Separation/Replacement up to M_wfrank!
authorpaulson
Thu Jul 11 13:43:24 2002 +0200 (2002-07-11)
changeset 13348374d05460db4
parent 13347 867f876589e7
child 13349 7d4441c8c46a
Separation/Replacement up to M_wfrank!
src/ZF/Constructible/Datatype_absolute.thy
src/ZF/Constructible/L_axioms.thy
src/ZF/Constructible/Rec_Separation.thy
src/ZF/Constructible/Relative.thy
src/ZF/Constructible/WF_absolute.thy
src/ZF/Constructible/WFrec.thy
     1.1 --- a/src/ZF/Constructible/Datatype_absolute.thy	Thu Jul 11 10:48:30 2002 +0200
     1.2 +++ b/src/ZF/Constructible/Datatype_absolute.thy	Thu Jul 11 13:43:24 2002 +0200
     1.3 @@ -121,7 +121,6 @@
     1.4                wf_Memrel trans_Memrel relation_Memrel nat_case_closed)
     1.5  
     1.6  
     1.7 -
     1.8  locale M_datatypes = M_wfrank +
     1.9  (*THEY NEED RELATIVIZATION*)
    1.10    assumes list_replacement1: 
    1.11 @@ -133,7 +132,7 @@
    1.12  		     is_recfun (memr, x,
    1.13  				\<lambda>n f. nat_case(0, \<lambda>m. {0} + A \<times> f`m, n), g) &
    1.14  		     y = nat_case(0, \<lambda>m. {0} + A \<times> g`m, x))"
    1.15 -      and list_replacement2': 
    1.16 +      and list_replacement2: 
    1.17             "M(A) ==> strong_replacement(M, \<lambda>x y. y = (\<lambda>X. {0} + A \<times> X)^x (0))"
    1.18  
    1.19  
    1.20 @@ -146,6 +145,10 @@
    1.21   	       z = nat_case(0, \<lambda>m. {0} + A \<times> g ` m, x)))"
    1.22  by (insert list_replacement1, simp add: nat_into_M) 
    1.23  
    1.24 +lemma (in M_datatypes) list_replacement2': 
    1.25 +  "M(A) ==> strong_replacement(M, \<lambda>x y. y = (\<lambda>X. {0} + A \<times> X)^x (0))"
    1.26 +by (insert list_replacement2, simp add: nat_into_M) 
    1.27 +
    1.28  
    1.29  lemma (in M_datatypes) list_closed [intro,simp]:
    1.30       "M(A) ==> M(list(A))"
     2.1 --- a/src/ZF/Constructible/L_axioms.thy	Thu Jul 11 10:48:30 2002 +0200
     2.2 +++ b/src/ZF/Constructible/L_axioms.thy	Thu Jul 11 13:43:24 2002 +0200
     2.3 @@ -884,6 +884,46 @@
     2.4  done
     2.5  
     2.6  
     2.7 +subsubsection{*Pre-Image under a Relation, Internalized*}
     2.8 +
     2.9 +(* "pre_image(M,r,A,z) == 
    2.10 +	\<forall>x[M]. x \<in> z <-> (\<exists>w[M]. w\<in>r & (\<exists>y[M]. y\<in>A & pair(M,x,y,w)))" *)
    2.11 +constdefs pre_image_fm :: "[i,i,i]=>i"
    2.12 +    "pre_image_fm(r,A,z) == 
    2.13 +       Forall(Iff(Member(0,succ(z)),
    2.14 +                  Exists(And(Member(0,succ(succ(r))),
    2.15 +                             Exists(And(Member(0,succ(succ(succ(A)))),
    2.16 +	 			        pair_fm(2,0,1)))))))"
    2.17 +
    2.18 +lemma pre_image_type [TC]:
    2.19 +     "[| x \<in> nat; y \<in> nat; z \<in> nat |] ==> pre_image_fm(x,y,z) \<in> formula"
    2.20 +by (simp add: pre_image_fm_def) 
    2.21 +
    2.22 +lemma arity_pre_image_fm [simp]:
    2.23 +     "[| x \<in> nat; y \<in> nat; z \<in> nat |] 
    2.24 +      ==> arity(pre_image_fm(x,y,z)) = succ(x) \<union> succ(y) \<union> succ(z)"
    2.25 +by (simp add: pre_image_fm_def succ_Un_distrib [symmetric] Un_ac) 
    2.26 +
    2.27 +lemma sats_pre_image_fm [simp]:
    2.28 +   "[| x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
    2.29 +    ==> sats(A, pre_image_fm(x,y,z), env) <-> 
    2.30 +        pre_image(**A, nth(x,env), nth(y,env), nth(z,env))"
    2.31 +by (simp add: pre_image_fm_def Relative.pre_image_def)
    2.32 +
    2.33 +lemma pre_image_iff_sats:
    2.34 +      "[| nth(i,env) = x; nth(j,env) = y; nth(k,env) = z; 
    2.35 +          i \<in> nat; j \<in> nat; k \<in> nat; env \<in> list(A)|]
    2.36 +       ==> pre_image(**A, x, y, z) <-> sats(A, pre_image_fm(i,j,k), env)"
    2.37 +by (simp add: sats_pre_image_fm)
    2.38 +
    2.39 +theorem pre_image_reflection:
    2.40 +     "REFLECTS[\<lambda>x. pre_image(L,f(x),g(x),h(x)), 
    2.41 +               \<lambda>i x. pre_image(**Lset(i),f(x),g(x),h(x))]"
    2.42 +apply (simp only: Relative.pre_image_def setclass_simps)
    2.43 +apply (intro FOL_reflections pair_reflection)  
    2.44 +done
    2.45 +
    2.46 +
    2.47  subsubsection{*The Concept of Relation, Internalized*}
    2.48  
    2.49  (* "is_relation(M,r) == 
    2.50 @@ -1000,7 +1040,7 @@
    2.51          fun_apply_reflection subset_reflection
    2.52  	transitive_set_reflection membership_reflection
    2.53  	pred_set_reflection domain_reflection range_reflection field_reflection
    2.54 -        image_reflection
    2.55 +        image_reflection pre_image_reflection
    2.56  	is_relation_reflection is_function_reflection
    2.57  
    2.58  lemmas function_iff_sats = 
    2.59 @@ -1008,7 +1048,7 @@
    2.60  	cons_iff_sats successor_iff_sats
    2.61          fun_apply_iff_sats  Memrel_iff_sats
    2.62  	pred_set_iff_sats domain_iff_sats range_iff_sats field_iff_sats
    2.63 -        image_iff_sats
    2.64 +        image_iff_sats pre_image_iff_sats 
    2.65  	relation_iff_sats function_iff_sats
    2.66  
    2.67  
    2.68 @@ -1189,6 +1229,46 @@
    2.69  done
    2.70  
    2.71  
    2.72 +subsubsection{*Restriction of a Relation, Internalized*}
    2.73 +
    2.74 +
    2.75 +(* "restriction(M,r,A,z) == 
    2.76 +	\<forall>x[M]. x \<in> z <-> (x \<in> r & (\<exists>u[M]. u\<in>A & (\<exists>v[M]. pair(M,u,v,x))))" *)
    2.77 +constdefs restriction_fm :: "[i,i,i]=>i"
    2.78 +    "restriction_fm(r,A,z) == 
    2.79 +       Forall(Iff(Member(0,succ(z)),
    2.80 +                  And(Member(0,succ(r)),
    2.81 +                      Exists(And(Member(0,succ(succ(A))),
    2.82 +                                 Exists(pair_fm(1,0,2)))))))"
    2.83 +
    2.84 +lemma restriction_type [TC]:
    2.85 +     "[| x \<in> nat; y \<in> nat; z \<in> nat |] ==> restriction_fm(x,y,z) \<in> formula"
    2.86 +by (simp add: restriction_fm_def) 
    2.87 +
    2.88 +lemma arity_restriction_fm [simp]:
    2.89 +     "[| x \<in> nat; y \<in> nat; z \<in> nat |] 
    2.90 +      ==> arity(restriction_fm(x,y,z)) = succ(x) \<union> succ(y) \<union> succ(z)"
    2.91 +by (simp add: restriction_fm_def succ_Un_distrib [symmetric] Un_ac) 
    2.92 +
    2.93 +lemma sats_restriction_fm [simp]:
    2.94 +   "[| x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
    2.95 +    ==> sats(A, restriction_fm(x,y,z), env) <-> 
    2.96 +        restriction(**A, nth(x,env), nth(y,env), nth(z,env))"
    2.97 +by (simp add: restriction_fm_def restriction_def)
    2.98 +
    2.99 +lemma restriction_iff_sats:
   2.100 +      "[| nth(i,env) = x; nth(j,env) = y; nth(k,env) = z; 
   2.101 +          i \<in> nat; j \<in> nat; k \<in> nat; env \<in> list(A)|]
   2.102 +       ==> restriction(**A, x, y, z) <-> sats(A, restriction_fm(i,j,k), env)"
   2.103 +by simp
   2.104 +
   2.105 +theorem restriction_reflection:
   2.106 +     "REFLECTS[\<lambda>x. restriction(L,f(x),g(x),h(x)), 
   2.107 +               \<lambda>i x. restriction(**Lset(i),f(x),g(x),h(x))]"
   2.108 +apply (simp only: restriction_def setclass_simps)
   2.109 +apply (intro FOL_reflections pair_reflection)  
   2.110 +done
   2.111 +
   2.112  subsubsection{*Order-Isomorphisms, Internalized*}
   2.113  
   2.114  (*  order_isomorphism :: "[i=>o,i,i,i,i,i] => o"
   2.115 @@ -1327,12 +1407,14 @@
   2.116  lemmas fun_plus_reflections =
   2.117          typed_function_reflection composition_reflection
   2.118          injection_reflection surjection_reflection
   2.119 -        bijection_reflection order_isomorphism_reflection
   2.120 +        bijection_reflection restriction_reflection
   2.121 +        order_isomorphism_reflection
   2.122          ordinal_reflection limit_ordinal_reflection omega_reflection
   2.123  
   2.124  lemmas fun_plus_iff_sats = 
   2.125  	typed_function_iff_sats composition_iff_sats
   2.126 -        injection_iff_sats surjection_iff_sats bijection_iff_sats 
   2.127 +        injection_iff_sats surjection_iff_sats 
   2.128 +        bijection_iff_sats restriction_iff_sats 
   2.129          order_isomorphism_iff_sats
   2.130          ordinal_iff_sats limit_ordinal_iff_sats omega_iff_sats
   2.131  
     3.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     3.2 +++ b/src/ZF/Constructible/Rec_Separation.thy	Thu Jul 11 13:43:24 2002 +0200
     3.3 @@ -0,0 +1,387 @@
     3.4 +header{*Separation for the Absoluteness of Recursion*}
     3.5 +
     3.6 +theory Rec_Separation = Separation:
     3.7 +
     3.8 +text{*This theory proves all instances needed for locales @{text
     3.9 +"M_trancl"}, @{text "M_wfrank"} and @{text "M_datatypes"}*}
    3.10 +
    3.11 +subsection{*The Locale @{text "M_trancl"}*}
    3.12 +
    3.13 +subsubsection{*Separation for Reflexive/Transitive Closure*}
    3.14 +
    3.15 +text{*First, The Defining Formula*}
    3.16 +
    3.17 +(* "rtran_closure_mem(M,A,r,p) ==
    3.18 +      \<exists>nnat[M]. \<exists>n[M]. \<exists>n'[M]. 
    3.19 +       omega(M,nnat) & n\<in>nnat & successor(M,n,n') &
    3.20 +       (\<exists>f[M]. typed_function(M,n',A,f) &
    3.21 +	(\<exists>x[M]. \<exists>y[M]. \<exists>zero[M]. pair(M,x,y,p) & empty(M,zero) &
    3.22 +	  fun_apply(M,f,zero,x) & fun_apply(M,f,n,y)) &
    3.23 +	(\<forall>j[M]. j\<in>n --> 
    3.24 +	  (\<exists>fj[M]. \<exists>sj[M]. \<exists>fsj[M]. \<exists>ffp[M]. 
    3.25 +	    fun_apply(M,f,j,fj) & successor(M,j,sj) &
    3.26 +	    fun_apply(M,f,sj,fsj) & pair(M,fj,fsj,ffp) & ffp \<in> r)))"*)
    3.27 +constdefs rtran_closure_mem_fm :: "[i,i,i]=>i"
    3.28 + "rtran_closure_mem_fm(A,r,p) == 
    3.29 +   Exists(Exists(Exists(
    3.30 +    And(omega_fm(2),
    3.31 +     And(Member(1,2),
    3.32 +      And(succ_fm(1,0),
    3.33 +       Exists(And(typed_function_fm(1, A#+4, 0),
    3.34 +	And(Exists(Exists(Exists(
    3.35 +	      And(pair_fm(2,1,p#+7), 
    3.36 +	       And(empty_fm(0),
    3.37 +		And(fun_apply_fm(3,0,2), fun_apply_fm(3,5,1))))))),
    3.38 +	    Forall(Implies(Member(0,3),
    3.39 +	     Exists(Exists(Exists(Exists(
    3.40 +	      And(fun_apply_fm(5,4,3),
    3.41 +	       And(succ_fm(4,2),
    3.42 +		And(fun_apply_fm(5,2,1),
    3.43 +		 And(pair_fm(3,1,0), Member(0,r#+9))))))))))))))))))))"
    3.44 +
    3.45 +
    3.46 +lemma rtran_closure_mem_type [TC]:
    3.47 + "[| x \<in> nat; y \<in> nat; z \<in> nat |] ==> rtran_closure_mem_fm(x,y,z) \<in> formula"
    3.48 +by (simp add: rtran_closure_mem_fm_def) 
    3.49 +
    3.50 +lemma arity_rtran_closure_mem_fm [simp]:
    3.51 +     "[| x \<in> nat; y \<in> nat; z \<in> nat |] 
    3.52 +      ==> arity(rtran_closure_mem_fm(x,y,z)) = succ(x) \<union> succ(y) \<union> succ(z)"
    3.53 +by (simp add: rtran_closure_mem_fm_def succ_Un_distrib [symmetric] Un_ac) 
    3.54 +
    3.55 +lemma sats_rtran_closure_mem_fm [simp]:
    3.56 +   "[| x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
    3.57 +    ==> sats(A, rtran_closure_mem_fm(x,y,z), env) <-> 
    3.58 +        rtran_closure_mem(**A, nth(x,env), nth(y,env), nth(z,env))"
    3.59 +by (simp add: rtran_closure_mem_fm_def rtran_closure_mem_def)
    3.60 +
    3.61 +lemma rtran_closure_mem_iff_sats:
    3.62 +      "[| nth(i,env) = x; nth(j,env) = y; nth(k,env) = z; 
    3.63 +          i \<in> nat; j \<in> nat; k \<in> nat; env \<in> list(A)|]
    3.64 +       ==> rtran_closure_mem(**A, x, y, z) <-> sats(A, rtran_closure_mem_fm(i,j,k), env)"
    3.65 +by (simp add: sats_rtran_closure_mem_fm)
    3.66 +
    3.67 +theorem rtran_closure_mem_reflection:
    3.68 +     "REFLECTS[\<lambda>x. rtran_closure_mem(L,f(x),g(x),h(x)), 
    3.69 +               \<lambda>i x. rtran_closure_mem(**Lset(i),f(x),g(x),h(x))]"
    3.70 +apply (simp only: rtran_closure_mem_def setclass_simps)
    3.71 +apply (intro FOL_reflections function_reflections fun_plus_reflections)  
    3.72 +done
    3.73 +
    3.74 +text{*Separation for @{term "rtrancl(r)"}.*}
    3.75 +lemma rtrancl_separation:
    3.76 +     "[| L(r); L(A) |] ==> separation (L, rtran_closure_mem(L,A,r))"
    3.77 +apply (rule separation_CollectI) 
    3.78 +apply (rule_tac A="{r,A,z}" in subset_LsetE, blast ) 
    3.79 +apply (rule ReflectsE [OF rtran_closure_mem_reflection], assumption)
    3.80 +apply (drule subset_Lset_ltD, assumption) 
    3.81 +apply (erule reflection_imp_L_separation)
    3.82 +  apply (simp_all add: lt_Ord2)
    3.83 +apply (rule DPowI2)
    3.84 +apply (rename_tac u)
    3.85 +apply (rule_tac env = "[u,r,A]" in rtran_closure_mem_iff_sats)
    3.86 +apply (rule sep_rules | simp)+
    3.87 +apply (simp_all add: succ_Un_distrib [symmetric])
    3.88 +done
    3.89 +
    3.90 +
    3.91 +subsubsection{*Reflexive/Transitive Closure, Internalized*}
    3.92 +
    3.93 +(*  "rtran_closure(M,r,s) == 
    3.94 +        \<forall>A[M]. is_field(M,r,A) -->
    3.95 + 	 (\<forall>p[M]. p \<in> s <-> rtran_closure_mem(M,A,r,p))" *)
    3.96 +constdefs rtran_closure_fm :: "[i,i]=>i"
    3.97 + "rtran_closure_fm(r,s) == 
    3.98 +   Forall(Implies(field_fm(succ(r),0),
    3.99 +                  Forall(Iff(Member(0,succ(succ(s))),
   3.100 +                             rtran_closure_mem_fm(1,succ(succ(r)),0)))))"
   3.101 +
   3.102 +lemma rtran_closure_type [TC]:
   3.103 +     "[| x \<in> nat; y \<in> nat |] ==> rtran_closure_fm(x,y) \<in> formula"
   3.104 +by (simp add: rtran_closure_fm_def) 
   3.105 +
   3.106 +lemma arity_rtran_closure_fm [simp]:
   3.107 +     "[| x \<in> nat; y \<in> nat |] 
   3.108 +      ==> arity(rtran_closure_fm(x,y)) = succ(x) \<union> succ(y)"
   3.109 +by (simp add: rtran_closure_fm_def succ_Un_distrib [symmetric] Un_ac)
   3.110 +
   3.111 +lemma sats_rtran_closure_fm [simp]:
   3.112 +   "[| x \<in> nat; y \<in> nat; env \<in> list(A)|]
   3.113 +    ==> sats(A, rtran_closure_fm(x,y), env) <-> 
   3.114 +        rtran_closure(**A, nth(x,env), nth(y,env))"
   3.115 +by (simp add: rtran_closure_fm_def rtran_closure_def)
   3.116 +
   3.117 +lemma rtran_closure_iff_sats:
   3.118 +      "[| nth(i,env) = x; nth(j,env) = y; 
   3.119 +          i \<in> nat; j \<in> nat; env \<in> list(A)|]
   3.120 +       ==> rtran_closure(**A, x, y) <-> sats(A, rtran_closure_fm(i,j), env)"
   3.121 +by simp
   3.122 +
   3.123 +theorem rtran_closure_reflection:
   3.124 +     "REFLECTS[\<lambda>x. rtran_closure(L,f(x),g(x)), 
   3.125 +               \<lambda>i x. rtran_closure(**Lset(i),f(x),g(x))]"
   3.126 +apply (simp only: rtran_closure_def setclass_simps)
   3.127 +apply (intro FOL_reflections function_reflections rtran_closure_mem_reflection)
   3.128 +done
   3.129 +
   3.130 +
   3.131 +subsubsection{*Transitive Closure of a Relation, Internalized*}
   3.132 +
   3.133 +(*  "tran_closure(M,r,t) ==
   3.134 +         \<exists>s[M]. rtran_closure(M,r,s) & composition(M,r,s,t)" *)
   3.135 +constdefs tran_closure_fm :: "[i,i]=>i"
   3.136 + "tran_closure_fm(r,s) == 
   3.137 +   Exists(And(rtran_closure_fm(succ(r),0), composition_fm(succ(r),0,succ(s))))"
   3.138 +
   3.139 +lemma tran_closure_type [TC]:
   3.140 +     "[| x \<in> nat; y \<in> nat |] ==> tran_closure_fm(x,y) \<in> formula"
   3.141 +by (simp add: tran_closure_fm_def) 
   3.142 +
   3.143 +lemma arity_tran_closure_fm [simp]:
   3.144 +     "[| x \<in> nat; y \<in> nat |] 
   3.145 +      ==> arity(tran_closure_fm(x,y)) = succ(x) \<union> succ(y)"
   3.146 +by (simp add: tran_closure_fm_def succ_Un_distrib [symmetric] Un_ac)
   3.147 +
   3.148 +lemma sats_tran_closure_fm [simp]:
   3.149 +   "[| x \<in> nat; y \<in> nat; env \<in> list(A)|]
   3.150 +    ==> sats(A, tran_closure_fm(x,y), env) <-> 
   3.151 +        tran_closure(**A, nth(x,env), nth(y,env))"
   3.152 +by (simp add: tran_closure_fm_def tran_closure_def)
   3.153 +
   3.154 +lemma tran_closure_iff_sats:
   3.155 +      "[| nth(i,env) = x; nth(j,env) = y; 
   3.156 +          i \<in> nat; j \<in> nat; env \<in> list(A)|]
   3.157 +       ==> tran_closure(**A, x, y) <-> sats(A, tran_closure_fm(i,j), env)"
   3.158 +by simp
   3.159 +
   3.160 +theorem tran_closure_reflection:
   3.161 +     "REFLECTS[\<lambda>x. tran_closure(L,f(x),g(x)), 
   3.162 +               \<lambda>i x. tran_closure(**Lset(i),f(x),g(x))]"
   3.163 +apply (simp only: tran_closure_def setclass_simps)
   3.164 +apply (intro FOL_reflections function_reflections 
   3.165 +             rtran_closure_reflection composition_reflection)
   3.166 +done
   3.167 +
   3.168 +
   3.169 +subsection{*Separation for the Proof of @{text "wellfounded_on_trancl"}*}
   3.170 +
   3.171 +lemma wellfounded_trancl_reflects:
   3.172 +  "REFLECTS[\<lambda>x. \<exists>w[L]. \<exists>wx[L]. \<exists>rp[L]. 
   3.173 +	         w \<in> Z & pair(L,w,x,wx) & tran_closure(L,r,rp) & wx \<in> rp,
   3.174 +   \<lambda>i x. \<exists>w \<in> Lset(i). \<exists>wx \<in> Lset(i). \<exists>rp \<in> Lset(i). 
   3.175 +       w \<in> Z & pair(**Lset(i),w,x,wx) & tran_closure(**Lset(i),r,rp) &
   3.176 +       wx \<in> rp]"
   3.177 +by (intro FOL_reflections function_reflections fun_plus_reflections 
   3.178 +          tran_closure_reflection)
   3.179 +
   3.180 +
   3.181 +lemma wellfounded_trancl_separation:
   3.182 +	 "[| L(r); L(Z) |] ==> 
   3.183 +	  separation (L, \<lambda>x. 
   3.184 +	      \<exists>w[L]. \<exists>wx[L]. \<exists>rp[L]. 
   3.185 +	       w \<in> Z & pair(L,w,x,wx) & tran_closure(L,r,rp) & wx \<in> rp)"
   3.186 +apply (rule separation_CollectI) 
   3.187 +apply (rule_tac A="{r,Z,z}" in subset_LsetE, blast ) 
   3.188 +apply (rule ReflectsE [OF wellfounded_trancl_reflects], assumption)
   3.189 +apply (drule subset_Lset_ltD, assumption) 
   3.190 +apply (erule reflection_imp_L_separation)
   3.191 +  apply (simp_all add: lt_Ord2)
   3.192 +apply (rule DPowI2)
   3.193 +apply (rename_tac u) 
   3.194 +apply (rule bex_iff_sats conj_iff_sats)+
   3.195 +apply (rule_tac env = "[w,u,r,Z]" in mem_iff_sats) 
   3.196 +apply (rule sep_rules tran_closure_iff_sats | simp)+
   3.197 +apply (simp_all add: succ_Un_distrib [symmetric])
   3.198 +done
   3.199 +
   3.200 +subsection{*Well-Founded Recursion!*}
   3.201 +
   3.202 +(* M_is_recfun :: "[i=>o, i, i, [i,i,i]=>o, i] => o"
   3.203 +   "M_is_recfun(M,r,a,MH,f) == 
   3.204 +     \<forall>z[M]. z \<in> f <-> 
   3.205 +            5      4       3       2       1           0
   3.206 +            (\<exists>x[M]. \<exists>y[M]. \<exists>xa[M]. \<exists>sx[M]. \<exists>r_sx[M]. \<exists>f_r_sx[M]. 
   3.207 +	       pair(M,x,y,z) & pair(M,x,a,xa) & upair(M,x,x,sx) &
   3.208 +               pre_image(M,r,sx,r_sx) & restriction(M,f,r_sx,f_r_sx) &
   3.209 +               xa \<in> r & MH(x, f_r_sx, y))"
   3.210 +*)
   3.211 +
   3.212 +constdefs is_recfun_fm :: "[[i,i,i]=>i, i, i, i]=>i"
   3.213 + "is_recfun_fm(p,r,a,f) == 
   3.214 +   Forall(Iff(Member(0,succ(f)),
   3.215 +    Exists(Exists(Exists(Exists(Exists(Exists(
   3.216 +     And(pair_fm(5,4,6),
   3.217 +      And(pair_fm(5,a#+7,3),
   3.218 +       And(upair_fm(5,5,2),
   3.219 +        And(pre_image_fm(r#+7,2,1),
   3.220 +         And(restriction_fm(f#+7,1,0),
   3.221 +          And(Member(3,r#+7), p(5,0,4)))))))))))))))"
   3.222 +
   3.223 +
   3.224 +lemma is_recfun_type_0:
   3.225 +     "[| !!x y z. [| x \<in> nat; y \<in> nat; z \<in> nat |] ==> p(x,y,z) \<in> formula;  
   3.226 +         x \<in> nat; y \<in> nat; z \<in> nat |] 
   3.227 +      ==> is_recfun_fm(p,x,y,z) \<in> formula"
   3.228 +apply (unfold is_recfun_fm_def)
   3.229 +(*FIXME: FIND OUT why simp loops!*)
   3.230 +apply typecheck
   3.231 +by simp 
   3.232 +
   3.233 +lemma is_recfun_type [TC]:
   3.234 +     "[| p(5,0,4) \<in> formula;  
   3.235 +         x \<in> nat; y \<in> nat; z \<in> nat |] 
   3.236 +      ==> is_recfun_fm(p,x,y,z) \<in> formula"
   3.237 +by (simp add: is_recfun_fm_def) 
   3.238 +
   3.239 +lemma arity_is_recfun_fm [simp]:
   3.240 +     "[| arity(p(5,0,4)) le 8; x \<in> nat; y \<in> nat; z \<in> nat |] 
   3.241 +      ==> arity(is_recfun_fm(p,x,y,z)) = succ(x) \<union> succ(y) \<union> succ(z)"
   3.242 +apply (frule lt_nat_in_nat, simp) 
   3.243 +apply (simp add: is_recfun_fm_def succ_Un_distrib [symmetric] ) 
   3.244 +apply (subst subset_Un_iff2 [of "arity(p(5,0,4))", THEN iffD1]) 
   3.245 +apply (rule le_imp_subset) 
   3.246 +apply (erule le_trans, simp) 
   3.247 +apply (simp add: succ_Un_distrib [symmetric] Un_ac) 
   3.248 +done
   3.249 +
   3.250 +lemma sats_is_recfun_fm:
   3.251 +  assumes MH_iff_sats: 
   3.252 +      "!!x y z env. 
   3.253 +	 [| x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
   3.254 +	 ==> MH(nth(x,env), nth(y,env), nth(z,env)) <-> sats(A, p(x,y,z), env)"
   3.255 +  shows 
   3.256 +      "[|x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
   3.257 +       ==> sats(A, is_recfun_fm(p,x,y,z), env) <-> 
   3.258 +           M_is_recfun(**A, nth(x,env), nth(y,env), MH, nth(z,env))"
   3.259 +by (simp add: is_recfun_fm_def M_is_recfun_def MH_iff_sats [THEN iff_sym])
   3.260 +
   3.261 +lemma is_recfun_iff_sats:
   3.262 +  "[| (!!x y z env. [| x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
   3.263 +                    ==> MH(nth(x,env), nth(y,env), nth(z,env)) <->
   3.264 +                        sats(A, p(x,y,z), env));
   3.265 +      nth(i,env) = x; nth(j,env) = y; nth(k,env) = z; 
   3.266 +      i \<in> nat; j \<in> nat; k \<in> nat; env \<in> list(A)|]
   3.267 +   ==> M_is_recfun(**A, x, y, MH, z) <-> sats(A, is_recfun_fm(p,i,j,k), env)" 
   3.268 +by (simp add: sats_is_recfun_fm [of A MH])
   3.269 +
   3.270 +theorem is_recfun_reflection:
   3.271 +  assumes MH_reflection:
   3.272 +    "!!f g h. REFLECTS[\<lambda>x. MH(L, f(x), g(x), h(x)), 
   3.273 +                     \<lambda>i x. MH(**Lset(i), f(x), g(x), h(x))]"
   3.274 +  shows "REFLECTS[\<lambda>x. M_is_recfun(L, f(x), g(x), MH(L), h(x)), 
   3.275 +               \<lambda>i x. M_is_recfun(**Lset(i), f(x), g(x), MH(**Lset(i)), h(x))]"
   3.276 +apply (simp (no_asm_use) only: M_is_recfun_def setclass_simps)
   3.277 +apply (intro FOL_reflections function_reflections 
   3.278 +             restriction_reflection MH_reflection)  
   3.279 +done
   3.280 +
   3.281 +subsection{*Separation for  @{term "wfrank"}*}
   3.282 +
   3.283 +lemma wfrank_Reflects:
   3.284 + "REFLECTS[\<lambda>x. \<forall>rplus[L]. tran_closure(L,r,rplus) -->
   3.285 +              ~ (\<exists>f[L]. M_is_recfun(L, rplus, x, %x f y. is_range(L,f,y), f)),
   3.286 +      \<lambda>i x. \<forall>rplus \<in> Lset(i). tran_closure(**Lset(i),r,rplus) -->
   3.287 +         ~ (\<exists>f \<in> Lset(i). M_is_recfun(**Lset(i), rplus, x, %x f y. is_range(**Lset(i),f,y), f))]"
   3.288 +by (intro FOL_reflections function_reflections is_recfun_reflection tran_closure_reflection)  
   3.289 +
   3.290 +lemma wfrank_separation:
   3.291 +     "L(r) ==>
   3.292 +      separation (L, \<lambda>x. \<forall>rplus[L]. tran_closure(L,r,rplus) -->
   3.293 +         ~ (\<exists>f[L]. M_is_recfun(L, rplus, x, %x f y. is_range(L,f,y), f)))"
   3.294 +apply (rule separation_CollectI) 
   3.295 +apply (rule_tac A="{r,z}" in subset_LsetE, blast ) 
   3.296 +apply (rule ReflectsE [OF wfrank_Reflects], assumption)
   3.297 +apply (drule subset_Lset_ltD, assumption) 
   3.298 +apply (erule reflection_imp_L_separation)
   3.299 +  apply (simp_all add: lt_Ord2, clarify)
   3.300 +apply (rule DPowI2)
   3.301 +apply (rename_tac u)  
   3.302 +apply (rule ball_iff_sats imp_iff_sats)+
   3.303 +apply (rule_tac env="[rplus,u,r]" in tran_closure_iff_sats)
   3.304 +apply (rule sep_rules is_recfun_iff_sats | simp)+
   3.305 +apply (simp_all add: succ_Un_distrib [symmetric])
   3.306 +done
   3.307 +
   3.308 +
   3.309 +subsection{*Replacement for @{term "wfrank"}*}
   3.310 +
   3.311 +lemma wfrank_replacement_Reflects:
   3.312 + "REFLECTS[\<lambda>z. \<exists>x[L]. x \<in> A & 
   3.313 +        (\<forall>rplus[L]. tran_closure(L,r,rplus) -->
   3.314 +         (\<exists>y[L]. \<exists>f[L]. pair(L,x,y,z)  & 
   3.315 +                        M_is_recfun(L, rplus, x, %x f y. is_range(L,f,y), f) &
   3.316 +                        is_range(L,f,y))),
   3.317 + \<lambda>i z. \<exists>x \<in> Lset(i). x \<in> A & 
   3.318 +      (\<forall>rplus \<in> Lset(i). tran_closure(**Lset(i),r,rplus) -->
   3.319 +       (\<exists>y \<in> Lset(i). \<exists>f \<in> Lset(i). pair(**Lset(i),x,y,z)  & 
   3.320 +         M_is_recfun(**Lset(i), rplus, x, %x f y. is_range(**Lset(i),f,y), f) &
   3.321 +         is_range(**Lset(i),f,y)))]"
   3.322 +by (intro FOL_reflections function_reflections fun_plus_reflections
   3.323 +             is_recfun_reflection tran_closure_reflection)
   3.324 +
   3.325 +
   3.326 +lemma wfrank_strong_replacement:
   3.327 +     "L(r) ==>
   3.328 +      strong_replacement(L, \<lambda>x z. 
   3.329 +         \<forall>rplus[L]. tran_closure(L,r,rplus) -->
   3.330 +         (\<exists>y[L]. \<exists>f[L]. pair(L,x,y,z)  & 
   3.331 +                        M_is_recfun(L, rplus, x, %x f y. is_range(L,f,y), f) &
   3.332 +                        is_range(L,f,y)))"
   3.333 +apply (rule strong_replacementI) 
   3.334 +apply (rule rallI)
   3.335 +apply (rename_tac B)  
   3.336 +apply (rule separation_CollectI) 
   3.337 +apply (rule_tac A="{B,r,z}" in subset_LsetE, blast ) 
   3.338 +apply (rule ReflectsE [OF wfrank_replacement_Reflects], assumption)
   3.339 +apply (drule subset_Lset_ltD, assumption) 
   3.340 +apply (erule reflection_imp_L_separation)
   3.341 +  apply (simp_all add: lt_Ord2)
   3.342 +apply (rule DPowI2)
   3.343 +apply (rename_tac u) 
   3.344 +apply (rule bex_iff_sats ball_iff_sats conj_iff_sats)+
   3.345 +apply (rule_tac env = "[x,u,B,r]" in mem_iff_sats) 
   3.346 +apply (rule sep_rules tran_closure_iff_sats is_recfun_iff_sats | simp)+
   3.347 +apply (simp_all add: succ_Un_distrib [symmetric])
   3.348 +done
   3.349 +
   3.350 +
   3.351 +subsection{*Separation for  @{term "wfrank"}*}
   3.352 +
   3.353 +lemma Ord_wfrank_Reflects:
   3.354 + "REFLECTS[\<lambda>x. \<forall>rplus[L]. tran_closure(L,r,rplus) --> 
   3.355 +          ~ (\<forall>f[L]. \<forall>rangef[L]. 
   3.356 +             is_range(L,f,rangef) -->
   3.357 +             M_is_recfun(L, rplus, x, \<lambda>x f y. is_range(L,f,y), f) -->
   3.358 +             ordinal(L,rangef)),
   3.359 +      \<lambda>i x. \<forall>rplus \<in> Lset(i). tran_closure(**Lset(i),r,rplus) --> 
   3.360 +          ~ (\<forall>f \<in> Lset(i). \<forall>rangef \<in> Lset(i). 
   3.361 +             is_range(**Lset(i),f,rangef) -->
   3.362 +             M_is_recfun(**Lset(i), rplus, x, \<lambda>x f y. is_range(**Lset(i),f,y), f) -->
   3.363 +             ordinal(**Lset(i),rangef))]"
   3.364 +by (intro FOL_reflections function_reflections is_recfun_reflection 
   3.365 +          tran_closure_reflection ordinal_reflection)
   3.366 +
   3.367 +lemma  Ord_wfrank_separation:
   3.368 +     "L(r) ==>
   3.369 +      separation (L, \<lambda>x.
   3.370 +         \<forall>rplus[L]. tran_closure(L,r,rplus) --> 
   3.371 +          ~ (\<forall>f[L]. \<forall>rangef[L]. 
   3.372 +             is_range(L,f,rangef) -->
   3.373 +             M_is_recfun(L, rplus, x, \<lambda>x f y. is_range(L,f,y), f) -->
   3.374 +             ordinal(L,rangef)))" 
   3.375 +apply (rule separation_CollectI) 
   3.376 +apply (rule_tac A="{r,z}" in subset_LsetE, blast ) 
   3.377 +apply (rule ReflectsE [OF Ord_wfrank_Reflects], assumption)
   3.378 +apply (drule subset_Lset_ltD, assumption) 
   3.379 +apply (erule reflection_imp_L_separation)
   3.380 +  apply (simp_all add: lt_Ord2, clarify)
   3.381 +apply (rule DPowI2)
   3.382 +apply (rename_tac u)  
   3.383 +apply (rule ball_iff_sats imp_iff_sats)+
   3.384 +apply (rule_tac env="[rplus,u,r]" in tran_closure_iff_sats)
   3.385 +apply (rule sep_rules is_recfun_iff_sats | simp)+
   3.386 +apply (simp_all add: succ_Un_distrib [symmetric])
   3.387 +done
   3.388 +
   3.389 +
   3.390 +end
     4.1 --- a/src/ZF/Constructible/Relative.thy	Thu Jul 11 10:48:30 2002 +0200
     4.2 +++ b/src/ZF/Constructible/Relative.thy	Thu Jul 11 13:43:24 2002 +0200
     4.3 @@ -532,7 +532,7 @@
     4.4  done
     4.5  
     4.6  text{*Probably the premise and conclusion are equivalent*}
     4.7 -lemma (in M_triv_axioms) strong_replacementI [OF rallI]:
     4.8 +lemma (in M_triv_axioms) strong_replacementI [rule_format]:
     4.9      "[| \<forall>A[M]. separation(M, %u. \<exists>x[M]. x\<in>A & P(x,u)) |]
    4.10       ==> strong_replacement(M,P)"
    4.11  apply (simp add: strong_replacement_def, clarify) 
     5.1 --- a/src/ZF/Constructible/WF_absolute.thy	Thu Jul 11 10:48:30 2002 +0200
     5.2 +++ b/src/ZF/Constructible/WF_absolute.thy	Thu Jul 11 13:43:24 2002 +0200
     5.3 @@ -232,21 +232,30 @@
     5.4  rank function.*}
     5.5  
     5.6  
     5.7 -(*NEEDS RELATIVIZATION*)
     5.8  locale M_wfrank = M_trancl +
     5.9    assumes wfrank_separation:
    5.10       "M(r) ==>
    5.11        separation (M, \<lambda>x. 
    5.12 -         ~ (\<exists>f[M]. M_is_recfun(M, r^+, x, %mm x f y. y = range(f), f)))"
    5.13 - and wfrank_strong_replacement':
    5.14 +         \<forall>rplus[M]. tran_closure(M,r,rplus) -->
    5.15 +         ~ (\<exists>f[M]. M_is_recfun(M, rplus, x, %x f y. is_range(M,f,y), f)))"
    5.16 + and wfrank_strong_replacement:
    5.17       "M(r) ==>
    5.18 -      strong_replacement(M, \<lambda>x z. \<exists>y[M]. \<exists>f[M]. 
    5.19 -		  pair(M,x,y,z) & is_recfun(r^+, x, %x f. range(f), f) &
    5.20 -		  y = range(f))"
    5.21 +      strong_replacement(M, \<lambda>x z. 
    5.22 +         \<forall>rplus[M]. tran_closure(M,r,rplus) -->
    5.23 +         (\<exists>y[M]. \<exists>f[M]. pair(M,x,y,z)  & 
    5.24 +                        M_is_recfun(M, rplus, x, %x f y. is_range(M,f,y), f) &
    5.25 +                        is_range(M,f,y)))"
    5.26   and Ord_wfrank_separation:
    5.27       "M(r) ==>
    5.28 -      separation (M, \<lambda>x. ~ (\<forall>f. M(f) \<longrightarrow>
    5.29 -                       is_recfun(r^+, x, \<lambda>x. range, f) \<longrightarrow> Ord(range(f))))" 
    5.30 +      separation (M, \<lambda>x.
    5.31 +         \<forall>rplus[M]. tran_closure(M,r,rplus) --> 
    5.32 +          ~ (\<forall>f[M]. \<forall>rangef[M]. 
    5.33 +             is_range(M,f,rangef) -->
    5.34 +             M_is_recfun(M, rplus, x, \<lambda>x f y. is_range(M,f,y), f) -->
    5.35 +             ordinal(M,rangef)))" 
    5.36 +
    5.37 +text{*Proving that the relativized instances of Separation or Replacement
    5.38 +agree with the "real" ones.*}
    5.39  
    5.40  lemma (in M_wfrank) wfrank_separation':
    5.41       "M(r) ==>
    5.42 @@ -256,6 +265,23 @@
    5.43  apply (simp add: is_recfun_iff_M [of concl: _ _ "%x. range", THEN iff_sym])
    5.44  done
    5.45  
    5.46 +lemma (in M_wfrank) wfrank_strong_replacement':
    5.47 +     "M(r) ==>
    5.48 +      strong_replacement(M, \<lambda>x z. \<exists>y[M]. \<exists>f[M]. 
    5.49 +		  pair(M,x,y,z) & is_recfun(r^+, x, %x f. range(f), f) &
    5.50 +		  y = range(f))"
    5.51 +apply (insert wfrank_strong_replacement [of r])
    5.52 +apply (simp add: is_recfun_iff_M [of concl: _ _ "%x. range", THEN iff_sym])
    5.53 +done
    5.54 +
    5.55 +lemma (in M_wfrank) Ord_wfrank_separation':
    5.56 +     "M(r) ==>
    5.57 +      separation (M, \<lambda>x. 
    5.58 +         ~ (\<forall>f[M]. is_recfun(r^+, x, \<lambda>x. range, f) --> Ord(range(f))))" 
    5.59 +apply (insert Ord_wfrank_separation [of r])
    5.60 +apply (simp add: is_recfun_iff_M [of concl: _ _ "%x. range", THEN iff_sym])
    5.61 +done
    5.62 +
    5.63  text{*This function, defined using replacement, is a rank function for
    5.64  well-founded relations within the class M.*}
    5.65  constdefs
    5.66 @@ -290,11 +316,11 @@
    5.67  
    5.68  lemma (in M_wfrank) Ord_wfrank_range [rule_format]:
    5.69      "[| wellfounded(M,r); a\<in>A; M(r); M(A) |]
    5.70 -     ==> \<forall>f. M(f) --> is_recfun(r^+, a, %x f. range(f), f) --> Ord(range(f))"
    5.71 +     ==> \<forall>f[M]. is_recfun(r^+, a, %x f. range(f), f) --> Ord(range(f))"
    5.72  apply (drule wellfounded_trancl, assumption)
    5.73  apply (rule wellfounded_induct, assumption+)
    5.74    apply simp
    5.75 - apply (blast intro: Ord_wfrank_separation, clarify)
    5.76 + apply (blast intro: Ord_wfrank_separation', clarify)
    5.77  txt{*The reasoning in both cases is that we get @{term y} such that
    5.78     @{term "\<langle>y, x\<rangle> \<in> r^+"}.  We find that
    5.79     @{term "f`y = restrict(f, r^+ -`` {y})"}. *}
    5.80 @@ -314,7 +340,8 @@
    5.81      apply (simp add: trans_trancl trancl_subset_times)+
    5.82  apply (drule spec [THEN mp], assumption)
    5.83  apply (subgoal_tac "M(restrict(f, r^+ -`` {y}))")
    5.84 - apply (drule_tac x="restrict(f, r^+ -`` {y})" in spec)
    5.85 + apply (drule_tac x="restrict(f, r^+ -`` {y})" in rspec)
    5.86 +apply assumption
    5.87   apply (simp add: function_apply_equality [OF _ is_recfun_imp_function])
    5.88  apply (blast dest: pair_components_in_M)
    5.89  done
     6.1 --- a/src/ZF/Constructible/WFrec.thy	Thu Jul 11 10:48:30 2002 +0200
     6.2 +++ b/src/ZF/Constructible/WFrec.thy	Thu Jul 11 13:43:24 2002 +0200
     6.3 @@ -275,17 +275,17 @@
     6.4  done
     6.5  
     6.6  constdefs
     6.7 - M_is_recfun :: "[i=>o, i, i, [i=>o,i,i,i]=>o, i] => o"
     6.8 + M_is_recfun :: "[i=>o, i, i, [i,i,i]=>o, i] => o"
     6.9     "M_is_recfun(M,r,a,MH,f) == 
    6.10       \<forall>z[M]. z \<in> f <-> 
    6.11              (\<exists>x[M]. \<exists>y[M]. \<exists>xa[M]. \<exists>sx[M]. \<exists>r_sx[M]. \<exists>f_r_sx[M]. 
    6.12  	       pair(M,x,y,z) & pair(M,x,a,xa) & upair(M,x,x,sx) &
    6.13                 pre_image(M,r,sx,r_sx) & restriction(M,f,r_sx,f_r_sx) &
    6.14 -               xa \<in> r & MH(M, x, f_r_sx, y))"
    6.15 +               xa \<in> r & MH(x, f_r_sx, y))"
    6.16  
    6.17  lemma (in M_axioms) is_recfun_iff_M:
    6.18       "[| M(r); M(a); M(f); \<forall>x[M]. \<forall>g[M]. function(g) --> M(H(x,g));
    6.19 -       \<forall>x g y. M(x) --> M(g) --> M(y) --> MH(M,x,g,y) <-> y = H(x,g) |] ==>
    6.20 +       \<forall>x g y. M(x) --> M(g) --> M(y) --> MH(x,g,y) <-> y = H(x,g) |] ==>
    6.21         is_recfun(r,a,H,f) <-> M_is_recfun(M,r,a,MH,f)"
    6.22  apply (simp add: M_is_recfun_def is_recfun_relativize)
    6.23  apply (rule rall_cong)
    6.24 @@ -294,7 +294,7 @@
    6.25  
    6.26  lemma M_is_recfun_cong [cong]:
    6.27       "[| r = r'; a = a'; f = f'; 
    6.28 -       !!x g y. [| M(x); M(g); M(y) |] ==> MH(M,x,g,y) <-> MH'(M,x,g,y) |]
    6.29 +       !!x g y. [| M(x); M(g); M(y) |] ==> MH(x,g,y) <-> MH'(x,g,y) |]
    6.30        ==> M_is_recfun(M,r,a,MH,f) <-> M_is_recfun(M,r',a',MH',f')"
    6.31  by (simp add: M_is_recfun_def) 
    6.32  
    6.33 @@ -309,7 +309,7 @@
    6.34         (\<forall>sj msj. M(sj) --> M(msj) --> 
    6.35                   successor(M,j,sj) --> membership(M,sj,msj) --> 
    6.36  	         M_is_recfun(M, msj, x, 
    6.37 -		     %M x g y. \<exists>gx. M(gx) & image(M,g,x,gx) & union(M,i,gx,y),
    6.38 +		     %x g y. \<exists>gx[M]. image(M,g,x,gx) & union(M,i,gx,y),
    6.39  		     f))"
    6.40  
    6.41   is_oadd :: "[i=>o,i,i,i] => o"