0G#2{4&7|+XZsz6Q4rD!4 zpz(3O4cc|ToUP;*vO8Qk9V(geQ}NvwjGtYvsSX~xa&vMkb2)VL{4I-s+H`TpZ}SD6 zJ-*5K+U(5kB{4g{Y>;wgUw(WJk8=iSDyNS+wWlW2Sqp7>`=#A-fln!E-HC2Lwf0v7 z&Bw@|ff$gA|7vH#mx=cK?31$FA|U&@lh9+NpcZQXhqxH`(3DR*o>}|ny(zM12!69x zlg@9zvzo5T!vohOMCk+e@Mr8XZFZY1B+I~kM;n?w8eA;Rhiw02;yPVG|jsMUOp`NwNusv#SdVaHXMtGSse z2BT(p2E>5|IMK3`u2EBCn))?A{o#J&k-zF_esI}o{m1>@=l!+xN9y}3+asaI3cbUn zmaQyA(@|JM=ZTTWhxM{d8Fk))FG;a&7sClGn1wDSGAX_4Je4}lwz`kkTy{L`^nP_> z4fo6?$xC6kx;R5vV|wu>CVa3mItfdgU2E?h1td;m-OU1}V?J}L5SZ(pk4_b3Z!}(p z78&yn=5P9Y-HjPB>E9UKh!1;x(43j& zZ(5Ujpb^>T{>*LGM?|0kL&34r1NM3t=iS}$(T-Z+Sv5{s3Oz5b(4lu9p7H1a;gn^(}(;AgcEt;Ls0=ZRAwsjQ14eOwVufBPJ|Xtu4^nu(czxh@pO8LJjxh zD>S{VBnV6I_~p{+g6p*AF)Eb8GQBPjPjmQS`{sO5Fa?|JRv!jOvdNcy7mhH6TyM$K zH+$tqj}>xImQ6Cxs_kOWs-fPdYfG06g2!D41KyXaE3dlwd}G~+qKarf#-Vw5t8oct zAJ7^&#!O{o=y8wib2Jd?CSVJOBPvHpMKGU_o^pCGN@5c6<%N@TD;A%Ih6OwECSoEc zqag~3_!12q9QvM<6i;`dp<6FnjKZZD?3^Y~M9X)Xo5y)fQU8j4neB#Z-?rbcnBGGW zL;1ZUe}Av}S3zSw`^{}x3{pE{Oqk1|?igAx>&FEK4g zJp}PGV-~V?Z0Ap34+YC27lkJlqD+$w{L1S)n0$B{@a4rvzi?-{f}3v8btvlRf)}%{ z982uqy^3_mDj-Qa7>x^7+lIdI#si&wrw9ayFf|L>$n9MziM!EMNsc^^rd330HJqE| zCL(+y8TTO-Yjtwe>D;OU2!mpd^o{73@!!pov#`)d=t(?4U1=%&VIW(g>-KS@><1xM z#o6`uQbYl75!i$}7y|`%i}O3ya|o;&L;!Q$g;2oLYF-hHb3uOvzpY?V!tKX z$&viTjp~hjvt6?f_5L(5T<6T)zgK*=G%B4i{>5VOTcHjCo|Tw3K}c;^58^Of)PGoaJ%-5b{3Ajxz?}q}VbP)Z|7CsV?t(^QMt?b_*wieWBjSgJt zgSjOVU-fP@nfngkeu-j5pVdD02DN&L7h>cnR1M$u`e&#ayJ!36Nzf3gvFBDkVb*20 zx{=PWQ2lnSlWxt#w9Qb`4|nu*zw&l9jdb=yQP_FgoX1g%7*9>Ym5g2^{GP_hARPDJ z>S?mxZJ$EjVM0b^A~CbS|A@7eXwJ75%{sZXC%^`YHk22-J;1W8cygJDn>> z#Zs3Wg2`kQ*ZN_boN#AB-IuSAfyk5^XT2@u_1$CPph-5RhY9oh4|Z_1*kyF*Tn=j! zAyX=k3tK0TP)5d%{1a!N8~`6z1yMX|%4X~IyR1sw%CqR3pF|W^y;GHJ`r~bq0f+rq zCq*uuLV8wdcdR>V{#NH{SCxo6okL#|wte4+f86LkKnN%f_FZP0cDJ~BJu0<8gigh9 zwUJ<{gnexHCL!}q(A#a5fi`?eY2F1JO!>>5j7sXak1M9Sq`_iVxHH4aQR4T(m0l?X zVQGryc7ogSk6!_+L12RIM$BuZ?y}$9W7jL!_D>0gsa2rfon=mm@${JqGb&Sot3hgefs@UXyxX& za$yDI0ugI0^g}ciq7IcoWoyN&;N$m_5@zi6y+mLP57DozABiXM7HEF+_F%`T$%wAx zwC`aqV?-e9=eXL)<)PGiQW%wXlU+3HhkBLQ^ORK~Yz=7YC^%BxYU;?S0rW%9X^|!I zxkXV8in@_|hsa3o=FBlpV^A34#kn8s25IBRl|_}__EaPbj%k$wKVX;VccaN|XE2Y( zAFtvwkH%rIn&Iz7CftUi*kL{J;Lpd`u8QH$$4%WS*5kFMn%l}aEYS_YlUJ~8K7ckopHzOQ1I~Gl)b5zzQp*CWIC~e+Sf-;Q5x{+$@MoY zMbace4uK}EK&__y9=b8FFBcJL-@fgB{fhULhtu_R)K{U_ts+=u{>W_%Es=xX#O!AuxD&!(IqeEq@+6z?isU*|yRlW8Uf~PK$ z5d!QE<TDcrZU7wrk#DP`81vE^K*rW?0a19U>@U> z=aU(StuGpHNhfuztCPc!xDb{_k#1M|lV90kh6We!-lf*ELnZ6+B&5YFMuM@ITUm+F zBrRm%oZnRphQKz4iSrDr+o09wc?VjbE>hiahb?~^B*D20d@)Xpj&G~epz#JBDaIS23F=nhZMFYRA* zFWHS0+kKVOm`G#Q2$>QtD9*@vGf1#4#>Zxr!4H>KO-J^AS5i;UP5ely8NZ-*2yI$C z?RU(!A1bmLIosyZKm%ni0uHrlO?=&q(O3ljpmlG|mtVf|;kqEq+|)&ukTb1aLT5~5 z(?_7+P01>j4Go_x==Ji%$cRj_{9Io2i4_eeDjjD|^wMA>T!{o7YCeg+1FiUV+8}tg zCswGCx)28Bz^Jf?_4^g;oiXj5pgTo@B*O7^u_}eXtLzqpFTltaRSnMeD`UZ+9$P`$ zMnn_VPeKtZWSCp{l5fHb9JJx3 zD;4ap_9fd#;TJ~=I&y^G&t}04v&v|v4>!Z@C|xbNz$GnI-V~sVQ2i*gW;(SfyKu~( zKq7BMAHc%W@_qGM335cjJ|&(*aH@XGB5eF_mhoui?UmMDxyHh>T3syo0LPuHBFC=Q z%lYTxMy8mM&ldvuI?mE5rq}jFTUc{Kj_uX6G&K)mrAcVl-}Q`x$SR;@Qn8jKxc&!I zIR{&ebKH&vZ~0ktdw_k>bab2~yXWK@tbCLlJwHa|HOjd-sUa$LYJM~l7LBS7uy}+d zb>*vNn&fh+E-YiBJQ&^uanh+~?JttJFBpET$U5L^%Al*he|e>PS1zf6XtlBrBK za%(^K)wiMx^b%jwwD3=*Yzp5?tqWZU=@Y8LMx~B+RWROno+Ggr-X|~)Mi~8TJ}~D7M5$M%D8_<+Kvj=+9V^D9jlk>DK|+5wP~@9CGI%4xqKWI zkL)L~mnjj(wjCkk52w%9-bAXkX)n*vmo|0xO|>gc-_K2Xffq-T^2uMNXP7s%$%NUz z_4h5a+KU9N06Kq~%!r(%Mn0Ty+aS7 zB@3D!wsTDV(9&&+UBzB=l};vDQ1y1MEfYmN5+{M1K$ig<$z-0=Hp{FsjI_KNI0bo%ed1+yCs? z_8X09uWnbISYK~f{F${aGeW_d0tJv4TVYYGy43 z(1d~_`P3LS*|Eksoh}XYah^Hg+XseC*VK1P?uDB4;}*kQnknLi?+X(OVGC9mfKc~|iVN=%OgqHVVe{qTP>>GcNO^Mhb_P6Xtc9pVx2mdvbn|0JJt_AG zo1PK#>$&>so2`x$ofj~w2>e(;%wNiMGrn=wv@N47#yKx&56-2j!Eml4Ws{6>>qzm{ zq+nB;mT1YgI7Uh8CcRG)v0Y{%G%0pilrR=w1hzH5V#;^J5aa=TC6lPAv3H|#G9vgh z{6Nr9L)X@#)xtqqy4Zw-=2cfvQlczo_7bgdRl>^8D0C50;06rc* zLv}f+slAQ4n4^_F1OP-~7jrX*I6?t@KrR&aXIak+Rxk*J!Y*OzEDN!*vW7nILt$5k zLL9UJyud%%OWW8(z<}rW9yJtU;s2a~_h0=!oIvpZr!(6yUe2)xh$eL@9Gd){x=Kog z6^qE49uS3Ly$s9Coj_u3A>l&M>~}8L2;UNMEEzYO(Ct~T|I2`L}7Qf8jI!6#6?NI>25-jF2!pbY&6*(KNr~vRPP8b*z!74m&{ivuh`xh`;K(D zF>u`K9QAkykcY7g*ODsXXeQZQ6Ws{T^|<-%>6GrZa@%|CI8ewx;H*2rlE&9-CKWne zgJ;oimos_wXyqUTD-QV8c8^Dp$YipZF{>kqQuGqJ_ySE6we=wNuUx#ii;=3-pLw5xkow{PvXslSd9$pyP7~GU|v0;#Y#rG_;%I#F*%nD|B#3_H^vpw21 zemmEh=zGq-X)-6GA2cVDBz&OK)T;S-Mp6C{;!$;=f}qYubXILPh^ zrw>?-E4-AURC~n3$bW!SQG3LB8bf!B1HyP{&)HFl-+s^TXEf0YkRIjK{?+3-BsyYX z`iXy_lSAYTwsiLr-3~g~`@cjh-~SSr?CS1j(C3AQt2^WmsJN*c>3bHsNw(E_7AVTHnn>Ga(zx=&Oh4h)F5t7?ylw#H^3hv)Yz3E7B;5O zmElO0?CL_)+2Y^2LSy-4| z;z_|L32uPr|6!>8U7f%EF+;-1{rMPwy8Nm5{2~0=<$ulp$1ynmxev&$VFR^?2ue#y zO9O$NoIoJ=Q<;47D3AyEG(N$=Pa_9N_>YnW)&KKsI=XsKc6`a8PY+yD6meB!O*4z;&&d{zqlFQfgfvr^(ISDym$Z|33w|79*7;Xi`N z!rdJ5AH2k0<^=ym_Y~EfPjGJTzn*6t$Di;&%=`ocOFfMoPrUvR^`x`pQzd7Va+WO`l%5uFw8fxABHNnUr14$>}Nb{)#6#M@uIF zi0iL~BtRb^2;}1A;^gGu0CPx4b8(0Rc|j6l;+$YHE?yo^9$t``Fv|a*, \, \, \, \, \, + %\, \, \, \, \, + %\, \, \ + +%\usepackage[greek,english]{babel} + %option greek for \ + %option english (default language) for \, \ + +%\usepackage[latin1]{inputenc} + %for \, \, \, \, + %\, \, \ + +%\usepackage[only,bigsqcap]{stmaryrd} + %for \ + +%\usepackage{eufrak} + %for \ ... \, \ ... \ (also included in amssymb) + +%\usepackage{textcomp} + %for \, \ + +% this should be the last package used +\usepackage{pdfsetup} + +% urls in roman style, theory text in math-similar italics +\urlstyle{rm} +\isabellestyle{it} + +\begin{document} + +% sane default for proof documents +\parindent 0pt\parskip 0.5ex + +\title{Belief Revision Theory} +\author{ Valentin Fouillard \and Safouan TAHA \and Frederic Boulanger \and Nicolas Sabouret} +\maketitle + +\newpage + +\begin{abstract} +The 1985 paper by Carlos Alchourrón, Peter Gärdenfors, +and David Makinson (AGM), “On the Logic of Theory Change: Partial Meet Contraction and Revision Functions” launches a large and rapidly growing literature that employs formal models and logics to handle changing beliefs of a rational agent and to take into account new piece of information observed by this agent. In 2011, a review book titled "AGM 25 Years: Twenty-Five Years of Research in Belief Change" was edited to summarize the first twenty five years of works based on AGM. + +This HOL-based AFP entry is a faithful formalization of the AGM operators (e.g. contraction, revision, remainder ...) axiomatized in the original paper. It also contains the proofs of all the theorems stated in the paper that show how these operators combine. Both proofs of Harper and Levi identities are established. +\end{abstract} + +\newpage + +\tableofcontents + +\newpage + +\includegraphics{session_graph.pdf} + +\newpage + +% generated text of all theories +\input{session} + +% optional bibliography +\bibliographystyle{abbrv} +\bibliography{adb-long,root} + +\end{document} + + +%%% Local Variables: +%%% mode: latex +%%% TeX-master: t +%%% End: diff --git a/thys/ROOTS b/thys/ROOTS --- a/thys/ROOTS +++ b/thys/ROOTS @@ -1,629 +1,630 @@ ADS_Functor AI_Planning_Languages_Semantics AODV AVL-Trees AWN Abortable_Linearizable_Modules Abs_Int_ITP2012 Abstract-Hoare-Logics Abstract-Rewriting Abstract_Completeness Abstract_Soundness Adaptive_State_Counting Affine_Arithmetic Aggregation_Algebras Akra_Bazzi Algebraic_Numbers Algebraic_VCs Allen_Calculus Amicable_Numbers Amortized_Complexity AnselmGod Applicative_Lifting Approximation_Algorithms Architectural_Design_Patterns Aristotles_Assertoric_Syllogistic Arith_Prog_Rel_Primes ArrowImpossibilityGS Attack_Trees Auto2_HOL Auto2_Imperative_HOL AutoFocus-Stream Automated_Stateful_Protocol_Verification Automatic_Refinement AxiomaticCategoryTheory BDD BNF_CC BNF_Operations BTree Banach_Steinhaus +Belief_Revision Bell_Numbers_Spivey BenOr_Kozen_Reif Berlekamp_Zassenhaus Bernoulli Bertrands_Postulate Bicategory BinarySearchTree Binding_Syntax_Theory Binomial-Heaps Binomial-Queues BirdKMP Blue_Eyes Bondy Boolean_Expression_Checkers Bounded_Deducibility_Security Buchi_Complementation Budan_Fourier Buffons_Needle Buildings BytecodeLogicJmlTypes C2KA_DistributedSystems CAVA_Automata CAVA_LTL_Modelchecker CCS CISC-Kernel CRDT CSP_RefTK CYK CZH_Elementary_Categories CZH_Foundations CZH_Universal_Constructions CakeML CakeML_Codegen Call_Arity Card_Equiv_Relations Card_Multisets Card_Number_Partitions Card_Partitions Cartan_FP Case_Labeling Catalan_Numbers Category Category2 Category3 Cauchy Cayley_Hamilton Certification_Monads Chandy_Lamport Chord_Segments Circus Clean ClockSynchInst Closest_Pair_Points CofGroups Coinductive Coinductive_Languages Collections Combinatorics_Words Combinatorics_Words_Graph_Lemma Combinatorics_Words_Lyndon Comparison_Sort_Lower_Bound Compiling-Exceptions-Correctly Complete_Non_Orders Completeness Complex_Bounded_Operators Complex_Geometry Complx ComponentDependencies ConcurrentGC ConcurrentIMP Concurrent_Ref_Alg Concurrent_Revisions Conditional_Simplification Conditional_Transfer_Rule Consensus_Refined Constructive_Cryptography Constructive_Cryptography_CM Constructor_Funs Containers CoreC++ Core_DOM Core_SC_DOM Correctness_Algebras Count_Complex_Roots CryptHOL CryptoBasedCompositionalProperties Cubic_Quartic_Equations DFS_Framework DOM_Components DPT-SAT-Solver DataRefinementIBP Datatype_Order_Generator Decl_Sem_Fun_PL Decreasing-Diagrams Decreasing-Diagrams-II Deep_Learning Delta_System_Lemma Density_Compiler Dependent_SIFUM_Refinement Dependent_SIFUM_Type_Systems Depth-First-Search Derangements Deriving Descartes_Sign_Rule Design_Theory Dict_Construction Differential_Dynamic_Logic Differential_Game_Logic Dijkstra_Shortest_Path Diophantine_Eqns_Lin_Hom Dirichlet_L Dirichlet_Series DiscretePricing Discrete_Summation DiskPaxos Dominance_CHK DynamicArchitectures Dynamic_Tables E_Transcendental Echelon_Form EdmondsKarp_Maxflow Efficient-Mergesort Elliptic_Curves_Group_Law Encodability_Process_Calculi Epistemic_Logic Ergodic_Theory Error_Function Euler_MacLaurin Euler_Partition Example-Submission Extended_Finite_State_Machine_Inference Extended_Finite_State_Machines FFT FLP FOL-Fitting FOL_Axiomatic FOL_Harrison FOL_Seq_Calc1 Factored_Transition_System_Bounding Falling_Factorial_Sum Farkas FeatherweightJava Featherweight_OCL Fermat3_4 FileRefinement FinFun Finger-Trees Finite-Map-Extras Finite_Automata_HF Finitely_Generated_Abelian_Groups First_Order_Terms First_Welfare_Theorem Fishburn_Impossibility Fisher_Yates Flow_Networks Floyd_Warshall Flyspeck-Tame FocusStreamsCaseStudies Forcing Formal_Puiseux_Series Formal_SSA Formula_Derivatives Fourier Free-Boolean-Algebra Free-Groups Fresh_Identifiers FunWithFunctions FunWithTilings Functional-Automata Functional_Ordered_Resolution_Prover Furstenberg_Topology GPU_Kernel_PL Gabow_SCC GaleStewart_Games Game_Based_Crypto Gauss-Jordan-Elim-Fun Gauss_Jordan Gauss_Sums Gaussian_Integers GenClock General-Triangle Generalized_Counting_Sort Generic_Deriving Generic_Join GewirthPGCProof Girth_Chromatic GoedelGod Goedel_HFSet_Semantic Goedel_HFSet_Semanticless Goedel_Incompleteness Goodstein_Lambda GraphMarkingIBP Graph_Saturation Graph_Theory Green Groebner_Bases Groebner_Macaulay Gromov_Hyperbolicity Grothendieck_Schemes Group-Ring-Module HOL-CSP HOLCF-Prelude HRB-Slicing Heard_Of Hello_World HereditarilyFinite Hermite Hermite_Lindemann Hidden_Markov_Models Higher_Order_Terms Hoare_Time Hood_Melville_Queue HotelKeyCards Huffman Hybrid_Logic Hybrid_Multi_Lane_Spatial_Logic Hybrid_Systems_VCs HyperCTL IEEE_Floating_Point IFC_Tracking IMAP-CRDT IMO2019 IMP2 IMP2_Binary_Heap IMP_Compiler IP_Addresses Imperative_Insertion_Sort Impossible_Geometry Incompleteness Incredible_Proof_Machine Inductive_Confidentiality Inductive_Inference InfPathElimination InformationFlowSlicing InformationFlowSlicing_Inter Integration Interpreter_Optimizations Interval_Arithmetic_Word32 Intro_Dest_Elim Iptables_Semantics Irrational_Series_Erdos_Straus Irrationality_J_Hancl IsaGeoCoq Isabelle_C Isabelle_Marries_Dirac Isabelle_Meta_Model Jacobson_Basic_Algebra Jinja JinjaDCI JinjaThreads JiveDataStoreModel Jordan_Hoelder Jordan_Normal_Form KAD KAT_and_DRA KBPs KD_Tree Key_Agreement_Strong_Adversaries Kleene_Algebra Knot_Theory Knuth_Bendix_Order Knuth_Morris_Pratt Koenigsberg_Friendship Kruskal Kuratowski_Closure_Complement LLL_Basis_Reduction LLL_Factorization LOFT LTL LTL_Master_Theorem LTL_Normal_Form LTL_to_DRA LTL_to_GBA Lam-ml-Normalization LambdaAuth LambdaMu Lambda_Free_EPO Lambda_Free_KBOs Lambda_Free_RPOs Lambert_W Landau_Symbols Laplace_Transform Latin_Square LatticeProperties Launchbury Laws_of_Large_Numbers Lazy-Lists-II Lazy_Case Lehmer Lifting_Definition_Option Lifting_the_Exponent LightweightJava LinearQuantifierElim Linear_Inequalities Linear_Programming Linear_Recurrences Liouville_Numbers List-Index List-Infinite List_Interleaving List_Inversions List_Update LocalLexing Localization_Ring Locally-Nameless-Sigma Logging_Independent_Anonymity Lowe_Ontological_Argument Lower_Semicontinuous Lp Lucas_Theorem MFMC_Countable MFODL_Monitor_Optimized MFOTL_Monitor MSO_Regex_Equivalence Markov_Models Marriage Mason_Stothers Matrices_for_ODEs Matrix Matrix_Tensor Matroids Max-Card-Matching Median_Of_Medians_Selection Menger Mereology Mersenne_Primes Metalogic_ProofChecker MiniML MiniSail Minimal_SSA Minkowskis_Theorem Minsky_Machines Modal_Logics_for_NTS Modular_Assembly_Kit_Security Modular_arithmetic_LLL_and_HNF_algorithms Monad_Memo_DP Monad_Normalisation MonoBoolTranAlgebra MonoidalCategory Monomorphic_Monad MuchAdoAboutTwo Multi_Party_Computation Multirelations Myhill-Nerode Name_Carrying_Type_Inference Nash_Williams Nat-Interval-Logic Native_Word Nested_Multisets_Ordinals Network_Security_Policy_Verification Neumann_Morgenstern_Utility No_FTL_observers Nominal2 Noninterference_CSP Noninterference_Concurrent_Composition Noninterference_Generic_Unwinding Noninterference_Inductive_Unwinding Noninterference_Ipurge_Unwinding Noninterference_Sequential_Composition NormByEval Nullstellensatz Octonions OpSets Open_Induction Optics Optimal_BST Orbit_Stabiliser Order_Lattice_Props Ordered_Resolution_Prover Ordinal Ordinal_Partitions Ordinals_and_Cardinals Ordinary_Differential_Equations PAC_Checker PCF PLM POPLmark-deBruijn PSemigroupsConvolution Padic_Ints Pairing_Heap Paraconsistency Parity_Game Partial_Function_MR Partial_Order_Reduction Password_Authentication_Protocol Pell Perfect-Number-Thm Perron_Frobenius Physical_Quantities Pi_Calculus Pi_Transcendental Planarity_Certificates Poincare_Bendixson Poincare_Disc Polynomial_Factorization Polynomial_Interpolation Polynomials Pop_Refinement Posix-Lexing Possibilistic_Noninterference Power_Sum_Polynomials Pratt_Certificate Presburger-Automata Prim_Dijkstra_Simple Prime_Distribution_Elementary Prime_Harmonic_Series Prime_Number_Theorem Priority_Queue_Braun Priority_Search_Trees Probabilistic_Noninterference Probabilistic_Prime_Tests Probabilistic_System_Zoo Probabilistic_Timed_Automata Probabilistic_While Program-Conflict-Analysis Progress_Tracking Projective_Geometry Projective_Measurements Promela Proof_Strategy_Language PropResPI Propositional_Proof_Systems Prpu_Maxflow PseudoHoops Psi_Calculi Ptolemys_Theorem Public_Announcement_Logic QHLProver QR_Decomposition Quantales Quaternions Quick_Sort_Cost RIPEMD-160-SPARK ROBDD RSAPSS Ramsey-Infinite Random_BSTs Random_Graph_Subgraph_Threshold Randomised_BSTs Randomised_Social_Choice Rank_Nullity_Theorem Real_Impl Recursion-Addition Recursion-Theory-I Refine_Imperative_HOL Refine_Monadic RefinementReactive Regex_Equivalence Regression_Test_Selection Regular-Sets Regular_Algebras Relation_Algebra Relational-Incorrectness-Logic Relational_Disjoint_Set_Forests Relational_Forests Relational_Method Relational_Minimum_Spanning_Trees Relational_Paths Rep_Fin_Groups Residuated_Lattices Resolution_FOL Rewriting_Z Ribbon_Proofs Robbins-Conjecture Robinson_Arithmetic Root_Balanced_Tree Routing Roy_Floyd_Warshall SATSolverVerification SC_DOM_Components SDS_Impossibility SIFPL SIFUM_Type_Systems SPARCv8 Safe_Distance Safe_OCL Saturation_Framework Saturation_Framework_Extensions Schutz_Spacetime Secondary_Sylow Security_Protocol_Refinement Selection_Heap_Sort SenSocialChoice Separata Separation_Algebra Separation_Logic_Imperative_HOL SequentInvertibility Shadow_DOM Shadow_SC_DOM Shivers-CFA ShortestPath Show Sigma_Commit_Crypto Signature_Groebner Simpl Simple_Firewall Simplex Skew_Heap Skip_Lists Slicing Sliding_Window_Algorithm Smith_Normal_Form Smooth_Manifolds Sort_Encodings Source_Coding_Theorem SpecCheck Special_Function_Bounds Splay_Tree Sqrt_Babylonian Stable_Matching Statecharts Stateful_Protocol_Composition_and_Typing Stellar_Quorums Stern_Brocot Stewart_Apollonius Stirling_Formula Stochastic_Matrices Stone_Algebras Stone_Kleene_Relation_Algebras Stone_Relation_Algebras Store_Buffer_Reduction Stream-Fusion Stream_Fusion_Code Strong_Security Sturm_Sequences Sturm_Tarski Stuttering_Equivalence Subresultants Subset_Boolean_Algebras SumSquares Sunflowers SuperCalc Surprise_Paradox Symmetric_Polynomials Syntax_Independent_Logic Szpilrajn TESL_Language TLA Tail_Recursive_Functions Tarskis_Geometry Taylor_Models Three_Circles Timed_Automata Topological_Semantics Topology TortoiseHare Transcendence_Series_Hancl_Rucki Transformer_Semantics Transition_Systems_and_Automata Transitive-Closure Transitive-Closure-II Treaps Tree-Automata Tree_Decomposition Triangle Trie Twelvefold_Way Tycon Types_Tableaus_and_Goedels_God Types_To_Sets_Extension UPF UPF_Firewall UTP Universal_Turing_Machine UpDown_Scheme Valuation Van_der_Waerden VectorSpace VeriComp Verified-Prover Verified_SAT_Based_AI_Planning VerifyThis2018 VerifyThis2019 Vickrey_Clarke_Groves Virtual_Substitution VolpanoSmith WHATandWHERE_Security WOOT_Strong_Eventual_Consistency WebAssembly Weighted_Path_Order Weight_Balanced_Trees Well_Quasi_Orders Winding_Number_Eval Word_Lib WorkerWrapper XML ZFC_in_HOL Zeta_3_Irrational Zeta_Function pGCL