src/ZF/Constructible/Rank.thy
 author wenzelm Fri Nov 17 02:20:03 2006 +0100 (2006-11-17) changeset 21404 eb85850d3eb7 parent 21233 5a5c8ea5f66a child 32960 69916a850301 permissions -rw-r--r--
more robust syntax for definition/abbreviation/notation;
```     1 (*  Title:      ZF/Constructible/Rank.thy
```
```     2     ID:   \$Id\$
```
```     3     Author:     Lawrence C Paulson, Cambridge University Computer Laboratory
```
```     4 *)
```
```     5
```
```     6 header {*Absoluteness for Order Types, Rank Functions and Well-Founded
```
```     7          Relations*}
```
```     8
```
```     9 theory Rank imports WF_absolute begin
```
```    10
```
```    11 subsection {*Order Types: A Direct Construction by Replacement*}
```
```    12
```
```    13 locale M_ordertype = M_basic +
```
```    14 assumes well_ord_iso_separation:
```
```    15      "[| M(A); M(f); M(r) |]
```
```    16       ==> separation (M, \<lambda>x. x\<in>A --> (\<exists>y[M]. (\<exists>p[M].
```
```    17 		     fun_apply(M,f,x,y) & pair(M,y,x,p) & p \<in> r)))"
```
```    18   and obase_separation:
```
```    19      --{*part of the order type formalization*}
```
```    20      "[| M(A); M(r) |]
```
```    21       ==> separation(M, \<lambda>a. \<exists>x[M]. \<exists>g[M]. \<exists>mx[M]. \<exists>par[M].
```
```    22 	     ordinal(M,x) & membership(M,x,mx) & pred_set(M,A,a,r,par) &
```
```    23 	     order_isomorphism(M,par,r,x,mx,g))"
```
```    24   and obase_equals_separation:
```
```    25      "[| M(A); M(r) |]
```
```    26       ==> separation (M, \<lambda>x. x\<in>A --> ~(\<exists>y[M]. \<exists>g[M].
```
```    27 			      ordinal(M,y) & (\<exists>my[M]. \<exists>pxr[M].
```
```    28 			      membership(M,y,my) & pred_set(M,A,x,r,pxr) &
```
```    29 			      order_isomorphism(M,pxr,r,y,my,g))))"
```
```    30   and omap_replacement:
```
```    31      "[| M(A); M(r) |]
```
```    32       ==> strong_replacement(M,
```
```    33              \<lambda>a z. \<exists>x[M]. \<exists>g[M]. \<exists>mx[M]. \<exists>par[M].
```
```    34 	     ordinal(M,x) & pair(M,a,x,z) & membership(M,x,mx) &
```
```    35 	     pred_set(M,A,a,r,par) & order_isomorphism(M,par,r,x,mx,g))"
```
```    36
```
```    37
```
```    38 text{*Inductive argument for Kunen's Lemma I 6.1, etc.
```
```    39       Simple proof from Halmos, page 72*}
```
```    40 lemma  (in M_ordertype) wellordered_iso_subset_lemma:
```
```    41      "[| wellordered(M,A,r);  f \<in> ord_iso(A,r, A',r);  A'<= A;  y \<in> A;
```
```    42        M(A);  M(f);  M(r) |] ==> ~ <f`y, y> \<in> r"
```
```    43 apply (unfold wellordered_def ord_iso_def)
```
```    44 apply (elim conjE CollectE)
```
```    45 apply (erule wellfounded_on_induct, assumption+)
```
```    46  apply (insert well_ord_iso_separation [of A f r])
```
```    47  apply (simp, clarify)
```
```    48 apply (drule_tac a = x in bij_is_fun [THEN apply_type], assumption, blast)
```
```    49 done
```
```    50
```
```    51
```
```    52 text{*Kunen's Lemma I 6.1, page 14:
```
```    53       there's no order-isomorphism to an initial segment of a well-ordering*}
```
```    54 lemma (in M_ordertype) wellordered_iso_predD:
```
```    55      "[| wellordered(M,A,r);  f \<in> ord_iso(A, r, Order.pred(A,x,r), r);
```
```    56        M(A);  M(f);  M(r) |] ==> x \<notin> A"
```
```    57 apply (rule notI)
```
```    58 apply (frule wellordered_iso_subset_lemma, assumption)
```
```    59 apply (auto elim: predE)
```
```    60 (*Now we know  ~ (f`x < x) *)
```
```    61 apply (drule ord_iso_is_bij [THEN bij_is_fun, THEN apply_type], assumption)
```
```    62 (*Now we also know f`x  \<in> pred(A,x,r);  contradiction! *)
```
```    63 apply (simp add: Order.pred_def)
```
```    64 done
```
```    65
```
```    66
```
```    67 lemma (in M_ordertype) wellordered_iso_pred_eq_lemma:
```
```    68      "[| f \<in> \<langle>Order.pred(A,y,r), r\<rangle> \<cong> \<langle>Order.pred(A,x,r), r\<rangle>;
```
```    69        wellordered(M,A,r); x\<in>A; y\<in>A; M(A); M(f); M(r) |] ==> <x,y> \<notin> r"
```
```    70 apply (frule wellordered_is_trans_on, assumption)
```
```    71 apply (rule notI)
```
```    72 apply (drule_tac x2=y and x=x and r2=r in
```
```    73          wellordered_subset [OF _ pred_subset, THEN wellordered_iso_predD])
```
```    74 apply (simp add: trans_pred_pred_eq)
```
```    75 apply (blast intro: predI dest: transM)+
```
```    76 done
```
```    77
```
```    78
```
```    79 text{*Simple consequence of Lemma 6.1*}
```
```    80 lemma (in M_ordertype) wellordered_iso_pred_eq:
```
```    81      "[| wellordered(M,A,r);
```
```    82        f \<in> ord_iso(Order.pred(A,a,r), r, Order.pred(A,c,r), r);
```
```    83        M(A);  M(f);  M(r);  a\<in>A;  c\<in>A |] ==> a=c"
```
```    84 apply (frule wellordered_is_trans_on, assumption)
```
```    85 apply (frule wellordered_is_linear, assumption)
```
```    86 apply (erule_tac x=a and y=c in linearE, auto)
```
```    87 apply (drule ord_iso_sym)
```
```    88 (*two symmetric cases*)
```
```    89 apply (blast dest: wellordered_iso_pred_eq_lemma)+
```
```    90 done
```
```    91
```
```    92
```
```    93 text{*Following Kunen's Theorem I 7.6, page 17.  Note that this material is
```
```    94 not required elsewhere.*}
```
```    95
```
```    96 text{*Can't use @{text well_ord_iso_preserving} because it needs the
```
```    97 strong premise @{term "well_ord(A,r)"}*}
```
```    98 lemma (in M_ordertype) ord_iso_pred_imp_lt:
```
```    99      "[| f \<in> ord_iso(Order.pred(A,x,r), r, i, Memrel(i));
```
```   100          g \<in> ord_iso(Order.pred(A,y,r), r, j, Memrel(j));
```
```   101          wellordered(M,A,r);  x \<in> A;  y \<in> A; M(A); M(r); M(f); M(g); M(j);
```
```   102          Ord(i); Ord(j); \<langle>x,y\<rangle> \<in> r |]
```
```   103       ==> i < j"
```
```   104 apply (frule wellordered_is_trans_on, assumption)
```
```   105 apply (frule_tac y=y in transM, assumption)
```
```   106 apply (rule_tac i=i and j=j in Ord_linear_lt, auto)
```
```   107 txt{*case @{term "i=j"} yields a contradiction*}
```
```   108  apply (rule_tac x1=x and A1="Order.pred(A,y,r)" in
```
```   109           wellordered_iso_predD [THEN notE])
```
```   110    apply (blast intro: wellordered_subset [OF _ pred_subset])
```
```   111   apply (simp add: trans_pred_pred_eq)
```
```   112   apply (blast intro: Ord_iso_implies_eq ord_iso_sym ord_iso_trans)
```
```   113  apply (simp_all add: pred_iff pred_closed converse_closed comp_closed)
```
```   114 txt{*case @{term "j<i"} also yields a contradiction*}
```
```   115 apply (frule restrict_ord_iso2, assumption+)
```
```   116 apply (frule ord_iso_sym [THEN ord_iso_is_bij, THEN bij_is_fun])
```
```   117 apply (frule apply_type, blast intro: ltD)
```
```   118   --{*thus @{term "converse(f)`j \<in> Order.pred(A,x,r)"}*}
```
```   119 apply (simp add: pred_iff)
```
```   120 apply (subgoal_tac
```
```   121        "\<exists>h[M]. h \<in> ord_iso(Order.pred(A,y,r), r,
```
```   122                                Order.pred(A, converse(f)`j, r), r)")
```
```   123  apply (clarify, frule wellordered_iso_pred_eq, assumption+)
```
```   124  apply (blast dest: wellordered_asym)
```
```   125 apply (intro rexI)
```
```   126  apply (blast intro: Ord_iso_implies_eq ord_iso_sym ord_iso_trans)+
```
```   127 done
```
```   128
```
```   129
```
```   130 lemma ord_iso_converse1:
```
```   131      "[| f: ord_iso(A,r,B,s);  <b, f`a>: s;  a:A;  b:B |]
```
```   132       ==> <converse(f) ` b, a> \<in> r"
```
```   133 apply (frule ord_iso_converse, assumption+)
```
```   134 apply (blast intro: ord_iso_is_bij [THEN bij_is_fun, THEN apply_funtype])
```
```   135 apply (simp add: left_inverse_bij [OF ord_iso_is_bij])
```
```   136 done
```
```   137
```
```   138
```
```   139 definition
```
```   140   obase :: "[i=>o,i,i] => i" where
```
```   141        --{*the domain of @{text om}, eventually shown to equal @{text A}*}
```
```   142    "obase(M,A,r) == {a\<in>A. \<exists>x[M]. \<exists>g[M]. Ord(x) &
```
```   143                           g \<in> ord_iso(Order.pred(A,a,r),r,x,Memrel(x))}"
```
```   144
```
```   145 definition
```
```   146   omap :: "[i=>o,i,i,i] => o" where
```
```   147     --{*the function that maps wosets to order types*}
```
```   148    "omap(M,A,r,f) ==
```
```   149 	\<forall>z[M].
```
```   150          z \<in> f <-> (\<exists>a\<in>A. \<exists>x[M]. \<exists>g[M]. z = <a,x> & Ord(x) &
```
```   151                         g \<in> ord_iso(Order.pred(A,a,r),r,x,Memrel(x)))"
```
```   152
```
```   153 definition
```
```   154   otype :: "[i=>o,i,i,i] => o" where --{*the order types themselves*}
```
```   155    "otype(M,A,r,i) == \<exists>f[M]. omap(M,A,r,f) & is_range(M,f,i)"
```
```   156
```
```   157
```
```   158 text{*Can also be proved with the premise @{term "M(z)"} instead of
```
```   159       @{term "M(f)"}, but that version is less useful.  This lemma
```
```   160       is also more useful than the definition, @{text omap_def}.*}
```
```   161 lemma (in M_ordertype) omap_iff:
```
```   162      "[| omap(M,A,r,f); M(A); M(f) |]
```
```   163       ==> z \<in> f <->
```
```   164           (\<exists>a\<in>A. \<exists>x[M]. \<exists>g[M]. z = <a,x> & Ord(x) &
```
```   165                                 g \<in> ord_iso(Order.pred(A,a,r),r,x,Memrel(x)))"
```
```   166 apply (simp add: omap_def Memrel_closed pred_closed)
```
```   167 apply (rule iffI)
```
```   168  apply (drule_tac [2] x=z in rspec)
```
```   169  apply (drule_tac x=z in rspec)
```
```   170  apply (blast dest: transM)+
```
```   171 done
```
```   172
```
```   173 lemma (in M_ordertype) omap_unique:
```
```   174      "[| omap(M,A,r,f); omap(M,A,r,f'); M(A); M(r); M(f); M(f') |] ==> f' = f"
```
```   175 apply (rule equality_iffI)
```
```   176 apply (simp add: omap_iff)
```
```   177 done
```
```   178
```
```   179 lemma (in M_ordertype) omap_yields_Ord:
```
```   180      "[| omap(M,A,r,f); \<langle>a,x\<rangle> \<in> f; M(a); M(x) |]  ==> Ord(x)"
```
```   181   by (simp add: omap_def)
```
```   182
```
```   183 lemma (in M_ordertype) otype_iff:
```
```   184      "[| otype(M,A,r,i); M(A); M(r); M(i) |]
```
```   185       ==> x \<in> i <->
```
```   186           (M(x) & Ord(x) &
```
```   187            (\<exists>a\<in>A. \<exists>g[M]. g \<in> ord_iso(Order.pred(A,a,r),r,x,Memrel(x))))"
```
```   188 apply (auto simp add: omap_iff otype_def)
```
```   189  apply (blast intro: transM)
```
```   190 apply (rule rangeI)
```
```   191 apply (frule transM, assumption)
```
```   192 apply (simp add: omap_iff, blast)
```
```   193 done
```
```   194
```
```   195 lemma (in M_ordertype) otype_eq_range:
```
```   196      "[| omap(M,A,r,f); otype(M,A,r,i); M(A); M(r); M(f); M(i) |]
```
```   197       ==> i = range(f)"
```
```   198 apply (auto simp add: otype_def omap_iff)
```
```   199 apply (blast dest: omap_unique)
```
```   200 done
```
```   201
```
```   202
```
```   203 lemma (in M_ordertype) Ord_otype:
```
```   204      "[| otype(M,A,r,i); trans[A](r); M(A); M(r); M(i) |] ==> Ord(i)"
```
```   205 apply (rule OrdI)
```
```   206 prefer 2
```
```   207     apply (simp add: Ord_def otype_def omap_def)
```
```   208     apply clarify
```
```   209     apply (frule pair_components_in_M, assumption)
```
```   210     apply blast
```
```   211 apply (auto simp add: Transset_def otype_iff)
```
```   212   apply (blast intro: transM)
```
```   213  apply (blast intro: Ord_in_Ord)
```
```   214 apply (rename_tac y a g)
```
```   215 apply (frule ord_iso_sym [THEN ord_iso_is_bij, THEN bij_is_fun,
```
```   216 			  THEN apply_funtype],  assumption)
```
```   217 apply (rule_tac x="converse(g)`y" in bexI)
```
```   218  apply (frule_tac a="converse(g) ` y" in ord_iso_restrict_pred, assumption)
```
```   219 apply (safe elim!: predE)
```
```   220 apply (blast intro: restrict_ord_iso ord_iso_sym ltI dest: transM)
```
```   221 done
```
```   222
```
```   223 lemma (in M_ordertype) domain_omap:
```
```   224      "[| omap(M,A,r,f);  M(A); M(r); M(B); M(f) |]
```
```   225       ==> domain(f) = obase(M,A,r)"
```
```   226 apply (simp add: domain_closed obase_def)
```
```   227 apply (rule equality_iffI)
```
```   228 apply (simp add: domain_iff omap_iff, blast)
```
```   229 done
```
```   230
```
```   231 lemma (in M_ordertype) omap_subset:
```
```   232      "[| omap(M,A,r,f); otype(M,A,r,i);
```
```   233        M(A); M(r); M(f); M(B); M(i) |] ==> f \<subseteq> obase(M,A,r) * i"
```
```   234 apply clarify
```
```   235 apply (simp add: omap_iff obase_def)
```
```   236 apply (force simp add: otype_iff)
```
```   237 done
```
```   238
```
```   239 lemma (in M_ordertype) omap_funtype:
```
```   240      "[| omap(M,A,r,f); otype(M,A,r,i);
```
```   241          M(A); M(r); M(f); M(i) |] ==> f \<in> obase(M,A,r) -> i"
```
```   242 apply (simp add: domain_omap omap_subset Pi_iff function_def omap_iff)
```
```   243 apply (blast intro: Ord_iso_implies_eq ord_iso_sym ord_iso_trans)
```
```   244 done
```
```   245
```
```   246
```
```   247 lemma (in M_ordertype) wellordered_omap_bij:
```
```   248      "[| wellordered(M,A,r); omap(M,A,r,f); otype(M,A,r,i);
```
```   249        M(A); M(r); M(f); M(i) |] ==> f \<in> bij(obase(M,A,r),i)"
```
```   250 apply (insert omap_funtype [of A r f i])
```
```   251 apply (auto simp add: bij_def inj_def)
```
```   252 prefer 2  apply (blast intro: fun_is_surj dest: otype_eq_range)
```
```   253 apply (frule_tac a=w in apply_Pair, assumption)
```
```   254 apply (frule_tac a=x in apply_Pair, assumption)
```
```   255 apply (simp add: omap_iff)
```
```   256 apply (blast intro: wellordered_iso_pred_eq ord_iso_sym ord_iso_trans)
```
```   257 done
```
```   258
```
```   259
```
```   260 text{*This is not the final result: we must show @{term "oB(A,r) = A"}*}
```
```   261 lemma (in M_ordertype) omap_ord_iso:
```
```   262      "[| wellordered(M,A,r); omap(M,A,r,f); otype(M,A,r,i);
```
```   263        M(A); M(r); M(f); M(i) |] ==> f \<in> ord_iso(obase(M,A,r),r,i,Memrel(i))"
```
```   264 apply (rule ord_isoI)
```
```   265  apply (erule wellordered_omap_bij, assumption+)
```
```   266 apply (insert omap_funtype [of A r f i], simp)
```
```   267 apply (frule_tac a=x in apply_Pair, assumption)
```
```   268 apply (frule_tac a=y in apply_Pair, assumption)
```
```   269 apply (auto simp add: omap_iff)
```
```   270  txt{*direction 1: assuming @{term "\<langle>x,y\<rangle> \<in> r"}*}
```
```   271  apply (blast intro: ltD ord_iso_pred_imp_lt)
```
```   272  txt{*direction 2: proving @{term "\<langle>x,y\<rangle> \<in> r"} using linearity of @{term r}*}
```
```   273 apply (rename_tac x y g ga)
```
```   274 apply (frule wellordered_is_linear, assumption,
```
```   275        erule_tac x=x and y=y in linearE, assumption+)
```
```   276 txt{*the case @{term "x=y"} leads to immediate contradiction*}
```
```   277 apply (blast elim: mem_irrefl)
```
```   278 txt{*the case @{term "\<langle>y,x\<rangle> \<in> r"}: handle like the opposite direction*}
```
```   279 apply (blast dest: ord_iso_pred_imp_lt ltD elim: mem_asym)
```
```   280 done
```
```   281
```
```   282 lemma (in M_ordertype) Ord_omap_image_pred:
```
```   283      "[| wellordered(M,A,r); omap(M,A,r,f); otype(M,A,r,i);
```
```   284        M(A); M(r); M(f); M(i); b \<in> A |] ==> Ord(f `` Order.pred(A,b,r))"
```
```   285 apply (frule wellordered_is_trans_on, assumption)
```
```   286 apply (rule OrdI)
```
```   287 	prefer 2 apply (simp add: image_iff omap_iff Ord_def, blast)
```
```   288 txt{*Hard part is to show that the image is a transitive set.*}
```
```   289 apply (simp add: Transset_def, clarify)
```
```   290 apply (simp add: image_iff pred_iff apply_iff [OF omap_funtype [of A r f i]])
```
```   291 apply (rename_tac c j, clarify)
```
```   292 apply (frule omap_funtype [of A r f, THEN apply_funtype], assumption+)
```
```   293 apply (subgoal_tac "j \<in> i")
```
```   294 	prefer 2 apply (blast intro: Ord_trans Ord_otype)
```
```   295 apply (subgoal_tac "converse(f) ` j \<in> obase(M,A,r)")
```
```   296 	prefer 2
```
```   297 	apply (blast dest: wellordered_omap_bij [THEN bij_converse_bij,
```
```   298                                       THEN bij_is_fun, THEN apply_funtype])
```
```   299 apply (rule_tac x="converse(f) ` j" in bexI)
```
```   300  apply (simp add: right_inverse_bij [OF wellordered_omap_bij])
```
```   301 apply (intro predI conjI)
```
```   302  apply (erule_tac b=c in trans_onD)
```
```   303  apply (rule ord_iso_converse1 [OF omap_ord_iso [of A r f i]])
```
```   304 apply (auto simp add: obase_def)
```
```   305 done
```
```   306
```
```   307 lemma (in M_ordertype) restrict_omap_ord_iso:
```
```   308      "[| wellordered(M,A,r); omap(M,A,r,f); otype(M,A,r,i);
```
```   309        D \<subseteq> obase(M,A,r); M(A); M(r); M(f); M(i) |]
```
```   310       ==> restrict(f,D) \<in> (\<langle>D,r\<rangle> \<cong> \<langle>f``D, Memrel(f``D)\<rangle>)"
```
```   311 apply (frule ord_iso_restrict_image [OF omap_ord_iso [of A r f i]],
```
```   312        assumption+)
```
```   313 apply (drule ord_iso_sym [THEN subset_ord_iso_Memrel])
```
```   314 apply (blast dest: subsetD [OF omap_subset])
```
```   315 apply (drule ord_iso_sym, simp)
```
```   316 done
```
```   317
```
```   318 lemma (in M_ordertype) obase_equals:
```
```   319      "[| wellordered(M,A,r); omap(M,A,r,f); otype(M,A,r,i);
```
```   320        M(A); M(r); M(f); M(i) |] ==> obase(M,A,r) = A"
```
```   321 apply (rule equalityI, force simp add: obase_def, clarify)
```
```   322 apply (unfold obase_def, simp)
```
```   323 apply (frule wellordered_is_wellfounded_on, assumption)
```
```   324 apply (erule wellfounded_on_induct, assumption+)
```
```   325  apply (frule obase_equals_separation [of A r], assumption)
```
```   326  apply (simp, clarify)
```
```   327 apply (rename_tac b)
```
```   328 apply (subgoal_tac "Order.pred(A,b,r) <= obase(M,A,r)")
```
```   329  apply (blast intro!: restrict_omap_ord_iso Ord_omap_image_pred)
```
```   330 apply (force simp add: pred_iff obase_def)
```
```   331 done
```
```   332
```
```   333
```
```   334
```
```   335 text{*Main result: @{term om} gives the order-isomorphism
```
```   336       @{term "\<langle>A,r\<rangle> \<cong> \<langle>i, Memrel(i)\<rangle>"} *}
```
```   337 theorem (in M_ordertype) omap_ord_iso_otype:
```
```   338      "[| wellordered(M,A,r); omap(M,A,r,f); otype(M,A,r,i);
```
```   339        M(A); M(r); M(f); M(i) |] ==> f \<in> ord_iso(A, r, i, Memrel(i))"
```
```   340 apply (frule omap_ord_iso, assumption+)
```
```   341 apply (simp add: obase_equals)
```
```   342 done
```
```   343
```
```   344 lemma (in M_ordertype) obase_exists:
```
```   345      "[| M(A); M(r) |] ==> M(obase(M,A,r))"
```
```   346 apply (simp add: obase_def)
```
```   347 apply (insert obase_separation [of A r])
```
```   348 apply (simp add: separation_def)
```
```   349 done
```
```   350
```
```   351 lemma (in M_ordertype) omap_exists:
```
```   352      "[| M(A); M(r) |] ==> \<exists>z[M]. omap(M,A,r,z)"
```
```   353 apply (simp add: omap_def)
```
```   354 apply (insert omap_replacement [of A r])
```
```   355 apply (simp add: strong_replacement_def)
```
```   356 apply (drule_tac x="obase(M,A,r)" in rspec)
```
```   357  apply (simp add: obase_exists)
```
```   358 apply (simp add: Memrel_closed pred_closed obase_def)
```
```   359 apply (erule impE)
```
```   360  apply (clarsimp simp add: univalent_def)
```
```   361  apply (blast intro: Ord_iso_implies_eq ord_iso_sym ord_iso_trans, clarify)
```
```   362 apply (rule_tac x=Y in rexI)
```
```   363 apply (simp add: Memrel_closed pred_closed obase_def, blast, assumption)
```
```   364 done
```
```   365
```
```   366 declare rall_simps [simp] rex_simps [simp]
```
```   367
```
```   368 lemma (in M_ordertype) otype_exists:
```
```   369      "[| wellordered(M,A,r); M(A); M(r) |] ==> \<exists>i[M]. otype(M,A,r,i)"
```
```   370 apply (insert omap_exists [of A r])
```
```   371 apply (simp add: otype_def, safe)
```
```   372 apply (rule_tac x="range(x)" in rexI)
```
```   373 apply blast+
```
```   374 done
```
```   375
```
```   376 lemma (in M_ordertype) ordertype_exists:
```
```   377      "[| wellordered(M,A,r); M(A); M(r) |]
```
```   378       ==> \<exists>f[M]. (\<exists>i[M]. Ord(i) & f \<in> ord_iso(A, r, i, Memrel(i)))"
```
```   379 apply (insert obase_exists [of A r] omap_exists [of A r] otype_exists [of A r], simp, clarify)
```
```   380 apply (rename_tac i)
```
```   381 apply (subgoal_tac "Ord(i)", blast intro: omap_ord_iso_otype)
```
```   382 apply (rule Ord_otype)
```
```   383     apply (force simp add: otype_def range_closed)
```
```   384    apply (simp_all add: wellordered_is_trans_on)
```
```   385 done
```
```   386
```
```   387
```
```   388 lemma (in M_ordertype) relativized_imp_well_ord:
```
```   389      "[| wellordered(M,A,r); M(A); M(r) |] ==> well_ord(A,r)"
```
```   390 apply (insert ordertype_exists [of A r], simp)
```
```   391 apply (blast intro: well_ord_ord_iso well_ord_Memrel)
```
```   392 done
```
```   393
```
```   394 subsection {*Kunen's theorem 5.4, page 127*}
```
```   395
```
```   396 text{*(a) The notion of Wellordering is absolute*}
```
```   397 theorem (in M_ordertype) well_ord_abs [simp]:
```
```   398      "[| M(A); M(r) |] ==> wellordered(M,A,r) <-> well_ord(A,r)"
```
```   399 by (blast intro: well_ord_imp_relativized relativized_imp_well_ord)
```
```   400
```
```   401
```
```   402 text{*(b) Order types are absolute*}
```
```   403 theorem (in M_ordertype)
```
```   404      "[| wellordered(M,A,r); f \<in> ord_iso(A, r, i, Memrel(i));
```
```   405        M(A); M(r); M(f); M(i); Ord(i) |] ==> i = ordertype(A,r)"
```
```   406 by (blast intro: Ord_ordertype relativized_imp_well_ord ordertype_ord_iso
```
```   407                  Ord_iso_implies_eq ord_iso_sym ord_iso_trans)
```
```   408
```
```   409
```
```   410 subsection{*Ordinal Arithmetic: Two Examples of Recursion*}
```
```   411
```
```   412 text{*Note: the remainder of this theory is not needed elsewhere.*}
```
```   413
```
```   414 subsubsection{*Ordinal Addition*}
```
```   415
```
```   416 (*FIXME: update to use new techniques!!*)
```
```   417  (*This expresses ordinal addition in the language of ZF.  It also
```
```   418    provides an abbreviation that can be used in the instance of strong
```
```   419    replacement below.  Here j is used to define the relation, namely
```
```   420    Memrel(succ(j)), while x determines the domain of f.*)
```
```   421 definition
```
```   422   is_oadd_fun :: "[i=>o,i,i,i,i] => o" where
```
```   423     "is_oadd_fun(M,i,j,x,f) ==
```
```   424        (\<forall>sj msj. M(sj) --> M(msj) -->
```
```   425                  successor(M,j,sj) --> membership(M,sj,msj) -->
```
```   426 	         M_is_recfun(M,
```
```   427 		     %x g y. \<exists>gx[M]. image(M,g,x,gx) & union(M,i,gx,y),
```
```   428 		     msj, x, f))"
```
```   429
```
```   430 definition
```
```   431   is_oadd :: "[i=>o,i,i,i] => o" where
```
```   432     "is_oadd(M,i,j,k) ==
```
```   433         (~ ordinal(M,i) & ~ ordinal(M,j) & k=0) |
```
```   434         (~ ordinal(M,i) & ordinal(M,j) & k=j) |
```
```   435         (ordinal(M,i) & ~ ordinal(M,j) & k=i) |
```
```   436         (ordinal(M,i) & ordinal(M,j) &
```
```   437 	 (\<exists>f fj sj. M(f) & M(fj) & M(sj) &
```
```   438 		    successor(M,j,sj) & is_oadd_fun(M,i,sj,sj,f) &
```
```   439 		    fun_apply(M,f,j,fj) & fj = k))"
```
```   440
```
```   441 definition
```
```   442  (*NEEDS RELATIVIZATION*)
```
```   443   omult_eqns :: "[i,i,i,i] => o" where
```
```   444     "omult_eqns(i,x,g,z) ==
```
```   445             Ord(x) &
```
```   446 	    (x=0 --> z=0) &
```
```   447             (\<forall>j. x = succ(j) --> z = g`j ++ i) &
```
```   448             (Limit(x) --> z = \<Union>(g``x))"
```
```   449
```
```   450 definition
```
```   451   is_omult_fun :: "[i=>o,i,i,i] => o" where
```
```   452     "is_omult_fun(M,i,j,f) ==
```
```   453 	    (\<exists>df. M(df) & is_function(M,f) &
```
```   454                   is_domain(M,f,df) & subset(M, j, df)) &
```
```   455             (\<forall>x\<in>j. omult_eqns(i,x,f,f`x))"
```
```   456
```
```   457 definition
```
```   458   is_omult :: "[i=>o,i,i,i] => o" where
```
```   459     "is_omult(M,i,j,k) ==
```
```   460 	\<exists>f fj sj. M(f) & M(fj) & M(sj) &
```
```   461                   successor(M,j,sj) & is_omult_fun(M,i,sj,f) &
```
```   462                   fun_apply(M,f,j,fj) & fj = k"
```
```   463
```
```   464
```
```   465 locale M_ord_arith = M_ordertype +
```
```   466   assumes oadd_strong_replacement:
```
```   467    "[| M(i); M(j) |] ==>
```
```   468     strong_replacement(M,
```
```   469          \<lambda>x z. \<exists>y[M]. pair(M,x,y,z) &
```
```   470                   (\<exists>f[M]. \<exists>fx[M]. is_oadd_fun(M,i,j,x,f) &
```
```   471 		           image(M,f,x,fx) & y = i Un fx))"
```
```   472
```
```   473  and omult_strong_replacement':
```
```   474    "[| M(i); M(j) |] ==>
```
```   475     strong_replacement(M,
```
```   476          \<lambda>x z. \<exists>y[M]. z = <x,y> &
```
```   477 	     (\<exists>g[M]. is_recfun(Memrel(succ(j)),x,%x g. THE z. omult_eqns(i,x,g,z),g) &
```
```   478 	     y = (THE z. omult_eqns(i, x, g, z))))"
```
```   479
```
```   480
```
```   481
```
```   482 text{*@{text is_oadd_fun}: Relating the pure "language of set theory" to Isabelle/ZF*}
```
```   483 lemma (in M_ord_arith) is_oadd_fun_iff:
```
```   484    "[| a\<le>j; M(i); M(j); M(a); M(f) |]
```
```   485     ==> is_oadd_fun(M,i,j,a,f) <->
```
```   486 	f \<in> a \<rightarrow> range(f) & (\<forall>x. M(x) --> x < a --> f`x = i Un f``x)"
```
```   487 apply (frule lt_Ord)
```
```   488 apply (simp add: is_oadd_fun_def Memrel_closed Un_closed
```
```   489              relation2_def is_recfun_abs [of "%x g. i Un g``x"]
```
```   490              image_closed is_recfun_iff_equation
```
```   491              Ball_def lt_trans [OF ltI, of _ a] lt_Memrel)
```
```   492 apply (simp add: lt_def)
```
```   493 apply (blast dest: transM)
```
```   494 done
```
```   495
```
```   496
```
```   497 lemma (in M_ord_arith) oadd_strong_replacement':
```
```   498     "[| M(i); M(j) |] ==>
```
```   499      strong_replacement(M,
```
```   500             \<lambda>x z. \<exists>y[M]. z = <x,y> &
```
```   501 		  (\<exists>g[M]. is_recfun(Memrel(succ(j)),x,%x g. i Un g``x,g) &
```
```   502 		  y = i Un g``x))"
```
```   503 apply (insert oadd_strong_replacement [of i j])
```
```   504 apply (simp add: is_oadd_fun_def relation2_def
```
```   505                  is_recfun_abs [of "%x g. i Un g``x"])
```
```   506 done
```
```   507
```
```   508
```
```   509 lemma (in M_ord_arith) exists_oadd:
```
```   510     "[| Ord(j);  M(i);  M(j) |]
```
```   511      ==> \<exists>f[M]. is_recfun(Memrel(succ(j)), j, %x g. i Un g``x, f)"
```
```   512 apply (rule wf_exists_is_recfun [OF wf_Memrel trans_Memrel])
```
```   513     apply (simp_all add: Memrel_type oadd_strong_replacement')
```
```   514 done
```
```   515
```
```   516 lemma (in M_ord_arith) exists_oadd_fun:
```
```   517     "[| Ord(j);  M(i);  M(j) |] ==> \<exists>f[M]. is_oadd_fun(M,i,succ(j),succ(j),f)"
```
```   518 apply (rule exists_oadd [THEN rexE])
```
```   519 apply (erule Ord_succ, assumption, simp)
```
```   520 apply (rename_tac f)
```
```   521 apply (frule is_recfun_type)
```
```   522 apply (rule_tac x=f in rexI)
```
```   523  apply (simp add: fun_is_function domain_of_fun lt_Memrel apply_recfun lt_def
```
```   524                   is_oadd_fun_iff Ord_trans [OF _ succI1], assumption)
```
```   525 done
```
```   526
```
```   527 lemma (in M_ord_arith) is_oadd_fun_apply:
```
```   528     "[| x < j; M(i); M(j); M(f); is_oadd_fun(M,i,j,j,f) |]
```
```   529      ==> f`x = i Un (\<Union>k\<in>x. {f ` k})"
```
```   530 apply (simp add: is_oadd_fun_iff lt_Ord2, clarify)
```
```   531 apply (frule lt_closed, simp)
```
```   532 apply (frule leI [THEN le_imp_subset])
```
```   533 apply (simp add: image_fun, blast)
```
```   534 done
```
```   535
```
```   536 lemma (in M_ord_arith) is_oadd_fun_iff_oadd [rule_format]:
```
```   537     "[| is_oadd_fun(M,i,J,J,f); M(i); M(J); M(f); Ord(i); Ord(j) |]
```
```   538      ==> j<J --> f`j = i++j"
```
```   539 apply (erule_tac i=j in trans_induct, clarify)
```
```   540 apply (subgoal_tac "\<forall>k\<in>x. k<J")
```
```   541  apply (simp (no_asm_simp) add: is_oadd_def oadd_unfold is_oadd_fun_apply)
```
```   542 apply (blast intro: lt_trans ltI lt_Ord)
```
```   543 done
```
```   544
```
```   545 lemma (in M_ord_arith) Ord_oadd_abs:
```
```   546     "[| M(i); M(j); M(k); Ord(i); Ord(j) |] ==> is_oadd(M,i,j,k) <-> k = i++j"
```
```   547 apply (simp add: is_oadd_def is_oadd_fun_iff_oadd)
```
```   548 apply (frule exists_oadd_fun [of j i], blast+)
```
```   549 done
```
```   550
```
```   551 lemma (in M_ord_arith) oadd_abs:
```
```   552     "[| M(i); M(j); M(k) |] ==> is_oadd(M,i,j,k) <-> k = i++j"
```
```   553 apply (case_tac "Ord(i) & Ord(j)")
```
```   554  apply (simp add: Ord_oadd_abs)
```
```   555 apply (auto simp add: is_oadd_def oadd_eq_if_raw_oadd)
```
```   556 done
```
```   557
```
```   558 lemma (in M_ord_arith) oadd_closed [intro,simp]:
```
```   559     "[| M(i); M(j) |] ==> M(i++j)"
```
```   560 apply (simp add: oadd_eq_if_raw_oadd, clarify)
```
```   561 apply (simp add: raw_oadd_eq_oadd)
```
```   562 apply (frule exists_oadd_fun [of j i], auto)
```
```   563 apply (simp add: apply_closed is_oadd_fun_iff_oadd [symmetric])
```
```   564 done
```
```   565
```
```   566
```
```   567 subsubsection{*Ordinal Multiplication*}
```
```   568
```
```   569 lemma omult_eqns_unique:
```
```   570      "[| omult_eqns(i,x,g,z); omult_eqns(i,x,g,z') |] ==> z=z'";
```
```   571 apply (simp add: omult_eqns_def, clarify)
```
```   572 apply (erule Ord_cases, simp_all)
```
```   573 done
```
```   574
```
```   575 lemma omult_eqns_0: "omult_eqns(i,0,g,z) <-> z=0"
```
```   576 by (simp add: omult_eqns_def)
```
```   577
```
```   578 lemma the_omult_eqns_0: "(THE z. omult_eqns(i,0,g,z)) = 0"
```
```   579 by (simp add: omult_eqns_0)
```
```   580
```
```   581 lemma omult_eqns_succ: "omult_eqns(i,succ(j),g,z) <-> Ord(j) & z = g`j ++ i"
```
```   582 by (simp add: omult_eqns_def)
```
```   583
```
```   584 lemma the_omult_eqns_succ:
```
```   585      "Ord(j) ==> (THE z. omult_eqns(i,succ(j),g,z)) = g`j ++ i"
```
```   586 by (simp add: omult_eqns_succ)
```
```   587
```
```   588 lemma omult_eqns_Limit:
```
```   589      "Limit(x) ==> omult_eqns(i,x,g,z) <-> z = \<Union>(g``x)"
```
```   590 apply (simp add: omult_eqns_def)
```
```   591 apply (blast intro: Limit_is_Ord)
```
```   592 done
```
```   593
```
```   594 lemma the_omult_eqns_Limit:
```
```   595      "Limit(x) ==> (THE z. omult_eqns(i,x,g,z)) = \<Union>(g``x)"
```
```   596 by (simp add: omult_eqns_Limit)
```
```   597
```
```   598 lemma omult_eqns_Not: "~ Ord(x) ==> ~ omult_eqns(i,x,g,z)"
```
```   599 by (simp add: omult_eqns_def)
```
```   600
```
```   601
```
```   602 lemma (in M_ord_arith) the_omult_eqns_closed:
```
```   603     "[| M(i); M(x); M(g); function(g) |]
```
```   604      ==> M(THE z. omult_eqns(i, x, g, z))"
```
```   605 apply (case_tac "Ord(x)")
```
```   606  prefer 2 apply (simp add: omult_eqns_Not) --{*trivial, non-Ord case*}
```
```   607 apply (erule Ord_cases)
```
```   608   apply (simp add: omult_eqns_0)
```
```   609  apply (simp add: omult_eqns_succ apply_closed oadd_closed)
```
```   610 apply (simp add: omult_eqns_Limit)
```
```   611 done
```
```   612
```
```   613 lemma (in M_ord_arith) exists_omult:
```
```   614     "[| Ord(j);  M(i);  M(j) |]
```
```   615      ==> \<exists>f[M]. is_recfun(Memrel(succ(j)), j, %x g. THE z. omult_eqns(i,x,g,z), f)"
```
```   616 apply (rule wf_exists_is_recfun [OF wf_Memrel trans_Memrel])
```
```   617     apply (simp_all add: Memrel_type omult_strong_replacement')
```
```   618 apply (blast intro: the_omult_eqns_closed)
```
```   619 done
```
```   620
```
```   621 lemma (in M_ord_arith) exists_omult_fun:
```
```   622     "[| Ord(j);  M(i);  M(j) |] ==> \<exists>f[M]. is_omult_fun(M,i,succ(j),f)"
```
```   623 apply (rule exists_omult [THEN rexE])
```
```   624 apply (erule Ord_succ, assumption, simp)
```
```   625 apply (rename_tac f)
```
```   626 apply (frule is_recfun_type)
```
```   627 apply (rule_tac x=f in rexI)
```
```   628 apply (simp add: fun_is_function domain_of_fun lt_Memrel apply_recfun lt_def
```
```   629                  is_omult_fun_def Ord_trans [OF _ succI1])
```
```   630  apply (force dest: Ord_in_Ord'
```
```   631               simp add: omult_eqns_def the_omult_eqns_0 the_omult_eqns_succ
```
```   632                         the_omult_eqns_Limit, assumption)
```
```   633 done
```
```   634
```
```   635 lemma (in M_ord_arith) is_omult_fun_apply_0:
```
```   636     "[| 0 < j; is_omult_fun(M,i,j,f) |] ==> f`0 = 0"
```
```   637 by (simp add: is_omult_fun_def omult_eqns_def lt_def ball_conj_distrib)
```
```   638
```
```   639 lemma (in M_ord_arith) is_omult_fun_apply_succ:
```
```   640     "[| succ(x) < j; is_omult_fun(M,i,j,f) |] ==> f`succ(x) = f`x ++ i"
```
```   641 by (simp add: is_omult_fun_def omult_eqns_def lt_def, blast)
```
```   642
```
```   643 lemma (in M_ord_arith) is_omult_fun_apply_Limit:
```
```   644     "[| x < j; Limit(x); M(j); M(f); is_omult_fun(M,i,j,f) |]
```
```   645      ==> f ` x = (\<Union>y\<in>x. f`y)"
```
```   646 apply (simp add: is_omult_fun_def omult_eqns_def domain_closed lt_def, clarify)
```
```   647 apply (drule subset_trans [OF OrdmemD], assumption+)
```
```   648 apply (simp add: ball_conj_distrib omult_Limit image_function)
```
```   649 done
```
```   650
```
```   651 lemma (in M_ord_arith) is_omult_fun_eq_omult:
```
```   652     "[| is_omult_fun(M,i,J,f); M(J); M(f); Ord(i); Ord(j) |]
```
```   653      ==> j<J --> f`j = i**j"
```
```   654 apply (erule_tac i=j in trans_induct3)
```
```   655 apply (safe del: impCE)
```
```   656   apply (simp add: is_omult_fun_apply_0)
```
```   657  apply (subgoal_tac "x<J")
```
```   658   apply (simp add: is_omult_fun_apply_succ omult_succ)
```
```   659  apply (blast intro: lt_trans)
```
```   660 apply (subgoal_tac "\<forall>k\<in>x. k<J")
```
```   661  apply (simp add: is_omult_fun_apply_Limit omult_Limit)
```
```   662 apply (blast intro: lt_trans ltI lt_Ord)
```
```   663 done
```
```   664
```
```   665 lemma (in M_ord_arith) omult_abs:
```
```   666     "[| M(i); M(j); M(k); Ord(i); Ord(j) |] ==> is_omult(M,i,j,k) <-> k = i**j"
```
```   667 apply (simp add: is_omult_def is_omult_fun_eq_omult)
```
```   668 apply (frule exists_omult_fun [of j i], blast+)
```
```   669 done
```
```   670
```
```   671
```
```   672
```
```   673 subsection {*Absoluteness of Well-Founded Relations*}
```
```   674
```
```   675 text{*Relativized to @{term M}: Every well-founded relation is a subset of some
```
```   676 inverse image of an ordinal.  Key step is the construction (in @{term M}) of a
```
```   677 rank function.*}
```
```   678
```
```   679 locale M_wfrank = M_trancl +
```
```   680   assumes wfrank_separation:
```
```   681      "M(r) ==>
```
```   682       separation (M, \<lambda>x.
```
```   683          \<forall>rplus[M]. tran_closure(M,r,rplus) -->
```
```   684          ~ (\<exists>f[M]. M_is_recfun(M, %x f y. is_range(M,f,y), rplus, x, f)))"
```
```   685  and wfrank_strong_replacement:
```
```   686      "M(r) ==>
```
```   687       strong_replacement(M, \<lambda>x z.
```
```   688          \<forall>rplus[M]. tran_closure(M,r,rplus) -->
```
```   689          (\<exists>y[M]. \<exists>f[M]. pair(M,x,y,z)  &
```
```   690                         M_is_recfun(M, %x f y. is_range(M,f,y), rplus, x, f) &
```
```   691                         is_range(M,f,y)))"
```
```   692  and Ord_wfrank_separation:
```
```   693      "M(r) ==>
```
```   694       separation (M, \<lambda>x.
```
```   695          \<forall>rplus[M]. tran_closure(M,r,rplus) -->
```
```   696           ~ (\<forall>f[M]. \<forall>rangef[M].
```
```   697              is_range(M,f,rangef) -->
```
```   698              M_is_recfun(M, \<lambda>x f y. is_range(M,f,y), rplus, x, f) -->
```
```   699              ordinal(M,rangef)))"
```
```   700
```
```   701
```
```   702 text{*Proving that the relativized instances of Separation or Replacement
```
```   703 agree with the "real" ones.*}
```
```   704
```
```   705 lemma (in M_wfrank) wfrank_separation':
```
```   706      "M(r) ==>
```
```   707       separation
```
```   708 	   (M, \<lambda>x. ~ (\<exists>f[M]. is_recfun(r^+, x, %x f. range(f), f)))"
```
```   709 apply (insert wfrank_separation [of r])
```
```   710 apply (simp add: relation2_def is_recfun_abs [of "%x. range"])
```
```   711 done
```
```   712
```
```   713 lemma (in M_wfrank) wfrank_strong_replacement':
```
```   714      "M(r) ==>
```
```   715       strong_replacement(M, \<lambda>x z. \<exists>y[M]. \<exists>f[M].
```
```   716 		  pair(M,x,y,z) & is_recfun(r^+, x, %x f. range(f), f) &
```
```   717 		  y = range(f))"
```
```   718 apply (insert wfrank_strong_replacement [of r])
```
```   719 apply (simp add: relation2_def is_recfun_abs [of "%x. range"])
```
```   720 done
```
```   721
```
```   722 lemma (in M_wfrank) Ord_wfrank_separation':
```
```   723      "M(r) ==>
```
```   724       separation (M, \<lambda>x.
```
```   725          ~ (\<forall>f[M]. is_recfun(r^+, x, \<lambda>x. range, f) --> Ord(range(f))))"
```
```   726 apply (insert Ord_wfrank_separation [of r])
```
```   727 apply (simp add: relation2_def is_recfun_abs [of "%x. range"])
```
```   728 done
```
```   729
```
```   730 text{*This function, defined using replacement, is a rank function for
```
```   731 well-founded relations within the class M.*}
```
```   732 definition
```
```   733   wellfoundedrank :: "[i=>o,i,i] => i" where
```
```   734     "wellfoundedrank(M,r,A) ==
```
```   735         {p. x\<in>A, \<exists>y[M]. \<exists>f[M].
```
```   736                        p = <x,y> & is_recfun(r^+, x, %x f. range(f), f) &
```
```   737                        y = range(f)}"
```
```   738
```
```   739 lemma (in M_wfrank) exists_wfrank:
```
```   740     "[| wellfounded(M,r); M(a); M(r) |]
```
```   741      ==> \<exists>f[M]. is_recfun(r^+, a, %x f. range(f), f)"
```
```   742 apply (rule wellfounded_exists_is_recfun)
```
```   743       apply (blast intro: wellfounded_trancl)
```
```   744      apply (rule trans_trancl)
```
```   745     apply (erule wfrank_separation')
```
```   746    apply (erule wfrank_strong_replacement')
```
```   747 apply (simp_all add: trancl_subset_times)
```
```   748 done
```
```   749
```
```   750 lemma (in M_wfrank) M_wellfoundedrank:
```
```   751     "[| wellfounded(M,r); M(r); M(A) |] ==> M(wellfoundedrank(M,r,A))"
```
```   752 apply (insert wfrank_strong_replacement' [of r])
```
```   753 apply (simp add: wellfoundedrank_def)
```
```   754 apply (rule strong_replacement_closed)
```
```   755    apply assumption+
```
```   756  apply (rule univalent_is_recfun)
```
```   757    apply (blast intro: wellfounded_trancl)
```
```   758   apply (rule trans_trancl)
```
```   759  apply (simp add: trancl_subset_times)
```
```   760 apply (blast dest: transM)
```
```   761 done
```
```   762
```
```   763 lemma (in M_wfrank) Ord_wfrank_range [rule_format]:
```
```   764     "[| wellfounded(M,r); a\<in>A; M(r); M(A) |]
```
```   765      ==> \<forall>f[M]. is_recfun(r^+, a, %x f. range(f), f) --> Ord(range(f))"
```
```   766 apply (drule wellfounded_trancl, assumption)
```
```   767 apply (rule wellfounded_induct, assumption, erule (1) transM)
```
```   768   apply simp
```
```   769  apply (blast intro: Ord_wfrank_separation', clarify)
```
```   770 txt{*The reasoning in both cases is that we get @{term y} such that
```
```   771    @{term "\<langle>y, x\<rangle> \<in> r^+"}.  We find that
```
```   772    @{term "f`y = restrict(f, r^+ -`` {y})"}. *}
```
```   773 apply (rule OrdI [OF _ Ord_is_Transset])
```
```   774  txt{*An ordinal is a transitive set...*}
```
```   775  apply (simp add: Transset_def)
```
```   776  apply clarify
```
```   777  apply (frule apply_recfun2, assumption)
```
```   778  apply (force simp add: restrict_iff)
```
```   779 txt{*...of ordinals.  This second case requires the induction hyp.*}
```
```   780 apply clarify
```
```   781 apply (rename_tac i y)
```
```   782 apply (frule apply_recfun2, assumption)
```
```   783 apply (frule is_recfun_imp_in_r, assumption)
```
```   784 apply (frule is_recfun_restrict)
```
```   785     (*simp_all won't work*)
```
```   786     apply (simp add: trans_trancl trancl_subset_times)+
```
```   787 apply (drule spec [THEN mp], assumption)
```
```   788 apply (subgoal_tac "M(restrict(f, r^+ -`` {y}))")
```
```   789  apply (drule_tac x="restrict(f, r^+ -`` {y})" in rspec)
```
```   790 apply assumption
```
```   791  apply (simp add: function_apply_equality [OF _ is_recfun_imp_function])
```
```   792 apply (blast dest: pair_components_in_M)
```
```   793 done
```
```   794
```
```   795 lemma (in M_wfrank) Ord_range_wellfoundedrank:
```
```   796     "[| wellfounded(M,r); r \<subseteq> A*A;  M(r); M(A) |]
```
```   797      ==> Ord (range(wellfoundedrank(M,r,A)))"
```
```   798 apply (frule wellfounded_trancl, assumption)
```
```   799 apply (frule trancl_subset_times)
```
```   800 apply (simp add: wellfoundedrank_def)
```
```   801 apply (rule OrdI [OF _ Ord_is_Transset])
```
```   802  prefer 2
```
```   803  txt{*by our previous result the range consists of ordinals.*}
```
```   804  apply (blast intro: Ord_wfrank_range)
```
```   805 txt{*We still must show that the range is a transitive set.*}
```
```   806 apply (simp add: Transset_def, clarify, simp)
```
```   807 apply (rename_tac x i f u)
```
```   808 apply (frule is_recfun_imp_in_r, assumption)
```
```   809 apply (subgoal_tac "M(u) & M(i) & M(x)")
```
```   810  prefer 2 apply (blast dest: transM, clarify)
```
```   811 apply (rule_tac a=u in rangeI)
```
```   812 apply (rule_tac x=u in ReplaceI)
```
```   813   apply simp
```
```   814   apply (rule_tac x="restrict(f, r^+ -`` {u})" in rexI)
```
```   815    apply (blast intro: is_recfun_restrict trans_trancl dest: apply_recfun2)
```
```   816   apply simp
```
```   817 apply blast
```
```   818 txt{*Unicity requirement of Replacement*}
```
```   819 apply clarify
```
```   820 apply (frule apply_recfun2, assumption)
```
```   821 apply (simp add: trans_trancl is_recfun_cut)
```
```   822 done
```
```   823
```
```   824 lemma (in M_wfrank) function_wellfoundedrank:
```
```   825     "[| wellfounded(M,r); M(r); M(A)|]
```
```   826      ==> function(wellfoundedrank(M,r,A))"
```
```   827 apply (simp add: wellfoundedrank_def function_def, clarify)
```
```   828 txt{*Uniqueness: repeated below!*}
```
```   829 apply (drule is_recfun_functional, assumption)
```
```   830      apply (blast intro: wellfounded_trancl)
```
```   831     apply (simp_all add: trancl_subset_times trans_trancl)
```
```   832 done
```
```   833
```
```   834 lemma (in M_wfrank) domain_wellfoundedrank:
```
```   835     "[| wellfounded(M,r); M(r); M(A)|]
```
```   836      ==> domain(wellfoundedrank(M,r,A)) = A"
```
```   837 apply (simp add: wellfoundedrank_def function_def)
```
```   838 apply (rule equalityI, auto)
```
```   839 apply (frule transM, assumption)
```
```   840 apply (frule_tac a=x in exists_wfrank, assumption+, clarify)
```
```   841 apply (rule_tac b="range(f)" in domainI)
```
```   842 apply (rule_tac x=x in ReplaceI)
```
```   843   apply simp
```
```   844   apply (rule_tac x=f in rexI, blast, simp_all)
```
```   845 txt{*Uniqueness (for Replacement): repeated above!*}
```
```   846 apply clarify
```
```   847 apply (drule is_recfun_functional, assumption)
```
```   848     apply (blast intro: wellfounded_trancl)
```
```   849     apply (simp_all add: trancl_subset_times trans_trancl)
```
```   850 done
```
```   851
```
```   852 lemma (in M_wfrank) wellfoundedrank_type:
```
```   853     "[| wellfounded(M,r);  M(r); M(A)|]
```
```   854      ==> wellfoundedrank(M,r,A) \<in> A -> range(wellfoundedrank(M,r,A))"
```
```   855 apply (frule function_wellfoundedrank [of r A], assumption+)
```
```   856 apply (frule function_imp_Pi)
```
```   857  apply (simp add: wellfoundedrank_def relation_def)
```
```   858  apply blast
```
```   859 apply (simp add: domain_wellfoundedrank)
```
```   860 done
```
```   861
```
```   862 lemma (in M_wfrank) Ord_wellfoundedrank:
```
```   863     "[| wellfounded(M,r); a \<in> A; r \<subseteq> A*A;  M(r); M(A) |]
```
```   864      ==> Ord(wellfoundedrank(M,r,A) ` a)"
```
```   865 by (blast intro: apply_funtype [OF wellfoundedrank_type]
```
```   866                  Ord_in_Ord [OF Ord_range_wellfoundedrank])
```
```   867
```
```   868 lemma (in M_wfrank) wellfoundedrank_eq:
```
```   869      "[| is_recfun(r^+, a, %x. range, f);
```
```   870          wellfounded(M,r);  a \<in> A; M(f); M(r); M(A)|]
```
```   871       ==> wellfoundedrank(M,r,A) ` a = range(f)"
```
```   872 apply (rule apply_equality)
```
```   873  prefer 2 apply (blast intro: wellfoundedrank_type)
```
```   874 apply (simp add: wellfoundedrank_def)
```
```   875 apply (rule ReplaceI)
```
```   876   apply (rule_tac x="range(f)" in rexI)
```
```   877   apply blast
```
```   878  apply simp_all
```
```   879 txt{*Unicity requirement of Replacement*}
```
```   880 apply clarify
```
```   881 apply (drule is_recfun_functional, assumption)
```
```   882     apply (blast intro: wellfounded_trancl)
```
```   883     apply (simp_all add: trancl_subset_times trans_trancl)
```
```   884 done
```
```   885
```
```   886
```
```   887 lemma (in M_wfrank) wellfoundedrank_lt:
```
```   888      "[| <a,b> \<in> r;
```
```   889          wellfounded(M,r); r \<subseteq> A*A;  M(r); M(A)|]
```
```   890       ==> wellfoundedrank(M,r,A) ` a < wellfoundedrank(M,r,A) ` b"
```
```   891 apply (frule wellfounded_trancl, assumption)
```
```   892 apply (subgoal_tac "a\<in>A & b\<in>A")
```
```   893  prefer 2 apply blast
```
```   894 apply (simp add: lt_def Ord_wellfoundedrank, clarify)
```
```   895 apply (frule exists_wfrank [of concl: _ b], erule (1) transM, assumption)
```
```   896 apply clarify
```
```   897 apply (rename_tac fb)
```
```   898 apply (frule is_recfun_restrict [of concl: "r^+" a])
```
```   899     apply (rule trans_trancl, assumption)
```
```   900    apply (simp_all add: r_into_trancl trancl_subset_times)
```
```   901 txt{*Still the same goal, but with new @{text is_recfun} assumptions.*}
```
```   902 apply (simp add: wellfoundedrank_eq)
```
```   903 apply (frule_tac a=a in wellfoundedrank_eq, assumption+)
```
```   904    apply (simp_all add: transM [of a])
```
```   905 txt{*We have used equations for wellfoundedrank and now must use some
```
```   906     for  @{text is_recfun}. *}
```
```   907 apply (rule_tac a=a in rangeI)
```
```   908 apply (simp add: is_recfun_type [THEN apply_iff] vimage_singleton_iff
```
```   909                  r_into_trancl apply_recfun r_into_trancl)
```
```   910 done
```
```   911
```
```   912
```
```   913 lemma (in M_wfrank) wellfounded_imp_subset_rvimage:
```
```   914      "[|wellfounded(M,r); r \<subseteq> A*A; M(r); M(A)|]
```
```   915       ==> \<exists>i f. Ord(i) & r <= rvimage(A, f, Memrel(i))"
```
```   916 apply (rule_tac x="range(wellfoundedrank(M,r,A))" in exI)
```
```   917 apply (rule_tac x="wellfoundedrank(M,r,A)" in exI)
```
```   918 apply (simp add: Ord_range_wellfoundedrank, clarify)
```
```   919 apply (frule subsetD, assumption, clarify)
```
```   920 apply (simp add: rvimage_iff wellfoundedrank_lt [THEN ltD])
```
```   921 apply (blast intro: apply_rangeI wellfoundedrank_type)
```
```   922 done
```
```   923
```
```   924 lemma (in M_wfrank) wellfounded_imp_wf:
```
```   925      "[|wellfounded(M,r); relation(r); M(r)|] ==> wf(r)"
```
```   926 by (blast dest!: relation_field_times_field wellfounded_imp_subset_rvimage
```
```   927           intro: wf_rvimage_Ord [THEN wf_subset])
```
```   928
```
```   929 lemma (in M_wfrank) wellfounded_on_imp_wf_on:
```
```   930      "[|wellfounded_on(M,A,r); relation(r); M(r); M(A)|] ==> wf[A](r)"
```
```   931 apply (simp add: wellfounded_on_iff_wellfounded wf_on_def)
```
```   932 apply (rule wellfounded_imp_wf)
```
```   933 apply (simp_all add: relation_def)
```
```   934 done
```
```   935
```
```   936
```
```   937 theorem (in M_wfrank) wf_abs:
```
```   938      "[|relation(r); M(r)|] ==> wellfounded(M,r) <-> wf(r)"
```
```   939 by (blast intro: wellfounded_imp_wf wf_imp_relativized)
```
```   940
```
```   941 theorem (in M_wfrank) wf_on_abs:
```
```   942      "[|relation(r); M(r); M(A)|] ==> wellfounded_on(M,A,r) <-> wf[A](r)"
```
```   943 by (blast intro: wellfounded_on_imp_wf_on wf_on_imp_relativized)
```
```   944
```
`   945 end`