using the new by foo we proved semantics

[helm.git] / helm / software / matita / contribs / didactic / shannon.ma

(* Esercizio 0
   ===========

   Compilare i seguenti campi:

   Nome1: ...
   Cognome1: ...
   Matricola1: ...
   Account1: ...

   Nome2: ...
   Cognome2: ...
   Matricola2: ...
   Account2: ...

*)

(* ATTENZIONE
   ==========
   
   Non modificare quanto segue 
*)
include "nat/minus.ma".
definition if_then_else ≝ λT:Type.λe,t,f.match e return λ_.T with [ true ⇒ t | false ⇒ f].
notation > "'if' term 19 e 'then' term 19 t 'else' term 90 f" non associative with precedence 19 for @{ 'if_then_else $e $t $f }.
notation < "'if' \nbsp term 19 e \nbsp 'then' \nbsp term 19 t \nbsp 'else' \nbsp term 90 f \nbsp" non associative with precedence 19 for @{ 'if_then_else $e $t $f }.
interpretation "Formula if_then_else" 'if_then_else e t f = (if_then_else _ e t f).
definition max ≝ λn,m. if eqb (n - m) 0 then m else n. 
definition min ≝ λn,m. if eqb (n - m) 0 then n else m. 

(* Ripasso
   =======
   
   Il linguaggio delle formule, dove gli atomi sono
   rapperesentati da un numero naturale
*)
inductive Formula : Type ≝
| FBot: Formula
| FTop: Formula
| FAtom: nat → Formula
| FAnd: Formula → Formula → Formula
| FOr: Formula → Formula → Formula
| FImpl: Formula → Formula → Formula
| FNot: Formula → Formula
.

let rec sem (v: nat → nat) (F: Formula) on F : nat ≝
 match F with
  [ FBot ⇒ 0
  | FTop ⇒ 1
  | FAtom n ⇒ min (v n) 1
  | FAnd F1 F2 ⇒ min (sem v F1) (sem v F2)
  | FOr F1 F2 ⇒ max (sem v F1) (sem v F2)
  | FImpl F1 F2 ⇒ max (1 - sem v F1) (sem v F2)
  | FNot F1 ⇒ 1 - (sem v F1)
  ]
.

(* ATTENZIONE
   ==========
   
   Non modificare quanto segue.
*)
notation < "[[ \nbsp term 19 a \nbsp ]] \nbsp \sub term 90 v" non associative with precedence 90 for @{ 'semantics $v $a }.
notation > "[[ term 19 a ]] \sub term 90 v" non associative with precedence 90 for @{ 'semantics $v $a }.
notation > "[[ term 19 a ]]_ term 90 v" non associative with precedence 90 for @{ sem $v $a }.
interpretation "Semantic of Formula" 'semantics v a = (sem v a).

(*DOCBEGIN

La libreria di Matita
=====================

Gli strumenti per la dimostrazione assistita sono corredati da
librerie di teoremi già dimostrati. Per portare a termine l'esercitazione
sono necessari i seguenti lemmi:

* lemma `sem_le_1` : `∀F,v. [[ F ]]_v ≤ 1`
* lemma `min_1_1` : `∀x. x ≤ 1 → 1 - (1 - x) = x`
* lemma `min_bool` : `∀n. min n 1 = 0 ∨ min n 1 = 1`
* lemma `min_max` : `∀F,G,v.min (1 - [[F]]_v) (1 - [[G]]_v) = 1 - max [[F]]_v [[G]]_v`
* lemma `max_min` : `∀F,G,v.max (1 - [[F]]_v) (1 - [[G]]_v) = 1 - min [[F]]_v [[G]]_v`
* lemma `decidable_eq_nat` : `∀x,y.x = y ∨ x ≠ y`


DOCEND*)

(* ATTENZIONE
   ==========
   
   Non modificare quanto segue.
*)
lemma sem_bool : ∀F,v. [[ F ]]_v = 0 ∨ [[ F ]]_v = 1.  intros; elim F; simplify; [left;reflexivity; |right;reflexivity; |cases (v n);[left;|cases n1;right;]reflexivity; |4,5,6: cases H; cases H1; rewrite > H2; rewrite > H3; simplify; first [ left;reflexivity | right; reflexivity ].  |cases H; rewrite > H1; simplify;[right|left]reflexivity;] qed.
lemma min_bool : ∀n. min n 1 = 0 ∨ min n 1 = 1.  intros; cases n; [left;reflexivity] cases n1; right; reflexivity; qed.  
lemma min_max : ∀F,G,v.  min (1 - [[F]]_v) (1 - [[G]]_v) = 1 - max [[F]]_v [[G]]_v.  intros; cases (sem_bool F v);cases (sem_bool G v); rewrite > H; rewrite >H1; simplify; reflexivity; qed.
lemma max_min : ∀F,G,v.  max (1 - [[F]]_v) (1 - [[G]]_v) = 1 - min [[F]]_v [[G]]_v.  intros; cases (sem_bool F v);cases (sem_bool G v); rewrite > H; rewrite >H1; simplify; reflexivity; qed.
lemma min_1_1 : ∀x.x ≤ 1 → 1 - (1 - x) = x. intros; inversion H; intros; destruct; [reflexivity;] rewrite < (le_n_O_to_eq ? H1); reflexivity;qed.
lemma sem_le_1 : ∀F,v.[[F]]_v ≤ 1. intros; cases (sem_bool F v); rewrite > H; [apply le_O_n|apply le_n]qed.
let rec subst (x:nat) (G: Formula) (F: Formula) on F ≝
 match F with
  [ FBot ⇒ FBot
  | FTop ⇒ FTop
  | FAtom n ⇒ if eqb n x then G else (FAtom n)
  | FAnd F1 F2 ⇒ FAnd (subst x G F1) (subst x G F2)
  | FOr F1 F2 ⇒ FOr (subst x G F1) (subst x G F2)
  | FImpl F1 F2 ⇒ FImpl (subst x G F1) (subst x G F2)
  | FNot F ⇒ FNot (subst x G F)
  ].
  
notation < "t [ \nbsp term 19 a / term 19 b \nbsp ]" non associative with precedence 19 for @{ 'substitution $b $a $t }.
notation > "t [ term 90 a / term 90 b]" non associative with precedence 19 for @{ 'substitution $b $a $t }.
interpretation "Substitution for Formula" 'substitution b a t = (subst b a t).
definition equiv ≝ λF1,F2. ∀v.[[ F1 ]]_v = [[ F2 ]]_v.
notation "hvbox(a \nbsp break mstyle color #0000ff (≡) \nbsp b)"  non associative with precedence 45 for @{ 'equivF $a $b }.
notation > "a ≡ b" non associative with precedence 50 for @{ equiv $a $b }.
interpretation "equivalence for Formulas" 'equivF a b = (equiv a b).

theorem shannon : 
  ∀F,x,v. [[ if eqb [[FAtom x]]_v 0 then F[FBot/x] else (F[FTop/x]) ]]_v = [[F]]_v.
assume F : Formula.
assume x : ℕ.
assume v : (ℕ → ℕ).
we proceed by induction on F to prove ([[ if eqb [[FAtom x]]_v 0 then F[FBot/x] else (F[FTop/x]) ]]_v = [[F]]_v).
case FBot.
  the thesis becomes ([[ if eqb [[FAtom x]]_v 0 then FBot[FBot/x] else (FBot[FTop/x]) ]]_v = [[FBot]]_v). 
  we proceed by cases on (eqb [[ FAtom x ]]_v 0) 
    to prove ([[ if eqb [[FAtom x]]_v 0 then FBot[FBot/x] else (FBot[FTop/x]) ]]_v = [[FBot]]_v).
  case true.
    the thesis becomes ([[ if true then FBot[FBot/x] else (FBot[FTop/x]) ]]_v = [[FBot]]_v).
    the thesis becomes ([[ FBot[FBot/x]]]_v = [[FBot]]_v).
    the thesis becomes ([[ FBot ]]_v = [[FBot]]_v).
    the thesis becomes (0 = 0).
    done.
  case false.
    done.
case FTop.
  we proceed by cases on (eqb [[ FAtom x ]]_v 0)
    to prove ([[ if eqb [[FAtom x]]_v 0 then FTop[FBot/x] else (FTop[FTop/x]) ]]_v = [[FTop]]_v).
  case true.
    done.
  case false.
    done.     
case FAtom.
  assume n : ℕ.
  the thesis becomes ([[ if eqb [[ FAtom x ]]_v O then (FAtom n)[ FBot/x ] else (FAtom n[ FTop/x ]) ]]_v = [[ FAtom n ]]_ v).
  by decidable_eq_nat we proved (n = x ∨ n ≠ x) (H).
  by sem_bool we proved ([[ FAtom x ]]_v = 0 ∨ [[ FAtom x ]]_v = 1) (H1).
  we proceed by cases on H to prove 
    ([[ if eqb [[ FAtom x ]]_v O then (FAtom n)[ FBot/x ] else (FAtom n[ FTop/x ]) ]]_v = [[ FAtom n ]]_ v).
  case Left. (* H2 : n = x *)
    we proceed by cases on H1 to prove 
      ([[ if eqb [[ FAtom x ]]_v O then (FAtom n)[ FBot/x ] else (FAtom n[ FTop/x ]) ]]_v = [[ FAtom n ]]_ v).
    case Left. (* H3 : [[ FAtom x ]]_v = 0 *)
      conclude 
          ([[ if eqb [[ FAtom x ]]_v O then (FAtom n)[ FBot/x ] else (FAtom n[ FTop/x ]) ]]_v)
        = ([[ if eqb 0 0 then (FAtom n)[ FBot/x ] else (FAtom n[ FTop/x ]) ]]_v) by H3.
        = ([[ if true then (FAtom n)[ FBot/x ] else (FAtom n[ FTop/x ]) ]]_v).
        = ([[ (FAtom n)[ FBot/x ] ]]_v).
        = ([[ if eqb n x then FBot else (FAtom  n) ]]_v).
        = ([[ if eqb n n then FBot else (FAtom  n) ]]_v) by H2.
        = ([[ if true then FBot else (FAtom  n) ]]_v) by eqb_n_n.
        = ([[ FBot ]]_v).
        = 0.
        = [[ FAtom x ]]_v by H3.
        = [[ FAtom n ]]_v by H2.
      done.
    case Right.
      conclude 
          ([[ if eqb [[ FAtom x ]]_v O then (FAtom n)[ FBot/x ] else (FAtom n[ FTop/x ]) ]]_v)
        = ([[ if eqb 1 0 then (FAtom n)[ FBot/x ] else (FAtom n[ FTop/x ]) ]]_v) by H3.
        = ([[ if false then (FAtom n)[ FBot/x ] else (FAtom n[ FTop/x ]) ]]_v).
        = ([[ (FAtom n)[ FTop/x ] ]]_v).
        = ([[ if eqb n x then FTop else (FAtom  n) ]]_v).
        = ([[ if eqb n n then FTop else (FAtom  n) ]]_v) by H2.
        = ([[ if true then FTop else (FAtom  n) ]]_v) by eqb_n_n.
        = ([[ FTop ]]_v).
        = 1.
        = [[ FAtom x ]]_v by H3.
        = [[ FAtom n ]]_v by H2.
      done.
  case Right.
    we proceed by cases on H1 to prove 
      ([[ if eqb [[ FAtom x ]]_v O then (FAtom n)[ FBot/x ] else (FAtom n[ FTop/x ]) ]]_v = [[ FAtom n ]]_ v).
    case Left.
      conclude 
          ([[ if eqb [[ FAtom x ]]_v O then (FAtom n)[ FBot/x ] else (FAtom n[ FTop/x ]) ]]_v)
        = ([[ if eqb 0 O then (FAtom n)[ FBot/x ] else (FAtom n[ FTop/x ]) ]]_v) by H3.  
        = [[ (FAtom n)[ FBot/x ] ]]_v.
        = [[ if eqb n x then FBot else (FAtom n) ]]_v.
        = [[ if false then FBot else (FAtom n) ]]_v by (not_eq_to_eqb_false ?? H2).
        = [[ FAtom n ]]_v. 
      done.
    case Right.
      conclude 
          ([[ if eqb [[ FAtom x ]]_v O then (FAtom n)[ FBot/x ] else (FAtom n[ FTop/x ]) ]]_v)
        = ([[ if eqb 1 O then (FAtom n)[ FBot/x ] else (FAtom n[ FTop/x ]) ]]_v) by H3.  
        = [[ FAtom n[ FTop/x ] ]]_v.
        = [[ if eqb n x then FTop else (FAtom n) ]]_v.
        = [[ if false then FTop else (FAtom n) ]]_v by (not_eq_to_eqb_false ?? H2).
        = [[ FAtom n ]]_v. 
      done.
case FAnd.
  assume f : Formula.
  by induction hypothesis we know ([[ if eqb [[ FAtom x ]]_v O then f[ FBot/x ] else (f[ FTop/x ])  ]]_v = [[ f ]]_v) (H).
  assume f1 : Formula.
  by induction hypothesis we know ([[ if eqb [[ FAtom x ]]_v O then f1[ FBot/x ] else (f1[ FTop/x ])  ]]_v = [[ f1 ]]_v) (H1).
  the thesis becomes 
    ([[ if eqb [[ FAtom x ]]_v O then ((FAnd f f1)[ FBot/x ]) else ((FAnd f f1)[ FTop/x ]) ]]_v = [[ FAnd f f1 ]]_v).
  by sem_bool we proved ([[ FAtom x ]]_v = 0 ∨ [[ FAtom x ]]_v = 1) (H2).
  we proceed by cases on H2 to prove 
    ([[ if eqb [[ FAtom x ]]_v O then ((FAnd f f1)[ FBot/x ]) else ((FAnd f f1)[ FTop/x ]) ]]_v = [[ FAnd f f1 ]]_v).
  case Left.
    by H3, H we proved 
      ([[ if eqb 0 O then f[ FBot/x ] else (f[ FTop/x ])  ]]_v = [[ f ]]_v) (H4).
    by H4 we proved ([[ f[FBot/x ] ]]_v = [[ f ]]_v) (H5).
    by H3, H1 we proved 
      ([[ if eqb 0 O then f1[ FBot/x ] else (f1[ FTop/x ])  ]]_v = [[ f1 ]]_v) (H6).
    by H6 we proved ([[ f1[FBot/x ] ]]_v = [[ f1 ]]_v) (H7).
    conclude
        ([[ if eqb [[ FAtom x ]]_v O then ((FAnd f f1)[ FBot/x ]) else ((FAnd f f1)[ FTop/x ]) ]]_v)
      = ([[ if eqb 0 O then ((FAnd f f1)[ FBot/x ]) else ((FAnd f f1)[ FTop/x ]) ]]_v) by H3.
      = ([[ if true then ((FAnd f f1)[ FBot/x ]) else ((FAnd f f1)[ FTop/x ]) ]]_v).
      = ([[ (FAnd f f1)[ FBot/x ] ]]_v).
      = ([[ FAnd (f[ FBot/x ]) (f1[ FBot/x ]) ]]_v).
      = (min [[ f[ FBot/x ] ]]_v [[ f1[ FBot/x ] ]]_v).
      = (min [[ f ]]_v [[ f1[ FBot/x ] ]]_v) by H5.
      = (min [[ f ]]_v [[ f1 ]]_v) by H6.
      = ([[ FAnd f f1 ]]_v).
    done.
  case Right.
    by H3, H we proved 
      ([[ if eqb 1 O then f[ FBot/x ] else (f[ FTop/x ])  ]]_v = [[ f ]]_v) (H4).
    by H4 we proved ([[ f[FTop/x ] ]]_v = [[ f ]]_v) (H5).
    by H3, H1 we proved 
      ([[ if eqb 1 O then f1[ FBot/x ] else (f1[ FTop/x ])  ]]_v = [[ f1 ]]_v) (H6).
    by H6 we proved ([[ f1[FTop/x ] ]]_v = [[ f1 ]]_v) (H7).
    conclude
        ([[ if eqb [[ FAtom x ]]_v O then ((FAnd f f1)[ FBot/x ]) else ((FAnd f f1)[ FTop/x ]) ]]_v)
      = ([[ if eqb 1 O then ((FAnd f f1)[ FBot/x ]) else ((FAnd f f1)[ FTop/x ]) ]]_v) by H3.
      = ([[ if false then ((FAnd f f1)[ FBot/x ]) else ((FAnd f f1)[ FTop/x ]) ]]_v).
      = ([[ (FAnd f f1)[ FTop/x ] ]]_v).
      = ([[ FAnd (f[ FTop/x ]) (f1[ FTop/x ]) ]]_v).
      = (min [[ f[ FTop/x ] ]]_v [[ f1[ FTop/x ] ]]_v).
      = (min [[ f ]]_v [[ f1[ FTop/x ] ]]_v) by H5.
      = (min [[ f ]]_v [[ f1 ]]_v) by H6.
      = ([[ FAnd f f1 ]]_v).
    done.
case FOr.
  assume f : Formula.
  by induction hypothesis we know ([[ if eqb [[ FAtom x ]]_v O then f[ FBot/x ] else (f[ FTop/x ])  ]]_v = [[ f ]]_v) (H).
  assume f1 : Formula.
  by induction hypothesis we know ([[ if eqb [[ FAtom x ]]_v O then f1[ FBot/x ] else (f1[ FTop/x ])  ]]_v = [[ f1 ]]_v) (H1).
  the thesis becomes 
    ([[ if eqb [[ FAtom x ]]_v O then ((FOr f f1)[ FBot/x ]) else ((FOr f f1)[ FTop/x ]) ]]_v = [[ FOr f f1 ]]_v).
  by sem_bool we proved ([[ FAtom x ]]_v = 0 ∨ [[ FAtom x ]]_v = 1) (H2).
  we proceed by cases on H2 to prove 
    ([[ if eqb [[ FAtom x ]]_v O then ((FOr f f1)[ FBot/x ]) else ((FOr f f1)[ FTop/x ]) ]]_v = [[ FOr f f1 ]]_v).
  case Left.
    by H3, H we proved 
      ([[ if eqb 0 O then f[ FBot/x ] else (f[ FTop/x ])  ]]_v = [[ f ]]_v) (H4).
    by H4 we proved ([[ f[FBot/x ] ]]_v = [[ f ]]_v) (H5).
    by H3, H1 we proved 
      ([[ if eqb 0 O then f1[ FBot/x ] else (f1[ FTop/x ])  ]]_v = [[ f1 ]]_v) (H6).
    by H6 we proved ([[ f1[FBot/x ] ]]_v = [[ f1 ]]_v) (H7).
    conclude
        ([[ if eqb [[ FAtom x ]]_v O then ((FOr f f1)[ FBot/x ]) else ((FOr f f1)[ FTop/x ]) ]]_v)
      = ([[ if eqb 0 O then ((FOr f f1)[ FBot/x ]) else ((FOr f f1)[ FTop/x ]) ]]_v) by H3.
      = ([[ if true then ((FOr f f1)[ FBot/x ]) else ((FOr f f1)[ FTop/x ]) ]]_v).
      = ([[ (FOr f f1)[ FBot/x ] ]]_v).
      = ([[ FOr (f[ FBot/x ]) (f1[ FBot/x ]) ]]_v).
      = (max [[ f[ FBot/x ] ]]_v [[ f1[ FBot/x ] ]]_v).
      = (max [[ f ]]_v [[ f1[ FBot/x ] ]]_v) by H5.
      = (max [[ f ]]_v [[ f1 ]]_v) by H6.
      = ([[ FOr f f1 ]]_v).
    done.
  case Right.
    by H3, H we proved 
      ([[ if eqb 1 O then f[ FBot/x ] else (f[ FTop/x ])  ]]_v = [[ f ]]_v) (H4).
    by H4 we proved ([[ f[FTop/x ] ]]_v = [[ f ]]_v) (H5).
    by H3, H1 we proved 
      ([[ if eqb 1 O then f1[ FBot/x ] else (f1[ FTop/x ])  ]]_v = [[ f1 ]]_v) (H6).
    by H6 we proved ([[ f1[FTop/x ] ]]_v = [[ f1 ]]_v) (H7).
    conclude
        ([[ if eqb [[ FAtom x ]]_v O then ((FOr f f1)[ FBot/x ]) else ((FOr f f1)[ FTop/x ]) ]]_v)
      = ([[ if eqb 1 O then ((FOr f f1)[ FBot/x ]) else ((FOr f f1)[ FTop/x ]) ]]_v) by H3.
      = ([[ if false then ((FOr f f1)[ FBot/x ]) else ((FOr f f1)[ FTop/x ]) ]]_v).
      = ([[ (FOr f f1)[ FTop/x ] ]]_v).
      = ([[ FOr (f[ FTop/x ]) (f1[ FTop/x ]) ]]_v).
      = (max [[ f[ FTop/x ] ]]_v [[ f1[ FTop/x ] ]]_v).
      = (max [[ f ]]_v [[ f1[ FTop/x ] ]]_v) by H5.
      = (max [[ f ]]_v [[ f1 ]]_v) by H6.
      = ([[ FOr f f1 ]]_v).
    done.
case FImpl.
  assume f : Formula.
  by induction hypothesis we know ([[ if eqb [[ FAtom x ]]_v O then f[ FBot/x ] else (f[ FTop/x ])  ]]_v = [[ f ]]_v) (H).
  assume f1 : Formula.
  by induction hypothesis we know ([[ if eqb [[ FAtom x ]]_v O then f1[ FBot/x ] else (f1[ FTop/x ])  ]]_v = [[ f1 ]]_v) (H1).
  the thesis becomes 
    ([[ if eqb [[ FAtom x ]]_v O then ((FImpl f f1)[ FBot/x ]) else ((FImpl f f1)[ FTop/x ]) ]]_v = [[ FImpl f f1 ]]_v).
  by sem_bool we proved ([[ FAtom x ]]_v = 0 ∨ [[ FAtom x ]]_v = 1) (H2).
  we proceed by cases on H2 to prove 
    ([[ if eqb [[ FAtom x ]]_v O then ((FImpl f f1)[ FBot/x ]) else ((FImpl f f1)[ FTop/x ]) ]]_v = [[ FImpl f f1 ]]_v).
  case Left.
    by H3, H we proved 
      ([[ if eqb 0 O then f[ FBot/x ] else (f[ FTop/x ])  ]]_v = [[ f ]]_v) (H4).
    by H4 we proved ([[ f[FBot/x ] ]]_v = [[ f ]]_v) (H5).
    by H3, H1 we proved 
      ([[ if eqb 0 O then f1[ FBot/x ] else (f1[ FTop/x ])  ]]_v = [[ f1 ]]_v) (H6).
    by H6 we proved ([[ f1[FBot/x ] ]]_v = [[ f1 ]]_v) (H7).
    conclude
        ([[ if eqb [[ FAtom x ]]_v O then ((FImpl f f1)[ FBot/x ]) else ((FImpl f f1)[ FTop/x ]) ]]_v)
      = ([[ if eqb 0 O then ((FImpl f f1)[ FBot/x ]) else ((FImpl f f1)[ FTop/x ]) ]]_v) by H3.
      = ([[ if true then ((FImpl f f1)[ FBot/x ]) else ((FImpl f f1)[ FTop/x ]) ]]_v).
      = ([[ (FImpl f f1)[ FBot/x ] ]]_v).
      = ([[ FImpl (f[ FBot/x ]) (f1[ FBot/x ]) ]]_v).
      = (max (1 - [[ f[ FBot/x ] ]]_v) [[ f1[ FBot/x ] ]]_v).
      = (max (1 -  [[ f ]]_v) [[ f1[ FBot/x ] ]]_v) by H5.
      = (max (1 -  [[ f ]]_v) [[ f1 ]]_v) by H6.
      = ([[ FImpl f f1 ]]_v).
    done.
  case Right.
    by H3, H we proved 
      ([[ if eqb 1 O then f[ FBot/x ] else (f[ FTop/x ])  ]]_v = [[ f ]]_v) (H4).
    by H4 we proved ([[ f[FTop/x ] ]]_v = [[ f ]]_v) (H5).
    by H3, H1 we proved 
      ([[ if eqb 1 O then f1[ FBot/x ] else (f1[ FTop/x ])  ]]_v = [[ f1 ]]_v) (H6).
    by H6 we proved ([[ f1[FTop/x ] ]]_v = [[ f1 ]]_v) (H7).
    conclude
        ([[ if eqb [[ FAtom x ]]_v O then ((FImpl f f1)[ FBot/x ]) else ((FImpl f f1)[ FTop/x ]) ]]_v)
      = ([[ if eqb 1 O then ((FImpl f f1)[ FBot/x ]) else ((FImpl f f1)[ FTop/x ]) ]]_v) by H3.
      = ([[ if false then ((FImpl f f1)[ FBot/x ]) else ((FImpl f f1)[ FTop/x ]) ]]_v).
      = ([[ (FImpl f f1)[ FTop/x ] ]]_v).
      = ([[ FImpl (f[ FTop/x ]) (f1[ FTop/x ]) ]]_v).
      = (max (1 - [[ f[ FTop/x ] ]]_v) [[ f1[ FTop/x ] ]]_v).
      = (max (1 - [[ f ]]_v) [[ f1[ FTop/x ] ]]_v) by H5.
      = (max (1 - [[ f ]]_v) [[ f1 ]]_v) by H6.
      = ([[ FImpl f f1 ]]_v).
    done.
case FNot.
  assume f : Formula.
  by induction hypothesis we know ([[ if eqb [[ FAtom x ]]_v O then f[ FBot/x ] else (f[ FTop/x ])  ]]_v = [[ f ]]_v) (H).
  the thesis becomes 
    ([[ if eqb [[ FAtom x ]]_v O then ((FNot f)[ FBot/x ]) else ((FNot f)[ FTop/x ]) ]]_v = [[ FNot f ]]_v).
  by sem_bool we proved ([[ FAtom x ]]_v = 0 ∨ [[ FAtom x ]]_v = 1) (H2).
  we proceed by cases on H2 to prove 
    ([[ if eqb [[ FAtom x ]]_v O then ((FNot f)[ FBot/x ]) else ((FNot f)[ FTop/x ]) ]]_v = [[ FNot f ]]_v).
  case Left.
    by H1, H we proved 
      ([[ if eqb 0 O then f[ FBot/x ] else (f[ FTop/x ])  ]]_v = [[ f ]]_v) (H4).
    by H4 we proved ([[ f[FBot/x ] ]]_v = [[ f ]]_v) (H5).
    conclude
        ([[ if eqb [[ FAtom x ]]_v O then ((FNot f)[ FBot/x ]) else ((FNot f)[ FTop/x ]) ]]_v)
      = ([[ if eqb 0 O then ((FNot f)[ FBot/x ]) else ((FNot f)[ FTop/x ]) ]]_v) by H1.
      = ([[ if true then ((FNot f)[ FBot/x ]) else ((FNot f)[ FTop/x ]) ]]_v).
      = ([[ (FNot f)[ FBot/x ] ]]_v).
      = ([[ FNot (f[ FBot/x ]) ]]_v).
      change with (1 - [[ f[ FBot/x ] ]]_v = [[ FNot f ]]_v).
      = (1 - [[ f ]]_v) by H5.
      change with ([[ FNot f ]]_v = [[ FNot f ]]_v).
    done.
  case Right.
    by H1, H we proved 
      ([[ if eqb 1 O then f[ FBot/x ] else (f[ FTop/x ])  ]]_v = [[ f ]]_v) (H4).
    by H4 we proved ([[ f[FTop/x ] ]]_v = [[ f ]]_v) (H5).
    conclude
        ([[ if eqb [[ FAtom x ]]_v O then ((FNot f)[ FBot/x ]) else ((FNot f)[ FTop/x ]) ]]_v)
      = ([[ if eqb 1 O then ((FNot f)[ FBot/x ]) else ((FNot f)[ FTop/x ]) ]]_v) by H1.
      = ([[ if false then ((FNot f)[ FBot/x ]) else ((FNot f)[ FTop/x ]) ]]_v).
      = ([[ (FNot f)[ FTop/x ] ]]_v).
      = ([[ FNot (f[ FTop/x ]) ]]_v).
      change with (1 - [[ f[ FTop/x ] ]]_v = [[ FNot f ]]_v) .
      = (1 - [[ f ]]_v) by H5.
      change with ([[ FNot f ]]_v = [[ FNot f ]]_v).
    done.
qed.

let rec maxatom (F : Formula) on F : ℕ ≝
  match F with
  [ FTop ⇒ 0
  | FBot ⇒ 0
  | FAtom n ⇒ n
  | FAnd F1 F2 ⇒ max (maxatom F1) (maxatom F2)
  | FOr F1 F2 ⇒ max (maxatom F1) (maxatom F2)
  | FImpl F1 F2 ⇒ max (maxatom F1) (maxatom F2)
  | FNot F1 ⇒ maxatom F1
  ]
.

let rec expandall (F : Formula) (v : ℕ → ℕ) (n : nat) on n: Formula ≝
  match n with
  [ O ⇒ F
  | S m ⇒ 
      if eqb [[ FAtom n ]]_v 0 
      then (expandall F v m)[FBot/n] 
      else ((expandall F v m)[FTop/n])
  ]
.

lemma BDD : ∀F,n,v. [[ expandall F v n ]]_v = [[ F ]]_v.
intros; elim n; simplify; [reflexivity]
cases (sem_bool (FAtom (S n1)) v); simplify in H1; rewrite > H1; simplify;
[ lapply (shannon (expandall F v n1) (S n1) v);
  simplify in Hletin; rewrite > H1 in Hletin; simplify in Hletin;
  rewrite > Hletin; assumption;
| lapply (shannon (expandall F v n1) (S n1) v);
  simplify in Hletin; rewrite > H1 in Hletin; simplify in Hletin;
  rewrite > Hletin; assumption;]
qed.