src/ZF/Constructible/Reflection.thy
author paulson
Wed Aug 21 15:57:24 2002 +0200 (2002-08-21)
changeset 13513 b9e14471629c
parent 13505 52a16cb7fefb
child 13563 7d6c9817c432
permissions -rw-r--r--
tweaks
paulson@13505
     1
(*  Title:      ZF/Constructible/Reflection.thy
paulson@13505
     2
    ID:         $Id$
paulson@13505
     3
    Author:     Lawrence C Paulson, Cambridge University Computer Laboratory
paulson@13505
     4
    Copyright   2002  University of Cambridge
paulson@13505
     5
*)
paulson@13505
     6
paulson@13223
     7
header {* The Reflection Theorem*}
paulson@13223
     8
paulson@13223
     9
theory Reflection = Normal:
paulson@13223
    10
paulson@13223
    11
lemma all_iff_not_ex_not: "(\<forall>x. P(x)) <-> (~ (\<exists>x. ~ P(x)))";
paulson@13223
    12
by blast
paulson@13223
    13
paulson@13223
    14
lemma ball_iff_not_bex_not: "(\<forall>x\<in>A. P(x)) <-> (~ (\<exists>x\<in>A. ~ P(x)))";
paulson@13223
    15
by blast
paulson@13223
    16
paulson@13223
    17
text{*From the notes of A. S. Kechris, page 6, and from 
paulson@13223
    18
      Andrzej Mostowski, \emph{Constructible Sets with Applications},
paulson@13223
    19
      North-Holland, 1969, page 23.*}
paulson@13223
    20
paulson@13223
    21
paulson@13223
    22
subsection{*Basic Definitions*}
paulson@13223
    23
paulson@13223
    24
text{*First part: the cumulative hierarchy defining the class @{text M}.  
paulson@13223
    25
To avoid handling multiple arguments, we assume that @{text "Mset(l)"} is
paulson@13223
    26
closed under ordered pairing provided @{text l} is limit.  Possibly this
paulson@13223
    27
could be avoided: the induction hypothesis @{term Cl_reflects} 
paulson@13223
    28
(in locale @{text ex_reflection}) could be weakened to
paulson@13223
    29
@{term "\<forall>y\<in>Mset(a). \<forall>z\<in>Mset(a). P(<y,z>) <-> Q(a,<y,z>)"}, removing most
paulson@13223
    30
uses of @{term Pair_in_Mset}.  But there isn't much point in doing so, since 
paulson@13223
    31
ultimately the @{text ex_reflection} proof is packaged up using the
paulson@13223
    32
predicate @{text Reflects}.
paulson@13223
    33
*}
wenzelm@13428
    34
locale reflection =
paulson@13223
    35
  fixes Mset and M and Reflects
paulson@13223
    36
  assumes Mset_mono_le : "mono_le_subset(Mset)"
paulson@13223
    37
      and Mset_cont    : "cont_Ord(Mset)"
paulson@13223
    38
      and Pair_in_Mset : "[| x \<in> Mset(a); y \<in> Mset(a); Limit(a) |] 
paulson@13223
    39
                          ==> <x,y> \<in> Mset(a)"
paulson@13223
    40
  defines "M(x) == \<exists>a. Ord(a) \<and> x \<in> Mset(a)"
paulson@13223
    41
      and "Reflects(Cl,P,Q) == Closed_Unbounded(Cl) \<and>
paulson@13223
    42
                              (\<forall>a. Cl(a) --> (\<forall>x\<in>Mset(a). P(x) <-> Q(a,x)))"
paulson@13223
    43
  fixes F0 --{*ordinal for a specific value @{term y}*}
paulson@13223
    44
  fixes FF --{*sup over the whole level, @{term "y\<in>Mset(a)"}*}
paulson@13223
    45
  fixes ClEx --{*Reflecting ordinals for the formula @{term "\<exists>z. P"}*}
paulson@13223
    46
  defines "F0(P,y) == \<mu>b. (\<exists>z. M(z) \<and> P(<y,z>)) --> 
paulson@13223
    47
                               (\<exists>z\<in>Mset(b). P(<y,z>))"
paulson@13223
    48
      and "FF(P)   == \<lambda>a. \<Union>y\<in>Mset(a). F0(P,y)"
paulson@13434
    49
      and "ClEx(P,a) == Limit(a) \<and> normalize(FF(P),a) = a"
paulson@13223
    50
paulson@13223
    51
lemma (in reflection) Mset_mono: "i\<le>j ==> Mset(i) <= Mset(j)"
paulson@13223
    52
apply (insert Mset_mono_le) 
paulson@13223
    53
apply (simp add: mono_le_subset_def leI) 
paulson@13223
    54
done
paulson@13223
    55
paulson@13434
    56
text{*Awkward: we need a version of @{text ClEx_def} as an equality
paulson@13434
    57
      at the level of classes, which do not really exist*}
paulson@13434
    58
lemma (in reflection) ClEx_eq:
paulson@13434
    59
     "ClEx(P) == \<lambda>a. Limit(a) \<and> normalize(FF(P),a) = a"
paulson@13434
    60
by (simp add: ClEx_def [symmetric]) 
paulson@13434
    61
paulson@13434
    62
paulson@13223
    63
subsection{*Easy Cases of the Reflection Theorem*}
paulson@13223
    64
paulson@13223
    65
theorem (in reflection) Triv_reflection [intro]:
paulson@13223
    66
     "Reflects(Ord, P, \<lambda>a x. P(x))"
paulson@13223
    67
by (simp add: Reflects_def)
paulson@13223
    68
paulson@13223
    69
theorem (in reflection) Not_reflection [intro]:
paulson@13223
    70
     "Reflects(Cl,P,Q) ==> Reflects(Cl, \<lambda>x. ~P(x), \<lambda>a x. ~Q(a,x))"
paulson@13268
    71
by (simp add: Reflects_def) 
paulson@13223
    72
paulson@13223
    73
theorem (in reflection) And_reflection [intro]:
paulson@13223
    74
     "[| Reflects(Cl,P,Q); Reflects(C',P',Q') |] 
paulson@13223
    75
      ==> Reflects(\<lambda>a. Cl(a) \<and> C'(a), \<lambda>x. P(x) \<and> P'(x), 
paulson@13223
    76
                                      \<lambda>a x. Q(a,x) \<and> Q'(a,x))"
paulson@13223
    77
by (simp add: Reflects_def Closed_Unbounded_Int, blast)
paulson@13223
    78
paulson@13223
    79
theorem (in reflection) Or_reflection [intro]:
paulson@13223
    80
     "[| Reflects(Cl,P,Q); Reflects(C',P',Q') |] 
paulson@13223
    81
      ==> Reflects(\<lambda>a. Cl(a) \<and> C'(a), \<lambda>x. P(x) \<or> P'(x), 
paulson@13223
    82
                                      \<lambda>a x. Q(a,x) \<or> Q'(a,x))"
paulson@13223
    83
by (simp add: Reflects_def Closed_Unbounded_Int, blast)
paulson@13223
    84
paulson@13223
    85
theorem (in reflection) Imp_reflection [intro]:
paulson@13223
    86
     "[| Reflects(Cl,P,Q); Reflects(C',P',Q') |] 
paulson@13223
    87
      ==> Reflects(\<lambda>a. Cl(a) \<and> C'(a), 
paulson@13223
    88
                   \<lambda>x. P(x) --> P'(x), 
paulson@13223
    89
                   \<lambda>a x. Q(a,x) --> Q'(a,x))"
paulson@13223
    90
by (simp add: Reflects_def Closed_Unbounded_Int, blast)
paulson@13223
    91
paulson@13223
    92
theorem (in reflection) Iff_reflection [intro]:
paulson@13223
    93
     "[| Reflects(Cl,P,Q); Reflects(C',P',Q') |] 
paulson@13223
    94
      ==> Reflects(\<lambda>a. Cl(a) \<and> C'(a), 
paulson@13223
    95
                   \<lambda>x. P(x) <-> P'(x), 
paulson@13223
    96
                   \<lambda>a x. Q(a,x) <-> Q'(a,x))"
paulson@13223
    97
by (simp add: Reflects_def Closed_Unbounded_Int, blast) 
paulson@13223
    98
paulson@13223
    99
subsection{*Reflection for Existential Quantifiers*}
paulson@13223
   100
paulson@13223
   101
lemma (in reflection) F0_works:
paulson@13223
   102
     "[| y\<in>Mset(a); Ord(a); M(z); P(<y,z>) |] ==> \<exists>z\<in>Mset(F0(P,y)). P(<y,z>)"
paulson@13223
   103
apply (unfold F0_def M_def, clarify)
paulson@13223
   104
apply (rule LeastI2)
paulson@13223
   105
  apply (blast intro: Mset_mono [THEN subsetD])
paulson@13223
   106
 apply (blast intro: lt_Ord2, blast)
paulson@13223
   107
done
paulson@13223
   108
paulson@13223
   109
lemma (in reflection) Ord_F0 [intro,simp]: "Ord(F0(P,y))"
paulson@13223
   110
by (simp add: F0_def)
paulson@13223
   111
paulson@13223
   112
lemma (in reflection) Ord_FF [intro,simp]: "Ord(FF(P,y))"
paulson@13223
   113
by (simp add: FF_def)
paulson@13223
   114
paulson@13223
   115
lemma (in reflection) cont_Ord_FF: "cont_Ord(FF(P))"
paulson@13223
   116
apply (insert Mset_cont)
paulson@13223
   117
apply (simp add: cont_Ord_def FF_def, blast)
paulson@13223
   118
done
paulson@13223
   119
paulson@13223
   120
text{*Recall that @{term F0} depends upon @{term "y\<in>Mset(a)"}, 
paulson@13223
   121
while @{term FF} depends only upon @{term a}. *}
paulson@13223
   122
lemma (in reflection) FF_works:
paulson@13223
   123
     "[| M(z); y\<in>Mset(a); P(<y,z>); Ord(a) |] ==> \<exists>z\<in>Mset(FF(P,a)). P(<y,z>)"
paulson@13223
   124
apply (simp add: FF_def)
paulson@13223
   125
apply (simp_all add: cont_Ord_Union [of concl: Mset] 
paulson@13223
   126
                     Mset_cont Mset_mono_le not_emptyI Ord_F0)
paulson@13223
   127
apply (blast intro: F0_works)  
paulson@13223
   128
done
paulson@13223
   129
paulson@13223
   130
lemma (in reflection) FFN_works:
paulson@13223
   131
     "[| M(z); y\<in>Mset(a); P(<y,z>); Ord(a) |] 
paulson@13223
   132
      ==> \<exists>z\<in>Mset(normalize(FF(P),a)). P(<y,z>)"
paulson@13223
   133
apply (drule FF_works [of concl: P], assumption+) 
paulson@13223
   134
apply (blast intro: cont_Ord_FF le_normalize [THEN Mset_mono, THEN subsetD])
paulson@13223
   135
done
paulson@13223
   136
paulson@13223
   137
paulson@13223
   138
text{*Locale for the induction hypothesis*}
paulson@13223
   139
wenzelm@13428
   140
locale ex_reflection = reflection +
paulson@13223
   141
  fixes P  --"the original formula"
paulson@13223
   142
  fixes Q  --"the reflected formula"
paulson@13223
   143
  fixes Cl --"the class of reflecting ordinals"
paulson@13223
   144
  assumes Cl_reflects: "[| Cl(a); Ord(a) |] ==> \<forall>x\<in>Mset(a). P(x) <-> Q(a,x)"
paulson@13223
   145
paulson@13223
   146
lemma (in ex_reflection) ClEx_downward:
paulson@13223
   147
     "[| M(z); y\<in>Mset(a); P(<y,z>); Cl(a); ClEx(P,a) |] 
paulson@13223
   148
      ==> \<exists>z\<in>Mset(a). Q(a,<y,z>)"
paulson@13223
   149
apply (simp add: ClEx_def, clarify) 
paulson@13223
   150
apply (frule Limit_is_Ord) 
paulson@13223
   151
apply (frule FFN_works [of concl: P], assumption+) 
paulson@13223
   152
apply (drule Cl_reflects, assumption+) 
paulson@13223
   153
apply (auto simp add: Limit_is_Ord Pair_in_Mset)
paulson@13223
   154
done
paulson@13223
   155
paulson@13223
   156
lemma (in ex_reflection) ClEx_upward:
paulson@13223
   157
     "[| z\<in>Mset(a); y\<in>Mset(a); Q(a,<y,z>); Cl(a); ClEx(P,a) |] 
paulson@13223
   158
      ==> \<exists>z. M(z) \<and> P(<y,z>)"
paulson@13223
   159
apply (simp add: ClEx_def M_def)
paulson@13223
   160
apply (blast dest: Cl_reflects
paulson@13223
   161
	     intro: Limit_is_Ord Pair_in_Mset)
paulson@13223
   162
done
paulson@13223
   163
paulson@13223
   164
text{*Class @{text ClEx} indeed consists of reflecting ordinals...*}
paulson@13223
   165
lemma (in ex_reflection) ZF_ClEx_iff:
paulson@13223
   166
     "[| y\<in>Mset(a); Cl(a); ClEx(P,a) |] 
paulson@13223
   167
      ==> (\<exists>z. M(z) \<and> P(<y,z>)) <-> (\<exists>z\<in>Mset(a). Q(a,<y,z>))"
paulson@13223
   168
by (blast intro: dest: ClEx_downward ClEx_upward) 
paulson@13223
   169
paulson@13223
   170
text{*...and it is closed and unbounded*}
paulson@13223
   171
lemma (in ex_reflection) ZF_Closed_Unbounded_ClEx:
paulson@13223
   172
     "Closed_Unbounded(ClEx(P))"
paulson@13434
   173
apply (simp add: ClEx_eq)
paulson@13223
   174
apply (fast intro: Closed_Unbounded_Int Normal_imp_fp_Closed_Unbounded
paulson@13223
   175
                   Closed_Unbounded_Limit Normal_normalize)
paulson@13223
   176
done
paulson@13223
   177
paulson@13223
   178
text{*The same two theorems, exported to locale @{text reflection}.*}
paulson@13223
   179
paulson@13223
   180
text{*Class @{text ClEx} indeed consists of reflecting ordinals...*}
paulson@13223
   181
lemma (in reflection) ClEx_iff:
paulson@13223
   182
     "[| y\<in>Mset(a); Cl(a); ClEx(P,a);
paulson@13223
   183
        !!a. [| Cl(a); Ord(a) |] ==> \<forall>x\<in>Mset(a). P(x) <-> Q(a,x) |] 
paulson@13223
   184
      ==> (\<exists>z. M(z) \<and> P(<y,z>)) <-> (\<exists>z\<in>Mset(a). Q(a,<y,z>))"
paulson@13223
   185
apply (unfold ClEx_def FF_def F0_def M_def)
wenzelm@13428
   186
apply (rule ex_reflection.ZF_ClEx_iff
wenzelm@13428
   187
  [OF ex_reflection.intro, OF reflection.intro ex_reflection_axioms.intro,
wenzelm@13428
   188
    of Mset Cl])
wenzelm@13428
   189
apply (simp_all add: Mset_mono_le Mset_cont Pair_in_Mset)
paulson@13223
   190
done
paulson@13223
   191
paulson@13434
   192
(*Alternative proof, less unfolding:
paulson@13434
   193
apply (rule Reflection.ZF_ClEx_iff [of Mset _ _ Cl, folded M_def])
paulson@13434
   194
apply (fold ClEx_def FF_def F0_def)
paulson@13434
   195
apply (rule ex_reflection.intro, assumption)
paulson@13434
   196
apply (simp add: ex_reflection_axioms.intro, assumption+)
paulson@13434
   197
*)
paulson@13434
   198
paulson@13223
   199
lemma (in reflection) Closed_Unbounded_ClEx:
paulson@13223
   200
     "(!!a. [| Cl(a); Ord(a) |] ==> \<forall>x\<in>Mset(a). P(x) <-> Q(a,x))
paulson@13223
   201
      ==> Closed_Unbounded(ClEx(P))"
paulson@13434
   202
apply (unfold ClEx_eq FF_def F0_def M_def) 
paulson@13434
   203
apply (rule Reflection.ZF_Closed_Unbounded_ClEx [of Mset _ _ Cl])
paulson@13434
   204
apply (rule ex_reflection.intro, assumption)
paulson@13434
   205
apply (blast intro: ex_reflection_axioms.intro)
paulson@13223
   206
done
paulson@13223
   207
paulson@13292
   208
subsection{*Packaging the Quantifier Reflection Rules*}
paulson@13292
   209
paulson@13223
   210
lemma (in reflection) Ex_reflection_0:
paulson@13223
   211
     "Reflects(Cl,P0,Q0) 
paulson@13223
   212
      ==> Reflects(\<lambda>a. Cl(a) \<and> ClEx(P0,a), 
paulson@13223
   213
                   \<lambda>x. \<exists>z. M(z) \<and> P0(<x,z>), 
paulson@13223
   214
                   \<lambda>a x. \<exists>z\<in>Mset(a). Q0(a,<x,z>))" 
paulson@13223
   215
apply (simp add: Reflects_def) 
paulson@13223
   216
apply (intro conjI Closed_Unbounded_Int)
paulson@13223
   217
  apply blast 
wenzelm@13382
   218
 apply (rule Closed_Unbounded_ClEx [of Cl P0 Q0], blast, clarify) 
paulson@13223
   219
apply (rule_tac Cl=Cl in  ClEx_iff, assumption+, blast) 
paulson@13223
   220
done
paulson@13223
   221
paulson@13223
   222
lemma (in reflection) All_reflection_0:
paulson@13223
   223
     "Reflects(Cl,P0,Q0) 
paulson@13223
   224
      ==> Reflects(\<lambda>a. Cl(a) \<and> ClEx(\<lambda>x.~P0(x), a), 
paulson@13223
   225
                   \<lambda>x. \<forall>z. M(z) --> P0(<x,z>), 
paulson@13223
   226
                   \<lambda>a x. \<forall>z\<in>Mset(a). Q0(a,<x,z>))" 
paulson@13223
   227
apply (simp only: all_iff_not_ex_not ball_iff_not_bex_not) 
paulson@13223
   228
apply (rule Not_reflection, drule Not_reflection, simp) 
paulson@13223
   229
apply (erule Ex_reflection_0)
paulson@13223
   230
done
paulson@13223
   231
paulson@13223
   232
theorem (in reflection) Ex_reflection [intro]:
paulson@13223
   233
     "Reflects(Cl, \<lambda>x. P(fst(x),snd(x)), \<lambda>a x. Q(a,fst(x),snd(x))) 
paulson@13223
   234
      ==> Reflects(\<lambda>a. Cl(a) \<and> ClEx(\<lambda>x. P(fst(x),snd(x)), a), 
paulson@13223
   235
                   \<lambda>x. \<exists>z. M(z) \<and> P(x,z), 
paulson@13223
   236
                   \<lambda>a x. \<exists>z\<in>Mset(a). Q(a,x,z))"
paulson@13223
   237
by (rule Ex_reflection_0 [of _ " \<lambda>x. P(fst(x),snd(x))" 
paulson@13223
   238
                               "\<lambda>a x. Q(a,fst(x),snd(x))", simplified])
paulson@13223
   239
paulson@13223
   240
theorem (in reflection) All_reflection [intro]:
paulson@13223
   241
     "Reflects(Cl,  \<lambda>x. P(fst(x),snd(x)), \<lambda>a x. Q(a,fst(x),snd(x)))
paulson@13223
   242
      ==> Reflects(\<lambda>a. Cl(a) \<and> ClEx(\<lambda>x. ~P(fst(x),snd(x)), a), 
paulson@13223
   243
                   \<lambda>x. \<forall>z. M(z) --> P(x,z), 
paulson@13223
   244
                   \<lambda>a x. \<forall>z\<in>Mset(a). Q(a,x,z))" 
paulson@13223
   245
by (rule All_reflection_0 [of _ "\<lambda>x. P(fst(x),snd(x))" 
paulson@13223
   246
                                "\<lambda>a x. Q(a,fst(x),snd(x))", simplified])
paulson@13223
   247
paulson@13292
   248
text{*And again, this time using class-bounded quantifiers*}
paulson@13292
   249
paulson@13292
   250
theorem (in reflection) Rex_reflection [intro]:
paulson@13292
   251
     "Reflects(Cl, \<lambda>x. P(fst(x),snd(x)), \<lambda>a x. Q(a,fst(x),snd(x))) 
paulson@13292
   252
      ==> Reflects(\<lambda>a. Cl(a) \<and> ClEx(\<lambda>x. P(fst(x),snd(x)), a), 
paulson@13292
   253
                   \<lambda>x. \<exists>z[M]. P(x,z), 
paulson@13292
   254
                   \<lambda>a x. \<exists>z\<in>Mset(a). Q(a,x,z))"
paulson@13292
   255
by (unfold rex_def, blast) 
paulson@13292
   256
paulson@13292
   257
theorem (in reflection) Rall_reflection [intro]:
paulson@13292
   258
     "Reflects(Cl,  \<lambda>x. P(fst(x),snd(x)), \<lambda>a x. Q(a,fst(x),snd(x)))
paulson@13292
   259
      ==> Reflects(\<lambda>a. Cl(a) \<and> ClEx(\<lambda>x. ~P(fst(x),snd(x)), a), 
paulson@13292
   260
                   \<lambda>x. \<forall>z[M]. P(x,z), 
paulson@13292
   261
                   \<lambda>a x. \<forall>z\<in>Mset(a). Q(a,x,z))" 
paulson@13292
   262
by (unfold rall_def, blast) 
paulson@13292
   263
paulson@13292
   264
paulson@13223
   265
text{*No point considering bounded quantifiers, where reflection is trivial.*}
paulson@13223
   266
paulson@13223
   267
paulson@13223
   268
subsection{*Simple Examples of Reflection*}
paulson@13223
   269
paulson@13223
   270
text{*Example 1: reflecting a simple formula.  The reflecting class is first
paulson@13223
   271
given as the variable @{text ?Cl} and later retrieved from the final 
paulson@13223
   272
proof state.*}
paulson@13223
   273
lemma (in reflection) 
paulson@13223
   274
     "Reflects(?Cl,
paulson@13223
   275
               \<lambda>x. \<exists>y. M(y) \<and> x \<in> y, 
paulson@13223
   276
               \<lambda>a x. \<exists>y\<in>Mset(a). x \<in> y)"
paulson@13223
   277
by fast
paulson@13223
   278
paulson@13223
   279
text{*Problem here: there needs to be a conjunction (class intersection)
paulson@13223
   280
in the class of reflecting ordinals.  The @{term "Ord(a)"} is redundant,
paulson@13223
   281
though harmless.*}
paulson@13223
   282
lemma (in reflection) 
paulson@13223
   283
     "Reflects(\<lambda>a. Ord(a) \<and> ClEx(\<lambda>x. fst(x) \<in> snd(x), a),   
paulson@13223
   284
               \<lambda>x. \<exists>y. M(y) \<and> x \<in> y, 
paulson@13223
   285
               \<lambda>a x. \<exists>y\<in>Mset(a). x \<in> y)" 
paulson@13223
   286
by fast
paulson@13223
   287
paulson@13223
   288
paulson@13223
   289
text{*Example 2*}
paulson@13223
   290
lemma (in reflection) 
paulson@13223
   291
     "Reflects(?Cl,
paulson@13223
   292
               \<lambda>x. \<exists>y. M(y) \<and> (\<forall>z. M(z) --> z \<subseteq> x --> z \<in> y), 
paulson@13223
   293
               \<lambda>a x. \<exists>y\<in>Mset(a). \<forall>z\<in>Mset(a). z \<subseteq> x --> z \<in> y)" 
paulson@13223
   294
by fast
paulson@13223
   295
paulson@13223
   296
text{*Example 2'.  We give the reflecting class explicitly. *}
paulson@13223
   297
lemma (in reflection) 
paulson@13223
   298
  "Reflects
paulson@13223
   299
    (\<lambda>a. (Ord(a) \<and>
paulson@13223
   300
          ClEx(\<lambda>x. ~ (snd(x) \<subseteq> fst(fst(x)) --> snd(x) \<in> snd(fst(x))), a)) \<and>
paulson@13223
   301
          ClEx(\<lambda>x. \<forall>z. M(z) --> z \<subseteq> fst(x) --> z \<in> snd(x), a),
paulson@13223
   302
	    \<lambda>x. \<exists>y. M(y) \<and> (\<forall>z. M(z) --> z \<subseteq> x --> z \<in> y), 
paulson@13223
   303
	    \<lambda>a x. \<exists>y\<in>Mset(a). \<forall>z\<in>Mset(a). z \<subseteq> x --> z \<in> y)" 
paulson@13223
   304
by fast
paulson@13223
   305
paulson@13223
   306
text{*Example 2''.  We expand the subset relation.*}
paulson@13223
   307
lemma (in reflection) 
paulson@13223
   308
  "Reflects(?Cl,
paulson@13223
   309
        \<lambda>x. \<exists>y. M(y) \<and> (\<forall>z. M(z) --> (\<forall>w. M(w) --> w\<in>z --> w\<in>x) --> z\<in>y),
paulson@13223
   310
        \<lambda>a x. \<exists>y\<in>Mset(a). \<forall>z\<in>Mset(a). (\<forall>w\<in>Mset(a). w\<in>z --> w\<in>x) --> z\<in>y)"
paulson@13223
   311
by fast
paulson@13223
   312
paulson@13223
   313
text{*Example 2'''.  Single-step version, to reveal the reflecting class.*}
paulson@13223
   314
lemma (in reflection) 
paulson@13223
   315
     "Reflects(?Cl,
paulson@13223
   316
               \<lambda>x. \<exists>y. M(y) \<and> (\<forall>z. M(z) --> z \<subseteq> x --> z \<in> y), 
paulson@13223
   317
               \<lambda>a x. \<exists>y\<in>Mset(a). \<forall>z\<in>Mset(a). z \<subseteq> x --> z \<in> y)" 
paulson@13223
   318
apply (rule Ex_reflection) 
paulson@13223
   319
txt{*
paulson@13223
   320
@{goals[display,indent=0,margin=60]}
paulson@13223
   321
*}
paulson@13223
   322
apply (rule All_reflection) 
paulson@13223
   323
txt{*
paulson@13223
   324
@{goals[display,indent=0,margin=60]}
paulson@13223
   325
*}
paulson@13223
   326
apply (rule Triv_reflection) 
paulson@13223
   327
txt{*
paulson@13223
   328
@{goals[display,indent=0,margin=60]}
paulson@13223
   329
*}
paulson@13223
   330
done
paulson@13223
   331
paulson@13223
   332
text{*Example 3.  Warning: the following examples make sense only
paulson@13223
   333
if @{term P} is quantifier-free, since it is not being relativized.*}
paulson@13223
   334
lemma (in reflection) 
paulson@13223
   335
     "Reflects(?Cl,
paulson@13223
   336
               \<lambda>x. \<exists>y. M(y) \<and> (\<forall>z. M(z) --> z \<in> y <-> z \<in> x \<and> P(z)), 
paulson@13223
   337
               \<lambda>a x. \<exists>y\<in>Mset(a). \<forall>z\<in>Mset(a). z \<in> y <-> z \<in> x \<and> P(z))"
paulson@13223
   338
by fast
paulson@13223
   339
paulson@13223
   340
text{*Example 3'*}
paulson@13223
   341
lemma (in reflection) 
paulson@13223
   342
     "Reflects(?Cl,
paulson@13223
   343
               \<lambda>x. \<exists>y. M(y) \<and> y = Collect(x,P),
paulson@13223
   344
               \<lambda>a x. \<exists>y\<in>Mset(a). y = Collect(x,P))";
paulson@13223
   345
by fast
paulson@13223
   346
paulson@13223
   347
text{*Example 3''*}
paulson@13223
   348
lemma (in reflection) 
paulson@13223
   349
     "Reflects(?Cl,
paulson@13223
   350
               \<lambda>x. \<exists>y. M(y) \<and> y = Replace(x,P),
paulson@13223
   351
               \<lambda>a x. \<exists>y\<in>Mset(a). y = Replace(x,P))";
paulson@13223
   352
by fast
paulson@13223
   353
paulson@13223
   354
text{*Example 4: Axiom of Choice.  Possibly wrong, since @{text \<Pi>} needs
paulson@13223
   355
to be relativized.*}
paulson@13223
   356
lemma (in reflection) 
paulson@13223
   357
     "Reflects(?Cl,
paulson@13223
   358
               \<lambda>A. 0\<notin>A --> (\<exists>f. M(f) \<and> f \<in> (\<Pi>X \<in> A. X)),
paulson@13223
   359
               \<lambda>a A. 0\<notin>A --> (\<exists>f\<in>Mset(a). f \<in> (\<Pi>X \<in> A. X)))"
paulson@13223
   360
by fast
paulson@13223
   361
paulson@13223
   362
end
paulson@13223
   363