(* (C) Copyright Andreas Viktor Hess, DTU, 2015-2018 All Rights Reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. *) (* Title: InfiniteChains.thy Author: Andreas Viktor Hess, DTU *) section {* Theory: Lemmas for infinite chains *} theory InfiniteChains imports Main begin subsection {* The reachable states from a given start state, as a subset of the original relation *} abbreviation successors where "successors r x \ {(x,y) | y. (x,y) \ r}" inductive_set reachable for r::"('a \ 'a) set" and x::'a where Base[simp]: "(x,a) \ r \ (x,a) \ reachable r x" | Step[simp]: "\(a,b) \ reachable r x; (b,c) \ r\ \ (b,c) \ reachable r x" lemma successors_subset: "successors r x \ reachable r x" by auto lemma reachableD[dest]: "(a,b) \ reachable r x \ a = x \ (x,a) \ r\<^sup>+" by (induct a b rule: reachable.induct) (meson reachable.cases trancl.simps)+ lemma reachableD'[dest]: "(a,b) \ reachable r x \ (x,b) \ r\<^sup>+" by (induct a b rule: reachable.induct) (meson reachable.simps trancl.simps)+ lemma reachableI[intro]: "\(x,a) \ r\<^sup>+; (a,b) \ r\ \ (a,b) \ reachable r x" proof (induction arbitrary: b rule: trancl_induct) case (base y) thus ?case by (metis Step[OF Base[OF base.hyps] base.prems]) next case (step y z) hence "(y, z) \ reachable r x" by blast thus ?case using Step[OF _ step.prems] by metis qed lemma reachable_empty[simp]: "reachable {} x = {}" proof (rule ccontr) assume "reachable {} x \ {}" then obtain y z where "(y,z) \ reachable {} x" by auto thus False by (induct rule: reachable.induct) auto qed lemma reachable_infinite: "infinite {(x,a) \ r | a} \ infinite (reachable r x)" by simp lemma reachable_subset: "reachable r x \ r" proof fix y assume *: "y \ reachable r x" then obtain a b where y: "y = (a,b)" by (metis surj_pair) hence "(a,b) \ reachable r x" by (metis *) hence "(a,b) \ r" by (induct rule: reachable.induct) auto thus "y \ r" by (metis y) qed lemma reachable_finite: "finite r \ finite (reachable r x)" using finite_subset reachable_subset by metis lemma reachable_unfold: "reachable r x = {(x,a) | a. (x,a) \ r} \ {(a,b) \ r. (x,a) \ r\<^sup>+}" (is "reachable r x = ?S") proof { fix x1 x2 assume "(x1,x2) \ reachable r x" hence "(x1,x2) \ ?S" by (induct rule: reachable.induct) auto } thus "reachable r x \ ?S" by auto show "?S \ reachable r x" by auto qed lemma reachableD''[dest]: "y \ reachable r x \ y \ {(x,a) | a. (x,a) \ r} \ {(a,b) \ r. (x,a) \ r\<^sup>+}" by (metis reachable_unfold) lemma reachable_unfold': "reachable r x = \{insert (x,a) (reachable r a) | a. (x,a) \ r}" (is "?A = ?B") proof { fix a b assume "(a,b) \ ?A" hence "(a,b) \ ?B" proof (induction a b rule: reachable.induct) case (Step a b c) then obtain d where d: "(a,b) \ insert (x,d) (reachable r d)" "(x,d) \ r" by moura hence "(a = x \ b = d) \ (a,b) \ reachable r d" by auto moreover { assume "a = x" "b = d" hence ?case using reachable.Base[OF Step.hyps(2)] d(2) by auto } moreover { assume "(a,b) \ reachable r d" hence ?case using reachable.Step[OF _ Step.hyps(2)] d(2) by auto } ultimately show ?case by auto qed auto } thus "?A \ ?B" by auto { fix a b assume "(a,b) \ ?B" then obtain d where d: "(a,b) \ insert (x,d) (reachable r d)" "(x,d) \ r" by moura hence "(a,b) \ ?A" by force } thus "?B \ ?A" by auto qed lemma reachable_trancl[intro]: "(x,y) \ r\<^sup>+ \ (x,y) \ (reachable r x)\<^sup>+" proof (induction rule: trancl_induct) case (step y z) thus ?case by (meson reachable.Step trancl.simps) qed auto lemma reachable_trancl': "(x,y) \ (reachable r x)\<^sup>+ \ (x,y) \ r\<^sup>+" proof (induction rule: trancl_induct) case (base y) thus ?case using reachable_subset by fastforce next case (step y z) thus ?case by (metis reachable.cases trancl_into_trancl) qed lemma reachable_rooted: "\(a,b) \ reachable r x. (x,a) \ (reachable r x)\<^sup>+ \ a = x" proof - { fix a b assume "(a,b) \ reachable r x" hence "(x,a) \ (reachable r x)\<^sup>+ \ a = x" proof (cases "a = x") case False hence "(a,b) \ {(c,d) \ r. (x,c) \ r\<^sup>+}" using \(a, b) \ reachable r x\ reachable_unfold[of r x] by auto hence "(x,a) \ r\<^sup>+" "(a,b) \ r" by auto moreover { fix y assume "(x,y) \ r\<^sup>+" hence "(x,y) \ (reachable r x)\<^sup>+" by (induct rule: trancl_induct, auto) } hence "successors (r\<^sup>+) x \ (reachable r x)\<^sup>+" by auto ultimately show ?thesis by blast qed metis } thus ?thesis by auto qed subsection {* Proving the existence of infinite paths in relations as mappings from naturals to states *} fun rel_chain_fun::"nat \ 'a \ 'a \ ('a \ 'a) set \ 'a" where "rel_chain_fun 0 x _ _ = x" | "rel_chain_fun (Suc i) x y r = (if i = 0 then y else SOME z. (rel_chain_fun i x y r, z) \ r)" lemma infinite_chain_intro: fixes r::"('a \ 'a) set" assumes "\(a,b) \ r. \c. (b,c) \ r" "r \ {}" shows "\f. \i::nat. (f i, f (Suc i)) \ r" proof - from assms(2) obtain a b where "(a,b) \ r" by auto let ?P = "\i. (rel_chain_fun i a b r, rel_chain_fun (Suc i) a b r) \ r" let ?Q = "\i. \z. (rel_chain_fun i a b r, z) \ r" have base: "?P 0" using \(a,b) \ r\ by auto { fix i assume *: "?P i" hence "?Q (Suc i)" using assms(1) by auto have "?P (Suc i)" using someI_ex[OF \?Q (Suc i)\] by auto } hence step: "\i. ?P i \ ?P (Suc i)" by metis have "\i::nat. (rel_chain_fun i a b r, rel_chain_fun (Suc i) a b r) \ r" using base step nat_induct[of ?P] by simp thus ?thesis by fastforce qed lemma infinite_chain_intro': fixes r::"('a \ 'a) set" assumes base: "\b. (x,b) \ r" and step: "\b. (x,b) \ r\<^sup>+ \ (\c. (b,c) \ r)" shows "\f. \i::nat. (f i, f (Suc i)) \ r" proof - let ?s = "{(a,b) \ r. a = x \ (x,a) \ r\<^sup>+}" have "?s \ {}" using base by auto { fix a b assume "(a,b) \ ?s" "a = x" hence "\c. (b,c) \ ?s" using step by auto } moreover { fix a b assume "(a,b) \ ?s" "a \ x" hence "(x,a) \ r\<^sup>+" by auto hence "(x,b) \ r\<^sup>+" using \(a,b) \ ?s\ by auto hence "\c. (b,c) \ r" using step by auto hence "\c. (b,c) \ ?s" using \(x,b) \ r\<^sup>+\ by auto } ultimately have "\(a,b) \ ?s. \c. (b,c) \ ?s" by blast hence "\f. \i. (f i, f (Suc i)) \ ?s" using infinite_chain_intro[of ?s] \?s \ {}\ by blast thus ?thesis by auto qed lemma infinite_chain_mono: assumes "S \ T" "\f. \i::nat. (f i, f (Suc i)) \ S" shows "\f. \i::nat. (f i, f (Suc i)) \ T" using assms by auto end