nominal2: comparison Tutorial/Tutorial3.thy

equal deleted inserted replaced

-:ddc05a611005
+:f325eefe803e
+theory Tutorial3
+imports Lambda
+begin
+section {* Formalising Barendregt's Proof of the Substitution Lemma *}
+text {*
+Barendregt's proof needs in the variable case a case distinction.
+One way to do this in Isar is to use blocks. A block is some sequent
+or reasoning steps enclosed in curly braces
+{ \<dots>
+have "statement"
+}
+Such a block can contain local assumptions like
+{ assume "A"
+assume "B"
+\<dots>
+have "C" by \<dots>
+}
+Where "C" is the last have-statement in this block. The behaviour
+of such a block to the 'outside' is the implication
+\<lbrakk>A; B\<rbrakk> \<Longrightarrow> "C"
+Now if we want to prove a property "smth" using the case-distinctions
+P1, P2 and P3 then we can use the following reasoning:
+{ assume "P1"
+\<dots>
+have "smth"
+}
+moreover
+{ assume "P2"
+\<dots>
+have "smth"
+}
+moreover
+{ assume "P3"
+\<dots>
+have "smth"
+}
+ultimately have "smth" by blast
+The blocks establish the implications
+P1 \<Longrightarrow> smth
+P2 \<Longrightarrow> smth
+P3 \<Longrightarrow> smth
+If we know that P1, P2 and P3 cover all the cases, that is P1 \<or> P2 \<or> P3 is
+true, then we have 'ultimately' established the property "smth"
+*}
+section {* EXERCISE 7 *}
+text {*
+Fill in the cases 1.2 and 1.3 and the equational reasoning
+in the lambda-case.
+*}
+lemma forget:
+shows "atom x \<sharp> t \<Longrightarrow> t[x ::= s] = t"
+by (nominal_induct t avoiding: x s rule: lam.strong_induct)
+(auto simp add: lam.fresh fresh_at_base)
+lemma fresh_fact:
+assumes a: "atom z \<sharp> s"
+and b: "z = y \<or> atom z \<sharp> t"
+shows "atom z \<sharp> t[y ::= s]"
+using a b
+by (nominal_induct t avoiding: z y s rule: lam.strong_induct)
+(auto simp add: lam.fresh fresh_at_base)
+lemma
+assumes a: "x \<noteq> y"
+and     b: "atom x \<sharp> L"
+shows "M[x::=N][y::=L] = M[y::=L][x::=N[y::=L]]"
+using a b
+proof (nominal_induct M avoiding: x y N L rule: lam.strong_induct)
+case (Var z)
+have a1: "x \<noteq> y" by fact
+have a2: "atom x \<sharp> L" by fact
+show "Var z[x::=N][y::=L] = Var z[y::=L][x::=N[y::=L]]" (is "?LHS = ?RHS")
+proof -
+{ -- {* Case 1.1 *}
+assume c1: "z = x"
+have "(1)": "?LHS = N[y::=L]" using c1 by simp
+have "(2)": "?RHS = N[y::=L]" using c1 a1 by simp
+have "?LHS = ?RHS" using "(1)" "(2)" by simp
+}
+moreover
+{ -- {* Case 1.2 *}
+assume c2: "z = y" "z \<noteq> x"
+have "?LHS = ?RHS" sorry
+}
+moreover
+{ -- {* Case 1.3 *}
+assume c3: "z \<noteq> x" "z \<noteq> y"
+have "?LHS = ?RHS" sorry
+}
+ultimately show "?LHS = ?RHS" by blast
+qed
+next
+case (Lam z M1) -- {* case 2: lambdas *}
+have ih: "\<lbrakk>x \<noteq> y; atom x \<sharp> L\<rbrakk> \<Longrightarrow> M1[x::=N][y::=L] = M1[y::=L][x::=N[y::=L]]" by fact
+have a1: "x \<noteq> y" by fact
+have a2: "atom x \<sharp> L" by fact
+have fs: "atom z \<sharp> x" "atom z \<sharp> y" "atom z \<sharp> N" "atom z \<sharp> L" by fact+
+then have b: "atom z \<sharp> N[y::=L]" by (simp add: fresh_fact)
+show "(Lam [z].M1)[x::=N][y::=L] = (Lam [z].M1)[y::=L][x::=N[y::=L]]" (is "?LHS=?RHS")
+proof -
+have "?LHS = \<dots>" sorry
+also have "\<dots> = ?RHS" sorry
+finally show "?LHS = ?RHS" by simp
+qed
+next
+case (App M1 M2) -- {* case 3: applications *}
+then show "(App M1 M2)[x::=N][y::=L] = (App M1 M2)[y::=L][x::=N[y::=L]]" by simp
+qed
+text {*
+Again the strong induction principle enables Isabelle to find
+the proof of the substitution lemma automatically.
+*}
+lemma substitution_lemma_version:
+assumes asm: "x \<noteq> y" "atom x \<sharp> L"
+shows "M[x::=N][y::=L] = M[y::=L][x::=N[y::=L]]"
+using asm
+by (nominal_induct M avoiding: x y N L rule: lam.strong_induct)
+(auto simp add: fresh_fact forget)
+end

changeset 2690	f325eefe803e
child 2691	abb6c3ac2df2