src/ZF/Constructible/Rec_Separation.thy
 author wenzelm Thu Dec 14 11:24:26 2017 +0100 (21 months ago) changeset 67198 694f29a5433b parent 61798 27f3c10b0b50 child 69593 3dda49e08b9d permissions -rw-r--r--
merged
```     1 (*  Title:      ZF/Constructible/Rec_Separation.thy
```
```     2     Author:     Lawrence C Paulson, Cambridge University Computer Laboratory
```
```     3 *)
```
```     4
```
```     5 section \<open>Separation for Facts About Recursion\<close>
```
```     6
```
```     7 theory Rec_Separation imports Separation Internalize begin
```
```     8
```
```     9 text\<open>This theory proves all instances needed for locales \<open>M_trancl\<close> and \<open>M_datatypes\<close>\<close>
```
```    10
```
```    11 lemma eq_succ_imp_lt: "[|i = succ(j); Ord(i)|] ==> j<i"
```
```    12 by simp
```
```    13
```
```    14
```
```    15 subsection\<open>The Locale \<open>M_trancl\<close>\<close>
```
```    16
```
```    17 subsubsection\<open>Separation for Reflexive/Transitive Closure\<close>
```
```    18
```
```    19 text\<open>First, The Defining Formula\<close>
```
```    20
```
```    21 (* "rtran_closure_mem(M,A,r,p) ==
```
```    22       \<exists>nnat[M]. \<exists>n[M]. \<exists>n'[M].
```
```    23        omega(M,nnat) & n\<in>nnat & successor(M,n,n') &
```
```    24        (\<exists>f[M]. typed_function(M,n',A,f) &
```
```    25         (\<exists>x[M]. \<exists>y[M]. \<exists>zero[M]. pair(M,x,y,p) & empty(M,zero) &
```
```    26           fun_apply(M,f,zero,x) & fun_apply(M,f,n,y)) &
```
```    27         (\<forall>j[M]. j\<in>n \<longrightarrow>
```
```    28           (\<exists>fj[M]. \<exists>sj[M]. \<exists>fsj[M]. \<exists>ffp[M].
```
```    29             fun_apply(M,f,j,fj) & successor(M,j,sj) &
```
```    30             fun_apply(M,f,sj,fsj) & pair(M,fj,fsj,ffp) & ffp \<in> r)))"*)
```
```    31 definition
```
```    32   rtran_closure_mem_fm :: "[i,i,i]=>i" where
```
```    33  "rtran_closure_mem_fm(A,r,p) ==
```
```    34    Exists(Exists(Exists(
```
```    35     And(omega_fm(2),
```
```    36      And(Member(1,2),
```
```    37       And(succ_fm(1,0),
```
```    38        Exists(And(typed_function_fm(1, A#+4, 0),
```
```    39         And(Exists(Exists(Exists(
```
```    40               And(pair_fm(2,1,p#+7),
```
```    41                And(empty_fm(0),
```
```    42                 And(fun_apply_fm(3,0,2), fun_apply_fm(3,5,1))))))),
```
```    43             Forall(Implies(Member(0,3),
```
```    44              Exists(Exists(Exists(Exists(
```
```    45               And(fun_apply_fm(5,4,3),
```
```    46                And(succ_fm(4,2),
```
```    47                 And(fun_apply_fm(5,2,1),
```
```    48                  And(pair_fm(3,1,0), Member(0,r#+9))))))))))))))))))))"
```
```    49
```
```    50
```
```    51 lemma rtran_closure_mem_type [TC]:
```
```    52  "[| x \<in> nat; y \<in> nat; z \<in> nat |] ==> rtran_closure_mem_fm(x,y,z) \<in> formula"
```
```    53 by (simp add: rtran_closure_mem_fm_def)
```
```    54
```
```    55 lemma sats_rtran_closure_mem_fm [simp]:
```
```    56    "[| x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
```
```    57     ==> sats(A, rtran_closure_mem_fm(x,y,z), env) \<longleftrightarrow>
```
```    58         rtran_closure_mem(##A, nth(x,env), nth(y,env), nth(z,env))"
```
```    59 by (simp add: rtran_closure_mem_fm_def rtran_closure_mem_def)
```
```    60
```
```    61 lemma rtran_closure_mem_iff_sats:
```
```    62       "[| nth(i,env) = x; nth(j,env) = y; nth(k,env) = z;
```
```    63           i \<in> nat; j \<in> nat; k \<in> nat; env \<in> list(A)|]
```
```    64        ==> rtran_closure_mem(##A, x, y, z) \<longleftrightarrow> sats(A, rtran_closure_mem_fm(i,j,k), env)"
```
```    65 by (simp add: sats_rtran_closure_mem_fm)
```
```    66
```
```    67 lemma rtran_closure_mem_reflection:
```
```    68      "REFLECTS[\<lambda>x. rtran_closure_mem(L,f(x),g(x),h(x)),
```
```    69                \<lambda>i x. rtran_closure_mem(##Lset(i),f(x),g(x),h(x))]"
```
```    70 apply (simp only: rtran_closure_mem_def)
```
```    71 apply (intro FOL_reflections function_reflections fun_plus_reflections)
```
```    72 done
```
```    73
```
```    74 text\<open>Separation for @{term "rtrancl(r)"}.\<close>
```
```    75 lemma rtrancl_separation:
```
```    76      "[| L(r); L(A) |] ==> separation (L, rtran_closure_mem(L,A,r))"
```
```    77 apply (rule gen_separation_multi [OF rtran_closure_mem_reflection, of "{r,A}"],
```
```    78        auto)
```
```    79 apply (rule_tac env="[r,A]" in DPow_LsetI)
```
```    80 apply (rule rtran_closure_mem_iff_sats sep_rules | simp)+
```
```    81 done
```
```    82
```
```    83
```
```    84 subsubsection\<open>Reflexive/Transitive Closure, Internalized\<close>
```
```    85
```
```    86 (*  "rtran_closure(M,r,s) ==
```
```    87         \<forall>A[M]. is_field(M,r,A) \<longrightarrow>
```
```    88          (\<forall>p[M]. p \<in> s \<longleftrightarrow> rtran_closure_mem(M,A,r,p))" *)
```
```    89 definition
```
```    90   rtran_closure_fm :: "[i,i]=>i" where
```
```    91   "rtran_closure_fm(r,s) ==
```
```    92    Forall(Implies(field_fm(succ(r),0),
```
```    93                   Forall(Iff(Member(0,succ(succ(s))),
```
```    94                              rtran_closure_mem_fm(1,succ(succ(r)),0)))))"
```
```    95
```
```    96 lemma rtran_closure_type [TC]:
```
```    97      "[| x \<in> nat; y \<in> nat |] ==> rtran_closure_fm(x,y) \<in> formula"
```
```    98 by (simp add: rtran_closure_fm_def)
```
```    99
```
```   100 lemma sats_rtran_closure_fm [simp]:
```
```   101    "[| x \<in> nat; y \<in> nat; env \<in> list(A)|]
```
```   102     ==> sats(A, rtran_closure_fm(x,y), env) \<longleftrightarrow>
```
```   103         rtran_closure(##A, nth(x,env), nth(y,env))"
```
```   104 by (simp add: rtran_closure_fm_def rtran_closure_def)
```
```   105
```
```   106 lemma rtran_closure_iff_sats:
```
```   107       "[| nth(i,env) = x; nth(j,env) = y;
```
```   108           i \<in> nat; j \<in> nat; env \<in> list(A)|]
```
```   109        ==> rtran_closure(##A, x, y) \<longleftrightarrow> sats(A, rtran_closure_fm(i,j), env)"
```
```   110 by simp
```
```   111
```
```   112 theorem rtran_closure_reflection:
```
```   113      "REFLECTS[\<lambda>x. rtran_closure(L,f(x),g(x)),
```
```   114                \<lambda>i x. rtran_closure(##Lset(i),f(x),g(x))]"
```
```   115 apply (simp only: rtran_closure_def)
```
```   116 apply (intro FOL_reflections function_reflections rtran_closure_mem_reflection)
```
```   117 done
```
```   118
```
```   119
```
```   120 subsubsection\<open>Transitive Closure of a Relation, Internalized\<close>
```
```   121
```
```   122 (*  "tran_closure(M,r,t) ==
```
```   123          \<exists>s[M]. rtran_closure(M,r,s) & composition(M,r,s,t)" *)
```
```   124 definition
```
```   125   tran_closure_fm :: "[i,i]=>i" where
```
```   126   "tran_closure_fm(r,s) ==
```
```   127    Exists(And(rtran_closure_fm(succ(r),0), composition_fm(succ(r),0,succ(s))))"
```
```   128
```
```   129 lemma tran_closure_type [TC]:
```
```   130      "[| x \<in> nat; y \<in> nat |] ==> tran_closure_fm(x,y) \<in> formula"
```
```   131 by (simp add: tran_closure_fm_def)
```
```   132
```
```   133 lemma sats_tran_closure_fm [simp]:
```
```   134    "[| x \<in> nat; y \<in> nat; env \<in> list(A)|]
```
```   135     ==> sats(A, tran_closure_fm(x,y), env) \<longleftrightarrow>
```
```   136         tran_closure(##A, nth(x,env), nth(y,env))"
```
```   137 by (simp add: tran_closure_fm_def tran_closure_def)
```
```   138
```
```   139 lemma tran_closure_iff_sats:
```
```   140       "[| nth(i,env) = x; nth(j,env) = y;
```
```   141           i \<in> nat; j \<in> nat; env \<in> list(A)|]
```
```   142        ==> tran_closure(##A, x, y) \<longleftrightarrow> sats(A, tran_closure_fm(i,j), env)"
```
```   143 by simp
```
```   144
```
```   145 theorem tran_closure_reflection:
```
```   146      "REFLECTS[\<lambda>x. tran_closure(L,f(x),g(x)),
```
```   147                \<lambda>i x. tran_closure(##Lset(i),f(x),g(x))]"
```
```   148 apply (simp only: tran_closure_def)
```
```   149 apply (intro FOL_reflections function_reflections
```
```   150              rtran_closure_reflection composition_reflection)
```
```   151 done
```
```   152
```
```   153
```
```   154 subsubsection\<open>Separation for the Proof of \<open>wellfounded_on_trancl\<close>\<close>
```
```   155
```
```   156 lemma wellfounded_trancl_reflects:
```
```   157   "REFLECTS[\<lambda>x. \<exists>w[L]. \<exists>wx[L]. \<exists>rp[L].
```
```   158                  w \<in> Z & pair(L,w,x,wx) & tran_closure(L,r,rp) & wx \<in> rp,
```
```   159    \<lambda>i x. \<exists>w \<in> Lset(i). \<exists>wx \<in> Lset(i). \<exists>rp \<in> Lset(i).
```
```   160        w \<in> Z & pair(##Lset(i),w,x,wx) & tran_closure(##Lset(i),r,rp) &
```
```   161        wx \<in> rp]"
```
```   162 by (intro FOL_reflections function_reflections fun_plus_reflections
```
```   163           tran_closure_reflection)
```
```   164
```
```   165 lemma wellfounded_trancl_separation:
```
```   166          "[| L(r); L(Z) |] ==>
```
```   167           separation (L, \<lambda>x.
```
```   168               \<exists>w[L]. \<exists>wx[L]. \<exists>rp[L].
```
```   169                w \<in> Z & pair(L,w,x,wx) & tran_closure(L,r,rp) & wx \<in> rp)"
```
```   170 apply (rule gen_separation_multi [OF wellfounded_trancl_reflects, of "{r,Z}"],
```
```   171        auto)
```
```   172 apply (rule_tac env="[r,Z]" in DPow_LsetI)
```
```   173 apply (rule sep_rules tran_closure_iff_sats | simp)+
```
```   174 done
```
```   175
```
```   176
```
```   177 subsubsection\<open>Instantiating the locale \<open>M_trancl\<close>\<close>
```
```   178
```
```   179 lemma M_trancl_axioms_L: "M_trancl_axioms(L)"
```
```   180   apply (rule M_trancl_axioms.intro)
```
```   181    apply (assumption | rule rtrancl_separation wellfounded_trancl_separation)+
```
```   182   done
```
```   183
```
```   184 theorem M_trancl_L: "PROP M_trancl(L)"
```
```   185 by (rule M_trancl.intro [OF M_basic_L M_trancl_axioms_L])
```
```   186
```
```   187 interpretation L?: M_trancl L by (rule M_trancl_L)
```
```   188
```
```   189
```
```   190 subsection\<open>@{term L} is Closed Under the Operator @{term list}\<close>
```
```   191
```
```   192 subsubsection\<open>Instances of Replacement for Lists\<close>
```
```   193
```
```   194 lemma list_replacement1_Reflects:
```
```   195  "REFLECTS
```
```   196    [\<lambda>x. \<exists>u[L]. u \<in> B \<and> (\<exists>y[L]. pair(L,u,y,x) \<and>
```
```   197          is_wfrec(L, iterates_MH(L, is_list_functor(L,A), 0), memsn, u, y)),
```
```   198     \<lambda>i x. \<exists>u \<in> Lset(i). u \<in> B \<and> (\<exists>y \<in> Lset(i). pair(##Lset(i), u, y, x) \<and>
```
```   199          is_wfrec(##Lset(i),
```
```   200                   iterates_MH(##Lset(i),
```
```   201                           is_list_functor(##Lset(i), A), 0), memsn, u, y))]"
```
```   202 by (intro FOL_reflections function_reflections is_wfrec_reflection
```
```   203           iterates_MH_reflection list_functor_reflection)
```
```   204
```
```   205
```
```   206 lemma list_replacement1:
```
```   207    "L(A) ==> iterates_replacement(L, is_list_functor(L,A), 0)"
```
```   208 apply (unfold iterates_replacement_def wfrec_replacement_def, clarify)
```
```   209 apply (rule strong_replacementI)
```
```   210 apply (rule_tac u="{B,A,n,0,Memrel(succ(n))}"
```
```   211          in gen_separation_multi [OF list_replacement1_Reflects],
```
```   212        auto simp add: nonempty)
```
```   213 apply (rule_tac env="[B,A,n,0,Memrel(succ(n))]" in DPow_LsetI)
```
```   214 apply (rule sep_rules is_nat_case_iff_sats list_functor_iff_sats
```
```   215             is_wfrec_iff_sats iterates_MH_iff_sats quasinat_iff_sats | simp)+
```
```   216 done
```
```   217
```
```   218
```
```   219 lemma list_replacement2_Reflects:
```
```   220  "REFLECTS
```
```   221    [\<lambda>x. \<exists>u[L]. u \<in> B & u \<in> nat &
```
```   222                 is_iterates(L, is_list_functor(L, A), 0, u, x),
```
```   223     \<lambda>i x. \<exists>u \<in> Lset(i). u \<in> B & u \<in> nat &
```
```   224                is_iterates(##Lset(i), is_list_functor(##Lset(i), A), 0, u, x)]"
```
```   225 by (intro FOL_reflections
```
```   226           is_iterates_reflection list_functor_reflection)
```
```   227
```
```   228 lemma list_replacement2:
```
```   229    "L(A) ==> strong_replacement(L,
```
```   230          \<lambda>n y. n\<in>nat & is_iterates(L, is_list_functor(L,A), 0, n, y))"
```
```   231 apply (rule strong_replacementI)
```
```   232 apply (rule_tac u="{A,B,0,nat}"
```
```   233          in gen_separation_multi [OF list_replacement2_Reflects],
```
```   234        auto simp add: L_nat nonempty)
```
```   235 apply (rule_tac env="[A,B,0,nat]" in DPow_LsetI)
```
```   236 apply (rule sep_rules list_functor_iff_sats is_iterates_iff_sats | simp)+
```
```   237 done
```
```   238
```
```   239
```
```   240 subsection\<open>@{term L} is Closed Under the Operator @{term formula}\<close>
```
```   241
```
```   242 subsubsection\<open>Instances of Replacement for Formulas\<close>
```
```   243
```
```   244 (*FIXME: could prove a lemma iterates_replacementI to eliminate the
```
```   245 need to expand iterates_replacement and wfrec_replacement*)
```
```   246 lemma formula_replacement1_Reflects:
```
```   247  "REFLECTS
```
```   248    [\<lambda>x. \<exists>u[L]. u \<in> B & (\<exists>y[L]. pair(L,u,y,x) &
```
```   249          is_wfrec(L, iterates_MH(L, is_formula_functor(L), 0), memsn, u, y)),
```
```   250     \<lambda>i x. \<exists>u \<in> Lset(i). u \<in> B & (\<exists>y \<in> Lset(i). pair(##Lset(i), u, y, x) &
```
```   251          is_wfrec(##Lset(i),
```
```   252                   iterates_MH(##Lset(i),
```
```   253                           is_formula_functor(##Lset(i)), 0), memsn, u, y))]"
```
```   254 by (intro FOL_reflections function_reflections is_wfrec_reflection
```
```   255           iterates_MH_reflection formula_functor_reflection)
```
```   256
```
```   257 lemma formula_replacement1:
```
```   258    "iterates_replacement(L, is_formula_functor(L), 0)"
```
```   259 apply (unfold iterates_replacement_def wfrec_replacement_def, clarify)
```
```   260 apply (rule strong_replacementI)
```
```   261 apply (rule_tac u="{B,n,0,Memrel(succ(n))}"
```
```   262          in gen_separation_multi [OF formula_replacement1_Reflects],
```
```   263        auto simp add: nonempty)
```
```   264 apply (rule_tac env="[n,B,0,Memrel(succ(n))]" in DPow_LsetI)
```
```   265 apply (rule sep_rules is_nat_case_iff_sats formula_functor_iff_sats
```
```   266             is_wfrec_iff_sats iterates_MH_iff_sats quasinat_iff_sats | simp)+
```
```   267 done
```
```   268
```
```   269 lemma formula_replacement2_Reflects:
```
```   270  "REFLECTS
```
```   271    [\<lambda>x. \<exists>u[L]. u \<in> B & u \<in> nat &
```
```   272                 is_iterates(L, is_formula_functor(L), 0, u, x),
```
```   273     \<lambda>i x. \<exists>u \<in> Lset(i). u \<in> B & u \<in> nat &
```
```   274                is_iterates(##Lset(i), is_formula_functor(##Lset(i)), 0, u, x)]"
```
```   275 by (intro FOL_reflections
```
```   276           is_iterates_reflection formula_functor_reflection)
```
```   277
```
```   278 lemma formula_replacement2:
```
```   279    "strong_replacement(L,
```
```   280          \<lambda>n y. n\<in>nat & is_iterates(L, is_formula_functor(L), 0, n, y))"
```
```   281 apply (rule strong_replacementI)
```
```   282 apply (rule_tac u="{B,0,nat}"
```
```   283          in gen_separation_multi [OF formula_replacement2_Reflects],
```
```   284        auto simp add: nonempty L_nat)
```
```   285 apply (rule_tac env="[B,0,nat]" in DPow_LsetI)
```
```   286 apply (rule sep_rules formula_functor_iff_sats is_iterates_iff_sats | simp)+
```
```   287 done
```
```   288
```
```   289 text\<open>NB The proofs for type @{term formula} are virtually identical to those
```
```   290 for @{term "list(A)"}.  It was a cut-and-paste job!\<close>
```
```   291
```
```   292
```
```   293 subsubsection\<open>The Formula @{term is_nth}, Internalized\<close>
```
```   294
```
```   295 (* "is_nth(M,n,l,Z) ==
```
```   296       \<exists>X[M]. is_iterates(M, is_tl(M), l, n, X) & is_hd(M,X,Z)" *)
```
```   297 definition
```
```   298   nth_fm :: "[i,i,i]=>i" where
```
```   299     "nth_fm(n,l,Z) ==
```
```   300        Exists(And(is_iterates_fm(tl_fm(1,0), succ(l), succ(n), 0),
```
```   301               hd_fm(0,succ(Z))))"
```
```   302
```
```   303 lemma nth_fm_type [TC]:
```
```   304  "[| x \<in> nat; y \<in> nat; z \<in> nat |] ==> nth_fm(x,y,z) \<in> formula"
```
```   305 by (simp add: nth_fm_def)
```
```   306
```
```   307 lemma sats_nth_fm [simp]:
```
```   308    "[| x < length(env); y \<in> nat; z \<in> nat; env \<in> list(A)|]
```
```   309     ==> sats(A, nth_fm(x,y,z), env) \<longleftrightarrow>
```
```   310         is_nth(##A, nth(x,env), nth(y,env), nth(z,env))"
```
```   311 apply (frule lt_length_in_nat, assumption)
```
```   312 apply (simp add: nth_fm_def is_nth_def sats_is_iterates_fm)
```
```   313 done
```
```   314
```
```   315 lemma nth_iff_sats:
```
```   316       "[| nth(i,env) = x; nth(j,env) = y; nth(k,env) = z;
```
```   317           i < length(env); j \<in> nat; k \<in> nat; env \<in> list(A)|]
```
```   318        ==> is_nth(##A, x, y, z) \<longleftrightarrow> sats(A, nth_fm(i,j,k), env)"
```
```   319 by (simp add: sats_nth_fm)
```
```   320
```
```   321 theorem nth_reflection:
```
```   322      "REFLECTS[\<lambda>x. is_nth(L, f(x), g(x), h(x)),
```
```   323                \<lambda>i x. is_nth(##Lset(i), f(x), g(x), h(x))]"
```
```   324 apply (simp only: is_nth_def)
```
```   325 apply (intro FOL_reflections is_iterates_reflection
```
```   326              hd_reflection tl_reflection)
```
```   327 done
```
```   328
```
```   329
```
```   330 subsubsection\<open>An Instance of Replacement for @{term nth}\<close>
```
```   331
```
```   332 (*FIXME: could prove a lemma iterates_replacementI to eliminate the
```
```   333 need to expand iterates_replacement and wfrec_replacement*)
```
```   334 lemma nth_replacement_Reflects:
```
```   335  "REFLECTS
```
```   336    [\<lambda>x. \<exists>u[L]. u \<in> B & (\<exists>y[L]. pair(L,u,y,x) &
```
```   337          is_wfrec(L, iterates_MH(L, is_tl(L), z), memsn, u, y)),
```
```   338     \<lambda>i x. \<exists>u \<in> Lset(i). u \<in> B & (\<exists>y \<in> Lset(i). pair(##Lset(i), u, y, x) &
```
```   339          is_wfrec(##Lset(i),
```
```   340                   iterates_MH(##Lset(i),
```
```   341                           is_tl(##Lset(i)), z), memsn, u, y))]"
```
```   342 by (intro FOL_reflections function_reflections is_wfrec_reflection
```
```   343           iterates_MH_reflection tl_reflection)
```
```   344
```
```   345 lemma nth_replacement:
```
```   346    "L(w) ==> iterates_replacement(L, is_tl(L), w)"
```
```   347 apply (unfold iterates_replacement_def wfrec_replacement_def, clarify)
```
```   348 apply (rule strong_replacementI)
```
```   349 apply (rule_tac u="{B,w,Memrel(succ(n))}"
```
```   350          in gen_separation_multi [OF nth_replacement_Reflects],
```
```   351        auto)
```
```   352 apply (rule_tac env="[B,w,Memrel(succ(n))]" in DPow_LsetI)
```
```   353 apply (rule sep_rules is_nat_case_iff_sats tl_iff_sats
```
```   354             is_wfrec_iff_sats iterates_MH_iff_sats quasinat_iff_sats | simp)+
```
```   355 done
```
```   356
```
```   357
```
```   358 subsubsection\<open>Instantiating the locale \<open>M_datatypes\<close>\<close>
```
```   359
```
```   360 lemma M_datatypes_axioms_L: "M_datatypes_axioms(L)"
```
```   361   apply (rule M_datatypes_axioms.intro)
```
```   362       apply (assumption | rule
```
```   363         list_replacement1 list_replacement2
```
```   364         formula_replacement1 formula_replacement2
```
```   365         nth_replacement)+
```
```   366   done
```
```   367
```
```   368 theorem M_datatypes_L: "PROP M_datatypes(L)"
```
```   369   apply (rule M_datatypes.intro)
```
```   370    apply (rule M_trancl_L)
```
```   371   apply (rule M_datatypes_axioms_L)
```
```   372   done
```
```   373
```
```   374 interpretation L?: M_datatypes L by (rule M_datatypes_L)
```
```   375
```
```   376
```
```   377 subsection\<open>@{term L} is Closed Under the Operator @{term eclose}\<close>
```
```   378
```
```   379 subsubsection\<open>Instances of Replacement for @{term eclose}\<close>
```
```   380
```
```   381 lemma eclose_replacement1_Reflects:
```
```   382  "REFLECTS
```
```   383    [\<lambda>x. \<exists>u[L]. u \<in> B & (\<exists>y[L]. pair(L,u,y,x) &
```
```   384          is_wfrec(L, iterates_MH(L, big_union(L), A), memsn, u, y)),
```
```   385     \<lambda>i x. \<exists>u \<in> Lset(i). u \<in> B & (\<exists>y \<in> Lset(i). pair(##Lset(i), u, y, x) &
```
```   386          is_wfrec(##Lset(i),
```
```   387                   iterates_MH(##Lset(i), big_union(##Lset(i)), A),
```
```   388                   memsn, u, y))]"
```
```   389 by (intro FOL_reflections function_reflections is_wfrec_reflection
```
```   390           iterates_MH_reflection)
```
```   391
```
```   392 lemma eclose_replacement1:
```
```   393    "L(A) ==> iterates_replacement(L, big_union(L), A)"
```
```   394 apply (unfold iterates_replacement_def wfrec_replacement_def, clarify)
```
```   395 apply (rule strong_replacementI)
```
```   396 apply (rule_tac u="{B,A,n,Memrel(succ(n))}"
```
```   397          in gen_separation_multi [OF eclose_replacement1_Reflects], auto)
```
```   398 apply (rule_tac env="[B,A,n,Memrel(succ(n))]" in DPow_LsetI)
```
```   399 apply (rule sep_rules iterates_MH_iff_sats is_nat_case_iff_sats
```
```   400              is_wfrec_iff_sats big_union_iff_sats quasinat_iff_sats | simp)+
```
```   401 done
```
```   402
```
```   403
```
```   404 lemma eclose_replacement2_Reflects:
```
```   405  "REFLECTS
```
```   406    [\<lambda>x. \<exists>u[L]. u \<in> B & u \<in> nat &
```
```   407                 is_iterates(L, big_union(L), A, u, x),
```
```   408     \<lambda>i x. \<exists>u \<in> Lset(i). u \<in> B & u \<in> nat &
```
```   409                is_iterates(##Lset(i), big_union(##Lset(i)), A, u, x)]"
```
```   410 by (intro FOL_reflections function_reflections is_iterates_reflection)
```
```   411
```
```   412 lemma eclose_replacement2:
```
```   413    "L(A) ==> strong_replacement(L,
```
```   414          \<lambda>n y. n\<in>nat & is_iterates(L, big_union(L), A, n, y))"
```
```   415 apply (rule strong_replacementI)
```
```   416 apply (rule_tac u="{A,B,nat}"
```
```   417          in gen_separation_multi [OF eclose_replacement2_Reflects],
```
```   418        auto simp add: L_nat)
```
```   419 apply (rule_tac env="[A,B,nat]" in DPow_LsetI)
```
```   420 apply (rule sep_rules is_iterates_iff_sats big_union_iff_sats | simp)+
```
```   421 done
```
```   422
```
```   423
```
```   424 subsubsection\<open>Instantiating the locale \<open>M_eclose\<close>\<close>
```
```   425
```
```   426 lemma M_eclose_axioms_L: "M_eclose_axioms(L)"
```
```   427   apply (rule M_eclose_axioms.intro)
```
```   428    apply (assumption | rule eclose_replacement1 eclose_replacement2)+
```
```   429   done
```
```   430
```
```   431 theorem M_eclose_L: "PROP M_eclose(L)"
```
```   432   apply (rule M_eclose.intro)
```
```   433    apply (rule M_datatypes_L)
```
```   434   apply (rule M_eclose_axioms_L)
```
```   435   done
```
```   436
```
```   437 interpretation L?: M_eclose L by (rule M_eclose_L)
```
```   438
```
```   439
```
```   440 end
```