src/ZF/Constructible/Rec_Separation.thy
changeset 13348 374d05460db4
child 13352 3cd767f8d78b
     1.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     1.2 +++ b/src/ZF/Constructible/Rec_Separation.thy	Thu Jul 11 13:43:24 2002 +0200
     1.3 @@ -0,0 +1,387 @@
     1.4 +header{*Separation for the Absoluteness of Recursion*}
     1.5 +
     1.6 +theory Rec_Separation = Separation:
     1.7 +
     1.8 +text{*This theory proves all instances needed for locales @{text
     1.9 +"M_trancl"}, @{text "M_wfrank"} and @{text "M_datatypes"}*}
    1.10 +
    1.11 +subsection{*The Locale @{text "M_trancl"}*}
    1.12 +
    1.13 +subsubsection{*Separation for Reflexive/Transitive Closure*}
    1.14 +
    1.15 +text{*First, The Defining Formula*}
    1.16 +
    1.17 +(* "rtran_closure_mem(M,A,r,p) ==
    1.18 +      \<exists>nnat[M]. \<exists>n[M]. \<exists>n'[M]. 
    1.19 +       omega(M,nnat) & n\<in>nnat & successor(M,n,n') &
    1.20 +       (\<exists>f[M]. typed_function(M,n',A,f) &
    1.21 +	(\<exists>x[M]. \<exists>y[M]. \<exists>zero[M]. pair(M,x,y,p) & empty(M,zero) &
    1.22 +	  fun_apply(M,f,zero,x) & fun_apply(M,f,n,y)) &
    1.23 +	(\<forall>j[M]. j\<in>n --> 
    1.24 +	  (\<exists>fj[M]. \<exists>sj[M]. \<exists>fsj[M]. \<exists>ffp[M]. 
    1.25 +	    fun_apply(M,f,j,fj) & successor(M,j,sj) &
    1.26 +	    fun_apply(M,f,sj,fsj) & pair(M,fj,fsj,ffp) & ffp \<in> r)))"*)
    1.27 +constdefs rtran_closure_mem_fm :: "[i,i,i]=>i"
    1.28 + "rtran_closure_mem_fm(A,r,p) == 
    1.29 +   Exists(Exists(Exists(
    1.30 +    And(omega_fm(2),
    1.31 +     And(Member(1,2),
    1.32 +      And(succ_fm(1,0),
    1.33 +       Exists(And(typed_function_fm(1, A#+4, 0),
    1.34 +	And(Exists(Exists(Exists(
    1.35 +	      And(pair_fm(2,1,p#+7), 
    1.36 +	       And(empty_fm(0),
    1.37 +		And(fun_apply_fm(3,0,2), fun_apply_fm(3,5,1))))))),
    1.38 +	    Forall(Implies(Member(0,3),
    1.39 +	     Exists(Exists(Exists(Exists(
    1.40 +	      And(fun_apply_fm(5,4,3),
    1.41 +	       And(succ_fm(4,2),
    1.42 +		And(fun_apply_fm(5,2,1),
    1.43 +		 And(pair_fm(3,1,0), Member(0,r#+9))))))))))))))))))))"
    1.44 +
    1.45 +
    1.46 +lemma rtran_closure_mem_type [TC]:
    1.47 + "[| x \<in> nat; y \<in> nat; z \<in> nat |] ==> rtran_closure_mem_fm(x,y,z) \<in> formula"
    1.48 +by (simp add: rtran_closure_mem_fm_def) 
    1.49 +
    1.50 +lemma arity_rtran_closure_mem_fm [simp]:
    1.51 +     "[| x \<in> nat; y \<in> nat; z \<in> nat |] 
    1.52 +      ==> arity(rtran_closure_mem_fm(x,y,z)) = succ(x) \<union> succ(y) \<union> succ(z)"
    1.53 +by (simp add: rtran_closure_mem_fm_def succ_Un_distrib [symmetric] Un_ac) 
    1.54 +
    1.55 +lemma sats_rtran_closure_mem_fm [simp]:
    1.56 +   "[| x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
    1.57 +    ==> sats(A, rtran_closure_mem_fm(x,y,z), env) <-> 
    1.58 +        rtran_closure_mem(**A, nth(x,env), nth(y,env), nth(z,env))"
    1.59 +by (simp add: rtran_closure_mem_fm_def rtran_closure_mem_def)
    1.60 +
    1.61 +lemma rtran_closure_mem_iff_sats:
    1.62 +      "[| nth(i,env) = x; nth(j,env) = y; nth(k,env) = z; 
    1.63 +          i \<in> nat; j \<in> nat; k \<in> nat; env \<in> list(A)|]
    1.64 +       ==> rtran_closure_mem(**A, x, y, z) <-> sats(A, rtran_closure_mem_fm(i,j,k), env)"
    1.65 +by (simp add: sats_rtran_closure_mem_fm)
    1.66 +
    1.67 +theorem rtran_closure_mem_reflection:
    1.68 +     "REFLECTS[\<lambda>x. rtran_closure_mem(L,f(x),g(x),h(x)), 
    1.69 +               \<lambda>i x. rtran_closure_mem(**Lset(i),f(x),g(x),h(x))]"
    1.70 +apply (simp only: rtran_closure_mem_def setclass_simps)
    1.71 +apply (intro FOL_reflections function_reflections fun_plus_reflections)  
    1.72 +done
    1.73 +
    1.74 +text{*Separation for @{term "rtrancl(r)"}.*}
    1.75 +lemma rtrancl_separation:
    1.76 +     "[| L(r); L(A) |] ==> separation (L, rtran_closure_mem(L,A,r))"
    1.77 +apply (rule separation_CollectI) 
    1.78 +apply (rule_tac A="{r,A,z}" in subset_LsetE, blast ) 
    1.79 +apply (rule ReflectsE [OF rtran_closure_mem_reflection], assumption)
    1.80 +apply (drule subset_Lset_ltD, assumption) 
    1.81 +apply (erule reflection_imp_L_separation)
    1.82 +  apply (simp_all add: lt_Ord2)
    1.83 +apply (rule DPowI2)
    1.84 +apply (rename_tac u)
    1.85 +apply (rule_tac env = "[u,r,A]" in rtran_closure_mem_iff_sats)
    1.86 +apply (rule sep_rules | simp)+
    1.87 +apply (simp_all add: succ_Un_distrib [symmetric])
    1.88 +done
    1.89 +
    1.90 +
    1.91 +subsubsection{*Reflexive/Transitive Closure, Internalized*}
    1.92 +
    1.93 +(*  "rtran_closure(M,r,s) == 
    1.94 +        \<forall>A[M]. is_field(M,r,A) -->
    1.95 + 	 (\<forall>p[M]. p \<in> s <-> rtran_closure_mem(M,A,r,p))" *)
    1.96 +constdefs rtran_closure_fm :: "[i,i]=>i"
    1.97 + "rtran_closure_fm(r,s) == 
    1.98 +   Forall(Implies(field_fm(succ(r),0),
    1.99 +                  Forall(Iff(Member(0,succ(succ(s))),
   1.100 +                             rtran_closure_mem_fm(1,succ(succ(r)),0)))))"
   1.101 +
   1.102 +lemma rtran_closure_type [TC]:
   1.103 +     "[| x \<in> nat; y \<in> nat |] ==> rtran_closure_fm(x,y) \<in> formula"
   1.104 +by (simp add: rtran_closure_fm_def) 
   1.105 +
   1.106 +lemma arity_rtran_closure_fm [simp]:
   1.107 +     "[| x \<in> nat; y \<in> nat |] 
   1.108 +      ==> arity(rtran_closure_fm(x,y)) = succ(x) \<union> succ(y)"
   1.109 +by (simp add: rtran_closure_fm_def succ_Un_distrib [symmetric] Un_ac)
   1.110 +
   1.111 +lemma sats_rtran_closure_fm [simp]:
   1.112 +   "[| x \<in> nat; y \<in> nat; env \<in> list(A)|]
   1.113 +    ==> sats(A, rtran_closure_fm(x,y), env) <-> 
   1.114 +        rtran_closure(**A, nth(x,env), nth(y,env))"
   1.115 +by (simp add: rtran_closure_fm_def rtran_closure_def)
   1.116 +
   1.117 +lemma rtran_closure_iff_sats:
   1.118 +      "[| nth(i,env) = x; nth(j,env) = y; 
   1.119 +          i \<in> nat; j \<in> nat; env \<in> list(A)|]
   1.120 +       ==> rtran_closure(**A, x, y) <-> sats(A, rtran_closure_fm(i,j), env)"
   1.121 +by simp
   1.122 +
   1.123 +theorem rtran_closure_reflection:
   1.124 +     "REFLECTS[\<lambda>x. rtran_closure(L,f(x),g(x)), 
   1.125 +               \<lambda>i x. rtran_closure(**Lset(i),f(x),g(x))]"
   1.126 +apply (simp only: rtran_closure_def setclass_simps)
   1.127 +apply (intro FOL_reflections function_reflections rtran_closure_mem_reflection)
   1.128 +done
   1.129 +
   1.130 +
   1.131 +subsubsection{*Transitive Closure of a Relation, Internalized*}
   1.132 +
   1.133 +(*  "tran_closure(M,r,t) ==
   1.134 +         \<exists>s[M]. rtran_closure(M,r,s) & composition(M,r,s,t)" *)
   1.135 +constdefs tran_closure_fm :: "[i,i]=>i"
   1.136 + "tran_closure_fm(r,s) == 
   1.137 +   Exists(And(rtran_closure_fm(succ(r),0), composition_fm(succ(r),0,succ(s))))"
   1.138 +
   1.139 +lemma tran_closure_type [TC]:
   1.140 +     "[| x \<in> nat; y \<in> nat |] ==> tran_closure_fm(x,y) \<in> formula"
   1.141 +by (simp add: tran_closure_fm_def) 
   1.142 +
   1.143 +lemma arity_tran_closure_fm [simp]:
   1.144 +     "[| x \<in> nat; y \<in> nat |] 
   1.145 +      ==> arity(tran_closure_fm(x,y)) = succ(x) \<union> succ(y)"
   1.146 +by (simp add: tran_closure_fm_def succ_Un_distrib [symmetric] Un_ac)
   1.147 +
   1.148 +lemma sats_tran_closure_fm [simp]:
   1.149 +   "[| x \<in> nat; y \<in> nat; env \<in> list(A)|]
   1.150 +    ==> sats(A, tran_closure_fm(x,y), env) <-> 
   1.151 +        tran_closure(**A, nth(x,env), nth(y,env))"
   1.152 +by (simp add: tran_closure_fm_def tran_closure_def)
   1.153 +
   1.154 +lemma tran_closure_iff_sats:
   1.155 +      "[| nth(i,env) = x; nth(j,env) = y; 
   1.156 +          i \<in> nat; j \<in> nat; env \<in> list(A)|]
   1.157 +       ==> tran_closure(**A, x, y) <-> sats(A, tran_closure_fm(i,j), env)"
   1.158 +by simp
   1.159 +
   1.160 +theorem tran_closure_reflection:
   1.161 +     "REFLECTS[\<lambda>x. tran_closure(L,f(x),g(x)), 
   1.162 +               \<lambda>i x. tran_closure(**Lset(i),f(x),g(x))]"
   1.163 +apply (simp only: tran_closure_def setclass_simps)
   1.164 +apply (intro FOL_reflections function_reflections 
   1.165 +             rtran_closure_reflection composition_reflection)
   1.166 +done
   1.167 +
   1.168 +
   1.169 +subsection{*Separation for the Proof of @{text "wellfounded_on_trancl"}*}
   1.170 +
   1.171 +lemma wellfounded_trancl_reflects:
   1.172 +  "REFLECTS[\<lambda>x. \<exists>w[L]. \<exists>wx[L]. \<exists>rp[L]. 
   1.173 +	         w \<in> Z & pair(L,w,x,wx) & tran_closure(L,r,rp) & wx \<in> rp,
   1.174 +   \<lambda>i x. \<exists>w \<in> Lset(i). \<exists>wx \<in> Lset(i). \<exists>rp \<in> Lset(i). 
   1.175 +       w \<in> Z & pair(**Lset(i),w,x,wx) & tran_closure(**Lset(i),r,rp) &
   1.176 +       wx \<in> rp]"
   1.177 +by (intro FOL_reflections function_reflections fun_plus_reflections 
   1.178 +          tran_closure_reflection)
   1.179 +
   1.180 +
   1.181 +lemma wellfounded_trancl_separation:
   1.182 +	 "[| L(r); L(Z) |] ==> 
   1.183 +	  separation (L, \<lambda>x. 
   1.184 +	      \<exists>w[L]. \<exists>wx[L]. \<exists>rp[L]. 
   1.185 +	       w \<in> Z & pair(L,w,x,wx) & tran_closure(L,r,rp) & wx \<in> rp)"
   1.186 +apply (rule separation_CollectI) 
   1.187 +apply (rule_tac A="{r,Z,z}" in subset_LsetE, blast ) 
   1.188 +apply (rule ReflectsE [OF wellfounded_trancl_reflects], assumption)
   1.189 +apply (drule subset_Lset_ltD, assumption) 
   1.190 +apply (erule reflection_imp_L_separation)
   1.191 +  apply (simp_all add: lt_Ord2)
   1.192 +apply (rule DPowI2)
   1.193 +apply (rename_tac u) 
   1.194 +apply (rule bex_iff_sats conj_iff_sats)+
   1.195 +apply (rule_tac env = "[w,u,r,Z]" in mem_iff_sats) 
   1.196 +apply (rule sep_rules tran_closure_iff_sats | simp)+
   1.197 +apply (simp_all add: succ_Un_distrib [symmetric])
   1.198 +done
   1.199 +
   1.200 +subsection{*Well-Founded Recursion!*}
   1.201 +
   1.202 +(* M_is_recfun :: "[i=>o, i, i, [i,i,i]=>o, i] => o"
   1.203 +   "M_is_recfun(M,r,a,MH,f) == 
   1.204 +     \<forall>z[M]. z \<in> f <-> 
   1.205 +            5      4       3       2       1           0
   1.206 +            (\<exists>x[M]. \<exists>y[M]. \<exists>xa[M]. \<exists>sx[M]. \<exists>r_sx[M]. \<exists>f_r_sx[M]. 
   1.207 +	       pair(M,x,y,z) & pair(M,x,a,xa) & upair(M,x,x,sx) &
   1.208 +               pre_image(M,r,sx,r_sx) & restriction(M,f,r_sx,f_r_sx) &
   1.209 +               xa \<in> r & MH(x, f_r_sx, y))"
   1.210 +*)
   1.211 +
   1.212 +constdefs is_recfun_fm :: "[[i,i,i]=>i, i, i, i]=>i"
   1.213 + "is_recfun_fm(p,r,a,f) == 
   1.214 +   Forall(Iff(Member(0,succ(f)),
   1.215 +    Exists(Exists(Exists(Exists(Exists(Exists(
   1.216 +     And(pair_fm(5,4,6),
   1.217 +      And(pair_fm(5,a#+7,3),
   1.218 +       And(upair_fm(5,5,2),
   1.219 +        And(pre_image_fm(r#+7,2,1),
   1.220 +         And(restriction_fm(f#+7,1,0),
   1.221 +          And(Member(3,r#+7), p(5,0,4)))))))))))))))"
   1.222 +
   1.223 +
   1.224 +lemma is_recfun_type_0:
   1.225 +     "[| !!x y z. [| x \<in> nat; y \<in> nat; z \<in> nat |] ==> p(x,y,z) \<in> formula;  
   1.226 +         x \<in> nat; y \<in> nat; z \<in> nat |] 
   1.227 +      ==> is_recfun_fm(p,x,y,z) \<in> formula"
   1.228 +apply (unfold is_recfun_fm_def)
   1.229 +(*FIXME: FIND OUT why simp loops!*)
   1.230 +apply typecheck
   1.231 +by simp 
   1.232 +
   1.233 +lemma is_recfun_type [TC]:
   1.234 +     "[| p(5,0,4) \<in> formula;  
   1.235 +         x \<in> nat; y \<in> nat; z \<in> nat |] 
   1.236 +      ==> is_recfun_fm(p,x,y,z) \<in> formula"
   1.237 +by (simp add: is_recfun_fm_def) 
   1.238 +
   1.239 +lemma arity_is_recfun_fm [simp]:
   1.240 +     "[| arity(p(5,0,4)) le 8; x \<in> nat; y \<in> nat; z \<in> nat |] 
   1.241 +      ==> arity(is_recfun_fm(p,x,y,z)) = succ(x) \<union> succ(y) \<union> succ(z)"
   1.242 +apply (frule lt_nat_in_nat, simp) 
   1.243 +apply (simp add: is_recfun_fm_def succ_Un_distrib [symmetric] ) 
   1.244 +apply (subst subset_Un_iff2 [of "arity(p(5,0,4))", THEN iffD1]) 
   1.245 +apply (rule le_imp_subset) 
   1.246 +apply (erule le_trans, simp) 
   1.247 +apply (simp add: succ_Un_distrib [symmetric] Un_ac) 
   1.248 +done
   1.249 +
   1.250 +lemma sats_is_recfun_fm:
   1.251 +  assumes MH_iff_sats: 
   1.252 +      "!!x y z env. 
   1.253 +	 [| x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
   1.254 +	 ==> MH(nth(x,env), nth(y,env), nth(z,env)) <-> sats(A, p(x,y,z), env)"
   1.255 +  shows 
   1.256 +      "[|x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
   1.257 +       ==> sats(A, is_recfun_fm(p,x,y,z), env) <-> 
   1.258 +           M_is_recfun(**A, nth(x,env), nth(y,env), MH, nth(z,env))"
   1.259 +by (simp add: is_recfun_fm_def M_is_recfun_def MH_iff_sats [THEN iff_sym])
   1.260 +
   1.261 +lemma is_recfun_iff_sats:
   1.262 +  "[| (!!x y z env. [| x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
   1.263 +                    ==> MH(nth(x,env), nth(y,env), nth(z,env)) <->
   1.264 +                        sats(A, p(x,y,z), env));
   1.265 +      nth(i,env) = x; nth(j,env) = y; nth(k,env) = z; 
   1.266 +      i \<in> nat; j \<in> nat; k \<in> nat; env \<in> list(A)|]
   1.267 +   ==> M_is_recfun(**A, x, y, MH, z) <-> sats(A, is_recfun_fm(p,i,j,k), env)" 
   1.268 +by (simp add: sats_is_recfun_fm [of A MH])
   1.269 +
   1.270 +theorem is_recfun_reflection:
   1.271 +  assumes MH_reflection:
   1.272 +    "!!f g h. REFLECTS[\<lambda>x. MH(L, f(x), g(x), h(x)), 
   1.273 +                     \<lambda>i x. MH(**Lset(i), f(x), g(x), h(x))]"
   1.274 +  shows "REFLECTS[\<lambda>x. M_is_recfun(L, f(x), g(x), MH(L), h(x)), 
   1.275 +               \<lambda>i x. M_is_recfun(**Lset(i), f(x), g(x), MH(**Lset(i)), h(x))]"
   1.276 +apply (simp (no_asm_use) only: M_is_recfun_def setclass_simps)
   1.277 +apply (intro FOL_reflections function_reflections 
   1.278 +             restriction_reflection MH_reflection)  
   1.279 +done
   1.280 +
   1.281 +subsection{*Separation for  @{term "wfrank"}*}
   1.282 +
   1.283 +lemma wfrank_Reflects:
   1.284 + "REFLECTS[\<lambda>x. \<forall>rplus[L]. tran_closure(L,r,rplus) -->
   1.285 +              ~ (\<exists>f[L]. M_is_recfun(L, rplus, x, %x f y. is_range(L,f,y), f)),
   1.286 +      \<lambda>i x. \<forall>rplus \<in> Lset(i). tran_closure(**Lset(i),r,rplus) -->
   1.287 +         ~ (\<exists>f \<in> Lset(i). M_is_recfun(**Lset(i), rplus, x, %x f y. is_range(**Lset(i),f,y), f))]"
   1.288 +by (intro FOL_reflections function_reflections is_recfun_reflection tran_closure_reflection)  
   1.289 +
   1.290 +lemma wfrank_separation:
   1.291 +     "L(r) ==>
   1.292 +      separation (L, \<lambda>x. \<forall>rplus[L]. tran_closure(L,r,rplus) -->
   1.293 +         ~ (\<exists>f[L]. M_is_recfun(L, rplus, x, %x f y. is_range(L,f,y), f)))"
   1.294 +apply (rule separation_CollectI) 
   1.295 +apply (rule_tac A="{r,z}" in subset_LsetE, blast ) 
   1.296 +apply (rule ReflectsE [OF wfrank_Reflects], assumption)
   1.297 +apply (drule subset_Lset_ltD, assumption) 
   1.298 +apply (erule reflection_imp_L_separation)
   1.299 +  apply (simp_all add: lt_Ord2, clarify)
   1.300 +apply (rule DPowI2)
   1.301 +apply (rename_tac u)  
   1.302 +apply (rule ball_iff_sats imp_iff_sats)+
   1.303 +apply (rule_tac env="[rplus,u,r]" in tran_closure_iff_sats)
   1.304 +apply (rule sep_rules is_recfun_iff_sats | simp)+
   1.305 +apply (simp_all add: succ_Un_distrib [symmetric])
   1.306 +done
   1.307 +
   1.308 +
   1.309 +subsection{*Replacement for @{term "wfrank"}*}
   1.310 +
   1.311 +lemma wfrank_replacement_Reflects:
   1.312 + "REFLECTS[\<lambda>z. \<exists>x[L]. x \<in> A & 
   1.313 +        (\<forall>rplus[L]. tran_closure(L,r,rplus) -->
   1.314 +         (\<exists>y[L]. \<exists>f[L]. pair(L,x,y,z)  & 
   1.315 +                        M_is_recfun(L, rplus, x, %x f y. is_range(L,f,y), f) &
   1.316 +                        is_range(L,f,y))),
   1.317 + \<lambda>i z. \<exists>x \<in> Lset(i). x \<in> A & 
   1.318 +      (\<forall>rplus \<in> Lset(i). tran_closure(**Lset(i),r,rplus) -->
   1.319 +       (\<exists>y \<in> Lset(i). \<exists>f \<in> Lset(i). pair(**Lset(i),x,y,z)  & 
   1.320 +         M_is_recfun(**Lset(i), rplus, x, %x f y. is_range(**Lset(i),f,y), f) &
   1.321 +         is_range(**Lset(i),f,y)))]"
   1.322 +by (intro FOL_reflections function_reflections fun_plus_reflections
   1.323 +             is_recfun_reflection tran_closure_reflection)
   1.324 +
   1.325 +
   1.326 +lemma wfrank_strong_replacement:
   1.327 +     "L(r) ==>
   1.328 +      strong_replacement(L, \<lambda>x z. 
   1.329 +         \<forall>rplus[L]. tran_closure(L,r,rplus) -->
   1.330 +         (\<exists>y[L]. \<exists>f[L]. pair(L,x,y,z)  & 
   1.331 +                        M_is_recfun(L, rplus, x, %x f y. is_range(L,f,y), f) &
   1.332 +                        is_range(L,f,y)))"
   1.333 +apply (rule strong_replacementI) 
   1.334 +apply (rule rallI)
   1.335 +apply (rename_tac B)  
   1.336 +apply (rule separation_CollectI) 
   1.337 +apply (rule_tac A="{B,r,z}" in subset_LsetE, blast ) 
   1.338 +apply (rule ReflectsE [OF wfrank_replacement_Reflects], assumption)
   1.339 +apply (drule subset_Lset_ltD, assumption) 
   1.340 +apply (erule reflection_imp_L_separation)
   1.341 +  apply (simp_all add: lt_Ord2)
   1.342 +apply (rule DPowI2)
   1.343 +apply (rename_tac u) 
   1.344 +apply (rule bex_iff_sats ball_iff_sats conj_iff_sats)+
   1.345 +apply (rule_tac env = "[x,u,B,r]" in mem_iff_sats) 
   1.346 +apply (rule sep_rules tran_closure_iff_sats is_recfun_iff_sats | simp)+
   1.347 +apply (simp_all add: succ_Un_distrib [symmetric])
   1.348 +done
   1.349 +
   1.350 +
   1.351 +subsection{*Separation for  @{term "wfrank"}*}
   1.352 +
   1.353 +lemma Ord_wfrank_Reflects:
   1.354 + "REFLECTS[\<lambda>x. \<forall>rplus[L]. tran_closure(L,r,rplus) --> 
   1.355 +          ~ (\<forall>f[L]. \<forall>rangef[L]. 
   1.356 +             is_range(L,f,rangef) -->
   1.357 +             M_is_recfun(L, rplus, x, \<lambda>x f y. is_range(L,f,y), f) -->
   1.358 +             ordinal(L,rangef)),
   1.359 +      \<lambda>i x. \<forall>rplus \<in> Lset(i). tran_closure(**Lset(i),r,rplus) --> 
   1.360 +          ~ (\<forall>f \<in> Lset(i). \<forall>rangef \<in> Lset(i). 
   1.361 +             is_range(**Lset(i),f,rangef) -->
   1.362 +             M_is_recfun(**Lset(i), rplus, x, \<lambda>x f y. is_range(**Lset(i),f,y), f) -->
   1.363 +             ordinal(**Lset(i),rangef))]"
   1.364 +by (intro FOL_reflections function_reflections is_recfun_reflection 
   1.365 +          tran_closure_reflection ordinal_reflection)
   1.366 +
   1.367 +lemma  Ord_wfrank_separation:
   1.368 +     "L(r) ==>
   1.369 +      separation (L, \<lambda>x.
   1.370 +         \<forall>rplus[L]. tran_closure(L,r,rplus) --> 
   1.371 +          ~ (\<forall>f[L]. \<forall>rangef[L]. 
   1.372 +             is_range(L,f,rangef) -->
   1.373 +             M_is_recfun(L, rplus, x, \<lambda>x f y. is_range(L,f,y), f) -->
   1.374 +             ordinal(L,rangef)))" 
   1.375 +apply (rule separation_CollectI) 
   1.376 +apply (rule_tac A="{r,z}" in subset_LsetE, blast ) 
   1.377 +apply (rule ReflectsE [OF Ord_wfrank_Reflects], assumption)
   1.378 +apply (drule subset_Lset_ltD, assumption) 
   1.379 +apply (erule reflection_imp_L_separation)
   1.380 +  apply (simp_all add: lt_Ord2, clarify)
   1.381 +apply (rule DPowI2)
   1.382 +apply (rename_tac u)  
   1.383 +apply (rule ball_iff_sats imp_iff_sats)+
   1.384 +apply (rule_tac env="[rplus,u,r]" in tran_closure_iff_sats)
   1.385 +apply (rule sep_rules is_recfun_iff_sats | simp)+
   1.386 +apply (simp_all add: succ_Un_distrib [symmetric])
   1.387 +done
   1.388 +
   1.389 +
   1.390 +end