src/ZF/Constructible/L_axioms.thy
author paulson
Wed Jul 31 18:30:25 2002 +0200 (2002-07-31)
changeset 13440 cdde97e1db1c
parent 13434 78b93a667c01
child 13493 5aa68c051725
permissions -rw-r--r--
some progress towards "satisfies"
     1 
     2 header {* The ZF Axioms (Except Separation) in L *}
     3 
     4 theory L_axioms = Formula + Relative + Reflection + MetaExists:
     5 
     6 text {* The class L satisfies the premises of locale @{text M_triv_axioms} *}
     7 
     8 lemma transL: "[| y\<in>x; L(x) |] ==> L(y)"
     9 apply (insert Transset_Lset)
    10 apply (simp add: Transset_def L_def, blast)
    11 done
    12 
    13 lemma nonempty: "L(0)"
    14 apply (simp add: L_def)
    15 apply (blast intro: zero_in_Lset)
    16 done
    17 
    18 lemma upair_ax: "upair_ax(L)"
    19 apply (simp add: upair_ax_def upair_def, clarify)
    20 apply (rule_tac x="{x,y}" in rexI)
    21 apply (simp_all add: doubleton_in_L)
    22 done
    23 
    24 lemma Union_ax: "Union_ax(L)"
    25 apply (simp add: Union_ax_def big_union_def, clarify)
    26 apply (rule_tac x="Union(x)" in rexI)
    27 apply (simp_all add: Union_in_L, auto)
    28 apply (blast intro: transL)
    29 done
    30 
    31 lemma power_ax: "power_ax(L)"
    32 apply (simp add: power_ax_def powerset_def Relative.subset_def, clarify)
    33 apply (rule_tac x="{y \<in> Pow(x). L(y)}" in rexI)
    34 apply (simp_all add: LPow_in_L, auto)
    35 apply (blast intro: transL)
    36 done
    37 
    38 subsubsection{*For L to satisfy Replacement *}
    39 
    40 (*Can't move these to Formula unless the definition of univalent is moved
    41 there too!*)
    42 
    43 lemma LReplace_in_Lset:
    44      "[|X \<in> Lset(i); univalent(L,X,Q); Ord(i)|]
    45       ==> \<exists>j. Ord(j) & Replace(X, %x y. Q(x,y) & L(y)) \<subseteq> Lset(j)"
    46 apply (rule_tac x="\<Union>y \<in> Replace(X, %x y. Q(x,y) & L(y)). succ(lrank(y))"
    47        in exI)
    48 apply simp
    49 apply clarify
    50 apply (rule_tac a=x in UN_I)
    51  apply (simp_all add: Replace_iff univalent_def)
    52 apply (blast dest: transL L_I)
    53 done
    54 
    55 lemma LReplace_in_L:
    56      "[|L(X); univalent(L,X,Q)|]
    57       ==> \<exists>Y. L(Y) & Replace(X, %x y. Q(x,y) & L(y)) \<subseteq> Y"
    58 apply (drule L_D, clarify)
    59 apply (drule LReplace_in_Lset, assumption+)
    60 apply (blast intro: L_I Lset_in_Lset_succ)
    61 done
    62 
    63 lemma replacement: "replacement(L,P)"
    64 apply (simp add: replacement_def, clarify)
    65 apply (frule LReplace_in_L, assumption+, clarify)
    66 apply (rule_tac x=Y in rexI)
    67 apply (simp_all add: Replace_iff univalent_def, blast)
    68 done
    69 
    70 subsection{*Instantiating the locale @{text M_triv_axioms}*}
    71 text{*No instances of Separation yet.*}
    72 
    73 lemma Lset_mono_le: "mono_le_subset(Lset)"
    74 by (simp add: mono_le_subset_def le_imp_subset Lset_mono)
    75 
    76 lemma Lset_cont: "cont_Ord(Lset)"
    77 by (simp add: cont_Ord_def Limit_Lset_eq OUnion_def Limit_is_Ord)
    78 
    79 lemmas Pair_in_Lset = Formula.Pair_in_LLimit
    80 
    81 lemmas L_nat = Ord_in_L [OF Ord_nat]
    82 
    83 theorem M_triv_axioms_L: "PROP M_triv_axioms(L)"
    84   apply (rule M_triv_axioms.intro)
    85         apply (erule (1) transL)
    86        apply (rule nonempty)
    87       apply (rule upair_ax)
    88      apply (rule Union_ax)
    89     apply (rule power_ax)
    90    apply (rule replacement)
    91   apply (rule L_nat)
    92   done
    93 
    94 lemmas rall_abs = M_triv_axioms.rall_abs [OF M_triv_axioms_L]
    95   and rex_abs = M_triv_axioms.rex_abs [OF M_triv_axioms_L]
    96   and ball_iff_equiv = M_triv_axioms.ball_iff_equiv [OF M_triv_axioms_L]
    97   and M_equalityI = M_triv_axioms.M_equalityI [OF M_triv_axioms_L]
    98   and empty_abs = M_triv_axioms.empty_abs [OF M_triv_axioms_L]
    99   and subset_abs = M_triv_axioms.subset_abs [OF M_triv_axioms_L]
   100   and upair_abs = M_triv_axioms.upair_abs [OF M_triv_axioms_L]
   101   and upair_in_M_iff = M_triv_axioms.upair_in_M_iff [OF M_triv_axioms_L]
   102   and singleton_in_M_iff = M_triv_axioms.singleton_in_M_iff [OF M_triv_axioms_L]
   103   and pair_abs = M_triv_axioms.pair_abs [OF M_triv_axioms_L]
   104   and pair_in_M_iff = M_triv_axioms.pair_in_M_iff [OF M_triv_axioms_L]
   105   and pair_components_in_M = M_triv_axioms.pair_components_in_M [OF M_triv_axioms_L]
   106   and cartprod_abs = M_triv_axioms.cartprod_abs [OF M_triv_axioms_L]
   107   and union_abs = M_triv_axioms.union_abs [OF M_triv_axioms_L]
   108   and inter_abs = M_triv_axioms.inter_abs [OF M_triv_axioms_L]
   109   and setdiff_abs = M_triv_axioms.setdiff_abs [OF M_triv_axioms_L]
   110   and Union_abs = M_triv_axioms.Union_abs [OF M_triv_axioms_L]
   111   and Union_closed = M_triv_axioms.Union_closed [OF M_triv_axioms_L]
   112   and Un_closed = M_triv_axioms.Un_closed [OF M_triv_axioms_L]
   113   and cons_closed = M_triv_axioms.cons_closed [OF M_triv_axioms_L]
   114   and successor_abs = M_triv_axioms.successor_abs [OF M_triv_axioms_L]
   115   and succ_in_M_iff = M_triv_axioms.succ_in_M_iff [OF M_triv_axioms_L]
   116   and separation_closed = M_triv_axioms.separation_closed [OF M_triv_axioms_L]
   117   and strong_replacementI = M_triv_axioms.strong_replacementI [OF M_triv_axioms_L]
   118   and strong_replacement_closed = M_triv_axioms.strong_replacement_closed [OF M_triv_axioms_L]
   119   and RepFun_closed = M_triv_axioms.RepFun_closed [OF M_triv_axioms_L]
   120   and lam_closed = M_triv_axioms.lam_closed [OF M_triv_axioms_L]
   121   and image_abs = M_triv_axioms.image_abs [OF M_triv_axioms_L]
   122   and powerset_Pow = M_triv_axioms.powerset_Pow [OF M_triv_axioms_L]
   123   and powerset_imp_subset_Pow = M_triv_axioms.powerset_imp_subset_Pow [OF M_triv_axioms_L]
   124   and nat_into_M = M_triv_axioms.nat_into_M [OF M_triv_axioms_L]
   125   and nat_case_closed = M_triv_axioms.nat_case_closed [OF M_triv_axioms_L]
   126   and Inl_in_M_iff = M_triv_axioms.Inl_in_M_iff [OF M_triv_axioms_L]
   127   and Inr_in_M_iff = M_triv_axioms.Inr_in_M_iff [OF M_triv_axioms_L]
   128   and lt_closed = M_triv_axioms.lt_closed [OF M_triv_axioms_L]
   129   and transitive_set_abs = M_triv_axioms.transitive_set_abs [OF M_triv_axioms_L]
   130   and ordinal_abs = M_triv_axioms.ordinal_abs [OF M_triv_axioms_L]
   131   and limit_ordinal_abs = M_triv_axioms.limit_ordinal_abs [OF M_triv_axioms_L]
   132   and successor_ordinal_abs = M_triv_axioms.successor_ordinal_abs [OF M_triv_axioms_L]
   133   and finite_ordinal_abs = M_triv_axioms.finite_ordinal_abs [OF M_triv_axioms_L]
   134   and omega_abs = M_triv_axioms.omega_abs [OF M_triv_axioms_L]
   135   and number1_abs = M_triv_axioms.number1_abs [OF M_triv_axioms_L]
   136   and number2_abs = M_triv_axioms.number2_abs [OF M_triv_axioms_L]
   137   and number3_abs = M_triv_axioms.number3_abs [OF M_triv_axioms_L]
   138 
   139 declare rall_abs [simp]
   140 declare rex_abs [simp]
   141 declare empty_abs [simp]
   142 declare subset_abs [simp]
   143 declare upair_abs [simp]
   144 declare upair_in_M_iff [iff]
   145 declare singleton_in_M_iff [iff]
   146 declare pair_abs [simp]
   147 declare pair_in_M_iff [iff]
   148 declare cartprod_abs [simp]
   149 declare union_abs [simp]
   150 declare inter_abs [simp]
   151 declare setdiff_abs [simp]
   152 declare Union_abs [simp]
   153 declare Union_closed [intro, simp]
   154 declare Un_closed [intro, simp]
   155 declare cons_closed [intro, simp]
   156 declare successor_abs [simp]
   157 declare succ_in_M_iff [iff]
   158 declare separation_closed [intro, simp]
   159 declare strong_replacementI
   160 declare strong_replacement_closed [intro, simp]
   161 declare RepFun_closed [intro, simp]
   162 declare lam_closed [intro, simp]
   163 declare image_abs [simp]
   164 declare nat_into_M [intro]
   165 declare Inl_in_M_iff [iff]
   166 declare Inr_in_M_iff [iff]
   167 declare transitive_set_abs [simp]
   168 declare ordinal_abs [simp]
   169 declare limit_ordinal_abs [simp]
   170 declare successor_ordinal_abs [simp]
   171 declare finite_ordinal_abs [simp]
   172 declare omega_abs [simp]
   173 declare number1_abs [simp]
   174 declare number2_abs [simp]
   175 declare number3_abs [simp]
   176 
   177 
   178 subsection{*Instantiation of the locale @{text reflection}*}
   179 
   180 text{*instances of locale constants*}
   181 constdefs
   182   L_F0 :: "[i=>o,i] => i"
   183     "L_F0(P,y) == \<mu>b. (\<exists>z. L(z) \<and> P(<y,z>)) --> (\<exists>z\<in>Lset(b). P(<y,z>))"
   184 
   185   L_FF :: "[i=>o,i] => i"
   186     "L_FF(P)   == \<lambda>a. \<Union>y\<in>Lset(a). L_F0(P,y)"
   187 
   188   L_ClEx :: "[i=>o,i] => o"
   189     "L_ClEx(P) == \<lambda>a. Limit(a) \<and> normalize(L_FF(P),a) = a"
   190 
   191 
   192 text{*We must use the meta-existential quantifier; otherwise the reflection
   193       terms become enormous!*}
   194 constdefs
   195   L_Reflects :: "[i=>o,[i,i]=>o] => prop"      ("(3REFLECTS/ [_,/ _])")
   196     "REFLECTS[P,Q] == (??Cl. Closed_Unbounded(Cl) &
   197                            (\<forall>a. Cl(a) --> (\<forall>x \<in> Lset(a). P(x) <-> Q(a,x))))"
   198 
   199 
   200 theorem Triv_reflection:
   201      "REFLECTS[P, \<lambda>a x. P(x)]"
   202 apply (simp add: L_Reflects_def)
   203 apply (rule meta_exI)
   204 apply (rule Closed_Unbounded_Ord)
   205 done
   206 
   207 theorem Not_reflection:
   208      "REFLECTS[P,Q] ==> REFLECTS[\<lambda>x. ~P(x), \<lambda>a x. ~Q(a,x)]"
   209 apply (unfold L_Reflects_def)
   210 apply (erule meta_exE)
   211 apply (rule_tac x=Cl in meta_exI, simp)
   212 done
   213 
   214 theorem And_reflection:
   215      "[| REFLECTS[P,Q]; REFLECTS[P',Q'] |]
   216       ==> REFLECTS[\<lambda>x. P(x) \<and> P'(x), \<lambda>a x. Q(a,x) \<and> Q'(a,x)]"
   217 apply (unfold L_Reflects_def)
   218 apply (elim meta_exE)
   219 apply (rule_tac x="\<lambda>a. Cl(a) \<and> Cla(a)" in meta_exI)
   220 apply (simp add: Closed_Unbounded_Int, blast)
   221 done
   222 
   223 theorem Or_reflection:
   224      "[| REFLECTS[P,Q]; REFLECTS[P',Q'] |]
   225       ==> REFLECTS[\<lambda>x. P(x) \<or> P'(x), \<lambda>a x. Q(a,x) \<or> Q'(a,x)]"
   226 apply (unfold L_Reflects_def)
   227 apply (elim meta_exE)
   228 apply (rule_tac x="\<lambda>a. Cl(a) \<and> Cla(a)" in meta_exI)
   229 apply (simp add: Closed_Unbounded_Int, blast)
   230 done
   231 
   232 theorem Imp_reflection:
   233      "[| REFLECTS[P,Q]; REFLECTS[P',Q'] |]
   234       ==> REFLECTS[\<lambda>x. P(x) --> P'(x), \<lambda>a x. Q(a,x) --> Q'(a,x)]"
   235 apply (unfold L_Reflects_def)
   236 apply (elim meta_exE)
   237 apply (rule_tac x="\<lambda>a. Cl(a) \<and> Cla(a)" in meta_exI)
   238 apply (simp add: Closed_Unbounded_Int, blast)
   239 done
   240 
   241 theorem Iff_reflection:
   242      "[| REFLECTS[P,Q]; REFLECTS[P',Q'] |]
   243       ==> REFLECTS[\<lambda>x. P(x) <-> P'(x), \<lambda>a x. Q(a,x) <-> Q'(a,x)]"
   244 apply (unfold L_Reflects_def)
   245 apply (elim meta_exE)
   246 apply (rule_tac x="\<lambda>a. Cl(a) \<and> Cla(a)" in meta_exI)
   247 apply (simp add: Closed_Unbounded_Int, blast)
   248 done
   249 
   250 
   251 lemma reflection_Lset: "reflection(Lset)"
   252 apply (blast intro: reflection.intro Lset_mono_le Lset_cont Pair_in_Lset) +
   253 done
   254 
   255 theorem Ex_reflection:
   256      "REFLECTS[\<lambda>x. P(fst(x),snd(x)), \<lambda>a x. Q(a,fst(x),snd(x))]
   257       ==> REFLECTS[\<lambda>x. \<exists>z. L(z) \<and> P(x,z), \<lambda>a x. \<exists>z\<in>Lset(a). Q(a,x,z)]"
   258 apply (unfold L_Reflects_def L_ClEx_def L_FF_def L_F0_def L_def)
   259 apply (elim meta_exE)
   260 apply (rule meta_exI)
   261 apply (erule reflection.Ex_reflection [OF reflection_Lset])
   262 done
   263 
   264 theorem All_reflection:
   265      "REFLECTS[\<lambda>x. P(fst(x),snd(x)), \<lambda>a x. Q(a,fst(x),snd(x))]
   266       ==> REFLECTS[\<lambda>x. \<forall>z. L(z) --> P(x,z), \<lambda>a x. \<forall>z\<in>Lset(a). Q(a,x,z)]"
   267 apply (unfold L_Reflects_def L_ClEx_def L_FF_def L_F0_def L_def)
   268 apply (elim meta_exE)
   269 apply (rule meta_exI)
   270 apply (erule reflection.All_reflection [OF reflection_Lset])
   271 done
   272 
   273 theorem Rex_reflection:
   274      "REFLECTS[ \<lambda>x. P(fst(x),snd(x)), \<lambda>a x. Q(a,fst(x),snd(x))]
   275       ==> REFLECTS[\<lambda>x. \<exists>z[L]. P(x,z), \<lambda>a x. \<exists>z\<in>Lset(a). Q(a,x,z)]"
   276 apply (unfold rex_def)
   277 apply (intro And_reflection Ex_reflection, assumption)
   278 done
   279 
   280 theorem Rall_reflection:
   281      "REFLECTS[\<lambda>x. P(fst(x),snd(x)), \<lambda>a x. Q(a,fst(x),snd(x))]
   282       ==> REFLECTS[\<lambda>x. \<forall>z[L]. P(x,z), \<lambda>a x. \<forall>z\<in>Lset(a). Q(a,x,z)]"
   283 apply (unfold rall_def)
   284 apply (intro Imp_reflection All_reflection, assumption)
   285 done
   286 
   287 text{*This version handles an alternative form of the bounded quantifier
   288       in the second argument of @{text REFLECTS}.*}
   289 theorem Rex_reflection':
   290      "REFLECTS[ \<lambda>x. P(fst(x),snd(x)), \<lambda>a x. Q(a,fst(x),snd(x))]
   291       ==> REFLECTS[\<lambda>x. \<exists>z[L]. P(x,z), \<lambda>a x. \<exists>z[**Lset(a)]. Q(a,x,z)]"
   292 apply (unfold setclass_def rex_def)
   293 apply (erule Rex_reflection [unfolded rex_def Bex_def]) 
   294 done
   295 
   296 text{*As above.*}
   297 theorem Rall_reflection':
   298      "REFLECTS[\<lambda>x. P(fst(x),snd(x)), \<lambda>a x. Q(a,fst(x),snd(x))]
   299       ==> REFLECTS[\<lambda>x. \<forall>z[L]. P(x,z), \<lambda>a x. \<forall>z[**Lset(a)]. Q(a,x,z)]"
   300 apply (unfold setclass_def rall_def)
   301 apply (erule Rall_reflection [unfolded rall_def Ball_def]) 
   302 done
   303 
   304 lemmas FOL_reflections =
   305         Triv_reflection Not_reflection And_reflection Or_reflection
   306         Imp_reflection Iff_reflection Ex_reflection All_reflection
   307         Rex_reflection Rall_reflection Rex_reflection' Rall_reflection'
   308 
   309 lemma ReflectsD:
   310      "[|REFLECTS[P,Q]; Ord(i)|]
   311       ==> \<exists>j. i<j & (\<forall>x \<in> Lset(j). P(x) <-> Q(j,x))"
   312 apply (unfold L_Reflects_def Closed_Unbounded_def)
   313 apply (elim meta_exE, clarify)
   314 apply (blast dest!: UnboundedD)
   315 done
   316 
   317 lemma ReflectsE:
   318      "[| REFLECTS[P,Q]; Ord(i);
   319          !!j. [|i<j;  \<forall>x \<in> Lset(j). P(x) <-> Q(j,x)|] ==> R |]
   320       ==> R"
   321 apply (drule ReflectsD, assumption, blast)
   322 done
   323 
   324 lemma Collect_mem_eq: "{x\<in>A. x\<in>B} = A \<inter> B"
   325 by blast
   326 
   327 
   328 subsection{*Internalized Formulas for some Set-Theoretic Concepts*}
   329 
   330 lemmas setclass_simps = rall_setclass_is_ball rex_setclass_is_bex
   331 
   332 subsubsection{*Some numbers to help write de Bruijn indices*}
   333 
   334 syntax
   335     "3" :: i   ("3")
   336     "4" :: i   ("4")
   337     "5" :: i   ("5")
   338     "6" :: i   ("6")
   339     "7" :: i   ("7")
   340     "8" :: i   ("8")
   341     "9" :: i   ("9")
   342 
   343 translations
   344    "3"  == "succ(2)"
   345    "4"  == "succ(3)"
   346    "5"  == "succ(4)"
   347    "6"  == "succ(5)"
   348    "7"  == "succ(6)"
   349    "8"  == "succ(7)"
   350    "9"  == "succ(8)"
   351 
   352 
   353 subsubsection{*The Empty Set, Internalized*}
   354 
   355 constdefs empty_fm :: "i=>i"
   356     "empty_fm(x) == Forall(Neg(Member(0,succ(x))))"
   357 
   358 lemma empty_type [TC]:
   359      "x \<in> nat ==> empty_fm(x) \<in> formula"
   360 by (simp add: empty_fm_def)
   361 
   362 lemma arity_empty_fm [simp]:
   363      "x \<in> nat ==> arity(empty_fm(x)) = succ(x)"
   364 by (simp add: empty_fm_def succ_Un_distrib [symmetric] Un_ac)
   365 
   366 lemma sats_empty_fm [simp]:
   367    "[| x \<in> nat; env \<in> list(A)|]
   368     ==> sats(A, empty_fm(x), env) <-> empty(**A, nth(x,env))"
   369 by (simp add: empty_fm_def empty_def)
   370 
   371 lemma empty_iff_sats:
   372       "[| nth(i,env) = x; nth(j,env) = y;
   373           i \<in> nat; env \<in> list(A)|]
   374        ==> empty(**A, x) <-> sats(A, empty_fm(i), env)"
   375 by simp
   376 
   377 theorem empty_reflection:
   378      "REFLECTS[\<lambda>x. empty(L,f(x)),
   379                \<lambda>i x. empty(**Lset(i),f(x))]"
   380 apply (simp only: empty_def setclass_simps)
   381 apply (intro FOL_reflections)
   382 done
   383 
   384 text{*Not used.  But maybe useful?*}
   385 lemma Transset_sats_empty_fm_eq_0:
   386    "[| n \<in> nat; env \<in> list(A); Transset(A)|]
   387     ==> sats(A, empty_fm(n), env) <-> nth(n,env) = 0"
   388 apply (simp add: empty_fm_def empty_def Transset_def, auto)
   389 apply (case_tac "n < length(env)")
   390 apply (frule nth_type, assumption+, blast)
   391 apply (simp_all add: not_lt_iff_le nth_eq_0)
   392 done
   393 
   394 
   395 subsubsection{*Unordered Pairs, Internalized*}
   396 
   397 constdefs upair_fm :: "[i,i,i]=>i"
   398     "upair_fm(x,y,z) ==
   399        And(Member(x,z),
   400            And(Member(y,z),
   401                Forall(Implies(Member(0,succ(z)),
   402                               Or(Equal(0,succ(x)), Equal(0,succ(y)))))))"
   403 
   404 lemma upair_type [TC]:
   405      "[| x \<in> nat; y \<in> nat; z \<in> nat |] ==> upair_fm(x,y,z) \<in> formula"
   406 by (simp add: upair_fm_def)
   407 
   408 lemma arity_upair_fm [simp]:
   409      "[| x \<in> nat; y \<in> nat; z \<in> nat |]
   410       ==> arity(upair_fm(x,y,z)) = succ(x) \<union> succ(y) \<union> succ(z)"
   411 by (simp add: upair_fm_def succ_Un_distrib [symmetric] Un_ac)
   412 
   413 lemma sats_upair_fm [simp]:
   414    "[| x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
   415     ==> sats(A, upair_fm(x,y,z), env) <->
   416             upair(**A, nth(x,env), nth(y,env), nth(z,env))"
   417 by (simp add: upair_fm_def upair_def)
   418 
   419 lemma upair_iff_sats:
   420       "[| nth(i,env) = x; nth(j,env) = y; nth(k,env) = z;
   421           i \<in> nat; j \<in> nat; k \<in> nat; env \<in> list(A)|]
   422        ==> upair(**A, x, y, z) <-> sats(A, upair_fm(i,j,k), env)"
   423 by (simp add: sats_upair_fm)
   424 
   425 text{*Useful? At least it refers to "real" unordered pairs*}
   426 lemma sats_upair_fm2 [simp]:
   427    "[| x \<in> nat; y \<in> nat; z < length(env); env \<in> list(A); Transset(A)|]
   428     ==> sats(A, upair_fm(x,y,z), env) <->
   429         nth(z,env) = {nth(x,env), nth(y,env)}"
   430 apply (frule lt_length_in_nat, assumption)
   431 apply (simp add: upair_fm_def Transset_def, auto)
   432 apply (blast intro: nth_type)
   433 done
   434 
   435 theorem upair_reflection:
   436      "REFLECTS[\<lambda>x. upair(L,f(x),g(x),h(x)),
   437                \<lambda>i x. upair(**Lset(i),f(x),g(x),h(x))]"
   438 apply (simp add: upair_def)
   439 apply (intro FOL_reflections)
   440 done
   441 
   442 subsubsection{*Ordered pairs, Internalized*}
   443 
   444 constdefs pair_fm :: "[i,i,i]=>i"
   445     "pair_fm(x,y,z) ==
   446        Exists(And(upair_fm(succ(x),succ(x),0),
   447               Exists(And(upair_fm(succ(succ(x)),succ(succ(y)),0),
   448                          upair_fm(1,0,succ(succ(z)))))))"
   449 
   450 lemma pair_type [TC]:
   451      "[| x \<in> nat; y \<in> nat; z \<in> nat |] ==> pair_fm(x,y,z) \<in> formula"
   452 by (simp add: pair_fm_def)
   453 
   454 lemma arity_pair_fm [simp]:
   455      "[| x \<in> nat; y \<in> nat; z \<in> nat |]
   456       ==> arity(pair_fm(x,y,z)) = succ(x) \<union> succ(y) \<union> succ(z)"
   457 by (simp add: pair_fm_def succ_Un_distrib [symmetric] Un_ac)
   458 
   459 lemma sats_pair_fm [simp]:
   460    "[| x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
   461     ==> sats(A, pair_fm(x,y,z), env) <->
   462         pair(**A, nth(x,env), nth(y,env), nth(z,env))"
   463 by (simp add: pair_fm_def pair_def)
   464 
   465 lemma pair_iff_sats:
   466       "[| nth(i,env) = x; nth(j,env) = y; nth(k,env) = z;
   467           i \<in> nat; j \<in> nat; k \<in> nat; env \<in> list(A)|]
   468        ==> pair(**A, x, y, z) <-> sats(A, pair_fm(i,j,k), env)"
   469 by (simp add: sats_pair_fm)
   470 
   471 theorem pair_reflection:
   472      "REFLECTS[\<lambda>x. pair(L,f(x),g(x),h(x)),
   473                \<lambda>i x. pair(**Lset(i),f(x),g(x),h(x))]"
   474 apply (simp only: pair_def setclass_simps)
   475 apply (intro FOL_reflections upair_reflection)
   476 done
   477 
   478 
   479 subsubsection{*Binary Unions, Internalized*}
   480 
   481 constdefs union_fm :: "[i,i,i]=>i"
   482     "union_fm(x,y,z) ==
   483        Forall(Iff(Member(0,succ(z)),
   484                   Or(Member(0,succ(x)),Member(0,succ(y)))))"
   485 
   486 lemma union_type [TC]:
   487      "[| x \<in> nat; y \<in> nat; z \<in> nat |] ==> union_fm(x,y,z) \<in> formula"
   488 by (simp add: union_fm_def)
   489 
   490 lemma arity_union_fm [simp]:
   491      "[| x \<in> nat; y \<in> nat; z \<in> nat |]
   492       ==> arity(union_fm(x,y,z)) = succ(x) \<union> succ(y) \<union> succ(z)"
   493 by (simp add: union_fm_def succ_Un_distrib [symmetric] Un_ac)
   494 
   495 lemma sats_union_fm [simp]:
   496    "[| x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
   497     ==> sats(A, union_fm(x,y,z), env) <->
   498         union(**A, nth(x,env), nth(y,env), nth(z,env))"
   499 by (simp add: union_fm_def union_def)
   500 
   501 lemma union_iff_sats:
   502       "[| nth(i,env) = x; nth(j,env) = y; nth(k,env) = z;
   503           i \<in> nat; j \<in> nat; k \<in> nat; env \<in> list(A)|]
   504        ==> union(**A, x, y, z) <-> sats(A, union_fm(i,j,k), env)"
   505 by (simp add: sats_union_fm)
   506 
   507 theorem union_reflection:
   508      "REFLECTS[\<lambda>x. union(L,f(x),g(x),h(x)),
   509                \<lambda>i x. union(**Lset(i),f(x),g(x),h(x))]"
   510 apply (simp only: union_def setclass_simps)
   511 apply (intro FOL_reflections)
   512 done
   513 
   514 
   515 subsubsection{*Set ``Cons,'' Internalized*}
   516 
   517 constdefs cons_fm :: "[i,i,i]=>i"
   518     "cons_fm(x,y,z) ==
   519        Exists(And(upair_fm(succ(x),succ(x),0),
   520                   union_fm(0,succ(y),succ(z))))"
   521 
   522 
   523 lemma cons_type [TC]:
   524      "[| x \<in> nat; y \<in> nat; z \<in> nat |] ==> cons_fm(x,y,z) \<in> formula"
   525 by (simp add: cons_fm_def)
   526 
   527 lemma arity_cons_fm [simp]:
   528      "[| x \<in> nat; y \<in> nat; z \<in> nat |]
   529       ==> arity(cons_fm(x,y,z)) = succ(x) \<union> succ(y) \<union> succ(z)"
   530 by (simp add: cons_fm_def succ_Un_distrib [symmetric] Un_ac)
   531 
   532 lemma sats_cons_fm [simp]:
   533    "[| x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
   534     ==> sats(A, cons_fm(x,y,z), env) <->
   535         is_cons(**A, nth(x,env), nth(y,env), nth(z,env))"
   536 by (simp add: cons_fm_def is_cons_def)
   537 
   538 lemma cons_iff_sats:
   539       "[| nth(i,env) = x; nth(j,env) = y; nth(k,env) = z;
   540           i \<in> nat; j \<in> nat; k \<in> nat; env \<in> list(A)|]
   541        ==> is_cons(**A, x, y, z) <-> sats(A, cons_fm(i,j,k), env)"
   542 by simp
   543 
   544 theorem cons_reflection:
   545      "REFLECTS[\<lambda>x. is_cons(L,f(x),g(x),h(x)),
   546                \<lambda>i x. is_cons(**Lset(i),f(x),g(x),h(x))]"
   547 apply (simp only: is_cons_def setclass_simps)
   548 apply (intro FOL_reflections upair_reflection union_reflection)
   549 done
   550 
   551 
   552 subsubsection{*Successor Function, Internalized*}
   553 
   554 constdefs succ_fm :: "[i,i]=>i"
   555     "succ_fm(x,y) == cons_fm(x,x,y)"
   556 
   557 lemma succ_type [TC]:
   558      "[| x \<in> nat; y \<in> nat |] ==> succ_fm(x,y) \<in> formula"
   559 by (simp add: succ_fm_def)
   560 
   561 lemma arity_succ_fm [simp]:
   562      "[| x \<in> nat; y \<in> nat |]
   563       ==> arity(succ_fm(x,y)) = succ(x) \<union> succ(y)"
   564 by (simp add: succ_fm_def)
   565 
   566 lemma sats_succ_fm [simp]:
   567    "[| x \<in> nat; y \<in> nat; env \<in> list(A)|]
   568     ==> sats(A, succ_fm(x,y), env) <->
   569         successor(**A, nth(x,env), nth(y,env))"
   570 by (simp add: succ_fm_def successor_def)
   571 
   572 lemma successor_iff_sats:
   573       "[| nth(i,env) = x; nth(j,env) = y;
   574           i \<in> nat; j \<in> nat; env \<in> list(A)|]
   575        ==> successor(**A, x, y) <-> sats(A, succ_fm(i,j), env)"
   576 by simp
   577 
   578 theorem successor_reflection:
   579      "REFLECTS[\<lambda>x. successor(L,f(x),g(x)),
   580                \<lambda>i x. successor(**Lset(i),f(x),g(x))]"
   581 apply (simp only: successor_def setclass_simps)
   582 apply (intro cons_reflection)
   583 done
   584 
   585 
   586 subsubsection{*The Number 1, Internalized*}
   587 
   588 (* "number1(M,a) == (\<exists>x[M]. empty(M,x) & successor(M,x,a))" *)
   589 constdefs number1_fm :: "i=>i"
   590     "number1_fm(a) == Exists(And(empty_fm(0), succ_fm(0,succ(a))))"
   591 
   592 lemma number1_type [TC]:
   593      "x \<in> nat ==> number1_fm(x) \<in> formula"
   594 by (simp add: number1_fm_def)
   595 
   596 lemma arity_number1_fm [simp]:
   597      "x \<in> nat ==> arity(number1_fm(x)) = succ(x)"
   598 by (simp add: number1_fm_def succ_Un_distrib [symmetric] Un_ac)
   599 
   600 lemma sats_number1_fm [simp]:
   601    "[| x \<in> nat; env \<in> list(A)|]
   602     ==> sats(A, number1_fm(x), env) <-> number1(**A, nth(x,env))"
   603 by (simp add: number1_fm_def number1_def)
   604 
   605 lemma number1_iff_sats:
   606       "[| nth(i,env) = x; nth(j,env) = y;
   607           i \<in> nat; env \<in> list(A)|]
   608        ==> number1(**A, x) <-> sats(A, number1_fm(i), env)"
   609 by simp
   610 
   611 theorem number1_reflection:
   612      "REFLECTS[\<lambda>x. number1(L,f(x)),
   613                \<lambda>i x. number1(**Lset(i),f(x))]"
   614 apply (simp only: number1_def setclass_simps)
   615 apply (intro FOL_reflections empty_reflection successor_reflection)
   616 done
   617 
   618 
   619 subsubsection{*Big Union, Internalized*}
   620 
   621 (*  "big_union(M,A,z) == \<forall>x[M]. x \<in> z <-> (\<exists>y[M]. y\<in>A & x \<in> y)" *)
   622 constdefs big_union_fm :: "[i,i]=>i"
   623     "big_union_fm(A,z) ==
   624        Forall(Iff(Member(0,succ(z)),
   625                   Exists(And(Member(0,succ(succ(A))), Member(1,0)))))"
   626 
   627 lemma big_union_type [TC]:
   628      "[| x \<in> nat; y \<in> nat |] ==> big_union_fm(x,y) \<in> formula"
   629 by (simp add: big_union_fm_def)
   630 
   631 lemma arity_big_union_fm [simp]:
   632      "[| x \<in> nat; y \<in> nat |]
   633       ==> arity(big_union_fm(x,y)) = succ(x) \<union> succ(y)"
   634 by (simp add: big_union_fm_def succ_Un_distrib [symmetric] Un_ac)
   635 
   636 lemma sats_big_union_fm [simp]:
   637    "[| x \<in> nat; y \<in> nat; env \<in> list(A)|]
   638     ==> sats(A, big_union_fm(x,y), env) <->
   639         big_union(**A, nth(x,env), nth(y,env))"
   640 by (simp add: big_union_fm_def big_union_def)
   641 
   642 lemma big_union_iff_sats:
   643       "[| nth(i,env) = x; nth(j,env) = y;
   644           i \<in> nat; j \<in> nat; env \<in> list(A)|]
   645        ==> big_union(**A, x, y) <-> sats(A, big_union_fm(i,j), env)"
   646 by simp
   647 
   648 theorem big_union_reflection:
   649      "REFLECTS[\<lambda>x. big_union(L,f(x),g(x)),
   650                \<lambda>i x. big_union(**Lset(i),f(x),g(x))]"
   651 apply (simp only: big_union_def setclass_simps)
   652 apply (intro FOL_reflections)
   653 done
   654 
   655 
   656 subsubsection{*Variants of Satisfaction Definitions for Ordinals, etc.*}
   657 
   658 text{*Differs from the one in Formula by using "ordinal" rather than "Ord"*}
   659 
   660 
   661 lemma sats_subset_fm':
   662    "[|x \<in> nat; y \<in> nat; env \<in> list(A)|]
   663     ==> sats(A, subset_fm(x,y), env) <-> subset(**A, nth(x,env), nth(y,env))"
   664 by (simp add: subset_fm_def Relative.subset_def)
   665 
   666 theorem subset_reflection:
   667      "REFLECTS[\<lambda>x. subset(L,f(x),g(x)),
   668                \<lambda>i x. subset(**Lset(i),f(x),g(x))]"
   669 apply (simp only: Relative.subset_def setclass_simps)
   670 apply (intro FOL_reflections)
   671 done
   672 
   673 lemma sats_transset_fm':
   674    "[|x \<in> nat; env \<in> list(A)|]
   675     ==> sats(A, transset_fm(x), env) <-> transitive_set(**A, nth(x,env))"
   676 by (simp add: sats_subset_fm' transset_fm_def transitive_set_def)
   677 
   678 theorem transitive_set_reflection:
   679      "REFLECTS[\<lambda>x. transitive_set(L,f(x)),
   680                \<lambda>i x. transitive_set(**Lset(i),f(x))]"
   681 apply (simp only: transitive_set_def setclass_simps)
   682 apply (intro FOL_reflections subset_reflection)
   683 done
   684 
   685 lemma sats_ordinal_fm':
   686    "[|x \<in> nat; env \<in> list(A)|]
   687     ==> sats(A, ordinal_fm(x), env) <-> ordinal(**A,nth(x,env))"
   688 by (simp add: sats_transset_fm' ordinal_fm_def ordinal_def)
   689 
   690 lemma ordinal_iff_sats:
   691       "[| nth(i,env) = x;  i \<in> nat; env \<in> list(A)|]
   692        ==> ordinal(**A, x) <-> sats(A, ordinal_fm(i), env)"
   693 by (simp add: sats_ordinal_fm')
   694 
   695 theorem ordinal_reflection:
   696      "REFLECTS[\<lambda>x. ordinal(L,f(x)), \<lambda>i x. ordinal(**Lset(i),f(x))]"
   697 apply (simp only: ordinal_def setclass_simps)
   698 apply (intro FOL_reflections transitive_set_reflection)
   699 done
   700 
   701 
   702 subsubsection{*Membership Relation, Internalized*}
   703 
   704 constdefs Memrel_fm :: "[i,i]=>i"
   705     "Memrel_fm(A,r) ==
   706        Forall(Iff(Member(0,succ(r)),
   707                   Exists(And(Member(0,succ(succ(A))),
   708                              Exists(And(Member(0,succ(succ(succ(A)))),
   709                                         And(Member(1,0),
   710                                             pair_fm(1,0,2))))))))"
   711 
   712 lemma Memrel_type [TC]:
   713      "[| x \<in> nat; y \<in> nat |] ==> Memrel_fm(x,y) \<in> formula"
   714 by (simp add: Memrel_fm_def)
   715 
   716 lemma arity_Memrel_fm [simp]:
   717      "[| x \<in> nat; y \<in> nat |]
   718       ==> arity(Memrel_fm(x,y)) = succ(x) \<union> succ(y)"
   719 by (simp add: Memrel_fm_def succ_Un_distrib [symmetric] Un_ac)
   720 
   721 lemma sats_Memrel_fm [simp]:
   722    "[| x \<in> nat; y \<in> nat; env \<in> list(A)|]
   723     ==> sats(A, Memrel_fm(x,y), env) <->
   724         membership(**A, nth(x,env), nth(y,env))"
   725 by (simp add: Memrel_fm_def membership_def)
   726 
   727 lemma Memrel_iff_sats:
   728       "[| nth(i,env) = x; nth(j,env) = y;
   729           i \<in> nat; j \<in> nat; env \<in> list(A)|]
   730        ==> membership(**A, x, y) <-> sats(A, Memrel_fm(i,j), env)"
   731 by simp
   732 
   733 theorem membership_reflection:
   734      "REFLECTS[\<lambda>x. membership(L,f(x),g(x)),
   735                \<lambda>i x. membership(**Lset(i),f(x),g(x))]"
   736 apply (simp only: membership_def setclass_simps)
   737 apply (intro FOL_reflections pair_reflection)
   738 done
   739 
   740 subsubsection{*Predecessor Set, Internalized*}
   741 
   742 constdefs pred_set_fm :: "[i,i,i,i]=>i"
   743     "pred_set_fm(A,x,r,B) ==
   744        Forall(Iff(Member(0,succ(B)),
   745                   Exists(And(Member(0,succ(succ(r))),
   746                              And(Member(1,succ(succ(A))),
   747                                  pair_fm(1,succ(succ(x)),0))))))"
   748 
   749 
   750 lemma pred_set_type [TC]:
   751      "[| A \<in> nat; x \<in> nat; r \<in> nat; B \<in> nat |]
   752       ==> pred_set_fm(A,x,r,B) \<in> formula"
   753 by (simp add: pred_set_fm_def)
   754 
   755 lemma arity_pred_set_fm [simp]:
   756    "[| A \<in> nat; x \<in> nat; r \<in> nat; B \<in> nat |]
   757     ==> arity(pred_set_fm(A,x,r,B)) = succ(A) \<union> succ(x) \<union> succ(r) \<union> succ(B)"
   758 by (simp add: pred_set_fm_def succ_Un_distrib [symmetric] Un_ac)
   759 
   760 lemma sats_pred_set_fm [simp]:
   761    "[| U \<in> nat; x \<in> nat; r \<in> nat; B \<in> nat; env \<in> list(A)|]
   762     ==> sats(A, pred_set_fm(U,x,r,B), env) <->
   763         pred_set(**A, nth(U,env), nth(x,env), nth(r,env), nth(B,env))"
   764 by (simp add: pred_set_fm_def pred_set_def)
   765 
   766 lemma pred_set_iff_sats:
   767       "[| nth(i,env) = U; nth(j,env) = x; nth(k,env) = r; nth(l,env) = B;
   768           i \<in> nat; j \<in> nat; k \<in> nat; l \<in> nat; env \<in> list(A)|]
   769        ==> pred_set(**A,U,x,r,B) <-> sats(A, pred_set_fm(i,j,k,l), env)"
   770 by (simp add: sats_pred_set_fm)
   771 
   772 theorem pred_set_reflection:
   773      "REFLECTS[\<lambda>x. pred_set(L,f(x),g(x),h(x),b(x)),
   774                \<lambda>i x. pred_set(**Lset(i),f(x),g(x),h(x),b(x))]"
   775 apply (simp only: pred_set_def setclass_simps)
   776 apply (intro FOL_reflections pair_reflection)
   777 done
   778 
   779 
   780 
   781 subsubsection{*Domain of a Relation, Internalized*}
   782 
   783 (* "is_domain(M,r,z) ==
   784         \<forall>x[M]. (x \<in> z <-> (\<exists>w[M]. w\<in>r & (\<exists>y[M]. pair(M,x,y,w))))" *)
   785 constdefs domain_fm :: "[i,i]=>i"
   786     "domain_fm(r,z) ==
   787        Forall(Iff(Member(0,succ(z)),
   788                   Exists(And(Member(0,succ(succ(r))),
   789                              Exists(pair_fm(2,0,1))))))"
   790 
   791 lemma domain_type [TC]:
   792      "[| x \<in> nat; y \<in> nat |] ==> domain_fm(x,y) \<in> formula"
   793 by (simp add: domain_fm_def)
   794 
   795 lemma arity_domain_fm [simp]:
   796      "[| x \<in> nat; y \<in> nat |]
   797       ==> arity(domain_fm(x,y)) = succ(x) \<union> succ(y)"
   798 by (simp add: domain_fm_def succ_Un_distrib [symmetric] Un_ac)
   799 
   800 lemma sats_domain_fm [simp]:
   801    "[| x \<in> nat; y \<in> nat; env \<in> list(A)|]
   802     ==> sats(A, domain_fm(x,y), env) <->
   803         is_domain(**A, nth(x,env), nth(y,env))"
   804 by (simp add: domain_fm_def is_domain_def)
   805 
   806 lemma domain_iff_sats:
   807       "[| nth(i,env) = x; nth(j,env) = y;
   808           i \<in> nat; j \<in> nat; env \<in> list(A)|]
   809        ==> is_domain(**A, x, y) <-> sats(A, domain_fm(i,j), env)"
   810 by simp
   811 
   812 theorem domain_reflection:
   813      "REFLECTS[\<lambda>x. is_domain(L,f(x),g(x)),
   814                \<lambda>i x. is_domain(**Lset(i),f(x),g(x))]"
   815 apply (simp only: is_domain_def setclass_simps)
   816 apply (intro FOL_reflections pair_reflection)
   817 done
   818 
   819 
   820 subsubsection{*Range of a Relation, Internalized*}
   821 
   822 (* "is_range(M,r,z) ==
   823         \<forall>y[M]. (y \<in> z <-> (\<exists>w[M]. w\<in>r & (\<exists>x[M]. pair(M,x,y,w))))" *)
   824 constdefs range_fm :: "[i,i]=>i"
   825     "range_fm(r,z) ==
   826        Forall(Iff(Member(0,succ(z)),
   827                   Exists(And(Member(0,succ(succ(r))),
   828                              Exists(pair_fm(0,2,1))))))"
   829 
   830 lemma range_type [TC]:
   831      "[| x \<in> nat; y \<in> nat |] ==> range_fm(x,y) \<in> formula"
   832 by (simp add: range_fm_def)
   833 
   834 lemma arity_range_fm [simp]:
   835      "[| x \<in> nat; y \<in> nat |]
   836       ==> arity(range_fm(x,y)) = succ(x) \<union> succ(y)"
   837 by (simp add: range_fm_def succ_Un_distrib [symmetric] Un_ac)
   838 
   839 lemma sats_range_fm [simp]:
   840    "[| x \<in> nat; y \<in> nat; env \<in> list(A)|]
   841     ==> sats(A, range_fm(x,y), env) <->
   842         is_range(**A, nth(x,env), nth(y,env))"
   843 by (simp add: range_fm_def is_range_def)
   844 
   845 lemma range_iff_sats:
   846       "[| nth(i,env) = x; nth(j,env) = y;
   847           i \<in> nat; j \<in> nat; env \<in> list(A)|]
   848        ==> is_range(**A, x, y) <-> sats(A, range_fm(i,j), env)"
   849 by simp
   850 
   851 theorem range_reflection:
   852      "REFLECTS[\<lambda>x. is_range(L,f(x),g(x)),
   853                \<lambda>i x. is_range(**Lset(i),f(x),g(x))]"
   854 apply (simp only: is_range_def setclass_simps)
   855 apply (intro FOL_reflections pair_reflection)
   856 done
   857 
   858 
   859 subsubsection{*Field of a Relation, Internalized*}
   860 
   861 (* "is_field(M,r,z) ==
   862         \<exists>dr[M]. is_domain(M,r,dr) &
   863             (\<exists>rr[M]. is_range(M,r,rr) & union(M,dr,rr,z))" *)
   864 constdefs field_fm :: "[i,i]=>i"
   865     "field_fm(r,z) ==
   866        Exists(And(domain_fm(succ(r),0),
   867               Exists(And(range_fm(succ(succ(r)),0),
   868                          union_fm(1,0,succ(succ(z)))))))"
   869 
   870 lemma field_type [TC]:
   871      "[| x \<in> nat; y \<in> nat |] ==> field_fm(x,y) \<in> formula"
   872 by (simp add: field_fm_def)
   873 
   874 lemma arity_field_fm [simp]:
   875      "[| x \<in> nat; y \<in> nat |]
   876       ==> arity(field_fm(x,y)) = succ(x) \<union> succ(y)"
   877 by (simp add: field_fm_def succ_Un_distrib [symmetric] Un_ac)
   878 
   879 lemma sats_field_fm [simp]:
   880    "[| x \<in> nat; y \<in> nat; env \<in> list(A)|]
   881     ==> sats(A, field_fm(x,y), env) <->
   882         is_field(**A, nth(x,env), nth(y,env))"
   883 by (simp add: field_fm_def is_field_def)
   884 
   885 lemma field_iff_sats:
   886       "[| nth(i,env) = x; nth(j,env) = y;
   887           i \<in> nat; j \<in> nat; env \<in> list(A)|]
   888        ==> is_field(**A, x, y) <-> sats(A, field_fm(i,j), env)"
   889 by simp
   890 
   891 theorem field_reflection:
   892      "REFLECTS[\<lambda>x. is_field(L,f(x),g(x)),
   893                \<lambda>i x. is_field(**Lset(i),f(x),g(x))]"
   894 apply (simp only: is_field_def setclass_simps)
   895 apply (intro FOL_reflections domain_reflection range_reflection
   896              union_reflection)
   897 done
   898 
   899 
   900 subsubsection{*Image under a Relation, Internalized*}
   901 
   902 (* "image(M,r,A,z) ==
   903         \<forall>y[M]. (y \<in> z <-> (\<exists>w[M]. w\<in>r & (\<exists>x[M]. x\<in>A & pair(M,x,y,w))))" *)
   904 constdefs image_fm :: "[i,i,i]=>i"
   905     "image_fm(r,A,z) ==
   906        Forall(Iff(Member(0,succ(z)),
   907                   Exists(And(Member(0,succ(succ(r))),
   908                              Exists(And(Member(0,succ(succ(succ(A)))),
   909                                         pair_fm(0,2,1)))))))"
   910 
   911 lemma image_type [TC]:
   912      "[| x \<in> nat; y \<in> nat; z \<in> nat |] ==> image_fm(x,y,z) \<in> formula"
   913 by (simp add: image_fm_def)
   914 
   915 lemma arity_image_fm [simp]:
   916      "[| x \<in> nat; y \<in> nat; z \<in> nat |]
   917       ==> arity(image_fm(x,y,z)) = succ(x) \<union> succ(y) \<union> succ(z)"
   918 by (simp add: image_fm_def succ_Un_distrib [symmetric] Un_ac)
   919 
   920 lemma sats_image_fm [simp]:
   921    "[| x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
   922     ==> sats(A, image_fm(x,y,z), env) <->
   923         image(**A, nth(x,env), nth(y,env), nth(z,env))"
   924 by (simp add: image_fm_def Relative.image_def)
   925 
   926 lemma image_iff_sats:
   927       "[| nth(i,env) = x; nth(j,env) = y; nth(k,env) = z;
   928           i \<in> nat; j \<in> nat; k \<in> nat; env \<in> list(A)|]
   929        ==> image(**A, x, y, z) <-> sats(A, image_fm(i,j,k), env)"
   930 by (simp add: sats_image_fm)
   931 
   932 theorem image_reflection:
   933      "REFLECTS[\<lambda>x. image(L,f(x),g(x),h(x)),
   934                \<lambda>i x. image(**Lset(i),f(x),g(x),h(x))]"
   935 apply (simp only: Relative.image_def setclass_simps)
   936 apply (intro FOL_reflections pair_reflection)
   937 done
   938 
   939 
   940 subsubsection{*Pre-Image under a Relation, Internalized*}
   941 
   942 (* "pre_image(M,r,A,z) ==
   943         \<forall>x[M]. x \<in> z <-> (\<exists>w[M]. w\<in>r & (\<exists>y[M]. y\<in>A & pair(M,x,y,w)))" *)
   944 constdefs pre_image_fm :: "[i,i,i]=>i"
   945     "pre_image_fm(r,A,z) ==
   946        Forall(Iff(Member(0,succ(z)),
   947                   Exists(And(Member(0,succ(succ(r))),
   948                              Exists(And(Member(0,succ(succ(succ(A)))),
   949                                         pair_fm(2,0,1)))))))"
   950 
   951 lemma pre_image_type [TC]:
   952      "[| x \<in> nat; y \<in> nat; z \<in> nat |] ==> pre_image_fm(x,y,z) \<in> formula"
   953 by (simp add: pre_image_fm_def)
   954 
   955 lemma arity_pre_image_fm [simp]:
   956      "[| x \<in> nat; y \<in> nat; z \<in> nat |]
   957       ==> arity(pre_image_fm(x,y,z)) = succ(x) \<union> succ(y) \<union> succ(z)"
   958 by (simp add: pre_image_fm_def succ_Un_distrib [symmetric] Un_ac)
   959 
   960 lemma sats_pre_image_fm [simp]:
   961    "[| x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
   962     ==> sats(A, pre_image_fm(x,y,z), env) <->
   963         pre_image(**A, nth(x,env), nth(y,env), nth(z,env))"
   964 by (simp add: pre_image_fm_def Relative.pre_image_def)
   965 
   966 lemma pre_image_iff_sats:
   967       "[| nth(i,env) = x; nth(j,env) = y; nth(k,env) = z;
   968           i \<in> nat; j \<in> nat; k \<in> nat; env \<in> list(A)|]
   969        ==> pre_image(**A, x, y, z) <-> sats(A, pre_image_fm(i,j,k), env)"
   970 by (simp add: sats_pre_image_fm)
   971 
   972 theorem pre_image_reflection:
   973      "REFLECTS[\<lambda>x. pre_image(L,f(x),g(x),h(x)),
   974                \<lambda>i x. pre_image(**Lset(i),f(x),g(x),h(x))]"
   975 apply (simp only: Relative.pre_image_def setclass_simps)
   976 apply (intro FOL_reflections pair_reflection)
   977 done
   978 
   979 
   980 subsubsection{*Function Application, Internalized*}
   981 
   982 (* "fun_apply(M,f,x,y) ==
   983         (\<exists>xs[M]. \<exists>fxs[M].
   984          upair(M,x,x,xs) & image(M,f,xs,fxs) & big_union(M,fxs,y))" *)
   985 constdefs fun_apply_fm :: "[i,i,i]=>i"
   986     "fun_apply_fm(f,x,y) ==
   987        Exists(Exists(And(upair_fm(succ(succ(x)), succ(succ(x)), 1),
   988                          And(image_fm(succ(succ(f)), 1, 0),
   989                              big_union_fm(0,succ(succ(y)))))))"
   990 
   991 lemma fun_apply_type [TC]:
   992      "[| x \<in> nat; y \<in> nat; z \<in> nat |] ==> fun_apply_fm(x,y,z) \<in> formula"
   993 by (simp add: fun_apply_fm_def)
   994 
   995 lemma arity_fun_apply_fm [simp]:
   996      "[| x \<in> nat; y \<in> nat; z \<in> nat |]
   997       ==> arity(fun_apply_fm(x,y,z)) = succ(x) \<union> succ(y) \<union> succ(z)"
   998 by (simp add: fun_apply_fm_def succ_Un_distrib [symmetric] Un_ac)
   999 
  1000 lemma sats_fun_apply_fm [simp]:
  1001    "[| x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
  1002     ==> sats(A, fun_apply_fm(x,y,z), env) <->
  1003         fun_apply(**A, nth(x,env), nth(y,env), nth(z,env))"
  1004 by (simp add: fun_apply_fm_def fun_apply_def)
  1005 
  1006 lemma fun_apply_iff_sats:
  1007       "[| nth(i,env) = x; nth(j,env) = y; nth(k,env) = z;
  1008           i \<in> nat; j \<in> nat; k \<in> nat; env \<in> list(A)|]
  1009        ==> fun_apply(**A, x, y, z) <-> sats(A, fun_apply_fm(i,j,k), env)"
  1010 by simp
  1011 
  1012 theorem fun_apply_reflection:
  1013      "REFLECTS[\<lambda>x. fun_apply(L,f(x),g(x),h(x)),
  1014                \<lambda>i x. fun_apply(**Lset(i),f(x),g(x),h(x))]"
  1015 apply (simp only: fun_apply_def setclass_simps)
  1016 apply (intro FOL_reflections upair_reflection image_reflection
  1017              big_union_reflection)
  1018 done
  1019 
  1020 
  1021 subsubsection{*The Concept of Relation, Internalized*}
  1022 
  1023 (* "is_relation(M,r) ==
  1024         (\<forall>z[M]. z\<in>r --> (\<exists>x[M]. \<exists>y[M]. pair(M,x,y,z)))" *)
  1025 constdefs relation_fm :: "i=>i"
  1026     "relation_fm(r) ==
  1027        Forall(Implies(Member(0,succ(r)), Exists(Exists(pair_fm(1,0,2)))))"
  1028 
  1029 lemma relation_type [TC]:
  1030      "[| x \<in> nat |] ==> relation_fm(x) \<in> formula"
  1031 by (simp add: relation_fm_def)
  1032 
  1033 lemma arity_relation_fm [simp]:
  1034      "x \<in> nat ==> arity(relation_fm(x)) = succ(x)"
  1035 by (simp add: relation_fm_def succ_Un_distrib [symmetric] Un_ac)
  1036 
  1037 lemma sats_relation_fm [simp]:
  1038    "[| x \<in> nat; env \<in> list(A)|]
  1039     ==> sats(A, relation_fm(x), env) <-> is_relation(**A, nth(x,env))"
  1040 by (simp add: relation_fm_def is_relation_def)
  1041 
  1042 lemma relation_iff_sats:
  1043       "[| nth(i,env) = x; nth(j,env) = y;
  1044           i \<in> nat; env \<in> list(A)|]
  1045        ==> is_relation(**A, x) <-> sats(A, relation_fm(i), env)"
  1046 by simp
  1047 
  1048 theorem is_relation_reflection:
  1049      "REFLECTS[\<lambda>x. is_relation(L,f(x)),
  1050                \<lambda>i x. is_relation(**Lset(i),f(x))]"
  1051 apply (simp only: is_relation_def setclass_simps)
  1052 apply (intro FOL_reflections pair_reflection)
  1053 done
  1054 
  1055 
  1056 subsubsection{*The Concept of Function, Internalized*}
  1057 
  1058 (* "is_function(M,r) ==
  1059         \<forall>x[M]. \<forall>y[M]. \<forall>y'[M]. \<forall>p[M]. \<forall>p'[M].
  1060            pair(M,x,y,p) --> pair(M,x,y',p') --> p\<in>r --> p'\<in>r --> y=y'" *)
  1061 constdefs function_fm :: "i=>i"
  1062     "function_fm(r) ==
  1063        Forall(Forall(Forall(Forall(Forall(
  1064          Implies(pair_fm(4,3,1),
  1065                  Implies(pair_fm(4,2,0),
  1066                          Implies(Member(1,r#+5),
  1067                                  Implies(Member(0,r#+5), Equal(3,2))))))))))"
  1068 
  1069 lemma function_type [TC]:
  1070      "[| x \<in> nat |] ==> function_fm(x) \<in> formula"
  1071 by (simp add: function_fm_def)
  1072 
  1073 lemma arity_function_fm [simp]:
  1074      "x \<in> nat ==> arity(function_fm(x)) = succ(x)"
  1075 by (simp add: function_fm_def succ_Un_distrib [symmetric] Un_ac)
  1076 
  1077 lemma sats_function_fm [simp]:
  1078    "[| x \<in> nat; env \<in> list(A)|]
  1079     ==> sats(A, function_fm(x), env) <-> is_function(**A, nth(x,env))"
  1080 by (simp add: function_fm_def is_function_def)
  1081 
  1082 lemma function_iff_sats:
  1083       "[| nth(i,env) = x; nth(j,env) = y;
  1084           i \<in> nat; env \<in> list(A)|]
  1085        ==> is_function(**A, x) <-> sats(A, function_fm(i), env)"
  1086 by simp
  1087 
  1088 theorem is_function_reflection:
  1089      "REFLECTS[\<lambda>x. is_function(L,f(x)),
  1090                \<lambda>i x. is_function(**Lset(i),f(x))]"
  1091 apply (simp only: is_function_def setclass_simps)
  1092 apply (intro FOL_reflections pair_reflection)
  1093 done
  1094 
  1095 
  1096 subsubsection{*Typed Functions, Internalized*}
  1097 
  1098 (* "typed_function(M,A,B,r) ==
  1099         is_function(M,r) & is_relation(M,r) & is_domain(M,r,A) &
  1100         (\<forall>u[M]. u\<in>r --> (\<forall>x[M]. \<forall>y[M]. pair(M,x,y,u) --> y\<in>B))" *)
  1101 
  1102 constdefs typed_function_fm :: "[i,i,i]=>i"
  1103     "typed_function_fm(A,B,r) ==
  1104        And(function_fm(r),
  1105          And(relation_fm(r),
  1106            And(domain_fm(r,A),
  1107              Forall(Implies(Member(0,succ(r)),
  1108                   Forall(Forall(Implies(pair_fm(1,0,2),Member(0,B#+3)))))))))"
  1109 
  1110 lemma typed_function_type [TC]:
  1111      "[| x \<in> nat; y \<in> nat; z \<in> nat |] ==> typed_function_fm(x,y,z) \<in> formula"
  1112 by (simp add: typed_function_fm_def)
  1113 
  1114 lemma arity_typed_function_fm [simp]:
  1115      "[| x \<in> nat; y \<in> nat; z \<in> nat |]
  1116       ==> arity(typed_function_fm(x,y,z)) = succ(x) \<union> succ(y) \<union> succ(z)"
  1117 by (simp add: typed_function_fm_def succ_Un_distrib [symmetric] Un_ac)
  1118 
  1119 lemma sats_typed_function_fm [simp]:
  1120    "[| x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
  1121     ==> sats(A, typed_function_fm(x,y,z), env) <->
  1122         typed_function(**A, nth(x,env), nth(y,env), nth(z,env))"
  1123 by (simp add: typed_function_fm_def typed_function_def)
  1124 
  1125 lemma typed_function_iff_sats:
  1126   "[| nth(i,env) = x; nth(j,env) = y; nth(k,env) = z;
  1127       i \<in> nat; j \<in> nat; k \<in> nat; env \<in> list(A)|]
  1128    ==> typed_function(**A, x, y, z) <-> sats(A, typed_function_fm(i,j,k), env)"
  1129 by simp
  1130 
  1131 lemmas function_reflections =
  1132         empty_reflection number1_reflection
  1133         upair_reflection pair_reflection union_reflection
  1134         big_union_reflection cons_reflection successor_reflection
  1135         fun_apply_reflection subset_reflection
  1136         transitive_set_reflection membership_reflection
  1137         pred_set_reflection domain_reflection range_reflection field_reflection
  1138         image_reflection pre_image_reflection
  1139         is_relation_reflection is_function_reflection
  1140 
  1141 lemmas function_iff_sats =
  1142         empty_iff_sats number1_iff_sats
  1143         upair_iff_sats pair_iff_sats union_iff_sats
  1144         cons_iff_sats successor_iff_sats
  1145         fun_apply_iff_sats  Memrel_iff_sats
  1146         pred_set_iff_sats domain_iff_sats range_iff_sats field_iff_sats
  1147         image_iff_sats pre_image_iff_sats
  1148         relation_iff_sats function_iff_sats
  1149 
  1150 
  1151 theorem typed_function_reflection:
  1152      "REFLECTS[\<lambda>x. typed_function(L,f(x),g(x),h(x)),
  1153                \<lambda>i x. typed_function(**Lset(i),f(x),g(x),h(x))]"
  1154 apply (simp only: typed_function_def setclass_simps)
  1155 apply (intro FOL_reflections function_reflections)
  1156 done
  1157 
  1158 
  1159 subsubsection{*Composition of Relations, Internalized*}
  1160 
  1161 (* "composition(M,r,s,t) ==
  1162         \<forall>p[M]. p \<in> t <->
  1163                (\<exists>x[M]. \<exists>y[M]. \<exists>z[M]. \<exists>xy[M]. \<exists>yz[M].
  1164                 pair(M,x,z,p) & pair(M,x,y,xy) & pair(M,y,z,yz) &
  1165                 xy \<in> s & yz \<in> r)" *)
  1166 constdefs composition_fm :: "[i,i,i]=>i"
  1167   "composition_fm(r,s,t) ==
  1168      Forall(Iff(Member(0,succ(t)),
  1169              Exists(Exists(Exists(Exists(Exists(
  1170               And(pair_fm(4,2,5),
  1171                And(pair_fm(4,3,1),
  1172                 And(pair_fm(3,2,0),
  1173                  And(Member(1,s#+6), Member(0,r#+6))))))))))))"
  1174 
  1175 lemma composition_type [TC]:
  1176      "[| x \<in> nat; y \<in> nat; z \<in> nat |] ==> composition_fm(x,y,z) \<in> formula"
  1177 by (simp add: composition_fm_def)
  1178 
  1179 lemma arity_composition_fm [simp]:
  1180      "[| x \<in> nat; y \<in> nat; z \<in> nat |]
  1181       ==> arity(composition_fm(x,y,z)) = succ(x) \<union> succ(y) \<union> succ(z)"
  1182 by (simp add: composition_fm_def succ_Un_distrib [symmetric] Un_ac)
  1183 
  1184 lemma sats_composition_fm [simp]:
  1185    "[| x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
  1186     ==> sats(A, composition_fm(x,y,z), env) <->
  1187         composition(**A, nth(x,env), nth(y,env), nth(z,env))"
  1188 by (simp add: composition_fm_def composition_def)
  1189 
  1190 lemma composition_iff_sats:
  1191       "[| nth(i,env) = x; nth(j,env) = y; nth(k,env) = z;
  1192           i \<in> nat; j \<in> nat; k \<in> nat; env \<in> list(A)|]
  1193        ==> composition(**A, x, y, z) <-> sats(A, composition_fm(i,j,k), env)"
  1194 by simp
  1195 
  1196 theorem composition_reflection:
  1197      "REFLECTS[\<lambda>x. composition(L,f(x),g(x),h(x)),
  1198                \<lambda>i x. composition(**Lset(i),f(x),g(x),h(x))]"
  1199 apply (simp only: composition_def setclass_simps)
  1200 apply (intro FOL_reflections pair_reflection)
  1201 done
  1202 
  1203 
  1204 subsubsection{*Injections, Internalized*}
  1205 
  1206 (* "injection(M,A,B,f) ==
  1207         typed_function(M,A,B,f) &
  1208         (\<forall>x[M]. \<forall>x'[M]. \<forall>y[M]. \<forall>p[M]. \<forall>p'[M].
  1209           pair(M,x,y,p) --> pair(M,x',y,p') --> p\<in>f --> p'\<in>f --> x=x')" *)
  1210 constdefs injection_fm :: "[i,i,i]=>i"
  1211  "injection_fm(A,B,f) ==
  1212     And(typed_function_fm(A,B,f),
  1213        Forall(Forall(Forall(Forall(Forall(
  1214          Implies(pair_fm(4,2,1),
  1215                  Implies(pair_fm(3,2,0),
  1216                          Implies(Member(1,f#+5),
  1217                                  Implies(Member(0,f#+5), Equal(4,3)))))))))))"
  1218 
  1219 
  1220 lemma injection_type [TC]:
  1221      "[| x \<in> nat; y \<in> nat; z \<in> nat |] ==> injection_fm(x,y,z) \<in> formula"
  1222 by (simp add: injection_fm_def)
  1223 
  1224 lemma arity_injection_fm [simp]:
  1225      "[| x \<in> nat; y \<in> nat; z \<in> nat |]
  1226       ==> arity(injection_fm(x,y,z)) = succ(x) \<union> succ(y) \<union> succ(z)"
  1227 by (simp add: injection_fm_def succ_Un_distrib [symmetric] Un_ac)
  1228 
  1229 lemma sats_injection_fm [simp]:
  1230    "[| x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
  1231     ==> sats(A, injection_fm(x,y,z), env) <->
  1232         injection(**A, nth(x,env), nth(y,env), nth(z,env))"
  1233 by (simp add: injection_fm_def injection_def)
  1234 
  1235 lemma injection_iff_sats:
  1236   "[| nth(i,env) = x; nth(j,env) = y; nth(k,env) = z;
  1237       i \<in> nat; j \<in> nat; k \<in> nat; env \<in> list(A)|]
  1238    ==> injection(**A, x, y, z) <-> sats(A, injection_fm(i,j,k), env)"
  1239 by simp
  1240 
  1241 theorem injection_reflection:
  1242      "REFLECTS[\<lambda>x. injection(L,f(x),g(x),h(x)),
  1243                \<lambda>i x. injection(**Lset(i),f(x),g(x),h(x))]"
  1244 apply (simp only: injection_def setclass_simps)
  1245 apply (intro FOL_reflections function_reflections typed_function_reflection)
  1246 done
  1247 
  1248 
  1249 subsubsection{*Surjections, Internalized*}
  1250 
  1251 (*  surjection :: "[i=>o,i,i,i] => o"
  1252     "surjection(M,A,B,f) ==
  1253         typed_function(M,A,B,f) &
  1254         (\<forall>y[M]. y\<in>B --> (\<exists>x[M]. x\<in>A & fun_apply(M,f,x,y)))" *)
  1255 constdefs surjection_fm :: "[i,i,i]=>i"
  1256  "surjection_fm(A,B,f) ==
  1257     And(typed_function_fm(A,B,f),
  1258        Forall(Implies(Member(0,succ(B)),
  1259                       Exists(And(Member(0,succ(succ(A))),
  1260                                  fun_apply_fm(succ(succ(f)),0,1))))))"
  1261 
  1262 lemma surjection_type [TC]:
  1263      "[| x \<in> nat; y \<in> nat; z \<in> nat |] ==> surjection_fm(x,y,z) \<in> formula"
  1264 by (simp add: surjection_fm_def)
  1265 
  1266 lemma arity_surjection_fm [simp]:
  1267      "[| x \<in> nat; y \<in> nat; z \<in> nat |]
  1268       ==> arity(surjection_fm(x,y,z)) = succ(x) \<union> succ(y) \<union> succ(z)"
  1269 by (simp add: surjection_fm_def succ_Un_distrib [symmetric] Un_ac)
  1270 
  1271 lemma sats_surjection_fm [simp]:
  1272    "[| x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
  1273     ==> sats(A, surjection_fm(x,y,z), env) <->
  1274         surjection(**A, nth(x,env), nth(y,env), nth(z,env))"
  1275 by (simp add: surjection_fm_def surjection_def)
  1276 
  1277 lemma surjection_iff_sats:
  1278   "[| nth(i,env) = x; nth(j,env) = y; nth(k,env) = z;
  1279       i \<in> nat; j \<in> nat; k \<in> nat; env \<in> list(A)|]
  1280    ==> surjection(**A, x, y, z) <-> sats(A, surjection_fm(i,j,k), env)"
  1281 by simp
  1282 
  1283 theorem surjection_reflection:
  1284      "REFLECTS[\<lambda>x. surjection(L,f(x),g(x),h(x)),
  1285                \<lambda>i x. surjection(**Lset(i),f(x),g(x),h(x))]"
  1286 apply (simp only: surjection_def setclass_simps)
  1287 apply (intro FOL_reflections function_reflections typed_function_reflection)
  1288 done
  1289 
  1290 
  1291 
  1292 subsubsection{*Bijections, Internalized*}
  1293 
  1294 (*   bijection :: "[i=>o,i,i,i] => o"
  1295     "bijection(M,A,B,f) == injection(M,A,B,f) & surjection(M,A,B,f)" *)
  1296 constdefs bijection_fm :: "[i,i,i]=>i"
  1297  "bijection_fm(A,B,f) == And(injection_fm(A,B,f), surjection_fm(A,B,f))"
  1298 
  1299 lemma bijection_type [TC]:
  1300      "[| x \<in> nat; y \<in> nat; z \<in> nat |] ==> bijection_fm(x,y,z) \<in> formula"
  1301 by (simp add: bijection_fm_def)
  1302 
  1303 lemma arity_bijection_fm [simp]:
  1304      "[| x \<in> nat; y \<in> nat; z \<in> nat |]
  1305       ==> arity(bijection_fm(x,y,z)) = succ(x) \<union> succ(y) \<union> succ(z)"
  1306 by (simp add: bijection_fm_def succ_Un_distrib [symmetric] Un_ac)
  1307 
  1308 lemma sats_bijection_fm [simp]:
  1309    "[| x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
  1310     ==> sats(A, bijection_fm(x,y,z), env) <->
  1311         bijection(**A, nth(x,env), nth(y,env), nth(z,env))"
  1312 by (simp add: bijection_fm_def bijection_def)
  1313 
  1314 lemma bijection_iff_sats:
  1315   "[| nth(i,env) = x; nth(j,env) = y; nth(k,env) = z;
  1316       i \<in> nat; j \<in> nat; k \<in> nat; env \<in> list(A)|]
  1317    ==> bijection(**A, x, y, z) <-> sats(A, bijection_fm(i,j,k), env)"
  1318 by simp
  1319 
  1320 theorem bijection_reflection:
  1321      "REFLECTS[\<lambda>x. bijection(L,f(x),g(x),h(x)),
  1322                \<lambda>i x. bijection(**Lset(i),f(x),g(x),h(x))]"
  1323 apply (simp only: bijection_def setclass_simps)
  1324 apply (intro And_reflection injection_reflection surjection_reflection)
  1325 done
  1326 
  1327 
  1328 subsubsection{*Restriction of a Relation, Internalized*}
  1329 
  1330 
  1331 (* "restriction(M,r,A,z) ==
  1332         \<forall>x[M]. x \<in> z <-> (x \<in> r & (\<exists>u[M]. u\<in>A & (\<exists>v[M]. pair(M,u,v,x))))" *)
  1333 constdefs restriction_fm :: "[i,i,i]=>i"
  1334     "restriction_fm(r,A,z) ==
  1335        Forall(Iff(Member(0,succ(z)),
  1336                   And(Member(0,succ(r)),
  1337                       Exists(And(Member(0,succ(succ(A))),
  1338                                  Exists(pair_fm(1,0,2)))))))"
  1339 
  1340 lemma restriction_type [TC]:
  1341      "[| x \<in> nat; y \<in> nat; z \<in> nat |] ==> restriction_fm(x,y,z) \<in> formula"
  1342 by (simp add: restriction_fm_def)
  1343 
  1344 lemma arity_restriction_fm [simp]:
  1345      "[| x \<in> nat; y \<in> nat; z \<in> nat |]
  1346       ==> arity(restriction_fm(x,y,z)) = succ(x) \<union> succ(y) \<union> succ(z)"
  1347 by (simp add: restriction_fm_def succ_Un_distrib [symmetric] Un_ac)
  1348 
  1349 lemma sats_restriction_fm [simp]:
  1350    "[| x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
  1351     ==> sats(A, restriction_fm(x,y,z), env) <->
  1352         restriction(**A, nth(x,env), nth(y,env), nth(z,env))"
  1353 by (simp add: restriction_fm_def restriction_def)
  1354 
  1355 lemma restriction_iff_sats:
  1356       "[| nth(i,env) = x; nth(j,env) = y; nth(k,env) = z;
  1357           i \<in> nat; j \<in> nat; k \<in> nat; env \<in> list(A)|]
  1358        ==> restriction(**A, x, y, z) <-> sats(A, restriction_fm(i,j,k), env)"
  1359 by simp
  1360 
  1361 theorem restriction_reflection:
  1362      "REFLECTS[\<lambda>x. restriction(L,f(x),g(x),h(x)),
  1363                \<lambda>i x. restriction(**Lset(i),f(x),g(x),h(x))]"
  1364 apply (simp only: restriction_def setclass_simps)
  1365 apply (intro FOL_reflections pair_reflection)
  1366 done
  1367 
  1368 subsubsection{*Order-Isomorphisms, Internalized*}
  1369 
  1370 (*  order_isomorphism :: "[i=>o,i,i,i,i,i] => o"
  1371    "order_isomorphism(M,A,r,B,s,f) ==
  1372         bijection(M,A,B,f) &
  1373         (\<forall>x[M]. x\<in>A --> (\<forall>y[M]. y\<in>A -->
  1374           (\<forall>p[M]. \<forall>fx[M]. \<forall>fy[M]. \<forall>q[M].
  1375             pair(M,x,y,p) --> fun_apply(M,f,x,fx) --> fun_apply(M,f,y,fy) -->
  1376             pair(M,fx,fy,q) --> (p\<in>r <-> q\<in>s))))"
  1377   *)
  1378 
  1379 constdefs order_isomorphism_fm :: "[i,i,i,i,i]=>i"
  1380  "order_isomorphism_fm(A,r,B,s,f) ==
  1381    And(bijection_fm(A,B,f),
  1382      Forall(Implies(Member(0,succ(A)),
  1383        Forall(Implies(Member(0,succ(succ(A))),
  1384          Forall(Forall(Forall(Forall(
  1385            Implies(pair_fm(5,4,3),
  1386              Implies(fun_apply_fm(f#+6,5,2),
  1387                Implies(fun_apply_fm(f#+6,4,1),
  1388                  Implies(pair_fm(2,1,0),
  1389                    Iff(Member(3,r#+6), Member(0,s#+6)))))))))))))))"
  1390 
  1391 lemma order_isomorphism_type [TC]:
  1392      "[| A \<in> nat; r \<in> nat; B \<in> nat; s \<in> nat; f \<in> nat |]
  1393       ==> order_isomorphism_fm(A,r,B,s,f) \<in> formula"
  1394 by (simp add: order_isomorphism_fm_def)
  1395 
  1396 lemma arity_order_isomorphism_fm [simp]:
  1397      "[| A \<in> nat; r \<in> nat; B \<in> nat; s \<in> nat; f \<in> nat |]
  1398       ==> arity(order_isomorphism_fm(A,r,B,s,f)) =
  1399           succ(A) \<union> succ(r) \<union> succ(B) \<union> succ(s) \<union> succ(f)"
  1400 by (simp add: order_isomorphism_fm_def succ_Un_distrib [symmetric] Un_ac)
  1401 
  1402 lemma sats_order_isomorphism_fm [simp]:
  1403    "[| U \<in> nat; r \<in> nat; B \<in> nat; s \<in> nat; f \<in> nat; env \<in> list(A)|]
  1404     ==> sats(A, order_isomorphism_fm(U,r,B,s,f), env) <->
  1405         order_isomorphism(**A, nth(U,env), nth(r,env), nth(B,env),
  1406                                nth(s,env), nth(f,env))"
  1407 by (simp add: order_isomorphism_fm_def order_isomorphism_def)
  1408 
  1409 lemma order_isomorphism_iff_sats:
  1410   "[| nth(i,env) = U; nth(j,env) = r; nth(k,env) = B; nth(j',env) = s;
  1411       nth(k',env) = f;
  1412       i \<in> nat; j \<in> nat; k \<in> nat; j' \<in> nat; k' \<in> nat; env \<in> list(A)|]
  1413    ==> order_isomorphism(**A,U,r,B,s,f) <->
  1414        sats(A, order_isomorphism_fm(i,j,k,j',k'), env)"
  1415 by simp
  1416 
  1417 theorem order_isomorphism_reflection:
  1418      "REFLECTS[\<lambda>x. order_isomorphism(L,f(x),g(x),h(x),g'(x),h'(x)),
  1419                \<lambda>i x. order_isomorphism(**Lset(i),f(x),g(x),h(x),g'(x),h'(x))]"
  1420 apply (simp only: order_isomorphism_def setclass_simps)
  1421 apply (intro FOL_reflections function_reflections bijection_reflection)
  1422 done
  1423 
  1424 subsubsection{*Limit Ordinals, Internalized*}
  1425 
  1426 text{*A limit ordinal is a non-empty, successor-closed ordinal*}
  1427 
  1428 (* "limit_ordinal(M,a) ==
  1429         ordinal(M,a) & ~ empty(M,a) &
  1430         (\<forall>x[M]. x\<in>a --> (\<exists>y[M]. y\<in>a & successor(M,x,y)))" *)
  1431 
  1432 constdefs limit_ordinal_fm :: "i=>i"
  1433     "limit_ordinal_fm(x) ==
  1434         And(ordinal_fm(x),
  1435             And(Neg(empty_fm(x)),
  1436                 Forall(Implies(Member(0,succ(x)),
  1437                                Exists(And(Member(0,succ(succ(x))),
  1438                                           succ_fm(1,0)))))))"
  1439 
  1440 lemma limit_ordinal_type [TC]:
  1441      "x \<in> nat ==> limit_ordinal_fm(x) \<in> formula"
  1442 by (simp add: limit_ordinal_fm_def)
  1443 
  1444 lemma arity_limit_ordinal_fm [simp]:
  1445      "x \<in> nat ==> arity(limit_ordinal_fm(x)) = succ(x)"
  1446 by (simp add: limit_ordinal_fm_def succ_Un_distrib [symmetric] Un_ac)
  1447 
  1448 lemma sats_limit_ordinal_fm [simp]:
  1449    "[| x \<in> nat; env \<in> list(A)|]
  1450     ==> sats(A, limit_ordinal_fm(x), env) <-> limit_ordinal(**A, nth(x,env))"
  1451 by (simp add: limit_ordinal_fm_def limit_ordinal_def sats_ordinal_fm')
  1452 
  1453 lemma limit_ordinal_iff_sats:
  1454       "[| nth(i,env) = x; nth(j,env) = y;
  1455           i \<in> nat; env \<in> list(A)|]
  1456        ==> limit_ordinal(**A, x) <-> sats(A, limit_ordinal_fm(i), env)"
  1457 by simp
  1458 
  1459 theorem limit_ordinal_reflection:
  1460      "REFLECTS[\<lambda>x. limit_ordinal(L,f(x)),
  1461                \<lambda>i x. limit_ordinal(**Lset(i),f(x))]"
  1462 apply (simp only: limit_ordinal_def setclass_simps)
  1463 apply (intro FOL_reflections ordinal_reflection
  1464              empty_reflection successor_reflection)
  1465 done
  1466 
  1467 subsubsection{*Omega: The Set of Natural Numbers*}
  1468 
  1469 (* omega(M,a) == limit_ordinal(M,a) & (\<forall>x[M]. x\<in>a --> ~ limit_ordinal(M,x)) *)
  1470 constdefs omega_fm :: "i=>i"
  1471     "omega_fm(x) ==
  1472        And(limit_ordinal_fm(x),
  1473            Forall(Implies(Member(0,succ(x)),
  1474                           Neg(limit_ordinal_fm(0)))))"
  1475 
  1476 lemma omega_type [TC]:
  1477      "x \<in> nat ==> omega_fm(x) \<in> formula"
  1478 by (simp add: omega_fm_def)
  1479 
  1480 lemma arity_omega_fm [simp]:
  1481      "x \<in> nat ==> arity(omega_fm(x)) = succ(x)"
  1482 by (simp add: omega_fm_def succ_Un_distrib [symmetric] Un_ac)
  1483 
  1484 lemma sats_omega_fm [simp]:
  1485    "[| x \<in> nat; env \<in> list(A)|]
  1486     ==> sats(A, omega_fm(x), env) <-> omega(**A, nth(x,env))"
  1487 by (simp add: omega_fm_def omega_def)
  1488 
  1489 lemma omega_iff_sats:
  1490       "[| nth(i,env) = x; nth(j,env) = y;
  1491           i \<in> nat; env \<in> list(A)|]
  1492        ==> omega(**A, x) <-> sats(A, omega_fm(i), env)"
  1493 by simp
  1494 
  1495 theorem omega_reflection:
  1496      "REFLECTS[\<lambda>x. omega(L,f(x)),
  1497                \<lambda>i x. omega(**Lset(i),f(x))]"
  1498 apply (simp only: omega_def setclass_simps)
  1499 apply (intro FOL_reflections limit_ordinal_reflection)
  1500 done
  1501 
  1502 
  1503 lemmas fun_plus_reflections =
  1504         typed_function_reflection composition_reflection
  1505         injection_reflection surjection_reflection
  1506         bijection_reflection restriction_reflection
  1507         order_isomorphism_reflection
  1508         ordinal_reflection limit_ordinal_reflection omega_reflection
  1509 
  1510 lemmas fun_plus_iff_sats =
  1511         typed_function_iff_sats composition_iff_sats
  1512         injection_iff_sats surjection_iff_sats
  1513         bijection_iff_sats restriction_iff_sats
  1514         order_isomorphism_iff_sats
  1515         ordinal_iff_sats limit_ordinal_iff_sats omega_iff_sats
  1516 
  1517 end