src/ZF/Constructible/WFrec.thy
 author wenzelm Mon Jul 29 00:57:16 2002 +0200 (2002-07-29) changeset 13428 99e52e78eb65 parent 13382 b37764a46b16 child 13505 52a16cb7fefb permissions -rw-r--r--
eliminate open locales and special ML code;
```     1 header{*Relativized Well-Founded Recursion*}
```
```     2
```
```     3 theory WFrec = Wellorderings:
```
```     4
```
```     5
```
```     6 (*Many of these might be useful in WF.thy*)
```
```     7
```
```     8 lemma apply_recfun2:
```
```     9     "[| is_recfun(r,a,H,f); <x,i>:f |] ==> i = H(x, restrict(f,r-``{x}))"
```
```    10 apply (frule apply_recfun)
```
```    11  apply (blast dest: is_recfun_type fun_is_rel)
```
```    12 apply (simp add: function_apply_equality [OF _ is_recfun_imp_function])
```
```    13 done
```
```    14
```
```    15 text{*Expresses @{text is_recfun} as a recursion equation*}
```
```    16 lemma is_recfun_iff_equation:
```
```    17      "is_recfun(r,a,H,f) <->
```
```    18 	   f \<in> r -`` {a} \<rightarrow> range(f) &
```
```    19 	   (\<forall>x \<in> r-``{a}. f`x = H(x, restrict(f, r-``{x})))"
```
```    20 apply (rule iffI)
```
```    21  apply (simp add: is_recfun_type apply_recfun Ball_def vimage_singleton_iff,
```
```    22         clarify)
```
```    23 apply (simp add: is_recfun_def)
```
```    24 apply (rule fun_extension)
```
```    25   apply assumption
```
```    26  apply (fast intro: lam_type, simp)
```
```    27 done
```
```    28
```
```    29 lemma is_recfun_imp_in_r: "[|is_recfun(r,a,H,f); \<langle>x,i\<rangle> \<in> f|] ==> \<langle>x, a\<rangle> \<in> r"
```
```    30 by (blast dest: is_recfun_type fun_is_rel)
```
```    31
```
```    32 lemma trans_Int_eq:
```
```    33       "[| trans(r); <y,x> \<in> r |] ==> r -`` {x} \<inter> r -`` {y} = r -`` {y}"
```
```    34 by (blast intro: transD)
```
```    35
```
```    36 lemma is_recfun_restrict_idem:
```
```    37      "is_recfun(r,a,H,f) ==> restrict(f, r -`` {a}) = f"
```
```    38 apply (drule is_recfun_type)
```
```    39 apply (auto simp add: Pi_iff subset_Sigma_imp_relation restrict_idem)
```
```    40 done
```
```    41
```
```    42 lemma is_recfun_cong_lemma:
```
```    43   "[| is_recfun(r,a,H,f); r = r'; a = a'; f = f';
```
```    44       !!x g. [| <x,a'> \<in> r'; relation(g); domain(g) <= r' -``{x} |]
```
```    45              ==> H(x,g) = H'(x,g) |]
```
```    46    ==> is_recfun(r',a',H',f')"
```
```    47 apply (simp add: is_recfun_def)
```
```    48 apply (erule trans)
```
```    49 apply (rule lam_cong)
```
```    50 apply (simp_all add: vimage_singleton_iff Int_lower2)
```
```    51 done
```
```    52
```
```    53 text{*For @{text is_recfun} we need only pay attention to functions
```
```    54       whose domains are initial segments of @{term r}.*}
```
```    55 lemma is_recfun_cong:
```
```    56   "[| r = r'; a = a'; f = f';
```
```    57       !!x g. [| <x,a'> \<in> r'; relation(g); domain(g) <= r' -``{x} |]
```
```    58              ==> H(x,g) = H'(x,g) |]
```
```    59    ==> is_recfun(r,a,H,f) <-> is_recfun(r',a',H',f')"
```
```    60 apply (rule iffI)
```
```    61 txt{*Messy: fast and blast don't work for some reason*}
```
```    62 apply (erule is_recfun_cong_lemma, auto)
```
```    63 apply (erule is_recfun_cong_lemma)
```
```    64 apply (blast intro: sym)+
```
```    65 done
```
```    66
```
```    67 lemma (in M_axioms) is_recfun_separation':
```
```    68     "[| f \<in> r -`` {a} \<rightarrow> range(f); g \<in> r -`` {b} \<rightarrow> range(g);
```
```    69         M(r); M(f); M(g); M(a); M(b) |]
```
```    70      ==> separation(M, \<lambda>x. \<not> (\<langle>x, a\<rangle> \<in> r \<longrightarrow> \<langle>x, b\<rangle> \<in> r \<longrightarrow> f ` x = g ` x))"
```
```    71 apply (insert is_recfun_separation [of r f g a b])
```
```    72 apply (simp add: vimage_singleton_iff)
```
```    73 done
```
```    74
```
```    75 text{*Stated using @{term "trans(r)"} rather than
```
```    76       @{term "transitive_rel(M,A,r)"} because the latter rewrites to
```
```    77       the former anyway, by @{text transitive_rel_abs}.
```
```    78       As always, theorems should be expressed in simplified form.
```
```    79       The last three M-premises are redundant because of @{term "M(r)"},
```
```    80       but without them we'd have to undertake
```
```    81       more work to set up the induction formula.*}
```
```    82 lemma (in M_axioms) is_recfun_equal [rule_format]:
```
```    83     "[|is_recfun(r,a,H,f);  is_recfun(r,b,H,g);
```
```    84        wellfounded(M,r);  trans(r);
```
```    85        M(f); M(g); M(r); M(x); M(a); M(b) |]
```
```    86      ==> <x,a> \<in> r --> <x,b> \<in> r --> f`x=g`x"
```
```    87 apply (frule_tac f=f in is_recfun_type)
```
```    88 apply (frule_tac f=g in is_recfun_type)
```
```    89 apply (simp add: is_recfun_def)
```
```    90 apply (erule_tac a=x in wellfounded_induct, assumption+)
```
```    91 txt{*Separation to justify the induction*}
```
```    92  apply (blast intro: is_recfun_separation')
```
```    93 txt{*Now the inductive argument itself*}
```
```    94 apply clarify
```
```    95 apply (erule ssubst)+
```
```    96 apply (simp (no_asm_simp) add: vimage_singleton_iff restrict_def)
```
```    97 apply (rename_tac x1)
```
```    98 apply (rule_tac t="%z. H(x1,z)" in subst_context)
```
```    99 apply (subgoal_tac "ALL y : r-``{x1}. ALL z. <y,z>:f <-> <y,z>:g")
```
```   100  apply (blast intro: transD)
```
```   101 apply (simp add: apply_iff)
```
```   102 apply (blast intro: transD sym)
```
```   103 done
```
```   104
```
```   105 lemma (in M_axioms) is_recfun_cut:
```
```   106     "[|is_recfun(r,a,H,f);  is_recfun(r,b,H,g);
```
```   107        wellfounded(M,r); trans(r);
```
```   108        M(f); M(g); M(r); <b,a> \<in> r |]
```
```   109       ==> restrict(f, r-``{b}) = g"
```
```   110 apply (frule_tac f=f in is_recfun_type)
```
```   111 apply (rule fun_extension)
```
```   112 apply (blast intro: transD restrict_type2)
```
```   113 apply (erule is_recfun_type, simp)
```
```   114 apply (blast intro: is_recfun_equal transD dest: transM)
```
```   115 done
```
```   116
```
```   117 lemma (in M_axioms) is_recfun_functional:
```
```   118      "[|is_recfun(r,a,H,f);  is_recfun(r,a,H,g);
```
```   119        wellfounded(M,r); trans(r); M(f); M(g); M(r) |] ==> f=g"
```
```   120 apply (rule fun_extension)
```
```   121 apply (erule is_recfun_type)+
```
```   122 apply (blast intro!: is_recfun_equal dest: transM)
```
```   123 done
```
```   124
```
```   125 text{*Tells us that @{text is_recfun} can (in principle) be relativized.*}
```
```   126 lemma (in M_axioms) is_recfun_relativize:
```
```   127   "[| M(r); M(f); \<forall>x[M]. \<forall>g[M]. function(g) --> M(H(x,g)) |]
```
```   128    ==> is_recfun(r,a,H,f) <->
```
```   129        (\<forall>z[M]. z \<in> f <->
```
```   130         (\<exists>x[M]. <x,a> \<in> r & z = <x, H(x, restrict(f, r-``{x}))>))";
```
```   131 apply (simp add: is_recfun_def lam_def)
```
```   132 apply (safe intro!: equalityI)
```
```   133    apply (drule equalityD1 [THEN subsetD], assumption)
```
```   134    apply (blast dest: pair_components_in_M)
```
```   135   apply (blast elim!: equalityE dest: pair_components_in_M)
```
```   136  apply (frule transM, assumption, rotate_tac -1)
```
```   137  apply simp
```
```   138  apply blast
```
```   139 apply (subgoal_tac "is_function(M,f)")
```
```   140  txt{*We use @{term "is_function"} rather than @{term "function"} because
```
```   141       the subgoal's easier to prove with relativized quantifiers!*}
```
```   142  prefer 2 apply (simp add: is_function_def)
```
```   143 apply (frule pair_components_in_M, assumption)
```
```   144 apply (simp add: is_recfun_imp_function function_restrictI)
```
```   145 done
```
```   146
```
```   147 (* ideas for further weaking the H-closure premise:
```
```   148 apply (drule spec [THEN spec])
```
```   149 apply (erule mp)
```
```   150 apply (intro conjI)
```
```   151 apply (blast dest!: pair_components_in_M)
```
```   152 apply (blast intro!: function_restrictI dest!: pair_components_in_M)
```
```   153 apply (blast intro!: function_restrictI dest!: pair_components_in_M)
```
```   154 apply (simp only: subset_iff domain_iff restrict_iff vimage_iff)
```
```   155 apply (simp add: vimage_singleton_iff)
```
```   156 apply (intro allI impI conjI)
```
```   157 apply (blast intro: transM dest!: pair_components_in_M)
```
```   158 prefer 4;apply blast
```
```   159 *)
```
```   160
```
```   161 lemma (in M_axioms) is_recfun_restrict:
```
```   162      "[| wellfounded(M,r); trans(r); is_recfun(r,x,H,f); \<langle>y,x\<rangle> \<in> r;
```
```   163        M(r); M(f);
```
```   164        \<forall>x[M]. \<forall>g[M]. function(g) --> M(H(x,g)) |]
```
```   165        ==> is_recfun(r, y, H, restrict(f, r -`` {y}))"
```
```   166 apply (frule pair_components_in_M, assumption, clarify)
```
```   167 apply (simp (no_asm_simp) add: is_recfun_relativize restrict_iff
```
```   168            trans_Int_eq)
```
```   169 apply safe
```
```   170   apply (simp_all add: vimage_singleton_iff is_recfun_type [THEN apply_iff])
```
```   171   apply (frule_tac x=xa in pair_components_in_M, assumption)
```
```   172   apply (frule_tac x=xa in apply_recfun, blast intro: transD)
```
```   173   apply (simp add: is_recfun_type [THEN apply_iff]
```
```   174                    is_recfun_imp_function function_restrictI)
```
```   175 apply (blast intro: apply_recfun dest: transD)
```
```   176 done
```
```   177
```
```   178 lemma (in M_axioms) restrict_Y_lemma:
```
```   179    "[| wellfounded(M,r); trans(r); M(r);
```
```   180        \<forall>x[M]. \<forall>g[M]. function(g) --> M(H(x,g));  M(Y);
```
```   181        \<forall>b[M].
```
```   182 	   b \<in> Y <->
```
```   183 	   (\<exists>x[M]. <x,a1> \<in> r &
```
```   184             (\<exists>y[M]. b = \<langle>x,y\<rangle> & (\<exists>g[M]. is_recfun(r,x,H,g) \<and> y = H(x,g))));
```
```   185           \<langle>x,a1\<rangle> \<in> r; is_recfun(r,x,H,f); M(f) |]
```
```   186        ==> restrict(Y, r -`` {x}) = f"
```
```   187 apply (subgoal_tac "\<forall>y \<in> r-``{x}. \<forall>z. <y,z>:Y <-> <y,z>:f")
```
```   188  apply (simp (no_asm_simp) add: restrict_def)
```
```   189  apply (thin_tac "rall(M,?P)")+  --{*essential for efficiency*}
```
```   190  apply (frule is_recfun_type [THEN fun_is_rel], blast)
```
```   191 apply (frule pair_components_in_M, assumption, clarify)
```
```   192 apply (rule iffI)
```
```   193  apply (frule_tac y="<y,z>" in transM, assumption )
```
```   194  apply (rotate_tac -1)
```
```   195  apply (clarsimp simp add: vimage_singleton_iff is_recfun_type [THEN apply_iff]
```
```   196 			   apply_recfun is_recfun_cut)
```
```   197 txt{*Opposite inclusion: something in f, show in Y*}
```
```   198 apply (frule_tac y="<y,z>" in transM, assumption)
```
```   199 apply (simp add: vimage_singleton_iff)
```
```   200 apply (rule conjI)
```
```   201  apply (blast dest: transD)
```
```   202 apply (rule_tac x="restrict(f, r -`` {y})" in rexI)
```
```   203 apply (simp_all add: is_recfun_restrict
```
```   204                      apply_recfun is_recfun_type [THEN apply_iff])
```
```   205 done
```
```   206
```
```   207 text{*For typical applications of Replacement for recursive definitions*}
```
```   208 lemma (in M_axioms) univalent_is_recfun:
```
```   209      "[|wellfounded(M,r); trans(r); M(r)|]
```
```   210       ==> univalent (M, A, \<lambda>x p.
```
```   211               \<exists>y[M]. p = \<langle>x,y\<rangle> & (\<exists>f[M]. is_recfun(r,x,H,f) & y = H(x,f)))"
```
```   212 apply (simp add: univalent_def)
```
```   213 apply (blast dest: is_recfun_functional)
```
```   214 done
```
```   215
```
```   216
```
```   217 text{*Proof of the inductive step for @{text exists_is_recfun}, since
```
```   218       we must prove two versions.*}
```
```   219 lemma (in M_axioms) exists_is_recfun_indstep:
```
```   220     "[|\<forall>y. \<langle>y, a1\<rangle> \<in> r --> (\<exists>f[M]. is_recfun(r, y, H, f));
```
```   221        wellfounded(M,r); trans(r); M(r); M(a1);
```
```   222        strong_replacement(M, \<lambda>x z.
```
```   223               \<exists>y[M]. \<exists>g[M]. pair(M,x,y,z) & is_recfun(r,x,H,g) & y = H(x,g));
```
```   224        \<forall>x[M]. \<forall>g[M]. function(g) --> M(H(x,g))|]
```
```   225       ==> \<exists>f[M]. is_recfun(r,a1,H,f)"
```
```   226 apply (drule_tac A="r-``{a1}" in strong_replacementD)
```
```   227   apply blast
```
```   228  txt{*Discharge the "univalent" obligation of Replacement*}
```
```   229  apply (simp add: univalent_is_recfun)
```
```   230 txt{*Show that the constructed object satisfies @{text is_recfun}*}
```
```   231 apply clarify
```
```   232 apply (rule_tac x=Y in rexI)
```
```   233 txt{*Unfold only the top-level occurrence of @{term is_recfun}*}
```
```   234 apply (simp (no_asm_simp) add: is_recfun_relativize [of concl: _ a1])
```
```   235 txt{*The big iff-formula defining @{term Y} is now redundant*}
```
```   236 apply safe
```
```   237  apply (simp add: vimage_singleton_iff restrict_Y_lemma [of r H _ a1])
```
```   238 txt{*one more case*}
```
```   239 apply (simp (no_asm_simp) add: Bex_def vimage_singleton_iff)
```
```   240 apply (drule_tac x1=x in spec [THEN mp], assumption, clarify)
```
```   241 apply (rename_tac f)
```
```   242 apply (rule_tac x=f in rexI)
```
```   243 apply (simp_all add: restrict_Y_lemma [of r H])
```
```   244 txt{*FIXME: should not be needed!*}
```
```   245 apply (subst restrict_Y_lemma [of r H])
```
```   246 apply (simp add: vimage_singleton_iff)+
```
```   247 apply blast+
```
```   248 done
```
```   249
```
```   250 text{*Relativized version, when we have the (currently weaker) premise
```
```   251       @{term "wellfounded(M,r)"}*}
```
```   252 lemma (in M_axioms) wellfounded_exists_is_recfun:
```
```   253     "[|wellfounded(M,r);  trans(r);
```
```   254        separation(M, \<lambda>x. ~ (\<exists>f[M]. is_recfun(r, x, H, f)));
```
```   255        strong_replacement(M, \<lambda>x z.
```
```   256           \<exists>y[M]. \<exists>g[M]. pair(M,x,y,z) & is_recfun(r,x,H,g) & y = H(x,g));
```
```   257        M(r);  M(a);
```
```   258        \<forall>x[M]. \<forall>g[M]. function(g) --> M(H(x,g)) |]
```
```   259       ==> \<exists>f[M]. is_recfun(r,a,H,f)"
```
```   260 apply (rule wellfounded_induct, assumption+, clarify)
```
```   261 apply (rule exists_is_recfun_indstep, assumption+)
```
```   262 done
```
```   263
```
```   264 lemma (in M_axioms) wf_exists_is_recfun [rule_format]:
```
```   265     "[|wf(r);  trans(r);  M(r);
```
```   266        strong_replacement(M, \<lambda>x z.
```
```   267          \<exists>y[M]. \<exists>g[M]. pair(M,x,y,z) & is_recfun(r,x,H,g) & y = H(x,g));
```
```   268        \<forall>x[M]. \<forall>g[M]. function(g) --> M(H(x,g)) |]
```
```   269       ==> M(a) --> (\<exists>f[M]. is_recfun(r,a,H,f))"
```
```   270 apply (rule wf_induct, assumption+)
```
```   271 apply (frule wf_imp_relativized)
```
```   272 apply (intro impI)
```
```   273 apply (rule exists_is_recfun_indstep)
```
```   274       apply (blast dest: transM del: rev_rallE, assumption+)
```
```   275 done
```
```   276
```
```   277 constdefs
```
```   278   M_is_recfun :: "[i=>o, [i,i,i]=>o, i, i, i] => o"
```
```   279    "M_is_recfun(M,MH,r,a,f) ==
```
```   280      \<forall>z[M]. z \<in> f <->
```
```   281             (\<exists>x[M]. \<exists>y[M]. \<exists>xa[M]. \<exists>sx[M]. \<exists>r_sx[M]. \<exists>f_r_sx[M].
```
```   282 	       pair(M,x,y,z) & pair(M,x,a,xa) & upair(M,x,x,sx) &
```
```   283                pre_image(M,r,sx,r_sx) & restriction(M,f,r_sx,f_r_sx) &
```
```   284                xa \<in> r & MH(x, f_r_sx, y))"
```
```   285
```
```   286   is_wfrec :: "[i=>o, [i,i,i]=>o, i, i, i] => o"
```
```   287    "is_wfrec(M,MH,r,a,z) ==
```
```   288       \<exists>f[M]. M_is_recfun(M,MH,r,a,f) & MH(a,f,z)"
```
```   289
```
```   290   wfrec_replacement :: "[i=>o, [i,i,i]=>o, i] => o"
```
```   291    "wfrec_replacement(M,MH,r) ==
```
```   292         strong_replacement(M,
```
```   293              \<lambda>x z. \<exists>y[M]. pair(M,x,y,z) & is_wfrec(M,MH,r,x,y))"
```
```   294
```
```   295 lemma (in M_axioms) is_recfun_abs:
```
```   296      "[| \<forall>x[M]. \<forall>g[M]. function(g) --> M(H(x,g));  M(r); M(a); M(f);
```
```   297          relativize2(M,MH,H) |]
```
```   298       ==> M_is_recfun(M,MH,r,a,f) <-> is_recfun(r,a,H,f)"
```
```   299 apply (simp add: M_is_recfun_def relativize2_def is_recfun_relativize)
```
```   300 apply (rule rall_cong)
```
```   301 apply (blast dest: transM)
```
```   302 done
```
```   303
```
```   304 lemma M_is_recfun_cong [cong]:
```
```   305      "[| r = r'; a = a'; f = f';
```
```   306        !!x g y. [| M(x); M(g); M(y) |] ==> MH(x,g,y) <-> MH'(x,g,y) |]
```
```   307       ==> M_is_recfun(M,MH,r,a,f) <-> M_is_recfun(M,MH',r',a',f')"
```
```   308 by (simp add: M_is_recfun_def)
```
```   309
```
```   310 lemma (in M_axioms) is_wfrec_abs:
```
```   311      "[| \<forall>x[M]. \<forall>g[M]. function(g) --> M(H(x,g));
```
```   312          relativize2(M,MH,H);  M(r); M(a); M(z) |]
```
```   313       ==> is_wfrec(M,MH,r,a,z) <->
```
```   314           (\<exists>g[M]. is_recfun(r,a,H,g) & z = H(a,g))"
```
```   315 by (simp add: is_wfrec_def relativize2_def is_recfun_abs)
```
```   316
```
```   317 text{*Relating @{term wfrec_replacement} to native constructs*}
```
```   318 lemma (in M_axioms) wfrec_replacement':
```
```   319   "[|wfrec_replacement(M,MH,r);
```
```   320      \<forall>x[M]. \<forall>g[M]. function(g) --> M(H(x,g));
```
```   321      relativize2(M,MH,H);  M(r)|]
```
```   322    ==> strong_replacement(M, \<lambda>x z. \<exists>y[M].
```
```   323                 pair(M,x,y,z) & (\<exists>g[M]. is_recfun(r,x,H,g) & y = H(x,g)))"
```
```   324 apply (rotate_tac 1)
```
```   325 apply (simp add: wfrec_replacement_def is_wfrec_abs)
```
```   326 done
```
```   327
```
```   328 lemma wfrec_replacement_cong [cong]:
```
```   329      "[| !!x y z. [| M(x); M(y); M(z) |] ==> MH(x,y,z) <-> MH'(x,y,z);
```
```   330          r=r' |]
```
```   331       ==> wfrec_replacement(M, %x y. MH(x,y), r) <->
```
```   332           wfrec_replacement(M, %x y. MH'(x,y), r')"
```
```   333 by (simp add: is_wfrec_def wfrec_replacement_def)
```
```   334
```
```   335
```
```   336 (*FIXME: update to use new techniques!!*)
```
```   337 constdefs
```
```   338  (*This expresses ordinal addition in the language of ZF.  It also
```
```   339    provides an abbreviation that can be used in the instance of strong
```
```   340    replacement below.  Here j is used to define the relation, namely
```
```   341    Memrel(succ(j)), while x determines the domain of f.*)
```
```   342  is_oadd_fun :: "[i=>o,i,i,i,i] => o"
```
```   343     "is_oadd_fun(M,i,j,x,f) ==
```
```   344        (\<forall>sj msj. M(sj) --> M(msj) -->
```
```   345                  successor(M,j,sj) --> membership(M,sj,msj) -->
```
```   346 	         M_is_recfun(M,
```
```   347 		     %x g y. \<exists>gx[M]. image(M,g,x,gx) & union(M,i,gx,y),
```
```   348 		     msj, x, f))"
```
```   349
```
```   350  is_oadd :: "[i=>o,i,i,i] => o"
```
```   351     "is_oadd(M,i,j,k) ==
```
```   352         (~ ordinal(M,i) & ~ ordinal(M,j) & k=0) |
```
```   353         (~ ordinal(M,i) & ordinal(M,j) & k=j) |
```
```   354         (ordinal(M,i) & ~ ordinal(M,j) & k=i) |
```
```   355         (ordinal(M,i) & ordinal(M,j) &
```
```   356 	 (\<exists>f fj sj. M(f) & M(fj) & M(sj) &
```
```   357 		    successor(M,j,sj) & is_oadd_fun(M,i,sj,sj,f) &
```
```   358 		    fun_apply(M,f,j,fj) & fj = k))"
```
```   359
```
```   360  (*NEEDS RELATIVIZATION*)
```
```   361  omult_eqns :: "[i,i,i,i] => o"
```
```   362     "omult_eqns(i,x,g,z) ==
```
```   363             Ord(x) &
```
```   364 	    (x=0 --> z=0) &
```
```   365             (\<forall>j. x = succ(j) --> z = g`j ++ i) &
```
```   366             (Limit(x) --> z = \<Union>(g``x))"
```
```   367
```
```   368  is_omult_fun :: "[i=>o,i,i,i] => o"
```
```   369     "is_omult_fun(M,i,j,f) ==
```
```   370 	    (\<exists>df. M(df) & is_function(M,f) &
```
```   371                   is_domain(M,f,df) & subset(M, j, df)) &
```
```   372             (\<forall>x\<in>j. omult_eqns(i,x,f,f`x))"
```
```   373
```
```   374  is_omult :: "[i=>o,i,i,i] => o"
```
```   375     "is_omult(M,i,j,k) ==
```
```   376 	\<exists>f fj sj. M(f) & M(fj) & M(sj) &
```
```   377                   successor(M,j,sj) & is_omult_fun(M,i,sj,f) &
```
```   378                   fun_apply(M,f,j,fj) & fj = k"
```
```   379
```
```   380
```
```   381 locale M_ord_arith = M_axioms +
```
```   382   assumes oadd_strong_replacement:
```
```   383    "[| M(i); M(j) |] ==>
```
```   384     strong_replacement(M,
```
```   385          \<lambda>x z. \<exists>y[M]. pair(M,x,y,z) &
```
```   386                   (\<exists>f[M]. \<exists>fx[M]. is_oadd_fun(M,i,j,x,f) &
```
```   387 		           image(M,f,x,fx) & y = i Un fx))"
```
```   388
```
```   389  and omult_strong_replacement':
```
```   390    "[| M(i); M(j) |] ==>
```
```   391     strong_replacement(M,
```
```   392          \<lambda>x z. \<exists>y[M]. z = <x,y> &
```
```   393 	     (\<exists>g[M]. is_recfun(Memrel(succ(j)),x,%x g. THE z. omult_eqns(i,x,g,z),g) &
```
```   394 	     y = (THE z. omult_eqns(i, x, g, z))))"
```
```   395
```
```   396
```
```   397
```
```   398 text{*@{text is_oadd_fun}: Relating the pure "language of set theory" to Isabelle/ZF*}
```
```   399 lemma (in M_ord_arith) is_oadd_fun_iff:
```
```   400    "[| a\<le>j; M(i); M(j); M(a); M(f) |]
```
```   401     ==> is_oadd_fun(M,i,j,a,f) <->
```
```   402 	f \<in> a \<rightarrow> range(f) & (\<forall>x. M(x) --> x < a --> f`x = i Un f``x)"
```
```   403 apply (frule lt_Ord)
```
```   404 apply (simp add: is_oadd_fun_def Memrel_closed Un_closed
```
```   405              relativize2_def is_recfun_abs [of "%x g. i Un g``x"]
```
```   406              image_closed is_recfun_iff_equation
```
```   407              Ball_def lt_trans [OF ltI, of _ a] lt_Memrel)
```
```   408 apply (simp add: lt_def)
```
```   409 apply (blast dest: transM)
```
```   410 done
```
```   411
```
```   412
```
```   413 lemma (in M_ord_arith) oadd_strong_replacement':
```
```   414     "[| M(i); M(j) |] ==>
```
```   415      strong_replacement(M,
```
```   416             \<lambda>x z. \<exists>y[M]. z = <x,y> &
```
```   417 		  (\<exists>g[M]. is_recfun(Memrel(succ(j)),x,%x g. i Un g``x,g) &
```
```   418 		  y = i Un g``x))"
```
```   419 apply (insert oadd_strong_replacement [of i j])
```
```   420 apply (simp add: is_oadd_fun_def relativize2_def is_recfun_abs [of "%x g. i Un g``x"])
```
```   421 done
```
```   422
```
```   423
```
```   424 lemma (in M_ord_arith) exists_oadd:
```
```   425     "[| Ord(j);  M(i);  M(j) |]
```
```   426      ==> \<exists>f[M]. is_recfun(Memrel(succ(j)), j, %x g. i Un g``x, f)"
```
```   427 apply (rule wf_exists_is_recfun [OF wf_Memrel trans_Memrel])
```
```   428     apply (simp_all add: Memrel_type oadd_strong_replacement')
```
```   429 done
```
```   430
```
```   431 lemma (in M_ord_arith) exists_oadd_fun:
```
```   432     "[| Ord(j);  M(i);  M(j) |] ==> \<exists>f[M]. is_oadd_fun(M,i,succ(j),succ(j),f)"
```
```   433 apply (rule exists_oadd [THEN rexE])
```
```   434 apply (erule Ord_succ, assumption, simp)
```
```   435 apply (rename_tac f)
```
```   436 apply (frule is_recfun_type)
```
```   437 apply (rule_tac x=f in rexI)
```
```   438  apply (simp add: fun_is_function domain_of_fun lt_Memrel apply_recfun lt_def
```
```   439                   is_oadd_fun_iff Ord_trans [OF _ succI1], assumption)
```
```   440 done
```
```   441
```
```   442 lemma (in M_ord_arith) is_oadd_fun_apply:
```
```   443     "[| x < j; M(i); M(j); M(f); is_oadd_fun(M,i,j,j,f) |]
```
```   444      ==> f`x = i Un (\<Union>k\<in>x. {f ` k})"
```
```   445 apply (simp add: is_oadd_fun_iff lt_Ord2, clarify)
```
```   446 apply (frule lt_closed, simp)
```
```   447 apply (frule leI [THEN le_imp_subset])
```
```   448 apply (simp add: image_fun, blast)
```
```   449 done
```
```   450
```
```   451 lemma (in M_ord_arith) is_oadd_fun_iff_oadd [rule_format]:
```
```   452     "[| is_oadd_fun(M,i,J,J,f); M(i); M(J); M(f); Ord(i); Ord(j) |]
```
```   453      ==> j<J --> f`j = i++j"
```
```   454 apply (erule_tac i=j in trans_induct, clarify)
```
```   455 apply (subgoal_tac "\<forall>k\<in>x. k<J")
```
```   456  apply (simp (no_asm_simp) add: is_oadd_def oadd_unfold is_oadd_fun_apply)
```
```   457 apply (blast intro: lt_trans ltI lt_Ord)
```
```   458 done
```
```   459
```
```   460 lemma (in M_ord_arith) Ord_oadd_abs:
```
```   461     "[| M(i); M(j); M(k); Ord(i); Ord(j) |] ==> is_oadd(M,i,j,k) <-> k = i++j"
```
```   462 apply (simp add: is_oadd_def is_oadd_fun_iff_oadd)
```
```   463 apply (frule exists_oadd_fun [of j i], blast+)
```
```   464 done
```
```   465
```
```   466 lemma (in M_ord_arith) oadd_abs:
```
```   467     "[| M(i); M(j); M(k) |] ==> is_oadd(M,i,j,k) <-> k = i++j"
```
```   468 apply (case_tac "Ord(i) & Ord(j)")
```
```   469  apply (simp add: Ord_oadd_abs)
```
```   470 apply (auto simp add: is_oadd_def oadd_eq_if_raw_oadd)
```
```   471 done
```
```   472
```
```   473 lemma (in M_ord_arith) oadd_closed [intro,simp]:
```
```   474     "[| M(i); M(j) |] ==> M(i++j)"
```
```   475 apply (simp add: oadd_eq_if_raw_oadd, clarify)
```
```   476 apply (simp add: raw_oadd_eq_oadd)
```
```   477 apply (frule exists_oadd_fun [of j i], auto)
```
```   478 apply (simp add: apply_closed is_oadd_fun_iff_oadd [symmetric])
```
```   479 done
```
```   480
```
```   481
```
```   482 text{*Ordinal Multiplication*}
```
```   483
```
```   484 lemma omult_eqns_unique:
```
```   485      "[| omult_eqns(i,x,g,z); omult_eqns(i,x,g,z') |] ==> z=z'";
```
```   486 apply (simp add: omult_eqns_def, clarify)
```
```   487 apply (erule Ord_cases, simp_all)
```
```   488 done
```
```   489
```
```   490 lemma omult_eqns_0: "omult_eqns(i,0,g,z) <-> z=0"
```
```   491 by (simp add: omult_eqns_def)
```
```   492
```
```   493 lemma the_omult_eqns_0: "(THE z. omult_eqns(i,0,g,z)) = 0"
```
```   494 by (simp add: omult_eqns_0)
```
```   495
```
```   496 lemma omult_eqns_succ: "omult_eqns(i,succ(j),g,z) <-> Ord(j) & z = g`j ++ i"
```
```   497 by (simp add: omult_eqns_def)
```
```   498
```
```   499 lemma the_omult_eqns_succ:
```
```   500      "Ord(j) ==> (THE z. omult_eqns(i,succ(j),g,z)) = g`j ++ i"
```
```   501 by (simp add: omult_eqns_succ)
```
```   502
```
```   503 lemma omult_eqns_Limit:
```
```   504      "Limit(x) ==> omult_eqns(i,x,g,z) <-> z = \<Union>(g``x)"
```
```   505 apply (simp add: omult_eqns_def)
```
```   506 apply (blast intro: Limit_is_Ord)
```
```   507 done
```
```   508
```
```   509 lemma the_omult_eqns_Limit:
```
```   510      "Limit(x) ==> (THE z. omult_eqns(i,x,g,z)) = \<Union>(g``x)"
```
```   511 by (simp add: omult_eqns_Limit)
```
```   512
```
```   513 lemma omult_eqns_Not: "~ Ord(x) ==> ~ omult_eqns(i,x,g,z)"
```
```   514 by (simp add: omult_eqns_def)
```
```   515
```
```   516
```
```   517 lemma (in M_ord_arith) the_omult_eqns_closed:
```
```   518     "[| M(i); M(x); M(g); function(g) |]
```
```   519      ==> M(THE z. omult_eqns(i, x, g, z))"
```
```   520 apply (case_tac "Ord(x)")
```
```   521  prefer 2 apply (simp add: omult_eqns_Not) --{*trivial, non-Ord case*}
```
```   522 apply (erule Ord_cases)
```
```   523   apply (simp add: omult_eqns_0)
```
```   524  apply (simp add: omult_eqns_succ apply_closed oadd_closed)
```
```   525 apply (simp add: omult_eqns_Limit)
```
```   526 done
```
```   527
```
```   528 lemma (in M_ord_arith) exists_omult:
```
```   529     "[| Ord(j);  M(i);  M(j) |]
```
```   530      ==> \<exists>f[M]. is_recfun(Memrel(succ(j)), j, %x g. THE z. omult_eqns(i,x,g,z), f)"
```
```   531 apply (rule wf_exists_is_recfun [OF wf_Memrel trans_Memrel])
```
```   532     apply (simp_all add: Memrel_type omult_strong_replacement')
```
```   533 apply (blast intro: the_omult_eqns_closed)
```
```   534 done
```
```   535
```
```   536 lemma (in M_ord_arith) exists_omult_fun:
```
```   537     "[| Ord(j);  M(i);  M(j) |] ==> \<exists>f[M]. is_omult_fun(M,i,succ(j),f)"
```
```   538 apply (rule exists_omult [THEN rexE])
```
```   539 apply (erule Ord_succ, assumption, simp)
```
```   540 apply (rename_tac f)
```
```   541 apply (frule is_recfun_type)
```
```   542 apply (rule_tac x=f in rexI)
```
```   543 apply (simp add: fun_is_function domain_of_fun lt_Memrel apply_recfun lt_def
```
```   544                  is_omult_fun_def Ord_trans [OF _ succI1])
```
```   545  apply (force dest: Ord_in_Ord'
```
```   546               simp add: omult_eqns_def the_omult_eqns_0 the_omult_eqns_succ
```
```   547                         the_omult_eqns_Limit, assumption)
```
```   548 done
```
```   549
```
```   550 lemma (in M_ord_arith) is_omult_fun_apply_0:
```
```   551     "[| 0 < j; is_omult_fun(M,i,j,f) |] ==> f`0 = 0"
```
```   552 by (simp add: is_omult_fun_def omult_eqns_def lt_def ball_conj_distrib)
```
```   553
```
```   554 lemma (in M_ord_arith) is_omult_fun_apply_succ:
```
```   555     "[| succ(x) < j; is_omult_fun(M,i,j,f) |] ==> f`succ(x) = f`x ++ i"
```
```   556 by (simp add: is_omult_fun_def omult_eqns_def lt_def, blast)
```
```   557
```
```   558 lemma (in M_ord_arith) is_omult_fun_apply_Limit:
```
```   559     "[| x < j; Limit(x); M(j); M(f); is_omult_fun(M,i,j,f) |]
```
```   560      ==> f ` x = (\<Union>y\<in>x. f`y)"
```
```   561 apply (simp add: is_omult_fun_def omult_eqns_def domain_closed lt_def, clarify)
```
```   562 apply (drule subset_trans [OF OrdmemD], assumption+)
```
```   563 apply (simp add: ball_conj_distrib omult_Limit image_function)
```
```   564 done
```
```   565
```
```   566 lemma (in M_ord_arith) is_omult_fun_eq_omult:
```
```   567     "[| is_omult_fun(M,i,J,f); M(J); M(f); Ord(i); Ord(j) |]
```
```   568      ==> j<J --> f`j = i**j"
```
```   569 apply (erule_tac i=j in trans_induct3)
```
```   570 apply (safe del: impCE)
```
```   571   apply (simp add: is_omult_fun_apply_0)
```
```   572  apply (subgoal_tac "x<J")
```
```   573   apply (simp add: is_omult_fun_apply_succ omult_succ)
```
```   574  apply (blast intro: lt_trans)
```
```   575 apply (subgoal_tac "\<forall>k\<in>x. k<J")
```
```   576  apply (simp add: is_omult_fun_apply_Limit omult_Limit)
```
```   577 apply (blast intro: lt_trans ltI lt_Ord)
```
```   578 done
```
```   579
```
```   580 lemma (in M_ord_arith) omult_abs:
```
```   581     "[| M(i); M(j); M(k); Ord(i); Ord(j) |] ==> is_omult(M,i,j,k) <-> k = i**j"
```
```   582 apply (simp add: is_omult_def is_omult_fun_eq_omult)
```
```   583 apply (frule exists_omult_fun [of j i], blast+)
```
```   584 done
```
```   585
```
```   586 end
```
```   587
```