Computational realization of the formal ontology presented in Formal ontology of space, time, and physical entities in modern Classical Mechanics Thomas Bittner Department of Philosophy SUNY at Buffalo December 11, 2017 Contents 1 Setting up the formal environment 4 1.1 The frames R and S ....................... 4 1.2 The modal language and its interpretation in RS frames ... 5 1.3 RS frames with two domains of variables ............ 6 1.4 S5 Axioms, Barcan formula, etc. are satisfied ......... 7 1.5 KS - structures .......................... 10 2 Mereology (adopted from Clemens Ballari et. al) 11 2.1 Partial order ........................... 11 2.2 Upper and lower bounds of a set ................ 12 2.3 Least and greatest, as predicate ................. 13 2.4 Upper Semi-Lattices ....................... 15 2.5 Complete upper semi-lattices .................. 19 2.6 Infimum .............................. 20 2.7 Infimum meet and complement and difference as relations .. 21 2.8 Meet and Overlap in partial orders ............... 23 2.9 partial lower semilattice ..................... 27 2.10 Partial lattices .......................... 29 2.11 Total Orders ........................... 30 2.12 Mereology ............................. 30 3 Spacetime mereology with time slices 35 3.1 The non-modal part of TS mereology .............. 35 3.2 The modal part of TS mereology ................ 45 3.3 Newtonian space-time ...................... 46 1
291
Embed
bittner3/Theories/OntologyCM/document.pdf · Computational realization of the formal ontology presented in Formal ontology of space, time, and physical entities in modern Classical
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Computational realization of the formal ontology
presented in
Formal ontology of space, time, and physical
entities in modern Classical Mechanics
Thomas BittnerDepartment of Philosophy
SUNY at Buffalo
December 11, 2017
Contents
1 Setting up the formal environment 41.1 The frames R and S . . . . . . . . . . . . . . . . . . . . . . . 41.2 The modal language and its interpretation in RS frames . . . 51.3 RS frames with two domains of variables . . . . . . . . . . . . 61.4 S5 Axioms, Barcan formula, etc. are satisfied . . . . . . . . . 71.5 KS - structures . . . . . . . . . . . . . . . . . . . . . . . . . . 10
9 Proof that the model AtE-Inst-ST-frame-M satisfies the ax-ioms of the formal theory – they are extremely ugly andtedious ... 1099.1 Preliminary lemmata . . . . . . . . . . . . . . . . . . . . . . . 1099.2 The Model satisfies the axioms of the locale S5-RS-frame . . 1209.3 The Model satisfies the axioms of the locale two-sort-S5-RS-
frame . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1219.4 The Model satisfies the axioms of the locale S5-RS-2S-partial-
order . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1219.5 The Model satisfies the axioms of the locale upper-semilattice 1229.6 The Model satisfies the axioms of the locale complete-upper-
semilattice . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1229.7 The Model satisfies the axioms of the locale partial-lower-
semilattice . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1239.8 The Model satisfies the axioms of the locale partial-lattice . . 1239.9 The Model satisfies the axioms of the locale S5-RS-2S-GEM . 1239.10 The Model satisfies the axioms of the locale TS-mereology . . 1249.11 The Model satisfies the axioms of the locale M-TS-mereology 1289.12 The Model satisfies the axioms of the locale Inst-TS-mereology1609.13 The Model satisfies the axioms of the locale AtE-Inst-TS-
lemma (in two-sort-S5-RS-frame) box-neg-dia-neg-aR: b∀ a x .(�R (PX x )) ↔ (¬♦R(¬ PX x ))c by blastlemma (in two-sort-S5-RS-frame) box-neg-dia-neg-AR: b∀ A x .(�R (PX x )) ↔(¬ ♦R(¬ PX x ))c by blast
lemma (in two-sort-S5-RS-frame) box-neg-dia-neg-bR: b∀ bx .(�R (PX x )) ↔ (¬♦R(¬ PX x ))c by blast
lemma (in two-sort-S5-RS-frame) dia-neg-box-neg-aR: b∀ a x . (♦R(PX x ) ↔ (¬�R(¬(PXx ))))c by blastlemma (in two-sort-S5-RS-frame) dia-neg-box-neg-AR: b∀ A x . (♦R(PX x ) ↔(¬�R(¬(PX x ))))c by blastlemma (in two-sort-S5-RS-frame) dia-neg-box-neg-bR: b∀ b x . (♦R(PX x ) ↔ (¬�R(¬(PXx ))))c by blast
lemma (in two-sort-S5-RS-frame) K-aR-valid : b∀ a x .�R(PX x → QX x ) →(�R(PX x ) → �R(QX x ))c by blastlemma (in two-sort-S5-RS-frame) K-AR-valid : b∀ A x .�R(PX x → QX x ) →(�R(PX x ) → �R(QX x ))c by blast
7
lemma (in two-sort-S5-RS-frame) K-bR-valid : b∀ b x .�R(PX x → QX x ) →(�R(PX x ) → �R(QX x ))c by blast
lemma (in two-sort-S5-RS-frame) BC-aR-valid : b(∀ a x . �R(PX x )) ↔ (�R(∀ a
x .(PX x ))) c by fastlemma (in two-sort-S5-RS-frame) BC-AR-valid : b(∀ A x . �R(PX x )) ↔ (�R(∀ A
x .(PX x ))) c by fastforcelemma (in two-sort-S5-RS-frame) BC-bR-valid : b(∀ b x . �R(PX x )) ↔ (�R(∀ b
x .(PX x ))) c by fast
lemma (in two-sort-S5-RS-frame) box-neg-dia-neg-aS : b∀ a x .(�S (PX x )) ↔ (¬♦S(¬ PX x ))c by blastlemma (in two-sort-S5-RS-frame) box-neg-dia-neg-AS : b∀ A x .(�S (PX x )) ↔(¬ ♦S(¬ PX x ))c by blastlemma (in two-sort-S5-RS-frame) box-neg-dia-neg-bS : b∀ b x .(�S (PX x )) ↔ (¬♦S(¬ PX x ))c by blast
lemma (in two-sort-S5-RS-frame) dia-neg-box-neg-aS : b∀ a x . (♦S(PX x ) ↔(¬�S(¬(PX x ))))c by blastlemma (in two-sort-S5-RS-frame) dia-neg-box-neg-AS : b∀ A x . (♦S(PX x ) ↔(¬�S(¬(PX x ))))c by blastlemma (in two-sort-S5-RS-frame) dia-neg-box-neg-bS : b∀ b x . (♦S(PX x ) ↔(¬�S(¬(PX x ))))c by blast
lemma (in two-sort-S5-RS-frame) K-aS-valid : b∀ ax .�S(PX x → QX x ) →(�S(PX x ) → �S(QX x ))c by blastlemma (in two-sort-S5-RS-frame) K-AS-valid : b∀ Ax .�S(PX x → QX x ) →(�S(PX x ) → �S(QX x ))c by blastlemma (in two-sort-S5-RS-frame) K-bS-valid : b∀ bx .�S(PX x → QX x ) → (�S(PXx ) → �S(QX x ))c by blast
lemma (in two-sort-S5-RS-frame) BC-aS-valid : b(∀ a x . �S(PX x )) ↔ (�S(∀ a
x .(PX x ))) c by fastlemma (in two-sort-S5-RS-frame) BC-AS-valid : b(∀ A x . �S(PX x )) ↔ (�S(∀ A
x .(PX x ))) c by fastforcelemma (in two-sort-S5-RS-frame) BC-bS-valid : b(∀ b x . �S(PX x )) ↔ (�S(∀ b
x .(PX x ))) c by fast
lemma (in two-sort-S5-RS-frame) SR-iff-aRS : b∀ a x .(�S(�R(PX x ))) ↔ (�R(�S(PXx )))c by forcelemma (in two-sort-S5-RS-frame) SR-iff-ARS : b∀ A x .(�S(�R(PX x ))) ↔ (�R(�S(PXx )))c by forcelemma (in two-sort-S5-RS-frame) SR-iff-bRS : b∀ b x .(�S(�R(PX x ))) ↔ (�R(�S(PXx )))c by force
lemma (in two-sort-S5-RS-frame) box-neg-dia-neg-aRS : b∀ a x .(�(PX x )) ↔ (¬♦(¬ PX x ))c by blastlemma (in two-sort-S5-RS-frame) box-neg-dia-neg-ARS : b∀ A x .(�(PX x )) ↔(¬ ♦(¬ PX x ))c by blast
8
lemma (in two-sort-S5-RS-frame) box-neg-dia-neg-bRS : b∀ b x .(�(PX x )) ↔ (¬♦(¬ PX x ))c by blast
lemma (in two-sort-S5-RS-frame) dia-neg-box-neg-aRS : b∀ a x . (♦(PX x ) ↔(¬�(¬(PX x ))))c by blastlemma (in two-sort-S5-RS-frame) dia-neg-box-neg-ARS : b∀ A x . (♦(PX x ) ↔(¬�(¬(PX x ))))c by blastlemma (in two-sort-S5-RS-frame) dia-neg-box-neg-bRS : b∀ b x . (♦(PX x ) ↔(¬�(¬(PX x ))))c by blast
lemma (in two-sort-S5-RS-frame) K-aRS-valid : b∀ a x .�(PX x → QX x ) →(�(PX x ) → �(QX x ))c by simplemma (in two-sort-S5-RS-frame) K-ARS-valid : b∀ A x .�(PX x → QX x ) →(�(PX x ) → �(QX x ))c by simplemma (in two-sort-S5-RS-frame) K-bRS-valid : b∀ b x .�(PX x → QX x ) →(�(PX x ) → �(QX x ))c by simp
lemma (in S5-RS-frame) R-euclidean: [[x ∈ r-carrier L; y ∈ r-carrier L; z ∈r-carrier L; x RL y ; x RL z ]] =⇒ y RL z
using R-sym R-trans by blast
lemma (in S5-RS-frame) S-euclidean: [[x ∈ s-carrier L; y ∈ s-carrier L; z ∈s-carrier L; x SL y ; x SL z ]] =⇒ y SL z
using S-sym S-trans by blast
lemma (in two-sort-S5-RS-frame) T-aR-valid : b∀ a x . �R(PX x ) → (PX x )cusing R-ref by autolemma (in two-sort-S5-RS-frame) T-AR-valid : b∀ A x . �R(PX x ) → (PX x )cusing R-ref by auto
lemma (in two-sort-S5-RS-frame) T-bR-valid : b∀ b x . �R(PX x ) → (PX x )cusing R-ref by auto
lemma (in two-sort-S5-RS-frame) Five-aR-valid : b∀ a x .♦R (�R (PX x )) → �R
(♦R (PX x )) c using R-sym R-trans by (metis r-RS .simps s-RS .simps)lemma (in two-sort-S5-RS-frame) Five-AR-valid : b∀ A x .♦R (�R (PX x )) → �R
(♦R (PX x )) c using R-sym R-trans by (metis r-RS .simps s-RS .simps)lemma (in two-sort-S5-RS-frame) Five-bR-valid : b∀ b x .♦R (�R (PX x )) → �R
(♦R (PX x )) c using R-sym R-trans by (metis r-RS .simps s-RS .simps)
lemma (in two-sort-S5-RS-frame) T-aS-valid : b∀ a x . �S(PX x ) → (PX x )c us-ing S-ref by simplemma (in two-sort-S5-RS-frame) T-AS-valid : b∀ A x . �S(PX x ) → (PX x )cusing S-ref by simplemma (in two-sort-S5-RS-frame) T-bS-valid : b∀ b x . �S(PX x ) → (PX x )c usingS-ref by simp
lemma (in two-sort-S5-RS-frame) Five-aS-valid : b∀ a x .♦S (�S (PX x )) → �S
9
(♦S (PX x )) c using S-sym S-trans by (metis r-RS .simps s-RS .simps)lemma (in two-sort-S5-RS-frame) Five-AS-valid : b∀ A x .♦S (�S (PX x )) → �S
(♦S (PX x )) c using S-sym S-trans by (metis r-RS .simps s-RS .simps)lemma (in two-sort-S5-RS-frame) Five-bS-valid : b∀ b x .♦S (�S (PX x )) → �S
(♦S (PX x )) c using S-sym S-trans by (metis r-RS .simps s-RS .simps)
lemma (in two-sort-S5-RS-frame) T-aRS-valid : b∀ a x . �(PX x ) → (PX x )c us-ing R-ref S-ref by simplemma (in two-sort-S5-RS-frame) T-ARS-valid : b∀ A x . �(PX x ) → (PX x )cusing R-ref S-ref by simplemma (in two-sort-S5-RS-frame) T-bRS-valid : b∀ b x . �(PX x ) → (PX x )c us-ing R-ref S-ref by simp
lemma (in two-sort-S5-RS-frame) Five-RS-valid : b∀ a x .♦ (� (PX x )) → � (♦(PX x )) c using R-sym R-trans S-sym S-trans by (metis r-RS .simps s-RS .simps)
definitionleast :: [-, ′a, ′a set ] => boolwhere least L l A ←→ A ⊆ carrier L & l ∈ A & (ALL x : A. l vL x )
definitiongreatest :: [-, ′a, ′a set ] => boolwhere greatest L g A ←→ A ⊆ carrier L & g ∈ A & (ALL x : A. x vL g)
lemma least-closed [intro, simp]:least L l A ==> l ∈ carrier Lby (unfold least-def ) fast
lemma least-mem:least L l A ==> l ∈ Aby (unfold least-def ) fast
13
lemma (in S5-RS-2S-partial-order) least-unique:[| least L x A; least L y A |] ==> x = yby (unfold least-def ) blast
lemma least-le:fixes L (structure)shows [| least L x A; a ∈ A |] ==> x v aby (unfold least-def ) fast
lemma least-UpperI :fixes L (structure)assumes above: !! x . x ∈ A ==> x v s
and below : !! y . y ∈ Upper L A ==> s v yand L: A ⊆ carrier L s ∈ carrier L
shows least L s (Upper L A)proof −
have Upper L A ⊆ carrier L by simpmoreover from above L have s ∈ Upper L A by (simp add : Upper-def )moreover from below have ALL x : Upper L A. s v x by fastultimately show ?thesis by (simp add : least-def )
qed
lemma least-Upper-above:fixes L (structure)shows [| least L s (Upper L A); x ∈ A; A ⊆ carrier L |] ==> x v sby (unfold least-def ) blast
lemma greatest-closed [intro, simp]:greatest L l A ==> l ∈ carrier Lby (unfold greatest-def ) fast
lemma greatest-mem:greatest L l A ==> l ∈ Aby (unfold greatest-def ) fast
lemma (in S5-RS-2S-partial-order) greatest-unique:[| greatest L x A; greatest L y A |] ==> x = yby (unfold greatest-def ) blast
lemma greatest-le:fixes L (structure)shows [| greatest L x A; a ∈ A |] ==> a v xby (unfold greatest-def ) fast
lemma greatest-LowerI :fixes L (structure)assumes below : !! x . x ∈ A ==> i v x
14
and above: !! y . y ∈ Lower L A ==> y v iand L: A ⊆ carrier L i ∈ carrier L
shows greatest L i (Lower L A)proof −
have Lower L A ⊆ carrier L by simpmoreover from below L have i ∈ Lower L A by (simp add : Lower-def )moreover from above have ALL x : Lower L A. x v i by fastultimately show ?thesis by (simp add : greatest-def )
qed
lemma greatest-Lower-below :fixes L (structure)shows [| greatest L i (Lower L A); x ∈ A; A ⊆ carrier L |] ==> i v xby (unfold greatest-def ) blast
2.4 Upper Semi-Lattices
definitionsup :: [-, ′a set ] => ′a (
⊔ı- [90 ] 90 )
where⊔
LA = (SOME x . least L x (Upper L A))
definitionjoin :: [-, ′a, ′a] => ′a (infixl tı 65 )where x tL y =
⊔L{x , y}
locale upper-semilattice = S5-RS-2S-partial-order L for L (structure) +assumes sup-of-two-exists:
[| x ∈ carrier L; y ∈ carrier L |] ==> EX s. least L s (Upper L {x , y})
lemma (in upper-semilattice) joinI :[| !!l . least L l (Upper L {x , y}) ==> P l ; x ∈ carrier L; y ∈ carrier L |]==> P (x t y)
proof (unfold join-def sup-def )assume L: x ∈ carrier L y ∈ carrier L
and P : !!l . least L l (Upper L {x , y}) ==> P lwith sup-of-two-exists obtain s where least L s (Upper L {x , y}) by fastwith L show P (SOME l . least L l (Upper L {x , y}))
by (fast intro: someI2 P)qed
lemma (in upper-semilattice) join-closed [simp]:[| x ∈ carrier L; y ∈ carrier L |] ==> x t y ∈ carrier Lby (rule joinI ) (rule least-closed)
15
lemma (in S5-RS-2S-partial-order) sup-of-singletonI :x ∈ carrier L ==> least L x (Upper L {x})by (rule least-UpperI ) auto
lemma (in S5-RS-2S-partial-order) sup-of-singleton [simp]:x ∈ carrier L ==>
lemma (in upper-semilattice) sup-insertI :[| !!s. least L s (Upper L (insert x A)) ==> P s;least L a (Upper L A); x ∈ carrier L; A ⊆ carrier L |]==> P (
⊔(insert x A))
proof (unfold sup-def )assume L: x ∈ carrier L A ⊆ carrier L
and P : !!l . least L l (Upper L (insert x A)) ==> P land least-a: least L a (Upper L A)
from L least-a have La: a ∈ carrier L by simpfrom L sup-of-two-exists least-aobtain s where least-s: least L s (Upper L {a, x}) by blastshow P (SOME l . least L l (Upper L (insert x A)))proof (rule someI2 )
show least L s (Upper L (insert x A))proof (rule least-UpperI )
fix zassume z ∈ insert x Athen show z v sproof
assume z = x then show ?thesisby (simp add : least-Upper-above [OF least-s] L La)
nextassume z ∈ Awith L least-s least-a show ?thesis
by (rule-tac le-trans [where y = a]) (auto dest : least-Upper-above)qed
nextfix yassume y : y ∈ Upper L (insert x A)show s v yproof (rule least-le [OF least-s], rule Upper-memI )
fix zassume z : z ∈ {a, x}
16
then show z v yproof
have y ′: y ∈ Upper L Aapply (rule subsetD [where A = Upper L (insert x A)])apply (rule Upper-antimono)apply blast
apply (rule y)done
assume z = awith y ′ least-a show ?thesis by (fast dest : least-le)
nextassume z ∈ {x}with y L show ?thesis by blast
qedqed (rule Upper-closed [THEN subsetD , OF y ])
nextfrom L show insert x A ⊆ carrier L by simpfrom least-s show s ∈ carrier L by simp
qedqed (rule P)
qed
lemma (in upper-semilattice) finite-sup-least :[| finite A; A ⊆ carrier L; A ∼= {} |] ==> least L (
⊔A) (Upper L A)
proof (induct set : finite)case emptythen show ?case by simp
nextcase (insert x A)show ?caseproof (cases A = {})
case Truewith insert show ?thesis
by simp (simp add : sup-of-singletonI )next
case Falsewith insert have least L (
⊔A) (Upper L A) by simp
with - show ?thesisby (rule sup-insertI ) (simp-all add : insert [simplified ])
qedqed
lemma (in upper-semilattice) finite-sup-insertI :assumes P : !!l . least L l (Upper L (insert x A)) ==> P l
and xA: finite A x ∈ carrier L A ⊆ carrier Lshows P (
⊔(insert x A))
proof (cases A = {})case True with P and xA show ?thesis
using finite-sup-least by blast
17
nextcase False with P and xA show ?thesis
by (simp add : sup-insertI finite-sup-least)qed
lemma (in upper-semilattice) finite-sup-closed [simp]:[| finite A; A ⊆ carrier L; A ∼= {} |] ==>
⊔A ∈ carrier L
proof (induct set : finite)case empty then show ?case by simp
nextcase insert then show ?case
by − (rule finite-sup-insertI , simp-all)qed
lemma (in upper-semilattice) join-left :[| x ∈ carrier L; y ∈ carrier L |] ==> x v x t yby (rule joinI [folded join-def ]) (blast dest : least-mem)
lemma (in upper-semilattice) join-right :[| x ∈ carrier L; y ∈ carrier L |] ==> y v x t yby (rule joinI [folded join-def ]) (blast dest : least-mem)
lemma (in upper-semilattice) sup-of-two-least :[| x ∈ carrier L; y ∈ carrier L |] ==> least L (
⊔{x , y}) (Upper L {x , y})
proof (unfold sup-def )assume L: x ∈ carrier L y ∈ carrier Lwith sup-of-two-exists obtain s where least L s (Upper L {x , y}) by fastwith L show least L (SOME z . least L z (Upper L {x , y})) (Upper L {x , y})by (fast intro: someI2 least-unique)
qed
lemma (in upper-semilattice) join-le:assumes sub: x v z y v z
and x : x ∈ carrier L and y : y ∈ carrier L and z : z ∈ carrier Lshows x t y v z
proof (rule joinI [OF - x y ])fix sassume least L s (Upper L {x , y})with sub z show s v z by (fast elim: least-le intro: Upper-memI )
qed
lemma (in upper-semilattice) join-assoc-lemma:assumes L: x ∈ carrier L y ∈ carrier L z ∈ carrier Lshows x t (y t z ) =
⊔{x , y , z}
proof (rule finite-sup-insertI )— The textbook argument in Jacobson I, p 457fix sassume sup: least L s (Upper L {x , y , z})show x t (y t z ) = s
18
proof (rule le-antisym)from sup L show x t (y t z ) v s
by (fastforce intro!: join-le elim: least-Upper-above)next
from sup L show s v x t (y t z )by (erule-tac least-le)
lemma join-comm:fixes L (structure)shows x t y = y t xby (unfold join-def ) (simp add : insert-commute)
lemma (in upper-semilattice) join-assoc:assumes L: x ∈ carrier L y ∈ carrier L z ∈ carrier Lshows (x t y) t z = x t (y t z )
proof −have (x t y) t z = z t (x t y) by (simp only : join-comm)also from L have ... =
⊔{z , x , y} by (simp add : join-assoc-lemma)
also from L have ... =⊔{x , y , z} by (simp add : insert-commute)
also from L have ... = x t (y t z ) by (simp add : join-assoc-lemma [symmetric])finally show ?thesis by (simp add : L)
qed
lemma (in upper-semilattice) le-iff-join:fixes x yassumes carr : x ∈ carrier L y ∈ carrier L
shows (x vL y) = (x t y = y) using assms by (metis eq-impl-le join-closedjoin-le join-left join-right local .le-antisym)
lemma (in upper-semilattice) join-idemp:fixes xassumes carr : x ∈ carrier Lshows (x t x = x ) unfolding join-def using assms by simp
2.5 Complete upper semi-lattices
locale complete-upper-semilattice = upper-semilattice L for L (structure) +assumes sup-exists:
[| A 6= {}; A ⊆ carrier L |] ==> EX s. least L s (Upper L A)
definitiontop :: - => ′a (>ı)
19
where >L = sup L (carrier L)
lemma (in complete-upper-semilattice) supI :[| !!l . least L l (Upper L A) ==> P l ; A ⊆ carrier L; A 6={} |]==> P (
⊔A)
proof (unfold sup-def )assume L: A 6={} A ⊆ carrier L
and P : !!l . least L l (Upper L A) ==> P lwith sup-exists obtain s where least L s (Upper L A) by blastwith L show P (SOME l . least L l (Upper L A))by (fast intro: someI2 least-unique P)
qed
lemma (in complete-upper-semilattice) sup-closed [simp]:[[ A 6= {}; A ⊆ carrier L]] =⇒
assumes a2 : ∀ y∈carrier L. x vL yshows greatest L x (Lower L (carrier L)) ∧ x ∈ carrier L
by (simp add : Lower-memD a1 a2 greatest-LowerI )
lemma gL-to-bottom:assumes greatest L x (Lower L (carrier L))
assumes x ∈ carrier Lshows ∀ y∈carrier L. x vL y by (meson assms(1 ) greatest-Lower-below subset-iff )
2.7 Infimum meet and complement and difference as rela-tions
definitionis-inf :: [-, ′a set , ′a] => boolwhere is-inf L A a ≡ greatest L a (Lower L A)
definitionis-meet :: [-, ′a, ′a, ′a] => boolwhere is-meet L x y z ≡ is-inf L {x , y} z
definitionis-compl :: [-, ′a, ′a] => boolwhere is-compl L x x ′ ≡ x ′ ∈ carrier L ∧ ¬(∃ y . is-inf L {x , x ′} y) ∧ (>L = xtL x ′)
definitionis-diff :: [-, ′a, ′a, ′a] => boolwhere is-diff L x y z ≡ ∃ y ′. is-compl L y y ′ ∧ is-inf L {x ,y ′} z
lemma (in S5-RS-2S-partial-order) is-infI :assumes greatest L a (Lower L A)shows is-inf L A ausing assms unfolding is-inf-def by simp
lemma (in S5-RS-2S-partial-order) is-meetI :assumes is-inf L {x , y} zshows is-meet L x y zusing assms unfolding is-meet-def by simp
lemma (in S5-RS-2S-partial-order) is-complI :assumes x ′ ∈ carrier L ¬(∃ y . is-inf L {x , x ′} y) (>L = x tL x ′)shows is-compl L x x ′
using assms unfolding is-compl-def by simp
lemma (in S5-RS-2S-partial-order) is-diffI :assumes ∃ y ′. is-compl L y y ′ ∧ is-inf L {x ,y ′} zshows is-diff L x y zusing assms unfolding is-diff-def by simp
21
lemma (in S5-RS-2S-partial-order) is-infE :assumes p: is-inf L A a and e: [[greatest L a (Lower L A)]] =⇒ Pshows Pusing p by (simp add : e is-inf-def )
lemma (in S5-RS-2S-partial-order) is-meetE :assumes p: is-meet L x y z and e: [[is-inf L {x ,y} z ]] =⇒ Pshows Pusing p by (simp add : e is-meet-def )
lemma (in S5-RS-2S-partial-order) is-complE :assumes p: is-compl L x x ′ and e: [[x ′ ∈ carrier L;¬(∃ y . is-inf L {x , x ′} y);
(>L = x tL x ′)]] =⇒ Pshows Pusing p by (simp add : e is-compl-def )
lemma (in S5-RS-2S-partial-order) is-diffE :assumes p: is-diff L x y z and e: [[∃ y ′. is-compl L y y ′ ∧ is-inf L {x ,y ′} z ]] =⇒
Pshows Pusing p by (simp add : e is-diff-def )
lemma (in S5-RS-2S-partial-order) is-inf-closed :assumes is-inf L {x ,y} zshows z ∈ carrier Lby (meson assms greatest-closed is-infE )
lemma (in S5-RS-2S-partial-order) is-meet-closed :assumes is-meet L x y zshows z ∈ carrier Lby (meson assms is-inf-closed is-meetE )
lemma (in S5-RS-2S-partial-order) is-compl-closed :assumes is-compl L x x ′
shows x ′ ∈ carrier L using assms is-complE by blast
lemma (in S5-RS-2S-partial-order) is-meet-refl : x ∈ carrier L =⇒ is-meet L x xxproof −
assume carr : x ∈ carrier Lshow is-meet L x x xproof (unfold is-meet-def is-inf-def , rule greatest-LowerI )
show∧
xa. xa ∈ {x , x} =⇒ x v xa using carr by blastnext
show∧
y . y ∈ Lower L {x , x} =⇒ y v x using carr by blastnext
show {x , x} ⊆ carrier L using carr by blast
22
nextshow x ∈ carrier L using carr by blast
qedqed
lemma is-meet-sym: is-meet L x y z =⇒ is-meet L y x z unfolding is-meet-defby (simp add : insert-commute)
lemma (in complete-upper-semilattice) compl-impl-neg-is-meet :fixes x x ′
assumes isCompl : is-compl L x x ′
shows ¬(∃ y . is-meet L x x ′ y)proof
assume a1 : (∃ y . is-meet L x x ′ y)show Falseproof (rule is-complE [of x x ′])
from assms show is-compl L x x ′ by autonext
assume a2 : @ y . is-inf L {x , x ′} y and a3 : > = x t x ′
show False by (meson a1 a2 is-meetE )qed
qed
lemma (in S5-RS-2S-partial-order) compl-impl-join-top:fixes x x ′
assumes isCompl : is-compl L x x ′
shows x tL x ′ = >Lproof (rule is-complE [of x x ′])
show is-compl L x x ′ using isCompl by autonext
assume a1 : @ y . is-inf L {x , x ′} yassume a2 : > = x t x ′
show x t x ′ = > using a2 by autoqed
lemma (in complete-upper-semilattice) is-compl-idemp:fixes x x ′ x ′′
assumes x ∈ carrier L is-compl L x x ′ is-compl L x ′ x ′′
shows x = x ′′
oops
2.8 Meet and Overlap in partial orders
definitionoverlap :: [-, ′a, ′a] => bool (infixl .O ı 70 )where x .OL y ≡ (∃ z . z ∈ carrier L ∧ z vL x ∧ z vL y)
definition PO :: [-, ′a, ′a] => bool
23
where PO L x y ≡ x .OL y ∧ ¬ ( x vL y) ∧ ¬ ( y vL x )
lemma (in S5-RS-2S-partial-order) O-refl :assumes x ∈ carrier Lshows x .O x
proof −from assms have x v x using le-refl by blastfrom this and assms have ∃ z . z ∈ carrier L ∧ z v x ∧ z v x by blastfrom this show ?thesis by (simp add : overlap-def )
qed
lemma O-sym:fixes L (structure)assumes x .O yshows y .O x
proof −from assms have (∃ z . z ∈ carrier L ∧ z v x ∧ z v y) by (simp add : overlap-def )from this have (∃ z . z∈ carrier L ∧ z v y ∧ z v x ) by autofrom this show ?thesis by (simp add : overlap-def )
qed
lemma overlapI :fixes L (structure)assumes ∃ z . z ∈ carrier L ∧ z vL x ∧ z vL yshows x .OL yusing assms unfolding overlap-def by auto
lemma overlapE :fixes L (structure)assumes x .O y and [[∃ z . z ∈ carrier L ∧ z v x ∧ z v y ]] =⇒ Pshows Pusing assms by (simp add : overlap-def )
lemma (in S5-RS-2S-partial-order) le-and-O-imp-O :assumes mem: x ∈ carrier L y ∈ carrier Lassumes le: x v y and o: x .O zshows y .O z
proof −from o have ∃ zz . zz ∈ carrier L ∧ zz v x ∧ zz v z by (simp add : overlap-def )from this obtain zz where l1 : zz ∈ carrier L ∧ zz v x ∧ zz v z by blastfrom this and le and mem have zz v y using le-trans by blastfrom this and l1 have ∃ zz . zz ∈ carrier L ∧ zz v y ∧ zz v z by blastfrom this show ?thesis by (simp add : overlap-def )
qed
lemma (in S5-RS-2S-partial-order) le-impl-O :assumes x ∈ carrier Lassumes x v y
24
shows x .O yproof −
from assms have ∃ z . z ∈ carrier L ∧ z v x ∧ z v y using le-refl by blastfrom this show ?thesis by (simp add : overlap-def )
qed
lemma (in S5-RS-2S-partial-order) le-impl-O-impl-O :fixes x yassumes x ∈ carrier L y ∈ carrier Lassumes x v yshows ∀ z . z ∈ carrier L ∧ z .O x −→ z .O y
prooffix zshow z ∈ carrier L ∧ z .O x −→ z .O yproof
assume a: z ∈ carrier L ∧ z .O xshow z .O yproof (rule overlapI )
from a have ∃ za. za ∈ carrier L ∧ za v z ∧ za v x unfolding overlap-defby auto
from this obtain za where ll2 : za ∈ carrier L ∧ za v z ∧ za v x by autofrom this and assms have za v y using le-trans by autofrom this and ll2 show ∃ za. za ∈ carrier L ∧ za v z ∧ za v y by blast
qedqed
qed
lemma (in S5-RS-2S-partial-order) PO-irrfl :assumes carr : x ∈ carrier Lshows ¬(PO L x x )
proofassume a: PO L x xfrom carr and a show False unfolding PO-def by blast
qed
lemma (in S5-RS-2S-partial-order) PO-sym:assumes PO L x yshows PO L y x
proof −from assms show ?thesis unfolding PO-def by (simp add : O-sym)
qed
lemma (in S5-RS-2S-partial-order) neg-le-impl-negO-or-PO-or-lless:assumes carr : x ∈ carrier L y ∈ carrier Lassumes neg-le: ¬ x v yshows (¬ (x .O y)) ∨ (PO L x y ∨ y @ x )
25
using PO-def llessI neg-le by fastforce
lemma (in S5-RS-2S-partial-order) negO-or-PO-or-lless-impl-neg-le:assumes carr : x ∈ carrier L y ∈ carrier Lassumes (¬ (x .O y)) ∨ (PO L x y ∨ y @ x )shows ¬ x v y
by (metis PO-def assms(3 ) carr(1 ) carr(2 ) le-impl-O llessE local .le-antisym)
lemma (in S5-RS-2S-partial-order) neg-le-iff-negO-or-PO-or-lless:[[x ∈ carrier L; y ∈ carrier L]] =⇒ (¬ x v y = (¬ (x .O y)) ∨ (PO L x y ∨ y @
x ))using le-impl-O neg-le-impl-negO-or-PO-or-lless by blast
lemma (in S5-RS-2S-partial-order) is-meet-impl-overlap: [[x ∈ carrier L;y ∈ car-rier L; (is-meet L x y z )]] =⇒ (x .OL y)proof −
fix x y zassume carrX : x ∈ carrier L and carrY : y ∈ carrier Lshow (is-meet L x y z ) =⇒ (x .O y)proof −
assume a1 : is-meet L x y zshow (x .OL y)proof (rule overlapI [of L x y ], rule is-meetE [of x y z ])
from a1 show is-meet L x y z by simpnext
assume a2 : is-inf L {x , y} zshow ∃ z . z ∈carrier L ∧ z v x ∧ z v yproof (rule exI [of λz . z ∈ carrier L ∧ z v x ∧ z v y z ], rule is-infE [of
{x , y} z ])show is-inf L {x , y} z using a2 by simp
nextassume a3 : greatest L z (Lower L {x , y})show z ∈ carrier L ∧ z v x ∧ z v y
proof (rule conjI )from a3 show z ∈ carrier L using greatest-closed by auto
nextshow z v x ∧ z v yproof (rule conjI )from carrX and carrY and a3 show z v x using greatest-Lower-below
[of L z {x , y} x ] by blastnextfrom carrX and carrY and a3 show z v y using greatest-Lower-below
[of L z {x , y} y ] by blastqed
qedqed
qedqed
qed
26
lemma (in S5-RS-2S-partial-order) is-meet-left :[| x ∈ carrier L; y ∈ carrier L; z ∈ carrier L; is-meet L x y z |] ==> z v xunfolding is-meet-def using greatest-mem Lower-memD is-inf-def by fastforce
lemma (in S5-RS-2S-partial-order) is-meet-right :[| x ∈ carrier L; y ∈ carrier L; z ∈ carrier L; is-meet L x y z |] ==> z v yunfolding is-meet-def using greatest-mem Lower-memD is-inf-def by fastforce
2.9 partial lower semilattice
locale partial-lower-semilattice = S5-RS-2S-partial-order L for L (structure) +assumes inf-of-two-exists:
[| x ∈ carrier L; y ∈ carrier L; x .OL y |] ==> EX s. greatest L s (Lower L{x , y})
lemma (in partial-lower-semilattice) inf-insertI :[| !!i . greatest L i (Lower L (insert x A)) ==> P i ;greatest L a (Lower L A); x ∈ carrier L; A ⊆ carrier L; a .OL x |]==> P (
d(insert x A))
proof (unfold inf-def )assume L: x ∈ carrier L A ⊆ carrier L
and P : !!g . greatest L g (Lower L (insert x A)) ==> P gand O : a .OL xand greatest-a: greatest L a (Lower L A)
from L greatest-a have La: a ∈ carrier L by simpfrom L inf-of-two-exists greatest-a Oobtain i where greatest-i : greatest L i (Lower L {a, x}) by blastshow P (SOME g . greatest L g (Lower L (insert x A)))proof (rule someI2 )
show greatest L i (Lower L (insert x A))proof (rule greatest-LowerI )
fix zassume z ∈ insert x Athen show i v zproof
assume z = x then show ?thesisby (simp add : greatest-Lower-below [OF greatest-i ] L La)
nextassume z ∈ Awith L greatest-i greatest-a show ?thesis
by (rule-tac le-trans [where y = a]) (auto dest : greatest-Lower-below)qed
nextfix y
27
assume y : y ∈ Lower L (insert x A)show y v iproof (rule greatest-le [OF greatest-i ], rule Lower-memI )
fix zassume z : z ∈ {a, x}then show y v zproof
have y ′: y ∈ Lower L Aapply (rule subsetD [where A = Lower L (insert x A)])apply (rule Lower-antimono)apply blast
apply (rule y)done
assume z = awith y ′ greatest-a show ?thesis by (fast dest : greatest-le)
nextassume z ∈ {x}with y L show ?thesis by blast
qedqed (rule Lower-closed [THEN subsetD , OF y ])
nextfrom L show insert x A ⊆ carrier L by simpfrom greatest-i show i ∈ carrier L by simp
qedqed (rule P)
qed
lemma (in partial-lower-semilattice) inf-of-two-greatest :[| x ∈ carrier L; y ∈ carrier L; x .O y |] ==>greatest L (
d{x , y}) (Lower L {x , y})
proof (unfold inf-def )assume L: x ∈ carrier L y ∈ carrier L x .O ywith inf-of-two-exists obtain s where greatest L s (Lower L {x , y}) by fastwith Lshow greatest L (SOME z . greatest L z (Lower L {x , y})) (Lower L {x , y})by (fast intro: someI2 greatest-unique)
qed
lemma (in partial-lower-semilattice) overlap-impl-is-meet : [[x ∈ carrier L;y ∈ car-rier L; x .O y ]] =⇒ (∃ z . is-meet L x y z )proof −
fix x yassume carr : x ∈ carrier L y ∈ carrier Lassume O : x .O y
28
show (∃ z . is-meet L x y z )proof−from carr and O have ∃ z . greatest L z (Lower L {x , y}) using inf-of-two-exists
by blastfrom this show ?thesis using is-meetI is-infI by blast
qedqed
lemma (in partial-lower-semilattice) greatest-lower-le:assumes sub: z v x z v y
and x : x ∈ carrier L and y : y ∈ carrier L and z : z ∈ carrier Lshows ∃ zz . greatest L zz (Lower L {x , y}) ∧ z v zz
proof −from sub z have x .O y using overlapI by fastforcefrom x y this have EX s. greatest L s (Lower L {x , y}) using inf-of-two-exists
by autofrom this obtain s where l1 : greatest L s (Lower L {x , y}) by autoshow ?thesisproof(rule exI [of λzz . greatest L zz (Lower L {x , y}) ∧ z v zz s], rule conjI )
from l1 show greatest L s (Lower L {x , y}) by autonext
from sub z l1 show z v s by (fast elim: greatest-le intro: Lower-memI )qed
qed
lemma (in partial-lower-semilattice) le-and-le-imp-is-meet-le:assumes sub: z v x z v y
and x : x ∈ carrier L and y : y ∈ carrier L and z : z ∈ carrier Lshows ∃ zz . is-meet L x y zz ∧ z v zz using assms greatest-lower-le by (meson
is-infI is-meetI )
lemma (in partial-lower-semilattice) is-meet-imp-le-and-le:assumes is-meet L x y z
and x : x ∈ carrier L and y : y ∈ carrier L and z : z ∈ carrier Lshows z v x ∧ z v y using assms is-meet-left is-meet-right by blast
lemma (in partial-lower-semilattice) overlap-iff-is-meet :assumes carr : x ∈ carrier L and y : y ∈ carrier Lshows (x .OL y) = (∃ z . is-meet L x y z ) unfolding overlap-def using assms
le-and-le-imp-is-meet-le is-meet-imp-le-and-le by (meson is-meet-closed)
2.10 Partial lattices
locale partial-lattice = complete-upper-semilattice L + partial-lower-semilattice Lfor L (structure)
29
2.11 Total Orders
locale S5-RS-2S-total-order = S5-RS-2S-partial-order +assumes total-order-total : [| x ∈ carrier L; y ∈ carrier L |] ==> x v y | y v x
2.12 Mereology
locale S5-RS-2S-GEM = partial-lattice L for L (structure) +assumes carrNE : carrier L 6= {}and noBot : (greatest L l (Lower L (carrier L))) =⇒ l /∈ carrier Land RP : [[ x ∈ carrier L; y ∈ carrier L; x @ y ]] =⇒ (∃ z ∈ (carrier L). ¬(z .O
x ) ∧ (z t x = y))
lemma (in S5-RS-2S-GEM ) SSP :fixes x y
assumes carr : x ∈ carrier L y ∈ carrier Lassumes neg-le: ¬(x v y)
shows ∃ z . z ∈ carrier L ∧ z v x ∧ ¬(z .O y)proof −from assms have d3 : (¬ (x .O y)) ∨ (PO L x y ∨ y @ x ) using neg-le-impl-negO-or-PO-or-lless
by blastfrom this show ?thesisproof
assume a: ¬ x .O yshow s: ∃ z . z ∈ carrier L ∧ z v x ∧ ¬(z .O y)proof(rule exI [of λz . z ∈ carrier L ∧ z v x ∧ ¬(z .O y) x ],auto)
from carr show x ∈ carrier L by autonext
from carr show x v x using le-refl by autonext
from a show x .O y =⇒ False by autoqed
nextshow PO L x y ∨ y @ x =⇒ ∃ z . z ∈ carrier L ∧ z v x ∧ ¬ z .O yproof −assume disj : PO L x y ∨ y @ xshow ∃ z . z ∈ carrier L ∧ z v x ∧ ¬ z .O yproof (rule disjE [of PO L x y y @ x ])
from disj show PO L x y ∨ y @ x by autonext
show PO L x y =⇒ ∃ z . z ∈ carrier L ∧ z v x ∧ ¬ z .O yproof −assume d1 : PO L x yshow ∃ z . z ∈ carrier L ∧ z v x ∧ ¬ z .O yproof −
30
from d1 have l1 : x .O y unfolding PO-def by autofrom carr and this have ∃ z . is-meet L x y z using overlap-impl-is-meet
by blastfrom this obtain z where l2 : is-meet L x y z by auto
from carr and this and d1 have z @ x unfolding PO-def usingis-meet-right llessI is-meet-left by (metis is-meet-closed)
from this and carr and l1 and l2 have (∃ zz ∈ (carrier L). ¬(zz .O z )∧ (zz t z = x )) using RP by (metis is-meet-closed)
from this obtain zz where l3 : zz ∈ (carrier L) ∧ ¬(zz .O z ) ∧ (zz t z= x ) by auto
from carr l1 l2 l3 have l4 : zz @ x by (metis O-sym join-comm join-rightle-impl-O llessI is-meet-closed)
from l3 have l5 : least L x (Upper L {zz ,z}) unfolding join-def sup-defby (metis is-meet-closed l2 sup-def sup-of-two-least)
from carr l1 l2 l3 l4 l5 have l6 : zz ∈ (carrier L) ∧ ¬(zz .O z ) ∧ zz @ x ∧greatest L z (Lower L {x ,y}) ∧ least L x (Upper L {zz ,z}) unfolding is-meet-defis-inf-def by blast
from this carr have l7 : ¬ (zz .O y) unfolding overlap-def us-ing S5-RS-2S-partial-order .le-trans S5-RS-2S-partial-order-axioms greatest-uniquegreatest-lower-le lless-imp-le by metis
from l4 have zz v x by (simp add : lless-imp-le)from this and l3 and l7 show ∃ z . z ∈ carrier L ∧ z v x ∧ ¬ z .O y by
autoqed
qednext
show y @ x =⇒ ∃ z . z ∈ carrier L ∧ z v x ∧ ¬ z .O yproof −assume d2 : y @ xshow ∃ z . z ∈ carrier L ∧ z v x ∧ ¬ z .O yproof −
from carr and d2 have (∃ z ∈ (carrier L). ¬(z .O y) ∧ (z t y = x ))using RP by blast
from this obtain z where l7 : z ∈ (carrier L) ∧ ¬(z .O y) ∧ (z t y =x ) by auto
from carr and this have l8 : z v x using join-left by autofrom carr l7 l8 show l9 : ∃ z . z ∈ carrier L ∧ z v x ∧ ¬ z .O y by auto
qedqed
qedqed
qedqed
lemma (in S5-RS-2S-GEM ) SSP2 :fixes x y
31
assumes carr : x ∈ carrier L y ∈ carrier Lassumes all : ∀ c. c ∈ carrier L ∧ c .OL x −→ c .OL y
shows x vLyusing assms SSP le-impl-O by blast
theorem (in S5-RS-2S-GEM ) O-id :fixes x yassumes carr : x ∈ carrier L y ∈ carrier Lshows (∀ c. c ∈ carrier L −→ (c .O x = c .O y)) = (x=y)
using assms SSP2 le-antisym by blast
lemma (in S5-RS-2S-GEM ) sup-O-imp-O :fixes A wassumes carr : A 6= {} A ⊆ carrier L w ∈ carrier Lassumes O : (
⊔L A) .OL w
shows (∃ y . y ∈ carrier L ∧ y .O w)proof −
from O have (SOME x . least L x (Upper L A)) .O w unfolding sup-def byauto
from this obtain x where l1 : least L x (Upper L A) ∧ x .O w by (mesoncarr(1 ) carr(2 ) someI-ex sup-exists)
from l1 have ∃ y . y ∈ carrier L ∧ y v x ∧ y v w unfolding overlap-def byauto
from this obtain y where l2 : y ∈ carrier L ∧ y v x ∧ y v w by autofrom l1 have l3 : x ∈ carrier L by blastfrom l1 l2 show ?thesis using le-impl-O by auto
qed
lemma (in S5-RS-2S-GEM ) O-imp-sup-O :fixes A wassumes carr : A 6= {} A ⊆ carrier L w ∈ carrier Lassumes O : (∃ y . y ∈ A ∧ y .O w)shows (
⊔L A) .OL w
proof (rule overlapI )show ∃ z . z ∈ carrier L ∧ z v
⊔A ∧ z v w
proof−from O obtain y where l1 : y ∈ A ∧ y .O w by autofrom this have ∃ z . z ∈ carrier L ∧ z v y ∧ z v w unfolding overlap-def by
autofrom this obtain z where l2 : z ∈ carrier L ∧ z v y ∧ z v w by autoshow ∃ z . z ∈ carrier L ∧ z v
⊔A ∧ z v w
proof (rule exI [of λz . z ∈ carrier L ∧ z v⊔
A ∧ z v w z ])show z ∈ carrier L ∧ z v
⊔A ∧ z v w
proof (rule conjI )from l2 show z ∈ carrier L by auto
32
nextshow z v
⊔A ∧ z v w
proof (rule conjI )from assms l1 l2 show z v
⊔A using supI by (smt S5-RS-2S-partial-order .le-trans
definitionis-Fine :: [-, ′a set ] ⇒ boolwhere is-Fine L A ≡ A 6= {} ∧ A ⊆ carrier L ∧ (∀ x . (x ∈ carrier L ∧ (
⊔L A)
.OL x ) −→ (∃ z . z ∈ carrier L ∧ z ∈ A ∧ z .OL x ))
definition mSum :: [-, ′a set , ′a] ⇒ boolwhere mSum L A a ≡ A 6= {} ∧ A ⊆ carrier L ∧ (∀ x . x ∈ carrier L −→ (a
.OL x = (∃ y . y ∈ A ∧ y .OL x )))
lemma is-FineI :fixes L (structure)fixes Aassumes carr : A 6= {} A ⊆ carrier Lassumes
∧x . [[x ∈ carrier L; (
⊔L A) .OL x ]] =⇒ (∃ z . z ∈ carrier L ∧ z ∈ A
∧ z .OL x )shows is-Fine L Ausing assms unfolding is-Fine-def by auto
lemma mSumI :fixes L (structure)fixes Aassumes carr : A 6= {} A ⊆ carrier Lassumes
∧x . x ∈ carrier L =⇒ (a .OL x = (∃ y . y ∈ A ∧ y .OL x ))
shows mSum L A ausing assms unfolding mSum-def by auto
lemma (in S5-RS-2S-GEM ) sum-is-sup:fixes A xassumes carr : A 6= {} A ⊆ carrier L x ∈ carrier Lassumes sum: (
⊔L A) .O x =⇒ (∃ z . z ∈ carrier L ∧ z ∈ A ∧ z .O x )
33
shows (⊔
L A) .OL x = (∃ y . y ∈ A ∧ y .O x ) using assms O-imp-sup-O byblast
lemma (in S5-RS-2S-GEM ) mSum-is-sup:fixes Aassumes carr : A 6= {} A ⊆ carrier Lassumes f : is-Fine L Ashows mSum L A (
⊔L A)
proof (rule mSumI )from carr show A 6= {} by auto
nextfrom carr show A ⊆ carrier L by auto
nextfrom f show
∧x . x ∈ carrier L =⇒
⊔A .O x = (∃ y . y ∈ A ∧ y .O x ) unfolding
is-Fine-def using sum-is-sup by autoqed
lemma (in S5-RS-2S-GEM ) mSum-unique:fixes A x yassumes carr : x ∈ carrier L y ∈ carrier Lassumes mSum: mSum L A x mSum L A yshows x = y
proof −fix zfrom mSum have l1 : (∀ z . z ∈ carrier L −→ (x .OL z = (∃ y . y ∈ A ∧ y .OL
z ))) unfolding mSum-def by autofrom mSum have l2 : (∀ z . z ∈ carrier L −→ (y .OL z = (∃ y . y ∈ A ∧ y .OL
z ))) unfolding mSum-def by autofrom l1 l2 have (∀ z . z ∈ carrier L −→ x .OL z = y .OL z ) by autofrom this have l3 : (∀ z . z ∈ carrier L −→ z .OL x = z .OL y) using O-sym
by forcefrom carr O-id have l4 :(∀ c. c ∈ carrier L −→ c .O x = c .O y) = (x = y)
by autofrom l3 l4 show ?thesis by auto
qed
lemma (in S5-RS-2S-GEM ) O-imp-join:fixes x y z
34
assumes carr : x ∈ carrier L y ∈ carrier L z ∈ carrier Lassumes O : (z .O x ∨ z .O y)shows ((x t y) .O z ) unfolding overlap-def using assms by (metis (no-types,
hide-lams) join-closed join-left join-right local .le-trans overlap-def )
lemma (in S5-RS-2S-GEM ) join-is-plus:fixes x y zassumes carr : x ∈ carrier L y ∈ carrier L z ∈ carrier Lassumes O : ((x t y) .O z ) =⇒(z .O x ∨ z .O y)shows ((x t y) .O z ) = (z .O x ∨ z .O y) using assms O-imp-join by auto
lemma (in S5-RS-2S-GEM ) le-top:assumes carr : x ∈ carrier L
shows (x = >L) = (∀ y . y ∈ carrier L −→ y vL x ) unfolding top-defsup-def by (smt Upper-memD carr carrier least-mem local .le-antisym someI-exsubsetI sup-exists)
from this and assms have zz v x by simpfrom this and carr and l2 have x .O z using le-and-O-imp-O by
blastfrom this show z .O x by (simp add : O-sym)
qedqed
qedqed
nextfrom assms show l1 : x ∈ carrier L by auto
nextshow > ∈ carrier L using top-closed carrNE by blast
qednext
from carr show i ∈ r-carrier L by autonext
from carr show j ∈ s-carrier L by autoqed
lemma (in TS-mereology) ST-impl-Set-of-TS :fixes x i jassumes carr : x ∈ carrier L i ∈ r-carrier L j ∈ s-carrier Lassumes ST : STL x (RSC i j )shows x =
⊔L{y . y ∈ carrier L ∧ TSL y (RSC i j )}
proofshow x vL
⊔L{y . y ∈ carrier L ∧ TS y (RSC i j )}
proof(rule supI )show
∧l . least L l (Upper L {y ∈ carrier L. TS y (RSC i j )}) =⇒ x v l
proof −fix lshow least L l (Upper L {y ∈ carrier L. TS y (RSC i j )}) =⇒ x v lproof −
assume a: least L l (Upper L {y ∈ carrier L. TS y (RSC i j )})show x vL l
proof (rule SSP2 )from assms show x ∈ carrier L by auto
38
nextfrom a show l ∈ carrier L using least-closed by blast
nextshow ∀ c. c ∈ carrier L ∧ c .O x −→ c .O lproof
fix cshow c ∈ carrier L ∧ c .O x −→ c .O lproof
assume a1 : c ∈ carrier L ∧ c .O xshow c .O l
proof −from carr a1 have ∃ t . t ∈ carrier L ∧ TS t (RSC i j ) ∧ t .O c
using TS-and-OR by simpfrom this obtain t where l1 : t ∈ carrier L ∧ TS t (RSC i j ) ∧ t
.O c by autofrom this have l2 : t ∈ {y ∈ carrier L. TS y (RSC i j )} by autohave l3 : {y ∈ carrier L. TS y (RSC i j )} ⊆ carrier L by auto
from a l1 l2 l3 have t vL l using least-Upper-above by fastforcefrom this and l1 show c .O l by (meson O-sym a le-and-O-imp-O
least-closed)qed
qedqed
qedqed
qednextshow {y ∈ carrier L. TS y (RSC i j )} ⊆ carrier L by blast
nextfrom assms show {y ∈ carrier L. TS y (RSC i j )} 6= {} using exists-TS-and-TS-and-negOR
by blastqed
nextshow
⊔{y ∈ carrier L. TS y (RSC i j )} v x
proof (rule supI )show
∧l . least L l (Upper L {y ∈ carrier L. TS y (RSC i j )}) =⇒ l v x
proof −fix lshow least L l (Upper L {y ∈ carrier L. TS y (RSC i j )}) =⇒ l v xproof −
assume a: least L l (Upper L {y ∈ carrier L. TS y (RSC i j )})show l v xproof (rule SSP2 )
from a show l ∈ carrier L using least-closed by autonext
from assms show x ∈ carrier L by autonext
show ∀ c. c ∈ carrier L ∧ c .O l −→ c .O xproof
39
fix cshow c ∈ carrier L ∧ c .O l −→ c .O xproof
assume a1 : c ∈ carrier L ∧ c .O lshow c .O xproof −
from assms have l1 : x ∈ carrier L ∧ x = > unfolding ST-defby auto
from a1 l1 have c v x unfolding top-def by (simp add : carrNEleast-Upper-above supI )
from this and a1 show c .O x using le-impl-O by blastqed
qedqed
qedqed
qednext
show {y ∈ carrier L. TS y (RSC i j )} ⊆ carrier L by autonextfrom assms show {y ∈ carrier L. TS y (RSC i j )} 6= {} using exists-TS-and-TS-and-negOR
by blastqed
nextfrom assms show x ∈ carrier L by auto
nextfrom assms show
⊔{y ∈ carrier L. TS y (RSC i j )} ∈ carrier L using
⊔L{y ∈ carrier L. TS y (RSC i j )}) = (STL x (RSC i j ))
using Set-of-TS-imp-ST ST-impl-Set-of-TS by blast
lemma (in TS-mereology) SR-and-TS-and-O-imp-le:fixes x t i jassumes carr : x ∈ carrier L t ∈ carrier L i ∈ r-carrier L j ∈ s-carrier Lassumes a: SR x (RSC i j ) TS t (RSC i j ) x .O tshows x v tusing assms SSP TS-and-TS-and-O-imp-Id le-trans by (metis (no-types, hide-lams)
SR-def le-and-O-imp-O)
40
lemma (in TS-mereology) TS-imp-SR-O-imp-P :fixes t i jassumes carr : u ∈ carrier L t ∈ carrier L i ∈ r-carrier L j ∈ s-carrier L
assumes ts: TS t (RSC i j )shows (SR t (RSC i j ) ∧ (∀ u. u ∈ carrier L ∧ SR u (RSC i j ) ∧ t .O u −→ uv t))
using assms by (meson O-sym SR-and-TS-and-O-imp-le TS-imp-SR)
lemma (in TS-mereology) SR-O-imp-P-imp-TS :fixes t i jassumes carr :t ∈ carrier L i ∈ r-carrier L j ∈ s-carrier Lassumes sr : SR t (RSC i j )
assumes max :∧
u. [[u ∈ carrier L; SR u (RSC i j ); t .O u]] =⇒ u v tshows TS t (RSC i j )
proof −from sr have (∃ u. u ∈ carrier L ∧ TSL u (RSC i j ) ∧ t vL u) ∧ t ∈ carrier
L ∧ i ∈ r-carrier L ∧ j ∈ s-carrier L unfolding SR-def by autofrom this obtain u where l1 : u ∈ carrier L ∧ TSL u (RSC i j ) ∧ t vL u by
autofrom carr l1 have l2 : u ∈ carrier L ∧ SR u (RSC i j ) ∧ t .O u using
TS-imp-SR le-impl-O by blastfrom max l2 have u v t by autofrom this l1 carr have t = u using le-antisym by blastfrom this l1 show ?thesis by auto
qed
lemma (in TS-mereology) TS-iff-SR-O-imp-P :fixes t i jassumes carr : u ∈ carrier L t ∈ carrier L i ∈ r-carrier L j ∈ s-carrier Lshows TS t (RSC i j ) = (SR t (RSC i j ) ∧ (∀ u. u ∈ carrier L ∧ SR u (RSC i
j ) ∧ t .O u −→ u v t))using assms TS-imp-SR-O-imp-P SR-O-imp-P-imp-TS by blast
lemma (in TS-mereology) SR-imp-negTR:fixes x i jassumes carr : x ∈ carrier L i ∈ r-carrier L j ∈ s-carrier Lassumes SR: SR x (RSC i j )shows ¬(TR x (RSC i j ))using SR-and-TS-and-O-imp-le by (meson SR TR-def carr(2 ) carr(3 ) le-and-O-imp-O)
lemma (in TS-mereology) TR-imp-negSR:fixes x i jassumes carr : x ∈ carrier L i ∈ r-carrier L j ∈ s-carrier Lassumes TR: TR x (RSC i j )shows ¬(SR x (RSC i j ))
41
using assms SR-imp-negTR by blast
lemma (in TS-mereology) ST-imp-TR:fixes x i jassumes carr : x ∈ carrier L i ∈ r-carrier L j ∈ s-carrier Lassumes ST : ST x (RSC i j )shows TR x (RSC i j )
proof (rule TR-I )from carr show x ∈ carrier L by auto
nextfrom carr show i ∈ r-carrier L by auto
nextfrom carr show j ∈ s-carrier L by auto
nextshow ∃ t1 t2 . t1 ∈ carrier L ∧ t2 ∈ carrier L ∧ TS t1 (RSC i j ) ∧ TS t2 (RSC
i j ) ∧ ¬ t1 .O t2 ∧ x .O t1 ∧ x .O t2proof −from carr have (∃ u v . u ∈ carrier L ∧ v ∈ carrier L ∧ TSL u (RSC i j ) ∧
TSL v (RSC i j ) ∧ ¬(u .OL v )) using exists-TS-and-TS-and-negOR by autofrom this obtain t1 t2 where l1 : t1 ∈ carrier L ∧ t2 ∈ carrier L ∧ TSL t1
(RSC i j ) ∧ TSL t2 (RSC i j ) ∧ ¬(t1 .OL t2 ) by autoshow ∃ t1 t2 . t1 ∈ carrier L ∧ t2 ∈ carrier L ∧ TS t1 (RSC i j ) ∧ TS t2
(RSC i j ) ∧ ¬ t1 .O t2 ∧ x .O t1 ∧ x .O t2proof (rule exI [of λ t1 . ∃ t2 . t1 ∈ carrier L ∧ t2 ∈ carrier L ∧ TS t1 (RSC
i j ) ∧ TS t2 (RSC i j ) ∧ ¬ t1 .O t2 ∧ x .O t1 ∧ x .O t2 t1 ])show ∃ t2 . t1 ∈ carrier L ∧ t2 ∈ carrier L ∧ TS t1 (RSC i j ) ∧ TS t2
(RSC i j ) ∧ ¬ t1 .O t2 ∧ x .O t1 ∧ x .O t2proof (rule exI [of λ t2 . t1 ∈ carrier L ∧ t2 ∈ carrier L ∧ TS t1 (RSC i
j ) ∧ TS t2 (RSC i j ) ∧ ¬ t1 .O t2 ∧ x .O t1 ∧ x .O t2 t2 ])show t1 ∈ carrier L ∧ t2 ∈ carrier L ∧ TS t1 (RSC i j ) ∧ TS t2 (RSC i
j ) ∧ ¬ t1 .O t2 ∧ x .O t1 ∧ x .O t2proof
from l1 show t1 ∈ carrier L by autonext
show t2 ∈ carrier L ∧ TS t1 (RSC i j ) ∧ TS t2 (RSC i j ) ∧ ¬ t1 .Ot2 ∧ x .O t1 ∧ x .O t2
prooffrom l1 show t2 ∈ carrier L by auto
nextshow TS t1 (RSC i j ) ∧ TS t2 (RSC i j ) ∧ ¬ t1 .O t2 ∧ x .O t1 ∧ x
.O t2proof
from l1 show TS t1 (RSC i j ) by autonext
show TS t2 (RSC i j ) ∧ ¬ t1 .O t2 ∧ x .O t1 ∧ x .O t2
42
prooffrom l1 show TS t2 (RSC i j ) by auto
nextshow ¬ t1 .O t2 ∧ x .O t1 ∧ x .O t2
prooffrom l1 show ¬ t1 .O t2 by auto
nextfrom assms show x .O t1 ∧ x .O t2 unfolding ST-def
lemma (in TS-mereology) SIMU-refl :fixes x i jassumes carr : x ∈ carrier L i ∈ r-carrier L j ∈ s-carrier Lassumes SR: (SR x (RSC i j ))shows SIMU x x (RSC i j )
proof (rule SIMU-I )from carr show x ∈ carrier L by auto
nextfrom carr show x ∈ carrier L by auto
nextfrom carr show i ∈ r-carrier L by auto
nextfrom carr show j ∈ s-carrier L by auto
nextfrom carr have (∃ t . t ∈ carrier L ∧ TSL t (RSC i j ) ∧ t .OL x ) using
TS-and-OR by autofrom this obtain t where l1 : t ∈ carrier L ∧ TSL t (RSC i j ) ∧ t .OL x
by autoshow ∃ z . z ∈ carrier L ∧ TS z (RSC i j ) ∧ x v z ∧ x v zproof (rule exI [of λz . z ∈ carrier L ∧ TS z (RSC i j ) ∧ x v z ∧ x v z t ])
show t ∈ carrier L ∧ TS t (RSC i j ) ∧ x v t ∧ x v tproof −
from SR have (∃ t . t ∈ carrier L ∧ TSL t (RSC i j ) ∧ x vL t) ∧ x ∈carrier L ∧ i ∈ r-carrier L ∧ j ∈ s-carrier L unfolding SR-def by auto
from this obtain tt where l2 : tt ∈ carrier L ∧ TSL tt (RSC i j ) ∧ xvL tt ∧ x ∈ carrier L ∧ i ∈ r-carrier L ∧ j ∈ s-carrier L by auto
from carr and l1 and l2 have t = tt using TS-and-TS-and-O-imp-Id
43
by (meson O-sym le-and-O-imp-O)from this and l1 and l2 show t ∈ carrier L ∧ TS t (RSC i j ) ∧ x v t
∧ x v t by simpqed
qedqed
lemma (in TS-mereology) SIMU-refl-impl-SR:fixes x i jassumes carr : x ∈ carrier L i ∈ r-carrier L j ∈ s-carrier Lassumes simu: SIMU x x (RSC i j )shows (SR x (RSC i j )) using assms by (simp add : SR-I SIMU-def )
lemma (in TS-mereology) SR-iff-SIMU-refl :fixes x i jassumes carr : x ∈ carrier L i ∈ r-carrier L j ∈ s-carrier Lshows SIMU x x (RSC i j ) = (SR x (RSC i j )) using assms SIMU-refl-impl-SR
SIMU-refl by auto
lemma (in TS-mereology) SIMU-sym:fixes x y i jassumes carr : x ∈ carrier L y ∈ carrier L i ∈ r-carrier L j ∈ s-carrier Lassumes SIMU : (SIMU x y (RSC i j ))shows (SIMU y x (RSC i j ))
by (meson assms SIMU-def )
lemma (in TS-mereology) SIMU-trans:fixes x y z i jassumes carr : x ∈ carrier L y ∈ carrier L z ∈ carrier L i ∈ r-carrier L j ∈
s-carrier Lassumes a: SIMU x y (RSC i j ) SIMU y z (RSC i j )shows (SIMU x z (RSC i j ))
proof (rule SIMU-I )from carr show x ∈ carrier L by auto
nextfrom carr show i ∈ r-carrier L by auto
nextfrom carr show z ∈ carrier L by auto
nextfrom carr show j ∈ s-carrier L by auto
nextfrom a have (∃ t . t ∈ carrier L ∧ TSL t (RSC i j ) ∧ x vL t ∧ y vL t)
∧ x ∈ carrier L ∧ y ∈ carrier L ∧ i ∈ r-carrier L ∧ j ∈ s-carrier L unfoldingSIMU-def by auto
from this obtain t where l1 : t ∈ carrier L ∧ TSL t (RSC i j ) ∧ x vL t∧ y vL t ∧ x ∈ carrier L ∧ y ∈ carrier L ∧ i ∈ r-carrier L ∧ j ∈ s-carrier L byauto
44
from a have (∃ tt . tt ∈ carrier L ∧ TSL tt (RSC i j ) ∧ y vL tt ∧ z vL tt)∧ y ∈ carrier L ∧ z ∈ carrier L ∧ i ∈ r-carrier L ∧ j ∈ s-carrier L unfoldingSIMU-def by auto
from this obtain tt where l2 : tt ∈ carrier L ∧ TSL tt (RSC i j ) ∧ y vL tt∧ z vL tt ∧ y ∈ carrier L ∧ z ∈ carrier L ∧ i ∈ r-carrier L ∧ j ∈ s-carrier L byauto
from carr and l1 and l2 have l3 : t = tt using TS-and-TS-and-O-imp-IdO-sym le-and-O-imp-O le-impl-O by presburger
show ∃ za. za ∈ carrier L ∧ TS za (RSC i j ) ∧ x v za ∧ z v zaproof (rule exI [of λza. za ∈ carrier L ∧ TS za (RSC i j ) ∧ x v za ∧ z v
za t ])from l1 l2 l3 show t ∈ carrier L ∧ TS t (RSC i j ) ∧ x v t ∧ z v t by
blastqed
qed
lemma (in TS-mereology) TR-imp-negSIMU :fixes x y i jassumes carr : x ∈ carrier L y ∈ carrier L i ∈ r-carrier L j ∈ s-carrier Lassumes tr : TR x (RSC i j ) TR y (RSC i j )shows ¬(SIMU x y (RSC i j )) by (meson SIMU-def SR-I SR-imp-negTR carr
tr(1 ))
lemma (in TS-mereology) some-nonSIMU : [[i ∈ r-carrier L;j ∈ s-carrier L]] =⇒(∃ x y . x ∈ carrier L ∧ y ∈ carrier L ∧ ¬ (SIMU x y (RSC i j )) )
unfolding SIMU-def by (metis SR-I ST-exists ST-imp-TR TR-imp-negSR)
3.2 The modal part of TS mereology
lemma (in TS-mereology) ST-imp-boxS-TR:fixes x i jassumes carr : x ∈ carrier L i ∈ r-carrier L j ∈ s-carrier L jj ∈ s-carrier Lassumes ST : STL x (RSC i j )assumes S : j SL jjshows TRL x (RSC i jj )proof (rule TR-I )
from carr show x ∈ carrier L by autonext
from carr show i ∈ r-carrier L by autonext
from carr show jj ∈ s-carrier L by autonext
from assms show ∃ t1 t2 . t1 ∈ carrier L ∧ t2 ∈ carrier L ∧ TS t1 (RSC i jj )∧ TS t2 (RSC i jj ) ∧ ¬ t1 .O t2 ∧ x .O t1 ∧ x .O t2
by (metis (no-types, hide-lams) ST-I ST-def ST-imp-TR TR-def )qed
45
3.3 Newtonian space-time
locale N-TS-mereology = TS-mereology L for L (structure) +assumes Newton: [[TSL x (RSC i j ); j SL jj ; x ∈ carrier L; i ∈ r-carrier L; j∈ s-carrier L; jj ∈ s-carrier L]] =⇒ (TSL x (RSC i jj ))
lemma (in N-TS-mereology) SR-imp-boxS-SR:fixes x i j jjassumes carr : x ∈ carrier L i ∈ r-carrier L j ∈ s-carrier L jj ∈ s-carrier Lassumes SR: SRL x (RSC i j )assumes S : j SL jjshows SRL x (RSC i jj )
proof (rule SR-I )from carr show x ∈ carrier L by auto
nextfrom carr show i ∈ r-carrier L by auto
nextfrom carr show jj ∈ s-carrier L by auto
nextfrom assms show ∃ t . t ∈ carrier L ∧ TS t (RSC i jj ) ∧ x v t by (meson
SR-def Newton)qed
lemma (in N-TS-mereology) TR-imp-boxS-TR:fixes x i j jjassumes carr : x ∈ carrier L i ∈ r-carrier L j ∈ s-carrier L jj ∈ s-carrier Lassumes SR: TRL x (RSC i j )assumes S : j SL jjshows TRL x (RSC i jj )
proof (rule TR-I )from carr show x ∈ carrier L by auto
nextfrom carr show i ∈ r-carrier L by auto
nextfrom carr show jj ∈ s-carrier L by auto
nextfrom assms show ∃ t1 t2 . t1 ∈ carrier L ∧ t2 ∈ carrier L ∧ TS t1 (RSC i jj ) ∧
TS t2 (RSC i jj ) ∧ ¬ t1 .O t2 ∧ x .O t1 ∧ x .O t2 by (meson TR-def Newton)qed
lemma (in N-TS-mereology) SIMU-imp-boxS-SIMU :fixes x y i j jjassumes carr : x ∈ carrier L y ∈ carrier L i ∈ r-carrier L j ∈ s-carrier L jj ∈
s-carrier Lassumes SIMU : SIMUL x y (RSC i j )assumes S : j SL jjshows SIMUL x y (RSC i jj )
proof (rule SIMU-I )from carr show x ∈ carrier L by auto
next
46
from carr show y ∈ carrier L by autonext
from carr show i ∈ r-carrier L by autonext
from carr show jj ∈ s-carrier L by autonext
from assms show ∃ z . z ∈ carrier L ∧ TS z (RSC i jj ) ∧ x v z ∧ y v z by(meson SIMU-def Newton)qed
3.4 Minkowski space-time
locale M-TS-mereology = TS-mereology L for L (structure) +assumes diaS-non-SIMU : [[SIMUL x y (RSC i j ); x ∈ carrier L; y ∈ carrier
L; x 6= y ; i ∈ r-carrier L; j ∈ s-carrier L]] =⇒(∃ jj . jj ∈ s-carrier L ∧ j SL jj ∧ ¬(SIMUL x y (RSC i jj )))
(∃ ii jj . ii ∈ r-carrier L ∧ jj ∈ s-carrier L ∧ i RL ii ∧ j SL jj ∧(∃ u y . u ∈ carrier L ∧
y ∈ e-carrier L ∧ ((InstL x y u (RSC ii jj )) ∨ (InstL y x u (RSCii jj ))))) using dia-Loc-base by blast
48
4.2 Definitions
definition Loc :: - ⇒ ′b ⇒ ′a ⇒ ′a RS ⇒ bool (Locı) whereLocL x u w ≡ (∃ y . (y ∈ e-carrier L ∧ ((InstL x y u w) ∨ (InstL y x u w)))) ∧
x ∈ e-carrier L ∧ u ∈ carrier L ∧ r-RS w ∈ r-carrier L ∧ s-RSw ∈ s-carrier Ldefinition Part :: - ⇒ ( ′b⇒( ′a RS⇒bool)) (Part ı) where
PartL x w ≡ (∃ y u. y ∈ e-carrier L ∧ u ∈ carrier L ∧ InstL x y u w) ∧x ∈ e-carrier L ∧ r-RS w ∈ r-carrier L ∧ s-RS w ∈ s-carrier L
definition Uni :: -⇒( ′b⇒( ′a RS⇒bool)) (Uni ı)whereUniL x w ≡ (∃ y u. y ∈ e-carrier L ∧ u ∈ carrier L ∧ InstL y x u w) ∧
x ∈ e-carrier L ∧ r-RS w ∈ r-carrier L ∧ s-RS w ∈ s-carrier Ldefinition WLOF :: -⇒( ′a⇒( ′b⇒( ′a RS⇒bool))) (WLOF ı)where
WLOFL u x w ≡ TRL u w ∧ u =⊔
L {v . v ∈ carrier L ∧ LocL x v w} ∧x ∈ e-carrier L ∧ u ∈ carrier L ∧ r-RS w ∈ r-carrier L ∧ s-RS
w ∈ s-carrier Ldefinition PE :: -⇒( ′b⇒( ′a RS⇒bool)) (PE ı)where
PEL x w ≡ (∃ u v . u ∈ carrier L ∧ v ∈ carrier L ∧ LocL x u w ∧ LocL x v w∧ ¬(SIMUL u v w)) ∧
x ∈ e-carrier L ∧ r-RS w ∈ r-carrier L ∧ s-RS w ∈ s-carrier L
definition Cont :: -⇒( ′b⇒( ′a RS⇒bool)) (Cont ı) whereContL x w ≡ PEL x w ∧ (∃ u. u ∈ carrier L ∧ LocL x u w ∧ SRL u w) ∧
x ∈ e-carrier L ∧ r-RS w ∈ r-carrier L ∧ s-RS w ∈ s-carrier Ldefinition Occ :: -⇒( ′b⇒( ′a RS⇒bool)) (Occı) where
OccL x w ≡ (∃ u. u ∈ carrier L ∧ LocL x u w ∧ TRL u w) ∧x ∈ e-carrier L ∧ r-RS w ∈ r-carrier L ∧ s-RS w ∈ s-carrier L
definition E :: -⇒( ′b⇒( ′a⇒( ′a RS⇒bool))) (E ı) whereEL x t w ≡ TSL t w ∧ (∃ u. u ∈ carrier L ∧ LocL x u w ∧ u .OL t) ∧
x ∈ e-carrier L ∧ t ∈ carrier L ∧ r-RS w ∈ r-carrier L ∧ s-RS w∈ s-carrier L
4.3 Theorems
lemma Loc-I :fixes x u i jassumes inst : (∃ y . (y ∈ e-carrier L ∧ ((InstL x y u (RSC i j )) ∨ (InstL y x u
(RSC i j )))))assumes carr : x ∈ e-carrier L u ∈ carrier L i ∈ r-carrier L j ∈ s-carrier Lshows LocL x u (RSC i j )
unfolding Loc-def using assms by auto
lemma PE-I :fixes x i jassumes SIMU-loc: (∃ u v . u ∈ carrier L ∧ v ∈ carrier L ∧ LocL x u (RSC i
j ) ∧ LocL x v (RSC i j ) ∧ ¬(SIMUL u v (RSC i j )))assumes carr : x ∈ e-carrier L i ∈ r-carrier L j ∈ s-carrier Lshows PEL x (RSC i j )
unfolding PE-def using assms by auto
49
lemma ContI :fixes x i jassumes PE : PEL x (RSC i j )assumes SR: (∃ u. u ∈ carrier L ∧ LocL x u (RSC i j ) ∧ SRL u (RSC i j ))
assumes carr : x ∈ e-carrier L i ∈ r-carrier L j ∈ s-carrier Lshows ContL x (RSC i j )
unfolding Cont-def using assms by simp
lemma OccI :fixes x i jassumes SR: (∃ u. u ∈ carrier L ∧ LocL x u (RSC i j ) ∧ TRL u (RSC i j ))
assumes carr : x ∈ e-carrier L i ∈ r-carrier L j ∈ s-carrier Lshows OccL x (RSC i j )
unfolding Occ-def using assms by simp
lemma E-I :fixes x t i j
assumes TS : TSL t (RSC i j )assumes LocO : (∃ u. u ∈ carrier L ∧ LocL x u (RSC i j ) ∧ u .OL t)assumes carr : x ∈ e-carrier L t ∈ carrier L i ∈ r-carrier L j ∈ s-carrier L
shows EL x t (RSC i j )unfolding E-def using assms by auto
lemma (in Inst-TS-mereology) Inst-imp-Loc:fixes x y u i jassumes inst : Inst x y u (RSC i j )assumes carr : x ∈ e-carrier L y ∈ e-carrier L u ∈ carrier L i ∈ r-carrier L j ∈
s-carrier Lshows Loc x u (RSC i j )
proof (rule Loc-I )from assms show ∃ y . y ∈ e-carrier L ∧ (Inst x y u (RSC i j ) ∨ Inst y x u (RSC
i j )) by autonext
from carr show x ∈ e-carrier L by autonext
from carr show u ∈ carrier L by autonext
from carr show i ∈ r-carrier L by autonext
from carr show j ∈ s-carrier L by autoqed
lemma (in Inst-TS-mereology) dia-Loc: [[x ∈ e-carrier L; i ∈ r-carrier L; j ∈s-carrier L]] =⇒
∃ u ii jj . u ∈ carrier L ∧ ii ∈ r-carrier L ∧ jj ∈ s-carrier L ∧ i R ii
50
∧ j S jj ∧ Loc x u (RSC ii jj )proof −
assume carr : x ∈ e-carrier L i ∈ r-carrier L j ∈ s-carrier Lshow ∃ u ii jj . u ∈ carrier L ∧ ii ∈ r-carrier L ∧ jj ∈ s-carrier L ∧ i R ii ∧ j
S jj ∧ Loc x u (RSC ii jj )proof −
from carr have (∃ u ii jj . u ∈ carrier L ∧ ii ∈ r-carrier L ∧ jj ∈ s-carrierL ∧ i RL ii ∧ j SL jj ∧
(∃ y . y ∈ e-carrier L ∧ ((InstL x y u (RSC ii jj )) ∨ (InstLy x u (RSC ii jj ))))) using dia-Loc-base by auto
from this obtain u ii jj y where l : u ∈ carrier L ∧ ii ∈ r-carrier L ∧ jj ∈s-carrier L ∧ i RL ii ∧ j SL jj ∧
y ∈ e-carrier L ∧ ((InstL x y u (RSC ii jj )) ∨ (InstL yx u (RSC ii jj ))) by auto
show ∃ u ii jj . u ∈ carrier L ∧ ii ∈ r-carrier L ∧ jj ∈ s-carrier L ∧ i R ii ∧j S jj ∧ Loc x u (RSC ii jj )
proof (rule exI [of λ u. ∃ ii jj . u ∈ carrier L ∧ ii ∈ r-carrier L ∧ jj ∈s-carrier L ∧ i R ii ∧ j S jj ∧ Loc x u (RSC ii jj ) u])
show ∃ ii jj . u ∈ carrier L ∧ ii ∈ r-carrier L ∧ jj ∈ s-carrier L ∧ i R ii ∧j S jj ∧ Loc x u (RSC ii jj )
proof (rule exI [of λ ii . ∃ jj . u ∈ carrier L ∧ ii ∈ r-carrier L ∧ jj ∈s-carrier L ∧ i R ii ∧ j S jj ∧ Loc x u (RSC ii jj ) ii ])
show ∃ jj . u ∈ carrier L ∧ ii ∈ r-carrier L ∧ jj ∈ s-carrier L ∧ i R ii ∧j S jj ∧ Loc x u (RSC ii jj )
proof (rule exI [of λ jj . u ∈ carrier L ∧ ii ∈ r-carrier L ∧ jj ∈ s-carrierL ∧ i R ii ∧ j S jj ∧ Loc x u (RSC ii jj ) jj ])
from carr and l show u ∈ carrier L ∧ ii ∈ r-carrier L ∧ jj ∈ s-carrierL ∧ i R ii ∧ j S jj ∧ Loc x u (RSC ii jj ) unfolding Loc-def by auto
qedqed
qedqed
qed
lemma (in Inst-TS-mereology) Inst-strong-assym-U : [[(Inst x y u (RSC i j ));i Rii ;j S jj ;
x ∈ e-carrier L; y ∈ e-carrier L; xx ∈ e-carrier L; uu ∈ carrier L;u ∈ carrierL; i ∈ r-carrier L; j ∈ s-carrier L;
ii ∈ r-carrier L; jj ∈ s-carrier L]] =⇒ ¬(Inst y xx uu (RSC ii jj ))using Inst-box-assym-P R-sym S-sym by blast
lemma (in Inst-TS-mereology) Inst-and-TR-imp-boxS-Inst-and-TR-P : [[Inst x y u(RSC i j );TR u (RSC i j );j S jj ; Inst x yy uu (RSC i jj );
x ∈ e-carrier L; y ∈ e-carrier L; yy ∈ e-carrier L; uu ∈ carrierL;u ∈ carrier L;
using Inst-and-SR-imp-box-Inst-and-SR-U Inst-imp-SR-or-TR SR-imp-negTRS-sym by meson
lemma (in Inst-TS-mereology) Inst-irref : [[i R i ; j S j ;x ∈ e-carrier L;i ∈ r-carrierL; j ∈ s-carrier L;u ∈ carrier L]] =⇒ (¬(Inst x x u (RSC i j )))
using Inst-box-assym-P by force
lemma (in Inst-TS-mereology) Inst-and-Inst-or-Inst-imp-box-Inst :[[Inst x y u (RSC i j ); Inst x y v (RSC ii jj ) ∨ Inst y x v (RSC ii jj );i R ii ; j S
jj ;x ∈ e-carrier L; y ∈ e-carrier L; u ∈ carrier L; v ∈ carrier L;i ∈ r-carrier L; ii ∈ r-carrier L;j ∈ s-carrier L; jj ∈ s-carrier L]]
=⇒ (Inst x y v (RSC ii jj ))using Inst-box-assym-P by force
lemma (in Inst-TS-mereology) Loc-and-SR-imp-boxS-Loc-and-SR:fixes x u i j jjassumes ass: Loc x u (RSC i j ) SR u (RSC i j ) j S jj Loc x v (RSC i jj )assumes carr : x ∈ e-carrier L u ∈ carrier L v ∈ carrier L i ∈ r-carrier L j ∈
s-carrier L jj ∈ s-carrier Lshows SR v (RSC i jj )
proof −from assms show SR v (RSC i jj ) unfolding Loc-def using Inst-and-SR-imp-box-Inst-and-SR-P
lemma (in Inst-TS-mereology) Loc-and-TR-imp-boxS-Loc-and-TR:fixes x u v i j jjassumes ass: Loc x u (RSC i j ) TR u (RSC i j ) j S jj Loc x v (RSC i jj )assumes carr : x ∈ e-carrier L u ∈ carrier L v ∈ carrier L i ∈ r-carrier L j ∈
s-carrier L jj ∈ s-carrier Lshows TR v (RSC i jj )
proof−from assms show TR v (RSC i jj ) unfolding Loc-def using Inst-and-TR-imp-boxS-Inst-and-TR-P
lemma (in Inst-TS-mereology) boxS-Loc-imp-SR-OR-boxS-Loc-imp-TR:fixes i jassumes carr : x ∈ e-carrier L i ∈ r-carrier L j ∈ s-carrier Lshows (∀ jj . jj ∈ s-carrier L ∧ j S jj −→ (∀ u. (u ∈ carrier L ∧ Loc x u (RSC
i jj ) −→ SR u (RSC i jj )))) ∨(∀ jj . jj ∈ s-carrier L ∧ j S jj −→ (∀ u. (u ∈ carrier L ∧ Loc x u (RSC i
jj ) −→ TR u (RSC i jj ))))unfolding Loc-def using assms Loc-and-SR-imp-boxS-Loc-and-SR Loc-and-TR-imp-boxS-Loc-and-TR
Inst-imp-SR-or-TR S-euclidean by (meson Loc-def )
lemma (in Inst-TS-mereology) WLocOF-imp-Id :fixes x u i jassumes WL: WLOF u x (RSC i j ) WLOF v x (RSC i j )
assumes carr : x ∈ e-carrier L u ∈ carrier L v ∈ carrier L i ∈ r-carrier L j ∈s-carrier L
shows (u= v)unfolding WLOF-def overlap-def TR-def Loc-def using le-antisym SSP by
(smt WLOF-def assms(1 ) assms(2 ))
lemma (in Inst-TS-mereology) Part-imp-boxPart :fixes x u i j ii jjassumes ass: Part x (RSC i j ) i R ii j S jj Loc x u (RSC ii jj )assumes carr : x ∈ e-carrier L u ∈ carrier L i ∈ r-carrier L j ∈ s-carrier L ii∈ r-carrier L jj ∈ s-carrier L
shows ( Part x (RSC ii jj ))unfolding Part-def Loc-def using assms Inst-and-Inst-or-Inst-imp-box-Inst
Inst-box-assym-P by (metis (no-types, hide-lams) Loc-def Part-def )
lemma (in Inst-TS-mereology) Uni-imp-boxUni :fixes x u i j ii jjassumes ass: Uni x (RSC i j ) i R ii j S jj Loc x u (RSC ii jj )assumes carr : x ∈ e-carrier L u ∈ carrier L i ∈ r-carrier L j ∈ s-carrier L ii∈ r-carrier L jj ∈ s-carrier L
shows Uni x (RSC ii jj )unfolding Uni-def Loc-def using assms Inst-and-Inst-or-Inst-imp-box-Inst
Inst-strong-assym-U by (metis (no-types, hide-lams) Loc-def Uni-def )
lemma (in Inst-TS-mereology) Cont-imp-negOcc:fixes x u i jassumes cont : Cont x (RSC i j )assumes carr : x ∈ e-carrier L i ∈ r-carrier L j ∈ s-carrier Lshows ¬(Occ x (RSC i j ))unfolding Cont-def Occ-def using assms SR-imp-negTR by (meson Cont-def
S-ref boxS-Loc-imp-SR-OR-boxS-Loc-imp-TR)
53
lemma (in Inst-TS-mereology) Cont-and-Loc-imp-SR:fixes x u i jassumes cont : Cont x (RSC i j )
assumes loc: Loc x u (RSC i j )assumes carr : x ∈ e-carrier L u ∈ carrier L i ∈ r-carrier L j ∈ s-carrier Lshows SR u (RSC i j )unfolding Cont-def Loc-def using assms by (meson Cont-def Loc-and-SR-imp-boxS-Loc-and-SR
S5-RS-frame.S-ref S5-RS-frame-axioms)
lemma (in Inst-TS-mereology) Occ-and-Loc-imp-TR:fixes x u i jassumes occ: Occ x (RSC i j )
assumes loc: Loc x u (RSC i j )assumes carr : x ∈ e-carrier L u ∈ carrier L i ∈ r-carrier L j ∈ s-carrier Lshows TR u (RSC i j )unfolding Occ-def Loc-def using assms by (meson Loc-and-TR-imp-boxS-Loc-and-TR
Occ-def S5-RS-frame.S-ref S5-RS-frame-axioms)
lemma (in Inst-TS-mereology) Occ-imp-PE :fixes x i jassumes occ: Occ x (RSC i j )assumes carr : x ∈ e-carrier L i ∈ r-carrier L j ∈ s-carrier Lshows PE x (RSC i j )unfolding Occ-def PE-def using assms by (meson Occ-def TR-imp-negSIMU )
lemma (in Inst-TS-mereology) Cont-and-Part-and-Loc-and-SIMU-imp-Id :fixes x y u v i jassumes cont : Cont x (RSC i j )assumes part : Part x (RSC i j )assumes loc: Loc x u (RSC i j ) Loc x v (RSC i j )
assumes simu: SIMU u v (RSC i j )assumes carr : x ∈ e-carrier L u ∈ carrier L v ∈ carrier L i ∈ r-carrier L j ∈
s-carrier Lshows u = v
proof−from loc have (∃ y . y ∈ e-carrier L ∧ (InstL x y u (RSC i j ) ∨ InstL y x u
(RSC i j ))) unfolding Loc-def by autofrom this obtain y where l0 : y ∈ e-carrier L ∧ (InstL x y u (RSC i j ) ∨ InstL
y x u (RSC i j )) by autofrom loc have (∃ y . y ∈ e-carrier L ∧ (InstL x y v (RSC i j ) ∨ InstL y x v
(RSC i j ))) unfolding Loc-def by autofrom this obtain y1 where l1 : y1 ∈ e-carrier L ∧ (InstL x y1 v (RSC i j ) ∨
InstL y1 x v (RSC i j )) by autofrom carr cont loc have l2 : SR u (RSC i j ) using Cont-and-Loc-imp-SR by
blastfrom carr cont loc have l3 : SR v (RSC i j ) using Cont-and-Loc-imp-SR by
blastfrom l0 have inst-0-cases: InstL x y u (RSC i j ) ∨ InstL y x u (RSC i j ) by
54
autofrom l1 have inst-1-cases: InstL x y1 v (RSC i j ) ∨ InstL y1 x v (RSC i j ) by
autohave inst-0-0 : InstL x y u (RSC i j ) =⇒ u = vproof−
assume a1 : InstL x y u (RSC i j )show u = vproof−
have inst-0-1 : InstL x y1 v (RSC i j ) =⇒ u = vproof−
assume a2 : InstL x y1 v (RSC i j )show u = vproof (rule Inst-SR-SIMU-imp-Id [of x y u i j y1 v ])
from a1 show Inst x y u (RSC i j ) by autonext
from l2 show SR u (RSC i j ) by autonext
from a2 show Inst x y1 v (RSC i j ) by autonext
from simu show SIMU u v (RSC i j ) by autonext
from carr l0 l1 show x ∈ e-carrier L y ∈ e-carrier L y1 ∈ e-carrier L u∈ carrier L v ∈ carrier L i ∈ r-carrier L j ∈ s-carrier L by auto
qedqedhave inst-0-2 : InstL y1 x v (RSC i j ) =⇒ u = vproof−
assume a2 : InstL y1 x v (RSC i j )from carr l0 l1 a1 a2 show u = v using Inst-box-assym-P by blast
qedfrom inst-1-cases inst-0-1 inst-0-2 show u = v by fast
qedqedhave inst-1-0 : InstL y x u (RSC i j ) =⇒ u = vproof−
assume a1 : InstL y x u (RSC i j )show u = vproof−
have inst-1-1 : InstL x y1 v (RSC i j ) =⇒ u = vproof−
assume a2 : InstL x y1 v (RSC i j )from carr l0 l1 a1 a2 show u = v using Inst-box-assym-P by blast
qedhave inst-1-2 : InstL y1 x v (RSC i j ) =⇒ u = vproof−
assume a2 : InstL y1 x v (RSC i j )show u = vproof−
from part have (∃ y u. y ∈ e-carrier L ∧ u ∈ carrier L ∧ InstL x y u
55
(RSC i j )) unfolding Part-def by autofrom this obtain yy uu where yy ∈ e-carrier L ∧ uu ∈ carrier L ∧ InstL
x yy uu (RSC i j ) by autofrom carr this l0 l1 a1 a2 show u = v using Inst-box-assym-P by blast
qedqedfrom inst-1-cases inst-1-1 inst-1-2 show u = v by fast
qedqedfrom inst-0-cases inst-0-0 inst-1-0 show u = v by fast
qed
lemma (in Inst-TS-mereology) Occ-and-Part-and-Loc-imp-Id :fixes x y u v i jassumes occ: Occ x (RSC i j )assumes part : Part x (RSC i j )assumes loc: Loc x u (RSC i j ) Loc x v (RSC i j )assumes carr : x ∈ e-carrier L u ∈ carrier L v ∈ carrier L i ∈ r-carrier L j ∈
s-carrier Lshows u = v
proof−from loc have (∃ y . y ∈ e-carrier L ∧ (InstL x y u (RSC i j ) ∨ InstL y x u
(RSC i j ))) unfolding Loc-def by autofrom this obtain y where l0 : y ∈ e-carrier L ∧ (InstL x y u (RSC i j ) ∨ InstL
y x u (RSC i j )) by autofrom loc have (∃ y . y ∈ e-carrier L ∧ (InstL x y v (RSC i j ) ∨ InstL y x v
(RSC i j ))) unfolding Loc-def by autofrom this obtain y1 where l1 : y1 ∈ e-carrier L ∧ (InstL x y1 v (RSC i j ) ∨
InstL y1 x v (RSC i j )) by autofrom carr occ loc have l2 : TR u (RSC i j ) using Occ-and-Loc-imp-TR by blastfrom carr occ loc have l3 : TR v (RSC i j ) using Occ-and-Loc-imp-TR by blast
from assms l0 l1 l2 l3 show ?thesis using Inst-TR-imp-Id Inst-box-assym-P by(meson Part-def R-ref S-ref )qed
lemma (in Inst-TS-mereology) Cont-imp-boxS-Cont :fixes x i j jjassumes carr : x ∈ e-carrier L i ∈ r-carrier L j ∈ s-carrier L jj ∈ s-carrier Lassumes ass: Cont x (RSC i j ) j S jj PE x (RSC i jj )shows Cont x (RSC i jj )
proof (rule ContI )from ass show PE x (RSC i jj ) by auto
nextfrom ass(1 ) have (∃ u. u ∈ carrier L ∧ LocL x u (RSC i j ) ∧ SRL u (RSC i
j )) unfolding Cont-def by autofrom this obtain u where lu: u ∈ carrier L ∧ LocL x u (RSC i j ) ∧ SRL u
(RSC i j ) by auto
56
from ass have (∃ u v . u ∈ carrier L ∧ v ∈ carrier L ∧ LocL x u (RSC i jj ) ∧LocL x v (RSC i jj ) ∧ ¬(SIMUL u v (RSC i jj ))) ∧
x ∈ e-carrier L ∧ i ∈ r-carrier L ∧ jj ∈ s-carrier L unfoldingPE-def by simp
from this obtain uu where (∃ v . uu ∈ carrier L ∧ v ∈ carrier L ∧ LocL x uu(RSC i jj ) ∧ LocL x v (RSC i jj ) ∧ ¬(SIMUL uu v (RSC i jj ))) by auto
from this obtain v where lv : (uu ∈ carrier L ∧ v ∈ carrier L ∧ LocL x uu(RSC i jj ) ∧ LocL x v (RSC i jj ) ∧ ¬(SIMUL uu v (RSC i jj ))) by auto
from carr ass lu lv have x ∈ e-carrier L ∧ LocL x u (RSC i j ) ∧ SRL u (RSCi j ) ∧ LocL x v (RSC i jj ) ∧ j S jj ∧ u ∈ carrier L ∧ v ∈ carrier L ∧
i ∈ r-carrier L ∧ j ∈ s-carrier L ∧ jj ∈ s-carrier L by autofrom this have SRL v (RSC i jj ) using Loc-and-SR-imp-boxS-Loc-and-SR by
blastfrom this lu lv show ∃ u. u ∈ carrier L ∧ Loc x u (RSC i jj ) ∧ SR u (RSC i
jj ) by forcenext
from carr show x ∈ e-carrier L by autonext
from carr show i ∈ r-carrier L by autonext
from carr show jj ∈ s-carrier L by autoqed
lemma (in Inst-TS-mereology) Occ-imp-boxS-Occ:fixes x i j jjassumes carr : x ∈ e-carrier L i ∈ r-carrier L j ∈ s-carrier L jj ∈ s-carrier Lassumes ass: Occ x (RSC i j ) j S jj PE x (RSC i jj )shows (Occ x (RSC i jj ))
proof (rule OccI )from ass(1 ) have (∃ u. u ∈ carrier L ∧ LocL x u (RSC i j ) ∧ TRL u (RSC i
j )) unfolding Occ-def by autofrom this obtain u where lu: u ∈ carrier L ∧ LocL x u (RSC i j ) ∧ TRL u
(RSC i j ) by autofrom ass have (∃ u v . u ∈ carrier L ∧ v ∈ carrier L ∧ LocL x u (RSC i jj ) ∧
LocL x v (RSC i jj ) ∧ ¬(SIMUL u v (RSC i jj ))) ∧x ∈ e-carrier L ∧ i ∈ r-carrier L ∧ jj ∈ s-carrier L unfolding
PE-def by simpfrom this obtain uu where (∃ v . uu ∈ carrier L ∧ v ∈ carrier L ∧ LocL x uu
(RSC i jj ) ∧ LocL x v (RSC i jj ) ∧ ¬(SIMUL uu v (RSC i jj ))) by autofrom this obtain v where lv : (uu ∈ carrier L ∧ v ∈ carrier L ∧ LocL x uu
(RSC i jj ) ∧ LocL x v (RSC i jj ) ∧ ¬(SIMUL uu v (RSC i jj ))) by autofrom carr ass lu lv have x ∈ e-carrier L ∧ LocL x u (RSC i j ) ∧ TRL u (RSC
i j ) ∧ LocL x v (RSC i jj ) ∧ j S jj ∧ u ∈ carrier L ∧ v ∈ carrier L ∧i ∈ r-carrier L ∧ j ∈ s-carrier L ∧ jj ∈ s-carrier L by auto
from this have TRL v (RSC i jj ) using Loc-and-TR-imp-boxS-Loc-and-TR byblast
from this lu lv show ∃ u. u ∈ carrier L ∧ Loc x u (RSC i jj ) ∧ TR u (RSC i
57
jj ) by forcenext
from carr show x ∈ e-carrier L by autonext
from carr show i ∈ r-carrier L by autonext
from carr show jj ∈ s-carrier L by autoqed
lemma (in Inst-TS-mereology) dia-E :fixes x t i jassumes carr : x ∈ e-carrier L i ∈ r-carrier L j ∈ s-carrier Lshows (∃ ii jj t . ii ∈ r-carrier L ∧ jj ∈ s-carrier L ∧ t ∈ carrier L ∧ i R ii ∧
j S jj ∧ E x t (RSC ii jj ))proof −from carr have ∃ u ii jj . u ∈ carrier L ∧ ii ∈ r-carrier L ∧ jj ∈ s-carrier L ∧ iR ii ∧ j S jj ∧ Loc x u (RSC ii jj ) using dia-Loc by autofrom this obtain u where ∃ ii jj . u ∈ carrier L ∧ ii ∈ r-carrier L ∧ jj ∈ s-carrierL ∧ i R ii ∧ j S jj ∧ Loc x u (RSC ii jj ) by autofrom this obtain ii where ∃ jj . u ∈ carrier L ∧ ii ∈ r-carrier L ∧ jj ∈ s-carrierL ∧ i R ii ∧ j S jj ∧ Loc x u (RSC ii jj ) by autofrom this obtain jj where l1 : u ∈ carrier L ∧ ii ∈ r-carrier L ∧ jj ∈ s-carrierL ∧ i R ii ∧ j S jj ∧ Loc x u (RSC ii jj ) by autofrom carr l1 have ∃ t . t ∈ carrier L ∧ TS t (RSC ii jj ) ∧ t .O u using TS-and-ORby autofrom this obtain t where l2 : t ∈ carrier L ∧ TS t (RSC ii jj ) ∧ t .O u by auto
show (∃ ii jj t . ii ∈ r-carrier L ∧ jj ∈ s-carrier L ∧ t ∈ carrier L ∧ i R ii ∧ jS jj ∧ E x t (RSC ii jj ))
proof (rule exI [of λii . ∃ jj t . ii ∈ r-carrier L ∧ jj ∈ s-carrier L ∧ t ∈ carrierL ∧ i R ii ∧ j S jj ∧ E x t (RSC ii jj ) ii ])
show ∃ jj t . ii ∈ r-carrier L ∧ jj ∈ s-carrier L ∧ t ∈ carrier L ∧ i R ii ∧ j Sjj ∧ E x t (RSC ii jj )
proof (rule exI [of λjj . ∃ t . ii ∈ r-carrier L ∧ jj ∈ s-carrier L ∧ t ∈ carrierL ∧ i R ii ∧ j S jj ∧ E x t (RSC ii jj ) jj ])
show ∃ t . ii ∈ r-carrier L ∧ jj ∈ s-carrier L ∧ t ∈ carrier L ∧ i R ii ∧ j Sjj ∧ E x t (RSC ii jj )
proof (rule exI [of λt . ii ∈ r-carrier L ∧ jj ∈ s-carrier L ∧ t ∈ carrier L∧ i R ii ∧ j S jj ∧ E x t (RSC ii jj ) t ])
show ii ∈ r-carrier L ∧ jj ∈ s-carrier L ∧ t ∈ carrier L ∧ i R ii ∧ j S jj∧ E x t (RSC ii jj ) by (meson E-I O-sym carr(1 ) l1 l2 )
qedqed
qedqed
lemma (in Inst-TS-mereology) PE-imp-WLOF :
58
fixes x i jassumes pe: PE x (RSC i j )assumes carr : x ∈ e-carrier L i ∈ r-carrier L j ∈ s-carrier Lshows ∃ u. u ∈ carrier L ∧ WLOF u x (RSC i j )
proof −from pe have (∃ uu vv . uu ∈ carrier L ∧ vv ∈ carrier L ∧ LocL x uu (RSC i
j ) ∧ LocL x vv (RSC i j ) ∧ ¬(SIMUL uu vv (RSC i j ))) ∧x ∈ e-carrier L ∧ i ∈ r-carrier L ∧ j ∈ s-carrier L unfolding
PE-def by autofrom this obtain uu vv where l1 : uu ∈ carrier L ∧ vv ∈ carrier L ∧ LocL x
uu (RSC i j ) ∧ LocL x vv (RSC i j ) ∧ ¬(SIMUL uu vv (RSC i j )) ∧x ∈ e-carrier L ∧ i ∈ r-carrier L ∧ j ∈ s-carrier L by auto
from l1 have (∃ y . y ∈ e-carrier L ∧ (InstL x y uu (RSC i j ) ∨ InstL y x uu(RSC i j ))) ∧
(∃ y . y ∈ e-carrier L ∧ (InstL x y vv (RSC i j ) ∨ InstL y x vv(RSC i j ))) ∧
¬(SIMUL uu vv (RSC i j )) ∧x ∈ e-carrier L ∧ uu ∈ carrier L ∧ vv ∈ carrier L ∧ i ∈ r-carrier
L ∧ j ∈ s-carrier L unfolding Loc-def by blastfrom this have (∃w . w ∈ carrier L ∧ TRL w (RSC i j ) ∧
w =⊔
L {uu. uu ∈ carrier L ∧ (∃ y . y ∈ e-carrier L ∧ (InstL xy uu (RSC i j ) ∨ InstL y x uu (RSC i j )))}) using ax-PE-imp-WLOF by blast
from this obtain w where l2 : w ∈ carrier L ∧ TRL w (RSC i j ) ∧w =
⊔L {uu. uu ∈ carrier L ∧ (∃ y . y ∈ e-carrier L ∧ (InstL x
y uu (RSC i j ) ∨ InstL y x uu (RSC i j )))} by autofrom carr have l3 : {uu. uu ∈ carrier L ∧ (∃ y . y ∈ e-carrier L ∧ (InstL x y uu
(RSC i j ) ∨ InstL y x uu (RSC i j )))} ={uu. uu ∈ carrier L ∧ Loc x uu (RSC i j )} using Loc-def by fastforce
from l2 l3 have l4 : w ∈ carrier L ∧ TRL w (RSC i j ) ∧w =
⊔L {uu. uu ∈ carrier L ∧ Loc x uu (RSC i j )} by auto
from carr l4 have w ∈ carrier L ∧ WLOF w x (RSC i j ) using WLOF-defby fastforce
from this show ?thesis by autoqed
5 Parthood for continuant and occurrant particu-lars
definition PCont :: - ⇒ ′b ⇒ ′b ⇒ ′a ⇒ ′a RS ⇒ bool (PCont ı) wherePContL x y t w ≡ ContL x w ∧ ContL y w ∧ TSL t w ∧
(∃ z zz u v . z ∈ e-carrier L ∧ zz ∈ e-carrier L ∧ u ∈carrier L ∧ v ∈ carrier L ∧
InstL x z u w ∧ InstL y zz v w ∧ u vL v ∧ vvL t) ∧
x ∈ e-carrier L ∧ y ∈ e-carrier L ∧ t ∈ carrier L ∧ r-RSw ∈ r-carrier L ∧ s-RS w ∈ s-carrier L
lemma PCont-I :
59
fixes L (structure)fixes x y t i jassumes ContL x (RSC i j )assumes ContL y (RSC i j )assumes TSL t (RSC i j )assumes (∃ z zz u v . z ∈ e-carrier L ∧ zz ∈ e-carrier L ∧ u ∈ carrier L ∧ v ∈
carrier L ∧InstL x z u (RSC i j ) ∧ InstL y zz v (RSC i j )
∧ u vL v ∧ v vL t)assumes x ∈ e-carrier L y ∈ e-carrier L t ∈ carrier L i ∈ r-carrier L j ∈
s-carrier Lshows PContL x y t (RSC i j ) using assms by (simp add : PCont-def )
lemma (in Inst-TS-mereology) Cont-Part-E-imp-PCont-ref :fixes x t i jassumes cont : Cont x (RSC i j )assumes part : Part x (RSC i j )assumes ex : EL x t (RSC i j )assumes carr : x ∈ e-carrier L t ∈ carrier L i ∈ r-carrier L j ∈ s-carrier Lshows PContL x x t (RSC i j )
proof (rule PCont-I )from cont show Cont x (RSC i j ) by auto
nextfrom cont show Cont x (RSC i j ) by auto
nextfrom ex show TSL t (RSC i j ) unfolding E-def by auto
nextfrom cont have PEL x (RSC i j ) ∧ (∃ u. u ∈ carrier L ∧ LocL x u (RSC i j )∧ SRL u (RSC i j )) unfolding Cont-def by auto
from this obtain u where l1 : u ∈ carrier L ∧ LocL x u (RSC i j ) ∧ SRL u(RSC i j ) by autofrom l1 have (∃ y . y ∈ e-carrier L ∧ (InstL x y u (RSC i j ) ∨ InstL y x u (RSC
i j ))) unfolding Loc-def by autofrom this obtain y where l2 : y ∈ e-carrier L ∧ (InstL x y u (RSC i j ) ∨ InstL
y x u (RSC i j )) by autofrom part have (∃ y u. y ∈ e-carrier L ∧ u ∈ carrier L ∧ InstL x y u (RSC i
j )) unfolding Part-def by autofrom this obtain yy uu where l3 : yy ∈ e-carrier L ∧ uu ∈ carrier L ∧ InstL
x yy uu (RSC i j ) by autofrom carr l1 l2 l3 have ¬ InstL y x u (RSC i j ) using Inst-box-assym-P by
blastfrom this l2 have l4 : InstL x y u (RSC i j ) by autofrom l1 have (∃ t . t ∈ carrier L ∧ TSL t (RSC i j ) ∧ u vL t) unfolding SR-def
by autofrom this obtain tt where l5 : tt ∈ carrier L ∧ TSL tt (RSC i j ) ∧ u vL tt by
autofrom ex have l6 : TSL t (RSC i j ) ∧ (∃ u. u ∈ carrier L ∧ LocL x u (RSC i j )
60
∧ u .OL t) unfolding E-def by autofrom this obtain v where l7 : v ∈ carrier L ∧ LocL x v (RSC i j ) ∧ v .OL t
by autofrom carr cont l7 have SR v (RSC i j ) using Cont-and-Loc-imp-SR by autofrom carr this l6 l7 have l8 : v vL t using SR-and-TS-and-O-imp-le by blastfrom carr l1 l2 l4 l7 l8 show ∃ z zz u v .
z ∈ e-carrier L ∧zz ∈ e-carrier L ∧ u ∈ carrier L ∧ v ∈ carrier L ∧ Inst x z u (RSC i j ) ∧ Inst x
zz v (RSC i j ) ∧ u v v ∧ v v t by (metis (no-types, hide-lams) Inst-box-assym-PLoc-def R-ref S-ref local .le-refl)next
from carr show x ∈ e-carrier L t ∈ carrier L i ∈ r-carrier L j ∈ s-carrier L x∈ e-carrier L by autoqed
lemma (in Inst-TS-mereology) PCont-ref-imp-E : [[PContL x x t (RSC i j ); x ∈e-carrier L; t ∈ carrier L;
i ∈ r-carrier L; j ∈ s-carrier L]] =⇒E x t (RSC i j )
unfolding PCont-def using E-I by (metis (no-types, lifting) Inst-imp-LocO-refl le-impl-O-impl-O)
lemma (in Inst-TS-mereology) Part-and-Cont-imp-E-iff-PCont-ref : [[PartL x (RSCi j );ContL x (RSC i j ); x ∈ e-carrier L; t ∈ carrier L;
i ∈ r-carrier L; j ∈ s-carrier L]] =⇒(PContL x x t (RSC i j ) = E x t (RSC i j ))
using Cont-Part-E-imp-PCont-ref PCont-ref-imp-E by blast
lemma (in Inst-TS-mereology) PCont-trans: [[PContL x y t (RSC i j ); PContLy z t (RSC i j );
x ∈ e-carrier L; y ∈ e-carrier L; z ∈ e-carrier L; i ∈ r-carrierL; j ∈ s-carrier L; t ∈ carrier L]] =⇒
PContL x z t (RSC i j )unfolding PCont-def using le-trans by (smt Inst-TS-mereology .Inst-SR-SIMU-imp-Id
Inst-TS-mereology-axioms SIMU-I SR-I )
definition POcc :: - ⇒ ′b ⇒ ′b ⇒ ′a RS ⇒ bool (POccı) wherePOccL x y w ≡ (∃ z zz u v . z ∈ e-carrier L ∧ zz ∈ e-carrier L ∧ u ∈ carrier L∧ v ∈ carrier L ∧
InstL x z u w ∧ InstL y zz v w ∧ u vL v ∧TRL u w ∧ TRL v w) ∧
x ∈ e-carrier L ∧ y ∈ e-carrier L ∧ r-RS w ∈ r-carrierL ∧ s-RS w ∈ s-carrier L
lemma (in Inst-TS-mereology) Part-imp-Occ-imp-POcc-ref : [[Part x (RSC i j );OccL x (RSC i j );
61
x ∈ e-carrier L;i ∈ r-carrier L; j ∈ s-carrier L]] =⇒POccL x x (RSC i j )
unfolding Part-def Occ-def POcc-def using le-refl by (meson Inst-imp-LocSR-imp-negTR S-ref boxS-Loc-imp-SR-OR-boxS-Loc-imp-TR)
lemma (in Inst-TS-mereology) Part-imp-POcc-ref-imp-Occ: [[Part x (RSC i j );POccL x x (RSC i j );
x ∈ e-carrier L;i ∈ r-carrier L; j ∈ s-carrier L]] =⇒OccL x (RSC i j )
unfolding Part-def Occ-def POcc-def by (meson Loc-def PE-def TR-imp-negSIMU )
lemma (in Inst-TS-mereology) Part-imp-POcc-ref-iff-Occ: [[Part x (RSC i j );x ∈ e-carrier L;i ∈ r-carrier L; j ∈ s-carrier L]] =⇒(POccL x x (RSC i j ) = OccL x (RSC i j ))
using Part-imp-Occ-imp-POcc-ref Part-imp-POcc-ref-imp-Occ by blast
lemma (in Inst-TS-mereology) POcc-trans: [[POccL x y (RSC i j ); POccL y z(RSC i j );
x ∈ e-carrier L; y ∈ e-carrier L; z ∈ e-carrier L; i ∈ r-carrierL; j ∈ s-carrier L]] =⇒
POccL x z (RSC i j )unfolding POcc-def using le-trans Inst-TR-imp-Id by (metis (no-types,
theory AtE-Inst-TS-mereology imports Inst-TS-mereology
begin
6 Atomic entities
locale AtE-Inst-TS-mereology = Inst-TS-mereology L for L (structure) +assumes AtE-exist : [[i ∈ r-carrier L; j ∈ s-carrier L]] =⇒ (∃ x . x ∈ e-carrier L∧ AtEL x (RSC i j )) and
AtE-set-finite: [[i ∈ r-carrier L; j ∈ s-carrier L]] =⇒ finite { x . x ∈
62
e-carrier L ∧ AtE x (RSC i j )} andAtE-imp-box-AtE : [[AtE x (RSC i j );i R ii ;j S jj ;
x ∈ e-carrier L; i ∈ r-carrier L; j ∈ s-carrier L; ii ∈ r-carrier L;jj ∈ s-carrier L]]
=⇒ (AtE x (RSC ii jj )) andAtE-imp-box-Inst : [[AtE x (RSC i j );i R ii ;j S jj ;
x ∈ e-carrier L; i ∈ r-carrier L; j ∈ s-carrier L; ii ∈ r-carrier L;jj ∈ s-carrier L]]
=⇒ (∃ y u. y ∈ e-carrier L ∧ u ∈ carrier L ∧ Inst x y u (RSCii jj )) and
AtE-imp-TS-imp-Inst-and-PP : [[AtE x (RSC i j ); x ∈ e-carrier L; i ∈r-carrier L; j ∈ s-carrier L]]
=⇒ (∃ jj . jj ∈ s-carrier L ∧ j S jj ∧(∀ t . t ∈ carrier L ∧ TS t (RSC i jj ) −→
(∃ y u. y ∈ e-carrier L ∧ u ∈ carrier L ∧ Inst xy u (RSC i jj ) ∧ u @ t ))) and
AtE-and-Inst-imp-exists-TS-P : [[AtE x (RSC i j ); Inst x y u (RSC i j );u ∈ carrier L; x ∈ e-carrier L; y ∈ e-carrier L; i ∈
r-carrier L; j ∈ s-carrier L]]=⇒ (∃ t . t ∈ carrier L ∧ TS t (RSC i j ) ∧ u v t )
andAtE-imp-boxS-Inst-and-Inst-and-negSIMU : [[AtE x (RSC i j ); j S jj ; x ∈
e-carrier L; i ∈ r-carrier L; j ∈ s-carrier L; jj ∈ s-carrier L]] =⇒(∃ y u v . y ∈ e-carrier L ∧ u ∈ carrier L ∧ v ∈ carrier L ∧ Inst x y u
(RSC i jj ) ∧ Inst x y v (RSC i jj ) ∧ ¬ SIMU u v (RSC i jj )) andAtE-and-AtE-and-Inst-and-Inst-and-P-imp-Id : [[AtE x1 (RSC i j ); AtE x2
(RSC i j ); Inst x1 y1 u1 (RSC i j ); Inst x2 y2 u2 (RSC i j ); u2 v u1 ;x1 ∈ e-carrier L; x2 ∈ e-carrier L; y1 ∈
lemma (in AtE-Inst-TS-mereology) AtE-and-L-imp-SR:fixes x i j uassumes at : AtEL x (RSC i j )assumes loc: LocL x u (RSC i j )assumes carr : x ∈ e-carrier L u ∈ carrier L i ∈ r-carrier L j ∈ s-carrier Lshows SRL u (RSC i j )
proof −from loc have (∃ y . (y ∈ e-carrier L ∧ ((InstL x y u (RSC i j )) ∨ (InstL y
63
x u (RSC i j ))))) ∧x ∈ e-carrier L ∧ u ∈ carrier L ∧ i ∈ r-carrier L ∧ j ∈ s-carrier
L unfolding Loc-def by autofrom this obtain y where l1 : y ∈ e-carrier L ∧ ((InstL x y u (RSC i j )) ∨
(InstL y x u (RSC i j ))) ∧x ∈ e-carrier L ∧ u ∈ carrier L ∧ i ∈ r-carrier L ∧ j ∈ s-carrier
L by autofrom this have inst-cases: ((InstL x y u (RSC i j )) ∨ (InstL y x u (RSC i
j ))) by autofrom at carr l1 have (InstL y x u (RSC i j )) =⇒ False using AtE-imp-box-Inst
Inst-strong-assym-U by blastfrom this and inst-cases have l2 : (InstL x y u (RSC i j )) by autofrom at carr l2 l1 have (∃ t . t ∈ carrier L ∧ TS t (RSC i j ) ∧ u v t ) using
AtE-and-Inst-imp-exists-TS-P by blastfrom this carr show SRL u (RSC i j ) using SR-I by fast
qed
lemma (in AtE-Inst-TS-mereology) AtE-imp-boxL:fixes x i ii j jjassumes at : AtE x (RSC i j )assumes r-s: i R ii j S jjassumes carr : x ∈ e-carrier L i ∈ r-carrier L ii ∈ r-carrier L j ∈ s-carrier L
jj ∈ s-carrier Lshows (∃ u. u ∈ carrier L ∧ Loc x u (RSC ii jj ))
proof −from assms have (∃ y u. y ∈ e-carrier L ∧ u ∈ carrier L ∧ Inst x y u (RSC ii
jj )) using AtE-imp-box-Inst by autofrom this obtain y where (∃ u. y ∈ e-carrier L ∧ u ∈ carrier L ∧ Inst x y u
(RSC ii jj )) by autofrom this obtain u where l1 : (y ∈ e-carrier L ∧ u ∈ carrier L ∧ Inst x y u
(RSC ii jj )) by autoshow (∃ u. u ∈ carrier L ∧ Loc x u (RSC ii jj ))proof (rule exI [of λu. u ∈ carrier L ∧ Loc x u (RSC ii jj ) u])
show u ∈ carrier L ∧ Loc x u (RSC ii jj )proof (unfold Loc-def )show u ∈ carrier L ∧ (∃ y . y ∈ e-carrier L ∧ (Inst x y u (RSC ii jj ) ∨ Inst y
x u (RSC ii jj ))) ∧x ∈ e-carrier L ∧ u ∈ carrier L ∧ r-RS (RSC ii jj ) ∈ r-carrier L ∧ s-RS (RSC
ii jj ) ∈ s-carrier L using assms l1 by fastforceqed
qedqed
lemma (in AtE-Inst-TS-mereology) AtE-imp-exists-TS-E :fixes x i jassumes at : AtE x (RSC i j )
64
assumes carr : x ∈ e-carrier L i ∈ r-carrier L j ∈ s-carrier Lshows ∃ jj . jj ∈ s-carrier L ∧ j S jj ∧ (∀ t . t ∈ carrier L ∧ TS t (RSC i jj ) −→
E x t (RSC i jj ))proof−
from at carr have (∃ jj . jj ∈ s-carrier L ∧ j S jj ∧(∀ t . t ∈ carrier L ∧ TS t (RSC i jj ) −→
(∃ y u. y ∈ e-carrier L ∧ u ∈ carrier L ∧ Inst xy u (RSC i jj ) ∧ u @ t )))
using AtE-imp-TS-imp-Inst-and-PP by autofrom this obtain jj where l1 : jj ∈ s-carrier L ∧ j S jj ∧
(∀ t . t ∈ carrier L ∧ TS t (RSC i jj ) −→(∃ y u. y ∈ e-carrier L ∧ u ∈ carrier L ∧ Inst x
y u (RSC i jj ) ∧ u @ t )) by autohave ll : (∀ t . t ∈ carrier L ∧ TS t (RSC i jj ) −→ E x t (RSC i jj ))proof
fix tshow t ∈ carrier L ∧ TS t (RSC i jj ) −→ E x t (RSC i jj )proof
assume a1 :t ∈ carrier L ∧ TS t (RSC i jj )show E x t (RSC i jj )proof−
from l1 have (∀ t . t ∈ carrier L ∧ TS t (RSC i jj ) −→(∃ y u. y ∈ e-carrier L ∧ u ∈ carrier L ∧ Inst x
y u (RSC i jj ) ∧ u @ t )) by autofrom this a1 have (∃ y u. y ∈ e-carrier L ∧ u ∈ carrier L ∧ Inst x y u
(RSC i jj ) ∧ u @ t ) by autofrom this obtain y u where l2 : y ∈ e-carrier L ∧ u ∈ carrier L ∧ Inst x
y u (RSC i jj ) ∧ u @ t by autofrom this carr l1 l2 have Loc x u (RSC i jj ) ∧ u v t using Loc-def by
(metis (no-types, lifting) lless-imp-le r-RS .simps s-RS .simps)from this a1 l1 l2 carr show E x t (RSC i jj ) using E-I by (metis
le-impl-O)qed
qedqedfrom l1 ll show ?thesis by blast
qed
lemma (in AtE-Inst-TS-mereology) AtE-imp-boxPart :fixes x i ii j jjassumes at : AtE x (RSC i j )assumes r-s: i R ii j S jjassumes carr : x ∈ e-carrier L i ∈ r-carrier L ii ∈ r-carrier L j ∈ s-carrier L
jj ∈ s-carrier Lshows (Part x (RSC ii jj )) using assms AtE-imp-box-Inst Part-def by fastforce
65
lemma (in AtE-Inst-TS-mereology) AtE-imp-boxS-PE :fixes x i j jjassumes at : AtE x (RSC i j )assumes s: j S jjassumes carr : x ∈ e-carrier L i ∈ r-carrier L j ∈ s-carrier L jj ∈ s-carrier Lshows (PE x (RSC i jj ))
proof (rule PE-I )show ∃ u v . u ∈ carrier L ∧ v ∈ carrier L ∧ Loc x u (RSC i jj ) ∧ Loc x v (RSC
i jj ) ∧ ¬ SIMU u v (RSC i jj )proof −
from assms have (∃ y u v . y ∈ e-carrier L ∧ u ∈ carrier L ∧ v ∈ carrier L ∧Inst x y u (RSC i jj ) ∧ Inst x y v (RSC i jj ) ∧ ¬ SIMU u v (RSC i jj )) usingAtE-imp-boxS-Inst-and-Inst-and-negSIMU by auto
from this obtain y u v where l1 : y ∈ e-carrier L ∧ u ∈ carrier L ∧ v ∈carrier L ∧ Inst x y u (RSC i jj ) ∧ Inst x y v (RSC i jj ) ∧ ¬ SIMU u v (RSC ijj ) by auto
from l1 carr have l2 : Loc x u (RSC i jj ) using Inst-imp-Loc by autofrom l1 carr have l3 : Loc x v (RSC i jj ) using Inst-imp-Loc by autofrom carr l1 l2 l3 show ?thesis by auto
qednext
from carr show x ∈ e-carrier L by autonext
from carr show i ∈ r-carrier L by autonext
from carr show jj ∈ s-carrier L by autoqed
lemma (in AtE-Inst-TS-mereology) AtE-imp-box-L-imp-SR:fixes x u i ii j jjassumes at : AtE x (RSC i j )assumes loc: Loc x u (RSC ii jj )assumes r-s: i R ii j S jjassumes carr : x ∈ e-carrier L u ∈ carrier L i ∈ r-carrier L ii ∈ r-carrier L j ∈
s-carrier L jj ∈ s-carrier Lshows SR u (RSC ii jj ) using assms AtE-and-L-imp-SR AtE-imp-box-AtE by
blast
lemma (in AtE-Inst-TS-mereology) AtE-imp-boxS-Cont :fixes x i j jjassumes at : (AtE x (RSC i j ))assumes s: j S jjassumes carr : x ∈ e-carrier L i ∈ r-carrier L j ∈ s-carrier L jj ∈ s-carrier Lshows (Cont x (RSC i jj )) using assms Cont-def AtE-imp-boxS-PE AtE-imp-boxL
R-ref AtE-and-L-imp-SR AtE-imp-box-AtE by (metis (no-types, hide-lams) PE-def )
66
lemma (in AtE-Inst-TS-mereology) AtE-and-AtE-and-PCont-or-PCont-imp-Id :fixes x y i j tassumes at : AtEL x (RSC i j ) AtEL y (RSC i j )assumes PC : PContL x y t (RSC i j ) ∨ PContL y x t (RSC i j )assumes carr : x ∈ e-carrier L y ∈ e-carrier L t ∈ carrier L i ∈ r-carrier L j ∈
s-carrier Lshows x = y
proof −have PC-0 : PContL x y t (RSC i j ) =⇒ y = xproof −
assume a1 : PContL x y t (RSC i j )show y = xproof −
from a1 have ContL x (RSC i j ) ∧ ContL y (RSC i j ) ∧ TSL t (RSC i j )∧
(∃ z zz u v . z ∈ e-carrier L ∧ zz ∈ e-carrier L ∧ u ∈ carrier L ∧ v∈ carrier L ∧ InstL x z u (RSC i j ) ∧
InstL y zz v (RSC i j ) ∧ u vL v ∧ v vL t) ∧ x ∈ e-carrier L ∧ y∈ e-carrier L ∧ t ∈ carrier L ∧
i ∈ r-carrier L ∧ j ∈ s-carrier L unfolding PCont-def by autofrom this obtain z zz u v where l1 : z ∈ e-carrier L ∧ zz ∈ e-carrier L ∧
u ∈ carrier L ∧ v ∈ carrier L ∧ InstL x z u (RSC i j ) ∧InstL y zz v (RSC i j ) ∧ u vL v ∧ v vL t by auto
show y = xproof(rule AtE-and-AtE-and-Inst-and-Inst-and-P-imp-Id)
from at carr show AtE x (RSC i j ) by autonext
from at carr show AtE y (RSC i j ) by autonext
from l1 show InstL x z u (RSC i j ) by autonext
from l1 show InstL y zz v (RSC i j ) by autonext
from l1 show u vL v by autonextfrom carr show x ∈ e-carrier L y ∈ e-carrier L i ∈ r-carrier L j ∈ s-carrier
L by autonext
from l1 show z ∈ e-carrier L zz ∈ e-carrier L v ∈ carrier L u ∈ carrier Lby auto
qedqed
qedfrom assms have PC-1 : PContL y x t (RSC i j ) =⇒ x = y unfolding PCont-defusing AtE-and-AtE-and-Inst-and-Inst-and-P-imp-Id by blastfrom PC PC-0 PC-1 show ?thesis by autoqed
definition non-empty-M :: ( ′a, ′b, ′c) M-unary-a-set-predicate wherenon-empty-M X L w ≡ X 6= {} ∧ X ⊆ carrier L ∧ (r-RS w) ∈ (r-carrier L) ∧
(s-RS w) ∈ s-carrier L
definition finite-B-M :: ( ′a, ′b, ′c) M-unary-b-set-predicate wherefinite-B-M X L w ≡ finite X
definition finite-A-M :: ( ′a, ′b, ′c) M-unary-a-set-predicate wherefinite-A-M X L w ≡ finite X
definition in-M :: ( ′a, ′b, ′c) M-bin-a-a-set-predicate wherein-M x X L w ≡ x ∈ X ∧ x ∈ carrier L ∧ X ⊆ carrier L ∧ (r-RS w) ∈ (r-carrier
L) ∧ (s-RS w) ∈ s-carrier L
definition Id-a-M :: ( ′a, ′b, ′c) M-bin-a-a-predicate whereId-a-M x y L w ≡ x = y ∧ x ∈ carrier L ∧ y ∈ carrier L ∧ (r-RS w) ∈ (r-carrier
L) ∧ (s-RS w) ∈ s-carrier L
definition Id-b-M :: ( ′a, ′b, ′c) M-bin-b-b-predicate whereId-b-M x y L w ≡ x = y ∧ x ∈ e-carrier L ∧ y ∈ e-carrier L ∧ (r-RS w) ∈
(r-carrier L) ∧ (s-RS w) ∈ s-carrier L
7.3 Lifted version of spacetime mereology
7.3.1 Lifted definitions
definition P-M :: ( ′a, ′b, ′c) M-bin-a-a-predicate whereP-M x y L w ≡ x vL y ∧ x ∈ carrier L ∧ y ∈ carrier L ∧ (r-RS w ∈ r-carrier
L) ∧ (s-RS w ∈ s-carrier L)
definition PP-M :: ( ′a, ′b, ′c) M-bin-a-a-predicate wherePP-M x y L w ≡ x @L y ∧ x ∈ carrier L ∧ y ∈ carrier L ∧ (r-RS w) ∈ (r-carrier
L) ∧ (s-RS w) ∈ s-carrier L
definition O-M :: ( ′a, ′b, ′c) M-bin-a-a-predicate whereO-M x y L w ≡ x .OL y ∧ x ∈ carrier L ∧ y ∈ carrier L ∧ (r-RS w) ∈ (r-carrier
L) ∧ (s-RS w) ∈ s-carrier L
definition ST-M :: ( ′a, ′b, ′c) M-unary-a-predicate whereST-M x L w ≡ (STL x w) ∧ (x ∈ carrier L) ∧ (r-RS w ∈ r-carrier L) ∧ (s-RS
w ∈ s-carrier L)
definition J-M :: ( ′a, ′b, ′c) M-ternary-a-a-a-predicate whereJ-M x y z L w ≡ z = x tL y ∧ x ∈ carrier L ∧ y ∈ carrier L ∧ z ∈ carrier L∧ (r-RS w) ∈ (r-carrier L) ∧ (s-RS w) ∈ s-carrier L
definition M-M :: ( ′a, ′b, ′c) M-ternary-a-a-a-predicate where
69
M-M x y z L w ≡ is-meet L x y z ∧ x ∈ carrier L ∧ y ∈ carrier L ∧ z ∈ carrierL ∧ (r-RS w) ∈ (r-carrier L) ∧ (s-RS w) ∈ s-carrier L
definition Sum-M :: ( ′a, ′b, ′c) M-bin-a-a-set-predicate whereSum-M x X L w ≡ mSum L X x ∧ X 6= {} ∧ x ∈ carrier L ∧ X ⊆ carrier L∧ (r-RS w) ∈ (r-carrier L) ∧ (s-RS w) ∈ s-carrier L
7.3.2 Lifted axioms as theorems
lemma (in AtE-Inst-TS-mereology) J-M-idemp: b�(∀ a x . J-M x x x ) c unfoldingJ-M-def using join-idemp by simp
lemma (in AtE-Inst-TS-mereology) J-M-assoc: b�(∀ a x1 x2 x3 x4 . (∃ a xx . J-Mx1 x2 xx ∧ J-M xx x3 x4 ) ↔ (∃ a xx . J-M x2 x3 xx ∧ J-M x1 xx x4 ))c unfoldingJ-M-def using join-assoc by auto
lemma (in AtE-Inst-TS-mereology) J-M-comm: b�(∀ a x1 x2 x3 . (J-M x1 x2 x3 )↔ (J-M x2 x1 x3 ))c unfolding J-M-def using join-comm by auto
lemma (in AtE-Inst-TS-mereology) J-M-exists: b�(∀ a x y . ∃ a z . J-M x y z )cunfolding J-M-def join-def by auto
lemma (in AtE-Inst-TS-mereology) RP-M : b� (∀ a x y . PP-M x y → (∃ a z .¬ O-M z x ∧ J-M z x y))c unfolding PP-M-def J-M-def O-M-def using RP byblast
lemma (in AtE-Inst-TS-mereology) ST-M-exists: b�(∃ a x . ST-M x )c unfoldingST-M-def by (metis ST-def ST-exists)
lemma (in AtE-Inst-TS-mereology) ST-M-imp-box-ST-M : b�(∀ a x . ST-M x →(� (ST-M x )))c unfolding ST-M-def by (metis ST-def ST-exists)
7.3.3 Recover standard definitions
lemma (in AtE-Inst-TS-mereology) recover-P-M-def : b�(∀ a x1 x2 . (P-M x1 x2 )↔ (J-M x1 x2 x2 ))c unfolding P-M-def J-M-def using le-iff-join by auto
lemma (in AtE-Inst-TS-mereology) recover-O-M-def : b�(∀ a x1 x2 . (O-M x1 x2 )↔ (∃ a z . P-M z x1 ∧ P-M z x2 ))c unfolding P-M-def O-M-def overlap-def byauto
lemma (in AtE-Inst-TS-mereology) recover-Sum-M-def : b�(∀ A X . ((non-empty-MX ) → (∀ a x . (Sum-M x X ) ↔ ((∀ a y . (O-M x y) ↔ (∃ a z . (in-M z X ) ∧ O-Mz y))))))c unfolding non-empty-M-def O-M-def in-M-def Sum-M-def mSum-defby fastforce
70
lemma (in AtE-Inst-TS-mereology) recover-ST-M-def : b�(∀ a x . (ST-M x ) ↔(∀ a y . P-M y x ))c unfolding P-M-def ST-M-def ST-def by (simp add : le-top)
7.3.4 Lifted theorems
lemma (in AtE-Inst-TS-mereology) P-M-ref : b�(∀ a x . P-M x x ) c unfoldingP-M-def using le-refl by simp
lemma (in AtE-Inst-TS-mereology) P-M-antisym: b�(∀ a x y . P-M x y ∧ P-M yx → Id-a-M x y) c unfolding P-M-def Id-a-M-def by auto
lemma (in AtE-Inst-TS-mereology) P-M-trans: b�(∀ a x y z . P-M x y ∧ P-M y z→ P-M x z ) c unfolding P-M-def using le-trans by auto
lemma (in AtE-Inst-TS-mereology) J-M-unique: b�(∀ a x y z1 z2 . (J-M x y z1 ∧J-M x y z2 ) → (Id-a-M z1 z2 ) )c unfolding J-M-def Id-a-M-def by auto
lemma (in AtE-Inst-TS-mereology) P-M-SSP : b�(∀ a x y . ( ∀ a z . O-M z x →O-M z y) → P-M x y) c unfolding O-M-def P-M-def using SSP2 by auto
lemma (in AtE-Inst-TS-mereology) OM-imp-M-M : b�(∀ a x y . O-M x y → (∃ a z .M-M x y z ))c unfolding M-M-def O-M-def using is-meet-closed overlap-impl-is-meetby blast
lemma (in AtE-Inst-TS-mereology) Sum-M-unique: b�(∀ A X . ∀ a x1 x2 . (Sum-Mx1 X ∧ Sum-M x2 X ) → (Id-a-M x1 x2 ) )c unfolding Sum-M-def Id-a-M-defusing mSum-unique by (meson S5-2D-lifted-theory .Sum-M-def )
7.4 Lifted timeslice mereology (TS mereology)
7.4.1 Lifted definitions of TS mereology
definition TS-M :: ( ′a, ′b, ′c) M-unary-a-predicate whereTS-M x L w ≡ (TSL x w) ∧ x ∈ carrier L ∧ (r-RS w) ∈ (r-carrier L) ∧ (s-RS
w) ∈ s-carrier L
definition SR-M :: ( ′a, ′b, ′c) M-unary-a-predicate whereSR-M x L w ≡ (SRL x w) ∧ x ∈ carrier L ∧ (r-RS w) ∈ (r-carrier L) ∧ (s-RS
w) ∈ s-carrier L
definition TR-M :: ( ′a, ′b, ′c) M-unary-a-predicate whereTR-M x L w ≡ (TRL x w) ∧ x ∈ carrier L ∧ (r-RS w) ∈ (r-carrier L) ∧ (s-RS
w) ∈ s-carrier L
definition SIMU-M :: ( ′a, ′b, ′c) M-bin-a-a-predicate whereSIMU-M x y L w ≡ (SIMUL x y w) ∧ x ∈ carrier L ∧ y ∈ carrier L ∧ (r-RS
w) ∈ (r-carrier L) ∧ (s-RS w) ∈ s-carrier L
71
7.4.2 Recover the standard definitions
lemma (in AtE-Inst-TS-mereology) recover-SR-M-def : b�(∀ a x . SR-M x ↔ (∃ a
t . TS-M t ∧ P-M x t))c unfolding SR-M-def TS-M-def P-M-def SR-def by auto
lemma (in AtE-Inst-TS-mereology) recover-R-M-def : b�(∀ a x . TR-M x ↔ (∃ a
t1 t2 . TS-M t1 ∧ TS-M t2 ∧ ¬(O-M t1 t2 ) ∧ O-M x t1 ∧ O-M x t2 ))c unfoldingTR-M-def TS-M-def O-M-def TR-def by auto
lemma (in AtE-Inst-TS-mereology) recover-SIMU-M-def : b�(∀ a x y . SIMU-M xy ↔ (∃ a t . TS-M t ∧ P-M x t ∧ P-M y t))c unfolding SIMU-M-def TS-M-defP-M-def SIMU-def by auto
7.4.3 Lifted axioms for TS mereology as theorems
lemma (in AtE-Inst-TS-mereology) TS-M-and-O-M : b�(∀ a x . ∃ a y . TS-M y ∧O-M y x )c unfolding TS-M-def O-M-def using TS-and-OR by fastforce
lemma (in AtE-Inst-TS-mereology) TS-M-and-TS-M-and-O-M-impl-Id-a-M : b�(∀ a
x y . TS-M x ∧ TS-M y ∧ O-M x y → Id-a-M x y)cunfolding TS-M-def O-M-def Id-a-M-def using TS-and-TS-and-O-imp-Id by
auto
lemma (in AtE-Inst-TS-mereology) exists-TS-M-and-TS-M-and-negO-M : b�(∃ a
x y . TS-M x ∧ TS-M y ∧ ¬(O-M x y))cunfolding TS-M-def O-M-def using exists-TS-and-TS-and-negOR by (metis
r-RS .simps s-RS .simps)
7.4.4 Lifted theorems for TS mereology
lemma (in AtE-Inst-TS-mereology) TS-M-iff-SR-M-O-M-imp-P-M : b�(∀ a t . (TS-Mt) ↔ (SR-M t ∧ (∀ a u. SR-M u ∧ O-M t u → P-M u t )))c unfolding TS-M-defSR-M-def O-M-def P-M-def using TS-iff-SR-O-imp-P by auto
lemma (in AtE-Inst-TS-mereology) SR-M-and-P-M-imp-SR-M : b�(∀ a x y . SR-Mx ∧ P-M y x → SR-M y)c unfolding SR-M-def P-M-def using SR-and-PR-imp-SRby auto
lemma (in AtE-Inst-TS-mereology) ST-M-and-TR-M : b�(∀ a x . ST-M x →TR-M x )c unfolding ST-M-def TR-M-def using ST-imp-TR by force
lemma (in AtE-Inst-TS-mereology) STR-M-and-P-M-imp-STR-M : b�(∀ a x y .TR-M x ∧ P-M x y → TR-M y)c unfolding TR-M-def P-M-def using TR-and-PR-imp-TRby auto
lemma (in AtE-Inst-TS-mereology) STR-M-imp-negSR-M : b�(∀ a x . TR-M x →¬(SR-M x ))c unfolding TR-M-def SR-M-def using TR-imp-negSR by auto
lemma (in AtE-Inst-TS-mereology) SIMU-M-ref : b�(∀ a x . SR-M x ↔ SIMU-Mx x )c unfolding SIMU-M-def SR-M-def using SR-iff-SIMU-refl by auto
72
lemma (in AtE-Inst-TS-mereology) SIMU-M-sym: b�(∀ a x y . SIMU-M x y →SIMU-M y x )c unfolding SIMU-M-def using SIMU-sym by auto
lemma (in AtE-Inst-TS-mereology) SIMU-M-trans: b�(∀ a x y z . SIMU-M x y ∧SIMU-M y z → SIMU-M x z )c unfolding SIMU-M-def using SIMU-trans by(meson ST-def ST-exists)
7.5 Newtonian Spacetime
7.5.1 Lifted axiom of Newtonian ST
lemma (in AtE-Inst-TS-mereology) Newton-TS : N-TS-mereology L =⇒ b�(∀ a x .TS-M x → �S(TS-M x ))c unfolding TS-M-def by (simp add : N-TS-mereology .Newton)
7.5.2 Lifted theorems of Newtonian ST
lemma (in AtE-Inst-TS-mereology) Newton-SR: N-TS-mereology L =⇒ b�(∀ a x .SR-M x → �S(SR-M x ))c unfolding SR-M-def using N-TS-mereology .SR-imp-boxS-SRby auto
lemma (in AtE-Inst-TS-mereology) Newton-TR: N-TS-mereology L =⇒ b�(∀ a x .TR-M x → �S(TR-M x ))c unfolding TR-M-def using N-TS-mereology .TR-imp-boxS-TRby auto
lemma (in AtE-Inst-TS-mereology) Newton-SIMU : N-TS-mereology L =⇒ b�(∀ a
x y . SIMU-M x y → �S(SIMU-M x y))c unfolding SIMU-M-def using N-TS-mereology .SIMU-imp-boxS-SIMUby auto
7.6 Minkowski Spacetime
7.6.1 Lifted axiom of Minkowski ST
lemma (in AtE-Inst-TS-mereology) Minkowski-SIMU : M-TS-mereology L =⇒ b�(∀ a
x y . SIMU-M x y ∧ ¬(Id-a-M x y) → ♦S(¬(SIMU-M x y)))c unfolding SIMU-M-defId-a-M-def using M-TS-mereology .diaS-non-SIMU by (metis r-RS .simps s-RS .simps)
7.7 Inst-TS-mereology
definition Inst-M :: ( ′a, ′b, ′c) M-ternary-b-b-a-predicate whereInst-M x y u L w ≡ InstL x y u w ∧ x ∈ e-carrier L ∧ y ∈ e-carrier L ∧ u ∈
carrier L ∧ (r-RS w) ∈ (r-carrier L) ∧ (s-RS w) ∈ s-carrier L
7.7.1 Lifted axioms of Inst-TS-mereology as theorems
lemma (in AtE-Inst-TS-mereology) Inst-box-assym-M : b�(∀ b x y yy . ∀ a u uu.Inst-M x y u → (¬(♦(Inst-M yy x uu))))c unfolding Inst-M-def by (metis(no-types, lifting) Inst-box-assym-P r-RS .simps s-RS .simps)
73
lemma (in AtE-Inst-TS-mereology) Inst-imp-SR-or-TR-M : b�(∀ b x y . ∀ a u.Inst-M x y u → (SR-M u ∨ TR-M u))c unfolding Inst-M-def SR-M-defTR-M-def using Inst-imp-SR-or-TR by auto
lemma (in AtE-Inst-TS-mereology) Inst-and-SR-imp-box-Inst-and-SR-P-M : b�(∀ b
x y . ∀ a u. Inst-M x y u ∧ SR-M u → (�S (∀ b yy . ∀ a uu. Inst-M x yy uu →SR-M uu)))c unfolding Inst-M-def SR-M-defusing Inst-and-SR-imp-box-Inst-and-SR-P by (metis (no-types, lifting) r-RS .simps
s-RS .simps)
lemma (in AtE-Inst-TS-mereology) Inst-and-SR-imp-box-Inst-and-SR-U-M : b�(∀ b
x y . ∀ a u. Inst-M y x u ∧ SR-M u → (�S (∀ b yy . ∀ a uu. Inst-M yy x uu →SR-M uu)))c unfolding Inst-M-def SR-M-defusing Inst-and-SR-imp-box-Inst-and-SR-U by (metis (no-types, lifting) r-RS .simps
s-RS .simps)
lemma (in AtE-Inst-TS-mereology) Inst-TR-imp-Id-a-M : b�(∀ b x y z . ∀ a u v .Inst-M x y u ∧ Inst-M x z v ∧ TR-M u ∧ TR-M v → Id-a-M u v)c unfoldingInst-M-def TR-M-def Id-a-M-def
using Inst-TR-imp-Id by auto
lemma (in AtE-Inst-TS-mereology) Inst-SR-SIMU-imp-Id-a-M : b�(∀ b x y z . ∀ a
u v . Inst-M x y u ∧ Inst-M x z v ∧ SR-M u ∧ SR-M v ∧ SIMU-M u v → Id-a-Mu v)c unfolding Inst-M-def SR-M-def SIMU-M-def Id-a-M-def
using Inst-SR-SIMU-imp-Id by auto
lemma (in AtE-Inst-TS-mereology) dia-Loc-base-M : b∀ b x . ♦ (∃ a u. ∃ b y . (Inst-Mx y u ∨ Inst-M y x u))cproof (unfold Inst-M-def , safe)
fix γ σ xassume carr : γ ∈ r-carrier L σ ∈ s-carrier L x ∈ e-carrier Lshow ∃ γ ′. γ ′ ∈ r-carrier L ∧
r-RS (RSC γ σ) R γ ′ ∧(∃σ ′. σ ′ ∈ s-carrier L ∧
s-RS (RSC γ ′ (s-RS (RSC γ σ))) S σ ′ ∧(∃ xa. xa ∈ carrier L ∧
(∃ xb. xb ∈ e-carrier L ∧(Inst x xb xa (RSC (r-RS (RSC γ ′ (s-RS (RSC γ
σ)))) σ ′) ∧x ∈ e-carrier L ∧xb ∈ e-carrier L ∧xa ∈ carrier L ∧r-RS (RSC (r-RS (RSC γ ′ (s-RS (RSC γ σ)))) σ ′)
show ∃ γ ′. γ ′ ∈ r-carrier L ∧γ R γ ′ ∧(∃σ ′. σ ′ ∈ s-carrier L ∧
σ S σ ′ ∧(∃ xa. xa ∈ carrier L ∧
(∃ xb. xb ∈ e-carrier L ∧(Inst x xb xa (RSC γ ′ σ ′) ∧x ∈ e-carrier L ∧ xb ∈ e-carrier L ∧ xa ∈ carrier L ∧ γ ′ ∈
r-carrier L ∧ σ ′ ∈ s-carrier L ∨Inst xb x xa (RSC γ ′ σ ′) ∧xb ∈ e-carrier L ∧ x ∈ e-carrier L ∧ xa ∈ carrier L ∧ γ ′ ∈
r-carrier L ∧ σ ′ ∈ s-carrier L))))proof−from carr have (∃ ii jj . ii ∈ r-carrier L ∧ jj ∈ s-carrier L ∧ γ RL ii ∧ σ
SL jj ∧ (∃ u y . u ∈ carrier L ∧y ∈ e-carrier L ∧ ((InstL x y u (RSC ii jj )) ∨ (InstL y x u (RSC
ii jj ))))) using dia-Loc-base-MM by autofrom this obtain γ ′ σ ′ where l1 : γ ′ ∈ r-carrier L ∧ σ ′ ∈ s-carrier L ∧ γ
RL γ ′ ∧ σ SL σ ′ ∧ (∃ u y . u ∈ carrier L ∧y ∈ e-carrier L ∧ ((InstL x y u (RSC γ ′ σ ′)) ∨ (InstL y x u (RSC
γ ′ σ ′)))) by autofrom carr l1 show ∃ γ ′. γ ′ ∈ r-carrier L ∧γ R γ ′ ∧(∃σ ′. σ ′ ∈ s-carrier L ∧
σ S σ ′ ∧(∃ xa. xa ∈ carrier L ∧
(∃ xb. xb ∈ e-carrier L ∧(Inst x xb xa (RSC γ ′ σ ′) ∧x ∈ e-carrier L ∧ xb ∈ e-carrier L ∧ xa ∈ carrier L ∧ γ ′ ∈
r-carrier L ∧ σ ′ ∈ s-carrier L ∨Inst xb x xa (RSC γ ′ σ ′) ∧xb ∈ e-carrier L ∧ x ∈ e-carrier L ∧ xa ∈ carrier L ∧ γ ′ ∈
r-carrier L ∧ σ ′ ∈ s-carrier L)))) by blastqed
qedqed
7.7.2 Definitions of Inst-TS-mereology
definition Loc-M :: ( ′a, ′b, ′c) M-bin-b-a-predicate whereLoc-M x u L w ≡ (LocL x u w) ∧ x ∈ e-carrier L ∧ u ∈ carrier L ∧ (r-RS w)
75
∈ (r-carrier L) ∧ (s-RS w) ∈ s-carrier L
definition Uni-M :: ( ′a, ′b, ′c) M-unary-b-predicate whereUni-M x L w ≡ (UniL x w) ∧ x ∈ e-carrier L ∧ (r-RS w) ∈ (r-carrier L) ∧
(s-RS w) ∈ s-carrier L
definition Part-M :: ( ′a, ′b, ′c) M-unary-b-predicate wherePart-M x L w ≡ (PartL x w) ∧ x ∈ e-carrier L ∧ (r-RS w) ∈ (r-carrier L) ∧
(s-RS w) ∈ s-carrier L
definition PE-M :: ( ′a, ′b, ′c) M-unary-b-predicate wherePE-M x L w ≡ (PEL x w) ∧ x ∈ e-carrier L ∧ (r-RS w) ∈ (r-carrier L) ∧
(s-RS w) ∈ s-carrier L
definition E-M :: ( ′a, ′b, ′c) M-bin-b-a-predicate whereE-M x u L w ≡ (EL x u w) ∧ x ∈ e-carrier L ∧ u ∈ carrier L ∧ (r-RS w) ∈
(r-carrier L) ∧ (s-RS w) ∈ s-carrier L
definition Occ-M :: ( ′a, ′b, ′c) M-unary-b-predicate whereOcc-M x L w ≡ (OccL x w) ∧ x ∈ e-carrier L ∧ (r-RS w) ∈ (r-carrier L) ∧
(s-RS w) ∈ s-carrier L
definition Cont-M :: ( ′a, ′b, ′c) M-unary-b-predicate whereCont-M x L w ≡ (ContL x w) ∧ x ∈ e-carrier L ∧ (r-RS w) ∈ (r-carrier L) ∧
(s-RS w) ∈ s-carrier L
definition WLOF-M :: ( ′a, ′b, ′c) M-bin-b-a-predicate whereWLOF-M x u L w ≡ (WLOFL u x w) ∧ x ∈ e-carrier L ∧ u ∈ carrier L ∧
(r-RS w) ∈ (r-carrier L) ∧ (s-RS w) ∈ s-carrier L
7.7.3 Recover the standard definitions
lemma (in AtE-Inst-TS-mereology) recover-Loc-M-def : b�(∀ a u. ∀ b x . Loc-M x u↔ (∃ b y . Inst-M x y u ∨ Inst-M y x u))c unfolding Loc-M-def Inst-M-def Loc-defby auto
lemma (in AtE-Inst-TS-mereology) recover-Part-M-def : b�(∀ b x . Part-M x ↔(∃ b y . ∃ a u. Inst-M x y u))c unfolding Part-M-def Inst-M-def Part-def by auto
lemma (in AtE-Inst-TS-mereology) recover-Uni-M-def : b�(∀ b x . Uni-M x ↔ (∃ b
y . ∃ a u. Inst-M y x u))c unfolding Uni-M-def Inst-M-def Uni-def by auto
lemma (in AtE-Inst-TS-mereology) recover-PE-M-def : b�(∀ b x . PE-M x ↔ (∃ a
u v . Loc-M x u ∧ Loc-M x v ∧ ¬(SIMU-M u v)))c unfolding PE-M-def Loc-M-defSIMU-M-def PE-def by auto
lemma (in AtE-Inst-TS-mereology) recover-E-M-def : b�(∀ a t . ∀ b x . E-M x t↔ (TS-M t ∧ (∃ a u. Loc-M x u ∧ O-M u t)))c unfolding E-M-def Loc-M-defTS-M-def O-M-def E-def by auto
76
lemma (in AtE-Inst-TS-mereology) recover-Cont-M-def : b�(∀ b x . Cont-M x ↔PE-M x ∧ (∃ a u. Loc-M x u ∧ SR-M u))c unfolding Cont-M-def PE-M-defLoc-M-def SR-M-def Cont-def by auto
lemma (in AtE-Inst-TS-mereology) recover-Occ-M-def : b�(∀ b x . Occ-M x ↔ (∃ a
u. Loc-M x u ∧ TR-M u))c unfolding Occ-M-def PE-M-def Loc-M-def TR-M-defOcc-def by auto
7.7.4 Lifted theorems of Inst-TS-mereology
lemma (in AtE-Inst-TS-mereology) Loc-and-SR-imp-boxS-Loc-and-SR-M : b�(∀ a
u. ∀ b x . Loc-M x u ∧ SR-M u → (�S(∀ a v . Loc-M x v → SR-M v)))c un-folding Loc-M-def SR-M-def using Loc-and-SR-imp-boxS-Loc-and-SR by (metis(no-types, lifting) r-RS .simps s-RS .simps)
lemma (in AtE-Inst-TS-mereology) Loc-and-TR-imp-boxS-Loc-and-TR-M : b�(∀ a
u. ∀ b x . Loc-M x u ∧ TR-M u → (�S(∀ a v . Loc-M x v → TR-M v)))c un-folding Loc-M-def TR-M-def using Loc-and-TR-imp-boxS-Loc-and-TR by (metis(no-types, lifting) r-RS .simps s-RS .simps)
lemma (in AtE-Inst-TS-mereology) boxS-Loc-imp-SR-OR-boxS-Loc-imp-TR-M : b�(∀ a
u. ∀ b x . �S(Loc-M x u → SR-M u) ∨ �S(Loc-M x u → TR-M u))c unfoldingLoc-M-def TR-M-def SR-M-def using boxS-Loc-imp-SR-OR-boxS-Loc-imp-TR by(metis (no-types, lifting) r-RS .simps s-RS .simps)
lemma (in AtE-Inst-TS-mereology) Part-imp-boxPart-M : b�(∀ a u. ∀ b x . Part-Mx → (�(Loc-M x u → Part-M x )))c unfolding Loc-M-def Part-M-def usingPart-imp-boxPart by simp
lemma (in AtE-Inst-TS-mereology) Uni-imp-boxCont-M : b�(∀ a u. ∀ b x . Uni-M x→ (�(Loc-M x u → Uni-M x )))c unfolding Loc-M-def Uni-M-def using Uni-imp-boxUniby simp
lemma (in AtE-Inst-TS-mereology) Cont-imp-boxSCont-M : b�(∀ b x . Cont-M x→ (�S(PE-M x → Cont-M x )))c unfolding PE-M-def Cont-M-def using Cont-imp-boxS-Contby auto
lemma (in AtE-Inst-TS-mereology) Occ-imp-boxSOcc-M : b�(∀ b x . Occ-M x →(�S(PE-M x → Occ-M x )))c unfolding PE-M-def Occ-M-def using Occ-imp-boxS-Occby auto
lemma (in AtE-Inst-TS-mereology) Occ-imp-PE-M : b�(∀ b x . Occ-M x → PE-Mx )c unfolding PE-M-def Occ-M-def using Occ-imp-PE by (metis (no-types, lift-ing) r-RS .simps s-RS .simps)
lemma (in AtE-Inst-TS-mereology) dia-E-M : b�(∀ b x . (♦(∃ a t . E-M x t)))c un-folding E-M-def using dia-E by (metis (no-types, lifting) r-RS .simps s-RS .simps)
77
lemma (in AtE-Inst-TS-mereology) Cont-imp-negOcc-M : b�(∀ b x . Cont-M x →¬(Occ-M x ))c unfolding Cont-M-def Occ-M-def using Cont-imp-negOcc by(metis (no-types, lifting) r-RS .simps s-RS .simps)
lemma (in AtE-Inst-TS-mereology) Cont-and-Loc-imp-SR-M : b�(∀ a u. ∀ b x .Cont-M x ∧ Loc-M x u → SR-M u)c unfolding Cont-M-def Loc-M-def SR-M-defusing Cont-and-Loc-imp-SR by (metis (no-types, lifting) r-RS .simps s-RS .simps)
lemma (in AtE-Inst-TS-mereology) Occ-and-Loc-imp-TR-M : b�(∀ a u. ∀ b x . Occ-Mx ∧ Loc-M x u → TR-M u)c unfolding Occ-M-def Loc-M-def TR-M-def usingOcc-and-Loc-imp-TR by (metis (no-types, lifting) r-RS .simps s-RS .simps)
lemma (in AtE-Inst-TS-mereology) Cont-and-Part-and-Loc-and-SIMU-imp-Id-a-M :b�(∀ a u v . ∀ b x . Cont-M x ∧ Part-M x ∧ Loc-M x u ∧ Loc-M x v ∧ SIMU-Mu v → Id-a-M u v)c unfolding Cont-M-def Part-M-def Loc-M-def SIMU-M-defId-a-M-def using Cont-and-Part-and-Loc-and-SIMU-imp-Id by auto
lemma (in AtE-Inst-TS-mereology) Occ-and-Part-and-Loc-imp-Id-a-M : b�(∀ a uv . ∀ b x . Occ-M x ∧ Part-M x ∧ Loc-M x u ∧ Loc-M x v → Id-a-M u v)c unfoldingOcc-M-def Part-M-def Loc-M-def Id-a-M-def using Occ-and-Part-and-Loc-imp-Idby auto
7.7.5 Lifted axiom for worldlines
lemma (in AtE-Inst-TS-mereology) PE-imp-WLOF-M : b�(∀ b x . PE-M x → (∃ a
u. WLOF-M x u))c unfolding PE-M-def WLOF-M-defusing PE-imp-WLOF by fastforce
7.8 Mereology of particulars
7.8.1 Definitions
definition PCont-M :: ( ′a, ′b, ′c) M-ternary-b-b-a-predicate wherePCont-M x y t L w ≡ PContL x y t w ∧ x ∈ e-carrier L ∧ y ∈ e-carrier L ∧ t∈ carrier L ∧ (r-RS w) ∈ (r-carrier L) ∧ (s-RS w) ∈ s-carrier L
definition POcc-M :: ( ′a, ′b, ′c) M-bin-b-b-predicate wherePOcc-M x y L w ≡ POccL x y w ∧ x ∈ e-carrier L ∧ y ∈ e-carrier L ∧ (r-RS
w) ∈ (r-carrier L) ∧ (s-RS w) ∈ s-carrier L
7.8.2 Recover standard definitions
lemma (in AtE-Inst-TS-mereology) recover-PCont-M-def : b�(∀ a t . (∀ b x y . (PCont-Mx y t) ↔ (Cont-M x ∧ Cont-M y ∧ TS-M t ∧ (∃ b z zz . (∃ a u v . Inst-M x z u ∧Inst-M y zz v ∧ P-M u v ∧ P-M v t)))))c
unfolding Cont-M-def PCont-M-def Inst-M-def TS-M-def P-M-def PCont-defby auto
lemma (in AtE-Inst-TS-mereology) recover-POcc-M-def : b�(∀ b x y . (POcc-M xy) ↔ (∃ b z zz . (∃ a u v . Inst-M x z u ∧ Inst-M y zz v ∧ P-M u v ∧ TR-M u ∧
78
TR-M v)))cunfolding POcc-M-def Inst-M-def TR-M-def P-M-def POcc-def by auto
7.8.3 Lifted theorems for PCon and POcc
lemma (in AtE-Inst-TS-mereology) Part-and-Cont-imp-E-iff-PCont-ref-M : b�(∀ b
x . ∀ a t . Part-M x ∧ Cont-M x → (E-M x t ↔ PCont-M x x t))cunfolding Part-M-def E-M-def Cont-M-def PCont-M-def using Part-and-Cont-imp-E-iff-PCont-ref
by fastforce
lemma (in AtE-Inst-TS-mereology) PCont-trans-M : b�(∀ b x y z . ∀ a t . PCont-Mx y t ∧ PCont-M y z t → PCont-M x z t)c
unfolding PCont-M-def using PCont-trans by (metis (no-types, lifting)r-RS .simps)
lemma (in AtE-Inst-TS-mereology) Part-imp-POcc-ref-iff-Occ-M : b�(∀ b x . Part-Mx → (Occ-M x ↔ POcc-M x x ))cunfolding Part-M-def Occ-M-def POcc-M-def using Part-imp-POcc-ref-iff-Occ
by simp
lemma (in AtE-Inst-TS-mereology) POcc-trans-M : b�(∀ b x y z . POcc-M x y ∧POcc-M y z → POcc-M x z )cunfolding POcc-M-def using POcc-trans by (metis (no-types, lifting) r-RS .simps)
7.9 Atomic entities – AtE-Inst-TS-mereology
7.9.1 Primitive as definition
definition AtE-M :: ( ′a, ′b, ′c) M-unary-b-predicate whereAtE-M x L w ≡ AtEL x w ∧ x ∈ e-carrier L ∧ (r-RS w ∈ r-carrier L) ∧ (s-RS
w ∈ s-carrier L)
7.9.2 Lifted axioms of AtE-Inst-TS-mereology as theorems
lemma (in AtE-Inst-TS-mereology) AtE-exist-M : b�(∃ b x . AtE-M x )c unfoldingAtE-M-def using AtE-exist by auto
lemma (in AtE-Inst-TS-mereology) AtE-set-finite-M :[[i ∈ r-carrier L; j ∈ s-carrier L]] =⇒ b�(finite-B-M { x . x ∈ e-carrier L ∧ AtEL
x (RSC i j )} )cunfolding AtE-M-def finite-B-M-def using AtE-set-finite by blast
lemma (in AtE-Inst-TS-mereology) AtE-imp-box-AtE-M : b�(∀ b x . AtE-M x →�(AtE-M x ))c unfolding AtE-M-def using AtE-imp-box-AtE by auto
lemma (in AtE-Inst-TS-mereology) AtE-imp-box-Inst-M : b�(∀ b x . AtE-M x →�(∃ b y . ∃ a u. Inst-M x y u))c unfolding AtE-M-def Inst-M-def usingAtE-imp-box-Inst by fastforce
79
lemma (in AtE-Inst-TS-mereology) AtE-imp-TS-imp-Inst-and-PP-M : b�(∀ b x .AtE-M x → ♦S(∀ a t . TS-M t → (∃ b y . ∃ a u. Inst-M x y u ∧ PP-M u t)))c un-folding AtE-M-def Inst-M-def TS-M-def PP-M-def using AtE-imp-TS-imp-Inst-and-PPby (metis (no-types, lifting) r-RS .simps s-RS .simps)
lemma (in AtE-Inst-TS-mereology) AtE-and-Inst-imp-exists-TS-P-M : b�(∀ b x y .∀ a u. AtE-M x ∧ Inst-M x y u → (∃ a t . TS-M t ∧ P-M u t))c unfoldingAtE-M-def Inst-M-def TS-M-def P-M-def using AtE-and-Inst-imp-exists-TS-P by(metis (no-types, lifting) r-RS .simps s-RS .simps)
lemma (in AtE-Inst-TS-mereology) AtE-imp-boxS-Inst-and-Inst-and-negSIMU-M :b�(∀ b x . AtE-M x → �S(∃ b y z . ∃ a u v . Inst-M x y u ∧ Inst-M x z v ∧¬(SIMU-M u v)))c unfolding AtE-M-def Inst-M-def SIMU-M-def using AtE-imp-boxS-Inst-and-Inst-and-negSIMUby (metis (no-types, lifting) r-RS .simps s-RS .simps)
lemma (in AtE-Inst-TS-mereology) AtE-and-AtE-and-Inst-and-Inst-imp-P-and-Id-M :b�(∀ b x1 y1 x2 y2 . (∀ a u1 u2 . AtE-M x1 ∧ AtE-M x2 ∧ Inst-M x1 y1 u1 ∧ Inst-Mx2 y2 u2 ∧ P-M u2 u1 → Id-b-M x1 x2 ))c unfolding AtE-M-def Inst-M-defP-M-def Id-b-M-def using AtE-and-AtE-and-Inst-and-Inst-and-P-imp-Id by (metis(no-types, lifting) r-RS .simps s-RS .simps)
7.9.3 Lifted theorems of AtE-Inst-TS-mereology
lemma (in AtE-Inst-TS-mereology) AtE-and-L-imp-SR-M : b�(∀ b x . (∀ a u. AtE-Mx ∧ Loc-M x u → SR-M u))c unfolding AtE-M-def SR-M-def Loc-M-def usingAtE-and-L-imp-SR by (metis (no-types, lifting) r-RS .simps s-RS .simps)
lemma (in AtE-Inst-TS-mereology) AtE-imp-boxL-M : b�(∀ b x . AtE-M x → �(∃ a
u. Loc-M x u))c unfolding AtE-M-def Loc-M-def using AtE-imp-boxL by(metis (no-types, lifting) r-RS .simps s-RS .simps)
lemma (in AtE-Inst-TS-mereology) AtE-imp-exists-TS-E-M : b�(∀ b x . AtE-M x→ ♦S(∀ a t . TS-M t → E-M x t))c unfolding AtE-M-def TS-M-def E-M-defusing AtE-imp-exists-TS-E by (metis (no-types, lifting) r-RS .simps s-RS .simps)
lemma (in AtE-Inst-TS-mereology) AtE-imp-boxPart-M : b�(∀ b x . AtE-M x →�(Part-M x ))c unfolding AtE-M-def Part-M-def using AtE-imp-boxPart by(metis (no-types, lifting) r-RS .simps s-RS .simps)
lemma (in AtE-Inst-TS-mereology) AtE-imp-boxS-PE-M : b�(∀ b x . AtE-M x →�S(PE-M x ))c unfolding AtE-M-def PE-M-def using AtE-imp-boxS-PE by(metis (no-types, lifting) r-RS .simps s-RS .simps)
lemma (in AtE-Inst-TS-mereology) AtE-imp-box-L-imp-SR-M : b�(∀ b x . AtE-Mx → �(∀ a u. Loc-M x u → SR-M u))c unfolding AtE-M-def Loc-M-defSR-M-def using AtE-imp-box-L-imp-SR by (metis (no-types, lifting) r-RS .simpss-RS .simps)
lemma (in AtE-Inst-TS-mereology) AtE-imp-boxS-Cont-M : b�(∀ b x . AtE-M x →
80
�S(Cont-M x ))c unfolding AtE-M-def Cont-M-def using AtE-imp-boxS-Contby (metis (no-types, lifting) r-RS .simps s-RS .simps)
lemma (in AtE-Inst-TS-mereology) AtE-and-AtE-and-PCont-or-PCont-imp-Id-M :b�(∀ b x y . ∀ a t . AtE-M x ∧ AtE-M y ∧ (PCont-M x y t ∨ PCont-M y xt) → (Id-b-M x y))c unfolding AtE-M-def PCont-M-def Id-b-M-def usingAtE-and-AtE-and-PCont-or-PCont-imp-Id by (metis (no-types, lifting) r-RS .simpss-RS .simps)
lemma finite-ts-set-M-1 : finite ts-set-M-1 by auto
lemma SR-set-M-0-impl-ts-set-M-0 : x ∈ SR-set-M-0 =⇒ ∃ ts. ts ∈ ts-set-M-0 ∧x ⊆ ts by blastlemma SR-set-M-1-impl-ts-set-M-1 : x ∈ SR-set-M-1 =⇒ ∃ ts. ts ∈ ts-set-M-1 ∧x ⊆ ts by blast
abbreviation isTS-M :: Reg ⇒ Reg RS ⇒ boolwhere isTS-M t w ≡ t ∈ s-RS w ∧ ((s-RS w = ts-set-M-0 ) ∨ (s-RS w =
ts-set-M-1 ))
abbreviation ts-set-M :: Reg set set wherets-set-M ≡ {ts-set-M-0 ,ts-set-M-1}
lemma finite-ts-set-M : finite ts-set-M by auto
lemma SR-set-M-0-imp-ts-set-M-0 :fixes u iassumes u: u ∈ m-set u ∈ SR-set-M-0shows (∃ t . t ∈ m-set ∧ isTS-M t (RSC i ts-set-M-0 ) ∧ u ⊆ t)
proof−from u have uu: u 6= {} ∧ (u ⊆ ts0 ∨ u ⊆ ts1 ∨ u ⊆ ts2 ) by autohave uu0 : u 6= {} ∧ u ⊆ ts0 =⇒ (∃ t . t ∈ m-set ∧ isTS-M t (RSC i ts-set-M-0 )∧ u ⊆ t)
proof−assume a: u 6= {} ∧ u ⊆ ts0
84
show (∃ t . t ∈ m-set ∧ isTS-M t (RSC i ts-set-M-0 ) ∧ u ⊆ t)proof (rule exI [of λt . t ∈ m-set ∧ isTS-M t (RSC i ts-set-M-0 ) ∧ u ⊆ t ts0 ])
from a show ts0 ∈ m-set ∧ isTS-M ts0 (RSC i ts-set-M-0 ) ∧ u ⊆ ts0 byauto
qedqedhave uu1 : u 6= {} ∧ u ⊆ ts1 =⇒ (∃ t . t ∈ m-set ∧ isTS-M t (RSC i ts-set-M-0 )∧ u ⊆ t)
proof−assume a: u 6= {} ∧ u ⊆ ts1show (∃ t . t ∈ m-set ∧ isTS-M t (RSC i ts-set-M-0 ) ∧ u ⊆ t)proof (rule exI [of λt . t ∈ m-set ∧ isTS-M t (RSC i ts-set-M-0 ) ∧ u ⊆ t ts1 ])
from a show ts1 ∈ m-set ∧ isTS-M ts1 (RSC i ts-set-M-0 ) ∧ u ⊆ ts1 byauto
qedqedhave uu2 : u 6= {} ∧ u ⊆ ts2 =⇒ (∃ t . t ∈ m-set ∧ isTS-M t (RSC i ts-set-M-0 )∧ u ⊆ t)
proof−assume a: u 6= {} ∧ u ⊆ ts2show (∃ t . t ∈ m-set ∧ isTS-M t (RSC i ts-set-M-0 ) ∧ u ⊆ t)proof (rule exI [of λt . t ∈ m-set ∧ isTS-M t (RSC i ts-set-M-0 ) ∧ u ⊆ t ts2 ])
from a show ts2 ∈ m-set ∧ isTS-M ts2 (RSC i ts-set-M-0 ) ∧ u ⊆ ts2 byauto
qedqedfrom uu uu0 uu1 uu2 show (∃ t . t ∈ m-set ∧ isTS-M t (RSC i ts-set-M-0 ) ∧ u⊆ t) by forceqed
lemma ts-set-M-0-imp-SR-set-M-0 :fixes u iassumes a1 : u ∈ m-setassumes a2 : (∃ t . t ∈ m-set ∧ isTS-M t (RSC i ts-set-M-0 ) ∧ u ⊆ t)shows u ∈ SR-set-M-0
proof −from assms have uu: u 6= {} ∧ (u ⊆ ts0 ∨ u ⊆ ts1 ∨ u ⊆ ts2 ) by (metis
(mono-tags, lifting) insertE mem-Collect-eq s-RS .simps singletonD)have uu0 : u 6= {} ∧ u ⊆ ts0 =⇒ u ∈ SR-set-M-0proof−
assume a: u 6= {} ∧ u ⊆ ts0show u ∈ SR-set-M-0proof−
from a have u = A-00 ∨ u = A-10 ∨ u = ts0 by autofrom this show u ∈ SR-set-M-0 by force
qedqedhave uu1 : u 6= {} ∧ u ⊆ ts1 =⇒ u ∈ SR-set-M-0
85
proof−assume a: u 6= {} ∧ u ⊆ ts1show u ∈ SR-set-M-0proof−
from a have u = A-01 ∨ u = A-11 ∨ u = ts1 by autofrom this show u ∈ SR-set-M-0 by force
qedqedhave uu2 : u 6= {} ∧ u ⊆ ts2 =⇒ u ∈ SR-set-M-0proof−
assume a: u 6= {} ∧ u ⊆ ts2show u ∈ SR-set-M-0proof−
from a have u = A-02 ∨ u = A-12 ∨ u = ts2 by autofrom this show u ∈ SR-set-M-0 by force
qedqedfrom uu uu0 uu1 uu2 show u ∈ SR-set-M-0 by meson
qed
lemma SR-set-M-0-iff-ts-set-M-0 : u ∈ m-set =⇒ (u ∈ SR-set-M-0 = (∃ t . t ∈m-set ∧ isTS-M t (RSC i ts-set-M-0 ) ∧ u ⊆ t))
using SR-set-M-0-imp-ts-set-M-0 ts-set-M-0-imp-SR-set-M-0 by meson
lemma ts-set-M-1-imp-SR-set-M-1 :assumes a1 : u ∈ m-setassumes a2 : (∃ t . t ∈ m-set ∧ isTS-M t (RSC i ts-set-M-1 ) ∧ u ⊆ t)shows u ∈ SR-set-M-1
proof −from assms have uu: u 6= {} ∧ (u ⊆ ts0-M ∨ u ⊆ ts1-M ∨ u ⊆ ts2-M ∨
u ⊆ ts3-M ) by (metis (mono-tags, lifting) insertE mem-Collect-eq s-RS .simpssingletonD)
have uu0 : u 6= {} ∧ u ⊆ ts0-M =⇒ u ∈ SR-set-M-1proof−
assume a: u 6= {} ∧ u ⊆ ts0-Mshow u ∈ SR-set-M-1proof−
from a have u = ts0-M by autofrom this show u ∈ SR-set-M-1 by force
qedqedhave uu1 : u 6= {} ∧ u ⊆ ts1-M =⇒ u ∈ SR-set-M-1proof−
assume a: u 6= {} ∧ u ⊆ ts1-Mshow u ∈ SR-set-M-1proof−
from a have u = A-00 ∨ u = A-11 ∨ u = ts1-M by autofrom this show u ∈ SR-set-M-1 by force
86
qedqedhave uu2 : u 6= {} ∧ u ⊆ ts2-M =⇒ u ∈ SR-set-M-1proof−
assume a: u 6= {} ∧ u ⊆ ts2-Mshow u ∈ SR-set-M-1proof−
from a have u = A-01 ∨ u = A-12 ∨ u = ts2-M by autofrom this show u ∈ SR-set-M-1 by force
qedqedhave uu3 : u 6= {} ∧ u ⊆ ts3-M =⇒ u ∈ SR-set-M-1proof−
assume a: u 6= {} ∧ u ⊆ ts3-Mshow u ∈ SR-set-M-1proof−
from a have u = ts3-M by autofrom this show u ∈ SR-set-M-1 by force
qedqedfrom uu uu0 uu1 uu2 uu3 show u ∈ SR-set-M-1 by meson
qed
lemma SR-set-M-1-imp-ts-set-M-1 :fixes u iassumes u: u ∈ m-set u ∈ SR-set-M-1shows (∃ t . t ∈ m-set ∧ isTS-M t (RSC i ts-set-M-1 ) ∧ u ⊆ t)
proof−from u have uu: u 6= {} ∧ (u ⊆ ts0-M ∨ u ⊆ ts1-M ∨ u ⊆ ts2-M ∨ u ⊆ ts3-M )
by autohave uu0 : u 6= {} ∧ u ⊆ ts0-M =⇒ (∃ t . t ∈ m-set ∧ isTS-M t (RSC i
ts-set-M-1 ) ∧ u ⊆ t)proof−
assume a: u 6= {} ∧ u ⊆ ts0-Mshow (∃ t . t ∈ m-set ∧ isTS-M t (RSC i ts-set-M-1 ) ∧ u ⊆ t)proof (rule exI [of λt . t ∈ m-set ∧ isTS-M t (RSC i ts-set-M-1 ) ∧ u ⊆ t
ts0-M ])from a show ts0-M ∈ m-set ∧ isTS-M ts0-M (RSC i ts-set-M-1 ) ∧ u ⊆
ts0-M by autoqed
qedhave uu1 : u 6= {} ∧ u ⊆ ts1-M =⇒ (∃ t . t ∈ m-set ∧ isTS-M t (RSC i
ts-set-M-1 ) ∧ u ⊆ t)proof−
assume a: u 6= {} ∧ u ⊆ ts1-Mshow (∃ t . t ∈ m-set ∧ isTS-M t (RSC i ts-set-M-1 ) ∧ u ⊆ t)proof (rule exI [of λt . t ∈ m-set ∧ isTS-M t (RSC i ts-set-M-1 ) ∧ u ⊆ t
ts1-M ])from a show ts1-M ∈ m-set ∧ isTS-M ts1-M (RSC i ts-set-M-1 ) ∧ u ⊆
87
ts1-M by autoqed
qedhave uu2 : u 6= {} ∧ u ⊆ ts2-M =⇒ (∃ t . t ∈ m-set ∧ isTS-M t (RSC i
ts-set-M-1 ) ∧ u ⊆ t)proof−
assume a: u 6= {} ∧ u ⊆ ts2-Mshow (∃ t . t ∈ m-set ∧ isTS-M t (RSC i ts-set-M-1 ) ∧ u ⊆ t)proof (rule exI [of λt . t ∈ m-set ∧ isTS-M t (RSC i ts-set-M-1 ) ∧ u ⊆ t
ts2-M ])from a show ts2-M ∈ m-set ∧ isTS-M ts2-M (RSC i ts-set-M-1 ) ∧ u ⊆
ts2-M by autoqed
qedhave uu3 : u 6= {} ∧ u ⊆ ts3-M =⇒ (∃ t . t ∈ m-set ∧ isTS-M t (RSC i
ts-set-M-1 ) ∧ u ⊆ t)proof−
assume a: u 6= {} ∧ u ⊆ ts3-Mshow (∃ t . t ∈ m-set ∧ isTS-M t (RSC i ts-set-M-1 ) ∧ u ⊆ t)proof (rule exI [of λt . t ∈ m-set ∧ isTS-M t (RSC i ts-set-M-1 ) ∧ u ⊆ t
ts3-M ])from a show ts3-M ∈ m-set ∧ isTS-M ts3-M (RSC i ts-set-M-1 ) ∧ u ⊆
ts3-M by autoqed
qedfrom uu uu0 uu1 uu2 uu3 show (∃ t . t ∈ m-set ∧ isTS-M t (RSC i ts-set-M-1 )∧ u ⊆ t) by forceqed
lemma SR-set-M-1-iff-ts-set-M-1 : u ∈ m-set =⇒ (u ∈ SR-set-M-1 = (∃ t . t ∈m-set ∧ isTS-M t (RSC i ts-set-M-1 ) ∧ u ⊆ t))
using SR-set-M-1-imp-ts-set-M-1 ts-set-M-1-imp-SR-set-M-1 by meson
lemma Sum-of-ts-set-N-0 :⋃
ts-set-N-0 = top-of-m-set by force
lemma ts0-in-m-set : ts0 ∈ m-set by simplemma ts1-in-m-set : ts1 ∈ m-set by simplemma ts2-in-m-set : ts2 ∈ m-set by simp
lemma Sum-of-ts-set-M-0 :⋃
ts-set-M-0 = top-of-m-set by forcelemma Sum-of-ts-set-M-1 :
⋃ts-set-M-1 = top-of-m-set by force
lemma ts0-M-in-m-set : ts0-M ∈ m-set by simplemma ts1-M-in-m-set : ts1-M ∈ m-set by simplemma ts2-M-in-m-set : ts2-M ∈ m-set by simplemma ts3-M-in-m-set : ts3-M ∈ m-set by simp
88
lemma A00-A10-partition-ts0 : ts0 =⋃{A-00 ,A-10} ∧ ¬(∃ z . z ∈ top-of-m-set ∧
z ∈ A-00 ∧ z ∈ A-10 ) by blast
lemma A01-A11-partition-ts1 : ts1 =⋃{A-01 ,A-11} ∧ ¬(∃ z . z ∈ top-of-m-set ∧
z ∈ A-01 ∧ z ∈ A-11 ) by blast
lemma A02-A12-partition-ts2 : ts2 =⋃{A-02 ,A-12} ∧ ¬(∃ z . z ∈ top-of-m-set ∧
z ∈ A-02 ∧ z ∈ A-12 ) by blast
lemma A00-A11-partition-ts1-M : ts1-M =⋃{A-00 ,A-11} ∧ ¬(∃ z . z ∈ top-of-m-set
∧ z ∈ A-00 ∧ z ∈ A-11 ) by blast
lemma A01-A12-partition-ts2-M : ts2-M =⋃{A-01 ,A-12} ∧ ¬(∃ z . z ∈ top-of-m-set
∧ z ∈ A-01 ∧ z ∈ A-12 ) by blast
lemma negO-ts0-ts1 : ¬ (∃ z . z ∈ top-of-m-set ∧ z ∈ ts0 ∧ z ∈ ts1 ) by blastlemma negO-ts0-ts2 : ¬ (∃ z . z ∈ top-of-m-set ∧ z ∈ ts0 ∧ z ∈ ts2 ) by blastlemma negO-ts1-ts2 : ¬ (∃ z . z ∈ top-of-m-set ∧ z ∈ ts1 ∧ z ∈ ts2 ) by blastlemma neg-O-ts0-ts1 : ¬ (∃ z . z ∈ m-set ∧ z ⊆ ts0 ∧ z ⊆ ts1 ) using negO-ts0-ts1by blastlemma neg-O-ts0-ts2 : ¬ (∃ z . z ∈ m-set ∧ z ⊆ ts0 ∧ z ⊆ ts2 ) using negO-ts0-ts2by blastlemma neg-O-ts1-ts2 : ¬ (∃ z . z ∈ m-set ∧ z ⊆ ts1 ∧ z ⊆ ts2 ) using negO-ts1-ts2by blast
lemma negO-ts0-M-ts1-M : ¬ (∃ z . z ∈ top-of-m-set ∧ z ∈ ts0-M ∧ z ∈ ts1-M )using A00-A10-partition-ts0 negO-ts0-ts1 by forcelemma negO-ts0-M-ts2-M : ¬ (∃ z . z ∈ top-of-m-set ∧ z ∈ ts0-M ∧ z ∈ ts2-M )using negO-ts0-ts1 negO-ts0-ts2 by autolemma negO-ts0-M-ts3-M : ¬ (∃ z . z ∈ top-of-m-set ∧ z ∈ ts0-M ∧ z ∈ ts3-M )using A00-A10-partition-ts0 by blastlemma negO-ts1-M-ts2-M : ¬ (∃ z . z ∈ top-of-m-set ∧ z ∈ ts1-M ∧ z ∈ ts2-M )by (metis A01-A11-partition-ts1 insert-iff negO-ts0-ts1 negO-ts0-ts2 negO-ts1-ts2 )lemma negO-ts1-M-ts3-M : ¬ (∃ z . z ∈ top-of-m-set ∧ z ∈ ts1-M ∧ z ∈ ts3-M )using negO-ts0-ts2 negO-ts1-ts2 by autolemma negO-ts2-M-ts3-M : ¬ (∃ z . z ∈ top-of-m-set ∧ z ∈ ts2-M ∧ z ∈ ts3-M )using A02-A12-partition-ts2 negO-ts1-ts2 by auto
lemma neg-O-ts0-M-ts1-M : ¬ (∃ z . z ∈ m-set ∧ z ⊆ ts0-M ∧ z ⊆ ts1-M ) usingnegO-ts0-M-ts1-M by blastlemma neg-O-ts0-M-ts2-M : ¬ (∃ z . z ∈ m-set ∧ z ⊆ ts0-M ∧ z ⊆ ts2-M ) usingnegO-ts0-M-ts2-M by blastlemma neg-O-ts0-M-ts3-M : ¬ (∃ z . z ∈ m-set ∧ z ⊆ ts0-M ∧ z ⊆ ts3-M ) usingnegO-ts0-M-ts3-M by blastlemma neg-O-ts1-M-ts2-M : ¬ (∃ z . z ∈ m-set ∧ z ⊆ ts1-M ∧ z ⊆ ts2-M ) usingnegO-ts1-M-ts2-M by blastlemma neg-O-ts1-M-ts3-M : ¬ (∃ z . z ∈ m-set ∧ z ⊆ ts1-M ∧ z ⊆ ts3-M ) using
89
negO-ts1-M-ts3-M by blastlemma neg-O-ts2-M-ts3-M : ¬ (∃ z . z ∈ m-set ∧ z ⊆ ts2-M ∧ z ⊆ ts3-M ) usingnegO-ts2-M-ts3-M by blast
lemma isTS-M-imp-m-set : isTS-M t w =⇒ t ∈ m-set by blast
lemma isTS-M-0-impl-isTR-M-1 :fixes t iassumes ts: isTS-M t (RSC i ts-set-M-0 )shows isTR-M t ts-set-M-1
proof−from ts have t0 : t = ts0 ∨ t = ts1 ∨ t = ts2 by autohave t1 : t = ts0 =⇒ isTR-M t ts-set-M-1 using negO-ts0-M-ts1-M by (smt
insertI1 singletonD subsetCE subset-insertI )have t2 : t = ts1 =⇒ isTR-M t ts-set-M-1proof −
assume a1 : t = ts1show isTR-M t ts-set-M-1proof−from a1 have c-01 ∈ t ∧ c-01 ∈ ts2-M ∧ c-11 ∈ t ∧ c-11 ∈ ts1-M by simp
from this show isTR-M t ts-set-M-1 using negO-ts1-M-ts2-M by (smt
90
insert-subset subset-insertI )qed
qedhave t3 : t = ts2 =⇒ isTR-M t ts-set-M-1proof −
assume a1 : t = ts2show isTR-M t ts-set-M-1proof−from a1 have c-02 ∈ t ∧ c-02 ∈ ts3-M ∧ c-12 ∈ t ∧ c-12 ∈ ts2-M by simp
from this show isTR-M t ts-set-M-1 using negO-ts2-M-ts3-M by (smtinsert-subset subset-insertI )
qedqedfrom t0 t1 t2 t3 show isTR-M t ts-set-M-1 by fast
qed
lemma isTS-M-1-impl-isTR-M-0 :fixes t iassumes ts: isTS-M t (RSC i ts-set-M-1 )assumes noAtoms: t 6= ts0-M t 6= ts3-Mshows isTR-M t ts-set-M-0
proof−from assms have t0 : t = ts1-M ∨ t = ts2-M by autohave t1 : t = ts1-M =⇒ isTR-M t ts-set-M-0 using negO-ts0-ts1 by blasthave t2 : t = ts2-M =⇒ isTR-M t ts-set-M-0 using negO-ts1-ts2 by blastfrom assms t0 t1 t2 show isTR-M t ts-set-M-0 by argo
qed
lemma ts0-M-neq-ts1-M : ts0-M 6= ts1-M using type-definition.Abs-inject type-definition-Xcoordby fastforcelemma ts0-M-neq-ts2-M : ts0-M 6= ts2-M using type-definition.Abs-inject type-definition-Xcoordby fastforcelemma ts0-M-neq-ts3-M : ts0-M 6= ts3-M using type-definition.Abs-inject type-definition-Xcoordby fastforcelemma ts1-M-neq-ts2-M : ts1-M 6= ts2-M using negO-ts1-M-ts2-M by blastlemma ts1-M-neq-ts3-M : ts1-M 6= ts3-M using neg-O-ts1-M-ts3-M by blastlemma ts2-M-neq-ts3-M : ts2-M 6= ts3-M using neg-O-ts2-M-ts3-M by blast
assume (∃ x∈m-set . ∀ y∈m-set . x ⊆ y)from this obtain x where l1 : x∈m-set ∧ (∀ y∈m-set . x ⊆ y) by autofrom l1 have l3 : x ⊆ top-of-m-set by autofrom l1 and l3 show Falseproof (cases x={})
case Truefrom this and l1 show False by auto
nextcase Falsefrom this have l4 : x 6= {} by autofrom False show Falseproof (cases ¬(finite x ))
case Truefrom this and l1 show False using finite-subset by auto
nextcase Falsefrom False show Falseproof (cases x = top-of-m-set)
case Truehave l2 :{CoordC ZeroX ZeroT} ⊆ top-of-m-set by autofrom this show Falseproof (cases {CoordC ZeroX ZeroT} = top-of-m-set)
case Truehave {CoordC OneX OneT} ⊆ top-of-m-set by autohave CoordC OneX ZeroT 6= CoordC ZeroX ZeroT by simpfrom this show False using True by blast
nextcase False
from this and l2 have {CoordC ZeroX ZeroT} ⊂ top-of-m-set by(simp add : psubsetI )
from this and l1 and True show False by autoqed
nextcase Falsefrom this and l3 have x ⊂ top-of-m-set by auto
from this and l1 and l4 have ∃ y . y 6= {} ∧ y = {xx . xx ∈top-of-m-set ∧ xx /∈ x} by (metis (mono-tags, lifting) False empty-Collect-eq l3subsetI subset-antisym)
from this obtain y where y 6= {} ∧ y = {xx . xx ∈ top-of-m-set ∧ xx/∈ x} by presburger
from this have y ∈ m-set ∧ ¬x ⊆ y by (smt Diff-eq-empty-iffDiff-subset l1 mem-Collect-eq subsetCE subsetI subset-antisym)
99
from this and l1 show False by autoqed
qedqed
qed
lemma Union-of-ts-eq-top-of-m-set-M-0 :fixes i jassumes i ∈ wlA-set j ∈ ts-set-Mshows
⋃ts-set-M-0 = top-of-m-set
prooffix thave t ∈ ts-set-M-0 =⇒ t ⊆ top-of-m-set by blastfrom this have ∀ t . t ∈ ts-set-M-0 −→ t ⊆ top-of-m-set by simpfrom this show
⋃ts-set-M-0 ⊆ top-of-m-set by blast
nextshow top-of-m-set ⊆
⋃ts-set-M-0
prooffix xshow x ∈ top-of-m-set =⇒ x ∈
⋃ts-set-M-0
proof −assume a: x ∈ top-of-m-setshow x ∈
⋃ts-set-M-0
proof (rule ccontr)assume aa: x /∈
⋃ts-set-M-0
show Falseproof −
from aa have x /∈ ts0 ∧ x /∈ ts1 ∧ x /∈ ts2 by blastfrom this have x /∈ top-of-m-set by simpfrom this and a show False by auto
qedqed
qedqed
qed
lemma Union-of-ts-eq-top-of-m-set-M-1 :fixes i jassumes i ∈ wlA-set j ∈ ts-set-Mshows
⋃ts-set-M-1 = top-of-m-set
prooffix thave t ∈ ts-set-M-1 =⇒ t ⊆ top-of-m-set by blastfrom this have ∀ t . t ∈ ts-set-M-1 −→ t ⊆ top-of-m-set by simpfrom this show
⋃ts-set-M-1 ⊆ top-of-m-set by blast
nextshow top-of-m-set ⊆
⋃ts-set-M-1
proof
100
fix xshow x ∈ top-of-m-set =⇒ x ∈
⋃ts-set-M-1
proof −assume a: x ∈ top-of-m-setshow x ∈
⋃ts-set-M-1
proof (rule ccontr)assume aa: x /∈
⋃ts-set-M-1
show Falseproof −
from aa have x /∈ ts0-M ∧ x /∈ ts1-M ∧ x /∈ ts2-M ∧ x /∈ ts3-M byblast
from this have x /∈ top-of-m-set by simpfrom this and a show False by auto
qedqed
qedqed
qed
lemma SR-set-N-subset-m-set : SR-set-N ⊆ m-set by fastforce
lemma SR-set-M-0-subset-m-set : SR-set-M-0 ⊆ m-set by fastforcelemma SR-set-M-1-subset-m-set : SR-set-M-1 ⊆ m-set by fastforce
abbreviation ar-TS-N :: Reg set ⇒ Reg set ⇒ bool wherear-TS-N ≡ λ r s. r ∈ ts-set-N ∧ s ∈ ts-set-N
abbreviation ar-TS-M :: Reg set ⇒ Reg set ⇒ bool wherear-TS-M ≡ λ r s. r ∈ ts-set-M ∧ s ∈ ts-set-M
8.5 Possible entities in a world with two atoms
datatype tId = Co | Oc | UC | UO
101
datatype eId = ZeroE | OneE | TwoE
datatype entityType = Entity tId eId eId set
abbreviation theAtomIds :: eId set where theAtomIds ≡ {ZeroE ,OneE}abbreviation theConplexIds :: eId set where theConplexIds ≡ {TwoE}abbreviation theContinuantIds :: eId set where theContinuantIds ≡ {ZeroE ,OneE ,TwoE}
abbreviation theOccurrantIds :: eId set where theOccurrantIds ≡ {ZeroE ,OneE ,TwoE}
lemma finite-theAtomIds: finite theAtomIds by autolemma finite-theConplexIds: finite theConplexIds by autolemma finite-thetheContinuantIds: finite theContinuantIds by autolemma finite-theOccurrantIds: finite theOccurrantIds by auto
abbreviation At-0 :: entityType where At-0 ≡ (Entity Co ZeroE {})abbreviation At-1 :: entityType where At-1 ≡ (Entity Co OneE {})abbreviation Compl-0 :: entityType where Compl-0 ≡ (Entity Co TwoE {ZeroE ,OneE})
abbreviation theAtoms :: entityType set where theAtoms ≡ {At-0 ,At-1}abbreviation thePossibleComplexes :: entityType set where thePossibleCom-plexes ≡ {Compl-0}abbreviation thePossibleContinuants :: entityType set where thePossibleContin-uants ≡ theAtoms ∪ thePossibleComplexesabbreviation thePossibleOccurrants :: entityType set where thePossibleOccur-rants ≡ {Oc-0 ,Oc-1 ,Oc-2}abbreviation theOccUniversals :: entityType set where theOccUniversals ≡ {UO-0}
abbreviation theContUniversals :: entityType set where theContUniversals ≡{UC-0}
abbreviation thePossibleParticulars :: entityType set where thePossiblePartic-ulars ≡ thePossibleContinuants ∪ thePossibleOccurrants
abbreviation thePossibleUniversals :: entityType set where thePossibleUniver-sals ≡ theOccUniversals ∪ theContUniversals
abbreviation thePossibleEntities :: entityType set where thePossibleEntities ≡thePossibleParticulars ∪ thePossibleUniversals
102
lemma finite thePossibleEntities by auto
8.6 Instantiation in Minkowski spacetime
abbreviation wl-Phys-Possible :: Reg set set where wl-Phys-Possible ≡ {wlCompl-0}
datatype instRec = InstRec entityType entityType Reg Reg set Reg set
inst-at-M-0-or-1-def by autofrom l1 l2 show ?thesis by auto
qed
lemma s 6= [] =⇒ ∃ x xs. s = x#xs using list .exhaust by blast
lemma filter-P-imp-P : x#xs = (filter P ys) =⇒ P x by (meson Cons-eq-filterD)lemma f-imp-map-f : [[f y = x ; y ∈ set ys]] =⇒ x ∈ set (map f ys) by auto
lemma P-imp-Q-imp-filterP-subset-filterQ : [[∀ x . P x −→ Q x ]] =⇒ (set (filter Pys)) ⊆ (set (filter Q ys))
proof (induction ys)show ∀ x . P x −→ Q x =⇒ set (filter P []) ⊆ set (filter Q []) by auto
nextshow
∧a ys. (∀ x . P x −→ Q x =⇒ set (filter P ys) ⊆ set (filter Q ys)) =⇒∀ x . P x −→ Q x =⇒ set (filter P (a # ys)) ⊆ set (filter Q (a # ys))
proof −fix a ysassume a1 : (∀ x . P x −→ Q x =⇒ set (filter P ys) ⊆ set (filter Q ys))assume a2 : ∀ x . P x −→ Q x
106
show set (filter P (a # ys)) ⊆ set (filter Q (a # ys))proof
fix xassume a3 : x ∈ set (filter P (a # ys))show x ∈ set (filter Q (a # ys))proof (cases x=a)
case Truefrom a3 have P x by (metis filter-set member-filter)from this and a2 have Q x by blastfrom this and True show x ∈ set (filter Q (a # ys)) by simp
nextcase False
from False and a3 have l : x ∈ set (filter P ys) by (metis filter .simps(2 )set-ConsD)
from a1 and a2 have set (filter P ys) ⊆ set (filter Q ys) by autofrom this and l have x ∈ set (filter Q ys) by autofrom this show x ∈ set (filter Q (a # ys)) by simp
qedqed
qedqed
lemma isInst-M-u-inst-at-M :fixes e1 e2 u wassumes inst : isInst-M e1 e2 u wshows u ∈ inst-at-M e1
proof (unfold inst-at-M-def )from inst have (InstRec e1 e2 u (r-RS w) (s-RS w)) ∈ set instDB-M unfolding
isInst-M-def by autofrom this have sl4 : (InstRec e1 e2 u (r-RS w) (s-RS w)) ∈ set (filter (e1-eq
e1 ) instDB-M ) by (metis e1-eq .simps filter-set member-filter)have sl5 : u-InstRec (InstRec e1 e2 u (r-RS w) (s-RS w)) = u by simpfrom sl4 sl5 show u ∈ set (map u-InstRec (filter (e1-eq e1 ) instDB-M ))
using f-imp-map-f by fastqed
lemma isInst-M-imp-inst-at-M-0-or-1 :fixes e1 e2 u wassumes inst : isInst-M e1 e2 u (RSC i j )shows u ∈ inst-at-M-0-or-1 e1 j
proof (unfold inst-at-M-0-or-1-def )from inst have (InstRec e1 e2 u i j ) ∈ set instDB-M unfolding isInst-M-def
by autofrom this have sl4 : (InstRec e1 e2 u i j ) ∈ set (filter (e1-j-eq e1 j ) instDB-M )
by (metis e1-j-eq .simps filter-set member-filter)have sl5 : u-InstRec (InstRec e1 e2 u i j ) = u by simpfrom sl4 sl5 show u ∈ set (map u-InstRec (filter (e1-j-eq e1 j ) instDB-M ))
(insert x A)) (UpperAtE-Inst-ST-frame-M (insert x A)) by auto
qednext
case Falseshow least AtE-Inst-ST-frame-M (
⋃(insert x A)) (Upper AtE-Inst-ST-frame-M
(insert x A))proof −
have [[least AtE-Inst-ST-frame-M (⋃
A) (Upper AtE-Inst-ST-frame-MA)]] =⇒ least AtE-Inst-ST-frame-M (
⋃(insert x A)) (Upper AtE-Inst-ST-frame-M
(insert x A))proof −
assume a1 : least AtE-Inst-ST-frame-M (⋃
A) (Upper AtE-Inst-ST-frame-MA)
from a1 False show least AtE-Inst-ST-frame-M (⋃
(insert x A)) (UpperAtE-Inst-ST-frame-M (insert x A)) using Sup-insert Sup-le-iff Upper-memD fi-nite.insertI insert .hyps(1 ) insert .prems(1 ) le-cSup-finite least-UpperI least-def mem-Collect-eqporder-two-sort-RS-frame.select-convs(1 ) two-sort-RS-frame.select-convs(1 ) subsetCEsup-eq-bot-iff sorry
qedfrom this show ?thesis using False insert .hyps(3 ) insert .prems(1 ) by
blastqed
qedqed
lemma leastUpperOfTwoExists-AtE-Inst-ST-frame-M :fixes x yassumes carr : x ∈ carrier AtE-Inst-ST-frame-M y ∈ carrier AtE-Inst-ST-frame-M
shows least AtE-Inst-ST-frame-M (⋃{x , y}) (Upper AtE-Inst-ST-frame-M {x ,
y})
110
proof (rule least-UpperI )show
∧xa. xa ∈ {x , y} =⇒ xa vAtE-Inst-ST-frame-M
⋃{x , y} by auto
nextshow
∧ya. ya ∈ Upper AtE-Inst-ST-frame-M {x , y} =⇒
⋃{x , y} vAtE-Inst-ST-frame-M
yaproof −
fix yaassume a: ya ∈ Upper AtE-Inst-ST-frame-M {x , y}show
⋃{x , y} vAtE-Inst-ST-frame-M ya
proof −from a have ya ∈ {u. (ALL xx . xx ∈ {x , y} ∩ m-set −−> xx ⊆ u)} ∩
m-set unfolding Upper-def by autofrom this and carr have
⋃{x , y} ⊆ ya by simp
from this show⋃{x , y} vAtE-Inst-ST-frame-M ya by simp
qedqed
nextshow {x , y} ⊆ carrier AtE-Inst-ST-frame-M using carr by auto
nextfrom carr show
⋃{x , y} ∈ carrier AtE-Inst-ST-frame-M by auto
qed
lemma leastUpperOfSetExists-AtE-Inst-ST-frame-M :fixes Aassumes carr : A 6= {} A ⊆ carrier AtE-Inst-ST-frame-M
shows ∃ s. least AtE-Inst-ST-frame-M s (Upper AtE-Inst-ST-frame-M A)proof (rule exI [of λs. least AtE-Inst-ST-frame-M s (Upper AtE-Inst-ST-frame-M
A)⋃
A ], rule least-UpperI )show
∧x . x ∈ A =⇒ x vAtE-Inst-ST-frame-M
⋃A
proof −fix xassume elA: x ∈ Ashow x vAtE-Inst-ST-frame-M
⋃A using carr elA rev-subsetD by auto
qednextshow
∧y . y ∈ Upper AtE-Inst-ST-frame-M A =⇒
⋃A vAtE-Inst-ST-frame-M
y using Upper-memD Sup-le-iff porder-two-sort-RS-frame.select-convs(1 ) by(smt carr(2 ) two-sort-RS-frame.select-convs(1 ))
nextshow A ⊆ carrier AtE-Inst-ST-frame-M using carr by auto
nextshow
⋃A ∈ carrier AtE-Inst-ST-frame-M
proof −have [[A 6= {};A ⊆ m-set ]] =⇒
⋃A ∈ m-set using carr by fastforce
from this and carr show⋃
A ∈ carrier AtE-Inst-ST-frame-M by simpqed
111
qed
lemma greatestLowerOfTwoExists-M :fixes x yassumes carr : x ∈ carrier AtE-Inst-ST-frame-M y ∈ carrier AtE-Inst-ST-frame-Massumes O : x .OAtE-Inst-ST-frame-M y
shows ∃ s. greatest AtE-Inst-ST-frame-M s (Lower AtE-Inst-ST-frame-M {x ,y})
proof −have greatest AtE-Inst-ST-frame-M (
⋂({x ,y})) (Lower AtE-Inst-ST-frame-M
{x , y})proof (rule greatest-LowerI )
show∧
xa. xa ∈ {x , y} =⇒⋂{x , y} vAtE-Inst-ST-frame-M xa by auto
nextshow
∧ya. ya ∈ Lower AtE-Inst-ST-frame-M {x , y} =⇒ ya vAtE-Inst-ST-frame-M⋂
{x , y}proof −
fix yaassume a: ya ∈ Lower AtE-Inst-ST-frame-M {x , y}show ya vAtE-Inst-ST-frame-M
⋂{x , y}
proof−from a have ya ∈ {l . (∀ xx . xx ∈ {x ,y} ∩ m-set −→ l ⊆ xx )} ∩ m-set
unfolding Lower-def by simpfrom this and carr have ya ⊆
⋂{x , y} by simp
from this show ya vAtE-Inst-ST-frame-M⋂{x , y} by simp
qedqed
nextfrom carr show {x , y} ⊆ carrier AtE-Inst-ST-frame-M by simp
nextshow
⋂{x , y} ∈ carrier AtE-Inst-ST-frame-M
proof (rule ccontr)assume a: ¬(
⋂{x , y} ∈ carrier AtE-Inst-ST-frame-M )
from a have ¬(⋂{x , y} ∈ m-set) by auto
from this have⋂{x , y} = {} ∨ ¬(
⋂{x , y} ⊆ top-of-m-set) by auto
from this show Falseproof
assume a1 :⋂{x , y} = {}
show Falseproof −
from O have ∃ z . z ∈ m-set ∧ z ⊆ x ∧ z ⊆ y unfolding overlap-defby auto
from this obtain z where OO : z ∈ m-set ∧ z ⊆ x ∧ z ⊆ y by autofrom OO have z ⊆
⋂{x , y} by simp
from this and OO and a1 show False by blastqed
next
112
assume a: ¬⋂{x , y} ⊆ top-of-m-set
show Falseproof −
have f2 :⋂{x , y} ⊆ y by simp
have y ⊆ top-of-m-set ∧ y 6= {} using carr(2 ) by forcefrom this and f2 and a show False using subset-trans by blast
AtE-Inst-ST-frame-M ))shows l /∈ carrier AtE-Inst-ST-frame-M
proof −let ?L = AtE-Inst-ST-frame-Mshow l /∈ carrier ?Lproofassume a2 : l ∈ carrier ?L
from a1 and a2 have ∀ y∈carrier ?L. l v?L y using gL-to-bottomtwo-sort-RS-frame.select-convs(1 ) porder-two-sort-RS-frame.select-convs(1 ) by smt
from this have ∃ x∈m-set . ∀ y∈m-set . x ⊆ y by (metis (no-types, lifting)a2 two-sort-RS-frame.select-convs(1 ) porder-two-sort-RS-frame.select-convs(1 ))
from this show False using noBottom by autoqed
qed
thm gL-to-bottomlemma remainder-principle-M :
fixes x yassumes carr : x ∈ carrier AtE-Inst-ST-frame-M y ∈ carrier AtE-Inst-ST-frame-Massumes x-ll-y : x @AtE-Inst-ST-frame-M y
shows (∃ z . z ∈carrier AtE-Inst-ST-frame-M ∧ ¬ (z .OAtE-Inst-ST-frame-M x )
∧ ((z tAtE-Inst-ST-frame-M x ) = y))proof −
let ?L = AtE-Inst-ST-frame-Mshow (∃ z . z ∈carrier ?L ∧ ¬ (z .O?L x ) ∧ ((z t?L x ) = y))proof (rule exI [of λz . z∈carrier ?L ∧ ¬ (z .O?L x ) ∧ (z t?L x ) = y (y−x )],
rule conjI )show s1 : y − x ∈ carrier ?L
proof −from carr have l1 : x 6= {} ∧ y 6= {} by simpfrom carr have l2 : x ⊆ top-of-m-set ∧ y ⊆ top-of-m-set by autofrom x-ll-y have l3 : x 6= y ∧ x ⊆ y unfolding lless-def by auto
113
from l3 have l4 : x ⊂ y by autofrom l1 and l2 and l4 have l5 : (y − x ) 6= {} by autofrom l2 and l4 have y − x ⊆ top-of-m-set by blastfrom this and l5 show ?thesis by simp
qednext
show ¬ (y − x ) .O?L x ∧ y − x t?L x = yproof
show ¬ (y − x ) .O?L xproof
assume a1 : (y − x ) .O?L xfrom this have ∃ z∈m-set . z ⊆ (y−x ) ∧ z ⊆ x unfolding overlap-def by
autofrom this obtain z where z∈m-set ∧ z ⊆ (y−x ) ∧ z ⊆ x by autofrom this show False by blast
qednext
show (y−x ) t?L x = yproof −
from carr have l1 : x 6= {} ∧ y 6= {} by simpfrom x-ll-y have l2 : x 6= y ∧ x ⊆ y unfolding lless-def by autofrom this have l3 : x ⊂ y by autofrom l3 and l1 have l4 : y − x 6= {} ∧ y−x ⊆ top-of-m-set by (metis
from this have l11 : (?U ⊆ m-set ∧ (⋃{(y − x ), x}) ∈ ?U ∧ (∀ x3∈?U .
(⋃{(y − x ), x}) v?L x3 )) by auto
from this l1 l4 have l12 : least ?L (⋃{(y − x ), x}) (Upper ?L {(y − x ),
x}) unfolding least-def Upper-def by autolet ?V = (Upper ?L {(y − x ), x})let ?P = λl . least ?L l ?Vlet ?x = (
⋃{(y − x ), x})
from l12 have ?P (Eps ?P) using someI by smthave ?x ∈ m-set using l7 by blast
from this carr l4 l12 have l13 : ∀ yy ∈m-set . (least ?L yy ?V ) −→?x = yy unfolding least-def by (smt porder-two-sort-RS-frame.select-convs(1 )
114
subset-antisym)from l12 and l13 have ?x = (SOME xx . ?P xx ) using some-equality
by (smt least-closed two-sort-RS-frame.select-convs(1 ))from this have (y−x ) t?L x = ?x unfolding join-def sup-def by simpfrom this and l6 show (y−x ) t?L x = y by simp
qedqed
qedqed
lemma SR-impl-inSR-set-M-0 :fixes u i jassumes ass: SRAtE-Inst-ST-frame-M u (RSC i j ) j = ts-set-M-0assumes carr : u ∈ carrier AtE-Inst-ST-frame-M i ∈ r-carrier AtE-Inst-ST-frame-M
from assms have (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i j ) ∧ u v?L t) ∧ u∈ carrier ?L ∧ i ∈ r-carrier ?L ∧ j ∈ s-carrier ?L unfolding SR-def by auto
from this obtain t where t00 : t ∈ carrier ?L ∧ TS?L t (RSC i j ) ∧ uv?L t ∧ u ∈ carrier ?L ∧ i ∈ r-carrier ?L ∧ j ∈ s-carrier ?L by blast
from this and ass have t01 : (t = ts0 ) ∨ (t = ts1 ) ∨ (t = ts2 ) by simpfrom t00 have u 6={} ∧ u ⊆ t by autofrom this and t01 have t02 : u 6={} ∧ (u ⊆ ts0 ∨ u ⊆ ts1 ∨ u ⊆ ts2 )
by mesonfrom t02 have t000 : u 6={} ∧ u ⊆ ts0 =⇒ u ∈ SR-set-M-0proof −
assume a1 : u 6={} ∧ u ⊆ ts0show u ∈ SR-set-M-0proof−
from a1 have u= A-00 ∨ u = A-10 ∨ u = ts0 by autofrom this show u ∈ SR-set-M-0 by force
qedqedfrom t02 have t001 : u 6={} ∧ u ⊆ ts1 =⇒ u ∈ SR-set-M-0proof −
assume a1 : u 6={} ∧ u ⊆ ts1show u ∈ SR-set-M-0proof−
from a1 have u= A-01 ∨ u = A-11 ∨ u = ts1 by autofrom this show u ∈ SR-set-M-0 by force
qedqedfrom t02 have t002 : u 6={} ∧ u ⊆ ts2 =⇒ u ∈ SR-set-M-0proof −
assume a1 : u 6={} ∧ u ⊆ ts2show u ∈ SR-set-M-0proof−
115
from a1 have u= A-02 ∨ u = A-12 ∨ u = ts2 by autofrom this show u ∈ SR-set-M-0 by force
qedqedfrom t02 t000 t001 t002 show u∈ SR-set-M-0 by satx
qed
lemma SR-impl-inSR-set-M-1 :fixes u i jassumes ass: SRAtE-Inst-ST-frame-M u (RSC i j ) j = ts-set-M-1assumes carr : u ∈ carrier AtE-Inst-ST-frame-M i ∈ r-carrier AtE-Inst-ST-frame-M
from assms have (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i j ) ∧ u v?L t) ∧ u∈ carrier ?L ∧ i ∈ r-carrier ?L ∧ j ∈ s-carrier ?L unfolding SR-def by auto
from this obtain t where t00 : t ∈ carrier ?L ∧ TS?L t (RSC i j ) ∧ uv?L t ∧ u ∈ carrier ?L ∧ i ∈ r-carrier ?L ∧ j ∈ s-carrier ?L by blast
from this and ass have t01 : (t = ts0-M ) ∨ (t = ts1-M ) ∨ (t = ts2-M ) ∨(t = ts3-M ) by simp
from t00 have u 6={} ∧ u ⊆ t by autofrom this and t01 have t02 : u 6={} ∧ (u ⊆ ts0-M ∨ u ⊆ ts1-M ∨ u ⊆
ts2-M ∨ u ⊆ ts3-M ) by mesonfrom t02 have t000 : u 6={} ∧ u ⊆ ts0-M =⇒ u ∈ SR-set-M-1proof −
assume a1 : u 6={} ∧ u ⊆ ts0-Mshow u ∈ SR-set-M-1proof−
from a1 have u = A-10 by autofrom this show u ∈ SR-set-M-1 by force
qedqedfrom t02 have t001 : u 6={} ∧ u ⊆ ts1-M =⇒ u ∈ SR-set-M-1proof −
assume a1 : u 6={} ∧ u ⊆ ts1-Mshow u ∈ SR-set-M-1proof−
from a1 have u= A-00 ∨ u = A-11 ∨ u = ts1-M by autofrom this show u ∈ SR-set-M-1 by force
qedqedfrom t02 have t002 : u 6={} ∧ u ⊆ ts2-M =⇒ u ∈ SR-set-M-1proof −
assume a1 : u 6={} ∧ u ⊆ ts2-Mshow u ∈ SR-set-M-1proof−
from a1 have u= A-01 ∨ u = A-12 ∨ u = ts2-M by autofrom this show u ∈ SR-set-M-1 by force
116
qedqedfrom t02 have t003 : u 6={} ∧ u ⊆ ts3-M =⇒ u ∈ SR-set-M-1proof −
assume a1 : u 6={} ∧ u ⊆ ts3-Mshow u ∈ SR-set-M-1proof−
from a1 have u = A-02 ∨ u = ts2-M by autofrom this show u ∈ SR-set-M-1 by force
qedqedfrom t02 t000 t001 t002 t003 show u∈ SR-set-M-1 by satx
qed
lemma inSR-set-M-0-impl-SR:fixes u iassumes inSR-set-M-0 : u∈ SR-set-M-0assumes carr : u ∈ carrier AtE-Inst-ST-frame-M i ∈ r-carrier AtE-Inst-ST-frame-M
shows SR AtE-Inst-ST-frame-M u (RSC i ts-set-M-0 )proof −
let ?L = AtE-Inst-ST-frame-Mlet ?j = ts-set-M-0show SR?L u (RSC i ?j )
proof (rule SR-I )from carr show u ∈ carrier ?L by auto
nextfrom carr show i ∈ r-carrier ?L by auto
nextshow (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i ?j ) ∧ u v?L t)proof −
from inSR-set-M-0 have l1 : u 6= {} ∧ (u ⊆ ts0 ∨ u ⊆ ts1 ∨ u ⊆ ts2 ) byforce
have ts0 : [[u 6= {}; u ⊆ ts0 ]] =⇒ (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i ?j ) ∧u v?L t)
proof−assume a: u 6= {} u ⊆ ts0show (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i ?j ) ∧ u v?L t)proof−from a have ts0 ∈ carrier ?L ∧ isTS-M ts0 (RSC i ?j ) ∧ u ⊆ ts0 by simp
from this show (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i ?j ) ∧ u v?L t) by (smtTS-porder-two-sort-RS-frame.select-convs(1 ) porder-two-sort-RS-frame.select-convs(1 ))
qedqedhave ts1 : [[u 6= {}; u ⊆ ts1 ]] =⇒ (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i ?j ) ∧
u v?L t)proof−
assume a: u 6= {} u ⊆ ts1show (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i ?j ) ∧ u v?L t)
117
proof−from a have ts1 ∈ carrier ?L ∧ isTS-M ts1 (RSC i ?j ) ∧ u ⊆ ts1 by simp
from this show (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i ?j ) ∧ u v?L t) by (smtTS-porder-two-sort-RS-frame.select-convs(1 ) porder-two-sort-RS-frame.select-convs(1 ))
qedqedhave ts2 : [[u 6= {}; u ⊆ ts2 ]] =⇒ (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i ?j ) ∧
u v?L t)proof−
assume a: u 6= {} u ⊆ ts2show (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i ?j ) ∧ u v?L t)proof−from a have ts2 ∈ carrier ?L ∧ isTS-M ts2 (RSC i ?j ) ∧ u ⊆ ts2 by simp
from this show (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i ?j ) ∧ u v?L t) by (smtTS-porder-two-sort-RS-frame.select-convs(1 ) porder-two-sort-RS-frame.select-convs(1 ))
qedqedfrom l1 ts0 ts1 ts2 show (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i ?j ) ∧ u v?L
t) by forceqednextshow ts-set-M-0 ∈ s-carrier ?L by simpqed
qed
lemma inSR-set-M-1-impl-SR:fixes u iassumes inSR-set-M-1 : u∈ SR-set-M-1assumes carr : u ∈ carrier AtE-Inst-ST-frame-M i ∈ r-carrier AtE-Inst-ST-frame-M
shows SR AtE-Inst-ST-frame-M u (RSC i ts-set-M-1 )proof −
let ?L = AtE-Inst-ST-frame-Mlet ?j = ts-set-M-1show SR?L u (RSC i ?j )
proof (rule SR-I )from carr show u ∈ carrier ?L by auto
nextfrom carr show i ∈ r-carrier ?L by auto
nextshow (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i ?j ) ∧ u v?L t)proof −from inSR-set-M-1 have l1 : u 6= {} ∧ (u ⊆ ts0-M ∨ u ⊆ ts1-M ∨ u ⊆ ts2-M
∨ u ⊆ ts3-M ) by forcehave ts0-M : [[u 6= {}; u ⊆ ts0-M ]] =⇒ (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i
?j ) ∧ u v?L t)proof−
assume a: u 6= {} u ⊆ ts0-Mshow (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i ?j ) ∧ u v?L t)
118
proof−from a have ts0-M ∈ carrier ?L ∧ isTS-M ts0-M (RSC i ?j ) ∧ u ⊆ ts0-M
by simpfrom this show (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i ?j ) ∧ u v?L t) by (smt
qedhave ts1-M : [[u 6= {}; u ⊆ ts1-M ]] =⇒ (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i
?j ) ∧ u v?L t)proof−
assume a: u 6= {} u ⊆ ts1-Mshow (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i ?j ) ∧ u v?L t)proof−from a have ts1-M ∈ carrier ?L ∧ isTS-M ts1-M (RSC i ?j ) ∧ u ⊆ ts1-M
by simpfrom this show (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i ?j ) ∧ u v?L t) by (smt
qedhave ts2-M : [[u 6= {}; u ⊆ ts2-M ]] =⇒ (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i
?j ) ∧ u v?L t)proof−
assume a: u 6= {} u ⊆ ts2-Mshow (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i ?j ) ∧ u v?L t)proof−from a have ts2-M ∈ carrier ?L ∧ isTS-M ts2-M (RSC i ?j ) ∧ u ⊆ ts2-M
by simpfrom this show (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i ?j ) ∧ u v?L t) by (smt
qedhave ts3-M : [[u 6= {}; u ⊆ ts3-M ]] =⇒ (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i
?j ) ∧ u v?L t)proof−
assume a: u 6= {} u ⊆ ts3-Mshow (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i ?j ) ∧ u v?L t)proof−from a have ts3-M ∈ carrier ?L ∧ isTS-M ts3-M (RSC i ?j ) ∧ u ⊆ ts3-M
by simpfrom this show (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i ?j ) ∧ u v?L t) by (smt
fix ushow [[i ∈ r-carrier ?L; j ∈ s-carrier ?L; u ∈ carrier ?L]] =⇒ (TS?L u
(RSC i j ) = (u ∈ j ))proof −
assume carr : i ∈ r-carrier ?L j ∈ s-carrier ?L u ∈ carrier ?Lshow (TS?L u (RSC i j ) = (u ∈ j ))proof −
from carr have l0 : (j = ts-set-M-0 ) ∨ (j = ts-set-M-1 ) by simphave l1 : j = ts-set-M-0 =⇒ (TS?L u (RSC i j ) = (u ∈ j )) by simphave l2 : j = ts-set-M-1 =⇒ (TS?L u (RSC i j ) = (u ∈ j )) by simpfrom l0 l1 l2 show (TS?L u (RSC i j ) = (u ∈ j )) by auto
qedqed
qedqed
qednext
show∧
i j u v . [[i ∈ r-carrier ?L; j ∈ s-carrier ?L; u ∈ carrier ?L; v ∈ carrier?L;
TS?L u (RSC i j );TS?L v (RSC i j ); u .O?L v ]] =⇒ u = vproof −
fix i j u vassume carr : i ∈ r-carrier ?L j ∈ s-carrier ?L u ∈ carrier ?L v ∈ carrier
?Lassume ts-u: TS?L u (RSC i j ) and ts-v : TS?L v (RSC i j ) and O : u .O?L
124
vshow u = vproof (rule ccontr)
assume a: u 6= vshow Falseproof −
from carr have l0 : (j = ts-set-M-0 ) ∨ (j = ts-set-M-1 ) by simphave l1 : (j = ts-set-M-0 ) =⇒ Falseproof −
assume a1 : j = ts-set-M-0show Falseproof −
from ts-u have isTS-M u (RSC i j ) by simpfrom this and a1 have u: (u = ts0 ) ∨ (u = ts1 ) ∨ (u = ts2 ) by autofrom ts-v have isTS-M v (RSC i j ) by simpfrom this and a1 have v : (v = ts0 ) ∨ (v = ts1 ) ∨ (v = ts2 ) by autofrom a and a1 and u and v have ¬ (∃ uv . uv ∈ u ∧ uv ∈ v) by
autofrom this have ¬(u .O?L v) unfolding overlap-def by fastforcefrom this and O show False by auto
qedqedhave l2 : (j = ts-set-M-1 ) =⇒ Falseproof −
assume a1 : j = ts-set-M-1show Falseproof −
from ts-u have isTS-M u (RSC i j ) by simpfrom this and a1 have u: (u = ts0-M ) ∨ (u = ts1-M ) ∨ (u = ts2-M )
∨ (u = ts3-M ) by autofrom ts-v have isTS-M v (RSC i j ) by simpfrom this and a1 have v : (v = ts0-M ) ∨ (v = ts1-M ) ∨ (v = ts2-M )
∨ (v = ts3-M ) by autofrom a and a1 and u and v have ¬ (∃ uv . uv ∈ u ∧ uv ∈ v) by autofrom this have ¬(u .O?L v) unfolding overlap-def by fastforcefrom this and O show False by auto
qedqedfrom l0 l1 l2 show False by auto
qedqed
qednext
show∧
i j . [[i ∈ r-carrier ?L; j ∈ s-carrier ?L]] =⇒(∃ u v . u ∈ carrier ?L ∧ v ∈ carrier ?L ∧ TS?L u (RSC i j ) ∧ TS?L v
(RSC i j ) ∧ ¬(u .O?L v ))proof −
fix i jassume carr : i ∈ r-carrier ?L j ∈ s-carrier ?L
125
show (∃ u v . u ∈ carrier ?L ∧ v ∈ carrier ?L ∧ TS?L u (RSC i j ) ∧TS?L v (RSC i j ) ∧ ¬(u .O?L v ))
proof −from carr have l0 : (j = ts-set-M-0 ) ∨ (j = ts-set-M-1 ) by simp
have l1 : j = ts-set-M-0 =⇒ (∃ u v . u ∈ carrier ?L ∧ v ∈ carrier ?L ∧ TS?Lu (RSC i j ) ∧ TS?L v (RSC i j ) ∧ ¬(u .O?L v ))
proof −assume a1 : j = ts-set-M-0show (∃ u v . u ∈ carrier ?L ∧ v ∈ carrier ?L ∧ TS?L u (RSC i j ) ∧
TS?L v (RSC i j ) ∧ ¬(u .O?L v ))proof−
from a1 have l1 : isTS-M ts0 (RSC i j ) ∧ isTS-M ts1 (RSC i j ) byauto
have ¬(∃ z . z ∈ ts0 ∧ z ∈ ts1 ) by autofrom this have l2 : ¬(ts0 .O?L ts1 ) unfolding overlap-def by fastforce
have l3 : ts0 ∈ carrier ?L ∧ ts1 ∈ carrier ?L by simpfrom l1 and l2 and l3 have ts0 ∈ carrier ?L ∧ ts1 ∈ carrier ?L ∧
TS?L ts0 (RSC i j ) ∧ TS?L ts1 (RSC i j ) ∧ ¬ ts0 .O?L ts1 by forcefrom this show ∃ u v . u ∈ carrier ?L ∧ v ∈ carrier ?L ∧ TS?L u
(RSC i j ) ∧ TS?L v (RSC i j ) ∧ ¬ u .O?L v by blastqed
qedhave l2 : j = ts-set-M-1 =⇒ (∃ u v . u ∈ carrier ?L ∧ v ∈ carrier ?L ∧ TS?L
u (RSC i j ) ∧ TS?L v (RSC i j ) ∧ ¬(u .O?L v ))proof −
assume a1 : j = ts-set-M-1show (∃ u v . u ∈ carrier ?L ∧ v ∈ carrier ?L ∧ TS?L u (RSC i j ) ∧
TS?L v (RSC i j ) ∧ ¬(u .O?L v ))proof−
from a1 have l1 : isTS-M ts0-M (RSC i j ) ∧ isTS-M ts1-M (RSC ij ) by auto
have ¬(∃ z . z ∈ ts0-M ∧ z ∈ ts1-M ) by autofrom this have l2 : ¬(ts0-M .O?L ts1-M ) unfolding overlap-def by
fastforcehave l3 : ts0-M ∈ carrier ?L ∧ ts1-M ∈ carrier ?L by simpfrom l1 and l2 and l3 have ts0-M ∈ carrier ?L ∧ ts1-M ∈ carrier
from this show ∃ u v . u ∈ carrier ?L ∧ v ∈ carrier ?L ∧ TS?L u(RSC i j ) ∧ TS?L v (RSC i j ) ∧ ¬ u .O?L v by blast
qedqed
from l0 l1 l2 show ∃ u v . u ∈ carrier ?L ∧ v ∈ carrier ?L ∧ TS?L u (RSCi j ) ∧ TS?L v (RSC i j ) ∧ ¬ u .O?L v by fast
qedqednext
show∧
i j y . [[i ∈ r-carrier ?L; j ∈ s-carrier ?L; y ∈ carrier ?L]] =⇒ (∃ x . x∈ carrier ?L ∧ TS?L x (RSC i j ) ∧ x .O?L y)
126
proof −fix y i jassume carr : y ∈ carrier ?L i ∈ r-carrier ?L j ∈ s-carrier ?Lshow ∃ x . x ∈ carrier ?L ∧ TS?L x (RSC i j ) ∧ x .O?L yproof −
from carr have l0 : (j = ts-set-M-0 ) ∨ (j = ts-set-M-1 ) by simphave l1 : j = ts-set-M-0 =⇒ ∃ x . x ∈ carrier ?L ∧ TS?L x (RSC i j ) ∧ x
.O?L yproof −
assume a1 : j = ts-set-M-0show ∃ x . x ∈ carrier ?L ∧ TS?L x (RSC i j ) ∧ x .O?L yproof −
from Union-of-ts-eq-top-of-m-set-M-0 and carr have (∃ z . z ∈ y ∧ z∈ ts0 ) ∨ (∃ z . z ∈ y ∧ z ∈ ts1 ) ∨ (∃ z . z ∈ y ∧ z ∈ ts2 )
by (smt insertI1 mem-Collect-eq two-sort-RS-frame.select-convs(1 )subsetCE subset-empty subset-insert subset-insertI )
from this obtain z0 z1 z2 where (z0 ∈ y ∧ z0 ∈ ts0 ) ∨ (z1 ∈ y ∧z1 ∈ ts1 ) ∨ (z2 ∈ y ∧ z2 ∈ ts2 ) by blast
from this have ({z0} ∈ carrier ?L ∧ z0 ∈ y ∧ z0 ∈ ts0 ) ∨ ({z1} ∈carrier ?L ∧ z1 ∈ y ∧ z1 ∈ ts1 ) ∨ ({z2} ∈ carrier ?L ∧ z2 ∈ y ∧ z2 ∈ ts2 ) byauto
from this have ({z0} ∈ carrier ?L ∧ {z0} ⊆ y ∧ {z0} ⊆ ts0 ) ∨ ({z1}∈ carrier ?L ∧ {z1} ⊆ y ∧ {z1} ⊆ ts1 ) ∨ ({z2} ∈ carrier ?L ∧ {z2} ⊆ y ∧ {z2}⊆ ts2 ) by auto
from this have y .O?L ts0 ∨ y .O?L ts1 ∨ y .O?L ts2 unfoldingoverlap-def by (metis (no-types, lifting) porder-two-sort-RS-frame.select-convs(1 ))
from carr and this have y ∈ carrier ?L ∧ y .O?L ts0 ∨ y .O?L ts1∨ y .O?L ts2 by auto
from this and a1 have ts0 ∈ carrier ?L ∧ TS?L ts0 (RSC i j ) ∧ ts0.O?L y ∨ ts1 ∈ carrier ?L ∧ TS?L ts1 (RSC i j ) ∧ ts1 .O?L y ∨ ts2 ∈ carrier?L ∧ TS?L ts2 (RSC i j ) ∧ ts2 .O?L y using O-sym by force
from this and carr show ∃ x . x ∈ carrier ?L ∧ TS?L x (RSC i j ) ∧x .O?L y by blast
qedqedhave l2 : j = ts-set-M-1 =⇒ ∃ x . x ∈ carrier ?L ∧ TS?L x (RSC i j ) ∧ x
.O?L yproof −
assume a1 : j = ts-set-M-1show ∃ x . x ∈ carrier ?L ∧ TS?L x (RSC i j ) ∧ x .O?L yproof −
from Union-of-ts-eq-top-of-m-set-M-1 and carr have (∃ z . z ∈ y ∧ z∈ ts0-M ) ∨ (∃ z . z ∈ y ∧ z ∈ ts1-M ) ∨ (∃ z . z ∈ y ∧ z ∈ ts2-M ) ∨ (∃ z . z ∈ y ∧z ∈ ts3-M )
by (smt insertI1 mem-Collect-eq two-sort-RS-frame.select-convs(1 )subsetCE subset-empty subset-insert subset-insertI )
from this obtain z0 z1 z2 z3 where (z0 ∈ y ∧ z0 ∈ ts0-M ) ∨ (z1 ∈y ∧ z1 ∈ ts1-M ) ∨ (z2 ∈ y ∧ z2 ∈ ts2-M )∨ (z3 ∈ y ∧ z3 ∈ ts3-M ) by blast
from this have ({z0} ∈ carrier ?L ∧ z0 ∈ y ∧ z0 ∈ ts0-M ) ∨
127
({z1} ∈ carrier ?L ∧ z1 ∈ y ∧ z1 ∈ ts1-M ) ∨({z2} ∈ carrier ?L ∧ z2 ∈ y ∧ z2 ∈ ts2-M ) ∨({z3} ∈ carrier ?L ∧ z3 ∈ y ∧ z3 ∈ ts3-M ) by auto
from this have ({z0} ∈ carrier ?L ∧ {z0} ⊆ y ∧ {z0} ⊆ ts0-M ) ∨({z1} ∈ carrier ?L ∧ {z1} ⊆ y ∧ {z1} ⊆ ts1-M ) ∨({z2} ∈ carrier ?L ∧ {z2} ⊆ y ∧ {z2} ⊆ ts2-M ) ∨({z3} ∈ carrier ?L ∧ {z3} ⊆ y ∧ {z3} ⊆ ts3-M ) by auto
from this have y .O?L ts0-M ∨ y .O?L ts1-M ∨ y .O?Lts2-M ∨ y .O?L ts3-M unfolding overlap-def by (metis (no-types, lifting)porder-two-sort-RS-frame.select-convs(1 ))
from carr and this have y ∈ carrier ?L ∧ y .O?L ts0-M ∨ y .O?Lts1-M ∨ y .O?L ts2-M ∨ y .O?L ts3-M by auto
from this and a1 have ts0-M ∈ carrier ?L ∧ TS?L ts0-M (RSC ij ) ∧ ts0-M .O?L y ∨
ts1-M ∈ carrier ?L ∧ TS?L ts1-M (RSC i j ) ∧ts1-M .O?L y ∨
ts2-M ∈ carrier ?L ∧ TS?L ts2-M (RSC i j ) ∧ts2-M .O?L y ∨
ts3-M ∈ carrier ?L ∧ TS?L ts3-M (RSC i j ) ∧ts3-M .O?L y using O-sym by force
from this and carr show ∃ x . x ∈ carrier ?L ∧ TS?L x (RSC i j ) ∧x .O?L y by blast
qedqedfrom l0 l1 l2 show ∃ x . x ∈ carrier ?L ∧ TS?L x (RSC i j ) ∧ x .O?L y
by fastforceqed
qedqed
qed
9.11 The Model satisfies the axioms of the locale M-TS-mereology
theorem (in M-TS-mereology) m-set-is-M-TS-mereology-M :M-TS-mereology AtE-Inst-ST-frame-M(is M-TS-mereology ?L)
proof (rule M-TS-mereology .intro)show TS-mereology ?L using m-set-is-TS-mereology-M by auto
nextshow M-TS-mereology-axioms ?Lproof
show∧
x y i j . [[SIMU ?L x y (RSC i j ); x ∈ carrier ?L; y ∈ carrier ?L;x6=y ; i ∈ r-carrier ?L; j ∈ s-carrier ?L]] =⇒ (∃ jj . jj ∈ s-carrier ?L ∧ j S?L jj ∧¬(SIMU ?L x y (RSC i jj )))
proof −fix xshow
∧y i j . [[SIMU ?L x y (RSC i j ); x ∈ carrier ?L; y ∈ carrier ?L;x
show [[SIMU ?L x y (RSC i j ); x ∈ carrier ?L; y ∈ carrier ?L; x 6=y ; i ∈r-carrier ?L; j ∈ s-carrier ?L]] =⇒ (∃ jj . jj ∈ s-carrier ?L ∧ j S?L jj ∧ ¬(SIMU ?Lx y (RSC i jj )))
proof−assume carr : x ∈ carrier ?L y ∈ carrier ?L i ∈ r-carrier ?L j ∈ s-carrier
?Lassume neq : x 6= yassume SIMU : SIMU ?L x y (RSC i j )show (∃ jj . jj ∈ s-carrier ?L ∧ j S?L jj ∧ ¬(SIMU ?L x y (RSC i jj )))proof −
assume a1 : j = ts-set-M-0show (∃ jj . jj ∈ s-carrier ?L ∧ j S?L jj ∧ ¬(SIMU ?L x y (RSC i jj )))proof −
from SIMU and a1 have SIMU ?L x y (RSC i j ) by autofrom this and a1 have (∃ z . z ∈ carrier ?L ∧ TS?L z (RSC i j ) ∧ x
v?L z ∧ y v?L z ) ∧x ∈ carrier ?L ∧ y ∈ carrier ?L ∧ i ∈ r-carrier ?L ∧ j ∈
s-carrier ?L by (simp add :SIMU-def )from this obtain z where lz0 : z ∈ carrier ?L ∧ isTS-M z (RSC i j )
∧ x ⊆ z ∧ y ⊆ z ∧x ∈ m-set ∧ y ∈ m-set ∧ i ∈ r-carrier ?L ∧ j ∈ s-carrier
?L by autofrom a1 lz0 have lz00 : z = ts0 ∨ z = ts1 ∨ z = ts2 by simpfrom lz0 have lzX : x 6= {} ∧ x ⊆ top-of-m-set ∧ x ⊆ z by fastforcefrom lz0 have lzY : y 6= {} ∧ y ⊆ top-of-m-set ∧ y ⊆ z by fastforcehave lz01 : z = ts0 =⇒ ∃ jj . jj ∈ s-carrier ?L ∧ j S?L jj ∧ ¬(SIMU ?L
x y (RSC i jj ))proof −
assume a2 : z = ts0show (∃ jj . jj ∈ s-carrier ?L ∧ j S?L jj ∧ ¬(SIMU ?L x y (RSC i jj )))
proof −from a2 and lzX have lx0 : x = A-00 ∨ x = A-10 ∨ x = ts0 by
from carr inst0 have x0 : x=At-0 ∨ x=At-1 ∨ x=Compl-0 ∨ x = Oc-0∨ x = Oc-1 ∨ x = Oc-2 using isInst-M-e1-impl-possibleParticulars by auto
from inst1 have x00 : x=At-0 =⇒ False unfolding isInst-M-def by forcefrom inst1 have x01 : x=At-1 =⇒ False unfolding isInst-M-def by forcefrom inst1 have x02 : x=Compl-0 =⇒ False unfolding isInst-M-def by
forcefrom inst1 have x03 : x=Oc-0 =⇒ False unfolding isInst-M-def by forcefrom inst1 have x04 : x=Oc-1 =⇒ False unfolding isInst-M-def by forcefrom inst1 have x05 : x=Oc-2 =⇒ False unfolding isInst-M-def by forcefrom x0 x00 x01 x02 x03 x04 x05 show False by force
qedqed
qednext
show∧
x y u i j . [[Inst?L x y u (RSC i j );x ∈ e-carrier ?L; y ∈ e-carrier ?L;u ∈ carrier ?L;
i ∈ r-carrier ?L; j ∈ s-carrier ?L]] =⇒ (SR?L u (RSC i j ) ∨TR?L u (RSC i j ))
proof−fix x y u i jassume inst : Inst?L x y u (RSC i j )assume carr : x ∈ e-carrier ?L y ∈ e-carrier ?L u ∈ carrier ?L
i ∈ r-carrier ?L j ∈ s-carrier ?Lshow (SR?L u (RSC i j ) ∨ TR?L u (RSC i j ))proof −
from carr inst have x0 : x=At-0 ∨ x=At-1 ∨ x=Compl-0 ∨ x = Oc-0 ∨x = Oc-1 ∨ x = Oc-2 using isInst-M-e1-impl-possibleParticulars by auto
have x00 : x=At-0 =⇒ (SR?L u (RSC i j ) ∨ TR?L u (RSC i j ))proof −
assume a: x=At-0show (SR?L u (RSC i j ) ∨ TR?L u (RSC i j ))proof −
from a have l0 : inst-at-M x = {A-00 ,A-01 ,A-02} unfoldinginst-at-M-def by auto
from l0 have uuu: u ∈ inst-at-M x =⇒ (u ∈ SR-set-M-0 ∨ u ∈
161
SR-set-M-1 ) by forcefrom inst have u ∈ inst-at-M x using isInst-M-u-inst-at-M by forcefrom this and uuu have uu: (u ∈ SR-set-M-0 ∨ u ∈ SR-set-M-1 ) by
autofrom carr have jj : (j = ts-set-M-0 ) ∨ (j = ts-set-M-1 ) by simphave uu-jj-0 : [[u ∈ SR-set-M-0 ;j = ts-set-M-0 ]] =⇒ SR?L u (RSC i j )
∨ TR?L u (RSC i j )proof−
assume a1 : u ∈ SR-set-M-0 j = ts-set-M-0from a1 and carr show SR?L u (RSC i j ) ∨ TR?L u (RSC i j ) using
inSR-set-M-0-impl-SR by mesonqedhave uu-jj-1 : [[u ∈ SR-set-M-0 ;j = ts-set-M-1 ]] =⇒ SR?L u (RSC i j )
from a1 have uu: u ∈ m-set-atoms ∨ u ∈ ts-set-M-1 by fasthave uu0 : u ∈ m-set-atoms =⇒ SR?L u (RSC i j ) ∨ TR?L u (RSC
i j )proof −
assume a3 : u ∈ m-set-atomsshow SR?L u (RSC i j ) ∨ TR?L u (RSC i j )proof −
from a3 have u ∈ SR-set-M-0 by fastfrom carr a2 this show SR?L u (RSC i j ) ∨ TR?L u (RSC i j )
using inSR-set-M-0-impl-SR by mesonqed
qedhave uu1 : u ∈ ts-set-M-1 =⇒ SR?L u (RSC i j ) ∨ TR?L u (RSC i
j )proof −
assume a3 : u ∈ ts-set-M-1show SR?L u (RSC i j ) ∨ TR?L u (RSC i j )proof −
from inst have l2 : u ∈ inst-at-M x using isInst-M-u-inst-at-Mby force
from this and l0 have u ∈ {A-00 ,A-01 ,A-02} by forcefrom this have u0 : u ∈ {A-00 ,A-01} ∨ u = A-02 by autohave u1 : u = A-02 =⇒ SR?L u (RSC i j ) ∨ TR?L u (RSC i j )proof−
assume a4 : u = A-02show SR?L u (RSC i j ) ∨ TR?L u (RSC i j )
proof−from a4 have u ∈ SR-set-M-0 by autofrom carr a2 this show SR?L u (RSC i j ) ∨ TR?L u (RSC
i j ) using inSR-set-M-0-impl-SR by mesonqed
qedhave u2 : u ∈ {A-00 ,A-01} =⇒ SR?L u (RSC i j ) ∨ TR?L u
(RSC i j )proof−
163
assume a4 : u ∈ {A-00 ,A-01}show SR?L u (RSC i j ) ∨ TR?L u (RSC i j )proof−have ll0 : A-00 6= ts0-M using A00-A10-partition-ts0 by blasthave ll1 :A-00 6= ts1-M using Abs-Tcoord-inject by autohave ll2 :A-00 6= ts2-M using Abs-Tcoord-inject by autohave ll3 :A-00 6= ts3-M using Abs-Tcoord-inject by autohave ll4 :A-01 6= ts0-M using Abs-Tcoord-inject by autohave ll5 :A-01 6= ts1-M using Abs-Tcoord-inject by autohave ll6 :A-01 6= ts2-M using Abs-Tcoord-inject by autohave ll7 :A-01 6= ts3-M using Abs-Tcoord-inject by autofrom a4 ll0 ll1 ll2 ll3 ll4 ll5 ll6 ll7 have u /∈ ts-set-M-1 by
autofrom this and a3 have False by autofrom this show SR?L u (RSC i j ) ∨ TR?L u (RSC i j ) by
autoqed
qedfrom u0 u1 u2 show SR?L u (RSC i j ) ∨ TR?L u (RSC i j )
by autoqed
qedfrom uu uu0 uu1 show SR?L u (RSC i j ) ∨ TR?L u (RSC i j ) by
forceqed
qedfrom uu jj uu-jj-0 uu-jj-1 uu-jj-2 uu-jj-3 show SR?L u (RSC i j ) ∨
TR?L u (RSC i j ) by argoqed
qedhave x01 : x=At-1 =⇒ (SR?L u (RSC i j ) ∨ TR?L u (RSC i j ))proof −
assume a: x=At-1show (SR?L u (RSC i j ) ∨ TR?L u (RSC i j ))proof −
from a have l0 : inst-at-M x = {A-10 ,A-11 ,A-12} unfoldinginst-at-M-def by auto
from l0 have uuu: u ∈ inst-at-M x =⇒ (u ∈ SR-set-M-0 ∨ u ∈SR-set-M-1 ) by force
from inst have l2 : u ∈ inst-at-M x using isInst-M-u-inst-at-M by force
from this and uuu have uu: (u ∈ SR-set-M-0 ∨ u ∈ SR-set-M-1 ) byauto
from carr have jj : (j = ts-set-M-0 ) ∨ (j = ts-set-M-1 ) by simphave uu-jj-0 : [[u ∈ SR-set-M-0 ;j = ts-set-M-0 ]] =⇒ SR?L u (RSC i j )proof−
assume a1 : u ∈ SR-set-M-0 j = ts-set-M-0from a1 and carr show SR?L u (RSC i j ) using inSR-set-M-0-impl-SR
by meson
164
qedhave uu-jj-1 : [[u ∈ SR-set-M-0 ;j = ts-set-M-1 ]] =⇒ SR?L u (RSC i j )
proof −from a1 have uu: u ∈ m-set-atoms ∨ u ∈ ts-set-M-1 by fasthave uu0 : u ∈ m-set-atoms =⇒ SR?L u (RSC i j ) ∨ TR?L u (RSC
i j )proof −
assume a3 : u ∈ m-set-atomsshow SR?L u (RSC i j ) ∨ TR?L u (RSC i j )proof −
from a3 have u ∈ SR-set-M-0 by fastfrom carr a2 this show SR?L u (RSC i j ) ∨ TR?L u (RSC i j )
using inSR-set-M-0-impl-SR by mesonqed
qedhave uu1 : u ∈ ts-set-M-1 =⇒ SR?L u (RSC i j ) ∨ TR?L u (RSC i
j )proof −
assume a3 : u ∈ ts-set-M-1show SR?L u (RSC i j ) ∨ TR?L u (RSC i j )proof −
from l2 and l0 have u ∈ {A-10 ,A-11 ,A-12} by forcefrom this have u0 : u ∈ {A-11 ,A-12} ∨ u = A-10 by autohave u1 : u = A-10 =⇒ SR?L u (RSC i j ) ∨ TR?L u (RSC i j )proof−
assume a4 : u = A-10show SR?L u (RSC i j ) ∨ TR?L u (RSC i j )
proof−from a4 have u ∈ SR-set-M-0 by autofrom carr a2 this show SR?L u (RSC i j ) ∨ TR?L u (RSC
i j ) using inSR-set-M-0-impl-SR by mesonqed
qedhave u2 : u ∈ {A-11 ,A-12} =⇒ SR?L u (RSC i j ) ∨ TR?L u
(RSC i j )proof−
assume a4 : u ∈ {A-11 ,A-12}show SR?L u (RSC i j ) ∨ TR?L u (RSC i j )proof−
have ll0 : A-11 6= ts0-M by autohave ll1 :A-11 6= ts1-M by autohave ll2 :A-11 6= ts2-M by autohave ll3 :A-11 6= ts3-M by autohave ll4 :A-12 6= ts0-M by autohave ll5 :A-12 6= ts1-M by autohave ll6 :A-12 6= ts2-M by autohave ll7 :A-12 6= ts3-M by autofrom a4 ll0 ll1 ll2 ll3 ll4 ll5 ll6 ll7 have u /∈ ts-set-M-1 by
autofrom this and a3 have False by autofrom this show SR?L u (RSC i j ) ∨ TR?L u (RSC i j ) by
166
autoqed
qedfrom u0 u1 u2 show SR?L u (RSC i j ) ∨ TR?L u (RSC i j )
by autoqed
qedfrom uu uu0 uu1 show SR?L u (RSC i j ) ∨ TR?L u (RSC i j ) by
forceqed
qedfrom uu jj uu-jj-0 uu-jj-1 uu-jj-2 uu-jj-3 show SR?L u (RSC i j ) ∨
TR?L u (RSC i j ) by argoqed
qedhave x02 : x=Compl-0 =⇒ (SR?L u (RSC i j ) ∨ TR?L u (RSC i j ))proof −
assume a: x=Compl-0show (SR?L u (RSC i j ) ∨ TR?L u (RSC i j ))proof −from a have l0 : inst-at-M x = {ts0 ,ts1 ,ts2 ,ts0-M ,ts1-M ,ts2-M ,ts3-M }
unfolding inst-at-M-def by forcefrom l0 have uuu: u ∈ inst-at-M x =⇒ (u ∈ SR-set-M-0 ∨ u ∈
SR-set-M-1 ) by forcefrom inst have l2 : u ∈ inst-at-M x using isInst-M-u-inst-at-M by force
from this and uuu have uu: (u ∈ SR-set-M-0 ∨ u ∈ SR-set-M-1 ) byauto
from carr have jj : (j = ts-set-M-0 ) ∨ (j = ts-set-M-1 ) by simphave uu-jj-0 : [[u ∈ SR-set-M-0 ;j = ts-set-M-0 ]] =⇒ SR?L u (RSC i j )
∨ TR?L u (RSC i j )proof−
assume a1 : u ∈ SR-set-M-0 j = ts-set-M-0from a1 and carr show SR?L u (RSC i j ) ∨ TR?L u (RSC i j ) using
inSR-set-M-0-impl-SR by mesonqedhave uu-jj-1 : [[u ∈ SR-set-M-0 ;j = ts-set-M-1 ]] =⇒ SR?L u (RSC i j )
t1 (RSC i j ) ∧ TS?L t2 (RSC i j ) ∧ ¬(t1 .O?L t2 ) ∧ u .O?L t1 ∧ u .O?L t2 )by blast
qedfrom this show (SR?L u (RSC i j ) ∨ TR?L u (RSC i j )) by auto
qedqedhave u-jj-1 : j = ts-set-M-1 =⇒ (SR?L u (RSC i j ) ∨ TR?L u (RSC i
j ))proof−
assume a1 : j = ts-set-M-1show (SR?L u (RSC i j ) ∨ TR?L u (RSC i j ))proof −
from l01 have l1 : u .O?L ts1-M ∧ u .O?L ts2-M unfoldingoverlap-def using insert-commute by auto
have l2 : ¬(ts1-M .O?L ts2-M ) unfolding overlap-def usingneg-O-ts1-M-ts2-M by auto
from a1 have l3 : TS?L ts1-M (RSC i j ) ∧ TS?L ts2-M (RSC ij ) by simp
have l4 : ts1-M ∈ carrier ?L by autohave l5 : ts2-M ∈ carrier ?L by autofrom carr l1 l2 l3 l4 l5 have l6 : ∃ t1 t2 . t1 ∈ carrier ?L ∧ t2 ∈
carrier ?L ∧ TS?L t1 (RSC i j ) ∧ TS?L t2 (RSC i j ) ∧ ¬(t1 .O?L t2 ) ∧u .O?L t1 ∧ u .O?L t2 ∧ i ∈ r-carrier ?L ∧ j
∈ s-carrier ?L by blasthave TR?L u (RSC i j )proof (rule TR-I )
from carr show u ∈ carrier ?L by autonext
from carr show i ∈ r-carrier ?L by autonext
from carr show j ∈ s-carrier ?L by autonextfrom l6 show (∃ t1 t2 . t1 ∈ carrier ?L ∧ t2 ∈ carrier ?L ∧ TS?L
t1 (RSC i j ) ∧ TS?L t2 (RSC i j ) ∧ ¬(t1 .O?L t2 ) ∧ u .O?L t1 ∧ u .O?L t2 )by blast
qedfrom this show (SR?L u (RSC i j ) ∨ TR?L u (RSC i j )) by auto
qedqedfrom jj u-jj-0 u-jj-1 show (SR?L u (RSC i j ) ∨ TR?L u (RSC i j ))
by fastqed
qedhave x05 : x=Oc-2 =⇒ (SR?L u (RSC i j ) ∨ TR?L u (RSC i j ))proof −
177
assume a: x=Oc-2show (SR?L u (RSC i j ) ∨ TR?L u (RSC i j ))proof −from carr have jj : (j = ts-set-M-0 ) ∨ (j = ts-set-M-1 ) by simpfrom a have l0 : inst-at-M x = {top-of-m-set} unfolding inst-at-M-def
by autohave l01 : u = top-of-m-setproof (rule ccontr)
assume a1 : u 6= top-of-m-setshow False
proof−from inst have ll1 : u ∈ inst-at-M x using isInst-M-u-inst-at-M
by forcefrom this and a and l0 have u = top-of-m-set by simpfrom this and a1 show False by auto
qedqedhave u-jj-0 : j = ts-set-M-0 =⇒ (SR?L u (RSC i j ) ∨ TR?L u (RSC i
j ))proof −
assume a1 : j = ts-set-M-0show (SR?L u (RSC i j ) ∨ TR?L u (RSC i j ))proof −from l01 have l1 : u .O?L ts0 ∧ u .O?L ts1 unfolding overlap-def
using insert-commute by autohave l2 : ¬(ts0 .O?L ts1 ) unfolding overlap-def using neg-O-ts0-ts1
by autofrom a1 have l3 : TS?L ts0 (RSC i j ) ∧ TS?L ts1 (RSC i j ) by
simphave l4 : ts0 ∈ carrier ?L by auto
have l5 : ts1 ∈ carrier ?L by autofrom carr l1 l2 l3 l4 l5 have l6 : ∃ t1 t2 . t1 ∈ carrier ?L ∧ t2 ∈ carrier
?L ∧ TS?L t1 (RSC i j ) ∧ TS?L t2 (RSC i j ) ∧ ¬(t1 .O?L t2 ) ∧u .O?L t1 ∧ u .O?L t2 ∧ i ∈ r-carrier ?L ∧ j
∈ s-carrier ?L by blasthave TR?L u (RSC i j )proof (rule TR-I )
from carr show u ∈ carrier ?L by autonext
from carr show i ∈ r-carrier ?L by autonext
from carr show j ∈ s-carrier ?L by autonext
from l6 show (∃ t1 t2 . t1 ∈ carrier ?L ∧ t2 ∈ carrier ?L ∧ TS?Lt1 (RSC i j ) ∧ TS?L t2 (RSC i j ) ∧ ¬(t1 .O?L t2 ) ∧ u .O?L t1 ∧ u .O?L t2 )by blast
qedfrom this show (SR?L u (RSC i j ) ∨ TR?L u (RSC i j )) by auto
qed
178
qedhave u-jj-1 : j = ts-set-M-1 =⇒ (SR?L u (RSC i j ) ∨ TR?L u (RSC i j ))
proof −assume a1 : j = ts-set-M-1
show (SR?L u (RSC i j ) ∨ TR?L u (RSC i j ))proof −
from l01 have l1 : u .O?L ts1-M ∧ u .O?L ts2-M unfoldingoverlap-def using insert-commute by auto
have l2 : ¬(ts1-M .O?L ts2-M ) unfolding overlap-def usingneg-O-ts1-M-ts2-M by auto
from a1 have l3 : TS?L ts1-M (RSC i j ) ∧ TS?L ts2-M (RSC i j )by simp
have l4 : ts1-M ∈ carrier ?L by autohave l5 : ts2-M ∈ carrier ?L by auto
u .O?L t1 ∧ u .O?L t2 ∧ i ∈ r-carrier ?L ∧ j∈ s-carrier ?L by blast
have TR?L u (RSC i j )proof (rule TR-I )
from carr show u ∈ carrier ?L by autonext
from carr show i ∈ r-carrier ?L by autonext
from carr show j ∈ s-carrier ?L by autonextfrom l6 show (∃ t1 t2 . t1 ∈ carrier ?L ∧ t2 ∈ carrier ?L ∧ TS?L
t1 (RSC i j ) ∧ TS?L t2 (RSC i j ) ∧ ¬(t1 .O?L t2 ) ∧ u .O?L t1 ∧ u .O?L t2 )by blast
qedfrom this show (SR?L u (RSC i j ) ∨ TR?L u (RSC i j )) by auto
qedqedfrom jj u-jj-0 u-jj-1 show (SR?L u (RSC i j ) ∨ TR?L u (RSC i j )) by
fastqed
qedfrom x0 x00 x01 x02 x03 x04 x05 show (SR?L u (RSC i j ) ∨ TR?L u
(RSC i j )) by forceqed
qednext
show∧
x y u i j jj yy uu. [[Inst?L x y u (RSC i j );SR?L u (RSC i j );j S?Ljj ;Inst?L x yy uu (RSC i jj );
x ∈ e-carrier ?L; y ∈ e-carrier ?L; yy ∈ e-carrier?L; u ∈ carrier ?L; uu ∈ carrier ?L;
i ∈ r-carrier ?L; j ∈ s-carrier ?L; jj ∈ s-carrier?L]] =⇒ SR?L uu (RSC i jj )
179
proof −fix x y u i j jj yy uuassume inst : Inst?L x y u (RSC i j ) Inst?L x yy uu (RSC i jj )assume SR: SR?L u (RSC i j )assume S : j S?L jjassume carr : x ∈ e-carrier ?L y ∈ e-carrier ?L yy ∈ e-carrier ?L u ∈
from l1 a1 have uu ∈ inst-at-M-0-or-1 x ts-set-M-1 by autofrom a this have l2 : uu ∈ {ts0-M ,ts1-M ,ts2-M ,ts3-M } using
Compl-0-at-ts-set-M-1 by blasthave {ts0-M ,ts1-M ,ts2-M ,ts3-M } ⊆ SR-set-M-1 by autofrom this l2 have uu ∈ SR-set-M-1 by auto
from this a1 show SR?L uu (RSC i jj ) using carr inSR-set-M-iff-SR-1by auto
qedqedfrom jj-cases jj-case-0 jj-case-1 show SR?L uu (RSC i jj ) by auto
qedqed
have x03 : [[x=Oc-0 ;SR?L u (RSC i j )]] =⇒ SR?L uu (RSC i jj )proof −
assume a: x=Oc-0assume s: SR?L u (RSC i j )show SR?L uu (RSC i jj )
proof −from a have l0 : inst-at-M x = {wlA-0} unfolding inst-at-M-def by
autohave l01 : u = wlA-0proof (rule ccontr)
assume a1 : u 6= wlA-0show False
proof−from inst have ll1 : u ∈ inst-at-M x using isInst-M-u-inst-at-M
by force
182
from this and a and l0 have u = wlA-0 by simpfrom this and a1 show False by auto
qedqedfrom carr have j-cases : (j = ts-set-M-0 ) ∨ (j = ts-set-M-1 ) by simp
have j-case-0 : j = ts-set-M-0 =⇒ Falseproof −
assume a1 : j = ts-set-M-0show Falseproof −from l01 have l1 : u .O?L ts0 ∧ u .O?L ts1 unfolding overlap-def
using insert-commute by autohave l6 : SR?L u (RSC i j ) =⇒ Falseproof−
assume a2 : SR?L u (RSC i j )show Falseproof −
from a1 a2 have (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i j )∧ u v?L t) ∧ u ∈ carrier ?L ∧ i ∈ r-carrier ?L ∧ j ∈ s-carrier ?L by (simpadd :SR-def )
from this obtain t where ll0 : t ∈ carrier ?L ∧ TS?L t (RSCi j ) ∧ u v?L t ∧ u ∈ carrier ?L ∧ i ∈ r-carrier ?L ∧ j ∈ s-carrier ?L by auto
from a1 this have lt0 : t= ts0 ∨ t= ts1 ∨ t= ts2 by forcehave lt00 : t= ts0 =⇒ Falseproof−
assume a: t= ts0show Falseproof−
from a and ll0 have ll1 : u v?L ts0 by forcefrom l1 have u .O?L ts1 by force
from this have ¬ u v?L ts0 unfolding overlap-def by (smtneg-O-ts0-ts1 two-sort-RS-frame.select-convs(1 ) porder-two-sort-RS-frame.select-convs(1 )subset-trans)
from this and ll1 show False by fastqed
qedhave lt01 : t= ts1 =⇒ Falseproof−
assume a: t= ts1show Falseproof−
from a and ll0 have ll1 : u v?L ts1 by forcefrom l1 have u .O?L ts0 by force
from this have ¬ u v?L ts1 unfolding overlap-def by (smtneg-O-ts0-ts1 two-sort-RS-frame.select-convs(1 ) porder-two-sort-RS-frame.select-convs(1 )subset-trans)
from this and ll1 show False by fastqed
183
qedhave lt02 : t= ts2 =⇒ Falseproof−
assume a: t= ts2show Falseproof−
from a and ll0 have ll1 : u v?L ts2 by forcefrom l1 have u .O?L ts0 by force
from this have ¬ u v?L ts2 unfolding overlap-def by (smtneg-O-ts0-ts2 two-sort-RS-frame.select-convs(1 ) porder-two-sort-RS-frame.select-convs(1 )subset-trans)
from l01 have l1 : u .O?L ts1-M ∧ u .O?L ts2-M unfoldingoverlap-def using insert-commute by auto
have l6 : SR?L u (RSC i j ) =⇒ Falseproof−
assume a2 : SR?L u (RSC i j )show Falseproof −
from a1 a2 have (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i j )∧ u v?L t) ∧ u ∈ carrier ?L ∧ i ∈ r-carrier ?L ∧ j ∈ s-carrier ?L by (simpadd :SR-def )
from this obtain t where ll0 : t ∈ carrier ?L ∧ TS?L t (RSCi j ) ∧ u v?L t ∧ u ∈ carrier ?L ∧ i ∈ r-carrier ?L ∧ j ∈ s-carrier ?L by auto
from a1 this have lt0 : t= ts0-M ∨ t= ts1-M ∨ t= ts2-M ∨ t=ts3-M by force
have lt00 : t= ts0-M =⇒ Falseproof−
assume a: t= ts0-Mshow Falseproof−
from a and ll0 have ll1 : u v?L ts0-M by forcefrom l1 have u .O?L ts1-M by force
from this have ¬ u v?L ts0-M unfolding overlap-def by (smtneg-O-ts0-M-ts1-M two-sort-RS-frame.select-convs(1 ) porder-two-sort-RS-frame.select-convs(1 )subset-trans)
184
from this and ll1 show False by fastqed
qedhave lt01 : t= ts1-M =⇒ Falseproof−
assume a: t= ts1-Mshow Falseproof−
from a and ll0 have ll1 : u v?L ts1-M by forcefrom l1 have u .O?L ts2-M by force
from this have ¬ u v?L ts1-M unfolding overlap-def by (smtneg-O-ts1-M-ts2-M two-sort-RS-frame.select-convs(1 ) porder-two-sort-RS-frame.select-convs(1 )subset-trans)
from this and ll1 show False by fastqed
qedhave lt02 : t= ts2-M =⇒ Falseproof−
assume a: t= ts2-Mshow Falseproof−
from a and ll0 have ll1 : u v?L ts2-M by forcefrom l1 have u .O?L ts1-M by force
from this have ¬ u v?L ts2-M unfolding overlap-def by (smtneg-O-ts1-M-ts2-M two-sort-RS-frame.select-convs(1 ) porder-two-sort-RS-frame.select-convs(1 )subset-trans)
from this and ll1 show False by fastqed
qedhave lt03 : t= ts3-M =⇒ Falseproof−
assume a: t= ts3-Mshow Falseproof−
from a and ll0 have ll1 : u v?L ts3-M by forcefrom l1 have u .O?L ts1-M by force
from this have ¬ u v?L ts3-M unfolding overlap-def by (smtneg-O-ts1-M-ts3-M two-sort-RS-frame.select-convs(1 ) porder-two-sort-RS-frame.select-convs(1 )subset-trans)
from this and ll1 show False by fastqed
qedfrom lt0 lt00 lt01 lt02 lt03 show False by force
qedqedfrom l6 s show False by auto
qedqedfrom j-cases j-case-0 j-case-1 have False by auto
185
from this show SR?L uu (RSC i jj ) by autoqed
qedhave x04 : [[x=Oc-1 ;SR?L u (RSC i j )]] =⇒ SR?L uu (RSC i jj )proof −
assume a: x=Oc-1assume s: SR?L u (RSC i j )show SR?L uu (RSC i jj )
proof −from a have l0 : inst-at-M x = {wlA-1} unfolding inst-at-M-def by
autohave l01 : u = wlA-1proof (rule ccontr)
assume a1 : u 6= wlA-1show False
proof−from inst have ll1 : u ∈ inst-at-M x using isInst-M-u-inst-at-M
by forcefrom this and a and l0 have u = wlA-1 by simpfrom this and a1 show False by auto
qedqedfrom carr have j-cases : (j = ts-set-M-0 ) ∨ (j = ts-set-M-1 ) by simp
have j-case-0 : j = ts-set-M-0 =⇒ Falseproof −
assume a1 : j = ts-set-M-0show Falseproof −from l01 have l1 : u .O?L ts0 ∧ u .O?L ts1 unfolding overlap-def
using insert-commute by autohave l6 : SR?L u (RSC i j ) =⇒ Falseproof−
assume a2 : SR?L u (RSC i j )show Falseproof −
from a1 a2 have (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i j )∧ u v?L t) ∧ u ∈ carrier ?L ∧ i ∈ r-carrier ?L ∧ j ∈ s-carrier ?L by (simpadd :SR-def )
from this obtain t where ll0 : t ∈ carrier ?L ∧ TS?L t (RSCi j ) ∧ u v?L t ∧ u ∈ carrier ?L ∧ i ∈ r-carrier ?L ∧ j ∈ s-carrier ?L by auto
from a1 this have lt0 : t= ts0 ∨ t= ts1 ∨ t= ts2 by forcehave lt00 : t= ts0 =⇒ Falseproof−
assume a: t= ts0show Falseproof−
from a and ll0 have ll1 : u v?L ts0 by forcefrom l1 have u .O?L ts1 by force
186
from this have ¬ u v?L ts0 unfolding overlap-def by (smtneg-O-ts0-ts1 two-sort-RS-frame.select-convs(1 ) porder-two-sort-RS-frame.select-convs(1 )subset-trans)
from this and ll1 show False by fastqed
qedhave lt01 : t= ts1 =⇒ Falseproof−
assume a: t= ts1show Falseproof−
from a and ll0 have ll1 : u v?L ts1 by forcefrom l1 have u .O?L ts0 by force
from this have ¬ u v?L ts1 unfolding overlap-def by (smtneg-O-ts0-ts1 two-sort-RS-frame.select-convs(1 ) porder-two-sort-RS-frame.select-convs(1 )subset-trans)
from this and ll1 show False by fastqed
qedhave lt02 : t= ts2 =⇒ Falseproof−
assume a: t= ts2show Falseproof−
from a and ll0 have ll1 : u v?L ts2 by forcefrom l1 have u .O?L ts0 by force
from this have ¬ u v?L ts2 unfolding overlap-def by (smtneg-O-ts0-ts2 two-sort-RS-frame.select-convs(1 ) porder-two-sort-RS-frame.select-convs(1 )subset-trans)
from l01 have l1 : u .O?L ts1-M ∧ u .O?L ts2-M unfoldingoverlap-def using insert-commute by auto
have l6 : SR?L u (RSC i j ) =⇒ Falseproof−
assume a2 : SR?L u (RSC i j )show False
187
proof −from a1 a2 have (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i j )
∧ u v?L t) ∧ u ∈ carrier ?L ∧ i ∈ r-carrier ?L ∧ j ∈ s-carrier ?L by (simpadd :SR-def )
from this obtain t where ll0 : t ∈ carrier ?L ∧ TS?L t (RSCi j ) ∧ u v?L t ∧ u ∈ carrier ?L ∧ i ∈ r-carrier ?L ∧ j ∈ s-carrier ?L by auto
from a1 this have lt0 : t= ts0-M ∨ t= ts1-M ∨ t= ts2-M ∨ t=ts3-M by force
have lt00 : t= ts0-M =⇒ Falseproof−
assume a: t= ts0-Mshow Falseproof−
from a and ll0 have ll1 : u v?L ts0-M by forcefrom l1 have u .O?L ts1-M by force
from this have ¬ u v?L ts0-M unfolding overlap-def by (smtneg-O-ts0-M-ts1-M two-sort-RS-frame.select-convs(1 ) porder-two-sort-RS-frame.select-convs(1 )subset-trans)
from this and ll1 show False by fastqed
qedhave lt01 : t= ts1-M =⇒ Falseproof−
assume a: t= ts1-Mshow Falseproof−
from a and ll0 have ll1 : u v?L ts1-M by forcefrom l1 have u .O?L ts2-M by force
from this have ¬ u v?L ts1-M unfolding overlap-def by (smtneg-O-ts1-M-ts2-M two-sort-RS-frame.select-convs(1 ) porder-two-sort-RS-frame.select-convs(1 )subset-trans)
from this and ll1 show False by fastqed
qedhave lt02 : t= ts2-M =⇒ Falseproof−
assume a: t= ts2-Mshow Falseproof−
from a and ll0 have ll1 : u v?L ts2-M by forcefrom l1 have u .O?L ts1-M by force
from this have ¬ u v?L ts2-M unfolding overlap-def by (smtneg-O-ts1-M-ts2-M two-sort-RS-frame.select-convs(1 ) porder-two-sort-RS-frame.select-convs(1 )subset-trans)
from this and ll1 show False by fastqed
qedhave lt03 : t= ts3-M =⇒ Falseproof−
188
assume a: t= ts3-Mshow Falseproof−
from a and ll0 have ll1 : u v?L ts3-M by forcefrom l1 have u .O?L ts1-M by force
from this have ¬ u v?L ts3-M unfolding overlap-def by (smtneg-O-ts1-M-ts3-M two-sort-RS-frame.select-convs(1 ) porder-two-sort-RS-frame.select-convs(1 )subset-trans)
from this and ll1 show False by fastqed
qedfrom lt0 lt00 lt01 lt02 lt03 show False by force
qedqedfrom l6 s show False by auto
qedqedfrom j-cases j-case-0 j-case-1 have False by autofrom this show SR?L uu (RSC i jj ) by auto
qedqed
have x05 : [[x=Oc-2 ;SR?L u (RSC i j )]] =⇒ SR?L uu (RSC i jj )proof −
assume a: x=Oc-2assume s: SR?L u (RSC i j )show SR?L uu (RSC i jj )
proof −from a have l0 : inst-at-M x = {top-of-m-set} unfolding inst-at-M-def
by autohave l01 : u = top-of-m-setproof (rule ccontr)
assume a1 : u 6= top-of-m-setshow False
proof−from inst have ll1 : u ∈ inst-at-M x using isInst-M-u-inst-at-M
by forcefrom this and a and l0 have u = top-of-m-set by simpfrom this and a1 show False by auto
qedqedfrom carr have j-cases : (j = ts-set-M-0 ) ∨ (j = ts-set-M-1 ) by simp
have j-case-0 : j = ts-set-M-0 =⇒ Falseproof −
assume a1 : j = ts-set-M-0show Falseproof −from l01 have l1 : u .O?L ts0 ∧ u .O?L ts1 unfolding overlap-def
using insert-commute by auto
189
have l6 : SR?L u (RSC i j ) =⇒ Falseproof−
assume a2 : SR?L u (RSC i j )show Falseproof −
from a1 a2 have (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i j )∧ u v?L t) ∧ u ∈ carrier ?L ∧ i ∈ r-carrier ?L ∧ j ∈ s-carrier ?L by (simpadd :SR-def )
from this obtain t where ll0 : t ∈ carrier ?L ∧ TS?L t (RSCi j ) ∧ u v?L t ∧ u ∈ carrier ?L ∧ i ∈ r-carrier ?L ∧ j ∈ s-carrier ?L by auto
from a1 this have lt0 : t= ts0 ∨ t= ts1 ∨ t= ts2 by forcehave lt00 : t= ts0 =⇒ Falseproof−
assume a: t= ts0show Falseproof−
from a and ll0 have ll1 : u v?L ts0 by forcefrom l1 have u .O?L ts1 by force
from this have ¬ u v?L ts0 unfolding overlap-def by (smtneg-O-ts0-ts1 two-sort-RS-frame.select-convs(1 ) porder-two-sort-RS-frame.select-convs(1 )subset-trans)
from this and ll1 show False by fastqed
qedhave lt01 : t= ts1 =⇒ Falseproof−
assume a: t= ts1show Falseproof−
from a and ll0 have ll1 : u v?L ts1 by forcefrom l1 have u .O?L ts0 by force
from this have ¬ u v?L ts1 unfolding overlap-def by (smtneg-O-ts0-ts1 two-sort-RS-frame.select-convs(1 ) porder-two-sort-RS-frame.select-convs(1 )subset-trans)
from this and ll1 show False by fastqed
qedhave lt02 : t= ts2 =⇒ Falseproof−
assume a: t= ts2show Falseproof−
from a and ll0 have ll1 : u v?L ts2 by forcefrom l1 have u .O?L ts0 by force
from this have ¬ u v?L ts2 unfolding overlap-def by (smtneg-O-ts0-ts2 two-sort-RS-frame.select-convs(1 ) porder-two-sort-RS-frame.select-convs(1 )subset-trans)
from l01 have l1 : u .O?L ts1-M ∧ u .O?L ts2-M unfoldingoverlap-def using insert-commute by auto
have l6 : SR?L u (RSC i j ) =⇒ Falseproof−
assume a2 : SR?L u (RSC i j )show Falseproof −
from a1 a2 have (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i j )∧ u v?L t) ∧ u ∈ carrier ?L ∧ i ∈ r-carrier ?L ∧ j ∈ s-carrier ?L by (simpadd :SR-def )
from this obtain t where ll0 : t ∈ carrier ?L ∧ TS?L t (RSCi j ) ∧ u v?L t ∧ u ∈ carrier ?L ∧ i ∈ r-carrier ?L ∧ j ∈ s-carrier ?L by auto
from a1 this have lt0 : t= ts0-M ∨ t= ts1-M ∨ t= ts2-M ∨ t=ts3-M by force
have lt00 : t= ts0-M =⇒ Falseproof−
assume a: t= ts0-Mshow Falseproof−
from a and ll0 have ll1 : u v?L ts0-M by forcefrom l1 have u .O?L ts1-M by force
from this have ¬ u v?L ts0-M unfolding overlap-def by (smtneg-O-ts0-M-ts1-M two-sort-RS-frame.select-convs(1 ) porder-two-sort-RS-frame.select-convs(1 )subset-trans)
from this and ll1 show False by fastqed
qedhave lt01 : t= ts1-M =⇒ Falseproof−
assume a: t= ts1-Mshow Falseproof−
from a and ll0 have ll1 : u v?L ts1-M by forcefrom l1 have u .O?L ts2-M by force
from this have ¬ u v?L ts1-M unfolding overlap-def by (smtneg-O-ts1-M-ts2-M two-sort-RS-frame.select-convs(1 ) porder-two-sort-RS-frame.select-convs(1 )subset-trans)
191
from this and ll1 show False by fastqed
qedhave lt02 : t= ts2-M =⇒ Falseproof−
assume a: t= ts2-Mshow Falseproof−
from a and ll0 have ll1 : u v?L ts2-M by forcefrom l1 have u .O?L ts1-M by force
from this have ¬ u v?L ts2-M unfolding overlap-def by (smtneg-O-ts1-M-ts2-M two-sort-RS-frame.select-convs(1 ) porder-two-sort-RS-frame.select-convs(1 )subset-trans)
from this and ll1 show False by fastqed
qedhave lt03 : t= ts3-M =⇒ Falseproof−
assume a: t= ts3-Mshow Falseproof−
from a and ll0 have ll1 : u v?L ts3-M by forcefrom l1 have u .O?L ts1-M by force
from this have ¬ u v?L ts3-M unfolding overlap-def by (smtneg-O-ts1-M-ts3-M two-sort-RS-frame.select-convs(1 ) porder-two-sort-RS-frame.select-convs(1 )subset-trans)
from this and ll1 show False by fastqed
qedfrom lt0 lt00 lt01 lt02 lt03 show False by force
qedqedfrom l6 s show False by auto
qedqedfrom j-cases j-case-0 j-case-1 have False by autofrom this show SR?L uu (RSC i jj ) by auto
qedqed
from SR x0 x00 x01 x02 x03 x04 x05 show SR?L uu (RSC i jj ) by forceqed
qednext
show∧
x y u i j jj xx uu. [[Inst?L x y u (RSC i j );SR?L u (RSC i j );j S?Ljj ;Inst?L xx y uu (RSC i jj );
x ∈ e-carrier ?L; xx ∈ e-carrier ?L; y ∈ e-carrier?L; u ∈ carrier ?L; uu ∈ carrier ?L;
i ∈ r-carrier ?L; j ∈ s-carrier ?L; jj ∈ s-carrier?L]] =⇒ SR?L uu (RSC i jj )
192
proof −fix x y u i j jj xx uuassume inst : Inst?L x y u (RSC i j ) Inst?L xx y uu (RSC i jj )assume SR: SR?L u (RSC i j )assume S : j S?L jjassume carr : x ∈ e-carrier ?L xx ∈ e-carrier ?L y ∈ e-carrier ?L u ∈
from l1 a1 have uu ∈ inst-at-M-0-or-1 xx ts-set-M-1 by autofrom aa this have l2 : uu ∈ {ts0-M ,ts1-M ,ts2-M ,ts3-M } using
Compl-0-at-ts-set-M-1 by blasthave {ts0-M ,ts1-M ,ts2-M ,ts3-M } ⊆ SR-set-M-1 by autofrom this l2 have uu ∈ SR-set-M-1 by auto
from this a1 show SR?L uu (RSC i jj ) using carrinSR-set-M-iff-SR-1 by auto
qedqedfrom jj-cases jj-case-0 jj-case-1 show SR?L uu (RSC i jj ) by
autoqed
qedfrom xx0 xx00 xx01 xx02 have [[x=Compl-0 ;SR?L u (RSC i j )]] =⇒
SR?L uu (RSC i jj ) by forcefrom this a s show SR?L uu (RSC i jj ) by force
qedqed
have x03 : [[x=Oc-0 ;SR?L u (RSC i j )]] =⇒ SR?L uu (RSC i jj )proof −
assume a: x=Oc-0
198
assume s: SR?L u (RSC i j )show SR?L uu (RSC i jj )proof −
from a have l0 : inst-at-M x = {wlA-0} unfolding inst-at-M-def byauto
have l01 : u = wlA-0proof (rule ccontr)
assume a1 : u 6= wlA-0show False
proof−from inst have ll1 : u ∈ inst-at-M x using isInst-M-u-inst-at-M
by forcefrom this and a and l0 have u = wlA-0 by simpfrom this and a1 show False by auto
qedqedfrom carr have j-cases : (j = ts-set-M-0 ) ∨ (j = ts-set-M-1 ) by simp
have j-case-0 : j = ts-set-M-0 =⇒ Falseproof −
assume a1 : j = ts-set-M-0show Falseproof −from l01 have l1 : u .O?L ts0 ∧ u .O?L ts1 unfolding overlap-def
using insert-commute by autohave l6 : SR?L u (RSC i j ) =⇒ Falseproof−
assume a2 : SR?L u (RSC i j )show Falseproof −
from a1 a2 have (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i j )∧ u v?L t) ∧ u ∈ carrier ?L ∧ i ∈ r-carrier ?L ∧ j ∈ s-carrier ?L by (simpadd :SR-def )
from this obtain t where ll0 : t ∈ carrier ?L ∧ TS?L t (RSCi j ) ∧ u v?L t ∧ u ∈ carrier ?L ∧ i ∈ r-carrier ?L ∧ j ∈ s-carrier ?L by auto
from a1 this have lt0 : t= ts0 ∨ t= ts1 ∨ t= ts2 by forcehave lt00 : t= ts0 =⇒ Falseproof−
assume a: t= ts0show Falseproof−
from a and ll0 have ll1 : u v?L ts0 by forcefrom l1 have u .O?L ts1 by force
from this have ¬ u v?L ts0 unfolding overlap-def by (smtneg-O-ts0-ts1 two-sort-RS-frame.select-convs(1 ) porder-two-sort-RS-frame.select-convs(1 )subset-trans)
from this and ll1 show False by fastqed
qed
199
have lt01 : t= ts1 =⇒ Falseproof−
assume a: t= ts1show Falseproof−
from a and ll0 have ll1 : u v?L ts1 by forcefrom l1 have u .O?L ts0 by force
from this have ¬ u v?L ts1 unfolding overlap-def by (smtneg-O-ts0-ts1 two-sort-RS-frame.select-convs(1 ) porder-two-sort-RS-frame.select-convs(1 )subset-trans)
from this and ll1 show False by fastqed
qedhave lt02 : t= ts2 =⇒ Falseproof−
assume a: t= ts2show Falseproof−
from a and ll0 have ll1 : u v?L ts2 by forcefrom l1 have u .O?L ts0 by force
from this have ¬ u v?L ts2 unfolding overlap-def by (smtneg-O-ts0-ts2 two-sort-RS-frame.select-convs(1 ) porder-two-sort-RS-frame.select-convs(1 )subset-trans)
from l01 have l1 : u .O?L ts1-M ∧ u .O?L ts2-M unfoldingoverlap-def using insert-commute by auto
have l6 : SR?L u (RSC i j ) =⇒ Falseproof−
assume a2 : SR?L u (RSC i j )show Falseproof −
from a1 a2 have (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i j )∧ u v?L t) ∧ u ∈ carrier ?L ∧ i ∈ r-carrier ?L ∧ j ∈ s-carrier ?L by (simpadd :SR-def )
from this obtain t where ll0 : t ∈ carrier ?L ∧ TS?L t (RSCi j ) ∧ u v?L t ∧ u ∈ carrier ?L ∧ i ∈ r-carrier ?L ∧ j ∈ s-carrier ?L by auto
200
from a1 this have lt0 : t= ts0-M ∨ t= ts1-M ∨ t= ts2-M ∨ t=ts3-M by force
have lt00 : t= ts0-M =⇒ Falseproof−
assume a: t= ts0-Mshow Falseproof−
from a and ll0 have ll1 : u v?L ts0-M by forcefrom l1 have u .O?L ts1-M by force
from this have ¬ u v?L ts0-M unfolding overlap-def by (smtneg-O-ts0-M-ts1-M two-sort-RS-frame.select-convs(1 ) porder-two-sort-RS-frame.select-convs(1 )subset-trans)
from this and ll1 show False by fastqed
qedhave lt01 : t= ts1-M =⇒ Falseproof−
assume a: t= ts1-Mshow Falseproof−
from a and ll0 have ll1 : u v?L ts1-M by forcefrom l1 have u .O?L ts2-M by force
from this have ¬ u v?L ts1-M unfolding overlap-def by (smtneg-O-ts1-M-ts2-M two-sort-RS-frame.select-convs(1 ) porder-two-sort-RS-frame.select-convs(1 )subset-trans)
from this and ll1 show False by fastqed
qedhave lt02 : t= ts2-M =⇒ Falseproof−
assume a: t= ts2-Mshow Falseproof−
from a and ll0 have ll1 : u v?L ts2-M by forcefrom l1 have u .O?L ts1-M by force
from this have ¬ u v?L ts2-M unfolding overlap-def by (smtneg-O-ts1-M-ts2-M two-sort-RS-frame.select-convs(1 ) porder-two-sort-RS-frame.select-convs(1 )subset-trans)
from this and ll1 show False by fastqed
qedhave lt03 : t= ts3-M =⇒ Falseproof−
assume a: t= ts3-Mshow Falseproof−
from a and ll0 have ll1 : u v?L ts3-M by forcefrom l1 have u .O?L ts1-M by force
from this have ¬ u v?L ts3-M unfolding overlap-def by (smt
qedfrom lt0 lt00 lt01 lt02 lt03 show False by force
qedqedfrom l6 s show False by auto
qedqedfrom j-cases j-case-0 j-case-1 have False by autofrom this show SR?L uu (RSC i jj ) by auto
qedqed
have x04 : [[x=Oc-1 ;SR?L u (RSC i j )]] =⇒ SR?L uu (RSC i jj )proof −
assume a: x=Oc-1assume s: SR?L u (RSC i j )show SR?L uu (RSC i jj )
proof −from a have l0 : inst-at-M x = {wlA-1} unfolding inst-at-M-def by
autohave l01 : u = wlA-1proof (rule ccontr)
assume a1 : u 6= wlA-1show False
proof−from inst have ll1 : u ∈ inst-at-M x using isInst-M-u-inst-at-M
by forcefrom this and a and l0 have u = wlA-1 by simpfrom this and a1 show False by auto
qedqedfrom carr have j-cases : (j = ts-set-M-0 ) ∨ (j = ts-set-M-1 ) by simp
have j-case-0 : j = ts-set-M-0 =⇒ Falseproof −
assume a1 : j = ts-set-M-0show Falseproof −from l01 have l1 : u .O?L ts0 ∧ u .O?L ts1 unfolding overlap-def
using insert-commute by autohave l6 : SR?L u (RSC i j ) =⇒ Falseproof−
assume a2 : SR?L u (RSC i j )show Falseproof −
from a1 a2 have (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i j )
202
∧ u v?L t) ∧ u ∈ carrier ?L ∧ i ∈ r-carrier ?L ∧ j ∈ s-carrier ?L by (simpadd :SR-def )
from this obtain t where ll0 : t ∈ carrier ?L ∧ TS?L t (RSCi j ) ∧ u v?L t ∧ u ∈ carrier ?L ∧ i ∈ r-carrier ?L ∧ j ∈ s-carrier ?L by auto
from a1 this have lt0 : t= ts0 ∨ t= ts1 ∨ t= ts2 by forcehave lt00 : t= ts0 =⇒ Falseproof−
assume a: t= ts0show Falseproof−
from a and ll0 have ll1 : u v?L ts0 by forcefrom l1 have u .O?L ts1 by force
from this have ¬ u v?L ts0 unfolding overlap-def by (smtneg-O-ts0-ts1 two-sort-RS-frame.select-convs(1 ) porder-two-sort-RS-frame.select-convs(1 )subset-trans)
from this and ll1 show False by fastqed
qedhave lt01 : t= ts1 =⇒ Falseproof−
assume a: t= ts1show Falseproof−
from a and ll0 have ll1 : u v?L ts1 by forcefrom l1 have u .O?L ts0 by force
from this have ¬ u v?L ts1 unfolding overlap-def by (smtneg-O-ts0-ts1 two-sort-RS-frame.select-convs(1 ) porder-two-sort-RS-frame.select-convs(1 )subset-trans)
from this and ll1 show False by fastqed
qedhave lt02 : t= ts2 =⇒ Falseproof−
assume a: t= ts2show Falseproof−
from a and ll0 have ll1 : u v?L ts2 by forcefrom l1 have u .O?L ts0 by force
from this have ¬ u v?L ts2 unfolding overlap-def by (smtneg-O-ts0-ts2 two-sort-RS-frame.select-convs(1 ) porder-two-sort-RS-frame.select-convs(1 )subset-trans)
from this and ll1 show False by fastqed
qedfrom lt0 lt00 lt01 lt02 show False by force
qedqedfrom l6 s show False by auto
qed
203
qedhave j-case-1 : j = ts-set-M-1 =⇒ Falseproof −
assume a1 : j = ts-set-M-1show Falseproof −
from l01 have l1 : u .O?L ts1-M ∧ u .O?L ts2-M unfoldingoverlap-def using insert-commute by auto
have l6 : SR?L u (RSC i j ) =⇒ Falseproof−
assume a2 : SR?L u (RSC i j )show Falseproof −
from a1 a2 have (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i j )∧ u v?L t) ∧ u ∈ carrier ?L ∧ i ∈ r-carrier ?L ∧ j ∈ s-carrier ?L by (simpadd :SR-def )
from this obtain t where ll0 : t ∈ carrier ?L ∧ TS?L t (RSCi j ) ∧ u v?L t ∧ u ∈ carrier ?L ∧ i ∈ r-carrier ?L ∧ j ∈ s-carrier ?L by auto
from a1 this have lt0 : t= ts0-M ∨ t= ts1-M ∨ t= ts2-M ∨ t=ts3-M by force
have lt00 : t= ts0-M =⇒ Falseproof−
assume a: t= ts0-Mshow Falseproof−
from a and ll0 have ll1 : u v?L ts0-M by forcefrom l1 have u .O?L ts1-M by force
from this have ¬ u v?L ts0-M unfolding overlap-def by (smtneg-O-ts0-M-ts1-M two-sort-RS-frame.select-convs(1 ) porder-two-sort-RS-frame.select-convs(1 )subset-trans)
from this and ll1 show False by fastqed
qedhave lt01 : t= ts1-M =⇒ Falseproof−
assume a: t= ts1-Mshow Falseproof−
from a and ll0 have ll1 : u v?L ts1-M by forcefrom l1 have u .O?L ts2-M by force
from this have ¬ u v?L ts1-M unfolding overlap-def by (smtneg-O-ts1-M-ts2-M two-sort-RS-frame.select-convs(1 ) porder-two-sort-RS-frame.select-convs(1 )subset-trans)
from this and ll1 show False by fastqed
qedhave lt02 : t= ts2-M =⇒ Falseproof−
assume a: t= ts2-M
204
show Falseproof−
from a and ll0 have ll1 : u v?L ts2-M by forcefrom l1 have u .O?L ts1-M by force
from this have ¬ u v?L ts2-M unfolding overlap-def by (smtneg-O-ts1-M-ts2-M two-sort-RS-frame.select-convs(1 ) porder-two-sort-RS-frame.select-convs(1 )subset-trans)
from this and ll1 show False by fastqed
qedhave lt03 : t= ts3-M =⇒ Falseproof−
assume a: t= ts3-Mshow Falseproof−
from a and ll0 have ll1 : u v?L ts3-M by forcefrom l1 have u .O?L ts1-M by force
from this have ¬ u v?L ts3-M unfolding overlap-def by (smtneg-O-ts1-M-ts3-M two-sort-RS-frame.select-convs(1 ) porder-two-sort-RS-frame.select-convs(1 )subset-trans)
from this and ll1 show False by fastqed
qedfrom lt0 lt00 lt01 lt02 lt03 show False by force
qedqedfrom l6 s show False by auto
qedqedfrom j-cases j-case-0 j-case-1 have False by autofrom this show SR?L uu (RSC i jj ) by auto
qedqed
have x05 : [[x=Oc-2 ;SR?L u (RSC i j )]] =⇒ SR?L uu (RSC i jj )proof −
assume a: x=Oc-2assume s: SR?L u (RSC i j )show SR?L uu (RSC i jj )
proof −from a have l0 : inst-at-M x = {top-of-m-set} unfolding inst-at-M-def
by autohave l01 : u = top-of-m-setproof (rule ccontr)
assume a1 : u 6= top-of-m-setshow False
proof−from inst have ll1 : u ∈ inst-at-M x using isInst-M-u-inst-at-M
by forcefrom this and a and l0 have u = top-of-m-set by simp
205
from this and a1 show False by autoqed
qedfrom carr have j-cases : (j = ts-set-M-0 ) ∨ (j = ts-set-M-1 ) by simp
have j-case-0 : j = ts-set-M-0 =⇒ Falseproof −
assume a1 : j = ts-set-M-0show Falseproof −from l01 have l1 : u .O?L ts0 ∧ u .O?L ts1 unfolding overlap-def
using insert-commute by autohave l6 : SR?L u (RSC i j ) =⇒ Falseproof−
assume a2 : SR?L u (RSC i j )show Falseproof −
from a1 a2 have (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i j )∧ u v?L t) ∧ u ∈ carrier ?L ∧ i ∈ r-carrier ?L ∧ j ∈ s-carrier ?L by (simpadd :SR-def )
from this obtain t where ll0 : t ∈ carrier ?L ∧ TS?L t (RSCi j ) ∧ u v?L t ∧ u ∈ carrier ?L ∧ i ∈ r-carrier ?L ∧ j ∈ s-carrier ?L by auto
from a1 this have lt0 : t= ts0 ∨ t= ts1 ∨ t= ts2 by forcehave lt00 : t= ts0 =⇒ Falseproof−
assume a: t= ts0show Falseproof−
from a and ll0 have ll1 : u v?L ts0 by forcefrom l1 have u .O?L ts1 by force
from this have ¬ u v?L ts0 unfolding overlap-def by (smtneg-O-ts0-ts1 two-sort-RS-frame.select-convs(1 ) porder-two-sort-RS-frame.select-convs(1 )subset-trans)
from this and ll1 show False by fastqed
qedhave lt01 : t= ts1 =⇒ Falseproof−
assume a: t= ts1show Falseproof−
from a and ll0 have ll1 : u v?L ts1 by forcefrom l1 have u .O?L ts0 by force
from this have ¬ u v?L ts1 unfolding overlap-def by (smtneg-O-ts0-ts1 two-sort-RS-frame.select-convs(1 ) porder-two-sort-RS-frame.select-convs(1 )subset-trans)
from this and ll1 show False by fastqed
qed
206
have lt02 : t= ts2 =⇒ Falseproof−
assume a: t= ts2show Falseproof−
from a and ll0 have ll1 : u v?L ts2 by forcefrom l1 have u .O?L ts0 by force
from this have ¬ u v?L ts2 unfolding overlap-def by (smtneg-O-ts0-ts2 two-sort-RS-frame.select-convs(1 ) porder-two-sort-RS-frame.select-convs(1 )subset-trans)
from l01 have l1 : u .O?L ts1-M ∧ u .O?L ts2-M unfoldingoverlap-def using insert-commute by auto
have l6 : SR?L u (RSC i j ) =⇒ Falseproof−
assume a2 : SR?L u (RSC i j )show Falseproof −
from a1 a2 have (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i j )∧ u v?L t) ∧ u ∈ carrier ?L ∧ i ∈ r-carrier ?L ∧ j ∈ s-carrier ?L by (simpadd :SR-def )
from this obtain t where ll0 : t ∈ carrier ?L ∧ TS?L t (RSCi j ) ∧ u v?L t ∧ u ∈ carrier ?L ∧ i ∈ r-carrier ?L ∧ j ∈ s-carrier ?L by auto
from a1 this have lt0 : t= ts0-M ∨ t= ts1-M ∨ t= ts2-M ∨ t=ts3-M by force
have lt00 : t= ts0-M =⇒ Falseproof−
assume a: t= ts0-Mshow Falseproof−
from a and ll0 have ll1 : u v?L ts0-M by forcefrom l1 have u .O?L ts1-M by force
from this have ¬ u v?L ts0-M unfolding overlap-def by (smtneg-O-ts0-M-ts1-M two-sort-RS-frame.select-convs(1 ) porder-two-sort-RS-frame.select-convs(1 )subset-trans)
from this and ll1 show False by fast
207
qedqedhave lt01 : t= ts1-M =⇒ Falseproof−
assume a: t= ts1-Mshow Falseproof−
from a and ll0 have ll1 : u v?L ts1-M by forcefrom l1 have u .O?L ts2-M by force
from this have ¬ u v?L ts1-M unfolding overlap-def by (smtneg-O-ts1-M-ts2-M two-sort-RS-frame.select-convs(1 ) porder-two-sort-RS-frame.select-convs(1 )subset-trans)
from this and ll1 show False by fastqed
qedhave lt02 : t= ts2-M =⇒ Falseproof−
assume a: t= ts2-Mshow Falseproof−
from a and ll0 have ll1 : u v?L ts2-M by forcefrom l1 have u .O?L ts1-M by force
from this have ¬ u v?L ts2-M unfolding overlap-def by (smtneg-O-ts1-M-ts2-M two-sort-RS-frame.select-convs(1 ) porder-two-sort-RS-frame.select-convs(1 )subset-trans)
from this and ll1 show False by fastqed
qedhave lt03 : t= ts3-M =⇒ Falseproof−
assume a: t= ts3-Mshow Falseproof−
from a and ll0 have ll1 : u v?L ts3-M by forcefrom l1 have u .O?L ts1-M by force
from this have ¬ u v?L ts3-M unfolding overlap-def by (smtneg-O-ts1-M-ts3-M two-sort-RS-frame.select-convs(1 ) porder-two-sort-RS-frame.select-convs(1 )subset-trans)
from this and ll1 show False by fastqed
qedfrom lt0 lt00 lt01 lt02 lt03 show False by force
qedqedfrom l6 s show False by auto
qedqedfrom j-cases j-case-0 j-case-1 have False by autofrom this show SR?L uu (RSC i jj ) by auto
208
qedqed
from SR x0 x00 x01 x02 x03 x04 x05 show SR?L uu (RSC i jj ) by forceqed
qednext
show∧
x y u i j yy v . [[Inst?L x y u (RSC i j );TR?L u (RSC i j );Inst?L x yyv (RSC i j );
x ∈ e-carrier ?L; y ∈ e-carrier ?L; yy ∈ e-carrier ?L; u ∈ carrier?L; v ∈ carrier ?L;
i ∈ r-carrier ?L; j ∈ s-carrier ?L]] =⇒ (u = v)proof −
fix x y u i j yy vassume inst : Inst?L x y u (RSC i j ) Inst?L x yy v (RSC i j )assume TR: TR?L u (RSC i j )assume carr : x ∈ e-carrier ?L y ∈ e-carrier ?L yy ∈ e-carrier ?L u ∈ carrier
proof−from a have l0 : inst-at-M x = {A-00 ,A-01 ,A-02} unfolding
inst-at-M-def by autofrom l0 have u ∈ inst-at-M x =⇒ (u ∈ SR-set-M-0 ∧ u ∈
SR-set-M-1 ) by forcefrom j-cases and carr and this have l1 : u ∈ inst-at-M x =⇒
SR?L u (RSC i j ) using inSR-set-M-iff-SR-0 inSR-set-M-iff-SR-1 by autofrom inst have l2 : u ∈ inst-at-M x using isInst-M-u-inst-at-M
by forcefrom l1 and l2 show SR?L u (RSC i j ) by auto
qedqed
have aa1 : x=At-1 =⇒ SR?L u (RSC i j )proof−
assume a: x=At-1show SR?L u (RSC i j )
proof−
209
from a have l0 : inst-at-M x = {A-10 ,A-11 ,A-12} unfoldinginst-at-M-def by auto
from l0 have u ∈ inst-at-M x =⇒ (u ∈ SR-set-M-0 ∧ u ∈SR-set-M-1 ) by force
from j-cases and carr and this have l1 : u ∈ inst-at-M x =⇒SR?L u (RSC i j ) using inSR-set-M-iff-SR-0 inSR-set-M-iff-SR-1 by auto
from inst have l2 : u ∈ inst-at-M x using isInst-M-u-inst-at-Mby force
from l1 and l2 show SR?L u (RSC i j ) by autoqed
qedhave aa2 : x=Compl-0 =⇒ SR?L u (RSC i j )proof−
assume a: x=Compl-0show SR?L u (RSC i j )
proof−from a inst(1 ) have Inst?L x y u (RSC i j ) by auto
from this have l1 : u ∈ inst-at-M-0-or-1 x j using isInst-M-imp-inst-at-M-0-or-1by auto
from carr have j-cases: (j = ts-set-M-0 ) ∨ (j = ts-set-M-1 ) bysimp
have j-case-0 : (j = ts-set-M-0 ) =⇒ SR?L u (RSC i j )proof −
assume a1 : (j = ts-set-M-0 )show SR?L u (RSC i j )proof −
from l1 a1 have u ∈ inst-at-M-0-or-1 x ts-set-M-0 by autofrom a this have l2 : u ∈ {ts0 ,ts1 ,ts2} using Compl-0-at-ts-set-M-0
by blasthave {ts0 ,ts1 ,ts2} ⊆ SR-set-M-0 by autofrom this l2 have u ∈ SR-set-M-0 by auto
from this a1 show SR?L u (RSC i j ) using carrinSR-set-M-iff-SR-0 by auto
qedqedhave j-case-1 : j = ts-set-M-1 =⇒ SR?L u (RSC i j )proof−
assume a1 : j = ts-set-M-1show SR?L u (RSC i j )proof−
from l1 a1 have u ∈ inst-at-M-0-or-1 x ts-set-M-1 by autofrom a this have l2 : u ∈ {ts0-M ,ts1-M ,ts2-M ,ts3-M } using
Compl-0-at-ts-set-M-1 by blasthave {ts0-M ,ts1-M ,ts2-M ,ts3-M } ⊆ SR-set-M-1 by autofrom this l2 have u ∈ SR-set-M-1 by auto
from this a1 show SR?L u (RSC i j ) using carrinSR-set-M-iff-SR-1 by auto
qedqed
210
from j-cases j-case-0 j-case-1 show SR?L u (RSC i j ) by autoqed
qedfrom aa aa0 aa1 aa2 have SR?L u (RSC i j ) by autofrom this carr TR have False using TS-mereology .TR-imp-negSR
by (metis (no-types, lifting) m-set-is-TS-mereology-M )from this show u=v by auto
qedqed
have o00 : x=Oc-0 =⇒ (u=v)proof−
assume aa: x=Oc-0show (u=v)proof−
from aa have l0 : inst-at-M x = {wlA-0} unfolding inst-at-M-defby auto
have l01 : u = wlA-0proof (rule ccontr)assume a1 : u 6= wlA-0show False
proof−from inst have ll1 : u ∈ inst-at-M x using isInst-M-u-inst-at-M
by forcefrom this and aa and l0 have u = wlA-0 by simpfrom this and a1 show False by auto
qedqedhave l02 : v = wlA-0proof (rule ccontr)assume a1 : v 6= wlA-0show False
proof−from inst have ll1 : v ∈ inst-at-M x using isInst-M-u-inst-at-M by
forcefrom this and aa and l0 have v = wlA-0 by simpfrom this and a1 show False by auto
qedqedfrom l01 l02 show u=v by auto
qedqedhave o01 : x=Oc-1 =⇒ (u=v)proof−
assume aa: x=Oc-1show (u=v)proof−
from aa have l0 : inst-at-M x = {wlA-1} unfolding inst-at-M-defby auto
have l01 : u = wlA-1
211
proof (rule ccontr)assume a1 : u 6= wlA-1show False
proof−from inst have ll1 : u ∈ inst-at-M x using isInst-M-u-inst-at-M
by forcefrom this and aa and l0 have u = wlA-1 by simpfrom this and a1 show False by auto
qedqedhave l02 : v = wlA-1proof (rule ccontr)assume a1 : v 6= wlA-1show False
proof−from inst have ll1 : v ∈ inst-at-M x using isInst-M-u-inst-at-M by
forcefrom this and aa and l0 have v = wlA-1 by simpfrom this and a1 show False by auto
qedqedfrom l01 l02 show u=v by auto
qedqedhave o02 : x=Oc-2 =⇒ (u=v)proof−
assume aa: x=Oc-2show (u=v)proof−from aa have l0 : inst-at-M x = {top-of-m-set} unfolding inst-at-M-def
by autohave l01 : u = top-of-m-setproof (rule ccontr)assume a1 : u 6= top-of-m-setshow False
proof−from inst have ll1 : u ∈ inst-at-M x using isInst-M-u-inst-at-M
by forcefrom this and aa and l0 have u = top-of-m-set by simpfrom this and a1 show False by auto
qedqedhave l02 : v = top-of-m-setproof (rule ccontr)assume a1 : v 6= top-of-m-setshow False
proof−from inst have ll1 : v ∈ inst-at-M x using isInst-M-u-inst-at-M by
force
212
from this and aa and l0 have v = top-of-m-set by simpfrom this and a1 show False by auto
qedqedfrom l01 l02 show u=v by auto
qedqedfrom x0 x00 o00 o01 o02 show u=v by auto
qedqed
nextshow
∧x y u i j yy v . [[Inst?L x y u (RSC i j ); SR?L u (RSC i j );Inst?L x
yy v (RSC i j ); SIMU ?L u v (RSC i j );x ∈ e-carrier ?L; y ∈ e-carrier ?L; yy ∈ e-carrier ?L; u ∈
carrier ?L; v ∈ carrier ?L;i ∈ r-carrier ?L; j ∈ s-carrier ?L]] =⇒ (u = v)
proof −fix x y u i j yy vassume inst : Inst?L x y u (RSC i j ) Inst?L x yy v (RSC i j )assume SR: SR?L u (RSC i j )assume SIMU : SIMU ?L u v (RSC i j )assume carr : x ∈ e-carrier ?L y ∈ e-carrier ?L yy ∈ e-carrier ?L u ∈
proof−from False a1 uu vv have ¬(SIMU ?L u v (RSC i j )) unfolding
SIMU-def by forcefrom this and SIMU show u = v by auto
qedqed
have j-case-1 : j =ts-set-M-1 =⇒ u = vproof −
assume a1 : j =ts-set-M-1show u = v
proof−from False a1 uu vv have ¬(SIMU ?L u v (RSC i j )) unfolding
SIMU-def by forcefrom this and SIMU show u = v by auto
qedqed
from j-cases j-case-0 j-case-1 show u = v by fastqed
qedqed
have x03 : x=Compl-0 =⇒ u = vproof−
assume a: x=Compl-0show u = vproof−
show u = vproof (cases u=v)
case Truefrom True show u = v by auto
next
218
case Falsehave j-case-0 : j =ts-set-M-0 =⇒ u = vproof −
assume a1 : j =ts-set-M-0show u = vproof−
from a inst(1 ) have Inst?L x y u (RSC i j ) by autofrom this have l1u: u ∈ inst-at-M-0-or-1 x j using
isInst-M-imp-inst-at-M-0-or-1 by autofrom a inst(2 ) have Inst?L x yy v (RSC i j ) by auto
from this have l1v : v ∈ inst-at-M-0-or-1 x j usingisInst-M-imp-inst-at-M-0-or-1 by auto
from l1u a1 have u ∈ inst-at-M-0-or-1 x ts-set-M-0 by autofrom a this have uu: u = ts0 ∨ u = ts1 ∨ u = ts2 using
Compl-0-at-ts-set-M-0 by blastfrom l1v a1 have v ∈ inst-at-M-0-or-1 x ts-set-M-0 by auto
from a this have vv : v = ts0 ∨ v = ts1 ∨ v = ts2 usingCompl-0-at-ts-set-M-0 by blast
from False a1 uu vv have ¬(SIMU ?L u v (RSC i j )) unfoldingSIMU-def
using neg-O-ts0-ts1 neg-O-ts0-ts2neg-O-ts1-ts2
by fastforcefrom this and SIMU show u = v by auto
qedqed
have j-case-1 : j =ts-set-M-1 =⇒ u = vproof −
assume a1 : j =ts-set-M-1show u = v
proof−from a inst(1 ) have Inst?L x y u (RSC i j ) by auto
from this have l1u: u ∈ inst-at-M-0-or-1 x j usingisInst-M-imp-inst-at-M-0-or-1 by auto
from a inst(2 ) have Inst?L x yy v (RSC i j ) by autofrom this have l1v : v ∈ inst-at-M-0-or-1 x j using
isInst-M-imp-inst-at-M-0-or-1 by autofrom l1u a1 have u ∈ inst-at-M-0-or-1 x ts-set-M-1 by autofrom a this have uu: u = ts0-M ∨ u = ts1-M ∨ u = ts2-M ∨ u
= ts3-M using Compl-0-at-ts-set-M-1 by forcefrom l1v a1 have v ∈ inst-at-M-0-or-1 x ts-set-M-1 by autofrom a this have vv : v = ts0-M ∨ v = ts1-M ∨ v = ts2-M ∨ v
= ts3-M using Compl-0-at-ts-set-M-1 by forcefrom False a1 uu vv have ¬(SIMU ?L u v (RSC i j )) unfolding
show (Inst?L x Oc-0 wlA-0 (RSC wlCompl-0 ts-set-M-0 ) ∨Inst?L Oc-0 x wlA-0 (RSC wlCompl-0 ts-set-M-0 ))
proof (rule disjI2 )from ax0 show Inst?L Oc-0 x wlA-0 (RSC wlCompl-0
ts-set-M-0 ) unfolding isInst-M-def by forceqed
qedqed
qedqed
qed
236
qedqed
qedqedqed
qedfrom xx xx0 xx1 xx2 xx3 xx4 xx5 xx6 xx7 show ∃ u ii jj . u ∈ carrier ?L ∧
ii ∈ r-carrier ?L ∧ jj ∈ s-carrier ?L ∧i R?L ii ∧ j S?L jj ∧
(∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y u (RSCii jj ) ∨ Inst?L y x u (RSC ii jj ))) by force
qedqed
nextshow
∧x u i j v . [[(∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y u (RSC i j ) ∨ Inst?L
y x u (RSC i j )));(∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y v (RSC i j ) ∨ Inst?L y x v
(RSC i j )));¬(SIMU ?L u v (RSC i j ));
x ∈ e-carrier ?L; u ∈ carrier ?L; v ∈ carrier ?L; i ∈ r-carrier ?L;j ∈ s-carrier ?L]] =⇒
(∃w . w ∈ carrier ?L ∧ TR?L w (RSC i j ) ∧w =
⊔?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧
(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))})proof −
fix x u i j vassume loc1 : (∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y u (RSC i j ) ∨ Inst?L y x
u (RSC i j )))assume loc2 : (∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y v (RSC i j ) ∨ Inst?L y x
v (RSC i j )))assume simu: ¬(SIMU ?L u v (RSC i j ))assume carr : x ∈ e-carrier ?L u ∈ carrier ?L v ∈ carrier ?L i ∈ r-carrier
?L j ∈ s-carrier ?Lshow (∃w . w ∈ carrier ?L ∧ TR?L w (RSC i j ) ∧
w =⊔
?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))})
proof−from loc1 obtain y1 where l1 : y1 ∈ e-carrier ?L ∧ (Inst?L x y1 u (RSC
i j ) ∨ Inst?L y1 x u (RSC i j )) by autofrom loc2 obtain y2 where l2 : y2 ∈ e-carrier ?L ∧ (Inst?L x y2 v (RSC
i j ) ∨ Inst?L y2 x v (RSC i j )) by autofrom l1 l2 have x-cases: x = At-0 ∨ x = At-1 ∨ x = Compl-0 ∨ x =
Oc-0 ∨ x = Oc-1 ∨ x= Oc-2 ∨ x = UC-0 ∨ x = UO-0 using isInst-M-def byfastforce
from carr have i-case: i = wlCompl-0 by simpfrom carr have j-cases: j = ts-set-M-0 ∨ j = ts-set-M-1 by autohave x-case-0 : x = At-0 =⇒ (∃w . w ∈ carrier ?L ∧ TR?L w (RSC i j )
∧w =
⊔?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧
237
(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))})proof −
assume a1 : x = At-0show (∃w . w ∈ carrier ?L ∧ TR?L w (RSC i j ) ∧
w =⊔
?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))})
proof−have j-case-0 : j = ts-set-M-0 =⇒ (∃w . w ∈ carrier ?L ∧ TR?L w
(RSC i j ) ∧w =
⊔?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧
(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))})proof−
assume a2 : j = ts-set-M-0show (∃w . w ∈ carrier ?L ∧ TR?L w (RSC i j ) ∧
w =⊔
?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))})
proof (rule exI [of λw . w ∈ carrier ?L ∧ TR?L w (RSC i j ) ∧w =
⊔?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧
(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))} wlA-0 ])show wlA-0 ∈ carrier ?L ∧ TR?L wlA-0 (RSC i j ) ∧
wlA-0 =⊔
?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))}
proof (rule conjI )from carr show wlA-0 ∈ carrier ?L by auto
nextshow TR?L wlA-0 (RSC i j ) ∧wlA-0 =
⊔?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧
(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))}proof(rule conjI )
from carr a1 a2 i-case have l14 : {uu. uu ∈ carrier ?L ∧(∃ y . y ∈ e-carrier ?L ∧ Inst?L x y uu (RSC i j ))} = {uu. uu ∈ carrier ?L ∧(∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))}unfolding isInst-M-def by auto
from this l0 l13 l14 show wlA-0 =⊔
?L {uu. uu ∈ carrier?L ∧ (∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC ij )))} by auto
qedqed
qedqed
qedfrom j-cases j-case-0 j-case-1 show (∃w . w ∈ carrier ?L ∧ TR?L w
(RSC i j ) ∧w =
⊔?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧
(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))}) by forceqed
qedhave x-case-1 : x = At-1 =⇒ (∃w . w ∈ carrier ?L ∧ TR?L w (RSC i j )
∧w =
⊔?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧
241
(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))})proof −
assume a1 : x = At-1show (∃w . w ∈ carrier ?L ∧ TR?L w (RSC i j ) ∧
w =⊔
?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))})
proof−have j-case-0 : j = ts-set-M-0 =⇒ (∃w . w ∈ carrier ?L ∧ TR?L w
(RSC i j ) ∧w =
⊔?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧
(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))})proof−
assume a2 : j = ts-set-M-0show (∃w . w ∈ carrier ?L ∧ TR?L w (RSC i j ) ∧
w =⊔
?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))})
proof (rule exI [of λw . w ∈ carrier ?L ∧ TR?L w (RSC i j ) ∧w =
⊔?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧
(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))} wlA-1 ])show wlA-1 ∈ carrier ?L ∧ TR?L wlA-1 (RSC i j ) ∧
wlA-1 =⊔
?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))}
proof (rule conjI )from carr show wlA-1 ∈ carrier ?L by auto
nextshow TR?L wlA-1 (RSC i j ) ∧wlA-1 =
⊔?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧
(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))}proof(rule conjI )
from carr a1 a2 i-case have l14 : {uu. uu ∈ carrier ?L ∧(∃ y . y ∈ e-carrier ?L ∧ Inst?L x y uu (RSC i j ))} = {uu. uu ∈ carrier ?L ∧(∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))}unfolding isInst-M-def by auto
from this l0 l13 l14 show wlA-1 =⊔
?L {uu. uu ∈ carrier?L ∧ (∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC ij )))} by auto
qedqed
qedqed
qedfrom j-cases j-case-0 j-case-1 show (∃w . w ∈ carrier ?L ∧ TR?L w
(RSC i j ) ∧w =
⊔?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧
(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))}) by forceqed
qedhave x-case-2 : x = Compl-0 =⇒ (∃w . w ∈ carrier ?L ∧ TR?L w (RSC
i j ) ∧w =
⊔?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧
245
(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))})proof −
assume a1 : x = Compl-0show (∃w . w ∈ carrier ?L ∧ TR?L w (RSC i j ) ∧
w =⊔
?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))})
proof−have j-case-0 : j = ts-set-M-0 =⇒ (∃w . w ∈ carrier ?L ∧ TR?L w
(RSC i j ) ∧w =
⊔?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧
(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))})proof−
assume a2 : j = ts-set-M-0show (∃w . w ∈ carrier ?L ∧ TR?L w (RSC i j ) ∧
w =⊔
?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))})
proof (rule exI [of λw . w ∈ carrier ?L ∧ TR?L w (RSC i j ) ∧w =
⊔?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧
(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))} top-of-m-set ])show top-of-m-set ∈ carrier ?L ∧ TR?L top-of-m-set (RSC i j )
∧top-of-m-set =
⊔?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier
?L ∧ (Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))}proof (rule conjI )
from carr show top-of-m-set ∈ carrier ?L by autonext
show TR?L top-of-m-set (RSC i j ) ∧top-of-m-set =
⊔?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier
?L ∧ (Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))}proof(rule conjI )
show TR?L top-of-m-set (RSC i j )proof (rule TR-I )
from carr a1 a2 i-case have l2 : {} = {uu. uu ∈ carrier ?L ∧UO-0 ∈ e-carrier ?L ∧ Inst?L x UO-0 uu (RSC i j )} unfolding isInst-M-def byauto
from carr a1 a2 i-case have l3 : {} = {uu. uu ∈ carrier ?L∧ At-0 ∈ e-carrier ?L ∧ Inst?L x At-0 uu (RSC i j )} unfolding isInst-M-def byauto
from carr a1 a2 i-case have l4 : {} = {uu. uu ∈ carrier ?L
248
∧ At-1 ∈ e-carrier ?L ∧ Inst?L x At-1 uu (RSC i j )} unfolding isInst-M-def byauto
from carr a1 a2 i-case have l5 : {} = {uu. uu ∈ carrier ?L ∧Compl-0 ∈ e-carrier ?L ∧ Inst?L x Compl-0 uu (RSC i j )} unfolding isInst-M-defby auto
from carr a1 a2 i-case have l6 : {} = {uu. uu ∈ carrier?L ∧ Oc-0 ∈ e-carrier ?L ∧ Inst?L x Oc-0 uu (RSC i j )} unfolding isInst-M-defby auto
from carr a1 a2 i-case have l7 : {} = {uu. uu ∈ carrier?L ∧ Oc-1 ∈ e-carrier ?L ∧ Inst?L x Oc-1 uu (RSC i j )} unfolding isInst-M-defby auto
from carr a1 a2 i-case have l8 : {} = {uu. uu ∈ carrier?L ∧ Oc-2 ∈ e-carrier ?L ∧ Inst?L x Oc-2 uu (RSC i j )} unfolding isInst-M-defby auto
from carr have l9 : ∀ y . (y ∈ e-carrier ?L) = (y=UC-0 ∨ y= UO-0 ∨ y = At-0 ∨ y = At-1 ∨ y = Compl-0 ∨ y = Oc-0 ∨ y = Oc-1 ∨ y= Oc-2 ) by auto
from carr a1 a2 i-case l1 l2 l3 l4 l5 l6 l7 l8 l9 have l0 :{ts0-M ,ts1-M ,ts2-M ,ts3-M } = {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧Inst?L x y uu (RSC i j ))} sorry
from carr have l10 : {ts0-M ,ts1-M ,ts2-M ,ts3-M } ⊆ carrier?L ∧ finite {ts0-M ,ts1-M ,ts2-M ,ts3-M } by auto
from l10 have l11 : least ?L (⋃{ts0-M ,ts1-M ,ts2-M ,ts3-M })
(Upper ?L {ts0-M ,ts1-M ,ts2-M ,ts3-M }) using finite-sup-least-Union by (metis(no-types, lifting) empty-not-insert)
have l12 : top-of-m-set =⋃{ts0-M ,ts1-M ,ts2-M ,ts3-M } by
autofrom l11 l12 have least ?L top-of-m-set (Upper ?L
{ts0-M ,ts1-M ,ts2-M ,ts3-M }) by autofrom this have l13 : top-of-m-set =
⊔?L {ts0-M ,ts1-M ,ts2-M ,ts3-M }
using sup-def by (metis (no-types, lifting) empty-not-insert l10 m-set-is-partial-order-Mm-set-is-upper-semilattice-M S5-RS-2S-partial-order .least-unique upper-semilattice.finite-sup-least)
from carr a1 a2 i-case have l14 : {uu. uu ∈ carrier ?L ∧(∃ y . y ∈ e-carrier ?L ∧ Inst?L x y uu (RSC i j ))} = {uu. uu ∈ carrier ?L ∧(∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))}unfolding isInst-M-def by auto
from this l0 l13 l14 show top-of-m-set =⊔
?L {uu. uu ∈carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu(RSC i j )))} by auto
qedqed
qedqed
qedfrom j-cases j-case-0 j-case-1 show (∃w . w ∈ carrier ?L ∧ TR?L w
(RSC i j ) ∧w =
⊔?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧
(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))}) by forceqed
249
qedhave x-case-3 : x = Oc-0 =⇒ (∃w . w ∈ carrier ?L ∧ TR?L w (RSC i j )
∧w =
⊔?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧
(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))})proof −
assume a1 : x = Oc-0show (∃w . w ∈ carrier ?L ∧ TR?L w (RSC i j ) ∧
w =⊔
?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))})
proof−have j-case-0 : j = ts-set-M-0 =⇒ (∃w . w ∈ carrier ?L ∧ TR?L w
(RSC i j ) ∧w =
⊔?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧
(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))})proof−
assume a2 : j = ts-set-M-0show (∃w . w ∈ carrier ?L ∧ TR?L w (RSC i j ) ∧
w =⊔
?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))})
proof (rule exI [of λw . w ∈ carrier ?L ∧ TR?L w (RSC i j ) ∧w =
⊔?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧
(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))} wlA-0 ])show wlA-0 ∈ carrier ?L ∧ TR?L wlA-0 (RSC i j ) ∧
wlA-0 =⊔
?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))}
proof (rule conjI )from carr show wlA-0 ∈ carrier ?L by auto
nextshow TR?L wlA-0 (RSC i j ) ∧wlA-0 =
⊔?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧
(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))}proof(rule conjI )
from carr a1 a2 i-case have l14 : {uu. uu ∈ carrier ?L ∧(∃ y . y ∈ e-carrier ?L ∧ Inst?L x y uu (RSC i j ))} = {uu. uu ∈ carrier ?L ∧(∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))}unfolding isInst-M-def by auto
from this l0 l13 l14 show wlA-0 =⊔
?L {uu. uu ∈ carrier?L ∧ (∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC ij )))} by auto
qedqed
qedqed
qedfrom j-cases j-case-0 j-case-1 show (∃w . w ∈ carrier ?L ∧ TR?L w
(RSC i j ) ∧w =
⊔?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧
(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))}) by forceqed
qedhave x-case-4 : x = Oc-1 =⇒ (∃w . w ∈ carrier ?L ∧ TR?L w (RSC i j )
∧
253
w =⊔
?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))})
proof −assume a1 : x = Oc-1
show (∃w . w ∈ carrier ?L ∧ TR?L w (RSC i j ) ∧w =
⊔?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧
(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))})proof−
have j-case-0 : j = ts-set-M-0 =⇒ (∃w . w ∈ carrier ?L ∧ TR?L w(RSC i j ) ∧
w =⊔
?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))})
proof−assume a2 : j = ts-set-M-0show (∃w . w ∈ carrier ?L ∧ TR?L w (RSC i j ) ∧
w =⊔
?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))})
proof (rule exI [of λw . w ∈ carrier ?L ∧ TR?L w (RSC i j ) ∧w =
⊔?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧
(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))} wlA-1 ])show wlA-1 ∈ carrier ?L ∧ TR?L wlA-1 (RSC i j ) ∧
wlA-1 =⊔
?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))}
proof (rule conjI )from carr show wlA-1 ∈ carrier ?L by auto
nextshow TR?L wlA-1 (RSC i j ) ∧wlA-1 =
⊔?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧
(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))}proof(rule conjI )
from carr a1 a2 i-case have l14 : {uu. uu ∈ carrier ?L ∧(∃ y . y ∈ e-carrier ?L ∧ Inst?L x y uu (RSC i j ))} = {uu. uu ∈ carrier ?L ∧(∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))}unfolding isInst-M-def by auto
from this l0 l13 l14 show wlA-1 =⊔
?L {uu. uu ∈ carrier?L ∧ (∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC ij )))} by auto
qedqed
qedqed
qedfrom j-cases j-case-0 j-case-1 show (∃w . w ∈ carrier ?L ∧ TR?L w
(RSC i j ) ∧w =
⊔?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧
(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))}) by forceqed
qedhave x-case-5 : x = Oc-2 =⇒ (∃w . w ∈ carrier ?L ∧ TR?L w (RSC i j )
∧w =
⊔?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧
(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))})proof −
257
assume a1 : x = Oc-2show (∃w . w ∈ carrier ?L ∧ TR?L w (RSC i j ) ∧
w =⊔
?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))})
proof−have j-case-0 : j = ts-set-M-0 =⇒ (∃w . w ∈ carrier ?L ∧ TR?L w
(RSC i j ) ∧w =
⊔?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧
(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))})proof−
assume a2 : j = ts-set-M-0show (∃w . w ∈ carrier ?L ∧ TR?L w (RSC i j ) ∧
w =⊔
?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))})
proof (rule exI [of λw . w ∈ carrier ?L ∧ TR?L w (RSC i j ) ∧w =
⊔?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧
(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))} top-of-m-set ])show top-of-m-set ∈ carrier ?L ∧ TR?L top-of-m-set (RSC i j )
∧top-of-m-set =
⊔?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier
?L ∧ (Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))}proof (rule conjI )
from carr show top-of-m-set ∈ carrier ?L by autonext
show TR?L top-of-m-set (RSC i j ) ∧top-of-m-set =
⊔?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier
?L ∧ (Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))}proof(rule conjI )
show TR?L top-of-m-set (RSC i j )proof (rule TR-I )
from carr a1 a2 i-case have l14 : {uu. uu ∈ carrier ?L ∧(∃ y . y ∈ e-carrier ?L ∧ Inst?L x y uu (RSC i j ))} = {uu. uu ∈ carrier ?L ∧(∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))}unfolding isInst-M-def by auto
from this l0 l13 l14 show top-of-m-set =⊔
?L {uu. uu ∈carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu(RSC i j )))} by auto
qedqed
qedqed
qedfrom j-cases j-case-0 j-case-1 show (∃w . w ∈ carrier ?L ∧ TR?L w
(RSC i j ) ∧w =
⊔?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧
(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))}) by forceqed
qedhave x-case-6 : x = UC-0 =⇒ (∃w . w ∈ carrier ?L ∧ TR?L w (RSC i
j ) ∧
261
w =⊔
?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))})
proof −assume a1 : x = UC-0
show (∃w . w ∈ carrier ?L ∧ TR?L w (RSC i j ) ∧w =
⊔?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧
(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))})proof−
have j-case-0 : j = ts-set-M-0 =⇒ (∃w . w ∈ carrier ?L ∧ TR?L w(RSC i j ) ∧
w =⊔
?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))})
proof−assume a2 : j = ts-set-M-0show (∃w . w ∈ carrier ?L ∧ TR?L w (RSC i j ) ∧
w =⊔
?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))})
proof (rule exI [of λw . w ∈ carrier ?L ∧ TR?L w (RSC i j ) ∧w =
⊔?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧
(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))} top-of-m-set ])show top-of-m-set ∈ carrier ?L ∧ TR?L top-of-m-set (RSC i j )
∧top-of-m-set =
⊔?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier
?L ∧ (Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))}proof (rule conjI )
from carr show top-of-m-set ∈ carrier ?L by autonext
show TR?L top-of-m-set (RSC i j ) ∧top-of-m-set =
⊔?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier
?L ∧ (Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))}proof(rule conjI )
show TR?L top-of-m-set (RSC i j )proof (rule TR-I )
using sup-def by (metis (no-types, lifting) empty-not-insert l10 m-set-is-partial-order-Mm-set-is-upper-semilattice-M S5-RS-2S-partial-order .least-unique upper-semilattice.finite-sup-least)
from carr a1 a2 i-case have l14 : {uu. uu ∈ carrier ?L ∧(∃ y . y ∈ e-carrier ?L ∧ Inst?L y x uu (RSC i j ))} = {uu. uu ∈ carrier ?L ∧(∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))}unfolding isInst-M-def by auto
from this l0 l13 l14 show top-of-m-set =⊔
?L {uu. uu ∈carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu(RSC i j )))} by auto
qedqed
qedqed
qedfrom j-cases j-case-0 j-case-1 show (∃w . w ∈ carrier ?L ∧ TR?L w
265
(RSC i j ) ∧w =
⊔?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧
(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))}) by forceqed
qedhave x-case-7 : x = UO-0 =⇒ (∃w . w ∈ carrier ?L ∧ TR?L w (RSC i
j ) ∧w =
⊔?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧
(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))})proof −
assume a1 : x = UO-0show (∃w . w ∈ carrier ?L ∧ TR?L w (RSC i j ) ∧
w =⊔
?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))})
proof−have j-case-0 : j = ts-set-M-0 =⇒ (∃w . w ∈ carrier ?L ∧ TR?L w
(RSC i j ) ∧w =
⊔?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧
(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))})proof−
assume a2 : j = ts-set-M-0show (∃w . w ∈ carrier ?L ∧ TR?L w (RSC i j ) ∧
w =⊔
?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))})
proof (rule exI [of λw . w ∈ carrier ?L ∧ TR?L w (RSC i j ) ∧w =
⊔?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧
(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))} top-of-m-set ])show top-of-m-set ∈ carrier ?L ∧ TR?L top-of-m-set (RSC i j )
∧top-of-m-set =
⊔?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier
?L ∧ (Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))}proof (rule conjI )
from carr show top-of-m-set ∈ carrier ?L by autonext
show TR?L top-of-m-set (RSC i j ) ∧top-of-m-set =
⊔?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier
?L ∧ (Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))}proof(rule conjI )
show TR?L top-of-m-set (RSC i j )proof (rule TR-I )
UO-0 ∈ e-carrier ?L ∧ Inst?L UO-0 x uu (RSC i j )} unfolding isInst-M-def byauto
from carr a1 a2 i-case have l2 : {} = {uu. uu ∈ carrier ?L ∧UO-0 ∈ e-carrier ?L ∧ Inst?L UC-0 x uu (RSC i j )} unfolding isInst-M-def byauto
from carr a1 a2 i-case have l3 : {} = {uu. uu ∈ carrier ?L∧ At-0 ∈ e-carrier ?L ∧ Inst?L At-0 x uu (RSC i j )} unfolding isInst-M-def byauto
from carr a1 a2 i-case have l4 : {} = {uu. uu ∈ carrier ?L∧ At-1 ∈ e-carrier ?L ∧ Inst?L At-1 x uu (RSC i j )} unfolding isInst-M-def byauto
from carr a1 a2 i-case have l5 : {} = {uu. uu ∈ carrier ?L ∧Compl-0 ∈ e-carrier ?L ∧ Inst?L Compl-0 x uu (RSC i j )} unfolding isInst-M-defby auto
from carr a1 a2 i-case have l6 : {wlA-0} = {uu. uu ∈ carrier?L ∧ Oc-0 ∈ e-carrier ?L ∧ Inst?L Oc-0 x uu (RSC i j )} unfolding isInst-M-defby auto
from carr a1 a2 i-case have l7 : {wlA-1} = {uu. uu ∈ carrier?L ∧ Oc-1 ∈ e-carrier ?L ∧ Inst?L Oc-1 x uu (RSC i j )} unfolding isInst-M-defby auto
from carr a1 a2 i-case have l8 : {top-of-m-set} = {uu.uu ∈ carrier ?L ∧ Oc-2 ∈ e-carrier ?L ∧ Inst?L Oc-2 x uu (RSC i j )} unfoldingisInst-M-def by auto
from carr have l9 : ∀ y . (y ∈ e-carrier ?L) = (y=UC-0 ∨ y= UO-0 ∨ y = At-0 ∨ y = At-1 ∨ y = Compl-0 ∨ y = Oc-0 ∨ y = Oc-1 ∨ y= Oc-2 ) by auto
from carr a1 a2 i-case l1 l2 l3 l4 l5 l6 l7 l8 l9 have l0 :{wlA-0 ,wlA-1 ,top-of-m-set} = {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧Inst?L y x uu (RSC i j ))} sorry
from carr have l10 : {wlA-0 ,wlA-1 ,top-of-m-set} ⊆ carrier?L ∧ finite {wlA-0 ,wlA-1 ,top-of-m-set} by auto
from l10 have l11 : least ?L (⋃{wlA-0 ,wlA-1 ,top-of-m-set})
(Upper ?L {wlA-0 ,wlA-1 ,top-of-m-set}) using finite-sup-least-Union by (metis(no-types, lifting) empty-not-insert)
have l12 : top-of-m-set =⋃{wlA-0 ,wlA-1 ,top-of-m-set} by
autofrom l11 l12 have least ?L top-of-m-set (Upper ?L
{wlA-0 ,wlA-1 ,top-of-m-set}) by autofrom this have l13 : top-of-m-set =
⊔?L {wlA-0 ,wlA-1 ,top-of-m-set}
using sup-def by (metis (no-types, lifting) empty-not-insert l10 m-set-is-partial-order-Mm-set-is-upper-semilattice-M S5-RS-2S-partial-order .least-unique upper-semilattice.finite-sup-least)
from carr a1 a2 i-case have l14 : {uu. uu ∈ carrier ?L ∧(∃ y . y ∈ e-carrier ?L ∧ Inst?L y x uu (RSC i j ))} = {uu. uu ∈ carrier ?L ∧(∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))}unfolding isInst-M-def by auto
from this l0 l13 l14 show top-of-m-set =⊔
?L {uu. uu ∈carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu(RSC i j )))} by auto
qed
269
qedqed
qedqedfrom j-cases j-case-0 j-case-1 show (∃w . w ∈ carrier ?L ∧ TR?L w
(RSC i j ) ∧w =
⊔?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧
(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))}) by forceqed
x-case-6 x-case-7 show (∃w . w ∈ carrier ?L ∧ TR?L w (RSC i j ) ∧w =
⊔?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧
(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))}) by forceqed
qedqed
qed
9.13 The Model satisfies the axioms of the locale AtE-Inst-TS-mereology
theorem (in AtE-Inst-TS-mereology) m-set-is-AtE-Inst-TS-mereology :AtE-Inst-TS-mereology AtE-Inst-ST-frame-M(is AtE-Inst-TS-mereology ?L)
proof (rule AtE-Inst-TS-mereology .intro)show Inst-TS-mereology ?L using m-set-is-Inst-TS-mereology by auto
nextshow AtE-Inst-TS-mereology-axioms ?Lproof
show∧
i j . [[i ∈ r-carrier ?L; j ∈ s-carrier ?L]] =⇒ (∃ x . x ∈ e-carrier ?L ∧AtE?L x (RSC i j ))
proof−fix i jassume carr : i ∈ r-carrier ?L j ∈ s-carrier ?Lshow (∃ x . x ∈ e-carrier ?L ∧ AtE?L x (RSC i j ))proof (rule exI [of λx . x ∈ e-carrier ?L ∧ AtE?L x (RSC i j ) At-0 ])
show At-0 ∈ e-carrier ?L ∧ AtE?L At-0 (RSC i j )proof (rule conjI )
show At-0 ∈ e-carrier ?L by simpnext
show AtE?L At-0 (RSC i j )proof −
from carr have i-case: i = wlCompl-0 by simpfrom carr have j-cases: j = ts-set-M-0 ∨ j = ts-set-M-1 by autohave j-case-0 : j = ts-set-M-0 =⇒ AtE?L At-0 (RSC i j ) using i-case
isAtE-M-def by autohave j-case-1 : j = ts-set-M-1 =⇒ AtE?L At-0 (RSC i j ) using i-case
isAtE-M-def by auto
270
from j-cases j-case-0 j-case-1 show AtE?L At-0 (RSC i j ) by autoqed
qedqed
qednext
show∧
i j . [[i ∈ r-carrier ?L; j ∈ s-carrier ?L]] =⇒ finite { x . x ∈ e-carrier?L ∧ AtE?L x (RSC i j )}
proof−fix i jassume carr : i ∈ r-carrier ?L j ∈ s-carrier ?Lshow finite { x . x ∈ e-carrier ?L ∧ AtE?L x (RSC i j )}proof −
have finite (e-carrier ?L) by autofrom this show finite { x . x ∈ e-carrier ?L ∧ AtE?L x (RSC i j )} by auto
qedqed
nextshow
∧x i ii j jj . [[AtE?L x (RSC i j ); i R?L ii ; j S?L jj ;
x ∈ e-carrier ?L; i ∈ r-carrier ?L; ii ∈ r-carrier ?L; j ∈ s-carrier?L; jj ∈ s-carrier ?L]]
=⇒ (AtE?L x (RSC ii jj ))proof−
fix x i j ii jjassume at : AtE?L x (RSC i j )
assume r-s: i R?L ii j S?L jjassume carr : x ∈ e-carrier ?L i ∈ r-carrier ?L ii ∈ r-carrier ?L j ∈ s-carrier
?L jj ∈ s-carrier ?Lshow AtE?L x (RSC ii jj )proof −from at have x-cases: x = At-0 ∨ x = At-1 using isAtE-M-def by autofrom carr have ii-case: ii = wlCompl-0 by simpfrom carr have jj-cases: jj = ts-set-M-0 ∨ jj = ts-set-M-1 by autohave x-case-0 : x = At-0 =⇒ AtE?L x (RSC ii jj )proof−
assume a1 : x = At-0show AtE?L x (RSC ii jj )proof−
from a1 ii-case have jj-case-0 : jj = ts-set-M-0 =⇒ AtE?L x (RSC iijj ) using isAtE-M-def by auto
from a1 ii-case have jj-case-1 : jj = ts-set-M-1 =⇒ AtE?L x (RSC iijj ) using isAtE-M-def by auto
from jj-cases jj-case-0 jj-case-1 show AtE?L x (RSC ii jj ) by autoqed
qedhave x-case-1 : x = At-1 =⇒ AtE?L x (RSC ii jj )proof−
assume a1 : x = At-1show AtE?L x (RSC ii jj )
271
proof−from a1 ii-case have jj-case-0 : jj = ts-set-M-0 =⇒ AtE?L x (RSC ii
jj ) using isAtE-M-def by autofrom a1 ii-case have jj-case-1 : jj = ts-set-M-1 =⇒ AtE?L x (RSC ii
jj ) using isAtE-M-def by autofrom jj-cases jj-case-0 jj-case-1 show AtE?L x (RSC ii jj ) by auto
qedqedfrom x-cases x-case-0 x-case-1 show AtE?L x (RSC ii jj ) by auto
qedqed
nextshow
∧x i j ii jj .[[AtE?L x (RSC i j );i R?L ii ;j S?L jj ;
x ∈ e-carrier ?L; i ∈ r-carrier ?L; ii ∈ r-carrier ?L; j ∈ s-carrier?L; jj ∈ s-carrier ?L]]
=⇒ (∃ y u. y ∈ e-carrier ?L ∧ u ∈ carrier ?L ∧ Inst?L x y u(RSC ii jj ))
proof−fix x i j ii jjassume at : AtE?L x (RSC i j )assume r-s: i R?L ii j S?L jj
assume carr : x ∈ e-carrier ?L i ∈ r-carrier ?L ii ∈ r-carrier ?L j ∈ s-carrier?L jj ∈ s-carrier ?L
show (∃ y u. y ∈ e-carrier ?L ∧ u ∈ carrier ?L ∧ Inst?L x y u (RSC ii jj ))proof (rule exI [of λy . (∃ u. y ∈ e-carrier ?L ∧ u ∈ carrier ?L ∧ Inst?L x
y u (RSC ii jj )) UC-0 ])show (∃ u. UC-0 ∈ e-carrier ?L ∧ u ∈ carrier ?L ∧ Inst?L x UC-0 u
(RSC ii jj ))proof−from at have x-cases: x = At-0 ∨ x = At-1 using isAtE-M-def by autofrom carr have ii-case: ii = wlCompl-0 by simpfrom carr have jj-cases: jj = ts-set-M-0 ∨ jj = ts-set-M-1 by autohave x-case-0 : x = At-0 =⇒ (∃ u. UC-0 ∈ e-carrier ?L ∧ u ∈ carrier ?L
∧ Inst?L x UC-0 u (RSC ii jj ))proof−
assume a1 : x = At-0show (∃ u. UC-0 ∈ e-carrier ?L ∧ u ∈ carrier ?L ∧ Inst?L x UC-0 u
(RSC ii jj ))proof (rule exI [of λu. UC-0 ∈ e-carrier ?L ∧ u ∈ carrier ?L ∧ Inst?L
x UC-0 u (RSC ii jj ) A-00 ])show UC-0 ∈ e-carrier ?L ∧ A-00 ∈ carrier ?L ∧ Inst?L x UC-0 A-00
(RSC ii jj )proof (rule conjI )
show UC-0 ∈ e-carrier ?L by simpnext
show A-00 ∈ carrier ?L ∧ Inst?L x UC-0 A-00 (RSC ii jj )proof (rule conjI )
show A-00 ∈ carrier ?L by simpnext
272
show Inst?L x UC-0 A-00 (RSC ii jj )proof−from a1 ii-case have jj-case-0 : jj = ts-set-M-0 =⇒ Inst?L x UC-0
A-00 (RSC ii jj ) unfolding isInst-M-def by autofrom a1 ii-case have jj-case-1 : jj = ts-set-M-1 =⇒ Inst?L x UC-0
A-00 (RSC ii jj ) unfolding isInst-M-def by autofrom jj-cases jj-case-0 jj-case-1 show Inst?L x UC-0 A-00 (RSC
ii jj ) by fastqed
qedqed
qedqedhave x-case-1 : x = At-1 =⇒ (∃ u. UC-0 ∈ e-carrier ?L ∧ u ∈ carrier ?L
∧ Inst?L x UC-0 u (RSC ii jj ))proof−
assume a1 : x = At-1show (∃ u. UC-0 ∈ e-carrier ?L ∧ u ∈ carrier ?L ∧ Inst?L x UC-0 u
(RSC ii jj ))proof (rule exI [of λu. UC-0 ∈ e-carrier ?L ∧ u ∈ carrier ?L ∧ Inst?L
x UC-0 u (RSC ii jj ) A-10 ])show UC-0 ∈ e-carrier ?L ∧ A-10 ∈ carrier ?L ∧ Inst?L x UC-0 A-10
(RSC ii jj )proof (rule conjI )
show UC-0 ∈ e-carrier ?L by simpnext
show A-10 ∈ carrier ?L ∧ Inst?L x UC-0 A-10 (RSC ii jj )proof (rule conjI )
show A-10 ∈ carrier ?L by simpnext
show Inst?L x UC-0 A-10 (RSC ii jj )proof−from a1 ii-case have jj-case-0 : jj = ts-set-M-0 =⇒ Inst?L x UC-0
A-10 (RSC ii jj ) unfolding isInst-M-def by autofrom a1 ii-case have jj-case-1 : jj = ts-set-M-1 =⇒ Inst?L x UC-0
A-10 (RSC ii jj ) unfolding isInst-M-def by autofrom jj-cases jj-case-0 jj-case-1 show Inst?L x UC-0 A-10 (RSC
ii jj ) by fastqed
qedqed
qedqedfrom x-cases x-case-0 x-case-1 show (∃ u. UC-0 ∈ e-carrier ?L ∧ u ∈
carrier ?L ∧ Inst?L x UC-0 u (RSC ii jj )) by fastqed
qedqed
next
273
show∧
x i j . [[AtE?L x (RSC i j ); x ∈ e-carrier ?L; i ∈ r-carrier ?L; j ∈s-carrier ?L]]
=⇒ (∃ jj . jj ∈ s-carrier ?L ∧ j S?L jj ∧(∀ t . t ∈ carrier ?L ∧ TS?L t (RSC i jj ) −→
(∃ y u. y ∈ e-carrier ?L ∧ u ∈ carrier ?L ∧Inst?L x y u (RSC i jj ) ∧ u @?L t )))
proof−fix x i jassume at : AtE?L x (RSC i j )assume carr : x ∈ e-carrier ?L i ∈ r-carrier ?L j ∈ s-carrier ?Lshow (∃ jj . jj ∈ s-carrier ?L ∧ j S?L jj ∧
(∀ t . t ∈ carrier ?L ∧ TS?L t (RSC i jj ) −→(∃ y u. y ∈ e-carrier ?L ∧ u ∈ carrier ?L ∧
Inst?L x y u (RSC i jj ) ∧ u @?L t )))proof (rule exI [of λjj . jj ∈ s-carrier ?L ∧ j S?L jj ∧
(∀ t . t ∈ carrier ?L ∧ TS?L t (RSC i jj ) −→(∃ y u. y ∈ e-carrier ?L ∧ u ∈ carrier ?L ∧
Inst?L x y u (RSC i jj ) ∧ u @?L t )) ts-set-M-0 ])show ts-set-M-0 ∈ s-carrier ?L ∧ j S?L ts-set-M-0 ∧
(∀ t . t ∈ carrier ?L ∧ TS?L t (RSC i ts-set-M-0 )−→
(∃ y u. y ∈ e-carrier ?L ∧ u ∈ carrier ?L ∧Inst?L x y u (RSC i ts-set-M-0 ) ∧ u @?L t ))
proof (rule conjI )show ts-set-M-0 ∈ s-carrier ?L by simp
nextshow j S?L ts-set-M-0 ∧ (∀ t . t ∈ carrier ?L ∧ TS?L t (RSC i ts-set-M-0 )
−→(∃ y u. y ∈ e-carrier ?L ∧ u ∈ carrier ?L ∧
Inst?L x y u (RSC i ts-set-M-0 ) ∧ u @?L t ))proof (rule conjI )
show j S?Lts-set-M-0proof −
from carr have j-cases: j = ts-set-M-0 ∨ j = ts-set-M-1 by autohave j-case-0 : j = ts-set-M-0 =⇒ j S?Lts-set-M-0 by autohave j-case-1 : j = ts-set-M-1 =⇒ j S?Lts-set-M-0 by autofrom j-cases j-case-0 j-case-1 show j S?Lts-set-M-0 by fast
qednext
show (∀ t . t ∈ carrier ?L ∧ TS?L t (RSC i ts-set-M-0 ) −→(∃ y u. y ∈ e-carrier ?L ∧ u ∈ carrier ?L ∧
Inst?L x y u (RSC i ts-set-M-0 ) ∧ u @?L t ))proof −have l1 :
∧t . [[t ∈ carrier ?L;TS?L t (RSC i ts-set-M-0 )]] =⇒ (∃ y u. y
∈ e-carrier ?L ∧ u ∈ carrier ?L ∧ Inst?L x y u (RSC i ts-set-M-0 ) ∧ u @?L t )proof −
fix tassume a1 : t ∈ carrier ?L TS?L t (RSC i ts-set-M-0 )
show (∃ y u. y ∈ e-carrier ?L ∧ u ∈ carrier ?L ∧ Inst?L x y u
274
(RSC i ts-set-M-0 ) ∧ u @?L t )proof (rule exI [of λy . ∃ u. y ∈ e-carrier ?L ∧ u ∈ carrier ?L ∧
Inst?L x y u (RSC i ts-set-M-0 ) ∧ u @?L t UC-0 ])show ∃ u. UC-0 ∈ e-carrier ?L ∧ u ∈ carrier ?L ∧ Inst?L x UC-0
u (RSC i ts-set-M-0 ) ∧ u @?L tproof−from at have x-cases: x = At-0 ∨ x = At-1 using isAtE-M-def
by autofrom carr have i-case: i = wlCompl-0 by simphave x-case-0 : x = At-0 =⇒ ∃ u. UC-0 ∈ e-carrier ?L ∧ u ∈
carrier ?L ∧ Inst?L x UC-0 u (RSC i ts-set-M-0 ) ∧ u @?L tproof−
assume a2 : x = At-0show ∃ u. UC-0 ∈ e-carrier ?L ∧ u ∈ carrier ?L ∧ Inst?L x
UC-0 u (RSC i ts-set-M-0 ) ∧ u @?L tproof −from a1 have u-cases: t = ts0 ∨ t = ts1 ∨ t= ts2 by autohave u-case-0 : t = ts0 =⇒ ∃ u. UC-0 ∈ e-carrier ?L ∧ u ∈
carrier ?L ∧ Inst?L x UC-0 u (RSC i ts-set-M-0 ) ∧ u @?L tproof−
assume a3 : t = ts0show ∃ u. UC-0 ∈ e-carrier ?L ∧ u ∈ carrier ?L ∧ Inst?L
x UC-0 u (RSC i ts-set-M-0 ) ∧ u @?L tproof (rule exI [of λu. UC-0 ∈ e-carrier ?L ∧ u ∈ carrier
?L ∧ Inst?L x UC-0 u (RSC i ts-set-M-0 ) ∧ u @?L t A-00 ])from a1 a2 a3 i-case show UC-0 ∈ e-carrier ?L ∧ A-00 ∈
carrier ?L ∧ Inst?L x UC-0 A-00 (RSC i ts-set-M-0 ) ∧ A-00 @?L t unfoldingisInst-M-def lless-def by auto
qedqedhave u-case-1 : t = ts1 =⇒ ∃ u. UC-0 ∈ e-carrier ?L ∧ u ∈
carrier ?L ∧ Inst?L x UC-0 u (RSC i ts-set-M-0 ) ∧ u @?L tproof−
assume a3 : t = ts1show ∃ u. UC-0 ∈ e-carrier ?L ∧ u ∈ carrier ?L ∧ Inst?L
x UC-0 u (RSC i ts-set-M-0 ) ∧ u @?L tproof (rule exI [of λu. UC-0 ∈ e-carrier ?L ∧ u ∈ carrier
?L ∧ Inst?L x UC-0 u (RSC i ts-set-M-0 ) ∧ u @?L t A-01 ])from a1 a2 a3 i-case show UC-0 ∈ e-carrier ?L ∧ A-01 ∈
carrier ?L ∧ Inst?L x UC-0 A-01 (RSC i ts-set-M-0 ) ∧ A-01 @?L t unfoldingisInst-M-def lless-def by auto
qedqedhave u-case-2 : t = ts2 =⇒ ∃ u. UC-0 ∈ e-carrier ?L ∧ u ∈
carrier ?L ∧ Inst?L x UC-0 u (RSC i ts-set-M-0 ) ∧ u @?L tproof−
assume a3 : t = ts2show ∃ u. UC-0 ∈ e-carrier ?L ∧ u ∈ carrier ?L ∧ Inst?L
x UC-0 u (RSC i ts-set-M-0 ) ∧ u @?L t
275
proof (rule exI [of λu. UC-0 ∈ e-carrier ?L ∧ u ∈ carrier?L ∧ Inst?L x UC-0 u (RSC i ts-set-M-0 ) ∧ u @?L t A-02 ])
from a1 a2 a3 i-case show UC-0 ∈ e-carrier ?L ∧ A-02 ∈carrier ?L ∧ Inst?L x UC-0 A-02 (RSC i ts-set-M-0 ) ∧ A-02 @?L t unfoldingisInst-M-def lless-def by auto
qedqedfrom u-cases u-case-0 u-case-1 u-case-2 show ∃ u. UC-0 ∈
e-carrier ?L ∧ u ∈ carrier ?L ∧ Inst?L x UC-0 u (RSC i ts-set-M-0 ) ∧ u @?L tby fast
qedqedhave x-case-1 : x = At-1 =⇒ ∃ u. UC-0 ∈ e-carrier ?L ∧ u ∈
carrier ?L ∧ Inst?L x UC-0 u (RSC i ts-set-M-0 ) ∧ u @?L tproof−
assume a2 : x = At-1show ∃ u. UC-0 ∈ e-carrier ?L ∧ u ∈ carrier ?L ∧ Inst?L x
UC-0 u (RSC i ts-set-M-0 ) ∧ u @?L tproof −from a1 have u-cases: t = ts0 ∨ t = ts1 ∨ t= ts2 by autohave u-case-0 : t = ts0 =⇒ ∃ u. UC-0 ∈ e-carrier ?L ∧ u ∈
carrier ?L ∧ Inst?L x UC-0 u (RSC i ts-set-M-0 ) ∧ u @?L tproof−
assume a3 : t = ts0show ∃ u. UC-0 ∈ e-carrier ?L ∧ u ∈ carrier ?L ∧ Inst?L
x UC-0 u (RSC i ts-set-M-0 ) ∧ u @?L tproof (rule exI [of λu. UC-0 ∈ e-carrier ?L ∧ u ∈ carrier
?L ∧ Inst?L x UC-0 u (RSC i ts-set-M-0 ) ∧ u @?L t A-10 ])from a1 a2 a3 i-case show UC-0 ∈ e-carrier ?L ∧ A-10 ∈
carrier ?L ∧ Inst?L x UC-0 A-10 (RSC i ts-set-M-0 ) ∧ A-10 @?L t unfoldingisInst-M-def lless-def by auto
qedqedhave u-case-1 : t = ts1 =⇒ ∃ u. UC-0 ∈ e-carrier ?L ∧ u ∈
carrier ?L ∧ Inst?L x UC-0 u (RSC i ts-set-M-0 ) ∧ u @?L tproof−
assume a3 : t = ts1show ∃ u. UC-0 ∈ e-carrier ?L ∧ u ∈ carrier ?L ∧ Inst?L
x UC-0 u (RSC i ts-set-M-0 ) ∧ u @?L tproof (rule exI [of λu. UC-0 ∈ e-carrier ?L ∧ u ∈ carrier
?L ∧ Inst?L x UC-0 u (RSC i ts-set-M-0 ) ∧ u @?L t A-11 ])from a1 a2 a3 i-case show UC-0 ∈ e-carrier ?L ∧ A-11 ∈
carrier ?L ∧ Inst?L x UC-0 A-11 (RSC i ts-set-M-0 ) ∧ A-11 @?L t unfoldingisInst-M-def lless-def by auto
qedqedhave u-case-2 : t = ts2 =⇒ ∃ u. UC-0 ∈ e-carrier ?L ∧ u ∈
carrier ?L ∧ Inst?L x UC-0 u (RSC i ts-set-M-0 ) ∧ u @?L tproof−
276
assume a3 : t = ts2show ∃ u. UC-0 ∈ e-carrier ?L ∧ u ∈ carrier ?L ∧ Inst?L
x UC-0 u (RSC i ts-set-M-0 ) ∧ u @?L tproof (rule exI [of λu. UC-0 ∈ e-carrier ?L ∧ u ∈ carrier
?L ∧ Inst?L x UC-0 u (RSC i ts-set-M-0 ) ∧ u @?L t A-12 ])from a1 a2 a3 i-case show UC-0 ∈ e-carrier ?L ∧ A-12 ∈
carrier ?L ∧ Inst?L x UC-0 A-12 (RSC i ts-set-M-0 ) ∧ A-12 @?L t unfoldingisInst-M-def lless-def by auto
qedqedfrom u-cases u-case-0 u-case-1 u-case-2 show ∃ u. UC-0 ∈
e-carrier ?L ∧ u ∈ carrier ?L ∧ Inst?L x UC-0 u (RSC i ts-set-M-0 ) ∧ u @?L tby fast
qedqedfrom x-cases x-case-0 x-case-1 show ∃ u. UC-0 ∈ e-carrier ?L
∧ u ∈ carrier ?L ∧ Inst?L x UC-0 u (RSC i ts-set-M-0 ) ∧ u @?L t by fastqed
qedqed
from l1 show (∀ t . t ∈ carrier ?L ∧ TS?L t (RSC i ts-set-M-0 ) −→(∃ y u. y ∈ e-carrier ?L ∧ u ∈ carrier ?L ∧ Inst?L x y u
(RSC i ts-set-M-0 ) ∧ u @?L t )) by autoqed
qedqed
qedqed
nextshow
∧x i j y u. [[AtE?L x (RSC i j ); Inst?L x y u (RSC i j );
u ∈ carrier ?L; x ∈ e-carrier ?L; y ∈ e-carrier ?L;i ∈ r-carrier ?L; j ∈ s-carrier ?L]]
=⇒ (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i j ) ∧ uv?L t )
proof−fix i j x y uassume at : AtE?L x (RSC i j )assume inst : Inst?L x y u (RSC i j )
assume carr : u ∈ carrier ?L x ∈ e-carrier ?L y ∈ e-carrier ?L i ∈ r-carrier?L j ∈ s-carrier ?L
show (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i j ) ∧ u v?L t )proof−from at have x-cases: x = At-0 ∨ x = At-1 using isAtE-M-def by autofrom carr have j-cases: j = ts-set-M-0 ∨ j = ts-set-M-1 by autohave x-case-0 : x = At-0 =⇒ (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i j ) ∧
u v?L t )proof−
assume a1 : x = At-0show (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i j ) ∧ u v?L t )
277
proof−from inst a1 have u-cases: u = A-00 ∨ u = A-01 ∨ u = A-02 using
isInst-M-def by autohave u-case-0 : u = A-00 =⇒ (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i j )
∧ u v?L t )proof−assume a2 : u = A-00show (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i j ) ∧ u v?L t )proof−
have j-case-0 : j = ts-set-M-0 =⇒ (∃ t . t ∈ carrier ?L ∧ TS?L t(RSC i j ) ∧ u v?L t )
proof−assume a3 : j = ts-set-M-0show (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i j ) ∧ u v?L t )proof (rule exI [of λt . t ∈ carrier ?L ∧ TS?L t (RSC i j ) ∧ u
v?L t ts0 ])from a1 a2 a3 show ts0 ∈ carrier ?L ∧ TS?L ts0 (RSC i j ) ∧
u v?L ts0 by autoqed
qedhave j-case-1 : j = ts-set-M-1 =⇒ (∃ t . t ∈ carrier ?L ∧ TS?L t
(RSC i j ) ∧ u v?L t )proof−
assume a3 : j = ts-set-M-1show (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i j ) ∧ u v?L t )proof (rule exI [of λt . t ∈ carrier ?L ∧ TS?L t (RSC i j ) ∧ u
v?L t ts1-M ])from a1 a2 a3 show ts1-M ∈ carrier ?L ∧ TS?L ts1-M (RSC i
j ) ∧ u v?L ts1-M by autoqed
qedfrom j-cases j-case-0 j-case-1 show (∃ t . t ∈ carrier ?L ∧ TS?L t
(RSC i j ) ∧ u v?L t ) by fastqed
qedhave u-case-1 : u = A-01 =⇒ (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i j )
∧ u v?L t )proof−assume a2 : u = A-01show (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i j ) ∧ u v?L t )proof−
have j-case-0 : j = ts-set-M-0 =⇒ (∃ t . t ∈ carrier ?L ∧ TS?L t(RSC i j ) ∧ u v?L t )
proof−assume a3 : j = ts-set-M-0show (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i j ) ∧ u v?L t )proof (rule exI [of λt . t ∈ carrier ?L ∧ TS?L t (RSC i j ) ∧ u
v?L t ts1 ])from a1 a2 a3 show ts1 ∈ carrier ?L ∧ TS?L ts1 (RSC i j ) ∧
278
u v?L ts1 by autoqed
qedhave j-case-1 : j = ts-set-M-1 =⇒ (∃ t . t ∈ carrier ?L ∧ TS?L t
(RSC i j ) ∧ u v?L t )proof−
assume a3 : j = ts-set-M-1show (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i j ) ∧ u v?L t )proof (rule exI [of λt . t ∈ carrier ?L ∧ TS?L t (RSC i j ) ∧ u
v?L t ts2-M ])from a1 a2 a3 show ts2-M ∈ carrier ?L ∧ TS?L ts2-M (RSC i
j ) ∧ u v?L ts2-M by autoqed
qedfrom j-cases j-case-0 j-case-1 show (∃ t . t ∈ carrier ?L ∧ TS?L t
(RSC i j ) ∧ u v?L t ) by fastqed
qedhave u-case-2 : u = A-02 =⇒ (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i j )
∧ u v?L t )proof−assume a2 : u = A-02show (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i j ) ∧ u v?L t )proof−
have j-case-0 : j = ts-set-M-0 =⇒ (∃ t . t ∈ carrier ?L ∧ TS?L t(RSC i j ) ∧ u v?L t )
proof−assume a3 : j = ts-set-M-0show (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i j ) ∧ u v?L t )proof (rule exI [of λt . t ∈ carrier ?L ∧ TS?L t (RSC i j ) ∧ u
v?L t ts2 ])from a1 a2 a3 show ts2 ∈ carrier ?L ∧ TS?L ts2 (RSC i j ) ∧
u v?L ts2 by autoqed
qedhave j-case-1 : j = ts-set-M-1 =⇒ (∃ t . t ∈ carrier ?L ∧ TS?L t
(RSC i j ) ∧ u v?L t )proof−
assume a3 : j = ts-set-M-1show (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i j ) ∧ u v?L t )proof (rule exI [of λt . t ∈ carrier ?L ∧ TS?L t (RSC i j ) ∧ u
v?L t ts3-M ])from a1 a2 a3 show ts3-M ∈ carrier ?L ∧ TS?L ts3-M (RSC i
j ) ∧ u v?L ts3-M by autoqed
qedfrom j-cases j-case-0 j-case-1 show (∃ t . t ∈ carrier ?L ∧ TS?L t
(RSC i j ) ∧ u v?L t ) by fastqed
279
qedfrom u-cases u-case-0 u-case-1 u-case-2 show (∃ t . t ∈ carrier ?L ∧
TS?L t (RSC i j ) ∧ u v?L t ) by fastqed
qedhave x-case-1 : x = At-1 =⇒ (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i j ) ∧
u v?L t )proof−
assume a1 : x = At-1show (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i j ) ∧ u v?L t )proof−from inst a1 have u-cases: u = A-10 ∨ u = A-11 ∨ u = A-12 using
isInst-M-def by autohave u-case-0 : u = A-10 =⇒ (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i j )
∧ u v?L t )proof−assume a2 : u = A-10show (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i j ) ∧ u v?L t )proof−
have j-case-0 : j = ts-set-M-0 =⇒ (∃ t . t ∈ carrier ?L ∧ TS?L t(RSC i j ) ∧ u v?L t )
proof−assume a3 : j = ts-set-M-0show (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i j ) ∧ u v?L t )proof (rule exI [of λt . t ∈ carrier ?L ∧ TS?L t (RSC i j ) ∧ u
v?L t ts0 ])from a1 a2 a3 show ts0 ∈ carrier ?L ∧ TS?L ts0 (RSC i j ) ∧
u v?L ts0 by autoqed
qedhave j-case-1 : j = ts-set-M-1 =⇒ (∃ t . t ∈ carrier ?L ∧ TS?L t
(RSC i j ) ∧ u v?L t )proof−
assume a3 : j = ts-set-M-1show (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i j ) ∧ u v?L t )proof (rule exI [of λt . t ∈ carrier ?L ∧ TS?L t (RSC i j ) ∧ u
v?L t ts0-M ])from a1 a2 a3 show ts0-M ∈ carrier ?L ∧ TS?L ts0-M (RSC i
j ) ∧ u v?L ts0-M by autoqed
qedfrom j-cases j-case-0 j-case-1 show (∃ t . t ∈ carrier ?L ∧ TS?L t
(RSC i j ) ∧ u v?L t ) by fastqed
qedhave u-case-1 : u = A-11 =⇒ (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i j )
∧ u v?L t )proof−assume a2 : u = A-11
280
show (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i j ) ∧ u v?L t )proof−
have j-case-0 : j = ts-set-M-0 =⇒ (∃ t . t ∈ carrier ?L ∧ TS?L t(RSC i j ) ∧ u v?L t )
proof−assume a3 : j = ts-set-M-0show (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i j ) ∧ u v?L t )proof (rule exI [of λt . t ∈ carrier ?L ∧ TS?L t (RSC i j ) ∧ u
v?L t ts1 ])from a1 a2 a3 show ts1 ∈ carrier ?L ∧ TS?L ts1 (RSC i j ) ∧
u v?L ts1 by autoqed
qedhave j-case-1 : j = ts-set-M-1 =⇒ (∃ t . t ∈ carrier ?L ∧ TS?L t
(RSC i j ) ∧ u v?L t )proof−
assume a3 : j = ts-set-M-1show (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i j ) ∧ u v?L t )proof (rule exI [of λt . t ∈ carrier ?L ∧ TS?L t (RSC i j ) ∧ u
v?L t ts1-M ])from a1 a2 a3 show ts1-M ∈ carrier ?L ∧ TS?L ts1-M (RSC i
j ) ∧ u v?L ts1-M by autoqed
qedfrom j-cases j-case-0 j-case-1 show (∃ t . t ∈ carrier ?L ∧ TS?L t
(RSC i j ) ∧ u v?L t ) by fastqed
qedhave u-case-2 : u = A-12 =⇒ (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i j )
∧ u v?L t )proof−assume a2 : u = A-12show (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i j ) ∧ u v?L t )proof−
have j-case-0 : j = ts-set-M-0 =⇒ (∃ t . t ∈ carrier ?L ∧ TS?L t(RSC i j ) ∧ u v?L t )
proof−assume a3 : j = ts-set-M-0show (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i j ) ∧ u v?L t )proof (rule exI [of λt . t ∈ carrier ?L ∧ TS?L t (RSC i j ) ∧ u
v?L t ts2 ])from a1 a2 a3 show ts2 ∈ carrier ?L ∧ TS?L ts2 (RSC i j ) ∧
u v?L ts2 by autoqed
qedhave j-case-1 : j = ts-set-M-1 =⇒ (∃ t . t ∈ carrier ?L ∧ TS?L t
(RSC i j ) ∧ u v?L t )proof−
assume a3 : j = ts-set-M-1
281
show (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i j ) ∧ u v?L t )proof (rule exI [of λt . t ∈ carrier ?L ∧ TS?L t (RSC i j ) ∧ u
v?L t ts2-M ])from a1 a2 a3 show ts2-M ∈ carrier ?L ∧ TS?L ts2-M (RSC i
j ) ∧ u v?L ts2-M by autoqed
qedfrom j-cases j-case-0 j-case-1 show (∃ t . t ∈ carrier ?L ∧ TS?L t
(RSC i j ) ∧ u v?L t ) by fastqed
qedfrom u-cases u-case-0 u-case-1 u-case-2 show (∃ t . t ∈ carrier ?L ∧
TS?L t (RSC i j ) ∧ u v?L t ) by fastqed
qedfrom x-cases x-case-0 x-case-1 show (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC
i j ) ∧ u v?L t ) by fastqed
qednextshow
∧x i j jj . [[AtE?L x (RSC i j ); j S?L jj ; x ∈ e-carrier ?L; i ∈ r-carrier
?L; j ∈ s-carrier ?L; jj ∈ s-carrier ?L]] =⇒(∃ y u v . y ∈ e-carrier ?L ∧ u ∈ carrier ?L ∧ v ∈ carrier ?L ∧
Inst?L x y u (RSC i jj ) ∧ Inst?L x y v (RSC i jj ) ∧ ¬ SIMU ?L u v(RSC i jj ))
proof−fix x i j jjassume at : AtE?L x (RSC i j )assume s: j S?L jj
assume carr : x ∈ e-carrier ?L i ∈ r-carrier ?L j ∈ s-carrier ?L jj ∈s-carrier ?L
show (∃ y u v . y ∈ e-carrier ?L ∧ u ∈ carrier ?L ∧ v ∈ carrier ?L ∧Inst?L x y u (RSC i jj ) ∧ Inst?L x y v (RSC i jj ) ∧ ¬ SIMU ?L u v
(RSC i jj ))proof−from at have x-cases: x = At-0 ∨ x = At-1 using isAtE-M-def by autofrom carr have jj-cases: jj = ts-set-M-0 ∨ jj = ts-set-M-1 by autofrom carr have i-case: i = wlCompl-0 by simphave x-case-0 : x = At-0 =⇒ (∃ y u v . y ∈ e-carrier ?L ∧ u ∈ carrier
?L ∧ v ∈ carrier ?L ∧Inst?L x y u (RSC i jj ) ∧ Inst?L x y v (RSC i
jj ) ∧ ¬ SIMU ?L u v (RSC i jj ))proof−assume a1 : x = At-0show (∃ y u v . y ∈ e-carrier ?L ∧ u ∈ carrier ?L ∧ v ∈ carrier ?L ∧
Inst?L x y u (RSC i jj ) ∧ Inst?L x y v (RSC ijj ) ∧ ¬ SIMU ?L u v (RSC i jj ))
proof (rule exI [of λy . ∃ u v . y ∈ e-carrier ?L ∧ u ∈ carrier ?L ∧ v ∈carrier ?L ∧
282
Inst?L x y u (RSC i jj ) ∧ Inst?L x y v (RSC ijj ) ∧ ¬ SIMU ?L u v (RSC i jj ) UC-0 ])
show ∃ u v . UC-0 ∈ e-carrier ?L ∧ u ∈ carrier ?L ∧ v ∈ carrier ?L ∧Inst?L x UC-0 u (RSC i jj ) ∧ Inst?L x UC-0 v
(RSC i jj ) ∧ ¬ SIMU ?L u v (RSC i jj )proof (rule exI [of λu. ∃ v . UC-0 ∈ e-carrier ?L ∧ u ∈ carrier ?L ∧ v
∈ carrier ?L ∧Inst?L x UC-0 u (RSC i jj ) ∧ Inst?L x UC-0 v
(RSC i jj ) ∧ ¬ SIMU ?L u v (RSC i jj ) A-00 ])show ∃ v . UC-0 ∈ e-carrier ?L ∧ A-00 ∈ carrier ?L ∧ v ∈ carrier ?L ∧
Inst?L x UC-0 A-00 (RSC i jj ) ∧ Inst?L x UC-0v (RSC i jj ) ∧ ¬ SIMU ?L A-00 v (RSC i jj )