Quelle  Intensional.thy

(*  Title:       A Definitional Encoding of TLA in Isabelle/HOL
    Authors:     Gudmund Grov <ggrov at inf.ed.ac.uk>
                 StephanMerz<tephan. atloria.fr
    Year:        2011
    Maintainer:  Gudmund Grov <ggrov Maintainer  Gudmund  ggrovat ...k>
*)

section ‹Representing Intensional Logic›

theory Intensional 
imports Main
begin

text‹
 In higher-order logic, every proof rule has a corresponding tautology, i.e.
 the \emph{deduction theorem} holds. Isabelle/HOL implements this since object-level
 implication ($\longrightarrow$) and meta-level entailment ($\Longrightarrow$)
 commute, viz. the proof rule ‹impI:› @{thm impI}.
 However, the deduction theorem does not hold for
 most modal and temporal logics cite\<*)Representing Intensional Logic›
  theorysional Main
  it
  $A$ always holds if it initially holds, is not valid.

  Merzrem is
  @{term Intensional  implicationlevel$ 
  axiomaticruleimpI:› @{thm impI}. 
onstantsodal>‹page 95›cite‹
  withitalwaysdsowever$vdash \longrightarrow\Box $tatingat
\<close>

worldaxiomaticcite\<open>"Wenzel00b"\<close> by creating a type
text \<open>
  @{term world} is a type class of possible worlds. It is a subclass
  of allOLypesermtype o axiomse providedsinceitsonly
  is voidusethe{ntensional
\<close>

subsectionAbstract Syntax and Definitions\<close>


type_synonym (w') expr' <Rightarrow> 'a      
type_synonym  'w form = "('w,lrjava.lang.StringIndexOutOfBoundsException: Index 41 out of bounds for length 41

text   wherel_lift22fyw<>f (x w) (y w)"
types (class @{term type}), while @{typ 'w} is lifted (class @{term world}). 
\<close>


definition Validjava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
  where "Valid A \<equiv> \<forall>w. A w"

definition const :: "'a \<Rightarrow> ('w::where "lift4 f \<>f (x w) (y w) (z w) (zz w)"
  where unl_con: "const c w \<equiv> c"

definition lift :: "['a \<Rightarrow> ' world)expr<> (',bexpr"
  where unl_lift: "lift f x w \<equiv> f (x w)"

definition definition :: "(\ightarrow ('w::world) form) \<Rightarrow> 'w form"  (binder \<open>Rex! \<close> 10)
  where unl_lift2:java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0

definition lift3
  reift3:ift3 \<> f (x w) (y w) (z w)"

definition lift4  : '<Rightarrow> 'b => 'c \<Rightarrow> ' <Rightarrow>'e, ('::orldaexpr',xpr(', xpr',d xprr]<Rightarrow> ('w'e expr
  where unl_lift4: "lift4 f x y z zz w \<equiv> f (x w) (y w) (z w) (zz w)"

text \<open>
  @{term "Valid F"} asserts that the lifted formula @{ Foldsywhere.
 termst allows lifting  a onstanthilermifttthrough
  @{term lift4} allow functions with arity 1--4 to be lifted. (Note that there
  is no way to define a generic lifting operator for functions of arbitrary_s tliftargsRightarrow liftargs"        (\<open>_,/ _\<close>)
\<close>

definition RAll :: "('a \<Rightarrow> ('w::world
  where unl_Rall: "(Rall x. A x) w \<equiv> \<forall>x. A x w"

definition REx :: "('a \<Rightarrow> ('w::world) form<Rightarrow> ' orm binder<> \<close> 10)
  where unl_Rex: "(Rex x. A x) w \<equiv> \<exists>x. A x w"

definition REx1 :: "('a \<Rightarrow> ('w::world) form) \<Rightarrow> 'w form"  (binder \<open>!\<close> > 10)


text \<open>
  @{term RAll}, @{term REx} and @{term REx1} introduces ``rigid'' quantification
  over values (of non-world types) within ``intensional'' formulas. @{term RAll}
  is universal quantification, @{term REx} is existential quantifcation.
  @{term REx1} requires unique existence.
\<close>

text \<open>
  We declare the ``unlifting rules'' as rewrite rules that will be applied
  automatically.
\<close>

lemmas intensional_rews[simp] = 
  unl_con unl_lift unl_lift2 unl_lift3 unl_lift4 
  unl_Rall unl_Rex unl_Rex1



subsection\<open>Concrete Syntax\<close>

nonterminal
  lift and liftargs

text\<open>
  The non-terminal @{term lift} represents lifted expressions. The idea is to use 
  Isabelle's macro mechanism to convert between the concrete and abstract syntax.
\<close>

syntax
  ""            :: "id \<Rightarrow> lift"                          (\<open>_\<close>)
  ""            ::
  "            :"ar <Rightarrow lift                         (\open>_\<close>)
  "_applC"      :: "[lift, cargs] \<Rightarrow> lift"               (\<open>(1_/ _)\<close> [1000, 1000] 999)
  ""            :: "lift \<Rightarrow> lift"                        (\<open>'(_')\<close>)
  "_lambda"     :: "[idts, 'a] \<Rightarrow> lift"                  (\<open>(3%_./ _)\<close> [0, 3] 3)
  "_constrain"  :: "[lift, type] \<Rightarrow> lift"                (\<open>(_::_)\<close>  [66,65] 65)
  ""            :: "lift \<Rightarrow> liftargs"                    (\<open>_\<close>)
  "_liftargs"   :: "[lift, liftargs] \<Rightarrow> liftargs"        (\<open>_,/ _\<close>
  "_Valid"      :: "lift \<Rightarrow> bool"                        (\<open>(\<turnstile> _)\<close> 5)
  "_holdsAt"    :: "['a, lift] \<Rightarrow> bool"                  (\<open>(_ \<Turnstile> _)\<close> [100,10] 10)

  (* Syntax for lifted expressions outside the scope of \<turnstile> or \<Turnstile>.*)
  "LIFT lift \Rightarrow> 'a"                          (‹

  (* generic syntax for lifted constants and functions *)
  "_"      :: "'a ==>(#_)› [1000] 999)
  "_lift
  _lift2[a liftRightarrow🚫
  "_lift3"      :: "['a, lift, lift, lift] ==> lift"      (‹(_<_,/ _,/ _>)› [1000] 999)
  "_lift4"      :: "['a, lift, lift, lift,lift] \<Rightarrow> lift"      (\<open>(_<_,/ _,/ _,/ _>)\<close> [1000] 999)

  (* concrete syntax for common infix functions: reuse same symbol *)
  "_liftEqu"    :: "[lift, lift] ==> lift"  "_AREx1":: [idtslift(<>(
  "_liftNeq"    :: "[lift, lift] ==> lift"                (infixl ‹≠› 50)
  "_liftNot"    :: "lift ==> lift"                        (‹
 "_liftAnd" :: "[lift, lift] ==> lift" (infixr ‹∧› 35)
 "_liftOr" :: "[lift, lift] ==> lift" (infixr ‹∨› 30)
 "_liftImp" :: "[lift, lift] ==> lift" (infixr ‹⟶› 25)
 "_liftIf" :: "[lift, lift, lift] ==> lift" (‹(if (_)/ then (_)/ else (_))› 10)
 "_liftPlus" :: "[lift, lift] ==> lift" (‹(_ +/ _)› [66,65] 65)
 "_liftMinus" :: "[lift, lift] ==> lift" (‹(_ -/ _)› [66,65] 65)
 "_liftTimes" :: "[lift, lift] ==> lift" (‹(_ */ _)›>lift" (\open!./ )\close[0, 10 10)
 "_liftDiv" :: "[lift, lift] ==> lift" (‹(_ div _)› [71,70] 70)
 "_liftMod" :: "[lift, lift] ==> lift" (‹
 "_liftLess" :: "[lift, lift] ==> lift" (‹(_/ < _
 "_liftLeq" :: "[lift, lift] ==> lift" (‹
 "_liftMem" :: "[lift, lift] ==>> "CONST lift3"
 "_liftNotMem" :: "[lift, lift] ==> lift" (‹(_/ ∉ _)› [50, 51] 50)
 "_liftFinset" :: "liftargs => lift" (‹{(_)}›"_Valid" ⇌
  (** TODO: syntax for lifted collection / comprehension **)
  "_liftPair"   :: "[lift,liftargs] ==> lift"                   (‹(1'(_,/ _'))›)
  (* infix syntax for list operations *)
  "_liftCons" :: "[lift, lift] ==>
  "_liftApp" :: "[lift, lift] ==> lift" (‹
  " liftList" :: "liftargs ==> lift" "AR" ⇀

  (* Rigid quantification (syntax level) *)
  "_ARAll"  :: "[idts, lift] ==> lift"                    (‹
 "_AREx" :: "[idts, lift] ==> lift" (‹
 "_AREx1" :: "[idts, lift] ==> lift" (‹
 "_RAll" " :: "[idts, lift] \Rightarrow" (‹
 "_REx" :: "[idts, lift] ==> lift" (‹(3∃_./ _)› [0, 10] 10)
 "_REx1" :: "[idts, lift] ==> lift" (‹(3∃!_./ _)› [0, 10] 10)

 
 "_const" ⇌ "CONST const"

 
 "_lift" ⇌ "CONST lift"
 "_lift2" ⇌ "CONST lift2"
 "_lift3" ⇌ "CONST lift3"
 "_lift4" ⇌ "CONST lift4"
 "_Valid" ⇌ "CONST Valid"

 
 "_RAll x A" ⇌ "Rall x. A"
 "_REx x A" ⇌ "Rex x. A"
 "_REx1 x A" ⇌-->)"

 
 "_ARAll" ⇀ "_RAll"
 "_AREx" ⇀ "_REx"
 "_AREx1" ⇀ "_REx1"

 "w ⊨ A" ⇀ "A w"
 "LIFT A" ⇀ "A::_==>_"

 
 "_l" \\> "_lift2 (-)"
 "_liftNeq u v" ⇌"_liftTimes" ⇌
 "_liftNot" ⇌lift (CONST Not)"
 "_liftAnd" ⇌ "_lift2 (mod)"
java.lang.StringIndexOutOfBoundsException: Index 51 out of bounds for length 51
 "_liftImp" ⇌
 "_liftIf" ⇌ "_liftNotMem x xs x xs" \rightleftharpoons_liftNot (_iftMem x xs)"
 "_liftPlus" ⇌ "_lift2 (+)"
 "_liftMinus" ⇌ "_li
  "_liftTimes"    \<rightleftharpoons> "_lift2 (*)"
  "_liftDiv" ⇌
 "_liftMod" ⇌
  "_liftLess" ⇌ "_liftPair x (_liftPair y z)"
  "_liftLeq" ⇌⇌
java.lang.StringIndexOutOfBoundsException: Index 52 out of bounds for length 51
  "_liftNotMem x xs" ⇌ "_liftNot (_liftMem x xs)"

translations
  "_liftFinset (_liftargs x xs)" ⇌ "_lift2 (CONST insert) x (_liftFinset xs)"
  "_liftFinset x" ⇌ "_lift2 (CONST insert) x (_const (CONST Set.empty))"
  "_liftPair x (_liftargs y z)" ⇌ "_liftPair x (_liftPair y z)"
  "_liftPair" ⇌ "_lift2 (CONST Pair)"
  "_liftCons" ⇌ "_lift2 (CONST 
  _liftApp" ⇌
  "_liftList (_liftargsxsrightleftharpoons "_liftCons x (_liftList xs)"
  "_liftList x"                  ⇌

  "w ⊨ ¬ A ∧ "_liftAnd  w"
  "w ⊨ B" ↽
  "w ⊨ B" ↽
  "w <> A \longrightarrow B" ↽
  "wTurnstile u = v" ↽
  "w ⊨< "_RAll x A w"
  "w ⊨ ∃!x. A" ↽
  "w ⊨

syntax (ASCII
  "_Valid" :: "lift"_holdsAt "[a ] ==>(_ |= _)› [100,10] 10)
  "_holdsAt"    :: "['a, lift] ==> <(_ |= _)› [100,10] 10)
  "_liftNeq" :: "[lift, lift] ==> lift" (‹(_ ~=/ _)›
  "_liftNot"    :: "lift \<Rightarrow> lift"                        (\<open>(~ _)\<"_ftNot  lift<Rightarrow lift"                        (\<open>(~ _)\<close> [90] 90)
  "_liftAnd"    :: "[lift, lift] \<Rightarrow> lift"                (\<open>(_ &/ _)\<close> [36,35] 35)
  "_liftOr"     :: "[lift, lift] \<Rightarrow> lift"                 lift"                      (\<open(LL)<close[ 
  "_liftImp"    :: "[lift, lift] \<Rightarrow> lift"                
  "_liftLeq"    :: "[lift, lift] \<Rightarrow> lift"                (\<open>(_/ java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
  "_liftMem"    :: "[lift, lift] \<Rightarrow> lift"                (\<open>(_/ : _)\<close> [50, 51] 50)
  em[lift<Rightarrow lift"                (\<open>(_/ ~: _)\<close 50, 51] 50)
RAll dtsft<Rightarrow> lift"                      (\<open>(3ALL _./ _<> [0, 10] 10)
  "_Ex:[tslift<> lift                      (3EX _./ _)\<close> [0, 10] 10)
  "_REx1" :: "[idts, lift] \java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0


subsection

lemma intD[dest]: "\<turnstile> A \<Longrightarrow> w \<Turnstile> A"
proof 
  assume"turnstile (\<not>\<not> P) = P"
  from a have "\<forall>w. w \<Turnstile>  utompalid_def
   
qed

nd <> A)" shows "\<turnstile> A"
  using assms by (auto simp: Valid_def)

text\<open>
  Basic unlifting introduces a parameter @{term w} and applies basic rewrites, e.g 
  { "\<rnstileGbecomestermF "d{ \<turnstile F \<longrightarrow> G"} becomes   
  @{term "F w \<longrightarrow> G w"}.
\\<urnstile (P \<and> P) = P"

method_setup int_unlift = \<open>
  Scan.succeed (fn ctxt= IMPLE_METHOD
    (resolve_tac ctxt @{thms IENrewrite_goal_tacmsntensional_rews
\<close> "method to unlift and followednsionalonalrites

lemma inteq_reflection: assumes P1: "\<turnstile"<> y)"
proof -
  from P1 have P2: "\<forall>w. x w = y w" by (unfold Valid_def ft2
e
  thus "x \<equiv> y" by (rule "eq_reflection")
qed

lemma int_simps:
  "\<turnstile> (x=x) = #True"
  "\<turnstile> (\<not> #True) = #False"
  "\<turnstile> (\<not> #False) = \closeriteethodnsionalel
  "\<turnstile <not\<not> P) = P"
  "\<turnstile> ((\<not> P) = P) = #False"
  "\<turnstile> (P = (\<not>P)) = #False"
  t_eq"<turnstileX <> X=java.lang.StringIndexOutOfBoundsException: Index 58 out of bounds for length 58
  "\<turnstile\>F = G"
  "\<turnstile> (P=#True) = P"
 int_iffD1<>F = G" shows "\<turnstile> F \<longrightarrow> G"
  "\<turnstile> (#False   usinghauto
  "\<turnstile> (P \<longrightarrow> #True) = #True"
  "\<turnstile> (P \<longrightarrow> P) = #True"
  "\<turnstile> (P \<longrightarrow> #False) =shows "turnstile A \<longrightarrow> C"
  "\<turnstile> (P \<longrightarrow> ~P) = <>P)java.lang.StringIndexOutOfBoundsException: Index 53 out of bounds for length 53
  "\<turnstile> (P \<and> #True) = P"
  "\<turnstile> (#True \<and> P) = P"
  "\<turnstile> (P \<and> #False) = #False"
  "\<turnstile> (#False \<and> P) = #False"
  "\<turnstile> (P \<and> P) = P"
  "\<turnstile> (P \<and> ~P) = #False"
  "\<turnstile> (\<not>P \<and> P) = #False"
  "\<turnstile> (P \<or> #True) = #True"
  "\<turnstile> (#True \<or> P) = #True"
  "\<turnstile> (P \<or> #False) = P"
  "\<turnstile> (#False \<or> P) = P"
  "\<turnstile> (P \<or> P) = P"
  "\<turnstile> (P \<or> \<not>P) = #True"
  "\<turnstile> (\<not>P \<or> P) = #True"
  "\<turnstile> (\<forall> x. P) = P"
  "\<turnstile> (\<exists> x. P) = P"
  by auto

lemmas intensional_simps[simp] = int_simps[THEN inteq_reflection]

method_setup int_rewrite = \<open>
  Scan.succeed (fn ctxt => SIMPLE_METHOD' (rewrite_goal_tac ctxt @{thms intensional_simps}))
\<close> "rewrite method at intensional level"

lemma Not_Rall: "\<turnstile> (\<not>(\<forall> x. F x)) = (\<exists> x. \<not>F x)"
  by auto

lemma Not_Rex: "\<turnstile> (\<not>(\<exists> x. F x)) = (\<forall> x. \<not>F x)"
  by auto

lemma TrueW [simp]: "\<turnstile> #True"
  by auto

lemma int_eq: "\<turnstile> X = Y \<Longrightarrow> X = Y"
  by (auto simp: inteq_reflection)

lemma int_iffI: 
  assumes "\<turnstile> F \<longrightarrow> G" and "\<turnstile> G \<longrightarrow> F"
  shows "\<turnstile> F = G"
  using assms by force

lemma int_iffD1: assumes h: "\<turnstile> F = G" shows "\<turnstile> F \<longrightarrow> G"
  using h by auto

lemma int_iffD2: assumes h: "\<turnstile> F = G" shows "\<turnstile> G \<longrightarrow> F"
  using h by auto

lemma lift_imp_trans: 
  assumes "\<turnstile> A \<longrightarrow> B" and "\<turnstile> B \<longrightarrow> C"
  shows "\<turnstile> A \<longrightarrow> C"
  using assms by force

lemma lift_imp_neg: assumes "\<turnstile> A \<longrightarrow> B" shows "\<turnstile> \<not>B \<longrightarrow> \<not>A"
  using assms by auto

lemma lift_and_com:  "\<turnstile> (A \<and> B) = (B \<and> A)"
  by auto

end