bittner3/Theories/OntologyCM/document.pdf · Computational realization of the formal ontology...

Computational realization of the formal ontology

presented in

Formal ontology of space, time, and physical

entities in modern Classical Mechanics

Thomas BittnerDepartment of Philosophy

SUNY at Buffalo

December 11, 2017

Contents

1 Setting up the formal environment 41.1 The frames R and S . . . . . . . . . . . . . . . . . . . . . . . 41.2 The modal language and its interpretation in RS frames . . . 51.3 RS frames with two domains of variables . . . . . . . . . . . . 61.4 S5 Axioms, Barcan formula, etc. are satisfied . . . . . . . . . 71.5 KS - structures . . . . . . . . . . . . . . . . . . . . . . . . . . 10

2 Mereology (adopted from Clemens Ballari et. al) 112.1 Partial order . . . . . . . . . . . . . . . . . . . . . . . . . . . 112.2 Upper and lower bounds of a set . . . . . . . . . . . . . . . . 122.3 Least and greatest, as predicate . . . . . . . . . . . . . . . . . 132.4 Upper Semi-Lattices . . . . . . . . . . . . . . . . . . . . . . . 152.5 Complete upper semi-lattices . . . . . . . . . . . . . . . . . . 192.6 Infimum . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202.7 Infimum meet and complement and difference as relations . . 212.8 Meet and Overlap in partial orders . . . . . . . . . . . . . . . 232.9 partial lower semilattice . . . . . . . . . . . . . . . . . . . . . 272.10 Partial lattices . . . . . . . . . . . . . . . . . . . . . . . . . . 292.11 Total Orders . . . . . . . . . . . . . . . . . . . . . . . . . . . 302.12 Mereology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

3 Spacetime mereology with time slices 353.1 The non-modal part of TS mereology . . . . . . . . . . . . . . 353.2 The modal part of TS mereology . . . . . . . . . . . . . . . . 453.3 Newtonian space-time . . . . . . . . . . . . . . . . . . . . . . 46

1

3.4 Minkowski space-time . . . . . . . . . . . . . . . . . . . . . . 47

4 Axioms and theorems for instantiation 474.1 Axioms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 474.2 Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 494.3 Theorems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

5 Parthood for continuant and occurrant particulars 59

6 Atomic entities 62

7 The presentation of the formal theory in the modal language 687.1 Basic types for the lifting . . . . . . . . . . . . . . . . . . . . 687.2 lifted definitions of HOL-based predicates . . . . . . . . . . . 697.3 Lifted version of spacetime mereology . . . . . . . . . . . . . 69

7.3.1 Lifted definitions . . . . . . . . . . . . . . . . . . . . . 697.3.2 Lifted axioms as theorems . . . . . . . . . . . . . . . . 707.3.3 Recover standard definitions . . . . . . . . . . . . . . 707.3.4 Lifted theorems . . . . . . . . . . . . . . . . . . . . . . 71

7.4 Lifted timeslice mereology (TS mereology) . . . . . . . . . . . 717.4.1 Lifted definitions of TS mereology . . . . . . . . . . . 717.4.2 Recover the standard definitions . . . . . . . . . . . . 727.4.3 Lifted axioms for TS mereology as theorems . . . . . . 727.4.4 Lifted theorems for TS mereology . . . . . . . . . . . 72

7.5 Newtonian Spacetime . . . . . . . . . . . . . . . . . . . . . . 737.5.1 Lifted axiom of Newtonian ST . . . . . . . . . . . . . 737.5.2 Lifted theorems of Newtonian ST . . . . . . . . . . . . 73

7.6 Minkowski Spacetime . . . . . . . . . . . . . . . . . . . . . . 737.6.1 Lifted axiom of Minkowski ST . . . . . . . . . . . . . 73

7.7 Inst-TS-mereology . . . . . . . . . . . . . . . . . . . . . . . . 737.7.1 Lifted axioms of Inst-TS-mereology as theorems . . . 737.7.2 Definitions of Inst-TS-mereology . . . . . . . . . . . . 757.7.3 Recover the standard definitions . . . . . . . . . . . . 767.7.4 Lifted theorems of Inst-TS-mereology . . . . . . . . . 777.7.5 Lifted axiom for worldlines . . . . . . . . . . . . . . . 78

7.8 Mereology of particulars . . . . . . . . . . . . . . . . . . . . . 787.8.1 Definitions . . . . . . . . . . . . . . . . . . . . . . . . 787.8.2 Recover standard definitions . . . . . . . . . . . . . . 787.8.3 Lifted theorems for PCon and POcc . . . . . . . . . . 79

7.9 Atomic entities – AtE-Inst-TS-mereology . . . . . . . . . . . 797.9.1 Primitive as definition . . . . . . . . . . . . . . . . . . 797.9.2 Lifted axioms of AtE-Inst-TS-mereology as theorems . 797.9.3 Lifted theorems of AtE-Inst-TS-mereology . . . . . . . 80

2

8 The model 818.1 Regions of spacetime . . . . . . . . . . . . . . . . . . . . . . . 818.2 Time slices . . . . . . . . . . . . . . . . . . . . . . . . . . . . 838.3 Worldlines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 918.4 Temporal parts of complexes . . . . . . . . . . . . . . . . . . 948.5 Possible entities in a world with two atoms . . . . . . . . . . 1018.6 Instantiation in Minkowski spacetime . . . . . . . . . . . . . . 1038.7 Instantiating the frame structures . . . . . . . . . . . . . . . . 109

9 Proof that the model AtE-Inst-ST-frame-M satisfies the ax-ioms of the formal theory – they are extremely ugly andtedious ... 1099.1 Preliminary lemmata . . . . . . . . . . . . . . . . . . . . . . . 1099.2 The Model satisfies the axioms of the locale S5-RS-frame . . 1209.3 The Model satisfies the axioms of the locale two-sort-S5-RS-

frame . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1219.4 The Model satisfies the axioms of the locale S5-RS-2S-partial-

order . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1219.5 The Model satisfies the axioms of the locale upper-semilattice 1229.6 The Model satisfies the axioms of the locale complete-upper-

semilattice . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1229.7 The Model satisfies the axioms of the locale partial-lower-

semilattice . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1239.8 The Model satisfies the axioms of the locale partial-lattice . . 1239.9 The Model satisfies the axioms of the locale S5-RS-2S-GEM . 1239.10 The Model satisfies the axioms of the locale TS-mereology . . 1249.11 The Model satisfies the axioms of the locale M-TS-mereology 1289.12 The Model satisfies the axioms of the locale Inst-TS-mereology1609.13 The Model satisfies the axioms of the locale AtE-Inst-TS-

mereology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270

3

theory S5-2D-base imports Main

begin

1 Setting up the formal environment

1.1 The frames R and S

record ′a R-frame =r-carrier :: ′a set setaR :: ′a set ⇒ ′a set ⇒ bool (infixl Rı 50 )

record ′a RS-frame = ′a R-frame +s-carrier :: ′a set setaS :: ′a set ⇒ ′a set ⇒ bool (infixl S ı 50 )

datatype ′a RS = RSC ′a set ′a set

primrec r-RS :: ′a RS ⇒ ′a set wherer-RS (RSC r s) = r

primrec s-RS :: ′a RS ⇒ ′a set wheres-RS (RSC r s) = s

lemma RSSR: [[(r-RS (RSC a b))RL(r-RS (RSC c b));(s-RS (RSC c b))SL(s-RS(RSC c d))]] =⇒

(((s-RS (RSC a b))SL(s-RS (RSC a d))) ∧ ((r-RS (RSC a d))RL(r-RS(RSC c d))))

by auto

lemma SRRS : [[(s-RS (RSC a b))SL(s-RS (RSC a d));(r-RS (RSC a d))RL(r-RS(RSC c d))]] =⇒

((r-RS (RSC a b))RL(r-RS (RSC c b)) ∧ (s-RS (RSC c b)SL(s-RS(RSC c d))))

by auto

locale S5-RS-frame =fixes L (structure)assumes

RCarrier : r-carrier L 6= {}and R-ref [intro, simp]:

x ∈ r-carrier L ==> x RL xand R-sym [intro]:

[[x ∈ r-carrier L; y ∈ r-carrier L; x RL y ]] =⇒ y RL xand R-trans [trans]:

[[x ∈ r-carrier L; y ∈ r-carrier L; z ∈ r-carrier L; x RL y ; y RL z ]] =⇒ x RLz

4

assumesSCarrier : s-carrier L 6= {}and S-ref [intro, simp]:

u ∈ s-carrier L ==> u SL uand S-sym [intro]:

[| u ∈ s-carrier L; v ∈ s-carrier L; u SL v |] ==> v SL uand S-trans [trans]:

[| u ∈ s-carrier L; v ∈ s-carrier L; s ∈ s-carrier L; u SL v ; v SL s|] ==> uSL s

1.2 The modal language and its interpretation in RS frames

type-synonym ( ′a, ′b) RS-predicate = ( ′a, ′b) RS-frame-scheme ⇒ ′a RS ⇒bool

abbreviation mneg :: ( ′a, ′b) RS-predicate ⇒ ( ′a, ′b) RS-predicate (¬-[52 ]53 )where ¬ P ≡ λ L w . ∼ (P L w)

abbreviation mand :: ( ′a, ′b) RS-predicate⇒ ( ′a, ′b) RS-predicate⇒ ( ′a, ′b)RS-predicate (infixr∧51 )

where P ∧ Q ≡ λ L w . (P L (w)) ∧ (Q L (w))

abbreviation mor :: ( ′a, ′b) RS-predicate⇒ ( ′a, ′b) RS-predicate⇒ ( ′a, ′b) RS-predicate(infixr∨50 )

where P ∨ Q ≡ λ L w . P L (w)∨Q L (w)

abbreviation mimpl :: ( ′a, ′b) RS-predicate⇒ ( ′a, ′b) RS-predicate ⇒ ( ′a, ′b)RS-predicate (infixr→49 )

where P → Q ≡ λ L w . P L (w)−→Q L (w)

abbreviation mequiv :: ( ′a, ′b) RS-predicate⇒ ( ′a, ′b) RS-predicate⇒ ( ′a, ′b)RS-predicate (infixr↔48 )

where P ↔ Q ≡ λ L w . P L (w)←→ Q L (w)

abbreviation mboxR :: ( ′a, ′b) RS-predicate ⇒ ( ′a, ′b) RS-predicate (�R)where �R P L w ≡ ∀ γ. γ ∈ r-carrier L ∧ (r-RS w) RL γ −→ (P L (RSC γ

(s-RS w)))

abbreviation mboxS :: ( ′a, ′b) RS-predicate ⇒ ( ′a, ′b) RS-predicate (�S)where �S P L w ≡ ∀σ. σ ∈ s-carrier L ∧ (s-RS w) SL σ −→ (P L (RSC

(r-RS w) σ))

abbreviation mdiaR :: ( ′a, ′b) RS-predicate ⇒ ( ′a, ′b) RS-predicate (♦R)where ♦R P L w ≡ ∃ γ. γ ∈ r-carrier L ∧ (r-RS w) RL γ ∧ (P L (RSC γ (s-RS

w)))

abbreviation mdiaS :: ( ′a, ′b) RS-predicate ⇒ ( ′a, ′b) RS-predicate (♦S)where ♦S P L w ≡ ∃σ. σ ∈ s-carrier L ∧ (s-RS w) SL σ ∧ (P L (RSC (r-RS

5

w) σ))

abbreviation mbox :: ( ′a, ′b) RS-predicate ⇒ ( ′a, ′b) RS-predicate (�)where � P ≡ �R(�S(P))

abbreviation mdia :: ( ′a, ′b) RS-predicate⇒ ( ′a, ′b) RS-predicate (♦)where ♦P ≡ ♦R(♦S(P))

1.3 RS frames with two domains of variables

record ( ′a, ′b) two-sort-RS-frame = ′a RS-frame +carrier :: ′a sete-carrier :: ′b set

locale two-sort-S5-RS-frame = S5-RS-frame +assumes carrier : carrier L 6= {} and

carrierE : e-carrier L 6= {} andRcarrier1 : ∀ r . r ∈ r-carrier L −→ r ⊆ (carrier L) andScarrier1 : ∀ s. s ∈ s-carrier L −→ s ⊆ carrier L

type-synonym ( ′a, ′b, ′c) two-sort-RS-predicate = ( ′a, ′b, ′c) two-sort-RS-frame-scheme⇒ ′a RS ⇒ bool

abbreviation a-mforall :: ( ′a ⇒ ( ′a, ′b, ′c) two-sort-RS-predicate) ⇒ ( ′a, ′b, ′c)two-sort-RS-predicate

where a-mforall P ≡ λ L w . ∀ x . x ∈ carrier L −→ (P x ) L w

abbreviation a-mforallB :: ( ′a ⇒ ( ′a, ′b, ′c) two-sort-RS-predicate) ⇒ ( ′a, ′b, ′c)two-sort-RS-predicate (binder∀ a[8 ]9 )

where ∀ a x . P (x ) ≡ a-mforall P

abbreviation a-mexists :: ( ′a ⇒ ( ′a, ′b, ′c) two-sort-RS-predicate) ⇒ ( ′a, ′b, ′c)two-sort-RS-predicate

where a-mexists P ≡ λ L w .∃ x . x ∈ carrier L ∧ (P x ) L w

abbreviation a-mexistsB :: ( ′a ⇒ ( ′a, ′b, ′c) two-sort-RS-predicate) ⇒ ( ′a, ′b,′c) two-sort-RS-predicate (binder∃ a[8 ]9 )

where ∃ a x . P(x ) ≡ a-mexists P

abbreviation b-mforall :: ( ′b ⇒ ( ′a, ′b, ′c) two-sort-RS-predicate) ⇒ ( ′a, ′b, ′c)two-sort-RS-predicate

where b-mforall P ≡ λ L w . ∀ x . x ∈ e-carrier L −→ (P x ) L w

abbreviation b-mforallB :: ( ′b ⇒ ( ′a, ′b, ′c) two-sort-RS-predicate) ⇒ ( ′a, ′b,′c) two-sort-RS-predicate (binder∀ b[8 ]9 )

where ∀ b x . P (x ) ≡ b-mforall P

abbreviation b-mexists :: ( ′b ⇒ ( ′a, ′b, ′c) two-sort-RS-predicate) ⇒ ( ′a, ′b, ′c)

6

two-sort-RS-predicatewhere b-mexists P ≡ λ L w . ∃ x . x ∈ e-carrier L ∧ (P x ) L w

abbreviation b-mexistsB :: ( ′b ⇒ ( ′a, ′b, ′c) two-sort-RS-predicate) ⇒ ( ′a, ′b,′c) two-sort-RS-predicate (binder∃ b[8 ]9 )

where ∃ b x . P(x ) ≡ b-mexists P

abbreviation mvalid :: ( ′a, ′b, ′c) two-sort-RS-frame-scheme ⇒ ( ′a, ′b, ′c)two-sort-RS-predicate ⇒ bool (b-cı[7 ]8 )

where bpcL ≡ ∀ γ σ. γ ∈ r-carrier L ∧ σ ∈ s-carrier L −→ (p L (RSC γ σ))

abbreviation A-mforall :: ( ′a set ⇒ ( ′a, ′b, ′c) two-sort-RS-predicate) ⇒ ( ′a, ′b,′c) two-sort-RS-predicate

where A-mforall P ≡ λ L w . ∀ x . x ⊆ carrier L −→ (P x ) L w

abbreviation A-mforallB :: ( ′a set ⇒ ( ′a, ′b, ′c) two-sort-RS-predicate) ⇒ ( ′a,′b, ′c) two-sort-RS-predicate (binder∀ A[8 ]9 )

where ∀ A x . P (x ) ≡ A-mforall P

abbreviation A-mexists :: ( ′a set ⇒ ( ′a, ′b, ′c) two-sort-RS-predicate) ⇒ ( ′a, ′b,′c) two-sort-RS-predicate

where A-mexists P ≡ λ L w .∃ x . x ⊆ carrier L ∧ (P x ) L w

abbreviation A-mexistsB :: ( ′a set ⇒ ( ′a, ′b, ′c) two-sort-RS-predicate) ⇒ ( ′a,′b, ′c) two-sort-RS-predicate (binder∃ A[8 ]9 )

where ∃ A x . P(x ) ≡ A-mexists P

1.4 S5 Axioms, Barcan formula, etc. are satisfied

lemma (in two-sort-S5-RS-frame) box-neg-dia-neg-aR: b∀ a x .(�R (PX x )) ↔ (¬♦R(¬ PX x ))c by blastlemma (in two-sort-S5-RS-frame) box-neg-dia-neg-AR: b∀ A x .(�R (PX x )) ↔(¬ ♦R(¬ PX x ))c by blast

lemma (in two-sort-S5-RS-frame) box-neg-dia-neg-bR: b∀ bx .(�R (PX x )) ↔ (¬♦R(¬ PX x ))c by blast

lemma (in two-sort-S5-RS-frame) dia-neg-box-neg-aR: b∀ a x . (♦R(PX x ) ↔ (¬�R(¬(PXx ))))c by blastlemma (in two-sort-S5-RS-frame) dia-neg-box-neg-AR: b∀ A x . (♦R(PX x ) ↔(¬�R(¬(PX x ))))c by blastlemma (in two-sort-S5-RS-frame) dia-neg-box-neg-bR: b∀ b x . (♦R(PX x ) ↔ (¬�R(¬(PXx ))))c by blast

lemma (in two-sort-S5-RS-frame) K-aR-valid : b∀ a x .�R(PX x → QX x ) →(�R(PX x ) → �R(QX x ))c by blastlemma (in two-sort-S5-RS-frame) K-AR-valid : b∀ A x .�R(PX x → QX x ) →(�R(PX x ) → �R(QX x ))c by blast

7

lemma (in two-sort-S5-RS-frame) K-bR-valid : b∀ b x .�R(PX x → QX x ) →(�R(PX x ) → �R(QX x ))c by blast

lemma (in two-sort-S5-RS-frame) BC-aR-valid : b(∀ a x . �R(PX x )) ↔ (�R(∀ a

x .(PX x ))) c by fastlemma (in two-sort-S5-RS-frame) BC-AR-valid : b(∀ A x . �R(PX x )) ↔ (�R(∀ A

x .(PX x ))) c by fastforcelemma (in two-sort-S5-RS-frame) BC-bR-valid : b(∀ b x . �R(PX x )) ↔ (�R(∀ b

x .(PX x ))) c by fast

lemma (in two-sort-S5-RS-frame) box-neg-dia-neg-aS : b∀ a x .(�S (PX x )) ↔ (¬♦S(¬ PX x ))c by blastlemma (in two-sort-S5-RS-frame) box-neg-dia-neg-AS : b∀ A x .(�S (PX x )) ↔(¬ ♦S(¬ PX x ))c by blastlemma (in two-sort-S5-RS-frame) box-neg-dia-neg-bS : b∀ b x .(�S (PX x )) ↔ (¬♦S(¬ PX x ))c by blast

lemma (in two-sort-S5-RS-frame) dia-neg-box-neg-aS : b∀ a x . (♦S(PX x ) ↔(¬�S(¬(PX x ))))c by blastlemma (in two-sort-S5-RS-frame) dia-neg-box-neg-AS : b∀ A x . (♦S(PX x ) ↔(¬�S(¬(PX x ))))c by blastlemma (in two-sort-S5-RS-frame) dia-neg-box-neg-bS : b∀ b x . (♦S(PX x ) ↔(¬�S(¬(PX x ))))c by blast

lemma (in two-sort-S5-RS-frame) K-aS-valid : b∀ ax .�S(PX x → QX x ) →(�S(PX x ) → �S(QX x ))c by blastlemma (in two-sort-S5-RS-frame) K-AS-valid : b∀ Ax .�S(PX x → QX x ) →(�S(PX x ) → �S(QX x ))c by blastlemma (in two-sort-S5-RS-frame) K-bS-valid : b∀ bx .�S(PX x → QX x ) → (�S(PXx ) → �S(QX x ))c by blast

lemma (in two-sort-S5-RS-frame) BC-aS-valid : b(∀ a x . �S(PX x )) ↔ (�S(∀ a

x .(PX x ))) c by fastlemma (in two-sort-S5-RS-frame) BC-AS-valid : b(∀ A x . �S(PX x )) ↔ (�S(∀ A

x .(PX x ))) c by fastforcelemma (in two-sort-S5-RS-frame) BC-bS-valid : b(∀ b x . �S(PX x )) ↔ (�S(∀ b

x .(PX x ))) c by fast

lemma (in two-sort-S5-RS-frame) SR-iff-aRS : b∀ a x .(�S(�R(PX x ))) ↔ (�R(�S(PXx )))c by forcelemma (in two-sort-S5-RS-frame) SR-iff-ARS : b∀ A x .(�S(�R(PX x ))) ↔ (�R(�S(PXx )))c by forcelemma (in two-sort-S5-RS-frame) SR-iff-bRS : b∀ b x .(�S(�R(PX x ))) ↔ (�R(�S(PXx )))c by force

lemma (in two-sort-S5-RS-frame) box-neg-dia-neg-aRS : b∀ a x .(�(PX x )) ↔ (¬♦(¬ PX x ))c by blastlemma (in two-sort-S5-RS-frame) box-neg-dia-neg-ARS : b∀ A x .(�(PX x )) ↔(¬ ♦(¬ PX x ))c by blast

8

lemma (in two-sort-S5-RS-frame) box-neg-dia-neg-bRS : b∀ b x .(�(PX x )) ↔ (¬♦(¬ PX x ))c by blast

lemma (in two-sort-S5-RS-frame) dia-neg-box-neg-aRS : b∀ a x . (♦(PX x ) ↔(¬�(¬(PX x ))))c by blastlemma (in two-sort-S5-RS-frame) dia-neg-box-neg-ARS : b∀ A x . (♦(PX x ) ↔(¬�(¬(PX x ))))c by blastlemma (in two-sort-S5-RS-frame) dia-neg-box-neg-bRS : b∀ b x . (♦(PX x ) ↔(¬�(¬(PX x ))))c by blast

lemma (in two-sort-S5-RS-frame) K-aRS-valid : b∀ a x .�(PX x → QX x ) →(�(PX x ) → �(QX x ))c by simplemma (in two-sort-S5-RS-frame) K-ARS-valid : b∀ A x .�(PX x → QX x ) →(�(PX x ) → �(QX x ))c by simplemma (in two-sort-S5-RS-frame) K-bRS-valid : b∀ b x .�(PX x → QX x ) →(�(PX x ) → �(QX x ))c by simp

lemma (in S5-RS-frame) R-euclidean: [[x ∈ r-carrier L; y ∈ r-carrier L; z ∈r-carrier L; x RL y ; x RL z ]] =⇒ y RL z

using R-sym R-trans by blast

lemma (in S5-RS-frame) S-euclidean: [[x ∈ s-carrier L; y ∈ s-carrier L; z ∈s-carrier L; x SL y ; x SL z ]] =⇒ y SL z

using S-sym S-trans by blast

lemma (in two-sort-S5-RS-frame) T-aR-valid : b∀ a x . �R(PX x ) → (PX x )cusing R-ref by autolemma (in two-sort-S5-RS-frame) T-AR-valid : b∀ A x . �R(PX x ) → (PX x )cusing R-ref by auto

lemma (in two-sort-S5-RS-frame) T-bR-valid : b∀ b x . �R(PX x ) → (PX x )cusing R-ref by auto

lemma (in two-sort-S5-RS-frame) Five-aR-valid : b∀ a x .♦R (�R (PX x )) → �R

(♦R (PX x )) c using R-sym R-trans by (metis r-RS .simps s-RS .simps)lemma (in two-sort-S5-RS-frame) Five-AR-valid : b∀ A x .♦R (�R (PX x )) → �R

(♦R (PX x )) c using R-sym R-trans by (metis r-RS .simps s-RS .simps)lemma (in two-sort-S5-RS-frame) Five-bR-valid : b∀ b x .♦R (�R (PX x )) → �R

(♦R (PX x )) c using R-sym R-trans by (metis r-RS .simps s-RS .simps)

lemma (in two-sort-S5-RS-frame) T-aS-valid : b∀ a x . �S(PX x ) → (PX x )c us-ing S-ref by simplemma (in two-sort-S5-RS-frame) T-AS-valid : b∀ A x . �S(PX x ) → (PX x )cusing S-ref by simplemma (in two-sort-S5-RS-frame) T-bS-valid : b∀ b x . �S(PX x ) → (PX x )c usingS-ref by simp

lemma (in two-sort-S5-RS-frame) Five-aS-valid : b∀ a x .♦S (�S (PX x )) → �S

9

(♦S (PX x )) c using S-sym S-trans by (metis r-RS .simps s-RS .simps)lemma (in two-sort-S5-RS-frame) Five-AS-valid : b∀ A x .♦S (�S (PX x )) → �S

(♦S (PX x )) c using S-sym S-trans by (metis r-RS .simps s-RS .simps)lemma (in two-sort-S5-RS-frame) Five-bS-valid : b∀ b x .♦S (�S (PX x )) → �S

(♦S (PX x )) c using S-sym S-trans by (metis r-RS .simps s-RS .simps)

lemma (in two-sort-S5-RS-frame) T-aRS-valid : b∀ a x . �(PX x ) → (PX x )c us-ing R-ref S-ref by simplemma (in two-sort-S5-RS-frame) T-ARS-valid : b∀ A x . �(PX x ) → (PX x )cusing R-ref S-ref by simplemma (in two-sort-S5-RS-frame) T-bRS-valid : b∀ b x . �(PX x ) → (PX x )c us-ing R-ref S-ref by simp

lemma (in two-sort-S5-RS-frame) Five-RS-valid : b∀ a x .♦ (� (PX x )) → � (♦(PX x )) c using R-sym R-trans S-sym S-trans by (metis r-RS .simps s-RS .simps)

1.5 KS - structures

record ( ′a, ′b) porder-two-sort-RS-frame = ( ′a, ′b) two-sort-RS-frame +le :: ′a ⇒ ′a ⇒ bool (infixl vı 50 )

record ( ′a, ′b) TS-porder-two-sort-RS-frame = ( ′a, ′b) porder-two-sort-RS-frame+

ts :: ′a ⇒ ′a RS ⇒ bool (TS ı)

record ( ′a, ′b) Inst-TS-porder-two-sort-RS-frame = ( ′a, ′b) TS-porder-two-sort-RS-frame+

inst :: ′b ⇒ ′b ⇒ ′a ⇒ ′a RS ⇒ bool (Inst ı)

record ( ′a, ′b) AtE-Inst-TS-porder-two-sort-RS-frame = ( ′a, ′b) Inst-TS-porder-two-sort-RS-frame+

ate :: ′b ⇒ ′a RS ⇒ bool (AtE ı)

nitpick-params [timeout = 3600 ]lemma True nitpick [show-all ,satisfy , user-axioms, expect = genuine, show-types,verbose, dont-box ]

oops

end

theory PLattice imports S5-2D-base begin

10

2 Mereology (adopted from Clemens Ballari et.al)

2.1 Partial order

locale S5-RS-2S-partial-order = two-sort-S5-RS-frame L for L (structure) +assumes le-refl [intro, simp]:

x ∈ carrier L ==> x v xand le-antisym [intro]:

[| x v y ; y v x ; x ∈ carrier L; y ∈ carrier L |] ==> x = yand le-trans [trans]:

[| x v y ; y v z ; x ∈ carrier L; y ∈ carrier L; z ∈ carrier L |] ==> x v z

definitionlless :: [-, ′a, ′a] => bool (infixl @ı 50 )where x @L y ←→ x vL y & x 6= y

lemma (in S5-RS-2S-partial-order) eq-impl-le [intro, simp]:assumes x = y x ∈ carrier Lshows x v yusing assms by auto

lemma llessI :fixes L (structure)assumes x v y and ∼(x = y)shows x @ yusing assms unfolding lless-def by simp

lemma lless-imp-le:fixes R (structure)assumes x @ yshows x v yusing assms unfolding lless-def by simp

lemma lless-imp-not-eq :fixes R (structure)assumes x @ yshows ¬ (x = y)using assms unfolding lless-def by simp

lemma llessE :fixes R (structure)assumes p: x @ y and e: [[x v y ; ¬ (x = y)]] =⇒ Pshows Pusing p by (blast dest : lless-imp-le lless-imp-not-eq e)

11

lemma (in S5-RS-2S-partial-order) lless-antisym:assumes a ∈ carrier L b ∈ carrier L

and a @ b b @ ashows Pusing assmsby (elim llessE ) auto

lemma (in S5-RS-2S-partial-order) lless-trans [trans]:assumes a @ b b @ c

and carr [simp]: a ∈ carrier L b ∈ carrier L c ∈ carrier Lshows a @ cusing assms unfolding lless-def by (blast dest : le-trans intro: sym)

2.2 Upper and lower bounds of a set

definitionUpper :: [-, ′a set ] => ′a setwhere Upper L A = {u. (ALL x . x ∈ A ∩ carrier L −−> x vL u)} ∩ carrier L

definitionLower :: [-, ′a set ] => ′a setwhere Lower L A = {l . (ALL x . x ∈ A ∩ carrier L −−> l vL x )} ∩ carrier L

lemma Upper-closed [intro!, simp]:Upper L A ⊆ carrier Lby (unfold Upper-def ) clarify

lemma Upper-memD [dest ]:fixes L (structure)shows [| u ∈ Upper L A; x ∈ A; A ⊆ carrier L |] ==> x v u ∧ u ∈ carrier Lby (unfold Upper-def ) blast

lemma Upper-elemD [dest ]:fixes L (structure)assumes u ∈ Upper L A u ∈ carrier L x ∈ A A ⊆ carrier L

shows x v uunfolding Upper-defusing assms by auto

lemma Upper-memI :fixes L (structure)shows [| !! y . y ∈ A ==> y v x ; x ∈ carrier L |] ==> x ∈ Upper L Aby (unfold Upper-def ) blast

lemma Upper-antimono:A ⊆ B ==> Upper L B ⊆ Upper L A

12

by (unfold Upper-def ) blast

lemma Upper-empty [simp]:Upper L {} = carrier Lby (unfold Upper-def ) simp

lemma Lower-closed [intro!, simp]:Lower L A ⊆ carrier Lby (unfold Lower-def ) clarify

lemma Lower-memD [dest ]:fixes L (structure)shows [| l ∈ Lower L A; x ∈ A; A ⊆ carrier L |] ==> l v x ∧ l ∈ carrier Lby (unfold Lower-def ) blast

lemma Lower-memI :fixes L (structure)shows [| !! y . y ∈ A ==> x v y ; x ∈ carrier L |] ==> x ∈ Lower L Aby (unfold Lower-def ) blast

lemma Lower-antimono:A ⊆ B ==> Lower L B ⊆ Lower L Aby (unfold Lower-def ) blast

lemma Lower-empty [simp]:Lower L {} = carrier Lby (unfold Lower-def ) simp

2.3 Least and greatest, as predicate

definitionleast :: [-, ′a, ′a set ] => boolwhere least L l A ←→ A ⊆ carrier L & l ∈ A & (ALL x : A. l vL x )

definitiongreatest :: [-, ′a, ′a set ] => boolwhere greatest L g A ←→ A ⊆ carrier L & g ∈ A & (ALL x : A. x vL g)

lemma least-closed [intro, simp]:least L l A ==> l ∈ carrier Lby (unfold least-def ) fast

lemma least-mem:least L l A ==> l ∈ Aby (unfold least-def ) fast

13

lemma (in S5-RS-2S-partial-order) least-unique:[| least L x A; least L y A |] ==> x = yby (unfold least-def ) blast

lemma least-le:fixes L (structure)shows [| least L x A; a ∈ A |] ==> x v aby (unfold least-def ) fast

lemma least-UpperI :fixes L (structure)assumes above: !! x . x ∈ A ==> x v s

and below : !! y . y ∈ Upper L A ==> s v yand L: A ⊆ carrier L s ∈ carrier L

shows least L s (Upper L A)proof −

have Upper L A ⊆ carrier L by simpmoreover from above L have s ∈ Upper L A by (simp add : Upper-def )moreover from below have ALL x : Upper L A. s v x by fastultimately show ?thesis by (simp add : least-def )

qed

lemma least-Upper-above:fixes L (structure)shows [| least L s (Upper L A); x ∈ A; A ⊆ carrier L |] ==> x v sby (unfold least-def ) blast

lemma greatest-closed [intro, simp]:greatest L l A ==> l ∈ carrier Lby (unfold greatest-def ) fast

lemma greatest-mem:greatest L l A ==> l ∈ Aby (unfold greatest-def ) fast

lemma (in S5-RS-2S-partial-order) greatest-unique:[| greatest L x A; greatest L y A |] ==> x = yby (unfold greatest-def ) blast

lemma greatest-le:fixes L (structure)shows [| greatest L x A; a ∈ A |] ==> a v xby (unfold greatest-def ) fast

lemma greatest-LowerI :fixes L (structure)assumes below : !! x . x ∈ A ==> i v x

14

and above: !! y . y ∈ Lower L A ==> y v iand L: A ⊆ carrier L i ∈ carrier L

shows greatest L i (Lower L A)proof −

have Lower L A ⊆ carrier L by simpmoreover from below L have i ∈ Lower L A by (simp add : Lower-def )moreover from above have ALL x : Lower L A. x v i by fastultimately show ?thesis by (simp add : greatest-def )

qed

lemma greatest-Lower-below :fixes L (structure)shows [| greatest L i (Lower L A); x ∈ A; A ⊆ carrier L |] ==> i v xby (unfold greatest-def ) blast

2.4 Upper Semi-Lattices

definitionsup :: [-, ′a set ] => ′a (

⊔ı- [90 ] 90 )

where⊔

LA = (SOME x . least L x (Upper L A))

definitionjoin :: [-, ′a, ′a] => ′a (infixl tı 65 )where x tL y =

⊔L{x , y}

locale upper-semilattice = S5-RS-2S-partial-order L for L (structure) +assumes sup-of-two-exists:

[| x ∈ carrier L; y ∈ carrier L |] ==> EX s. least L s (Upper L {x , y})

lemma (in upper-semilattice) joinI :[| !!l . least L l (Upper L {x , y}) ==> P l ; x ∈ carrier L; y ∈ carrier L |]==> P (x t y)

proof (unfold join-def sup-def )assume L: x ∈ carrier L y ∈ carrier L

and P : !!l . least L l (Upper L {x , y}) ==> P lwith sup-of-two-exists obtain s where least L s (Upper L {x , y}) by fastwith L show P (SOME l . least L l (Upper L {x , y}))

by (fast intro: someI2 P)qed

lemma (in upper-semilattice) join-closed [simp]:[| x ∈ carrier L; y ∈ carrier L |] ==> x t y ∈ carrier Lby (rule joinI ) (rule least-closed)

15

lemma (in S5-RS-2S-partial-order) sup-of-singletonI :x ∈ carrier L ==> least L x (Upper L {x})by (rule least-UpperI ) auto

lemma (in S5-RS-2S-partial-order) sup-of-singleton [simp]:x ∈ carrier L ==>

⊔{x} = x

unfolding sup-defby (rule someI2 ) (auto intro: least-unique sup-of-singletonI )

lemma (in S5-RS-2S-partial-order) sup-of-singleton-closed [simp]:x ∈ carrier L =⇒

⊔{x} ∈ carrier L

unfolding sup-defby (rule someI2 ) (auto intro: sup-of-singletonI )

lemma (in upper-semilattice) sup-insertI :[| !!s. least L s (Upper L (insert x A)) ==> P s;least L a (Upper L A); x ∈ carrier L; A ⊆ carrier L |]==> P (

⊔(insert x A))

proof (unfold sup-def )assume L: x ∈ carrier L A ⊆ carrier L

and P : !!l . least L l (Upper L (insert x A)) ==> P land least-a: least L a (Upper L A)

from L least-a have La: a ∈ carrier L by simpfrom L sup-of-two-exists least-aobtain s where least-s: least L s (Upper L {a, x}) by blastshow P (SOME l . least L l (Upper L (insert x A)))proof (rule someI2 )

show least L s (Upper L (insert x A))proof (rule least-UpperI )

fix zassume z ∈ insert x Athen show z v sproof

assume z = x then show ?thesisby (simp add : least-Upper-above [OF least-s] L La)

nextassume z ∈ Awith L least-s least-a show ?thesis

by (rule-tac le-trans [where y = a]) (auto dest : least-Upper-above)qed

nextfix yassume y : y ∈ Upper L (insert x A)show s v yproof (rule least-le [OF least-s], rule Upper-memI )

fix zassume z : z ∈ {a, x}

16

then show z v yproof

have y ′: y ∈ Upper L Aapply (rule subsetD [where A = Upper L (insert x A)])apply (rule Upper-antimono)apply blast

apply (rule y)done

assume z = awith y ′ least-a show ?thesis by (fast dest : least-le)

nextassume z ∈ {x}with y L show ?thesis by blast

qedqed (rule Upper-closed [THEN subsetD , OF y ])

nextfrom L show insert x A ⊆ carrier L by simpfrom least-s show s ∈ carrier L by simp

qedqed (rule P)

qed

lemma (in upper-semilattice) finite-sup-least :[| finite A; A ⊆ carrier L; A ∼= {} |] ==> least L (

⊔A) (Upper L A)

proof (induct set : finite)case emptythen show ?case by simp

nextcase (insert x A)show ?caseproof (cases A = {})

case Truewith insert show ?thesis

by simp (simp add : sup-of-singletonI )next

case Falsewith insert have least L (

⊔A) (Upper L A) by simp

with - show ?thesisby (rule sup-insertI ) (simp-all add : insert [simplified ])

qedqed

lemma (in upper-semilattice) finite-sup-insertI :assumes P : !!l . least L l (Upper L (insert x A)) ==> P l

and xA: finite A x ∈ carrier L A ⊆ carrier Lshows P (

⊔(insert x A))

proof (cases A = {})case True with P and xA show ?thesis

using finite-sup-least by blast

17

nextcase False with P and xA show ?thesis

by (simp add : sup-insertI finite-sup-least)qed

lemma (in upper-semilattice) finite-sup-closed [simp]:[| finite A; A ⊆ carrier L; A ∼= {} |] ==>

⊔A ∈ carrier L

proof (induct set : finite)case empty then show ?case by simp

nextcase insert then show ?case

by − (rule finite-sup-insertI , simp-all)qed

lemma (in upper-semilattice) join-left :[| x ∈ carrier L; y ∈ carrier L |] ==> x v x t yby (rule joinI [folded join-def ]) (blast dest : least-mem)

lemma (in upper-semilattice) join-right :[| x ∈ carrier L; y ∈ carrier L |] ==> y v x t yby (rule joinI [folded join-def ]) (blast dest : least-mem)

lemma (in upper-semilattice) sup-of-two-least :[| x ∈ carrier L; y ∈ carrier L |] ==> least L (

⊔{x , y}) (Upper L {x , y})

proof (unfold sup-def )assume L: x ∈ carrier L y ∈ carrier Lwith sup-of-two-exists obtain s where least L s (Upper L {x , y}) by fastwith L show least L (SOME z . least L z (Upper L {x , y})) (Upper L {x , y})by (fast intro: someI2 least-unique)

qed

lemma (in upper-semilattice) join-le:assumes sub: x v z y v z

and x : x ∈ carrier L and y : y ∈ carrier L and z : z ∈ carrier Lshows x t y v z

proof (rule joinI [OF - x y ])fix sassume least L s (Upper L {x , y})with sub z show s v z by (fast elim: least-le intro: Upper-memI )

qed

lemma (in upper-semilattice) join-assoc-lemma:assumes L: x ∈ carrier L y ∈ carrier L z ∈ carrier Lshows x t (y t z ) =

⊔{x , y , z}

proof (rule finite-sup-insertI )— The textbook argument in Jacobson I, p 457fix sassume sup: least L s (Upper L {x , y , z})show x t (y t z ) = s

18

proof (rule le-antisym)from sup L show x t (y t z ) v s

by (fastforce intro!: join-le elim: least-Upper-above)next

from sup L show s v x t (y t z )by (erule-tac least-le)

(blast intro!: Upper-memI intro: le-trans join-left join-right join-closed)qed (simp-all add : L least-closed [OF sup])

qed (simp-all add : L)

lemma join-comm:fixes L (structure)shows x t y = y t xby (unfold join-def ) (simp add : insert-commute)

lemma (in upper-semilattice) join-assoc:assumes L: x ∈ carrier L y ∈ carrier L z ∈ carrier Lshows (x t y) t z = x t (y t z )

proof −have (x t y) t z = z t (x t y) by (simp only : join-comm)also from L have ... =

⊔{z , x , y} by (simp add : join-assoc-lemma)

also from L have ... =⊔{x , y , z} by (simp add : insert-commute)

also from L have ... = x t (y t z ) by (simp add : join-assoc-lemma [symmetric])finally show ?thesis by (simp add : L)

qed

lemma (in upper-semilattice) le-iff-join:fixes x yassumes carr : x ∈ carrier L y ∈ carrier L

shows (x vL y) = (x t y = y) using assms by (metis eq-impl-le join-closedjoin-le join-left join-right local .le-antisym)

lemma (in upper-semilattice) join-idemp:fixes xassumes carr : x ∈ carrier Lshows (x t x = x ) unfolding join-def using assms by simp

2.5 Complete upper semi-lattices

locale complete-upper-semilattice = upper-semilattice L for L (structure) +assumes sup-exists:

[| A 6= {}; A ⊆ carrier L |] ==> EX s. least L s (Upper L A)

definitiontop :: - => ′a (>ı)

19

where >L = sup L (carrier L)

lemma (in complete-upper-semilattice) supI :[| !!l . least L l (Upper L A) ==> P l ; A ⊆ carrier L; A 6={} |]==> P (

⊔A)

proof (unfold sup-def )assume L: A 6={} A ⊆ carrier L

and P : !!l . least L l (Upper L A) ==> P lwith sup-exists obtain s where least L s (Upper L A) by blastwith L show P (SOME l . least L l (Upper L A))by (fast intro: someI2 least-unique P)

qed

lemma (in complete-upper-semilattice) sup-closed [simp]:[[ A 6= {}; A ⊆ carrier L]] =⇒

⊔A ∈ carrier L

by (rule supI ) simp-all

lemma (in complete-upper-semilattice) top-closed [simp, intro]:(carrier L) 6= {} =⇒ > ∈ carrier Lby (unfold top-def ) simp

2.6 Infimum

definitioninf :: [-, ′a set ] => ′a (

dı- [90 ] 90 )

whered

LA = (SOME x . greatest L x (Lower L A))

definitionbottom :: - => ′a (⊥ı)where ⊥L = inf L (carrier L)

lemma (in S5-RS-2S-partial-order) inf-of-singletonI :x ∈ carrier L ==> greatest L x (Lower L {x})by (rule greatest-LowerI ) auto

lemma (in S5-RS-2S-partial-order) inf-of-singleton [simp]:x ∈ carrier L ==>

d{x} = x

unfolding inf-defby (rule someI2 ) (auto intro: greatest-unique inf-of-singletonI )

lemma (in S5-RS-2S-partial-order) inf-of-singleton-closed :x ∈ carrier L ==>

d{x} ∈ carrier L

unfolding inf-defby (rule someI2 ) (auto intro: inf-of-singletonI )

lemma bottom-to-gL:assumes a1 : x∈carrier L

20

assumes a2 : ∀ y∈carrier L. x vL yshows greatest L x (Lower L (carrier L)) ∧ x ∈ carrier L

by (simp add : Lower-memD a1 a2 greatest-LowerI )

lemma gL-to-bottom:assumes greatest L x (Lower L (carrier L))

assumes x ∈ carrier Lshows ∀ y∈carrier L. x vL y by (meson assms(1 ) greatest-Lower-below subset-iff )

2.7 Infimum meet and complement and difference as rela-tions

definitionis-inf :: [-, ′a set , ′a] => boolwhere is-inf L A a ≡ greatest L a (Lower L A)

definitionis-meet :: [-, ′a, ′a, ′a] => boolwhere is-meet L x y z ≡ is-inf L {x , y} z

definitionis-compl :: [-, ′a, ′a] => boolwhere is-compl L x x ′ ≡ x ′ ∈ carrier L ∧ ¬(∃ y . is-inf L {x , x ′} y) ∧ (>L = xtL x ′)

definitionis-diff :: [-, ′a, ′a, ′a] => boolwhere is-diff L x y z ≡ ∃ y ′. is-compl L y y ′ ∧ is-inf L {x ,y ′} z

lemma (in S5-RS-2S-partial-order) is-infI :assumes greatest L a (Lower L A)shows is-inf L A ausing assms unfolding is-inf-def by simp

lemma (in S5-RS-2S-partial-order) is-meetI :assumes is-inf L {x , y} zshows is-meet L x y zusing assms unfolding is-meet-def by simp

lemma (in S5-RS-2S-partial-order) is-complI :assumes x ′ ∈ carrier L ¬(∃ y . is-inf L {x , x ′} y) (>L = x tL x ′)shows is-compl L x x ′

using assms unfolding is-compl-def by simp

lemma (in S5-RS-2S-partial-order) is-diffI :assumes ∃ y ′. is-compl L y y ′ ∧ is-inf L {x ,y ′} zshows is-diff L x y zusing assms unfolding is-diff-def by simp

21

lemma (in S5-RS-2S-partial-order) is-infE :assumes p: is-inf L A a and e: [[greatest L a (Lower L A)]] =⇒ Pshows Pusing p by (simp add : e is-inf-def )

lemma (in S5-RS-2S-partial-order) is-meetE :assumes p: is-meet L x y z and e: [[is-inf L {x ,y} z ]] =⇒ Pshows Pusing p by (simp add : e is-meet-def )

lemma (in S5-RS-2S-partial-order) is-complE :assumes p: is-compl L x x ′ and e: [[x ′ ∈ carrier L;¬(∃ y . is-inf L {x , x ′} y);

(>L = x tL x ′)]] =⇒ Pshows Pusing p by (simp add : e is-compl-def )

lemma (in S5-RS-2S-partial-order) is-diffE :assumes p: is-diff L x y z and e: [[∃ y ′. is-compl L y y ′ ∧ is-inf L {x ,y ′} z ]] =⇒

Pshows Pusing p by (simp add : e is-diff-def )

lemma (in S5-RS-2S-partial-order) is-inf-closed :assumes is-inf L {x ,y} zshows z ∈ carrier Lby (meson assms greatest-closed is-infE )

lemma (in S5-RS-2S-partial-order) is-meet-closed :assumes is-meet L x y zshows z ∈ carrier Lby (meson assms is-inf-closed is-meetE )

lemma (in S5-RS-2S-partial-order) is-compl-closed :assumes is-compl L x x ′

shows x ′ ∈ carrier L using assms is-complE by blast

lemma (in S5-RS-2S-partial-order) is-meet-refl : x ∈ carrier L =⇒ is-meet L x xxproof −

assume carr : x ∈ carrier Lshow is-meet L x x xproof (unfold is-meet-def is-inf-def , rule greatest-LowerI )

show∧

xa. xa ∈ {x , x} =⇒ x v xa using carr by blastnext

show∧

y . y ∈ Lower L {x , x} =⇒ y v x using carr by blastnext

show {x , x} ⊆ carrier L using carr by blast

22

nextshow x ∈ carrier L using carr by blast

qedqed

lemma is-meet-sym: is-meet L x y z =⇒ is-meet L y x z unfolding is-meet-defby (simp add : insert-commute)

lemma (in complete-upper-semilattice) compl-impl-neg-is-meet :fixes x x ′

assumes isCompl : is-compl L x x ′

shows ¬(∃ y . is-meet L x x ′ y)proof

assume a1 : (∃ y . is-meet L x x ′ y)show Falseproof (rule is-complE [of x x ′])

from assms show is-compl L x x ′ by autonext

assume a2 : @ y . is-inf L {x , x ′} y and a3 : > = x t x ′

show False by (meson a1 a2 is-meetE )qed

qed

lemma (in S5-RS-2S-partial-order) compl-impl-join-top:fixes x x ′

assumes isCompl : is-compl L x x ′

shows x tL x ′ = >Lproof (rule is-complE [of x x ′])

show is-compl L x x ′ using isCompl by autonext

assume a1 : @ y . is-inf L {x , x ′} yassume a2 : > = x t x ′

show x t x ′ = > using a2 by autoqed

lemma (in complete-upper-semilattice) is-compl-idemp:fixes x x ′ x ′′

assumes x ∈ carrier L is-compl L x x ′ is-compl L x ′ x ′′

shows x = x ′′

oops

2.8 Meet and Overlap in partial orders

definitionoverlap :: [-, ′a, ′a] => bool (infixl .O ı 70 )where x .OL y ≡ (∃ z . z ∈ carrier L ∧ z vL x ∧ z vL y)

definition PO :: [-, ′a, ′a] => bool

23

where PO L x y ≡ x .OL y ∧ ¬ ( x vL y) ∧ ¬ ( y vL x )

lemma (in S5-RS-2S-partial-order) O-refl :assumes x ∈ carrier Lshows x .O x

proof −from assms have x v x using le-refl by blastfrom this and assms have ∃ z . z ∈ carrier L ∧ z v x ∧ z v x by blastfrom this show ?thesis by (simp add : overlap-def )

qed

lemma O-sym:fixes L (structure)assumes x .O yshows y .O x

proof −from assms have (∃ z . z ∈ carrier L ∧ z v x ∧ z v y) by (simp add : overlap-def )from this have (∃ z . z∈ carrier L ∧ z v y ∧ z v x ) by autofrom this show ?thesis by (simp add : overlap-def )

qed

lemma overlapI :fixes L (structure)assumes ∃ z . z ∈ carrier L ∧ z vL x ∧ z vL yshows x .OL yusing assms unfolding overlap-def by auto

lemma overlapE :fixes L (structure)assumes x .O y and [[∃ z . z ∈ carrier L ∧ z v x ∧ z v y ]] =⇒ Pshows Pusing assms by (simp add : overlap-def )

lemma (in S5-RS-2S-partial-order) le-and-O-imp-O :assumes mem: x ∈ carrier L y ∈ carrier Lassumes le: x v y and o: x .O zshows y .O z

proof −from o have ∃ zz . zz ∈ carrier L ∧ zz v x ∧ zz v z by (simp add : overlap-def )from this obtain zz where l1 : zz ∈ carrier L ∧ zz v x ∧ zz v z by blastfrom this and le and mem have zz v y using le-trans by blastfrom this and l1 have ∃ zz . zz ∈ carrier L ∧ zz v y ∧ zz v z by blastfrom this show ?thesis by (simp add : overlap-def )

qed

lemma (in S5-RS-2S-partial-order) le-impl-O :assumes x ∈ carrier Lassumes x v y

24

shows x .O yproof −

from assms have ∃ z . z ∈ carrier L ∧ z v x ∧ z v y using le-refl by blastfrom this show ?thesis by (simp add : overlap-def )

qed

lemma (in S5-RS-2S-partial-order) le-impl-O-impl-O :fixes x yassumes x ∈ carrier L y ∈ carrier Lassumes x v yshows ∀ z . z ∈ carrier L ∧ z .O x −→ z .O y

prooffix zshow z ∈ carrier L ∧ z .O x −→ z .O yproof

assume a: z ∈ carrier L ∧ z .O xshow z .O yproof (rule overlapI )

from a have ∃ za. za ∈ carrier L ∧ za v z ∧ za v x unfolding overlap-defby auto

from this obtain za where ll2 : za ∈ carrier L ∧ za v z ∧ za v x by autofrom this and assms have za v y using le-trans by autofrom this and ll2 show ∃ za. za ∈ carrier L ∧ za v z ∧ za v y by blast

qedqed

qed

lemma (in S5-RS-2S-partial-order) PO-irrfl :assumes carr : x ∈ carrier Lshows ¬(PO L x x )

proofassume a: PO L x xfrom carr and a show False unfolding PO-def by blast

qed

lemma (in S5-RS-2S-partial-order) PO-sym:assumes PO L x yshows PO L y x

proof −from assms show ?thesis unfolding PO-def by (simp add : O-sym)

qed

lemma (in S5-RS-2S-partial-order) neg-le-impl-negO-or-PO-or-lless:assumes carr : x ∈ carrier L y ∈ carrier Lassumes neg-le: ¬ x v yshows (¬ (x .O y)) ∨ (PO L x y ∨ y @ x )

25

using PO-def llessI neg-le by fastforce

lemma (in S5-RS-2S-partial-order) negO-or-PO-or-lless-impl-neg-le:assumes carr : x ∈ carrier L y ∈ carrier Lassumes (¬ (x .O y)) ∨ (PO L x y ∨ y @ x )shows ¬ x v y

by (metis PO-def assms(3 ) carr(1 ) carr(2 ) le-impl-O llessE local .le-antisym)

lemma (in S5-RS-2S-partial-order) neg-le-iff-negO-or-PO-or-lless:[[x ∈ carrier L; y ∈ carrier L]] =⇒ (¬ x v y = (¬ (x .O y)) ∨ (PO L x y ∨ y @

x ))using le-impl-O neg-le-impl-negO-or-PO-or-lless by blast

lemma (in S5-RS-2S-partial-order) is-meet-impl-overlap: [[x ∈ carrier L;y ∈ car-rier L; (is-meet L x y z )]] =⇒ (x .OL y)proof −

fix x y zassume carrX : x ∈ carrier L and carrY : y ∈ carrier Lshow (is-meet L x y z ) =⇒ (x .O y)proof −

assume a1 : is-meet L x y zshow (x .OL y)proof (rule overlapI [of L x y ], rule is-meetE [of x y z ])

from a1 show is-meet L x y z by simpnext

assume a2 : is-inf L {x , y} zshow ∃ z . z ∈carrier L ∧ z v x ∧ z v yproof (rule exI [of λz . z ∈ carrier L ∧ z v x ∧ z v y z ], rule is-infE [of

{x , y} z ])show is-inf L {x , y} z using a2 by simp

nextassume a3 : greatest L z (Lower L {x , y})show z ∈ carrier L ∧ z v x ∧ z v y

proof (rule conjI )from a3 show z ∈ carrier L using greatest-closed by auto

nextshow z v x ∧ z v yproof (rule conjI )from carrX and carrY and a3 show z v x using greatest-Lower-below

[of L z {x , y} x ] by blastnextfrom carrX and carrY and a3 show z v y using greatest-Lower-below

[of L z {x , y} y ] by blastqed

qedqed

qedqed

qed

26

lemma (in S5-RS-2S-partial-order) is-meet-left :[| x ∈ carrier L; y ∈ carrier L; z ∈ carrier L; is-meet L x y z |] ==> z v xunfolding is-meet-def using greatest-mem Lower-memD is-inf-def by fastforce

lemma (in S5-RS-2S-partial-order) is-meet-right :[| x ∈ carrier L; y ∈ carrier L; z ∈ carrier L; is-meet L x y z |] ==> z v yunfolding is-meet-def using greatest-mem Lower-memD is-inf-def by fastforce

2.9 partial lower semilattice

locale partial-lower-semilattice = S5-RS-2S-partial-order L for L (structure) +assumes inf-of-two-exists:

[| x ∈ carrier L; y ∈ carrier L; x .OL y |] ==> EX s. greatest L s (Lower L{x , y})

lemma (in partial-lower-semilattice) inf-insertI :[| !!i . greatest L i (Lower L (insert x A)) ==> P i ;greatest L a (Lower L A); x ∈ carrier L; A ⊆ carrier L; a .OL x |]==> P (

d(insert x A))

proof (unfold inf-def )assume L: x ∈ carrier L A ⊆ carrier L

and P : !!g . greatest L g (Lower L (insert x A)) ==> P gand O : a .OL xand greatest-a: greatest L a (Lower L A)

from L greatest-a have La: a ∈ carrier L by simpfrom L inf-of-two-exists greatest-a Oobtain i where greatest-i : greatest L i (Lower L {a, x}) by blastshow P (SOME g . greatest L g (Lower L (insert x A)))proof (rule someI2 )

show greatest L i (Lower L (insert x A))proof (rule greatest-LowerI )

fix zassume z ∈ insert x Athen show i v zproof

assume z = x then show ?thesisby (simp add : greatest-Lower-below [OF greatest-i ] L La)

nextassume z ∈ Awith L greatest-i greatest-a show ?thesis

by (rule-tac le-trans [where y = a]) (auto dest : greatest-Lower-below)qed

nextfix y

27

assume y : y ∈ Lower L (insert x A)show y v iproof (rule greatest-le [OF greatest-i ], rule Lower-memI )

fix zassume z : z ∈ {a, x}then show y v zproof

have y ′: y ∈ Lower L Aapply (rule subsetD [where A = Lower L (insert x A)])apply (rule Lower-antimono)apply blast

apply (rule y)done

assume z = awith y ′ greatest-a show ?thesis by (fast dest : greatest-le)

nextassume z ∈ {x}with y L show ?thesis by blast

qedqed (rule Lower-closed [THEN subsetD , OF y ])

nextfrom L show insert x A ⊆ carrier L by simpfrom greatest-i show i ∈ carrier L by simp

qedqed (rule P)

qed

lemma (in partial-lower-semilattice) inf-of-two-greatest :[| x ∈ carrier L; y ∈ carrier L; x .O y |] ==>greatest L (

d{x , y}) (Lower L {x , y})

proof (unfold inf-def )assume L: x ∈ carrier L y ∈ carrier L x .O ywith inf-of-two-exists obtain s where greatest L s (Lower L {x , y}) by fastwith Lshow greatest L (SOME z . greatest L z (Lower L {x , y})) (Lower L {x , y})by (fast intro: someI2 greatest-unique)

qed

lemma (in partial-lower-semilattice) overlap-impl-is-meet : [[x ∈ carrier L;y ∈ car-rier L; x .O y ]] =⇒ (∃ z . is-meet L x y z )proof −

fix x yassume carr : x ∈ carrier L y ∈ carrier Lassume O : x .O y

28

show (∃ z . is-meet L x y z )proof−from carr and O have ∃ z . greatest L z (Lower L {x , y}) using inf-of-two-exists

by blastfrom this show ?thesis using is-meetI is-infI by blast

qedqed

lemma (in partial-lower-semilattice) greatest-lower-le:assumes sub: z v x z v y

and x : x ∈ carrier L and y : y ∈ carrier L and z : z ∈ carrier Lshows ∃ zz . greatest L zz (Lower L {x , y}) ∧ z v zz

proof −from sub z have x .O y using overlapI by fastforcefrom x y this have EX s. greatest L s (Lower L {x , y}) using inf-of-two-exists

by autofrom this obtain s where l1 : greatest L s (Lower L {x , y}) by autoshow ?thesisproof(rule exI [of λzz . greatest L zz (Lower L {x , y}) ∧ z v zz s], rule conjI )

from l1 show greatest L s (Lower L {x , y}) by autonext

from sub z l1 show z v s by (fast elim: greatest-le intro: Lower-memI )qed

qed

lemma (in partial-lower-semilattice) le-and-le-imp-is-meet-le:assumes sub: z v x z v y

and x : x ∈ carrier L and y : y ∈ carrier L and z : z ∈ carrier Lshows ∃ zz . is-meet L x y zz ∧ z v zz using assms greatest-lower-le by (meson

is-infI is-meetI )

lemma (in partial-lower-semilattice) is-meet-imp-le-and-le:assumes is-meet L x y z

and x : x ∈ carrier L and y : y ∈ carrier L and z : z ∈ carrier Lshows z v x ∧ z v y using assms is-meet-left is-meet-right by blast

lemma (in partial-lower-semilattice) overlap-iff-is-meet :assumes carr : x ∈ carrier L and y : y ∈ carrier Lshows (x .OL y) = (∃ z . is-meet L x y z ) unfolding overlap-def using assms

le-and-le-imp-is-meet-le is-meet-imp-le-and-le by (meson is-meet-closed)

2.10 Partial lattices

locale partial-lattice = complete-upper-semilattice L + partial-lower-semilattice Lfor L (structure)

29

2.11 Total Orders

locale S5-RS-2S-total-order = S5-RS-2S-partial-order +assumes total-order-total : [| x ∈ carrier L; y ∈ carrier L |] ==> x v y | y v x

2.12 Mereology

locale S5-RS-2S-GEM = partial-lattice L for L (structure) +assumes carrNE : carrier L 6= {}and noBot : (greatest L l (Lower L (carrier L))) =⇒ l /∈ carrier Land RP : [[ x ∈ carrier L; y ∈ carrier L; x @ y ]] =⇒ (∃ z ∈ (carrier L). ¬(z .O

x ) ∧ (z t x = y))

lemma (in S5-RS-2S-GEM ) SSP :fixes x y

assumes carr : x ∈ carrier L y ∈ carrier Lassumes neg-le: ¬(x v y)

shows ∃ z . z ∈ carrier L ∧ z v x ∧ ¬(z .O y)proof −from assms have d3 : (¬ (x .O y)) ∨ (PO L x y ∨ y @ x ) using neg-le-impl-negO-or-PO-or-lless

by blastfrom this show ?thesisproof

assume a: ¬ x .O yshow s: ∃ z . z ∈ carrier L ∧ z v x ∧ ¬(z .O y)proof(rule exI [of λz . z ∈ carrier L ∧ z v x ∧ ¬(z .O y) x ],auto)

from carr show x ∈ carrier L by autonext

from carr show x v x using le-refl by autonext

from a show x .O y =⇒ False by autoqed

nextshow PO L x y ∨ y @ x =⇒ ∃ z . z ∈ carrier L ∧ z v x ∧ ¬ z .O yproof −assume disj : PO L x y ∨ y @ xshow ∃ z . z ∈ carrier L ∧ z v x ∧ ¬ z .O yproof (rule disjE [of PO L x y y @ x ])

from disj show PO L x y ∨ y @ x by autonext

show PO L x y =⇒ ∃ z . z ∈ carrier L ∧ z v x ∧ ¬ z .O yproof −assume d1 : PO L x yshow ∃ z . z ∈ carrier L ∧ z v x ∧ ¬ z .O yproof −

30

from d1 have l1 : x .O y unfolding PO-def by autofrom carr and this have ∃ z . is-meet L x y z using overlap-impl-is-meet

by blastfrom this obtain z where l2 : is-meet L x y z by auto

from carr and this and d1 have z @ x unfolding PO-def usingis-meet-right llessI is-meet-left by (metis is-meet-closed)

from this and carr and l1 and l2 have (∃ zz ∈ (carrier L). ¬(zz .O z )∧ (zz t z = x )) using RP by (metis is-meet-closed)

from this obtain zz where l3 : zz ∈ (carrier L) ∧ ¬(zz .O z ) ∧ (zz t z= x ) by auto

from carr l1 l2 l3 have l4 : zz @ x by (metis O-sym join-comm join-rightle-impl-O llessI is-meet-closed)

from l3 have l5 : least L x (Upper L {zz ,z}) unfolding join-def sup-defby (metis is-meet-closed l2 sup-def sup-of-two-least)

from carr l1 l2 l3 l4 l5 have l6 : zz ∈ (carrier L) ∧ ¬(zz .O z ) ∧ zz @ x ∧greatest L z (Lower L {x ,y}) ∧ least L x (Upper L {zz ,z}) unfolding is-meet-defis-inf-def by blast

from this carr have l7 : ¬ (zz .O y) unfolding overlap-def us-ing S5-RS-2S-partial-order .le-trans S5-RS-2S-partial-order-axioms greatest-uniquegreatest-lower-le lless-imp-le by metis

from l4 have zz v x by (simp add : lless-imp-le)from this and l3 and l7 show ∃ z . z ∈ carrier L ∧ z v x ∧ ¬ z .O y by

autoqed

qednext

show y @ x =⇒ ∃ z . z ∈ carrier L ∧ z v x ∧ ¬ z .O yproof −assume d2 : y @ xshow ∃ z . z ∈ carrier L ∧ z v x ∧ ¬ z .O yproof −

from carr and d2 have (∃ z ∈ (carrier L). ¬(z .O y) ∧ (z t y = x ))using RP by blast

from this obtain z where l7 : z ∈ (carrier L) ∧ ¬(z .O y) ∧ (z t y =x ) by auto

from carr and this have l8 : z v x using join-left by autofrom carr l7 l8 show l9 : ∃ z . z ∈ carrier L ∧ z v x ∧ ¬ z .O y by auto

qedqed

qedqed

qedqed

lemma (in S5-RS-2S-GEM ) SSP2 :fixes x y

31

assumes carr : x ∈ carrier L y ∈ carrier Lassumes all : ∀ c. c ∈ carrier L ∧ c .OL x −→ c .OL y

shows x vLyusing assms SSP le-impl-O by blast

theorem (in S5-RS-2S-GEM ) O-id :fixes x yassumes carr : x ∈ carrier L y ∈ carrier Lshows (∀ c. c ∈ carrier L −→ (c .O x = c .O y)) = (x=y)

using assms SSP2 le-antisym by blast

lemma (in S5-RS-2S-GEM ) sup-O-imp-O :fixes A wassumes carr : A 6= {} A ⊆ carrier L w ∈ carrier Lassumes O : (

⊔L A) .OL w

shows (∃ y . y ∈ carrier L ∧ y .O w)proof −

from O have (SOME x . least L x (Upper L A)) .O w unfolding sup-def byauto

from this obtain x where l1 : least L x (Upper L A) ∧ x .O w by (mesoncarr(1 ) carr(2 ) someI-ex sup-exists)

from l1 have ∃ y . y ∈ carrier L ∧ y v x ∧ y v w unfolding overlap-def byauto

from this obtain y where l2 : y ∈ carrier L ∧ y v x ∧ y v w by autofrom l1 have l3 : x ∈ carrier L by blastfrom l1 l2 show ?thesis using le-impl-O by auto

qed

lemma (in S5-RS-2S-GEM ) O-imp-sup-O :fixes A wassumes carr : A 6= {} A ⊆ carrier L w ∈ carrier Lassumes O : (∃ y . y ∈ A ∧ y .O w)shows (

⊔L A) .OL w

proof (rule overlapI )show ∃ z . z ∈ carrier L ∧ z v

⊔A ∧ z v w

proof−from O obtain y where l1 : y ∈ A ∧ y .O w by autofrom this have ∃ z . z ∈ carrier L ∧ z v y ∧ z v w unfolding overlap-def by

autofrom this obtain z where l2 : z ∈ carrier L ∧ z v y ∧ z v w by autoshow ∃ z . z ∈ carrier L ∧ z v

⊔A ∧ z v w

proof (rule exI [of λz . z ∈ carrier L ∧ z v⊔

A ∧ z v w z ])show z ∈ carrier L ∧ z v

⊔A ∧ z v w

proof (rule conjI )from l2 show z ∈ carrier L by auto

32

nextshow z v

⊔A ∧ z v w

proof (rule conjI )from assms l1 l2 show z v

⊔A using supI by (smt S5-RS-2S-partial-order .le-trans

S5-RS-2S-partial-order-axioms least-Upper-above least-closed subsetCE )next

from l2 showz v w by autoqed

qedqed

qedqed

definitionis-Fine :: [-, ′a set ] ⇒ boolwhere is-Fine L A ≡ A 6= {} ∧ A ⊆ carrier L ∧ (∀ x . (x ∈ carrier L ∧ (

⊔L A)

.OL x ) −→ (∃ z . z ∈ carrier L ∧ z ∈ A ∧ z .OL x ))

definition mSum :: [-, ′a set , ′a] ⇒ boolwhere mSum L A a ≡ A 6= {} ∧ A ⊆ carrier L ∧ (∀ x . x ∈ carrier L −→ (a

.OL x = (∃ y . y ∈ A ∧ y .OL x )))

lemma is-FineI :fixes L (structure)fixes Aassumes carr : A 6= {} A ⊆ carrier Lassumes

∧x . [[x ∈ carrier L; (

⊔L A) .OL x ]] =⇒ (∃ z . z ∈ carrier L ∧ z ∈ A

∧ z .OL x )shows is-Fine L Ausing assms unfolding is-Fine-def by auto

lemma mSumI :fixes L (structure)fixes Aassumes carr : A 6= {} A ⊆ carrier Lassumes

∧x . x ∈ carrier L =⇒ (a .OL x = (∃ y . y ∈ A ∧ y .OL x ))

shows mSum L A ausing assms unfolding mSum-def by auto

lemma (in S5-RS-2S-GEM ) sum-is-sup:fixes A xassumes carr : A 6= {} A ⊆ carrier L x ∈ carrier Lassumes sum: (

⊔L A) .O x =⇒ (∃ z . z ∈ carrier L ∧ z ∈ A ∧ z .O x )

33

shows (⊔

L A) .OL x = (∃ y . y ∈ A ∧ y .O x ) using assms O-imp-sup-O byblast

lemma (in S5-RS-2S-GEM ) mSum-is-sup:fixes Aassumes carr : A 6= {} A ⊆ carrier Lassumes f : is-Fine L Ashows mSum L A (

⊔L A)

proof (rule mSumI )from carr show A 6= {} by auto

nextfrom carr show A ⊆ carrier L by auto

nextfrom f show

∧x . x ∈ carrier L =⇒

⊔A .O x = (∃ y . y ∈ A ∧ y .O x ) unfolding

is-Fine-def using sum-is-sup by autoqed

lemma (in S5-RS-2S-GEM ) mSum-unique:fixes A x yassumes carr : x ∈ carrier L y ∈ carrier Lassumes mSum: mSum L A x mSum L A yshows x = y

proof −fix zfrom mSum have l1 : (∀ z . z ∈ carrier L −→ (x .OL z = (∃ y . y ∈ A ∧ y .OL

z ))) unfolding mSum-def by autofrom mSum have l2 : (∀ z . z ∈ carrier L −→ (y .OL z = (∃ y . y ∈ A ∧ y .OL

z ))) unfolding mSum-def by autofrom l1 l2 have (∀ z . z ∈ carrier L −→ x .OL z = y .OL z ) by autofrom this have l3 : (∀ z . z ∈ carrier L −→ z .OL x = z .OL y) using O-sym

by forcefrom carr O-id have l4 :(∀ c. c ∈ carrier L −→ c .O x = c .O y) = (x = y)

by autofrom l3 l4 show ?thesis by auto

qed

lemma (in S5-RS-2S-GEM ) O-imp-join:fixes x y z

34

assumes carr : x ∈ carrier L y ∈ carrier L z ∈ carrier Lassumes O : (z .O x ∨ z .O y)shows ((x t y) .O z ) unfolding overlap-def using assms by (metis (no-types,

hide-lams) join-closed join-left join-right local .le-trans overlap-def )

lemma (in S5-RS-2S-GEM ) join-is-plus:fixes x y zassumes carr : x ∈ carrier L y ∈ carrier L z ∈ carrier Lassumes O : ((x t y) .O z ) =⇒(z .O x ∨ z .O y)shows ((x t y) .O z ) = (z .O x ∨ z .O y) using assms O-imp-join by auto

lemma (in S5-RS-2S-GEM ) le-top:assumes carr : x ∈ carrier L

shows (x = >L) = (∀ y . y ∈ carrier L −→ y vL x ) unfolding top-defsup-def by (smt Upper-memD carr carrier least-mem local .le-antisym someI-exsubsetI sup-exists)


oops

endtheory TS-mereology imports PLattice

begin

3 Spacetime mereology with time slices

3.1 The non-modal part of TS mereology

locale TS-mereology = S5-RS-2S-GEM L for L (structure) +assumes

TS-iff-in-S-carrier : [[i ∈ r-carrier L; j ∈ s-carrier L; u ∈ carrier L]] =⇒ (TSLu (RSC i j ) = (u ∈ j ))

assumesTS-and-TS-and-O-imp-Id : [[i ∈ r-carrier L; j ∈ s-carrier L; u ∈ carrier L; v ∈

carrier L;TSL u (RSC i j );TSL v (RSC i j ); u .OL v ]] =⇒ u = v

andexists-TS-and-TS-and-negOR: [[i ∈ r-carrier L; j ∈ s-carrier L]] =⇒

(∃ u v . u ∈ carrier L ∧ v ∈ carrier L ∧ TSL u (RSC i j ) ∧ TSL v (RSCi j ) ∧ ¬(u .OL v )) and

TS-and-OR: [[i ∈ r-carrier L; j ∈ s-carrier L; y ∈ carrier L]] =⇒ (∃ x . x ∈carrier L ∧ TSL x (RSC i j ) ∧ x .OL y)

definition ST :: - ⇒ ′a ⇒ ′a RS ⇒ bool (ST ı) where

35

STL x w ≡ x = >L ∧ x ∈ carrier L ∧ r-RS w ∈ r-carrier L ∧ s-RS w ∈s-carrier L

definition SR :: - ⇒ ′a ⇒ ′a RS ⇒ bool (SRı) whereSRL x w ≡ (∃ t . t ∈ carrier L ∧ TSL t w ∧ x vL t) ∧ x ∈ carrier L ∧ r-RS

w ∈ r-carrier L ∧ s-RS w ∈ s-carrier L

definition TR :: - ⇒ ′a ⇒ ′a RS ⇒ bool (TRı) whereTRL x w ≡ (∃ t1 t2 . t1 ∈ carrier L ∧ t2 ∈ carrier L ∧ TSL t1 w ∧ TSL t2

w ∧ ¬(t1 .OL t2 ) ∧ x .OL t1 ∧ x .OL t2 ) ∧x ∈ carrier L ∧ r-RS w ∈ r-carrier L ∧ s-RS w ∈ s-carrier L

definition SIMU :: - ⇒ ′a ⇒ ′a ⇒ ′a RS ⇒ bool (SIMU ı) whereSIMUL x y w ≡ (∃ z . z ∈ carrier L ∧ TSL z w ∧ x vL z ∧ y vL z ) ∧

x ∈ carrier L ∧ y ∈ carrier L ∧ r-RS w ∈ r-carrier L ∧ s-RS w ∈s-carrier L

lemma ST-I :assumes carr : x ∈ carrier L i ∈ r-carrier L j ∈ s-carrier L

assumes top: x = >Lshows STL x (RSC i j )

using assms by (simp add :ST-def )

lemma SR-I :assumes carr : x ∈ carrier L i ∈ r-carrier L j ∈ s-carrier L

assumes ts: (∃ t . t ∈ carrier L ∧ TSL t (RSC i j ) ∧ x vL t)shows SRL x (RSC i j )

using assms by (simp add :SR-def )

lemma TR-I :assumes carr : x ∈ carrier L i ∈ r-carrier L j ∈ s-carrier L

assumes tr : (∃ t1 t2 . t1 ∈ carrier L ∧ t2 ∈ carrier L ∧ TSL t1 (RSC i j )∧ TSL t2 (RSC i j ) ∧ ¬(t1 .OL t2 ) ∧ x .OL t1 ∧ x .OL t2 )

shows TRL x (RSC i j )using assms by (simp add :TR-def )

lemma SIMU-I :assumes carr : x ∈ carrier L y ∈ carrier L i ∈ r-carrier L j ∈ s-carrier L

assumes tr : (∃ z . z ∈ carrier L ∧ TSL z (RSC i j ) ∧ x vL z ∧ y vL z )shows SIMUL x y (RSC i j )

using assms by (simp add :SIMU-def )

lemma (in TS-mereology) TS-imp-SR: [[i ∈ r-carrier L; j ∈ s-carrier L; t ∈ carrierL; TSL t (RSC i j )]] =⇒ SRL t (RSC i j ) unfolding SR-def by auto

lemma (in TS-mereology) SR-exists: [[i ∈ r-carrier L; j ∈ s-carrier L]] =⇒ ∃ x .

36

x ∈ carrier L ∧ SRL x (RSC i j ) using TS-imp-SR exists-TS-and-TS-and-negORby blast

lemma (in TS-mereology) SR-and-PR-imp-SR: [[SRL x (RSC i j ); y vL x ; x ∈carrier L; y ∈ carrier L; i ∈ r-carrier L; j ∈ s-carrier L]] =⇒

SRL y (RSC i j ) by (meson SR-def local .le-trans)

lemma (in TS-mereology) TR-and-PR-imp-TR: [[TRL x (RSC i j ); x vL y ;x ∈carrier L; y ∈ carrier L; i ∈ r-carrier L; j ∈ s-carrier L]] =⇒

TRL y (RSC i j ) unfolding TR-def overlap-defusing le-trans by blast

lemma (in TS-mereology) ST-and-O-impl-existsTS : [[STL x (RSC i j ); x .OL y ;x ∈ carrier L; y ∈ carrier L; i ∈ r-carrier L; j ∈ s-carrier L]] =⇒

(∃ z . TSL z (RSC i j ) ∧ z .OL y) usingTS-and-OR by blast

lemma (in TS-mereology) ST-exists: [[i ∈ r-carrier L; j ∈ s-carrier L]] =⇒ ∃ x . x∈ carrier L ∧ ST x (RSC i j ) by (simp add : ST-def carrNE )

lemma (in TS-mereology) Set-of-TS-imp-ST :fixes x i jassumes carr : x ∈ carrier L i ∈ r-carrier L j ∈ s-carrier Lassumes x =

⊔L{y . y ∈ carrier L ∧ TSL y (RSC i j )}

shows STL x (RSC i j )proof(rule ST-I )

from assms show x ∈ carrier L by autonext

show x = >proof

show x v >proof −

from assms have x ∈ carrier L by autofrom this show x v > unfolding top-def by (simp add : carrNE

least-Upper-above supI )qed

nextshow > v xproof (rule SSP2 )

show > ∈ carrier L using top-closed carrNE by blastnext


show ∀ z . z ∈ carrier L ∧ z .O > −→ z .O xproof

fix zshow z ∈ carrier L ∧ z .O > −→ z .O x

proof

37

assume carr1 : z ∈ carrier L ∧ z .O >show z .O x

proof −from carr and carr1 have (∃ zz . zz ∈ carrier L ∧ TSL zz (RSC i j )

∧ zz .O z ) using TS-and-OR by blastfrom this obtain zz where l2 : zz ∈ carrier L ∧ TSL zz (RSC i j ) ∧

zz .O z by autofrom this have zz ∈ {y . y ∈ carrier L ∧ TSL y (RSC i j )} by autofrom this have zz vL

⊔L{y . y ∈ carrier L ∧ TSL y (RSC i j )} by

(metis (no-types, lifting) empty-Collect-eq least-Upper-above mem-Collect-eq sub-setI supI )

from this and assms have zz v x by simpfrom this and carr and l2 have x .O z using le-and-O-imp-O by

blastfrom this show z .O x by (simp add : O-sym)

qedqed

qedqed

nextfrom assms show l1 : x ∈ carrier L by auto

nextshow > ∈ carrier L using top-closed carrNE by blast

qednext

from carr show i ∈ r-carrier L by autonext

from carr show j ∈ s-carrier L by autoqed

lemma (in TS-mereology) ST-impl-Set-of-TS :fixes x i jassumes carr : x ∈ carrier L i ∈ r-carrier L j ∈ s-carrier Lassumes ST : STL x (RSC i j )shows x =

⊔L{y . y ∈ carrier L ∧ TSL y (RSC i j )}

proofshow x vL

⊔L{y . y ∈ carrier L ∧ TS y (RSC i j )}

proof(rule supI )show

∧l . least L l (Upper L {y ∈ carrier L. TS y (RSC i j )}) =⇒ x v l

proof −fix lshow least L l (Upper L {y ∈ carrier L. TS y (RSC i j )}) =⇒ x v lproof −

assume a: least L l (Upper L {y ∈ carrier L. TS y (RSC i j )})show x vL l

proof (rule SSP2 )from assms show x ∈ carrier L by auto

38

nextfrom a show l ∈ carrier L using least-closed by blast

nextshow ∀ c. c ∈ carrier L ∧ c .O x −→ c .O lproof

fix cshow c ∈ carrier L ∧ c .O x −→ c .O lproof

assume a1 : c ∈ carrier L ∧ c .O xshow c .O l

proof −from carr a1 have ∃ t . t ∈ carrier L ∧ TS t (RSC i j ) ∧ t .O c

using TS-and-OR by simpfrom this obtain t where l1 : t ∈ carrier L ∧ TS t (RSC i j ) ∧ t

.O c by autofrom this have l2 : t ∈ {y ∈ carrier L. TS y (RSC i j )} by autohave l3 : {y ∈ carrier L. TS y (RSC i j )} ⊆ carrier L by auto

from a l1 l2 l3 have t vL l using least-Upper-above by fastforcefrom this and l1 show c .O l by (meson O-sym a le-and-O-imp-O

least-closed)qed

qedqed

qedqed

qednextshow {y ∈ carrier L. TS y (RSC i j )} ⊆ carrier L by blast

nextfrom assms show {y ∈ carrier L. TS y (RSC i j )} 6= {} using exists-TS-and-TS-and-negOR

by blastqed

nextshow

⊔{y ∈ carrier L. TS y (RSC i j )} v x

proof (rule supI )show

∧l . least L l (Upper L {y ∈ carrier L. TS y (RSC i j )}) =⇒ l v x

proof −fix lshow least L l (Upper L {y ∈ carrier L. TS y (RSC i j )}) =⇒ l v xproof −

assume a: least L l (Upper L {y ∈ carrier L. TS y (RSC i j )})show l v xproof (rule SSP2 )

from a show l ∈ carrier L using least-closed by autonext


show ∀ c. c ∈ carrier L ∧ c .O l −→ c .O xproof

39

fix cshow c ∈ carrier L ∧ c .O l −→ c .O xproof

assume a1 : c ∈ carrier L ∧ c .O lshow c .O xproof −

from assms have l1 : x ∈ carrier L ∧ x = > unfolding ST-defby auto

from a1 l1 have c v x unfolding top-def by (simp add : carrNEleast-Upper-above supI )

from this and a1 show c .O x using le-impl-O by blastqed

qedqed

qedqed

qednext

show {y ∈ carrier L. TS y (RSC i j )} ⊆ carrier L by autonextfrom assms show {y ∈ carrier L. TS y (RSC i j )} 6= {} using exists-TS-and-TS-and-negOR

by blastqed

nextfrom assms show x ∈ carrier L by auto

nextfrom assms show

⊔{y ∈ carrier L. TS y (RSC i j )} ∈ carrier L using

exists-TS-and-TS-and-negORby (metis (mono-tags, lifting) empty-Collect-eq mem-Collect-eq subsetI

sup-closed)qed

lemma (in TS-mereology) Set-of-TS-iff-ST : [[x ∈ carrier L;i ∈ r-carrier L;j ∈s-carrier L]] =⇒ (x =

⊔L{y ∈ carrier L. TS y (RSC i j )}) = (STL x (RSC i j ))

using Set-of-TS-imp-ST ST-impl-Set-of-TS by blast

lemma (in TS-mereology) SR-and-TS-and-O-imp-le:fixes x t i jassumes carr : x ∈ carrier L t ∈ carrier L i ∈ r-carrier L j ∈ s-carrier Lassumes a: SR x (RSC i j ) TS t (RSC i j ) x .O tshows x v tusing assms SSP TS-and-TS-and-O-imp-Id le-trans by (metis (no-types, hide-lams)

SR-def le-and-O-imp-O)

40

lemma (in TS-mereology) TS-imp-SR-O-imp-P :fixes t i jassumes carr : u ∈ carrier L t ∈ carrier L i ∈ r-carrier L j ∈ s-carrier L

assumes ts: TS t (RSC i j )shows (SR t (RSC i j ) ∧ (∀ u. u ∈ carrier L ∧ SR u (RSC i j ) ∧ t .O u −→ uv t))

using assms by (meson O-sym SR-and-TS-and-O-imp-le TS-imp-SR)

lemma (in TS-mereology) SR-O-imp-P-imp-TS :fixes t i jassumes carr :t ∈ carrier L i ∈ r-carrier L j ∈ s-carrier Lassumes sr : SR t (RSC i j )

assumes max :∧

u. [[u ∈ carrier L; SR u (RSC i j ); t .O u]] =⇒ u v tshows TS t (RSC i j )

proof −from sr have (∃ u. u ∈ carrier L ∧ TSL u (RSC i j ) ∧ t vL u) ∧ t ∈ carrier

L ∧ i ∈ r-carrier L ∧ j ∈ s-carrier L unfolding SR-def by autofrom this obtain u where l1 : u ∈ carrier L ∧ TSL u (RSC i j ) ∧ t vL u by

autofrom carr l1 have l2 : u ∈ carrier L ∧ SR u (RSC i j ) ∧ t .O u using

TS-imp-SR le-impl-O by blastfrom max l2 have u v t by autofrom this l1 carr have t = u using le-antisym by blastfrom this l1 show ?thesis by auto

qed

lemma (in TS-mereology) TS-iff-SR-O-imp-P :fixes t i jassumes carr : u ∈ carrier L t ∈ carrier L i ∈ r-carrier L j ∈ s-carrier Lshows TS t (RSC i j ) = (SR t (RSC i j ) ∧ (∀ u. u ∈ carrier L ∧ SR u (RSC i

j ) ∧ t .O u −→ u v t))using assms TS-imp-SR-O-imp-P SR-O-imp-P-imp-TS by blast

lemma (in TS-mereology) SR-imp-negTR:fixes x i jassumes carr : x ∈ carrier L i ∈ r-carrier L j ∈ s-carrier Lassumes SR: SR x (RSC i j )shows ¬(TR x (RSC i j ))using SR-and-TS-and-O-imp-le by (meson SR TR-def carr(2 ) carr(3 ) le-and-O-imp-O)

lemma (in TS-mereology) TR-imp-negSR:fixes x i jassumes carr : x ∈ carrier L i ∈ r-carrier L j ∈ s-carrier Lassumes TR: TR x (RSC i j )shows ¬(SR x (RSC i j ))

41

using assms SR-imp-negTR by blast

lemma (in TS-mereology) ST-imp-TR:fixes x i jassumes carr : x ∈ carrier L i ∈ r-carrier L j ∈ s-carrier Lassumes ST : ST x (RSC i j )shows TR x (RSC i j )

proof (rule TR-I )from carr show x ∈ carrier L by auto

nextfrom carr show i ∈ r-carrier L by auto

nextfrom carr show j ∈ s-carrier L by auto

nextshow ∃ t1 t2 . t1 ∈ carrier L ∧ t2 ∈ carrier L ∧ TS t1 (RSC i j ) ∧ TS t2 (RSC

i j ) ∧ ¬ t1 .O t2 ∧ x .O t1 ∧ x .O t2proof −from carr have (∃ u v . u ∈ carrier L ∧ v ∈ carrier L ∧ TSL u (RSC i j ) ∧

TSL v (RSC i j ) ∧ ¬(u .OL v )) using exists-TS-and-TS-and-negOR by autofrom this obtain t1 t2 where l1 : t1 ∈ carrier L ∧ t2 ∈ carrier L ∧ TSL t1

(RSC i j ) ∧ TSL t2 (RSC i j ) ∧ ¬(t1 .OL t2 ) by autoshow ∃ t1 t2 . t1 ∈ carrier L ∧ t2 ∈ carrier L ∧ TS t1 (RSC i j ) ∧ TS t2

(RSC i j ) ∧ ¬ t1 .O t2 ∧ x .O t1 ∧ x .O t2proof (rule exI [of λ t1 . ∃ t2 . t1 ∈ carrier L ∧ t2 ∈ carrier L ∧ TS t1 (RSC

i j ) ∧ TS t2 (RSC i j ) ∧ ¬ t1 .O t2 ∧ x .O t1 ∧ x .O t2 t1 ])show ∃ t2 . t1 ∈ carrier L ∧ t2 ∈ carrier L ∧ TS t1 (RSC i j ) ∧ TS t2

(RSC i j ) ∧ ¬ t1 .O t2 ∧ x .O t1 ∧ x .O t2proof (rule exI [of λ t2 . t1 ∈ carrier L ∧ t2 ∈ carrier L ∧ TS t1 (RSC i

j ) ∧ TS t2 (RSC i j ) ∧ ¬ t1 .O t2 ∧ x .O t1 ∧ x .O t2 t2 ])show t1 ∈ carrier L ∧ t2 ∈ carrier L ∧ TS t1 (RSC i j ) ∧ TS t2 (RSC i

j ) ∧ ¬ t1 .O t2 ∧ x .O t1 ∧ x .O t2proof

from l1 show t1 ∈ carrier L by autonext

show t2 ∈ carrier L ∧ TS t1 (RSC i j ) ∧ TS t2 (RSC i j ) ∧ ¬ t1 .Ot2 ∧ x .O t1 ∧ x .O t2

prooffrom l1 show t2 ∈ carrier L by auto

nextshow TS t1 (RSC i j ) ∧ TS t2 (RSC i j ) ∧ ¬ t1 .O t2 ∧ x .O t1 ∧ x

.O t2proof

from l1 show TS t1 (RSC i j ) by autonext

show TS t2 (RSC i j ) ∧ ¬ t1 .O t2 ∧ x .O t1 ∧ x .O t2

42

prooffrom l1 show TS t2 (RSC i j ) by auto

nextshow ¬ t1 .O t2 ∧ x .O t1 ∧ x .O t2

prooffrom l1 show ¬ t1 .O t2 by auto

nextfrom assms show x .O t1 ∧ x .O t2 unfolding ST-def

by (metis (no-types, hide-lams) O-refl carrNE l1 le-and-O-imp-Oleast-Upper-above subset-eq supI top-def )

qedqed

qedqed

qedqed

qedqed

qed

lemma (in TS-mereology) SIMU-refl :fixes x i jassumes carr : x ∈ carrier L i ∈ r-carrier L j ∈ s-carrier Lassumes SR: (SR x (RSC i j ))shows SIMU x x (RSC i j )

proof (rule SIMU-I )from carr show x ∈ carrier L by auto

nextfrom carr show x ∈ carrier L by auto



nextfrom carr have (∃ t . t ∈ carrier L ∧ TSL t (RSC i j ) ∧ t .OL x ) using

TS-and-OR by autofrom this obtain t where l1 : t ∈ carrier L ∧ TSL t (RSC i j ) ∧ t .OL x

by autoshow ∃ z . z ∈ carrier L ∧ TS z (RSC i j ) ∧ x v z ∧ x v zproof (rule exI [of λz . z ∈ carrier L ∧ TS z (RSC i j ) ∧ x v z ∧ x v z t ])

show t ∈ carrier L ∧ TS t (RSC i j ) ∧ x v t ∧ x v tproof −

from SR have (∃ t . t ∈ carrier L ∧ TSL t (RSC i j ) ∧ x vL t) ∧ x ∈carrier L ∧ i ∈ r-carrier L ∧ j ∈ s-carrier L unfolding SR-def by auto

from this obtain tt where l2 : tt ∈ carrier L ∧ TSL tt (RSC i j ) ∧ xvL tt ∧ x ∈ carrier L ∧ i ∈ r-carrier L ∧ j ∈ s-carrier L by auto

from carr and l1 and l2 have t = tt using TS-and-TS-and-O-imp-Id

43

by (meson O-sym le-and-O-imp-O)from this and l1 and l2 show t ∈ carrier L ∧ TS t (RSC i j ) ∧ x v t

∧ x v t by simpqed

qedqed

lemma (in TS-mereology) SIMU-refl-impl-SR:fixes x i jassumes carr : x ∈ carrier L i ∈ r-carrier L j ∈ s-carrier Lassumes simu: SIMU x x (RSC i j )shows (SR x (RSC i j )) using assms by (simp add : SR-I SIMU-def )

lemma (in TS-mereology) SR-iff-SIMU-refl :fixes x i jassumes carr : x ∈ carrier L i ∈ r-carrier L j ∈ s-carrier Lshows SIMU x x (RSC i j ) = (SR x (RSC i j )) using assms SIMU-refl-impl-SR

SIMU-refl by auto

lemma (in TS-mereology) SIMU-sym:fixes x y i jassumes carr : x ∈ carrier L y ∈ carrier L i ∈ r-carrier L j ∈ s-carrier Lassumes SIMU : (SIMU x y (RSC i j ))shows (SIMU y x (RSC i j ))

by (meson assms SIMU-def )

lemma (in TS-mereology) SIMU-trans:fixes x y z i jassumes carr : x ∈ carrier L y ∈ carrier L z ∈ carrier L i ∈ r-carrier L j ∈

s-carrier Lassumes a: SIMU x y (RSC i j ) SIMU y z (RSC i j )shows (SIMU x z (RSC i j ))



nextfrom carr show z ∈ carrier L by auto


nextfrom a have (∃ t . t ∈ carrier L ∧ TSL t (RSC i j ) ∧ x vL t ∧ y vL t)

∧ x ∈ carrier L ∧ y ∈ carrier L ∧ i ∈ r-carrier L ∧ j ∈ s-carrier L unfoldingSIMU-def by auto

from this obtain t where l1 : t ∈ carrier L ∧ TSL t (RSC i j ) ∧ x vL t∧ y vL t ∧ x ∈ carrier L ∧ y ∈ carrier L ∧ i ∈ r-carrier L ∧ j ∈ s-carrier L byauto

44

from a have (∃ tt . tt ∈ carrier L ∧ TSL tt (RSC i j ) ∧ y vL tt ∧ z vL tt)∧ y ∈ carrier L ∧ z ∈ carrier L ∧ i ∈ r-carrier L ∧ j ∈ s-carrier L unfoldingSIMU-def by auto

from this obtain tt where l2 : tt ∈ carrier L ∧ TSL tt (RSC i j ) ∧ y vL tt∧ z vL tt ∧ y ∈ carrier L ∧ z ∈ carrier L ∧ i ∈ r-carrier L ∧ j ∈ s-carrier L byauto

from carr and l1 and l2 have l3 : t = tt using TS-and-TS-and-O-imp-IdO-sym le-and-O-imp-O le-impl-O by presburger

show ∃ za. za ∈ carrier L ∧ TS za (RSC i j ) ∧ x v za ∧ z v zaproof (rule exI [of λza. za ∈ carrier L ∧ TS za (RSC i j ) ∧ x v za ∧ z v

za t ])from l1 l2 l3 show t ∈ carrier L ∧ TS t (RSC i j ) ∧ x v t ∧ z v t by

blastqed

qed

lemma (in TS-mereology) TR-imp-negSIMU :fixes x y i jassumes carr : x ∈ carrier L y ∈ carrier L i ∈ r-carrier L j ∈ s-carrier Lassumes tr : TR x (RSC i j ) TR y (RSC i j )shows ¬(SIMU x y (RSC i j )) by (meson SIMU-def SR-I SR-imp-negTR carr

tr(1 ))

lemma (in TS-mereology) some-nonSIMU : [[i ∈ r-carrier L;j ∈ s-carrier L]] =⇒(∃ x y . x ∈ carrier L ∧ y ∈ carrier L ∧ ¬ (SIMU x y (RSC i j )) )

unfolding SIMU-def by (metis SR-I ST-exists ST-imp-TR TR-imp-negSR)

3.2 The modal part of TS mereology

lemma (in TS-mereology) ST-imp-boxS-TR:fixes x i jassumes carr : x ∈ carrier L i ∈ r-carrier L j ∈ s-carrier L jj ∈ s-carrier Lassumes ST : STL x (RSC i j )assumes S : j SL jjshows TRL x (RSC i jj )proof (rule TR-I )

from carr show x ∈ carrier L by autonext


from carr show jj ∈ s-carrier L by autonext

from assms show ∃ t1 t2 . t1 ∈ carrier L ∧ t2 ∈ carrier L ∧ TS t1 (RSC i jj )∧ TS t2 (RSC i jj ) ∧ ¬ t1 .O t2 ∧ x .O t1 ∧ x .O t2

by (metis (no-types, hide-lams) ST-I ST-def ST-imp-TR TR-def )qed

45

3.3 Newtonian space-time

locale N-TS-mereology = TS-mereology L for L (structure) +assumes Newton: [[TSL x (RSC i j ); j SL jj ; x ∈ carrier L; i ∈ r-carrier L; j∈ s-carrier L; jj ∈ s-carrier L]] =⇒ (TSL x (RSC i jj ))

lemma (in N-TS-mereology) SR-imp-boxS-SR:fixes x i j jjassumes carr : x ∈ carrier L i ∈ r-carrier L j ∈ s-carrier L jj ∈ s-carrier Lassumes SR: SRL x (RSC i j )assumes S : j SL jjshows SRL x (RSC i jj )

proof (rule SR-I )from carr show x ∈ carrier L by auto


nextfrom carr show jj ∈ s-carrier L by auto

nextfrom assms show ∃ t . t ∈ carrier L ∧ TS t (RSC i jj ) ∧ x v t by (meson

SR-def Newton)qed

lemma (in N-TS-mereology) TR-imp-boxS-TR:fixes x i j jjassumes carr : x ∈ carrier L i ∈ r-carrier L j ∈ s-carrier L jj ∈ s-carrier Lassumes SR: TRL x (RSC i j )assumes S : j SL jjshows TRL x (RSC i jj )

proof (rule TR-I )from carr show x ∈ carrier L by auto


nextfrom carr show jj ∈ s-carrier L by auto

nextfrom assms show ∃ t1 t2 . t1 ∈ carrier L ∧ t2 ∈ carrier L ∧ TS t1 (RSC i jj ) ∧

TS t2 (RSC i jj ) ∧ ¬ t1 .O t2 ∧ x .O t1 ∧ x .O t2 by (meson TR-def Newton)qed

lemma (in N-TS-mereology) SIMU-imp-boxS-SIMU :fixes x y i j jjassumes carr : x ∈ carrier L y ∈ carrier L i ∈ r-carrier L j ∈ s-carrier L jj ∈

s-carrier Lassumes SIMU : SIMUL x y (RSC i j )assumes S : j SL jjshows SIMUL x y (RSC i jj )


next

46

from carr show y ∈ carrier L by autonext


from carr show jj ∈ s-carrier L by autonext

from assms show ∃ z . z ∈ carrier L ∧ TS z (RSC i jj ) ∧ x v z ∧ y v z by(meson SIMU-def Newton)qed

3.4 Minkowski space-time

locale M-TS-mereology = TS-mereology L for L (structure) +assumes diaS-non-SIMU : [[SIMUL x y (RSC i j ); x ∈ carrier L; y ∈ carrier

L; x 6= y ; i ∈ r-carrier L; j ∈ s-carrier L]] =⇒(∃ jj . jj ∈ s-carrier L ∧ j SL jj ∧ ¬(SIMUL x y (RSC i jj )))

nitpick-params [timeout = 3600 ]lemma True nitpick [show-all ,satisfy , user-axioms, expect = genuine, show-types,verbose, dont-box ]oops

endtheory Inst-TS-mereology imports TS-mereology

begin

4 Axioms and theorems for instantiation

4.1 Axioms

locale Inst-TS-mereology = TS-mereology L for L (structure) +assumes Inst-box-assym-P : [[(InstL x y u (RSC i j ));i RL ii ;j SL jj ; x ∈ e-carrier

L; y ∈ e-carrier L;yy ∈ e-carrier L; u ∈ carrier L; uu ∈ carrier L;

i ∈ r-carrier L; ii ∈ r-carrier L; j ∈ s-carrier L; jj ∈s-carrier L]]

=⇒ ¬(InstL yy x uu (RSC ii jj )) and

47

Inst-imp-SR-or-TR: [[InstL x y u (RSC i j );x ∈ e-carrier L; y ∈ e-carrier L; u∈ carrier L;

i ∈ r-carrier L; j ∈ s-carrier L]] =⇒ (SRL u (RSC i j ) ∨ TRLu (RSC i j )) and

Inst-and-SR-imp-box-Inst-and-SR-P : [[InstL x y u (RSC i j );SRL u (RSC i j );jSL jj ;InstL x yy uu (RSC i jj );

x ∈ e-carrier L; y ∈ e-carrier L; yy ∈ e-carrierL; u ∈ carrier L; uu ∈ carrier L;

i ∈ r-carrier L; j ∈ s-carrier L; jj ∈ s-carrier L]]=⇒ SRL uu (RSC i jj ) and

Inst-and-SR-imp-box-Inst-and-SR-U : [[InstL x y u (RSC i j );SRL u (RSC i j );jSL jj ;InstL xx y uu (RSC i jj );

x ∈ e-carrier L; xx ∈ e-carrier L; y ∈ e-carrierL; u ∈ carrier L; uu ∈ carrier L;

i ∈ r-carrier L; j ∈ s-carrier L; jj ∈ s-carrier L]]=⇒ SRL uu (RSC i jj ) and

Inst-TR-imp-Id : [[InstL x y u (RSC i j );TRL u (RSC i j );InstL x yy v (RSC ij );

x ∈ e-carrier L; y ∈ e-carrier L; yy ∈ e-carrier L; u ∈ carrier L;v ∈ carrier L;

i ∈ r-carrier L; j ∈ s-carrier L]] =⇒ (u = v) andInst-SR-SIMU-imp-Id : [[InstL x y u (RSC i j ); SRL u (RSC i j );InstL x yy v

(RSC i j ); SIMUL u v (RSC i j );x ∈ e-carrier L; y ∈ e-carrier L; yy ∈ e-carrier L; u ∈ carrier

L; v ∈ carrier L;i ∈ r-carrier L; j ∈ s-carrier L]] =⇒ (u = v) and

dia-Loc-base: [[x ∈ e-carrier L;i ∈ r-carrier L; j ∈ s-carrier L]] =⇒(∃ u ii jj . u ∈ carrier L ∧ ii ∈ r-carrier L ∧ jj ∈ s-carrier L ∧ i

RL ii ∧ j SL jj ∧(∃ y . y ∈ e-carrier L ∧ ((InstL x y u (RSC ii jj )) ∨ (InstL y x u

(RSC ii jj ))))) andax-PE-imp-WLOF : [[(∃ y . y ∈ e-carrier L ∧ (InstL x y u (RSC i j ) ∨ InstL y

x u (RSC i j )));(∃ y . y ∈ e-carrier L ∧ (InstL x y v (RSC i j ) ∨ InstL y x v

(RSC i j )));¬(SIMUL u v (RSC i j ));

x ∈ e-carrier L; u ∈ carrier L; v ∈ carrier L; i ∈ r-carrier L; j ∈s-carrier L]] =⇒

(∃w . w ∈ carrier L ∧ TRL w (RSC i j ) ∧w =

⊔L {uu. uu ∈ carrier L ∧ (∃ y . y ∈ e-carrier L ∧ (InstL x

y uu (RSC i j ) ∨ InstL y x uu (RSC i j )))})

lemma (in Inst-TS-mereology) dia-Loc-base-MM : [[x ∈ e-carrier L;i ∈ r-carrierL; j ∈ s-carrier L]] =⇒

(∃ ii jj . ii ∈ r-carrier L ∧ jj ∈ s-carrier L ∧ i RL ii ∧ j SL jj ∧(∃ u y . u ∈ carrier L ∧

y ∈ e-carrier L ∧ ((InstL x y u (RSC ii jj )) ∨ (InstL y x u (RSCii jj ))))) using dia-Loc-base by blast

48

4.2 Definitions

definition Loc :: - ⇒ ′b ⇒ ′a ⇒ ′a RS ⇒ bool (Locı) whereLocL x u w ≡ (∃ y . (y ∈ e-carrier L ∧ ((InstL x y u w) ∨ (InstL y x u w)))) ∧

x ∈ e-carrier L ∧ u ∈ carrier L ∧ r-RS w ∈ r-carrier L ∧ s-RSw ∈ s-carrier Ldefinition Part :: - ⇒ ( ′b⇒( ′a RS⇒bool)) (Part ı) where

PartL x w ≡ (∃ y u. y ∈ e-carrier L ∧ u ∈ carrier L ∧ InstL x y u w) ∧x ∈ e-carrier L ∧ r-RS w ∈ r-carrier L ∧ s-RS w ∈ s-carrier L

definition Uni :: -⇒( ′b⇒( ′a RS⇒bool)) (Uni ı)whereUniL x w ≡ (∃ y u. y ∈ e-carrier L ∧ u ∈ carrier L ∧ InstL y x u w) ∧

x ∈ e-carrier L ∧ r-RS w ∈ r-carrier L ∧ s-RS w ∈ s-carrier Ldefinition WLOF :: -⇒( ′a⇒( ′b⇒( ′a RS⇒bool))) (WLOF ı)where

WLOFL u x w ≡ TRL u w ∧ u =⊔

L {v . v ∈ carrier L ∧ LocL x v w} ∧x ∈ e-carrier L ∧ u ∈ carrier L ∧ r-RS w ∈ r-carrier L ∧ s-RS

w ∈ s-carrier Ldefinition PE :: -⇒( ′b⇒( ′a RS⇒bool)) (PE ı)where

PEL x w ≡ (∃ u v . u ∈ carrier L ∧ v ∈ carrier L ∧ LocL x u w ∧ LocL x v w∧ ¬(SIMUL u v w)) ∧

x ∈ e-carrier L ∧ r-RS w ∈ r-carrier L ∧ s-RS w ∈ s-carrier L

definition Cont :: -⇒( ′b⇒( ′a RS⇒bool)) (Cont ı) whereContL x w ≡ PEL x w ∧ (∃ u. u ∈ carrier L ∧ LocL x u w ∧ SRL u w) ∧

x ∈ e-carrier L ∧ r-RS w ∈ r-carrier L ∧ s-RS w ∈ s-carrier Ldefinition Occ :: -⇒( ′b⇒( ′a RS⇒bool)) (Occı) where

OccL x w ≡ (∃ u. u ∈ carrier L ∧ LocL x u w ∧ TRL u w) ∧x ∈ e-carrier L ∧ r-RS w ∈ r-carrier L ∧ s-RS w ∈ s-carrier L

definition E :: -⇒( ′b⇒( ′a⇒( ′a RS⇒bool))) (E ı) whereEL x t w ≡ TSL t w ∧ (∃ u. u ∈ carrier L ∧ LocL x u w ∧ u .OL t) ∧

x ∈ e-carrier L ∧ t ∈ carrier L ∧ r-RS w ∈ r-carrier L ∧ s-RS w∈ s-carrier L

4.3 Theorems

lemma Loc-I :fixes x u i jassumes inst : (∃ y . (y ∈ e-carrier L ∧ ((InstL x y u (RSC i j )) ∨ (InstL y x u

(RSC i j )))))assumes carr : x ∈ e-carrier L u ∈ carrier L i ∈ r-carrier L j ∈ s-carrier Lshows LocL x u (RSC i j )

unfolding Loc-def using assms by auto

lemma PE-I :fixes x i jassumes SIMU-loc: (∃ u v . u ∈ carrier L ∧ v ∈ carrier L ∧ LocL x u (RSC i

j ) ∧ LocL x v (RSC i j ) ∧ ¬(SIMUL u v (RSC i j )))assumes carr : x ∈ e-carrier L i ∈ r-carrier L j ∈ s-carrier Lshows PEL x (RSC i j )

unfolding PE-def using assms by auto

49

lemma ContI :fixes x i jassumes PE : PEL x (RSC i j )assumes SR: (∃ u. u ∈ carrier L ∧ LocL x u (RSC i j ) ∧ SRL u (RSC i j ))

assumes carr : x ∈ e-carrier L i ∈ r-carrier L j ∈ s-carrier Lshows ContL x (RSC i j )

unfolding Cont-def using assms by simp

lemma OccI :fixes x i jassumes SR: (∃ u. u ∈ carrier L ∧ LocL x u (RSC i j ) ∧ TRL u (RSC i j ))

assumes carr : x ∈ e-carrier L i ∈ r-carrier L j ∈ s-carrier Lshows OccL x (RSC i j )

unfolding Occ-def using assms by simp

lemma E-I :fixes x t i j

assumes TS : TSL t (RSC i j )assumes LocO : (∃ u. u ∈ carrier L ∧ LocL x u (RSC i j ) ∧ u .OL t)assumes carr : x ∈ e-carrier L t ∈ carrier L i ∈ r-carrier L j ∈ s-carrier L

shows EL x t (RSC i j )unfolding E-def using assms by auto

lemma (in Inst-TS-mereology) Inst-imp-Loc:fixes x y u i jassumes inst : Inst x y u (RSC i j )assumes carr : x ∈ e-carrier L y ∈ e-carrier L u ∈ carrier L i ∈ r-carrier L j ∈

s-carrier Lshows Loc x u (RSC i j )

proof (rule Loc-I )from assms show ∃ y . y ∈ e-carrier L ∧ (Inst x y u (RSC i j ) ∨ Inst y x u (RSC

i j )) by autonext

from carr show x ∈ e-carrier L by autonext

from carr show u ∈ carrier L by autonext


from carr show j ∈ s-carrier L by autoqed

lemma (in Inst-TS-mereology) dia-Loc: [[x ∈ e-carrier L; i ∈ r-carrier L; j ∈s-carrier L]] =⇒

∃ u ii jj . u ∈ carrier L ∧ ii ∈ r-carrier L ∧ jj ∈ s-carrier L ∧ i R ii

50

∧ j S jj ∧ Loc x u (RSC ii jj )proof −

assume carr : x ∈ e-carrier L i ∈ r-carrier L j ∈ s-carrier Lshow ∃ u ii jj . u ∈ carrier L ∧ ii ∈ r-carrier L ∧ jj ∈ s-carrier L ∧ i R ii ∧ j

S jj ∧ Loc x u (RSC ii jj )proof −

from carr have (∃ u ii jj . u ∈ carrier L ∧ ii ∈ r-carrier L ∧ jj ∈ s-carrierL ∧ i RL ii ∧ j SL jj ∧

(∃ y . y ∈ e-carrier L ∧ ((InstL x y u (RSC ii jj )) ∨ (InstLy x u (RSC ii jj ))))) using dia-Loc-base by auto

from this obtain u ii jj y where l : u ∈ carrier L ∧ ii ∈ r-carrier L ∧ jj ∈s-carrier L ∧ i RL ii ∧ j SL jj ∧

y ∈ e-carrier L ∧ ((InstL x y u (RSC ii jj )) ∨ (InstL yx u (RSC ii jj ))) by auto

show ∃ u ii jj . u ∈ carrier L ∧ ii ∈ r-carrier L ∧ jj ∈ s-carrier L ∧ i R ii ∧j S jj ∧ Loc x u (RSC ii jj )

proof (rule exI [of λ u. ∃ ii jj . u ∈ carrier L ∧ ii ∈ r-carrier L ∧ jj ∈s-carrier L ∧ i R ii ∧ j S jj ∧ Loc x u (RSC ii jj ) u])

show ∃ ii jj . u ∈ carrier L ∧ ii ∈ r-carrier L ∧ jj ∈ s-carrier L ∧ i R ii ∧j S jj ∧ Loc x u (RSC ii jj )

proof (rule exI [of λ ii . ∃ jj . u ∈ carrier L ∧ ii ∈ r-carrier L ∧ jj ∈s-carrier L ∧ i R ii ∧ j S jj ∧ Loc x u (RSC ii jj ) ii ])

show ∃ jj . u ∈ carrier L ∧ ii ∈ r-carrier L ∧ jj ∈ s-carrier L ∧ i R ii ∧j S jj ∧ Loc x u (RSC ii jj )

proof (rule exI [of λ jj . u ∈ carrier L ∧ ii ∈ r-carrier L ∧ jj ∈ s-carrierL ∧ i R ii ∧ j S jj ∧ Loc x u (RSC ii jj ) jj ])

from carr and l show u ∈ carrier L ∧ ii ∈ r-carrier L ∧ jj ∈ s-carrierL ∧ i R ii ∧ j S jj ∧ Loc x u (RSC ii jj ) unfolding Loc-def by auto

qedqed

qedqed

qed

lemma (in Inst-TS-mereology) Inst-strong-assym-U : [[(Inst x y u (RSC i j ));i Rii ;j S jj ;

x ∈ e-carrier L; y ∈ e-carrier L; xx ∈ e-carrier L; uu ∈ carrier L;u ∈ carrierL; i ∈ r-carrier L; j ∈ s-carrier L;

ii ∈ r-carrier L; jj ∈ s-carrier L]] =⇒ ¬(Inst y xx uu (RSC ii jj ))using Inst-box-assym-P R-sym S-sym by blast

lemma (in Inst-TS-mereology) Inst-and-TR-imp-boxS-Inst-and-TR-P : [[Inst x y u(RSC i j );TR u (RSC i j );j S jj ; Inst x yy uu (RSC i jj );

x ∈ e-carrier L; y ∈ e-carrier L; yy ∈ e-carrier L; uu ∈ carrierL;u ∈ carrier L;

i ∈ r-carrier L; j ∈ s-carrier L; jj ∈ s-carrier L]] =⇒ TR uu (RSC

51

i jj )using Inst-and-SR-imp-box-Inst-and-SR-P Inst-imp-SR-or-TR SR-imp-negTR

S-sym by meson

lemma (in Inst-TS-mereology) Inst-and-TR-imp-boxS-Inst-and-TR-U : [[Inst x y u(RSC i j );TR u (RSC i j );j S jj ; Inst xx y uu (RSC i jj );

x ∈ e-carrier L; y ∈ e-carrier L; xx ∈ e-carrier L; uu ∈ carrierL;u ∈ carrier L;

i ∈ r-carrier L; j ∈ s-carrier L; jj ∈ s-carrier L]] =⇒ TR uu (RSCi jj )

using Inst-and-SR-imp-box-Inst-and-SR-U Inst-imp-SR-or-TR SR-imp-negTRS-sym by meson

lemma (in Inst-TS-mereology) Inst-irref : [[i R i ; j S j ;x ∈ e-carrier L;i ∈ r-carrierL; j ∈ s-carrier L;u ∈ carrier L]] =⇒ (¬(Inst x x u (RSC i j )))

using Inst-box-assym-P by force

lemma (in Inst-TS-mereology) Inst-and-Inst-or-Inst-imp-box-Inst :[[Inst x y u (RSC i j ); Inst x y v (RSC ii jj ) ∨ Inst y x v (RSC ii jj );i R ii ; j S

jj ;x ∈ e-carrier L; y ∈ e-carrier L; u ∈ carrier L; v ∈ carrier L;i ∈ r-carrier L; ii ∈ r-carrier L;j ∈ s-carrier L; jj ∈ s-carrier L]]

=⇒ (Inst x y v (RSC ii jj ))using Inst-box-assym-P by force

lemma (in Inst-TS-mereology) Loc-and-SR-imp-boxS-Loc-and-SR:fixes x u i j jjassumes ass: Loc x u (RSC i j ) SR u (RSC i j ) j S jj Loc x v (RSC i jj )assumes carr : x ∈ e-carrier L u ∈ carrier L v ∈ carrier L i ∈ r-carrier L j ∈

s-carrier L jj ∈ s-carrier Lshows SR v (RSC i jj )

proof −from assms show SR v (RSC i jj ) unfolding Loc-def using Inst-and-SR-imp-box-Inst-and-SR-P

Inst-and-SR-imp-box-Inst-and-SR-U Inst-box-assym-P Inst-strong-assym-U R-ref bymeson+qed

lemma (in Inst-TS-mereology) Loc-and-TR-imp-boxS-Loc-and-TR:fixes x u v i j jjassumes ass: Loc x u (RSC i j ) TR u (RSC i j ) j S jj Loc x v (RSC i jj )assumes carr : x ∈ e-carrier L u ∈ carrier L v ∈ carrier L i ∈ r-carrier L j ∈

s-carrier L jj ∈ s-carrier Lshows TR v (RSC i jj )

proof−from assms show TR v (RSC i jj ) unfolding Loc-def using Inst-and-TR-imp-boxS-Inst-and-TR-P

Inst-and-TR-imp-boxS-Inst-and-TR-U Inst-box-assym-P Inst-strong-assym-U R-refby meson

52

qed

lemma (in Inst-TS-mereology) boxS-Loc-imp-SR-OR-boxS-Loc-imp-TR:fixes i jassumes carr : x ∈ e-carrier L i ∈ r-carrier L j ∈ s-carrier Lshows (∀ jj . jj ∈ s-carrier L ∧ j S jj −→ (∀ u. (u ∈ carrier L ∧ Loc x u (RSC

i jj ) −→ SR u (RSC i jj )))) ∨(∀ jj . jj ∈ s-carrier L ∧ j S jj −→ (∀ u. (u ∈ carrier L ∧ Loc x u (RSC i

jj ) −→ TR u (RSC i jj ))))unfolding Loc-def using assms Loc-and-SR-imp-boxS-Loc-and-SR Loc-and-TR-imp-boxS-Loc-and-TR

Inst-imp-SR-or-TR S-euclidean by (meson Loc-def )

lemma (in Inst-TS-mereology) WLocOF-imp-Id :fixes x u i jassumes WL: WLOF u x (RSC i j ) WLOF v x (RSC i j )

assumes carr : x ∈ e-carrier L u ∈ carrier L v ∈ carrier L i ∈ r-carrier L j ∈s-carrier L

shows (u= v)unfolding WLOF-def overlap-def TR-def Loc-def using le-antisym SSP by

(smt WLOF-def assms(1 ) assms(2 ))

lemma (in Inst-TS-mereology) Part-imp-boxPart :fixes x u i j ii jjassumes ass: Part x (RSC i j ) i R ii j S jj Loc x u (RSC ii jj )assumes carr : x ∈ e-carrier L u ∈ carrier L i ∈ r-carrier L j ∈ s-carrier L ii∈ r-carrier L jj ∈ s-carrier L

shows ( Part x (RSC ii jj ))unfolding Part-def Loc-def using assms Inst-and-Inst-or-Inst-imp-box-Inst

Inst-box-assym-P by (metis (no-types, hide-lams) Loc-def Part-def )

lemma (in Inst-TS-mereology) Uni-imp-boxUni :fixes x u i j ii jjassumes ass: Uni x (RSC i j ) i R ii j S jj Loc x u (RSC ii jj )assumes carr : x ∈ e-carrier L u ∈ carrier L i ∈ r-carrier L j ∈ s-carrier L ii∈ r-carrier L jj ∈ s-carrier L

shows Uni x (RSC ii jj )unfolding Uni-def Loc-def using assms Inst-and-Inst-or-Inst-imp-box-Inst

Inst-strong-assym-U by (metis (no-types, hide-lams) Loc-def Uni-def )

lemma (in Inst-TS-mereology) Cont-imp-negOcc:fixes x u i jassumes cont : Cont x (RSC i j )assumes carr : x ∈ e-carrier L i ∈ r-carrier L j ∈ s-carrier Lshows ¬(Occ x (RSC i j ))unfolding Cont-def Occ-def using assms SR-imp-negTR by (meson Cont-def

S-ref boxS-Loc-imp-SR-OR-boxS-Loc-imp-TR)

53

lemma (in Inst-TS-mereology) Cont-and-Loc-imp-SR:fixes x u i jassumes cont : Cont x (RSC i j )

assumes loc: Loc x u (RSC i j )assumes carr : x ∈ e-carrier L u ∈ carrier L i ∈ r-carrier L j ∈ s-carrier Lshows SR u (RSC i j )unfolding Cont-def Loc-def using assms by (meson Cont-def Loc-and-SR-imp-boxS-Loc-and-SR

S5-RS-frame.S-ref S5-RS-frame-axioms)

lemma (in Inst-TS-mereology) Occ-and-Loc-imp-TR:fixes x u i jassumes occ: Occ x (RSC i j )

assumes loc: Loc x u (RSC i j )assumes carr : x ∈ e-carrier L u ∈ carrier L i ∈ r-carrier L j ∈ s-carrier Lshows TR u (RSC i j )unfolding Occ-def Loc-def using assms by (meson Loc-and-TR-imp-boxS-Loc-and-TR

Occ-def S5-RS-frame.S-ref S5-RS-frame-axioms)

lemma (in Inst-TS-mereology) Occ-imp-PE :fixes x i jassumes occ: Occ x (RSC i j )assumes carr : x ∈ e-carrier L i ∈ r-carrier L j ∈ s-carrier Lshows PE x (RSC i j )unfolding Occ-def PE-def using assms by (meson Occ-def TR-imp-negSIMU )

lemma (in Inst-TS-mereology) Cont-and-Part-and-Loc-and-SIMU-imp-Id :fixes x y u v i jassumes cont : Cont x (RSC i j )assumes part : Part x (RSC i j )assumes loc: Loc x u (RSC i j ) Loc x v (RSC i j )

assumes simu: SIMU u v (RSC i j )assumes carr : x ∈ e-carrier L u ∈ carrier L v ∈ carrier L i ∈ r-carrier L j ∈

s-carrier Lshows u = v

proof−from loc have (∃ y . y ∈ e-carrier L ∧ (InstL x y u (RSC i j ) ∨ InstL y x u

(RSC i j ))) unfolding Loc-def by autofrom this obtain y where l0 : y ∈ e-carrier L ∧ (InstL x y u (RSC i j ) ∨ InstL

y x u (RSC i j )) by autofrom loc have (∃ y . y ∈ e-carrier L ∧ (InstL x y v (RSC i j ) ∨ InstL y x v

(RSC i j ))) unfolding Loc-def by autofrom this obtain y1 where l1 : y1 ∈ e-carrier L ∧ (InstL x y1 v (RSC i j ) ∨

InstL y1 x v (RSC i j )) by autofrom carr cont loc have l2 : SR u (RSC i j ) using Cont-and-Loc-imp-SR by

blastfrom carr cont loc have l3 : SR v (RSC i j ) using Cont-and-Loc-imp-SR by

blastfrom l0 have inst-0-cases: InstL x y u (RSC i j ) ∨ InstL y x u (RSC i j ) by

54

autofrom l1 have inst-1-cases: InstL x y1 v (RSC i j ) ∨ InstL y1 x v (RSC i j ) by

autohave inst-0-0 : InstL x y u (RSC i j ) =⇒ u = vproof−

assume a1 : InstL x y u (RSC i j )show u = vproof−

have inst-0-1 : InstL x y1 v (RSC i j ) =⇒ u = vproof−

assume a2 : InstL x y1 v (RSC i j )show u = vproof (rule Inst-SR-SIMU-imp-Id [of x y u i j y1 v ])

from a1 show Inst x y u (RSC i j ) by autonext

from l2 show SR u (RSC i j ) by autonext

from a2 show Inst x y1 v (RSC i j ) by autonext

from simu show SIMU u v (RSC i j ) by autonext

from carr l0 l1 show x ∈ e-carrier L y ∈ e-carrier L y1 ∈ e-carrier L u∈ carrier L v ∈ carrier L i ∈ r-carrier L j ∈ s-carrier L by auto

qedqedhave inst-0-2 : InstL y1 x v (RSC i j ) =⇒ u = vproof−

assume a2 : InstL y1 x v (RSC i j )from carr l0 l1 a1 a2 show u = v using Inst-box-assym-P by blast

qedfrom inst-1-cases inst-0-1 inst-0-2 show u = v by fast

qedqedhave inst-1-0 : InstL y x u (RSC i j ) =⇒ u = vproof−

assume a1 : InstL y x u (RSC i j )show u = vproof−

have inst-1-1 : InstL x y1 v (RSC i j ) =⇒ u = vproof−

assume a2 : InstL x y1 v (RSC i j )from carr l0 l1 a1 a2 show u = v using Inst-box-assym-P by blast

qedhave inst-1-2 : InstL y1 x v (RSC i j ) =⇒ u = vproof−

assume a2 : InstL y1 x v (RSC i j )show u = vproof−

from part have (∃ y u. y ∈ e-carrier L ∧ u ∈ carrier L ∧ InstL x y u

55

(RSC i j )) unfolding Part-def by autofrom this obtain yy uu where yy ∈ e-carrier L ∧ uu ∈ carrier L ∧ InstL

x yy uu (RSC i j ) by autofrom carr this l0 l1 a1 a2 show u = v using Inst-box-assym-P by blast

qedqedfrom inst-1-cases inst-1-1 inst-1-2 show u = v by fast

qedqedfrom inst-0-cases inst-0-0 inst-1-0 show u = v by fast

qed

lemma (in Inst-TS-mereology) Occ-and-Part-and-Loc-imp-Id :fixes x y u v i jassumes occ: Occ x (RSC i j )assumes part : Part x (RSC i j )assumes loc: Loc x u (RSC i j ) Loc x v (RSC i j )assumes carr : x ∈ e-carrier L u ∈ carrier L v ∈ carrier L i ∈ r-carrier L j ∈

s-carrier Lshows u = v

proof−from loc have (∃ y . y ∈ e-carrier L ∧ (InstL x y u (RSC i j ) ∨ InstL y x u

(RSC i j ))) unfolding Loc-def by autofrom this obtain y where l0 : y ∈ e-carrier L ∧ (InstL x y u (RSC i j ) ∨ InstL

y x u (RSC i j )) by autofrom loc have (∃ y . y ∈ e-carrier L ∧ (InstL x y v (RSC i j ) ∨ InstL y x v

(RSC i j ))) unfolding Loc-def by autofrom this obtain y1 where l1 : y1 ∈ e-carrier L ∧ (InstL x y1 v (RSC i j ) ∨

InstL y1 x v (RSC i j )) by autofrom carr occ loc have l2 : TR u (RSC i j ) using Occ-and-Loc-imp-TR by blastfrom carr occ loc have l3 : TR v (RSC i j ) using Occ-and-Loc-imp-TR by blast

from assms l0 l1 l2 l3 show ?thesis using Inst-TR-imp-Id Inst-box-assym-P by(meson Part-def R-ref S-ref )qed

lemma (in Inst-TS-mereology) Cont-imp-boxS-Cont :fixes x i j jjassumes carr : x ∈ e-carrier L i ∈ r-carrier L j ∈ s-carrier L jj ∈ s-carrier Lassumes ass: Cont x (RSC i j ) j S jj PE x (RSC i jj )shows Cont x (RSC i jj )

proof (rule ContI )from ass show PE x (RSC i jj ) by auto

nextfrom ass(1 ) have (∃ u. u ∈ carrier L ∧ LocL x u (RSC i j ) ∧ SRL u (RSC i

j )) unfolding Cont-def by autofrom this obtain u where lu: u ∈ carrier L ∧ LocL x u (RSC i j ) ∧ SRL u

(RSC i j ) by auto

56

from ass have (∃ u v . u ∈ carrier L ∧ v ∈ carrier L ∧ LocL x u (RSC i jj ) ∧LocL x v (RSC i jj ) ∧ ¬(SIMUL u v (RSC i jj ))) ∧

x ∈ e-carrier L ∧ i ∈ r-carrier L ∧ jj ∈ s-carrier L unfoldingPE-def by simp

from this obtain uu where (∃ v . uu ∈ carrier L ∧ v ∈ carrier L ∧ LocL x uu(RSC i jj ) ∧ LocL x v (RSC i jj ) ∧ ¬(SIMUL uu v (RSC i jj ))) by auto

from this obtain v where lv : (uu ∈ carrier L ∧ v ∈ carrier L ∧ LocL x uu(RSC i jj ) ∧ LocL x v (RSC i jj ) ∧ ¬(SIMUL uu v (RSC i jj ))) by auto

from carr ass lu lv have x ∈ e-carrier L ∧ LocL x u (RSC i j ) ∧ SRL u (RSCi j ) ∧ LocL x v (RSC i jj ) ∧ j S jj ∧ u ∈ carrier L ∧ v ∈ carrier L ∧

i ∈ r-carrier L ∧ j ∈ s-carrier L ∧ jj ∈ s-carrier L by autofrom this have SRL v (RSC i jj ) using Loc-and-SR-imp-boxS-Loc-and-SR by

blastfrom this lu lv show ∃ u. u ∈ carrier L ∧ Loc x u (RSC i jj ) ∧ SR u (RSC i

jj ) by forcenext



from carr show jj ∈ s-carrier L by autoqed

lemma (in Inst-TS-mereology) Occ-imp-boxS-Occ:fixes x i j jjassumes carr : x ∈ e-carrier L i ∈ r-carrier L j ∈ s-carrier L jj ∈ s-carrier Lassumes ass: Occ x (RSC i j ) j S jj PE x (RSC i jj )shows (Occ x (RSC i jj ))

proof (rule OccI )from ass(1 ) have (∃ u. u ∈ carrier L ∧ LocL x u (RSC i j ) ∧ TRL u (RSC i

j )) unfolding Occ-def by autofrom this obtain u where lu: u ∈ carrier L ∧ LocL x u (RSC i j ) ∧ TRL u

(RSC i j ) by autofrom ass have (∃ u v . u ∈ carrier L ∧ v ∈ carrier L ∧ LocL x u (RSC i jj ) ∧

LocL x v (RSC i jj ) ∧ ¬(SIMUL u v (RSC i jj ))) ∧x ∈ e-carrier L ∧ i ∈ r-carrier L ∧ jj ∈ s-carrier L unfolding

PE-def by simpfrom this obtain uu where (∃ v . uu ∈ carrier L ∧ v ∈ carrier L ∧ LocL x uu

(RSC i jj ) ∧ LocL x v (RSC i jj ) ∧ ¬(SIMUL uu v (RSC i jj ))) by autofrom this obtain v where lv : (uu ∈ carrier L ∧ v ∈ carrier L ∧ LocL x uu

(RSC i jj ) ∧ LocL x v (RSC i jj ) ∧ ¬(SIMUL uu v (RSC i jj ))) by autofrom carr ass lu lv have x ∈ e-carrier L ∧ LocL x u (RSC i j ) ∧ TRL u (RSC

i j ) ∧ LocL x v (RSC i jj ) ∧ j S jj ∧ u ∈ carrier L ∧ v ∈ carrier L ∧i ∈ r-carrier L ∧ j ∈ s-carrier L ∧ jj ∈ s-carrier L by auto

from this have TRL v (RSC i jj ) using Loc-and-TR-imp-boxS-Loc-and-TR byblast

from this lu lv show ∃ u. u ∈ carrier L ∧ Loc x u (RSC i jj ) ∧ TR u (RSC i

57

jj ) by forcenext




lemma (in Inst-TS-mereology) dia-E :fixes x t i jassumes carr : x ∈ e-carrier L i ∈ r-carrier L j ∈ s-carrier Lshows (∃ ii jj t . ii ∈ r-carrier L ∧ jj ∈ s-carrier L ∧ t ∈ carrier L ∧ i R ii ∧

j S jj ∧ E x t (RSC ii jj ))proof −from carr have ∃ u ii jj . u ∈ carrier L ∧ ii ∈ r-carrier L ∧ jj ∈ s-carrier L ∧ iR ii ∧ j S jj ∧ Loc x u (RSC ii jj ) using dia-Loc by autofrom this obtain u where ∃ ii jj . u ∈ carrier L ∧ ii ∈ r-carrier L ∧ jj ∈ s-carrierL ∧ i R ii ∧ j S jj ∧ Loc x u (RSC ii jj ) by autofrom this obtain ii where ∃ jj . u ∈ carrier L ∧ ii ∈ r-carrier L ∧ jj ∈ s-carrierL ∧ i R ii ∧ j S jj ∧ Loc x u (RSC ii jj ) by autofrom this obtain jj where l1 : u ∈ carrier L ∧ ii ∈ r-carrier L ∧ jj ∈ s-carrierL ∧ i R ii ∧ j S jj ∧ Loc x u (RSC ii jj ) by autofrom carr l1 have ∃ t . t ∈ carrier L ∧ TS t (RSC ii jj ) ∧ t .O u using TS-and-ORby autofrom this obtain t where l2 : t ∈ carrier L ∧ TS t (RSC ii jj ) ∧ t .O u by auto

show (∃ ii jj t . ii ∈ r-carrier L ∧ jj ∈ s-carrier L ∧ t ∈ carrier L ∧ i R ii ∧ jS jj ∧ E x t (RSC ii jj ))

proof (rule exI [of λii . ∃ jj t . ii ∈ r-carrier L ∧ jj ∈ s-carrier L ∧ t ∈ carrierL ∧ i R ii ∧ j S jj ∧ E x t (RSC ii jj ) ii ])

show ∃ jj t . ii ∈ r-carrier L ∧ jj ∈ s-carrier L ∧ t ∈ carrier L ∧ i R ii ∧ j Sjj ∧ E x t (RSC ii jj )

proof (rule exI [of λjj . ∃ t . ii ∈ r-carrier L ∧ jj ∈ s-carrier L ∧ t ∈ carrierL ∧ i R ii ∧ j S jj ∧ E x t (RSC ii jj ) jj ])

show ∃ t . ii ∈ r-carrier L ∧ jj ∈ s-carrier L ∧ t ∈ carrier L ∧ i R ii ∧ j Sjj ∧ E x t (RSC ii jj )

proof (rule exI [of λt . ii ∈ r-carrier L ∧ jj ∈ s-carrier L ∧ t ∈ carrier L∧ i R ii ∧ j S jj ∧ E x t (RSC ii jj ) t ])

show ii ∈ r-carrier L ∧ jj ∈ s-carrier L ∧ t ∈ carrier L ∧ i R ii ∧ j S jj∧ E x t (RSC ii jj ) by (meson E-I O-sym carr(1 ) l1 l2 )

qedqed

qedqed

lemma (in Inst-TS-mereology) PE-imp-WLOF :

58

fixes x i jassumes pe: PE x (RSC i j )assumes carr : x ∈ e-carrier L i ∈ r-carrier L j ∈ s-carrier Lshows ∃ u. u ∈ carrier L ∧ WLOF u x (RSC i j )

proof −from pe have (∃ uu vv . uu ∈ carrier L ∧ vv ∈ carrier L ∧ LocL x uu (RSC i

j ) ∧ LocL x vv (RSC i j ) ∧ ¬(SIMUL uu vv (RSC i j ))) ∧x ∈ e-carrier L ∧ i ∈ r-carrier L ∧ j ∈ s-carrier L unfolding

PE-def by autofrom this obtain uu vv where l1 : uu ∈ carrier L ∧ vv ∈ carrier L ∧ LocL x

uu (RSC i j ) ∧ LocL x vv (RSC i j ) ∧ ¬(SIMUL uu vv (RSC i j )) ∧x ∈ e-carrier L ∧ i ∈ r-carrier L ∧ j ∈ s-carrier L by auto

from l1 have (∃ y . y ∈ e-carrier L ∧ (InstL x y uu (RSC i j ) ∨ InstL y x uu(RSC i j ))) ∧

(∃ y . y ∈ e-carrier L ∧ (InstL x y vv (RSC i j ) ∨ InstL y x vv(RSC i j ))) ∧

¬(SIMUL uu vv (RSC i j )) ∧x ∈ e-carrier L ∧ uu ∈ carrier L ∧ vv ∈ carrier L ∧ i ∈ r-carrier

L ∧ j ∈ s-carrier L unfolding Loc-def by blastfrom this have (∃w . w ∈ carrier L ∧ TRL w (RSC i j ) ∧

w =⊔

L {uu. uu ∈ carrier L ∧ (∃ y . y ∈ e-carrier L ∧ (InstL xy uu (RSC i j ) ∨ InstL y x uu (RSC i j )))}) using ax-PE-imp-WLOF by blast

from this obtain w where l2 : w ∈ carrier L ∧ TRL w (RSC i j ) ∧w =

⊔L {uu. uu ∈ carrier L ∧ (∃ y . y ∈ e-carrier L ∧ (InstL x

y uu (RSC i j ) ∨ InstL y x uu (RSC i j )))} by autofrom carr have l3 : {uu. uu ∈ carrier L ∧ (∃ y . y ∈ e-carrier L ∧ (InstL x y uu

(RSC i j ) ∨ InstL y x uu (RSC i j )))} ={uu. uu ∈ carrier L ∧ Loc x uu (RSC i j )} using Loc-def by fastforce

from l2 l3 have l4 : w ∈ carrier L ∧ TRL w (RSC i j ) ∧w =

⊔L {uu. uu ∈ carrier L ∧ Loc x uu (RSC i j )} by auto

from carr l4 have w ∈ carrier L ∧ WLOF w x (RSC i j ) using WLOF-defby fastforce

from this show ?thesis by autoqed

5 Parthood for continuant and occurrant particu-lars

definition PCont :: - ⇒ ′b ⇒ ′b ⇒ ′a ⇒ ′a RS ⇒ bool (PCont ı) wherePContL x y t w ≡ ContL x w ∧ ContL y w ∧ TSL t w ∧

(∃ z zz u v . z ∈ e-carrier L ∧ zz ∈ e-carrier L ∧ u ∈carrier L ∧ v ∈ carrier L ∧

InstL x z u w ∧ InstL y zz v w ∧ u vL v ∧ vvL t) ∧

x ∈ e-carrier L ∧ y ∈ e-carrier L ∧ t ∈ carrier L ∧ r-RSw ∈ r-carrier L ∧ s-RS w ∈ s-carrier L

lemma PCont-I :

59

fixes L (structure)fixes x y t i jassumes ContL x (RSC i j )assumes ContL y (RSC i j )assumes TSL t (RSC i j )assumes (∃ z zz u v . z ∈ e-carrier L ∧ zz ∈ e-carrier L ∧ u ∈ carrier L ∧ v ∈

carrier L ∧InstL x z u (RSC i j ) ∧ InstL y zz v (RSC i j )

∧ u vL v ∧ v vL t)assumes x ∈ e-carrier L y ∈ e-carrier L t ∈ carrier L i ∈ r-carrier L j ∈

s-carrier Lshows PContL x y t (RSC i j ) using assms by (simp add : PCont-def )

lemma (in Inst-TS-mereology) Cont-Part-E-imp-PCont-ref :fixes x t i jassumes cont : Cont x (RSC i j )assumes part : Part x (RSC i j )assumes ex : EL x t (RSC i j )assumes carr : x ∈ e-carrier L t ∈ carrier L i ∈ r-carrier L j ∈ s-carrier Lshows PContL x x t (RSC i j )

proof (rule PCont-I )from cont show Cont x (RSC i j ) by auto

nextfrom cont show Cont x (RSC i j ) by auto

nextfrom ex show TSL t (RSC i j ) unfolding E-def by auto

nextfrom cont have PEL x (RSC i j ) ∧ (∃ u. u ∈ carrier L ∧ LocL x u (RSC i j )∧ SRL u (RSC i j )) unfolding Cont-def by auto

from this obtain u where l1 : u ∈ carrier L ∧ LocL x u (RSC i j ) ∧ SRL u(RSC i j ) by autofrom l1 have (∃ y . y ∈ e-carrier L ∧ (InstL x y u (RSC i j ) ∨ InstL y x u (RSC

i j ))) unfolding Loc-def by autofrom this obtain y where l2 : y ∈ e-carrier L ∧ (InstL x y u (RSC i j ) ∨ InstL

y x u (RSC i j )) by autofrom part have (∃ y u. y ∈ e-carrier L ∧ u ∈ carrier L ∧ InstL x y u (RSC i

j )) unfolding Part-def by autofrom this obtain yy uu where l3 : yy ∈ e-carrier L ∧ uu ∈ carrier L ∧ InstL

x yy uu (RSC i j ) by autofrom carr l1 l2 l3 have ¬ InstL y x u (RSC i j ) using Inst-box-assym-P by

blastfrom this l2 have l4 : InstL x y u (RSC i j ) by autofrom l1 have (∃ t . t ∈ carrier L ∧ TSL t (RSC i j ) ∧ u vL t) unfolding SR-def

by autofrom this obtain tt where l5 : tt ∈ carrier L ∧ TSL tt (RSC i j ) ∧ u vL tt by

autofrom ex have l6 : TSL t (RSC i j ) ∧ (∃ u. u ∈ carrier L ∧ LocL x u (RSC i j )

60

∧ u .OL t) unfolding E-def by autofrom this obtain v where l7 : v ∈ carrier L ∧ LocL x v (RSC i j ) ∧ v .OL t

by autofrom carr cont l7 have SR v (RSC i j ) using Cont-and-Loc-imp-SR by autofrom carr this l6 l7 have l8 : v vL t using SR-and-TS-and-O-imp-le by blastfrom carr l1 l2 l4 l7 l8 show ∃ z zz u v .

z ∈ e-carrier L ∧zz ∈ e-carrier L ∧ u ∈ carrier L ∧ v ∈ carrier L ∧ Inst x z u (RSC i j ) ∧ Inst x

zz v (RSC i j ) ∧ u v v ∧ v v t by (metis (no-types, hide-lams) Inst-box-assym-PLoc-def R-ref S-ref local .le-refl)next

from carr show x ∈ e-carrier L t ∈ carrier L i ∈ r-carrier L j ∈ s-carrier L x∈ e-carrier L by autoqed

lemma (in Inst-TS-mereology) PCont-ref-imp-E : [[PContL x x t (RSC i j ); x ∈e-carrier L; t ∈ carrier L;

i ∈ r-carrier L; j ∈ s-carrier L]] =⇒E x t (RSC i j )

unfolding PCont-def using E-I by (metis (no-types, lifting) Inst-imp-LocO-refl le-impl-O-impl-O)

lemma (in Inst-TS-mereology) Part-and-Cont-imp-E-iff-PCont-ref : [[PartL x (RSCi j );ContL x (RSC i j ); x ∈ e-carrier L; t ∈ carrier L;

i ∈ r-carrier L; j ∈ s-carrier L]] =⇒(PContL x x t (RSC i j ) = E x t (RSC i j ))

using Cont-Part-E-imp-PCont-ref PCont-ref-imp-E by blast

lemma (in Inst-TS-mereology) PCont-trans: [[PContL x y t (RSC i j ); PContLy z t (RSC i j );

x ∈ e-carrier L; y ∈ e-carrier L; z ∈ e-carrier L; i ∈ r-carrierL; j ∈ s-carrier L; t ∈ carrier L]] =⇒

PContL x z t (RSC i j )unfolding PCont-def using le-trans by (smt Inst-TS-mereology .Inst-SR-SIMU-imp-Id

Inst-TS-mereology-axioms SIMU-I SR-I )

definition POcc :: - ⇒ ′b ⇒ ′b ⇒ ′a RS ⇒ bool (POccı) wherePOccL x y w ≡ (∃ z zz u v . z ∈ e-carrier L ∧ zz ∈ e-carrier L ∧ u ∈ carrier L∧ v ∈ carrier L ∧

InstL x z u w ∧ InstL y zz v w ∧ u vL v ∧TRL u w ∧ TRL v w) ∧

x ∈ e-carrier L ∧ y ∈ e-carrier L ∧ r-RS w ∈ r-carrierL ∧ s-RS w ∈ s-carrier L

lemma (in Inst-TS-mereology) Part-imp-Occ-imp-POcc-ref : [[Part x (RSC i j );OccL x (RSC i j );

61

x ∈ e-carrier L;i ∈ r-carrier L; j ∈ s-carrier L]] =⇒POccL x x (RSC i j )

unfolding Part-def Occ-def POcc-def using le-refl by (meson Inst-imp-LocSR-imp-negTR S-ref boxS-Loc-imp-SR-OR-boxS-Loc-imp-TR)

lemma (in Inst-TS-mereology) Part-imp-POcc-ref-imp-Occ: [[Part x (RSC i j );POccL x x (RSC i j );

x ∈ e-carrier L;i ∈ r-carrier L; j ∈ s-carrier L]] =⇒OccL x (RSC i j )

unfolding Part-def Occ-def POcc-def by (meson Loc-def PE-def TR-imp-negSIMU )

lemma (in Inst-TS-mereology) Part-imp-POcc-ref-iff-Occ: [[Part x (RSC i j );x ∈ e-carrier L;i ∈ r-carrier L; j ∈ s-carrier L]] =⇒(POccL x x (RSC i j ) = OccL x (RSC i j ))

using Part-imp-Occ-imp-POcc-ref Part-imp-POcc-ref-imp-Occ by blast

lemma (in Inst-TS-mereology) POcc-trans: [[POccL x y (RSC i j ); POccL y z(RSC i j );

x ∈ e-carrier L; y ∈ e-carrier L; z ∈ e-carrier L; i ∈ r-carrierL; j ∈ s-carrier L]] =⇒

POccL x z (RSC i j )unfolding POcc-def using le-trans Inst-TR-imp-Id by (metis (no-types,

lifting))


oops

end

theory AtE-Inst-TS-mereology imports Inst-TS-mereology

begin

6 Atomic entities

locale AtE-Inst-TS-mereology = Inst-TS-mereology L for L (structure) +assumes AtE-exist : [[i ∈ r-carrier L; j ∈ s-carrier L]] =⇒ (∃ x . x ∈ e-carrier L∧ AtEL x (RSC i j )) and

AtE-set-finite: [[i ∈ r-carrier L; j ∈ s-carrier L]] =⇒ finite { x . x ∈

62

e-carrier L ∧ AtE x (RSC i j )} andAtE-imp-box-AtE : [[AtE x (RSC i j );i R ii ;j S jj ;

x ∈ e-carrier L; i ∈ r-carrier L; j ∈ s-carrier L; ii ∈ r-carrier L;jj ∈ s-carrier L]]

=⇒ (AtE x (RSC ii jj )) andAtE-imp-box-Inst : [[AtE x (RSC i j );i R ii ;j S jj ;

x ∈ e-carrier L; i ∈ r-carrier L; j ∈ s-carrier L; ii ∈ r-carrier L;jj ∈ s-carrier L]]

=⇒ (∃ y u. y ∈ e-carrier L ∧ u ∈ carrier L ∧ Inst x y u (RSCii jj )) and

AtE-imp-TS-imp-Inst-and-PP : [[AtE x (RSC i j ); x ∈ e-carrier L; i ∈r-carrier L; j ∈ s-carrier L]]

=⇒ (∃ jj . jj ∈ s-carrier L ∧ j S jj ∧(∀ t . t ∈ carrier L ∧ TS t (RSC i jj ) −→

(∃ y u. y ∈ e-carrier L ∧ u ∈ carrier L ∧ Inst xy u (RSC i jj ) ∧ u @ t ))) and

AtE-and-Inst-imp-exists-TS-P : [[AtE x (RSC i j ); Inst x y u (RSC i j );u ∈ carrier L; x ∈ e-carrier L; y ∈ e-carrier L; i ∈

r-carrier L; j ∈ s-carrier L]]=⇒ (∃ t . t ∈ carrier L ∧ TS t (RSC i j ) ∧ u v t )

andAtE-imp-boxS-Inst-and-Inst-and-negSIMU : [[AtE x (RSC i j ); j S jj ; x ∈

e-carrier L; i ∈ r-carrier L; j ∈ s-carrier L; jj ∈ s-carrier L]] =⇒(∃ y u v . y ∈ e-carrier L ∧ u ∈ carrier L ∧ v ∈ carrier L ∧ Inst x y u

(RSC i jj ) ∧ Inst x y v (RSC i jj ) ∧ ¬ SIMU u v (RSC i jj )) andAtE-and-AtE-and-Inst-and-Inst-and-P-imp-Id : [[AtE x1 (RSC i j ); AtE x2

(RSC i j ); Inst x1 y1 u1 (RSC i j ); Inst x2 y2 u2 (RSC i j ); u2 v u1 ;x1 ∈ e-carrier L; x2 ∈ e-carrier L; y1 ∈

e-carrier L; y2 ∈ e-carrier L;u1 ∈ carrier L; u2 ∈ carrier L;i ∈ r-carrier L; j ∈ s-carrier L ]] =⇒x1 = x2


oops

lemma (in AtE-Inst-TS-mereology) AtE-and-L-imp-SR:fixes x i j uassumes at : AtEL x (RSC i j )assumes loc: LocL x u (RSC i j )assumes carr : x ∈ e-carrier L u ∈ carrier L i ∈ r-carrier L j ∈ s-carrier Lshows SRL u (RSC i j )

proof −from loc have (∃ y . (y ∈ e-carrier L ∧ ((InstL x y u (RSC i j )) ∨ (InstL y

63

x u (RSC i j ))))) ∧x ∈ e-carrier L ∧ u ∈ carrier L ∧ i ∈ r-carrier L ∧ j ∈ s-carrier

L unfolding Loc-def by autofrom this obtain y where l1 : y ∈ e-carrier L ∧ ((InstL x y u (RSC i j )) ∨

(InstL y x u (RSC i j ))) ∧x ∈ e-carrier L ∧ u ∈ carrier L ∧ i ∈ r-carrier L ∧ j ∈ s-carrier

L by autofrom this have inst-cases: ((InstL x y u (RSC i j )) ∨ (InstL y x u (RSC i

j ))) by autofrom at carr l1 have (InstL y x u (RSC i j )) =⇒ False using AtE-imp-box-Inst

Inst-strong-assym-U by blastfrom this and inst-cases have l2 : (InstL x y u (RSC i j )) by autofrom at carr l2 l1 have (∃ t . t ∈ carrier L ∧ TS t (RSC i j ) ∧ u v t ) using

AtE-and-Inst-imp-exists-TS-P by blastfrom this carr show SRL u (RSC i j ) using SR-I by fast

qed

lemma (in AtE-Inst-TS-mereology) AtE-imp-boxL:fixes x i ii j jjassumes at : AtE x (RSC i j )assumes r-s: i R ii j S jjassumes carr : x ∈ e-carrier L i ∈ r-carrier L ii ∈ r-carrier L j ∈ s-carrier L

jj ∈ s-carrier Lshows (∃ u. u ∈ carrier L ∧ Loc x u (RSC ii jj ))

proof −from assms have (∃ y u. y ∈ e-carrier L ∧ u ∈ carrier L ∧ Inst x y u (RSC ii

jj )) using AtE-imp-box-Inst by autofrom this obtain y where (∃ u. y ∈ e-carrier L ∧ u ∈ carrier L ∧ Inst x y u

(RSC ii jj )) by autofrom this obtain u where l1 : (y ∈ e-carrier L ∧ u ∈ carrier L ∧ Inst x y u

(RSC ii jj )) by autoshow (∃ u. u ∈ carrier L ∧ Loc x u (RSC ii jj ))proof (rule exI [of λu. u ∈ carrier L ∧ Loc x u (RSC ii jj ) u])

show u ∈ carrier L ∧ Loc x u (RSC ii jj )proof (unfold Loc-def )show u ∈ carrier L ∧ (∃ y . y ∈ e-carrier L ∧ (Inst x y u (RSC ii jj ) ∨ Inst y

x u (RSC ii jj ))) ∧x ∈ e-carrier L ∧ u ∈ carrier L ∧ r-RS (RSC ii jj ) ∈ r-carrier L ∧ s-RS (RSC

ii jj ) ∈ s-carrier L using assms l1 by fastforceqed

qedqed

lemma (in AtE-Inst-TS-mereology) AtE-imp-exists-TS-E :fixes x i jassumes at : AtE x (RSC i j )

64

assumes carr : x ∈ e-carrier L i ∈ r-carrier L j ∈ s-carrier Lshows ∃ jj . jj ∈ s-carrier L ∧ j S jj ∧ (∀ t . t ∈ carrier L ∧ TS t (RSC i jj ) −→

E x t (RSC i jj ))proof−

from at carr have (∃ jj . jj ∈ s-carrier L ∧ j S jj ∧(∀ t . t ∈ carrier L ∧ TS t (RSC i jj ) −→

(∃ y u. y ∈ e-carrier L ∧ u ∈ carrier L ∧ Inst xy u (RSC i jj ) ∧ u @ t )))

using AtE-imp-TS-imp-Inst-and-PP by autofrom this obtain jj where l1 : jj ∈ s-carrier L ∧ j S jj ∧

(∀ t . t ∈ carrier L ∧ TS t (RSC i jj ) −→(∃ y u. y ∈ e-carrier L ∧ u ∈ carrier L ∧ Inst x

y u (RSC i jj ) ∧ u @ t )) by autohave ll : (∀ t . t ∈ carrier L ∧ TS t (RSC i jj ) −→ E x t (RSC i jj ))proof

fix tshow t ∈ carrier L ∧ TS t (RSC i jj ) −→ E x t (RSC i jj )proof

assume a1 :t ∈ carrier L ∧ TS t (RSC i jj )show E x t (RSC i jj )proof−

from l1 have (∀ t . t ∈ carrier L ∧ TS t (RSC i jj ) −→(∃ y u. y ∈ e-carrier L ∧ u ∈ carrier L ∧ Inst x

y u (RSC i jj ) ∧ u @ t )) by autofrom this a1 have (∃ y u. y ∈ e-carrier L ∧ u ∈ carrier L ∧ Inst x y u

(RSC i jj ) ∧ u @ t ) by autofrom this obtain y u where l2 : y ∈ e-carrier L ∧ u ∈ carrier L ∧ Inst x

y u (RSC i jj ) ∧ u @ t by autofrom this carr l1 l2 have Loc x u (RSC i jj ) ∧ u v t using Loc-def by

(metis (no-types, lifting) lless-imp-le r-RS .simps s-RS .simps)from this a1 l1 l2 carr show E x t (RSC i jj ) using E-I by (metis

le-impl-O)qed

qedqedfrom l1 ll show ?thesis by blast

qed

lemma (in AtE-Inst-TS-mereology) AtE-imp-boxPart :fixes x i ii j jjassumes at : AtE x (RSC i j )assumes r-s: i R ii j S jjassumes carr : x ∈ e-carrier L i ∈ r-carrier L ii ∈ r-carrier L j ∈ s-carrier L

jj ∈ s-carrier Lshows (Part x (RSC ii jj )) using assms AtE-imp-box-Inst Part-def by fastforce

65

lemma (in AtE-Inst-TS-mereology) AtE-imp-boxS-PE :fixes x i j jjassumes at : AtE x (RSC i j )assumes s: j S jjassumes carr : x ∈ e-carrier L i ∈ r-carrier L j ∈ s-carrier L jj ∈ s-carrier Lshows (PE x (RSC i jj ))

proof (rule PE-I )show ∃ u v . u ∈ carrier L ∧ v ∈ carrier L ∧ Loc x u (RSC i jj ) ∧ Loc x v (RSC

i jj ) ∧ ¬ SIMU u v (RSC i jj )proof −

from assms have (∃ y u v . y ∈ e-carrier L ∧ u ∈ carrier L ∧ v ∈ carrier L ∧Inst x y u (RSC i jj ) ∧ Inst x y v (RSC i jj ) ∧ ¬ SIMU u v (RSC i jj )) usingAtE-imp-boxS-Inst-and-Inst-and-negSIMU by auto

from this obtain y u v where l1 : y ∈ e-carrier L ∧ u ∈ carrier L ∧ v ∈carrier L ∧ Inst x y u (RSC i jj ) ∧ Inst x y v (RSC i jj ) ∧ ¬ SIMU u v (RSC ijj ) by auto

from l1 carr have l2 : Loc x u (RSC i jj ) using Inst-imp-Loc by autofrom l1 carr have l3 : Loc x v (RSC i jj ) using Inst-imp-Loc by autofrom carr l1 l2 l3 show ?thesis by auto

qednext




lemma (in AtE-Inst-TS-mereology) AtE-imp-box-L-imp-SR:fixes x u i ii j jjassumes at : AtE x (RSC i j )assumes loc: Loc x u (RSC ii jj )assumes r-s: i R ii j S jjassumes carr : x ∈ e-carrier L u ∈ carrier L i ∈ r-carrier L ii ∈ r-carrier L j ∈

s-carrier L jj ∈ s-carrier Lshows SR u (RSC ii jj ) using assms AtE-and-L-imp-SR AtE-imp-box-AtE by

blast

lemma (in AtE-Inst-TS-mereology) AtE-imp-boxS-Cont :fixes x i j jjassumes at : (AtE x (RSC i j ))assumes s: j S jjassumes carr : x ∈ e-carrier L i ∈ r-carrier L j ∈ s-carrier L jj ∈ s-carrier Lshows (Cont x (RSC i jj )) using assms Cont-def AtE-imp-boxS-PE AtE-imp-boxL

R-ref AtE-and-L-imp-SR AtE-imp-box-AtE by (metis (no-types, hide-lams) PE-def )

66

lemma (in AtE-Inst-TS-mereology) AtE-and-AtE-and-PCont-or-PCont-imp-Id :fixes x y i j tassumes at : AtEL x (RSC i j ) AtEL y (RSC i j )assumes PC : PContL x y t (RSC i j ) ∨ PContL y x t (RSC i j )assumes carr : x ∈ e-carrier L y ∈ e-carrier L t ∈ carrier L i ∈ r-carrier L j ∈

s-carrier Lshows x = y

proof −have PC-0 : PContL x y t (RSC i j ) =⇒ y = xproof −

assume a1 : PContL x y t (RSC i j )show y = xproof −

from a1 have ContL x (RSC i j ) ∧ ContL y (RSC i j ) ∧ TSL t (RSC i j )∧

(∃ z zz u v . z ∈ e-carrier L ∧ zz ∈ e-carrier L ∧ u ∈ carrier L ∧ v∈ carrier L ∧ InstL x z u (RSC i j ) ∧

InstL y zz v (RSC i j ) ∧ u vL v ∧ v vL t) ∧ x ∈ e-carrier L ∧ y∈ e-carrier L ∧ t ∈ carrier L ∧

i ∈ r-carrier L ∧ j ∈ s-carrier L unfolding PCont-def by autofrom this obtain z zz u v where l1 : z ∈ e-carrier L ∧ zz ∈ e-carrier L ∧

u ∈ carrier L ∧ v ∈ carrier L ∧ InstL x z u (RSC i j ) ∧InstL y zz v (RSC i j ) ∧ u vL v ∧ v vL t by auto

show y = xproof(rule AtE-and-AtE-and-Inst-and-Inst-and-P-imp-Id)

from at carr show AtE x (RSC i j ) by autonext

from at carr show AtE y (RSC i j ) by autonext

from l1 show InstL x z u (RSC i j ) by autonext

from l1 show InstL y zz v (RSC i j ) by autonext

from l1 show u vL v by autonextfrom carr show x ∈ e-carrier L y ∈ e-carrier L i ∈ r-carrier L j ∈ s-carrier

L by autonext

from l1 show z ∈ e-carrier L zz ∈ e-carrier L v ∈ carrier L u ∈ carrier Lby auto

qedqed

qedfrom assms have PC-1 : PContL y x t (RSC i j ) =⇒ x = y unfolding PCont-defusing AtE-and-AtE-and-Inst-and-Inst-and-P-imp-Id by blastfrom PC PC-0 PC-1 show ?thesis by autoqed

67


oops

end

theory S5-2D-lifted-theory imports AtE-Inst-TS-mereology

begin

7 The presentation of the formal theory in themodal language

7.1 Basic types for the lifting

type-synonym ( ′a, ′b, ′c) M-unary-a-predicate = ′a ⇒ ( ′a, ′b, ′c) AtE-Inst-TS-porder-two-sort-RS-frame-scheme⇒ ′a RS ⇒ booltype-synonym ( ′a, ′b, ′c) M-unary-a-set-predicate = ′a set ⇒ ( ′a, ′b, ′c) AtE-Inst-TS-porder-two-sort-RS-frame-scheme⇒ ′a RS ⇒ booltype-synonym ( ′a, ′b, ′c) M-unary-b-predicate = ′b ⇒ ( ′a, ′b, ′c) AtE-Inst-TS-porder-two-sort-RS-frame-scheme⇒ ′a RS ⇒ booltype-synonym ( ′a, ′b, ′c) M-unary-b-set-predicate = ′b set ⇒ ( ′a, ′b, ′c) AtE-Inst-TS-porder-two-sort-RS-frame-scheme⇒ ′a RS ⇒ bool

type-synonym ( ′a, ′b, ′c) M-bin-a-a-predicate = ′a ⇒ ′a ⇒ ( ′a, ′b, ′c) AtE-Inst-TS-porder-two-sort-RS-frame-scheme⇒ ′a RS ⇒ booltype-synonym ( ′a, ′b, ′c) M-bin-a-a-set-predicate = ′a ⇒ ′a set ⇒ ( ′a, ′b, ′c)AtE-Inst-TS-porder-two-sort-RS-frame-scheme ⇒ ′a RS ⇒ booltype-synonym ( ′a, ′b, ′c) M-bin-b-a-predicate = ′b ⇒ ′a ⇒ ( ′a, ′b, ′c) AtE-Inst-TS-porder-two-sort-RS-frame-scheme⇒ ′a RS ⇒ booltype-synonym ( ′a, ′b, ′c) M-bin-b-b-predicate = ′b ⇒ ′b ⇒ ( ′a, ′b, ′c) AtE-Inst-TS-porder-two-sort-RS-frame-scheme⇒ ′a RS ⇒ bool

type-synonym ( ′a, ′b, ′c) M-ternary-a-a-a-predicate = ′a ⇒ ′a ⇒ ′a ⇒ ( ′a, ′b,′c) AtE-Inst-TS-porder-two-sort-RS-frame-scheme ⇒ ′a RS ⇒ booltype-synonym ( ′a, ′b, ′c) M-ternary-b-b-a-predicate = ′b ⇒ ′b ⇒ ′a ⇒ ( ′a, ′b,′c) AtE-Inst-TS-porder-two-sort-RS-frame-scheme ⇒ ′a RS ⇒ bool

68

7.2 lifted definitions of HOL-based predicates

definition non-empty-M :: ( ′a, ′b, ′c) M-unary-a-set-predicate wherenon-empty-M X L w ≡ X 6= {} ∧ X ⊆ carrier L ∧ (r-RS w) ∈ (r-carrier L) ∧

(s-RS w) ∈ s-carrier L

definition finite-B-M :: ( ′a, ′b, ′c) M-unary-b-set-predicate wherefinite-B-M X L w ≡ finite X

definition finite-A-M :: ( ′a, ′b, ′c) M-unary-a-set-predicate wherefinite-A-M X L w ≡ finite X

definition in-M :: ( ′a, ′b, ′c) M-bin-a-a-set-predicate wherein-M x X L w ≡ x ∈ X ∧ x ∈ carrier L ∧ X ⊆ carrier L ∧ (r-RS w) ∈ (r-carrier

L) ∧ (s-RS w) ∈ s-carrier L

definition Id-a-M :: ( ′a, ′b, ′c) M-bin-a-a-predicate whereId-a-M x y L w ≡ x = y ∧ x ∈ carrier L ∧ y ∈ carrier L ∧ (r-RS w) ∈ (r-carrier


definition Id-b-M :: ( ′a, ′b, ′c) M-bin-b-b-predicate whereId-b-M x y L w ≡ x = y ∧ x ∈ e-carrier L ∧ y ∈ e-carrier L ∧ (r-RS w) ∈

(r-carrier L) ∧ (s-RS w) ∈ s-carrier L

7.3 Lifted version of spacetime mereology

7.3.1 Lifted definitions

definition P-M :: ( ′a, ′b, ′c) M-bin-a-a-predicate whereP-M x y L w ≡ x vL y ∧ x ∈ carrier L ∧ y ∈ carrier L ∧ (r-RS w ∈ r-carrier

L) ∧ (s-RS w ∈ s-carrier L)

definition PP-M :: ( ′a, ′b, ′c) M-bin-a-a-predicate wherePP-M x y L w ≡ x @L y ∧ x ∈ carrier L ∧ y ∈ carrier L ∧ (r-RS w) ∈ (r-carrier


definition O-M :: ( ′a, ′b, ′c) M-bin-a-a-predicate whereO-M x y L w ≡ x .OL y ∧ x ∈ carrier L ∧ y ∈ carrier L ∧ (r-RS w) ∈ (r-carrier


definition ST-M :: ( ′a, ′b, ′c) M-unary-a-predicate whereST-M x L w ≡ (STL x w) ∧ (x ∈ carrier L) ∧ (r-RS w ∈ r-carrier L) ∧ (s-RS

w ∈ s-carrier L)

definition J-M :: ( ′a, ′b, ′c) M-ternary-a-a-a-predicate whereJ-M x y z L w ≡ z = x tL y ∧ x ∈ carrier L ∧ y ∈ carrier L ∧ z ∈ carrier L∧ (r-RS w) ∈ (r-carrier L) ∧ (s-RS w) ∈ s-carrier L

definition M-M :: ( ′a, ′b, ′c) M-ternary-a-a-a-predicate where

69

M-M x y z L w ≡ is-meet L x y z ∧ x ∈ carrier L ∧ y ∈ carrier L ∧ z ∈ carrierL ∧ (r-RS w) ∈ (r-carrier L) ∧ (s-RS w) ∈ s-carrier L

definition Sum-M :: ( ′a, ′b, ′c) M-bin-a-a-set-predicate whereSum-M x X L w ≡ mSum L X x ∧ X 6= {} ∧ x ∈ carrier L ∧ X ⊆ carrier L∧ (r-RS w) ∈ (r-carrier L) ∧ (s-RS w) ∈ s-carrier L

7.3.2 Lifted axioms as theorems

lemma (in AtE-Inst-TS-mereology) J-M-idemp: b�(∀ a x . J-M x x x ) c unfoldingJ-M-def using join-idemp by simp

lemma (in AtE-Inst-TS-mereology) J-M-assoc: b�(∀ a x1 x2 x3 x4 . (∃ a xx . J-Mx1 x2 xx ∧ J-M xx x3 x4 ) ↔ (∃ a xx . J-M x2 x3 xx ∧ J-M x1 xx x4 ))c unfoldingJ-M-def using join-assoc by auto

lemma (in AtE-Inst-TS-mereology) J-M-comm: b�(∀ a x1 x2 x3 . (J-M x1 x2 x3 )↔ (J-M x2 x1 x3 ))c unfolding J-M-def using join-comm by auto

lemma (in AtE-Inst-TS-mereology) J-M-exists: b�(∀ a x y . ∃ a z . J-M x y z )cunfolding J-M-def join-def by auto

lemma (in AtE-Inst-TS-mereology) RP-M : b� (∀ a x y . PP-M x y → (∃ a z .¬ O-M z x ∧ J-M z x y))c unfolding PP-M-def J-M-def O-M-def using RP byblast

lemma (in AtE-Inst-TS-mereology) ST-M-exists: b�(∃ a x . ST-M x )c unfoldingST-M-def by (metis ST-def ST-exists)

lemma (in AtE-Inst-TS-mereology) ST-M-imp-box-ST-M : b�(∀ a x . ST-M x →(� (ST-M x )))c unfolding ST-M-def by (metis ST-def ST-exists)

7.3.3 Recover standard definitions

lemma (in AtE-Inst-TS-mereology) recover-P-M-def : b�(∀ a x1 x2 . (P-M x1 x2 )↔ (J-M x1 x2 x2 ))c unfolding P-M-def J-M-def using le-iff-join by auto

lemma (in AtE-Inst-TS-mereology) recover-O-M-def : b�(∀ a x1 x2 . (O-M x1 x2 )↔ (∃ a z . P-M z x1 ∧ P-M z x2 ))c unfolding P-M-def O-M-def overlap-def byauto

lemma (in AtE-Inst-TS-mereology) recover-PP-M-def : b�(∀ a x1 x2 . (PP-M x1x2 ) ↔ (P-M x1 x2 ∧ ¬(Id-a-M x1 x2 )))c unfolding P-M-def PP-M-def Id-a-M-defby (meson llessE llessI )

lemma (in AtE-Inst-TS-mereology) recover-Sum-M-def : b�(∀ A X . ((non-empty-MX ) → (∀ a x . (Sum-M x X ) ↔ ((∀ a y . (O-M x y) ↔ (∃ a z . (in-M z X ) ∧ O-Mz y))))))c unfolding non-empty-M-def O-M-def in-M-def Sum-M-def mSum-defby fastforce

70

lemma (in AtE-Inst-TS-mereology) recover-ST-M-def : b�(∀ a x . (ST-M x ) ↔(∀ a y . P-M y x ))c unfolding P-M-def ST-M-def ST-def by (simp add : le-top)

7.3.4 Lifted theorems

lemma (in AtE-Inst-TS-mereology) P-M-ref : b�(∀ a x . P-M x x ) c unfoldingP-M-def using le-refl by simp

lemma (in AtE-Inst-TS-mereology) P-M-antisym: b�(∀ a x y . P-M x y ∧ P-M yx → Id-a-M x y) c unfolding P-M-def Id-a-M-def by auto

lemma (in AtE-Inst-TS-mereology) P-M-trans: b�(∀ a x y z . P-M x y ∧ P-M y z→ P-M x z ) c unfolding P-M-def using le-trans by auto

lemma (in AtE-Inst-TS-mereology) J-M-unique: b�(∀ a x y z1 z2 . (J-M x y z1 ∧J-M x y z2 ) → (Id-a-M z1 z2 ) )c unfolding J-M-def Id-a-M-def by auto

lemma (in AtE-Inst-TS-mereology) P-M-SSP : b�(∀ a x y . ( ∀ a z . O-M z x →O-M z y) → P-M x y) c unfolding O-M-def P-M-def using SSP2 by auto

lemma (in AtE-Inst-TS-mereology) OM-imp-M-M : b�(∀ a x y . O-M x y → (∃ a z .M-M x y z ))c unfolding M-M-def O-M-def using is-meet-closed overlap-impl-is-meetby blast

lemma (in AtE-Inst-TS-mereology) Sum-M-unique: b�(∀ A X . ∀ a x1 x2 . (Sum-Mx1 X ∧ Sum-M x2 X ) → (Id-a-M x1 x2 ) )c unfolding Sum-M-def Id-a-M-defusing mSum-unique by (meson S5-2D-lifted-theory .Sum-M-def )

7.4 Lifted timeslice mereology (TS mereology)

7.4.1 Lifted definitions of TS mereology

definition TS-M :: ( ′a, ′b, ′c) M-unary-a-predicate whereTS-M x L w ≡ (TSL x w) ∧ x ∈ carrier L ∧ (r-RS w) ∈ (r-carrier L) ∧ (s-RS

w) ∈ s-carrier L

definition SR-M :: ( ′a, ′b, ′c) M-unary-a-predicate whereSR-M x L w ≡ (SRL x w) ∧ x ∈ carrier L ∧ (r-RS w) ∈ (r-carrier L) ∧ (s-RS

w) ∈ s-carrier L

definition TR-M :: ( ′a, ′b, ′c) M-unary-a-predicate whereTR-M x L w ≡ (TRL x w) ∧ x ∈ carrier L ∧ (r-RS w) ∈ (r-carrier L) ∧ (s-RS

w) ∈ s-carrier L

definition SIMU-M :: ( ′a, ′b, ′c) M-bin-a-a-predicate whereSIMU-M x y L w ≡ (SIMUL x y w) ∧ x ∈ carrier L ∧ y ∈ carrier L ∧ (r-RS

w) ∈ (r-carrier L) ∧ (s-RS w) ∈ s-carrier L

71

7.4.2 Recover the standard definitions

lemma (in AtE-Inst-TS-mereology) recover-SR-M-def : b�(∀ a x . SR-M x ↔ (∃ a

t . TS-M t ∧ P-M x t))c unfolding SR-M-def TS-M-def P-M-def SR-def by auto

lemma (in AtE-Inst-TS-mereology) recover-R-M-def : b�(∀ a x . TR-M x ↔ (∃ a

t1 t2 . TS-M t1 ∧ TS-M t2 ∧ ¬(O-M t1 t2 ) ∧ O-M x t1 ∧ O-M x t2 ))c unfoldingTR-M-def TS-M-def O-M-def TR-def by auto

lemma (in AtE-Inst-TS-mereology) recover-SIMU-M-def : b�(∀ a x y . SIMU-M xy ↔ (∃ a t . TS-M t ∧ P-M x t ∧ P-M y t))c unfolding SIMU-M-def TS-M-defP-M-def SIMU-def by auto

7.4.3 Lifted axioms for TS mereology as theorems

lemma (in AtE-Inst-TS-mereology) TS-M-and-O-M : b�(∀ a x . ∃ a y . TS-M y ∧O-M y x )c unfolding TS-M-def O-M-def using TS-and-OR by fastforce

lemma (in AtE-Inst-TS-mereology) TS-M-and-TS-M-and-O-M-impl-Id-a-M : b�(∀ a

x y . TS-M x ∧ TS-M y ∧ O-M x y → Id-a-M x y)cunfolding TS-M-def O-M-def Id-a-M-def using TS-and-TS-and-O-imp-Id by

auto

lemma (in AtE-Inst-TS-mereology) exists-TS-M-and-TS-M-and-negO-M : b�(∃ a

x y . TS-M x ∧ TS-M y ∧ ¬(O-M x y))cunfolding TS-M-def O-M-def using exists-TS-and-TS-and-negOR by (metis

r-RS .simps s-RS .simps)

7.4.4 Lifted theorems for TS mereology

lemma (in AtE-Inst-TS-mereology) TS-M-iff-SR-M-O-M-imp-P-M : b�(∀ a t . (TS-Mt) ↔ (SR-M t ∧ (∀ a u. SR-M u ∧ O-M t u → P-M u t )))c unfolding TS-M-defSR-M-def O-M-def P-M-def using TS-iff-SR-O-imp-P by auto

lemma (in AtE-Inst-TS-mereology) SR-M-and-P-M-imp-SR-M : b�(∀ a x y . SR-Mx ∧ P-M y x → SR-M y)c unfolding SR-M-def P-M-def using SR-and-PR-imp-SRby auto

lemma (in AtE-Inst-TS-mereology) ST-M-and-TR-M : b�(∀ a x . ST-M x →TR-M x )c unfolding ST-M-def TR-M-def using ST-imp-TR by force

lemma (in AtE-Inst-TS-mereology) STR-M-and-P-M-imp-STR-M : b�(∀ a x y .TR-M x ∧ P-M x y → TR-M y)c unfolding TR-M-def P-M-def using TR-and-PR-imp-TRby auto

lemma (in AtE-Inst-TS-mereology) STR-M-imp-negSR-M : b�(∀ a x . TR-M x →¬(SR-M x ))c unfolding TR-M-def SR-M-def using TR-imp-negSR by auto

lemma (in AtE-Inst-TS-mereology) SIMU-M-ref : b�(∀ a x . SR-M x ↔ SIMU-Mx x )c unfolding SIMU-M-def SR-M-def using SR-iff-SIMU-refl by auto

72

lemma (in AtE-Inst-TS-mereology) SIMU-M-sym: b�(∀ a x y . SIMU-M x y →SIMU-M y x )c unfolding SIMU-M-def using SIMU-sym by auto

lemma (in AtE-Inst-TS-mereology) SIMU-M-trans: b�(∀ a x y z . SIMU-M x y ∧SIMU-M y z → SIMU-M x z )c unfolding SIMU-M-def using SIMU-trans by(meson ST-def ST-exists)

7.5 Newtonian Spacetime

7.5.1 Lifted axiom of Newtonian ST

lemma (in AtE-Inst-TS-mereology) Newton-TS : N-TS-mereology L =⇒ b�(∀ a x .TS-M x → �S(TS-M x ))c unfolding TS-M-def by (simp add : N-TS-mereology .Newton)

7.5.2 Lifted theorems of Newtonian ST

lemma (in AtE-Inst-TS-mereology) Newton-SR: N-TS-mereology L =⇒ b�(∀ a x .SR-M x → �S(SR-M x ))c unfolding SR-M-def using N-TS-mereology .SR-imp-boxS-SRby auto

lemma (in AtE-Inst-TS-mereology) Newton-TR: N-TS-mereology L =⇒ b�(∀ a x .TR-M x → �S(TR-M x ))c unfolding TR-M-def using N-TS-mereology .TR-imp-boxS-TRby auto

lemma (in AtE-Inst-TS-mereology) Newton-SIMU : N-TS-mereology L =⇒ b�(∀ a

x y . SIMU-M x y → �S(SIMU-M x y))c unfolding SIMU-M-def using N-TS-mereology .SIMU-imp-boxS-SIMUby auto

7.6 Minkowski Spacetime

7.6.1 Lifted axiom of Minkowski ST

lemma (in AtE-Inst-TS-mereology) Minkowski-SIMU : M-TS-mereology L =⇒ b�(∀ a

x y . SIMU-M x y ∧ ¬(Id-a-M x y) → ♦S(¬(SIMU-M x y)))c unfolding SIMU-M-defId-a-M-def using M-TS-mereology .diaS-non-SIMU by (metis r-RS .simps s-RS .simps)

7.7 Inst-TS-mereology

definition Inst-M :: ( ′a, ′b, ′c) M-ternary-b-b-a-predicate whereInst-M x y u L w ≡ InstL x y u w ∧ x ∈ e-carrier L ∧ y ∈ e-carrier L ∧ u ∈

carrier L ∧ (r-RS w) ∈ (r-carrier L) ∧ (s-RS w) ∈ s-carrier L

7.7.1 Lifted axioms of Inst-TS-mereology as theorems

lemma (in AtE-Inst-TS-mereology) Inst-box-assym-M : b�(∀ b x y yy . ∀ a u uu.Inst-M x y u → (¬(♦(Inst-M yy x uu))))c unfolding Inst-M-def by (metis(no-types, lifting) Inst-box-assym-P r-RS .simps s-RS .simps)

73

lemma (in AtE-Inst-TS-mereology) Inst-imp-SR-or-TR-M : b�(∀ b x y . ∀ a u.Inst-M x y u → (SR-M u ∨ TR-M u))c unfolding Inst-M-def SR-M-defTR-M-def using Inst-imp-SR-or-TR by auto

lemma (in AtE-Inst-TS-mereology) Inst-and-SR-imp-box-Inst-and-SR-P-M : b�(∀ b

x y . ∀ a u. Inst-M x y u ∧ SR-M u → (�S (∀ b yy . ∀ a uu. Inst-M x yy uu →SR-M uu)))c unfolding Inst-M-def SR-M-defusing Inst-and-SR-imp-box-Inst-and-SR-P by (metis (no-types, lifting) r-RS .simps

s-RS .simps)

lemma (in AtE-Inst-TS-mereology) Inst-and-SR-imp-box-Inst-and-SR-U-M : b�(∀ b

x y . ∀ a u. Inst-M y x u ∧ SR-M u → (�S (∀ b yy . ∀ a uu. Inst-M yy x uu →SR-M uu)))c unfolding Inst-M-def SR-M-defusing Inst-and-SR-imp-box-Inst-and-SR-U by (metis (no-types, lifting) r-RS .simps

s-RS .simps)

lemma (in AtE-Inst-TS-mereology) Inst-TR-imp-Id-a-M : b�(∀ b x y z . ∀ a u v .Inst-M x y u ∧ Inst-M x z v ∧ TR-M u ∧ TR-M v → Id-a-M u v)c unfoldingInst-M-def TR-M-def Id-a-M-def

using Inst-TR-imp-Id by auto

lemma (in AtE-Inst-TS-mereology) Inst-SR-SIMU-imp-Id-a-M : b�(∀ b x y z . ∀ a

u v . Inst-M x y u ∧ Inst-M x z v ∧ SR-M u ∧ SR-M v ∧ SIMU-M u v → Id-a-Mu v)c unfolding Inst-M-def SR-M-def SIMU-M-def Id-a-M-def

using Inst-SR-SIMU-imp-Id by auto

lemma (in AtE-Inst-TS-mereology) dia-Loc-base-M : b∀ b x . ♦ (∃ a u. ∃ b y . (Inst-Mx y u ∨ Inst-M y x u))cproof (unfold Inst-M-def , safe)

fix γ σ xassume carr : γ ∈ r-carrier L σ ∈ s-carrier L x ∈ e-carrier Lshow ∃ γ ′. γ ′ ∈ r-carrier L ∧

r-RS (RSC γ σ) R γ ′ ∧(∃σ ′. σ ′ ∈ s-carrier L ∧

s-RS (RSC γ ′ (s-RS (RSC γ σ))) S σ ′ ∧(∃ xa. xa ∈ carrier L ∧

(∃ xb. xb ∈ e-carrier L ∧(Inst x xb xa (RSC (r-RS (RSC γ ′ (s-RS (RSC γ

σ)))) σ ′) ∧x ∈ e-carrier L ∧xb ∈ e-carrier L ∧xa ∈ carrier L ∧r-RS (RSC (r-RS (RSC γ ′ (s-RS (RSC γ σ)))) σ ′)

∈ r-carrier L ∧s-RS (RSC (r-RS (RSC γ ′ (s-RS (RSC γ σ)))) σ ′)

∈ s-carrier L ∨Inst xb x xa (RSC (r-RS (RSC γ ′ (s-RS (RSC γ

σ)))) σ ′) ∧

74

xb ∈ e-carrier L ∧x ∈ e-carrier L ∧xa ∈ carrier L ∧r-RS (RSC (r-RS (RSC γ ′ (s-RS (RSC γ σ)))) σ ′)

∈ r-carrier L ∧s-RS (RSC (r-RS (RSC γ ′ (s-RS (RSC γ σ)))) σ ′)

∈ s-carrier L))))proof(simp add :r-RS .simps s-RS .simps)

show ∃ γ ′. γ ′ ∈ r-carrier L ∧γ R γ ′ ∧(∃σ ′. σ ′ ∈ s-carrier L ∧

σ S σ ′ ∧(∃ xa. xa ∈ carrier L ∧

(∃ xb. xb ∈ e-carrier L ∧(Inst x xb xa (RSC γ ′ σ ′) ∧x ∈ e-carrier L ∧ xb ∈ e-carrier L ∧ xa ∈ carrier L ∧ γ ′ ∈

r-carrier L ∧ σ ′ ∈ s-carrier L ∨Inst xb x xa (RSC γ ′ σ ′) ∧xb ∈ e-carrier L ∧ x ∈ e-carrier L ∧ xa ∈ carrier L ∧ γ ′ ∈

r-carrier L ∧ σ ′ ∈ s-carrier L))))proof−from carr have (∃ ii jj . ii ∈ r-carrier L ∧ jj ∈ s-carrier L ∧ γ RL ii ∧ σ

SL jj ∧ (∃ u y . u ∈ carrier L ∧y ∈ e-carrier L ∧ ((InstL x y u (RSC ii jj )) ∨ (InstL y x u (RSC

ii jj ))))) using dia-Loc-base-MM by autofrom this obtain γ ′ σ ′ where l1 : γ ′ ∈ r-carrier L ∧ σ ′ ∈ s-carrier L ∧ γ

RL γ ′ ∧ σ SL σ ′ ∧ (∃ u y . u ∈ carrier L ∧y ∈ e-carrier L ∧ ((InstL x y u (RSC γ ′ σ ′)) ∨ (InstL y x u (RSC

γ ′ σ ′)))) by autofrom carr l1 show ∃ γ ′. γ ′ ∈ r-carrier L ∧γ R γ ′ ∧(∃σ ′. σ ′ ∈ s-carrier L ∧

σ S σ ′ ∧(∃ xa. xa ∈ carrier L ∧

(∃ xb. xb ∈ e-carrier L ∧(Inst x xb xa (RSC γ ′ σ ′) ∧x ∈ e-carrier L ∧ xb ∈ e-carrier L ∧ xa ∈ carrier L ∧ γ ′ ∈

r-carrier L ∧ σ ′ ∈ s-carrier L ∨Inst xb x xa (RSC γ ′ σ ′) ∧xb ∈ e-carrier L ∧ x ∈ e-carrier L ∧ xa ∈ carrier L ∧ γ ′ ∈

r-carrier L ∧ σ ′ ∈ s-carrier L)))) by blastqed

qedqed

7.7.2 Definitions of Inst-TS-mereology

definition Loc-M :: ( ′a, ′b, ′c) M-bin-b-a-predicate whereLoc-M x u L w ≡ (LocL x u w) ∧ x ∈ e-carrier L ∧ u ∈ carrier L ∧ (r-RS w)

75

∈ (r-carrier L) ∧ (s-RS w) ∈ s-carrier L

definition Uni-M :: ( ′a, ′b, ′c) M-unary-b-predicate whereUni-M x L w ≡ (UniL x w) ∧ x ∈ e-carrier L ∧ (r-RS w) ∈ (r-carrier L) ∧


definition Part-M :: ( ′a, ′b, ′c) M-unary-b-predicate wherePart-M x L w ≡ (PartL x w) ∧ x ∈ e-carrier L ∧ (r-RS w) ∈ (r-carrier L) ∧


definition PE-M :: ( ′a, ′b, ′c) M-unary-b-predicate wherePE-M x L w ≡ (PEL x w) ∧ x ∈ e-carrier L ∧ (r-RS w) ∈ (r-carrier L) ∧


definition E-M :: ( ′a, ′b, ′c) M-bin-b-a-predicate whereE-M x u L w ≡ (EL x u w) ∧ x ∈ e-carrier L ∧ u ∈ carrier L ∧ (r-RS w) ∈

(r-carrier L) ∧ (s-RS w) ∈ s-carrier L

definition Occ-M :: ( ′a, ′b, ′c) M-unary-b-predicate whereOcc-M x L w ≡ (OccL x w) ∧ x ∈ e-carrier L ∧ (r-RS w) ∈ (r-carrier L) ∧


definition Cont-M :: ( ′a, ′b, ′c) M-unary-b-predicate whereCont-M x L w ≡ (ContL x w) ∧ x ∈ e-carrier L ∧ (r-RS w) ∈ (r-carrier L) ∧


definition WLOF-M :: ( ′a, ′b, ′c) M-bin-b-a-predicate whereWLOF-M x u L w ≡ (WLOFL u x w) ∧ x ∈ e-carrier L ∧ u ∈ carrier L ∧

(r-RS w) ∈ (r-carrier L) ∧ (s-RS w) ∈ s-carrier L

7.7.3 Recover the standard definitions

lemma (in AtE-Inst-TS-mereology) recover-Loc-M-def : b�(∀ a u. ∀ b x . Loc-M x u↔ (∃ b y . Inst-M x y u ∨ Inst-M y x u))c unfolding Loc-M-def Inst-M-def Loc-defby auto

lemma (in AtE-Inst-TS-mereology) recover-Part-M-def : b�(∀ b x . Part-M x ↔(∃ b y . ∃ a u. Inst-M x y u))c unfolding Part-M-def Inst-M-def Part-def by auto

lemma (in AtE-Inst-TS-mereology) recover-Uni-M-def : b�(∀ b x . Uni-M x ↔ (∃ b

y . ∃ a u. Inst-M y x u))c unfolding Uni-M-def Inst-M-def Uni-def by auto

lemma (in AtE-Inst-TS-mereology) recover-PE-M-def : b�(∀ b x . PE-M x ↔ (∃ a

u v . Loc-M x u ∧ Loc-M x v ∧ ¬(SIMU-M u v)))c unfolding PE-M-def Loc-M-defSIMU-M-def PE-def by auto

lemma (in AtE-Inst-TS-mereology) recover-E-M-def : b�(∀ a t . ∀ b x . E-M x t↔ (TS-M t ∧ (∃ a u. Loc-M x u ∧ O-M u t)))c unfolding E-M-def Loc-M-defTS-M-def O-M-def E-def by auto

76

lemma (in AtE-Inst-TS-mereology) recover-Cont-M-def : b�(∀ b x . Cont-M x ↔PE-M x ∧ (∃ a u. Loc-M x u ∧ SR-M u))c unfolding Cont-M-def PE-M-defLoc-M-def SR-M-def Cont-def by auto

lemma (in AtE-Inst-TS-mereology) recover-Occ-M-def : b�(∀ b x . Occ-M x ↔ (∃ a

u. Loc-M x u ∧ TR-M u))c unfolding Occ-M-def PE-M-def Loc-M-def TR-M-defOcc-def by auto

7.7.4 Lifted theorems of Inst-TS-mereology

lemma (in AtE-Inst-TS-mereology) Loc-and-SR-imp-boxS-Loc-and-SR-M : b�(∀ a

u. ∀ b x . Loc-M x u ∧ SR-M u → (�S(∀ a v . Loc-M x v → SR-M v)))c un-folding Loc-M-def SR-M-def using Loc-and-SR-imp-boxS-Loc-and-SR by (metis(no-types, lifting) r-RS .simps s-RS .simps)

lemma (in AtE-Inst-TS-mereology) Loc-and-TR-imp-boxS-Loc-and-TR-M : b�(∀ a

u. ∀ b x . Loc-M x u ∧ TR-M u → (�S(∀ a v . Loc-M x v → TR-M v)))c un-folding Loc-M-def TR-M-def using Loc-and-TR-imp-boxS-Loc-and-TR by (metis(no-types, lifting) r-RS .simps s-RS .simps)

lemma (in AtE-Inst-TS-mereology) boxS-Loc-imp-SR-OR-boxS-Loc-imp-TR-M : b�(∀ a

u. ∀ b x . �S(Loc-M x u → SR-M u) ∨ �S(Loc-M x u → TR-M u))c unfoldingLoc-M-def TR-M-def SR-M-def using boxS-Loc-imp-SR-OR-boxS-Loc-imp-TR by(metis (no-types, lifting) r-RS .simps s-RS .simps)

lemma (in AtE-Inst-TS-mereology) Part-imp-boxPart-M : b�(∀ a u. ∀ b x . Part-Mx → (�(Loc-M x u → Part-M x )))c unfolding Loc-M-def Part-M-def usingPart-imp-boxPart by simp

lemma (in AtE-Inst-TS-mereology) Uni-imp-boxCont-M : b�(∀ a u. ∀ b x . Uni-M x→ (�(Loc-M x u → Uni-M x )))c unfolding Loc-M-def Uni-M-def using Uni-imp-boxUniby simp

lemma (in AtE-Inst-TS-mereology) Cont-imp-boxSCont-M : b�(∀ b x . Cont-M x→ (�S(PE-M x → Cont-M x )))c unfolding PE-M-def Cont-M-def using Cont-imp-boxS-Contby auto

lemma (in AtE-Inst-TS-mereology) Occ-imp-boxSOcc-M : b�(∀ b x . Occ-M x →(�S(PE-M x → Occ-M x )))c unfolding PE-M-def Occ-M-def using Occ-imp-boxS-Occby auto

lemma (in AtE-Inst-TS-mereology) Occ-imp-PE-M : b�(∀ b x . Occ-M x → PE-Mx )c unfolding PE-M-def Occ-M-def using Occ-imp-PE by (metis (no-types, lift-ing) r-RS .simps s-RS .simps)

lemma (in AtE-Inst-TS-mereology) dia-E-M : b�(∀ b x . (♦(∃ a t . E-M x t)))c un-folding E-M-def using dia-E by (metis (no-types, lifting) r-RS .simps s-RS .simps)

77

lemma (in AtE-Inst-TS-mereology) Cont-imp-negOcc-M : b�(∀ b x . Cont-M x →¬(Occ-M x ))c unfolding Cont-M-def Occ-M-def using Cont-imp-negOcc by(metis (no-types, lifting) r-RS .simps s-RS .simps)

lemma (in AtE-Inst-TS-mereology) Cont-and-Loc-imp-SR-M : b�(∀ a u. ∀ b x .Cont-M x ∧ Loc-M x u → SR-M u)c unfolding Cont-M-def Loc-M-def SR-M-defusing Cont-and-Loc-imp-SR by (metis (no-types, lifting) r-RS .simps s-RS .simps)

lemma (in AtE-Inst-TS-mereology) Occ-and-Loc-imp-TR-M : b�(∀ a u. ∀ b x . Occ-Mx ∧ Loc-M x u → TR-M u)c unfolding Occ-M-def Loc-M-def TR-M-def usingOcc-and-Loc-imp-TR by (metis (no-types, lifting) r-RS .simps s-RS .simps)

lemma (in AtE-Inst-TS-mereology) Cont-and-Part-and-Loc-and-SIMU-imp-Id-a-M :b�(∀ a u v . ∀ b x . Cont-M x ∧ Part-M x ∧ Loc-M x u ∧ Loc-M x v ∧ SIMU-Mu v → Id-a-M u v)c unfolding Cont-M-def Part-M-def Loc-M-def SIMU-M-defId-a-M-def using Cont-and-Part-and-Loc-and-SIMU-imp-Id by auto

lemma (in AtE-Inst-TS-mereology) Occ-and-Part-and-Loc-imp-Id-a-M : b�(∀ a uv . ∀ b x . Occ-M x ∧ Part-M x ∧ Loc-M x u ∧ Loc-M x v → Id-a-M u v)c unfoldingOcc-M-def Part-M-def Loc-M-def Id-a-M-def using Occ-and-Part-and-Loc-imp-Idby auto

7.7.5 Lifted axiom for worldlines

lemma (in AtE-Inst-TS-mereology) PE-imp-WLOF-M : b�(∀ b x . PE-M x → (∃ a

u. WLOF-M x u))c unfolding PE-M-def WLOF-M-defusing PE-imp-WLOF by fastforce

7.8 Mereology of particulars

7.8.1 Definitions

definition PCont-M :: ( ′a, ′b, ′c) M-ternary-b-b-a-predicate wherePCont-M x y t L w ≡ PContL x y t w ∧ x ∈ e-carrier L ∧ y ∈ e-carrier L ∧ t∈ carrier L ∧ (r-RS w) ∈ (r-carrier L) ∧ (s-RS w) ∈ s-carrier L

definition POcc-M :: ( ′a, ′b, ′c) M-bin-b-b-predicate wherePOcc-M x y L w ≡ POccL x y w ∧ x ∈ e-carrier L ∧ y ∈ e-carrier L ∧ (r-RS

w) ∈ (r-carrier L) ∧ (s-RS w) ∈ s-carrier L

7.8.2 Recover standard definitions

lemma (in AtE-Inst-TS-mereology) recover-PCont-M-def : b�(∀ a t . (∀ b x y . (PCont-Mx y t) ↔ (Cont-M x ∧ Cont-M y ∧ TS-M t ∧ (∃ b z zz . (∃ a u v . Inst-M x z u ∧Inst-M y zz v ∧ P-M u v ∧ P-M v t)))))c

unfolding Cont-M-def PCont-M-def Inst-M-def TS-M-def P-M-def PCont-defby auto

lemma (in AtE-Inst-TS-mereology) recover-POcc-M-def : b�(∀ b x y . (POcc-M xy) ↔ (∃ b z zz . (∃ a u v . Inst-M x z u ∧ Inst-M y zz v ∧ P-M u v ∧ TR-M u ∧

78

TR-M v)))cunfolding POcc-M-def Inst-M-def TR-M-def P-M-def POcc-def by auto

7.8.3 Lifted theorems for PCon and POcc

lemma (in AtE-Inst-TS-mereology) Part-and-Cont-imp-E-iff-PCont-ref-M : b�(∀ b

x . ∀ a t . Part-M x ∧ Cont-M x → (E-M x t ↔ PCont-M x x t))cunfolding Part-M-def E-M-def Cont-M-def PCont-M-def using Part-and-Cont-imp-E-iff-PCont-ref

by fastforce

lemma (in AtE-Inst-TS-mereology) PCont-trans-M : b�(∀ b x y z . ∀ a t . PCont-Mx y t ∧ PCont-M y z t → PCont-M x z t)c

unfolding PCont-M-def using PCont-trans by (metis (no-types, lifting)r-RS .simps)

lemma (in AtE-Inst-TS-mereology) Part-imp-POcc-ref-iff-Occ-M : b�(∀ b x . Part-Mx → (Occ-M x ↔ POcc-M x x ))cunfolding Part-M-def Occ-M-def POcc-M-def using Part-imp-POcc-ref-iff-Occ

by simp

lemma (in AtE-Inst-TS-mereology) POcc-trans-M : b�(∀ b x y z . POcc-M x y ∧POcc-M y z → POcc-M x z )cunfolding POcc-M-def using POcc-trans by (metis (no-types, lifting) r-RS .simps)

7.9 Atomic entities – AtE-Inst-TS-mereology

7.9.1 Primitive as definition

definition AtE-M :: ( ′a, ′b, ′c) M-unary-b-predicate whereAtE-M x L w ≡ AtEL x w ∧ x ∈ e-carrier L ∧ (r-RS w ∈ r-carrier L) ∧ (s-RS

w ∈ s-carrier L)

7.9.2 Lifted axioms of AtE-Inst-TS-mereology as theorems

lemma (in AtE-Inst-TS-mereology) AtE-exist-M : b�(∃ b x . AtE-M x )c unfoldingAtE-M-def using AtE-exist by auto

lemma (in AtE-Inst-TS-mereology) AtE-set-finite-M :[[i ∈ r-carrier L; j ∈ s-carrier L]] =⇒ b�(finite-B-M { x . x ∈ e-carrier L ∧ AtEL

x (RSC i j )} )cunfolding AtE-M-def finite-B-M-def using AtE-set-finite by blast

lemma (in AtE-Inst-TS-mereology) AtE-imp-box-AtE-M : b�(∀ b x . AtE-M x →�(AtE-M x ))c unfolding AtE-M-def using AtE-imp-box-AtE by auto

lemma (in AtE-Inst-TS-mereology) AtE-imp-box-Inst-M : b�(∀ b x . AtE-M x →�(∃ b y . ∃ a u. Inst-M x y u))c unfolding AtE-M-def Inst-M-def usingAtE-imp-box-Inst by fastforce

79

lemma (in AtE-Inst-TS-mereology) AtE-imp-TS-imp-Inst-and-PP-M : b�(∀ b x .AtE-M x → ♦S(∀ a t . TS-M t → (∃ b y . ∃ a u. Inst-M x y u ∧ PP-M u t)))c un-folding AtE-M-def Inst-M-def TS-M-def PP-M-def using AtE-imp-TS-imp-Inst-and-PPby (metis (no-types, lifting) r-RS .simps s-RS .simps)

lemma (in AtE-Inst-TS-mereology) AtE-and-Inst-imp-exists-TS-P-M : b�(∀ b x y .∀ a u. AtE-M x ∧ Inst-M x y u → (∃ a t . TS-M t ∧ P-M u t))c unfoldingAtE-M-def Inst-M-def TS-M-def P-M-def using AtE-and-Inst-imp-exists-TS-P by(metis (no-types, lifting) r-RS .simps s-RS .simps)

lemma (in AtE-Inst-TS-mereology) AtE-imp-boxS-Inst-and-Inst-and-negSIMU-M :b�(∀ b x . AtE-M x → �S(∃ b y z . ∃ a u v . Inst-M x y u ∧ Inst-M x z v ∧¬(SIMU-M u v)))c unfolding AtE-M-def Inst-M-def SIMU-M-def using AtE-imp-boxS-Inst-and-Inst-and-negSIMUby (metis (no-types, lifting) r-RS .simps s-RS .simps)

lemma (in AtE-Inst-TS-mereology) AtE-and-AtE-and-Inst-and-Inst-imp-P-and-Id-M :b�(∀ b x1 y1 x2 y2 . (∀ a u1 u2 . AtE-M x1 ∧ AtE-M x2 ∧ Inst-M x1 y1 u1 ∧ Inst-Mx2 y2 u2 ∧ P-M u2 u1 → Id-b-M x1 x2 ))c unfolding AtE-M-def Inst-M-defP-M-def Id-b-M-def using AtE-and-AtE-and-Inst-and-Inst-and-P-imp-Id by (metis(no-types, lifting) r-RS .simps s-RS .simps)

7.9.3 Lifted theorems of AtE-Inst-TS-mereology

lemma (in AtE-Inst-TS-mereology) AtE-and-L-imp-SR-M : b�(∀ b x . (∀ a u. AtE-Mx ∧ Loc-M x u → SR-M u))c unfolding AtE-M-def SR-M-def Loc-M-def usingAtE-and-L-imp-SR by (metis (no-types, lifting) r-RS .simps s-RS .simps)

lemma (in AtE-Inst-TS-mereology) AtE-imp-boxL-M : b�(∀ b x . AtE-M x → �(∃ a

u. Loc-M x u))c unfolding AtE-M-def Loc-M-def using AtE-imp-boxL by(metis (no-types, lifting) r-RS .simps s-RS .simps)

lemma (in AtE-Inst-TS-mereology) AtE-imp-exists-TS-E-M : b�(∀ b x . AtE-M x→ ♦S(∀ a t . TS-M t → E-M x t))c unfolding AtE-M-def TS-M-def E-M-defusing AtE-imp-exists-TS-E by (metis (no-types, lifting) r-RS .simps s-RS .simps)

lemma (in AtE-Inst-TS-mereology) AtE-imp-boxPart-M : b�(∀ b x . AtE-M x →�(Part-M x ))c unfolding AtE-M-def Part-M-def using AtE-imp-boxPart by(metis (no-types, lifting) r-RS .simps s-RS .simps)

lemma (in AtE-Inst-TS-mereology) AtE-imp-boxS-PE-M : b�(∀ b x . AtE-M x →�S(PE-M x ))c unfolding AtE-M-def PE-M-def using AtE-imp-boxS-PE by(metis (no-types, lifting) r-RS .simps s-RS .simps)

lemma (in AtE-Inst-TS-mereology) AtE-imp-box-L-imp-SR-M : b�(∀ b x . AtE-Mx → �(∀ a u. Loc-M x u → SR-M u))c unfolding AtE-M-def Loc-M-defSR-M-def using AtE-imp-box-L-imp-SR by (metis (no-types, lifting) r-RS .simpss-RS .simps)

lemma (in AtE-Inst-TS-mereology) AtE-imp-boxS-Cont-M : b�(∀ b x . AtE-M x →

80

�S(Cont-M x ))c unfolding AtE-M-def Cont-M-def using AtE-imp-boxS-Contby (metis (no-types, lifting) r-RS .simps s-RS .simps)

lemma (in AtE-Inst-TS-mereology) AtE-and-AtE-and-PCont-or-PCont-imp-Id-M :b�(∀ b x y . ∀ a t . AtE-M x ∧ AtE-M y ∧ (PCont-M x y t ∨ PCont-M y xt) → (Id-b-M x y))c unfolding AtE-M-def PCont-M-def Id-b-M-def usingAtE-and-AtE-and-PCont-or-PCont-imp-Id by (metis (no-types, lifting) r-RS .simpss-RS .simps)

endtheory ST-model-base imports S5-2D-base

begin

declare [[ smt-timeout = 240 ]]

8 The model

8.1 Regions of spacetime

datatype Xcoord = ZeroX | OneXdatatype Tcoord = ZeroT | OneT | TwoT

datatype CoordT = CoordC Xcoord Tcoord

primrec x-coord :: CoordT ⇒ Xcoord wherex-coord (CoordC x -) = x

primrec t-coord :: CoordT ⇒ Tcoord wheret-coord (CoordC - t) = t

type-synonym Reg = CoordT set

abbreviation c-00 :: CoordT wherec-00 ≡ CoordC ZeroX ZeroT

abbreviation c-10 :: CoordT wherec-10 ≡ CoordC OneX ZeroT

abbreviation c-01 :: CoordT wherec-01 ≡ CoordC ZeroX OneT

81

abbreviation c-11 :: CoordT wherec-11 ≡ CoordC OneX OneT

abbreviation c-02 :: CoordT wherec-02 ≡ CoordC ZeroX TwoT

abbreviation c-12 :: CoordT wherec-12 ≡ CoordC OneX TwoT

abbreviation A-00 :: Reg whereA-00 ≡ {c-00}

lemma finite-A-00 : finite A-00 by auto











abbreviation top-of-m-set :: Regwhere top-of-m-set ≡ {c-00 ,c-01 ,c-02 ,c-10 ,c-11 ,c-12}

lemma finite-top-of-m-set : finite top-of-m-set by auto

abbreviation m-set :: Reg setwhere m-set ≡ {x . x ⊆ top-of-m-set ∧ x 6= {}}

lemma finite-m-set : finite m-set by auto

82

lemma A-00-in-m-set : A-00 ∈ m-set by simplemma A-10-in-m-set : A-10 ∈ m-set by simplemma A-01-in-m-set : A-01 ∈ m-set by simplemma A-11-in-m-set : A-11 ∈ m-set by simplemma A-02-in-m-set : A-02 ∈ m-set by simplemma A-12-in-m-set : A-12 ∈ m-set by simp

8.2 Time slices

abbreviation ts0 :: Reg where ts0 ≡ {c-00 ,c-10}lemma finite-ts0 : finite ts0 by auto



abbreviation ts0-M :: Reg where ts0-M ≡ {c-10}lemma finite-ts0-M : finite ts0-M by auto

abbreviation ts1-M :: Reg where ts1-M ≡ {c-00 ,c-11}lemma finite-ts1-M : finite ts1-M by auto

abbreviation ts2-M :: Reg where ts2-M ≡ {c-01 ,c-12}lemma finite-ts2-M : finite ts2-M by auto

abbreviation ts3-M :: Reg where ts3-M ≡ {c-02}lemma finite-ts3-M : finite ts3-M by auto

abbreviation isTS-N :: Reg ⇒ Reg RS ⇒ boolwhere isTS-N t - ≡ (t = ts0 ) ∨ (t = ts1 ) ∨ (t = ts2 )

abbreviation ts-set-N-0 :: Reg set wherets-set-N-0 ≡ {ts0 ,ts1 ,ts2}

lemma finite-ts-set-N-0 : finite ts-set-N-0 by auto

abbreviation ts-set-N :: Reg set set wherets-set-N ≡ {ts-set-N-0}

lemma finite-ts-set-N : finite ts-set-N by auto

abbreviation SR-set-N :: Reg set whereSR-set-N ≡ {A-00 , A-01 , A-02 , A-10 , A-11 , A-12 , ts0 , ts1 , ts2}

abbreviation SR-set-M-0 :: Reg set whereSR-set-M-0 ≡ {A-00 , A-01 , A-02 , A-10 , A-11 , A-12 , ts0 , ts1 , ts2}

83

lemma finite-SR-set-M-0 : finite SR-set-M-0 by auto

abbreviation SR-set-M-1 :: Reg set whereSR-set-M-1 ≡ {A-00 , A-01 , A-02 , A-10 , A-11 , A-12 , ts1-M , ts2-M }

lemma finite-SR-set-M-1 : finite SR-set-M-1 by auto

abbreviation m-set-atoms :: Reg set wherem-set-atoms ≡ {A-00 , A-01 , A-02 , A-10 , A-11 , A-12}

lemma finite-m-set-atoms: finite m-set-atoms by auto

lemma A-10 = ts0-M by simplemma A-02 = ts3-M by simp

abbreviation ts-set-M-0 :: Reg set wherets-set-M-0 ≡ {ts0 ,ts1 ,ts2}

lemma finite-ts-set-M-0 : finite ts-set-M-0 by auto

abbreviation ts-set-M-1 :: Reg set wherets-set-M-1 ≡ {ts0-M ,ts1-M ,ts2-M ,ts3-M }

lemma finite-ts-set-M-1 : finite ts-set-M-1 by auto

lemma SR-set-M-0-impl-ts-set-M-0 : x ∈ SR-set-M-0 =⇒ ∃ ts. ts ∈ ts-set-M-0 ∧x ⊆ ts by blastlemma SR-set-M-1-impl-ts-set-M-1 : x ∈ SR-set-M-1 =⇒ ∃ ts. ts ∈ ts-set-M-1 ∧x ⊆ ts by blast

abbreviation isTS-M :: Reg ⇒ Reg RS ⇒ boolwhere isTS-M t w ≡ t ∈ s-RS w ∧ ((s-RS w = ts-set-M-0 ) ∨ (s-RS w =

ts-set-M-1 ))

abbreviation ts-set-M :: Reg set set wherets-set-M ≡ {ts-set-M-0 ,ts-set-M-1}

lemma finite-ts-set-M : finite ts-set-M by auto

lemma SR-set-M-0-imp-ts-set-M-0 :fixes u iassumes u: u ∈ m-set u ∈ SR-set-M-0shows (∃ t . t ∈ m-set ∧ isTS-M t (RSC i ts-set-M-0 ) ∧ u ⊆ t)

proof−from u have uu: u 6= {} ∧ (u ⊆ ts0 ∨ u ⊆ ts1 ∨ u ⊆ ts2 ) by autohave uu0 : u 6= {} ∧ u ⊆ ts0 =⇒ (∃ t . t ∈ m-set ∧ isTS-M t (RSC i ts-set-M-0 )∧ u ⊆ t)

proof−assume a: u 6= {} ∧ u ⊆ ts0

84

show (∃ t . t ∈ m-set ∧ isTS-M t (RSC i ts-set-M-0 ) ∧ u ⊆ t)proof (rule exI [of λt . t ∈ m-set ∧ isTS-M t (RSC i ts-set-M-0 ) ∧ u ⊆ t ts0 ])

from a show ts0 ∈ m-set ∧ isTS-M ts0 (RSC i ts-set-M-0 ) ∧ u ⊆ ts0 byauto

qedqedhave uu1 : u 6= {} ∧ u ⊆ ts1 =⇒ (∃ t . t ∈ m-set ∧ isTS-M t (RSC i ts-set-M-0 )∧ u ⊆ t)

proof−assume a: u 6= {} ∧ u ⊆ ts1show (∃ t . t ∈ m-set ∧ isTS-M t (RSC i ts-set-M-0 ) ∧ u ⊆ t)proof (rule exI [of λt . t ∈ m-set ∧ isTS-M t (RSC i ts-set-M-0 ) ∧ u ⊆ t ts1 ])


qedqedhave uu2 : u 6= {} ∧ u ⊆ ts2 =⇒ (∃ t . t ∈ m-set ∧ isTS-M t (RSC i ts-set-M-0 )∧ u ⊆ t)

proof−assume a: u 6= {} ∧ u ⊆ ts2show (∃ t . t ∈ m-set ∧ isTS-M t (RSC i ts-set-M-0 ) ∧ u ⊆ t)proof (rule exI [of λt . t ∈ m-set ∧ isTS-M t (RSC i ts-set-M-0 ) ∧ u ⊆ t ts2 ])


qedqedfrom uu uu0 uu1 uu2 show (∃ t . t ∈ m-set ∧ isTS-M t (RSC i ts-set-M-0 ) ∧ u⊆ t) by forceqed

lemma ts-set-M-0-imp-SR-set-M-0 :fixes u iassumes a1 : u ∈ m-setassumes a2 : (∃ t . t ∈ m-set ∧ isTS-M t (RSC i ts-set-M-0 ) ∧ u ⊆ t)shows u ∈ SR-set-M-0

proof −from assms have uu: u 6= {} ∧ (u ⊆ ts0 ∨ u ⊆ ts1 ∨ u ⊆ ts2 ) by (metis

(mono-tags, lifting) insertE mem-Collect-eq s-RS .simps singletonD)have uu0 : u 6= {} ∧ u ⊆ ts0 =⇒ u ∈ SR-set-M-0proof−

assume a: u 6= {} ∧ u ⊆ ts0show u ∈ SR-set-M-0proof−

from a have u = A-00 ∨ u = A-10 ∨ u = ts0 by autofrom this show u ∈ SR-set-M-0 by force

qedqedhave uu1 : u 6= {} ∧ u ⊆ ts1 =⇒ u ∈ SR-set-M-0

85

proof−assume a: u 6= {} ∧ u ⊆ ts1show u ∈ SR-set-M-0proof−


qedqedhave uu2 : u 6= {} ∧ u ⊆ ts2 =⇒ u ∈ SR-set-M-0proof−

assume a: u 6= {} ∧ u ⊆ ts2show u ∈ SR-set-M-0proof−


qedqedfrom uu uu0 uu1 uu2 show u ∈ SR-set-M-0 by meson

qed

lemma SR-set-M-0-iff-ts-set-M-0 : u ∈ m-set =⇒ (u ∈ SR-set-M-0 = (∃ t . t ∈m-set ∧ isTS-M t (RSC i ts-set-M-0 ) ∧ u ⊆ t))

using SR-set-M-0-imp-ts-set-M-0 ts-set-M-0-imp-SR-set-M-0 by meson

lemma ts-set-M-1-imp-SR-set-M-1 :assumes a1 : u ∈ m-setassumes a2 : (∃ t . t ∈ m-set ∧ isTS-M t (RSC i ts-set-M-1 ) ∧ u ⊆ t)shows u ∈ SR-set-M-1

proof −from assms have uu: u 6= {} ∧ (u ⊆ ts0-M ∨ u ⊆ ts1-M ∨ u ⊆ ts2-M ∨

u ⊆ ts3-M ) by (metis (mono-tags, lifting) insertE mem-Collect-eq s-RS .simpssingletonD)

have uu0 : u 6= {} ∧ u ⊆ ts0-M =⇒ u ∈ SR-set-M-1proof−

assume a: u 6= {} ∧ u ⊆ ts0-Mshow u ∈ SR-set-M-1proof−

from a have u = ts0-M by autofrom this show u ∈ SR-set-M-1 by force

qedqedhave uu1 : u 6= {} ∧ u ⊆ ts1-M =⇒ u ∈ SR-set-M-1proof−


from a have u = A-00 ∨ u = A-11 ∨ u = ts1-M by autofrom this show u ∈ SR-set-M-1 by force

86



from a have u = A-01 ∨ u = A-12 ∨ u = ts2-M by autofrom this show u ∈ SR-set-M-1 by force



from a have u = ts3-M by autofrom this show u ∈ SR-set-M-1 by force

qedqedfrom uu uu0 uu1 uu2 uu3 show u ∈ SR-set-M-1 by meson

qed

lemma SR-set-M-1-imp-ts-set-M-1 :fixes u iassumes u: u ∈ m-set u ∈ SR-set-M-1shows (∃ t . t ∈ m-set ∧ isTS-M t (RSC i ts-set-M-1 ) ∧ u ⊆ t)

proof−from u have uu: u 6= {} ∧ (u ⊆ ts0-M ∨ u ⊆ ts1-M ∨ u ⊆ ts2-M ∨ u ⊆ ts3-M )

by autohave uu0 : u 6= {} ∧ u ⊆ ts0-M =⇒ (∃ t . t ∈ m-set ∧ isTS-M t (RSC i

ts-set-M-1 ) ∧ u ⊆ t)proof−

assume a: u 6= {} ∧ u ⊆ ts0-Mshow (∃ t . t ∈ m-set ∧ isTS-M t (RSC i ts-set-M-1 ) ∧ u ⊆ t)proof (rule exI [of λt . t ∈ m-set ∧ isTS-M t (RSC i ts-set-M-1 ) ∧ u ⊆ t

ts0-M ])from a show ts0-M ∈ m-set ∧ isTS-M ts0-M (RSC i ts-set-M-1 ) ∧ u ⊆

ts0-M by autoqed

qedhave uu1 : u 6= {} ∧ u ⊆ ts1-M =⇒ (∃ t . t ∈ m-set ∧ isTS-M t (RSC i




87

ts1-M by autoqed





ts2-M by autoqed





ts3-M by autoqed

qedfrom uu uu0 uu1 uu2 uu3 show (∃ t . t ∈ m-set ∧ isTS-M t (RSC i ts-set-M-1 )∧ u ⊆ t) by forceqed

lemma SR-set-M-1-iff-ts-set-M-1 : u ∈ m-set =⇒ (u ∈ SR-set-M-1 = (∃ t . t ∈m-set ∧ isTS-M t (RSC i ts-set-M-1 ) ∧ u ⊆ t))

using SR-set-M-1-imp-ts-set-M-1 ts-set-M-1-imp-SR-set-M-1 by meson

lemma Sum-of-ts-set-N-0 :⋃

ts-set-N-0 = top-of-m-set by force

lemma ts0-in-m-set : ts0 ∈ m-set by simplemma ts1-in-m-set : ts1 ∈ m-set by simplemma ts2-in-m-set : ts2 ∈ m-set by simp

lemma Sum-of-ts-set-M-0 :⋃

ts-set-M-0 = top-of-m-set by forcelemma Sum-of-ts-set-M-1 :

⋃ts-set-M-1 = top-of-m-set by force

lemma ts0-M-in-m-set : ts0-M ∈ m-set by simplemma ts1-M-in-m-set : ts1-M ∈ m-set by simplemma ts2-M-in-m-set : ts2-M ∈ m-set by simplemma ts3-M-in-m-set : ts3-M ∈ m-set by simp

88

lemma A00-A10-partition-ts0 : ts0 =⋃{A-00 ,A-10} ∧ ¬(∃ z . z ∈ top-of-m-set ∧

z ∈ A-00 ∧ z ∈ A-10 ) by blast


z ∈ A-01 ∧ z ∈ A-11 ) by blast


z ∈ A-02 ∧ z ∈ A-12 ) by blast

lemma A00-A11-partition-ts1-M : ts1-M =⋃{A-00 ,A-11} ∧ ¬(∃ z . z ∈ top-of-m-set

∧ z ∈ A-00 ∧ z ∈ A-11 ) by blast

lemma A01-A12-partition-ts2-M : ts2-M =⋃{A-01 ,A-12} ∧ ¬(∃ z . z ∈ top-of-m-set

∧ z ∈ A-01 ∧ z ∈ A-12 ) by blast

lemma negO-ts0-ts1 : ¬ (∃ z . z ∈ top-of-m-set ∧ z ∈ ts0 ∧ z ∈ ts1 ) by blastlemma negO-ts0-ts2 : ¬ (∃ z . z ∈ top-of-m-set ∧ z ∈ ts0 ∧ z ∈ ts2 ) by blastlemma negO-ts1-ts2 : ¬ (∃ z . z ∈ top-of-m-set ∧ z ∈ ts1 ∧ z ∈ ts2 ) by blastlemma neg-O-ts0-ts1 : ¬ (∃ z . z ∈ m-set ∧ z ⊆ ts0 ∧ z ⊆ ts1 ) using negO-ts0-ts1by blastlemma neg-O-ts0-ts2 : ¬ (∃ z . z ∈ m-set ∧ z ⊆ ts0 ∧ z ⊆ ts2 ) using negO-ts0-ts2by blastlemma neg-O-ts1-ts2 : ¬ (∃ z . z ∈ m-set ∧ z ⊆ ts1 ∧ z ⊆ ts2 ) using negO-ts1-ts2by blast

lemma negO-ts0-M-ts1-M : ¬ (∃ z . z ∈ top-of-m-set ∧ z ∈ ts0-M ∧ z ∈ ts1-M )using A00-A10-partition-ts0 negO-ts0-ts1 by forcelemma negO-ts0-M-ts2-M : ¬ (∃ z . z ∈ top-of-m-set ∧ z ∈ ts0-M ∧ z ∈ ts2-M )using negO-ts0-ts1 negO-ts0-ts2 by autolemma negO-ts0-M-ts3-M : ¬ (∃ z . z ∈ top-of-m-set ∧ z ∈ ts0-M ∧ z ∈ ts3-M )using A00-A10-partition-ts0 by blastlemma negO-ts1-M-ts2-M : ¬ (∃ z . z ∈ top-of-m-set ∧ z ∈ ts1-M ∧ z ∈ ts2-M )by (metis A01-A11-partition-ts1 insert-iff negO-ts0-ts1 negO-ts0-ts2 negO-ts1-ts2 )lemma negO-ts1-M-ts3-M : ¬ (∃ z . z ∈ top-of-m-set ∧ z ∈ ts1-M ∧ z ∈ ts3-M )using negO-ts0-ts2 negO-ts1-ts2 by autolemma negO-ts2-M-ts3-M : ¬ (∃ z . z ∈ top-of-m-set ∧ z ∈ ts2-M ∧ z ∈ ts3-M )using A02-A12-partition-ts2 negO-ts1-ts2 by auto

lemma neg-O-ts0-M-ts1-M : ¬ (∃ z . z ∈ m-set ∧ z ⊆ ts0-M ∧ z ⊆ ts1-M ) usingnegO-ts0-M-ts1-M by blastlemma neg-O-ts0-M-ts2-M : ¬ (∃ z . z ∈ m-set ∧ z ⊆ ts0-M ∧ z ⊆ ts2-M ) usingnegO-ts0-M-ts2-M by blastlemma neg-O-ts0-M-ts3-M : ¬ (∃ z . z ∈ m-set ∧ z ⊆ ts0-M ∧ z ⊆ ts3-M ) usingnegO-ts0-M-ts3-M by blastlemma neg-O-ts1-M-ts2-M : ¬ (∃ z . z ∈ m-set ∧ z ⊆ ts1-M ∧ z ⊆ ts2-M ) usingnegO-ts1-M-ts2-M by blastlemma neg-O-ts1-M-ts3-M : ¬ (∃ z . z ∈ m-set ∧ z ⊆ ts1-M ∧ z ⊆ ts3-M ) using

89

negO-ts1-M-ts3-M by blastlemma neg-O-ts2-M-ts3-M : ¬ (∃ z . z ∈ m-set ∧ z ⊆ ts2-M ∧ z ⊆ ts3-M ) usingnegO-ts2-M-ts3-M by blast

lemma isTS-M-imp-m-set : isTS-M t w =⇒ t ∈ m-set by blast

lemma union-SR-set-M-0-cap-SR-set-M-1-eq-top-of-m-set :⋃

(SR-set-M-0 ∩ SR-set-M-1 )= top-of-m-set by forcelemma union-m-set-atoms-vs-top-of-m-set :

⋃m-set-atoms = top-of-m-set by force

lemma m-set-atoms-subset-SR-set-M-0 : m-set-atoms ⊆ SR-set-M-0 by fastlemma m-set-atoms-subset-SR-set-M-1 : m-set-atoms ⊆ SR-set-M-1 by fastlemma m-set-atoms-subset-SR-set-M-0-cap-SR-set-M-1 : m-set-atoms ⊆ SR-set-M-0∩ SR-set-M-1 by fastlemma SR-set-M-0-eq-m-set-atoms-cup-ts-set-M-0 : SR-set-M-0 = m-set-atoms ∪ts-set-M-0 by fastlemma SR-set-M-1-eq-m-set-atoms-cup-ts-set-M-1 : SR-set-M-1 = m-set-atoms ∪ts-set-M-1 by fastlemma SR-set-M-1-eq-m-set-atoms-cup-ts1-M-ts2-M : SR-set-M-1 = m-set-atoms∪ {ts1-M ,ts2-M } by fast

abbreviation isTR-M :: Reg ⇒ Reg set ⇒ bool whereisTR-M u tss ≡ tss ∈ ts-set-M ∧ (∃ ts1 ts2 . ts1 ∈ tss ∧ ts2 ∈ tss ∧

¬(∃ z0 . z0 ∈ top-of-m-set ∧ z0 ∈ ts1 ∧ z0 ∈ ts2 ) ∧(∃ z1 . z1 ∈ u ∧ z1 ∈ ts1 ) ∧(∃ z2 . z2 ∈ u ∧ z2 ∈ ts2 ))

lemma isTS-M-0-impl-isTR-M-1 :fixes t iassumes ts: isTS-M t (RSC i ts-set-M-0 )shows isTR-M t ts-set-M-1

proof−from ts have t0 : t = ts0 ∨ t = ts1 ∨ t = ts2 by autohave t1 : t = ts0 =⇒ isTR-M t ts-set-M-1 using negO-ts0-M-ts1-M by (smt

insertI1 singletonD subsetCE subset-insertI )have t2 : t = ts1 =⇒ isTR-M t ts-set-M-1proof −

assume a1 : t = ts1show isTR-M t ts-set-M-1proof−from a1 have c-01 ∈ t ∧ c-01 ∈ ts2-M ∧ c-11 ∈ t ∧ c-11 ∈ ts1-M by simp

from this show isTR-M t ts-set-M-1 using negO-ts1-M-ts2-M by (smt

90

insert-subset subset-insertI )qed

qedhave t3 : t = ts2 =⇒ isTR-M t ts-set-M-1proof −

assume a1 : t = ts2show isTR-M t ts-set-M-1proof−from a1 have c-02 ∈ t ∧ c-02 ∈ ts3-M ∧ c-12 ∈ t ∧ c-12 ∈ ts2-M by simp

from this show isTR-M t ts-set-M-1 using negO-ts2-M-ts3-M by (smtinsert-subset subset-insertI )

qedqedfrom t0 t1 t2 t3 show isTR-M t ts-set-M-1 by fast

qed

lemma isTS-M-1-impl-isTR-M-0 :fixes t iassumes ts: isTS-M t (RSC i ts-set-M-1 )assumes noAtoms: t 6= ts0-M t 6= ts3-Mshows isTR-M t ts-set-M-0

proof−from assms have t0 : t = ts1-M ∨ t = ts2-M by autohave t1 : t = ts1-M =⇒ isTR-M t ts-set-M-0 using negO-ts0-ts1 by blasthave t2 : t = ts2-M =⇒ isTR-M t ts-set-M-0 using negO-ts1-ts2 by blastfrom assms t0 t1 t2 show isTR-M t ts-set-M-0 by argo

qed

lemma ts0-M-neq-ts1-M : ts0-M 6= ts1-M using type-definition.Abs-inject type-definition-Xcoordby fastforcelemma ts0-M-neq-ts2-M : ts0-M 6= ts2-M using type-definition.Abs-inject type-definition-Xcoordby fastforcelemma ts0-M-neq-ts3-M : ts0-M 6= ts3-M using type-definition.Abs-inject type-definition-Xcoordby fastforcelemma ts1-M-neq-ts2-M : ts1-M 6= ts2-M using negO-ts1-M-ts2-M by blastlemma ts1-M-neq-ts3-M : ts1-M 6= ts3-M using neg-O-ts1-M-ts3-M by blastlemma ts2-M-neq-ts3-M : ts2-M 6= ts3-M using neg-O-ts2-M-ts3-M by blast

8.3 Worldlines

abbreviation wlA-0 :: Reg wherewlA-0 ≡ {c-00 ,c-01 ,c-02}

lemma finite-wlA-0 : finite wlA-0 by auto

abbreviation TR-parts-of-wlA-0 :: Reg set whereTR-parts-of-wlA-0 ≡ {{c-00 ,c-01},{c-01 ,c-02},{c-00 ,c-02},{c-00 ,c-01 ,c-02}}

91



















92




abbreviation wlA-set :: Reg set wherewlA-set ≡ {wlA-0 ,wlA-1 ,wlA-2 ,wlA-3 ,wlA-4 ,wlA-5 ,wlA-6 ,wlA-7}

lemma finite-wlA-set : finite wlA-set by auto

abbreviation wlCompl-0 :: Reg set wherewlCompl-0 ≡ {wlA-0 ,wlA-1}

lemma finite-wlCompl-0 : finite wlCompl-0 by auto

lemma⋃

wlCompl-0 = top-of-m-set by auto


lemma⋃




lemma⋃

wlCompl-2 =top-of-m-set by auto



lemma⋃



abbreviation wl-Compl-set :: Reg set set wherewl-Compl-set ≡ {wlCompl-0 ,wlCompl-1 ,wlCompl-2 ,wlCompl-3}

lemma⋃{⋃

wlCompl-0 ,⋃

wlCompl-1 ,⋃

wlCompl-2 ,⋃

wlCompl-3} = top-of-m-setby auto

lemma finite-wlCompl-set : finite wl-Compl-set by auto

93

8.4 Temporal parts of complexes

abbreviation TR-set-Compl-0-M-0 :: Reg set whereTR-set-Compl-0-M-0 ≡ {tr . tr ∈ TR-parts-of-wlA-0 ∨ tr ∈ TR-parts-of-wlA-1∨

tr ∈ {t . ∃ t1 t2 . t1 ∈ TR-parts-of-wlA-0 ∧ t2 ∈TR-parts-of-wlA-1 ∧ t =

⋃{t1 ,t2}}}



⋃{t1 ,t2}}}



⋃{t1 ,t2}}}



⋃{t1 ,t2}}}

lemma Sum-TR-set-Compl-0-M-0 :⋃

TR-set-Compl-0-M-0 = top-of-m-set by blast

lemma top-of-m-set-in-TR-set-Compl-0-M-0 : top-of-m-set ∈ TR-set-Compl-0-M-0proof −

have l0 : wlA-0 ∈ TR-parts-of-wlA-0 by blasthave l1 : wlA-1 ∈ TR-parts-of-wlA-1 by forcefrom l0 l1 have

⋃{wlA-0 ,wlA-1} ∈ TR-set-Compl-0-M-0 by (metis (mono-tags,

lifting) mem-Collect-eq)from this show top-of-m-set ∈ TR-set-Compl-0-M-0 by (simp add : insert-commute)

qed

lemma ts0-ts1-in-TR-set-Compl-0-M-0 :⋃{ts0 ,ts1} ∈ TR-set-Compl-0-M-0

proof −have l0 : {c-00 ,c-01} ∈ TR-parts-of-wlA-0 by blasthave l1 : {c-10 ,c-11} ∈ TR-parts-of-wlA-1 by blastfrom l0 l1 have l3 :

⋃{{c-00 ,c-01},{c-10 ,c-11}} ∈ TR-set-Compl-0-M-0 by

(metis (mono-tags, lifting) mem-Collect-eq)have l4 :

⋃{{c-00 ,c-01},{c-10 ,c-11}} =

⋃{ts0 ,ts1} by auto

from l3 l4 show ?thesis by simpqed




(metis (mono-tags, lifting) mem-Collect-eq)

94

have l4 :⋃{{c-00 ,c-02},{c-10 ,c-12}} =







⋃{{c-01 ,c-02},{c-11 ,c-12}} =







qed





⋃{{c-00 ,c-11},{c-10 ,c-01}} =







⋃{{c-00 ,c-02},{c-10 ,c-12}} =






(metis (mono-tags, lifting) mem-Collect-eq)

95

have l4 :⋃{{c-11 ,c-02},{c-01 ,c-12}} =







qed





⋃{{c-00 ,c-01},{c-10 ,c-11}} =







⋃{{c-00 ,c-12},{c-10 ,c-02}} =







⋃{{c-01 ,c-12},{c-11 ,c-02}} =






96


qed





⋃{{c-00 ,c-11},{c-10 ,c-01}} =







⋃{{c-00 ,c-12},{c-10 ,c-02}} =







⋃{{c-11 ,c-12},{c-01 ,c-02}} =



abbreviation TR-parts-of-Compl-M-0 :: Reg set whereTR-parts-of-Compl-M-0 ≡

⋃{TR-parts-of-wlA-0 ,TR-parts-of-wlA-1 ,TR-parts-of-wlA-2 ,TR-parts-of-wlA-3 ,TR-parts-of-wlA-4 ,

TR-parts-of-wlA-5 ,TR-parts-of-wlA-6 ,TR-set-Compl-0-M-0 ,TR-set-Compl-1-M-0 ,TR-set-Compl-2-M-0 ,TR-set-Compl-3-M-0}

lemma wlA-0-not-in-SR-set-M-0 : wlA-0 /∈ SR-set-M-0 by blast


97







lemma top-of-m-set-not-in-SR-set-M-0 : top-of-m-set /∈ SR-set-M-0 by blast





lemma wlA-4-not-in-SR-set-M-1 : wlA-4 /∈ SR-set-M-1by blast




lemma top-of-m-set-not-in-SR-set-M-1 : top-of-m-set /∈ SR-set-M-1 by blast

lemma Sum-TR-set-Compl :⋃

TR-parts-of-Compl-M-0 = top-of-m-set by blast

lemma wl-Compl-set-subset-m-set :fixes xassumes x ∈ wl-Compl-setshows x ⊆ m-set using assms by auto

lemma {} /∈ wl-Compl-set by auto

98

lemma {} /∈ m-set by auto

lemma finite m-set by simp

lemma noBottom: ¬(∃ x∈m-set . ∀ y∈m-set . x ⊆ y)proof

assume (∃ x∈m-set . ∀ y∈m-set . x ⊆ y)from this obtain x where l1 : x∈m-set ∧ (∀ y∈m-set . x ⊆ y) by autofrom l1 have l3 : x ⊆ top-of-m-set by autofrom l1 and l3 show Falseproof (cases x={})

case Truefrom this and l1 show False by auto

nextcase Falsefrom this have l4 : x 6= {} by autofrom False show Falseproof (cases ¬(finite x ))

case Truefrom this and l1 show False using finite-subset by auto

nextcase Falsefrom False show Falseproof (cases x = top-of-m-set)

case Truehave l2 :{CoordC ZeroX ZeroT} ⊆ top-of-m-set by autofrom this show Falseproof (cases {CoordC ZeroX ZeroT} = top-of-m-set)

case Truehave {CoordC OneX OneT} ⊆ top-of-m-set by autohave CoordC OneX ZeroT 6= CoordC ZeroX ZeroT by simpfrom this show False using True by blast

nextcase False

from this and l2 have {CoordC ZeroX ZeroT} ⊂ top-of-m-set by(simp add : psubsetI )

from this and l1 and True show False by autoqed

nextcase Falsefrom this and l3 have x ⊂ top-of-m-set by auto

from this and l1 and l4 have ∃ y . y 6= {} ∧ y = {xx . xx ∈top-of-m-set ∧ xx /∈ x} by (metis (mono-tags, lifting) False empty-Collect-eq l3subsetI subset-antisym)

from this obtain y where y 6= {} ∧ y = {xx . xx ∈ top-of-m-set ∧ xx/∈ x} by presburger

from this have y ∈ m-set ∧ ¬x ⊆ y by (smt Diff-eq-empty-iffDiff-subset l1 mem-Collect-eq subsetCE subsetI subset-antisym)

99

from this and l1 show False by autoqed

qedqed

qed

lemma Union-of-ts-eq-top-of-m-set-M-0 :fixes i jassumes i ∈ wlA-set j ∈ ts-set-Mshows

⋃ts-set-M-0 = top-of-m-set

prooffix thave t ∈ ts-set-M-0 =⇒ t ⊆ top-of-m-set by blastfrom this have ∀ t . t ∈ ts-set-M-0 −→ t ⊆ top-of-m-set by simpfrom this show

⋃ts-set-M-0 ⊆ top-of-m-set by blast

nextshow top-of-m-set ⊆

⋃ts-set-M-0

prooffix xshow x ∈ top-of-m-set =⇒ x ∈

⋃ts-set-M-0

proof −assume a: x ∈ top-of-m-setshow x ∈

⋃ts-set-M-0

proof (rule ccontr)assume aa: x /∈

⋃ts-set-M-0

show Falseproof −

from aa have x /∈ ts0 ∧ x /∈ ts1 ∧ x /∈ ts2 by blastfrom this have x /∈ top-of-m-set by simpfrom this and a show False by auto

qedqed

qedqed

qed

lemma Union-of-ts-eq-top-of-m-set-M-1 :fixes i jassumes i ∈ wlA-set j ∈ ts-set-Mshows

⋃ts-set-M-1 = top-of-m-set

prooffix thave t ∈ ts-set-M-1 =⇒ t ⊆ top-of-m-set by blastfrom this have ∀ t . t ∈ ts-set-M-1 −→ t ⊆ top-of-m-set by simpfrom this show

⋃ts-set-M-1 ⊆ top-of-m-set by blast

nextshow top-of-m-set ⊆

⋃ts-set-M-1

proof

100

fix xshow x ∈ top-of-m-set =⇒ x ∈

⋃ts-set-M-1

proof −assume a: x ∈ top-of-m-setshow x ∈

⋃ts-set-M-1

proof (rule ccontr)assume aa: x /∈

⋃ts-set-M-1

show Falseproof −

from aa have x /∈ ts0-M ∧ x /∈ ts1-M ∧ x /∈ ts2-M ∧ x /∈ ts3-M byblast

from this have x /∈ top-of-m-set by simpfrom this and a show False by auto

qedqed

qedqed

qed

lemma SR-set-N-subset-m-set : SR-set-N ⊆ m-set by fastforce

lemma SR-set-M-0-subset-m-set : SR-set-M-0 ⊆ m-set by fastforcelemma SR-set-M-1-subset-m-set : SR-set-M-1 ⊆ m-set by fastforce

lemma TR-set-M-0-subset-m-set : TR-parts-of-Compl-M-0 ⊆ m-setproof

fix xassume a: x ∈ TR-parts-of-Compl-M-0show x ∈ m-setproof −from a have x ∈

⋃{TR-parts-of-wlA-0 ,TR-parts-of-wlA-1 ,TR-parts-of-wlA-2 ,TR-parts-of-wlA-3 ,TR-parts-of-wlA-4 ,

TR-parts-of-wlA-5 ,TR-parts-of-wlA-6 ,TR-set-Compl-0-M-0 ,TR-set-Compl-1-M-0 ,TR-set-Compl-2-M-0 ,TR-set-Compl-3-M-0}

by autofrom this show ?thesis by force

qedqed

abbreviation ar-TS-N :: Reg set ⇒ Reg set ⇒ bool wherear-TS-N ≡ λ r s. r ∈ ts-set-N ∧ s ∈ ts-set-N

abbreviation ar-TS-M :: Reg set ⇒ Reg set ⇒ bool wherear-TS-M ≡ λ r s. r ∈ ts-set-M ∧ s ∈ ts-set-M

8.5 Possible entities in a world with two atoms

datatype tId = Co | Oc | UC | UO

101

datatype eId = ZeroE | OneE | TwoE

datatype entityType = Entity tId eId eId set

abbreviation theAtomIds :: eId set where theAtomIds ≡ {ZeroE ,OneE}abbreviation theConplexIds :: eId set where theConplexIds ≡ {TwoE}abbreviation theContinuantIds :: eId set where theContinuantIds ≡ {ZeroE ,OneE ,TwoE}

abbreviation theOccurrantIds :: eId set where theOccurrantIds ≡ {ZeroE ,OneE ,TwoE}

lemma finite-theAtomIds: finite theAtomIds by autolemma finite-theConplexIds: finite theConplexIds by autolemma finite-thetheContinuantIds: finite theContinuantIds by autolemma finite-theOccurrantIds: finite theOccurrantIds by auto

abbreviation At-0 :: entityType where At-0 ≡ (Entity Co ZeroE {})abbreviation At-1 :: entityType where At-1 ≡ (Entity Co OneE {})abbreviation Compl-0 :: entityType where Compl-0 ≡ (Entity Co TwoE {ZeroE ,OneE})

abbreviation Oc-0 :: entityType where Oc-0 ≡ (Entity Oc ZeroE {})abbreviation Oc-1 :: entityType where Oc-1 ≡ (Entity Oc OneE {})abbreviation Oc-2 :: entityType where Oc-2 ≡ (Entity Oc TwoE {ZeroE ,OneE})abbreviation UO-0 :: entityType where UO-0 ≡ (Entity UO ZeroE {ZeroE ,OneE ,TwoE})

abbreviation UC-0 :: entityType where UC-0 ≡ (Entity UC ZeroE {ZeroE ,OneE ,TwoE})

abbreviation theAtoms :: entityType set where theAtoms ≡ {At-0 ,At-1}abbreviation thePossibleComplexes :: entityType set where thePossibleCom-plexes ≡ {Compl-0}abbreviation thePossibleContinuants :: entityType set where thePossibleContin-uants ≡ theAtoms ∪ thePossibleComplexesabbreviation thePossibleOccurrants :: entityType set where thePossibleOccur-rants ≡ {Oc-0 ,Oc-1 ,Oc-2}abbreviation theOccUniversals :: entityType set where theOccUniversals ≡ {UO-0}

abbreviation theContUniversals :: entityType set where theContUniversals ≡{UC-0}

abbreviation thePossibleParticulars :: entityType set where thePossiblePartic-ulars ≡ thePossibleContinuants ∪ thePossibleOccurrants

abbreviation thePossibleUniversals :: entityType set where thePossibleUniver-sals ≡ theOccUniversals ∪ theContUniversals

abbreviation thePossibleEntities :: entityType set where thePossibleEntities ≡thePossibleParticulars ∪ thePossibleUniversals

102

lemma finite thePossibleEntities by auto

8.6 Instantiation in Minkowski spacetime

abbreviation wl-Phys-Possible :: Reg set set where wl-Phys-Possible ≡ {wlCompl-0}

datatype instRec = InstRec entityType entityType Reg Reg set Reg set

abbreviation instRec-At-0-at-00-M0 :: instRec whereinstRec-At-0-at-00-M0 ≡ InstRec At-0 UC-0 A-00 wlCompl-0 ts-set-M-0






abbreviation instRec-Oc-0-at-wlA-0-M0 :: instRec whereinstRec-Oc-0-at-wlA-0-M0 ≡ InstRec Oc-0 UO-0 wlA-0 wlCompl-0 ts-set-M-0


abbreviation instRec-Oc-2-at-wlCompl-0-M0 :: instRec whereinstRec-Oc-2-at-wlCompl-0-M0 ≡ InstRec Oc-2 UO-0 (

⋃wlCompl-0 ) wlCompl-0

ts-set-M-0









abbreviation instRec-Oc-2-at-wlCompl-0-M1 :: instRec whereinstRec-Oc-2-at-wlCompl-0-M1 ≡ InstRec Oc-2 UO-0 (

⋃wlCompl-0 ) wlCompl-0

ts-set-M-1

103

abbreviation instRec-Compl-0-at-ts0-M0 :: instRec whereinstRec-Compl-0-at-ts0-M0 ≡ InstRec Compl-0 UC-0 ts0 wlCompl-0 ts-set-M-0

abbreviation instRec-Compl-0-at-ts0-M1 :: instRec whereinstRec-Compl-0-at-ts0-M1 ≡ InstRec Compl-0 UC-0 ts0-M wlCompl-0 ts-set-M-1






abbreviation instDB-M :: instRec list whereinstDB-M ≡ [instRec-Compl-0-at-ts0-M0 ,

instRec-Compl-0-at-ts1-M0 ,instRec-Compl-0-at-ts2-M0 ,instRec-Compl-0-at-ts0-M1 ,instRec-Compl-0-at-ts1-M1 ,instRec-Compl-0-at-ts2-M1 ,instRec-Compl-0-at-ts3-M1 ,

instRec-At-0-at-00-M0 ,instRec-At-0-at-01-M0 ,instRec-At-0-at-02-M0 ,instRec-At-1-at-10-M0 ,instRec-At-1-at-11-M0 ,instRec-At-1-at-12-M0 ,

instRec-Oc-0-at-wlA-0-M0 ,instRec-Oc-1-at-wlA-1-M0 ,instRec-Oc-2-at-wlCompl-0-M0 ,instRec-At-0-at-00-M1 ,instRec-At-0-at-01-M1 ,instRec-At-0-at-02-M1 ,instRec-At-1-at-10-M1 ,instRec-At-1-at-11-M1 ,

instRec-At-1-at-12-M1 ,instRec-Oc-0-at-wlA-0-M1 ,instRec-Oc-1-at-wlA-1-M1 ,instRec-Oc-2-at-wlCompl-0-M1 ]

lemma finite-instDB-M : finite (set instDB-M ) by auto

definition isInst-M :: entityType ⇒ entityType ⇒ Reg ⇒ Reg RS ⇒ bool whereisInst-M e1 e2 u w ≡ (InstRec e1 e2 u (r-RS w) (s-RS w)) ∈ set instDB-M

primrec e1-InstRec :: instRec ⇒ entityType wheree1-InstRec (InstRec e1 e2 u i j ) = e1

104

primrec e2-InstRec :: instRec ⇒ entityType wheree2-InstRec (InstRec e1 e2 u i j ) = e2

primrec u-InstRec :: instRec ⇒ Reg whereu-InstRec (InstRec e1 e2 u i j ) = u

primrec e1-eq :: entityType ⇒ instRec ⇒ bool wheree1-eq e (InstRec e1 e2 u i j ) = (e = e1 )

primrec e2-eq :: entityType ⇒ instRec ⇒ bool wheree2-eq e (InstRec e1 e2 u i j ) = (e = e2 )

primrec e1-j-eq :: entityType ⇒ Reg set ⇒ instRec ⇒ bool wheree1-j-eq ee jj (InstRec e1 e2 u i j ) = ((ee = e1 ) ∧ (jj = j ))

primrec e2-j-eq :: entityType ⇒ Reg set ⇒ instRec ⇒ bool wheree2-j-eq ee jj (InstRec e1 e2 u i j ) = ((ee = e2 ) ∧ (jj = j ))

primrec e1-i-j-eq :: entityType ⇒ Reg set ⇒ Reg set ⇒ instRec ⇒ bool wheree1-i-j-eq ee ii jj (InstRec e1 e2 u i j ) = ((ee = e1 ) ∧ (ii = i) ∧ (jj = j ))

definition inst-at-M :: entityType ⇒ Reg set whereinst-at-M e1 ≡ set (map u-InstRec (filter (e1-eq e1 ) instDB-M ))

definition inst-at-M-0-or-1 :: entityType ⇒ Reg set ⇒ Reg set whereinst-at-M-0-or-1 e1 j ≡ set (map u-InstRec (filter (e1-j-eq e1 j ) instDB-M ))

definition isAtE-M :: entityType ⇒ Reg RS ⇒ bool whereisAtE-M e1 w ≡ (e1 ∈ theAtoms) ∧ (filter (e1-i-j-eq e1 (r-RS w) (s-RS w))

instDB-M ) 6= []

lemma inst-at-M At-0 = {A-00 ,A-01 ,A-02} unfolding inst-at-M-def by autolemma inst-at-M At-1 = {A-10 ,A-11 ,A-12} unfolding inst-at-M-def by autolemma inst-at-M Compl-0 = {ts0 ,ts1 ,ts2 ,ts0-M ,ts1-M ,ts2-M ,ts3-M } unfold-ing inst-at-M-def by autolemma inst-at-M Oc-0 = {wlA-0} unfolding inst-at-M-def by autolemma inst-at-M Oc-1 = {wlA-1} unfolding inst-at-M-def by autolemma inst-at-M Oc-2 = {(

⋃wlCompl-0 )} unfolding inst-at-M-def by auto

lemma isInst-M At-0 UC-0 A-00 (RSC wlCompl-0 ts-set-M-0 ) unfolding isInst-M-defby forcelemma isInst-M Compl-0 e2 ts0-M w =⇒ ts0-M ∈ inst-at-M Compl-0 unfoldinginst-at-M-def isInst-M-def by force

105

lemma inst-at-M-0-or-1 At-0 ts-set-M-0 = {A-00 ,A-01 ,A-02} unfolding inst-at-M-0-or-1-defby autolemma inst-at-M-0-or-1 Compl-0 ts-set-M-0 ⊆ inst-at-M Compl-0 unfoldinginst-at-M-0-or-1-def inst-at-M-def by autolemma inst-at-M-0-or-1 Compl-0 ts-set-M-1 ⊆ inst-at-M Compl-0 unfoldinginst-at-M-0-or-1-def inst-at-M-def by auto

lemma {At-0 , At-1} = theAtoms by simplemma isAtE-M At-0 (RSC wlCompl-0 ts-set-M-0 ) unfolding isAtE-M-def byautolemma isAtE-M At-0 (RSC wlCompl-0 ts-set-M-1 ) unfolding isAtE-M-def byautolemma isAtE-M At-1 (RSC wlCompl-0 ts-set-M-0 ) unfolding isAtE-M-def byautolemma isAtE-M At-1 (RSC wlCompl-0 ts-set-M-1 ) unfolding isAtE-M-def byauto

lemma Compl-0-at-ts-set-M-1 : {ts0-M ,ts1-M ,ts2-M ,ts3-M } = inst-at-M-0-or-1 Compl-0ts-set-M-1 unfolding inst-at-M-0-or-1-def by autolemma Compl-0-at-ts-set-M-0 : {ts0 ,ts1 ,ts2} = (inst-at-M-0-or-1 Compl-0 ts-set-M-0 )

proof −have l1 : {ts0 ,ts1 ,ts2} ⊆ (inst-at-M-0-or-1 Compl-0 ts-set-M-0 ) unfolding

inst-at-M-0-or-1-def by autohave l2 : (inst-at-M-0-or-1 Compl-0 ts-set-M-0 ) ⊆ {ts0 ,ts1 ,ts2} unfolding

inst-at-M-0-or-1-def by autofrom l1 l2 show ?thesis by auto

qed

lemma s 6= [] =⇒ ∃ x xs. s = x#xs using list .exhaust by blast

lemma filter-P-imp-P : x#xs = (filter P ys) =⇒ P x by (meson Cons-eq-filterD)lemma f-imp-map-f : [[f y = x ; y ∈ set ys]] =⇒ x ∈ set (map f ys) by auto

lemma P-imp-Q-imp-filterP-subset-filterQ : [[∀ x . P x −→ Q x ]] =⇒ (set (filter Pys)) ⊆ (set (filter Q ys))

proof (induction ys)show ∀ x . P x −→ Q x =⇒ set (filter P []) ⊆ set (filter Q []) by auto

nextshow

∧a ys. (∀ x . P x −→ Q x =⇒ set (filter P ys) ⊆ set (filter Q ys)) =⇒∀ x . P x −→ Q x =⇒ set (filter P (a # ys)) ⊆ set (filter Q (a # ys))

proof −fix a ysassume a1 : (∀ x . P x −→ Q x =⇒ set (filter P ys) ⊆ set (filter Q ys))assume a2 : ∀ x . P x −→ Q x

106

show set (filter P (a # ys)) ⊆ set (filter Q (a # ys))proof

fix xassume a3 : x ∈ set (filter P (a # ys))show x ∈ set (filter Q (a # ys))proof (cases x=a)

case Truefrom a3 have P x by (metis filter-set member-filter)from this and a2 have Q x by blastfrom this and True show x ∈ set (filter Q (a # ys)) by simp

nextcase False

from False and a3 have l : x ∈ set (filter P ys) by (metis filter .simps(2 )set-ConsD)

from a1 and a2 have set (filter P ys) ⊆ set (filter Q ys) by autofrom this and l have x ∈ set (filter Q ys) by autofrom this show x ∈ set (filter Q (a # ys)) by simp

qedqed

qedqed

lemma isInst-M-u-inst-at-M :fixes e1 e2 u wassumes inst : isInst-M e1 e2 u wshows u ∈ inst-at-M e1

proof (unfold inst-at-M-def )from inst have (InstRec e1 e2 u (r-RS w) (s-RS w)) ∈ set instDB-M unfolding

isInst-M-def by autofrom this have sl4 : (InstRec e1 e2 u (r-RS w) (s-RS w)) ∈ set (filter (e1-eq

e1 ) instDB-M ) by (metis e1-eq .simps filter-set member-filter)have sl5 : u-InstRec (InstRec e1 e2 u (r-RS w) (s-RS w)) = u by simpfrom sl4 sl5 show u ∈ set (map u-InstRec (filter (e1-eq e1 ) instDB-M ))

using f-imp-map-f by fastqed

lemma isInst-M-imp-inst-at-M-0-or-1 :fixes e1 e2 u wassumes inst : isInst-M e1 e2 u (RSC i j )shows u ∈ inst-at-M-0-or-1 e1 j

proof (unfold inst-at-M-0-or-1-def )from inst have (InstRec e1 e2 u i j ) ∈ set instDB-M unfolding isInst-M-def

by autofrom this have sl4 : (InstRec e1 e2 u i j ) ∈ set (filter (e1-j-eq e1 j ) instDB-M )

by (metis e1-j-eq .simps filter-set member-filter)have sl5 : u-InstRec (InstRec e1 e2 u i j ) = u by simpfrom sl4 sl5 show u ∈ set (map u-InstRec (filter (e1-j-eq e1 j ) instDB-M ))

using f-imp-map-f by fast

107

qed

lemma Oc-0-inst-at-M-wlA-0 : inst-at-M Oc-0 = { wlA-0 } unfolding inst-at-M-defby autolemma Oc-1-inst-at-M-wlA-1 : inst-at-M Oc-1 = { wlA-1 } unfolding inst-at-M-defby autolemma Oc-2-inst-at-M-top: inst-at-M Oc-2 = {

⋃wlCompl-0 } unfolding inst-at-M-def

by auto

lemma ts0-M ∈ inst-at-M Compl-0 unfolding inst-at-M-def by autolemma ts0 ∈ inst-at-M Compl-0 unfolding inst-at-M-def by autolemma ts1-M ∈ inst-at-M Compl-0 unfolding inst-at-M-def by autolemma ts1 ∈ inst-at-M Compl-0 unfolding inst-at-M-def by auto

lemma isInst-M-e1-impl-possibleParticulars:fixes e1 e2 u i jassumes inst : isInst-M e1 e2 u (RSC i j )assumes carr : e1 ∈ thePossibleEntitiesshows e1 =At-0 ∨ e1 =At-1 ∨ e1 =Compl-0 ∨ e1 = Oc-0 ∨ e1 = Oc-1 ∨ e1 =

Oc-2proof−have l0 : {At-0 , At-1 , Compl-0 , Oc-0 , Oc-1 , Oc-2} = set (map e1-InstRec (filter

(λr . True) instDB-M )) by autofrom assms have e1 ∈ set (map e1-InstRec (filter (λr . True) instDB-M )) un-

folding isInst-M-def by forcefrom this and l0 show e1 =At-0 ∨ e1 =At-1 ∨ e1 =Compl-0 ∨ e1 = Oc-0 ∨

e1 = Oc-1 ∨ e1 = Oc-2 by fastqed

lemma isInst-M-e1-impl-possibleUniversals:fixes e1 e2 u i jassumes inst : isInst-M e1 e2 u (RSC i j )shows e2 = UC-0 ∨ e2 = UO-0

proof−have l0 : {UC-0 ,UO-0} = set (map e2-InstRec (filter (λr . True) instDB-M )) by

autofrom assms have l2 : e2 ∈ set (map e2-InstRec (filter (λr . True) instDB-M ))

unfolding isInst-M-def by forcefrom this and l0 show e2 = UC-0 ∨ e2 = UO-0 by fast

qed

definition OR:: Reg ⇒ Reg ⇒ bool whereOR x y ≡ ∃ z . z ∈ x ∧ z ∈ y

108

8.7 Instantiating the frame structures

lemma wl-Phys-Possible ⊆ wl-Compl-set by simp

abbreviation ar-WL:: Reg set ⇒ Reg set ⇒ bool wherear-WL ≡ λ r s. r ∈ wl-Phys-Possible ∧ s ∈ wl-Phys-Possible

abbreviation ST-frame :: (Reg , Reg) porder-two-sort-RS-frame whereST-frame ≡ (|r-carrier = wl-Phys-Possible, aR = ar-WL,

s-carrier = ts-set-M , aS = ar-TS-M ,carrier = m-set , e-carrier = m-set ,le = op ⊆ |)

abbreviation AtE-Inst-ST-frame-M whereAtE-Inst-ST-frame-M ≡ (|r-carrier = wl-Phys-Possible, aR = ar-WL,

s-carrier = ts-set-M , aS = ar-TS-M ,carrier = m-set , e-carrier = thePossibleEntities,le = op ⊆,ts = isTS-M , inst = isInst-M , ate = isAtE-M |)


oops

endtheory ST-model-proof imports S5-2D-lifted-theory ST-model-base

begin

declare [[ smt-timeout = 360 ]]

9 Proof that the model AtE-Inst-ST-frame-M sat-isfies the axioms of the formal theory – they areextremely ugly and tedious ...

9.1 Preliminary lemmata

lemma finite-sup-least-Union:[| finite A; A ⊆ carrier AtE-Inst-ST-frame-M ; A ∼= {} |] ==> least AtE-Inst-ST-frame-M

(⋃

A) (Upper AtE-Inst-ST-frame-M A)proof (induct set : finite)

109

case emptyfrom empty have A={} ∧ A 6={} by auto

from this have False by autofrom this show ?case by auto

nextcase (insert x A)show ?caseproof (cases A = {})

case Trueshow least AtE-Inst-ST-frame-M (

⋃(insert x A)) (Upper AtE-Inst-ST-frame-M

(insert x A))proof −

have l1 : insert x {} = {x} by simphave l2 : least AtE-Inst-ST-frame-M (

⋃{x}) (Upper AtE-Inst-ST-frame-M

{x}) using True Upper-memD ccpo-Sup-singleton finite.emptyI finite.insertI in-sert .prems(1 ) insertI1 insert-subset le-cSup-finite least-UpperI porder-two-sort-RS-frame.select-convs(1 )by (smt two-sort-RS-frame.select-convs(1 ))

from l1 l2 True show least AtE-Inst-ST-frame-M (⋃

(insert x A)) (UpperAtE-Inst-ST-frame-M (insert x A)) by auto

qednext

case Falseshow least AtE-Inst-ST-frame-M (



have [[least AtE-Inst-ST-frame-M (⋃

A) (Upper AtE-Inst-ST-frame-MA)]] =⇒ least AtE-Inst-ST-frame-M (



assume a1 : least AtE-Inst-ST-frame-M (⋃

A) (Upper AtE-Inst-ST-frame-MA)

from a1 False show least AtE-Inst-ST-frame-M (⋃

(insert x A)) (UpperAtE-Inst-ST-frame-M (insert x A)) using Sup-insert Sup-le-iff Upper-memD fi-nite.insertI insert .hyps(1 ) insert .prems(1 ) le-cSup-finite least-UpperI least-def mem-Collect-eqporder-two-sort-RS-frame.select-convs(1 ) two-sort-RS-frame.select-convs(1 ) subsetCEsup-eq-bot-iff sorry

qedfrom this show ?thesis using False insert .hyps(3 ) insert .prems(1 ) by

blastqed

qedqed

lemma leastUpperOfTwoExists-AtE-Inst-ST-frame-M :fixes x yassumes carr : x ∈ carrier AtE-Inst-ST-frame-M y ∈ carrier AtE-Inst-ST-frame-M

shows least AtE-Inst-ST-frame-M (⋃{x , y}) (Upper AtE-Inst-ST-frame-M {x ,

y})

110

proof (rule least-UpperI )show

∧xa. xa ∈ {x , y} =⇒ xa vAtE-Inst-ST-frame-M

⋃{x , y} by auto

nextshow

∧ya. ya ∈ Upper AtE-Inst-ST-frame-M {x , y} =⇒

⋃{x , y} vAtE-Inst-ST-frame-M

yaproof −

fix yaassume a: ya ∈ Upper AtE-Inst-ST-frame-M {x , y}show

⋃{x , y} vAtE-Inst-ST-frame-M ya

proof −from a have ya ∈ {u. (ALL xx . xx ∈ {x , y} ∩ m-set −−> xx ⊆ u)} ∩

m-set unfolding Upper-def by autofrom this and carr have

⋃{x , y} ⊆ ya by simp

from this show⋃{x , y} vAtE-Inst-ST-frame-M ya by simp

qedqed

nextshow {x , y} ⊆ carrier AtE-Inst-ST-frame-M using carr by auto

nextfrom carr show

⋃{x , y} ∈ carrier AtE-Inst-ST-frame-M by auto

qed

lemma leastUpperOfSetExists-AtE-Inst-ST-frame-M :fixes Aassumes carr : A 6= {} A ⊆ carrier AtE-Inst-ST-frame-M

shows ∃ s. least AtE-Inst-ST-frame-M s (Upper AtE-Inst-ST-frame-M A)proof (rule exI [of λs. least AtE-Inst-ST-frame-M s (Upper AtE-Inst-ST-frame-M

A)⋃

A ], rule least-UpperI )show

∧x . x ∈ A =⇒ x vAtE-Inst-ST-frame-M

⋃A

proof −fix xassume elA: x ∈ Ashow x vAtE-Inst-ST-frame-M

⋃A using carr elA rev-subsetD by auto

qednextshow

∧y . y ∈ Upper AtE-Inst-ST-frame-M A =⇒

⋃A vAtE-Inst-ST-frame-M

y using Upper-memD Sup-le-iff porder-two-sort-RS-frame.select-convs(1 ) by(smt carr(2 ) two-sort-RS-frame.select-convs(1 ))

nextshow A ⊆ carrier AtE-Inst-ST-frame-M using carr by auto

nextshow

⋃A ∈ carrier AtE-Inst-ST-frame-M

proof −have [[A 6= {};A ⊆ m-set ]] =⇒

⋃A ∈ m-set using carr by fastforce

from this and carr show⋃

A ∈ carrier AtE-Inst-ST-frame-M by simpqed

111

qed

lemma greatestLowerOfTwoExists-M :fixes x yassumes carr : x ∈ carrier AtE-Inst-ST-frame-M y ∈ carrier AtE-Inst-ST-frame-Massumes O : x .OAtE-Inst-ST-frame-M y

shows ∃ s. greatest AtE-Inst-ST-frame-M s (Lower AtE-Inst-ST-frame-M {x ,y})

proof −have greatest AtE-Inst-ST-frame-M (

⋂({x ,y})) (Lower AtE-Inst-ST-frame-M

{x , y})proof (rule greatest-LowerI )

show∧

xa. xa ∈ {x , y} =⇒⋂{x , y} vAtE-Inst-ST-frame-M xa by auto

nextshow

∧ya. ya ∈ Lower AtE-Inst-ST-frame-M {x , y} =⇒ ya vAtE-Inst-ST-frame-M⋂

{x , y}proof −

fix yaassume a: ya ∈ Lower AtE-Inst-ST-frame-M {x , y}show ya vAtE-Inst-ST-frame-M

⋂{x , y}

proof−from a have ya ∈ {l . (∀ xx . xx ∈ {x ,y} ∩ m-set −→ l ⊆ xx )} ∩ m-set

unfolding Lower-def by simpfrom this and carr have ya ⊆

⋂{x , y} by simp

from this show ya vAtE-Inst-ST-frame-M⋂{x , y} by simp

qedqed

nextfrom carr show {x , y} ⊆ carrier AtE-Inst-ST-frame-M by simp

nextshow

⋂{x , y} ∈ carrier AtE-Inst-ST-frame-M

proof (rule ccontr)assume a: ¬(

⋂{x , y} ∈ carrier AtE-Inst-ST-frame-M )

from a have ¬(⋂{x , y} ∈ m-set) by auto

from this have⋂{x , y} = {} ∨ ¬(

⋂{x , y} ⊆ top-of-m-set) by auto

from this show Falseproof

assume a1 :⋂{x , y} = {}

show Falseproof −

from O have ∃ z . z ∈ m-set ∧ z ⊆ x ∧ z ⊆ y unfolding overlap-defby auto

from this obtain z where OO : z ∈ m-set ∧ z ⊆ x ∧ z ⊆ y by autofrom OO have z ⊆

⋂{x , y} by simp

from this and OO and a1 show False by blastqed

next

112

assume a: ¬⋂{x , y} ⊆ top-of-m-set

show Falseproof −

have f2 :⋂{x , y} ⊆ y by simp

have y ⊆ top-of-m-set ∧ y 6= {} using carr(2 ) by forcefrom this and f2 and a show False using subset-trans by blast

qedqed

qedqedfrom this show ?thesis by force

qed

lemma greatest-lower-not-in-carrier-M :fixes lassumes a1 : greatest AtE-Inst-ST-frame-M l (Lower AtE-Inst-ST-frame-M (carrier

AtE-Inst-ST-frame-M ))shows l /∈ carrier AtE-Inst-ST-frame-M

proof −let ?L = AtE-Inst-ST-frame-Mshow l /∈ carrier ?Lproofassume a2 : l ∈ carrier ?L

from a1 and a2 have ∀ y∈carrier ?L. l v?L y using gL-to-bottomtwo-sort-RS-frame.select-convs(1 ) porder-two-sort-RS-frame.select-convs(1 ) by smt

from this have ∃ x∈m-set . ∀ y∈m-set . x ⊆ y by (metis (no-types, lifting)a2 two-sort-RS-frame.select-convs(1 ) porder-two-sort-RS-frame.select-convs(1 ))

from this show False using noBottom by autoqed

qed

thm gL-to-bottomlemma remainder-principle-M :

fixes x yassumes carr : x ∈ carrier AtE-Inst-ST-frame-M y ∈ carrier AtE-Inst-ST-frame-Massumes x-ll-y : x @AtE-Inst-ST-frame-M y

shows (∃ z . z ∈carrier AtE-Inst-ST-frame-M ∧ ¬ (z .OAtE-Inst-ST-frame-M x )

∧ ((z tAtE-Inst-ST-frame-M x ) = y))proof −

let ?L = AtE-Inst-ST-frame-Mshow (∃ z . z ∈carrier ?L ∧ ¬ (z .O?L x ) ∧ ((z t?L x ) = y))proof (rule exI [of λz . z∈carrier ?L ∧ ¬ (z .O?L x ) ∧ (z t?L x ) = y (y−x )],

rule conjI )show s1 : y − x ∈ carrier ?L

proof −from carr have l1 : x 6= {} ∧ y 6= {} by simpfrom carr have l2 : x ⊆ top-of-m-set ∧ y ⊆ top-of-m-set by autofrom x-ll-y have l3 : x 6= y ∧ x ⊆ y unfolding lless-def by auto

113

from l3 have l4 : x ⊂ y by autofrom l1 and l2 and l4 have l5 : (y − x ) 6= {} by autofrom l2 and l4 have y − x ⊆ top-of-m-set by blastfrom this and l5 show ?thesis by simp

qednext

show ¬ (y − x ) .O?L x ∧ y − x t?L x = yproof

show ¬ (y − x ) .O?L xproof

assume a1 : (y − x ) .O?L xfrom this have ∃ z∈m-set . z ⊆ (y−x ) ∧ z ⊆ x unfolding overlap-def by

autofrom this obtain z where z∈m-set ∧ z ⊆ (y−x ) ∧ z ⊆ x by autofrom this show False by blast

qednext

show (y−x ) t?L x = yproof −

from carr have l1 : x 6= {} ∧ y 6= {} by simpfrom x-ll-y have l2 : x 6= y ∧ x ⊆ y unfolding lless-def by autofrom this have l3 : x ⊂ y by autofrom l3 and l1 have l4 : y − x 6= {} ∧ y−x ⊆ top-of-m-set by (metis

(no-types, lifting) Diff-subset carr(2 ) dual-order .trans equals0D mem-Collect-eqtwo-sort-RS-frame.select-convs(1 ) psubset-imp-ex-mem)

from l4 have l5 : y−x ∈ m-set by simpfrom l2 have l6 :

⋃{(y − x ), x} = y by auto

from carr l5 l6 have⋃{(y − x ), x} 6= {} ∧

⋃{(y − x ), x} ⊆ top-of-m-set

by simpfrom this have l7 :

⋃{(y − x ), x} ∈ m-set by auto

from this have (y−x ) ∪ x ∈ m-set by autolet ?U = ({u∈m-set . ∀ xx . xx ∈ {(y − x ), x} −→ xx v?L u} )have l8 : ?U ⊆ m-set by blastfrom l7 have l9 : (

⋃{(y − x ), x}) ∈ ?U by auto

from l1 l8 l9 have l10 :(∀ x3∈?U . (⋃{(y − x ), x}) ⊆ x3 ) by (metis

(no-types, lifting) Sup-least mem-Collect-eq porder-two-sort-RS-frame.select-convs(1 ))from l8 l9 l10 have (?U ⊆ m-set ∧ (

⋃{(y − x ), x}) ∈ ?U ∧ (∀ x3∈?U .

(⋃{(y − x ), x}) ⊆ x3 )) by blast

from this have l11 : (?U ⊆ m-set ∧ (⋃{(y − x ), x}) ∈ ?U ∧ (∀ x3∈?U .

(⋃{(y − x ), x}) v?L x3 )) by auto

from this l1 l4 have l12 : least ?L (⋃{(y − x ), x}) (Upper ?L {(y − x ),

x}) unfolding least-def Upper-def by autolet ?V = (Upper ?L {(y − x ), x})let ?P = λl . least ?L l ?Vlet ?x = (

⋃{(y − x ), x})

from l12 have ?P (Eps ?P) using someI by smthave ?x ∈ m-set using l7 by blast

from this carr l4 l12 have l13 : ∀ yy ∈m-set . (least ?L yy ?V ) −→?x = yy unfolding least-def by (smt porder-two-sort-RS-frame.select-convs(1 )

114

subset-antisym)from l12 and l13 have ?x = (SOME xx . ?P xx ) using some-equality

by (smt least-closed two-sort-RS-frame.select-convs(1 ))from this have (y−x ) t?L x = ?x unfolding join-def sup-def by simpfrom this and l6 show (y−x ) t?L x = y by simp

qedqed

qedqed

lemma SR-impl-inSR-set-M-0 :fixes u i jassumes ass: SRAtE-Inst-ST-frame-M u (RSC i j ) j = ts-set-M-0assumes carr : u ∈ carrier AtE-Inst-ST-frame-M i ∈ r-carrier AtE-Inst-ST-frame-M

j ∈ s-carrier AtE-Inst-ST-frame-Mshows u∈ SR-set-M-0

proof −let ?L = AtE-Inst-ST-frame-M

from assms have (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i j ) ∧ u v?L t) ∧ u∈ carrier ?L ∧ i ∈ r-carrier ?L ∧ j ∈ s-carrier ?L unfolding SR-def by auto

from this obtain t where t00 : t ∈ carrier ?L ∧ TS?L t (RSC i j ) ∧ uv?L t ∧ u ∈ carrier ?L ∧ i ∈ r-carrier ?L ∧ j ∈ s-carrier ?L by blast

from this and ass have t01 : (t = ts0 ) ∨ (t = ts1 ) ∨ (t = ts2 ) by simpfrom t00 have u 6={} ∧ u ⊆ t by autofrom this and t01 have t02 : u 6={} ∧ (u ⊆ ts0 ∨ u ⊆ ts1 ∨ u ⊆ ts2 )

by mesonfrom t02 have t000 : u 6={} ∧ u ⊆ ts0 =⇒ u ∈ SR-set-M-0proof −

assume a1 : u 6={} ∧ u ⊆ ts0show u ∈ SR-set-M-0proof−

from a1 have u= A-00 ∨ u = A-10 ∨ u = ts0 by autofrom this show u ∈ SR-set-M-0 by force

qedqedfrom t02 have t001 : u 6={} ∧ u ⊆ ts1 =⇒ u ∈ SR-set-M-0proof −



qedqedfrom t02 have t002 : u 6={} ∧ u ⊆ ts2 =⇒ u ∈ SR-set-M-0proof −


115


qedqedfrom t02 t000 t001 t002 show u∈ SR-set-M-0 by satx

qed

lemma SR-impl-inSR-set-M-1 :fixes u i jassumes ass: SRAtE-Inst-ST-frame-M u (RSC i j ) j = ts-set-M-1assumes carr : u ∈ carrier AtE-Inst-ST-frame-M i ∈ r-carrier AtE-Inst-ST-frame-M

j ∈ s-carrier AtE-Inst-ST-frame-Mshows u∈ SR-set-M-1

proof −let ?L = AtE-Inst-ST-frame-M

from assms have (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i j ) ∧ u v?L t) ∧ u∈ carrier ?L ∧ i ∈ r-carrier ?L ∧ j ∈ s-carrier ?L unfolding SR-def by auto

from this obtain t where t00 : t ∈ carrier ?L ∧ TS?L t (RSC i j ) ∧ uv?L t ∧ u ∈ carrier ?L ∧ i ∈ r-carrier ?L ∧ j ∈ s-carrier ?L by blast

from this and ass have t01 : (t = ts0-M ) ∨ (t = ts1-M ) ∨ (t = ts2-M ) ∨(t = ts3-M ) by simp

from t00 have u 6={} ∧ u ⊆ t by autofrom this and t01 have t02 : u 6={} ∧ (u ⊆ ts0-M ∨ u ⊆ ts1-M ∨ u ⊆

ts2-M ∨ u ⊆ ts3-M ) by mesonfrom t02 have t000 : u 6={} ∧ u ⊆ ts0-M =⇒ u ∈ SR-set-M-1proof −

assume a1 : u 6={} ∧ u ⊆ ts0-Mshow u ∈ SR-set-M-1proof−

from a1 have u = A-10 by autofrom this show u ∈ SR-set-M-1 by force

qedqedfrom t02 have t001 : u 6={} ∧ u ⊆ ts1-M =⇒ u ∈ SR-set-M-1proof −


from a1 have u= A-00 ∨ u = A-11 ∨ u = ts1-M by autofrom this show u ∈ SR-set-M-1 by force



from a1 have u= A-01 ∨ u = A-12 ∨ u = ts2-M by autofrom this show u ∈ SR-set-M-1 by force

116



from a1 have u = A-02 ∨ u = ts2-M by autofrom this show u ∈ SR-set-M-1 by force

qedqedfrom t02 t000 t001 t002 t003 show u∈ SR-set-M-1 by satx

qed

lemma inSR-set-M-0-impl-SR:fixes u iassumes inSR-set-M-0 : u∈ SR-set-M-0assumes carr : u ∈ carrier AtE-Inst-ST-frame-M i ∈ r-carrier AtE-Inst-ST-frame-M

shows SR AtE-Inst-ST-frame-M u (RSC i ts-set-M-0 )proof −

let ?L = AtE-Inst-ST-frame-Mlet ?j = ts-set-M-0show SR?L u (RSC i ?j )

proof (rule SR-I )from carr show u ∈ carrier ?L by auto

nextfrom carr show i ∈ r-carrier ?L by auto

nextshow (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i ?j ) ∧ u v?L t)proof −

from inSR-set-M-0 have l1 : u 6= {} ∧ (u ⊆ ts0 ∨ u ⊆ ts1 ∨ u ⊆ ts2 ) byforce

have ts0 : [[u 6= {}; u ⊆ ts0 ]] =⇒ (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i ?j ) ∧u v?L t)

proof−assume a: u 6= {} u ⊆ ts0show (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i ?j ) ∧ u v?L t)proof−from a have ts0 ∈ carrier ?L ∧ isTS-M ts0 (RSC i ?j ) ∧ u ⊆ ts0 by simp

from this show (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i ?j ) ∧ u v?L t) by (smtTS-porder-two-sort-RS-frame.select-convs(1 ) porder-two-sort-RS-frame.select-convs(1 ))

qedqedhave ts1 : [[u 6= {}; u ⊆ ts1 ]] =⇒ (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i ?j ) ∧

u v?L t)proof−

assume a: u 6= {} u ⊆ ts1show (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i ?j ) ∧ u v?L t)

117

proof−from a have ts1 ∈ carrier ?L ∧ isTS-M ts1 (RSC i ?j ) ∧ u ⊆ ts1 by simp


qedqedhave ts2 : [[u 6= {}; u ⊆ ts2 ]] =⇒ (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i ?j ) ∧

u v?L t)proof−

assume a: u 6= {} u ⊆ ts2show (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i ?j ) ∧ u v?L t)proof−from a have ts2 ∈ carrier ?L ∧ isTS-M ts2 (RSC i ?j ) ∧ u ⊆ ts2 by simp


qedqedfrom l1 ts0 ts1 ts2 show (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i ?j ) ∧ u v?L

t) by forceqednextshow ts-set-M-0 ∈ s-carrier ?L by simpqed

qed

lemma inSR-set-M-1-impl-SR:fixes u iassumes inSR-set-M-1 : u∈ SR-set-M-1assumes carr : u ∈ carrier AtE-Inst-ST-frame-M i ∈ r-carrier AtE-Inst-ST-frame-M

shows SR AtE-Inst-ST-frame-M u (RSC i ts-set-M-1 )proof −

let ?L = AtE-Inst-ST-frame-Mlet ?j = ts-set-M-1show SR?L u (RSC i ?j )

proof (rule SR-I )from carr show u ∈ carrier ?L by auto

nextfrom carr show i ∈ r-carrier ?L by auto

nextshow (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i ?j ) ∧ u v?L t)proof −from inSR-set-M-1 have l1 : u 6= {} ∧ (u ⊆ ts0-M ∨ u ⊆ ts1-M ∨ u ⊆ ts2-M

∨ u ⊆ ts3-M ) by forcehave ts0-M : [[u 6= {}; u ⊆ ts0-M ]] =⇒ (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i

?j ) ∧ u v?L t)proof−

assume a: u 6= {} u ⊆ ts0-Mshow (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i ?j ) ∧ u v?L t)

118

proof−from a have ts0-M ∈ carrier ?L ∧ isTS-M ts0-M (RSC i ?j ) ∧ u ⊆ ts0-M

by simpfrom this show (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i ?j ) ∧ u v?L t) by (smt

TS-porder-two-sort-RS-frame.select-convs(1 ) porder-two-sort-RS-frame.select-convs(1 ))qed

qedhave ts1-M : [[u 6= {}; u ⊆ ts1-M ]] =⇒ (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i


assume a: u 6= {} u ⊆ ts1-Mshow (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i ?j ) ∧ u v?L t)proof−from a have ts1-M ∈ carrier ?L ∧ isTS-M ts1-M (RSC i ?j ) ∧ u ⊆ ts1-M













qedfrom l1 ts0-M ts1-M ts2-M ts3-M show (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC

i ?j ) ∧ u v?L t) by forceqednextshow ts-set-M-1 ∈ s-carrier ?L by simpqed

119

qed

lemma inSR-set-M-iff-SR-0 :fixes u iassumes carr : u ∈ carrier AtE-Inst-ST-frame-M i ∈ r-carrier AtE-Inst-ST-frame-M

shows ((u∈ SR-set-M-0 ) = (SRAtE-Inst-ST-frame-M u (RSC i ts-set-M-0 )))proof

from assms show ((u∈ SR-set-M-0 ) =⇒ (SRAtE-Inst-ST-frame-M u (RSC i

ts-set-M-0 ))) using inSR-set-M-0-impl-SR by forcenext

from assms show ((SRAtE-Inst-ST-frame-M u (RSC i ts-set-M-0 )) =⇒ (u∈SR-set-M-0 )) using SR-impl-inSR-set-M-0 by simp

qed

lemma inSR-set-M-iff-SR-1 :fixes u iassumes carr : u ∈ carrier AtE-Inst-ST-frame-M i ∈ r-carrier AtE-Inst-ST-frame-M

shows ((u∈ SR-set-M-1 ) = (SRAtE-Inst-ST-frame-M u (RSC i ts-set-M-1 )))proof

from assms show ((u∈ SR-set-M-1 ) =⇒ (SRAtE-Inst-ST-frame-M u (RSC i

ts-set-M-1 ))) using inSR-set-M-1-impl-SR by forcenext

from assms show ((SRAtE-Inst-ST-frame-M u (RSC i ts-set-M-1 )) =⇒ (u∈SR-set-M-1 )) using SR-impl-inSR-set-M-1 by simp

qed

9.2 The Model satisfies the axioms of the locale S5-RS-frame

theorem (in S5-RS-frame) m-set-is-S5-RS-frame:S5-RS-frame AtE-Inst-ST-frame-M(is S5-RS-frame ?L)

proof (rule S5-RS-frame.intro)show r-carrier ?L 6= {} by simp

nextshow s-carrier ?L 6= {} by simp

nextshow

∧x . x ∈ r-carrier ?L ==> x R?L x by simp

nextshow

∧x y . [[x ∈ r-carrier ?L; y ∈ r-carrier ?L; x R?L y ]] =⇒ y R?L x by

simpnext

show∧

x y z . [[x ∈ r-carrier ?L; y ∈ r-carrier ?L; z ∈ r-carrier ?L; x R?L y ;y R?L z ]] =⇒ x R?L z by auto

nextshow

∧x . x ∈ s-carrier ?L ==> x S?L x by simp

next

120

show∧

x y . [[x ∈ s-carrier ?L; y ∈ s-carrier ?L; x S?L y ]] =⇒ y S?L x by simpnext

show∧

x y z . [[x ∈ s-carrier ?L; y ∈ s-carrier ?L; z ∈ s-carrier ?L; x S?L y ; yS?L z ]] =⇒ x S?L z by auto

qed

9.3 The Model satisfies the axioms of the locale two-sort-S5-RS-frame

theorem (in two-sort-S5-RS-frame) m-set-is-two-sort-S5-RS-frame:two-sort-S5-RS-frame AtE-Inst-ST-frame-M(is two-sort-S5-RS-frame ?L)

proof (rule two-sort-S5-RS-frame.intro)show S5-RS-frame ?L using m-set-is-S5-RS-frame by auto

nextshow two-sort-S5-RS-frame-axioms ?Lproof

show carrier ?L 6= {} by autonext

show e-carrier ?L 6= {} by autonext

show ∀ r . r ∈ r-carrier ?L −→ r ⊆ (carrier ?L) by autonext

show ∀ s. s ∈ s-carrier ?L −→ s ⊆ carrier ?L by autoqed

qed

9.4 The Model satisfies the axioms of the locale S5-RS-2S-partial-order

theorem (in S5-RS-2S-partial-order) m-set-is-partial-order-M :S5-RS-2S-partial-order AtE-Inst-ST-frame-M(is S5-RS-2S-partial-order ?L)

proof (rule S5-RS-2S-partial-order .intro)show two-sort-S5-RS-frame ?L using m-set-is-two-sort-S5-RS-frame by auto

nextshow S5-RS-2S-partial-order-axioms ?Lproof

show∧

x . x ∈ carrier ?L =⇒ x v?L x by simpnextshow

∧x y . x v?L y =⇒ y v?L x =⇒ x ∈ carrier ?L =⇒ y ∈ carrier ?L =⇒

x = y by simpnext

show∧

x y z . x v?L y =⇒ y v?L z =⇒ x ∈ carrier ?L =⇒ y ∈ carrier ?L=⇒ z ∈ carrier ?L =⇒ x v?L z by simp

qedqed

121

9.5 The Model satisfies the axioms of the locale upper-semilattice

theorem (in upper-semilattice) m-set-is-upper-semilattice-M :upper-semilattice (AtE-Inst-ST-frame-M )(is upper-semilattice ?L)

proof (rule upper-semilattice.intro)show S5-RS-2S-partial-order ?L using m-set-is-partial-order-M by auto

nextshow upper-semilattice-axioms ?Lproof

show∧

x y . x ∈ carrier ?L =⇒ y ∈ carrier ?L =⇒ ∃ s. least ?L s (Upper ?L{x , y})

proof −fix xshow

∧y . x ∈ carrier ?L =⇒ y ∈ carrier ?L =⇒ ∃ s. least ?L s (Upper ?L

{x , y})proof−fix yshow x ∈ carrier ?L =⇒ y ∈ carrier ?L =⇒ ∃ s. least ?L s (Upper ?L {x ,

y})proof −

assume carr : x ∈ carrier ?L y ∈ carrier ?Lshow ∃ s. least ?L s (Upper ?L {x , y})proof −

from carr and leastUpperOfTwoExists-AtE-Inst-ST-frame-M haveleast ?L (

⋃{x , y}) (Upper ?L {x , y}) by autofrom this show ∃ s. least ?L s (Upper ?L {x , y}) by blast

qedqed

qedqed

qedqed

9.6 The Model satisfies the axioms of the locale complete-upper-semilattice

theorem (in complete-upper-semilattice) m-set-is-complete-upper-semilattice-M :complete-upper-semilattice (AtE-Inst-ST-frame-M )(is complete-upper-semilattice ?L)

proof (rule complete-upper-semilattice.intro)show upper-semilattice ?L using m-set-is-upper-semilattice-M by auto

nextshow complete-upper-semilattice-axioms ?Lproof

show∧

A. [[ A 6= {}; A ⊆ carrier ?L]] =⇒ ∃ s. least ?L s (Upper ?L A) usingleastUpperOfSetExists-AtE-Inst-ST-frame-M by force

qedqed

122

9.7 The Model satisfies the axioms of the locale partial-lower-semilattice

theorem (in partial-lower-semilattice) m-set-is-partial-lower-semilattice-M :partial-lower-semilattice (AtE-Inst-ST-frame-M )(is partial-lower-semilattice ?L)

proof (rule partial-lower-semilattice.intro)show S5-RS-2S-partial-order ?L using m-set-is-partial-order-M by auto

nextshow partial-lower-semilattice-axioms ?Lproof

show∧

x y . x ∈ carrier ?L =⇒ y ∈ carrier ?L =⇒ x .O?L y =⇒ ∃ s. greatest?L s (Lower ?L {x , y})

using greatestLowerOfTwoExists-M by blastqed

qed

9.8 The Model satisfies the axioms of the locale partial-lattice

theorem (in partial-lattice) m-set-is-partial-lattice-M :partial-lattice (AtE-Inst-ST-frame-M )(is partial-lattice ?L)

proof (rule partial-lattice.intro)show complete-upper-semilattice ?L using m-set-is-complete-upper-semilattice-M

by autonext

show partial-lower-semilattice ?L using m-set-is-partial-lower-semilattice-M byautoqed

9.9 The Model satisfies the axioms of the locale S5-RS-2S-GEM

theorem (in S5-RS-2S-GEM ) m-set-is-GEM-M :S5-RS-2S-GEM (AtE-Inst-ST-frame-M )(is S5-RS-2S-GEM ?L)

proof (rule S5-RS-2S-GEM .intro)show partial-lattice ?L using m-set-is-partial-lattice-M by auto

nextshow S5-RS-2S-GEM-axioms ?Lproof

show carrier ?L 6= {} by autonext

show∧

l . greatest ?L l (Lower ?L (carrier ?L)) =⇒ l /∈ carrier ?L usinggreatest-lower-not-in-carrier-M by blastnext

show∧

x y . x ∈ carrier ?L =⇒ y ∈ carrier ?L =⇒ x @?L y =⇒∃ z∈carrier ?L.¬ z .O?L x ∧ z t?L x = y using remainder-principle-M

by blast

123

qedqed

9.10 The Model satisfies the axioms of the locale TS-mereology

theorem (in TS-mereology) m-set-is-TS-mereology-M :TS-mereology AtE-Inst-ST-frame-M(is TS-mereology ?L)

proof (rule TS-mereology .intro)show S5-RS-2S-GEM ?L using m-set-is-GEM-M by auto

nextshow TS-mereology-axioms ?Lproof

show∧

i j u. [[i ∈ r-carrier ?L; j ∈ s-carrier ?L; u ∈ carrier ?L]] =⇒ (TS?Lu (RSC i j ) = (u ∈ j ))

proof −fix ishow

∧j u. [[i ∈ r-carrier ?L; j ∈ s-carrier ?L; u ∈ carrier ?L]] =⇒ (TS?L

u (RSC i j ) = (u ∈ j ))proof −

fix jshow

∧u. [[i ∈ r-carrier ?L; j ∈ s-carrier ?L; u ∈ carrier ?L]] =⇒ (TS?L

u (RSC i j ) = (u ∈ j ))proof −

fix ushow [[i ∈ r-carrier ?L; j ∈ s-carrier ?L; u ∈ carrier ?L]] =⇒ (TS?L u

(RSC i j ) = (u ∈ j ))proof −

assume carr : i ∈ r-carrier ?L j ∈ s-carrier ?L u ∈ carrier ?Lshow (TS?L u (RSC i j ) = (u ∈ j ))proof −

from carr have l0 : (j = ts-set-M-0 ) ∨ (j = ts-set-M-1 ) by simphave l1 : j = ts-set-M-0 =⇒ (TS?L u (RSC i j ) = (u ∈ j )) by simphave l2 : j = ts-set-M-1 =⇒ (TS?L u (RSC i j ) = (u ∈ j )) by simpfrom l0 l1 l2 show (TS?L u (RSC i j ) = (u ∈ j )) by auto

qedqed

qedqed

qednext

show∧

i j u v . [[i ∈ r-carrier ?L; j ∈ s-carrier ?L; u ∈ carrier ?L; v ∈ carrier?L;

TS?L u (RSC i j );TS?L v (RSC i j ); u .O?L v ]] =⇒ u = vproof −

fix i j u vassume carr : i ∈ r-carrier ?L j ∈ s-carrier ?L u ∈ carrier ?L v ∈ carrier

?Lassume ts-u: TS?L u (RSC i j ) and ts-v : TS?L v (RSC i j ) and O : u .O?L

124

vshow u = vproof (rule ccontr)

assume a: u 6= vshow Falseproof −

from carr have l0 : (j = ts-set-M-0 ) ∨ (j = ts-set-M-1 ) by simphave l1 : (j = ts-set-M-0 ) =⇒ Falseproof −

assume a1 : j = ts-set-M-0show Falseproof −

from ts-u have isTS-M u (RSC i j ) by simpfrom this and a1 have u: (u = ts0 ) ∨ (u = ts1 ) ∨ (u = ts2 ) by autofrom ts-v have isTS-M v (RSC i j ) by simpfrom this and a1 have v : (v = ts0 ) ∨ (v = ts1 ) ∨ (v = ts2 ) by autofrom a and a1 and u and v have ¬ (∃ uv . uv ∈ u ∧ uv ∈ v) by

autofrom this have ¬(u .O?L v) unfolding overlap-def by fastforcefrom this and O show False by auto

qedqedhave l2 : (j = ts-set-M-1 ) =⇒ Falseproof −


from ts-u have isTS-M u (RSC i j ) by simpfrom this and a1 have u: (u = ts0-M ) ∨ (u = ts1-M ) ∨ (u = ts2-M )

∨ (u = ts3-M ) by autofrom ts-v have isTS-M v (RSC i j ) by simpfrom this and a1 have v : (v = ts0-M ) ∨ (v = ts1-M ) ∨ (v = ts2-M )

∨ (v = ts3-M ) by autofrom a and a1 and u and v have ¬ (∃ uv . uv ∈ u ∧ uv ∈ v) by autofrom this have ¬(u .O?L v) unfolding overlap-def by fastforcefrom this and O show False by auto

qedqedfrom l0 l1 l2 show False by auto

qedqed

qednext

show∧

i j . [[i ∈ r-carrier ?L; j ∈ s-carrier ?L]] =⇒(∃ u v . u ∈ carrier ?L ∧ v ∈ carrier ?L ∧ TS?L u (RSC i j ) ∧ TS?L v

(RSC i j ) ∧ ¬(u .O?L v ))proof −

fix i jassume carr : i ∈ r-carrier ?L j ∈ s-carrier ?L

125

show (∃ u v . u ∈ carrier ?L ∧ v ∈ carrier ?L ∧ TS?L u (RSC i j ) ∧TS?L v (RSC i j ) ∧ ¬(u .O?L v ))

proof −from carr have l0 : (j = ts-set-M-0 ) ∨ (j = ts-set-M-1 ) by simp

have l1 : j = ts-set-M-0 =⇒ (∃ u v . u ∈ carrier ?L ∧ v ∈ carrier ?L ∧ TS?Lu (RSC i j ) ∧ TS?L v (RSC i j ) ∧ ¬(u .O?L v ))

proof −assume a1 : j = ts-set-M-0show (∃ u v . u ∈ carrier ?L ∧ v ∈ carrier ?L ∧ TS?L u (RSC i j ) ∧

TS?L v (RSC i j ) ∧ ¬(u .O?L v ))proof−

from a1 have l1 : isTS-M ts0 (RSC i j ) ∧ isTS-M ts1 (RSC i j ) byauto

have ¬(∃ z . z ∈ ts0 ∧ z ∈ ts1 ) by autofrom this have l2 : ¬(ts0 .O?L ts1 ) unfolding overlap-def by fastforce

have l3 : ts0 ∈ carrier ?L ∧ ts1 ∈ carrier ?L by simpfrom l1 and l2 and l3 have ts0 ∈ carrier ?L ∧ ts1 ∈ carrier ?L ∧

TS?L ts0 (RSC i j ) ∧ TS?L ts1 (RSC i j ) ∧ ¬ ts0 .O?L ts1 by forcefrom this show ∃ u v . u ∈ carrier ?L ∧ v ∈ carrier ?L ∧ TS?L u

(RSC i j ) ∧ TS?L v (RSC i j ) ∧ ¬ u .O?L v by blastqed

qedhave l2 : j = ts-set-M-1 =⇒ (∃ u v . u ∈ carrier ?L ∧ v ∈ carrier ?L ∧ TS?L

u (RSC i j ) ∧ TS?L v (RSC i j ) ∧ ¬(u .O?L v ))proof −

assume a1 : j = ts-set-M-1show (∃ u v . u ∈ carrier ?L ∧ v ∈ carrier ?L ∧ TS?L u (RSC i j ) ∧

TS?L v (RSC i j ) ∧ ¬(u .O?L v ))proof−

from a1 have l1 : isTS-M ts0-M (RSC i j ) ∧ isTS-M ts1-M (RSC ij ) by auto

have ¬(∃ z . z ∈ ts0-M ∧ z ∈ ts1-M ) by autofrom this have l2 : ¬(ts0-M .O?L ts1-M ) unfolding overlap-def by

fastforcehave l3 : ts0-M ∈ carrier ?L ∧ ts1-M ∈ carrier ?L by simpfrom l1 and l2 and l3 have ts0-M ∈ carrier ?L ∧ ts1-M ∈ carrier

?L ∧ TS?L ts0-M (RSC i j ) ∧ TS?L ts1-M (RSC i j ) ∧ ¬ ts0-M .O?L ts1-M byforce

from this show ∃ u v . u ∈ carrier ?L ∧ v ∈ carrier ?L ∧ TS?L u(RSC i j ) ∧ TS?L v (RSC i j ) ∧ ¬ u .O?L v by blast

qedqed

from l0 l1 l2 show ∃ u v . u ∈ carrier ?L ∧ v ∈ carrier ?L ∧ TS?L u (RSCi j ) ∧ TS?L v (RSC i j ) ∧ ¬ u .O?L v by fast

qedqednext

show∧

i j y . [[i ∈ r-carrier ?L; j ∈ s-carrier ?L; y ∈ carrier ?L]] =⇒ (∃ x . x∈ carrier ?L ∧ TS?L x (RSC i j ) ∧ x .O?L y)

126

proof −fix y i jassume carr : y ∈ carrier ?L i ∈ r-carrier ?L j ∈ s-carrier ?Lshow ∃ x . x ∈ carrier ?L ∧ TS?L x (RSC i j ) ∧ x .O?L yproof −

from carr have l0 : (j = ts-set-M-0 ) ∨ (j = ts-set-M-1 ) by simphave l1 : j = ts-set-M-0 =⇒ ∃ x . x ∈ carrier ?L ∧ TS?L x (RSC i j ) ∧ x

.O?L yproof −

assume a1 : j = ts-set-M-0show ∃ x . x ∈ carrier ?L ∧ TS?L x (RSC i j ) ∧ x .O?L yproof −

from Union-of-ts-eq-top-of-m-set-M-0 and carr have (∃ z . z ∈ y ∧ z∈ ts0 ) ∨ (∃ z . z ∈ y ∧ z ∈ ts1 ) ∨ (∃ z . z ∈ y ∧ z ∈ ts2 )

by (smt insertI1 mem-Collect-eq two-sort-RS-frame.select-convs(1 )subsetCE subset-empty subset-insert subset-insertI )

from this obtain z0 z1 z2 where (z0 ∈ y ∧ z0 ∈ ts0 ) ∨ (z1 ∈ y ∧z1 ∈ ts1 ) ∨ (z2 ∈ y ∧ z2 ∈ ts2 ) by blast

from this have ({z0} ∈ carrier ?L ∧ z0 ∈ y ∧ z0 ∈ ts0 ) ∨ ({z1} ∈carrier ?L ∧ z1 ∈ y ∧ z1 ∈ ts1 ) ∨ ({z2} ∈ carrier ?L ∧ z2 ∈ y ∧ z2 ∈ ts2 ) byauto

from this have ({z0} ∈ carrier ?L ∧ {z0} ⊆ y ∧ {z0} ⊆ ts0 ) ∨ ({z1}∈ carrier ?L ∧ {z1} ⊆ y ∧ {z1} ⊆ ts1 ) ∨ ({z2} ∈ carrier ?L ∧ {z2} ⊆ y ∧ {z2}⊆ ts2 ) by auto

from this have y .O?L ts0 ∨ y .O?L ts1 ∨ y .O?L ts2 unfoldingoverlap-def by (metis (no-types, lifting) porder-two-sort-RS-frame.select-convs(1 ))

from carr and this have y ∈ carrier ?L ∧ y .O?L ts0 ∨ y .O?L ts1∨ y .O?L ts2 by auto

from this and a1 have ts0 ∈ carrier ?L ∧ TS?L ts0 (RSC i j ) ∧ ts0.O?L y ∨ ts1 ∈ carrier ?L ∧ TS?L ts1 (RSC i j ) ∧ ts1 .O?L y ∨ ts2 ∈ carrier?L ∧ TS?L ts2 (RSC i j ) ∧ ts2 .O?L y using O-sym by force

from this and carr show ∃ x . x ∈ carrier ?L ∧ TS?L x (RSC i j ) ∧x .O?L y by blast

qedqedhave l2 : j = ts-set-M-1 =⇒ ∃ x . x ∈ carrier ?L ∧ TS?L x (RSC i j ) ∧ x

.O?L yproof −

assume a1 : j = ts-set-M-1show ∃ x . x ∈ carrier ?L ∧ TS?L x (RSC i j ) ∧ x .O?L yproof −

from Union-of-ts-eq-top-of-m-set-M-1 and carr have (∃ z . z ∈ y ∧ z∈ ts0-M ) ∨ (∃ z . z ∈ y ∧ z ∈ ts1-M ) ∨ (∃ z . z ∈ y ∧ z ∈ ts2-M ) ∨ (∃ z . z ∈ y ∧z ∈ ts3-M )

by (smt insertI1 mem-Collect-eq two-sort-RS-frame.select-convs(1 )subsetCE subset-empty subset-insert subset-insertI )

from this obtain z0 z1 z2 z3 where (z0 ∈ y ∧ z0 ∈ ts0-M ) ∨ (z1 ∈y ∧ z1 ∈ ts1-M ) ∨ (z2 ∈ y ∧ z2 ∈ ts2-M )∨ (z3 ∈ y ∧ z3 ∈ ts3-M ) by blast

from this have ({z0} ∈ carrier ?L ∧ z0 ∈ y ∧ z0 ∈ ts0-M ) ∨

127

({z1} ∈ carrier ?L ∧ z1 ∈ y ∧ z1 ∈ ts1-M ) ∨({z2} ∈ carrier ?L ∧ z2 ∈ y ∧ z2 ∈ ts2-M ) ∨({z3} ∈ carrier ?L ∧ z3 ∈ y ∧ z3 ∈ ts3-M ) by auto

from this have ({z0} ∈ carrier ?L ∧ {z0} ⊆ y ∧ {z0} ⊆ ts0-M ) ∨({z1} ∈ carrier ?L ∧ {z1} ⊆ y ∧ {z1} ⊆ ts1-M ) ∨({z2} ∈ carrier ?L ∧ {z2} ⊆ y ∧ {z2} ⊆ ts2-M ) ∨({z3} ∈ carrier ?L ∧ {z3} ⊆ y ∧ {z3} ⊆ ts3-M ) by auto

from this have y .O?L ts0-M ∨ y .O?L ts1-M ∨ y .O?Lts2-M ∨ y .O?L ts3-M unfolding overlap-def by (metis (no-types, lifting)porder-two-sort-RS-frame.select-convs(1 ))

from carr and this have y ∈ carrier ?L ∧ y .O?L ts0-M ∨ y .O?Lts1-M ∨ y .O?L ts2-M ∨ y .O?L ts3-M by auto

from this and a1 have ts0-M ∈ carrier ?L ∧ TS?L ts0-M (RSC ij ) ∧ ts0-M .O?L y ∨

ts1-M ∈ carrier ?L ∧ TS?L ts1-M (RSC i j ) ∧ts1-M .O?L y ∨

ts2-M ∈ carrier ?L ∧ TS?L ts2-M (RSC i j ) ∧ts2-M .O?L y ∨

ts3-M ∈ carrier ?L ∧ TS?L ts3-M (RSC i j ) ∧ts3-M .O?L y using O-sym by force

from this and carr show ∃ x . x ∈ carrier ?L ∧ TS?L x (RSC i j ) ∧x .O?L y by blast

qedqedfrom l0 l1 l2 show ∃ x . x ∈ carrier ?L ∧ TS?L x (RSC i j ) ∧ x .O?L y

by fastforceqed

qedqed

qed

9.11 The Model satisfies the axioms of the locale M-TS-mereology

theorem (in M-TS-mereology) m-set-is-M-TS-mereology-M :M-TS-mereology AtE-Inst-ST-frame-M(is M-TS-mereology ?L)

proof (rule M-TS-mereology .intro)show TS-mereology ?L using m-set-is-TS-mereology-M by auto

nextshow M-TS-mereology-axioms ?Lproof

show∧

x y i j . [[SIMU ?L x y (RSC i j ); x ∈ carrier ?L; y ∈ carrier ?L;x6=y ; i ∈ r-carrier ?L; j ∈ s-carrier ?L]] =⇒ (∃ jj . jj ∈ s-carrier ?L ∧ j S?L jj ∧¬(SIMU ?L x y (RSC i jj )))

proof −fix xshow

∧y i j . [[SIMU ?L x y (RSC i j ); x ∈ carrier ?L; y ∈ carrier ?L;x

6=y ; i ∈ r-carrier ?L; j ∈ s-carrier ?L]] =⇒ (∃ jj . jj ∈ s-carrier ?L ∧ j S?L jj ∧

128

¬(SIMU ?L x y (RSC i jj )))proof −fix yshow

∧i j . [[SIMU ?L x y (RSC i j ); x ∈ carrier ?L; y ∈ carrier ?L;x 6=y ; i ∈

r-carrier ?L; j ∈ s-carrier ?L]] =⇒ (∃ jj . jj ∈ s-carrier ?L ∧ j S?L jj ∧ ¬(SIMU ?Lx y (RSC i jj )))

proof −fix ishow

∧j . [[SIMU ?L x y (RSC i j ); x ∈ carrier ?L; y ∈ carrier ?L;x 6=y ; i ∈

r-carrier ?L; j ∈ s-carrier ?L]] =⇒ (∃ jj . jj ∈ s-carrier ?L ∧ j S?L jj ∧ ¬(SIMU ?Lx y (RSC i jj )))

proof −fix j

show [[SIMU ?L x y (RSC i j ); x ∈ carrier ?L; y ∈ carrier ?L; x 6=y ; i ∈r-carrier ?L; j ∈ s-carrier ?L]] =⇒ (∃ jj . jj ∈ s-carrier ?L ∧ j S?L jj ∧ ¬(SIMU ?Lx y (RSC i jj )))

proof−assume carr : x ∈ carrier ?L y ∈ carrier ?L i ∈ r-carrier ?L j ∈ s-carrier

?Lassume neq : x 6= yassume SIMU : SIMU ?L x y (RSC i j )show (∃ jj . jj ∈ s-carrier ?L ∧ j S?L jj ∧ ¬(SIMU ?L x y (RSC i jj )))proof −

from carr have lj : (j = ts-set-M-0 ) ∨ (j = ts-set-M-1 ) by simphave lj1 : j = ts-set-M-0 =⇒ (∃ jj . jj ∈ s-carrier ?L ∧ j S?L jj ∧ ¬(SIMU ?L

x y (RSC i jj )))proof−

assume a1 : j = ts-set-M-0show (∃ jj . jj ∈ s-carrier ?L ∧ j S?L jj ∧ ¬(SIMU ?L x y (RSC i jj )))proof −

from SIMU and a1 have SIMU ?L x y (RSC i j ) by autofrom this and a1 have (∃ z . z ∈ carrier ?L ∧ TS?L z (RSC i j ) ∧ x

v?L z ∧ y v?L z ) ∧x ∈ carrier ?L ∧ y ∈ carrier ?L ∧ i ∈ r-carrier ?L ∧ j ∈

s-carrier ?L by (simp add :SIMU-def )from this obtain z where lz0 : z ∈ carrier ?L ∧ isTS-M z (RSC i j )

∧ x ⊆ z ∧ y ⊆ z ∧x ∈ m-set ∧ y ∈ m-set ∧ i ∈ r-carrier ?L ∧ j ∈ s-carrier

?L by autofrom a1 lz0 have lz00 : z = ts0 ∨ z = ts1 ∨ z = ts2 by simpfrom lz0 have lzX : x 6= {} ∧ x ⊆ top-of-m-set ∧ x ⊆ z by fastforcefrom lz0 have lzY : y 6= {} ∧ y ⊆ top-of-m-set ∧ y ⊆ z by fastforcehave lz01 : z = ts0 =⇒ ∃ jj . jj ∈ s-carrier ?L ∧ j S?L jj ∧ ¬(SIMU ?L

x y (RSC i jj ))proof −

assume a2 : z = ts0show (∃ jj . jj ∈ s-carrier ?L ∧ j S?L jj ∧ ¬(SIMU ?L x y (RSC i jj )))

proof −from a2 and lzX have lx0 : x = A-00 ∨ x = A-10 ∨ x = ts0 by

129

forcehave lxy1 : x = A-00 =⇒ ∃ jj . jj ∈ s-carrier ?L ∧ j S?L jj ∧

¬(SIMU ?L x y (RSC i jj ))proof −

assume a3 : x = A-00show ∃ jj . jj ∈ s-carrier ?L ∧ j S?L jj ∧ ¬(SIMU ?L x y (RSC i

jj ))proof (rule exI [of λjj . jj ∈ s-carrier ?L ∧ j S?L jj ∧ ¬(SIMU ?L

x y (RSC i jj )) ts-set-M-1 ], rule conjI )show ts-set-M-1 ∈ s-carrier ?L by simp

nextshow j S?L ts-set-M-1 ∧ ¬(SIMU ?L x y (RSC i ts-set-M-1 ))proof

from a1 show j S?L ts-set-M-1 by autonext

show ¬(SIMU ?L x y (RSC i ts-set-M-1 ))proof

assume a4 : SIMU ?L x y (RSC i ts-set-M-1 )show Falseproof −

from a3 and a4 have l-a00 : SIMU ?L x y (RSC its-set-M-1 ) by simp

from a3 a2 and lzY have ly0 : y = x ∨ y = A-10 ∨ y= ts0 by force

from a3 and neq have ly1 : y = x =⇒ False by forcehave ly2 : y = A-10 =⇒ Falseproof −

assume a5 : y = A-10show False

proof −from a5 and l-a00 have l-simu: SIMU ?L x y (RSC

i ts-set-M-1 ) by simpfrom this have (∃ z . z ∈ carrier ?L ∧ TS?L z (RSC

i ts-set-M-1 ) ∧ x v?L z ∧ y v?L z ) ∧x ∈ carrier ?L ∧ y ∈ carrier ?L ∧ i ∈ r-carrier ?L

∧ ts-set-M-1 ∈ s-carrier ?L by (simp add :SIMU-def )from this obtain zz where lzz : zz ∈ carrier ?L ∧

TS?L zz (RSC i ts-set-M-1 ) ∧ x v?L zz ∧ y v?L zz ∧x ∈ carrier ?L ∧ y ∈ carrier ?L ∧ i ∈ r-carrier

?L ∧ ts-set-M-1 ∈ s-carrier ?L by autofrom this and ly0 have lzz0 : zz = ts0-M ∨ zz =

ts1-M ∨ zz = ts2-M ∨ zz = ts3-M by simpfrom a3 and a5 and lzz have lzz00 : x ⊆ ts0-M ∧ y

⊆ ts0-M =⇒ False using Abs-Tcoord-inject neq by autofrom a3 and a5 and lzz have lzz01 :x ⊆ ts1-M ∧ y



130

⊆ ts3-M =⇒ False using Abs-Tcoord-inject neq by autofrom lzz0 lzz00 lzz01 lzz02 lzz03 have x ⊆ zz ∧ y ⊆

zz =⇒ False by forcefrom this and lzz show False by auto

qedqed

have ly3 : y = ts0 =⇒ Falseproof −

assume a5 : y = ts0show False







ts1-M ∨ zz = ts2-M ∨ zz = ts3-M by simpfrom a5 and lzz have lzz00 : y ⊆ ts0-M =⇒ False

using ly2 by blastfrom a5 and lzz have lzz01 : y ⊆ ts1-M =⇒ False

using Abs-Tcoord-inject a3 neq by autofrom a5 and lzz have lzz02 : y ⊆ ts2-M =⇒ False


using Abs-Tcoord-inject a3 neq by autofrom lzz0 lzz00 lzz01 lzz02 lzz03 have x ⊆ zz ∧ y ⊆


qedqedfrom ly0 ly1 ly2 ly3 show False by auto

qedqed

qedqed

qedhave lxy2 : x = A-10 =⇒ ∃ jj . jj ∈ s-carrier ?L ∧ j S?L jj ∧




131






















qedqed


132















qedqed

qedqed

qedhave lxy3 : x = ts0 =⇒ ∃ jj . jj ∈ s-carrier ?L ∧ j S?L jj ∧


assume a3 : x = ts0show ∃ jj . jj ∈ s-carrier ?L ∧ j S?L jj ∧ ¬(SIMU ?L x y (RSC i





show ¬(SIMU ?L x y (RSC i ts-set-M-1 ))

133

proofassume a4 : SIMU ?L x y (RSC i ts-set-M-1 )show Falseproof −


from a3 a2 and lzY have ly0 : y = x ∨ y = A-00 ∨ y= A-10 by force















qedqed

have ly3 : y = A-10 =⇒ Falseproof −





134











qedqed

qedqed

qedfrom lx0 lxy1 lxy2 lxy3 show ∃ jj . jj ∈ s-carrier ?L ∧ j S?L jj

∧ ¬(SIMU ?L x y (RSC i jj )) by forceqed

qedhave lz02 : z = ts1 =⇒ ∃ jj . jj ∈ s-carrier ?L ∧ j S?L jj ∧ ¬(SIMU ?L









nextshow j S?L ts-set-M-1 ∧ ¬(SIMU ?L x y (RSC i ts-set-M-1 ))

135

prooffrom a1 show j S?L ts-set-M-1 by auto

nextshow ¬(SIMU ?L x y (RSC i ts-set-M-1 ))proof


















qedqed




136













qedqed

qedqed










137

















qedqed








138









qedqed

qedqed













assume a5 : y = A-01

139

show Falseproof −from a5 and l-a00 have l-simu: SIMU ?L x y (RSC












qedqed












140





qedqed

qedqed



qedhave lz03 : z = ts2 =⇒ ∃ jj . jj ∈ s-carrier ?L ∧ j S?L jj ∧ ¬(SIMU ?L















141















qedqed










142







qedqed

qedqed















i ts-set-M-1 ) by simp

143

from this have (∃ z . z ∈ carrier ?L ∧ TS?L z (RSCi ts-set-M-1 ) ∧ x v?L z ∧ y v?L z ) ∧

x ∈ carrier ?L ∧ y ∈ carrier ?L ∧ i ∈ r-carrier ?L∧ ts-set-M-1 ∈ s-carrier ?L by (simp add :SIMU-def )

from this obtain zz where lzz : zz ∈ carrier ?L ∧TS?L zz (RSC i ts-set-M-1 ) ∧ x v?L zz ∧ y v?L zz ∧

x ∈ carrier ?L ∧ y ∈ carrier ?L ∧ i ∈ r-carrier?L ∧ ts-set-M-1 ∈ s-carrier ?L by auto

from this and ly0 have lzz0 : zz = ts0-M ∨ zz =ts1-M ∨ zz = ts2-M ∨ zz = ts3-M by simp

from a3 and a5 and lzz have lzz00 : x ⊆ ts0-M ∧ y⊆ ts0-M =⇒ False using Abs-Tcoord-inject neq by auto

from a3 and a5 and lzz have lzz01 :x ⊆ ts1-M ∧ y⊆ ts1-M =⇒ False using Abs-Tcoord-inject neq by auto



from lzz0 lzz00 lzz01 lzz02 lzz03 have x ⊆ zz ∧ y ⊆zz =⇒ False by force

from this and lzz show False by autoqed

qedhave ly3 : y = ts2 =⇒ Falseproof −













144



qedqed

qedqed



















?L ∧ ts-set-M-1 ∈ s-carrier ?L by auto

145

from this and ly0 have lzz0 : zz = ts0-M ∨ zz =ts1-M ∨ zz = ts2-M ∨ zz = ts3-M by simp

from a3 and a5 and lzz have lzz00 : x ⊆ ts0-M ∧ y⊆ ts0-M =⇒ False using Abs-Tcoord-inject neq by auto




from lzz0 lzz00 lzz01 lzz02 lzz03 have x ⊆ zz ∧ y ⊆zz =⇒ False by force


qedhave ly3 : y = A-12 =⇒ Falseproof −















qedqed

qed

146

qedqedfrom lx0 lxy1 lxy2 lxy3 show ∃ jj . jj ∈ s-carrier ?L ∧ j S?L jj


qedfrom lz00 lz01 lz02 lz03 show ∃ jj . jj ∈ s-carrier ?L ∧ j S?L jj ∧

¬(SIMU ?L x y (RSC i jj )) by autoqed

qedhave lj2 : j = ts-set-M-1 =⇒ (∃ jj . jj ∈ s-carrier ?L ∧ j S?L jj ∧ ¬(SIMU ?L

x y (RSC i jj )))proof−

assume a1 : j = ts-set-M-1show (∃ jj . jj ∈ s-carrier ?L ∧ j S?L jj ∧ ¬(SIMU ?L x y (RSC i jj )))proof −

from SIMU and a1 have SIMU ?L x y (RSC i j ) by autofrom this and a1 have (∃ z . z ∈ carrier ?L ∧ TS?L z (RSC i j ) ∧ x

v?L z ∧ y v?L z ) ∧x ∈ carrier ?L ∧ y ∈ carrier ?L ∧ i ∈ r-carrier ?L ∧ j ∈

s-carrier ?L by (simp add :SIMU-def )from this obtain z where lz0 : z ∈ carrier ?L ∧ isTS-M z (RSC i j )

∧ x ⊆ z ∧ y ⊆ z ∧x ∈ m-set ∧ y ∈ m-set ∧ i ∈ r-carrier ?L ∧ j ∈ s-carrier

?L by autofrom a1 lz0 have lz00 : z = ts0-M ∨ z = ts1-M ∨ z = ts2-M ∨ z =

ts3-M by simpfrom lz0 have lzX : x 6= {} ∧ x ⊆ top-of-m-set ∧ x ⊆ z by fastforcefrom lz0 have lzY : y 6= {} ∧ y ⊆ top-of-m-set ∧ y ⊆ z by fastforce

have lz01 : z = ts0-M =⇒ ∃ jj . jj ∈ s-carrier ?L ∧ j S?L jj ∧ ¬(SIMU ?Lx y (RSC i jj ))

proof −assume a2 : z = ts0-M

show (∃ jj . jj ∈ s-carrier ?L ∧ j S?L jj ∧ ¬(SIMU ?L x y (RSC i jj )))proof −

from a2 and lzX have lx0 : x = A-10 by forcehave lxy1 : x = A-10 =⇒ ∃ jj . jj ∈ s-carrier ?L ∧ j S?L jj ∧






from a1 show j S?L ts-set-M-0 by auto

147




from a3 a2 and lzY have ly0 : y = x by forcefrom a3 and neq have ly1 : y = x =⇒ False by forcefrom ly0 ly1 show False by auto

qedqed

qedqed

qedfrom lx0 and lxy1 show (∃ jj . jj ∈ s-carrier ?L ∧ j S?L jj ∧

¬(SIMU ?L x y (RSC i jj ))) by autoqed

qedhave lz02 : z = ts1-M =⇒ ∃ jj . jj ∈ s-carrier ?L ∧ j S?L jj ∧ ¬(SIMU ?L


assume a2 : z = ts1-Mshow (∃ jj . jj ∈ s-carrier ?L ∧ j S?L jj ∧ ¬(SIMU ?L x y (RSC i jj )))

proof −from a2 and lzX have lx0 : x = A-00 ∨ x = A-11 ∨ x = ts1-M

by forcehave lxy1 : x = A-00 =⇒ ∃ jj . jj ∈ s-carrier ?L ∧ j S?L jj ∧










148

from a3 a2 and lzY have ly0 : y = x ∨ y = A-11 ∨ y= ts1-M by force








?L ∧ ts-set-M-0 ∈ s-carrier ?L by autofrom this and ly0 have lzz0 : zz = ts0 ∨ zz = ts1 ∨

zz = ts2 by simpfrom a3 and a5 and lzz have lzz00 : x ⊆ ts0 ∧ y ⊆

ts0 =⇒ False using Abs-Tcoord-inject neq by autofrom a3 and a5 and lzz have lzz01 :x ⊆ ts1 ∧ y ⊆


ts2 =⇒ False using Abs-Tcoord-inject neq by autofrom lzz0 lzz00 lzz01 lzz02 have x ⊆ zz ∧ y ⊆ zz

=⇒ False by forcefrom this and lzz show False by auto

qedqed

have ly3 : y = ts1-M =⇒ Falseproof −

assume a5 : y = ts1-Mshow False







zz = ts2 by simpfrom a5 and lzz have lzz00 : y ⊆ ts0 =⇒ False

149

using Abs-Tcoord-inject a3 neq by autofrom a5 and lzz have lzz01 : y ⊆ ts1 =⇒ False


using Abs-Tcoord-inject a3 neq by autofrom lzz0 lzz00 lzz01 lzz02 have x ⊆ zz ∧ y ⊆ zz



qedqed

qedqed
















i ts-set-M-0 ) ∧ x v?L z ∧ y v?L z ) ∧

150




from this and ly0 have lzz0 : zz = ts0 ∨ zz = ts1 ∨zz = ts2 by simp

from a3 and a5 and lzz have lzz00 : x ⊆ ts0 ∧ y ⊆ts0 =⇒ False using Abs-Tcoord-inject neq by auto

from a3 and a5 and lzz have lzz01 :x ⊆ ts1 ∧ y ⊆ts1 =⇒ False using Abs-Tcoord-inject neq by auto


from lzz0 lzz00 lzz01 lzz02 have x ⊆ zz ∧ y ⊆ zz=⇒ False by force


qedhave ly3 : y = ts1-M =⇒ Falseproof −














qed

151

qedqed

qedqedhave lxy3 : x = ts1-M =⇒ ∃ jj . jj ∈ s-carrier ?L ∧ j S?L jj ∧


assume a3 : x = ts1-Mshow ∃ jj . jj ∈ s-carrier ?L ∧ j S?L jj ∧ ¬(SIMU ?L x y (RSC i



















ts1 =⇒ False using Abs-Tcoord-inject neq by auto

152




qedhave ly3 : y = A-11 =⇒ Falseproof −














qedqed

qedqed



qedhave lz03 : z = ts2-M =⇒ ∃ jj . jj ∈ s-carrier ?L ∧ j S?L jj ∧ ¬(SIMU ?L


assume a2 : z = ts2-M

153

show (∃ jj . jj ∈ s-carrier ?L ∧ j S?L jj ∧ ¬(SIMU ?L x y (RSC i jj )))proof −from a2 and lzX have lx0 : x = A-01 ∨ x = A-12 ∨ x = ts2-M

by forcehave lxy1 : x = A-01 =⇒ ∃ jj . jj ∈ s-carrier ?L ∧ j S?L jj ∧





















ts1 =⇒ False using Abs-Tcoord-inject neq by auto

154




qedhave ly3 : y = ts2-M =⇒ Falseproof −














qedqed

qedqed





x y (RSC i jj )) ts-set-M-0 ], rule conjI )

155

show ts-set-M-0 ∈ s-carrier ?L by simpnext

show j S?L ts-set-M-0 ∧ ¬(SIMU ?L x y (RSC i ts-set-M-0 ))proof



















qedqed

have ly3 : y = ts2-M =⇒ Falseproof −


proof −

156

from a5 and l-a00 have l-simu: SIMU ?L x y (RSCi ts-set-M-0 ) by simp

from this have (∃ z . z ∈ carrier ?L ∧ TS?L z (RSCi ts-set-M-0 ) ∧ x v?L z ∧ y v?L z ) ∧




from this and ly0 have lzz0 : zz = ts0 ∨ zz = ts1 ∨zz = ts2 by simp

from a5 and lzz have lzz00 : y ⊆ ts0 =⇒ Falseusing Abs-Tcoord-inject a3 neq by auto





qedfrom ly0 ly1 ly2 ly3 show False by auto

qedqed

qedqed

qedhave lxy3 : x = ts2-M =⇒ ∃ jj . jj ∈ s-carrier ?L ∧ j S?L jj ∧


assume a3 : x = ts2-Mshow ∃ jj . jj ∈ s-carrier ?L ∧ j S?L jj ∧ ¬(SIMU ?L x y (RSC i







from a3 and a4 have l-a00 : SIMU ?L x y (RSC i

157

ts-set-M-0 ) by simpfrom a3 a2 and lzY have ly0 : y = x ∨ y = A-01 ∨ y

= A-12 by forcefrom a3 and neq have ly1 : y = x =⇒ False by forcehave ly2 : y = A-01 =⇒ Falseproof −













qedqed









zz = ts2 by simp

158

from a3 and a5 and lzz have lzz00 : x ⊆ ts0 ∧ y ⊆ts0 =⇒ False using Abs-Tcoord-inject neq by auto





qedfrom ly0 ly1 ly2 ly3 show False by auto

qedqed

qedqed



qedhave lz04 : z = ts3-M =⇒ ∃ jj . jj ∈ s-carrier ?L ∧ j S?L jj ∧


assume a2 : z = ts3-Mshow (∃ jj . jj ∈ s-carrier ?L ∧ j S?L jj ∧ ¬(SIMU ?L x y (RSC i

jj )))proof −

from a2 and lzX have lx0 : x = A-02 by forcehave lxy1 : x = A-02 =⇒ ∃ jj . jj ∈ s-carrier ?L ∧ j S?L jj ∧


assume a3 : x = A-02show ∃ jj . jj ∈ s-carrier ?L ∧ j S?L jj ∧ ¬(SIMU ?L x y

(RSC i jj ))proof (rule exI [of λjj . jj ∈ s-carrier ?L ∧ j S?L jj ∧

¬(SIMU ?L x y (RSC i jj )) ts-set-M-0 ], rule conjI )show ts-set-M-0 ∈ s-carrier ?L by simp

nextshow j S?L ts-set-M-0 ∧ ¬(SIMU ?L x y (RSC i ts-set-M-0 ))

prooffrom a1 show j S?L ts-set-M-0 by auto



from a3 and a4 have l-a00 : SIMU ?L x y (RSC i

159

ts-set-M-0 ) by simpfrom a3 a2 and lzY have ly0 : y = x by forcefrom a3 and neq have ly1 : y = x =⇒ False by forcefrom ly0 ly1 show False by auto

qedqed

qedqed

qedfrom lx0 and lxy1 show (∃ jj . jj ∈ s-carrier ?L ∧ j S?L jj ∧

¬(SIMU ?L x y (RSC i jj ))) by autoqed

qedfrom lz00 lz01 lz02 lz03 lz04 show ∃ jj . jj ∈ s-carrier ?L ∧ j S?L

jj ∧ ¬(SIMU ?L x y (RSC i jj )) by autoqed

qedfrom lj lj1 lj2 show (∃ jj . jj ∈ s-carrier ?L ∧ j S?L jj ∧ ¬(SIMU ?L

x y (RSC i jj ))) by autoqed

qedqed

qedqed

qedqedqed

9.12 The Model satisfies the axioms of the locale Inst-TS-mereology

theorem (in Inst-TS-mereology) m-set-is-Inst-TS-mereology :Inst-TS-mereology AtE-Inst-ST-frame-M(is Inst-TS-mereology ?L)

proof (rule Inst-TS-mereology .intro)show TS-mereology ?L using m-set-is-TS-mereology-M by auto

nextshow Inst-TS-mereology-axioms ?Lproof

show∧

x y u i j ii jj yy uu. [[(Inst?L x y u (RSC i j ));i R?L ii ;j S?L jj ; x ∈e-carrier ?L; y ∈ e-carrier ?L;

yy ∈ e-carrier ?L; u ∈ carrier ?L; uu ∈ carrier ?L;i ∈ r-carrier ?L; ii ∈ r-carrier ?L; j ∈ s-carrier ?L; jj ∈

s-carrier ?L]]=⇒ ¬(Inst?L yy x uu (RSC ii jj ))

proof −fix x y u i j ii jj yy uushow [[(Inst?L x y u (RSC i j ));i R?L ii ;j S?L jj ; x ∈ e-carrier ?L; y ∈

e-carrier ?L;

160

yy ∈ e-carrier ?L; u ∈ carrier ?L; uu ∈ carrier ?L;i ∈ r-carrier ?L; ii ∈ r-carrier ?L; j ∈ s-carrier ?L; jj ∈

s-carrier ?L]]=⇒ ¬(Inst?L yy x uu (RSC ii jj ))

proofassume inst0 : Inst?L x y u (RSC i j ) and inst1 :(Inst?L yy x uu (RSC ii

jj ))assume rs: i R?L ii j S?L jjassume carr : x ∈ e-carrier ?L y ∈ e-carrier ?L yy ∈ e-carrier ?L u ∈

carrier ?L uu ∈ carrier ?Li ∈ r-carrier ?L ii ∈ r-carrier ?L j ∈ s-carrier ?L jj ∈

s-carrier ?Lshow Falseproof −

from carr inst0 have x0 : x=At-0 ∨ x=At-1 ∨ x=Compl-0 ∨ x = Oc-0∨ x = Oc-1 ∨ x = Oc-2 using isInst-M-e1-impl-possibleParticulars by auto

from inst1 have x00 : x=At-0 =⇒ False unfolding isInst-M-def by forcefrom inst1 have x01 : x=At-1 =⇒ False unfolding isInst-M-def by forcefrom inst1 have x02 : x=Compl-0 =⇒ False unfolding isInst-M-def by

forcefrom inst1 have x03 : x=Oc-0 =⇒ False unfolding isInst-M-def by forcefrom inst1 have x04 : x=Oc-1 =⇒ False unfolding isInst-M-def by forcefrom inst1 have x05 : x=Oc-2 =⇒ False unfolding isInst-M-def by forcefrom x0 x00 x01 x02 x03 x04 x05 show False by force

qedqed

qednext

show∧

x y u i j . [[Inst?L x y u (RSC i j );x ∈ e-carrier ?L; y ∈ e-carrier ?L;u ∈ carrier ?L;

i ∈ r-carrier ?L; j ∈ s-carrier ?L]] =⇒ (SR?L u (RSC i j ) ∨TR?L u (RSC i j ))

proof−fix x y u i jassume inst : Inst?L x y u (RSC i j )assume carr : x ∈ e-carrier ?L y ∈ e-carrier ?L u ∈ carrier ?L

i ∈ r-carrier ?L j ∈ s-carrier ?Lshow (SR?L u (RSC i j ) ∨ TR?L u (RSC i j ))proof −

from carr inst have x0 : x=At-0 ∨ x=At-1 ∨ x=Compl-0 ∨ x = Oc-0 ∨x = Oc-1 ∨ x = Oc-2 using isInst-M-e1-impl-possibleParticulars by auto

have x00 : x=At-0 =⇒ (SR?L u (RSC i j ) ∨ TR?L u (RSC i j ))proof −

assume a: x=At-0show (SR?L u (RSC i j ) ∨ TR?L u (RSC i j ))proof −

from a have l0 : inst-at-M x = {A-00 ,A-01 ,A-02} unfoldinginst-at-M-def by auto

from l0 have uuu: u ∈ inst-at-M x =⇒ (u ∈ SR-set-M-0 ∨ u ∈

161

SR-set-M-1 ) by forcefrom inst have u ∈ inst-at-M x using isInst-M-u-inst-at-M by forcefrom this and uuu have uu: (u ∈ SR-set-M-0 ∨ u ∈ SR-set-M-1 ) by

autofrom carr have jj : (j = ts-set-M-0 ) ∨ (j = ts-set-M-1 ) by simphave uu-jj-0 : [[u ∈ SR-set-M-0 ;j = ts-set-M-0 ]] =⇒ SR?L u (RSC i j )

∨ TR?L u (RSC i j )proof−

assume a1 : u ∈ SR-set-M-0 j = ts-set-M-0from a1 and carr show SR?L u (RSC i j ) ∨ TR?L u (RSC i j ) using

inSR-set-M-0-impl-SR by mesonqedhave uu-jj-1 : [[u ∈ SR-set-M-0 ;j = ts-set-M-1 ]] =⇒ SR?L u (RSC i j )


assume a1 : u ∈ SR-set-M-0assume a2 : j = ts-set-M-1

show SR?L u (RSC i j ) ∨ TR?L u (RSC i j )proof −

from a1 have uu: u ∈ m-set-atoms ∨ u ∈ ts-set-M-0 by fasthave uu0 : u ∈ m-set-atoms =⇒ SR?L u (RSC i j ) ∨ TR?L u (RSC

i j )proof −

assume a3 : u ∈ m-set-atomsshow SR?L u (RSC i j ) ∨ TR?L u (RSC i j )proof −

from a3 have u ∈ SR-set-M-1 by fastfrom carr a2 this show SR?L u (RSC i j ) ∨ TR?L u (RSC i j )

using inSR-set-M-1-impl-SR by mesonqed

qedhave uu1 : u ∈ ts-set-M-0 =⇒ SR?L u (RSC i j ) ∨ TR?L u (RSC i

j )proof −

assume a3 : u ∈ ts-set-M-0show SR?L u (RSC i j ) ∨ TR?L u (RSC i j )proof −

from inst have l2 : u ∈ inst-at-M x using isInst-M-u-inst-at-Mby force

from this and l0 have u ∈ {A-00 ,A-01 ,A-02} by forcefrom this have u /∈ ts-set-M-0 by autofrom this and a3 have False by auto

from this show SR?L u (RSC i j ) ∨ TR?L u (RSC i j ) by autoqed

qedfrom uu uu0 uu1 show SR?L u (RSC i j ) ∨ TR?L u (RSC i j ) by

forceqed

qed

162

have uu-jj-2 : [[u ∈ SR-set-M-1 ;j = ts-set-M-1 ]] =⇒ SR?L u (RSC i j )∨ TR?L u (RSC i j )

proof−assume a1 : u ∈ SR-set-M-1 j = ts-set-M-1

from a1 and carr show SR?L u (RSC i j ) ∨ TR?L u (RSC i j ) usinginSR-set-M-1-impl-SR by meson

qedhave uu-jj-3 : [[u ∈ SR-set-M-1 ;j = ts-set-M-0 ]] =⇒ SR?L u (RSC i j )





i j )proof −





j )proof −



from this and l0 have u ∈ {A-00 ,A-01 ,A-02} by forcefrom this have u0 : u ∈ {A-00 ,A-01} ∨ u = A-02 by autohave u1 : u = A-02 =⇒ SR?L u (RSC i j ) ∨ TR?L u (RSC i j )proof−

assume a4 : u = A-02show SR?L u (RSC i j ) ∨ TR?L u (RSC i j )

proof−from a4 have u ∈ SR-set-M-0 by autofrom carr a2 this show SR?L u (RSC i j ) ∨ TR?L u (RSC

i j ) using inSR-set-M-0-impl-SR by mesonqed

qedhave u2 : u ∈ {A-00 ,A-01} =⇒ SR?L u (RSC i j ) ∨ TR?L u

(RSC i j )proof−

163

assume a4 : u ∈ {A-00 ,A-01}show SR?L u (RSC i j ) ∨ TR?L u (RSC i j )proof−have ll0 : A-00 6= ts0-M using A00-A10-partition-ts0 by blasthave ll1 :A-00 6= ts1-M using Abs-Tcoord-inject by autohave ll2 :A-00 6= ts2-M using Abs-Tcoord-inject by autohave ll3 :A-00 6= ts3-M using Abs-Tcoord-inject by autohave ll4 :A-01 6= ts0-M using Abs-Tcoord-inject by autohave ll5 :A-01 6= ts1-M using Abs-Tcoord-inject by autohave ll6 :A-01 6= ts2-M using Abs-Tcoord-inject by autohave ll7 :A-01 6= ts3-M using Abs-Tcoord-inject by autofrom a4 ll0 ll1 ll2 ll3 ll4 ll5 ll6 ll7 have u /∈ ts-set-M-1 by

autofrom this and a3 have False by autofrom this show SR?L u (RSC i j ) ∨ TR?L u (RSC i j ) by

autoqed

qedfrom u0 u1 u2 show SR?L u (RSC i j ) ∨ TR?L u (RSC i j )

by autoqed


forceqed

qedfrom uu jj uu-jj-0 uu-jj-1 uu-jj-2 uu-jj-3 show SR?L u (RSC i j ) ∨

TR?L u (RSC i j ) by argoqed

qedhave x01 : x=At-1 =⇒ (SR?L u (RSC i j ) ∨ TR?L u (RSC i j ))proof −

assume a: x=At-1show (SR?L u (RSC i j ) ∨ TR?L u (RSC i j ))proof −


from l0 have uuu: u ∈ inst-at-M x =⇒ (u ∈ SR-set-M-0 ∨ u ∈SR-set-M-1 ) by force

from inst have l2 : u ∈ inst-at-M x using isInst-M-u-inst-at-M by force

from this and uuu have uu: (u ∈ SR-set-M-0 ∨ u ∈ SR-set-M-1 ) byauto

from carr have jj : (j = ts-set-M-0 ) ∨ (j = ts-set-M-1 ) by simphave uu-jj-0 : [[u ∈ SR-set-M-0 ;j = ts-set-M-0 ]] =⇒ SR?L u (RSC i j )proof−

assume a1 : u ∈ SR-set-M-0 j = ts-set-M-0from a1 and carr show SR?L u (RSC i j ) using inSR-set-M-0-impl-SR

by meson

164






i j )proof −





j )proof −


from l2 and l0 have u ∈ {A-10 ,A-11 ,A-12} by forcefrom this have u /∈ ts-set-M-0 by autofrom this and a3 have False by auto

from this show SR?L u (RSC i j ) ∨ TR?L u (RSC i j ) by autoqed


forceqed







show SR?L u (RSC i j ) ∨ TR?L u (RSC i j )

165

proof −from a1 have uu: u ∈ m-set-atoms ∨ u ∈ ts-set-M-1 by fasthave uu0 : u ∈ m-set-atoms =⇒ SR?L u (RSC i j ) ∨ TR?L u (RSC

i j )proof −





j )proof −


from l2 and l0 have u ∈ {A-10 ,A-11 ,A-12} by forcefrom this have u0 : u ∈ {A-11 ,A-12} ∨ u = A-10 by autohave u1 : u = A-10 =⇒ SR?L u (RSC i j ) ∨ TR?L u (RSC i j )proof−

assume a4 : u = A-10show SR?L u (RSC i j ) ∨ TR?L u (RSC i j )

proof−from a4 have u ∈ SR-set-M-0 by autofrom carr a2 this show SR?L u (RSC i j ) ∨ TR?L u (RSC

i j ) using inSR-set-M-0-impl-SR by mesonqed

qedhave u2 : u ∈ {A-11 ,A-12} =⇒ SR?L u (RSC i j ) ∨ TR?L u

(RSC i j )proof−

assume a4 : u ∈ {A-11 ,A-12}show SR?L u (RSC i j ) ∨ TR?L u (RSC i j )proof−

have ll0 : A-11 6= ts0-M by autohave ll1 :A-11 6= ts1-M by autohave ll2 :A-11 6= ts2-M by autohave ll3 :A-11 6= ts3-M by autohave ll4 :A-12 6= ts0-M by autohave ll5 :A-12 6= ts1-M by autohave ll6 :A-12 6= ts2-M by autohave ll7 :A-12 6= ts3-M by autofrom a4 ll0 ll1 ll2 ll3 ll4 ll5 ll6 ll7 have u /∈ ts-set-M-1 by

autofrom this and a3 have False by autofrom this show SR?L u (RSC i j ) ∨ TR?L u (RSC i j ) by

166

autoqed

qedfrom u0 u1 u2 show SR?L u (RSC i j ) ∨ TR?L u (RSC i j )

by autoqed


forceqed

qedfrom uu jj uu-jj-0 uu-jj-1 uu-jj-2 uu-jj-3 show SR?L u (RSC i j ) ∨

TR?L u (RSC i j ) by argoqed

qedhave x02 : x=Compl-0 =⇒ (SR?L u (RSC i j ) ∨ TR?L u (RSC i j ))proof −

assume a: x=Compl-0show (SR?L u (RSC i j ) ∨ TR?L u (RSC i j ))proof −from a have l0 : inst-at-M x = {ts0 ,ts1 ,ts2 ,ts0-M ,ts1-M ,ts2-M ,ts3-M }

unfolding inst-at-M-def by forcefrom l0 have uuu: u ∈ inst-at-M x =⇒ (u ∈ SR-set-M-0 ∨ u ∈

SR-set-M-1 ) by forcefrom inst have l2 : u ∈ inst-at-M x using isInst-M-u-inst-at-M by force

from this and uuu have uu: (u ∈ SR-set-M-0 ∨ u ∈ SR-set-M-1 ) byauto

from carr have jj : (j = ts-set-M-0 ) ∨ (j = ts-set-M-1 ) by simphave uu-jj-0 : [[u ∈ SR-set-M-0 ;j = ts-set-M-0 ]] =⇒ SR?L u (RSC i j )








i j )proof −

assume a3 : u ∈ m-set-atomsshow SR?L u (RSC i j ) ∨ TR?L u (RSC i j )

167

proof −from a3 have u ∈ SR-set-M-1 by fastfrom carr a2 this show SR?L u (RSC i j ) ∨ TR?L u (RSC i j )



j )proof −


from l2 and l0 have l3 : u ∈ {ts0 ,ts1 ,ts2 ,ts0-M ,ts1-M ,ts2-M ,ts3-M }by force

from this have uuu0 : u ∈ ts-set-M-0 ∨ u ∈ ts-set-M-1 by autohave uuu1 : u ∈ ts-set-M-1 =⇒ SR?L u (RSC i j ) ∨ TR?L u

(RSC i j )proof−

assume a4 : u ∈ ts-set-M-1show SR?L u (RSC i j ) ∨ TR?L u (RSC i j )proof−from a4 have u ∈ SR-set-M-1 using inSR-set-M-1-impl-SR

by forcefrom carr a2 this show SR?L u (RSC i j ) ∨ TR?L u (RSC i

j ) using inSR-set-M-1-impl-SR by mesonqed

qedhave uuu2 : u ∈ ts-set-M-0 =⇒ SR?L u (RSC i j ) ∨ TR?L u

(RSC i j )proof−

assume a4 : u ∈ ts-set-M-0show SR?L u (RSC i j ) ∨ TR?L u (RSC i j )proof−

from a4 have isTS-M u (RSC i ts-set-M-0 ) by simpfrom this a2 have isTR-M u j using isTS-M-0-impl-isTR-M-1

by autofrom this have (∃ ts1 ts2 . ts1 ∈ j ∧ ts2 ∈ j ∧

¬(∃ z0 . z0 ∈ top-of-m-set ∧ z0 ∈ ts1 ∧ z0 ∈ ts2 ) ∧(∃ z1 . z1 ∈ u ∧ z1 ∈ ts1 ) ∧(∃ z2 . z2 ∈ u ∧ z2 ∈ ts2 )) by fast

from this obtain t1 t2 where l1 : t1 ∈ j ∧ t2 ∈ j ∧¬(∃ z0 . z0 ∈ top-of-m-set ∧ z0 ∈ t1 ∧ z0 ∈ t2 ) ∧(∃ z1 . z1 ∈ u ∧ z1 ∈ t1 ) ∧(∃ z2 . z2 ∈ u ∧ z2 ∈ t2 ) by auto

from l1 a2 have l2 : t1 ∈ carrier ?L ∧ t2 ∈ carrier ?L ∧isTS-M t1 (RSC i j ) ∧ isTS-M t2 (RSC i j ) by auto

from l1 have ¬(∃ z0 . z0 ∈ top-of-m-set ∧ z0 ∈ t1 ∧ z0 ∈ t2 )by auto

from this have ¬ (∃ z0 . z0 ∈ m-set ∧ z0 ⊆ t1 ∧ z0 ⊆ t2 ) by

168

blastfrom this have ¬ (∃ z0 . z0 ∈ carrier ?L ∧ z0 ⊆ t1 ∧ z0 ⊆

t2 ) by autofrom this have l3 : ¬ (t1 .O?L t2 ) by (simp add : overlap-def )from l1 have ∃ z1 . z1 ∈ u ∧ z1 ∈ t1 by auto

from this a4 have ∃ z1 . z1 ∈ top-of-m-set ∧ z1 ∈ u ∧ z1 ∈ t1by blast

from this obtain z1 where z1 ∈ top-of-m-set ∧ z1 ∈ u ∧ z1∈ t1 by auto

from this have {z1} ∈ m-set ∧ {z1} ⊆ u ∧ {z1} ⊆ t1 byauto

from this have {z1} ∈ carrier ?L ∧ {z1} ⊆ u ∧ {z1} ⊆ t1by auto

from this have ∃ z1 . z1 ∈ carrier ?L ∧ z1 ⊆ u ∧ z1 ⊆ t1 byblast

from this have l4 : (u .O?L t1 ) by (simp add : overlap-def )from l1 have ∃ z2 . z2 ∈ u ∧ z2 ∈ t2 by auto






from this have l5 : (u .O?L t2 ) by (simp add : overlap-def )from carr a2 have l6 : u ∈ carrier ?L ∧ i ∈ r-carrier ?L ∧ j

∈ s-carrier ?L by autofrom l2 l3 l4 l5 l6 have t1 ∈ carrier ?L ∧ t2 ∈ carrier ?L ∧

isTS-M t1 (RSC i j ) ∧ isTS-M t2 (RSC i j ) ∧¬ (t1 .O?L t2 ) ∧ (u .O?L t1 ) ∧ (u .O?L

t2 ) ∧u ∈ carrier ?L ∧ i ∈ r-carrier ?L ∧ j ∈

s-carrier ?L by autofrom this have ∃ t1 t2 . t1 ∈ carrier ?L ∧ t2 ∈ carrier ?L ∧



s-carrier ?L by smtfrom this have TR?L u (RSC i j ) by (smt TR-I

TS-porder-two-sort-RS-frame.select-convs(1 ))from this show SR?L u (RSC i j ) ∨ TR?L u (RSC i j ) by

autoqed

qedfrom uuu0 uuu1 uuu2 show SR?L u (RSC i j ) ∨ TR?L u (RSC

169

i j ) by forceqed


forceqed

qedhave uu-jj-2 : [[u ∈ SR-set-M-1 ;j = ts-set-M-1 ]] =⇒ SR?L u (RSC i j )∨

TR?L u (RSC i j )proof−

assume a1 : u ∈ SR-set-M-1 j = ts-set-M-1from a1 and carr show SR?L u (RSC i j )∨ TR?L u (RSC i j ) using

inSR-set-M-1-impl-SR by mesonqedhave uu-jj-3 : [[u ∈ SR-set-M-1 ;j = ts-set-M-0 ]] =⇒ SR?L u (RSC i j )∨

TR?L u (RSC i j )proof−


show SR?L u (RSC i j )∨ TR?L u (RSC i j )proof −

from a1 have uuu0 : u ∈ m-set-atoms ∨ u ∈ ts-set-M-1 by fasthave uuu1 : u ∈ m-set-atoms =⇒ SR?L u (RSC i j )∨ TR?L u (RSC

i j )proof −

assume a3 : u ∈ m-set-atomsshow SR?L u (RSC i j )∨ TR?L u (RSC i j )proof −

from a3 have u ∈ SR-set-M-0 by fastfrom carr a2 this show SR?L u (RSC i j )∨ TR?L u (RSC i j )


qedhave uuu2 : u ∈ ts-set-M-1 =⇒ SR?L u (RSC i j )∨ TR?L u (RSC i

j )proof −

assume a3 : u ∈ ts-set-M-1show SR?L u (RSC i j )∨ TR?L u (RSC i j )proof −

from a3 have uuu0 : u ∈ {ts0-M ,ts3-M } ∨ u ∈ {ts1-M ,ts2-M }by auto

have uuu1 : u ∈ {ts0-M ,ts3-M } =⇒ SR?L u (RSC i j )∨ TR?L u(RSC i j )

proof−assume a4 : u ∈ {ts0-M ,ts3-M }show SR?L u (RSC i j )∨ TR?L u (RSC i j )proof−

from a4 have u ∈ SR-set-M-0 by fastfrom carr a2 this show SR?L u (RSC i j ) ∨ TR?L u (RSC i

170

j ) using inSR-set-M-0-impl-SR by mesonqed

qedhave uuu2 : u ∈ {ts1-M ,ts2-M } =⇒ SR?L u (RSC i j )∨ TR?L u

(RSC i j )proof−

assume a4 : u ∈ {ts1-M ,ts2-M }show SR?L u (RSC i j )∨ TR?L u (RSC i j )proof−

from a4 have lu0 : u = ts1-M ∨ u = ts2-M by autohave lu1 : u = ts1-M =⇒ SR?L u (RSC i j )∨ TR?L u (RSC i

j )proof −

assume a5 : u = ts1-Mshow SR?L u (RSC i j )∨ TR?L u (RSC i j )proof−from a5 have l2 : isTR-M u ts-set-M-0 by (smt insertI1

negO-ts0-ts1 subsetCE subset-insertI )from this a2 have (∃ ts1 ts2 . ts1 ∈ j ∧ ts2 ∈ j ∧





from this have ¬ (∃ z0 . z0 ∈ m-set ∧ z0 ⊆ t1 ∧ z0 ⊆ t2 ) byblast

from this have ¬ (∃ z0 . z0 ∈ carrier ?L ∧ z0 ⊆ t1 ∧ z0 ⊆t2 ) by auto

from this have l3 : ¬ (t1 .O?L t2 ) by (simp add : overlap-def )from l1 have ∃ z1 . z1 ∈ u ∧ z1 ∈ t1 by auto







from this a4 have ∃ z2 . z2 ∈ top-of-m-set ∧ z2 ∈ u ∧ z2 ∈ t2

171

by blastfrom this obtain z2 where z2 ∈ top-of-m-set ∧ z2 ∈ u ∧ z2

∈ t2 by autofrom this have {z2} ∈ m-set ∧ {z2} ⊆ u ∧ {z2} ⊆ t2 by

autofrom this have {z2} ∈ carrier ?L ∧ {z2} ⊆ u ∧ {z2} ⊆ t2

by autofrom this have ∃ z2 . z2 ∈ carrier ?L ∧ z2 ⊆ u ∧ z2 ⊆ t2 by

blastfrom this have l5 : (u .O?L t2 ) by (simp add : overlap-def )from carr a2 have l6 : u ∈ carrier ?L ∧ i ∈ r-carrier ?L ∧ j









autoqed

qedhave lu2 : u = ts2-M =⇒ SR?L u (RSC i j )∨ TR?L u (RSC i j )

proof −assume a5 : u = ts2-Mshow SR?L u (RSC i j )∨ TR?L u (RSC i j )

proof−from a5 have l2 : isTR-M u ts-set-M-0 by (smt insertI1

negO-ts1-ts2 subsetCE subset-insertI )from this a2 have (∃ ts1 ts2 . ts1 ∈ j ∧ ts2 ∈ j ∧





172

from this have ¬ (∃ z0 . z0 ∈ m-set ∧ z0 ⊆ t1 ∧ z0 ⊆ t2 ) byblast

from this have ¬ (∃ z0 . z0 ∈ carrier ?L ∧ z0 ⊆ t1 ∧ z0 ⊆t2 ) by auto

from this have l3 : ¬ (t1 .O?L t2 ) by (simp add : overlap-def )from l1 have ∃ z1 . z1 ∈ u ∧ z1 ∈ t1 by auto












from this have l5 : (u .O?L t2 ) by (simp add : overlap-def )from carr a2 have l6 : u ∈ carrier ?L ∧ i ∈ r-carrier ?L ∧ j









autoqed

qed

173

from lu0 lu1 lu2 show SR?L u (RSC i j ) ∨ TR?L u (RSC i j )by force

qedqedfrom uuu0 uuu1 uuu2 show SR?L u (RSC i j ) ∨ TR?L u (RSC i

j ) by forceqed

qedfrom uuu0 uuu1 uuu2 show SR?L u (RSC i j ) ∨ TR?L u (RSC i j )

by forceqed

qedfrom uu jj uu-jj-0 uu-jj-1 uu-jj-2 uu-jj-3 show SR?L u (RSC i j )∨ TR?L

u (RSC i j ) by argoqed

qedhave x03 : x=Oc-0 =⇒ (SR?L u (RSC i j ) ∨ TR?L u (RSC i j ))proof −

assume a: x=Oc-0show (SR?L u (RSC i j ) ∨ TR?L u (RSC i j ))proof −

from carr have jj : (j = ts-set-M-0 ) ∨ (j = ts-set-M-1 ) by simpfrom a have l0 : inst-at-M x = {wlA-0} unfolding inst-at-M-def by

autohave l01 : u = wlA-0proof (rule ccontr)

assume a1 : u 6= wlA-0show False

proof−from inst have ll1 : u ∈ inst-at-M x using isInst-M-u-inst-at-M

by forcefrom this and a and l0 have u = wlA-0 by simpfrom this and a1 show False by auto

qedqed

have u-jj-0 : j = ts-set-M-0 =⇒ (SR?L u (RSC i j ) ∨ TR?L u (RSC ij ))

proof−assume a1 : j = ts-set-M-0show (SR?L u (RSC i j ) ∨ TR?L u (RSC i j ))

proof−from l01 have l1 : u .O?L ts0 ∧ u .O?L ts1 unfolding overlap-def

using insert-commute by autohave l2 : ¬(ts0 .O?L ts1 ) unfolding overlap-def using neg-O-ts0-ts1

by autofrom a1 have l3 : TS?L ts0 (RSC i j ) ∧ TS?L ts1 (RSC i j ) by

autohave l4 : ts0 ∈ carrier ?L by autohave l5 : ts1 ∈ carrier ?L by auto

174

from carr l1 l2 l3 l4 l5 have l6 : ∃ t1 t2 . t1 ∈ carrier ?L ∧ t2 ∈carrier ?L ∧ TS?L t1 (RSC i j ) ∧ TS?L t2 (RSC i j ) ∧ ¬(t1 .O?L t2 ) ∧

u .O?L t1 ∧ u .O?L t2 ∧ i ∈ r-carrier ?L ∧ j∈ s-carrier ?L by blast

have TR?L u (RSC i j )proof (rule TR-I )

from carr show u ∈ carrier ?L by autonext

from carr show i ∈ r-carrier ?L by autonext

from carr show j ∈ s-carrier ?L by autonextfrom l6 show (∃ t1 t2 . t1 ∈ carrier ?L ∧ t2 ∈ carrier ?L ∧ TS?L

t1 (RSC i j ) ∧ TS?L t2 (RSC i j ) ∧ ¬(t1 .O?L t2 ) ∧ u .O?L t1 ∧ u .O?L t2 )by blast

qedfrom this show (SR?L u (RSC i j ) ∨ TR?L u (RSC i j )) by auto

qedqed

have u-jj-1 : j = ts-set-M-1 =⇒ (SR?L u (RSC i j ) ∨ TR?L u (RSC ij ))

proof−assume a1 : j = ts-set-M-1show (SR?L u (RSC i j ) ∨ TR?L u (RSC i j ))

proof−from l01 have l1 : u .O?L ts1-M ∧ u .O?L ts2-M unfolding

overlap-def using insert-commute by autohave l2 : ¬(ts1-M .O?L ts2-M ) unfolding overlap-def using

neg-O-ts1-M-ts2-M by autofrom a1 have l3 : TS?L ts1-M (RSC i j ) ∧ TS?L ts2-M (RSC i

j ) by autohave l4 : ts1-M ∈ carrier ?L by autohave l5 : ts2-M ∈ carrier ?L by autofrom carr l1 l2 l3 l4 l5 have l6 : ∃ t1 t2 . t1 ∈ carrier ?L ∧ t2 ∈

carrier ?L ∧ TS?L t1 (RSC i j ) ∧ TS?L t2 (RSC i j ) ∧ ¬(t1 .O?L t2 ) ∧u .O?L t1 ∧ u .O?L t2 ∧ i ∈ r-carrier ?L ∧ j

∈ s-carrier ?L by blasthave TR?L u (RSC i j )proof (rule TR-I )





qed

175

from this show (SR?L u (RSC i j ) ∨ TR?L u (RSC i j )) by autoqed

qedfrom jj u-jj-0 u-jj-1 show (SR?L u (RSC i j ) ∨ TR?L u (RSC i j ))

by fastqed


assume a: x=Oc-1show (SR?L u (RSC i j ) ∨ TR?L u (RSC i j ))proof −

from carr have jj : (j = ts-set-M-0 ) ∨ (j = ts-set-M-1 ) by simpfrom a have l0 : inst-at-M x = {wlA-1} unfolding inst-at-M-def by




by forcefrom this and a and l0 have u = wlA-1 by autofrom this and a1 show False by auto

qedqedhave u-jj-0 : j = ts-set-M-0 =⇒ (SR?L u (RSC i j ) ∨ TR?L u (RSC i

j ))proof−

assume a1 : j = ts-set-M-0show (SR?L u (RSC i j ) ∨ TR?L u (RSC i j ))proof −from l01 have l1 : u .O?L ts0 ∧ u .O?L ts1 unfolding overlap-def



simphave l4 : ts0 ∈ carrier ?L by autohave l5 : ts1 ∈ carrier ?L by autofrom carr l1 l2 l3 l4 l5 have l6 : ∃ t1 t2 . t1 ∈ carrier ?L ∧ t2 ∈




from carr show i ∈ r-carrier ?L by auto

176

nextfrom carr show j ∈ s-carrier ?L by auto

nextfrom l6 show (∃ t1 t2 . t1 ∈ carrier ?L ∧ t2 ∈ carrier ?L ∧ TS?L




j ))proof−

assume a1 : j = ts-set-M-1show (SR?L u (RSC i j ) ∨ TR?L u (RSC i j ))proof −

from l01 have l1 : u .O?L ts1-M ∧ u .O?L ts2-M unfoldingoverlap-def using insert-commute by auto

have l2 : ¬(ts1-M .O?L ts2-M ) unfolding overlap-def usingneg-O-ts1-M-ts2-M by auto

from a1 have l3 : TS?L ts1-M (RSC i j ) ∧ TS?L ts2-M (RSC ij ) by simp

have l4 : ts1-M ∈ carrier ?L by autohave l5 : ts2-M ∈ carrier ?L by autofrom carr l1 l2 l3 l4 l5 have l6 : ∃ t1 t2 . t1 ∈ carrier ?L ∧ t2 ∈








qedqedfrom jj u-jj-0 u-jj-1 show (SR?L u (RSC i j ) ∨ TR?L u (RSC i j ))

by fastqed


177

assume a: x=Oc-2show (SR?L u (RSC i j ) ∨ TR?L u (RSC i j ))proof −from carr have jj : (j = ts-set-M-0 ) ∨ (j = ts-set-M-1 ) by simpfrom a have l0 : inst-at-M x = {top-of-m-set} unfolding inst-at-M-def

by autohave l01 : u = top-of-m-setproof (rule ccontr)

assume a1 : u 6= top-of-m-setshow False


by forcefrom this and a and l0 have u = top-of-m-set by simpfrom this and a1 show False by auto


j ))proof −

assume a1 : j = ts-set-M-0show (SR?L u (RSC i j ) ∨ TR?L u (RSC i j ))proof −from l01 have l1 : u .O?L ts0 ∧ u .O?L ts1 unfolding overlap-def



simphave l4 : ts0 ∈ carrier ?L by auto

have l5 : ts1 ∈ carrier ?L by autofrom carr l1 l2 l3 l4 l5 have l6 : ∃ t1 t2 . t1 ∈ carrier ?L ∧ t2 ∈ carrier

?L ∧ TS?L t1 (RSC i j ) ∧ TS?L t2 (RSC i j ) ∧ ¬(t1 .O?L t2 ) ∧u .O?L t1 ∧ u .O?L t2 ∧ i ∈ r-carrier ?L ∧ j




from carr show j ∈ s-carrier ?L by autonext

from l6 show (∃ t1 t2 . t1 ∈ carrier ?L ∧ t2 ∈ carrier ?L ∧ TS?Lt1 (RSC i j ) ∧ TS?L t2 (RSC i j ) ∧ ¬(t1 .O?L t2 ) ∧ u .O?L t1 ∧ u .O?L t2 )by blast


qed

178

qedhave u-jj-1 : j = ts-set-M-1 =⇒ (SR?L u (RSC i j ) ∨ TR?L u (RSC i j ))

proof −assume a1 : j = ts-set-M-1

show (SR?L u (RSC i j ) ∨ TR?L u (RSC i j ))proof −


have l2 : ¬(ts1-M .O?L ts2-M ) unfolding overlap-def usingneg-O-ts1-M-ts2-M by auto

from a1 have l3 : TS?L ts1-M (RSC i j ) ∧ TS?L ts2-M (RSC i j )by simp

have l4 : ts1-M ∈ carrier ?L by autohave l5 : ts2-M ∈ carrier ?L by auto

from carr l1 l2 l3 l4 l5 have l6 : ∃ t1 t2 . t1 ∈ carrier ?L ∧ t2 ∈carrier ?L ∧ TS?L t1 (RSC i j ) ∧ TS?L t2 (RSC i j ) ∧ ¬(t1 .O?L t2 ) ∧

u .O?L t1 ∧ u .O?L t2 ∧ i ∈ r-carrier ?L ∧ j∈ s-carrier ?L by blast

have TR?L u (RSC i j )proof (rule TR-I )






qedqedfrom jj u-jj-0 u-jj-1 show (SR?L u (RSC i j ) ∨ TR?L u (RSC i j )) by

fastqed

qedfrom x0 x00 x01 x02 x03 x04 x05 show (SR?L u (RSC i j ) ∨ TR?L u

(RSC i j )) by forceqed

qednext

show∧

x y u i j jj yy uu. [[Inst?L x y u (RSC i j );SR?L u (RSC i j );j S?Ljj ;Inst?L x yy uu (RSC i jj );

x ∈ e-carrier ?L; y ∈ e-carrier ?L; yy ∈ e-carrier?L; u ∈ carrier ?L; uu ∈ carrier ?L;

i ∈ r-carrier ?L; j ∈ s-carrier ?L; jj ∈ s-carrier?L]] =⇒ SR?L uu (RSC i jj )

179

proof −fix x y u i j jj yy uuassume inst : Inst?L x y u (RSC i j ) Inst?L x yy uu (RSC i jj )assume SR: SR?L u (RSC i j )assume S : j S?L jjassume carr : x ∈ e-carrier ?L y ∈ e-carrier ?L yy ∈ e-carrier ?L u ∈

carrier ?L uu ∈ carrier ?Li ∈ r-carrier ?L j ∈ s-carrier ?L jj ∈ s-carrier ?L

show SR?L uu (RSC i jj )proof−from carr inst have x0 : x=At-0 ∨ x=At-1 ∨ x=Compl-0 ∨ x = Oc-0 ∨

x = Oc-1 ∨ x = Oc-2 using isInst-M-e1-impl-possibleParticulars by autohave x00 : [[x=At-0 ;SR?L u (RSC i j )]] =⇒ SR?L uu (RSC i jj )proof −

assume a: x=At-0assume s: SR?L u (RSC i j )show SR?L uu (RSC i jj )

proof−from a have l0 : inst-at-M x = {A-00 ,A-01 ,A-02} unfolding

inst-at-M-def by autofrom carr have jj-cases : (jj = ts-set-M-0 ) ∨ (jj = ts-set-M-1 ) by

simphave jj-case-0 : jj = ts-set-M-0 =⇒ SR?L uu (RSC i jj )proof −

assume a1 : jj = ts-set-M-0show SR?L uu (RSC i jj )proof−from l0 have ll0 : uu ∈ inst-at-M x =⇒ uu ∈ SR-set-M-0 by force

from carr and a1 and ll0 have l1 : uu ∈ inst-at-M x =⇒ SR?Luu (RSC i jj ) using inSR-set-M-iff-SR-0 by auto

from inst(2 ) have l2 : uu ∈ inst-at-M x using isInst-M-u-inst-at-Mby force

from l1 and l2 show SR?L uu (RSC i jj ) by autoqed

qedhave jj-case-1 : jj = ts-set-M-1 =⇒ SR?L uu (RSC i jj )proof −

assume a1 : jj = ts-set-M-1show SR?L uu (RSC i jj )proof−from l0 have ll0 : uu ∈ inst-at-M x =⇒ uu ∈ SR-set-M-1 by force

from carr and a1 and ll0 have l1 : uu ∈ inst-at-M x =⇒ SR?Luu (RSC i jj ) using inSR-set-M-iff-SR-1 by auto

from inst(2 ) have l2 : uu ∈ inst-at-M x using isInst-M-u-inst-at-Mby force


qedfrom jj-cases jj-case-0 jj-case-1 show SR?L uu (RSC i jj ) by fast

180

qedqed

have x01 : [[x=At-1 ;SR?L u (RSC i j )]] =⇒ SR?L uu (RSC i jj )proof −



inst-at-M-def by autofrom carr have jj-cases : (jj = ts-set-M-0 ) ∨ (jj = ts-set-M-1 ) by

simphave jj-case-0 : jj = ts-set-M-0 =⇒ SR?L uu (RSC i jj )proof−

assume a1 : jj = ts-set-M-0show SR?L uu (RSC i jj )proof−

from l0 have uu ∈ inst-at-M x =⇒ uu ∈ SR-set-M-0 by forcefrom carr a1 and this have l1 : uu ∈ inst-at-M x =⇒ SR?L uu

(RSC i jj ) using inSR-set-M-iff-SR-0 by autofrom inst have l2 : uu ∈ inst-at-M x using isInst-M-u-inst-at-M

by forcefrom l1 and l2 show SR?L uu (RSC i jj ) by auto

qedqedhave jj-case-1 : jj = ts-set-M-1 =⇒ SR?L uu (RSC i jj )proof−


from l0 have uu ∈ inst-at-M x =⇒ uu ∈ SR-set-M-1 by forcefrom carr a1 and this have l1 : uu ∈ inst-at-M x =⇒ SR?L uu

(RSC i jj ) using inSR-set-M-iff-SR-1 by autofrom inst have l2 : uu ∈ inst-at-M x using isInst-M-u-inst-at-M


qedqedfrom jj-cases jj-case-0 jj-case-1 show SR?L uu (RSC i jj ) by fast

qedqed

have x02 : [[x=Compl-0 ;SR?L u (RSC i j )]] =⇒ SR?L uu (RSC i jj )proof −

assume a: x=Compl-0assume s: SR?L u (RSC i j )show SR?L uu (RSC i jj )proof −

from a inst(2 ) have Inst?L x yy uu (RSC i jj ) by autofrom this have l1 : uu ∈ inst-at-M-0-or-1 x jj using isInst-M-imp-inst-at-M-0-or-1

181

by autofrom carr have jj-cases : (jj = ts-set-M-0 ) ∨ (jj = ts-set-M-1 ) by



from l1 a1 have uu ∈ inst-at-M-0-or-1 x ts-set-M-0 by autofrom a this have l2 : uu ∈ {ts0 ,ts1 ,ts2} using Compl-0-at-ts-set-M-0

by blasthave {ts0 ,ts1 ,ts2} ⊆ SR-set-M-0 by autofrom this l2 have uu ∈ SR-set-M-0 by auto

from this a1 show SR?L uu (RSC i jj ) using carr inSR-set-M-iff-SR-0by auto



from l1 a1 have uu ∈ inst-at-M-0-or-1 x ts-set-M-1 by autofrom a this have l2 : uu ∈ {ts0-M ,ts1-M ,ts2-M ,ts3-M } using

Compl-0-at-ts-set-M-1 by blasthave {ts0-M ,ts1-M ,ts2-M ,ts3-M } ⊆ SR-set-M-1 by autofrom this l2 have uu ∈ SR-set-M-1 by auto

from this a1 show SR?L uu (RSC i jj ) using carr inSR-set-M-iff-SR-1by auto

qedqedfrom jj-cases jj-case-0 jj-case-1 show SR?L uu (RSC i jj ) by auto

qedqed

have x03 : [[x=Oc-0 ;SR?L u (RSC i j )]] =⇒ SR?L uu (RSC i jj )proof −

assume a: x=Oc-0assume s: SR?L u (RSC i j )show SR?L uu (RSC i jj )

proof −from a have l0 : inst-at-M x = {wlA-0} unfolding inst-at-M-def by




by force

182

from this and a and l0 have u = wlA-0 by simpfrom this and a1 show False by auto

qedqedfrom carr have j-cases : (j = ts-set-M-0 ) ∨ (j = ts-set-M-1 ) by simp

have j-case-0 : j = ts-set-M-0 =⇒ Falseproof −

assume a1 : j = ts-set-M-0show Falseproof −from l01 have l1 : u .O?L ts0 ∧ u .O?L ts1 unfolding overlap-def

using insert-commute by autohave l6 : SR?L u (RSC i j ) =⇒ Falseproof−

assume a2 : SR?L u (RSC i j )show Falseproof −

from a1 a2 have (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i j )∧ u v?L t) ∧ u ∈ carrier ?L ∧ i ∈ r-carrier ?L ∧ j ∈ s-carrier ?L by (simpadd :SR-def )

from this obtain t where ll0 : t ∈ carrier ?L ∧ TS?L t (RSCi j ) ∧ u v?L t ∧ u ∈ carrier ?L ∧ i ∈ r-carrier ?L ∧ j ∈ s-carrier ?L by auto

from a1 this have lt0 : t= ts0 ∨ t= ts1 ∨ t= ts2 by forcehave lt00 : t= ts0 =⇒ Falseproof−

assume a: t= ts0show Falseproof−

from a and ll0 have ll1 : u v?L ts0 by forcefrom l1 have u .O?L ts1 by force

from this have ¬ u v?L ts0 unfolding overlap-def by (smtneg-O-ts0-ts1 two-sort-RS-frame.select-convs(1 ) porder-two-sort-RS-frame.select-convs(1 )subset-trans)

from this and ll1 show False by fastqed

qedhave lt01 : t= ts1 =⇒ Falseproof−





183






qedfrom lt0 lt00 lt01 lt02 show False by force

qedqedfrom l6 s show False by auto

qedqedhave j-case-1 : j = ts-set-M-1 =⇒ Falseproof −



have l6 : SR?L u (RSC i j ) =⇒ Falseproof−




from a1 this have lt0 : t= ts0-M ∨ t= ts1-M ∨ t= ts2-M ∨ t=ts3-M by force

have lt00 : t= ts0-M =⇒ Falseproof−

assume a: t= ts0-Mshow Falseproof−

from a and ll0 have ll1 : u v?L ts0-M by forcefrom l1 have u .O?L ts1-M by force

from this have ¬ u v?L ts0-M unfolding overlap-def by (smtneg-O-ts0-M-ts1-M two-sort-RS-frame.select-convs(1 ) porder-two-sort-RS-frame.select-convs(1 )subset-trans)

184


qedhave lt01 : t= ts1-M =⇒ Falseproof−















qedfrom lt0 lt00 lt01 lt02 lt03 show False by force


qedqedfrom j-cases j-case-0 j-case-1 have False by auto

185

from this show SR?L uu (RSC i jj ) by autoqed

qedhave x04 : [[x=Oc-1 ;SR?L u (RSC i j )]] =⇒ SR?L uu (RSC i jj )proof −

















186



















assume a2 : SR?L u (RSC i j )show False

187

proof −from a1 a2 have (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i j )

∧ u v?L t) ∧ u ∈ carrier ?L ∧ i ∈ r-carrier ?L ∧ j ∈ s-carrier ?L by (simpadd :SR-def )



















188







qedqedfrom j-cases j-case-0 j-case-1 have False by autofrom this show SR?L uu (RSC i jj ) by auto

qedqed



proof −from a have l0 : inst-at-M x = {top-of-m-set} unfolding inst-at-M-def








using insert-commute by auto

189




















190




















191















qedqed

from SR x0 x00 x01 x02 x03 x04 x05 show SR?L uu (RSC i jj ) by forceqed

qednext

show∧

x y u i j jj xx uu. [[Inst?L x y u (RSC i j );SR?L u (RSC i j );j S?Ljj ;Inst?L xx y uu (RSC i jj );

x ∈ e-carrier ?L; xx ∈ e-carrier ?L; y ∈ e-carrier?L; u ∈ carrier ?L; uu ∈ carrier ?L;

i ∈ r-carrier ?L; j ∈ s-carrier ?L; jj ∈ s-carrier?L]] =⇒ SR?L uu (RSC i jj )

192

proof −fix x y u i j jj xx uuassume inst : Inst?L x y u (RSC i j ) Inst?L xx y uu (RSC i jj )assume SR: SR?L u (RSC i j )assume S : j S?L jjassume carr : x ∈ e-carrier ?L xx ∈ e-carrier ?L y ∈ e-carrier ?L u ∈

carrier ?L uu ∈ carrier ?Li ∈ r-carrier ?L j ∈ s-carrier ?L jj ∈ s-carrier ?L

show SR?L uu (RSC i jj )proof−

from inst(1 ) have x0 : x=At-0 ∨ x=At-1 ∨ x=Compl-0 ∨ x = Oc-0 ∨x = Oc-1 ∨ x = Oc-2 unfolding isInst-M-def by force

from inst(2 ) have xx0 : xx=At-0 ∨ xx=At-1 ∨ xx=Compl-0 ∨ xx = Oc-0∨ xx = Oc-1 ∨ xx = Oc-2 unfolding isInst-M-def by force

from inst have x-xx0 : (x=At-0 ∨ x=At-1 ∨ x=Compl-0 ) = (xx=At-0 ∨xx=At-1 ∨ xx=Compl-0 ) unfolding isInst-M-def by force

from inst have x-xx1 : (x = Oc-0 ∨ x = Oc-1 ∨ x = Oc-2 ) = (xx = Oc-0∨ xx = Oc-1 ∨ xx = Oc-2 ) unfolding isInst-M-def by force

from carr have j-cases: (j = ts-set-M-0 ) ∨ (j = ts-set-M-1 ) by simpfrom carr have jj-cases: (jj = ts-set-M-0 ) ∨ (jj = ts-set-M-1 ) by simp

have x00 : [[x=At-0 ;SR?L u (RSC i j )]] =⇒ SR?L uu (RSC i jj )proof −

assume a: x=At-0assume s: SR?L u (RSC i j )show SR?L uu (RSC i jj )proof−

from x-xx0 have xx0 : x=At-0 =⇒ (xx=At-0 ∨ xx=At-1 ∨ xx=Compl-0 )by force

have xx00 : [[xx=At-0 ;SR?L u (RSC i j )]] =⇒ SR?L uu (RSC i jj )proof−assume aa: xx=At-0assume s: SR?L u (RSC i j )show SR?L uu (RSC i jj )proof−

from aa have l0 : inst-at-M xx = {A-00 ,A-01 ,A-02} unfoldinginst-at-M-def by auto

from l0 have uu ∈ inst-at-M xx =⇒ (uu ∈ SR-set-M-0 ∧ uu ∈SR-set-M-1 ) by force

from jj-cases and carr and this have l1 : uu ∈ inst-at-M xx =⇒SR?L uu (RSC i jj ) using inSR-set-M-iff-SR-0 inSR-set-M-iff-SR-1 by auto

from inst have l2 : uu ∈ inst-at-M xx using isInst-M-u-inst-at-Mby force


qedhave xx01 : [[xx=At-1 ;SR?L u (RSC i j )]] =⇒ SR?L uu (RSC i jj )

proof−assume aa: xx=At-1

193

assume s: SR?L u (RSC i j )show SR?L uu (RSC i jj )

proof−from aa have l0 : inst-at-M xx = {A-10 ,A-11 ,A-12} unfolding

inst-at-M-def by autofrom l0 have uu ∈ inst-at-M xx =⇒ (uu ∈ SR-set-M-0 ∧ uu ∈

SR-set-M-1 ) by forcefrom jj-cases and carr and this have l1 : uu ∈ inst-at-M xx =⇒

SR?L uu (RSC i jj ) using inSR-set-M-iff-SR-0 inSR-set-M-iff-SR-1 by autofrom inst have l2 : uu ∈ inst-at-M xx using isInst-M-u-inst-at-M


qedqedhave xx02 : [[xx=Compl-0 ;SR?L u (RSC i j )]] =⇒ SR?L uu (RSC i jj )

proof−assume aa: xx=Compl-0assume s: SR?L u (RSC i j )show SR?L uu (RSC i jj )proof −

from aa inst(2 ) have Inst?L xx y uu (RSC i jj ) by autofrom this have l1 : uu ∈ inst-at-M-0-or-1 xx jj using

isInst-M-imp-inst-at-M-0-or-1 by autofrom carr have jj-cases : (jj = ts-set-M-0 ) ∨ (jj = ts-set-M-1 ) by



from l1 a1 have uu ∈ inst-at-M-0-or-1 xx ts-set-M-0 by autofrom aa this have l2 : uu ∈ {ts0 ,ts1 ,ts2} using Compl-0-at-ts-set-M-0


from this a1 show SR?L uu (RSC i jj ) using carrinSR-set-M-iff-SR-0 by auto



from l1 a1 have uu ∈ inst-at-M-0-or-1 xx ts-set-M-1 by autofrom aa this have l2 : uu ∈ {ts0-M ,ts1-M ,ts2-M ,ts3-M } using


194


qedqedfrom jj-cases jj-case-0 jj-case-1 show SR?L uu (RSC i jj ) by

autoqed

qedfrom xx0 xx00 xx01 xx02 have [[x=At-0 ;SR?L u (RSC i j )]] =⇒ SR?L

uu (RSC i jj ) by forcefrom this a s show SR?L uu (RSC i jj ) by force

qedqedhave x01 : [[x=At-1 ;SR?L u (RSC i j )]] =⇒ SR?L uu (RSC i jj )proof −


proof−from x-xx0 have xx0 : x=At-1 =⇒ (xx=At-0 ∨ xx=At-1 ∨ xx=Compl-0 )

by forcehave xx00 : [[xx=At-0 ;SR?L u (RSC i j )]] =⇒ SR?L uu (RSC i jj )

proof−assume aa: xx=At-0assume s: SR?L u (RSC i j )show SR?L uu (RSC i jj )






qedqedhave xx01 : [[xx=At-1 ;SR?L u (RSC i j )]] =⇒ SR?L uu (RSC i jj )





195




proof−assume aa: xx=Compl-0assume s: SR?L u (RSC i j )show SR?L uu (RSC i jj )proof −














autoqed

qed

196

from xx0 xx00 xx01 xx02 have [[x=At-1 ;SR?L u (RSC i j )]] =⇒ SR?Luu (RSC i jj ) by force

from this a s show SR?L uu (RSC i jj ) by forceqed

qedhave x02 : [[x=Compl-0 ;SR?L u (RSC i j )]] =⇒ SR?L uu (RSC i jj )proof −

assume a: x=Compl-0assume s: SR?L u (RSC i j )show SR?L uu (RSC i jj )

proof −from x-xx0 have xx0 : x=Compl-0 =⇒ (xx=At-0 ∨ xx=At-1 ∨

xx=Compl-0 ) by forcehave xx00 : [[xx=At-0 ;SR?L u (RSC i j )]] =⇒ SR?L uu (RSC i jj )







qedqedhave xx01 : [[xx=At-1 ;SR?L u (RSC i j )]] =⇒ SR?L uu (RSC i jj )








proof−

197

assume aa: xx=Compl-0assume s: SR?L u (RSC i j )show SR?L uu (RSC i jj )proof −














autoqed

qedfrom xx0 xx00 xx01 xx02 have [[x=Compl-0 ;SR?L u (RSC i j )]] =⇒

SR?L uu (RSC i jj ) by forcefrom this a s show SR?L uu (RSC i jj ) by force

qedqed


assume a: x=Oc-0

198

assume s: SR?L u (RSC i j )show SR?L uu (RSC i jj )proof −

from a have l0 : inst-at-M x = {wlA-0} unfolding inst-at-M-def byauto

have l01 : u = wlA-0proof (rule ccontr)
















qed

199

have lt01 : t= ts1 =⇒ Falseproof−



















200




















from this have ¬ u v?L ts3-M unfolding overlap-def by (smt

201

neg-O-ts1-M-ts3-M two-sort-RS-frame.select-convs(1 ) porder-two-sort-RS-frame.select-convs(1 )subset-trans)





qedqed













from a1 a2 have (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i j )

202

∧ u v?L t) ∧ u ∈ carrier ?L ∧ i ∈ r-carrier ?L ∧ j ∈ s-carrier ?L by (simpadd :SR-def )



















qed

203

qedhave j-case-1 : j = ts-set-M-1 =⇒ Falseproof −



















assume a: t= ts2-M

204

show Falseproof−












qedqed



proof −from a have l0 : inst-at-M x = {top-of-m-set} unfolding inst-at-M-def




by forcefrom this and a and l0 have u = top-of-m-set by simp

205

from this and a1 show False by autoqed

qedfrom carr have j-cases : (j = ts-set-M-0 ) ∨ (j = ts-set-M-1 ) by simp

















qed

206

have lt02 : t= ts2 =⇒ Falseproof−



















from this and ll1 show False by fast

207

qedqedhave lt01 : t= ts1-M =⇒ Falseproof−


















208

qedqed

from SR x0 x00 x01 x02 x03 x04 x05 show SR?L uu (RSC i jj ) by forceqed

qednext

show∧

x y u i j yy v . [[Inst?L x y u (RSC i j );TR?L u (RSC i j );Inst?L x yyv (RSC i j );

x ∈ e-carrier ?L; y ∈ e-carrier ?L; yy ∈ e-carrier ?L; u ∈ carrier?L; v ∈ carrier ?L;

i ∈ r-carrier ?L; j ∈ s-carrier ?L]] =⇒ (u = v)proof −

fix x y u i j yy vassume inst : Inst?L x y u (RSC i j ) Inst?L x yy v (RSC i j )assume TR: TR?L u (RSC i j )assume carr : x ∈ e-carrier ?L y ∈ e-carrier ?L yy ∈ e-carrier ?L u ∈ carrier

?L v ∈ carrier ?Li ∈ r-carrier ?L j ∈ s-carrier ?L

show (u = v)proof −

from carr have j-cases: (j = ts-set-M-0 ) ∨ (j = ts-set-M-1 ) by simpfrom inst(1 ) have x0 : x=At-0 ∨ x=At-1 ∨ x=Compl-0 ∨ x = Oc-0 ∨

x = Oc-1 ∨ x = Oc-2 unfolding isInst-M-def by forcehave x00 : x=At-0 ∨ x=At-1 ∨ x=Compl-0 =⇒ (u=v)proof−

assume aa: x=At-0 ∨ x=At-1 ∨ x=Compl-0show (u=v)proof−

have aa0 : x=At-0 =⇒ SR?L u (RSC i j )proof−

assume a: x=At-0show SR?L u (RSC i j )


inst-at-M-def by autofrom l0 have u ∈ inst-at-M x =⇒ (u ∈ SR-set-M-0 ∧ u ∈

SR-set-M-1 ) by forcefrom j-cases and carr and this have l1 : u ∈ inst-at-M x =⇒

SR?L u (RSC i j ) using inSR-set-M-iff-SR-0 inSR-set-M-iff-SR-1 by autofrom inst have l2 : u ∈ inst-at-M x using isInst-M-u-inst-at-M

by forcefrom l1 and l2 show SR?L u (RSC i j ) by auto

qedqed

have aa1 : x=At-1 =⇒ SR?L u (RSC i j )proof−

assume a: x=At-1show SR?L u (RSC i j )

proof−

209


from l0 have u ∈ inst-at-M x =⇒ (u ∈ SR-set-M-0 ∧ u ∈SR-set-M-1 ) by force

from j-cases and carr and this have l1 : u ∈ inst-at-M x =⇒SR?L u (RSC i j ) using inSR-set-M-iff-SR-0 inSR-set-M-iff-SR-1 by auto


from l1 and l2 show SR?L u (RSC i j ) by autoqed

qedhave aa2 : x=Compl-0 =⇒ SR?L u (RSC i j )proof−

assume a: x=Compl-0show SR?L u (RSC i j )

proof−from a inst(1 ) have Inst?L x y u (RSC i j ) by auto

from this have l1 : u ∈ inst-at-M-0-or-1 x j using isInst-M-imp-inst-at-M-0-or-1by auto

from carr have j-cases: (j = ts-set-M-0 ) ∨ (j = ts-set-M-1 ) bysimp

have j-case-0 : (j = ts-set-M-0 ) =⇒ SR?L u (RSC i j )proof −

assume a1 : (j = ts-set-M-0 )show SR?L u (RSC i j )proof −

from l1 a1 have u ∈ inst-at-M-0-or-1 x ts-set-M-0 by autofrom a this have l2 : u ∈ {ts0 ,ts1 ,ts2} using Compl-0-at-ts-set-M-0

by blasthave {ts0 ,ts1 ,ts2} ⊆ SR-set-M-0 by autofrom this l2 have u ∈ SR-set-M-0 by auto

from this a1 show SR?L u (RSC i j ) using carrinSR-set-M-iff-SR-0 by auto

qedqedhave j-case-1 : j = ts-set-M-1 =⇒ SR?L u (RSC i j )proof−

assume a1 : j = ts-set-M-1show SR?L u (RSC i j )proof−

from l1 a1 have u ∈ inst-at-M-0-or-1 x ts-set-M-1 by autofrom a this have l2 : u ∈ {ts0-M ,ts1-M ,ts2-M ,ts3-M } using

Compl-0-at-ts-set-M-1 by blasthave {ts0-M ,ts1-M ,ts2-M ,ts3-M } ⊆ SR-set-M-1 by autofrom this l2 have u ∈ SR-set-M-1 by auto

from this a1 show SR?L u (RSC i j ) using carrinSR-set-M-iff-SR-1 by auto

qedqed

210

from j-cases j-case-0 j-case-1 show SR?L u (RSC i j ) by autoqed

qedfrom aa aa0 aa1 aa2 have SR?L u (RSC i j ) by autofrom this carr TR have False using TS-mereology .TR-imp-negSR

by (metis (no-types, lifting) m-set-is-TS-mereology-M )from this show u=v by auto

qedqed

have o00 : x=Oc-0 =⇒ (u=v)proof−

assume aa: x=Oc-0show (u=v)proof−

from aa have l0 : inst-at-M x = {wlA-0} unfolding inst-at-M-defby auto

have l01 : u = wlA-0proof (rule ccontr)assume a1 : u 6= wlA-0show False


by forcefrom this and aa and l0 have u = wlA-0 by simpfrom this and a1 show False by auto

qedqedhave l02 : v = wlA-0proof (rule ccontr)assume a1 : v 6= wlA-0show False

proof−from inst have ll1 : v ∈ inst-at-M x using isInst-M-u-inst-at-M by

forcefrom this and aa and l0 have v = wlA-0 by simpfrom this and a1 show False by auto

qedqedfrom l01 l02 show u=v by auto

qedqedhave o01 : x=Oc-1 =⇒ (u=v)proof−

assume aa: x=Oc-1show (u=v)proof−

from aa have l0 : inst-at-M x = {wlA-1} unfolding inst-at-M-defby auto

have l01 : u = wlA-1

211

proof (rule ccontr)assume a1 : u 6= wlA-1show False


by forcefrom this and aa and l0 have u = wlA-1 by simpfrom this and a1 show False by auto

qedqedhave l02 : v = wlA-1proof (rule ccontr)assume a1 : v 6= wlA-1show False


forcefrom this and aa and l0 have v = wlA-1 by simpfrom this and a1 show False by auto


qedqedhave o02 : x=Oc-2 =⇒ (u=v)proof−

assume aa: x=Oc-2show (u=v)proof−from aa have l0 : inst-at-M x = {top-of-m-set} unfolding inst-at-M-def

by autohave l01 : u = top-of-m-setproof (rule ccontr)assume a1 : u 6= top-of-m-setshow False


by forcefrom this and aa and l0 have u = top-of-m-set by simpfrom this and a1 show False by auto

qedqedhave l02 : v = top-of-m-setproof (rule ccontr)assume a1 : v 6= top-of-m-setshow False


force

212

from this and aa and l0 have v = top-of-m-set by simpfrom this and a1 show False by auto


qedqedfrom x0 x00 o00 o01 o02 show u=v by auto

qedqed

nextshow

∧x y u i j yy v . [[Inst?L x y u (RSC i j ); SR?L u (RSC i j );Inst?L x

yy v (RSC i j ); SIMU ?L u v (RSC i j );x ∈ e-carrier ?L; y ∈ e-carrier ?L; yy ∈ e-carrier ?L; u ∈

carrier ?L; v ∈ carrier ?L;i ∈ r-carrier ?L; j ∈ s-carrier ?L]] =⇒ (u = v)

proof −fix x y u i j yy vassume inst : Inst?L x y u (RSC i j ) Inst?L x yy v (RSC i j )assume SR: SR?L u (RSC i j )assume SIMU : SIMU ?L u v (RSC i j )assume carr : x ∈ e-carrier ?L y ∈ e-carrier ?L yy ∈ e-carrier ?L u ∈

carrier ?L v ∈ carrier ?Li ∈ r-carrier ?L j ∈ s-carrier ?L

show (u = v)proof −

from carr have j-cases: j = ts-set-M-0 ∨ j = ts-set-M-1 by forcefrom inst(1 ) have x0 : x=At-0 ∨ x=At-1 ∨ x=Compl-0 ∨ x = Oc-0 ∨

x = Oc-1 ∨ x = Oc-2 unfolding isInst-M-def by forcehave x00 : x=Oc-0 ∨ x=Oc-1 ∨ x=Oc-2 =⇒ (u=v)proof−

assume aa: x=Oc-0 ∨ x=Oc-1 ∨ x=Oc-2show (u=v)proof−

have negSR: ¬SR?L u (RSC i j )proof −have aa0 : x=Oc-0 =⇒ ¬SR?L u (RSC i j )proof−

assume a: x=Oc-0show ¬SR?L u (RSC i j )

proof−from a have l0 : inst-at-M x = {wlA-0} unfolding inst-at-M-def

by autohave l01 : u = wlA-0proof (rule ccontr)



213


qedqed

have l02 : wlA-0 /∈ SR-set-M-0 using wlA-0-not-in-SR-set-M-0by auto


have l04 :SR?L u (RSC i j ) =⇒ Falseproof−

assume a1 : SR?L u (RSC i j )show Falseproof−

have j-case-0 : j =ts-set-M-0 =⇒ Falseproof−

assume a2 : j =ts-set-M-0show Falseproof−

from carr a1 a2 have u ∈ SR-set-M-0 usinginSR-set-M-iff-SR-0 by auto

from this l01 have wlA-0 ∈ SR-set-M-0 by autofrom this l02 show False by auto

qedqedhave j-case-1 : j =ts-set-M-1 =⇒ Falseproof−




qedqedfrom j-cases j-case-0 j-case-1 show False by fast

qedqedfrom l04 show ¬SR?L u (RSC i j ) by auto

qedqed

have aa1 : x=Oc-1 =⇒ ¬SR?L u (RSC i j )proof−

assume a: x=Oc-1show ¬SR?L u (RSC i j )

proof−from a have l0 : inst-at-M x = {wlA-1} unfolding inst-at-M-def

by auto

214

have l01 : u = wlA-1proof (rule ccontr)




qedqed















qedqed

have aa2 : x=Oc-2 =⇒ ¬SR?L u (RSC i j )

215

proof−assume a: x=Oc-2show ¬SR?L u (RSC i j )

proof−from a have l0 : inst-at-M x = {top-of-m-set} unfolding

inst-at-M-def by autohave l01 : u = top-of-m-setproof (rule ccontr)




qedqed

have l02 : top-of-m-set /∈ SR-set-M-0 using top-of-m-set-not-in-SR-set-M-0by auto

have l03 : top-of-m-set /∈ SR-set-M-1 using top-of-m-set-not-in-SR-set-M-1by auto






from this l01 have top-of-m-set ∈ SR-set-M-0 by autofrom this l02 show False by auto




from this l01 have top-of-m-set ∈ SR-set-M-1 by autofrom this l03 show False by auto


216


qedqedfrom aa aa0 aa1 aa2 show ¬ SR?L u (RSC i j ) by force

qedfrom SR and negSR show u=v by auto

qedqedhave x01 : x=At-0 =⇒ u = vproof−

assume a: x=At-0show u = vproof−

from inst(1 ) and a have uu: u = A-00 ∨ u = A-01 ∨ u = A-02unfolding isInst-M-def by force

from inst(2 ) and a have vv : v = A-00 ∨ v = A-01 ∨ v = A-02unfolding isInst-M-def by force

show u = vproof (cases u=v)

case Truefrom True show u = v by auto

nextcase Falsehave j-case-0 : j =ts-set-M-0 =⇒ u = vproof −

assume a1 : j =ts-set-M-0show u = v

proof−from False a1 uu vv have ¬(SIMU ?L u v (RSC i j )) unfolding

SIMU-def by forcefrom this and SIMU show u = v by auto

qedqed

have j-case-1 : j =ts-set-M-1 =⇒ u = vproof −




qedqed

from j-cases j-case-0 j-case-1 show u = v by fastqed

qedqed

217

have x02 : x=At-1 =⇒ u = vproof−

assume a: x=At-1show u = vproof−

from inst(1 ) and a have uu: u = A-10 ∨ u = A-11 ∨ u = A-12unfolding isInst-M-def by force

from inst(2 ) and a have vv : v = A-10 ∨ v = A-11 ∨ v = A-12unfolding isInst-M-def by force



nextcase Falsehave j-case-0 : j =ts-set-M-0 =⇒ u = vproof −




qedqed





qedqed

from j-cases j-case-0 j-case-1 show u = v by fastqed

qedqed

have x03 : x=Compl-0 =⇒ u = vproof−

assume a: x=Compl-0show u = vproof−



next

218

case Falsehave j-case-0 : j =ts-set-M-0 =⇒ u = vproof −

assume a1 : j =ts-set-M-0show u = vproof−

from a inst(1 ) have Inst?L x y u (RSC i j ) by autofrom this have l1u: u ∈ inst-at-M-0-or-1 x j using

isInst-M-imp-inst-at-M-0-or-1 by autofrom a inst(2 ) have Inst?L x yy v (RSC i j ) by auto

from this have l1v : v ∈ inst-at-M-0-or-1 x j usingisInst-M-imp-inst-at-M-0-or-1 by auto

from l1u a1 have u ∈ inst-at-M-0-or-1 x ts-set-M-0 by autofrom a this have uu: u = ts0 ∨ u = ts1 ∨ u = ts2 using

Compl-0-at-ts-set-M-0 by blastfrom l1v a1 have v ∈ inst-at-M-0-or-1 x ts-set-M-0 by auto

from a this have vv : v = ts0 ∨ v = ts1 ∨ v = ts2 usingCompl-0-at-ts-set-M-0 by blast

from False a1 uu vv have ¬(SIMU ?L u v (RSC i j )) unfoldingSIMU-def

using neg-O-ts0-ts1 neg-O-ts0-ts2neg-O-ts1-ts2

by fastforcefrom this and SIMU show u = v by auto

qedqed



proof−from a inst(1 ) have Inst?L x y u (RSC i j ) by auto

from this have l1u: u ∈ inst-at-M-0-or-1 x j usingisInst-M-imp-inst-at-M-0-or-1 by auto

from a inst(2 ) have Inst?L x yy v (RSC i j ) by autofrom this have l1v : v ∈ inst-at-M-0-or-1 x j using

isInst-M-imp-inst-at-M-0-or-1 by autofrom l1u a1 have u ∈ inst-at-M-0-or-1 x ts-set-M-1 by autofrom a this have uu: u = ts0-M ∨ u = ts1-M ∨ u = ts2-M ∨ u

= ts3-M using Compl-0-at-ts-set-M-1 by forcefrom l1v a1 have v ∈ inst-at-M-0-or-1 x ts-set-M-1 by autofrom a this have vv : v = ts0-M ∨ v = ts1-M ∨ v = ts2-M ∨ v

= ts3-M using Compl-0-at-ts-set-M-1 by forcefrom False a1 uu vv have ¬(SIMU ?L u v (RSC i j )) unfolding

SIMU-defusing negO-ts0-M-ts1-M negO-ts0-M-ts2-M negO-ts0-M-ts3-M

negO-ts1-M-ts2-M negO-ts1-M-ts3-MnegO-ts2-M-ts3-M

by fastforce

219

from this and SIMU show u = v by autoqed

qedfrom j-cases j-case-0 j-case-1 show u = v by fast

qedqed

qedfrom x0 x00 x01 x02 x03 show u=v by force

qedqed

nextshow

∧x i j . [[x ∈ e-carrier ?L;i ∈ r-carrier ?L; j ∈ s-carrier ?L]] =⇒(∃ u ii jj . u ∈ carrier ?L ∧ ii ∈ r-carrier ?L ∧ jj ∈ s-carrier ?L ∧

i R?L ii ∧ j S?L jj ∧(∃ y . y ∈ e-carrier ?L ∧ ((Inst?L x y u (RSC ii jj )) ∨ (Inst?L y

x u (RSC ii jj )))))proof −

fix x i jassume carr : x ∈ e-carrier ?L i ∈ r-carrier ?L j ∈ s-carrier ?Lshow (∃ u ii jj . u ∈ carrier ?L ∧ ii ∈ r-carrier ?L ∧ jj ∈ s-carrier ?L ∧ i

R?L ii ∧ j S?L jj ∧(∃ y . y ∈ e-carrier ?L ∧ ((Inst?L x y u (RSC ii jj )) ∨ (Inst?L y

x u (RSC ii jj )))))proof−

from carr have xx : x=At-0 ∨ x=At-1 ∨ x=Compl-0 ∨ x = Oc-0 ∨ x= Oc-1 ∨ x = Oc-2 ∨ x = UC-0 ∨ x = UO-0 by auto

have xx0 : x=At-0 =⇒ ∃ u ii jj . u ∈ carrier ?L ∧ ii ∈ r-carrier ?L ∧ jj∈ s-carrier ?L ∧

i R?L ii ∧ j S?L jj ∧(∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y u (RSC

ii jj ) ∨ Inst?L y x u (RSC ii jj )))proof −

assume ax0 : x=At-0show ∃ u ii jj . u ∈ carrier ?L ∧ ii ∈ r-carrier ?L ∧ jj ∈ s-carrier ?L ∧


ii jj ) ∨ Inst?L y x u (RSC ii jj )))proof (rule exI [of λu. ∃ ii jj . u ∈ carrier ?L ∧ ii ∈ r-carrier ?L ∧ jj

∈ s-carrier ?L ∧i R?L ii ∧ j S?L jj ∧

(∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y u (RSCii jj ) ∨ Inst?L y x u (RSC ii jj ))) A-00 ])

show ∃ ii jj . A-00 ∈ carrier ?L ∧ ii ∈ r-carrier ?L ∧ jj ∈ s-carrier ?L∧

i R?L ii ∧ j S?L jj ∧(∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y A-00

(RSC ii jj ) ∨ Inst?L y x A-00 (RSC ii jj )))proof (rule exI [of λii . ∃ jj . A-00 ∈ carrier ?L ∧ ii ∈ r-carrier ?L ∧

jj ∈ s-carrier ?L ∧

220


(RSC ii jj ) ∨ Inst?L y x A-00 (RSC ii jj ))) wlCompl-0 ])show ∃ jj . A-00 ∈ carrier ?L ∧ wlCompl-0 ∈ r-carrier ?L ∧ jj ∈

s-carrier ?L ∧i R?L wlCompl-0 ∧ j S?L jj ∧

(∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y A-00(RSC wlCompl-0 jj ) ∨ Inst?L y x A-00 (RSC wlCompl-0 jj )))

proof (rule exI [of λjj . A-00 ∈ carrier ?L ∧ wlCompl-0 ∈ r-carrier?L ∧ jj ∈ s-carrier ?L ∧

i R?L wlCompl-0 ∧ j S?L jj ∧(∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y A-00

(RSC wlCompl-0 jj ) ∨ Inst?L y x A-00 (RSC wlCompl-0 jj ))) ts-set-M-0 ])show A-00 ∈ carrier ?L ∧ wlCompl-0 ∈ r-carrier ?L ∧ ts-set-M-0 ∈

s-carrier ?L ∧i R?L wlCompl-0 ∧ j S?Lts-set-M-0 ∧

(∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y A-00(RSC wlCompl-0 ts-set-M-0 ) ∨ Inst?L y x A-00 (RSC wlCompl-0 ts-set-M-0 )))

proof (rule conjI )show A-00 ∈ carrier ?L by simp

nextshow wlCompl-0 ∈ r-carrier ?L ∧ ts-set-M-0 ∈ s-carrier ?L ∧

i R?L wlCompl-0 ∧ j S?L ts-set-M-0 ∧(∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y A-00

(RSC wlCompl-0 ts-set-M-0 ) ∨ Inst?L y x A-00 (RSC wlCompl-0 ts-set-M-0 )))

proof (rule conjI )from carr show wlCompl-0 ∈ r-carrier ?L by simp

nextshow ts-set-M-0 ∈ s-carrier ?L ∧



proof (rule conjI )show ts-set-M-0 ∈ s-carrier ?L by simp

nextshow i R?L wlCompl-0 ∧ j S?L ts-set-M-0 ∧


proof (rule conjI )from carr show i R?L wlCompl-0 by force

nextshow j S?L ts-set-M-0 ∧


221

proof (rule conjI )from carr show j S?L ts-set-M-0 by force

nextshow (∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y A-00 (RSC wlCompl-0

ts-set-N-0 ) ∨ Inst?L y x A-00 (RSC wlCompl-0 ts-set-M-0 )))proof(rule exI [of λy . y ∈ e-carrier ?L ∧ (Inst?L x y A-00

(RSC wlCompl-0 ts-set-M-0 ) ∨ Inst?L y x A-00 (RSC wlCompl-0 ts-set-M-0 ))UC-0 ])

show UC-0 ∈ e-carrier ?L ∧ (Inst?L x UC-0 A-00 (RSCwlCompl-0 ts-set-M-0 ) ∨ Inst?L UC-0 x A-00 (RSC wlCompl-0 ts-set-M-0 ))

proof (rule conjI )show UC-0 ∈ e-carrier ?L by simp

nextshow (Inst?L x UC-0 A-00 (RSC wlCompl-0 ts-set-M-0 ) ∨

Inst?L UC-0 x A-00 (RSC wlCompl-0 ts-set-M-0 ))proof (rule disjI1 )

from ax0 show (Inst?L x UC-0 A-00 (RSC wlCompl-0ts-set-M-0 )) unfolding isInst-M-def by force

qedqed

qedqed

qedqed

qedqed

qedqedqed

qedhave xx1 : x=At-1 =⇒ ∃ u ii jj . u ∈ carrier ?L ∧ ii ∈ r-carrier ?L ∧ jj ∈

s-carrier ?L ∧i R?L ii ∧ j S?L jj ∧

(∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y u (RSCii jj ) ∨ Inst?L y x u (RSC ii jj )))

proof −assume ax0 : x=At-1show ∃ u ii jj . u ∈ carrier ?L ∧ ii ∈ r-carrier ?L ∧ jj ∈ s-carrier ?L ∧






i R?L ii ∧ j S?L jj ∧

222

(∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y A-10(RSC ii jj ) ∨ Inst?L y x A-10 (RSC ii jj )))

proof (rule exI [of λii . ∃ jj . A-10 ∈ carrier ?L ∧ ii ∈ r-carrier ?L ∧jj ∈ s-carrier ?L ∧


(RSC ii jj ) ∨ Inst?L y x A-10 (RSC ii jj ))) wlCompl-0 ])show ∃ jj . A-10 ∈ carrier ?L ∧ wlCompl-0 ∈ r-carrier ?L ∧ jj ∈

s-carrier ?L ∧i R?L wlCompl-0 ∧ j S?L jj ∧

(∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y A-10(RSC wlCompl-0 jj ) ∨ Inst?L y x A-10 (RSC wlCompl-0 jj )))

proof (rule exI [of λjj . A-10 ∈ carrier ?L ∧ wlCompl-0 ∈r-carrier ?L ∧ jj ∈ s-carrier ?L ∧


(RSC wlCompl-0 jj ) ∨ Inst?L y x A-10 (RSC wlCompl-0 jj ))) ts-set-N-0 ])show A-10 ∈ carrier ?L ∧ wlCompl-0 ∈ r-carrier ?L ∧

ts-set-N-0 ∈ s-carrier ?L ∧i R?L wlCompl-0 ∧ j S?L ts-set-N-0 ∧






proof (rule conjI )show wlCompl-0 ∈ r-carrier ?L by simp








next

223

show j S?L ts-set-M-0 ∧(∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y A-10




ts-set-M-0 ) ∨ Inst?L y x A-10 (RSC wlCompl-0 ts-set-M-0 )))proof(rule exI [of λy . y ∈ e-carrier ?L ∧ (Inst?L x y A-10

(RSC wlCompl-0 ts-set-M-0 ) ∨ Inst?L y x A-10 (RSC wlCompl-0 ts-set-M-0 ))UC-0 ])

show UC-0 ∈ e-carrier ?L ∧ (Inst?L x UC-0 A-10 (RSCwlCompl-0 ts-set-M-0 ) ∨ Inst?L UC-0 x A-10 (RSC wlCompl-0 ts-set-M-0 ))

proof (rule conjI )show UC-0 ∈ e-carrier ?L by simp

nextshow (Inst?L x UC-0 A-10 (RSC wlCompl-0 ts-set-M-0 ) ∨

Inst?L UC-0 x A-10 (RSC wlCompl-0 ts-set-M-0 ))proof (rule disjI1 )

from ax0 show (Inst?L x UC-0 A-10 (RSC wlCompl-0ts-set-M-0 )) unfolding isInst-M-def by force

qedqed

qedqed

qedqed

qedqed

qedqedqed

qedhave xx2 : x=Compl-0 =⇒ ∃ u ii jj . u ∈ carrier ?L ∧ ii ∈ r-carrier ?L ∧

jj ∈ s-carrier ?L ∧i R?L ii ∧ j S?L jj ∧


proof −assume ax0 : x=Compl-0show ∃ u ii jj . u ∈ carrier ?L ∧ ii ∈ r-carrier ?L ∧ jj ∈ s-carrier ?L ∧




(∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y u (RSC

224

ii jj ) ∨ Inst?L y x u (RSC ii jj ))) ts0 ])show ∃ ii jj . ts0 ∈ carrier ?L ∧ ii ∈ r-carrier ?L ∧ jj ∈ s-carrier ?L ∧

i R?L ii ∧ j S?L jj ∧(∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y ts0 (RSC

ii jj ) ∨ Inst?L y x ts0 (RSC ii jj )))proof (rule exI [of λii . ∃ jj . ts0 ∈ carrier ?L ∧ ii ∈ r-carrier ?L ∧ jj


(∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y ts0 (RSCii jj ) ∨ Inst?L y x ts0 (RSC ii jj ))) wlCompl-0 ])

show ∃ jj . ts0 ∈ carrier ?L ∧ wlCompl-0 ∈ r-carrier ?L ∧ jj ∈ s-carrier?L ∧

i R?L wlCompl-0 ∧ j S?L jj ∧(∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y ts0 (RSC

wlCompl-0 jj ) ∨ Inst?L y x ts0 (RSC wlCompl-0 jj )))proof (rule exI [of λjj . ts0 ∈ carrier ?L ∧ wlCompl-0 ∈ r-carrier ?L

∧ jj ∈ s-carrier ?L ∧i R?L wlCompl-0 ∧ j S?L jj ∧

(∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y ts0 (RSCwlCompl-0 jj ) ∨ Inst?L y x ts0 (RSC wlCompl-0 jj ))) ts-set-M-0 ])

show ts0 ∈ carrier ?L ∧ wlCompl-0 ∈ r-carrier ?L ∧ ts-set-M-0 ∈s-carrier ?L ∧

i R?L wlCompl-0 ∧ j S?L ts-set-M-0 ∧(∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y

ts0 (RSC wlCompl-0 ts-set-M-0 ) ∨ Inst?L y x ts0 (RSC wlCompl-0 ts-set-M-0 )))

proof (rule conjI )show ts0 ∈ carrier ?L by simp










(∃ y . y ∈ e-carrier ?L ∧ (Inst?L x yts0 (RSC wlCompl-0 ts-set-M-0 ) ∨ Inst?L y x ts0 (RSC wlCompl-0 ts-set-M-0 )))

225



(∃ y . y ∈ e-carrier ?L ∧ (Inst?L x yts0 (RSC wlCompl-0 ts-set-M-0 ) ∨ Inst?L y x ts0 (RSC wlCompl-0 ts-set-M-0 )))


nextshow (∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y ts0 (RSC wlCompl-0

ts-set-M-0 ) ∨ Inst?L y x ts0 (RSC wlCompl-0 ts-set-M-0 )))proof(rule exI [of λy . y ∈ e-carrier ?L ∧ (Inst?L x y ts0 (RSC

wlCompl-0 ts-set-M-0 ) ∨ Inst?L y x ts0 (RSC wlCompl-0 ts-set-M-0 )) UC-0 ])show UC-0 ∈ e-carrier ?L ∧ (Inst?L x UC-0 ts0 (RSC

wlCompl-0 ts-set-M-0 ) ∨ Inst?L UC-0 x ts0 (RSC wlCompl-0 ts-set-M-0 ))proof (rule conjI )

show UC-0 ∈ e-carrier ?L by simpnext

show (Inst?L x UC-0 ts0 (RSC wlCompl-0 ts-set-M-0 ) ∨Inst?L UC-0 x ts0 (RSC wlCompl-0 ts-set-M-0 ))

proof (rule disjI1 )from ax0 show (Inst?L x UC-0 ts0 (RSC wlCompl-0

ts-set-M-0 )) unfolding isInst-M-def by forceqed

qedqed

qedqed

qedqed

qedqedqedqed

qedhave xx3 : x=Oc-0 =⇒ ∃ u ii jj . u ∈ carrier ?L ∧ ii ∈ r-carrier ?L ∧ jj



proof −assume ax0 : x=Oc-0show ∃ u ii jj . u ∈ carrier ?L ∧ ii ∈ r-carrier ?L ∧ jj ∈ s-carrier ?L ∧



∈ s-carrier ?L ∧

226


ii jj ) ∨ Inst?L y x u (RSC ii jj ))) wlA-0 ])show ∃ ii jj . wlA-0 ∈ carrier ?L ∧ ii ∈ r-carrier ?L ∧ jj ∈ s-carrier

?L ∧i R?L ii ∧ j S?L jj ∧(∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y wlA-0

(RSC ii jj ) ∨ Inst?L y x wlA-0 (RSC ii jj )))proof (rule exI [of λii . ∃ jj . wlA-0 ∈ carrier ?L ∧ ii ∈ r-carrier ?L ∧

jj ∈ s-carrier ?L ∧i R?L ii ∧ j S?L jj ∧(∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y wlA-0

(RSC ii jj ) ∨ Inst?L y x wlA-0 (RSC ii jj ))) wlCompl-0 ])show ∃ jj . wlA-0 ∈ carrier ?L ∧ wlCompl-0 ∈ r-carrier ?L ∧ jj ∈

s-carrier ?L ∧i R?L wlCompl-0 ∧ j S?L jj ∧(∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y wlA-0

(RSC wlCompl-0 jj ) ∨ Inst?L y x wlA-0 (RSC wlCompl-0 jj )))proof (rule exI [of λjj . wlA-0 ∈ carrier ?L ∧ wlCompl-0 ∈ r-carrier

?L ∧ jj ∈ s-carrier ?L ∧i R?L wlCompl-0 ∧ j S?L jj ∧(∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y wlA-0

(RSC wlCompl-0 jj ) ∨ Inst?L y x wlA-0 (RSC wlCompl-0 jj ))) ts-set-M-0 ])show wlA-0 ∈ carrier ?L ∧ wlCompl-0 ∈ r-carrier ?L ∧ ts-set-M-0 ∈

s-carrier ?L ∧i R?L wlCompl-0 ∧ j S?L ts-set-M-0 ∧(∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y wlA-0

(RSC wlCompl-0 ts-set-M-0 ) ∨ Inst?L y x wlA-0 (RSC wlCompl-0 ts-set-M-0 )))

proof (rule conjI )show wlA-0 ∈ carrier ?L by simp


i R?L wlCompl-0 ∧ j S?L ts-set-M-0 ∧(∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y wlA-0








227

(∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y wlA-0(RSC wlCompl-0 ts-set-M-0 ) ∨ Inst?L y x wlA-0 (RSC wlCompl-0 ts-set-M-0 )))





nextshow (∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y wlA-0 (RSC wlCompl-0

ts-set-M-0 ) ∨ Inst?L y x wlA-0 (RSC wlCompl-0 ts-set-M-0 )))proof(rule exI [of λy . y ∈ e-carrier ?L ∧ (Inst?L x y wlA-0 (RSC

wlCompl-0 ts-set-M-0 ) ∨ Inst?L y x wlA-0 (RSC wlCompl-0 ts-set-M-0 )) UO-0 ])show UO-0 ∈ e-carrier ?L ∧ (Inst?L x UO-0 wlA-0 (RSC wlCompl-0

ts-set-M-0 ) ∨ Inst?L UO-0 x wlA-0 (RSC wlCompl-0 ts-set-M-0 ))proof (rule conjI )

show UO-0 ∈ e-carrier ?L by simpnext

show (Inst?L x UO-0 wlA-0 (RSC wlCompl-0 ts-set-M-0 ) ∨Inst?L UO-0 x wlA-0 (RSC wlCompl-0 ts-set-M-0 ))

proof (rule disjI1 )from ax0 show (Inst?L x UO-0 wlA-0 (RSC wlCompl-0

ts-set-M-0 )) unfolding isInst-M-def by forceqed

qedqed

qedqed

qedqed

qedqedqedqed




proof −assume ax0 : x=Oc-1show ∃ u ii jj . u ∈ carrier ?L ∧ ii ∈ r-carrier ?L ∧ jj ∈ s-carrier ?L ∧


228



(∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y u (RSCii jj ) ∨ Inst?L y x u (RSC ii jj ))) wlA-1 ])

show ∃ ii jj . wlA-1 ∈ carrier ?L ∧ ii ∈ r-carrier ?L ∧ jj ∈ s-carrier?L ∧

i R?L ii ∧ j S?L jj ∧(∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y wlA-1







(RSC wlCompl-0 jj ) ∨ Inst?L y x wlA-1 (RSC wlCompl-0 jj ))) ts-set-M-0 ])show wlA-1 ∈ carrier ?L ∧ wlCompl-0 ∈ r-carrier ?L ∧ ts-set-M-0 ∈

s-carrier ?L ∧i R?L wlCompl-0 ∧ j S?L ts-set-M-0 ∧(∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y wlA-1










proof (rule conjI )

229

show ts-set-M-0 ∈ s-carrier ?L by simpnext

show i R?L wlCompl-0 ∧ j S?L ts-set-M-0 ∧(∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y wlA-1








wlCompl-0 ts-set-M-0 ) ∨ Inst?L y x wlA-1 (RSC wlCompl-0 ts-set-M-0 )) UO-0 ])show UO-0 ∈ e-carrier ?L ∧ (Inst?L x UO-0 wlA-1 (RSC wlCompl-0

ts-set-M-0 ) ∨ Inst?L UO-0 x wlA-1 (RSC wlCompl-0 ts-set-M-0 ))proof (rule conjI )

show UO-0 ∈ e-carrier ?L by simpnext

show (Inst?L x UO-0 wlA-1 (RSC wlCompl-0 ts-set-M-0 ) ∨ Inst?LUO-0 x wlA-1 (RSC wlCompl-0 ts-set-M-0 ))

proof (rule disjI1 )from ax0 show (Inst?L x UO-0 wlA-1 (RSC wlCompl-0 ts-set-M-0 ))

unfolding isInst-M-def by forceqed

qedqed

qedqed

qedqed

qedqedqedqed




proof −assume ax0 : x=Oc-2

230

show ∃ u ii jj . u ∈ carrier ?L ∧ ii ∈ r-carrier ?L ∧ jj ∈ s-carrier ?L ∧i R?L ii ∧ j S?L jj ∧


proof (rule exI [of λu. ∃ ii jj . u ∈ carrier ?L ∧ ii ∈ r-carrier ?L ∧ jj∈ s-carrier ?L ∧


ii jj ) ∨ Inst?L y x u (RSC ii jj ))) top-of-m-set ])show ∃ ii jj . top-of-m-set ∈ carrier ?L ∧ ii ∈ r-carrier ?L ∧ jj ∈

s-carrier ?L ∧i R?L ii ∧ j S?L jj ∧

(∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y top-of-m-set(RSC ii jj ) ∨ Inst?L y x top-of-m-set (RSC ii jj )))

proof (rule exI [of λii . ∃ jj . top-of-m-set ∈ carrier ?L ∧ ii ∈ r-carrier?L ∧ jj ∈ s-carrier ?L ∧

i R?L ii ∧ j S?L jj ∧(∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y top-of-m-set

(RSC ii jj ) ∨ Inst?L y x top-of-m-set (RSC ii jj ))) wlCompl-0 ])show ∃ jj . top-of-m-set ∈ carrier ?L ∧ wlCompl-0 ∈ r-carrier ?L ∧ jj

∈ s-carrier ?L ∧i R?L wlCompl-0 ∧ j S?L jj ∧

(∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y top-of-m-set(RSC wlCompl-0 jj ) ∨ Inst?L y x top-of-m-set (RSC wlCompl-0 jj )))

proof (rule exI [of λjj . top-of-m-set ∈ carrier ?L ∧ wlCompl-0 ∈r-carrier ?L ∧ jj ∈ s-carrier ?L ∧

i R?L wlCompl-0 ∧ j S?L jj ∧(∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y top-of-m-set

(RSC wlCompl-0 jj ) ∨ Inst?L y x top-of-m-set (RSC wlCompl-0 jj ))) ts-set-M-0 ])

show top-of-m-set ∈ carrier ?L ∧ wlCompl-0 ∈ r-carrier ?L ∧ ts-set-M-0∈ s-carrier ?L ∧

i R?L wlCompl-0 ∧ j S?L ts-set-M-0 ∧(∃ y . y ∈ e-carrier ?L ∧ (Inst?L

x y top-of-m-set (RSC wlCompl-0 ts-set-M-0 ) ∨ Inst?L y x top-of-m-set (RSCwlCompl-0 ts-set-M-0 )))

proof (rule conjI )show top-of-m-set ∈ carrier ?L by simp


i R?L wlCompl-0 ∧ j S?L ts-set-M-0 ∧(∃ y . y ∈ e-carrier ?L ∧ (Inst?L

x y top-of-m-set (RSC wlCompl-0 ts-set-M-0 ) ∨ Inst?L y x top-of-m-set (RSCwlCompl-0 ts-set-M-0 )))



i R?L wlCompl-0 ∧ j S?L ts-set-M-0 ∧

231

(∃ y . y ∈ e-carrier ?L ∧ (Inst?Lx y top-of-m-set (RSC wlCompl-0 ts-set-M-0 ) ∨ Inst?L y x top-of-m-set (RSCwlCompl-0 ts-set-M-0 )))








nextshow (∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y top-of-m-set (RSC

wlCompl-0 ts-set-M-0 ) ∨ Inst?L y x top-of-m-set (RSC wlCompl-0 ts-set-M-0 )))

proof(rule exI [of λy . y ∈ e-carrier ?L ∧ (Inst?L x y top-of-m-set (RSCwlCompl-0 ts-set-M-0 ) ∨ Inst?L y x top-of-m-set (RSC wlCompl-0 ts-set-M-0 ))UO-0 ])

show UO-0 ∈ e-carrier ?L ∧ (Inst?L x UO-0 top-of-m-set(RSC wlCompl-0 ts-set-M-0 ) ∨ Inst?L UO-0 x top-of-m-set (RSC wlCompl-0ts-set-M-0 ))

proof (rule conjI )show UO-0 ∈ e-carrier ?L by simp

nextshow (Inst?L x UO-0 top-of-m-set (RSC wlCompl-0 ts-set-M-0 ) ∨

Inst?L UO-0 x top-of-m-set (RSC wlCompl-0 ts-set-M-0 ))proof (rule disjI1 )

from ax0 show (Inst?L x UO-0 top-of-m-set (RSC wlCompl-0ts-set-M-0 )) unfolding isInst-M-def by force

qedqed

qedqed

qedqed

qedqed

qedqedqed

qed

232

have xx6 : x=UC-0 =⇒ ∃ u ii jj . u ∈ carrier ?L ∧ ii ∈ r-carrier ?L ∧ jj∈ s-carrier ?L ∧



assume ax0 : x=UC-0show ∃ u ii jj . u ∈ carrier ?L ∧ ii ∈ r-carrier ?L ∧ jj ∈ s-carrier ?L ∧







(RSC ii jj ) ∨ Inst?L y x A-00 (RSC ii jj )))proof (rule exI [of λii . ∃ jj . A-00 ∈ carrier ?L ∧ ii ∈ r-carrier ?L ∧

jj ∈ s-carrier ?L ∧i R?L ii ∧ j S?L jj ∧

(∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y A-00(RSC ii jj ) ∨ Inst?L y x A-00 (RSC ii jj ))) wlCompl-0 ])

show ∃ jj . A-00 ∈ carrier ?L ∧ wlCompl-0 ∈ r-carrier ?L ∧ jj ∈s-carrier ?L ∧


(RSC wlCompl-0 jj ) ∨ Inst?L y x A-00 (RSC wlCompl-0 jj )))proof (rule exI [of λjj . A-00 ∈ carrier ?L ∧ wlCompl-0 ∈ r-carrier

?L ∧ jj ∈ s-carrier ?L ∧i R?L wlCompl-0 ∧ j S?L jj ∧

(∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y A-00(RSC wlCompl-0 jj ) ∨ Inst?L y x A-00 (RSC wlCompl-0 jj ))) ts-set-M-0 ])

show A-00 ∈ carrier ?L ∧ wlCompl-0 ∈ r-carrier ?L ∧ ts-set-M-0 ∈s-carrier ?L ∧







233













ts-set-M-0 ) ∨ Inst?L y x A-00 (RSC wlCompl-0 ts-set-M-0 )))proof(rule exI [of λy . y ∈ e-carrier ?L ∧ (Inst?L x y A-00 (RSC

wlCompl-0 ts-set-M-0 ) ∨ Inst?L y x A-00 (RSC wlCompl-0 ts-set-M-0 )) At-0 ])show At-0 ∈ e-carrier ?L ∧ (Inst?L x At-0 A-00 (RSC wlCompl-0

ts-set-M-0 ) ∨ Inst?L At-0 x A-00 (RSC wlCompl-0 ts-set-M-0 ))proof (rule conjI )

show At-0 ∈ e-carrier ?L by simpnext

show (Inst?L x At-0 A-00 (RSC wlCompl-0 ts-set-M-0 ) ∨ Inst?LAt-0 x A-00 (RSC wlCompl-0 ts-set-M-0 ))

proof (rule disjI2 )from ax0 show Inst?L At-0 x A-00 (RSC wlCompl-0 ts-set-M-0 )

unfolding isInst-M-def by forceqed

qedqed

qedqed

qedqed

qedqed

234

qedqedqed

have xx7 : x=UO-0 =⇒ ∃ u ii jj . u ∈ carrier ?L ∧ ii ∈ r-carrier ?L ∧ jj∈ s-carrier ?L ∧



assume ax0 : x=UO-0show ∃ u ii jj . u ∈ carrier ?L ∧ ii ∈ r-carrier ?L ∧ jj ∈ s-carrier ?L ∧




(∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y u (RSCii jj ) ∨ Inst?L y x u (RSC ii jj ))) wlA-0 ])

show ∃ ii jj . wlA-0 ∈ carrier ?L ∧ ii ∈ r-carrier ?L ∧ jj ∈ s-carrier?L ∧

i R?L ii ∧ j S?L jj ∧(∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y wlA-0







(RSC wlCompl-0 jj ) ∨ Inst?L y x wlA-0 (RSC wlCompl-0 jj ))) ts-set-M-0 ])show wlA-0 ∈ carrier ?L ∧ wlCompl-0 ∈ r-carrier ?L ∧ ts-set-M-0

∈ s-carrier ?L ∧i R?L wlCompl-0 ∧ j S?L ts-set-M-0 ∧(∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y wlA-0




235
















wlCompl-0 ts-set-M-0 ) ∨ Inst?L y x wlA-0 (RSC wlCompl-0 ts-set-M-0 )) Oc-0 ])show Oc-0 ∈ e-carrier ?L ∧ (Inst?L x Oc-0 wlA-0 (RSC wlCompl-0

ts-set-M-0 ) ∨ Inst?L Oc-0 x wlA-0 (RSC wlCompl-0 ts-set-M-0 ))proof (rule conjI )

show Oc-0 ∈ e-carrier ?L by simpnext

show (Inst?L x Oc-0 wlA-0 (RSC wlCompl-0 ts-set-M-0 ) ∨Inst?L Oc-0 x wlA-0 (RSC wlCompl-0 ts-set-M-0 ))

proof (rule disjI2 )from ax0 show Inst?L Oc-0 x wlA-0 (RSC wlCompl-0

ts-set-M-0 ) unfolding isInst-M-def by forceqed

qedqed

qedqed

qed

236

qedqed

qedqedqed

qedfrom xx xx0 xx1 xx2 xx3 xx4 xx5 xx6 xx7 show ∃ u ii jj . u ∈ carrier ?L ∧

ii ∈ r-carrier ?L ∧ jj ∈ s-carrier ?L ∧i R?L ii ∧ j S?L jj ∧

(∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y u (RSCii jj ) ∨ Inst?L y x u (RSC ii jj ))) by force

qedqed

nextshow

∧x u i j v . [[(∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y u (RSC i j ) ∨ Inst?L

y x u (RSC i j )));(∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y v (RSC i j ) ∨ Inst?L y x v

(RSC i j )));¬(SIMU ?L u v (RSC i j ));

x ∈ e-carrier ?L; u ∈ carrier ?L; v ∈ carrier ?L; i ∈ r-carrier ?L;j ∈ s-carrier ?L]] =⇒

(∃w . w ∈ carrier ?L ∧ TR?L w (RSC i j ) ∧w =

⊔?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧

(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))})proof −

fix x u i j vassume loc1 : (∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y u (RSC i j ) ∨ Inst?L y x

u (RSC i j )))assume loc2 : (∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y v (RSC i j ) ∨ Inst?L y x

v (RSC i j )))assume simu: ¬(SIMU ?L u v (RSC i j ))assume carr : x ∈ e-carrier ?L u ∈ carrier ?L v ∈ carrier ?L i ∈ r-carrier

?L j ∈ s-carrier ?Lshow (∃w . w ∈ carrier ?L ∧ TR?L w (RSC i j ) ∧

w =⊔

?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))})

proof−from loc1 obtain y1 where l1 : y1 ∈ e-carrier ?L ∧ (Inst?L x y1 u (RSC

i j ) ∨ Inst?L y1 x u (RSC i j )) by autofrom loc2 obtain y2 where l2 : y2 ∈ e-carrier ?L ∧ (Inst?L x y2 v (RSC

i j ) ∨ Inst?L y2 x v (RSC i j )) by autofrom l1 l2 have x-cases: x = At-0 ∨ x = At-1 ∨ x = Compl-0 ∨ x =

Oc-0 ∨ x = Oc-1 ∨ x= Oc-2 ∨ x = UC-0 ∨ x = UO-0 using isInst-M-def byfastforce

from carr have i-case: i = wlCompl-0 by simpfrom carr have j-cases: j = ts-set-M-0 ∨ j = ts-set-M-1 by autohave x-case-0 : x = At-0 =⇒ (∃w . w ∈ carrier ?L ∧ TR?L w (RSC i j )

∧w =


237


assume a1 : x = At-0show (∃w . w ∈ carrier ?L ∧ TR?L w (RSC i j ) ∧

w =⊔


proof−have j-case-0 : j = ts-set-M-0 =⇒ (∃w . w ∈ carrier ?L ∧ TR?L w

(RSC i j ) ∧w =


(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))})proof−

assume a2 : j = ts-set-M-0show (∃w . w ∈ carrier ?L ∧ TR?L w (RSC i j ) ∧

w =⊔


proof (rule exI [of λw . w ∈ carrier ?L ∧ TR?L w (RSC i j ) ∧w =


(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))} wlA-0 ])show wlA-0 ∈ carrier ?L ∧ TR?L wlA-0 (RSC i j ) ∧

wlA-0 =⊔

?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))}

proof (rule conjI )from carr show wlA-0 ∈ carrier ?L by auto

nextshow TR?L wlA-0 (RSC i j ) ∧wlA-0 =


(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))}proof(rule conjI )

show TR?L wlA-0 (RSC i j )proof (rule TR-I )

show wlA-0 ∈ carrier ?L by autonext



show (∃ t1 t2 . t1 ∈ carrier ?L ∧ t2 ∈ carrier ?L ∧ TS?Lt1 (RSC i j ) ∧ TS?L t2 (RSC i j ) ∧ ¬(t1 .O?L t2 ) ∧ wlA-0 .O?L t1 ∧ wlA-0.O?L t2 )

proof (rule exI [of λt1 . ∃ t2 . t1 ∈ carrier ?L ∧ t2 ∈ carrier?L ∧ TS?L t1 (RSC i j ) ∧ TS?L t2 (RSC i j ) ∧ ¬(t1 .O?L t2 ) ∧ wlA-0 .O?Lt1 ∧ wlA-0 .O?L t2 ts0 ])

show ∃ t2 . ts0 ∈ carrier ?L ∧ t2 ∈ carrier ?L ∧ TS?Lts0 (RSC i j ) ∧ TS?L t2 (RSC i j ) ∧ ¬(ts0 .O?L t2 ) ∧ wlA-0 .O?L ts0 ∧ wlA-0.O?L t2

proof (rule exI [of λt2 . ts0 ∈ carrier ?L ∧ t2 ∈ carrier ?L∧ TS?L ts0 (RSC i j ) ∧ TS?L t2 (RSC i j ) ∧ ¬(ts0 .O?L t2 ) ∧ wlA-0 .O?L ts0∧ wlA-0 .O?L t2 ts1 ])

238

from a2 i-case show ts0 ∈ carrier ?L ∧ ts1 ∈ carrier ?L∧ TS?L ts0 (RSC i j ) ∧ TS?L ts1 (RSC i j ) ∧ ¬(ts0 .O?L ts1 ) ∧ wlA-0 .O?Lts0 ∧ wlA-0 .O?L ts1 unfolding overlap-def by auto

qedqed

qednextshow wlA-0 =

⊔?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier

?L ∧ (Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))}proof−

from carr a1 a2 have l1 : {A-00 ,A-01 ,A-02} ={uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧ (Inst?L x

y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))}unfolding isInst-M-def by auto

from carr have l2 : {A-00 ,A-01 ,A-02} ⊆ carrier ?L ∧ finite{A-00 ,A-01 ,A-02} by auto

from l2 have l3 : least ?L (⋃{A-00 ,A-01 ,A-02}) (Upper

?L {A-00 ,A-01 ,A-02}) using finite-sup-least-Union by (metis (no-types, lifting)empty-not-insert)

have l4 : wlA-0 =⋃{A-00 ,A-01 ,A-02} by auto

from l3 l4 have least ?L wlA-0 (Upper ?L {A-00 ,A-01 ,A-02})by auto

from this have wlA-0 =⊔

?L {A-00 ,A-01 ,A-02} usingsup-def by (metis (no-types, lifting) empty-not-insert l2 m-set-is-partial-order-Mm-set-is-upper-semilattice-M S5-RS-2S-partial-order .least-unique upper-semilattice.finite-sup-least)

from this l1 show wlA-0 =⊔

?L {uu. uu ∈ carrier ?L ∧(∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))}by simp

qedqed

qedqed

qedhave j-case-1 : j = ts-set-M-1 =⇒ (∃w . w ∈ carrier ?L ∧ TR?L w

(RSC i j ) ∧w =




w =⊔





wlA-0 =⊔


proof (rule conjI )

239

from carr show wlA-0 ∈ carrier ?L by autonext

show TR?L wlA-0 (RSC i j ) ∧wlA-0 =








proof (rule exI [of λt1 . ∃ t2 . t1 ∈ carrier ?L ∧ t2 ∈ carrier?L ∧ TS?L t1 (RSC i j ) ∧ TS?L t2 (RSC i j ) ∧ ¬(t1 .O?L t2 ) ∧ wlA-0 .O?Lt1 ∧ wlA-0 .O?L t2 ts1-M ])

show ∃ t2 . ts1-M ∈ carrier ?L ∧ t2 ∈ carrier ?L ∧ TS?Lts1-M (RSC i j ) ∧ TS?L t2 (RSC i j ) ∧ ¬(ts1-M .O?L t2 ) ∧ wlA-0 .O?L ts1-M∧ wlA-0 .O?L t2

proof (rule exI [of λt2 . ts1-M ∈ carrier ?L ∧ t2 ∈carrier ?L ∧ TS?L ts1-M (RSC i j ) ∧ TS?L t2 (RSC i j ) ∧ ¬(ts1-M .O?L t2 )∧ wlA-0 .O?L ts1-M ∧ wlA-0 .O?L t2 ts2-M ])

from a2 i-case show ts1-M ∈ carrier ?L ∧ ts2-M ∈ carrier?L ∧ TS?L ts1-M (RSC i j ) ∧ TS?L ts2-M (RSC i j ) ∧ ¬(ts1-M .O?L ts2-M )∧ wlA-0 .O?L ts1-M ∧ wlA-0 .O?L ts2-M unfolding overlap-def by auto

qedqed

qednextshow wlA-0 =



from carr a1 a2 i-case have l1 : {A-00 ,A-01 ,A-02} = {uu. uu∈ carrier ?L ∧ UC-0 ∈ e-carrier ?L ∧ Inst?L x UC-0 uu (RSC i j )} unfoldingisInst-M-def by auto

from carr a1 a2 i-case have l2 : {} = {uu. uu ∈ carrier ?L ∧UO-0 ∈ e-carrier ?L ∧ Inst?L x UO-0 uu (RSC i j )} unfolding isInst-M-def byauto

from carr a1 a2 i-case have l3 : {} = {uu. uu ∈ carrier ?L∧ At-0 ∈ e-carrier ?L ∧ Inst?L x At-0 uu (RSC i j )} unfolding isInst-M-def byauto


from carr a1 a2 i-case have l5 : {} = {uu. uu ∈ carrier ?L ∧

240

Compl-0 ∈ e-carrier ?L ∧ Inst?L x Compl-0 uu (RSC i j )} unfolding isInst-M-defby auto

from carr a1 a2 i-case have l6 : {} = {uu. uu ∈ carrier?L ∧ Oc-0 ∈ e-carrier ?L ∧ Inst?L x Oc-0 uu (RSC i j )} unfolding isInst-M-defby auto



from carr have l9 : ∀ y . (y ∈ e-carrier ?L) = (y=UC-0 ∨ y= UO-0 ∨ y = At-0 ∨ y = At-1 ∨ y = Compl-0 ∨ y = Oc-0 ∨ y = Oc-1 ∨ y= Oc-2 ) by auto

from carr a1 a2 i-case l1 l2 l3 l4 l5 l6 l7 l8 l9 have l0 :{A-00 ,A-01 ,A-02} = {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧ Inst?L x yuu (RSC i j ))} sorry

from carr have l10 : {A-00 ,A-01 ,A-02} ⊆ carrier ?L ∧finite {A-00 ,A-01 ,A-02} by auto





from this have l13 : wlA-0 =⊔


from carr a1 a2 i-case have l14 : {uu. uu ∈ carrier ?L ∧(∃ y . y ∈ e-carrier ?L ∧ Inst?L x y uu (RSC i j ))} = {uu. uu ∈ carrier ?L ∧(∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))}unfolding isInst-M-def by auto

from this l0 l13 l14 show wlA-0 =⊔

?L {uu. uu ∈ carrier?L ∧ (∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC ij )))} by auto

qedqed

qedqed

qedfrom j-cases j-case-0 j-case-1 show (∃w . w ∈ carrier ?L ∧ TR?L w

(RSC i j ) ∧w =


(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))}) by forceqed

qedhave x-case-1 : x = At-1 =⇒ (∃w . w ∈ carrier ?L ∧ TR?L w (RSC i j )

∧w =


241


assume a1 : x = At-1show (∃w . w ∈ carrier ?L ∧ TR?L w (RSC i j ) ∧

w =⊔



(RSC i j ) ∧w =




w =⊔





wlA-1 =⊔













proof (rule exI [of λt2 . ts0 ∈ carrier ?L ∧ t2 ∈ carrier ?L∧ TS?L ts0 (RSC i j ) ∧ TS?L t2 (RSC i j ) ∧ ¬(ts0 .O?L t2 ) ∧ wlA-1 .O?L ts0∧ wlA-1 .O?L t2 ts1 ])

242


qedqed

qednextshow wlA-1 =



from carr a1 a2 have l1 : {A-10 ,A-11 ,A-12} ={uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧ (Inst?L x

y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))}unfolding isInst-M-def by auto

from carr have l2 : {A-10 ,A-11 ,A-12} ⊆ carrier ?L ∧ finite{A-10 ,A-11 ,A-12} by auto





from this have wlA-1 =⊔




qedqed

qedqed


(RSC i j ) ∧w =




w =⊔





wlA-1 =⊔


proof (rule conjI )

243














qedqed

qednextshow wlA-1 =



from carr a1 a2 i-case have l1 : {A-10 ,A-11 ,A-12} = {uu. uu∈ carrier ?L ∧ UC-0 ∈ e-carrier ?L ∧ Inst?L x UC-0 uu (RSC i j )} unfoldingisInst-M-def by auto




from carr a1 a2 i-case have l5 : {} = {uu. uu ∈ carrier ?L ∧

244






from carr a1 a2 i-case l1 l2 l3 l4 l5 l6 l7 l8 l9 have l0 :{A-10 ,A-11 ,A-12} = {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧ Inst?L x yuu (RSC i j ))} sorry

from carr have l10 : {A-10 ,A-11 ,A-12} ⊆ carrier ?L ∧finite {A-10 ,A-11 ,A-12} by auto










qedqed

qedqed


(RSC i j ) ∧w =



qedhave x-case-2 : x = Compl-0 =⇒ (∃w . w ∈ carrier ?L ∧ TR?L w (RSC

i j ) ∧w =


245


assume a1 : x = Compl-0show (∃w . w ∈ carrier ?L ∧ TR?L w (RSC i j ) ∧

w =⊔



(RSC i j ) ∧w =




w =⊔




(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))} top-of-m-set ])show top-of-m-set ∈ carrier ?L ∧ TR?L top-of-m-set (RSC i j )

∧top-of-m-set =


?L ∧ (Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))}proof (rule conjI )

from carr show top-of-m-set ∈ carrier ?L by autonext

show TR?L top-of-m-set (RSC i j ) ∧top-of-m-set =


?L ∧ (Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))}proof(rule conjI )

show TR?L top-of-m-set (RSC i j )proof (rule TR-I )

show top-of-m-set ∈ carrier ?L by autonext



show (∃ t1 t2 . t1 ∈ carrier ?L ∧ t2 ∈ carrier ?L ∧ TS?Lt1 (RSC i j ) ∧ TS?L t2 (RSC i j ) ∧ ¬(t1 .O?L t2 ) ∧ top-of-m-set .O?L t1 ∧top-of-m-set .O?L t2 )

proof (rule exI [of λt1 . ∃ t2 . t1 ∈ carrier ?L ∧ t2 ∈ carrier?L ∧ TS?L t1 (RSC i j ) ∧ TS?L t2 (RSC i j ) ∧ ¬(t1 .O?L t2 ) ∧ top-of-m-set.O?L t1 ∧ top-of-m-set .O?L t2 ts0 ])

show ∃ t2 . ts0 ∈ carrier ?L ∧ t2 ∈ carrier ?L ∧ TS?Lts0 (RSC i j ) ∧ TS?L t2 (RSC i j ) ∧ ¬(ts0 .O?L t2 ) ∧ top-of-m-set .O?L ts0 ∧top-of-m-set .O?L t2

proof (rule exI [of λt2 . ts0 ∈ carrier ?L ∧ t2 ∈ carrier?L ∧ TS?L ts0 (RSC i j ) ∧ TS?L t2 (RSC i j ) ∧ ¬(ts0 .O?L t2 ) ∧ top-of-m-set

246

.O?L ts0 ∧ top-of-m-set .O?L t2 ts1 ])from a2 i-case show ts0 ∈ carrier ?L ∧ ts1 ∈ carrier ?L

∧ TS?L ts0 (RSC i j ) ∧ TS?L ts1 (RSC i j ) ∧ ¬(ts0 .O?L ts1 ) ∧ top-of-m-set.O?L ts0 ∧ top-of-m-set .O?L ts1 unfolding overlap-def by auto

qedqed

qednext

show top-of-m-set =⊔

?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈e-carrier ?L ∧ (Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))}

proof−from carr a1 a2 have l1 : {ts0 ,ts1 ,ts2} ={uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧ (Inst?L x

y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))}unfolding isInst-M-def sorry

from carr have l2 : {ts0 ,ts1 ,ts2} ⊆ carrier ?L ∧ finite{ts0 ,ts1 ,ts2} by auto

from l2 have l3 : least ?L (⋃{ts0 ,ts1 ,ts2})

(Upper ?L {ts0 ,ts1 ,ts2}) using finite-sup-least-Union by (metis (no-types, lift-ing) empty-not-insert)

have l4 : top-of-m-set =⋃{ts0 ,ts1 ,ts2} by auto

from l3 l4 have least ?L top-of-m-set (Upper ?L {ts0 ,ts1 ,ts2})by auto

from this have top-of-m-set =⊔

?L {ts0 ,ts1 ,ts2} usingsup-def by (metis (no-types, lifting) empty-not-insert l2 m-set-is-partial-order-Mm-set-is-upper-semilattice-M S5-RS-2S-partial-order .least-unique upper-semilattice.finite-sup-least)

from this l1 show top-of-m-set =⊔

?L {uu. uu ∈ carrier ?L∧ (∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))}by simp

qedqed

qedqed


(RSC i j ) ∧w =




w =⊔





∧top-of-m-set =


247











proof (rule exI [of λt1 . ∃ t2 . t1 ∈ carrier ?L ∧ t2 ∈ carrier?L ∧ TS?L t1 (RSC i j ) ∧ TS?L t2 (RSC i j ) ∧ ¬(t1 .O?L t2 ) ∧ top-of-m-set.O?L t1 ∧ top-of-m-set .O?L t2 ts1-M ])

show ∃ t2 . ts1-M ∈ carrier ?L ∧ t2 ∈ carrier ?L ∧ TS?Lts1-M (RSC i j ) ∧ TS?L t2 (RSC i j ) ∧ ¬(ts1-M .O?L t2 ) ∧ top-of-m-set .O?Lts1-M ∧ top-of-m-set .O?L t2

proof (rule exI [of λt2 . ts1-M ∈ carrier ?L ∧ t2 ∈carrier ?L ∧ TS?L ts1-M (RSC i j ) ∧ TS?L t2 (RSC i j ) ∧ ¬(ts1-M .O?L t2 )∧ top-of-m-set .O?L ts1-M ∧ top-of-m-set .O?L t2 ts2-M ])

from a2 i-case show ts1-M ∈ carrier ?L ∧ ts2-M ∈ carrier?L ∧ TS?L ts1-M (RSC i j ) ∧ TS?L ts2-M (RSC i j ) ∧ ¬(ts1-M .O?L ts2-M )∧ top-of-m-set .O?L ts1-M ∧ top-of-m-set .O?L ts2-M unfolding overlap-def byauto

qedqed

qednext



proof−from carr a1 a2 i-case have l1 : {ts0-M ,ts1-M ,ts2-M ,ts3-M }

= {uu. uu ∈ carrier ?L ∧ UC-0 ∈ e-carrier ?L ∧ Inst?L x UC-0 uu (RSC i j )}unfolding isInst-M-def sorry



from carr a1 a2 i-case have l4 : {} = {uu. uu ∈ carrier ?L

248

∧ At-1 ∈ e-carrier ?L ∧ Inst?L x At-1 uu (RSC i j )} unfolding isInst-M-def byauto

from carr a1 a2 i-case have l5 : {} = {uu. uu ∈ carrier ?L ∧Compl-0 ∈ e-carrier ?L ∧ Inst?L x Compl-0 uu (RSC i j )} unfolding isInst-M-defby auto





from carr a1 a2 i-case l1 l2 l3 l4 l5 l6 l7 l8 l9 have l0 :{ts0-M ,ts1-M ,ts2-M ,ts3-M } = {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧Inst?L x y uu (RSC i j ))} sorry

from carr have l10 : {ts0-M ,ts1-M ,ts2-M ,ts3-M } ⊆ carrier?L ∧ finite {ts0-M ,ts1-M ,ts2-M ,ts3-M } by auto

from l10 have l11 : least ?L (⋃{ts0-M ,ts1-M ,ts2-M ,ts3-M })

(Upper ?L {ts0-M ,ts1-M ,ts2-M ,ts3-M }) using finite-sup-least-Union by (metis(no-types, lifting) empty-not-insert)

have l12 : top-of-m-set =⋃{ts0-M ,ts1-M ,ts2-M ,ts3-M } by

autofrom l11 l12 have least ?L top-of-m-set (Upper ?L

{ts0-M ,ts1-M ,ts2-M ,ts3-M }) by autofrom this have l13 : top-of-m-set =

⊔?L {ts0-M ,ts1-M ,ts2-M ,ts3-M }

using sup-def by (metis (no-types, lifting) empty-not-insert l10 m-set-is-partial-order-Mm-set-is-upper-semilattice-M S5-RS-2S-partial-order .least-unique upper-semilattice.finite-sup-least)


from this l0 l13 l14 show top-of-m-set =⊔

?L {uu. uu ∈carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu(RSC i j )))} by auto

qedqed

qedqed


(RSC i j ) ∧w =



249

qedhave x-case-3 : x = Oc-0 =⇒ (∃w . w ∈ carrier ?L ∧ TR?L w (RSC i j )

∧w =



assume a1 : x = Oc-0show (∃w . w ∈ carrier ?L ∧ TR?L w (RSC i j ) ∧

w =⊔



(RSC i j ) ∧w =




w =⊔





wlA-0 =⊔












show ∃ t2 . ts0 ∈ carrier ?L ∧ t2 ∈ carrier ?L ∧ TS?Lts0 (RSC i j ) ∧ TS?L t2 (RSC i j ) ∧ ¬(ts0 .O?L t2 ) ∧ wlA-0 .O?L ts0 ∧ wlA-0

250

.O?L t2proof (rule exI [of λt2 . ts0 ∈ carrier ?L ∧ t2 ∈ carrier ?L

∧ TS?L ts0 (RSC i j ) ∧ TS?L t2 (RSC i j ) ∧ ¬(ts0 .O?L t2 ) ∧ wlA-0 .O?L ts0∧ wlA-0 .O?L t2 ts1 ])


qedqed

qednextshow wlA-0 =



from carr a1 a2 have l1 : {wlA-0} ={uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧ (Inst?L x


from carr have l2 : {wlA-0} ⊆ carrier ?L ∧ finite {wlA-0}by auto

from l2 have l3 : least ?L (⋃{wlA-0}) (Upper ?L {wlA-0})

using finite-sup-least-Union by (metis (no-types, lifting) empty-not-insert)have l4 : wlA-0 =

⋃{wlA-0} by auto

from l3 l4 have least ?L wlA-0 (Upper ?L {wlA-0}) by autofrom this have wlA-0 =

⊔?L {wlA-0} using

sup-def by (metis (no-types, lifting) empty-not-insert l2 m-set-is-partial-order-Mm-set-is-upper-semilattice-M S5-RS-2S-partial-order .least-unique upper-semilattice.finite-sup-least)



qedqed

qedqed


(RSC i j ) ∧w =




w =⊔





wlA-0 =⊔

?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧

251

(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))}proof (rule conjI )














qedqed

qednextshow wlA-0 =


?L ∧ (Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))}proof−from carr a1 a2 i-case have l1 : {wlA-0} = {uu. uu ∈ carrier

?L ∧ UC-0 ∈ e-carrier ?L ∧ Inst?L x UO-0 uu (RSC i j )} unfolding isInst-M-defby auto

from carr a1 a2 i-case have l2 : {} = {uu. uu ∈ carrier ?L ∧UO-0 ∈ e-carrier ?L ∧ Inst?L x UC-0 uu (RSC i j )} unfolding isInst-M-def byauto


from carr a1 a2 i-case have l4 : {} = {uu. uu ∈ carrier ?L∧ At-1 ∈ e-carrier ?L ∧ Inst?L x At-1 uu (RSC i j )} unfolding isInst-M-def by

252

autofrom carr a1 a2 i-case have l5 : {} = {uu. uu ∈ carrier ?L ∧






from carr a1 a2 i-case l1 l2 l3 l4 l5 l6 l7 l8 l9 have l0 :{wlA-0} = {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧ Inst?L x y uu (RSCi j ))} sorry




⋃{wlA-0} by auto

from l11 l12 have least ?L wlA-0 (Upper ?L {wlA-0}) byauto


?L {wlA-0} usingsup-def by (metis (no-types, lifting) empty-not-insert l10 m-set-is-partial-order-Mm-set-is-upper-semilattice-M S5-RS-2S-partial-order .least-unique upper-semilattice.finite-sup-least)




qedqed

qedqed


(RSC i j ) ∧w =




∧

253

w =⊔


proof −assume a1 : x = Oc-1

show (∃w . w ∈ carrier ?L ∧ TR?L w (RSC i j ) ∧w =



have j-case-0 : j = ts-set-M-0 =⇒ (∃w . w ∈ carrier ?L ∧ TR?L w(RSC i j ) ∧

w =⊔


proof−assume a2 : j = ts-set-M-0show (∃w . w ∈ carrier ?L ∧ TR?L w (RSC i j ) ∧

w =⊔





wlA-1 =⊔













proof (rule exI [of λt2 . ts0 ∈ carrier ?L ∧ t2 ∈ carrier ?L∧ TS?L ts0 (RSC i j ) ∧ TS?L t2 (RSC i j ) ∧ ¬(ts0 .O?L t2 ) ∧ wlA-1 .O?L ts0

254

∧ wlA-1 .O?L t2 ts1 ])from a2 i-case show ts0 ∈ carrier ?L ∧ ts1 ∈ carrier ?L

∧ TS?L ts0 (RSC i j ) ∧ TS?L ts1 (RSC i j ) ∧ ¬(ts0 .O?L ts1 ) ∧ wlA-1 .O?Lts0 ∧ wlA-1 .O?L ts1 unfolding overlap-def by auto

qedqed

qednextshow wlA-1 =



from carr a1 a2 have l1 : {wlA-1} ={uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧ (Inst?L x





⋃{wlA-1} by auto

from l3 l4 have least ?L wlA-1 (Upper ?L {wlA-1}) by autofrom this have wlA-1 =

⊔?L {wlA-1} using

sup-def by (metis (no-types, lifting) empty-not-insert l2 m-set-is-partial-order-Mm-set-is-upper-semilattice-M S5-RS-2S-partial-order .least-unique upper-semilattice.finite-sup-least)



qedqed

qedqed


(RSC i j ) ∧w =




w =⊔





wlA-1 =⊔



255













qedqed

qednextshow wlA-1 =


?L ∧ (Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))}proof−from carr a1 a2 i-case have l1 : {wlA-1} = {uu. uu ∈ carrier

?L ∧ UC-0 ∈ e-carrier ?L ∧ Inst?L x UO-0 uu (RSC i j )} unfolding isInst-M-defby auto




from carr a1 a2 i-case have l5 : {} = {uu. uu ∈ carrier ?L ∧Compl-0 ∈ e-carrier ?L ∧ Inst?L x Compl-0 uu (RSC i j )} unfolding isInst-M-def

256

by autofrom carr a1 a2 i-case have l6 : {} = {uu. uu ∈ carrier

?L ∧ Oc-0 ∈ e-carrier ?L ∧ Inst?L x Oc-0 uu (RSC i j )} unfolding isInst-M-defby auto




from carr a1 a2 i-case l1 l2 l3 l4 l5 l6 l7 l8 l9 have l0 :{wlA-1} = {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧ Inst?L x y uu (RSCi j ))} sorry




⋃{wlA-1} by auto

from l11 l12 have least ?L wlA-1 (Upper ?L {wlA-1}) byauto


?L {wlA-1} usingsup-def by (metis (no-types, lifting) empty-not-insert l10 m-set-is-partial-order-Mm-set-is-upper-semilattice-M S5-RS-2S-partial-order .least-unique upper-semilattice.finite-sup-least)




qedqed

qedqed


(RSC i j ) ∧w =




∧w =



257

assume a1 : x = Oc-2show (∃w . w ∈ carrier ?L ∧ TR?L w (RSC i j ) ∧

w =⊔



(RSC i j ) ∧w =




w =⊔





∧top-of-m-set =














proof (rule exI [of λt2 . ts0 ∈ carrier ?L ∧ t2 ∈ carrier?L ∧ TS?L ts0 (RSC i j ) ∧ TS?L t2 (RSC i j ) ∧ ¬(ts0 .O?L t2 ) ∧ top-of-m-set.O?L ts0 ∧ top-of-m-set .O?L t2 ts1 ])

from a2 i-case show ts0 ∈ carrier ?L ∧ ts1 ∈ carrier ?L

258

∧ TS?L ts0 (RSC i j ) ∧ TS?L ts1 (RSC i j ) ∧ ¬(ts0 .O?L ts1 ) ∧ top-of-m-set.O?L ts0 ∧ top-of-m-set .O?L ts1 unfolding overlap-def by auto

qedqed

qednext



proof−from carr a1 a2 have l1 : {top-of-m-set} ={uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧ (Inst?L x

y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))}unfolding isInst-M-def sorryfrom carr have l2 : {top-of-m-set} ⊆ carrier ?L ∧ finite

{top-of-m-set} by autofrom l2 have l3 : least ?L (

⋃{top-of-m-set})

(Upper ?L {top-of-m-set}) using finite-sup-least-Union by (metis (no-types, lift-ing) empty-not-insert)

have l4 : top-of-m-set =⋃{top-of-m-set} by auto

from l3 l4 have least ?L top-of-m-set (Upper ?L {top-of-m-set})by auto

from this have top-of-m-set =⊔

?L {top-of-m-set} usingsup-def by (metis (no-types, lifting) empty-not-insert l2 m-set-is-partial-order-Mm-set-is-upper-semilattice-M S5-RS-2S-partial-order .least-unique upper-semilattice.finite-sup-least)



qedqed

qedqed


(RSC i j ) ∧w =




w =⊔





∧top-of-m-set =



259














qedqed

qednext



proof−from carr a1 a2 i-case have l1 : {top-of-m-set} = {uu. uu

∈ carrier ?L ∧ UC-0 ∈ e-carrier ?L ∧ Inst?L x UO-0 uu (RSC i j )} unfoldingisInst-M-def by auto




260

from carr a1 a2 i-case have l5 : {} = {uu. uu ∈ carrier ?L ∧Compl-0 ∈ e-carrier ?L ∧ Inst?L x Compl-0 uu (RSC i j )} unfolding isInst-M-defby auto





from carr a1 a2 i-case l1 l2 l3 l4 l5 l6 l7 l8 l9 have l0 :{top-of-m-set} = {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧ Inst?L x y uu(RSC i j ))} sorry

from carr have l10 : {top-of-m-set} ⊆ carrier ?L ∧ finite{top-of-m-set} by auto

from l10 have l11 : least ?L (⋃{top-of-m-set})

(Upper ?L {top-of-m-set}) using finite-sup-least-Union by (metis (no-types, lift-ing) empty-not-insert)

have l12 : top-of-m-set =⋃{top-of-m-set} by auto

from l11 l12 have least ?L top-of-m-set (Upper ?L{top-of-m-set}) by auto

from this have l13 : top-of-m-set =⊔

?L {top-of-m-set} usingsup-def by (metis (no-types, lifting) empty-not-insert l10 m-set-is-partial-order-Mm-set-is-upper-semilattice-M S5-RS-2S-partial-order .least-unique upper-semilattice.finite-sup-least)




qedqed

qedqed


(RSC i j ) ∧w =



qedhave x-case-6 : x = UC-0 =⇒ (∃w . w ∈ carrier ?L ∧ TR?L w (RSC i

j ) ∧

261

w =⊔


proof −assume a1 : x = UC-0




have j-case-0 : j = ts-set-M-0 =⇒ (∃w . w ∈ carrier ?L ∧ TR?L w(RSC i j ) ∧

w =⊔


proof−assume a2 : j = ts-set-M-0show (∃w . w ∈ carrier ?L ∧ TR?L w (RSC i j ) ∧

w =⊔





∧top-of-m-set =














proof (rule exI [of λt2 . ts0 ∈ carrier ?L ∧ t2 ∈ carrier

262

?L ∧ TS?L ts0 (RSC i j ) ∧ TS?L t2 (RSC i j ) ∧ ¬(ts0 .O?L t2 ) ∧ top-of-m-set.O?L ts0 ∧ top-of-m-set .O?L t2 ts1 ])

from a2 i-case show ts0 ∈ carrier ?L ∧ ts1 ∈ carrier ?L∧ TS?L ts0 (RSC i j ) ∧ TS?L ts1 (RSC i j ) ∧ ¬(ts0 .O?L ts1 ) ∧ top-of-m-set.O?L ts0 ∧ top-of-m-set .O?L ts1 unfolding overlap-def by auto

qedqed

qednext



proof−from carr a1 a2 have l1 : {A-00 ,A-01 ,A-02 ,A-10 ,A-11 ,A-12 ,ts0 ,ts1 ,ts2}

={uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧ (Inst?L x


from carr have l2 : {A-00 ,A-01 ,A-02 ,A-10 ,A-11 ,A-12 ,ts0 ,ts1 ,ts2}⊆ carrier ?L ∧ finite {A-00 ,A-01 ,A-02 ,A-10 ,A-11 ,A-12 ,ts0 ,ts1 ,ts2} by auto

from l2 have l3 : least ?L (⋃{A-00 ,A-01 ,A-02 ,A-10 ,A-11 ,A-12 ,ts0 ,ts1 ,ts2})

(Upper ?L {A-00 ,A-01 ,A-02 ,A-10 ,A-11 ,A-12 ,ts0 ,ts1 ,ts2}) using finite-sup-least-Unionby (metis (no-types, lifting) empty-not-insert)

have l4 : top-of-m-set =⋃{A-00 ,A-01 ,A-02 ,A-10 ,A-11 ,A-12 ,ts0 ,ts1 ,ts2}

by autofrom l3 l4 have least ?L top-of-m-set (Upper ?L

{A-00 ,A-01 ,A-02 ,A-10 ,A-11 ,A-12 ,ts0 ,ts1 ,ts2}) by autofrom this have top-of-m-set =

⊔?L {A-00 ,A-01 ,A-02 ,A-10 ,A-11 ,A-12 ,ts0 ,ts1 ,ts2}




qedqed

qedqed


(RSC i j ) ∧w =




w =⊔




(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))} top-of-m-set ])

263

show top-of-m-set ∈ carrier ?L ∧ TR?L top-of-m-set (RSC i j )∧

top-of-m-set =⊔

?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier?L ∧ (Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))}

proof (rule conjI )from carr show top-of-m-set ∈ carrier ?L by auto

nextshow TR?L top-of-m-set (RSC i j ) ∧top-of-m-set =












qedqed

qednext



proof−from carr a1 a2 i-case have l1 : {ts0-M ,ts1-M ,ts2-M ,ts3-M }

= {uu. uu ∈ carrier ?L ∧ Compl-0 ∈ e-carrier ?L ∧ Inst?L Compl-0 x uu (RSCi j )} unfolding isInst-M-def sorry

from carr a1 a2 i-case have l2 : {} = {uu. uu ∈ carrier ?L ∧UO-0 ∈ e-carrier ?L ∧ Inst?L UO-0 x uu (RSC i j )} unfolding isInst-M-def byauto

from carr a1 a2 i-case have l3 : {A-00 ,A-01 ,A-02} = {uu.

264

uu ∈ carrier ?L ∧ At-0 ∈ e-carrier ?L ∧ Inst?L At-0 x uu (RSC i j )} unfoldingisInst-M-def by auto

from carr a1 a2 i-case have l4 : {A-10 ,A-11 ,A-12} = {uu.uu ∈ carrier ?L ∧ At-1 ∈ e-carrier ?L ∧ Inst?L At-1 x uu (RSC i j )} unfoldingisInst-M-def by auto

from carr a1 a2 i-case have l5 : {} = {uu. uu ∈ carrier ?L ∧Compl-0 ∈ e-carrier ?L ∧ Inst?L UC-0 x uu (RSC i j )} unfolding isInst-M-defby auto

from carr a1 a2 i-case have l6 : {} = {uu. uu ∈ carrier?L ∧ Oc-0 ∈ e-carrier ?L ∧ Inst?L Oc-0 x uu (RSC i j )} unfolding isInst-M-defby auto




from carr a1 a2 i-case l1 l2 l3 l4 l5 l6 l7 l8 l9 have l0 :{A-00 ,A-01 ,A-02 ,A-10 ,A-11 ,A-12 ,ts0-M ,ts1-M ,ts2-M ,ts3-M } = {uu. uu ∈ car-rier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧ Inst?L y x uu (RSC i j ))} sorry

from carr have l10 : {A-00 ,A-01 ,A-02 ,A-10 ,A-11 ,A-12 ,ts0-M ,ts1-M ,ts2-M ,ts3-M }⊆ carrier ?L ∧ finite {A-00 ,A-01 ,A-02 ,A-10 ,A-11 ,A-12 ,ts0-M ,ts1-M ,ts2-M ,ts3-M }by auto

from l10 have l11 : least ?L (⋃{A-00 ,A-01 ,A-02 ,A-10 ,A-11 ,A-12 ,ts0-M ,ts1-M ,ts2-M ,ts3-M })

(Upper ?L {A-00 ,A-01 ,A-02 ,A-10 ,A-11 ,A-12 ,ts0-M ,ts1-M ,ts2-M ,ts3-M }) usingfinite-sup-least-Union by (metis (no-types, lifting) empty-not-insert)

have l12 : top-of-m-set =⋃{A-00 ,A-01 ,A-02 ,A-10 ,A-11 ,A-12 ,ts0-M ,ts1-M ,ts2-M ,ts3-M }

by autofrom l11 l12 have least ?L top-of-m-set (Upper ?L

{A-00 ,A-01 ,A-02 ,A-10 ,A-11 ,A-12 ,ts0-M ,ts1-M ,ts2-M ,ts3-M }) by autofrom this have l13 : top-of-m-set =

⊔?L {A-00 ,A-01 ,A-02 ,A-10 ,A-11 ,A-12 ,ts0-M ,ts1-M ,ts2-M ,ts3-M }


from carr a1 a2 i-case have l14 : {uu. uu ∈ carrier ?L ∧(∃ y . y ∈ e-carrier ?L ∧ Inst?L y x uu (RSC i j ))} = {uu. uu ∈ carrier ?L ∧(∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))}unfolding isInst-M-def by auto



qedqed

qedqed


265

(RSC i j ) ∧w =



qedhave x-case-7 : x = UO-0 =⇒ (∃w . w ∈ carrier ?L ∧ TR?L w (RSC i

j ) ∧w =



assume a1 : x = UO-0show (∃w . w ∈ carrier ?L ∧ TR?L w (RSC i j ) ∧

w =⊔



(RSC i j ) ∧w =




w =⊔





∧top-of-m-set =












266



proof (rule exI [of λt2 . ts0 ∈ carrier ?L ∧ t2 ∈ carrier?L ∧ TS?L ts0 (RSC i j ) ∧ TS?L t2 (RSC i j ) ∧ ¬(ts0 .O?L t2 ) ∧ top-of-m-set.O?L ts0 ∧ top-of-m-set .O?L t2 ts1 ])

from a2 i-case show ts0 ∈ carrier ?L ∧ ts1 ∈ carrier ?L∧ TS?L ts0 (RSC i j ) ∧ TS?L ts1 (RSC i j ) ∧ ¬(ts0 .O?L ts1 ) ∧ top-of-m-set.O?L ts0 ∧ top-of-m-set .O?L ts1 unfolding overlap-def by auto

qedqed

qednext



proof−from carr a1 a2 have l1 : {wlA-0 ,wlA-1 ,top-of-m-set} ={uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧ (Inst?L x


from carr have l2 : {wlA-0 ,wlA-1 ,top-of-m-set} ⊆ carrier?L ∧ finite {wlA-0 ,wlA-1 ,top-of-m-set} by auto

from l2 have l3 : least ?L (⋃{wlA-0 ,wlA-1 ,top-of-m-set}) (Upper

?L {wlA-0 ,wlA-1 ,top-of-m-set}) using finite-sup-least-Union by (metis (no-types,lifting) empty-not-insert)

have l4 : top-of-m-set =⋃{wlA-0 ,wlA-1 ,top-of-m-set} by


{wlA-0 ,wlA-1 ,top-of-m-set}) by autofrom this have top-of-m-set =

⊔?L {wlA-0 ,wlA-1 ,top-of-m-set}




qedqed

qedqed


(RSC i j ) ∧w =



assume a2 : j = ts-set-M-1

267



(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))})proof (rule exI [of λw . w ∈ carrier ?L ∧ TR?L w (RSC i j ) ∧

w =⊔

?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧(Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))} top-of-m-set ])

show top-of-m-set ∈ carrier ?L ∧ TR?L top-of-m-set (RSC i j )∧

top-of-m-set =⊔

?L {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier?L ∧ (Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))}

proof (rule conjI )from carr show top-of-m-set ∈ carrier ?L by auto

nextshow TR?L top-of-m-set (RSC i j ) ∧top-of-m-set =












qedqed

qednext



proof−from carr a1 a2 i-case have l1 : {} = {uu. uu ∈ carrier ?L ∧

268

UO-0 ∈ e-carrier ?L ∧ Inst?L UO-0 x uu (RSC i j )} unfolding isInst-M-def byauto

from carr a1 a2 i-case have l2 : {} = {uu. uu ∈ carrier ?L ∧UO-0 ∈ e-carrier ?L ∧ Inst?L UC-0 x uu (RSC i j )} unfolding isInst-M-def byauto

from carr a1 a2 i-case have l3 : {} = {uu. uu ∈ carrier ?L∧ At-0 ∈ e-carrier ?L ∧ Inst?L At-0 x uu (RSC i j )} unfolding isInst-M-def byauto

from carr a1 a2 i-case have l4 : {} = {uu. uu ∈ carrier ?L∧ At-1 ∈ e-carrier ?L ∧ Inst?L At-1 x uu (RSC i j )} unfolding isInst-M-def byauto

from carr a1 a2 i-case have l5 : {} = {uu. uu ∈ carrier ?L ∧Compl-0 ∈ e-carrier ?L ∧ Inst?L Compl-0 x uu (RSC i j )} unfolding isInst-M-defby auto

from carr a1 a2 i-case have l6 : {wlA-0} = {uu. uu ∈ carrier?L ∧ Oc-0 ∈ e-carrier ?L ∧ Inst?L Oc-0 x uu (RSC i j )} unfolding isInst-M-defby auto

from carr a1 a2 i-case have l7 : {wlA-1} = {uu. uu ∈ carrier?L ∧ Oc-1 ∈ e-carrier ?L ∧ Inst?L Oc-1 x uu (RSC i j )} unfolding isInst-M-defby auto

from carr a1 a2 i-case have l8 : {top-of-m-set} = {uu.uu ∈ carrier ?L ∧ Oc-2 ∈ e-carrier ?L ∧ Inst?L Oc-2 x uu (RSC i j )} unfoldingisInst-M-def by auto


from carr a1 a2 i-case l1 l2 l3 l4 l5 l6 l7 l8 l9 have l0 :{wlA-0 ,wlA-1 ,top-of-m-set} = {uu. uu ∈ carrier ?L ∧ (∃ y . y ∈ e-carrier ?L ∧Inst?L y x uu (RSC i j ))} sorry

from carr have l10 : {wlA-0 ,wlA-1 ,top-of-m-set} ⊆ carrier?L ∧ finite {wlA-0 ,wlA-1 ,top-of-m-set} by auto

from l10 have l11 : least ?L (⋃{wlA-0 ,wlA-1 ,top-of-m-set})

(Upper ?L {wlA-0 ,wlA-1 ,top-of-m-set}) using finite-sup-least-Union by (metis(no-types, lifting) empty-not-insert)

have l12 : top-of-m-set =⋃{wlA-0 ,wlA-1 ,top-of-m-set} by


{wlA-0 ,wlA-1 ,top-of-m-set}) by autofrom this have l13 : top-of-m-set =

⊔?L {wlA-0 ,wlA-1 ,top-of-m-set}


from carr a1 a2 i-case have l14 : {uu. uu ∈ carrier ?L ∧(∃ y . y ∈ e-carrier ?L ∧ Inst?L y x uu (RSC i j ))} = {uu. uu ∈ carrier ?L ∧(∃ y . y ∈ e-carrier ?L ∧ (Inst?L x y uu (RSC i j ) ∨ Inst?L y x uu (RSC i j )))}unfolding isInst-M-def by auto



qed

269

qedqed

qedqedfrom j-cases j-case-0 j-case-1 show (∃w . w ∈ carrier ?L ∧ TR?L w

(RSC i j ) ∧w =



qedfrom x-cases x-case-0 x-case-1 x-case-2 x-case-3 x-case-4 x-case-5

x-case-6 x-case-7 show (∃w . w ∈ carrier ?L ∧ TR?L w (RSC i j ) ∧w =



qedqed

qed

9.13 The Model satisfies the axioms of the locale AtE-Inst-TS-mereology

theorem (in AtE-Inst-TS-mereology) m-set-is-AtE-Inst-TS-mereology :AtE-Inst-TS-mereology AtE-Inst-ST-frame-M(is AtE-Inst-TS-mereology ?L)

proof (rule AtE-Inst-TS-mereology .intro)show Inst-TS-mereology ?L using m-set-is-Inst-TS-mereology by auto

nextshow AtE-Inst-TS-mereology-axioms ?Lproof

show∧

i j . [[i ∈ r-carrier ?L; j ∈ s-carrier ?L]] =⇒ (∃ x . x ∈ e-carrier ?L ∧AtE?L x (RSC i j ))

proof−fix i jassume carr : i ∈ r-carrier ?L j ∈ s-carrier ?Lshow (∃ x . x ∈ e-carrier ?L ∧ AtE?L x (RSC i j ))proof (rule exI [of λx . x ∈ e-carrier ?L ∧ AtE?L x (RSC i j ) At-0 ])

show At-0 ∈ e-carrier ?L ∧ AtE?L At-0 (RSC i j )proof (rule conjI )

show At-0 ∈ e-carrier ?L by simpnext

show AtE?L At-0 (RSC i j )proof −

from carr have i-case: i = wlCompl-0 by simpfrom carr have j-cases: j = ts-set-M-0 ∨ j = ts-set-M-1 by autohave j-case-0 : j = ts-set-M-0 =⇒ AtE?L At-0 (RSC i j ) using i-case

isAtE-M-def by autohave j-case-1 : j = ts-set-M-1 =⇒ AtE?L At-0 (RSC i j ) using i-case

isAtE-M-def by auto

270

from j-cases j-case-0 j-case-1 show AtE?L At-0 (RSC i j ) by autoqed

qedqed

qednext

show∧

i j . [[i ∈ r-carrier ?L; j ∈ s-carrier ?L]] =⇒ finite { x . x ∈ e-carrier?L ∧ AtE?L x (RSC i j )}

proof−fix i jassume carr : i ∈ r-carrier ?L j ∈ s-carrier ?Lshow finite { x . x ∈ e-carrier ?L ∧ AtE?L x (RSC i j )}proof −

have finite (e-carrier ?L) by autofrom this show finite { x . x ∈ e-carrier ?L ∧ AtE?L x (RSC i j )} by auto

qedqed

nextshow

∧x i ii j jj . [[AtE?L x (RSC i j ); i R?L ii ; j S?L jj ;

x ∈ e-carrier ?L; i ∈ r-carrier ?L; ii ∈ r-carrier ?L; j ∈ s-carrier?L; jj ∈ s-carrier ?L]]

=⇒ (AtE?L x (RSC ii jj ))proof−

fix x i j ii jjassume at : AtE?L x (RSC i j )

assume r-s: i R?L ii j S?L jjassume carr : x ∈ e-carrier ?L i ∈ r-carrier ?L ii ∈ r-carrier ?L j ∈ s-carrier

?L jj ∈ s-carrier ?Lshow AtE?L x (RSC ii jj )proof −from at have x-cases: x = At-0 ∨ x = At-1 using isAtE-M-def by autofrom carr have ii-case: ii = wlCompl-0 by simpfrom carr have jj-cases: jj = ts-set-M-0 ∨ jj = ts-set-M-1 by autohave x-case-0 : x = At-0 =⇒ AtE?L x (RSC ii jj )proof−

assume a1 : x = At-0show AtE?L x (RSC ii jj )proof−

from a1 ii-case have jj-case-0 : jj = ts-set-M-0 =⇒ AtE?L x (RSC iijj ) using isAtE-M-def by auto

from a1 ii-case have jj-case-1 : jj = ts-set-M-1 =⇒ AtE?L x (RSC iijj ) using isAtE-M-def by auto

from jj-cases jj-case-0 jj-case-1 show AtE?L x (RSC ii jj ) by autoqed

qedhave x-case-1 : x = At-1 =⇒ AtE?L x (RSC ii jj )proof−

assume a1 : x = At-1show AtE?L x (RSC ii jj )

271

proof−from a1 ii-case have jj-case-0 : jj = ts-set-M-0 =⇒ AtE?L x (RSC ii

jj ) using isAtE-M-def by autofrom a1 ii-case have jj-case-1 : jj = ts-set-M-1 =⇒ AtE?L x (RSC ii

jj ) using isAtE-M-def by autofrom jj-cases jj-case-0 jj-case-1 show AtE?L x (RSC ii jj ) by auto

qedqedfrom x-cases x-case-0 x-case-1 show AtE?L x (RSC ii jj ) by auto

qedqed

nextshow

∧x i j ii jj .[[AtE?L x (RSC i j );i R?L ii ;j S?L jj ;

x ∈ e-carrier ?L; i ∈ r-carrier ?L; ii ∈ r-carrier ?L; j ∈ s-carrier?L; jj ∈ s-carrier ?L]]

=⇒ (∃ y u. y ∈ e-carrier ?L ∧ u ∈ carrier ?L ∧ Inst?L x y u(RSC ii jj ))

proof−fix x i j ii jjassume at : AtE?L x (RSC i j )assume r-s: i R?L ii j S?L jj

assume carr : x ∈ e-carrier ?L i ∈ r-carrier ?L ii ∈ r-carrier ?L j ∈ s-carrier?L jj ∈ s-carrier ?L

show (∃ y u. y ∈ e-carrier ?L ∧ u ∈ carrier ?L ∧ Inst?L x y u (RSC ii jj ))proof (rule exI [of λy . (∃ u. y ∈ e-carrier ?L ∧ u ∈ carrier ?L ∧ Inst?L x

y u (RSC ii jj )) UC-0 ])show (∃ u. UC-0 ∈ e-carrier ?L ∧ u ∈ carrier ?L ∧ Inst?L x UC-0 u

(RSC ii jj ))proof−from at have x-cases: x = At-0 ∨ x = At-1 using isAtE-M-def by autofrom carr have ii-case: ii = wlCompl-0 by simpfrom carr have jj-cases: jj = ts-set-M-0 ∨ jj = ts-set-M-1 by autohave x-case-0 : x = At-0 =⇒ (∃ u. UC-0 ∈ e-carrier ?L ∧ u ∈ carrier ?L

∧ Inst?L x UC-0 u (RSC ii jj ))proof−

assume a1 : x = At-0show (∃ u. UC-0 ∈ e-carrier ?L ∧ u ∈ carrier ?L ∧ Inst?L x UC-0 u

(RSC ii jj ))proof (rule exI [of λu. UC-0 ∈ e-carrier ?L ∧ u ∈ carrier ?L ∧ Inst?L

x UC-0 u (RSC ii jj ) A-00 ])show UC-0 ∈ e-carrier ?L ∧ A-00 ∈ carrier ?L ∧ Inst?L x UC-0 A-00

(RSC ii jj )proof (rule conjI )


show A-00 ∈ carrier ?L ∧ Inst?L x UC-0 A-00 (RSC ii jj )proof (rule conjI )

show A-00 ∈ carrier ?L by simpnext

272

show Inst?L x UC-0 A-00 (RSC ii jj )proof−from a1 ii-case have jj-case-0 : jj = ts-set-M-0 =⇒ Inst?L x UC-0

A-00 (RSC ii jj ) unfolding isInst-M-def by autofrom a1 ii-case have jj-case-1 : jj = ts-set-M-1 =⇒ Inst?L x UC-0

A-00 (RSC ii jj ) unfolding isInst-M-def by autofrom jj-cases jj-case-0 jj-case-1 show Inst?L x UC-0 A-00 (RSC

ii jj ) by fastqed

qedqed

qedqedhave x-case-1 : x = At-1 =⇒ (∃ u. UC-0 ∈ e-carrier ?L ∧ u ∈ carrier ?L

∧ Inst?L x UC-0 u (RSC ii jj ))proof−

assume a1 : x = At-1show (∃ u. UC-0 ∈ e-carrier ?L ∧ u ∈ carrier ?L ∧ Inst?L x UC-0 u

(RSC ii jj ))proof (rule exI [of λu. UC-0 ∈ e-carrier ?L ∧ u ∈ carrier ?L ∧ Inst?L

x UC-0 u (RSC ii jj ) A-10 ])show UC-0 ∈ e-carrier ?L ∧ A-10 ∈ carrier ?L ∧ Inst?L x UC-0 A-10

(RSC ii jj )proof (rule conjI )


show A-10 ∈ carrier ?L ∧ Inst?L x UC-0 A-10 (RSC ii jj )proof (rule conjI )

show A-10 ∈ carrier ?L by simpnext

show Inst?L x UC-0 A-10 (RSC ii jj )proof−from a1 ii-case have jj-case-0 : jj = ts-set-M-0 =⇒ Inst?L x UC-0

A-10 (RSC ii jj ) unfolding isInst-M-def by autofrom a1 ii-case have jj-case-1 : jj = ts-set-M-1 =⇒ Inst?L x UC-0

A-10 (RSC ii jj ) unfolding isInst-M-def by autofrom jj-cases jj-case-0 jj-case-1 show Inst?L x UC-0 A-10 (RSC

ii jj ) by fastqed

qedqed

qedqedfrom x-cases x-case-0 x-case-1 show (∃ u. UC-0 ∈ e-carrier ?L ∧ u ∈

carrier ?L ∧ Inst?L x UC-0 u (RSC ii jj )) by fastqed

qedqed

next

273

show∧

x i j . [[AtE?L x (RSC i j ); x ∈ e-carrier ?L; i ∈ r-carrier ?L; j ∈s-carrier ?L]]

=⇒ (∃ jj . jj ∈ s-carrier ?L ∧ j S?L jj ∧(∀ t . t ∈ carrier ?L ∧ TS?L t (RSC i jj ) −→

(∃ y u. y ∈ e-carrier ?L ∧ u ∈ carrier ?L ∧Inst?L x y u (RSC i jj ) ∧ u @?L t )))

proof−fix x i jassume at : AtE?L x (RSC i j )assume carr : x ∈ e-carrier ?L i ∈ r-carrier ?L j ∈ s-carrier ?Lshow (∃ jj . jj ∈ s-carrier ?L ∧ j S?L jj ∧

(∀ t . t ∈ carrier ?L ∧ TS?L t (RSC i jj ) −→(∃ y u. y ∈ e-carrier ?L ∧ u ∈ carrier ?L ∧

Inst?L x y u (RSC i jj ) ∧ u @?L t )))proof (rule exI [of λjj . jj ∈ s-carrier ?L ∧ j S?L jj ∧

(∀ t . t ∈ carrier ?L ∧ TS?L t (RSC i jj ) −→(∃ y u. y ∈ e-carrier ?L ∧ u ∈ carrier ?L ∧

Inst?L x y u (RSC i jj ) ∧ u @?L t )) ts-set-M-0 ])show ts-set-M-0 ∈ s-carrier ?L ∧ j S?L ts-set-M-0 ∧

(∀ t . t ∈ carrier ?L ∧ TS?L t (RSC i ts-set-M-0 )−→

(∃ y u. y ∈ e-carrier ?L ∧ u ∈ carrier ?L ∧Inst?L x y u (RSC i ts-set-M-0 ) ∧ u @?L t ))


nextshow j S?L ts-set-M-0 ∧ (∀ t . t ∈ carrier ?L ∧ TS?L t (RSC i ts-set-M-0 )

−→(∃ y u. y ∈ e-carrier ?L ∧ u ∈ carrier ?L ∧

Inst?L x y u (RSC i ts-set-M-0 ) ∧ u @?L t ))proof (rule conjI )

show j S?Lts-set-M-0proof −

from carr have j-cases: j = ts-set-M-0 ∨ j = ts-set-M-1 by autohave j-case-0 : j = ts-set-M-0 =⇒ j S?Lts-set-M-0 by autohave j-case-1 : j = ts-set-M-1 =⇒ j S?Lts-set-M-0 by autofrom j-cases j-case-0 j-case-1 show j S?Lts-set-M-0 by fast

qednext

show (∀ t . t ∈ carrier ?L ∧ TS?L t (RSC i ts-set-M-0 ) −→(∃ y u. y ∈ e-carrier ?L ∧ u ∈ carrier ?L ∧

Inst?L x y u (RSC i ts-set-M-0 ) ∧ u @?L t ))proof −have l1 :

∧t . [[t ∈ carrier ?L;TS?L t (RSC i ts-set-M-0 )]] =⇒ (∃ y u. y

∈ e-carrier ?L ∧ u ∈ carrier ?L ∧ Inst?L x y u (RSC i ts-set-M-0 ) ∧ u @?L t )proof −

fix tassume a1 : t ∈ carrier ?L TS?L t (RSC i ts-set-M-0 )

show (∃ y u. y ∈ e-carrier ?L ∧ u ∈ carrier ?L ∧ Inst?L x y u

274

(RSC i ts-set-M-0 ) ∧ u @?L t )proof (rule exI [of λy . ∃ u. y ∈ e-carrier ?L ∧ u ∈ carrier ?L ∧

Inst?L x y u (RSC i ts-set-M-0 ) ∧ u @?L t UC-0 ])show ∃ u. UC-0 ∈ e-carrier ?L ∧ u ∈ carrier ?L ∧ Inst?L x UC-0

u (RSC i ts-set-M-0 ) ∧ u @?L tproof−from at have x-cases: x = At-0 ∨ x = At-1 using isAtE-M-def

by autofrom carr have i-case: i = wlCompl-0 by simphave x-case-0 : x = At-0 =⇒ ∃ u. UC-0 ∈ e-carrier ?L ∧ u ∈

carrier ?L ∧ Inst?L x UC-0 u (RSC i ts-set-M-0 ) ∧ u @?L tproof−

assume a2 : x = At-0show ∃ u. UC-0 ∈ e-carrier ?L ∧ u ∈ carrier ?L ∧ Inst?L x

UC-0 u (RSC i ts-set-M-0 ) ∧ u @?L tproof −from a1 have u-cases: t = ts0 ∨ t = ts1 ∨ t= ts2 by autohave u-case-0 : t = ts0 =⇒ ∃ u. UC-0 ∈ e-carrier ?L ∧ u ∈


assume a3 : t = ts0show ∃ u. UC-0 ∈ e-carrier ?L ∧ u ∈ carrier ?L ∧ Inst?L

x UC-0 u (RSC i ts-set-M-0 ) ∧ u @?L tproof (rule exI [of λu. UC-0 ∈ e-carrier ?L ∧ u ∈ carrier

?L ∧ Inst?L x UC-0 u (RSC i ts-set-M-0 ) ∧ u @?L t A-00 ])from a1 a2 a3 i-case show UC-0 ∈ e-carrier ?L ∧ A-00 ∈

carrier ?L ∧ Inst?L x UC-0 A-00 (RSC i ts-set-M-0 ) ∧ A-00 @?L t unfoldingisInst-M-def lless-def by auto

qedqedhave u-case-1 : t = ts1 =⇒ ∃ u. UC-0 ∈ e-carrier ?L ∧ u ∈









x UC-0 u (RSC i ts-set-M-0 ) ∧ u @?L t

275

proof (rule exI [of λu. UC-0 ∈ e-carrier ?L ∧ u ∈ carrier?L ∧ Inst?L x UC-0 u (RSC i ts-set-M-0 ) ∧ u @?L t A-02 ])

from a1 a2 a3 i-case show UC-0 ∈ e-carrier ?L ∧ A-02 ∈carrier ?L ∧ Inst?L x UC-0 A-02 (RSC i ts-set-M-0 ) ∧ A-02 @?L t unfoldingisInst-M-def lless-def by auto

qedqedfrom u-cases u-case-0 u-case-1 u-case-2 show ∃ u. UC-0 ∈

e-carrier ?L ∧ u ∈ carrier ?L ∧ Inst?L x UC-0 u (RSC i ts-set-M-0 ) ∧ u @?L tby fast

qedqedhave x-case-1 : x = At-1 =⇒ ∃ u. UC-0 ∈ e-carrier ?L ∧ u ∈


assume a2 : x = At-1show ∃ u. UC-0 ∈ e-carrier ?L ∧ u ∈ carrier ?L ∧ Inst?L x

UC-0 u (RSC i ts-set-M-0 ) ∧ u @?L tproof −from a1 have u-cases: t = ts0 ∨ t = ts1 ∨ t= ts2 by autohave u-case-0 : t = ts0 =⇒ ∃ u. UC-0 ∈ e-carrier ?L ∧ u ∈














276





qedqedfrom u-cases u-case-0 u-case-1 u-case-2 show ∃ u. UC-0 ∈

e-carrier ?L ∧ u ∈ carrier ?L ∧ Inst?L x UC-0 u (RSC i ts-set-M-0 ) ∧ u @?L tby fast

qedqedfrom x-cases x-case-0 x-case-1 show ∃ u. UC-0 ∈ e-carrier ?L

∧ u ∈ carrier ?L ∧ Inst?L x UC-0 u (RSC i ts-set-M-0 ) ∧ u @?L t by fastqed

qedqed

from l1 show (∀ t . t ∈ carrier ?L ∧ TS?L t (RSC i ts-set-M-0 ) −→(∃ y u. y ∈ e-carrier ?L ∧ u ∈ carrier ?L ∧ Inst?L x y u

(RSC i ts-set-M-0 ) ∧ u @?L t )) by autoqed

qedqed

qedqed

nextshow

∧x i j y u. [[AtE?L x (RSC i j ); Inst?L x y u (RSC i j );

u ∈ carrier ?L; x ∈ e-carrier ?L; y ∈ e-carrier ?L;i ∈ r-carrier ?L; j ∈ s-carrier ?L]]

=⇒ (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i j ) ∧ uv?L t )

proof−fix i j x y uassume at : AtE?L x (RSC i j )assume inst : Inst?L x y u (RSC i j )

assume carr : u ∈ carrier ?L x ∈ e-carrier ?L y ∈ e-carrier ?L i ∈ r-carrier?L j ∈ s-carrier ?L

show (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i j ) ∧ u v?L t )proof−from at have x-cases: x = At-0 ∨ x = At-1 using isAtE-M-def by autofrom carr have j-cases: j = ts-set-M-0 ∨ j = ts-set-M-1 by autohave x-case-0 : x = At-0 =⇒ (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i j ) ∧

u v?L t )proof−

assume a1 : x = At-0show (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i j ) ∧ u v?L t )

277

proof−from inst a1 have u-cases: u = A-00 ∨ u = A-01 ∨ u = A-02 using

isInst-M-def by autohave u-case-0 : u = A-00 =⇒ (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i j )

∧ u v?L t )proof−assume a2 : u = A-00show (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i j ) ∧ u v?L t )proof−

have j-case-0 : j = ts-set-M-0 =⇒ (∃ t . t ∈ carrier ?L ∧ TS?L t(RSC i j ) ∧ u v?L t )

proof−assume a3 : j = ts-set-M-0show (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i j ) ∧ u v?L t )proof (rule exI [of λt . t ∈ carrier ?L ∧ TS?L t (RSC i j ) ∧ u

v?L t ts0 ])from a1 a2 a3 show ts0 ∈ carrier ?L ∧ TS?L ts0 (RSC i j ) ∧

u v?L ts0 by autoqed

qedhave j-case-1 : j = ts-set-M-1 =⇒ (∃ t . t ∈ carrier ?L ∧ TS?L t

(RSC i j ) ∧ u v?L t )proof−

assume a3 : j = ts-set-M-1show (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i j ) ∧ u v?L t )proof (rule exI [of λt . t ∈ carrier ?L ∧ TS?L t (RSC i j ) ∧ u

v?L t ts1-M ])from a1 a2 a3 show ts1-M ∈ carrier ?L ∧ TS?L ts1-M (RSC i

j ) ∧ u v?L ts1-M by autoqed

qedfrom j-cases j-case-0 j-case-1 show (∃ t . t ∈ carrier ?L ∧ TS?L t

(RSC i j ) ∧ u v?L t ) by fastqed

qedhave u-case-1 : u = A-01 =⇒ (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i j )





278






















279

qedfrom u-cases u-case-0 u-case-1 u-case-2 show (∃ t . t ∈ carrier ?L ∧

TS?L t (RSC i j ) ∧ u v?L t ) by fastqed

qedhave x-case-1 : x = At-1 =⇒ (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i j ) ∧

u v?L t )proof−

assume a1 : x = At-1show (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i j ) ∧ u v?L t )proof−from inst a1 have u-cases: u = A-10 ∨ u = A-11 ∨ u = A-12 using

isInst-M-def by autohave u-case-0 : u = A-10 =⇒ (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i j )














∧ u v?L t )proof−assume a2 : u = A-11

280

show (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i j ) ∧ u v?L t )proof−




















assume a3 : j = ts-set-M-1

281

show (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC i j ) ∧ u v?L t )proof (rule exI [of λt . t ∈ carrier ?L ∧ TS?L t (RSC i j ) ∧ u





qedfrom u-cases u-case-0 u-case-1 u-case-2 show (∃ t . t ∈ carrier ?L ∧

TS?L t (RSC i j ) ∧ u v?L t ) by fastqed

qedfrom x-cases x-case-0 x-case-1 show (∃ t . t ∈ carrier ?L ∧ TS?L t (RSC

i j ) ∧ u v?L t ) by fastqed

qednextshow

∧x i j jj . [[AtE?L x (RSC i j ); j S?L jj ; x ∈ e-carrier ?L; i ∈ r-carrier

?L; j ∈ s-carrier ?L; jj ∈ s-carrier ?L]] =⇒(∃ y u v . y ∈ e-carrier ?L ∧ u ∈ carrier ?L ∧ v ∈ carrier ?L ∧

Inst?L x y u (RSC i jj ) ∧ Inst?L x y v (RSC i jj ) ∧ ¬ SIMU ?L u v(RSC i jj ))

proof−fix x i j jjassume at : AtE?L x (RSC i j )assume s: j S?L jj

assume carr : x ∈ e-carrier ?L i ∈ r-carrier ?L j ∈ s-carrier ?L jj ∈s-carrier ?L

show (∃ y u v . y ∈ e-carrier ?L ∧ u ∈ carrier ?L ∧ v ∈ carrier ?L ∧Inst?L x y u (RSC i jj ) ∧ Inst?L x y v (RSC i jj ) ∧ ¬ SIMU ?L u v

(RSC i jj ))proof−from at have x-cases: x = At-0 ∨ x = At-1 using isAtE-M-def by autofrom carr have jj-cases: jj = ts-set-M-0 ∨ jj = ts-set-M-1 by autofrom carr have i-case: i = wlCompl-0 by simphave x-case-0 : x = At-0 =⇒ (∃ y u v . y ∈ e-carrier ?L ∧ u ∈ carrier

?L ∧ v ∈ carrier ?L ∧Inst?L x y u (RSC i jj ) ∧ Inst?L x y v (RSC i

jj ) ∧ ¬ SIMU ?L u v (RSC i jj ))proof−assume a1 : x = At-0show (∃ y u v . y ∈ e-carrier ?L ∧ u ∈ carrier ?L ∧ v ∈ carrier ?L ∧

Inst?L x y u (RSC i jj ) ∧ Inst?L x y v (RSC ijj ) ∧ ¬ SIMU ?L u v (RSC i jj ))

proof (rule exI [of λy . ∃ u v . y ∈ e-carrier ?L ∧ u ∈ carrier ?L ∧ v ∈carrier ?L ∧

282

Inst?L x y u (RSC i jj ) ∧ Inst?L x y v (RSC ijj ) ∧ ¬ SIMU ?L u v (RSC i jj ) UC-0 ])

show ∃ u v . UC-0 ∈ e-carrier ?L ∧ u ∈ carrier ?L ∧ v ∈ carrier ?L ∧Inst?L x UC-0 u (RSC i jj ) ∧ Inst?L x UC-0 v

(RSC i jj ) ∧ ¬ SIMU ?L u v (RSC i jj )proof (rule exI [of λu. ∃ v . UC-0 ∈ e-carrier ?L ∧ u ∈ carrier ?L ∧ v

∈ carrier ?L ∧Inst?L x UC-0 u (RSC i jj ) ∧ Inst?L x UC-0 v

(RSC i jj ) ∧ ¬ SIMU ?L u v (RSC i jj ) A-00 ])show ∃ v . UC-0 ∈ e-carrier ?L ∧ A-00 ∈ carrier ?L ∧ v ∈ carrier ?L ∧

Inst?L x UC-0 A-00 (RSC i jj ) ∧ Inst?L x UC-0v (RSC i jj ) ∧ ¬ SIMU ?L A-00 v (RSC i jj )

proof(rule exI [of λv . UC-0 ∈ e-carrier ?L ∧ A-00 ∈ carrier ?L ∧ v ∈carrier ?L ∧

Inst?L x UC-0 A-00 (RSC i jj ) ∧ Inst?L x UC-0v (RSC i jj ) ∧ ¬ SIMU ?L A-00 v (RSC i jj ) A-01 ])

show UC-0 ∈ e-carrier ?L ∧ A-00 ∈ carrier ?L ∧ A-01 ∈ carrier ?L ∧

Inst?L x UC-0 A-00 (RSC i jj ) ∧ Inst?L x UC-0A-01 (RSC i jj ) ∧ ¬ SIMU ?L A-00 A-01 (RSC i jj )

proof −have l1 : UC-0 ∈ e-carrier ?L ∧ A-00 ∈ carrier ?L ∧ A-01 ∈ carrier

?L by simphave jj-case-0 : jj = ts-set-M-0 =⇒ Inst?L x UC-0 A-00 (RSC i jj ) ∧

Inst?L x UC-0 A-01 (RSC i jj ) ∧ ¬ SIMU ?L A-00 A-01 (RSC i jj )proof −

assume a2 : jj = ts-set-M-0show Inst?L x UC-0 A-00 (RSC i jj ) ∧ Inst?L x UC-0 A-01 (RSC i

jj ) ∧ ¬ SIMU ?L A-00 A-01 (RSC i jj )proof −

from i-case a1 a2 have l2 : Inst?L x UC-0 A-00 (RSC i jj ) unfoldingisInst-M-def by force


from i-case a2 have l4 : ¬ SIMU ?L A-00 A-01 (RSC i jj ) by (smt Co-ordT .inject Inst-TS-mereology .Inst-SR-SIMU-imp-Id Tcoord .distinct(1 ) carr(1 ) carr(2 )carr(4 ) inSR-set-M-iff-SR-0 insertI1 l1 l2 l3 m-set-is-Inst-TS-mereology singleton-insert-inj-eq)

from l2 l3 l4 show Inst?L x UC-0 A-00 (RSC i jj ) ∧ Inst?L xUC-0 A-01 (RSC i jj ) ∧ ¬ SIMU ?L A-00 A-01 (RSC i jj ) by fast

qedqedhave jj-case-1 : jj = ts-set-M-1 =⇒ Inst?L x UC-0 A-00 (RSC i jj ) ∧




283



from i-case a2 have l4 : ¬ SIMU ?L A-00 A-01 (RSC i jj ) by (smt Co-ordT .inject Inst-TS-mereology .Inst-SR-SIMU-imp-Id Tcoord .distinct(1 ) carr(1 ) carr(2 )carr(4 ) inSR-set-M-iff-SR-1 insertI1 l1 l2 l3 m-set-is-Inst-TS-mereology singleton-insert-inj-eq)


qedqedfrom l1 jj-cases jj-case-0 jj-case-1 show UC-0 ∈ e-carrier ?L ∧ A-00

∈ carrier ?L ∧ A-01 ∈ carrier ?L ∧Inst?L x UC-0 A-00 (RSC i jj ) ∧ Inst?L x UC-0 A-01 (RSC i

jj ) ∧ ¬ SIMU ?L A-00 A-01 (RSC i jj ) by fastqed

qedqed

qedqedhave x-case-1 : x = At-1 =⇒ (∃ y u v . y ∈ e-carrier ?L ∧ u ∈ carrier ?L ∧ v

∈ carrier ?L ∧Inst?L x y u (RSC i jj ) ∧ Inst?L x y v (RSC i

jj ) ∧ ¬ SIMU ?L u v (RSC i jj ))proof−

assume a1 : x = At-1show (∃ y u v . y ∈ e-carrier ?L ∧ u ∈ carrier ?L ∧ v ∈ carrier ?L ∧

Inst?L x y u (RSC i jj ) ∧ Inst?L x y v (RSC ijj ) ∧ ¬ SIMU ?L u v (RSC i jj ))

proof (rule exI [of λy . ∃ u v . y ∈ e-carrier ?L ∧ u ∈ carrier ?L ∧ v ∈carrier ?L ∧

Inst?L x y u (RSC i jj ) ∧ Inst?L x y v (RSC ijj ) ∧ ¬ SIMU ?L u v (RSC i jj ) UC-0 ])

show ∃ u v . UC-0 ∈ e-carrier ?L ∧ u ∈ carrier ?L ∧ v ∈ carrier ?L ∧Inst?L x UC-0 u (RSC i jj ) ∧ Inst?L x UC-0 v

(RSC i jj ) ∧ ¬ SIMU ?L u v (RSC i jj )proof (rule exI [of λu. ∃ v . UC-0 ∈ e-carrier ?L ∧ u ∈ carrier ?L ∧ v

∈ carrier ?L ∧Inst?L x UC-0 u (RSC i jj ) ∧ Inst?L x UC-0 v

(RSC i jj ) ∧ ¬ SIMU ?L u v (RSC i jj ) A-10 ])show ∃ v . UC-0 ∈ e-carrier ?L ∧ A-10 ∈ carrier ?L ∧ v ∈ carrier ?L ∧

Inst?L x UC-0 A-10 (RSC i jj ) ∧ Inst?L x UC-0v (RSC i jj ) ∧ ¬ SIMU ?L A-10 v (RSC i jj )

proof(rule exI [of λv . UC-0 ∈ e-carrier ?L ∧ A-10 ∈ carrier ?L ∧ v ∈carrier ?L ∧

Inst?L x UC-0 A-10 (RSC i jj ) ∧ Inst?L x UC-0v (RSC i jj ) ∧ ¬ SIMU ?L A-10 v (RSC i jj ) A-11 ])

show UC-0 ∈ e-carrier ?L ∧ A-10 ∈ carrier ?L ∧ A-11 ∈ carrier ?L ∧

284

Inst?L x UC-0 A-10 (RSC i jj ) ∧ Inst?L x UC-0A-11 (RSC i jj ) ∧ ¬ SIMU ?L A-10 A-11 (RSC i jj )

proof −have l1 : UC-0 ∈ e-carrier ?L ∧ A-10 ∈ carrier ?L ∧ A-11 ∈ carrier

?L by simphave jj-case-0 : jj = ts-set-M-0 =⇒ Inst?L x UC-0 A-10 (RSC i jj ) ∧






from i-case a2 have l4 : ¬ SIMU ?L A-10 A-11 (RSC ijj ) by (smt A-00-in-m-set CoordT .inject Inst-TS-mereology .Inst-SR-SIMU-imp-IdSR-set-M-0-imp-ts-set-M-0 Tcoord .distinct(1 ) carr(1 ) carr(2 ) carr(4 ) inSR-set-M-iff-SR-0insertI1 insert-absorb2 l1 l2 l3 m-set-is-Inst-TS-mereology singleton-insert-inj-eqsubset-insertI ts0-M-in-m-set ts0-in-m-set ts-set-M-0-imp-SR-set-M-0 )


qedqedhave jj-case-1 : jj = ts-set-M-1 =⇒ Inst?L x UC-0 A-10 (RSC i jj ) ∧






from i-case a2 have l4 : ¬ SIMU ?L A-10 A-11 (RSC ijj ) by (smt A-00-in-m-set CoordT .inject Inst-TS-mereology .Inst-SR-SIMU-imp-IdSR-set-M-1-imp-ts-set-M-1 Tcoord .distinct(1 ) carr(1 ) carr(2 ) carr(4 ) inSR-set-M-iff-SR-1insertI1 insert-absorb2 l1 l2 l3 m-set-is-Inst-TS-mereology singleton-insert-inj-eqsubset-insertI ts0-M-in-m-set ts0-in-m-set ts-set-M-1-imp-SR-set-M-1 )


qedqedfrom l1 jj-cases jj-case-0 jj-case-1 show UC-0 ∈ e-carrier ?L ∧ A-10

∈ carrier ?L ∧ A-11 ∈ carrier ?L ∧Inst?L x UC-0 A-10 (RSC i jj ) ∧ Inst?L x UC-0 A-11 (RSC i

285

jj ) ∧ ¬ SIMU ?L A-10 A-11 (RSC i jj ) by fastqed

qedqed

qedqedfrom x-cases x-case-0 x-case-1 show ?thesis by fast

qedqednext

show∧

x1 i j y1 u1 x2 y2 u2 . [[AtE?Lx1 (RSC i j ); AtE?Lx2 (RSC i j ); Inst?Lx1 y1 u1 (RSC i j ); Inst?L x2 y2 u2 (RSC i j ); u2 v?L u1 ;

x1 ∈ e-carrier ?L; x2 ∈ e-carrier ?L; y1 ∈e-carrier ?L; y2 ∈ e-carrier ?L;

u1 ∈ carrier ?L; u2 ∈ carrier ?L;i ∈ r-carrier ?L; j ∈ s-carrier ?L ]] =⇒ x1

= x2proof−

fix x1 i j y1 u1 x2 y2 u2assume at : AtE?Lx1 (RSC i j ) AtE?Lx2 (RSC i j )assume inst : Inst?L x1 y1 u1 (RSC i j ) Inst?L x2 y2 u2 (RSC i j )assume le: u2 v?L u1

assume carr : x1 ∈ e-carrier ?L x2 ∈ e-carrier ?L y1 ∈ e-carrier ?L y2 ∈e-carrier ?L

u1 ∈ carrier ?L u2 ∈ carrier ?L i ∈ r-carrier ?L j ∈ s-carrier ?Lshow x1 = x2proof−

from at have x1-cases: x1 = At-0 ∨ x1 = At-1 using isAtE-M-def byauto

from at have x2-cases: x2 = At-0 ∨ x2 = At-1 using isAtE-M-def byauto

from inst x1-cases have y1-cases: y1 =UC-0 unfolding isInst-M-def byforce

from inst x2-cases have y2-cases: y2 =UC-0 unfolding isInst-M-def byforce

have x1-case-0 : x1 = At-0 =⇒ x1 = x2proof−

assume a1 : x1 = At-0show x1 = x2proof−

from a1 inst have y1-cases: y1 =UC-0 unfolding isInst-M-def byforce

from a1 inst y1-cases have u1-cases: u1 = A-00 ∨ u1 = A-01 ∨ u1= A-02 unfolding isInst-M-def by force

from a1 have x2-case-0 : x2 = At-0 =⇒ x1 = x2 by autohave x2-case-1 : x2 = At-1 =⇒ x1 = x2proof−assume a2 : x2 = At-1show x1 = x2

286

proof−from a2 inst have y2-cases: y2 =UC-0 unfolding isInst-M-def by

forcefrom a2 inst y2-cases have u2-cases: u2 = A-10 ∨ u2 = A-11 ∨ u2

= A-12 unfolding isInst-M-def by forcehave A00-A10 : [[u1 = A-00 ;u2 = A-10 ]] =⇒ x1 = x2proof−

assume a3 : u1 = A-00 u2 = A-10show x1 = x2proof−

from a3 have ¬(u2 v?L u1 ) by simpfrom a3 this le show x1 = x2 by blast

qedqedhave A00-A11 : [[u1 = A-00 ;u2 = A-11 ]] =⇒ x1 = x2proof−












qed

287

qedhave A01-A12 : [[u1 = A-01 ;u2 = A-12 ]] =⇒ x1 = x2proof−












qedqed

from u1-cases u2-cases A00-A10 A00-A11 A00-A12 A01-A10 A01-A11A01-A12 A02-A10 A02-A11 A02-A12 show x1 = x2 by fast

qedqedfrom x2-cases x2-case-0 x2-case-1 show x1 = x2 by fast

qedqed

have x1-case-1 : x1 = At-1 =⇒ x1 = x2proof−

assume a1 : x1 = At-1show x1 = x2proof−

288



from a1 have x2-case-0 : x2 = At-1 =⇒ x1 = x2 by autohave x2-case-1 : x2 = At-0 =⇒ x1 = x2proof−assume a2 : x2 = At-0show x1 = x2proof−



have A00-A10 : [[u2 = A-00 ;u1 = A-10 ]] =⇒ x1 = x2proof−












qed

289

qedhave A01-A11 : [[u2 = A-01 ;u1 = A-11 ]] =⇒ x1 = x2proof−















qedqed

from u1-cases u2-cases A00-A10 A00-A11 A00-A12 A01-A10 A01-A11A01-A12 A02-A10 A02-A11 A02-A12 show x1 = x2 by fast

qed

290

qedfrom x2-cases x2-case-0 x2-case-1 show x1 = x2 by fast

qedqedfrom x1-cases x1-case-0 x1-case-1 show x1 = x2 by fast

qedqed

qedqed


oops

end

291

bittner3/Theories/OntologyCM/document.pdf · Computational realization of the formal ontology...

Documents

Transcript of bittner3/Theories/OntologyCM/document.pdf · Computational realization of the formal ontology...