Theory AOT_model

1(*<*)
2theory AOT_model
3  imports Main "HOL-Cardinals.Cardinals"
4begin
5
6declare[[typedef_overloaded]]
7(*>*)
8
9section‹References›
10
11text‹
12A full description of this formalization including references can be found
13at @{url ‹http://dx.doi.org/10.17169/refubium-35141›}.
14
15The version of Principia Logico-Metaphysica (PLM) implemented in this formalization
16can be found at @{url ‹http://mally.stanford.edu/principia-2021-10-13.pdf›}, while
17the latest version of PLM is available at @{url ‹http://mally.stanford.edu/principia.pdf›}.
18
19›
20
21section‹Model for the Logic of AOT›
22
23text‹We introduce a primitive type for hyperintensional propositions.›
24typedecl 𝗈
25
26text‹To be able to model modal operators following Kripke semantics,
27     we introduce a primitive type for possible worlds and assert, by axiom,
28     that there is a surjective function mapping propositions to the
29     boolean-valued functions acting on possible worlds. We call the result
30     of applying this function to a proposition the Montague intension
31     of the proposition.›
32typedecl w ―‹The primtive type of possible worlds.›
33axiomatization AOT_model_d𝗈 :: ‹𝗈⇒(w⇒bool)› where
34  d𝗈_surj: ‹surj AOT_model_d𝗈›
35
36text‹The axioms of PLM require the existence of a non-actual world.›
37consts w⇩0 :: w ―‹The designated actual world.›
38axiomatization where AOT_model_nonactual_world: ‹∃w . w ≠ w⇩0›
39
40text‹Validity of a proposition in a given world can now be modelled as the result
41     of applying that world to the Montague intension of the proposition.›
42definition AOT_model_valid_in :: ‹w⇒𝗈⇒bool› where
43  ‹AOT_model_valid_in w φ ≡ AOT_model_d𝗈 φ w›
44
45text‹By construction, we can choose a proposition for any given Montague intension,
46     s.t. the proposition is valid in a possible world iff the Montague intension
47     evaluates to true at that world.›
48definition AOT_model_proposition_choice :: ‹(w⇒bool) ⇒ 𝗈› (binder ‹ε⇩𝗈 › 8)
49  where ‹ε⇩𝗈 w. φ w ≡ (inv AOT_model_d𝗈) φ›
50lemma AOT_model_proposition_choice_simp: ‹AOT_model_valid_in w (ε⇩𝗈 w. φ w) = φ w›
51  by (simp add: surj_f_inv_f[OF d𝗈_surj] AOT_model_valid_in_def
52                AOT_model_proposition_choice_def)
53
54text‹Nitpick can trivially show that there are models for the axioms above.›
55lemma ‹True› nitpick[satisfy, user_axioms, expect = genuine] ..
56
57typedecl ω ―‹The primtive type of ordinary objects/urelements.›
58
59text‹Validating extended relation comprehension requires a large set of
60     special urelements. For simple models that do not validate extended
61     relation comprehension (and consequently the predecessor axiom in the
62     theory of natural numbers), it suffices to use a primitive type as @{text σ},
63     i.e. @{theory_text ‹typedecl σ›}.›
64typedecl σ'
65typedef σ = ‹UNIV::((ω ⇒ w ⇒ bool) set × (ω ⇒ w ⇒ bool) set × σ') set› ..
66
67typedecl null ― ‹Null-urelements representing non-denoting terms.›
68
69datatype υ = ωυ ω | συ σ | is_nullυ: nullυ null ― ‹Type of urelements›
70
71text‹Urrelations are proposition-valued functions on urelements.
72     Urrelations are required to evaluate to necessarily false propositions for
73     null-urelements (note that there may be several distinct necessarily false
74     propositions).›
75typedef urrel = ‹{ φ . ∀ x w . ¬AOT_model_valid_in w (φ (nullυ x)) }›
76  by (rule exI[where x=‹λ x . (ε⇩𝗈 w . ¬is_nullυ x)›])
77     (auto simp: AOT_model_proposition_choice_simp)
78
79text‹Abstract objects will be modelled as sets of urrelations and will
80     have to be mapped surjectively into the set of special urelements.
81     We show that any mapping from abstract objects to special urelements
82     has to involve at least one large set of collapsed abstract objects.
83     We will use this fact to extend arbitrary mappings from abstract objects
84     to special urelements to surjective mappings.›
85lemma ασ_pigeonhole:
86  ― ‹For any arbitrary mapping @{term ασ} from sets of urrelations to special
87     urelements, there exists an abstract object x, s.t. the cardinal of the set
88     of special urelements is strictly smaller than the cardinal of the set of
89     abstract objects that are mapped to the same urelement as x under @{term ασ}.›
90  ‹∃x . |UNIV::σ set| <o |{y . ασ x = ασ y}|›
91  for ασ :: ‹urrel set ⇒ σ›
92proof(rule ccontr)
93  have card_σ_set_set_bound: ‹|UNIV::σ set set| ≤o |UNIV::urrel set|›
94  proof -
95    let ?pick = ‹λu s . ε⇩𝗈 w . case u of (συ s') ⇒ s' ∈ s | _ ⇒ False›
96    have ‹∃f :: σ set ⇒ urrel . inj f›
97    proof
98      show ‹inj (λs . Abs_urrel (λu . ?pick u s))›
99      proof(rule injI)
100        fix x y
101        assume ‹Abs_urrel (λu. ?pick u x) = Abs_urrel (λu. ?pick u y)›
102        hence ‹(λu. ?pick u x) = (λu. ?pick u y)›
103          by (auto intro!: Abs_urrel_inject[THEN iffD1]
104                     simp: AOT_model_proposition_choice_simp)
105        hence ‹AOT_model_valid_in w⇩0 (?pick (συ s) x) =
106               AOT_model_valid_in w⇩0 (?pick (συ s) y)›
107          for s by metis
108        hence ‹(s ∈ x) = (s ∈ y)› for s
109          by (auto simp: AOT_model_proposition_choice_simp)
110        thus ‹x = y›
111          by blast
112      qed
113    qed
114    thus ?thesis
115      by (metis card_of_image inj_imp_surj_inv)
116  qed
117
118  text‹Assume, for a proof by contradiction, that there is no large collapsed set.›
119  assume ‹∄x . |UNIV::σ set| <o |{y . ασ x = ασ y}|›
120  hence A: ‹∀x . |{y . ασ x = ασ y}| ≤o |UNIV::σ set|›
121    by auto
122  have union_univ: ‹(⋃x ∈ range(inv ασ) . {y . ασ x = ασ y}) = UNIV›
123    by auto (meson f_inv_into_f range_eqI)
124
125  text‹We refute by case distinction: there is either finitely many or
126       infinitely many special urelements and in both cases we can derive
127       a contradiction from the assumption above.›
128  {
129    text‹Finite case.›
130    assume finite_σ_set: ‹finite (UNIV::σ set)›
131    hence finite_collapsed: ‹finite {y . ασ x = ασ y}› for x
132      using A card_of_ordLeq_infinite by blast
133    hence 0: ‹∀x . card {y . ασ x = ασ y} ≤ card (UNIV::σ set)›
134      by (metis A finite_σ_set card_of_ordLeq inj_on_iff_card_le)
135    have 1: ‹card (range (inv ασ)) ≤ card (UNIV::σ set)›
136      using finite_σ_set card_image_le by blast
137    hence 2: ‹finite (range (inv ασ))›
138      using finite_σ_set by blast
139
140    define n where ‹n = card (UNIV::urrel set set)›
141    define m where ‹m = card (UNIV::σ set)›
142
143    have ‹n = card (⋃x ∈ range(inv ασ) . {y . ασ x = ασ y})›
144      unfolding n_def using union_univ by argo
145    also have ‹… ≤ (∑i∈range (inv ασ). card {y. ασ i = ασ y})›
146      using card_UN_le 2 by blast
147    also have ‹… ≤ (∑i∈range (inv ασ). card (UNIV::σ set))›
148      by (metis (no_types, lifting) 0 sum_mono)
149    also have ‹… ≤ card (range (inv ασ)) * card (UNIV::σ set)›
150      using sum_bounded_above by auto
151    also have ‹… ≤ card (UNIV::σ set) * card (UNIV::σ set)›
152      using 1 by force
153    also have ‹… = m*m›
154      unfolding m_def by blast
155    finally have n_upper: ‹n ≤ m*m›.
156
157    have ‹finite (⋃x ∈ range(inv ασ) . {y . ασ x = ασ y})›
158      using 2 finite_collapsed by blast
159    hence finite_αset: ‹finite (UNIV::urrel set set)›
160      using union_univ by argo
161
162    have ‹2^2^m = (2::nat)^(card (UNIV::σ set set))›
163      by (metis Pow_UNIV card_Pow finite_σ_set m_def)
164    moreover have ‹card (UNIV::σ set set) ≤ (card (UNIV::urrel set))›
165      using card_σ_set_set_bound
166      by (meson Finite_Set.finite_set card_of_ordLeq finite_αset
167                finite_σ_set inj_on_iff_card_le)
168    ultimately have ‹2^2^m ≤ (2::nat)^(card (UNIV:: urrel set))›
169      by simp
170    also have ‹… = n›
171      unfolding n_def
172      by (metis Finite_Set.finite_set Pow_UNIV card_Pow finite_αset)
173    finally have ‹2^2^m ≤ n› by blast
174    hence ‹2^2^m ≤ m*m› using n_upper by linarith
175    moreover {
176      have ‹(2::nat)^(2^m) ≥ (2^(m + 1))›
177        by (metis Suc_eq_plus1 Suc_leI less_exp one_le_numeral power_increasing)
178      also have ‹(2^(m + 1)) = (2::nat) * 2^m›
179        by auto
180      have ‹m < 2^m›
181        by (simp add: less_exp)
182      hence ‹m*m < (2^m)*(2^m)›
183        by (simp add: mult_strict_mono)
184      moreover have ‹… = 2^(m+m)›
185        by (simp add: power_add)
186      ultimately have ‹m*m < 2 ^ (m + m)› by presburger
187      moreover have ‹m+m ≤ 2^m›
188      proof (induct m)
189        case 0
190        thus ?case by auto
191      next
192        case (Suc m)
193        thus ?case
194          by (metis Suc_leI less_exp mult_2 mult_le_mono2 power_Suc)
195      qed
196      ultimately have ‹m*m < 2^2^m›
197        by (meson less_le_trans one_le_numeral power_increasing)
198    }
199    ultimately have False by auto
200  }
201  moreover {
202    text‹Infinite case.›
203    assume ‹infinite (UNIV::σ set)›
204    hence Cinfσ: ‹Cinfinite |UNIV::σ set|›
205      by (simp add: cinfinite_def)
206    have 1: ‹|range (inv ασ)| ≤o |UNIV::σ set|›
207      by auto
208    have 2: ‹∀i∈range (inv ασ). |{y . ασ i = ασ y}| ≤o |UNIV::σ set|›
209    proof
210      fix i :: ‹urrel set›
211      assume ‹i ∈ range (inv ασ)›
212      show ‹|{y . ασ i = ασ y}| ≤o |UNIV::σ set|›
213        using A by blast
214    qed
215    have ‹|⋃ ((λi. {y. ασ i = ασ y}) ` (range (inv ασ)))| ≤o
216                   |Sigma (range (inv ασ)) (λi. {y. ασ i = ασ y})|›
217      using card_of_UNION_Sigma by blast
218    hence ‹|UNIV::urrel set set| ≤o
219           |Sigma (range (inv ασ)) (λi. {y. ασ i = ασ y})|›
220      using union_univ by argo
221    moreover have ‹|Sigma (range (inv ασ)) (λi. {y. ασ i = ασ y})| ≤o |UNIV::σ set|›
222      using card_of_Sigma_ordLeq_Cinfinite[OF Cinfσ, OF 1, OF 2] by blast
223    ultimately have ‹|UNIV::urrel set set| ≤o |UNIV::σ set|›
224      using ordLeq_transitive by blast
225    moreover {
226      have ‹|UNIV::σ set| <o |UNIV::σ set set|›
227        by auto
228      moreover have ‹|UNIV::σ set set| ≤o |UNIV::urrel set|›
229        using card_σ_set_set_bound by blast
230      moreover have ‹|UNIV::urrel set| <o |UNIV::urrel set set|›
231        by auto
232      ultimately have ‹|UNIV::σ set| <o |UNIV::urrel set set|›
233        by (metis ordLess_imp_ordLeq ordLess_ordLeq_trans)
234    }
235    ultimately have False
236      using not_ordLeq_ordLess by blast
237  }
238  ultimately show False by blast
239qed
240
241text‹We introduce a mapping from abstract objects (i.e. sets of urrelations) to
242     special urelements @{text ‹ασ›} that is surjective and distinguishes all
243     abstract objects that are distinguished by a (not necessarily surjective)
244     mapping @{text ‹ασ'›}. @{text ‹ασ'›} will be used to model extended relation
245     comprehension.›
246consts ασ' :: ‹urrel set ⇒ σ›
247consts ασ :: ‹urrel set ⇒ σ›
248
249specification(ασ)
250  ασ_surj: ‹surj ασ›
251  ασ_ασ': ‹ασ x = ασ y ⟹ ασ' x = ασ' y›
252proof -
253  obtain x where x_prop: ‹|UNIV::σ set| <o |{y. ασ' x = ασ' y}|›
254    using ασ_pigeonhole by blast
255  have ‹∃f :: urrel set ⇒ σ . f ` {y. ασ' x = ασ' y} = UNIV ∧ f x = ασ' x›
256  proof -
257    have ‹∃f :: urrel set ⇒ σ . f ` {y. ασ' x = ασ' y} = UNIV›
258      by (simp add: x_prop card_of_ordLeq2 ordLess_imp_ordLeq)
259    then obtain f :: ‹urrel set ⇒ σ› where ‹f ` {y. ασ' x = ασ' y} = UNIV›
260      by presburger
261    moreover obtain a where ‹f a = ασ' x› and ‹ασ' a = ασ' x›
262      by (smt (verit, best) calculation UNIV_I image_iff mem_Collect_eq)
263    ultimately have ‹(f (a := f x, x := f a)) ` {y. ασ' x = ασ' y} = UNIV ∧
264                      (f (a := f x, x := f a)) x = ασ' x›
265      by (auto simp: image_def)
266    thus ?thesis by blast
267  qed
268  then obtain f where fimage: ‹f ` {y. ασ' x = ασ' y} = UNIV›
269                  and fx: ‹f x = ασ' x›
270    by blast
271
272  define ασ :: ‹urrel set ⇒ σ› where
273    ‹ασ ≡ λ urrels . if ασ' urrels = ασ' x ∧ f urrels ∉ range ασ'
274                      then f urrels
275                      else ασ' urrels›
276  have ‹surj ασ›
277  proof -
278    {
279    fix s :: σ
280    {
281      assume ‹s ∈ range ασ'›
282      hence 0: ‹ασ' (inv ασ' s) = s›
283        by (meson f_inv_into_f)
284      {
285        assume ‹s = ασ' x›
286        hence ‹ασ x = s›
287          using ασ_def fx by presburger
288        hence ‹∃f . ασ (f s) = s›
289          by auto
290      }
291      moreover {
292        assume ‹s ≠ ασ' x›
293        hence ‹ασ (inv ασ' s) = s›
294          unfolding ασ_def 0 by presburger
295        hence ‹∃f . ασ (f s) = s›
296          by blast
297      }
298      ultimately have ‹∃f . ασ (f s) = s›
299        by blast
300    }
301    moreover {
302      assume ‹s ∉ range ασ'›
303      moreover obtain urrels where ‹f urrels = s› and ‹ασ' x = ασ' urrels›
304        by (smt (verit, best) UNIV_I fimage image_iff mem_Collect_eq)
305      ultimately have ‹ασ urrels = s›
306        using ασ_def by presburger
307      hence ‹∃f . ασ (f s) = s›
308        by (meson f_inv_into_f range_eqI)
309    }
310    ultimately have ‹∃f . ασ (f s) = s›
311      by blast
312    }
313    thus ?thesis
314      by (metis surj_def)
315  qed
316  moreover have ‹∀x y. ασ x = ασ y ⟶ ασ' x = ασ' y›
317    by (metis ασ_def rangeI)
318  ultimately show ?thesis
319    by blast
320qed
321
322text‹For extended models that validate extended relation comprehension
323     (and consequently the predecessor axiom), we specify which
324     abstract objects are distinguished by @{const ασ'}.›
325
326definition urrel_to_ωrel :: ‹urrel ⇒ (ω ⇒ w ⇒ bool)› where
327  ‹urrel_to_ωrel ≡ λ r u w . AOT_model_valid_in w (Rep_urrel r (ωυ u))›
328definition ωrel_to_urrel :: ‹(ω ⇒ w ⇒ bool) ⇒ urrel› where
329  ‹ωrel_to_urrel ≡ λ φ . Abs_urrel
330    (λ u . ε⇩𝗈 w . case u of ωυ x ⇒ φ x w | _ ⇒ False)›
331
332definition AOT_urrel_ωequiv :: ‹urrel ⇒ urrel ⇒ bool› where
333  ‹AOT_urrel_ωequiv ≡ λ r s . ∀ u v . AOT_model_valid_in v (Rep_urrel r (ωυ u)) =
334                                       AOT_model_valid_in v (Rep_urrel s (ωυ u))›
335
336lemma urrel_ωrel_quot: ‹Quotient3 AOT_urrel_ωequiv urrel_to_ωrel ωrel_to_urrel›
337proof(rule Quotient3I)
338  show ‹urrel_to_ωrel (ωrel_to_urrel a) = a› for a
339    unfolding ωrel_to_urrel_def urrel_to_ωrel_def
340    apply (rule ext)
341    apply (subst Abs_urrel_inverse)
342    by (auto simp: AOT_model_proposition_choice_simp)
343next
344  show ‹AOT_urrel_ωequiv (ωrel_to_urrel a) (ωrel_to_urrel a)› for a
345    unfolding ωrel_to_urrel_def AOT_urrel_ωequiv_def
346    apply (subst (1 2) Abs_urrel_inverse)
347    by (auto simp: AOT_model_proposition_choice_simp)
348next
349  show ‹AOT_urrel_ωequiv r s = (AOT_urrel_ωequiv r r ∧ AOT_urrel_ωequiv s s ∧
350                                urrel_to_ωrel r = urrel_to_ωrel s)› for r s
351  proof
352    assume ‹AOT_urrel_ωequiv r s›
353    hence ‹AOT_model_valid_in v (Rep_urrel r (ωυ u)) =
354           AOT_model_valid_in v (Rep_urrel s (ωυ u))› for u v
355      using AOT_urrel_ωequiv_def by metis
356    hence ‹urrel_to_ωrel r = urrel_to_ωrel s›
357      unfolding urrel_to_ωrel_def
358      by simp
359    thus ‹AOT_urrel_ωequiv r r ∧ AOT_urrel_ωequiv s s ∧
360          urrel_to_ωrel r = urrel_to_ωrel s›
361      unfolding AOT_urrel_ωequiv_def
362      by auto
363  next
364    assume ‹AOT_urrel_ωequiv r r ∧ AOT_urrel_ωequiv s s ∧
365            urrel_to_ωrel r = urrel_to_ωrel s›
366    hence ‹AOT_model_valid_in v (Rep_urrel r (ωυ u)) =
367           AOT_model_valid_in v (Rep_urrel s (ωυ u))› for u v
368      by (metis urrel_to_ωrel_def)
369    thus ‹AOT_urrel_ωequiv r s›
370      using AOT_urrel_ωequiv_def by presburger
371  qed
372qed
373
374specification (ασ')
375  ασ_eq_ord_exts_all:
376    ‹ασ' a = ασ' b ⟹ (⋀s . urrel_to_ωrel s = urrel_to_ωrel r ⟹ s ∈ a)
377      ⟹ (⋀ s . urrel_to_ωrel s = urrel_to_ωrel r ⟹ s ∈ b)›
378  ασ_eq_ord_exts_ex:
379    ‹ασ' a = ασ' b ⟹ (∃ s . s ∈ a ∧ urrel_to_ωrel s = urrel_to_ωrel r)
380      ⟹ (∃s . s ∈ b ∧ urrel_to_ωrel s = urrel_to_ωrel r)›
381proof -
382  define ασ_wit_intersection where
383      ‹ασ_wit_intersection ≡ λ urrels .
384        {ordext . ∀urrel . urrel_to_ωrel urrel = ordext ⟶ urrel ∈ urrels}›
385  define ασ_wit_union where
386      ‹ασ_wit_union ≡ λ urrels .
387        {ordext . ∃urrel∈urrels . urrel_to_ωrel urrel = ordext}›
388
389  let ?ασ_wit = ‹λ urrels . 
390    let ordexts = ασ_wit_intersection urrels in
391    let ordexts' = ασ_wit_union urrels in
392    (ordexts, ordexts', undefined)›
393  define ασ_wit :: ‹urrel set ⇒ σ› where
394    ‹ασ_wit ≡ λ urrels . Abs_σ (?ασ_wit urrels)›
395  {
396    fix a b :: ‹urrel set› and r s
397    assume ‹ασ_wit a = ασ_wit b›
398    hence 0: ‹{ordext. ∀urrel. urrel_to_ωrel urrel = ordext ⟶ urrel ∈ a} =
399              {ordext. ∀urrel. urrel_to_ωrel urrel = ordext ⟶ urrel ∈ b}›
400      unfolding ασ_wit_def Let_def
401      apply (subst (asm) Abs_σ_inject)
402      by (auto simp: ασ_wit_intersection_def ασ_wit_union_def)
403    assume ‹urrel_to_ωrel s = urrel_to_ωrel r ⟹ s ∈ a› for s
404    hence ‹urrel_to_ωrel r ∈
405           {ordext. ∀urrel. urrel_to_ωrel urrel = ordext ⟶ urrel ∈ a}›
406      by auto
407    hence ‹urrel_to_ωrel r ∈
408           {ordext. ∀urrel. urrel_to_ωrel urrel = ordext ⟶ urrel ∈ b}›
409      using 0 by blast
410    moreover assume ‹urrel_to_ωrel s = urrel_to_ωrel r›
411    ultimately have ‹s ∈ b›
412      by blast
413  }
414  moreover {
415    fix a b :: ‹urrel set› and s r
416    assume ‹ασ_wit a = ασ_wit b›
417    hence 0: ‹{ordext. ∃urrel ∈ a. urrel_to_ωrel urrel = ordext} =
418              {ordext. ∃urrel ∈ b. urrel_to_ωrel urrel = ordext}›
419      unfolding ασ_wit_def
420      apply (subst (asm) Abs_σ_inject)
421      by (auto simp: Let_def ασ_wit_intersection_def ασ_wit_union_def)
422    assume ‹s ∈ a›
423    hence ‹urrel_to_ωrel s ∈ {ordext. ∃urrel ∈ a. urrel_to_ωrel urrel = ordext}›
424      by blast
425    moreover assume ‹urrel_to_ωrel s = urrel_to_ωrel r›
426    ultimately have ‹urrel_to_ωrel r ∈
427                     {ordext. ∃urrel ∈ b. urrel_to_ωrel urrel = ordext}›
428      using "0" by argo
429    hence ‹∃s. s ∈ b ∧ urrel_to_ωrel s = urrel_to_ωrel r›
430      by blast
431  }
432  ultimately show ?thesis
433    by (safe intro!: exI[where x=ασ_wit]; metis)
434qed
435
436text‹We enable the extended model version.›
437abbreviation (input) AOT_ExtendedModel where ‹AOT_ExtendedModel ≡ True›
438
439text‹Individual terms are either ordinary objects, represented by ordinary urelements,
440     abstract objects, modelled as sets of urrelations, or null objects, used to
441     represent non-denoting definite descriptions.›
442datatype κ = ωκ ω | ακ ‹urrel set› | is_nullκ: nullκ null
443
444text‹The mapping from abstract objects to urelements can be naturally
445     lifted to a surjective mapping from individual terms to urelements.›
446primrec κυ :: ‹κ⇒υ› where
447  ‹κυ (ωκ x) = ωυ x›
448| ‹κυ (ακ x) = συ (ασ x)›
449| ‹κυ (nullκ x) = nullυ x›
450
451lemma κυ_surj: ‹surj κυ›
452  using ασ_surj by (metis κυ.simps(1) κυ.simps(2) κυ.simps(3) υ.exhaust surj_def)
453
454text‹By construction if the urelement of an individual term is exemplified by
455     an urrelation, it cannot be a null-object.›
456lemma urrel_null_false:
457  assumes ‹AOT_model_valid_in w (Rep_urrel f (κυ x))›
458  shows ‹¬is_nullκ x›
459  by (metis (mono_tags, lifting) assms Rep_urrel κ.collapse(3) κυ.simps(3)
460        mem_Collect_eq)
461
462text‹AOT requires any ordinary object to be @{emph ‹possibly concrete›} and that
463     there is an object that is not actually, but possibly concrete.›
464consts AOT_model_concreteω :: ‹ω ⇒ w ⇒  bool›
465specification (AOT_model_concreteω)
466  AOT_model_ω_concrete_in_some_world:
467  ‹∃ w . AOT_model_concreteω x w›
468  AOT_model_contingent_object:
469  ‹∃ x w . AOT_model_concreteω x w ∧ ¬AOT_model_concreteω x w⇩0›
470  by (rule exI[where x=‹λ_ w. w ≠ w⇩0›]) (auto simp: AOT_model_nonactual_world)
471
472text‹We define a type class for AOT's terms specifying the conditions under which
473     objects of that type denote and require the set of denoting terms to be
474     non-empty.›
475class AOT_Term =
476  fixes AOT_model_denotes :: ‹'a ⇒ bool›
477  assumes AOT_model_denoting_ex: ‹∃ x . AOT_model_denotes x›
478
479text‹All types except the type of propositions involve non-denoting terms. We
480     define a refined type class for those.›
481class AOT_IncompleteTerm = AOT_Term +
482  assumes AOT_model_nondenoting_ex: ‹∃ x . ¬AOT_model_denotes x›
483
484text‹Generic non-denoting term.›
485definition AOT_model_nondenoting :: ‹'a::AOT_IncompleteTerm› where
486  ‹AOT_model_nondenoting ≡ SOME τ . ¬AOT_model_denotes τ›
487lemma AOT_model_nondenoing: ‹¬AOT_model_denotes (AOT_model_nondenoting)›
488  using someI_ex[OF AOT_model_nondenoting_ex]
489  unfolding AOT_model_nondenoting_def by blast
490
491text‹@{const AOT_model_denotes} can trivially be extended to products of types.›
492instantiation prod :: (AOT_Term, AOT_Term) AOT_Term
493begin
494definition AOT_model_denotes_prod :: ‹'a×'b ⇒ bool› where
495  ‹AOT_model_denotes_prod ≡ λ(x,y) . AOT_model_denotes x ∧ AOT_model_denotes y›
496instance proof
497  show ‹∃x::'a×'b. AOT_model_denotes x›
498    by (simp add: AOT_model_denotes_prod_def AOT_model_denoting_ex)
499qed
500end
501
502text‹We specify a transformation of proposition-valued functions on terms, s.t.
503     the result is fully determined by @{emph ‹regular›} terms. This will be required
504     for modelling n-ary relations as functions on tuples while preserving AOT's
505     definition of n-ary relation identity.›
506locale AOT_model_irregular_spec =
507  fixes AOT_model_irregular :: ‹('a ⇒ 𝗈) ⇒ 'a ⇒ 𝗈›
508    and AOT_model_regular :: ‹'a ⇒ bool›
509    and AOT_model_term_equiv :: ‹'a ⇒ 'a ⇒ bool›
510  assumes AOT_model_irregular_false:
511    ‹¬AOT_model_valid_in w (AOT_model_irregular φ x)›
512  assumes AOT_model_irregular_equiv:
513    ‹AOT_model_term_equiv x y ⟹
514     AOT_model_irregular φ x = AOT_model_irregular φ y›
515  assumes AOT_model_irregular_eqI:
516    ‹(⋀ x . AOT_model_regular x ⟹ φ x = ψ x) ⟹
517     AOT_model_irregular φ x = AOT_model_irregular ψ x›
518
519text‹We introduce a type class for individual terms that specifies being regular,
520     being equivalent (i.e. conceptually @{emph ‹sharing urelements›}) and the
521     transformation on proposition-valued functions as specified above.›
522class AOT_IndividualTerm = AOT_IncompleteTerm +
523  fixes AOT_model_regular :: ‹'a ⇒ bool›
524  fixes AOT_model_term_equiv :: ‹'a ⇒ 'a ⇒ bool›
525  fixes AOT_model_irregular :: ‹('a ⇒ 𝗈) ⇒ 'a ⇒ 𝗈›
526  assumes AOT_model_irregular_nondenoting:
527    ‹¬AOT_model_regular x ⟹ ¬AOT_model_denotes x›
528  assumes AOT_model_term_equiv_part_equivp:
529    ‹equivp AOT_model_term_equiv›
530  assumes AOT_model_term_equiv_denotes:
531    ‹AOT_model_term_equiv x y ⟹ (AOT_model_denotes x = AOT_model_denotes y)›
532  assumes AOT_model_term_equiv_regular:
533    ‹AOT_model_term_equiv x y ⟹ (AOT_model_regular x = AOT_model_regular y)›
534  assumes AOT_model_irregular:
535    ‹AOT_model_irregular_spec AOT_model_irregular AOT_model_regular
536                              AOT_model_term_equiv›
537
538interpretation AOT_model_irregular_spec AOT_model_irregular AOT_model_regular
539                                        AOT_model_term_equiv
540  using AOT_model_irregular .
541
542text‹Our concrete type for individual terms satisfies the type class of
543     individual terms.
544     Note that all unary individuals are regular. In general, an individual term
545     may be a tuple and is regular, if at most one tuple element does not denote.›
546instantiation κ :: AOT_IndividualTerm
547begin
548definition AOT_model_term_equiv_κ :: ‹κ ⇒ κ ⇒ bool› where
549  ‹AOT_model_term_equiv_κ ≡ λ x y . κυ x = κυ y›
550definition AOT_model_denotes_κ :: ‹κ ⇒ bool› where
551  ‹AOT_model_denotes_κ ≡ λ x . ¬is_nullκ x›
552definition AOT_model_regular_κ :: ‹κ ⇒ bool› where
553  ‹AOT_model_regular_κ ≡ λ x . True›
554definition AOT_model_irregular_κ :: ‹(κ ⇒ 𝗈) ⇒ κ ⇒ 𝗈› where
555  ‹AOT_model_irregular_κ ≡ SOME φ . AOT_model_irregular_spec φ
556                                        AOT_model_regular AOT_model_term_equiv›
557instance proof
558  show ‹∃x :: κ. AOT_model_denotes x›
559    by (rule exI[where x=‹ωκ undefined›])
560       (simp add: AOT_model_denotes_κ_def)
561next
562  show ‹∃x :: κ. ¬AOT_model_denotes x›
563    by (rule exI[where x=‹nullκ undefined›])
564       (simp add: AOT_model_denotes_κ_def AOT_model_regular_κ_def)
565next
566  show "¬AOT_model_regular x ⟹ ¬ AOT_model_denotes x" for x :: κ
567    by (simp add: AOT_model_regular_κ_def)
568next
569  show ‹equivp (AOT_model_term_equiv :: κ ⇒ κ ⇒ bool)›
570    by (rule equivpI; rule reflpI exI sympI transpI)
571       (simp_all add: AOT_model_term_equiv_κ_def)
572next
573  fix x y :: κ
574  show ‹AOT_model_term_equiv x y ⟹ AOT_model_denotes x = AOT_model_denotes y›
575    by (metis AOT_model_denotes_κ_def AOT_model_term_equiv_κ_def κ.exhaust_disc
576              κυ.simps υ.disc(1,3,5,6) is_ακ_def is_ωκ_def is_nullκ_def)
577next
578  fix x y :: κ
579  show ‹AOT_model_term_equiv x y ⟹ AOT_model_regular x = AOT_model_regular y›
580    by (simp add: AOT_model_regular_κ_def)
581next
582  have "AOT_model_irregular_spec (λ φ (x::κ) .  ε⇩𝗈 w . False)
583          AOT_model_regular AOT_model_term_equiv"
584    by standard (auto simp: AOT_model_proposition_choice_simp)
585  thus ‹AOT_model_irregular_spec (AOT_model_irregular::(κ⇒𝗈) ⇒ κ ⇒ 𝗈)
586          AOT_model_regular AOT_model_term_equiv›
587    unfolding AOT_model_irregular_κ_def by (metis (no_types, lifting) someI_ex)
588qed
589end
590
591text‹We define relations among individuals as proposition valued functions.
592     @{emph ‹Denoting›} unary relations (among @{typ κ}) will match the
593     urrelations introduced above.›
594typedef 'a rel (‹<_>›) = ‹UNIV::('a::AOT_IndividualTerm ⇒ 𝗈) set› ..
595setup_lifting type_definition_rel
596
597text‹We will use the transformation specified above to "fix" the behaviour of
598     functions on irregular terms when defining @{text ‹λ›}-expressions.›
599definition fix_irregular :: ‹('a::AOT_IndividualTerm ⇒ 𝗈) ⇒ ('a ⇒ 𝗈)› where
600  ‹fix_irregular ≡ λ φ x . if AOT_model_regular x
601                            then φ x else AOT_model_irregular φ x›
602lemma fix_irregular_denoting:
603  ‹AOT_model_denotes x ⟹ fix_irregular φ x = φ x›
604  by (meson AOT_model_irregular_nondenoting fix_irregular_def)
605lemma fix_irregular_regular:
606  ‹AOT_model_regular x ⟹ fix_irregular φ x = φ x›
607  by (meson AOT_model_irregular_nondenoting fix_irregular_def)
608lemma fix_irregular_irregular:
609  ‹¬AOT_model_regular x ⟹ fix_irregular φ x = AOT_model_irregular φ x›
610  by (simp add: fix_irregular_def)
611
612text‹Relations among individual terms are (potentially non-denoting) terms.
613     A relation denotes, if it agrees on all equivalent terms (i.e. terms sharing
614     urelements), is necessarily false on all non-denoting terms and is
615     well-behaved on irregular terms.›
616instantiation rel :: (AOT_IndividualTerm) AOT_IncompleteTerm
617begin
618text‹\linelabel{AOT_model_denotes_rel}›
619lift_definition AOT_model_denotes_rel :: ‹<'a> ⇒ bool› is
620  ‹λ φ . (∀ x y . AOT_model_term_equiv x y ⟶ φ x = φ y) ∧
621         (∀ w x . AOT_model_valid_in w (φ x) ⟶ AOT_model_denotes x) ∧
622         (∀ x . ¬AOT_model_regular x ⟶ φ x = AOT_model_irregular φ x)› .
623instance proof
624  have ‹AOT_model_irregular (fix_irregular φ) x = AOT_model_irregular φ x›
625    for φ and x :: 'a
626    by (rule AOT_model_irregular_eqI) (simp add: fix_irregular_def)
627  thus ‹∃ x :: <'a> . AOT_model_denotes x›
628    by (safe intro!: exI[where x=‹Abs_rel (fix_irregular (λx. ε⇩𝗈 w . False))›])
629       (transfer; auto simp: AOT_model_proposition_choice_simp fix_irregular_def
630                             AOT_model_irregular_equiv AOT_model_term_equiv_regular
631                             AOT_model_irregular_false)
632next
633  show ‹∃f :: <'a> . ¬AOT_model_denotes f›
634    by (rule exI[where x=‹Abs_rel (λx. ε⇩𝗈 w . True)›];
635        auto simp: AOT_model_denotes_rel.abs_eq AOT_model_nondenoting_ex
636                   AOT_model_proposition_choice_simp)
637qed
638end
639
640text‹Auxiliary lemmata.›
641
642lemma AOT_model_term_equiv_eps:
643  shows ‹AOT_model_term_equiv (Eps (AOT_model_term_equiv κ)) κ›
644    and ‹AOT_model_term_equiv κ (Eps (AOT_model_term_equiv κ))›
645    and ‹AOT_model_term_equiv κ κ' ⟹
646         (Eps (AOT_model_term_equiv κ)) = (Eps (AOT_model_term_equiv κ'))›
647  apply (metis AOT_model_term_equiv_part_equivp equivp_def someI_ex)
648  apply (metis AOT_model_term_equiv_part_equivp equivp_def someI_ex)
649  by (metis AOT_model_term_equiv_part_equivp equivp_def)
650
651lemma AOT_model_denotes_Abs_rel_fix_irregularI:
652  assumes ‹⋀ x y . AOT_model_term_equiv x y ⟹ φ x = φ y›
653      and ‹⋀ w x . AOT_model_valid_in w (φ x) ⟹ AOT_model_denotes x›
654    shows ‹AOT_model_denotes (Abs_rel (fix_irregular φ))›
655proof -
656  have ‹AOT_model_irregular φ x = AOT_model_irregular
657          (λx. if AOT_model_regular x then φ x else AOT_model_irregular φ x) x›
658    if ‹¬ AOT_model_regular x›
659    for x
660    by (rule AOT_model_irregular_eqI) auto
661  thus ?thesis
662  unfolding AOT_model_denotes_rel.rep_eq
663  using assms by (auto simp: AOT_model_irregular_false Abs_rel_inverse
664                             AOT_model_irregular_equiv fix_irregular_def
665                             AOT_model_term_equiv_regular)
666qed
667
668lemma AOT_model_term_equiv_rel_equiv:
669  assumes ‹AOT_model_denotes x›
670      and ‹AOT_model_denotes y›
671    shows ‹AOT_model_term_equiv x y = (∀ Π w . AOT_model_denotes Π ⟶
672            AOT_model_valid_in w (Rep_rel Π x) = AOT_model_valid_in w (Rep_rel Π y))›
673proof
674  assume ‹AOT_model_term_equiv x y›
675  thus ‹∀ Π w . AOT_model_denotes Π ⟶ AOT_model_valid_in w (Rep_rel Π x) =
676                                         AOT_model_valid_in w (Rep_rel Π y)›
677    by (simp add: AOT_model_denotes_rel.rep_eq)
678next
679  have 0: ‹(AOT_model_denotes x' ∧ AOT_model_term_equiv x' y) =
680           (AOT_model_denotes y' ∧ AOT_model_term_equiv y' y)›
681    if ‹AOT_model_term_equiv x' y'› for x' y'
682    by (metis that AOT_model_term_equiv_denotes AOT_model_term_equiv_part_equivp
683              equivp_def)
684  assume ‹∀ Π w . AOT_model_denotes Π ⟶ AOT_model_valid_in w (Rep_rel Π x) =
685                                           AOT_model_valid_in w (Rep_rel Π y)›
686  moreover have ‹AOT_model_denotes (Abs_rel (fix_irregular
687    (λ x . ε⇩𝗈 w . AOT_model_denotes x ∧ AOT_model_term_equiv x y)))›
688    (is "AOT_model_denotes ?r")
689    by (rule AOT_model_denotes_Abs_rel_fix_irregularI)
690       (auto simp: 0 AOT_model_denotes_rel.rep_eq Abs_rel_inverse fix_irregular_def
691                   AOT_model_proposition_choice_simp AOT_model_irregular_false)
692  ultimately have ‹AOT_model_valid_in w (Rep_rel ?r x) =
693                   AOT_model_valid_in w (Rep_rel ?r y)› for w
694    by blast
695  thus ‹AOT_model_term_equiv x y›
696    by (simp add: Abs_rel_inverse AOT_model_proposition_choice_simp
697                  fix_irregular_denoting[OF assms(1)] AOT_model_term_equiv_part_equivp
698                  fix_irregular_denoting[OF assms(2)] assms equivp_reflp)
699qed
700
701text‹Denoting relations among terms of type @{typ κ} correspond to urrelations.›
702
703definition rel_to_urrel :: ‹<κ> ⇒ urrel› where
704  ‹rel_to_urrel ≡ λ Π . Abs_urrel (λ u . Rep_rel Π (SOME x . κυ x = u))›
705definition urrel_to_rel :: ‹urrel ⇒ <κ>› where
706  ‹urrel_to_rel ≡ λ φ . Abs_rel (λ x . Rep_urrel φ (κυ x))›
707definition AOT_rel_equiv :: ‹<'a::AOT_IndividualTerm> ⇒ <'a> ⇒ bool› where
708  ‹AOT_rel_equiv ≡ λ f g . AOT_model_denotes f ∧ AOT_model_denotes g ∧ f = g›
709
710lemma urrel_quotient3: ‹Quotient3 AOT_rel_equiv rel_to_urrel urrel_to_rel›
711proof (rule Quotient3I)
712  have ‹(λu. Rep_urrel a (κυ (SOME x. κυ x = u))) = (λu. Rep_urrel a u)› for a
713    by (rule ext) (metis (mono_tags, lifting) κυ_surj surj_f_inv_f verit_sko_ex')
714  thus ‹rel_to_urrel (urrel_to_rel a) = a› for a
715    by (simp add: Abs_rel_inverse rel_to_urrel_def urrel_to_rel_def
716                  Rep_urrel_inverse)
717next
718  show ‹AOT_rel_equiv (urrel_to_rel a) (urrel_to_rel a)› for a
719    unfolding AOT_rel_equiv_def urrel_to_rel_def
720    by transfer (simp add: AOT_model_regular_κ_def AOT_model_denotes_κ_def
721                           AOT_model_term_equiv_κ_def urrel_null_false)
722next
723  {
724    fix a
725    assume ‹∀w x. AOT_model_valid_in w (a x) ⟶ ¬ is_nullκ x›
726    hence ‹(λu. a (SOME x. κυ x = u)) ∈
727           {φ. ∀x w. ¬ AOT_model_valid_in w (φ (nullυ x))}›
728      by (simp; metis (mono_tags, lifting) κ.exhaust_disc κυ.simps υ.disc(1,3,5)
729                                           υ.disc(6) is_ακ_def is_ωκ_def someI_ex)
730  } note 1 = this
731  {
732    fix r s :: ‹κ ⇒ 𝗈›
733    assume A: ‹∀x y. AOT_model_term_equiv x y ⟶ r x = r y›
734    assume ‹∀w x. AOT_model_valid_in w (r x) ⟶ AOT_model_denotes x›
735    hence 2: ‹(λu. r (SOME x. κυ x = u)) ∈
736              {φ. ∀x w. ¬ AOT_model_valid_in w (φ (nullυ x))}›
737      using 1 AOT_model_denotes_κ_def by meson
738    assume B: ‹∀x y. AOT_model_term_equiv x y ⟶ s x = s y›
739    assume ‹∀w x. AOT_model_valid_in w (s x) ⟶ AOT_model_denotes x›
740    hence 3: ‹(λu. s (SOME x. κυ x = u)) ∈
741              {φ. ∀x w. ¬ AOT_model_valid_in w (φ (nullυ x))}›
742      using 1 AOT_model_denotes_κ_def by meson
743    assume ‹Abs_urrel (λu. r (SOME x. κυ x = u)) =
744            Abs_urrel (λu. s (SOME x. κυ x = u))›
745    hence 4: ‹r (SOME x. κυ x = u) = s (SOME x::κ. κυ x = u)› for u
746      unfolding Abs_urrel_inject[OF 2 3] by metis
747    have ‹r x = s x› for x
748      using 4[of ‹κυ x›]
749      by (metis (mono_tags, lifting) A B AOT_model_term_equiv_κ_def someI_ex)
750    hence ‹r = s› by auto
751  } 
752  thus ‹AOT_rel_equiv r s = (AOT_rel_equiv r r ∧ AOT_rel_equiv s s ∧
753                             rel_to_urrel r = rel_to_urrel s)› for r s
754    unfolding AOT_rel_equiv_def rel_to_urrel_def
755    by transfer auto
756qed
757
758lemma urrel_quotient:
759  ‹Quotient AOT_rel_equiv rel_to_urrel urrel_to_rel
760            (λx y. AOT_rel_equiv x x ∧ rel_to_urrel x = y)›
761  using Quotient3_to_Quotient[OF urrel_quotient3] by auto
762
763text‹Unary individual terms are always regular and equipped with encoding and
764     concreteness. The specification of the type class anticipates the required
765     properties for deriving the axiom system.›
766class AOT_UnaryIndividualTerm =
767  fixes AOT_model_enc :: ‹'a ⇒ <'a::AOT_IndividualTerm> ⇒ bool›
768    and AOT_model_concrete :: ‹w ⇒ 'a ⇒ bool›
769  assumes AOT_model_unary_regular:
770      ‹AOT_model_regular x› ― ‹All unary individual terms are regular.›
771      and AOT_model_enc_relid:
772        ‹AOT_model_denotes F ⟹
773         AOT_model_denotes G ⟹
774         (⋀ x . AOT_model_enc x F ⟷ AOT_model_enc x G)
775         ⟹ F = G›
776      and AOT_model_A_objects:
777        ‹∃x . AOT_model_denotes x ∧
778              (∀w. ¬ AOT_model_concrete w x) ∧
779              (∀F. AOT_model_denotes F ⟶ AOT_model_enc x F = φ F)›
780      and AOT_model_contingent:
781        ‹∃ x w. AOT_model_concrete w x ∧ ¬ AOT_model_concrete w⇩0 x›
782      and AOT_model_nocoder:
783        ‹AOT_model_concrete w x ⟹ ¬AOT_model_enc x F›
784      and AOT_model_concrete_equiv:
785        ‹AOT_model_term_equiv x y ⟹
786          AOT_model_concrete w x = AOT_model_concrete w y›
787      and AOT_model_concrete_denotes:
788        ‹AOT_model_concrete w x ⟹ AOT_model_denotes x›
789      ― ‹The following are properties that will only hold in the extended models.›
790      and AOT_model_enc_indistinguishable_all:
791       ‹AOT_ExtendedModel ⟹
792        AOT_model_denotes a ⟹ ¬(∃ w . AOT_model_concrete w a) ⟹
793        AOT_model_denotes b ⟹ ¬(∃ w . AOT_model_concrete w b) ⟹
794        AOT_model_denotes Π ⟹
795        (⋀ Π' . AOT_model_denotes Π' ⟹
796          (⋀ v . AOT_model_valid_in v (Rep_rel Π' a) =
797                 AOT_model_valid_in v (Rep_rel Π' b))) ⟹
798        (⋀ Π' . AOT_model_denotes Π' ⟹
799            (⋀ v x . ∃ w . AOT_model_concrete w x ⟹
800                AOT_model_valid_in v (Rep_rel Π' x) =
801                AOT_model_valid_in v (Rep_rel Π x)) ⟹
802            AOT_model_enc a Π') ⟹
803        (⋀ Π' . AOT_model_denotes Π' ⟹
804            (⋀ v x . ∃ w . AOT_model_concrete w x ⟹
805                AOT_model_valid_in v (Rep_rel Π' x) =
806                AOT_model_valid_in v (Rep_rel Π x)) ⟹
807            AOT_model_enc b Π')›
808      and AOT_model_enc_indistinguishable_ex:
809       ‹AOT_ExtendedModel ⟹
810        AOT_model_denotes a ⟹ ¬(∃ w . AOT_model_concrete w a) ⟹
811        AOT_model_denotes b ⟹ ¬(∃ w . AOT_model_concrete w b) ⟹
812        AOT_model_denotes Π ⟹
813        (⋀ Π' . AOT_model_denotes Π' ⟹
814          (⋀ v . AOT_model_valid_in v (Rep_rel Π' a) =
815                 AOT_model_valid_in v (Rep_rel Π' b))) ⟹
816        (∃ Π' . AOT_model_denotes Π' ∧ AOT_model_enc a Π' ∧
817            (∀ v x . (∃ w . AOT_model_concrete w x) ⟶
818                AOT_model_valid_in v (Rep_rel Π' x) =
819                AOT_model_valid_in v (Rep_rel Π x))) ⟹
820        (∃ Π' . AOT_model_denotes Π' ∧ AOT_model_enc b Π' ∧
821            (∀ v x . (∃ w . AOT_model_concrete w x) ⟶
822                AOT_model_valid_in v (Rep_rel Π' x) =
823                AOT_model_valid_in v (Rep_rel Π x)))›
824
825text‹Instantiate the class of unary individual terms for our concrete type of
826     individual terms @{typ κ}.›
827instantiation κ :: AOT_UnaryIndividualTerm
828begin                          
829
830definition AOT_model_enc_κ :: ‹κ ⇒ <κ> ⇒ bool› where
831  ‹AOT_model_enc_κ ≡ λ x F .
832      case x of ακ a ⇒ AOT_model_denotes F ∧ rel_to_urrel F ∈ a
833              | _ ⇒ False›
834primrec AOT_model_concrete_κ :: ‹w ⇒ κ ⇒ bool› where
835  ‹AOT_model_concrete_κ w (ωκ x) = AOT_model_concreteω x w›
836| ‹AOT_model_concrete_κ w (ακ x) = False›
837| ‹AOT_model_concrete_κ w (nullκ x) = False›
838
839lemma AOT_meta_A_objects_κ:
840  ‹∃x :: κ. AOT_model_denotes x ∧
841            (∀w. ¬ AOT_model_concrete w x) ∧
842            (∀F. AOT_model_denotes F ⟶ AOT_model_enc x F = φ F)› for φ
843  apply (rule exI[where x=‹ακ {f . φ (urrel_to_rel f)}›])
844  apply (simp add: AOT_model_enc_κ_def AOT_model_denotes_κ_def)
845  by (metis (no_types, lifting) AOT_rel_equiv_def urrel_quotient
846                                Quotient_rep_abs_fold_unmap)
847
848instance proof
849  show ‹AOT_model_regular x› for x :: κ
850    by (simp add: AOT_model_regular_κ_def)
851next
852  fix F G :: ‹<κ>›
853  assume ‹AOT_model_denotes F›
854  moreover assume ‹AOT_model_denotes G›
855  moreover assume ‹⋀x. AOT_model_enc x F = AOT_model_enc x G›
856  moreover obtain x where ‹∀G. AOT_model_denotes G ⟶ AOT_model_enc x G = (F = G)›
857    using AOT_meta_A_objects_κ by blast
858  ultimately show ‹F = G› by blast
859next
860  show ‹∃x :: κ. AOT_model_denotes x ∧
861                 (∀w. ¬ AOT_model_concrete w x) ∧
862                 (∀F. AOT_model_denotes F ⟶ AOT_model_enc x F = φ F)› for φ
863    using AOT_meta_A_objects_κ .
864next
865  show ‹∃ (x::κ) w. AOT_model_concrete w x ∧ ¬ AOT_model_concrete w⇩0 x›
866    using AOT_model_concrete_κ.simps(1) AOT_model_contingent_object by blast
867next
868  show ‹AOT_model_concrete w x ⟹ ¬ AOT_model_enc x F› for w and x :: κ and F
869    by (metis AOT_model_concrete_κ.simps(2) AOT_model_enc_κ_def κ.case_eq_if
870              κ.collapse(2))
871next
872  show ‹AOT_model_concrete w x = AOT_model_concrete w y›
873    if ‹AOT_model_term_equiv x y›
874    for x y :: κ and w
875    using that by (induct x; induct y; auto simp: AOT_model_term_equiv_κ_def)
876next
877  show ‹AOT_model_concrete w x ⟹ AOT_model_denotes x› for w and x :: κ
878    by (metis AOT_model_concrete_κ.simps(3) AOT_model_denotes_κ_def κ.collapse(3))
879(* Extended models only *)
880next
881  fix κ κ' :: κ and Π Π' :: ‹<κ>› and w :: w
882  assume ext: ‹AOT_ExtendedModel›
883  assume ‹AOT_model_denotes κ›
884  moreover assume ‹∄w. AOT_model_concrete w κ›
885  ultimately obtain a where a_def: ‹ακ a = κ›
886    by (metis AOT_model_ω_concrete_in_some_world AOT_model_concrete_κ.simps(1)
887              AOT_model_denotes_κ_def κ.discI(3) κ.exhaust_sel)
888  assume ‹AOT_model_denotes κ'›
889  moreover assume ‹∄w. AOT_model_concrete w κ'›
890  ultimately obtain b where b_def: ‹ακ b = κ'›
891    by (metis AOT_model_ω_concrete_in_some_world AOT_model_concrete_κ.simps(1)
892              AOT_model_denotes_κ_def κ.discI(3) κ.exhaust_sel)
893  assume ‹AOT_model_denotes Π' ⟹ AOT_model_valid_in w (Rep_rel Π' κ) =
894                                   AOT_model_valid_in w (Rep_rel Π' κ')› for Π' w
895  hence ‹AOT_model_valid_in w (Rep_urrel r (κυ κ)) =
896         AOT_model_valid_in w (Rep_urrel r (κυ κ'))› for r
897    by (metis AOT_rel_equiv_def Abs_rel_inverse Quotient3_rel_rep
898              iso_tuple_UNIV_I urrel_quotient3 urrel_to_rel_def)
899  hence ‹let r = (Abs_urrel (λ u . ε⇩𝗈 w . u = κυ κ)) in
900         AOT_model_valid_in w (Rep_urrel r (κυ κ)) =
901         AOT_model_valid_in w (Rep_urrel r (κυ κ'))›
902    by presburger
903  hence ασ_eq: ‹ασ a = ασ b›
904    unfolding Let_def
905    apply (subst (asm) (1 2) Abs_urrel_inverse)
906    using AOT_model_proposition_choice_simp a_def b_def by force+
907  assume Π_den: ‹AOT_model_denotes Π›
908  have ‹¬AOT_model_valid_in w (Rep_rel Π (SOME xa. κυ xa = nullυ x))› for x w
909    by (metis (mono_tags, lifting) AOT_model_denotes_κ_def
910              AOT_model_denotes_rel.rep_eq κ.exhaust_disc κυ.simps(1,2,3)
911              ‹AOT_model_denotes Π› υ.disc(8,9) υ.distinct(3)
912              is_ακ_def is_ωκ_def verit_sko_ex')
913  moreover have ‹Rep_rel Π (ωκ x) = Rep_rel Π (SOME y. κυ y = ωυ x)› for x
914    by (metis (mono_tags, lifting) AOT_model_denotes_rel.rep_eq
915          AOT_model_term_equiv_κ_def κυ.simps(1) Π_den verit_sko_ex')
916  ultimately have ‹Rep_rel Π (ωκ x) = Rep_urrel (rel_to_urrel Π) (ωυ x)› for x
917    unfolding rel_to_urrel_def
918    by (subst Abs_urrel_inverse) auto
919  hence ‹∃r . ∀ x . Rep_rel Π (ωκ x) = Rep_urrel r (ωυ x)›
920    by (auto intro!: exI[where x=‹rel_to_urrel Π›])
921  then obtain r where r_prop: ‹Rep_rel Π (ωκ x) = Rep_urrel r (ωυ x)› for x
922    by blast
923  assume ‹AOT_model_denotes Π' ⟹
924    (⋀v x. ∃w. AOT_model_concrete w x ⟹
925        AOT_model_valid_in v (Rep_rel Π' x) =
926        AOT_model_valid_in v (Rep_rel Π x)) ⟹ AOT_model_enc κ Π'› for Π'
927  hence ‹AOT_model_denotes Π' ⟹
928    (⋀v x. AOT_model_valid_in v (Rep_rel Π' (ωκ x)) =
929            AOT_model_valid_in v (Rep_rel Π (ωκ x))) ⟹ AOT_model_enc κ Π'› for Π'
930    by (metis AOT_model_concrete_κ.simps(2) AOT_model_concrete_κ.simps(3)
931              κ.exhaust_disc is_ακ_def is_ωκ_def is_nullκ_def)
932  hence ‹(⋀v x. AOT_model_valid_in v (Rep_urrel r (ωυ x)) =
933                 AOT_model_valid_in v (Rep_rel Π (ωκ x))) ⟹ r ∈ a› for r
934    unfolding a_def[symmetric] AOT_model_enc_κ_def apply simp
935    by (smt (verit, best) AOT_rel_equiv_def Abs_rel_inverse Quotient3_def
936            κυ.simps(1) iso_tuple_UNIV_I urrel_quotient3 urrel_to_rel_def)
937  hence ‹(⋀v x. AOT_model_valid_in v (Rep_urrel r' (ωυ x)) =
938                 AOT_model_valid_in v (Rep_urrel r (ωυ x))) ⟹ r' ∈ a› for r'
939    unfolding r_prop.
940  hence ‹⋀s. urrel_to_ωrel s = urrel_to_ωrel r ⟹ s ∈ a›
941    by (metis urrel_to_ωrel_def)
942  hence 0: ‹⋀s. urrel_to_ωrel s = urrel_to_ωrel r ⟹ s ∈ b›
943    using ασ_eq_ord_exts_all ασ_eq ext ασ_ασ' by blast
944
945  assume Π'_den: ‹AOT_model_denotes Π'›
946  assume ‹∃w. AOT_model_concrete w x ⟹ AOT_model_valid_in v (Rep_rel Π' x) =
947                                         AOT_model_valid_in v (Rep_rel Π x)› for v x
948  hence ‹AOT_model_valid_in v (Rep_rel Π' (ωκ x)) =
949         AOT_model_valid_in v (Rep_rel Π (ωκ x))› for v x
950    using AOT_model_ω_concrete_in_some_world AOT_model_concrete_κ.simps(1)
951    by presburger
952  hence ‹AOT_model_valid_in v (Rep_urrel (rel_to_urrel Π') (ωυ x)) =
953         AOT_model_valid_in v (Rep_urrel r (ωυ x))› for v x
954    by (smt (verit, best) AOT_rel_equiv_def Abs_rel_inverse Quotient3_def
955          κυ.simps(1) iso_tuple_UNIV_I r_prop urrel_quotient3 urrel_to_rel_def Π'_den)
956  hence ‹urrel_to_ωrel (rel_to_urrel Π') = urrel_to_ωrel r›
957    by (metis (full_types) AOT_urrel_ωequiv_def Quotient3_def urrel_ωrel_quot)
958  hence ‹rel_to_urrel Π' ∈ b› using 0 by blast
959  thus ‹AOT_model_enc κ' Π'›
960    unfolding b_def[symmetric] AOT_model_enc_κ_def by (auto simp: Π'_den)
961next
962  fix κ κ' :: κ and Π Π' :: ‹<κ>› and w :: w
963  assume ext: ‹AOT_ExtendedModel›
964  assume ‹AOT_model_denotes κ›
965  moreover assume ‹∄w. AOT_model_concrete w κ›
966  ultimately obtain a where a_def: ‹ακ a = κ›
967    by (metis AOT_model_ω_concrete_in_some_world AOT_model_concrete_κ.simps(1)
968          AOT_model_denotes_κ_def κ.discI(3) κ.exhaust_sel)
969  assume ‹AOT_model_denotes κ'›
970  moreover assume ‹∄w. AOT_model_concrete w κ'›
971  ultimately obtain b where b_def: ‹ακ b = κ'›
972    by (metis AOT_model_ω_concrete_in_some_world AOT_model_concrete_κ.simps(1)
973              AOT_model_denotes_κ_def κ.discI(3) κ.exhaust_sel)
974  assume ‹AOT_model_denotes Π' ⟹ AOT_model_valid_in w (Rep_rel Π' κ) =
975                                   AOT_model_valid_in w (Rep_rel Π' κ')› for Π' w
976  hence ‹AOT_model_valid_in w (Rep_urrel r (κυ κ)) =
977         AOT_model_valid_in w (Rep_urrel r (κυ κ'))› for r
978    by (metis AOT_rel_equiv_def Abs_rel_inverse Quotient3_rel_rep
979              iso_tuple_UNIV_I urrel_quotient3 urrel_to_rel_def)
980  hence ‹let r = (Abs_urrel (λ u . ε⇩𝗈 w . u = κυ κ)) in
981         AOT_model_valid_in w (Rep_urrel r (κυ κ)) =
982         AOT_model_valid_in w (Rep_urrel r (κυ κ'))›
983    by presburger
984  hence ασ_eq: ‹ασ a = ασ b›
985    unfolding Let_def
986    apply (subst (asm) (1 2) Abs_urrel_inverse)
987    using AOT_model_proposition_choice_simp a_def b_def by force+
988  assume Π_den: ‹AOT_model_denotes Π›
989  have ‹¬AOT_model_valid_in w (Rep_rel Π (SOME xa. κυ xa = nullυ x))› for x w
990    by (metis (mono_tags, lifting) AOT_model_denotes_κ_def
991          AOT_model_denotes_rel.rep_eq κ.exhaust_disc κυ.simps(1,2,3)
992          ‹AOT_model_denotes Π› υ.disc(8) υ.disc(9) υ.distinct(3)
993          is_ακ_def is_ωκ_def verit_sko_ex')
994  moreover have ‹Rep_rel Π (ωκ x) = Rep_rel Π (SOME xa. κυ xa = ωυ x)› for x
995    by (metis (mono_tags, lifting) AOT_model_denotes_rel.rep_eq
996          AOT_model_term_equiv_κ_def κυ.simps(1) Π_den verit_sko_ex')
997  ultimately have ‹Rep_rel Π (ωκ x) = Rep_urrel (rel_to_urrel Π) (ωυ x)› for x
998    unfolding rel_to_urrel_def
999    by (subst Abs_urrel_inverse) auto
1000  hence ‹∃r . ∀ x . Rep_rel Π (ωκ x) = Rep_urrel r (ωυ x)›
1001    by (auto intro!: exI[where x=‹rel_to_urrel Π›])
1002  then obtain r where r_prop: ‹Rep_rel Π (ωκ x) = Rep_urrel r (ωυ x)› for x
1003    by blast
1004
1005  assume ‹∃Π'. AOT_model_denotes Π' ∧
1006    AOT_model_enc κ Π' ∧
1007    (∀v x. (∃w. AOT_model_concrete w x) ⟶ AOT_model_valid_in v (Rep_rel Π' x) =
1008                                            AOT_model_valid_in v (Rep_rel Π x))›
1009  then obtain Π' where
1010      Π'_den: ‹AOT_model_denotes Π'› and
1011      κ_enc_Π': ‹AOT_model_enc κ Π'› and
1012      Π'_prop: ‹∃w. AOT_model_concrete w x ⟹
1013                    AOT_model_valid_in v (Rep_rel Π' x) =
1014                    AOT_model_valid_in v (Rep_rel Π x)› for v x
1015    by blast
1016  have ‹AOT_model_valid_in v (Rep_rel Π' (ωκ x)) =
1017        AOT_model_valid_in v (Rep_rel Π (ωκ x))› for x v
1018    by (simp add: AOT_model_ω_concrete_in_some_world Π'_prop)
1019  hence 0: ‹AOT_urrel_ωequiv (rel_to_urrel Π') (rel_to_urrel Π)›
1020    unfolding AOT_urrel_ωequiv_def
1021    by (smt (verit) AOT_rel_equiv_def Abs_rel_inverse Quotient3_def
1022                    κυ.simps(1) iso_tuple_UNIV_I urrel_quotient3 urrel_to_rel_def
1023                    Π_den Π'_den)
1024  have ‹rel_to_urrel Π' ∈ a›
1025   and ‹urrel_to_ωrel (rel_to_urrel Π') = urrel_to_ωrel (rel_to_urrel Π)›
1026    apply (metis AOT_model_enc_κ_def κ.simps(11) κ_enc_Π' a_def)
1027    by (metis Quotient3_rel 0 urrel_ωrel_quot)
1028  hence ‹∃s. s ∈ b ∧ urrel_to_ωrel s = urrel_to_ωrel (rel_to_urrel Π)›
1029    using ασ_eq_ord_exts_ex ασ_eq ext ασ_ασ' by blast
1030  then obtain s where
1031    s_prop: ‹s ∈ b ∧ urrel_to_ωrel s = urrel_to_ωrel (rel_to_urrel Π)›
1032    by blast
1033  then obtain Π'' where
1034    Π''_prop: ‹rel_to_urrel Π'' = s› and Π''_den: ‹AOT_model_denotes Π''›
1035    by (metis AOT_rel_equiv_def Quotient3_def urrel_quotient3)
1036  moreover have ‹AOT_model_enc κ' Π''›
1037    by (metis AOT_model_enc_κ_def Π''_den Π''_prop κ.simps(11) b_def s_prop)
1038  moreover have ‹AOT_model_valid_in v (Rep_rel Π'' x) =
1039                 AOT_model_valid_in v (Rep_rel Π x)›
1040             if ‹∃w. AOT_model_concrete w x› for v x
1041  proof(insert that)
1042    assume ‹∃w. AOT_model_concrete w x›
1043    then obtain u where x_def: ‹x = ωκ u›
1044      by (metis AOT_model_concrete_κ.simps(2,3) κ.exhaust)
1045    show ‹AOT_model_valid_in v (Rep_rel Π'' x) =
1046          AOT_model_valid_in v (Rep_rel Π x)›
1047      unfolding x_def
1048      by (smt (verit, best) AOT_rel_equiv_def Abs_rel_inverse Quotient3_def
1049            Π''_den Π''_prop Π_den κυ.simps(1) iso_tuple_UNIV_I s_prop
1050            urrel_quotient3 urrel_to_ωrel_def urrel_to_rel_def)
1051  qed
1052  ultimately show ‹∃Π'. AOT_model_denotes Π' ∧ AOT_model_enc κ' Π' ∧
1053     (∀v x. (∃w. AOT_model_concrete w x) ⟶ AOT_model_valid_in v (Rep_rel Π' x) =
1054                                             AOT_model_valid_in v (Rep_rel Π x))›
1055    apply (safe intro!: exI[where x=Π''])
1056    by auto
1057qed
1058end
1059
1060text‹Products of unary individual terms and individual terms are individual terms.
1061     A tuple is regular, if at most one element does not denote. I.e. a pair is
1062     regular, if the first (unary) element denotes and the second is regular (i.e.
1063     at most one of its recursive tuple elements does not denote), or the first does
1064     not denote, but the second denotes (i.e. all its recursive tuple elements
1065     denote).›
1066instantiation prod :: (AOT_UnaryIndividualTerm, AOT_IndividualTerm) AOT_IndividualTerm
1067begin
1068definition AOT_model_regular_prod :: ‹'a×'b ⇒ bool› where
1069  ‹AOT_model_regular_prod ≡ λ (x,y) . AOT_model_denotes x ∧ AOT_model_regular y ∨
1070                                      ¬AOT_model_denotes x ∧ AOT_model_denotes y›
1071definition AOT_model_term_equiv_prod :: ‹'a×'b ⇒ 'a×'b ⇒ bool› where
1072  ‹AOT_model_term_equiv_prod ≡  λ (x⇩1,y⇩1) (x⇩2,y⇩2) .
1073    AOT_model_term_equiv x⇩1 x⇩2 ∧ AOT_model_term_equiv y⇩1 y⇩2›
1074function AOT_model_irregular_prod :: ‹('a×'b ⇒ 𝗈) ⇒ 'a×'b ⇒ 𝗈› where
1075  AOT_model_irregular_proj2: ‹AOT_model_denotes x ⟹
1076    AOT_model_irregular φ (x,y) =
1077    AOT_model_irregular (λy. φ (SOME x' . AOT_model_term_equiv x x', y)) y›
1078| AOT_model_irregular_proj1: ‹¬AOT_model_denotes x ∧ AOT_model_denotes y ⟹
1079    AOT_model_irregular φ (x,y) =
1080    AOT_model_irregular (λx. φ (x, SOME y' . AOT_model_term_equiv y y')) x›
1081| AOT_model_irregular_prod_generic: ‹¬AOT_model_denotes x ∧ ¬AOT_model_denotes y ⟹
1082    AOT_model_irregular φ (x,y) =
1083    (SOME Φ . AOT_model_irregular_spec Φ AOT_model_regular AOT_model_term_equiv)
1084      φ (x,y)›
1085  by auto blast
1086termination using "termination" by blast
1087
1088instance proof
1089  obtain x :: 'a and y :: 'b where
1090    ‹¬AOT_model_denotes x› and ‹¬AOT_model_denotes y›
1091    by (meson AOT_model_nondenoting_ex AOT_model_denoting_ex)
1092  thus ‹∃x::'a×'b. ¬AOT_model_denotes x›
1093    by (auto simp: AOT_model_denotes_prod_def AOT_model_regular_prod_def)
1094next
1095  show ‹equivp (AOT_model_term_equiv :: 'a×'b ⇒ 'a×'b ⇒ bool)›
1096    by (rule equivpI; rule reflpI sympI transpI;
1097        simp add: AOT_model_term_equiv_prod_def AOT_model_term_equiv_part_equivp
1098                  equivp_reflp prod.case_eq_if case_prod_unfold equivp_symp)
1099       (metis equivp_transp[OF AOT_model_term_equiv_part_equivp])
1100next
1101  show ‹¬AOT_model_regular x ⟹ ¬ AOT_model_denotes x› for x :: ‹'a×'b›
1102    by (metis (mono_tags, lifting) AOT_model_denotes_prod_def case_prod_unfold
1103          AOT_model_irregular_nondenoting AOT_model_regular_prod_def)
1104next
1105  fix x y :: ‹'a×'b›
1106  show ‹AOT_model_term_equiv x y ⟹ AOT_model_denotes x = AOT_model_denotes y›
1107    by (metis (mono_tags, lifting) AOT_model_denotes_prod_def case_prod_beta
1108        AOT_model_term_equiv_denotes AOT_model_term_equiv_prod_def )
1109next
1110  fix x y :: ‹'a×'b›
1111  show ‹AOT_model_term_equiv x y ⟹ AOT_model_regular x = AOT_model_regular y›
1112    by (induct x; induct y;
1113        simp add: AOT_model_term_equiv_prod_def AOT_model_regular_prod_def)
1114       (meson AOT_model_term_equiv_denotes AOT_model_term_equiv_regular)
1115next
1116  interpret sp: AOT_model_irregular_spec ‹λφ (x::'a×'b) . ε⇩𝗈 w . False›
1117                    AOT_model_regular AOT_model_term_equiv
1118    by (simp add: AOT_model_irregular_spec_def AOT_model_proposition_choice_simp)
1119  have ex_spec: ‹∃ φ :: ('a×'b ⇒ 𝗈) ⇒ 'a×'b ⇒ 𝗈 .
1120    AOT_model_irregular_spec φ AOT_model_regular AOT_model_term_equiv›
1121    using sp.AOT_model_irregular_spec_axioms by blast
1122  have some_spec: ‹AOT_model_irregular_spec
1123    (SOME φ :: ('a×'b ⇒ 𝗈) ⇒ 'a×'b ⇒ 𝗈 .
1124        AOT_model_irregular_spec φ AOT_model_regular AOT_model_term_equiv)
1125    AOT_model_regular AOT_model_term_equiv›
1126    using someI_ex[OF ex_spec] by argo
1127  interpret sp_some: AOT_model_irregular_spec
1128    ‹SOME φ :: ('a×'b ⇒ 𝗈) ⇒ 'a×'b ⇒ 𝗈 .
1129        AOT_model_irregular_spec φ AOT_model_regular AOT_model_term_equiv›
1130    AOT_model_regular AOT_model_term_equiv
1131    using some_spec by blast
1132  show ‹AOT_model_irregular_spec (AOT_model_irregular :: ('a×'b ⇒ 𝗈) ⇒ 'a×'b ⇒ 𝗈)
1133          AOT_model_regular AOT_model_term_equiv›
1134  proof
1135    have ‹¬AOT_model_valid_in w (AOT_model_irregular φ (a, b))›
1136      for w φ and a :: 'a and b :: 'b
1137      by (induct arbitrary: φ rule: AOT_model_irregular_prod.induct)
1138         (auto simp: AOT_model_irregular_false sp_some.AOT_model_irregular_false)
1139    thus "¬AOT_model_valid_in w (AOT_model_irregular φ x)" for w φ and x :: ‹'a×'b›
1140      by (induct x)
1141  next
1142    {
1143      fix x⇩1 y⇩1 :: 'a and x⇩2 y⇩2 :: 'b and φ :: ‹'a×'b⇒𝗈›
1144      assume x⇩1y⇩1_equiv: ‹AOT_model_term_equiv x⇩1 y⇩1›
1145      moreover assume x⇩2y⇩2_equiv: ‹AOT_model_term_equiv x⇩2 y⇩2›
1146      ultimately have xy_equiv: ‹AOT_model_term_equiv (x⇩1,x⇩2) (y⇩1,y⇩2)›
1147        by (simp add: AOT_model_term_equiv_prod_def)
1148      {
1149        assume ‹AOT_model_denotes x⇩1›
1150        moreover hence ‹AOT_model_denotes y⇩1›
1151          using AOT_model_term_equiv_denotes AOT_model_term_equiv_regular
1152                x⇩1y⇩1_equiv x⇩2y⇩2_equiv by blast
1153        ultimately have ‹AOT_model_irregular φ (x⇩1,x⇩2) =
1154                         AOT_model_irregular φ (y⇩1,y⇩2)›
1155          using AOT_model_irregular_equiv AOT_model_term_equiv_eps(3)
1156                x⇩1y⇩1_equiv x⇩2y⇩2_equiv by fastforce
1157      }
1158      moreover {
1159        assume ‹~AOT_model_denotes x⇩1 ∧ AOT_model_denotes x⇩2›
1160        moreover hence ‹~AOT_model_denotes y⇩1 ∧ AOT_model_denotes y⇩2›
1161          by (meson AOT_model_term_equiv_denotes x⇩1y⇩1_equiv x⇩2y⇩2_equiv)
1162        ultimately have ‹AOT_model_irregular φ (x⇩1,x⇩2) =
1163                         AOT_model_irregular φ (y⇩1,y⇩2)›
1164          using AOT_model_irregular_equiv AOT_model_term_equiv_eps(3)
1165                x⇩1y⇩1_equiv x⇩2y⇩2_equiv by fastforce
1166      }
1167      moreover {
1168        assume denotes_x: ‹(¬AOT_model_denotes x⇩1 ∧ ¬AOT_model_denotes x⇩2)›
1169        hence denotes_y: ‹(¬AOT_model_denotes y⇩1 ∧ ¬AOT_model_denotes y⇩2)›
1170          by (meson AOT_model_term_equiv_denotes AOT_model_term_equiv_regular
1171                    x⇩1y⇩1_equiv x⇩2y⇩2_equiv)
1172        have eps_eq: ‹Eps (AOT_model_term_equiv x⇩1) = Eps (AOT_model_term_equiv y⇩1)›
1173          by (simp add: AOT_model_term_equiv_eps(3) x⇩1y⇩1_equiv)
1174        have ‹AOT_model_irregular φ (x⇩1,x⇩2) = AOT_model_irregular φ (y⇩1,y⇩2)›
1175          using denotes_x denotes_y
1176          using sp_some.AOT_model_irregular_equiv xy_equiv by auto
1177      }
1178      moreover {
1179        assume denotes_x: ‹¬AOT_model_denotes x⇩1 ∧ AOT_model_denotes x⇩2›
1180        hence denotes_y: ‹¬AOT_model_denotes y⇩1 ∧ AOT_model_denotes y⇩2›
1181          by (meson AOT_model_term_equiv_denotes x⇩1y⇩1_equiv x⇩2y⇩2_equiv)
1182        have eps_eq: ‹Eps (AOT_model_term_equiv x⇩2) = Eps (AOT_model_term_equiv y⇩2)›
1183          by (simp add: AOT_model_term_equiv_eps(3) x⇩2y⇩2_equiv)
1184        have ‹AOT_model_irregular φ (x⇩1,x⇩2) = AOT_model_irregular φ (y⇩1,y⇩2)›
1185          using denotes_x denotes_y
1186          using AOT_model_irregular_nondenoting calculation(2) by blast
1187      }
1188      ultimately have ‹AOT_model_irregular φ (x⇩1,x⇩2) = AOT_model_irregular φ (y⇩1,y⇩2)›
1189        using AOT_model_term_equiv_denotes AOT_model_term_equiv_regular
1190              sp_some.AOT_model_irregular_equiv x⇩1y⇩1_equiv x⇩2y⇩2_equiv xy_equiv
1191        by blast
1192    } note 0 = this
1193    show ‹AOT_model_term_equiv x y ⟹
1194          AOT_model_irregular φ x = AOT_model_irregular φ y›
1195      for x y :: ‹'a×'b› and φ
1196      by (induct x; induct y; simp add: AOT_model_term_equiv_prod_def 0)
1197  next
1198    fix φ ψ :: ‹'a×'b ⇒ 𝗈›
1199    assume ‹AOT_model_regular x ⟹ φ x = ψ x› for x
1200    hence ‹φ (x, y) = ψ (x, y)›
1201      if ‹AOT_model_denotes x ∧ AOT_model_regular y ∨
1202          ¬AOT_model_denotes x ∧ AOT_model_denotes y› for x y
1203      using that unfolding AOT_model_regular_prod_def by simp
1204    hence ‹AOT_model_irregular φ (x,y) = AOT_model_irregular ψ (x,y)›
1205      for x :: 'a and y :: 'b
1206    proof (induct arbitrary: ψ φ rule: AOT_model_irregular_prod.induct)
1207      case (1 x y φ)
1208      thus ?case
1209        apply simp
1210        by (meson AOT_model_irregular_eqI AOT_model_irregular_nondenoting
1211                  AOT_model_term_equiv_denotes AOT_model_term_equiv_eps(1))
1212    next
1213      case (2 x y φ)
1214      thus ?case
1215        apply simp
1216        by (meson AOT_model_irregular_nondenoting AOT_model_term_equiv_denotes
1217                  AOT_model_term_equiv_eps(1))
1218    next
1219      case (3 x y φ)
1220      thus ?case
1221        apply simp
1222        by (metis (mono_tags, lifting) AOT_model_regular_prod_def case_prod_conv
1223                                       sp_some.AOT_model_irregular_eqI surj_pair)
1224    qed
1225    thus ‹AOT_model_irregular φ x = AOT_model_irregular ψ x› for  x :: ‹'a×'b›
1226      by (metis surjective_pairing)
1227  qed
1228qed
1229end
1230
1231text‹Introduction rules for term equivalence on tuple terms.›
1232lemma AOT_meta_prod_equivI:
1233  shows "⋀ (a::'a::AOT_UnaryIndividualTerm) x (y :: 'b::AOT_IndividualTerm) .
1234            AOT_model_term_equiv x y ⟹ AOT_model_term_equiv (a,x) (a,y)"
1235    and "⋀ (x::'a::AOT_UnaryIndividualTerm) y (b :: 'b::AOT_IndividualTerm) .
1236            AOT_model_term_equiv x y ⟹ AOT_model_term_equiv (x,b) (y,b)"
1237    unfolding AOT_model_term_equiv_prod_def
1238    by (simp add: AOT_model_term_equiv_part_equivp equivp_reflp)+
1239
1240text‹The type of propositions are trivial instances of terms.›
1241
1242instantiation 𝗈 :: AOT_Term
1243begin
1244definition AOT_model_denotes_𝗈 :: ‹𝗈 ⇒ bool› where
1245  ‹AOT_model_denotes_𝗈 ≡ λ_. True›
1246instance proof
1247  show ‹∃x::𝗈. AOT_model_denotes x›
1248    by (simp add: AOT_model_denotes_𝗈_def)
1249qed
1250end
1251
1252text‹AOT's variables are modelled by restricting the type of terms to those terms
1253     that denote.›
1254typedef 'a AOT_var = ‹{ x :: 'a::AOT_Term . AOT_model_denotes x }›
1255  morphisms AOT_term_of_var AOT_var_of_term
1256  by (simp add: AOT_model_denoting_ex)
1257
1258text‹Simplify automatically generated theorems and rules.›
1259declare AOT_var_of_term_induct[induct del]
1260        AOT_var_of_term_cases[cases del]
1261        AOT_term_of_var_induct[induct del]
1262        AOT_term_of_var_cases[cases del]
1263lemmas AOT_var_of_term_inverse = AOT_var_of_term_inverse[simplified]
1264   and AOT_var_of_term_inject = AOT_var_of_term_inject[simplified]
1265   and AOT_var_of_term_induct =
1266          AOT_var_of_term_induct[simplified, induct type: AOT_var]
1267   and AOT_var_of_term_cases =
1268          AOT_var_of_term_cases[simplified, cases type: AOT_var]
1269   and AOT_term_of_var = AOT_term_of_var[simplified]
1270   and AOT_term_of_var_cases =
1271          AOT_term_of_var_cases[simplified, induct pred: AOT_term_of_var]
1272   and AOT_term_of_var_induct =
1273          AOT_term_of_var_induct[simplified, induct pred: AOT_term_of_var]
1274   and AOT_term_of_var_inverse = AOT_term_of_var_inverse[simplified]
1275   and AOT_term_of_var_inject = AOT_term_of_var_inject[simplified]
1276
1277text‹Equivalence by definition is modelled as necessary equivalence.›
1278consts AOT_model_equiv_def :: ‹𝗈 ⇒ 𝗈 ⇒ bool›
1279specification(AOT_model_equiv_def)
1280  AOT_model_equiv_def: ‹AOT_model_equiv_def φ ψ = (∀ v . AOT_model_valid_in v φ =
1281                                                         AOT_model_valid_in v ψ)›
1282  by (rule exI[where x=‹λ φ ψ . ∀ v . AOT_model_valid_in v φ =
1283                                       AOT_model_valid_in v ψ›]) simp
1284
1285text‹Identity by definition is modelled as identity for denoting terms plus
1286     co-denoting.›
1287consts AOT_model_id_def :: ‹('b ⇒ 'a::AOT_Term) ⇒ ('b ⇒ 'a) ⇒ bool›
1288specification(AOT_model_id_def)
1289  AOT_model_id_def: ‹(AOT_model_id_def τ σ) = (∀ α . if AOT_model_denotes (σ α)
1290                                                     then τ α = σ α
1291                                                     else ¬AOT_model_denotes (τ α))›
1292  by (rule exI[where x="λ τ σ . ∀ α . if AOT_model_denotes (σ α)
1293                                      then τ α = σ α
1294                                      else ¬AOT_model_denotes (τ α)"])
1295     blast
1296text‹To reduce definitions by identity without free variables to definitions
1297     by identity with free variables acting on the unit type, we give the unit type
1298     a trivial instantiation to @{class AOT_Term}.›
1299instantiation unit :: AOT_Term
1300begin
1301definition AOT_model_denotes_unit :: ‹unit ⇒ bool› where
1302  ‹AOT_model_denotes_unit ≡ λ_. True›
1303instance proof qed(simp add: AOT_model_denotes_unit_def)
1304end
1305
1306text‹Modally-strict and modally-fragile axioms are as necessary,
1307     resp. actually valid propositions.›
1308definition AOT_model_axiom where
1309  ‹AOT_model_axiom ≡ λ φ . ∀ v . AOT_model_valid_in v φ›
1310definition AOT_model_act_axiom where
1311  ‹AOT_model_act_axiom ≡ λ φ . AOT_model_valid_in w⇩0 φ›
1312
1313lemma AOT_model_axiomI:
1314  assumes ‹⋀v . AOT_model_valid_in v φ›
1315  shows ‹AOT_model_axiom φ›
1316  unfolding AOT_model_axiom_def using assms ..
1317
1318lemma AOT_model_act_axiomI:
1319  assumes ‹AOT_model_valid_in w⇩0 φ›
1320  shows ‹AOT_model_act_axiom φ›
1321  unfolding AOT_model_act_axiom_def using assms .
1322
1323(*<*)
1324end
1325(*>*)