diff --git a/thys/Saturation_Framework_Extensions/Standard_Redundancy_Criterion.thy b/thys/Saturation_Framework_Extensions/Standard_Redundancy_Criterion.thy --- a/thys/Saturation_Framework_Extensions/Standard_Redundancy_Criterion.thy +++ b/thys/Saturation_Framework_Extensions/Standard_Redundancy_Criterion.thy @@ -1,424 +1,651 @@ (* Title: Counterexample-Reducing Inference Systems and the Standard Redundancy Criterion Author: Jasmin Blanchette , 2014, 2017, 2020 Author: Dmitriy Traytel , 2014 Author: Anders Schlichtkrull , 2017 *) section \Counterexample-Reducing Inference Systems and the Standard Redundancy Criterion\ theory Standard_Redundancy_Criterion imports Saturation_Framework.Calculus "HOL-Library.Multiset_Order" begin text \ The standard redundancy criterion can be defined uniformly for all inference systems equipped with a compact consequence relation. The essence of the refutational completeness argument can be carried out abstractly for counterexample-reducing inference systems, which enjoy a ``smallest counterexample'' property. This material is partly based on Section 4.2 of Bachmair and Ganzinger's \emph{Handbook} chapter, but adapted to the saturation framework of Waldmann et al. \ subsection \Counterexample-Reducing Inference Systems\ abbreviation main_prem_of :: "'f inference \ 'f" where "main_prem_of \ \ last (prems_of \)" abbreviation side_prems_of :: "'f inference \ 'f list" where "side_prems_of \ \ butlast (prems_of \)" lemma set_prems_of: "set (prems_of \) = (if prems_of \ = [] then {} else {main_prem_of \} \ set (side_prems_of \))" by clarsimp (metis Un_insert_right append_Nil2 append_butlast_last_id list.set(2) set_append) locale counterex_reducing_inference_system = inference_system Inf + consequence_relation for Inf :: "('f :: wellorder) inference set" + fixes I_of :: "'f set \ 'f set" assumes Inf_counterex_reducing: "N \ Bot = {} \ D \ N \ \ I_of N \ {D} \ (\C. C \ N \ \ I_of N \ {C} \ D \ C) \ \\ \ Inf. prems_of \ \ [] \ main_prem_of \ = D \ set (side_prems_of \) \ N \ I_of N \ set (side_prems_of \) \ \ I_of N \ {concl_of \} \ concl_of \ < D" begin lemma ex_min_counterex: fixes N :: "('f :: wellorder) set" assumes "\ I \ N" shows "\C \ N. \ I \ {C} \ (\D \ N. D < C \ I \ {D})" proof - obtain C where "C \ N" and "\ I \ {C}" using assms all_formulas_entailed by blast then have c_in: "C \ {C \ N. \ I \ {C}}" by blast show ?thesis using wf_eq_minimal[THEN iffD1, rule_format, OF wellorder_class.wf c_in] by blast qed end text \ Theorem 4.4 (generalizes Theorems 3.9 and 3.16): \ locale counterex_reducing_inference_system_with_trivial_redundancy = counterex_reducing_inference_system _ _ Inf + calculus _ Inf _ "\_. {}" "\_. {}" for Inf :: "('f :: wellorder) inference set" begin theorem saturated_model: assumes satur: "saturated N" and bot_ni_n: "N \ Bot = {}" shows "I_of N \ N" proof (rule ccontr) assume "\ I_of N \ N" then obtain D :: 'f where d_in_n: "D \ N" and d_cex: "\ I_of N \ {D}" and d_min: "\C. C \ N \ C < D \ I_of N \ {C}" by (meson ex_min_counterex) then obtain \ :: "'f inference" where \_inf: "\ \ Inf" and concl_cex: "\ I_of N \ {concl_of \}" and concl_lt_d: "concl_of \ < D" using Inf_counterex_reducing[OF bot_ni_n] by force have "concl_of \ \ N" using \_inf Red_I_of_Inf_to_N by blast then show False using concl_cex concl_lt_d d_min by blast qed text \ An abstract version of Corollary 3.10 does not hold without some conditions, according to Nitpick: \ corollary saturated_complete: assumes satur: "saturated N" and unsat: "N \ Bot" shows "N \ Bot \ {}" oops end subsection \Compactness\ locale concl_compact_consequence_relation = consequence_relation + assumes entails_concl_compact: "finite EE \ CC \ EE \ \CC' \ CC. finite CC' \ CC' \ EE" begin lemma entails_concl_compact_union: assumes fin_e: "finite EE" and cd_ent: "CC \ DD \ EE" shows "\CC' \ CC. finite CC' \ CC' \ DD \ EE" proof - obtain CCDD' where cd1_fin: "finite CCDD'" and cd1_sub: "CCDD' \ CC \ DD" and cd1_ent: "CCDD' \ EE" using entails_concl_compact[OF fin_e cd_ent] by blast define CC' where "CC' = CCDD' - DD" have "CC' \ CC" unfolding CC'_def using cd1_sub by blast moreover have "finite CC'" unfolding CC'_def using cd1_fin by blast moreover have "CC' \ DD \ EE" unfolding CC'_def using cd1_ent by (metis Un_Diff_cancel2 Un_upper1 entails_trans subset_entailed) ultimately show ?thesis by blast qed end +subsection \The Finitary Standard Redundancy Criterion\ + +locale calculus_with_finitary_standard_redundancy = + inference_system Inf + consequence_relation Bot entails + for + Inf :: "('f :: wellorder) inference set" and + Bot :: "'f set" and + entails :: "'f set \ 'f set \ bool" (infix "\" 50) + + assumes + Inf_has_prem: "\ \ Inf \ prems_of \ \ []" and + Inf_reductive: "\ \ Inf \ concl_of \ < main_prem_of \" +begin + +definition redundant_infer :: "'f set \ 'f inference \ bool" where + "redundant_infer N \ \ + (\DD \ N. finite DD \ DD \ set (side_prems_of \) \ {concl_of \} \ (\D \ DD. D < main_prem_of \))" + +definition Red_I :: "'f set \ 'f inference set" where + "Red_I N = {\ \ Inf. redundant_infer N \}" + +definition Red_F :: "'f set \ 'f set" where + "Red_F N = {C. \DD \ N. finite DD \ DD \ {C} \ (\D \ DD. D < C)}" + +text \ +The following results correspond to Lemma 4.5. The lemma \wlog_non_Red_F\ generalizes the core of +the argument. +\ + +lemma Red_F_of_subset: "N \ N' \ Red_F N \ Red_F N'" + unfolding Red_F_def by fast + +lemma wlog_non_Red_F: + assumes + dd0_fin: "finite DD0" and + dd0_sub: "DD0 \ N" and + dd0_ent: "DD0 \ CC \ {E}" and + dd0_lt: "\D' \ DD0. D' < D" + shows "\DD \ N - Red_F N. finite DD \ DD \ CC \ {E} \ (\D' \ DD. D' < D)" +proof - + obtain DD1 where + "finite DD1" and + "DD1 \ N" and + "DD1 \ CC \ {E}" and + "\D' \ DD1. D' < D" + using dd0_fin dd0_sub dd0_ent dd0_lt by blast + then obtain DD2 :: "'f multiset" where + "set_mset DD2 \ N \ set_mset DD2 \ CC \ {E} \ (\D' \ set_mset DD2. D' < D)" + using assms by (metis finite_set_mset_mset_set) + hence dd2: "DD2 \ {DD. set_mset DD \ N \ set_mset DD \ CC \ {E} \ (\D' \ set_mset DD. D' < D)}" + by blast + have "\DD. set_mset DD \ N \ set_mset DD \ CC \ {E} \ (\D' \# DD. D' < D) \ + (\DDa. set_mset DDa \ N \ set_mset DDa \ CC \ {E} \ (\D' \# DDa. D' < D) \ DD \ DDa)" + using wf_eq_minimal[THEN iffD1, rule_format, OF wf_less_multiset, OF dd2] + unfolding not_le[symmetric] by blast + then obtain DD :: "'f multiset" where + dd_subs_n: "set_mset DD \ N" and + ddcc_ent_e: "set_mset DD \ CC \ {E}" and + dd_lt_d: "\D' \# DD. D' < D" and + d_min: "\DDa. set_mset DDa \ N \ set_mset DDa \ CC \ {E} \ (\D' \# DDa. D' < D) \ DD \ DDa" + by blast + + have "\Da \# DD. Da \ Red_F N" + proof clarify + fix Da + assume + da_in_dd: "Da \# DD" and + da_rf: "Da \ Red_F N" + + obtain DDa0 where + "DDa0 \ N" + "finite DDa0" + "DDa0 \ {Da}" + "\D \ DDa0. D < Da" + using da_rf unfolding Red_F_def mem_Collect_eq + by blast + then obtain DDa1 :: "'f multiset" where + dda1_subs_n: "set_mset DDa1 \ N" and + dda1_ent_da: "set_mset DDa1 \ {Da}" and + dda1_lt_da: "\D' \# DDa1. D' < Da" + by (metis finite_set_mset_mset_set) + + define DDa :: "'f multiset" where + "DDa = DD - {#Da#} + DDa1" + + have "set_mset DDa \ N" + unfolding DDa_def using dd_subs_n dda1_subs_n + by (meson contra_subsetD in_diffD subsetI union_iff) + moreover have "set_mset DDa \ CC \ {E}" + proof (rule entails_trans_strong[of _ "{Da}"]) + show "set_mset DDa \ CC \ {Da}" + unfolding DDa_def set_mset_union + by (rule entails_trans[OF _ dda1_ent_da]) (auto intro: subset_entailed) + next + have H: "set_mset (DD - {#Da#} + DDa1) \ CC \ {Da} = set_mset (DD + DDa1) \ CC" + by (smt (verit) Un_insert_left Un_insert_right da_in_dd insert_DiffM + set_mset_add_mset_insert set_mset_union sup_bot.right_neutral) + show "set_mset DDa \ CC \ {Da} \ {E}" + unfolding DDa_def H + by (rule entails_trans[OF _ ddcc_ent_e]) (auto intro: subset_entailed) + qed + moreover have "\D' \# DDa. D' < D" + using dd_lt_d dda1_lt_da da_in_dd unfolding DDa_def + by (metis insert_DiffM2 order.strict_trans union_iff) + moreover have "DDa < DD" + unfolding DDa_def + by (meson da_in_dd dda1_lt_da mset_lt_single_right_iff single_subset_iff union_le_diff_plus) + ultimately show False + using d_min unfolding less_eq_multiset_def by (auto intro!: antisym) + qed + then show ?thesis + using dd_subs_n ddcc_ent_e dd_lt_d by blast +qed + +lemma Red_F_imp_ex_non_Red_F: + assumes c_in: "C \ Red_F N" + shows "\CC \ N - Red_F N. finite CC \ CC \ {C} \ (\C' \ CC. C' < C)" +proof - + obtain DD :: "'f set" where + dd_fin: "finite DD" and + dd_sub: "DD \ N" and + dd_ent: "DD \ {C}" and + dd_lt: "\D \ DD. D < C" + using c_in[unfolded Red_F_def] by fast + show ?thesis + by (rule wlog_non_Red_F[of "DD" N "{}" C C, simplified, OF dd_fin dd_sub dd_ent dd_lt]) +qed + +lemma Red_F_subs_Red_F_diff_Red_F: "Red_F N \ Red_F (N - Red_F N)" +proof + fix C + assume c_rf: "C \ Red_F N" + then obtain CC :: "'f set" where + cc_subs: "CC \ N - Red_F N" and + cc_fin: "finite CC" and + cc_ent_c: "CC \ {C}" and + cc_lt_c: "\C' \ CC. C' < C" + using Red_F_imp_ex_non_Red_F[of C N] by blast + have "\D \ CC. D \ Red_F N" + using cc_subs by fast + then have cc_nr: + "\C \ CC. \DD \ N. finite DD \ DD \ {C} \ (\D \ DD. \ D < C)" + unfolding Red_F_def by simp + have "CC \ N" + using cc_subs by auto + then have "CC \ N - {C. \DD \ N. finite DD \ DD \ {C} \ (\D \ DD. D < C)}" + using cc_nr by blast + then show "C \ Red_F (N - Red_F N)" + using cc_fin cc_ent_c cc_lt_c unfolding Red_F_def by blast +qed + +lemma Red_F_eq_Red_F_diff_Red_F: "Red_F N = Red_F (N - Red_F N)" + by (simp add: Red_F_of_subset Red_F_subs_Red_F_diff_Red_F set_eq_subset) + +text \ +The following results correspond to Lemma 4.6. It also uses \wlog_non_Red_F\. +\ + +lemma Red_I_of_subset: "N \ N' \ Red_I N \ Red_I N'" + unfolding Red_I_def redundant_infer_def by auto + +lemma Red_I_subs_Red_I_diff_Red_F: "Red_I N \ Red_I (N - Red_F N)" +proof + fix \ + assume \_ri: "\ \ Red_I N" + define CC :: "'f set" where + "CC = set (side_prems_of \)" + define D :: 'f where + "D = main_prem_of \" + define E :: 'f where + "E = concl_of \" + obtain DD :: "'f set" where + dd_fin: "finite DD" and + dd_sub: "DD \ N" and + dd_ent: "DD \ CC \ {E}" and + dd_lt_d: "\C \ DD. C < D" + using \_ri unfolding Red_I_def redundant_infer_def CC_def D_def E_def by blast + obtain DDa :: "'f set" where + "DDa \ N - Red_F N" and "finite DDa" and "DDa \ CC \ {E}" and "\D' \ DDa. D' < D" + using wlog_non_Red_F[OF dd_fin dd_sub dd_ent dd_lt_d] by blast + then show "\ \ Red_I (N - Red_F N)" + using \_ri unfolding Red_I_def redundant_infer_def CC_def D_def E_def by blast +qed + +lemma Red_I_eq_Red_I_diff_Red_F: "Red_I N = Red_I (N - Red_F N)" + by (metis Diff_subset Red_I_of_subset Red_I_subs_Red_I_diff_Red_F subset_antisym) + +lemma Red_I_to_Inf: "Red_I N \ Inf" + unfolding Red_I_def by blast + +lemma Red_F_of_Red_F_subset: "N' \ Red_F N \ Red_F N \ Red_F (N - N')" + by (metis Diff_mono Red_F_eq_Red_F_diff_Red_F Red_F_of_subset order_refl) + +lemma Red_I_of_Red_F_subset: "N' \ Red_F N \ Red_I N \ Red_I (N - N')" + by (metis Diff_mono Red_I_eq_Red_I_diff_Red_F Red_I_of_subset order_refl) + +lemma Red_F_model: "M \ N - Red_F N \ M \ N" + by (metis (no_types) DiffI Red_F_imp_ex_non_Red_F entail_set_all_formulas entails_trans + subset_entailed) + +lemma Red_F_Bot: "B \ Bot \ N \ {B} \ N - Red_F N \ {B}" + using Red_F_model entails_trans subset_entailed by blast + +lemma Red_I_of_Inf_to_N: + assumes + in_\: "\ \ Inf" and + concl_in: "concl_of \ \ N" + shows "\ \ Red_I N" +proof - + have "concl_of \ \ N \ redundant_infer N \" + unfolding redundant_infer_def + by (rule exI[where x = "{concl_of \}"]) (simp add: Inf_reductive[OF in_\] subset_entailed) + then show "\ \ Red_I N" + by (simp add: Red_I_def concl_in in_\) +qed + +text \ +The following corresponds to Theorems 4.7 and 4.8: +\ + +sublocale calculus Bot Inf "(\)" Red_I Red_F + by (unfold_locales, fact Red_I_to_Inf, fact Red_F_Bot, fact Red_F_of_subset, + fact Red_I_of_subset, fact Red_F_of_Red_F_subset, fact Red_I_of_Red_F_subset, + fact Red_I_of_Inf_to_N) + +end + + subsection \The Standard Redundancy Criterion\ locale calculus_with_standard_redundancy = inference_system Inf + concl_compact_consequence_relation Bot entails for Inf :: "('f :: wellorder) inference set" and Bot :: "'f set" and entails :: "'f set \ 'f set \ bool" (infix "\" 50) + assumes Inf_has_prem: "\ \ Inf \ prems_of \ \ []" and Inf_reductive: "\ \ Inf \ concl_of \ < main_prem_of \" begin definition redundant_infer :: "'f set \ 'f inference \ bool" where "redundant_infer N \ \ (\DD \ N. DD \ set (side_prems_of \) \ {concl_of \} \ (\D \ DD. D < main_prem_of \))" definition Red_I :: "'f set \ 'f inference set" where "Red_I N = {\ \ Inf. redundant_infer N \}" definition Red_F :: "'f set \ 'f set" where "Red_F N = {C. \DD \ N. DD \ {C} \ (\D \ DD. D < C)}" text \ The following results correspond to Lemma 4.5. The lemma \wlog_non_Red_F\ generalizes the core of the argument. \ lemma Red_F_of_subset: "N \ N' \ Red_F N \ Red_F N'" unfolding Red_F_def by fast lemma wlog_non_Red_F: assumes dd0_sub: "DD0 \ N" and dd0_ent: "DD0 \ CC \ {E}" and dd0_lt: "\D' \ DD0. D' < D" shows "\DD \ N - Red_F N. DD \ CC \ {E} \ (\D' \ DD. D' < D)" proof - obtain DD1 where "finite DD1" and "DD1 \ N" and "DD1 \ CC \ {E}" and "\D' \ DD1. D' < D" using entails_concl_compact_union[OF _ dd0_ent] dd0_lt dd0_sub by fast then obtain DD2 :: "'f multiset" where "set_mset DD2 \ N \ set_mset DD2 \ CC \ {E} \ (\D' \ set_mset DD2. D' < D)" using assms by (metis finite_set_mset_mset_set) hence dd2: "DD2 \ {DD. set_mset DD \ N \ set_mset DD \ CC \ {E} \ (\D' \ set_mset DD. D' < D)}" by blast have "\DD. set_mset DD \ N \ set_mset DD \ CC \ {E} \ (\D' \# DD. D' < D) \ (\DDa. set_mset DDa \ N \ set_mset DDa \ CC \ {E} \ (\D' \# DDa. D' < D) \ DD \ DDa)" using wf_eq_minimal[THEN iffD1, rule_format, OF wf_less_multiset, OF dd2] unfolding not_le[symmetric] by blast then obtain DD :: "'f multiset" where dd_subs_n: "set_mset DD \ N" and ddcc_ent_e: "set_mset DD \ CC \ {E}" and dd_lt_d: "\D' \# DD. D' < D" and d_min: "\DDa. set_mset DDa \ N \ set_mset DDa \ CC \ {E} \ (\D' \# DDa. D' < D) \ DD \ DDa" by blast have "\Da \# DD. Da \ Red_F N" proof clarify fix Da assume da_in_dd: "Da \# DD" and da_rf: "Da \ Red_F N" obtain DDa0 where "DDa0 \ N" "finite DDa0" "DDa0 \ {Da}" "\D \ DDa0. D < Da" using da_rf unfolding Red_F_def mem_Collect_eq by (smt entails_concl_compact finite.emptyI finite.insertI subset_iff) then obtain DDa1 :: "'f multiset" where dda1_subs_n: "set_mset DDa1 \ N" and dda1_ent_da: "set_mset DDa1 \ {Da}" and dda1_lt_da: "\D' \# DDa1. D' < Da" by (metis finite_set_mset_mset_set) define DDa :: "'f multiset" where "DDa = DD - {#Da#} + DDa1" have "set_mset DDa \ N" unfolding DDa_def using dd_subs_n dda1_subs_n by (meson contra_subsetD in_diffD subsetI union_iff) moreover have "set_mset DDa \ CC \ {E}" by (rule entails_trans_strong[of _ "{Da}"], metis DDa_def dda1_ent_da entail_union entails_trans order_refl set_mset_union subset_entailed, smt DDa_def da_in_dd ddcc_ent_e entails_trans insert_DiffM2 set_mset_add_mset_insert set_mset_empty set_mset_union subset_entailed sup_assoc sup_commute sup_ge1) moreover have "\D' \# DDa. D' < D" using dd_lt_d dda1_lt_da da_in_dd unfolding DDa_def by (metis insert_DiffM2 order.strict_trans union_iff) moreover have "DDa < DD" unfolding DDa_def by (meson da_in_dd dda1_lt_da mset_lt_single_right_iff single_subset_iff union_le_diff_plus) ultimately show False using d_min unfolding less_eq_multiset_def by (auto intro!: antisym) qed then show ?thesis using dd_subs_n ddcc_ent_e dd_lt_d by blast qed lemma Red_F_imp_ex_non_Red_F: assumes c_in: "C \ Red_F N" shows "\CC \ N - Red_F N. CC \ {C} \ (\C' \ CC. C' < C)" proof - obtain DD :: "'f set" where dd_sub: "DD \ N" and dd_ent: "DD \ {C}" and dd_lt: "\D \ DD. D < C" using c_in[unfolded Red_F_def] by fast show ?thesis by (rule wlog_non_Red_F[of "DD" N "{}" C C, simplified, OF dd_sub dd_ent dd_lt]) qed lemma Red_F_subs_Red_F_diff_Red_F: "Red_F N \ Red_F (N - Red_F N)" proof fix C assume c_rf: "C \ Red_F N" then obtain CC :: "'f set" where cc_subs: "CC \ N - Red_F N" and cc_ent_c: "CC \ {C}" and cc_lt_c: "\C' \ CC. C' < C" using Red_F_imp_ex_non_Red_F[of C N] by blast have "\D \ CC. D \ Red_F N" using cc_subs by fast then have cc_nr: "\C \ CC. \DD \ N. DD \ {C} \ (\D \ DD. \ D < C)" unfolding Red_F_def by simp have "CC \ N" using cc_subs by auto then have "CC \ N - {C. \DD \ N. DD \ {C} \ (\D \ DD. D < C)}" using cc_nr by blast then show "C \ Red_F (N - Red_F N)" using cc_ent_c cc_lt_c unfolding Red_F_def by blast qed lemma Red_F_eq_Red_F_diff_Red_F: "Red_F N = Red_F (N - Red_F N)" by (simp add: Red_F_of_subset Red_F_subs_Red_F_diff_Red_F set_eq_subset) text \ The following results correspond to Lemma 4.6. It also uses \wlog_non_Red_F\. \ lemma Red_I_of_subset: "N \ N' \ Red_I N \ Red_I N'" unfolding Red_I_def redundant_infer_def by auto lemma Red_I_subs_Red_I_diff_Red_F: "Red_I N \ Red_I (N - Red_F N)" proof fix \ assume \_ri: "\ \ Red_I N" define CC :: "'f set" where "CC = set (side_prems_of \)" define D :: 'f where "D = main_prem_of \" define E :: 'f where "E = concl_of \" obtain DD :: "'f set" where dd_sub: "DD \ N" and dd_ent: "DD \ CC \ {E}" and dd_lt_d: "\C \ DD. C < D" using \_ri unfolding Red_I_def redundant_infer_def CC_def D_def E_def by blast obtain DDa :: "'f set" where "DDa \ N - Red_F N" and "DDa \ CC \ {E}" and "\D' \ DDa. D' < D" using wlog_non_Red_F[OF dd_sub dd_ent dd_lt_d] by blast then show "\ \ Red_I (N - Red_F N)" using \_ri unfolding Red_I_def redundant_infer_def CC_def D_def E_def by blast qed lemma Red_I_eq_Red_I_diff_Red_F: "Red_I N = Red_I (N - Red_F N)" by (metis Diff_subset Red_I_of_subset Red_I_subs_Red_I_diff_Red_F subset_antisym) lemma Red_I_to_Inf: "Red_I N \ Inf" unfolding Red_I_def by blast lemma Red_F_of_Red_F_subset: "N' \ Red_F N \ Red_F N \ Red_F (N - N')" by (metis Diff_mono Red_F_eq_Red_F_diff_Red_F Red_F_of_subset order_refl) lemma Red_I_of_Red_F_subset: "N' \ Red_F N \ Red_I N \ Red_I (N - N')" by (metis Diff_mono Red_I_eq_Red_I_diff_Red_F Red_I_of_subset order_refl) lemma Red_F_model: "M \ N - Red_F N \ M \ N" by (metis (no_types) DiffI Red_F_imp_ex_non_Red_F entail_set_all_formulas entails_trans subset_entailed) lemma Red_F_Bot: "B \ Bot \ N \ {B} \ N - Red_F N \ {B}" using Red_F_model entails_trans subset_entailed by blast lemma Red_I_of_Inf_to_N: assumes in_\: "\ \ Inf" and concl_in: "concl_of \ \ N" shows "\ \ Red_I N" proof - have "concl_of \ \ N \ redundant_infer N \" unfolding redundant_infer_def by (metis (no_types) Inf_reductive empty_iff empty_subsetI entail_union in_\ insert_iff insert_subset subset_entailed subset_refl) then show "\ \ Red_I N" by (simp add: Red_I_def concl_in in_\) qed text \ The following corresponds to Theorems 4.7 and 4.8: \ sublocale calculus Bot Inf "(\)" Red_I Red_F by (unfold_locales, fact Red_I_to_Inf, fact Red_F_Bot, fact Red_F_of_subset, fact Red_I_of_subset, fact Red_F_of_Red_F_subset, fact Red_I_of_Red_F_subset, fact Red_I_of_Inf_to_N) end locale counterex_reducing_calculus_with_standard_redundancy = calculus_with_standard_redundancy Inf + counterex_reducing_inference_system _ _ Inf for Inf :: "('f :: wellorder) inference set" begin subsection \Refutational Completeness\ text \ The following result loosely corresponds to Theorem 4.9. \ lemma saturated_model: assumes satur: "saturated N" and bot_ni_n: "N \ Bot = {}" shows "I_of N \ N" proof (rule ccontr) assume "\ I_of N \ N" then obtain D :: 'f where d_in_n: "D \ N" and d_cex: "\ I_of N \ {D}" and d_min: "\C. C \ N \ C < D \ I_of N \ {C}" using ex_min_counterex by blast then obtain \ :: "'f inference" where \_in: "\ \ Inf" and \_mprem: "D = main_prem_of \" and sprem_subs_n: "set (side_prems_of \) \ N" and sprem_true: "I_of N \ set (side_prems_of \)" and concl_cex: "\ I_of N \ {concl_of \}" and concl_lt_d: "concl_of \ < D" using Inf_counterex_reducing[OF bot_ni_n] not_le by metis have "\ \ Red_I N" by (rule subsetD[OF satur[unfolded saturated_def Inf_from_def]], simp add: \_in set_prems_of Inf_has_prem) (use \_mprem d_in_n sprem_subs_n in blast) then have "\ \ Red_I N" using Red_I_without_red_F by blast then obtain DD :: "'f set" where dd_subs_n: "DD \ N" and dd_cc_ent_d: "DD \ set (side_prems_of \) \ {concl_of \}" and dd_lt_d: "\C \ DD. C < D" unfolding Red_I_def redundant_infer_def \_mprem by blast from dd_subs_n dd_lt_d have "I_of N \ DD" using d_min by (meson ex_min_counterex subset_iff) then have "I_of N \ {concl_of \}" using entails_trans dd_cc_ent_d entail_union sprem_true by blast then show False using concl_cex by auto qed text \ A more faithful abstract version of Theorem 4.9 does not hold without some conditions, according to Nitpick: \ corollary saturated_complete: assumes satur: "saturated N" and unsat: "N \ Bot" shows "N \ Bot \ {}" oops end end