src/ZF/Ordinal.thy
 author paulson Fri Jul 19 13:28:19 2002 +0200 (2002-07-19) changeset 13396 11219ca224ab parent 13356 c9cfe1638bf2 child 13534 ca6debb89d77 permissions -rw-r--r--
A couple of new theorems for Constructible
```     1 (*  Title:      ZF/Ordinal.thy
```
```     2     ID:         \$Id\$
```
```     3     Author:     Lawrence C Paulson, Cambridge University Computer Laboratory
```
```     4     Copyright   1994  University of Cambridge
```
```     5
```
```     6 *)
```
```     7
```
```     8 header{*Transitive Sets and Ordinals*}
```
```     9
```
```    10 theory Ordinal = WF + Bool + equalities:
```
```    11
```
```    12 constdefs
```
```    13
```
```    14   Memrel        :: "i=>i"
```
```    15     "Memrel(A)   == {z: A*A . EX x y. z=<x,y> & x:y }"
```
```    16
```
```    17   Transset  :: "i=>o"
```
```    18     "Transset(i) == ALL x:i. x<=i"
```
```    19
```
```    20   Ord  :: "i=>o"
```
```    21     "Ord(i)      == Transset(i) & (ALL x:i. Transset(x))"
```
```    22
```
```    23   lt        :: "[i,i] => o"  (infixl "<" 50)   (*less-than on ordinals*)
```
```    24     "i<j         == i:j & Ord(j)"
```
```    25
```
```    26   Limit         :: "i=>o"
```
```    27     "Limit(i)    == Ord(i) & 0<i & (ALL y. y<i --> succ(y)<i)"
```
```    28
```
```    29 syntax
```
```    30   "le"          :: "[i,i] => o"  (infixl 50)   (*less-than or equals*)
```
```    31
```
```    32 translations
```
```    33   "x le y"      == "x < succ(y)"
```
```    34
```
```    35 syntax (xsymbols)
```
```    36   "op le"       :: "[i,i] => o"  (infixl "\<le>" 50)  (*less-than or equals*)
```
```    37
```
```    38
```
```    39 subsection{*Rules for Transset*}
```
```    40
```
```    41 subsubsection{*Three Neat Characterisations of Transset*}
```
```    42
```
```    43 lemma Transset_iff_Pow: "Transset(A) <-> A<=Pow(A)"
```
```    44 by (unfold Transset_def, blast)
```
```    45
```
```    46 lemma Transset_iff_Union_succ: "Transset(A) <-> Union(succ(A)) = A"
```
```    47 apply (unfold Transset_def)
```
```    48 apply (blast elim!: equalityE)
```
```    49 done
```
```    50
```
```    51 lemma Transset_iff_Union_subset: "Transset(A) <-> Union(A) <= A"
```
```    52 by (unfold Transset_def, blast)
```
```    53
```
```    54 subsubsection{*Consequences of Downwards Closure*}
```
```    55
```
```    56 lemma Transset_doubleton_D:
```
```    57     "[| Transset(C); {a,b}: C |] ==> a:C & b: C"
```
```    58 by (unfold Transset_def, blast)
```
```    59
```
```    60 lemma Transset_Pair_D:
```
```    61     "[| Transset(C); <a,b>: C |] ==> a:C & b: C"
```
```    62 apply (simp add: Pair_def)
```
```    63 apply (blast dest: Transset_doubleton_D)
```
```    64 done
```
```    65
```
```    66 lemma Transset_includes_domain:
```
```    67     "[| Transset(C); A*B <= C; b: B |] ==> A <= C"
```
```    68 by (blast dest: Transset_Pair_D)
```
```    69
```
```    70 lemma Transset_includes_range:
```
```    71     "[| Transset(C); A*B <= C; a: A |] ==> B <= C"
```
```    72 by (blast dest: Transset_Pair_D)
```
```    73
```
```    74 subsubsection{*Closure Properties*}
```
```    75
```
```    76 lemma Transset_0: "Transset(0)"
```
```    77 by (unfold Transset_def, blast)
```
```    78
```
```    79 lemma Transset_Un:
```
```    80     "[| Transset(i);  Transset(j) |] ==> Transset(i Un j)"
```
```    81 by (unfold Transset_def, blast)
```
```    82
```
```    83 lemma Transset_Int:
```
```    84     "[| Transset(i);  Transset(j) |] ==> Transset(i Int j)"
```
```    85 by (unfold Transset_def, blast)
```
```    86
```
```    87 lemma Transset_succ: "Transset(i) ==> Transset(succ(i))"
```
```    88 by (unfold Transset_def, blast)
```
```    89
```
```    90 lemma Transset_Pow: "Transset(i) ==> Transset(Pow(i))"
```
```    91 by (unfold Transset_def, blast)
```
```    92
```
```    93 lemma Transset_Union: "Transset(A) ==> Transset(Union(A))"
```
```    94 by (unfold Transset_def, blast)
```
```    95
```
```    96 lemma Transset_Union_family:
```
```    97     "[| !!i. i:A ==> Transset(i) |] ==> Transset(Union(A))"
```
```    98 by (unfold Transset_def, blast)
```
```    99
```
```   100 lemma Transset_Inter_family:
```
```   101     "[| !!i. i:A ==> Transset(i) |] ==> Transset(Inter(A))"
```
```   102 by (unfold Inter_def Transset_def, blast)
```
```   103
```
```   104 lemma Transset_UN:
```
```   105      "(!!x. x \<in> A ==> Transset(B(x))) ==> Transset (UN x:A. B(x))"
```
```   106 by (rule Transset_Union_family, auto)
```
```   107
```
```   108 lemma Transset_INT:
```
```   109      "(!!x. x \<in> A ==> Transset(B(x))) ==> Transset (INT x:A. B(x))"
```
```   110 by (rule Transset_Inter_family, auto)
```
```   111
```
```   112
```
```   113 subsection{*Lemmas for Ordinals*}
```
```   114
```
```   115 lemma OrdI:
```
```   116     "[| Transset(i);  !!x. x:i ==> Transset(x) |]  ==>  Ord(i)"
```
```   117 by (simp add: Ord_def)
```
```   118
```
```   119 lemma Ord_is_Transset: "Ord(i) ==> Transset(i)"
```
```   120 by (simp add: Ord_def)
```
```   121
```
```   122 lemma Ord_contains_Transset:
```
```   123     "[| Ord(i);  j:i |] ==> Transset(j) "
```
```   124 by (unfold Ord_def, blast)
```
```   125
```
```   126
```
```   127 lemma Ord_in_Ord: "[| Ord(i);  j:i |] ==> Ord(j)"
```
```   128 by (unfold Ord_def Transset_def, blast)
```
```   129
```
```   130 (*suitable for rewriting PROVIDED i has been fixed*)
```
```   131 lemma Ord_in_Ord': "[| j:i; Ord(i) |] ==> Ord(j)"
```
```   132 by (blast intro: Ord_in_Ord)
```
```   133
```
```   134 (* Ord(succ(j)) ==> Ord(j) *)
```
```   135 lemmas Ord_succD = Ord_in_Ord [OF _ succI1]
```
```   136
```
```   137 lemma Ord_subset_Ord: "[| Ord(i);  Transset(j);  j<=i |] ==> Ord(j)"
```
```   138 by (simp add: Ord_def Transset_def, blast)
```
```   139
```
```   140 lemma OrdmemD: "[| j:i;  Ord(i) |] ==> j<=i"
```
```   141 by (unfold Ord_def Transset_def, blast)
```
```   142
```
```   143 lemma Ord_trans: "[| i:j;  j:k;  Ord(k) |] ==> i:k"
```
```   144 by (blast dest: OrdmemD)
```
```   145
```
```   146 lemma Ord_succ_subsetI: "[| i:j;  Ord(j) |] ==> succ(i) <= j"
```
```   147 by (blast dest: OrdmemD)
```
```   148
```
```   149
```
```   150 subsection{*The Construction of Ordinals: 0, succ, Union*}
```
```   151
```
```   152 lemma Ord_0 [iff,TC]: "Ord(0)"
```
```   153 by (blast intro: OrdI Transset_0)
```
```   154
```
```   155 lemma Ord_succ [TC]: "Ord(i) ==> Ord(succ(i))"
```
```   156 by (blast intro: OrdI Transset_succ Ord_is_Transset Ord_contains_Transset)
```
```   157
```
```   158 lemmas Ord_1 = Ord_0 [THEN Ord_succ]
```
```   159
```
```   160 lemma Ord_succ_iff [iff]: "Ord(succ(i)) <-> Ord(i)"
```
```   161 by (blast intro: Ord_succ dest!: Ord_succD)
```
```   162
```
```   163 lemma Ord_Un [intro,simp,TC]: "[| Ord(i); Ord(j) |] ==> Ord(i Un j)"
```
```   164 apply (unfold Ord_def)
```
```   165 apply (blast intro!: Transset_Un)
```
```   166 done
```
```   167
```
```   168 lemma Ord_Int [TC]: "[| Ord(i); Ord(j) |] ==> Ord(i Int j)"
```
```   169 apply (unfold Ord_def)
```
```   170 apply (blast intro!: Transset_Int)
```
```   171 done
```
```   172
```
```   173 (*There is no set of all ordinals, for then it would contain itself*)
```
```   174 lemma ON_class: "~ (ALL i. i:X <-> Ord(i))"
```
```   175 apply (rule notI)
```
```   176 apply (frule_tac x = "X" in spec)
```
```   177 apply (safe elim!: mem_irrefl)
```
```   178 apply (erule swap, rule OrdI [OF _ Ord_is_Transset])
```
```   179 apply (simp add: Transset_def)
```
```   180 apply (blast intro: Ord_in_Ord)+
```
```   181 done
```
```   182
```
```   183 subsection{*< is 'less Than' for Ordinals*}
```
```   184
```
```   185 lemma ltI: "[| i:j;  Ord(j) |] ==> i<j"
```
```   186 by (unfold lt_def, blast)
```
```   187
```
```   188 lemma ltE:
```
```   189     "[| i<j;  [| i:j;  Ord(i);  Ord(j) |] ==> P |] ==> P"
```
```   190 apply (unfold lt_def)
```
```   191 apply (blast intro: Ord_in_Ord)
```
```   192 done
```
```   193
```
```   194 lemma ltD: "i<j ==> i:j"
```
```   195 by (erule ltE, assumption)
```
```   196
```
```   197 lemma not_lt0 [simp]: "~ i<0"
```
```   198 by (unfold lt_def, blast)
```
```   199
```
```   200 lemma lt_Ord: "j<i ==> Ord(j)"
```
```   201 by (erule ltE, assumption)
```
```   202
```
```   203 lemma lt_Ord2: "j<i ==> Ord(i)"
```
```   204 by (erule ltE, assumption)
```
```   205
```
```   206 (* "ja le j ==> Ord(j)" *)
```
```   207 lemmas le_Ord2 = lt_Ord2 [THEN Ord_succD]
```
```   208
```
```   209 (* i<0 ==> R *)
```
```   210 lemmas lt0E = not_lt0 [THEN notE, elim!]
```
```   211
```
```   212 lemma lt_trans: "[| i<j;  j<k |] ==> i<k"
```
```   213 by (blast intro!: ltI elim!: ltE intro: Ord_trans)
```
```   214
```
```   215 lemma lt_not_sym: "i<j ==> ~ (j<i)"
```
```   216 apply (unfold lt_def)
```
```   217 apply (blast elim: mem_asym)
```
```   218 done
```
```   219
```
```   220 (* [| i<j;  ~P ==> j<i |] ==> P *)
```
```   221 lemmas lt_asym = lt_not_sym [THEN swap]
```
```   222
```
```   223 lemma lt_irrefl [elim!]: "i<i ==> P"
```
```   224 by (blast intro: lt_asym)
```
```   225
```
```   226 lemma lt_not_refl: "~ i<i"
```
```   227 apply (rule notI)
```
```   228 apply (erule lt_irrefl)
```
```   229 done
```
```   230
```
```   231
```
```   232 (** le is less than or equals;  recall  i le j  abbrevs  i<succ(j) !! **)
```
```   233
```
```   234 lemma le_iff: "i le j <-> i<j | (i=j & Ord(j))"
```
```   235 by (unfold lt_def, blast)
```
```   236
```
```   237 (*Equivalently, i<j ==> i < succ(j)*)
```
```   238 lemma leI: "i<j ==> i le j"
```
```   239 by (simp (no_asm_simp) add: le_iff)
```
```   240
```
```   241 lemma le_eqI: "[| i=j;  Ord(j) |] ==> i le j"
```
```   242 by (simp (no_asm_simp) add: le_iff)
```
```   243
```
```   244 lemmas le_refl = refl [THEN le_eqI]
```
```   245
```
```   246 lemma le_refl_iff [iff]: "i le i <-> Ord(i)"
```
```   247 by (simp (no_asm_simp) add: lt_not_refl le_iff)
```
```   248
```
```   249 lemma leCI: "(~ (i=j & Ord(j)) ==> i<j) ==> i le j"
```
```   250 by (simp add: le_iff, blast)
```
```   251
```
```   252 lemma leE:
```
```   253     "[| i le j;  i<j ==> P;  [| i=j;  Ord(j) |] ==> P |] ==> P"
```
```   254 by (simp add: le_iff, blast)
```
```   255
```
```   256 lemma le_anti_sym: "[| i le j;  j le i |] ==> i=j"
```
```   257 apply (simp add: le_iff)
```
```   258 apply (blast elim: lt_asym)
```
```   259 done
```
```   260
```
```   261 lemma le0_iff [simp]: "i le 0 <-> i=0"
```
```   262 by (blast elim!: leE)
```
```   263
```
```   264 lemmas le0D = le0_iff [THEN iffD1, dest!]
```
```   265
```
```   266 subsection{*Natural Deduction Rules for Memrel*}
```
```   267
```
```   268 (*The lemmas MemrelI/E give better speed than [iff] here*)
```
```   269 lemma Memrel_iff [simp]: "<a,b> : Memrel(A) <-> a:b & a:A & b:A"
```
```   270 by (unfold Memrel_def, blast)
```
```   271
```
```   272 lemma MemrelI [intro!]: "[| a: b;  a: A;  b: A |] ==> <a,b> : Memrel(A)"
```
```   273 by auto
```
```   274
```
```   275 lemma MemrelE [elim!]:
```
```   276     "[| <a,b> : Memrel(A);
```
```   277         [| a: A;  b: A;  a:b |]  ==> P |]
```
```   278      ==> P"
```
```   279 by auto
```
```   280
```
```   281 lemma Memrel_type: "Memrel(A) <= A*A"
```
```   282 by (unfold Memrel_def, blast)
```
```   283
```
```   284 lemma Memrel_mono: "A<=B ==> Memrel(A) <= Memrel(B)"
```
```   285 by (unfold Memrel_def, blast)
```
```   286
```
```   287 lemma Memrel_0 [simp]: "Memrel(0) = 0"
```
```   288 by (unfold Memrel_def, blast)
```
```   289
```
```   290 lemma Memrel_1 [simp]: "Memrel(1) = 0"
```
```   291 by (unfold Memrel_def, blast)
```
```   292
```
```   293 lemma relation_Memrel: "relation(Memrel(A))"
```
```   294 by (simp add: relation_def Memrel_def, blast)
```
```   295
```
```   296 (*The membership relation (as a set) is well-founded.
```
```   297   Proof idea: show A<=B by applying the foundation axiom to A-B *)
```
```   298 lemma wf_Memrel: "wf(Memrel(A))"
```
```   299 apply (unfold wf_def)
```
```   300 apply (rule foundation [THEN disjE, THEN allI], erule disjI1, blast)
```
```   301 done
```
```   302
```
```   303 text{*The premise @{term "Ord(i)"} does not suffice.*}
```
```   304 lemma trans_Memrel:
```
```   305     "Ord(i) ==> trans(Memrel(i))"
```
```   306 by (unfold Ord_def Transset_def trans_def, blast)
```
```   307
```
```   308 text{*However, the following premise is strong enough.*}
```
```   309 lemma Transset_trans_Memrel:
```
```   310     "\<forall>j\<in>i. Transset(j) ==> trans(Memrel(i))"
```
```   311 by (unfold Transset_def trans_def, blast)
```
```   312
```
```   313 (*If Transset(A) then Memrel(A) internalizes the membership relation below A*)
```
```   314 lemma Transset_Memrel_iff:
```
```   315     "Transset(A) ==> <a,b> : Memrel(A) <-> a:b & b:A"
```
```   316 by (unfold Transset_def, blast)
```
```   317
```
```   318
```
```   319 subsection{*Transfinite Induction*}
```
```   320
```
```   321 (*Epsilon induction over a transitive set*)
```
```   322 lemma Transset_induct:
```
```   323     "[| i: k;  Transset(k);
```
```   324         !!x.[| x: k;  ALL y:x. P(y) |] ==> P(x) |]
```
```   325      ==>  P(i)"
```
```   326 apply (simp add: Transset_def)
```
```   327 apply (erule wf_Memrel [THEN wf_induct2], blast+)
```
```   328 done
```
```   329
```
```   330 (*Induction over an ordinal*)
```
```   331 lemmas Ord_induct = Transset_induct [OF _ Ord_is_Transset]
```
```   332
```
```   333 (*Induction over the class of ordinals -- a useful corollary of Ord_induct*)
```
```   334
```
```   335 lemma trans_induct:
```
```   336     "[| Ord(i);
```
```   337         !!x.[| Ord(x);  ALL y:x. P(y) |] ==> P(x) |]
```
```   338      ==>  P(i)"
```
```   339 apply (rule Ord_succ [THEN succI1 [THEN Ord_induct]], assumption)
```
```   340 apply (blast intro: Ord_succ [THEN Ord_in_Ord])
```
```   341 done
```
```   342
```
```   343
```
```   344 (*** Fundamental properties of the epsilon ordering (< on ordinals) ***)
```
```   345
```
```   346
```
```   347 subsubsection{*Proving That < is a Linear Ordering on the Ordinals*}
```
```   348
```
```   349 lemma Ord_linear [rule_format]:
```
```   350      "Ord(i) ==> (ALL j. Ord(j) --> i:j | i=j | j:i)"
```
```   351 apply (erule trans_induct)
```
```   352 apply (rule impI [THEN allI])
```
```   353 apply (erule_tac i=j in trans_induct)
```
```   354 apply (blast dest: Ord_trans)
```
```   355 done
```
```   356
```
```   357 (*The trichotomy law for ordinals!*)
```
```   358 lemma Ord_linear_lt:
```
```   359     "[| Ord(i);  Ord(j);  i<j ==> P;  i=j ==> P;  j<i ==> P |] ==> P"
```
```   360 apply (simp add: lt_def)
```
```   361 apply (rule_tac i1=i and j1=j in Ord_linear [THEN disjE], blast+)
```
```   362 done
```
```   363
```
```   364 lemma Ord_linear2:
```
```   365     "[| Ord(i);  Ord(j);  i<j ==> P;  j le i ==> P |]  ==> P"
```
```   366 apply (rule_tac i = "i" and j = "j" in Ord_linear_lt)
```
```   367 apply (blast intro: leI le_eqI sym ) +
```
```   368 done
```
```   369
```
```   370 lemma Ord_linear_le:
```
```   371     "[| Ord(i);  Ord(j);  i le j ==> P;  j le i ==> P |]  ==> P"
```
```   372 apply (rule_tac i = "i" and j = "j" in Ord_linear_lt)
```
```   373 apply (blast intro: leI le_eqI ) +
```
```   374 done
```
```   375
```
```   376 lemma le_imp_not_lt: "j le i ==> ~ i<j"
```
```   377 by (blast elim!: leE elim: lt_asym)
```
```   378
```
```   379 lemma not_lt_imp_le: "[| ~ i<j;  Ord(i);  Ord(j) |] ==> j le i"
```
```   380 by (rule_tac i = "i" and j = "j" in Ord_linear2, auto)
```
```   381
```
```   382 subsubsection{*Some Rewrite Rules for <, le*}
```
```   383
```
```   384 lemma Ord_mem_iff_lt: "Ord(j) ==> i:j <-> i<j"
```
```   385 by (unfold lt_def, blast)
```
```   386
```
```   387 lemma not_lt_iff_le: "[| Ord(i);  Ord(j) |] ==> ~ i<j <-> j le i"
```
```   388 by (blast dest: le_imp_not_lt not_lt_imp_le)
```
```   389
```
```   390 lemma not_le_iff_lt: "[| Ord(i);  Ord(j) |] ==> ~ i le j <-> j<i"
```
```   391 by (simp (no_asm_simp) add: not_lt_iff_le [THEN iff_sym])
```
```   392
```
```   393 (*This is identical to 0<succ(i) *)
```
```   394 lemma Ord_0_le: "Ord(i) ==> 0 le i"
```
```   395 by (erule not_lt_iff_le [THEN iffD1], auto)
```
```   396
```
```   397 lemma Ord_0_lt: "[| Ord(i);  i~=0 |] ==> 0<i"
```
```   398 apply (erule not_le_iff_lt [THEN iffD1])
```
```   399 apply (rule Ord_0, blast)
```
```   400 done
```
```   401
```
```   402 lemma Ord_0_lt_iff: "Ord(i) ==> i~=0 <-> 0<i"
```
```   403 by (blast intro: Ord_0_lt)
```
```   404
```
```   405
```
```   406 subsection{*Results about Less-Than or Equals*}
```
```   407
```
```   408 (** For ordinals, j<=i (subset) implies j le i (less-than or equals) **)
```
```   409
```
```   410 lemma zero_le_succ_iff [iff]: "0 le succ(x) <-> Ord(x)"
```
```   411 by (blast intro: Ord_0_le elim: ltE)
```
```   412
```
```   413 lemma subset_imp_le: "[| j<=i;  Ord(i);  Ord(j) |] ==> j le i"
```
```   414 apply (rule not_lt_iff_le [THEN iffD1], assumption+)
```
```   415 apply (blast elim: ltE mem_irrefl)
```
```   416 done
```
```   417
```
```   418 lemma le_imp_subset: "i le j ==> i<=j"
```
```   419 by (blast dest: OrdmemD elim: ltE leE)
```
```   420
```
```   421 lemma le_subset_iff: "j le i <-> j<=i & Ord(i) & Ord(j)"
```
```   422 by (blast dest: subset_imp_le le_imp_subset elim: ltE)
```
```   423
```
```   424 lemma le_succ_iff: "i le succ(j) <-> i le j | i=succ(j) & Ord(i)"
```
```   425 apply (simp (no_asm) add: le_iff)
```
```   426 apply blast
```
```   427 done
```
```   428
```
```   429 (*Just a variant of subset_imp_le*)
```
```   430 lemma all_lt_imp_le: "[| Ord(i);  Ord(j);  !!x. x<j ==> x<i |] ==> j le i"
```
```   431 by (blast intro: not_lt_imp_le dest: lt_irrefl)
```
```   432
```
```   433 subsubsection{*Transitivity Laws*}
```
```   434
```
```   435 lemma lt_trans1: "[| i le j;  j<k |] ==> i<k"
```
```   436 by (blast elim!: leE intro: lt_trans)
```
```   437
```
```   438 lemma lt_trans2: "[| i<j;  j le k |] ==> i<k"
```
```   439 by (blast elim!: leE intro: lt_trans)
```
```   440
```
```   441 lemma le_trans: "[| i le j;  j le k |] ==> i le k"
```
```   442 by (blast intro: lt_trans1)
```
```   443
```
```   444 lemma succ_leI: "i<j ==> succ(i) le j"
```
```   445 apply (rule not_lt_iff_le [THEN iffD1])
```
```   446 apply (blast elim: ltE leE lt_asym)+
```
```   447 done
```
```   448
```
```   449 (*Identical to  succ(i) < succ(j) ==> i<j  *)
```
```   450 lemma succ_leE: "succ(i) le j ==> i<j"
```
```   451 apply (rule not_le_iff_lt [THEN iffD1])
```
```   452 apply (blast elim: ltE leE lt_asym)+
```
```   453 done
```
```   454
```
```   455 lemma succ_le_iff [iff]: "succ(i) le j <-> i<j"
```
```   456 by (blast intro: succ_leI succ_leE)
```
```   457
```
```   458 lemma succ_le_imp_le: "succ(i) le succ(j) ==> i le j"
```
```   459 by (blast dest!: succ_leE)
```
```   460
```
```   461 lemma lt_subset_trans: "[| i <= j;  j<k;  Ord(i) |] ==> i<k"
```
```   462 apply (rule subset_imp_le [THEN lt_trans1])
```
```   463 apply (blast intro: elim: ltE) +
```
```   464 done
```
```   465
```
```   466 lemma lt_imp_0_lt: "j<i ==> 0<i"
```
```   467 by (blast intro: lt_trans1 Ord_0_le [OF lt_Ord])
```
```   468
```
```   469 lemma succ_lt_iff: "succ(i) < j <-> i<j & succ(i) \<noteq> j"
```
```   470 apply auto
```
```   471 apply (blast intro: lt_trans le_refl dest: lt_Ord)
```
```   472 apply (frule lt_Ord)
```
```   473 apply (rule not_le_iff_lt [THEN iffD1])
```
```   474   apply (blast intro: lt_Ord2)
```
```   475  apply blast
```
```   476 apply (simp add: lt_Ord lt_Ord2 le_iff)
```
```   477 apply (blast dest: lt_asym)
```
```   478 done
```
```   479
```
```   480 lemma Ord_succ_mem_iff: "Ord(j) ==> succ(i) \<in> succ(j) <-> i\<in>j"
```
```   481 apply (insert succ_le_iff [of i j])
```
```   482 apply (simp add: lt_def)
```
```   483 done
```
```   484
```
```   485 subsubsection{*Union and Intersection*}
```
```   486
```
```   487 lemma Un_upper1_le: "[| Ord(i); Ord(j) |] ==> i le i Un j"
```
```   488 by (rule Un_upper1 [THEN subset_imp_le], auto)
```
```   489
```
```   490 lemma Un_upper2_le: "[| Ord(i); Ord(j) |] ==> j le i Un j"
```
```   491 by (rule Un_upper2 [THEN subset_imp_le], auto)
```
```   492
```
```   493 (*Replacing k by succ(k') yields the similar rule for le!*)
```
```   494 lemma Un_least_lt: "[| i<k;  j<k |] ==> i Un j < k"
```
```   495 apply (rule_tac i = "i" and j = "j" in Ord_linear_le)
```
```   496 apply (auto simp add: Un_commute le_subset_iff subset_Un_iff lt_Ord)
```
```   497 done
```
```   498
```
```   499 lemma Un_least_lt_iff: "[| Ord(i); Ord(j) |] ==> i Un j < k  <->  i<k & j<k"
```
```   500 apply (safe intro!: Un_least_lt)
```
```   501 apply (rule_tac [2] Un_upper2_le [THEN lt_trans1])
```
```   502 apply (rule Un_upper1_le [THEN lt_trans1], auto)
```
```   503 done
```
```   504
```
```   505 lemma Un_least_mem_iff:
```
```   506     "[| Ord(i); Ord(j); Ord(k) |] ==> i Un j : k  <->  i:k & j:k"
```
```   507 apply (insert Un_least_lt_iff [of i j k])
```
```   508 apply (simp add: lt_def)
```
```   509 done
```
```   510
```
```   511 (*Replacing k by succ(k') yields the similar rule for le!*)
```
```   512 lemma Int_greatest_lt: "[| i<k;  j<k |] ==> i Int j < k"
```
```   513 apply (rule_tac i = "i" and j = "j" in Ord_linear_le)
```
```   514 apply (auto simp add: Int_commute le_subset_iff subset_Int_iff lt_Ord)
```
```   515 done
```
```   516
```
```   517 lemma Ord_Un_if:
```
```   518      "[| Ord(i); Ord(j) |] ==> i \<union> j = (if j<i then i else j)"
```
```   519 by (simp add: not_lt_iff_le le_imp_subset leI
```
```   520               subset_Un_iff [symmetric]  subset_Un_iff2 [symmetric])
```
```   521
```
```   522 lemma succ_Un_distrib:
```
```   523      "[| Ord(i); Ord(j) |] ==> succ(i \<union> j) = succ(i) \<union> succ(j)"
```
```   524 by (simp add: Ord_Un_if lt_Ord le_Ord2)
```
```   525
```
```   526 lemma lt_Un_iff:
```
```   527      "[| Ord(i); Ord(j) |] ==> k < i \<union> j <-> k < i | k < j";
```
```   528 apply (simp add: Ord_Un_if not_lt_iff_le)
```
```   529 apply (blast intro: leI lt_trans2)+
```
```   530 done
```
```   531
```
```   532 lemma le_Un_iff:
```
```   533      "[| Ord(i); Ord(j) |] ==> k \<le> i \<union> j <-> k \<le> i | k \<le> j";
```
```   534 by (simp add: succ_Un_distrib lt_Un_iff [symmetric])
```
```   535
```
```   536 lemma Un_upper1_lt: "[|k < i; Ord(j)|] ==> k < i Un j"
```
```   537 by (simp add: lt_Un_iff lt_Ord2)
```
```   538
```
```   539 lemma Un_upper2_lt: "[|k < j; Ord(i)|] ==> k < i Un j"
```
```   540 by (simp add: lt_Un_iff lt_Ord2)
```
```   541
```
```   542 (*See also Transset_iff_Union_succ*)
```
```   543 lemma Ord_Union_succ_eq: "Ord(i) ==> \<Union>(succ(i)) = i"
```
```   544 by (blast intro: Ord_trans)
```
```   545
```
```   546
```
```   547 subsection{*Results about Limits*}
```
```   548
```
```   549 lemma Ord_Union [intro,simp,TC]: "[| !!i. i:A ==> Ord(i) |] ==> Ord(Union(A))"
```
```   550 apply (rule Ord_is_Transset [THEN Transset_Union_family, THEN OrdI])
```
```   551 apply (blast intro: Ord_contains_Transset)+
```
```   552 done
```
```   553
```
```   554 lemma Ord_UN [intro,simp,TC]:
```
```   555      "[| !!x. x:A ==> Ord(B(x)) |] ==> Ord(UN x:A. B(x))"
```
```   556 by (rule Ord_Union, blast)
```
```   557
```
```   558 lemma Ord_Inter [intro,simp,TC]:
```
```   559     "[| !!i. i:A ==> Ord(i) |] ==> Ord(Inter(A))"
```
```   560 apply (rule Transset_Inter_family [THEN OrdI])
```
```   561 apply (blast intro: Ord_is_Transset)
```
```   562 apply (simp add: Inter_def)
```
```   563 apply (blast intro: Ord_contains_Transset)
```
```   564 done
```
```   565
```
```   566 lemma Ord_INT [intro,simp,TC]:
```
```   567     "[| !!x. x:A ==> Ord(B(x)) |] ==> Ord(INT x:A. B(x))"
```
```   568 by (rule Ord_Inter, blast)
```
```   569
```
```   570
```
```   571 (* No < version; consider (UN i:nat.i)=nat *)
```
```   572 lemma UN_least_le:
```
```   573     "[| Ord(i);  !!x. x:A ==> b(x) le i |] ==> (UN x:A. b(x)) le i"
```
```   574 apply (rule le_imp_subset [THEN UN_least, THEN subset_imp_le])
```
```   575 apply (blast intro: Ord_UN elim: ltE)+
```
```   576 done
```
```   577
```
```   578 lemma UN_succ_least_lt:
```
```   579     "[| j<i;  !!x. x:A ==> b(x)<j |] ==> (UN x:A. succ(b(x))) < i"
```
```   580 apply (rule ltE, assumption)
```
```   581 apply (rule UN_least_le [THEN lt_trans2])
```
```   582 apply (blast intro: succ_leI)+
```
```   583 done
```
```   584
```
```   585 lemma UN_upper_lt:
```
```   586      "[| a\<in>A;  i < b(a);  Ord(\<Union>x\<in>A. b(x)) |] ==> i < (\<Union>x\<in>A. b(x))"
```
```   587 by (unfold lt_def, blast)
```
```   588
```
```   589 lemma UN_upper_le:
```
```   590      "[| a: A;  i le b(a);  Ord(UN x:A. b(x)) |] ==> i le (UN x:A. b(x))"
```
```   591 apply (frule ltD)
```
```   592 apply (rule le_imp_subset [THEN subset_trans, THEN subset_imp_le])
```
```   593 apply (blast intro: lt_Ord UN_upper)+
```
```   594 done
```
```   595
```
```   596 lemma lt_Union_iff: "\<forall>i\<in>A. Ord(i) ==> (j < \<Union>(A)) <-> (\<exists>i\<in>A. j<i)"
```
```   597 by (auto simp: lt_def Ord_Union)
```
```   598
```
```   599 lemma Union_upper_le:
```
```   600      "[| j: J;  i\<le>j;  Ord(\<Union>(J)) |] ==> i \<le> \<Union>J"
```
```   601 apply (subst Union_eq_UN)
```
```   602 apply (rule UN_upper_le, auto)
```
```   603 done
```
```   604
```
```   605 lemma le_implies_UN_le_UN:
```
```   606     "[| !!x. x:A ==> c(x) le d(x) |] ==> (UN x:A. c(x)) le (UN x:A. d(x))"
```
```   607 apply (rule UN_least_le)
```
```   608 apply (rule_tac [2] UN_upper_le)
```
```   609 apply (blast intro: Ord_UN le_Ord2)+
```
```   610 done
```
```   611
```
```   612 lemma Ord_equality: "Ord(i) ==> (UN y:i. succ(y)) = i"
```
```   613 by (blast intro: Ord_trans)
```
```   614
```
```   615 (*Holds for all transitive sets, not just ordinals*)
```
```   616 lemma Ord_Union_subset: "Ord(i) ==> Union(i) <= i"
```
```   617 by (blast intro: Ord_trans)
```
```   618
```
```   619
```
```   620 subsection{*Limit Ordinals -- General Properties*}
```
```   621
```
```   622 lemma Limit_Union_eq: "Limit(i) ==> Union(i) = i"
```
```   623 apply (unfold Limit_def)
```
```   624 apply (fast intro!: ltI elim!: ltE elim: Ord_trans)
```
```   625 done
```
```   626
```
```   627 lemma Limit_is_Ord: "Limit(i) ==> Ord(i)"
```
```   628 apply (unfold Limit_def)
```
```   629 apply (erule conjunct1)
```
```   630 done
```
```   631
```
```   632 lemma Limit_has_0: "Limit(i) ==> 0 < i"
```
```   633 apply (unfold Limit_def)
```
```   634 apply (erule conjunct2 [THEN conjunct1])
```
```   635 done
```
```   636
```
```   637 lemma Limit_has_succ: "[| Limit(i);  j<i |] ==> succ(j) < i"
```
```   638 by (unfold Limit_def, blast)
```
```   639
```
```   640 lemma zero_not_Limit [iff]: "~ Limit(0)"
```
```   641 by (simp add: Limit_def)
```
```   642
```
```   643 lemma Limit_has_1: "Limit(i) ==> 1 < i"
```
```   644 by (blast intro: Limit_has_0 Limit_has_succ)
```
```   645
```
```   646 lemma increasing_LimitI: "[| 0<l; \<forall>x\<in>l. \<exists>y\<in>l. x<y |] ==> Limit(l)"
```
```   647 apply (simp add: Limit_def lt_Ord2, clarify)
```
```   648 apply (drule_tac i=y in ltD)
```
```   649 apply (blast intro: lt_trans1 [OF _ ltI] lt_Ord2)
```
```   650 done
```
```   651
```
```   652 lemma non_succ_LimitI:
```
```   653     "[| 0<i;  ALL y. succ(y) ~= i |] ==> Limit(i)"
```
```   654 apply (unfold Limit_def)
```
```   655 apply (safe del: subsetI)
```
```   656 apply (rule_tac [2] not_le_iff_lt [THEN iffD1])
```
```   657 apply (simp_all add: lt_Ord lt_Ord2)
```
```   658 apply (blast elim: leE lt_asym)
```
```   659 done
```
```   660
```
```   661 lemma succ_LimitE [elim!]: "Limit(succ(i)) ==> P"
```
```   662 apply (rule lt_irrefl)
```
```   663 apply (rule Limit_has_succ, assumption)
```
```   664 apply (erule Limit_is_Ord [THEN Ord_succD, THEN le_refl])
```
```   665 done
```
```   666
```
```   667 lemma not_succ_Limit [simp]: "~ Limit(succ(i))"
```
```   668 by blast
```
```   669
```
```   670 lemma Limit_le_succD: "[| Limit(i);  i le succ(j) |] ==> i le j"
```
```   671 by (blast elim!: leE)
```
```   672
```
```   673
```
```   674 subsubsection{*Traditional 3-Way Case Analysis on Ordinals*}
```
```   675
```
```   676 lemma Ord_cases_disj: "Ord(i) ==> i=0 | (EX j. Ord(j) & i=succ(j)) | Limit(i)"
```
```   677 by (blast intro!: non_succ_LimitI Ord_0_lt)
```
```   678
```
```   679 lemma Ord_cases:
```
```   680     "[| Ord(i);
```
```   681         i=0                          ==> P;
```
```   682         !!j. [| Ord(j); i=succ(j) |] ==> P;
```
```   683         Limit(i)                     ==> P
```
```   684      |] ==> P"
```
```   685 by (drule Ord_cases_disj, blast)
```
```   686
```
```   687 lemma trans_induct3:
```
```   688      "[| Ord(i);
```
```   689          P(0);
```
```   690          !!x. [| Ord(x);  P(x) |] ==> P(succ(x));
```
```   691          !!x. [| Limit(x);  ALL y:x. P(y) |] ==> P(x)
```
```   692       |] ==> P(i)"
```
```   693 apply (erule trans_induct)
```
```   694 apply (erule Ord_cases, blast+)
```
```   695 done
```
```   696
```
```   697 text{*A set of ordinals is either empty, contains its own union, or its
```
```   698 union is a limit ordinal.*}
```
```   699 lemma Ord_set_cases:
```
```   700    "\<forall>i\<in>I. Ord(i) ==> I=0 \<or> \<Union>(I) \<in> I \<or> (\<Union>(I) \<notin> I \<and> Limit(\<Union>(I)))"
```
```   701 apply (clarify elim!: not_emptyE)
```
```   702 apply (cases "\<Union>(I)" rule: Ord_cases)
```
```   703    apply (blast intro: Ord_Union)
```
```   704   apply (blast intro: subst_elem)
```
```   705  apply auto
```
```   706 apply (clarify elim!: equalityE succ_subsetE)
```
```   707 apply (simp add: Union_subset_iff)
```
```   708 apply (subgoal_tac "B = succ(j)", blast)
```
```   709 apply (rule le_anti_sym)
```
```   710  apply (simp add: le_subset_iff)
```
```   711 apply (simp add: ltI)
```
```   712 done
```
```   713
```
```   714 text{*If the union of a set of ordinals is a successor, then it is
```
```   715 an element of that set.*}
```
```   716 lemma Ord_Union_eq_succD: "[|\<forall>x\<in>X. Ord(x);  \<Union>X = succ(j)|] ==> succ(j) \<in> X"
```
```   717 by (drule Ord_set_cases, auto)
```
```   718
```
```   719 lemma Limit_Union [rule_format]: "[| I \<noteq> 0;  \<forall>i\<in>I. Limit(i) |] ==> Limit(\<Union>I)"
```
```   720 apply (simp add: Limit_def lt_def)
```
```   721 apply (blast intro!: equalityI)
```
```   722 done
```
```   723
```
```   724 (*special induction rules for the "induct" method*)
```
```   725 lemmas Ord_induct = Ord_induct [consumes 2]
```
```   726   and Ord_induct_rule = Ord_induct [rule_format, consumes 2]
```
```   727   and trans_induct = trans_induct [consumes 1]
```
```   728   and trans_induct_rule = trans_induct [rule_format, consumes 1]
```
```   729   and trans_induct3 = trans_induct3 [case_names 0 succ limit, consumes 1]
```
```   730   and trans_induct3_rule = trans_induct3 [rule_format, case_names 0 succ limit, consumes 1]
```
```   731
```
```   732 ML
```
```   733 {*
```
```   734 val Memrel_def = thm "Memrel_def";
```
```   735 val Transset_def = thm "Transset_def";
```
```   736 val Ord_def = thm "Ord_def";
```
```   737 val lt_def = thm "lt_def";
```
```   738 val Limit_def = thm "Limit_def";
```
```   739
```
```   740 val Transset_iff_Pow = thm "Transset_iff_Pow";
```
```   741 val Transset_iff_Union_succ = thm "Transset_iff_Union_succ";
```
```   742 val Transset_iff_Union_subset = thm "Transset_iff_Union_subset";
```
```   743 val Transset_doubleton_D = thm "Transset_doubleton_D";
```
```   744 val Transset_Pair_D = thm "Transset_Pair_D";
```
```   745 val Transset_includes_domain = thm "Transset_includes_domain";
```
```   746 val Transset_includes_range = thm "Transset_includes_range";
```
```   747 val Transset_0 = thm "Transset_0";
```
```   748 val Transset_Un = thm "Transset_Un";
```
```   749 val Transset_Int = thm "Transset_Int";
```
```   750 val Transset_succ = thm "Transset_succ";
```
```   751 val Transset_Pow = thm "Transset_Pow";
```
```   752 val Transset_Union = thm "Transset_Union";
```
```   753 val Transset_Union_family = thm "Transset_Union_family";
```
```   754 val Transset_Inter_family = thm "Transset_Inter_family";
```
```   755 val OrdI = thm "OrdI";
```
```   756 val Ord_is_Transset = thm "Ord_is_Transset";
```
```   757 val Ord_contains_Transset = thm "Ord_contains_Transset";
```
```   758 val Ord_in_Ord = thm "Ord_in_Ord";
```
```   759 val Ord_succD = thm "Ord_succD";
```
```   760 val Ord_subset_Ord = thm "Ord_subset_Ord";
```
```   761 val OrdmemD = thm "OrdmemD";
```
```   762 val Ord_trans = thm "Ord_trans";
```
```   763 val Ord_succ_subsetI = thm "Ord_succ_subsetI";
```
```   764 val Ord_0 = thm "Ord_0";
```
```   765 val Ord_succ = thm "Ord_succ";
```
```   766 val Ord_1 = thm "Ord_1";
```
```   767 val Ord_succ_iff = thm "Ord_succ_iff";
```
```   768 val Ord_Un = thm "Ord_Un";
```
```   769 val Ord_Int = thm "Ord_Int";
```
```   770 val Ord_Inter = thm "Ord_Inter";
```
```   771 val Ord_INT = thm "Ord_INT";
```
```   772 val ON_class = thm "ON_class";
```
```   773 val ltI = thm "ltI";
```
```   774 val ltE = thm "ltE";
```
```   775 val ltD = thm "ltD";
```
```   776 val not_lt0 = thm "not_lt0";
```
```   777 val lt_Ord = thm "lt_Ord";
```
```   778 val lt_Ord2 = thm "lt_Ord2";
```
```   779 val le_Ord2 = thm "le_Ord2";
```
```   780 val lt0E = thm "lt0E";
```
```   781 val lt_trans = thm "lt_trans";
```
```   782 val lt_not_sym = thm "lt_not_sym";
```
```   783 val lt_asym = thm "lt_asym";
```
```   784 val lt_irrefl = thm "lt_irrefl";
```
```   785 val lt_not_refl = thm "lt_not_refl";
```
```   786 val le_iff = thm "le_iff";
```
```   787 val leI = thm "leI";
```
```   788 val le_eqI = thm "le_eqI";
```
```   789 val le_refl = thm "le_refl";
```
```   790 val le_refl_iff = thm "le_refl_iff";
```
```   791 val leCI = thm "leCI";
```
```   792 val leE = thm "leE";
```
```   793 val le_anti_sym = thm "le_anti_sym";
```
```   794 val le0_iff = thm "le0_iff";
```
```   795 val le0D = thm "le0D";
```
```   796 val Memrel_iff = thm "Memrel_iff";
```
```   797 val MemrelI = thm "MemrelI";
```
```   798 val MemrelE = thm "MemrelE";
```
```   799 val Memrel_type = thm "Memrel_type";
```
```   800 val Memrel_mono = thm "Memrel_mono";
```
```   801 val Memrel_0 = thm "Memrel_0";
```
```   802 val Memrel_1 = thm "Memrel_1";
```
```   803 val wf_Memrel = thm "wf_Memrel";
```
```   804 val trans_Memrel = thm "trans_Memrel";
```
```   805 val Transset_Memrel_iff = thm "Transset_Memrel_iff";
```
```   806 val Transset_induct = thm "Transset_induct";
```
```   807 val Ord_induct = thm "Ord_induct";
```
```   808 val trans_induct = thm "trans_induct";
```
```   809 val Ord_linear = thm "Ord_linear";
```
```   810 val Ord_linear_lt = thm "Ord_linear_lt";
```
```   811 val Ord_linear2 = thm "Ord_linear2";
```
```   812 val Ord_linear_le = thm "Ord_linear_le";
```
```   813 val le_imp_not_lt = thm "le_imp_not_lt";
```
```   814 val not_lt_imp_le = thm "not_lt_imp_le";
```
```   815 val Ord_mem_iff_lt = thm "Ord_mem_iff_lt";
```
```   816 val not_lt_iff_le = thm "not_lt_iff_le";
```
```   817 val not_le_iff_lt = thm "not_le_iff_lt";
```
```   818 val Ord_0_le = thm "Ord_0_le";
```
```   819 val Ord_0_lt = thm "Ord_0_lt";
```
```   820 val Ord_0_lt_iff = thm "Ord_0_lt_iff";
```
```   821 val zero_le_succ_iff = thm "zero_le_succ_iff";
```
```   822 val subset_imp_le = thm "subset_imp_le";
```
```   823 val le_imp_subset = thm "le_imp_subset";
```
```   824 val le_subset_iff = thm "le_subset_iff";
```
```   825 val le_succ_iff = thm "le_succ_iff";
```
```   826 val all_lt_imp_le = thm "all_lt_imp_le";
```
```   827 val lt_trans1 = thm "lt_trans1";
```
```   828 val lt_trans2 = thm "lt_trans2";
```
```   829 val le_trans = thm "le_trans";
```
```   830 val succ_leI = thm "succ_leI";
```
```   831 val succ_leE = thm "succ_leE";
```
```   832 val succ_le_iff = thm "succ_le_iff";
```
```   833 val succ_le_imp_le = thm "succ_le_imp_le";
```
```   834 val lt_subset_trans = thm "lt_subset_trans";
```
```   835 val Un_upper1_le = thm "Un_upper1_le";
```
```   836 val Un_upper2_le = thm "Un_upper2_le";
```
```   837 val Un_least_lt = thm "Un_least_lt";
```
```   838 val Un_least_lt_iff = thm "Un_least_lt_iff";
```
```   839 val Un_least_mem_iff = thm "Un_least_mem_iff";
```
```   840 val Int_greatest_lt = thm "Int_greatest_lt";
```
```   841 val Ord_Union = thm "Ord_Union";
```
```   842 val Ord_UN = thm "Ord_UN";
```
```   843 val UN_least_le = thm "UN_least_le";
```
```   844 val UN_succ_least_lt = thm "UN_succ_least_lt";
```
```   845 val UN_upper_le = thm "UN_upper_le";
```
```   846 val le_implies_UN_le_UN = thm "le_implies_UN_le_UN";
```
```   847 val Ord_equality = thm "Ord_equality";
```
```   848 val Ord_Union_subset = thm "Ord_Union_subset";
```
```   849 val Limit_Union_eq = thm "Limit_Union_eq";
```
```   850 val Limit_is_Ord = thm "Limit_is_Ord";
```
```   851 val Limit_has_0 = thm "Limit_has_0";
```
```   852 val Limit_has_succ = thm "Limit_has_succ";
```
```   853 val non_succ_LimitI = thm "non_succ_LimitI";
```
```   854 val succ_LimitE = thm "succ_LimitE";
```
```   855 val not_succ_Limit = thm "not_succ_Limit";
```
```   856 val Limit_le_succD = thm "Limit_le_succD";
```
```   857 val Ord_cases_disj = thm "Ord_cases_disj";
```
```   858 val Ord_cases = thm "Ord_cases";
```
```   859 val trans_induct3 = thm "trans_induct3";
```
```   860 *}
```
```   861
```
```   862 end
```