src/ZF/Constructible/L_axioms.thy
author wenzelm
Mon Jul 29 00:57:16 2002 +0200 (2002-07-29)
changeset 13428 99e52e78eb65
parent 13418 7c0ba9dba978
child 13429 2232810416fc
permissions -rw-r--r--
eliminate open locales and special ML code;
     1 header {*The ZF Axioms (Except Separation) in L*}
     2 
     3 theory L_axioms = Formula + Relative + Reflection + MetaExists:
     4 
     5 text {* The class L satisfies the premises of locale @{text M_triv_axioms} *}
     6 
     7 lemma transL: "[| y\<in>x; L(x) |] ==> L(y)"
     8 apply (insert Transset_Lset) 
     9 apply (simp add: Transset_def L_def, blast) 
    10 done
    11 
    12 lemma nonempty: "L(0)"
    13 apply (simp add: L_def) 
    14 apply (blast intro: zero_in_Lset) 
    15 done
    16 
    17 lemma upair_ax: "upair_ax(L)"
    18 apply (simp add: upair_ax_def upair_def, clarify)
    19 apply (rule_tac x="{x,y}" in rexI)  
    20 apply (simp_all add: doubleton_in_L) 
    21 done
    22 
    23 lemma Union_ax: "Union_ax(L)"
    24 apply (simp add: Union_ax_def big_union_def, clarify)
    25 apply (rule_tac x="Union(x)" in rexI)  
    26 apply (simp_all add: Union_in_L, auto) 
    27 apply (blast intro: transL) 
    28 done
    29 
    30 lemma power_ax: "power_ax(L)"
    31 apply (simp add: power_ax_def powerset_def Relative.subset_def, clarify)
    32 apply (rule_tac x="{y \<in> Pow(x). L(y)}" in rexI)  
    33 apply (simp_all add: LPow_in_L, auto)
    34 apply (blast intro: transL) 
    35 done
    36 
    37 subsubsection{*For L to satisfy Replacement *}
    38 
    39 (*Can't move these to Formula unless the definition of univalent is moved
    40 there too!*)
    41 
    42 lemma LReplace_in_Lset:
    43      "[|X \<in> Lset(i); univalent(L,X,Q); Ord(i)|] 
    44       ==> \<exists>j. Ord(j) & Replace(X, %x y. Q(x,y) & L(y)) \<subseteq> Lset(j)"
    45 apply (rule_tac x="\<Union>y \<in> Replace(X, %x y. Q(x,y) & L(y)). succ(lrank(y))" 
    46        in exI)
    47 apply simp
    48 apply clarify 
    49 apply (rule_tac a=x in UN_I)  
    50  apply (simp_all add: Replace_iff univalent_def) 
    51 apply (blast dest: transL L_I) 
    52 done
    53 
    54 lemma LReplace_in_L: 
    55      "[|L(X); univalent(L,X,Q)|] 
    56       ==> \<exists>Y. L(Y) & Replace(X, %x y. Q(x,y) & L(y)) \<subseteq> Y"
    57 apply (drule L_D, clarify) 
    58 apply (drule LReplace_in_Lset, assumption+)
    59 apply (blast intro: L_I Lset_in_Lset_succ)
    60 done
    61 
    62 lemma replacement: "replacement(L,P)"
    63 apply (simp add: replacement_def, clarify)
    64 apply (frule LReplace_in_L, assumption+, clarify) 
    65 apply (rule_tac x=Y in rexI)   
    66 apply (simp_all add: Replace_iff univalent_def, blast) 
    67 done
    68 
    69 subsection{*Instantiating the locale @{text M_triv_axioms}*}
    70 text{*No instances of Separation yet.*}
    71 
    72 lemma Lset_mono_le: "mono_le_subset(Lset)"
    73 by (simp add: mono_le_subset_def le_imp_subset Lset_mono) 
    74 
    75 lemma Lset_cont: "cont_Ord(Lset)"
    76 by (simp add: cont_Ord_def Limit_Lset_eq OUnion_def Limit_is_Ord) 
    77 
    78 lemmas Pair_in_Lset = Formula.Pair_in_LLimit
    79 
    80 lemmas L_nat = Ord_in_L [OF Ord_nat]
    81 
    82 theorem M_triv_axioms_L: "PROP M_triv_axioms(L)"
    83   apply (rule M_triv_axioms.intro)
    84         apply (erule (1) transL)
    85        apply (rule nonempty)
    86       apply (rule upair_ax)
    87      apply (rule Union_ax)
    88     apply (rule power_ax)
    89    apply (rule replacement)
    90   apply (rule L_nat)
    91   done
    92 
    93 lemmas rall_abs [simp] = M_triv_axioms.rall_abs [OF M_triv_axioms_L]
    94   and rex_abs [simp] = M_triv_axioms.rex_abs [OF M_triv_axioms_L]
    95   and ball_iff_equiv = M_triv_axioms.ball_iff_equiv [OF M_triv_axioms_L]
    96   and M_equalityI = M_triv_axioms.M_equalityI [OF M_triv_axioms_L]
    97   and empty_abs [simp] = M_triv_axioms.empty_abs [OF M_triv_axioms_L]
    98   and subset_abs [simp] = M_triv_axioms.subset_abs [OF M_triv_axioms_L]
    99   and upair_abs [simp] = M_triv_axioms.upair_abs [OF M_triv_axioms_L]
   100   and upair_in_M_iff [iff] = M_triv_axioms.upair_in_M_iff [OF M_triv_axioms_L]
   101   and singleton_in_M_iff [iff] = M_triv_axioms.singleton_in_M_iff [OF M_triv_axioms_L]
   102   and pair_abs [simp] = M_triv_axioms.pair_abs [OF M_triv_axioms_L]
   103   and pair_in_M_iff [iff] = M_triv_axioms.pair_in_M_iff [OF M_triv_axioms_L]
   104   and pair_components_in_M = M_triv_axioms.pair_components_in_M [OF M_triv_axioms_L]
   105   and cartprod_abs [simp] = M_triv_axioms.cartprod_abs [OF M_triv_axioms_L]
   106   and union_abs [simp] = M_triv_axioms.union_abs [OF M_triv_axioms_L]
   107   and inter_abs [simp] = M_triv_axioms.inter_abs [OF M_triv_axioms_L]
   108   and setdiff_abs [simp] = M_triv_axioms.setdiff_abs [OF M_triv_axioms_L]
   109   and Union_abs [simp] = M_triv_axioms.Union_abs [OF M_triv_axioms_L]
   110   and Union_closed [intro, simp] = M_triv_axioms.Union_closed [OF M_triv_axioms_L]
   111   and Un_closed [intro, simp] = M_triv_axioms.Un_closed [OF M_triv_axioms_L]
   112   and cons_closed [intro, simp] = M_triv_axioms.cons_closed [OF M_triv_axioms_L]
   113   and successor_abs [simp] = M_triv_axioms.successor_abs [OF M_triv_axioms_L]
   114   and succ_in_M_iff [iff] = M_triv_axioms.succ_in_M_iff [OF M_triv_axioms_L]
   115   and separation_closed [intro, simp] = M_triv_axioms.separation_closed [OF M_triv_axioms_L]
   116   and strong_replacementI = M_triv_axioms.strong_replacementI [OF M_triv_axioms_L]
   117   and strong_replacement_closed [intro, simp] = M_triv_axioms.strong_replacement_closed [OF M_triv_axioms_L]
   118   and RepFun_closed [intro, simp] = M_triv_axioms.RepFun_closed [OF M_triv_axioms_L]
   119   and lam_closed [intro, simp] = M_triv_axioms.lam_closed [OF M_triv_axioms_L]
   120   and image_abs [simp] = M_triv_axioms.image_abs [OF M_triv_axioms_L]
   121   and powerset_Pow = M_triv_axioms.powerset_Pow [OF M_triv_axioms_L]
   122   and powerset_imp_subset_Pow = M_triv_axioms.powerset_imp_subset_Pow [OF M_triv_axioms_L]
   123   and nat_into_M [intro] = M_triv_axioms.nat_into_M [OF M_triv_axioms_L]
   124   and nat_case_closed = M_triv_axioms.nat_case_closed [OF M_triv_axioms_L]
   125   and Inl_in_M_iff [iff] = M_triv_axioms.Inl_in_M_iff [OF M_triv_axioms_L]
   126   and Inr_in_M_iff [iff] = M_triv_axioms.Inr_in_M_iff [OF M_triv_axioms_L]
   127   and lt_closed = M_triv_axioms.lt_closed [OF M_triv_axioms_L]
   128   and transitive_set_abs [simp] = M_triv_axioms.transitive_set_abs [OF M_triv_axioms_L]
   129   and ordinal_abs [simp] = M_triv_axioms.ordinal_abs [OF M_triv_axioms_L]
   130   and limit_ordinal_abs [simp] = M_triv_axioms.limit_ordinal_abs [OF M_triv_axioms_L]
   131   and successor_ordinal_abs [simp] = M_triv_axioms.successor_ordinal_abs [OF M_triv_axioms_L]
   132   and finite_ordinal_abs = M_triv_axioms.finite_ordinal_abs [OF M_triv_axioms_L]
   133   and omega_abs [simp] = M_triv_axioms.omega_abs [OF M_triv_axioms_L]
   134   and number1_abs [simp] = M_triv_axioms.number1_abs [OF M_triv_axioms_L]
   135   and number2_abs [simp] = M_triv_axioms.number2_abs [OF M_triv_axioms_L]
   136   and number3_abs [simp] = M_triv_axioms.number3_abs [OF M_triv_axioms_L]
   137 
   138 
   139 subsection{*Instantiation of the locale @{text reflection}*}
   140 
   141 text{*instances of locale constants*}
   142 constdefs
   143   L_F0 :: "[i=>o,i] => i"
   144     "L_F0(P,y) == \<mu>b. (\<exists>z. L(z) \<and> P(<y,z>)) --> (\<exists>z\<in>Lset(b). P(<y,z>))"
   145 
   146   L_FF :: "[i=>o,i] => i"
   147     "L_FF(P)   == \<lambda>a. \<Union>y\<in>Lset(a). L_F0(P,y)"
   148 
   149   L_ClEx :: "[i=>o,i] => o"
   150     "L_ClEx(P) == \<lambda>a. Limit(a) \<and> normalize(L_FF(P),a) = a"
   151 
   152 
   153 text{*We must use the meta-existential quantifier; otherwise the reflection
   154       terms become enormous!*} 
   155 constdefs
   156   L_Reflects :: "[i=>o,[i,i]=>o] => prop"      ("(3REFLECTS/ [_,/ _])")
   157     "REFLECTS[P,Q] == (??Cl. Closed_Unbounded(Cl) &
   158                            (\<forall>a. Cl(a) --> (\<forall>x \<in> Lset(a). P(x) <-> Q(a,x))))"
   159 
   160 
   161 theorem Triv_reflection:
   162      "REFLECTS[P, \<lambda>a x. P(x)]"
   163 apply (simp add: L_Reflects_def) 
   164 apply (rule meta_exI) 
   165 apply (rule Closed_Unbounded_Ord) 
   166 done
   167 
   168 theorem Not_reflection:
   169      "REFLECTS[P,Q] ==> REFLECTS[\<lambda>x. ~P(x), \<lambda>a x. ~Q(a,x)]"
   170 apply (unfold L_Reflects_def) 
   171 apply (erule meta_exE) 
   172 apply (rule_tac x=Cl in meta_exI, simp) 
   173 done
   174 
   175 theorem And_reflection:
   176      "[| REFLECTS[P,Q]; REFLECTS[P',Q'] |] 
   177       ==> REFLECTS[\<lambda>x. P(x) \<and> P'(x), \<lambda>a x. Q(a,x) \<and> Q'(a,x)]"
   178 apply (unfold L_Reflects_def) 
   179 apply (elim meta_exE) 
   180 apply (rule_tac x="\<lambda>a. Cl(a) \<and> Cla(a)" in meta_exI) 
   181 apply (simp add: Closed_Unbounded_Int, blast) 
   182 done
   183 
   184 theorem Or_reflection:
   185      "[| REFLECTS[P,Q]; REFLECTS[P',Q'] |] 
   186       ==> REFLECTS[\<lambda>x. P(x) \<or> P'(x), \<lambda>a x. Q(a,x) \<or> Q'(a,x)]"
   187 apply (unfold L_Reflects_def) 
   188 apply (elim meta_exE) 
   189 apply (rule_tac x="\<lambda>a. Cl(a) \<and> Cla(a)" in meta_exI) 
   190 apply (simp add: Closed_Unbounded_Int, blast) 
   191 done
   192 
   193 theorem Imp_reflection:
   194      "[| REFLECTS[P,Q]; REFLECTS[P',Q'] |] 
   195       ==> REFLECTS[\<lambda>x. P(x) --> P'(x), \<lambda>a x. Q(a,x) --> Q'(a,x)]"
   196 apply (unfold L_Reflects_def) 
   197 apply (elim meta_exE) 
   198 apply (rule_tac x="\<lambda>a. Cl(a) \<and> Cla(a)" in meta_exI) 
   199 apply (simp add: Closed_Unbounded_Int, blast) 
   200 done
   201 
   202 theorem Iff_reflection:
   203      "[| REFLECTS[P,Q]; REFLECTS[P',Q'] |] 
   204       ==> REFLECTS[\<lambda>x. P(x) <-> P'(x), \<lambda>a x. Q(a,x) <-> Q'(a,x)]"
   205 apply (unfold L_Reflects_def) 
   206 apply (elim meta_exE) 
   207 apply (rule_tac x="\<lambda>a. Cl(a) \<and> Cla(a)" in meta_exI) 
   208 apply (simp add: Closed_Unbounded_Int, blast) 
   209 done
   210 
   211 
   212 theorem Ex_reflection:
   213      "REFLECTS[\<lambda>x. P(fst(x),snd(x)), \<lambda>a x. Q(a,fst(x),snd(x))]
   214       ==> REFLECTS[\<lambda>x. \<exists>z. L(z) \<and> P(x,z), \<lambda>a x. \<exists>z\<in>Lset(a). Q(a,x,z)]"
   215 apply (unfold L_Reflects_def L_ClEx_def L_FF_def L_F0_def L_def) 
   216 apply (elim meta_exE) 
   217 apply (rule meta_exI)
   218 apply (rule reflection.Ex_reflection
   219   [OF reflection.intro, OF Lset_mono_le Lset_cont Pair_in_Lset],
   220   assumption+)
   221 done
   222 
   223 theorem All_reflection:
   224      "REFLECTS[\<lambda>x. P(fst(x),snd(x)), \<lambda>a x. Q(a,fst(x),snd(x))]
   225       ==> REFLECTS[\<lambda>x. \<forall>z. L(z) --> P(x,z), \<lambda>a x. \<forall>z\<in>Lset(a). Q(a,x,z)]" 
   226 apply (unfold L_Reflects_def L_ClEx_def L_FF_def L_F0_def L_def) 
   227 apply (elim meta_exE) 
   228 apply (rule meta_exI)
   229 apply (rule reflection.All_reflection
   230   [OF reflection.intro, OF Lset_mono_le Lset_cont Pair_in_Lset],
   231        assumption+)
   232 done
   233 
   234 theorem Rex_reflection:
   235      "REFLECTS[ \<lambda>x. P(fst(x),snd(x)), \<lambda>a x. Q(a,fst(x),snd(x))]
   236       ==> REFLECTS[\<lambda>x. \<exists>z[L]. P(x,z), \<lambda>a x. \<exists>z\<in>Lset(a). Q(a,x,z)]"
   237 apply (unfold rex_def) 
   238 apply (intro And_reflection Ex_reflection, assumption)
   239 done
   240 
   241 theorem Rall_reflection:
   242      "REFLECTS[\<lambda>x. P(fst(x),snd(x)), \<lambda>a x. Q(a,fst(x),snd(x))]
   243       ==> REFLECTS[\<lambda>x. \<forall>z[L]. P(x,z), \<lambda>a x. \<forall>z\<in>Lset(a). Q(a,x,z)]" 
   244 apply (unfold rall_def) 
   245 apply (intro Imp_reflection All_reflection, assumption)
   246 done
   247 
   248 lemmas FOL_reflections = 
   249         Triv_reflection Not_reflection And_reflection Or_reflection
   250         Imp_reflection Iff_reflection Ex_reflection All_reflection
   251         Rex_reflection Rall_reflection
   252 
   253 lemma ReflectsD:
   254      "[|REFLECTS[P,Q]; Ord(i)|] 
   255       ==> \<exists>j. i<j & (\<forall>x \<in> Lset(j). P(x) <-> Q(j,x))"
   256 apply (unfold L_Reflects_def Closed_Unbounded_def) 
   257 apply (elim meta_exE, clarify) 
   258 apply (blast dest!: UnboundedD) 
   259 done
   260 
   261 lemma ReflectsE:
   262      "[| REFLECTS[P,Q]; Ord(i);
   263          !!j. [|i<j;  \<forall>x \<in> Lset(j). P(x) <-> Q(j,x)|] ==> R |]
   264       ==> R"
   265 apply (drule ReflectsD, assumption, blast) 
   266 done
   267 
   268 lemma Collect_mem_eq: "{x\<in>A. x\<in>B} = A \<inter> B"
   269 by blast
   270 
   271 
   272 subsection{*Internalized Formulas for some Set-Theoretic Concepts*}
   273 
   274 lemmas setclass_simps = rall_setclass_is_ball rex_setclass_is_bex
   275 
   276 subsubsection{*Some numbers to help write de Bruijn indices*}
   277 
   278 syntax
   279     "3" :: i   ("3")
   280     "4" :: i   ("4")
   281     "5" :: i   ("5")
   282     "6" :: i   ("6")
   283     "7" :: i   ("7")
   284     "8" :: i   ("8")
   285     "9" :: i   ("9")
   286 
   287 translations
   288    "3"  == "succ(2)"
   289    "4"  == "succ(3)"
   290    "5"  == "succ(4)"
   291    "6"  == "succ(5)"
   292    "7"  == "succ(6)"
   293    "8"  == "succ(7)"
   294    "9"  == "succ(8)"
   295 
   296 
   297 subsubsection{*The Empty Set, Internalized*}
   298 
   299 constdefs empty_fm :: "i=>i"
   300     "empty_fm(x) == Forall(Neg(Member(0,succ(x))))"
   301 
   302 lemma empty_type [TC]:
   303      "x \<in> nat ==> empty_fm(x) \<in> formula"
   304 by (simp add: empty_fm_def) 
   305 
   306 lemma arity_empty_fm [simp]:
   307      "x \<in> nat ==> arity(empty_fm(x)) = succ(x)"
   308 by (simp add: empty_fm_def succ_Un_distrib [symmetric] Un_ac) 
   309 
   310 lemma sats_empty_fm [simp]:
   311    "[| x \<in> nat; env \<in> list(A)|]
   312     ==> sats(A, empty_fm(x), env) <-> empty(**A, nth(x,env))"
   313 by (simp add: empty_fm_def empty_def)
   314 
   315 lemma empty_iff_sats:
   316       "[| nth(i,env) = x; nth(j,env) = y; 
   317           i \<in> nat; env \<in> list(A)|]
   318        ==> empty(**A, x) <-> sats(A, empty_fm(i), env)"
   319 by simp
   320 
   321 theorem empty_reflection:
   322      "REFLECTS[\<lambda>x. empty(L,f(x)), 
   323                \<lambda>i x. empty(**Lset(i),f(x))]"
   324 apply (simp only: empty_def setclass_simps)
   325 apply (intro FOL_reflections)  
   326 done
   327 
   328 text{*Not used.  But maybe useful?*}
   329 lemma Transset_sats_empty_fm_eq_0:
   330    "[| n \<in> nat; env \<in> list(A); Transset(A)|]
   331     ==> sats(A, empty_fm(n), env) <-> nth(n,env) = 0"
   332 apply (simp add: empty_fm_def empty_def Transset_def, auto)
   333 apply (case_tac "n < length(env)") 
   334 apply (frule nth_type, assumption+, blast)  
   335 apply (simp_all add: not_lt_iff_le nth_eq_0) 
   336 done
   337 
   338 
   339 subsubsection{*Unordered Pairs, Internalized*}
   340 
   341 constdefs upair_fm :: "[i,i,i]=>i"
   342     "upair_fm(x,y,z) == 
   343        And(Member(x,z), 
   344            And(Member(y,z),
   345                Forall(Implies(Member(0,succ(z)), 
   346                               Or(Equal(0,succ(x)), Equal(0,succ(y)))))))"
   347 
   348 lemma upair_type [TC]:
   349      "[| x \<in> nat; y \<in> nat; z \<in> nat |] ==> upair_fm(x,y,z) \<in> formula"
   350 by (simp add: upair_fm_def) 
   351 
   352 lemma arity_upair_fm [simp]:
   353      "[| x \<in> nat; y \<in> nat; z \<in> nat |] 
   354       ==> arity(upair_fm(x,y,z)) = succ(x) \<union> succ(y) \<union> succ(z)"
   355 by (simp add: upair_fm_def succ_Un_distrib [symmetric] Un_ac) 
   356 
   357 lemma sats_upair_fm [simp]:
   358    "[| x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
   359     ==> sats(A, upair_fm(x,y,z), env) <-> 
   360             upair(**A, nth(x,env), nth(y,env), nth(z,env))"
   361 by (simp add: upair_fm_def upair_def)
   362 
   363 lemma upair_iff_sats:
   364       "[| nth(i,env) = x; nth(j,env) = y; nth(k,env) = z; 
   365           i \<in> nat; j \<in> nat; k \<in> nat; env \<in> list(A)|]
   366        ==> upair(**A, x, y, z) <-> sats(A, upair_fm(i,j,k), env)"
   367 by (simp add: sats_upair_fm)
   368 
   369 text{*Useful? At least it refers to "real" unordered pairs*}
   370 lemma sats_upair_fm2 [simp]:
   371    "[| x \<in> nat; y \<in> nat; z < length(env); env \<in> list(A); Transset(A)|]
   372     ==> sats(A, upair_fm(x,y,z), env) <-> 
   373         nth(z,env) = {nth(x,env), nth(y,env)}"
   374 apply (frule lt_length_in_nat, assumption)  
   375 apply (simp add: upair_fm_def Transset_def, auto) 
   376 apply (blast intro: nth_type) 
   377 done
   378 
   379 theorem upair_reflection:
   380      "REFLECTS[\<lambda>x. upair(L,f(x),g(x),h(x)), 
   381                \<lambda>i x. upair(**Lset(i),f(x),g(x),h(x))]" 
   382 apply (simp add: upair_def)
   383 apply (intro FOL_reflections)  
   384 done
   385 
   386 subsubsection{*Ordered pairs, Internalized*}
   387 
   388 constdefs pair_fm :: "[i,i,i]=>i"
   389     "pair_fm(x,y,z) == 
   390        Exists(And(upair_fm(succ(x),succ(x),0),
   391               Exists(And(upair_fm(succ(succ(x)),succ(succ(y)),0),
   392                          upair_fm(1,0,succ(succ(z)))))))"
   393 
   394 lemma pair_type [TC]:
   395      "[| x \<in> nat; y \<in> nat; z \<in> nat |] ==> pair_fm(x,y,z) \<in> formula"
   396 by (simp add: pair_fm_def) 
   397 
   398 lemma arity_pair_fm [simp]:
   399      "[| x \<in> nat; y \<in> nat; z \<in> nat |] 
   400       ==> arity(pair_fm(x,y,z)) = succ(x) \<union> succ(y) \<union> succ(z)"
   401 by (simp add: pair_fm_def succ_Un_distrib [symmetric] Un_ac) 
   402 
   403 lemma sats_pair_fm [simp]:
   404    "[| x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
   405     ==> sats(A, pair_fm(x,y,z), env) <-> 
   406         pair(**A, nth(x,env), nth(y,env), nth(z,env))"
   407 by (simp add: pair_fm_def pair_def)
   408 
   409 lemma pair_iff_sats:
   410       "[| nth(i,env) = x; nth(j,env) = y; nth(k,env) = z; 
   411           i \<in> nat; j \<in> nat; k \<in> nat; env \<in> list(A)|]
   412        ==> pair(**A, x, y, z) <-> sats(A, pair_fm(i,j,k), env)"
   413 by (simp add: sats_pair_fm)
   414 
   415 theorem pair_reflection:
   416      "REFLECTS[\<lambda>x. pair(L,f(x),g(x),h(x)), 
   417                \<lambda>i x. pair(**Lset(i),f(x),g(x),h(x))]"
   418 apply (simp only: pair_def setclass_simps)
   419 apply (intro FOL_reflections upair_reflection)  
   420 done
   421 
   422 
   423 subsubsection{*Binary Unions, Internalized*}
   424 
   425 constdefs union_fm :: "[i,i,i]=>i"
   426     "union_fm(x,y,z) == 
   427        Forall(Iff(Member(0,succ(z)),
   428                   Or(Member(0,succ(x)),Member(0,succ(y)))))"
   429 
   430 lemma union_type [TC]:
   431      "[| x \<in> nat; y \<in> nat; z \<in> nat |] ==> union_fm(x,y,z) \<in> formula"
   432 by (simp add: union_fm_def) 
   433 
   434 lemma arity_union_fm [simp]:
   435      "[| x \<in> nat; y \<in> nat; z \<in> nat |] 
   436       ==> arity(union_fm(x,y,z)) = succ(x) \<union> succ(y) \<union> succ(z)"
   437 by (simp add: union_fm_def succ_Un_distrib [symmetric] Un_ac) 
   438 
   439 lemma sats_union_fm [simp]:
   440    "[| x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
   441     ==> sats(A, union_fm(x,y,z), env) <-> 
   442         union(**A, nth(x,env), nth(y,env), nth(z,env))"
   443 by (simp add: union_fm_def union_def)
   444 
   445 lemma union_iff_sats:
   446       "[| nth(i,env) = x; nth(j,env) = y; nth(k,env) = z; 
   447           i \<in> nat; j \<in> nat; k \<in> nat; env \<in> list(A)|]
   448        ==> union(**A, x, y, z) <-> sats(A, union_fm(i,j,k), env)"
   449 by (simp add: sats_union_fm)
   450 
   451 theorem union_reflection:
   452      "REFLECTS[\<lambda>x. union(L,f(x),g(x),h(x)), 
   453                \<lambda>i x. union(**Lset(i),f(x),g(x),h(x))]"
   454 apply (simp only: union_def setclass_simps)
   455 apply (intro FOL_reflections)  
   456 done
   457 
   458 
   459 subsubsection{*Set ``Cons,'' Internalized*}
   460 
   461 constdefs cons_fm :: "[i,i,i]=>i"
   462     "cons_fm(x,y,z) == 
   463        Exists(And(upair_fm(succ(x),succ(x),0),
   464                   union_fm(0,succ(y),succ(z))))"
   465 
   466 
   467 lemma cons_type [TC]:
   468      "[| x \<in> nat; y \<in> nat; z \<in> nat |] ==> cons_fm(x,y,z) \<in> formula"
   469 by (simp add: cons_fm_def) 
   470 
   471 lemma arity_cons_fm [simp]:
   472      "[| x \<in> nat; y \<in> nat; z \<in> nat |] 
   473       ==> arity(cons_fm(x,y,z)) = succ(x) \<union> succ(y) \<union> succ(z)"
   474 by (simp add: cons_fm_def succ_Un_distrib [symmetric] Un_ac) 
   475 
   476 lemma sats_cons_fm [simp]:
   477    "[| x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
   478     ==> sats(A, cons_fm(x,y,z), env) <-> 
   479         is_cons(**A, nth(x,env), nth(y,env), nth(z,env))"
   480 by (simp add: cons_fm_def is_cons_def)
   481 
   482 lemma cons_iff_sats:
   483       "[| nth(i,env) = x; nth(j,env) = y; nth(k,env) = z; 
   484           i \<in> nat; j \<in> nat; k \<in> nat; env \<in> list(A)|]
   485        ==> is_cons(**A, x, y, z) <-> sats(A, cons_fm(i,j,k), env)"
   486 by simp
   487 
   488 theorem cons_reflection:
   489      "REFLECTS[\<lambda>x. is_cons(L,f(x),g(x),h(x)), 
   490                \<lambda>i x. is_cons(**Lset(i),f(x),g(x),h(x))]"
   491 apply (simp only: is_cons_def setclass_simps)
   492 apply (intro FOL_reflections upair_reflection union_reflection)  
   493 done
   494 
   495 
   496 subsubsection{*Successor Function, Internalized*}
   497 
   498 constdefs succ_fm :: "[i,i]=>i"
   499     "succ_fm(x,y) == cons_fm(x,x,y)"
   500 
   501 lemma succ_type [TC]:
   502      "[| x \<in> nat; y \<in> nat |] ==> succ_fm(x,y) \<in> formula"
   503 by (simp add: succ_fm_def) 
   504 
   505 lemma arity_succ_fm [simp]:
   506      "[| x \<in> nat; y \<in> nat |] 
   507       ==> arity(succ_fm(x,y)) = succ(x) \<union> succ(y)"
   508 by (simp add: succ_fm_def)
   509 
   510 lemma sats_succ_fm [simp]:
   511    "[| x \<in> nat; y \<in> nat; env \<in> list(A)|]
   512     ==> sats(A, succ_fm(x,y), env) <-> 
   513         successor(**A, nth(x,env), nth(y,env))"
   514 by (simp add: succ_fm_def successor_def)
   515 
   516 lemma successor_iff_sats:
   517       "[| nth(i,env) = x; nth(j,env) = y; 
   518           i \<in> nat; j \<in> nat; env \<in> list(A)|]
   519        ==> successor(**A, x, y) <-> sats(A, succ_fm(i,j), env)"
   520 by simp
   521 
   522 theorem successor_reflection:
   523      "REFLECTS[\<lambda>x. successor(L,f(x),g(x)), 
   524                \<lambda>i x. successor(**Lset(i),f(x),g(x))]"
   525 apply (simp only: successor_def setclass_simps)
   526 apply (intro cons_reflection)  
   527 done
   528 
   529 
   530 subsubsection{*The Number 1, Internalized*}
   531 
   532 (* "number1(M,a) == (\<exists>x[M]. empty(M,x) & successor(M,x,a))" *)
   533 constdefs number1_fm :: "i=>i"
   534     "number1_fm(a) == Exists(And(empty_fm(0), succ_fm(0,succ(a))))"
   535 
   536 lemma number1_type [TC]:
   537      "x \<in> nat ==> number1_fm(x) \<in> formula"
   538 by (simp add: number1_fm_def) 
   539 
   540 lemma arity_number1_fm [simp]:
   541      "x \<in> nat ==> arity(number1_fm(x)) = succ(x)"
   542 by (simp add: number1_fm_def succ_Un_distrib [symmetric] Un_ac) 
   543 
   544 lemma sats_number1_fm [simp]:
   545    "[| x \<in> nat; env \<in> list(A)|]
   546     ==> sats(A, number1_fm(x), env) <-> number1(**A, nth(x,env))"
   547 by (simp add: number1_fm_def number1_def)
   548 
   549 lemma number1_iff_sats:
   550       "[| nth(i,env) = x; nth(j,env) = y; 
   551           i \<in> nat; env \<in> list(A)|]
   552        ==> number1(**A, x) <-> sats(A, number1_fm(i), env)"
   553 by simp
   554 
   555 theorem number1_reflection:
   556      "REFLECTS[\<lambda>x. number1(L,f(x)), 
   557                \<lambda>i x. number1(**Lset(i),f(x))]"
   558 apply (simp only: number1_def setclass_simps)
   559 apply (intro FOL_reflections empty_reflection successor_reflection)
   560 done
   561 
   562 
   563 subsubsection{*Big Union, Internalized*}
   564 
   565 (*  "big_union(M,A,z) == \<forall>x[M]. x \<in> z <-> (\<exists>y[M]. y\<in>A & x \<in> y)" *)
   566 constdefs big_union_fm :: "[i,i]=>i"
   567     "big_union_fm(A,z) == 
   568        Forall(Iff(Member(0,succ(z)),
   569                   Exists(And(Member(0,succ(succ(A))), Member(1,0)))))"
   570 
   571 lemma big_union_type [TC]:
   572      "[| x \<in> nat; y \<in> nat |] ==> big_union_fm(x,y) \<in> formula"
   573 by (simp add: big_union_fm_def) 
   574 
   575 lemma arity_big_union_fm [simp]:
   576      "[| x \<in> nat; y \<in> nat |] 
   577       ==> arity(big_union_fm(x,y)) = succ(x) \<union> succ(y)"
   578 by (simp add: big_union_fm_def succ_Un_distrib [symmetric] Un_ac)
   579 
   580 lemma sats_big_union_fm [simp]:
   581    "[| x \<in> nat; y \<in> nat; env \<in> list(A)|]
   582     ==> sats(A, big_union_fm(x,y), env) <-> 
   583         big_union(**A, nth(x,env), nth(y,env))"
   584 by (simp add: big_union_fm_def big_union_def)
   585 
   586 lemma big_union_iff_sats:
   587       "[| nth(i,env) = x; nth(j,env) = y; 
   588           i \<in> nat; j \<in> nat; env \<in> list(A)|]
   589        ==> big_union(**A, x, y) <-> sats(A, big_union_fm(i,j), env)"
   590 by simp
   591 
   592 theorem big_union_reflection:
   593      "REFLECTS[\<lambda>x. big_union(L,f(x),g(x)), 
   594                \<lambda>i x. big_union(**Lset(i),f(x),g(x))]"
   595 apply (simp only: big_union_def setclass_simps)
   596 apply (intro FOL_reflections)  
   597 done
   598 
   599 
   600 subsubsection{*Variants of Satisfaction Definitions for Ordinals, etc.*}
   601 
   602 text{*Differs from the one in Formula by using "ordinal" rather than "Ord"*}
   603 
   604 
   605 lemma sats_subset_fm':
   606    "[|x \<in> nat; y \<in> nat; env \<in> list(A)|]
   607     ==> sats(A, subset_fm(x,y), env) <-> subset(**A, nth(x,env), nth(y,env))" 
   608 by (simp add: subset_fm_def Relative.subset_def) 
   609 
   610 theorem subset_reflection:
   611      "REFLECTS[\<lambda>x. subset(L,f(x),g(x)), 
   612                \<lambda>i x. subset(**Lset(i),f(x),g(x))]" 
   613 apply (simp only: Relative.subset_def setclass_simps)
   614 apply (intro FOL_reflections)  
   615 done
   616 
   617 lemma sats_transset_fm':
   618    "[|x \<in> nat; env \<in> list(A)|]
   619     ==> sats(A, transset_fm(x), env) <-> transitive_set(**A, nth(x,env))"
   620 by (simp add: sats_subset_fm' transset_fm_def transitive_set_def) 
   621 
   622 theorem transitive_set_reflection:
   623      "REFLECTS[\<lambda>x. transitive_set(L,f(x)),
   624                \<lambda>i x. transitive_set(**Lset(i),f(x))]"
   625 apply (simp only: transitive_set_def setclass_simps)
   626 apply (intro FOL_reflections subset_reflection)  
   627 done
   628 
   629 lemma sats_ordinal_fm':
   630    "[|x \<in> nat; env \<in> list(A)|]
   631     ==> sats(A, ordinal_fm(x), env) <-> ordinal(**A,nth(x,env))"
   632 by (simp add: sats_transset_fm' ordinal_fm_def ordinal_def)
   633 
   634 lemma ordinal_iff_sats:
   635       "[| nth(i,env) = x;  i \<in> nat; env \<in> list(A)|]
   636        ==> ordinal(**A, x) <-> sats(A, ordinal_fm(i), env)"
   637 by (simp add: sats_ordinal_fm')
   638 
   639 theorem ordinal_reflection:
   640      "REFLECTS[\<lambda>x. ordinal(L,f(x)), \<lambda>i x. ordinal(**Lset(i),f(x))]"
   641 apply (simp only: ordinal_def setclass_simps)
   642 apply (intro FOL_reflections transitive_set_reflection)  
   643 done
   644 
   645 
   646 subsubsection{*Membership Relation, Internalized*}
   647 
   648 constdefs Memrel_fm :: "[i,i]=>i"
   649     "Memrel_fm(A,r) == 
   650        Forall(Iff(Member(0,succ(r)),
   651                   Exists(And(Member(0,succ(succ(A))),
   652                              Exists(And(Member(0,succ(succ(succ(A)))),
   653                                         And(Member(1,0),
   654                                             pair_fm(1,0,2))))))))"
   655 
   656 lemma Memrel_type [TC]:
   657      "[| x \<in> nat; y \<in> nat |] ==> Memrel_fm(x,y) \<in> formula"
   658 by (simp add: Memrel_fm_def) 
   659 
   660 lemma arity_Memrel_fm [simp]:
   661      "[| x \<in> nat; y \<in> nat |] 
   662       ==> arity(Memrel_fm(x,y)) = succ(x) \<union> succ(y)"
   663 by (simp add: Memrel_fm_def succ_Un_distrib [symmetric] Un_ac) 
   664 
   665 lemma sats_Memrel_fm [simp]:
   666    "[| x \<in> nat; y \<in> nat; env \<in> list(A)|]
   667     ==> sats(A, Memrel_fm(x,y), env) <-> 
   668         membership(**A, nth(x,env), nth(y,env))"
   669 by (simp add: Memrel_fm_def membership_def)
   670 
   671 lemma Memrel_iff_sats:
   672       "[| nth(i,env) = x; nth(j,env) = y; 
   673           i \<in> nat; j \<in> nat; env \<in> list(A)|]
   674        ==> membership(**A, x, y) <-> sats(A, Memrel_fm(i,j), env)"
   675 by simp
   676 
   677 theorem membership_reflection:
   678      "REFLECTS[\<lambda>x. membership(L,f(x),g(x)), 
   679                \<lambda>i x. membership(**Lset(i),f(x),g(x))]"
   680 apply (simp only: membership_def setclass_simps)
   681 apply (intro FOL_reflections pair_reflection)  
   682 done
   683 
   684 subsubsection{*Predecessor Set, Internalized*}
   685 
   686 constdefs pred_set_fm :: "[i,i,i,i]=>i"
   687     "pred_set_fm(A,x,r,B) == 
   688        Forall(Iff(Member(0,succ(B)),
   689                   Exists(And(Member(0,succ(succ(r))),
   690                              And(Member(1,succ(succ(A))),
   691                                  pair_fm(1,succ(succ(x)),0))))))"
   692 
   693 
   694 lemma pred_set_type [TC]:
   695      "[| A \<in> nat; x \<in> nat; r \<in> nat; B \<in> nat |] 
   696       ==> pred_set_fm(A,x,r,B) \<in> formula"
   697 by (simp add: pred_set_fm_def) 
   698 
   699 lemma arity_pred_set_fm [simp]:
   700    "[| A \<in> nat; x \<in> nat; r \<in> nat; B \<in> nat |] 
   701     ==> arity(pred_set_fm(A,x,r,B)) = succ(A) \<union> succ(x) \<union> succ(r) \<union> succ(B)"
   702 by (simp add: pred_set_fm_def succ_Un_distrib [symmetric] Un_ac) 
   703 
   704 lemma sats_pred_set_fm [simp]:
   705    "[| U \<in> nat; x \<in> nat; r \<in> nat; B \<in> nat; env \<in> list(A)|]
   706     ==> sats(A, pred_set_fm(U,x,r,B), env) <-> 
   707         pred_set(**A, nth(U,env), nth(x,env), nth(r,env), nth(B,env))"
   708 by (simp add: pred_set_fm_def pred_set_def)
   709 
   710 lemma pred_set_iff_sats:
   711       "[| nth(i,env) = U; nth(j,env) = x; nth(k,env) = r; nth(l,env) = B; 
   712           i \<in> nat; j \<in> nat; k \<in> nat; l \<in> nat; env \<in> list(A)|]
   713        ==> pred_set(**A,U,x,r,B) <-> sats(A, pred_set_fm(i,j,k,l), env)"
   714 by (simp add: sats_pred_set_fm)
   715 
   716 theorem pred_set_reflection:
   717      "REFLECTS[\<lambda>x. pred_set(L,f(x),g(x),h(x),b(x)), 
   718                \<lambda>i x. pred_set(**Lset(i),f(x),g(x),h(x),b(x))]" 
   719 apply (simp only: pred_set_def setclass_simps)
   720 apply (intro FOL_reflections pair_reflection)  
   721 done
   722 
   723 
   724 
   725 subsubsection{*Domain of a Relation, Internalized*}
   726 
   727 (* "is_domain(M,r,z) == 
   728 	\<forall>x[M]. (x \<in> z <-> (\<exists>w[M]. w\<in>r & (\<exists>y[M]. pair(M,x,y,w))))" *)
   729 constdefs domain_fm :: "[i,i]=>i"
   730     "domain_fm(r,z) == 
   731        Forall(Iff(Member(0,succ(z)),
   732                   Exists(And(Member(0,succ(succ(r))),
   733                              Exists(pair_fm(2,0,1))))))"
   734 
   735 lemma domain_type [TC]:
   736      "[| x \<in> nat; y \<in> nat |] ==> domain_fm(x,y) \<in> formula"
   737 by (simp add: domain_fm_def) 
   738 
   739 lemma arity_domain_fm [simp]:
   740      "[| x \<in> nat; y \<in> nat |] 
   741       ==> arity(domain_fm(x,y)) = succ(x) \<union> succ(y)"
   742 by (simp add: domain_fm_def succ_Un_distrib [symmetric] Un_ac) 
   743 
   744 lemma sats_domain_fm [simp]:
   745    "[| x \<in> nat; y \<in> nat; env \<in> list(A)|]
   746     ==> sats(A, domain_fm(x,y), env) <-> 
   747         is_domain(**A, nth(x,env), nth(y,env))"
   748 by (simp add: domain_fm_def is_domain_def)
   749 
   750 lemma domain_iff_sats:
   751       "[| nth(i,env) = x; nth(j,env) = y; 
   752           i \<in> nat; j \<in> nat; env \<in> list(A)|]
   753        ==> is_domain(**A, x, y) <-> sats(A, domain_fm(i,j), env)"
   754 by simp
   755 
   756 theorem domain_reflection:
   757      "REFLECTS[\<lambda>x. is_domain(L,f(x),g(x)), 
   758                \<lambda>i x. is_domain(**Lset(i),f(x),g(x))]"
   759 apply (simp only: is_domain_def setclass_simps)
   760 apply (intro FOL_reflections pair_reflection)  
   761 done
   762 
   763 
   764 subsubsection{*Range of a Relation, Internalized*}
   765 
   766 (* "is_range(M,r,z) == 
   767 	\<forall>y[M]. (y \<in> z <-> (\<exists>w[M]. w\<in>r & (\<exists>x[M]. pair(M,x,y,w))))" *)
   768 constdefs range_fm :: "[i,i]=>i"
   769     "range_fm(r,z) == 
   770        Forall(Iff(Member(0,succ(z)),
   771                   Exists(And(Member(0,succ(succ(r))),
   772                              Exists(pair_fm(0,2,1))))))"
   773 
   774 lemma range_type [TC]:
   775      "[| x \<in> nat; y \<in> nat |] ==> range_fm(x,y) \<in> formula"
   776 by (simp add: range_fm_def) 
   777 
   778 lemma arity_range_fm [simp]:
   779      "[| x \<in> nat; y \<in> nat |] 
   780       ==> arity(range_fm(x,y)) = succ(x) \<union> succ(y)"
   781 by (simp add: range_fm_def succ_Un_distrib [symmetric] Un_ac) 
   782 
   783 lemma sats_range_fm [simp]:
   784    "[| x \<in> nat; y \<in> nat; env \<in> list(A)|]
   785     ==> sats(A, range_fm(x,y), env) <-> 
   786         is_range(**A, nth(x,env), nth(y,env))"
   787 by (simp add: range_fm_def is_range_def)
   788 
   789 lemma range_iff_sats:
   790       "[| nth(i,env) = x; nth(j,env) = y; 
   791           i \<in> nat; j \<in> nat; env \<in> list(A)|]
   792        ==> is_range(**A, x, y) <-> sats(A, range_fm(i,j), env)"
   793 by simp
   794 
   795 theorem range_reflection:
   796      "REFLECTS[\<lambda>x. is_range(L,f(x),g(x)), 
   797                \<lambda>i x. is_range(**Lset(i),f(x),g(x))]"
   798 apply (simp only: is_range_def setclass_simps)
   799 apply (intro FOL_reflections pair_reflection)  
   800 done
   801 
   802  
   803 subsubsection{*Field of a Relation, Internalized*}
   804 
   805 (* "is_field(M,r,z) == 
   806 	\<exists>dr[M]. is_domain(M,r,dr) & 
   807             (\<exists>rr[M]. is_range(M,r,rr) & union(M,dr,rr,z))" *)
   808 constdefs field_fm :: "[i,i]=>i"
   809     "field_fm(r,z) == 
   810        Exists(And(domain_fm(succ(r),0), 
   811               Exists(And(range_fm(succ(succ(r)),0), 
   812                          union_fm(1,0,succ(succ(z)))))))"
   813 
   814 lemma field_type [TC]:
   815      "[| x \<in> nat; y \<in> nat |] ==> field_fm(x,y) \<in> formula"
   816 by (simp add: field_fm_def) 
   817 
   818 lemma arity_field_fm [simp]:
   819      "[| x \<in> nat; y \<in> nat |] 
   820       ==> arity(field_fm(x,y)) = succ(x) \<union> succ(y)"
   821 by (simp add: field_fm_def succ_Un_distrib [symmetric] Un_ac) 
   822 
   823 lemma sats_field_fm [simp]:
   824    "[| x \<in> nat; y \<in> nat; env \<in> list(A)|]
   825     ==> sats(A, field_fm(x,y), env) <-> 
   826         is_field(**A, nth(x,env), nth(y,env))"
   827 by (simp add: field_fm_def is_field_def)
   828 
   829 lemma field_iff_sats:
   830       "[| nth(i,env) = x; nth(j,env) = y; 
   831           i \<in> nat; j \<in> nat; env \<in> list(A)|]
   832        ==> is_field(**A, x, y) <-> sats(A, field_fm(i,j), env)"
   833 by simp
   834 
   835 theorem field_reflection:
   836      "REFLECTS[\<lambda>x. is_field(L,f(x),g(x)), 
   837                \<lambda>i x. is_field(**Lset(i),f(x),g(x))]"
   838 apply (simp only: is_field_def setclass_simps)
   839 apply (intro FOL_reflections domain_reflection range_reflection
   840              union_reflection)
   841 done
   842 
   843 
   844 subsubsection{*Image under a Relation, Internalized*}
   845 
   846 (* "image(M,r,A,z) == 
   847         \<forall>y[M]. (y \<in> z <-> (\<exists>w[M]. w\<in>r & (\<exists>x[M]. x\<in>A & pair(M,x,y,w))))" *)
   848 constdefs image_fm :: "[i,i,i]=>i"
   849     "image_fm(r,A,z) == 
   850        Forall(Iff(Member(0,succ(z)),
   851                   Exists(And(Member(0,succ(succ(r))),
   852                              Exists(And(Member(0,succ(succ(succ(A)))),
   853 	 			        pair_fm(0,2,1)))))))"
   854 
   855 lemma image_type [TC]:
   856      "[| x \<in> nat; y \<in> nat; z \<in> nat |] ==> image_fm(x,y,z) \<in> formula"
   857 by (simp add: image_fm_def) 
   858 
   859 lemma arity_image_fm [simp]:
   860      "[| x \<in> nat; y \<in> nat; z \<in> nat |] 
   861       ==> arity(image_fm(x,y,z)) = succ(x) \<union> succ(y) \<union> succ(z)"
   862 by (simp add: image_fm_def succ_Un_distrib [symmetric] Un_ac) 
   863 
   864 lemma sats_image_fm [simp]:
   865    "[| x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
   866     ==> sats(A, image_fm(x,y,z), env) <-> 
   867         image(**A, nth(x,env), nth(y,env), nth(z,env))"
   868 by (simp add: image_fm_def Relative.image_def)
   869 
   870 lemma image_iff_sats:
   871       "[| nth(i,env) = x; nth(j,env) = y; nth(k,env) = z; 
   872           i \<in> nat; j \<in> nat; k \<in> nat; env \<in> list(A)|]
   873        ==> image(**A, x, y, z) <-> sats(A, image_fm(i,j,k), env)"
   874 by (simp add: sats_image_fm)
   875 
   876 theorem image_reflection:
   877      "REFLECTS[\<lambda>x. image(L,f(x),g(x),h(x)), 
   878                \<lambda>i x. image(**Lset(i),f(x),g(x),h(x))]"
   879 apply (simp only: Relative.image_def setclass_simps)
   880 apply (intro FOL_reflections pair_reflection)  
   881 done
   882 
   883 
   884 subsubsection{*Pre-Image under a Relation, Internalized*}
   885 
   886 (* "pre_image(M,r,A,z) == 
   887 	\<forall>x[M]. x \<in> z <-> (\<exists>w[M]. w\<in>r & (\<exists>y[M]. y\<in>A & pair(M,x,y,w)))" *)
   888 constdefs pre_image_fm :: "[i,i,i]=>i"
   889     "pre_image_fm(r,A,z) == 
   890        Forall(Iff(Member(0,succ(z)),
   891                   Exists(And(Member(0,succ(succ(r))),
   892                              Exists(And(Member(0,succ(succ(succ(A)))),
   893 	 			        pair_fm(2,0,1)))))))"
   894 
   895 lemma pre_image_type [TC]:
   896      "[| x \<in> nat; y \<in> nat; z \<in> nat |] ==> pre_image_fm(x,y,z) \<in> formula"
   897 by (simp add: pre_image_fm_def) 
   898 
   899 lemma arity_pre_image_fm [simp]:
   900      "[| x \<in> nat; y \<in> nat; z \<in> nat |] 
   901       ==> arity(pre_image_fm(x,y,z)) = succ(x) \<union> succ(y) \<union> succ(z)"
   902 by (simp add: pre_image_fm_def succ_Un_distrib [symmetric] Un_ac) 
   903 
   904 lemma sats_pre_image_fm [simp]:
   905    "[| x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
   906     ==> sats(A, pre_image_fm(x,y,z), env) <-> 
   907         pre_image(**A, nth(x,env), nth(y,env), nth(z,env))"
   908 by (simp add: pre_image_fm_def Relative.pre_image_def)
   909 
   910 lemma pre_image_iff_sats:
   911       "[| nth(i,env) = x; nth(j,env) = y; nth(k,env) = z; 
   912           i \<in> nat; j \<in> nat; k \<in> nat; env \<in> list(A)|]
   913        ==> pre_image(**A, x, y, z) <-> sats(A, pre_image_fm(i,j,k), env)"
   914 by (simp add: sats_pre_image_fm)
   915 
   916 theorem pre_image_reflection:
   917      "REFLECTS[\<lambda>x. pre_image(L,f(x),g(x),h(x)), 
   918                \<lambda>i x. pre_image(**Lset(i),f(x),g(x),h(x))]"
   919 apply (simp only: Relative.pre_image_def setclass_simps)
   920 apply (intro FOL_reflections pair_reflection)  
   921 done
   922 
   923 
   924 subsubsection{*Function Application, Internalized*}
   925 
   926 (* "fun_apply(M,f,x,y) == 
   927         (\<exists>xs[M]. \<exists>fxs[M]. 
   928          upair(M,x,x,xs) & image(M,f,xs,fxs) & big_union(M,fxs,y))" *)
   929 constdefs fun_apply_fm :: "[i,i,i]=>i"
   930     "fun_apply_fm(f,x,y) == 
   931        Exists(Exists(And(upair_fm(succ(succ(x)), succ(succ(x)), 1),
   932                          And(image_fm(succ(succ(f)), 1, 0), 
   933                              big_union_fm(0,succ(succ(y)))))))"
   934 
   935 lemma fun_apply_type [TC]:
   936      "[| x \<in> nat; y \<in> nat; z \<in> nat |] ==> fun_apply_fm(x,y,z) \<in> formula"
   937 by (simp add: fun_apply_fm_def) 
   938 
   939 lemma arity_fun_apply_fm [simp]:
   940      "[| x \<in> nat; y \<in> nat; z \<in> nat |] 
   941       ==> arity(fun_apply_fm(x,y,z)) = succ(x) \<union> succ(y) \<union> succ(z)"
   942 by (simp add: fun_apply_fm_def succ_Un_distrib [symmetric] Un_ac) 
   943 
   944 lemma sats_fun_apply_fm [simp]:
   945    "[| x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
   946     ==> sats(A, fun_apply_fm(x,y,z), env) <-> 
   947         fun_apply(**A, nth(x,env), nth(y,env), nth(z,env))"
   948 by (simp add: fun_apply_fm_def fun_apply_def)
   949 
   950 lemma fun_apply_iff_sats:
   951       "[| nth(i,env) = x; nth(j,env) = y; nth(k,env) = z; 
   952           i \<in> nat; j \<in> nat; k \<in> nat; env \<in> list(A)|]
   953        ==> fun_apply(**A, x, y, z) <-> sats(A, fun_apply_fm(i,j,k), env)"
   954 by simp
   955 
   956 theorem fun_apply_reflection:
   957      "REFLECTS[\<lambda>x. fun_apply(L,f(x),g(x),h(x)), 
   958                \<lambda>i x. fun_apply(**Lset(i),f(x),g(x),h(x))]" 
   959 apply (simp only: fun_apply_def setclass_simps)
   960 apply (intro FOL_reflections upair_reflection image_reflection
   961              big_union_reflection)  
   962 done
   963 
   964 
   965 subsubsection{*The Concept of Relation, Internalized*}
   966 
   967 (* "is_relation(M,r) == 
   968         (\<forall>z[M]. z\<in>r --> (\<exists>x[M]. \<exists>y[M]. pair(M,x,y,z)))" *)
   969 constdefs relation_fm :: "i=>i"
   970     "relation_fm(r) == 
   971        Forall(Implies(Member(0,succ(r)), Exists(Exists(pair_fm(1,0,2)))))"
   972 
   973 lemma relation_type [TC]:
   974      "[| x \<in> nat |] ==> relation_fm(x) \<in> formula"
   975 by (simp add: relation_fm_def) 
   976 
   977 lemma arity_relation_fm [simp]:
   978      "x \<in> nat ==> arity(relation_fm(x)) = succ(x)"
   979 by (simp add: relation_fm_def succ_Un_distrib [symmetric] Un_ac) 
   980 
   981 lemma sats_relation_fm [simp]:
   982    "[| x \<in> nat; env \<in> list(A)|]
   983     ==> sats(A, relation_fm(x), env) <-> is_relation(**A, nth(x,env))"
   984 by (simp add: relation_fm_def is_relation_def)
   985 
   986 lemma relation_iff_sats:
   987       "[| nth(i,env) = x; nth(j,env) = y; 
   988           i \<in> nat; env \<in> list(A)|]
   989        ==> is_relation(**A, x) <-> sats(A, relation_fm(i), env)"
   990 by simp
   991 
   992 theorem is_relation_reflection:
   993      "REFLECTS[\<lambda>x. is_relation(L,f(x)), 
   994                \<lambda>i x. is_relation(**Lset(i),f(x))]"
   995 apply (simp only: is_relation_def setclass_simps)
   996 apply (intro FOL_reflections pair_reflection)  
   997 done
   998 
   999 
  1000 subsubsection{*The Concept of Function, Internalized*}
  1001 
  1002 (* "is_function(M,r) == 
  1003 	\<forall>x[M]. \<forall>y[M]. \<forall>y'[M]. \<forall>p[M]. \<forall>p'[M]. 
  1004            pair(M,x,y,p) --> pair(M,x,y',p') --> p\<in>r --> p'\<in>r --> y=y'" *)
  1005 constdefs function_fm :: "i=>i"
  1006     "function_fm(r) == 
  1007        Forall(Forall(Forall(Forall(Forall(
  1008          Implies(pair_fm(4,3,1),
  1009                  Implies(pair_fm(4,2,0),
  1010                          Implies(Member(1,r#+5),
  1011                                  Implies(Member(0,r#+5), Equal(3,2))))))))))"
  1012 
  1013 lemma function_type [TC]:
  1014      "[| x \<in> nat |] ==> function_fm(x) \<in> formula"
  1015 by (simp add: function_fm_def) 
  1016 
  1017 lemma arity_function_fm [simp]:
  1018      "x \<in> nat ==> arity(function_fm(x)) = succ(x)"
  1019 by (simp add: function_fm_def succ_Un_distrib [symmetric] Un_ac) 
  1020 
  1021 lemma sats_function_fm [simp]:
  1022    "[| x \<in> nat; env \<in> list(A)|]
  1023     ==> sats(A, function_fm(x), env) <-> is_function(**A, nth(x,env))"
  1024 by (simp add: function_fm_def is_function_def)
  1025 
  1026 lemma function_iff_sats:
  1027       "[| nth(i,env) = x; nth(j,env) = y; 
  1028           i \<in> nat; env \<in> list(A)|]
  1029        ==> is_function(**A, x) <-> sats(A, function_fm(i), env)"
  1030 by simp
  1031 
  1032 theorem is_function_reflection:
  1033      "REFLECTS[\<lambda>x. is_function(L,f(x)), 
  1034                \<lambda>i x. is_function(**Lset(i),f(x))]"
  1035 apply (simp only: is_function_def setclass_simps)
  1036 apply (intro FOL_reflections pair_reflection)  
  1037 done
  1038 
  1039 
  1040 subsubsection{*Typed Functions, Internalized*}
  1041 
  1042 (* "typed_function(M,A,B,r) == 
  1043         is_function(M,r) & is_relation(M,r) & is_domain(M,r,A) &
  1044         (\<forall>u[M]. u\<in>r --> (\<forall>x[M]. \<forall>y[M]. pair(M,x,y,u) --> y\<in>B))" *)
  1045 
  1046 constdefs typed_function_fm :: "[i,i,i]=>i"
  1047     "typed_function_fm(A,B,r) == 
  1048        And(function_fm(r),
  1049          And(relation_fm(r),
  1050            And(domain_fm(r,A),
  1051              Forall(Implies(Member(0,succ(r)),
  1052                   Forall(Forall(Implies(pair_fm(1,0,2),Member(0,B#+3)))))))))"
  1053 
  1054 lemma typed_function_type [TC]:
  1055      "[| x \<in> nat; y \<in> nat; z \<in> nat |] ==> typed_function_fm(x,y,z) \<in> formula"
  1056 by (simp add: typed_function_fm_def) 
  1057 
  1058 lemma arity_typed_function_fm [simp]:
  1059      "[| x \<in> nat; y \<in> nat; z \<in> nat |] 
  1060       ==> arity(typed_function_fm(x,y,z)) = succ(x) \<union> succ(y) \<union> succ(z)"
  1061 by (simp add: typed_function_fm_def succ_Un_distrib [symmetric] Un_ac) 
  1062 
  1063 lemma sats_typed_function_fm [simp]:
  1064    "[| x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
  1065     ==> sats(A, typed_function_fm(x,y,z), env) <-> 
  1066         typed_function(**A, nth(x,env), nth(y,env), nth(z,env))"
  1067 by (simp add: typed_function_fm_def typed_function_def)
  1068 
  1069 lemma typed_function_iff_sats:
  1070   "[| nth(i,env) = x; nth(j,env) = y; nth(k,env) = z; 
  1071       i \<in> nat; j \<in> nat; k \<in> nat; env \<in> list(A)|]
  1072    ==> typed_function(**A, x, y, z) <-> sats(A, typed_function_fm(i,j,k), env)"
  1073 by simp
  1074 
  1075 lemmas function_reflections = 
  1076         empty_reflection number1_reflection
  1077 	upair_reflection pair_reflection union_reflection
  1078 	big_union_reflection cons_reflection successor_reflection 
  1079         fun_apply_reflection subset_reflection
  1080 	transitive_set_reflection membership_reflection
  1081 	pred_set_reflection domain_reflection range_reflection field_reflection
  1082         image_reflection pre_image_reflection
  1083 	is_relation_reflection is_function_reflection
  1084 
  1085 lemmas function_iff_sats = 
  1086         empty_iff_sats number1_iff_sats 
  1087 	upair_iff_sats pair_iff_sats union_iff_sats
  1088 	cons_iff_sats successor_iff_sats
  1089         fun_apply_iff_sats  Memrel_iff_sats
  1090 	pred_set_iff_sats domain_iff_sats range_iff_sats field_iff_sats
  1091         image_iff_sats pre_image_iff_sats 
  1092 	relation_iff_sats function_iff_sats
  1093 
  1094 
  1095 theorem typed_function_reflection:
  1096      "REFLECTS[\<lambda>x. typed_function(L,f(x),g(x),h(x)), 
  1097                \<lambda>i x. typed_function(**Lset(i),f(x),g(x),h(x))]"
  1098 apply (simp only: typed_function_def setclass_simps)
  1099 apply (intro FOL_reflections function_reflections)  
  1100 done
  1101 
  1102 
  1103 subsubsection{*Composition of Relations, Internalized*}
  1104 
  1105 (* "composition(M,r,s,t) == 
  1106         \<forall>p[M]. p \<in> t <-> 
  1107                (\<exists>x[M]. \<exists>y[M]. \<exists>z[M]. \<exists>xy[M]. \<exists>yz[M]. 
  1108                 pair(M,x,z,p) & pair(M,x,y,xy) & pair(M,y,z,yz) & 
  1109                 xy \<in> s & yz \<in> r)" *)
  1110 constdefs composition_fm :: "[i,i,i]=>i"
  1111   "composition_fm(r,s,t) == 
  1112      Forall(Iff(Member(0,succ(t)),
  1113              Exists(Exists(Exists(Exists(Exists( 
  1114               And(pair_fm(4,2,5),
  1115                And(pair_fm(4,3,1),
  1116                 And(pair_fm(3,2,0),
  1117                  And(Member(1,s#+6), Member(0,r#+6))))))))))))"
  1118 
  1119 lemma composition_type [TC]:
  1120      "[| x \<in> nat; y \<in> nat; z \<in> nat |] ==> composition_fm(x,y,z) \<in> formula"
  1121 by (simp add: composition_fm_def) 
  1122 
  1123 lemma arity_composition_fm [simp]:
  1124      "[| x \<in> nat; y \<in> nat; z \<in> nat |] 
  1125       ==> arity(composition_fm(x,y,z)) = succ(x) \<union> succ(y) \<union> succ(z)"
  1126 by (simp add: composition_fm_def succ_Un_distrib [symmetric] Un_ac) 
  1127 
  1128 lemma sats_composition_fm [simp]:
  1129    "[| x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
  1130     ==> sats(A, composition_fm(x,y,z), env) <-> 
  1131         composition(**A, nth(x,env), nth(y,env), nth(z,env))"
  1132 by (simp add: composition_fm_def composition_def)
  1133 
  1134 lemma composition_iff_sats:
  1135       "[| nth(i,env) = x; nth(j,env) = y; nth(k,env) = z; 
  1136           i \<in> nat; j \<in> nat; k \<in> nat; env \<in> list(A)|]
  1137        ==> composition(**A, x, y, z) <-> sats(A, composition_fm(i,j,k), env)"
  1138 by simp
  1139 
  1140 theorem composition_reflection:
  1141      "REFLECTS[\<lambda>x. composition(L,f(x),g(x),h(x)), 
  1142                \<lambda>i x. composition(**Lset(i),f(x),g(x),h(x))]"
  1143 apply (simp only: composition_def setclass_simps)
  1144 apply (intro FOL_reflections pair_reflection)  
  1145 done
  1146 
  1147 
  1148 subsubsection{*Injections, Internalized*}
  1149 
  1150 (* "injection(M,A,B,f) == 
  1151 	typed_function(M,A,B,f) &
  1152         (\<forall>x[M]. \<forall>x'[M]. \<forall>y[M]. \<forall>p[M]. \<forall>p'[M]. 
  1153           pair(M,x,y,p) --> pair(M,x',y,p') --> p\<in>f --> p'\<in>f --> x=x')" *)
  1154 constdefs injection_fm :: "[i,i,i]=>i"
  1155  "injection_fm(A,B,f) == 
  1156     And(typed_function_fm(A,B,f),
  1157        Forall(Forall(Forall(Forall(Forall(
  1158          Implies(pair_fm(4,2,1),
  1159                  Implies(pair_fm(3,2,0),
  1160                          Implies(Member(1,f#+5),
  1161                                  Implies(Member(0,f#+5), Equal(4,3)))))))))))"
  1162 
  1163 
  1164 lemma injection_type [TC]:
  1165      "[| x \<in> nat; y \<in> nat; z \<in> nat |] ==> injection_fm(x,y,z) \<in> formula"
  1166 by (simp add: injection_fm_def) 
  1167 
  1168 lemma arity_injection_fm [simp]:
  1169      "[| x \<in> nat; y \<in> nat; z \<in> nat |] 
  1170       ==> arity(injection_fm(x,y,z)) = succ(x) \<union> succ(y) \<union> succ(z)"
  1171 by (simp add: injection_fm_def succ_Un_distrib [symmetric] Un_ac) 
  1172 
  1173 lemma sats_injection_fm [simp]:
  1174    "[| x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
  1175     ==> sats(A, injection_fm(x,y,z), env) <-> 
  1176         injection(**A, nth(x,env), nth(y,env), nth(z,env))"
  1177 by (simp add: injection_fm_def injection_def)
  1178 
  1179 lemma injection_iff_sats:
  1180   "[| nth(i,env) = x; nth(j,env) = y; nth(k,env) = z; 
  1181       i \<in> nat; j \<in> nat; k \<in> nat; env \<in> list(A)|]
  1182    ==> injection(**A, x, y, z) <-> sats(A, injection_fm(i,j,k), env)"
  1183 by simp
  1184 
  1185 theorem injection_reflection:
  1186      "REFLECTS[\<lambda>x. injection(L,f(x),g(x),h(x)), 
  1187                \<lambda>i x. injection(**Lset(i),f(x),g(x),h(x))]"
  1188 apply (simp only: injection_def setclass_simps)
  1189 apply (intro FOL_reflections function_reflections typed_function_reflection)  
  1190 done
  1191 
  1192 
  1193 subsubsection{*Surjections, Internalized*}
  1194 
  1195 (*  surjection :: "[i=>o,i,i,i] => o"
  1196     "surjection(M,A,B,f) == 
  1197         typed_function(M,A,B,f) &
  1198         (\<forall>y[M]. y\<in>B --> (\<exists>x[M]. x\<in>A & fun_apply(M,f,x,y)))" *)
  1199 constdefs surjection_fm :: "[i,i,i]=>i"
  1200  "surjection_fm(A,B,f) == 
  1201     And(typed_function_fm(A,B,f),
  1202        Forall(Implies(Member(0,succ(B)),
  1203                       Exists(And(Member(0,succ(succ(A))),
  1204                                  fun_apply_fm(succ(succ(f)),0,1))))))"
  1205 
  1206 lemma surjection_type [TC]:
  1207      "[| x \<in> nat; y \<in> nat; z \<in> nat |] ==> surjection_fm(x,y,z) \<in> formula"
  1208 by (simp add: surjection_fm_def) 
  1209 
  1210 lemma arity_surjection_fm [simp]:
  1211      "[| x \<in> nat; y \<in> nat; z \<in> nat |] 
  1212       ==> arity(surjection_fm(x,y,z)) = succ(x) \<union> succ(y) \<union> succ(z)"
  1213 by (simp add: surjection_fm_def succ_Un_distrib [symmetric] Un_ac) 
  1214 
  1215 lemma sats_surjection_fm [simp]:
  1216    "[| x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
  1217     ==> sats(A, surjection_fm(x,y,z), env) <-> 
  1218         surjection(**A, nth(x,env), nth(y,env), nth(z,env))"
  1219 by (simp add: surjection_fm_def surjection_def)
  1220 
  1221 lemma surjection_iff_sats:
  1222   "[| nth(i,env) = x; nth(j,env) = y; nth(k,env) = z; 
  1223       i \<in> nat; j \<in> nat; k \<in> nat; env \<in> list(A)|]
  1224    ==> surjection(**A, x, y, z) <-> sats(A, surjection_fm(i,j,k), env)"
  1225 by simp
  1226 
  1227 theorem surjection_reflection:
  1228      "REFLECTS[\<lambda>x. surjection(L,f(x),g(x),h(x)), 
  1229                \<lambda>i x. surjection(**Lset(i),f(x),g(x),h(x))]"
  1230 apply (simp only: surjection_def setclass_simps)
  1231 apply (intro FOL_reflections function_reflections typed_function_reflection)  
  1232 done
  1233 
  1234 
  1235 
  1236 subsubsection{*Bijections, Internalized*}
  1237 
  1238 (*   bijection :: "[i=>o,i,i,i] => o"
  1239     "bijection(M,A,B,f) == injection(M,A,B,f) & surjection(M,A,B,f)" *)
  1240 constdefs bijection_fm :: "[i,i,i]=>i"
  1241  "bijection_fm(A,B,f) == And(injection_fm(A,B,f), surjection_fm(A,B,f))"
  1242 
  1243 lemma bijection_type [TC]:
  1244      "[| x \<in> nat; y \<in> nat; z \<in> nat |] ==> bijection_fm(x,y,z) \<in> formula"
  1245 by (simp add: bijection_fm_def) 
  1246 
  1247 lemma arity_bijection_fm [simp]:
  1248      "[| x \<in> nat; y \<in> nat; z \<in> nat |] 
  1249       ==> arity(bijection_fm(x,y,z)) = succ(x) \<union> succ(y) \<union> succ(z)"
  1250 by (simp add: bijection_fm_def succ_Un_distrib [symmetric] Un_ac) 
  1251 
  1252 lemma sats_bijection_fm [simp]:
  1253    "[| x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
  1254     ==> sats(A, bijection_fm(x,y,z), env) <-> 
  1255         bijection(**A, nth(x,env), nth(y,env), nth(z,env))"
  1256 by (simp add: bijection_fm_def bijection_def)
  1257 
  1258 lemma bijection_iff_sats:
  1259   "[| nth(i,env) = x; nth(j,env) = y; nth(k,env) = z; 
  1260       i \<in> nat; j \<in> nat; k \<in> nat; env \<in> list(A)|]
  1261    ==> bijection(**A, x, y, z) <-> sats(A, bijection_fm(i,j,k), env)"
  1262 by simp
  1263 
  1264 theorem bijection_reflection:
  1265      "REFLECTS[\<lambda>x. bijection(L,f(x),g(x),h(x)), 
  1266                \<lambda>i x. bijection(**Lset(i),f(x),g(x),h(x))]"
  1267 apply (simp only: bijection_def setclass_simps)
  1268 apply (intro And_reflection injection_reflection surjection_reflection)  
  1269 done
  1270 
  1271 
  1272 subsubsection{*Restriction of a Relation, Internalized*}
  1273 
  1274 
  1275 (* "restriction(M,r,A,z) == 
  1276 	\<forall>x[M]. x \<in> z <-> (x \<in> r & (\<exists>u[M]. u\<in>A & (\<exists>v[M]. pair(M,u,v,x))))" *)
  1277 constdefs restriction_fm :: "[i,i,i]=>i"
  1278     "restriction_fm(r,A,z) == 
  1279        Forall(Iff(Member(0,succ(z)),
  1280                   And(Member(0,succ(r)),
  1281                       Exists(And(Member(0,succ(succ(A))),
  1282                                  Exists(pair_fm(1,0,2)))))))"
  1283 
  1284 lemma restriction_type [TC]:
  1285      "[| x \<in> nat; y \<in> nat; z \<in> nat |] ==> restriction_fm(x,y,z) \<in> formula"
  1286 by (simp add: restriction_fm_def) 
  1287 
  1288 lemma arity_restriction_fm [simp]:
  1289      "[| x \<in> nat; y \<in> nat; z \<in> nat |] 
  1290       ==> arity(restriction_fm(x,y,z)) = succ(x) \<union> succ(y) \<union> succ(z)"
  1291 by (simp add: restriction_fm_def succ_Un_distrib [symmetric] Un_ac) 
  1292 
  1293 lemma sats_restriction_fm [simp]:
  1294    "[| x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
  1295     ==> sats(A, restriction_fm(x,y,z), env) <-> 
  1296         restriction(**A, nth(x,env), nth(y,env), nth(z,env))"
  1297 by (simp add: restriction_fm_def restriction_def)
  1298 
  1299 lemma restriction_iff_sats:
  1300       "[| nth(i,env) = x; nth(j,env) = y; nth(k,env) = z; 
  1301           i \<in> nat; j \<in> nat; k \<in> nat; env \<in> list(A)|]
  1302        ==> restriction(**A, x, y, z) <-> sats(A, restriction_fm(i,j,k), env)"
  1303 by simp
  1304 
  1305 theorem restriction_reflection:
  1306      "REFLECTS[\<lambda>x. restriction(L,f(x),g(x),h(x)), 
  1307                \<lambda>i x. restriction(**Lset(i),f(x),g(x),h(x))]"
  1308 apply (simp only: restriction_def setclass_simps)
  1309 apply (intro FOL_reflections pair_reflection)  
  1310 done
  1311 
  1312 subsubsection{*Order-Isomorphisms, Internalized*}
  1313 
  1314 (*  order_isomorphism :: "[i=>o,i,i,i,i,i] => o"
  1315    "order_isomorphism(M,A,r,B,s,f) == 
  1316         bijection(M,A,B,f) & 
  1317         (\<forall>x[M]. x\<in>A --> (\<forall>y[M]. y\<in>A -->
  1318           (\<forall>p[M]. \<forall>fx[M]. \<forall>fy[M]. \<forall>q[M].
  1319             pair(M,x,y,p) --> fun_apply(M,f,x,fx) --> fun_apply(M,f,y,fy) --> 
  1320             pair(M,fx,fy,q) --> (p\<in>r <-> q\<in>s))))"
  1321   *)
  1322 
  1323 constdefs order_isomorphism_fm :: "[i,i,i,i,i]=>i"
  1324  "order_isomorphism_fm(A,r,B,s,f) == 
  1325    And(bijection_fm(A,B,f), 
  1326      Forall(Implies(Member(0,succ(A)),
  1327        Forall(Implies(Member(0,succ(succ(A))),
  1328          Forall(Forall(Forall(Forall(
  1329            Implies(pair_fm(5,4,3),
  1330              Implies(fun_apply_fm(f#+6,5,2),
  1331                Implies(fun_apply_fm(f#+6,4,1),
  1332                  Implies(pair_fm(2,1,0), 
  1333                    Iff(Member(3,r#+6), Member(0,s#+6)))))))))))))))"
  1334 
  1335 lemma order_isomorphism_type [TC]:
  1336      "[| A \<in> nat; r \<in> nat; B \<in> nat; s \<in> nat; f \<in> nat |]  
  1337       ==> order_isomorphism_fm(A,r,B,s,f) \<in> formula"
  1338 by (simp add: order_isomorphism_fm_def) 
  1339 
  1340 lemma arity_order_isomorphism_fm [simp]:
  1341      "[| A \<in> nat; r \<in> nat; B \<in> nat; s \<in> nat; f \<in> nat |] 
  1342       ==> arity(order_isomorphism_fm(A,r,B,s,f)) = 
  1343           succ(A) \<union> succ(r) \<union> succ(B) \<union> succ(s) \<union> succ(f)" 
  1344 by (simp add: order_isomorphism_fm_def succ_Un_distrib [symmetric] Un_ac) 
  1345 
  1346 lemma sats_order_isomorphism_fm [simp]:
  1347    "[| U \<in> nat; r \<in> nat; B \<in> nat; s \<in> nat; f \<in> nat; env \<in> list(A)|]
  1348     ==> sats(A, order_isomorphism_fm(U,r,B,s,f), env) <-> 
  1349         order_isomorphism(**A, nth(U,env), nth(r,env), nth(B,env), 
  1350                                nth(s,env), nth(f,env))"
  1351 by (simp add: order_isomorphism_fm_def order_isomorphism_def)
  1352 
  1353 lemma order_isomorphism_iff_sats:
  1354   "[| nth(i,env) = U; nth(j,env) = r; nth(k,env) = B; nth(j',env) = s; 
  1355       nth(k',env) = f; 
  1356       i \<in> nat; j \<in> nat; k \<in> nat; j' \<in> nat; k' \<in> nat; env \<in> list(A)|]
  1357    ==> order_isomorphism(**A,U,r,B,s,f) <-> 
  1358        sats(A, order_isomorphism_fm(i,j,k,j',k'), env)" 
  1359 by simp
  1360 
  1361 theorem order_isomorphism_reflection:
  1362      "REFLECTS[\<lambda>x. order_isomorphism(L,f(x),g(x),h(x),g'(x),h'(x)), 
  1363                \<lambda>i x. order_isomorphism(**Lset(i),f(x),g(x),h(x),g'(x),h'(x))]"
  1364 apply (simp only: order_isomorphism_def setclass_simps)
  1365 apply (intro FOL_reflections function_reflections bijection_reflection)  
  1366 done
  1367 
  1368 subsubsection{*Limit Ordinals, Internalized*}
  1369 
  1370 text{*A limit ordinal is a non-empty, successor-closed ordinal*}
  1371 
  1372 (* "limit_ordinal(M,a) == 
  1373 	ordinal(M,a) & ~ empty(M,a) & 
  1374         (\<forall>x[M]. x\<in>a --> (\<exists>y[M]. y\<in>a & successor(M,x,y)))" *)
  1375 
  1376 constdefs limit_ordinal_fm :: "i=>i"
  1377     "limit_ordinal_fm(x) == 
  1378         And(ordinal_fm(x),
  1379             And(Neg(empty_fm(x)),
  1380 	        Forall(Implies(Member(0,succ(x)),
  1381                                Exists(And(Member(0,succ(succ(x))),
  1382                                           succ_fm(1,0)))))))"
  1383 
  1384 lemma limit_ordinal_type [TC]:
  1385      "x \<in> nat ==> limit_ordinal_fm(x) \<in> formula"
  1386 by (simp add: limit_ordinal_fm_def) 
  1387 
  1388 lemma arity_limit_ordinal_fm [simp]:
  1389      "x \<in> nat ==> arity(limit_ordinal_fm(x)) = succ(x)"
  1390 by (simp add: limit_ordinal_fm_def succ_Un_distrib [symmetric] Un_ac) 
  1391 
  1392 lemma sats_limit_ordinal_fm [simp]:
  1393    "[| x \<in> nat; env \<in> list(A)|]
  1394     ==> sats(A, limit_ordinal_fm(x), env) <-> limit_ordinal(**A, nth(x,env))"
  1395 by (simp add: limit_ordinal_fm_def limit_ordinal_def sats_ordinal_fm')
  1396 
  1397 lemma limit_ordinal_iff_sats:
  1398       "[| nth(i,env) = x; nth(j,env) = y; 
  1399           i \<in> nat; env \<in> list(A)|]
  1400        ==> limit_ordinal(**A, x) <-> sats(A, limit_ordinal_fm(i), env)"
  1401 by simp
  1402 
  1403 theorem limit_ordinal_reflection:
  1404      "REFLECTS[\<lambda>x. limit_ordinal(L,f(x)), 
  1405                \<lambda>i x. limit_ordinal(**Lset(i),f(x))]"
  1406 apply (simp only: limit_ordinal_def setclass_simps)
  1407 apply (intro FOL_reflections ordinal_reflection 
  1408              empty_reflection successor_reflection)  
  1409 done
  1410 
  1411 subsubsection{*Omega: The Set of Natural Numbers*}
  1412 
  1413 (* omega(M,a) == limit_ordinal(M,a) & (\<forall>x[M]. x\<in>a --> ~ limit_ordinal(M,x)) *)
  1414 constdefs omega_fm :: "i=>i"
  1415     "omega_fm(x) == 
  1416        And(limit_ordinal_fm(x),
  1417            Forall(Implies(Member(0,succ(x)),
  1418                           Neg(limit_ordinal_fm(0)))))"
  1419 
  1420 lemma omega_type [TC]:
  1421      "x \<in> nat ==> omega_fm(x) \<in> formula"
  1422 by (simp add: omega_fm_def) 
  1423 
  1424 lemma arity_omega_fm [simp]:
  1425      "x \<in> nat ==> arity(omega_fm(x)) = succ(x)"
  1426 by (simp add: omega_fm_def succ_Un_distrib [symmetric] Un_ac) 
  1427 
  1428 lemma sats_omega_fm [simp]:
  1429    "[| x \<in> nat; env \<in> list(A)|]
  1430     ==> sats(A, omega_fm(x), env) <-> omega(**A, nth(x,env))"
  1431 by (simp add: omega_fm_def omega_def)
  1432 
  1433 lemma omega_iff_sats:
  1434       "[| nth(i,env) = x; nth(j,env) = y; 
  1435           i \<in> nat; env \<in> list(A)|]
  1436        ==> omega(**A, x) <-> sats(A, omega_fm(i), env)"
  1437 by simp
  1438 
  1439 theorem omega_reflection:
  1440      "REFLECTS[\<lambda>x. omega(L,f(x)), 
  1441                \<lambda>i x. omega(**Lset(i),f(x))]"
  1442 apply (simp only: omega_def setclass_simps)
  1443 apply (intro FOL_reflections limit_ordinal_reflection)  
  1444 done
  1445 
  1446 
  1447 lemmas fun_plus_reflections =
  1448         typed_function_reflection composition_reflection
  1449         injection_reflection surjection_reflection
  1450         bijection_reflection restriction_reflection
  1451         order_isomorphism_reflection
  1452         ordinal_reflection limit_ordinal_reflection omega_reflection
  1453 
  1454 lemmas fun_plus_iff_sats = 
  1455 	typed_function_iff_sats composition_iff_sats
  1456         injection_iff_sats surjection_iff_sats 
  1457         bijection_iff_sats restriction_iff_sats 
  1458         order_isomorphism_iff_sats
  1459         ordinal_iff_sats limit_ordinal_iff_sats omega_iff_sats
  1460 
  1461 end