outlineZF.pdf

ZF

Lawrence C Paulson and others

December 5, 2013

Contents

1 IFOL: Intuitionistic first-order logic 131.1 Syntax and axiomatic basis . . . . . . . . . . . . . . . . . . . 13

1.1.1 Equality . . . . . . . . . . . . . . . . . . . . . . . . . . 131.1.2 Propositional logic . . . . . . . . . . . . . . . . . . . . 131.1.3 Quantifiers . . . . . . . . . . . . . . . . . . . . . . . . 141.1.4 Definitions . . . . . . . . . . . . . . . . . . . . . . . . 141.1.5 Additional notation . . . . . . . . . . . . . . . . . . . 14

1.2 Lemmas and proof tools . . . . . . . . . . . . . . . . . . . . . 151.3 Intuitionistic Reasoning . . . . . . . . . . . . . . . . . . . . . 211.4 Atomizing meta-level rules . . . . . . . . . . . . . . . . . . . . 221.5 Atomizing elimination rules . . . . . . . . . . . . . . . . . . . 221.6 Calculational rules . . . . . . . . . . . . . . . . . . . . . . . . 221.7 Let declarations . . . . . . . . . . . . . . . . . . . . . . . . 231.8 Intuitionistic simplification rules . . . . . . . . . . . . . . . . 23

2 FOL: Classical first-order logic 252.1 The classical axiom . . . . . . . . . . . . . . . . . . . . . . . . 262.2 Lemmas and proof tools . . . . . . . . . . . . . . . . . . . . . 26

3 Classical Reasoner 273.1 Other simple lemmas . . . . . . . . . . . . . . . . . . . . . . . 303.2 Proof by cases and induction . . . . . . . . . . . . . . . . . . 30

4 ZF: Zermelo-Fraenkel Set Theory 314.1 Substitution . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374.2 Bounded universal quantifier . . . . . . . . . . . . . . . . . . 374.3 Bounded existential quantifier . . . . . . . . . . . . . . . . . . 384.4 Rules for subsets . . . . . . . . . . . . . . . . . . . . . . . . . 384.5 Rules for equality . . . . . . . . . . . . . . . . . . . . . . . . . 394.6 Rules for Replace the derived form of replacement . . . . . 404.7 Rules for RepFun . . . . . . . . . . . . . . . . . . . . . . . . . 404.8 Rules for Collect forming a subset by separation . . . . . . 41

1

4.9 Rules for Unions . . . . . . . . . . . . . . . . . . . . . . . . . 414.10 Rules for Unions of families . . . . . . . . . . . . . . . . . . . 414.11 Rules for the empty set . . . . . . . . . . . . . . . . . . . . . 424.12 Rules for Inter . . . . . . . . . . . . . . . . . . . . . . . . . . 424.13 Rules for Intersections of families . . . . . . . . . . . . . . . . 434.14 Rules for Powersets . . . . . . . . . . . . . . . . . . . . . . . . 434.15 Cantors Theorem: There is no surjection from a set to its

powerset. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

5 upair: Unordered Pairs 435.1 Unordered Pairs: constant Upair . . . . . . . . . . . . . . . . 445.2 Rules for Binary Union, Defined via Upair . . . . . . . . . . . 445.3 Rules for Binary Intersection, Defined via Upair . . . . . . . 445.4 Rules for Set Difference, Defined via Upair . . . . . . . . . . 455.5 Rules for cons . . . . . . . . . . . . . . . . . . . . . . . . . . . 455.6 Singletons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 465.7 Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 465.8 Conditional Terms: ifthenelse . . . . . . . . . . . . . . . . 475.9 Consequences of Foundation . . . . . . . . . . . . . . . . . . . 485.10 Rules for Successor . . . . . . . . . . . . . . . . . . . . . . . . 485.11 Miniscoping of the Bounded Universal Quantifier . . . . . . . 495.12 Miniscoping of the Bounded Existential Quantifier . . . . . . 495.13 Miniscoping of the Replacement Operator . . . . . . . . . . . 515.14 Miniscoping of Unions . . . . . . . . . . . . . . . . . . . . . . 515.15 Miniscoping of Intersections . . . . . . . . . . . . . . . . . . . 525.16 Other simprules . . . . . . . . . . . . . . . . . . . . . . . . . . 52

6 pair: Ordered Pairs 536.1 Sigma: Disjoint Union of a Family of Sets . . . . . . . . . . . 536.2 Projections fst and snd . . . . . . . . . . . . . . . . . . . . . 546.3 The Eliminator, split . . . . . . . . . . . . . . . . . . . . . . . 556.4 A version of split for Formulae: Result Type o . . . . . . . . 55

7 equalities: Basic Equalities and Inclusions 567.1 Bounded Quantifiers . . . . . . . . . . . . . . . . . . . . . . . 567.2 Converse of a Relation . . . . . . . . . . . . . . . . . . . . . . 567.3 Finite Set Constructions Using cons . . . . . . . . . . . . . . 577.4 Binary Intersection . . . . . . . . . . . . . . . . . . . . . . . . 587.5 Binary Union . . . . . . . . . . . . . . . . . . . . . . . . . . . 607.6 Set Difference . . . . . . . . . . . . . . . . . . . . . . . . . . . 617.7 Big Union and Intersection . . . . . . . . . . . . . . . . . . . 627.8 Unions and Intersections of Families . . . . . . . . . . . . . . 647.9 Image of a Set under a Function or Relation . . . . . . . . . . 707.10 Inverse Image of a Set under a Function or Relation . . . . . 71

2

7.11 Powerset Operator . . . . . . . . . . . . . . . . . . . . . . . . 737.12 RepFun . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 737.13 Collect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

8 Fixedpt: Least and Greatest Fixed Points; the Knaster-Tarski Theorem 758.1 Monotone Operators . . . . . . . . . . . . . . . . . . . . . . . 758.2 Proof of Knaster-Tarski Theorem using lfp . . . . . . . . . . . 768.3 General Induction Rule for Least Fixedpoints . . . . . . . . . 768.4 Proof of Knaster-Tarski Theorem using gfp . . . . . . . . . . 778.5 Coinduction Rules for Greatest Fixed Points . . . . . . . . . 78

9 Bool: Booleans in Zermelo-Fraenkel Set Theory 799.1 Laws About not . . . . . . . . . . . . . . . . . . . . . . . . . 819.2 Laws About and . . . . . . . . . . . . . . . . . . . . . . . . . 819.3 Laws About or . . . . . . . . . . . . . . . . . . . . . . . . . 81

10 Sum: Disjoint Sums 8210.1 Rules for the Part Primitive . . . . . . . . . . . . . . . . . . . 8310.2 Rules for Disjoint Sums . . . . . . . . . . . . . . . . . . . . . 8310.3 The Eliminator: case . . . . . . . . . . . . . . . . . . . . . . . 8510.4 More Rules for Part(A, h) . . . . . . . . . . . . . . . . . . . . 85

11 func: Functions, Function Spaces, Lambda-Abstraction 8611.1 The Pi Operator: Dependent Function Space . . . . . . . . . 8611.2 Function Application . . . . . . . . . . . . . . . . . . . . . . . 8711.3 Lambda Abstraction . . . . . . . . . . . . . . . . . . . . . . . 8811.4 Extensionality . . . . . . . . . . . . . . . . . . . . . . . . . . . 8911.5 Images of Functions . . . . . . . . . . . . . . . . . . . . . . . 9011.6 Properties of restrict(f , A) . . . . . . . . . . . . . . . . . . . 9111.7 Unions of Functions . . . . . . . . . . . . . . . . . . . . . . . 9211.8 Domain and Range of a Function or Relation . . . . . . . . . 9211.9 Extensions of Functions . . . . . . . . . . . . . . . . . . . . . 9311.10Function Updates . . . . . . . . . . . . . . . . . . . . . . . . . 9311.11Monotonicity Theorems . . . . . . . . . . . . . . . . . . . . . 94

11.11.1 Replacement in its Various Forms . . . . . . . . . . . 9411.11.2 Standard Products, Sums and Function Spaces . . . . 9511.11.3 Converse, Domain, Range, Field . . . . . . . . . . . . 9511.11.4 Images . . . . . . . . . . . . . . . . . . . . . . . . . . . 95

12 QPair: Quine-Inspired Ordered Pairs and Disjoint Sums 9612.1 Quine ordered pairing . . . . . . . . . . . . . . . . . . . . . . 97

12.1.1 QSigma: Disjoint union of a family of sets GeneralizesCartesian product . . . . . . . . . . . . . . . . . . . . 98

3

12.1.2 Projections: qfst, qsnd . . . . . . . . . . . . . . . . . . 9812.1.3 Eliminator: qsplit . . . . . . . . . . . . . . . . . . . . 9912.1.4 qsplit for predicates: result type o . . . . . . . . . . . 9912.1.5 qconverse . . . . . . . . . . . . . . . . . . . . . . . . . 99

12.2 The Quine-inspired notion of disjoint sum . . . . . . . . . . . 10012.2.1 Eliminator qcase . . . . . . . . . . . . . . . . . . . . 10112.2.2 Monotonicity . . . . . . . . . . . . . . . . . . . . . . . 102

13 Perm: Injections, Surjections, Bijections, Composition 10213.1 Surjective Function Space . . . . . . . . . . . . . . . . . . . . 10313.2 Injective Function Space . . . . . . . . . . . . . . . . . . . . . 10413.3 Bijections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10413.4 Identity Function . . . . . . . . . . . . . . . . . . . . . . . . . 10413.5 Converse of a Function . . . . . . . . . . . . . . . . . . . . . . 10513.6 Converses of Injections, Surjections, Bijections . . . . . . . . 10613.7 Composition of Two Relations . . . . . . . . . . . . . . . . . 10613.8 Domain and Range see Suppes, Section 3.1 . . . . . . . . . 10713.9 Other Results . . . . . . . . . . . . . . . . . . . . . . . . . . . 10713.10Composition Preserves Functions, Injections, and Surjections 10713.11Dual Properties of inj and surj . . . . . . . . . . . . . . . . . 108

13.11.1 Inverses of Composition . . . . . . . . . . . . . . . . . 10913.11.2 Proving that a Function is a Bijection . . . . . . . . . 10913.11.3 Unions of Functions . . . . . . . . . . . . . . . . . . . 10913.11.4 Restrictions as Surjections and Bijections . . . . . . . 11013.11.5 Lemmas for Ramseys Theorem . . . . . . . . . . . . . 110

14 Trancl: Relations: Their General Properties and TransitiveClosure 11114.1 General properties of relations . . . . . . . . . . . . . . . . . . 112

14.1.1 irreflexivity . . . . . . . . . . . . . . . . . . . . . . . . 11214.1.2 symmetry . . . . . . . . . . . . . . . . . . . . . . . . . 11214.1.3 antisymmetry . . . . . . . . . . . . . . . . . . . . . . . 11214.1.4 transitivity . . . . . . . . . . . . . . . . . . . . . . . . 112

14.2 Transitive closure of a relation . . . . . . . . . . . . . . . . . 112

15 WF: Well-Founded Recursion 11615.1 Well-Founded Relations . . . . . . . . . . . . . . . . . . . . . 117

15.1.1 Equivalences between wf and wf-on . . . . . . . . . . 11715.1.2 Introduction Rules for wf-on . . . . . . . . . . . . . . 11715.1.3 Well-founded Induction . . . . . . . . . . . . . . . . . 118

15.2 Basic Properties of Well-Founded Relations . . . . . . . . . . 11915.3 The Predicate is-recfun . . . . . . . . . . . . . . . . . . . . . 11915.4 Recursion: Main Existence Lemma . . . . . . . . . . . . . . . 12015.5 Unfolding wftrec(r , a, H ) . . . . . . . . . . . . . . . . . . . . 120

4

15.5.1 Removal of the Premise trans(r) . . . . . . . . . . . . 120

16 Ordinal: Transitive Sets and Ordinals 12116.1 Rules for Transset . . . . . . . . . . . . . . . . . . . . . . . . 122

16.1.1 Three Neat Characterisations of Transset . . . . . . . 12216.1.2 Consequences of Downwards Closure . . . . . . . . . . 12216.1.3 Closure Properties . . . . . . . . . . . . . . . . . . . . 122

16.2 Lemmas for Ordinals . . . . . . . . . . . . . . . . . . . . . . . 12316.3 The Construction of Ordinals: 0, succ, Union . . . . . . . . . 12416.4 is less Than for Ordinals . . . . . . . . . . . . . . . . . . . 12416.5 Natural Deduction Rules for Memrel . . . . . . . . . . . . . . 12616.6 Transfinite Induction . . . . . . . . . . . . . . . . . . . . . . . 127

17 Fundamental properties of the epsilon ordering ( on ordi-nals) 127

17.0.1 Proving That is a Linear Ordering on the Ordinals . 12717.0.2 Some Rewrite Rules for , le . . . . . . . . . . . . . . . 128

17.1 Results about Less-Than or Equals . . . . . . . . . . . . . . . 12817.1.1 Transitivity Laws . . . . . . . . . . . . . . . . . . . . . 12917.1.2 Union and Intersection . . . . . . . . . . . . . . . . . . 129

17.2 Results about Limits . . . . . . . . . . . . . . . . . . . . . . . 13017.3 Limit Ordinals General Properties . . . . . . . . . . . . . . 132

17.3.1 Traditional 3-Way Case Analysis on Ordinals . . . . . 132

18 OrdQuant: Special quantifiers 13318.1 Quantifiers and union operator for ordinals . . . . . . . . . . 133

18.1.1 simplification of the new quantifiers . . . . . . . . . . 13418.1.2 Union over ordinals . . . . . . . . . . . . . . . . . . . 13418.1.3 universal quantifier for ordinals . . . . . . . . . . . . . 13518.1.4 existential quantifier for ordinals . . . . . . . . . . . . 13618.1.5 Rules for Ordinal-Indexed Unions . . . . . . . . . . . . 136

18.2 Quantification over a class . . . . . . . . . . . . . . . . . . . . 13718.2.1 Relativized universal quantifier . . . . . . . . . . . . . 13718.2.2 Relativized existential quantifier . . . . . . . . . . . . 13818.2.3 One-point rule for bounded quantifiers . . . . . . . . . 13918.2.4 Sets as Classes . . . . . . . . . . . . . . . . . . . . . . 140

19 Nat-ZF: The Natural numbers As a Least Fixed Point 14019.1 Injectivity Properties and Induction . . . . . . . . . . . . . . 14119.2 Variations on Mathematical Induction . . . . . . . . . . . . . 14219.3 quasinat: to allow a case-split rule for nat-case . . . . . . . . 14319.4 Recursion on the Natural Numbers . . . . . . . . . . . . . . . 144

20 Inductive-ZF: Inductive and Coinductive Definitions 145

5

21 Epsilon: Epsilon Induction and Recursion 14521.1 Basic Closure Properties . . . . . . . . . . . . . . . . . . . . . 14621.2 Leastness of eclose . . . . . . . . . . . . . . . . . . . . . . . . 14721.3 Epsilon Recursion . . . . . . . . . . . . . . . . . . . . . . . . 14721.4 Rank . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14821.5 Corollaries of Leastness . . . . . . . . . . . . . . . . . . . . . 149

22 Order: Partial and Total Orderings: Basic Definitions andProperties 15122.1 Immediate Consequences of the Definitions . . . . . . . . . . 15222.2 Restricting an Orderings Domain . . . . . . . . . . . . . . . . 15322.3 Empty and Unit Domains . . . . . . . . . . . . . . . . . . . . 154

22.3.1 Relations over the Empty Set . . . . . . . . . . . . . . 15422.3.2 The Empty Relation Well-Orders the Unit Set . . . . 155

22.4 Order-Isomorphisms . . . . . . . . . . . . . . . . . . . . . . . 15522.5 Main results of Kunen, Chapter 1 section 6 . . . . . . . . . . 15722.6 Towards Kunens Theorem 6.3: Linearity of the Similarity

Relation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15822.7 Miscellaneous Results by Krzysztof Grabczewski . . . . . . . 15922.8 Lemmas for the Reflexive Orders . . . . . . . . . . . . . . . . 160

23 OrderArith: Combining Orderings: Foundations of OrdinalArithmetic 16023.1 Addition of Relations Disjoint Sum . . . . . . . . . . . . . . 161

23.1.1 Rewrite rules. Can be used to obtain introduction rules16123.1.2 Elimination Rule . . . . . . . . . . . . . . . . . . . . . 16123.1.3 Type checking . . . . . . . . . . . . . . . . . . . . . . 16223.1.4 Linearity . . . . . . . . . . . . . . . . . . . . . . . . . 16223.1.5 Well-foundedness . . . . . . . . . . . . . . . . . . . . . 16223.1.6 An ord-iso congruence law . . . . . . . . . . . . . . . . 16223.1.7 Associativity . . . . . . . . . . . . . . . . . . . . . . . 163

23.2 Multiplication of Relations Lexicographic Product . . . . . 16323.2.1 Rewrite rule. Can be used to obtain introduction rules 16323.2.2 Type checking . . . . . . . . . . . . . . . . . . . . . . 16323.2.3 Linearity . . . . . . . . . . . . . . . . . . . . . . . . . 16323.2.4 Well-foundedness . . . . . . . . . . . . . . . . . . . . . 16323.2.5 An ord-iso congruence law . . . . . . . . . . . . . . . . 16423.2.6 Distributive law . . . . . . . . . . . . . . . . . . . . . 16423.2.7 Associativity . . . . . . . . . . . . . . . . . . . . . . . 165

23.3 Inverse Image of a Relation . . . . . . . . . . . . . . . . . . . 16523.3.1 Rewrite rule . . . . . . . . . . . . . . . . . . . . . . . . 16523.3.2 Type checking . . . . . . . . . . . . . . . . . . . . . . 16523.3.3 Partial Ordering Properties . . . . . . . . . . . . . . . 16523.3.4 Linearity . . . . . . . . . . . . . . . . . . . . . . . . . 166

6

23.3.5 Well-foundedness . . . . . . . . . . . . . . . . . . . . . 16623.4 Every well-founded relation is a subset of some inverse image

of an ordinal . . . . . . . . . . . . . . . . . . . . . . . . . . . 16623.5 Other Results . . . . . . . . . . . . . . . . . . . . . . . . . . . 167

23.5.1 The Empty Relation . . . . . . . . . . . . . . . . . . . 16723.5.2 The measure relation is useful with wfrec . . . . . . 16723.5.3 Well-foundedness of Unions . . . . . . . . . . . . . . . 16823.5.4 Bijections involving Powersets . . . . . . . . . . . . . . 168

24 OrderType: Order Types and Ordinal Arithmetic 16924.1 Proofs needing the combination of Ordinal.thy and Order.thy 17024.2 Ordermap and ordertype . . . . . . . . . . . . . . . . . . . . . 170

24.2.1 Unfolding of ordermap . . . . . . . . . . . . . . . . . . 17024.2.2 Showing that ordermap, ordertype yield ordinals . . . 17124.2.3 ordermap preserves the orderings in both directions . 17124.2.4 Isomorphisms involving ordertype . . . . . . . . . . . 17124.2.5 Basic equalities for ordertype . . . . . . . . . . . . . . 17224.2.6 A fundamental unfolding law for ordertype. . . . . . . 172

24.3 Alternative definition of ordinal . . . . . . . . . . . . . . . . . 17224.4 Ordinal Addition . . . . . . . . . . . . . . . . . . . . . . . . . 173

24.4.1 Order Type calculations for radd . . . . . . . . . . . . 17324.4.2 ordify: trivial coercion to an ordinal . . . . . . . . . . 17324.4.3 Basic laws for ordinal addition . . . . . . . . . . . . . 17424.4.4 Ordinal addition with successor via associativity! . . 175

24.5 Ordinal Subtraction . . . . . . . . . . . . . . . . . . . . . . . 17724.6 Ordinal Multiplication . . . . . . . . . . . . . . . . . . . . . . 177

24.6.1 A useful unfolding law . . . . . . . . . . . . . . . . . . 17724.6.2 Basic laws for ordinal multiplication . . . . . . . . . . 17824.6.3 Ordering/monotonicity properties of ordinal multipli-

cation . . . . . . . . . . . . . . . . . . . . . . . . . . . 17924.7 The Relation Lt . . . . . . . . . . . . . . . . . . . . . . . . . 180

25 Finite: Finite Powerset Operator and Finite Function Space18025.1 Finite Powerset Operator . . . . . . . . . . . . . . . . . . . . 18125.2 Finite Function Space . . . . . . . . . . . . . . . . . . . . . . 18225.3 The Contents of a Singleton Set . . . . . . . . . . . . . . . . . 183

26 Cardinal: Cardinal Numbers Without the Axiom of Choice18326.1 The Schroeder-Bernstein Theorem . . . . . . . . . . . . . . . 18426.2 lesspoll: contributions by Krzysztof Grabczewski . . . . . . . 18626.3 Basic Properties of Cardinals . . . . . . . . . . . . . . . . . . 18826.4 The finite cardinals . . . . . . . . . . . . . . . . . . . . . . . . 19026.5 The first infinite cardinal: Omega, or nat . . . . . . . . . . . 19126.6 Towards Cardinal Arithmetic . . . . . . . . . . . . . . . . . . 191

7

26.7 Lemmas by Krzysztof Grabczewski . . . . . . . . . . . . . . . 19226.8 Finite and infinite sets . . . . . . . . . . . . . . . . . . . . . . 193

27 Univ: The Cumulative Hierarchy and a Small Universe forRecursive Types 19627.1 Immediate Consequences of the Definition of Vfrom(A, i) . . 197

27.1.1 Monotonicity . . . . . . . . . . . . . . . . . . . . . . . 19727.1.2 A fundamental equality: Vfrom does not require or-

dinals! . . . . . . . . . . . . . . . . . . . . . . . . . . . 19727.2 Basic Closure Properties . . . . . . . . . . . . . . . . . . . . . 197

27.2.1 Finite sets and ordered pairs . . . . . . . . . . . . . . 19827.3 0, Successor and Limit Equations for Vfrom . . . . . . . . . . 19827.4 Vfrom applied to Limit Ordinals . . . . . . . . . . . . . . . . 198

27.4.1 Closure under Disjoint Union . . . . . . . . . . . . . . 19927.5 Properties assuming Transset(A) . . . . . . . . . . . . . . . . 199

27.5.1 Products . . . . . . . . . . . . . . . . . . . . . . . . . 20027.5.2 Disjoint Sums, or Quine Ordered Pairs . . . . . . . . . 20027.5.3 Function Space! . . . . . . . . . . . . . . . . . . . . . . 201

27.6 The Set Vset(i) . . . . . . . . . . . . . . . . . . . . . . . . . . 20127.6.1 Characterisation of the elements of Vset(i) . . . . . . 20127.6.2 Reasoning about Sets in Terms of Their Elements Ranks20227.6.3 Set Up an Environment for Simplification . . . . . . . 20227.6.4 Recursion over Vset Levels! . . . . . . . . . . . . . . . 202

27.7 The Datatype Universe: univ(A) . . . . . . . . . . . . . . . . 20327.7.1 The Set univ(A) as a Limit . . . . . . . . . . . . . . . 203

27.8 Closure Properties for univ(A) . . . . . . . . . . . . . . . . . 20327.8.1 Closure under Unordered and Ordered Pairs . . . . . . 20327.8.2 The Natural Numbers . . . . . . . . . . . . . . . . . . 20427.8.3 Instances for 1 and 2 . . . . . . . . . . . . . . . . . . . 20427.8.4 Closure under Disjoint Union . . . . . . . . . . . . . . 204

27.9 Finite Branching Closure Properties . . . . . . . . . . . . . . 20527.9.1 Closure under Finite Powerset . . . . . . . . . . . . . 20527.9.2 Closure under Finite Powers: Functions from a Natu-

ral Number . . . . . . . . . . . . . . . . . . . . . . . . 20527.9.3 Closure under Finite Function Space . . . . . . . . . . 205

27.10* For QUniv. Properties of Vfrom analogous to the take-lemma * . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206

28 QUniv: A Small Universe for Lazy Recursive Types 20628.1 Properties involving Transset and Sum . . . . . . . . . . . . . 20728.2 Introduction and Elimination Rules . . . . . . . . . . . . . . . 20728.3 Closure Properties . . . . . . . . . . . . . . . . . . . . . . . . 20728.4 Quine Disjoint Sum . . . . . . . . . . . . . . . . . . . . . . . 20828.5 Closure for Quine-Inspired Products and Sums . . . . . . . . 208

8

28.6 Quine Disjoint Sum . . . . . . . . . . . . . . . . . . . . . . . 20928.7 The Natural Numbers . . . . . . . . . . . . . . . . . . . . . . 20928.8 Take-Lemma Rules . . . . . . . . . . . . . . . . . . . . . . . 209

29 Datatype-ZF: Datatype and CoDatatype Definitions 210

30 Arith: Arithmetic Operators and Their Definitions 21030.1 natify, the Coercion to nat . . . . . . . . . . . . . . . . . . . 21130.2 Typing rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21330.3 Addition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21430.4 Monotonicity of Addition . . . . . . . . . . . . . . . . . . . . 21530.5 Multiplication . . . . . . . . . . . . . . . . . . . . . . . . . . . 217

31 ArithSimp: Arithmetic with simplification 21931.1 Difference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21931.2 Remainder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21931.3 Division . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22031.4 Further Facts about Remainder . . . . . . . . . . . . . . . . . 22131.5 Additional theorems about . . . . . . . . . . . . . . . . . . 22131.6 Cancellation Laws for Common Factors in Comparisons . . . 22231.7 More Lemmas about Remainder . . . . . . . . . . . . . . . . 223

31.7.1 More Lemmas About Difference . . . . . . . . . . . . 224

32 List-ZF: Lists in Zermelo-Fraenkel Set Theory 22532.1 The function zip . . . . . . . . . . . . . . . . . . . . . . . . . 239

33 EquivClass: Equivalence Relations 24433.1 Suppes, Theorem 70: r is an equiv relation iff converse(r) O

r = r . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24533.2 Defining Unary Operations upon Equivalence Classes . . . . . 24633.3 Defining Binary Operations upon Equivalence Classes . . . . 247

34 Int-ZF: The Integers as Equivalence Classes Over Pairs ofNatural Numbers 24834.1 Proving that intrel is an equivalence relation . . . . . . . . . 25034.2 Collapsing rules: to remove intify from arithmetic expressions 25134.3 zminus: unary negation on int . . . . . . . . . . . . . . . . . 25234.4 znegative: the test for negative integers . . . . . . . . . . . . 25334.5 nat-of : Coercion of an Integer to a Natural Number . . . . . 25334.6 zmagnitude: magnitide of an integer, as a natural number . . 25434.7 op $+: addition on int . . . . . . . . . . . . . . . . . . . . . . 25534.8 op $: Integer Multiplication . . . . . . . . . . . . . . . . . . 25634.9 The Less Than Relation . . . . . . . . . . . . . . . . . . . . 25934.10Less Than or Equals . . . . . . . . . . . . . . . . . . . . . . . 26034.11More subtraction laws (for zcompare-rls) . . . . . . . . . . . . 261

9

34.12Monotonicity and Cancellation Results for Instantiation ofthe CancelNumerals Simprocs . . . . . . . . . . . . . . . . . . 261

34.13Comparison laws . . . . . . . . . . . . . . . . . . . . . . . . . 26234.13.1 More inequality lemmas . . . . . . . . . . . . . . . . . 26334.13.2 The next several equations are permutative: watch out!263

35 Bin: Arithmetic on Binary Integers 26335.0.3 The Carry and Borrow Functions, bin-succ and bin-pred 26635.0.4 bin-minus: Unary Negation of Binary Integers . . . . 26635.0.5 bin-add : Binary Addition . . . . . . . . . . . . . . . . 26635.0.6 bin-mult : Binary Multiplication . . . . . . . . . . . . . 267

35.1 Computations . . . . . . . . . . . . . . . . . . . . . . . . . . . 26735.2 Simplification Rules for Comparison of Binary Numbers . . . 269

36 IntDiv-ZF: The Division Operators Div and Mod 27536.1 Uniqueness and monotonicity of quotients and remainders . . 27936.2 Correctness of posDivAlg, the Division Algorithm for a0

and b>0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28036.3 Some convenient biconditionals for products of signs . . . . . 28036.4 Correctness of negDivAlg, the division algorithm for a0 and

b0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28236.5 Existence shown by proving the division algorithm to be correct28336.6 division of a number by itself . . . . . . . . . . . . . . . . . . 28636.7 Computation of division and remainder . . . . . . . . . . . . 28736.8 Monotonicity in the first argument (divisor) . . . . . . . . . . 28936.9 Monotonicity in the second argument (dividend) . . . . . . . 28936.10More algebraic laws for zdiv and zmod . . . . . . . . . . . . . 29036.11proving a zdiv (b*c) = (a zdiv b) zdiv c . . . . . . . . . . . . 29236.12Cancellation of common factors in zdiv . . . . . . . . . . . 29336.13Distribution of factors over zmod . . . . . . . . . . . . . . . 293

37 CardinalArith: Cardinal Arithmetic Without the Axiom ofChoice 29437.1 Cardinal addition . . . . . . . . . . . . . . . . . . . . . . . . . 295

37.1.1 Cardinal addition is commutative . . . . . . . . . . . . 29537.1.2 Cardinal addition is associative . . . . . . . . . . . . . 29637.1.3 0 is the identity for addition . . . . . . . . . . . . . . . 29637.1.4 Addition by another cardinal . . . . . . . . . . . . . . 29637.1.5 Monotonicity of addition . . . . . . . . . . . . . . . . 29637.1.6 Addition of finite cardinals is ordinary addition . . . 296

37.2 Cardinal multiplication . . . . . . . . . . . . . . . . . . . . . . 29737.2.1 Cardinal multiplication is commutative . . . . . . . . 29737.2.2 Cardinal multiplication is associative . . . . . . . . . . 29737.2.3 Cardinal multiplication distributes over addition . . . 297

10

37.2.4 Multiplication by 0 yields 0 . . . . . . . . . . . . . . . 29737.2.5 1 is the identity for multiplication . . . . . . . . . . . 298

37.3 Some inequalities for multiplication . . . . . . . . . . . . . . . 29837.3.1 Multiplication by a non-zero cardinal . . . . . . . . . . 29837.3.2 Monotonicity of multiplication . . . . . . . . . . . . . 298

37.4 Multiplication of finite cardinals is ordinary multiplication 29837.5 Infinite Cardinals are Limit Ordinals . . . . . . . . . . . . . . 299

37.5.1 Establishing the well-ordering . . . . . . . . . . . . . . 29937.5.2 Characterising initial segments of the well-ordering . . 30037.5.3 The cardinality of initial segments . . . . . . . . . . . 30037.5.4 Towards Kunens Corollary 10.13 (1) . . . . . . . . . 301

37.6 For Every Cardinal Number There Exists A Greater One . . 30137.7 Basic Properties of Successor Cardinals . . . . . . . . . . . . 302

37.7.1 Removing elements from a finite set decreases its car-dinality . . . . . . . . . . . . . . . . . . . . . . . . . . 302

37.7.2 Theorems by Krzysztof Grabczewski, proofs by lcp . . 303

38 Main-ZF: Theory Main: Everything Except AC 30338.1 Iteration of the function F . . . . . . . . . . . . . . . . . . . . 30338.2 Transfinite Recursion . . . . . . . . . . . . . . . . . . . . . . . 304

39 AC: The Axiom of Choice 305

40 Zorn: Zorns Lemma 30640.1 Mathematical Preamble . . . . . . . . . . . . . . . . . . . . . 30740.2 The Transfinite Construction . . . . . . . . . . . . . . . . . . 30740.3 Some Properties of the Transfinite Construction . . . . . . . . 30740.4 Hausdorffs Theorem: Every Set Contains a Maximal Chain . 30840.5 Zorns Lemma: If All Chains in S Have Upper Bounds In S,

then S contains a Maximal Element . . . . . . . . . . . . . . 30940.6 Zermelos Theorem: Every Set can be Well-Ordered . . . . . 30940.7 Zorns Lemma for Partial Orders . . . . . . . . . . . . . . . . 310

41 Cardinal-AC: Cardinal Arithmetic Using AC 31141.1 Strengthened Forms of Existing Theorems on Cardinals . . . 31141.2 The relationship between cardinality and le-pollence . . . . . 31141.3 Other Applications of AC . . . . . . . . . . . . . . . . . . . . 31241.4 The Main Result for Infinite-Branching Datatypes . . . . . . 312

42 InfDatatype: Infinite-Branching Datatype Definitions 313

11

IFOL

FOL

ZF

upair

pair

equalities

Fixedpt

Bool

Sum

func

QPairPerm

Trancl

WF

Ordinal

OrdQuant

Nat_ZF

Inductive_ZFEpsilon

Order

OrderArith

OrderType

Finite

Cardinal

Univ

QUniv

Datatype_ZF

Arith

ArithSimp

List_ZF

EquivClass

Int_ZF

Bin

IntArith

IntDiv_ZF

CardinalArith

Main_ZF

Main AC

Zorn

Cardinal_AC

InfDatatype

Main_ZFC

[Pure]

12

1 IFOL: Intuitionistic first-order logic

theory IFOLimports Purebegin

ML

1.1 Syntax and axiomatic basis

ML

classes termdefault-sort term

typedecl o

judgmentTrueprop :: o => prop ((-) 5 )

1.1.1 Equality

axiomatizationeq :: [ a, a] => o (infixl = 50 )

whererefl : a=a andsubst : a=b = P(a) = P(b)

1.1.2 Propositional logic

axiomatizationFalse :: o andconj :: [o, o] => o (infixr & 35 ) anddisj :: [o, o] => o (infixr | 30 ) andimp :: [o, o] => o (infixr > 25 )

whereconjI : [| P ; Q |] ==> P&Q andconjunct1 : P&Q ==> P andconjunct2 : P&Q ==> Q and

disjI1 : P ==> P |Q anddisjI2 : Q ==> P |Q anddisjE : [| P |Q ; P ==> R; Q ==> R |] ==> R and

impI : (P ==> Q) ==> P>Q andmp: [| P>Q ; P |] ==> Q and

FalseE : False ==> P

13

1.1.3 Quantifiers

axiomatizationAll :: ( a => o) => o (binder ALL 10 ) andEx :: ( a => o) => o (binder EX 10 )

whereallI : (!!x . P(x )) ==> (ALL x . P(x )) andspec: (ALL x . P(x )) ==> P(x ) andexI : P(x ) ==> (EX x . P(x )) andexE : [| EX x . P(x ); !!x . P(x ) ==> R |] ==> R

1.1.4 Definitions

definition True == False>Falsedefinition Not ( - [40 ] 40 ) where not-def : P == P>Falsedefinition iff (infixr 25 ) where PQ == (P>Q) & (Q>P)

definition Ex1 :: ( a => o) => o (binder EX ! 10 )where ex1-def : EX ! x . P(x ) == EX x . P(x ) & (ALL y . P(y) > y=x )

axiomatization where Reflection, admissibleeq-reflection: (x=y) ==> (x==y) andiff-reflection: (PQ) ==> (P==Q)

1.1.5 Additional notation

abbreviation not-equal :: [ a, a] => o (infixl = 50 )where x = y == (x = y)

notation (xsymbols)not-equal (infixl 6= 50 )

notation (HTML output)not-equal (infixl 6= 50 )

notation (xsymbols)Not ( - [40 ] 40 ) andconj (infixr 35 ) anddisj (infixr 30 ) andAll (binder 10 ) andEx (binder 10 ) andEx1 (binder ! 10 ) andimp (infixr 25 ) andiff (infixr 25 )

notation (HTML output)Not ( - [40 ] 40 ) andconj (infixr 35 ) anddisj (infixr 30 ) andAll (binder 10 ) and

14

Ex (binder 10 ) andEx1 (binder ! 10 )

1.2 Lemmas and proof tools

lemmas strip = impI allI

lemma TrueI : Trueproof

lemma conjE :assumes major : P & Q

and r : [| P ; Q |] ==> Rshows Rproof

lemma impE :assumes major : P > Q

and Pand r : Q ==> Rshows Rproof

lemma allE :assumes major : ALL x . P(x )

and r : P(x ) ==> Rshows Rproof

lemma all-dupE :assumes major : ALL x . P(x )

and r : [| P(x ); ALL x . P(x ) |] ==> Rshows Rproof

lemma notI : (P ==> False) ==> Pproof

lemma notE : [| P ; P |] ==> Rproof

lemma rev-notE : [| P ; P |] ==> R

15

lemma rev-iffD2 : [| Q ; P Q |] ==> Pproof

lemma iff-refl : P Pproof

lemma iff-sym: Q P ==> P Qproof

lemma iff-trans: [| P Q ; Q R |] ==> P Rproof

lemma ex1I :P(a) = (!!x . P(x ) ==> x=a) = EX ! x . P(x )proof

lemma ex-ex1I :EX x . P(x ) = (!!x y . [| P(x ); P(y) |] ==> x=y) = EX ! x . P(x )proof

lemma ex1E :EX ! x . P(x ) = (!!x . [| P(x ); ALL y . P(y) > y=x |] ==> R) = Rproof

ML

lemma conj-cong :assumes P P

and P ==> Q Q shows (P&Q) (P &Q )proof

lemma conj-cong2 :assumes P P

and P ==> Q Q shows (Q&P) (Q &P )proof

lemma disj-cong :

17

assumes P P and Q Q shows (P |Q) (P |Q )proof

lemma imp-cong :assumes P P

and P ==> Q Q shows (P>Q) (P >Q )proof

lemma iff-cong : [| P P ; Q Q |] ==> (PQ) (P Q )proof

lemma not-cong : P P ==> P P proof

lemma all-cong :assumes !!x . P(x ) Q(x )shows (ALL x . P(x )) (ALL x . Q(x ))proof

lemma ex-cong :assumes !!x . P(x ) Q(x )shows (EX x . P(x )) (EX x . Q(x ))proof

lemma ex1-cong :assumes !!x . P(x ) Q(x )shows (EX ! x . P(x )) (EX ! x . Q(x ))proof

lemma sym: a=b ==> b=aproof

lemma trans: [| a=b; b=c |] ==> a=cproof

lemma not-sym: b = a ==> a = bproof

lemma def-imp-iff : (A == B) ==> A Bproof

lemma meta-eq-to-obj-eq : (A == B) ==> A = B

18

lemma conj-impE :assumes major : (P&Q)>S

and r : P>(Q>S ) ==> Rshows Rproof

lemma disj-impE :assumes major : (P |Q)>S

and r : [| P>S ; Q>S |] ==> Rshows Rproof

lemma imp-impE :assumes major : (P>Q)>S

and r1 : [| P ; Q>S |] ==> Qand r2 : S ==> R

shows Rproof

lemma not-impE :P > S = (P ==> False) = (S ==> R) = Rproof

lemma iff-impE :assumes major : (PQ)>S

and r1 : [| P ; Q>S |] ==> Qand r2 : [| Q ; P>S |] ==> Pand r3 : S ==> R

shows Rproof

lemma all-impE :assumes major : (ALL x . P(x ))>S

and r1 : !!x . P(x )and r2 : S ==> R

shows Rproof

lemma ex-impE :assumes major : (EX x . P(x ))>S

and r : P(x )>S ==> Rshows R

20

proof

lemma disj-imp-disj :P |Q = (P==>R) = (Q==>S ) = R|Sproof

ML

lemma thin-refl : [|x=x ; PROP W |] ==> PROP W proof

ML

1.3 Intuitionistic Reasoning

ML

lemma impE :assumes 1 : P > Q

and 2 : Q ==> Rand 3 : P > Q ==> P

shows Rproof

lemma allE :assumes 1 : ALL x . P(x )

and 2 : P(x ) ==> ALL x . P(x ) ==> Qshows Qproof

lemma notE :assumes 1 : P

and 2 : P ==> Pshows Rproof

lemmas [Pure.elim!] = disjE iffE FalseE conjE exEand [Pure.intro!] = iffI conjI impI TrueI notI allI refland [Pure.elim 2 ] = allE notE impE

and [Pure.intro] = exI disjI2 disjI1

ML

lemma iff-not-sym: (Q P) ==> (P Q)proof

lemmas [sym] = sym iff-sym not-sym iff-not-sym

21

and [Pure.elim? ] = iffD1 iffD2 impE

lemma eq-commute: a=b b=aproof

1.4 Atomizing meta-level rules

lemma atomize-all [atomize]: (!!x . P(x )) == Trueprop (ALL x . P(x ))proof

lemma atomize-imp [atomize]: (A ==> B) == Trueprop (A > B)proof

lemma atomize-eq [atomize]: (x == y) == Trueprop (x = y)proof

lemma atomize-iff [atomize]: (A == B) == Trueprop (A B)proof

lemma atomize-conj [atomize]: (A &&& B) == Trueprop (A & B)proof

lemmas [symmetric, rulify ] = atomize-all atomize-impand [symmetric, defn] = atomize-all atomize-imp atomize-eq atomize-iff

1.5 Atomizing elimination rules

ML

lemma atomize-exL[atomize-elim]: (!!x . P(x ) ==> Q) == ((EX x . P(x )) ==>Q)proof

lemma atomize-conjL[atomize-elim]: (A ==> B ==> C ) == (A & B ==> C )proof

lemma atomize-disjL[atomize-elim]: ((A ==> C ) ==> (B ==> C ) ==> C )== ((A | B ==> C ) ==> C )proof

lemma atomize-elimL[atomize-elim]: (!!B . (A ==> B) ==> B) == Trueprop(A)proof

1.6 Calculational rules

lemma forw-subst : a = b ==> P(b) ==> P(a)proof

lemma back-subst : P(a) ==> a = b ==> P(b)

22

proof

Note that this list of rules is in reverse order of priorities.

lemmas basic-trans-rules [trans] =forw-substback-substrev-mpmptrans

1.7 Let declarations

nonterminal letbinds and letbind

definition Let :: [ a::{}, a => b] => ( b::{}) whereLet(s, f ) == f (s)

syntax-bind :: [pttrn, a] => letbind ((2- =/ -) 10 )

:: letbind => letbinds (-)-binds :: [letbind , letbinds] => letbinds (-;/ -)-Let :: [letbinds, a] => a ((let (-)/ in (-)) 10 )

translations-Let(-binds(b, bs), e) == -Let(b, -Let(bs, e))let x = a in e == CONST Let(a, %x . e)

lemma LetI :assumes !!x . x=t ==> P(u(x ))shows P(let x=t in u(x ))proof

1.8 Intuitionistic simplification rules

lemma conj-simps:P & True PTrue & P PP & False FalseFalse & P FalseP & P PP & P & Q P & QP & P FalseP & P False(P & Q) & R P & (Q & R)proof

lemma disj-simps:P | True True

23

True | P TrueP | False PFalse | P PP | P PP | P | Q P | Q(P | Q) | R P | (Q | R)proof

lemma not-simps:(P |Q) P & Q False True True Falseproof

lemma imp-simps:(P > False) P(P > True) True(False > P) True(True > P) P(P > P) True(P > P) Pproof

lemma iff-simps:(True P) P(P True) P(P P) True(False P) P(P False) Pproof

lemma quant-simps:!!P . (ALL x . P) P(ALL x . x=t > P(x )) P(t)(ALL x . t=x > P(x )) P(t)!!P . (EX x . P) PEX x . x=tEX x . t=x(EX x . x=t & P(x )) P(t)(EX x . t=x & P(x )) P(t)proof

lemma distrib-simps:P & (Q | R) P&Q | P&R(Q | R) & P Q&P | R&P(P | Q > R) (P > R) & (Q > R)proof

24

Conversion into rewrite rules

lemma P-iff-F : P ==> (P False) proof lemma iff-reflection-F : P ==> (P == False) proof

lemma P-iff-T : P ==> (P True) proof lemma iff-reflection-T : P ==> (P == True) proof

More rewrite rules

lemma conj-commute: P&Q Q&P proof lemma conj-left-commute: P&(Q&R) Q&(P&R) proof lemmas conj-comms = conj-commute conj-left-commute

lemma disj-commute: P |Q Q |P proof lemma disj-left-commute: P |(Q |R) Q |(P |R) proof lemmas disj-comms = disj-commute disj-left-commute

lemma conj-disj-distribL: P&(Q |R) (P&Q | P&R) proof lemma conj-disj-distribR: (P |Q)&R (P&R | Q&R) proof

lemma disj-conj-distribL: P |(Q&R) (P |Q) & (P |R) proof lemma disj-conj-distribR: (P&Q)|R (P |R) & (Q |R) proof

lemma imp-conj-distrib: (P > (Q&R)) (P>Q) & (P>R) proof lemma imp-conj : ((P&Q)>R) (P > (Q > R)) proof lemma imp-disj : (P |Q > R) (P>R) & (Q>R) proof

lemma de-Morgan-disj : ((P | Q)) (P & Q) proof

lemma not-ex : ( (EX x . P(x ))) (ALL x .P(x )) proof lemma imp-ex : ((EX x . P(x )) > Q) (ALL x . P(x ) > Q) proof

lemma ex-disj-distrib:(EX x . P(x ) | Q(x )) ((EX x . P(x )) | (EX x . Q(x ))) proof

lemma all-conj-distrib:(ALL x . P(x ) & Q(x )) ((ALL x . P(x )) & (ALL x . Q(x ))) proof

end

2 FOL: Classical first-order logic

theory FOLimports IFOLkeywords print-claset print-induct-rules :: diagbegin

ML

25

2.1 The classical axiom

axiomatization whereclassical : (P ==> P) ==> P

2.2 Lemmas and proof tools

lemma ccontr : ( P = False) = Pproof

lemma disjCI : (Q ==> P) ==> P |Qproof

lemma ex-classical :assumes r : (EX x . P(x )) ==> P(a)shows EX x . P(x )proof

lemma exCI :assumes r : ALL x . P(x ) ==> P(a)shows EX x . P(x )proof

lemma excluded-middle: P | Pproof

lemma case-split [case-names True False]:assumes r1 : P ==> Q

and r2 : P ==> Qshows Qproof

ML

lemma impCE :assumes major : P>Q

and r1 : P ==> Rand r2 : Q ==> R

shows Rproof

26

lemma impCE :assumes major : P>Q

and r1 : Q ==> Rand r2 : P ==> R

shows Rproof

lemma notnotD : P ==> Pproof

lemma contrapos2 : [| Q ; P ==> Q |] ==> Pproof

lemma iffCE :assumes major : PQ

and r1 : [| P ; Q |] ==> Rand r2 : [| P ; Q |] ==> R

shows Rproof

lemma alt-ex1E :assumes major : EX ! x . P(x )

and r : !!x . [| P(x ); ALL y y . P(y) & P(y ) > y=y |] ==> Rshows Rproof

lemma imp-elim: P > Q ==> ( R ==> P) ==> (Q ==> R) ==> Rproof

lemma swap: P ==> ( R ==> P) ==> Rproof

3 Classical Reasoner

ML

lemmas [intro!] = refl TrueI conjI disjCI impI notI iffIand [elim!] = conjE disjE impCE FalseE iffCEML

27

lemmas [intro!] = allI ex-ex1Iand [intro] = exIand [elim!] = exE alt-ex1Eand [elim] = allEML

lemma ex1-functional : [| EX ! z . P(a,z ); P(a,b); P(a,c) |] ==> b = cproof

lemma True-implies-equals: (True ==> PROP P) == PROP Pproof

lemma uncurry : P > Q > R ==> P & Q > Rproof

lemma iff-allI : (!!x . P(x ) Q(x )) ==> (ALL x . P(x )) (ALL x . Q(x ))proof

lemma iff-exI : (!!x . P(x ) Q(x )) ==> (EX x . P(x )) (EX x . Q(x ))proof

lemma all-comm: (ALL x y . P(x ,y)) (ALL y x . P(x ,y)) proof

lemma ex-comm: (EX x y . P(x ,y)) (EX y x . P(x ,y)) proof

lemma cases-simp: (P > Q) & (P > Q) Q proof

lemma int-ex-simps:!!P Q . (EX x . P(x ) & Q) (EX x . P(x )) & Q!!P Q . (EX x . P & Q(x )) P & (EX x . Q(x ))!!P Q . (EX x . P(x ) | Q) (EX x . P(x )) | Q!!P Q . (EX x . P | Q(x )) P | (EX x . Q(x ))proof

lemma cla-ex-simps:!!P Q . (EX x . P(x ) > Q) (ALL x . P(x )) > Q!!P Q . (EX x . P > Q(x )) P > (EX x . Q(x ))

28

proof

lemmas ex-simps = int-ex-simps cla-ex-simps

lemma int-all-simps:!!P Q . (ALL x . P(x ) & Q) (ALL x . P(x )) & Q!!P Q . (ALL x . P & Q(x )) P & (ALL x . Q(x ))!!P Q . (ALL x . P(x ) > Q) (EX x . P(x )) > Q!!P Q . (ALL x . P > Q(x )) P > (ALL x . Q(x ))proof

lemma cla-all-simps:!!P Q . (ALL x . P(x ) | Q) (ALL x . P(x )) | Q!!P Q . (ALL x . P | Q(x )) P | (ALL x . Q(x ))proof

lemmas all-simps = int-all-simps cla-all-simps

lemma imp-disj1 : (P>Q) | R (P>Q | R) proof lemma imp-disj2 : Q | (P>R) (P>Q | R) proof

lemma de-Morgan-conj : ((P & Q)) (P | Q) proof

lemma not-imp: (P > Q) (P & Q) proof lemma not-iff : (P Q) (P Q) proof

lemma not-all : ( (ALL x . P(x ))) (EX x .P(x )) proof lemma imp-all : ((ALL x . P(x )) > Q) (EX x . P(x ) > Q) proof

lemmas meta-simps =triv-forall-equalityTrue-implies-equals

lemmas IFOL-simps =refl [THEN P-iff-T ] conj-simps disj-simps not-simpsimp-simps iff-simps quant-simps

lemma notFalseI : False proof

lemma cla-simps-misc:(P&Q) P | QP | PP | P

29

P P(P > P) P(P Q) (PQ) proof

lemmas cla-simps =de-Morgan-conj de-Morgan-disj imp-disj1 imp-disj2not-imp not-all not-ex cases-simp cla-simps-misc

ML

3.1 Other simple lemmas

lemma [simp]: ((P>R) (Q>R)) ((PQ) | R)proof

lemma [simp]: ((P>Q) (P>R)) (P > (QR))proof

lemma not-disj-iff-imp: P | Q (P>Q)proof

lemma conj-mono: [| P1>Q1 ; P2>Q2 |] ==> (P1 &P2 ) > (Q1 &Q2 )proof

lemma disj-mono: [| P1>Q1 ; P2>Q2 |] ==> (P1 |P2 ) > (Q1 |Q2 )proof

lemma imp-mono: [| Q1>P1 ; P2>Q2 |] ==> (P1>P2 )>(Q1>Q2 )proof

lemma imp-refl : P>Pproof

lemma ex-mono: (!!x . P(x ) > Q(x )) ==> (EX x . P(x )) > (EX x . Q(x ))proof

lemma all-mono: (!!x . P(x ) > Q(x )) ==> (ALL x . P(x )) > (ALL x .Q(x ))proof

3.2 Proof by cases and induction

Proper handling of non-atomic rule statements.

definition induct-forall(P) == x . P(x )definition induct-implies(A, B) == A B

30

definition induct-equal(x , y) == x = ydefinition induct-conj (A, B) == A B

lemma induct-forall-eq : (!!x . P(x )) == Trueprop(induct-forall(x . P(x )))proof

lemma induct-implies-eq : (A ==> B) == Trueprop(induct-implies(A, B))proof

lemma induct-equal-eq : (x == y) == Trueprop(induct-equal(x , y))proof

lemma induct-conj-eq : (A &&& B) == Trueprop(induct-conj (A, B))proof

lemmas induct-atomize = induct-forall-eq induct-implies-eq induct-equal-eq induct-conj-eqlemmas induct-rulify [symmetric] = induct-atomizelemmas induct-rulify-fallback =

induct-forall-def induct-implies-def induct-equal-def induct-conj-def

hide-const induct-forall induct-implies induct-equal induct-conj

Method setup.

MLdeclare case-split [cases type: o]

ML

hide-const (open) eq

end

4 ZF: Zermelo-Fraenkel Set Theory

theory ZFimports /src/FOL/FOLbegin

declare [[eta-contract = false]]

typedecl iarities i :: term

axiomatizationzero :: i (0 ) the empty set andPow :: i => i power sets andInf :: i infinite set

31

Bounded Quantifiers

constsBall :: [i , i => o] => oBex :: [i , i => o] => o

General Union and Intersection

axiomatization Union :: i => iconsts Inter :: i => i

Variations on Replacement

axiomatization PrimReplace :: [i , [i , i ] => o] => iconsts

Replace :: [i , [i , i ] => o] => iRepFun :: [i , i => i ] => iCollect :: [i , i => o] => i

Definite descriptions via Replace over the set 1

constsThe :: (i => o) => i (binder THE 10 )If :: [o, i , i ] => i ((if (-)/ then (-)/ else (-)) [10 ] 10 )

abbreviation (input)old-if :: [o, i , i ] => i (if (-,-,- )) whereif (P ,a,b) == If (P ,a,b)

Finite Sets

constsUpair :: [i , i ] => icons :: [i , i ] => isucc :: i => i

Ordered Pairing

constsPair :: [i , i ] => ifst :: i => isnd :: i => isplit :: [[i , i ] => a, i ] => a::{} for pattern-matching

Sigma and Pi Operators

constsSigma :: [i , i => i ] => iPi :: [i , i => i ] => i

Relations and Functions

constsdomain :: i => irange :: i => i

32

field :: i => iconverse :: i => irelation :: i => o recognizes sets of pairsfunction :: i => o recognizes functions; can have non-pairsLambda :: [i , i => i ] => irestrict :: [i , i ] => i

Infixes in order of decreasing precedence

consts

Image :: [i , i ] => i (infixl 90 ) imagevimage :: [i , i ] => i (infixl 90 ) inverse imageapply :: [i , i ] => i (infixl 90 ) function applicationInt :: [i , i ] => i (infixl Int 70 ) binary intersectionUn :: [i , i ] => i (infixl Un 65 ) binary unionDiff :: [i , i ] => i (infixl 65 ) set differenceSubset :: [i , i ] => o (infixl o (infixl : 50 ) membership relation

abbreviationnot-mem :: [i , i ] => o (infixl : 50 ) negated membership relationwhere x : y == (x : y)

abbreviationcart-prod :: [i , i ] => i (infixr 80 ) Cartesian productwhere A B == Sigma(A, %-. B)

abbreviationfunction-space :: [i , i ] => i (infixr > 60 ) function spacewhere A > B == Pi(A, %-. B)

nonterminal is and patterns

syntax:: i => is (-)

-Enum :: [i , is] => is (-,/ -)

-Finset :: is => i ({(-)})-Tuple :: [i , is] => i ()-Collect :: [pttrn, i , o] => i ((1{-: - ./ -}))-Replace :: [pttrn, pttrn, i , o] => i ((1{- ./ -: -, -}))-RepFun :: [i , pttrn, i ] => i ((1{- ./ -: -}) [51 ,0 ,51 ])-INTER :: [pttrn, i , i ] => i ((3INT -:-./ -) 10 )-UNION :: [pttrn, i , i ] => i ((3UN -:-./ -) 10 )-PROD :: [pttrn, i , i ] => i ((3PROD -:-./ -) 10 )-SUM :: [pttrn, i , i ] => i ((3SUM -:-./ -) 10 )

33

-lam :: [pttrn, i , i ] => i ((3lam -:-./ -) 10 )-Ball :: [pttrn, i , o] => o ((3ALL -:-./ -) 10 )-Bex :: [pttrn, i , o] => o ((3EX -:-./ -) 10 )

-pattern :: patterns => pttrn ():: pttrn => patterns (-)

-patterns :: [pttrn, patterns] => patterns (-,/-)

translations{x , xs} == CONST cons(x , {xs}){x} == CONST cons(x , 0 ){x :A. P} == CONST Collect(A, %x . P){y . x :A, Q} == CONST Replace(A, %x y . Q){b. x :A} == CONST RepFun(A, %x . b)INT x :A. B == CONST Inter({B . x :A})UN x :A. B == CONST Union({B . x :A})PROD x :A. B == CONST Pi(A, %x . B)SUM x :A. B == CONST Sigma(A, %x . B)lam x :A. f == CONST Lambda(A, %x . f )ALL x :A. P == CONST Ball(A, %x . P)EX x :A. P == CONST Bex (A, %x . P)

== == CONST Pair(x , y)%.b == CONST split(%x .b)%.b == CONST split(%x y . b)

notation (xsymbols)cart-prod (infixr 80 ) andInt (infixl 70 ) andUn (infixl 65 ) andfunction-space (infixr 60 ) andSubset (infixl 50 ) andmem (infixl 50 ) andnot-mem (infixl / 50 ) andUnion (

- [90 ] 90 ) and

Inter (

- [90 ] 90 )

syntax (xsymbols)-Collect :: [pttrn, i , o] => i ((1{- - ./ -}))-Replace :: [pttrn, pttrn, i , o] => i ((1{- ./ - -, -}))-RepFun :: [i , pttrn, i ] => i ((1{- ./ - -}) [51 ,0 ,51 ])-UNION :: [pttrn, i , i ] => i ((3

--./ -) 10 )

-INTER :: [pttrn, i , i ] => i ((3

--./ -) 10 )-PROD :: [pttrn, i , i ] => i ((3 --./ -) 10 )-SUM :: [pttrn, i , i ] => i ((3 --./ -) 10 )

34

-lam :: [pttrn, i , i ] => i ((3--./ -) 10 )-Ball :: [pttrn, i , o] => o ((3 --./ -) 10 )-Bex :: [pttrn, i , o] => o ((3 --./ -) 10 )-Tuple :: [i , is] => i ((-,/ -))-pattern :: patterns => pttrn (-)

notation (HTML output)cart-prod (infixr 80 ) andInt (infixl 70 ) andUn (infixl 65 ) andSubset (infixl 50 ) andmem (infixl 50 ) andnot-mem (infixl / 50 ) andUnion (

- [90 ] 90 ) and

Inter (

- [90 ] 90 )

syntax (HTML output)-Collect :: [pttrn, i , o] => i ((1{- - ./ -}))-Replace :: [pttrn, pttrn, i , o] => i ((1{- ./ - -, -}))-RepFun :: [i , pttrn, i ] => i ((1{- ./ - -}) [51 ,0 ,51 ])-UNION :: [pttrn, i , i ] => i ((3

--./ -) 10 )

-INTER :: [pttrn, i , i ] => i ((3

--./ -) 10 )-PROD :: [pttrn, i , i ] => i ((3 --./ -) 10 )-SUM :: [pttrn, i , i ] => i ((3 --./ -) 10 )-lam :: [pttrn, i , i ] => i ((3--./ -) 10 )-Ball :: [pttrn, i , o] => o ((3 --./ -) 10 )-Bex :: [pttrn, i , o] => o ((3 --./ -) 10 )-Tuple :: [i , is] => i ((-,/ -))-pattern :: patterns => pttrn (-)

defsBall-def : Ball(A, P) == x . xA P(x )Bex-def : Bex (A, P) == x . xA & P(x )

subset-def : A B == xA. xB

axiomatization where

extension: A = B A B & B A andUnion-iff : A (C ) (BC . AB) andPow-iff : A Pow(B) A B and

infinity : 0Inf & ( yInf . succ(y): Inf ) and

35

foundation: A=0 | ( xA. yx . y /A) and

replacement : ( xA. y z . P(x ,y) & P(x ,z ) y=z ) ==>b PrimReplace(A,P) ( xA. P(x ,b))

defs

Replace-def : Replace(A,P) == PrimReplace(A, %x y . (EX !z . P(x ,z )) & P(x ,y))

RepFun-def : RepFun(A,f ) == {y . xA, y=f (x )}

Collect-def : Collect(A,P) == {y . xA, x=y & P(x )}

Upair-def : Upair(a,b) == {y . xPow(Pow(0 )), (x=0 & y=a) | (x=Pow(0 ) &y=b)}

cons-def : cons(a,A) == Upair(a,a) Asucc-def : succ(i) == cons(i , i)

Diff-def : A B == { xA . (xB) }Inter-def :

(A) == { x (A) . yA. xy}

Un-def : A B == (Upair(A,B))Int-def : A B == (Upair(A,B))the-def : The(P) ==

({y . x {0}, P(y)})

if-def : if (P ,a,b) == THE z . P & z=a | P & z=b

Pair-def : == {{a,a}, {a,b}}fst-def : fst(p) == THE a. b. p=snd-def : snd(p) == THE b. a. p=split-def : split(c) == %p. c(fst(p), snd(p))Sigma-def : Sigma(A,B) ==

xA. yB(x ). {}

36

converse-def : converse(r) == {z . wr , x y . w= & z=}

domain-def : domain(r) == {x . wr , y . w=}range-def : range(r) == domain(converse(r))field-def : field(r) == domain(r) range(r)relation-def : relation(r) == zr . x y . z = function-def : function(r) ==

x y . :r ( y . :r y=y )image-def : r A == {y range(r) . xA. r}vimage-def : r A == converse(r)A

lam-def : Lambda(A,b) == { . xA}apply-def : fa ==

(f{a})

Pi-def : Pi(A,B) == {f Pow(Sigma(A,B)). A aAproof

4.2 Bounded universal quantifier

lemma ballI [intro!]: [| !!x . xA ==> P(x ) |] ==> xA. P(x )proof

lemmas strip = impI allI ballI

lemma bspec [dest? ]: [| xA. P(x ); x : A |] ==> P(x )proof

lemma rev-ballE [elim]:[| xA. P(x ); x /A ==> Q ; P(x ) ==> Q |] ==> Q

proof

lemma ballE : [| xA. P(x ); P(x ) ==> Q ; x /A ==> Q |] ==> Qproof

lemma rev-bspec: [| x : A; xA. P(x ) |] ==> P(x )proof

lemma ball-triv [simp]: ( xA. P) (( x . xA) P)

37

proof

lemma ball-cong [cong ]:[| A=A ; !!x . xA ==> P(x ) P (x ) |] ==> ( xA. P(x )) ( xA .

P (x ))proof

lemma atomize-ball :(!!x . x A ==> P(x )) == Trueprop ( xA. P(x ))proof

lemmas [symmetric, rulify ] = atomize-balland [symmetric, defn] = atomize-ball

4.3 Bounded existential quantifier

lemma bexI [intro]: [| P(x ); x : A |] ==> xA. P(x )proof

lemma rev-bexI : [| xA; P(x ) |] ==> xA. P(x )proof

lemma bexCI : [| xA. P(x ) ==> P(a); a: A |] ==> xA. P(x )proof

lemma bexE [elim!]: [| xA. P(x ); !!x . [| xA; P(x ) |] ==> Q |] ==> Qproof

lemma bex-triv [simp]: ( xA. P) (( x . xA) & P)proof

lemma bex-cong [cong ]:[| A=A ; !!x . xA ==> P(x ) P (x ) |]==> ( xA. P(x )) ( xA . P (x ))

proof

4.4 Rules for subsets

lemma subsetI [intro!]:(!!x . xA ==> xB) ==> A B

proof

lemma subsetD [elim]: [| A B ; cA |] ==> cBproof

38

A = B ==> (!!x . x A x B)proof

4.6 Rules for Replace the derived form of replacement

lemma Replace-iff :b {y . xA, P(x ,y)} ( xA. P(x ,b) & ( y . P(x ,y) y=b))

proof

lemma ReplaceI [intro]:[| P(x ,b); x : A; !!y . P(x ,y) ==> y=b |] ==>b {y . xA, P(x ,y)}

proof

lemma ReplaceE :[| b {y . xA, P(x ,y)};

!!x . [| x : A; P(x ,b); y . P(x ,y)y=b |] ==> R|] ==> R

proof

lemma ReplaceE2 [elim!]:[| b {y . xA, P(x ,y)};

!!x . [| x : A; P(x ,b) |] ==> R|] ==> R

proof

lemma Replace-cong [cong ]:[| A=B ; !!x y . xB ==> P(x ,y) Q(x ,y) |] ==>Replace(A,P) = Replace(B ,Q)

proof

4.7 Rules for RepFun

lemma RepFunI : a A ==> f (a) {f (x ). xA}proof

lemma RepFun-eqI [intro]: [| b=f (a); a A |] ==> b {f (x ). xA}proof

lemma RepFunE [elim!]:[| b {f (x ). xA};

!!x .[| xA; b=f (x ) |] ==> P |] ==>P

proof

lemma RepFun-cong [cong ]:

40

[| A=B ; !!x . xB ==> f (x )=g(x ) |] ==> RepFun(A,f ) = RepFun(B ,g)proof

lemma RepFun-iff [simp]: b {f (x ). xA} ( xA. b=f (x ))proof

lemma triv-RepFun [simp]: {x . xA} = Aproof

4.8 Rules for Collect forming a subset by separation

lemma separation [simp]: a {xA. P(x )} aA & P(a)proof

lemma CollectI [intro!]: [| aA; P(a) |] ==> a {xA. P(x )}proof

lemma CollectE [elim!]: [| a {xA. P(x )}; [| aA; P(a) |] ==> R |] ==> Rproof

lemma CollectD1 : a {xA. P(x )} ==> aAproof

lemma CollectD2 : a {xA. P(x )} ==> P(a)proof

lemma Collect-cong [cong ]:[| A=B ; !!x . xB ==> P(x ) Q(x ) |]==> Collect(A, %x . P(x )) = Collect(B , %x . Q(x ))

proof

4.9 Rules for Unions

declare Union-iff [simp]

lemma UnionI [intro]: [| B : C ; A: B |] ==> A: (C )proof

lemma UnionE [elim!]: [| A (C ); !!B .[| A: B ; B : C |] ==> R |] ==> Rproof

4.10 Rules for Unions of families

lemma UN-iff [simp]: b ( xA. B(x )) ( xA. b B(x ))proof

lemma UN-I : [| a: A; b: B(a) |] ==> b: ( xA. B(x ))proof

41

lemma UN-E [elim!]:[| b ( xA. B(x )); !!x .[| x : A; b: B(x ) |] ==> R |] ==> R

proof

lemma UN-cong :[| A=B ; !!x . xB ==> C (x )=D(x ) |] ==> ( xA. C (x )) = ( xB . D(x ))

proof

4.11 Rules for the empty set

lemma not-mem-empty [simp]: a / 0proof

lemmas emptyE [elim!] = not-mem-empty [THEN notE ]

lemma empty-subsetI [simp]: 0 Aproof

lemma equals0I : [| !!y . yA ==> False |] ==> A=0proof

lemma equals0D [dest ]: A=0 ==> a / Aproof

declare sym [THEN equals0D , dest ]

lemma not-emptyI : aA ==> A 6= 0proof

lemma not-emptyE : [| A 6= 0 ; !!x . xA ==> R |] ==> Rproof

4.12 Rules for Inter

lemma Inter-iff : A (C ) ( xC . A: x ) & C 6=0proof

lemma InterI [intro!]:[| !!x . x : C ==> A: x ; C 6=0 |] ==> A (C )

proof

lemma InterD [elim, Pure.elim]: [| A (C ); B C |] ==> A Bproof

42

lemma InterE [elim]:[| A (C ); B /C ==> R; AB ==> R |] ==> R

proof

4.13 Rules for Intersections of families

lemma INT-iff : b ( xA. B(x )) ( xA. b B(x )) & A6=0proof

lemma INT-I : [| !!x . x : A ==> b: B(x ); A 6=0 |] ==> b: ( xA. B(x ))proof

lemma INT-E : [| b ( xA. B(x )); a: A |] ==> b B(a)proof

lemma INT-cong :[| A=B ; !!x . xB ==> C (x )=D(x ) |] ==> ( xA. C (x )) = ( xB . D(x ))

proof

4.14 Rules for Powersets

lemma PowI : A B ==> A Pow(B)proof

lemma PowD : A Pow(B) ==> A

ML

lemma atomize-ball [symmetric, rulify ]:(!!x . x A ==> P(x )) == Trueprop ( xA. P(x ))

proof

5.1 Unordered Pairs: constant Upair

lemma Upair-iff [simp]: c Upair(a,b) (c=a | c=b)proof

lemma UpairI1 : a Upair(a,b)proof

lemma UpairI2 : b Upair(a,b)proof

lemma UpairE : [| a Upair(b,c); a=b ==> P ; a=c ==> P |] ==> Pproof

5.2 Rules for Binary Union, Defined via Upair

lemma Un-iff [simp]: c A B (c A | c B)proof

lemma UnI1 : c A ==> c A Bproof

lemma UnI2 : c B ==> c A Bproof

declare UnI1 [elim? ] UnI2 [elim? ]

lemma UnE [elim!]: [| c A B ; c A ==> P ; c B ==> P |] ==> Pproof

lemma UnE : [| c A B ; c A ==> P ; [| c B ; c /A |] ==> P |] ==> Pproof

lemma UnCI [intro!]: (c / B ==> c A) ==> c A Bproof

5.3 Rules for Binary Intersection, Defined via Upair

lemma Int-iff [simp]: c A B (c A & c B)proof

lemma IntI [intro!]: [| c A; c B |] ==> c A B

44

lemma consCI [intro!]: (a /B ==> a=b) ==> a cons(b,B)proof

lemma cons-not-0 [simp]: cons(a,B) 6= 0proof

lemmas cons-neq-0 = cons-not-0 [THEN notE ]

declare cons-not-0 [THEN not-sym, simp]

5.6 Singletons

lemma singleton-iff : a {b} a=bproof

lemma singletonI [intro!]: a {a}proof

lemmas singletonE = singleton-iff [THEN iffD1 , elim-format , elim!]

5.7 Descriptions

lemma the-equality [intro]:[| P(a); !!x . P(x ) ==> x=a |] ==> (THE x . P(x )) = a

proof

lemma the-equality2 : [| EX ! x . P(x ); P(a) |] ==> (THE x . P(x )) = aproof

lemma theI : EX ! x . P(x ) ==> P(THE x . P(x ))proof

lemma the-0 : (EX ! x . P(x )) ==> (THE x . P(x ))=0proof

lemma theI2 :assumes p1 : Q(0 ) ==> EX ! x . P(x )

and p2 : !!x . P(x ) ==> Q(x )shows Q(THE x . P(x ))

proof

lemma the-eq-trivial [simp]: (THE x . x = a) = aproof

lemma the-eq-trivial2 [simp]: (THE x . a = x ) = a

46

proof

5.8 Conditional Terms: ifthenelselemma if-true [simp]: (if True then a else b) = aproof

lemma if-false [simp]: (if False then a else b) = bproof

lemma if-cong :[| PQ ; Q ==> a=c; Q ==> b=d |]==> (if P then a else b) = (if Q then c else d)

proof

lemma if-weak-cong : PQ ==> (if P then x else y) = (if Q then x else y)proof

lemma if-P : P ==> (if P then a else b) = aproof

lemma if-not-P : P ==> (if P then a else b) = bproof

lemma split-if [split ]:P(if Q then x else y) ((Q P(x )) & (Q P(y)))

proof

lemmas split-if-eq1 = split-if [of %x . x = b] for blemmas split-if-eq2 = split-if [of %x . a = x ] for x

lemmas split-if-mem1 = split-if [of %x . x b] for blemmas split-if-mem2 = split-if [of %x . a x ] for x

lemmas split-ifs = split-if-eq1 split-if-eq2 split-if-mem1 split-if-mem2

lemma if-iff : a: (if P then x else y) P & a x | P & a yproof

lemma if-type [TC ]:[| P ==> a A; P ==> b A |] ==> (if P then a else b): A

proof

47

lemma split-if-asm: P(if Q then x else y) (((Q & P(x )) | (Q & P(y))))proof

lemmas if-splits = split-if split-if-asm

5.9 Consequences of Foundation

lemma mem-asym: [| a b; P ==> b a |] ==> Pproof

lemma mem-irrefl : a a ==> Pproof

lemma mem-not-refl : a / aproof

lemma mem-imp-not-eq : a A ==> a 6= Aproof

lemma eq-imp-not-mem: a=A ==> a / Aproof

5.10 Rules for Successor

lemma succ-iff : i succ(j ) i=j | i jproof

lemma succI1 [simp]: i succ(i)proof

lemma succI2 : i j ==> i succ(j )proof

lemma succE [elim!]:[| i succ(j ); i=j ==> P ; i j ==> P |] ==> P

proof

lemma succCI [intro!]: (i /j ==> i=j ) ==> i succ(j )proof

lemma succ-not-0 [simp]: succ(n) 6= 0proof

48

lemmas succ-neq-0 = succ-not-0 [THEN notE , elim!]

declare succ-not-0 [THEN not-sym, simp]declare sym [THEN succ-neq-0 , elim!]

lemmas succ-subsetD = succI1 [THEN [2 ] subsetD ]

lemmas succ-neq-self = succI1 [THEN mem-imp-not-eq , THEN not-sym]

lemma succ-inject-iff [simp]: succ(m) = succ(n) m=nproof

lemmas succ-inject = succ-inject-iff [THEN iffD1 , dest !]

5.11 Miniscoping of the Bounded Universal Quantifier

lemma ball-simps1 :( xA. P(x ) & Q) ( xA. P(x )) & (A=0 | Q)( xA. P(x ) | Q) (( xA. P(x )) | Q)( xA. P(x ) Q) (( xA. P(x )) Q)(( xA. P(x ))) ( xA. P(x ))( x0 .P(x )) True( xsucc(i).P(x )) P(i) & ( xi . P(x ))( xcons(a,B).P(x )) P(a) & ( xB . P(x ))( xRepFun(A,f ). P(x )) ( yA. P(f (y)))( x (A).P(x )) ( yA. xy . P(x ))

proof

lemma ball-simps2 :( xA. P & Q(x )) (A=0 | P) & ( xA. Q(x ))( xA. P | Q(x )) (P | ( xA. Q(x )))( xA. P Q(x )) (P ( xA. Q(x )))

proof

lemma ball-simps3 :( xCollect(A,Q).P(x )) ( xA. Q(x ) P(x ))

proof

lemmas ball-simps [simp] = ball-simps1 ball-simps2 ball-simps3

lemma ball-conj-distrib:( xA. P(x ) & Q(x )) (( xA. P(x )) & ( xA. Q(x )))

proof

5.12 Miniscoping of the Bounded Existential Quantifier

lemma bex-simps1 :

49

( xA. P(x ) & Q) (( xA. P(x )) & Q)( xA. P(x ) | Q) ( xA. P(x )) | (A 6=0 & Q)( xA. P(x ) Q) (( xA. P(x )) (A6=0 & Q))( x0 .P(x )) False( xsucc(i).P(x )) P(i) | ( xi . P(x ))( xcons(a,B).P(x )) P(a) | ( xB . P(x ))( xRepFun(A,f ). P(x )) ( yA. P(f (y)))( x (A).P(x )) ( yA. xy . P(x ))(( xA. P(x ))) ( xA. P(x ))

proof

lemma bex-simps2 :( xA. P & Q(x )) (P & ( xA. Q(x )))( xA. P | Q(x )) (A6=0 & P) | ( xA. Q(x ))( xA. P Q(x )) ((A=0 | P) ( xA. Q(x )))

proof

lemma bex-simps3 :( xCollect(A,Q).P(x )) ( xA. Q(x ) & P(x ))

proof

lemmas bex-simps [simp] = bex-simps1 bex-simps2 bex-simps3

lemma bex-disj-distrib:( xA. P(x ) | Q(x )) (( xA. P(x )) | ( xA. Q(x )))

proof

lemma bex-triv-one-point1 [simp]: ( xA. x=a) (a A)proof

lemma bex-triv-one-point2 [simp]: ( xA. a=x ) (a A)proof

lemma bex-one-point1 [simp]: ( xA. x=a & P(x )) (a A & P(a))proof

lemma bex-one-point2 [simp]: ( xA. a=x & P(x )) (a A & P(a))proof

lemma ball-one-point1 [simp]: ( xA. x=a P(x )) (a A P(a))proof

lemma ball-one-point2 [simp]: ( xA. a=x P(x )) (a A P(a))proof

50

5.13 Miniscoping of the Replacement Operator

These cover both Replace and Collect

lemma Rep-simps [simp]:{x . y 0 , R(x ,y)} = 0{x 0 . P(x )} = 0{x A. Q} = (if Q then A else 0 )RepFun(0 ,f ) = 0RepFun(succ(i),f ) = cons(f (i), RepFun(i ,f ))RepFun(cons(a,B),f ) = cons(f (a), RepFun(B ,f ))

proof

5.14 Miniscoping of Unions

lemma UN-simps1 :(

xC . cons(a, B(x ))) = (if C =0 then 0 else cons(a, xC . B(x )))(

xC . A(x ) B ) = (if C =0 then 0 else ( xC . A(x )) B )(

xC . A B(x )) = (if C =0 then 0 else A ( xC . B(x )))(

xC . A(x ) B ) = (( xC . A(x )) B )(

xC . A B(x )) = (A ( xC . B(x )))(

xC . A(x ) B ) = (( xC . A(x )) B )(

xC . A B(x )) = (if C =0 then 0 else A ( xC . B(x )))proof

lemma UN-simps2 :(

x (A). B(x )) = ( yA. xy . B(x ))(

z( xA. B(x )). C (z )) = ( xA. zB(x ). C (z ))(

xRepFun(A,f ). B(x )) = ( aA. B(f (a)))proof

lemmas UN-simps [simp] = UN-simps1 UN-simps2

Opposite of miniscoping: pull the operator out

lemma UN-extend-simps1 :(

xC . A(x )) B = (if C =0 then B else ( xC . A(x ) B))((

xC . A(x )) B) = ( xC . A(x ) B)((

xC . A(x )) B) = ( xC . A(x ) B)proof

lemma UN-extend-simps2 :cons(a,

xC . B(x )) = (if C =0 then {a} else ( xC . cons(a, B(x ))))

A ( xC . B(x )) = (if C =0 then A else ( xC . A B(x )))(A ( xC . B(x ))) = ( xC . A B(x ))A ( xC . B(x )) = (if C =0 then A else ( xC . A B(x )))(

yA. xy . B(x )) = ( x (A). B(x ))(

aA. B(f (a))) = ( xRepFun(A,f ). B(x ))proof

lemma UN-UN-extend :

51

(

xA. zB(x ). C (z )) = ( z( xA. B(x )). C (z ))proof

lemmas UN-extend-simps = UN-extend-simps1 UN-extend-simps2 UN-UN-extend

5.15 Miniscoping of Intersections

lemma INT-simps1 :(

xC . A(x ) B) = ( xC . A(x )) B(

xC . A(x ) B) = ( xC . A(x )) B(

xC . A(x ) B) = (if C =0 then 0 else ( xC . A(x )) B)proof

lemma INT-simps2 :(

xC . A B(x )) = A ( xC . B(x ))(

xC . A B(x )) = (if C =0 then 0 else A ( xC . B(x )))(

xC . cons(a, B(x ))) = (if C =0 then 0 else cons(a, xC . B(x )))(

xC . A B(x )) = (if C =0 then 0 else A ( xC . B(x )))proof

lemmas INT-simps [simp] = INT-simps1 INT-simps2

Opposite of miniscoping: pull the operator out

lemma INT-extend-simps1 :(

xC . A(x )) B = ( xC . A(x ) B)(

xC . A(x )) B = ( xC . A(x ) B)(

xC . A(x )) B = (if C =0 then B else ( xC . A(x ) B))proof

lemma INT-extend-simps2 :A ( xC . B(x )) = ( xC . A B(x ))A ( xC . B(x )) = (if C =0 then A else ( xC . A B(x )))cons(a,

xC . B(x )) = (if C =0 then {a} else ( xC . cons(a, B(x ))))

A ( xC . B(x )) = (if C =0 then A else ( xC . A B(x )))proof

lemmas INT-extend-simps = INT-extend-simps1 INT-extend-simps2

5.16 Other simprules

lemma misc-simps [simp]:0 A = AA 0 = A0 A = 0A 0 = 00 A = 0A 0 = A

(0 ) = 0(cons(b,A)) = b (A)

52

({b}) = b

proof

end

6 pair: Ordered Pairs

theory pair imports upairbegin

ML

lemma singleton-eq-iff [iff ]: {a} = {b} a=bproof

lemma doubleton-eq-iff : {a,b} = {c,d} (a=c & b=d) | (a=d & b=c)proof

lemma Pair-iff [simp]: = a=c & b=dproof

lemmas Pair-inject = Pair-iff [THEN iffD1 , THEN conjE , elim!]

lemmas Pair-inject1 = Pair-iff [THEN iffD1 , THEN conjunct1 ]lemmas Pair-inject2 = Pair-iff [THEN iffD1 , THEN conjunct2 ]

lemma Pair-not-0 : 6= 0proof

lemmas Pair-neq-0 = Pair-not-0 [THEN notE , elim!]

declare sym [THEN Pair-neq-0 , elim!]

lemma Pair-neq-fst : =a ==> Pproof

lemma Pair-neq-snd : =b ==> Pproof

6.1 Sigma: Disjoint Union of a Family of Sets

Generalizes Cartesian product

lemma Sigma-iff [simp]: : Sigma(A,B) a A & b B(a)proof

53

lemma SigmaI [TC ,intro!]: [| a A; b B(a) |] ==> Sigma(A,B)proof

lemmas SigmaD1 = Sigma-iff [THEN iffD1 , THEN conjunct1 ]lemmas SigmaD2 = Sigma-iff [THEN iffD1 , THEN conjunct2 ]

lemma SigmaE [elim!]:[| c Sigma(A,B);

!!x y .[| x A; y B(x ); c= |] ==> P|] ==> P

proof

lemma SigmaE2 [elim!]:[| Sigma(A,B);

[| a A; b B(a) |] ==> P|] ==> P

proof

lemma Sigma-cong :[| A=A ; !!x . x A ==> B(x )=B (x ) |] ==>Sigma(A,B) = Sigma(A ,B )

proof

lemma Sigma-empty1 [simp]: Sigma(0 ,B) = 0proof

lemma Sigma-empty2 [simp]: A0 = 0proof

lemma Sigma-empty-iff : AB=0 A=0 | B=0proof

6.2 Projections fst and snd

lemma fst-conv [simp]: fst() = aproof

lemma snd-conv [simp]: snd() = bproof

lemma fst-type [TC ]: p Sigma(A,B) ==> fst(p) Aproof

lemma snd-type [TC ]: p Sigma(A,B) ==> snd(p) B(fst(p))proof

54

lemma Pair-fst-snd-eq : a Sigma(A,B) ==> = aproof

6.3 The Eliminator, split

lemma split [simp]: split(%x y . c(x ,y), ) == c(a,b)proof

lemma split-type [TC ]:[| p Sigma(A,B);

!!x y .[| x A; y B(x ) |] ==> c(x ,y):C ()|] ==> split(%x y . c(x ,y), p) C (p)

proof

lemma expand-split :u AB ==>

R(split(c,u)) ( xA. yB . u = R(c(x ,y)))proof

6.4 A version of split for Formulae: Result Type o

lemma splitI : R(a,b) ==> split(R, )proof

lemma splitE :[| split(R,z ); z Sigma(A,B);

!!x y . [| z = ; R(x ,y) |] ==> P|] ==> P

proof

lemma splitD : split(R,) ==> R(a,b)proof

Complex rules for Sigma.

lemma split-paired-Bex-Sigma [simp]:( z Sigma(A,B). P(z )) ( x A. y B(x ). P())

proof

lemma split-paired-Ball-Sigma [simp]:( z Sigma(A,B). P(z )) ( x A. y B(x ). P())

proof

end

55

7 equalities: Basic Equalities and Inclusions

theory equalities imports pair begin

These cover union, intersection, converse, domain, range, etc. Philippe deGroote proved many of the inclusions.

lemma in-mono: AB ==> xA xBproof

lemma the-eq-0 [simp]: (THE x . False) = 0proof

7.1 Bounded Quantifiers

The following are not added to the default simpset because (a) they duplicatethe body and (b) there are no similar rules for Int.

lemma ball-Un: ( x AB . P(x )) ( x A. P(x )) & ( x B . P(x ))proof

lemma bex-Un: ( x AB . P(x )) ( x A. P(x )) | ( x B . P(x ))proof

lemma ball-UN : ( z ( xA. B(x )). P(z )) ( xA. z B(x ). P(z ))proof

lemma bex-UN : ( z ( xA. B(x )). P(z )) ( xA. zB(x ). P(z ))proof

7.2 Converse of a Relation

lemma converse-iff [simp]: converse(r) rproof

lemma converseI [intro!]: r ==> converse(r)proof

lemma converseD : converse(r) ==> rproof

lemma converseE [elim!]:[| yx converse(r);

!!x y . [| yx=; r |] ==> P |]==> P

proof

lemma converse-converse: rSigma(A,B) ==> converse(converse(r)) = rproof

56

lemma converse-type: rAB ==> converse(r)BAproof

lemma converse-prod [simp]: converse(AB) = BAproof

lemma converse-empty [simp]: converse(0 ) = 0proof

lemma converse-subset-iff :A Sigma(X ,Y ) ==> converse(A) converse(B) A B

proof

7.3 Finite Set Constructions Using cons

lemma cons-subsetI : [| aC ; BC |] ==> cons(a,B) Cproof

lemma subset-consI : B cons(a,B)proof

lemma cons-subset-iff [iff ]: cons(a,B)C aC & BCproof

lemmas cons-subsetE = cons-subset-iff [THEN iffD1 , THEN conjE ]

lemma subset-empty-iff : A0 A=0proof

lemma subset-cons-iff : Ccons(a,B) CB | (aC & C{a} B)proof

lemma cons-eq : {a} B = cons(a,B)proof

lemma cons-commute: cons(a, cons(b, C )) = cons(b, cons(a, C ))proof

lemma cons-absorb: a: B ==> cons(a,B) = Bproof

lemma cons-Diff : a: B ==> cons(a, B{a}) = Bproof

lemma Diff-cons-eq : cons(a,B) C = (if aC then BC else cons(a,BC ))proof

57

lemma equal-singleton [rule-format ]: [| a: C ; yC . y=b |] ==> C = {b}proof

lemma [simp]: cons(a,cons(a,B)) = cons(a,B)proof

lemma singleton-subsetI : aC ==> {a} Cproof

lemma singleton-subsetD : {a} C ==> aCproof

lemma subset-succI : i succ(i)proof

lemma succ-subsetI : [| ij ; ij |] ==> succ(i)jproof

lemma succ-subsetE :[| succ(i) j ; [| ij ; ij |] ==> P |] ==> P

proof

lemma succ-subset-iff : succ(a) B (a B & a B)proof

7.4 Binary Intersection

lemma Int-subset-iff : C A B C A & C Bproof

lemma Int-lower1 : A B Aproof

lemma Int-lower2 : A B Bproof

lemma Int-greatest : [| CA; CB |] ==> C A Bproof

lemma Int-cons: cons(a,B) C cons(a, B C )proof

lemma Int-absorb [simp]: A A = A

58

proof

lemma Int-left-absorb: A (A B) = A Bproof

lemma Int-commute: A B = B Aproof

lemma Int-left-commute: A (B C ) = B (A C )proof

lemma Int-assoc: (A B) C = A (B C )proof

lemmas Int-ac= Int-assoc Int-left-absorb Int-commute Int-left-commute

lemma Int-absorb1 : B A ==> A B = Bproof

lemma Int-absorb2 : A B ==> A B = Aproof

lemma Int-Un-distrib: A (B C ) = (A B) (A C )proof

lemma Int-Un-distrib2 : (B C ) A = (B A) (C A)proof

lemma subset-Int-iff : AB A B = Aproof

lemma subset-Int-iff2 : AB B A = Aproof

lemma Int-Diff-eq : CA ==> (AB) C = CBproof

lemma Int-cons-left :cons(a,A) B = (if a B then cons(a, A B) else A B)

proof

lemma Int-cons-right :A cons(a, B) = (if a A then cons(a, A B) else A B)

proof

lemma cons-Int-distrib: cons(x , A B) = cons(x , A) cons(x , B)proof

59

7.5 Binary Union

lemma Un-subset-iff : A B C A C & B Cproof

lemma Un-upper1 : A A Bproof

lemma Un-upper2 : B A Bproof

lemma Un-least : [| AC ; BC |] ==> A B Cproof

lemma Un-cons: cons(a,B) C = cons(a, B C )proof

lemma Un-absorb [simp]: A A = Aproof

lemma Un-left-absorb: A (A B) = A Bproof

lemma Un-commute: A B = B Aproof

lemma Un-left-commute: A (B C ) = B (A C )proof

lemma Un-assoc: (A B) C = A (B C )proof

lemmas Un-ac = Un-assoc Un-left-absorb Un-commute Un-left-commute

lemma Un-absorb1 : A B ==> A B = Bproof

lemma Un-absorb2 : B A ==> A B = Aproof

lemma Un-Int-distrib: (A B) C = (A C ) (B C )proof

lemma subset-Un-iff : AB A B = Bproof

lemma subset-Un-iff2 : AB B A = Bproof

60

lemma Un-empty [iff ]: (A B = 0 ) (A = 0 & B = 0 )proof

lemma Un-eq-Union: A B = ({A, B})proof

7.6 Set Difference

lemma Diff-subset : AB Aproof

lemma Diff-contains: [| CA; C B = 0 |] ==> C ABproof

lemma subset-Diff-cons-iff : B A cons(c,C ) BAC & c / Bproof

lemma Diff-cancel : A A = 0proof

lemma Diff-triv : A B = 0 ==> A B = Aproof

lemma empty-Diff [simp]: 0 A = 0proof

lemma Diff-0 [simp]: A 0 = Aproof

lemma Diff-eq-0-iff : A B = 0 A Bproof

lemma Diff-cons: A cons(a,B) = A B {a}proof

lemma Diff-cons2 : A cons(a,B) = A {a} Bproof

lemma Diff-disjoint : A (BA) = 0proof

lemma Diff-partition: AB ==> A (BA) = Bproof

lemma subset-Un-Diff : A B (A B)proof

61

lemma double-complement : [| AB ; BC |] ==> B(CA) = Aproof

lemma double-complement-Un: (A B) (BA) = Aproof

lemma Un-Int-crazy :(A B) (B C ) (C A) = (A B) (B C ) (C A)proof

lemma Diff-Un: A (B C ) = (AB) (AC )proof

lemma Diff-Int : A (B C ) = (AB) (AC )proof

lemma Un-Diff : (A B) C = (A C ) (B C )proof

lemma Int-Diff : (A B) C = A (B C )proof

lemma Diff-Int-distrib: C (AB) = (C A) (C B)proof

lemma Diff-Int-distrib2 : (AB) C = (A C ) (B C )proof

lemma Un-Int-assoc-iff : (A B) C = A (B C ) CAproof

7.7 Big Union and Intersection

lemma Union-subset-iff :

(A) C ( xA. x C )proof

lemma Union-upper : BA ==> B (A)proof

lemma Union-least : [| !!x . xA ==> xC |] ==> (A) Cproof

lemma Union-cons [simp]:

(cons(a,B)) = a (B)proof

lemma Union-Un-distrib:

(A B) = (A) (B)proof

62

lemma Union-Int-subset :

(A B) (A) (B)proof

lemma Union-disjoint :

(C ) A = 0 (BC . B A = 0 )proof

lemma Union-empty-iff :

(A) = 0 (BA. B=0 )proof

lemma Int-Union2 :

(B) A = (CB . C A)proof

lemma Inter-subset-iff : A6=0 ==> C (A) ( xA. C x )proof

lemma Inter-lower : BA ==> (A) Bproof

lemma Inter-greatest : [| A 6=0 ; !!x . xA ==> Cx |] ==> C (A)proof

lemma INT-lower : xA ==> ( xA. B(x )) B(x )proof

lemma INT-greatest : [| A6=0 ; !!x . xA ==> CB(x ) |] ==> C ( xA.B(x ))proof

lemma Inter-0 [simp]:

(0 ) = 0proof

lemma Inter-Un-subset :[| zA; zB |] ==> (A) (B) (A B)

proof

lemma Inter-Un-distrib:[| A 6=0 ; B 6=0 |] ==> (A B) = (A) (B)

proof

lemma Union-singleton:

({b}) = bproof

lemma Inter-singleton:

({b}) = bproof

63

lemma Inter-cons [simp]:(cons(a,B)) = (if B=0 then a else a (B))

proof

7.8 Unions and Intersections of Families

lemma subset-UN-iff-eq : A ( iI . B(i)) A = ( iI . A B(i))proof

lemma UN-subset-iff : (

xA. B(x )) C ( xA. B(x ) C )proof

lemma UN-upper : xA ==> B(x ) ( xA. B(x ))proof

lemma UN-least : [| !!x . xA ==> B(x )C |] ==> ( xA. B(x )) Cproof

lemma Union-eq-UN :

(A) = (

xA. x )proof

lemma Inter-eq-INT :

(A) = (

xA. x )proof

lemma UN-0 [simp]: (

i0 . A(i)) = 0proof

lemma UN-singleton: (

xA. {x}) = Aproof

lemma UN-Un: (

i A B . C (i)) = ( i A. C (i)) ( iB . C (i))proof

lemma INT-Un: (

iI J . A(i)) =(if I =0 then

jJ . A(j )

else if J =0 then

iI . A(i)else ((

iI . A(i)) ( jJ . A(j ))))

proof

lemma UN-UN-flatten: (

x ( yA. B(y)). C (x )) = ( yA. x B(y).C (x ))proof

lemma Int-UN-distrib: B ( iI . A(i)) = ( iI . B A(i))proof

lemma Un-INT-distrib: I 6=0 ==> B ( iI . A(i)) = ( iI . B A(i))64

proof

lemma Int-UN-distrib2 :(

iI . A(i)) ( jJ . B(j )) = ( iI . jJ . A(i) B(j ))proof

lemma Un-INT-distrib2 : [| I 6=0 ; J 6=0 |] ==>(

iI . A(i)) ( jJ . B(j )) = ( iI . jJ . A(i) B(j ))proof

lemma UN-constant [simp]: (

yA. c) = (if A=0 then 0 else c)proof

lemma INT-constant [simp]: (

yA. c) = (if A=0 then 0 else c)proof

lemma UN-RepFun [simp]: (

y RepFun(A,f ). B(y)) = ( xA. B(f (x )))proof

lemma INT-RepFun [simp]: (

xRepFun(A,f ). B(x )) = ( aA. B(f (a)))proof

lemma INT-Union-eq :0 / A ==> ( x (A). B(x )) = ( yA. xy . B(x ))

proof

lemma INT-UN-eq :( xA. B(x ) 6= 0 )==> (

z ( xA. B(x )). C (z )) = ( xA. z B(x ). C (z ))

proof

lemma UN-Un-distrib:(

iI . A(i) B(i)) = ( iI . A(i)) ( iI . B(i))proof

lemma INT-Int-distrib:I 6=0 ==> ( iI . A(i) B(i)) = ( iI . A(i)) ( iI . B(i))

proof

lemma UN-Int-subset :(

zI J . A(z )) ( zI . A(z )) ( zJ . A(z ))proof

lemma Diff-UN : I 6=0 ==> B ( iI . A(i)) = ( iI . B A(i))65

proof

lemma Diff-INT : I 6=0 ==> B ( iI . A(i)) = ( iI . B A(i))proof

lemma Sigma-cons1 : Sigma(cons(a,B), C ) = ({a}C (a)) Sigma(B ,C )proof

lemma Sigma-cons2 : A cons(b,B) = A{b} ABproof

lemma Sigma-succ1 : Sigma(succ(A), B) = ({A}B(A)) Sigma(A,B)proof

lemma Sigma-succ2 : A succ(B) = A{B} ABproof

lemma SUM-UN-distrib1 :( x ( yA. C (y)). B(x )) = ( yA. xC (y). B(x ))

proof

lemma SUM-UN-distrib2 :( iI . jJ . C (i ,j )) = ( jJ . iI . C (i ,j ))

proof

lemma SUM-Un-distrib1 :( iI J . C (i)) = ( iI . C (i)) ( jJ . C (j ))

proof

lemma SUM-Un-distrib2 :( iI . A(i) B(i)) = ( iI . A(i)) ( iI . B(i))

proof

lemma prod-Un-distrib2 : I (A B) = I A I Bproof

lemma SUM-Int-distrib1 :( iI J . C (i)) = ( iI . C (i)) ( jJ . C (j ))

proof

lemma SUM-Int-distrib2 :( iI . A(i) B(i)) = ( iI . A(i)) ( iI . B(i))

proof

66

lemma prod-Int-distrib2 : I (A B) = I A I Bproof

lemma SUM-eq-UN : ( iI . A(i)) = ( iI . {i} A(i))proof

lemma times-subset-iff :(A B AB) (A = 0 | B = 0 | (A A) & (B B))

proof

lemma Int-Sigma-eq :( x A . B (x )) ( x A. B(x )) = ( x A A. B (x ) B(x ))

proof

lemma domain-iff : a: domain(r) ( y . r)proof

lemma domainI [intro]: r ==> a: domain(r)proof

lemma domainE [elim!]:[| a domain(r); !!y . r ==> P |] ==> P

proof

lemma domain-subset : domain(Sigma(A,B)) Aproof

lemma domain-of-prod : bB ==> domain(AB) = Aproof

lemma domain-0 [simp]: domain(0 ) = 0proof

lemma domain-cons [simp]: domain(cons(,r)) = cons(a, domain(r))proof

lemma domain-Un-eq [simp]: domain(A B) = domain(A) domain(B)proof

lemma domain-Int-subset : domain(A B) domain(A) domain(B)proof

lemma domain-Diff-subset : domain(A) domain(B) domain(A B)proof

67

lemma domain-UN : domain(

xA. B(x )) = ( xA. domain(B(x )))proof

lemma domain-Union: domain(

(A)) = (

xA. domain(x ))proof

lemma rangeI [intro]: r ==> b range(r)proof

lemma rangeE [elim!]: [| b range(r); !!x . r ==> P |] ==> Pproof

lemma range-subset : range(AB) Bproof

lemma range-of-prod : aA ==> range(AB) = Bproof

lemma range-0 [simp]: range(0 ) = 0proof

lemma range-cons [simp]: range(cons(,r)) = cons(b, range(r))proof

lemma range-Un-eq [simp]: range(A B) = range(A) range(B)proof

lemma range-Int-subset : range(A B) range(A) range(B)proof

lemma range-Diff-subset : range(A) range(B) range(A B)proof

lemma domain-converse [simp]: domain(converse(r)) = range(r)proof

lemma range-converse [simp]: range(converse(r)) = domain(r)proof

lemma fieldI1 : r ==> a field(r)proof

68

lemma fieldI2 : r ==> b field(r)proof

lemma fieldCI [intro]:( r ==> r) ==> a field(r)

proof

lemma fieldE [elim!]:[| a field(r);

!!x . r ==> P ;!!x . r ==> P |] ==> P

proof

lemma field-subset : field(AB) A Bproof

lemma domain-subset-field : domain(r) field(r)proof

lemma range-subset-field : range(r) field(r)proof

lemma domain-times-range: r Sigma(A,B) ==> r domain(r)range(r)proof

lemma field-times-field : r Sigma(A,B) ==> r field(r)field(r)proof

lemma relation-field-times-field : relation(r) ==> r field(r)field(r)proof

lemma field-of-prod : field(AA) = Aproof

lemma field-0 [simp]: field(0 ) = 0proof

lemma field-cons [simp]: field(cons(,r)) = cons(a, cons(b, field(r)))proof

lemma field-Un-eq [simp]: field(A B) = field(A) field(B)proof

lemma field-Int-subset : field(A B) field(A) field(B)proof

lemma field-Diff-subset : field(A) field(B) field(A B)proof

69

lemma field-converse [simp]: field(converse(r)) = field(r)proof

lemma rel-Union: ( xS . A B . x AB) ==>(S ) domain( (S )) range( (S ))

proof

lemma rel-Un: [| r AB ; s CD |] ==> (r s) (A C ) (B D)proof

lemma domain-Diff-eq : [| r ; c 6=b |] ==> domain(r{}) = do-main(r)proof

lemma range-Diff-eq : [| r ; c 6=a |] ==> range(r{}) = range(r)proof

7.9 Image of a Set under a Function or Relation

lemma image-iff : b rA ( xA. r)proof

lemma image-singleton-iff : b r{a} rproof

lemma imageI [intro]: [| r ; aA |] ==> b rAproof

lemma imageE [elim!]:[| b: rA; !!x .[| r ; xA |] ==> P |] ==> P

proof

lemma image-subset : r AB ==> rC Bproof

lemma image-0 [simp]: r0 = 0proof

lemma image-Un [simp]: r (A B) = (rA) (rB)proof

lemma image-UN : r (

xA. B(x )) = ( xA. r B(x ))proof

lemma Collect-image-eq :{z Sigma(A,B). P(z )} C = ( x A. {y B(x ). x C & P()})

proof

70

lemma image-Int-subset : r (A B) (rA) (rB)proof

lemma image-Int-square-subset : (r AA)B (rB)

outlineZF.pdf

Documents

Transcript of outlineZF.pdf