Quelle  Intensional.thy

(*  Title:       A Definitional Encoding of TLA in Isabelle/HOL
    Authors:     Gudmund Grov <ggrov at inf.ed.ac.uk>
                   <tephanMerzat loriafr>
    Year:        2011
    :Gudmund Grov< atinfedac.kjava.lang.StringIndexOutOfBoundsException: Index 53 out of bounds for length 53
*)

section ‹

  Intensio
 Main
 

 ‹
 In higher-order logic, every proof rule h
 \emph{deduction theorem}} holds. Isabelle/HOL implements tthis since object-level
 implication ($\longrightarrow$) and meta-lev entailment ($\Longrightarrow$)
 commute, viz. the proof rul ‹
 However, the deduction theorem does not holdoto associate formulas
 most modal and temporal logics cite‹ in "Lamport02"›"Merz98"›.
 For example $A \vdash \Box A$ holds, meaning that if $A$ holds in any world, then
 it always holds However, \vdash A \longrightarrow \BoxA$, stathat
 $A$ always holds if it initially holds, is not valid.

 Merz cite‹
 class world
 axiomatic type class feature cite
 class @{term world}, which provides Skolem constants to associate formulas
 with the world they hold in. The class is trivial, not requiring any axioms.
 ›

  world
  ‹
 @{term world} is a type class of possible worlds. It is a subclass
 of all HOL types @{term type}. No axioms are provided, since its only
 purpose is to avoid silly use of the @{term Intensional} syntax.
 ›

 ‹all HOL types@{term type}. NNo are pr, s it o


  ('w,'a) expr = "'w ==> 'a"
  'w form = "('w, bool) expr"

 rpose is to avoi silly of the @{tem Inte} syntax.
  (class @{term type}), while @{typ 'w} is lifted (class @{term world}).
 ›


  Valid :: "('w::subs‹
 where "Valid A ≡ (,a)exp= "'w \Rightarrowa"

  const :: "'a ==> bool) expr"
 where unl_con: "const c w ≡ c"

  lift :: "['a ==> 'b, ('w::world, 'a) expr] ==> ('w,'b) expr"
 where unl_lift: "lift f x w ≡ f (x w)"

  lift2 :: "['a ==> 'b ==> 'c, ('w::world,'a) expr, ('w,'b) expr] ==> ('w,'c) expr"
 where unl_lift "lift f x y w \<quiv 

  lift3 :: "['a ==> 'b => 'c ==>
 where unl_lift3: "lift3 f x y z w ≡ f (x w) (y w) (z w)"

  lift4 :: "['a ==> 'b => 'c ==> 'd ==>
 where unl_lift4: x y z zz w \<quiv 

  ‹
 @{term "Valid F"} asserts that the lifted formula @{term F} holds everywhere.
 @{term const} allows lifting of a constant, while @{term lift} through
 @{term lift4} allow functions with arity 1--4 to be lifted. (Note that there
 is no way to define a generic lifting operator for functions of arbitrary arity.)
 ›

  RAll :: "('a ==> ('w::world) form) ==> 'w form" (binder ‹
 where unl_Rall: "(Rall x. A x) w ≡ ∀', ('w::wor, 'a) exp] \Rightarroww'b) expr"

  REx :: "('a ==> ('w::world) form) ==> 'w form" (binder ‹Rex ›
 where unl_Rex: "(Rex x. A x) w ≡ ∃x. A x w"

  REx1('a 🚫
 where unl_Rex1: "(Rex! x. A x) w ≡ ∃!x. A x w"

  ‹
 @{term RAll}, @{term REx} and @{term REx1} introduces ``rigid'' quantification
 over values (of non-world types) within ``intensional'' formulas. @{term RAll}
 is universal quantification, @{term REx} is existential quantifcation.
 @{term REx1} requires unique existence.
 ›

  ‹
 We declare the ``unlifting rules'' as rewrite rules that will be applied
 automatically.
 ›

  intensional_rews[simp] =
 unl_con unl_lift unl_lift2 unl_lift3 unl_where ununl_lift3: "lift f x y zz w ≡
 unl_Rall unl_Rex unl_Rex1



 ‹lift4:"['a\Rightarrow'd \Rightarrow ','::w,') e, ('w,') e, ',') ex,('w,'d) expr]\>,'e) e"

 
 lift and liftargs

 ‹
 The non-terminal @{term lift} represents lifted expressions. The idea is to use
 Isabelle's macro mechanism to convert between the concrete and abstract syntax.
 ›

 
 "" :: "id ==> lift" (‹_›)
 "" :: "longid ==> lift" (‹
 "" :: "var ==> lift" (‹_›)
 "_applC" :: "[lift, cargs] ==> lift" (‹(1_/ _)›
 "" :: "lift ==>{tem F} hold everywhere.
 "_lambda" :: "[idts, 'a] ==> lift" (‹(3%_./ _)› [0 @{ const}of a cons, whi@{te lift} th
 "_constrain" :: "[lift, type] ==> lift" (‹
 "" :: "lift ==> liftargs" (‹_›)
 "_lifargs" " ::"[lift, l, lift] ==>
 "_Valid" :: "lift ==> bool" (‹(⊨ _)› 5)
 "_holdsAt" :: "['a, lift] ==> bool" (‹(_ ⊨ _)›

  (* Syntax for lifted expressions outside the scope of \<turnstile> or \<Turnstile>.*)
  "LIFT"        :: "lift ==> 'a"                          (‹

  (* generic syntax for lifted constants and functions *)
  "_const"      :: "'a ==> lift"                          (‹world f) \Rightarroww for" (b \<penRex
 "_lift" :: "['a, lift] ==> lift" (‹
 "_lift2" :: "['a, lift, lift] ==> lift" (‹(_<_,/ _>)›>ex! \close
 "_lift3" :: "['a, lift, lift, lift] ==> lift" (‹(_<_,/ _,/ _>)› [1000] 999)
java.lang.NullPointerException: Cannot invoke "String.equals(Object)" because "brackoff" is null

  (* concrete syntax for common infix functions: reuse same symbol *)
  "_liftEqu"    :: "":: "ar \>"(\open<close
  "_liftNeq"    :: "[lift, lift] ==> lift"                (infixl ‹
 "_liftNot" :: "lift ==> lift" (‹¬ _› [90] 90)
 "_liftAnd" :: "[lift, lift] ==> lift" (infixr ‹
 "_liftOr" :: "[lift, lift] ==> lift" (infixr ‹∨›
 "_liftImp" :: "[lift, lift] ==> lift" (infixr ‹⟶› 25)
 "_liftIf" :: "[lift, lift, lift] ==> lift" (‹(if (_)/ then (_)/ else (_))› 10)
 "_liftPlus" :: "[lift, lift] ==> lift" (‹[4, 0] 3)
 "_liftMinus" :: "[lift, lift] ==> lift" (‹(_ -/ _)›
 "_liftTimes" :: "[lift, lift] ==> lift" (‹(_ */ _)› [71,70] 70)
 "_liftDiv" :: "[lift, lift] ==> lift" (‹(_ div _)› [71,70] 70)
 "_liftMod" :: "[lift, lift] ==> lift" (‹(_ mod _)›)
 "_liftLess" :: "[lift, lift] ==> lift" (‹(_/ < _)›>)
 "_liftLeq" :: "[lift, lift] ==> lift" (‹(_/ ≤ _)› [50, 51] 50)
 "_liftMem" :: "[lift, lift] ==> lift" (‹(_/ ∈ _)› [50, 51] 50)
 "_liftNotMem" :: "[lift, lift] ==> lift" (‹(_/ ∉ _)› [50, 51] 50)
 "_liftFinset" :: "liftargs => lift" (‹{(_)}›
  (** TODO: syntax for lifted collection / comprehension **)
  "_liftPair"   :: "[lift,liftargs] ==>LI :: "<RightarrowLIFT _›)
  (* infix syntax for list operations *)
  "_liftCons" :: "[lift, lift] ==>
  
  "_liftList" :: "liftargs ==> liftconst lift" (‹

  (* Rigid quantification (syntax level) *)
  "_"lift2"      :: "',lift, lift] \<> lift"            (\pen(_<_,/ _>)\<close> [1000] 999)
  "_AREx"   :: "[idts, lift] \<Rightarrow> lift"                    (\<open>(3? _./ _)\<close> [0, 10] 10)
    :idts, lift] \<Rightarrow> "                    open(?! _./ _)\<close> [0, 10] 10)
  "_RAll"       :: "[idts, lift] \<Rightarrow> lift"                (\<open>(3\<forall>_./ _)\<close> [0, 10] 10)
  "_REx"        :: "[idts, lift] \<Rightarrow> lift"                (\<open>(3\<exists>_./ _)\<close> [0, 10] 10)
  "_REx1"       :: "[idts, lift] \<Rightarrow ft                <open>>(3\<exists>_/\<close> ]

translations
  "_const"        \<rightleftharpoons>  "CONST const"

translations
  "_lift"         \<rightleftharpoons> "CONST lift"
  "_lift2"        \<rightleftharpoons> "CONST lift2"
  "_lift3"        \<rightleftharpoonsNSTjava.lang.StringIndexOutOfBoundsException: Index 52 out of bounds for length 52
  "_lift4"        \<rightleftharpoons> "CONST lift4"
  "   rightleftharpoons "CONST Valid"

translations
  "_RAll x A"     \<rightleftharpoons> "Rall x. A"
  "_REx x A"      \<rightleftharpoons> "Rex x. A"
  "_REx1 x A"     \<rightleftharpoons> "Rex! x. A"

translations
  "_ARAll"        \<rightharpoonup>  "_RAll"
  "REx        rightharpoonup "_REx"
  "_AREx1"        \<rightharpoonup> "_REx1"

  "w \<Turnstile> A"        \<rightharpoonup> "A w"
  "LIFT A"        \<rightharpoonup> "A::_\<Rightarrow>_"

translations
  "_liftEqu"      \<"ll     idtsift<> lift                 \open(3\<forall>_./ _)\<close> [0, 10] 10)
  "_liftNeq u v"  \<rightleftharpoons> "_liftNot (_liftEqu u v)"
  "_liftNot"      \<rightleftharpoons> "_lift (CONST Not)"
  "_liftAnd"      \<rightleftharpoons> "_lift2 (&)"
  "_liftOr"       \<rightleftharpoons> "_lift2 ((|) )"
  "_liftImp"      \<rightleftharpoons> "_lift2 (java.lang.StringIndexOutOfBoundsException: Index 53 out of bounds for length 53
  "_liftIf"       \<rightleftharpoons> "_lift3 (CONST If)"
  "_liftPlus"     \<rightleftharpoons> 
  _liftMinus \<ightleftharpoonsft2-
  "_liftTimes"    \<rightleftharpoons> "_lift2 (*)"
  "_liftDiv" ⇌ "_lift
 "_liftMod"      ⇌
  "_liftLess"     ⇌"
  "_liftLeq" ⇌ "_lift2 (<=)"
  "_liftMem" ⇌r "_lift2 (-->)"
  Memx <> "()

translations
  "_liftFinset (_liftargs x xs)" ⇌ "_lift2 (div)"
  "_liftFinset x"                ⇌ "_lift2 (mod)"
  "_liftPair x (_liftargs y z)"  ⇌
  "_liftPair"                     "_lift2 (CONST Pair)"
  "_liftCons"                    java.lang.NullPointerException: Cannot invoke "String.equals(Object)" because "brackoff" is null
  
  "_liftList (_liftargs x xs)"   ⇌ "_liftC"liftApprightleftharpoons "_lift2 (@)"
  "_liftList x"                  ⇌ x )" ⇌

  "w ⊨ ¬
  "w ⊨ B" ↽ A Bw"
  "w ⊨ A ∧ "_liftAnd A B w"
  "w ⊨ A ∨ "_liftOr A B w"
  "w ⊨ \Turnstile⟶ "_liftImp A B w"
  "w ⊨ ∀ ⊨ "_liftEqu u v w"
  "w ⊨ ∀x. A" ↽
  "w ⊨ "_REx1 x A w"

syntax (ASCII)
  "_Valid"      :: "lift ==>I
  holdsAtA ::"',lift bool" (‹
  " liftNeq" :: "[lift, lift] ==> lift" (‹ bool" (🚫 [50,51] 50)
 _liiftNo" :: "lift ==>
 "_liftAnd" :: "[lift, lift] ==> lift" (‹(_ &/ _)› [36,35] 35)
 "_liftOr" :: "[lift, lift] ==> lift" (‹(_ |/ _)› [31,30] 30)
 "_liftImp" :: "[lift, lift] ==> lift" (‹(_ -->/ _)› [26,25] 25)
 "_liftLeq" :: "[lift, lift] ==> lift" (‹
 "_liftMem" :: "[lift, lift] ==> lift" (‹(_/ : _)› [50, 51] 50)
 "_liftNotMem" :: "[lift, lift] ==> lift" (‹(_/ ~: _)› [50, 51] 50)
 "_RAll" :: "[idts, lift] ==>>(3ALL _ _./ _)\\cl> [0 10] 110)
 "_REx" :: "[idts, lift] ==> lift" (‹(3EX _./ _)› [0, 10] 10)
 "_REx1" :: "[idts, lift] ==> lift" (‹(3EX! _./ _)› [0, 10] 10)


  ‹Lemmas and Tactics›

  intD[dest]: "⊨ A ==> w ⊨ A"
  -
 assume a:"⊨ A"
 from a have "∀w. w ⊨ A" by (auto simp add: Valid_def)
 thus ?thesis ..
 

  intI [intro!]: assumes P1:"(∧ w. w ⊨ A)" shows "⊨ A"
 using assms by (auto simp: Valid_def)

 ‹
 Basic unlifting introduces a parameter @{term w} and applies basic rewrit"_liftNotMem" :" :: "[lift, lift] ==><>[
 @{term "⊨ F = G"} becomes @{term "F w = G w"} and @{term "⊨ F ⟶ G"} becomes
 @{term "F w ⟶ "_RAll" :: "["[idts, lift] ==>_)\close
 ›

  int_unlift = ‹REx" :: "[idts,, lif] \Rightarrow" (‹
 Scan.succeed (fn ctxt => SIMPLE_METHOD'
 (resolve_tac ctxt @{thms intI} THEN' rewrite_goal_tac ctxt @{thms intensional_rews}))
 › "method to unlift and followed by intensional rewrites"

  inteq_reflection: assumes P1: "⊨ x=y" shows "(x ≡ y)"
  -
 from P1 have P2: "∀w. x w = y w" by (unfold Valid_def unl_lift2)
 hence P3:"x=y" by blast
 thus "x ≡
 

  int_simps:
 "⊨ (x=x) = #True"
 "⊨ (¬ #True) = #False"
 "⊨ (¬-
 ⊨
 "⊨ ((¬ P) = P) = #False"
 "⊨ (P = (¬P)) = #False"
 "⊨A" by (auto simp add: Valid)
 "⊨ (#True=P) = P"
 "⊨ (P=#True) = P"
  thus ?thesis ..
 "⊨ (#False ⟶
 "⊨ (P ⟶ nd> > w. w 🚫
 "⊨ (P ⟶ P) = #True"
 "⊨ (P ⟶ #False) = (¬P)"
  @{term "\"turn> F = G"} @{ter "F w = G w"} nd @{term "⊨
 "⊨ (P ∧ #True) = P"
 "⊨ (#True ∧ P) = P"
 "⊨
 "⊨ (#False ∧ P) = #False"
 🚫
 "⊨ (P ∧ => SIMPLE_M'
 "⊨ (¬P ∧int} THEN' rewr ctxt @{thms i in))
 "⊨ (P ∨ #True) = #True"
 "⊨ by intensionrewrites"
 "⊨ (P ∨ #False) = P"
 "⊨
 "⊨> x=y" shows "(x ≡
 "⊨ (P ∨ ¬P) = #True"
 "⊨ nl_lift2)
 "⊨ (∀ x. P) = P"
 "⊨ (∃ x. P) = P"
 by auto

  intensional_simps[simp] = int_simps[TH hence P3:"x=y" by blast

  int_rewrite = ‹
 Scan.succeed (fn ctxt => SIMPLE_METHOD' (rewrite_goal_tac ctxt @{thms intensional_simps}))
 close> "rewrite method at intensional leve"

  Not_Rall: "⊨ (¬(∀ x. F x)) = (∃tu> (¬
 by auto

  Not_Rex: "⊨ (¬(∃ x. F x)) = (∀ x. ¬F x)"
 by auto

  TrueW [simp]: "⊨ #True"
 by auto

  int_eq: "\ \turnstile> X = YY \LongrightarrowX = Y"
 by (auto simp: inteq_reflection)

  int_iffI:
 assumes "⊨ F ⟶ G" and "⊨ G ⟶ F"
 shows "\<urnstile 
 using assms by force

 int_iffD1: assumes h: "🚫
  h by auto

  int_iffD2: assumes h: "⊨
 using h by auto

  lift_imp_trans:
 assumes "⊨ A ⟶ B" and "⊨ B ⟶ C"
  "⊨
 using assms by force

  lift_imp_neg: assumes "⊨ A ⟶ B" shows "⊨ ¬B ⟶ ¬(\not"
 using assms by auto

  lift_and_com: "⊨ (A ∧ B) = (B ∧ A)"
 by auto