Comparing Invertibility Proofs - Tools and techniques for formalising structural proof theory

In§7.3, the invertibility of the R∧ in G3cp was shown (with respect to the left premiss). Recall from lemma 20 that one could invoke a different argument to show invertibility of R∧; G3cphas the unique conclusion property (definition 23)). Using this, the derivability at a lower height of both premisses can be shown in one lemma:

lemmainvertConR: 1 assumes(Γ⇒∗∆⊕(A∧∗B),n)∈derivable (Ax ∪g3cp)∗ 2 shows∃ m≤n.(Γ⇒∗∆⊕A,m) ∈derivable (Ax ∪ g3cp)∗ 3 and∃ m≤n.(Γ⇒∗∆⊕B,m)∈derivable (Ax ∪g3cp)∗ 4 proof− 5 haveextendRule (Γ⇒∗∆) ([{#} ⇒∗ {#A#},{#} ⇒∗ {#B#}],{#} ⇒∗ {#A∧∗B#}) 6 ∈(Ax ∪g3cp)∗byauto 7 moreover have 8 extendRule (Γ⇒∗∆) ([{#} ⇒∗ {#A#},{#} ⇒∗ {#B#}],{#} ⇒∗ {#A∧∗B#}) 9 = ([Γ⇒∗∆⊕A,Γ⇒∗∆⊕B],Γ⇒∗∆⊕(A∧∗B)) by(auto) 10 ultimately 11 have([ Γ⇒∗∆⊕A, Γ⇒∗∆⊕B], Γ⇒∗∆⊕(A∧∗B))∈(Ax ∪ g3cp)∗ 12 bysimp 13

withassms show ∃m≤n.( Γ⇒∗∆⊕A,m) ∈derivable (Ax ∪ g3cp)∗ 14

and∃m≤n.( Γ⇒∗∆⊕B,m)∈derivable (Ax ∪g3cp)∗ 15

usinginvertibleRule[whereR0=g3cp]by(auto simp add:g3cp-uc g3cp-upRules)

qed

Even with the additional proofs of g3cp-ucandg3cp-upRules, the total amount written is under 30 lines.

The direct proof, by comparison, is long and bloated. Firstly, it does not seem possible to prove both statements within one proof. In other words, one needs separate left and right premiss proofs. Each of these consists proofs is by induction on the height of the derivation of the conclusion:

lemmainvertConR2L:

assumes(Γ⇒∗∆⊕(A∧∗B),n) ∈derivable (Ax ∪g3cp)∗

shows∃ m≤n.(Γ⇒∗∆⊕A,m) ∈derivable (Ax ∪g3cp)∗

usingassms

proof (induct n arbitrary: Γ ∆rule:nat-less-induct)

There is a trivial base case, which has two separate subcases (the proofs are suppressed:

case0

withder have (Γ⇒∗∆⊕(A∧∗B),0) ∈derivable (Ax ∪ g3cp)∗bysimp then have([],Γ⇒∗∆⊕(A∧∗B))∈(Ax ∪g3cp)∗by(rule derivable.cases)auto then obtainS r whereext:extendRule S r = ([],Γ⇒∗∆⊕(A ∧∗B))

and r ∈(Ax ∪g3cp)by(rule extRules.cases)auto ultimately haver ∈Ax byauto

then obtaini wherer = ([],{#ff#} ⇒∗ {#})∨r = ([],{#At i#} ⇒∗ {#At i#}) apply(cases r)by(rule Ax.cases) auto

ultimately have(Γ⇒∗∆⊕A,0)∈ derivable (Ax ∪g3cp)∗byblast then show∃ m≤n.(Γ⇒∗∆⊕A,m) ∈derivable (Ax ∪g3cp)∗

usingh_n₌₀i_by_blast

When the height is a positive integer, A∧B was either principal in the last instance, or it was not. There are the same number of non-principal cases as rules, and this is where the bloated nature of the proof arises:

case(Suc n0)

withder have (Γ⇒∗∆⊕(A∧∗B),n0+1)∈derivable (Ax ∪g3cp)∗bysimp then obtainPs S r wherenonempty:Ps 6= []

and ext0: (Ps,Γ⇒∗∆⊕(A∧∗B))∈(Ax ∪g3cp)∗

and premss:∀ p∈set Ps.∃ m≤n0.(p,m)∈ derivable (Ax ∪g3cp)∗

usingcharacteriseLast byauto

fromext0obtainS r whereext:extendRule S r = (Ps,Γ⇒∗∆⊕(A∧∗B)) and r ∈(Ax ∪g3cp)by(rule extRules.cases)auto

ultimately haver ∈g3cpbyauto

ultimately have(ps,c)∈g3cp bysimp

then have∃ m≤n0+1.(Γ⇒∗∆⊕A,m)∈derivable (Ax ∪g3cp)∗

proof (cases) — Case analysis on the last rule used case(conR D E)

haveD ∧∗E =A∧∗B ∨D ∧∗E 6=A∧∗ B byblast moreover

{assumeD ∧∗E =A∧∗B— The one principal case withext andh_c _{= (}{_#} ⇒∗ {_#_D∧∗_E_#}₎i_and h_r _{= (}_ps_,_c₎i

have S = (Γ⇒∗∆)by(cases S) auto

withh_ps _{= [}_{_#_{} ⇒∗ {}_#_D_#_}_,_{_#_{} ⇒∗ {}_#_E_#_}_]i _and_ext

and h_D∧∗_E ₌_A∧∗_Bi _andh_r _{= (}_ps_,_c₎i

have Ps = [Γ⇒∗∆⊕A,Γ⇒∗∆⊕B]by(auto)

withpremss have∃ m≤n0.(Γ⇒∗∆⊕A,m)∈ derivable (Ax ∪g3cp)∗

by(auto)

then have∃ m≤n0+1.(Γ⇒∗∆⊕A,m)∈derivable (Ax ∪g3cp)∗

by(rule-tac x=m inexI) auto

}

moreover

{assumeD ∧∗E 6=A∧∗B— One of many non-principal cases

}

case(impR D E) — Each non-principal case is around 35 lines long next case(disR D E) next case(impL D E) next case(disL D E) next case(conL D E) qed

then show∃ m≤n.(Γ⇒∗∆⊕A,m)∈ derivable (Ax ∪g3cp)∗

usingh_n₌_{Suc n}0i _by_auto

qed

The whole proof is around 300 lines long (depending on spacing etc.). Even if both premisses could be handled with one lemma of this length, we still have to write roughly ten times more using the direct proof. The efficiency for such proofs is not as relevant; checking 30 lines and checking 300 lines happens quickly. In fact, given that the earlier invertibility results need to be loaded beforehand, the direct proof takes less time to be checked. However, it takes much longer to write.

As is obvious, with more rules, the disparity becomes even larger between the direct and indirect proof lengths. For every rule added, one gets an extra non-principal case in the

proof. Whilst it is only a linear increase, using the indirect method there is no increase in proof length at all.

Rigid Formalisations

This chapter contains two of the formalisations of chapter4,Cut admissibility forG3ipand Contraction admissibility forG4ip. The formalisation of of section 4.3 is included in the Nominal Isabelle distribution. The formalisations of chapter7are not contained here: they are available online [Chapman,2009].

D.1 Cut Admissibility for G3ip

This file uses Multiset.thy, which is included in theIsabelle distribution. datatypeform =Atom nat

|Imp form form (-⊃-[100,100]110)

|Conj form form (-∧∗-[100,100]110)

|Disj form form (-∨∗-[100,100]110)

|ff

abbreviation

multiset-plus (infixl⊕80)where

(Γ ::form multiset)⊕(A::form) ≡Γ + {#A#}

abbreviation

multiset-minus (infixl 80)where

(Γ ::form multiset) (A::form) ≡Γ− {#A#}

inductive

provable-dp ::form multiset ⇒form ⇒ nat ⇒bool (-⇒-↓-[60,60,60]60) where

Ax[intro]: [[(Atom i):# Γ]] =⇒Γ⇒Atom i ↓0

|LBot[intro]: [[ff :# Γ]] =⇒Γ⇒C ↓0

|ConjR[intro]: [[Γ⇒A↓n ; Γ⇒B ↓m]] =⇒Γ⇒A∧∗B ↓n+m+1

|ConjL[intro]: [[Γ⊕A⊕B ⇒C ↓n]] =⇒Γ⊕A∧∗B ⇒C ↓n+1

|DisjR1[intro]: [[Γ⇒A↓n]] =⇒Γ⇒A∨∗B ↓n+1

|DisjR2[intro]: [[Γ⇒B ↓n]] =⇒Γ⇒A∨∗B ↓n+1

|DisjL[intro]: [[Γ⊕A⇒C ↓n ; Γ⊕B ⇒C ↓m]] =⇒Γ⊕A∨∗B ⇒C ↓n+m+1

|ImpR[intro]: [[ Γ⊕A⇒B ↓n]] =⇒Γ⇒A⊃B ↓n+1

|ImpL[intro]: [[ Γ⊕A⊃B ⇒A↓n; Γ ⊕B ⇒C ↓m]] =⇒Γ⊕A⊃B ⇒C ↓n+m+1

constslength::form ⇒nat primrec

length (Atom i) =0

length (A⊃B) = (if (length A≤length B)then (length B +1)else (length A+1))

length (A∧∗B) = (if (length A≤length B) then (length B +1)else (length A+1))

length (A∨∗B) = (if (length A≤length B) then (length B +1)else (length A+1))

length (ff) =0

abbreviation

less-prod-nat (-<∗-[50,50]50) where p <∗q ≡(p,q) :less-than <∗lex∗>less-than

lemmanat-prod-induct [case-names less]: fixesx y ::nat assumesinduct-step:V x y.(V u v.(u,v)<∗(x,y) =⇒P u v) =⇒P x y showsP x y proof −

havewf (less-than<∗lex∗>less-than) byblast then show?thesis

proof (induct p ≡(x,y) arbitrary:x y) case(less p)

showP x y

proof (rule induct-step) fixu v

assume(u,v)<∗(x,y) withless showP u v bysimp qed qed qed lemmamidMultiset: assumesΓ⊕A= Γ0⊕B and A6=B shows∃ Γ00.Γ = Γ00⊕B ∧Γ0= Γ00⊕A proof−

fromassms haveA:# Γ0 proof−

then haveset-of Γ∪ {A}=set-of Γ0∪ {B}byauto then haveset-of Γ∪ {A} ⊆set-of Γ0∪ {B}bysimp then haveA∈set-of Γ0usingassms byauto thusA :# Γ0bysimp

qed

then haveΓ0 A⊕A= Γ0by(auto simp add:multiset-eq-conv-count-eq) then have∃ Γ00.Γ0= Γ00⊕A apply(rule-tac x=Γ0 A inexI)byauto then obtainΓ00whereeq1:Γ0= Γ00⊕A byblast

fromh_Γ⊕_A_{= Γ}0⊕_Bi_eq1 _have_Γ⊕_A _{= Γ}00⊕_A⊕_B _by_auto

then haveΓ = Γ00⊕B by(auto simp add:multiset-eq-conv-count-eq) thus?thesisusingeq1 byblast

qed

lemmainversionImpL: assumesΓ⊕A⊃B ⇒C ↓n shows∃ j.j≤n ∧Γ⊕B ⇒C ↓j usingassms

proof (induct Γ≡Γ⊕A⊃B C n arbitrary:Γ) case(Ax i Γ0)

then haveAtom i :# Γbyauto then haveΓ⊕B⇒Atom i ↓0 byauto then show?case byblast

case(LBot Γ0C)

then haveff :# Γbyauto

then haveΓ⊕B⇒C ↓0 byauto then show?case byblast

case(ImpRΓ0E F k)

then haveΓ0⊕E = Γ⊕A⊃B ⊕E byauto

then have ∃ j. j≤k ∧Γ ⊕B ⊕ E ⇒F ↓j using prems(3)[whereΓ=Γ⊕E] by(auto simp add:union-ac)

then obtainj wherec1:j≤k

andc2: Γ⊕B ⊕E ⇒F ↓j byauto

fromc2 haveΓ⊕B ⇒E⊃F ↓j+1 usingprovable-dp.ImpR[whereΓ=Γ⊕B andA=E and B=F]byauto

then show?case usingc1 byauto next

case(ConjRΓ0E k F l)

then have∃j≤k.Γ⊕B ⇒E ↓j and∃j≤l.Γ⊕B ⇒F ↓j byauto then obtainj1 j2 wherec1:j1 ≤k

andc2: Γ ⊕B ⇒E ↓j1 andc3:j2 ≤l

andc4: Γ ⊕B ⇒F ↓j2 byauto

then show ?case using provable-dp.ConjR[where Γ=Γ⊕B and n=j1 and m=j2 and A=E andB=F]

apply(rule-tac x=j1+j2+1 inexI)byauto next

case(ConjLΓ0E F C n Γ00)

then obtainΓ1 whereeq1: Γ0= Γ1 ⊕A⊃B

and eq2: Γ00= Γ1 ⊕E∧∗F using midMultiset[whereΓ=Γ0andA=E∧∗F and Γ0=Γ00andB=A⊃B]byauto

fromeq1 prems(3)[whereΓ=Γ1⊕E⊕F] have ∃ j≤n.Γ1 ⊕E ⊕ F ⊕B ⇒ C ↓j by (auto simp add:union-ac)

then obtainj whereeq3:j≤n andΓ1 ⊕E ⊕F ⊕B ⇒C ↓j byblast

then haveΓ1 ⊕E∧∗F ⊕B ⇒C ↓j+1 usingprovable-dp.ConjL[whereΓ=Γ1⊕B andA=E andB=F]by(auto simp add:union-ac)

then show?case usingeq2 eq3 byauto next

case(DisjR1 Γ0E n F)

then have∃j≤n.Γ⊕B ⇒E ↓j byauto

then obtainj whereeq:j≤nand Γ⊕B ⇒E ↓j byblast

then haveΓ⊕B ⇒E∨∗F ↓j+1 usingprovable-dp.DisjR1 byauto then show?case usingeq byauto

case(DisjR2 Γ0F n E)

then have∃j≤n.Γ⊕B ⇒F ↓j byauto

then obtainj whereeq:j≤nand Γ⊕B ⇒F ↓j byblast

then haveΓ⊕B ⇒E∨∗F ↓j+1 usingprovable-dp.DisjR2 byauto then show?case usingeq byauto

case(DisjLΓ0E C n F m Γ00)

then obtainΓ1 whereeq1: Γ0= Γ1 ⊕A⊃B

and eq2: Γ00 = Γ1 ⊕E∨∗F using midMultiset[whereΓ=Γ0and Γ0=Γ00and A=E∨∗F andB=A⊃B]byauto

from eq1 prems(3)[where Γ=Γ1⊕E] have ∃ j≤n. Γ1 ⊕ E ⊕ B ⇒ C ↓ j by (auto simp add:union-ac)

moreover

from eq1 prems(5)[where Γ=Γ1⊕F] have ∃ k≤m. Γ1 ⊕ F ⊕ B ⇒ C ↓ k by (auto simp add:union-ac)

ultimately

obtainj k wherea:j≤n ∧k≤m andb: Γ1 ⊕E ⊕B ⇒C ↓j

andc: Γ1 ⊕F ⊕B ⇒C ↓k byblast

fromb c haveΓ1 ⊕E∨∗F ⊕B⇒C ↓j+k+1 usingprovable-dp.DisjL[whereΓ=Γ1⊕B and A=E andB=F]

by(auto simp add:union-ac)

then show?case usinga eq2 apply(rule-tac x=j+k+1 inexI)byauto next

case(ImpLΓ0E F n C m Γ00)

haveE ⊃F =A⊃B ∨E ⊃F 6=A ⊃B byblast moreover

{assumeE ⊃F =A ⊃B

then haveΓ0= Γ00usingprems byauto

then haveΓ00⊕B ⇒C ↓m usingprems byauto

then have∃ k.k≤n+m+1 ∧Γ00⊕B ⇒C ↓k apply (rule-tac x=m inexI)byauto

}

moreover

{assumea:E ⊃F 6=A ⊃B

fromprems obtainΓ1 whereeq1: Γ0= Γ1 ⊕A⊃B

and eq2: Γ00= Γ1 ⊕E⊃F using midMultiset[whereΓ=Γ0andΓ0=Γ00 andA=E⊃F andB=A⊃B]

byauto

fromprems have∃ j.j≤n ∧Γ00⊕B ⇒E ↓j byauto then obtainj whereb1:j≤n

andb2: Γ1⊕B ⊕E⊃F ⇒E ↓j usingeq2 by(auto simp add:union-ac) moreover

fromeq1 have ∃ k.k≤m ∧Γ1 ⊕F ⊕B ⇒C ↓k using prems(5)[whereΓ=Γ1 ⊕F]by(auto simp add:union-ac) then obtaink wherec1:k≤m

andc2: Γ1 ⊕F ⊕B ⇒C ↓k byauto ultimately

have Γ1 ⊕ B ⊕E⊃F ⇒ C ↓ j+k+1 using provable-dp.ImpL[whereΓ=Γ1⊕B and A=E andB=F]

by(auto simp add:union-ac)

then have∃ k.k≤n+m+1 ∧ Γ00⊕B ⇒C ↓ k using b1 c1 eq2 apply(rule-tac x=j+k+1 inexI)

by(auto simp add:union-ac)

}

ultimately

show?case byblast qed

lemmainversionConjL: assumesΓ⊕A∧∗B ⇒C ↓n

shows∃ j.j≤n ∧Γ⊕A⊕B ⇒C ↓j usingassms

proof (induct Γ≡Γ⊕A∧∗B C n arbitrary: Γ) case(Ax i Γ0)

then haveAtom i :# Γbyauto

then haveΓ⊕A⊕B ⇒Atom i ↓0 byauto then show?case byblast

case(LBot Γ0C)

then haveff :# Γbyauto

then haveΓ⊕A⊕B ⇒C ↓0 byauto then show?case byblast

case(ImpRΓ0E F k)

then haveΓ0⊕E = Γ⊕A∧∗B ⊕E byauto

then have ∃ j.j≤k ∧ Γ⊕ A⊕ B ⊕ E ⇒ F ↓j using prems(3)[whereΓ=Γ⊕E]by (auto simp add:union-ac)

then obtainj wherec1:j≤k

andc2: Γ⊕A⊕B ⊕E ⇒F ↓j byauto

fromc2 haveΓ⊕A⊕B ⇒E⊃F ↓j+1 usingprovable-dp.ImpR[whereΓ=Γ⊕A⊕B and A=E andB=F]byauto

then show?case usingc1 byauto next

case(ConjRΓ0E k F l)

then have∃j≤k.Γ⊕A⊕B ⇒E ↓j and∃j≤l.Γ⊕A⊕ B ⇒F ↓j byauto then obtainj1 j2 wherec1:j1 ≤k

andc2: Γ ⊕A ⊕B ⇒E ↓j1 andc3:j2 ≤l

andc4: Γ ⊕A ⊕B ⇒F ↓j2 byauto

then show?caseusingprovable-dp.ConjR[whereΓ=Γ⊕A⊕B andn=j1 andm=j2 andA=E andB=F]

apply(rule-tac x=j1+j2+1 inexI)byauto next

case(DisjR1 Γ0E n F)

then have∃j≤n.Γ⊕A⊕B ⇒E ↓j byauto

then obtainj whereeq:j≤nand Γ⊕A⊕B ⇒E ↓j byblast

then haveΓ⊕A⊕B ⇒E∨∗F ↓j+1 usingprovable-dp.DisjR1 byauto then show?case usingeq byauto

case(DisjR2 Γ0F n E)

then have∃j≤n.Γ⊕A⊕B ⇒F ↓j byauto

then obtainj whereeq:j≤nand Γ⊕A⊕B ⇒F ↓j byblast

then haveΓ⊕A⊕B ⇒E∨∗F ↓j+1 usingprovable-dp.DisjR2 byauto then show?case usingeq byauto

case(DisjLΓ0E C n F m Γ00)

and eq2: Γ00 = Γ1 ⊕E∨∗F using midMultiset[whereΓ=Γ0and Γ0=Γ00and A=E∨∗F andB=A∧∗B]byauto

fromeq1 prems(3)[whereΓ=Γ1⊕E]have∃ j≤n.Γ1 ⊕E ⊕A ⊕B ⇒C ↓j by (auto simp add:union-ac)

moreover

fromeq1 prems(5)[whereΓ=Γ1⊕F]have∃ k≤m.Γ1 ⊕F ⊕A⊕B ⇒C ↓k by(auto simp add:union-ac)

ultimately

obtainj k wherea:j≤n ∧k≤m

andb: Γ1 ⊕E ⊕A⊕B ⇒C ↓j

andc: Γ1 ⊕F ⊕A⊕B ⇒C ↓k byblast

fromb chaveΓ1 ⊕E∨∗F⊕A⊕B⇒C↓j+k+1usingprovable-dp.DisjL[whereΓ=Γ1⊕A⊕B andA=E and B=F]

by(auto simp add:union-ac)

then show?case usinga eq2 apply(rule-tac x=j+k+1 inexI)byauto next

case(ImpLΓ0E F n C m Γ00)

fromprems obtainΓ1 whereeq1: Γ0= Γ1 ⊕A∧∗B

and eq2: Γ00= Γ1 ⊕E⊃F usingmidMultiset[whereΓ=Γ0andΓ0=Γ00and A=E⊃F and B=A∧∗B]

byauto

fromprems have∃ j.j≤n ∧Γ00⊕A ⊕B ⇒E ↓j byauto then obtainj whereb1:j≤n

andb2: Γ1⊕A⊕B ⊕E⊃F ⇒E ↓j usingeq2 by(auto simp add:union-ac) moreover

fromeq1 have ∃ k.k≤m ∧Γ1 ⊕F ⊕A⊕B ⇒C ↓k using prems(5)[whereΓ=Γ1 ⊕F]by(auto simp add:union-ac) then obtaink wherec1:k≤m

andc2: Γ1 ⊕F ⊕A⊕B ⇒C ↓k byauto ultimately

have Γ1 ⊕ A⊕B ⊕E⊃F ⇒C ↓ j+k+1 using provable-dp.ImpL[whereΓ=Γ1⊕A⊕B and A=E andB=F]

by(auto simp add:union-ac)

then have∃ k.k≤n+m+1 ∧Γ00⊕A⊕B ⇒C ↓k usingb1 c1 eq2 apply(rule-tac x=j+k+1 inexI)

by(auto simp add:union-ac) then show?case byblast next

case(ConjLΓ0E F C n Γ00)

haveE∧∗F =A∧∗B ∨E∧∗F 6=A∧∗B byblast moreover

{assumeE∧∗F =A∧∗B

then have ∃ j. j≤n+1 ∧Γ00⊕ A⊕B ⇒C ↓j using prems apply (rule-tac x=n in exI) byauto

}

moreover

{assumeE∧∗F 6=A∧∗B

then obtainΓ1 whereeq1: Γ0= Γ1 ⊕A∧∗B

and eq2: Γ00= Γ1 ⊕ E∧∗F using midMultiset[whereΓ=Γ0and Γ0=Γ00and A=E∧∗F andB=A∧∗B]prems

byauto

from prems have ∃ j. j≤n ∧ Γ1 ⊕ A ⊕ B ⊕ E ⊕ F ⇒ C ↓ j using prems(3)[where Γ=Γ1⊕E⊕F]by(auto simp add:union-ac)

then obtainj whereb1:j≤n

andb2: Γ1 ⊕A ⊕B ⊕E ⊕F ⇒C ↓j by(auto simp add:union-ac)

fromb2 haveΓ1 ⊕A⊕B⊕E∧∗F ⇒C ↓j+1 usingprovable-dp.ConjL[whereΓ=Γ1⊕A⊕B] by(auto simp add:union-ac)

then have∃ j≤n+1.Γ00⊕A⊕B ⇒C ↓j usingeq2 b1 apply (rule-tac x=j+1 inexI) by (auto simp add:union-ac)

}

ultimately

show?case byblast qed

lemmainversionDisjL:

assumesΓ⊕A∨∗B ⇒C ↓n

shows∃ j k.j≤n ∧k≤n ∧Γ⊕A⇒C ↓j ∧Γ⊕B ⇒C ↓k usingassms

proof (induct Γ≡Γ⊕A∨∗B C n arbitrary: Γ) case(Ax i Γ0)

then haveAtom i :# Γbyauto

then haveΓ⊕A⇒Atom i ↓0 andΓ⊕B ⇒Atom i ↓0 byauto then show?case byblast

case(LBot Γ0C)

then haveff :# Γbyauto

then haveΓ⊕A⇒C ↓0 andΓ⊕B ⇒C ↓0 byauto then show?case byblast

case(ConjRΓ0E k F l)

then have∃ j1 j2.j1≤k ∧j2≤k ∧Γ⊕A⇒E ↓j1 ∧Γ⊕B ⇒E ↓j2 and∃ j3 j4.j3≤l ∧j4≤l ∧Γ⊕A⇒F ↓j3 ∧Γ⊕B ⇒F ↓j4 byauto then obtainj1 j2 j3 j4 wherec:j1 ≤k ∧ j2≤k ∧j3≤l ∧j4≤l

and c2: Γ⊕B ⇒E ↓j2 and c3: Γ⊕A⇒F ↓j3

and c4: Γ⊕B ⇒F ↓j4 byauto

fromc1 c3 have Γ ⊕A ⇒ E∧∗F ↓ j1+j3+1 using provable-dp.ConjR[where Γ=Γ⊕A] by auto

moreover

fromc2 c4 have Γ ⊕B ⇒ E∧∗F ↓j2+j4+1 using provable-dp.ConjR[whereΓ=Γ⊕B] by auto

ultimately

show?case usingc apply(rule-tac x=j1+j3+1 inexI,rule-tac x=j2+j4+1 in exI)byauto next

case(DisjR1 Γ0E n F)

then have∃ j k.j≤n ∧k≤n ∧Γ⊕A⇒E ↓j ∧ Γ⊕B ⇒E ↓k byauto

then obtainj k whereeq:j≤n ∧k≤n andΓ⊕A⇒E ↓j ∧Γ⊕B ⇒E ↓k byblast then haveΓ⊕A⇒E∨∗F ↓j+1 ∧Γ⊕B ⇒E∨∗F ↓k+1 usingprovable-dp.DisjR1 byauto then show?case usingeq byauto

case(DisjR2 Γ0F n E)

then have∃ j k.j≤n ∧k≤n ∧Γ⊕A⇒F ↓j ∧Γ⊕B ⇒F ↓k byauto

then obtainj k whereeq:j≤n ∧k≤n andΓ⊕A⇒F ↓j ∧Γ⊕B ⇒F ↓k byblast then haveΓ⊕A⇒E∨∗F ↓j+1 ∧Γ⊕B ⇒E∨∗F ↓k+1 usingprovable-dp.DisjR2 byauto then show?case usingeq byauto

case(ImpRΓ0E F k)

then haveΓ0⊕E = Γ⊕A∨∗B ⊕E byauto

then have∃ j1 j2.j1≤k ∧j2≤k ∧Γ⊕A⊕E ⇒F ↓j1 ∧ Γ⊕B ⊕E ⇒F ↓j2 usingprems(3)[whereΓ=Γ⊕E]by(auto simp add:union-ac)

then obtainj1 j2 wherec1:j1≤k ∧j2≤k andc2: Γ ⊕A ⊕E ⇒F ↓j1

andc3: Γ ⊕B ⊕E ⇒F ↓j2 byauto

from c2 have Γ ⊕A ⇒E⊃F ↓ j1+1 using provable-dp.ImpR[where Γ=Γ ⊕A and A=E andB=F]byauto

moreover

fromc3 have Γ⊕ B ⇒E⊃F ↓j2+1 using provable-dp.ImpR[whereΓ=Γ ⊕ B and A=E andB=F]byauto

ultimately

show?case usingc1 apply (rule-tac x=j1+1 in exI,rule-tac x=j2+1 inexI) byauto next

case(ImpLΓ0E F n C m Γ00)

fromprems obtainΓ1 whereeq1: Γ0= Γ1 ⊕A∨∗B

and eq2: Γ00= Γ1 ⊕E⊃F usingmidMultiset[whereΓ=Γ0andΓ0=Γ00and A=E⊃F and B=A∨∗B]

fromprems have∃ j k.j≤n ∧k≤n ∧Γ00⊕A⇒E ↓j ∧Γ00⊕B ⇒E ↓k byauto then obtainj k whereb1:j≤n ∧k≤n

andb2: Γ1 ⊕A ⊕E⊃F ⇒E ↓j

andb3: Γ1 ⊕B ⊕E⊃F ⇒E ↓k usingeq2 by(auto simp add:union-ac) fromeq1 have ∃ j1 k1.j1≤m ∧k1≤m ∧Γ1 ⊕F ⊕A⇒C ↓j1 ∧Γ1 ⊕F ⊕B ⇒C ↓k1

In document Tools and techniques for formalising structural proof theory (Page 140-166)