public_html: Nominal/activities/CK_Machine.thy@2807ec31d144 (annotated)

415 f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1	(*****************************************************************
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	2
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	3	Nominal Isabelle Tutorial
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	4	-------------------------
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	5
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	6	11th August 2008, Sydney
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	7
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	8	This file contains most of the material that will be covered in the
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	9	tutorial. The file can be "stepped through"; though it contains much
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	10	commented code (purple text).
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	11
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	12	*)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	13
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	14	(*****************************************************************
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	15
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	16	Proof General
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	17	-------------
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	18
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	19	Proof General is the front end for Isabelle.
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	20
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	21	To run Nominal Isabelle proof-scripts you must have HOL-Nominal enabled in
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	22	the menu Isabelle -> Logics. You also need to enable X-Symbols in the menu
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	23	Proof-General -> Options (make sure to save this option once enabled).
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	24
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	25	Proof General "paints" blue the part of the proof-script that has already
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	26	been processed by Isabelle. You can advance or retract the "frontier" of
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	27	this processed part using the "Next" and "Undo" buttons in the
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	28	menubar. "Goto" will process everything up to the current cursor position,
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	29	or retract if the cursor is inside the blue part. The key-combination
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	30	control-c control-return is a short-cut for the "Goto"-operation.
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	31
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	32	Proof General gives feedback inside the "Response" and "Goals" buffers.
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	33	The response buffer will contain warning messages (in yellow) and
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	34	error messages (in red). Warning messages can generally be ignored. Error
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	35	messages must be dealt with in order to advance the proof script. The goal
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	36	buffer shows which goals need to be proved. The sole idea of interactive
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	37	theorem proving is to get the message "No subgoals." ;o)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	38
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	39	*)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	40
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	41	(*****************************************************************
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	42
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	43	X-Symbols
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	44	---------
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	45
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	46	X-symbols provide a nice way to input non-ascii characters. For example:
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	47
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	48	\<forall>, \<exists>, \<Down>, \<sharp>, \<And>, \<Gamma>, \<times>, \<noteq>, \<in>, \<subseteq>, \<dots>
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	49
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	50	They need to be input via the combination \<name-of-x-symbol>
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	51	where name-of-x-symbol coincides with the usual latex name of
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	52	that symbol.
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	53
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	54	However, there are some handy short-cuts for frequently used X-symbols.
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	55	For example
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	56
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	57	[\| \<dots> \<lbrakk>
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	58	\|] \<dots> \<rbrakk>
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	59	==> \<dots> \<Longrightarrow>
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	60	=> \<dots> \<Rightarrow>
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	61	--> \<dots> \<longrightarrow>
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	62	/\ \<dots> \<and>
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	63	\/ \<dots> \<or>
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	64	\|-> \<dots> \<mapsto>
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	65	=_ \<dots> \<equiv>
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	66
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	67	*)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	68
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	69	(*****************************************************************
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	70
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	71	Theories
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	72	--------
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	73
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	74	Every Isabelle proof-script needs to have a name and must import
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	75	some pre-existing theory. For Nominal Isabelle proof-scripts this will
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	76	normally be the theory Nominal, but we use here the theory Lambda.thy,
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	77	which extends Nominal with a definition for lambda-terms and capture-
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	78	avoiding substitution.
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	79
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	80	BTW, the Nominal theory builds directly on Isabelle/HOL and extends it
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	81	only with some definitions and some reasoning infrastructure. It does not
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	82	add any new axiom to Isabelle/HOL. So you can trust what you are doing. ;o)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	83
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	84	*)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	85
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	86	theory CK_Machine
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	87	imports "Lambda"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	88	begin
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	89
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	90	text {*****************************************************************
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	91
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	92	Types
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	93	-----
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	94
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	95	Isabelle is based, roughly, on the theory of simple types including some
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	96	polymorphism. It also includes some overloading, which means that sometimes
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	97	explicit type annotations need to be given.
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	98
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	99	- Base types include: nat, bool, string, lam
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	100
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	101	- Type formers include: 'a list, ('a\<times>'b), 'c set
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	102
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	103	- Type variables are written like in ML with an apostrophe: 'a, 'b, \<dots>
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	104
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	105	Types known to Isabelle can be queried using:
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	106
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	107	*}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	108
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	109	typ nat
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	110	typ bool
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	111	typ lam (* the type for alpha-equated lambda-terms *)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	112	typ "('a \<times> 'b)" (* product type *)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	113	typ "'c set" (* set type *)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	114	typ "nat \<Rightarrow> bool" (* the type for functions from nat to bool *)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	115
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	116	(* These give errors: *)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	117	(typ boolean )
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	118	(typ set)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	119
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	120
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	121	text {*****************************************************************
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	122
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	123	Terms
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	124	-----
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	125
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	126	Every term in Isabelle needs to be well-typed (however they can have polymorphic
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	127	type). Whether a term is accepted can be queried using:
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	128
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	129	*}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	130
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	131	term c (* a variable of polymorphic type *)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	132	term "1::nat" (* the constant 1 in natural numbers *)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	133	term 1 (* the constant 1 with polymorphic type *)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	134	term "{1, 2, 3::nat}" (* the set containing natural numbers 1, 2 and 3 *)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	135	term "[1, 2, 3]" (* the list containing the polymorphic numbers 1, 2 and 3 *)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	136	term "Lam [x].(Var x)" (* a lambda-term *)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	137	term "App t1 t2" (* another lambda-term *)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	138
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	139	text {*
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	140	Isabelle provides some useful colour feedback about what are constants (in black),
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	141	free variables (in blue) and bound variables (in green). *}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	142
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	143	term "True" (* a constant that is defined in HOL *)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	144	term "true" (* not recognised as a constant, therefore it is interpreted as a variable *)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	145	term "\<forall>x. P x" (* x is bound, P is free *)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	146
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	147	text {* Every formula in Isabelle needs to have type bool *}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	148
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	149	term "True"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	150	term "True \<and> False"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	151	term "{1,2,3} = {3,2,1}"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	152	term "\<forall>x. P x"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	153	term "A \<longrightarrow> B"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	154
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	155	text {*
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	156	When working with Isabelle, one is confronted with an object logic (that is HOL)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	157	and Isabelle's meta-logic (called Pure). Sometimes one has to pay attention
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	158	to this fact. *}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	159
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	160	term "A \<longrightarrow> B" (* versus *)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	161	term "A \<Longrightarrow> B"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	162
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	163	term "\<forall>x. P x" (* versus *)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	164	term "\<And>x. P x"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	165
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	166	term "A \<Longrightarrow> B \<Longrightarrow> C" (* is synonymous with *)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	167	term "\<lbrakk>A; B\<rbrakk> \<Longrightarrow> C"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	168
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	169
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	170	text {*****************************************************************
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	171
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	172	Inductive Definitions: The Evaluation Judgement and the Value Predicate
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	173	-----------------------------------------------------------------------
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	174
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	175	Inductive definitions start with the keyword "inductive" and a predicate name.
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	176	One also needs to provide a type for the predicate. Clauses of the inductive
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	177	predicate are introduced by "where" and more than two clauses need to be
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	178	separated by "\|". Optionally one can give a name to each clause and indicate
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	179	that it should be added to the hints database ("[intro]"). A typical clause
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	180	has some premises and a conclusion. This is written in Isabelle as:
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	181
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	182	"premise \<Longrightarrow> conclusion"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	183	"\<lbrakk>premise1; premise2; \<dots> \<rbrakk> \<Longrightarrow> conclusion"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	184
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	185	If no premise is present, then one just writes
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	186
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	187	"conclusion"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	188
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	189	Below we define the evaluation judgement for lambda-terms. This definition
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	190	introduces the predicate named "eval". After giving its type, we declare
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	191	the usual pretty syntax _ \<Down> _. In this declaration _ stands for an argument
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	192	of eval.
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	193
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	194	*}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	195
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	196	inductive
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	197	eval :: "lam \<Rightarrow> lam \<Rightarrow> bool" ("_ \<Down> _")
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	198	where
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	199	e_Lam: "Lam [x].t \<Down> Lam [x].t"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	200	\| e_App: "\<lbrakk>t1 \<Down> Lam [x].t; t2 \<Down> v'; t[x::=v'] \<Down> v\<rbrakk> \<Longrightarrow> App t1 t2 \<Down> v"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	201
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	202	declare eval.intros[intro]
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	203
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	204	text {*
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	205	Values are also defined using inductive. In our case values
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	206	are just lambda-abstractions. *}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	207
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	208	inductive
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	209	val :: "lam \<Rightarrow> bool"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	210	where
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	211	v_Lam[intro]: "val (Lam [x].t)"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	212
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	213
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	214	text {*****************************************************************
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	215
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	216	Theorems
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	217	--------
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	218
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	219	A central concept in Isabelle is that of theorems. Isabelle's theorem
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	220	database can be queried using
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	221
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	222	*}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	223
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	224	thm e_Lam
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	225	thm e_App
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	226	thm conjI
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	227	thm conjunct1
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	228
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	229	text {*
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	230	Notice that theorems usually contain schematic variables (e.g. ?P, ?Q, \<dots>).
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	231	These schematic variables can be substituted with any term (of the right type
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	232	of course). It is sometimes useful to suppress the "?" from the schematic
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	233	variables. This can be achieved by using the attribute "[no_vars]". *}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	234
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	235	thm e_Lam[no_vars]
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	236	thm e_App[no_vars]
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	237	thm conjI[no_vars]
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	238	thm conjunct1[no_vars]
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	239
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	240
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	241	text {*
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	242	When defining the predicate eval, Isabelle provides us automatically with
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	243	the following theorems that state how evaluation judgments can be introduced
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	244	and what constitutes an induction over the predicate eval. *}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	245
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	246	thm eval.intros[no_vars]
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	247	thm eval.induct[no_vars]
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	248
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	249	text {*****************************************************************
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	250
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	251	Lemma / Theorem / Corollary Statements
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	252	--------------------------------------
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	253
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	254	Whether to use lemma, theorem or corollary makes no semantic difference
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	255	in Isabelle. A lemma starts with "lemma" and consists of a statement
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	256	("shows \<dots>") and optionally a lemma name, some type-information for
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	257	variables ("fixes \<dots>") and some assumptions ("assumes \<dots>"). Lemmas
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	258	also need to have a proof, but ignore this 'detail' for the moment.
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	259
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	260	*}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	261
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	262	lemma alpha_equ:
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	263	shows "Lam [x].Var x = Lam [y].Var y"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	264	by (simp add: lam.inject alpha swap_simps fresh_atm)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	265
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	266	lemma Lam_freshness:
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	267	assumes a: "x\<noteq>y"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	268	shows "y\<sharp>Lam [x].t \<Longrightarrow> y\<sharp>t"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	269	using a by (simp add: abs_fresh)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	270
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	271	lemma neutral_element:
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	272	fixes x::"nat"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	273	shows "x + 0 = x"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	274	by simp
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	275
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	276
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	277	text {*****************************************************************
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	278
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	279	Datatypes: Evaluation Contexts
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	280	------------------------------
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	281
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	282	Datatypes can be defined in Isabelle as follows: we have to provide the name
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	283	of the datatype and list its type-constructors. Each type-constructor needs
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	284	to have the information about the types of its arguments, and optionally
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	285	can also contain some information about pretty syntax. For example, we like
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	286	to write "\<box>" for holes.
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	287
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	288	*}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	289
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	290	datatype ctx =
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	291	Hole ("\<box>")
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	292	\| CAppL "ctx" "lam"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	293	\| CAppR "lam" "ctx"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	294
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	295	text {* Now Isabelle knows about: *}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	296
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	297	typ ctx
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	298	term "\<box>"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	299	term "CAppL"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	300	term "CAppL \<box> (Var x)"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	301
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	302	text {*
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	303
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	304	1.) MINI EXERCISE
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	305	-----------------
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	306
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	307	Try and see what happens if you apply a Hole to a Hole?
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	308
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	309	*}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	310
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	311
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	312	text {*****************************************************************
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	313
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	314	The CK Machine
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	315	--------------
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	316
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	317	The CK machine is also defined using an inductive predicate with four
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	318	arguments. The idea behind this abstract machine is to transform, or reduce,
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	319	a configuration consisting of a lambda-term and a framestack (a list of
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	320	contexts), to a new configuration.
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	321
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	322	We use the type abbreviation "ctxs" for the type for framestacks.
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	323
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	324	The pretty syntax for the CK machine is <_,_> \<mapsto> <_,_>.
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	325
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	326	*}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	327
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	328	types ctxs = "ctx list"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	329
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	330	inductive
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	331	machine :: "lam \<Rightarrow> ctxs \<Rightarrow>lam \<Rightarrow> ctxs \<Rightarrow> bool" ("<_,_> \<mapsto> <_,_>")
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	332	where
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	333	m1[intro]: "<App t1 t2,Es> \<mapsto> <t1,(CAppL \<box> t2)#Es>"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	334	\| m2[intro]: "val v \<Longrightarrow> <v,(CAppL \<box> t2)#Es> \<mapsto> <t2,(CAppR v \<box>)#Es>"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	335	\| m3[intro]: "val v \<Longrightarrow> <v,(CAppR (Lam [x].t) \<box>)#Es> \<mapsto> <t[x::=v],Es>"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	336
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	337
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	338	text {*
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	339	Since the machine defined above only performs a single reduction,
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	340	we need to define the transitive closure of this machine. *}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	341
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	342	inductive
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	343	machines :: "lam \<Rightarrow> ctxs \<Rightarrow> lam \<Rightarrow> ctxs \<Rightarrow> bool" ("<_,_> \<mapsto>* <_,_>")
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	344	where
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	345	ms1[intro]: "<t,Es> \<mapsto>* <t,Es>"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	346	\| ms2[intro]: "\<lbrakk><t1,Es1> \<mapsto> <t2,Es2>; <t2,Es2> \<mapsto>* <t3,Es3>\<rbrakk> \<Longrightarrow> <t1,Es1> \<mapsto>* <t3,Es3>"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	347
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	348
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	349	text {*****************************************************************
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	350
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	351	Isar Proofs
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	352	-----------
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	353
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	354	Isar is a language for writing down proofs that can be understood by humans
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	355	and by Isabelle. An Isar proof can be thought of as a sequence of 'stepping stones'
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	356	that start with the assumptions and lead to the goal to be established. Every such
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	357	stepping stone is introduced by "have" followed by the statement of the stepping
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	358	stone. An exception is the goal to be proved, which need to be introduced with "show".
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	359
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	360	Since proofs usually do not proceed in a linear fashion, a label can be given
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	361	to each stepping stone and then used later to refer to this stepping stone
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	362	("using").
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	363
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	364	Each stepping stone (or have-statement) needs to have a justification. The
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	365	simplest justification is "sorry" which admits any stepping stone, even false
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	366	ones (this is good during the development of proofs). Assumption can be
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	367	"justified" using "by fact". Derived facts can be justified using
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	368
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	369	- by simp (* simplification *)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	370	- by auto (* proof search and simplification *)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	371	- by blast (* only proof search *)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	372
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	373	If facts or lemmas are needed in order to justify a have-statement, then
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	374	one can feed these facts into the proof by using "using label \<dots>" or
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	375	"using theorem-name \<dots>". More than one label at the time is allowed.
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	376
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	377	Induction proofs in Isar are set up by indicating over which predicate(s)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	378	the induction proceeds ("using a b") followed by the command "proof (induct)".
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	379	In this way, Isabelle uses default settings for which induction should
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	380	be performed. These default settings can be overridden by giving more
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	381	information, like the variable over which a structural induction should
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	382	proceed, or a specific induction principle such as well-founded inductions.
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	383
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	384	After the induction is set up, the proof proceeds by cases. In Isar these
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	385	cases can be given in any order, but must be started with "case" and the
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	386	name of the case, and optionally some legible names for the variables
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	387	referred to inside the case.
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	388
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	389	The possible case-names can be found by looking inside the menu "Isabelle ->
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	390	Show me -> cases". In each "case", we need to establish a statement introduced
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	391	by "show". Once this has been done, the next case can be started using "next".
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	392	When all cases are completed, the proof can be finished using "qed".
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	393
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	394	This means a typical induction proof has the following pattern
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	395
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	396	proof (induct)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	397	case \<dots>
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	398	\<dots>
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	399	show \<dots>
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	400	next
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	401	case \<dots>
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	402	\<dots>
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	403	show \<dots>
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	404	\<dots>
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	405	qed
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	406
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	407	The four lemmas are by induction on the predicate machines. All proofs establish
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	408	the same property, namely a transitivity rule for machines. The complete Isar
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	409	proofs are given for the first three proofs. The point of these three proofs is
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	410	that each proof increases the readability for humans.
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	411
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	412	*}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	413
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	414	text {*****************************************************************
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	415
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	416	2.) EXERCISE
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	417	------------
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	418
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	419	Remove the sorries in the proof below and fill in the correct
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	420	justifications.
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	421	*}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	422
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	423	lemma
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	424	assumes a: "<e1,Es1> \<mapsto>* <e2,Es2>"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	425	and b: "<e2,Es2> \<mapsto>* <e3,Es3>"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	426	shows "<e1,Es1> \<mapsto>* <e3,Es3>"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	427	using a b
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	428	proof(induct)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	429	case (ms1 e1 Es1)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	430	have c: "<e1,Es1> \<mapsto>* <e3,Es3>" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	431	show "<e1,Es1> \<mapsto>* <e3,Es3>" sorry
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	432	next
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	433	case (ms2 e1 Es1 e2 Es2 e2' Es2')
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	434	have ih: "<e2',Es2'> \<mapsto>* <e3,Es3> \<Longrightarrow> <e2,Es2> \<mapsto>* <e3,Es3>" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	435	have d1: "<e2',Es2'> \<mapsto>* <e3,Es3>" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	436	have d2: "<e1,Es1> \<mapsto> <e2,Es2>" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	437
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	438	show "<e1,Es1> \<mapsto>* <e3,Es3>" sorry
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	439	qed
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	440
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	441	text {*
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	442	Just like gotos in the Basic programming language, labels can reduce
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	443	the readability of proofs. Therefore one can use in Isar the notation
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	444	"then have" in order to feed a have-statement to the proof of
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	445	the next have-statement. In the proof below this has been used
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	446	in order to get rid of the labels c and d1.
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	447	*}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	448
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	449	lemma
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	450	assumes a: "<e1,Es1> \<mapsto>* <e2,Es2>"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	451	and b: "<e2,Es2> \<mapsto>* <e3,Es3>"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	452	shows "<e1,Es1> \<mapsto>* <e3,Es3>"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	453	using a b
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	454	proof(induct)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	455	case (ms1 e1 Es1)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	456	show "<e1,Es1> \<mapsto>* <e3,Es3>" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	457	next
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	458	case (ms2 e1 Es1 e2 Es2 e2' Es2')
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	459	have ih: "<e2',Es2'> \<mapsto>* <e3,Es3> \<Longrightarrow> <e2,Es2> \<mapsto>* <e3,Es3>" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	460	have "<e2',Es2'> \<mapsto>* <e3,Es3>" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	461	then have d3: "<e2,Es2> \<mapsto>* <e3,Es3>" using ih by simp
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	462	have d2: "<e1,Es1> \<mapsto> <e2,Es2>" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	463	show "<e1,Es1> \<mapsto>* <e3,Es3>" using d2 d3 by auto
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	464	qed
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	465
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	466	text {*
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	467	The labels d2 and d3 cannot be got rid of in this way, because both
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	468	facts are needed to prove the show-statement. We can still avoid the
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	469	labels by feeding a sequence of facts into a proof using the chaining
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	470	mechanism:
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	471
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	472	have "statement1" \<dots>
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	473	moreover
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	474	have "statement2" \<dots>
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	475	\<dots>
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	476	moreover
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	477	have "statementn" \<dots>
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	478	ultimately have "statement" \<dots>
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	479
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	480	In this chain, all "statementi" can be used in the proof of the final
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	481	"statement". With this we can simplify our proof further to:
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	482	*}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	483
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	484	lemma
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	485	assumes a: "<e1,Es1> \<mapsto>* <e2,Es2>"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	486	and b: "<e2,Es2> \<mapsto>* <e3,Es3>"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	487	shows "<e1,Es1> \<mapsto>* <e3,Es3>"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	488	using a b
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	489	proof(induct)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	490	case (ms1 e1 Es1)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	491	show "<e1,Es1> \<mapsto>* <e3,Es3>" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	492	next
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	493	case (ms2 e1 Es1 e2 Es2 e2' Es2')
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	494	have ih: "<e2',Es2'> \<mapsto>* <e3,Es3> \<Longrightarrow> <e2,Es2> \<mapsto>* <e3,Es3>" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	495	have "<e2',Es2'> \<mapsto>* <e3,Es3>" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	496	then have "<e2,Es2> \<mapsto>* <e3,Es3>" using ih by simp
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	497	moreover
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	498	have "<e1,Es1> \<mapsto> <e2,Es2>" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	499	ultimately show "<e1,Es1> \<mapsto>* <e3,Es3>" by auto
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	500	qed
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	501
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	502	text {*
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	503	While automatic proof procedures in Isabelle are not able to prove statements
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	504	like "P = NP" assuming usual definitions for P and NP, they can automatically
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	505	discharge the lemma we just proved. For this we only have to set up the induction
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	506	and auto will take care of the rest. This means we can write:
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	507	*}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	508
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	509	lemma ms3[intro]:
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	510	assumes a: "<e1,Es1> \<mapsto>* <e2,Es2>"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	511	and b: "<e2,Es2> \<mapsto>* <e3,Es3>"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	512	shows "<e1,Es1> \<mapsto>* <e3,Es3>"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	513	using a b by (induct) (auto)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	514
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	515	text {*
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	516	The attribute [intro] indicates that this lemma should be from now on used in
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	517	any proof obtained by "auto" or "blast".
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	518	*}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	519
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	520
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	521	text {*****************************************************************
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	522
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	523	A simple fact we need later on is that if t \<Down> t' then t' is a value.
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	524
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	525	*}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	526
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	527	lemma eval_to_val:
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	528	assumes a: "t \<Down> t'"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	529	shows "val t'"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	530	using a by (induct) (auto)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	531
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	532
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	533	text {*****************************************************************
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	534
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	535	3.) EXERCISE
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	536	------------
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	537
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	538	Fill in the details in the proof below. The proof will establish the fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	539	that if t \<Down> t' then <t,[]> \<mapsto>* <t',[]>. As can be seen, the proof is by
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	540	induction on the definition of eval. If you want to know how the predicates
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	541	machine and machines can be introduced, then use
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	542
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	543	thm machine.intros[no_vars]
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	544	thm machines.intros[no_vars]
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	545
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	546	*}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	547
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	548	theorem
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	549	assumes a: "t \<Down> t'"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	550	shows "<t,[]> \<mapsto>* <t',[]>"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	551	using a
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	552	proof (induct)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	553	case (e_Lam x t)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	554	(* no assumptions *)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	555	show "<Lam [x].t,[]> \<mapsto>* <Lam [x].t,[]>" sorry
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	556	next
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	557	case (e_App t1 x t t2 v' v)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	558	(* all assumptions in this case *)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	559	have a1: "t1 \<Down> Lam [x].t" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	560	have ih1: "<t1,[]> \<mapsto>* <Lam [x].t,[]>" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	561	have a2: "t2 \<Down> v'" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	562	have ih2: "<t2,[]> \<mapsto>* <v',[]>" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	563	have a3: "t[x::=v'] \<Down> v" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	564	have ih3: "<t[x::=v'],[]> \<mapsto>* <v,[]>" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	565	(* your details *)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	566	show "<App t1 t2,[]> \<mapsto>* <v,[]>" sorry
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	567	qed
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	568
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	569	text {*
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	570	Again the automatic tools in Isabelle can discharge automatically
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	571	of the routine work in these proofs. We can write: *}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	572
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	573	theorem eval_implies_machines_ctx:
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	574	assumes a: "t \<Down> t'"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	575	shows "<t,Es> \<mapsto>* <t',Es>"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	576	using a
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	577	by (induct arbitrary: Es)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	578	(metis eval_to_val machine.intros ms1 ms2 ms3 v_Lam)+
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	579
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	580	corollary eval_implies_machines:
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	581	assumes a: "t \<Down> t'"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	582	shows "<t,[]> \<mapsto>* <t',[]>"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	583	using a eval_implies_machines_ctx by simp
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	584
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	585	text {*****************************************************************
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	586
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	587	The Weakening Lemma
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	588	-------------------
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	589
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	590	The proof of the weakening lemma is often said to be simple,
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	591	routine or trivial. Below we will see how this lemma can be
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	592	proved in Nominal Isabelle. First we define types, which
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	593	we however do not define as datatypes, but as nominal datatypes.
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	594
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	595	*}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	596
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	597	nominal_datatype ty =
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	598	tVar "string"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	599	\| tArr "ty" "ty" ("_ \<rightarrow> _")
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	600
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	601	text {*
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	602	Having defined them as nominal datatypes gives us additional
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	603	definitions and theorems that come with types (see below).
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	604	*}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	605
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	606	text {*
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	607	We next define the type of typing contexts, a predicate that
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	608	defines valid contexts (i.e. lists that contain only unique
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	609	variables) and the typing judgement.
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	610
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	611	*}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	612
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	613	types ty_ctx = "(name\<times>ty) list"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	614
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	615	inductive
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	616	valid :: "ty_ctx \<Rightarrow> bool"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	617	where
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	618	v1[intro]: "valid []"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	619	\| v2[intro]: "\<lbrakk>valid \<Gamma>; x\<sharp>\<Gamma>\<rbrakk>\<Longrightarrow> valid ((x,T)#\<Gamma>)"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	620
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	621	inductive
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	622	typing :: "ty_ctx \<Rightarrow> lam \<Rightarrow> ty \<Rightarrow> bool" ("_ \<turnstile> _ : _")
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	623	where
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	624	t_Var[intro]: "\<lbrakk>valid \<Gamma>; (x,T)\<in>set \<Gamma>\<rbrakk> \<Longrightarrow> \<Gamma> \<turnstile> Var x : T"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	625	\| t_App[intro]: "\<lbrakk>\<Gamma> \<turnstile> t1 : T1\<rightarrow>T2; \<Gamma> \<turnstile> t2 : T1\<rbrakk> \<Longrightarrow> \<Gamma> \<turnstile> App t1 t2 : T2"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	626	\| t_Lam[intro]: "\<lbrakk>x\<sharp>\<Gamma>; (x,T1)#\<Gamma> \<turnstile> t : T2\<rbrakk> \<Longrightarrow> \<Gamma> \<turnstile> Lam [x].t : T1 \<rightarrow> T2"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	627
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	628
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	629	text {*
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	630	The predicate x\<sharp>\<Gamma>, read as x fresh for \<Gamma>, is defined by Nominal Isabelle.
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	631	Freshness is defined for lambda-terms, products, lists etc. For example
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	632	we have:
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	633	*}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	634
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	635	lemma
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	636	fixes x::"name"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	637	shows "x\<sharp>Lam [x].t"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	638	and "x\<sharp>(t1,t2) \<Longrightarrow> x\<sharp>App t1 t2"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	639	and "x\<sharp>(Var y) \<Longrightarrow> x\<sharp>y"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	640	and "\<lbrakk>x\<sharp>t1; x\<sharp>t2\<rbrakk> \<Longrightarrow> x\<sharp>(t1,t2)"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	641	and "\<lbrakk>x\<sharp>l1; x\<sharp>l2\<rbrakk> \<Longrightarrow> x\<sharp>(l1@l2)"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	642	and "x\<sharp>y \<Longrightarrow> x\<noteq>y"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	643	by (simp_all add: abs_fresh fresh_prod fresh_list_append fresh_atm)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	644
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	645	text {* We can also prove that every variable is fresh for a type *}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	646
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	647	lemma ty_fresh:
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	648	fixes x::"name"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	649	and T::"ty"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	650	shows "x\<sharp>T"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	651	by (induct T rule: ty.induct)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	652	(simp_all add: fresh_string)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	653
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	654	text {*
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	655	In order to state the weakening lemma in a convenient form, we overload
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	656	the subset-notation and define the abbreviation below. Abbreviations behave
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	657	like definitions, except that they are always automatically folded and
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	658	unfolded.
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	659	*}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	660
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	661	abbreviation
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	662	"sub_ty_ctx" :: "ty_ctx \<Rightarrow> ty_ctx \<Rightarrow> bool" ("_ \<subseteq> _")
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	663	where
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	664	"\<Gamma>1 \<subseteq> \<Gamma>2 \<equiv> \<forall>x. x \<in> set \<Gamma>1 \<longrightarrow> x \<in> set \<Gamma>2"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	665
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	666	text {*****************************************************************
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	667
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	668	4.) Exercise
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	669	------------
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	670
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	671	Fill in the details and give a proof of the weakening lemma.
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	672
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	673	*}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	674
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	675	lemma
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	676	fixes \<Gamma>1 \<Gamma>2::"(name\<times>ty) list"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	677	assumes a: "\<Gamma>1 \<turnstile> t : T"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	678	and b: "valid \<Gamma>2"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	679	and c: "\<Gamma>1 \<subseteq> \<Gamma>2"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	680	shows "\<Gamma>2 \<turnstile> t : T"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	681	using a b c
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	682	proof (induct arbitrary: \<Gamma>2)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	683	case (t_Var \<Gamma>1 x T)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	684	have a1: "valid \<Gamma>1" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	685	have a2: "(x,T) \<in> set \<Gamma>1" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	686	have a3: "valid \<Gamma>2" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	687	have a4: "\<Gamma>1 \<subseteq> \<Gamma>2" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	688
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	689	show "\<Gamma>2 \<turnstile> Var x : T" sorry
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	690	next
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	691	case (t_Lam x \<Gamma>1 T1 t T2)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	692	have ih: "\<And>\<Gamma>3. \<lbrakk>valid \<Gamma>3; (x,T1)#\<Gamma>1 \<subseteq> \<Gamma>3\<rbrakk> \<Longrightarrow> \<Gamma>3 \<turnstile> t : T2" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	693	have a0: "x\<sharp>\<Gamma>1" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	694	have a1: "valid \<Gamma>2" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	695	have a2: "\<Gamma>1 \<subseteq> \<Gamma>2" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	696
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	697	show "\<Gamma>2 \<turnstile> Lam [x].t : T1 \<rightarrow> T2" sorry
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	698	qed (auto)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	699
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	700
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	701	text {*
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	702	Despite the frequent claim that the weakening lemma is trivial,
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	703	routine or obvious, the proof in the lambda-case does not go
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	704	smoothly through. Painful variable renamings seem to be necessary.
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	705	But the proof using renamings is horribly complicated. It is really
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	706	interesting whether people who claim this proof is trivial, routine
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	707	or obvious had this proof in mind.
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	708
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	709	BTW: The following two commands help already with showing that validity
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	710	and typing are invariant under variable (permutative) renamings.
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	711	*}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	712
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	713	equivariance valid
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	714	equivariance typing
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	715
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	716	lemma not_to_be_tried_at_home_weakening:
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	717	fixes \<Gamma>1 \<Gamma>2::"(name\<times>ty) list"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	718	assumes a: "\<Gamma>1 \<turnstile> t : T"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	719	and b: "valid \<Gamma>2"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	720	and c: "\<Gamma>1 \<subseteq> \<Gamma>2"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	721	shows "\<Gamma>2 \<turnstile> t : T"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	722	using a b c
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	723	proof (induct arbitrary: \<Gamma>2)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	724	case (t_Lam x \<Gamma>1 T1 t T2) (* lambda case *)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	725	have fc0: "x\<sharp>\<Gamma>1" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	726	have ih: "\<And>\<Gamma>3. \<lbrakk>valid \<Gamma>3; (x,T1)#\<Gamma>1 \<subseteq> \<Gamma>3\<rbrakk> \<Longrightarrow> \<Gamma>3 \<turnstile> t : T2" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	727	obtain c::"name" where fc1: "c\<sharp>(x,t,\<Gamma>1,\<Gamma>2)" (* we obtain a fresh name *)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	728	by (rule exists_fresh) (auto simp add: fs_name1)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	729	have "Lam [c].([(c,x)]\<bullet>t) = Lam [x].t" using fc1 (* we then alpha-rename the lambda-abstraction *)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	730	by (auto simp add: lam.inject alpha fresh_prod fresh_atm)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	731	moreover
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	732	have "\<Gamma>2 \<turnstile> Lam [c].([(c,x)]\<bullet>t) : T1 \<rightarrow> T2" (* we can then alpha-rename our original goal *)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	733	proof -
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	734	(* we establish (x,T1)#\<Gamma>1 \<subseteq> (x,T1)#([(c,x)]\<bullet>\<Gamma>2) and valid ((x,T1)#([(c,x)]\<bullet>\<Gamma>2)) *)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	735	have "(x,T1)#\<Gamma>1 \<subseteq> (x,T1)#([(c,x)]\<bullet>\<Gamma>2)"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	736	proof -
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	737	have "\<Gamma>1 \<subseteq> \<Gamma>2" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	738	then have "[(c,x)]\<bullet>((x,T1)#\<Gamma>1 \<subseteq> (x,T1)#([(c,x)]\<bullet>\<Gamma>2))" using fc0 fc1
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	739	by (perm_simp add: eqvts calc_atm perm_fresh_fresh ty_fresh)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	740	then show "(x,T1)#\<Gamma>1 \<subseteq> (x,T1)#([(c,x)]\<bullet>\<Gamma>2)" by (rule perm_boolE)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	741	qed
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	742	moreover
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	743	have "valid ((x,T1)#([(c,x)]\<bullet>\<Gamma>2))"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	744	proof -
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	745	have "valid \<Gamma>2" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	746	then show "valid ((x,T1)#([(c,x)]\<bullet>\<Gamma>2))" using fc1
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	747	by (auto intro!: v2 simp add: fresh_left calc_atm eqvts)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	748	qed
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	749	(* these two facts give us by induction hypothesis the following *)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	750	ultimately have "(x,T1)#([(c,x)]\<bullet>\<Gamma>2) \<turnstile> t : T2" using ih by simp
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	751	(* we now apply renamings to get to our goal *)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	752	then have "[(c,x)]\<bullet>((x,T1)#([(c,x)]\<bullet>\<Gamma>2) \<turnstile> t : T2)" by (rule perm_boolI)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	753	then have "(c,T1)#\<Gamma>2 \<turnstile> ([(c,x)]\<bullet>t) : T2" using fc1
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	754	by (perm_simp add: eqvts calc_atm perm_fresh_fresh ty_fresh)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	755	then show "\<Gamma>2 \<turnstile> Lam [c].([(c,x)]\<bullet>t) : T1 \<rightarrow> T2" using fc1 by auto
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	756	qed
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	757	ultimately show "\<Gamma>2 \<turnstile> Lam [x].t : T1 \<rightarrow> T2" by simp
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	758	qed (auto) (* var and app cases *)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	759
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	760
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	761	text {*
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	762	The remedy to the complicated proof of the weakening proof
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	763	shown above is to use a stronger induction principle that
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	764	has the usual variable convention already build in. The
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	765	following command derives this induction principle for us.
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	766	(We shall explain what happens here later.)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	767
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	768	*}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	769
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	770	nominal_inductive typing
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	771	by (simp_all add: abs_fresh ty_fresh)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	772
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	773	text {* Compare the two induction principles *}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	774	thm typing.induct[no_vars]
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	775	thm typing.strong_induct[no_vars]
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	776
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	777	text {*
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	778	We can use the stronger induction principle by replacing
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	779	the line
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	780
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	781	proof (induct arbitrary: \<Gamma>2)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	782
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	783	with
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	784
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	785	proof (nominal_induct avoiding: \<Gamma>2 rule: typing.strong_induct)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	786
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	787	Try now the proof.
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	788
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	789	*}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	790
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	791
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	792	lemma
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	793	fixes \<Gamma>1 \<Gamma>2::"(name\<times>ty) list"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	794	and t ::"lam"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	795	and \<tau> ::"ty"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	796	assumes a: "\<Gamma>1 \<turnstile> t : T"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	797	and b: "valid \<Gamma>2"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	798	and c: "\<Gamma>1 \<subseteq> \<Gamma>2"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	799	shows "\<Gamma>2 \<turnstile> t : T"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	800	using a b c
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	801	proof (nominal_induct avoiding: \<Gamma>2 rule: typing.strong_induct)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	802	case (t_Var \<Gamma>1 x T) (* variable case *)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	803	have "\<Gamma>1 \<subseteq> \<Gamma>2" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	804	moreover
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	805	have "valid \<Gamma>2" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	806	moreover
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	807	have "(x,T)\<in> set \<Gamma>1" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	808	ultimately show "\<Gamma>2 \<turnstile> Var x : T" by auto
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	809	next
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	810	case (t_Lam x \<Gamma>1 T1 t T2)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	811	have vc: "x\<sharp>\<Gamma>2" by fact (* additional fact *)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	812	have ih: "\<And>\<Gamma>3. \<lbrakk>valid \<Gamma>3; (x,T1)#\<Gamma>1 \<subseteq> \<Gamma>3\<rbrakk> \<Longrightarrow> \<Gamma>3 \<turnstile> t : T2" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	813	have a0: "x\<sharp>\<Gamma>1" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	814	have a1: "valid \<Gamma>2" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	815	have a2: "\<Gamma>1 \<subseteq> \<Gamma>2" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	816
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	817	show "\<Gamma>2 \<turnstile> Lam [x].t : T1 \<rightarrow> T2" sorry
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	818	qed (auto) (* app case *)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	819
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	820	text {*
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	821	Since we can use the stronger induction principle, the
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	822	proof of the weakening lemma can actually be found
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	823	automatically by Isabelle. Maybe the weakening lemma
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	824	is actually trivial (in Nominal Isabelle ;o).
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	825	*}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	826
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	827	lemma weakening:
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	828	fixes \<Gamma>1 \<Gamma>2::"ty_ctx"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	829	assumes a: "\<Gamma>1 \<turnstile> t : T"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	830	and b: "valid \<Gamma>2"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	831	and c: "\<Gamma>1 \<subseteq> \<Gamma>2"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	832	shows "\<Gamma>2 \<turnstile> t : T"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	833	using a b c
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	834	by (nominal_induct avoiding: \<Gamma>2 rule: typing.strong_induct)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	835	(auto)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	836
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	837
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	838	text {*****************************************************************
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	839
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	840	Function Definitions: Filling a Lambda-Term into a Context
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	841	----------------------------------------------------------
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	842
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	843	Many functions over datatypes can be defined by recursion on the
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	844	structure. For this purpose, Isabelle provides "fun". To use it one needs
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	845	to give a name for the function, its type, optionally some pretty-syntax
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	846	and then some equations defining the function. Like in "inductive",
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	847	"fun" expects that more than one such equation is separated by "\|".
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	848
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	849	*}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	850
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	851	fun
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	852	filling :: "ctx \<Rightarrow> lam \<Rightarrow> lam" ("_\<lbrakk>_\<rbrakk>")
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	853	where
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	854	"\<box>\<lbrakk>t\<rbrakk> = t"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	855	\| "(CAppL E t')\<lbrakk>t\<rbrakk> = App (E\<lbrakk>t\<rbrakk>) t'"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	856	\| "(CAppR t' E)\<lbrakk>t\<rbrakk> = App t' (E\<lbrakk>t\<rbrakk>)"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	857
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	858	text {*
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	859	After this definition Isabelle will be able to simplify
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	860	statements like: *}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	861
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	862	lemma
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	863	shows "(CAppL \<box> (Var x))\<lbrakk>Var y\<rbrakk> = App (Var y) (Var x)"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	864	by simp
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	865
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	866
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	867	fun
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	868	ctx_compose :: "ctx \<Rightarrow> ctx \<Rightarrow> ctx" ("_ \<circ> _" [101,100] 100)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	869	where
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	870	"\<box> \<circ> E' = E'"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	871	\| "(CAppL E t') \<circ> E' = CAppL (E \<circ> E') t'"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	872	\| "(CAppR t' E) \<circ> E' = CAppR t' (E \<circ> E')"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	873
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	874	fun
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	875	ctx_composes :: "ctxs \<Rightarrow> ctx" ("_\<down>" [110] 110)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	876	where
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	877	"[]\<down> = \<box>"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	878	\| "(E#Es)\<down> = (Es\<down>) \<circ> E"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	879
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	880	text {*
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	881	Notice that we not just have given a pretty syntax for the functions, but
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	882	also some precedences..The numbers inside the [\<dots>] stand for the precedences
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	883	of the arguments; the one next to it the precedence of the whole term.
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	884
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	885	This means we have to write (Es1 \<circ> Es2) \<circ> Es3 otherwise Es1 \<circ> Es2 \<circ> Es3 is
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	886	interpreted as Es1 \<circ> (Es2 \<circ> Es3).
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	887	*}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	888
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	889	text {******************************************************************
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	890
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	891	Structural Inductions over Contexts
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	892	------------------------------------
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	893
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	894	So far we have had a look at an induction over an inductive predicate.
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	895	Another important induction principle is structural inductions for
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	896	datatypes. To illustrate structural inductions we prove some facts
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	897	about context composition, some of which we will need later on.
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	898
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	899	*}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	900
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	901	text {******************************************************************
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	902
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	903	5.) EXERCISE
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	904	------------
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	905
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	906	Complete the proof and remove the sorries.
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	907
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	908	*}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	909
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	910	lemma ctx_compose:
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	911	shows "(E1 \<circ> E2)\<lbrakk>t\<rbrakk> = E1\<lbrakk>E2\<lbrakk>t\<rbrakk>\<rbrakk>"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	912	proof (induct E1)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	913	case Hole
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	914	show "\<box> \<circ> E2\<lbrakk>t\<rbrakk> = \<box>\<lbrakk>E2\<lbrakk>t\<rbrakk>\<rbrakk>" sorry
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	915	next
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	916	case (CAppL E1 t')
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	917	have ih: "(E1 \<circ> E2)\<lbrakk>t\<rbrakk> = E1\<lbrakk>E2\<lbrakk>t\<rbrakk>\<rbrakk>" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	918	show "((CAppL E1 t') \<circ> E2)\<lbrakk>t\<rbrakk> = (CAppL E1 t')\<lbrakk>E2\<lbrakk>t\<rbrakk>\<rbrakk>" sorry
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	919	next
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	920	case (CAppR t' E1)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	921	have ih: "(E1 \<circ> E2)\<lbrakk>t\<rbrakk> = E1\<lbrakk>E2\<lbrakk>t\<rbrakk>\<rbrakk>" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	922	show "((CAppR t' E1) \<circ> E2)\<lbrakk>t\<rbrakk> = (CAppR t' E1)\<lbrakk>E2\<lbrakk>t\<rbrakk>\<rbrakk>" sorry
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	923	qed
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	924
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	925
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	926	text {******************************************************************
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	927
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	928	6.) EXERCISE
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	929	------------
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	930
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	931	Prove associativity of \<circ> using the lemmas neut_hole and circ_assoc.
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	932
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	933	*}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	934
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	935	lemma neut_hole:
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	936	shows "E \<circ> \<box> = E"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	937	by (induct E) (simp_all)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	938
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	939	lemma circ_assoc:
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	940	fixes E1 E2 E3::"ctx"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	941	shows "(E1 \<circ> E2) \<circ> E3 = E1 \<circ> (E2 \<circ> E3)"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	942	by (induct E1) (simp_all)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	943
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	944	lemma
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	945	shows "(Es1@Es2)\<down> = (Es2\<down>) \<circ> (Es1\<down>)"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	946	proof (induct Es1)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	947	case Nil
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	948	show "([]@Es2)\<down> = Es2\<down> \<circ> []\<down>" sorry
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	949	next
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	950	case (Cons E Es1)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	951	have ih: "(Es1@Es2)\<down> = Es2\<down> \<circ> Es1\<down>" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	952
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	953	show "((E#Es1)@Es2)\<down> = Es2\<down> \<circ> (E#Es1)\<down>" sorry
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	954	qed
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	955
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	956
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	957	text {*
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	958	The last proof involves several steps of equational reasoning.
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	959	Isar provides some convenient means to express such equational
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	960	reasoning in a much cleaner fashion using the "also have"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	961	construction. *}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	962
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	963	lemma
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	964	shows "(Es1@Es2)\<down> = (Es2\<down>) \<circ> (Es1\<down>)"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	965	proof (induct Es1)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	966	case Nil
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	967	show "([]@Es2)\<down> = Es2\<down> \<circ> []\<down>" using neut_hole by simp
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	968	next
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	969	case (Cons E Es1)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	970	have ih: "(Es1@Es2)\<down> = Es2\<down> \<circ> Es1\<down>" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	971	have "((E#Es1)@Es2)\<down> = (Es1@Es2)\<down> \<circ> E" by simp
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	972	also have "\<dots> = (Es2\<down> \<circ> Es1\<down>) \<circ> E" using ih by simp
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	973	also have "\<dots> = Es2\<down> \<circ> (Es1\<down> \<circ> E)" using circ_assoc by simp
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	974	also have "\<dots> = Es2\<down> \<circ> (E#Es1)\<down>" by simp
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	975	finally show "((E#Es1)@Es2)\<down> = Es2\<down> \<circ> (E#Es1)\<down>" by simp
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	976	qed
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	977
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	978
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	979	text {******************************************************************
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	980
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	981	Formalising Barendregt's Proof of the Substitution Lemma
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	982	--------------------------------------------------------
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	983
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	984	Barendregt's proof needs in the variable case a case distinction.
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	985	One way to do this in Isar is to use blocks. A block is some sequent
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	986	or reasoning steps enclosed in curly braces
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	987
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	988	{ \<dots>
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	989
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	990	have "statement"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	991	}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	992
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	993	Such a block can contain local assumptions like
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	994
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	995	{ assume "A"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	996	assume "B"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	997	\<dots>
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	998	have "C" by \<dots>
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	999	}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1000
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1001	Where "C" is the last have-statement in this block. The behaviour
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1002	of such a block to the 'outside' is the implication
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1003
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1004	\<lbrakk>A; B\<rbrakk> \<Longrightarrow> "C"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1005
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1006	Now if we want to prove a property "smth" using the case-distinctions
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1007	P\<^isub>1, P\<^isub>2 and P\<^isub>3 then we can use the following reasoning:
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1008
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1009	{ assume "P\<^isub>1"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1010	\<dots>
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1011	have "smth"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1012	}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1013	moreover
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1014	{ assume "P\<^isub>2"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1015	\<dots>
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1016	have "smth"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1017	}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1018	moreover
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1019	{ assume "P\<^isub>3"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1020	\<dots>
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1021	have "smth"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1022	}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1023	ultimately have "smth" by blast
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1024
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1025	The blocks establish the implications
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1026
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1027	P\<^isub>1 \<Longrightarrow> smth
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1028	P\<^isub>2 \<Longrightarrow> smth
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1029	P\<^isub>3 \<Longrightarrow> smth
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1030
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1031	If we know that P\<^isub>1, P\<^isub>2 and P\<^isub>3 cover all the cases, that is P\<^isub>1 \<or> P\<^isub>2 \<or> P\<^isub>3 is
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1032	true, then we have 'ultimately' established the property "smth"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1033
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1034	*}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1035
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1036	text {******************************************************************
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1037
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1038	7.) Exercise
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1039	------------
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1040
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1041	Fill in the cases 1.2 and 1.3 and the equational reasoning
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1042	in the lambda-case.
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1043	*}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1044
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1045	thm forget[no_vars]
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1046	thm fresh_fact[no_vars]
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1047
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1048	lemma
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1049	assumes a: "x\<noteq>y"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1050	and b: "x\<sharp>L"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1051	shows "M[x::=N][y::=L] = M[y::=L][x::=N[y::=L]]"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1052	using a b
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1053	proof (nominal_induct M avoiding: x y N L rule: lam.strong_induct)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1054	case (Var z)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1055	have a1: "x\<noteq>y" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1056	have a2: "x\<sharp>L" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1057	show "Var z[x::=N][y::=L] = Var z[y::=L][x::=N[y::=L]]" (is "?LHS = ?RHS")
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1058	proof -
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1059	{ (Case 1.1)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1060	assume c1: "z=x"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1061	have "(1)": "?LHS = N[y::=L]" using c1 by simp
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1062	have "(2)": "?RHS = N[y::=L]" using c1 a1 by simp
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1063	have "?LHS = ?RHS" using "(1)" "(2)" by simp
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1064	}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1065	moreover
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1066	{ (Case 1.2)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1067	assume c2: "z=y" "z\<noteq>x"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1068
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1069	have "?LHS = ?RHS" sorry
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1070	}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1071	moreover
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1072	{ (Case 1.3)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1073	assume c3: "z\<noteq>x" "z\<noteq>y"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1074
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1075	have "?LHS = ?RHS" sorry
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1076	}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1077	ultimately show "?LHS = ?RHS" by blast
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1078	qed
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1079	next
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1080	case (Lam z M1) (* case 2: lambdas *)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1081	have ih: "\<lbrakk>x\<noteq>y; x\<sharp>L\<rbrakk> \<Longrightarrow> M1[x::=N][y::=L] = M1[y::=L][x::=N[y::=L]]" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1082	have a1: "x\<noteq>y" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1083	have a2: "x\<sharp>L" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1084	have fs: "z\<sharp>x" "z\<sharp>y" "z\<sharp>N" "z\<sharp>L" by fact+
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1085	then have b: "z\<sharp>N[y::=L]" by (simp add: fresh_fact)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1086	show "(Lam [z].M1)[x::=N][y::=L] = (Lam [z].M1)[y::=L][x::=N[y::=L]]" (is "?LHS=?RHS")
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1087	proof -
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1088	have "?LHS = \<dots>" sorry
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1089
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1090	also have "\<dots> = ?RHS" sorry
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1091	finally show "?LHS = ?RHS" by simp
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1092	qed
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1093	next
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1094	case (App M1 M2) (* case 3: applications *)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1095	then show "(App M1 M2)[x::=N][y::=L] = (App M1 M2)[y::=L][x::=N[y::=L]]" by simp
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1096	qed
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1097
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1098	text {*
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1099	Again the strong induction principle enables Isabelle to find
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1100	the proof of the substitution lemma automatically.
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1101	*}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1102
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1103	lemma substitution_lemma_version:
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1104	assumes asm: "x\<noteq>y" "x\<sharp>L"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1105	shows "M[x::=N][y::=L] = M[y::=L][x::=N[y::=L]]"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1106	using asm
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1107	by (nominal_induct M avoiding: x y N L rule: lam.strong_induct)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1108	(auto simp add: fresh_fact forget)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1109
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1110	text {******************************************************************
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1111
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1112	The CBV Reduction Relation (Small-Step Semantics)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1113	-------------------------------------------------
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1114
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1115	In order to establish the property that the CK Machine
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1116	calculates a nomrmalform which corresponds to the
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1117	evaluation relation, we introduce the call-by-value
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1118	small-step semantics.
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1119
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1120	*}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1121
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1122	inductive
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1123	cbv :: "lam\<Rightarrow>lam\<Rightarrow>bool" ("_ \<longrightarrow>cbv _")
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1124	where
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1125	cbv1: "\<lbrakk>val v; x\<sharp>v\<rbrakk> \<Longrightarrow> App (Lam [x].t) v \<longrightarrow>cbv t[x::=v]"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1126	\| cbv2[intro]: "t \<longrightarrow>cbv t' \<Longrightarrow> App t t2 \<longrightarrow>cbv App t' t2"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1127	\| cbv3[intro]: "t \<longrightarrow>cbv t' \<Longrightarrow> App t2 t \<longrightarrow>cbv App t2 t'"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1128
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1129	equivariance val
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1130	equivariance cbv
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1131	nominal_inductive cbv
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1132	by (simp_all add: abs_fresh fresh_fact)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1133
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1134	text {*
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1135	In order to satisfy the vc-condition we have to formulate
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1136	this relation with the additional freshness constraint
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1137	x\<sharp>v. Though this makes the definition vc-ompatible, it
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1138	makes the definition less useful. We can with some pain
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1139	show that the more restricted rule is equivalent to the
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1140	usual rule. *}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1141
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1142	thm subst_rename
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1143
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1144	lemma better_cbv1[intro]:
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1145	assumes a: "val v"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1146	shows "App (Lam [x].t) v \<longrightarrow>cbv t[x::=v]"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1147	proof -
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1148	obtain y::"name" where fs: "y\<sharp>(x,t,v)" by (rule exists_fresh) (auto simp add: fs_name1)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1149	have "App (Lam [x].t) v = App (Lam [y].([(y,x)]\<bullet>t)) v" using fs
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1150	by (auto simp add: lam.inject alpha' fresh_prod fresh_atm)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1151	also have "\<dots> \<longrightarrow>cbv ([(y,x)]\<bullet>t)[y::=v]" using fs a by (auto intro: cbv1)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1152	also have "\<dots> = t[x::=v]" using fs by (simp add: subst_rename[symmetric])
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1153	finally show "App (Lam [x].t) v \<longrightarrow>cbv t[x::=v]" by simp
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1154	qed
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1155
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1156	text {*
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1157	The transitive closure of the cbv-reduction relation: *}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1158
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1159	inductive
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1160	"cbvs" :: "lam\<Rightarrow>lam\<Rightarrow>bool" (" _ \<longrightarrow>cbv* _")
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1161	where
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1162	cbvs1[intro]: "e \<longrightarrow>cbv* e"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1163	\| cbvs2[intro]: "\<lbrakk>e1\<longrightarrow>cbv e2; e2 \<longrightarrow>cbv* e3\<rbrakk> \<Longrightarrow> e1 \<longrightarrow>cbv* e3"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1164
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1165	lemma cbvs3[intro]:
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1166	assumes a: "e1 \<longrightarrow>cbv* e2" "e2 \<longrightarrow>cbv* e3"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1167	shows "e1 \<longrightarrow>cbv* e3"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1168	using a by (induct) (auto)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1169
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1170	text {******************************************************************
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1171
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1172	8.) Exercise
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1173	------------
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1174
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1175	If more simple exercises are needed, then complete the following proof.
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1176
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1177	*}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1178
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1179	lemma cbv_in_ctx:
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1180	assumes a: "t \<longrightarrow>cbv t'"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1181	shows "E\<lbrakk>t\<rbrakk> \<longrightarrow>cbv E\<lbrakk>t'\<rbrakk>"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1182	using a
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1183	proof (induct E)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1184	case Hole
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1185	have "t \<longrightarrow>cbv t'" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1186	then show "\<box>\<lbrakk>t\<rbrakk> \<longrightarrow>cbv \<box>\<lbrakk>t'\<rbrakk>" sorry
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1187	next
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1188	case (CAppL E s)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1189	have ih: "t \<longrightarrow>cbv t' \<Longrightarrow> E\<lbrakk>t\<rbrakk> \<longrightarrow>cbv E\<lbrakk>t'\<rbrakk>" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1190	have a: "t \<longrightarrow>cbv t'" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1191	show "(CAppL E s)\<lbrakk>t\<rbrakk> \<longrightarrow>cbv (CAppL E s)\<lbrakk>t'\<rbrakk>" sorry
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1192	next
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1193	case (CAppR s E)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1194	have ih: "t \<longrightarrow>cbv t' \<Longrightarrow> E\<lbrakk>t\<rbrakk> \<longrightarrow>cbv E\<lbrakk>t'\<rbrakk>" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1195	have a: "t \<longrightarrow>cbv t'" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1196	show "(CAppR s E)\<lbrakk>t\<rbrakk> \<longrightarrow>cbv (CAppR s E)\<lbrakk>t'\<rbrakk>" sorry
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1197	qed
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1198
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1199
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1200	text {******************************************************************
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1201
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1202	9.) Exercise
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1203	------------
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1204
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1205	The point of the cbv-reduction was that we can easily relatively
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1206	establish the follwoing property:
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1207
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1208	*}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1209
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1210	lemma machine_implies_cbvs_ctx:
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1211	assumes a: "<e,Es> \<mapsto> <e',Es'>"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1212	shows "(Es\<down>)\<lbrakk>e\<rbrakk> \<longrightarrow>cbv* (Es'\<down>)\<lbrakk>e'\<rbrakk>"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1213	using a
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1214	proof (induct)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1215	case (m1 t1 t2 Es)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1216
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1217	show "Es\<down>\<lbrakk>App t1 t2\<rbrakk> \<longrightarrow>cbv* ((CAppL \<box> t2)#Es)\<down>\<lbrakk>t1\<rbrakk>" sorry
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1218	next
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1219	case (m2 v t2 Es)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1220	have "val v" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1221
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1222	show "((CAppL \<box> t2)#Es)\<down>\<lbrakk>v\<rbrakk> \<longrightarrow>cbv* (CAppR v \<box> # Es)\<down>\<lbrakk>t2\<rbrakk>" sorry
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1223	next
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1224	case (m3 v x t Es)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1225	have "val v" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1226
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1227	show "(((CAppR (Lam [x].t) \<box>)#Es)\<down>)\<lbrakk>v\<rbrakk> \<longrightarrow>cbv* (Es\<down>)\<lbrakk>t[x::=v]\<rbrakk>" sorry
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1228	qed
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1229
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1230	text {*
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1231	It is not difficult to extend the lemma above to
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1232	arbitrary reductions sequences of the CK machine. *}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1233
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1234	lemma machines_implies_cbvs_ctx:
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1235	assumes a: "<e,Es> \<mapsto>* <e',Es'>"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1236	shows "(Es\<down>)\<lbrakk>e\<rbrakk> \<longrightarrow>cbv* (Es'\<down>)\<lbrakk>e'\<rbrakk>"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1237	using a
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1238	by (induct) (auto dest: machine_implies_cbvs_ctx)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1239
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1240	text {*
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1241	So whenever we let the CL machine start in an initial
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1242	state and it arrives at a final state, then there exists
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1243	a corresponding cbv-reduction sequence. *}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1244
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1245	corollary machines_implies_cbvs:
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1246	assumes a: "<e,[]> \<mapsto>* <e',[]>"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1247	shows "e \<longrightarrow>cbv* e'"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1248	using a by (auto dest: machines_implies_cbvs_ctx)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1249
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1250	text {*
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1251	We now want to relate the cbv-reduction to the evaluation
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1252	relation. For this we need two auxiliary lemmas. *}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1253
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1254	lemma eval_val:
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1255	assumes a: "val t"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1256	shows "t \<Down> t"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1257	using a by (induct) (auto)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1258
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1259	lemma e_App_elim:
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1260	assumes a: "App t1 t2 \<Down> v"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1261	shows "\<exists>x t v'. t1 \<Down> Lam [x].t \<and> t2 \<Down> v' \<and> t[x::=v'] \<Down> v"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1262	using a by (cases) (auto simp add: lam.inject)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1263
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1264	text {******************************************************************
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1265
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1266	10.) Exercise
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1267	-------------
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1268
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1269	Complete the first case in the proof below.
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1270
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1271	*}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1272
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1273	lemma cbv_eval:
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1274	assumes a: "t1 \<longrightarrow>cbv t2" "t2 \<Down> t3"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1275	shows "t1 \<Down> t3"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1276	using a
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1277	proof(induct arbitrary: t3)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1278	case (cbv1 v x t t3)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1279	have a1: "val v" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1280	have a2: "t[x::=v] \<Down> t3" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1281
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1282	show "App Lam [x].t v \<Down> t3" sorry
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1283	next
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1284	case (cbv2 t t' t2 t3)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1285	have ih: "\<And>t3. t' \<Down> t3 \<Longrightarrow> t \<Down> t3" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1286	have "App t' t2 \<Down> t3" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1287	then obtain x t'' v'
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1288	where a1: "t' \<Down> Lam [x].t''"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1289	and a2: "t2 \<Down> v'"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1290	and a3: "t''[x::=v'] \<Down> t3" using e_App_elim by blast
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1291	have "t \<Down> Lam [x].t''" using ih a1 by auto
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1292	then show "App t t2 \<Down> t3" using a2 a3 by auto
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1293	qed (auto dest!: e_App_elim)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1294
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1295
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1296	text {*
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1297	Next we extend the lemma above to arbitray initial
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1298	sequences of cbv-reductions. *}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1299
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1300	lemma cbvs_eval:
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1301	assumes a: "t1 \<longrightarrow>cbv* t2" "t2 \<Down> t3"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1302	shows "t1 \<Down> t3"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1303	using a by (induct) (auto intro: cbv_eval)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1304
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1305	text {*
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1306	Finally, we can show that if from a term t we reach a value
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1307	by a cbv-reduction sequence, then t evaluates to this value. *}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1308
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1309	lemma cbvs_implies_eval:
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1310	assumes a: "t \<longrightarrow>cbv* v" "val v"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1311	shows "t \<Down> v"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1312	using a
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1313	by (induct) (auto intro: eval_val cbvs_eval)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1314
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1315	text {*
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1316	All facts tied together give us the desired property about
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1317	K machines. *}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1318
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1319	theorem machines_implies_eval:
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1320	assumes a: "<t1,[]> \<mapsto>* <t2,[]>"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1321	and b: "val t2"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1322	shows "t1 \<Down> t2"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1323	proof -
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1324	have "t1 \<longrightarrow>cbv* t2" using a by (simp add: machines_implies_cbvs)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1325	then show "t1 \<Down> t2" using b by (simp add: cbvs_implies_eval)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1326	qed
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1327
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1328	text {******************************************************************
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1329
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1330	Formalising a Type-Soundness and Progress Lemma for CBV
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1331	-------------------------------------------------------
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1332
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1333	The central lemma for type-soundness is type-substitutity. In
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1334	our setting type-substitutivity is slightly painful to establish.
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1335
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1336	*}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1337
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1338	lemma valid_elim:
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1339	assumes a: "valid ((x,T)#\<Gamma>)"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1340	shows "x\<sharp>\<Gamma> \<and> valid \<Gamma>"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1341	using a by (cases) (auto)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1342
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1343	lemma valid_insert:
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1344	assumes a: "valid (\<Delta>@[(x,T)]@\<Gamma>)"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1345	shows "valid (\<Delta>@\<Gamma>)"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1346	using a
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1347	by (induct \<Delta>)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1348	(auto simp add: fresh_list_append fresh_list_cons dest!: valid_elim)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1349
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1350	lemma fresh_list:
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1351	shows "y\<sharp>xs = (\<forall>x\<in>set xs. y\<sharp>x)"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1352	by (induct xs) (simp_all add: fresh_list_nil fresh_list_cons)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1353
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1354	lemma context_unique:
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1355	assumes a1: "valid \<Gamma>"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1356	and a2: "(x,T) \<in> set \<Gamma>"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1357	and a3: "(x,U) \<in> set \<Gamma>"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1358	shows "T = U"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1359	using a1 a2 a3
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1360	by (induct) (auto simp add: fresh_list fresh_prod fresh_atm)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1361
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1362	lemma type_substitution_aux:
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1363	assumes a: "(\<Delta>@[(x,T')]@\<Gamma>) \<turnstile> e : T"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1364	and b: "\<Gamma> \<turnstile> e' : T'"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1365	shows "(\<Delta>@\<Gamma>) \<turnstile> e[x::=e'] : T"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1366	using a b
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1367	proof (nominal_induct \<Gamma>'\<equiv>"\<Delta>@[(x,T')]@\<Gamma>" e T avoiding: x e' \<Delta> rule: typing.strong_induct)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1368	case (t_Var \<Gamma>' y T x e' \<Delta>)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1369	then have a1: "valid (\<Delta>@[(x,T')]@\<Gamma>)"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1370	and a2: "(y,T) \<in> set (\<Delta>@[(x,T')]@\<Gamma>)"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1371	and a3: "\<Gamma> \<turnstile> e' : T'" by simp_all
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1372	from a1 have a4: "valid (\<Delta>@\<Gamma>)" by (rule valid_insert)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1373	{ assume eq: "x=y"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1374	from a1 a2 have "T=T'" using eq by (auto intro: context_unique)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1375	with a3 have "\<Delta>@\<Gamma> \<turnstile> Var y[x::=e'] : T" using eq a4 by (auto intro: weakening)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1376	}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1377	moreover
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1378	{ assume ineq: "x\<noteq>y"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1379	from a2 have "(y,T) \<in> set (\<Delta>@\<Gamma>)" using ineq by simp
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1380	then have "\<Delta>@\<Gamma> \<turnstile> Var y[x::=e'] : T" using ineq a4 by auto
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1381	}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1382	ultimately show "\<Delta>@\<Gamma> \<turnstile> Var y[x::=e'] : T" by blast
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1383	qed (force simp add: fresh_list_append fresh_list_cons)+
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1384
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1385	corollary type_substitution:
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1386	assumes a: "(x,T')#\<Gamma> \<turnstile> e : T"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1387	and b: "\<Gamma> \<turnstile> e' : T'"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1388	shows "\<Gamma> \<turnstile> e[x::=e'] : T"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1389	using a b type_substitution_aux[where \<Delta>="[]"]
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1390	by (auto)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1391
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1392	lemma t_App_elim:
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1393	assumes a: "\<Gamma> \<turnstile> App t1 t2 : T"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1394	shows "\<exists>T'. \<Gamma> \<turnstile> t1 : T' \<rightarrow> T \<and> \<Gamma> \<turnstile> t2 : T'"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1395	using a
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1396	by (cases) (auto simp add: lam.inject)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1397
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1398	lemma t_Lam_elim:
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1399	assumes ty: "\<Gamma> \<turnstile> Lam [x].t : T"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1400	and fc: "x\<sharp>\<Gamma>"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1401	shows "\<exists>T1 T2. T = T1 \<rightarrow> T2 \<and> (x,T1)#\<Gamma> \<turnstile> t : T2"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1402	using ty fc
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1403	by (cases rule: typing.strong_cases)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1404	(auto simp add: alpha lam.inject abs_fresh ty_fresh)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1405
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1406	theorem cbv_type_preservation:
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1407	assumes a: "t \<longrightarrow>cbv t'"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1408	and b: "\<Gamma> \<turnstile> t : T"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1409	shows "\<Gamma> \<turnstile> t' : T"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1410	using a b
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1411	by (nominal_induct avoiding: \<Gamma> T rule: cbv.strong_induct)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1412	(auto dest!: t_Lam_elim t_App_elim simp add: type_substitution ty.inject)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1413
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1414	corollary cbvs_type_preservation:
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1415	assumes a: "t \<longrightarrow>cbv* t'"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1416	and b: "\<Gamma> \<turnstile> t : T"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1417	shows "\<Gamma> \<turnstile> t' : T"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1418	using a b
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1419	by (induct) (auto intro: cbv_type_preservation)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1420
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1421	text {*
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1422	The Type-Preservation Property for the Machine and Evaluation Relation. *}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1423
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1424	theorem machine_type_preservation:
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1425	assumes a: "<t,[]> \<mapsto>* <t',[]>"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1426	and b: "\<Gamma> \<turnstile> t : T"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1427	shows "\<Gamma> \<turnstile> t' : T"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1428	proof -
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1429	from a have "t \<longrightarrow>cbv* t'" by (simp add: machines_implies_cbvs)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1430	then show "\<Gamma> \<turnstile> t' : T" using b by (simp add: cbvs_type_preservation)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1431	qed
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1432
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1433	theorem eval_type_preservation:
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1434	assumes a: "t \<Down> t'"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1435	and b: "\<Gamma> \<turnstile> t : T"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1436	shows "\<Gamma> \<turnstile> t' : T"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1437	proof -
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1438	from a have "<t,[]> \<mapsto>* <t',[]>" by (simp add: eval_implies_machines)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1439	then show "\<Gamma> \<turnstile> t' : T" using b by (simp add: machine_type_preservation)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1440	qed
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1441
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1442	text {* The Progress Property *}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1443
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1444	lemma canonical_tArr:
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1445	assumes a: "[] \<turnstile> t : T1 \<rightarrow> T2"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1446	and b: "val t"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1447	shows "\<exists>x t'. t = Lam [x].t'"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1448	using b a by (induct) (auto)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1449
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1450	theorem progress:
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1451	assumes a: "[] \<turnstile> t : T"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1452	shows "(\<exists>t'. t \<longrightarrow>cbv t') \<or> (val t)"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1453	using a
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1454	by (induct \<Gamma>\<equiv>"[]::ty_ctx" t T)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1455	(auto intro: cbv.intros dest!: canonical_tArr)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1456
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1457
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1458	text {***********************************************************
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1459
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1460	Strong Induction Principle
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1461	--------------------------
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1462
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1463	A proof for the strong (structural) induction principle in the
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1464	lambda-calculus.
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1465
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1466	*}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1467
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1468
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1469	lemma lam_strong_induct:
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1470	fixes c::"'a::fs_name"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1471	assumes h1: "\<And>x c. P c (Var x)"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1472	and h2: "\<And>t1 t2 c. \<lbrakk>\<forall>d. P d t1; \<forall>d. P d t2\<rbrakk> \<Longrightarrow> P c (App t1 t2)"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1473	and h3: "\<And>x t c. \<lbrakk>x\<sharp>c; \<forall>d. P d t\<rbrakk> \<Longrightarrow> P c (Lam [x].t)"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1474	shows "P c t"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1475	proof -
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1476	have "\<forall>(\<pi>::name prm) c. P c (\<pi>\<bullet>t)"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1477	proof (induct t rule: lam.induct)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1478	case (Lam x t)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1479	have ih: "\<forall>(\<pi>::name prm) c. P c (\<pi>\<bullet>t)" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1480	{ fix \<pi>::"name prm" and c::"'a::fs_name"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1481	obtain y::"name" where fc: "y\<sharp>(\<pi>\<bullet>x,\<pi>\<bullet>t,c)"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1482	by (rule exists_fresh) (auto simp add: fs_name1)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1483	from ih have "\<forall>c. P c (([(y,\<pi>\<bullet>x)]@\<pi>)\<bullet>t)" by simp
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1484	then have "\<forall>c. P c ([(y,\<pi>\<bullet>x)]\<bullet>(\<pi>\<bullet>t))" by (auto simp only: pt_name2)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1485	with h3 have "P c (Lam [y].[(y,\<pi>\<bullet>x)]\<bullet>(\<pi>\<bullet>t))" using fc by (simp add: fresh_prod)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1486	moreover
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1487	have "Lam [y].[(y,\<pi>\<bullet>x)]\<bullet>(\<pi>\<bullet>t) = Lam [(\<pi>\<bullet>x)].(\<pi>\<bullet>t)"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1488	using fc by (simp add: lam.inject alpha fresh_atm fresh_prod)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1489	ultimately have "P c (Lam [(\<pi>\<bullet>x)].(\<pi>\<bullet>t))" by simp
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1490	}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1491	then have "\<forall>(\<pi>::name prm) c. P c (Lam [(\<pi>\<bullet>x)].(\<pi>\<bullet>t))" by simp
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1492	then show "\<forall>(\<pi>::name prm) c. P c (\<pi>\<bullet>(Lam [x].t))" by simp
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1493	qed (auto intro: h1 h2) (* var and app case *)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1494	then have "P c (([]::name prm)\<bullet>t)" by blast
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1495	then show "P c t" by simp
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1496	qed
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1497
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1498	text {***********************************************************
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1499
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1500	---------
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1501	SOLUTIONS
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1502	---------
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1503
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1504	*}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1505
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1506	text {************************************************************
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1507
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1508	1.) MINI EXERCISE
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1509
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1510	The way we defined contexts does not allow us to
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1511	apply a Hole to a Hole. Therefore the following
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1512	will result in a typing error. *}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1513
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1514	(* term "CAppL \<box> \<box>" *)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1515
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1516
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1517	text {************************************************************
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1518
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1519	2. EXERCISE
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1520
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1521	A readable proof for this lemma is as follows:
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1522
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1523	*}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1524
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1525	lemma
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1526	assumes a: "<e1,Es1> \<mapsto>* <e2,Es2>"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1527	and b: "<e2,Es2> \<mapsto>* <e3,Es3>"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1528	shows "<e1,Es1> \<mapsto>* <e3,Es3>"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1529	using a b
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1530	proof(induct)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1531	case (ms1 e1 Es1)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1532	show "<e1,Es1> \<mapsto>* <e3,Es3>" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1533	next
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1534	case (ms2 e1 Es1 e2 Es2 e2' Es2')
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1535	have ih: "<e2',Es2'> \<mapsto>* <e3,Es3> \<Longrightarrow> <e2,Es2> \<mapsto>* <e3,Es3>" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1536	have "<e2',Es2'> \<mapsto>* <e3,Es3>" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1537	then have "<e2,Es2> \<mapsto>* <e3,Es3>" using ih by simp
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1538	moreover
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1539	have "<e1,Es1> \<mapsto> <e2,Es2>" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1540	ultimately show "<e1,Es1> \<mapsto>* <e3,Es3>" by auto
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1541	qed
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1542
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1543
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1544	text {************************************************************
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1545
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1546	3.) Exercise
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1547
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1548	As one can quickly see in the second case, the theorem as stated
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1549	does not go through. We need to generalise the induction hypothesis
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1550	so that we show the lemma for all contexts Es. In Isar, variables
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1551	can be generalised by declaring "arbitrary: variable \<dots>" when the
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1552	induction is set up.
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1553
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1554	*}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1555
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1556	theorem
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1557	assumes a: "t \<Down> t'"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1558	shows "<t,Es> \<mapsto>* <t',Es>"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1559	using a
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1560	proof (induct arbitrary: Es) (* here we generalise over Es *)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1561	case (e_Lam x t Es)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1562	show "<Lam [x].t,Es> \<mapsto>* <Lam [x].t,Es>" by auto
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1563	next
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1564	case (e_App t1 x t t2 v' v Es)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1565	have ih1: "\<And>Es. <t1,Es> \<mapsto>* <Lam [x].t,Es>" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1566	have ih2: "\<And>Es. <t2,Es> \<mapsto>* <v',Es>" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1567	have ih3: "\<And>Es. <t[x::=v'],Es> \<mapsto>* <v,Es>" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1568	have "<App t1 t2,Es> \<mapsto>* <t1,CAppL \<box> t2#Es>" by auto
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1569	moreover
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1570	have "<t1,CAppL \<box> t2#Es> \<mapsto>* <Lam [x].t,CAppL \<box> t2#Es>" using ih1 by auto
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1571	moreover
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1572	have "<Lam [x].t,CAppL \<box> t2#Es> \<mapsto>* <t2,CAppR (Lam [x].t) \<box>#Es>" by auto
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1573	moreover
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1574	have "<t2,CAppR (Lam [x].t) \<box>#Es> \<mapsto>* <v',CAppR (Lam [x].t) \<box>#Es>" using ih2 by auto
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1575	moreover
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1576	have "t2 \<Down> v'" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1577	then have "val v'" using eval_to_val by auto
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1578	then have "<v',CAppR (Lam [x].t) \<box>#Es> \<mapsto>* <t[x::=v'],Es>" by auto
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1579	moreover
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1580	have "<t[x::=v'],Es> \<mapsto>* <v,Es>" using ih3 by auto
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1581	ultimately show "<App t1 t2,Es> \<mapsto>* <v,Es>" by blast
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1582	qed
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1583
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1584	text {************************************************************
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1585
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1586	4.) Exercise
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1587
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1588	A proof for the weakening lemma:
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1589
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1590	*}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1591
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1592	lemma
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1593	fixes \<Gamma>1 \<Gamma>2::"(name\<times>ty) list"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1594	assumes a: "\<Gamma>1 \<turnstile> t : T"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1595	and b: "valid \<Gamma>2"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1596	and c: "\<Gamma>1 \<subseteq> \<Gamma>2"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1597	shows "\<Gamma>2 \<turnstile> t : T"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1598	using a b c
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1599	proof (nominal_induct \<Gamma>1 t T avoiding: \<Gamma>2 rule: typing.strong_induct)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1600	case (t_Var \<Gamma>1 x T) (* variable case *)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1601	have "\<Gamma>1 \<subseteq> \<Gamma>2" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1602	moreover
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1603	have "valid \<Gamma>2" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1604	moreover
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1605	have "(x,T)\<in> set \<Gamma>1" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1606	ultimately show "\<Gamma>2 \<turnstile> Var x : T" by auto
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1607	next
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1608	case (t_Lam x \<Gamma>1 T1 t T2) (* lambda case *)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1609	have vc: "x\<sharp>\<Gamma>2" by fact (* variable convention *)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1610	have ih: "\<lbrakk>valid ((x,T1)#\<Gamma>2); (x,T1)#\<Gamma>1 \<subseteq> (x,T1)#\<Gamma>2\<rbrakk> \<Longrightarrow> (x,T1)#\<Gamma>2 \<turnstile> t:T2" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1611	have "\<Gamma>1 \<subseteq> \<Gamma>2" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1612	then have "(x,T1)#\<Gamma>1 \<subseteq> (x,T1)#\<Gamma>2" by simp
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1613	moreover
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1614	have "valid \<Gamma>2" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1615	then have "valid ((x,T1)#\<Gamma>2)" using vc by (simp add: v2)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1616	ultimately have "(x,T1)#\<Gamma>2 \<turnstile> t : T2" using ih by simp
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1617	with vc show "\<Gamma>2 \<turnstile> Lam [x].t : T1\<rightarrow>T2" by auto
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1618	qed (auto) (* app case *)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1619
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1620	text {************************************************************
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1621
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1622	5.) Exercise
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1623
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1624	A proof for context omposition
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1625
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1626	*}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1627
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1628	lemma
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1629	shows "(E1 \<circ> E2)\<lbrakk>t\<rbrakk> = E1\<lbrakk>E2\<lbrakk>t\<rbrakk>\<rbrakk>"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1630	by (induct E1) (simp_all)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1631
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1632	text {******************************************************************
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1633
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1634	6.) EXERCISE
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1635	------------
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1636
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1637	A proof for the assoiativity of \<circ>.
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1638
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1639	*}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1640
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1641	lemma
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1642	shows "(Es1@Es2)\<down> = (Es2\<down>) \<circ> (Es1\<down>)"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1643	proof (induct Es1)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1644	case Nil
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1645	show "([]@Es2)\<down> = Es2\<down> \<circ> []\<down>" using neut_hole by simp
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1646	next
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1647	case (Cons E Es1)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1648	have ih: "(Es1@Es2)\<down> = Es2\<down> \<circ> Es1\<down>" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1649	have "((E#Es1)@Es2)\<down> = (Es1@Es2)\<down> \<circ> E" by simp
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1650	also have "\<dots> = (Es2\<down> \<circ> Es1\<down>) \<circ> E" using ih by simp
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1651	also have "\<dots> = Es2\<down> \<circ> (Es1\<down> \<circ> E)" using circ_assoc by simp
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1652	also have "\<dots> = Es2\<down> \<circ> (E#Es1)\<down>" by simp
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1653	finally show "((E#Es1)@Es2)\<down> = Es2\<down> \<circ> (E#Es1)\<down>" by simp
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1654	qed
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1655
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1656	text {******************************************************************
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1657
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1658	7.) EXERCISE
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1659	------------
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1660
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1661	A proof for the substitution lemma.
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1662
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1663	*}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1664
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1665	lemma
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1666	assumes a: "x\<noteq>y"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1667	and b: "x\<sharp>L"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1668	shows "M[x::=N][y::=L] = M[y::=L][x::=N[y::=L]]"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1669	using a b
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1670	proof (nominal_induct M avoiding: x y N L rule: lam.strong_induct)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1671	case (Var z) (* case 1: Variables*)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1672	show "Var z[x::=N][y::=L] = Var z[y::=L][x::=N[y::=L]]" (is "?LHS = ?RHS")
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1673	proof -
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1674	{ (Case 1.1)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1675	assume "z=x"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1676	have "(1)": "?LHS = N[y::=L]" using `z=x` by simp
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1677	have "(2)": "?RHS = N[y::=L]" using `z=x` `x\<noteq>y` by simp
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1678	from "(1)" "(2)" have "?LHS = ?RHS" by simp
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1679	}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1680	moreover
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1681	{ (Case 1.2)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1682	assume "z=y" and "z\<noteq>x"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1683	have "(1)": "?LHS = L" using `z\<noteq>x` `z=y` by simp
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1684	have "(2)": "?RHS = L[x::=N[y::=L]]" using `z=y` by simp
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1685	have "(3)": "L[x::=N[y::=L]] = L" using `x\<sharp>L` by (simp add: forget)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1686	from "(1)" "(2)" "(3)" have "?LHS = ?RHS" by simp
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1687	}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1688	moreover
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1689	{ (Case 1.3)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1690	assume "z\<noteq>x" and "z\<noteq>y"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1691	have "(1)": "?LHS = Var z" using `z\<noteq>x` `z\<noteq>y` by simp
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1692	have "(2)": "?RHS = Var z" using `z\<noteq>x` `z\<noteq>y` by simp
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1693	from "(1)" "(2)" have "?LHS = ?RHS" by simp
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1694	}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1695	ultimately show "?LHS = ?RHS" by blast
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1696	qed
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1697	next
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1698	case (Lam z M1) (* case 2: lambdas *)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1699	have ih: "\<lbrakk>x\<noteq>y; x\<sharp>L\<rbrakk> \<Longrightarrow> M1[x::=N][y::=L] = M1[y::=L][x::=N[y::=L]]" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1700	have fs: "z\<sharp>x" "z\<sharp>y" "z\<sharp>N" "z\<sharp>L" by fact+
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1701	then have "z\<sharp>N[y::=L]" by (simp add: fresh_fact)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1702	show "(Lam [z].M1)[x::=N][y::=L] = (Lam [z].M1)[y::=L][x::=N[y::=L]]" (is "?LHS=?RHS")
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1703	proof -
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1704	have "?LHS = Lam [z].(M1[x::=N][y::=L])" using `z\<sharp>x` `z\<sharp>y` `z\<sharp>N` `z\<sharp>L` by simp
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1705	also from ih have "\<dots> = Lam [z].(M1[y::=L][x::=N[y::=L]])" using `x\<noteq>y` `x\<sharp>L` by simp
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1706	also have "\<dots> = (Lam [z].(M1[y::=L]))[x::=N[y::=L]]" using `z\<sharp>x` `z\<sharp>N[y::=L]` by simp
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1707	also have "\<dots> = ?RHS" using `z\<sharp>y` `z\<sharp>L` by simp
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1708	finally show "?LHS = ?RHS" by simp
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1709	qed
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1710	next
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1711	case (App M1 M2) (* case 3: applications *)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1712	then show "(App M1 M2)[x::=N][y::=L] = (App M1 M2)[y::=L][x::=N[y::=L]]" by simp
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1713	qed
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1714
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1715	text {******************************************************************
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1716
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1717	8.) Exercise
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1718	------------
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1719
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1720	Left out if not needed.
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1721	*}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1722
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1723	lemma
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1724	assumes a: "t \<longrightarrow>cbv t'"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1725	shows "E\<lbrakk>t\<rbrakk> \<longrightarrow>cbv E\<lbrakk>t'\<rbrakk>"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1726	using a
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1727	proof (induct E)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1728	case Hole
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1729	have "t \<longrightarrow>cbv t'" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1730	then show "\<box>\<lbrakk>t\<rbrakk> \<longrightarrow>cbv \<box>\<lbrakk>t'\<rbrakk>" by simp
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1731	next
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1732	case (CAppL E s)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1733	have ih: "t \<longrightarrow>cbv t' \<Longrightarrow> E\<lbrakk>t\<rbrakk> \<longrightarrow>cbv E\<lbrakk>t'\<rbrakk>" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1734	have a: "t \<longrightarrow>cbv t'" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1735	show "(CAppL E s)\<lbrakk>t\<rbrakk> \<longrightarrow>cbv (CAppL E s)\<lbrakk>t'\<rbrakk>" using ih a by auto
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1736	next
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1737	case (CAppR s E)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1738	have ih: "t \<longrightarrow>cbv t' \<Longrightarrow> E\<lbrakk>t\<rbrakk> \<longrightarrow>cbv E\<lbrakk>t'\<rbrakk>" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1739	have a: "t \<longrightarrow>cbv t'" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1740	show "(CAppR s E)\<lbrakk>t\<rbrakk> \<longrightarrow>cbv (CAppR s E)\<lbrakk>t'\<rbrakk>" using ih a by auto
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1741	qed
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1742
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1743	text {******************************************************************
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1744
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1745	9.) Exercise
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1746	------------
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1747
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1748	The point of the cbv-reduction was that we can easily relatively
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1749	establish the follwoing property:
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1750
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1751	*}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1752
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1753	lemma
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1754	assumes a: "<e,Es> \<mapsto> <e',Es'>"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1755	shows "(Es\<down>)\<lbrakk>e\<rbrakk> \<longrightarrow>cbv* (Es'\<down>)\<lbrakk>e'\<rbrakk>"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1756	using a
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1757	proof (induct)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1758	case (m1 t1 t2 Es)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1759	show "Es\<down>\<lbrakk>App t1 t2\<rbrakk> \<longrightarrow>cbv* ((CAppL \<box> t2)#Es)\<down>\<lbrakk>t1\<rbrakk>" by (auto simp add: ctx_compose)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1760	next
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1761	case (m2 v t2 Es)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1762	have "val v" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1763	then show "((CAppL \<box> t2)#Es)\<down>\<lbrakk>v\<rbrakk> \<longrightarrow>cbv* (CAppR v \<box> # Es)\<down>\<lbrakk>t2\<rbrakk>"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1764	by (auto simp add: ctx_compose)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1765	next
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1766	case (m3 v x t Es)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1767	have "val v" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1768	then show "((CAppR (Lam [x].t) \<box>)#Es)\<down>\<lbrakk>v\<rbrakk> \<longrightarrow>cbv* (Es\<down>)\<lbrakk>t[x::=v]\<rbrakk>"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1769	by (auto simp add: ctx_compose intro: cbv_in_ctx)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1770	qed
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1771
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1772	lemma
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1773	assumes a: "<e,Es> \<mapsto> <e',Es'>"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1774	shows "(Es\<down>)\<lbrakk>e\<rbrakk> \<longrightarrow>cbv* (Es'\<down>)\<lbrakk>e'\<rbrakk>"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1775	using a by (induct) (auto simp add: ctx_compose intro: cbv_in_ctx)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1776
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1777	text {******************************************************************
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1778
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1779	10.) Exercise
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1780	-------------
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1781
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1782	Complete the first case in the proof below.
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1783
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1784	*}
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1785
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1786	lemma
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1787	assumes a: "t1 \<longrightarrow>cbv t2" "t2 \<Down> t3"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1788	shows "t1 \<Down> t3"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1789	using a
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1790	proof(induct arbitrary: t3)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1791	case (cbv1 v x t t3)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1792	have a1: "val v" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1793	have a2: "t[x::=v] \<Down> t3" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1794	show "App Lam [x].t v \<Down> t3" using eval_val a1 a2 by auto
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1795	next
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1796	case (cbv2 t t' t2 t3)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1797	have "t \<longrightarrow>cbv t'" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1798	have ih: "\<And>t3. t' \<Down> t3 \<Longrightarrow> t \<Down> t3" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1799	have "App t' t2 \<Down> t3" by fact
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1800	then obtain x t'' v'
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1801	where a1: "t' \<Down> Lam [x].t''"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1802	and a2: "t2 \<Down> v'"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1803	and a3: "t''[x::=v'] \<Down> t3" using e_App_elim by blast
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1804	have "t \<Down> Lam [x].t''" using ih a1 by auto
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1805	then show "App t t2 \<Down> t3" using a2 a3 by auto
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1806	qed (auto dest!: e_App_elim)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1807
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1808	lemma
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1809	assumes a: "t1 \<longrightarrow>cbv t2" "t2 \<Down> t3"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1810	shows "t1 \<Down> t3"
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1811	using a
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1812	by (induct arbitrary: t3)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1813	(auto elim!: eval_elim intro: eval_val)
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1814
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1815
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1816	end
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1817
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1818
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1819
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1820
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1821
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1822
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1823
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1824
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1825
f1be8028a4a9 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1826

author	Christian Urban <christian.urban@kcl.ac.uk>
	Tue, 07 Jan 2025 12:42:42 +0000
changeset 653	2807ec31d144
parent 415	f1be8028a4a9
permissions	-rw-r--r--