(*-------------------------------------------------------------------------*)
(*
File: mk_unless.ml
Description:
This file defines the theorems for the UNLESS definition.
Author: (c) Copyright 1989-2008 by Flemming Andersen
Date: June 29, 1989
Last Update: December 30, 2007
*)
(*-------------------------------------------------------------------------*)
(*-------------------------------------------------------------------------*)
(* The definition of UNLESS is based on the definition:
p UNLESS q in Pr = <!s in Pr: {p /\ ~q} s {p \/ q}>
where p and q are state dependent first order logic predicates or all
s in the program Pr are conditionally enabled statements transforming
a state into a new state.
To define UNLESS as a relation UNLESS_STMT to be satisfied for a finite
number of program statements, we define the UNLESS_STMT to be fulfilled as
a separate HOARE tripple relation between pre- or post predicates to be
satisfied for state transitions. The pre- or post predicates of the
UNLESS_STMT relation must be satisfiable for all states possible in the
finite state space of the program.
*)
let TL_FIX = 100;;
let UNLESS_STMT = new_infix_definition
("UNLESS_STMT", "<=>",
`UNLESS_STMT (p:'a->bool) q st =
\s:'a. (p s /\ ~q s) ==> (p (st s) \/ q (st s))`, TL_FIX);;
(*
Since a program is defined as a set (list) of statements, we
recursively define the UNLESS relation itself using the UNLESS_STMT
relation to be satisfied for every statement in the program.
As the bottom of the recursion we choose the empty program always to be
satisfied. For every statement in the program the UNLESS_STMT relation
must be satisfied in all possible states.
*)
let UNLESS_term =
(`(!p q. UNLESS p q [] <=> T) /\
(!p q. UNLESS p q (CONS (st:'a->'a) Pr) <=>
((!s:'a. (p UNLESS_STMT q) st s) /\ (UNLESS p q Pr)))`);;
let UNLESS = new_recursive_definition list_RECURSION UNLESS_term;;
let UNLESS_STMT_thm0 = prove_thm
("UNLESS_STMT_thm0",
`!p st (s:'a). (p UNLESS_STMT p)st s`,
REPEAT STRIP_TAC THEN
REWRITE_TAC [UNLESS_STMT] THEN
REWRITE_TAC [BETA_CONV (`(\s:'a. p s /\ ~(p s) ==> p (st s))s`)] THEN
REPEAT STRIP_TAC THEN
RES_TAC);;let UNLESS_STMT_thm1 = prove_thm
("UNLESS_STMT_thm1",
`!(p:'a->bool) q r st.
((!s. (p UNLESS_STMT q) st s) /\ (!s. (q s) ==> (r s))) ==>
(!s. (p UNLESS_STMT r) st s)`,
REPEAT GEN_TAC THEN
REWRITE_TAC [UNLESS_STMT] THEN
REPEAT STRIP_TAC THEN
ASSUME_TAC (REWRITE_RULE [ASSUME `~r (s:'a)`]
( CONTRAPOS (SPEC `s:'a` (ASSUME `!s:'a. q s ==> r s`)))) THEN
STRIP_ASSUME_TAC (REWRITE_RULE [ASSUME `(p:'a->bool) s`; ASSUME `~q (s:'a)`]
(SPEC `s:'a` (ASSUME `!s:'a. p s /\ ~q s ==> p (st s) \/ q (st s)`))) THEN
ASM_REWRITE_TAC [] THEN
STRIP_ASSUME_TAC (REWRITE_RULE [ASSUME `(q:'a->bool) ((st:'a->'a) s)`]
(SPEC `(st:'a->'a) s` (ASSUME `!s:'a. q s ==> r s`))) THEN
ASM_REWRITE_TAC []);;let UNLESS_STMT_thm2 = prove_thm
("UNLESS_STMT_thm2",
`!p q p' q' (st:'a->'a).
((!s. (p UNLESS_STMT q) st s) /\ (!s. (p' UNLESS_STMT q') st s)) ==>
(!s. ((p \/* p') UNLESS_STMT (q \/* q')) st s)`,
REWRITE_TAC [UNLESS_STMT;OR_def] THEN
CONV_TAC (DEPTH_CONV BETA_CONV) THEN
REWRITE_TAC [GEN_ALL (SYM (SPEC_ALL CONJ_ASSOC));
(SYM (SPEC_ALL DISJ_ASSOC)); NOT_CLAUSES; DE_MORGAN_THM] THEN
(REPEAT STRIP_TAC THEN RES_TAC THEN ASM_REWRITE_TAC []));;let UNLESS_STMT_thm3 = prove_thm
("UNLESS_STMT_thm3",
`!p q p' q' (st:'a->'a).
((!s. (p UNLESS_STMT q) st s) /\ (!s. (p' UNLESS_STMT q') st s)) ==>
(!s. ((p /\* p') UNLESS_STMT
(((p /\* q') \/* (p' /\* q)) \/* (q /\* q'))) st s)`,
PURE_REWRITE_TAC [UNLESS_STMT;AND_def;OR_def] THEN
CONV_TAC (DEPTH_CONV BETA_CONV) THEN
REWRITE_TAC [GEN_ALL (SYM (SPEC_ALL CONJ_ASSOC));
(SYM (SPEC_ALL DISJ_ASSOC)); NOT_CLAUSES; DE_MORGAN_THM] THEN
STRIP_TAC THEN STRIP_TAC THEN STRIP_TAC THEN STRIP_TAC THEN STRIP_TAC THEN
DISCH_TAC THEN STRIP_TAC THEN DISCH_TAC THEN
ASSUME_TAC (CONJUNCT1 (ASSUME
(`(!s. p s /\ ~q s ==> p ((st:'a->'a) s) \/ q (st s)) /\
(!s. p' s /\ ~q' s ==> p'((st:'a->'a) s) \/ q'(st s))`))) THEN
ASSUME_TAC (CONJUNCT2 (ASSUME
(`(!s. p s /\ ~q s ==> p ((st:'a->'a) s) \/ q (st s)) /\
(!s. p' s /\ ~q' s ==> p'((st:'a->'a) s) \/ q'(st s))`))) THEN
STRIP_ASSUME_TAC (SPEC_ALL (ASSUME
(`(!s. p s /\ ~q s ==> p ((st:'a->'a) s) \/ q (st s))`))) THEN
STRIP_ASSUME_TAC (SPEC_ALL (ASSUME
(`(!s. p' s /\ ~q' s ==> p'((st:'a->'a) s) \/ q'(st s))`))) THEN
ASSUME_TAC (UNDISCH_ALL
(SPEC (`(q':'a->bool) ((st:'a->'a) s)`)
(SPEC (`(p':'a->bool) ((st:'a->'a) s)`)
(SPEC (`(q':'a->bool) s`)
(SPEC (`(p':'a->bool) s`)
(SPEC (`(q:'a->bool) ((st:'a->'a) s)`)
(SPEC (`(p:'a->bool) ((st:'a->'a) s)`)
(SPEC (`(q:'a->bool) s`)
(SPEC (`(p:'a->bool) s`)
IMP_IMP_CONJIMP_lemma))))))))) THEN
ASM_REWRITE_TAC []);;let UNLESS_STMT_thm4 = prove_thm
("UNLESS_STMT_thm4",
`!p q p' q' (st:'a->'a).
((!s. (p UNLESS_STMT q) st s) /\ (!s. (p' UNLESS_STMT q') st s)) ==>
(!s. ((p \/* p') UNLESS_STMT
((((Not p) /\* q') \/* ((Not p') /\* q)) \/* (q /\* q')))
st s)`,
REPEAT GEN_TAC THEN
PURE_REWRITE_TAC [UNLESS_STMT;AND_def;OR_def;NOT_def1] THEN
MESON_TAC []);;let UNLESS_STMT_thm5 = prove_thm
("UNLESS_STMT_thm5",
`!(P:num->('a->bool)) q st.
(!m. (!s. ((P m) UNLESS_STMT q)st s)) ==>
(!s. ((\s. ?n. P n s) UNLESS_STMT q)st s)`,
REPEAT GEN_TAC THEN
REWRITE_TAC [UNLESS_STMT] THEN
BETA_TAC THEN
REPEAT STRIP_TAC THEN
REWRITE_TAC [UNLESS_STMT_thm5_lemma2] THEN
EXISTS_TAC (`n:num`) THEN
RES_TAC THEN
ASM_REWRITE_TAC []);;let UNLESS_STMT_thm6 = prove_thm
("UNLESS_STMT_thm6",
`!(p:'a->bool) q r (st:'a->'a).
(!s. (p UNLESS_STMT q) st s) ==>
(!s. ((p \/* r) UNLESS_STMT (q \/* r)) st s)`,
REPEAT GEN_TAC THEN
REWRITE_TAC [UNLESS_STMT; OR_def] THEN
MESON_TAC []);;let UNLESS_thm1 = prove_thm
("UNLESS_thm1",
`!(p:'a->bool) Pr. (p UNLESS p) Pr`,
GEN_TAC THEN
LIST_INDUCT_TAC THEN
PURE_REWRITE_TAC [UNLESS] THEN
ASM_REWRITE_TAC [] THEN
PURE_REWRITE_TAC [UNLESS_STMT] THEN
CONV_TAC (DEPTH_CONV BETA_CONV) THEN
REPEAT STRIP_TAC THEN
RES_TAC);;let UNLESS_thm2 = prove_thm
("UNLESS_thm2",
(`!(p:'a->bool) Pr. (p UNLESS (Not p)) Pr`),
GEN_TAC THEN
LIST_INDUCT_TAC THEN
PURE_REWRITE_TAC [UNLESS] THEN
ASM_REWRITE_TAC [] THEN
PURE_REWRITE_TAC [UNLESS_STMT;NOT_def1] THEN
CONV_TAC (DEPTH_CONV BETA_CONV) THEN
REPEAT STRIP_TAC THEN
REWRITE_TAC [EXCLUDED_MIDDLE]);;let UNLESS_thm3 = prove_thm
("UNLESS_thm3",
`!(p:'a->bool) q r Pr.
(((p UNLESS q) Pr) /\ (!s. (q s) ==> (r s))) ==> ((p UNLESS r) Pr)`,
GEN_TAC THEN GEN_TAC THEN GEN_TAC THEN
LIST_INDUCT_TAC THEN
REWRITE_TAC [UNLESS] THEN
STRIP_TAC THEN
ASM_REWRITE_TAC [] THEN
RES_TAC THEN
ASM_REWRITE_TAC [] THEN
IMP_RES_TAC UNLESS_STMT_thm1);;let UNLESS_thm4 = prove_thm
("UNLESS_thm4",
`!(p:'a->bool) q p' q' Pr.
(((p UNLESS q) Pr) /\ ((p' UNLESS q') Pr)) ==>
(((p /\* p') UNLESS
(((p /\* q') \/* (p' /\* q)) \/* (q /\* q'))) Pr)`,
GEN_TAC THEN GEN_TAC THEN GEN_TAC THEN GEN_TAC THEN
LIST_INDUCT_TAC THEN
REWRITE_TAC [UNLESS] THEN
STRIP_TAC THEN
ASM_REWRITE_TAC [] THEN
RES_TAC THEN
ASM_REWRITE_TAC [] THEN
IMP_RES_TAC UNLESS_STMT_thm3);;let UNLESS_thm5 = prove_thm
("UNLESS_thm5",
`!(p:'a->bool) q p' q' Pr.
(((p UNLESS q) Pr) /\ ((p' UNLESS q') Pr))
==>
(((p \/* p') UNLESS
((((Not p) /\* q') \/* ((Not p') /\* q)) \/* (q /\* q'))) Pr)`,
GEN_TAC THEN GEN_TAC THEN GEN_TAC THEN GEN_TAC THEN
LIST_INDUCT_TAC THEN
REWRITE_TAC [UNLESS] THEN
STRIP_TAC THEN
ASM_REWRITE_TAC [] THEN
RES_TAC THEN
ASM_REWRITE_TAC [] THEN
IMP_RES_TAC UNLESS_STMT_thm4);;let UNLESS_thm6 = prove_thm
("UNLESS_thm6",
`!(p:'a->bool) q p' q' Pr.
(((p UNLESS q) Pr) /\ ((p' UNLESS q') Pr)) ==>
(((p /\* p') UNLESS (q \/* q')) Pr)`,
REPEAT STRIP_TAC THEN
ASSUME_TAC (UNDISCH_ALL (SPECL
[(`((p:'a->bool) UNLESS q)Pr`);
(`((p':'a->bool) UNLESS q')Pr`)]
AND_INTRO_THM)) THEN
ASSUME_TAC (UNDISCH_ALL (SPEC_ALL UNLESS_thm4)) THEN
ASSUME_TAC (SPECL [(`p:'a->bool`); (`q:'a->bool`);
(`p':'a->bool`); (`q':'a->bool`)]
IMPLY_WEAK_lemma1) THEN
ASSUME_TAC (UNDISCH_ALL (SPECL
[(`(((p:'a->bool) /\* p') UNLESS
(((p /\* q') \/* (p' /\* q)) \/* (q /\* q')))Pr`);
(`!s. ((((p:'a->bool) /\* q') \/* (p' /\* q)) \/* (q /\* q'))s ==>
(q \/* q')s`)]
AND_INTRO_THM)) THEN
ASM_REWRITE_TAC [UNDISCH_ALL (SPECL
[(`(p:'a->bool) /\* p'`);
(`((((p:'a->bool) /\* q') \/* (p' /\* q)) \/* (q /\* q'))`);
(`(q:'a->bool) \/* q'`); (`Pr:('a->'a)list`)]
UNLESS_thm3)]);;let UNLESS_thm7 = prove_thm
("UNLESS_thm7",
`!(p:'a->bool) q p' q' Pr.
(((p UNLESS q) Pr) /\ ((p' UNLESS q') Pr)) ==>
(((p \/* p') UNLESS (q \/* q')) Pr)`,
REPEAT STRIP_TAC THEN
ASSUME_TAC (UNDISCH_ALL (SPECL
[(`((p:'a->bool) UNLESS q)Pr`); (`((p':'a->bool) UNLESS q')Pr`)]
AND_INTRO_THM)) THEN
ASSUME_TAC (UNDISCH_ALL (SPEC_ALL UNLESS_thm5)) THEN
ASSUME_TAC (SPECL [(`p:'a->bool`); (`q:'a->bool`);
(`p':'a->bool`); (`q':'a->bool`)]
IMPLY_WEAK_lemma2) THEN
ASSUME_TAC (UNDISCH_ALL (SPECL
[(`(((p:'a->bool) \/* p') UNLESS
((((Not p) /\* q') \/* ((Not p') /\* q)) \/* (q /\* q')))
Pr`);
(`!s. ((((Not (p:'a->bool)) /\* q') \/* ((Not p') /\* q)) \/*
(q /\* q'))s ==> (q \/* q')s`)]
AND_INTRO_THM)) THEN
STRIP_ASSUME_TAC (UNDISCH_ALL (SPECL
[`(p:'a->bool) \/* p'`;
`(((Not (p:'a->bool)) /\* q') \/* ((Not p') /\* q)) \/* (q /\* q')`;
`(q:'a->bool) \/* q'`;
`Pr:('a->'a)list`]
UNLESS_thm3)));;let UNLESS_thm8 = prove_thm
("UNLESS_thm8",
`!(p:'a->bool) q r Pr.
(((p UNLESS q) Pr) /\ ((q UNLESS r) Pr)) ==>
(((p \/* q) UNLESS r) Pr)`,
REPEAT STRIP_TAC THEN
ASSUME_TAC (UNDISCH_ALL (SPECL
[`((p:'a->bool) UNLESS q)Pr`; `((q:'a->bool) UNLESS r)Pr`]
AND_INTRO_THM)) THEN
ASSUME_TAC (UNDISCH_ALL (SPEC_ALL (SPECL
[(`p:'a->bool`); (`q:'a->bool`);
(`q:'a->bool`); (`r:'a->bool`)]
UNLESS_thm5))) THEN
ASSUME_TAC (SPECL
[(`p:'a->bool`); (`q:'a->bool`); (`r:'a->bool`)]
IMPLY_WEAK_lemma3) THEN
ASSUME_TAC (UNDISCH_ALL (SPECL
[(`(((p:'a->bool) \/* q) UNLESS
((((Not p) /\* r) \/* ((Not q) /\* q)) \/* (q /\* r))) Pr`);
(`!s:'a. ((((Not p) /\* r) \/* ((Not q) /\* q)) \/*
(q /\* r))s ==> r s`)]
AND_INTRO_THM)) THEN
STRIP_ASSUME_TAC (UNDISCH_ALL (SPEC_ALL (SPECL
[(`((p:'a->bool) \/* q)`);
(`((((Not (p:'a->bool)) /\* r) \/* ((Not q) /\* q)) \/*
(q /\* r))`);
(`r:'a->bool`)]
UNLESS_thm3))));;let UNLESS_cor1 = prove_thm
("UNLESS_cor1",
`!(p:'a->bool) q Pr. (!s. p s ==> q s) ==> ((p UNLESS q) Pr)`,
REPEAT STRIP_TAC THEN
ASSUME_TAC (SPEC_ALL UNLESS_thm1) THEN
ASSUME_TAC (UNDISCH_ALL (SPECL
[`((p:'a->bool) UNLESS p)Pr`; `!s:'a. p s ==> q s`]
AND_INTRO_THM)) THEN
ASM_REWRITE_TAC [UNDISCH_ALL (SPECL
[(`p:'a->bool`); (`p:'a->bool`); (`q:'a->bool`);
(`Pr:('a->'a)list`)] UNLESS_thm3)]);;let UNLESS_cor2 = prove_thm
("UNLESS_cor2",
(`!(p:'a->bool) q Pr. (!s. (Not p)s ==> q s) ==> ((p UNLESS q) Pr)`),
REPEAT STRIP_TAC THEN
ASSUME_TAC (SPEC_ALL UNLESS_thm2) THEN
ASSUME_TAC (UNDISCH_ALL (SPECL
[(`((p:'a->bool) UNLESS (Not p))Pr`);
(`!s:'a. (Not p) s ==> q s`)]
AND_INTRO_THM)) THEN
ASM_REWRITE_TAC [UNDISCH_ALL (SPECL
[(`p:'a->bool`); (`Not (p:'a->bool)`);
(`q:'a->bool`); (`Pr:('a->'a)list`)]
UNLESS_thm3)]);;let UNLESS_cor3 = prove_thm
("UNLESS_cor3",
(`!(p:'a->bool) q r Pr.
((p /\* (Not q)) UNLESS (q \/* r)) Pr = (p UNLESS (q \/* r)) Pr`),
REWRITE_TAC [IMP_ANTISYM_RULE
(SPEC_ALL UNLESS_cor3b) (SPEC_ALL UNLESS_cor3a)]);;let UNLESS_cor4 = prove_thm
("UNLESS_cor4",
(`!(p:'a->bool) q r Pr.
((p \/* q) UNLESS r) Pr ==> (p UNLESS (q \/* r)) Pr`),
REPEAT STRIP_TAC THEN
ASSUME_TAC (SPEC_ALL ((SPEC (`Not (q:'a->bool)`) UNLESS_thm2))) THEN
UNDISCH_TAC (`((Not (q:'a->bool)) UNLESS (Not(Not q)))Pr`) THEN
REWRITE_TAC [NOT_NOT_lemma] THEN
STRIP_TAC THEN
ASSUME_TAC (UNDISCH_ALL (SPEC_ALL (SPECL
[(`(((p:'a->bool) \/* q) UNLESS r)Pr`);
(`((Not (q:'a->bool)) UNLESS q)Pr`)]
AND_INTRO_THM))) THEN
ASSUME_TAC (UNDISCH_ALL (SPEC_ALL (SPECL
[(`((p:'a->bool) \/* q)`); (`r:'a->bool`);
(`(Not (q:'a->bool))`); (`q:'a->bool`)]
UNLESS_thm6))) THEN
UNDISCH_TAC (`((((p:'a->bool) \/* q) /\* (Not q)) UNLESS
(r \/* q))Pr`) THEN
REWRITE_TAC [OR_NOT_AND_lemma] THEN
PURE_ONCE_REWRITE_TAC [SPECL [(`r:'a->bool`); (`q:'a->bool`)]
OR_COMM_lemma] THEN
REWRITE_TAC [UNLESS_cor3] THEN
STRIP_TAC THEN
PURE_ONCE_REWRITE_TAC [SPECL [(`r:'a->bool`); (`q:'a->bool`)]
OR_COMM_lemma] THEN
ASM_REWRITE_TAC []);;let UNLESS_cor5 = prove_thm
("UNLESS_cor5",
(`!(p:'a->bool) Pr. (p UNLESS True) Pr`),
REPEAT GEN_TAC THEN
ASSUME_TAC (SPEC_ALL UNLESS_thm1) THEN
ASSUME_TAC (SPEC_ALL UNLESS_thm2) THEN
ASSUME_TAC (UNDISCH_ALL (SPECL
[(`((p:'a->bool) UNLESS p)Pr`);
(`((p:'a->bool) UNLESS (Not p))Pr`)]
AND_INTRO_THM)) THEN
ASSUME_TAC (UNDISCH_ALL (SPEC_ALL (SPECL
[(`p:'a->bool`); (`p:'a->bool`);
(`p:'a->bool`); (`(Not (p:'a->bool))`)]
UNLESS_thm6))) THEN
UNDISCH_TAC (`(((p:'a->bool) /\* p) UNLESS (p \/* (Not p)))Pr`) THEN
REWRITE_TAC [AND_AND_lemma;P_OR_NOT_P_lemma]);;let UNLESS_cor6 = prove_thm
("UNLESS_cor6",
(`!(p:'a->bool) Pr. (True UNLESS p) Pr`),
REPEAT GEN_TAC THEN
ASSUME_TAC (SPEC_ALL UNLESS_thm1) THEN
ASSUME_TAC (SPEC_ALL (SPEC (`(Not (p:'a->bool))`) UNLESS_thm2)) THEN
UNDISCH_TAC (`((Not (p:'a->bool)) UNLESS (Not(Not p)))Pr`) THEN
REWRITE_TAC [NOT_NOT_lemma] THEN
DISCH_TAC THEN
ASSUME_TAC (UNDISCH_ALL (SPECL
[(`((Not (p:'a->bool)) UNLESS p)Pr`);
(`((p:'a->bool) UNLESS p)Pr`)]
AND_INTRO_THM)) THEN
ASSUME_TAC (UNDISCH_ALL (SPEC_ALL (SPECL
[(`(Not (p:'a->bool))`); (`p:'a->bool`);
(`p:'a->bool`); (`p:'a->bool`)]
UNLESS_thm7))) THEN
UNDISCH_TAC (`(((Not (p:'a->bool)) \/* p) UNLESS (p \/* p))Pr`) THEN
PURE_ONCE_REWRITE_TAC [OR_COMM_lemma] THEN
REWRITE_TAC [OR_OR_lemma;P_OR_NOT_P_lemma]);;let UNLESS_cor7 = prove_thm
("UNLESS_cor7",
(`!(p:'a->bool) Pr. (False UNLESS p) Pr`),
REPEAT GEN_TAC THEN
ASSUME_TAC (SPEC_ALL UNLESS_thm1) THEN
ASSUME_TAC (SPEC_ALL (SPEC (`(Not (p:'a->bool))`) UNLESS_thm2)) THEN
UNDISCH_TAC (`((Not (p:'a->bool)) UNLESS (Not(Not p)))Pr`) THEN
REWRITE_TAC [NOT_NOT_lemma] THEN
DISCH_TAC THEN
ASSUME_TAC (UNDISCH_ALL (SPECL
[(`((Not (p:'a->bool)) UNLESS p)Pr`);
(`((p:'a->bool) UNLESS p)Pr`)]
AND_INTRO_THM)) THEN
ASSUME_TAC (UNDISCH_ALL (SPEC_ALL (SPECL
[(`(Not (p:'a->bool))`); (`p:'a->bool`);
(`p:'a->bool`); (`p:'a->bool`)]
UNLESS_thm6))) THEN
UNDISCH_TAC (`(((Not (p:'a->bool)) /\* p) UNLESS (p \/* p))Pr`) THEN
PURE_ONCE_REWRITE_TAC [AND_COMM_lemma] THEN
REWRITE_TAC [OR_OR_lemma;P_AND_NOT_P_lemma]);;let UNLESS_cor8 = prove_thm
("UNLESS_cor8",
(`!(p:'a->bool) q p' Pr.
(!s. p s /\ ~q s) ==> (!s. p' s) ==> (!s. p s \/ q s)
==> (((p /\* (Not q)) UNLESS q) Pr =
((p' /\* (Not q)) UNLESS q) Pr)`),
REPEAT STRIP_TAC THEN
REWRITE_TAC [AND_def;OR_def;NOT_def1] THEN
CONV_TAC (DEPTH_CONV BETA_CONV) THEN
REWRITE_TAC [HeJiFeng_lemma_f]);;let UNLESS_cor9 = prove_thm
("UNLESS_cor9",
(`!(p:'a->bool) q p' q' r r' Pr.
((p \/* p') UNLESS (q \/* r)) Pr /\ ((q \/* q') UNLESS (p \/* r')) Pr ==>
((p \/* p' \/* q \/* q') UNLESS ((p /\* q) \/* r \/* r')) Pr`),
REPEAT GEN_TAC THEN DISCH_TAC THEN
ASSUME_TAC (UNDISCH_ALL (SPECL
[(`((p:'a->bool) \/* p')`); (`((q:'a->bool) \/* r)`);
(`((q:'a->bool) \/* q')`); (`((p:'a->bool) \/* r')`);
(`Pr:('a->'a)list`)]
UNLESS_thm5)) THEN
ASSUME_TAC (SPECL
[(`p:'a->bool`); (`q:'a->bool`);
(`p':'a->bool`); (`q':'a->bool`);
(`r:'a->bool`); (`r':'a->bool`)] IMPLY_WEAK_lemma4) THEN
ASSUME_TAC (UNDISCH_ALL (SPECL
[(`((((p:'a->bool) \/* p') \/* (q \/* q')) UNLESS
((((Not(p \/* p')) /\* (p \/* r')) \/*
((Not(q \/* q')) /\* (q \/* r))) \/*
((q \/* r) /\* (p \/* r')))) Pr`);
(`!s:'a. ((((Not(p \/* p')) /\* (p \/* r')) \/*
((Not(q \/* q')) /\* (q \/* r))) \/*
((q \/* r) /\* (p \/* r'))) s ==>
((p /\* q) \/* (r \/* r'))s`)]
AND_INTRO_THM)) THEN
STRIP_ASSUME_TAC (UNDISCH_ALL (SPEC_ALL (SPECL
[(`(((p:'a->bool) \/* p') \/* (q \/* q'))`);
(`((((Not((p:'a->bool) \/* p')) /\* (p \/* r')) \/*
((Not(q \/* q')) /\* (q \/* r))) \/*
((q \/* r) /\* (p \/* r')))`);
(`(((p:'a->bool) /\* q) \/* (r \/* r'))`)]
UNLESS_thm3))) THEN
UNDISCH_TAC (`((((p:'a->bool) \/* p') \/* (q \/* q')) UNLESS
((p /\* q) \/* (r \/* r')))Pr`) THEN
REWRITE_TAC [OR_ASSOC_lemma]);;let UNLESS_cor10 = prove_thm
("UNLESS_cor10",
(`!(p:'a->bool) q Pr. (p \/* q) STABLE Pr ==> (p UNLESS q) Pr`),
REPEAT GEN_TAC THEN
REWRITE_TAC [STABLE] THEN
DISCH_TAC THEN
STRIP_ASSUME_TAC (UNDISCH_ALL (SPECL
[(`p:'a->bool`); (`q:'a->bool`);
(`False:'a->bool`); (`Pr:('a->'a)list`)]
UNLESS_cor4)) THEN
UNDISCH_TAC (`((p:'a->bool) UNLESS (q \/* False))Pr`) THEN
REWRITE_TAC [OR_False_lemma]);;let UNLESS_cor11 = prove_thm
("UNLESS_cor11",
(`!(p:'a->bool) Pr. (!s. (Not p)s) ==> p STABLE Pr`),
GEN_TAC THEN
REWRITE_TAC [STABLE] THEN
LIST_INDUCT_TAC THEN
REWRITE_TAC [UNLESS] THEN
STRIP_TAC THEN
RES_TAC THEN
ASM_REWRITE_TAC [] THEN
GEN_TAC THEN
REWRITE_TAC [UNLESS_STMT; FALSE_def] THEN
STRIP_ASSUME_TAC (REWRITE_RULE [NOT_def1]
(SPEC `s:'a` (ASSUME `!s:'a. Not (p:'a->bool) s`))) THEN
STRIP_TAC THEN
RES_TAC);;let UNLESS_cor12 = prove_thm
("UNLESS_cor12",
(`!(p:'a->bool) Pr. (!s. (Not p)s) ==> (Not p) STABLE Pr`),
GEN_TAC THEN
REWRITE_TAC [STABLE] THEN
LIST_INDUCT_TAC THEN
REWRITE_TAC [UNLESS] THEN
STRIP_TAC THEN
RES_TAC THEN
ASM_REWRITE_TAC [UNLESS_STMT]);;let UNLESS_cor13 = prove_thm
("UNLESS_cor13",
(`!(p:'a->bool) q Pr.
(p UNLESS q) Pr /\ (q UNLESS p) Pr /\ (!s. Not (p /\* q) s) ==>
(p \/* q) STABLE Pr`),
REPEAT STRIP_TAC THEN
ASSUME_TAC (UNDISCH_ALL (SPECL
[(`((p:'a->bool) /\* q)`);
(`Pr:('a->'a)list`)] UNLESS_cor11)) THEN
UNDISCH_TAC (`((p:'a->bool) /\* q) STABLE Pr`) THEN
REWRITE_TAC [STABLE] THEN
DISCH_TAC THEN
ASSUME_TAC (UNDISCH_ALL (SPECL
[(`((p:'a->bool) UNLESS q)Pr`); (`((q:'a->bool) UNLESS p)Pr`)]
AND_INTRO_THM)) THEN
ASSUME_TAC (UNDISCH_ALL (SPECL
[(`(p:'a->bool)`); (`(q:'a->bool)`);
(`(q:'a->bool)`); (`(p:'a->bool)`); (`Pr:('a->'a)list`)]
UNLESS_thm5)) THEN
UNDISCH_TAC (`(((p:'a->bool) \/* q) UNLESS
((((Not p) /\* p) \/* ((Not q) /\* q)) \/* (q /\* p))
) Pr`) THEN
PURE_ONCE_REWRITE_TAC [AND_COMM_lemma] THEN
REWRITE_TAC [P_AND_NOT_P_lemma;OR_False_lemma] THEN
PURE_ONCE_REWRITE_TAC [OR_COMM_lemma] THEN
REWRITE_TAC [OR_False_lemma] THEN
DISCH_TAC THEN
ASSUME_TAC (UNDISCH_ALL (SPECL
[(`(((q:'a->bool) \/* p) UNLESS (p /\* q))Pr`);
(`(((p:'a->bool) /\* q) UNLESS False)Pr`)]
AND_INTRO_THM)) THEN
ASSUME_TAC (UNDISCH_ALL (SPECL
[(`((q:'a->bool) \/* p)`); (`((p:'a->bool) /\* q)`);
(`False:'a->bool`); (`Pr:('a->'a)list`)]
UNLESS_thm8)) THEN
UNDISCH_TAC
(`((((q:'a->bool) \/* p) \/* (p /\* q)) UNLESS False)Pr`) THEN
REWRITE_TAC [OR_AND_DISTR_lemma] THEN
REWRITE_TAC [OR_ASSOC_lemma;OR_OR_lemma] THEN
PURE_ONCE_REWRITE_TAC [OR_COMM_lemma] THEN
REWRITE_TAC [OR_ASSOC_lemma;OR_OR_lemma;AND_AND_lemma]);;let UNLESS_STMT_cor15 = prove_thm
("UNLESS_STMT_cor15",
`!(P:num->('a->bool)) Q st.
(!i s. (P i UNLESS_STMT P i /\* Q i) st s) ==>
(!s. ((!*) P UNLESS_STMT (!*) P /\* (?*) Q) st s)`,
REPEAT GEN_TAC THEN
REWRITE_TAC [FORALL_def; EXISTS_def; UNLESS_STMT; AND_def] THEN
CONV_TAC (DEPTH_CONV BETA_CONV) THEN
MESON_TAC []);;let UNLESS_cor15 = prove_thm
("UNLESS_cor15",
`!(P:num->('a->bool)) Q Pr.
(!i. ((P i) UNLESS ((P i) /\* (Q i))) Pr) ==>
(((!*) P) UNLESS (((!*) P) /\* ((?*) Q))) Pr`,
GEN_TAC THEN GEN_TAC THEN
LIST_INDUCT_TAC THEN
REWRITE_TAC [UNLESS] THEN
STRIP_TAC THEN
RES_TAC THEN
ASM_REWRITE_TAC [] THEN
STRIP_ASSUME_TAC (REWRITE_RULE [UNLESS_cor15_lem3] (ASSUME
`!i:num. (!s:'a. (P i UNLESS_STMT P i /\* Q i) h s) /\
(P i UNLESS P i /\* Q i) t`)) THEN
RES_TAC THEN
ASM_REWRITE_TAC [] THEN
IMP_RES_TAC UNLESS_STMT_cor15);;let UNLESS_cor16 = prove_thm
("UNLESS_cor16",
`!(P:num->('a->bool)) Q Pr.
(!i. ((P i) UNLESS (Q i))Pr) ==>
(!i. ((/<=\* P i) UNLESS (\<=/* Q i))Pr)`,
REPEAT GEN_TAC THEN
DISCH_TAC THEN
INDUCT_TAC THENL
[
ASM_REWRITE_TAC [AND_LE_N_def;OR_LE_N_def]
;
REWRITE_TAC [AND_LE_N_def;OR_LE_N_def] THEN
ASSUME_TAC (SPEC (`SUC i`) (ASSUME
(`!i. (((P:num->('a->bool)) i) UNLESS (Q i))Pr`))) THEN
STRIP_ASSUME_TAC (UNDISCH_ALL (hd (IMP_CANON (SPECL
[(`/<=\* (P:num->('a->bool)) i`);
(`\<=/* (Q:num->('a->bool)) i`);
(`(P:num->('a->bool))(SUC i)`); (`(Q:num->('a->bool))(SUC i)`);
(`Pr:('a->'a)list`)]
UNLESS_thm6))))
]);;let UNLESS_cor17 = prove_thm
("UNLESS_cor17",
(`!(P:num->('a->bool)) q Pr.
(!i. ((P i) UNLESS q)Pr) ==> (!i. ((/<=\* P i) UNLESS q)Pr)`),
REPEAT GEN_TAC THEN
DISCH_TAC THEN
INDUCT_TAC THENL
[
ASM_REWRITE_TAC [AND_LE_N_def;OR_LE_N_def]
;
REWRITE_TAC [AND_LE_N_def;OR_LE_N_def] THEN
ASSUME_TAC (SPEC (`SUC i`) (ASSUME
(`!i. (((P:num->('a->bool)) i) UNLESS q)Pr`))) THEN
ASSUME_TAC (UNDISCH_ALL (hd (IMP_CANON (SPECL
[(`/<=\* (P:num->('a->bool)) i`); (`q:'a->bool`);
(`(P:num->('a->bool))(SUC i)`);
(`q:'a->bool`); (`Pr:('a->'a)list`)]
UNLESS_thm6)))) THEN
UNDISCH_ONE_TAC THEN
REWRITE_TAC [OR_OR_lemma]
]);;let UNLESS_STMT_cor18 = prove_thm
("UNLESS_STMT_cor18",
`!(P:num->('a->bool)) Q st.
(!i s. ((P i) UNLESS_STMT q) st s) ==>
(!s. (((?*) P) UNLESS_STMT q) st s)`,
REPEAT GEN_TAC THEN
REWRITE_TAC [FORALL_def; EXISTS_def; UNLESS_STMT; AND_def] THEN
CONV_TAC (DEPTH_CONV BETA_CONV) THEN
MESON_TAC []);;let UNLESS_cor18 = prove_thm
("UNLESS_cor18",
(`!(P:num->('a->bool)) q Pr.
(!m. ((P m) UNLESS q) Pr) ==> (((?*) P) UNLESS q) Pr`),
GEN_TAC THEN GEN_TAC THEN
LIST_INDUCT_TAC THEN
REWRITE_TAC [UNLESS] THEN
STRIP_TAC THEN
ASM_REWRITE_TAC [] THEN
STRIP_ASSUME_TAC (REWRITE_RULE [UNLESS_cor15_lem3] (ASSUME
`!m:num. (!s:'a. (P m UNLESS_STMT q) h s) /\ (P m UNLESS q) t`)) THEN
RES_TAC THEN
ASM_REWRITE_TAC [] THEN
IMP_RES_TAC UNLESS_STMT_cor18);;let UNLESS_cor19 = prove_thm
("UNLESS_cor19",
(`!Pr. (False:'a->bool) STABLE Pr`),
GEN_TAC THEN
REWRITE_TAC [STABLE] THEN
REWRITE_TAC [UNLESS_thm1]);;let UNLESS_cor20 = prove_thm
("UNLESS_cor20",
(`!(p:'a->bool) q Pr.
(p STABLE Pr) /\ (q STABLE Pr) ==> ((p /\* q) STABLE Pr)`),
REPEAT GEN_TAC THEN
REWRITE_TAC [STABLE] THEN
ACCEPT_TAC (REWRITE_RULE [AND_False_lemma;OR_False_lemma] (SPECL
[(`p:'a->bool`); (`False:'a->bool`);
(`q:'a->bool`); (`False:'a->bool`);
(`Pr:('a->'a)list`)] UNLESS_thm4)));;let UNLESS_cor21 = prove_thm
("UNLESS_cor21",
(`!(p:'a->bool) q Pr.
(p STABLE Pr) /\ (q STABLE Pr) ==> ((p \/* q) STABLE Pr)`),
REPEAT GEN_TAC THEN
REWRITE_TAC [STABLE] THEN
ACCEPT_TAC (REWRITE_RULE [AND_False_lemma;OR_False_lemma] (SPECL
[(`p:'a->bool`); (`False:'a->bool`);
(`q:'a->bool`); (`False:'a->bool`);
(`Pr:('a->'a)list`)] UNLESS_thm7)));;let UNLESS_cor23 = prove_thm
("UNLESS_cor23",
(`!(p:'a->bool) q r Pr.
((p UNLESS q) Pr) ==> ((p \/* r) UNLESS (q \/* r)) Pr`),
GEN_TAC THEN GEN_TAC THEN GEN_TAC THEN
LIST_INDUCT_TAC THEN
REWRITE_TAC [UNLESS] THEN
STRIP_TAC THEN
RES_TAC THEN
ASM_REWRITE_TAC [] THEN
IMP_RES_TAC UNLESS_STMT_thm6 THEN
ASM_REWRITE_TAC []);;