(*  Title:      HOL/Orderings.thy

    Author:     Tobias Nipkow, Markus Wenzel, and Larry Paulson

*)

header {* Abstract orderings *}

theory Orderings

imports HOL

uses

  "~~/src/Provers/order.ML"

  "~~/src/Provers/quasi.ML"  (* FIXME unused? *)

begin

subsection {* Syntactic orders *}

class ord =

  fixes less_eq :: "'a \<Rightarrow> 'a \<Rightarrow> bool"

    and less :: "'a \<Rightarrow> 'a \<Rightarrow> bool"

begin

notation

  less_eq  ("op <=") and

  less_eq  ("(_/ <= _)" [51, 51] 50) and

  less  ("op <") and

  less  ("(_/ < _)"  [51, 51] 50)

notation (xsymbols)

  less_eq  ("op \<le>") and

  less_eq  ("(_/ \<le> _)"  [51, 51] 50)

notation (HTML output)

  less_eq  ("op \<le>") and

  less_eq  ("(_/ \<le> _)"  [51, 51] 50)

abbreviation (input)

  greater_eq  (infix ">=" 50) where

  "x >= y \<equiv> y <= x"

notation (input)

  greater_eq  (infix "\<ge>" 50)

abbreviation (input)

  greater  (infix ">" 50) where

  "x > y \<equiv> y < x"

end

subsection {* Quasi orders *}

class preorder = ord +

  assumes less_le_not_le: "x < y \<longleftrightarrow> x \<le> y \<and> \<not> (y \<le> x)"

  and order_refl [iff]: "x \<le> x"

  and order_trans: "x \<le> y \<Longrightarrow> y \<le> z \<Longrightarrow> x \<le> z"

begin

text {* Reflexivity. *}

lemma eq_refl: "x = y \<Longrightarrow> x \<le> y"

    -- {* This form is useful with the classical reasoner. *}

by (erule ssubst) (rule order_refl)

lemma less_irrefl [iff]: "\<not> x < x"

by (simp add: less_le_not_le)

lemma less_imp_le: "x < y \<Longrightarrow> x \<le> y"

unfolding less_le_not_le by blast

text {* Asymmetry. *}

lemma less_not_sym: "x < y \<Longrightarrow> \<not> (y < x)"

by (simp add: less_le_not_le)

lemma less_asym: "x < y \<Longrightarrow> (\<not> P \<Longrightarrow> y < x) \<Longrightarrow> P"

by (drule less_not_sym, erule contrapos_np) simp

text {* Transitivity. *}

lemma less_trans: "x < y \<Longrightarrow> y < z \<Longrightarrow> x < z"

by (auto simp add: less_le_not_le intro: order_trans) 

lemma le_less_trans: "x \<le> y \<Longrightarrow> y < z \<Longrightarrow> x < z"

by (auto simp add: less_le_not_le intro: order_trans) 

lemma less_le_trans: "x < y \<Longrightarrow> y \<le> z \<Longrightarrow> x < z"

by (auto simp add: less_le_not_le intro: order_trans) 

text {* Useful for simplification, but too risky to include by default. *}

lemma less_imp_not_less: "x < y \<Longrightarrow> (\<not> y < x) \<longleftrightarrow> True"

by (blast elim: less_asym)

lemma less_imp_triv: "x < y \<Longrightarrow> (y < x \<longrightarrow> P) \<longleftrightarrow> True"

by (blast elim: less_asym)

text {* Transitivity rules for calculational reasoning *}

lemma less_asym': "a < b \<Longrightarrow> b < a \<Longrightarrow> P"

by (rule less_asym)

text {* Dual order *}

lemma dual_preorder:

  "class.preorder (op \<ge>) (op >)"

proof qed (auto simp add: less_le_not_le intro: order_trans)

end

subsection {* Partial orders *}

class order = preorder +

  assumes antisym: "x \<le> y \<Longrightarrow> y \<le> x \<Longrightarrow> x = y"

begin

text {* Reflexivity. *}

lemma less_le: "x < y \<longleftrightarrow> x \<le> y \<and> x \<noteq> y"

by (auto simp add: less_le_not_le intro: antisym)

lemma le_less: "x \<le> y \<longleftrightarrow> x < y \<or> x = y"

    -- {* NOT suitable for iff, since it can cause PROOF FAILED. *}

by (simp add: less_le) blast

lemma le_imp_less_or_eq: "x \<le> y \<Longrightarrow> x < y \<or> x = y"

unfolding less_le by blast

text {* Useful for simplification, but too risky to include by default. *}

lemma less_imp_not_eq: "x < y \<Longrightarrow> (x = y) \<longleftrightarrow> False"

by auto

lemma less_imp_not_eq2: "x < y \<Longrightarrow> (y = x) \<longleftrightarrow> False"

by auto

text {* Transitivity rules for calculational reasoning *}

lemma neq_le_trans: "a \<noteq> b \<Longrightarrow> a \<le> b \<Longrightarrow> a < b"

by (simp add: less_le)

lemma le_neq_trans: "a \<le> b \<Longrightarrow> a \<noteq> b \<Longrightarrow> a < b"

by (simp add: less_le)

text {* Asymmetry. *}

lemma eq_iff: "x = y \<longleftrightarrow> x \<le> y \<and> y \<le> x"

by (blast intro: antisym)

lemma antisym_conv: "y \<le> x \<Longrightarrow> x \<le> y \<longleftrightarrow> x = y"

by (blast intro: antisym)

lemma less_imp_neq: "x < y \<Longrightarrow> x \<noteq> y"

by (erule contrapos_pn, erule subst, rule less_irrefl)

text {* Least value operator *}

definition (in ord)

  Least :: "('a \<Rightarrow> bool) \<Rightarrow> 'a" (binder "LEAST " 10) where

  "Least P = (THE x. P x \<and> (\<forall>y. P y \<longrightarrow> x \<le> y))"

lemma Least_equality:

  assumes "P x"

    and "\<And>y. P y \<Longrightarrow> x \<le> y"

  shows "Least P = x"

unfolding Least_def by (rule the_equality)

  (blast intro: assms antisym)+

lemma LeastI2_order:

  assumes "P x"

    and "\<And>y. P y \<Longrightarrow> x \<le> y"

    and "\<And>x. P x \<Longrightarrow> \<forall>y. P y \<longrightarrow> x \<le> y \<Longrightarrow> Q x"

  shows "Q (Least P)"

unfolding Least_def by (rule theI2)

  (blast intro: assms antisym)+

text {* Dual order *}

lemma dual_order:

  "class.order (op \<ge>) (op >)"

by (intro_locales, rule dual_preorder) (unfold_locales, rule antisym)

end

subsection {* Linear (total) orders *}

class linorder = order +

  assumes linear: "x \<le> y \<or> y \<le> x"

begin

lemma less_linear: "x < y \<or> x = y \<or> y < x"

unfolding less_le using less_le linear by blast

lemma le_less_linear: "x \<le> y \<or> y < x"

by (simp add: le_less less_linear)

lemma le_cases [case_names le ge]:

  "(x \<le> y \<Longrightarrow> P) \<Longrightarrow> (y \<le> x \<Longrightarrow> P) \<Longrightarrow> P"

using linear by blast

lemma linorder_cases [case_names less equal greater]:

  "(x < y \<Longrightarrow> P) \<Longrightarrow> (x = y \<Longrightarrow> P) \<Longrightarrow> (y < x \<Longrightarrow> P) \<Longrightarrow> P"

using less_linear by blast

lemma not_less: "\<not> x < y \<longleftrightarrow> y \<le> x"

apply (simp add: less_le)

using linear apply (blast intro: antisym)

done

lemma not_less_iff_gr_or_eq:

 "\<not>(x < y) \<longleftrightarrow> (x > y | x = y)"

apply(simp add:not_less le_less)

apply blast

done

lemma not_le: "\<not> x \<le> y \<longleftrightarrow> y < x"

apply (simp add: less_le)

using linear apply (blast intro: antisym)

done

lemma neq_iff: "x \<noteq> y \<longleftrightarrow> x < y \<or> y < x"

by (cut_tac x = x and y = y in less_linear, auto)

lemma neqE: "x \<noteq> y \<Longrightarrow> (x < y \<Longrightarrow> R) \<Longrightarrow> (y < x \<Longrightarrow> R) \<Longrightarrow> R"

by (simp add: neq_iff) blast

lemma antisym_conv1: "\<not> x < y \<Longrightarrow> x \<le> y \<longleftrightarrow> x = y"

by (blast intro: antisym dest: not_less [THEN iffD1])

lemma antisym_conv2: "x \<le> y \<Longrightarrow> \<not> x < y \<longleftrightarrow> x = y"

by (blast intro: antisym dest: not_less [THEN iffD1])

lemma antisym_conv3: "\<not> y < x \<Longrightarrow> \<not> x < y \<longleftrightarrow> x = y"

by (blast intro: antisym dest: not_less [THEN iffD1])

lemma leI: "\<not> x < y \<Longrightarrow> y \<le> x"

unfolding not_less .

lemma leD: "y \<le> x \<Longrightarrow> \<not> x < y"

unfolding not_less .

(*FIXME inappropriate name (or delete altogether)*)

lemma not_leE: "\<not> y \<le> x \<Longrightarrow> x < y"

unfolding not_le .

text {* Dual order *}

lemma dual_linorder:

  "class.linorder (op \<ge>) (op >)"

by (rule class.linorder.intro, rule dual_order) (unfold_locales, rule linear)

text {* min/max *}

definition (in ord) min :: "'a \<Rightarrow> 'a \<Rightarrow> 'a" where

  "min a b = (if a \<le> b then a else b)"

definition (in ord) max :: "'a \<Rightarrow> 'a \<Rightarrow> 'a" where

  "max a b = (if a \<le> b then b else a)"

lemma min_le_iff_disj:

  "min x y \<le> z \<longleftrightarrow> x \<le> z \<or> y \<le> z"

unfolding min_def using linear by (auto intro: order_trans)

lemma le_max_iff_disj:

  "z \<le> max x y \<longleftrightarrow> z \<le> x \<or> z \<le> y"

unfolding max_def using linear by (auto intro: order_trans)

lemma min_less_iff_disj:

  "min x y < z \<longleftrightarrow> x < z \<or> y < z"

unfolding min_def le_less using less_linear by (auto intro: less_trans)

lemma less_max_iff_disj:

  "z < max x y \<longleftrightarrow> z < x \<or> z < y"

unfolding max_def le_less using less_linear by (auto intro: less_trans)

lemma min_less_iff_conj [simp]:

  "z < min x y \<longleftrightarrow> z < x \<and> z < y"

unfolding min_def le_less using less_linear by (auto intro: less_trans)

lemma max_less_iff_conj [simp]:

  "max x y < z \<longleftrightarrow> x < z \<and> y < z"

unfolding max_def le_less using less_linear by (auto intro: less_trans)

lemma split_min [no_atp]:

  "P (min i j) \<longleftrightarrow> (i \<le> j \<longrightarrow> P i) \<and> (\<not> i \<le> j \<longrightarrow> P j)"

by (simp add: min_def)

lemma split_max [no_atp]:

  "P (max i j) \<longleftrightarrow> (i \<le> j \<longrightarrow> P j) \<and> (\<not> i \<le> j \<longrightarrow> P i)"

by (simp add: max_def)

end

text {* Explicit dictionaries for code generation *}

lemma min_ord_min [code, code_unfold, code_inline del]:

  "min = ord.min (op \<le>)"

  by (rule ext)+ (simp add: min_def ord.min_def)

declare ord.min_def [code]

lemma max_ord_max [code, code_unfold, code_inline del]:

  "max = ord.max (op \<le>)"

  by (rule ext)+ (simp add: max_def ord.max_def)

declare ord.max_def [code]

subsection {* Reasoning tools setup *}

ML {*

signature ORDERS =

sig

  val print_structures: Proof.context -> unit

  val setup: theory -> theory

  val order_tac: Proof.context -> thm list -> int -> tactic

end;

structure Orders: ORDERS =

struct

(** Theory and context data **)

fun struct_eq ((s1: string, ts1), (s2, ts2)) =

  (s1 = s2) andalso eq_list (op aconv) (ts1, ts2);

structure Data = Generic_Data

(

  type T = ((string * term list) * Order_Tac.less_arith) list;

    (* Order structures:

       identifier of the structure, list of operations and record of theorems

       needed to set up the transitivity reasoner,

       identifier and operations identify the structure uniquely. *)

  val empty = [];

  val extend = I;

  fun merge data = AList.join struct_eq (K fst) data;

);

fun print_structures ctxt =

  let

    val structs = Data.get (Context.Proof ctxt);

    fun pretty_term t = Pretty.block

      [Pretty.quote (Syntax.pretty_term ctxt t), Pretty.brk 1,

        Pretty.str "::", Pretty.brk 1,

        Pretty.quote (Syntax.pretty_typ ctxt (type_of t))];

    fun pretty_struct ((s, ts), _) = Pretty.block

      [Pretty.str s, Pretty.str ":", Pretty.brk 1,

       Pretty.enclose "(" ")" (Pretty.breaks (map pretty_term ts))];

  in

    Pretty.writeln (Pretty.big_list "Order structures:" (map pretty_struct structs))

  end;

(** Method **)

fun struct_tac ((s, [eq, le, less]), thms) ctxt prems =

  let

    fun decomp thy (@{const Trueprop} $ t) =

      let

        fun excluded t =

          (* exclude numeric types: linear arithmetic subsumes transitivity *)

          let val T = type_of t

          in

            T = HOLogic.natT orelse T = HOLogic.intT orelse T = HOLogic.realT

          end;

        fun rel (bin_op $ t1 $ t2) =

              if excluded t1 then NONE

              else if Pattern.matches thy (eq, bin_op) then SOME (t1, "=", t2)

              else if Pattern.matches thy (le, bin_op) then SOME (t1, "<=", t2)

              else if Pattern.matches thy (less, bin_op) then SOME (t1, "<", t2)

              else NONE

          | rel _ = NONE;

        fun dec (Const (@{const_name Not}, _) $ t) = (case rel t

              of NONE => NONE

               | SOME (t1, rel, t2) => SOME (t1, "~" ^ rel, t2))

          | dec x = rel x;

      in dec t end

      | decomp thy _ = NONE;

  in

    case s of

      "order" => Order_Tac.partial_tac decomp thms ctxt prems

    | "linorder" => Order_Tac.linear_tac decomp thms ctxt prems

    | _ => error ("Unknown kind of order `" ^ s ^ "' encountered in transitivity reasoner.")

  end

fun order_tac ctxt prems =

  FIRST' (map (fn s => CHANGED o struct_tac s ctxt prems) (Data.get (Context.Proof ctxt)));

(** Attribute **)

fun add_struct_thm s tag =

  Thm.declaration_attribute

    (fn thm => Data.map (AList.map_default struct_eq (s, Order_Tac.empty TrueI) (Order_Tac.update tag thm)));

fun del_struct s =

  Thm.declaration_attribute

    (fn _ => Data.map (AList.delete struct_eq s));

val attrib_setup =

  Attrib.setup @{binding order}

    (Scan.lift ((Args.add -- Args.name >> (fn (_, s) => SOME s) || Args.del >> K NONE) --|

      Args.colon (* FIXME || Scan.succeed true *) ) -- Scan.lift Args.name --

      Scan.repeat Args.term

      >> (fn ((SOME tag, n), ts) => add_struct_thm (n, ts) tag

           | ((NONE, n), ts) => del_struct (n, ts)))

    "theorems controlling transitivity reasoner";

(** Diagnostic command **)

val _ =

  Outer_Syntax.improper_command "print_orders"

    "print order structures available to transitivity reasoner" Keyword.diag

    (Scan.succeed (Toplevel.no_timing o Toplevel.unknown_context o

        Toplevel.keep (print_structures o Toplevel.context_of)));

(** Setup **)

val setup =

  Method.setup @{binding order} (Scan.succeed (fn ctxt => SIMPLE_METHOD' (order_tac ctxt [])))

    "transitivity reasoner" #>

  attrib_setup;

end;

*}

setup Orders.setup

text {* Declarations to set up transitivity reasoner of partial and linear orders. *}

context order

begin

(* The type constraint on @{term op =} below is necessary since the operation

   is not a parameter of the locale. *)

declare less_irrefl [THEN notE, order add less_reflE: order "op = :: 'a \<Rightarrow> 'a \<Rightarrow> bool" "op <=" "op <"]

declare order_refl  [order add le_refl: order "op = :: 'a => 'a => bool" "op <=" "op <"]

declare less_imp_le [order add less_imp_le: order "op = :: 'a => 'a => bool" "op <=" "op <"]

declare antisym [order add eqI: order "op = :: 'a => 'a => bool" "op <=" "op <"]

declare eq_refl [order add eqD1: order "op = :: 'a => 'a => bool" "op <=" "op <"]

declare sym [THEN eq_refl, order add eqD2: order "op = :: 'a => 'a => bool" "op <=" "op <"]

declare less_trans [order add less_trans: order "op = :: 'a => 'a => bool" "op <=" "op <"]

declare less_le_trans [order add less_le_trans: order "op = :: 'a => 'a => bool" "op <=" "op <"]

declare le_less_trans [order add le_less_trans: order "op = :: 'a => 'a => bool" "op <=" "op <"]

declare order_trans [order add le_trans: order "op = :: 'a => 'a => bool" "op <=" "op <"]

declare le_neq_trans [order add le_neq_trans: order "op = :: 'a => 'a => bool" "op <=" "op <"]

declare neq_le_trans [order add neq_le_trans: order "op = :: 'a => 'a => bool" "op <=" "op <"]

declare less_imp_neq [order add less_imp_neq: order "op = :: 'a => 'a => bool" "op <=" "op <"]

declare eq_neq_eq_imp_neq [order add eq_neq_eq_imp_neq: order "op = :: 'a => 'a => bool" "op <=" "op <"]

declare not_sym [order add not_sym: order "op = :: 'a => 'a => bool" "op <=" "op <"]

end

context linorder

begin

declare [[order del: order "op = :: 'a => 'a => bool" "op <=" "op <"]]

declare less_irrefl [THEN notE, order add less_reflE: linorder "op = :: 'a => 'a => bool" "op <=" "op <"]

declare order_refl [order add le_refl: linorder "op = :: 'a => 'a => bool" "op <=" "op <"]

declare less_imp_le [order add less_imp_le: linorder "op = :: 'a => 'a => bool" "op <=" "op <"]

declare not_less [THEN iffD2, order add not_lessI: linorder "op = :: 'a => 'a => bool" "op <=" "op <"]

declare not_le [THEN iffD2, order add not_leI: linorder "op = :: 'a => 'a => bool" "op <=" "op <"]

declare not_less [THEN iffD1, order add not_lessD: linorder "op = :: 'a => 'a => bool" "op <=" "op <"]

declare not_le [THEN iffD1, order add not_leD: linorder "op = :: 'a => 'a => bool" "op <=" "op <"]

declare antisym [order add eqI: linorder "op = :: 'a => 'a => bool" "op <=" "op <"]

declare eq_refl [order add eqD1: linorder "op = :: 'a => 'a => bool" "op <=" "op <"]

declare sym [THEN eq_refl, order add eqD2: linorder "op = :: 'a => 'a => bool" "op <=" "op <"]

declare less_trans [order add less_trans: linorder "op = :: 'a => 'a => bool" "op <=" "op <"]

declare less_le_trans [order add less_le_trans: linorder "op = :: 'a => 'a => bool" "op <=" "op <"]

declare le_less_trans [order add le_less_trans: linorder "op = :: 'a => 'a => bool" "op <=" "op <"]

declare order_trans [order add le_trans: linorder "op = :: 'a => 'a => bool" "op <=" "op <"]

declare le_neq_trans [order add le_neq_trans: linorder "op = :: 'a => 'a => bool" "op <=" "op <"]

declare neq_le_trans [order add neq_le_trans: linorder "op = :: 'a => 'a => bool" "op <=" "op <"]

declare less_imp_neq [order add less_imp_neq: linorder "op = :: 'a => 'a => bool" "op <=" "op <"]

declare eq_neq_eq_imp_neq [order add eq_neq_eq_imp_neq: linorder "op = :: 'a => 'a => bool" "op <=" "op <"]

declare not_sym [order add not_sym: linorder "op = :: 'a => 'a => bool" "op <=" "op <"]

end

setup {*

let

fun prp t thm = (#prop (rep_thm thm) = t);

fun prove_antisym_le sg ss ((le as Const(_,T)) $ r $ s) =

  let val prems = Simplifier.prems_of ss;

      val less = Const (@{const_name less}, T);

      val t = HOLogic.mk_Trueprop(le $ s $ r);

  in case find_first (prp t) prems of

       NONE =>

         let val t = HOLogic.mk_Trueprop(HOLogic.Not $ (less $ r $ s))

         in case find_first (prp t) prems of

              NONE => NONE

            | SOME thm => SOME(mk_meta_eq(thm RS @{thm linorder_class.antisym_conv1}))

         end

     | SOME thm => SOME(mk_meta_eq(thm RS @{thm order_class.antisym_conv}))

  end

  handle THM _ => NONE;

fun prove_antisym_less sg ss (NotC $ ((less as Const(_,T)) $ r $ s)) =

  let val prems = Simplifier.prems_of ss;

      val le = Const (@{const_name less_eq}, T);

      val t = HOLogic.mk_Trueprop(le $ r $ s);

  in case find_first (prp t) prems of

       NONE =>

         let val t = HOLogic.mk_Trueprop(NotC $ (less $ s $ r))

         in case find_first (prp t) prems of

              NONE => NONE

            | SOME thm => SOME(mk_meta_eq(thm RS @{thm linorder_class.antisym_conv3}))

         end

     | SOME thm => SOME(mk_meta_eq(thm RS @{thm linorder_class.antisym_conv2}))

  end

  handle THM _ => NONE;

fun add_simprocs procs thy =

  Simplifier.map_simpset_global (fn ss => ss

    addsimprocs (map (fn (name, raw_ts, proc) =>

      Simplifier.simproc_global thy name raw_ts proc) procs)) thy;

fun add_solver name tac =

  Simplifier.map_simpset_global (fn ss => ss addSolver

    mk_solver name (fn ss => tac (Simplifier.the_context ss) (Simplifier.prems_of ss)));

in

  add_simprocs [

       ("antisym le", ["(x::'a::order) <= y"], prove_antisym_le),

       ("antisym less", ["~ (x::'a::linorder) < y"], prove_antisym_less)

     ]

  #> add_solver "Transitivity" Orders.order_tac

  (* Adding the transitivity reasoners also as safe solvers showed a slight

     speed up, but the reasoning strength appears to be not higher (at least

     no breaking of additional proofs in the entire HOL distribution, as

     of 5 March 2004, was observed). *)

end

*}

subsection {* Bounded quantifiers *}

syntax

  "_All_less" :: "[idt, 'a, bool] => bool"    ("(3ALL _<_./ _)"  [0, 0, 10] 10)

  "_Ex_less" :: "[idt, 'a, bool] => bool"    ("(3EX _<_./ _)"  [0, 0, 10] 10)

  "_All_less_eq" :: "[idt, 'a, bool] => bool"    ("(3ALL _<=_./ _)" [0, 0, 10] 10)

  "_Ex_less_eq" :: "[idt, 'a, bool] => bool"    ("(3EX _<=_./ _)" [0, 0, 10] 10)

  "_All_greater" :: "[idt, 'a, bool] => bool"    ("(3ALL _>_./ _)"  [0, 0, 10] 10)

  "_Ex_greater" :: "[idt, 'a, bool] => bool"    ("(3EX _>_./ _)"  [0, 0, 10] 10)

  "_All_greater_eq" :: "[idt, 'a, bool] => bool"    ("(3ALL _>=_./ _)" [0, 0, 10] 10)

  "_Ex_greater_eq" :: "[idt, 'a, bool] => bool"    ("(3EX _>=_./ _)" [0, 0, 10] 10)

syntax (xsymbols)

  "_All_less" :: "[idt, 'a, bool] => bool"    ("(3\<forall>_<_./ _)"  [0, 0, 10] 10)

  "_Ex_less" :: "[idt, 'a, bool] => bool"    ("(3\<exists>_<_./ _)"  [0, 0, 10] 10)

  "_All_less_eq" :: "[idt, 'a, bool] => bool"    ("(3\<forall>_\<le>_./ _)" [0, 0, 10] 10)

  "_Ex_less_eq" :: "[idt, 'a, bool] => bool"    ("(3\<exists>_\<le>_./ _)" [0, 0, 10] 10)

  "_All_greater" :: "[idt, 'a, bool] => bool"    ("(3\<forall>_>_./ _)"  [0, 0, 10] 10)

  "_Ex_greater" :: "[idt, 'a, bool] => bool"    ("(3\<exists>_>_./ _)"  [0, 0, 10] 10)

  "_All_greater_eq" :: "[idt, 'a, bool] => bool"    ("(3\<forall>_\<ge>_./ _)" [0, 0, 10] 10)

  "_Ex_greater_eq" :: "[idt, 'a, bool] => bool"    ("(3\<exists>_\<ge>_./ _)" [0, 0, 10] 10)

syntax (HOL)

  "_All_less" :: "[idt, 'a, bool] => bool"    ("(3! _<_./ _)"  [0, 0, 10] 10)

  "_Ex_less" :: "[idt, 'a, bool] => bool"    ("(3? _<_./ _)"  [0, 0, 10] 10)

  "_All_less_eq" :: "[idt, 'a, bool] => bool"    ("(3! _<=_./ _)" [0, 0, 10] 10)

  "_Ex_less_eq" :: "[idt, 'a, bool] => bool"    ("(3? _<=_./ _)" [0, 0, 10] 10)

syntax (HTML output)

  "_All_less" :: "[idt, 'a, bool] => bool"    ("(3\<forall>_<_./ _)"  [0, 0, 10] 10)

  "_Ex_less" :: "[idt, 'a, bool] => bool"    ("(3\<exists>_<_./ _)"  [0, 0, 10] 10)

  "_All_less_eq" :: "[idt, 'a, bool] => bool"    ("(3\<forall>_\<le>_./ _)" [0, 0, 10] 10)

  "_Ex_less_eq" :: "[idt, 'a, bool] => bool"    ("(3\<exists>_\<le>_./ _)" [0, 0, 10] 10)

  "_All_greater" :: "[idt, 'a, bool] => bool"    ("(3\<forall>_>_./ _)"  [0, 0, 10] 10)

  "_Ex_greater" :: "[idt, 'a, bool] => bool"    ("(3\<exists>_>_./ _)"  [0, 0, 10] 10)

  "_All_greater_eq" :: "[idt, 'a, bool] => bool"    ("(3\<forall>_\<ge>_./ _)" [0, 0, 10] 10)

  "_Ex_greater_eq" :: "[idt, 'a, bool] => bool"    ("(3\<exists>_\<ge>_./ _)" [0, 0, 10] 10)

translations

  "ALL x<y. P"   =>  "ALL x. x < y \<longrightarrow> P"

  "EX x<y. P"    =>  "EX x. x < y \<and> P"

  "ALL x<=y. P"  =>  "ALL x. x <= y \<longrightarrow> P"

  "EX x<=y. P"   =>  "EX x. x <= y \<and> P"

  "ALL x>y. P"   =>  "ALL x. x > y \<longrightarrow> P"

  "EX x>y. P"    =>  "EX x. x > y \<and> P"

  "ALL x>=y. P"  =>  "ALL x. x >= y \<longrightarrow> P"

  "EX x>=y. P"   =>  "EX x. x >= y \<and> P"

print_translation {*

let

  val All_binder = Mixfix.binder_name @{const_syntax All};

  val Ex_binder = Mixfix.binder_name @{const_syntax Ex};

  val impl = @{const_syntax HOL.implies};

  val conj = @{const_syntax HOL.conj};

  val less = @{const_syntax less};

  val less_eq = @{const_syntax less_eq};

  val trans =

   [((All_binder, impl, less),

    (@{syntax_const "_All_less"}, @{syntax_const "_All_greater"})),

    ((All_binder, impl, less_eq),

    (@{syntax_const "_All_less_eq"}, @{syntax_const "_All_greater_eq"})),

    ((Ex_binder, conj, less),

    (@{syntax_const "_Ex_less"}, @{syntax_const "_Ex_greater"})),

    ((Ex_binder, conj, less_eq),

    (@{syntax_const "_Ex_less_eq"}, @{syntax_const "_Ex_greater_eq"}))];

  fun matches_bound v t =

    (case t of

      Const (@{syntax_const "_bound"}, _) $ Free (v', _) => v = v'

    | _ => false);

  fun contains_var v = Term.exists_subterm (fn Free (x, _) => x = v | _ => false);

  fun mk v c n P = Syntax.const c $ Syntax_Trans.mark_bound v $ n $ P;

  fun tr' q = (q,

    fn [Const (@{syntax_const "_bound"}, _) $ Free (v, _),

        Const (c, _) $ (Const (d, _) $ t $ u) $ P] =>

        (case AList.lookup (op =) trans (q, c, d) of

          NONE => raise Match

        | SOME (l, g) =>

            if matches_bound v t andalso not (contains_var v u) then mk v l u P

            else if matches_bound v u andalso not (contains_var v t) then mk v g t P

            else raise Match)

     | _ => raise Match);

in [tr' All_binder, tr' Ex_binder] end

*}

subsection {* Transitivity reasoning *}

context ord

begin

lemma ord_le_eq_trans: "a \<le> b \<Longrightarrow> b = c \<Longrightarrow> a \<le> c"

  by (rule subst)

lemma ord_eq_le_trans: "a = b \<Longrightarrow> b \<le> c \<Longrightarrow> a \<le> c"

  by (rule ssubst)

lemma ord_less_eq_trans: "a < b \<Longrightarrow> b = c \<Longrightarrow> a < c"

  by (rule subst)

lemma ord_eq_less_trans: "a = b \<Longrightarrow> b < c \<Longrightarrow> a < c"

  by (rule ssubst)

end

lemma order_less_subst2: "(a::'a::order) < b ==> f b < (c::'c::order) ==>

  (!!x y. x < y ==> f x < f y) ==> f a < c"

proof -

  assume r: "!!x y. x < y ==> f x < f y"

  assume "a < b" hence "f a < f b" by (rule r)

  also assume "f b < c"

  finally (less_trans) show ?thesis .

qed

lemma order_less_subst1: "(a::'a::order) < f b ==> (b::'b::order) < c ==>

  (!!x y. x < y ==> f x < f y) ==> a < f c"

proof -

  assume r: "!!x y. x < y ==> f x < f y"

  assume "a < f b"

  also assume "b < c" hence "f b < f c" by (rule r)

  finally (less_trans) show ?thesis .

qed

lemma order_le_less_subst2: "(a::'a::order) <= b ==> f b < (c::'c::order) ==>

  (!!x y. x <= y ==> f x <= f y) ==> f a < c"

proof -

  assume r: "!!x y. x <= y ==> f x <= f y"

  assume "a <= b" hence "f a <= f b" by (rule r)

  also assume "f b < c"

  finally (le_less_trans) show ?thesis .

qed

lemma order_le_less_subst1: "(a::'a::order) <= f b ==> (b::'b::order) < c ==>

  (!!x y. x < y ==> f x < f y) ==> a < f c"

proof -

  assume r: "!!x y. x < y ==> f x < f y"

  assume "a <= f b"

  also assume "b < c" hence "f b < f c" by (rule r)

  finally (le_less_trans) show ?thesis .

qed

lemma order_less_le_subst2: "(a::'a::order) < b ==> f b <= (c::'c::order) ==>

  (!!x y. x < y ==> f x < f y) ==> f a < c"

proof -

  assume r: "!!x y. x < y ==> f x < f y"

  assume "a < b" hence "f a < f b" by (rule r)

  also assume "f b <= c"

  finally (less_le_trans) show ?thesis .

qed

lemma order_less_le_subst1: "(a::'a::order) < f b ==> (b::'b::order) <= c ==>

  (!!x y. x <= y ==> f x <= f y) ==> a < f c"

proof -

  assume r: "!!x y. x <= y ==> f x <= f y"

  assume "a < f b"

  also assume "b <= c" hence "f b <= f c" by (rule r)

  finally (less_le_trans) show ?thesis .

qed

lemma order_subst1: "(a::'a::order) <= f b ==> (b::'b::order) <= c ==>

  (!!x y. x <= y ==> f x <= f y) ==> a <= f c"

proof -

  assume r: "!!x y. x <= y ==> f x <= f y"

  assume "a <= f b"

  also assume "b <= c" hence "f b <= f c" by (rule r)

  finally (order_trans) show ?thesis .

qed

lemma order_subst2: "(a::'a::order) <= b ==> f b <= (c::'c::order) ==>

  (!!x y. x <= y ==> f x <= f y) ==> f a <= c"

proof -

  assume r: "!!x y. x <= y ==> f x <= f y"

  assume "a <= b" hence "f a <= f b" by (rule r)

  also assume "f b <= c"

  finally (order_trans) show ?thesis .

qed

lemma ord_le_eq_subst: "a <= b ==> f b = c ==>

  (!!x y. x <= y ==> f x <= f y) ==> f a <= c"

proof -

  assume r: "!!x y. x <= y ==> f x <= f y"

  assume "a <= b" hence "f a <= f b" by (rule r)

  also assume "f b = c"

  finally (ord_le_eq_trans) show ?thesis .

qed

lemma ord_eq_le_subst: "a = f b ==> b <= c ==>

  (!!x y. x <= y ==> f x <= f y) ==> a <= f c"

proof -

  assume r: "!!x y. x <= y ==> f x <= f y"

  assume "a = f b"

  also assume "b <= c" hence "f b <= f c" by (rule r)

  finally (ord_eq_le_trans) show ?thesis .

qed

lemma ord_less_eq_subst: "a < b ==> f b = c ==>

  (!!x y. x < y ==> f x < f y) ==> f a < c"

proof -

  assume r: "!!x y. x < y ==> f x < f y"

  assume "a < b" hence "f a < f b" by (rule r)

  also assume "f b = c"

  finally (ord_less_eq_trans) show ?thesis .

qed

lemma ord_eq_less_subst: "a = f b ==> b < c ==>

  (!!x y. x < y ==> f x < f y) ==> a < f c"

proof -

  assume r: "!!x y. x < y ==> f x < f y"

  assume "a = f b"

  also assume "b < c" hence "f b < f c" by (rule r)

  finally (ord_eq_less_trans) show ?thesis .

qed

text {*

  Note that this list of rules is in reverse order of priorities.

*}

lemmas [trans] =

  order_less_subst2

  order_less_subst1

  order_le_less_subst2

  order_le_less_subst1

  order_less_le_subst2

  order_less_le_subst1

  order_subst2

  order_subst1

  ord_le_eq_subst

  ord_eq_le_subst

  ord_less_eq_subst

  ord_eq_less_subst

  forw_subst

  back_subst

  rev_mp

  mp

lemmas (in order) [trans] =

  neq_le_trans

  le_neq_trans

lemmas (in preorder) [trans] =

  less_trans

  less_asym'

  le_less_trans

  less_le_trans

  order_trans

lemmas (in order) [trans] =

  antisym

lemmas (in ord) [trans] =

  ord_le_eq_trans

  ord_eq_le_trans

  ord_less_eq_trans

  ord_eq_less_trans

lemmas [trans] =

  trans

lemmas order_trans_rules =

  order_less_subst2

  order_less_subst1

  order_le_less_subst2

  order_le_less_subst1

  order_less_le_subst2

  order_less_le_subst1

  order_subst2

  order_subst1

  ord_le_eq_subst

  ord_eq_le_subst

  ord_less_eq_subst

  ord_eq_less_subst

  forw_subst

  back_subst

  rev_mp

  mp

  neq_le_trans

  le_neq_trans

  less_trans

  less_asym'

  le_less_trans

  less_le_trans

  order_trans

  antisym

  ord_le_eq_trans

  ord_eq_le_trans

  ord_less_eq_trans

  ord_eq_less_trans

  trans

text {* These support proving chains of decreasing inequalities

    a >= b >= c ... in Isar proofs. *}

lemma xt1:

  "a = b ==> b > c ==> a > c"

  "a > b ==> b = c ==> a > c"

  "a = b ==> b >= c ==> a >= c"

  "a >= b ==> b = c ==> a >= c"

  "(x::'a::order) >= y ==> y >= x ==> x = y"

  "(x::'a::order) >= y ==> y >= z ==> x >= z"

  "(x::'a::order) > y ==> y >= z ==> x > z"

  "(x::'a::order) >= y ==> y > z ==> x > z"

  "(a::'a::order) > b ==> b > a ==> P"

  "(x::'a::order) > y ==> y > z ==> x > z"

  "(a::'a::order) >= b ==> a ~= b ==> a > b"

  "(a::'a::order) ~= b ==> a >= b ==> a > b"

  "a = f b ==> b > c ==> (!!x y. x > y ==> f x > f y) ==> a > f c" 

  "a > b ==> f b = c ==> (!!x y. x > y ==> f x > f y) ==> f a > c"

  "a = f b ==> b >= c ==> (!!x y. x >= y ==> f x >= f y) ==> a >= f c"

  "a >= b ==> f b = c ==> (!! x y. x >= y ==> f x >= f y) ==> f a >= c"

  by auto

lemma xt2:

  "(a::'a::order) >= f b ==> b >= c ==> (!!x y. x >= y ==> f x >= f y) ==> a >= f c"

by (subgoal_tac "f b >= f c", force, force)

lemma xt3: "(a::'a::order) >= b ==> (f b::'b::order) >= c ==> 

    (!!x y. x >= y ==> f x >= f y) ==> f a >= c"

by (subgoal_tac "f a >= f b", force, force)

lemma xt4: "(a::'a::order) > f b ==> (b::'b::order) >= c ==>

  (!!x y. x >= y ==> f x >= f y) ==> a > f c"

by (subgoal_tac "f b >= f c", force, force)

lemma xt5: "(a::'a::order) > b ==> (f b::'b::order) >= c==>

    (!!x y. x > y ==> f x > f y) ==> f a > c"

by (subgoal_tac "f a > f b", force, force)

lemma xt6: "(a::'a::order) >= f b ==> b > c ==>

    (!!x y. x > y ==> f x > f y) ==> a > f c"

by (subgoal_tac "f b > f c", force, force)

lemma xt7: "(a::'a::order) >= b ==> (f b::'b::order) > c ==>

    (!!x y. x >= y ==> f x >= f y) ==> f a > c"

by (subgoal_tac "f a >= f b", force, force)

lemma xt8: "(a::'a::order) > f b ==> (b::'b::order) > c ==>

    (!!x y. x > y ==> f x > f y) ==> a > f c"

by (subgoal_tac "f b > f c", force, force)

lemma xt9: "(a::'a::order) > b ==> (f b::'b::order) > c ==>

    (!!x y. x > y ==> f x > f y) ==> f a > c"

by (subgoal_tac "f a > f b", force, force)

lemmas xtrans = xt1 xt2 xt3 xt4 xt5 xt6 xt7 xt8 xt9

(* 

  Since "a >= b" abbreviates "b <= a", the abbreviation "..." stands

  for the wrong thing in an Isar proof.

  The extra transitivity rules can be used as follows: 

lemma "(a::'a::order) > z"

proof -

  have "a >= b" (is "_ >= ?rhs")

    sorry

  also have "?rhs >= c" (is "_ >= ?rhs")

    sorry

  also (xtrans) have "?rhs = d" (is "_ = ?rhs")

    sorry

  also (xtrans) have "?rhs >= e" (is "_ >= ?rhs")

    sorry

  also (xtrans) have "?rhs > f" (is "_ > ?rhs")

    sorry

  also (xtrans) have "?rhs > z"

    sorry

  finally (xtrans) show ?thesis .

qed

  Alternatively, one can use "declare xtrans [trans]" and then

  leave out the "(xtrans)" above.

*)

subsection {* Monotonicity, least value operator and min/max *}

context order

begin

definition mono :: "('a \<Rightarrow> 'b\<Colon>order) \<Rightarrow> bool" where

  "mono f \<longleftrightarrow> (\<forall>x y. x \<le> y \<longrightarrow> f x \<le> f y)"

lemma monoI [intro?]:

  fixes f :: "'a \<Rightarrow> 'b\<Colon>order"

  shows "(\<And>x y. x \<le> y \<Longrightarrow> f x \<le> f y) \<Longrightarrow> mono f"

  unfolding mono_def by iprover

lemma monoD [dest?]:

  fixes f :: "'a \<Rightarrow> 'b\<Colon>order"

  shows "mono f \<Longrightarrow> x \<le> y \<Longrightarrow> f x \<le> f y"

  unfolding mono_def by iprover

definition strict_mono :: "('a \<Rightarrow> 'b\<Colon>order) \<Rightarrow> bool" where

  "strict_mono f \<longleftrightarrow> (\<forall>x y. x < y \<longrightarrow> f x < f y)"

lemma strict_monoI [intro?]:

  assumes "\<And>x y. x < y \<Longrightarrow> f x < f y"

  shows "strict_mono f"

  using assms unfolding strict_mono_def by auto

lemma strict_monoD [dest?]: