Quelle  PropLog.thy

(*  Title:      HOL/Induct/PropLog.thy
    Author:     Tobias Nipkow
    Copyright   1994  TU Muenchen & University of Cambridge
*)

section ‹Meta-theory of propositional logic›

theory PropLog imports Main begin

text ‹
 Datatype definition of propositional logic formulae and inductive
 definition of the propositional tautologies.

 Inductive definition of propositional logic. Soundness and
 completeness w.r.t.\ truth-tables.

 Prove: If ‹H ⊨ p› then ‹G ⊨ p› where ‹G ∈
 Fin(H)›
 ›

subsection ‹The datatype of propositions›

datatype 'a pl =
    false 
  | var 'a (‹#_› [1000]) 
  | imp "'a pl" "'a pl" (infixr ‹⇀› 90)


subsection ‹The proof system›

inductive thms :: "['a pl set, 'a pl] ==> bool"  (infixl ‹⊨› 50)
  for H :: "'a pl set"
  where
    H: "p ∈ H ==> H ⊨ p"
  | K: "H ⊨ p⇀q⇀p"
  | S: "H ⊨ (p⇀q⇀r) ⇀ (p⇀q) ⇀ p⇀r"
  | DN: "H ⊨ ((p⇀false) ⇀ false) ⇀ p"
  | MP: "[H ⊨ p⇀q; H ⊨ p] ==> H ⊨ q"


subsection ‹The semantics›

subsubsection ‹Semantics of propositional logic.›

primrec eval :: "['a set, 'a pl] => bool"  (‹_[[_]]› [100,0] 100)
  where
    "tt[[false]] = False"
  | "tt[[#v]] = (v ∈ tt)"
  | eval_imp: "tt[[p⇀q]] = (tt[[p]] ⟶ tt[[q]])"

text ‹
 A finite set of hypotheses from ‹t› and the ‹Var›s in
 ‹p›.
 ›

primrec hyps :: "['a pl, 'a set] => 'a pl set"
  where
    "hyps false tt = {}"
  | "hyps (#v) tt = {if v ∈ tt then #v else #v⇀false}"
  | "hyps (p⇀q) tt = hyps p tt Un hyps q tt"


subsubsection ‹Logical consequence›

text ‹
 For every valuation, if all elements of ‹H› are true then so
 is ‹p›.
 ›

definition sat :: "['a pl set, 'a pl] => bool"  (infixl ‹⊨› 50)
  where "H ⊨ p = (∀tt. (∀q∈H. tt[[q]]) ⟶ tt[[p]])"


subsection ‹Proof theory of propositional logic›

lemma thms_mono: 
  assumes "G ⊆ H" shows "thms(G) ≤ thms(H)"
proof -
  have "G ⊨ p ==> H ⊨ p" for p
    by (induction rule: thms.induct) (use assms in ‹auto intro: thms.intros›)
  then show ?thesis
    by blast
qed

lemma thms_I: "H ⊨ p⇀p"
  ― ‹Called ‹I› for Identity Combinator, not for Introduction.›
  by (best intro: thms.K thms.S thms.MP)


subsubsection ‹Weakening, left and right›

lemma weaken_left: "[G ⊆ H; G⊨p] ==> H⊨p"
  ― ‹Order of premises is convenient with ‹THEN››
  by (meson predicate1D thms_mono)

lemma weaken_left_insert: "G ⊨ p ==> insert a G ⊨ p"
  by (meson subset_insertI weaken_left)

lemma weaken_left_Un1: "G ⊨ p ==> G ∪ B ⊨ p"
  by (rule weaken_left) (rule Un_upper1)

lemma weaken_left_Un2: "G ⊨ p ==> A ∪ G ⊨ p"
  by (metis Un_commute weaken_left_Un1)

lemma weaken_right: "H ⊨ q ==> H ⊨ p⇀q"
  using K MP by blast


subsubsection ‹The deduction theorem›

theorem deduction: "insert p H ⊨ q ==> H ⊨ p⇀q"
proof (induct set: thms)
  case (H p)
  then show ?case
    using thms.H thms_I weaken_right by fastforce 
qed (metis thms.simps)+


subsubsection ‹The cut rule›

lemma cut: "insert p H ⊨ q ==> H ⊨ p ==> H ⊨ q"
  using MP deduction by blast

lemma thms_falseE: "H ⊨ false ==> H ⊨ q"
  by (metis thms.simps)

lemma thms_notE: "H ⊨ p ⇀ false ==> H ⊨ p ==> H ⊨ q"
  using MP thms_falseE by blast


subsubsection ‹Soundness of the rules wrt truth-table semantics›

theorem soundness: "H ⊨ p ==> H ⊨ p"
  by (induct set: thms) (auto simp: sat_def)


subsection ‹Completeness›

subsubsection ‹Towards the completeness proof›

lemma false_imp: "H ⊨ p⇀false ==> H ⊨ p⇀q"
  by (metis thms.simps)

lemma imp_false:
  "[H ⊨ p; H ⊨ q⇀false] ==> H ⊨ (p⇀q)⇀false"
  by (meson MP S weaken_right)

lemma hyps_thms_if: "hyps p tt ⊨ (if tt[[p]] then p else p⇀false)"
  ― ‹Typical example of strengthening the induction statement.›
proof (induction p)
  case (imp p1 p2)
  then show ?case
    by (metis (full_types) eval_imp false_imp hyps.simps(3) imp_false weaken_left_Un1 weaken_left_Un2 weaken_right)

qed (simp_all add: thms_I thms.H)

lemma sat_thms_p: "{} ⊨ p ==> hyps p tt ⊨ p"
  ― ‹Key lemma for completeness; yields a set of assumptions
 satisfying ‹p››
  by (metis (full_types) empty_iff hyps_thms_if sat_def)

text ‹
 For proving certain theorems in our new propositional logic.
 ›

declare deduction [intro!]
declare thms.H [THEN thms.MP, intro]

text ‹
 The excluded middle in the form of an elimination rule.
 ›

lemma thms_excluded_middle: "H ⊨ (p⇀q) ⇀ ((p⇀false)⇀q) ⇀ q"
proof -
  have "insert ((p ⇀ false) ⇀ q) (insert (p ⇀ q) H) ⊨ (q ⇀ false) ⇀ false"
    by (best intro: H)
  then show ?thesis
    by (metis deduction thms.simps)
qed

lemma thms_excluded_middle_rule:
  "[insert p H ⊨ q; insert (p⇀false) H ⊨ q] ==> H ⊨ q"
  ― ‹Hard to prove directly because it requires cuts›
  by (rule thms_excluded_middle [THEN thms.MP, THEN thms.MP], auto)


subsection‹Completeness -- lemmas for reducing the set of assumptions›

text ‹
 For the case prop‹hyps p t - insert #v Y ⊨ p› we also have prop‹hyps p t - {#v} ⊆ hyps p (t-{v})›.
 ›

lemma hyps_Diff: "hyps p (t-{v}) ⊆ insert (#v⇀false) ((hyps p t)-{#v})"
  by (induct p) auto

text ‹
 For the case prop‹hyps p t - insert (#v ⇀ Fls) Y ⊨ p› we also have
 prop‹hyps p t-{#v⇀Fls} ⊆ hyps p (insert v t)›.
 ›

lemma hyps_insert: "hyps p (insert v t) ⊆ insert (#v) (hyps p t-{#v⇀false})"
  by (induct p) auto

text ‹Two lemmas for use with ‹weaken_left››

lemma insert_Diff_same: "B-C ⊆ insert a (B-insert a C)"
  by fast

lemma insert_Diff_subset2: "insert a (B-{c}) - D ⊆ insert a (B-insert c D)"
  by fast

text ‹
 The set term‹hyps p t› is finite, and elements have the form
 term‹#v› or term‹#v⇀Fls›.
 ›

lemma hyps_finite: "finite(hyps p t)"
  by (induct p) auto

lemma hyps_subset: "hyps p t ⊆ (UN v. {#v, #v⇀false})"
  by (induct p) auto

lemma Diff_weaken_left: "A ⊆ C ==> A - B ⊨ p ==> C - B ⊨ p"
  by (rule Diff_mono [OF _ subset_refl, THEN weaken_left])


subsubsection ‹Completeness theorem›

text ‹
 Induction on the finite set of assumptions term‹hyps p t0›. We
 may repeatedly subtract assumptions until none are left!
 ›

lemma completeness_0: 
  assumes "{} ⊨ p"
  shows "{} ⊨ p"
proof -
  { fix t t0
    have "hyps p t - hyps p t0 ⊨ p"
      using hyps_finite hyps_subset
    proof (induction arbitrary: t rule: finite_subset_induct)
      case empty
      then show ?case
        by (simp add: assms sat_thms_p)
    next
      case (insert q H)
      then consider v where "q = #v" | v where "q = #v ⇀ false"
        by blast
      then show ?case
      proof cases
        case 1
        then show ?thesis
          by (metis (no_types, lifting) insert.IH thms_excluded_middle_rule insert_Diff_same 
              insert_Diff_subset2 weaken_left Diff_weaken_left hyps_Diff)
      next
        case 2
        then show ?thesis
          by (metis (no_types, lifting) insert.IH thms_excluded_middle_rule insert_Diff_same 
              insert_Diff_subset2 weaken_left Diff_weaken_left hyps_insert)
      qed
    qed
  }
  then show ?thesis
    by (metis Diff_cancel)
qed

text‹A semantic analogue of the Deduction Theorem›
lemma sat_imp: "insert p H ⊨ q ==> H ⊨ p⇀q"
  by (auto simp: sat_def)

theorem completeness: "finite H ==> H ⊨ p ==> H ⊨ p"
proof (induction arbitrary: p rule: finite_induct)
  case empty
  then show ?case
    by (simp add: completeness_0)
next
  case insert
  then show ?case
    by (meson H MP insertI1 sat_imp weaken_left_insert)
qed

theorem syntax_iff_semantics: "finite H ==> (H ⊨ p) = (H ⊨ p)"
  by (blast intro: soundness completeness)

end