src/ZF/Ordinal.thy
 author wenzelm Mon Dec 04 22:54:31 2017 +0100 (20 months ago) changeset 67131 85d10959c2e4 parent 61798 27f3c10b0b50 child 69587 53982d5ec0bb permissions -rw-r--r--
tuned signature;
```     1 (*  Title:      ZF/Ordinal.thy
```
```     2     Author:     Lawrence C Paulson, Cambridge University Computer Laboratory
```
```     3     Copyright   1994  University of Cambridge
```
```     4 *)
```
```     5
```
```     6 section\<open>Transitive Sets and Ordinals\<close>
```
```     7
```
```     8 theory Ordinal imports WF Bool equalities begin
```
```     9
```
```    10 definition
```
```    11   Memrel        :: "i=>i"  where
```
```    12     "Memrel(A)   == {z\<in>A*A . \<exists>x y. z=<x,y> & x\<in>y }"
```
```    13
```
```    14 definition
```
```    15   Transset  :: "i=>o"  where
```
```    16     "Transset(i) == \<forall>x\<in>i. x<=i"
```
```    17
```
```    18 definition
```
```    19   Ord  :: "i=>o"  where
```
```    20     "Ord(i)      == Transset(i) & (\<forall>x\<in>i. Transset(x))"
```
```    21
```
```    22 definition
```
```    23   lt        :: "[i,i] => o"  (infixl "<" 50)   (*less-than on ordinals*)  where
```
```    24     "i<j         == i\<in>j & Ord(j)"
```
```    25
```
```    26 definition
```
```    27   Limit         :: "i=>o"  where
```
```    28     "Limit(i)    == Ord(i) & 0<i & (\<forall>y. y<i \<longrightarrow> succ(y)<i)"
```
```    29
```
```    30 abbreviation
```
```    31   le  (infixl "\<le>" 50) where
```
```    32   "x \<le> y == x < succ(y)"
```
```    33
```
```    34
```
```    35 subsection\<open>Rules for Transset\<close>
```
```    36
```
```    37 subsubsection\<open>Three Neat Characterisations of Transset\<close>
```
```    38
```
```    39 lemma Transset_iff_Pow: "Transset(A) <-> A<=Pow(A)"
```
```    40 by (unfold Transset_def, blast)
```
```    41
```
```    42 lemma Transset_iff_Union_succ: "Transset(A) <-> \<Union>(succ(A)) = A"
```
```    43 apply (unfold Transset_def)
```
```    44 apply (blast elim!: equalityE)
```
```    45 done
```
```    46
```
```    47 lemma Transset_iff_Union_subset: "Transset(A) <-> \<Union>(A) \<subseteq> A"
```
```    48 by (unfold Transset_def, blast)
```
```    49
```
```    50 subsubsection\<open>Consequences of Downwards Closure\<close>
```
```    51
```
```    52 lemma Transset_doubleton_D:
```
```    53     "[| Transset(C); {a,b}: C |] ==> a\<in>C & b\<in>C"
```
```    54 by (unfold Transset_def, blast)
```
```    55
```
```    56 lemma Transset_Pair_D:
```
```    57     "[| Transset(C); <a,b>\<in>C |] ==> a\<in>C & b\<in>C"
```
```    58 apply (simp add: Pair_def)
```
```    59 apply (blast dest: Transset_doubleton_D)
```
```    60 done
```
```    61
```
```    62 lemma Transset_includes_domain:
```
```    63     "[| Transset(C); A*B \<subseteq> C; b \<in> B |] ==> A \<subseteq> C"
```
```    64 by (blast dest: Transset_Pair_D)
```
```    65
```
```    66 lemma Transset_includes_range:
```
```    67     "[| Transset(C); A*B \<subseteq> C; a \<in> A |] ==> B \<subseteq> C"
```
```    68 by (blast dest: Transset_Pair_D)
```
```    69
```
```    70 subsubsection\<open>Closure Properties\<close>
```
```    71
```
```    72 lemma Transset_0: "Transset(0)"
```
```    73 by (unfold Transset_def, blast)
```
```    74
```
```    75 lemma Transset_Un:
```
```    76     "[| Transset(i);  Transset(j) |] ==> Transset(i \<union> j)"
```
```    77 by (unfold Transset_def, blast)
```
```    78
```
```    79 lemma Transset_Int:
```
```    80     "[| Transset(i);  Transset(j) |] ==> Transset(i \<inter> j)"
```
```    81 by (unfold Transset_def, blast)
```
```    82
```
```    83 lemma Transset_succ: "Transset(i) ==> Transset(succ(i))"
```
```    84 by (unfold Transset_def, blast)
```
```    85
```
```    86 lemma Transset_Pow: "Transset(i) ==> Transset(Pow(i))"
```
```    87 by (unfold Transset_def, blast)
```
```    88
```
```    89 lemma Transset_Union: "Transset(A) ==> Transset(\<Union>(A))"
```
```    90 by (unfold Transset_def, blast)
```
```    91
```
```    92 lemma Transset_Union_family:
```
```    93     "[| !!i. i\<in>A ==> Transset(i) |] ==> Transset(\<Union>(A))"
```
```    94 by (unfold Transset_def, blast)
```
```    95
```
```    96 lemma Transset_Inter_family:
```
```    97     "[| !!i. i\<in>A ==> Transset(i) |] ==> Transset(\<Inter>(A))"
```
```    98 by (unfold Inter_def Transset_def, blast)
```
```    99
```
```   100 lemma Transset_UN:
```
```   101      "(!!x. x \<in> A ==> Transset(B(x))) ==> Transset (\<Union>x\<in>A. B(x))"
```
```   102 by (rule Transset_Union_family, auto)
```
```   103
```
```   104 lemma Transset_INT:
```
```   105      "(!!x. x \<in> A ==> Transset(B(x))) ==> Transset (\<Inter>x\<in>A. B(x))"
```
```   106 by (rule Transset_Inter_family, auto)
```
```   107
```
```   108
```
```   109 subsection\<open>Lemmas for Ordinals\<close>
```
```   110
```
```   111 lemma OrdI:
```
```   112     "[| Transset(i);  !!x. x\<in>i ==> Transset(x) |]  ==>  Ord(i)"
```
```   113 by (simp add: Ord_def)
```
```   114
```
```   115 lemma Ord_is_Transset: "Ord(i) ==> Transset(i)"
```
```   116 by (simp add: Ord_def)
```
```   117
```
```   118 lemma Ord_contains_Transset:
```
```   119     "[| Ord(i);  j\<in>i |] ==> Transset(j) "
```
```   120 by (unfold Ord_def, blast)
```
```   121
```
```   122
```
```   123 lemma Ord_in_Ord: "[| Ord(i);  j\<in>i |] ==> Ord(j)"
```
```   124 by (unfold Ord_def Transset_def, blast)
```
```   125
```
```   126 (*suitable for rewriting PROVIDED i has been fixed*)
```
```   127 lemma Ord_in_Ord': "[| j\<in>i; Ord(i) |] ==> Ord(j)"
```
```   128 by (blast intro: Ord_in_Ord)
```
```   129
```
```   130 (* Ord(succ(j)) ==> Ord(j) *)
```
```   131 lemmas Ord_succD = Ord_in_Ord [OF _ succI1]
```
```   132
```
```   133 lemma Ord_subset_Ord: "[| Ord(i);  Transset(j);  j<=i |] ==> Ord(j)"
```
```   134 by (simp add: Ord_def Transset_def, blast)
```
```   135
```
```   136 lemma OrdmemD: "[| j\<in>i;  Ord(i) |] ==> j<=i"
```
```   137 by (unfold Ord_def Transset_def, blast)
```
```   138
```
```   139 lemma Ord_trans: "[| i\<in>j;  j\<in>k;  Ord(k) |] ==> i\<in>k"
```
```   140 by (blast dest: OrdmemD)
```
```   141
```
```   142 lemma Ord_succ_subsetI: "[| i\<in>j;  Ord(j) |] ==> succ(i) \<subseteq> j"
```
```   143 by (blast dest: OrdmemD)
```
```   144
```
```   145
```
```   146 subsection\<open>The Construction of Ordinals: 0, succ, Union\<close>
```
```   147
```
```   148 lemma Ord_0 [iff,TC]: "Ord(0)"
```
```   149 by (blast intro: OrdI Transset_0)
```
```   150
```
```   151 lemma Ord_succ [TC]: "Ord(i) ==> Ord(succ(i))"
```
```   152 by (blast intro: OrdI Transset_succ Ord_is_Transset Ord_contains_Transset)
```
```   153
```
```   154 lemmas Ord_1 = Ord_0 [THEN Ord_succ]
```
```   155
```
```   156 lemma Ord_succ_iff [iff]: "Ord(succ(i)) <-> Ord(i)"
```
```   157 by (blast intro: Ord_succ dest!: Ord_succD)
```
```   158
```
```   159 lemma Ord_Un [intro,simp,TC]: "[| Ord(i); Ord(j) |] ==> Ord(i \<union> j)"
```
```   160 apply (unfold Ord_def)
```
```   161 apply (blast intro!: Transset_Un)
```
```   162 done
```
```   163
```
```   164 lemma Ord_Int [TC]: "[| Ord(i); Ord(j) |] ==> Ord(i \<inter> j)"
```
```   165 apply (unfold Ord_def)
```
```   166 apply (blast intro!: Transset_Int)
```
```   167 done
```
```   168
```
```   169 text\<open>There is no set of all ordinals, for then it would contain itself\<close>
```
```   170 lemma ON_class: "~ (\<forall>i. i\<in>X <-> Ord(i))"
```
```   171 proof (rule notI)
```
```   172   assume X: "\<forall>i. i \<in> X \<longleftrightarrow> Ord(i)"
```
```   173   have "\<forall>x y. x\<in>X \<longrightarrow> y\<in>x \<longrightarrow> y\<in>X"
```
```   174     by (simp add: X, blast intro: Ord_in_Ord)
```
```   175   hence "Transset(X)"
```
```   176      by (auto simp add: Transset_def)
```
```   177   moreover have "\<And>x. x \<in> X \<Longrightarrow> Transset(x)"
```
```   178      by (simp add: X Ord_def)
```
```   179   ultimately have "Ord(X)" by (rule OrdI)
```
```   180   hence "X \<in> X" by (simp add: X)
```
```   181   thus "False" by (rule mem_irrefl)
```
```   182 qed
```
```   183
```
```   184 subsection\<open>< is 'less Than' for Ordinals\<close>
```
```   185
```
```   186 lemma ltI: "[| i\<in>j;  Ord(j) |] ==> i<j"
```
```   187 by (unfold lt_def, blast)
```
```   188
```
```   189 lemma ltE:
```
```   190     "[| i<j;  [| i\<in>j;  Ord(i);  Ord(j) |] ==> P |] ==> P"
```
```   191 apply (unfold lt_def)
```
```   192 apply (blast intro: Ord_in_Ord)
```
```   193 done
```
```   194
```
```   195 lemma ltD: "i<j ==> i\<in>j"
```
```   196 by (erule ltE, assumption)
```
```   197
```
```   198 lemma not_lt0 [simp]: "~ i<0"
```
```   199 by (unfold lt_def, blast)
```
```   200
```
```   201 lemma lt_Ord: "j<i ==> Ord(j)"
```
```   202 by (erule ltE, assumption)
```
```   203
```
```   204 lemma lt_Ord2: "j<i ==> Ord(i)"
```
```   205 by (erule ltE, assumption)
```
```   206
```
```   207 (* @{term"ja \<le> j ==> Ord(j)"} *)
```
```   208 lemmas le_Ord2 = lt_Ord2 [THEN Ord_succD]
```
```   209
```
```   210 (* i<0 ==> R *)
```
```   211 lemmas lt0E = not_lt0 [THEN notE, elim!]
```
```   212
```
```   213 lemma lt_trans [trans]: "[| i<j;  j<k |] ==> i<k"
```
```   214 by (blast intro!: ltI elim!: ltE intro: Ord_trans)
```
```   215
```
```   216 lemma lt_not_sym: "i<j ==> ~ (j<i)"
```
```   217 apply (unfold lt_def)
```
```   218 apply (blast elim: mem_asym)
```
```   219 done
```
```   220
```
```   221 (* [| i<j;  ~P ==> j<i |] ==> P *)
```
```   222 lemmas lt_asym = lt_not_sym [THEN swap]
```
```   223
```
```   224 lemma lt_irrefl [elim!]: "i<i ==> P"
```
```   225 by (blast intro: lt_asym)
```
```   226
```
```   227 lemma lt_not_refl: "~ i<i"
```
```   228 apply (rule notI)
```
```   229 apply (erule lt_irrefl)
```
```   230 done
```
```   231
```
```   232
```
```   233 text\<open>Recall that  @{term"i \<le> j"}  abbreviates  @{term"i<succ(j)"} !!\<close>
```
```   234
```
```   235 lemma le_iff: "i \<le> j <-> i<j | (i=j & Ord(j))"
```
```   236 by (unfold lt_def, blast)
```
```   237
```
```   238 (*Equivalently, i<j ==> i < succ(j)*)
```
```   239 lemma leI: "i<j ==> i \<le> j"
```
```   240 by (simp add: le_iff)
```
```   241
```
```   242 lemma le_eqI: "[| i=j;  Ord(j) |] ==> i \<le> j"
```
```   243 by (simp add: le_iff)
```
```   244
```
```   245 lemmas le_refl = refl [THEN le_eqI]
```
```   246
```
```   247 lemma le_refl_iff [iff]: "i \<le> i <-> Ord(i)"
```
```   248 by (simp (no_asm_simp) add: lt_not_refl le_iff)
```
```   249
```
```   250 lemma leCI: "(~ (i=j & Ord(j)) ==> i<j) ==> i \<le> j"
```
```   251 by (simp add: le_iff, blast)
```
```   252
```
```   253 lemma leE:
```
```   254     "[| i \<le> j;  i<j ==> P;  [| i=j;  Ord(j) |] ==> P |] ==> P"
```
```   255 by (simp add: le_iff, blast)
```
```   256
```
```   257 lemma le_anti_sym: "[| i \<le> j;  j \<le> i |] ==> i=j"
```
```   258 apply (simp add: le_iff)
```
```   259 apply (blast elim: lt_asym)
```
```   260 done
```
```   261
```
```   262 lemma le0_iff [simp]: "i \<le> 0 <-> i=0"
```
```   263 by (blast elim!: leE)
```
```   264
```
```   265 lemmas le0D = le0_iff [THEN iffD1, dest!]
```
```   266
```
```   267 subsection\<open>Natural Deduction Rules for Memrel\<close>
```
```   268
```
```   269 (*The lemmas MemrelI/E give better speed than [iff] here*)
```
```   270 lemma Memrel_iff [simp]: "<a,b> \<in> Memrel(A) <-> a\<in>b & a\<in>A & b\<in>A"
```
```   271 by (unfold Memrel_def, blast)
```
```   272
```
```   273 lemma MemrelI [intro!]: "[| a \<in> b;  a \<in> A;  b \<in> A |] ==> <a,b> \<in> Memrel(A)"
```
```   274 by auto
```
```   275
```
```   276 lemma MemrelE [elim!]:
```
```   277     "[| <a,b> \<in> Memrel(A);
```
```   278         [| a \<in> A;  b \<in> A;  a\<in>b |]  ==> P |]
```
```   279      ==> P"
```
```   280 by auto
```
```   281
```
```   282 lemma Memrel_type: "Memrel(A) \<subseteq> A*A"
```
```   283 by (unfold Memrel_def, blast)
```
```   284
```
```   285 lemma Memrel_mono: "A<=B ==> Memrel(A) \<subseteq> Memrel(B)"
```
```   286 by (unfold Memrel_def, blast)
```
```   287
```
```   288 lemma Memrel_0 [simp]: "Memrel(0) = 0"
```
```   289 by (unfold Memrel_def, blast)
```
```   290
```
```   291 lemma Memrel_1 [simp]: "Memrel(1) = 0"
```
```   292 by (unfold Memrel_def, blast)
```
```   293
```
```   294 lemma relation_Memrel: "relation(Memrel(A))"
```
```   295 by (simp add: relation_def Memrel_def)
```
```   296
```
```   297 (*The membership relation (as a set) is well-founded.
```
```   298   Proof idea: show A<=B by applying the foundation axiom to A-B *)
```
```   299 lemma wf_Memrel: "wf(Memrel(A))"
```
```   300 apply (unfold wf_def)
```
```   301 apply (rule foundation [THEN disjE, THEN allI], erule disjI1, blast)
```
```   302 done
```
```   303
```
```   304 text\<open>The premise @{term "Ord(i)"} does not suffice.\<close>
```
```   305 lemma trans_Memrel:
```
```   306     "Ord(i) ==> trans(Memrel(i))"
```
```   307 by (unfold Ord_def Transset_def trans_def, blast)
```
```   308
```
```   309 text\<open>However, the following premise is strong enough.\<close>
```
```   310 lemma Transset_trans_Memrel:
```
```   311     "\<forall>j\<in>i. Transset(j) ==> trans(Memrel(i))"
```
```   312 by (unfold Transset_def trans_def, blast)
```
```   313
```
```   314 (*If Transset(A) then Memrel(A) internalizes the membership relation below A*)
```
```   315 lemma Transset_Memrel_iff:
```
```   316     "Transset(A) ==> <a,b> \<in> Memrel(A) <-> a\<in>b & b\<in>A"
```
```   317 by (unfold Transset_def, blast)
```
```   318
```
```   319
```
```   320 subsection\<open>Transfinite Induction\<close>
```
```   321
```
```   322 (*Epsilon induction over a transitive set*)
```
```   323 lemma Transset_induct:
```
```   324     "[| i \<in> k;  Transset(k);
```
```   325         !!x.[| x \<in> k;  \<forall>y\<in>x. P(y) |] ==> P(x) |]
```
```   326      ==>  P(i)"
```
```   327 apply (simp add: Transset_def)
```
```   328 apply (erule wf_Memrel [THEN wf_induct2], blast+)
```
```   329 done
```
```   330
```
```   331 (*Induction over an ordinal*)
```
```   332 lemmas Ord_induct [consumes 2] = Transset_induct [rule_format, OF _ Ord_is_Transset]
```
```   333
```
```   334 (*Induction over the class of ordinals -- a useful corollary of Ord_induct*)
```
```   335
```
```   336 lemma trans_induct [rule_format, consumes 1, case_names step]:
```
```   337     "[| Ord(i);
```
```   338         !!x.[| Ord(x);  \<forall>y\<in>x. P(y) |] ==> P(x) |]
```
```   339      ==>  P(i)"
```
```   340 apply (rule Ord_succ [THEN succI1 [THEN Ord_induct]], assumption)
```
```   341 apply (blast intro: Ord_succ [THEN Ord_in_Ord])
```
```   342 done
```
```   343
```
```   344
```
```   345 section\<open>Fundamental properties of the epsilon ordering (< on ordinals)\<close>
```
```   346
```
```   347
```
```   348 subsubsection\<open>Proving That < is a Linear Ordering on the Ordinals\<close>
```
```   349
```
```   350 lemma Ord_linear:
```
```   351      "Ord(i) \<Longrightarrow> Ord(j) \<Longrightarrow> i\<in>j | i=j | j\<in>i"
```
```   352 proof (induct i arbitrary: j rule: trans_induct)
```
```   353   case (step i)
```
```   354   note step_i = step
```
```   355   show ?case using \<open>Ord(j)\<close>
```
```   356     proof (induct j rule: trans_induct)
```
```   357       case (step j)
```
```   358       thus ?case using step_i
```
```   359         by (blast dest: Ord_trans)
```
```   360     qed
```
```   361 qed
```
```   362
```
```   363 text\<open>The trichotomy law for ordinals\<close>
```
```   364 lemma Ord_linear_lt:
```
```   365  assumes o: "Ord(i)" "Ord(j)"
```
```   366  obtains (lt) "i<j" | (eq) "i=j" | (gt) "j<i"
```
```   367 apply (simp add: lt_def)
```
```   368 apply (rule_tac i1=i and j1=j in Ord_linear [THEN disjE])
```
```   369 apply (blast intro: o)+
```
```   370 done
```
```   371
```
```   372 lemma Ord_linear2:
```
```   373  assumes o: "Ord(i)" "Ord(j)"
```
```   374  obtains (lt) "i<j" | (ge) "j \<le> i"
```
```   375 apply (rule_tac i = i and j = j in Ord_linear_lt)
```
```   376 apply (blast intro: leI le_eqI sym o) +
```
```   377 done
```
```   378
```
```   379 lemma Ord_linear_le:
```
```   380  assumes o: "Ord(i)" "Ord(j)"
```
```   381  obtains (le) "i \<le> j" | (ge) "j \<le> i"
```
```   382 apply (rule_tac i = i and j = j in Ord_linear_lt)
```
```   383 apply (blast intro: leI le_eqI o) +
```
```   384 done
```
```   385
```
```   386 lemma le_imp_not_lt: "j \<le> i ==> ~ i<j"
```
```   387 by (blast elim!: leE elim: lt_asym)
```
```   388
```
```   389 lemma not_lt_imp_le: "[| ~ i<j;  Ord(i);  Ord(j) |] ==> j \<le> i"
```
```   390 by (rule_tac i = i and j = j in Ord_linear2, auto)
```
```   391
```
```   392
```
```   393 subsubsection \<open>Some Rewrite Rules for \<open><\<close>, \<open>\<le>\<close>\<close>
```
```   394
```
```   395 lemma Ord_mem_iff_lt: "Ord(j) ==> i\<in>j <-> i<j"
```
```   396 by (unfold lt_def, blast)
```
```   397
```
```   398 lemma not_lt_iff_le: "[| Ord(i);  Ord(j) |] ==> ~ i<j <-> j \<le> i"
```
```   399 by (blast dest: le_imp_not_lt not_lt_imp_le)
```
```   400
```
```   401 lemma not_le_iff_lt: "[| Ord(i);  Ord(j) |] ==> ~ i \<le> j <-> j<i"
```
```   402 by (simp (no_asm_simp) add: not_lt_iff_le [THEN iff_sym])
```
```   403
```
```   404 (*This is identical to 0<succ(i) *)
```
```   405 lemma Ord_0_le: "Ord(i) ==> 0 \<le> i"
```
```   406 by (erule not_lt_iff_le [THEN iffD1], auto)
```
```   407
```
```   408 lemma Ord_0_lt: "[| Ord(i);  i\<noteq>0 |] ==> 0<i"
```
```   409 apply (erule not_le_iff_lt [THEN iffD1])
```
```   410 apply (rule Ord_0, blast)
```
```   411 done
```
```   412
```
```   413 lemma Ord_0_lt_iff: "Ord(i) ==> i\<noteq>0 <-> 0<i"
```
```   414 by (blast intro: Ord_0_lt)
```
```   415
```
```   416
```
```   417 subsection\<open>Results about Less-Than or Equals\<close>
```
```   418
```
```   419 (** For ordinals, @{term"j\<subseteq>i"} implies @{term"j \<le> i"} (less-than or equals) **)
```
```   420
```
```   421 lemma zero_le_succ_iff [iff]: "0 \<le> succ(x) <-> Ord(x)"
```
```   422 by (blast intro: Ord_0_le elim: ltE)
```
```   423
```
```   424 lemma subset_imp_le: "[| j<=i;  Ord(i);  Ord(j) |] ==> j \<le> i"
```
```   425 apply (rule not_lt_iff_le [THEN iffD1], assumption+)
```
```   426 apply (blast elim: ltE mem_irrefl)
```
```   427 done
```
```   428
```
```   429 lemma le_imp_subset: "i \<le> j ==> i<=j"
```
```   430 by (blast dest: OrdmemD elim: ltE leE)
```
```   431
```
```   432 lemma le_subset_iff: "j \<le> i <-> j<=i & Ord(i) & Ord(j)"
```
```   433 by (blast dest: subset_imp_le le_imp_subset elim: ltE)
```
```   434
```
```   435 lemma le_succ_iff: "i \<le> succ(j) <-> i \<le> j | i=succ(j) & Ord(i)"
```
```   436 apply (simp (no_asm) add: le_iff)
```
```   437 apply blast
```
```   438 done
```
```   439
```
```   440 (*Just a variant of subset_imp_le*)
```
```   441 lemma all_lt_imp_le: "[| Ord(i);  Ord(j);  !!x. x<j ==> x<i |] ==> j \<le> i"
```
```   442 by (blast intro: not_lt_imp_le dest: lt_irrefl)
```
```   443
```
```   444 subsubsection\<open>Transitivity Laws\<close>
```
```   445
```
```   446 lemma lt_trans1: "[| i \<le> j;  j<k |] ==> i<k"
```
```   447 by (blast elim!: leE intro: lt_trans)
```
```   448
```
```   449 lemma lt_trans2: "[| i<j;  j \<le> k |] ==> i<k"
```
```   450 by (blast elim!: leE intro: lt_trans)
```
```   451
```
```   452 lemma le_trans: "[| i \<le> j;  j \<le> k |] ==> i \<le> k"
```
```   453 by (blast intro: lt_trans1)
```
```   454
```
```   455 lemma succ_leI: "i<j ==> succ(i) \<le> j"
```
```   456 apply (rule not_lt_iff_le [THEN iffD1])
```
```   457 apply (blast elim: ltE leE lt_asym)+
```
```   458 done
```
```   459
```
```   460 (*Identical to  succ(i) < succ(j) ==> i<j  *)
```
```   461 lemma succ_leE: "succ(i) \<le> j ==> i<j"
```
```   462 apply (rule not_le_iff_lt [THEN iffD1])
```
```   463 apply (blast elim: ltE leE lt_asym)+
```
```   464 done
```
```   465
```
```   466 lemma succ_le_iff [iff]: "succ(i) \<le> j <-> i<j"
```
```   467 by (blast intro: succ_leI succ_leE)
```
```   468
```
```   469 lemma succ_le_imp_le: "succ(i) \<le> succ(j) ==> i \<le> j"
```
```   470 by (blast dest!: succ_leE)
```
```   471
```
```   472 lemma lt_subset_trans: "[| i \<subseteq> j;  j<k;  Ord(i) |] ==> i<k"
```
```   473 apply (rule subset_imp_le [THEN lt_trans1])
```
```   474 apply (blast intro: elim: ltE) +
```
```   475 done
```
```   476
```
```   477 lemma lt_imp_0_lt: "j<i ==> 0<i"
```
```   478 by (blast intro: lt_trans1 Ord_0_le [OF lt_Ord])
```
```   479
```
```   480 lemma succ_lt_iff: "succ(i) < j <-> i<j & succ(i) \<noteq> j"
```
```   481 apply auto
```
```   482 apply (blast intro: lt_trans le_refl dest: lt_Ord)
```
```   483 apply (frule lt_Ord)
```
```   484 apply (rule not_le_iff_lt [THEN iffD1])
```
```   485   apply (blast intro: lt_Ord2)
```
```   486  apply blast
```
```   487 apply (simp add: lt_Ord lt_Ord2 le_iff)
```
```   488 apply (blast dest: lt_asym)
```
```   489 done
```
```   490
```
```   491 lemma Ord_succ_mem_iff: "Ord(j) ==> succ(i) \<in> succ(j) <-> i\<in>j"
```
```   492 apply (insert succ_le_iff [of i j])
```
```   493 apply (simp add: lt_def)
```
```   494 done
```
```   495
```
```   496 subsubsection\<open>Union and Intersection\<close>
```
```   497
```
```   498 lemma Un_upper1_le: "[| Ord(i); Ord(j) |] ==> i \<le> i \<union> j"
```
```   499 by (rule Un_upper1 [THEN subset_imp_le], auto)
```
```   500
```
```   501 lemma Un_upper2_le: "[| Ord(i); Ord(j) |] ==> j \<le> i \<union> j"
```
```   502 by (rule Un_upper2 [THEN subset_imp_le], auto)
```
```   503
```
```   504 (*Replacing k by succ(k') yields the similar rule for le!*)
```
```   505 lemma Un_least_lt: "[| i<k;  j<k |] ==> i \<union> j < k"
```
```   506 apply (rule_tac i = i and j = j in Ord_linear_le)
```
```   507 apply (auto simp add: Un_commute le_subset_iff subset_Un_iff lt_Ord)
```
```   508 done
```
```   509
```
```   510 lemma Un_least_lt_iff: "[| Ord(i); Ord(j) |] ==> i \<union> j < k  <->  i<k & j<k"
```
```   511 apply (safe intro!: Un_least_lt)
```
```   512 apply (rule_tac  Un_upper2_le [THEN lt_trans1])
```
```   513 apply (rule Un_upper1_le [THEN lt_trans1], auto)
```
```   514 done
```
```   515
```
```   516 lemma Un_least_mem_iff:
```
```   517     "[| Ord(i); Ord(j); Ord(k) |] ==> i \<union> j \<in> k  <->  i\<in>k & j\<in>k"
```
```   518 apply (insert Un_least_lt_iff [of i j k])
```
```   519 apply (simp add: lt_def)
```
```   520 done
```
```   521
```
```   522 (*Replacing k by succ(k') yields the similar rule for le!*)
```
```   523 lemma Int_greatest_lt: "[| i<k;  j<k |] ==> i \<inter> j < k"
```
```   524 apply (rule_tac i = i and j = j in Ord_linear_le)
```
```   525 apply (auto simp add: Int_commute le_subset_iff subset_Int_iff lt_Ord)
```
```   526 done
```
```   527
```
```   528 lemma Ord_Un_if:
```
```   529      "[| Ord(i); Ord(j) |] ==> i \<union> j = (if j<i then i else j)"
```
```   530 by (simp add: not_lt_iff_le le_imp_subset leI
```
```   531               subset_Un_iff [symmetric]  subset_Un_iff2 [symmetric])
```
```   532
```
```   533 lemma succ_Un_distrib:
```
```   534      "[| Ord(i); Ord(j) |] ==> succ(i \<union> j) = succ(i) \<union> succ(j)"
```
```   535 by (simp add: Ord_Un_if lt_Ord le_Ord2)
```
```   536
```
```   537 lemma lt_Un_iff:
```
```   538      "[| Ord(i); Ord(j) |] ==> k < i \<union> j <-> k < i | k < j"
```
```   539 apply (simp add: Ord_Un_if not_lt_iff_le)
```
```   540 apply (blast intro: leI lt_trans2)+
```
```   541 done
```
```   542
```
```   543 lemma le_Un_iff:
```
```   544      "[| Ord(i); Ord(j) |] ==> k \<le> i \<union> j <-> k \<le> i | k \<le> j"
```
```   545 by (simp add: succ_Un_distrib lt_Un_iff [symmetric])
```
```   546
```
```   547 lemma Un_upper1_lt: "[|k < i; Ord(j)|] ==> k < i \<union> j"
```
```   548 by (simp add: lt_Un_iff lt_Ord2)
```
```   549
```
```   550 lemma Un_upper2_lt: "[|k < j; Ord(i)|] ==> k < i \<union> j"
```
```   551 by (simp add: lt_Un_iff lt_Ord2)
```
```   552
```
```   553 (*See also Transset_iff_Union_succ*)
```
```   554 lemma Ord_Union_succ_eq: "Ord(i) ==> \<Union>(succ(i)) = i"
```
```   555 by (blast intro: Ord_trans)
```
```   556
```
```   557
```
```   558 subsection\<open>Results about Limits\<close>
```
```   559
```
```   560 lemma Ord_Union [intro,simp,TC]: "[| !!i. i\<in>A ==> Ord(i) |] ==> Ord(\<Union>(A))"
```
```   561 apply (rule Ord_is_Transset [THEN Transset_Union_family, THEN OrdI])
```
```   562 apply (blast intro: Ord_contains_Transset)+
```
```   563 done
```
```   564
```
```   565 lemma Ord_UN [intro,simp,TC]:
```
```   566      "[| !!x. x\<in>A ==> Ord(B(x)) |] ==> Ord(\<Union>x\<in>A. B(x))"
```
```   567 by (rule Ord_Union, blast)
```
```   568
```
```   569 lemma Ord_Inter [intro,simp,TC]:
```
```   570     "[| !!i. i\<in>A ==> Ord(i) |] ==> Ord(\<Inter>(A))"
```
```   571 apply (rule Transset_Inter_family [THEN OrdI])
```
```   572 apply (blast intro: Ord_is_Transset)
```
```   573 apply (simp add: Inter_def)
```
```   574 apply (blast intro: Ord_contains_Transset)
```
```   575 done
```
```   576
```
```   577 lemma Ord_INT [intro,simp,TC]:
```
```   578     "[| !!x. x\<in>A ==> Ord(B(x)) |] ==> Ord(\<Inter>x\<in>A. B(x))"
```
```   579 by (rule Ord_Inter, blast)
```
```   580
```
```   581
```
```   582 (* No < version of this theorem: consider that @{term"(\<Union>i\<in>nat.i)=nat"}! *)
```
```   583 lemma UN_least_le:
```
```   584     "[| Ord(i);  !!x. x\<in>A ==> b(x) \<le> i |] ==> (\<Union>x\<in>A. b(x)) \<le> i"
```
```   585 apply (rule le_imp_subset [THEN UN_least, THEN subset_imp_le])
```
```   586 apply (blast intro: Ord_UN elim: ltE)+
```
```   587 done
```
```   588
```
```   589 lemma UN_succ_least_lt:
```
```   590     "[| j<i;  !!x. x\<in>A ==> b(x)<j |] ==> (\<Union>x\<in>A. succ(b(x))) < i"
```
```   591 apply (rule ltE, assumption)
```
```   592 apply (rule UN_least_le [THEN lt_trans2])
```
```   593 apply (blast intro: succ_leI)+
```
```   594 done
```
```   595
```
```   596 lemma UN_upper_lt:
```
```   597      "[| a\<in>A;  i < b(a);  Ord(\<Union>x\<in>A. b(x)) |] ==> i < (\<Union>x\<in>A. b(x))"
```
```   598 by (unfold lt_def, blast)
```
```   599
```
```   600 lemma UN_upper_le:
```
```   601      "[| a \<in> A;  i \<le> b(a);  Ord(\<Union>x\<in>A. b(x)) |] ==> i \<le> (\<Union>x\<in>A. b(x))"
```
```   602 apply (frule ltD)
```
```   603 apply (rule le_imp_subset [THEN subset_trans, THEN subset_imp_le])
```
```   604 apply (blast intro: lt_Ord UN_upper)+
```
```   605 done
```
```   606
```
```   607 lemma lt_Union_iff: "\<forall>i\<in>A. Ord(i) ==> (j < \<Union>(A)) <-> (\<exists>i\<in>A. j<i)"
```
```   608 by (auto simp: lt_def Ord_Union)
```
```   609
```
```   610 lemma Union_upper_le:
```
```   611      "[| j \<in> J;  i\<le>j;  Ord(\<Union>(J)) |] ==> i \<le> \<Union>J"
```
```   612 apply (subst Union_eq_UN)
```
```   613 apply (rule UN_upper_le, auto)
```
```   614 done
```
```   615
```
```   616 lemma le_implies_UN_le_UN:
```
```   617     "[| !!x. x\<in>A ==> c(x) \<le> d(x) |] ==> (\<Union>x\<in>A. c(x)) \<le> (\<Union>x\<in>A. d(x))"
```
```   618 apply (rule UN_least_le)
```
```   619 apply (rule_tac  UN_upper_le)
```
```   620 apply (blast intro: Ord_UN le_Ord2)+
```
```   621 done
```
```   622
```
```   623 lemma Ord_equality: "Ord(i) ==> (\<Union>y\<in>i. succ(y)) = i"
```
```   624 by (blast intro: Ord_trans)
```
```   625
```
```   626 (*Holds for all transitive sets, not just ordinals*)
```
```   627 lemma Ord_Union_subset: "Ord(i) ==> \<Union>(i) \<subseteq> i"
```
```   628 by (blast intro: Ord_trans)
```
```   629
```
```   630
```
```   631 subsection\<open>Limit Ordinals -- General Properties\<close>
```
```   632
```
```   633 lemma Limit_Union_eq: "Limit(i) ==> \<Union>(i) = i"
```
```   634 apply (unfold Limit_def)
```
```   635 apply (fast intro!: ltI elim!: ltE elim: Ord_trans)
```
```   636 done
```
```   637
```
```   638 lemma Limit_is_Ord: "Limit(i) ==> Ord(i)"
```
```   639 apply (unfold Limit_def)
```
```   640 apply (erule conjunct1)
```
```   641 done
```
```   642
```
```   643 lemma Limit_has_0: "Limit(i) ==> 0 < i"
```
```   644 apply (unfold Limit_def)
```
```   645 apply (erule conjunct2 [THEN conjunct1])
```
```   646 done
```
```   647
```
```   648 lemma Limit_nonzero: "Limit(i) ==> i \<noteq> 0"
```
```   649 by (drule Limit_has_0, blast)
```
```   650
```
```   651 lemma Limit_has_succ: "[| Limit(i);  j<i |] ==> succ(j) < i"
```
```   652 by (unfold Limit_def, blast)
```
```   653
```
```   654 lemma Limit_succ_lt_iff [simp]: "Limit(i) ==> succ(j) < i <-> (j<i)"
```
```   655 apply (safe intro!: Limit_has_succ)
```
```   656 apply (frule lt_Ord)
```
```   657 apply (blast intro: lt_trans)
```
```   658 done
```
```   659
```
```   660 lemma zero_not_Limit [iff]: "~ Limit(0)"
```
```   661 by (simp add: Limit_def)
```
```   662
```
```   663 lemma Limit_has_1: "Limit(i) ==> 1 < i"
```
```   664 by (blast intro: Limit_has_0 Limit_has_succ)
```
```   665
```
```   666 lemma increasing_LimitI: "[| 0<l; \<forall>x\<in>l. \<exists>y\<in>l. x<y |] ==> Limit(l)"
```
```   667 apply (unfold Limit_def, simp add: lt_Ord2, clarify)
```
```   668 apply (drule_tac i=y in ltD)
```
```   669 apply (blast intro: lt_trans1 [OF _ ltI] lt_Ord2)
```
```   670 done
```
```   671
```
```   672 lemma non_succ_LimitI:
```
```   673   assumes i: "0<i" and nsucc: "\<And>y. succ(y) \<noteq> i"
```
```   674   shows "Limit(i)"
```
```   675 proof -
```
```   676   have Oi: "Ord(i)" using i by (simp add: lt_def)
```
```   677   { fix y
```
```   678     assume yi: "y<i"
```
```   679     hence Osy: "Ord(succ(y))" by (simp add: lt_Ord Ord_succ)
```
```   680     have "~ i \<le> y" using yi by (blast dest: le_imp_not_lt)
```
```   681     hence "succ(y) < i" using nsucc [of y]
```
```   682       by (blast intro: Ord_linear_lt [OF Osy Oi]) }
```
```   683   thus ?thesis using i Oi by (auto simp add: Limit_def)
```
```   684 qed
```
```   685
```
```   686 lemma succ_LimitE [elim!]: "Limit(succ(i)) ==> P"
```
```   687 apply (rule lt_irrefl)
```
```   688 apply (rule Limit_has_succ, assumption)
```
```   689 apply (erule Limit_is_Ord [THEN Ord_succD, THEN le_refl])
```
```   690 done
```
```   691
```
```   692 lemma not_succ_Limit [simp]: "~ Limit(succ(i))"
```
```   693 by blast
```
```   694
```
```   695 lemma Limit_le_succD: "[| Limit(i);  i \<le> succ(j) |] ==> i \<le> j"
```
```   696 by (blast elim!: leE)
```
```   697
```
```   698
```
```   699 subsubsection\<open>Traditional 3-Way Case Analysis on Ordinals\<close>
```
```   700
```
```   701 lemma Ord_cases_disj: "Ord(i) ==> i=0 | (\<exists>j. Ord(j) & i=succ(j)) | Limit(i)"
```
```   702 by (blast intro!: non_succ_LimitI Ord_0_lt)
```
```   703
```
```   704 lemma Ord_cases:
```
```   705  assumes i: "Ord(i)"
```
```   706  obtains ("0") "i=0" | (succ) j where "Ord(j)" "i=succ(j)" | (limit) "Limit(i)"
```
```   707 by (insert Ord_cases_disj [OF i], auto)
```
```   708
```
```   709 lemma trans_induct3_raw:
```
```   710      "[| Ord(i);
```
```   711          P(0);
```
```   712          !!x. [| Ord(x);  P(x) |] ==> P(succ(x));
```
```   713          !!x. [| Limit(x);  \<forall>y\<in>x. P(y) |] ==> P(x)
```
```   714       |] ==> P(i)"
```
```   715 apply (erule trans_induct)
```
```   716 apply (erule Ord_cases, blast+)
```
```   717 done
```
```   718
```
```   719 lemmas trans_induct3 = trans_induct3_raw [rule_format, case_names 0 succ limit, consumes 1]
```
```   720
```
```   721 text\<open>A set of ordinals is either empty, contains its own union, or its
```
```   722 union is a limit ordinal.\<close>
```
```   723
```
```   724 lemma Union_le: "[| !!x. x\<in>I ==> x\<le>j; Ord(j) |] ==> \<Union>(I) \<le> j"
```
```   725   by (auto simp add: le_subset_iff Union_least)
```
```   726
```
```   727 lemma Ord_set_cases:
```
```   728   assumes I: "\<forall>i\<in>I. Ord(i)"
```
```   729   shows "I=0 \<or> \<Union>(I) \<in> I \<or> (\<Union>(I) \<notin> I \<and> Limit(\<Union>(I)))"
```
```   730 proof (cases "\<Union>(I)" rule: Ord_cases)
```
```   731   show "Ord(\<Union>I)" using I by (blast intro: Ord_Union)
```
```   732 next
```
```   733   assume "\<Union>I = 0" thus ?thesis by (simp, blast intro: subst_elem)
```
```   734 next
```
```   735   fix j
```
```   736   assume j: "Ord(j)" and UIj:"\<Union>(I) = succ(j)"
```
```   737   { assume "\<forall>i\<in>I. i\<le>j"
```
```   738     hence "\<Union>(I) \<le> j"
```
```   739       by (simp add: Union_le j)
```
```   740     hence False
```
```   741       by (simp add: UIj lt_not_refl) }
```
```   742   then obtain i where i: "i \<in> I" "succ(j) \<le> i" using I j
```
```   743     by (atomize, auto simp add: not_le_iff_lt)
```
```   744   have "\<Union>(I) \<le> succ(j)" using UIj j by auto
```
```   745   hence "i \<le> succ(j)" using i
```
```   746     by (simp add: le_subset_iff Union_subset_iff)
```
```   747   hence "succ(j) = i" using i
```
```   748     by (blast intro: le_anti_sym)
```
```   749   hence "succ(j) \<in> I" by (simp add: i)
```
```   750   thus ?thesis by (simp add: UIj)
```
```   751 next
```
```   752   assume "Limit(\<Union>I)" thus ?thesis by auto
```
```   753 qed
```
```   754
```
```   755 text\<open>If the union of a set of ordinals is a successor, then it is an element of that set.\<close>
```
```   756 lemma Ord_Union_eq_succD: "[|\<forall>x\<in>X. Ord(x);  \<Union>X = succ(j)|] ==> succ(j) \<in> X"
```
```   757   by (drule Ord_set_cases, auto)
```
```   758
```
```   759 lemma Limit_Union [rule_format]: "[| I \<noteq> 0;  \<forall>i\<in>I. Limit(i) |] ==> Limit(\<Union>I)"
```
```   760 apply (simp add: Limit_def lt_def)
```
```   761 apply (blast intro!: equalityI)
```
```   762 done
```
```   763
```
```   764 end
```