(*<*) theory Lecture9 imports Main LaTeXsugar OptionalSugar begin (*>*) section "Metatheory of Propositional Logic" text{* We formalize the meaning of propositional formulas and define a proof system. We prove completeness of the proof system via Kalmar's variable elimination method. The material in this section is based on several texts on Mathematical Logic~\cite{Bilaniuk:fk,Mendelson:1997lr} and Paulson's completeness proof in Isabelle/ZF~\cite{Paulson:1995fk}. *} subsection "Formulas and their meaning" datatype formula = Atom nat | Neg formula | Implies formula formula (infixl "\" 101) consts eval :: "(nat \ bool) \ formula \ bool" primrec "eval v (Atom a) = v a" "eval v (Neg \) = (\ (eval v \))" "eval v (\ \ \) = ((eval v \) \ eval v \)" constdefs tautology :: "formula \ bool" "tautology \ \ (\ v. eval v \)" satisfies :: "(nat \ bool) \ formula set \ bool" ("_ sats _" [80,80] 80) "v sats \ \ (\ \ \ \. eval v \)" satisfiable :: "formula set \ bool" "satisfiable \ \ (\ v. v sats \)" implies :: "formula set \ formula \ bool" ("_ \ _" [80,80] 80) "\ \ \ \ (\ v. v sats \ \ eval v \ = True)" subsection "Axioms and proofs" constdefs A1 :: "formula" "A1 \ Atom 0 \ (Atom 1 \ Atom 0)" A2 :: "formula" "A2 \ (((Atom 0) \ (Atom 1 \ Atom 2)) \ (((Atom 0) \ (Atom 1)) \ ((Atom 0) \ (Atom 2))))" A3 :: "formula" "A3 \ (((Neg (Atom 1)) \ (Neg (Atom 0))) \ (((Neg (Atom 1)) \ Atom 0) \ Atom 1))" Axioms :: "formula set" "Axioms \ { A1, A2, A3 }" declare A1_def[simp] A2_def[simp] A3_def[simp] Axioms_def[simp] lemma "tautology A1" by (simp add: tautology_def) lemma "tautology A2" by (simp add: tautology_def) lemma "tautology A3" by (simp add: tautology_def) consts subst :: "(nat \ formula) \ formula \ formula" primrec "subst S (Atom x) = (S x)" "subst S (Neg f) = Neg (subst S f)" "subst S (f1 \ f2) = (subst S f1) \ (subst S f2)" consts deduction :: "(formula set \ formula) set" syntax deduction :: "formula set \ formula \ bool" ("_ \ _" [100,100] 100) translations "\ \ \" == "(\,\) \ deduction" inductive deduction intros hyp: "\ \ \ \ \ \ \ \ \" ax: "\ \ Axioms \ \ \ subst S \" mp: "\ \ \ (\ \ \); \ \ \ \ \ \ \ \" constdefs emp :: "nat \ formula" "emp \ (\ x. (Atom x))" subsection "Basic properties of the proof system" lemma aa: "\ \ (\ \ \)" proof - let ?S0 = "((emp(0:=\))(1:=(\\\)))(2:=\)" let ?S1 = "(emp(0:=\))(1:=(\))" have p1: "\ \ subst ?S0 A2" apply (rule ax) by simp have p2: "\ \ subst ?S0 A1" apply (rule ax) by simp have p3: "\ \ ((\ \ (\ \ \)) \ (\ \ \))" using p1 p2 apply simp apply (rule mp) apply blast apply blast done have p4: "\ \ subst ?S1 A1" apply (rule ax) by simp show "\ \ (\ \ \)" using p3 p4 apply simp apply (rule mp) apply blast apply blast done qed lemma weakening[rule_format]: "\ \ \ \ (\ \. \ \ \ \ \ \ \)" apply (induct rule: deduction.induct) apply clarify using hyp apply blast using ax apply blast apply clarify apply (erule_tac x="\" in allE) apply (erule_tac x="\" in allE) apply clarify using mp apply blast done theorem soundness: assumes d: "\ \ \" shows "\ \ \" using d apply (induct rule: deduction.induct) apply (auto simp add: implies_def satisfies_def) done lemma ppp: assumes A: "\ \ \" shows "\ \ (\' \ \)" proof - let ?S = "(emp(0:=\))(1:=\')" have p1: "\ \ subst ?S A1" apply (rule ax) by simp from A have p2: "\ \ \" by (rule hyp) from p1 p2 show ?thesis apply simp apply (rule mp) apply blast apply simp done qed lemma deduction_impl: "\' \ \ \ (\ \ \. \' = insert \ \ \ \ \ (\ \ \))" apply (induct rule: deduction.induct) apply clarify apply (case_tac "\=\'") apply simp apply (rule aa) apply simp apply (rule ppp) apply simp apply clarify defer apply clarify apply (erule_tac x="\'" in allE) apply (erule_tac x="\" in allE) apply (erule_tac x="\'" in allE) apply (erule_tac x="\" in allE) apply simp proof - fix \ \ \' \ assume IH1: "\ \ (\' \ (\ \ \))" and IH2: "\ \ (\' \ \)" let ?S = "((emp(0:=\'))(1:=\))(2:=\)" have p1: "\ \ subst ?S A2" apply (rule ax) by simp from IH1 p1 have p2: "\ \ ((\' \ \) \ (\' \ \))" apply simp apply (rule mp) apply blast apply blast done from p2 IH2 show "\ \ (\' \ \)" by (rule mp) next fix S \ \ \' \ assume pa: "\ \ Axioms" from pa have A: "\ \ subst S \" by (rule ax) let ?S = "(emp(0:=subst S \))(1:=\')" have p1: "\ \ subst ?S A1" apply (rule ax) by simp from A p1 show "\ \ (\' \ subst S \)" apply simp apply (rule mp) apply blast apply simp done qed theorem deduction: "insert \ \ \ \ \ \ \ (\ \ \)" using deduction_impl by simp lemma cut_rule: assumes A: "\ \ \" and B: "insert \ \ \ \" shows "\ \ \" proof - from B have C: "\ \ (\ \ \)" by (rule deduction) from C A show ?thesis by (rule mp) qed lemma mphyp: assumes ppG: "\ \ \ \ \" and pG: "\ \ \" shows "\ \ \" proof - from pG have Gp: "\ \ \" by (rule hyp) from ppG have pp: "\ \ (\ \ \)" by (rule hyp) from pp Gp show "\ \ \" by (rule mp) qed lemma cor_1_10a: "{b\c,c\d} \ (b\d)" proof - let ?E = "{b\c,c\d}" have C: "insert b ?E \ c" apply (rule mphyp) apply blast apply blast done have CD: "insert b ?E \ c\d" apply (rule hyp) by blast from CD C have "insert b ?E \ d" by (rule mp) thus "?E \ (b\d)" by (rule deduction) qed lemma cor_1_10b: "{b\(c\d), c} \ (b\d)" proof - let ?E = "{b\(c\d), c}" have CD: "insert b ?E \ (c\d)" apply (rule mphyp) apply blast by blast have C: "insert b ?E \ c" apply (rule hyp) by simp from CD C have "insert b ?E \ d" by (rule mp) thus ?thesis by (rule deduction) qed lemma lem_1_11_a: "\ \ ((Neg (Neg \)) \ \)" proof - let ?S = "(emp(0:=Neg \))(1:=\)" have p1: "\ \ subst ?S A3" apply (rule ax) by simp have p2: "\ \ (Neg \ \ Neg \)" by (rule aa) have "{subst ?S A3, (Neg \ \ Neg \)} \ ((Neg \ \ Neg (Neg \)) \ \)" apply simp by (rule cor_1_10b) hence A: "(insert (subst ?S A3) (insert (Neg \ \ Neg \) \)) \ ((Neg \ \ Neg (Neg \)) \ \)" using weakening apply blast done obtain x where X: "x = (insert (Neg \ \ Neg \) \)" by simp from X A have B: "(insert (subst ?S A3) x) \ ((Neg \ \ Neg (Neg \)) \ \)" by simp from p1 X have p3: "x \ subst ?S A3" using weakening apply blast done from p3 B have "x \ ((Neg \ \ Neg (Neg \)) \ \)" by (rule cut_rule) with X have C: "insert (Neg \ \ Neg \) \ \ ((Neg \ \ Neg (Neg \)) \ \)" by simp let ?Y = "((Neg \ \ Neg (Neg \)) \ \)" from p2 C have D: "\ \ ?Y" by (rule cut_rule) let ?S1 = "(emp(0:=Neg (Neg \)))(1:=Neg \)" have E: "\ \ subst ?S1 A1" apply (rule ax) by simp let ?Z = "((Neg (Neg \)) \ \)" have F: "{subst ?S1 A1, ?Y} \ ?Z" apply simp by (rule cor_1_10a) obtain y where Y: "y = (insert ?Y \)" by simp from F Y have G: "insert (subst ?S1 A1) y \ ?Z" using weakening apply blast done from E Y have H: "y \ subst ?S1 A1" using weakening apply blast done from H G have "y \ ?Z" by (rule cut_rule) with Y have I: "insert ?Y \ \ ?Z" by simp from D I show "\ \ ?Z" by (rule cut_rule) qed lemma lem_1_11_b: "\ \ (\ \ (Neg (Neg \)))" proof - let ?S = "(emp(0:=\))(1:=(Neg (Neg \)))" have p1: "\ \ subst ?S A3" apply (rule ax) by simp have p2: "\ \ ((Neg (Neg (Neg \))) \ (Neg \))" by (rule lem_1_11_a) let ?P3 = "((Neg (Neg (Neg \))) \ \) \ Neg (Neg \)" from p1 p2 have p3: "\ \ ?P3" apply simp apply (rule mp) apply blast apply blast done let ?S1 = "(emp(0:=\))(1:=(Neg (Neg (Neg \))))" let ?P4 = "\\(Neg(Neg(Neg \))\\)" have "\ \ subst ?S1 A1" apply (rule ax) by simp hence p4: "insert ?P3 \ \ ?P4" apply simp using weakening by blast have "{?P4, ?P3} \ \ \ (Neg (Neg \))" by (rule cor_1_10a) hence "(insert ?P4 (insert ?P3 \)) \ \ \ (Neg (Neg \))" using weakening by blast with p4 have "(insert ?P3 \) \ \ \ (Neg (Neg \))" using cut_rule by blast with p3 show "\ \ \ \ (Neg (Neg \))" using cut_rule by blast qed lemma lem_1_11_c: "\ \ (Neg \ \ (\ \ \))" sorry lemma lem_1_11_d: "\ \ ((Neg \ \ Neg \) \ (\ \ \))" sorry lemma lem_1_11_e: "\ \ ((\ \ \) \ (Neg \ \ Neg \))" sorry lemma lem_1_11_f: "\ \ (\ \ (Neg \ \ Neg (\ \ \)))" sorry lemma lem_1_11_g: "\ \ ((\ \ \) \ ((Neg \ \ \) \ \))" sorry subsection "Completeness" consts hyps :: "nat set \ formula \ formula set" primrec "hyps T (Atom n) = (if n \ T then {Atom n} else {Neg (Atom n)})" "hyps T (Neg \) = hyps T \" "hyps T (\ \ \) = hyps T \ \ hyps T \" lemma hyps_finite: "finite (hyps T \)" apply (induct \) apply auto done lemma hyps_member: "\ T x. x \ hyps T \ \ (\ \. (x = Atom \ \ \ \ T) \ (x = Neg (Atom \) \ \ \ T))" apply (induct \) by auto lemma hyps_diff: "hyps (T-{\}) \ \ insert (Neg (Atom \)) ((hyps T \) - {Atom \})" apply (induct \) by auto lemma hyps_cons: "hyps (insert \ T) \ \ insert (Atom \) ((hyps T \)-{Neg (Atom \)})" by (induct_tac \) auto constdefs flip :: "(nat set) \ formula \ formula" "flip T \ \ (if eval (\ x. x \ T) \ then \ else Neg \)" lemma "eval (\ x. x \ T) (flip T \)" by (simp add: flip_def) lemma kalmar[rule_format]: "\ \. size \ = n \ hyps v \ \ flip v \" apply (induct rule: nat_less_induct) apply clarify proof - fix n and \::formula assume IH: "\ m. \ \. size \ = m \ hyps v \ \ flip v \" show "hyps v \ \ flip v \" proof (cases \) fix \ assume p: "\ = Atom \" thus ?thesis apply (simp add: flip_def) using hyp by blast next fix \ assume p: "\ = Neg \" show ?thesis proof (cases "eval (\ x. x \ v) \") assume ev: "eval (\ x. x \ v) \" from ev have evnp: "\ (eval (\ x. x \ v) (Neg \))" by simp from ev have fp: "flip v \ = \" by (simp add: flip_def) from evnp p have fnp: "flip v \ = Neg \" by (simp add: flip_def) from p have "size \ < size \" by simp with IH have "hyps v \ \ flip v \" by blast with fp have A: "hyps v \ \ \" by simp have B: "hyps v \ \ \ \ (Neg (Neg \))" by (rule lem_1_11_b) from B A have "hyps v \ \ Neg (Neg \)" by (rule mp) with fnp p show ?thesis by simp next assume ev: "\ eval (\ x. x \ v) \" from ev p have evp: "eval (\ x. x \ v) \" by simp hence fp: "flip v \ = \" by (simp add: flip_def) from ev have fps: "flip v \ = Neg \" by (simp add: flip_def) from p have "size \ < size \" by simp with IH have "hyps v \ \ flip v \" by blast with fps p fp show ?thesis by simp qed next fix \1 \2 assume p: "\ = \1 \ \2" from p have s1: "size \1 < size \" by simp from s1 IH have IH1: "hyps v \1 \ flip v \1" by blast from p have s2: "size \2 < size \" by simp from s2 IH have IH2: "hyps v \2 \ flip v \2" by blast show ?thesis proof (cases "eval (\ x. x \ v) \1") assume ev1: "eval (\ x. x \ v) \1" from ev1 have f1: "flip v \1 = \1" by (simp add: flip_def) show ?thesis proof (cases "eval (\ x. x \ v) \2") assume ev2: "eval (\ x. x \ v) \2" from ev2 have f2: "flip v \2 = \2" by (simp add: flip_def) from p ev2 have fp: "flip v \ = \" by (simp add: flip_def) from f2 IH2 have ps2: "hyps v \2 \ \2" by simp let ?S = "(emp(0:=\2))(1:=\1)" have "hyps v \2 \ subst ?S A1" apply (rule ax) by simp with ps2 p have X: "hyps v \2 \ \" apply simp apply (rule mp) apply blast apply blast done from p have "hyps v \2 \ hyps v \" apply simp by blast with X have "hyps v \ \ \" by (rule weakening) with fp show ?thesis by simp next assume ev2: "\ eval (\ x. x \ v) \2" hence fp2: "flip v \2 = Neg \2" by (simp add: flip_def) from p ev2 have "\ eval (\ x. x \ v) \" by simp hence fp: "flip v \ = Neg \" by (simp add: flip_def) from p have p1p: "hyps v \1 \ hyps v \" apply simp by blast from IH1 f1 have p1p1: "hyps v \1 \ \1" by simp from p1p1 p1p have p1: "hyps v \ \ \1" by (rule weakening) from p have p2p: "hyps v \2 \ hyps v \" apply simp by blast from IH2 fp2 have p2p2: "hyps v \2 \ Neg \2" by simp from p2p2 p2p have p2: "hyps v \ \ Neg \2" by (rule weakening) have "hyps v \ \ (\1 \ (Neg \2 \ Neg (\1 \ \2)))" by (rule lem_1_11_f) with p1 have "hyps v \ \ Neg \2 \ Neg (\1 \ \2)" using mp by blast with p2 have "hyps v \ \ Neg (\1 \ \2)" using mp by blast with fp p show ?thesis by simp qed next assume ev1: "\ eval (\ x. x \ v) \1" with p have ep: "eval (\ x. x \ v) \" by simp from ev1 have f1: "flip v \1 = Neg \1" by (simp add: flip_def) from ep have fp: "flip v \ = \" by (simp add: flip_def) from f1 IH1 have ps1: "hyps v \1 \ Neg \1" by simp have p12: "hyps v \1 \ (Neg \1 \ (\1 \ \2))" by (rule lem_1_11_c) from p12 ps1 have "hyps v \1 \ \1 \ \2" by (rule mp) with p have X: "hyps v \1 \ \" by simp from p have Y: "hyps v \1 \ hyps v \" apply simp by blast from Y X fp show ?thesis apply simp apply (rule weakening) apply blast by blast qed qed qed lemma excluded_middle: assumes pp: "insert \ \ \ \" and npp: "insert (Neg \) \ \ \" shows "\ \ \" proof - from pp have a: "\ \ \ \ \" by (rule deduction) from npp have b: "\ \ Neg \ \ \" by (rule deduction) have c: "\ \ (\\\) \ ((Neg \ \ \) \ \)" by (rule lem_1_11_g) from c a have d: "\ \ ((Neg \ \ \) \ \)" by (rule mp) from d b show "\ \ \" by (rule mp) qed lemma variable_elimination: "finite H \ (\ \. tautology \ \ H \ hyps T0 \ \ (\ T. (hyps T \ - H) \ \))" apply (induct rule: finite_induct) apply clarify defer apply clarify defer proof - fix \ T assume taut: "tautology \" have "hyps T \ \ flip T \" apply (rule kalmar) by simp with taut show "(hyps T \ - {}) \ \" by (simp add: flip_def tautology_def) next fix x H \ T assume IH: "\\. tautology \ \ H \ hyps T0 \ \ (\ T. (hyps T \ - H) \ \)" and taut: "tautology \" and xfh: "insert x H \ hyps T0 \" from xfh obtain \ where X: "(x = Atom \ \ \ \ T0) \ (x = Neg (Atom \) \ \ \ T0)" using hyps_member by blast moreover { assume X: "x = Atom \ \ \ \ T0" have "(hyps T \ - insert (Atom \) H) \ \" proof (rule excluded_middle[of "Atom \"]) from taut xfh IH have a: "(hyps T \ - H) \ \" by blast have b: "hyps T \ - H \ insert (Atom \) (hyps T \ - insert (Atom \) H)" by blast from a b show "insert (Atom \) (hyps T \ - insert (Atom \) H) \ \" using weakening by blast next from taut xfh IH have a: "(hyps (T-{\}) \ - H) \ \" by blast have "hyps (T-{\}) \ \ insert (Neg (Atom \)) ((hyps T \) - {Atom \})" by (rule hyps_diff) with X have b: "(hyps (T-{\}) \) - H \ insert (Neg (Atom \)) (hyps T \ - insert (Atom \) H)" by blast from a b show "insert (Neg (Atom \)) (hyps T \ - insert (Atom \) H) \ \" using weakening by blast qed } moreover { assume X: "x = Neg (Atom \) \ \ \ T0" have "(hyps T \ - insert (Neg (Atom \)) H) \ \" proof (rule excluded_middle[of "Atom \"]) from taut xfh IH have a: "(hyps (insert \ T) \ - H) \ \" by blast have b: "hyps (insert \ T) \ \ insert (Atom \) (hyps T \ - {Neg (Atom \)})" by (rule hyps_cons) from b have c: "hyps (insert \ T) \ - H \ insert (Atom \) (hyps T \ - insert (Neg (Atom \)) H)" by blast from a c show "insert (Atom \) (hyps T \ - insert (Neg (Atom \)) H) \ \" using weakening by blast next from taut xfh IH have a: "(hyps T \ - H) \ \" by blast have b: "hyps T \ - H \ insert (Neg (Atom \)) (hyps T \ - insert (Neg (Atom \)) H)" by blast from a b show "insert (Neg (Atom \)) (hyps T \ - (insert (Neg (Atom \)) H)) \ \" using weakening by blast qed } ultimately show "(hyps T \ - insert x H) \ \" by blast qed theorem completeness: assumes taut: "tautology \" shows "{} \ \" proof - have "finite (hyps T \)" by (rule hyps_finite) with taut have "(hyps T \ - hyps T \) \ \" using variable_elimination by blast thus ?thesis by simp qed (*<*) end (*>*)