ZF
Lawrence C Paulson and others
December 5, 2013
Contents
1 IFOL: Intuitionistic first-order logic 131.1 Syntax and axiomatic basis . . . . . . . . . . . . . . . . . . . 13
1.1.1 Equality . . . . . . . . . . . . . . . . . . . . . . . . . . 131.1.2 Propositional logic . . . . . . . . . . . . . . . . . . . . 131.1.3 Quantifiers . . . . . . . . . . . . . . . . . . . . . . . . 141.1.4 Definitions . . . . . . . . . . . . . . . . . . . . . . . . 141.1.5 Additional notation . . . . . . . . . . . . . . . . . . . 14
1.2 Lemmas and proof tools . . . . . . . . . . . . . . . . . . . . . 151.3 Intuitionistic Reasoning . . . . . . . . . . . . . . . . . . . . . 211.4 Atomizing meta-level rules . . . . . . . . . . . . . . . . . . . . 221.5 Atomizing elimination rules . . . . . . . . . . . . . . . . . . . 221.6 Calculational rules . . . . . . . . . . . . . . . . . . . . . . . . 221.7 Let declarations . . . . . . . . . . . . . . . . . . . . . . . . 231.8 Intuitionistic simplification rules . . . . . . . . . . . . . . . . 23
2 FOL: Classical first-order logic 252.1 The classical axiom . . . . . . . . . . . . . . . . . . . . . . . . 262.2 Lemmas and proof tools . . . . . . . . . . . . . . . . . . . . . 26
3 Classical Reasoner 273.1 Other simple lemmas . . . . . . . . . . . . . . . . . . . . . . . 303.2 Proof by cases and induction . . . . . . . . . . . . . . . . . . 30
4 ZF: Zermelo-Fraenkel Set Theory 314.1 Substitution . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374.2 Bounded universal quantifier . . . . . . . . . . . . . . . . . . 374.3 Bounded existential quantifier . . . . . . . . . . . . . . . . . . 384.4 Rules for subsets . . . . . . . . . . . . . . . . . . . . . . . . . 384.5 Rules for equality . . . . . . . . . . . . . . . . . . . . . . . . . 394.6 Rules for Replace the derived form of replacement . . . . . 404.7 Rules for RepFun . . . . . . . . . . . . . . . . . . . . . . . . . 404.8 Rules for Collect forming a subset by separation . . . . . . 41
1
4.9 Rules for Unions . . . . . . . . . . . . . . . . . . . . . . . . . 414.10 Rules for Unions of families . . . . . . . . . . . . . . . . . . . 414.11 Rules for the empty set . . . . . . . . . . . . . . . . . . . . . 424.12 Rules for Inter . . . . . . . . . . . . . . . . . . . . . . . . . . 424.13 Rules for Intersections of families . . . . . . . . . . . . . . . . 434.14 Rules for Powersets . . . . . . . . . . . . . . . . . . . . . . . . 434.15 Cantors Theorem: There is no surjection from a set to its
powerset. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
5 upair: Unordered Pairs 435.1 Unordered Pairs: constant Upair . . . . . . . . . . . . . . . . 445.2 Rules for Binary Union, Defined via Upair . . . . . . . . . . . 445.3 Rules for Binary Intersection, Defined via Upair . . . . . . . 445.4 Rules for Set Difference, Defined via Upair . . . . . . . . . . 455.5 Rules for cons . . . . . . . . . . . . . . . . . . . . . . . . . . . 455.6 Singletons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 465.7 Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 465.8 Conditional Terms: ifthenelse . . . . . . . . . . . . . . . . 475.9 Consequences of Foundation . . . . . . . . . . . . . . . . . . . 485.10 Rules for Successor . . . . . . . . . . . . . . . . . . . . . . . . 485.11 Miniscoping of the Bounded Universal Quantifier . . . . . . . 495.12 Miniscoping of the Bounded Existential Quantifier . . . . . . 495.13 Miniscoping of the Replacement Operator . . . . . . . . . . . 515.14 Miniscoping of Unions . . . . . . . . . . . . . . . . . . . . . . 515.15 Miniscoping of Intersections . . . . . . . . . . . . . . . . . . . 525.16 Other simprules . . . . . . . . . . . . . . . . . . . . . . . . . . 52
6 pair: Ordered Pairs 536.1 Sigma: Disjoint Union of a Family of Sets . . . . . . . . . . . 536.2 Projections fst and snd . . . . . . . . . . . . . . . . . . . . . 546.3 The Eliminator, split . . . . . . . . . . . . . . . . . . . . . . . 556.4 A version of split for Formulae: Result Type o . . . . . . . . 55
7 equalities: Basic Equalities and Inclusions 567.1 Bounded Quantifiers . . . . . . . . . . . . . . . . . . . . . . . 567.2 Converse of a Relation . . . . . . . . . . . . . . . . . . . . . . 567.3 Finite Set Constructions Using cons . . . . . . . . . . . . . . 577.4 Binary Intersection . . . . . . . . . . . . . . . . . . . . . . . . 587.5 Binary Union . . . . . . . . . . . . . . . . . . . . . . . . . . . 607.6 Set Difference . . . . . . . . . . . . . . . . . . . . . . . . . . . 617.7 Big Union and Intersection . . . . . . . . . . . . . . . . . . . 627.8 Unions and Intersections of Families . . . . . . . . . . . . . . 647.9 Image of a Set under a Function or Relation . . . . . . . . . . 707.10 Inverse Image of a Set under a Function or Relation . . . . . 71
2
7.11 Powerset Operator . . . . . . . . . . . . . . . . . . . . . . . . 737.12 RepFun . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 737.13 Collect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
8 Fixedpt: Least and Greatest Fixed Points; the Knaster-Tarski Theorem 758.1 Monotone Operators . . . . . . . . . . . . . . . . . . . . . . . 758.2 Proof of Knaster-Tarski Theorem using lfp . . . . . . . . . . . 768.3 General Induction Rule for Least Fixedpoints . . . . . . . . . 768.4 Proof of Knaster-Tarski Theorem using gfp . . . . . . . . . . 778.5 Coinduction Rules for Greatest Fixed Points . . . . . . . . . 78
9 Bool: Booleans in Zermelo-Fraenkel Set Theory 799.1 Laws About not . . . . . . . . . . . . . . . . . . . . . . . . . 819.2 Laws About and . . . . . . . . . . . . . . . . . . . . . . . . . 819.3 Laws About or . . . . . . . . . . . . . . . . . . . . . . . . . 81
10 Sum: Disjoint Sums 8210.1 Rules for the Part Primitive . . . . . . . . . . . . . . . . . . . 8310.2 Rules for Disjoint Sums . . . . . . . . . . . . . . . . . . . . . 8310.3 The Eliminator: case . . . . . . . . . . . . . . . . . . . . . . . 8510.4 More Rules for Part(A, h) . . . . . . . . . . . . . . . . . . . . 85
11 func: Functions, Function Spaces, Lambda-Abstraction 8611.1 The Pi Operator: Dependent Function Space . . . . . . . . . 8611.2 Function Application . . . . . . . . . . . . . . . . . . . . . . . 8711.3 Lambda Abstraction . . . . . . . . . . . . . . . . . . . . . . . 8811.4 Extensionality . . . . . . . . . . . . . . . . . . . . . . . . . . . 8911.5 Images of Functions . . . . . . . . . . . . . . . . . . . . . . . 9011.6 Properties of restrict(f , A) . . . . . . . . . . . . . . . . . . . 9111.7 Unions of Functions . . . . . . . . . . . . . . . . . . . . . . . 9211.8 Domain and Range of a Function or Relation . . . . . . . . . 9211.9 Extensions of Functions . . . . . . . . . . . . . . . . . . . . . 9311.10Function Updates . . . . . . . . . . . . . . . . . . . . . . . . . 9311.11Monotonicity Theorems . . . . . . . . . . . . . . . . . . . . . 94
11.11.1 Replacement in its Various Forms . . . . . . . . . . . 9411.11.2 Standard Products, Sums and Function Spaces . . . . 9511.11.3 Converse, Domain, Range, Field . . . . . . . . . . . . 9511.11.4 Images . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
12 QPair: Quine-Inspired Ordered Pairs and Disjoint Sums 9612.1 Quine ordered pairing . . . . . . . . . . . . . . . . . . . . . . 97
12.1.1 QSigma: Disjoint union of a family of sets GeneralizesCartesian product . . . . . . . . . . . . . . . . . . . . 98
3
12.1.2 Projections: qfst, qsnd . . . . . . . . . . . . . . . . . . 9812.1.3 Eliminator: qsplit . . . . . . . . . . . . . . . . . . . . 9912.1.4 qsplit for predicates: result type o . . . . . . . . . . . 9912.1.5 qconverse . . . . . . . . . . . . . . . . . . . . . . . . . 99
12.2 The Quine-inspired notion of disjoint sum . . . . . . . . . . . 10012.2.1 Eliminator qcase . . . . . . . . . . . . . . . . . . . . 10112.2.2 Monotonicity . . . . . . . . . . . . . . . . . . . . . . . 102
13 Perm: Injections, Surjections, Bijections, Composition 10213.1 Surjective Function Space . . . . . . . . . . . . . . . . . . . . 10313.2 Injective Function Space . . . . . . . . . . . . . . . . . . . . . 10413.3 Bijections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10413.4 Identity Function . . . . . . . . . . . . . . . . . . . . . . . . . 10413.5 Converse of a Function . . . . . . . . . . . . . . . . . . . . . . 10513.6 Converses of Injections, Surjections, Bijections . . . . . . . . 10613.7 Composition of Two Relations . . . . . . . . . . . . . . . . . 10613.8 Domain and Range see Suppes, Section 3.1 . . . . . . . . . 10713.9 Other Results . . . . . . . . . . . . . . . . . . . . . . . . . . . 10713.10Composition Preserves Functions, Injections, and Surjections 10713.11Dual Properties of inj and surj . . . . . . . . . . . . . . . . . 108
13.11.1 Inverses of Composition . . . . . . . . . . . . . . . . . 10913.11.2 Proving that a Function is a Bijection . . . . . . . . . 10913.11.3 Unions of Functions . . . . . . . . . . . . . . . . . . . 10913.11.4 Restrictions as Surjections and Bijections . . . . . . . 11013.11.5 Lemmas for Ramseys Theorem . . . . . . . . . . . . . 110
14 Trancl: Relations: Their General Properties and TransitiveClosure 11114.1 General properties of relations . . . . . . . . . . . . . . . . . . 112
14.1.1 irreflexivity . . . . . . . . . . . . . . . . . . . . . . . . 11214.1.2 symmetry . . . . . . . . . . . . . . . . . . . . . . . . . 11214.1.3 antisymmetry . . . . . . . . . . . . . . . . . . . . . . . 11214.1.4 transitivity . . . . . . . . . . . . . . . . . . . . . . . . 112
14.2 Transitive closure of a relation . . . . . . . . . . . . . . . . . 112
15 WF: Well-Founded Recursion 11615.1 Well-Founded Relations . . . . . . . . . . . . . . . . . . . . . 117
15.1.1 Equivalences between wf and wf-on . . . . . . . . . . 11715.1.2 Introduction Rules for wf-on . . . . . . . . . . . . . . 11715.1.3 Well-founded Induction . . . . . . . . . . . . . . . . . 118
15.2 Basic Properties of Well-Founded Relations . . . . . . . . . . 11915.3 The Predicate is-recfun . . . . . . . . . . . . . . . . . . . . . 11915.4 Recursion: Main Existence Lemma . . . . . . . . . . . . . . . 12015.5 Unfolding wftrec(r , a, H ) . . . . . . . . . . . . . . . . . . . . 120
4
15.5.1 Removal of the Premise trans(r) . . . . . . . . . . . . 120
16 Ordinal: Transitive Sets and Ordinals 12116.1 Rules for Transset . . . . . . . . . . . . . . . . . . . . . . . . 122
16.1.1 Three Neat Characterisations of Transset . . . . . . . 12216.1.2 Consequences of Downwards Closure . . . . . . . . . . 12216.1.3 Closure Properties . . . . . . . . . . . . . . . . . . . . 122
16.2 Lemmas for Ordinals . . . . . . . . . . . . . . . . . . . . . . . 12316.3 The Construction of Ordinals: 0, succ, Union . . . . . . . . . 12416.4 is less Than for Ordinals . . . . . . . . . . . . . . . . . . . 12416.5 Natural Deduction Rules for Memrel . . . . . . . . . . . . . . 12616.6 Transfinite Induction . . . . . . . . . . . . . . . . . . . . . . . 127
17 Fundamental properties of the epsilon ordering ( on ordi-nals) 127
17.0.1 Proving That is a Linear Ordering on the Ordinals . 12717.0.2 Some Rewrite Rules for , le . . . . . . . . . . . . . . . 128
17.1 Results about Less-Than or Equals . . . . . . . . . . . . . . . 12817.1.1 Transitivity Laws . . . . . . . . . . . . . . . . . . . . . 12917.1.2 Union and Intersection . . . . . . . . . . . . . . . . . . 129
17.2 Results about Limits . . . . . . . . . . . . . . . . . . . . . . . 13017.3 Limit Ordinals General Properties . . . . . . . . . . . . . . 132
17.3.1 Traditional 3-Way Case Analysis on Ordinals . . . . . 132
18 OrdQuant: Special quantifiers 13318.1 Quantifiers and union operator for ordinals . . . . . . . . . . 133
18.1.1 simplification of the new quantifiers . . . . . . . . . . 13418.1.2 Union over ordinals . . . . . . . . . . . . . . . . . . . 13418.1.3 universal quantifier for ordinals . . . . . . . . . . . . . 13518.1.4 existential quantifier for ordinals . . . . . . . . . . . . 13618.1.5 Rules for Ordinal-Indexed Unions . . . . . . . . . . . . 136
18.2 Quantification over a class . . . . . . . . . . . . . . . . . . . . 13718.2.1 Relativized universal quantifier . . . . . . . . . . . . . 13718.2.2 Relativized existential quantifier . . . . . . . . . . . . 13818.2.3 One-point rule for bounded quantifiers . . . . . . . . . 13918.2.4 Sets as Classes . . . . . . . . . . . . . . . . . . . . . . 140
19 Nat-ZF: The Natural numbers As a Least Fixed Point 14019.1 Injectivity Properties and Induction . . . . . . . . . . . . . . 14119.2 Variations on Mathematical Induction . . . . . . . . . . . . . 14219.3 quasinat: to allow a case-split rule for nat-case . . . . . . . . 14319.4 Recursion on the Natural Numbers . . . . . . . . . . . . . . . 144
20 Inductive-ZF: Inductive and Coinductive Definitions 145
5
21 Epsilon: Epsilon Induction and Recursion 14521.1 Basic Closure Properties . . . . . . . . . . . . . . . . . . . . . 14621.2 Leastness of eclose . . . . . . . . . . . . . . . . . . . . . . . . 14721.3 Epsilon Recursion . . . . . . . . . . . . . . . . . . . . . . . . 14721.4 Rank . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14821.5 Corollaries of Leastness . . . . . . . . . . . . . . . . . . . . . 149
22 Order: Partial and Total Orderings: Basic Definitions andProperties 15122.1 Immediate Consequences of the Definitions . . . . . . . . . . 15222.2 Restricting an Orderings Domain . . . . . . . . . . . . . . . . 15322.3 Empty and Unit Domains . . . . . . . . . . . . . . . . . . . . 154
22.3.1 Relations over the Empty Set . . . . . . . . . . . . . . 15422.3.2 The Empty Relation Well-Orders the Unit Set . . . . 155
22.4 Order-Isomorphisms . . . . . . . . . . . . . . . . . . . . . . . 15522.5 Main results of Kunen, Chapter 1 section 6 . . . . . . . . . . 15722.6 Towards Kunens Theorem 6.3: Linearity of the Similarity
Relation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15822.7 Miscellaneous Results by Krzysztof Grabczewski . . . . . . . 15922.8 Lemmas for the Reflexive Orders . . . . . . . . . . . . . . . . 160
23 OrderArith: Combining Orderings: Foundations of OrdinalArithmetic 16023.1 Addition of Relations Disjoint Sum . . . . . . . . . . . . . . 161
23.1.1 Rewrite rules. Can be used to obtain introduction rules16123.1.2 Elimination Rule . . . . . . . . . . . . . . . . . . . . . 16123.1.3 Type checking . . . . . . . . . . . . . . . . . . . . . . 16223.1.4 Linearity . . . . . . . . . . . . . . . . . . . . . . . . . 16223.1.5 Well-foundedness . . . . . . . . . . . . . . . . . . . . . 16223.1.6 An ord-iso congruence law . . . . . . . . . . . . . . . . 16223.1.7 Associativity . . . . . . . . . . . . . . . . . . . . . . . 163
23.2 Multiplication of Relations Lexicographic Product . . . . . 16323.2.1 Rewrite rule. Can be used to obtain introduction rules 16323.2.2 Type checking . . . . . . . . . . . . . . . . . . . . . . 16323.2.3 Linearity . . . . . . . . . . . . . . . . . . . . . . . . . 16323.2.4 Well-foundedness . . . . . . . . . . . . . . . . . . . . . 16323.2.5 An ord-iso congruence law . . . . . . . . . . . . . . . . 16423.2.6 Distributive law . . . . . . . . . . . . . . . . . . . . . 16423.2.7 Associativity . . . . . . . . . . . . . . . . . . . . . . . 165
23.3 Inverse Image of a Relation . . . . . . . . . . . . . . . . . . . 16523.3.1 Rewrite rule . . . . . . . . . . . . . . . . . . . . . . . . 16523.3.2 Type checking . . . . . . . . . . . . . . . . . . . . . . 16523.3.3 Partial Ordering Properties . . . . . . . . . . . . . . . 16523.3.4 Linearity . . . . . . . . . . . . . . . . . . . . . . . . . 166
6
23.3.5 Well-foundedness . . . . . . . . . . . . . . . . . . . . . 16623.4 Every well-founded relation is a subset of some inverse image
of an ordinal . . . . . . . . . . . . . . . . . . . . . . . . . . . 16623.5 Other Results . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
23.5.1 The Empty Relation . . . . . . . . . . . . . . . . . . . 16723.5.2 The measure relation is useful with wfrec . . . . . . 16723.5.3 Well-foundedness of Unions . . . . . . . . . . . . . . . 16823.5.4 Bijections involving Powersets . . . . . . . . . . . . . . 168
24 OrderType: Order Types and Ordinal Arithmetic 16924.1 Proofs needing the combination of Ordinal.thy and Order.thy 17024.2 Ordermap and ordertype . . . . . . . . . . . . . . . . . . . . . 170
24.2.1 Unfolding of ordermap . . . . . . . . . . . . . . . . . . 17024.2.2 Showing that ordermap, ordertype yield ordinals . . . 17124.2.3 ordermap preserves the orderings in both directions . 17124.2.4 Isomorphisms involving ordertype . . . . . . . . . . . 17124.2.5 Basic equalities for ordertype . . . . . . . . . . . . . . 17224.2.6 A fundamental unfolding law for ordertype. . . . . . . 172
24.3 Alternative definition of ordinal . . . . . . . . . . . . . . . . . 17224.4 Ordinal Addition . . . . . . . . . . . . . . . . . . . . . . . . . 173
24.4.1 Order Type calculations for radd . . . . . . . . . . . . 17324.4.2 ordify: trivial coercion to an ordinal . . . . . . . . . . 17324.4.3 Basic laws for ordinal addition . . . . . . . . . . . . . 17424.4.4 Ordinal addition with successor via associativity! . . 175
24.5 Ordinal Subtraction . . . . . . . . . . . . . . . . . . . . . . . 17724.6 Ordinal Multiplication . . . . . . . . . . . . . . . . . . . . . . 177
24.6.1 A useful unfolding law . . . . . . . . . . . . . . . . . . 17724.6.2 Basic laws for ordinal multiplication . . . . . . . . . . 17824.6.3 Ordering/monotonicity properties of ordinal multipli-
cation . . . . . . . . . . . . . . . . . . . . . . . . . . . 17924.7 The Relation Lt . . . . . . . . . . . . . . . . . . . . . . . . . 180
25 Finite: Finite Powerset Operator and Finite Function Space18025.1 Finite Powerset Operator . . . . . . . . . . . . . . . . . . . . 18125.2 Finite Function Space . . . . . . . . . . . . . . . . . . . . . . 18225.3 The Contents of a Singleton Set . . . . . . . . . . . . . . . . . 183
26 Cardinal: Cardinal Numbers Without the Axiom of Choice18326.1 The Schroeder-Bernstein Theorem . . . . . . . . . . . . . . . 18426.2 lesspoll: contributions by Krzysztof Grabczewski . . . . . . . 18626.3 Basic Properties of Cardinals . . . . . . . . . . . . . . . . . . 18826.4 The finite cardinals . . . . . . . . . . . . . . . . . . . . . . . . 19026.5 The first infinite cardinal: Omega, or nat . . . . . . . . . . . 19126.6 Towards Cardinal Arithmetic . . . . . . . . . . . . . . . . . . 191
7
26.7 Lemmas by Krzysztof Grabczewski . . . . . . . . . . . . . . . 19226.8 Finite and infinite sets . . . . . . . . . . . . . . . . . . . . . . 193
27 Univ: The Cumulative Hierarchy and a Small Universe forRecursive Types 19627.1 Immediate Consequences of the Definition of Vfrom(A, i) . . 197
27.1.1 Monotonicity . . . . . . . . . . . . . . . . . . . . . . . 19727.1.2 A fundamental equality: Vfrom does not require or-
dinals! . . . . . . . . . . . . . . . . . . . . . . . . . . . 19727.2 Basic Closure Properties . . . . . . . . . . . . . . . . . . . . . 197
27.2.1 Finite sets and ordered pairs . . . . . . . . . . . . . . 19827.3 0, Successor and Limit Equations for Vfrom . . . . . . . . . . 19827.4 Vfrom applied to Limit Ordinals . . . . . . . . . . . . . . . . 198
27.4.1 Closure under Disjoint Union . . . . . . . . . . . . . . 19927.5 Properties assuming Transset(A) . . . . . . . . . . . . . . . . 199
27.5.1 Products . . . . . . . . . . . . . . . . . . . . . . . . . 20027.5.2 Disjoint Sums, or Quine Ordered Pairs . . . . . . . . . 20027.5.3 Function Space! . . . . . . . . . . . . . . . . . . . . . . 201
27.6 The Set Vset(i) . . . . . . . . . . . . . . . . . . . . . . . . . . 20127.6.1 Characterisation of the elements of Vset(i) . . . . . . 20127.6.2 Reasoning about Sets in Terms of Their Elements Ranks20227.6.3 Set Up an Environment for Simplification . . . . . . . 20227.6.4 Recursion over Vset Levels! . . . . . . . . . . . . . . . 202
27.7 The Datatype Universe: univ(A) . . . . . . . . . . . . . . . . 20327.7.1 The Set univ(A) as a Limit . . . . . . . . . . . . . . . 203
27.8 Closure Properties for univ(A) . . . . . . . . . . . . . . . . . 20327.8.1 Closure under Unordered and Ordered Pairs . . . . . . 20327.8.2 The Natural Numbers . . . . . . . . . . . . . . . . . . 20427.8.3 Instances for 1 and 2 . . . . . . . . . . . . . . . . . . . 20427.8.4 Closure under Disjoint Union . . . . . . . . . . . . . . 204
27.9 Finite Branching Closure Properties . . . . . . . . . . . . . . 20527.9.1 Closure under Finite Powerset . . . . . . . . . . . . . 20527.9.2 Closure under Finite Powers: Functions from a Natu-
ral Number . . . . . . . . . . . . . . . . . . . . . . . . 20527.9.3 Closure under Finite Function Space . . . . . . . . . . 205
27.10* For QUniv. Properties of Vfrom analogous to the take-lemma * . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
28 QUniv: A Small Universe for Lazy Recursive Types 20628.1 Properties involving Transset and Sum . . . . . . . . . . . . . 20728.2 Introduction and Elimination Rules . . . . . . . . . . . . . . . 20728.3 Closure Properties . . . . . . . . . . . . . . . . . . . . . . . . 20728.4 Quine Disjoint Sum . . . . . . . . . . . . . . . . . . . . . . . 20828.5 Closure for Quine-Inspired Products and Sums . . . . . . . . 208
8
28.6 Quine Disjoint Sum . . . . . . . . . . . . . . . . . . . . . . . 20928.7 The Natural Numbers . . . . . . . . . . . . . . . . . . . . . . 20928.8 Take-Lemma Rules . . . . . . . . . . . . . . . . . . . . . . . 209
29 Datatype-ZF: Datatype and CoDatatype Definitions 210
30 Arith: Arithmetic Operators and Their Definitions 21030.1 natify, the Coercion to nat . . . . . . . . . . . . . . . . . . . 21130.2 Typing rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21330.3 Addition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21430.4 Monotonicity of Addition . . . . . . . . . . . . . . . . . . . . 21530.5 Multiplication . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
31 ArithSimp: Arithmetic with simplification 21931.1 Difference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21931.2 Remainder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21931.3 Division . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22031.4 Further Facts about Remainder . . . . . . . . . . . . . . . . . 22131.5 Additional theorems about . . . . . . . . . . . . . . . . . . 22131.6 Cancellation Laws for Common Factors in Comparisons . . . 22231.7 More Lemmas about Remainder . . . . . . . . . . . . . . . . 223
31.7.1 More Lemmas About Difference . . . . . . . . . . . . 224
32 List-ZF: Lists in Zermelo-Fraenkel Set Theory 22532.1 The function zip . . . . . . . . . . . . . . . . . . . . . . . . . 239
33 EquivClass: Equivalence Relations 24433.1 Suppes, Theorem 70: r is an equiv relation iff converse(r) O
r = r . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24533.2 Defining Unary Operations upon Equivalence Classes . . . . . 24633.3 Defining Binary Operations upon Equivalence Classes . . . . 247
34 Int-ZF: The Integers as Equivalence Classes Over Pairs ofNatural Numbers 24834.1 Proving that intrel is an equivalence relation . . . . . . . . . 25034.2 Collapsing rules: to remove intify from arithmetic expressions 25134.3 zminus: unary negation on int . . . . . . . . . . . . . . . . . 25234.4 znegative: the test for negative integers . . . . . . . . . . . . 25334.5 nat-of : Coercion of an Integer to a Natural Number . . . . . 25334.6 zmagnitude: magnitide of an integer, as a natural number . . 25434.7 op $+: addition on int . . . . . . . . . . . . . . . . . . . . . . 25534.8 op $: Integer Multiplication . . . . . . . . . . . . . . . . . . 25634.9 The Less Than Relation . . . . . . . . . . . . . . . . . . . . 25934.10Less Than or Equals . . . . . . . . . . . . . . . . . . . . . . . 26034.11More subtraction laws (for zcompare-rls) . . . . . . . . . . . . 261
9
34.12Monotonicity and Cancellation Results for Instantiation ofthe CancelNumerals Simprocs . . . . . . . . . . . . . . . . . . 261
34.13Comparison laws . . . . . . . . . . . . . . . . . . . . . . . . . 26234.13.1 More inequality lemmas . . . . . . . . . . . . . . . . . 26334.13.2 The next several equations are permutative: watch out!263
35 Bin: Arithmetic on Binary Integers 26335.0.3 The Carry and Borrow Functions, bin-succ and bin-pred 26635.0.4 bin-minus: Unary Negation of Binary Integers . . . . 26635.0.5 bin-add : Binary Addition . . . . . . . . . . . . . . . . 26635.0.6 bin-mult : Binary Multiplication . . . . . . . . . . . . . 267
35.1 Computations . . . . . . . . . . . . . . . . . . . . . . . . . . . 26735.2 Simplification Rules for Comparison of Binary Numbers . . . 269
36 IntDiv-ZF: The Division Operators Div and Mod 27536.1 Uniqueness and monotonicity of quotients and remainders . . 27936.2 Correctness of posDivAlg, the Division Algorithm for a0
and b>0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28036.3 Some convenient biconditionals for products of signs . . . . . 28036.4 Correctness of negDivAlg, the division algorithm for a0 and
b0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28236.5 Existence shown by proving the division algorithm to be correct28336.6 division of a number by itself . . . . . . . . . . . . . . . . . . 28636.7 Computation of division and remainder . . . . . . . . . . . . 28736.8 Monotonicity in the first argument (divisor) . . . . . . . . . . 28936.9 Monotonicity in the second argument (dividend) . . . . . . . 28936.10More algebraic laws for zdiv and zmod . . . . . . . . . . . . . 29036.11proving a zdiv (b*c) = (a zdiv b) zdiv c . . . . . . . . . . . . 29236.12Cancellation of common factors in zdiv . . . . . . . . . . . 29336.13Distribution of factors over zmod . . . . . . . . . . . . . . . 293
37 CardinalArith: Cardinal Arithmetic Without the Axiom ofChoice 29437.1 Cardinal addition . . . . . . . . . . . . . . . . . . . . . . . . . 295
37.1.1 Cardinal addition is commutative . . . . . . . . . . . . 29537.1.2 Cardinal addition is associative . . . . . . . . . . . . . 29637.1.3 0 is the identity for addition . . . . . . . . . . . . . . . 29637.1.4 Addition by another cardinal . . . . . . . . . . . . . . 29637.1.5 Monotonicity of addition . . . . . . . . . . . . . . . . 29637.1.6 Addition of finite cardinals is ordinary addition . . . 296
37.2 Cardinal multiplication . . . . . . . . . . . . . . . . . . . . . . 29737.2.1 Cardinal multiplication is commutative . . . . . . . . 29737.2.2 Cardinal multiplication is associative . . . . . . . . . . 29737.2.3 Cardinal multiplication distributes over addition . . . 297
10
37.2.4 Multiplication by 0 yields 0 . . . . . . . . . . . . . . . 29737.2.5 1 is the identity for multiplication . . . . . . . . . . . 298
37.3 Some inequalities for multiplication . . . . . . . . . . . . . . . 29837.3.1 Multiplication by a non-zero cardinal . . . . . . . . . . 29837.3.2 Monotonicity of multiplication . . . . . . . . . . . . . 298
37.4 Multiplication of finite cardinals is ordinary multiplication 29837.5 Infinite Cardinals are Limit Ordinals . . . . . . . . . . . . . . 299
37.5.1 Establishing the well-ordering . . . . . . . . . . . . . . 29937.5.2 Characterising initial segments of the well-ordering . . 30037.5.3 The cardinality of initial segments . . . . . . . . . . . 30037.5.4 Towards Kunens Corollary 10.13 (1) . . . . . . . . . 301
37.6 For Every Cardinal Number There Exists A Greater One . . 30137.7 Basic Properties of Successor Cardinals . . . . . . . . . . . . 302
37.7.1 Removing elements from a finite set decreases its car-dinality . . . . . . . . . . . . . . . . . . . . . . . . . . 302
37.7.2 Theorems by Krzysztof Grabczewski, proofs by lcp . . 303
38 Main-ZF: Theory Main: Everything Except AC 30338.1 Iteration of the function F . . . . . . . . . . . . . . . . . . . . 30338.2 Transfinite Recursion . . . . . . . . . . . . . . . . . . . . . . . 304
39 AC: The Axiom of Choice 305
40 Zorn: Zorns Lemma 30640.1 Mathematical Preamble . . . . . . . . . . . . . . . . . . . . . 30740.2 The Transfinite Construction . . . . . . . . . . . . . . . . . . 30740.3 Some Properties of the Transfinite Construction . . . . . . . . 30740.4 Hausdorffs Theorem: Every Set Contains a Maximal Chain . 30840.5 Zorns Lemma: If All Chains in S Have Upper Bounds In S,
then S contains a Maximal Element . . . . . . . . . . . . . . 30940.6 Zermelos Theorem: Every Set can be Well-Ordered . . . . . 30940.7 Zorns Lemma for Partial Orders . . . . . . . . . . . . . . . . 310
41 Cardinal-AC: Cardinal Arithmetic Using AC 31141.1 Strengthened Forms of Existing Theorems on Cardinals . . . 31141.2 The relationship between cardinality and le-pollence . . . . . 31141.3 Other Applications of AC . . . . . . . . . . . . . . . . . . . . 31241.4 The Main Result for Infinite-Branching Datatypes . . . . . . 312
42 InfDatatype: Infinite-Branching Datatype Definitions 313
11
IFOL
FOL
ZF
upair
pair
equalities
Fixedpt
Bool
Sum
func
QPairPerm
Trancl
WF
Ordinal
OrdQuant
Nat_ZF
Inductive_ZFEpsilon
Order
OrderArith
OrderType
Finite
Cardinal
Univ
QUniv
Datatype_ZF
Arith
ArithSimp
List_ZF
EquivClass
Int_ZF
Bin
IntArith
IntDiv_ZF
CardinalArith
Main_ZF
Main AC
Zorn
Cardinal_AC
InfDatatype
Main_ZFC
[Pure]
12
1 IFOL: Intuitionistic first-order logic
theory IFOLimports Purebegin
ML
1.1 Syntax and axiomatic basis
ML
classes termdefault-sort term
typedecl o
judgmentTrueprop :: o => prop ((-) 5 )
1.1.1 Equality
axiomatizationeq :: [ a, a] => o (infixl = 50 )
whererefl : a=a andsubst : a=b = P(a) = P(b)
1.1.2 Propositional logic
axiomatizationFalse :: o andconj :: [o, o] => o (infixr & 35 ) anddisj :: [o, o] => o (infixr | 30 ) andimp :: [o, o] => o (infixr > 25 )
whereconjI : [| P ; Q |] ==> P&Q andconjunct1 : P&Q ==> P andconjunct2 : P&Q ==> Q and
disjI1 : P ==> P |Q anddisjI2 : Q ==> P |Q anddisjE : [| P |Q ; P ==> R; Q ==> R |] ==> R and
impI : (P ==> Q) ==> P>Q andmp: [| P>Q ; P |] ==> Q and
FalseE : False ==> P
13
1.1.3 Quantifiers
axiomatizationAll :: ( a => o) => o (binder ALL 10 ) andEx :: ( a => o) => o (binder EX 10 )
whereallI : (!!x . P(x )) ==> (ALL x . P(x )) andspec: (ALL x . P(x )) ==> P(x ) andexI : P(x ) ==> (EX x . P(x )) andexE : [| EX x . P(x ); !!x . P(x ) ==> R |] ==> R
1.1.4 Definitions
definition True == False>Falsedefinition Not ( - [40 ] 40 ) where not-def : P == P>Falsedefinition iff (infixr 25 ) where PQ == (P>Q) & (Q>P)
definition Ex1 :: ( a => o) => o (binder EX ! 10 )where ex1-def : EX ! x . P(x ) == EX x . P(x ) & (ALL y . P(y) > y=x )
axiomatization where Reflection, admissibleeq-reflection: (x=y) ==> (x==y) andiff-reflection: (PQ) ==> (P==Q)
1.1.5 Additional notation
abbreviation not-equal :: [ a, a] => o (infixl = 50 )where x = y == (x = y)
notation (xsymbols)not-equal (infixl 6= 50 )
notation (HTML output)not-equal (infixl 6= 50 )
notation (xsymbols)Not ( - [40 ] 40 ) andconj (infixr 35 ) anddisj (infixr 30 ) andAll (binder 10 ) andEx (binder 10 ) andEx1 (binder ! 10 ) andimp (infixr 25 ) andiff (infixr 25 )
notation (HTML output)Not ( - [40 ] 40 ) andconj (infixr 35 ) anddisj (infixr 30 ) andAll (binder 10 ) and
14
Ex (binder 10 ) andEx1 (binder ! 10 )
1.2 Lemmas and proof tools
lemmas strip = impI allI
lemma TrueI : Trueproof
lemma conjE :assumes major : P & Q
and r : [| P ; Q |] ==> Rshows Rproof
lemma impE :assumes major : P > Q
and Pand r : Q ==> Rshows Rproof
lemma allE :assumes major : ALL x . P(x )
and r : P(x ) ==> Rshows Rproof
lemma all-dupE :assumes major : ALL x . P(x )
and r : [| P(x ); ALL x . P(x ) |] ==> Rshows Rproof
lemma notI : (P ==> False) ==> Pproof
lemma notE : [| P ; P |] ==> Rproof
lemma rev-notE : [| P ; P |] ==> R
15
proof
lemma not-to-imp:assumes P
and r : P > False ==> Qshows Qproof
lemma rev-mp: [| P ; P > Q |] ==> Qproof
lemma contrapos:assumes major : Q
and minor : P ==> Qshows Pproof
ML
lemma iffI : [| P ==> Q ; Q ==> P |] ==> PQproof
lemma iffE :assumes major : P Q
and r : P>Q ==> Q>P ==> Rshows Rproof
lemma iffD1 : [| P Q ; P |] ==> Qproof
lemma iffD2 : [| P Q ; Q |] ==> Pproof
lemma rev-iffD1 : [| P ; P Q |] ==> Qproof
16
lemma rev-iffD2 : [| Q ; P Q |] ==> Pproof
lemma iff-refl : P Pproof
lemma iff-sym: Q P ==> P Qproof
lemma iff-trans: [| P Q ; Q R |] ==> P Rproof
lemma ex1I :P(a) = (!!x . P(x ) ==> x=a) = EX ! x . P(x )proof
lemma ex-ex1I :EX x . P(x ) = (!!x y . [| P(x ); P(y) |] ==> x=y) = EX ! x . P(x )proof
lemma ex1E :EX ! x . P(x ) = (!!x . [| P(x ); ALL y . P(y) > y=x |] ==> R) = Rproof
ML
lemma conj-cong :assumes P P
and P ==> Q Q shows (P&Q) (P &Q )proof
lemma conj-cong2 :assumes P P
and P ==> Q Q shows (Q&P) (Q &P )proof
lemma disj-cong :
17
assumes P P and Q Q shows (P |Q) (P |Q )proof
lemma imp-cong :assumes P P
and P ==> Q Q shows (P>Q) (P >Q )proof
lemma iff-cong : [| P P ; Q Q |] ==> (PQ) (P Q )proof
lemma not-cong : P P ==> P P proof
lemma all-cong :assumes !!x . P(x ) Q(x )shows (ALL x . P(x )) (ALL x . Q(x ))proof
lemma ex-cong :assumes !!x . P(x ) Q(x )shows (EX x . P(x )) (EX x . Q(x ))proof
lemma ex1-cong :assumes !!x . P(x ) Q(x )shows (EX ! x . P(x )) (EX ! x . Q(x ))proof
lemma sym: a=b ==> b=aproof
lemma trans: [| a=b; b=c |] ==> a=cproof
lemma not-sym: b = a ==> a = bproof
lemma def-imp-iff : (A == B) ==> A Bproof
lemma meta-eq-to-obj-eq : (A == B) ==> A = B
18
proof
lemma meta-eq-to-iff : x==y ==> xyproof
lemma ssubst : [| b = a; P(a) |] ==> P(b)proof
lemma ex1-equalsE :[| EX ! x . P(x ); P(a); P(b) |] ==> a=bproof
lemma subst-context : [| a=b |] ==> t(a)=t(b)proof
lemma subst-context2 : [| a=b; c=d |] ==> t(a,c)=t(b,d)proof
lemma subst-context3 : [| a=b; c=d ; e=f |] ==> t(a,c,e)=t(b,d ,f )proof
lemma box-equals: [| a=b; a=c; b=d |] ==> c=dproof
lemma simp-equals: [| a=c; b=d ; c=d |] ==> a=bproof
lemma pred1-cong : a=a ==> P(a) P(a )proof
lemma pred2-cong : [| a=a ; b=b |] ==> P(a,b) P(a ,b )proof
lemma pred3-cong : [| a=a ; b=b ; c=c |] ==> P(a,b,c) P(a ,b ,c )proof
lemma eq-cong : [| a = a ; b = b |] ==> a = b a = b proof
19
lemma conj-impE :assumes major : (P&Q)>S
and r : P>(Q>S ) ==> Rshows Rproof
lemma disj-impE :assumes major : (P |Q)>S
and r : [| P>S ; Q>S |] ==> Rshows Rproof
lemma imp-impE :assumes major : (P>Q)>S
and r1 : [| P ; Q>S |] ==> Qand r2 : S ==> R
shows Rproof
lemma not-impE :P > S = (P ==> False) = (S ==> R) = Rproof
lemma iff-impE :assumes major : (PQ)>S
and r1 : [| P ; Q>S |] ==> Qand r2 : [| Q ; P>S |] ==> Pand r3 : S ==> R
shows Rproof
lemma all-impE :assumes major : (ALL x . P(x ))>S
and r1 : !!x . P(x )and r2 : S ==> R
shows Rproof
lemma ex-impE :assumes major : (EX x . P(x ))>S
and r : P(x )>S ==> Rshows R
20
proof
lemma disj-imp-disj :P |Q = (P==>R) = (Q==>S ) = R|Sproof
ML
lemma thin-refl : [|x=x ; PROP W |] ==> PROP W proof
ML
1.3 Intuitionistic Reasoning
ML
lemma impE :assumes 1 : P > Q
and 2 : Q ==> Rand 3 : P > Q ==> P
shows Rproof
lemma allE :assumes 1 : ALL x . P(x )
and 2 : P(x ) ==> ALL x . P(x ) ==> Qshows Qproof
lemma notE :assumes 1 : P
and 2 : P ==> Pshows Rproof
lemmas [Pure.elim!] = disjE iffE FalseE conjE exEand [Pure.intro!] = iffI conjI impI TrueI notI allI refland [Pure.elim 2 ] = allE notE impE
and [Pure.intro] = exI disjI2 disjI1
ML
lemma iff-not-sym: (Q P) ==> (P Q)proof
lemmas [sym] = sym iff-sym not-sym iff-not-sym
21
and [Pure.elim? ] = iffD1 iffD2 impE
lemma eq-commute: a=b b=aproof
1.4 Atomizing meta-level rules
lemma atomize-all [atomize]: (!!x . P(x )) == Trueprop (ALL x . P(x ))proof
lemma atomize-imp [atomize]: (A ==> B) == Trueprop (A > B)proof
lemma atomize-eq [atomize]: (x == y) == Trueprop (x = y)proof
lemma atomize-iff [atomize]: (A == B) == Trueprop (A B)proof
lemma atomize-conj [atomize]: (A &&& B) == Trueprop (A & B)proof
lemmas [symmetric, rulify ] = atomize-all atomize-impand [symmetric, defn] = atomize-all atomize-imp atomize-eq atomize-iff
1.5 Atomizing elimination rules
ML
lemma atomize-exL[atomize-elim]: (!!x . P(x ) ==> Q) == ((EX x . P(x )) ==>Q)proof
lemma atomize-conjL[atomize-elim]: (A ==> B ==> C ) == (A & B ==> C )proof
lemma atomize-disjL[atomize-elim]: ((A ==> C ) ==> (B ==> C ) ==> C )== ((A | B ==> C ) ==> C )proof
lemma atomize-elimL[atomize-elim]: (!!B . (A ==> B) ==> B) == Trueprop(A)proof
1.6 Calculational rules
lemma forw-subst : a = b ==> P(b) ==> P(a)proof
lemma back-subst : P(a) ==> a = b ==> P(b)
22
proof
Note that this list of rules is in reverse order of priorities.
lemmas basic-trans-rules [trans] =forw-substback-substrev-mpmptrans
1.7 Let declarations
nonterminal letbinds and letbind
definition Let :: [ a::{}, a => b] => ( b::{}) whereLet(s, f ) == f (s)
syntax-bind :: [pttrn, a] => letbind ((2- =/ -) 10 )
:: letbind => letbinds (-)-binds :: [letbind , letbinds] => letbinds (-;/ -)-Let :: [letbinds, a] => a ((let (-)/ in (-)) 10 )
translations-Let(-binds(b, bs), e) == -Let(b, -Let(bs, e))let x = a in e == CONST Let(a, %x . e)
lemma LetI :assumes !!x . x=t ==> P(u(x ))shows P(let x=t in u(x ))proof
1.8 Intuitionistic simplification rules
lemma conj-simps:P & True PTrue & P PP & False FalseFalse & P FalseP & P PP & P & Q P & QP & P FalseP & P False(P & Q) & R P & (Q & R)proof
lemma disj-simps:P | True True
23
True | P TrueP | False PFalse | P PP | P PP | P | Q P | Q(P | Q) | R P | (Q | R)proof
lemma not-simps:(P |Q) P & Q False True True Falseproof
lemma imp-simps:(P > False) P(P > True) True(False > P) True(True > P) P(P > P) True(P > P) Pproof
lemma iff-simps:(True P) P(P True) P(P P) True(False P) P(P False) Pproof
lemma quant-simps:!!P . (ALL x . P) P(ALL x . x=t > P(x )) P(t)(ALL x . t=x > P(x )) P(t)!!P . (EX x . P) PEX x . x=tEX x . t=x(EX x . x=t & P(x )) P(t)(EX x . t=x & P(x )) P(t)proof
lemma distrib-simps:P & (Q | R) P&Q | P&R(Q | R) & P Q&P | R&P(P | Q > R) (P > R) & (Q > R)proof
24
Conversion into rewrite rules
lemma P-iff-F : P ==> (P False) proof lemma iff-reflection-F : P ==> (P == False) proof
lemma P-iff-T : P ==> (P True) proof lemma iff-reflection-T : P ==> (P == True) proof
More rewrite rules
lemma conj-commute: P&Q Q&P proof lemma conj-left-commute: P&(Q&R) Q&(P&R) proof lemmas conj-comms = conj-commute conj-left-commute
lemma disj-commute: P |Q Q |P proof lemma disj-left-commute: P |(Q |R) Q |(P |R) proof lemmas disj-comms = disj-commute disj-left-commute
lemma conj-disj-distribL: P&(Q |R) (P&Q | P&R) proof lemma conj-disj-distribR: (P |Q)&R (P&R | Q&R) proof
lemma disj-conj-distribL: P |(Q&R) (P |Q) & (P |R) proof lemma disj-conj-distribR: (P&Q)|R (P |R) & (Q |R) proof
lemma imp-conj-distrib: (P > (Q&R)) (P>Q) & (P>R) proof lemma imp-conj : ((P&Q)>R) (P > (Q > R)) proof lemma imp-disj : (P |Q > R) (P>R) & (Q>R) proof
lemma de-Morgan-disj : ((P | Q)) (P & Q) proof
lemma not-ex : ( (EX x . P(x ))) (ALL x .P(x )) proof lemma imp-ex : ((EX x . P(x )) > Q) (ALL x . P(x ) > Q) proof
lemma ex-disj-distrib:(EX x . P(x ) | Q(x )) ((EX x . P(x )) | (EX x . Q(x ))) proof
lemma all-conj-distrib:(ALL x . P(x ) & Q(x )) ((ALL x . P(x )) & (ALL x . Q(x ))) proof
end
2 FOL: Classical first-order logic
theory FOLimports IFOLkeywords print-claset print-induct-rules :: diagbegin
ML
25
2.1 The classical axiom
axiomatization whereclassical : (P ==> P) ==> P
2.2 Lemmas and proof tools
lemma ccontr : ( P = False) = Pproof
lemma disjCI : (Q ==> P) ==> P |Qproof
lemma ex-classical :assumes r : (EX x . P(x )) ==> P(a)shows EX x . P(x )proof
lemma exCI :assumes r : ALL x . P(x ) ==> P(a)shows EX x . P(x )proof
lemma excluded-middle: P | Pproof
lemma case-split [case-names True False]:assumes r1 : P ==> Q
and r2 : P ==> Qshows Qproof
ML
lemma impCE :assumes major : P>Q
and r1 : P ==> Rand r2 : Q ==> R
shows Rproof
26
lemma impCE :assumes major : P>Q
and r1 : Q ==> Rand r2 : P ==> R
shows Rproof
lemma notnotD : P ==> Pproof
lemma contrapos2 : [| Q ; P ==> Q |] ==> Pproof
lemma iffCE :assumes major : PQ
and r1 : [| P ; Q |] ==> Rand r2 : [| P ; Q |] ==> R
shows Rproof
lemma alt-ex1E :assumes major : EX ! x . P(x )
and r : !!x . [| P(x ); ALL y y . P(y) & P(y ) > y=y |] ==> Rshows Rproof
lemma imp-elim: P > Q ==> ( R ==> P) ==> (Q ==> R) ==> Rproof
lemma swap: P ==> ( R ==> P) ==> Rproof
3 Classical Reasoner
ML
lemmas [intro!] = refl TrueI conjI disjCI impI notI iffIand [elim!] = conjE disjE impCE FalseE iffCEML
27
lemmas [intro!] = allI ex-ex1Iand [intro] = exIand [elim!] = exE alt-ex1Eand [elim] = allEML
lemma ex1-functional : [| EX ! z . P(a,z ); P(a,b); P(a,c) |] ==> b = cproof
lemma True-implies-equals: (True ==> PROP P) == PROP Pproof
lemma uncurry : P > Q > R ==> P & Q > Rproof
lemma iff-allI : (!!x . P(x ) Q(x )) ==> (ALL x . P(x )) (ALL x . Q(x ))proof
lemma iff-exI : (!!x . P(x ) Q(x )) ==> (EX x . P(x )) (EX x . Q(x ))proof
lemma all-comm: (ALL x y . P(x ,y)) (ALL y x . P(x ,y)) proof
lemma ex-comm: (EX x y . P(x ,y)) (EX y x . P(x ,y)) proof
lemma cases-simp: (P > Q) & (P > Q) Q proof
lemma int-ex-simps:!!P Q . (EX x . P(x ) & Q) (EX x . P(x )) & Q!!P Q . (EX x . P & Q(x )) P & (EX x . Q(x ))!!P Q . (EX x . P(x ) | Q) (EX x . P(x )) | Q!!P Q . (EX x . P | Q(x )) P | (EX x . Q(x ))proof
lemma cla-ex-simps:!!P Q . (EX x . P(x ) > Q) (ALL x . P(x )) > Q!!P Q . (EX x . P > Q(x )) P > (EX x . Q(x ))
28
proof
lemmas ex-simps = int-ex-simps cla-ex-simps
lemma int-all-simps:!!P Q . (ALL x . P(x ) & Q) (ALL x . P(x )) & Q!!P Q . (ALL x . P & Q(x )) P & (ALL x . Q(x ))!!P Q . (ALL x . P(x ) > Q) (EX x . P(x )) > Q!!P Q . (ALL x . P > Q(x )) P > (ALL x . Q(x ))proof
lemma cla-all-simps:!!P Q . (ALL x . P(x ) | Q) (ALL x . P(x )) | Q!!P Q . (ALL x . P | Q(x )) P | (ALL x . Q(x ))proof
lemmas all-simps = int-all-simps cla-all-simps
lemma imp-disj1 : (P>Q) | R (P>Q | R) proof lemma imp-disj2 : Q | (P>R) (P>Q | R) proof
lemma de-Morgan-conj : ((P & Q)) (P | Q) proof
lemma not-imp: (P > Q) (P & Q) proof lemma not-iff : (P Q) (P Q) proof
lemma not-all : ( (ALL x . P(x ))) (EX x .P(x )) proof lemma imp-all : ((ALL x . P(x )) > Q) (EX x . P(x ) > Q) proof
lemmas meta-simps =triv-forall-equalityTrue-implies-equals
lemmas IFOL-simps =refl [THEN P-iff-T ] conj-simps disj-simps not-simpsimp-simps iff-simps quant-simps
lemma notFalseI : False proof
lemma cla-simps-misc:(P&Q) P | QP | PP | P
29
P P(P > P) P(P Q) (PQ) proof
lemmas cla-simps =de-Morgan-conj de-Morgan-disj imp-disj1 imp-disj2not-imp not-all not-ex cases-simp cla-simps-misc
ML
3.1 Other simple lemmas
lemma [simp]: ((P>R) (Q>R)) ((PQ) | R)proof
lemma [simp]: ((P>Q) (P>R)) (P > (QR))proof
lemma not-disj-iff-imp: P | Q (P>Q)proof
lemma conj-mono: [| P1>Q1 ; P2>Q2 |] ==> (P1 &P2 ) > (Q1 &Q2 )proof
lemma disj-mono: [| P1>Q1 ; P2>Q2 |] ==> (P1 |P2 ) > (Q1 |Q2 )proof
lemma imp-mono: [| Q1>P1 ; P2>Q2 |] ==> (P1>P2 )>(Q1>Q2 )proof
lemma imp-refl : P>Pproof
lemma ex-mono: (!!x . P(x ) > Q(x )) ==> (EX x . P(x )) > (EX x . Q(x ))proof
lemma all-mono: (!!x . P(x ) > Q(x )) ==> (ALL x . P(x )) > (ALL x .Q(x ))proof
3.2 Proof by cases and induction
Proper handling of non-atomic rule statements.
definition induct-forall(P) == x . P(x )definition induct-implies(A, B) == A B
30
definition induct-equal(x , y) == x = ydefinition induct-conj (A, B) == A B
lemma induct-forall-eq : (!!x . P(x )) == Trueprop(induct-forall(x . P(x )))proof
lemma induct-implies-eq : (A ==> B) == Trueprop(induct-implies(A, B))proof
lemma induct-equal-eq : (x == y) == Trueprop(induct-equal(x , y))proof
lemma induct-conj-eq : (A &&& B) == Trueprop(induct-conj (A, B))proof
lemmas induct-atomize = induct-forall-eq induct-implies-eq induct-equal-eq induct-conj-eqlemmas induct-rulify [symmetric] = induct-atomizelemmas induct-rulify-fallback =
induct-forall-def induct-implies-def induct-equal-def induct-conj-def
hide-const induct-forall induct-implies induct-equal induct-conj
Method setup.
MLdeclare case-split [cases type: o]
ML
hide-const (open) eq
end
4 ZF: Zermelo-Fraenkel Set Theory
theory ZFimports /src/FOL/FOLbegin
declare [[eta-contract = false]]
typedecl iarities i :: term
axiomatizationzero :: i (0 ) the empty set andPow :: i => i power sets andInf :: i infinite set
31
Bounded Quantifiers
constsBall :: [i , i => o] => oBex :: [i , i => o] => o
General Union and Intersection
axiomatization Union :: i => iconsts Inter :: i => i
Variations on Replacement
axiomatization PrimReplace :: [i , [i , i ] => o] => iconsts
Replace :: [i , [i , i ] => o] => iRepFun :: [i , i => i ] => iCollect :: [i , i => o] => i
Definite descriptions via Replace over the set 1
constsThe :: (i => o) => i (binder THE 10 )If :: [o, i , i ] => i ((if (-)/ then (-)/ else (-)) [10 ] 10 )
abbreviation (input)old-if :: [o, i , i ] => i (if (-,-,- )) whereif (P ,a,b) == If (P ,a,b)
Finite Sets
constsUpair :: [i , i ] => icons :: [i , i ] => isucc :: i => i
Ordered Pairing
constsPair :: [i , i ] => ifst :: i => isnd :: i => isplit :: [[i , i ] => a, i ] => a::{} for pattern-matching
Sigma and Pi Operators
constsSigma :: [i , i => i ] => iPi :: [i , i => i ] => i
Relations and Functions
constsdomain :: i => irange :: i => i
32
field :: i => iconverse :: i => irelation :: i => o recognizes sets of pairsfunction :: i => o recognizes functions; can have non-pairsLambda :: [i , i => i ] => irestrict :: [i , i ] => i
Infixes in order of decreasing precedence
consts
Image :: [i , i ] => i (infixl 90 ) imagevimage :: [i , i ] => i (infixl 90 ) inverse imageapply :: [i , i ] => i (infixl 90 ) function applicationInt :: [i , i ] => i (infixl Int 70 ) binary intersectionUn :: [i , i ] => i (infixl Un 65 ) binary unionDiff :: [i , i ] => i (infixl 65 ) set differenceSubset :: [i , i ] => o (infixl o (infixl : 50 ) membership relation
abbreviationnot-mem :: [i , i ] => o (infixl : 50 ) negated membership relationwhere x : y == (x : y)
abbreviationcart-prod :: [i , i ] => i (infixr 80 ) Cartesian productwhere A B == Sigma(A, %-. B)
abbreviationfunction-space :: [i , i ] => i (infixr > 60 ) function spacewhere A > B == Pi(A, %-. B)
nonterminal is and patterns
syntax:: i => is (-)
-Enum :: [i , is] => is (-,/ -)
-Finset :: is => i ({(-)})-Tuple :: [i , is] => i ()-Collect :: [pttrn, i , o] => i ((1{-: - ./ -}))-Replace :: [pttrn, pttrn, i , o] => i ((1{- ./ -: -, -}))-RepFun :: [i , pttrn, i ] => i ((1{- ./ -: -}) [51 ,0 ,51 ])-INTER :: [pttrn, i , i ] => i ((3INT -:-./ -) 10 )-UNION :: [pttrn, i , i ] => i ((3UN -:-./ -) 10 )-PROD :: [pttrn, i , i ] => i ((3PROD -:-./ -) 10 )-SUM :: [pttrn, i , i ] => i ((3SUM -:-./ -) 10 )
33
-lam :: [pttrn, i , i ] => i ((3lam -:-./ -) 10 )-Ball :: [pttrn, i , o] => o ((3ALL -:-./ -) 10 )-Bex :: [pttrn, i , o] => o ((3EX -:-./ -) 10 )
-pattern :: patterns => pttrn ():: pttrn => patterns (-)
-patterns :: [pttrn, patterns] => patterns (-,/-)
translations{x , xs} == CONST cons(x , {xs}){x} == CONST cons(x , 0 ){x :A. P} == CONST Collect(A, %x . P){y . x :A, Q} == CONST Replace(A, %x y . Q){b. x :A} == CONST RepFun(A, %x . b)INT x :A. B == CONST Inter({B . x :A})UN x :A. B == CONST Union({B . x :A})PROD x :A. B == CONST Pi(A, %x . B)SUM x :A. B == CONST Sigma(A, %x . B)lam x :A. f == CONST Lambda(A, %x . f )ALL x :A. P == CONST Ball(A, %x . P)EX x :A. P == CONST Bex (A, %x . P)
== == CONST Pair(x , y)%.b == CONST split(%x .b)%.b == CONST split(%x y . b)
notation (xsymbols)cart-prod (infixr 80 ) andInt (infixl 70 ) andUn (infixl 65 ) andfunction-space (infixr 60 ) andSubset (infixl 50 ) andmem (infixl 50 ) andnot-mem (infixl / 50 ) andUnion (
- [90 ] 90 ) and
Inter (
- [90 ] 90 )
syntax (xsymbols)-Collect :: [pttrn, i , o] => i ((1{- - ./ -}))-Replace :: [pttrn, pttrn, i , o] => i ((1{- ./ - -, -}))-RepFun :: [i , pttrn, i ] => i ((1{- ./ - -}) [51 ,0 ,51 ])-UNION :: [pttrn, i , i ] => i ((3
--./ -) 10 )
-INTER :: [pttrn, i , i ] => i ((3
--./ -) 10 )-PROD :: [pttrn, i , i ] => i ((3 --./ -) 10 )-SUM :: [pttrn, i , i ] => i ((3 --./ -) 10 )
34
-lam :: [pttrn, i , i ] => i ((3--./ -) 10 )-Ball :: [pttrn, i , o] => o ((3 --./ -) 10 )-Bex :: [pttrn, i , o] => o ((3 --./ -) 10 )-Tuple :: [i , is] => i ((-,/ -))-pattern :: patterns => pttrn (-)
notation (HTML output)cart-prod (infixr 80 ) andInt (infixl 70 ) andUn (infixl 65 ) andSubset (infixl 50 ) andmem (infixl 50 ) andnot-mem (infixl / 50 ) andUnion (
- [90 ] 90 ) and
Inter (
- [90 ] 90 )
syntax (HTML output)-Collect :: [pttrn, i , o] => i ((1{- - ./ -}))-Replace :: [pttrn, pttrn, i , o] => i ((1{- ./ - -, -}))-RepFun :: [i , pttrn, i ] => i ((1{- ./ - -}) [51 ,0 ,51 ])-UNION :: [pttrn, i , i ] => i ((3
--./ -) 10 )
-INTER :: [pttrn, i , i ] => i ((3
--./ -) 10 )-PROD :: [pttrn, i , i ] => i ((3 --./ -) 10 )-SUM :: [pttrn, i , i ] => i ((3 --./ -) 10 )-lam :: [pttrn, i , i ] => i ((3--./ -) 10 )-Ball :: [pttrn, i , o] => o ((3 --./ -) 10 )-Bex :: [pttrn, i , o] => o ((3 --./ -) 10 )-Tuple :: [i , is] => i ((-,/ -))-pattern :: patterns => pttrn (-)
defsBall-def : Ball(A, P) == x . xA P(x )Bex-def : Bex (A, P) == x . xA & P(x )
subset-def : A B == xA. xB
axiomatization where
extension: A = B A B & B A andUnion-iff : A (C ) (BC . AB) andPow-iff : A Pow(B) A B and
infinity : 0Inf & ( yInf . succ(y): Inf ) and
35
foundation: A=0 | ( xA. yx . y /A) and
replacement : ( xA. y z . P(x ,y) & P(x ,z ) y=z ) ==>b PrimReplace(A,P) ( xA. P(x ,b))
defs
Replace-def : Replace(A,P) == PrimReplace(A, %x y . (EX !z . P(x ,z )) & P(x ,y))
RepFun-def : RepFun(A,f ) == {y . xA, y=f (x )}
Collect-def : Collect(A,P) == {y . xA, x=y & P(x )}
Upair-def : Upair(a,b) == {y . xPow(Pow(0 )), (x=0 & y=a) | (x=Pow(0 ) &y=b)}
cons-def : cons(a,A) == Upair(a,a) Asucc-def : succ(i) == cons(i , i)
Diff-def : A B == { xA . (xB) }Inter-def :
(A) == { x (A) . yA. xy}
Un-def : A B == (Upair(A,B))Int-def : A B == (Upair(A,B))the-def : The(P) ==
({y . x {0}, P(y)})
if-def : if (P ,a,b) == THE z . P & z=a | P & z=b
Pair-def : == {{a,a}, {a,b}}fst-def : fst(p) == THE a. b. p=snd-def : snd(p) == THE b. a. p=split-def : split(c) == %p. c(fst(p), snd(p))Sigma-def : Sigma(A,B) ==
xA. yB(x ). {}
36
converse-def : converse(r) == {z . wr , x y . w= & z=}
domain-def : domain(r) == {x . wr , y . w=}range-def : range(r) == domain(converse(r))field-def : field(r) == domain(r) range(r)relation-def : relation(r) == zr . x y . z = function-def : function(r) ==
x y . :r ( y . :r y=y )image-def : r A == {y range(r) . xA. r}vimage-def : r A == converse(r)A
lam-def : Lambda(A,b) == { . xA}apply-def : fa ==
(f{a})
Pi-def : Pi(A,B) == {f Pow(Sigma(A,B)). A aAproof
4.2 Bounded universal quantifier
lemma ballI [intro!]: [| !!x . xA ==> P(x ) |] ==> xA. P(x )proof
lemmas strip = impI allI ballI
lemma bspec [dest? ]: [| xA. P(x ); x : A |] ==> P(x )proof
lemma rev-ballE [elim]:[| xA. P(x ); x /A ==> Q ; P(x ) ==> Q |] ==> Q
proof
lemma ballE : [| xA. P(x ); P(x ) ==> Q ; x /A ==> Q |] ==> Qproof
lemma rev-bspec: [| x : A; xA. P(x ) |] ==> P(x )proof
lemma ball-triv [simp]: ( xA. P) (( x . xA) P)
37
proof
lemma ball-cong [cong ]:[| A=A ; !!x . xA ==> P(x ) P (x ) |] ==> ( xA. P(x )) ( xA .
P (x ))proof
lemma atomize-ball :(!!x . x A ==> P(x )) == Trueprop ( xA. P(x ))proof
lemmas [symmetric, rulify ] = atomize-balland [symmetric, defn] = atomize-ball
4.3 Bounded existential quantifier
lemma bexI [intro]: [| P(x ); x : A |] ==> xA. P(x )proof
lemma rev-bexI : [| xA; P(x ) |] ==> xA. P(x )proof
lemma bexCI : [| xA. P(x ) ==> P(a); a: A |] ==> xA. P(x )proof
lemma bexE [elim!]: [| xA. P(x ); !!x . [| xA; P(x ) |] ==> Q |] ==> Qproof
lemma bex-triv [simp]: ( xA. P) (( x . xA) & P)proof
lemma bex-cong [cong ]:[| A=A ; !!x . xA ==> P(x ) P (x ) |]==> ( xA. P(x )) ( xA . P (x ))
proof
4.4 Rules for subsets
lemma subsetI [intro!]:(!!x . xA ==> xB) ==> A B
proof
lemma subsetD [elim]: [| A B ; cA |] ==> cBproof
38
lemma subsetCE [elim]:[| A B ; c /A ==> P ; cB ==> P |] ==> P
proof
lemma rev-subsetD : [| cA; A cBproof
lemma contra-subsetD : [| A B ; c / B |] ==> c / Aproof
lemma rev-contra-subsetD : [| c / B ; A B |] ==> c / Aproof
lemma subset-refl [simp]: A Aproof
lemma subset-trans: [| A P ; [| c /A; c /B |] ==> P |] ==> P
proof
lemma equality-iffD :
39
A = B ==> (!!x . x A x B)proof
4.6 Rules for Replace the derived form of replacement
lemma Replace-iff :b {y . xA, P(x ,y)} ( xA. P(x ,b) & ( y . P(x ,y) y=b))
proof
lemma ReplaceI [intro]:[| P(x ,b); x : A; !!y . P(x ,y) ==> y=b |] ==>b {y . xA, P(x ,y)}
proof
lemma ReplaceE :[| b {y . xA, P(x ,y)};
!!x . [| x : A; P(x ,b); y . P(x ,y)y=b |] ==> R|] ==> R
proof
lemma ReplaceE2 [elim!]:[| b {y . xA, P(x ,y)};
!!x . [| x : A; P(x ,b) |] ==> R|] ==> R
proof
lemma Replace-cong [cong ]:[| A=B ; !!x y . xB ==> P(x ,y) Q(x ,y) |] ==>Replace(A,P) = Replace(B ,Q)
proof
4.7 Rules for RepFun
lemma RepFunI : a A ==> f (a) {f (x ). xA}proof
lemma RepFun-eqI [intro]: [| b=f (a); a A |] ==> b {f (x ). xA}proof
lemma RepFunE [elim!]:[| b {f (x ). xA};
!!x .[| xA; b=f (x ) |] ==> P |] ==>P
proof
lemma RepFun-cong [cong ]:
40
[| A=B ; !!x . xB ==> f (x )=g(x ) |] ==> RepFun(A,f ) = RepFun(B ,g)proof
lemma RepFun-iff [simp]: b {f (x ). xA} ( xA. b=f (x ))proof
lemma triv-RepFun [simp]: {x . xA} = Aproof
4.8 Rules for Collect forming a subset by separation
lemma separation [simp]: a {xA. P(x )} aA & P(a)proof
lemma CollectI [intro!]: [| aA; P(a) |] ==> a {xA. P(x )}proof
lemma CollectE [elim!]: [| a {xA. P(x )}; [| aA; P(a) |] ==> R |] ==> Rproof
lemma CollectD1 : a {xA. P(x )} ==> aAproof
lemma CollectD2 : a {xA. P(x )} ==> P(a)proof
lemma Collect-cong [cong ]:[| A=B ; !!x . xB ==> P(x ) Q(x ) |]==> Collect(A, %x . P(x )) = Collect(B , %x . Q(x ))
proof
4.9 Rules for Unions
declare Union-iff [simp]
lemma UnionI [intro]: [| B : C ; A: B |] ==> A: (C )proof
lemma UnionE [elim!]: [| A (C ); !!B .[| A: B ; B : C |] ==> R |] ==> Rproof
4.10 Rules for Unions of families
lemma UN-iff [simp]: b ( xA. B(x )) ( xA. b B(x ))proof
lemma UN-I : [| a: A; b: B(a) |] ==> b: ( xA. B(x ))proof
41
lemma UN-E [elim!]:[| b ( xA. B(x )); !!x .[| x : A; b: B(x ) |] ==> R |] ==> R
proof
lemma UN-cong :[| A=B ; !!x . xB ==> C (x )=D(x ) |] ==> ( xA. C (x )) = ( xB . D(x ))
proof
4.11 Rules for the empty set
lemma not-mem-empty [simp]: a / 0proof
lemmas emptyE [elim!] = not-mem-empty [THEN notE ]
lemma empty-subsetI [simp]: 0 Aproof
lemma equals0I : [| !!y . yA ==> False |] ==> A=0proof
lemma equals0D [dest ]: A=0 ==> a / Aproof
declare sym [THEN equals0D , dest ]
lemma not-emptyI : aA ==> A 6= 0proof
lemma not-emptyE : [| A 6= 0 ; !!x . xA ==> R |] ==> Rproof
4.12 Rules for Inter
lemma Inter-iff : A (C ) ( xC . A: x ) & C 6=0proof
lemma InterI [intro!]:[| !!x . x : C ==> A: x ; C 6=0 |] ==> A (C )
proof
lemma InterD [elim, Pure.elim]: [| A (C ); B C |] ==> A Bproof
42
lemma InterE [elim]:[| A (C ); B /C ==> R; AB ==> R |] ==> R
proof
4.13 Rules for Intersections of families
lemma INT-iff : b ( xA. B(x )) ( xA. b B(x )) & A6=0proof
lemma INT-I : [| !!x . x : A ==> b: B(x ); A 6=0 |] ==> b: ( xA. B(x ))proof
lemma INT-E : [| b ( xA. B(x )); a: A |] ==> b B(a)proof
lemma INT-cong :[| A=B ; !!x . xB ==> C (x )=D(x ) |] ==> ( xA. C (x )) = ( xB . D(x ))
proof
4.14 Rules for Powersets
lemma PowI : A B ==> A Pow(B)proof
lemma PowD : A Pow(B) ==> A
ML
lemma atomize-ball [symmetric, rulify ]:(!!x . x A ==> P(x )) == Trueprop ( xA. P(x ))
proof
5.1 Unordered Pairs: constant Upair
lemma Upair-iff [simp]: c Upair(a,b) (c=a | c=b)proof
lemma UpairI1 : a Upair(a,b)proof
lemma UpairI2 : b Upair(a,b)proof
lemma UpairE : [| a Upair(b,c); a=b ==> P ; a=c ==> P |] ==> Pproof
5.2 Rules for Binary Union, Defined via Upair
lemma Un-iff [simp]: c A B (c A | c B)proof
lemma UnI1 : c A ==> c A Bproof
lemma UnI2 : c B ==> c A Bproof
declare UnI1 [elim? ] UnI2 [elim? ]
lemma UnE [elim!]: [| c A B ; c A ==> P ; c B ==> P |] ==> Pproof
lemma UnE : [| c A B ; c A ==> P ; [| c B ; c /A |] ==> P |] ==> Pproof
lemma UnCI [intro!]: (c / B ==> c A) ==> c A Bproof
5.3 Rules for Binary Intersection, Defined via Upair
lemma Int-iff [simp]: c A B (c A & c B)proof
lemma IntI [intro!]: [| c A; c B |] ==> c A B
44
proof
lemma IntD1 : c A B ==> c Aproof
lemma IntD2 : c A B ==> c Bproof
lemma IntE [elim!]: [| c A B ; [| c A; c B |] ==> P |] ==> Pproof
5.4 Rules for Set Difference, Defined via Upair
lemma Diff-iff [simp]: c AB (c A & c /B)proof
lemma DiffI [intro!]: [| c A; c / B |] ==> c A Bproof
lemma DiffD1 : c A B ==> c Aproof
lemma DiffD2 : c A B ==> c / Bproof
lemma DiffE [elim!]: [| c A B ; [| c A; c /B |] ==> P |] ==> Pproof
5.5 Rules for cons
lemma cons-iff [simp]: a cons(b,A) (a=b | a A)proof
lemma consI1 [simp,TC ]: a cons(a,B)proof
lemma consI2 : a B ==> a cons(b,B)proof
lemma consE [elim!]: [| a cons(b,A); a=b ==> P ; a A ==> P |] ==> Pproof
lemma consE :[| a cons(b,A); a=b ==> P ; [| a A; a 6=b |] ==> P |] ==> P
proof
45
lemma consCI [intro!]: (a /B ==> a=b) ==> a cons(b,B)proof
lemma cons-not-0 [simp]: cons(a,B) 6= 0proof
lemmas cons-neq-0 = cons-not-0 [THEN notE ]
declare cons-not-0 [THEN not-sym, simp]
5.6 Singletons
lemma singleton-iff : a {b} a=bproof
lemma singletonI [intro!]: a {a}proof
lemmas singletonE = singleton-iff [THEN iffD1 , elim-format , elim!]
5.7 Descriptions
lemma the-equality [intro]:[| P(a); !!x . P(x ) ==> x=a |] ==> (THE x . P(x )) = a
proof
lemma the-equality2 : [| EX ! x . P(x ); P(a) |] ==> (THE x . P(x )) = aproof
lemma theI : EX ! x . P(x ) ==> P(THE x . P(x ))proof
lemma the-0 : (EX ! x . P(x )) ==> (THE x . P(x ))=0proof
lemma theI2 :assumes p1 : Q(0 ) ==> EX ! x . P(x )
and p2 : !!x . P(x ) ==> Q(x )shows Q(THE x . P(x ))
proof
lemma the-eq-trivial [simp]: (THE x . x = a) = aproof
lemma the-eq-trivial2 [simp]: (THE x . a = x ) = a
46
proof
5.8 Conditional Terms: ifthenelselemma if-true [simp]: (if True then a else b) = aproof
lemma if-false [simp]: (if False then a else b) = bproof
lemma if-cong :[| PQ ; Q ==> a=c; Q ==> b=d |]==> (if P then a else b) = (if Q then c else d)
proof
lemma if-weak-cong : PQ ==> (if P then x else y) = (if Q then x else y)proof
lemma if-P : P ==> (if P then a else b) = aproof
lemma if-not-P : P ==> (if P then a else b) = bproof
lemma split-if [split ]:P(if Q then x else y) ((Q P(x )) & (Q P(y)))
proof
lemmas split-if-eq1 = split-if [of %x . x = b] for blemmas split-if-eq2 = split-if [of %x . a = x ] for x
lemmas split-if-mem1 = split-if [of %x . x b] for blemmas split-if-mem2 = split-if [of %x . a x ] for x
lemmas split-ifs = split-if-eq1 split-if-eq2 split-if-mem1 split-if-mem2
lemma if-iff : a: (if P then x else y) P & a x | P & a yproof
lemma if-type [TC ]:[| P ==> a A; P ==> b A |] ==> (if P then a else b): A
proof
47
lemma split-if-asm: P(if Q then x else y) (((Q & P(x )) | (Q & P(y))))proof
lemmas if-splits = split-if split-if-asm
5.9 Consequences of Foundation
lemma mem-asym: [| a b; P ==> b a |] ==> Pproof
lemma mem-irrefl : a a ==> Pproof
lemma mem-not-refl : a / aproof
lemma mem-imp-not-eq : a A ==> a 6= Aproof
lemma eq-imp-not-mem: a=A ==> a / Aproof
5.10 Rules for Successor
lemma succ-iff : i succ(j ) i=j | i jproof
lemma succI1 [simp]: i succ(i)proof
lemma succI2 : i j ==> i succ(j )proof
lemma succE [elim!]:[| i succ(j ); i=j ==> P ; i j ==> P |] ==> P
proof
lemma succCI [intro!]: (i /j ==> i=j ) ==> i succ(j )proof
lemma succ-not-0 [simp]: succ(n) 6= 0proof
48
lemmas succ-neq-0 = succ-not-0 [THEN notE , elim!]
declare succ-not-0 [THEN not-sym, simp]declare sym [THEN succ-neq-0 , elim!]
lemmas succ-subsetD = succI1 [THEN [2 ] subsetD ]
lemmas succ-neq-self = succI1 [THEN mem-imp-not-eq , THEN not-sym]
lemma succ-inject-iff [simp]: succ(m) = succ(n) m=nproof
lemmas succ-inject = succ-inject-iff [THEN iffD1 , dest !]
5.11 Miniscoping of the Bounded Universal Quantifier
lemma ball-simps1 :( xA. P(x ) & Q) ( xA. P(x )) & (A=0 | Q)( xA. P(x ) | Q) (( xA. P(x )) | Q)( xA. P(x ) Q) (( xA. P(x )) Q)(( xA. P(x ))) ( xA. P(x ))( x0 .P(x )) True( xsucc(i).P(x )) P(i) & ( xi . P(x ))( xcons(a,B).P(x )) P(a) & ( xB . P(x ))( xRepFun(A,f ). P(x )) ( yA. P(f (y)))( x (A).P(x )) ( yA. xy . P(x ))
proof
lemma ball-simps2 :( xA. P & Q(x )) (A=0 | P) & ( xA. Q(x ))( xA. P | Q(x )) (P | ( xA. Q(x )))( xA. P Q(x )) (P ( xA. Q(x )))
proof
lemma ball-simps3 :( xCollect(A,Q).P(x )) ( xA. Q(x ) P(x ))
proof
lemmas ball-simps [simp] = ball-simps1 ball-simps2 ball-simps3
lemma ball-conj-distrib:( xA. P(x ) & Q(x )) (( xA. P(x )) & ( xA. Q(x )))
proof
5.12 Miniscoping of the Bounded Existential Quantifier
lemma bex-simps1 :
49
( xA. P(x ) & Q) (( xA. P(x )) & Q)( xA. P(x ) | Q) ( xA. P(x )) | (A 6=0 & Q)( xA. P(x ) Q) (( xA. P(x )) (A6=0 & Q))( x0 .P(x )) False( xsucc(i).P(x )) P(i) | ( xi . P(x ))( xcons(a,B).P(x )) P(a) | ( xB . P(x ))( xRepFun(A,f ). P(x )) ( yA. P(f (y)))( x (A).P(x )) ( yA. xy . P(x ))(( xA. P(x ))) ( xA. P(x ))
proof
lemma bex-simps2 :( xA. P & Q(x )) (P & ( xA. Q(x )))( xA. P | Q(x )) (A6=0 & P) | ( xA. Q(x ))( xA. P Q(x )) ((A=0 | P) ( xA. Q(x )))
proof
lemma bex-simps3 :( xCollect(A,Q).P(x )) ( xA. Q(x ) & P(x ))
proof
lemmas bex-simps [simp] = bex-simps1 bex-simps2 bex-simps3
lemma bex-disj-distrib:( xA. P(x ) | Q(x )) (( xA. P(x )) | ( xA. Q(x )))
proof
lemma bex-triv-one-point1 [simp]: ( xA. x=a) (a A)proof
lemma bex-triv-one-point2 [simp]: ( xA. a=x ) (a A)proof
lemma bex-one-point1 [simp]: ( xA. x=a & P(x )) (a A & P(a))proof
lemma bex-one-point2 [simp]: ( xA. a=x & P(x )) (a A & P(a))proof
lemma ball-one-point1 [simp]: ( xA. x=a P(x )) (a A P(a))proof
lemma ball-one-point2 [simp]: ( xA. a=x P(x )) (a A P(a))proof
50
5.13 Miniscoping of the Replacement Operator
These cover both Replace and Collect
lemma Rep-simps [simp]:{x . y 0 , R(x ,y)} = 0{x 0 . P(x )} = 0{x A. Q} = (if Q then A else 0 )RepFun(0 ,f ) = 0RepFun(succ(i),f ) = cons(f (i), RepFun(i ,f ))RepFun(cons(a,B),f ) = cons(f (a), RepFun(B ,f ))
proof
5.14 Miniscoping of Unions
lemma UN-simps1 :(
xC . cons(a, B(x ))) = (if C =0 then 0 else cons(a, xC . B(x )))(
xC . A(x ) B ) = (if C =0 then 0 else ( xC . A(x )) B )(
xC . A B(x )) = (if C =0 then 0 else A ( xC . B(x )))(
xC . A(x ) B ) = (( xC . A(x )) B )(
xC . A B(x )) = (A ( xC . B(x )))(
xC . A(x ) B ) = (( xC . A(x )) B )(
xC . A B(x )) = (if C =0 then 0 else A ( xC . B(x )))proof
lemma UN-simps2 :(
x (A). B(x )) = ( yA. xy . B(x ))(
z( xA. B(x )). C (z )) = ( xA. zB(x ). C (z ))(
xRepFun(A,f ). B(x )) = ( aA. B(f (a)))proof
lemmas UN-simps [simp] = UN-simps1 UN-simps2
Opposite of miniscoping: pull the operator out
lemma UN-extend-simps1 :(
xC . A(x )) B = (if C =0 then B else ( xC . A(x ) B))((
xC . A(x )) B) = ( xC . A(x ) B)((
xC . A(x )) B) = ( xC . A(x ) B)proof
lemma UN-extend-simps2 :cons(a,
xC . B(x )) = (if C =0 then {a} else ( xC . cons(a, B(x ))))
A ( xC . B(x )) = (if C =0 then A else ( xC . A B(x )))(A ( xC . B(x ))) = ( xC . A B(x ))A ( xC . B(x )) = (if C =0 then A else ( xC . A B(x )))(
yA. xy . B(x )) = ( x (A). B(x ))(
aA. B(f (a))) = ( xRepFun(A,f ). B(x ))proof
lemma UN-UN-extend :
51
(
xA. zB(x ). C (z )) = ( z( xA. B(x )). C (z ))proof
lemmas UN-extend-simps = UN-extend-simps1 UN-extend-simps2 UN-UN-extend
5.15 Miniscoping of Intersections
lemma INT-simps1 :(
xC . A(x ) B) = ( xC . A(x )) B(
xC . A(x ) B) = ( xC . A(x )) B(
xC . A(x ) B) = (if C =0 then 0 else ( xC . A(x )) B)proof
lemma INT-simps2 :(
xC . A B(x )) = A ( xC . B(x ))(
xC . A B(x )) = (if C =0 then 0 else A ( xC . B(x )))(
xC . cons(a, B(x ))) = (if C =0 then 0 else cons(a, xC . B(x )))(
xC . A B(x )) = (if C =0 then 0 else A ( xC . B(x )))proof
lemmas INT-simps [simp] = INT-simps1 INT-simps2
Opposite of miniscoping: pull the operator out
lemma INT-extend-simps1 :(
xC . A(x )) B = ( xC . A(x ) B)(
xC . A(x )) B = ( xC . A(x ) B)(
xC . A(x )) B = (if C =0 then B else ( xC . A(x ) B))proof
lemma INT-extend-simps2 :A ( xC . B(x )) = ( xC . A B(x ))A ( xC . B(x )) = (if C =0 then A else ( xC . A B(x )))cons(a,
xC . B(x )) = (if C =0 then {a} else ( xC . cons(a, B(x ))))
A ( xC . B(x )) = (if C =0 then A else ( xC . A B(x )))proof
lemmas INT-extend-simps = INT-extend-simps1 INT-extend-simps2
5.16 Other simprules
lemma misc-simps [simp]:0 A = AA 0 = A0 A = 0A 0 = 00 A = 0A 0 = A
(0 ) = 0(cons(b,A)) = b (A)
52
({b}) = b
proof
end
6 pair: Ordered Pairs
theory pair imports upairbegin
ML
lemma singleton-eq-iff [iff ]: {a} = {b} a=bproof
lemma doubleton-eq-iff : {a,b} = {c,d} (a=c & b=d) | (a=d & b=c)proof
lemma Pair-iff [simp]: = a=c & b=dproof
lemmas Pair-inject = Pair-iff [THEN iffD1 , THEN conjE , elim!]
lemmas Pair-inject1 = Pair-iff [THEN iffD1 , THEN conjunct1 ]lemmas Pair-inject2 = Pair-iff [THEN iffD1 , THEN conjunct2 ]
lemma Pair-not-0 : 6= 0proof
lemmas Pair-neq-0 = Pair-not-0 [THEN notE , elim!]
declare sym [THEN Pair-neq-0 , elim!]
lemma Pair-neq-fst : =a ==> Pproof
lemma Pair-neq-snd : =b ==> Pproof
6.1 Sigma: Disjoint Union of a Family of Sets
Generalizes Cartesian product
lemma Sigma-iff [simp]: : Sigma(A,B) a A & b B(a)proof
53
lemma SigmaI [TC ,intro!]: [| a A; b B(a) |] ==> Sigma(A,B)proof
lemmas SigmaD1 = Sigma-iff [THEN iffD1 , THEN conjunct1 ]lemmas SigmaD2 = Sigma-iff [THEN iffD1 , THEN conjunct2 ]
lemma SigmaE [elim!]:[| c Sigma(A,B);
!!x y .[| x A; y B(x ); c= |] ==> P|] ==> P
proof
lemma SigmaE2 [elim!]:[| Sigma(A,B);
[| a A; b B(a) |] ==> P|] ==> P
proof
lemma Sigma-cong :[| A=A ; !!x . x A ==> B(x )=B (x ) |] ==>Sigma(A,B) = Sigma(A ,B )
proof
lemma Sigma-empty1 [simp]: Sigma(0 ,B) = 0proof
lemma Sigma-empty2 [simp]: A0 = 0proof
lemma Sigma-empty-iff : AB=0 A=0 | B=0proof
6.2 Projections fst and snd
lemma fst-conv [simp]: fst() = aproof
lemma snd-conv [simp]: snd() = bproof
lemma fst-type [TC ]: p Sigma(A,B) ==> fst(p) Aproof
lemma snd-type [TC ]: p Sigma(A,B) ==> snd(p) B(fst(p))proof
54
lemma Pair-fst-snd-eq : a Sigma(A,B) ==> = aproof
6.3 The Eliminator, split
lemma split [simp]: split(%x y . c(x ,y), ) == c(a,b)proof
lemma split-type [TC ]:[| p Sigma(A,B);
!!x y .[| x A; y B(x ) |] ==> c(x ,y):C ()|] ==> split(%x y . c(x ,y), p) C (p)
proof
lemma expand-split :u AB ==>
R(split(c,u)) ( xA. yB . u = R(c(x ,y)))proof
6.4 A version of split for Formulae: Result Type o
lemma splitI : R(a,b) ==> split(R, )proof
lemma splitE :[| split(R,z ); z Sigma(A,B);
!!x y . [| z = ; R(x ,y) |] ==> P|] ==> P
proof
lemma splitD : split(R,) ==> R(a,b)proof
Complex rules for Sigma.
lemma split-paired-Bex-Sigma [simp]:( z Sigma(A,B). P(z )) ( x A. y B(x ). P())
proof
lemma split-paired-Ball-Sigma [simp]:( z Sigma(A,B). P(z )) ( x A. y B(x ). P())
proof
end
55
7 equalities: Basic Equalities and Inclusions
theory equalities imports pair begin
These cover union, intersection, converse, domain, range, etc. Philippe deGroote proved many of the inclusions.
lemma in-mono: AB ==> xA xBproof
lemma the-eq-0 [simp]: (THE x . False) = 0proof
7.1 Bounded Quantifiers
The following are not added to the default simpset because (a) they duplicatethe body and (b) there are no similar rules for Int.
lemma ball-Un: ( x AB . P(x )) ( x A. P(x )) & ( x B . P(x ))proof
lemma bex-Un: ( x AB . P(x )) ( x A. P(x )) | ( x B . P(x ))proof
lemma ball-UN : ( z ( xA. B(x )). P(z )) ( xA. z B(x ). P(z ))proof
lemma bex-UN : ( z ( xA. B(x )). P(z )) ( xA. zB(x ). P(z ))proof
7.2 Converse of a Relation
lemma converse-iff [simp]: converse(r) rproof
lemma converseI [intro!]: r ==> converse(r)proof
lemma converseD : converse(r) ==> rproof
lemma converseE [elim!]:[| yx converse(r);
!!x y . [| yx=; r |] ==> P |]==> P
proof
lemma converse-converse: rSigma(A,B) ==> converse(converse(r)) = rproof
56
lemma converse-type: rAB ==> converse(r)BAproof
lemma converse-prod [simp]: converse(AB) = BAproof
lemma converse-empty [simp]: converse(0 ) = 0proof
lemma converse-subset-iff :A Sigma(X ,Y ) ==> converse(A) converse(B) A B
proof
7.3 Finite Set Constructions Using cons
lemma cons-subsetI : [| aC ; BC |] ==> cons(a,B) Cproof
lemma subset-consI : B cons(a,B)proof
lemma cons-subset-iff [iff ]: cons(a,B)C aC & BCproof
lemmas cons-subsetE = cons-subset-iff [THEN iffD1 , THEN conjE ]
lemma subset-empty-iff : A0 A=0proof
lemma subset-cons-iff : Ccons(a,B) CB | (aC & C{a} B)proof
lemma cons-eq : {a} B = cons(a,B)proof
lemma cons-commute: cons(a, cons(b, C )) = cons(b, cons(a, C ))proof
lemma cons-absorb: a: B ==> cons(a,B) = Bproof
lemma cons-Diff : a: B ==> cons(a, B{a}) = Bproof
lemma Diff-cons-eq : cons(a,B) C = (if aC then BC else cons(a,BC ))proof
57
lemma equal-singleton [rule-format ]: [| a: C ; yC . y=b |] ==> C = {b}proof
lemma [simp]: cons(a,cons(a,B)) = cons(a,B)proof
lemma singleton-subsetI : aC ==> {a} Cproof
lemma singleton-subsetD : {a} C ==> aCproof
lemma subset-succI : i succ(i)proof
lemma succ-subsetI : [| ij ; ij |] ==> succ(i)jproof
lemma succ-subsetE :[| succ(i) j ; [| ij ; ij |] ==> P |] ==> P
proof
lemma succ-subset-iff : succ(a) B (a B & a B)proof
7.4 Binary Intersection
lemma Int-subset-iff : C A B C A & C Bproof
lemma Int-lower1 : A B Aproof
lemma Int-lower2 : A B Bproof
lemma Int-greatest : [| CA; CB |] ==> C A Bproof
lemma Int-cons: cons(a,B) C cons(a, B C )proof
lemma Int-absorb [simp]: A A = A
58
proof
lemma Int-left-absorb: A (A B) = A Bproof
lemma Int-commute: A B = B Aproof
lemma Int-left-commute: A (B C ) = B (A C )proof
lemma Int-assoc: (A B) C = A (B C )proof
lemmas Int-ac= Int-assoc Int-left-absorb Int-commute Int-left-commute
lemma Int-absorb1 : B A ==> A B = Bproof
lemma Int-absorb2 : A B ==> A B = Aproof
lemma Int-Un-distrib: A (B C ) = (A B) (A C )proof
lemma Int-Un-distrib2 : (B C ) A = (B A) (C A)proof
lemma subset-Int-iff : AB A B = Aproof
lemma subset-Int-iff2 : AB B A = Aproof
lemma Int-Diff-eq : CA ==> (AB) C = CBproof
lemma Int-cons-left :cons(a,A) B = (if a B then cons(a, A B) else A B)
proof
lemma Int-cons-right :A cons(a, B) = (if a A then cons(a, A B) else A B)
proof
lemma cons-Int-distrib: cons(x , A B) = cons(x , A) cons(x , B)proof
59
7.5 Binary Union
lemma Un-subset-iff : A B C A C & B Cproof
lemma Un-upper1 : A A Bproof
lemma Un-upper2 : B A Bproof
lemma Un-least : [| AC ; BC |] ==> A B Cproof
lemma Un-cons: cons(a,B) C = cons(a, B C )proof
lemma Un-absorb [simp]: A A = Aproof
lemma Un-left-absorb: A (A B) = A Bproof
lemma Un-commute: A B = B Aproof
lemma Un-left-commute: A (B C ) = B (A C )proof
lemma Un-assoc: (A B) C = A (B C )proof
lemmas Un-ac = Un-assoc Un-left-absorb Un-commute Un-left-commute
lemma Un-absorb1 : A B ==> A B = Bproof
lemma Un-absorb2 : B A ==> A B = Aproof
lemma Un-Int-distrib: (A B) C = (A C ) (B C )proof
lemma subset-Un-iff : AB A B = Bproof
lemma subset-Un-iff2 : AB B A = Bproof
60
lemma Un-empty [iff ]: (A B = 0 ) (A = 0 & B = 0 )proof
lemma Un-eq-Union: A B = ({A, B})proof
7.6 Set Difference
lemma Diff-subset : AB Aproof
lemma Diff-contains: [| CA; C B = 0 |] ==> C ABproof
lemma subset-Diff-cons-iff : B A cons(c,C ) BAC & c / Bproof
lemma Diff-cancel : A A = 0proof
lemma Diff-triv : A B = 0 ==> A B = Aproof
lemma empty-Diff [simp]: 0 A = 0proof
lemma Diff-0 [simp]: A 0 = Aproof
lemma Diff-eq-0-iff : A B = 0 A Bproof
lemma Diff-cons: A cons(a,B) = A B {a}proof
lemma Diff-cons2 : A cons(a,B) = A {a} Bproof
lemma Diff-disjoint : A (BA) = 0proof
lemma Diff-partition: AB ==> A (BA) = Bproof
lemma subset-Un-Diff : A B (A B)proof
61
lemma double-complement : [| AB ; BC |] ==> B(CA) = Aproof
lemma double-complement-Un: (A B) (BA) = Aproof
lemma Un-Int-crazy :(A B) (B C ) (C A) = (A B) (B C ) (C A)proof
lemma Diff-Un: A (B C ) = (AB) (AC )proof
lemma Diff-Int : A (B C ) = (AB) (AC )proof
lemma Un-Diff : (A B) C = (A C ) (B C )proof
lemma Int-Diff : (A B) C = A (B C )proof
lemma Diff-Int-distrib: C (AB) = (C A) (C B)proof
lemma Diff-Int-distrib2 : (AB) C = (A C ) (B C )proof
lemma Un-Int-assoc-iff : (A B) C = A (B C ) CAproof
7.7 Big Union and Intersection
lemma Union-subset-iff :
(A) C ( xA. x C )proof
lemma Union-upper : BA ==> B (A)proof
lemma Union-least : [| !!x . xA ==> xC |] ==> (A) Cproof
lemma Union-cons [simp]:
(cons(a,B)) = a (B)proof
lemma Union-Un-distrib:
(A B) = (A) (B)proof
62
lemma Union-Int-subset :
(A B) (A) (B)proof
lemma Union-disjoint :
(C ) A = 0 (BC . B A = 0 )proof
lemma Union-empty-iff :
(A) = 0 (BA. B=0 )proof
lemma Int-Union2 :
(B) A = (CB . C A)proof
lemma Inter-subset-iff : A6=0 ==> C (A) ( xA. C x )proof
lemma Inter-lower : BA ==> (A) Bproof
lemma Inter-greatest : [| A 6=0 ; !!x . xA ==> Cx |] ==> C (A)proof
lemma INT-lower : xA ==> ( xA. B(x )) B(x )proof
lemma INT-greatest : [| A6=0 ; !!x . xA ==> CB(x ) |] ==> C ( xA.B(x ))proof
lemma Inter-0 [simp]:
(0 ) = 0proof
lemma Inter-Un-subset :[| zA; zB |] ==> (A) (B) (A B)
proof
lemma Inter-Un-distrib:[| A 6=0 ; B 6=0 |] ==> (A B) = (A) (B)
proof
lemma Union-singleton:
({b}) = bproof
lemma Inter-singleton:
({b}) = bproof
63
lemma Inter-cons [simp]:(cons(a,B)) = (if B=0 then a else a (B))
proof
7.8 Unions and Intersections of Families
lemma subset-UN-iff-eq : A ( iI . B(i)) A = ( iI . A B(i))proof
lemma UN-subset-iff : (
xA. B(x )) C ( xA. B(x ) C )proof
lemma UN-upper : xA ==> B(x ) ( xA. B(x ))proof
lemma UN-least : [| !!x . xA ==> B(x )C |] ==> ( xA. B(x )) Cproof
lemma Union-eq-UN :
(A) = (
xA. x )proof
lemma Inter-eq-INT :
(A) = (
xA. x )proof
lemma UN-0 [simp]: (
i0 . A(i)) = 0proof
lemma UN-singleton: (
xA. {x}) = Aproof
lemma UN-Un: (
i A B . C (i)) = ( i A. C (i)) ( iB . C (i))proof
lemma INT-Un: (
iI J . A(i)) =(if I =0 then
jJ . A(j )
else if J =0 then
iI . A(i)else ((
iI . A(i)) ( jJ . A(j ))))
proof
lemma UN-UN-flatten: (
x ( yA. B(y)). C (x )) = ( yA. x B(y).C (x ))proof
lemma Int-UN-distrib: B ( iI . A(i)) = ( iI . B A(i))proof
lemma Un-INT-distrib: I 6=0 ==> B ( iI . A(i)) = ( iI . B A(i))64
proof
lemma Int-UN-distrib2 :(
iI . A(i)) ( jJ . B(j )) = ( iI . jJ . A(i) B(j ))proof
lemma Un-INT-distrib2 : [| I 6=0 ; J 6=0 |] ==>(
iI . A(i)) ( jJ . B(j )) = ( iI . jJ . A(i) B(j ))proof
lemma UN-constant [simp]: (
yA. c) = (if A=0 then 0 else c)proof
lemma INT-constant [simp]: (
yA. c) = (if A=0 then 0 else c)proof
lemma UN-RepFun [simp]: (
y RepFun(A,f ). B(y)) = ( xA. B(f (x )))proof
lemma INT-RepFun [simp]: (
xRepFun(A,f ). B(x )) = ( aA. B(f (a)))proof
lemma INT-Union-eq :0 / A ==> ( x (A). B(x )) = ( yA. xy . B(x ))
proof
lemma INT-UN-eq :( xA. B(x ) 6= 0 )==> (
z ( xA. B(x )). C (z )) = ( xA. z B(x ). C (z ))
proof
lemma UN-Un-distrib:(
iI . A(i) B(i)) = ( iI . A(i)) ( iI . B(i))proof
lemma INT-Int-distrib:I 6=0 ==> ( iI . A(i) B(i)) = ( iI . A(i)) ( iI . B(i))
proof
lemma UN-Int-subset :(
zI J . A(z )) ( zI . A(z )) ( zJ . A(z ))proof
lemma Diff-UN : I 6=0 ==> B ( iI . A(i)) = ( iI . B A(i))65
proof
lemma Diff-INT : I 6=0 ==> B ( iI . A(i)) = ( iI . B A(i))proof
lemma Sigma-cons1 : Sigma(cons(a,B), C ) = ({a}C (a)) Sigma(B ,C )proof
lemma Sigma-cons2 : A cons(b,B) = A{b} ABproof
lemma Sigma-succ1 : Sigma(succ(A), B) = ({A}B(A)) Sigma(A,B)proof
lemma Sigma-succ2 : A succ(B) = A{B} ABproof
lemma SUM-UN-distrib1 :( x ( yA. C (y)). B(x )) = ( yA. xC (y). B(x ))
proof
lemma SUM-UN-distrib2 :( iI . jJ . C (i ,j )) = ( jJ . iI . C (i ,j ))
proof
lemma SUM-Un-distrib1 :( iI J . C (i)) = ( iI . C (i)) ( jJ . C (j ))
proof
lemma SUM-Un-distrib2 :( iI . A(i) B(i)) = ( iI . A(i)) ( iI . B(i))
proof
lemma prod-Un-distrib2 : I (A B) = I A I Bproof
lemma SUM-Int-distrib1 :( iI J . C (i)) = ( iI . C (i)) ( jJ . C (j ))
proof
lemma SUM-Int-distrib2 :( iI . A(i) B(i)) = ( iI . A(i)) ( iI . B(i))
proof
66
lemma prod-Int-distrib2 : I (A B) = I A I Bproof
lemma SUM-eq-UN : ( iI . A(i)) = ( iI . {i} A(i))proof
lemma times-subset-iff :(A B AB) (A = 0 | B = 0 | (A A) & (B B))
proof
lemma Int-Sigma-eq :( x A . B (x )) ( x A. B(x )) = ( x A A. B (x ) B(x ))
proof
lemma domain-iff : a: domain(r) ( y . r)proof
lemma domainI [intro]: r ==> a: domain(r)proof
lemma domainE [elim!]:[| a domain(r); !!y . r ==> P |] ==> P
proof
lemma domain-subset : domain(Sigma(A,B)) Aproof
lemma domain-of-prod : bB ==> domain(AB) = Aproof
lemma domain-0 [simp]: domain(0 ) = 0proof
lemma domain-cons [simp]: domain(cons(,r)) = cons(a, domain(r))proof
lemma domain-Un-eq [simp]: domain(A B) = domain(A) domain(B)proof
lemma domain-Int-subset : domain(A B) domain(A) domain(B)proof
lemma domain-Diff-subset : domain(A) domain(B) domain(A B)proof
67
lemma domain-UN : domain(
xA. B(x )) = ( xA. domain(B(x )))proof
lemma domain-Union: domain(
(A)) = (
xA. domain(x ))proof
lemma rangeI [intro]: r ==> b range(r)proof
lemma rangeE [elim!]: [| b range(r); !!x . r ==> P |] ==> Pproof
lemma range-subset : range(AB) Bproof
lemma range-of-prod : aA ==> range(AB) = Bproof
lemma range-0 [simp]: range(0 ) = 0proof
lemma range-cons [simp]: range(cons(,r)) = cons(b, range(r))proof
lemma range-Un-eq [simp]: range(A B) = range(A) range(B)proof
lemma range-Int-subset : range(A B) range(A) range(B)proof
lemma range-Diff-subset : range(A) range(B) range(A B)proof
lemma domain-converse [simp]: domain(converse(r)) = range(r)proof
lemma range-converse [simp]: range(converse(r)) = domain(r)proof
lemma fieldI1 : r ==> a field(r)proof
68
lemma fieldI2 : r ==> b field(r)proof
lemma fieldCI [intro]:( r ==> r) ==> a field(r)
proof
lemma fieldE [elim!]:[| a field(r);
!!x . r ==> P ;!!x . r ==> P |] ==> P
proof
lemma field-subset : field(AB) A Bproof
lemma domain-subset-field : domain(r) field(r)proof
lemma range-subset-field : range(r) field(r)proof
lemma domain-times-range: r Sigma(A,B) ==> r domain(r)range(r)proof
lemma field-times-field : r Sigma(A,B) ==> r field(r)field(r)proof
lemma relation-field-times-field : relation(r) ==> r field(r)field(r)proof
lemma field-of-prod : field(AA) = Aproof
lemma field-0 [simp]: field(0 ) = 0proof
lemma field-cons [simp]: field(cons(,r)) = cons(a, cons(b, field(r)))proof
lemma field-Un-eq [simp]: field(A B) = field(A) field(B)proof
lemma field-Int-subset : field(A B) field(A) field(B)proof
lemma field-Diff-subset : field(A) field(B) field(A B)proof
69
lemma field-converse [simp]: field(converse(r)) = field(r)proof
lemma rel-Union: ( xS . A B . x AB) ==>(S ) domain( (S )) range( (S ))
proof
lemma rel-Un: [| r AB ; s CD |] ==> (r s) (A C ) (B D)proof
lemma domain-Diff-eq : [| r ; c 6=b |] ==> domain(r{}) = do-main(r)proof
lemma range-Diff-eq : [| r ; c 6=a |] ==> range(r{}) = range(r)proof
7.9 Image of a Set under a Function or Relation
lemma image-iff : b rA ( xA. r)proof
lemma image-singleton-iff : b r{a} rproof
lemma imageI [intro]: [| r ; aA |] ==> b rAproof
lemma imageE [elim!]:[| b: rA; !!x .[| r ; xA |] ==> P |] ==> P
proof
lemma image-subset : r AB ==> rC Bproof
lemma image-0 [simp]: r0 = 0proof
lemma image-Un [simp]: r (A B) = (rA) (rB)proof
lemma image-UN : r (
xA. B(x )) = ( xA. r B(x ))proof
lemma Collect-image-eq :{z Sigma(A,B). P(z )} C = ( x A. {y B(x ). x C & P()})
proof
70
lemma image-Int-subset : r (A B) (rA) (rB)proof
lemma image-Int-square-subset : (r AA)B (rB)