(* ========================================================================= *)
(* HOL basics *)
(* ========================================================================= *)
ARITH_RULE
`(a * x + b * y + a * y) EXP 3 + (b * x) EXP 3 +
(a * x + b * y + b * x) EXP 3 + (a * y) EXP 3 =
(a * x + a * y + b * x) EXP 3 + (b * y) EXP 3 +
(a * y + b * y + b * x) EXP 3 + (a * x) EXP 3`;;
(* ========================================================================= *)
(* Propositional logic *)
(* ========================================================================= *)
TAUT
`(~input_a ==> (internal <=> T)) /\
(~input_b ==> (output <=> internal)) /\
(input_a ==> (output <=> F)) /\
(input_b ==> (output <=> F))
==> (output <=> ~(input_a \/ input_b))`;;
TAUT
`(i1 /\ i2 <=> a) /\
(i1 /\ i3 <=> b) /\
(i2 /\ i3 <=> c) /\
(i1 /\ c <=> d) /\
(m /\ r <=> e) /\
(m /\ w <=> f) /\
(n /\ w <=> g) /\
(p /\ w <=> h) /\
(q /\ w <=> i) /\
(s /\ x <=> j) /\
(t /\ x <=> k) /\
(v /\ x <=> l) /\
(i1 \/ i2 <=> m) /\
(i1 \/ i3 <=> n) /\
(i1 \/ q <=> p) /\
(i2 \/ i3 <=> q) /\
(i3 \/ a <=> r) /\
(a \/ w <=> s) /\
(b \/ w <=> t) /\
(d \/ h <=> u) /\
(c \/ w <=> v) /\
(~e <=> w) /\
(~u <=> x) /\
(i \/ l <=> o1) /\
(g \/ k <=> o2) /\
(f \/ j <=> o3)
==> (o1 <=> ~i1) /\ (o2 <=> ~i2) /\ (o3 <=> ~i3)`;;
(* ========================================================================= *)
(* Abstractions and quantifiers *)
(* ========================================================================= *)
MESON[]
`((?x. !y. P(x) <=> P(y)) <=> ((?x. Q(x)) <=> (!y. Q(y)))) <=>
((?x. !y. Q(x) <=> Q(y)) <=> ((?x. P(x)) <=> (!y. P(y))))`;;
MESON[]
`(!x y z. P x y /\ P y z ==> P x z) /\
(!x y z. Q x y /\ Q y z ==> Q x z) /\
(!x y. P x y ==> P y x) /\
(!x y. P x y \/ Q x y)
==> (!x y. P x y) \/ (!x y. Q x y)`;;
let ewd1062 = MESON[]
`(!x. x <= x) /\
(!x y z. x <= y /\ y <= z ==> x <= z) /\
(!x y. f(x) <= y <=> x <= g(y))
==> (!x y. x <= y ==> f(x) <= f(y)) /\
(!x y. x <= y ==> g(x) <= g(y))`;;
let ewd1062 = MESON[]
`(!x. R x x) /\
(!x y z. R x y /\ R y z ==> R x z) /\
(!x y. R (f x) y <=> R x (g y))
==> (!x y. R x y ==> R (f x) (f y)) /\
(!x y. R x y ==> R (g x) (g y))`;;
MESON[] `(?!x. g(f x) = x) <=> (?!y. f(g y) = y)`;;
MESON [ADD_ASSOC; ADD_SYM] `m + (n + p) = n + (m + p)`;;
(* ========================================================================= *)
(* Tactics and tacticals *)
(* ========================================================================= *)
g `2 <= n /\ n <= 2 ==> f(2,2) + n < f(n,n) + 7`;;
e DISCH_TAC;;
b();;
e(CONV_TAC(REWRITE_CONV[LE_ANTISYM]));;
e(SIMP_TAC[]);;
e(ONCE_REWRITE_TAC[EQ_SYM_EQ]);;
e DISCH_TAC;;
e(ASM_REWRITE_TAC[]);;
e(CONV_TAC ARITH_RULE);;
let trivial = top_thm();;
g `2 <= n /\ n <= 2 ==> f(2,2) + n < f(n,n) + 7`;;
e(CONV_TAC(REWRITE_CONV[LE_ANTISYM]));;
e(SIMP_TAC[]);;
e(ONCE_REWRITE_TAC[EQ_SYM_EQ]);;
e DISCH_TAC;;
e(ASM_REWRITE_TAC[]);;
e(CONV_TAC ARITH_RULE);;
let trivial = top_thm();;
g `2 <= n /\ n <= 2 ==> f(2,2) + n < f(n,n) + 7`;;
e(CONV_TAC(REWRITE_CONV[LE_ANTISYM]) THEN
SIMP_TAC[] THEN ONCE_REWRITE_TAC[EQ_SYM_EQ] THEN
DISCH_TAC THEN ASM_REWRITE_TAC[] THEN CONV_TAC ARITH_RULE);;
let trivial = top_thm();;
let trivial = prove
(`2 <= n /\ n <= 2 ==> f(2,2) + n < f(n,n) + 7`,
CONV_TAC(REWRITE_CONV[
LE_ANTISYM]) THEN
SIMP_TAC[] THEN ONCE_REWRITE_TAC[
EQ_SYM_EQ] THEN
DISCH_TAC THEN ASM_REWRITE_TAC[] THEN CONV_TAC ARITH_RULE);;
let trivial = prove
(`!x y:real. &0 < x * y ==> (&0 < x <=> &0 < y)`,
REPEAT GEN_TAC THEN MP_TAC(SPECL [`--x`; `y:real`]
REAL_LE_MUL) THEN
MP_TAC(SPECL [`x:real`; `--y`]
REAL_LE_MUL) THEN REAL_ARITH_TAC);;
let move = new_definition
`move ((ax,ay),(bx,by),(cx,cy)) ((ax',ay'),(bx',by'),(cx',cy')) <=>
(?a. ax' = ax + a * (cx - bx) /\ ay' = ay + a * (cy - by) /\
bx' = bx /\ by' = by /\ cx' = cx /\ cy' = cy) \/
(?b. bx' = bx + b * (ax - cx) /\ by' = by + b * (ay - cy) /\
ax' = ax /\ ay' = ay /\ cx' = cx /\ cy' = cy) \/
(?c. ax' = ax /\ ay' = ay /\ bx' = bx /\ by' = by /\
cx' = cx + c * (bx - ax) /\ cy' = cy + c * (by - ay))`;;let IMPOSSIBILITY_B = prove
(`~(
reachable ((&0,&0),(&3,&0),(&0,&3)) ((&1,&2),(&2,&5),(-- &2,&3)) \/
reachable ((&0,&0),(&3,&0),(&0,&3)) ((&1,&2),(-- &2,&3),(&2,&5)) \/
reachable ((&0,&0),(&3,&0),(&0,&3)) ((&2,&5),(&1,&2),(-- &2,&3)) \/
reachable ((&0,&0),(&3,&0),(&0,&3)) ((&2,&5),(-- &2,&3),(&1,&2)) \/
reachable ((&0,&0),(&3,&0),(&0,&3)) ((-- &2,&3),(&1,&2),(&2,&5)) \/
reachable ((&0,&0),(&3,&0),(&0,&3)) ((-- &2,&3),(&2,&5),(&1,&2)))`,
let trans = new_definition
`trans (x,y,pc1,pc2,sem) (x',y',pc1',pc2',sem') <=>
pc1 = 10 /\ sem > 0 /\ pc1' = 20 /\ sem' = sem - 1 /\
(x',y',pc2') = (x,y,pc2) \/
pc2 = 10 /\ sem > 0 /\ pc2' = 20 /\ sem' = sem - 1 /\
(x',y',pc1') = (x,y,pc1) \/
pc1 = 20 /\ pc1' = 30 /\ x' = x + 1 /\
(y',pc2',sem') = (y,pc2,sem) \/
pc2 = 20 /\ pc2' = 30 /\ y' = y + 1 /\ x' = x /\
pc1' = pc1 /\ sem' = sem \/
pc1 = 30 /\ pc1' = 10 /\ sem' = sem + 1 /\
(x',y',pc2') = (x,y,pc2) \/
pc2 = 30 /\ pc2' = 10 /\ sem' = sem + 1 /\
(x',y',pc1') = (x,y,pc1)`;;let INDUCTIVE_INVARIANT = prove
(`!init invariant transition P.
(!s. init s ==> invariant s) /\
(!s s'. invariant s /\ transition s s' ==> invariant s') /\
(!s. invariant s ==> P s)
==> !s s':A. init s /\
RTC transition s s' ==> P s'`,
REPEAT GEN_TAC THEN MP_TAC(ISPECL
[`transition:A->A->bool`;
`\s s':A. invariant s ==> invariant s'`]
RTC_INDUCT) THEN
MESON_TAC[]);;
let NSQRT_2 = prove
(`!p q. p * p = 2 * q * q ==> q = 0`,
MATCH_MP_TAC
num_WF THEN REWRITE_TAC[
RIGHT_IMP_FORALL_THM] THEN
REPEAT STRIP_TAC THEN FIRST_ASSUM(MP_TAC o AP_TERM `
EVEN`) THEN
REWRITE_TAC[
EVEN_MULT; ARITH] THEN REWRITE_TAC[
EVEN_EXISTS] THEN
DISCH_THEN(X_CHOOSE_THEN `m:num` SUBST_ALL_TAC) THEN
FIRST_X_ASSUM(MP_TAC o SPECL [`q:num`; `m:num`]) THEN
ASM_REWRITE_TAC[ARITH_RULE
`q < 2 * m ==> q * q = 2 * m * m ==> m = 0 <=>
(2 * m) * 2 * m = 2 * q * q ==> 2 * m <= q`] THEN
ASM_MESON_TAC[
LE_MULT2;
MULT_EQ_0; ARITH_RULE `2 * x <= x <=> x = 0`]);;
let NSQRT_2 = prove
(`!p q. p * p = 2 * q * q ==> q = 0`,
suffices_to_prove
`!p. (!m. m < p ==> (!q. m * m = 2 * q * q ==> q = 0))
==> (!q. p * p = 2 * q * q ==> q = 0)`
(MATCH_ACCEPT_TAC
num_WF) THEN
fix [`p:num`] THEN
assume("A") `!m. m < p ==> !q. m * m = 2 * q * q ==> q = 0` THEN
fix [`q:num`] THEN
assume("B") `p * p = 2 * q * q` THEN
so have `
EVEN(p * p) <=>
EVEN(2 * q * q)` (trivial) THEN
so have `
EVEN(p)` (using [ARITH;
EVEN_MULT] trivial) THEN
so consider (`m:num`,"C",`p = 2 * m`) (using [
EVEN_EXISTS] trivial) THEN
cases ("D",`q < p \/ p <= q`) (arithmetic) THENL
[so have `q * q = 2 * m * m ==> m = 0` (by ["A"] trivial) THEN
so we're finished (by ["B";
let fib = define
`fib n = if n = 0 \/ n = 1 then 1 else fib(n - 1) + fib(n - 2)`;;
let fib2 = define
`(fib2 0 = 1) /\
(fib2 1 = 1) /\
(fib2 (n + 2) = fib2(n) + fib2(n + 1))`;;
let fusc_def = define
`(fusc (2 * n) = if n = 0 then 0 else fusc(n)) /\
(fusc (2 * n + 1) = if n = 0 then 1 else fusc(n) + fusc(n + 1))`;;
let fusc = prove
(`fusc 0 = 0 /\
fusc 1 = 1 /\
fusc (2 * n) = fusc(n) /\
fusc (2 * n + 1) = fusc(n) + fusc(n + 1)`,
REWRITE_TAC[
fusc_def] THEN COND_CASES_TAC THEN ASM_REWRITE_TAC[] THEN
MP_TAC(INST [`0`,`n:num`]
fusc_def) THEN ARITH_TAC);;
let binom = define
`(!n. binom(n,0) = 1) /\
(!k. binom(0,SUC(k)) = 0) /\
(!n k. binom(SUC(n),SUC(k)) = binom(n,SUC(k)) + binom(n,k))`;;
let BINOM_LT = prove
(`!n k. n < k ==> (binom(n,k) = 0)`,
INDUCT_TAC THEN INDUCT_TAC THEN REWRITE_TAC[binom; ARITH;
LT_SUC;
LT] THEN
ASM_SIMP_TAC[ARITH_RULE `n < k ==> n < SUC(k)`; ARITH]);;
let CANTOR_LEMMA_LEMMA = prove
(`x + y < x' + y' ==> cantor(x,y) < cantor(x',y')`,
REWRITE_TAC[ARITH_RULE `x + y < z <=> x + y + 1 <= z`] THEN DISCH_TAC THEN
REWRITE_TAC[cantor; ARITH_RULE `3 * x + y = (x + y) + 2 * x`] THEN
MATCH_MP_TAC(ARITH_RULE `x + 2 <= y ==> x DIV 2 < y DIV 2`) THEN
MATCH_MP_TAC
LE_TRANS THEN EXISTS_TAC `(x + y + 1)
EXP 2 + (x + y + 1)` THEN
CONJ_TAC THENL [ARITH_TAC; ALL_TAC] THEN
MATCH_MP_TAC(ARITH_RULE `a:num <= b /\ c <= d ==> a + c <= b + d + e`) THEN
ASM_SIMP_TAC[
EXP_2;
LE_MULT2]);;
let CANTOR_INJ = prove
(`!w z. cantor w = cantor z ==> w = z`,
REWRITE_TAC[
FORALL_PAIR_THM;
PAIR_EQ] THEN REPEAT GEN_TAC THEN
DISCH_THEN(fun th -> MP_TAC th THEN ASSUME_TAC(MATCH_MP
CANTOR_LEMMA th)) THEN
ASM_REWRITE_TAC[cantor; ARITH_RULE `3 * x + y = (x + y) + 2 * x`] THEN
REWRITE_TAC[ARITH_RULE `(a + b + 2 * x) DIV 2 = (a + b) DIV 2 + x`] THEN
POP_ASSUM MP_TAC THEN ARITH_TAC);;
let ON = new_definition
(mk_eq(`((ON):point->line->bool) p l`,
list_mk_disj(map fano_clause fano_incidence)));;let ON_CLAUSES = prove
(list_mk_conj(allpairs
(fun i j -> mk_eq(mk_comb(mk_comb(`(ON)`,fano_point i),fano_line j),
if mem (i,j) fano_incidence then `T` else `F`))
(1--7) (1--7)),
REWRITE_TAC[ON; distinctness "line";let FORALL_POINT = prove
(`(!p. P p) <=> P Point_1 /\ P Point_2 /\ P Point_3 /\ P Point_4 /\
P Point_5 /\ P Point_6 /\ P Point_7`,
EQ_TAC THENL [SIMP_TAC[]; REWRITE_TAC[point_INDUCT]]);;
let FORALL_LINE = prove
(`(!p. P p) <=> P Line_1 /\ P Line_2 /\ P Line_3 /\ P Line_4 /\
P Line_5 /\ P Line_6 /\ P Line_7`,
EQ_TAC THENL [SIMP_TAC[]; REWRITE_TAC[line_INDUCT]]);;
let EXISTS_POINT = prove
(`(?p. P p) <=> P Point_1 \/ P Point_2 \/ P Point_3 \/ P Point_4 \/
P Point_5 \/ P Point_6 \/ P Point_7`,
let EXISTS_LINE = prove
(`(?p. P p) <=> P Line_1 \/ P Line_2 \/ P Line_3 \/ P Line_4 \/
P Line_5 \/ P Line_6 \/ P Line_7`,
let value = define
`(value (Literal n) s = n) /\
(value (Variable x) s = s(x)) /\
(value (e1 + e2) s = value e1 s + value e2 s) /\
(value (e1 * e2) s = value e1 s * value e2 s)`;;
let WP_SEQ = prove
(`!c1 c2 q. wp (c1 ;; c2) = wp c1 o wp c2`,
REWRITE_TAC[wp; wlp; terminates;
FUN_EQ_THM;
o_THM] THEN REPEAT GEN_TAC THEN
GEN_REWRITE_TAC (LAND_CONV o ONCE_DEPTH_CONV) [
sem_CASES] THEN
REWRITE_TAC[injectivity "command";
let CORRECT_SEQ = prove
(`!p q r c1 c2.
correct p c1 r /\ correct r c2 q ==> correct p (c1 ;; c2) q`,
let if_def = new_definition
`If e (c:(S->bool)->(S->bool)) q = {s | if e s then c q s else q s}`;;let ite_def = new_definition
`Ite e (c1:(S->bool)->(S->bool)) c2 q =
{s | if e s then c1 q s else c2 q s}`;;let while_def = new_definition
`While e c q =
{s | !w. (!s:S. (if e(s) then c w s else q s) ==> w s) ==> w s}`;;let MONOTONIC_SEQ = prove
(`monotonic c1 /\ monotonic c2 ==> monotonic (c1 ;; c2)`,
REWRITE_TAC[monotonic; sequence;
o_THM] THEN SET_TAC[]);;
let WHILE_THM = prove
(`!e c q:S->bool.
monotonic c
==> (!s. If e (c ;; While e c) q s ==> While e c q s) /\
(!w'. (!s. If e (c ;; (\q. w')) q s ==> w' s)
==> (!a. While e c q a ==> w' a)) /\
(!s. While e c q s <=> If e (c ;; While e c) q s)`,
REPEAT GEN_TAC THEN DISCH_TAC THEN
(MP_TAC o GEN_ALL o DISCH_ALL o derive_nonschematic_inductive_relations)
`!s:S. (if e s then c w s else q s) ==> w s` THEN
REWRITE_TAC[
if_def; sequence;
o_THM;
IN_ELIM_THM; IMP_IMP] THEN
DISCH_THEN MATCH_MP_TAC THEN
REWRITE_TAC[
FUN_EQ_THM;
while_def;
IN_ELIM_THM] THEN
POP_ASSUM MP_TAC THEN REWRITE_TAC[monotonic] THEN SET_TAC[]);;
let CORRECT_POSTWEAK = prove
(`!p c q q'. monotonic c /\ correct p c q' /\ q'
SUBSET q ==> correct p c q`,
REWRITE_TAC[correct; monotonic] THEN SET_TAC[]);;
let CORRECT_SEQ = prove
(`!p q r c1 c2.
monotonic c1 /\ correct p c1 r /\ correct r c2 q
==> correct p (c1 ;; c2) q`,
REWRITE_TAC[correct; sequence; monotonic;
o_THM] THEN SET_TAC[]);;
let CORRECT_WHILE = prove
(`!(<<) p c q e invariant.
monotonic c /\
WF(<<) /\
p
SUBSET invariant /\
(
UNIV DIFF e)
INTER invariant
SUBSET q /\
(!X:S. correct (invariant
INTER e
INTER (\s. X = s)) c
(invariant
INTER (\s. s << X)))
==> correct p (While e c) q`,
REWRITE_TAC[correct;
SUBSET;
IN_INTER;
IN_UNIV;
IN_DIFF;
IN] THEN
REPEAT GEN_TAC THEN STRIP_TAC THEN
SUBGOAL_THEN `!s:S. invariant s ==> While e c q s` MP_TAC THENL
[ALL_TAC; ASM_MESON_TAC[]] THEN
FIRST_ASSUM(MATCH_MP_TAC o REWRITE_RULE[
WF_IND]) THEN
X_GEN_TAC `s:S` THEN REPEAT DISCH_TAC THEN
FIRST_ASSUM(fun th -> ONCE_REWRITE_TAC[MATCH_MP
WHILE_FIX th]) THEN
REWRITE_TAC[
if_def; sequence;
o_THM;
IN_ELIM_THM] THEN
COND_CASES_TAC THENL [ALL_TAC; ASM_MESON_TAC[]] THEN
FIRST_X_ASSUM(MP_TAC o SPECL [`s:S`; `s:S`]) THEN ASM_REWRITE_TAC[] THEN
FIRST_X_ASSUM(MP_TAC o GEN_REWRITE_RULE I [monotonic]) THEN
REWRITE_TAC[
SUBSET;
IN;
RIGHT_IMP_FORALL_THM] THEN
DISCH_THEN MATCH_MP_TAC THEN ASM_SIMP_TAC[
INTER;
IN_ELIM_THM;
IN]);;
let assert_def = new_definition
`assert (p:S->bool) (q:S->bool) = q`;;
let variant_def = new_definition
`variant ((<<):S->S->bool) (q:S->bool) = q`;;
let CORRECT_SEQ_VC = prove
(`!p q r c1 c2.
monotonic c1 /\ correct p c1 r /\ correct r c2 q
==> correct p (c1 ;; assert r ;; c2) q`,
REWRITE_TAC[correct; sequence; monotonic;
assert_def;
o_THM] THEN SET_TAC[]);;
let DIVIDES_NSUM = prove
(`!m n. (!i. m <= i /\ i <= n ==> p divides f(i)) ==> p divides nsum(m..n) f`,
let RSA = prove
(`prime p /\ prime q /\ ~(p = q) /\
(d * e == 1) (mod ((p - 1) * (q - 1))) /\
plaintext < p * q /\ (ciphertext = (plaintext
EXP e) MOD (p * q))
==> (plaintext = (ciphertext
EXP d) MOD (p * q))`,
let cheb = define
`(!x. cheb 0 x = &1) /\
(!x. cheb 1 x = x) /\
(!n x. cheb (n + 2) x = &2 * x * cheb (n + 1) x - cheb n x)`;;
let CHEB_INDUCT = prove
(`!P. P 0 /\ P 1 /\ (!n. P n /\ P(n + 1) ==> P(n + 2)) ==> !n. P n`,
GEN_TAC THEN STRIP_TAC THEN
SUBGOAL_THEN `!n. P n /\ P(n + 1)` (fun th -> MESON_TAC[th]) THEN
INDUCT_TAC THEN ASM_SIMP_TAC[
ADD1; GSYM
ADD_ASSOC] THEN
ASM_SIMP_TAC[ARITH]);;
let CHEB_2N1 = prove
(`!n x. ((x - &1) * (cheb (2 * n + 1) x - &1) =
(cheb (n + 1) x - cheb n x) pow 2) /\
(&2 * (x pow 2 - &1) * (cheb (2 * n + 2) x - &1) =
(cheb (n + 2) x - cheb n x) pow 2)`,
ONCE_REWRITE_TAC[
SWAP_FORALL_THM] THEN GEN_TAC THEN
MATCH_MP_TAC
CHEB_INDUCT THEN REWRITE_TAC[ARITH; cheb; CHEB_2; CHEB_3] THEN
REPEAT(CHANGED_TAC
(REWRITE_TAC[GSYM
ADD_ASSOC;
LEFT_ADD_DISTRIB; ARITH] THEN
REWRITE_TAC[ARITH_RULE `n + 5 = (n + 3) + 2`;
ARITH_RULE `n + 4 = (n + 2) + 2`;
ARITH_RULE `n + 3 = (n + 1) + 2`;
cheb])) THEN
CONV_TAC REAL_RING);;
let IVT_LEMMA1 = prove
(`!f. (!x. f contl x)
==> !x y. f(x) <= &0 /\ &0 <= f(y) ==> ?x. f(x) = &0`,
let IVT_LEMMA2 = prove
(`!f. (!x. f contl x) /\ (?x. f(x) <= x) /\ (?y. y <= f(y)) ==> ?x. f(x) = x`,
let SARKOVSKII_TRIVIAL = prove
(`!f:real->real. (!x. f contl x) /\ (?x. f(f(f(x))) = x) ==> ?x. f(x) = x`,
REPEAT STRIP_TAC THEN MATCH_MP_TAC
IVT_LEMMA2 THEN ASM_REWRITE_TAC[] THEN
CONJ_TAC THEN MATCH_MP_TAC
(MESON[] `P x \/ P (f x) \/ P (f(f x)) ==> ?x:real. P x`) THEN
FIRST_ASSUM(UNDISCH_TAC o check is_eq o concl) THEN REAL_ARITH_TAC);;
let holds = define
`(holds (W,R) V False w <=> F) /\
(holds (W,R) V True w <=> T) /\
(holds (W,R) V (Atom a) w <=> V a w) /\
(holds (W,R) V (Not p) w <=> ~(holds (W,R) V p w)) /\
(holds (W,R) V (p && q) w <=> holds (W,R) V p w /\ holds (W,R) V q w) /\
(holds (W,R) V (p || q) w <=> holds (W,R) V p w \/ holds (W,R) V q w) /\
(holds (W,R) V (p --> q) w <=> holds (W,R) V p w ==> holds (W,R) V q w) /\
(holds (W,R) V (p <-> q) w <=> holds (W,R) V p w <=> holds (W,R) V q w) /\
(holds (W,R) V (Box p) w <=>
!w'. w' IN W /\ R w w' ==> holds (W,R) V p w') /\
(holds (W,R) V (Diamond p) w <=>
?w'. w' IN W /\ R w w' /\ holds (W,R) V p w')`;;let S4 = new_definition
`S4(W,R) <=> ~(W = {}) /\ (!x y. R x y ==> x IN W /\ y IN W) /\
(!x. x IN W ==> R x x) /\
(!x y z. R x y /\ R y z ==> R x z)`;;let LTL = new_definition
`LTL(W,R) <=> (W = UNIV) /\ !x y:num. R x y <=> x <= y`;;
let GL = new_definition
`GL(W,R) <=> ~(W = {}) /\ (!x y. R x y ==> x IN W /\ y IN W) /\
WF(\x y. R y x) /\ (!x y z:num. R x y /\ R y z ==> R x z)`;;let HOLDS_FORALL_LEMMA = prove
(`!W R P. (!A V. P(holds (W,R) V A)) <=> (!p:W->bool. P p)`,
REPEAT GEN_TAC THEN EQ_TAC THENL [DISCH_TAC THEN GEN_TAC; SIMP_TAC[]] THEN
POP_ASSUM(MP_TAC o SPECL [`Atom a`; `\a:string. (p:W->bool)`]) THEN
GEN_REWRITE_TAC (LAND_CONV o RAND_CONV) [GSYM ETA_AX] THEN
REWRITE_TAC[holds] THEN REWRITE_TAC[ETA_AX]);;
let MODAL_TRANS = prove
(`!W R. (!w w' w'':W. w
IN W /\ w'
IN W /\ w''
IN W /\
R w w' /\ R w' w'' ==> R w w'') <=>
(!A.
holds_in (W,R) (Box A --> Box(Box A)))`,
MODAL_SCHEMA_TAC THEN MESON_TAC[]);;
let MODAL_SERIAL = prove
(`!W R. (!w:W. w
IN W ==> ?w'. w'
IN W /\ R w w') <=>
(!A.
holds_in (W,R) (Box A --> Diamond A))`,
MODAL_SCHEMA_TAC THEN MESON_TAC[]);;
let MODAL_SYM = prove
(`!W R. (!w w':W. w
IN W /\ w'
IN W /\ R w w' ==> R w' w) <=>
(!A.
holds_in (W,R) (A --> Box(Diamond A)))`,
MODAL_SCHEMA_TAC THEN EQ_TAC THENL [MESON_TAC[]; REPEAT STRIP_TAC] THEN
FIRST_X_ASSUM(MP_TAC o SPECL [`\v:W. v = w`; `w:W`]) THEN ASM_MESON_TAC[]);;
let MODAL_WFTRANS = prove
(`!W R. (!x y z:W. x
IN W /\ y
IN W /\ z
IN W /\ R x y /\ R y z ==> R x z) /\
WF(\x y. x
IN W /\ y
IN W /\ R y x) <=>
(!A.
holds_in (W,R) (Box(Box A --> A) --> Box A))`,
MODAL_SCHEMA_TAC THEN REWRITE_TAC[
WF_IND] THEN EQ_TAC THEN
STRIP_TAC THEN REPEAT CONJ_TAC THENL
[REPEAT GEN_TAC THEN REPEAT DISCH_TAC THEN FIRST_X_ASSUM MATCH_MP_TAC;
X_GEN_TAC `w:W` THEN FIRST_X_ASSUM(MP_TAC o SPECL
[`\v:W. v
IN W /\ R w v /\ !w''. w''
IN W /\ R v w'' ==> R w w''`; `w:W`]);
X_GEN_TAC `P:W->bool` THEN DISCH_TAC THEN
FIRST_X_ASSUM(MP_TAC o SPEC `\x:W. !w:W. x
IN W /\ R w x ==> P x`) THEN
MATCH_MP_TAC
MONO_FORALL] THEN
ASM_MESON_TAC[]);;
let and_def = define `p && q = \t:num. p t /\ q t`;;
let or_def = define `p || q = \t:num. p t \/ q t`;;
let imp_def = define `p --> q = \t:num. p t ==> q t`;;
let iff_def = define `p <-> q = \t:num. p t <=> q t`;;
let until = define
`p until q =
\t:num. ?t'. t <= t' /\ (!t''. t <= t'' /\ t'' < t' ==> p t'') /\ q t'`;;let eth = prove_general_recursive_function_exists
`?norm. (norm False = False) /\
(norm True = True) /\
(!i. norm (Atomic i) = Atomic i) /\
(!y z. norm (Ite False y z) = norm z) /\
(!y z. norm (Ite True y z) = norm y) /\
(!i y z. norm (Ite (Atomic i) y z) =
Ite (Atomic i) (norm y) (norm z)) /\
(!u v w y z. norm (Ite (Ite u v w) y z) =
norm (Ite u (Ite v y z) (Ite w y z)))`;;let sizeof = define
`(sizeof False = 1) /\
(sizeof True = 1) /\
(sizeof(Atomic i) = 1) /\
(sizeof(Ite x y z) = sizeof x * (1 + sizeof y + sizeof z))`;;
let ITE_INDUCT = prove
(`!P. P False /\
P True /\
(!i. P(Atomic i)) /\
(!y z. P z ==> P(Ite False y z)) /\
(!y z. P y ==> P(Ite True y z)) /\
(!i y z. P y /\ P z ==> P (Ite (Atomic i) y z)) /\
(!u v w x y z. P(Ite u (Ite v y z) (Ite w y z))
==> P(Ite (Ite u v w) y z))
==> !e. P e`,
GEN_TAC THEN STRIP_TAC THEN MATCH_MP_TAC SIZEOF_INDUCT THEN
MATCH_MP_TAC ite_INDUCT THEN ASM_REWRITE_TAC[] THEN
MATCH_MP_TAC ite_INDUCT THEN POP_ASSUM_LIST
(fun ths -> REPEAT STRIP_TAC THEN FIRST(mapfilter MATCH_MP_TAC ths)) THEN
REPEAT CONJ_TAC THEN FIRST_X_ASSUM MATCH_MP_TAC THEN
POP_ASSUM_LIST(K ALL_TAC) THEN
REWRITE_TAC[sizeof] THEN TRY ARITH_TAC THEN
REWRITE_TAC[
LEFT_ADD_DISTRIB;
RIGHT_ADD_DISTRIB;
MULT_CLAUSES] THEN
REWRITE_TAC[
MULT_AC;
ADD_AC;
LT_ADD_LCANCEL] THEN
REWRITE_TAC[
ADD_ASSOC;
LT_ADD_RCANCEL] THEN
MATCH_MP_TAC(ARITH_RULE `~(b = 0) /\ ~(c = 0) ==> a < (b + a) + c`) THEN
REWRITE_TAC[
MULT_EQ_0;
SIZEOF_NZ]);;
let normalized = define
`(normalized False <=> T) /\
(normalized True <=> T) /\
(normalized(Atomic a) <=> T) /\
(normalized(Ite False x y) <=> F) /\
(normalized(Ite True x y) <=> F) /\
(normalized(Ite (Atomic a) x y) <=> normalized x /\ normalized y) /\
(normalized(Ite (Ite u v w) x y) <=> F)`;;
let NORMALIZED_INDUCT = prove
(`P False /\
P True /\
(!i. P (Atomic i)) /\
(!i x y. P x /\ P y ==> P (Ite (Atomic i) x y))
==> !e. normalized e ==> P e`,
STRIP_TAC THEN MATCH_MP_TAC ite_INDUCT THEN ASM_REWRITE_TAC[normalized] THEN
MATCH_MP_TAC ite_INDUCT THEN ASM_MESON_TAC[normalized]);;
let holds = define
`(holds v False <=> F) /\
(holds v True <=> T) /\
(holds v (Atomic i) <=> v(i)) /\
(holds v (Ite b x y) <=> if holds v b then holds v x else holds v y)`;;
let HOLDS_NORM = prove
(`!e v. holds v (norm e) <=> holds v e`,
MATCH_MP_TAC
ITE_INDUCT THEN SIMP_TAC[holds; norm] THEN
REPEAT STRIP_TAC THEN CONV_TAC TAUT);;
let taut = define
`(taut (t,f) False <=> F) /\
(taut (t,f) True <=> T) /\
(taut (t,f) (Atomic i) <=> MEM i t) /\
(taut (t,f) (Ite (Atomic i) x y) <=>
if MEM i t then taut (t,f) x
else if MEM i f then taut (t,f) y
else taut (CONS i t,f) x /\ taut (t,CONS i f) y)`;;let NORMALIZED_TAUT = prove
(`!e. normalized e
==> !f t. (!a. ~(
MEM a t /\
MEM a f))
==> (taut (t,f) e <=>
!v. (!a.
MEM a t ==> v(a)) /\ (!a.
MEM a f ==> ~v(a))
==> holds v e)`,
MATCH_MP_TAC
NORMALIZED_INDUCT THEN REWRITE_TAC[holds; taut] THEN
REWRITE_TAC[
NOT_FORALL_THM] THEN REPEAT CONJ_TAC THENL
[REPEAT STRIP_TAC THEN EXISTS_TAC `\a:num.
MEM a t` THEN ASM_MESON_TAC[];
REPEAT STRIP_TAC THEN EQ_TAC THENL
[ALL_TAC; DISCH_THEN MATCH_MP_TAC] THEN ASM_MESON_TAC[];
REPEAT STRIP_TAC THEN REPEAT(COND_CASES_TAC THEN ASM_SIMP_TAC[])] THEN
ASM_SIMP_TAC[
MEM;
RIGHT_OR_DISTRIB;
LEFT_OR_DISTRIB;
MESON[] `(!a. ~(
MEM a t /\ a = i)) <=> ~(
MEM i t)`;
MESON[] `(!a. ~(a = i /\
MEM a f)) <=> ~(
MEM i f)`] THEN
ASM_REWRITE_TAC[
AND_FORALL_THM] THEN AP_TERM_TAC THEN ABS_TAC THEN
MESON_TAC[]);;
let HOLDS_BACK = prove
(`!v. (F <=> holds v False) /\
(T <=> holds v True) /\
(!i. v i <=> holds v (Atomic i)) /\
(!p. ~holds v p <=> holds v (Ite p False True)) /\
(!p q. (holds v p /\ holds v q) <=> holds v (Ite p q False)) /\
(!p q. (holds v p \/ holds v q) <=> holds v (Ite p True q)) /\
(!p q. (holds v p <=> holds v q) <=>
holds v (Ite p q (Ite q False True))) /\
(!p q. holds v p ==> holds v q <=> holds v (Ite p q True))`,
REWRITE_TAC[holds] THEN CONV_TAC TAUT);;
let EXAMPLE_10 = prove
(`!x:real^N y.
x dot y > &0
==> ?u. &0 < u /\
!v. &0 < v /\ v <= u ==> norm(v % y - x) < norm x`,
SOLOVAY_VECTOR_TAC THEN
W(fun (asl,w) -> MAP_EVERY (fun v -> SPEC_TAC(v,v)) (frees w)) THEN
CONV_TAC REAL_QELIM_CONV);;
let FORALL_3 = prove
(`(!i. 1 <= i /\ i <= 3 ==> P i) <=> P 1 /\ P 2 /\ P 3`,
MESON_TAC[ARITH_RULE `1 <= i /\ i <= 3 <=> (i = 1) \/ (i = 2) \/ (i = 3)`]);;
let VECTOR_3 = prove
(`(vector [x;y;z] :real^3)$1 = x /\
(vector [x;y;z] :real^3)$2 = y /\
(vector [x;y;z] :real^3)$3 = z`,
SIMP_TAC[vector;
LAMBDA_BETA; DIMINDEX_3;
LENGTH; ARITH] THEN
REWRITE_TAC[num_CONV `2`; num_CONV `1`;
EL;
HD;
TL]);;
let DOT_VECTOR = prove
(`(vector [x1;y1;z1] :real^3) dot (vector [x2;y2;z2]) =
x1 * x2 + y1 * y2 + z1 * z2`,
let ORTHOGONAL_VECTOR = prove
(`orthogonal (vector [x1;y1;z1] :real^3) (vector [x2;y2;z2]) =
(x1 * x2 + y1 * y2 + z1 * z2 = &0)`,
let cross = new_definition
`(a:real^3) cross (b:real^3) =
vector [a$2 * b$3 - a$3 * b$2;
a$3 * b$1 - a$1 * b$3;
a$1 * b$2 - a$2 * b$1] :real^3`;;let NORMAL_EXISTS = prove
(`!u v:real^3. ?w. ~(w = vec 0) /\ orthogonal u w /\ orthogonal v w`,
REPEAT GEN_TAC THEN MAP_EVERY ASM_CASES_TAC
[`u:real^3 = vec 0`; `v:real^3 = vec 0`; `u cross v = vec 0`] THEN
ASM_REWRITE_TAC[orthogonal] THEN
ASM_MESON_TAC[LEMMA_0;
LEMMA_1;
LEMMA_2;
LEMMA_3; LEMMA_4;
LEMMA_5; LEMMA_6; LEMMA_7]);;
let KOCHEN_SPECKER_LEMMA = prove
(`!P. (!x y:real^3. ~(x = vec 0) /\ ~(y = vec 0) /\ orthogonal x y /\
~(P x) ==> P y) /\
(!x y z. ~(x = vec 0) /\ ~(y = vec 0) /\ ~(z = vec 0) /\
orthogonal x y /\ orthogonal x z /\ orthogonal y z /\
P x /\ P y ==> ~(P z))
==> F`,
REPEAT STRIP_TAC THEN
MAP_EVERY (ASSUME_TAC o PROVE_NONTRIVIAL) points THEN
MAP_EVERY (ASSUME_TAC o PROVE_ORTHOGONAL) opairs THEN
KOCHEN_SPECKER_TAC [] []);;
let KOCHEN_SPECKER_PARADOX = prove
(`~(?spin:real^3->num.
!x y z. ~(x = vec 0) /\ ~(y = vec 0) /\ ~(z = vec 0) /\
orthogonal x y /\ orthogonal x z /\ orthogonal y z
==> (spin x = 0) /\ (spin y = 1) /\ (spin z = 1) \/
(spin x = 1) /\ (spin y = 0) /\ (spin z = 1) \/
(spin x = 1) /\ (spin y = 1) /\ (spin z = 0))`,
REPEAT STRIP_TAC THEN
MP_TAC(SPEC `\x:real^3. spin(x) = 1`
KOCHEN_SPECKER_LEMMA) THEN
ASM_REWRITE_TAC[] THEN CONJ_TAC THEN
POP_ASSUM MP_TAC THEN REPEAT(MATCH_MP_TAC
MONO_FORALL THEN GEN_TAC) THEN
DISCH_THEN(fun th -> STRIP_TAC THEN MP_TAC th) THEN
ASM_MESON_TAC[ARITH_RULE `~(1 = 0)`;
NONTRIVIAL_CROSS;
ORTHOGONAL_CROSS]);;
let DIRECTION_CLAUSES = prove
(`((!x. P(dest_dir x)) <=> (!x. ~(x = vec 0) ==> P x)) /\
((?x. P(dest_dir x)) <=> (?x. ~(x = vec 0) /\ P x))`,
MESON_TAC[direction_tybij]);;
let DIRECTION_AXIOM_1 = prove
(`!p p'. ~(p || p') ==> ?l. p _|_ l /\ p' _|_ l /\
!l'. p _|_ l' /\ p' _|_ l' ==> l' || l`,
REWRITE_TAC[perpdir; pardir;
DIRECTION_CLAUSES] THEN REPEAT STRIP_TAC THEN
MP_TAC(SPECL [`p:real^3`; `p':real^3`]
NORMAL_EXISTS) THEN
MATCH_MP_TAC
MONO_EXISTS THEN
POP_ASSUM_LIST(MP_TAC o end_itlist CONJ) THEN VEC3_TAC);;
let DIRECTION_AXIOM_3 = prove
(`?p p' p''.
~(p || p') /\ ~(p' || p'') /\ ~(p || p'') /\
~(?l. p _|_ l /\ p' _|_ l /\ p'' _|_ l)`,
REWRITE_TAC[perpdir; pardir;
DIRECTION_CLAUSES] THEN
MAP_EVERY (fun t -> EXISTS_TAC t THEN REWRITE_TAC[LEMMA_0])
[`basis 1 :real^3`; `basis 2 : real^3`; `basis 3 :real^3`] THEN
VEC3_TAC);;
let DIRECTION_AXIOM_4_WEAK = prove
(`!l. ?p p'. ~(p || p') /\ p _|_ l /\ p' _|_ l`,
REWRITE_TAC[
DIRECTION_CLAUSES; pardir; perpdir] THEN REPEAT STRIP_TAC THEN
SUBGOAL_THEN
`orthogonal (l cross basis 1) l /\ orthogonal (l cross basis 2) l /\
~((l cross basis 1) cross (l cross basis 2) = vec 0) \/
orthogonal (l cross basis 1) l /\ orthogonal (l cross basis 3) l /\
~((l cross basis 1) cross (l cross basis 3) = vec 0) \/
orthogonal (l cross basis 2) l /\ orthogonal (l cross basis 3) l /\
~((l cross basis 2) cross (l cross basis 3) = vec 0)`
MP_TAC THENL [POP_ASSUM MP_TAC THEN VEC3_TAC; MESON_TAC[
CROSS_0]]);;
let ORTHOGONAL_COMBINE = prove
(`!x a b. a _|_ x /\ b _|_ x /\ ~(a || b)
==> ?c. c _|_ x /\ ~(a || c) /\ ~(b || c)`,
REWRITE_TAC[
DIRECTION_CLAUSES; pardir; perpdir] THEN
REPEAT STRIP_TAC THEN EXISTS_TAC `a + b:real^3` THEN
POP_ASSUM_LIST(MP_TAC o end_itlist CONJ) THEN VEC3_TAC);;
let DIRECTION_AXIOM_4 = prove
(`!l. ?p p' p''. ~(p || p') /\ ~(p' || p'') /\ ~(p || p'') /\
p _|_ l /\ p' _|_ l /\ p'' _|_ l`,
let line_tybij = define_quotient_type "line" ("mk_line","dest_line") `(||)`;;let POINT_CLAUSES = prove
(`((p = p') <=> (dest_point p = dest_point p')) /\
((!p. P (dest_point p)) <=> (!l. P l)) /\
((?p. P (dest_point p)) <=> (?l. P l))`,
MESON_TAC[point_tybij]);;
let AXIOM_1 = prove
(`!p p'. ~(p = p') ==> ?l. p on l /\ p' on l /\
!l'. p on l' /\ p' on l' ==> (l' = l)`,
POINT_TAC LINE_AXIOM_1);;
let AXIOM_2 = prove
(`!l l'. ?p. p on l /\ p on l'`,
POINT_TAC LINE_AXIOM_2);;
let AXIOM_3 = prove
(`?p p' p''. ~(p = p') /\ ~(p' = p'') /\ ~(p = p'') /\
~(?l. p on l /\ p' on l /\ p'' on l)`,
POINT_TAC LINE_AXIOM_3);;
let AXIOM_4 = prove
(`!l. ?p p' p''. ~(p = p') /\ ~(p' = p'') /\ ~(p = p'') /\
p on l /\ p' on l /\ p'' on l`,
POINT_TAC LINE_AXIOM_4);;
let th2 = prove(mk_eq(lhand(concl th1),bod),TRIG_IDENT_TAC x) in
GEN x (GEN_REWRITE_RULE LAND_CONV [th2] th1);;
let FCT1_WEAK = prove
(`(!x. (f diffl f'(x)) x) ==> !x. &0 <= x ==> defint(&0,x) f' (f x - f(&0))`,