diff --git a/thys/Belief_Revision/AGM_Contraction.thy b/thys/Belief_Revision/AGM_Contraction.thy --- a/thys/Belief_Revision/AGM_Contraction.thy +++ b/thys/Belief_Revision/AGM_Contraction.thy @@ -1,674 +1,674 @@ (*<*) \\ ******************************************************************** * Project : AGM Theory * Version : 1.0 * * Authors : Valentin Fouillard, Safouan Taha, Frederic Boulanger and Nicolas Sabouret * * This file : AGM contraction * * Copyright (c) 2021 Université Paris Saclay, France * * All rights reserved. * ******************************************************************************\ theory AGM_Contraction imports AGM_Logic AGM_Remainder begin (*>*) section \Contractions\ text\The first operator of belief change of the AGM framework is contraction. This operator consist to remove a sentence @{term \\\} from a belief set @{term \K\} in such a way that @{term \K\} no longer imply @{term \\\}. In the following we will first axiomatize such operators at different levels of logics (Tarskian, supraclassical and compact) and then we will give constructions satisfying these axioms. The following graph summarizes all equivalences we established: \includegraphics[width=\textwidth]{"graph_locales.pdf"} We will use the extension feature of locales in Isabelle/HOL to incrementally define the contraction operator as shown by blue arrows in the previous figure. Then, using the interpretation feature of locales, we will prove the equivalence between descriptive and constructive approaches at each level depending on the adopted logics (black arrows). \ subsection\AGM contraction postulates\ text\ The operator of contraction is denoted by the symbol @{text \\
\} and respects the six following conditions : \<^item> @{text \contract_closure\} : a belief set @{term \K\} contracted by @{term \\\} should be logically closed \<^item> @{text \contract_inclusion\} : a contracted set @{term \K\} should be a subset of the original one \<^item> @{text \contract_vacuity\} : if @{term \\\} is not included in a set @{term \K\} then the contraction of @{term \K\} by @{term \\\} involves no change at all \<^item> @{text \contract_success\} : if a set @{term \K\} is contracted by @{term \\\} then @{term \K\} does not imply @{term \\\} \<^item> @{text \contract_recovery\}: all propositions removed in a set @{term \K\} by contraction of @{term \\\} will be recovered by expansion of @{term \\\} \<^item> @{text \contract_extensionality\} : Extensionality guarantees that the logic of contraction is extensional in the sense of allowing logically quivalent sentences to be freely substituted for each other\ locale AGM_Contraction = Tarskian_logic + fixes contraction::\'a set \ 'a \ 'a set\ (infix \\
\ 55) assumes contract_closure: \K = Cn(A) \ K \
\ = Cn(K \
\)\ and contract_inclusion: \K = Cn(A) \ K \
\ \ K\ and contract_vacuity: \K = Cn(A) \ \ \ K \ K \
\ = K\ and contract_success: \K = Cn(A) \ \ \ Cn({}) \ \ \ K \
\\ and contract_recovery: \K = Cn(A) \ K \ ((K \
\) \ \)\ and contract_extensionality: \K = Cn(A) \ Cn({\}) = Cn({\}) \ K \
\ = K \
\\ text\ A full contraction is defined by two more postulates to rule the conjunction. We base on a supraclassical logic. \<^item> @{text \contract_conj_overlap\} : An element in both @{text \K \
\\} and @{text \K \
\\} is also an element of @{text \K \
(\ \ \)\} \<^item> @{text \contract_conj_inclusion\} : If @{term \\\} not in @{text \K \
(\ \ \)\} then all elements removed by this contraction are also removed from @{text \K \
\\}\ locale AGM_FullContraction = AGM_Contraction + Supraclassical_logic + assumes contract_conj_overlap: \K = Cn(A) \ (K \
\) \ (K \
\) \ (K \
(\ .\. \))\ and contract_conj_inclusion: \K = Cn(A) \ \ \ (K \
(\ .\. \)) \ ((K \
(\ .\. \) \ (K \
\)))\ begin \ \two important lemmas/corollaries that can replace the two assumptions @{text \contract_conj_overlap\} and @{text \contract_conj_inclusion\}\ text\@{text \contract_conj_overlap_variant\} does not need \\\ to occur in the left side! \ corollary contract_conj_overlap_variant: \K = Cn(A) \ (K \
\) \ Cn({\}) \ (K \
(\ .\. \))\ proof - assume a:\K = Cn(A)\ { assume b:\K \ \\ and c:\K \ \\ hence d:\K \
(\ .\. \) = K \
(\ .\. ((.\ \) .\. \))\ apply(rule_tac contract_extensionality[OF a]) using conj_overlap[of _ \ \] by (simp add: Cn_same) have e:\K \ Cn {\} \ K \
(.\ \ .\. \)\ proof(safe) fix \ assume f:\\ \ K\ and g:\\ \ Cn {\}\ have \K \
(.\ \ .\. \) \ (.\ \ .\. \) .\. \\ by (metis a contract_recovery expansion_def f impI_PL infer_def subset_eq) hence \K \
(.\ \ .\. \) \ .\ \ .\. \\ by (meson disjI1_PL imp_trans inclusion_L infer_def insert_subset validD_L valid_imp_PL) with g show \\ \ K \
(.\ \ .\. \)\ by (metis a contract_closure disjE_PL ex_mid_PL infer_def validD_L valid_imp_PL) qed have ?thesis unfolding d using e contract_conj_overlap[OF a, of \ \(.\ \ .\. \)\] a contract_inclusion by force } then show ?thesis apply (cases \\ K \ \ \ \ K \ \\) by (metis IntE a assumption_L conjE1_PL conjE2_PL contract_inclusion contract_vacuity subsetD subsetI) blast qed text\@{text \contract_conj_inclusion_variant\}: Everything retained in @{text \K \
(\ \ \)\} is retained in @{text \K \
\\}\ corollary contract_conj_inclusion_variant : \K = Cn(A) \ (K \
(\ .\. \) \ (K \
\)) \ (K \
(\ .\. \) \ (K \
\))\ proof - assume a:\K = Cn(A)\ { assume d:\\ \ (K \
(\ .\. \)) \ \ \ (K \
(\ .\. \))\ hence \\ .\. \ \ (K \
(\ .\. \))\ using Supraclassical_logic.conjI_PL Supraclassical_logic_axioms a contract_closure by fastforce with d have ?thesis by (metis (no_types, lifting) Supraclassical_logic.valid_conj_PL Supraclassical_logic_axioms Tarskian_logic.valid_expansion Tarskian_logic_axioms a contract_closure contract_inclusion contract_recovery contract_success dual_order.trans expansion_def) } then show ?thesis by (metis a conj_com_Cn contract_conj_inclusion contract_extensionality) qed end subsection \Partial meet contraction definition\ text\A partial meet contraction of @{term \K\} by @{term \\\} is the intersection of some sets that not imply @{term \\\}. We define these sets as the "remainders" @{text \(K .\. \\}. The function of selection @{term \\\} select the best set of the remainders that do not imply @{term \\\}. This function respect these postulates : \<^item> @{text \is_selection\} : if there exist some set that do not imply @{term \\\} then the function selection @{term \\\} is a subset of these sets \<^item> @{text \tautology_selection\} : if there is no set that do not imply @{term \\\} then the result of the selection function is @{term \K\} \<^item> @{text nonempty_selection} : An empty selection function do not exist \<^item> @{text extensional_selection} : Two proposition with the same closure have the same selection function\ locale PartialMeetContraction = Tarskian_logic + fixes selection::\'a set \ 'a \ 'a set set\ (\\\) assumes is_selection: \K = Cn(A) \ (K .\. \) \ {} \ \ K \ \ (K .\. \)\ assumes tautology_selection: \K = Cn(A) \ (K .\. \) = {} \ \ K \ = {K}\ assumes nonempty_selection: \K = Cn(A) \ \ K \ \ {}\ assumes extensional_selection: \K = Cn(A) \ Cn({\}) = Cn({\}) \ \ K \ = \ K \\ \ \extensionality seems very hard to implement for a constructive approach, one basic implementation will be to ignore @{term \A\} and @{term \\\} and only base on @{text \A .\. \\} that is already proved as extensional (lemma @{text \remainder_extensionality\})\ begin text \A partial meet is the intersection of set of selected element.\ definition (in Tarskian_logic) meet_contraction::\'a set \ ('a set \ 'a \ 'a set set) \ 'a \ 'a set\ (\_ \
\<^bsub>_\<^esub> _\ [60,50,60]55) where mc: \(A \
\<^bsub>\\<^esub> \) \ \(\ A \)\ text \Following this definition 4 postulates of AGM can be proved on a partial meet contraction: \<^item> @{text \contract_inclusion\} \<^item> @{text \ contract_vacuity\} \<^item> @{text \ contract_closure\} \<^item> @{text \ contract_extensionality\}\ text \@{text \pmc_inclusion\ } :a partial meet contraction is a subset of the contracted set\ lemma pmc_inclusion: \K = Cn(A) \ K \
\<^bsub>\\<^esub> \ \ K\ apply (cases \(K .\. \) = {}\, simp_all add: mc tautology_selection) by (meson Inf_less_eq in_mono is_selection nonempty_selection rem_inclusion) text\@{text \pmc_vacuity\} : if @{term \\\} is not included in a set @{term \K\} then the partial meet contraction of @{term \K\} by @{term \\\} involves not change at all\ lemma pmc_vacuity: \K = Cn(A) \ \ K \ \ \ K \
\<^bsub>\\<^esub> \ = K\ unfolding mc nonconsequence_remainder by (metis Inf_superset_mono Un_absorb1 cInf_singleton insert_not_empty is_selection mc nonconsequence_remainder pmc_inclusion sup_commute) text\@{text \pmc_closure\} : a partial meet contraction is logically closed\ lemma pmc_closure: \K = Cn(A) \ (K \
\<^bsub>\\<^esub> \) = Cn(K \
\<^bsub>\\<^esub> \)\ proof (rule subset_antisym, simp_all add:inclusion_L mc transitivity_L, goal_cases) case 1 have \\(\ (Cn A) \) = \{Cn(B)|B. B \ \ (Cn A) \}\ by auto (metis idempotency_L insert_absorb insert_iff insert_subset is_selection rem_closure tautology_selection)+ from Cn_Inter[OF this] show ?case by blast qed text \@{text \pmc_extensionality\} : Extensionality guarantees that the logic of contraction is extensional in the sense of allowing logically equivalent sentences to be freely substituted for each other\ lemma pmc_extensionality: \K = Cn(A) \ Cn({\}) = Cn({\}) \ K \
\<^bsub>\\<^esub> \ = K \
\<^bsub>\\<^esub> \\ by (metis extensional_selection mc) text \@{text \pmc_tautology\} : if @{term \\\} is a tautology then the partial meet contraction of @{term \K\} by @{term \\\} is @{term \K\}\ lemma pmc_tautology: \K = Cn(A) \ \ \ \ K \
\<^bsub>\\<^esub> \ = K\ by (simp add: mc taut2emptyrem tautology_selection) text\@{text \completion\} is a an operator that can build an equivalent selection from an existing one\ definition (in Tarskian_logic) completion::\('a set \ 'a \ 'a set set) \ 'a set \ 'a \ 'a set set\ (\*\) where \* \ A \ \ if (A .\. \) = {} then {A} else {B. B \ A .\. \ \ \ (\ A \) \ B}\ lemma selection_completion: "K = Cn(A) \ \ K \ \ * \ K \" using completion_def is_selection tautology_selection by fastforce lemma (in Tarskian_logic) completion_completion: "K = Cn(A) \ * (* \) K \ = * \ K \" by (auto simp add:completion_def) lemma pmc_completion: \K = Cn(A) \ K \
\<^bsub>*\\<^esub> \ = K \
\<^bsub>\\<^esub> \\ apply(auto simp add: mc completion_def tautology_selection) by (metis Inter_lower equals0D in_mono is_selection) end text\A transitively relational meet contraction is a partial meet contraction using a binary relation between the elements of the selection function\ text\A relation is : \<^item> transitive (@{text \trans_rel\}) \<^item> non empty (there is always an element preferred to the others (@{text \nonempty_rel\}))\ text\A selection function @{term \\\<^sub>T\<^sub>R\} is transitively relational @{text \rel_sel\} with the following condition : \<^item> If the the remainders @{text \K .\. \\} is empty then the selection function return @{term \K\} \<^item> Else the selection function return a non empty transitive relation on the remainders\ locale TransitivelyRelationalMeetContraction = Tarskian_logic + fixes relation::\'a set \ 'a set \ 'a set \ bool\ (\_ \\<^bsub>_\<^esub> _\ [60,50,60]55) assumes trans_rel: \K = Cn(A) \ B \\<^bsub>K\<^esub> C \ C \\<^bsub>K\<^esub> D \ B \\<^bsub>K\<^esub> D\ assumes nonempty_rel: \K = Cn(A) \ (K .\. \) \ {} \ \B\(K .\. \). (\C\(K .\. \). C \\<^bsub>K\<^esub> B)\ \ \pas clair dans la litterrature\ fixes rel_sel::\'a set \ 'a \ 'a set set\ (\\\<^sub>T\<^sub>R\) defines rel_sel: \\\<^sub>T\<^sub>R K \ \ if (K .\. \) = {} then {K} else {B. B\(K .\. \) \ (\C\(K .\. \). C \\<^bsub>K\<^esub> B)}\ begin text\A transitively relational selection function respect the partial meet contraction postulates.\ sublocale PartialMeetContraction where selection = \\<^sub>T\<^sub>R apply(unfold_locales) apply(simp_all add: rel_sel) using nonempty_rel apply blast using remainder_extensionality by blast end text\A full meet contraction is a limiting case of the partial meet contraction where if the remainders are not empty then the selection function return all the remainders (as defined by @{text \full_sel\}\ locale FullMeetContraction = Tarskian_logic + fixes full_sel::\'a set \ 'a \ 'a set set\ (\\\<^sub>F\<^sub>C\) defines full_sel: \\\<^sub>F\<^sub>C K \ \ if K .\. \ = {} then {K} else K .\. \\ begin text\A full selection and a relation ? is a transitively relational meet contraction postulates.\ sublocale TransitivelyRelationalMeetContraction where relation = \\ K A B. True\ and rel_sel=\\<^sub>F\<^sub>C by (unfold_locales, auto simp add:full_sel, rule eq_reflection, simp) end subsection\Equivalence of partial meet contraction and AGM contraction\ locale PMC_SC = PartialMeetContraction + Supraclassical_logic + Compact_logic begin text \In a context of a supraclassical and a compact logic the two remaining postulates of AGM contraction : \<^item> @{text \contract_recovery\} \<^item> @{text \contract_success\} can be proved on a partial meet contraction.\ text\@{text \pmc_recovery\} : all proposition removed by a partial meet contraction of @{term \\\} will be recovered by the expansion of @{term \\\}\ \ \recovery requires supraclassicality\ lemma pmc_recovery: \K = Cn(A) \ K \ ((K \
\<^bsub>\\<^esub> \) \ \)\ apply(cases \(K .\. \) = {}\, simp_all (no_asm) add:mc expansion_def) using inclusion_L tautology_selection apply fastforce proof - assume a:\K = Cn(A)\ and b:\K .\. \ \ {}\ { fix \ assume d:\K \ \\ have \\ .\. \ \ \(\ K \)\ using is_selection[OF a b] by auto (metis a d infer_def rem_closure remainder_recovery subsetD) } with a b show \K \ Cn (insert \ (\ (\ K \)))\ by (metis (no_types, lifting) Un_commute assumption_L imp_PL infer_def insert_is_Un subsetI) qed text \@{text \pmc_success\} : a partial meet contraction of @{term \K\} by @{term \\\} not imply @{term \\\}\ \ \success requires compacteness\ lemma pmc_success: \K = Cn(A) \ \ \ Cn({}) \ \ \ K \
\<^bsub>\\<^esub> \\ proof assume a:\K = Cn(A)\ and b:\\ \ Cn({})\ and c:\\ \ K \
\<^bsub>\\<^esub> \\ from c show False unfolding mc proof(cases \K .\. \ = {K}\) case True then show ?thesis by (meson assumption_L c nonconsequence_remainder pmc_inclusion[OF a] subsetD) next case False hence \\B\K .\. \. \ \ B\ using assumption_L rem by auto moreover have \K .\. \ \ {}\ using b emptyrem2taut validD_L by blast ultimately show ?thesis using b c mc nonempty_selection[OF a] validD_L emptyrem2taut is_selection[OF a] by (metis Inter_iff bot.extremum_uniqueI subset_iff) qed qed text\As a partial meet contraction has been proven to respect all postulates of AGM contraction the equivalence between the both are straightforward\ sublocale AGM_Contraction where contraction = \\A \. A \
\<^bsub>\\<^esub> \\ using pmc_closure pmc_inclusion pmc_vacuity pmc_success pmc_recovery pmc_extensionality expansion_def idempotency_L infer_def by (unfold_locales) metis+ end locale AGMC_SC = AGM_Contraction + Supraclassical_logic + Compact_logic begin text \obs 2.5 page 514\ definition AGM_selection::\'a set \ 'a \ 'a set set\ (\\\<^sub>A\<^sub>G\<^sub>M\) where AGM_sel: \\\<^sub>A\<^sub>G\<^sub>M A \ \ if A .\. \ = {} then {A} else {B. B \ A .\. \ \ A \
\ \ B}\ text\The selection function @{term \\\<^sub>A\<^sub>G\<^sub>M\} respect the partial meet contraction postulates\ sublocale PartialMeetContraction where selection = \\<^sub>A\<^sub>G\<^sub>M proof(unfold_locales, unfold AGM_sel, simp_all, goal_cases) case (1 K A \) \ \@{text \non_emptiness\} of selection requires a compact logic\ then show ?case using upper_remainder[of \K \
\\ K \] contract_success[OF 1(1)] by (metis contract_closure contract_inclusion infer_def taut2emptyrem valid_def) next case (2 K A \ \) then show ?case by (metis (mono_tags, lifting) contract_extensionality Collect_cong remainder_extensionality) qed text \@{text \contraction_is_pmc\} : an AGM contraction is equivalent to a partial met contraction using the selection function \\\<^sub>A\<^sub>G\<^sub>M\\ lemma contraction_is_pmc: \K = Cn(A) \ K \
\ = K \
\<^bsub>\\<^sub>A\<^sub>G\<^sub>M\<^esub> \\ \ \requires a supraclassical logic\ proof assume a:\K = Cn(A)\ show \K \
\ \ K \
\<^bsub>\\<^sub>A\<^sub>G\<^sub>M\<^esub> \\ using contract_inclusion[OF a] by (auto simp add:mc AGM_sel) next assume a:\K = Cn(A)\ show \K \
\<^bsub>\\<^sub>A\<^sub>G\<^sub>M\<^esub> \ \ K \
\\ proof (cases \\ \\) case True hence \K .\. \ = {}\ using nonconsequence_remainder taut2emptyrem by auto then show ?thesis apply(simp_all add:mc AGM_sel) by (metis a emptyrem2taut contract_closure contract_recovery valid_expansion) next case validFalse:False then show ?thesis proof (cases \K \ \\) case True hence b:\K .\. \ \ {}\ using emptyrem2taut validFalse by blast have d:\\ \ K \ \ .\. \ \ K \
\\ for \ using Supraclassical_logic.impI_PL Supraclassical_logic_axioms a contract_closure contract_recovery expansion_def by fastforce { fix \ assume e:\\ \ K \ and f:\\ \ K \
\\ have \(\ .\. \) .\. \ \ K \
\\ using imp_recovery2[of \K \
\\ \ \] a contract_closure d e f by auto hence g:\\ (K \
\) \ {\ .\. \} \ \\ using a contract_closure impI_PL by fastforce then obtain B where h:\(K \
\) \ {\ .\. \} \ B\ and i:\B \ K .\. \\ using upper_remainder[of \(K \
\) \ {\ .\. \}\ K \] a True contract_inclusion idempotency_L impI2 by auto hence j:\\ \ Cn(B)\ by (metis (no_types, lifting) CollectD mp_PL Un_insert_right a infer_def insert_subset rem rem_closure) have \\ \ K \
\<^bsub>\\<^sub>A\<^sub>G\<^sub>M\<^esub> \\ apply(simp add:mc AGM_sel b, rule_tac x=B in exI) by (meson Tarskian_logic.assumption_L Tarskian_logic_axioms h i j le_sup_iff) } then show ?thesis using a pmc_inclusion by fastforce next case False hence \K .\. \ = {K}\ using nonconsequence_remainder taut2emptyrem by auto then show ?thesis using False a contract_vacuity idempotency_L pmc_vacuity by auto qed qed qed lemma contraction_with_completion: \K = Cn(A) \ K \
\ = K \
\<^bsub>* \\<^sub>A\<^sub>G\<^sub>M\<^esub> \\ by (simp add: contraction_is_pmc pmc_completion) end (* in case of doubt uncomment one of these\ sublocale AGMC_SC \ PMC_SC where selection = \\<^sub>A\<^sub>G\<^sub>M\<^sub>C by (unfold_locales) sublocale PMC_SC \ AGMC_SC where contraction = \\A \. A \
\<^bsub>\\<^esub> \\ by (unfold_locales) *) locale TRMC_SC = TransitivelyRelationalMeetContraction + PMC_SC where selection = \\<^sub>T\<^sub>R begin text \A transitively relational selection function respect conjuctive overlap.\ lemma rel_sel_conj_overlap: \K = Cn(A) \ \\<^sub>T\<^sub>R K (\ .\. \) \ \\<^sub>T\<^sub>R K \ \ \\<^sub>T\<^sub>R K \\ proof(intro subsetI) fix B assume a:\K = Cn(A)\ and b:\B \ \\<^sub>T\<^sub>R K (\ .\. \)\ show \B \ \\<^sub>T\<^sub>R K \ \ \\<^sub>T\<^sub>R K \\ (is ?A) proof(cases \\ \ \ \ \ \ \ K \ \ \ \ K \ \\, elim disjE) assume \\ \\ hence c:\Cn({\ .\. \}) = Cn({\})\ using conj_equiv valid_Cn_equiv valid_def by blast from b show ?A by (metis Un_iff a c extensional_selection) next assume \\ \\ hence c:\Cn({\ .\. \}) = Cn({\})\ by (simp add: Cn_conj_bis Cn_same validD_L) from b show ?A by (metis Un_iff a c extensional_selection) next assume \\ K \ \\ then show ?A by (metis UnI1 a b conjE1_PL is_selection nonconsequence_remainder nonempty_selection tautology_selection subset_singletonD) next assume \\ K \ \\ then show ?A by (metis UnI2 a b conjE2_PL is_selection nonconsequence_remainder nonempty_selection tautology_selection subset_singletonD) next assume d:\\ (\ \ \ \ \ \ \ K \ \ \ \ K \ \)\ hence h:\K .\. \ \ {}\ and i:\K .\. \ \ {}\ and j:\K .\. (\ .\. \) \ {}\ and k:"K \ \ .\. \" using d emptyrem2taut valid_conj_PL apply auto by (meson Supraclassical_logic.conjI_PL Supraclassical_logic_axioms d) show ?A using remainder_conj[OF a k] b h i j rel_sel by auto qed qed text\A transitively relational meet contraction respect conjuctive overlap.\ lemma trmc_conj_overlap: \K = Cn(A) \ (K \
\<^bsub>\\<^sub>T\<^sub>R\<^esub> \) \ (K \
\<^bsub>\\<^sub>T\<^sub>R\<^esub> \) \ (K \
\<^bsub>\\<^sub>T\<^sub>R\<^esub> (\ .\. \))\ unfolding mc using rel_sel_conj_overlap by blast text\A transitively relational selection function respect conjuctive inclusion\ lemma rel_sel_conj_inclusion: \K = Cn(A) \ \\<^sub>T\<^sub>R K (\ .\. \) \ (K .\. \) \ {} \ \\<^sub>T\<^sub>R K \ \ \\<^sub>T\<^sub>R K (\ .\. \)\ proof(intro subsetI) fix B assume a:\K = Cn(A)\ and b:\\\<^sub>T\<^sub>R K (\ .\. \) \ (K .\. \) \ {}\ and c:\B \ \\<^sub>T\<^sub>R K \\ show \B \ \\<^sub>T\<^sub>R K (\ .\. \)\ (is ?A) proof(cases \\ \ \ \ \ \ \ K \ \ \ \ K \ \\, auto) assume \\ \\ then show ?A using b taut2emptyrem by auto next assume \\ \\ hence \Cn({\ .\. \}) = Cn({\})\ by (simp add: Cn_conj_bis Cn_same validD_L) then show ?A using a c extensional_selection by blast next assume d:\\ \ Cn K\ with d show ?A by (metis Int_emptyI Tarskian_logic.nonconsequence_remainder Tarskian_logic_axioms a b c idempotency_L inf_bot_right is_selection nonempty_selection singletonD subset_singletonD) next assume d:\\ \ Cn K\ hence e:\(\ .\. \) \ Cn K\ by (meson Supraclassical_logic.conjE2_PL Supraclassical_logic_axioms) hence f:\\\<^sub>T\<^sub>R K (\ .\. \) = {K}\ by (metis Tarskian_logic.nonconsequence_remainder Tarskian_logic_axioms a insert_not_empty is_selection nonempty_selection subset_singletonD) with b have g:\(K .\. \) = {K}\ unfolding nonconsequence_remainder[symmetric] using rem by auto with d f show ?A using a c is_selection by fastforce next assume d:\\ \ \\ and e:\\ \ \\ and f:\\ \ Cn K\ and g:\\ \ Cn K\ hence h:\K .\. \ \ {}\ and i:\K .\. \ \ {}\ and j:\K .\. (\ .\. \) \ {}\ and k:"K \ \ .\. \" using e d emptyrem2taut valid_conj_PL apply auto by (meson Supraclassical_logic.conjI_PL Supraclassical_logic_axioms f g) have o:\B \ K .\. \ \ B \ K .\. (\ .\. \)\ for B using a k remainder_conj by auto from b obtain B' where l:\B' \ K .\. (\ .\. \)\ and m:\\C\K .\. (\ .\. \). C \\<^bsub>K\<^esub> B'\ and n:\\ \ B'\ apply (auto simp add:mc rel_sel j) using assumption_L rem by force have p:\B' \ K .\. \\ apply(simp add: rem) by (metis (no_types, lifting) Supraclassical_logic.conjE1_PL Supraclassical_logic_axioms Tarskian_logic.rem Tarskian_logic_axioms a l mem_Collect_eq n rem_closure) from c show ?A apply (simp add:rel_sel o j h) using m p trans_rel a by blast qed qed text\A transitively relational meet contraction respect conjuctive inclusion\ lemma trmc_conj_inclusion: \K = Cn(A) \ \ \ (K \
\<^bsub>\\<^sub>T\<^sub>R\<^esub> (\ .\. \)) \ ((K \
\<^bsub>\\<^sub>T\<^sub>R\<^esub> (\ .\. \) \ (K \
\<^bsub>\\<^sub>T\<^sub>R\<^esub> \)))\ proof - assume a:\K = Cn(A)\ and b:\\ \ (K \
\<^bsub>\\<^sub>T\<^sub>R\<^esub> (\ .\. \))\ then obtain B where c:\B \ \\<^sub>T\<^sub>R K (\ .\. \)\ and d:\\ B \ \\ apply(simp add:mc) by (metis b emptyrem2taut is_selection pmc_tautology rem_closure subset_iff validD_L valid_conj_PL) hence \B \ (K .\. \)\ using remainder_recovery_bis[OF a _ d, of \\ .\. \\] - by (metis (no_types, hide_lams) a conj_PL emptyrem2taut insert_not_empty is_selection - nonconsequence_remainder subsetD taut2emptyrem) + by (metis (no_types, opaque_lifting) a conj_PL emptyrem2taut insert_not_empty is_selection + nonconsequence_remainder subsetD taut2emptyrem) with c have e:\\\<^sub>T\<^sub>R K (\ .\. \) \ (K .\. \) \ {}\ by blast then show \((K \
\<^bsub>\\<^sub>T\<^sub>R\<^esub> (\ .\. \) \ (K \
\<^bsub>\\<^sub>T\<^sub>R\<^esub> \)))\ unfolding mc using rel_sel_conj_inclusion[OF a e] by blast qed text\As a transitively relational meet contraction has been proven to respect all postulates of AGM full contraction the equivalence between the both are straightforward\ sublocale AGM_FullContraction where contraction = \\A \. A \
\<^bsub>\\<^sub>T\<^sub>R\<^esub> \\ using trmc_conj_inclusion trmc_conj_overlap by (unfold_locales, simp_all) end locale AGMFC_SC = AGM_FullContraction + AGMC_SC begin text\An AGM relation is defined as ?\ definition AGM_relation::\'a set \ 'a set \ 'a set \ bool\ where AGM_rel: \AGM_relation C K B \ (C = K \ B = K) \ ( (\\. K \ \ \ C \ K .\. \) \ (\\. K \ \ \ B \ K .\. \ \ K \
\ \ B) \ (\\. (K \ \ \ C \ K .\. \ \ B \ K .\. \ \ K \
\ \ C) \ K \
\ \ B))\ text\An AGM relational selection is defined as a function that return @{term \K\} if the remainders of @{text \K .\. \\} is empty and the best element of the remainders according to an AGM relation\ definition AGM_relational_selection::\'a set \ 'a \ 'a set set\ (\\\<^sub>A\<^sub>G\<^sub>M\<^sub>T\<^sub>R\) where AGM_rel_sel: \\\<^sub>A\<^sub>G\<^sub>M\<^sub>T\<^sub>R K \ \ if (K .\. \) = {} then {K} else {B. B\(K .\. \) \ (\C\(K .\. \). AGM_relation C K B)}\ lemma AGM_rel_sel_completion: \K = Cn(A) \ \\<^sub>A\<^sub>G\<^sub>M\<^sub>T\<^sub>R K \ = * \\<^sub>A\<^sub>G\<^sub>M K \\ apply (unfold AGM_rel_sel, simp add:completion_def split: if_splits) proof(auto simp add:AGM_sel) fix S B C assume a:\S \ Cn(A) .\. \\ and b:\B \ Cn(A) .\. \\ and c:\\ {B \ Cn(A) .\. \. Cn(A) \
\ \ B} \ B\ and d:\C \ Cn(A) .\. \\ hence e:\\ \ Cn(A) \
\\ using Tarskian_logic.taut2emptyrem Tarskian_logic_axioms contract_success by fastforce show \AGM_relation C (Cn(A)) B\ proof(cases \\ \ Cn(A)\) case True { fix \ assume \Cn A \
\ \ C\ hence \Cn A \
(\ .\. \) \ Cn A \
\\ using contract_conj_inclusion_variant[of \Cn(A)\ A \ \] by (metis (mono_tags, lifting) assumption_L contract_conj_inclusion d mem_Collect_eq rem subset_iff) } note f = this { fix \ \' assume g:\\ \ Cn A \
\'\ and h:\B \ Cn A .\. \'\ and j:\Cn A \
\' \ C\ and i:\\ \ B\ hence \\' .\. \ \ Cn A \
\'\ using Supraclassical_logic.disjI2_PL Supraclassical_logic_axioms contract_closure by fastforce hence k:\\' .\. \ \ Cn A \
\\ using contract_conj_overlap_variant[of \Cn(A)\ A \' \] f[OF j] by (metis IntI Supraclassical_logic.disjI1_PL Supraclassical_logic_axioms conj_com_Cn contract_extensionality inclusion_L singletonI subsetD) hence l:\Cn A \
\ \ B\ using c by auto from k l have m:\\' .\. \ \ B\ and n:\B =Cn(B)\ using b rem_closure by blast+ have \B \ {\} \ \'\ using g h i by (simp add:rem) (metis contract_inclusion insertI1 insert_subsetI psubsetI subsetD subset_insertI) with n m have \B \ \'\ by (metis Cn_equiv assumption_L disjE_PL disj_com equiv_PL imp_PL) with h have False using assumption_L rem by auto } note g = this with True show ?thesis apply(unfold AGM_rel, rule_tac disjI2) using d b c by (auto simp add:AGM_rel idempotency_L del:subsetI) blast+ next case False then show ?thesis by (metis AGM_rel b d idempotency_L infer_def nonconsequence_remainder singletonD) qed next fix S B \ assume a:\S \ Cn(A) .\. \\ and b:\B \ Cn(A) .\. \\ and c:\\C\Cn A .\. \. AGM_relation C (Cn A) B\ and d:\\C'. C' \ Cn A .\. \ \ Cn A \
\ \ C' \ \ \ C'\ then show \\ \ B\ unfolding AGM_rel by (metis (no_types, lifting) AGM_sel empty_Collect_eq insert_Diff insert_not_empty nonconsequence_remainder nonempty_selection singletonD) qed text\A transitively relational selection and an AGM relation is a transitively relational meet contraction\ sublocale TransitivelyRelationalMeetContraction where relation = AGM_relation and rel_sel = \\\<^sub>A\<^sub>G\<^sub>M\<^sub>T\<^sub>R\ proof(unfold_locales, simp_all (no_asm) only:atomize_eq, goal_cases) case a:(1 K A C B' B) \ \Very difficult proof requires litterature and high automation of isabelle!\ from a(2,3) show ?case unfolding AGM_rel apply(elim disjE conjE, simp_all) proof(intro disjI2 allI impI, elim exE conjE, goal_cases) case (1 \ _ _ \) have b:\B \ K .\. (\ .\. \)\ and c:\B' \ K .\. (\ .\. \)\ and d:\C \ K .\. (\ .\. \)\ using remainder_conj[OF a(1)] 1 conjI_PL by auto hence e:\K \
(\ .\. \) \ B\ using contract_conj_inclusion_variant[OF a(1), of \ \] by (meson "1"(1) "1"(12) "1"(16) "1"(2) "1"(3) "1"(8) Supraclassical_logic.conj_PL Supraclassical_logic_axioms dual_order.trans) { fix \ assume f:\\ \ K \
\\ have \\ .\. \ \ (K \
\) \ Cn {\}\ by (metis Int_iff Supraclassical_logic.disjI1_PL Supraclassical_logic.disjI2_PL Supraclassical_logic_axioms f a(1) contract_closure in_mono inclusion_L singletonI) hence g:\\ .\. \ \ B\ using contract_conj_overlap_variant[OF a(1), of \] by (metis AGM_Contraction.contract_extensionality AGM_Contraction_axioms a(1) conj_com_Cn e in_mono) have \\ .\. \ \ B\ by (metis a(1) "1"(10) "1"(15) "1"(16) assumption_L f in_mono infer_def rem_closure rem_inclusion remainder_recovery) with g have \\ \ B\ by (metis 1(15) a(1) disjE_PL infer_def order_refl rem_closure validD_L valid_Cn_imp) } then show ?case by blast qed next case (2 K A \) hence \* \\<^sub>A\<^sub>G\<^sub>M K \ \ {}\ using nonempty_selection[OF 2(1), of \] selection_completion[OF 2(1), of \] by blast then show ?case using AGM_rel_sel_completion[OF 2(1), of \] AGM_rel_sel 2(1,2) by force next case (3 K \) then show ?case using AGM_rel_sel_completion AGM_rel_sel by simp qed \ \ça marche tout seul! ==> Je ne vois pas où sont utilisés ces lemmas\ lemmas fullcontraction_is_pmc = contraction_is_pmc lemmas fullcontraction_is_trmc = contraction_with_completion end locale FMC_SC = FullMeetContraction + TRMC_SC begin lemma full_meet_weak1: \K = Cn(A) \ K \ \ \ (K \
\<^bsub>\\<^sub>F\<^sub>C\<^esub> \) = K \ Cn({.\ \})\ proof(intro subset_antisym Int_greatest) assume a:\K = Cn(A)\ and b:\K \ \\ then show \ (K \
\<^bsub>\\<^sub>F\<^sub>C\<^esub> \) \ K\ by (simp add: Inf_less_eq full_sel mc rem_inclusion) next assume a:\K = Cn(A)\ and b:\K \ \\ show \(K \
\<^bsub>\\<^sub>F\<^sub>C\<^esub> \) \ Cn({.\ \})\ proof fix \ assume c:\\ \ (K \
\<^bsub>\\<^sub>F\<^sub>C\<^esub> \)\ { assume \\ {.\ \} \ \\ hence \\ {.\ \} \ \\ by (metis Un_insert_right insert_is_Un not_PL notnot_PL) hence \\ {\ .\. .\ \} \ \\ by (metis assumption_L disjI2_PL singleton_iff transitivity2_L) then obtain B where d:\{\ .\. .\ \} \ B\ and e:\B \ K .\. \\ by (metis a b disjI1_PL empty_subsetI idempotency_L infer_def insert_subset upper_remainder) hence f:\\ \ \ B\ by (metis (no_types, lifting) CollectD assumption_L insert_subset disj_notE_PL rem) hence \\ \ \ (K \
\<^bsub>\\<^sub>F\<^sub>C\<^esub> \)\ using e mc full_sel by auto } then show \\ \ Cn({.\ \})\ using c infer_def by blast qed next assume a:\K = Cn(A)\ and b:\K \ \\ show \K \ Cn({.\ \}) \ (K \
\<^bsub>\\<^sub>F\<^sub>C\<^esub> \)\ proof(safe) fix \ assume c:\\ \ K\ and d: \\ \ Cn {.\ \}\ have e:\B \ .\ \ .\. \\ for B by (simp add: d validD_L valid_imp_PL) { fix B assume f:\B \ K .\. \\ hence \B \ \ .\. \\ using a assumption_L c remainder_recovery by auto then have f:\B \ \\ using d e using disjE_PL ex_mid_PL by blast } then show \\ \ (K \
\<^bsub>\\<^sub>F\<^sub>C\<^esub> \)\ apply(simp_all add:mc c full_sel) using a rem_closure by blast qed qed lemma full_meet_weak2:\K = Cn(A) \ K \ \ \ Cn((K \
\<^bsub>\\<^sub>F\<^sub>C\<^esub> \) \ {.\ \}) = Cn({.\ \})\ unfolding full_meet_weak1 by (metis Cn_union idempotency_L inf.cobounded2 sup.absorb_iff2 sup_commute) end end diff --git a/thys/Belief_Revision/AGM_Logic.thy b/thys/Belief_Revision/AGM_Logic.thy --- a/thys/Belief_Revision/AGM_Logic.thy +++ b/thys/Belief_Revision/AGM_Logic.thy @@ -1,480 +1,480 @@ (*<*) \\ ******************************************************************** * Project : AGM Theory * Version : 1.0 * * Authors : Valentin Fouillard, Safouan Taha, Frederic Boulanger and Nicolas Sabouret * * This file : AGM logics * * Copyright (c) 2021 Université Paris Saclay, France * ******************************************************************************\ theory AGM_Logic imports Main begin (*>*) section \Introduction\ text\ The 1985 paper by Carlos Alchourrón, Peter Gärdenfors, and David Makinson (AGM), “On the Logic of Theory Change: Partial Meet Contraction and Revision Functions” @{cite "alchourron1985logic"} launches a large and rapidly growing literature that employs formal models and logics to handle changing beliefs of a rational agent and to take into account new piece of information observed by this agent. In 2011, a review book titled "AGM 25 Years: Twenty-Five Years of Research in Belief Change" was edited to summarize the first twenty five years of works based on AGM @{cite "Ferme2011"}. According to Google Scholar, the original AGM paper was cited 4000 times! This AFP entry is HOL-based and it is a faithful formalization of the logic operators (e.g. contraction, revision, remainder \dots ) axiomatized in the AGM paper. It also contains the proofs of all the theorems stated in the paper that show how these operators combine. Both proofs of Harper and Levi identities are established. \ text\A belief state can be considered as a consistent set of beliefs (logical propositions) closed under logical reasoning. Belief changes represent the operations that apply on a belief state to remove some of it and/or to add new beliefs (propositions). In the latter case, it is possible that other beliefs are affected by these changes (to preserve consistency for example). AGM define several postulates to guarantee that such operations preserve consistency meaning that the agent keeps rational. Three kinds of operators are defined : \<^item> The contraction @{text \\
\} : where a proposition is removed from a belief set \<^item> The expansion @{text \\\} : where a proposition is added to a belief set \<^item> The revision @{text \\<^bold>*\} : where a proposition is added to a belief set such that the belief set remains consistent \ text\In this AFP entry, there are three theory files: \<^enum> The AGM Logic file contains a classification of logics used in the AGM framework. \<^enum> The AGM Remainder defines a important operator used in the AGM framework. \<^enum> The AGM Contraction file contains the postulates of the AGM contraction and its relation with the meet contraction. \<^enum> The AGM Revision file contains the postulates of the AGM revision and its relation with the meet revision. \ section \Logics\ text\The AGM framework depends on the underlying logic used to express beliefs. AGM requires at least a Tarskian propositional calculus. If this logic is also supra-classical and/or compact, new properties are established and the main theorems of AGM are strengthened. To model AGM it is therefore important to start by formalizing this underlying logic and its various extensions. We opted for a deep embedding in HOL which required the redefinition of all the logical operators and an axiomatization of their rules. This is certainly not efficient in terms of proof but it gives a total control of our formalization and an assurance that the logic used has no hidden properties depending on the Isabelle/HOL implementation. We use the Isabelle \<^emph>\locales\ feature and we take advantage of the inheritance/extension mechanisms between locales.\ subsection \Tarskian Logic\ text \ The first locale formalizes a Tarskian logic based on the famous Tarski's consequence operator: @{term \Cn(A)\} which gives the set of all propositions (\<^bold>\closure\) that can be inferred from the set of propositions @{term \A\}, Exactly as it is classically axiomatized in the literature, three assumptions of the locale define the consequence operator. \ locale Tarskian_logic = fixes Cn::\'a set \ 'a set\ assumes monotonicity_L: \A \ B \ Cn(A) \ Cn(B)\ and inclusion_L: \A \ Cn(A)\ and transitivity_L: \Cn(Cn(A)) \ Cn(A)\ \ \ Short notation for ``@{term \\\} can be inferred from the propositions in @{term \A\}''. \ fixes infer::\'a set \ 'a \ bool\ (infix \\\ 50) defines \A \ \ \ \ \ Cn(A)\ \ \ @{term \\\} is valid (a tautology) if it can be inferred from nothing. \ fixes valid::\'a \ bool\ (\\\) defines \\ \ \ {} \ \\ \ \ @{term \A \ \\} is all that can be infered from @{term \A\} and @{term \\\}. \ fixes expansion::\'a set \ 'a \ 'a set\ (infix \\\ 57) defines \A \ \ \ Cn(A \ {\})\ begin lemma idempotency_L: \Cn(Cn(A)) = Cn(A)\ by (simp add: inclusion_L transitivity_L subset_antisym) lemma assumption_L: \\ \ A \ A \ \\ using inclusion_L infer_def by blast lemma validD_L: \\ \ \ \ \ Cn(A)\ using monotonicity_L valid_def infer_def by fastforce lemma valid_expansion: \K = Cn(A) \ \ \ \ K \ \ = K\ by (simp add: idempotency_L insert_absorb validD_L valid_def expansion_def) lemma transitivity2_L: assumes \\\ \ B. A \ \\ and \B \ \\ shows \A \ \\ proof - from assms(1) have \B \ Cn(A)\ by (simp add: infer_def subsetI) hence \Cn(B) \ Cn(A)\ using idempotency_L monotonicity_L by blast moreover from assms(2) have \\ \ Cn(B)\ by (simp add: infer_def) ultimately show ?thesis using infer_def by blast qed lemma Cn_same: \(Cn(A) = Cn(B)) \ (\C. A \ Cn(C) \ B \ Cn(C))\ proof { assume h:\Cn(A) = Cn(B)\ from h have \\\ \ B. A \ \\ by (simp add: Tarskian_logic.assumption_L Tarskian_logic_axioms infer_def) moreover from h[symmetric] have \\\ \ A. B \ \\ by (simp add: Tarskian_logic.assumption_L Tarskian_logic_axioms infer_def) ultimately have \\C. A \ Cn(C) \ B \ Cn(C)\ using h idempotency_L inclusion_L monotonicity_L by blast } thus \Cn(A) = Cn(B) \ \C. (A \ Cn(C)) = (B \ Cn(C))\ . next { assume h:\\C. (A \ Cn(C)) = (B \ Cn(C))\ from h have \(A \ Cn(A)) = (B \ Cn(A))\ and \(A \ Cn(B)) = (B \ Cn(B))\ by simp+ hence \B \ Cn(A)\ and \A \ Cn(B)\ by (simp add: inclusion_L)+ hence \Cn(A) = Cn(B)\ using idempotency_L monotonicity_L by blast } thus \(\C. (A \ Cn(C)) = (B \ Cn(C))) \ Cn(A) = Cn(B)\ . qed \ \ The closure of the union of two consequence closures. \ lemma Cn_union: \Cn(Cn(A) \ Cn(B)) = Cn(A \ B)\ proof have \Cn(Cn(A) \ Cn(B)) \ Cn(Cn (A \ B))\ by (simp add: monotonicity_L) thus \Cn(Cn(A) \ Cn(B)) \ Cn(A \ B)\ by (simp add: idempotency_L) next have \(A \ B) \ (Cn(A) \ Cn(B))\ using inclusion_L by blast thus \Cn(A \ B) \ Cn(Cn(A) \ Cn(B))\ by (simp add: monotonicity_L) qed \ \ The closure of an infinite union of consequence closures. \ lemma Cn_Union: \Cn(\{Cn(B)|B. P B}) = Cn(\{B. P B})\ (is \?A = ?B\) proof have \?A \ Cn ?B\ apply(rule monotonicity_L, rule Union_least, auto) by (metis Sup_upper in_mono mem_Collect_eq monotonicity_L) then show \?A \ ?B\ by (simp add: idempotency_L) next show \?B \ ?A\ by (metis (mono_tags, lifting) Union_subsetI inclusion_L mem_Collect_eq monotonicity_L) qed \ \ The intersection of two closures is closed. \ lemma Cn_inter: \K = Cn(A) \ Cn(B) \ K = Cn(K)\ proof - { fix K assume h:\K = Cn(A) \ Cn(B)\ from h have \K \ Cn(A)\ and \K \ Cn(B)\ by simp+ hence \Cn(K) \ Cn(A)\ and \Cn(K) \ Cn(B)\ using idempotency_L monotonicity_L by blast+ hence \Cn(K) \ Cn(A) \ Cn(B)\ by simp with h have \K = Cn(K)\ by (simp add: inclusion_L subset_antisym) } thus \K = Cn(A) \ Cn(B) \ K = Cn(K)\ . qed \ \ An infinite intersection of closures is closed. \ lemma Cn_Inter: \K = \{Cn(B)|B. P B} \ K = Cn(K)\ proof - { fix K assume h:\K = \{Cn(B)|B. P B}\ from h have \\B. P B \ K \ Cn(B)\ by blast hence \\B. P B \ Cn(K) \ Cn(B)\ using idempotency_L monotonicity_L by blast hence \Cn(K) \ \{Cn(B)|B. P B}\ by blast with h have \K = Cn(K)\ by (simp add: inclusion_L subset_antisym) } thus \K = \{Cn(B)|B. P B} \ K = Cn(K)\ . qed end subsection \Supraclassical Logic\ text \ A Tarskian logic has only one abstract operator catching the notion of consequence. A basic case of such a logic is a \<^bold>\Supraclassical\ logic that is a logic with all classical propositional operators (e.g. conjunction (\\\), implication(\\\), negation (\\\) \dots ) together with their classical semantics. We define a new locale. In order to distinguish the propositional operators of our supraclassical logic from those of Isabelle/HOL, we use dots (e.g. \.\.\ stands for conjunction). We axiomatize the introduction and elimination rules of each operator as it is commonly established in the classical literature. As explained before, we give priority to a complete control of our logic instead of an efficient shallow embedding in Isabelle/HOL. \ locale Supraclassical_logic = Tarskian_logic + fixes true_PL:: \'a\ (\\\) and false_PL:: \'a\ (\\\) and imp_PL:: \'a \ 'a \ 'a\ (infix \.\.\ 55) and not_PL:: \'a \ 'a\ (\.\\) and conj_PL:: \'a \ 'a \ 'a\ (infix \.\.\ 55) and disj_PL:: \'a \ 'a \ 'a\ (infix \.\.\ 55) and equiv_PL:: \'a \ 'a \ 'a\ (infix \.\.\ 55) assumes true_PL: \A \ \\ and false_PL: \{\} \ p\ and impI_PL: \A \ {p} \ q \ A \ (p .\. q)\ and mp_PL: \A \ p .\. q \ A \ p \ A \ q\ and notI_PL: \A \ p .\. \ \ A \ .\ p\ and notE_PL: \A \ .\ p \ A \ (p .\. \)\ and conjI_PL: \A \ p \ A \ q \ A \ (p .\. q)\ and conjE1_PL: \A \ p .\. q \ A \ p\ and conjE2_PL: \A \ p .\. q \ A \ q\ and disjI1_PL: \A \ p \ A \ (p .\. q)\ and disjI2_PL: \A \ q \ A \ (p .\. q)\ and disjE_PL: \A \ p .\. q \ A \ p .\. r \ A \ q.\. r \ A \ r\ and equivI_PL: \A \ p .\. q \ A \ q .\. p \ A \ (p .\. q)\ and equivE1_PL: \A \ p .\. q \ A \ p .\. q\ and equivE2_PL: \A \ p .\. q \ A \ q .\. p\ \ \non intuitionistic rules\ and absurd_PL: \A \ .\ (.\ p) \ A \ p\ and ex_mid_PL: \A \ p .\. (.\ p)\ begin text \In the following, we will first retrieve the classical logic operators semantics coming from previous introduction and elimination rules\ lemma non_consistency: assumes \A \ .\ p\ and \A \ p\ shows \A \ q\ by (metis assms(1) assms(2) false_PL mp_PL notE_PL singleton_iff transitivity2_L) \ \this direct result brings directly many remarkable properties of implication (i.e. transitivity)\ lemma imp_PL: \A \ p .\. q \ A \ {p} \ q\ apply (intro iffI impI_PL) apply(rule mp_PL[where p=p], meson UnI1 assumption_L transitivity2_L) using assumption_L by auto lemma not_PL: \A \ .\ p \ A \ {p} \ \\ using notE_PL notI_PL imp_PL by blast \ \Classical logic result\ lemma notnot_PL: \A \ .\ (.\ p) \ A \ p\ apply(rule iffI, simp add:absurd_PL) by (meson mp_PL notE_PL Un_upper1 Un_upper2 assumption_L infer_def monotonicity_L not_PL singletonI subsetD) lemma conj_PL: \A \ p .\. q \ (A \ p \ A \ q)\ using conjE1_PL conjE2_PL conjI_PL by blast lemma disj_PL: \A \ p .\. q \ A \ {.\ p} \ q\ proof assume a:\A \ p .\. q\ have b:\A \ p .\. (.\ p .\. q)\ by (intro impI_PL) (meson Un_iff assumption_L insertI1 non_consistency) have c:\A \ q .\. (.\ p .\. q)\ by (simp add: assumption_L impI_PL) from a b c have \A \ .\ p .\. q\ by (erule_tac disjE_PL) simp_all then show \A \ {.\ p} \ q\ using imp_PL by blast next assume a:\A \ {.\ p} \ q\ hence b:\A \ .\ p .\. q\ by (simp add: impI_PL) then show \A \ p .\. q\ apply(rule_tac disjE_PL[OF ex_mid_PL, of A p \p .\. q\]) by (auto simp add: assumption_L disjI2_PL disjI1_PL impI_PL imp_PL) qed lemma equiv_PL:\A \ p .\. q \ (A \ {p} \ q \ A \ {q} \ p)\ using imp_PL equivE1_PL equivE2_PL equivI_PL by blast corollary valid_imp_PL: \\ (p .\. q) = ({p} \ q)\ and valid_not_PL: \\ (.\ p) = ({p} \ \)\ and valid_conj_PL: \\ (p .\. q) = (\ p \ \ q)\ and valid_disj_PL: \\ (p .\. q) = ({.\ p} \ q)\ and valid_equiv_PL:\\ (p .\. q) = ({p} \ q \ {q} \ p)\ using imp_PL not_PL conj_PL disj_PL equiv_PL valid_def by auto text\Second, we will combine each logical operator with the consequence operator \Cn\: it is a trick to profit from set theory to get many essential lemmas without complex inferences\ declare infer_def[simp] lemma nonemptyCn: \Cn(A) \ {}\ using true_PL by auto lemma Cn_true: \Cn({\}) = Cn({})\ using Cn_same true_PL by auto lemma Cn_false: \Cn({\}) = UNIV\ using false_PL by auto lemma Cn_imp: \A \ (p .\. q) \ Cn({q}) \ Cn(A \ {p})\ and Cn_imp_bis: \A \ (p .\. q) \ Cn(A \ {q}) \ Cn(A \ {p})\ using Cn_same imp_PL idempotency_L inclusion_L infer_def subset_insertI by force+ lemma Cn_not: \A \ .\ p \ Cn(A \ {p}) = UNIV\ using Cn_false Cn_imp notE_PL not_PL by fastforce lemma Cn_conj: \A \ (p .\. q) \ Cn({p}) \ Cn({q}) \ Cn(A)\ apply(intro iffI conjI_PL, frule conjE1_PL, frule conjE2_PL) using Cn_same Un_insert_right bot.extremum idempotency_L inclusion_L by auto lemma Cn_conj_bis: \Cn({p .\. q}) = Cn({p, q})\ by (unfold Cn_same) (meson Supraclassical_logic.conj_PL Supraclassical_logic_axioms insert_subset) lemma Cn_disj: \A \ (p .\. q) \ Cn({q}) \ Cn(A \ {.\ p})\ and Cn_disj_bis: \A \ (p .\. q) \ Cn(A \ {q}) \ Cn(A \ {.\ p})\ using disj_PL Cn_same imp_PL idempotency_L inclusion_L infer_def subset_insertI by force+ lemma Cn_equiv: \A \ (p .\. q) \ Cn(A \ {p}) = Cn(A \ {q})\ by (metis Cn_imp_bis equivE1_PL equivE2_PL equivI_PL set_eq_subset) corollary valid_nonemptyCn: \Cn({}) \ {}\ and valid_Cn_imp: \\ (p .\. q) \ Cn({q}) \ Cn({p})\ and valid_Cn_not: \\ (.\ p) \ Cn({p}) = UNIV\ and valid_Cn_conj: \\ (p .\. q) \ Cn({p}) \ Cn({q}) \ Cn({})\ and valid_Cn_disj: \\ (p .\. q) \ Cn({q}) \ Cn({.\ p})\ and valid_Cn_equiv: \\ (p .\. q) \ Cn({p}) = Cn({q})\ using nonemptyCn Cn_imp Cn_not Cn_conj Cn_disj Cn_equiv valid_def by auto \ \Finally, we group additional lemmas that were essential in further proofs\ lemma consistency: \Cn({p}) \ Cn({.\ p}) = Cn({})\ proof { fix q assume \{p} \ q\ and \{.\ p} \ q\ hence "{} \ p .\. q" and "{} \ (.\ p) .\. q" using impI_PL by auto hence \{} \ q\ using ex_mid_PL by (rule_tac disjE_PL[where p=p and q=\.\ p\]) blast } then show \Cn({p}) \ Cn({.\ p}) \ Cn({})\ by (simp add: subset_iff) next show \Cn({}) \ Cn({p}) \ Cn({.\ p})\ by (simp add: monotonicity_L) qed -lemma Cn_notnot: \Cn({.\ (.\ \)}) = Cn({\})\ - by (metis (no_types, hide_lams) notnot_PL valid_Cn_equiv valid_equiv_PL) +lemma Cn_notnot: \Cn({.\ (.\ \)}) = Cn({\})\ + by (metis (no_types, opaque_lifting) notnot_PL valid_Cn_equiv valid_equiv_PL) lemma conj_com: \A \ p .\. q \ A \ q .\. p\ using conj_PL by auto lemma conj_com_Cn: \Cn({p .\. q}) = Cn({q .\. p})\ by (simp add: Cn_conj_bis insert_commute) lemma disj_com: \A \ p .\. q \ A \ q .\. p\ proof - { fix p q have \A \ p .\. q \ A \ q .\. p\ apply(erule disjE_PL) using assumption_L disjI2_PL disjI1_PL impI_PL by auto } then show ?thesis by auto qed lemma disj_com_Cn: \Cn({p .\. q}) = Cn({q .\. p})\ unfolding Cn_same using disj_com by simp lemma imp_contrapos: \A \ p .\. q \ A \ .\ q .\. .\ p\ by (metis Cn_not Un_insert_left Un_insert_right imp_PL notnot_PL) lemma equiv_negation: \A \ p .\. q \ A \ .\ p .\. .\ q\ using equivE1_PL equivE2_PL equivI_PL imp_contrapos by blast lemma imp_trans: \A \ p .\.q \ A \ q .\.r \ A \ p .\.r\ using Cn_imp_bis by auto lemma imp_recovery0: \A \ p .\. (p .\. q)\ apply(subst disj_PL, subst imp_contrapos) using assumption_L impI_PL by auto lemma imp_recovery1: \A \ {p .\. q} \ p \ A \ p\ using disjE_PL[OF imp_recovery0, of A p p q] assumption_L imp_PL by auto lemma imp_recovery2: \A \ p .\. q \ A \ (q .\. p) .\. p \ A \ q\ using imp_PL imp_recovery1 imp_trans by blast lemma impI2: \A \ q \ A \ p .\. q\ by (meson assumption_L impI_PL in_mono sup_ge1 transitivity2_L) lemma conj_equiv: \A \ p \ A \ ((p .\. q) .\. q)\ by (metis Un_insert_right assumption_L conjE2_PL conjI_PL equiv_PL impI2 imp_PL insertI1 sup_bot.right_neutral) lemma conj_imp: \A \ (p .\. q) .\. r \ A \ p .\. (q .\. r)\ proof assume "A \ (p .\. q) .\. r" then have "Cn (A \ {r}) \ Cn (A \ {p, q})" by (metis (no_types) Cn_conj_bis Cn_imp_bis Cn_union Un_insert_right sup_bot.right_neutral) then show \A \ p .\. (q .\. r)\ by (metis Un_insert_right impI_PL inclusion_L infer_def insert_commute insert_subset subset_eq sup_bot.right_neutral) next assume "A \ p .\. (q .\. r)" then have "A \ {p} \ {q} \ r" using imp_PL by auto then show "A \ (p .\. q) .\. r" by (metis (full_types) Cn_conj_bis Cn_union impI_PL infer_def insert_is_Un sup_assoc) qed lemma conj_not_impE_PL: \A \ (p .\. q) .\. r \ A \ (p .\. .\ q) .\. r \ A \ p .\. r\ by (meson conj_imp disjE_PL ex_mid_PL imp_PL) lemma disj_notE_PL: \A \ q \ A \ p .\. .\ q \ A \ p\ using Cn_imp Cn_imp_bis Cn_not disjE_PL notnot_PL by blast lemma disj_not_impE_PL: \A \ (p .\. q) .\. r \ A \ (p .\. .\ q) .\. r \ A \ r\ by (metis Un_insert_right disjE_PL disj_PL disj_com ex_mid_PL insert_commute sup_bot.right_neutral) lemma imp_conj: \A \ p .\. q \ A \ r .\. s \ A \ (p .\. r) .\. (q .\. s)\ apply(intro impI_PL conjI_PL, unfold imp_PL[symmetric]) by (meson assumption_L conjE1_PL conjE2_PL imp_trans infer_def insertI1 validD_L valid_imp_PL)+ lemma conj_overlap: \A \ (p .\. q) \ A \ (p .\. ((.\ p) .\. q))\ by (meson conj_PL disjI2_PL disj_com disj_notE_PL) lemma morgan: \A \ .\ (p .\. q) \ A \ (.\ p) .\. (.\ q)\ by (meson conj_imp disj_PL disj_com imp_PL imp_contrapos notE_PL notI_PL) lemma conj_superexpansion1: \A \ .\ (p .\. q) .\. .\ p \ A \ .\ p\ using conj_PL disjI1_PL morgan by auto lemma conj_superexpansion2: \A \ (p .\. q) .\. p \ A \ p\ using conj_PL disjI1_PL by auto end subsection \Compact Logic\ text\If the logic is compact, which means that any result is based on a finite set of hypothesis\ locale Compact_logic = Tarskian_logic + assumes compactness_L: \A \ \ \ (\A'. A'\ A \ finite A' \ A'\ \)\ begin text \Very important lemma preparing the application of the Zorn's lemma. It states that in a compact logic, we can not deduce \\\ if we accumulate an infinity of hypothesis groups which locally do not deduce phi\ lemma chain_closure: \\ \ \ \ subset.chain {B. \ B \ \} C \ \ \C \ \\ proof assume a:\subset.chain {B. \ B \ \} C\ and b:\\ \ \\ and \\ C \ \\ then obtain A' where c:\A'\ \ C\ and d:\finite A'\ and e:\A' \ \\ using compactness_L by blast define f where f:\f \ \a. SOME B. B \ C \ a \ B\ have g:\finite (f ` A')\ using f d by simp have h:\(f ` A') \ C\ unfolding f by auto (metis (mono_tags, lifting) Union_iff c someI_ex subset_eq) have i:\subset.chain {B. \ B \ \} (f ` A')\ using a h using a h by (meson subsetD subset_chain_def subset_trans) have \A' \ {} \ \ (f ` A') \ {B. \ B \ \}\ using g i by (meson Union_in_chain image_is_empty subset_chain_def subset_eq) hence j:\A' \ {} \ \ \(f ` A') \ \\ by simp have \A' \ \(f ` A')\ unfolding f by auto (metis (no_types, lifting) Union_iff c someI_ex subset_iff) with j e b show False by (metis infer_def monotonicity_L subsetD valid_def) qed end end